summaryrefslogtreecommitdiff
path: root/MIBS/comware/HH3C-ACL-MIB
diff options
context:
space:
mode:
authorDavid Leutgeb <david.leutgeb@mannundmouse.com>2023-12-05 12:25:34 +0100
committerDavid Leutgeb <david.leutgeb@mannundmouse.com>2023-12-05 12:25:34 +0100
commit98a672123c7872f6b9b75a9a2b6bb3aea504de6a (patch)
tree9b13bd7f563c3198047bd359195327cf28b3caf0 /MIBS/comware/HH3C-ACL-MIB
downloadmibs-98a672123c7872f6b9b75a9a2b6bb3aea504de6a.tar.gz
mibs-98a672123c7872f6b9b75a9a2b6bb3aea504de6a.zip
Initial commitHEADmain
Diffstat (limited to 'MIBS/comware/HH3C-ACL-MIB')
-rw-r--r--MIBS/comware/HH3C-ACL-MIB7340
1 files changed, 7340 insertions, 0 deletions
diff --git a/MIBS/comware/HH3C-ACL-MIB b/MIBS/comware/HH3C-ACL-MIB
new file mode 100644
index 0000000..4bae762
--- /dev/null
+++ b/MIBS/comware/HH3C-ACL-MIB
@@ -0,0 +1,7340 @@
+-- ============================================================================
+-- Copyright (c) 2004-2015 New H3C Tech. Co., Ltd. All rights reserved.
+--
+-- Description:
+-- Reference:
+-- Version: V3.4
+-- History:
+-- V1.0 created by yuhui.
+-- V2.0 2004-10-12 updated by gaolong
+-- Define MODULE-IDENTITY for hh3cAcl
+-- Remove chinese characters
+-- Add limitation(0..65535) for some table index
+-- Fix a default value error of hh3cAclAdvancedEstablish
+-- V2.1 2004-11-18 updated by yubo
+-- Add 'hh3cAclIDSTable' for IDS
+-- V2.2 2004-12-13
+-- Fix syntax bugs and adjust format of the whole file by jinyi
+-- Modify description of hh3cAclAdvancedDscp by zhuangyu
+-- V2.3 2005-1-26 updated by WuZhao02557
+-- Change MAX-ACCESS from read-create to not-accessible for the
+-- following MIB nodes:
+-- hh3cAclNumGroupAclNum, hh3cAclNameGroupIndex, hh3cAclBasicAclNum,
+-- hh3cAclBasicSubitem, hh3cAclAdvancedAclNum, hh3cAclAdvancedSubitem
+-- hh3cAclIfAclNum, hh3cAclIfSubitem, hh3cAclLinkAclNum, hh3cAclLinkSubitem
+-- hh3cAclUserAclNum, hh3cAclUserSubitem, hh3cAclActiveAclIndex,
+-- hh3cAclActiveIfIndex, hh3cAclActiveVlanID, hh3cAclActiveDirection
+-- Adjust format of whole file.
+-- 2005-01-27 updated by zhangyinxi
+-- 1. Add objects hh3cAclLinkL2LabelRangeOp, hh3cAclLinkL2LabelRangeBegin
+-- hh3cAclLinkL2LabelRangeEnd and hh3cAclLinkMplsExp in hh3cAclLinkTable
+-- 2. Add an enumeration mpls(34887) to object hh3cAclLinkProtocol
+-- 3. Expand the range of object hh3cAclActiveVlanID to Integer32
+-- V2.4 2005-2-24
+-- Make the index of hh3cAclIDSTable IMPLIED by fuzhenyu because IDS devices
+-- require fixed length index to be used. IDS devices only provide index
+-- with no sub-identifier indicating the length of the string.
+-- Modify enum name(value is 4) of hh3cAclLinkFormatType to ieee802Dot3 by daishijun
+-- V2.5 2005-7-25
+-- Add objects hh3cAclMib2Mode, hh3cAclVersion, hh3cAclMib2ObjectsCapabilities,
+-- hh3cAclIPAclNumGroupTable, hh3cAclIPAclBasicTable, hh3cAclIPAclAdvancedTable,
+-- hh3cAclMACTable, hh3cAclEnUserTable by tangshun.
+-- V2.6 2006-01-03
+-- Add objects hh3cAclIPAclBasicComment, hh3cAclIPAclAdvancedComment,
+-- hh3cAclMACComment, hh3cAclEnUserComment by tangshun.
+-- V2.7 2006-03-09 updated by changhuifeng
+-- Add object hh3cAclIPAclAdvancedReflective in hh3cAclIPAclAdvancedTable.
+-- Modify the description of object hh3cAclIPAclAdvancedFragmentFlag.
+-- Modify the description of object hh3cAclMib2Version.
+-- Modify the description of object hh3cAclLinkDestAny for text error.
+-- Modify the description of object hh3cAclMib2CharacteristicsValue.
+-- V2.8 2006-07-06 updated by xialei
+-- Modify the description of hh3cAclIPAclAdvancedIcmpType
+-- and hh3cAclIPAclAdvancedIcmpCode.
+-- Change value range of hh3cAclIPAclAdvancedIcmpCode.
+-- V2.9 2006-08-08 updated by chenzhaojie
+-- Add enumeration value to hh3cAclActiveDirection.
+-- V3.0 2010-09-01 updated by zhaixiaoxiang
+-- Add hh3cAclResourceUsageTable.
+-- V3.1 2012-02-06 updated by wangchenxiao
+-- Add hh3cPacketfilterTrapObjects
+-- Add hh3cPacketfilterTrap
+-- 2012-02-14 updated by mouxuanli
+-- Add hh3cAclMib2ProcessingStatus of object hh3cAclMib2NodesGroup
+-- Add hh3cAclNumberGroupName of object hh3cAclNumberGroupTable
+-- Add hh3cAclIPAclBasicCounting of object hh3cAclIPAclBasicTable
+-- Add hh3cAclIPAclBasicRouteTypeAny of object hh3cAclIPAclBasicTable
+-- Add hh3cAclIPAclBasicRouteTypeValue of object hh3cAclIPAclBasicTable
+-- Add hh3cAclIPAclAdvancedCounting of object hh3cAclIPAclAdvancedTable
+-- Add hh3cAclIPAclAdvancedTCPFlagMask of object hh3cAclIPAclAdvancedTable
+-- Add hh3cAclIPAclAdvancedTCPFlagValue of object hh3cAclIPAclAdvancedTable
+-- Add hh3cAclIPAclAdvancedRouteTypeAny of object hh3cAclIPAclAdvancedTable
+-- Add hh3cAclIPAclAdvancedRouteTypeValue of object hh3cAclIPAclAdvancedTable
+-- Add hh3cAclIPAclAdvancedFlowLabel of object hh3cAclIPAclAdvancedTable
+-- Add hh3cAclMACLog of object hh3cAclMACTable
+-- Add hh3cAclMACCounting of object hh3cAclMACTable
+-- Add hh3cAclEnUserLog of object hh3cAclEnUserTable
+-- Add hh3cAclEnUserCounting of object hh3cAclEnUserTable
+-- Modify the description of hh3cAclResourceType
+-- Add hh3cAclResourceTypeDescription of object hh3cAclResourceUsageTable
+-- Add hh3cAclPacketFilterObjects
+-- V3.2 2012-11-30 updated by gaoyu
+-- Add hh3cPfilterRunApplyObjType of object hh3cPfilterAclGroupRunInfoTable
+-- Add hh3cPfilterRunApplyObjIndex of object hh3cPfilterAclGroupRunInfoTable
+-- Add hh3cPfilterRunApplyDirection of object hh3cPfilterAclGroupRunInfoTable
+-- Add hh3cPfilterRunApplyAclType of object hh3cPfilterAclGroupRunInfoTable
+-- Add hh3cPfilterRunApplyAclIndex of object hh3cPfilterAclGroupRunInfoTable
+-- modify the hh3cPfilterRunApplyObjType of object hh3cPfilterAclRuleRunInfoTable
+-- modify the hh3cPfilterRunApplyObjIndex of object hh3cPfilterAclRuleRunInfoTable
+-- modify the hh3cPfilterRunApplyDirection of object hh3cPfilterAclRuleRunInfoTable
+-- modify the hh3cPfilterRunApplyAclType of object hh3cPfilterAclRuleRunInfoTable
+-- modify the hh3cPfilterRunApplyAclIndex of object hh3cPfilterAclRuleRunInfoTable
+-- V3.3 2013-11-30 updated by gaoyu
+-- Add hh3cAclNamedGroupTable to object hh3cAclMib2GlobalGroup
+-- Add hh3cAclIPAclNamedBscTable to object hh3cAclIPAclGroup
+-- Add hh3cAclIPAclNamedAdvTable to object hh3cAclIPAclGroup
+-- Add hh3cAclNamedMACTable to object hh3cAclMACAclGroup
+-- Add hh3cAclIntervalGroup to object hh3cAclMib2Objects
+-- Modify hh3cPfilterApplyAclType of object hh3cPfilterApplyTable
+-- Modify hh3cPfilterRunApplyAclType of object hh3cPfilterAclGroupRunInfoTable
+-- Modify hh3cPfilterSumAclType of object hh3cPfilterStatisticSumTable
+-- Add hh3cPfilter2ApplyTable to object hh3cAclPacketFilterObjects
+-- Add hh3cPfilter2AclGroupRunInfoTable to object hh3cAclPacketFilterObjects
+-- Add hh3cPfilter2AclRuleRunInfoTable to object hh3cAclPacketFilterObjects
+-- Add hh3cPfilter2StatisticSumTable to object hh3cAclPacketFilterObjects
+-- Add hh3cAclPacketIfName to object hh3cAclPacketfilterTrapObjects
+-- Add hh3cAclPacketDirection to object hh3cAclPacketfilterTrapObjects
+-- Add hh3cAclPacketBAGG to object hh3cAclPacketfilterTrapObjects
+-- Add hh3cAclPacketVlanID to object hh3cAclPacketfilterTrapObjects
+-- Add hh3cAclPacketSrcIP to object hh3cAclPacketfilterTrapObjects
+-- Add hh3cAclPacketDstIP to object hh3cAclPacketfilterTrapObjects
+-- Add hh3cAclPacketProtocol to object hh3cAclPacketfilterTrapObjects
+-- Add hh3cAclPacketDscp to object hh3cAclPacketfilterTrapObjects
+-- Add hh3cAclPacketFlowLabel to object hh3cAclPacketfilterTrapObjects
+-- Add hh3cAclPacketIcmpIgmpType to object hh3cAclPacketfilterTrapObjects
+-- Add hh3cAclPacketIcmpIgmpCode to object hh3cAclPacketfilterTrapObjects
+-- Add hh3cAclPacketTcpFlags to object hh3cAclPacketfilterTrapObjects
+-- Add hh3cAclPacketSrcPort to object hh3cAclPacketfilterTrapObjects
+-- Add hh3cAclPacketDstPort to object hh3cAclPacketfilterTrapObjects
+-- Add hh3cAclPacketSrcMacAddr to object hh3cAclPacketfilterTrapObjects
+-- Add hh3cAclPacketDstMacAddr to object hh3cAclPacketfilterTrapObjects
+-- Add hh3cAclPacketMacTypeLen to object hh3cAclPacketfilterTrapObjects
+-- Add hh3cAclPacketVlanPCP to object hh3cAclPacketfilterTrapObjects
+-- Add hh3cAclRuleMatchCount to object hh3cPfilterTrapPrefix
+-- Add hh3cAclFirstIPv4PktCaptured to object hh3cPfilterTrapPrefix
+-- Add hh3cAclFirstIPv6PktCaptured to object hh3cPfilterTrapPrefix
+-- Add hh3cAclFirstEthernetPktCaptured to object hh3cPfilterTrapPrefix
+-- 2014-2-20 updated by gaoyu
+-- Add hh3cAclNamedUserTable to object hh3cAclEnUserAclGroup
+-- 2014-07-08 updated by gaoyu
+-- Add hh3cAclIPAclAdvancedSrcSuffix to object hh3cAclIPAclAdvancedTable
+-- Add hh3cAclIPAclAdvancedDestSuffix to object hh3cAclIPAclAdvancedTable
+-- Add hh3cAclIPAclNamedAdvSrcSuffix to object hh3cAclIPAclNamedAdvTable
+-- Add hh3cAclIPAclNamedAdvDstSuffix to object hh3cAclIPAclNamedAdvTable
+-- V3.4 2014-10-20 updated by gaoyu
+-- Add hh3cAclMib2ResourceThreshold to object hh3cAclMib2NodesGroup
+-- Add hh3cAclMib2ResourceLogInterval to object hh3cAclMib2NodesGroup
+-- Add hh3cAclResourceTypeName to object hh3cAclTrapObjects
+-- Add hh3cAclResourceUsage to object hh3cAclTrapObjects
+-- Add hh3cAclResourceUsedEntries to object hh3cAclTrapObjects
+-- Add hh3cAclResourceTotalEntries to object hh3cAclTrapObjects
+-- Add hh3cAclResourceChassisID to object hh3cAclTrapObjects
+-- Add hh3cAclResourceSlotID to object hh3cAclTrapObjects
+-- Add hh3cAclResourceTrap to object hh3cAclTrapPrefix
+-- ============================================================================
+HH3C-ACL-MIB DEFINITIONS ::= BEGIN
+
+ IMPORTS
+ hh3cCommon
+ FROM HH3C-OID-MIB
+ IpAddress, Integer32, Counter32, OBJECT-TYPE, MODULE-IDENTITY,
+ NOTIFICATION-TYPE, Unsigned32, Counter64
+ FROM SNMPv2-SMI
+ InetAddressType, InetAddress, InetAddressPrefixLength
+ FROM INET-ADDRESS-MIB
+ RowStatus, TruthValue, MacAddress, TEXTUAL-CONVENTION
+ FROM SNMPv2-TC;
+
+--
+-- Node definitions
+--
+
+ hh3cAcl MODULE-IDENTITY
+ LAST-UPDATED "201410201000Z" -- Oct 20, 2014 at 10:00 GMT
+ ORGANIZATION
+ "New H3C Technologies Co., Ltd."
+ CONTACT-INFO
+ "Platform Team New H3C Technologies Co., Ltd.
+ Hai-Dian District Beijing P.R. China
+ http://www.h3c.com
+ Zip:100085
+ "
+ DESCRIPTION
+ "ACL management information base for managing devices
+ that support access control list and packet filtering.
+ "
+ REVISION "201410201000Z" -- Oct 22, 2014 at 10:00 GMT
+ DESCRIPTION
+ "Added 2 ndoes to configure TCAM function and 6 nodes to show trap info."
+ ::= { hh3cCommon 8 }
+
+-- Rule action value
+ RuleAction ::= TEXTUAL-CONVENTION
+ STATUS current
+ DESCRIPTION
+ "The value of rule's action.
+ permit: The packet matching the rule will be permitted to forward.
+ deny: The packet matching the rule will be denied.
+ "
+ SYNTAX INTEGER
+ {
+ invalid(1),
+ permit(2),
+ deny(3)
+ }
+
+-- CounterClear value
+ CounterClear ::= TEXTUAL-CONVENTION
+ STATUS current
+ DESCRIPTION
+ "cleared: Reset the value of the rule's counter.
+ nouse: 'nouse' will be returned when getting.
+ "
+ SYNTAX INTEGER
+ {
+ cleared(1),
+ nouse(2)
+ }
+
+-- PortOp value
+ PortOp ::= TEXTUAL-CONVENTION
+ STATUS current
+ DESCRIPTION
+ "The operation type of TCP and UDP.
+ lt : Less than given port number.
+ eq : Equal to given port number.
+ gt : Greater than given port number.
+ neq : Not equal to given port number.
+ range : Between two port numbers.
+ Default value is 'invalid'.
+ "
+ SYNTAX INTEGER
+ {
+ invalid(0),
+ lt(1),
+ eq(2),
+ gt(3),
+ neq(4),
+ range(5)
+ }
+
+-- DSCP value
+ DSCPValue ::= TEXTUAL-CONVENTION
+ DISPLAY-HINT "d"
+ STATUS current
+ DESCRIPTION
+ "The value of DSCP.
+ <0-63> Value of DSCP
+ af11 Specify Assured Forwarding 11 service(10)
+ af12 Specify Assured Forwarding 12 service(12)
+ af13 Specify Assured Forwarding 13 service(14)
+ af21 Specify Assured Forwarding 21 service(18)
+ af22 Specify Assured Forwarding 22 service(20)
+ af23 Specify Assured Forwarding 23 service(22)
+ af31 Specify Assured Forwarding 31 service(26)
+ af32 Specify Assured Forwarding 32 service(28)
+ af33 Specify Assured Forwarding 33 service(30)
+ af41 Specify Assured Forwarding 41 service(34)
+ af42 Specify Assured Forwarding 42 service(36)
+ af43 Specify Assured Forwarding 43 service(38)
+ be Specify Best Effort service(0)
+ cs1 Specify Class Selector 1 service(8)
+ cs2 Specify Class Selector 2 service(16)
+ cs3 Specify Class Selector 3 service(24)
+ cs4 Specify Class Selector 4 service(32)
+ cs5 Specify Class Selector 5 service(40)
+ cs6 Specify Class Selector 6 service(48)
+ cs7 Specify Class Selector 7 service(56)
+ ef Specify Expedited Forwarding service(46)
+ "
+ SYNTAX Integer32 (0..63|255)
+
+-- TCP Flags
+ TCPFlag ::= TEXTUAL-CONVENTION
+ STATUS current
+ DESCRIPTION
+ "Type of TCP.
+ invalid(0)
+ tcpack(1) TCP protocol ACK Packet
+ tcpfin(2) TCP protocol PIN Packet
+ tcppsh(3) TCP protocol PUSH Packet
+ tcprst(4) TCP protocol RST Packet
+ tcpsyn(5) TCP protocol SYN Packet
+ tcpurg(6) TCP protocol URG Packet
+ Default value is 'invalid'.
+ "
+ SYNTAX INTEGER
+ {
+ invalid(0),
+ tcpack(1),
+ tcpfin(2),
+ tcppsh(3),
+ tcprst(4),
+ tcpsyn(5),
+ tcpurg(6)
+ }
+
+-- Fragment Flags
+ FragmentFlag ::= TEXTUAL-CONVENTION
+ STATUS current
+ DESCRIPTION
+ "Type of fragment.
+ invalid(0)
+ fragment(1) Frag-Type Fragment
+ fragmentSubseq(2) Frag-Type Fragment-subsequent
+ nonFragment(3) Frag-Type non-Fragment
+ nonSubseq(4) Frag-Type non-subsequent
+ Default value is 'invalid'.
+ "
+ SYNTAX INTEGER
+ {
+ invalid(0),
+ fragment(1),
+ fragmentSubseq(2),
+ nonFragment(3),
+ nonSubseq(4)
+ }
+
+-- Address Flags
+ AddressFlag ::= TEXTUAL-CONVENTION
+ STATUS current
+ DESCRIPTION
+ "Address flag to select IPv6 Address.
+ Default value is 'invalid'.
+
+ t64SrcAddrPre64DestAddrPre(1):
+ The mean of the enumeration 't64SrcAddrPre64DestAddrPre' is
+ that system gets the 64 bits prefix of source address and
+ the 64 bits prefix of destination address.
+
+ t64SrcAddrPre64DestAddrSuf(2):
+ The mean of the enumeration 't64SrcAddrPre64DestAddrSuf' is
+ that system gets the 64 bits prefix of source address and
+ the 64 bits suffix of destination address.
+
+ t64SrcAddrSuf64DestAddrPre(3):
+ The mean of the enumeration 't64SrcAddrSuf64DestAddrPre' is
+ that system gets the 64 bits suffix of source address and
+ the 64 bits prefix of destination address.
+
+ t64SrcAddrSuf64DestAddrSuf(4):
+ The mean of the enumeration 't64SrcAddrSuf64DestAddrSuf' is
+ that system gets the 64 bits suffix of source address and
+ the 64 bits suffix of destination address.
+
+ t128SourceAddress(5):
+ The mean of the enumeration 't128SourceAddress' is that
+ system gets the 128 bits of source address.
+
+ t128DestinationAddress(6):
+ The mean of the enumeration 't128SourceAddress' is that
+ system gets the 128 bits of destination address.
+ "
+ SYNTAX INTEGER
+ {
+ invalid(0),
+ t64SrcAddrPre64DestAddrPre(1),
+ t64SrcAddrPre64DestAddrSuf(2),
+ t64SrcAddrSuf64DestAddrPre(3),
+ t64SrcAddrSuf64DestAddrSuf(4),
+ t128SourceAddress(5),
+ t128DestinationAddress(6)
+ }
+
+-- Direction type
+ DirectionType ::= TEXTUAL-CONVENTION
+ STATUS current
+ DESCRIPTION
+ "The direction: inbound or outbound."
+ SYNTAX INTEGER
+ {
+ inbound(1),
+ outbound(2)
+ }
+
+--
+-- nodes defined
+--
+ hh3cAclMibObjects OBJECT IDENTIFIER ::= { hh3cAcl 1 }
+
+ hh3cAclMode OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ linkBased(1),
+ ipBased(2)
+ }
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "Access-list mode."
+ DEFVAL { ipBased }
+ ::= { hh3cAclMibObjects 1 }
+
+--
+-- Node of hh3cAclNumGroupTable
+--
+ hh3cAclNumGroupTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cAclNumGroupEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Configure the match-order of number-acl group."
+ ::= { hh3cAclMibObjects 2 }
+
+ hh3cAclNumGroupEntry OBJECT-TYPE
+ SYNTAX Hh3cAclNumGroupEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Define the index of hh3cAclNumGroupTable."
+ INDEX { hh3cAclNumGroupAclNum }
+ ::= { hh3cAclNumGroupTable 1 }
+
+ Hh3cAclNumGroupEntry ::=
+ SEQUENCE
+ {
+ hh3cAclNumGroupAclNum
+ Integer32,
+ hh3cAclNumGroupMatchOrder
+ INTEGER,
+ hh3cAclNumGroupSubitemNum
+ Integer32,
+ hh3cAclNumGroupDescription
+ OCTET STRING,
+ hh3cAclNumGroupCountClear
+ INTEGER,
+ hh3cAclNumGroupRowStatus
+ RowStatus
+ }
+
+ hh3cAclNumGroupAclNum OBJECT-TYPE
+ SYNTAX Integer32 (1000..5999)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The index of number-acl group
+ Interface type:1000..1999
+ Basic type:2000..2999
+ Advance type:3000..3999
+ Link type:4000..4999
+ User type:5000..5999"
+ ::= { hh3cAclNumGroupEntry 1 }
+
+ hh3cAclNumGroupMatchOrder OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ config(1),
+ auto(2)
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The match-order of number-acl group."
+ DEFVAL { config }
+ ::= { hh3cAclNumGroupEntry 2 }
+
+ hh3cAclNumGroupSubitemNum OBJECT-TYPE
+ SYNTAX Integer32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of number-acl group's node."
+ ::= { hh3cAclNumGroupEntry 3 }
+
+ hh3cAclNumGroupDescription OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..127))
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "The description of this acl group."
+ ::= { hh3cAclNumGroupEntry 4 }
+
+ hh3cAclNumGroupCountClear OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ cleared(1),
+ nouse(2)
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Reset the value of rules' counter, which belong to this group."
+ ::= { hh3cAclNumGroupEntry 5 }
+
+ hh3cAclNumGroupRowStatus OBJECT-TYPE
+ SYNTAX RowStatus
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "RowStatus, now support three state: CreateAndGo, Active, Destroy."
+ ::= { hh3cAclNumGroupEntry 6 }
+
+--
+-- Node of hh3cAclNameGroupTable
+--
+ hh3cAclNameGroupTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cAclNameGroupEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Create acl-group that identified by name."
+ ::= { hh3cAclMibObjects 3 }
+
+ hh3cAclNameGroupEntry OBJECT-TYPE
+ SYNTAX Hh3cAclNameGroupEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Define the index of hh3cAclNameGroupTable."
+ INDEX { hh3cAclNameGroupIndex }
+ ::= { hh3cAclNameGroupTable 1 }
+
+ Hh3cAclNameGroupEntry ::=
+ SEQUENCE {
+ hh3cAclNameGroupIndex
+ Integer32,
+ hh3cAclNameGroupCreateName
+ OCTET STRING,
+ hh3cAclNameGroupTypes
+ INTEGER,
+ hh3cAclNameGroupMatchOrder
+ INTEGER,
+ hh3cAclNameGroupSubitemNum
+ Integer32,
+ hh3cAclNameGroupRowStatus
+ RowStatus
+ }
+
+ hh3cAclNameGroupIndex OBJECT-TYPE
+ SYNTAX Integer32 (10000..12999)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The index of name-acl group."
+ ::= { hh3cAclNameGroupEntry 1 }
+
+ hh3cAclNameGroupCreateName OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE (0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The name of name-acl group."
+ ::= { hh3cAclNameGroupEntry 2 }
+
+ hh3cAclNameGroupTypes OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ basic(1),
+ advanced(2),
+ ifBased(3),
+ link(4),
+ user(5)
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The type of name-acl group."
+ ::= { hh3cAclNameGroupEntry 3 }
+
+ hh3cAclNameGroupMatchOrder OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ config(1),
+ auto(2)
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The match-order of name-acl group."
+ DEFVAL { config }
+ ::= { hh3cAclNameGroupEntry 4 }
+
+ hh3cAclNameGroupSubitemNum OBJECT-TYPE
+ SYNTAX Integer32 (0..128)
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of name-acl group's node."
+ ::= { hh3cAclNameGroupEntry 5 }
+
+ hh3cAclNameGroupRowStatus OBJECT-TYPE
+ SYNTAX RowStatus
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "RowStatus, now support three state: CreateAndGo, Active, Destroy."
+ ::= { hh3cAclNameGroupEntry 6 }
+
+--
+-- hh3cAclBasicRuleTable
+--
+ hh3cAclBasicRuleTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cAclBasicRuleEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Configure the rule for basic acl group."
+ ::= { hh3cAclMibObjects 4 }
+
+ hh3cAclBasicRuleEntry OBJECT-TYPE
+ SYNTAX Hh3cAclBasicRuleEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Define the index of hh3cAclBasicRuleTable."
+ INDEX { hh3cAclBasicAclNum, hh3cAclBasicSubitem }
+ ::= { hh3cAclBasicRuleTable 1 }
+
+ Hh3cAclBasicRuleEntry ::=
+ SEQUENCE {
+ hh3cAclBasicAclNum
+ Integer32,
+ hh3cAclBasicSubitem
+ Integer32,
+ hh3cAclBasicAct
+ INTEGER,
+ hh3cAclBasicSrcIp
+ IpAddress,
+ hh3cAclBasicSrcWild
+ IpAddress,
+ hh3cAclBasicTimeRangeName
+ OCTET STRING,
+ hh3cAclBasicFragments
+ TruthValue,
+ hh3cAclBasicLog
+ TruthValue,
+ hh3cAclBasicEnable
+ TruthValue,
+ hh3cAclBasicCount
+ Counter32,
+ hh3cAclBasicCountClear
+ INTEGER,
+ hh3cAclBasicRowStatus
+ RowStatus
+ }
+
+ hh3cAclBasicAclNum OBJECT-TYPE
+ SYNTAX Integer32 (0|2000..2999|10000..12999)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The index of basic acl group."
+ ::= { hh3cAclBasicRuleEntry 1 }
+
+ hh3cAclBasicSubitem OBJECT-TYPE
+ SYNTAX Integer32 (0..65535)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The subindex of basic acl group."
+ ::= { hh3cAclBasicRuleEntry 2 }
+
+ hh3cAclBasicAct OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ permit(1),
+ deny(2)
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The action of basic acl rule."
+ ::= { hh3cAclBasicRuleEntry 3 }
+
+ hh3cAclBasicSrcIp OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Source IP-address of basic acl rule."
+ ::= { hh3cAclBasicRuleEntry 4 }
+
+ hh3cAclBasicSrcWild OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Source IP-address wild of basic acl rule."
+ ::= { hh3cAclBasicRuleEntry 5 }
+
+ hh3cAclBasicTimeRangeName OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE (0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The Time-range of basic acl rule."
+ ::= { hh3cAclBasicRuleEntry 6 }
+
+ hh3cAclBasicFragments OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The flag of matching fragmented packet."
+ ::= { hh3cAclBasicRuleEntry 7 }
+
+ hh3cAclBasicLog OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The flag of log."
+ ::= { hh3cAclBasicRuleEntry 8 }
+
+ hh3cAclBasicEnable OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The rule is active or not.
+ true : active
+ false : inactive
+ "
+ ::= { hh3cAclBasicRuleEntry 9 }
+
+ hh3cAclBasicCount OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The count of matched by basic rule."
+ ::= { hh3cAclBasicRuleEntry 10 }
+
+ hh3cAclBasicCountClear OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ cleared(1),
+ nouse(2)
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Reset the value of counter."
+ ::= { hh3cAclBasicRuleEntry 11 }
+
+ hh3cAclBasicRowStatus OBJECT-TYPE
+ SYNTAX RowStatus
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "RowStatus, now support three state: CreateAndGo, Active, Destroy."
+ ::= { hh3cAclBasicRuleEntry 12 }
+
+--
+-- hh3cAclAdvancedRuleTable
+--
+ hh3cAclAdvancedRuleTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cAclAdvancedRuleEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Configure the rule for advanced acl group."
+ ::= { hh3cAclMibObjects 5 }
+
+ hh3cAclAdvancedRuleEntry OBJECT-TYPE
+ SYNTAX Hh3cAclAdvancedRuleEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Define the index of hh3cAclAdvancedRuleTable."
+ INDEX { hh3cAclAdvancedAclNum, hh3cAclAdvancedSubitem }
+ ::= { hh3cAclAdvancedRuleTable 1 }
+
+ Hh3cAclAdvancedRuleEntry ::=
+ SEQUENCE {
+ hh3cAclAdvancedAclNum
+ Integer32,
+ hh3cAclAdvancedSubitem
+ Integer32,
+ hh3cAclAdvancedAct
+ INTEGER,
+ hh3cAclAdvancedProtocol
+ Integer32,
+ hh3cAclAdvancedSrcIp
+ IpAddress,
+ hh3cAclAdvancedSrcWild
+ IpAddress,
+ hh3cAclAdvancedSrcOp
+ INTEGER,
+ hh3cAclAdvancedSrcPort1
+ Integer32,
+ hh3cAclAdvancedSrcPort2
+ Integer32,
+ hh3cAclAdvancedDestIp
+ IpAddress,
+ hh3cAclAdvancedDestWild
+ IpAddress,
+ hh3cAclAdvancedDestOp
+ INTEGER,
+ hh3cAclAdvancedDestPort1
+ Integer32,
+ hh3cAclAdvancedDestPort2
+ Integer32,
+ hh3cAclAdvancedPrecedence
+ Integer32,
+ hh3cAclAdvancedTos
+ Integer32,
+ hh3cAclAdvancedDscp
+ Integer32,
+ hh3cAclAdvancedEstablish
+ TruthValue,
+ hh3cAclAdvancedTimeRangeName
+ OCTET STRING,
+ hh3cAclAdvancedIcmpType
+ Integer32,
+ hh3cAclAdvancedIcmpCode
+ Integer32,
+ hh3cAclAdvancedFragments
+ TruthValue,
+ hh3cAclAdvancedLog
+ TruthValue,
+ hh3cAclAdvancedEnable
+ TruthValue,
+ hh3cAclAdvancedCount
+ Counter32,
+ hh3cAclAdvancedCountClear
+ INTEGER,
+ hh3cAclAdvancedRowStatus
+ RowStatus
+ }
+
+ hh3cAclAdvancedAclNum OBJECT-TYPE
+ SYNTAX Integer32 (0|3000..3999|10000..12999)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The index of advanced acl group."
+ ::= { hh3cAclAdvancedRuleEntry 1 }
+
+ hh3cAclAdvancedSubitem OBJECT-TYPE
+ SYNTAX Integer32 (0..65535)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The subindex of advanced acl group."
+ ::= { hh3cAclAdvancedRuleEntry 2 }
+
+ hh3cAclAdvancedAct OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ permit(1),
+ deny(2)
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The action of Advance acl rule."
+
+ ::= { hh3cAclAdvancedRuleEntry 3 }
+
+ hh3cAclAdvancedProtocol OBJECT-TYPE
+ SYNTAX Integer32 (0..255)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The protocol-type of advanced acl group.
+ <1-255> Protocol number
+ gre GRE tunneling(47)
+ icmp Internet Control Message Protocol(1)
+ igmp Internet Group Management Protocol(2)
+ ip Any IP protocol
+ ipinip IP in IP tunneling(4)
+ ospf OSPF routing protocol(89)
+ tcp Transmission Control Protocol (6)
+ udp User Datagram Protocol (17)"
+ ::= { hh3cAclAdvancedRuleEntry 4 }
+
+ hh3cAclAdvancedSrcIp OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Source IP-address of advanced acl group."
+ ::= { hh3cAclAdvancedRuleEntry 5 }
+
+ hh3cAclAdvancedSrcWild OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Source IP-address wild of advanced acl group."
+ ::= { hh3cAclAdvancedRuleEntry 6 }
+
+ hh3cAclAdvancedSrcOp OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ invalid(0),
+ lt(1),
+ eq(2),
+ gt(3),
+ neq(4),
+ range(5)
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The source IP-address's operator of advanced acl group."
+ ::= { hh3cAclAdvancedRuleEntry 7 }
+
+ hh3cAclAdvancedSrcPort1 OBJECT-TYPE
+ SYNTAX Integer32 (0..65535)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The fourth layer source port1."
+ ::= { hh3cAclAdvancedRuleEntry 8 }
+
+ hh3cAclAdvancedSrcPort2 OBJECT-TYPE
+ SYNTAX Integer32 (0..65535)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The fourth layer source port2."
+ ::= { hh3cAclAdvancedRuleEntry 9 }
+
+ hh3cAclAdvancedDestIp OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Destination IP-address of advanced acl group."
+ ::= { hh3cAclAdvancedRuleEntry 10 }
+
+ hh3cAclAdvancedDestWild OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Destination IP-address wild of advanced acl group."
+ ::= { hh3cAclAdvancedRuleEntry 11 }
+
+ hh3cAclAdvancedDestOp OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ invalid(0),
+ lt(1),
+ eq(2),
+ gt(3),
+ neq(4),
+ range(5)
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The destination IP-address's operator of advanced acl group."
+ ::= { hh3cAclAdvancedRuleEntry 12 }
+
+ hh3cAclAdvancedDestPort1 OBJECT-TYPE
+ SYNTAX Integer32 (0..65535)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The fourth layer destination port1."
+ ::= { hh3cAclAdvancedRuleEntry 13 }
+
+ hh3cAclAdvancedDestPort2 OBJECT-TYPE
+ SYNTAX Integer32 (0..65535)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The fourth layer destination port2."
+ ::= { hh3cAclAdvancedRuleEntry 14 }
+
+ hh3cAclAdvancedPrecedence OBJECT-TYPE
+ SYNTAX Integer32 (0..7|255)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The value of IP-packet's precedence.
+ <0-7> Value of precedence
+ routine Specify routine precedence(0)
+ priority Specify priority precedence(1)
+ immediate Specify immediate precedence(2)
+ flash Specify flash precedence(3)
+ flash-override Specify flash-override precedence(4)
+ critical Specify critical precedence(5)
+ internet Specify internetwork control precedence(6)
+ network Specify network control precedence(7) "
+ ::= { hh3cAclAdvancedRuleEntry 15 }
+
+ hh3cAclAdvancedTos OBJECT-TYPE
+ SYNTAX Integer32 (0..15|255)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The value of IP-packet's TOS.
+ <0-15> Value of TOS(type of service)
+ max-reliability Match packets with max reliable TOS(2)
+ max-throughput Match packets with max throughput TOS(4)
+ min-delay Match packets with min delay TOS(8)
+ min-monetary-cost Match packets with min monetary cost TOS(1)
+ normal Match packets with normal TOS(0) "
+ ::= { hh3cAclAdvancedRuleEntry 16 }
+
+ hh3cAclAdvancedDscp OBJECT-TYPE
+ SYNTAX Integer32 (0..63|255)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The value of DSCP.
+ <0-63> Value of DSCP
+ af11 Specify Assured Forwarding 11 service(10)
+ af12 Specify Assured Forwarding 12 service(12)
+ af13 Specify Assured Forwarding 13 service(14)
+ af21 Specify Assured Forwarding 21 service(18)
+ af22 Specify Assured Forwarding 22 service(20)
+ af23 Specify Assured Forwarding 23 service(22)
+ af31 Specify Assured Forwarding 31 service(26)
+ af32 Specify Assured Forwarding 32 service(28)
+ af33 Specify Assured Forwarding 33 service(30)
+ af41 Specify Assured Forwarding 41 service(34)
+ af42 Specify Assured Forwarding 42 service(36)
+ af43 Specify Assured Forwarding 43 service(38)
+ be Specify Best Effort service(0)
+ cs1 Specify Class Selector 1 service(8)
+ cs2 Specify Class Selector 2 service(16)
+ cs3 Specify Class Selector 3 service(24)
+ cs4 Specify Class Selector 4 service(32)
+ cs5 Specify Class Selector 5 service(40)
+ cs6 Specify Class Selector 6 service(48)
+ cs7 Specify Class Selector 7 service(56)
+ ef Specify Expedited Forwarding service(46)"
+ ::= { hh3cAclAdvancedRuleEntry 17 }
+
+ hh3cAclAdvancedEstablish OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Establish flag."
+ DEFVAL { false }
+ ::= { hh3cAclAdvancedRuleEntry 18 }
+
+ hh3cAclAdvancedTimeRangeName OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE (0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The Time-range of advanced acl rule."
+ ::= { hh3cAclAdvancedRuleEntry 19 }
+
+ hh3cAclAdvancedIcmpType OBJECT-TYPE
+ SYNTAX Integer32 (0..255|65535)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The type of ICMP packet.
+ Integer32 ICMP type
+ echo Type=8, Code=0
+ echo-reply Type=0, Code=0
+ fragmentneed-DFset Type=3, Code=4
+ host-redirect Type=5, Code=1
+ host-tos-redirect Type=5, Code=3
+ host-unreachable Type=3, Code=1
+ information-reply Type=16, Code=0
+ information-request Type=15, Code=0
+ net-redirect Type=5, Code=0
+ net-tos-redirect Type=5, Code=2
+ net-unreachable Type=3, Code=0
+ parameter-problem Type=12, Code=0
+ port-unreachable Type=3, Code=3
+ protocol-unreachable Type=3, Code=2
+ reassembly-timeout Type=11, Code=1
+ source-quench Type=4, Code=0
+ source-route-failed Type=3, Code=5
+ timestamp-reply Type=14, Code=0
+ timestamp-request Type=13, Code=0
+ ttl-exceeded Type=11, Code=0 "
+ ::= { hh3cAclAdvancedRuleEntry 20 }
+
+ hh3cAclAdvancedIcmpCode OBJECT-TYPE
+ SYNTAX Integer32 (0..255|65535)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The code of ICMP packet."
+ ::= { hh3cAclAdvancedRuleEntry 21 }
+
+ hh3cAclAdvancedFragments OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The flag of matching fragmented packet."
+ ::= { hh3cAclAdvancedRuleEntry 22 }
+
+ hh3cAclAdvancedLog OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The flag of log."
+ ::= { hh3cAclAdvancedRuleEntry 23 }
+
+ hh3cAclAdvancedEnable OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The rule is active or not.
+ true : active
+ false : inactive
+ "
+ ::= { hh3cAclAdvancedRuleEntry 24 }
+
+ hh3cAclAdvancedCount OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The count of matched by advanced rule."
+ ::= { hh3cAclAdvancedRuleEntry 25 }
+
+ hh3cAclAdvancedCountClear OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ cleared(1),
+ nouse(2)
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Reset the value of counter."
+ ::= { hh3cAclAdvancedRuleEntry 26 }
+
+ hh3cAclAdvancedRowStatus OBJECT-TYPE
+ SYNTAX RowStatus
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "RowStatus, now support three state: CreateAndGo, Active, Destroy."
+ ::= { hh3cAclAdvancedRuleEntry 27 }
+--
+-- hh3cAclIfRuleTable
+--
+ hh3cAclIfRuleTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cAclIfRuleEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Configure the rule for interface-based acl group."
+ ::= { hh3cAclMibObjects 6 }
+
+ hh3cAclIfRuleEntry OBJECT-TYPE
+ SYNTAX Hh3cAclIfRuleEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Define the index of hh3cAclIfRuleTable."
+ INDEX { hh3cAclIfAclNum, hh3cAclIfSubitem }
+ ::= { hh3cAclIfRuleTable 1 }
+
+ Hh3cAclIfRuleEntry ::=
+ SEQUENCE {
+ hh3cAclIfAclNum
+ Integer32,
+ hh3cAclIfSubitem
+ Integer32,
+ hh3cAclIfAct
+ INTEGER,
+ hh3cAclIfIndex
+ Integer32,
+ hh3cAclIfAny
+ TruthValue,
+ hh3cAclIfTimeRangeName
+ OCTET STRING,
+ hh3cAclIfLog
+ TruthValue,
+ hh3cAclIfEnable
+ TruthValue,
+ hh3cAclIfCount
+ Counter32,
+ hh3cAclIfCountClear
+ INTEGER,
+ hh3cAclIfRowStatus
+ RowStatus
+ }
+
+ hh3cAclIfAclNum OBJECT-TYPE
+ SYNTAX Integer32 (0|1000..1999|10000..12999)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The index of interface-based acl group."
+ ::= { hh3cAclIfRuleEntry 1 }
+
+ hh3cAclIfSubitem OBJECT-TYPE
+ SYNTAX Integer32 (0..65535)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The subindex of interface-based acl group."
+ ::= { hh3cAclIfRuleEntry 2 }
+
+ hh3cAclIfAct OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ permit(1),
+ deny(2)
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The action of interface-based acl group."
+ ::= { hh3cAclIfRuleEntry 3 }
+
+ hh3cAclIfIndex OBJECT-TYPE
+ SYNTAX Integer32 (0..2147483647)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The index of interface."
+ ::= { hh3cAclIfRuleEntry 4 }
+
+ hh3cAclIfAny OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The flag of matching any interface."
+ ::= { hh3cAclIfRuleEntry 5 }
+
+ hh3cAclIfTimeRangeName OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE (0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The Time-range of interface-based acl rule."
+ ::= { hh3cAclIfRuleEntry 6 }
+
+ hh3cAclIfLog OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The flag of log."
+ ::= { hh3cAclIfRuleEntry 7 }
+
+ hh3cAclIfEnable OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The rule is active or not.
+ true : active
+ false : inactive
+ "
+ ::= { hh3cAclIfRuleEntry 8 }
+
+ hh3cAclIfCount OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The count of matched by basic rule."
+ ::= { hh3cAclIfRuleEntry 9 }
+
+ hh3cAclIfCountClear OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ cleared(1),
+ nouse(2)
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Reset the value of the rule's counter."
+ ::= { hh3cAclIfRuleEntry 10 }
+
+ hh3cAclIfRowStatus OBJECT-TYPE
+ SYNTAX RowStatus
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "RowStatus, now support three state: CreateAndGo, Active, Destroy."
+ ::= { hh3cAclIfRuleEntry 11 }
+
+--
+-- hh3cAclLinkTable
+--
+ hh3cAclLinkTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cAclLinkEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Create link acl."
+ ::= { hh3cAclMibObjects 7 }
+
+ hh3cAclLinkEntry OBJECT-TYPE
+ SYNTAX Hh3cAclLinkEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The entry of the link acl table."
+ INDEX { hh3cAclLinkAclNum, hh3cAclLinkSubitem }
+ ::= { hh3cAclLinkTable 1 }
+
+ Hh3cAclLinkEntry ::=
+ SEQUENCE {
+ hh3cAclLinkAclNum
+ Integer32,
+ hh3cAclLinkSubitem
+ Integer32,
+ hh3cAclLinkAct
+ INTEGER,
+ hh3cAclLinkProtocol
+ INTEGER,
+ hh3cAclLinkFormatType
+ INTEGER,
+ hh3cAclLinkVlanTag
+ INTEGER,
+ hh3cAclLinkVlanPri
+ Integer32,
+ hh3cAclLinkSrcVlanId
+ Integer32,
+ hh3cAclLinkSrcMac
+ MacAddress,
+ hh3cAclLinkSrcMacWild
+ MacAddress,
+ hh3cAclLinkSrcIfIndex
+ Integer32,
+ hh3cAclLinkSrcAny
+ TruthValue,
+ hh3cAclLinkDestVlanId
+ Integer32,
+ hh3cAclLinkDestMac
+ MacAddress,
+ hh3cAclLinkDestMacWild
+ MacAddress,
+ hh3cAclLinkDestIfIndex
+ Integer32,
+ hh3cAclLinkDestAny
+ TruthValue,
+ hh3cAclLinkTimeRangeName
+ OCTET STRING,
+ hh3cAclLinkEnable
+ TruthValue,
+ hh3cAclLinkRowStatus
+ RowStatus,
+ hh3cAclLinkTypeCode
+ OCTET STRING,
+ hh3cAclLinkTypeMask
+ OCTET STRING,
+ hh3cAclLinkLsapCode
+ OCTET STRING,
+ hh3cAclLinkLsapMask
+ OCTET STRING,
+ hh3cAclLinkL2LabelRangeOp
+ INTEGER,
+ hh3cAclLinkL2LabelRangeBegin
+ Integer32,
+ hh3cAclLinkL2LabelRangeEnd
+ Integer32,
+ hh3cAclLinkMplsExp
+ Integer32
+ }
+
+ hh3cAclLinkAclNum OBJECT-TYPE
+ SYNTAX Integer32 (0|4000..4999|10000..12999)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The index of link-based acl group."
+ ::= { hh3cAclLinkEntry 1 }
+
+ hh3cAclLinkSubitem OBJECT-TYPE
+ SYNTAX Integer32 (0..65535)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The subindex of link-based acl group."
+ ::= { hh3cAclLinkEntry 2 }
+
+ hh3cAclLinkAct OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ permit(1),
+ deny(2)
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The action of link-based acl group."
+ ::= { hh3cAclLinkEntry 3 }
+
+ hh3cAclLinkProtocol OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ invalid(0),
+ ip(2048),
+ arp(2054),
+ rarp(32821),
+ mpls(34887),
+ pppoeControl(34915),
+ pppoeData(34916)
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The layer 2 protocol-type of link acl rule."
+ DEFVAL { invalid }
+ ::= { hh3cAclLinkEntry 4 }
+
+ hh3cAclLinkFormatType OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ invalid(0),
+ ethernetII(1),
+ snap(2),
+ ieee802Dot3And2(3),
+ ieee802Dot3(4)
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Format type of link acl rule."
+ ::= { hh3cAclLinkEntry 5 }
+
+ hh3cAclLinkVlanTag OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ invalid(0),
+ tagged(1),
+ untagged(2)
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The flag of vlan tag of link acl rule."
+ ::= { hh3cAclLinkEntry 6 }
+
+ hh3cAclLinkVlanPri OBJECT-TYPE
+ SYNTAX Integer32 (0..7 | 255)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Vlan priority of link acl rule."
+ ::= { hh3cAclLinkEntry 7 }
+
+ hh3cAclLinkSrcVlanId OBJECT-TYPE
+ SYNTAX Integer32 (0..4094)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Source vlan ID of link acl rule."
+ ::= { hh3cAclLinkEntry 8 }
+
+ hh3cAclLinkSrcMac OBJECT-TYPE
+ SYNTAX MacAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Source mac of link acl rule."
+ ::= { hh3cAclLinkEntry 9 }
+
+ hh3cAclLinkSrcMacWild OBJECT-TYPE
+ SYNTAX MacAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Source mac wildzard of link acl rule."
+ ::= { hh3cAclLinkEntry 10 }
+
+ hh3cAclLinkSrcIfIndex OBJECT-TYPE
+ SYNTAX Integer32 (0..2147483647)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Source IfIndex of link acl rule."
+ ::= { hh3cAclLinkEntry 11 }
+
+ hh3cAclLinkSrcAny OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The flag of matching any source."
+ ::= { hh3cAclLinkEntry 12 }
+
+ hh3cAclLinkDestVlanId OBJECT-TYPE
+ SYNTAX Integer32 (0..4094)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Destination vlan ID of link acl rule."
+ ::= { hh3cAclLinkEntry 13 }
+
+ hh3cAclLinkDestMac OBJECT-TYPE
+ SYNTAX MacAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Destination mac of link acl rule."
+ ::= { hh3cAclLinkEntry 14 }
+
+ hh3cAclLinkDestMacWild OBJECT-TYPE
+ SYNTAX MacAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Destination mac wildzard of link acl rule."
+ ::= { hh3cAclLinkEntry 15 }
+
+ hh3cAclLinkDestIfIndex OBJECT-TYPE
+ SYNTAX Integer32 (0..2147483647)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Destination IfIndex of link acl rule."
+ ::= { hh3cAclLinkEntry 16 }
+
+ hh3cAclLinkDestAny OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The flag of matching any destination."
+ ::= { hh3cAclLinkEntry 17 }
+
+ hh3cAclLinkTimeRangeName OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE (0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The Time-range of link-based acl rule."
+ ::= { hh3cAclLinkEntry 18 }
+
+ hh3cAclLinkEnable OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The rule is active or not.
+ true : active
+ false : inactive
+ "
+ ::= { hh3cAclLinkEntry 19 }
+
+ hh3cAclLinkRowStatus OBJECT-TYPE
+ SYNTAX RowStatus
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "RowStatus, now support three state: CreateAndGo, Active, Destroy."
+ ::= { hh3cAclLinkEntry 20 }
+
+ hh3cAclLinkTypeCode OBJECT-TYPE
+ SYNTAX OCTET STRING ( SIZE(0..32) )
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The type of layer 2 protocol.0x0000...0xffff."
+ ::= { hh3cAclLinkEntry 21 }
+
+ hh3cAclLinkTypeMask OBJECT-TYPE
+ SYNTAX OCTET STRING ( SIZE(0..32) )
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The mask of layer 2 protocol.0x0000...0xffff."
+ ::= { hh3cAclLinkEntry 22 }
+
+ hh3cAclLinkLsapCode OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The type of LSAP.0x0000...0xffff."
+ ::= { hh3cAclLinkEntry 23 }
+
+ hh3cAclLinkLsapMask OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The mask of LSAP.0x0000...0xffff."
+ ::= { hh3cAclLinkEntry 24 }
+
+ hh3cAclLinkL2LabelRangeOp OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ invalid(0),
+ lt(1),
+ eq(2),
+ gt(3),
+ neq(4),
+ range(5)
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Operation symbol of the MPLS label.
+ If the symbol is range(5), the objects hh3cAclLinkL2LabelRangeBegin and
+ hh3cAclLinkL2LabelRangeEnd should have different values indicating a range.
+ Otherwise, only hh3cAclLinkL2LabelRangeBegin counts,
+ object hh3cAclLinkL2LabelRangeEnd is ignored.
+
+ invalid(0) -- unavailable
+ lt(1) -- less than
+ eq(2) -- equal
+ gt(3) -- great than
+ neq(4) -- not equal
+ range(5) -- a range with two ends included
+ "
+ ::= { hh3cAclLinkEntry 25 }
+
+ hh3cAclLinkL2LabelRangeBegin OBJECT-TYPE
+ SYNTAX Integer32
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The beginning of VPLS VC label."
+ ::= { hh3cAclLinkEntry 26 }
+
+ hh3cAclLinkL2LabelRangeEnd OBJECT-TYPE
+ SYNTAX Integer32
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The end of VPLS VC label."
+ ::= { hh3cAclLinkEntry 27 }
+
+ hh3cAclLinkMplsExp OBJECT-TYPE
+ SYNTAX Integer32
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The value of MPLS-packet's Exp."
+ ::= { hh3cAclLinkEntry 28 }
+--
+-- hh3cAclUserTable
+--
+ hh3cAclUserTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cAclUserEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Create user acl."
+ ::= { hh3cAclMibObjects 8 }
+
+ hh3cAclUserEntry OBJECT-TYPE
+ SYNTAX Hh3cAclUserEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The entry of user acl table."
+ INDEX { hh3cAclUserAclNum, hh3cAclUserSubitem }
+ ::= { hh3cAclUserTable 1 }
+
+ Hh3cAclUserEntry ::=
+ SEQUENCE {
+ hh3cAclUserAclNum
+ Integer32,
+ hh3cAclUserSubitem
+ Integer32,
+ hh3cAclUserAct
+ INTEGER,
+ hh3cAclUserFormatType
+ INTEGER,
+ hh3cAclUserVlanTag
+ INTEGER,
+ hh3cAclUserRuleStr
+ OCTET STRING,
+ hh3cAclUserRuleMask
+ OCTET STRING,
+ hh3cAclUserTimeRangeName
+ OCTET STRING,
+ hh3cAclUserEnable
+ TruthValue,
+ hh3cAclUserRowStatus
+ RowStatus
+ }
+
+ hh3cAclUserAclNum OBJECT-TYPE
+ SYNTAX Integer32 (0|5000..5999|10000..12999)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The number of the user acl."
+ ::= { hh3cAclUserEntry 1 }
+
+ hh3cAclUserSubitem OBJECT-TYPE
+ SYNTAX Integer32 (0..65535)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The subitem of the user acl."
+ ::= { hh3cAclUserEntry 2 }
+
+ hh3cAclUserAct OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ permit(1),
+ deny(2)
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The action of the user acl."
+ ::= { hh3cAclUserEntry 3 }
+
+ hh3cAclUserFormatType OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ invalid(0),
+ ethernetII(1),
+ snap(2),
+ ieee802Dot2And3(3),
+ ieee802Dot4(4)
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Format type."
+ DEFVAL { invalid }
+ ::= { hh3cAclUserEntry 4 }
+
+ hh3cAclUserVlanTag OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ invalid(0),
+ tagged(1),
+ untagged(2)
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Vlan tag exits or not."
+ DEFVAL { invalid }
+ ::= { hh3cAclUserEntry 5 }
+
+ hh3cAclUserRuleStr OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE (1..80))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Rule string."
+ ::= { hh3cAclUserEntry 6 }
+
+ hh3cAclUserRuleMask OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE (1..80))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Rule mask."
+ ::= { hh3cAclUserEntry 7 }
+
+ hh3cAclUserTimeRangeName OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE (0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The Time-range of the user defined acl."
+ ::= { hh3cAclUserEntry 8 }
+
+ hh3cAclUserEnable OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The rule is active or not.
+ true : active
+ false : inactive
+ "
+ ::= { hh3cAclUserEntry 9 }
+
+ hh3cAclUserRowStatus OBJECT-TYPE
+ SYNTAX RowStatus
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "RowStatus, now support three state: CreateAndGo, Active, Destroy."
+ ::= { hh3cAclUserEntry 10 }
+--
+-- hh3cAclActiveTable
+--
+ hh3cAclActiveTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cAclActiveEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Active acl."
+ ::= { hh3cAclMibObjects 9 }
+
+ hh3cAclActiveEntry OBJECT-TYPE
+ SYNTAX Hh3cAclActiveEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The entry of active acl table."
+ INDEX { hh3cAclActiveAclIndex,
+ hh3cAclActiveIfIndex,
+ hh3cAclActiveVlanID,
+ hh3cAclActiveDirection
+ }
+ ::= { hh3cAclActiveTable 1 }
+
+ Hh3cAclActiveEntry ::=
+ SEQUENCE {
+ hh3cAclActiveAclIndex
+ Integer32,
+ hh3cAclActiveIfIndex
+ Integer32,
+ hh3cAclActiveVlanID
+ Integer32,
+ hh3cAclActiveDirection
+ INTEGER,
+ hh3cAclActiveUserAclNum
+ Integer32,
+ hh3cAclActiveUserAclSubitem
+ Integer32,
+ hh3cAclActiveIpAclNum
+ Integer32,
+ hh3cAclActiveIpAclSubitem
+ Integer32,
+ hh3cAclActiveLinkAclNum
+ Integer32,
+ hh3cAclActiveLinkAclSubitem
+ Integer32,
+ hh3cAclActiveRuntime
+ TruthValue,
+ hh3cAclActiveRowStatus
+ RowStatus
+ }
+
+ hh3cAclActiveAclIndex OBJECT-TYPE
+ SYNTAX Integer32 (0|1..5999|10000..12999)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Acl index."
+ ::= { hh3cAclActiveEntry 1 }
+
+ hh3cAclActiveIfIndex OBJECT-TYPE
+ SYNTAX Integer32 (0..2147483647)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "IfIndex."
+ ::= { hh3cAclActiveEntry 2 }
+
+ hh3cAclActiveVlanID OBJECT-TYPE
+ SYNTAX Integer32
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The lower 16 bits is Vlan ID, the higher 16 bits,
+ if not zero, it describes the slot ID of the L3plus board.
+ "
+ ::= { hh3cAclActiveEntry 3 }
+
+ hh3cAclActiveDirection OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ invalid(0),
+ input(1),
+ output(2),
+ both(3)
+ }
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Direction."
+ ::= { hh3cAclActiveEntry 4 }
+
+ hh3cAclActiveUserAclNum OBJECT-TYPE
+ SYNTAX Integer32 (0|5000..5999|10000..12999)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The number of the user acl."
+ ::= { hh3cAclActiveEntry 5 }
+
+ hh3cAclActiveUserAclSubitem OBJECT-TYPE
+ SYNTAX Integer32 (0..65535)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The subitem of the user acl."
+ ::= { hh3cAclActiveEntry 6 }
+
+ hh3cAclActiveIpAclNum OBJECT-TYPE
+ SYNTAX Integer32 (0|2000..3999|10000..12999)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The number of the IP acl."
+ ::= { hh3cAclActiveEntry 7 }
+
+ hh3cAclActiveIpAclSubitem OBJECT-TYPE
+ SYNTAX Integer32 (0..65535)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The subitem of the IP acl."
+ ::= { hh3cAclActiveEntry 8 }
+
+ hh3cAclActiveLinkAclNum OBJECT-TYPE
+ SYNTAX Integer32 (0|4000..4999|10000..12999)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The num of the link acl."
+ ::= { hh3cAclActiveEntry 9 }
+
+ hh3cAclActiveLinkAclSubitem OBJECT-TYPE
+ SYNTAX Integer32 (0..65535)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The subitem of the link acl."
+ ::= { hh3cAclActiveEntry 10 }
+
+ hh3cAclActiveRuntime OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Is run or not."
+ ::= { hh3cAclActiveEntry 11 }
+
+ hh3cAclActiveRowStatus OBJECT-TYPE
+ SYNTAX RowStatus
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "RowStatus, now support three state: CreateAndGo, Active, Destroy."
+ ::= { hh3cAclActiveEntry 12 }
+
+--
+-- hh3cAclIDSTable
+--
+ hh3cAclIDSTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cAclIDSEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Configure the rule for IDS."
+ ::= { hh3cAclMibObjects 10 }
+
+ hh3cAclIDSEntry OBJECT-TYPE
+ SYNTAX Hh3cAclIDSEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The entry of acl ids table."
+ INDEX { IMPLIED hh3cAclIDSName}
+ ::= { hh3cAclIDSTable 1 }
+
+ Hh3cAclIDSEntry ::=
+ SEQUENCE {
+ hh3cAclIDSName
+ OCTET STRING,
+ hh3cAclIDSSrcMac
+ MacAddress,
+ hh3cAclIDSDestMac
+ MacAddress,
+ hh3cAclIDSSrcIp
+ IpAddress,
+ hh3cAclIDSSrcWild
+ IpAddress,
+ hh3cAclIDSDestIp
+ IpAddress,
+ hh3cAclIDSDestWild
+ IpAddress,
+ hh3cAclIDSSrcPort
+ Integer32,
+ hh3cAclIDSDestPort
+ Integer32,
+ hh3cAclIDSProtocol
+ Integer32,
+ hh3cAclIDSDenyTime
+ Unsigned32,
+ hh3cAclIDSAct
+ INTEGER,
+ hh3cAclIDSRowStatus
+ RowStatus
+ }
+
+ hh3cAclIDSName OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE (1..32))
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The name index of the IDS table."
+ ::= { hh3cAclIDSEntry 1 }
+
+ hh3cAclIDSSrcMac OBJECT-TYPE
+ SYNTAX MacAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Source mac of IDS acl rule."
+ ::= { hh3cAclIDSEntry 2 }
+
+
+ hh3cAclIDSDestMac OBJECT-TYPE
+ SYNTAX MacAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Destination mac of IDS acl rule."
+ ::= { hh3cAclIDSEntry 3 }
+
+ hh3cAclIDSSrcIp OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Source IP-address of IDS acl rule."
+ ::= { hh3cAclIDSEntry 4 }
+
+ hh3cAclIDSSrcWild OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Source IP-address wild of IDS acl rule."
+ ::= { hh3cAclIDSEntry 5 }
+
+ hh3cAclIDSDestIp OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Destination IP-address of IDS acl rule."
+ ::= { hh3cAclIDSEntry 6 }
+
+ hh3cAclIDSDestWild OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Destination IP-address wild of IDS acl rule."
+ ::= { hh3cAclIDSEntry 7 }
+
+ hh3cAclIDSSrcPort OBJECT-TYPE
+ SYNTAX Integer32 (0..65535)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The fourth layer source port."
+ ::= { hh3cAclIDSEntry 8 }
+
+ hh3cAclIDSDestPort OBJECT-TYPE
+ SYNTAX Integer32 (0..65535)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The fourth layer destination port."
+ ::= { hh3cAclIDSEntry 9 }
+
+ hh3cAclIDSProtocol OBJECT-TYPE
+ SYNTAX Integer32 (0..255)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The protocol-type of advanced acl group.
+ <1-255> Protocol number
+ gre GRE tunneling(47)
+ icmp Internet Control Message Protocol(1)
+ igmp Internet Group Management Protocol(2)
+ ip Any IP protocol
+ ipinip IP in IP tunneling(4)
+ ospf OSPF routing protocol(89)
+ tcp Transmission Control Protocol (6)
+ udp User Datagram Protocol (17)
+ "
+ ::= { hh3cAclIDSEntry 10 }
+
+ hh3cAclIDSDenyTime OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The maximum number of seconds which deny for this acl rule."
+ DEFVAL { 0 }
+ ::= { hh3cAclIDSEntry 11 }
+
+
+ hh3cAclIDSAct OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ permit(1),
+ deny(2)
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The action of IDS acl rule."
+ ::= { hh3cAclIDSEntry 12 }
+
+ hh3cAclIDSRowStatus OBJECT-TYPE
+ SYNTAX RowStatus
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "RowStatus, now supports three states: CreateAndGo, Active, and Destroy."
+ ::= { hh3cAclIDSEntry 13 }
+--
+-- Nodes of hh3cAclMib2Objects
+--
+ hh3cAclMib2Objects OBJECT IDENTIFIER ::= { hh3cAcl 2 }
+--
+-- Nodes of hh3cAclMib2GlobalGroup
+--
+ hh3cAclMib2GlobalGroup OBJECT IDENTIFIER ::= { hh3cAclMib2Objects 1 }
+
+ hh3cAclMib2NodesGroup OBJECT IDENTIFIER ::= { hh3cAclMib2GlobalGroup 1 }
+
+ hh3cAclMib2Mode OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ linkBased(1),
+ ipBased(2)
+ }
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "The applying mode of ACL."
+ ::= { hh3cAclMib2NodesGroup 1 }
+
+ hh3cAclMib2Version OBJECT-TYPE
+ SYNTAX Integer32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The version of this file.
+ The output value has the format of 'xx'or 'xxx'.
+ For example: 10 means 1.0; 125 means 12.5.
+ "
+ ::= { hh3cAclMib2NodesGroup 2 }
+
+ hh3cAclMib2ObjectsCapabilities OBJECT-TYPE
+ SYNTAX BITS
+ {
+ hh3cAclMib2Mode(0),
+ hh3cAclVersion(1),
+ hh3cAclMib2ObjectsCapabilities(2),
+ hh3cAclMib2CapabilityTable(3),
+ hh3cAclNumberGroupTable(4),
+ hh3cAclIPAclBasicTable(5),
+ hh3cAclIPAclAdvancedTable(6),
+ hh3cAclMACTable(7),
+ hh3cAclEnUserTable(8),
+ hh3cAclMib2ProcessingStatus(9)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The objects of hh3cAclMib2Objects."
+ ::= { hh3cAclMib2NodesGroup 3 }
+
+ hh3cAclMib2ProcessingStatus OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ processing(1),
+ done(2)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The processing status of ACL operation."
+ ::= { hh3cAclMib2NodesGroup 4 }
+
+ hh3cAclMib2ResourceThreshold OBJECT-TYPE
+ SYNTAX Integer32 (0..100)
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "The threshold of TCAM resources.
+ The value 0 indicates that cancelling the TCAM resource notification function."
+ ::= { hh3cAclMib2NodesGroup 5 }
+
+ hh3cAclMib2ResourceLogInterval OBJECT-TYPE
+ SYNTAX Integer32 (1..60)
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "The value of interval. It must be in the range of 1 to 60.
+ Default value is 5."
+ ::= { hh3cAclMib2NodesGroup 6 }
+
+ hh3cAclMib2CapabilityTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cAclMib2CapabilityEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The capability of mib2."
+ ::= { hh3cAclMib2GlobalGroup 2 }
+
+ hh3cAclMib2CapabilityEntry OBJECT-TYPE
+ SYNTAX Hh3cAclMib2CapabilityEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The information of Capability of mib2."
+ INDEX { hh3cAclMib2EntityType,
+ hh3cAclMib2EntityIndex,
+ hh3cAclMib2ModuleIndex,
+ hh3cAclMib2CharacteristicsIndex
+ }
+ ::= { hh3cAclMib2CapabilityTable 1 }
+
+ Hh3cAclMib2CapabilityEntry ::=
+ SEQUENCE
+ {
+ hh3cAclMib2EntityType
+ INTEGER,
+ hh3cAclMib2EntityIndex
+ Integer32,
+ hh3cAclMib2ModuleIndex
+ INTEGER,
+ hh3cAclMib2CharacteristicsIndex
+ Integer32,
+ hh3cAclMib2CharacteristicsDesc
+ OCTET STRING,
+ hh3cAclMib2CharacteristicsValue
+ Unsigned32
+ }
+
+ hh3cAclMib2EntityType OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ system(1),
+ interface(2)
+ }
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The type of entity.
+ system: The entity is systemic level.
+ interface: The entity is interface level.
+ "
+ ::= { hh3cAclMib2CapabilityEntry 1 }
+
+ hh3cAclMib2EntityIndex OBJECT-TYPE
+ SYNTAX Integer32 (0..2147483647)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The index of entity.
+ If hh3cAclMib2EntityType is system, the value of this object is 0.
+
+ If hh3cAclMib2EntityType is interface,
+ the value of this object is equal to 'ifIndex'.
+ "
+ ::= { hh3cAclMib2CapabilityEntry 2 }
+
+ hh3cAclMib2ModuleIndex OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ layer3(1),
+ layer2(2),
+ userDefined(3)
+ }
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The module index of ACL."
+ ::= { hh3cAclMib2CapabilityEntry 3 }
+
+ hh3cAclMib2CharacteristicsIndex OBJECT-TYPE
+ SYNTAX Integer32 (0..2147483647)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The characteristics index of mib2.
+ See DESCRIPTION of hh3cAclMib2CharacteristicsValue
+ to get detail information about the value of this object.
+ "
+ ::= { hh3cAclMib2CapabilityEntry 4 }
+
+ hh3cAclMib2CharacteristicsDesc OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..255))
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The description of characteristics."
+ ::= { hh3cAclMib2CapabilityEntry 5 }
+
+ hh3cAclMib2CharacteristicsValue OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The value of capability of this object.
+ TypeOfRuleStringValue : notSupport(0) and the length of
+ RuleString.
+
+ TypeOfCodeValue : OnlyOneNotSupport(0),
+ MoreThanOneNotSupport(1)
+ If hh3cAclMib2CharacteristicsValue is 'moreThanOneNotSupport',
+ hh3cAclMib2CharacteristicsDesc must be used to depict which
+ protocols are not supported. The output value of
+ hh3cAclMib2CharacteristicsDesc has the format of 'a,b'.
+ For example, 'ip,rarp'.
+
+ layer3 Module:
+ Index Characteristics value
+ 1 SourceIPAddress notSupport(0)
+ 2 DestinationIPAddress notSupport(0)
+ 3 SourcePort notSupport(0)
+ 4 DestinationPort notSupport(0)
+ 5 IPPrecedence notSupport(0)
+ 6 TOS notSupport(0)
+ 7 DSCP notSupport(0)
+ 8 TCPFlag notSupport(0)
+ 9 FragmentFlag notSupport(0)
+ 10 Log notSupport(0)
+ 11 RuleMatchCounter notSupport(0)
+ 12 ResetRuleMatchCounter notSupport(0)
+ 13 VPN notSupport(0)
+ 15 protocol notSupport(0)
+ 16 AddressFlag notSupport(0)
+
+ layer2 Module:
+ Index Characteristics value
+ 1 ProtocolType TypeOfCodeValue
+ 2 SourceMAC notSupport(0)
+ 3 DestinationMAC notSupport(0)
+ 4 LSAPType TypeOfCodeValue
+ 5 CoS notSupport(0)
+
+ UserDefined Module:
+ Index Characteristics value
+ 1 UserDefaultOffset TypeOfRuleStringValue
+ 2 UserL2RuleOffset TypeOfRuleStringValue
+ 3 UserMplsOffset TypeOfRuleStringValue
+ 4 UserIPv4Offset TypeOfRuleStringValue
+ 5 UserIPv6Offset TypeOfRuleStringValue
+ 6 UserL4Offset TypeOfRuleStringValue
+ 7 UserL5Offset TypeOfRuleStringValue
+ "
+ ::= { hh3cAclMib2CapabilityEntry 6 }
+
+--
+-- Nodes of number group
+--
+ hh3cAclNumberGroupTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cAclNumberGroupEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "A table of the number acl group information."
+ ::= { hh3cAclMib2GlobalGroup 3 }
+
+ hh3cAclNumberGroupEntry OBJECT-TYPE
+ SYNTAX Hh3cAclNumberGroupEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Number acl group information entry."
+ INDEX { hh3cAclNumberGroupType, hh3cAclNumberGroupIndex }
+ ::= { hh3cAclNumberGroupTable 1 }
+
+ Hh3cAclNumberGroupEntry ::=
+ SEQUENCE
+ {
+ hh3cAclNumberGroupType
+ INTEGER,
+ hh3cAclNumberGroupIndex
+ Integer32,
+ hh3cAclNumberGroupRowStatus
+ RowStatus,
+ hh3cAclNumberGroupMatchOrder
+ INTEGER,
+ hh3cAclNumberGroupStep
+ Integer32,
+ hh3cAclNumberGroupDescription
+ OCTET STRING,
+ hh3cAclNumberGroupCountClear
+ CounterClear,
+ hh3cAclNumberGroupRuleCounter
+ Counter32,
+ hh3cAclNumberGroupName
+ OCTET STRING
+ }
+ hh3cAclNumberGroupType OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ ipv4(1),
+ ipv6(2),
+ mac(3),
+ user(4)
+ }
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The type of number group.
+ Basic ACL and Advanced ACL support ipv4 and ipv6.
+ The range of Basic ACL is from 2000 to 2999.
+ The range of Advanced ACL is from 3000 to 3999.
+
+ Simple ACL supports ipv6 only.
+ The range of Simple ACL is from 10000 to 42767.
+
+ MAC ACL support mac only.
+ The range of MAC ACL is from 4000 to 4999.
+
+ User-defined ACL support user only.
+ The range of user-defined ACL is from 5000 to 5999.
+ "
+ ::= { hh3cAclNumberGroupEntry 1 }
+
+ hh3cAclNumberGroupIndex OBJECT-TYPE
+ SYNTAX Integer32 (2000..5999|10000..42767)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The group index of number acl.
+ Basic type:2000..2999
+ Advanced type:3000..3999
+ MAC type:4000..4999
+ User type:5000..5999
+ Simple type:10000..42767
+ "
+ ::= { hh3cAclNumberGroupEntry 2 }
+
+ hh3cAclNumberGroupRowStatus OBJECT-TYPE
+ SYNTAX RowStatus
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "RowStatus."
+ ::= { hh3cAclNumberGroupEntry 3 }
+
+ hh3cAclNumberGroupMatchOrder OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ config(1),
+ auto(2)
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The match-order of number acl group."
+ DEFVAL { config }
+ ::= { hh3cAclNumberGroupEntry 4 }
+
+ hh3cAclNumberGroupStep OBJECT-TYPE
+ SYNTAX Integer32 (1..20)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The step of rule index."
+ DEFVAL { 5 }
+ ::= { hh3cAclNumberGroupEntry 5 }
+
+ hh3cAclNumberGroupDescription OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..127))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Description of this acl group."
+ ::= { hh3cAclNumberGroupEntry 6 }
+
+ hh3cAclNumberGroupCountClear OBJECT-TYPE
+ SYNTAX CounterClear
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "Reset the value of counters of this group."
+ DEFVAL { nouse }
+ ::= { hh3cAclNumberGroupEntry 7 }
+
+ hh3cAclNumberGroupRuleCounter OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The rule count of number acl group."
+ ::= { hh3cAclNumberGroupEntry 8 }
+
+ hh3cAclNumberGroupName OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..63))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Name of this acl group."
+ ::= { hh3cAclNumberGroupEntry 9 }
+
+--
+-- Nodes of named ACL group
+--
+ hh3cAclNamedGroupTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cAclNamedGroupEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "A table of the named ACL group."
+ ::= { hh3cAclMib2GlobalGroup 4 }
+
+ hh3cAclNamedGroupEntry OBJECT-TYPE
+ SYNTAX Hh3cAclNamedGroupEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Named ACL group entry."
+ INDEX
+ {
+ hh3cAclNumberGroupType,
+ hh3cAclNamedGroupCategory,
+ hh3cAclNamedGroupName
+ }
+ ::= { hh3cAclNamedGroupTable 1 }
+
+ Hh3cAclNamedGroupEntry ::=
+ SEQUENCE
+ {
+ hh3cAclNamedGroupCategory
+ INTEGER,
+ hh3cAclNamedGroupName
+ OCTET STRING,
+ hh3cAclNamedGroupRowStatus
+ RowStatus,
+ hh3cAclNamedGroupMatchOrder
+ INTEGER,
+ hh3cAclNamedGroupStep
+ Integer32,
+ hh3cAclNamedGroupDescription
+ OCTET STRING,
+ hh3cAclNamedGroupCountClear
+ CounterClear,
+ hh3cAclNamedGroupRuleCounter
+ Counter32
+ }
+
+ hh3cAclNamedGroupCategory OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ invalid(0),
+ basic(1),
+ advanced(2)
+ }
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The category of number group. 1 indicates basic ACL, 2 indicates
+ advanced ACL."
+ ::= { hh3cAclNamedGroupEntry 1 }
+
+ hh3cAclNamedGroupName OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(1..63))
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Name of an ACL group, a case-insensitive string of 1 to 63
+ characters. It must start with an English letter.
+ "
+ ::= { hh3cAclNamedGroupEntry 2 }
+
+ hh3cAclNamedGroupRowStatus OBJECT-TYPE
+ SYNTAX RowStatus
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "RowStatus."
+ ::= { hh3cAclNamedGroupEntry 3 }
+
+ hh3cAclNamedGroupMatchOrder OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ config(1),
+ auto(2)
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The match-order of name acl group."
+ DEFVAL { config }
+ ::= { hh3cAclNamedGroupEntry 4 }
+
+ hh3cAclNamedGroupStep OBJECT-TYPE
+ SYNTAX Integer32 (1..20)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The numbering step of the increment of the rule index."
+ DEFVAL { 5 }
+ ::= { hh3cAclNamedGroupEntry 5 }
+
+ hh3cAclNamedGroupDescription OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..127))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Description of this ACL group."
+ ::= { hh3cAclNamedGroupEntry 6 }
+
+ hh3cAclNamedGroupCountClear OBJECT-TYPE
+ SYNTAX CounterClear
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "Reset the statistics counter of this group."
+ DEFVAL { nouse }
+ ::= { hh3cAclNamedGroupEntry 7 }
+
+ hh3cAclNamedGroupRuleCounter OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The amount of rules of this group."
+ ::= { hh3cAclNamedGroupEntry 8 }
+
+--
+-- Node of hh3cAclIPv6Group
+--
+ hh3cAclIPAclGroup OBJECT IDENTIFIER ::= { hh3cAclMib2Objects 2 }
+
+--
+-- Nodes of hh3cAclIPAclBasicTable
+--
+
+ hh3cAclIPAclBasicTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cAclIPAclBasicEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "A table of basic rule group.
+ If some objects of this table are not supported by some products,
+ these objects can't be created, changed or applied.
+ Default value of these objects will be returned when they are read.
+ "
+ ::= { hh3cAclIPAclGroup 2 }
+
+ hh3cAclIPAclBasicEntry OBJECT-TYPE
+ SYNTAX Hh3cAclIPAclBasicEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Basic rule group information."
+ INDEX { hh3cAclNumberGroupType,
+ hh3cAclNumberGroupIndex,
+ hh3cAclIPAclBasicRuleIndex
+ }
+ ::= { hh3cAclIPAclBasicTable 1 }
+
+ Hh3cAclIPAclBasicEntry ::=
+ SEQUENCE
+ {
+ hh3cAclIPAclBasicRuleIndex
+ Integer32,
+ hh3cAclIPAclBasicRowStatus
+ RowStatus,
+ hh3cAclIPAclBasicAct
+ RuleAction,
+ hh3cAclIPAclBasicSrcAddrType
+ InetAddressType,
+ hh3cAclIPAclBasicSrcAddr
+ InetAddress,
+ hh3cAclIPAclBasicSrcPrefix
+ InetAddressPrefixLength,
+ hh3cAclIPAclBasicSrcAny
+ TruthValue,
+ hh3cAclIPAclBasicSrcWild
+ IpAddress,
+ hh3cAclIPAclBasicTimeRangeName
+ OCTET STRING,
+ hh3cAclIPAclBasicFragmentFlag
+ FragmentFlag,
+ hh3cAclIPAclBasicLog
+ TruthValue,
+ hh3cAclIPAclBasicCount
+ Unsigned32,
+ hh3cAclIPAclBasicCountClear
+ CounterClear,
+ hh3cAclIPAclBasicEnable
+ TruthValue,
+ hh3cAclIPAclBasicVpnInstanceName
+ OCTET STRING,
+ hh3cAclIPAclBasicComment
+ OCTET STRING,
+ hh3cAclIPAclBasicCounting
+ TruthValue,
+ hh3cAclIPAclBasicRouteTypeAny
+ TruthValue,
+ hh3cAclIPAclBasicRouteTypeValue
+ Integer32
+ }
+
+ hh3cAclIPAclBasicRuleIndex OBJECT-TYPE
+ SYNTAX Integer32 (0..65534)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The rule index of basic acl group."
+ ::= { hh3cAclIPAclBasicEntry 1 }
+
+ hh3cAclIPAclBasicRowStatus OBJECT-TYPE
+ SYNTAX RowStatus
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "RowStatus."
+ ::= { hh3cAclIPAclBasicEntry 2 }
+
+ hh3cAclIPAclBasicAct OBJECT-TYPE
+ SYNTAX RuleAction
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The action of basic acl rule."
+ ::= { hh3cAclIPAclBasicEntry 3 }
+
+ hh3cAclIPAclBasicSrcAddrType OBJECT-TYPE
+ SYNTAX InetAddressType
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The IP addresses type of IP pool."
+ ::= { hh3cAclIPAclBasicEntry 4 }
+
+ hh3cAclIPAclBasicSrcAddr OBJECT-TYPE
+ SYNTAX InetAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The value of a local IP address is available for this association.
+
+ The type of this address is determined by the value of
+ hh3cAclIPAclBasicSrcAddrType.
+ "
+ ::= { hh3cAclIPAclBasicEntry 5 }
+
+ hh3cAclIPAclBasicSrcPrefix OBJECT-TYPE
+ SYNTAX InetAddressPrefixLength
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Denotes the length of a generic Internet network address prefix.
+ A value of n corresponds to an IP address mask
+ that has n contiguous 1-bits from the most significant bit (MSB)
+ and all other bits set to 0.
+ "
+ ::= { hh3cAclIPAclBasicEntry 6 }
+
+ hh3cAclIPAclBasicSrcAny OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The flag of matching any IP address."
+ DEFVAL { true }
+ ::= { hh3cAclIPAclBasicEntry 7 }
+
+ hh3cAclIPAclBasicSrcWild OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Source IPv4 address wildcard mask.
+ Only IPv4 Basic Rule supports this object.
+ Default value is '0.0.0.0'.
+ "
+ ::= { hh3cAclIPAclBasicEntry 8 }
+
+ hh3cAclIPAclBasicTimeRangeName OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The Time-range of basic acl rule.
+ Default value is zero-length.
+ "
+ ::= { hh3cAclIPAclBasicEntry 9 }
+
+ hh3cAclIPAclBasicFragmentFlag OBJECT-TYPE
+ SYNTAX FragmentFlag
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The flag of matching fragmented packets."
+ DEFVAL { invalid }
+ ::= { hh3cAclIPAclBasicEntry 10 }
+
+ hh3cAclIPAclBasicLog OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The packet will be logged when it matches the rule."
+ DEFVAL { false }
+ ::= { hh3cAclIPAclBasicEntry 11 }
+
+ hh3cAclIPAclBasicCount OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The count of matches by the rule."
+ ::= { hh3cAclIPAclBasicEntry 12 }
+
+ hh3cAclIPAclBasicCountClear OBJECT-TYPE
+ SYNTAX CounterClear
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "Reset the value of counter."
+ DEFVAL { nouse }
+ ::= { hh3cAclIPAclBasicEntry 13 }
+
+ hh3cAclIPAclBasicEnable OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The rule is active or not.
+ true : active
+ false : inactive
+ "
+ DEFVAL { false }
+ ::= { hh3cAclIPAclBasicEntry 14 }
+
+ hh3cAclIPAclBasicVpnInstanceName OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The VPN name, to which the rule will be applied.
+ Default value is zero-length.
+ "
+ ::= { hh3cAclIPAclBasicEntry 15 }
+
+ hh3cAclIPAclBasicComment OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..127))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The description of ACL rule.
+ Default value is Zero-length String.
+ "
+ ::= { hh3cAclIPAclBasicEntry 16 }
+
+ hh3cAclIPAclBasicCounting OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The packet will be counted when it matches the rule.
+ It is disabled by default.
+ "
+ DEFVAL { false }
+ ::= { hh3cAclIPAclBasicEntry 17 }
+
+ hh3cAclIPAclBasicRouteTypeAny OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The flag of matching any type of routing header of IPv6 packet.
+ "
+ DEFVAL { false }
+ ::= { hh3cAclIPAclBasicEntry 18 }
+
+ hh3cAclIPAclBasicRouteTypeValue OBJECT-TYPE
+ SYNTAX Integer32 (0..255|65535)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Match specific type of routing header of IPv6 packet."
+ DEFVAL { 65535 }
+ ::= { hh3cAclIPAclBasicEntry 19 }
+
+--
+-- Notes of hh3cAclIPAclAdvancedTable
+--
+ hh3cAclIPAclAdvancedTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cAclIPAclAdvancedEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "A table of advanced and simple acl group.
+ If some objects of this table are not supported by some products,
+ these objects can't be created, changed and applied.
+ Default value of these objects will be returned when they are read.
+ "
+ ::= { hh3cAclIPAclGroup 3 }
+
+ hh3cAclIPAclAdvancedEntry OBJECT-TYPE
+ SYNTAX Hh3cAclIPAclAdvancedEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Advanced acl group information."
+ INDEX { hh3cAclNumberGroupType,
+ hh3cAclNumberGroupIndex,
+ hh3cAclIPAclAdvancedRuleIndex
+ }
+ ::= { hh3cAclIPAclAdvancedTable 1 }
+
+ Hh3cAclIPAclAdvancedEntry ::=
+ SEQUENCE
+ {
+ hh3cAclIPAclAdvancedRuleIndex
+ Integer32,
+ hh3cAclIPAclAdvancedRowStatus
+ RowStatus,
+ hh3cAclIPAclAdvancedAct
+ RuleAction,
+ hh3cAclIPAclAdvancedProtocol
+ Integer32,
+ hh3cAclIPAclAdvancedAddrFlag
+ AddressFlag,
+ hh3cAclIPAclAdvancedSrcAddrType
+ InetAddressType,
+ hh3cAclIPAclAdvancedSrcAddr
+ InetAddress,
+ hh3cAclIPAclAdvancedSrcPrefix
+ InetAddressPrefixLength,
+ hh3cAclIPAclAdvancedSrcAny
+ TruthValue,
+ hh3cAclIPAclAdvancedSrcWild
+ IpAddress,
+ hh3cAclIPAclAdvancedSrcOp
+ PortOp,
+ hh3cAclIPAclAdvancedSrcPort1
+ Integer32,
+ hh3cAclIPAclAdvancedSrcPort2
+ Integer32,
+ hh3cAclIPAclAdvancedDestAddrType
+ InetAddressType,
+ hh3cAclIPAclAdvancedDestAddr
+ InetAddress,
+ hh3cAclIPAclAdvancedDestPrefix
+ InetAddressPrefixLength,
+ hh3cAclIPAclAdvancedDestAny
+ TruthValue,
+ hh3cAclIPAclAdvancedDestWild
+ IpAddress,
+ hh3cAclIPAclAdvancedDestOp
+ PortOp,
+ hh3cAclIPAclAdvancedDestPort1
+ Integer32,
+ hh3cAclIPAclAdvancedDestPort2
+ Integer32,
+ hh3cAclIPAclAdvancedIcmpType
+ Integer32,
+ hh3cAclIPAclAdvancedIcmpCode
+ Integer32,
+ hh3cAclIPAclAdvancedPrecedence
+ Integer32,
+ hh3cAclIPAclAdvancedTos
+ Integer32,
+ hh3cAclIPAclAdvancedDscp
+ DSCPValue,
+ hh3cAclIPAclAdvancedTimeRangeName
+ OCTET STRING,
+ hh3cAclIPAclAdvancedTCPFlag
+ TCPFlag,
+ hh3cAclIPAclAdvancedFragmentFlag
+ FragmentFlag,
+ hh3cAclIPAclAdvancedLog
+ TruthValue,
+ hh3cAclIPAclAdvancedCount
+ Unsigned32,
+ hh3cAclIPAclAdvancedCountClear
+ CounterClear,
+ hh3cAclIPAclAdvancedEnable
+ TruthValue,
+ hh3cAclIPAclAdvancedVpnInstanceName
+ OCTET STRING,
+ hh3cAclIPAclAdvancedComment
+ OCTET STRING,
+ hh3cAclIPAclAdvancedReflective
+ TruthValue,
+ hh3cAclIPAclAdvancedCounting
+ TruthValue,
+ hh3cAclIPAclAdvancedTCPFlagMask
+ BITS,
+ hh3cAclIPAclAdvancedTCPFlagValue
+ BITS,
+ hh3cAclIPAclAdvancedRouteTypeAny
+ TruthValue,
+ hh3cAclIPAclAdvancedRouteTypeValue
+ Integer32,
+ hh3cAclIPAclAdvancedFlowLabel
+ Unsigned32,
+ hh3cAclIPAclAdvancedSrcSuffix
+ Unsigned32,
+ hh3cAclIPAclAdvancedDestSuffix
+ Unsigned32
+ }
+
+ hh3cAclIPAclAdvancedRuleIndex OBJECT-TYPE
+ SYNTAX Integer32 (0..65534)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The rule index of advanced acl group.
+ As a Simple ACL group, the value of this object must be 0.
+ As an Advanced ACL group, the value of this object is ranging
+ from 0 to 65534.
+ "
+ ::= { hh3cAclIPAclAdvancedEntry 1 }
+
+ hh3cAclIPAclAdvancedRowStatus OBJECT-TYPE
+ SYNTAX RowStatus
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "RowStatus."
+ ::= { hh3cAclIPAclAdvancedEntry 2 }
+
+ hh3cAclIPAclAdvancedAct OBJECT-TYPE
+ SYNTAX RuleAction
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The action of advanced acl rule."
+ ::= { hh3cAclIPAclAdvancedEntry 3 }
+
+ hh3cAclIPAclAdvancedProtocol OBJECT-TYPE
+ SYNTAX Integer32 (0..255)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The protocol-type of advanced acl group. 0 indicates any IPv4 or
+ IPv6 protocol.
+ <1-255> Protocol number
+ gre GRE tunneling(47)
+ icmp Internet Control Message Protocol(1)
+ icmpv6 Internet Control Message Protocol6(58)
+ igmp Internet Group Management Protocol(2)
+ ipinip IP in IP tunneling(4)
+ ospf OSPF routing protocol(89)
+ tcp Transmission Control Protocol (6)
+ udp User Datagram Protocol (17)
+ ipv6-ah IPv6 Authentication Header(51)
+ ipv6-esp IPv6 Encapsulating Security Payload(50)
+ "
+ ::= { hh3cAclIPAclAdvancedEntry 4 }
+
+ hh3cAclIPAclAdvancedAddrFlag OBJECT-TYPE
+ SYNTAX AddressFlag
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Address flag to select address."
+ DEFVAL { invalid }
+ ::= { hh3cAclIPAclAdvancedEntry 5 }
+
+ hh3cAclIPAclAdvancedSrcAddrType OBJECT-TYPE
+ SYNTAX InetAddressType
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The IP addresses type of IP pool."
+ ::= { hh3cAclIPAclAdvancedEntry 6 }
+
+ hh3cAclIPAclAdvancedSrcAddr OBJECT-TYPE
+ SYNTAX InetAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The value of a local IP address available for this association.
+
+ The type of this address is determined by the value of
+ hh3cAclIPAclAdvancedSrcAddrType.
+ "
+ ::= { hh3cAclIPAclAdvancedEntry 7 }
+
+ hh3cAclIPAclAdvancedSrcPrefix OBJECT-TYPE
+ SYNTAX InetAddressPrefixLength
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Denotes the length of a generic Internet network address prefix.
+ A value of n corresponds to an IP address mask
+ which has n contiguous 1-bits from the most significant bit (MSB)
+ and all other bits set to 0.
+ "
+ ::= { hh3cAclIPAclAdvancedEntry 8 }
+
+ hh3cAclIPAclAdvancedSrcAny OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The flag of matching any IP address."
+ DEFVAL { true }
+ ::= { hh3cAclIPAclAdvancedEntry 9 }
+
+ hh3cAclIPAclAdvancedSrcWild OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Source IPv4 address wildcard mask.
+ Only IPv4 Advanced Rule supports this object.
+ Default value is '0.0.0.0'.
+ "
+ ::= { hh3cAclIPAclAdvancedEntry 10 }
+
+ hh3cAclIPAclAdvancedSrcOp OBJECT-TYPE
+ SYNTAX PortOp
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Source port operation symbol of advanced acl group."
+ DEFVAL { invalid }
+ ::= { hh3cAclIPAclAdvancedEntry 11 }
+
+ hh3cAclIPAclAdvancedSrcPort1 OBJECT-TYPE
+ SYNTAX Integer32 (0..65535)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The fourth layer source port1."
+ DEFVAL { 0 }
+ ::= { hh3cAclIPAclAdvancedEntry 12 }
+
+ hh3cAclIPAclAdvancedSrcPort2 OBJECT-TYPE
+ SYNTAX Integer32 (0..65535)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The fourth layer source port2."
+ DEFVAL { 65535 }
+ ::= { hh3cAclIPAclAdvancedEntry 13 }
+
+ hh3cAclIPAclAdvancedDestAddrType OBJECT-TYPE
+ SYNTAX InetAddressType
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The IP addresses type of IP pool."
+ ::= { hh3cAclIPAclAdvancedEntry 14 }
+
+ hh3cAclIPAclAdvancedDestAddr OBJECT-TYPE
+ SYNTAX InetAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The value of a local IP address available for this association.
+
+ The type of this address is determined by the value of
+ hh3cAclIPAclAdvancedDestAddrType.
+ "
+ ::= { hh3cAclIPAclAdvancedEntry 15 }
+
+ hh3cAclIPAclAdvancedDestPrefix OBJECT-TYPE
+ SYNTAX InetAddressPrefixLength
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Denotes the length of a generic Internet network address prefix.
+ A value of n corresponds to an IP address mask
+ which has n contiguous 1-bits from the most significant bit (MSB)
+ and all other bits set to 0.
+ "
+ ::= { hh3cAclIPAclAdvancedEntry 16 }
+
+ hh3cAclIPAclAdvancedDestAny OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The flag of matching any IP address."
+ DEFVAL { true }
+ ::= { hh3cAclIPAclAdvancedEntry 17 }
+
+ hh3cAclIPAclAdvancedDestWild OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Destination IPv4 address wildcard mask.
+ Only IPv4 Advanced Rule supports this object.
+ Default value is '0.0.0.0'.
+ "
+ ::= { hh3cAclIPAclAdvancedEntry 18 }
+
+ hh3cAclIPAclAdvancedDestOp OBJECT-TYPE
+ SYNTAX PortOp
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Destination port operation symbol of advanced acl group."
+ DEFVAL { invalid }
+ ::= { hh3cAclIPAclAdvancedEntry 19 }
+
+ hh3cAclIPAclAdvancedDestPort1 OBJECT-TYPE
+ SYNTAX Integer32 (0..65535)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The fourth layer destination port1."
+ DEFVAL { 0 }
+ ::= { hh3cAclIPAclAdvancedEntry 20 }
+
+ hh3cAclIPAclAdvancedDestPort2 OBJECT-TYPE
+ SYNTAX Integer32 (0..65535)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The fourth layer destination port2."
+ DEFVAL { 65535 }
+ ::= { hh3cAclIPAclAdvancedEntry 21 }
+
+ hh3cAclIPAclAdvancedIcmpType OBJECT-TYPE
+ SYNTAX Integer32 (0..255|65535)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The type of ICMP packet."
+ DEFVAL { 65535 }
+ ::= { hh3cAclIPAclAdvancedEntry 22 }
+
+ hh3cAclIPAclAdvancedIcmpCode OBJECT-TYPE
+ SYNTAX Integer32 (0..255|65535)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The code of ICMP packet."
+ DEFVAL { 65535 }
+ ::= { hh3cAclIPAclAdvancedEntry 23 }
+
+ hh3cAclIPAclAdvancedPrecedence OBJECT-TYPE
+ SYNTAX Integer32 (0..7|255)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The value of IP-packet's precedence.
+ <0-7> Value of precedence
+ routine Specify routine precedence(0)
+ priority Specify priority precedence(1)
+ immediate Specify immediate precedence(2)
+ flash Specify flash precedence(3)
+ flash-override Specify flash-override precedence(4)
+ critical Specify critical precedence(5)
+ internet Specify internetwork control precedence(6)
+ network Specify network control precedence(7)
+ "
+ DEFVAL { 255 }
+ ::= { hh3cAclIPAclAdvancedEntry 24 }
+
+ hh3cAclIPAclAdvancedTos OBJECT-TYPE
+ SYNTAX Integer32 (0..15|255)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The value of IP-packet's TOS.
+ <0-15> Value of TOS(type of service)
+ max-reliability Match packets with max reliable TOS(2)
+ max-throughput Match packets with max throughput TOS(4)
+ min-delay Match packets with min delay TOS(8)
+ min-monetary-cost Match packets with min monetary cost TOS(1)
+ normal Match packets with normal TOS(0)
+ "
+ DEFVAL { 255 }
+ ::= { hh3cAclIPAclAdvancedEntry 25 }
+
+ hh3cAclIPAclAdvancedDscp OBJECT-TYPE
+ SYNTAX DSCPValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The value of DSCP of IP packet."
+ DEFVAL { 255 }
+ ::= { hh3cAclIPAclAdvancedEntry 26 }
+
+ hh3cAclIPAclAdvancedTimeRangeName OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The Time-range of advanced acl rule.
+ Default value is zero-length.
+ "
+ ::= { hh3cAclIPAclAdvancedEntry 27 }
+
+ hh3cAclIPAclAdvancedTCPFlag OBJECT-TYPE
+ SYNTAX TCPFlag
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The packet type of TCP protocol."
+ DEFVAL { invalid }
+ ::= { hh3cAclIPAclAdvancedEntry 28 }
+
+ hh3cAclIPAclAdvancedFragmentFlag OBJECT-TYPE
+ SYNTAX FragmentFlag
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The flag of matching fragmented packet,
+ and now support two value: 0 or 2."
+ DEFVAL { invalid }
+ ::= { hh3cAclIPAclAdvancedEntry 29 }
+
+ hh3cAclIPAclAdvancedLog OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Log matched packets."
+ DEFVAL { false }
+ ::= { hh3cAclIPAclAdvancedEntry 30 }
+
+ hh3cAclIPAclAdvancedCount OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The count of matched by the rule."
+ ::= { hh3cAclIPAclAdvancedEntry 31 }
+
+ hh3cAclIPAclAdvancedCountClear OBJECT-TYPE
+ SYNTAX CounterClear
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "Reset the value of counter."
+ DEFVAL { nouse }
+ ::= { hh3cAclIPAclAdvancedEntry 32 }
+
+ hh3cAclIPAclAdvancedEnable OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The rule is active or not.
+ true : active
+ false : inactive
+ "
+ DEFVAL { false }
+ ::= { hh3cAclIPAclAdvancedEntry 33 }
+
+ hh3cAclIPAclAdvancedVpnInstanceName OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The VPN name that the rule will be applied.
+ Default value is zero-length.
+ "
+ ::= { hh3cAclIPAclAdvancedEntry 34 }
+
+ hh3cAclIPAclAdvancedComment OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..127))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The description of ACL rule.
+ Default value is Zero-length String.
+ "
+ ::= { hh3cAclIPAclAdvancedEntry 35 }
+
+ hh3cAclIPAclAdvancedReflective OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The flag of reflective."
+ ::= { hh3cAclIPAclAdvancedEntry 36 }
+
+ hh3cAclIPAclAdvancedCounting OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The packet will be counted when it matches the rule.
+ It is disabled by default.
+ "
+ DEFVAL { false }
+ ::= { hh3cAclIPAclAdvancedEntry 37 }
+
+ hh3cAclIPAclAdvancedTCPFlagMask OBJECT-TYPE
+ SYNTAX BITS {
+ tcpack(0),
+ tcpfin(1),
+ tcppsh(2),
+ tcprst(3),
+ tcpsyn(4),
+ tcpurg(5)
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The TCP Flag Mask. This is a bit-map of possible conditions.
+ The various bit positions are:
+ |0 |tcpack |
+ |1 |tcpfin |
+ |2 |tcppsh |
+ |3 |tcprst |
+ |4 |tcpsyn |
+ |5 |tcpurg |
+ "
+ DEFVAL { { } }
+ ::= { hh3cAclIPAclAdvancedEntry 38 }
+
+ hh3cAclIPAclAdvancedTCPFlagValue OBJECT-TYPE
+ SYNTAX BITS {
+ tcpack(0),
+ tcpfin(1),
+ tcppsh(2),
+ tcprst(3),
+ tcpsyn(4),
+ tcpurg(5)
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The TCP Flag Value. This is a bit-map of possible conditions.
+ The various bit positions are:
+ |0 |tcpack |
+ |1 |tcpfin |
+ |2 |tcppsh |
+ |3 |tcprst |
+ |4 |tcpsyn |
+ |5 |tcpurg |
+ "
+ DEFVAL { { } }
+ ::= { hh3cAclIPAclAdvancedEntry 39 }
+
+ hh3cAclIPAclAdvancedRouteTypeAny OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The flag of matching any type of routing header of IPv6 packet.
+ "
+ DEFVAL { false }
+ ::= { hh3cAclIPAclAdvancedEntry 40 }
+
+ hh3cAclIPAclAdvancedRouteTypeValue OBJECT-TYPE
+ SYNTAX Integer32 (0..255|65535)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The type of routing header of IPv6 packet."
+ DEFVAL { 65535 }
+ ::= { hh3cAclIPAclAdvancedEntry 41 }
+
+ hh3cAclIPAclAdvancedFlowLabel OBJECT-TYPE
+ SYNTAX Unsigned32 (0..1048575|4294967295)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The value of flow label of IPv6 packet header."
+ DEFVAL { 4294967295 }
+ ::= { hh3cAclIPAclAdvancedEntry 42 }
+
+ hh3cAclIPAclAdvancedSrcSuffix OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Denotes the length of a generic Internet network address suffix.
+ A value of n corresponds to an IP address mask
+ that has n contiguous 1-bits from the least significant bit
+ and all other bits set to 0.
+ "
+ ::= { hh3cAclIPAclAdvancedEntry 43 }
+
+ hh3cAclIPAclAdvancedDestSuffix OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Denotes the length of a generic Internet network address suffix.
+ A value of n corresponds to an IP address mask
+ that has n contiguous 1-bits from the least significant bit
+ and all other bits set to 0.
+ "
+ ::= { hh3cAclIPAclAdvancedEntry 44 }
+
+--
+--Nodes of hh3cAclIPAclNamedBscTable
+--
+
+ hh3cAclIPAclNamedBscTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cAclIPAclNamedBscEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "A table of basic rule of named ACL.
+ The name of ACL group will be used as an index in this table,
+ which differs from the table hh3cAclIPAclBasicTable.
+ If some objects of this table are not supported by some
+ products, these objects can't be created, changed or applied.
+ Default value of these objects will be returned when they are
+ read.
+ "
+ ::= { hh3cAclIPAclGroup 4 }
+
+ hh3cAclIPAclNamedBscEntry OBJECT-TYPE
+ SYNTAX Hh3cAclIPAclNamedBscEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Basic named ACL rule entry."
+ INDEX
+ {
+ hh3cAclNumberGroupType,
+ hh3cAclNamedGroupName,
+ hh3cAclIPAclBasicRuleIndex
+ }
+ ::= { hh3cAclIPAclNamedBscTable 1 }
+
+ Hh3cAclIPAclNamedBscEntry ::=
+ SEQUENCE
+ {
+ hh3cAclIPAclNamedBscRowStatus
+ RowStatus,
+ hh3cAclIPAclNamedBscAct
+ RuleAction,
+ hh3cAclIPAclNamedBscSrcAddrType
+ InetAddressType,
+ hh3cAclIPAclNamedBscSrcAddr
+ InetAddress,
+ hh3cAclIPAclNamedBscSrcPrefix
+ InetAddressPrefixLength,
+ hh3cAclIPAclNamedBscSrcAny
+ TruthValue,
+ hh3cAclIPAclNamedBscSrcWild
+ IpAddress,
+ hh3cAclIPAclNamedBscTRangeName
+ OCTET STRING,
+ hh3cAclIPAclNamedBscFragmentFlag
+ FragmentFlag,
+ hh3cAclIPAclNamedBscLog
+ TruthValue,
+ hh3cAclIPAclNamedBscCount
+ Unsigned32,
+ hh3cAclIPAclNamedBscCountClear
+ CounterClear,
+ hh3cAclIPAclNamedBscEnable
+ TruthValue,
+ hh3cAclIPAclNamedBscVpnInstName
+ OCTET STRING,
+ hh3cAclIPAclNamedBscComment
+ OCTET STRING,
+ hh3cAclIPAclNamedBscCounting
+ TruthValue,
+ hh3cAclIPAclNamedBscRouteTypeAny
+ TruthValue,
+ hh3cAclIPAclNamedBscRouteTypeValue
+ Integer32
+ }
+
+ hh3cAclIPAclNamedBscRowStatus OBJECT-TYPE
+ SYNTAX RowStatus
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "RowStatus."
+ ::= { hh3cAclIPAclNamedBscEntry 1 }
+
+ hh3cAclIPAclNamedBscAct OBJECT-TYPE
+ SYNTAX RuleAction
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The action of basic ACL rule."
+ ::= { hh3cAclIPAclNamedBscEntry 2 }
+
+ hh3cAclIPAclNamedBscSrcAddrType OBJECT-TYPE
+ SYNTAX InetAddressType
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The IP addresses type of IP pool."
+ ::= { hh3cAclIPAclNamedBscEntry 3 }
+
+ hh3cAclIPAclNamedBscSrcAddr OBJECT-TYPE
+ SYNTAX InetAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The specified source IP address.
+ The type of this address is determined by the value of
+ hh3cAclIPAclNamedBscSrcAddrType.
+ "
+ ::= { hh3cAclIPAclNamedBscEntry 4 }
+
+ hh3cAclIPAclNamedBscSrcPrefix OBJECT-TYPE
+ SYNTAX InetAddressPrefixLength
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Specify the length of a generic Internet network address
+ prefix. A value of n corresponds to an IP address mask that
+ has n contiguous 1-bits from the most significant bit (MSB)
+ and all other bits set to 0.
+ "
+ ::= { hh3cAclIPAclNamedBscEntry 5 }
+
+ hh3cAclIPAclNamedBscSrcAny OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The flag of matching any source IP address."
+ DEFVAL { true }
+ ::= { hh3cAclIPAclNamedBscEntry 6 }
+
+ hh3cAclIPAclNamedBscSrcWild OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Source IPv4 address wildcard mask.
+ Only IPv4 Basic Rule supports this object.
+ Default value is '0.0.0.0'.
+ "
+ ::= { hh3cAclIPAclNamedBscEntry 7 }
+
+ hh3cAclIPAclNamedBscTRangeName OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The Time-range of basic acl rule.
+ Default value is zero-length.
+ "
+ ::= { hh3cAclIPAclNamedBscEntry 8 }
+
+ hh3cAclIPAclNamedBscFragmentFlag OBJECT-TYPE
+ SYNTAX FragmentFlag
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The flag of matching fragmented packets."
+ DEFVAL { invalid }
+ ::= { hh3cAclIPAclNamedBscEntry 9 }
+
+ hh3cAclIPAclNamedBscLog OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The packet will be logged when it matches the rule."
+ DEFVAL { false }
+ ::= { hh3cAclIPAclNamedBscEntry 10 }
+
+ hh3cAclIPAclNamedBscCount OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The count of matches by the rule."
+ ::= { hh3cAclIPAclNamedBscEntry 11 }
+
+ hh3cAclIPAclNamedBscCountClear OBJECT-TYPE
+ SYNTAX CounterClear
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "Reset the statistics counter of the rule."
+ DEFVAL { nouse }
+ ::= { hh3cAclIPAclNamedBscEntry 12 }
+
+ hh3cAclIPAclNamedBscEnable OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The rule is active or not.
+ true : active
+ false : inactive
+ "
+ DEFVAL { false }
+ ::= { hh3cAclIPAclNamedBscEntry 13 }
+
+ hh3cAclIPAclNamedBscVpnInstName OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The VPN name, to which the rule will be applied.
+ Default value is zero-length.
+ "
+ ::= { hh3cAclIPAclNamedBscEntry 14 }
+
+ hh3cAclIPAclNamedBscComment OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..127))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The description of ACL rule.
+ Default value is Zero-length String.
+ "
+ ::= { hh3cAclIPAclNamedBscEntry 15 }
+
+ hh3cAclIPAclNamedBscCounting OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The packet will be counted when it matches the rule.
+ It is disabled by default.
+ "
+ DEFVAL { false }
+ ::= { hh3cAclIPAclNamedBscEntry 16 }
+
+ hh3cAclIPAclNamedBscRouteTypeAny OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The flag of matching any type of routing header of IPv6 packet.
+ "
+ DEFVAL { false }
+ ::= { hh3cAclIPAclNamedBscEntry 17 }
+
+ hh3cAclIPAclNamedBscRouteTypeValue OBJECT-TYPE
+ SYNTAX Integer32 (0..255|65535)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Value of the routing header type of IPv6 packet,
+ in the range of 0 to 255.
+ "
+ DEFVAL { 65535 }
+ ::= { hh3cAclIPAclNamedBscEntry 18 }
+
+--
+-- Notes of hh3cAclIPAclNamedAdvTable
+--
+ hh3cAclIPAclNamedAdvTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cAclIPAclNamedAdvEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "A table of advanced rule of named ACL.
+ The name of ACL group will be used as an index in this table,
+ which differs from the table hh3cAclIPAclAdvancedTable.
+ If some objects of this table are not supported by some
+ products, these objects can't be created, changed or applied.
+ Default value of these objects will be returned when they are
+ read.
+ "
+ ::= { hh3cAclIPAclGroup 5 }
+
+ hh3cAclIPAclNamedAdvEntry OBJECT-TYPE
+ SYNTAX Hh3cAclIPAclNamedAdvEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Advanced ACL rule information entry."
+ INDEX
+ {
+ hh3cAclNumberGroupType,
+ hh3cAclNamedGroupName,
+ hh3cAclIPAclAdvancedRuleIndex
+ }
+ ::= { hh3cAclIPAclNamedAdvTable 1 }
+
+ Hh3cAclIPAclNamedAdvEntry ::=
+ SEQUENCE
+ {
+ hh3cAclIPAclNamedAdvRowStatus
+ RowStatus,
+ hh3cAclIPAclNamedAdvAct
+ RuleAction,
+ hh3cAclIPAclNamedAdvProtocol
+ Integer32,
+ hh3cAclIPAclNamedAdvAddrFlag
+ AddressFlag,
+ hh3cAclIPAclNamedAdvSrcAddrType
+ InetAddressType,
+ hh3cAclIPAclNamedAdvSrcAddr
+ InetAddress,
+ hh3cAclIPAclNamedAdvSrcPrefix
+ InetAddressPrefixLength,
+ hh3cAclIPAclNamedAdvSrcAny
+ TruthValue,
+ hh3cAclIPAclNamedAdvSrcWild
+ IpAddress,
+ hh3cAclIPAclNamedAdvSrcOp
+ PortOp,
+ hh3cAclIPAclNamedAdvSrcPort1
+ Integer32,
+ hh3cAclIPAclNamedAdvSrcPort2
+ Integer32,
+ hh3cAclIPAclNamedAdvDstAddrType
+ InetAddressType,
+ hh3cAclIPAclNamedAdvDstAddr
+ InetAddress,
+ hh3cAclIPAclNamedAdvDstPrefix
+ InetAddressPrefixLength,
+ hh3cAclIPAclNamedAdvDstAny
+ TruthValue,
+ hh3cAclIPAclNamedAdvDstWild
+ IpAddress,
+ hh3cAclIPAclNamedAdvDstOp
+ PortOp,
+ hh3cAclIPAclNamedAdvDstPort1
+ Integer32,
+ hh3cAclIPAclNamedAdvDstPort2
+ Integer32,
+ hh3cAclIPAclNamedAdvIcmpType
+ Integer32,
+ hh3cAclIPAclNamedAdvIcmpCode
+ Integer32,
+ hh3cAclIPAclNamedAdvPrecedence
+ Integer32,
+ hh3cAclIPAclNamedAdvTos
+ Integer32,
+ hh3cAclIPAclNamedAdvDscp
+ DSCPValue,
+ hh3cAclIPAclNamedAdvTRangeName
+ OCTET STRING,
+ hh3cAclIPAclNamedAdvTCPFlag
+ TCPFlag,
+ hh3cAclIPAclNamedAdvFragmentFlag
+ FragmentFlag,
+ hh3cAclIPAclNamedAdvLog
+ TruthValue,
+ hh3cAclIPAclNamedAdvCount
+ Unsigned32,
+ hh3cAclIPAclNamedAdvCountClear
+ CounterClear,
+ hh3cAclIPAclNamedAdvEnable
+ TruthValue,
+ hh3cAclIPAclNamedAdvVpnInstName
+ OCTET STRING,
+ hh3cAclIPAclNamedAdvComment
+ OCTET STRING,
+ hh3cAclIPAclNamedAdvReflective
+ TruthValue,
+ hh3cAclIPAclNamedAdvCounting
+ TruthValue,
+ hh3cAclIPAclNamedAdvTCPFlagMask
+ BITS,
+ hh3cAclIPAclNamedAdvTCPFlagValue
+ BITS,
+ hh3cAclIPAclNamedAdvRouteTypeAny
+ TruthValue,
+ hh3cAclIPAclNamedAdvRouteTypeValue
+ Integer32,
+ hh3cAclIPAclNamedAdvFlowLabel
+ Unsigned32,
+ hh3cAclIPAclNamedAdvSrcSuffix
+ Unsigned32,
+ hh3cAclIPAclNamedAdvDstSuffix
+ Unsigned32
+ }
+
+ hh3cAclIPAclNamedAdvRowStatus OBJECT-TYPE
+ SYNTAX RowStatus
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "RowStatus."
+ ::= { hh3cAclIPAclNamedAdvEntry 1 }
+
+ hh3cAclIPAclNamedAdvAct OBJECT-TYPE
+ SYNTAX RuleAction
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The action of advanced ACL rule."
+ ::= { hh3cAclIPAclNamedAdvEntry 2 }
+
+ hh3cAclIPAclNamedAdvProtocol OBJECT-TYPE
+ SYNTAX Integer32 (0..255)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The protocol-type of advanced ACL rule. 0 indicates any IPv4 or
+ IPv6 protocol.
+ <1-255> Protocol number
+ gre GRE tunneling(47)
+ icmp Internet Control Message Protocol(1)
+ icmpv6 Internet Control Message Protocol6(58)
+ igmp Internet Group Management Protocol(2)
+ ipinip IP in IP tunneling(4)
+ ospf OSPF routing protocol(89)
+ tcp Transmission Control Protocol (6)
+ udp User Datagram Protocol (17)
+ ipv6-ah IPv6 Authentication Header(51)
+ ipv6-esp IPv6 Encapsulating Security Payload(50)
+ "
+ ::= { hh3cAclIPAclNamedAdvEntry 3 }
+
+ hh3cAclIPAclNamedAdvAddrFlag OBJECT-TYPE
+ SYNTAX AddressFlag
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Address flag to select address."
+ DEFVAL { invalid }
+ ::= { hh3cAclIPAclNamedAdvEntry 4 }
+
+ hh3cAclIPAclNamedAdvSrcAddrType OBJECT-TYPE
+ SYNTAX InetAddressType
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The type of source IP address.
+ "
+ ::= { hh3cAclIPAclNamedAdvEntry 5 }
+
+ hh3cAclIPAclNamedAdvSrcAddr OBJECT-TYPE
+ SYNTAX InetAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The specified source IP address.
+ The type of this address is determined by the value of
+ hh3cAclIPAclNamedAdvSrcAddrType.
+ "
+ ::= { hh3cAclIPAclNamedAdvEntry 6 }
+
+ hh3cAclIPAclNamedAdvSrcPrefix OBJECT-TYPE
+ SYNTAX InetAddressPrefixLength
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Specify the length of a generic Internet network address
+ prefix. A value of n corresponds to an IP address mask that
+ has n contiguous 1-bits from the most significant bit (MSB)
+ and all other bits set to 0.
+ "
+ ::= { hh3cAclIPAclNamedAdvEntry 7 }
+
+ hh3cAclIPAclNamedAdvSrcAny OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The flag of matching any IP address."
+ DEFVAL { true }
+ ::= { hh3cAclIPAclNamedAdvEntry 8 }
+
+ hh3cAclIPAclNamedAdvSrcWild OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Source IPv4 address wildcard mask.
+ Only IPv4 Advanced Rule supports this object.
+ Default value is '0.0.0.0'.
+ "
+ ::= { hh3cAclIPAclNamedAdvEntry 9 }
+
+ hh3cAclIPAclNamedAdvSrcOp OBJECT-TYPE
+ SYNTAX PortOp
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Source port operation symbol of advanced acl group."
+ DEFVAL { invalid }
+ ::= { hh3cAclIPAclNamedAdvEntry 10 }
+
+ hh3cAclIPAclNamedAdvSrcPort1 OBJECT-TYPE
+ SYNTAX Integer32 (0..65535)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The fourth layer source port1."
+ DEFVAL { 0 }
+ ::= { hh3cAclIPAclNamedAdvEntry 11 }
+
+ hh3cAclIPAclNamedAdvSrcPort2 OBJECT-TYPE
+ SYNTAX Integer32 (0..65535)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The fourth layer source port2."
+ DEFVAL { 65535 }
+ ::= { hh3cAclIPAclNamedAdvEntry 12 }
+
+ hh3cAclIPAclNamedAdvDstAddrType OBJECT-TYPE
+ SYNTAX InetAddressType
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The type of destination IP address.
+ "
+ ::= { hh3cAclIPAclNamedAdvEntry 13 }
+
+ hh3cAclIPAclNamedAdvDstAddr OBJECT-TYPE
+ SYNTAX InetAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The specified destination IP address.
+ The type of this address is determined by the value of
+ hh3cAclIPAclNamedAdvDstAddrType.
+ "
+ ::= { hh3cAclIPAclNamedAdvEntry 14 }
+
+ hh3cAclIPAclNamedAdvDstPrefix OBJECT-TYPE
+ SYNTAX InetAddressPrefixLength
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Specify the length of a generic Internet network address
+ prefix. A value of n corresponds to an IP address mask that
+ has n contiguous 1-bits from the most significant bit (MSB)
+ and all other bits set to 0.
+ "
+ ::= { hh3cAclIPAclNamedAdvEntry 15 }
+
+ hh3cAclIPAclNamedAdvDstAny OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The flag of matching any IP address."
+ DEFVAL { true }
+ ::= { hh3cAclIPAclNamedAdvEntry 16 }
+
+ hh3cAclIPAclNamedAdvDstWild OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Destination IPv4 address wildcard mask.
+ Only IPv4 Advanced Rule supports this object.
+ Default value is '0.0.0.0'.
+ "
+ ::= { hh3cAclIPAclNamedAdvEntry 17 }
+
+ hh3cAclIPAclNamedAdvDstOp OBJECT-TYPE
+ SYNTAX PortOp
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Destination port operation symbol of advanced acl group."
+ DEFVAL { invalid }
+ ::= { hh3cAclIPAclNamedAdvEntry 18 }
+
+ hh3cAclIPAclNamedAdvDstPort1 OBJECT-TYPE
+ SYNTAX Integer32 (0..65535)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The fourth layer destination port1."
+ DEFVAL { 0 }
+ ::= { hh3cAclIPAclNamedAdvEntry 19 }
+
+ hh3cAclIPAclNamedAdvDstPort2 OBJECT-TYPE
+ SYNTAX Integer32 (0..65535)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The fourth layer destination port2."
+ DEFVAL { 65535 }
+ ::= { hh3cAclIPAclNamedAdvEntry 20 }
+
+ hh3cAclIPAclNamedAdvIcmpType OBJECT-TYPE
+ SYNTAX Integer32 (0..255|65535)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The type of ICMP packet."
+ DEFVAL { 65535 }
+ ::= { hh3cAclIPAclNamedAdvEntry 21 }
+
+ hh3cAclIPAclNamedAdvIcmpCode OBJECT-TYPE
+ SYNTAX Integer32 (0..255|65535)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The code of ICMP packet."
+ DEFVAL { 65535 }
+ ::= { hh3cAclIPAclNamedAdvEntry 22 }
+
+ hh3cAclIPAclNamedAdvPrecedence OBJECT-TYPE
+ SYNTAX Integer32 (0..7|255)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The value of IP-packet's precedence.
+ <0-7> Value of precedence
+ routine Specify routine precedence(0)
+ priority Specify priority precedence(1)
+ immediate Specify immediate precedence(2)
+ flash Specify flash precedence(3)
+ flash-override Specify flash-override precedence(4)
+ critical Specify critical precedence(5)
+ internet Specify internetwork control precedence(6)
+ network Specify network control precedence(7)
+ "
+ DEFVAL { 255 }
+ ::= { hh3cAclIPAclNamedAdvEntry 23 }
+
+ hh3cAclIPAclNamedAdvTos OBJECT-TYPE
+ SYNTAX Integer32 (0..15|255)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The value of IP-packet's TOS.
+ <0-15> Value of TOS(type of service)
+ max-reliability Match packets with max reliable TOS(2)
+ max-throughput Match packets with max throughput TOS(4)
+ min-delay Match packets with min delay TOS(8)
+ min-monetary-cost Match packets with min monetary cost TOS(1)
+ normal Match packets with normal TOS(0)
+ "
+ DEFVAL { 255 }
+ ::= { hh3cAclIPAclNamedAdvEntry 24 }
+
+ hh3cAclIPAclNamedAdvDscp OBJECT-TYPE
+ SYNTAX DSCPValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The value of DSCP of IP packet."
+ DEFVAL { 255 }
+ ::= { hh3cAclIPAclNamedAdvEntry 25 }
+
+ hh3cAclIPAclNamedAdvTRangeName OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The Time-range of advanced ACL rule.
+ Default value is zero-length.
+ "
+ ::= { hh3cAclIPAclNamedAdvEntry 26 }
+
+ hh3cAclIPAclNamedAdvTCPFlag OBJECT-TYPE
+ SYNTAX TCPFlag
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The packet type of TCP protocol."
+ DEFVAL { invalid }
+ ::= { hh3cAclIPAclNamedAdvEntry 27 }
+
+ hh3cAclIPAclNamedAdvFragmentFlag OBJECT-TYPE
+ SYNTAX FragmentFlag
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The flag of matching fragmented packet,
+ and now support two value: 0 or 2.
+ "
+ DEFVAL { invalid }
+ ::= { hh3cAclIPAclNamedAdvEntry 28 }
+
+ hh3cAclIPAclNamedAdvLog OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Log matched packets."
+ DEFVAL { false }
+ ::= { hh3cAclIPAclNamedAdvEntry 29 }
+
+ hh3cAclIPAclNamedAdvCount OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The count of matches by the rule."
+ ::= { hh3cAclIPAclNamedAdvEntry 30 }
+
+ hh3cAclIPAclNamedAdvCountClear OBJECT-TYPE
+ SYNTAX CounterClear
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "Reset the statistics counter of this rule."
+ DEFVAL { nouse }
+ ::= { hh3cAclIPAclNamedAdvEntry 31 }
+
+ hh3cAclIPAclNamedAdvEnable OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The rule is active or not.
+ true : active
+ false : inactive
+ "
+ DEFVAL { false }
+ ::= { hh3cAclIPAclNamedAdvEntry 32 }
+
+ hh3cAclIPAclNamedAdvVpnInstName OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The VPN name to which the rule will be applied.
+ Default value is zero-length.
+ "
+ ::= { hh3cAclIPAclNamedAdvEntry 33 }
+
+ hh3cAclIPAclNamedAdvComment OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..127))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The description of ACL rule.
+ Default value is zero-length String.
+ "
+ ::= { hh3cAclIPAclNamedAdvEntry 34 }
+
+ hh3cAclIPAclNamedAdvReflective OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The flag of reflective."
+ ::= { hh3cAclIPAclNamedAdvEntry 35 }
+
+ hh3cAclIPAclNamedAdvCounting OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The packet will be counted when it matches the rule.
+ It is disabled by default.
+ "
+ DEFVAL { false }
+ ::= { hh3cAclIPAclNamedAdvEntry 36 }
+
+ hh3cAclIPAclNamedAdvTCPFlagMask OBJECT-TYPE
+ SYNTAX BITS {
+ tcpack(0),
+ tcpfin(1),
+ tcppsh(2),
+ tcprst(3),
+ tcpsyn(4),
+ tcpurg(5)
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The TCP Flag Mask. This is a bit-map of possible conditions.
+ The various bit positions are:
+ |0 |tcpack |
+ |1 |tcpfin |
+ |2 |tcppsh |
+ |3 |tcprst |
+ |4 |tcpsyn |
+ |5 |tcpurg |
+ "
+ ::= { hh3cAclIPAclNamedAdvEntry 37 }
+
+ hh3cAclIPAclNamedAdvTCPFlagValue OBJECT-TYPE
+ SYNTAX BITS {
+ tcpack(0),
+ tcpfin(1),
+ tcppsh(2),
+ tcprst(3),
+ tcpsyn(4),
+ tcpurg(5)
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The TCP Flag Value. This is a bit-map of possible conditions.
+ The various bit positions are:
+ |0 |tcpack |
+ |1 |tcpfin |
+ |2 |tcppsh |
+ |3 |tcprst |
+ |4 |tcpsyn |
+ |5 |tcpurg |
+ "
+ ::= { hh3cAclIPAclNamedAdvEntry 38 }
+
+ hh3cAclIPAclNamedAdvRouteTypeAny OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The flag of matching any type of routing header of IPv6 packet.
+ "
+ DEFVAL { false }
+ ::= { hh3cAclIPAclNamedAdvEntry 39 }
+
+ hh3cAclIPAclNamedAdvRouteTypeValue OBJECT-TYPE
+ SYNTAX Integer32 (0..255|65535)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The type of routing header of IPv6 packet."
+ DEFVAL { 65535 }
+ ::= { hh3cAclIPAclNamedAdvEntry 40 }
+
+ hh3cAclIPAclNamedAdvFlowLabel OBJECT-TYPE
+ SYNTAX Unsigned32 (0..1048575|4294967295)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The value of flow label of IPv6 packet header."
+ DEFVAL { 4294967295 }
+ ::= { hh3cAclIPAclNamedAdvEntry 41 }
+
+ hh3cAclIPAclNamedAdvSrcSuffix OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Denotes the length of a generic Internet network address suffix.
+ A value of n corresponds to an IP address mask
+ that has n contiguous 1-bits from the least significant bit
+ and all other bits set to 0.
+ "
+ ::= { hh3cAclIPAclNamedAdvEntry 42 }
+
+ hh3cAclIPAclNamedAdvDstSuffix OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Denotes the length of a generic Internet network address suffix.
+ A value of n corresponds to an IP address mask
+ that has n contiguous 1-bits from the least significant bit
+ and all other bits set to 0.
+ "
+ ::= { hh3cAclIPAclNamedAdvEntry 43 }
+
+--
+-- Node of hh3cAclMACAclGroup
+--
+ hh3cAclMACAclGroup OBJECT IDENTIFIER ::= { hh3cAclMib2Objects 3 }
+--
+-- Nodes of hh3cAclMACTable
+--
+ hh3cAclMACTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cAclMACEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "A table of MAC acl group.
+ If some objects of this table are not supported by some products,
+ these objects can't be created, changed or applied.
+ Default value of these objects will be returned when they are read.
+ "
+ ::= { hh3cAclMACAclGroup 1 }
+
+ hh3cAclMACEntry OBJECT-TYPE
+ SYNTAX Hh3cAclMACEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "MAC acl group information."
+ INDEX
+ {
+ hh3cAclNumberGroupType,
+ hh3cAclNumberGroupIndex,
+ hh3cAclMACRuleIndex
+ }
+ ::= { hh3cAclMACTable 1 }
+
+ Hh3cAclMACEntry ::=
+ SEQUENCE
+ {
+ hh3cAclMACRuleIndex
+ Integer32,
+ hh3cAclMACRowStatus
+ RowStatus,
+ hh3cAclMACAct
+ RuleAction,
+ hh3cAclMACTypeCode
+ OCTET STRING,
+ hh3cAclMACTypeMask
+ OCTET STRING,
+ hh3cAclMACSrcMac
+ MacAddress,
+ hh3cAclMACSrcMacWild
+ MacAddress,
+ hh3cAclMACDestMac
+ MacAddress,
+ hh3cAclMACDestMacWild
+ MacAddress,
+ hh3cAclMACLsapCode
+ OCTET STRING,
+ hh3cAclMACLsapMask
+ OCTET STRING,
+ hh3cAclMACCos
+ Integer32,
+ hh3cAclMACTimeRangeName
+ OCTET STRING,
+ hh3cAclMACCount
+ Unsigned32,
+ hh3cAclMACCountClear
+ CounterClear,
+ hh3cAclMACEnable
+ TruthValue,
+ hh3cAclMACComment
+ OCTET STRING,
+ hh3cAclMACLog
+ TruthValue,
+ hh3cAclMACCounting
+ TruthValue
+ }
+
+ hh3cAclMACRuleIndex OBJECT-TYPE
+ SYNTAX Integer32 (0..65534)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The rule index of MAC-based acl group."
+ ::= { hh3cAclMACEntry 1 }
+
+ hh3cAclMACRowStatus OBJECT-TYPE
+ SYNTAX RowStatus
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "RowStatus."
+ ::= { hh3cAclMACEntry 2 }
+
+ hh3cAclMACAct OBJECT-TYPE
+ SYNTAX RuleAction
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The action of MAC acl rule."
+ ::= { hh3cAclMACEntry 3 }
+
+ hh3cAclMACTypeCode OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The type of protocol."
+ REFERENCE
+ "rfc894, rfc1010."
+ ::= { hh3cAclMACEntry 4 }
+
+ hh3cAclMACTypeMask OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The mask of protocol."
+ ::= { hh3cAclMACEntry 5 }
+
+ hh3cAclMACSrcMac OBJECT-TYPE
+ SYNTAX MacAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Source MAC of MAC acl rule.
+ Default value is '00:00:00:00:00:00'.
+ "
+ ::= { hh3cAclMACEntry 6 }
+
+ hh3cAclMACSrcMacWild OBJECT-TYPE
+ SYNTAX MacAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Source MAC wildzard of MAC acl rule.
+ Default value is '00:00:00:00:00:00'.
+ "
+ ::= { hh3cAclMACEntry 7 }
+
+ hh3cAclMACDestMac OBJECT-TYPE
+ SYNTAX MacAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Destination MAC of MAC acl rule.
+ Default value is '00:00:00:00:00:00'.
+ "
+ ::= { hh3cAclMACEntry 8 }
+
+ hh3cAclMACDestMacWild OBJECT-TYPE
+ SYNTAX MacAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Destination MAC wildzard of MAC acl rule.
+ Default value is '00:00:00:00:00:00'
+ "
+ ::= { hh3cAclMACEntry 9 }
+
+ hh3cAclMACLsapCode OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The type of LSAP."
+ REFERENCE
+ "ANSI/IEEE Std 802.3"
+ ::= { hh3cAclMACEntry 10 }
+
+ hh3cAclMACLsapMask OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The mask of LSAP."
+ ::= { hh3cAclMACEntry 11 }
+
+ hh3cAclMACCos OBJECT-TYPE
+ SYNTAX Integer32 (0..7 | 255)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Vlan priority of MAC acl rule."
+ DEFVAL { 255 }
+ ::= { hh3cAclMACEntry 12 }
+
+ hh3cAclMACTimeRangeName OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The Time-range of MAC acl rule.
+ Default value is zero-length.
+ "
+ ::= { hh3cAclMACEntry 13 }
+
+ hh3cAclMACCount OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The count of matched frames by the rule."
+ ::= { hh3cAclMACEntry 14 }
+
+ hh3cAclMACCountClear OBJECT-TYPE
+ SYNTAX CounterClear
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "Reset the value of counter."
+ DEFVAL { nouse }
+ ::= { hh3cAclMACEntry 15 }
+
+ hh3cAclMACEnable OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The rule is active or not.
+ true : active
+ false : inactive
+ "
+ DEFVAL { false }
+ ::= { hh3cAclMACEntry 16 }
+
+ hh3cAclMACComment OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..127))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The description of ACL rule.
+ Default value is Zero-length String.
+ "
+ ::= { hh3cAclMACEntry 17 }
+
+ hh3cAclMACLog OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The packet will be logged when it matches the rule.
+ It is disabled by default.
+ "
+ DEFVAL { false }
+ ::= { hh3cAclMACEntry 18 }
+
+ hh3cAclMACCounting OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The packet will be counted when it matches the rule.
+ It is disabled by default.
+ "
+ DEFVAL { false }
+ ::= { hh3cAclMACEntry 19 }
+
+--
+-- Nodes of named MAC ACL group
+--
+ hh3cAclNamedMACTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cAclNamedMACEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "A table of named MAC ACL rule.
+ The name of ACL group will be used as an index in this table,
+ which differs from the table hh3cAclMACTable.
+ If some objects of this table are not supported by some products,
+ these objects can't be created, changed or applied.
+ Default value of these objects will be returned when they are read.
+ "
+ ::= { hh3cAclMACAclGroup 2 }
+
+ hh3cAclNamedMACEntry OBJECT-TYPE
+ SYNTAX Hh3cAclNamedMACEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "MAC acl group information."
+ INDEX
+ {
+ hh3cAclNumberGroupType,
+ hh3cAclNamedGroupName,
+ hh3cAclMACRuleIndex
+ }
+ ::= { hh3cAclNamedMACTable 1 }
+
+ Hh3cAclNamedMACEntry ::=
+ SEQUENCE
+ {
+ hh3cAclNamedMACRowStatus
+ RowStatus,
+ hh3cAclNamedMACAct
+ RuleAction,
+ hh3cAclNamedMACTypeCode
+ OCTET STRING,
+ hh3cAclNamedMACTypeMask
+ OCTET STRING,
+ hh3cAclNamedMACSrcMac
+ MacAddress,
+ hh3cAclNamedMACSrcMacWild
+ MacAddress,
+ hh3cAclNamedMACDstMac
+ MacAddress,
+ hh3cAclNamedMACDstMacWild
+ MacAddress,
+ hh3cAclNamedMACLsapCode
+ OCTET STRING,
+ hh3cAclNamedMACLsapMask
+ OCTET STRING,
+ hh3cAclNamedMACCos
+ Integer32,
+ hh3cAclNamedMACTimeRangeName
+ OCTET STRING,
+ hh3cAclNamedMACCount
+ Unsigned32,
+ hh3cAclNamedMACCountClear
+ CounterClear,
+ hh3cAclNamedMACEnable
+ TruthValue,
+ hh3cAclNamedMACComment
+ OCTET STRING,
+ hh3cAclNamedMACLog
+ TruthValue,
+ hh3cAclNamedMACCounting
+ TruthValue
+ }
+
+ hh3cAclNamedMACRowStatus OBJECT-TYPE
+ SYNTAX RowStatus
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "RowStatus."
+ ::= { hh3cAclNamedMACEntry 1 }
+
+ hh3cAclNamedMACAct OBJECT-TYPE
+ SYNTAX RuleAction
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The action of MAC ACL rule."
+ ::= { hh3cAclNamedMACEntry 2 }
+
+ hh3cAclNamedMACTypeCode OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The type of protocol."
+ REFERENCE
+ "rfc894, rfc1010."
+ ::= { hh3cAclNamedMACEntry 3 }
+
+ hh3cAclNamedMACTypeMask OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The mask of protocol."
+ ::= { hh3cAclNamedMACEntry 4 }
+
+ hh3cAclNamedMACSrcMac OBJECT-TYPE
+ SYNTAX MacAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Source MAC of MAC ACL rule.
+ Default value is '00:00:00:00:00:00'.
+ "
+ ::= { hh3cAclNamedMACEntry 5 }
+
+ hh3cAclNamedMACSrcMacWild OBJECT-TYPE
+ SYNTAX MacAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Source MAC wildcard of MAC ACL rule.
+ Default value is '00:00:00:00:00:00'.
+ "
+ ::= { hh3cAclNamedMACEntry 6 }
+
+ hh3cAclNamedMACDstMac OBJECT-TYPE
+ SYNTAX MacAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Destination MAC of MAC ACL rule.
+ Default value is '00:00:00:00:00:00'.
+ "
+ ::= { hh3cAclNamedMACEntry 7 }
+
+ hh3cAclNamedMACDstMacWild OBJECT-TYPE
+ SYNTAX MacAddress
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Destination MAC wildcard of MAC ACL rule.
+ Default value is '00:00:00:00:00:00'
+ "
+ ::= { hh3cAclNamedMACEntry 8 }
+
+ hh3cAclNamedMACLsapCode OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The type of LSAP."
+ REFERENCE
+ "ANSI/IEEE Std 802.3"
+ ::= { hh3cAclNamedMACEntry 9 }
+
+ hh3cAclNamedMACLsapMask OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The mask of LSAP."
+ ::= { hh3cAclNamedMACEntry 10 }
+
+ hh3cAclNamedMACCos OBJECT-TYPE
+ SYNTAX Integer32 (0..7 | 255)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Vlan priority of MAC ACL rule."
+ DEFVAL { 255 }
+ ::= { hh3cAclNamedMACEntry 11 }
+
+ hh3cAclNamedMACTimeRangeName OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The time-range of MAC ACL rule.
+ Default value is zero-length.
+ "
+ ::= { hh3cAclNamedMACEntry 12 }
+
+ hh3cAclNamedMACCount OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The count of matched frames by the rule."
+ ::= { hh3cAclNamedMACEntry 13 }
+
+ hh3cAclNamedMACCountClear OBJECT-TYPE
+ SYNTAX CounterClear
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "Reset the value of counter."
+ DEFVAL { nouse }
+ ::= { hh3cAclNamedMACEntry 14 }
+
+ hh3cAclNamedMACEnable OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The rule is active or not.
+ true : active
+ false : inactive
+ "
+ DEFVAL { false }
+ ::= { hh3cAclNamedMACEntry 15 }
+
+ hh3cAclNamedMACComment OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..127))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The description of ACL rule.
+ Default value is Zero-length String.
+ "
+ ::= { hh3cAclNamedMACEntry 16 }
+
+ hh3cAclNamedMACLog OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The packet will be logged when it matches the rule.
+ It is disabled by default.
+ "
+ DEFVAL { false }
+ ::= { hh3cAclNamedMACEntry 17 }
+
+ hh3cAclNamedMACCounting OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The packet will be counted when it matches the rule.
+ It is disabled by default.
+ "
+ DEFVAL { false }
+ ::= { hh3cAclNamedMACEntry 18 }
+
+--
+-- Node of hh3cAclEnUserGroup
+--
+ hh3cAclEnUserAclGroup OBJECT IDENTIFIER ::= { hh3cAclMib2Objects 4 }
+--
+-- Nodes of hh3cAclEnUserTable
+--
+ hh3cAclEnUserTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cAclEnUserEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "A table of user acl group information.
+ If some objects of this table are not supported by some products,
+ these objects can't be created, changed and applied.
+ Default value of these objects will be returned when they are read.
+ "
+ ::= { hh3cAclEnUserAclGroup 3 }
+
+ hh3cAclEnUserEntry OBJECT-TYPE
+ SYNTAX Hh3cAclEnUserEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "User defined acl group entry."
+ INDEX { hh3cAclNumberGroupType,
+ hh3cAclNumberGroupIndex,
+ hh3cAclEnUserRuleIndex }
+ ::= { hh3cAclEnUserTable 1 }
+
+ Hh3cAclEnUserEntry ::=
+ SEQUENCE
+ {
+ hh3cAclEnUserRuleIndex
+ Integer32,
+ hh3cAclEnUserRowStatus
+ RowStatus,
+ hh3cAclEnUserAct
+ RuleAction,
+ hh3cAclEnUserStartString
+ OCTET STRING,
+ hh3cAclEnUserL2String
+ OCTET STRING,
+ hh3cAclEnUserMplsString
+ OCTET STRING,
+ hh3cAclEnUserIPv4String
+ OCTET STRING,
+ hh3cAclEnUserIPv6String
+ OCTET STRING,
+ hh3cAclEnUserL4String
+ OCTET STRING,
+ hh3cAclEnUserL5String
+ OCTET STRING,
+ hh3cAclEnUserTimeRangeName
+ OCTET STRING,
+ hh3cAclEnUserCount
+ Unsigned32,
+ hh3cAclEnUserCountClear
+ CounterClear,
+ hh3cAclEnUserEnable
+ TruthValue,
+ hh3cAclEnUserComment
+ OCTET STRING,
+ hh3cAclEnUserLog
+ TruthValue,
+ hh3cAclEnUserCounting
+ TruthValue
+ }
+
+ hh3cAclEnUserRuleIndex OBJECT-TYPE
+ SYNTAX Integer32 (0..65534)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The subitem of the user acl."
+ ::= { hh3cAclEnUserEntry 1 }
+
+ hh3cAclEnUserRowStatus OBJECT-TYPE
+ SYNTAX RowStatus
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "RowStatus."
+ ::= { hh3cAclEnUserEntry 2 }
+
+ hh3cAclEnUserAct OBJECT-TYPE
+ SYNTAX RuleAction
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The action of user defined acl rule."
+ ::= { hh3cAclEnUserEntry 3 }
+
+ hh3cAclEnUserStartString OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..255))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The rule, matching packets, input like this:
+ 'RuleOffset','RuleString','RuleMask'.
+
+ RuleOffset: The value of this object is defined by product and
+ it indicates the offset of the rule mask in the packet(unit: byte).
+
+ RuleString: The length of RuleString is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ RuleMask: The length of RuleMask is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ For example: 10,10af,ffff.
+
+ Default value is zero-length.
+ "
+ ::= { hh3cAclEnUserEntry 4 }
+
+ hh3cAclEnUserL2String OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..255))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The rule, matching layer 2 packets, input like this:
+ 'RuleOffset','RuleString','RuleMask'.
+
+ RuleOffset: The value is defined by product and
+ it indicates offset of the rule mask in the packet(unit: byte).
+
+ RuleString: The length of RuleString is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ RuleMask: The length of RuleMask is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ For example: '10','10af','ffff'.
+
+ Default value is zero-length.
+ "
+ ::= { hh3cAclEnUserEntry 5 }
+
+ hh3cAclEnUserMplsString OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..255))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The rule, matching mpls packets, input like this:
+ 'RuleOffset','RuleString','RuleMask'.
+
+ RuleOffset: The value is defined by product and
+ it indicates offset of the rule mask in the packet(unit: byte).
+
+ RuleString: The length of RuleString is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ RuleMask: The length of RuleMask is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ For example: '10','10af','ffff'.
+
+ Default value is zero-length.
+ "
+ ::= { hh3cAclEnUserEntry 6 }
+
+ hh3cAclEnUserIPv4String OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..255))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The rule, matching IPv4 packets, input like this:
+ 'RuleOffset','RuleString','RuleMask'.
+
+ RuleOffset: The value is defined by product and
+ it indicates offset of the rule mask in the packet(unit: byte).
+
+ RuleString: The length of RuleString is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ RuleMask: The length of RuleMask is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ For example: '10','10af','ffff'.
+
+ Default value is zero-length.
+ "
+ ::= { hh3cAclEnUserEntry 7 }
+
+ hh3cAclEnUserIPv6String OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..255))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The rule, matching IPv6 packets, input like this:
+ 'RuleOffset','RuleString','RuleMask'.
+
+ RuleOffset: The value is defined by product and
+ it indicates offset of the rule mask in the packet(unit: byte).
+
+ RuleString: The length of RuleString is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ RuleMask: The length of RuleMask is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ For example: '10','10af','ffff'.
+
+ Default value is zero-length.
+ "
+ ::= { hh3cAclEnUserEntry 8 }
+
+ hh3cAclEnUserL4String OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..255))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The rule, matching layer 4 packets, input like this:
+ 'RuleOffset','RuleString','RuleMask'.
+
+ RuleOffset: The value is defined by product and
+ it indicates offset of the rule mask in the packet(unit: byte).
+
+ RuleString: The length of RuleString is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ RuleMask: The length of RuleMask is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ For example: '10','10af','ffff'.
+
+ Default value is zero-length.
+ "
+ ::= { hh3cAclEnUserEntry 9 }
+
+ hh3cAclEnUserL5String OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..255))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The rule, matching layer 5 packets, input like this:
+ 'RuleOffset','RuleString','RuleMask'.
+
+ RuleOffset: The value is defined by product and
+ it indicates offset of the rule mask in the packet(unit: byte).
+
+ RuleString: The length of RuleString is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ RuleMask: The length of RuleMask is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ For example: '10','10af','ffff'.
+
+ Default value is zero-length.
+ "
+ ::= { hh3cAclEnUserEntry 10 }
+
+ hh3cAclEnUserTimeRangeName OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The Time-range of user acl rule.
+ Default value is zero-length."
+ ::= { hh3cAclEnUserEntry 11 }
+
+ hh3cAclEnUserCount OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The count of matched by the rule."
+ ::= { hh3cAclEnUserEntry 12 }
+
+ hh3cAclEnUserCountClear OBJECT-TYPE
+ SYNTAX CounterClear
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "Reset the value of counter."
+ ::= { hh3cAclEnUserEntry 13 }
+
+ hh3cAclEnUserEnable OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The rule is active or not.
+ true : active
+ false : inactive
+ "
+ DEFVAL { false }
+ ::= { hh3cAclEnUserEntry 14 }
+
+ hh3cAclEnUserComment OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..127))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The description of ACL rule.
+ Default value is Zero-length String.
+ "
+ ::= { hh3cAclEnUserEntry 15 }
+
+ hh3cAclEnUserLog OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The packet will be logged when it matches the rule.
+ It is disabled by default.
+ "
+ DEFVAL { false }
+ ::= { hh3cAclEnUserEntry 16 }
+
+ hh3cAclEnUserCounting OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The packet will be counted when it matches the rule.
+ It is disabled by default.
+ "
+ DEFVAL { false }
+ ::= { hh3cAclEnUserEntry 17 }
+
+--
+-- Nodes of hh3cAclNamedUserTable
+--
+ hh3cAclNamedUserTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cAclNamedUserEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "A table of named user acl rule.
+ The name of ACL group will be used as an index in this table,
+ which differs from the table hh3cAclEnUserTable.
+ If some objects of this table are not supported by some products,
+ these objects can't be created, changed and applied.
+ Default value of these objects will be returned when they are read.
+ "
+ ::= { hh3cAclEnUserAclGroup 4 }
+
+ hh3cAclNamedUserEntry OBJECT-TYPE
+ SYNTAX Hh3cAclNamedUserEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "User defined acl group entry."
+ INDEX
+ {
+ hh3cAclNumberGroupType,
+ hh3cAclNamedGroupName,
+ hh3cAclEnUserRuleIndex
+ }
+ ::= { hh3cAclNamedUserTable 1 }
+
+ Hh3cAclNamedUserEntry ::=
+ SEQUENCE
+ {
+ hh3cAclNamedUserRowStatus
+ RowStatus,
+ hh3cAclNamedUserAct
+ RuleAction,
+ hh3cAclNamedUserStartString
+ OCTET STRING,
+ hh3cAclNamedUserL2String
+ OCTET STRING,
+ hh3cAclNamedUserMplsString
+ OCTET STRING,
+ hh3cAclNamedUserIPv4String
+ OCTET STRING,
+ hh3cAclNamedUserIPv6String
+ OCTET STRING,
+ hh3cAclNamedUserL4String
+ OCTET STRING,
+ hh3cAclNamedUserL5String
+ OCTET STRING,
+ hh3cAclNamedUserTimeRangeName
+ OCTET STRING,
+ hh3cAclNamedUserCount
+ Unsigned32,
+ hh3cAclNamedUserCountClear
+ CounterClear,
+ hh3cAclNamedUserEnable
+ TruthValue,
+ hh3cAclNamedUserComment
+ OCTET STRING,
+ hh3cAclNamedUserLog
+ TruthValue,
+ hh3cAclNamedUserCounting
+ TruthValue
+ }
+
+ hh3cAclNamedUserRowStatus OBJECT-TYPE
+ SYNTAX RowStatus
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "RowStatus."
+ ::= { hh3cAclNamedUserEntry 1 }
+
+ hh3cAclNamedUserAct OBJECT-TYPE
+ SYNTAX RuleAction
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The action of user defined acl rule."
+ ::= { hh3cAclNamedUserEntry 2 }
+
+ hh3cAclNamedUserStartString OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..255))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The rule, matching packets, input like this:
+ 'RuleOffset','RuleString','RuleMask'.
+
+ RuleOffset: The value of this object is defined by product and
+ it indicates the offset of the rule mask in the packet(unit: byte).
+
+ RuleString: The length of RuleString is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ RuleMask: The length of RuleMask is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ For example: 10,10af,ffff.
+
+ Default value is zero-length.
+ "
+ ::= { hh3cAclNamedUserEntry 3 }
+
+ hh3cAclNamedUserL2String OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..255))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The rule, matching layer 2 packets, input like this:
+ 'RuleOffset','RuleString','RuleMask'.
+
+ RuleOffset: The value is defined by product and
+ it indicates offset of the rule mask in the packet(unit: byte).
+
+ RuleString: The length of RuleString is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ RuleMask: The length of RuleMask is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ For example: '10','10af','ffff'.
+
+ Default value is zero-length.
+ "
+ ::= { hh3cAclNamedUserEntry 4 }
+
+ hh3cAclNamedUserMplsString OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..255))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The rule, matching mpls packets, input like this:
+ 'RuleOffset','RuleString','RuleMask'.
+
+ RuleOffset: The value is defined by product and
+ it indicates offset of the rule mask in the packet(unit: byte).
+
+ RuleString: The length of RuleString is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ RuleMask: The length of RuleMask is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ For example: '10','10af','ffff'.
+
+ Default value is zero-length.
+ "
+ ::= { hh3cAclNamedUserEntry 5 }
+
+ hh3cAclNamedUserIPv4String OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..255))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The rule, matching IPv4 packets, input like this:
+ 'RuleOffset','RuleString','RuleMask'.
+
+ RuleOffset: The value is defined by product and
+ it indicates offset of the rule mask in the packet(unit: byte).
+
+ RuleString: The length of RuleString is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ RuleMask: The length of RuleMask is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ For example: '10','10af','ffff'.
+
+ Default value is zero-length.
+ "
+ ::= { hh3cAclNamedUserEntry 6 }
+
+ hh3cAclNamedUserIPv6String OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..255))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The rule, matching IPv6 packets, input like this:
+ 'RuleOffset','RuleString','RuleMask'.
+
+ RuleOffset: The value is defined by product and
+ it indicates offset of the rule mask in the packet(unit: byte).
+
+ RuleString: The length of RuleString is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ RuleMask: The length of RuleMask is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ For example: '10','10af','ffff'.
+
+ Default value is zero-length.
+ "
+ ::= { hh3cAclNamedUserEntry 7 }
+
+ hh3cAclNamedUserL4String OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..255))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The rule, matching layer 4 packets, input like this:
+ 'RuleOffset','RuleString','RuleMask'.
+
+ RuleOffset: The value is defined by product and
+ it indicates offset of the rule mask in the packet(unit: byte).
+
+ RuleString: The length of RuleString is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ RuleMask: The length of RuleMask is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ For example: '10','10af','ffff'.
+
+ Default value is zero-length.
+ "
+ ::= { hh3cAclNamedUserEntry 8 }
+
+ hh3cAclNamedUserL5String OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..255))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The rule, matching layer 5 packets, input like this:
+ 'RuleOffset','RuleString','RuleMask'.
+
+ RuleOffset: The value is defined by product and
+ it indicates offset of the rule mask in the packet(unit: byte).
+
+ RuleString: The length of RuleString is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ RuleMask: The length of RuleMask is defined by product.
+ The string must be hexadecimal.
+ The length of string must be multiple of 2.
+
+ For example: '10','10af','ffff'.
+
+ Default value is zero-length.
+ "
+ ::= { hh3cAclNamedUserEntry 9 }
+
+ hh3cAclNamedUserTimeRangeName OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The Time-range of user acl rule.
+ Default value is zero-length."
+ ::= { hh3cAclNamedUserEntry 10 }
+
+ hh3cAclNamedUserCount OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The count of matched by the rule."
+ ::= { hh3cAclNamedUserEntry 11 }
+
+ hh3cAclNamedUserCountClear OBJECT-TYPE
+ SYNTAX CounterClear
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "Reset the value of counter."
+ ::= { hh3cAclNamedUserEntry 12 }
+
+ hh3cAclNamedUserEnable OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The rule is active or not.
+ true : active
+ false : inactive
+ "
+ DEFVAL { false }
+ ::= { hh3cAclNamedUserEntry 13 }
+
+ hh3cAclNamedUserComment OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..127))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The description of ACL rule.
+ Default value is Zero-length String.
+ "
+ ::= { hh3cAclNamedUserEntry 14 }
+
+ hh3cAclNamedUserLog OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The packet will be logged when it matches the rule.
+ It is disabled by default.
+ "
+ DEFVAL { false }
+ ::= { hh3cAclNamedUserEntry 15 }
+
+ hh3cAclNamedUserCounting OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The packet will be counted when it matches the rule.
+ It is disabled by default.
+ "
+ DEFVAL { false }
+ ::= { hh3cAclNamedUserEntry 16 }
+
+--
+-- Node of hh3cAclResourceGroup
+--
+ hh3cAclResourceGroup OBJECT IDENTIFIER ::= { hh3cAclMib2Objects 5 }
+--
+-- Nodes of hh3cAclResourceUsageTable
+--
+ hh3cAclResourceUsageTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cAclResourceUsageEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The table shows ACL resource usage information. Support for
+ resource types that are denoted by hh3cAclResourceType object
+ varies with products. If a type is not supported, the
+ corresponding row for the type will not be instantiated
+ in this table.
+ "
+ ::= { hh3cAclResourceGroup 1 }
+
+ hh3cAclResourceUsageEntry OBJECT-TYPE
+ SYNTAX Hh3cAclResourceUsageEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Each row contains a brief description of the resource type,
+ a port range associated with the chip, total, reserved, and
+ configured amount of resource of this type, the percent of
+ resource that has been allocated, and so on.
+ "
+ INDEX
+ {
+ hh3cAclResourceChassis,
+ hh3cAclResourceSlot,
+ hh3cAclResourceChip,
+ hh3cAclResourceType
+ }
+ ::= { hh3cAclResourceUsageTable 1 }
+
+ Hh3cAclResourceUsageEntry ::=
+ SEQUENCE
+ {
+ hh3cAclResourceChassis
+ Unsigned32,
+ hh3cAclResourceSlot
+ Unsigned32,
+ hh3cAclResourceChip
+ Unsigned32,
+ hh3cAclResourceType
+ Integer32,
+ hh3cAclPortRange
+ OCTET STRING,
+ hh3cAclResourceTotal
+ Unsigned32,
+ hh3cAclResourceReserved
+ Unsigned32,
+ hh3cAclResourceConfigured
+ Unsigned32,
+ hh3cAclResourceUsagePercent
+ Unsigned32,
+ hh3cAclResourceTypeDescription
+ OCTET STRING
+ }
+
+ hh3cAclResourceChassis OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The chassis number. On a centralized or distributed device,
+ the value for this node is always zero.
+ "
+ ::= { hh3cAclResourceUsageEntry 1 }
+
+ hh3cAclResourceSlot OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The slot number. On a centralized device, the value for
+ this node is always zero."
+ ::= { hh3cAclResourceUsageEntry 2 }
+
+ hh3cAclResourceChip OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The chip number. On a single chip device, the value for
+ this node is always zero."
+ ::= { hh3cAclResourceUsageEntry 3 }
+
+ hh3cAclResourceType OBJECT-TYPE
+ SYNTAX Integer32 (1..255)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The resource type."
+ ::= { hh3cAclResourceUsageEntry 4 }
+
+ hh3cAclPortRange OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..255))
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The port range associated with the chip. Commas are used to
+ separate multiple port ranges, for example, Ethernet1/2 to
+ Ethernet1/12, Ethernet1/31 to Ethernet1/48.
+ "
+ ::= { hh3cAclResourceUsageEntry 5 }
+
+ hh3cAclResourceTotal OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total TCAM entries of the resource type."
+ ::= { hh3cAclResourceUsageEntry 6 }
+
+ hh3cAclResourceReserved OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The amount of reserved TCAM entries of the resource type."
+ ::= { hh3cAclResourceUsageEntry 7 }
+
+ hh3cAclResourceConfigured OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The amount of configured TCAM entries of the resource type."
+ ::= { hh3cAclResourceUsageEntry 8 }
+
+ hh3cAclResourceUsagePercent OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The percent of TCAM entries that have been used for
+ this resource type.
+ "
+ ::= { hh3cAclResourceUsageEntry 9 }
+
+ hh3cAclResourceTypeDescription OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..31))
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The description of this resource type."
+ ::= { hh3cAclResourceUsageEntry 10 }
+
+--
+-- Node of hh3cAclIntervalGroup
+--
+ hh3cAclIntervalGroup OBJECT IDENTIFIER ::= { hh3cAclMib2Objects 6 }
+--
+-- Nodes of hh3cAclIntervalTable
+--
+ hh3cAclIntervalTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cAclIntervalEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Log interval table."
+ ::= { hh3cAclIntervalGroup 1 }
+
+ hh3cAclIntervalEntry OBJECT-TYPE
+ SYNTAX Hh3cAclIntervalEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Log interval entry."
+ INDEX
+ {
+ hh3cAclIntervalType
+ }
+ ::= { hh3cAclIntervalTable 1 }
+
+ Hh3cAclIntervalEntry ::=
+ SEQUENCE
+ {
+ hh3cAclIntervalType
+ INTEGER,
+ hh3cAclIntervalValue
+ Integer32,
+ hh3cAclIntervalRowStatus
+ RowStatus
+ }
+
+ hh3cAclIntervalType OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ logging(1),
+ trap(2)
+ }
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The types of the interval specified for generating
+ packet filtering logs or traps.
+ "
+ ::= { hh3cAclIntervalEntry 1 }
+
+ hh3cAclIntervalValue OBJECT-TYPE
+ SYNTAX Integer32 (5..1440)
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "The value of interval.
+ It must be a multiple of 5 and in the range of 5 to 1440.
+ "
+ ::= { hh3cAclIntervalEntry 2 }
+
+ hh3cAclIntervalRowStatus OBJECT-TYPE
+ SYNTAX RowStatus
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "RowStatus."
+ ::= { hh3cAclIntervalEntry 3 }
+
+--
+-- Node of hh3cAclPacketFilterObjects
+--
+ hh3cAclPacketFilterObjects OBJECT IDENTIFIER ::= { hh3cAcl 3 }
+
+ hh3cPfilterScalarGroup OBJECT IDENTIFIER ::= { hh3cAclPacketFilterObjects 1 }
+
+ hh3cPfilterDefaultAction OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ permit(1),
+ deny(2)
+ }
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "The default action of packet filter.
+ By default, the packet filter permits packets that do not match
+ any ACL rule to pass.
+ "
+ ::= { hh3cPfilterScalarGroup 1 }
+
+ hh3cPfilterProcessingStatus OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ processing(1),
+ done(2)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "This object shows the status of the system when applying packet
+ filter. It is forbidden to set or read in hh3cAclPacketFilterObjects
+ MIB module when the value is processing.
+ "
+ ::= { hh3cPfilterScalarGroup 2 }
+
+--
+-- Nodes of hh3cPfilterApplyTable
+--
+ hh3cPfilterApplyTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cPfilterApplyEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "A table of packet filter application.
+ It's not supported to set default action on an entity,
+ but supported to enable hardware count of default action
+ on an entity.
+ "
+ ::= { hh3cAclPacketFilterObjects 2 }
+
+ hh3cPfilterApplyEntry OBJECT-TYPE
+ SYNTAX Hh3cPfilterApplyEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Packet filter application information entry."
+ INDEX
+ {
+ hh3cPfilterApplyObjType,
+ hh3cPfilterApplyObjIndex,
+ hh3cPfilterApplyDirection,
+ hh3cPfilterApplyAclType,
+ hh3cPfilterApplyAclIndex
+ }
+ ::= { hh3cPfilterApplyTable 1 }
+
+ Hh3cPfilterApplyEntry ::=
+ SEQUENCE
+ {
+ hh3cPfilterApplyObjType
+ INTEGER,
+ hh3cPfilterApplyObjIndex
+ Integer32,
+ hh3cPfilterApplyDirection
+ DirectionType,
+ hh3cPfilterApplyAclType
+ INTEGER,
+ hh3cPfilterApplyAclIndex
+ Integer32,
+ hh3cPfilterApplyHardCount
+ TruthValue,
+ hh3cPfilterApplySequence
+ Unsigned32,
+ hh3cPfilterApplyCountClear
+ CounterClear,
+ hh3cPfilterApplyRowStatus
+ RowStatus
+ }
+
+ hh3cPfilterApplyObjType OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ interface(1),
+ vlan(2),
+ global(3)
+ }
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The object type of packet filter application.
+ interface: Apply an ACL to the interface to filter packets.
+ vlan: Apply an ACL to the VLAN to filter packets.
+ global: Apply an ACL globally to filter packets.
+ "
+ ::= { hh3cPfilterApplyEntry 1 }
+
+ hh3cPfilterApplyObjIndex OBJECT-TYPE
+ SYNTAX Integer32 (0..2147483647)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The object ID of packet filter application.
+ Interface: interface index, equal to ifIndex
+ VLAN: VLAN ID, 1..4094
+ Global: 0
+ "
+ ::= { hh3cPfilterApplyEntry 2 }
+
+ hh3cPfilterApplyDirection OBJECT-TYPE
+ SYNTAX DirectionType
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The direction of packet filter application."
+ ::= { hh3cPfilterApplyEntry 3 }
+
+ hh3cPfilterApplyAclType OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ ipv4(1),
+ ipv6(2),
+ default(3),
+ mac(4),
+ user(5)
+ }
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "ACL Type: IPv4, IPv6, default action, MAC, and user.
+ Take default action as a special ACL group.
+ "
+ ::= { hh3cPfilterApplyEntry 4 }
+
+ hh3cPfilterApplyAclIndex OBJECT-TYPE
+ SYNTAX Integer32 (0|2000..5999)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The ACL group index.
+ Basic type: 2000..2999
+ Advanced type: 3000..3999
+ MAC type: 4000..4999
+ User type: 5000..5999
+ Default action type: 0
+ "
+ ::= { hh3cPfilterApplyEntry 5 }
+
+ hh3cPfilterApplyHardCount OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Hardware count flag.
+ true: enable hardware count
+ false: disable hardware count
+ "
+ DEFVAL { false }
+ ::= { hh3cPfilterApplyEntry 6 }
+
+ hh3cPfilterApplySequence OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The configure sequence of packet filter application."
+ ::= { hh3cPfilterApplyEntry 7 }
+
+ hh3cPfilterApplyCountClear OBJECT-TYPE
+ SYNTAX CounterClear
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "Clear the value of counters."
+ ::= { hh3cPfilterApplyEntry 8 }
+
+ hh3cPfilterApplyRowStatus OBJECT-TYPE
+ SYNTAX RowStatus
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "RowStatus."
+ ::= { hh3cPfilterApplyEntry 9 }
+
+--
+-- Nodes of hh3cPfilterAclGroupRunInfoTable
+--
+ hh3cPfilterAclGroupRunInfoTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cPfilterAclGroupRunInfoEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "A table of group running information of ACLs
+ for packet filtering. If hardware count function is not
+ supported or not enabled to the packet filter application, the
+ statistics entry will be zero.
+ "
+ ::= { hh3cAclPacketFilterObjects 3 }
+
+ hh3cPfilterAclGroupRunInfoEntry OBJECT-TYPE
+ SYNTAX Hh3cPfilterAclGroupRunInfoEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "ACL group running information entry for packet filtering."
+ INDEX
+ {
+ hh3cPfilterRunApplyObjType,
+ hh3cPfilterRunApplyObjIndex,
+ hh3cPfilterRunApplyDirection,
+ hh3cPfilterRunApplyAclType,
+ hh3cPfilterRunApplyAclIndex
+ }
+ ::= { hh3cPfilterAclGroupRunInfoTable 1 }
+
+ Hh3cPfilterAclGroupRunInfoEntry ::=
+ SEQUENCE
+ {
+ hh3cPfilterRunApplyObjType
+ INTEGER,
+ hh3cPfilterRunApplyObjIndex
+ Integer32,
+ hh3cPfilterRunApplyDirection
+ DirectionType,
+ hh3cPfilterRunApplyAclType
+ INTEGER,
+ hh3cPfilterRunApplyAclIndex
+ Integer32,
+ hh3cPfilterAclGroupStatus
+ INTEGER,
+ hh3cPfilterAclGroupCountStatus
+ INTEGER,
+ hh3cPfilterAclGroupPermitPkts
+ Counter64,
+ hh3cPfilterAclGroupPermitBytes
+ Counter64,
+ hh3cPfilterAclGroupDenyPkts
+ Counter64,
+ hh3cPfilterAclGroupDenyBytes
+ Counter64
+ }
+
+ hh3cPfilterRunApplyObjType OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ interface(1),
+ vlan(2),
+ global(3)
+ }
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The object type of packet filter application.
+ interface: Apply an ACL to the interface to filter packets.
+ vlan: Apply an ACL to the VLAN to filter packets.
+ global: Apply an ACL globally to filter packets.
+ "
+ ::= { hh3cPfilterAclGroupRunInfoEntry 1 }
+
+ hh3cPfilterRunApplyObjIndex OBJECT-TYPE
+ SYNTAX Integer32 (0..2147483647)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The object ID of packet filter application.
+ Interface: interface index, equal to ifIndex
+ VLAN: VLAN ID, 1..4094
+ Global: 0
+ "
+ ::= { hh3cPfilterAclGroupRunInfoEntry 2 }
+
+ hh3cPfilterRunApplyDirection OBJECT-TYPE
+ SYNTAX DirectionType
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The direction of packet filter application."
+ ::= { hh3cPfilterAclGroupRunInfoEntry 3 }
+
+ hh3cPfilterRunApplyAclType OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ ipv4(1),
+ ipv6(2),
+ default(3),
+ mac(4),
+ user(5)
+ }
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "ACL Type: IPv4, IPv6, default action, MAC, and user.
+ Take default action as a special ACL group.
+ "
+ ::= { hh3cPfilterAclGroupRunInfoEntry 4 }
+
+ hh3cPfilterRunApplyAclIndex OBJECT-TYPE
+ SYNTAX Integer32 (1..3|2000..5999)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The ACL group index.
+ Basic type: 2000..2999
+ Advanced type: 3000..3999
+ MAC type: 4000..4999
+ User type: 5000..5999
+ MAC default action: 1
+ IPv4 default action: 2
+ IPv6 default action: 3
+ "
+ ::= { hh3cPfilterAclGroupRunInfoEntry 5 }
+
+ hh3cPfilterAclGroupStatus OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ success(1),
+ failed(2),
+ partialSuccess(3)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The status of ACL group applied.
+ success: ACL applied successfully on all slots
+ failed: failed to apply ACL on all slots
+ partialSuccess: failed to apply ACL on some slots
+ "
+ ::= { hh3cPfilterAclGroupRunInfoEntry 6 }
+
+ hh3cPfilterAclGroupCountStatus OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ success(1),
+ failed(2),
+ partialSuccess(3)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The status of enabling hardware count. If hardware count is
+ not enabled, it returns success.
+ success: enable hardware count successfully on all slots
+ failed: failed to enable hardware count on all slots
+ partialSuccess: failed to enable hardware count on some slots
+ "
+ ::= { hh3cPfilterAclGroupRunInfoEntry 7 }
+
+ hh3cPfilterAclGroupPermitPkts OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of packets permitted."
+ ::= { hh3cPfilterAclGroupRunInfoEntry 8 }
+
+ hh3cPfilterAclGroupPermitBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of bytes permitted."
+ ::= { hh3cPfilterAclGroupRunInfoEntry 9 }
+
+ hh3cPfilterAclGroupDenyPkts OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of packets denied."
+ ::= { hh3cPfilterAclGroupRunInfoEntry 10 }
+
+ hh3cPfilterAclGroupDenyBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of bytes denied."
+ ::= { hh3cPfilterAclGroupRunInfoEntry 11 }
+
+--
+-- Nodes of hh3cPfilterAclRuleRunInfoTable
+--
+ hh3cPfilterAclRuleRunInfoTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cPfilterAclRuleRunInfoEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "A table of rule's running information of ACLs
+ for packet filtering. If hardware count function is not
+ supported or not enabled to the packet filter application, the
+ hh3cPfilterAclRuleMatchPackets and hh3cPfilterAclRuleMatchBytes
+ will be zero.
+ "
+ ::= { hh3cAclPacketFilterObjects 4 }
+
+ hh3cPfilterAclRuleRunInfoEntry OBJECT-TYPE
+ SYNTAX Hh3cPfilterAclRuleRunInfoEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "ACL rule's running information entry."
+ INDEX
+ {
+ hh3cPfilterRunApplyObjType,
+ hh3cPfilterRunApplyObjIndex,
+ hh3cPfilterRunApplyDirection,
+ hh3cPfilterRunApplyAclType,
+ hh3cPfilterRunApplyAclIndex,
+ hh3cPfilterAclRuleIndex
+ }
+ ::= { hh3cPfilterAclRuleRunInfoTable 1 }
+
+ Hh3cPfilterAclRuleRunInfoEntry ::=
+ SEQUENCE
+ {
+ hh3cPfilterAclRuleIndex
+ Integer32,
+ hh3cPfilterAclRuleStatus
+ INTEGER,
+ hh3cPfilterAclRuleCountStatus
+ INTEGER,
+ hh3cPfilterAclRuleMatchPackets
+ Counter64,
+ hh3cPfilterAclRuleMatchBytes
+ Counter64
+ }
+
+ hh3cPfilterAclRuleIndex OBJECT-TYPE
+ SYNTAX Integer32 (0..65534)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The ACL rule index."
+ ::= { hh3cPfilterAclRuleRunInfoEntry 1 }
+
+ hh3cPfilterAclRuleStatus OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ success(1),
+ failed(2),
+ partialSuccess(3)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The status of rule application.
+ success: rule applied successfully on all slots
+ failed: failed to apply rule on all slots
+ partialSuccess: failed to apply rule on some slots
+ "
+ ::= { hh3cPfilterAclRuleRunInfoEntry 2 }
+
+ hh3cPfilterAclRuleCountStatus OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ success(1),
+ failed(2),
+ partialSuccess(3)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The status of enabling rule's hardware count.
+ If hardware count is not enabled, it returns success.
+ success: enable hardware count successfully on all slots
+ failed: failed to enable hardware count on all slots
+ partialSuccess: failed to enable hardware count on some slots
+ "
+ ::= { hh3cPfilterAclRuleRunInfoEntry 3 }
+
+ hh3cPfilterAclRuleMatchPackets OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of packets matched."
+ ::= { hh3cPfilterAclRuleRunInfoEntry 4 }
+
+ hh3cPfilterAclRuleMatchBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of bytes matched."
+ ::= { hh3cPfilterAclRuleRunInfoEntry 5 }
+
+--
+-- Nodes of hh3cPfilterStatisticSumTable
+--
+ hh3cPfilterStatisticSumTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cPfilterStatisticSumEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "A table of ACL rule's sum statistics information,
+ accumulated by all entity application on all slots.
+ "
+ ::= { hh3cAclPacketFilterObjects 5 }
+
+ hh3cPfilterStatisticSumEntry OBJECT-TYPE
+ SYNTAX Hh3cPfilterStatisticSumEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "ACL rule's sum statistics information entry."
+ INDEX
+ {
+ hh3cPfilterSumDirection,
+ hh3cPfilterSumAclType,
+ hh3cPfilterSumAclIndex,
+ hh3cPfilterSumRuleIndex
+ }
+ ::= { hh3cPfilterStatisticSumTable 1 }
+
+ Hh3cPfilterStatisticSumEntry ::=
+ SEQUENCE
+ {
+ hh3cPfilterSumDirection
+ DirectionType,
+ hh3cPfilterSumAclType
+ INTEGER,
+ hh3cPfilterSumAclIndex
+ Integer32,
+ hh3cPfilterSumRuleIndex
+ Integer32,
+ hh3cPfilterSumRuleMatchPackets
+ Counter64,
+ hh3cPfilterSumRuleMatchBytes
+ Counter64
+ }
+
+ hh3cPfilterSumDirection OBJECT-TYPE
+ SYNTAX DirectionType
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The direction of application."
+ ::= { hh3cPfilterStatisticSumEntry 1 }
+
+ hh3cPfilterSumAclType OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ ipv4(1),
+ ipv6(2),
+ mac(3),
+ user(4)
+ }
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "ACL type: IPv4, IPv6, MAC, and user."
+ ::= { hh3cPfilterStatisticSumEntry 2 }
+
+ hh3cPfilterSumAclIndex OBJECT-TYPE
+ SYNTAX Integer32 (2000..5999)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The ACL group index.
+ Basic type: 2000..2999
+ Advanced type: 3000..3999
+ MAC type: 4000..4999
+ User type: 5000..5999
+ "
+ ::= { hh3cPfilterStatisticSumEntry 3 }
+
+ hh3cPfilterSumRuleIndex OBJECT-TYPE
+ SYNTAX Integer32 (0..65534)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The ACL rule index."
+ ::= { hh3cPfilterStatisticSumEntry 4 }
+
+ hh3cPfilterSumRuleMatchPackets OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The sum number of packets matched the ACL rule."
+ ::= { hh3cPfilterStatisticSumEntry 5 }
+
+ hh3cPfilterSumRuleMatchBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The sum number of bytes matched the ACL rule."
+ ::= { hh3cPfilterStatisticSumEntry 6 }
+
+--
+-- Nodes of hh3cPfilter2ApplyTable
+--
+ hh3cPfilter2ApplyTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cPfilter2ApplyEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "A table of packet filter application.
+ It's not supported to set default action on an entity,
+ but supported to enable hardware count of default action
+ on an entity.
+ "
+ ::= { hh3cAclPacketFilterObjects 6 }
+
+ hh3cPfilter2ApplyEntry OBJECT-TYPE
+ SYNTAX Hh3cPfilter2ApplyEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Packet filter application information entry."
+ INDEX
+ {
+ hh3cPfilter2ApplyObjType,
+ hh3cPfilter2ApplyObjIndex,
+ hh3cPfilter2ApplyDirection,
+ hh3cPfilter2ApplyAclType,
+ hh3cPfilter2ApplyAclIndex
+ }
+ ::= { hh3cPfilter2ApplyTable 1 }
+
+ Hh3cPfilter2ApplyEntry ::=
+ SEQUENCE
+ {
+ hh3cPfilter2ApplyObjType
+ INTEGER,
+ hh3cPfilter2ApplyObjIndex
+ Integer32,
+ hh3cPfilter2ApplyDirection
+ DirectionType,
+ hh3cPfilter2ApplyAclType
+ INTEGER,
+ hh3cPfilter2ApplyAclIndex
+ OCTET STRING,
+ hh3cPfilter2ApplyHardCount
+ TruthValue,
+ hh3cPfilter2ApplySequence
+ Unsigned32,
+ hh3cPfilter2ApplyCountClear
+ CounterClear,
+ hh3cPfilter2ApplyRowStatus
+ RowStatus
+ }
+
+ hh3cPfilter2ApplyObjType OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ interface(1),
+ vlan(2),
+ global(3)
+ }
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "The object type of packet filter application.
+ interface: Apply an ACL to the interface to filter packets.
+ vlan: Apply an ACL to the VLAN to filter packets.
+ global: Apply an ACL globally to filter packets.
+ "
+ ::= { hh3cPfilter2ApplyEntry 1 }
+
+ hh3cPfilter2ApplyObjIndex OBJECT-TYPE
+ SYNTAX Integer32 (0..2147483647)
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "The object ID of packet filter application.
+ Interface: interface index, equal to ifIndex
+ VLAN: VLAN ID, 1..4094
+ Global: 0
+ "
+ ::= { hh3cPfilter2ApplyEntry 2 }
+
+ hh3cPfilter2ApplyDirection OBJECT-TYPE
+ SYNTAX DirectionType
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "The direction of packet filter application."
+ ::= { hh3cPfilter2ApplyEntry 3 }
+
+ hh3cPfilter2ApplyAclType OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ ipv4(1),
+ ipv6(2),
+ default(3),
+ mac(4),
+ user(5)
+ }
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "ACL Type: IPv4, IPv6, default action, MAC, and user.
+ Take default action as a special ACL group.
+ "
+ ::= { hh3cPfilter2ApplyEntry 4 }
+
+ hh3cPfilter2ApplyAclIndex OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(1..63))
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "The index of ACL group used by packet-filter.
+ If the specified string comprises only digits, it is converted
+ into a numerical sequence in decimal notation, and regarded as
+ an ACL group index or a default action. If the string is a
+ character string beginning with an English letter, it is
+ regarded as an ACL group name.
+
+ Group index range and default action:
+ Basic type: 2000..2999
+ Advanced type: 3000..3999
+ MAC type: 4000..4999
+ User type: 5000..5999
+ Default action type: 0
+ "
+ ::= { hh3cPfilter2ApplyEntry 5 }
+
+ hh3cPfilter2ApplyHardCount OBJECT-TYPE
+ SYNTAX TruthValue
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "Hardware count flag.
+ true: enable hardware count
+ false: disable hardware count
+ "
+ DEFVAL { false }
+ ::= { hh3cPfilter2ApplyEntry 6 }
+
+ hh3cPfilter2ApplySequence OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The configure sequence of packet filter application."
+ ::= { hh3cPfilter2ApplyEntry 7 }
+
+ hh3cPfilter2ApplyCountClear OBJECT-TYPE
+ SYNTAX CounterClear
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "Clear the value of counters."
+ DEFVAL { nouse }
+ ::= { hh3cPfilter2ApplyEntry 8 }
+
+ hh3cPfilter2ApplyRowStatus OBJECT-TYPE
+ SYNTAX RowStatus
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "RowStatus."
+ ::= { hh3cPfilter2ApplyEntry 9 }
+
+--
+-- Nodes of hh3cPfilter2AclGroupRunInfoTable
+--
+ hh3cPfilter2AclGroupRunInfoTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cPfilter2AclGroupRunInfoEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "A table of group running information of ACLs
+ for packet filtering. If hardware count function is not
+ supported or not enabled to the packet filter application, the
+ statistics entry will be zero.
+ "
+ ::= { hh3cAclPacketFilterObjects 7 }
+
+ hh3cPfilter2AclGroupRunInfoEntry OBJECT-TYPE
+ SYNTAX Hh3cPfilter2AclGroupRunInfoEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "ACL group running information entry for packet filtering."
+ INDEX
+ {
+ hh3cPfilter2RunApplyObjType,
+ hh3cPfilter2RunApplyObjIndex,
+ hh3cPfilter2RunApplyDirection,
+ hh3cPfilter2RunApplyAclType,
+ hh3cPfilter2RunApplyAclIndex
+ }
+ ::= { hh3cPfilter2AclGroupRunInfoTable 1 }
+
+ Hh3cPfilter2AclGroupRunInfoEntry ::=
+ SEQUENCE
+ {
+ hh3cPfilter2RunApplyObjType
+ INTEGER,
+ hh3cPfilter2RunApplyObjIndex
+ Integer32,
+ hh3cPfilter2RunApplyDirection
+ DirectionType,
+ hh3cPfilter2RunApplyAclType
+ INTEGER,
+ hh3cPfilter2RunApplyAclIndex
+ OCTET STRING,
+ hh3cPfilter2AclGroupStatus
+ INTEGER,
+ hh3cPfilter2AclGroupCountStatus
+ INTEGER,
+ hh3cPfilter2AclGroupPermitPkts
+ Counter64,
+ hh3cPfilter2AclGroupPermitBytes
+ Counter64,
+ hh3cPfilter2AclGroupDenyPkts
+ Counter64,
+ hh3cPfilter2AclGroupDenyBytes
+ Counter64
+ }
+
+ hh3cPfilter2RunApplyObjType OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ interface(1),
+ vlan(2),
+ global(3)
+ }
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The object type of packet filter application.
+ interface: Apply an ACL to the interface to filter packets.
+ vlan: Apply an ACL to the VLAN to filter packets.
+ global: Apply an ACL globally to filter packets.
+ "
+ ::= { hh3cPfilter2AclGroupRunInfoEntry 1 }
+
+ hh3cPfilter2RunApplyObjIndex OBJECT-TYPE
+ SYNTAX Integer32 (0..2147483647)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The object ID of packet filter application.
+ Interface: interface index, equal to ifIndex
+ VLAN: VLAN ID, 1..4094
+ Global: 0
+ "
+ ::= { hh3cPfilter2AclGroupRunInfoEntry 2 }
+
+ hh3cPfilter2RunApplyDirection OBJECT-TYPE
+ SYNTAX DirectionType
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The direction of packet filter application."
+ ::= { hh3cPfilter2AclGroupRunInfoEntry 3 }
+
+ hh3cPfilter2RunApplyAclType OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ ipv4(1),
+ ipv6(2),
+ default(3),
+ mac(4),
+ user(5)
+ }
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "ACL Type: IPv4, IPv6, default action, MAC, and user.
+ Take default action as a special ACL group.
+ "
+ ::= { hh3cPfilter2AclGroupRunInfoEntry 4 }
+
+ hh3cPfilter2RunApplyAclIndex OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(1..63))
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The index of ACL group used by packet-filter.
+ If the specified string comprises only digits, it is converted
+ into a numerical sequence in decimal notation, and regarded as
+ an ACL group index or a default action. If the string is a
+ character string beginning with an English letter, it is
+ regarded as an ACL group name.
+
+ Group index range and default action:
+ Basic type: 2000..2999
+ Advanced type: 3000..3999
+ MAC type: 4000..4999
+ User type: 5000..5999
+ MAC default action: 1
+ IPv4 default action: 2
+ IPv6 default action: 3
+ "
+ ::= { hh3cPfilter2AclGroupRunInfoEntry 5 }
+
+ hh3cPfilter2AclGroupStatus OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ success(1),
+ failed(2),
+ partialSuccess(3)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The status of ACL group applied.
+ success: ACL applied successfully on all slots
+ failed: failed to apply ACL on all slots
+ partialSuccess: failed to apply ACL on some slots
+ "
+ ::= { hh3cPfilter2AclGroupRunInfoEntry 6 }
+
+ hh3cPfilter2AclGroupCountStatus OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ success(1),
+ failed(2),
+ partialSuccess(3)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The status of enabling hardware count. If hardware count is
+ not enabled, it returns success.
+ success: enable hardware count successfully on all slots
+ failed: failed to enable hardware count on all slots
+ partialSuccess: failed to enable hardware count on some slots
+ "
+ ::= { hh3cPfilter2AclGroupRunInfoEntry 7 }
+
+ hh3cPfilter2AclGroupPermitPkts OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of packets permitted."
+ ::= { hh3cPfilter2AclGroupRunInfoEntry 8 }
+
+ hh3cPfilter2AclGroupPermitBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of bytes permitted."
+ ::= { hh3cPfilter2AclGroupRunInfoEntry 9 }
+
+ hh3cPfilter2AclGroupDenyPkts OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of packets denied."
+ ::= { hh3cPfilter2AclGroupRunInfoEntry 10 }
+
+ hh3cPfilter2AclGroupDenyBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of bytes denied."
+ ::= { hh3cPfilter2AclGroupRunInfoEntry 11 }
+
+--
+-- Nodes of hh3cPfilter2AclRuleRunInfoTable
+--
+ hh3cPfilter2AclRuleRunInfoTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cPfilter2AclRuleRunInfoEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "A table of rule's running information of ACLs
+ for packet filtering. If hardware count function is not
+ supported or not enabled to the packet filter application, the
+ hh3cPfilter2AclRuleMatchPackets and hh3cPfilter2AclRuleMatchBytes
+ will be zero.
+ "
+ ::= { hh3cAclPacketFilterObjects 8 }
+
+ hh3cPfilter2AclRuleRunInfoEntry OBJECT-TYPE
+ SYNTAX Hh3cPfilter2AclRuleRunInfoEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "ACL rule's running information entry."
+ INDEX
+ {
+ hh3cPfilter2RunApplyObjType,
+ hh3cPfilter2RunApplyObjIndex,
+ hh3cPfilter2RunApplyDirection,
+ hh3cPfilter2RunApplyAclType,
+ hh3cPfilter2RunApplyAclIndex,
+ hh3cPfilter2AclRuleIndex
+ }
+ ::= { hh3cPfilter2AclRuleRunInfoTable 1 }
+
+ Hh3cPfilter2AclRuleRunInfoEntry ::=
+ SEQUENCE
+ {
+ hh3cPfilter2AclRuleIndex
+ Integer32,
+ hh3cPfilter2AclRuleStatus
+ INTEGER,
+ hh3cPfilter2AclRuleCountStatus
+ INTEGER,
+ hh3cPfilter2AclRuleMatchPackets
+ Counter64,
+ hh3cPfilter2AclRuleMatchBytes
+ Counter64
+ }
+
+ hh3cPfilter2AclRuleIndex OBJECT-TYPE
+ SYNTAX Integer32 (0..65534)
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "The ACL rule index."
+ ::= { hh3cPfilter2AclRuleRunInfoEntry 1 }
+
+ hh3cPfilter2AclRuleStatus OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ success(1),
+ failed(2),
+ partialSuccess(3)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The status of rule application.
+ success: rule applied successfully on all slots
+ failed: failed to apply rule on all slots
+ partialSuccess: failed to apply rule on some slots
+ "
+ ::= { hh3cPfilter2AclRuleRunInfoEntry 2 }
+
+ hh3cPfilter2AclRuleCountStatus OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ success(1),
+ failed(2),
+ partialSuccess(3)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The status of enabling rule's hardware count.
+ If hardware count is not enabled, it returns success.
+ success: enable hardware count successfully on all slots
+ failed: failed to enable hardware count on all slots
+ partialSuccess: failed to enable hardware count on some slots
+ "
+ ::= { hh3cPfilter2AclRuleRunInfoEntry 3 }
+
+ hh3cPfilter2AclRuleMatchPackets OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of packets matched."
+ ::= { hh3cPfilter2AclRuleRunInfoEntry 4 }
+
+ hh3cPfilter2AclRuleMatchBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of bytes matched."
+ ::= { hh3cPfilter2AclRuleRunInfoEntry 5 }
+
+--
+-- Nodes of hh3cPfilter2StatisticSumTable
+--
+ hh3cPfilter2StatisticSumTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF Hh3cPfilter2StatisticSumEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "A table of ACL rule's sum statistics information,
+ accumulated by all entity application on all slots.
+ "
+ ::= { hh3cAclPacketFilterObjects 9 }
+
+ hh3cPfilter2StatisticSumEntry OBJECT-TYPE
+ SYNTAX Hh3cPfilter2StatisticSumEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "ACL rule's sum statistics information entry."
+ INDEX
+ {
+ hh3cPfilter2SumDirection,
+ hh3cPfilter2SumAclType,
+ hh3cPfilter2SumAclIndex,
+ hh3cPfilter2SumRuleIndex
+ }
+ ::= { hh3cPfilter2StatisticSumTable 1 }
+
+ Hh3cPfilter2StatisticSumEntry ::=
+ SEQUENCE
+ {
+ hh3cPfilter2SumDirection
+ DirectionType,
+ hh3cPfilter2SumAclType
+ INTEGER,
+ hh3cPfilter2SumAclIndex
+ OCTET STRING,
+ hh3cPfilter2SumRuleIndex
+ Integer32,
+ hh3cPfilter2SumRuleMatchPackets
+ Counter64,
+ hh3cPfilter2SumRuleMatchBytes
+ Counter64
+ }
+
+ hh3cPfilter2SumDirection OBJECT-TYPE
+ SYNTAX DirectionType
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The direction of application."
+ ::= { hh3cPfilter2StatisticSumEntry 1 }
+
+ hh3cPfilter2SumAclType OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ ipv4(1),
+ ipv6(2),
+ mac(3),
+ user(4)
+ }
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "ACL type: IPv4, IPv6, MAC, and user."
+ ::= { hh3cPfilter2StatisticSumEntry 2 }
+
+ hh3cPfilter2SumAclIndex OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(1..63))
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The index of ACL group used by packet-filter.
+ If the specified string comprises only digits, it is converted
+ into a numerical sequence in decimal notation, and regarded as
+ an ACL group index. If the string is a character string
+ beginning with an English letter, it is regarded as an ACL
+ group name.
+
+ Group index range and default action:
+ Basic type: 2000..2999
+ Advanced type: 3000..3999
+ MAC type: 4000..4999
+ User type: 5000..5999
+ "
+ ::= { hh3cPfilter2StatisticSumEntry 3 }
+
+ hh3cPfilter2SumRuleIndex OBJECT-TYPE
+ SYNTAX Integer32 (0..65534)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The ACL rule index."
+ ::= { hh3cPfilter2StatisticSumEntry 4 }
+
+ hh3cPfilter2SumRuleMatchPackets OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The sum number of packets matched the ACL rule."
+ ::= { hh3cPfilter2StatisticSumEntry 5 }
+
+ hh3cPfilter2SumRuleMatchBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The sum number of bytes matched the ACL rule."
+ ::= { hh3cPfilter2StatisticSumEntry 6 }
+
+--
+-- Nodes of hh3cPacketfilterTrapObjects
+--
+
+ hh3cAclPacketfilterTrapObjects OBJECT IDENTIFIER ::= { hh3cAcl 4 }
+
+ hh3cPfilterInterface OBJECT-TYPE
+ SYNTAX OCTET STRING
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "The interface which policy apply."
+ ::= { hh3cAclPacketfilterTrapObjects 1 }
+
+ hh3cPfilterDirection OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..255))
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "Inbound or outbound."
+ ::= { hh3cAclPacketfilterTrapObjects 2 }
+
+ hh3cPfilterACLNumber OBJECT-TYPE
+ SYNTAX Integer32
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "ACL number."
+ ::= { hh3cAclPacketfilterTrapObjects 3 }
+
+ hh3cPfilterAction OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..255))
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "Permit or deny."
+ ::= { hh3cAclPacketfilterTrapObjects 4 }
+
+ hh3cMACfilterSourceMac OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..255))
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "Source MAC address."
+ ::= { hh3cAclPacketfilterTrapObjects 5 }
+
+ hh3cMACfilterDestinationMac OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..255))
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "Destination MAC address."
+ ::= { hh3cAclPacketfilterTrapObjects 6 }
+
+ hh3cPfilterPacketNumber OBJECT-TYPE
+ SYNTAX Integer32
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "The number of packets permitted or denied by ACL."
+ ::= { hh3cAclPacketfilterTrapObjects 7 }
+
+ hh3cPfilterReceiveInterface OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..255))
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "The interface where packet come from."
+ ::= { hh3cAclPacketfilterTrapObjects 8 }
+
+ hh3cAclPacketIfName OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..255))
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "The name of the interface on which the packet is matched."
+ ::= { hh3cAclPacketfilterTrapObjects 9 }
+
+ hh3cAclPacketDirection OBJECT-TYPE
+ SYNTAX DirectionType
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "The direction the packet is going."
+ ::= { hh3cAclPacketfilterTrapObjects 10 }
+
+ hh3cAclPacketBAGG OBJECT-TYPE
+ SYNTAX Integer32 (0..2048)
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "The bridge-aggregation-interface ID the interface belongs to.
+ "
+ DEFVAL { 0 }
+ ::= { hh3cAclPacketfilterTrapObjects 11 }
+
+ hh3cAclPacketVlanID OBJECT-TYPE
+ SYNTAX Integer32 (1..4094)
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "The vlan the interface belongs to."
+ ::= { hh3cAclPacketfilterTrapObjects 12 }
+
+ hh3cAclPacketSrcIP OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..255))
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "Source IP address of IPv4/IPv6 packet."
+ ::= { hh3cAclPacketfilterTrapObjects 13 }
+
+ hh3cAclPacketDstIP OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..255))
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "Destination IP address of IPv4/IPv6 packet."
+ ::= { hh3cAclPacketfilterTrapObjects 14 }
+
+ hh3cAclPacketProtocol OBJECT-TYPE
+ SYNTAX Integer32 (0..255)
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "The protocol of IPv4/IPv6 packet.
+ icmp(1),
+ tcp(6),
+ udp(17),
+ igmp(2),
+ gre(47),
+ ospf(89),
+ ipinip(4),
+ icmp6(58),
+ ipv6_ah(51),
+ ipv6_esp(50)
+ "
+ ::= { hh3cAclPacketfilterTrapObjects 15 }
+
+ hh3cAclPacketDscp OBJECT-TYPE
+ SYNTAX DSCPValue
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "DSCP of IPv4/IPv6 packet."
+ DEFVAL { 255 }
+ ::= { hh3cAclPacketfilterTrapObjects 16 }
+
+ hh3cAclPacketFlowLabel OBJECT-TYPE
+ SYNTAX Unsigned32 (0..1048575|4294967295)
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "Flow label value of IPv6 packet."
+ DEFVAL { 4294967295 }
+ ::= { hh3cAclPacketfilterTrapObjects 17 }
+
+ hh3cAclPacketIcmpIgmpType OBJECT-TYPE
+ SYNTAX Integer32 (0..255|65535)
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "The type of ICMP or IGMP packet."
+ DEFVAL { 65535 }
+ ::= { hh3cAclPacketfilterTrapObjects 18 }
+
+ hh3cAclPacketIcmpIgmpCode OBJECT-TYPE
+ SYNTAX Integer32 (0..255|65535)
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "The code of ICMP or IGMP packet."
+ DEFVAL { 65535 }
+ ::= { hh3cAclPacketfilterTrapObjects 19 }
+
+ hh3cAclPacketTcpFlags OBJECT-TYPE
+ SYNTAX INTEGER
+ {
+ tcpack(1),
+ tcpfin(2),
+ tcppsh(3),
+ tcprst(4),
+ tcpsyn(5),
+ tcpurg(6),
+ invalid(255)
+ }
+
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "The flags of TCP packet.
+ tcpack(1),
+ tcpfin(2),
+ tcppsh(3),
+ tcprst(4),
+ tcpsyn(5),
+ tcpurg(6),
+ invalid(255)
+ "
+ DEFVAL { 255 }
+ ::= { hh3cAclPacketfilterTrapObjects 20 }
+
+ hh3cAclPacketSrcPort OBJECT-TYPE
+ SYNTAX Integer32 (0..65535)
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "Source port of TCP or UDP packet."
+ DEFVAL { 0 }
+ ::= { hh3cAclPacketfilterTrapObjects 21 }
+
+ hh3cAclPacketDstPort OBJECT-TYPE
+ SYNTAX Integer32 (0..65535)
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "Destination port of TCP or UDP packet."
+ DEFVAL { 65535 }
+ ::= { hh3cAclPacketfilterTrapObjects 22 }
+
+ hh3cAclPacketSrcMacAddr OBJECT-TYPE
+ SYNTAX MacAddress
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "Source MAC address of Ethernet packet."
+ ::= { hh3cAclPacketfilterTrapObjects 23 }
+
+ hh3cAclPacketDstMacAddr OBJECT-TYPE
+ SYNTAX MacAddress
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "Destination MAC address of Ethernet packet."
+ ::= { hh3cAclPacketfilterTrapObjects 24 }
+
+ hh3cAclPacketMacTypeLen OBJECT-TYPE
+ SYNTAX Integer32 (0..65535)
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "The Ethertype or 802.3 length of Ethernet packet."
+ DEFVAL { 0 }
+ ::= { hh3cAclPacketfilterTrapObjects 25 }
+
+ hh3cAclPacketVlanPCP OBJECT-TYPE
+ SYNTAX Integer32 (0..7|255)
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "802.1p priority code point of Ethernet packet."
+ DEFVAL { 255 }
+ ::= { hh3cAclPacketfilterTrapObjects 26 }
+
+--
+-- Nodes of hh3cPacketfilterTrap
+--
+
+ hh3cAclPacketfilterTrap OBJECT IDENTIFIER ::= { hh3cAcl 5 }
+
+ hh3cPfilterTrapPrefix OBJECT IDENTIFIER ::= { hh3cAclPacketfilterTrap 0 }
+
+ hh3cMACfilterTrap NOTIFICATION-TYPE
+ OBJECTS
+ {
+ hh3cPfilterInterface,
+ hh3cPfilterDirection,
+ hh3cPfilterACLNumber,
+ hh3cPfilterAction,
+ hh3cMACfilterSourceMac,
+ hh3cMACfilterDestinationMac,
+ hh3cPfilterPacketNumber,
+ hh3cPfilterReceiveInterface
+ }
+ STATUS current
+ DESCRIPTION
+ "This notification is generated when a packet was processed
+ by MAC address filter, but not every packet will generate one
+ notification, the same notification only generate once in 30
+ seconds.
+ "
+ ::= { hh3cPfilterTrapPrefix 1 }
+
+ hh3cAclRuleMatchCount NOTIFICATION-TYPE
+ OBJECTS
+ {
+ hh3cPfilter2ApplyObjType,
+ hh3cPfilter2ApplyObjIndex,
+ hh3cPfilter2ApplyDirection,
+ hh3cPfilter2ApplyAclType,
+ hh3cPfilter2ApplyAclIndex,
+ hh3cPfilter2AclRuleIndex,
+ hh3cPfilter2AclRuleMatchPackets
+ }
+ STATUS current
+ DESCRIPTION
+ "This notification is generated periodically due to a timer.
+ The interval of the timer is configured in hh3cAclIntervalTable.
+ The notification details the entries about the packet-filter
+ object, the matched ACL rule and the number of matching packets.
+ "
+ ::= { hh3cPfilterTrapPrefix 2 }
+
+ hh3cAclFirstIPv4PktCaptured NOTIFICATION-TYPE
+ OBJECTS
+ {
+ hh3cPfilter2ApplyAclIndex,
+ hh3cPfilter2AclRuleIndex,
+ hh3cAclPacketIfName,
+ hh3cAclPacketDirection,
+ hh3cAclPacketBAGG,
+ hh3cAclPacketVlanID,
+ hh3cAclPacketSrcIP,
+ hh3cAclPacketDstIP,
+ hh3cAclPacketProtocol,
+ hh3cAclPacketDscp,
+ hh3cAclPacketIcmpIgmpType,
+ hh3cAclPacketIcmpIgmpCode,
+ hh3cAclPacketTcpFlags,
+ hh3cAclPacketSrcPort,
+ hh3cAclPacketDstPort
+ }
+ STATUS current
+ DESCRIPTION
+ "This notification is generated immediately when the first
+ packet of the matched IPv4 flow is captured. Other packets
+ of the matched flow won't be captured.
+ "
+ ::= { hh3cPfilterTrapPrefix 3 }
+
+ hh3cAclFirstIPv6PktCaptured NOTIFICATION-TYPE
+ OBJECTS
+ {
+ hh3cPfilter2ApplyAclIndex,
+ hh3cPfilter2AclRuleIndex,
+ hh3cAclPacketIfName,
+ hh3cAclPacketDirection,
+ hh3cAclPacketBAGG,
+ hh3cAclPacketVlanID,
+ hh3cAclPacketSrcIP,
+ hh3cAclPacketDstIP,
+ hh3cAclPacketProtocol,
+ hh3cAclPacketDscp,
+ hh3cAclPacketFlowLabel,
+ hh3cAclPacketIcmpIgmpType,
+ hh3cAclPacketIcmpIgmpCode,
+ hh3cAclPacketTcpFlags,
+ hh3cAclPacketSrcPort,
+ hh3cAclPacketDstPort
+ }
+ STATUS current
+ DESCRIPTION
+ "This notification is generated immediately when the first
+ packet of the matched IPv6 flow is captured. Other packets
+ of the matched flow won't be captured.
+ "
+ ::= { hh3cPfilterTrapPrefix 4 }
+
+ hh3cAclFirstEthernetPktCaptured NOTIFICATION-TYPE
+ OBJECTS
+ {
+ hh3cPfilter2ApplyAclIndex,
+ hh3cPfilter2AclRuleIndex,
+ hh3cAclPacketIfName,
+ hh3cAclPacketDirection,
+ hh3cAclPacketBAGG,
+ hh3cAclPacketVlanID,
+ hh3cAclPacketSrcMacAddr,
+ hh3cAclPacketDstMacAddr,
+ hh3cAclPacketMacTypeLen,
+ hh3cAclPacketVlanPCP
+ }
+ STATUS current
+ DESCRIPTION
+ "This notification is generated immediately when the first
+ packet of the matched Ethernet flow is captured. Other packets
+ of the matched flow won't be captured.
+ "
+ ::= { hh3cPfilterTrapPrefix 5 }
+
+--
+-- Nodes of hh3cAclTrapObjects
+--
+
+ hh3cAclTrapObjects OBJECT IDENTIFIER ::= { hh3cAcl 6 }
+
+ hh3cAclResourceTypeName OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(1..255))
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "The name of TCAM resources."
+ ::= { hh3cAclTrapObjects 1 }
+
+ hh3cAclResourceUsage OBJECT-TYPE
+ SYNTAX Integer32 (1..100)
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "The current usage of TCAM resources."
+ ::= { hh3cAclTrapObjects 2 }
+
+ hh3cAclResourceUsedEntries OBJECT-TYPE
+ SYNTAX Integer32
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "The used number of entries on TCAM."
+ ::= { hh3cAclTrapObjects 3 }
+
+ hh3cAclResourceTotalEntries OBJECT-TYPE
+ SYNTAX Integer32
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "The total number of entries on TCAM."
+ ::= { hh3cAclTrapObjects 4 }
+
+ hh3cAclResourceChassisID OBJECT-TYPE
+ SYNTAX Integer32
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "The chassis number. On a centralized or distributed device,
+ the value for this node is always zero."
+ ::= { hh3cAclTrapObjects 5 }
+
+ hh3cAclResourceSlotID OBJECT-TYPE
+ SYNTAX Integer32
+ MAX-ACCESS accessible-for-notify
+ STATUS current
+ DESCRIPTION
+ "The slot number. On a centralized device, the value for
+ this node is always zero."
+ ::= { hh3cAclTrapObjects 6 }
+
+--
+-- Nodes of hh3cAclResourceTrap
+--
+
+ hh3cAclTrap OBJECT IDENTIFIER ::= { hh3cAcl 7 }
+
+ hh3cAclTrapPrefix OBJECT IDENTIFIER ::= { hh3cAclTrap 0 }
+
+ hh3cAclResourceTrap NOTIFICATION-TYPE
+ OBJECTS
+ {
+ hh3cAclResourceTypeName,
+ hh3cAclResourceUsage,
+ hh3cAclResourceUsedEntries,
+ hh3cAclResourceTotalEntries,
+ hh3cAclMib2ResourceThreshold,
+ hh3cAclResourceChassisID,
+ hh3cAclResourceSlotID
+ }
+ STATUS current
+ DESCRIPTION
+ "This notification is generated when the number of entries on TCAM
+ becomes equal to or greater than a preset threshold level"
+ ::= { hh3cAclTrapPrefix 1 }
+
+END
generated by cgit v1.2.3 (git 2.46.0) at 2026-02-26 13:30:29 +0000