From 98a672123c7872f6b9b75a9a2b6bb3aea504de6a Mon Sep 17 00:00:00 2001 From: David Leutgeb Date: Tue, 5 Dec 2023 12:25:34 +0100 Subject: Initial commit --- MIBS/ciena/CIENA-CES-ACCESS-LIST-MIB | 958 +++++++++++++++++++++++++++++++++++ 1 file changed, 958 insertions(+) create mode 100644 MIBS/ciena/CIENA-CES-ACCESS-LIST-MIB (limited to 'MIBS/ciena/CIENA-CES-ACCESS-LIST-MIB') diff --git a/MIBS/ciena/CIENA-CES-ACCESS-LIST-MIB b/MIBS/ciena/CIENA-CES-ACCESS-LIST-MIB new file mode 100644 index 0000000..28fadf4 --- /dev/null +++ b/MIBS/ciena/CIENA-CES-ACCESS-LIST-MIB @@ -0,0 +1,958 @@ +-- This file was included in WWP MIB release 04-16-00-0047 + -- + -- CIENA-CES-ACCESS-LIST-MIB + -- + + CIENA-CES-ACCESS-LIST-MIB DEFINITIONS ::= BEGIN + + + IMPORTS + Integer32, Unsigned32, Counter64, OBJECT-TYPE, MODULE-IDENTITY + FROM SNMPv2-SMI + + DisplayString, MacAddress, TruthValue, TEXTUAL-CONVENTION + FROM SNMPv2-TC + + cienaCesConfig + FROM CIENA-SMI + + CienaGlobalState + FROM CIENA-TC + + InetAddressType, InetAddress, InetAddressPrefixLength, InetPortNumber + FROM INET-ADDRESS-MIB; + + + cienaCesAccessListMIB MODULE-IDENTITY + LAST-UPDATED "201504020000Z" + ORGANIZATION "Ciena, Inc" + CONTACT-INFO + "Mib Meister + 115 North Sullivan Road + Spokane Valley, WA 99037 + USA + Phone: +1 509 242 9000 + Email: support@ciena.com" + DESCRIPTION + "This MIB module defines objects that describe Hardware + ACLs (Access Control Lists). + The MIB describes different objects that enable the + network administrator to remotely view ACL profile/rule, + configuration in addition to monitoring ACL rule statistics." + + REVISION "201504020000Z" + DESCRIPTION + "The initial version of this MIB module." + ::= { cienaCesConfig 35 } + + + + -- + -- Node definitions + -- + + cienaCesAccessListMIBObjects OBJECT IDENTIFIER ::= { cienaCesAccessListMIB 1 } + + cienaCesAclConfiguration OBJECT IDENTIFIER ::= { cienaCesAccessListMIBObjects 1 } + cienaCesAclStatistics OBJECT IDENTIFIER ::= { cienaCesAccessListMIBObjects 2 } + + cienaCesAccessListMIBConformance OBJECT IDENTIFIER ::= { cienaCesAccessListMIB 2 } + + cienaCesAccessListMIBCompliances OBJECT IDENTIFIER ::= { cienaCesAccessListMIBConformance 1 } + cienaCesAccessListMIBGroups OBJECT IDENTIFIER ::= { cienaCesAccessListMIBConformance 2 } + + + + -- + -- Textual Conventions + -- + + AclFilterAction ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION "An enumeration value to indicate the filter action applied by an ACL rule." + SYNTAX INTEGER + { + allow(1), + deny(2) + } + + AclTrafficDirection ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION "An enumeration value to indicate the traffic direction to which + an ACL profile is applied." + SYNTAX INTEGER + { + ingress(1), + egress(2) + } + + AclIpFragmentMatchType ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION "An enumeration value to indicate the type of IP fragment filtering + to be done as part of an ACL rule." + SYNTAX INTEGER + { + any(1), + isfragment(2), + notfragment(3) + } + + AclL4PortMatchType ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION "An enumeration value to indicate the type of match to perform on + an L4 src/dst port filter term." + SYNTAX INTEGER + { + any(1), + single(2), + range(3) + } + + AclInterfaceType ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION "An enumeration value to indicate the type of interface to which + an ACL profile is attached." + SYNTAX INTEGER + { + port(1), + vlan(2), + virtualswitch(3), + ipinterface(4), + remoteinterface(5), + localinterface(6) + } + + AclL4DstProtocol ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION "An enumeration value to indicate the L4 destination protocol + specified as part of an ACL rule filter term." + SYNTAX INTEGER + { + any(1), + bgp(2), + bootpclient(3), + bootpserver(4), + dhcpclient(5), + dhcpserver(6), + dhcpv6client(7), + dhcpv6server(8), + dns(9), + ftp(10), + http(11), + ldp(12), + ntp(13), + olsr(14), + rip(15), + rpc(16), + snmp(17), + snmptrap(18), + ssh(19), + syslog(20), + tacacs(21), + telnet(22), + tftp(23), + twampctrl(24) + } + + + -- + -- ACL Global Config Objects + -- + + cienaCesAclGlobalConfig OBJECT IDENTIFIER ::= { cienaCesAclConfiguration 1 } + + cienaCesAclAdminStatus OBJECT-TYPE + SYNTAX CienaGlobalState + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Indicates whether the ACL feature is globally enabled or disabled." + ::= { cienaCesAclGlobalConfig 1 } + + cienaCesAclFilterMode OBJECT-TYPE + SYNTAX INTEGER + { + l2l3combo(1), + l3only(2) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Indicates which global ACL device mode is currently in use." + ::= { cienaCesAclGlobalConfig 2 } + + cienaCesAclNumAclProfileDefs OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Indicates the total number of configured ACL profile definitions on the device." + ::= { cienaCesAclGlobalConfig 3 } + + cienaCesAclRemainingAclProfileDefs OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Indicates the number of remaining ACL profile definitions that can be configured on the device." + ::= { cienaCesAclGlobalConfig 4 } + + cienaCesAclNumAclRuleDefs OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Indicates the total number of configured ACL rule definitions on the device." + ::= { cienaCesAclGlobalConfig 5 } + + cienaCesAclRemainingAclRuleDefs OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Indicates the number of remaining ACL rule definitions that can be configured on the device." + ::= { cienaCesAclGlobalConfig 6 } + + + + -- + -- ACL Profile Config Table + -- + cienaCesAclProfileConfigTable OBJECT-TYPE + SYNTAX SEQUENCE OF CienaCesAclProfileConfigTableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of ACL profiles configured on the device. Each + entry contains the ACL profile configuration data." + ::= { cienaCesAclConfiguration 2 } + + cienaCesAclProfileConfigTableEntry OBJECT-TYPE + SYNTAX CienaCesAclProfileConfigTableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing the ACL profile configuration data." + INDEX { cienaCesAclProfileId } + ::= { cienaCesAclProfileConfigTable 1 } + + CienaCesAclProfileConfigTableEntry ::= SEQUENCE { + cienaCesAclProfileId Integer32, + cienaCesAclProfileName DisplayString, + cienaCesAclProfileAdminState CienaGlobalState, + cienaCesAclProfileOperState CienaGlobalState, + cienaCesAclProfileDefaultFilterAction AclFilterAction, + cienaCesAclProfileNumRules Integer32, + cienaCesAclProfileAttachedInterfaces Unsigned32 + } + + cienaCesAclProfileId OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The unique identifier of this ACL profile." + ::= { cienaCesAclProfileConfigTableEntry 1 } + + cienaCesAclProfileName OBJECT-TYPE + SYNTAX DisplayString (SIZE (1..31)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The unique name of this ACL profile." + ::= { cienaCesAclProfileConfigTableEntry 2 } + + cienaCesAclProfileAdminState OBJECT-TYPE + SYNTAX CienaGlobalState + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The configured administrative State of the ACL profile." + ::= { cienaCesAclProfileConfigTableEntry 3 } + + cienaCesAclProfileOperState OBJECT-TYPE + SYNTAX CienaGlobalState + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Operational State of the ACL profile. + A profile is operationally enabled if it is administratively enabled + and attached to at least one interface. It is otherwise disabled. + Note that the ACL feature must also be globally enabled for + any profile to be operationally enabled." + ::= { cienaCesAclProfileConfigTableEntry 4 } + + cienaCesAclProfileDefaultFilterAction OBJECT-TYPE + SYNTAX AclFilterAction + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The configured default filter action for this ACL profile." + ::= { cienaCesAclProfileConfigTableEntry 5 } + + cienaCesAclProfileNumRules OBJECT-TYPE + SYNTAX Integer32 (1..256) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ACL rules configured in this profile. There will always + be at least one rule defined in each profile - the default rule." + ::= { cienaCesAclProfileConfigTableEntry 6 } + + cienaCesAclProfileAttachedInterfaces OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of interfaces to which this profile is attached." + ::= { cienaCesAclProfileConfigTableEntry 7 } + + + -- + -- ACL Rule Config Table + -- + cienaCesAclRuleConfigTable OBJECT-TYPE + SYNTAX SEQUENCE OF CienaCesAclRuleConfigTableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of ACL rules configured on the device. Each + entry contains the ACL rule configuration data." + ::= { cienaCesAclConfiguration 3 } + + cienaCesAclRuleConfigTableEntry OBJECT-TYPE + SYNTAX CienaCesAclRuleConfigTableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing the ACL rule configuration data." + INDEX { cienaCesAclProfileId, + cienaCesAclRulePrecedence + } + ::= { cienaCesAclRuleConfigTable 1 } + + CienaCesAclRuleConfigTableEntry ::= SEQUENCE { + cienaCesAclRulePrecedence Unsigned32, + cienaCesAclRuleName DisplayString, + cienaCesAclRuleFilterAction AclFilterAction, + cienaCesAclRuleMatchAny TruthValue, + cienaCesAclRuleMatchSrcMacAddr TruthValue, + cienaCesAclRuleSrcMacAddr MacAddress, + cienaCesAclRuleSrcMacAddrMask MacAddress, + cienaCesAclRuleMatchDstMacAddr TruthValue, + cienaCesAclRuleDstMacAddr MacAddress, + cienaCesAclRuleDstMacAddrMask MacAddress, + cienaCesAclRuleMatchOuterVid TruthValue, + cienaCesAclRuleOuterVid Unsigned32, + cienaCesAclRuleOuterVidMask Unsigned32, + cienaCesAclRuleMatchOuterPcp TruthValue, + cienaCesAclRuleOuterPcp Unsigned32, + cienaCesAclRuleOuterPcpMask Unsigned32, + cienaCesAclRuleMatchOuterDei TruthValue, + cienaCesAclRuleOuterDei Unsigned32, + cienaCesAclRuleMatchBaseEtype TruthValue, + cienaCesAclRuleBaseEtype Unsigned32, + cienaCesAclRuleMatchSrcIpAddr TruthValue, + cienaCesAclRuleSrcIpAddrType InetAddressType, + cienaCesAclRuleSrcIpAddr InetAddress, + cienaCesAclRuleSrcIpAddrPrefixLength InetAddressPrefixLength, + cienaCesAclRuleMatchDstIpAddr TruthValue, + cienaCesAclRuleDstIpAddrType InetAddressType, + cienaCesAclRuleDstIpAddr InetAddress, + cienaCesAclRuleDstIpAddrPrefixLength InetAddressPrefixLength, + cienaCesAclRuleMatchIpProtocol TruthValue, + cienaCesAclRuleIpProtocol Unsigned32, + cienaCesAclRuleMatchDscp TruthValue, + cienaCesAclRuleDscp Unsigned32, + cienaCesAclRuleDscpMask Unsigned32, + cienaCesAclRuleMatchL4SrcPort AclL4PortMatchType, + cienaCesAclRuleL4SrcPort InetPortNumber, + cienaCesAclRuleL4SrcPortUpper InetPortNumber, + cienaCesAclRuleMatchL4DstPort AclL4PortMatchType, + cienaCesAclRuleL4DstPort InetPortNumber, + cienaCesAclRuleL4DstPortUpper InetPortNumber, + cienaCesAclRuleMatchL4DstProtocol AclL4DstProtocol, + cienaCesAclRuleMatchIpFragment AclIpFragmentMatchType, + cienaCesAclRuleMatchTcpFlags TruthValue, + cienaCesAclRuleTcpFlags DisplayString + } + + cienaCesAclRulePrecedence OBJECT-TYPE + SYNTAX Unsigned32 (0..255) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The unique precedence value (within the profile) of this ACL rule." + ::= { cienaCesAclRuleConfigTableEntry 1 } + + cienaCesAclRuleName OBJECT-TYPE + SYNTAX DisplayString (SIZE (1..31)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The unique name (within the profile) of this ACL rule." + ::= { cienaCesAclRuleConfigTableEntry 2 } + + cienaCesAclRuleFilterAction OBJECT-TYPE + SYNTAX AclFilterAction + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The configured filter action for this ACL rule." + ::= { cienaCesAclRuleConfigTableEntry 3 } + + cienaCesAclRuleMatchAny OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "True if the ACL rule matches any traffic, False otherwise. + Matching on any traffic automatically disregards all the remaining fields." + ::= { cienaCesAclRuleConfigTableEntry 4 } + + cienaCesAclRuleMatchSrcMacAddr OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "True if the ACL rule matches on the source MAC address, False otherwise. + When True, the cienaCesAclRuleSrcMacAddr and cienaCesAclRuleSrcMacAddrMask fields + will contain the source MAC address and mask that are to be matched by this rule." + ::= { cienaCesAclRuleConfigTableEntry 5 } + + cienaCesAclRuleSrcMacAddr OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the source MAC address that is to be matched by this rule. + This field is not applicable when the cienaCesAclRuleMatchSrcMacAddr field is set to False." + ::= { cienaCesAclRuleConfigTableEntry 6 } + + cienaCesAclRuleSrcMacAddrMask OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the source MAC address mask that is to be matched by this rule. + This field is not applicable when the cienaCesAclRuleMatchSrcMacAddr field is set to False." + ::= { cienaCesAclRuleConfigTableEntry 7 } + + cienaCesAclRuleMatchDstMacAddr OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "True if the ACL rule matches on the destination MAC address, False otherwise. + When True, the cienaCesAclRuleDstMacAddr and cienaCesAclRuleDstMacAddrMask fields + will contain the destination MAC address and mask that are to be matched by this rule." + ::= { cienaCesAclRuleConfigTableEntry 8 } + + cienaCesAclRuleDstMacAddr OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the destination MAC address that is to be matched by this rule. + This field is not applicable when the cienaCesAclRuleMatchDstMacAddr field is set to False." + ::= { cienaCesAclRuleConfigTableEntry 9 } + + cienaCesAclRuleDstMacAddrMask OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the destination MAC address mask that is to be matched by this rule. + This field is not applicable when the cienaCesAclRuleMatchDstMacAddr field is set to False." + ::= { cienaCesAclRuleConfigTableEntry 10 } + + cienaCesAclRuleMatchOuterVid OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "True if the ACL rule matches on the outer VID, False otherwise. + When True, the cienaCesAclRuleOuterVid and cienaCesAclRuleOuterVidMask fields + will contain the outer VID value and mask that are to be matched by this rule." + ::= { cienaCesAclRuleConfigTableEntry 11 } + + cienaCesAclRuleOuterVid OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the outer VID that is to be matched by this rule. + This field is not applicable when the cienaCesAclRuleMatchOuterVid field is set to False." + ::= { cienaCesAclRuleConfigTableEntry 12 } + + cienaCesAclRuleOuterVidMask OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the outer VID mask that is to be matched by this rule. + This field is not applicable when the cienaCesAclRuleMatchOuterVid field is set to False." + ::= { cienaCesAclRuleConfigTableEntry 13 } + + cienaCesAclRuleMatchOuterPcp OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "True if the ACL rule matches on the outer PCP, False otherwise. + When True, the cienaCesAclRuleOuterPcp and cienaCesAclRuleOuterPcpMask fields + will contain the outer PCP value and mask that are to be matched by this rule." + ::= { cienaCesAclRuleConfigTableEntry 14 } + + cienaCesAclRuleOuterPcp OBJECT-TYPE + SYNTAX Unsigned32 (0..7) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the outer PCP that is to be matched by this rule. + This field is not applicable when the cienaCesAclRuleMatchOuterPcp field is set to False." + ::= { cienaCesAclRuleConfigTableEntry 15 } + + cienaCesAclRuleOuterPcpMask OBJECT-TYPE + SYNTAX Unsigned32 (0..7) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the outer PCP mask that is to be matched by this rule. + This field is not applicable when the cienaCesAclRuleMatchOuterPcp field is set to False." + ::= { cienaCesAclRuleConfigTableEntry 16 } + + cienaCesAclRuleMatchOuterDei OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "True if the ACL rule matches on the outer DEI bit, False otherwise. + When True, the cienaCesAclRuleOuterDei field + will contain the outer DEI value that is to be matched by this rule." + ::= { cienaCesAclRuleConfigTableEntry 17 } + + cienaCesAclRuleOuterDei OBJECT-TYPE + SYNTAX Unsigned32 (0..1) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the outer DEI bit that is to be matched by this rule. + This field is not applicable when the cienaCesAclRuleMatchOuterDei field is set to False." + ::= { cienaCesAclRuleConfigTableEntry 18 } + + cienaCesAclRuleMatchBaseEtype OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "True if the ACL rule matches on the base ethertype, False otherwise. + When True, the cienaCesAclRuleBaseEtype field + will contain the base ethertype value that is to be matched by this rule." + ::= { cienaCesAclRuleConfigTableEntry 19 } + + cienaCesAclRuleBaseEtype OBJECT-TYPE + SYNTAX Unsigned32 (0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the base ethertype that is to be matched by this rule. + This field is not applicable when the cienaCesAclRuleMatchBaseEtype field is set to False." + ::= { cienaCesAclRuleConfigTableEntry 20 } + + cienaCesAclRuleMatchSrcIpAddr OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "True if the ACL rule matches on the source IP address, False otherwise. + When True, the cienaCesAclRuleSrcIpAddrType field will contain the + IP address type (IPv4 or IPv6) and the cienaCesAclRuleSrcIpAddr and + cienaCesAclRuleSrcIpAddrPrefixLength fields will contain the IP address + value and mask that are to be matched by this rule." + ::= { cienaCesAclRuleConfigTableEntry 21 } + + cienaCesAclRuleSrcIpAddrType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Identifies the address family of the source IP address (IPv4/IPv6). This field is + not applicable when the cienaCesAclRuleMatchSrcIpAddr field is set to False" + ::= { cienaCesAclRuleConfigTableEntry 22 } + + cienaCesAclRuleSrcIpAddr OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the source IP address that is to be matched by this rule. + This field is not applicable when the cienaCesAclRuleMatchSrcIpAddr field is set to False." + ::= { cienaCesAclRuleConfigTableEntry 23 } + + cienaCesAclRuleSrcIpAddrPrefixLength OBJECT-TYPE + SYNTAX InetAddressPrefixLength + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the prefix length of the source IP address that is to be matched by this rule. + This field is not applicable when the cienaCesAclRuleMatchSrcIpAddr field is set to False." + ::= { cienaCesAclRuleConfigTableEntry 24 } + + cienaCesAclRuleMatchDstIpAddr OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "True if the ACL rule matches on the destination IP address, False otherwise. + When True, the cienaCesAclRuleDstIpAddrType field will contain the + IP address type (IPv4 or IPv6) and the cienaCesAclRuleDstIpAddr and + cienaCesAclRuleDstIpAddrPrefixLength fields will contain the IP address + value and mask that are to be matched by this rule." + ::= { cienaCesAclRuleConfigTableEntry 25 } + + cienaCesAclRuleDstIpAddrType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Identifies the address family of the destination IP address (IPv4/IPv6). + This field is not applicable when the cienaCesAclRuleMatchDstIpAddr field is set to False" + ::= { cienaCesAclRuleConfigTableEntry 26 } + + cienaCesAclRuleDstIpAddr OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the destination IP address that is to be matched by this rule. + This field is not applicable when the cienaCesAclRuleMatchDstIpAddr field is set to False." + ::= { cienaCesAclRuleConfigTableEntry 27 } + + cienaCesAclRuleDstIpAddrPrefixLength OBJECT-TYPE + SYNTAX InetAddressPrefixLength + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the prefix length of the destination IP address that is to be matched by this rule. + This field is not applicable when the cienaCesAclRuleMatchDstIpAddr field is set to False." + ::= { cienaCesAclRuleConfigTableEntry 28 } + + cienaCesAclRuleMatchIpProtocol OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "True if the ACL rule matches on the IP protocol, False otherwise. + When True, the cienaCesAclRuleIpProtocol field + will contain the IP protocol value that is to be matched by this rule." + ::= { cienaCesAclRuleConfigTableEntry 29 } + + cienaCesAclRuleIpProtocol OBJECT-TYPE + SYNTAX Unsigned32 (0..255) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the IP protocol value that is to be matched by this rule. This field is + not applicable when the cienaCesAclRuleMatchIpProtocol field is set to False." + ::= { cienaCesAclRuleConfigTableEntry 30 } + + cienaCesAclRuleMatchDscp OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "True if the ACL rule matches on the DSCP value, False otherwise. + When True, the cienaCesAclRuleDscp and cienaCesAclRuleDscpMask fields + will contain the DSCP value and mask that are to be matched by this rule." + ::= { cienaCesAclRuleConfigTableEntry 31 } + + cienaCesAclRuleDscp OBJECT-TYPE + SYNTAX Unsigned32 (0..63) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the DSCP value that is to be matched by this rule. + This field is not applicable when the cienaCesAclRuleMatchDscp field is set to False." + ::= { cienaCesAclRuleConfigTableEntry 32 } + + cienaCesAclRuleDscpMask OBJECT-TYPE + SYNTAX Unsigned32 (0..63) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the outer DSCP mask that is to be matched by this rule. + This field is not applicable when the cienaCesAclRuleMatchDscp field is set to False." + ::= { cienaCesAclRuleConfigTableEntry 33 } + + cienaCesAclRuleMatchL4SrcPort OBJECT-TYPE + SYNTAX AclL4PortMatchType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Indicates the type of L4 source port matching that the ACL rule is performing. + A value of 'any' indicates that the rule matches any L4 source port. + A value of 'single' indicates that the rules matches on a single L4 source port + specified in the cienaCesAclRuleL4SrcPort field. A value of 'range' indicates that + the rule matches on a range of ports, with the cienaCesAclRuleL4SrcPort field specifiying + the lower bound and the cienaCesAclRuleL4SrcPortUpper specifying the upper bound of the range." + ::= { cienaCesAclRuleConfigTableEntry 34 } + + cienaCesAclRuleL4SrcPort OBJECT-TYPE + SYNTAX InetPortNumber + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the lower bound or single L4 source port value that is to be matched by this rule + depending on the value of cienaCesAclRuleMatchL4SrcPort. + This field is not applicable when the cienaCesAclRuleMatchL4SrcPort field is set to 'any'." + ::= { cienaCesAclRuleConfigTableEntry 35 } + + cienaCesAclRuleL4SrcPortUpper OBJECT-TYPE + SYNTAX InetPortNumber + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the upper bound of the L4 source port range that is to be matched by this rule + depending on the value of cienaCesAclRuleMatchL4SrcPort. + This field is not applicable when the cienaCesAclRuleMatchL4SrcPort field is set to 'any' or 'single'." + ::= { cienaCesAclRuleConfigTableEntry 36 } + + cienaCesAclRuleMatchL4DstPort OBJECT-TYPE + SYNTAX AclL4PortMatchType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Indicates the type of L4 destination port matching that the ACL rule is performing. + A value of 'any' indicates that the rule matches any L4 destination port. + A value of 'single' indicates that the rules matches on a single L4 destination port + specified in the cienaCesAclRuleL4SrcPort field. A value of 'range' indicates that + the rule matches on a range of ports, with the cienaCesAclRuleL4DstPort field specifiying + the lower bound and the cienaCesAclRuleL4DstPortUpper specifying the upper bound of the range." + ::= { cienaCesAclRuleConfigTableEntry 37 } + + cienaCesAclRuleL4DstPort OBJECT-TYPE + SYNTAX InetPortNumber + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the lower bound or single L4 destination port value that is to be matched by this rule + depending on the value of cienaCesAclRuleMatchL4DstPort. + This field is not applicable when the cienaCesAclRuleMatchL4DstPort field is set to 'any'." + ::= { cienaCesAclRuleConfigTableEntry 38 } + + cienaCesAclRuleL4DstPortUpper OBJECT-TYPE + SYNTAX InetPortNumber + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains the upper bound of the L4 destination port range that is to be matched by this rule + depending on the value of cienaCesAclRuleMatchL4DstPort. + This field is not applicable when the cienaCesAclRuleMatchL4DstPort field is set to 'any' or 'single'." + ::= { cienaCesAclRuleConfigTableEntry 39 } + + cienaCesAclRuleMatchL4DstProtocol OBJECT-TYPE + SYNTAX AclL4DstProtocol + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Indicates the L4 destination protocol name that is to be matched by this rule. + A value of 'any' indicates that the rule will match any protocol. Note that + this field is mutually exclusive with cienaCesAclRuleMatchL4DstPort - i.e. only + one of these fields can have a value different from 'any' at a given time." + ::= { cienaCesAclRuleConfigTableEntry 40 } + + cienaCesAclRuleMatchIpFragment OBJECT-TYPE + SYNTAX AclIpFragmentMatchType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Indicates the type of IP fragment matching that is to be matched by this rule. + A value of 'any' indicates that the rule will match both fragmented and non-fragmented + packets. A value of 'fragment' indicates that the rule will match only fragmented packets. + A value of 'nonfragment' indicates that the rule will match only non-fragmented (head) packets." + ::= { cienaCesAclRuleConfigTableEntry 41 } + + cienaCesAclRuleMatchTcpFlags OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "True if the ACL rule matches on specific TCP Flags, False otherwise. + When True, the cienaCesAclRuleTcpFlags field will contain the TCP Flags + that are to be matched by this rule." + ::= { cienaCesAclRuleConfigTableEntry 42 } + + cienaCesAclRuleTcpFlags OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contains a comma-separated uppercase string list of TCP Flags + that are to be matched by this rule, i.e. 'SYN,ACK,RST,...'. + This field is not applicable when the cienaCesAclRuleMatchTcpFlags + field is set to False." + ::= { cienaCesAclRuleConfigTableEntry 43 } + + + -- + -- ACL Profile Attachment Table + -- + cienaCesAclProfileAttachmentTable OBJECT-TYPE + SYNTAX SEQUENCE OF CienaCesAclProfileAttachmentTableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table showing the interface attachments for each + profile on the device. Each entry contains the name of + the interface and the traffic direction on which the profile is applied." + ::= { cienaCesAclConfiguration 4 } + + cienaCesAclProfileAttachmentTableEntry OBJECT-TYPE + SYNTAX CienaCesAclProfileAttachmentTableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing the ACL profile attachment data." + INDEX { cienaCesAclProfileId, + cienaCesAclInterfaceType, + cienaCesAclInterfaceId + } + ::= { cienaCesAclProfileAttachmentTable 1 } + + CienaCesAclProfileAttachmentTableEntry ::= SEQUENCE { + cienaCesAclInterfaceType AclInterfaceType, + cienaCesAclInterfaceId Integer32, + cienaCesAclInterfaceName DisplayString, + cienaCesAclDirection AclTrafficDirection + } + + cienaCesAclInterfaceType OBJECT-TYPE + SYNTAX AclInterfaceType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The type of the interface to which this ACL profile is attached." + ::= { cienaCesAclProfileAttachmentTableEntry 1 } + + cienaCesAclInterfaceId OBJECT-TYPE + SYNTAX Integer32 (1..1048576) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The ID of the interface to which this ACL profile is attached." + ::= { cienaCesAclProfileAttachmentTableEntry 2 } + + cienaCesAclInterfaceName OBJECT-TYPE + SYNTAX DisplayString (SIZE (1..31)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The name of the interface to which this ACL profile is attached." + ::= { cienaCesAclProfileAttachmentTableEntry 3 } + + cienaCesAclDirection OBJECT-TYPE + SYNTAX AclTrafficDirection + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The interface's traffic direction (ingress/egress) on which the ACL profile is applied." + ::= { cienaCesAclProfileAttachmentTableEntry 4 } + + + + -- + -- ACL Profile Global Rule Stats Table + -- + cienaCesAclProfileGlobalRuleStatsTable OBJECT-TYPE + SYNTAX SEQUENCE OF CienaCesAclProfileGlobalRuleStatsTableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of global ACL profile rule statistics. Global ACL profile rule statistics + are the aggregate counts of the hit statistics for all instances of the ACL profile's rules." + ::= { cienaCesAclStatistics 1 } + + cienaCesAclProfileGlobalRuleStatsTableEntry OBJECT-TYPE + SYNTAX CienaCesAclProfileGlobalRuleStatsTableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing the ACL profile global rule hit statistics." + INDEX { cienaCesAclProfileId, + cienaCesAclRulePrecedence + } + ::= { cienaCesAclProfileGlobalRuleStatsTable 1 } + + CienaCesAclProfileGlobalRuleStatsTableEntry ::= SEQUENCE { + cienaCesAclGlobalRuleStatsPacketCount Counter64, + cienaCesAclGlobalRuleStatsByteCount Counter64 + } + + cienaCesAclGlobalRuleStatsPacketCount OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets that matched this ACL rule." + ::= { cienaCesAclProfileGlobalRuleStatsTableEntry 1 } + + cienaCesAclGlobalRuleStatsByteCount OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of bytes that matched this ACL rule." + ::= { cienaCesAclProfileGlobalRuleStatsTableEntry 2 } + + + -- + -- ACL Profile Rule Instance Stats Table + -- + cienaCesAclProfileRuleInstanceStatsTable OBJECT-TYPE + SYNTAX SEQUENCE OF CienaCesAclProfileRuleInstanceStatsTableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of ACL profile rule instance statistics. These ACL rule hit statistics are + specific to the rules applied on the particular interface." + ::= { cienaCesAclStatistics 2 } + + cienaCesAclProfileRuleInstanceStatsTableEntry OBJECT-TYPE + SYNTAX CienaCesAclProfileRuleInstanceStatsTableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing the ACL profile rule instance hit statistics." + INDEX { cienaCesAclProfileId, + cienaCesAclInterfaceType, + cienaCesAclInterfaceId, + cienaCesAclRulePrecedence + } + ::= { cienaCesAclProfileRuleInstanceStatsTable 1 } + + CienaCesAclProfileRuleInstanceStatsTableEntry ::= SEQUENCE { + cienaCesAclRuleInstanceStatsPacketCount Counter64, + cienaCesAclRuleInstanceStatsByteCount Counter64 + } + + cienaCesAclRuleInstanceStatsPacketCount OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets that matched this ACL rule instance." + ::= { cienaCesAclProfileRuleInstanceStatsTableEntry 1 } + + cienaCesAclRuleInstanceStatsByteCount OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of bytes that matched this ACL rule instance." + ::= { cienaCesAclProfileRuleInstanceStatsTableEntry 2 } + + + +END + -- cgit v1.2.3