From 98a672123c7872f6b9b75a9a2b6bb3aea504de6a Mon Sep 17 00:00:00 2001 From: David Leutgeb Date: Tue, 5 Dec 2023 12:25:34 +0100 Subject: Initial commit --- MIBS/dlink/DLINKSW-ACL-MIB | 3230 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 3230 insertions(+) create mode 100644 MIBS/dlink/DLINKSW-ACL-MIB (limited to 'MIBS/dlink/DLINKSW-ACL-MIB') diff --git a/MIBS/dlink/DLINKSW-ACL-MIB b/MIBS/dlink/DLINKSW-ACL-MIB new file mode 100644 index 0000000..2695c17 --- /dev/null +++ b/MIBS/dlink/DLINKSW-ACL-MIB @@ -0,0 +1,3230 @@ +-- ***************************************************************** +-- DLINKSW-ACL-MIB.mib : ACL MIB +-- +-- Copyright (c) 2013 D-Link Corporation, all rights reserved. +-- +-- ***************************************************************** +DLINKSW-ACL-MIB DEFINITIONS ::= BEGIN + + + IMPORTS + MODULE-IDENTITY, + OBJECT-TYPE, + Integer32, + Unsigned32, + IpAddress, + Counter64 + FROM SNMPv2-SMI + MacAddress, + DisplayString, + TruthValue, + RowStatus, + TEXTUAL-CONVENTION + FROM SNMPv2-TC + MODULE-COMPLIANCE, + OBJECT-GROUP + FROM SNMPv2-CONF + InterfaceIndex, + InterfaceIndexOrZero + FROM IF-MIB + VlanId,VlanIdOrNone + FROM Q-BRIDGE-MIB + InetAddressIPv6, + InetAddressPrefixLength + FROM INET-ADDRESS-MIB + dlinkIndustrialCommon + FROM DLINK-ID-REC-MIB; + + + dlinkSwAclMIB MODULE-IDENTITY + LAST-UPDATED "201511260000Z" + ORGANIZATION "D-Link Corp." + CONTACT-INFO + " D-Link Corporation + Postal: No. 289, Sinhu 3rd Rd., Neihu District, + Taipei City 114, Taiwan, R.O.C + Tel: +886-2-66000123 + E-mail: tsd@dlink.com.tw + " + DESCRIPTION + "The Structure of Access Control List Information for the + proprietary enterprise." + + REVISION "201511260000Z" + DESCRIPTION + "Add DEFVAL for nodes dAclIpAccessRuleSrcPort,dAclIpAccessRuleQosPrecedence etc. + And correct description of node dAclReSeqIncrement." + + REVISION "201507100000Z" + DESCRIPTION + "Add nodes to support vlan range, traffic class, l4 port mask operator, and mask for some nodes." + + REVISION "201401210000Z" + DESCRIPTION + "Obsolete nodes dAclMacAccessRuleLlcDSAP, dAclMacAccessRuleLlcSSAP and dAclMacAccessRuleLlcCntl." + + REVISION "201311130000Z" + DESCRIPTION + "Add 'deny-cpu'option for DlinkAclRuleType." + + REVISION "201308200000Z" + DESCRIPTION + "Add nodes for counter function, access list remark, access list id, and some rule items." + + REVISION "201302080000Z" + DESCRIPTION + "This is the first version of the MIB file for 'ACL' functionality." + ::= { dlinkIndustrialCommon 28} + + DlinkAclRuleType ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The action type when the packets match the access profile. + + permit(1)- Specifies that packets that match the access rule are + permitted to be forwarded by the switch. + deny(2) - Specifies that packets that match the access rule + are not permitted to be forwarded by the switch and will be filtered. + deny-cpu(3)- Specifies that packet that match the access rule are prevented to be + copied to CPU and redirected to CPU. And the hardware forwarding behavior + should not be affected. + " + SYNTAX INTEGER { + permit(1), + deny(2), + deny-cpu(3) + } + + DlinkAclPortOperatorType ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + " The type of UDP/TCP port operator indicates how a packet's + TCP/UDP source or destination port number is compared. + none(1) - No comparison. + eq (2)- equal + gt (3)- greater than. + lt (4)- less than. + neq(5)- not equal + range(6)- compares the port value between two numbers. + mask(7)- check the bit corresponding to bit value 1, ignore the bit corresponding to bit value 0. + " + SYNTAX INTEGER { + none(1), + eq(2), + gt(3), + lt(4), + neq(5), + range(6), + mask(7) + } + + TcpFlag ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The TCP flag fields. Each bit defined as follow: + urgent(0) - urgent. + acknowledge(1) - acknowledge. + push(2) - push, + reset(3) - reset. + synchronize(4) - synchronize. + finish (5) - finish. + " + SYNTAX BITS { + urgent(0), + acknowledge(1), + push(2), + reset(3), + synchronize(4), + finish (5) + } + +-- ----------------------------------------------------------------------------- + dAclMIBNotifications OBJECT IDENTIFIER ::= { dlinkSwAclMIB 0 } + dAclMIBObjects OBJECT IDENTIFIER ::= { dlinkSwAclMIB 1 } + dAclMIBConformance OBJECT IDENTIFIER ::= { dlinkSwAclMIB 2 } + +-- ----------------------------------------------------------------------------- + dAclGeneral OBJECT IDENTIFIER ::= { dAclMIBObjects 1 } + + dAclReSeqTable OBJECT-TYPE + SYNTAX SEQUENCE OF DAclReSeqEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table consists of a list of information about how re-sequencing + the rules in access lists. + " + ::= { dAclGeneral 1 } + + dAclReSeqEntry OBJECT-TYPE + SYNTAX DAclReSeqEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry appears in this table for controlling the re-sequence of + an access-list." + INDEX { dAclReSeqAccessListName } + ::= { dAclReSeqTable 1 } + + DAclReSeqEntry ::= SEQUENCE { + dAclReSeqAccessListName DisplayString, + dAclReSeqStartingNumber Integer32, + dAclReSeqIncrement Integer32 + } + dAclReSeqAccessListName OBJECT-TYPE + SYNTAX DisplayString (SIZE (1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Indicates the name of an access list." + ::= { dAclReSeqEntry 1 } + + dAclReSeqStartingNumber OBJECT-TYPE + SYNTAX Integer32 ( 1..65535 ) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Indicates the initial value of sequence number of the corresponding + access list." + DEFVAL { 10 } + ::= { dAclReSeqEntry 2 } + + dAclReSeqIncrement OBJECT-TYPE + SYNTAX Integer32 ( 1..32 ) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Indicates the number that the sequence numbers step. + If the increment value is 5 and the beginning sequence number is 20, + the subsequent sequence numbers are 25, 30, 35, 40, and so on." + DEFVAL { 10 } + ::= { dAclReSeqEntry 3 } + +-- ----------------------------------------------------------------------------- + dAclMac OBJECT IDENTIFIER ::= { dAclMIBObjects 2 } + dAclMacAccessListNumber OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Indicates the number of entries present in the MAC access list + table." + ::= { dAclMac 1 } + + dAclMacAccessListTable OBJECT-TYPE + SYNTAX SEQUENCE OF DAclMacAccessListEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table contains information about MAC access list." + ::= { dAclMac 2 } + + dAclMacAccessListEntry OBJECT-TYPE + SYNTAX DAclMacAccessListEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry defined in dAclMacAccessListTable. An entry is + created/removed when an MAC access list is created/deleted." + INDEX { dAclMacAccessListName } + ::= { dAclMacAccessListTable 1 } + + DAclMacAccessListEntry ::= SEQUENCE { + dAclMacAccessListName DisplayString, + dAclMacAccessListRowStatus RowStatus, + dAclMacAccessListId Integer32, + dAclMacAccessListCounterEnabled TruthValue, + dAclMacAccessListClearStatAction INTEGER, + dAclMacAccessListRemark DisplayString + } + + dAclMacAccessListName OBJECT-TYPE + SYNTAX DisplayString (SIZE (1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The name of the MAC access list." + ::= { dAclMacAccessListEntry 1 } + + dAclMacAccessListRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object allows the dynamic creation and deletion of a MAC + access list." + ::= { dAclMacAccessListEntry 2 } + + dAclMacAccessListId OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The number of the MAC access list. + If user specify value zero(0) for this node, agent will assign a number + for it. After the table created, this node should not be changed." + ::= { dAclMacAccessListEntry 3 } + + dAclMacAccessListCounterEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the counter state of the access list is + enabled('true') or disabled('false'). And the counter state just + for the all interface that applied the access list in + dAclMacAccessGroupTable. + " + ::= { dAclMacAccessListEntry 4 } + + dAclMacAccessListClearStatAction OBJECT-TYPE + SYNTAX INTEGER{ + clear(1), + noOp(2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is used to clear statistics of the access list when set + to 'clear'. No action is taken if this object is set to 'noOp'. + The 'clear' action just for the all interface that applied the access + list in dAclMacAccessGroupTable. + When read, the value 'noOp' is returned." + ::= { dAclMacAccessListEntry 5 } + + dAclMacAccessListRemark OBJECT-TYPE + SYNTAX DisplayString (SIZE (0..255)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The description of the MAC access list." + ::= { dAclMacAccessListEntry 6 } + +-- ----------------------------------------------------------------------------- + dAclMacAccessRuleTable OBJECT-TYPE + SYNTAX SEQUENCE OF DAclMacAccessRuleEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table consists of a list of rules for the MAC access list." + ::= { dAclMac 3 } + + dAclMacAccessRuleEntry OBJECT-TYPE + SYNTAX DAclMacAccessRuleEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry is defined dAclMacAccessRuleTable. + The first instance identifier index value identifies the + dAclMacAccessListEntry that a MAC access rule (dAclMacAccessRuleEntry) + belongs to. An entry is removed from this table when its + corresponding dAclMacAccessListEntry is deleted." + INDEX { + dAclMacAccessListName, + dAclMacAccessRuleSn + } + ::= { dAclMacAccessRuleTable 1 } + + DAclMacAccessRuleEntry ::= SEQUENCE { + dAclMacAccessRuleSn Integer32, + dAclMacAccessRuleRowStatus RowStatus, + dAclMacAccessRuleAction DlinkAclRuleType, + dAclMacAccessRuleSrcMacAddr MacAddress, + dAclMacAccessRuleSrcMacWildcard MacAddress, + dAclMacAccessRuleDstMacAddr MacAddress, + dAclMacAccessRuleDstMacWildcard MacAddress, + dAclMacAccessRulePacketType INTEGER, + dAclMacAccessRuleEthernetType Integer32, + dAclMacAccessRuleLlcDSAP Integer32, + dAclMacAccessRuleLlcSSAP Integer32, + dAclMacAccessRuleLlcCntl Integer32, + dAclMacAccessRuleDot1p Integer32, + dAclMacAccessRuleInnerDot1p Integer32, + dAclMacAccessRuleVlanID VlanIdOrNone, + dAclMacAccessRuleInnerVlanID VlanIdOrNone, + dAclMacAccessRuleTimeName DisplayString, + dAclMacAccessRuleEthernetTypeMask OCTET STRING, + dAclMacAccessRuleDot1pMask OCTET STRING, + dAclMacAccessRuleInnerDot1pMask OCTET STRING, + dAclMacAccessRuleVlanIDMask OCTET STRING, + dAclMacAccessRuleInnerVlanIDMask OCTET STRING, + dAclMacAccessRuleVlanRangeMin VlanIdOrNone, + dAclMacAccessRuleVlanRangeMax VlanIdOrNone + } + + dAclMacAccessRuleSn OBJECT-TYPE + SYNTAX Integer32 (0..65535) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Specifies the sequence number of this rule. + The lower the number is, the higher the priority of the rule. + The special value of 0 means the sequence number will be automatically + determined by the agent." + ::= { dAclMacAccessRuleEntry 1 } + + dAclMacAccessRuleRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The row status variable, used according to installation + and removal conventions for conceptual rows." + ::= { dAclMacAccessRuleEntry 2 } + + dAclMacAccessRuleAction OBJECT-TYPE + SYNTAX DlinkAclRuleType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the result of the packet examination is to + permit or deny or prevent to CPU. + " + ::= { dAclMacAccessRuleEntry 3 } + + dAclMacAccessRuleSrcMacAddr OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies a source MAC address." + ::= { dAclMacAccessRuleEntry 4 } + + dAclMacAccessRuleSrcMacWildcard OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is a wildcard bitmap to specify a group of source + MAC addresses. The bit value 1 indicates the corresponding bit will + be ignored. The bit value 0 indicates the corresponding bit will be + checked. In other words, when the value of all 'ff'Hs indicates any + source MAC address is specified. When the value of all '00'Hs indicates + host source MAC address is specified." + ::= { dAclMacAccessRuleEntry 5 } + + dAclMacAccessRuleDstMacAddr OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies a destination MAC address." + ::= { dAclMacAccessRuleEntry 6 } + + dAclMacAccessRuleDstMacWildcard OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is a wildcard bitmap to specify a group of destination + MAC addresses. The bit value 1 indicates the corresponding bit will + be ignored. The bit value 0 indicates the corresponding bit will be + checked. In other words, when the value of all 'ff'Hs indicates any + destination MAC address is specified. When the value of all '00'Hs + indicates host destination MAC address is specified." + ::= { dAclMacAccessRuleEntry 7 } + + dAclMacAccessRulePacketType OBJECT-TYPE + SYNTAX INTEGER { + none(1), + ethernet(2), + llc(3) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the Ethernet frame type. The value of none (1) means the + frame type is not specified." + DEFVAL { none } + ::= { dAclMacAccessRuleEntry 8 } + + dAclMacAccessRuleEthernetType OBJECT-TYPE + SYNTAX Integer32 (-1 | 0..65535) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the Ethernet type for an Ethernet II or SNAP packet. + The special value of -1 means the Ethernet type value is not specified. + It is only meaningful when the dAclMacAccessRulePacketType is + 'ethernet'." + DEFVAL { -1 } + ::= { dAclMacAccessRuleEntry 9} + + dAclMacAccessRuleLlcDSAP OBJECT-TYPE + SYNTAX Integer32 (-1 | 0..255) + MAX-ACCESS read-create + STATUS obsolete + DESCRIPTION + "Specifies the DSAP value for the LLC packet. If the value is -1, it + means the DSAP number is not specified. + It is only meaningful when the dAclMacAccessRulePacketType is 'llc'." + DEFVAL { -1 } + ::= { dAclMacAccessRuleEntry 10 } + + dAclMacAccessRuleLlcSSAP OBJECT-TYPE + SYNTAX Integer32 (-1 | 0..255) + MAX-ACCESS read-create + STATUS obsolete + DESCRIPTION + "Specifies the SSAP value for the LLC packet. If the value is -1, it + means the SSAP number is not specified. + It is only meaningful when the dAclMacAccessRulePacketType is 'llc'." + DEFVAL { -1 } + ::= { dAclMacAccessRuleEntry 11 } + + dAclMacAccessRuleLlcCntl OBJECT-TYPE + SYNTAX Integer32 (-1 | 0..255) + MAX-ACCESS read-create + STATUS obsolete + DESCRIPTION + "Specifies the control field for the LLC packet. If the value is -1, it + means the SSAP number is not specified. + It is only meaningful when the dAclMacAccessRulePacketType is 'llc'." + DEFVAL { -1 } + ::= { dAclMacAccessRuleEntry 12 } + + dAclMacAccessRuleDot1p OBJECT-TYPE + SYNTAX Integer32 (-1 | 0..7) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the priority value. The value of -1 means the priority + is not specified." + DEFVAL { -1 } + ::= { dAclMacAccessRuleEntry 13 } + + dAclMacAccessRuleInnerDot1p OBJECT-TYPE + SYNTAX Integer32 (-1 | 0..7) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the inner priority value. The value of -1 means the + inner priority is not specified." + DEFVAL { -1 } + ::= { dAclMacAccessRuleEntry 14 } + + dAclMacAccessRuleVlanID OBJECT-TYPE + SYNTAX VlanIdOrNone + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the VLAN ID. + A value of zero indicates the VLAN ID is not specified. + This node and dAclMacAccessRuleVlanRangeMin/dAclMacAccessRuleVlanRangeMax + cannot be specified at same time in a row." + DEFVAL { 0 } + ::= { dAclMacAccessRuleEntry 15 } + + dAclMacAccessRuleInnerVlanID OBJECT-TYPE + SYNTAX VlanIdOrNone + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the inner VLAN ID. A value of zero indicates + the inner VLAN ID is not specified." + DEFVAL { 0 } + ::= { dAclMacAccessRuleEntry 16 } + + dAclMacAccessRuleTimeName OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the name of time-period profile associated with + the access-list delineating its activation period. + The value 'NULL' means that this rule is not bound with any Time + mechanism." + ::= { dAclMacAccessRuleEntry 17 } + + dAclMacAccessRuleEthernetTypeMask OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(2)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the mask for ethernet type defined by dAclMacAccessRuleEthernetType. + Valid values are from 0x0000 to 0xFFFF. + Default value is 0xFFFF. + This node is valid only for the dAclMacAccessRuleEthernetType specified." + ::= { dAclMacAccessRuleEntry 18} + + dAclMacAccessRuleDot1pMask OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(1)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the mask for priority defined by dAclMacAccessRuleDot1p. + Valid values are from 0x00 to 0x07. + Default value is 0x07. + This node is valid only for the dAclMacAccessRuleDot1p specified." + ::= { dAclMacAccessRuleEntry 19 } + + dAclMacAccessRuleInnerDot1pMask OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(1)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the mask for inner priority defined by dAclMacAccessRuleInnerDot1p. + Valid values are from 0x00 to 0x07. + Default value is 0x07. + This node is valid only for the dAclMacAccessRuleInnerDot1p specified." + ::= { dAclMacAccessRuleEntry 20 } + + dAclMacAccessRuleVlanIDMask OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(2)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the mask for VLAN ID defined by dAclMacAccessRuleVlanID. + Valid values are from 0x0000 to 0x0FFF. + This node and dAclMacAccessRuleVlanRangeMin/dAclMacAccessRuleVlanRangeMax + cannot be specified at same time in a row. + Default value is 0x0FFF. + This node is valid only for the dAclMacAccessRuleVlanID specified." + ::= { dAclMacAccessRuleEntry 21 } + + dAclMacAccessRuleInnerVlanIDMask OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(2)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the mask for inner VLAN ID defined by dAclMacAccessRuleInnerVlanID. + Valid values are from 0x0000 to 0x0FFF. + Default value is 0x0FFF. + This node is valid only for the dAclMacAccessRuleInnerVlanID specified." + ::= { dAclMacAccessRuleEntry 22 } + + dAclMacAccessRuleVlanRangeMin OBJECT-TYPE + SYNTAX VlanIdOrNone + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the minimum outer VLAN ID of a VLAN range. A value of zero + indicates the VLAN range is not specified. + This node and dAclMacAccessRuleVlanID/dAclMacAccessRuleVlanIDMask cannot + be specified at same time in a row. + This node is valid only for the dAclMacAccessRuleVlanRangeMax specified." + DEFVAL { 0 } + ::= { dAclMacAccessRuleEntry 23 } + + dAclMacAccessRuleVlanRangeMax OBJECT-TYPE + SYNTAX VlanIdOrNone + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the maximum outer VLAN ID of a VLAN range. A value of zero + indicates the VLAN range is not specified. + This node and dAclMacAccessRuleVlanID/dAclMacAccessRuleVlanIDMask cannot + be specified at same time in a row. + This node is valid only for the dAclMacAccessRuleVlanRangeMin specified." + DEFVAL { 0 } + ::= { dAclMacAccessRuleEntry 24 } + +-- ----------------------------------------------------------------------------- + dAclMacAccessGroupTable OBJECT-TYPE + SYNTAX SEQUENCE OF DAclMacAccessGroupEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table represents a list of MAC access group configuration." + ::= { dAclMac 4 } + + dAclMacAccessGroupEntry OBJECT-TYPE + SYNTAX DAclMacAccessGroupEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in dAclMacAccessGroupTable contains interface specific + MAC access list association." + INDEX { dAclMacAccessGroupIfIndex, dAclMacAccessGroupApplyDirection } + ::= { dAclMacAccessGroupTable 1 } + + DAclMacAccessGroupEntry ::= SEQUENCE { + dAclMacAccessGroupIfIndex InterfaceIndex, + dAclMacAccessGroupApplyDirection INTEGER, + dAclMacAccessGroupRowStatus RowStatus, + dAclMacAccessGroupAclName DisplayString, + dAclMacAccessGroupAclId Integer32 + } + + dAclMacAccessGroupIfIndex OBJECT-TYPE + SYNTAX InterfaceIndex + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Indicates the ifIndex of the interface. + Only physical port is valid interface." + ::= { dAclMacAccessGroupEntry 1 } + + dAclMacAccessGroupApplyDirection OBJECT-TYPE + SYNTAX INTEGER{ + inbound(1), + outbound(2) + } + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Indicates whether this access list is to be attached to ingress + or egress direction." + ::= { dAclMacAccessGroupEntry 2 } + + dAclMacAccessGroupRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The row status variable, used according to installation + and removal conventions for conceptual rows." + ::= { dAclMacAccessGroupEntry 3 } + + dAclMacAccessGroupAclName OBJECT-TYPE + SYNTAX DisplayString (SIZE (1..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The name of the MAC access list to be applied. + " + ::= { dAclMacAccessGroupEntry 4 } + + dAclMacAccessGroupAclId OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The ID of the MAC access list to be applied. + User maybe specify access list ID(by this object) or name (by + dAclMacAccessGroupAclName) to be applied. If both access list + ID and name are specified, the access list name specified by + dAclMacAccessGroupAclName will be take. + " + ::= { dAclMacAccessGroupEntry 5 } +-- ----------------------------------------------------------------------------- + dAclIp OBJECT IDENTIFIER ::= { dAclMIBObjects 3 } + dAclIpAccessListNumber OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Indicates the number of entries present in the IP access list + table." + ::= { dAclIp 1 } + + dAclIpAccessListTable OBJECT-TYPE + SYNTAX SEQUENCE OF DAclIpAccessListEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table contains IP access list configuration." + ::= { dAclIp 2 } + + dAclIpAccessListEntry OBJECT-TYPE + SYNTAX DAclIpAccessListEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry defined in dAclIpAccessListTable. An entry is + created/removed when an IP access list is created/deleted." + INDEX { dAclIpAccessListName } + ::= { dAclIpAccessListTable 1 } + + DAclIpAccessListEntry ::= SEQUENCE { + dAclIpAccessListName DisplayString, + dAclIpAccessListRowStatus RowStatus, + dAclIpAccessExtended TruthValue, + dAclIpAccessListId Integer32, + dAclIpAccessListCounterEnabled TruthValue, + dAclIpAccessListClearStatAction INTEGER, + dAclIpAccessListRemark DisplayString + } + + dAclIpAccessListName OBJECT-TYPE + SYNTAX DisplayString (SIZE (1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The name of the IP access list." + ::= { dAclIpAccessListEntry 1 } + + dAclIpAccessListRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object allows the dynamic creation and + deletion of an IP access list." + ::= { dAclIpAccessListEntry 2 } + + dAclIpAccessExtended OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the IP access list is extended ('true') or + standard ('false'). + A standard ip access list means only IP address related i.e. + source or destination IP address is specified for the filter. + For an extended IP access list, more fields can be chosen for the + filter." + ::= { dAclIpAccessListEntry 3 } + + dAclIpAccessListId OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The number of the IP access list. + If user specify value zero(0) for this node, agent will assign a number + for it. After the table created, this node should not be changed." + ::= { dAclIpAccessListEntry 4 } + + dAclIpAccessListCounterEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the counter state of the access list is + enabled('true') or disabled('false'). And the counter just for + the all interface that applied the access list in + dAclIpAccessGroupTable." + ::= { dAclIpAccessListEntry 5 } + + dAclIpAccessListClearStatAction OBJECT-TYPE + SYNTAX INTEGER{ + clear(1), + noOp(2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is used to clear statistics of the access list when set + to 'clear'. No action is taken if this object is set to 'noOp'. + The 'clear' action just for the all interface that applied the access + list in dAclIpAccessGroupTable. + When read, the value 'noOp' is returned." + ::= { dAclIpAccessListEntry 6 } + + dAclIpAccessListRemark OBJECT-TYPE + SYNTAX DisplayString (SIZE (0..255)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The description of the IP access list." + ::= { dAclIpAccessListEntry 7 } + +-- ----------------------------------------------------------------------------- + dAclIpAccessRuleTable OBJECT-TYPE + SYNTAX SEQUENCE OF DAclIpAccessRuleEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table contains a list of IP access rules for IP access lists." + ::= { dAclIp 3} + + dAclIpAccessRuleEntry OBJECT-TYPE + SYNTAX DAclIpAccessRuleEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry is defined dAclIpAccessRuleTable. + The first instance identifier index value identifies the + dAclIpAccessListEntry that an IP access rule (dAclIpAccessRuleEntry) + belongs to. An entry is removed from this table when its + corresponding dAclIpAccessRuleEntry is deleted." + INDEX { + dAclIpAccessListName, + dAclIpAccessRuleSn + } + ::= { dAclIpAccessRuleTable 1 } + + DAclIpAccessRuleEntry ::= SEQUENCE { + dAclIpAccessRuleSn Integer32, + dAclIpAccessRuleRowStatus RowStatus, + dAclIpAccessRuleAction DlinkAclRuleType, + dAclIpAccessRuleProtocol INTEGER, + dAclIpAccessRuleUserDefProtocol Integer32, + dAclIpAccessRuleSrcAddr IpAddress, + dAclIpAccessRuleSrcWildcard IpAddress, + dAclIpAccessRuleDstAddr IpAddress, + dAclIpAccessRuleDstWildcard IpAddress, + dAclIpAccessRuleSrcOperator DlinkAclPortOperatorType, + dAclIpAccessRuleSrcPort Integer32, + dAclIpAccessRuleSrcPortRange Integer32, + dAclIpAccessRuleDstOperator DlinkAclPortOperatorType, + dAclIpAccessRuleDstPort Integer32, + dAclIpAccessRuleDstPortRange Integer32, + dAclIpAccessRuleQosPrecedence Integer32, + dAclIpAccessRuleQosTos Integer32, + dAclIpAccessRuleQosDscp Integer32, + dAclIpAccessRuleIcmpType Integer32, + dAclIpAccessRuleIcmpCode Integer32, + dAclIpAccessRuleTimeName DisplayString, + dAclIpAccRuleTcpFlag TcpFlag, + dAclIpAccRuleFragments TruthValue, + dAclIpAccRuleUserDefProtocolMask OCTET STRING, + dAclIpAccRuleSrcPortMask OCTET STRING, + dAclIpAccRuleDstPortMask OCTET STRING, + dAclIpAccRuleQosPrecedenceMask OCTET STRING, + dAclIpAccRuleQosTosMask OCTET STRING, + dAclIpAccRuleQosDscpMask OCTET STRING + } + + dAclIpAccessRuleSn OBJECT-TYPE + SYNTAX Integer32 (0..65535) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Specifies the sequence number of this rule. + The lower the number is, the higher the priority of the rule. + The special value of 0 means the sequence number will be automatically + determined by the agent." + ::= { dAclIpAccessRuleEntry 1 } + + dAclIpAccessRuleRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The row status variable, used according to installation + and removal conventions for conceptual rows." + ::= { dAclIpAccessRuleEntry 2 } + + dAclIpAccessRuleAction OBJECT-TYPE + SYNTAX DlinkAclRuleType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the result of the packet examination is to + permit or deny or prevent to CPU." + ::= { dAclIpAccessRuleEntry 3 } + + dAclIpAccessRuleProtocol OBJECT-TYPE + SYNTAX INTEGER { + none(0), + userDefine(1), + tcp(2), + udp(3), + icmp(4), + gre(5), + esp(6), + eigrp(7), + igmp(8), + ospf(9), + pim(10), + vrrp(11), + ipinip(12), + pcp(13) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the IP protocol." + ::= { dAclIpAccessRuleEntry 4 } + + dAclIpAccessRuleUserDefProtocol OBJECT-TYPE + SYNTAX Integer32 (-1 | 0..255) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the user defined protocol ID when the dAclIpAccessRuleProtocol + is 'userDefine (1)'. The value of -1 means the user defined protocol ID + is not specified." + DEFVAL { -1 } + ::= { dAclIpAccessRuleEntry 5 } + + dAclIpAccessRuleSrcAddr OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies a source IP address." + ::= { dAclIpAccessRuleEntry 6 } + + dAclIpAccessRuleSrcWildcard OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is a wildcard bitmap to specify a group of source IP + addresses. The bit value 1 indicates the corresponding bit will + be ignored. The bit value 0 indicates the corresponding bit will be + checked. In other words, when the value of all 'ff'Hs indicates any + IP source address is specified. When the value of all '00'Hs indicates + host IP source address is specified." + ::= { dAclIpAccessRuleEntry 7 } + + dAclIpAccessRuleDstAddr OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies a destination IP address." + ::= { dAclIpAccessRuleEntry 8 } + + dAclIpAccessRuleDstWildcard OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is a wildcard bitmap to specify a group of destination IP + addresses. The bit value 1 indicates the corresponding bit will + be ignored. The bit value 0 indicates the corresponding bit will be + checked. In other words, when the value of all 'ff'Hs indicates any + IP destination address is specified. When the value of all '00'Hs indicates + host IP destination address is specified." + ::= { dAclIpAccessRuleEntry 9 } + + dAclIpAccessRuleSrcOperator OBJECT-TYPE + SYNTAX DlinkAclPortOperatorType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates how a packet's source TCP/UDP port number is + compared. + When the value of this object is eq(2),gt(3),lt(4) or neq(5) uses + the dAclIpAccessRuleSrcPort as an operand which is the only one needed. + + When the value of this object is range(6) needs 2 operands. One is + dAclIpAccessRuleSrcPort, which is the starting port number of the + range, and the other operand is dAclIpAccessRuleSrcPortRange, + which is the ending port number of the range. + + When the value of this object is mask(7) needs 2 operands. One is + dAclIpAccessRuleSrcPort, the other operand is dAclIpAccRuleSrcPortMask. + + This object is used for TCP/UDP protocol only, hence when the object + 'dAclIpAccessRuleProtocol' is set to other than TCP/UDP, the object has + to be 'none(1)'." + ::= { dAclIpAccessRuleEntry 10 } + + dAclIpAccessRuleSrcPort OBJECT-TYPE + SYNTAX Integer32 (-1..65535) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the source port number of TCP/UDP protocol. + If the value is -1, it means the value is not specified. + If the dAclIpAccessRuleSrcOperator object in the same row is + range(6), this object will be the starting port number of the port + range. + This object only can be configured dAclIpAccessRuleSrcOperator in + the same row is not 'none(1)'." + DEFVAL { -1 } + ::= { dAclIpAccessRuleEntry 11 } + + dAclIpAccessRuleSrcPortRange OBJECT-TYPE + SYNTAX Integer32 (-1..65535) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The source port number of the TCP/UDP protocol. If the + dAclIpAccessRuleSrcOperator object in the same row is range(6), this + object will be the ending port number of the port range. + The value of -1 means the ending port number is not specified." + DEFVAL { -1 } + ::= { dAclIpAccessRuleEntry 12 } + + dAclIpAccessRuleDstOperator OBJECT-TYPE + SYNTAX DlinkAclPortOperatorType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates how a packet's TCP/UDP destination port number is + compared. + When the value of this object is eq(2),gt(3),lt(4) or neq(5) uses + the dAclIpAccessRuleSrcPort as an operand which is the only one needed. + + When the value of this object is range(6) needs 2 operands. One is + dAclIpAccessRuleSrcPort, which is the starting port number of the + range, and the other operand is dAclIpAccessRuleDstPortRange, + which is the ending port number of the range. + + When the value of this object is mask(7) needs 2 operands. One is + dAclIpAccessRuleDstPort, the other operand is dAclIpAccRuleDstPortMask. + + This object is used for TCP/UDP protocol only, hence when the object + 'dAclIpAccessRuleProtocol' is set to other than TCP/UDP, the object has + to be 'none(1)'." + ::= { dAclIpAccessRuleEntry 13 } + + dAclIpAccessRuleDstPort OBJECT-TYPE + SYNTAX Integer32 (-1..65535) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the destination port number of TCP/UDP protocol. + If the value is -1, it means the value is not specified. + If the dAclIpAccessRuleDstOperator object in the same row is + range(6), this object will be the starting port number of the port + range. + This object only can be configured dAclIpAccessRuleDstOperator in + the same row is not 'none(1)'." + DEFVAL { -1 } + ::= { dAclIpAccessRuleEntry 14 } + + dAclIpAccessRuleDstPortRange OBJECT-TYPE + SYNTAX Integer32 (-1..65535) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The destination port number of the TCP/UDP protocol. If the + dAclIpAccessRuleDstOperator object in the same row is range(6), this + object will be the ending port number of the port range. + The value of -1 means the ending port number is not specified." + DEFVAL { -1 } + ::= { dAclIpAccessRuleEntry 15 } + + dAclIpAccessRuleQosPrecedence OBJECT-TYPE + SYNTAX Integer32 (-1 | 0..7) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the value of precedence. + The value of -1 means the value is not specified or not applicable. + dAclIpAccessRuleQosPrecedence and dAclIpAccessRuleQosDscp cannot + be specified at same time in a row." + DEFVAL { -1 } + ::= { dAclIpAccessRuleEntry 16 } + + dAclIpAccessRuleQosTos OBJECT-TYPE + SYNTAX Integer32 (-1 | 0..15) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the value of type of service. + The value of -1 means the value is not specified or not applicable. + dAclIpAccessRuleQosTos and dAclIpAccessRuleQosDscp cannot + be specified at same time in a row." + DEFVAL { -1 } + ::= { dAclIpAccessRuleEntry 17 } + + dAclIpAccessRuleQosDscp OBJECT-TYPE + SYNTAX Integer32 (-1 | 0..63) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the value of DSCP code. + The value of -1 means the value is not specified or not applicable. + Neither dAclIpAccessRuleQosPrecedence nor dAclIpAccessRuleQosTos + cannot be specified with dAclIpAccessRuleQosDscp at same time + in a row. + " + DEFVAL { -1 } + ::= { dAclIpAccessRuleEntry 18 } + + dAclIpAccessRuleIcmpType OBJECT-TYPE + SYNTAX Integer32 (-1 | 0..255) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the type of ICMP protocol. + If the value is -1, it means the value is not specified. + This object is used for ICMP protocol only, hence when the object + 'dAclIpAccessRuleProtocol' is set to other than ICMP, the object has + to be -1." + DEFVAL { -1 } + ::= { dAclIpAccessRuleEntry 19 } + + dAclIpAccessRuleIcmpCode OBJECT-TYPE + SYNTAX Integer32 (-1 | 0..255) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the code of ICMP protocol. + If the value is -1, it means the value is not specified. + This object is used for ICMP protocol only, hence when the object + 'dAclIpAccessRuleProtocol' is set to other than ICMP, the object has + to be -1." + DEFVAL { -1 } + ::= { dAclIpAccessRuleEntry 20 } + + dAclIpAccessRuleTimeName OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the name of time-period profile associated with the + access-list delineating its activation period. + The value 'NULL' means that this rule is not bound with any Time + mechanism." + ::= { dAclIpAccessRuleEntry 21 } + + dAclIpAccRuleTcpFlag OBJECT-TYPE + SYNTAX TcpFlag + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the TCP flag fields. + This node is available only for TCP protocol. + The default value for this node is empty set, which means no TCP flag + values are set. + " + ::= { dAclIpAccessRuleEntry 22 } + + dAclIpAccRuleFragments OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the Packet fragment filtering status + is enabled('true') or disabled('false'). + " + ::= { dAclIpAccessRuleEntry 23 } + + dAclIpAccRuleUserDefProtocolMask OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(1)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the mask for protocol ID defined by dAclIpAccessRuleUserDefProtocol. + Valid values are from 0x00 to 0xFF. + Default value is 0xFF. + This node is valid only for the dAclIpAccessRuleUserDefProtocol specified." + ::= { dAclIpAccessRuleEntry 24 } + + dAclIpAccRuleSrcPortMask OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(2)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the mask for L4 source port defined by dAclIpAccessRuleSrcPort. + Valid values are from 0x0 to 0xFFFF. + Default value is 0xFFFF. + This object only can be configured dAclIpAccessRuleSrcOperator in the + same row is 'mask(7)'. + This node is valid only for the dAclIpAccessRuleSrcPort specified." + ::= { dAclIpAccessRuleEntry 25 } + + dAclIpAccRuleDstPortMask OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(2)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the mask for L4 destination port defined by dAclIpAccessRuleDstPort. + Valid values are from 0x0 to 0xFFFF. + Default value is 0xFFFF. + This object only can be configured dAclIpAccessRuleDstOperator in the + same row is 'mask(7)'. + This node is valid only for the dAclIpAccessRuleDstPort specified." + ::= { dAclIpAccessRuleEntry 26 } + + dAclIpAccRuleQosPrecedenceMask OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(1)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the mask for ip precedence defined by dAclIpAccessRuleQosPrecedence. + Valid values are from 0x0 to 0x7. + Default value is 0x7. + This node is valid only for the dAclIpAccessRuleQosPrecedence specified." + ::= { dAclIpAccessRuleEntry 27 } + + dAclIpAccRuleQosTosMask OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(1)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the mask for type of service defined by dAclIpAccessRuleQosTos. + Valid values are from 0x0 to 0xF. + Default value is 0xF. + This node is valid only for the dAclIpAccessRuleQosTos specified." + ::= { dAclIpAccessRuleEntry 28 } + + dAclIpAccRuleQosDscpMask OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(1)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the mask for DSCP code defined by dAclIpAccessRuleQosDscp. + Valid values are from 0x0 to 0x3F. + Default value is 0x3F. + This node is valid only for the dAclIpAccessRuleQosDscp specified." + ::= { dAclIpAccessRuleEntry 29 } + +-- ----------------------------------------------------------------------------- + dAclIpAccessGroupTable OBJECT-TYPE + SYNTAX SEQUENCE OF DAclIpAccessGroupEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table represents a list of IP access group configuration." + ::= { dAclIp 4 } + + dAclIpAccessGroupEntry OBJECT-TYPE + SYNTAX DAclIpAccessGroupEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in dAclIpAccessGroupTable contains interface specific + IP access list association." + INDEX { dAclIpAccessGroupIfIndex,dAclIpAccessGroupApplyDirection} + ::= { dAclIpAccessGroupTable 1 } + + DAclIpAccessGroupEntry ::= SEQUENCE { + dAclIpAccessGroupIfIndex InterfaceIndex, + dAclIpAccessGroupApplyDirection INTEGER, + dAclIpAccessGroupStatus RowStatus, + dAclIpAccessGroupAclName DisplayString, + dAclIpAccessGroupAclId Integer32 + } + + dAclIpAccessGroupIfIndex OBJECT-TYPE + SYNTAX InterfaceIndex + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Indicates the ifIndex of the interface. + Only physical port is valid interface." + ::= { dAclIpAccessGroupEntry 1 } + + dAclIpAccessGroupApplyDirection OBJECT-TYPE + SYNTAX INTEGER{ + inbound(1), + outbound(2) + } + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Indicates whether this access list is to be attached to ingress or egress direction." + ::= { dAclIpAccessGroupEntry 2 } + dAclIpAccessGroupStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The row status variable, used according to installation + and removal conventions for conceptual rows." + ::= { dAclIpAccessGroupEntry 3 } + + dAclIpAccessGroupAclName OBJECT-TYPE + SYNTAX DisplayString (SIZE (1..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The name of the IP access list to be applied." + ::= { dAclIpAccessGroupEntry 4 } + + dAclIpAccessGroupAclId OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The ID of the IP access list to be applied. + User maybe specify access list ID(by this object) or name (by + dAclIpAccessGroupAclName) to be applied. If both access list + ID and name are specified, the access list name specified by + dAclIpAccessGroupAclName will be take. + " + ::= { dAclIpAccessGroupEntry 5 } +-- ----------------------------------------------------------------------------- + dAclIPv6 OBJECT IDENTIFIER ::= { dAclMIBObjects 4 } + dAclIPv6AccessListNumber OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Indicates the number of entries present in the IPv6 access list + table." + ::= { dAclIPv6 1 } + + dAclIPv6AccessListTable OBJECT-TYPE + SYNTAX SEQUENCE OF DAclIPv6AccessListEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table contains IPv6 access list configuration." + ::= { dAclIPv6 2 } + + dAclIPv6AccessListEntry OBJECT-TYPE + SYNTAX DAclIPv6AccessListEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry defined in dAclIPv6AccessListTable. An entry is + created/removed when an IPv6 access list is created/deleted." + INDEX { dAclIPv6AccessListName } + ::= { dAclIPv6AccessListTable 1 } + + DAclIPv6AccessListEntry ::= SEQUENCE { + dAclIPv6AccessListName DisplayString, + dAclIPv6AccessListRowStatus RowStatus, + dAclIPv6AccessExtended TruthValue, + dAclIPv6AccessListId Integer32, + dAclIPv6AccessListCounterEnabled TruthValue, + dAclIPv6AccessListClearStatAction INTEGER, + dAclIPv6AccessListRemark DisplayString + } + + dAclIPv6AccessListName OBJECT-TYPE + SYNTAX DisplayString (SIZE (1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The name of the IPv6 access list." + ::= { dAclIPv6AccessListEntry 1 } + + dAclIPv6AccessListRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object allows the dynamic creation and + deletion of an IPv6 access list." + ::= { dAclIPv6AccessListEntry 2 } + + dAclIPv6AccessExtended OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the IPv6 access list is extended ('true') or + standard ('false'). + A standard ip access list means only IPv6 address related i.e. + source or destination IPv6 address is specified for the filter. + For an extended IPv6 access list, more fields can be chosen for the + filter." + ::= { dAclIPv6AccessListEntry 3 } + + dAclIPv6AccessListId OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The number of the IPv6 access list." + ::= { dAclIPv6AccessListEntry 4 } + + dAclIPv6AccessListCounterEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the counter state of the access list is + enabled('true') or disabled('false'). And the counter just for + the all interface that applied the access list in + dAclIPv6AccessGroupTable." + ::= { dAclIPv6AccessListEntry 5 } + + dAclIPv6AccessListClearStatAction OBJECT-TYPE + SYNTAX INTEGER{ + clear(1), + noOp(2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is used to clear statistics of the access list when set + to 'clear'. No action is taken if this object is set to 'noOp'. + The 'clear' action just for the all interface that applied the access + list in dAclIPv6AccessGroupTable. + When read, the value 'noOp' is returned." + ::= { dAclIPv6AccessListEntry 6 } + + dAclIPv6AccessListRemark OBJECT-TYPE + SYNTAX DisplayString (SIZE (0..255)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The description of the IPv6 access list." + ::= { dAclIPv6AccessListEntry 7 } + +-- ----------------------------------------------------------------------------- + dAclIPv6AccessRuleTable OBJECT-TYPE + SYNTAX SEQUENCE OF DAclIPv6AccessRuleEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table contains a list of IPv6 access rules for IPv6 access lists." + ::= { dAclIPv6 3} + + dAclIPv6AccessRuleEntry OBJECT-TYPE + SYNTAX DAclIPv6AccessRuleEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry is defined dAclIPv6AccessRuleTable. + The first instance identifier index value identifies the + dAclIPv6AccessListEntry that an IPv6 access rule (dAclIPv6AccessRuleEntry) + belongs to. An entry is removed from this table when its + corresponding dAclIPv6AccessRuleEntry is deleted." + INDEX { + dAclIPv6AccessListName, + dAclIPv6AccessRuleSn + } + ::= { dAclIPv6AccessRuleTable 1 } + + DAclIPv6AccessRuleEntry ::= SEQUENCE { + dAclIPv6AccessRuleSn Integer32, + dAclIPv6AccessRuleRowStatus RowStatus, + dAclIPv6AccessRuleAction DlinkAclRuleType, + dAclIPv6AccessRuleProtocol INTEGER, + dAclIPv6AccessRuleUserDefProtocol Integer32, + dAclIPv6AccessRuleSrcAddr InetAddressIPv6, + dAclIPv6AccessRuleSrcPrefixLen InetAddressPrefixLength, + dAclIPv6AccessRuleDstAddr InetAddressIPv6, + dAclIPv6AccessRuleDstPrefixLen InetAddressPrefixLength, + dAclIPv6AccessRuleDstOperator DlinkAclPortOperatorType, + dAclIPv6AccessRuleSrcOperator DlinkAclPortOperatorType, + dAclIPv6AccessRuleSrcPort Integer32, + dAclIPv6AccessRuleSrcPortRange Integer32, + dAclIPv6AccessRuleDstPort Integer32, + dAclIPv6AccessRuleDstPortRange Integer32, + dAclIPv6AccessRuleDscp Integer32, + dAclIPv6AccessRuleIcmpType Integer32, + dAclIPv6AccessRuleIcmpCode Integer32, + dAclIPv6AccessRuleTimeName DisplayString, + dAclIPv6AccRuleTcpFlag TcpFlag, + dAclIPv6AccRuleFragments TruthValue, + dAclIPv6AccRuleFlowLabel Integer32, + dAclIPv6AccRuleTrafficClass Integer32, + dAclIPv6AccRuleUserDefProtocolMask OCTET STRING, + dAclIPv6AccRuleSrcPortMask OCTET STRING, + dAclIPv6AccRuleDstPortMask OCTET STRING, + dAclIPv6AccRuleDscpMask OCTET STRING, + dAclIPv6AccRuleFlowLabelMask OCTET STRING, + dAclIPv6AccRuleTrafficClassMask OCTET STRING + } + + dAclIPv6AccessRuleSn OBJECT-TYPE + SYNTAX Integer32 (0..65535) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Specifies the sequence number of this rule. + The lower the number is, the higher the priority of the rule. + The special value of 0 means the sequence number will be automatically + determined by the agent." + ::= { dAclIPv6AccessRuleEntry 1 } + + dAclIPv6AccessRuleRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The row status variable, used according to installation + and removal conventions for conceptual rows." + ::= { dAclIPv6AccessRuleEntry 2 } + + dAclIPv6AccessRuleAction OBJECT-TYPE + SYNTAX DlinkAclRuleType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the result of the packet examination is to + permit or deny or prevent to CPU." + ::= { dAclIPv6AccessRuleEntry 3 } + + dAclIPv6AccessRuleProtocol OBJECT-TYPE + SYNTAX INTEGER { + none(0), + userDefine(1), + tcp(2), + udp(3), + icmp(4), + esp(5), + pcp(6), + sctp(7) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the IP protocol." + ::= { dAclIPv6AccessRuleEntry 4 } + + dAclIPv6AccessRuleUserDefProtocol OBJECT-TYPE + SYNTAX Integer32 (-1 | 0..255) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the user defined protocol ID when the + dAclIPv6AccessRuleProtocol is 'userDefine (1)'. + The value of -1 means the user defined protocol ID is not + specified." + DEFVAL { -1 } + ::= { dAclIPv6AccessRuleEntry 5 } + + dAclIPv6AccessRuleSrcAddr OBJECT-TYPE + SYNTAX InetAddressIPv6 + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies a source IPv6 address." + ::= { dAclIPv6AccessRuleEntry 6 } + + dAclIPv6AccessRuleSrcPrefixLen OBJECT-TYPE + SYNTAX InetAddressPrefixLength + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the length in bits of source IPv6 address will be + matched. In other words, the value of 0 indicates any source + IPv6 address is specified. When the value of 128 indicates + host IPv6 source address is specified." + ::= { dAclIPv6AccessRuleEntry 7 } + + dAclIPv6AccessRuleDstAddr OBJECT-TYPE + SYNTAX InetAddressIPv6 + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies a destination IPv6 address." + ::= { dAclIPv6AccessRuleEntry 8 } + + dAclIPv6AccessRuleDstPrefixLen OBJECT-TYPE + SYNTAX InetAddressPrefixLength + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the length in bits of destination IPv6 address will be + matched. In other words, the value of 0 indicates any destination + IPv6 address is specified. When the value of 128 indicates + host IPv6 destination address is specified." + ::= { dAclIPv6AccessRuleEntry 9 } + + dAclIPv6AccessRuleSrcOperator OBJECT-TYPE + SYNTAX DlinkAclPortOperatorType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates how a packet's TCP/UDP source port number is + compared. + When the value of this object is eq(2),gt(3),lt(4) or neq(5) uses + the dAclIPv6AccessRuleSrcPort as an operand which is the only one needed. + + When the value of this object is range(6) needs 2 operands. One is + dAclIPv6AccessRuleSrcPort, which is the starting port number of the + range, and the other operand is dAclIPv6AccessRuleSrcPortRange, + which is the ending port number of the range. + + When the value of this object is mask(7) needs 2 operands. One is + dAclIPv6AccessRuleSrcPort, the other operand is dAclIPv6AccessRuleSrcPortMask. + + This object is used for TCP/UDP protocol only, hence when the object + 'dAclIPv6AccessRuleProtocol' is set to other than TCP/UDP, the object has + to be 'none(1)'." + ::= { dAclIPv6AccessRuleEntry 10 } + + dAclIPv6AccessRuleSrcPort OBJECT-TYPE + SYNTAX Integer32 (-1..65535) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the source port number of TCP/UDP protocol. + If the value is -1, it means the value is not specified. + If the dAclIPv6AccessRuleSrcOperator object in the same row is + range(6), this object will be the starting port number of the port + range. + This object only can be configured dAclIPv6AccessRuleSrcOperator in + the same row is not 'none(1)'." + DEFVAL { -1 } + ::= { dAclIPv6AccessRuleEntry 11 } + + dAclIPv6AccessRuleSrcPortRange OBJECT-TYPE + SYNTAX Integer32 (-1..65535) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The source port number of the TCP/UDP protocol. If the + dAclIPv6AccessRuleSrcOperator object in the same row is range(6), this + object will be the ending port number of the port range. + The value of -1 means the ending port number is not specified." + DEFVAL { -1 } + ::= { dAclIPv6AccessRuleEntry 12 } + + dAclIPv6AccessRuleDstOperator OBJECT-TYPE + SYNTAX DlinkAclPortOperatorType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates how a packet's TCP/UDP destination port number is + compared. + When the value of this object is eq(2),gt(3),lt(4) or neq(5) uses + the dAclIPv6AccessRuleDstPort as an operand which is the only one needed. + + When the value of this object is range(6) needs 2 operands. One is + dAclIPv6AccessRuleDstPort, which is the starting port number of the + range, and the other operand is dAclIPv6AccessRuleDstPortRange, + which is the ending port number of the range. + + When the value of this object is mask(7) needs 2 operands. One is + dAclIPv6AccessRuleDstPort, the other operand is dAclIPv6AccessRuleDstPortMask. + + This object is used for TCP/UDP protocol only, hence when the object + 'dAclIPv6AccessRuleProtocol' is set to other than TCP/UDP, the object has + to be 'none(1)'." + ::= { dAclIPv6AccessRuleEntry 13 } + + dAclIPv6AccessRuleDstPort OBJECT-TYPE + SYNTAX Integer32 (-1..65535) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the destination port number of TCP/UDP protocol. + If the value is -1, it means the value is not specified. + If the dAclIPv6AccessRuleDstOperator object in the same row is + range(6), this object will be the starting port number of the port + range. + This object only can be configured dAclIPv6AccessRuleDstOperator in + the same row is not 'none(1)'." + DEFVAL { -1 } + ::= { dAclIPv6AccessRuleEntry 14 } + + dAclIPv6AccessRuleDstPortRange OBJECT-TYPE + SYNTAX Integer32 (-1..65535) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The destination port number of the TCP/UDP protocol. If the + dAclIPv6AccessRuleDstOperator object in the same row is range(6), this + object will be the ending port number of the port range. + The value of -1 means the ending port number is not specified." + ::= { dAclIPv6AccessRuleEntry 15 } + + dAclIPv6AccessRuleDscp OBJECT-TYPE + SYNTAX Integer32 (-1 | 0 .. 63) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the matching DSCP code value in IPv6 header. + The value of -1 means the DSCP value is not specified." + DEFVAL { -1 } + ::= { dAclIPv6AccessRuleEntry 16 } + + dAclIPv6AccessRuleIcmpType OBJECT-TYPE + SYNTAX Integer32 (-1 | 0..255) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the type of ICMP protocol. + The value of -1 means the ICMP type is not specified. + This object is used for ICMP protocol only, hence when the object + 'dAclIPv6AccessRuleProtocol' is set to other than ICMP, the object has + to be -1." + DEFVAL { -1 } + ::= { dAclIPv6AccessRuleEntry 17 } + + dAclIPv6AccessRuleIcmpCode OBJECT-TYPE + SYNTAX Integer32 (-1 | 0..255) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the code of ICMP protocol. + If the value is -1, it means the value is not specified. + This object is used for ICMP protocol only, hence when the object + 'dAclIPv6AccessRuleProtocol' is set to other than ICMP, the object has + to be -1." + DEFVAL { -1 } + ::= { dAclIPv6AccessRuleEntry 18 } + + dAclIPv6AccessRuleTimeName OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the name of time-period profile associated with the + access-list delineating its activation period. + The value 'NULL' means that this rule is not bound with any Time + mechanism." + ::= { dAclIPv6AccessRuleEntry 19 } + + dAclIPv6AccRuleTcpFlag OBJECT-TYPE + SYNTAX TcpFlag + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the TCP flag fields. And this node is available only for TCP protocol. + The default value for this node is empty set, which means no TCP flag values are set. + " + ::= { dAclIPv6AccessRuleEntry 20 } + + dAclIPv6AccRuleFragments OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the Packet fragment filtering status + is enabled('true') or disabled('false')." + ::= { dAclIPv6AccessRuleEntry 21 } + + dAclIPv6AccRuleFlowLabel OBJECT-TYPE + SYNTAX Integer32 (-1 | 0..1048575) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the Flow label value. + The value of -1 means the flow-label value is not specified. + " + DEFVAL { -1 } + ::= { dAclIPv6AccessRuleEntry 22 } + + dAclIPv6AccRuleTrafficClass OBJECT-TYPE + SYNTAX Integer32 (-1 | 0 .. 255) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the matching traffic class value in IPv6 header. + The value of -1 means the traffic class value is not specified. + This node and dAclIPv6AccessRuleDscp cannot be specified at same time in a row. + " + DEFVAL { -1 } + ::= { dAclIPv6AccessRuleEntry 23 } + + dAclIPv6AccRuleUserDefProtocolMask OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(1)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the mask for protocol ID defined by dAclIPv6AccessRuleUserDefProtocol. + Valid values are from 0x00 to 0xFF. + Default value is 0xFF. + This node is valid only for the dAclIPv6AccessRuleUserDefProtocol specified." + ::= { dAclIPv6AccessRuleEntry 24 } + + dAclIPv6AccRuleSrcPortMask OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(2)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the mask for L4 source port defined by dAclIPv6AccessRuleSrcPort. + Valid values are from 0x0 to 0xFFFF. + Default value is 0xFFFF. + This object only can be configured dAclIPv6AccessRuleSrcOperator in the + same row is 'mask(7)'. + This node is valid only for the dAclIPv6AccessRuleSrcPort specified." + ::= { dAclIPv6AccessRuleEntry 25 } + + dAclIPv6AccRuleDstPortMask OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(2)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the mask for L4 destination port defined by dAclIPv6AccessRuleDstPort. + Valid values are from 0x0 to 0xFFFF. + Default value is 0xFFFF. + This object only can be configured dAclIPv6AccessRuleDstOperator in the + same row is 'mask(7)'. + This node is valid only for the dAclIPv6AccessRuleDstPort specified." + ::= { dAclIPv6AccessRuleEntry 26 } + + dAclIPv6AccRuleDscpMask OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(1)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the mask for DSCP code defined by dAclIPv6AccessRuleDscp. + Valid values are from 0x0 to 0x3F. + Default value is 0x3F. + This node is valid only for the dAclIPv6AccessRuleDscp specified." + ::= { dAclIPv6AccessRuleEntry 27 } + + dAclIPv6AccRuleFlowLabelMask OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(3)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the mask for Flow label value defined by dAclIPv6AccRuleFlowLabel. + Valid values are from 0x0 to 0xFFFFF. + Default value is 0xFFFFF. + This node is valid only for the dAclIPv6AccRuleFlowLabel specified." + ::= { dAclIPv6AccessRuleEntry 28 } + + dAclIPv6AccRuleTrafficClassMask OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(1)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the mask for traffic class defined by dAclIPv6AccRuleTrafficClass. + Valid values are from 0x0 to 0xFF. + Default value is 0xFF. + This node is valid only for the dAclIPv6AccRuleTrafficClass specified." + ::= { dAclIPv6AccessRuleEntry 29 } + + -- ----------------------------------------------------------------------------- + dAclIPv6AccessGroupTable OBJECT-TYPE + SYNTAX SEQUENCE OF DAclIPv6AccessGroupEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table represents a list of IPv6 access group configuration." + ::= { dAclIPv6 4 } + + dAclIPv6AccessGroupEntry OBJECT-TYPE + SYNTAX DAclIPv6AccessGroupEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in dAclIPv6AccessGroupTable contains interface specific + IPv6 access list association." + INDEX { dAclIPv6AccessGroupIfIndex, dAclIpv6AccessGroupApplyDirection } + ::= { dAclIPv6AccessGroupTable 1 } + + DAclIPv6AccessGroupEntry ::= SEQUENCE { + dAclIPv6AccessGroupIfIndex InterfaceIndex, + dAclIpv6AccessGroupApplyDirection INTEGER, + dAclIPv6AccessGroupStatus RowStatus, + dAclIPv6AccessGroupAclName DisplayString, + dAclIPv6AccessGroupAclId Integer32 + } + + dAclIPv6AccessGroupIfIndex OBJECT-TYPE + SYNTAX InterfaceIndex + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Indicates the ifIndex of the interface. + Only physical port is valid interface." + ::= { dAclIPv6AccessGroupEntry 1 } + + dAclIpv6AccessGroupApplyDirection OBJECT-TYPE + SYNTAX INTEGER{ + inbound(1), + outbound(2) + } + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Indicates whether this ACL access list is to be attached to ingress or egress direction." + ::= { dAclIPv6AccessGroupEntry 2 } + dAclIPv6AccessGroupStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The row status variable, used according to installation + and removal conventions for conceptual rows." + ::= { dAclIPv6AccessGroupEntry 3 } + + dAclIPv6AccessGroupAclName OBJECT-TYPE + SYNTAX DisplayString (SIZE (1..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The name of the IPv6 access list to be applied." + ::= { dAclIPv6AccessGroupEntry 4 } + + dAclIPv6AccessGroupAclId OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The ID of the IPv6 access list to be applied. + User maybe specify access list ID(by this object) or name (by + dAclIPv6AccessGroupAclName) to be applied. If both access list + ID and name are specified, the access list name specified by + dAclIPv6AccessGroupAclName will be take. + " + ::= { dAclIPv6AccessGroupEntry 5 } +-- ----------------------------------------------------------------------------- + dAclExpert OBJECT IDENTIFIER ::= { dAclMIBObjects 5 } + dAclExpertAccessListNumber OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Indicates the number of entries present in the extended expert + access list table." + ::= { dAclExpert 1 } + + dAclExpertAccessListTable OBJECT-TYPE + SYNTAX SEQUENCE OF DAclExpertAccessListEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table contains information about extended expert access list." + ::= { dAclExpert 2 } + + dAclExpertAccessListEntry OBJECT-TYPE + SYNTAX DAclExpertAccessListEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry defined in dAclExpertAccessListTable. An entry is + created/removed when an extended expert access list is + created/deleted." + INDEX { dAclExpertAccessListName } + ::= { dAclExpertAccessListTable 1 } + + DAclExpertAccessListEntry ::= SEQUENCE { + dAclExpertAccessListName DisplayString, + dAclExpertAccessListRowStatus RowStatus, + dAclExpertAccessListId Integer32, + dAclExpertAccessListCounterEnabled TruthValue, + dAclExpertAccessListClearStatAction INTEGER, + dAclExpertAccessListRemark DisplayString + } + + dAclExpertAccessListName OBJECT-TYPE + SYNTAX DisplayString (SIZE (1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The name of the extended expert access list." + ::= { dAclExpertAccessListEntry 1 } + + dAclExpertAccessListRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object allows the dynamic creation and + deletion of an extended expert access list." + ::= { dAclExpertAccessListEntry 2 } + + dAclExpertAccessListId OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The number of the extended expert access list." + ::= { dAclExpertAccessListEntry 3 } + + dAclExpertAccessListCounterEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the counter state of the access list is + enabled('true') or disabled('false'). And the counter just for + the all interface that applied the access list in + dAclExpertAccessGroupTable." + ::= { dAclExpertAccessListEntry 4 } + + dAclExpertAccessListClearStatAction OBJECT-TYPE + SYNTAX INTEGER{ + clear(1), + noOp(2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is used to clear statistics of the access list when set + to 'clear'. No action is taken if this object is set to 'noOp'. + The 'clear' action just for the all interface that applied the access + list in dAclExpertAccessGroupTable. + When read, the value 'noOp' is returned." + ::= { dAclExpertAccessListEntry 5 } + + dAclExpertAccessListRemark OBJECT-TYPE + SYNTAX DisplayString (SIZE (0..255)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The description of the Expert access list." + ::= { dAclExpertAccessListEntry 6 } + +-- ----------------------------------------------------------------------------- + dAclExpertAccessRuleTable OBJECT-TYPE + SYNTAX SEQUENCE OF DAclExpertAccessRuleEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table consists of a list of rules for the extended expert access list." + ::= { dAclExpert 3 } + + dAclExpertAccessRuleEntry OBJECT-TYPE + SYNTAX DAclExpertAccessRuleEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry is defined ddAclExpertAccessRuleTable. + The first instance identifier index value identifies the + dAclExpertAccessListEntry that a extended expert access rule + (dAclExpertAccessRuleEntry) belongs to. + An entry is removed from this table when its + corresponding dAclExpertAccessListEntry is deleted." + INDEX { + dAclExpertAccessListName, + dAclExpertAccRuleSn + } + ::= { dAclExpertAccessRuleTable 1 } + + DAclExpertAccessRuleEntry ::= SEQUENCE { + dAclExpertAccRuleSn Integer32, + dAclExpertAccRuleRowStatus RowStatus, + dAclExpertAccRuleAction DlinkAclRuleType, + dAclExpertAccRuleProtocol INTEGER, + dAclExpertAccRuleUserDefProtocol Integer32, + dAclExpertAccRuleSrcIpAddr IpAddress, + dAclExpertAccRuleSrcIpWildcard IpAddress, + dAclExpertAccRuleSrcMacAddr MacAddress, + dAclExpertAccRuleSrcMacWildcard MacAddress, + dAclExpertAccRuleSrcOperator DlinkAclPortOperatorType, + dAclExpertAccRuleSrcPort Integer32, + dAclExpertAccRuleSrcPortRange Integer32, + dAclExpertAccRuleDstIpAddr IpAddress, + dAclExpertAccRuleDstIpWildcard IpAddress, + dAclExpertAccRuleDstMacAddr MacAddress, + dAclExpertAccRuleDstMacWildcard MacAddress, + dAclExpertAccRuleDstOperator DlinkAclPortOperatorType, + dAclExpertAccRuleDstPort Integer32, + dAclExpertAccRuleDstPortRange Integer32, + dAclExpertAccRuleVlanID VlanIdOrNone, + dAclExpertAccRuleInnerVlanID VlanIdOrNone, + dAclExpertAccRuleQosPrecedence Integer32, + dAclExpertAccRuleQosTos Integer32, + dAclExpertAccRuleQosDscp Integer32, + dAclExpertAccRuleIcmpType Integer32, + dAclExpertAccRuleIcmpCode Integer32, + dAclExpertAccRuleTimeName DisplayString, + dAclExpertAccRuleTcpFlag TcpFlag, + dAclExpertAccRuleFragments TruthValue, + dAclExpertAccRuleOuterCos Integer32, + dAclExpertAccRuleInnerCos Integer32, + dAclExpertAccRuleUserDefProtocolMask OCTET STRING, + dAclExpertAccRuleSrcPortMask OCTET STRING, + dAclExpertAccRuleDstPortMask OCTET STRING, + dAclExpertAccRuleVlanIDMask OCTET STRING, + dAclExpertAccRuleInnerVlanIDMask OCTET STRING, + dAclExpertAccRuleQosPrecedenceMask OCTET STRING, + dAclExpertAccRuleQosTosMask OCTET STRING, + dAclExpertAccRuleQosDscpMask OCTET STRING, + dAclExpertAccRuleOuterCosMask OCTET STRING, + dAclExpertAccRuleInnerCosMask OCTET STRING, + dAclExpertAccRuleVlanRangeMin VlanIdOrNone, + dAclExpertAccRuleVlanRangeMax VlanIdOrNone + } + + dAclExpertAccRuleSn OBJECT-TYPE + SYNTAX Integer32 (0..65535) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Specifies the sequence number of this rule. + The lower the number is, the higher the priority of the rule. + The special value of 0 means the sequence number will be automatically + determined by the agent." + ::= { dAclExpertAccessRuleEntry 1 } + + dAclExpertAccRuleRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The row status variable, used according to installation + and removal conventions for conceptual rows." + ::= { dAclExpertAccessRuleEntry 2 } + + dAclExpertAccRuleAction OBJECT-TYPE + SYNTAX DlinkAclRuleType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the result of the packet examination is to + permit or deny or prevent to CPU." + ::= { dAclExpertAccessRuleEntry 3 } + + dAclExpertAccRuleProtocol OBJECT-TYPE + SYNTAX INTEGER { + none(0), + userDefine(1), + tcp(2), + udp(3), + icmp(4), + gre(5), + esp(6), + eigrp(7), + igmp(8), + ospf(9), + pim(10), + vrrp(11), + ipinip(12), + pcp(13) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the IP protocol." + ::= { dAclExpertAccessRuleEntry 4 } + + dAclExpertAccRuleUserDefProtocol OBJECT-TYPE + SYNTAX Integer32 (-1 | 0..255) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the user defined protocol ID when the + dAclExpertAccRuleProtocol is 'userDefine (1)'. + The value of -1 means the user defined protocol ID is not + specified." + DEFVAL { -1 } + ::= { dAclExpertAccessRuleEntry 5 } + + dAclExpertAccRuleSrcIpAddr OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies a source IP address." + ::= { dAclExpertAccessRuleEntry 6 } + + dAclExpertAccRuleSrcIpWildcard OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is a wildcard bitmap to specify a group of source IP + addresses. The bit value 1 indicates the corresponding bit will + be ignored. The bit value 0 indicates the corresponding bit will be + checked. In other words, when the value of all 'ff'Hs indicates any + IP source address is specified. When the value of all '00'Hs indicates + host IP source address is specified." + ::= { dAclExpertAccessRuleEntry 7 } + + dAclExpertAccRuleSrcMacAddr OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies a source MAC address." + ::= { dAclExpertAccessRuleEntry 8 } + + dAclExpertAccRuleSrcMacWildcard OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is a wildcard bitmap to specify a group of source + MAC addresses. The bit value 1 indicates the corresponding bit will + be ignored. The bit value 0 indicates the corresponding bit will be + checked. In other words, when the value of all 'ff'Hs indicates any + source MAC address is specified. When the value of all '00'Hs indicates + host source MAC address is specified." + ::= { dAclExpertAccessRuleEntry 9 } + + dAclExpertAccRuleSrcOperator OBJECT-TYPE + SYNTAX DlinkAclPortOperatorType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates how a packet's source TCP/UDP port number is + compared. + When the value of this object is eq(2),gt(3),lt(4) or neq(5) uses + the dAclExpertAccsRuleSrcPort as an operand which is the only one needed. + + When the value of this object is range(6) needs 2 operands. One is + dAclExpertAccsRuleSrcPort, which is the starting port number of the + range, and the other operand is dAclExpertAccsRuleSrcPortRange, + which is the ending port number of the range. + + When the value of this object is mask(7) needs 2 operands. One is + dAclExpertAccsRuleSrcPort, the other operand is dAclExpertAccsRuleSrcPortMask. + + This object is used for TCP/UDP protocol only, hence when the object + 'dAclExpertAccRuleProtocol' is set to other than TCP/UDP, the object has + to be 'none(1)'." + ::= { dAclExpertAccessRuleEntry 10 } + + dAclExpertAccRuleSrcPort OBJECT-TYPE + SYNTAX Integer32 (-1..65535) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the source port number of TCP/UDP protocol. + If the value is -1, it means the value is not specified. + If the dAclExpertAccsRuleSrcOperator object in the same row is + range(6), this object will be the starting port number of the port + range. + This object only can be configured dAclExpertAccsRuleSrcOperator in + the same row is not 'none(1)'." + DEFVAL { -1 } + ::= { dAclExpertAccessRuleEntry 11 } + + dAclExpertAccRuleSrcPortRange OBJECT-TYPE + SYNTAX Integer32 (-1..65535) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The source port number of the TCP/UDP protocol. If the + dAclExpertAccsRuleSrcOperator object in the same row is range(6), this + object will be the ending port number of the port range. + The value of -1 means the ending port number is not specified." + DEFVAL { -1 } + ::= { dAclExpertAccessRuleEntry 12 } + + dAclExpertAccRuleDstIpAddr OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies a destination IP address." + ::= { dAclExpertAccessRuleEntry 13 } + + dAclExpertAccRuleDstIpWildcard OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is a wildcard bitmap to specify a group of destination IP + addresses. The bit value 1 indicates the corresponding bit will + be ignored. The bit value 0 indicates the corresponding bit will be + checked. In other words, when the value of all 'ff'Hs indicates any + IP destination address is specified. When the value of all '00'Hs indicates + host IP destination address is specified." + ::= { dAclExpertAccessRuleEntry 14 } + + dAclExpertAccRuleDstMacAddr OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies a destination MAC address." + ::= { dAclExpertAccessRuleEntry 15 } + + dAclExpertAccRuleDstMacWildcard OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is a wildcard bitmap to specify a group of destination + MAC addresses. The bit value 1 indicates the corresponding bit will + be ignored. The bit value 0 indicates the corresponding bit will be + checked. In other words, when the value of all 'ff'Hs indicates any + destination MAC address is specified. When the value of all '00'Hs + indicates host destination MAC address is specified." + ::= { dAclExpertAccessRuleEntry 16 } + + dAclExpertAccRuleDstOperator OBJECT-TYPE + SYNTAX DlinkAclPortOperatorType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates how a packet's TCP/UDP destination port number is + compared. + When the value of this object is eq(2),gt(3),lt(4) or neq(5) uses + the dAclExpertAccsRuleDstPort as an operand which is the only one needed. + + When the value of this object is range(6) needs 2 operands. One is + dAclExpertAccsRuleDstPort, which is the starting port number of the + range, and the other operand is dAclExpertAccsRuleDstPortRange, + which is the ending port number of the range. + + When the value of this object is mask(7) needs 2 operands. One is + dAclExpertAccsRuleDstPort, the other operand is dAclExpertAccsRuleDstPortMask. + + This object is used for TCP/UDP protocol only, hence when the object + 'dAclExpertAccRuleProtocol' is set to other than TCP/UDP, the object has + to be 'none(1)'." + ::= { dAclExpertAccessRuleEntry 17 } + + dAclExpertAccRuleDstPort OBJECT-TYPE + SYNTAX Integer32 (-1..65535) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the destination port number of TCP/UDP protocol. + If the value is -1, it means the value is not specified. + If the dAclExpertAccsRuleDstOperator object in the same row is + range(6), this object will be the starting port number of the port + range. + This object only can be configured dAclExpertAccsRuleDstOperator in + the same row is not 'none(1)'." + DEFVAL { -1 } + ::= { dAclExpertAccessRuleEntry 18 } + + dAclExpertAccRuleDstPortRange OBJECT-TYPE + SYNTAX Integer32 (-1..65535) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The destination port number of the TCP/UDP protocol. If the + dAclExpertAccsRuleDstOperator object in the same row is range(6), this + object will be the ending port number of the port range. + The value of -1 means the ending port number is not specified." + DEFVAL { -1 } + ::= { dAclExpertAccessRuleEntry 19 } + + dAclExpertAccRuleVlanID OBJECT-TYPE + SYNTAX VlanIdOrNone + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the VLAN ID. + A value of zero indicates the VLAN ID is not specified." + DEFVAL { 0 } + ::= { dAclExpertAccessRuleEntry 20 } + + dAclExpertAccRuleInnerVlanID OBJECT-TYPE + SYNTAX VlanIdOrNone + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the inner VLAN ID. A value of zero indicates + the inner VLAN ID is not specified." + DEFVAL { 0 } + ::= { dAclExpertAccessRuleEntry 21 } + + dAclExpertAccRuleQosPrecedence OBJECT-TYPE + SYNTAX Integer32 (-1 | 0..7) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the value of precedence. + The value of -1 means the value is not specified or not applicable. + dAclExpertAccRuleQosPrecedence and dAclExpertAccRuleQosDscp cannot + be specified at same time in a row." + DEFVAL { -1 } + ::= { dAclExpertAccessRuleEntry 22 } + + dAclExpertAccRuleQosTos OBJECT-TYPE + SYNTAX Integer32 (-1 | 0..15) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the value of type of service. + The value of -1 means the value is not specified or not applicable. + dAclExpertAccRuleQosTos and dAclExpertAccRuleQosDscp cannot + be specified at same time in a row." + DEFVAL { -1 } + ::= { dAclExpertAccessRuleEntry 23 } + + dAclExpertAccRuleQosDscp OBJECT-TYPE + SYNTAX Integer32 (-1 | 0..63) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the value of DSCP code. + The value of -1 means the value is not specified or not applicable. + Neither dAclExpertAccRuleQosPrecedence nor dAclExpertAccRuleQosTos + can be specified with dAclExpertAccRuleQosDscp at same time in a + row." + DEFVAL { -1 } + ::= { dAclExpertAccessRuleEntry 24 } + + dAclExpertAccRuleIcmpType OBJECT-TYPE + SYNTAX Integer32 (-1 | 0..255) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the type of ICMP protocol. + If the value is -1, it means the value is not specified. + This object is used for ICMP protocol only, hence when the object + 'dAclExpertAccRuleProtocol' is set to other than ICMP, the object has + to be -1." + DEFVAL { -1 } + ::= { dAclExpertAccessRuleEntry 25 } + + dAclExpertAccRuleIcmpCode OBJECT-TYPE + SYNTAX Integer32 (-1 | 0..255) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the code of ICMP protocol. + If the value is -1, it means the value is not specified. + This object is used for ICMP protocol only, hence when the object + 'dAclExpertAccRuleProtocol' is set to other than ICMP, the object has + to be -1." + DEFVAL { -1 } + ::= { dAclExpertAccessRuleEntry 26 } + + dAclExpertAccRuleTimeName OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the name of time-period profile associated with the + access-list delineating its activation period. + The value 'NULL' means that this rule is not bound with any Time + mechanism." + ::= { dAclExpertAccessRuleEntry 27 } + + dAclExpertAccRuleTcpFlag OBJECT-TYPE + SYNTAX TcpFlag + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the TCP flag fields. + This node is available only for TCP protocol. + The default value for this node is empty set, which means no TCP flag + values are set. + " + ::= { dAclExpertAccessRuleEntry 28 } + + dAclExpertAccRuleFragments OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the Packet fragment filtering status + is enabled('true') or disabled('false')." + ::= { dAclExpertAccessRuleEntry 29 } + + dAclExpertAccRuleOuterCos OBJECT-TYPE + SYNTAX Integer32 (-1 | 0..7) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the value of inner priority. + The value of -1 means the value is not specified or not applicable. + " + DEFVAL { -1 } + ::= { dAclExpertAccessRuleEntry 30 } + + dAclExpertAccRuleInnerCos OBJECT-TYPE + SYNTAX Integer32 (-1 | 0..7) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the value of inner priority, the node is availabe just for the + node dAclExpertAccRuleOuterCos be specified. + The value of -1 means the value is not specified or not applicable. + " + DEFVAL { -1 } + ::= { dAclExpertAccessRuleEntry 31 } + + dAclExpertAccRuleUserDefProtocolMask OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(1)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the mask for protocol ID defined by dAclExpertAccRuleUserDefProtocol. + Valid values are from 0x00 to 0xFF. + Default value is 0xFF. + This node is valid only for the dAclExpertAccRuleUserDefProtocol specified." + ::= { dAclExpertAccessRuleEntry 32 } + + dAclExpertAccRuleSrcPortMask OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(2)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the mask for L4 source port defined by dAclExpertAccRuleSrcPort. + Valid values are from 0x0 to 0xFFFF. + Default value is 0xFFFF. + This object only can be configured dAclExpertAccRuleSrcOperator in the + same row is 'mask(7)'. + " + ::= { dAclExpertAccessRuleEntry 33 } + + dAclExpertAccRuleDstPortMask OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(2)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the mask for L4 destination port defined by dAclExpertAccRuleDstPort. + Valid values are from 0x0 to 0xFFFF. + Default value is 0xFFFF. + This object only can be configured dAclExpertAccRuleDstOperator in the + same row is 'mask(7)'." + ::= { dAclExpertAccessRuleEntry 34 } + + dAclExpertAccRuleVlanIDMask OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(2)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the mask for VLAN ID defined by dAclExpertAccRuleVlanID. + Valid values are from 0x0000 to 0x0FFF. + This node and dAclExpertAccRuleVlanRangeMin/dAclExpertAccRuleVlanRangeMax + cannot be specified at same time in a row. + Default value is 0x0FFF. + This node is valid only for the dAclExpertAccRuleVlanID specified." + ::= { dAclExpertAccessRuleEntry 35 } + + dAclExpertAccRuleInnerVlanIDMask OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(2)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the mask for inner VLAN ID defined by dAclExpertAccRuleInnerVlanID. + Valid values are from 0x0000 to 0x0FFF. + Default value is 0x0FFF. + This node is valid only for the dAclExpertAccRuleInnerVlanID specified." + ::= { dAclExpertAccessRuleEntry 36 } + + dAclExpertAccRuleQosPrecedenceMask OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(1)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the mask for ip precedence defined by dAclExpertAccRuleQosPrecedence. + Valid values are from 0x0 to 0x7. + Default value is 0x7. + This node is valid only for the dAclExpertAccRuleQosPrecedence specified." + ::= { dAclExpertAccessRuleEntry 37 } + + dAclExpertAccRuleQosTosMask OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(1)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the mask for type of service defined by dAclExpertAccRuleQosTos. + Valid values are from 0x0 to 0xF. + Default value is 0xF. + This node is valid only for the dAclExpertAccRuleQosTos specified." + ::= { dAclExpertAccessRuleEntry 38 } + + dAclExpertAccRuleQosDscpMask OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(1)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the mask for DSCP code defined by dAclExpertAccRuleQosDscp. + Valid values are from 0x0 to 0x3F. + Default value is 0x3F. + This node is valid only for the dAclExpertAccRuleQosDscp specified." + ::= { dAclExpertAccessRuleEntry 39 } + + dAclExpertAccRuleOuterCosMask OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(1)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the mask for priority defined by dAclExpertAccRuleOuterCos. + Valid values are from 0x00 to 0x07. + Default value is 0x07. + This node is valid only for the dAclExpertAccRuleOuterCos specified." + ::= { dAclExpertAccessRuleEntry 40 } + + dAclExpertAccRuleInnerCosMask OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(1)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the mask for inner priority defined by dAclExpertAccRuleInnerCos. + Valid values are from 0x00 to 0x07. + Default value is 0x07. + This node is valid only for the dAclExpertAccRuleInnerCos specified." + ::= { dAclExpertAccessRuleEntry 41 } + + dAclExpertAccRuleVlanRangeMin OBJECT-TYPE + SYNTAX VlanIdOrNone + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the minimum outer VLAN ID of a VLAN range. A value of zero + indicates the VLAN range is not specified. + This node and dAclMacAccessRuleVlanID/dAclMacAccessRuleVlanIDMask cannot + be specified at same time in a row. + This node is valid only for the dAclExpertAccRuleVlanRangeMax specified." + DEFVAL { 0 } + ::= { dAclExpertAccessRuleEntry 42 } + + dAclExpertAccRuleVlanRangeMax OBJECT-TYPE + SYNTAX VlanIdOrNone + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the maximum outer VLAN ID of a VLAN range. A value of zero + indicates the VLAN range is not specified. + This node and dAclMacAccessRuleVlanID/dAclMacAccessRuleVlanIDMask cannot + be specified at same time in a row. + This node is valid only for the dAclExpertAccRuleVlanRangeMin specified." + DEFVAL { 0 } + ::= { dAclExpertAccessRuleEntry 43 } + +-- ----------------------------------------------------------------------------- + dAclExpertAccessGroupTable OBJECT-TYPE + SYNTAX SEQUENCE OF DAclExpertAccessGroupEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table represents a list of extended expert access group + configuration." + ::= { dAclExpert 4 } + + dAclExpertAccessGroupEntry OBJECT-TYPE + SYNTAX DAclExpertAccessGroupEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in dAclExpertAccessGroupTable contains interface specific + extended expert access list association." + INDEX { dAclExpertAccessGroupIfIndex , dAclExpertAccessGroupApplyDirection } + ::= { dAclExpertAccessGroupTable 1 } + + DAclExpertAccessGroupEntry ::= SEQUENCE { + dAclExpertAccessGroupIfIndex InterfaceIndex, + dAclExpertAccessGroupApplyDirection INTEGER, + dAclExpertAccessGroupRowStatus RowStatus, + dAclExpertAccessGroupAclName DisplayString, + dAclExpertAccessGroupAclId Integer32 + } + + dAclExpertAccessGroupIfIndex OBJECT-TYPE + SYNTAX InterfaceIndex + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Indicates the ifIndex of the interface. + Only physical port is valid interface." + ::= { dAclExpertAccessGroupEntry 1 } + + dAclExpertAccessGroupApplyDirection OBJECT-TYPE + SYNTAX INTEGER{ + inbound(1), + outbound(2) + } + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Indicates whether this ACL access list is to be attached to ingress or egress direction." + ::= { dAclExpertAccessGroupEntry 2 } + dAclExpertAccessGroupRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The row status variable, used according to installation + and removal conventions for conceptual rows." + ::= { dAclExpertAccessGroupEntry 3 } + + dAclExpertAccessGroupAclName OBJECT-TYPE + SYNTAX DisplayString (SIZE (1..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The name of the Expert access list to be applied." + ::= { dAclExpertAccessGroupEntry 4 } + + dAclExpertAccessGroupAclId OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The ID of the Expert access list to be applied. + User maybe specify access list ID(by this object) or name (by + dAclExpertAccessGroupAclName) to be applied. If both access list + ID and name are specified, the access list name specified by + dAclExpertAccessGroupAclName will be take. + " + ::= { dAclExpertAccessGroupEntry 5 } +-- ----------------------------------------------------------------------------- + dAclVlan OBJECT IDENTIFIER ::= { dAclMIBObjects 6 } + + dAclVlanSubMapTable OBJECT-TYPE + SYNTAX SEQUENCE OF DAclVlanSubMapEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table contains a list of sub-map configuration. The first + instance identifier index value (dAclVlanAccMapName) identifies the + entry(dAclVlanSubMapEntry) belongs to. + A VLAN access map can contain multiple sub-maps, the packet that + matches a sub-map (that is packet permitted by the associated + access-list) will take the action specified for the same entry. + No further check against the next sub-maps is done. + If the packet does not match a sub-map, then the next sub-map will + be checked. The checking sequence is determined by the value of + dAclVlanAccSubMapSeq for a same VLAN acess map." + ::= { dAclVlan 1} + + dAclVlanSubMapEntry OBJECT-TYPE + SYNTAX DAclVlanSubMapEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry is defined dAclVlanSubMapTable. + " + INDEX { + dAclVlanAccMapName, + dAclVlanAccSubMapSeq + } + ::= { dAclVlanSubMapTable 1 } + + DAclVlanSubMapEntry ::= SEQUENCE { + dAclVlanAccMapName DisplayString, + dAclVlanAccSubMapSeq Integer32, + dAclVlanAccSubMapRowStatus RowStatus, + dAclVlanAccSubMapMatchAclName DisplayString, + dAclVlanAccessSubMapAction INTEGER, + dAclVlanAccSubMapRedirectIfIndex InterfaceIndexOrZero, + dAclVlanAccSubMapMatchAclId Integer32 + } + + dAclVlanAccMapName OBJECT-TYPE + SYNTAX DisplayString (SIZE (1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This object is used to specify the name of an VLAN + acess map." + ::= { dAclVlanSubMapEntry 1 } + + dAclVlanAccSubMapSeq OBJECT-TYPE + SYNTAX Integer32 ( 0 | 1..65535 ) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Indicates the sequence number of a VLAN access rule. + The value range is 1 to 65535. + The value of 0 indicates the number is not specified and + sequence number will be automatically assigned. + " + ::= { dAclVlanSubMapEntry 2 } + + dAclVlanAccSubMapRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The row status variable, used according to installation + and removal conventions for conceptual rows." + ::= { dAclVlanSubMapEntry 3 } + + dAclVlanAccSubMapMatchAclName OBJECT-TYPE + SYNTAX DisplayString (SIZE (1..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the name of MAC/IP/IPv6 ACL + which will be associated." + ::= { dAclVlanSubMapEntry 4 } + + dAclVlanAccessSubMapAction OBJECT-TYPE + SYNTAX INTEGER { + none(1), + forward(2), + drop(3), + redirect(4) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the action when the packet that matches + a sub-map (that is packet permitted by the associated access-list). " + ::= { dAclVlanSubMapEntry 5 } + + dAclVlanAccSubMapRedirectIfIndex OBJECT-TYPE + SYNTAX InterfaceIndexOrZero + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates ifIndex of the interface the packet will be + redirected. + When the dAclVlanAccessAction in the same row + is set to other than 'redirect', the object has to be zero, + which indicates the redirected interface is not specified or not + applicable." + ::= { dAclVlanSubMapEntry 6 } + + dAclVlanAccSubMapMatchAclId OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the ID of MAC/IP/IPv6 ACL access list + which will be associated. + User may specify access list ID(by this object) or name (by + dAclVlanAccSubMapMatchAclName) to be applied. If both access list + ID and name are specified, the access list name specified by + dAclVlanAccSubMapMatchAclName will be take. + " + ::= { dAclVlanSubMapEntry 7 } +-- ----------------------------------------------------------------------------- + dAclVlanFilterTable OBJECT-TYPE + SYNTAX SEQUENCE OF DAclVlanFilterEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table represents a list of VLAN access map configuration." + ::= { dAclVlan 2 } + + dAclVlanFilterEntry OBJECT-TYPE + SYNTAX DAclVlanFilterEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in dAclVlanFilterTable contains vlan-specific + VLAN access map association." + INDEX { dAclVlanFilterVlanId } + ::= { dAclVlanFilterTable 1 } + + DAclVlanFilterEntry ::= SEQUENCE { + dAclVlanFilterVlanId VlanId, + dAclVlanFilterRowStatus RowStatus, + dAclVlanFilterVlanAccMapName DisplayString + + } + + dAclVlanFilterVlanId OBJECT-TYPE + SYNTAX VlanId + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Indicates the VLAN ID of the entry. " + ::= { dAclVlanFilterEntry 1 } + + dAclVlanFilterRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The row status variable, used according to installation + and removal conventions for conceptual rows." + ::= { dAclVlanFilterEntry 2 } + + dAclVlanFilterVlanAccMapName OBJECT-TYPE + SYNTAX DisplayString (SIZE (1..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The name of the access list to be applied for the VLAN. + NULL value indicates the access list is not specified." + ::= { dAclVlanFilterEntry 3 } + +-- ----------------------------------------------------------------------------- + dAclVlanAccessMapTable OBJECT-TYPE + SYNTAX SEQUENCE OF DAclVlanAccessMapEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table contains a list of VLAN access map configuration. " + ::= { dAclVlan 3} + + dAclVlanAccessMapEntry OBJECT-TYPE + SYNTAX DAclVlanAccessMapEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry is defined dAclVlanAccessMapTable. + " + INDEX { + dAclVlanAccMapName + } + ::= { dAclVlanAccessMapTable 1 } + + DAclVlanAccessMapEntry ::= SEQUENCE { + dAclVlanAccessMapCounterEnabled TruthValue, + dAclVlanAccessMapClearStatAction INTEGER + } + + dAclVlanAccessMapCounterEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object indicates the counter state of the VLAN access map + is enabled('true') or disabled('false'). + The counter state setting just for the all VLAN interface that applied + the access map in dAclVlanFilterTable." + ::= { dAclVlanAccessMapEntry 1 } + + dAclVlanAccessMapClearStatAction OBJECT-TYPE + SYNTAX INTEGER{ + clear(1), + noOp(2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is used to clear statistics of the VLAN access map + when set to 'clear'. No action is taken if this object is set to 'noOp'. + The 'clear' action just for the all entry that applied the VLAN + access map in dAclVlanFilterTable. + When read, the value 'noOp' is returned." + ::= { dAclVlanAccessMapEntry 2 } + +-- ----------------------------------------------------------------------------- + dAclCounter OBJECT IDENTIFIER ::= { dAclMIBObjects 7 } + + dAclAccessGroupCounterTable OBJECT-TYPE + SYNTAX SEQUENCE OF DAclAccessGroupCounterEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table maintains counter information associated with + a specific access list rule in the access rule table. + Please refer to the dAclMacAccessRuleTable, dAclIpAccessRuleTable, + dAclIPv6AccessRuleTable and dAclExpertAccessRuleTable for + detailed ACL rule information. + " + ::= { dAclCounter 1} + + dAclAccessGroupCounterEntry OBJECT-TYPE + SYNTAX DAclAccessGroupCounterEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry is defined dAclAccessGroupCounterTable. + " + INDEX { + dAclAccessGroupCounterAccListId, + dAclAccessGroupCounterAccRuleSn + } + ::= { dAclAccessGroupCounterTable 1 } + + DAclAccessGroupCounterEntry ::= SEQUENCE { + dAclAccessGroupCounterAccListId Integer32, + dAclAccessGroupCounterAccRuleSn Integer32, + dAclAccessGroupCounterIngressStat Counter64, + dAclAccessGroupCounterEgressStat Counter64 + } + + dAclAccessGroupCounterAccListId OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The ID of an access list which access group counter enabled. + the access list was defined by the tables: + dAclMacAccessListTable, dAclIpAccessListTable, + dAclIPv6AccessListTable, dAclExpertAccessListTable." + ::= { dAclAccessGroupCounterEntry 1 } + + dAclAccessGroupCounterAccRuleSn OBJECT-TYPE + SYNTAX Integer32(1..65535) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Specifies the sequence number of this rule entry as related to the + dAclAccessGroupCounterAccListId." + ::= { dAclAccessGroupCounterEntry 2 } + + dAclAccessGroupCounterIngressStat OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object indicates the total number of matched packets for the access rule + applied on inbound of all interface in dAclMacAccessGroupTable, + dAclIpAccessGroupTable, dAclIPv6AccessGroupTable, or + dAclExpertAccessGroupTable. + " + ::= { dAclAccessGroupCounterEntry 3 } + + dAclAccessGroupCounterEgressStat OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object indicates the total number of matched packets for the access rule + applied on outbound of all interface in dAclMacAccessGroupTable, + dAclIpAccessGroupTable, dAclIPv6AccessGroupTable, or + dAclExpertAccessGroupTable. + " + ::= { dAclAccessGroupCounterEntry 4 } + +-- ----------------------------------------------------------------------------- + dAclVlanFilterCounterTable OBJECT-TYPE + SYNTAX SEQUENCE OF DAclVlanFilterCounterEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table maintains counter information associated with + a specific access sub map in the dAclVlanSubMapTable. + " + ::= { dAclCounter 2} + + dAclVlanFilterCounterEntry OBJECT-TYPE + SYNTAX DAclVlanFilterCounterEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry is defined dAclVlanFilterCounterTable. + " + INDEX { + dAclVlanFilterCounterAccMapName, + dAclVlanFilterCounterSubMapSeq + } + ::= { dAclVlanFilterCounterTable 1 } + + DAclVlanFilterCounterEntry ::= SEQUENCE { + dAclVlanFilterCounterAccMapName DisplayString, + dAclVlanFilterCounterSubMapSeq Integer32, + dAclVlanFilterCounterStatistics Counter64 + } + + dAclVlanFilterCounterAccMapName OBJECT-TYPE + SYNTAX DisplayString (SIZE (1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The name of a VLAN access map which counter enabled. the VLAN + access map was defined by the dAclVlanSubMapTable. + " + ::= { dAclVlanFilterCounterEntry 1 } + + dAclVlanFilterCounterSubMapSeq OBJECT-TYPE + SYNTAX Integer32(1..65535) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Indicates the sequence number of a VLAN access sub map. the vlan + sub map sequence number was defined by the dAclVlanSubMapTable." + ::= { dAclVlanFilterCounterEntry 2 } + + dAclVlanFilterCounterStatistics OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object indicates the total number of matched packets for the + sub map that applied on all VLAN interface in dAclVlanFilterTable." + ::= { dAclVlanFilterCounterEntry 3 } + +-- *************************************************************************** +-- Conformance +-- *************************************************************************** + dAclCompliances OBJECT IDENTIFIER ::= { dAclMIBConformance 1 } + + dAclCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for entities which implement the + DLINKSW-ACL-MIB." + MODULE -- this module + MANDATORY-GROUPS { + dAclGenGroup, + dAclMacGroup, + dAclIpGroup + } + + GROUP dAclIPv6Group + DESCRIPTION + "This group is required only if the IPv6 access list feature + is implemented by the agent." + + GROUP dAclExpertGroup + DESCRIPTION + "This group is required only if the extended expert access list + feature is implemented by the agent." + + GROUP dAclVlanFilterGroup + DESCRIPTION + "This group is required only if vlan filter feature is implemented + by the agent." + ::= { dAclCompliances 1 } + + dAclGroups OBJECT IDENTIFIER ::= { dAclMIBConformance 2 } + + dAclGenGroup OBJECT-GROUP + OBJECTS { + dAclReSeqStartingNumber, dAclReSeqIncrement + } + STATUS current + DESCRIPTION + "A collection of objects providing general access list configuration." + ::= { dAclGroups 1 } + + dAclMacGroup OBJECT-GROUP + OBJECTS { + dAclMacAccessListNumber, dAclMacAccessListRowStatus, + dAclMacAccessListId, dAclMacAccessListCounterEnabled, + dAclMacAccessListClearStatAction,dAclMacAccessListRemark, + dAclMacAccessRuleRowStatus, dAclMacAccessRuleAction, + dAclMacAccessRuleSrcMacAddr, dAclMacAccessRuleSrcMacWildcard, + dAclMacAccessRuleDstMacAddr, dAclMacAccessRuleDstMacWildcard, + dAclMacAccessRulePacketType, dAclMacAccessRuleEthernetType, + dAclMacAccessRuleLlcDSAP, dAclMacAccessRuleLlcSSAP, + dAclMacAccessRuleLlcCntl, + dAclMacAccessRuleDot1p, dAclMacAccessRuleInnerDot1p, + dAclMacAccessRuleVlanID, dAclMacAccessRuleInnerVlanID, + dAclMacAccessRuleTimeName, + dAclMacAccessGroupRowStatus, + dAclMacAccessGroupAclName,dAclMacAccessGroupAclId + } + STATUS current + DESCRIPTION + "A collection of objects providing MAC access list configuration." + ::= { dAclGroups 2 } + + dAclIpGroup OBJECT-GROUP + OBJECTS { + dAclIpAccessListNumber, dAclIpAccessListRowStatus, + dAclIpAccessExtended, dAclIpAccessListId, + dAclIpAccessListCounterEnabled, dAclIpAccessListClearStatAction, + dAclIpAccessListRemark, + dAclIpAccessRuleRowStatus, dAclIpAccessRuleAction, + dAclIpAccessRuleProtocol, dAclIpAccessRuleUserDefProtocol, + dAclIpAccessRuleSrcAddr, dAclIpAccessRuleSrcWildcard, + dAclIpAccessRuleDstAddr, dAclIpAccessRuleDstWildcard, + dAclIpAccessRuleSrcOperator, dAclIpAccessRuleSrcPort, + dAclIpAccessRuleSrcPortRange, + dAclIpAccessRuleDstOperator, dAclIpAccessRuleDstPort, + dAclIpAccessRuleDstPortRange, + dAclIpAccessRuleQosPrecedence, dAclIpAccessRuleQosTos, + dAclIpAccessRuleQosDscp, + dAclIpAccessRuleIcmpType, dAclIpAccessRuleIcmpCode, + dAclIpAccessRuleTimeName, dAclIpAccRuleTcpFlag, + dAclIpAccRuleFragments, + dAclIpAccessGroupStatus, + dAclIpAccessGroupAclName, dAclIpAccessGroupAclId + } + STATUS current + DESCRIPTION + "A collection of objects providing IP access list configuration." + ::= { dAclGroups 3 } + + dAclIPv6Group OBJECT-GROUP + OBJECTS { + dAclIPv6AccessListNumber, dAclIPv6AccessListRowStatus, + dAclIPv6AccessExtended, dAclIPv6AccessListId, + dAclIPv6AccessListCounterEnabled, + dAclIPv6AccessListClearStatAction, + dAclIPv6AccessListRemark, + dAclIPv6AccessRuleRowStatus, dAclIPv6AccessRuleAction, + dAclIPv6AccessRuleProtocol, dAclIPv6AccessRuleUserDefProtocol, + dAclIPv6AccessRuleSrcAddr, dAclIPv6AccessRuleSrcPrefixLen, + dAclIPv6AccessRuleDstAddr, dAclIPv6AccessRuleDstPrefixLen, + dAclIPv6AccessRuleSrcOperator, dAclIPv6AccessRuleSrcPort, + dAclIPv6AccessRuleSrcPortRange, + dAclIPv6AccessRuleDstOperator, dAclIPv6AccessRuleDstPort, + dAclIPv6AccessRuleDstPortRange, + dAclIPv6AccessRuleDscp, + dAclIPv6AccessRuleIcmpType, dAclIPv6AccessRuleIcmpCode, + dAclIPv6AccessRuleTimeName, + dAclIPv6AccessGroupStatus, + dAclIPv6AccessGroupAclName,dAclIPv6AccessGroupAclId, + dAclIPv6AccRuleTcpFlag, + dAclIPv6AccRuleFragments, + dAclIPv6AccRuleFlowLabel + } + STATUS current + DESCRIPTION + "A collection of objects providing IPv6 access list configuration." + ::= { dAclGroups 4 } + + dAclExpertGroup OBJECT-GROUP + OBJECTS { + dAclExpertAccessListNumber, dAclExpertAccessListRowStatus, + dAclExpertAccessListId, dAclExpertAccessListCounterEnabled, + dAclExpertAccessListClearStatAction, dAclExpertAccessListRemark, + dAclExpertAccRuleRowStatus, dAclExpertAccRuleAction, + dAclExpertAccRuleProtocol, dAclExpertAccRuleUserDefProtocol, + dAclExpertAccRuleSrcIpAddr, dAclExpertAccRuleSrcIpWildcard, + dAclExpertAccRuleSrcMacAddr, dAclExpertAccRuleSrcMacWildcard, + dAclExpertAccRuleSrcOperator, dAclExpertAccRuleSrcPort, + dAclExpertAccRuleSrcPortRange, + dAclExpertAccRuleDstIpAddr, dAclExpertAccRuleDstIpWildcard, + dAclExpertAccRuleDstMacAddr, dAclExpertAccRuleDstMacWildcard, + dAclExpertAccRuleDstOperator, dAclExpertAccRuleDstPort, + dAclExpertAccRuleDstPortRange, + dAclExpertAccRuleVlanID, dAclExpertAccRuleInnerVlanID, + dAclExpertAccRuleQosPrecedence, dAclExpertAccRuleQosTos, + dAclExpertAccRuleQosDscp, + dAclExpertAccRuleIcmpType, dAclExpertAccRuleIcmpCode, + dAclExpertAccRuleTimeName, + dAclExpertAccessGroupRowStatus, + dAclExpertAccessGroupAclName,dAclExpertAccessGroupAclId, + dAclExpertAccRuleTcpFlag, + dAclExpertAccRuleFragments, + dAclExpertAccRuleOuterCos, + dAclExpertAccRuleInnerCos + } + STATUS current + DESCRIPTION + "A collection of objects providing extended expert access list configuration." + ::= { dAclGroups 5 } + + dAclVlanFilterGroup OBJECT-GROUP + OBJECTS { + dAclVlanAccSubMapRowStatus, dAclVlanAccSubMapMatchAclName, + dAclVlanAccessSubMapAction, dAclVlanAccSubMapRedirectIfIndex, + dAclVlanFilterRowStatus, dAclVlanFilterVlanAccMapName, + dAclVlanAccSubMapMatchAclId, dAclVlanAccessMapCounterEnabled, + dAclVlanAccessMapClearStatAction + } + STATUS current + DESCRIPTION + "A collection of objects providing VLAN access map configuration." + ::= { dAclGroups 6 } + + dAclCounterGroup OBJECT-GROUP + OBJECTS { + dAclAccessGroupCounterIngressStat, + dAclAccessGroupCounterEgressStat, + dAclVlanFilterCounterStatistics + } + STATUS current + DESCRIPTION + "A collection of objects providing ACL counter information." + ::= { dAclGroups 7 } +END + + -- cgit v1.2.3