-- ==================================================================== -- Copyright (C) 2003 by HUAWEI TECHNOLOGIES. All rights reserved. -- -- Description: Huawei Acl MIB Definition -- Reference: Huawei Enterprise MIB -- Version: V2.0 -- History: -- Wang Ning,2002-11-29,Reunification version based on the Fix-Net MIBs -- baseline by the MIB Standard community. -- Version: V2.1 -- History: -- Yang Hongjie,2003-04-11,Reunification version based on V2.0. -- Version: V2.2 -- History: -- Yang Yuhui,2004-05-17,Reunification version based on V2.1. -- Version: V2.3 -- History: -- Xu xinjun, 2009-04-13. -- 1, Add five new rule tables based on V2.2. -- hwAclEthernetFrameRuleTable, hwAclIpv6BasicRuleTable, -- hwAclIpv6AdvanceRuleTable, hwAclIpv6NumGroupTable, -- hwAclIpv6IfRuleTable. -- 2, Change Name-ACL range from [42768..45767] to [42768..59151] -- ======================================================================== HUAWEI-ACL-MIB DEFINITIONS ::= BEGIN IMPORTS huaweiMgmt FROM HUAWEI-MIB OBJECT-GROUP, MODULE-COMPLIANCE FROM SNMPv2-CONF IpAddress, Integer32, Unsigned32, Gauge32, Counter32, OBJECT-TYPE, Counter64, MODULE-IDENTITY FROM SNMPv2-SMI RowStatus, TruthValue, MacAddress FROM SNMPv2-TC EnabledStatus FROM P-BRIDGE-MIB Ipv6Address FROM IPV6-TC; hwAcl MODULE-IDENTITY LAST-UPDATED "200904131600Z" -- April 13, 2009 at 09:00 GMT ORGANIZATION "Huawei Technologies Co., Ltd." CONTACT-INFO "R&D BeiJing, Huawei Technologies co.,Ltd. Huawei Bld.,NO.3 Xinxi Rd., Shang-Di Information Industry Base, Hai-Dian District Beijing P.R. China Zip:100085 Http://www.huawei.com E-mail:support@huawei.com" DESCRIPTION "The HUAWEI-ACL-MIB contains objects to configure ACL module, including ACL group, rule and acl accelerate, and query the current ACL configuration and status. This MIB module objects indicate hwAclNumGroupTable, hwAclBasicRuleTable, hwAclAdvanceRuleTable, hwAclIfRuleTable, hwAclEthernetFrameRuleTable, hwAclIpv6BasicRuleTable, hwAclIpv6AdvanceRuleTable, hwAclIpv6IfRuleTable, hwAclCompileEnableFlag, hwAclCompileNumGroupTable, hwAclIpv6NumGroupTable and acl trap. To filter data packets, a series of rules need to be configured on the device. These rules are defined by ACL (Access Control List), which are a series of sequential rules consisting of rule permit or deny statements. The rules are described by source address, destination address and port number of data packets. ACL classifies data packets through these device interface applied rules, by which the device decides which packets can be received and which should be rejected." ::= { huaweiMgmt 1 } -- -- Node definitions -- -- 1.3.6.1.4.1.2011.5.1.1 hwAclMibObjects OBJECT IDENTIFIER ::= { hwAcl 1 } -- 1.3.6.1.4.1.2011.5.1.1.2 hwAclNumGroupTable OBJECT-TYPE SYNTAX SEQUENCE OF HwAclNumGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of ACL group information including match order, step, description and so on" ::= { hwAclMibObjects 2 } -- 1.3.6.1.4.1.2011.5.1.1.2.1 hwAclNumGroupEntry OBJECT-TYPE SYNTAX HwAclNumGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing characters of an acl group " INDEX { hwAclNumGroupAclNum } ::= { hwAclNumGroupTable 1 } HwAclNumGroupEntry ::= SEQUENCE { hwAclNumGroupAclNum Integer32, hwAclNumGroupMatchOrder INTEGER, hwAclNumGroupSubitemNum Counter32, hwAclNumGroupStep Integer32, hwAclNumGroupDescription OCTET STRING, hwAclNumGroupCountClear INTEGER, hwAclNumGroupRowStatus RowStatus, hwAclNumGroupAclName OCTET STRING, hwAclNumGroupAclType INTEGER } -- 1.3.6.1.4.1.2011.5.1.1.2.1.1 hwAclNumGroupAclNum OBJECT-TYPE SYNTAX Integer32 (700..799|1000..3999|4000..4999|6000..9999|10000..10999|42768..75535) MAX-ACCESS read-only STATUS current DESCRIPTION "The index of acl group, identifying an ACL. The object specifies the range of an ACL number. The basic ACL is represented by the number in the range 2000 through 2999. The advanced ACL is represented by the number in the range 3000 through 3999. The interface-based ACL is represented by the number in the range 1000 to 1999. The User ACL is represented by the number in the range 6000 through 9999. The Mpls ACL is represented by the number in the range 10000 through 10999. The name ACL is represented by the number in the range 42768 through 75535." ::= { hwAclNumGroupEntry 1 } -- 1.3.6.1.4.1.2011.5.1.1.2.1.2 hwAclNumGroupMatchOrder OBJECT-TYPE SYNTAX INTEGER { config(1), auto(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the match order of rules. 'config' means matching ACL rules in the configuration sequence, 'auto' means the ACL rules are matched following the 'Depth-first' principle." DEFVAL { config } ::= { hwAclNumGroupEntry 2 } -- 1.3.6.1.4.1.2011.5.1.1.2.1.3 hwAclNumGroupSubitemNum OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of the rules in the acl group." ::= { hwAclNumGroupEntry 3 } -- 1.3.6.1.4.1.2011.5.1.1.2.1.4 hwAclNumGroupStep OBJECT-TYPE SYNTAX Integer32 (1..20) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the step value of number acl. Step here refers to the difference between each ID. For instance, given the step is set to 5, the IDs are the multiples of 5 beginning with 5. The ACL IDs change along with the step. When the step is 5, the ACL IDs are 5, 10, and 15 and so on. However, when the step is set to 2, the IDs turn to 2, 4, and 6 and so on." ::= { hwAclNumGroupEntry 4 } -- 1.3.6.1.4.1.2011.5.1.1.2.1.5 hwAclNumGroupDescription OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..127)) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the description of this acl group. The object describes the usage of an ACL with a word or a sentence." ::= { hwAclNumGroupEntry 5 } -- 1.3.6.1.4.1.2011.5.1.1.2.1.6 hwAclNumGroupCountClear OBJECT-TYPE SYNTAX INTEGER { cleared(1), notUsed(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Reset the statistics of ACL group." ::= { hwAclNumGroupEntry 6 } -- 1.3.6.1.4.1.2011.5.1.1.2.1.7 hwAclNumGroupRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus, Now support three value:CreateAndGo,Active,Destroy." ::= { hwAclNumGroupEntry 7 } -- 1.3.6.1.4.1.2011.5.1.1.2.1.8 hwAclNumGroupAclName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the name of an acl group, The first character must be start with a to z or A to Z, and the length cannot exceed 32 character." ::= { hwAclNumGroupEntry 8 } -- 1.3.6.1.4.1.2011.5.1.1.2.1.9 hwAclNumGroupAclType OBJECT-TYPE SYNTAX INTEGER { basic(1), advanced(2), link(3), user(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "The type of ACL group." ::= { hwAclNumGroupEntry 9 } -- 1.3.6.1.4.1.2011.5.1.1.4 hwAclBasicRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF HwAclBasicRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Configure the rule for basic acl group." ::= { hwAclMibObjects 4 } -- 1.3.6.1.4.1.2011.5.1.1.4.1 hwAclBasicRuleEntry OBJECT-TYPE SYNTAX HwAclBasicRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry is a rule of basic acl." INDEX { hwAclBasicAclNum, hwAclBasicSubitem } ::= { hwAclBasicRuleTable 1 } HwAclBasicRuleEntry ::= SEQUENCE { hwAclBasicAclNum Integer32, hwAclBasicSubitem Unsigned32, hwAclBasicAct INTEGER, hwAclBasicSrcIp IpAddress, hwAclBasicSrcWild IpAddress, hwAclBasicTimeRangeIndex Integer32, hwAclBasicFragments INTEGER, hwAclBasicLog TruthValue, hwAclBasicEnable TruthValue, hwAclBasicCount Counter64, hwAclBasicVrfName OCTET STRING, hwAclBasicRowStatus RowStatus, hwAclBasicDescription OCTET STRING } -- 1.3.6.1.4.1.2011.5.1.1.4.1.1 hwAclBasicAclNum OBJECT-TYPE SYNTAX Integer32 (1..99 | 2000..2999 ) MAX-ACCESS read-only STATUS current DESCRIPTION "The index of basic acl group" ::= { hwAclBasicRuleEntry 1 } -- 1.3.6.1.4.1.2011.5.1.1.4.1.2 hwAclBasicSubitem OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The objects specifies the number of an ACL rule. If the number specified has been assigned to an ACL rule, the new rule will overwrite the old one, which is equal to editing the old rule. If the number is not assigned, the system will define a rule with the number and insert it to the place corresponding to its number. If no number is specified, the system will define a rule, assign a number to it and add it into the ACL. It will be placed at the end of the ACL when configuration sequence is adopted; otherwise, it will be placed based on the 'Depth-first' principle. When ACL rules are following the 'Depth-first' principle, the number of an ACL rule must be given 0 ,but it will be assigned by step automatically;otherwise,this rule will not be created." ::= { hwAclBasicRuleEntry 2 } -- 1.3.6.1.4.1.2011.5.1.1.4.1.3 hwAclBasicAct OBJECT-TYPE SYNTAX INTEGER { permit(1), deny(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the action of a basic acl rule. 'deny' means discarding the packets that meet the condition, 'permit' means permitting the packets that meet the condition." ::= { hwAclBasicRuleEntry 3 } -- 1.3.6.1.4.1.2011.5.1.1.4.1.4 hwAclBasicSrcIp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the source IP-address of a basic acl rule." ::= { hwAclBasicRuleEntry 4 } -- 1.3.6.1.4.1.2011.5.1.1.4.1.5 hwAclBasicSrcWild OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the source IP-address wild of a basic acl rule." ::= { hwAclBasicRuleEntry 5 } -- 1.3.6.1.4.1.2011.5.1.1.4.1.6 hwAclBasicTimeRangeIndex OBJECT-TYPE SYNTAX Integer32 (0..256) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the time range of a basic acl rule. When the current time is in time range, the rule is valid. Zero value declares that the acl rule has no time range. The invalid value is 0." ::= { hwAclBasicRuleEntry 6 } -- 1.3.6.1.4.1.2011.5.1.1.4.1.7 hwAclBasicFragments OBJECT-TYPE SYNTAX INTEGER { fragmentSubseq(0), fragment(1), nonFragment(2), nonSubseq(3), none(255) } MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the type of the packet. 0: fragmentSubseq, indicating that the packet is a subsequent fragment 1: fragment, indicating that the packet is a fragment 2: nonFragment, indicating that the packet is not a fragment 3: nonSubseq, indicating that the packet is not a subsequent fragment 255: none, invalid value This object cannot be modified once a rule is created." ::= { hwAclBasicRuleEntry 7 } -- 1.3.6.1.4.1.2011.5.1.1.4.1.8 hwAclBasicLog OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates whether to log the matched packets. The log contents include sequence number of ACL rule, packets passed or discarded, upper layer protocol type over IP, source/destination address, source/destination port number, and number of packets." ::= { hwAclBasicRuleEntry 8 } -- 1.3.6.1.4.1.2011.5.1.1.4.1.9 hwAclBasicEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The object indicates whether the rule is valid or invalid." ::= { hwAclBasicRuleEntry 9 } -- 1.3.6.1.4.1.2011.5.1.1.4.1.10 hwAclBasicCount OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The object indicates the statistics of matched packets by the rule." ::= { hwAclBasicRuleEntry 10 } -- 1.3.6.1.4.1.2011.5.1.1.4.1.11 hwAclBasicVrfName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..31)) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the VRF name of this rule. It specifies the VPN-instance to which the packet belongs." ::= { hwAclBasicRuleEntry 11 } -- 1.3.6.1.4.1.2011.5.1.1.4.1.12 hwAclBasicRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus, Now support three value:CreateAndGo,Active and Destroy." ::= { hwAclBasicRuleEntry 12 } -- 1.3.6.1.4.1.2011.5.1.1.4.1.13 hwAclBasicDescription OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..127)) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the description of this basic rule. The object describes the usage of an ACL with a word or a sentence." ::= { hwAclBasicRuleEntry 13 } -- 1.3.6.1.4.1.2011.5.1.1.5 hwAclAdvancedRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF HwAclAdvancedRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Configure the rule for advanced acl group." ::= { hwAclMibObjects 5 } -- 1.3.6.1.4.1.2011.5.1.1.5.1 hwAclAdvancedRuleEntry OBJECT-TYPE SYNTAX HwAclAdvancedRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains a rule of advanced acl group." INDEX { hwAclAdvancedAclNum, hwAclAdvancedSubitem } ::= { hwAclAdvancedRuleTable 1 } HwAclAdvancedRuleEntry ::= SEQUENCE { hwAclAdvancedAclNum Integer32, hwAclAdvancedSubitem Unsigned32, hwAclAdvancedAct INTEGER, hwAclAdvancedProtocol Integer32, hwAclAdvancedSrcIp IpAddress, hwAclAdvancedSrcWild IpAddress, hwAclAdvancedSrcOp INTEGER, hwAclAdvancedSrcPort1 Integer32, hwAclAdvancedSrcPort2 Integer32, hwAclAdvancedDestIp IpAddress, hwAclAdvancedDestWild IpAddress, hwAclAdvancedDestOp INTEGER, hwAclAdvancedDestPort1 Integer32, hwAclAdvancedDestPort2 Integer32, hwAclAdvancedPrecedence Integer32, hwAclAdvancedTos Integer32, hwAclAdvancedDscp Integer32, hwAclAdvancedEstablish TruthValue, hwAclAdvancedTimeRangeIndex Integer32, hwAclAdvancedIcmpType Integer32, hwAclAdvancedIcmpCode Integer32, hwAclAdvancedFragments INTEGER, hwAclAdvancedLog TruthValue, hwAclAdvancedEnable TruthValue, hwAclAdvancedCount Counter64, hwAclAdvancedVrfName OCTET STRING, hwAclAdvancedRowStatus RowStatus, hwAclAdvancedTcpSyncFlag Integer32, hwAclAdvancedDescription OCTET STRING } -- 1.3.6.1.4.1.2011.5.1.1.5.1.1 hwAclAdvancedAclNum OBJECT-TYPE SYNTAX Integer32 (100..199 | 3000..3999 | 42768..75535) MAX-ACCESS read-only STATUS current DESCRIPTION "The index of advanced acl table." ::= { hwAclAdvancedRuleEntry 1 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.2 hwAclAdvancedSubitem OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The object specifies the number of an advanced ACL rule. If the number specified has been assigned to an ACL rule, the new rule will overwrite the old one, which is equal to editing the old rule. If the number is not assigned, the system will define a rule with the number and insert it to the place corresponding to its number. If no number is specified, the system will define a rule, assign a number to it and add it into the ACL. It will be placed at the end of the ACL when configuration sequence is adopted; otherwise, it will be placed based on the 'Depth-first' principle. When ACL rules are following the 'Depth-first' principle, the number of an ACL rule must be given 0 ,but it will be assigned by step automatically;otherwise,this rule will not be created." ::= { hwAclAdvancedRuleEntry 2 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.3 hwAclAdvancedAct OBJECT-TYPE SYNTAX INTEGER { permit(1), deny(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the action of an advanced acl rule. 'deny' means discarding the packets that meet the condition, 'permit' means permitting the packets that meet the condition." ::= { hwAclAdvancedRuleEntry 3 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.4 hwAclAdvancedProtocol OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the protocol type of the rule. It specifies the protocol type over IP.The number of IP protocol is 0." ::= { hwAclAdvancedRuleEntry 4 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.5 hwAclAdvancedSrcIp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the source IP-address of an advanced acl rule." ::= { hwAclAdvancedRuleEntry 5 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.6 hwAclAdvancedSrcWild OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the source IP-address wild of an advanced acl rule." ::= { hwAclAdvancedRuleEntry 6 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.7 hwAclAdvancedSrcOp OBJECT-TYPE SYNTAX INTEGER { lt(1), eq(2), gt(3), neq(4), invalid(0), range(5) } MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the source Port operation symbol of an advanced acl rule. It compares the port operators of source address. 'lt' means less than, 'eq' means equal to, 'gt' means greater than, 'neq' means not equal to, 'range' means between, 'invalid' means this operation of the rule is invalid." ::= { hwAclAdvancedRuleEntry 7 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.8 hwAclAdvancedSrcPort1 OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the fourth layer sourec port 1. It specifies the source port information of UDP or TCP packets." ::= { hwAclAdvancedRuleEntry 8 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.9 hwAclAdvancedSrcPort2 OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the fourth layer source port2." ::= { hwAclAdvancedRuleEntry 9 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.10 hwAclAdvancedDestIp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the destination IP-address of an advanced acl rule." ::= { hwAclAdvancedRuleEntry 10 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.11 hwAclAdvancedDestWild OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the destination IP-address wild of an advanced acl rule." ::= { hwAclAdvancedRuleEntry 11 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.12 hwAclAdvancedDestOp OBJECT-TYPE SYNTAX INTEGER { lt(1), eq(2), gt(3), neq(4), invalid(0), range(5) } MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the destination Port operation symbol of an advanced acl group. It compares the port operators of destination address. 'lt' means less than, 'eq' means equal to, 'gt' means greater than, 'neq' means not equal to, 'range' means between, 'invalid' means this operation of the rule is invalid." ::= { hwAclAdvancedRuleEntry 12 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.13 hwAclAdvancedDestPort1 OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the fourth layer destination port1." ::= { hwAclAdvancedRuleEntry 13 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.14 hwAclAdvancedDestPort2 OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the fourth layer destination port2." ::= { hwAclAdvancedRuleEntry 14 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.15 hwAclAdvancedPrecedence OBJECT-TYPE SYNTAX Integer32 (0..7|255) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the value of IP-packet's precedence, It filters packets according to precedence field.The invalid value is 255." ::= { hwAclAdvancedRuleEntry 15 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.16 hwAclAdvancedTos OBJECT-TYPE SYNTAX Integer32 (0..15|255) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the value of IP-packet's TOS, It filters packets according to type of service.The invalid value is 255." ::= { hwAclAdvancedRuleEntry 16 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.17 hwAclAdvancedDscp OBJECT-TYPE SYNTAX Integer32 (0..63|255) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the value of frame.The invalid value is 255." ::= { hwAclAdvancedRuleEntry 17 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.18 hwAclAdvancedEstablish OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates whether or not establishing." DEFVAL { False } ::= { hwAclAdvancedRuleEntry 18 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.19 hwAclAdvancedTimeRangeIndex OBJECT-TYPE SYNTAX Integer32 (0..256) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the time range of an advanced acl rule. When the current time is in the time range, the rule is valid. Zero value declares that the acl rule has no time range.The invalid value is 0." ::= { hwAclAdvancedRuleEntry 19 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.20 hwAclAdvancedIcmpType OBJECT-TYPE SYNTAX Integer32 (0..255|65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the type of ICMP packet. It filters ICMP packets according to the ICMP message type. The invalid value is 65535." ::= { hwAclAdvancedRuleEntry 20 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.21 hwAclAdvancedIcmpCode OBJECT-TYPE SYNTAX Integer32 (0..255|65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the code of ICMP packet. It filters ICMP packets according to the message code. The invalid value is 65535." ::= { hwAclAdvancedRuleEntry 21 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.22 hwAclAdvancedFragments OBJECT-TYPE SYNTAX INTEGER { fragmentSubseq(0), fragment(1), nonFragment(2), nonSubseq(3), fragmentSpeFirst(4), none(255) } MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the type of the packet. 0: fragmentSubseq, indicating that the packet is a subsequent fragment 1: fragment, indicating that the packet is a fragment 2: nonFragment, indicating that the packet is not a fragment 3: nonSubseq, indicating that the packet is not a subsequent fragment 4: fragmentSpeFirst, indicating that the packet is the first fragment 255: none, invalid value This object cannot be modified once a rule is created." ::= { hwAclAdvancedRuleEntry 22 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.23 hwAclAdvancedLog OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates whether to log the matched packets. The log contents include sequence number of ACL rule, packets passed or discarded, upper layer protocol type over IP, source/destination address, source/destination port number, and number of packets" ::= { hwAclAdvancedRuleEntry 23 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.24 hwAclAdvancedEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The object indicates whether the rule is valid or invalid." ::= { hwAclAdvancedRuleEntry 24 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.25 hwAclAdvancedCount OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The object indicates the statistics of matched packets by the rule." ::= { hwAclAdvancedRuleEntry 25 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.26 hwAclAdvancedVrfName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..31)) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the VRF name of this rule, It specifies the VPN-instance to which the packet belongs." ::= { hwAclAdvancedRuleEntry 26 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.27 hwAclAdvancedRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus, Now support three state:CreateAndGo,Active,Destroy." ::= { hwAclAdvancedRuleEntry 27 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.28 hwAclAdvancedTcpSyncFlag OBJECT-TYPE SYNTAX Integer32 (-1|0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the code of TCP Sync flag(0~63), The invalid value is -1." ::= { hwAclAdvancedRuleEntry 28 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.29 hwAclAdvancedDescription OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..127)) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the description of this advanced rule. The object describes the usage of an ACL with a word or a sentence." ::= { hwAclAdvancedRuleEntry 29 } -- 1.3.6.1.4.1.2011.5.1.1.6 hwAclIfRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF HwAclIfRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Configure the rule for interface-based acl group." ::= { hwAclMibObjects 6 } -- 1.3.6.1.4.1.2011.5.1.1.6.1 hwAclIfRuleEntry OBJECT-TYPE SYNTAX HwAclIfRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains a rule of interface-based acl group." INDEX { hwAclIfAclNum, hwAclIfSubitem } ::= { hwAclIfRuleTable 1 } HwAclIfRuleEntry ::= SEQUENCE { hwAclIfAclNum Integer32, hwAclIfSubitem Unsigned32, hwAclIfAct INTEGER, hwAclIfIndex Integer32, hwAclIfAny TruthValue, hwAclIfTimeRangeIndex Integer32, hwAclIfLog TruthValue, hwAclIfEnable TruthValue, hwAclIfCount Counter64, hwAclIfRowStatus RowStatus } -- 1.3.6.1.4.1.2011.5.1.1.6.1.1 hwAclIfAclNum OBJECT-TYPE SYNTAX Integer32 (1000..1999) MAX-ACCESS read-only STATUS current DESCRIPTION "The index of interface-based acl group." ::= { hwAclIfRuleEntry 1 } -- 1.3.6.1.4.1.2011.5.1.1.6.1.2 hwAclIfSubitem OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The object specifies the number of an ACL rule. If the number specified has been assigned to an ACL rule, the new rule will overwrite the old one, which is equal to editing the old rule. If the number is not assigned, the system will define a rule with the number and insert it to the place corresponding to its number. If no number is specified, the system will define a rule, assign a number to it and add it into the ACL. It will be placed at the end of the ACL when configuration sequence is adopted; otherwise, it will be placed based on the 'Depth-first' principle. When ACL rules are following the 'Depth-first' principle, the number of an ACL rule must be given 0 ,but it will be assigned by step automatically;otherwise,this rule will not be created." ::= { hwAclIfRuleEntry 2 } -- 1.3.6.1.4.1.2011.5.1.1.6.1.3 hwAclIfAct OBJECT-TYPE SYNTAX INTEGER { permit(1), deny(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the action of an interface-based acl rule. 'deny' means discarding the packets that meet the condition, 'permit' means permitting the packets that meet the condition." ::= { hwAclIfRuleEntry 3 } -- 1.3.6.1.4.1.2011.5.1.1.6.1.4 hwAclIfIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the index of an interface. It specifies the interface information of the packets.The invalid interface index is 0." ::= { hwAclIfRuleEntry 4 } -- 1.3.6.1.4.1.2011.5.1.1.6.1.5 hwAclIfAny OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates whether or not matching any interface." ::= { hwAclIfRuleEntry 5 } -- 1.3.6.1.4.1.2011.5.1.1.6.1.6 hwAclIfTimeRangeIndex OBJECT-TYPE SYNTAX Integer32 (0..256) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the time range of an interface-based acl rule. when the current time is in time range, the rule is valid. Zero value declares that the acl rule has no time range. The invalid value is 0." ::= { hwAclIfRuleEntry 6 } -- 1.3.6.1.4.1.2011.5.1.1.6.1.7 hwAclIfLog OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates whether to log the matched packets. The log contents include sequence number of ACL rule, packets passed or discarded, upper layer protocol type over IP, source/destination address, source/destination port number, and number of packets." ::= { hwAclIfRuleEntry 7 } -- 1.3.6.1.4.1.2011.5.1.1.6.1.8 hwAclIfEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The object indicates whether the rule is valid or invalid." ::= { hwAclIfRuleEntry 8 } -- 1.3.6.1.4.1.2011.5.1.1.6.1.9 hwAclIfCount OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The object indicates the statistics of matched packets by the rule." ::= { hwAclIfRuleEntry 9 } -- 1.3.6.1.4.1.2011.5.1.1.6.1.11 hwAclIfRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus,Now support three state:CreateAndGo,Active,Destroy." ::= { hwAclIfRuleEntry 11 } --user acl -- 1.3.6.1.4.1.2011.5.1.1.7 hwAclUserRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF HwAclUserRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Configure the rule for user acl group." ::= { hwAclMibObjects 7 } -- 1.3.6.1.4.1.2011.5.1.1.7.1 hwAclUserRuleEntry OBJECT-TYPE SYNTAX HwAclUserRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains a rule of user acl group." INDEX { hwAclUserAclNum, hwAclUserSubitem } ::= { hwAclUserRuleTable 1 } HwAclUserRuleEntry ::= SEQUENCE { hwAclUserAclNum Integer32, hwAclUserSubitem Integer32, hwAclUserAct INTEGER, hwAclUserProtocol Integer32, hwAclUserSrcIp IpAddress, hwAclUserSrcWild IpAddress, hwAclUserSrcOp INTEGER, hwAclUserSrcPort1 Integer32, hwAclUserSrcPort2 Integer32, hwAclUserDestIp IpAddress, hwAclUserDestWild IpAddress, hwAclUserDestOp INTEGER, hwAclUserDestPort1 Integer32, hwAclUserDestPort2 Integer32, hwAclUserPrecedence Integer32, hwAclUserTos Integer32, hwAclUserDscp Integer32, hwAclUserEstablish TruthValue, hwAclUserTimeRangeIndex Integer32, hwAclUserIcmpType Integer32, hwAclUserIcmpCode Integer32, hwAclUserFragments TruthValue, hwAclUserLog TruthValue, hwAclUserEnable TruthValue, hwAclUserCount Counter32, hwAclUserVrfName OCTET STRING, hwAclUserSrcUserGroupName OCTET STRING, hwAclUserDestUserGroupName OCTET STRING, hwAclUserSrcModeType Integer32, hwAclUserDestModeType Integer32, hwAclUserRowStatus RowStatus, hwAclUserTcpSyncFlag Integer32 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.1 hwAclUserAclNum OBJECT-TYPE SYNTAX Integer32 (6000..9999) MAX-ACCESS read-only STATUS current DESCRIPTION "The index of user acl table." ::= { hwAclUserRuleEntry 1 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.2 hwAclUserSubitem OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The object specifies the number of an User ACL rule. If the number specified has been assigned to an ACL rule, the new rule will overwrite the old one, which is equal to editing the old rule. If the number is not assigned, the system will define a rule with the number and insert it to the place corresponding to its number. If no number is specified, the system will define a rule, assign a number to it and add it into the ACL. It will be placed at the end of the ACL when configuration sequence is adopted; otherwise, it will be placed based on the 'Depth-first' principle" ::= { hwAclUserRuleEntry 2 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.3 hwAclUserAct OBJECT-TYPE SYNTAX INTEGER { permit(1), deny(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the action of an User acl rule. 'deny' means discarding the packets that meet the condition, 'permit' means permitting the packets that meet the condition." ::= { hwAclUserRuleEntry 3 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.4 hwAclUserProtocol OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the protocol type of the rule. It specifies the protocol type over IP.The number of IP protocol is 0." ::= { hwAclUserRuleEntry 4 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.5 hwAclUserSrcIp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the source IP-address of an User acl rule." ::= { hwAclUserRuleEntry 5 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.6 hwAclUserSrcWild OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the source IP-address wild of an User acl rule." ::= { hwAclUserRuleEntry 6 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.7 hwAclUserSrcOp OBJECT-TYPE SYNTAX INTEGER { lt(1), eq(2), gt(3), neq(4), invalid(0), range(5) } MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the source Port operation symbol of an User acl rule. It compares the port operators of source address. 'lt' means less than, 'eq' means equal to, 'gt' means greater than, 'neq' means not equal to, 'range' means between, 'invalid' means this operation of the rule is invalid." ::= { hwAclUserRuleEntry 7 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.8 hwAclUserSrcPort1 OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the fourth layer sourec port 1. It specifies the source port information of UDP or TCP packets." ::= { hwAclUserRuleEntry 8 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.9 hwAclUserSrcPort2 OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the fourth layer source port2." ::= { hwAclUserRuleEntry 9 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.10 hwAclUserDestIp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the destination IP-address of an User acl rule." ::= { hwAclUserRuleEntry 10 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.11 hwAclUserDestWild OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the destination IP-address wild of an User acl rule." ::= { hwAclUserRuleEntry 11 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.12 hwAclUserDestOp OBJECT-TYPE SYNTAX INTEGER { lt(1), eq(2), gt(3), neq(4), invalid(0), range(5) } MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the destination Port operation symbol of an User acl group. It compares the port operators of destination address. 'lt' means less than, 'eq' means equal to, 'gt' means greater than, 'neq' means not equal to, 'range' means between, 'invalid' means this operation of the rule is invalid." ::= { hwAclUserRuleEntry 12 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.13 hwAclUserDestPort1 OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the fourth layer destination port1." ::= { hwAclUserRuleEntry 13 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.14 hwAclUserDestPort2 OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the fourth layer destination port2." ::= { hwAclUserRuleEntry 14 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.15 hwAclUserPrecedence OBJECT-TYPE SYNTAX Integer32 (0..7|255) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the value of IP-packet's precedence, It filters packets according to precedence field.The invalid value is 255." ::= { hwAclUserRuleEntry 15 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.16 hwAclUserTos OBJECT-TYPE SYNTAX Integer32 (0..15|255) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the value of IP-packet's TOS, It filters packets according to type of service.The invalid value is 255." ::= { hwAclUserRuleEntry 16 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.17 hwAclUserDscp OBJECT-TYPE SYNTAX Integer32 (0..63|255) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the value of frame.The invalid value is 255." ::= { hwAclUserRuleEntry 17 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.18 hwAclUserEstablish OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates whether or not establishing." DEFVAL { False } ::= { hwAclUserRuleEntry 18 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.19 hwAclUserTimeRangeIndex OBJECT-TYPE SYNTAX Integer32 (0..256) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the time range of an User acl rule. When the current time is in the time range, the rule is valid. Zero value declares that the acl rule has no time range.The invalid value is 0." ::= { hwAclUserRuleEntry 19 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.20 hwAclUserIcmpType OBJECT-TYPE SYNTAX Integer32 (0..255|65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the type of ICMP packet. It filters ICMP packets according to the ICMP message type. The invalid value is 65535." ::= { hwAclUserRuleEntry 20 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.21 hwAclUserIcmpCode OBJECT-TYPE SYNTAX Integer32 (0..255|65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the code of ICMP packet. It filters ICMP packets according to the message code. The invalid value is 65535." ::= { hwAclUserRuleEntry 21 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.22 hwAclUserFragments OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates whether or not matching fragmented packet, It specifies that this rule is only valid for the non-first fragment packets." ::= { hwAclUserRuleEntry 22 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.23 hwAclUserLog OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates whether to log the matched packets. The log contents include sequence number of ACL rule, packets passed or discarded, upper layer protocol type over IP, source/destination address, source/destination port number, and number of packets" ::= { hwAclUserRuleEntry 23 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.24 hwAclUserEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The object indicates whether the rule is valid or invalid." ::= { hwAclUserRuleEntry 24 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.25 hwAclUserCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The object indicates the statistics of matched packets by the rule." ::= { hwAclUserRuleEntry 25 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.26 hwAclUserVrfName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the VRF name of this rule, It specifies the VPN-instance to which the packet belongs." ::= { hwAclUserRuleEntry 26 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.27 hwAclUserSrcUserGroupName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the source user group name of this rule. if modetype source is user, null sting means any user" ::= { hwAclUserRuleEntry 27 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.28 hwAclUserDestUserGroupName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the destination user group name of this rule. if modetype destination is user, null sting means any user" ::= { hwAclUserRuleEntry 28 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.29 hwAclUserSrcModeType OBJECT-TYPE SYNTAX Integer32 (0..4) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates ACL's mode type, Now support four state 0 Any match rule from any user group or any ip subnet, 1 NetAny match rule from any ip subnet, 2 UserAny match rule from any user group, 3 Net match rule from an ip subnet, 4 User match rule from a user group" ::= { hwAclUserRuleEntry 29 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.30 hwAclUserDestModeType OBJECT-TYPE SYNTAX Integer32 (0..4) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates ACL's mode type, Now support four state 0 Any match rule from any user group or any ip subnet, 1 NetAny match rule from any ip subnet, 2 UserAny match rule from any user group, 3 Net match rule from an ip subnet, 4 User match rule from a user group" ::= { hwAclUserRuleEntry 30 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.31 hwAclUserRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus, Now support three state:CreateAndGo,Active,Destroy." ::= { hwAclUserRuleEntry 31 } hwAclUserTcpSyncFlag OBJECT-TYPE SYNTAX Integer32 (-1|0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the code of TCP Sync flag(0~63), The invalid value is -1." ::= { hwAclUserRuleEntry 32 } -- 1.3.6.1.4.1.2011.5.1.1.10 hwAclCompileEnableFlag OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The object indicates whether acl compiler is enabled. when acl compiler is enabled, and ACL accelerate function is enabled, then matching packets by rule is efficient." ::= { hwAclMibObjects 10 } -- 1.3.6.1.4.1.2011.5.1.1.11 hwAclCompileNumGroupTable OBJECT-TYPE SYNTAX SEQUENCE OF HwAclCompileNumGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The ACL compiler table extending the Acl-number-group table" ::= { hwAclMibObjects 11 } -- 1.3.6.1.4.1.2011.5.1.1.11.1 hwAclCompileNumGroupEntry OBJECT-TYPE SYNTAX HwAclCompileNumGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The entry of Acl-number-group compiler extended table" AUGMENTS { hwAclNumGroupEntry } ::= { hwAclCompileNumGroupTable 1 } HwAclCompileNumGroupEntry ::= SEQUENCE { hwAclCompileNumGroupStatus INTEGER } -- 1.3.6.1.4.1.2011.5.1.1.11.1.1 hwAclCompileNumGroupStatus OBJECT-TYPE SYNTAX INTEGER { notCompile(1), compiled(2), changeAfterCompile(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "The object indicates the status of Acl-number-group compiler. 'notCompile' means acl accelerate function is disabled, 'compiled' means acl accelerate function is enabled, 'changeAfterCompile' means acl is changed after compiled." DEFVAL { notCompile } ::= { hwAclCompileNumGroupEntry 1 } -- 1.3.6.1.4.1.2011.5.1.1.12 hwAclIpv6BasicRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF HwAclIpv6BasicRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Configure the rule for ipv6 basic acl group." ::= { hwAclMibObjects 12 } -- 1.3.6.1.4.1.2011.5.1.1.12.1 hwAclIpv6BasicRuleEntry OBJECT-TYPE SYNTAX HwAclIpv6BasicRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry is a rule of ipv6 basic acl." INDEX { hwAclIpv6BasicAclNum, hwAclIpv6BasicSubitem } ::= { hwAclIpv6BasicRuleTable 1 } HwAclIpv6BasicRuleEntry ::= SEQUENCE { hwAclIpv6BasicAclNum Integer32, hwAclIpv6BasicSubitem Unsigned32, hwAclIpv6BasicAct INTEGER, hwAclIpv6BasicSrcIp Ipv6Address, hwAclIpv6BasicSrcPrefix Integer32, hwAclIpv6BasicTimeRangeIndex Integer32, hwAclIpv6BasicFragment INTEGER, hwAclIpv6BasicLog TruthValue, hwAclIpv6BasicEnable EnabledStatus, hwAclIpv6BasicCount Counter64, hwAclIpv6BasicVrfName OCTET STRING, hwAclIpv6BasicRowStatus RowStatus, hwAclIpv6BasicDescription OCTET STRING } -- 1.3.6.1.4.1.2011.5.1.1.12.1.1 hwAclIpv6BasicAclNum OBJECT-TYPE SYNTAX Integer32 (2000..2999 ) MAX-ACCESS read-only STATUS current DESCRIPTION "The index of ipv6 basic acl group" ::= { hwAclIpv6BasicRuleEntry 1 } -- 1.3.6.1.4.1.2011.5.1.1.4.1.2 hwAclIpv6BasicSubitem OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The objects specifies the number of an ACL rule. If the number specified has been assigned to an ACL rule, the new rule will overwrite the old one, which is equal to editing the old rule. If the number is not assigned, the system will define a rule with the number and insert it to the place corresponding to its number. If no number is specified, the system will define a rule, assign a number to it and add it into the ACL. It will be placed at the end of the ACL when configuration sequence is adopted; otherwise, it will be placed based on the 'Depth-first' principle. When ACL rules are following the 'Depth-first' principle, the number of an ACL rule must be given 0 ,but it will be assigned automatically; otherwise, this rule will not be created." ::= { hwAclIpv6BasicRuleEntry 2 } -- 1.3.6.1.4.1.2011.5.1.1.12.1.3 hwAclIpv6BasicAct OBJECT-TYPE SYNTAX INTEGER { permit(1), deny(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the action of a ipv6 basic acl rule. 'deny' means discarding the packets that meet the condition, 'permit' means permitting the packets that meet the condition." ::= { hwAclIpv6BasicRuleEntry 3 } -- 1.3.6.1.4.1.2011.5.1.1.12.1.4 hwAclIpv6BasicSrcIp OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the source IPv6-address of a ipv6 basic acl rule." ::= { hwAclIpv6BasicRuleEntry 4 } -- 1.3.6.1.4.1.2011.5.1.1.12.1.5 hwAclIpv6BasicSrcPrefix OBJECT-TYPE SYNTAX Integer32 (0..128) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the source IPv6-address prefix length of a ipv6 basic acl rule." ::= { hwAclIpv6BasicRuleEntry 5 } -- 1.3.6.1.4.1.2011.5.1.1.12.1.6 hwAclIpv6BasicTimeRangeIndex OBJECT-TYPE SYNTAX Integer32 (0..256) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the time range of a ipv6 basic acl rule. When the current time is in time range, the rule is valid. Zero value declares that the acl rule has no time range. The invalid value is 0." ::= { hwAclIpv6BasicRuleEntry 6 } -- 1.3.6.1.4.1.2011.5.1.1.12.1.7 hwAclIpv6BasicFragment OBJECT-TYPE SYNTAX INTEGER { fragment(1), none(255) } MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the type of the packet. 1: fragment, indicating that the packet is a fragment 255: none, invalid value This object cannot be modified once a rule is created." ::= { hwAclIpv6BasicRuleEntry 7 } -- 1.3.6.1.4.1.2011.5.1.1.12.1.8 hwAclIpv6BasicLog OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates whether to log the matched packets. The log contents include sequence number of ACL rule, packets passed or discarded, upper layer protocol type over IP, source/destination address, source/destination port number, and number of packets." ::= { hwAclIpv6BasicRuleEntry 8 } -- 1.3.6.1.4.1.2011.5.1.1.12.1.9 hwAclIpv6BasicEnable OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-only STATUS current DESCRIPTION "The object indicates whether the rule is valid or invalid." ::= { hwAclIpv6BasicRuleEntry 9 } -- 1.3.6.1.4.1.2011.5.1.1.12.1.10 hwAclIpv6BasicCount OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The object indicates the statistics of matched packets by the rule." ::= { hwAclIpv6BasicRuleEntry 10 } -- 1.3.6.1.4.1.2011.5.1.1.12.1.11 hwAclIpv6BasicVrfName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..31)) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the VRF name of this rule. It specifies the VPN-instance to which the packet belongs." ::= { hwAclIpv6BasicRuleEntry 11 } -- 1.3.6.1.4.1.2011.5.1.1.12.1.12 hwAclIpv6BasicRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus, Now support three value: CreateAndGo, Active and Destroy." ::= { hwAclIpv6BasicRuleEntry 12 } -- 1.3.6.1.4.1.2011.5.1.1.12.1.13 hwAclIpv6BasicDescription OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..127)) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the description of this IPv6 basic rule. The object describes the usage of an IPv6 ACL with a word or a sentence." ::= { hwAclIpv6BasicRuleEntry 13 } -- 1.3.6.1.4.1.2011.5.1.1.13 hwAclIpv6AdvancedRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF HwAclIpv6AdvancedRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Configure the rule for ipv6 advanced acl group." ::= { hwAclMibObjects 13 } -- 1.3.6.1.4.1.2011.5.1.1.13.1 hwAclIpv6AdvancedRuleEntry OBJECT-TYPE SYNTAX HwAclIpv6AdvancedRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains a rule of ipv6 advanced acl group." INDEX { hwAclIpv6AdvancedAclNum, hwAclIpv6AdvancedSubitem } ::= { hwAclIpv6AdvancedRuleTable 1 } HwAclIpv6AdvancedRuleEntry ::= SEQUENCE { hwAclIpv6AdvancedAclNum Integer32, hwAclIpv6AdvancedSubitem Unsigned32, hwAclIpv6AdvancedAct INTEGER, hwAclIpv6AdvancedProtocol Integer32, hwAclIpv6AdvancedSrcIp Ipv6Address, hwAclIpv6AdvancedSrcPrefix Integer32, hwAclIpv6AdvancedSrcOp INTEGER, hwAclIpv6AdvancedSrcPort1 Integer32, hwAclIpv6AdvancedSrcPort2 Integer32, hwAclIpv6AdvancedDestIp Ipv6Address, hwAclIpv6AdvancedDestPrefix Integer32, hwAclIpv6AdvancedDestOp INTEGER, hwAclIpv6AdvancedDestPort1 Integer32, hwAclIpv6AdvancedDestPort2 Integer32, hwAclIpv6AdvancedPrecedence Integer32, hwAclIpv6AdvancedTos Integer32, hwAclIpv6AdvancedDscp Integer32, hwAclIpv6AdvancedEstablish TruthValue, hwAclIpv6AdvancedTimeRangeIndex Integer32, hwAclIpv6AdvancedIcmpType Integer32, hwAclIpv6AdvancedIcmpCode Integer32, hwAclIpv6AdvancedFragment INTEGER, hwAclIpv6AdvancedLog TruthValue, hwAclIpv6AdvancedEnable EnabledStatus, hwAclIpv6AdvancedCount Counter64, hwAclIpv6AdvancedVrfName OCTET STRING, hwAclIpv6AdvancedRowStatus RowStatus, hwAclIpv6AdvancedDescription OCTET STRING } -- 1.3.6.1.4.1.2011.5.1.1.13.1.1 hwAclIpv6AdvancedAclNum OBJECT-TYPE SYNTAX Integer32 (3000..3999 | 42768..59151) MAX-ACCESS read-only STATUS current DESCRIPTION "The index of ipv6 advanced acl table." ::= { hwAclIpv6AdvancedRuleEntry 1 } -- 1.3.6.1.4.1.2011.5.1.1.13.1.2 hwAclIpv6AdvancedSubitem OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The object specifies the number of an ipv6 advanced ACL rule. If the number specified has been assigned to an ACL rule, the new rule will overwrite the old one, which is equal to editing the old rule. If the number is not assigned, the system will define a rule with the number and insert it to the place corresponding to its number. If no number is specified, the system will define a rule, assign a number to it and add it into the ACL. It will be placed at the end of the ACL when configuration sequence is adopted; otherwise, it will be placed based on the 'Depth-first' principle. When ACL rules are following the 'Depth-first' principle, the number of an ACL rule must be given 0 ,but it will be assigned automatically;otherwise,this rule will not be created." ::= { hwAclIpv6AdvancedRuleEntry 2 } -- 1.3.6.1.4.1.2011.5.1.1.13.1.3 hwAclIpv6AdvancedAct OBJECT-TYPE SYNTAX INTEGER { permit(1), deny(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the action of an ipv6 advanced acl rule. 'deny' means discarding the packets that meet the condition, 'permit' means permitting the packets that meet the condition." ::= { hwAclIpv6AdvancedRuleEntry 3 } -- 1.3.6.1.4.1.2011.5.1.1.13.1.4 hwAclIpv6AdvancedProtocol OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the protocol type of the rule. It specifies the protocol type over IP.The number of IPv6 protocol is 0." ::= { hwAclIpv6AdvancedRuleEntry 4 } -- 1.3.6.1.4.1.2011.5.1.1.13.1.5 hwAclIpv6AdvancedSrcIp OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the source IPv6-address of an ipv6 advanced acl rule." ::= { hwAclIpv6AdvancedRuleEntry 5 } -- 1.3.6.1.4.1.2011.5.1.1.13.1.6 hwAclIpv6AdvancedSrcPrefix OBJECT-TYPE SYNTAX Integer32 (0..128) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the source IPv6-address prefix length of an ipv6 advanced acl rule." ::= { hwAclIpv6AdvancedRuleEntry 6 } -- 1.3.6.1.4.1.2011.5.1.1.13.1.7 hwAclIpv6AdvancedSrcOp OBJECT-TYPE SYNTAX INTEGER { lt(1), eq(2), gt(3), neq(4), range(5), invalid(255) } MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the source Port operation symbol of an ipv6 advanced acl rule. It compares the port operators of source address. 'lt' means less than, 'eq' means equal to, 'gt' means greater than, 'neq' means not equal to, 'range' means between, 'invalid' means this operation of the rule is invalid." ::= { hwAclIpv6AdvancedRuleEntry 7 } -- 1.3.6.1.4.1.2011.5.1.1.13.1.8 hwAclIpv6AdvancedSrcPort1 OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the fourth layer sourec port 1. It specifies the source port information of UDP or TCP packets." ::= { hwAclIpv6AdvancedRuleEntry 8 } -- 1.3.6.1.4.1.2011.5.1.1.13.1.9 hwAclIpv6AdvancedSrcPort2 OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the fourth layer source port2." ::= { hwAclIpv6AdvancedRuleEntry 9 } -- 1.3.6.1.4.1.2011.5.1.1.13.1.10 hwAclIpv6AdvancedDestIp OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the destination IPv6-address of an ipv6 advanced acl rule." ::= { hwAclIpv6AdvancedRuleEntry 10 } -- 1.3.6.1.4.1.2011.5.1.1.13.1.11 hwAclIpv6AdvancedDestPrefix OBJECT-TYPE SYNTAX Integer32 (0..128) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the destination IPv6-address prefix length of an ipv6 advanced acl rule." ::= { hwAclIpv6AdvancedRuleEntry 11 } -- 1.3.6.1.4.1.2011.5.1.1.13.1.12 hwAclIpv6AdvancedDestOp OBJECT-TYPE SYNTAX INTEGER { lt(1), eq(2), gt(3), neq(4), range(5), invalid(255) } MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the destination Port operation symbol of an ipv6 advanced acl group. It compares the port operators of destination address. 'lt' means less than, 'eq' means equal to, 'gt' means greater than, 'neq' means not equal to, 'range' means between, 'invalid' means this operation of the rule is invalid." ::= { hwAclIpv6AdvancedRuleEntry 12 } -- 1.3.6.1.4.1.2011.5.1.1.13.1.13 hwAclIpv6AdvancedDestPort1 OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the fourth layer destination port1." ::= { hwAclIpv6AdvancedRuleEntry 13 } -- 1.3.6.1.4.1.2011.5.1.1.13.1.14 hwAclIpv6AdvancedDestPort2 OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the fourth layer destination port2." ::= { hwAclIpv6AdvancedRuleEntry 14 } -- 1.3.6.1.4.1.2011.5.1.1.13.1.15 hwAclIpv6AdvancedPrecedence OBJECT-TYPE SYNTAX Integer32 (0..7|255) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the value of IPv6-packet's precedence, It filters packets according to precedence field. The invalid value is 255." ::= { hwAclIpv6AdvancedRuleEntry 15 } -- 1.3.6.1.4.1.2011.5.1.1.13.1.16 hwAclIpv6AdvancedTos OBJECT-TYPE SYNTAX Integer32 (0..15|255) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the value of IPv6-packet's TOS, It filters packets according to type of service. The invalid value is 255." ::= { hwAclIpv6AdvancedRuleEntry 16 } -- 1.3.6.1.4.1.2011.5.1.1.13.1.17 hwAclIpv6AdvancedDscp OBJECT-TYPE SYNTAX Integer32 (0..63|255) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the value of frame.The invalid value is 255." ::= { hwAclIpv6AdvancedRuleEntry 17 } -- 1.3.6.1.4.1.2011.5.1.1.13.1.18 hwAclIpv6AdvancedEstablish OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates whether or not establishing." DEFVAL { False } ::= { hwAclIpv6AdvancedRuleEntry 18 } -- 1.3.6.1.4.1.2011.5.1.1.13.1.19 hwAclIpv6AdvancedTimeRangeIndex OBJECT-TYPE SYNTAX Integer32 (0..256) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the time range of an ipv6 advanced acl rule. When the current time is in the time range, the rule is valid. Zero value declares that the acl rule has no time range.The invalid value is 0." ::= { hwAclIpv6AdvancedRuleEntry 19 } -- 1.3.6.1.4.1.2011.5.1.1.13.1.20 hwAclIpv6AdvancedIcmpType OBJECT-TYPE SYNTAX Integer32 (0..255|65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the type of ICMPv6 packet. It filters ICMP packets according to the ICMPv6 message type. The invalid value is 65535." ::= { hwAclIpv6AdvancedRuleEntry 20 } -- 1.3.6.1.4.1.2011.5.1.1.13.1.21 hwAclIpv6AdvancedIcmpCode OBJECT-TYPE SYNTAX Integer32 (0..255|65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the code of ICMPv6 packet. It filters ICMPv6 packets according to the message code. The invalid value is 65535." ::= { hwAclIpv6AdvancedRuleEntry 21 } -- 1.3.6.1.4.1.2011.5.1.1.13.1.22 hwAclIpv6AdvancedFragment OBJECT-TYPE SYNTAX INTEGER { fragment(1), none(255) } MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the type of the packet. 1: fragment, indicating that the packet is a fragment 255: none, invalid value This object cannot be modified once a rule is created." ::= { hwAclIpv6AdvancedRuleEntry 22 } -- 1.3.6.1.4.1.2011.5.1.1.13.1.23 hwAclIpv6AdvancedLog OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates whether to log the matched packets. The log contents include sequence number of ACL rule, packets passed or discarded, upper layer protocol type over IP, source/destination address, source/destination port number, and number of packets" ::= { hwAclIpv6AdvancedRuleEntry 23 } -- 1.3.6.1.4.1.2011.5.1.1.13.1.24 hwAclIpv6AdvancedEnable OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-only STATUS current DESCRIPTION "The object indicates whether the rule is valid or invalid." ::= { hwAclIpv6AdvancedRuleEntry 24 } -- 1.3.6.1.4.1.2011.5.1.1.13.1.25 hwAclIpv6AdvancedCount OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The object indicates the statistics of matched packets by the rule." ::= { hwAclIpv6AdvancedRuleEntry 25 } -- 1.3.6.1.4.1.2011.5.1.1.13.1.26 hwAclIpv6AdvancedVrfName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..31)) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the VRF name of this rule, It specifies the VPN-instance to which the packet belongs." ::= { hwAclIpv6AdvancedRuleEntry 26 } -- 1.3.6.1.4.1.2011.5.1.1.13.1.27 hwAclIpv6AdvancedRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus, Now support three state:CreateAndGo,Active,Destroy." ::= { hwAclIpv6AdvancedRuleEntry 27 } -- 1.3.6.1.4.1.2011.5.1.1.13.1.28 hwAclIpv6AdvancedDescription OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..127)) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the description of this IPv6 advanced rule. The object describes the usage of an IPv6 ACL with a word or a sentence." ::= { hwAclIpv6AdvancedRuleEntry 28 } -- 1.3.6.1.4.1.2011.5.1.1.14 hwAclEthernetFrameRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF HwAclEthernetFrameRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Configure the rule for ethernet-frame-based acl group." ::= { hwAclMibObjects 14 } -- 1.3.6.1.4.1.2011.5.1.1.14.1 hwAclEthernetFrameRuleEntry OBJECT-TYPE SYNTAX HwAclEthernetFrameRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains a rule of ethernet-frame-based acl group." INDEX { hwAclEthernetFrameAclNum, hwAclEthernetFrameSubitem } ::= { hwAclEthernetFrameRuleTable 1 } HwAclEthernetFrameRuleEntry ::= SEQUENCE { hwAclEthernetFrameAclNum Integer32, hwAclEthernetFrameSubitem Unsigned32, hwAclEthernetFrameAct INTEGER, hwAclEthernetFrameType Integer32, hwAclEthernetFrameTypeMask Integer32, hwAclEthernetFrameSrcMac MacAddress, hwAclEthernetFrameSrcMacMask MacAddress, hwAclEthernetFrameDstMac MacAddress, hwAclEthernetFrameDstMacMask MacAddress, hwAclEthernetFrameTimeRangeIndex Integer32, hwAclEthernetFrameLog TruthValue, hwAclEthernetFrameEnable EnabledStatus, hwAclEthernetFrameCount Counter64, hwAclEthernetFrameRowStatus RowStatus, hwAclEthernetFrameEncapType INTEGER, hwAclEthernetFrameDoubleTag TruthValue, hwAclEthernetFrameVlanId Integer32, hwAclEthernetFrameVlanIdMask Integer32, hwAclEthernetFrameCVlanId Integer32, hwAclEthernetFrameCVlanIdMask Integer32, hwAclEthernetFrameRule8021p Integer32, hwAclEthernetFrameRuleCVlan8021p Integer32, hwAclEthernetFrameDescription OCTET STRING } -- 1.3.6.1.4.1.2011.5.1.1.14.1.1 hwAclEthernetFrameAclNum OBJECT-TYPE SYNTAX Integer32 (4000..4999) MAX-ACCESS read-only STATUS current DESCRIPTION "The index of ethernet-frame-based acl group." ::= { hwAclEthernetFrameRuleEntry 1 } -- 1.3.6.1.4.1.2011.5.1.1.14.1.2 hwAclEthernetFrameSubitem OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The object specifies the number of an ACL rule. If the number specified has been assigned to an ACL rule, the new rule will overwrite the old one, which is equal to editing the old rule. If the number is not assigned, the system will define a rule with the number and insert it to the place corresponding to its number. If no number is specified, the system will define a rule, assign a number to it and add it into the ACL. It will be placed at the end of the ACL when configuration sequence is adopted; otherwise, it will be placed based on the 'Depth-first' principle. When ACL rules are following the 'Depth-first' principle, the number of an ACL rule must be given 0 ,but it will be assigned by step automatically;otherwise,this rule will not be created." ::= { hwAclEthernetFrameRuleEntry 2 } -- 1.3.6.1.4.1.2011.5.1.1.14.1.3 hwAclEthernetFrameAct OBJECT-TYPE SYNTAX INTEGER { permit(1), deny(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the action of an ethernet-frame-based acl rule. 'deny' means discarding the packets that meet the condition, 'permit' means permitting the packets that meet the condition." ::= { hwAclEthernetFrameRuleEntry 3 } -- 1.3.6.1.4.1.2011.5.1.1.14.1.4 hwAclEthernetFrameType OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the type of an ethernet frame. It specifies the interface information of the packets. The invalid ethernet frame type is 0." ::= { hwAclEthernetFrameRuleEntry 4 } -- 1.3.6.1.4.1.2011.5.1.1.14.1.5 hwAclEthernetFrameTypeMask OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the mask of ethernet frame." ::= { hwAclEthernetFrameRuleEntry 5 } -- 1.3.6.1.4.1.2011.5.1.1.14.1.6 hwAclEthernetFrameSrcMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the source mac address of rule." ::= { hwAclEthernetFrameRuleEntry 6 } -- 1.3.6.1.4.1.2011.5.1.1.14.1.7 hwAclEthernetFrameSrcMacMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the source mac mask of rule." ::= { hwAclEthernetFrameRuleEntry 7 } -- 1.3.6.1.4.1.2011.5.1.1.14.1.8 hwAclEthernetFrameDstMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the destination mac address of rule." ::= { hwAclEthernetFrameRuleEntry 8 } -- 1.3.6.1.4.1.2011.5.1.1.14.1.9 hwAclEthernetFrameDstMacMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the destination mac mask of rule." ::= { hwAclEthernetFrameRuleEntry 9 } -- 1.3.6.1.4.1.2011.5.1.1.14.1.10 hwAclEthernetFrameTimeRangeIndex OBJECT-TYPE SYNTAX Integer32 (0..256) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the time range of a ethernet frame acl rule. When the current time is in time range, the rule is valid. Zero value declares that the acl rule has no time range. The invalid value is 0." ::= { hwAclEthernetFrameRuleEntry 10 } -- 1.3.6.1.4.1.2011.5.1.1.14.1.11 hwAclEthernetFrameLog OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates whether to log the matched packets. The log contents include sequence number of ACL rule, packets passed or discarded, source/destination mac addr, protocol of ethernet frame, and number of packets." ::= { hwAclEthernetFrameRuleEntry 11 } -- 1.3.6.1.4.1.2011.5.1.1.14.1.12 hwAclEthernetFrameEnable OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-only STATUS current DESCRIPTION "The object indicates whether the rule is valid or invalid." ::= { hwAclEthernetFrameRuleEntry 12 } -- 1.3.6.1.4.1.2011.5.1.1.14.1.13 hwAclEthernetFrameCount OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The object indicates the statistics of matched packets by rule." ::= { hwAclEthernetFrameRuleEntry 13 } -- 1.3.6.1.4.1.2011.5.1.1.14.1.14 hwAclEthernetFrameRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus,Now support three state:CreateAndGo,Active,Destroy." ::= { hwAclEthernetFrameRuleEntry 14 } hwAclEthernetFrameEncapType OBJECT-TYPE SYNTAX INTEGER { ether2(1), ieee802dot3(2), snap(3), none(255) } MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the encapsulation type of rule." DEFVAL { none } ::= { hwAclEthernetFrameRuleEntry 15 } hwAclEthernetFrameDoubleTag OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates two tags of rule. False value do not care the number of tags." DEFVAL { False } ::= { hwAclEthernetFrameRuleEntry 16 } hwAclEthernetFrameVlanId OBJECT-TYPE SYNTAX Integer32 (0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the vlan ID of rule. The invalid vlan ID is 0." DEFVAL { 0 } ::= { hwAclEthernetFrameRuleEntry 17 } hwAclEthernetFrameVlanIdMask OBJECT-TYPE SYNTAX Integer32 (0..4095) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the vlan ID mask of rule." DEFVAL { 4095 } ::= { hwAclEthernetFrameRuleEntry 18 } hwAclEthernetFrameCVlanId OBJECT-TYPE SYNTAX Integer32 (0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the ce-vlan ID of rule. The invalid vlan ID is 0." DEFVAL { 0 } ::= { hwAclEthernetFrameRuleEntry 19 } hwAclEthernetFrameCVlanIdMask OBJECT-TYPE SYNTAX Integer32 (0..4095) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the ce-vlan ID mask of rule." DEFVAL { 4095 } ::= { hwAclEthernetFrameRuleEntry 20 } hwAclEthernetFrameRule8021p OBJECT-TYPE SYNTAX Integer32 (0..7 | 255) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the 8021p value of S-tag." ::= { hwAclEthernetFrameRuleEntry 21 } hwAclEthernetFrameRuleCVlan8021p OBJECT-TYPE SYNTAX Integer32 (0..7 | 255) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the 8021p value of C-tag." ::= { hwAclEthernetFrameRuleEntry 22 } hwAclEthernetFrameDescription OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..127)) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the description of this ethernetframe rule. The object describes the usage of an ACL with a word or a sentence." ::= { hwAclEthernetFrameRuleEntry 23 } hwAclAppliedTable OBJECT-TYPE SYNTAX SEQUENCE OF HwAclAppliedEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Configure the applied ACL." ::= { hwAclMibObjects 15 } hwAclAppliedEntry OBJECT-TYPE SYNTAX HwAclAppliedEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains a applied ACL." INDEX { hwAclAppliedOperation, hwAclAppliedScopeType, hwAclAppliedScopeIndex, hwAclAppliedDirection, hwAclAppliedAclNum, hwAclAppliedSubitem, hwAclAppliedAclNum2, hwAclAppliedSubitem2, hwAclAppliedIsIPv6Acl } ::= { hwAclAppliedTable 1 } HwAclAppliedEntry ::= SEQUENCE { hwAclAppliedOperation INTEGER, hwAclAppliedScopeType INTEGER, hwAclAppliedScopeIndex Integer32, hwAclAppliedDirection INTEGER, hwAclAppliedAclNum Integer32, hwAclAppliedSubitem Integer32, hwAclAppliedAclNum2 Integer32, hwAclAppliedSubitem2 Integer32, hwAclAppliedStatMode INTEGER, hwAclAppliedStatCount Counter64, hwAclAppliedLimitCir Integer32, hwAclAppliedLimitPir Integer32, hwAclAppliedLimitCbs Integer32, hwAclAppliedLimitPbs Integer32, hwAclAppliedLimitGreenAction INTEGER, hwAclAppliedLimitGreenValue Integer32, hwAclAppliedLimitYellowAction INTEGER, hwAclAppliedLimitYellowValue Integer32, hwAclAppliedLimitRedAction INTEGER, hwAclAppliedLimitRedValue Integer32, hwAclAppliedMirrObservedPort Integer32, hwAclAppliedMirrRspanVlan Integer32, hwAclAppliedRedirectIfIndex Integer32, hwAclAppliedRedirectIpAddr IpAddress, hwAclAppliedRedirectIpv6Addr Ipv6Address, hwAclAppliedRemarkVlan Integer32, hwAclAppliedRemarkCVlan Integer32, hwAclAppliedRemark8021p Integer32, hwAclAppliedRemarkDscp Integer32, hwAclAppliedRemarkIpPre Integer32, hwAclAppliedRemarkLocalPre Integer32, hwAclAppliedRemarkMacAddr MacAddress, hwAclAppliedIsIPv6Acl TruthValue, hwAclAppliedRowStatus RowStatus } hwAclAppliedOperation OBJECT-TYPE SYNTAX INTEGER { filter(1), limit(2), mirror(3), redirectCpu(4), redirectInterface(5), redirectIpNextHop(6), redirectIpv6NextHop(7), remark8021p(8), remarkDscp(9), remarkIpPrecedence(10), remarkLocalPrecedence(11), remarkVlanId(12), remarkCVlanId(13), remarkDestMac(14), statistic(15) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "The actions taken when packets conforming or exceeding the configured." ::= { hwAclAppliedEntry 1 } hwAclAppliedScopeType OBJECT-TYPE SYNTAX INTEGER { global(1), vlan(2), interface(3) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "The scope that ACL apply on." ::= { hwAclAppliedEntry 2 } hwAclAppliedScopeIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "When the scope is global, this field is invalid; When the scope is vlan, this field is vlan ID; When the scope is interface, this field is interface index." ::= { hwAclAppliedEntry 3 } hwAclAppliedDirection OBJECT-TYPE SYNTAX INTEGER { inbound(1), outbound(2) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "The direction acl apply on." ::= { hwAclAppliedEntry 4 } hwAclAppliedAclNum OBJECT-TYPE SYNTAX Integer32 (2000..4999) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index of ACL group. Basic ACL in range 2000~2999; Advance ACL in range 3000~3999; Link ACL in range 4000~4999;" ::= { hwAclAppliedEntry 5 } hwAclAppliedSubitem OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The object specifies the number of an ACL rule." ::= { hwAclAppliedEntry 6 } hwAclAppliedAclNum2 OBJECT-TYPE SYNTAX Integer32 (2000..3999|65535) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index of ACL group. 65535 means this field is valid." ::= { hwAclAppliedEntry 7 } hwAclAppliedSubitem2 OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The object specifies the number of an ACL rule." ::= { hwAclAppliedEntry 8 } hwAclAppliedStatMode OBJECT-TYPE SYNTAX INTEGER { byPackets(1), byBytes(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The object specifies the mode of statistics. When action is statistic, this field is valid." DEFVAL { byPackets } ::= { hwAclAppliedEntry 9 } hwAclAppliedStatCount OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The object indicates the statistics of matched packets by the policy. When action is statistic or limit, this field is valid." ::= { hwAclAppliedEntry 10 } hwAclAppliedLimitCir OBJECT-TYPE SYNTAX Integer32 (0 | 64..10000000) MAX-ACCESS read-create STATUS current DESCRIPTION "Committed information rate. Unit: kbps." DEFVAL { 0 } ::= { hwAclAppliedEntry 11 } hwAclAppliedLimitPir OBJECT-TYPE SYNTAX Integer32 (0 | 64..10000000) MAX-ACCESS read-create STATUS current DESCRIPTION "Peak information rate. Unit: kbps. 0 is the default value." DEFVAL { 0 } ::= { hwAclAppliedEntry 12 } hwAclAppliedLimitCbs OBJECT-TYPE SYNTAX Integer32 (0 | 4096..16773120) MAX-ACCESS read-create STATUS current DESCRIPTION "Committed burst size. Unit: byte. 0 is the default value." DEFVAL { 0 } ::= { hwAclAppliedEntry 13 } hwAclAppliedLimitPbs OBJECT-TYPE SYNTAX Integer32 (0 | 4096..16773120) MAX-ACCESS read-create STATUS current DESCRIPTION "Peak burst size. Unit: byte. 0 is the default value." DEFVAL { 0 } ::= { hwAclAppliedEntry 14 } hwAclAppliedLimitGreenAction OBJECT-TYPE SYNTAX INTEGER { pass(1), drop(2), passRemarkDscp(3), passRemark8021p(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "Green action." DEFVAL { pass } ::= { hwAclAppliedEntry 15 } hwAclAppliedLimitGreenValue OBJECT-TYPE SYNTAX Integer32 (0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "The value is to remark When green action is remarking. For remarking DSCP, the range is 0~63; For remarking 8021p, the range is 0~7." ::= { hwAclAppliedEntry 16 } hwAclAppliedLimitYellowAction OBJECT-TYPE SYNTAX INTEGER { pass(1), drop(2), passRemarkDscp(3), passRemark8021p(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "Yellow action." DEFVAL { pass } ::= { hwAclAppliedEntry 17 } hwAclAppliedLimitYellowValue OBJECT-TYPE SYNTAX Integer32 (0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "The value is to remark When yellow action is remarking. For remarking DSCP, the range is 0~63; For remarking 8021p, the range is 0~7." ::= { hwAclAppliedEntry 18 } hwAclAppliedLimitRedAction OBJECT-TYPE SYNTAX INTEGER { pass(1), drop(2), passRemarkDscp(3), passRemark8021p(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "Red action." DEFVAL { drop } ::= { hwAclAppliedEntry 19 } hwAclAppliedLimitRedValue OBJECT-TYPE SYNTAX Integer32 (0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "The value is to remark When red action is remarking. For remarking DSCP, the range is 0~63; For remarking 8021p, the range is 0~7." ::= { hwAclAppliedEntry 20 } hwAclAppliedMirrObservedPort OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "The mirror observe port number." ::= { hwAclAppliedEntry 21 } hwAclAppliedMirrRspanVlan OBJECT-TYPE SYNTAX Integer32 (0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "The object specifies the RSPAN vlan. 0 means mirror to local port." ::= { hwAclAppliedEntry 22 } hwAclAppliedRedirectIfIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "The redirect output interface." ::= { hwAclAppliedEntry 23 } hwAclAppliedRedirectIpAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The redirect IP next hop address." ::= { hwAclAppliedEntry 24 } hwAclAppliedRedirectIpv6Addr OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "The redirect IPv6 next hop address." ::= { hwAclAppliedEntry 25 } hwAclAppliedRemarkVlan OBJECT-TYPE SYNTAX Integer32 (0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "The remarked vlan ID." ::= { hwAclAppliedEntry 26 } hwAclAppliedRemarkCVlan OBJECT-TYPE SYNTAX Integer32 (0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "The remarked ce-vlan ID." ::= { hwAclAppliedEntry 27 } hwAclAppliedRemark8021p OBJECT-TYPE SYNTAX Integer32 (0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "The remarked 8021p value." ::= { hwAclAppliedEntry 28 } hwAclAppliedRemarkDscp OBJECT-TYPE SYNTAX Integer32 (0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "The remarked DSCP value." ::= { hwAclAppliedEntry 29 } hwAclAppliedRemarkIpPre OBJECT-TYPE SYNTAX Integer32 (0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "The remarked IP precedence value." ::= { hwAclAppliedEntry 30 } hwAclAppliedRemarkLocalPre OBJECT-TYPE SYNTAX Integer32 (0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "The remarked local precedence value." ::= { hwAclAppliedEntry 31 } hwAclAppliedRemarkMacAddr OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The remarked MAC address." ::= { hwAclAppliedEntry 32 } hwAclAppliedIsIPv6Acl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS not-accessible STATUS current DESCRIPTION "The object indicates whether is IPv6 ACL." ::= { hwAclAppliedEntry 33 } hwAclAppliedRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus,Now support three state:CreateAndGo,Active,Destroy." ::= { hwAclAppliedEntry 51 } hwAclIpv6NumGroupTable OBJECT-TYPE SYNTAX SEQUENCE OF HwAclIpv6NumGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of IPv6 ACL group information." ::= { hwAclMibObjects 16 } hwAclIpv6NumGroupEntry OBJECT-TYPE SYNTAX HwAclIpv6NumGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing characters of an IPv6 ACL group." INDEX { hwAclIpv6NumGroupAclNum } ::= { hwAclIpv6NumGroupTable 1 } HwAclIpv6NumGroupEntry ::= SEQUENCE { hwAclIpv6NumGroupAclNum Integer32, hwAclIpv6NumGroupMatchOrder INTEGER, hwAclIpv6NumGroupSubitemNum Counter32, hwAclIpv6NumGroupCountClear INTEGER, hwAclIpv6NumGroupAclName OCTET STRING, hwAclIpv6NumGroupDescription OCTET STRING, hwAclIpv6NumGroupAclType INTEGER, hwAclIpv6NumGroupRowStatus RowStatus } hwAclIpv6NumGroupAclNum OBJECT-TYPE SYNTAX Integer32 (1000..3999|42768..59151) MAX-ACCESS read-only STATUS current DESCRIPTION "The index of IPv6 ACL group, identifying an IPv6 ACL." ::= { hwAclIpv6NumGroupEntry 1 } hwAclIpv6NumGroupMatchOrder OBJECT-TYPE SYNTAX INTEGER { config(1), auto(2), default(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the match order of rules. 'config' means matching ACL rules in the configuration sequence, 'auto' means the ACL6 rules are matched following the 'Depth-first' principle." DEFVAL { default } ::= { hwAclIpv6NumGroupEntry 2 } hwAclIpv6NumGroupSubitemNum OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of the rules in the ACL6 group." ::= { hwAclIpv6NumGroupEntry 3 } hwAclIpv6NumGroupCountClear OBJECT-TYPE SYNTAX INTEGER { cleared(1), notUsed(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Reset the statistics of ACL6 group." ::= { hwAclIpv6NumGroupEntry 4 } hwAclIpv6NumGroupAclName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the name of an acl6 group, The first character must be start with a to z or A to Z, and the length cannot exceed 32 character." ::= { hwAclIpv6NumGroupEntry 5 } hwAclIpv6NumGroupDescription OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..127)) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the description of this acl6 group. The object describes the usage of an ACL6 with a word or a sentence." ::= { hwAclIpv6NumGroupEntry 6 } -- 1.3.6.1.4.1.2011.5.1.1.16.1.7 hwAclIpv6NumGroupAclType OBJECT-TYPE SYNTAX INTEGER { basic(1), advanced(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The type of IPv6 ACL group." ::= { hwAclIpv6NumGroupEntry 7 } hwAclIpv6NumGroupRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus, Now support three value:CreateAndGo,Active,Destroy." ::= { hwAclIpv6NumGroupEntry 51 } hwAclIpv6IfRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF HwAclIpv6IfRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Configure the rule for interface-based acl6 group." ::= { hwAclMibObjects 17 } hwAclIpv6IfRuleEntry OBJECT-TYPE SYNTAX HwAclIpv6IfRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains a rule of interface-based acl6 group." INDEX { hwAclIpv6IfAclNum, hwAclIpv6IfSubitem } ::= { hwAclIpv6IfRuleTable 1 } HwAclIpv6IfRuleEntry ::= SEQUENCE { hwAclIpv6IfAclNum Integer32, hwAclIpv6IfSubitem Unsigned32, hwAclIpv6IfAct INTEGER, hwAclIpv6IfIndex Integer32, hwAclIpv6IfAny TruthValue, hwAclIpv6IfTimeRangeIndex Integer32, hwAclIpv6IfLog TruthValue, hwAclIpv6IfEnable TruthValue, hwAclIpv6IfCount Counter64, hwAclIpv6IfRowStatus RowStatus } hwAclIpv6IfAclNum OBJECT-TYPE SYNTAX Integer32 (1000..1999) MAX-ACCESS read-only STATUS current DESCRIPTION "The index of interface-based acl6 group." ::= { hwAclIpv6IfRuleEntry 1 } hwAclIpv6IfSubitem OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The object specifies the number of an ACL6 rule. If the number specified has been assigned to an ACL6 rule, the new rule will overwrite the old one, which is equal to editing the old rule. If the number is not assigned, the system will define a rule with the number and insert it to the place corresponding to its number. If no number is specified, the system will define a rule, assign a number to it and add it into the ACL6. It will be placed at the end of the ACL6 when configuration sequence is adopted; otherwise, it will be placed based on the 'Depth-first' principle. When ACL rules are following the 'Depth-first' principle, the number of an ACL6 rule must be given 0, but it will be assigned automatically;otherwise, this rule will not be created." ::= { hwAclIpv6IfRuleEntry 2 } hwAclIpv6IfAct OBJECT-TYPE SYNTAX INTEGER { permit(1), deny(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the action of an interface-based acl6 rule. 'deny' means discarding the packets that meet the condition, 'permit' means permitting the packets that meet the condition." ::= { hwAclIpv6IfRuleEntry 3 } hwAclIpv6IfIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the index of an interface. It specifies the interface information of the packets. The invalid interface index is 0." ::= { hwAclIpv6IfRuleEntry 4 } hwAclIpv6IfAny OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates whether or not matching any interface." ::= { hwAclIpv6IfRuleEntry 5 } hwAclIpv6IfTimeRangeIndex OBJECT-TYPE SYNTAX Integer32 (0..256) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the time range of an interface-based acl6 rule. when the current time is in time range, the rule is valid. Zero value declares that the acl rule has no time range. The invalid value is 0." ::= { hwAclIpv6IfRuleEntry 6 } hwAclIpv6IfLog OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates whether to log the matched packets. The log contents include sequence number of ACL6 rule, packets passed or discarded, upper layer protocol type over IP, source/destination address, source/destination port number, and number of packets." ::= { hwAclIpv6IfRuleEntry 7 } hwAclIpv6IfEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The object indicates whether the rule is valid or invalid." ::= { hwAclIpv6IfRuleEntry 8 } hwAclIpv6IfCount OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The object indicates the statistics of matched packets by basic rule." ::= { hwAclIpv6IfRuleEntry 9 } hwAclIpv6IfRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus,Now support three state:CreateAndGo,Active,Destroy." ::= { hwAclIpv6IfRuleEntry 11 } -- chenjing 43944 -- 1.3.6.1.4.1.2011.5.1.1.18 hwAclMplsRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF HwAclMplsRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Configure the rule for mpls acl group." ::= { hwAclMibObjects 18 } -- 1.3.6.1.4.1.2011.5.1.1.18.1 hwAclMplsRuleEntry OBJECT-TYPE SYNTAX HwAclMplsRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry is a rule of mpls acl." INDEX { hwAclMplsAclNum, hwAclMplsSubitem } ::= { hwAclMplsRuleTable 1 } HwAclMplsRuleEntry ::= SEQUENCE { hwAclMplsAclNum Integer32, hwAclMplsSubitem Unsigned32, hwAclMplsAct INTEGER, hwAclMplsExp1 Integer32, hwAclMplsExp2 Integer32, hwAclMplsExp3 Integer32, hwAclMplsExp4 Integer32, hwAclMplsLabel1 Integer32, hwAclMplsLabel2 Integer32, hwAclMplsLabel3 Integer32, hwAclMplsLabel4 Integer32, hwAclMplsTTLOP1 INTEGER, hwAclMplsTTL1Begin Integer32, hwAclMplsTTL1End Integer32, hwAclMplsTTLOP2 INTEGER, hwAclMplsTTL2Begin Integer32, hwAclMplsTTL2End Integer32, hwAclMplsTTLOP3 INTEGER, hwAclMplsTTL3Begin Integer32, hwAclMplsTTL3End Integer32, hwAclMplsRowStatus RowStatus, hwAclMplsCount Counter64 } -- 1.3.6.1.4.1.2011.5.1.1.18.1.1 hwAclMplsAclNum OBJECT-TYPE SYNTAX Integer32 (10000..10999) MAX-ACCESS read-only STATUS current DESCRIPTION "The index of mpls acl group" ::= { hwAclMplsRuleEntry 1 } -- 1.3.6.1.4.1.2011.5.1.1.18.1.2 hwAclMplsSubitem OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The objects specifies the number of an ACL rule. If the number specified has been assigned to an ACL rule, the new rule will overwrite the old one, which is equal to editing the old rule. If the number is not assigned, the system will define a rule with the number and insert it to the place corresponding to its number. If no number is specified, the system will define a rule, assign a number to it and add it into the ACL. It will be placed at the end of the ACL when configuration sequence is adopted; otherwise, it will be placed based on the 'Depth-first' principle. When ACL rules are following the 'Depth-first' principle, the number of an ACL rule must be given 0 ,but it will be assigned by step automatically;otherwise,this rule will not be created." ::= { hwAclMplsRuleEntry 2 } -- 1.3.6.1.4.1.2011.5.1.1.18.1.3 hwAclMplsAct OBJECT-TYPE SYNTAX INTEGER { permit(1), deny(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the action of a basic acl rule. 'deny' means discarding the packets that meet the condition, 'permit' means permitting the packets that meet the condition." ::= { hwAclMplsRuleEntry 3 } -- 1.3.6.1.4.1.2011.5.1.1.18.1.4 hwAclMplsExp1 OBJECT-TYPE SYNTAX Integer32 (0..7|255) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the exp1 of a mpls acl rule." ::= { hwAclMplsRuleEntry 4 } -- 1.3.6.1.4.1.2011.5.1.1.18.1.5 hwAclMplsExp2 OBJECT-TYPE SYNTAX Integer32 (0..7|255) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the exp2 of a mpls acl rule." ::= { hwAclMplsRuleEntry 5 } -- 1.3.6.1.4.1.2011.5.1.1.18.1.6 hwAclMplsExp3 OBJECT-TYPE SYNTAX Integer32 (0..7|255) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the exp3 of a mpls acl rule." ::= { hwAclMplsRuleEntry 6 } -- 1.3.6.1.4.1.2011.5.1.1.18.1.7 hwAclMplsExp4 OBJECT-TYPE SYNTAX Integer32 (0..7|255) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the exp4 of a mpls acl rule." ::= { hwAclMplsRuleEntry 7 } -- 1.3.6.1.4.1.2011.5.1.1.18.1.8 hwAclMplsLabel1 OBJECT-TYPE SYNTAX Integer32 (-1|0..1048575) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the label1 of a mpls acl rule." ::= { hwAclMplsRuleEntry 8 } -- 1.3.6.1.4.1.2011.5.1.1.18.1.9 hwAclMplsLabel2 OBJECT-TYPE SYNTAX Integer32 (-1|0..1048575) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the label2 of a mpls acl rule." ::= { hwAclMplsRuleEntry 9 } -- 1.3.6.1.4.1.2011.5.1.1.18.1.10 hwAclMplsLabel3 OBJECT-TYPE SYNTAX Integer32 (-1|0..1048575) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the label3 of a mpls acl rule." ::= { hwAclMplsRuleEntry 10 } -- 1.3.6.1.4.1.2011.5.1.1.18.1.11 hwAclMplsLabel4 OBJECT-TYPE SYNTAX Integer32 (-1|0..1048575) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the label4 of a mpls acl rule." ::= { hwAclMplsRuleEntry 11 } -- 1.3.6.1.4.1.2011.5.1.1.18.1.12 hwAclMplsTTLOP1 OBJECT-TYPE SYNTAX INTEGER { lt(1), eq(2), gt(3), range(5), invalid(0), any(255) } MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the ttl operation symbol of a mpls acl rule. It compares the operators of ttl value. 'lt' means less than, 'eq' means equal to, 'gt' means greater than, 'range' means between, 'invalid' means this operation of the ttl is invalid." ::= { hwAclMplsRuleEntry 12 } -- 1.3.6.1.4.1.2011.5.1.1.18.1.13 hwAclMplsTTL1Begin OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the begin value of a mpls ttl." ::= { hwAclMplsRuleEntry 13 } -- 1.3.6.1.4.1.2011.5.1.1.18.1.14 hwAclMplsTTL1End OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the end value of a mpls ttl." ::= { hwAclMplsRuleEntry 14 } -- 1.3.6.1.4.1.2011.5.1.1.18.1.15 hwAclMplsTTLOP2 OBJECT-TYPE SYNTAX INTEGER { lt(1), eq(2), gt(3), range(5), invalid(0), any(255) } MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the ttl operation symbol of a mpls acl rule. It compares the operators of ttl value. 'lt' means less than, 'eq' means equal to, 'gt' means greater than, 'range' means between, 'invalid' means this operation of the ttl is invalid." ::= { hwAclMplsRuleEntry 15 } -- 1.3.6.1.4.1.2011.5.1.1.18.1.16 hwAclMplsTTL2Begin OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the begin value of a mpls ttl." ::= { hwAclMplsRuleEntry 16 } -- 1.3.6.1.4.1.2011.5.1.1.18.1.17 hwAclMplsTTL2End OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the end value of a mpls ttl." ::= { hwAclMplsRuleEntry 17 } -- 1.3.6.1.4.1.2011.5.1.1.18.1.18 hwAclMplsTTLOP3 OBJECT-TYPE SYNTAX INTEGER { lt(1), eq(2), gt(3), range(5), invalid(0), any(255) } MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the ttl operation symbol of a mpls acl rule. It compares the operators of ttl value. 'lt' means less than, 'eq' means equal to, 'gt' means greater than, 'range' means between, 'invalid' means this operation of the ttl is invalid." ::= { hwAclMplsRuleEntry 18 } -- 1.3.6.1.4.1.2011.5.1.1.18.1.19 hwAclMplsTTL3Begin OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the begin value of a mpls ttl." ::= { hwAclMplsRuleEntry 19 } -- 1.3.6.1.4.1.2011.5.1.1.18.1.20 hwAclMplsTTL3End OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The object indicates the end value of a mpls ttl." ::= { hwAclMplsRuleEntry 20 } -- 1.3.6.1.4.1.2011.5.1.1.18.1.21 hwAclMplsRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus, Now support three value:CreateAndGo,Active and Destroy." ::= { hwAclMplsRuleEntry 21 } -- 1.3.6.1.4.1.2011.5.1.1.18.1.22 hwAclMplsCount OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The object indicates the statistics of matched packets by the rule." ::= { hwAclMplsRuleEntry 22 } -- chenjing 43944 -- Acl Trap MIB definition -- -- 1.3.6.1.4.1.2011.5.1.2 hwAclMibTrap OBJECT IDENTIFIER ::= { hwAcl 2 } -- 1.3.6.1.4.1.2011.5.1.2.1 hwAclTrapOid OBJECT IDENTIFIER ::= { hwAclMibTrap 1 } -- 1.3.6.1.4.1.2011.5.1.2.2 hwAclTrapsDefine OBJECT IDENTIFIER ::= { hwAclMibTrap 2 } -- 1.3.6.1.4.1.2011.5.1.2.2.1 hwAclTraps OBJECT IDENTIFIER ::= { hwAclTrapsDefine 1 } -- Acl MIB Conformance definition -- -- 1.3.6.1.4.1.2011.5.1.3 hwAclMibConformance OBJECT IDENTIFIER ::= { hwAcl 3 } -- 1.3.6.1.4.1.2011.5.1.3.1 hwAclMibCompliances OBJECT IDENTIFIER ::= { hwAclMibConformance 1 } -- this module -- 1.3.6.1.4.1.2011.5.1.3.1.1 hwAclMibCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for entities which implement the Huawei acl MIB." MODULE -- this module MANDATORY-GROUPS { hwAclGroup } OBJECT hwAclBasicRowStatus SYNTAX INTEGER { active(1), createAndGo(4), destory(6) } DESCRIPTION "The value of creatAndWaite, notInservice and notReady are not required." OBJECT hwAclAdvancedRowStatus SYNTAX INTEGER { active(1), createAndGo(4), destory(6) } DESCRIPTION "The value of creatAndWaite, notInservice and notReady are not required." OBJECT hwAclIfRowStatus SYNTAX INTEGER { active(1), createAndGo(4), destroy(6) } DESCRIPTION "The value of creatAndWaite, notInservice and notReady are not required." OBJECT hwAclIpv6BasicRowStatus SYNTAX INTEGER { active(1), createAndGo(4), destroy(6) } DESCRIPTION "The value of creatAndWaite, notInservice and notReady are not required." OBJECT hwAclIpv6AdvancedRowStatus SYNTAX INTEGER { active(1), createAndGo(4), destroy(6) } DESCRIPTION "The value of creatAndWaite, notInservice and notReady are not required." OBJECT hwAclEthernetFrameRowStatus SYNTAX INTEGER { active(1), createAndGo(4), destroy(6) } DESCRIPTION "The value of creatAndWaite, notInservice and notReady are not required." OBJECT hwAclAppliedRowStatus SYNTAX INTEGER { active(1), createAndGo(4), destroy(6) } DESCRIPTION "The value of creatAndWaite, notInservice and notReady are not required." OBJECT hwAclIpv6NumGroupRowStatus SYNTAX INTEGER { active(1), createAndGo(4), destroy(6) } DESCRIPTION "The value of creatAndWaite, notInservice and notReady are not required." OBJECT hwAclIpv6IfRowStatus SYNTAX INTEGER { active(1), createAndGo(4), destroy(6) } DESCRIPTION "The value of creatAndWaite, notInservice and notReady are not required." OBJECT hwAclMplsRowStatus SYNTAX INTEGER { active(1), createAndGo(4), destroy(6) } DESCRIPTION "The value of creatAndWaite, notInservice and notReady are not required." ::= { hwAclMibCompliances 1 } -- 1.3.6.1.4.1.2011.5.1.3.2 hwAclMibGroups OBJECT IDENTIFIER ::= { hwAclMibConformance 2 } -- 1.3.6.1.4.1.2011.5.1.3.2.1 hwAclGroup OBJECT-GROUP OBJECTS { hwAclNumGroupMatchOrder, hwAclNumGroupSubitemNum, hwAclNumGroupAclName, hwAclBasicAct, hwAclBasicSrcIp, hwAclBasicSrcWild, hwAclBasicTimeRangeIndex, hwAclBasicFragments, hwAclBasicLog, hwAclBasicEnable, hwAclBasicCount, hwAclBasicRowStatus, hwAclAdvancedAct, hwAclAdvancedProtocol, hwAclAdvancedSrcIp, hwAclAdvancedSrcWild, hwAclAdvancedSrcOp, hwAclAdvancedSrcPort1, hwAclAdvancedSrcPort2, hwAclAdvancedDestIp, hwAclAdvancedDestWild, hwAclAdvancedDestOp, hwAclAdvancedDestPort1, hwAclAdvancedDestPort2, hwAclAdvancedPrecedence, hwAclAdvancedTos, hwAclAdvancedDscp, hwAclAdvancedEstablish, hwAclAdvancedTimeRangeIndex, hwAclAdvancedIcmpType, hwAclAdvancedIcmpCode, hwAclAdvancedFragments, hwAclAdvancedLog, hwAclAdvancedEnable, hwAclAdvancedCount, hwAclAdvancedRowStatus, hwAclAdvancedTcpSyncFlag, hwAclIfAct, hwAclIfIndex, hwAclIfAny, hwAclIfTimeRangeIndex, hwAclIfLog, hwAclIfEnable, hwAclIfCount, hwAclIfRowStatus, hwAclUserAct, hwAclUserProtocol, hwAclUserSrcIp, hwAclUserSrcWild, hwAclUserSrcOp, hwAclUserSrcPort1, hwAclUserSrcPort2, hwAclUserDestIp, hwAclUserDestWild, hwAclUserDestOp, hwAclUserDestPort1, hwAclUserDestPort2, hwAclUserPrecedence, hwAclUserTos, hwAclUserDscp, hwAclUserEstablish, hwAclUserTimeRangeIndex, hwAclUserIcmpType, hwAclUserIcmpCode, hwAclUserFragments, hwAclUserLog, hwAclUserEnable, hwAclUserCount, hwAclUserSrcUserGroupName, hwAclUserDestUserGroupName, hwAclUserSrcModeType, hwAclUserDestModeType, hwAclUserRowStatus, hwAclCompileEnableFlag, hwAclNumGroupAclNum, hwAclBasicAclNum, hwAclBasicSubitem, hwAclAdvancedAclNum, hwAclAdvancedSubitem, hwAclIfAclNum, hwAclIfSubitem, hwAclUserAclNum, hwAclUserSubitem, hwAclUserVrfName, hwAclUserTcpSyncFlag, hwAclEthernetFrameEncapType, hwAclEthernetFrameDoubleTag, hwAclEthernetFrameVlanId, hwAclEthernetFrameVlanIdMask, hwAclEthernetFrameCVlanId, hwAclEthernetFrameCVlanIdMask, hwAclAppliedStatMode, hwAclAppliedStatCount, hwAclAppliedLimitCir, hwAclAppliedLimitPir, hwAclAppliedLimitCbs, hwAclAppliedLimitPbs, hwAclAppliedLimitGreenAction, hwAclAppliedLimitGreenValue, hwAclAppliedLimitYellowAction, hwAclAppliedLimitYellowValue, hwAclAppliedLimitRedAction, hwAclAppliedLimitRedValue, hwAclAppliedMirrObservedPort, hwAclAppliedMirrRspanVlan, hwAclAppliedRedirectIfIndex, hwAclAppliedRedirectIpAddr, hwAclAppliedRedirectIpv6Addr, hwAclAppliedRemarkVlan, hwAclAppliedRemarkCVlan, hwAclAppliedRemark8021p, hwAclAppliedRemarkDscp, hwAclAppliedRemarkIpPre, hwAclAppliedRemarkLocalPre, hwAclAppliedRemarkMacAddr, hwAclAppliedRowStatus, hwAclCompileNumGroupStatus, hwAclNumGroupStep, hwAclNumGroupDescription, hwAclNumGroupCountClear, hwAclNumGroupRowStatus, hwAclBasicVrfName, hwAclAdvancedVrfName, hwAclIpv6BasicAct, hwAclIpv6BasicSrcIp, hwAclIpv6BasicSrcPrefix, hwAclIpv6BasicTimeRangeIndex, hwAclIpv6BasicFragment, hwAclIpv6BasicLog, hwAclIpv6BasicEnable, hwAclIpv6BasicCount, hwAclIpv6BasicVrfName, hwAclIpv6BasicRowStatus, hwAclIpv6AdvancedAct, hwAclIpv6AdvancedProtocol, hwAclIpv6AdvancedSrcIp, hwAclIpv6AdvancedSrcPrefix, hwAclIpv6AdvancedSrcOp, hwAclIpv6AdvancedSrcPort1, hwAclIpv6AdvancedSrcPort2, hwAclIpv6AdvancedDestIp, hwAclIpv6AdvancedDestPrefix, hwAclIpv6AdvancedDestOp, hwAclIpv6AdvancedDestPort1, hwAclIpv6AdvancedDestPort2, hwAclIpv6AdvancedPrecedence, hwAclIpv6AdvancedTos, hwAclIpv6AdvancedDscp, hwAclIpv6AdvancedEstablish, hwAclIpv6AdvancedTimeRangeIndex, hwAclIpv6AdvancedIcmpType, hwAclIpv6AdvancedIcmpCode, hwAclIpv6AdvancedFragment, hwAclIpv6AdvancedLog, hwAclIpv6AdvancedEnable, hwAclIpv6AdvancedCount, hwAclIpv6AdvancedVrfName, hwAclIpv6AdvancedRowStatus, hwAclEthernetFrameAct, hwAclEthernetFrameType, hwAclEthernetFrameTypeMask, hwAclEthernetFrameSrcMac, hwAclEthernetFrameSrcMacMask, hwAclEthernetFrameDstMac, hwAclEthernetFrameDstMacMask, hwAclEthernetFrameTimeRangeIndex, hwAclEthernetFrameLog, hwAclEthernetFrameEnable, hwAclEthernetFrameCount, hwAclEthernetFrameRowStatus, hwAclEthernetFrameRule8021p, hwAclEthernetFrameRuleCVlan8021p, hwAclIpv6NumGroupMatchOrder, hwAclIpv6NumGroupSubitemNum, hwAclIpv6NumGroupCountClear, hwAclIpv6NumGroupRowStatus, hwAclIpv6NumGroupAclName, hwAclIpv6IfAct, hwAclIpv6IfIndex, hwAclIpv6IfAny, hwAclIpv6IfTimeRangeIndex, hwAclIpv6IfLog, hwAclIpv6IfEnable, hwAclIpv6IfCount, hwAclIpv6IfRowStatus, hwAclMplsAct, hwAclMplsExp1, hwAclMplsExp2, hwAclMplsExp3, hwAclMplsExp4, hwAclMplsLabel1, hwAclMplsLabel2, hwAclMplsLabel3, hwAclMplsLabel4, hwAclMplsTTLOP1, hwAclMplsTTL1Begin, hwAclMplsTTL1End, hwAclMplsTTLOP2, hwAclMplsTTL2Begin, hwAclMplsTTL2End, hwAclMplsTTLOP3, hwAclMplsTTL3Begin, hwAclMplsTTL3End, hwAclMplsRowStatus, hwAclMplsCount} STATUS current DESCRIPTION "A collection of objects providing mandatory acl information." ::= { hwAclMibGroups 1 } END