-- ***************************************************************** -- MY-ACL-MIB.mib: My Acl MIB file -- -- $Copyright$ -- -- ***************************************************************** -- MY-ACL-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Integer32, Counter32 FROM SNMPv2-SMI TruthValue, DisplayString, RowStatus, MacAddress FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF IfIndex, ConfigStatus FROM MY-TC myMgmt FROM MY-SMI; myAclMIB MODULE-IDENTITY LAST-UPDATED "200203200000Z" ORGANIZATION "$Company$" CONTACT-INFO " Tel: $Telephone$ E-mail: $E-mail$" DESCRIPTION "This module defines my acl mibs." REVISION "200203200000Z" DESCRIPTION "Initial version of this MIB module." ::= { myMgmt 17} --ACLNO ::= TEXTUAL-CONVENTION -- STATUS current -- DESCRIPTION -- " Serial number of Access control list entry, Access control list entry of -- bigger ACL number will have higher implement priority. One ACL number -- corresponding to only one entry." -- SYNTAX INTEGER -- Access control list myAclMIBObjects OBJECT IDENTIFIER ::= { myAclMIB 1 } myAclTable OBJECT-TYPE SYNTAX SEQUENCE OF MyAclEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of acl request entries." ::= { myAclMIBObjects 1 } myAclEntry OBJECT-TYPE SYNTAX MyAclEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry contains acl name and mode." INDEX { myAclName } ::= { myAclTable 1 } MyAclEntry ::= SEQUENCE { myAclName DisplayString, myAclMode INTEGER, myAclEntryStatus ConfigStatus } myAclName OBJECT-TYPE SYNTAX DisplayString(SIZE (1..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "Access list name of this entry.This value is unique for every entry When this string be used as an index,Value of a sub-identifier equal ASCII value of corresponding character(first sub-identifier corresponds first character of string). The number of sub-identifiers of this string must be 32,If length of string is less than 32 the sub-identifier(0x0) will be filled in tail." ::= { myAclEntry 1 } myAclMode OBJECT-TYPE SYNTAX INTEGER{ acl-ip-standard(1), acl-ip-extended(2), acl-mac-extended(3), acl-expert(4) } MAX-ACCESS read-create STATUS current DESCRIPTION " Config mode of this ACL" ::= { myAclEntry 2 } myAclEntryStatus OBJECT-TYPE SYNTAX ConfigStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Status of this entry, set its value to invalid will delete this entry. set its value to valid has no effect." ::= { myAclEntry 3 } myAceTable OBJECT-TYPE SYNTAX SEQUENCE OF MyAceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of ACE request entries." ::= { myAclMIBObjects 2 } myAceEntry OBJECT-TYPE SYNTAX MyAceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry contains ace parameters and results. A management station wishing to create an entry should first generate a pseudo-random serial number to be used as the index to a ace entry of a acl. The station should then create the associated entry. We must set all specifies valid values for the non-defaulted configuration objects, certainly, it should also modify the default values for the other configuration objects if the defaults are not appropriate. Once the appropriate instance of all the configuration objects have been created or set,the row status should be set to active to initiate the request." INDEX { myAceAclName,myAceIndex } ::= { myAceTable 1 } MyAceEntry ::= SEQUENCE { myAceAclName DisplayString, myAceIndex Integer32, myAceIfAnyVID TruthValue, myAceVID Unsigned32, myAceIfAnySourceIp TruthValue, myAceSourceIp IpAddress, myAceIfAnySourceWildCard TruthValue, myAceSourceWildCard IpAddress, myAceIfAnySourceMacAddr TruthValue, myAceSourceMacAddr MacAddress, myAceIfAnyDestIp TruthValue, myAceDestIp IpAddress, myAceIfAnyDestWildCard TruthValue, myAceDestIpWildCard IpAddress, myAceIfAnyDestMacAddr TruthValue, myAceDestMacAddr MacAddress, myAceIfAnyEtherLikeType TruthValue, myAceEtherLikeType Integer32, myAceIfAnyIpProtocolField TruthValue, myAceIpProtocolField Integer32, myAceIfAnySourceProtocolPort TruthValue, myAceSourceProtocolPort Integer32, myAceIfAnyDestProtocolPort TruthValue, myAceDestProtocolPort Integer32, myAceIfAnyProtocolType TruthValue, myAceProtocolType Integer32, myAceFlowAction INTEGER, myAceEntryStauts RowStatus, myAceTimeRangeName DisplayString } myAceAclName OBJECT-TYPE SYNTAX DisplayString(SIZE (1..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "Access list name of this ace belong to. When this string be used as an index,Value of a sub-identifier equal ASCII value of corresponding character(first sub-identifier corresponds first character of string). The number of sub-identifiers of this string must be 32,If length of string is less than 32 the sub-identifier(0x0) will be filled in tail." ::= { myAceEntry 1 } myAceIndex OBJECT-TYPE SYNTAX Integer32(1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "Object which specifies a unique entry in the myAclTable. A management station wishing to initiate a acl operation should use a pseudo-random value for this object when creating or modifying an instance of a myAclEntry. The RowStatus semantics of the myAclEntryStatus object will prevent access conflicts." ::= { myAceEntry 2 } myAceIfAnyVID OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "VID of class will not be checked if this value is true." DEFVAL{ true } ::= { myAceEntry 3 } myAceVID OBJECT-TYPE SYNTAX Unsigned32(0..4094) MAX-ACCESS read-write STATUS current DESCRIPTION "VID of Ace flow definition." ::= { myAceEntry 4 } myAceIfAnySourceIp OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Source Ip of class will not be checked if this value is true." DEFVAL{ true } ::= { myAceEntry 5 } myAceSourceIp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Sourece ip address of Ace flow definition." ::= { myAceEntry 6 } myAceIfAnySourceWildCard OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Source Ip wild card of class will not be checked if this value is true." DEFVAL{ true } ::= { myAceEntry 7 } myAceSourceWildCard OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Sourece ip wild card(in reverse ip address mask)of Ace flow definition." ::= { myAceEntry 8 } myAceIfAnySourceMacAddr OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Source mac address of class will not be checked if this value is true." DEFVAL{ true } ::= { myAceEntry 9 } myAceSourceMacAddr OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Sourece Mac address of Ace flow definition." ::= { myAceEntry 10 } myAceIfAnyDestIp OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Destination Ip wild card of class will not be checked if this value is true." DEFVAL{ true } ::= { myAceEntry 11 } myAceDestIp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Destination ip address of Ace flow definition." ::= { myAceEntry 12 } myAceIfAnyDestWildCard OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Source Ip wild card of class will not be checked if this value is true." DEFVAL{ true } ::= { myAceEntry 13 } myAceDestIpWildCard OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Destination ip wild card(in reverse ip address mask) of Ace flow definition." ::= { myAceEntry 14 } myAceIfAnyDestMacAddr OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Source Ip wild card of class will not be checked if this value is true." DEFVAL{ true } ::= { myAceEntry 15 } myAceDestMacAddr OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Destination Mac address of Ace flow definition." ::= { myAceEntry 16 } myAceIfAnyEtherLikeType OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Ether Like Type in MAC packet will not be checked if this value is true." DEFVAL{ true } ::= { myAceEntry 17 } myAceEtherLikeType OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "Ether Like Type in MAC packet of Ace flow definition. " ::= { myAceEntry 18 } myAceIfAnyIpProtocolField OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Source Ip wild card of class will not be checked if this value is true." DEFVAL{ true } ::= { myAceEntry 19 } myAceIpProtocolField OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "The value of protocol field in IP packet of Ace flow definition." ::= { myAceEntry 20 } myAceIfAnySourceProtocolPort OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value of source protocol port in IP packet will not be checked if this value is true." DEFVAL{ true } ::= { myAceEntry 21 } myAceSourceProtocolPort OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "The value of source protocol port in IP packet of Ace flow definition. It is significative only to those protocol which support this field." ::= { myAceEntry 22 } myAceIfAnyDestProtocolPort OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "he value of destination protocol port in IP packet will not be checked if this value is true." DEFVAL{ true } ::= { myAceEntry 23 } myAceDestProtocolPort OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "The value of destination protocol port in IP packet of Ace flow definition. It is significative only to those protocol which support this field(tcp,udp)." ::= { myAceEntry 24 } myAceIfAnyProtocolType OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value of protocol type field in IP packet will not be checked if this value is true." DEFVAL{ true } ::= { myAceEntry 25 } myAceProtocolType OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "The value of protocol type field in IP packet of Ace flow definition. It is significative only to those protocol which support this field(icmp,igmp)." ::= { myAceEntry 26 } myAceFlowAction OBJECT-TYPE SYNTAX INTEGER{ permit(1), delay(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Permit indicate that the kind of flow which entry define will be allow to access , delay indicate that the kind of flow which entry define will be refuse to access" ::= { myAceEntry 27 } myAceEntryStauts OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "entry status for this list." ::= { myAceEntry 28 } myAceTimeRangeName OBJECT-TYPE SYNTAX DisplayString(SIZE (0..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Name of time-range of this ACE match. It indicate that this ACE doesn't match any time-range if this string is null" ::= { myAceEntry 29 } myAclIfTable OBJECT-TYPE SYNTAX SEQUENCE OF MyAclIfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "list of ACL interface objects." ::= { myAclMIBObjects 3 } myAclIfEntry OBJECT-TYPE SYNTAX MyAclIfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry ACL interface information." INDEX { myAclIfIndex } ::= { myAclIfTable 1 } MyAclIfEntry ::= SEQUENCE { myAclIfIndex IfIndex, myAclIfMaxEntryNum Integer32, myAclIfCurruntEntryNum Integer32, myIfInAclName DisplayString, myIfOutAclName DisplayString } myAclIfIndex OBJECT-TYPE SYNTAX IfIndex MAX-ACCESS read-only STATUS current DESCRIPTION " " ::= { myAclIfEntry 1 } myAclIfMaxEntryNum OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Max num of ACL entry(ACE) in a interface." ::= { myAclIfEntry 2 } myAclIfCurruntEntryNum OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Currunt valid num of ACL entry(ACE) in a interface." ::= { myAclIfEntry 3 } myIfInAclName OBJECT-TYPE SYNTAX DisplayString(SIZE (0..32)) MAX-ACCESS read-write STATUS current DESCRIPTION "Access list name of ACL of this interface match for input. It indicate that this interface doesn't match any ACL for input if this string is null" ::= { myAclIfEntry 4 } myIfOutAclName OBJECT-TYPE SYNTAX DisplayString(SIZE (0..32)) MAX-ACCESS read-write STATUS current DESCRIPTION "Access list name of ACL of this interface match for output. It indicate that this interface doesn't match any ACL for output if this string is null This relation function apply only L3 interface." ::= { myAclIfEntry 5 } -- conformance information myAclMIBConformance OBJECT IDENTIFIER ::= { myAclMIB 2 } myAclMIBCompliances OBJECT IDENTIFIER ::= { myAclMIBConformance 1 } myAclMIBGroups OBJECT IDENTIFIER ::= { myAclMIBConformance 2 } -- compliance statements myAclMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for entities which implement the My Acl MIB" MODULE -- this module MANDATORY-GROUPS { myAclMIBGroup } ::= { myAclMIBCompliances 1 } -- units of conformance myAclMIBGroup OBJECT-GROUP OBJECTS { myAclName, myAclMode, myAclEntryStatus, myAceAclName, myAceIndex, myAceIfAnyVID, myAceVID, myAceIfAnySourceIp, myAceSourceIp, myAceIfAnySourceWildCard, myAceSourceWildCard, myAceIfAnySourceMacAddr, myAceSourceMacAddr, myAceIfAnyDestIp, myAceDestIp, myAceIfAnyDestWildCard, myAceDestIpWildCard, myAceIfAnyDestMacAddr, myAceDestMacAddr, myAceIfAnyEtherLikeType, myAceEtherLikeType, myAceIfAnyIpProtocolField, myAceIpProtocolField, myAceIfAnySourceProtocolPort, myAceSourceProtocolPort, myAceIfAnyDestProtocolPort, myAceDestProtocolPort, myAceProtocolType, myAceProtocolType, myAceFlowAction, myAceEntryStauts, myAceTimeRangeName, myAclIfIndex, myAclIfMaxEntryNum, myAclIfCurruntEntryNum, myIfInAclName, myIfOutAclName } STATUS current DESCRIPTION "A collection of objects providing acl (echo) ability to a My agent." ::= { myAclMIBGroups 1 } END