FOUNDRY-SN-IP-ACL-MIB DEFINITIONS ::= BEGIN -- Imports IMPORTS IpAddress FROM RFC1155-SMI OBJECT-TYPE FROM RFC-1212 Counter64 FROM SNMPv2-SMI snIp FROM FOUNDRY-SN-ROOT-MIB; -- textual conventions DisplayString ::= OCTET STRING -- RtrStatus Values RtrStatus ::= INTEGER { disabled(0), enabled (1) } -- Row Status SnRowStatus ::= INTEGER { other(1), valid(2), delete(3), create(4) } -- Action Action ::= INTEGER { deny(0), permit(1) } -- Boolean Values TruthVal ::= INTEGER { false (0), true (1) } -- ACL number AclNumber ::= INTEGER (1..199) -- Operator Operator ::= INTEGER { eq(0), neq(1), lt(2), gt(3), range(4), undefined(7) } -- IP Protocol IpProtocol ::= INTEGER (0..255) -- Precedence Value PrecedenceValue ::= INTEGER { critical(5), flash(3), flashoverride(4), immediate(2), internet(6), network(7), priority(1), routine(0), undefined(8) } -- Tos Value TosValue ::= INTEGER { normal(0), minMonetaryCost(1), maxReliability(2), tosValue3(3), maxThroughput(4), tosValue5(5), tosValue6(6), tosValue7(7), minDelay(8), tosValue9(9), tosValue10(10), tosValue11(11), tosValue12(12), tosValue13(13), tosValue14(14), tosValue15(15), undefined(16) } -- Direction Direction ::= INTEGER { inbound(0), outbound(1) } ------Access Control List snAgAcl OBJECT IDENTIFIER ::= { snIp 15 } snAgAclGlobal OBJECT IDENTIFIER ::= { snAgAcl 1 } snAgAclGblCurRowIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The current row index of the ACL table entry." ::= { snAgAclGlobal 1 } -- -- ACL Table -- snAgAclTable OBJECT-TYPE SYNTAX SEQUENCE OF SnAgAclEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Table of Access Control List" ::= { snAgAcl 2 } snAgAclEntry OBJECT-TYPE SYNTAX SnAgAclEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry in the IP access control list table." INDEX { snAgAclIndex } ::= { snAgAclTable 1 } SnAgAclEntry ::= SEQUENCE { snAgAclIndex INTEGER, snAgAclNumber AclNumber, snAgAclName DisplayString, snAgAclAction Action, snAgAclProtocol IpProtocol, snAgAclSourceIp IpAddress, snAgAclSourceMask IpAddress, snAgAclSourceOperator Operator, snAgAclSourceOperand1 INTEGER, snAgAclSourceOperand2 INTEGER, snAgAclDestinationIp IpAddress, snAgAclDestinationMask IpAddress, snAgAclDestinationOperator Operator, snAgAclDestinationOperand1 INTEGER, snAgAclDestinationOperand2 INTEGER, snAgAclPrecedence PrecedenceValue, snAgAclTos TosValue, snAgAclEstablished RtrStatus, snAgAclLogOption TruthVal, snAgAclStandardFlag TruthVal, snAgAclRowStatus SnRowStatus, snAgAclFlowCounter Counter64, snAgAclPacketCounter Counter64, snAgAclComments DisplayString } snAgAclIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The access control list item number for an entry. This is a unique number that identifies different Access list entries combined with the access list name and access list number. This one has to be unique even though the name and number are not unique for a give access list with same or different source address, subnet mask, destination address and destination mask, protocol type, action (permit/deny) type and the operator (neq, eq, gt and , lt) which makes the index a unique tuple (name, number, itemnumber)." ::= { snAgAclEntry 1 } snAgAclNumber OBJECT-TYPE SYNTAX AclNumber ACCESS read-write STATUS mandatory DESCRIPTION "The access control list number for an entry. The standard access list is in the range <1..99>. The extended access list is in the range <100-199>." ::= { snAgAclEntry 2 } snAgAclName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) ACCESS read-write STATUS mandatory DESCRIPTION "ACL name for an entry." ::= { snAgAclEntry 3 } snAgAclAction OBJECT-TYPE SYNTAX Action ACCESS read-write STATUS mandatory DESCRIPTION "Action to take if the ip packet matches with this access control list." ::= { snAgAclEntry 4 } snAgAclProtocol OBJECT-TYPE SYNTAX IpProtocol ACCESS read-write STATUS mandatory DESCRIPTION "Transport protocol. 0 means any protocol." ::= { snAgAclEntry 5 } snAgAclSourceIp OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "Source IP address." ::= { snAgAclEntry 6 } snAgAclSourceMask OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "Source IP subnet mask." ::= { snAgAclEntry 7 } snAgAclSourceOperator OBJECT-TYPE SYNTAX Operator ACCESS read-write STATUS mandatory DESCRIPTION "Type of comparison to perform. for now, this only applys to tcp or udp to compare the port number" ::= { snAgAclEntry 8 } snAgAclSourceOperand1 OBJECT-TYPE SYNTAX INTEGER(0..65535) ACCESS read-write STATUS mandatory DESCRIPTION "For now this only refers to transport protocol port number. 0 means NA" ::= { snAgAclEntry 9 } snAgAclSourceOperand2 OBJECT-TYPE SYNTAX INTEGER(0..65535) ACCESS read-write STATUS mandatory DESCRIPTION "For now this only refers to transport protocol port number. 0 means NA" ::= { snAgAclEntry 10 } snAgAclDestinationIp OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "Destination IP address." ::= { snAgAclEntry 11 } snAgAclDestinationMask OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "Destination IP subnet mask." ::= { snAgAclEntry 12 } snAgAclDestinationOperator OBJECT-TYPE SYNTAX Operator ACCESS read-write STATUS mandatory DESCRIPTION "Type of comparison to perform. for now, this only applys to tcp or udp to compare the port number" ::= { snAgAclEntry 13 } snAgAclDestinationOperand1 OBJECT-TYPE SYNTAX INTEGER(0..65535) ACCESS read-write STATUS mandatory DESCRIPTION "For now this only refers to transport protocol port number. 0 means NA" ::= { snAgAclEntry 14 } snAgAclDestinationOperand2 OBJECT-TYPE SYNTAX INTEGER(0..65535) ACCESS read-write STATUS mandatory DESCRIPTION "For now this only refers to transport protocol port number. 0 means NA" ::= { snAgAclEntry 15 } snAgAclPrecedence OBJECT-TYPE SYNTAX PrecedenceValue ACCESS read-write STATUS mandatory DESCRIPTION "This refers to IP precedence value in the range <0-7> critical(5), flash(3), flash-override(4), immediate(2), internet(6), network(7), priority(1), routine(0)" ::= { snAgAclEntry 16 } snAgAclTos OBJECT-TYPE SYNTAX TosValue ACCESS read-write STATUS mandatory DESCRIPTION "This refers to the IP type of service value in range <0-15> which is the sum of numeric vlaues of the following options - match packets with maximum reliability TOS (2) match packets with maximum throughput TOS (4) match packets with minimum delay (8) match packets with minimum monetary cost TOS (1) match packets with normal TOS (0)" ::= { snAgAclEntry 17 } snAgAclEstablished OBJECT-TYPE SYNTAX RtrStatus ACCESS read-write STATUS mandatory DESCRIPTION "Enable/Disable the filtering of established TCP packets of which the ACK or RESET flag is on. This additional filter only applies to TCP transport protocol." ::= { snAgAclEntry 18 } snAgAclLogOption OBJECT-TYPE SYNTAX TruthVal ACCESS read-write STATUS mandatory DESCRIPTION "Log flag" ::= { snAgAclEntry 19 } snAgAclStandardFlag OBJECT-TYPE SYNTAX TruthVal ACCESS read-write STATUS mandatory DESCRIPTION "Return whether the ACL is standard or extended, 1 for standard ACL" ::= { snAgAclEntry 20 } snAgAclRowStatus OBJECT-TYPE SYNTAX SnRowStatus ACCESS read-write STATUS mandatory DESCRIPTION "To create or delete a access list entry." ::= { snAgAclEntry 21 } snAgAclFlowCounter OBJECT-TYPE SYNTAX Counter64 ACCESS read-only STATUS mandatory DESCRIPTION "Approximate count of flows matching individual ACL entry." ::= { snAgAclEntry 22 } snAgAclPacketCounter OBJECT-TYPE SYNTAX Counter64 ACCESS read-only STATUS mandatory DESCRIPTION "Accurate count of packets matching individual ACL entry." ::= { snAgAclEntry 23 } snAgAclComments OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) ACCESS read-write STATUS mandatory DESCRIPTION "Remark description of individual ACL entry." ::= { snAgAclEntry 24 } -- -- Acl Port Table snAgAclBindToPortTable OBJECT-TYPE SYNTAX SEQUENCE OF SnAgAclBindToPortEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Table of ACL binding to port for router" ::= { snAgAcl 3 } snAgAclBindToPortEntry OBJECT-TYPE SYNTAX SnAgAclBindToPortEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry in the ACL-binding-to-port table." INDEX { snAgAclPortNum, snAgAclPortBindDirection } ::= { snAgAclBindToPortTable 1 } SnAgAclBindToPortEntry ::= SEQUENCE { snAgAclPortNum INTEGER, snAgAclPortBindDirection Direction, snAgAclNum INTEGER, snAgAclNameString DisplayString, snAgBindPortListInVirtualInterface OCTET STRING, snAgAclPortRowStatus SnRowStatus } snAgAclPortNum OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Binding-to port num, either physical port or virtual interface." ::= { snAgAclBindToPortEntry 1 } snAgAclPortBindDirection OBJECT-TYPE SYNTAX Direction ACCESS read-only STATUS mandatory DESCRIPTION "ACL port direction, inbound or outbound" ::= { snAgAclBindToPortEntry 2 } snAgAclNum OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "Defined ACL number" ::= { snAgAclBindToPortEntry 3 } snAgAclNameString OBJECT-TYPE SYNTAX DisplayString ACCESS read-write STATUS mandatory DESCRIPTION "Defined ACL name" ::= { snAgAclBindToPortEntry 4 } snAgBindPortListInVirtualInterface OBJECT-TYPE SYNTAX OCTET STRING ACCESS read-write STATUS mandatory DESCRIPTION "Port list for binding virtual interface" ::= { snAgAclBindToPortEntry 5 } snAgAclPortRowStatus OBJECT-TYPE SYNTAX SnRowStatus ACCESS read-write STATUS mandatory DESCRIPTION "To create or delete a ACL port entry." ::= { snAgAclBindToPortEntry 6 } END