No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R011C10 MIB Reference

This document provides the function overview, relationships between tables, description of single objects, description of MIB tables, and description of alarm objects.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
HUAWEI-ACL-MIB

HUAWEI-ACL-MIB

Functions Overview

HUAWEI-ACL-MIB is used to configure a series of rules for filtering packets to allow only packets of certain types.

This MIB supports the following operations:

  • Query of ACL configurations

  • Setting of ACLs

The OID of root objects is:

iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).huawei(2011).huaweiMgmt(5).hwAcl(1)

Relationships Between Tables

Figure 12-1  Relationship between hwAclNumGroupTable and rule tables



Figure 12-1 shows the relationships between hwAclNumGroupTable (public table), hwAclBasicRuleTable (basic ACL), hwAclAdvancedRuleTable (advanced ACL), hwAclUserRuleTable (user ACL), and hwAclEthernetFrameRuleTable (Layer 2 ACL), and between hwAclIpv6NumGroupTable (public table), hwAclIpv6BasicRuleTable (basic ACL6), and hwAclIpv6AdvancedRuleTable (advanced ACL6).

In this MIB, you can create rules in the corresponding rule table only after you create a rule group in hwAclNumGroupTable or hwAclIpv6NumGroupTable.

Description of Single Objects

None.

Description of MIB Tables

hwAclNumGroupTable

This table is used to configure information on ACL rule groups, including the ACL configuration order, step length, and description.

The index of this table is hwAclNumGroupAclNum.

OID

Object Name

Syntax

Max Access

Description

Implemented Specifications

1.3.6.1.4.1.2011.5.1.1.2.1.1

hwAclNumGroupAclNum

Integer32 (2000..2999 | 3000..3999 | 4000..4999 | 5000..5999 | 6000..9999)

Read-only

This object is the index of this table. Its value identifies the number of a rule group.

The value range varies with the type of ACLs:
  • Basic ACL: 2000 to 2999
  • Advanced ACL: 3000 to 3999
  • Layer 2 ACL: 4000 to 4999
  • User-defined ACL: 5000 to 5999
  • User ACL: 6000 to 9999

This object is implemented as defined in the corresponding MIB files.

1.3.6.1.4.1.2011.5.1.1.2.1.2

hwAclNumGroupMatchOrder

Integer32 { config(1), auto(2) }

Read-create

The value of this object identifies the matching order of a rule group.

The value can be:

  • config(1): indicates that ACL rules are matched following configuration sequences.
  • auto(2): indicates that ACL rules are matched following the depth first principle.

This object is implemented as defined in the corresponding MIB files.

1.3.6.1.4.1.2011.5.1.1.2.1.3

hwAclNumGroupSubitemNum

Counter32

Read-only

The value of this object identifies the number of rules in a rule group.

This object is implemented as defined in the corresponding MIB files.

1.3.6.1.4.1.2011.5.1.1.2.1.4

hwAclNumGroupStep

Integer32

Read-create

The value of this object identifies ACL steps.

If you do not specify the rule ID when creating a rule, a rule ID is automatically generated based on the ACL step.

The value of the ACL step ranges from 1 to 20. The default value is 5.

The rule ID automatically generated by the system begins with the step value so that a new rule can be inserted in front of the first rule. For instance, if the step value is 5, the rule ID begins with 5; if the step value is 2, the rule ID begins with 2.

This object is implemented as defined in the corresponding MIB files.

1.3.6.1.4.1.2011.5.1.1.2.1.5

hwAclNumGroupDescription

OCTET STRING (SIZE (0..127))

Read-create

This object indicates the description of a rule group.

The value cannot be larger than 127.

This object is implemented as defined in the corresponding MIB files.

1.3.6.1.4.1.2011.5.1.1.2.1.7

hwAclNumGroupRowStatus

RowStatus

Read-create

This object indicates the status of rows.

Currently, createAndGo, active, and destroy are implemented.

This object is implemented as defined in the corresponding MIB files.

1.3.6.1.4.1.2011.5.1.1.2.1.8

hwAclNumGroupAclName

OCTET STRING (SIZE (1..64))

Read-create

The name of an ACL. It is a string of 1 to 64 case-sensitive characters without spaces. The name should start with a letter and can contain numbers, hyphens (-), or underlines (_).

This object is implemented as defined in the corresponding MIB files.

1.3.6.1.4.1.2011.5.1.1.2.1.9

hwAclNumGroupAclType

INTEGER

Read-create

The name of an ACL group, the value can be:

  • basic(1)
  • advanced(2)
  • link(3)
  • user(4)
  • ucl(8)

This object is implemented as defined in the corresponding MIB files.

Creation Restriction

hwAclNumGroupCountClear is effective only when the rule group is counted. In addition, it is effective only at the time you perform the Set operation to this object. You need to specify the row status CreateAndGo of hwAclNumGroupRowStatus.

hwAclNumGroupAclName is effective only when the rule group is from 2000 to 9999.

Modification Restriction

If the rule group with the specified index contains rules, hwAclNumGroupMatchOrder cannot be modified.

hwAclNumGroupAclName object cannot be modified once a rule is created.

Deletion Restriction

There is no restriction when you delete the entries in this table. You only need to specify the primary index and row status destroy.

Access Restriction

The entries in this table can be read without restraint. hwAclNumGroupCountClear is effective only at the time you perform the Set operation to this object; therefore, the value of this object that you have read is of no actual meaning.

hwAclBasicRuleTable

This table is used to create rules in a basic ACL rule group.

This table uses the index of hwAclNumGroupTable together with an object with the increasing value, that is, rule ID, as its index.

The indexes of this table are hwAclBasicAclNum and hwAclBasicSubitem.

OID

Object Name

Syntax

Max Access

Description

Implemented Specifications

1.3.6.1.4.1.2011.5.1.1.4.1.1

hwAclBasicAclNum

Integer32 ( 2000..2999 )

Read-only

The value of this object identifies the primary index.

It corresponds to the index of hwAclNumGroupTable, indicating the rule group number.

The value of the primary index ranges from 2000 to 2999.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.4.1.2

hwAclBasicSubitem

unsigned int32

Read-only

The value of this object identifies the secondary index.

It refers to the rule ID in the rule group.

The value ranges from 0 to 4294967294.

If the rule corresponding to the rule ID exists, the new rule overwrites the old one. This operation equals modifying an existent ACL rule.

If the rule corresponding to the rule ID does not exist, a new rule is created and inserted based on the order of the rule ID.

If no rule ID is specified, the system automatically assigns one when you create a rule.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.4.1.3

hwAclBasicAct

INTEGER

{

permit(1),

deny(2)}

Read-create

The value of this object identifies the action of an ACL rule.

The value can be:

  • permit(1): permits the packets that match the rule
  • deny(2): discards the packets that match the rule

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.4.1.4

hwAclBasicSrcIp

IpAddress

Read-create

The value of this object identifies the source IP address.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.4.1.5

hwAclBasicSrcWild

IpAddress

Read-create

The value of this object identifies the wildcard mask of the source IP address.

The value ranges from 0.0.0.0 to 255.255.255.255.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.4.1.6

hwAclBasicTimeRangeIndex

Integer32

Read-create

The value of this object identifies the index of a time range during which an ACL rule can be applied.

The value ranges from 0 to 256. The value 0 declares that the ACL rule has no time range.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.4.1.7

hwAclBasicFragments

INTEGER

{

fragmentSubseq(0),

fragment(1),

nonFragment(2),

nonSubseq(3)

none(255)

}

Read-create

This object cannot be modified once a rule is created.

This object indicates the type of the packet. The value can be:

  • 0: fragmentSubseq, indicating that the packet is a subsequent fragment
  • 1: fragment, indicating that the packet is a fragment
  • 2: nonFragment, indicating that the packet is not a fragment
  • 3: nonSubseq, indicating that the packet is not a subsequent fragment
  • 255: none, default

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.4.1.8

hwAclBasicLog

TruthValue

Read-create

This object indicates whether to record logs for the matched packets.

The log contents include the sequence number of an ACL rule, packets passed or discarded, upper layer protocol type over IP, source or destination address, source or destination port number, and number of packets.

The value can be:

  • true(1)
  • false(2)

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.4.1.9

hwAclBasicEnable

TruthValue

Read-only

This object indicates whether the ACL rule takes effect currently

This object is read-only.

The value can be:
  • true(1)
  • false(2)

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.4.1.10

hwAclBasicCount

Counter64

Read-only

The value of this object identifies the count of bits matched with an ACL rule.

A maximum of 64 bits can be matched with an ACL rule.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.4.1.12

hwAclBasicRowStatus

RowStatus

Read-create

This object indicates the status of the rows.

Currently, CreateAndGo, Active and Destroy are implemented.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.4.1.13

hwAclBasicDescription

OCTET STRING (SIZE (1..127))

Read-create

The description of a basic ACL.

The length cannot exceed 127 characters.

This object is implemented as defined in the corresponding MIB file.

Creation Restriction

  • Before you create an ACL rule, the primary index must have a corresponding value in hwAclNumGroupTable.

  • When you create an ACL rule, hwAclBasicAct is necessarily configured.

  • When you specify the index of a time range during which an ACL rule can be applied, the time range that the index corresponds to must exist; otherwise, creating an ACL rule fails.

  • You need to specify the row status CreateAndGo of hwAclNumGroupRowStatus.

  • hwAclBasicDescription must be separately set, and does not support multiple variable bindings.

Modification Restriction

The following entries in this table cannot be modified after created:

hwAclBasicAct, hwAclBasicSrcIp, hwAclBasicSrcWild, hwAclBasicTimeRangeIndex, hwAclBasicFragments, hwAclBasicLog.

Deletion Restriction

You need to specify the row status destroy.

Access Restriction

The entries in this table have values only when the entries in hwAclNumGroupTable have values.

hwAclAdvancedRuleTable

This table is used to create rules in an advanced ACL rule group.

This table uses the index of hwAclNumGroupTable together with an object with the increasing value, that is, rule ID, as its index.

The indexes of this table are hwAclAdvancedAclNum and hwAclAdvancedSubitem.

OID

Object Name

Syntax

Max Access

Description

Implemented Specifications

1.3.6.1.4.1.2011.5.1.1.5.1.1

hwAclAdvancedAclNum

Integer32 (3000..3999)

Read-only

The value of this object identifies the primary index.

It corresponds to the index of hwAclNumGroupTable, indicating the rule group number.

The value ranges from 3000 to 3999.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.2

hwAclAdvancedSubitem

Unsigned int32

Read-only

The value of this object identifies the secondary index.

It is rule ID in a rule group.

The value ranges from 0 to 4294967294.

If the rule corresponding to the rule ID exists, the new rule overwrites the old one. This operation equals modifying an existent ACL rule.

If the rule corresponding to the rule ID does not exist, a new rule is created and inserted based on the order of the rule ID.

If no rule ID is specified, the system automatically assigns one when you create a rule.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.3

hwAclAdvancedAct

INTEGER

{

permit(1),

deny(2)

}

Read-create

The value of this object identifies the action of an ACL rule.

The value can be:

  • permit(1): permits the packets that match the rule
  • deny(2): discards the packets that match the rule

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.4

hwAclAdvancedProtocol

Integer32 (0..255)

Read-create

The object indicates the protocol type of a rule. It specifies the protocol type over IP.

The value ranges from 0 to 255. The value 0 indicates any types of IP packets.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.5

hwAclAdvancedSrcIp

IpAddress

Read-create

The value of this object identifies the source IP address.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.6

hwAclAdvancedSrcWild

IpAddress

Read-create

The value of this object identifies the wildcard mask of the source IP address.

The value ranges from 0.0.0.0 to 255.255.255.255.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.7

hwAclAdvancedSrcOp

INTEGER

{

lt(1),

eq(2),

gt(3),

invalid(0),

range(5)

}

Read-create

The value of this object identifies the operator of the source port range.

The value can be:

  • invalid(0): indicates "invalid". That is, the current operation is invalid.
  • lt(1): indicates "less than".
  • eq(2): indicates "equal".
  • gt(3): indicates "larger than".
  • range(5): indicates "between".

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.8

hwAclAdvancedSrcPort1

Integer32 (0..65535)

Read-create

The value of this object identifies the lower limit of the source port number.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.9

hwAclAdvancedSrcPort2

Integer32 (0..65535)

Read-create

The value of this object identifies the upper limit of the source port number.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.10

hwAclAdvancedDestIp

IpAddress

Read-create

This object indicates the destination IP address.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.11

hwAclAdvancedDestWild

IpAddress

Read-create

This object indicates the mask of the destination IP address.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.12

hwAclAdvancedDestOp

INTEGER

{lt(1),

eq(2),

gt(3),

invalid(0),

range(5)

}

Read-create

The value of this object identifies the operator of the destination port range.

The value can be:

  • invalid(0): indicates "invalid". That is, the current operation is invalid.
  • lt(1): indicates "less than".
  • eq(2): indicates "equal".
  • gt(3): indicates "larger than".
  • range(5): indicates "between".

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.13

hwAclAdvancedDestPort1

Integer32 (0..65535)

Read-create

The value of this object identifies the lower limit of the destination port number.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.14

hwAclAdvancedDestPort2

Integer32 (0..65535)

Read-create

The value of this object identifies the upper limit of the destination port number.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.15

hwAclAdvancedPrecedence

Integer32 (0..7 | 255)

Read-create

The value of this object identifies the precedence sub-field.

It is the higher 3 bits of the TOS field in an IP header.

The value ranges from 0 to 7.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.16

hwAclAdvancedTos

Integer32 (0..15 | 255)

Read-create

The value of this object identifies the TOS sub-field.

This field covers 4 bits after the higher three bits of the TOS field in an IP header.

The value ranges from 0 to 15.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.17

hwAclAdvancedDscp

Integer32 (0..63 | 255)

Read-create

The value of this object identifies the higher 7 bits of the TOS field in an IP header.

The value ranges from 0 to 63.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.18

hwAclAdvancedEstablish

TruthValue

Read-create

This object indicates whether to create an ACL rule group.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.19

hwAclAdvancedTimeRangeIndex

Integer32 (0..256)

Read-create

The value of this object identifies the index of a time range during which an ACL rule can be applied.

The value ranges from 0 to 256. The value 0 means no time range. It declares that the ACL rule has no time range.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.20

hwAclAdvancedIcmpType

Integer32 (0..255 | 65535)

Read-create

The value of this object identifies the ICMP message type.

The value ranges from 0 to 255. The value 65535 is invalid.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.21

hwAclAdvancedIcmpCode

Integer32 (0..255 | 65535)

Read-create

The value of this object identifies the ICMP code.

The value ranges from 0 to 255. The value 65535 is invalid.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.22

hwAclAdvancedFragments

INTEGER

{

fragment(1),

nonFragment(2),

}

Read-create

This object cannot be modified once a rule is created. Enumeration.

This object indicates the type of the packet. The value can be:

  • 1: fragment, indicating that the packet is a fragment
  • 2: nonFragment, indicating that the packet is not a fragment

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.23

hwAclAdvancedLog

TruthValue

Read-create

This object indicates whether to record logs for the matched packets.

The value can be:

  • true(1)
  • false(2)

The log contents include the sequence number of an ACL rule, packets passed or discarded, upper layer protocol type over IP, source or destination address, source or destination port number, and number of packets.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.24

hwAclAdvancedEnable

TruthValue

Read-only

This object indicates whether the ACL rule takes effect currently.

The value can be:
  • true(1)
  • false(2)

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.25

hwAclAdvancedCount

Counter64

Read-only

The value of this object identifies the count of bits matched with an ACL rule.

A maximum of 64 bits can be matched with an ACL rule.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.27

hwAclAdvancedRowStatus

RowStatus

Read-create

This object indicates the status of the rows.

Currently, createAndGo and destroy are implemented.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.28

hwAclAdvancedTcpSyncFlag

Integer32

Read-create

The value of this object identifies a TCP Synchronization flag.

The value ranges from 0 to 63. The value -1 is invalid.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.29

hwAclAdvancedDescription

OCTET STRING (SIZE (1..127))

Read-create

The description of an advanced ACL.

The length cannot exceed 127 characters.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.5.1.32

hwAclAdvancedProtocolNew

Integer32 (0..255|65535)

read-create

The value of this object identifies the protocol type of ACL rules.

This object is implemented as defined in the corresponding MIB files.

Creation Restriction

  • Before you create an ACL rule, the primary index must have a corresponding value in hwAclNumGroupTable.

  • When you create an ACL rule, hwAclAdvancedAct is necessarily configured.

  • You need to specify the values of hwAclAdvancedSrcIp and hwAclAdvancedSrcWild simultaneously.

  • You need to specify the values of hwAclAdvancedSrcOp and (hwAclAdvancedSrcPort1 | hwAclAdvancedSrcPort2) simultaneously.

  • You need to specify the values of hwAclAdvancedDestIp and hwAclAdvancedDestWild simultaneously.

  • You need to specify the values of hwAclAdvancedDestOp and (hwAclAdvancedDestPort1| hwAclAdvancedDestPort2) simultaneously.

  • hwAclAdvancedIcmpCode and hwAclAdvancedIcmpType must be specified simultaneously, and hwAclAdvancedIcmpType can be specified independently.

  • You cannot set hwAclAdvancedPrecedence and hwAclAdvancedDscp simultaneously.

  • When you specify the index of a time range during which an ACL rule can be applied, the time range that the index corresponds to must exist; otherwise, creating an ACL rule fails.

  • You need to specify the row status CreateAndGo of hwAclNumGroupRowStatus.

  • hwAclAdvancedDescription must be separately set, and does not support multiple variable bindings.

Modification Restriction

The following entries in this table cannot be modified after created:

hwAclAdvancedAct, hwAclAdvancedProtocol, hwAclAdvancedSrcIp, hwAclAdvancedSrcWild, hwAclAdvancedSrcOp, hwAclAdvancedSrcPort1, hwAclAdvancedSrcPort2, hwAclAdvancedDestIp, hwAclAdvancedDestWild, hwAclAdvancedDestOp, hwAclAdvancedDestPort1, hwAclAdvancedDestPort2, hwAclAdvancedPrecedence, hwAclAdvancedTos, hwAclAdvancedDscp, hwAclAdvancedEstablish,hwAclAdvancedTimeRangeIndex, hwAclAdvancedIcmpType, hwAclAdvancedIcmpCode, hwAclAdvancedFragments, hwAclAdvancedLog, hwAclAdvancedTcpSyncFlag.

Deletion Restriction

You need to specify the row status destroy.

Access Restriction

The entries in this table have values only when the entries in hwAclNumGroupTable have values.

hwAclEthernetFrameRuleTable

This table is used to create the rule of a Layer 2 ACL rule group. This table uses the index of hwAclNumGroupTable and the rule ID as the indexes.

The indexes of this table are hwAclEthernetFrameAclNum and hwAclEthernetFrameSubitem.

OID

Object Name

Syntax

Max Access

Description

Implemented Specifications

1.3.6.1.4.1.2011.5.1.1.14.1.1

hwAclEthernetFrameAclNum

Integer32

Read-only

This object indicates the primary index, which corresponds to the index in hwAclNumGroupTable. It indicates the number of a rule group. The value ranges from 4000 to 4999.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.14.1.2

hwAclEthernetFrameSubitem

unsigned int32

Read-only

This object indicates the secondary index, representing the ID of a rule in a rule group. The value ranges from 0 to 4294967295.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.14.1.3

hwAclEthernetFrameAct

Counter32

Read-create

This object indicates the action corresponding to a rule:
  • permit
  • deny

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.14.1.4

hwAclEthernetFrameType

Integer32

Read-create

This object indicates the Ethernet frame type. The value 0 is invalid. The value ranges from 0 to 65535.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.14.1.5

hwAclEthernetFrameTypeMask

Integer32

Read-create

This object indicates the mask of the Ethernet frame type. The value ranges from 0 to 65535.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.14.1.6

hwAclEthernetFrameSrcMac

MacAddress

Read-create

This object indicates the source MAC address.

Set this object in hexadecimal format.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.14.1.7

hwAclEthernetFrameSrcMacMask

MacAddress

Read-create

This object indicates the mask of the source MAC address.

Set this object in hexadecimal format.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.14.1.8

hwAclEthernetFrameDstMac

MacAddress

Read-create

This object indicates the destination MAC address.

Set this object in hexadecimal format.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.14.1.9

hwAclEthernetFrameDstMacMask

MacAddress

Read-create

This object indicates the mask of the destination MAC address.

Set this object in hexadecimal format.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.14.1.10

hwAclEthernetFrameTimeRangeIndex

Integer32

Read-create

This object indicates the time range index referenced by a rule. The value ranges from 0 to 256.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.14.1.11

hwAclEthernetFrameLog

Integer32

Read-create

This object indicates whether logging is configured for the rule.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.14.1.12

hwAclEthernetFrameEnable

EnabledStatus

Read-only

This object indicates whether the rule takes effect:
  • enabled
  • disabled

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.14.1.14

hwAclEthernetFrameRowStatus

RowStatus

Read-create

This object indicates the row status. The value can be CreateAndGo or destroy.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.14.1.15

hwAclEthernetFrameEncapType

Interger

Read-create

This object indicates the encapsulation type of a rule:
  • ether2(1)
  • ieee802dot3(2)
  • snap(3)
  • none(255)

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.14.1.16

hwAclEthernetFrameDoubleTag

TruthValue

Read-create

This object indicates the rule of the double-tagged VLAN:
  • true
  • false
By default, the value is false.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.14.1.17

hwAclEthernetFrameVlanId

Integer32

Read-create

This object indicates the outer VLAN ID. The value 0 is invalid and the value ranges from 0 to 4094.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.14.1.18

hwAclEthernetFrameVlanIdMask

Integer32

Read-create

This object indicates the mask of the outer VLAN ID. The value ranges from 0 to 4095.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.14.1.19

hwAclEthernetFrameCVlanId

Integer32

Read-create

This object indicates the inner VLAN ID. The value 0 is invalid and the value ranges from 0 to 4094.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.14.1.20

hwAclEthernetFrameCVlanIdMask

Integer32

Read-create

This object indicates the mask of the inner VLAN ID. The value ranges from 0 to 4095.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.14.1.21

hwAclEthernetFrameRule8021p

Integer32

Read-create

This object indicates the 802.1p priority in the single VLAN tag. The value range is as follows:
  • 0 to 7
By default, the value is 255.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.14.1.22

hwAclEthernetFrameRuleCVlan8021p

Integer32

Read-create

This object indicates the 802.1p priority in the inner VLAN tag. The value range is as follows:
  • 0 to 7
By default, the value is 255.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.14.1.23

hwAclEthernetFrameDescription

OCTET STRING

Read-create

This object indicates the description of the Layer 2 rule. The value ranges from 1 to 127.

This object is implemented as defined in the corresponding MIB file.

Creation Restriction

Before creating a rule, ensure that the value of the primary index exists in hwAclNumGroupTable.

When you create a rule, that hwAclEthernetFrameAct is mandatory.

When creating a rule in the MIB, you need to apply the time range to the created rule. The time range corresponding to the index must exist. Otherwise, the creation fails.

hwAclEthernetFrameDescription must be separately set, and does not support multiple variable bindings.

Modification Restriction

The following entries in this table cannot be modified after created:

hwAclEthernetFrameAct, hwAclEthernetFrameType, hwAclEthernetFrameTypeMask, hwAclEthernetFrameSrcMac, hwAclEthernetFrameSrcMacMask, hwAclEthernetFrameDstMac, hwAclEthernetFrameDstMacMask, hwAclEthernetFrameTimeRangeIndex, hwAclEthernetFrameEncapType, hwAclEthernetFrameDoubleTag, hwAclEthernetFrameVlanId, hwAclEthernetFrameVlanIdMask, hwAclEthernetFrameCVlanId, hwAclEthernetFrameCVlanIdMask, hwAclEthernetFrameRule8021p, hwAclEthernetFrameRuleCVlan8021p.

Deletion Restriction

The entries in this table can be deleted.

Access Restriction

The value of this table exists only when the value of hwAclNumGroupTable exists.

hwAclUserRuleTable

This table is used to create rules in a user ACL rule group.

This table uses the index of hwAclNumGroupTable together with an object with the increasing value, that is, rule ID, as its index.

The indexes of this table are hwAclUserAclNum and hwAclUserSubitem.

OID

Object Name

Syntax

Max Access

Description

Implemented Specifications

1.3.6.1.4.1.2011.5.1.1.7.1.1

hwAclUserAclNum

Integer32 (6000..9999 )

Read-only

The value of this object identifies the primary index.

It corresponds to the index of hwAclNumGroupTable, indicating the rule group number.

The value of the primary index ranges from 6000 to 9999.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.7.1.2

hwAclUserSubitem

Unsigned int32

Read-only

The value of this object identifies the secondary index.

It refers to the rule ID in the rule group.

The value ranges from 0 to 4294967294.

If the rule corresponding to the rule ID exists, the new rule overwrites the old one. This operation equals modifying an existent ACL rule.

If the rule corresponding to the rule ID does not exist, a new rule is created and inserted based on the order of the rule ID.

If no rule ID is specified, the system automatically assigns one when you create a rule.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.7.1.3

hwAclUserAct

INTEGER

{

permit(1),

deny(2)

}

Read-create

The value of this object identifies the action of an ACL rule.

The value can be:

  • permit(1): permits the packets that match the rule
  • deny(2): discards the packets that match the rule

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.7.1.4

hwAclUserProtocol

Integer32 (0..255)

Read-create

The object indicates the protocol type of a rule. It specifies the protocol type over IP.

The value ranges from 0 to 255. The value 0 indicates any types of IP packets.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.7.1.5

hwAclUserSrcIp

IpAddress

Read-create

The value of this object identifies the source IP address.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.7.1.6

hwAclUserSrcWild

IpAddress

Read-create

The value of this object identifies the wildcard mask of the source IP address.

The value ranges from 0.0.0.0 to 255.255.255.255.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.7.1.7

hwAclUserSrcOp

Integer32

Read-create

The value of this object identifies the operation characters on the source interface.

  • 1: lt(1)
  • 2: eq(2)
  • 3: gt(3)
  • 4: neq(4)
  • 5: invalid(0)
  • 6: range(5)

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.7.1.8

hwAclUserSrcPort1

Integer32 (0..65535)

Read-create

The value of this object identifies the lower limit of the source port number.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.7.1.9

hwAclUserSrcPort2

Integer32 (0..65535)

Read-create

The value of this object identifies the upper limit of the source port number.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.7.1.10

hwAclUserDestIp

IpAddress

Read-create

The value of this object indicates the destination IP address.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.7.1.11

hwAclUserDestWild

IpAddress

Read-create

The value of this object indicates the wildcard mask of the destination IP address. The value ranges from 0.0.0.0 to 255.255.255.255.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.7.1.12

hwAclUserDestOp

Integer32

Read-create

The value of this object identifies the operation characters on the destination interface.

  • 1: lt(1)
  • 2: eq(2)
  • 3: gt(3)
  • 4: neq(4)
  • 5: invalid(0)
  • 6: range(5)

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.7.1.13

hwAclUserDestPort1

Integer32 (0..65535)

Read-create

The value of this object identifies the lower limit of the destination port number.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.7.1.14

hwAclUserDestPort2

Integer32 (0..65535)

Read-create

The value of this object identifies the upper limit of the destination port number.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.7.1.19

hwAclUserTimeRangeIndex

Integer32 (0..256)

Read-create

The value of this object identifies the index of a time range during which an ACL rule can be applied.

The value ranges from 0 to 256. The value 0 declares that the ACL rule has no time range.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.7.1.20

hwAclUserIcmpType

Integer32 (0..255 | 65535)

Read-create

The value of this object identifies the ICMP message type.

The value ranges from 0 to 255. The value 65535 is invalid.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.7.1.21

hwAclUserIcmpCode

Integer32 (0..255 | 65535)

Read-create

The value of this object identifies the ICMP code.

The value ranges from 0 to 255. The value 65535 is invalid.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.7.1.24

hwAclUserEnable

TruthValue

Read-only

This object indicates whether the ACL rule takes effect currently

This object is Read-only.

The value can be:
  • true(1)
  • false(2)

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.7.1.26

hwAclUserVrfName

OCTET STRING

Read-create

This object indicates the VPN instance name specified in a user ACL.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.7.1.27

hwAclUserSrcUserGroupName

OCTET STRING

Read-create

This object indicates the source user resource group name. The value is a string of 0-32 characters.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.7.1.28

hwAclUserDestUserGroupName

OCTET STRING

Read-create

This object indicates the destination user resource group name. The value is a string of 0-32 characters.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.7.1.31

hwAclUserRowStatus

RowStatus

Read-create

This object indicates the status of the rows.

Currently, CreateAndGo, Active and Destroy are implemented.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.7.1.33

hwAclUserSrcUserGroupNum

Integer32

Read-create

This object indicates the source resource group number range.
  1. 0-64000
  2. 65535

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.7.1.34

hwAclUserDestUserGroupNum

Integer32

Read-create

This object indicates the destination resource group number range.
  1. 0-64000
  2. 65535

This object is implemented as defined in the corresponding MIB file.

Creation Restriction

  • Before you create an ACL rule, the primary index must have a corresponding value in hwAclNumGroupTable.

  • When you create an ACL rule, hwAclUserAct is necessarily configured.

  • When you specify the index of a time range during which an ACL rule can be applied, the time range that the index corresponds to must exist; otherwise, creating an ACL rule fails.

  • You need to specify the row status CreateAndGo of hwAclUserRowStatus.

Modification Restriction

The following entries in this table cannot be modified after created:

hwAclUserAct, hwAclUserProtocol, hwAclUserSrcIp, hwAclUserSrcWild, hwAclUserSrcOp, hwAclUserSrcPort1, hwAclUserSrcPort2, hwAclUserDestIp, hwAclUserDestWild, hwAclUserDestOp, hwAclUserDestPort1, hwAclUserDestPort2, hwAclUserTimeRangeIndex, hwAclUserIcmpType, hwAclUserIcmpCode, hwAclUserSrcUserGroupName, hwAclUserDestUserGroupName, hwAclUserSrcUserGroupNum, hwAclUserDestUserGroupNum.

Deletion Restriction

You need to specify the row status destroy.

Access Restriction

The entries in this table have values only when the entries in hwAclNumGroupTable have values.

hwAclIpv6BasicRuleTable

This table is used to create the rule of a basic ACL6 rule group. This table uses the index of hwAclIpv6NumGroupTable and the rule ID as the indexes.

The indexes of this table are hwAclIpv6BasicAclNum and hwAclIpv6BasicSubitem.

OID

Object Name

Syntax

Max Access

Description

Implemented Specifications

1.3.6.1.4.1.2011.5.1.1.12.1.1

hwAclIpv6BasicAclNum

Integer32

Read-only

This object indicates the primary index, which corresponds to the index in hwAclIpv6NumGroupTable. It indicates the number of a rule group. The value ranges from 2000 to 2999.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.12.1.2

hwAclIpv6BasicSubitem

Integer32

Read-only

This object indicates the secondary index, representing the ID of a rule in a rule group. The value ranges from 0 to 2047.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.12.1.3

hwAclIpv6BasicAct

INTEGER

Read-create

This object indicates the action corresponding to a rule:
  • permit
  • deny

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.12.1.4

hwAclIpv6BasicSrcIp

Ipv6Address

Read-create

This object indicates the source IPv6 address.

Set this object in hexadecimal format.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.12.1.5

hwAclIpv6BasicSrcPrefix

Integer32

Read-create

This object indicates the length of the IPv6 address prefix. The value ranges from 1 to 128.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.12.1.6

hwAclIpv6BasicTimeRangeIndex

TruthValue

Read-create

This object indicates the index of the time range referenced by a rule. The value ranges from 1 to 256.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.12.1.7

hwAclIpv6BasicFragment

MacAddress

Read-create

This object indicates whether the packets are non-initial fragments:
  • true
  • false

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.12.1.8

hwAclIpv6BasicLog

TruthValue

Read-create

This object indicates whether a log is generated for a matching packet:
  • true
  • false

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.12.1.9

hwAclIpv6BasicEnable

TruthValue

Read-only

This object indicates whether the rule is valid. This field is read—only.
  • true
  • false

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.12.1.10

hwAclIpv6BasicCount

Counter64

read-only

This is a read-only field. This object indicates the number of packets matching this ACL rule.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.12.1.12

hwAclIpv6BasicRowStatus

RowStatus

Read-create

This object indicates the row status. The value can be CreateAndGo, Active, or destroy.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.12.1.13

hwAclIpv6BasicDescription

OCTET STRING

Read-create

This object indicates the description of a basic ACL6 rule. The value ranges from 1 to 127.

This object is implemented as defined in the corresponding MIB file.

Creation Restriction

Before creating a rule, ensure that the value of the primary index exists in hwAclIpv6NumGroupTable.

When creating a rule, ensure that hwAclIpv6BasicAct is mandatory.

When creating a rule in the MIB, you need to apply the time range. The time range corresponding to the index must exist. Otherwise, the creation fails.

hwAclIpv6BasicDescription must be separately set, and does not support multiple variable bindings.

Modification Restriction

The entries in this table cannot be modified.

Deletion Restriction

The entries in this table can be deleted.

Access Restriction

The value of this table exists only when the value of hwAclIpv6NumGroupTable exists.

hwAclIpv6AdvancedRuleTable

This table is used to create the rule of an advanced ACL rule group. This table uses the index of hwAclIpv6NumGroupTable and the rule ID as the indexes.

The indexes of this table are hwAclIpv6AdvancedAclNum and hwAclIpv6AdvancedSubitem.

OID

Object Name

Syntax

Max Access

Description

Implemented Specifications

1.3.6.1.4.1.2011.5.1.1.13.1.1

hwAclIpv6AdvancedAclNum

Integer32

Read-only

This object indicates the primary index, which corresponds to the index in hwAclIpv6NumGroupTable. It indicates the number of a rule group. The value ranges from 3000 to 3999.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.13.1.2

hwAclIpv6AdvancedSubitem

Integer32

Read-only

This object indicates the secondary index, representing the ID of a rule in a rule group. The value ranges from 0 to 2047.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.13.1.3

hwAclIpv6AdvancedAct

INTEGER

Read-create

This object indicates the action corresponding to a rule:
  • permit
  • deny

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.13.1.4

hwAclIpv6AdvancedProtocol

Integer32

Read-create

This object identifies the protocol number. The value ranges from 1 to 255.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.13.1.5

hwAclIpv6AdvancedSrcIp

IpAddress

Read-create

This object indicates the source IP address.

Set this object in hexadecimal format.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.13.1.6

hwAclIpv6AdvancedSrcPrefix

IpAddress

Read-create

This object indicates the length of the source address prefix. The value ranges from 1 to 128.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.13.1.7

hwAclIpv6AdvancedSrcOp

INTEGER

Read-create

The value of this object identifies the operator of the source port range.

The value can be:

  • lt(1): indicates "less than".
  • eq(2): indicates "equal".
  • gt(3): indicates "larger than".
  • range(5): indicates "between".

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.13.1.8

hwAclIpv6AdvancedSrcPort1

Integer32

Read-create

This object identifies the lower limit on the source port number.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.13.1.9

hwAclIpv6AdvancedSrcPort2

Integer32

Read-create

This object identifies the upper limit on the source port number.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.13.1.10

hwAclIpv6AdvancedDestIp

IpAddress

Read-create

This object indicates the destination IP address.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.13.1.11

hwAclIpv6AdvancedDestPrefix

IpAddress

Read-create

This object indicates the length of the destination address prefix. The value ranges from 1 to 128.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.13.1.12

hwAclIpv6AdvancedDestOp

INTEGER

Read-create

The value of this object identifies the operator of the destination port range.

The value can be:

  • lt(1): indicates "less than".
  • eq(2): indicates "equal".
  • gt(3): indicates "larger than".
  • range(5): indicates "between".

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.13.1.13

hwAclIpv6AdvancedDestPort1

Counter64

Read-create

This object identifies the lower limit on the destination port number.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.13.1.14

hwAclIpv6AdvancedDestPort2

Integer32

Read-create

This object identifies the upper limit on the destination port number.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.13.1.15

hwAclIpv6AdvancedPrecedence

Integer32

Read-create

This object identifies the precedence field, that is, three higher-order bits of the ToS field in an IP packet. The value ranges from 0 to 7.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.13.1.16

hwAclIpv6AdvancedTos

Integer32

Read-create

This object identifies the Precedence field, that is, four bits after the ToS field in an IP packet. The value ranges from 0 to 15.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.13.1.17

hwAclIpv6AdvancedDscp

Integer32

Read-create

This object identifies the DSCP value, that is, seven higher-order bits of the ToS field in an IP header. The value ranges from 0 to 63.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.13.1.19

hwAclIpv6AdvancedTimeRangeIndex

Integer32

Read-create

This object indicates the time range index referenced by a rule. The value ranges from 1 to 256.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.13.1.20

hwAclIpv6AdvancedIcmpType

Integer32

Read-create

This object identifies the ICMP type. The value ranges from 0 to 255.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.13.1.21

hwAclIpv6AdvancedIcmpCode

Integer32

Read-create

This object identifies the ICMP code. The value ranges from 0 to 255.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.13.1.22

hwAclIpv6AdvancedFragments

TruthValue

Read-create

This object indicates whether the packets are non-initial fragments:
  • true
  • false

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.13.1.23

hwAclIpv6AdvancedLog

TruthValue

Read-create

This object indicates whether a log is generated for a matching packet:
  • true
  • false

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.13.1.24

hwAclIpv6AdvancedEnable

TruthValue

Read-only

This object indicates whether the rule takes effect. The field is read only.
  • true
  • false

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.13.1.27

hwAclIpv6AdvancedRowStatus

RowStatus

Read-create

This object indicates the row status. The value can be CreateAndGo or destroy.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.1.13.1.28

hwAclIpv6AdvancedDescription

OCTET STRING

Read-create

This object indicates the description of an advanced ACL rule. The value ranges from 1 to 127.

This object is implemented as defined in the corresponding MIB file.

Creation Restriction

  • Before creating a rule, ensure that the value of the primary index exists in hwAclIpv6NumGroupTable.

  • When you create a rule, the hwAclIpv6AdvancedAct and hwAclIpv6AdvancedProtocol fields are mandatory.

  • You need to specify the values of hwAclIpv6AdvancedSrcIp and hwAclIpv6AdvancedSrcWild fields.

  • You need to specify the values of hwAclIpv6AdvancedSrcOp and (hwAclIpv6AdvancedSrcPort1 | hwAclIpv6AdvancedSrcPort2).

  • You need to specify the values of hwAclIpv6AdvancedDestIp and hwAclIpv6AdvancedDestWild.

  • You need to specify the values of hwAclIpv6AdvancedDestOp and (hwAclIpv6AdvancedDestPort1| hwAclIpv6AdvancedDestPort2).

  • hwAclIpv6AdvancedIcmpCode and hwAclIpv6AdvancedIcmpType must be specified simultaneously, and hwAclIpv6AdvancedIcmpType can be specified independently.

  • You need to apply the time range to the created rule in the MIB.

  • hwAclIpv6AdvancedDescription must be separately set, and does not support multiple variable bindings.

Modification Restriction

The entries in this table cannot be modified.

Deletion Restriction

The entries in this table can be deleted.

Access Restriction

The value of this table exists only when the value of hwAclIpv6NumGroupTable exists.

hwAclIpv6NumGroupTable

This table is used to configure the ACL rule group including the matching sequence, step, and description.

The index of this table is hwAclIpv6NumGroupAclNum.

OID

Object Name

Syntax

Max Access

Description

Implemented Specifications

1.3.6.1.4.1.2011.5.1.1.16.1.1

hwAclIpv6NumGroupAclNum

Integer32

read-only

This object indicates the index, that is, the number of an IPv6 ACL group. The value range is as follows:
  • A basic ACL ranges from 2000 to 2999.
  • An advanced ACL ranges from 3000 to 3999.

This object is implemented as defined in the corresponding MIB files.

1.3.6.1.4.1.2011.5.1.1.16.1.2

hwAclIpv6NumGroupMatchOrder

Integer32

read-create

This object indicates the matching order of a rule group:
  • config: indicates the user configuration order.
  • auto: indicates the automatic configuration order.
  • default: indicates the default configuration order.

This object is implemented as defined in the corresponding MIB files.

1.3.6.1.4.1.2011.5.1.1.16.1.3

hwAclIpv6NumGroupSubitemNum

Counter32

read-only

This object indicates the number of rules in a rule group. This field is read-only.

This object is implemented as defined in the corresponding MIB files.

1.3.6.1.4.1.2011.5.1.1.16.1.5

hwAclIpv6NumGroupAclName

OCTET STRING (SIZE (1..64))

read-create

This object indicates the ACL group name. The value is a string of 1 to 64 characters.

This object is implemented as defined in the corresponding MIB files.

1.3.6.1.4.1.2011.5.1.1.16.1.7

hwAclIpv6NumGroupAclType

INTEGER

read-create

This object indicates the ACL group types, including:
  • basic(1)
  • advanced(2)

This object is implemented as defined in the corresponding MIB files.

1.3.6.1.4.1.2011.5.1.1.16.1.51

hwAclIpv6NumGroupRowStatus

RowStatus

read-create

This object indicates the row status. The value can be CreateAndGo or destroy.

This object is implemented as defined in the corresponding MIB files.

Creation Restriction

None.

Modification Restriction

If there are rules in the rule group to which the index corresponds, hwAclIpv6NumGroupMatchOrder cannot be changed. hwAclIpv6NumGroupAclName can be created but cannot be modified.

Deletion Restriction

The entries in this table can be deleted. You only need to specify the primary index and row status.

Access Restriction

None.

hwAclResourceTrapsTable

This table lists all parameters related to the ACL resource alarm.

OID

Object Name

Syntax

Max Access

Description

Implemented Specifications

1.3.6.1.4.1.2011.5.1.2.2.1.1.1

hwAclResSlotStr

OCTET STRING

accessible-for-notify

Specifies the slot ID of the card where the alarm is generated.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.2.2.1.1.2

hwAclResStage

OCTET STRING

accessible-for-notify

Indicates the ACL processing stage when the alarm is generated.

This object is implemented as defined in the corresponding MIB file.

1.3.6.1.4.1.2011.5.1.2.2.1.1.3

hwAclResLimit

Integer32

accessible-for-notify

Indicates the alarm threshold percentage of ACL resource usage.

This object is implemented as defined in the corresponding MIB file.

Creation Restriction

None

Modification Restriction

None

Deletion Restriction

None

Access Restriction

None

Description of Alarm Objects

hwAclResThresholdExceedClearTrap

OID

Object Name

Binding Variable

Description

Status

1.3.6.1.4.1.2011.5.1.2.2.1.1.4.1

hwAclResThresholdExceedClearTrap

  • hwAclResSlotStr
  • hwAclResStage
  • hwAclResLimit

This object is the clear alarm of ACL resource usage.

current

hwAclResThresholdExceedTrap

OID

Object Name

Binding Variable

Description

Status

1.3.6.1.4.1.2011.5.1.2.2.1.1.4.2

hwAclResThresholdExceedTrap

  • hwAclResSlotStr
  • hwAclResStage
  • hwAclResLimit

This object is the alarm of ACL resource usage.

current

hwAclResTotalCountExceedClearTrap

OID

Object Name

Binding Variable

Description

Status

1.3.6.1.4.1.2011.5.1.2.2.1.1.4.3

hwAclResTotalCountExceedClearTrap

  • hwAclResSlotStr
  • hwAclResStage
  • hwAclResLimit

This object is the alarm indicating that ACL resources are used up.

current

hwAclResTotalCountExceedTrap

OID

Object Name

Binding Variable

Description

Status

1.3.6.1.4.1.2011.5.1.2.2.1.1.4.4

hwAclResTotalCountExceedTrap

  • hwAclResSlotStr
  • hwAclResStage
  • hwAclResLimit

This object is the clear alarm indicating that ACL resources are available.

current

Unsupported Objects

The functions corresponding to the following objects are not supported on the device. Do not use these MIB objects to maintain the device.

Table 12-1  List of unsupported objects

Object ID

Object Name

Table

1.3.6.1.4.1.2011.5.1.1.2.1.6

hwAclNumGroupCountClear

hwAclNumGroupTable

1.3.6.1.4.1.2011.5.1.1.4.1.11

hwAclBasicVrfName

hwAclBasicRuleTable

1.3.6.1.4.1.2011.5.1.1.5.1.26

hwAclAdvancedVrfName

hwAclAdvancedRuleTable

1.3.6.1.4.1.2011.5.1.1.10

hwAclCompileEnableFlag

Single object

1.3.6.1.4.1.2011.5.1.1.11

hwAclCompileNumGroupTable

hwAclCompileNumGroupTable

1.3.6.1.4.1.2011.5.1.1.11.1.1

hwAclCompileNumGroupStatus

hwAclCompileNumGroupTable

1.3.6.1.4.1.2011.5.1.1.12.1.11

hwAclIpv6BasicVrfName

hwAclIpv6BasicRuleTable

1.3.6.1.4.1.2011.5.1.1.13.1.18

hwAclIpv6AdvancedEstablish

hwAclIpv6AdvancedRuleTable

1.3.6.1.4.1.2011.5.1.1.13.1.25

hwAclIpv6AdvancedCount

hwAclIpv6AdvancedRuleTable

1.3.6.1.4.1.2011.5.1.1.13.1.26

hwAclIpv6AdvancedVrfName

hwAclIpv6AdvancedRuleTable

1.3.6.1.4.1.2011.5.1.1.16.1.4

hwAclIpv6NumGroupCountClear

hwAclIpv6NumGroupTable

1.3.6.1.4.1.2011.5.1.1.16.1.6

hwAclIpv6NumGroupDescription

hwAclIpv6NumGroupTable

1.3.6.1.4.1.2011.5.1.1.7.1.15 hwAclUserPrecedence hwAclUserRuleTable
1.3.6.1.4.1.2011.5.1.1.7.1.16 hwAclUserTos hwAclUserRuleTable
1.3.6.1.4.1.2011.5.1.1.7.1.17 hwAclUserDscp hwAclUserRuleTable
1.3.6.1.4.1.2011.5.1.1.7.1.18 hwAclUserEstablish hwAclUserRuleTable
1.3.6.1.4.1.2011.5.1.1.7.1.22 hwAclUserFragments hwAclUserRuleTable
1.3.6.1.4.1.2011.5.1.1.7.1.23 hwAclUserLog hwAclUserRuleTable
1.3.6.1.4.1.2011.5.1.1.7.1.25 hwAclUserCount hwAclUserRuleTable
1.3.6.1.4.1.2011.5.1.1.7.1.29 hwAclUserSrcModeType hwAclUserRuleTable
1.3.6.1.4.1.2011.5.1.1.7.1.30 hwAclUserDestModeType hwAclUserRuleTable
1.3.6.1.4.1.2011.5.1.1.7.1.32 hwAclUserTcpSyncFlag hwAclUserRuleTable
Translation
Download
Updated: 2019-09-23

Document ID: EDOC1000178122

Views: 783896

Downloads: 36

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next