HUAWEI-ACL-MIB

S12700 and S12700E V200R019C10 MIB Reference

This document provides the function overview, relationships between tables, description of single objects, description of MIB tables, and description of alarm objects.

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

HUAWEI-ACL-MIB

Functions Overview
Relationships Between Tables
Description of Single Objects
Description of MIB Tables
Description of Alarm Objects
Unsupported Objects

Functions Overview

HUAWEI-ACL-MIB is used to configure a series of rules for filtering packets to allow only packets of certain types.

This MIB supports the following operations:

Query of ACL configurations
Setting of ACLs

The OID of root objects is:

iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).huawei(2011).huaweiMgmt(5).hwAcl(1)

Relationships Between Tables

Figure 12-1 Relationship between hwAclNumGroupTable and rule tables

Figure 12-1 shows the relationships between hwAclNumGroupTable (public table), hwAclBasicRuleTable (basic ACL), hwAclAdvancedRuleTable (advanced ACL), hwAclUserRuleTable (user ACL), and hwAclEthernetFrameRuleTable (Layer 2 ACL), and between hwAclIpv6NumGroupTable (public table), hwAclIpv6BasicRuleTable (basic ACL6), and hwAclIpv6AdvancedRuleTable (advanced ACL6).

In this MIB, you can create rules in the corresponding rule table only after you create a rule group in hwAclNumGroupTable or hwAclIpv6NumGroupTable.

Description of Single Objects

None.

Description of MIB Tables

hwAclNumGroupTable

This table is used to configure information on ACL rule groups, including the ACL configuration order, step length, and description.

The index of this table is hwAclNumGroupAclNum.

OID	Object Name	Syntax	Max Access	Description	Implemented Specifications
1.3.6.1.4.1.2011.5.1.1.2.1.1	hwAclNumGroupAclNum	Integer32 (2000..2999 \| 3000..3999 \| 4000..4999 \| 5000..5999\| 6000..9999)	Read-only	This object is the index of this table. Its value identifies the number of a rule group. The value range varies with the type of ACLs: Basic ACL: 2000 to 2999 Advanced ACL: 3000 to 3999 Layer 2 ACL: 4000 to 4999 User-defined ACL: 5000 to 5999 User ACL: 6000 to 9999	This object is implemented as defined in the corresponding MIB files.
1.3.6.1.4.1.2011.5.1.1.2.1.2	hwAclNumGroupMatchOrder	Integer32 { config(1), auto(2) }	Read-create	The value of this object identifies the matching order of a rule group. The value can be: config(1): indicates that ACL rules are matched following configuration sequences. auto(2): indicates that ACL rules are matched following the depth first principle.	This object is implemented as defined in the corresponding MIB files.
1.3.6.1.4.1.2011.5.1.1.2.1.3	hwAclNumGroupSubitemNum	INTEGER (0..4294967295)	Read-only	The value of this object identifies the number of rules in a rule group.	This object is implemented as defined in the corresponding MIB files.
1.3.6.1.4.1.2011.5.1.1.2.1.4	hwAclNumGroupStep	Integer32	Read-create	The value of this object identifies ACL steps. If you do not specify the rule ID when creating a rule, a rule ID is automatically generated based on the ACL step. The value of the ACL step ranges from 1 to 20. The default value is 5. The rule ID automatically generated by the system begins with the step value so that a new rule can be inserted in front of the first rule. For instance, if the step value is 5, the rule ID begins with 5; if the step value is 2, the rule ID begins with 2.	This object is implemented as defined in the corresponding MIB files.
1.3.6.1.4.1.2011.5.1.1.2.1.5	hwAclNumGroupDescription	OCTET STRING (SIZE (0..127))	Read-create	This object indicates the description of a rule group. The value cannot be larger than 127.	This object is implemented as defined in the corresponding MIB files.
1.3.6.1.4.1.2011.5.1.1.2.1.7	hwAclNumGroupRowStatus	INTEGER{active(1),notInService(2),notReady(3),createAndGo(4),createAndWait(5),destroy(6)}	Read-create	This object indicates the status of rows. Currently, createAndGo, active, and destroy are implemented.	This object is implemented as defined in the corresponding MIB files.
1.3.6.1.4.1.2011.5.1.1.2.1.8	hwAclNumGroupAclName	OCTET STRING (SIZE (1..64))	Read-create	The name of an ACL. It is a string of 1 to 64 case-sensitive characters without spaces. The name should start with a letter and can contain numbers, hyphens (-), or underscores (_).	This object is implemented as defined in the corresponding MIB files.
1.3.6.1.4.1.2011.5.1.1.2.1.9	hwAclNumGroupAclType	INTEGER	Read-create	The name of an ACL group, the value can be: basic(1) advanced(2) link(3) user(4) ucl(8)	This object is implemented as defined in the corresponding MIB files.

Creation Restriction

hwAclNumGroupCountClear is effective only when the rule group is counted. In addition, it is effective only at the time you perform the Set operation to this object. You need to specify the row status CreateAndGo of hwAclNumGroupRowStatus.

hwAclNumGroupAclName is effective only when the rule group is from 2000 to 9999.

Modification Restriction

If the rule group with the specified index contains rules, hwAclNumGroupMatchOrder cannot be modified.

hwAclNumGroupAclName object cannot be modified once a rule is created.

Deletion Restriction

There is no restriction when you delete the entries in this table. You only need to specify the primary index and row status destroy.

Access Restriction

The entries in this table can be read without restraint. hwAclNumGroupCountClear is effective only at the time you perform the Set operation to this object; therefore, the value of this object that you have read is of no actual meaning.

hwAclBasicRuleTable

This table is used to create rules in a basic ACL rule group.

This table uses the index of hwAclNumGroupTable together with an object with the increasing value, that is, rule ID, as its index.

The indexes of this table are hwAclBasicAclNum and hwAclBasicSubitem.

OID	Object Name	Syntax	Max Access	Description	Implemented Specifications
1.3.6.1.4.1.2011.5.1.1.4.1.1	hwAclBasicAclNum	Integer32 ( 2000..2999 )	Read-only	The value of this object identifies the primary index. It corresponds to the index of hwAclNumGroupTable, indicating the rule group number. The value of the primary index ranges from 2000 to 2999.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.4.1.2	hwAclBasicSubitem	unsigned int32	Read-only	The value of this object identifies the secondary index. It refers to the rule ID in the rule group. The value ranges from 0 to 4294967294. If the rule corresponding to the rule ID exists, the new rule overwrites the old one. This operation equals modifying an existent ACL rule. If the rule corresponding to the rule ID does not exist, a new rule is created and inserted based on the order of the rule ID. If no rule ID is specified, the system automatically assigns one when you create a rule.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.4.1.3	hwAclBasicAct	INTEGER { permit(1), deny(2)}	Read-create	The value of this object identifies the action of an ACL rule. The value can be: permit(1): permits the packets that match the rule deny(2): discards the packets that match the rule	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.4.1.4	hwAclBasicSrcIp	OCTET STRING (SIZE (4))	Read-create	The value of this object identifies the source IP address.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.4.1.5	hwAclBasicSrcWild	OCTET STRING (SIZE (4))	Read-create	The value of this object identifies the wildcard mask of the source IP address. The value ranges from 0.0.0.0 to 255.255.255.255.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.4.1.6	hwAclBasicTimeRangeIndex	Integer32	Read-create	The value of this object identifies the index of a time range during which an ACL rule can be applied. The value ranges from 0 to 256. The value 0 declares that the ACL rule has no time range.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.4.1.7	hwAclBasicFragments	INTEGER { fragmentSubseq(0), fragment(1), nonFragment(2), nonSubseq(3) none(255) }	Read-create	This object cannot be modified once a rule is created. This object indicates the type of the packet. The value can be: 0: fragmentSubseq, indicating that the packet is a subsequent fragment 1: fragment, indicating that the packet is a fragment 2: nonFragment, indicating that the packet is not a fragment 3: nonSubseq, indicating that the packet is not a subsequent fragment 255: none, default	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.4.1.8	hwAclBasicLog	INTEGER{true(1),false(2)}	Read-create	This object indicates whether to record logs for the matched packets. The log contents include the sequence number of an ACL rule, packets passed or discarded, upper layer protocol type over IP, source or destination address, source or destination port number, and number of packets. The value can be: true(1) false(2)	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.4.1.9	hwAclBasicEnable	INTEGER{true(1),false(2)}	Read-only	This object indicates whether the ACL rule takes effect currently This object is Read-only. The value can be: true(1) false(2)	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.4.1.10	hwAclBasicCount	INTEGER (0..18446744073709551615)	Read-only	The value of this object identifies the count of bits matched with an ACL rule. A maximum of 64 bits can be matched with an ACL rule.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.4.1.12	hwAclBasicRowStatus	INTEGER{active(1),notInService(2),notReady(3),createAndGo(4),createAndWait(5),destroy(6)}	Read-create	This object indicates the status of the rows. Currently, CreateAndGo, Active and Destroy are implemented.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.4.1.13	hwAclBasicDescription	OCTET STRING (SIZE (1..127))	Read-create	The description of a basic ACL. The length cannot exceed 127 characters.	This object is implemented as defined in the corresponding MIB file.

Creation Restriction

Before you create an ACL rule, the primary index must have a corresponding value in hwAclNumGroupTable.
When you create an ACL rule, hwAclBasicAct is necessarily configured.
When you specify the index of a time range during which an ACL rule can be applied, the time range that the index corresponds to must exist; otherwise, creating an ACL rule fails.
You need to specify the row status CreateAndGo of hwAclNumGroupRowStatus.
hwAclBasicDescription must be separately set, and does not support multiple variable bindings.

Modification Restriction

The following entries in this table cannot be modified after created:

hwAclBasicAct, hwAclBasicSrcIp, hwAclBasicSrcWild, hwAclBasicTimeRangeIndex, hwAclBasicFragments, hwAclBasicLog.

Deletion Restriction

You need to specify the row status destroy.

Access Restriction

The entries in this table have values only when the entries in hwAclNumGroupTable have values.

hwAclAdvancedRuleTable

This table is used to create rules in an advanced ACL rule group.

This table uses the index of hwAclNumGroupTable together with an object with the increasing value, that is, rule ID, as its index.

The indexes of this table are hwAclAdvancedAclNum and hwAclAdvancedSubitem.

OID	Object Name	Syntax	Max Access	Description	Implemented Specifications
1.3.6.1.4.1.2011.5.1.1.5.1.1	hwAclAdvancedAclNum	Integer32 (3000..3999)	Read-only	The value of this object identifies the primary index. It corresponds to the index of hwAclNumGroupTable, indicating the rule group number. The value ranges from 3000 to 3999.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.2	hwAclAdvancedSubitem	Unsigned int32	Read-only	The value of this object identifies the secondary index. It is rule ID in a rule group. The value ranges from 0 to 4294967294. If the rule corresponding to the rule ID exists, the new rule overwrites the old one. This operation equals modifying an existent ACL rule. If the rule corresponding to the rule ID does not exist, a new rule is created and inserted based on the order of the rule ID. If no rule ID is specified, the system automatically assigns one when you create a rule.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.3	hwAclAdvancedAct	INTEGER { permit(1), deny(2) }	Read-create	The value of this object identifies the action of an ACL rule. The value can be: permit(1): permits the packets that match the rule deny(2): discards the packets that match the rule	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.4	hwAclAdvancedProtocol	Integer32 (0..255)	Read-create	The object indicates the protocol type of a rule. It specifies the protocol type over IP. The value ranges from 0 to 255. The value 0 indicates any types of IP packets.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.5	hwAclAdvancedSrcIp	OCTET STRING (SIZE (4))	Read-create	The value of this object identifies the source IP address.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.6	hwAclAdvancedSrcWild	OCTET STRING (SIZE (4))	Read-create	The value of this object identifies the wildcard mask of the source IP address. The value ranges from 0.0.0.0 to 255.255.255.255.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.7	hwAclAdvancedSrcOp	INTEGER { lt(1), eq(2), gt(3), invalid(0), range(5) }	Read-create	The value of this object identifies the operator of the source port range. The value can be: invalid(0): indicates "invalid". That is, the current operation is invalid. lt(1): indicates "less than". eq(2): indicates "equal". gt(3): indicates "larger than". range(5): indicates "between".	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.8	hwAclAdvancedSrcPort1	Integer32 (0..65535)	Read-create	The value of this object identifies the lower limit of the source port number.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.9	hwAclAdvancedSrcPort2	Integer32 (0..65535)	Read-create	The value of this object identifies the upper limit of the source port number.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.10	hwAclAdvancedDestIp	OCTET STRING (SIZE (4))	Read-create	This object indicates the destination IP address.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.11	hwAclAdvancedDestWild	OCTET STRING (SIZE (4))	Read-create	This object indicates the mask of the destination IP address.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.12	hwAclAdvancedDestOp	INTEGER {lt(1), eq(2), gt(3), invalid(0), range(5) }	Read-create	The value of this object identifies the operator of the destination port range. The value can be: invalid(0): indicates "invalid". That is, the current operation is invalid. lt(1): indicates "less than". eq(2): indicates "equal". gt(3): indicates "larger than". range(5): indicates "between".	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.13	hwAclAdvancedDestPort1	Integer32 (0..65535)	Read-create	The value of this object identifies the lower limit of the destination port number.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.14	hwAclAdvancedDestPort2	Integer32 (0..65535)	Read-create	The value of this object identifies the upper limit of the destination port number.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.15	hwAclAdvancedPrecedence	Integer32 (0..7 \| 255)	Read-create	The value of this object identifies the precedence sub-field. It is the higher 3 bits of the TOS field in an IP header. The value ranges from 0 to 7.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.16	hwAclAdvancedTos	Integer32 (0..15 \| 255)	Read-create	The value of this object identifies the TOS sub-field. This field covers 4 bits after the higher three bits of the TOS field in an IP header. The value ranges from 0 to 15.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.17	hwAclAdvancedDscp	Integer32 (0..63 \| 255)	Read-create	The value of this object identifies the higher 6 bits of the TOS field in an IP header. The value ranges from 0 to 63.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.18	hwAclAdvancedEstablish	INTEGER{true(1),false(2)}	Read-create	This object indicates whether to create an ACL rule group.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.19	hwAclAdvancedTimeRangeIndex	Integer32 (0..256)	Read-create	The value of this object identifies the index of a time range during which an ACL rule can be applied. The value ranges from 0 to 256. The value 0 means no time range. It declares that the ACL rule has no time range.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.20	hwAclAdvancedIcmpType	Integer32 (0..255 \| 65535)	Read-create	The value of this object identifies the ICMP message type. The value ranges from 0 to 255. The value 65535 is invalid.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.21	hwAclAdvancedIcmpCode	Integer32 (0..255 \| 65535)	Read-create	The value of this object identifies the ICMP code. The value ranges from 0 to 255. The value 65535 is invalid.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.22	hwAclAdvancedFragments	INTEGER { fragment(1), nonFragment(2), }	Read-create	This object cannot be modified once a rule is created. Enumeration. This object indicates the type of the packet. The value can be: 1: fragment, indicating that the packet is a fragment 2: nonFragment, indicating that the packet is not a fragment	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.23	hwAclAdvancedLog	INTEGER{true(1),false(2)}	Read-create	This object indicates whether to record logs for the matched packets. The value can be: true(1) false(2) The log contents include the sequence number of an ACL rule, packets passed or discarded, upper layer protocol type over IP, source or destination address, source or destination port number, and number of packets.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.24	hwAclAdvancedEnable	INTEGER{true(1),false(2)}	Read-only	This object indicates whether the ACL rule takes effect currently. The value can be: true(1) false(2)	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.25	hwAclAdvancedCount	INTEGER (0..18446744073709551615)	Read-only	The value of this object identifies the count of bits matched with an ACL rule. A maximum of 64 bits can be matched with an ACL rule.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.27	hwAclAdvancedRowStatus	INTEGER{active(1),notInService(2),notReady(3),createAndGo(4),createAndWait(5),destroy(6)}	Read-create	This object indicates the status of the rows. Currently, createAndGo and destroy are implemented.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.28	hwAclAdvancedTcpSyncFlag	Integer32	Read-create	The value of this object identifies a TCP Synchronization flag. The value ranges from 0 to 63. The value -1 is invalid.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.29	hwAclAdvancedDescription	OCTET STRING (SIZE (1..127))	Read-create	The description of an advanced ACL. The length cannot exceed 127 characters.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.5.1.32	hwAclAdvancedProtocolNew	Integer32 (0..255\|65535)	read-create	The value of this object identifies the protocol type of ACL rules.	This object is implemented as defined in the corresponding MIB files.

Creation Restriction

Before you create an ACL rule, the primary index must have a corresponding value in hwAclNumGroupTable.
When you create an ACL rule, hwAclAdvancedAct is necessarily configured.
You need to specify the values of hwAclAdvancedSrcIp and hwAclAdvancedSrcWild simultaneously.
You need to specify the values of hwAclAdvancedSrcOp and (hwAclAdvancedSrcPort1 | hwAclAdvancedSrcPort2) simultaneously.
You need to specify the values of hwAclAdvancedDestIp and hwAclAdvancedDestWild simultaneously.
You need to specify the values of hwAclAdvancedDestOp and (hwAclAdvancedDestPort1| hwAclAdvancedDestPort2) simultaneously.
hwAclAdvancedIcmpCode and hwAclAdvancedIcmpType must be specified simultaneously, and hwAclAdvancedIcmpType can be specified independently.
You cannot set hwAclAdvancedPrecedence and hwAclAdvancedDscp simultaneously.
When you specify the index of a time range during which an ACL rule can be applied, the time range that the index corresponds to must exist; otherwise, creating an ACL rule fails.
You need to specify the row status CreateAndGo of hwAclNumGroupRowStatus.
hwAclAdvancedDescription must be separately set, and does not support multiple variable bindings.

Modification Restriction

The following entries in this table cannot be modified after created:

hwAclAdvancedAct, hwAclAdvancedProtocol, hwAclAdvancedSrcIp, hwAclAdvancedSrcWild, hwAclAdvancedSrcOp, hwAclAdvancedSrcPort1, hwAclAdvancedSrcPort2, hwAclAdvancedDestIp, hwAclAdvancedDestWild, hwAclAdvancedDestOp, hwAclAdvancedDestPort1, hwAclAdvancedDestPort2, hwAclAdvancedPrecedence, hwAclAdvancedTos, hwAclAdvancedDscp, hwAclAdvancedEstablish, hwAclAdvancedTimeRangeIndex, hwAclAdvancedIcmpType, hwAclAdvancedIcmpCode, hwAclAdvancedFragments, hwAclAdvancedLog, hwAclAdvancedTcpSyncFlag.

Deletion Restriction

You need to specify the row status destroy.

Access Restriction

The entries in this table have values only when the entries in hwAclNumGroupTable have values.

hwAclEthernetFrameRuleTable

This table is used to create the rule of a Layer 2 ACL rule group. This table uses the index of hwAclNumGroupTable and the rule ID as the indexes.

The indexes of this table are hwAclEthernetFrameAclNum and hwAclEthernetFrameSubitem.

OID	Object Name	Syntax	Max Access	Description	Implemented Specifications
1.3.6.1.4.1.2011.5.1.1.14.1.1	hwAclEthernetFrameAclNum	Integer32	Read-only	This object indicates the primary index, which corresponds to the index in hwAclNumGroupTable. It indicates the number of a rule group. The value ranges from 4000 to 4999.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.14.1.2	hwAclEthernetFrameSubitem	unsigned int32	Read-only	This object indicates the secondary index, representing the ID of a rule in a rule group. The value ranges from 0 to 4294967295.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.14.1.3	hwAclEthernetFrameAct	INTEGER (0..4294967295)	Read-create	This object indicates the action corresponding to a rule: permit deny	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.14.1.4	hwAclEthernetFrameType	Integer32	Read-create	This object indicates the Ethernet frame type. The value 0 is invalid. The value ranges from 0 to 65535.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.14.1.5	hwAclEthernetFrameTypeMask	Integer32	Read-create	This object indicates the mask of the Ethernet frame type. The value ranges from 0 to 65535.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.14.1.6	hwAclEthernetFrameSrcMac	OCTET STRING (SIZE (6))	Read-create	This object indicates the source MAC address. Set this object in hexadecimal format.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.14.1.7	hwAclEthernetFrameSrcMacMask	OCTET STRING (SIZE (6))	Read-create	This object indicates the mask of the source MAC address. Set this object in hexadecimal format.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.14.1.8	hwAclEthernetFrameDstMac	OCTET STRING (SIZE (6))	Read-create	This object indicates the destination MAC address. Set this object in hexadecimal format.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.14.1.9	hwAclEthernetFrameDstMacMask	OCTET STRING (SIZE (6))	Read-create	This object indicates the mask of the destination MAC address. Set this object in hexadecimal format.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.14.1.10	hwAclEthernetFrameTimeRangeIndex	Integer32	Read-create	This object indicates the time range index referenced by a rule. The value ranges from 0 to 256.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.14.1.11	hwAclEthernetFrameLog	Integer32	Read-create	This object indicates whether logging is configured for the rule.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.14.1.12	hwAclEthernetFrameEnable	INTEGER{enabled(1),disabled(2)}	Read-only	This object indicates whether the rule takes effect: enabled disabled	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.14.1.14	hwAclEthernetFrameRowStatus	INTEGER{active(1),notInService(2),notReady(3),createAndGo(4),createAndWait(5),destroy(6)}	Read-create	This object indicates the row status. The value can be CreateAndGo or destroy.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.14.1.15	hwAclEthernetFrameEncapType	Integer	Read-create	This object indicates the encapsulation type of a rule: ether2(1) ieee802dot3(2) snap(3) none(255)	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.14.1.16	hwAclEthernetFrameDoubleTag	INTEGER{true(1),false(2)}	Read-create	This object indicates the rule of the double-tagged VLAN: true false By default, the value is false.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.14.1.17	hwAclEthernetFrameVlanId	Integer32	Read-create	This object indicates the outer VLAN ID. The value 0 is invalid and the value ranges from 0 to 4094.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.14.1.18	hwAclEthernetFrameVlanIdMask	Integer32	Read-create	This object indicates the mask of the outer VLAN ID. The value ranges from 0 to 4095.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.14.1.19	hwAclEthernetFrameCVlanId	Integer32	Read-create	This object indicates the inner VLAN ID. The value 0 is invalid and the value ranges from 0 to 4094.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.14.1.20	hwAclEthernetFrameCVlanIdMask	Integer32	Read-create	This object indicates the mask of the inner VLAN ID. The value ranges from 0 to 4095.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.14.1.21	hwAclEthernetFrameRule8021p	Integer32	Read-create	This object indicates the 802.1p priority in the single VLAN tag. The value range is as follows: 0 to 7 By default, the value is 255.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.14.1.22	hwAclEthernetFrameRuleCVlan8021p	Integer32	Read-create	This object indicates the 802.1p priority in the inner VLAN tag. The value range is as follows: 0 to 7 By default, the value is 255.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.14.1.23	hwAclEthernetFrameDescription	OCTET STRING	Read-create	This object indicates the description of the Layer 2 rule. The value ranges from 1 to 127.	This object is implemented as defined in the corresponding MIB file.

Creation Restriction

Before creating a rule, ensure that the value of the primary index exists in hwAclNumGroupTable.

When you create a rule, that hwAclEthernetFrameAct is mandatory.

When creating a rule in the MIB, you need to apply the time range to the created rule. The time range corresponding to the index must exist. Otherwise, the creation fails.

hwAclEthernetFrameDescription must be separately set, and does not support multiple variable bindings.

Modification Restriction

The following entries in this table cannot be modified after created:

hwAclEthernetFrameAct, hwAclEthernetFrameType, hwAclEthernetFrameTypeMask, hwAclEthernetFrameSrcMac, hwAclEthernetFrameSrcMacMask, hwAclEthernetFrameDstMac, hwAclEthernetFrameDstMacMask, hwAclEthernetFrameTimeRangeIndex, hwAclEthernetFrameEncapType, hwAclEthernetFrameDoubleTag, hwAclEthernetFrameVlanId, hwAclEthernetFrameVlanIdMask, hwAclEthernetFrameCVlanId, hwAclEthernetFrameCVlanIdMask, hwAclEthernetFrameRule8021p, hwAclEthernetFrameRuleCVlan8021p.

Deletion Restriction

The entries in this table can be deleted.

Access Restriction

The value of this table exists only when the value of hwAclNumGroupTable exists.

hwAclUserRuleTable

This table is used to create rules in a user ACL rule group.

This table uses the index of hwAclNumGroupTable together with an object with the increasing value, that is, rule ID, as its index.

The indexes of this table are hwAclUserAclNum and hwAclUserSubitem.

OID	Object Name	Syntax	Max Access	Description	Implemented Specifications
1.3.6.1.4.1.2011.5.1.1.7.1.1	hwAclUserAclNum	Integer32 (6000..9999 )	Read-only	The value of this object identifies the primary index. It corresponds to the index of hwAclNumGroupTable, indicating the rule group number. The value of the primary index ranges from 6000 to 9999.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.7.1.2	hwAclUserSubitem	Unsigned int32	Read-only	The value of this object identifies the secondary index. It refers to the rule ID in the rule group. The value ranges from 0 to 4294967294. If the rule corresponding to the rule ID exists, the new rule overwrites the old one. This operation equals modifying an existent ACL rule. If the rule corresponding to the rule ID does not exist, a new rule is created and inserted based on the order of the rule ID. If no rule ID is specified, the system automatically assigns one when you create a rule.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.7.1.3	hwAclUserAct	INTEGER { permit(1), deny(2) }	Read-create	The value of this object identifies the action of an ACL rule. The value can be: permit(1): permits the packets that match the rule deny(2): discards the packets that match the rule	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.7.1.4	hwAclUserProtocol	Integer32 (0..255)	Read-create	The object indicates the protocol type of a rule. It specifies the protocol type over IP. The value ranges from 0 to 255. The value 0 indicates any types of IP packets.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.7.1.5	hwAclUserSrcIp	OCTET STRING (SIZE (4))	Read-create	The value of this object identifies the source IP address.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.7.1.6	hwAclUserSrcWild	OCTET STRING (SIZE (4))	Read-create	The value of this object identifies the wildcard mask of the source IP address. The value ranges from 0.0.0.0 to 255.255.255.255.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.7.1.7	hwAclUserSrcOp	Integer32	Read-create	The value of this object identifies the operation characters on the source interface. 1: lt(1) 2: eq(2) 3: gt(3) 4: neq(4) 5: invalid(0) 6: range(5)	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.7.1.8	hwAclUserSrcPort1	Integer32 (0..65535)	Read-create	The value of this object identifies the lower limit of the source port number.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.7.1.9	hwAclUserSrcPort2	Integer32 (0..65535)	Read-create	The value of this object identifies the upper limit of the source port number.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.7.1.10	hwAclUserDestIp	OCTET STRING (SIZE (4))	Read-create	The value of this object indicates the destination IP address.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.7.1.11	hwAclUserDestWild	OCTET STRING (SIZE (4))	Read-create	The value of this object indicates the wildcard mask of the destination IP address. The value ranges from 0.0.0.0 to 255.255.255.255.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.7.1.12	hwAclUserDestOp	Integer32	Read-create	The value of this object identifies the operation characters on the destination interface. 1: lt(1) 2: eq(2) 3: gt(3) 4: neq(4) 5: invalid(0) 6: range(5)	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.7.1.13	hwAclUserDestPort1	Integer32 (0..65535)	Read-create	The value of this object identifies the lower limit of the destination port number.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.7.1.14	hwAclUserDestPort2	Integer32 (0..65535)	Read-create	The value of this object identifies the upper limit of the destination port number.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.7.1.19	hwAclUserTimeRangeIndex	Integer32 (0..256)	Read-create	The value of this object identifies the index of a time range during which an ACL rule can be applied. The value ranges from 0 to 256. The value 0 declares that the ACL rule has no time range.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.7.1.20	hwAclUserIcmpType	Integer32 (0..255 \| 65535)	Read-create	The value of this object identifies the ICMP message type. The value ranges from 0 to 255. The value 65535 is invalid.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.7.1.21	hwAclUserIcmpCode	Integer32 (0..255 \| 65535)	Read-create	The value of this object identifies the ICMP code. The value ranges from 0 to 255. The value 65535 is invalid.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.7.1.24	hwAclUserEnable	INTEGER{true(1),false(2)}	Read-only	This object indicates whether the ACL rule takes effect currently This object is Read-only. The value can be: true(1) false(2)	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.7.1.26	hwAclUserVrfName	OCTET STRING	Read-create	This object indicates the VPN instance name specified in a user ACL.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.7.1.27	hwAclUserSrcUserGroupName	OCTET STRING	Read-create	This object indicates the source user resource group name. The value is a string of 0-32 characters.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.7.1.28	hwAclUserDestUserGroupName	OCTET STRING	Read-create	This object indicates the destination user resource group name. The value is a string of 0-32 characters.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.7.1.31	hwAclUserRowStatus	INTEGER{active(1),notInService(2),notReady(3),createAndGo(4),createAndWait(5),destroy(6)}	Read-create	This object indicates the status of the rows. Currently, CreateAndGo, Active and Destroy are implemented.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.7.1.33	hwAclUserSrcUserGroupNum	Integer32	Read-create	This object indicates the source resource group number range. 0-64000 65535	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.7.1.34	hwAclUserDestUserGroupNum	Integer32	Read-create	This object indicates the destination resource group number range. 0-64000 65535	This object is implemented as defined in the corresponding MIB file.

Creation Restriction

Before you create an ACL rule, the primary index must have a corresponding value in hwAclNumGroupTable.
When you create an ACL rule, hwAclUserAct is necessarily configured.
When you specify the index of a time range during which an ACL rule can be applied, the time range that the index corresponds to must exist; otherwise, creating an ACL rule fails.
You need to specify the row status CreateAndGo of hwAclUserRowStatus.

Modification Restriction

The following entries in this table cannot be modified after created:

hwAclUserAct, hwAclUserProtocol, hwAclUserSrcIp, hwAclUserSrcWild, hwAclUserSrcOp, hwAclUserSrcPort1, hwAclUserSrcPort2, hwAclUserDestIp, hwAclUserDestWild, hwAclUserDestOp, hwAclUserDestPort1, hwAclUserDestPort2, hwAclUserTimeRangeIndex, hwAclUserIcmpType, hwAclUserIcmpCode, hwAclUserSrcUserGroupName, hwAclUserDestUserGroupName, hwAclUserSrcUserGroupNum, hwAclUserDestUserGroupNum.

Deletion Restriction

You need to specify the row status destroy.

Access Restriction

The entries in this table have values only when the entries in hwAclNumGroupTable have values.

hwAclIpv6BasicRuleTable

This table is used to create rules in a basic ACL6 rule group. This table uses the index of hwAclIpv6NumGroupTable and a rule ID as indexes.

The indexes of this table are hwAclIpv6BasicAclNum and hwAclIpv6BasicSubitem.

OID	Object Name	Syntax	Max Access	Description	Implemented Specifications
1.3.6.1.4.1.2011.5.1.1.12.1.1	hwAclIpv6BasicAclNum	Integer32	read-only	This object indicates the primary index, which corresponds to the index in hwAclIpv6NumGroupTable. It indicates the number of a rule group. The value ranges from 2000 to 2999.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.12.1.2	hwAclIpv6BasicSubitem	Integer32	read-only	This object indicates the secondary index, representing the ID of a rule in a rule group. The value ranges from 0 to 4294967294.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.12.1.3	hwAclIpv6BasicAct	INTEGER	read-create	This object indicates the action corresponding to a rule: permit deny	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.12.1.4	hwAclIpv6BasicSrcIp	OCTET STRING (SIZE (16))	read-create	This object indicates the source IPv6 address. Set this object in hexadecimal format.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.12.1.5	hwAclIpv6BasicSrcPrefix	Integer32	read-create	This object indicates the length of the IPv6 address prefix. The value ranges from 1 to 128.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.12.1.6	hwAclIpv6BasicTimeRangeIndex	INTEGER{true(1),false(2)}	read-create	This object indicates the index of the time range referenced by a rule. The value ranges from 1 to 256.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.12.1.7	hwAclIpv6BasicFragment	OCTET STRING (SIZE (6))	read-create	This object indicates whether the packets are non-initial fragments: true false	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.12.1.8	hwAclIpv6BasicLog	INTEGER{true(1),false(2)}	read-create	This object indicates whether a log is generated for a matching packet: true false	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.12.1.9	hwAclIpv6BasicEnable	INTEGER{true(1),false(2)}	read-only	This object indicates whether the rule is valid. The field is read only. true false	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.12.1.10	hwAclIpv6BasicCount	INTEGER (0..18446744073709551615)	read-only	This is a read-only field. This object indicates the number of packets matching this ACL rule.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.12.1.12	hwAclIpv6BasicRowStatus	INTEGER{active(1),notInService(2),notReady(3),createAndGo(4),createAndWait(5),destroy(6)}	read-create	This object indicates the row status. The value can be CreateAndGo, Active, or destroy.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.12.1.13	hwAclIpv6BasicDescription	OCTET STRING	read-create	This object indicates the description of a basic ACL6 rule. The value ranges from 1 to 127.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.12.1.16	hwAclIpv6BasicSrcWild	OCTET STRING	read-create	This object indicates the wildcard of the source IPv6 address in a basic ACL6 rule.	This object is implemented as defined in the corresponding MIB file.

Creation Restriction

Before creating a rule, ensure that the value of the primary index exists in hwAclIpv6NumGroupTable.

When creating a rule, ensure that hwAclIpv6BasicAct is mandatory.

When creating a rule in the MIB, you need to apply the time range. The time range corresponding to the index must exist. Otherwise, the creation fails.

hwAclIpv6BasicDescription must be separately set, and does not support multiple variable bindings.

Modification Restriction

The entries in this table cannot be modified.

Deletion Restriction

The entries in this table can be deleted.

Access Restriction

The value of this table exists only when the value of hwAclIpv6NumGroupTable exists.

hwAclIpv6AdvancedRuleTable

This table is used to create the rule of an advanced ACL rule group. This table uses the index of hwAclIpv6NumGroupTable and a rule ID as indexes.

The indexes of this table are hwAclIpv6AdvancedAclNum and hwAclIpv6AdvancedSubitem.

OID	Object Name	Syntax	Max Access	Description	Implemented Specifications
1.3.6.1.4.1.2011.5.1.1.13.1.1	hwAclIpv6AdvancedAclNum	Integer32	read-only	This object indicates the primary index, which corresponds to the index in hwAclIpv6NumGroupTable. It indicates the number of a rule group. The value ranges from 3000 to 3999.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.13.1.2	hwAclIpv6AdvancedSubitem	Integer32	read-only	This object indicates the secondary index, representing the ID of a rule in a rule group. The value ranges from 0 to 4294967294.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.13.1.3	hwAclIpv6AdvancedAct	INTEGER	read-create	This object indicates the action corresponding to a rule: permit deny	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.13.1.4	hwAclIpv6AdvancedProtocol	Integer32	read-create	This object indicates the protocol number. The value ranges from 1 to 255.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.13.1.5	hwAclIpv6AdvancedSrcIp	OCTET STRING (SIZE (4))	read-create	This object indicates the source IP address. Set this object in hexadecimal format.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.13.1.6	hwAclIpv6AdvancedSrcPrefix	OCTET STRING (SIZE (4))	read-create	This object indicates the length of the source address prefix. The value ranges from 1 to 128.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.13.1.7	hwAclIpv6AdvancedSrcOp	INTEGER	read-create	This object indicates the operator between source port ranges: lt(1): indicates "less than". eq(2): indicates "equal". gt(3): indicates "greater than". range(5): indicates "between".	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.13.1.8	hwAclIpv6AdvancedSrcPort1	Integer32	read-create	This object indicates the lower limit on the source port number.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.13.1.9	hwAclIpv6AdvancedSrcPort2	Integer32	read-create	This object indicates the upper limit on the source port number.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.13.1.10	hwAclIpv6AdvancedDestIp	OCTET STRING (SIZE (4))	read-create	This object indicates the destination IP address.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.13.1.11	hwAclIpv6AdvancedDestPrefix	OCTET STRING (SIZE (4))	read-create	This object indicates the length of the destination IP address prefix. The value ranges from 1 to 128.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.13.1.12	hwAclIpv6AdvancedDestOp	INTEGER	read-create	This object indicates the operator between destination port ranges: lt(1): indicates "less than". eq(2): indicates "equal". gt(3): indicates "greater than". range(5): indicates "between".	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.13.1.13	hwAclIpv6AdvancedDestPort1	INTEGER (0..18446744073709551615)	read-create	This object indicates the lower limit on the destination port number.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.13.1.14	hwAclIpv6AdvancedDestPort2	Integer32	read-create	This object indicates the upper limit on the destination port number.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.13.1.15	hwAclIpv6AdvancedPrecedence	Integer32	read-create	This object indicates the IP precedence field, that is, leftmost three bits in the ToS field of an IP packet. The value ranges from 0 to 7.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.13.1.16	hwAclIpv6AdvancedTos	Integer32	read-create	This object indicates the ToS sub-field, that is, four bits following the leftmost three bits in the ToS field of an IP packet. The value ranges from 0 to 15.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.13.1.17	hwAclIpv6AdvancedDscp	Integer32	read-create	This object indicates the DSCP value, that is, leftmost six bits in the ToS field of an IP header. The value ranges from 0 to 63.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.13.1.19	hwAclIpv6AdvancedTimeRangeIndex	Integer32	read-create	This object indicates the time range index referenced by a rule. The value ranges from 1 to 256.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.13.1.20	hwAclIpv6AdvancedIcmpType	Integer32	read-create	This object indicates the ICMP type. The value ranges from 0 to 255.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.13.1.21	hwAclIpv6AdvancedIcmpCode	Integer32	read-create	This object indicates the ICMP code. The value ranges from 0 to 255.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.13.1.22	hwAclIpv6AdvancedFragments	INTEGER{true(1),false(2)}	read-create	This object indicates whether the packets are non-initial fragments: true false	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.13.1.23	hwAclIpv6AdvancedLog	INTEGER{true(1),false(2)}	read-create	This object indicates whether a log is generated for a matching packet: true false	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.13.1.24	hwAclIpv6AdvancedEnable	INTEGER{true(1),false(2)}	read-only	This object indicates whether the rule takes effect. The field is read only. true false	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.13.1.27	hwAclIpv6AdvancedRowStatus	INTEGER{active(1),notInService(2),notReady(3),createAndGo(4),createAndWait(5),destroy(6)}	read-create	This object indicates the row status. The value can be CreateAndGo or destroy.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.13.1.28	hwAclIpv6AdvancedDescription	OCTET STRING	read-create	This object indicates the description of an advanced ACL rule. The value ranges from 1 to 127.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.13.1.38	hwAclIpv6AdvancedSrcWild	OCTET STRING	read-create	This object indicates the wildcard of the source IPv6 address in an advanced ACL6 rule.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.1.13.1.39	hwAclIpv6AdvancedDestWild	OCTET STRING	read-create	This object indicates the wildcard of the destination IPv6 address in an advanced ACL6 rule.	This object is implemented as defined in the corresponding MIB file.

Creation Restriction

Before creating a rule, ensure that the value of the primary index exists in hwAclIpv6NumGroupTable.
When you create a rule, the hwAclIpv6AdvancedAct and hwAclIpv6AdvancedProtocol fields are mandatory.
You need to specify the values of hwAclIpv6AdvancedSrcIp and hwAclIpv6AdvancedSrcWild fields.
You need to specify the values of hwAclIpv6AdvancedSrcOp and (hwAclIpv6AdvancedSrcPort1 | hwAclIpv6AdvancedSrcPort2).
You need to specify the values of hwAclIpv6AdvancedDestIp and hwAclIpv6AdvancedDestWild.
You need to specify the values of hwAclIpv6AdvancedDestOp and (hwAclIpv6AdvancedDestPort1| hwAclIpv6AdvancedDestPort2).
hwAclIpv6AdvancedIcmpCode and hwAclIpv6AdvancedIcmpType must be specified simultaneously, and hwAclIpv6AdvancedIcmpType can be specified independently.
You need to apply the time range to the created rule in the MIB.
hwAclIpv6AdvancedDescription must be separately set, and does not support multiple variable bindings.

Modification Restriction

The entries in this table cannot be modified.

Deletion Restriction

The entries in this table can be deleted.

Access Restriction

The value of this table exists only when the value of hwAclIpv6NumGroupTable exists.

hwAclIpv6NumGroupTable

This table is used to configure the ACL rule group including the matching sequence, step, and description.

The index of this table is hwAclIpv6NumGroupAclNum.

OID	Object Name	Syntax	Max Access	Description	Implemented Specifications
1.3.6.1.4.1.2011.5.1.1.16.1.1	hwAclIpv6NumGroupAclNum	Integer32	read-only	This object indicates the index, that is, the number of an IPv6 ACL group. The value range is as follows: A basic ACL ranges from 2000 to 2999. An advanced ACL ranges from 3000 to 3999.	This object is implemented as defined in the corresponding MIB files.
1.3.6.1.4.1.2011.5.1.1.16.1.2	hwAclIpv6NumGroupMatchOrder	Integer32	read-create	This object indicates the matching order of a rule group: config: indicates the user configuration order. auto: indicates the automatic configuration order. default: indicates the default configuration order.	This object is implemented as defined in the corresponding MIB files.
1.3.6.1.4.1.2011.5.1.1.16.1.3	hwAclIpv6NumGroupSubitemNum	INTEGER (0..4294967295)	read-only	This object indicates the number of rules in a rule group. This field is read-only.	This object is implemented as defined in the corresponding MIB files.
1.3.6.1.4.1.2011.5.1.1.16.1.5	hwAclIpv6NumGroupAclName	OCTET STRING (SIZE (1..64))	read-create	This object indicates the ACL group name. The value is a string of 1 to 64 characters.	This object is implemented as defined in the corresponding MIB files.
1.3.6.1.4.1.2011.5.1.1.16.1.7	hwAclIpv6NumGroupAclType	INTEGER	read-create	This object indicates the ACL group types, including: basic(1) advanced(2)	This object is implemented as defined in the corresponding MIB files.
1.3.6.1.4.1.2011.5.1.1.16.1.51	hwAclIpv6NumGroupRowStatus	INTEGER{active(1),notInService(2),notReady(3),createAndGo(4),createAndWait(5),destroy(6)}	read-create	This object indicates the row status. The value can be CreateAndGo or destroy.	This object is implemented as defined in the corresponding MIB files.

Creation Restriction

None.

Modification Restriction

If there are rules in the rule group to which the index corresponds, hwAclIpv6NumGroupMatchOrder cannot be changed. hwAclIpv6NumGroupAclName can be created but cannot be modified.

Deletion Restriction

The entries in this table can be deleted. You only need to specify the primary index and row status.

Access Restriction

None.

hwAclResourceTrapsTable

This table lists all parameters related to the ACL resource alarm.

OID	Object Name	Syntax	Max Access	Description	Implemented Specifications
1.3.6.1.4.1.2011.5.1.2.2.1.1.1	hwAclResSlotStr	OCTET STRING	accessible-for-notify	Specifies the slot ID of the card where the alarm is generated.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.2.2.1.1.2	hwAclResStage	OCTET STRING	accessible-for-notify	Indicates the ACL processing stage when the alarm is generated.	This object is implemented as defined in the corresponding MIB file.
1.3.6.1.4.1.2011.5.1.2.2.1.1.3	hwAclResLimit	Integer32	accessible-for-notify	Indicates the alarm threshold percentage of ACL resource usage.	This object is implemented as defined in the corresponding MIB file.

Creation Restriction

None

Modification Restriction

None

Deletion Restriction

None

Access Restriction

None

Description of Alarm Objects

hwAclResThresholdExceedClearTrap

OID	Object Name	Binding Variable	Description	INTEGER { enabled (1), disabled (2) }
1.3.6.1.4.1.2011.5.1.2.2.1.1.4.1	hwAclResThresholdExceedClearTrap	hwAclResSlotStr hwAclResStage hwAclResLimit	An alarm is generated when the ACL resource usage fell below the threshold.	current

hwAclResThresholdExceedTrap

OID	Object Name	Binding Variable	Description	INTEGER { enabled (1), disabled (2) }
1.3.6.1.4.1.2011.5.1.2.2.1.1.4.2	hwAclResThresholdExceedTrap	hwAclResSlotStr hwAclResStage hwAclResLimit	An alarm is generated when the ACL resource usage exceeded the threshold.	current

hwAclResTotalCountExceedClearTrap

OID	Object Name	Binding Variable	Description	INTEGER { enabled (1), disabled (2) }
1.3.6.1.4.1.2011.5.1.2.2.1.1.4.3	hwAclResTotalCountExceedClearTrap	hwAclResSlotStr hwAclResStage hwAclResLimit	An alarm is generated when the ACL resources are available.	current

hwAclResTotalCountExceedTrap

OID	Object Name	Binding Variable	Description	INTEGER { enabled (1), disabled (2) }
1.3.6.1.4.1.2011.5.1.2.2.1.1.4.4	hwAclResTotalCountExceedTrap	hwAclResSlotStr hwAclResStage hwAclResLimit	An alarm is generated when the ACL resources are used up.	current

Unsupported Objects

The functions corresponding to the following objects are not supported on the device. Do not use these MIB objects to maintain the device.

Table 12-1 List of unsupported objects

Object ID	Object Name	Table
1.3.6.1.4.1.2011.5.1.1.2.1.6	hwAclNumGroupCountClear	hwAclNumGroupTable
1.3.6.1.4.1.2011.5.1.1.4.1.11	hwAclBasicVrfName	hwAclBasicRuleTable
1.3.6.1.4.1.2011.5.1.1.5.1.26	hwAclAdvancedVrfName	hwAclAdvancedRuleTable
1.3.6.1.4.1.2011.5.1.1.10	hwAclCompileEnableFlag	Single object
1.3.6.1.4.1.2011.5.1.1.11	hwAclCompileNumGroupTable	hwAclCompileNumGroupTable
1.3.6.1.4.1.2011.5.1.1.11.1.1	hwAclCompileNumGroupStatus	hwAclCompileNumGroupTable
1.3.6.1.4.1.2011.5.1.1.12.1.11	hwAclIpv6BasicVrfName	hwAclIpv6BasicRuleTable
1.3.6.1.4.1.2011.5.1.1.13.1.18	hwAclIpv6AdvancedEstablish	hwAclIpv6AdvancedRuleTable
1.3.6.1.4.1.2011.5.1.1.13.1.25	hwAclIpv6AdvancedCount	hwAclIpv6AdvancedRuleTable
1.3.6.1.4.1.2011.5.1.1.13.1.26	hwAclIpv6AdvancedVrfName	hwAclIpv6AdvancedRuleTable
1.3.6.1.4.1.2011.5.1.1.16.1.4	hwAclIpv6NumGroupCountClear	hwAclIpv6NumGroupTable
1.3.6.1.4.1.2011.5.1.1.16.1.6	hwAclIpv6NumGroupDescription	hwAclIpv6NumGroupTable
1.3.6.1.4.1.2011.5.1.1.7.1.15	hwAclUserPrecedence	hwAclUserRuleTable
1.3.6.1.4.1.2011.5.1.1.7.1.16	hwAclUserTos	hwAclUserRuleTable
1.3.6.1.4.1.2011.5.1.1.7.1.17	hwAclUserDscp	hwAclUserRuleTable
1.3.6.1.4.1.2011.5.1.1.7.1.18	hwAclUserEstablish	hwAclUserRuleTable
1.3.6.1.4.1.2011.5.1.1.7.1.22	hwAclUserFragments	hwAclUserRuleTable
1.3.6.1.4.1.2011.5.1.1.7.1.23	hwAclUserLog	hwAclUserRuleTable
1.3.6.1.4.1.2011.5.1.1.7.1.25	hwAclUserCount	hwAclUserRuleTable
1.3.6.1.4.1.2011.5.1.1.7.1.29	hwAclUserSrcModeType	hwAclUserRuleTable
1.3.6.1.4.1.2011.5.1.1.7.1.30	hwAclUserDestModeType	hwAclUserRuleTable
1.3.6.1.4.1.2011.5.1.1.7.1.32	hwAclUserTcpSyncFlag	hwAclUserRuleTable

Functions Overview
Relationships Between Tables
Description of Single Objects
Description of MIB Tables
Description of Alarm Objects
Unsupported Objects

Translation

简体中文

Download

Updated: 2022-05-25

Document ID: EDOC1100126932

Downloads: 104

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode

Enterprise

Huawei Cloud

Carrier

Consumer

Corporate

This document provides the function overview, relationships between tables, description of single objects, description of MIB tables, and description of alarm objects.

Functions Overview

Relationships Between Tables

Description of Single Objects

Description of MIB Tables

hwAclNumGroupTable

Creation Restriction

Modification Restriction

Deletion Restriction

Access Restriction

hwAclBasicRuleTable

Creation Restriction

Modification Restriction

Deletion Restriction

Access Restriction

hwAclAdvancedRuleTable

Creation Restriction

Modification Restriction

Deletion Restriction

Access Restriction

hwAclEthernetFrameRuleTable

Creation Restriction

Modification Restriction

Deletion Restriction

Access Restriction

hwAclUserRuleTable

Creation Restriction

Modification Restriction

Deletion Restriction

Access Restriction

hwAclIpv6BasicRuleTable

Creation Restriction

Modification Restriction

Deletion Restriction

Access Restriction

hwAclIpv6AdvancedRuleTable

Creation Restriction

Modification Restriction

Deletion Restriction

Access Restriction

hwAclIpv6NumGroupTable

Creation Restriction

Modification Restriction

Deletion Restriction

Access Restriction

hwAclResourceTrapsTable

Creation Restriction

Modification Restriction

Deletion Restriction

Access Restriction

Description of Alarm Objects

hwAclResThresholdExceedClearTrap

hwAclResThresholdExceedTrap

hwAclResTotalCountExceedClearTrap

hwAclResTotalCountExceedTrap

Unsupported Objects

Related Version

Related Documents

Digital Signature File