MrMeeb/snmp_mib_archive
1
0
Fork 0
mirror of https://github.com/hsnodgrass/snmp_mib_archive.git synced 2025-04-17 16:03:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
snmp_mib_archive/CISCO-CATOS-ACL-QOS-MIB.my
Heston Snodgrass 89bf4b016e initial commit
2016-12-15 15:03:18 -07:00

7171 lines
243 KiB
Plaintext
Raw Blame History

-- *****************************************************************
-- CISCO-CATOS-ACL-QOS-MIB.my: Cisco CatOS Acl Qos MIB
--
-- November 2001, Edward Pham
-- January 2002, Edward Pham
-- August 2002, Edward Pham
-- March 2003, Edward Pham
-- July 2003, Edward Pham
-- September 2003, Edward Pham
-- October 2003, Liwei Lue
-- November 2003, Edward Pham
--
-- Copyright (c) 2001-2007 by cisco Systems, Inc.
-- All rights reserved.
--
-- *****************************************************************
CISCO-CATOS-ACL-QOS-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY,
OBJECT-TYPE,
Counter32,
Counter64,
Gauge32,
Integer32,
Unsigned32
FROM SNMPv2-SMI
MODULE-COMPLIANCE,
OBJECT-GROUP
FROM SNMPv2-CONF
TEXTUAL-CONVENTION,
RowStatus,
MacAddress,
DateAndTime,
TruthValue
FROM SNMPv2-TC
ifIndex,
InterfaceIndex
FROM IF-MIB
ciscoMgmt
FROM CISCO-SMI
VlanIndex
FROM CISCO-VTP-MIB
Dscp,
QosLayer2Cos,
Percent,
QosInterfaceQueueType
FROM CISCO-QOS-PIB-MIB
cseFlowDataEntry
FROM CISCO-SWITCH-ENGINE-MIB
CounterBasedGauge64
FROM HCNUM-TC
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB
CiscoPortList,
CiscoIpProtocol
FROM CISCO-TC
InetAddressType,
InetAddress,
InetPortNumber
FROM INET-ADDRESS-MIB
;
ciscoCatOSAclQosMIB MODULE-IDENTITY
LAST-UPDATED "200711020000Z"
ORGANIZATION "Cisco Systems Inc. "
CONTACT-INFO
"Cisco Systems
Customer Service
Postal: 170 W Tasman Drive
San Jose, CA 95134
USA
Tel: +1 800 553-NETS
E-mail: cs-wbu@cisco.com"
DESCRIPTION
"This MIB module is for Access Control Lists(ACLs) configuration
of Quality of Service (QoS) as well as Security feature on the
Cisco Catalyst 5000/6000 series switch running CatOS. It also
provides QoS configuration and statistics information.
Configuration information available through this MIB includes
Security and QoS ACL configuration for IP, IPX and Layer 2
traffic, QoS and Security configuration parameters.
Statistics available through this MIB includes QoS statistics
for Layer 3 traffic. In addition, detailed, flow-specific
statistics are also available.
This MIB module is applied in conjunction with
CISCO-QOS-POLICY-CONFIG-MIB. The configuration information
available through this MIB takes effect throughout the device
when the value of qosPrOperPolicySource object in
CISCO-QOS-POLICY-CONFIG-MIB is 'local' or applies to a specific
interface when the value of qosPrIfOperPolicySource object
in CISCO-QOS-POLICY-CONFIG-MIB which associates with that
interface is 'local' while the value of qosPrOperPolicySource is
not 'local'.
The following terms are used throughout this MIB:
ACE stands for Access Control Entry. An ACL consists of an
ordered set of ACEs. ACE is a filter which is used to
identify flows with certain characteristics. It includes
fields such as ingress/egress ports, L2(layer 2) addresses,
L3(layer 3) addresses, TCP/UDP port numbers, etc.
QoS ACE and Security ACE are very similar to each other
but the actions of the ACEs are different.
Security ACEs are compared to each packet, and each ACE
specifies whether packets that match with it are either
forwarded or dropped.
ESP: Enscrypted Security Payload.
QoS is the method which attempts to ensure that the network
requirements of different applications can be met by giving
preferential forwarding treatment to some traffic. It is
usually consisted of these steps: classification, policing,
output scheduling, marking and shaping. Classification
identifies the traffic. Policing checks if the traffic
conformed to a specified criteria. Output scheduling,
marking and shaping control how the traffic is transmitted
to the next hop.
A flow is a non-specific term for a microflow or an
aggregate flow.
Microflow is a single instance of an application to
application flow of packets which is identified by source
address, source port, destination address, destination port
and protocol id.
Aggregate flow is a collection of microflows that are
treated together as one for the purpose of QoS.
DSCP (Differentiated Services Code Point) is the six most
significant bits of the ToS field in a IP packet header.
DSCP Mutation: the previous hop(s) and the following hop(s)
of a device may reside in a different QoS domain. A QoS
domain refers to the set of QoS rules and conventions
adopted by an administrative entity. For instance, a set
of DSCP values may have a different meaning in different
domains. DSCP mutation allows a DSCP set to be mutated or
transformed in order to maintain semantic compatibility
between adjacent domains. The mutation is done via mapping
tables which maps the old DSCP value from one domain to a
new DSCP value in the other domain.
IP precedence is the three most significant bits of the ToS
field in a IP packet header.
Cos (Class of Service) is the three bits in the layer 2
header that indicates user priority value assigned to this
packet.
Trust state is a parameter configured at a physical
interface or an ACL to determine a DSCP value assigned to
a packet for QoS purpose.
In profile packet is a packet that does not cause the
committed access rate of the packet's flow to be exceeded.
Out of profile packet is a packet that cause the committed
access rate of the packet's flow to be exceeded.
To accomplish classification, the user defines an ACL describing
the specification of a traffic flow then attaches this ACL to a
physical interface or a vlan. When a packet arrives at an
interface, depending on the configured trust state at that
interface, it can either be matched against an ACL if the trust
state is not trusted or get a DSCP assigned and go directly to
output scheduling. In the former case, when the packet matches
an ACE in the attached ACL, the next step will be policing. At
the end of classification process, a packet has a DSCP value
assigned. In some platform (e.g. Catalyst 4000) that does not
support ACL configuration, classification is accomplished by
matching the Cos value of incoming packet.
A packet can be policed at microflow or aggregate flow level.
Policing is done using the token bucket algorithm.
At the end of policing process, if packet does not cause the
flow to exceed the normal rate, it will continue to the next
step. Otherwise, the packet is dropped or assigned a 'policed'
DSCP value. Some platforms support multi-rate policing. When
packet causes the flow to exceed the normal rate but not the
excess rate, it is assigned a 'policed' DSCP value. When packet
causes the flow to exceed excess rate, it is either dropped or
has a 'policed' DSCP value assigned. After policing process,
the next step is output scheduling.
Output scheduling is the process of assigning a packet to
a queue and a threshold according to the packet's Cos value.
To get its Cos value, a DSCP to Cos mapping will be performed.
This MIB also defines 'Security ACLs' which some devices support
as a mean to enforce security. Security ACLs, attached at an
ingress interface, are compared to each packet arriving at that
interface. If the packet matches an ACE in the ACLs, it is
either permitted to go through the device or blocked and
dropped or redirected to another interface."
REVISION "200711020000Z"
DESCRIPTION
"Add the following groups:
caqDownloadClassifierGroup,
caqIpOperClassifierGroup,
caqSecurityDownloadAclInfoGroup,
caqSecurityDownloadIpAceGroup,
caqIfDownloadAclMapGroup,
caqIfIpPhoneMapGroup,
caqArpLoggingSourceGroup,
caqIpAceTypeGroup."
REVISION "200607150000Z"
DESCRIPTION
"Add 'include' enumeration value for caqSecurityAction.
Add caqQosL3StatsRateGroup,
caqQosL3StatsPeakGroup,
caqAggPolicerOctetsRateGroup,
caqAggPolicerPacketsRateGroup,
caqAggPolicerOctetsPeakGroup,
caqAggPolicerPacketsPeakGroup,
caqQosPortRateGroup,
caqQosPortPeakGroup,
caqSecurityActionDnldAceGroup."
REVISION "200507260000Z"
DESCRIPTION
"Add 'matchEapoudp' and 'matchUrlRedirect' enum value
for caqIpProtocolMatchCriteria object."
REVISION "200405260000Z"
DESCRIPTION
"Add the following groups to support ACL hit count
configuration and statistics:
caqAclFeatureGroup
caqAclHitCountGroup
Add the following groups to support additional matching
criteria for MAC ACE and MAC packet classify feature on
VLAN:
caqMacAceExtGroup.
caqMacPktClassifyVlanGroup."
REVISION "200311260000Z"
DESCRIPTION
"Add the following objects to support group name for source
and destination fields in caqIpAceTable:
caqIpAceSrcGroup
caqIpAceDestGroup."
REVISION "200310280000Z"
DESCRIPTION
"Add caqIfSecurityAclConfigGroup to support port ACL."
REVISION "200309300000Z"
DESCRIPTION
"Add the dhcpSnooping bit for caqSecurityRateLimitFeatures
object.
Fix a typo in the DESCRIPTION clause for caqSecurityAction
object."
REVISION "200307010000Z"
DESCRIPTION
"Deprecate caqSecurityRedirectPortList object and add
caqSecurityRedirect2kPortList to support up to 2048
bridge ports."
REVISION "200303050000Z"
DESCRIPTION
"Add the following objects and tables:
caqClassifierMapDirection,
caqIpAceSecurityId,
caqDscpRewriteEnabled,
caqAggPolicerOctets,
caqAggPolicerNRExceedOctets,
caqAggPolicerERExceedOctets,
caqDscpMutationMapTable,
caqVlanMutationIdMapTable,
caqQosDefaultActionTable."
REVISION "200210100000Z"
DESCRIPTION
"Add the caqLoggingGroup, caqArpInspGroup and
caqSecurityRateLimitGroup to support security ACL logging,
security ACL features rate limit and ARP Inspection
device configuration."
REVISION "200201170000Z"
DESCRIPTION
"Add the caqIfTrustDeviceGroup and caqQosExcessBurstGroup
to support Qos information on excess burst size and trusted
device configuration."
REVISION "200110180000Z"
DESCRIPTION
"Add the caqPbfObjects group and modify the
caqSecurityActionTable to support policy based forwarding."
REVISION "200102150000Z"
DESCRIPTION
"Add the following objects:
caqAggPolicerName,
caqAggPolicerPackets,
caqAggPolicerNRExceedPackets,
caqAggPolicerERExceedPackets."
REVISION "200102070000Z"
DESCRIPTION
"Initial version of this MIB module."
::= { ciscoMgmt 179 }
--
--
-- Textual Conventions
--
--
CaqAclName ::= TEXTUAL-CONVENTION
DISPLAY-HINT "31a"
STATUS current
DESCRIPTION
"A character string for an ACL (Access Control List) name.
Valid characters are a-z, A-Z, 0-9, '-', '_' and '.'. Some
devices may require that an AclName contains at least one
non-numeric character. Acl name is case sensitive."
SYNTAX OCTET STRING (SIZE(1..31))
CaqPolicerName ::= TEXTUAL-CONVENTION
DISPLAY-HINT "31a"
STATUS current
DESCRIPTION
"A character string for a policer name. Valid characters are
a-z, A-Z, 0-9, '-', '_' and '.'. Some devices may require that
a PolicerName contains at least one non-numeric character.
Policer name is case sensitive."
SYNTAX OCTET STRING (SIZE(1..31))
CaqPolicerNameOrEmpty ::= TEXTUAL-CONVENTION
DISPLAY-HINT "31a"
STATUS current
DESCRIPTION
"This textual convention is an extension of the PolicerName
convention. The latter defines a non-empty policer name. This
extension permits the additional value of empty string. Examples
of the usage of empty string might include situations where
there is no policer defined for an ACE."
SYNTAX OCTET STRING (SIZE(0..31))
CaqAdjacencyName ::= TEXTUAL-CONVENTION
DISPLAY-HINT "18a"
STATUS current
DESCRIPTION
"A character string for an adjacency name. Valid characters
are a-z, A-Z, 0-9, '-', '_' and '.'. Some devices may require
that an AdjacencyName contains at least one non-numeric
character. Adjacency name is case sensitive."
SYNTAX OCTET STRING (SIZE(1..18))
--
-- Direction
--
CaqDirection ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Indicates a particular direction of traffic."
SYNTAX INTEGER {
ingress(1),
egress(2)
}
--
-- IP Precedence
--
CaqIpPrecedence ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Indicates the IP precedence."
REFERENCE
"RFC791 INTERNET PROTOCOL, Chapter 3.1"
SYNTAX Unsigned32 (0..7)
--
-- Queue Number
--
CaqQueueNumber ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An integer indicates a queue number."
SYNTAX Unsigned32 (1..100)
--
-- Threshold Number
--
CaqThresholdNumber ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An integer indicates a threshold number."
SYNTAX Unsigned32 (1..100)
--
-- HitCountAclType
--
CaqHitCountAclType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An integer indicating the ACL type that
supports ACL hit count feature."
SYNTAX INTEGER { ipSecurity(1),
ipxSecurity(2),
macSecurity(3)
}
--
-- Cisco CatOS Acl Qos MIB object definitions
--
ciscoCatOSAclQosMIBObjects OBJECT IDENTIFIER
::= { ciscoCatOSAclQosMIB 1 }
-- Cisco CatOS Acl Qos MIB consists of the following groups
-- [1] Cisco CatOS Acl Qos Global Group (caqGlobalObjects).
-- [2] Cisco CatOS Acl Qos Interface Group (caqInterfaceObjects).
-- [3] Cisco CatOS Acl Qos Acl Group (caqAclObjects).
-- [4] Cisco CatOS Acl Qos Statistics Group (caqQosStatsObjects).
-- [5] Cisco CatOS Acl Qos Extension Group (caqExtObjects).
-- [6] Cisco CatOS Acl Qos Policy-Based Forwarding (PBF)
-- Group (caqPbfObjects).
-- [7] Cisco CatOS Acl Security Logging Group (caqLoggingObjects)
-- [8] Cisco CatOS Acl ARP Inspection Group (caqArpInspObjects)
caqGlobalObjects OBJECT IDENTIFIER
::= { ciscoCatOSAclQosMIBObjects 1 }
caqInterfaceObjects OBJECT IDENTIFIER
::= { ciscoCatOSAclQosMIBObjects 2 }
caqAclObjects OBJECT IDENTIFIER
::= { ciscoCatOSAclQosMIBObjects 3 }
caqQosStatsObjects OBJECT IDENTIFIER
::= { ciscoCatOSAclQosMIBObjects 4 }
caqExtObjects OBJECT IDENTIFIER
::= { ciscoCatOSAclQosMIBObjects 5 }
caqPbfObjects OBJECT IDENTIFIER
::= { ciscoCatOSAclQosMIBObjects 6 }
caqLoggingObjects OBJECT IDENTIFIER
::= { ciscoCatOSAclQosMIBObjects 7 }
caqArpInspObjects OBJECT IDENTIFIER
::= { ciscoCatOSAclQosMIBObjects 8 }
caqAclHitCountObjects OBJECT IDENTIFIER
::= { ciscoCatOSAclQosMIBObjects 9 }
caqDownloadAclObjects OBJECT IDENTIFIER
::= { ciscoCatOSAclQosMIBObjects 10 }
--**********************************************************************
-- Cisco CatOS Acl Qos Global Group
--**********************************************************************
--
-- The caqCosToDscpTable
--
caqCosToDscpTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqCosToDscpEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains the mapping of Cos values to DSCP values.
This map is used to associate the Cos of packets arriving at a
port to a DSCP where the port's trust state is trustCoS(2).
This map is a table of eight Cos values (0 through 7) and their
corresponding DSCP values. This mapping applies to every port on
the device."
::= { caqGlobalObjects 1 }
caqCosToDscpEntry OBJECT-TYPE
SYNTAX CaqCosToDscpEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row contains the mapping from a CoS value to a DSCP
value."
INDEX { caqCosToDscpCos }
::= { caqCosToDscpTable 1 }
CaqCosToDscpEntry ::= SEQUENCE {
caqCosToDscpCos QosLayer2Cos,
caqCosToDscpDscp Dscp
}
caqCosToDscpCos OBJECT-TYPE
SYNTAX QosLayer2Cos
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The CoS value being mapped to the DSCP value in this device."
::= { caqCosToDscpEntry 1 }
caqCosToDscpDscp OBJECT-TYPE
SYNTAX Dscp
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The DSCP value which the CoS value maps to. The default
configuration is :
CoS DSCP
0 0
1 8
2 16
3 24
4 32
5 40
6 48
7 56
."
::= { caqCosToDscpEntry 2 }
--
-- CaqIpPrecToDscpTable
--
caqIpPrecToDscpTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqIpPrecToDscpEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains the mapping of IP Precedence to DSCP.
This map is used to associate the IP Precedence of IP packets
arriving at a port to a DSCP where the port's trust state is
trustIpPrec(3). This map is a table of eight IpPrecedence
values (0 through 7) and their corresponding DSCP values.
This mapping applies to every port on the device."
::= { caqGlobalObjects 2 }
caqIpPrecToDscpEntry OBJECT-TYPE
SYNTAX CaqIpPrecToDscpEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row contains the mapping from an IP Precedence value to
a DSCP value."
INDEX { caqIpPrecToDscpIpPrec }
::= { caqIpPrecToDscpTable 1 }
CaqIpPrecToDscpEntry ::= SEQUENCE {
caqIpPrecToDscpIpPrec CaqIpPrecedence,
caqIpPrecToDscpDscp Dscp
}
caqIpPrecToDscpIpPrec OBJECT-TYPE
SYNTAX CaqIpPrecedence
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The IP Precedence value being mapped to the DSCP value in
this device."
::= { caqIpPrecToDscpEntry 1 }
caqIpPrecToDscpDscp OBJECT-TYPE
SYNTAX Dscp
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The DSCP value which the IP Precedence value maps to. The
default configuration is the identity function :
IPPrec DSCP
0 0
1 8
2 16
3 24
4 32
5 40
6 48
7 56
."
::= { caqIpPrecToDscpEntry 2 }
--
-- caqDscpMappingTable
--
caqDscpMappingTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqDscpMappingEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table always has 64 entries, one for each DSCP value. The
table contains three mappings from the DSCP value assigned to
a packet. One mapping is to the egress CoS to be stored in the
layer-2 frame headers for output on 802.1Q or ISL interfaces.
The other two mappings are to the remarked (or 'marked down')
DSCP values which are used when a policer's requires that
a packet's DSCP value to be modified. Of these two mappings,
one is for a Normal Rate policer, and the other is for an
Excess Rate policer. These mappings apply for every port on the
device."
::= { caqGlobalObjects 3 }
caqDscpMappingEntry OBJECT-TYPE
SYNTAX CaqDscpMappingEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row contains the mapping from DSCP value to CoS value
and policed DSCP."
INDEX { caqDscpMappingDscp }
::= { caqDscpMappingTable 1 }
CaqDscpMappingEntry ::= SEQUENCE {
caqDscpMappingDscp Dscp,
caqDscpMappingCos QosLayer2Cos,
caqDscpMappingNRPolicedDscp Dscp,
caqDscpMappingERPolicedDscp Dscp
}
caqDscpMappingDscp OBJECT-TYPE
SYNTAX Dscp
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The DSCP value being mapped to the CoS value and policed DSCP
value in this device."
::= { caqDscpMappingEntry 1 }
caqDscpMappingCos OBJECT-TYPE
SYNTAX QosLayer2Cos
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The CoS value which the DSCP values maps to.
The default configuration is calculated from the
formula CoS = DSCP divide by 8.
That is:
DSCP 0-7 all map to CoS 0;
DSCP 8-15 all map to CoS 1;
...
DSCP 32-39 all map to CoS 4;
...
DSCP 56-63 all map to CoS 7."
::= { caqDscpMappingEntry 2 }
caqDscpMappingNRPolicedDscp OBJECT-TYPE
SYNTAX Dscp
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The normal rate policed DSCP value which the DSCP values maps
to. The normal rate default mapping of DSCP to 'marked down'
DSCP is the identity function.
That is:
63 -> 63
62 -> 62
...
31 -> 31
...
2 -> 2
1 -> 1
0 -> 0."
::= { caqDscpMappingEntry 3 }
caqDscpMappingERPolicedDscp OBJECT-TYPE
SYNTAX Dscp
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The excess rate policed DSCP value which the DSCP values maps
to. If the value of caqFlowPolicerExcessRateSupport object is
false(2), this object cannot be instantiated. The excess rate
default DSCP mapping of DSCP to 'marked down' DSCP is the
identity function.
That is:
63 -> 63
62 -> 62
...
31 -> 31
...
2 -> 2
1 -> 1
0 -> 0."
::= { caqDscpMappingEntry 4 }
--
-- Queue assignment table
--
-- The Assignment of packets to queues and thresholds based on
-- their CoS value.
caqCosAssignmentTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqCosAssignmentEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table provides the information for and configuration of
assigning packets to queues and thresholds based on their CoS
value."
::= { caqGlobalObjects 4 }
caqCosAssignmentEntry OBJECT-TYPE
SYNTAX CaqCosAssignmentEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The assignment of packets to a pair of queue and threshold
based on their Cos value. The packets assignment also depends
on port types. For each port type, there is a set of Cos
value (0..7) associated with a pair of queue number and
threshold number (q,t). Packets that have their Cos value
belong to a particular set will be assigned to the pair of
queue number and threshold number that this set associated
with."
INDEX { caqCosAssignQueueType, caqCosAssignCos }
::= { caqCosAssignmentTable 1 }
CaqCosAssignmentEntry ::= SEQUENCE {
caqCosAssignQueueType QosInterfaceQueueType,
caqCosAssignCos QosLayer2Cos,
caqCosAssignQueueNumber CaqQueueNumber,
caqCosAssignThresholdNumber CaqThresholdNumber
}
caqCosAssignQueueType OBJECT-TYPE
SYNTAX QosInterfaceQueueType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The queue type of this interface."
::= { caqCosAssignmentEntry 1 }
caqCosAssignCos OBJECT-TYPE
SYNTAX QosLayer2Cos
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the Cos value which is used to match the
Cos value of packets for queue assignment."
::= { caqCosAssignmentEntry 2 }
caqCosAssignQueueNumber OBJECT-TYPE
SYNTAX CaqQueueNumber
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The queue number which the Cos value denoted by
caqCosAssignCos will be associated with. This queue number
must not larger than the queue count defined by
caqCosAssignQueueType."
::= { caqCosAssignmentEntry 3 }
caqCosAssignThresholdNumber OBJECT-TYPE
SYNTAX CaqThresholdNumber
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The threshold number which the Cos value denoted by
caqCosAssignCos will be associated with. This threshold
number must not larger than the threshold count defined
by caqCosAssignQueueType."
::= { caqCosAssignmentEntry 4 }
--
-- The Queue Threshold Table
--
caqQueueThresholdTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqQueueThresholdEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table maintains threshold parameters for the specified
queue number and threshold number of a port type."
::= { caqGlobalObjects 5 }
caqQueueThresholdEntry OBJECT-TYPE
SYNTAX CaqQueueThresholdEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"For each threshold of a queue, there are parameters to set on
the threshold. This entry contains the parameters."
INDEX { caqQueueThreshQueueType,
caqQueueThreshQueueIndex,
caqQueueThreshThresholdIndex }
::= { caqQueueThresholdTable 1 }
CaqQueueThresholdEntry ::= SEQUENCE {
caqQueueThreshQueueType QosInterfaceQueueType,
caqQueueThreshQueueIndex CaqQueueNumber,
caqQueueThreshThresholdIndex CaqThresholdNumber,
caqQueueThreshDropAlgorithm INTEGER,
caqQueueThreshDropThreshold Unsigned32,
caqQueueThreshMinWredThreshold Percent,
caqQueueThreshMaxWredThreshold Unsigned32
}
caqQueueThreshQueueType OBJECT-TYPE
SYNTAX QosInterfaceQueueType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the queue type."
::= { caqQueueThresholdEntry 1 }
caqQueueThreshQueueIndex OBJECT-TYPE
SYNTAX CaqQueueNumber
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates queue number. This queue number must not be larger
than the queue count defined by caqQueueThreshQueueType."
::= { caqQueueThresholdEntry 2 }
caqQueueThreshThresholdIndex OBJECT-TYPE
SYNTAX CaqThresholdNumber
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates threshold number. This threshold number must not
be larger than the threshold count defined by
caqQueueThreshQueueType."
::= { caqQueueThresholdEntry 3 }
caqQueueThreshDropAlgorithm OBJECT-TYPE
SYNTAX INTEGER { tailDrop(1), wred(2) }
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the drop algorithm used at this queue and threshold.
tailDrop(1) indicates that tailDrop is used.
wred(2) indicates that WRED is used."
::= { caqQueueThresholdEntry 4 }
caqQueueThreshDropThreshold OBJECT-TYPE
SYNTAX Unsigned32 (1..100)
UNITS "percent"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the drop threshold parameter for a
pair of queue and threshold of an interface queue type when the
drop algorithm is tail drop. Once the packets in the buffer is
more than the value of this object, the incoming packets of the
buffer are dropped. The value is a percentage of the full
buffer.
This object is instantiated only if the value of
caqQueueThreshDropAlgorithm is tailDrop(1)."
::= { caqQueueThresholdEntry 5 }
caqQueueThreshMinWredThreshold OBJECT-TYPE
SYNTAX Percent
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the min WRED threshold parameter of a
threshold number for the specific port type when WRED drop
algorithm is used.
WRED (Weighted Random Early Detect) is a mechanism which drops
packets fairly during congestion so that adaptive applications
can react to congestion. This object specifies a percentage of
the buffer size.
This object is instantiated only if the value of
caqQueueThreshDropAlgorithm is wred(2)."
::= { caqQueueThresholdEntry 6 }
caqQueueThreshMaxWredThreshold OBJECT-TYPE
SYNTAX Unsigned32 (1..100)
UNITS "percent"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the max WRED threshold parameter of a
threshold number for the specific port type when WRED drop
algorithm is used.
This object is instantiated only if the value of
caqQueueThreshDropAlgorithm is wred(2)."
::= { caqQueueThresholdEntry 7 }
--
-- The Queue Table
--
caqQueueTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqQueueEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table used to configure the WRR (weighted round robin)
weights for queues and the ratio of memory buffer allocation
for each queue. It only contains entries for the specific port
types which supports either WRR or buffer allocation."
::= { caqGlobalObjects 6 }
caqQueueEntry OBJECT-TYPE
SYNTAX CaqQueueEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A set of WRR weight and memory buffer allocation ratio for
ingress or egress of a specific queue."
INDEX { caqQueueDirection,
caqQueueType,
caqQueueNumber }
::= { caqQueueTable 1 }
CaqQueueEntry ::= SEQUENCE {
caqQueueDirection CaqDirection,
caqQueueType QosInterfaceQueueType,
caqQueueNumber CaqQueueNumber,
caqQueueWrrWeight Unsigned32,
caqQueueBufferSizeRatio Unsigned32
}
caqQueueDirection OBJECT-TYPE
SYNTAX CaqDirection
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates whether this row's queue parameters are to
be applied for ingress or for egress traffic."
::= { caqQueueEntry 1 }
caqQueueType OBJECT-TYPE
SYNTAX QosInterfaceQueueType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the queue type."
::= { caqQueueEntry 2 }
caqQueueNumber OBJECT-TYPE
SYNTAX CaqQueueNumber
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates queue number."
::= { caqQueueEntry 3 }
caqQueueWrrWeight OBJECT-TYPE
SYNTAX Unsigned32 (1..255)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object is to configure the weight for the specified
queue type and for the specified direction."
::= { caqQueueEntry 4 }
caqQueueBufferSizeRatio OBJECT-TYPE
SYNTAX Unsigned32 (1..99)
UNITS "percent"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the percentage of ingress or egress packet buffer
memory allocated to the specified queue."
::= { caqQueueEntry 5 }
--
-- The Dscp Mutation Map Table
--
caqDscpMutationMapTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqDscpMutationMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table provides the DSCP mutation mapping configuration
on the device. This table is only instantiated if DSCP
Mutation is supported by the device."
::= { caqGlobalObjects 7 }
caqDscpMutationMapEntry OBJECT-TYPE
SYNTAX CaqDscpMutationMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row contains the mapping from old DSCP value to new
DSCP value per specific mutation table."
INDEX { caqDscpMutationTableId, caqDscpMutationOldDscp }
::= { caqDscpMutationMapTable 1 }
CaqDscpMutationMapEntry ::= SEQUENCE {
caqDscpMutationTableId Unsigned32,
caqDscpMutationOldDscp Dscp,
caqDscpMutationNewDscp Dscp
}
caqDscpMutationTableId OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The mutation table ID number."
::= { caqDscpMutationMapEntry 1 }
caqDscpMutationOldDscp OBJECT-TYPE
SYNTAX Dscp
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The old DSCP value."
::= { caqDscpMutationMapEntry 2 }
caqDscpMutationNewDscp OBJECT-TYPE
SYNTAX Dscp
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The new DSCP value which the old DSCP values maps to for
a specific mutation table. The default mapping of old DSCP to
new DSCP for mutation purpose is the identity function.
That is:
63 -> 63
62 -> 62
...
31 -> 31
...
2 -> 2
1 -> 1
0 -> 0."
::= { caqDscpMutationMapEntry 3 }
--
-- The VLAN to Mutation Table Map Table
--
caqVlanMutationIdMapTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqVlanMutationIdMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table provides the VLAN to mutation table mapping
configuration on the device. This table is only
instantiated if DSCP Mutation is supported by the
device."
::= { caqGlobalObjects 8 }
caqVlanMutationIdMapEntry OBJECT-TYPE
SYNTAX CaqVlanMutationIdMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"When the first time a VLAN is created in a device supporting
this table, a corresponding entry of this table will be added.
The value of caqVlanMutationTableId object in such row will be
initialized to 0."
INDEX { caqVlanMutationIndex }
::= { caqVlanMutationIdMapTable 1 }
CaqVlanMutationIdMapEntry ::= SEQUENCE {
caqVlanMutationIndex VlanIndex,
caqVlanMutationTableId Unsigned32
}
caqVlanMutationIndex OBJECT-TYPE
SYNTAX VlanIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the VLAN number."
::= { caqVlanMutationIdMapEntry 1 }
caqVlanMutationTableId OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the mutation table ID number. The value of this
object should match one of caqDscpMutationTableId object
value in caqDscpMutationMapTable.
Mutation table 0 always provides the identity mapping."
::= { caqVlanMutationIdMapEntry 2 }
caqDscpRewriteEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates whether DSCP rewrite is enabled or disabled
in the device.
if true(1), all outgoing packets will have their DSCP
value rewrited based on the result of classification,
policing or DSCP mutation configured in the device.
if false(2), all outgoing packets will have their DSCP
values as when they arrived."
::= { caqGlobalObjects 9 }
caqMacPktClassifyVlansLow OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..256))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A string of octets containing one bit per VLAN for
VLANs with VlanIndex value of 0 to 2047. The first
octet corresponds to VLANs with VlanIndex values
of 0 through 7; the second octet to VLANs 8 through
15; etc. The most significant bit of each octet
corresponds to the lowest value VlanIndex in that octet.
For each VLAN, if Ethernet packet classify feature is
enabled then the bit corresponding to that VLAN is set
to '1'.
Note that if the length of this string is less than
256 octets, any 'missing' octets are assumed to contain
the value zero. A NMS may omit any zero-valued octets
from the end of this string in order to reduce SetPDU size,
and the agent may also omit zero-valued trailing octets,
to reduce the size of GetResponse PDUs."
::= { caqGlobalObjects 10 }
caqMacPktClassifyVlansHigh OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..256))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A string of octets containing one bit per VLAN for
VLANs with VlanIndex value of 2048 to 4095. The first
octet corresponds to VLANs with VlanIndex values
of 2048 through 2055; the second octet to VLANs 2056
through 2063; etc. The most significant bit of each
octet corresponds to the lowest value VlanIndex in that
octet.
For each VLAN, if Ethernet packet classify feature is
enabled then the bit corresponding to that VLAN is set
to '1'.
Note that if the length of this string is less than
256 octets, any 'missing' octets are assumed to contain
the value zero. A NMS may omit any zero-valued octets
from the end of this string in order to reduce SetPDU size,
and the agent may also omit zero-valued trailing octets,
to reduce the size of GetResponse PDUs."
::= { caqGlobalObjects 11 }
--*********************************************************************
-- Cisco CatOS Acl Qos Interface Group
--*********************************************************************
--
--
--
-- caqIfConfigTable
--
caqIfConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqIfConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table describes the trust state and the default Cos
value configured at each physical interface. It also
indicates whether an ACL attached to a Qos capable physical
interface is applied per VLAN or per physical interface if
the platform supports ACL configuration."
::= { caqInterfaceObjects 1 }
caqIfConfigEntry OBJECT-TYPE
SYNTAX CaqIfConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of this table is the ifIndex of a
physical port with QoS capability."
INDEX { ifIndex }
::= { caqIfConfigTable 1 }
CaqIfConfigEntry ::= SEQUENCE {
caqIfCos QosLayer2Cos,
caqIfTrustStateConfig INTEGER,
caqIfAclBase INTEGER,
caqIfTrustDevice BITS,
caqIfOperTrustState INTEGER
}
caqIfCos OBJECT-TYPE
SYNTAX QosLayer2Cos
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates the default Cos value configured at this
physical interface. This default value will be assigned to
packet which does not have a Cos value in its layer-2 header
when the packet arrives at this interface."
::= { caqIfConfigEntry 1 }
caqIfTrustStateConfig OBJECT-TYPE
SYNTAX INTEGER {
untrusted(1),
trustCoS(2),
trustIpPrec(3),
trustDscp(4)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object is used to set the trust state of an interface.
(whether the packets arriving at an interface are trusted to
carry the correct data for classification.)
If the object is untrusted(1), then the DSCP assigned to the
packet is the DSCP specified by classification rule obtained
from the matching ACE (Access Control Entry). ACE is a filter
that is used to identify flows with certain characteristics. It
includes fields such as ingress/egress ports, L2 addresses, L3
addresses , TCP/UDP port number.
If this object is trustCoS(2), then the DSCP assigned
to the packet is the layer2 CoS of the packet mapped to a
DSCP by the CoS-to-DSCP mapping defined in object
caqCosToDscpDscp.
When this object is trustIpPrec(3), a DSCP is assigned to
an IP packet according to the IP-Precedence-to-DSCP mapping
defined by the values contained in caqIpPrecToDscpTable. For
non-IP packets, trustIpPrec(3) has identical behavior as
trustCoS(2).
When this object is trustDscp(4), the DSCP contained in an IP
packet is trusted as being the correct value to assign to it.
For non-IP packets, trustDscp(4) has identical behavior as
trustCoS(2)."
DEFVAL { untrusted }
::= { caqIfConfigEntry 2 }
caqIfAclBase OBJECT-TYPE
SYNTAX INTEGER { vlan(1), port(2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"For a given physical interface, this object indicates whether
packets arriving at that interface are classified and policed
based on port's ACL or based on the ACL of the VLAN which the
port belongs to. This object is only instantiated if the
platform support ACL configuration."
::= { caqIfConfigEntry 3 }
caqIfTrustDevice OBJECT-TYPE
SYNTAX BITS {
trustCiscoIPPhone(0)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"For a given physical interface, this object indicates the
restriction on trusting only a specific type of device which
is connected to this interface to carry the correct data for
classification.
trustCiscoIPPhone(0) indicates that there is a restriction
on trusting only ciscoIPPhone to carry the correct data for
classification.
If there is no bits turned on, any device connected to
this interface is trusted to carry the correct data for
clarification.
This object is only instantiated if the platform supports
trust device configuration."
::= { caqIfConfigEntry 4 }
caqIfOperTrustState OBJECT-TYPE
SYNTAX INTEGER {
untrusted(1),
trustCoS(2),
trustIpPrec(3),
trustDscp(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object is used to indicate the operational trust state of
an interface. The operational trust state may or may not be
identical to the config trust state denoted by
caqIfTrustStateConfig. The value of this object depends on the
runtime conditions such as whether the interface is configured
to trust a certain type of device as denoted by caqIfTrustDevice
as well as whether a device of the trusted type is connected to
the interface. For example, if the interface is configured to
only trust Cisco IP Phone and the phone is not connected to
the interface at runtime, the operational trust state of this
interface will have the untrusted(1) value even if the
trustCoS(2) value is configured in caqIfTrustStateConfig.
This object is only instantiated if the platform supports
trust device configuration.
If the object is untrusted(1), then the DSCP assigned to the
packet is the DSCP specified by classification rule obtained
from the matching ACE (Access Control Entry). ACE is a filter
that is used to identify flows with certain characteristics. It
includes fields such as ingress/egress ports, L2 addresses, L3
addresses , TCP/UDP port number.
If this object is trustCoS(2), then the DSCP assigned
to the packet is the layer2 CoS of the packet mapped to a
DSCP by the CoS-to-DSCP mapping defined in object
caqCosToDscpDscp.
When this object is trustIpPrec(3), a DSCP is assigned to
an IP packet according to the IP-Precedence-to-DSCP mapping
defined by the values contained in caqIpPrecToDscpTable. For
non-IP packets, trustIpPrec(3) has identical behavior as
trustCoS(2).
When this object is trustDscp(4), the DSCP contained in an IP
packet is trusted as being the correct value to assign to it.
For non-IP packets, trustDscp(4) has identical behavior as
trustCoS(2)."
::= { caqIfConfigEntry 5 }
--
-- The caqClassifierTable
--
caqClassifierTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqClassifierEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table identifies which ACLs are in use on which
interfaces. Some devices may impose constraints on the number
of ACLs that can be attached to each interface; for example a
constraint that at most three Qos ACLs, one for each type: IP,
IPX and MAC, and at most three Security ACLs, one for each
type: IP, IPX and MAC, can be attached to an interface."
::= { caqInterfaceObjects 2 }
caqClassifierEntry OBJECT-TYPE
SYNTAX CaqClassifierEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry identifies that a particular ACL is in use on a
particular interface. An interface can be a physical port
or a VLAN."
INDEX { ifIndex, caqClassifierAclType,
IMPLIED caqClassifierAclName }
::= { caqClassifierTable 1 }
CaqClassifierEntry ::= SEQUENCE {
caqClassifierAclType INTEGER,
caqClassifierAclName CaqAclName,
caqClassifierMapStatus RowStatus,
caqClassifierMapDirection BITS
}
caqClassifierAclType OBJECT-TYPE
SYNTAX INTEGER {
ipQos(1),
ipxQos(2),
macQos(3),
ipSecurity(4),
ipxSecurity(5),
macSecurity(6)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the type of ACL attached to this interface.
ipQos(1) indicates that this ACL is an IP Qos ACL.
ipxQos(2) indicates that this ACL is an IPX Qos ACL.
macQos(3) indicates that this ACL is a MAC Qos ACL.
ipSecurity(4) indicates that this ACL is an IP Security ACL.
ipxSecurity(5) indicates that this ACL is an IPX Security ACL.
macSecurity(6) indicates that this ACL is a MAC Security ACL."
::= { caqClassifierEntry 1 }
caqClassifierAclName OBJECT-TYPE
SYNTAX CaqAclName
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the ACL name which should exist in the ACL tables
e.g. in caqIpAceTable. This ACL can be a Qos ACL or a
Security ACL."
::= { caqClassifierEntry 2 }
caqClassifierMapStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of this classifier conceptual row entry.
An entry may not exist in the active state unless the
ACL name denoted by caqClassifierAclName object in the
entry exist and active (i.e. its RowStatus object is
active(1)) in an ACL table.
Once a row becomes active, value in any other column within
such row cannot be modified except by setting
caqClassifierMapStatus to notInService(2) for such row."
::= { caqClassifierEntry 3 }
caqClassifierMapDirection OBJECT-TYPE
SYNTAX BITS { ingress(0), egress(1) }
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates whether this ACL are to be attached to ingress or
egress direction."
DEFVAL { {ingress} }
::= { caqClassifierEntry 4 }
caqIfSecurityAclConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqIfSecurityAclConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A list of the interfaces which support the security
ACL feature."
::= { caqInterfaceObjects 3 }
caqIfSecurityAclConfigEntry OBJECT-TYPE
SYNTAX CaqIfSecurityAclConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry contains configuration information about
a security ACL mapped to a interface which is capable
for this feature."
INDEX { ifIndex }
::= { caqIfSecurityAclConfigTable 1 }
CaqIfSecurityAclConfigEntry ::=
SEQUENCE {
caqIfSecurityAclBase INTEGER
}
caqIfSecurityAclBase OBJECT-TYPE
SYNTAX INTEGER {
port(1),
vlan(2),
merge(3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The security ACL configuration mode for an interface.
Setting this variable to the value port(1) will cause the
packets (L3 forwarded packets and L2 packets) arriving at that
interface to be filtered based on the ACL mapped to that
interface.
Setting this variable to the value vlan(2) will cause the
packets (L3 forwarded packets and L2 packets) arriving at that
access interface to be filtered based on two ACL(the router's
ACL and the ACL of the VLAN to which the interface belongs).
If it is a trunking interface, the vlan-tag packets will be
filtered based on the ACL of the tag-vlan.
Setting this variable to the value merge(3) will merge the
physical interface ACL, the VLAN ACL and the router ACL
together to emulate the logical serial model shown below.
L3 only
Port ACL -> VLAN ACL -> Router ACL -> Router ACL -> VLAN ACL
physical ingress ingress egress egress
interface"
::= { caqIfSecurityAclConfigEntry 1 }
--
-- The caqIpOperClassifierTable
--
caqIpOperClassifierTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqIpOperClassifierEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table identifies which operational IP ACLs are in use
on which interfaces."
::= { caqInterfaceObjects 4 }
caqIpOperClassifierEntry OBJECT-TYPE
SYNTAX CaqIpOperClassifierEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry in this table identifies operational IP ACLs that
are currently in use on a particular interface. An interface
can be a physical port or a VLAN."
INDEX { ifIndex, caqIpOperAclFeature }
::= { caqIpOperClassifierTable 1 }
CaqIpOperClassifierEntry ::= SEQUENCE {
caqIpOperAclFeature INTEGER,
caqIpOperAclName SnmpAdminString,
caqIpOperAclMapSource BITS
}
caqIpOperAclFeature OBJECT-TYPE
SYNTAX INTEGER {
ingressIpQos(1),
egressIpQos(2),
ipSecurity(3)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An index indicates the feature to which the operational
IP ACLs mapped at this interface are applied.
'ingressIpQos' indicates the ACL mapped at this interface
is used to classify ingress IP traffic for QoS feature.
'egressIpQos' indicates the ACL mapped at this interface
is used to classify egress IP traffic for QoS feature.
'ipSecurity' indicates the ACL mapped at this interface
is used to classify IP traffic for security feature."
::= { caqIpOperClassifierEntry 1 }
caqIpOperAclName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the name of an operational IP ACL
which is mapped at this interface to classify IP traffic
for feature denoted by caqIpOperAclFeature object."
::= { caqIpOperClassifierEntry 2 }
caqIpOperAclMapSource OBJECT-TYPE
SYNTAX BITS {
configured(0),
dot1x(1),
macAuth(2),
webAuth(3),
eou(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the sources that map the operational
IP ACLs at this interface.
'configured' indicates that the ACL mapping is introduced
by manual configuration through CLI or an NMS application.
'dot1x' indicates that the ACL mapping is introduced by
the operation of 802.1x feature.
'macAuth' indicates that the ACL mapping is introduced by
the operation of Mac Authentication Bypass feature.
'webAuth' indicates that the ACL mapping is introduced by
the operation of Web Authentication feature.
'eou' indicates that the ACL mapping is introduced by
the operation of Extensible Authentication Protocol over
UDP (EOU) feature."
::= { caqIpOperClassifierEntry 3 }
--
-- The caqDownloadClassifierTable
--
caqDownloadClassifierTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqDownloadClassifierEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table identifies ACLs assignment to capable
interface which is downloaded using different
security features."
::= { caqInterfaceObjects 5 }
caqDownloadClassifierEntry OBJECT-TYPE
SYNTAX CaqDownloadClassifierEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry identifies ACLs assignment on a capable
physical interface."
INDEX { ifIndex, caqDownloadAclFeature }
::= { caqDownloadClassifierTable 1 }
CaqDownloadClassifierEntry ::= SEQUENCE {
caqDownloadAclFeature INTEGER,
caqDownloadClassifierAclName CaqAclName,
caqDownloadMapSource INTEGER,
caqDownloadAclType INTEGER
}
caqDownloadAclFeature OBJECT-TYPE
SYNTAX INTEGER {
ingressIpQos(1),
egressIpQos(2),
ipSecurity(3)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object indicates the feature that ACLs mapped
at this interface is used for.
'ingressIpQos' indicates the ACL mapped at this interface
is used to classify ingress IP traffic for QoS feature.
'egressIpQos' indicates the ACL mapped at this interface
is used to classify egress IP traffic for QoS feature.
'ipSecurity' indicates the ACL mapped at this interface
is used to classify IP traffic for security feature."
::= { caqDownloadClassifierEntry 1 }
caqDownloadClassifierAclName OBJECT-TYPE
SYNTAX CaqAclName
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the ACL name mapped to this
interface to classify traffic for a specific feature
denoted by the corresponding caqDownloadAclFeature."
::= { caqDownloadClassifierEntry 2 }
caqDownloadMapSource OBJECT-TYPE
SYNTAX INTEGER {
dot1x(1),
macAuth(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the source that maps the ACLs at this
interface.
'dot1x' indicates that the ACL mapping is introduced by
the operation of 802.1x feature.
'macAuth' indicates that the ACL mapping is introduced by
the operation of Mac Authentication Bypass feature."
::= { caqDownloadClassifierEntry 3 }
caqDownloadAclType OBJECT-TYPE
SYNTAX INTEGER { pacl(1), vacl(2) }
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the type of the ACL.
'pacl' indicates this is a port-based ACL.
'vacl' indicates this is a VLAN-based ACL."
::= { caqDownloadClassifierEntry 4 }
--**********************************************************************
-- Cisco CatOS Acl Qos Acl Group
--**********************************************************************
--
--
caqAclCapabilities OBJECT-TYPE
SYNTAX BITS {
ipQos(0),
ipxQos(1),
macQos(2),
ipSecurity(3),
ipxSecurity(4),
macSecurity(5) }
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates what ACL capabilities are supported on the device.
An ACL belongs to one of the following types: IP, IPX and MAC.
Furthermore, an ACL can be used for either QoS or Security
feature.
If ipQos(0) bit is turned on, caqIpAceTable can be instantiated
for Qos feature, otherwise it can not.
If ipxQos(1) bit is turned on, caqIpxAceTable can be
instantiated for Qos feature, otherwise it can not.
If macQos(2) bit is turned on, caqMacAceTable can be
instantiated for Qos feature, otherwise it can not.
If ipSecurity(3) bit is turned on, caqIpAceTable can be
instantiated for Security feature, otherwise it can not.
If ipxSecurity(4) bit is turned on, caqIpxAceTable can be
instantiated for Security feature, otherwise it can not.
If macSecurity(5) bit is turned on, caqMacAceTable can be
instantiated for Security feature, otherwise it can not."
::= { caqAclObjects 1 }
--
-- caqIpAceTable
--
caqIpAceTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqIpAceEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains a list of IP ACEs. Each ACE consists of
a filter specification and behavior associated with it which
describes what action to carry out on packets which match.
An ACL is defined as the set of ACEs of the same type (all
QoS, or all Security). Within a feature (qos or security),
each ACE is named by a combination of an AclName and an ACE
index, such that all the ACEs which are named using the same
AclName are part of the same ACL."
::= { caqAclObjects 2 }
caqIpAceEntry OBJECT-TYPE
SYNTAX CaqIpAceEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry defines an ACE, consisting of a set of match
criteria. For a packet to match an entry, it has to match
all the criteria specified in that entry."
INDEX { caqIpAceFeature, caqIpAclName, caqIpAceIndex }
::= { caqIpAceTable 1 }
CaqIpAceEntry ::= SEQUENCE {
caqIpAceFeature INTEGER,
caqIpAclName CaqAclName,
caqIpAceIndex Unsigned32,
caqIpAceMatchedAction Unsigned32,
caqIpAceProtocolType Unsigned32,
caqIpAceAddrType InetAddressType,
caqIpAceSrcIp InetAddress,
caqIpAceSrcIpMask InetAddress,
caqIpAceSrcPortOp INTEGER,
caqIpAceSrcPort Unsigned32,
caqIpAceSrcPortRange Unsigned32,
caqIpAceDestIp InetAddress,
caqIpAceDestIpMask InetAddress,
caqIpAceDestPortOp INTEGER,
caqIpAceDestPort Unsigned32,
caqIpAceDestPortRange Unsigned32,
caqIpAceTosMatchCriteria INTEGER,
caqIpAceIpPrec CaqIpPrecedence,
caqIpAceDscp Dscp,
caqIpAceProtocolMatchCriteria INTEGER,
caqIpAceIcmpType Unsigned32,
caqIpAceIcmpCode Unsigned32,
caqIpAceIgmpType Unsigned32,
caqIpAceOrderPosition Unsigned32,
caqIpAceBeforePosition Unsigned32,
caqIpAceStatus RowStatus,
caqIpAceSecurityId Unsigned32,
caqIpAceSrcGroup SnmpAdminString,
caqIpAceDestGroup SnmpAdminString,
caqIpAceType INTEGER
}
caqIpAceFeature OBJECT-TYPE
SYNTAX INTEGER { qos(1), security(2) }
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates whether this entry is a Qos ACL or Security ACL.
ACEs belongs to the same ACL should have the same value
for this object."
::= { caqIpAceEntry 1 }
caqIpAclName OBJECT-TYPE
SYNTAX CaqAclName
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The name of an ACL. Within a feature (qos or security), the
name is unique across all of the ACL tables that identifies
the list to which the entry belongs in the device."
::= { caqIpAceEntry 2 }
caqIpAceIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of an ACE within an ACL."
::= { caqIpAceEntry 3 }
caqIpAceMatchedAction OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the action to be taken if a packet matches this ACE.
If the value of this ACE's caqIpAceFeature object is: 'qos(1)',
then this object contains the index of an active row in
caqQosActionSelectTable. If the value of this ACE's
caqIpAceFeature object is: 'security(2)', then this object
contains the index of an active row in caqSecurityActionTable."
::= { caqIpAceEntry 4 }
caqIpAceProtocolType OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The protocol number field in the IP header used to indicate
the higher layer protocol as specified in RFC 1700. A value
value of 0 matches every IP packet.
For example :
0 is IP, 1 is ICMP, 2 is IGMP, 4 is IP in IP encapsulation,
6 is TCP, 9 is IGRP, 17 is UDP, 47 is GRE, 50 is ESP, 51 is AH,
88 is IGRP, 89 is OSPF, 94 is KA9Q/NOS compatible IP over IP,
103 is PIMv2, 108 is PCP."
REFERENCE
"RFC 1700, Assigned Numbers."
DEFVAL { 0 } -- IP
::= { caqIpAceEntry 5 }
caqIpAceAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of IP address used by this ACE entry."
::= { caqIpAceEntry 6 }
caqIpAceSrcIp OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The specified source IP address. The packet's source address is
AND-ed with the value of caqIpAceSrcIpMask and then compared
against the value of this object. If this object value is
0.0.0.0, and the value of caqIpAceSrcIpMask object in the same
entry is 255.255.255.255, this entry matches any source IP
address."
::= { caqIpAceEntry 7 }
caqIpAceSrcIpMask OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The specified source IP address mask."
::= { caqIpAceEntry 8 }
caqIpAceSrcPortOp OBJECT-TYPE
SYNTAX INTEGER { noOperator(1), lt(2), gt(3),
eq(4), neq(5), range(6) }
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates how a packet's source TCP/UDP port number is
to be compared.
If the caqIpAceProtocolType object in the same row does not
indicate TCP or UDP, this object has to be 'noOperator(1)' and
cannot be changed while this row is active, i.e., the value of
caqIpAceStatus in the same row has the value 'active(1)'.
'noOperator(1)', which is the default value, means that no
comparison is to be made with the source TCP/UDP port number.
lt(2) means less than, gt(3) means greater than, eq(4)
means equal, neq(5) means not equal. Those 4 operators
are using the caqIpAceSrcPort object as an operand which
is the only one needed.
range(6) means that it compares the port value between two
numbers, so this operator needs 2 operands. One operand is
the starting port number of the range which is caqIpAceSrcPort
object, and the other operand is the ending port number of the
range which the caqIpAceSrcPortRange object is in."
DEFVAL { noOperator }
::= { caqIpAceEntry 9 }
caqIpAceSrcPort OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The source port number of the TCP or UDP protocol. If the
caqIpAceSrcPortOp object in the same row is range(6), this
object will be the starting port number of the port range.
This object cannot be configured if caqIpAceStatus in the
same row is active(1) or caqIpAceSrcPortOp in the same row
is noOperator(1)."
::= { caqIpAceEntry 10 }
caqIpAceSrcPortRange OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The source port number of the TCP or UDP protocol. If the
caqIpAceSrcPortOp object in the same row is range(6), this
object will be the ending port number of the port range.
This object cannot be configured if caqIpAceStatus in the
same row is active(1) or caqIpAceSrcPortOp in the same row
is not range(6)."
::= { caqIpAceEntry 11 }
caqIpAceDestIp OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The specified destination IP address. The packet's destination
address is AND-ed with the value of caqIpAceDestIpMask and then
compared against the value of this object. If this object value
is 0.0.0.0 and the value of caqIpAceDestIpMask object in the
same entry is 255.255.255.255, this entry matches any
destination IP address."
DEFVAL { '00000000'H } -- 0.0.0.0
::= { caqIpAceEntry 12 }
caqIpAceDestIpMask OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The specified destination IP address mask."
DEFVAL { 'FFFFFFFF'H } -- 255.255.255.255
::= { caqIpAceEntry 13 }
caqIpAceDestPortOp OBJECT-TYPE
SYNTAX INTEGER { noOperator(1), lt(2), gt(3),
eq(4), neq(5), range(6) }
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates how a packet's destination TCP/UDP port number is
to be compared.
If the caqIpAceProtocolType object in the same row does not
indicate TCP or UDP, this object has to be 'noOperator(1)' and
cannot be changed while this row is active, i.e., the value of
caqIpAceStatus in the same row has the value 'active(1)'.
'noOperator(1)', which is the default value, means that no
comparison is to be made with the destination TCP/UDP port
number.
lt(2) means less than.
gt(3) means greater than.
eq(4) means equal.
neq(5) means not equal. Those 4 operators are using the
caqIpAceDestPort object as an operand which is the only one
needed.
range(6) means that it compares the port value between two
numbers, so this operator needs 2 operands. One operand is the
starting port number of the range which is caqIpAceDestPort
object, and the other operand is the ending port number
of the range which the caqIpAceDestPortRange object is in."
DEFVAL { noOperator }
::= { caqIpAceEntry 14 }
caqIpAceDestPort OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The destination port number of the TCP or UDP protocol.
If the caqIpAceDestPortOp object in the same row is range(6),
this object will be the starting port number of the port range.
This object cannot be configured if caqIpAceStatus in the
same row is active(1) or caqIpAceDestPortOp in the same row
is noOperator(1)."
::= { caqIpAceEntry 15 }
caqIpAceDestPortRange OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The destination port number of the TCP or UDP protocol.
If the caqIpAceDestPortOp object in the same row is range(6),
this object will be the ending port number of the port range.
This object cannot be configured if caqIpAceStatus in the
same row is active(1) or caqIpAceDestPortOp in the same row
is not range(6)."
::= { caqIpAceEntry 16 }
caqIpAceTosMatchCriteria OBJECT-TYPE
SYNTAX INTEGER {
none(1),
matchDscp(2),
matchIpPrec(3)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates what field of Tos octet in the packet header
to be matched.
none(1) means that there is no need to match the ToS octet.
matchDscp(2) means that the DSCP value of packet header need
to be matched. If this value is specified, the caqIpAceDscp
object in the same row should be configured.
matchIpPrec(3) means that the IpPrecedence value of packet
header need to be matched. If this value is specifed, the
caqIpAceIpPrec object in the same row should be configured."
DEFVAL { none }
::= { caqIpAceEntry 17 }
caqIpAceIpPrec OBJECT-TYPE
SYNTAX CaqIpPrecedence
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the IP precedence value to be matched against.
This object could not be configured when the status of the
entry, caqIpAceStatus, is active(1).
The value of this object is ignored whenever the value of
caqIpAceTosMatchCritial object is not matchIpPrec(3)."
DEFVAL { 0 }
::= { caqIpAceEntry 18 }
caqIpAceDscp OBJECT-TYPE
SYNTAX Dscp
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the Dscp value to be matched against.
This object could not be configured when the status of the
entry, caqIpAceStatus, is active(1). Packets can be matched
the DSCP level from 0 to 63.
The value of this object is ignored whenever the value of
caqIpAceTosMatchCritial object is not matchDscp(2)."
DEFVAL { 0 }
::= { caqIpAceEntry 19 }
caqIpAceProtocolMatchCriteria OBJECT-TYPE
SYNTAX INTEGER {
none(1),
matchIgmpType(2),
matchIcmpType(3),
matchIcmpTypeAndCode(4),
matchEstablished(5),
matchSecurityId(6),
matchEapoudp(7),
matchUrlRedirect(8)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates what field in the packet header for ICMP or IGMP
or TCP protocol or IPv4 ESP (Enscrypted Security Payload)
to be matched.
none(1) = no comparison is to be done for ICMP/IGMP/TCP/ESP.
matchIgmpType(2) means that the Type field of IGMP protocol
packet header needs to be matched. If this value is specified,
the caqIpAceIgmpType object in the same row should be
configured.
matchIcmpType(3) means that the Type field of ICMP protocol
packet header needs to be matched. If this value is specified,
the caqIpAceIcmpType object in the same row should be
configured.
matchIcmpTypeAndCode(4) means that both the Type and Code
fields of ICMP protocol packet header need to be matched.
If this value is specified, the caqIpAceIcmpType and
caqIpAceIcmpCode object in the same row should be configured.
matchEstablished(5) means that a match occurs if the TCP packet
has the ACK or RST bits set. The non matching case is that of
the intial TCP packet to form a connection.
matchSecurityId(6) means that the Security Association
Identifier field of IPv4 ESP packet header needs to be matched.
If this value is specified, the caqIpAceSecurityId object in
the same row should be configured.
matchEapoudp(7) means that this ACE needs to be matched
against the criteria for EAP (Extensible Authentication
Protocol) over UDP purpose.
matchUrlRedirect(8) means that this ACE needs to be matched
against the criteria for URL redirection purpose."
DEFVAL { none }
::= { caqIpAceEntry 20 }
caqIpAceIcmpType OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the message type of ICMP packets. The type is
a number from 0 to 255.
The value of this object is ignored whenever the value of
caqIpAceProtocolMatchCritial object is not matchIcmpType(3) or
matchIcmpTypeAndCode(4)."
DEFVAL { 0 }
::= { caqIpAceEntry 21 }
caqIpAceIcmpCode OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the message code of ICMP packets. The code is
a number from 0 to 255.
The value of this object is ignored whenever the value of
caqIpAceProtocolMatchCritial object is not
matchIcmpTypeAndCode(4)."
DEFVAL { 0 }
::= { caqIpAceEntry 22 }
caqIpAceIgmpType OBJECT-TYPE
SYNTAX Unsigned32 (0..15)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the message type of IGMP packets. The code is
a number from 0 to 15.
The value of this object is ignored whenever the value of
caqIpAceProtocolMatchCritial object is not matchIgmpType(2)."
DEFVAL { 0 }
::= { caqIpAceEntry 23 }
caqIpAceOrderPosition OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The ordering position of this ACE in the ACL. If this entry
is not in active(1) state, this object has value of 0."
::= { caqIpAceEntry 24 }
caqIpAceBeforePosition OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The object is to control the position of an ACE in the ACL.
Indicates the order position of a new ACE before an active ACE
which is already in the ACL. It means that the new ACE will
replace the position of the ACE which the object specifies.
For example, if there are 6 ACEs in an ACL, so the positions
of those 6 ACEs will be 1, 2, 3, 4, 5, 6. If the user would
like to add a new ACE and specifies 4 to be the value of
this object, the old ACEs in positions, 4, 5, 6 will become
5, 6, 7 while the entry containing the new ACE is active.
Be careful, for example, if the user would like to move an ACE
whose position is 2 to before the ACE whose position is 5. He
put the status of that entry to in-active and the position order
will be 1, 2, 3, 4, 5. The old ACEs in positions 3, 4, 5, 6
becomes 2, 3, 4, 5. So, the user has to specify the object to 4,
because the ACE in old position 5 has been moved to position 4.
If not specified, the default value 0 will be used. And the
new ACE is appended to the end of the ACL. 0 will be always
returned if the status of this row is active. If the entry
is from active(1) to notInService(2), this object should have
default value."
DEFVAL { 0 }
::= { caqIpAceEntry 25 }
caqIpAceStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of this IP ACE conceptual row entry. This object is
used to manage creation, deletion and modification of rows in
this table.
An entry may not exist in the active state unless all objects
in the entry have an appropriate value. Especially, it cannot
be in active state unless the caqIpAceMatchedAction object in
the entry point to an active entry (i.e its RowStatus object is
active(1)) in the caqQosActionSelectTable or
caqSecurityActionTable. Once a row becomes active, value in any
other column within such row cannot be modified.
If this row is the only ACE in an ACL and the value of its
caqIpAclName object matches the value of caqClassifierAclName
object in any active entry of the caqClassifierTable, removing
this entry will also remove the associated entry in the
caqClassifierTable.
If the value of caqIpAceType in this row is 'systemGenerated',
this row cannot be deleted or modified."
::= { caqIpAceEntry 26 }
caqIpAceSecurityId OBJECT-TYPE
SYNTAX Unsigned32 (0 |4..233)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the Security Association Identifier of IPv4 ESP
packets.
The value of this object is ignored whenever the value of
caqIpAceProtocolMatchCritial object is not matchSecurityId(6)."
DEFVAL { 0 }
::= { caqIpAceEntry 27 }
caqIpAceSrcGroup OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the source group name which the source IP address
in the IP packet header belongs to. If this object is
configured, the value of caqIpAceProtocolType object in the
same row will have the value of 0."
DEFVAL { "" }
::= { caqIpAceEntry 28 }
caqIpAceDestGroup OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the destination group name which the destination
IP address in the IP packet header belongs to. If this object
is configured, the value of caqIpAceProtocolType object in
the same row will have the value of 0."
DEFVAL { "" }
::= { caqIpAceEntry 29 }
caqIpAceType OBJECT-TYPE
SYNTAX INTEGER { configured(1), systemGenerated(2) }
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the ACE type."
::= { caqIpAceEntry 30 }
--
-- caqIpxAceTable
--
caqIpxAceTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqIpxAceEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains a list of IPX ACEs. Each ACE consists of
a filter specification and behavior associated with it which
describes what action to carry out on packets which match.
An ACL is defined as the set of ACEs of the same type (all
QoS, or all Security). Within each feature (qos or security),
each ACE is named by a combination of an AclName and an ACE
index, such that all the ACEs which are named using the same
AclName are part of the same ACL. This table is instantiated
only if the ipxQos bit or ipxSecurity bit of caqAclCapabilities
object is turned on."
::= { caqAclObjects 3 }
caqIpxAceEntry OBJECT-TYPE
SYNTAX CaqIpxAceEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry of caqIpxAceTable consists of a set of match
creteria. For a IPX flow to match an entry, it has to match
all the conditions specified in that entry."
INDEX { caqIpxAceFeature, caqIpxAclName , caqIpxAceIndex }
::= { caqIpxAceTable 1 }
CaqIpxAceEntry ::= SEQUENCE {
caqIpxAceFeature INTEGER,
caqIpxAclName CaqAclName,
caqIpxAceIndex Unsigned32,
caqIpxAceMatchedAction Unsigned32,
caqIpxAceSrcNet OCTET STRING,
caqIpxAceDestMatchCriteria BITS,
caqIpxAceProtocolType Unsigned32,
caqIpxAceDestNet OCTET STRING,
caqIpxAceDestNode OCTET STRING,
caqIpxAceDestNetMask OCTET STRING,
caqIpxAceDestNodeMask OCTET STRING,
caqIpxAceOrderPosition Unsigned32,
caqIpxAceBeforePosition Unsigned32,
caqIpxAceStatus RowStatus
}
caqIpxAceFeature OBJECT-TYPE
SYNTAX INTEGER { qos(1), security(2) }
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates whether this entry is a Qos ACL or Security ACL.
ACEs belongs to the same ACL should have the same value
for this object."
::= { caqIpxAceEntry 1 }
caqIpxAclName OBJECT-TYPE
SYNTAX CaqAclName
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The name of an ACL. Within a feature (qos or security), this
name is unique across all of the ACL tables that identifies
the list to which the entry belongs in the device."
::= { caqIpxAceEntry 2 }
caqIpxAceIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of an IPX ACE within an ACL."
::= { caqIpxAceEntry 3 }
caqIpxAceMatchedAction OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the action to be taken if a packet matches this ACE.
If the value of this ACE's caqIpxAceFeature object is: 'qos(1)',
then this object contains the index of an active row in
caqQosActionSelectTable. If the value of this ACE's
caqIpxAceFeature object is: 'security(2)', then this object
contains the index of an active row in caqSecurityActionTable."
::= { caqIpxAceEntry 4 }
caqIpxAceSrcNet OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(4))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the source network from which the packet is
being sent. This is a 32-bits value that uniquely identifies
network cable segment in IPX protocol.
A network number of 0xFFFFFFFF matches all networks."
::= { caqIpxAceEntry 5 }
caqIpxAceDestMatchCriteria OBJECT-TYPE
SYNTAX BITS {
matchProtocol(0),
matchIpxDestNet(1),
matchIpxDestNode(2),
matchIpxDestNetMask(3),
matchIpxDestNodeMask(4)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicate which matches to be checked for the
destination network of the flow.
matchProtocol(0) means that the flow protocol
will be matched against the value specified by
caqIpxAceProtocolType object in the same row.
matchIpxDestNet(1) means that the flow destination
network will be matched against the value specified
by caqIpxAceDestNet object in the same row.
matchIpxDestNode(2) means that the flow destination node
will be matched against the value specified by
caqIpxAceDestNode object in the same row.
If this option bit is on, the matchIpxDestNet(1) bit has
to be on also.
matchIpxDestNetMask(3) means that the packet's flow destination
network will be AND-ed with the value specified by
caqIpxAceDestNetMask object in the same row and then compared
against the value of caqIpxAceDestNet object.
matchIpxDestNodeMask(4) means that the packet's flow
destination node will be AND-ed with the value specified by
caqIpxAceDestNodeMask object in the same row and then compared
against the value of caqIpxAceDestNode object."
DEFVAL { { } }
::= { caqIpxAceEntry 6 }
caqIpxAceProtocolType OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The protocol number field in the IPX header used to indicate
the higher layer protocol. It can be any, ncp, netbios, rip,
sap or an integer between 0 to 255."
REFERENCE
"RFC 1700, Assigned Numbers."
::= { caqIpxAceEntry 7 }
caqIpxAceDestNet OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(4))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Number of the destination network to which the packet
is being sent. This is a 32-bit value that uniquely identifies
the IPX network cable segment in IPX protocol. A network
number of 0xFFFFFFFF matches all networks.
The value of this object is ignored whenever the
matchIpxDestNet(1) and matchIpxDestNetMask(3) bits of
caqIpxAceDestMatchCriteria object are not on."
::= { caqIpxAceEntry 8 }
caqIpxAceDestNode OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (6))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Node on the destination network to which the packet is being
sent. This is a 48 bits value.
The value of this object is ignored whenever the
matchIpxDestNode(2) and matchIpxDestNodeMask(4) bits of
caqIpxAceDestMatchCriteria object are not on."
::= { caqIpxAceEntry 9 }
caqIpxAceDestNetMask OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(4))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Mask to be applied to the destination net. This is an
32-bit value that has the same format as destination net.
The value of this object is ignored whenever the
matchIpxDestNetMask(3) bit of caqIpxAceDestMatchCriteria
object is not on."
::= { caqIpxAceEntry 10 }
caqIpxAceDestNodeMask OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (6))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Mask to be applied to the destination node. This is a 48-bit
value.
The value of this object is ignored whenever the
matchIpxDestNodeMask(4) bit of caqIpxAceDestMatchCriteria
object is not on."
::= { caqIpxAceEntry 11 }
caqIpxAceOrderPosition OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The ordering position of this ACE in the ACL. If this entry
is not in active(1) state, this object has value of 0."
::= { caqIpxAceEntry 12 }
caqIpxAceBeforePosition OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The object is to control the position of an ACE in the ACL.
Specifies the order position of a new ACE before an active ACE
which is already in the ACL. It means that the new ACE will
replace the position of the ACE which the object specifies.
For example, if there are 6 ACEs in an ACL, so the positions
of those 6 ACEs will be 1, 2, 3, 4, 5, 6. If the user would
like to add a new ACE and he specifies 4 to be the value of
this object, the old ACEs in positions, 4, 5, 6 will become
5, 6, 7 while the entry containing the new ACE is active.
The removing is similar. Be careful, for example, if the
user would like to move an ACE whose position is 2 to before
the ACE whose position is 5. He put the status of that entry
to in-active and the position order will be 1, 2, 3, 4, 5.
The old ACEs in positions 3, 4, 5, 6 becomes 2, 3, 4, 5. So,
the user has to specify the object to 4, because the ACE in
old position 5 has been moved to position 4.
If not specified, the default value 0 will be used. And the
new ACE is appended to the end of the ACL. 0 will be always
returned if the status of this row is active. If the entry
is from active(1) to notInService(2), this object should be
default value."
DEFVAL { 0 }
::= { caqIpxAceEntry 13 }
caqIpxAceStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of this IPX ACE conceptual row entry. This object
is used to manage creation, deletion and modification of rows
in this table.
An entry may not exist in the active state unless all objects
in the entry have an appropriate value. Especially, it cannot
be in active state unless the caqIpxAceMatchedAction object in
the entry point to an active entry (i.e its RowStatus object is
active(1)) in the caqQosActionSelectTable or
caqSecurityActionTable. Once a row becomes active, value in any
other column within such row cannot be modified.
If this row is the only ACE in an ACL and the value of its
caqIpxAclName object matches the value of caqClassifierAclName
object in any active entry of the caqClassifierTable, removing
this entry will also remove the associated entry in the
caqClassifierTable."
::= { caqIpxAceEntry 14 }
--
-- caqMacAceTable
--
caqMacAceTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqMacAceEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains a list of MAC ACEs. Each ACE consists of
a filter specification and behavior associated with it which
describes what action to carry out on packets which match.
An ACL is defined as the set of ACEs of the same type (all
QoS, or all Security). Within a feature (qos or security), each
ACE is named by a combination of an AclName and an ACE index,
such that all the ACEs which are named using the same AclName
are part of the same ACL. This table is instantiated only if
the macQos bit or macSecurity bit of caqAclCapabilities object
is turned on."
::= { caqAclObjects 4 }
caqMacAceEntry OBJECT-TYPE
SYNTAX CaqMacAceEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry of caqMacAceTable consist of a set of match
criteria. For a layer 2 flow to match an entry, it has to
match all the conditions specified in that entry."
INDEX { caqMacAceFeature, caqMacAclName, caqMacAceIndex }
::= { caqMacAceTable 1 }
CaqMacAceEntry ::= SEQUENCE {
caqMacAceFeature INTEGER,
caqMacAclName CaqAclName,
caqMacAceIndex Unsigned32,
caqMacAceMatchedAction Unsigned32,
caqMacAceSrcMac MacAddress,
caqMacAceSrcMacMask MacAddress,
caqMacAceDestMac MacAddress,
caqMacAceDestMacMask MacAddress,
caqMacAceEthertype Unsigned32,
caqMacAceOrderPosition Unsigned32,
caqMacAceBeforePosition Unsigned32,
caqMacAceStatus RowStatus,
caqMacAceMatchCriteria BITS,
caqMacAceCos QosLayer2Cos,
caqMacAceVlan VlanIndex
}
caqMacAceFeature OBJECT-TYPE
SYNTAX INTEGER { qos(1), security(2) }
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates whether this entry is a Qos ACL or Security ACL."
::= { caqMacAceEntry 1 }
caqMacAclName OBJECT-TYPE
SYNTAX CaqAclName
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The name of an ACL. Within a feature (qos or security), this
name is unique across all the ACL tables that identifies the
list to which the entry belongs in the device."
::= { caqMacAceEntry 2 }
caqMacAceIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of an Mac ACE within an ACL."
::= { caqMacAceEntry 3 }
caqMacAceMatchedAction OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the action to be taken if a packet matches this ACE.
If the value of this ACE's caqMacAceFeature object is: 'qos(1)',
then this object contains the index of an active row in
caqQosActionSelectTable. If the value of this ACE's
caqMacAceFeature object is: 'security(2)', then this object
contains the index of an active row in caqSecurityActionTable."
::= { caqMacAceEntry 4 }
caqMacAceSrcMac OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the 48 bits source MAC address. The packet's source
address is AND-ed with the value of caqMacAceSrcMacMask and then
compared against the value of this object. If this object value
is 00-00-00-00-00-00, and the value of caqMacAceSrcMacMask
object in the same entry is ff-ff-ff-ff-ff-ff, this entry
matches any source Mac address."
::= { caqMacAceEntry 5 }
caqMacAceSrcMacMask OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the 48 bit source MAC address mask."
::= { caqMacAceEntry 6 }
caqMacAceDestMac OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the 48 bits destination MAC address. The packet's
destination address is AND-ed with the value of
caqMacAceDestMacMask and then compared against the value of
this object. If this object value is 00-00-00-00-00-00, and the
value of caqMacAceDestMacMask object in the same entry is
ff-ff-ff-ff-ff-ff, this entry matches any destionation Mac
address."
::= { caqMacAceEntry 7 }
caqMacAceDestMacMask OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the 48 bit destination MAC address mask."
::= { caqMacAceEntry 8 }
caqMacAceEthertype OBJECT-TYPE
SYNTAX Unsigned32 ('0000'H..'FFFF'H)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This 16-bit hexadecimal number indicates the matched Ethernet
type. 0x0000 means any Ethernet type will be matched."
REFERENCE
"RFC 1700, Assigned Numbers."
DEFVAL { '0000'H }
::= { caqMacAceEntry 9 }
caqMacAceOrderPosition OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The ordering position of this ACE in the ACL. If this entry
is not in active(1) state, this object has value of 0."
::= { caqMacAceEntry 10 }
caqMacAceBeforePosition OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The object is to control the position of an ACE in the ACL.
Specifies the order position of a new ACE before a ACE which
is already in the ACL. It means that the new ACE will replace
the position of the ACE which the object specifies.
For example, if there are 6 ACEs in an ACL, so the positions
of those 6 ACEs will be 1, 2, 3, 4, 5, 6. If the user would
like to add a new ACE and he specifies 4 to be the value of
this object, the old ACEs in positions, 4, 5, 6 will become
5, 6, 7 while the entry containing the new ACE is active.
The removing is similar. Be careful, for example, if the
user would like to move an ACE whose position is 2 to before
the ACE whose position is 5. He put the status of that entry
to in-active and the position order will be 1, 2, 3, 4, 5.
The old ACEs in positions 3, 4, 5, 6 becomes 2, 3, 4, 5. So,
the user has to specify the object to 4, because the ACE in
old position 5 has been moved to position 4.
If not specified, the default value 0 will be used. And the
new ACE is appended to the end of the ACL. 0 will be always
returned if the status of this row is active. If the entry
is from active to notInService, this object should has default
value."
DEFVAL { 0 }
::= { caqMacAceEntry 11 }
caqMacAceStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of this MAC ACE conceptual row entry. This object
is used to manage creation, deletion and modification of rows
in this table.
An entry may not exist in the active state unless all objects
in the entry have an appropriate value. Especially, it cannot
be in active state unless the caqMacAceMatchedAction object in
the entry point to an active entry (i.e its RowStatus object is
active(1)) in the caqQosActionSelectTable or
caqSecurityActionTable. Once a row becomes active, value in any
other column within such row cannot be modified.
If this row is the only ACE in an ACL and the value of its
caqMacAclName object matches the value of caqClassifierAclName
object in any active entry of the caqClassifierTable, removing
this entry will also remove the associated entry in the
caqClassifierTable."
::= { caqMacAceEntry 12 }
caqMacAceMatchCriteria OBJECT-TYPE
SYNTAX BITS {
matchCos(0),
matchVlan(1)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates which field in the packet header to be matched.
matchCos(0) means that the packet Cos value
will be matched against the value specified by
caqMacAceCos object in the same row.
matchVlan(1) means that the packet VLAN value
will be matched against the value specified by
caqMacAceVlan object in the same row."
DEFVAL { { } }
::= { caqMacAceEntry 13 }
caqMacAceCos OBJECT-TYPE
SYNTAX QosLayer2Cos
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the packet Cos value to be matched.
The value of this object is ignored whenever the
matchCos(0) bit of caqMacAceMatchCriteria object
is not on."
::= { caqMacAceEntry 14 }
caqMacAceVlan OBJECT-TYPE
SYNTAX VlanIndex
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the packet VLAN number to be matched.
The value of this object is ignored whenever the
matchVlan(1) bit of caqMacAceMatchCriteria object
is not on."
::= { caqMacAceEntry 15 }
--
-- Flow policing capability
--
caqFlowPolicingCpb OBJECT-TYPE
SYNTAX BITS {
microFlow(0),
aggregate(1)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the flow policing capability of the device.
microFlow(0) indicates that microflow can be policed.
aggregate(1) indicates that aggregate flow can be policed."
::= { caqAclObjects 5 }
--
-- caqQosActionSelectTable
--
caqQosActionSelectTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqQosActionSelectEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table describes the actions of ACEs. Once an ACE is
matched, it follows its MatchedAction object to an entry of this
table to get an action for the matching ACE.
An action includes policer information as well as an DSCP
associated with trust state information of the matching ACE."
::= { caqAclObjects 6 }
caqQosActionSelectEntry OBJECT-TYPE
SYNTAX CaqQosActionSelectEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry of an ACE action. It links to the entries of
caqFlowPolicerTable with caqQosActionSelectMicroflow,
caqQosActionSelectAggregate objects."
INDEX { caqQosActionSelectIndex }
::= { caqQosActionSelectTable 1 }
CaqQosActionSelectEntry ::= SEQUENCE {
caqQosActionSelectIndex Unsigned32,
caqQosActionSelectTrust INTEGER,
caqQosActionSelectDscp Dscp,
caqQosActionSelectMicroflow CaqPolicerNameOrEmpty,
caqQosActionSelectAggregate CaqPolicerNameOrEmpty,
caqQosActionSelectStatus RowStatus
}
caqQosActionSelectIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of this table for indicating an ACE Action for QoS."
::= { caqQosActionSelectEntry 1 }
caqQosActionSelectTrust OBJECT-TYPE
SYNTAX INTEGER { noTrust(1), trustCos(2),
trustIpPrec(3), trustDscp(4) }
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Determines if the packets matching the ACE should be trusted
or if a specific DSCP should be assigned to it.
If trustCos(2) is specified, the final DSCP value should refer
to caqCosToDscpDscp object in caqCosToDscpTable to transfer
layer 2 CoS value to DSCP value.
If trustIpPrec(3) is specified, the final DSCP value should
refer to caqIpPrecToDscpDscp object in caqIpPrecToDscpTable
to transfer IP Precedence value to DSCP value.
If trustDscp(4) is specified, the final DSCP value is the one
which packets carry.
If noTrust(1) is specified, the final DSCP value will have the
value of caqQosActionSelectDscp object. That is, if an instance
of this object is noTrust(1), the caqQosActionSelectStatus
object can not become 'active(1)' until a value has been
assigned to the corresponding instance of
caqQosActionSelectDscp."
::= { caqQosActionSelectEntry 2 }
caqQosActionSelectDscp OBJECT-TYPE
SYNTAX Dscp
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is only instantiated when the
caqQosActionSelectTrust object in the same entry has been set
to noTrust(1)."
::= { caqQosActionSelectEntry 4 }
caqQosActionSelectMicroflow OBJECT-TYPE
SYNTAX CaqPolicerNameOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates a policer name. The value of this object either
matches the value of caqFlowPolicerName object of an active
entry in caqFlowPolicerTable or has an empty string value. The
ACE uses this object to link to a policer flow entry. If there
is no microflow policer defined for the ACE pointed to this
entry, this object should be an empty string. If the
microflow(0) bit of caqFlowPolicingCpb object is turned off,
this object should also be an empty string. Otherwise it should
match the value of caqFlowPolicerName of an entry in the
caqFlowPolicerTable which has its RowStatus value to be
active(1) and the type of the policer should be microflow(1)."
::= { caqQosActionSelectEntry 5 }
caqQosActionSelectAggregate OBJECT-TYPE
SYNTAX CaqPolicerNameOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates a policer name. The value of this object either
matches the value of caqFlowPolicerName object of an active
entry in caqFlowPolicerTable or has an empty string value.
The ACE uses this object to link to a policer flow entry.
If there is no aggregate policer defined for the ACE pointed
to this entry, this object should be an empty string. If the
aggregate(1) bit of caqFlowPolicingCpb object is turned off,
this object should also be an an empty string. Otherwise
it should match the value of caqFlowPolicerName of an entry in
the caqFlowPolicerTable which has its RowStatus value to be
active(1) and the type of the policer should be aggregate(2)."
::= { caqQosActionSelectEntry 6 }
caqQosActionSelectStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of this Qos Action Select conceptual row entry. This
object is used to manage creation, deletion and modification of
rows in this table.
An entry may not exist in the active state unless all objects
in the entry have an appropriate value. Once a row becomes
active, value in any other column within such row cannot be
modified.
If this row is pointed to by an active entry in the ACL tables,
this object cannot be changed from active(1) to any other
value."
::= { caqQosActionSelectEntry 7 }
caqFlowPolicerExcessRateSupport OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates whether the device supports excess rate
configuration."
::= { caqAclObjects 7 }
--
-- Flow Policing Table
--
caqFlowPolicerTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqFlowPolicerEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table defines the flow policing rules. A flow policing
rule comprises a rate, burst size and drop-or-mark indication."
::= { caqAclObjects 8 }
caqFlowPolicerEntry OBJECT-TYPE
SYNTAX CaqFlowPolicerEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The attributes defining a flow policing rule."
INDEX { IMPLIED caqFlowPolicerName }
::= { caqFlowPolicerTable 1 }
CaqFlowPolicerEntry ::= SEQUENCE {
caqFlowPolicerName CaqPolicerName,
caqFlowPolicerType INTEGER,
caqFlowPolicerNormalRateRequest Integer32,
caqFlowPolicerNormalRateGrant Integer32,
caqFlowPolicerNormalRateAction INTEGER,
caqFlowPolicerExcessRateRequest Integer32,
caqFlowPolicerExcessRateGrant Integer32,
caqFlowPolicerExcessRateAction INTEGER,
caqFlowPolicerBurstSizeRequest Integer32,
caqFlowPolicerBurstSizeGrant Integer32,
caqFlowPolicerStatus RowStatus,
caqFlowPolicerExcessBurstRequest Unsigned32,
caqFlowPolicerExcessBurstGrant Unsigned32
}
caqFlowPolicerName OBJECT-TYPE
SYNTAX CaqPolicerName
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The name of a policer. This name has to be unique to identify
a microflow or an aggregate policer in the device."
::= { caqFlowPolicerEntry 1 }
caqFlowPolicerType OBJECT-TYPE
SYNTAX INTEGER {
microflow(1),
aggregate(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The type of this policer."
::= { caqFlowPolicerEntry 2 }
caqFlowPolicerNormalRateRequest OBJECT-TYPE
SYNTAX Integer32 (0 | 32..8000000)
UNITS "kbps"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The requested average rate of the flow. The base unit of this
object is 1 kilo-bits per second. 0 may be specified for a
rate which causes all packets to be out-of-profile.
Out-of-profile indicates that a packet causes the committed
access rate of the packet's flow to be exceeded. Committed
access rate is the bandwidth that has been committed to a
specific flow or group of flows. The committed rate can be
enforced by policing or by shaping."
::= { caqFlowPolicerEntry 3 }
caqFlowPolicerNormalRateGrant OBJECT-TYPE
SYNTAX Integer32
UNITS "kbps"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The granted average rate of the flow. The base unit of this
object is 1 kilo-bits per second. If the status of this row is
not active, the value of this object will be the same as
caqFlowPolicerNormalRateRequest's value.
If the QoS function is enabled and the policy source is from
local configuration, this MIB object is from the runtime
hardware information. Due to hardware granularity, the
granted value may not be the same as the value specified
by caqFlowPolicerNormalRateRequest object. It will be the
closest value to the requested one that the hardware can
support."
::= { caqFlowPolicerEntry 4 }
caqFlowPolicerNormalRateAction OBJECT-TYPE
SYNTAX INTEGER { drop(1), policedDscp(2) }
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The action for those normal rate out-of-profile packets. The
action is to drop the packets or mark down its DSCP to the
value of caqDscpMappingNRPolicedDscp defined in
caqDscpMappingTable.
If the caqFlowPolicerExcessRateSupport is true(1), this object
cannot be set to drop(1). Setting the value of
caqFlowPolicerExcessRateRequest object equal to the value of
caqFlowPolicerNormalRateRequest object together with setting the
value of caqFlowPolicerExcessRateAction object to drop(1) will
effectively drop the packet at normal rate."
::= { caqFlowPolicerEntry 5 }
caqFlowPolicerExcessRateRequest OBJECT-TYPE
SYNTAX Integer32 (0 | 32..8000000)
UNITS "kbps"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The requested excess rate of the flow. The base unit of this
object is 1 kilo-bits per second. 0 may be specified for a
rate which causes all packets to be out-of-profile.
Out-of-profile indicates that a packet causes the committed
access rate of the packet's flow to be exceeded. Committed
access rate is the bandwidth that has been committed to a
specific flow or group of flows. The committed rate can be
enforced by policing or by shaping.
If the caqFlowPolicerExcessRateSupport is false(2), this object
cannot be instantiated."
::= { caqFlowPolicerEntry 6 }
caqFlowPolicerExcessRateGrant OBJECT-TYPE
SYNTAX Integer32
UNITS "kbps"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The granted excess rate of the flow. The base unit of this
object is 1 kilo-bits per second. If the status of this row is
not active, the value of this object will be the same as
caqFlowPolicerExcessRateRequest's value.
If the QoS function is enabled and the policy source is from
local configuration, this MIB object is from the runtime
hardware information. Due to hardware granularity, the
granted value may not be the same as the value specified
by caqFlowPolicerExcessRateRequest object. It will be the
closest value to the requested one that the hardware can
support.
If the caqFlowPolicerExcessRateSupport is false(2), this object
cannot be instantiated."
::= { caqFlowPolicerEntry 7 }
caqFlowPolicerExcessRateAction OBJECT-TYPE
SYNTAX INTEGER { drop(1), policedDscp(2) }
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The action for those excess rate out-of-profile packets. The
action is to drop the packets or mark down its DSCP value to
value of caqDscpMappingERPolicedDscp defined in
caqDscpMappingTable.
If the caqFlowPolicerExcessRateSupport is false(2), this object
cannot be instantiated."
::= { caqFlowPolicerEntry 8 }
caqFlowPolicerBurstSizeRequest OBJECT-TYPE
SYNTAX Integer32 (1..32000)
UNITS "kilo-bits"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The requested burst rate of the flow. The base unit of this
object is 1 kilo-bits."
::= { caqFlowPolicerEntry 9 }
caqFlowPolicerBurstSizeGrant OBJECT-TYPE
SYNTAX Integer32
UNITS "kilo-bits"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The granted burst rate of the flow. The base unit of this
object is 1 kilo-bits. If the status of this row is not
active, the value of this object will be the same as
caqFlowPolicerBurstSizeRequest's value.
If the QoS function is enabled and the policy source is from
local configuration, this MIB object is from the runtime
hardware information. Due to hardware granularity, the
granted value may not be the same as the value specified
by caqFlowPolicerBurstSizeRequest object. It will be the
closest value to the requested one that the hardware can
support."
::= { caqFlowPolicerEntry 10 }
caqFlowPolicerStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of this flow policer conceptual row entry. This
object is used to manage creation, deletion and modification of
rows in this table.
An entry may not exist in the active state unless all objects
in the entry have an appropriate value. Once a row becomes
active, value in any other column within such row cannot be
modified.
If this row is pointed to by an active entry in the
caqQosActionSelectTable, this object cannot be changed from
active(1) to any other value."
::= { caqFlowPolicerEntry 11 }
caqFlowPolicerExcessBurstRequest OBJECT-TYPE
SYNTAX Unsigned32 (1..32000)
UNITS "kilo-bits"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The requested excess burst size of the flow.
If the caqFlowPolicerExcessBurstSupport is false(2), this
object cannot be instantiated."
::= { caqFlowPolicerEntry 12 }
caqFlowPolicerExcessBurstGrant OBJECT-TYPE
SYNTAX Unsigned32 (1..32000)
UNITS "kilo-bits"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The granted excess burst size of the flow. If the status of
this row is not active, the value of this object will be the
same as caqFlowPolicerExcessBurstRequest's value.
If the QoS function is enabled and the policy source is from
local configuration, this MIB object is from the runtime
hardware information. Due to hardware granularity, the
granted value may not be the same as the value specified
by caqFlowPolicerExcessBurstRequest object. It will be the
closest value to the requested one that the hardware can
support.
If the caqFlowPolicerExcessBurstSupport is false(2), this
object cannot be instantiated."
::= { caqFlowPolicerEntry 13 }
--
-- caqSecurityActionTable
--
caqSecurityActionTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqSecurityActionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table describes the actions of Security ACEs. Once an ACE
is matched and it can go through an entry of this table to find
the Security action."
::= { caqAclObjects 9 }
caqSecurityActionEntry OBJECT-TYPE
SYNTAX CaqSecurityActionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry of a Security ACE action. It provides the action for
for the traffic matching Security ACEs."
INDEX { caqSecurityActionIndex }
::= { caqSecurityActionTable 1 }
CaqSecurityActionEntry ::= SEQUENCE {
caqSecurityActionIndex Unsigned32,
caqSecurityAction INTEGER,
caqSecurityRedirectPortList OCTET STRING,
caqSecurityCapture TruthValue,
caqSecurityActionStatus RowStatus,
caqSecurityAdjIndex Unsigned32,
caqSecurityArpMacAddress MacAddress,
caqSecurityRedirect2kPortList OCTET STRING,
caqSecurityDownloadedAceFeature INTEGER
}
caqSecurityActionIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of this table for indicating a Security ACE action
entry."
::= { caqSecurityActionEntry 1 }
caqSecurityAction OBJECT-TYPE
SYNTAX INTEGER {
permit(1),
deny(2),
redirect(3),
redirectWithAdj(4),
denyWithLog(5),
denyArpInspection(6),
denyArpInspWithLog(7),
permitArpInspection(8),
include(9)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Determines the action that the device will take if the traffic
matches the ACE.
If permit(1) is specified, the matched traffic will be allowed
through the device.
If deny(2) is specified, the matched traffic will be blocked and
dropped.
If redirect(3) is specified, the matched traffic will be
redirected to physical port(s) which should be configured
in the caqSecurityRedirectPortList object. Redirect means
taking packet coming in and putting it out of port(s)
as is.
If redirectWithAdj(4) is specified, the matched traffic will
be redirected to the VLAN configured in the adjacency entry
denoted by caqSecurityAdjIndex.
If denyWithLog(5) is specified, the matched traffic will be
blocked, dropped and logged.
If denyArpInspection(6) is specified, the matched ARP traffic
will be blocked and dropped.
If denyArpInspWithLog(7) is specified, the matched ARP traffic
will be blocked, dropped and logged.
If permitArpInspection(8) is specified, the matched ARP
traffic will be allowed through the device.
if include(9) is specified, the matched trafic will be
regulated according to the downloaded ACE type denoted
by caqSecurityDownloadedAceFeature object."
::= { caqSecurityActionEntry 2 }
caqSecurityRedirectPortList OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(0..128))
MAX-ACCESS read-create
STATUS deprecated
DESCRIPTION
"Indicates the set of physical port(s) that matched
traffic is redirected to. Each octet within the value of
this object specifies a set of eight ports, with the first
octet specifying ports 1 through 8, the second octet
specifying ports 9 through 16, etc. Within each octet, the
most significant bit represents the lowest numbered port,
and the least significant bit represents the highest numbered
port. Thus, each port is represented by a single bit within
the value of this object. If that bit has a value of '1' then
that port is included in the set of redirect ports; the port
is not included if its bit has a value of '0'. The value of
this object is ignored whenever the value of caqSecurityAction
object in the same row is not redirect(3)."
::= { caqSecurityActionEntry 3 }
caqSecurityCapture OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates whether the matched traffic is to be captured.
Capture means the packet is not only switched normally but also
a copy of the switched packet is transmitted on the capture
port(s). Traffic which is dropped cannot be captured; only
traffic that is forwarded to its appropriate destination, can
also be forwarded to a capture port. Redirected traffic
cannot be captured.
Packets are only output on a capture port if they are on
a VLAN which is carried on that port. To capture traffic
from many vlans, the capture port(s) should be a trunk
carrying the required vlans.
The capturing destination port(s) should be configured in
caqSecurityAclCaptureIfTable."
DEFVAL { false }
::= { caqSecurityActionEntry 4 }
caqSecurityActionStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of this Security ACE action conceptual row entry.
This object is used to manage creation, deletion and
modification of rows in this table.
An entry may not exist in the active state unless all objects
in the entry have appropriate value. If the value of
caqSecurityAction object in the same row is redirectWithAdj(4),
user must use the value of the index object of an active entry
in caqAdjacencyTable to configure the caqSecurityAdjIndex
object. Once a row becomes active, value in any other column
within such row cannot be modified.
If this row is pointed to by an active entry in the ACL tables,
this object cannot be changed from active(1) to any other
value."
::= { caqSecurityActionEntry 5 }
caqSecurityAdjIndex OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the index of an active adjacency entry in
caqAdjacencyTable. The value of this object is ignored whenever
the value of caqSecurityAction object in the same row is not
redirectWithAdj(4)."
DEFVAL { 0 }
::= { caqSecurityActionEntry 6 }
caqSecurityArpMacAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the 48 bits Mac address used in ARP packet.
The value of this object is ignored whenever the value of
caqSecurityAction object in the same row is not one of
the following values denyArpInspection(6), denyArpInspWithLog(7)
and permitArpInspection(8)."
DEFVAL { 'FFFFFFFFFFFF'H }
::= { caqSecurityActionEntry 7 }
caqSecurityRedirect2kPortList OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..256))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the set of physical port(s) that matched
traffic is redirected to. Each octet within the value of
this object specifies a set of eight ports, with the first
octet specifying ports 1 through 8, the second octet
specifying ports 9 through 16, etc. Within each octet, the
most significant bit represents the lowest numbered port,
and the least significant bit represents the highest numbered
port. Thus, each port is represented by a single bit within
the value of this object. If that bit has a value of '1' then
that port is included in the set of redirect ports; the port
is not included if its bit has a value of '0'. The value of
this object is ignored whenever the value of caqSecurityAction
object in the same row is not redirect(3). This object can
accommodate up to 2048 ports.
A port number is the value of dot1dBasePort for the port in
the BRIDGE-MIB (RFC 1493)."
::= { caqSecurityActionEntry 8 }
caqSecurityDownloadedAceFeature OBJECT-TYPE
SYNTAX INTEGER {
notApplicable(1),
dot1x(2),
macAuth(3),
webAuth(4),
eou(5),
ipPhone(6)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the feature type of the downloaded ACE.
'notApplicable' indicates that this security action
entry is not applied to any downloaded ACE.
'dot1x' indicates that this security action entry is
applied to downloaded ACE for 802.1x feature.
'macAuth' indicates that this security action entry is
applied to downloaded ACE for Mac Authentication
Bypass feature.
'webAuth' indicates that this security action entry is
applied to downloaded ACE for Web-Proxy Authentication
feature.
'eou' indicates that this security action entry is
applied to downloaded ACE for Extensible Authentication
Protocol over UDP (EOU) feature.
'ipPhone' indicates that this security action entry is
applied to downloaded ACE for IP Phone feature.
The value of this object is 'notApplicable' whenever the
value of caqSecurityAction object in the same row is not
'include'. When an entry of this table is created with
'include' value specified for caqSecurityAction, 'notApplicable'
cannot be used for this object value."
DEFVAL { notApplicable }
::= { caqSecurityActionEntry 9 }
--
-- caqSecurityAclCaptureIfTable
--
caqSecurityAclCaptureIfTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqSecurityAclCaptureIfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains all the physical ports which are capable
of being capture interfaces on which captured packets are
output."
::= { caqAclObjects 10 }
caqSecurityAclCaptureIfEntry OBJECT-TYPE
SYNTAX CaqSecurityAclCaptureIfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of this table is the ifIndex value of a
physical port which is capable of being a capture interface
on which captured packets are output."
INDEX { ifIndex }
::= { caqSecurityAclCaptureIfTable 1 }
CaqSecurityAclCaptureIfEntry ::= SEQUENCE {
caqSecurityAclCaptureEnable TruthValue
}
caqSecurityAclCaptureEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An interface can be a destination of captured traffic which
matched any Security ACL.
This object is to specify whether to enable or disable this
interface as a destination of captured traffic."
DEFVAL { false }
::= { caqSecurityAclCaptureIfEntry 1 }
--
-- Excess Burst Capability Object
--
caqFlowPolicerExcessBurstSupport OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates whether the device supports excess burst
size configuration."
::= { caqAclObjects 11 }
--
-- Security Acl Feature Rate Limit objects
--
caqSecurityRateLimitFeatures OBJECT-TYPE
SYNTAX BITS {
arpInspection(0),
dot1xDHCP(1),
dhcpSnooping(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the features which implement rate limit
on their traffic flows using the rate limit value
denoted by caqSecurityAclRateLimit object. This
rate limit value is shared among all features denoted
by this object."
::= { caqAclObjects 12 }
caqSecurityAclRateLimit OBJECT-TYPE
SYNTAX Unsigned32
UNITS "packet per second"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the maximum rate of all traffic flows
subjected to rate limiting imposed by all features
denoted by caqSecurityRateLimitFeatures object."
::= { caqAclObjects 13 }
--
-- The caqQosDefaultAction table
--
caqQosDefaultActionTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqQosDefaultActionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains the QoS default action taken by the
device for traffic which is not matched by a specific
QoS ACE."
::= { caqAclObjects 14 }
caqQosDefaultActionEntry OBJECT-TYPE
SYNTAX CaqQosDefaultActionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The entries in this table are corresponding to the type of
traffic as well as its direction and contain the default
DSCP value, trust state and policers information. The number
of entry in this table depends on what type of traffic
supported by the device."
INDEX { caqQosTrafficDirection, caqQosTrafficType }
::= { caqQosDefaultActionTable 1 }
CaqQosDefaultActionEntry ::= SEQUENCE {
caqQosTrafficDirection CaqDirection,
caqQosTrafficType INTEGER,
caqQosDefaultTrustState INTEGER,
caqQosDefaultDscp Dscp,
caqQosDefaultMicroflow CaqPolicerNameOrEmpty,
caqQosDefaultAggregate CaqPolicerNameOrEmpty
}
caqQosTrafficDirection OBJECT-TYPE
SYNTAX CaqDirection
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates whether this row's parameters are to
be applied for ingress or for egress traffic."
::= { caqQosDefaultActionEntry 1 }
caqQosTrafficType OBJECT-TYPE
SYNTAX INTEGER {
mac(1),
ip(2),
ipx(3)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates whether this row's parameters are to
be applied for Ethernet, IP or IPX traffic."
::= { caqQosDefaultActionEntry 2 }
caqQosDefaultTrustState OBJECT-TYPE
SYNTAX INTEGER {
noTrust(1),
trustCos(2),
trustIpPrec(3),
trustDscp(4)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the default assigned trust state.
If trustCos(2) is specified, the default DSCP value of an
unmatched packet should refer to caqCosToDscpDscp
object in caqCosToDscpTable to transfer layer 2 CoS value to
DSCP value.
If trustIpPrec(3) is specified, the default DSCP value of an
unmatched packet should refer to caqIpPrecToDscpDscp
object in caqIpPrecToDscpTable to transfer IP Precedence value
to DSCP value.
If trustDscp(4) is specified, the default DSCP value of an
unmatched packet is the one which packets carry.
If noTrust(1) is specified, the default DSCP value of an
unmatched packet will have the value of caqQosDefaultDscp
object."
::= { caqQosDefaultActionEntry 3 }
caqQosDefaultDscp OBJECT-TYPE
SYNTAX Dscp
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object is only instantiated when the
caqQosDefaultTrust object in the same entry has been set
to noTrust(1)."
::= { caqQosDefaultActionEntry 4 }
caqQosDefaultMicroflow OBJECT-TYPE
SYNTAX CaqPolicerNameOrEmpty
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates a microflow policer name. The value of
this object either matches the value of caqFlowPolicerName
object of an active entry in caqFlowPolicerTable or has an
empty string value.
If there is no default microflow policer defined for unmatched
traffic, this object should be an empty string. If the
microflow(0) bit of caqFlowPolicingCpb object is turned off,
this object should also be an empty string. Otherwise it should
match the value of caqFlowPolicerName of an entry in the
caqFlowPolicerTable which has its RowStatus value to be
active(1) and the type of the policer should be microflow(1)."
::= { caqQosDefaultActionEntry 5 }
caqQosDefaultAggregate OBJECT-TYPE
SYNTAX CaqPolicerNameOrEmpty
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates an aggregate policer name. The value of this object
either matches the value of caqFlowPolicerName object of an
active entry in caqFlowPolicerTable or has an empty string
value. If there is no default aggregate policer defined for
unmatched traffic, this object should be an empty string. If
the aggregate(1) bit of caqFlowPolicingCpb object is turned
off, this object should also be an an empty string. Otherwise
it should match the value of caqFlowPolicerName of an entry in
the caqFlowPolicerTable which has its RowStatus value to be
active(1) and the type of the policer should be aggregate(2)."
::= { caqQosDefaultActionEntry 6 }
--
-- Acl Feature support
--
caqAclFeatureCpb OBJECT-TYPE
SYNTAX BITS { vlanAclHitCount(0), portAclHitCount (1) }
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the set of features that the device supports
related to ACLs configured in the device.
vlanAclHitCount(0) indicates that the device supports
ACL hit count feature for ACLs attached to VLAN interfaces.
portAclHitCount(1) indicates that the device supports
ACL hit count feature for ACLs attached to physical
interfaces."
::= { caqAclObjects 15 }
--
-- The caqQosStatsObjects
--
caqL3PacketsDropByPolicer OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of Layer 3 packets dropped due to
policing."
::= { caqQosStatsObjects 1 }
caqTosChangedIpPackets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of IP packets have the Tos value
changed."
::= { caqQosStatsObjects 2 }
caqCosChangedIpPackets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of IP packets have the Cos value
changed."
::= { caqQosStatsObjects 3 }
caqCosChangedNonIpPackets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of non IP packets have the Cos
value changed."
::= { caqQosStatsObjects 4 }
--
-- The Port Statistics Table
--
caqPortStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqPortStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table containing QoS statistics counters per physical
interface."
::= { caqQosStatsObjects 5 }
caqPortStatsEntry OBJECT-TYPE
SYNTAX CaqPortStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry contains QoS statistics maintained by the switching
engine."
INDEX { ifIndex,
caqPortStatsDirection,
caqPortStatsQueueNumber,
caqPortStatsThresholdNumber }
::= { caqPortStatsTable 1 }
CaqPortStatsEntry ::= SEQUENCE {
caqPortStatsDirection CaqDirection,
caqPortStatsQueueNumber CaqQueueNumber,
caqPortStatsThresholdNumber CaqThresholdNumber,
caqPortStatsDropPkts Counter64,
caqPortStatsDropPktsAveRate Gauge32,
caqPortStatsDropPktsPeakRate Gauge32
}
caqPortStatsDirection OBJECT-TYPE
SYNTAX CaqDirection
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates traffic direction of an physical interface."
::= { caqPortStatsEntry 1 }
caqPortStatsQueueNumber OBJECT-TYPE
SYNTAX CaqQueueNumber
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the queue number of the interface for which
statistics are collected. For example : if the port type of
this interface is 1P2Q2T, this object can be 1, 2, 3."
::= { caqPortStatsEntry 2 }
caqPortStatsThresholdNumber OBJECT-TYPE
SYNTAX CaqThresholdNumber
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the threshold number of a queue on the interface for
which statistics are collected. For example : if the port type
of this interface is 1P2Q2T, this object can be 1, 2."
::= { caqPortStatsEntry 3 }
caqPortStatsDropPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets have been received then dropped from the
interface because they exceeded the threshold value configured
at this queue and threshold of this interface."
::= { caqPortStatsEntry 4 }
caqPortStatsDropPktsAveRate OBJECT-TYPE
SYNTAX Gauge32
UNITS "packets per second"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The five minute linearly-decayed moving average of packets
have been received then dropped from the interface because
they exceeded the threshold value configured at this queue
and threshold of this interface."
::= { caqPortStatsEntry 5 }
caqPortStatsDropPktsPeakRate OBJECT-TYPE
SYNTAX Gauge32
UNITS "packets per second"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The peak rate of packets have been received then dropped from
the interface because they exceeded the threshold value
configured at this queue and threshold of this interface over
the past five minutes."
::= { caqPortStatsEntry 6 }
--
-- The Flow specific Statistics Table
--
caqFlowStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqFlowStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table containing QoS statistics counter per flow."
::= { caqQosStatsObjects 6 }
caqFlowStatsEntry OBJECT-TYPE
SYNTAX CaqFlowStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry contains the number of out of profile packet
per flow maintained by the switching engine."
AUGMENTS { cseFlowDataEntry }
::= { caqFlowStatsTable 1 }
CaqFlowStatsEntry ::= SEQUENCE {
caqFlowStatsOutOfProfilePackets Counter64
}
caqFlowStatsOutOfProfilePackets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of out-of-profile packets in
this flow."
::= { caqFlowStatsEntry 1 }
--
-- The Aggregate Policer Statistics Table
--
caqAggPolicerStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqAggPolicerStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table containing QoS statistics counter per aggregate
policer."
::= { caqQosStatsObjects 7 }
caqAggPolicerStatsEntry OBJECT-TYPE
SYNTAX CaqAggPolicerStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry contains the number of packet policed and the
number of out of profile packets per aggregate policer."
INDEX { IMPLIED caqAggPolicerName }
::= { caqAggPolicerStatsTable 1 }
CaqAggPolicerStatsEntry ::= SEQUENCE {
caqAggPolicerName CaqPolicerName,
caqAggPolicerPackets Counter64,
caqAggPolicerNRExceedPackets Counter64,
caqAggPolicerERExceedPackets Counter64,
caqAggPolicerOctets Counter64,
caqAggPolicerNRExceedOctets Counter64,
caqAggPolicerERExceedOctets Counter64,
caqAggPolicerOctetsRate CounterBasedGauge64,
caqAggPolicerNRExceedOctetsRate CounterBasedGauge64,
caqAggPolicerERExceedOctetsRate CounterBasedGauge64,
caqAggPolicerOctetsPeakRate CounterBasedGauge64,
caqAggPolicerPacketsRate CounterBasedGauge64,
caqAggPolicerNRExceedPacketsRate CounterBasedGauge64,
caqAggPolicerERExceedPacketsRate CounterBasedGauge64,
caqAggPolicerPacketsPeakRate CounterBasedGauge64
}
caqAggPolicerName OBJECT-TYPE
SYNTAX CaqPolicerName
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The name of a policer. This name has to be unique to identify
an aggregate policer in the device."
::= { caqAggPolicerStatsEntry 1 }
caqAggPolicerPackets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of packets is policed by this aggregate
policer. This object is only instantiated if such info is
available in the device."
::= { caqAggPolicerStatsEntry 2 }
caqAggPolicerNRExceedPackets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of packets exceeded the normal rate of
this aggregate policer. This object in only instantiated if
such info is available in the device."
::= { caqAggPolicerStatsEntry 3 }
caqAggPolicerERExceedPackets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of packets exceeded the excess rate of
this policer. This object is only instantiated if such info
is available in the device and if excess rate is supported
by the device as indicated by caqFlowPolicerExcessRateSupport
object."
::= { caqAggPolicerStatsEntry 4 }
caqAggPolicerOctets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of octets is policed by this aggregate
policer. This object is only instantiated if such info is
available in the device."
::= { caqAggPolicerStatsEntry 5 }
caqAggPolicerNRExceedOctets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of octets exceeded the normal rate of
this aggregate policer. This object is only instantiated if
such info is available in the device."
::= { caqAggPolicerStatsEntry 6 }
caqAggPolicerERExceedOctets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of octets exceeded the excess rate of
this policer. This object is only instantiated if such info
is available in the device and if excess rate is supported
by the device as indicated by caqFlowPolicerExcessRateSupport
object."
::= { caqAggPolicerStatsEntry 7 }
caqAggPolicerOctetsRate OBJECT-TYPE
SYNTAX CounterBasedGauge64
UNITS "kbps"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates five minute linearly-decayed moving average of
octets policed by this aggregate policer.
This object is only instantiated if such info is available in
the device."
::= { caqAggPolicerStatsEntry 8 }
caqAggPolicerNRExceedOctetsRate OBJECT-TYPE
SYNTAX CounterBasedGauge64
UNITS "kbps"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates five minute linearly-decayed moving average of
octets exceeded the normal rate of this aggregate policer.
This object is only instantiated if such info is available in
the device."
::= { caqAggPolicerStatsEntry 9 }
caqAggPolicerERExceedOctetsRate OBJECT-TYPE
SYNTAX CounterBasedGauge64
UNITS "kbps"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates five minute linearly-decayed moving average of
octets exceeded the excess rate of this policer. This object
is only instantiated if such info is available in the device
and if excess rate is supported by the device as indicated by
caqFlowPolicerExcessRateSupport object."
::= { caqAggPolicerStatsEntry 10 }
caqAggPolicerOctetsPeakRate OBJECT-TYPE
SYNTAX CounterBasedGauge64
UNITS "kbps"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates peak rate of octets is policed by this aggregate
policer over the past five minute. This object is only
instantiated if such info is available in the device."
::= { caqAggPolicerStatsEntry 11 }
caqAggPolicerPacketsRate OBJECT-TYPE
SYNTAX CounterBasedGauge64
UNITS "packets per second"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates five minute linearly-decayed moving average of
packets policed by this aggregate policer.
This object is only instantiated if such info is available in
the device."
::= { caqAggPolicerStatsEntry 12 }
caqAggPolicerNRExceedPacketsRate OBJECT-TYPE
SYNTAX CounterBasedGauge64
UNITS "packets per second"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates five minute linearly-decayed moving average of
packets exceeded the normal rate of this aggregate policer.
This object is only instantiated if such info is available in
the device."
::= { caqAggPolicerStatsEntry 13 }
caqAggPolicerERExceedPacketsRate OBJECT-TYPE
SYNTAX CounterBasedGauge64
UNITS "packets per second"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates five minute linearly-decayed moving average of
packets exceeded the excess rate of this policer. This object
is only instantiated if such info is available in the device
and if excess rate is supported by the device as indicated by
caqFlowPolicerExcessRateSupport object."
::= { caqAggPolicerStatsEntry 14 }
caqAggPolicerPacketsPeakRate OBJECT-TYPE
SYNTAX CounterBasedGauge64
UNITS "packets per second"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates peak rate of packets is policed by this aggregate
policer over the past five minutes. This object is only
instantiated if such info is available in the device."
::= { caqAggPolicerStatsEntry 15 }
caqL3PacketsDropByPolicerAveRate OBJECT-TYPE
SYNTAX CounterBasedGauge64
UNITS "packets per second"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates five minute linearly-decayed moving average of
Layer 3 packets dropped due to policing."
::= { caqQosStatsObjects 8 }
caqL3PacketsDropByPolicerPeakRate OBJECT-TYPE
SYNTAX CounterBasedGauge64
UNITS "packets per second"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the peak rate of Layer 3 packets dropped due to
policing over the past five minutes."
::= { caqQosStatsObjects 9 }
caqTosChangedIpPacketsAveRate OBJECT-TYPE
SYNTAX CounterBasedGauge64
UNITS "packets per second"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates five minute linearly-decayed moving average of
IP packets have the Tos value change."
::= { caqQosStatsObjects 10 }
caqTosChangedIpPacketsPeakRate OBJECT-TYPE
SYNTAX CounterBasedGauge64
UNITS "packets per second"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the peak rate of IP packets have the Tos value
change over the past five minute."
::= { caqQosStatsObjects 11 }
caqCosChangedIpPacketsAveRate OBJECT-TYPE
SYNTAX CounterBasedGauge64
UNITS "packets per second"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates five minute linearly-decayed moving average of
IP packets have the Cos value change."
::= { caqQosStatsObjects 12 }
caqCosChangedIpPacketsPeakRate OBJECT-TYPE
SYNTAX CounterBasedGauge64
UNITS "packets per second"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the peak rate of IP packets have the Cos value
change over the past five minutes."
::= { caqQosStatsObjects 13 }
caqCosChangedNonIpPacketsAveRate OBJECT-TYPE
SYNTAX CounterBasedGauge64
UNITS "packets per second"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates five minute linearly-decayed moving average of
non IP packets have the Cos value change."
::= { caqQosStatsObjects 14 }
caqCosChangedNonIpPacketPeakRate OBJECT-TYPE
SYNTAX CounterBasedGauge64
UNITS "packets per second"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the peak rate of non IP packets have the Cos
value change over the past five minutes."
::= { caqQosStatsObjects 15 }
--*********************************************************************
-- Cisco CatOS Acl Qos Extension Group
--*********************************************************************
--
-- caqBridgedPolicerTable
--
caqBridgedPolicerTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqBridgedPolicerEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table provides configuration information for each
(existing) VLAN on whether or not bridged packets are policed
at the microflow level on that VLAN. This configuration is
useful in situations in which there are insufficient resources
to police bridged packets at the microflow level on all VLANs.
This configuration has no effect on aggregate policing."
::= { caqExtObjects 1 }
caqBridgedPolicerEntry OBJECT-TYPE
SYNTAX CaqBridgedPolicerEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A conceptual row in the caqBridgedPolicerTable
to control if bridged packets are policed at microflow
level on a particular VLAN."
INDEX { caqBridgedFlowVlanIndex }
::= { caqBridgedPolicerTable 1 }
CaqBridgedPolicerEntry ::= SEQUENCE {
caqBridgedFlowVlanIndex VlanIndex,
caqBridgedFlowEnabled TruthValue
}
caqBridgedFlowVlanIndex OBJECT-TYPE
SYNTAX VlanIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The VLAN-id of this VLAN."
::= { caqBridgedPolicerEntry 1 }
caqBridgedFlowEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Enable or Disable this function. If this objects is set to
true, the bridged packets will be policed at microflow level.
If it is set to false, bridged packets won't be policed at
microflow level. This value has no effect on aggregate
policing. The default is false."
DEFVAL { false }
::= { caqBridgedPolicerEntry 2 }
--
-- caqCosMacVlanRouterTable
--
caqCosMacVlanRouterTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqCosMacVlanRouterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is used either to assign a Cos value to frames
on a specific VLAN and which have a specific destination MAC
address and/or to indicate if the configured destination MAC
address is of a router. This table is applied only for platform
that supports these features."
::= { caqExtObjects 2 }
caqCosMacVlanRouterEntry OBJECT-TYPE
SYNTAX CaqCosMacVlanRouterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The Cos value to be assigned to frames on a specific VLAN and
which have a specific destination MAC address and/or the
configured destination MAC address is of a router."
INDEX { caqCosMacAddress, caqCosVlanNumber }
::= { caqCosMacVlanRouterTable 1 }
CaqCosMacVlanRouterEntry ::= SEQUENCE {
caqCosMacAddress MacAddress,
caqCosVlanNumber VlanIndex,
caqMacAddressCpb BITS,
caqCosValue QosLayer2Cos,
caqCosMacVlanRouterStatus RowStatus
}
caqCosMacAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the destination MAC address to match against the
flow."
::= { caqCosMacVlanRouterEntry 1 }
caqCosVlanNumber OBJECT-TYPE
SYNTAX VlanIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the VLAN number."
::= { caqCosMacVlanRouterEntry 2 }
caqMacAddressCpb OBJECT-TYPE
SYNTAX BITS {
routerMac(0),
cosVlanMac(1)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the capability of the destination MAC address denoted
by caqCosMacAddress object in the same row.
routerMac(0) means that it is a router Mac address.
cosVlanMac(1) means that a Cos value is assigned to frames
on a specific VLAN and which has this MAC address as its
destination."
::= { caqCosMacVlanRouterEntry 3 }
caqCosValue OBJECT-TYPE
SYNTAX QosLayer2Cos
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the Cos value. This object is only instantiated
if the cosVlanMac bit in caqMacAddressCpb object is turned
on."
::= { caqCosMacVlanRouterEntry 4 }
caqCosMacVlanRouterStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of this conceptual row entry. This object is
used to manage creation, deletion and modification of rows in
this table.
An entry may not exist in the active state unless all objects
in the entry have an appropriate value. Once a row becomes
active, value in any other column within such row cannot be
modified except by setting caqCosMacVlanRouterStatus to
notInService(2) for such row."
::= { caqCosMacVlanRouterEntry 5 }
--*********************************************************************
-- Cisco CatOS Acl Qos PBF Group
--*********************************************************************
caqPbfStatus OBJECT-TYPE
SYNTAX INTEGER {
macAddrOk(1),
macAddrNotSet(2),
msfcPresent(3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the status of policy-based forwarding (PBF) engine.
macAddrOk(1) indicates that the MAC address of the PBF engine
is set successfully and PBF engine is operational.
macAddrNotSet(2) indicates that the MAC address of the PBF
engine is not set and PBF engine is not operational.
msfcPresent(3) indicates that there is a Multiplayer Switch
Feature Card (MSFC) present in the device thus the PBF engine
is not operational."
::= { caqPbfObjects 1 }
caqPbfMacAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the PBF engine MAC address. When the value of
caqPbfStatus is msfcPresent(3), this object cannot be configured
and its previously configured value is ignored."
::= { caqPbfObjects 2 }
--
-- The Adjacency Table.
--
caqAdjacencyTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqAdjacencyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains a list of adjacencies to use in
policy-based forwarding (PBF). PBF is a feature that
makes possible forwarding between two different VLANs
without having a router."
::= { caqPbfObjects 3 }
caqAdjacencyEntry OBJECT-TYPE
SYNTAX CaqAdjacencyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry defines an adjacency. Each adjacency consists
of a destination VLAN, source and destination MAC address as
well as adjacency name and MTU configuration."
INDEX { caqAdjIndex }
::= { caqAdjacencyTable 1 }
CaqAdjacencyEntry ::= SEQUENCE {
caqAdjIndex Unsigned32,
caqAdjDstVlanNumber VlanIndex,
caqAdjDstMacAddress MacAddress,
caqAdjSrcMacAddress MacAddress,
caqAdjName CaqAdjacencyName,
caqAdjMtu Unsigned32,
caqAdjHitCount Counter64,
caqAdjStatus RowStatus
}
caqAdjIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the index of this adjacency."
::= { caqAdjacencyEntry 1 }
caqAdjDstVlanNumber OBJECT-TYPE
SYNTAX VlanIndex
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the destination VLAN number of this adjacency."
::= { caqAdjacencyEntry 2 }
caqAdjDstMacAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the adjacency destination MAC address."
::= { caqAdjacencyEntry 3 }
caqAdjSrcMacAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the adjacency source MAC address. If this object
is not configured, it will contain the MAC address of the
PBF engine which is denoted by caqPbfMacAddress object."
::= { caqAdjacencyEntry 4 }
caqAdjName OBJECT-TYPE
SYNTAX CaqAdjacencyName
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the adjacency name. The adjacency name should be
unique among all entries in this table."
::= { caqAdjacencyEntry 5 }
caqAdjMtu OBJECT-TYPE
SYNTAX Unsigned32 (576..18190)
UNITS "bytes"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the adjacency MTU."
DEFVAL { 9216 }
::= { caqAdjacencyEntry 6 }
caqAdjHitCount OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of packets that have matched this
adjacency's criteria. The value of this object is cleared when
this row is derefenced by entries in caqSecurityActionTable."
::= { caqAdjacencyEntry 7 }
caqAdjStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the status of this adjacency conceptual entry.
This object is used to manage creation, deletion and
modification of rows in this table.
An entry may not exist in the active state unless all objects
in the entry have an appropriate value. Once a row becomes
active, value in any other column within such row cannot be
modified.
This object cannot be changed from active(1) to any other value
if the following two conditions are met:
- There is an active entry in caqSecurityActionTable with
caqSecurityAdjIndex equal to caqAdjIndex.
- That entry has caqSecurityAction set to redirectWithAdj(4)."
::= { caqAdjacencyEntry 8 }
--*********************************************************************
-- Cisco CatOS Acl Security Logging Group
--*********************************************************************
caqAclLogMaxFlow OBJECT-TYPE
SYNTAX Unsigned32 (256..2048)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the maximum number of traffic flow will be logged
by the device."
::= { caqLoggingObjects 1 }
caqAclSecurityLoggingRateLimit OBJECT-TYPE
SYNTAX Unsigned32 (500..5000)
UNITS "packet per second"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the redirect rate of traffic flow subjected
to security ACL logging."
::= { caqLoggingObjects 2 }
caqAclRouterAclRateLimit OBJECT-TYPE
SYNTAX Unsigned32 (1..1000)
UNITS "packet per second"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the redirect rate of traffic flow subjected
to router ACL logging."
::= { caqLoggingObjects 3 }
--
-- caqIpFlowLoggingTable
--
caqIpFlowLoggingTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqIpFlowLoggingEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains a list of IP flows that describes the
IP traffic denied and logged by the device."
::= { caqLoggingObjects 4 }
caqIpFlowLoggingEntry OBJECT-TYPE
SYNTAX CaqIpFlowLoggingEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry describes an IP flow, consisting of a set of data
such as source and destination address, source and destination
port as well as protocol specific information. To keep the
table from overflow, each entry contains a TTL (Time to Live)
object. An entry will be removed from this table when its TTL
value reaches zero."
INDEX { caqIpFlowLoggingIndex }
::= { caqIpFlowLoggingTable 1 }
CaqIpFlowLoggingEntry ::= SEQUENCE {
caqIpFlowLoggingIndex Unsigned32,
caqIpFlowVlan VlanIndex,
caqIpFlowIfIndex InterfaceIndex,
caqIpFlowProtocolType Unsigned32,
caqIpFlowAddrType InetAddressType,
caqIpFlowSrcIp InetAddress,
caqIpFlowSrcPort Integer32,
caqIpFlowDestIp InetAddress,
caqIpFlowDestPort Integer32,
caqIpFlowIcmpType Integer32,
caqIpFlowIcmpCode Integer32,
caqIpFlowIgmpType Integer32,
caqIpFlowArpOpcode INTEGER,
caqIpFlowArpSrcMacAddr MacAddress,
caqIpFlowArpHeaderSrcMacAddr MacAddress,
caqIpFlowPacketsCount Counter32,
caqIpFlowLoggingTTL Unsigned32,
caqIpFlowArpLoggingSource INTEGER,
caqIpFlowArpAclName SnmpAdminString,
caqIpFlowArpAceNumber Unsigned32
}
caqIpFlowLoggingIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of this table for indicating a logged IP flow."
::= { caqIpFlowLoggingEntry 1 }
caqIpFlowVlan OBJECT-TYPE
SYNTAX VlanIndex
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the VLAN number which this logged IP flow belongs."
::= { caqIpFlowLoggingEntry 2 }
caqIpFlowIfIndex OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the ifIndex of the interface where this logged
IP flow arrived."
::= { caqIpFlowLoggingEntry 3 }
caqIpFlowProtocolType OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The protocol number field in the IP header of this logged
IP flow as specified in RFC 1700."
REFERENCE
"RFC 1700, Assigned Numbers."
::= { caqIpFlowLoggingEntry 4 }
caqIpFlowAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the address type for addresses specified in
caqIpFlowSrcIp and caqIpFlowDestIp of this logged IP
flow."
::= { caqIpFlowLoggingEntry 5 }
caqIpFlowSrcIp OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the source address of this logged IP flow."
::= { caqIpFlowLoggingEntry 6 }
caqIpFlowSrcPort OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the source port number of this logged IP flow
when its protocol field is TCP or UDP. The value of this
object is -1 if the flow is not UDP or TCP traffic."
::= { caqIpFlowLoggingEntry 7 }
caqIpFlowDestIp OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the destination address of this logged IP flow."
::= { caqIpFlowLoggingEntry 8 }
caqIpFlowDestPort OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the destination port number of this logged IP flow
when its protocol field is TCP or UDP. The value of this
object is -1 if the flow is not UDP or TCP traffic."
::= { caqIpFlowLoggingEntry 9 }
caqIpFlowIcmpType OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..255)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the message type of ICMP packets. The value of this
object is -1 if the flow is not ICMP traffic."
::= { caqIpFlowLoggingEntry 10 }
caqIpFlowIcmpCode OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..255)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the message code of ICMP packets. The value of this
object is -1 if the flow is not ICMP traffic."
::= { caqIpFlowLoggingEntry 11 }
caqIpFlowIgmpType OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..15)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the message type of IGMP packets. The value of this
object is -1 if the flow is not IGMP traffic."
::= { caqIpFlowLoggingEntry 12 }
caqIpFlowArpOpcode OBJECT-TYPE
SYNTAX INTEGER {
notApplicable(1),
request(2),
reply(3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the ARP opcode value of this ARP flow.
If the value of this object is notApplicable(1), this flow
is not ARP traffic.
If the value of this object is request(2), this flow
is ARP request traffic.
If the value of this object is reply(3), this flow
is ARP reply traffic."
::= { caqIpFlowLoggingEntry 13 }
caqIpFlowArpSrcMacAddr OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the Ethernet Source Address value of this ARP
flow. This object is ignored if the flow is not ARP
traffic."
::= { caqIpFlowLoggingEntry 14 }
caqIpFlowArpHeaderSrcMacAddr OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the Ethernet Source Address value included in the
ARP header of this ARP flow. This object is ignored if the
flow is not ARP traffic."
::= { caqIpFlowLoggingEntry 15 }
caqIpFlowPacketsCount OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of packets that belong to this IP flow."
::= { caqIpFlowLoggingEntry 16 }
caqIpFlowLoggingTTL OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the TTL (Time to Live) of this entry. The entry
is removed when its value of this object reaches 0."
::= { caqIpFlowLoggingEntry 17 }
caqIpFlowArpLoggingSource OBJECT-TYPE
SYNTAX INTEGER {
notApplicable(1),
dai(2),
acl(3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the source that triggered the logging of this
ARP flow. This object value is 'notApplicable' if the
flow is not ARP traffic.
'dai' indicates the logging source is Dynamic Arp Inspection
feature.
'acl' indicates the logging source is a configured security
access control list (ACL)."
::= { caqIpFlowLoggingEntry 18 }
caqIpFlowArpAclName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the security ACL name which triggered the
logging of this ARP flow. This object is ignored if
the value of caqIpFlowArpLoggingSource object in the
same row is not 'acl'."
::= { caqIpFlowLoggingEntry 19 }
caqIpFlowArpAceNumber OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the ACE number within the ACL denoted by
caqIpFlowArpAclName object which triggered the logging
of this ARP flow. This object is ignored if the value of
caqIpFlowArpLoggingSource object in the same row is not 'acl'."
::= { caqIpFlowLoggingEntry 20 }
--*********************************************************************
--*********************************************************************
-- Cisco CatOS Acl ARP Inspection Group
--*********************************************************************
caqAclArpInspMatchMac OBJECT-TYPE
SYNTAX INTEGER {
disable(1),
enable(2),
drop(3),
dropAndLog(4)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates whether for ARP packets MAC address matching of
ethernet header and the source MAC address specified in ARP
header is enabled. It also indicates the action taken when
the addresses do not match.
If this object value is disable(1), the device will not check
for matching of source MAC address in ethernet header with the
sender MAC address in ARP header for ARP packets.
If this object value is enable(2), the device will check
for matching of source MAC address in ethernet header with the
sender MAC address in ARP header for ARP packets. A syslog
message is generated if the MAC addresses check fails.
If this object value is drop(3), the device will check for
MAC addresses matching and ARP packets whose MAC addresses
do not match will be dropped.
If this object value is dropAndLog(4), the device will check
for MAC addresses matching and ARP packets whose MAC addresses
do not match will be dropped and logged into
caqIpFlowLoggingTable."
::= { caqArpInspObjects 2 }
caqAclArpInspAddrValidation OBJECT-TYPE
SYNTAX INTEGER {
disable(1),
enable(2),
drop(3),
dropAndLog(4)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates whether for ARP packets checking for valid source MAC
and source IP address specified in ARP header is enabled. It
also indicates the action taken when the addresses are not
valid.
If this object value is disable(1), the device will not check
for valid MAC and IP address for ARP packets.
If this object value is enable(2), the device will check
for valid MAC and IP address for ARP packets. A syslog
message is generated if the addresses check fails.
If this object value is drop(3), the device will check for
valid MAC and IP addresses. ARP packets whose have illegal MAC
and IP addresses will be dropped.
If this object value is dropAndLog(4), the device will check
for valid MAC and IP addresses. ARP packets whose have invalid
MAC and IP addresses will be dropped and logged into
caqIpFlowLoggingTable."
::= { caqArpInspObjects 3 }
caqArpInspGlobalForwardedPkts OBJECT-TYPE
SYNTAX Counter64
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the total number of packets subjected to
ARP Inspection is forwarded."
::= { caqArpInspObjects 4 }
caqArpInspGlobalDroppedPkts OBJECT-TYPE
SYNTAX Counter64
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the total number of packets subjected to
ARP Inspection is dropped."
::= { caqArpInspObjects 5 }
caqRARPForwardedPkts OBJECT-TYPE
SYNTAX Counter64
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the total number of packets subjected to
Reverse ARP (RARP) Inspection is forwarded."
::= { caqArpInspObjects 6 }
caqMatchedMacFailedPkts OBJECT-TYPE
SYNTAX Counter64
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the total number of packets subjected to
ARP Inspection whose MAC address specified in the ethernet
header and the source MAC address specified in ARP
header does not match."
::= { caqArpInspObjects 7 }
caqAddrValidationFailedPkts OBJECT-TYPE
SYNTAX Counter64
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the total number of ARP packets that have
invalid source MAC address or invalid source IP address
specified in the ARP header."
::= { caqArpInspObjects 8 }
caqArpInspIpDroppedPkts OBJECT-TYPE
SYNTAX Counter64
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the total number of IP packets dropped by
ARP Inspection because of invalid IP address."
::= { caqArpInspObjects 9 }
--
--
-- The Arp Inspection Statistics Table
--
caqArpInspStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqArpInspStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table containing ARP Inspection statistics counter per ACL."
::= { caqArpInspObjects 10 }
caqArpInspStatsEntry OBJECT-TYPE
SYNTAX CaqArpInspStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry contains the numbers of packet permitted or denied
per ACL."
INDEX { IMPLIED caqArpInspAclName }
::= { caqArpInspStatsTable 1 }
CaqArpInspStatsEntry ::= SEQUENCE {
caqArpInspAclName CaqAclName,
caqArpInspForwardedPackets Counter64,
caqArpInspDroppedPackets Counter64
}
caqArpInspAclName OBJECT-TYPE
SYNTAX CaqAclName
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The name of an ACL that contains ACE used for ARP Inspection."
::= { caqArpInspStatsEntry 1 }
caqArpInspForwardedPackets OBJECT-TYPE
SYNTAX Counter64
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of packets subjected to ARP Inspection
is forwarded by this ACL."
::= { caqArpInspStatsEntry 2 }
caqArpInspDroppedPackets OBJECT-TYPE
SYNTAX Counter64
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of packets subjected to ARP Inspection
is dropped by this ACL."
::= { caqArpInspStatsEntry 3 }
--
-- caqIfArpInspConfigTable
--
caqIfArpInspConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqIfArpInspConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains the configuration of several threshold
values related to ARP Inspection at each physical interface."
::= { caqArpInspObjects 11 }
caqIfArpInspConfigEntry OBJECT-TYPE
SYNTAX CaqIfArpInspConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry contains the configuration for drop threshold
and shutdown threshold for ARP Inspection at each physical
interface that supports this feature. Some of the
interfaces (but not limited to) for which this feature
might be applicable are: ifType = ethernetCsmacd(6)."
INDEX { ifIndex }
::= { caqIfArpInspConfigTable 1 }
CaqIfArpInspConfigEntry ::= SEQUENCE {
caqIfArpInspDropThreshold Unsigned32,
caqIfArpInspShutdownThreshold Unsigned32
}
caqIfArpInspDropThreshold OBJECT-TYPE
SYNTAX Unsigned32 (0..5000)
UNITS "packet per second"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the drop threshold value where excess packets of
a traffic flow subjected to ARP Inspection will be dropped
if its rate is greater than this threshold value. If the value
of this object is 0, no rate limit is applied for dropping
ARP traffic at this interface."
::= { caqIfArpInspConfigEntry 1 }
caqIfArpInspShutdownThreshold OBJECT-TYPE
SYNTAX Unsigned32 (0..5000)
UNITS "packet per second"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the threshold value where the interface will be
shutdown if traffic rate subjected to ARP Inspection is greater
than this threshold value. If the value of this object is 0,
no ARP traffic rate limit is applied for shutting down the
interface."
::= { caqIfArpInspConfigEntry 2 }
--
-- caqAclHitCountObjects group
--
caqAclHitCountVlansLow OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..256))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A string of octets containing one bit per VLAN for
VLANs with VlanIndex value of 0 to 2047. The first
octet corresponds to VLANs with VlanIndex values
of 0 through 7; the second octet to VLANs 8 through
15; etc. The most significant bit of each octet
corresponds to the lowest value VlanIndex in that octet.
For each VLAN, if ACL hit count feature is enabled then
the bit corresponding to that VLAN is set to '1'.
Note that if the length of this string is less than
256 octets, any 'missing' octets are assumed to contain
the value zero. A NMS may omit any zero-valued octets
from the end of this string in order to reduce SetPDU size,
and the agent may also omit zero-valued trailing octets,
to reduce the size of GetResponse PDUs.
This object is only instantiated when the vlanAclHitCount(0)
bit is set to '1' in the caqAclFeatureCpb object."
::= { caqAclHitCountObjects 1 }
caqAclHitCountVlansHigh OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..256))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A string of octets containing one bit per VLAN for
VLANs with VlanIndex value of 2048 to 4095. The first
octet corresponds to VLANs with VlanIndex values
of 2048 through 2055; the second octet to VLANs 2056
through 2063; etc. The most significant bit of each
octet corresponds to the lowest value VlanIndex in that
octet.
For each VLAN, if ACL hit count feature is enabled then
the bit corresponding to that VLAN is set to '1'.
Note that if the length of this string is less than
256 octets, any 'missing' octets are assumed to contain
the value zero. A NMS may omit any zero-valued octets
from the end of this string in order to reduce SetPDU size,
and the agent may also omit zero-valued trailing octets,
to reduce the size of GetResponse PDUs.
This object is only instantiated when the vlanAclHitCount(0)
bit is set to '1' in the caqAclFeatureCpb object."
::= { caqAclHitCountObjects 2 }
caqAclHitCountPortList OBJECT-TYPE
SYNTAX CiscoPortList
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the set of physical port(s), in bridge port
number, where ACL hit count feature is enabled.
For each port, if ACL hit count feature is enabled then
the bit corresponding to that port is set to '1'.
This object is only instantiated when the portAclHitCount(1)
bit is set to '1' in the caqAclFeatureCpb object."
::= { caqAclHitCountObjects 3 }
--
-- The caqAclHitCountTable
--
caqAclHitCountTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqAclHitCountEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table provides the hit count configuration on
ACLs which support this feature."
::= { caqAclHitCountObjects 4 }
caqAclHitCountEntry OBJECT-TYPE
SYNTAX CaqAclHitCountEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry indicates whether the hit count feature is enabled
on a particular ACL as well as its statistic collection mode."
INDEX { caqAclHitCountAclType,
IMPLIED caqAclHitCountAclName }
::= { caqAclHitCountTable 1 }
CaqAclHitCountEntry ::= SEQUENCE {
caqAclHitCountAclType CaqHitCountAclType,
caqAclHitCountAclName CaqAclName,
caqAclHitCountEnable TruthValue
}
caqAclHitCountAclType OBJECT-TYPE
SYNTAX CaqHitCountAclType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the type of ACL.
ipSecurity(1) indicates that this ACL is an IP Security ACL.
ipxSecurity(2) indicates that this ACL is an IPX Security ACL.
macSecurity(3) indicates that this ACL is a MAC Security ACL."
::= { caqAclHitCountEntry 1 }
caqAclHitCountAclName OBJECT-TYPE
SYNTAX CaqAclName
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the ACL name which should exist in the ACL tables
e.g. in caqIpAceTable. This ACL must be matching the type
specified in caqAclHitCountAclType in the same row."
::= { caqAclHitCountEntry 2 }
caqAclHitCountEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates whether this ACL hit count is enabled."
::= { caqAclHitCountEntry 3 }
--
-- The caqAceHitCountTable
--
caqAceHitCountTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqAceHitCountEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table provides the hit count configuration on
ACEs which support this feature."
::= { caqAclHitCountObjects 5 }
caqAceHitCountEntry OBJECT-TYPE
SYNTAX CaqAceHitCountEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry indicates whether the hit count feature is enabled
on a particular ACE as well as its hit count statistic."
INDEX { caqAceHitCountAclType,
caqAceHitCountAclName,
caqAceHitCountAceIndex }
::= { caqAceHitCountTable 1 }
CaqAceHitCountEntry ::= SEQUENCE {
caqAceHitCountAclType CaqHitCountAclType,
caqAceHitCountAclName CaqAclName,
caqAceHitCountAceIndex Unsigned32,
caqAceHitCountEnable TruthValue,
caqAceIngressHitCount Counter64,
caqAceEgressHitCount Counter64
}
caqAceHitCountAclType OBJECT-TYPE
SYNTAX CaqHitCountAclType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the type of ACL.
ipSecurity(1) indicates that this ACL is an IP Security ACL.
ipxSecurity(2) indicates that this ACL is an IPX Security ACL.
macSecurity(3) indicates that this ACL is a MAC Security ACL."
::= { caqAceHitCountEntry 1 }
caqAceHitCountAclName OBJECT-TYPE
SYNTAX CaqAclName
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the ACL name which should exist in the ACL tables
e.g. in caqIpAceTable. This ACL must be matching the type
specified in caqAceHitCountAclType in the same row."
::= { caqAceHitCountEntry 2 }
caqAceHitCountAceIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of an ACE within an ACL."
::= { caqAceHitCountEntry 3 }
caqAceHitCountEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates whether this ACE hit count is enabled."
::= { caqAceHitCountEntry 4 }
caqAceIngressHitCount OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates number of hit count for this ACE for
ingress traffic."
::= { caqAceHitCountEntry 5 }
caqAceEgressHitCount OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates number of hit count for this ACE for
egress traffic."
::= { caqAceHitCountEntry 6 }
--
-- The caqAclIfHitCountTable
--
caqIfAclHitCountTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqIfAclHitCountEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table provides the ACL hit count statistics at
an interface. An interface can be a physical port if
the bit portAclHitCount(1) is set in the object
caqAclFeatureCpb or a VLAN if the bit vlanAclHitCount(0)
is set in the object caqAclFeatureCpb."
::= { caqAclHitCountObjects 6 }
caqIfAclHitCountEntry OBJECT-TYPE
SYNTAX CaqIfAclHitCountEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry indicates the number of hit count at each
ACE belonged to an ACL which supports hit count collection
at an interface where the ACL is attached."
INDEX { ifIndex,
caqIfAclHitCountAclType,
caqIfAclHitCountAclName,
caqIfAclHitCountAceIndex }
::= { caqIfAclHitCountTable 1 }
CaqIfAclHitCountEntry ::= SEQUENCE {
caqIfAclHitCountAclType CaqHitCountAclType,
caqIfAclHitCountAclName CaqAclName,
caqIfAclHitCountAceIndex Unsigned32,
caqIfAclIngressHitCount Counter64,
caqIfAclEgressHitCount Counter64
}
caqIfAclHitCountAclType OBJECT-TYPE
SYNTAX CaqHitCountAclType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the type of ACL.
ipSecurity(1) indicates that this ACL is an IP Security ACL.
ipxSecurity(2) indicates that this ACL is an IPX Security ACL.
macSecurity(3) indicates that this ACL is a MAC Security ACL."
::= { caqIfAclHitCountEntry 1 }
caqIfAclHitCountAclName OBJECT-TYPE
SYNTAX CaqAclName
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the ACL name which should exist in the ACL tables
e.g. in caqIpAceTable. This ACL must be matching the type
specified in caqIfAclHitCountAclType in the same row."
::= { caqIfAclHitCountEntry 2 }
caqIfAclHitCountAceIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of an ACE within an ACL."
::= { caqIfAclHitCountEntry 3 }
caqIfAclIngressHitCount OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of hit count of this ACE for
ingress traffic on this interface."
::= { caqIfAclHitCountEntry 4 }
caqIfAclEgressHitCount OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of hit count of this ACE for
egress traffic on this interface."
::= { caqIfAclHitCountEntry 5 }
--
-- The caqDownloadAclInfoTable
--
caqDownloadAclInfoTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqDownloadAclInfoEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table provides the management information for
downloaded ACLs."
::= { caqDownloadAclObjects 1 }
caqDownloadAclInfoEntry OBJECT-TYPE
SYNTAX CaqDownloadAclInfoEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry is populated for each downloaded ACL in
the device."
INDEX { IMPLIED caqDownloadAclName }
::= { caqDownloadAclInfoTable 1 }
CaqDownloadAclInfoEntry ::= SEQUENCE {
caqDownloadAclName SnmpAdminString,
caqDownloadAclUserCount Unsigned32,
caqDownloadAclDownloadTime DateAndTime
}
caqDownloadAclName OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE (1..255))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object indicates the name of a downloaded ACL."
::= { caqDownloadAclInfoEntry 1 }
caqDownloadAclUserCount OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the number of users (i.e.,
authenticated hosts) who are using this downloaded ACL."
::= { caqDownloadAclInfoEntry 2 }
caqDownloadAclDownloadTime OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the time when this ACL is downloaded
to the device."
::= { caqDownloadAclInfoEntry 3 }
--
-- caqIpDownloadAceTable
--
caqIpDownloadAceTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqIpDownloadAceEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains a list of downloaded IP ACEs for
security purpose. Each ACE consists of a filter specification
and behavior associated with it which describes what action
to carry out on packets which match.
An ACL is defined as the set of ACEs. Each ACE is named by
a combination of an AclName and an ACE index, such that all
the ACEs which are named using the same AclName are part of
the same ACL."
::= { caqDownloadAclObjects 2 }
caqIpDownloadAceEntry OBJECT-TYPE
SYNTAX CaqIpDownloadAceEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry defines an ACE, consisting of a set of match
criteria. For a packet to match an entry, it has to match
all the criteria specified in that entry."
INDEX { caqIpDownloadAclName, caqIpDownloadAceIndex }
::= { caqIpDownloadAceTable 1 }
CaqIpDownloadAceEntry ::= SEQUENCE {
caqIpDownloadAclName SnmpAdminString,
caqIpDownloadAceIndex Unsigned32,
caqIpDownloadAceMatchedAction INTEGER,
caqIpDownloadAceProtocolType CiscoIpProtocol,
caqIpDownloadAceAddrType InetAddressType,
caqIpDownloadAceSrcIp InetAddress,
caqIpDownloadAceSrcIpMask InetAddress,
caqIpDownloadAceSrcPortOp INTEGER,
caqIpDownloadAceSrcPort InetPortNumber,
caqIpDownloadAceSrcPortRange InetPortNumber,
caqIpDownloadAceDestIp InetAddress,
caqIpDownloadAceDestIpMask InetAddress,
caqIpDownloadAceDestPortOp INTEGER,
caqIpDownloadAceDestPort InetPortNumber,
caqIpDownloadAceDestPortRange InetPortNumber,
caqIpDownloadAceTosMatchCriteria INTEGER,
caqIpDownloadAceIpPrec CaqIpPrecedence,
caqIpDownloadAceDscp Dscp,
caqIpDnldAcePrtocolMatchCriteria INTEGER,
caqIpDownloadAceIcmpType Unsigned32,
caqIpDownloadAceIcmpCode Unsigned32
}
caqIpDownloadAclName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The name of a downloaded IP ACL."
::= { caqIpDownloadAceEntry 1 }
caqIpDownloadAceIndex OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of an ACE within a downloaded ACL."
::= { caqIpDownloadAceEntry 2 }
caqIpDownloadAceMatchedAction OBJECT-TYPE
SYNTAX INTEGER {
permit(1),
deny(2),
denyAndLog(3),
permitAndCapture(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the action to be taken if a packet matches this ACE.
If 'permit' is specified, the matched packet will be allowed
through the device.
If 'deny' is specified, the matched packet will be blocked and
dropped.
If 'denyAndLog' is specified, the matched packet will be
blocked, dropped and logged.
If 'permitAndCapture' is specified, the matched packet will be
allowed, and a copy of it will be forwarded to capture port(s)."
::= { caqIpDownloadAceEntry 3 }
caqIpDownloadAceProtocolType OBJECT-TYPE
SYNTAX CiscoIpProtocol
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The protocol number field in the IP header used to indicate
the higher layer protocol as specified in RFC 1700. A value
value of 0 matches every IP packet.
For example :
0 is IP, 1 is ICMP, 2 is IGMP, 4 is IP in IP encapsulation,
6 is TCP, 9 is IGRP, 17 is UDP, 47 is GRE, 50 is ESP, 51 is AH,
88 is IGRP, 89 is OSPF, 94 is KA9Q/NOS compatible IP over IP,
103 is PIMv2, 108 is PCP."
REFERENCE
"RFC 1700, Assigned Numbers."
::= { caqIpDownloadAceEntry 4 }
caqIpDownloadAceAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of IP address used by this ACE entry."
::= { caqIpDownloadAceEntry 5 }
caqIpDownloadAceSrcIp OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The specified source IP address. The packet's source address
is AND-ed with the value of caqIpDownloadAceSrcIpMask and then
compared against the value of this object. If this object value
is 0.0.0.0, and the value of caqIpDownloadAceSrcIpMask object
in the same entry is 255.255.255.255, this entry matches any
source IP address."
::= { caqIpDownloadAceEntry 6 }
caqIpDownloadAceSrcIpMask OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The specified source IP address mask."
::= { caqIpDownloadAceEntry 7 }
caqIpDownloadAceSrcPortOp OBJECT-TYPE
SYNTAX INTEGER { noOperator(1), lt(2), gt(3),
eq(4), neq(5), range(6) }
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates how a packet's source TCP/UDP port number is
to be compared.
'noOperator', which is the default value, means that no
comparison is to be made with the source TCP/UDP port number.
'lt' means less than, 'gt' means greater than, 'eq'
means equal, 'neq' means not equal. Those 4 operators
are using the caqIpDownloadAceSrcPort object as an operand
which is the only one needed.
'range' means that it compares the port value between two
numbers, so this operator needs 2 operands. One operand is
the starting port number of the range which is
caqIpDownloadAceSrcPort object, and the other operand is the
ending port number of the range which the
caqIpDownloadAceSrcPortRange object is in."
::= { caqIpDownloadAceEntry 8 }
caqIpDownloadAceSrcPort OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The source port number of the TCP or UDP protocol. If the
caqIpDownloadAceSrcPortOp object in the same row is 'range',
this object will be the starting port number of the port
range."
::= { caqIpDownloadAceEntry 9 }
caqIpDownloadAceSrcPortRange OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The source port number of the TCP or UDP protocol. If the
caqIpDownloadAceSrcPortOp object in the same row is 'range',
this object will be the ending port number of the port range,
otherwise the value of this object is ignored."
::= { caqIpDownloadAceEntry 10 }
caqIpDownloadAceDestIp OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The specified destination IP address. The packet's destination
address is AND-ed with the value of caqIpDownloadAceDestIpMask
and then compared against the value of this object. If this
object value is 0.0.0.0 and the value of
caqIpDownloadAceDestIpMask object in the same entry is
255.255.255.255, this entry matches any destination IP
address."
::= { caqIpDownloadAceEntry 11 }
caqIpDownloadAceDestIpMask OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The specified destination IP address mask."
::= { caqIpDownloadAceEntry 12 }
caqIpDownloadAceDestPortOp OBJECT-TYPE
SYNTAX INTEGER { noOperator(1), lt(2), gt(3),
eq(4), neq(5), range(6) }
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates how a packet's destination TCP/UDP port number is
to be compared.
'noOperator', which is the default value, means that no
comparison is to be made with the destination TCP/UDP port
number.
'lt' means less than.
'gt' means greater than.
'eq' means equal.
'neq' means not equal. Those 4 operators are using the
caqIpDownloadAceDestPort object as an operand which is the
only one needed.
'range' means that it compares the port value between two
numbers, so this operator needs 2 operands. One operand is the
starting port number of the range which is
caqIpDownloadAceDestPort object, and the other operand is the
ending port number of the range which the
caqIpDownloadAceDestPortRange object is in."
::= { caqIpDownloadAceEntry 13 }
caqIpDownloadAceDestPort OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The destination port number of the TCP or UDP protocol.
If the caqIpDownloadAceDestPortOp object in the same row is
'range' this object will be the starting port number of the
port range."
::= { caqIpDownloadAceEntry 14 }
caqIpDownloadAceDestPortRange OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The destination port number of the TCP or UDP protocol.
If the caqIpDownloadAceDestPortOp object in the same row is
'range', this object will be the ending port number of the
port range, otherwise this object value is ignored."
::= { caqIpDownloadAceEntry 15 }
caqIpDownloadAceTosMatchCriteria OBJECT-TYPE
SYNTAX INTEGER {
none(1),
matchDscp(2),
matchIpPrec(3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates what field of Tos octet in the packet header
to be matched.
'none' means that there is no need to match the ToS octet.
'matchDscp' means that the DSCP value of packet header need
to be matched. If this value is specified, the
caqIpDownloadAceDscp object in the same row should have
valid value.
'matchIpPrec' means that the IpPrecedence value of packet
header need to be matched. If this value is specifed, the
caqIpDownloadAceIpPrec object in the same row should have
a valid value."
::= { caqIpDownloadAceEntry 16 }
caqIpDownloadAceIpPrec OBJECT-TYPE
SYNTAX CaqIpPrecedence
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the IP precedence value to be matched against.
The value of this object is ignored whenever the value of
caqIpDownloadAceTosMatchCritial object is not 'matchIpPrec'."
::= { caqIpDownloadAceEntry 17 }
caqIpDownloadAceDscp OBJECT-TYPE
SYNTAX Dscp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the Dscp value to be matched against.
Packets can be matched to DSCP value from 0 to 63.
The value of this object is ignored whenever the value of
caqIpDownloadAceTosMatchCritial object is not 'matchDscp'."
::= { caqIpDownloadAceEntry 18 }
caqIpDnldAcePrtocolMatchCriteria OBJECT-TYPE
SYNTAX INTEGER {
none(1),
matchIcmpType(2),
matchIcmpTypeAndCode(3),
matchEstablished(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates what field in the packet header for ICMP or IGMP
or TCP protocol to be matched.
'none' means no comparison is to be done for ICMP/TCP.
'matchIcmpType' means that the Type field of ICMP protocol
packet header needs to be matched. If this value is specified,
the caqIpDownloadAceIcmpType object in the same row should
have a valid value.
'matchIcmpTypeAndCode' means that both the Type and Code
fields of ICMP protocol packet header need to be matched.
If this value is specified, the caqIpDownloadAceIcmpType and
caqIpDownloadAceIcmpCode object in the same row should have
valid values.
'matchEstablished' means that a match occurs if the TCP packet
has the ACK or RST bits set. The non matching case is that of
the intial TCP packet to form a connection."
::= { caqIpDownloadAceEntry 19 }
caqIpDownloadAceIcmpType OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the message type of ICMP packets. The type is
a number from 0 to 255.
The value of this object is ignored whenever the value of
caqIpDnldAcePrtocolMatchCriteria object is not 'matchIcmpType'
or 'matchIcmpTypeAndCode'."
::= { caqIpDownloadAceEntry 20 }
caqIpDownloadAceIcmpCode OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the message code of ICMP packets. The code is
a number from 0 to 255.
The value of this object is ignored whenever the value of
caqIpDnldAcePrtocolMatchCriteria object is not
'matchIcmpTypeAndCode'."
::= { caqIpDownloadAceEntry 21 }
--
-- The caqIfDownloadAclTable
--
caqIfDownloadAclTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqIfDownloadAclEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table provides the management information for
physical interface where downloaded ACLs are applied."
::= { caqDownloadAclObjects 3 }
caqIfDownloadAclEntry OBJECT-TYPE
SYNTAX CaqIfDownloadAclEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry is populated for each interface that utilies
downloaded ACLs in the device."
INDEX { ifIndex, IMPLIED caqDownloadAclName }
::= { caqIfDownloadAclTable 1 }
CaqIfDownloadAclEntry ::= SEQUENCE {
caqIfDownloadAclFeature INTEGER,
caqIfDownloadAclAddressType InetAddressType,
caqIfDownloadAclHostAddress InetAddress
}
caqIfDownloadAclFeature OBJECT-TYPE
SYNTAX INTEGER {
dot1x(1),
eou(2),
macAuth(3),
webAuth(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the security feature running at this
interface and trigger the download of this ACL.
'dot1x' indicates that the 802.1x feature is running at this
interface and trigger the download of this ACL.
'eou' indicates that the Extensible Authentication Protocol
over UDP (EOU) feature is running at this interface and trigger
the download of this ACL.
'macAuth' indicates that the Mac Authentication Bypass
feature is running at this interface and trigger the download
of this ACL.
'webAuth' indicates that the Web Authentication feature is
running at this interface and trigger the download of this ACL."
::= { caqIfDownloadAclEntry 1 }
caqIfDownloadAclAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the type of IP address of the host."
::= { caqIfDownloadAclEntry 2 }
caqIfDownloadAclHostAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates IP address of the host connected
to this interface. The type of this address is determined
by the value of caqIfDownloadAclAddressType object."
::= { caqIfDownloadAclEntry 3 }
--
-- The caqIfIpPhoneMapTable
--
caqIfIpPhoneMapTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaqIfIpPhoneMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table provides the management information for
the mapping of IP Phone to interface that utilizes
downloaded ACL."
::= { caqDownloadAclObjects 4 }
caqIfIpPhoneMapEntry OBJECT-TYPE
SYNTAX CaqIfIpPhoneMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry is populated for each interface that has
an IP Phone connected to and utilizes downloaded ACL."
INDEX { ifIndex }
::= { caqIfIpPhoneMapTable 1 }
CaqIfIpPhoneMapEntry ::= SEQUENCE {
caqIfIpPhoneAddressType InetAddressType,
caqIfIpPhoneHostAddress InetAddress
}
caqIfIpPhoneAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the type of IP address of the
IP Phone connected to this interface."
::= { caqIfIpPhoneMapEntry 1 }
caqIfIpPhoneHostAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the IP address of the IP Phone.
The type of this address is determined by the value of
the caqIfIpPhoneAddressType object."
::= { caqIfIpPhoneMapEntry 2 }
--
-- Notifications
--
caqMIBNotifications OBJECT IDENTIFIER ::= { ciscoCatOSAclQosMIB 2 }
-- no notifications defined
--
-- Conformance
--
caqMIBConformance OBJECT IDENTIFIER ::= { ciscoCatOSAclQosMIB 3 }
caqMIBCompliances OBJECT IDENTIFIER
::= { caqMIBConformance 1 }
caqMIBGroups OBJECT IDENTIFIER
::= { caqMIBConformance 2 }
-- Compliance
caqMIBCompliance MODULE-COMPLIANCE
STATUS deprecated
DESCRIPTION
"The compliance statement for the CISCO-CATOS-ACL-QOS-MIB."
MODULE
MANDATORY-GROUPS { caqIfConfigGroup,
caqAclCpbGroup,
caqFlowPolicingCpbGroup,
caqQueueAssignmentGroup,
caqQueueGroup }
GROUP caqQosStatsGroup
DESCRIPTION
"This group is mandatory only for the platform
which support QoS statistics information."
GROUP caqQosMappingGroup
DESCRIPTION
"This group is mandatory only for the platform
which support mapping between Cos, IpPrecedence
and DSCP."
GROUP caqIfAclConfigGroup
DESCRIPTION
"This group is mandatory only for the platform
which support ACL configuration."
GROUP caqIpAceGroup
DESCRIPTION
"This group is mandatory only in agents for which the
ipQos bit or ipSecurity bit of caqAclCapabilities is
turned on."
GROUP caqIpxAceGroup
DESCRIPTION
"This group is mandatory only in agents for which the
ipxQos bit or ipxSecurity bit of caqAclCapabilities is
turned on."
GROUP caqMacAceGroup
DESCRIPTION
"This group is mandatory only in agents for which the
macQos bit or macSecurity bit of caqAclCapabilities is
turned on."
GROUP caqPolicingGroup
DESCRIPTION
"This group is mandatory only for the platform
which supports flow policing."
GROUP caqActionGroup
DESCRIPTION
"This group is mandatory only for the platform
which supports flow classification."
GROUP caqSecurityGroup
DESCRIPTION
"This group is mandatory only for the platform
which supports security feature."
GROUP caqQosBridgedFlowPolicerGroup
DESCRIPTION
"This group is mandatory only for the platform
which supports enabling or disabling bridged packets
policing."
GROUP caqQosMacVlanGroup
DESCRIPTION
"This group is mandatory only for the platform
which support flow classification based on MAC address
and VLAN pair."
GROUP caqQosExcessRateGroup
DESCRIPTION
"This group is mandatory in agents for which the value of
caqFlowPolicerExcessRateSupport is 'true'."
OBJECT caqIpAceSrcIp
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4 addresses."
OBJECT caqIpAceSrcIpMask
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4 addresses."
OBJECT caqIpAceDestIp
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4 addresses."
OBJECT caqIpAceDestIpMask
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4 addresses."
::= { caqMIBCompliances 1 }
caqMIBCompliance2 MODULE-COMPLIANCE
STATUS deprecated
DESCRIPTION
"The compliance statement for the CISCO-CATOS-ACL-QOS-MIB."
MODULE
MANDATORY-GROUPS { caqIfConfigGroup,
caqAclCpbGroup,
caqFlowPolicingCpbGroup,
caqQueueAssignmentGroup,
caqQueueGroup }
GROUP caqQosStatsGroup
DESCRIPTION
"This group is mandatory only for the platform
which support QoS statistics information."
GROUP caqQosMappingGroup
DESCRIPTION
"This group is mandatory only for the platform
which support mapping between Cos, IpPrecedence
and DSCP."
GROUP caqIfAclConfigGroup
DESCRIPTION
"This group is mandatory only for the platform
which support ACL configuration."
GROUP caqIpAceGroup
DESCRIPTION
"This group is mandatory only in agents for which the
ipQos bit or ipSecurity bit of caqAclCapabilities is
turned on."
GROUP caqIpxAceGroup
DESCRIPTION
"This group is mandatory only in agents for which the
ipxQos bit or ipxSecurity bit of caqAclCapabilities is
turned on."
GROUP caqMacAceGroup
DESCRIPTION
"This group is mandatory only in agents for which the
macQos bit or macSecurity bit of caqAclCapabilities is
turned on."
GROUP caqPolicingGroup
DESCRIPTION
"This group is mandatory only for the platform
which supports flow policing."
GROUP caqActionGroup
DESCRIPTION
"This group is mandatory only for the platform
which supports flow classification."
GROUP caqSecurityGroup
DESCRIPTION
"This group is mandatory only for the platform
which supports security feature."
GROUP caqQosBridgedFlowPolicerGroup
DESCRIPTION
"This group is mandatory only for the platform
which supports enabling or disabling bridged packets
policing."
GROUP caqQosMacVlanGroup
DESCRIPTION
"This group is mandatory only for the platform
which support flow classification based on MAC address
and VLAN pair."
GROUP caqLoggingGroup
DESCRIPTION
"Implementation of this group is optional."
GROUP caqArpInspGroup
DESCRIPTION
"Implementation of this group is optional."
OBJECT caqIpAceSrcIp
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4 addresses."
OBJECT caqIpAceSrcIpMask
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4 addresses."
OBJECT caqIpAceDestIp
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4 addresses."
OBJECT caqIpAceDestIpMask
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4 addresses."
::= { caqMIBCompliances 2 }
caqMIBCompliance3 MODULE-COMPLIANCE
STATUS deprecated
DESCRIPTION
"The compliance statement for the CISCO-CATOS-ACL-QOS-MIB."
MODULE
MANDATORY-GROUPS { caqIfConfigGroup,
caqAclCpbGroup,
caqFlowPolicingCpbGroup,
caqQueueAssignmentGroup,
caqQueueGroup }
GROUP caqQosStatsGroup
DESCRIPTION
"This group is mandatory only for the platform
which support QoS statistics information."
GROUP caqQosMappingGroup
DESCRIPTION
"This group is mandatory only for the platform
which support mapping between Cos, IpPrecedence
and DSCP."
GROUP caqIfAclConfigGroup
DESCRIPTION
"This group is mandatory only for the platform
which support ACL configuration."
GROUP caqIpAceGroup
DESCRIPTION
"This group is mandatory only in agents for which the
ipQos bit or ipSecurity bit of caqAclCapabilities is
turned on."
GROUP caqIpxAceGroup
DESCRIPTION
"This group is mandatory only in agents for which the
ipxQos bit or ipxSecurity bit of caqAclCapabilities is
turned on."
GROUP caqMacAceGroup
DESCRIPTION
"This group is mandatory only in agents for which the
macQos bit or macSecurity bit of caqAclCapabilities is
turned on."
GROUP caqPolicingGroup
DESCRIPTION
"This group is mandatory only for the platform
which supports flow policing."
GROUP caqActionGroup
DESCRIPTION
"This group is mandatory only for the platform
which supports flow classification."
GROUP caqSecurityGroup2
DESCRIPTION
"This group is mandatory only for the platform
which supports security feature."
GROUP caqQosBridgedFlowPolicerGroup
DESCRIPTION
"This group is mandatory only for the platform
which supports enabling or disabling bridged packets
policing."
GROUP caqQosMacVlanGroup
DESCRIPTION
"This group is mandatory only for the platform
which support flow classification based on MAC address
and VLAN pair."
GROUP caqLoggingGroup
DESCRIPTION
"Implementation of this group is optional."
GROUP caqArpInspGroup
DESCRIPTION
"Implementation of this group is optional."
OBJECT caqIpAceSrcIp
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4 addresses."
OBJECT caqIpAceSrcIpMask
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4 addresses."
OBJECT caqIpAceDestIp
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4 addresses."
OBJECT caqIpAceDestIpMask
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4 addresses."
::= { caqMIBCompliances 3 }
caqMIBCompliance4 MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for the CISCO-CATOS-ACL-QOS-MIB."
MODULE
MANDATORY-GROUPS { caqIfConfigGroup,
caqAclCpbGroup,
caqFlowPolicingCpbGroup,
caqQueueAssignmentGroup,
caqQueueGroup }
GROUP caqQosStatsGroup
DESCRIPTION
"This group is mandatory only for the platform
which support QoS statistics information."
GROUP caqQosMappingGroup
DESCRIPTION
"This group is mandatory only for the platform
which support mapping between Cos, IpPrecedence
and DSCP."
GROUP caqIfAclConfigGroup
DESCRIPTION
"This group is mandatory only for the platform
which support ACL configuration."
GROUP caqIpAceGroup
DESCRIPTION
"This group is mandatory only in agents for which the
ipQos bit or ipSecurity bit of caqAclCapabilities is
turned on."
GROUP caqIpxAceGroup
DESCRIPTION
"This group is mandatory only in agents for which the
ipxQos bit or ipxSecurity bit of caqAclCapabilities is
turned on."
GROUP caqMacAceGroup
DESCRIPTION
"This group is mandatory only in agents for which the
macQos bit or macSecurity bit of caqAclCapabilities is
turned on."
GROUP caqPolicingGroup
DESCRIPTION
"This group is mandatory only for the platform
which supports flow policing."
GROUP caqActionGroup
DESCRIPTION
"This group is mandatory only for the platform
which supports flow classification."
GROUP caqSecurityGroup2
DESCRIPTION
"This group is mandatory only for the platform
which supports security feature."
GROUP caqQosBridgedFlowPolicerGroup
DESCRIPTION
"This group is mandatory only for the platform
which supports enabling or disabling bridged packets
policing."
GROUP caqQosMacVlanGroup
DESCRIPTION
"This group is mandatory only for platform which
supports flow classification based on MAC address
and VLAN pair."
GROUP caqLoggingGroup
DESCRIPTION
"Implementation of this group is optional."
GROUP caqArpInspGroup
DESCRIPTION
"Implementation of this group is optional."
GROUP caqQosStatsGroup2
DESCRIPTION
"This group is mandatory only for platform which
supports QoS statistics information per aggregate
policer."
GROUP caqSecurityPBFGroup
DESCRIPTION
"This group is mandatory only for platform which
supports PBF configuration and statistics
information."
GROUP caqQosExcessBurstGroup
DESCRIPTION
"This group is mandatory only for platform which
supports Qos information on excess burst size."
GROUP caqIfTrustDeviceGroup
DESCRIPTION
"This group is mandatory only for platform which
supports trusted device configuration and operational
state."
GROUP caqSecurityRateLimitGroup
DESCRIPTION
"This group is mandatory only for platform which
supports security acl feature rate limit configuration
state."
GROUP caqDscpMutationGroup
DESCRIPTION
"This group is mandatory only for platform which
supports DSCP mutation configuration information."
GROUP caqQosDefaultActionGroup
DESCRIPTION
"This group is mandatory only for platform which
supports default Qos action configuration on the device."
GROUP caqIfAclConfigGroup2
DESCRIPTION
"This group is mandatory only for platform which
supports additional ACL attachment configuration on
the device."
GROUP caqIpEspGroup
DESCRIPTION
"Implementation of this group is optional."
GROUP caqDscpRewriteGroup
DESCRIPTION
"This group is mandatory only for platform which
supports configuration of DSCP rewrite feature on
the device."
GROUP caqAggPolicerOctetStatsGroup
DESCRIPTION
"This group is mandatory only for platform which
supports QoS statistics information per aggregate
policer in unit of octet."
GROUP caqIfSecurityAclConfigGroup
DESCRIPTION
"This group is mandatory only for platform which
supports security ACL information applied at
physical interface on the device."
GROUP caqIpAceExtGroup
DESCRIPTION
"This group is mandatory only for platform which
supports source and destination group information to
configure IP ACL on the device."
GROUP caqAclHitCountGroup
DESCRIPTION
"This group is mandatory only for platform which
supports ACL hit count configuration and statistics
on the device."
GROUP caqMacAceExtGroup
DESCRIPTION
"This group is mandatory only for platform which
supports addtional matching criteria such as the VLAN,
Cos information to configure MAC ACE on the device."
GROUP caqMacPktClassifyVlanGroup
DESCRIPTION
"This group is mandatory only for platform which
supports VLAN configuration for MAC packet classify
feature on the device."
GROUP caqAclFeatureGroup
DESCRIPTION
"This group is mandatory only for platform which
supports device capability related to feature using
ACL configured on the device."
GROUP caqPortAclHitCountGroup
DESCRIPTION
"This group is mandatory only for platform which
supports security ACL information applied at
physical interface on the device."
GROUP caqVlanAclHitCountGroup
DESCRIPTION
"This group is mandatory only for platform which
supports security ACL information applied at
VLAN interface on the device."
OBJECT caqIpAceSrcIp
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4 addresses."
OBJECT caqIpAceSrcIpMask
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4 addresses."
OBJECT caqIpAceDestIp
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4 addresses."
OBJECT caqIpAceDestIpMask
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4 addresses."
::= { caqMIBCompliances 4 }
--
-- Units of Conformance
--
caqIfConfigGroup OBJECT-GROUP
OBJECTS {
caqIfTrustStateConfig,
caqIfCos
}
STATUS current
DESCRIPTION
"A collection of objects providing the Qos configuration
information at each physical interface on the device."
::= { caqMIBGroups 1 }
caqIfAclConfigGroup OBJECT-GROUP
OBJECTS {
caqIfAclBase,
caqClassifierMapStatus
}
STATUS current
DESCRIPTION
"A collection of objects providing the ACL information on
the device."
::= { caqMIBGroups 2 }
caqAclCpbGroup OBJECT-GROUP
OBJECTS {
caqAclCapabilities
}
STATUS current
DESCRIPTION
"A collection of objects providing the ACL information on
the device."
::= { caqMIBGroups 3 }
caqIpAceGroup OBJECT-GROUP
OBJECTS {
caqIpAceMatchedAction,
caqIpAceProtocolType,
caqIpAceAddrType,
caqIpAceSrcIp,
caqIpAceSrcIpMask,
caqIpAceSrcPortOp,
caqIpAceSrcPort,
caqIpAceSrcPortRange,
caqIpAceDestIp,
caqIpAceDestIpMask,
caqIpAceDestPortOp,
caqIpAceDestPort,
caqIpAceDestPortRange,
caqIpAceTosMatchCriteria,
caqIpAceProtocolMatchCriteria,
caqIpAceIpPrec,
caqIpAceDscp,
caqIpAceIcmpType,
caqIpAceIcmpCode,
caqIpAceIgmpType,
caqIpAceOrderPosition,
caqIpAceBeforePosition,
caqIpAceStatus
}
STATUS current
DESCRIPTION
"A collection of objects providing the IP ACE
information."
::= { caqMIBGroups 4 }
caqIpxAceGroup OBJECT-GROUP
OBJECTS {
caqIpxAceMatchedAction,
caqIpxAceSrcNet,
caqIpxAceDestMatchCriteria,
caqIpxAceDestNet,
caqIpxAceProtocolType,
caqIpxAceDestNode,
caqIpxAceDestNetMask,
caqIpxAceDestNodeMask,
caqIpxAceOrderPosition,
caqIpxAceBeforePosition,
caqIpxAceStatus
}
STATUS current
DESCRIPTION
"A collection of objects providing the IPX ACE
information."
::= { caqMIBGroups 5 }
caqMacAceGroup OBJECT-GROUP
OBJECTS {
caqMacAceMatchedAction,
caqMacAceSrcMac,
caqMacAceSrcMacMask,
caqMacAceDestMac,
caqMacAceDestMacMask,
caqMacAceEthertype,
caqMacAceOrderPosition,
caqMacAceBeforePosition,
caqMacAceStatus
}
STATUS current
DESCRIPTION
"A collection of objects providing the MAC ACE
information."
::= { caqMIBGroups 6 }
caqActionGroup OBJECT-GROUP
OBJECTS {
caqQosActionSelectTrust,
caqQosActionSelectDscp,
caqQosActionSelectMicroflow,
caqQosActionSelectAggregate,
caqQosActionSelectStatus
}
STATUS current
DESCRIPTION
"A collection of objects providing the ACE action
information."
::= { caqMIBGroups 7 }
caqPolicingGroup OBJECT-GROUP
OBJECTS {
caqFlowPolicerType,
caqFlowPolicerExcessRateSupport,
caqFlowPolicerNormalRateRequest,
caqFlowPolicerNormalRateGrant,
caqFlowPolicerBurstSizeRequest,
caqFlowPolicerBurstSizeGrant,
caqFlowPolicerNormalRateAction,
caqFlowPolicerStatus
}
STATUS current
DESCRIPTION
"A collection of objects providing the microflow and
aggregate flow configuration."
::= { caqMIBGroups 8 }
caqQosExcessRateGroup OBJECT-GROUP
OBJECTS {
caqFlowPolicerExcessRateRequest,
caqFlowPolicerExcessRateGrant,
caqFlowPolicerExcessRateAction
}
STATUS current
DESCRIPTION
"A collection of objects providing Qos
information on excess rate."
::= { caqMIBGroups 9 }
caqQosMappingGroup OBJECT-GROUP
OBJECTS {
caqCosToDscpDscp,
caqIpPrecToDscpDscp,
caqDscpMappingCos,
caqDscpMappingNRPolicedDscp,
caqDscpMappingERPolicedDscp
}
STATUS current
DESCRIPTION
"A collection of objects providing Qos mapping
information."
::= { caqMIBGroups 10 }
caqQueueAssignmentGroup OBJECT-GROUP
OBJECTS {
caqCosAssignQueueNumber,
caqCosAssignThresholdNumber
}
STATUS current
DESCRIPTION
"A collection of objects providing the queue assignment
information."
::= { caqMIBGroups 11 }
caqQueueGroup OBJECT-GROUP
OBJECTS {
caqQueueThreshDropAlgorithm,
caqQueueThreshDropThreshold,
caqQueueThreshMinWredThreshold,
caqQueueThreshMaxWredThreshold,
caqQueueWrrWeight,
caqQueueBufferSizeRatio
}
STATUS current
DESCRIPTION
"A collection of objects providing the queue
information."
::= { caqMIBGroups 12 }
caqQosBridgedFlowPolicerGroup OBJECT-GROUP
OBJECTS {
caqBridgedFlowEnabled
}
STATUS current
DESCRIPTION
"A collection of objects providing the information on
bridged packet policing."
::= { caqMIBGroups 13 }
caqQosMacVlanGroup OBJECT-GROUP
OBJECTS {
caqMacAddressCpb,
caqCosValue,
caqCosMacVlanRouterStatus
}
STATUS current
DESCRIPTION
"A collection of objects providing the classification
information based on Mac address and vlan."
::= { caqMIBGroups 14 }
caqQosStatsGroup OBJECT-GROUP
OBJECTS {
caqL3PacketsDropByPolicer,
caqTosChangedIpPackets,
caqCosChangedIpPackets,
caqCosChangedNonIpPackets,
caqPortStatsDropPkts,
caqFlowStatsOutOfProfilePackets
}
STATUS current
DESCRIPTION
"A collection of objects providing the QoS statistics
information."
::= { caqMIBGroups 15 }
caqSecurityGroup OBJECT-GROUP
OBJECTS {
caqSecurityAction,
caqSecurityCapture,
caqSecurityRedirectPortList,
caqSecurityActionStatus,
caqSecurityAclCaptureEnable
}
STATUS deprecated
DESCRIPTION
"A collection of objects providing the security information."
::= { caqMIBGroups 16 }
caqFlowPolicingCpbGroup OBJECT-GROUP
OBJECTS {
caqFlowPolicingCpb
}
STATUS current
DESCRIPTION
"A collection of object providing the flow policing capability
information."
::= { caqMIBGroups 17 }
caqQosStatsGroup2 OBJECT-GROUP
OBJECTS {
caqAggPolicerPackets,
caqAggPolicerNRExceedPackets,
caqAggPolicerERExceedPackets
}
STATUS current
DESCRIPTION
"A collection of objects providing the QoS statistics
information per aggregate policer."
::= { caqMIBGroups 18 }
caqSecurityPBFGroup OBJECT-GROUP
OBJECTS {
caqPbfStatus,
caqPbfMacAddress,
caqAdjDstVlanNumber,
caqAdjDstMacAddress,
caqAdjSrcMacAddress,
caqAdjName,
caqAdjMtu,
caqAdjHitCount,
caqAdjStatus,
caqSecurityAdjIndex
}
STATUS current
DESCRIPTION
"A collection of objects providing the PBF configuration
and statistics information."
::= { caqMIBGroups 19 }
caqQosExcessBurstGroup OBJECT-GROUP
OBJECTS {
caqFlowPolicerExcessBurstSupport,
caqFlowPolicerExcessBurstRequest,
caqFlowPolicerExcessBurstGrant
}
STATUS current
DESCRIPTION
"A collection of objects providing Qos information on
excess burst size."
::= { caqMIBGroups 20 }
caqIfTrustDeviceGroup OBJECT-GROUP
OBJECTS {
caqIfTrustDevice,
caqIfOperTrustState
}
STATUS current
DESCRIPTION
"A collection of objects providing the trusted device
configuration and operational state."
::= { caqMIBGroups 21 }
caqLoggingGroup OBJECT-GROUP
OBJECTS {
caqAclLogMaxFlow,
caqAclSecurityLoggingRateLimit,
caqAclRouterAclRateLimit,
caqIpFlowVlan,
caqIpFlowIfIndex,
caqIpFlowProtocolType,
caqIpFlowAddrType,
caqIpFlowSrcIp,
caqIpFlowSrcPort,
caqIpFlowDestIp,
caqIpFlowDestPort,
caqIpFlowIcmpType,
caqIpFlowIcmpCode,
caqIpFlowIgmpType,
caqIpFlowArpOpcode,
caqIpFlowArpSrcMacAddr,
caqIpFlowArpHeaderSrcMacAddr,
caqIpFlowPacketsCount,
caqIpFlowLoggingTTL
}
STATUS current
DESCRIPTION
"A collection of objects providing the security logging
configuration and statistics."
::= { caqMIBGroups 22 }
caqArpInspGroup OBJECT-GROUP
OBJECTS {
caqSecurityArpMacAddress,
caqAclArpInspMatchMac,
caqAclArpInspAddrValidation,
caqArpInspGlobalForwardedPkts,
caqArpInspGlobalDroppedPkts,
caqRARPForwardedPkts,
caqMatchedMacFailedPkts,
caqAddrValidationFailedPkts,
caqArpInspIpDroppedPkts,
caqArpInspForwardedPackets,
caqArpInspDroppedPackets,
caqIfArpInspDropThreshold,
caqIfArpInspShutdownThreshold
}
STATUS current
DESCRIPTION
"A collection of objects providing the ARP Inspection
configuration and statistics."
::= { caqMIBGroups 23 }
caqSecurityRateLimitGroup OBJECT-GROUP
OBJECTS {
caqSecurityRateLimitFeatures,
caqSecurityAclRateLimit
}
STATUS current
DESCRIPTION
"A collection of objects providing the security acl
feature rate limit configuration state."
::= { caqMIBGroups 24 }
caqDscpMutationGroup OBJECT-GROUP
OBJECTS {
caqDscpMutationNewDscp,
caqVlanMutationTableId
}
STATUS current
DESCRIPTION
"A collection of objects providing the DSCP mutation
configuration information."
::= { caqMIBGroups 25 }
caqQosDefaultActionGroup OBJECT-GROUP
OBJECTS {
caqQosDefaultTrustState,
caqQosDefaultDscp,
caqQosDefaultMicroflow,
caqQosDefaultAggregate
}
STATUS current
DESCRIPTION
"A collection of objects providing the default Qos action
configuration on the device."
::= { caqMIBGroups 26 }
caqIfAclConfigGroup2 OBJECT-GROUP
OBJECTS {
caqClassifierMapDirection
}
STATUS current
DESCRIPTION
"A collection of object providing the additional ACL attachment
configuration on the device."
::= { caqMIBGroups 27 }
caqIpEspGroup OBJECT-GROUP
OBJECTS {
caqIpAceSecurityId
}
STATUS current
DESCRIPTION
"A collection of object providing the Ip ESP traffic matching
configuration on the device."
::= { caqMIBGroups 28 }
caqDscpRewriteGroup OBJECT-GROUP
OBJECTS {
caqDscpRewriteEnabled
}
STATUS current
DESCRIPTION
"A collection of object providing the configuration of
DSCP rewrite feature on the device."
::= { caqMIBGroups 29 }
caqAggPolicerOctetStatsGroup OBJECT-GROUP
OBJECTS {
caqAggPolicerOctets,
caqAggPolicerNRExceedOctets,
caqAggPolicerERExceedOctets
}
STATUS current
DESCRIPTION
"A collection of objects providing the QoS statistics
information per aggregate policer in unit of octet."
::= { caqMIBGroups 30 }
caqSecurityGroup2 OBJECT-GROUP
OBJECTS {
caqSecurityAction,
caqSecurityCapture,
caqSecurityRedirect2kPortList,
caqSecurityActionStatus,
caqSecurityAclCaptureEnable
}
STATUS current
DESCRIPTION
"A collection of objects providing the security information."
::= { caqMIBGroups 31 }
caqIfSecurityAclConfigGroup OBJECT-GROUP
OBJECTS {
caqIfSecurityAclBase
}
STATUS current
DESCRIPTION
"A collection of objects providing the security ACL
information on the device."
::= { caqMIBGroups 32 }
caqIpAceExtGroup OBJECT-GROUP
OBJECTS {
caqIpAceSrcGroup,
caqIpAceDestGroup
}
STATUS current
DESCRIPTION
"A collection of objects providing the source and destination
group information to configure IP ACL on the device."
::= { caqMIBGroups 33 }
caqAclHitCountGroup OBJECT-GROUP
OBJECTS {
caqAclHitCountEnable,
caqAceHitCountEnable,
caqAceIngressHitCount,
caqAceEgressHitCount,
caqIfAclIngressHitCount,
caqIfAclEgressHitCount
}
STATUS current
DESCRIPTION
"A collection of objects providing the ACL hit count
configuration and statistics on the device."
::= { caqMIBGroups 34 }
caqMacAceExtGroup OBJECT-GROUP
OBJECTS {
caqMacAceMatchCriteria,
caqMacAceVlan,
caqMacAceCos
}
STATUS current
DESCRIPTION
"A collection of objects providing addtional matching
criteria such as the VLAN, Cos information to configure
MAC ACE on the device."
::= { caqMIBGroups 35 }
caqMacPktClassifyVlanGroup OBJECT-GROUP
OBJECTS {
caqMacPktClassifyVlansLow,
caqMacPktClassifyVlansHigh
}
STATUS current
DESCRIPTION
"A collection of objects providing the VLAN
configuration for MAC packet classify feature
on the device."
::= { caqMIBGroups 36 }
caqAclFeatureGroup OBJECT-GROUP
OBJECTS {
caqAclFeatureCpb
}
STATUS current
DESCRIPTION
"A collection of object providing what feature
related to ACL that the device is capable of."
::= { caqMIBGroups 37 }
caqPortAclHitCountGroup OBJECT-GROUP
OBJECTS {
caqAclHitCountPortList
}
STATUS current
DESCRIPTION
"A collection of object providing the set of physical
ports where ACL hit count feature is enabled."
::= { caqMIBGroups 38 }
caqVlanAclHitCountGroup OBJECT-GROUP
OBJECTS {
caqAclHitCountVlansLow,
caqAclHitCountVlansHigh
}
STATUS current
DESCRIPTION
"A collection of objects providing the set of VLANs
where ACL hit count feature is enabled."
::= { caqMIBGroups 39 }
caqQosL3StatsRateGroup OBJECT-GROUP
OBJECTS {
caqL3PacketsDropByPolicerAveRate,
caqTosChangedIpPacketsAveRate,
caqCosChangedNonIpPacketsAveRate,
caqCosChangedIpPacketsAveRate
}
STATUS current
DESCRIPTION
"A collection of objects providing the five minute
linearly-decayed moving average QoS statistics for Layer 3
traffic."
::= { caqMIBGroups 40 }
caqQosL3StatsPeakGroup OBJECT-GROUP
OBJECTS {
caqCosChangedNonIpPacketPeakRate,
caqCosChangedIpPacketsPeakRate,
caqL3PacketsDropByPolicerPeakRate,
caqTosChangedIpPacketsPeakRate
}
STATUS current
DESCRIPTION
"A collection of objects providing the peak rate QoS
statistics over past five minute period for Layer 3 traffic."
::= { caqMIBGroups 41 }
caqAggPolicerOctetsRateGroup OBJECT-GROUP
OBJECTS {
caqAggPolicerOctetsRate,
caqAggPolicerNRExceedOctetsRate,
caqAggPolicerERExceedOctetsRate
}
STATUS current
DESCRIPTION
"A collection of objects providing the five minute
linearly-decayed octets moving average rate per aggregate
policer."
::= { caqMIBGroups 42 }
caqAggPolicerPacketsRateGroup OBJECT-GROUP
OBJECTS {
caqAggPolicerPacketsRate,
caqAggPolicerNRExceedPacketsRate,
caqAggPolicerERExceedPacketsRate
}
STATUS current
DESCRIPTION
"A collection of objects providing the five minute
linearly-decayed packets moving average rate per aggregate
policer."
::= { caqMIBGroups 43 }
caqAggPolicerOctetsPeakGroup OBJECT-GROUP
OBJECTS {
caqAggPolicerOctetsPeakRate
}
STATUS current
DESCRIPTION
"A collection of objects providing the peak rate of octets
over past five minute period per aggregate policer."
::= { caqMIBGroups 44 }
caqAggPolicerPacketsPeakGroup OBJECT-GROUP
OBJECTS {
caqAggPolicerPacketsPeakRate
}
STATUS current
DESCRIPTION
"A collection of objects providing the peak rate of packets
over past five minute period per aggregate policer."
::= { caqMIBGroups 45 }
caqQosPortRateGroup OBJECT-GROUP
OBJECTS {
caqPortStatsDropPktsAveRate
}
STATUS current
DESCRIPTION
"A collection of object providing the five minute
linearly-decayed packets drop rate per interface."
::= { caqMIBGroups 46 }
caqQosPortPeakGroup OBJECT-GROUP
OBJECTS {
caqPortStatsDropPktsPeakRate
}
STATUS current
DESCRIPTION
"A collection of object providing the peak rate of packets
over past five minute period per interface."
::= { caqMIBGroups 47 }
caqSecurityActionDnldAceGroup OBJECT-GROUP
OBJECTS {
caqSecurityDownloadedAceFeature
}
STATUS current
DESCRIPTION
"A collection of object providing feature type of downloaded
ACE."
::= { caqMIBGroups 48 }
caqSecurityDownloadAclInfoGroup OBJECT-GROUP
OBJECTS {
caqDownloadAclUserCount,
caqDownloadAclDownloadTime
}
STATUS current
DESCRIPTION
"A collection of object providing downloaded ACL information."
::= { caqMIBGroups 49 }
caqSecurityDownloadIpAceGroup OBJECT-GROUP
OBJECTS {
caqIpDownloadAceMatchedAction,
caqIpDownloadAceProtocolType,
caqIpDownloadAceAddrType,
caqIpDownloadAceSrcIp,
caqIpDownloadAceSrcIpMask,
caqIpDownloadAceSrcPortOp,
caqIpDownloadAceSrcPort,
caqIpDownloadAceSrcPortRange,
caqIpDownloadAceDestIp,
caqIpDownloadAceDestIpMask,
caqIpDownloadAceDestPortOp,
caqIpDownloadAceDestPort,
caqIpDownloadAceDestPortRange,
caqIpDownloadAceTosMatchCriteria,
caqIpDownloadAceIpPrec,
caqIpDownloadAceDscp,
caqIpDnldAcePrtocolMatchCriteria,
caqIpDownloadAceIcmpType,
caqIpDownloadAceIcmpCode
}
STATUS current
DESCRIPTION
"A collection of object providing download IP ACE information."
::= { caqMIBGroups 50 }
caqIfDownloadAclMapGroup OBJECT-GROUP
OBJECTS {
caqIfDownloadAclFeature,
caqIfDownloadAclAddressType,
caqIfDownloadAclHostAddress
}
STATUS current
DESCRIPTION
"A collection of object providing mapping information of
downloaded ACL to capable interface."
::= { caqMIBGroups 51 }
caqIfIpPhoneMapGroup OBJECT-GROUP
OBJECTS {
caqIfIpPhoneAddressType,
caqIfIpPhoneHostAddress
}
STATUS current
DESCRIPTION
"A collection of object providing mapping information
of IP phone to capable interface where downloaded ACL
is utilized."
::= { caqMIBGroups 52 }
caqIpAceTypeGroup OBJECT-GROUP
OBJECTS {
caqIpAceType
}
STATUS current
DESCRIPTION
"A collection of object providing the type of an Ip ACE."
::= { caqMIBGroups 53 }
caqIpOperClassifierGroup OBJECT-GROUP
OBJECTS {
caqIpOperAclName,
caqIpOperAclMapSource
}
STATUS current
DESCRIPTION
"A collection of objects provides the operational mapping
of IP ACLs to each applicable interface."
::= { caqMIBGroups 54 }
caqDownloadClassifierGroup OBJECT-GROUP
OBJECTS {
caqDownloadClassifierAclName,
caqDownloadMapSource,
caqDownloadAclType
}
STATUS current
DESCRIPTION
"A collection of objects provides the mapping of ACLs to each
applicable interface downloaded by security features."
::= { caqMIBGroups 55 }
caqArpLoggingSourceGroup OBJECT-GROUP
OBJECTS {
caqIpFlowArpLoggingSource,
caqIpFlowArpAclName,
caqIpFlowArpAceNumber
}
STATUS current
DESCRIPTION
"A collection of objects provides the logging source of
ARP flow."
::= { caqMIBGroups 56 }
END
Reference in New Issue View Git Blame Copy Permalink