Configure the rule for advanced acl group.
The indexes of the table are hwAclAdvancedAclNum, hwAclAdvancedSubitem.
|
OID |
Object |
Syntax |
Max Access |
Description |
Implemented Specifications |
|---|---|---|---|---|---|
|
1.3.6.1.4.1.2011.5.1.1.5.1.1 |
hwAclAdvancedAclNum |
Integer32 |
read-only |
The index of advanced acl table, the index range is (100..199 | 3000..3999 | 42768..76535). |
Currently, ACLs numbered from 100 to 199 are not supported. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.2 |
hwAclAdvancedSubitem |
Unsigned32 |
read-only |
The object specifies the number of an advanced ACL rule. If the number specified has been assigned to an ACL rule, the new rule will overwrite the old one, which is equal to editing the old rule. If the number is not assigned, the system will define a rule with the number and insert it to the place corresponding to its number. If no number is specified, the system will define a rule, assign a number to it and add it into the ACL. It will be placed at the end of the ACL when configuration sequence is adopted; otherwise, it will be placed based on the 'Depth-first' principle. When ACL rules are following the 'Depth-first' principle, the number of an ACL rule must be given 0 ,but it will be assigned by step automatically;otherwise,this rule will not be created. |
The actually supported value range is 0-4294967294. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.3 |
hwAclAdvancedAct |
INTEGER{permit(1),deny(2)} |
read-create |
The object indicates the action of an advanced acl rule. 'deny' means discarding the packets that meet the condition, 'permit' means permitting the packets that meet the condition. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.5 |
hwAclAdvancedSrcIp |
IpAddress |
read-create |
The value of this object identifies the source IP address. The value ranges from 0.0.0.0 to 255.255.255.255. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.6 |
hwAclAdvancedSrcWild |
IpAddress |
read-create |
The value of this object identifies the wildcard mask of the source IP address. The value ranges from 0.0.0.0 to 255.255.255.255. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.7 |
hwAclAdvancedSrcOp |
INTEGER{lt(1),eq(2),gt(3),neq(4),invalid(0),range(5)} |
read-create |
The object indicates the source Port operation symbol of an advanced acl rule. It compares the port operators of source address. 'lt' means less than, 'eq' means equal to, 'gt' means greater than, 'neq' means not equal to, 'range' means between, 'invalid' means this operation of the rule is invalid. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.8 |
hwAclAdvancedSrcPort1 |
Integer32{(0,65535)} |
read-create |
This object indicates the end source port number. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.9 |
hwAclAdvancedSrcPort2 |
Integer32{(0,65535)} |
read-create |
This object indicates the start source port number. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.10 |
hwAclAdvancedDestIp |
IpAddress |
read-create |
This object indicates the destination IP address. The value ranges from 0.0.0.0 to 255.255.255.255. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.11 |
hwAclAdvancedDestWild |
IpAddress |
read-create |
This object indicates the mask of the destination IP address. The value ranges from 0.0.0.0 to 255.255.255.255. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.12 |
hwAclAdvancedDestOp |
INTEGER{lt(1),eq(2),gt(3),neq(4),invalid(0),range(5)} |
read-create |
The object indicates the destination Port operation symbol of an advanced acl group. It compares the port operators of destination address. 'lt' means less than, 'eq' means equal to, 'gt' means greater than, 'neq' means not equal to, 'range' means between, 'invalid' means this operation of the rule is invalid. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.13 |
hwAclAdvancedDestPort1 |
Integer32{(0,65535)} |
read-create |
This object indicates the end destination port number. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.14 |
hwAclAdvancedDestPort2 |
Integer32{(0,65535)} |
read-create |
This object indicates the start destination port number. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.15 |
hwAclAdvancedPrecedence |
Integer32{(0,7),(255,255)} |
read-create |
The value of this object identifies the precedence sub-field. It is the higher three bits of the ToS field in an IP header. The value ranges from 0 to 7. The invalid value is 255. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.16 |
hwAclAdvancedTos |
Integer32{(0,15),(255,255)} |
read-create |
The value of this object identifies the ToS sub-field. This field covers four bits after the higher three bits of the ToS field in an IP header. The value ranges from 0 to 15. The invalid value is 255. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.17 |
hwAclAdvancedDscp |
Integer32{(0,63),(255,255)} |
read-create |
The value of this object identifies the higher six bits of the ToS field in an IP header. The value ranges from 0 to 63. The invalid value is 255. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.18 |
hwAclAdvancedEstablish |
INTEGER{true(1),false(2)} |
read-create |
The object indicates whether or not establishing. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.19 |
hwAclAdvancedTimeRangeIndex |
Integer32{(0,256)} |
read-create |
The object indicates the time range of an advanced acl rule. When the current time is in the time range, the rule is valid. Zero value declares that the acl rule has no time range.The invalid value is 0. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.20 |
hwAclAdvancedIcmpType |
Integer32{(0,255),(65535,65535)} |
read-create |
The object indicates the type of ICMP packet. It filters ICMP packets according to the ICMP message type. The invalid value is 65535. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.21 |
hwAclAdvancedIcmpCode |
Integer32{(0,255),(65535,65535)} |
read-create |
The object indicates the code of ICMP packet. It filters ICMP packets according to the message code. The invalid value is 65535. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.22 |
hwAclAdvancedFragments |
INTEGER{fragmentSubseq(0),fragment(1),nonFragment(2),nonSubseq(3),fragmentSpeFirst(4),none(255)} |
read-create |
The object indicates the type of the packet. 0: fragmentSubseq, indicating that the packet is a subsequent fragment 1: fragment, indicating that the packet is a fragment 2: nonFragment, indicating that the packet is not a fragment 3: nonSubseq, indicating that the packet is not a subsequent fragment 4: fragmentSpeFirst, indicating that the packet is the first fragment 255: none, invalid value This object cannot be modified once a rule is created. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.24 |
hwAclAdvancedEnable |
INTEGER{true(1),false(2)} |
read-only |
The object indicates whether the rule is valid or invalid. |
This object is implemented as defined in the corresponding MIB files. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.25 |
hwAclAdvancedCount |
Counter64 |
read-only |
The object indicates the statistics of matched packets by the rule. |
The actually supported value range is 0-4294967295. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.26 |
hwAclAdvancedVrfName |
OCTET STRING{(0,31)} |
read-create |
The object indicates the VRF name of this rule, It specifies the VPN-instance to which the packet belongs. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.27 |
hwAclAdvancedRowStatus |
INTEGER{active(1),notInService(2),notReady(3),createAndGo(4),createAndWait(5),destroy(6)} |
read-create |
RowStatus, Now support three state:CreateAndGo,Active,Destroy. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.28 |
hwAclAdvancedTcpSyncFlag |
Integer32{(-1,-1),(0,63)} |
read-create |
The object indicates the code of TCP Sync flag(0~63), The invalid value is -1. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.30 |
hwAclAdvancedSrcPoolName |
OCTET STRING{(0,32)} |
read-create |
The object indicates the source pool name. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.31 |
hwAclAdvancedDestPoolName |
OCTET STRING{(0,32)} |
read-create |
The object indicates the destination pool name. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.32 |
hwAclAdvancedProtocolNew |
Integer32{(0,255),(65535,65535)} |
read-create |
The object indicates the protocol type of the rule. It specifies the protocol type over IP.The number of IP protocol is 65535. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.33 |
hwAclAdvancedVni |
Integer32{(0,16777215)} |
read-create |
The object indicates the ID of VXLAN, The invalid value is 0. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.35 |
hwAclAdvancedTtlOp |
INTEGER{lt(1),eq(2),gt(3),neq(4),invalid(0),range(5)} |
read-create |
The object indicates the ttl operation symbol of an advanced acl rule. 'lt' means less than, 'eq' means equal to, 'gt' means greater than, 'neq' means not equal to, 'range' means between, 'invalid' means this operation of the rule is invalid. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.36 |
hwAclAdvancedTtlExpire |
Integer32{(0,255)} |
read-create |
The object indicates the begin ttl value. The invalid value is 0. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.37 |
hwAclAdvancedTtlExpireEnd |
Integer32{(0,255)} |
read-create |
The object indicates the end ttl value. The invalid value is 0. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.38 |
hwAclAdvancedPktLenOp |
INTEGER{lt(1),eq(2),gt(3),neq(4),invalid(0),range(5)} |
read-create |
The object indicates the packet length operation symbol of an advanced acl rule. 'lt' means less than, 'eq' means equal to, 'gt' means greater than, 'neq' means not equal to, 'range' means between, 'invalid' means this operation of the rule is invalid. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.39 |
hwAclAdvancedPktLenBegin |
Integer32{(0,65535)} |
read-create |
The object indicates the begin packet length value. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.40 |
hwAclAdvancedPktLenEnd |
Integer32{(0,65535)} |
read-create |
The object indicates the end packet length value. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.41 |
hwAclAdvancedTcpFlagMask |
Integer32{(0,63)} |
read-create |
The object indicates the mask of tcp-flag. The invalid value is 0. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.42 |
hwAclAdvancedSrcPortPoolName |
OCTET STRING{(0,32)} |
read-create |
The object indicates the source port pool name. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.43 |
hwAclAdvancedDestPortPoolName |
OCTET STRING{(0,32)} |
read-create |
The object indicates the destination port pool name. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.44 |
hwAclAdvancedIcmpTypeEnd |
Integer32{(0,255),(65535,65535)} |
read-create |
The value of this object identifies the ICMP message type. The value ranges from 0 to 255. The value 65535 is invalid. This object is used together with hwAclAdvancedIcmpType to indicate the value range of the ICMP message type. |
The actually supported access is read-only. |
|
1.3.6.1.4.1.2011.5.1.1.5.1.45 |
hwAclAdvancedVrfAny |
INTEGER{true(1),false(2)} |
read-create |
The object indicates whether or not matching any VPN-instance. |
The actually supported access is read-only. |