Extreme-ACL MIB

The SNMP agent supports Get, Get-next, and Get bulk requests for L2 ACLs on the Extreme-ACL-MIB. The Extreme-ACL MIB defines support for SNMP MIB. In the SLX-OS 17r.2.00 release, the Extreme-ACL MIB supports only L2 ACL.

bcsiAclNametoAclIdMappingTable

Note

Note

Only the table definition is supported in the current SLX-OS release.
MIB Object Description

bcsiAclNametoAclIdMappingAclName

OID: .1.3.6.1.4.1.1588.3.1.16.1.1.1.1

syntax: OCTET STRING (SIZE (0..255))

Name of the ACL.

bcsiAclNametoAclIdMappingAclId

OID: .1.3.6.1.4.1.1588.3.1.16.1.1.1.2

syntax: Unsigned32

Unique numeric ID for the given type (MAC or IP)of ACL.

bcsiAclNametoAclIdMappingAclType

OID: .1.3.6.1.4.1.1588.3.1.16.1.1.1.3

syntax: integer

ACL are of two types namely, standard and extended ACL. They differ by the rules that are defined under each of these types.

bcsiAclNametoAclIdMappingAclLevel

OID: .1.3.6.1.4.1.1588.3.1.16.1.1.1.4

syntax: integer

Level of ACL. Only L2 is supported.

bcsiL2NamedAclRuleTable

MIB Object Description

bcsiL2NamedAclId

OID: .1.3.6.1.4.1.1588.3.1.16.1.2.1.1

syntax: Unsigned32(1..65535)

Unique Numeric ID for given type(MAC or IP) of ACL.

This object is the same as bcsiAclNametoAclIdMappingAclId ofbcsiAclNameToIdMappingTable

bcsiL2NamedAclSequenceNumber

OID: .1.3.6.1.4.1.1588.3.1.16.1.2.1.2

syntax: Unsigned32(1..65535)

The rule number.

bcsiL2NamedAclName

OID: .1.3.6.1.4.1.1588.3.1.16.1.2.1.3

syntax: OCTET STRING (SIZE (0..255))

Represents the Name of each configured L2 named ACL

bcsiL2NamedAclAction

OID: .1.3.6.1.4.1.1588.3.1.16.1.2.1.4

syntax: integer {deny(1), permit(2), hardDrop(3) }

Action to take if the ingress L2 packet matches this ACL.

bcsiL2NamedAclSourceType

OID: .1.3.6.1.4.1.1588.3.1.16.1.2.1.5

syntax: integer { standardFormat(1), any(2), host(3) }

Source can be represented in three ways.

  • MAC address in HHHH.HHHH.HHHH format.
  • any source MAC address
  • Host specific MAC address

bcsiL2NamedAclSourceMacMask is closely related to this field.

bcsiL2NamedAclSourceMac

OID: .1.3.6.1.4.1.1588.3.1.16.1.2.1.6

syntax: MACAddress

Optional source MAC address. By default, it matches with any source MAC within a packet.

bcsiL2NamedAclSourceMacMask

OID:

.1.3.6.1.4.1.1588.3.1.16.1.2.1.7

syntax: MACAddress

Optional source MAC address mask. By default, it matches with any source MAC within a packet. It matches with any source MAC within a packet. To match on the first two bytes of the address, aabb.ccdd.eeff, use the mask ffff.0000.0000. In this case, the clause matches all source MAC addresses that contain 'aabb' as the first two bytes and any values in the remaining bytes of the MAC address.

Supported for Extended ACL only.

bcsiL2NamedAclDestinationType

OID: .1.3.6.1.4.1.1588.3.1.16.1.2.1.8

syntax: integer { standardFormat(1), any(2), host(3) }

Destination can be represented in three ways.

  • MAC address in HHHH.HHHH.HHHH format.
  • any source MAC address
  • Host specific MAC address

bcsiL2NamedAclSourceMacMask is closely related to this field.

bcsiL2NamedAclDestinationMac

OID: .1.3.6.1.4.1.1588.3.1.16.1.2.1.9

syntax: MACAddress

Optional destination MAC address. By default, it matches with any source MAC within a packet.

bcsiL2NamedAclDestinationMacMask

OID: .1.3.6.1.4.1.1588.3.1.16.1.2.1.10

syntax: MACAddress

Optional destination MAC address mask. By default, it matches with any source MAC within a packet. It matches with any source MAC within a packet. To match on the first two bytes of the address, aabb.ccdd.eeff, use the mask ffff.0000.0000. In this case, the clause matches all destination MAC addresses that contain 'aabb' as the first two bytes and any values in the remaining bytes of the MAC address.

Supported for Extended ACL only.

bcsiL2NamedAclCount

OID: .1.3.6.1.4.1.1588.3.1.16.1.2.1.11

syntax: TruthValue

Indicates if the user has enabled/disabled count for number of packets against which the configured action is taken, for a given rule.

bcsiL2NamedAclCopySflow

OID: .1.3.6.1.4.1.1588.3.1.16.1.2.1.12

syntax: TruthValue

"True" if defined ACL rule with copy-sflow option else represent "False".

bcsiL2NamedAclDropPrecedenceForce

OID: .1.3.6.1.4.1.1588.3.1.16.1.2.1.13

syntax: syntax: integer { one(1), two(2), zero(3) }

Forces ingress drop precedence.

bcsiL2NamedAclV lanTagFormat

OID: .1.3.6.1.4.1.1588.3.1.16.1.2.1.14

syntax: integer; { single-tagged(1), double-tagged(2), untagged(3) }

The VLAN format.

bcsiL2NamedAclInnerVlanId

OID: .1.3.6.1.4.1.1588.3.1.16.1.2.1.15

syntax: Unsigned32 (0 | 1..4090)

The VLAN ID of the tagged inner VLAN. 0 indicates 'any'

bcsiL2NamedAclOuterVlanId

OID: .1.3.6.1.4.1.1588.3.1.16.1.2.1.16

syntax: Unsigned32 (0 | 1..4090)

The VLAN ID of the tagged outer VLAN. 0 indicates 'any'.

bcsiL2NamedAclVlanId

OID: .1.3.6.1.4.1.1588.3.1.16.1.2.1.17

syntax: Unsigned32 (0 | 1..4090)

Optional VLAN ID to match against that of the incoming packet.

By default, the VLAN ID field is ignored during the match. In this case, value 0 is returned.

Supported for Extended ACL only

bcsiL2NamedAclEthernetType

OID: .1.3.6.1.4.1.1588.3.1.16.1.2.1.18

syntax: Unsigned32

Optional Ethernet Type to match against the etype field of the incoming packet.

Supported for Extended ACL only.

By default, etype field is ignored during the match(none). DEFVAL { None }

bcsiL2NamedAclArpGuard

OID: .1.3.6.1.4.1.1588.3.1.16.1.2.1.19

syntax: TruthValue

Represents enabling/disabling of arp-gurad for a given ACL.

bcsiL2NamedAclDot1Priority

OID: .1.3.6.1.4.1.1588.3.1.16.1.2.1.20

syntax: integer { level1(1), level2(2), level3(3), level4(4), level5(5), level6(6), level7(7), level0(8), invalid(127) }; 0 is lowest priority, 7 is the highest."

The priority option assigns traffic that matches the ACL to a hardware forwarding queue. In addition to changing the internal forwarding priority, if the outgoing interface is an 802.1q interface, this option maps the specified priority to its equivalent 802.1p (QoS) priority and marks the packet with the new 802.1p priority.

This option is applicable for inbound ACLs only.

NOTE:bcsiL2NamedAclDot1Priority following bcsiL2NamedAclDot1PriorityForce cannot be used together in an ACL entry.

Supported for Extended ACL only

bcsiL2NamedAclDot1PriorityForce

OID: .1.3.6.1.4.1.1588.3.1.16.1.2.1.21

syntax: integer { level1(1), level2(2), level3(3), level4(4), level5(5), level6(6), level7(7), level0(8), invalid(127) }; 0 is lowest priority, 7 is the highest."

The priority-force option assigns packets of outgoing traffic that match the ACL to a specific hardware forwarding queue, even though the incoming packet may be assigned to another queue.

This option is applicable for inbound ACLs only.

NOTE:bcsiL2NamedAclDot1Priority following bcsiL2NamedAclDot1PriorityForce cannot be used together in an ACL entry. Supported for Extended ACL only

bcsiL2NamedAclMirrorPackets

OID: . 1.3.6.1.4.1.1588.3.1.16.1.2.1.22

syntax: TruthValue

Mirror packets matching ACL permit clause. Supported for Extended ACL only.

bcsiL2NamedAclLogEnable

OID: .1.3.6.1.4.1.1588.3.1.16.1.2.1.23

syntax: TruthValue

Optional parameter to enable logging only when deny clause is specified. Note that traffic denied by implicit deny mechanism is not subject to logging. The implicit deny kicks in when the traffic does not match any of the clauses and there is no 'permit any any' clause specified at the end.

bcsiAclIfBindTable

MIB Object Description

bcsiAclIfBindDirection

OID: .1.3.6.1.4.1.1588.3.1.16.1.3.1.1

syntax: integer {inbound(1), outbound(2) }

Direction in which this ACL should be applied on this port.

bcsiAclIfBindAclName

OID: .1.3.6.1.4.1.1588.3.1.16.1.3.1.2

syntax: OCTET STRING (SIZE (0..255))

Represents the Name of each configured L2 ACL only.
9036694-01 Rev AA