ipPolicyRuleOperation
POLICY-MIB ·
.1.3.6.1.4.1.81.36.2.1.14
Object
column
r/w
Integer32
The operation that should be applied to a packet in case the packet does not match any of the user specified rules. Values pertains to ACL or QoS depending on List type.
This field points to the appropriate ipPolicyCompositeOpID in ipPolicyCompositeOpTable.
The following read-only rows that are always defined in ipPolicyCompositeOpTable for a combined List:
OpId OpName PolicyRuleOp prior to Policy MIB 1.3.0
==== ====== ======================================
1 Priority 0 forwardPriority0(1)
2 Priority 1 forwardPriority1(2)
3 Priority 2 forwardPriority2(3)
4 Priority 3 forwardPriority3(4)
5 Priority 4 forwardPriority4(5)
6 Priority 5 forwardPriority5(6)
7 Priority 6 forwardPriority6(7)
8 Priority 7 forwardPriority7(8)
9 Forward No Change forward(9)
10 Deny deny(10)
11 Deny and Notify denyAndNotify(11)
12 Do not EZRoute layer2Switching(12)
The following read-only rows that are always defined in ipPolicyCompositeOpTable for list in split list mode:
OpId OpName
==== ======
1 permit
2 deny
3 deny-and-notify
4 deny-and-reset-connection (Boxster only)
5 deny-and-notify-and-reset-connection (Boxster only)
The following read-only rows that are always defined in ipPolicyCompositeOpTable for a ACL list in split list mode:
OpId OpName
==== ======
1 CoS0
2 CoS1
3 CoS2
4 CoS3
5 CoS4
6. CoS5
7. CoS6
8. CoS7
9. no-change
10. trust-dscp-only
11. trust-dscp-and-cos (Boxster default)
The following read-only rows are always defined in ipPolicyCompositeOpTable for PBR list in split list mode:
OpId OpName
==== ======
1 DBR (Destination Based Routing)
2 unused
.
.
9 NH1 (Next Hop)
10 NH2
.
.
28 NH20
The following read-only rows are always defined in ipPolicyCompositeOpTable for Crypto list in split list mode:
OpId OpName
==== ======
1 Bypass
2 Crypto Map 1
3 Crypto Map 2
21 Crypto Map 20
Access-control default operation is permit.
QoS default operation is no-change.
PBR default operation is DBR (Destination Based Routing).
Zydeco uses combined list with additional two actions. Actions' access is permits. QoS is defined below:
13: Change 802.1p based on DSCP - change 802.1p value based on packet's DSCP (MIB wise: uses DSCP table to further DSCP based classification)
14: Change DSCP based on 5-tuple - change DSCP value (MIB wise: ipPolicyRuleDSCPOperation indicates the new DSCP value)
Context
- MIB
- POLICY-MIB
- OID
.1.3.6.1.4.1.81.36.2.1.14- Type
- column
- Access
- readwrite
- Status
- current
- Parent
- ipPolicyRuleEntry
- Table
- ipPolicyRuleTable
- Siblings
- 34
Syntax
Integer32
Values & Constraints
Object Constraints
range: 1-1000
Related Objects
Sibling Objects
| Object | Type | Syntax | OID |
|---|---|---|---|
| ipPolicyRuleSlot The EntID-id (AKA module-id / box number) to which this rule relates | column | Integer32 | .1.3.6.1.4.1.81.36.2.1.1 |
| ipPolicyRuleL4SrcPortMax The maximal source port number.
This fields is applicable only when ipPolicyRuleProtocol is TCP(6) or
UDP(17). In all other cases its values is not used. | column | Integer32 | .1.3.6.1.4.1.81.36.2.1.10 |
| ipPolicyRuleL4DestPortMin The minimal destination port number.
This fields is applicable only when ipPolicyRuleProtocol is TCP(6)
or UDP(17). In all other cases its values is not used. | column | Integer32 | .1.3.6.1.4.1.81.36.2.1.11 |
| ipPolicyRuleL4DestPortMax The maximal destination port number.
This fields is applicable only when ipPolicyRuleProtocol is TCP(6)
or UDP(17). In all other cases its value is not used. | column | Integer32 | .1.3.6.1.4.1.81.36.2.1.12 |
| ipPolicyRuleEstablished This field indicates the value of the established bit in the TCP header.
If protocol is not TCP this values should not be used. | column | Enumeration | .1.3.6.1.4.1.81.36.2.1.13 |
| ipPolicyRuleApplicabilityPrecedence This field indicates how important is it to enforce this rule.
The higher the number the more important it is to enforce this rule.
The value 9999 has a special meaning of Mandato… | column | Integer32 | .1.3.6.1.4.1.81.36.2.1.15 |
| ipPolicyRuleApplicabilityStatus obsolete Used to monitor if a rule is currently applicable (for the active
list)or would be applicable (if the list becomes active).
The applicability context is that of the first entry fo… | column | Enumeration | .1.3.6.1.4.1.81.36.2.1.16 |
| ipPolicyRuleApplicabilityType obsolete Used to monitor the ApplicabilityStatus of the rule in the context of
this list. The values returned for this MIB are not affected by the
list status (active/inactive)
… | column | Enumeration | .1.3.6.1.4.1.81.36.2.1.17 |
| ipPolicyRuleErrMsg obsolete Free text describing the reason why the rule is not Applicable.
When rule is Applicable returns NULL string.
The values returned for this MIB are not affected by the list status
… | column | OctetString | .1.3.6.1.4.1.81.36.2.1.18 |
| ipPolicyRuleStatus Used to configure and monitor one rule.
Use CreateAndWait (4) to create a rule.
Destroy (6) to destroy a rule
active (1) is returned when a rule is complete and is configured
… | column | RowStatus | .1.3.6.1.4.1.81.36.2.1.19 |
| ipPolicyRuleListID The ID of the list this rule is part of.
Derived from list range. See ipPolicyListID MIB. | column | Integer32 | .1.3.6.1.4.1.81.36.2.1.2 |
| ipPolicyRuleDSCPOperation obsolete The New DSCP value that should be applied to packets that meatch this rule.
A value of 64 means no change. | column | Integer32 | .1.3.6.1.4.1.81.36.2.1.20 |
| ipPolicyRuleDSCPFilter A DSCP value to match against.
This filter can be used instead or with the DSCP implicit
mapping table.
This filter is used in combination with
ipPolicyRuleDSCPFilterWild to m… | column | Integer32 | .1.3.6.1.4.1.81.36.2.1.21 |
| ipPolicyRuleDSCPFilterWild A bitmask wildcard to match bits in the Diff-Serv
byte. '1' bits are part of the comparison.
'0' bits are 'don't care'.
A value of 63 means match all bits.
A value of 0 means do… | column | Integer32 | .1.3.6.1.4.1.81.36.2.1.22 |
| ipPolicyRuleIcmpTypeCode The ICMP type and code to which this rule relates.
If protocol is not ICMP this values should not be used.
Field format:
- 19 bits filed.
- MSB (bit 18) stand for n… | column | Enumeration | .1.3.6.1.4.1.81.36.2.1.23 |
| ipPolicyRuleSrcAddrNot Logical NOT of the source-IP or source policy user name field.
Packets with source IPs or source policy user name which do NOT match the IP address & wildcard or source policy use… | column | Enumeration | .1.3.6.1.4.1.81.36.2.1.24 |
| ipPolicyRuleDstAddrNot Logical NOT of the destination-IP field or destination policy user name.
Packets with destination IPs or destination policy user name which do NOT match the IP address & wildcard … | column | Enumeration | .1.3.6.1.4.1.81.36.2.1.25 |
| ipPolicyRuleProtocolNot Logical NOT of the IP protocol field. | column | Enumeration | .1.3.6.1.4.1.81.36.2.1.26 |
| ipPolicyRuleL4SrcPortNot Logical NOT of the tcp source port settings. | column | Enumeration | .1.3.6.1.4.1.81.36.2.1.27 |
| ipPolicyRuleL4DestPortNot Logical NOT of the tcp destination port settings. | column | Enumeration | .1.3.6.1.4.1.81.36.2.1.28 |
| ipPolicyRuleIcmpTypeCodeNot Logical NOT of the protocol field + ICMP type and code. | column | Enumeration | .1.3.6.1.4.1.81.36.2.1.29 |
| ipPolicyRuleID Number of rule within its list. Each list may contain many rule.
Lists work in a First Match manner.
A rule with a lower ID would be preferred over a rule with a higher ID. | column | Integer32 | .1.3.6.1.4.1.81.36.2.1.3 |
| ipPolicyRuleSrcPolicyUserGroupName Source user group's policy name.
Identical to ugPolicyName MIB.
ipPolicyRuleSrcAddr and ipPolicyRuleSrcAddrWild MIBs should be cleared when this value sets and vise versa. | column | OctetString | .1.3.6.1.4.1.81.36.2.1.30 |
| ipPolicyRuleDstPolicyUserGroupName Destination user group's policy name.
Identical to ugPolicyName MIB.
ipPolicyRuleDstAddr and ipPolicyRuleDstAddrWild MIBs should be cleared when this value sets and vise versa. | column | OctetString | .1.3.6.1.4.1.81.36.2.1.31 |
| ipPolicyRuleDSCPFilterNot Logical NOT of DSCP filter settings. | column | Enumeration | .1.3.6.1.4.1.81.36.2.1.32 |
| ipPolicyRuleDescription IP rule description field. Allowing the user to specify the description for each rule.
In Crypto list a rule equals a tunnel and therefore the description is of the tunnel.
There … | column | OctetString | .1.3.6.1.4.1.81.36.2.1.33 |
| ipPolicyRuleFragment This field indicates whether the rule will apply to non-initial fragments only.
When this key is set the L4 information is removed. | column | Enumeration | .1.3.6.1.4.1.81.36.2.1.34 |
| ipPolicyRuleDoSClass Enumerated description of DoS attack this
correspondingly defends from.
Presently the DoS description is used for classification of DoS attacks in the MSS notificat… | column | Enumeration | .1.3.6.1.4.1.81.36.2.1.35 |
| ipPolicyRuleSrcAddr The IP address of the source station. A value of 255.255.255.255
in ipPolicyRuleSrcAddrWild indicates this is a DON'T CARE field. | column | RFC1155-SMIIpAddress | .1.3.6.1.4.1.81.36.2.1.4 |
| ipPolicyRuleSrcAddrWild This field specifies the wildcard of the source IP address.
Note that a the mask for a single host is 0.0.0.0 and the mask for all
hosts is 255.255.255.255. This field can has any… | column | RFC1155-SMIIpAddress | .1.3.6.1.4.1.81.36.2.1.5 |
| ipPolicyRuleDstAddr The IP address of the destination station.
A value of 255.255.255.255 in ipPolicyRuleDstAddrWild indicates this
is a DON'T CARE field. | column | RFC1155-SMIIpAddress | .1.3.6.1.4.1.81.36.2.1.6 |
| ipPolicyRuleDstAddrWild This field specifies the wildcard of the destination IP address.
Note that a the mask for a single host is 0.0.0.0 and the mask for
all hosts is 255.255.255.255. This field can h… | column | RFC1155-SMIIpAddress | .1.3.6.1.4.1.81.36.2.1.7 |
| ipPolicyRuleProtocol The IP protocol to which this rule relates.
Use 256 to specify any IP (i.e. don't care) | column | Integer32 | .1.3.6.1.4.1.81.36.2.1.8 |
| ipPolicyRuleL4SrcPortMin The minimal source port number.
This fields is applicable only when ipPolicyRuleProtocol is TCP(6)
UDP(17). In all other cases its values is not used. | column | Integer32 | .1.3.6.1.4.1.81.36.2.1.9 |