CISCO-CATOS-ACL-QOS-MIB

File: CISCO-CATOS-ACL-QOS-MIB.mib (248941 bytes)

Imported modules

SNMPv2-SMI SNMPv2-CONF SNMPv2-TC
IF-MIB CISCO-SMI CISCO-VTP-MIB
CISCO-QOS-PIB-MIB CISCO-SWITCH-ENGINE-MIB HCNUM-TC
SNMP-FRAMEWORK-MIB CISCO-TC INET-ADDRESS-MIB

Imported symbols

MODULE-IDENTITY OBJECT-TYPE Counter32
Counter64 Gauge32 Integer32
Unsigned32 MODULE-COMPLIANCE OBJECT-GROUP
TEXTUAL-CONVENTION RowStatus MacAddress
DateAndTime TruthValue ifIndex
InterfaceIndex ciscoMgmt VlanIndex
Dscp QosLayer2Cos Percent
QosInterfaceQueueType cseFlowDataEntry CounterBasedGauge64
SnmpAdminString CiscoPortList CiscoIpProtocol
InetAddressType InetAddress InetPortNumber

Defined Types

CaqAclName  
TEXTUAL-CONVENTION    
  current STRING Size(1..31)

CaqPolicerName  
TEXTUAL-CONVENTION    
  current STRING Size(1..31)

CaqPolicerNameOrEmpty  
TEXTUAL-CONVENTION    
  current STRING Size(0..31)

CaqAdjacencyName  
TEXTUAL-CONVENTION    
  current STRING Size(1..18)

CaqDirection  
TEXTUAL-CONVENTION    
  current INTEGER ingress(1), egress(2)

CaqIpPrecedence  
TEXTUAL-CONVENTION    
  current Unsigned32 0..7

CaqQueueNumber  
TEXTUAL-CONVENTION    
  current Unsigned32 1..100

CaqThresholdNumber  
TEXTUAL-CONVENTION    
  current Unsigned32 1..100

CaqHitCountAclType  
TEXTUAL-CONVENTION    
  current INTEGER ipSecurity(1), ipxSecurity(2), macSecurity(3)

CaqCosToDscpEntry  
SEQUENCE    
  caqCosToDscpCos QosLayer2Cos
  caqCosToDscpDscp Dscp

CaqIpPrecToDscpEntry  
SEQUENCE    
  caqIpPrecToDscpIpPrec CaqIpPrecedence
  caqIpPrecToDscpDscp Dscp

CaqDscpMappingEntry  
SEQUENCE    
  caqDscpMappingDscp Dscp
  caqDscpMappingCos QosLayer2Cos
  caqDscpMappingNRPolicedDscp Dscp
  caqDscpMappingERPolicedDscp Dscp

CaqCosAssignmentEntry  
SEQUENCE    
  caqCosAssignQueueType QosInterfaceQueueType
  caqCosAssignCos QosLayer2Cos
  caqCosAssignQueueNumber CaqQueueNumber
  caqCosAssignThresholdNumber CaqThresholdNumber

CaqQueueThresholdEntry  
SEQUENCE    
  caqQueueThreshQueueType QosInterfaceQueueType
  caqQueueThreshQueueIndex CaqQueueNumber
  caqQueueThreshThresholdIndex CaqThresholdNumber
  caqQueueThreshDropAlgorithm INTEGER
  caqQueueThreshDropThreshold Unsigned32
  caqQueueThreshMinWredThreshold Percent
  caqQueueThreshMaxWredThreshold Unsigned32

CaqQueueEntry  
SEQUENCE    
  caqQueueDirection CaqDirection
  caqQueueType QosInterfaceQueueType
  caqQueueNumber CaqQueueNumber
  caqQueueWrrWeight Unsigned32
  caqQueueBufferSizeRatio Unsigned32

CaqDscpMutationMapEntry  
SEQUENCE    
  caqDscpMutationTableId Unsigned32
  caqDscpMutationOldDscp Dscp
  caqDscpMutationNewDscp Dscp

CaqVlanMutationIdMapEntry  
SEQUENCE    
  caqVlanMutationIndex VlanIndex
  caqVlanMutationTableId Unsigned32

CaqIfConfigEntry  
SEQUENCE    
  caqIfCos QosLayer2Cos
  caqIfTrustStateConfig INTEGER
  caqIfAclBase INTEGER
  caqIfTrustDevice BITS
  caqIfOperTrustState INTEGER

CaqClassifierEntry  
SEQUENCE    
  caqClassifierAclType INTEGER
  caqClassifierAclName CaqAclName
  caqClassifierMapStatus RowStatus
  caqClassifierMapDirection BITS

CaqIfSecurityAclConfigEntry  
SEQUENCE    
  caqIfSecurityAclBase INTEGER

CaqIpOperClassifierEntry  
SEQUENCE    
  caqIpOperAclFeature INTEGER
  caqIpOperAclName SnmpAdminString
  caqIpOperAclMapSource BITS

CaqDownloadClassifierEntry  
SEQUENCE    
  caqDownloadAclFeature INTEGER
  caqDownloadClassifierAclName CaqAclName
  caqDownloadMapSource INTEGER
  caqDownloadAclType INTEGER

CaqIpAceEntry  
SEQUENCE    
  caqIpAceFeature INTEGER
  caqIpAclName CaqAclName
  caqIpAceIndex Unsigned32
  caqIpAceMatchedAction Unsigned32
  caqIpAceProtocolType Unsigned32
  caqIpAceAddrType InetAddressType
  caqIpAceSrcIp InetAddress
  caqIpAceSrcIpMask InetAddress
  caqIpAceSrcPortOp INTEGER
  caqIpAceSrcPort Unsigned32
  caqIpAceSrcPortRange Unsigned32
  caqIpAceDestIp InetAddress
  caqIpAceDestIpMask InetAddress
  caqIpAceDestPortOp INTEGER
  caqIpAceDestPort Unsigned32
  caqIpAceDestPortRange Unsigned32
  caqIpAceTosMatchCriteria INTEGER
  caqIpAceIpPrec CaqIpPrecedence
  caqIpAceDscp Dscp
  caqIpAceProtocolMatchCriteria INTEGER
  caqIpAceIcmpType Unsigned32
  caqIpAceIcmpCode Unsigned32
  caqIpAceIgmpType Unsigned32
  caqIpAceOrderPosition Unsigned32
  caqIpAceBeforePosition Unsigned32
  caqIpAceStatus RowStatus
  caqIpAceSecurityId Unsigned32
  caqIpAceSrcGroup SnmpAdminString
  caqIpAceDestGroup SnmpAdminString
  caqIpAceType INTEGER

CaqIpxAceEntry  
SEQUENCE    
  caqIpxAceFeature INTEGER
  caqIpxAclName CaqAclName
  caqIpxAceIndex Unsigned32
  caqIpxAceMatchedAction Unsigned32
  caqIpxAceSrcNet STRING
  caqIpxAceDestMatchCriteria BITS
  caqIpxAceProtocolType Unsigned32
  caqIpxAceDestNet STRING
  caqIpxAceDestNode STRING
  caqIpxAceDestNetMask STRING
  caqIpxAceDestNodeMask STRING
  caqIpxAceOrderPosition Unsigned32
  caqIpxAceBeforePosition Unsigned32
  caqIpxAceStatus RowStatus

CaqMacAceEntry  
SEQUENCE    
  caqMacAceFeature INTEGER
  caqMacAclName CaqAclName
  caqMacAceIndex Unsigned32
  caqMacAceMatchedAction Unsigned32
  caqMacAceSrcMac MacAddress
  caqMacAceSrcMacMask MacAddress
  caqMacAceDestMac MacAddress
  caqMacAceDestMacMask MacAddress
  caqMacAceEthertype Unsigned32
  caqMacAceOrderPosition Unsigned32
  caqMacAceBeforePosition Unsigned32
  caqMacAceStatus RowStatus
  caqMacAceMatchCriteria BITS
  caqMacAceCos QosLayer2Cos
  caqMacAceVlan VlanIndex

CaqQosActionSelectEntry  
SEQUENCE    
  caqQosActionSelectIndex Unsigned32
  caqQosActionSelectTrust INTEGER
  caqQosActionSelectDscp Dscp
  caqQosActionSelectMicroflow CaqPolicerNameOrEmpty
  caqQosActionSelectAggregate CaqPolicerNameOrEmpty
  caqQosActionSelectStatus RowStatus

CaqFlowPolicerEntry  
SEQUENCE    
  caqFlowPolicerName CaqPolicerName
  caqFlowPolicerType INTEGER
  caqFlowPolicerNormalRateRequest Integer32
  caqFlowPolicerNormalRateGrant Integer32
  caqFlowPolicerNormalRateAction INTEGER
  caqFlowPolicerExcessRateRequest Integer32
  caqFlowPolicerExcessRateGrant Integer32
  caqFlowPolicerExcessRateAction INTEGER
  caqFlowPolicerBurstSizeRequest Integer32
  caqFlowPolicerBurstSizeGrant Integer32
  caqFlowPolicerStatus RowStatus
  caqFlowPolicerExcessBurstRequest Unsigned32
  caqFlowPolicerExcessBurstGrant Unsigned32

CaqSecurityActionEntry  
SEQUENCE    
  caqSecurityActionIndex Unsigned32
  caqSecurityAction INTEGER
  caqSecurityRedirectPortList STRING
  caqSecurityCapture TruthValue
  caqSecurityActionStatus RowStatus
  caqSecurityAdjIndex Unsigned32
  caqSecurityArpMacAddress MacAddress
  caqSecurityRedirect2kPortList STRING
  caqSecurityDownloadedAceFeature INTEGER

CaqSecurityAclCaptureIfEntry  
SEQUENCE    
  caqSecurityAclCaptureEnable TruthValue

CaqQosDefaultActionEntry  
SEQUENCE    
  caqQosTrafficDirection CaqDirection
  caqQosTrafficType INTEGER
  caqQosDefaultTrustState INTEGER
  caqQosDefaultDscp Dscp
  caqQosDefaultMicroflow CaqPolicerNameOrEmpty
  caqQosDefaultAggregate CaqPolicerNameOrEmpty

CaqPortStatsEntry  
SEQUENCE    
  caqPortStatsDirection CaqDirection
  caqPortStatsQueueNumber CaqQueueNumber
  caqPortStatsThresholdNumber CaqThresholdNumber
  caqPortStatsDropPkts Counter64
  caqPortStatsDropPktsAveRate Gauge32
  caqPortStatsDropPktsPeakRate Gauge32

CaqFlowStatsEntry  
SEQUENCE    
  caqFlowStatsOutOfProfilePackets Counter64

CaqAggPolicerStatsEntry  
SEQUENCE    
  caqAggPolicerName CaqPolicerName
  caqAggPolicerPackets Counter64
  caqAggPolicerNRExceedPackets Counter64
  caqAggPolicerERExceedPackets Counter64
  caqAggPolicerOctets Counter64
  caqAggPolicerNRExceedOctets Counter64
  caqAggPolicerERExceedOctets Counter64
  caqAggPolicerOctetsRate CounterBasedGauge64
  caqAggPolicerNRExceedOctetsRate CounterBasedGauge64
  caqAggPolicerERExceedOctetsRate CounterBasedGauge64
  caqAggPolicerOctetsPeakRate CounterBasedGauge64
  caqAggPolicerPacketsRate CounterBasedGauge64
  caqAggPolicerNRExceedPacketsRate CounterBasedGauge64
  caqAggPolicerERExceedPacketsRate CounterBasedGauge64
  caqAggPolicerPacketsPeakRate CounterBasedGauge64

CaqBridgedPolicerEntry  
SEQUENCE    
  caqBridgedFlowVlanIndex VlanIndex
  caqBridgedFlowEnabled TruthValue

CaqCosMacVlanRouterEntry  
SEQUENCE    
  caqCosMacAddress MacAddress
  caqCosVlanNumber VlanIndex
  caqMacAddressCpb BITS
  caqCosValue QosLayer2Cos
  caqCosMacVlanRouterStatus RowStatus

CaqAdjacencyEntry  
SEQUENCE    
  caqAdjIndex Unsigned32
  caqAdjDstVlanNumber VlanIndex
  caqAdjDstMacAddress MacAddress
  caqAdjSrcMacAddress MacAddress
  caqAdjName CaqAdjacencyName
  caqAdjMtu Unsigned32
  caqAdjHitCount Counter64
  caqAdjStatus RowStatus

CaqIpFlowLoggingEntry  
SEQUENCE    
  caqIpFlowLoggingIndex Unsigned32
  caqIpFlowVlan VlanIndex
  caqIpFlowIfIndex InterfaceIndex
  caqIpFlowProtocolType Unsigned32
  caqIpFlowAddrType InetAddressType
  caqIpFlowSrcIp InetAddress
  caqIpFlowSrcPort Integer32
  caqIpFlowDestIp InetAddress
  caqIpFlowDestPort Integer32
  caqIpFlowIcmpType Integer32
  caqIpFlowIcmpCode Integer32
  caqIpFlowIgmpType Integer32
  caqIpFlowArpOpcode INTEGER
  caqIpFlowArpSrcMacAddr MacAddress
  caqIpFlowArpHeaderSrcMacAddr MacAddress
  caqIpFlowPacketsCount Counter32
  caqIpFlowLoggingTTL Unsigned32
  caqIpFlowArpLoggingSource INTEGER
  caqIpFlowArpAclName SnmpAdminString
  caqIpFlowArpAceNumber Unsigned32

CaqArpInspStatsEntry  
SEQUENCE    
  caqArpInspAclName CaqAclName
  caqArpInspForwardedPackets Counter64
  caqArpInspDroppedPackets Counter64

CaqIfArpInspConfigEntry  
SEQUENCE    
  caqIfArpInspDropThreshold Unsigned32
  caqIfArpInspShutdownThreshold Unsigned32

CaqAclHitCountEntry  
SEQUENCE    
  caqAclHitCountAclType CaqHitCountAclType
  caqAclHitCountAclName CaqAclName
  caqAclHitCountEnable TruthValue

CaqAceHitCountEntry  
SEQUENCE    
  caqAceHitCountAclType CaqHitCountAclType
  caqAceHitCountAclName CaqAclName
  caqAceHitCountAceIndex Unsigned32
  caqAceHitCountEnable TruthValue
  caqAceIngressHitCount Counter64
  caqAceEgressHitCount Counter64

CaqIfAclHitCountEntry  
SEQUENCE    
  caqIfAclHitCountAclType CaqHitCountAclType
  caqIfAclHitCountAclName CaqAclName
  caqIfAclHitCountAceIndex Unsigned32
  caqIfAclIngressHitCount Counter64
  caqIfAclEgressHitCount Counter64

CaqDownloadAclInfoEntry  
SEQUENCE    
  caqDownloadAclName SnmpAdminString
  caqDownloadAclUserCount Unsigned32
  caqDownloadAclDownloadTime DateAndTime

CaqIpDownloadAceEntry  
SEQUENCE    
  caqIpDownloadAclName SnmpAdminString
  caqIpDownloadAceIndex Unsigned32
  caqIpDownloadAceMatchedAction INTEGER
  caqIpDownloadAceProtocolType CiscoIpProtocol
  caqIpDownloadAceAddrType InetAddressType
  caqIpDownloadAceSrcIp InetAddress
  caqIpDownloadAceSrcIpMask InetAddress
  caqIpDownloadAceSrcPortOp INTEGER
  caqIpDownloadAceSrcPort InetPortNumber
  caqIpDownloadAceSrcPortRange InetPortNumber
  caqIpDownloadAceDestIp InetAddress
  caqIpDownloadAceDestIpMask InetAddress
  caqIpDownloadAceDestPortOp INTEGER
  caqIpDownloadAceDestPort InetPortNumber
  caqIpDownloadAceDestPortRange InetPortNumber
  caqIpDownloadAceTosMatchCriteria INTEGER
  caqIpDownloadAceIpPrec CaqIpPrecedence
  caqIpDownloadAceDscp Dscp
  caqIpDnldAcePrtocolMatchCriteria INTEGER
  caqIpDownloadAceIcmpType Unsigned32
  caqIpDownloadAceIcmpCode Unsigned32

CaqIfDownloadAclEntry  
SEQUENCE    
  caqIfDownloadAclFeature INTEGER
  caqIfDownloadAclAddressType InetAddressType
  caqIfDownloadAclHostAddress InetAddress

CaqIfIpPhoneMapEntry  
SEQUENCE    
  caqIfIpPhoneAddressType InetAddressType
  caqIfIpPhoneHostAddress InetAddress

Defined Values

ciscoCatOSAclQosMIB 1.3.6.1.4.1.9.9.179
This MIB module is for Access Control Lists(ACLs) configuration of Quality of Service (QoS) as well as Security feature on the Cisco Catalyst 5000/6000 series switch running CatOS. It also provides QoS configuration and statistics information. Configuration information available through this MIB includes Security and QoS ACL configuration for IP, IPX and Layer 2 traffic, QoS and Security configuration parameters. Statistics available through this MIB includes QoS statistics for Layer 3 traffic. In addition, detailed, flow-specific statistics are also available. This MIB module is applied in conjunction with CISCO-QOS-POLICY-CONFIG-MIB. The configuration information available through this MIB takes effect throughout the device when the value of qosPrOperPolicySource object in CISCO-QOS-POLICY-CONFIG-MIB is 'local' or applies to a specific interface when the value of qosPrIfOperPolicySource object in CISCO-QOS-POLICY-CONFIG-MIB which associates with that interface is 'local' while the value of qosPrOperPolicySource is not 'local'. The following terms are used throughout this MIB: ACE stands for Access Control Entry. An ACL consists of an ordered set of ACEs. ACE is a filter which is used to identify flows with certain characteristics. It includes fields such as ingress/egress ports, L2(layer 2) addresses, L3(layer 3) addresses, TCP/UDP port numbers, etc. QoS ACE and Security ACE are very similar to each other but the actions of the ACEs are different. Security ACEs are compared to each packet, and each ACE specifies whether packets that match with it are either forwarded or dropped. ESP: Enscrypted Security Payload. QoS is the method which attempts to ensure that the network requirements of different applications can be met by giving preferential forwarding treatment to some traffic. It is usually consisted of these steps: classification, policing, output scheduling, marking and shaping. Classification identifies the traffic. Policing checks if the traffic conformed to a specified criteria. Output scheduling, marking and shaping control how the traffic is transmitted to the next hop. A flow is a non-specific term for a microflow or an aggregate flow. Microflow is a single instance of an application to application flow of packets which is identified by source address, source port, destination address, destination port and protocol id. Aggregate flow is a collection of microflows that are treated together as one for the purpose of QoS. DSCP (Differentiated Services Code Point) is the six most significant bits of the ToS field in a IP packet header. DSCP Mutation: the previous hop(s) and the following hop(s) of a device may reside in a different QoS domain. A QoS domain refers to the set of QoS rules and conventions adopted by an administrative entity. For instance, a set of DSCP values may have a different meaning in different domains. DSCP mutation allows a DSCP set to be mutated or transformed in order to maintain semantic compatibility between adjacent domains. The mutation is done via mapping tables which maps the old DSCP value from one domain to a new DSCP value in the other domain. IP precedence is the three most significant bits of the ToS field in a IP packet header. Cos (Class of Service) is the three bits in the layer 2 header that indicates user priority value assigned to this packet. Trust state is a parameter configured at a physical interface or an ACL to determine a DSCP value assigned to a packet for QoS purpose. In profile packet is a packet that does not cause the committed access rate of the packet's flow to be exceeded. Out of profile packet is a packet that cause the committed access rate of the packet's flow to be exceeded. To accomplish classification, the user defines an ACL describing the specification of a traffic flow then attaches this ACL to a physical interface or a vlan. When a packet arrives at an interface, depending on the configured trust state at that interface, it can either be matched against an ACL if the trust state is not trusted or get a DSCP assigned and go directly to output scheduling. In the former case, when the packet matches an ACE in the attached ACL, the next step will be policing. At the end of classification process, a packet has a DSCP value assigned. In some platform (e.g. Catalyst 4000) that does not support ACL configuration, classification is accomplished by matching the Cos value of incoming packet. A packet can be policed at microflow or aggregate flow level. Policing is done using the token bucket algorithm. At the end of policing process, if packet does not cause the flow to exceed the normal rate, it will continue to the next step. Otherwise, the packet is dropped or assigned a 'policed' DSCP value. Some platforms support multi-rate policing. When packet causes the flow to exceed the normal rate but not the excess rate, it is assigned a 'policed' DSCP value. When packet causes the flow to exceed excess rate, it is either dropped or has a 'policed' DSCP value assigned. After policing process, the next step is output scheduling. Output scheduling is the process of assigning a packet to a queue and a threshold according to the packet's Cos value. To get its Cos value, a DSCP to Cos mapping will be performed. This MIB also defines 'Security ACLs' which some devices support as a mean to enforce security. Security ACLs, attached at an ingress interface, are compared to each packet arriving at that interface. If the packet matches an ACE in the ACLs, it is either permitted to go through the device or blocked and dropped or redirected to another interface.
MODULE-IDENTITY    

ciscoCatOSAclQosMIBObjects 1.3.6.1.4.1.9.9.179.1
OBJECT IDENTIFIER    

caqGlobalObjects 1.3.6.1.4.1.9.9.179.1.1
OBJECT IDENTIFIER    

caqInterfaceObjects 1.3.6.1.4.1.9.9.179.1.2
OBJECT IDENTIFIER    

caqAclObjects 1.3.6.1.4.1.9.9.179.1.3
OBJECT IDENTIFIER    

caqQosStatsObjects 1.3.6.1.4.1.9.9.179.1.4
OBJECT IDENTIFIER    

caqExtObjects 1.3.6.1.4.1.9.9.179.1.5
OBJECT IDENTIFIER    

caqPbfObjects 1.3.6.1.4.1.9.9.179.1.6
OBJECT IDENTIFIER    

caqLoggingObjects 1.3.6.1.4.1.9.9.179.1.7
OBJECT IDENTIFIER    

caqArpInspObjects 1.3.6.1.4.1.9.9.179.1.8
OBJECT IDENTIFIER    

caqAclHitCountObjects 1.3.6.1.4.1.9.9.179.1.9
OBJECT IDENTIFIER    

caqDownloadAclObjects 1.3.6.1.4.1.9.9.179.1.10
OBJECT IDENTIFIER    

caqCosToDscpTable 1.3.6.1.4.1.9.9.179.1.1.1
This table contains the mapping of Cos values to DSCP values. This map is used to associate the Cos of packets arriving at a port to a DSCP where the port's trust state is trustCoS(2). This map is a table of eight Cos values (0 through 7) and their corresponding DSCP values. This mapping applies to every port on the device.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqCosToDscpEntry

caqCosToDscpEntry 1.3.6.1.4.1.9.9.179.1.1.1.1
Each row contains the mapping from a CoS value to a DSCP value.
OBJECT-TYPE    
  CaqCosToDscpEntry  

caqCosToDscpCos 1.3.6.1.4.1.9.9.179.1.1.1.1.1
The CoS value being mapped to the DSCP value in this device.
OBJECT-TYPE    
  QosLayer2Cos  

caqCosToDscpDscp 1.3.6.1.4.1.9.9.179.1.1.1.1.2
The DSCP value which the CoS value maps to. The default configuration is : CoS DSCP 0 0 1 8 2 16 3 24 4 32 5 40 6 48 7 56 .
OBJECT-TYPE    
  Dscp  

caqIpPrecToDscpTable 1.3.6.1.4.1.9.9.179.1.1.2
This table contains the mapping of IP Precedence to DSCP. This map is used to associate the IP Precedence of IP packets arriving at a port to a DSCP where the port's trust state is trustIpPrec(3). This map is a table of eight IpPrecedence values (0 through 7) and their corresponding DSCP values. This mapping applies to every port on the device.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqIpPrecToDscpEntry

caqIpPrecToDscpEntry 1.3.6.1.4.1.9.9.179.1.1.2.1
Each row contains the mapping from an IP Precedence value to a DSCP value.
OBJECT-TYPE    
  CaqIpPrecToDscpEntry  

caqIpPrecToDscpIpPrec 1.3.6.1.4.1.9.9.179.1.1.2.1.1
The IP Precedence value being mapped to the DSCP value in this device.
OBJECT-TYPE    
  CaqIpPrecedence  

caqIpPrecToDscpDscp 1.3.6.1.4.1.9.9.179.1.1.2.1.2
The DSCP value which the IP Precedence value maps to. The default configuration is the identity function : IPPrec DSCP 0 0 1 8 2 16 3 24 4 32 5 40 6 48 7 56 .
OBJECT-TYPE    
  Dscp  

caqDscpMappingTable 1.3.6.1.4.1.9.9.179.1.1.3
This table always has 64 entries, one for each DSCP value. The table contains three mappings from the DSCP value assigned to a packet. One mapping is to the egress CoS to be stored in the layer-2 frame headers for output on 802.1Q or ISL interfaces. The other two mappings are to the remarked (or 'marked down') DSCP values which are used when a policer's requires that a packet's DSCP value to be modified. Of these two mappings, one is for a Normal Rate policer, and the other is for an Excess Rate policer. These mappings apply for every port on the device.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqDscpMappingEntry

caqDscpMappingEntry 1.3.6.1.4.1.9.9.179.1.1.3.1
Each row contains the mapping from DSCP value to CoS value and policed DSCP.
OBJECT-TYPE    
  CaqDscpMappingEntry  

caqDscpMappingDscp 1.3.6.1.4.1.9.9.179.1.1.3.1.1
The DSCP value being mapped to the CoS value and policed DSCP value in this device.
OBJECT-TYPE    
  Dscp  

caqDscpMappingCos 1.3.6.1.4.1.9.9.179.1.1.3.1.2
The CoS value which the DSCP values maps to. The default configuration is calculated from the formula CoS = DSCP divide by 8. That is: DSCP 0-7 all map to CoS 0; DSCP 8-15 all map to CoS 1; ... DSCP 32-39 all map to CoS 4; ... DSCP 56-63 all map to CoS 7.
OBJECT-TYPE    
  QosLayer2Cos  

caqDscpMappingNRPolicedDscp 1.3.6.1.4.1.9.9.179.1.1.3.1.3
The normal rate policed DSCP value which the DSCP values maps to. The normal rate default mapping of DSCP to 'marked down' DSCP is the identity function. That is: 63 -> 63 62 -> 62 ... 31 -> 31 ... 2 -> 2 1 -> 1 0 -> 0.
OBJECT-TYPE    
  Dscp  

caqDscpMappingERPolicedDscp 1.3.6.1.4.1.9.9.179.1.1.3.1.4
The excess rate policed DSCP value which the DSCP values maps to. If the value of caqFlowPolicerExcessRateSupport object is false(2), this object cannot be instantiated. The excess rate default DSCP mapping of DSCP to 'marked down' DSCP is the identity function. That is: 63 -> 63 62 -> 62 ... 31 -> 31 ... 2 -> 2 1 -> 1 0 -> 0.
OBJECT-TYPE    
  Dscp  

caqCosAssignmentTable 1.3.6.1.4.1.9.9.179.1.1.4
This table provides the information for and configuration of assigning packets to queues and thresholds based on their CoS value.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqCosAssignmentEntry

caqCosAssignmentEntry 1.3.6.1.4.1.9.9.179.1.1.4.1
The assignment of packets to a pair of queue and threshold based on their Cos value. The packets assignment also depends on port types. For each port type, there is a set of Cos value (0..7) associated with a pair of queue number and threshold number (q,t). Packets that have their Cos value belong to a particular set will be assigned to the pair of queue number and threshold number that this set associated with.
OBJECT-TYPE    
  CaqCosAssignmentEntry  

caqCosAssignQueueType 1.3.6.1.4.1.9.9.179.1.1.4.1.1
The queue type of this interface.
OBJECT-TYPE    
  QosInterfaceQueueType  

caqCosAssignCos 1.3.6.1.4.1.9.9.179.1.1.4.1.2
Indicates the Cos value which is used to match the Cos value of packets for queue assignment.
OBJECT-TYPE    
  QosLayer2Cos  

caqCosAssignQueueNumber 1.3.6.1.4.1.9.9.179.1.1.4.1.3
The queue number which the Cos value denoted by caqCosAssignCos will be associated with. This queue number must not larger than the queue count defined by caqCosAssignQueueType.
OBJECT-TYPE    
  CaqQueueNumber  

caqCosAssignThresholdNumber 1.3.6.1.4.1.9.9.179.1.1.4.1.4
The threshold number which the Cos value denoted by caqCosAssignCos will be associated with. This threshold number must not larger than the threshold count defined by caqCosAssignQueueType.
OBJECT-TYPE    
  CaqThresholdNumber  

caqQueueThresholdTable 1.3.6.1.4.1.9.9.179.1.1.5
This table maintains threshold parameters for the specified queue number and threshold number of a port type.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqQueueThresholdEntry

caqQueueThresholdEntry 1.3.6.1.4.1.9.9.179.1.1.5.1
For each threshold of a queue, there are parameters to set on the threshold. This entry contains the parameters.
OBJECT-TYPE    
  CaqQueueThresholdEntry  

caqQueueThreshQueueType 1.3.6.1.4.1.9.9.179.1.1.5.1.1
Indicates the queue type.
OBJECT-TYPE    
  QosInterfaceQueueType  

caqQueueThreshQueueIndex 1.3.6.1.4.1.9.9.179.1.1.5.1.2
Indicates queue number. This queue number must not be larger than the queue count defined by caqQueueThreshQueueType.
OBJECT-TYPE    
  CaqQueueNumber  

caqQueueThreshThresholdIndex 1.3.6.1.4.1.9.9.179.1.1.5.1.3
Indicates threshold number. This threshold number must not be larger than the threshold count defined by caqQueueThreshQueueType.
OBJECT-TYPE    
  CaqThresholdNumber  

caqQueueThreshDropAlgorithm 1.3.6.1.4.1.9.9.179.1.1.5.1.4
Indicates the drop algorithm used at this queue and threshold. tailDrop(1) indicates that tailDrop is used. wred(2) indicates that WRED is used.
OBJECT-TYPE    
  INTEGER tailDrop(1), wred(2)  

caqQueueThreshDropThreshold 1.3.6.1.4.1.9.9.179.1.1.5.1.5
This object specifies the drop threshold parameter for a pair of queue and threshold of an interface queue type when the drop algorithm is tail drop. Once the packets in the buffer is more than the value of this object, the incoming packets of the buffer are dropped. The value is a percentage of the full buffer. This object is instantiated only if the value of caqQueueThreshDropAlgorithm is tailDrop(1).
OBJECT-TYPE    
  Unsigned32 1..100  

caqQueueThreshMinWredThreshold 1.3.6.1.4.1.9.9.179.1.1.5.1.6
This object specifies the min WRED threshold parameter of a threshold number for the specific port type when WRED drop algorithm is used. WRED (Weighted Random Early Detect) is a mechanism which drops packets fairly during congestion so that adaptive applications can react to congestion. This object specifies a percentage of the buffer size. This object is instantiated only if the value of caqQueueThreshDropAlgorithm is wred(2).
OBJECT-TYPE    
  Percent  

caqQueueThreshMaxWredThreshold 1.3.6.1.4.1.9.9.179.1.1.5.1.7
This object specifies the max WRED threshold parameter of a threshold number for the specific port type when WRED drop algorithm is used. This object is instantiated only if the value of caqQueueThreshDropAlgorithm is wred(2).
OBJECT-TYPE    
  Unsigned32 1..100  

caqQueueTable 1.3.6.1.4.1.9.9.179.1.1.6
A table used to configure the WRR (weighted round robin) weights for queues and the ratio of memory buffer allocation for each queue. It only contains entries for the specific port types which supports either WRR or buffer allocation.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqQueueEntry

caqQueueEntry 1.3.6.1.4.1.9.9.179.1.1.6.1
A set of WRR weight and memory buffer allocation ratio for ingress or egress of a specific queue.
OBJECT-TYPE    
  CaqQueueEntry  

caqQueueDirection 1.3.6.1.4.1.9.9.179.1.1.6.1.1
Indicates whether this row's queue parameters are to be applied for ingress or for egress traffic.
OBJECT-TYPE    
  CaqDirection  

caqQueueType 1.3.6.1.4.1.9.9.179.1.1.6.1.2
Indicates the queue type.
OBJECT-TYPE    
  QosInterfaceQueueType  

caqQueueNumber 1.3.6.1.4.1.9.9.179.1.1.6.1.3
Indicates queue number.
OBJECT-TYPE    
  CaqQueueNumber  

caqQueueWrrWeight 1.3.6.1.4.1.9.9.179.1.1.6.1.4
This object is to configure the weight for the specified queue type and for the specified direction.
OBJECT-TYPE    
  Unsigned32 1..255  

caqQueueBufferSizeRatio 1.3.6.1.4.1.9.9.179.1.1.6.1.5
Indicates the percentage of ingress or egress packet buffer memory allocated to the specified queue.
OBJECT-TYPE    
  Unsigned32 1..99  

caqDscpMutationMapTable 1.3.6.1.4.1.9.9.179.1.1.7
The table provides the DSCP mutation mapping configuration on the device. This table is only instantiated if DSCP Mutation is supported by the device.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqDscpMutationMapEntry

caqDscpMutationMapEntry 1.3.6.1.4.1.9.9.179.1.1.7.1
Each row contains the mapping from old DSCP value to new DSCP value per specific mutation table.
OBJECT-TYPE    
  CaqDscpMutationMapEntry  

caqDscpMutationTableId 1.3.6.1.4.1.9.9.179.1.1.7.1.1
The mutation table ID number.
OBJECT-TYPE    
  Unsigned32  

caqDscpMutationOldDscp 1.3.6.1.4.1.9.9.179.1.1.7.1.2
The old DSCP value.
OBJECT-TYPE    
  Dscp  

caqDscpMutationNewDscp 1.3.6.1.4.1.9.9.179.1.1.7.1.3
The new DSCP value which the old DSCP values maps to for a specific mutation table. The default mapping of old DSCP to new DSCP for mutation purpose is the identity function. That is: 63 -> 63 62 -> 62 ... 31 -> 31 ... 2 -> 2 1 -> 1 0 -> 0.
OBJECT-TYPE    
  Dscp  

caqVlanMutationIdMapTable 1.3.6.1.4.1.9.9.179.1.1.8
The table provides the VLAN to mutation table mapping configuration on the device. This table is only instantiated if DSCP Mutation is supported by the device.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqVlanMutationIdMapEntry

caqVlanMutationIdMapEntry 1.3.6.1.4.1.9.9.179.1.1.8.1
When the first time a VLAN is created in a device supporting this table, a corresponding entry of this table will be added. The value of caqVlanMutationTableId object in such row will be initialized to 0.
OBJECT-TYPE    
  CaqVlanMutationIdMapEntry  

caqVlanMutationIndex 1.3.6.1.4.1.9.9.179.1.1.8.1.1
Indicates the VLAN number.
OBJECT-TYPE    
  VlanIndex  

caqVlanMutationTableId 1.3.6.1.4.1.9.9.179.1.1.8.1.2
Indicates the mutation table ID number. The value of this object should match one of caqDscpMutationTableId object value in caqDscpMutationMapTable. Mutation table 0 always provides the identity mapping.
OBJECT-TYPE    
  Unsigned32  

caqDscpRewriteEnabled 1.3.6.1.4.1.9.9.179.1.1.9
Indicates whether DSCP rewrite is enabled or disabled in the device. if true(1), all outgoing packets will have their DSCP value rewrited based on the result of classification, policing or DSCP mutation configured in the device. if false(2), all outgoing packets will have their DSCP values as when they arrived.
OBJECT-TYPE    
  TruthValue  

caqMacPktClassifyVlansLow 1.3.6.1.4.1.9.9.179.1.1.10
A string of octets containing one bit per VLAN for VLANs with VlanIndex value of 0 to 2047. The first octet corresponds to VLANs with VlanIndex values of 0 through 7; the second octet to VLANs 8 through 15; etc. The most significant bit of each octet corresponds to the lowest value VlanIndex in that octet. For each VLAN, if Ethernet packet classify feature is enabled then the bit corresponding to that VLAN is set to '1'. Note that if the length of this string is less than 256 octets, any 'missing' octets are assumed to contain the value zero. A NMS may omit any zero-valued octets from the end of this string in order to reduce SetPDU size, and the agent may also omit zero-valued trailing octets, to reduce the size of GetResponse PDUs.
OBJECT-TYPE    
  STRING Size(0..256)  

caqMacPktClassifyVlansHigh 1.3.6.1.4.1.9.9.179.1.1.11
A string of octets containing one bit per VLAN for VLANs with VlanIndex value of 2048 to 4095. The first octet corresponds to VLANs with VlanIndex values of 2048 through 2055; the second octet to VLANs 2056 through 2063; etc. The most significant bit of each octet corresponds to the lowest value VlanIndex in that octet. For each VLAN, if Ethernet packet classify feature is enabled then the bit corresponding to that VLAN is set to '1'. Note that if the length of this string is less than 256 octets, any 'missing' octets are assumed to contain the value zero. A NMS may omit any zero-valued octets from the end of this string in order to reduce SetPDU size, and the agent may also omit zero-valued trailing octets, to reduce the size of GetResponse PDUs.
OBJECT-TYPE    
  STRING Size(0..256)  

caqIfConfigTable 1.3.6.1.4.1.9.9.179.1.2.1
This table describes the trust state and the default Cos value configured at each physical interface. It also indicates whether an ACL attached to a Qos capable physical interface is applied per VLAN or per physical interface if the platform supports ACL configuration.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqIfConfigEntry

caqIfConfigEntry 1.3.6.1.4.1.9.9.179.1.2.1.1
The index of this table is the ifIndex of a physical port with QoS capability.
OBJECT-TYPE    
  CaqIfConfigEntry  

caqIfCos 1.3.6.1.4.1.9.9.179.1.2.1.1.1
This object indicates the default Cos value configured at this physical interface. This default value will be assigned to packet which does not have a Cos value in its layer-2 header when the packet arrives at this interface.
OBJECT-TYPE    
  QosLayer2Cos  

caqIfTrustStateConfig 1.3.6.1.4.1.9.9.179.1.2.1.1.2
This object is used to set the trust state of an interface. (whether the packets arriving at an interface are trusted to carry the correct data for classification.) If the object is untrusted(1), then the DSCP assigned to the packet is the DSCP specified by classification rule obtained from the matching ACE (Access Control Entry). ACE is a filter that is used to identify flows with certain characteristics. It includes fields such as ingress/egress ports, L2 addresses, L3 addresses , TCP/UDP port number. If this object is trustCoS(2), then the DSCP assigned to the packet is the layer2 CoS of the packet mapped to a DSCP by the CoS-to-DSCP mapping defined in object caqCosToDscpDscp. When this object is trustIpPrec(3), a DSCP is assigned to an IP packet according to the IP-Precedence-to-DSCP mapping defined by the values contained in caqIpPrecToDscpTable. For non-IP packets, trustIpPrec(3) has identical behavior as trustCoS(2). When this object is trustDscp(4), the DSCP contained in an IP packet is trusted as being the correct value to assign to it. For non-IP packets, trustDscp(4) has identical behavior as trustCoS(2).
OBJECT-TYPE    
  INTEGER untrusted(1), trustCoS(2), trustIpPrec(3), trustDscp(4)  

caqIfAclBase 1.3.6.1.4.1.9.9.179.1.2.1.1.3
For a given physical interface, this object indicates whether packets arriving at that interface are classified and policed based on port's ACL or based on the ACL of the VLAN which the port belongs to. This object is only instantiated if the platform support ACL configuration.
OBJECT-TYPE    
  INTEGER vlan(1), port(2)  

caqIfTrustDevice 1.3.6.1.4.1.9.9.179.1.2.1.1.4
For a given physical interface, this object indicates the restriction on trusting only a specific type of device which is connected to this interface to carry the correct data for classification. trustCiscoIPPhone(0) indicates that there is a restriction on trusting only ciscoIPPhone to carry the correct data for classification. If there is no bits turned on, any device connected to this interface is trusted to carry the correct data for clarification. This object is only instantiated if the platform supports trust device configuration.
OBJECT-TYPE    
  BITS trustCiscoIPPhone(0)  

caqIfOperTrustState 1.3.6.1.4.1.9.9.179.1.2.1.1.5
This object is used to indicate the operational trust state of an interface. The operational trust state may or may not be identical to the config trust state denoted by caqIfTrustStateConfig. The value of this object depends on the runtime conditions such as whether the interface is configured to trust a certain type of device as denoted by caqIfTrustDevice as well as whether a device of the trusted type is connected to the interface. For example, if the interface is configured to only trust Cisco IP Phone and the phone is not connected to the interface at runtime, the operational trust state of this interface will have the untrusted(1) value even if the trustCoS(2) value is configured in caqIfTrustStateConfig. This object is only instantiated if the platform supports trust device configuration. If the object is untrusted(1), then the DSCP assigned to the packet is the DSCP specified by classification rule obtained from the matching ACE (Access Control Entry). ACE is a filter that is used to identify flows with certain characteristics. It includes fields such as ingress/egress ports, L2 addresses, L3 addresses , TCP/UDP port number. If this object is trustCoS(2), then the DSCP assigned to the packet is the layer2 CoS of the packet mapped to a DSCP by the CoS-to-DSCP mapping defined in object caqCosToDscpDscp. When this object is trustIpPrec(3), a DSCP is assigned to an IP packet according to the IP-Precedence-to-DSCP mapping defined by the values contained in caqIpPrecToDscpTable. For non-IP packets, trustIpPrec(3) has identical behavior as trustCoS(2). When this object is trustDscp(4), the DSCP contained in an IP packet is trusted as being the correct value to assign to it. For non-IP packets, trustDscp(4) has identical behavior as trustCoS(2).
OBJECT-TYPE    
  INTEGER untrusted(1), trustCoS(2), trustIpPrec(3), trustDscp(4)  

caqClassifierTable 1.3.6.1.4.1.9.9.179.1.2.2
This table identifies which ACLs are in use on which interfaces. Some devices may impose constraints on the number of ACLs that can be attached to each interface; for example a constraint that at most three Qos ACLs, one for each type: IP, IPX and MAC, and at most three Security ACLs, one for each type: IP, IPX and MAC, can be attached to an interface.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqClassifierEntry

caqClassifierEntry 1.3.6.1.4.1.9.9.179.1.2.2.1
An entry identifies that a particular ACL is in use on a particular interface. An interface can be a physical port or a VLAN.
OBJECT-TYPE    
  CaqClassifierEntry  

caqClassifierAclType 1.3.6.1.4.1.9.9.179.1.2.2.1.1
Indicates the type of ACL attached to this interface. ipQos(1) indicates that this ACL is an IP Qos ACL. ipxQos(2) indicates that this ACL is an IPX Qos ACL. macQos(3) indicates that this ACL is a MAC Qos ACL. ipSecurity(4) indicates that this ACL is an IP Security ACL. ipxSecurity(5) indicates that this ACL is an IPX Security ACL. macSecurity(6) indicates that this ACL is a MAC Security ACL.
OBJECT-TYPE    
  INTEGER ipQos(1), ipxQos(2), macQos(3), ipSecurity(4), ipxSecurity(5), macSecurity(6)  

caqClassifierAclName 1.3.6.1.4.1.9.9.179.1.2.2.1.2
Indicates the ACL name which should exist in the ACL tables e.g. in caqIpAceTable. This ACL can be a Qos ACL or a Security ACL.
OBJECT-TYPE    
  CaqAclName  

caqClassifierMapStatus 1.3.6.1.4.1.9.9.179.1.2.2.1.3
The status of this classifier conceptual row entry. An entry may not exist in the active state unless the ACL name denoted by caqClassifierAclName object in the entry exist and active (i.e. its RowStatus object is active(1)) in an ACL table. Once a row becomes active, value in any other column within such row cannot be modified except by setting caqClassifierMapStatus to notInService(2) for such row.
OBJECT-TYPE    
  RowStatus  

caqClassifierMapDirection 1.1.3.6.1.4.1.9.9.179.1.2.2.1.4
Indicates whether this ACL are to be attached to ingress or egress direction.
OBJECT-TYPE    
  BITS ingress(0), egress(1)  

caqIfSecurityAclConfigTable 1.3.6.1.4.1.9.9.179.1.2.3
A list of the interfaces which support the security ACL feature.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqIfSecurityAclConfigEntry

caqIfSecurityAclConfigEntry 1.3.6.1.4.1.9.9.179.1.2.3.1
An entry contains configuration information about a security ACL mapped to a interface which is capable for this feature.
OBJECT-TYPE    
  CaqIfSecurityAclConfigEntry  

caqIfSecurityAclBase 1.3.6.1.4.1.9.9.179.1.2.3.1.1
The security ACL configuration mode for an interface. Setting this variable to the value port(1) will cause the packets (L3 forwarded packets and L2 packets) arriving at that interface to be filtered based on the ACL mapped to that interface. Setting this variable to the value vlan(2) will cause the packets (L3 forwarded packets and L2 packets) arriving at that access interface to be filtered based on two ACL(the router's ACL and the ACL of the VLAN to which the interface belongs). If it is a trunking interface, the vlan-tag packets will be filtered based on the ACL of the tag-vlan. Setting this variable to the value merge(3) will merge the physical interface ACL, the VLAN ACL and the router ACL together to emulate the logical serial model shown below. L3 only Port ACL -> VLAN ACL -> Router ACL -> Router ACL -> VLAN ACL physical ingress ingress egress egress interface
OBJECT-TYPE    
  INTEGER port(1), vlan(2), merge(3)  

caqIpOperClassifierTable 1.3.6.1.4.1.9.9.179.1.2.4
This table identifies which operational IP ACLs are in use on which interfaces.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqIpOperClassifierEntry

caqIpOperClassifierEntry 1.3.6.1.4.1.9.9.179.1.2.4.1
An entry in this table identifies operational IP ACLs that are currently in use on a particular interface. An interface can be a physical port or a VLAN.
OBJECT-TYPE    
  CaqIpOperClassifierEntry  

caqIpOperAclFeature 1.3.6.1.4.1.9.9.179.1.2.4.1.1
An index indicates the feature to which the operational IP ACLs mapped at this interface are applied. 'ingressIpQos' indicates the ACL mapped at this interface is used to classify ingress IP traffic for QoS feature. 'egressIpQos' indicates the ACL mapped at this interface is used to classify egress IP traffic for QoS feature. 'ipSecurity' indicates the ACL mapped at this interface is used to classify IP traffic for security feature.
OBJECT-TYPE    
  INTEGER ingressIpQos(1), egressIpQos(2), ipSecurity(3)  

caqIpOperAclName 1.3.6.1.4.1.9.9.179.1.2.4.1.2
This object indicates the name of an operational IP ACL which is mapped at this interface to classify IP traffic for feature denoted by caqIpOperAclFeature object.
OBJECT-TYPE    
  SnmpAdminString  

caqIpOperAclMapSource 1.3.6.1.4.1.9.9.179.1.2.4.1.3
This object indicates the sources that map the operational IP ACLs at this interface. 'configured' indicates that the ACL mapping is introduced by manual configuration through CLI or an NMS application. 'dot1x' indicates that the ACL mapping is introduced by the operation of 802.1x feature. 'macAuth' indicates that the ACL mapping is introduced by the operation of Mac Authentication Bypass feature. 'webAuth' indicates that the ACL mapping is introduced by the operation of Web Authentication feature. 'eou' indicates that the ACL mapping is introduced by the operation of Extensible Authentication Protocol over UDP (EOU) feature.
OBJECT-TYPE    
  BITS configured(0), dot1x(1), macAuth(2), webAuth(3), eou(4)  

caqDownloadClassifierTable 1.3.6.1.4.1.9.9.179.1.2.5
This table identifies ACLs assignment to capable interface which is downloaded using different security features.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqDownloadClassifierEntry

caqDownloadClassifierEntry 1.3.6.1.4.1.9.9.179.1.2.5.1
An entry identifies ACLs assignment on a capable physical interface.
OBJECT-TYPE    
  CaqDownloadClassifierEntry  

caqDownloadAclFeature 1.3.6.1.4.1.9.9.179.1.2.5.1.1
This object indicates the feature that ACLs mapped at this interface is used for. 'ingressIpQos' indicates the ACL mapped at this interface is used to classify ingress IP traffic for QoS feature. 'egressIpQos' indicates the ACL mapped at this interface is used to classify egress IP traffic for QoS feature. 'ipSecurity' indicates the ACL mapped at this interface is used to classify IP traffic for security feature.
OBJECT-TYPE    
  INTEGER ingressIpQos(1), egressIpQos(2), ipSecurity(3)  

caqDownloadClassifierAclName 1.3.6.1.4.1.9.9.179.1.2.5.1.2
This object indicates the ACL name mapped to this interface to classify traffic for a specific feature denoted by the corresponding caqDownloadAclFeature.
OBJECT-TYPE    
  CaqAclName  

caqDownloadMapSource 1.3.6.1.4.1.9.9.179.1.2.5.1.3
This object indicates the source that maps the ACLs at this interface. 'dot1x' indicates that the ACL mapping is introduced by the operation of 802.1x feature. 'macAuth' indicates that the ACL mapping is introduced by the operation of Mac Authentication Bypass feature.
OBJECT-TYPE    
  INTEGER dot1x(1), macAuth(2)  

caqDownloadAclType 1.3.6.1.4.1.9.9.179.1.2.5.1.4
This object indicates the type of the ACL. 'pacl' indicates this is a port-based ACL. 'vacl' indicates this is a VLAN-based ACL.
OBJECT-TYPE    
  INTEGER pacl(1), vacl(2)  

caqAclCapabilities 1.3.6.1.4.1.9.9.179.1.3.1
Indicates what ACL capabilities are supported on the device. An ACL belongs to one of the following types: IP, IPX and MAC. Furthermore, an ACL can be used for either QoS or Security feature. If ipQos(0) bit is turned on, caqIpAceTable can be instantiated for Qos feature, otherwise it can not. If ipxQos(1) bit is turned on, caqIpxAceTable can be instantiated for Qos feature, otherwise it can not. If macQos(2) bit is turned on, caqMacAceTable can be instantiated for Qos feature, otherwise it can not. If ipSecurity(3) bit is turned on, caqIpAceTable can be instantiated for Security feature, otherwise it can not. If ipxSecurity(4) bit is turned on, caqIpxAceTable can be instantiated for Security feature, otherwise it can not. If macSecurity(5) bit is turned on, caqMacAceTable can be instantiated for Security feature, otherwise it can not.
OBJECT-TYPE    
  BITS ipQos(0), ipxQos(1), macQos(2), ipSecurity(3), ipxSecurity(4), macSecurity(5)  

caqIpAceTable 1.3.6.1.4.1.9.9.179.1.3.2
This table contains a list of IP ACEs. Each ACE consists of a filter specification and behavior associated with it which describes what action to carry out on packets which match. An ACL is defined as the set of ACEs of the same type (all QoS, or all Security). Within a feature (qos or security), each ACE is named by a combination of an AclName and an ACE index, such that all the ACEs which are named using the same AclName are part of the same ACL.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqIpAceEntry

caqIpAceEntry 1.3.6.1.4.1.9.9.179.1.3.2.1
An entry defines an ACE, consisting of a set of match criteria. For a packet to match an entry, it has to match all the criteria specified in that entry.
OBJECT-TYPE    
  CaqIpAceEntry  

caqIpAceFeature 1.3.6.1.4.1.9.9.179.1.3.2.1.1
Indicates whether this entry is a Qos ACL or Security ACL. ACEs belongs to the same ACL should have the same value for this object.
OBJECT-TYPE    
  INTEGER qos(1), security(2)  

caqIpAclName 1.3.6.1.4.1.9.9.179.1.3.2.1.2
The name of an ACL. Within a feature (qos or security), the name is unique across all of the ACL tables that identifies the list to which the entry belongs in the device.
OBJECT-TYPE    
  CaqAclName  

caqIpAceIndex 1.3.6.1.4.1.9.9.179.1.3.2.1.3
The index of an ACE within an ACL.
OBJECT-TYPE    
  Unsigned32 1..65535  

caqIpAceMatchedAction 1.3.6.1.4.1.9.9.179.1.3.2.1.4
Indicates the action to be taken if a packet matches this ACE. If the value of this ACE's caqIpAceFeature object is: 'qos(1)', then this object contains the index of an active row in caqQosActionSelectTable. If the value of this ACE's caqIpAceFeature object is: 'security(2)', then this object contains the index of an active row in caqSecurityActionTable.
OBJECT-TYPE    
  Unsigned32 1..65535  

caqIpAceProtocolType 1.3.6.1.4.1.9.9.179.1.3.2.1.5
The protocol number field in the IP header used to indicate the higher layer protocol as specified in RFC 1700. A value value of 0 matches every IP packet. For example : 0 is IP, 1 is ICMP, 2 is IGMP, 4 is IP in IP encapsulation, 6 is TCP, 9 is IGRP, 17 is UDP, 47 is GRE, 50 is ESP, 51 is AH, 88 is IGRP, 89 is OSPF, 94 is KA9Q/NOS compatible IP over IP, 103 is PIMv2, 108 is PCP.
OBJECT-TYPE    
  Unsigned32 0..255  

caqIpAceAddrType 1.3.6.1.4.1.9.9.179.1.3.2.1.6
The type of IP address used by this ACE entry.
OBJECT-TYPE    
  InetAddressType  

caqIpAceSrcIp 1.3.6.1.4.1.9.9.179.1.3.2.1.7
The specified source IP address. The packet's source address is AND-ed with the value of caqIpAceSrcIpMask and then compared against the value of this object. If this object value is 0.0.0.0, and the value of caqIpAceSrcIpMask object in the same entry is 255.255.255.255, this entry matches any source IP address.
OBJECT-TYPE    
  InetAddress  

caqIpAceSrcIpMask 1.3.6.1.4.1.9.9.179.1.3.2.1.8
The specified source IP address mask.
OBJECT-TYPE    
  InetAddress  

caqIpAceSrcPortOp 1.3.6.1.4.1.9.9.179.1.3.2.1.9
Indicates how a packet's source TCP/UDP port number is to be compared. If the caqIpAceProtocolType object in the same row does not indicate TCP or UDP, this object has to be 'noOperator(1)' and cannot be changed while this row is active, i.e., the value of caqIpAceStatus in the same row has the value 'active(1)'. 'noOperator(1)', which is the default value, means that no comparison is to be made with the source TCP/UDP port number. lt(2) means less than, gt(3) means greater than, eq(4) means equal, neq(5) means not equal. Those 4 operators are using the caqIpAceSrcPort object as an operand which is the only one needed. range(6) means that it compares the port value between two numbers, so this operator needs 2 operands. One operand is the starting port number of the range which is caqIpAceSrcPort object, and the other operand is the ending port number of the range which the caqIpAceSrcPortRange object is in.
OBJECT-TYPE    
  INTEGER noOperator(1), lt(2), gt(3), eq(4), neq(5), range(6)  

caqIpAceSrcPort 1.3.6.1.4.1.9.9.179.1.3.2.1.10
The source port number of the TCP or UDP protocol. If the caqIpAceSrcPortOp object in the same row is range(6), this object will be the starting port number of the port range. This object cannot be configured if caqIpAceStatus in the same row is active(1) or caqIpAceSrcPortOp in the same row is noOperator(1).
OBJECT-TYPE    
  Unsigned32 0..65535  

caqIpAceSrcPortRange 1.3.6.1.4.1.9.9.179.1.3.2.1.11
The source port number of the TCP or UDP protocol. If the caqIpAceSrcPortOp object in the same row is range(6), this object will be the ending port number of the port range. This object cannot be configured if caqIpAceStatus in the same row is active(1) or caqIpAceSrcPortOp in the same row is not range(6).
OBJECT-TYPE    
  Unsigned32 0..65535  

caqIpAceDestIp 1.3.6.1.4.1.9.9.179.1.3.2.1.12
The specified destination IP address. The packet's destination address is AND-ed with the value of caqIpAceDestIpMask and then compared against the value of this object. If this object value is 0.0.0.0 and the value of caqIpAceDestIpMask object in the same entry is 255.255.255.255, this entry matches any destination IP address.
OBJECT-TYPE    
  InetAddress  

caqIpAceDestIpMask 1.3.6.1.4.1.9.9.179.1.3.2.1.13
The specified destination IP address mask.
OBJECT-TYPE    
  InetAddress  

caqIpAceDestPortOp 1.3.6.1.4.1.9.9.179.1.3.2.1.14
Indicates how a packet's destination TCP/UDP port number is to be compared. If the caqIpAceProtocolType object in the same row does not indicate TCP or UDP, this object has to be 'noOperator(1)' and cannot be changed while this row is active, i.e., the value of caqIpAceStatus in the same row has the value 'active(1)'. 'noOperator(1)', which is the default value, means that no comparison is to be made with the destination TCP/UDP port number. lt(2) means less than. gt(3) means greater than. eq(4) means equal. neq(5) means not equal. Those 4 operators are using the caqIpAceDestPort object as an operand which is the only one needed. range(6) means that it compares the port value between two numbers, so this operator needs 2 operands. One operand is the starting port number of the range which is caqIpAceDestPort object, and the other operand is the ending port number of the range which the caqIpAceDestPortRange object is in.
OBJECT-TYPE    
  INTEGER noOperator(1), lt(2), gt(3), eq(4), neq(5), range(6)  

caqIpAceDestPort 1.3.6.1.4.1.9.9.179.1.3.2.1.15
The destination port number of the TCP or UDP protocol. If the caqIpAceDestPortOp object in the same row is range(6), this object will be the starting port number of the port range. This object cannot be configured if caqIpAceStatus in the same row is active(1) or caqIpAceDestPortOp in the same row is noOperator(1).
OBJECT-TYPE    
  Unsigned32 0..65535  

caqIpAceDestPortRange 1.3.6.1.4.1.9.9.179.1.3.2.1.16
The destination port number of the TCP or UDP protocol. If the caqIpAceDestPortOp object in the same row is range(6), this object will be the ending port number of the port range. This object cannot be configured if caqIpAceStatus in the same row is active(1) or caqIpAceDestPortOp in the same row is not range(6).
OBJECT-TYPE    
  Unsigned32 0..65535  

caqIpAceTosMatchCriteria 1.3.6.1.4.1.9.9.179.1.3.2.1.17
Indicates what field of Tos octet in the packet header to be matched. none(1) means that there is no need to match the ToS octet. matchDscp(2) means that the DSCP value of packet header need to be matched. If this value is specified, the caqIpAceDscp object in the same row should be configured. matchIpPrec(3) means that the IpPrecedence value of packet header need to be matched. If this value is specifed, the caqIpAceIpPrec object in the same row should be configured.
OBJECT-TYPE    
  INTEGER none(1), matchDscp(2), matchIpPrec(3)  

caqIpAceIpPrec 1.3.6.1.4.1.9.9.179.1.3.2.1.18
Specifies the IP precedence value to be matched against. This object could not be configured when the status of the entry, caqIpAceStatus, is active(1). The value of this object is ignored whenever the value of caqIpAceTosMatchCritial object is not matchIpPrec(3).
OBJECT-TYPE    
  CaqIpPrecedence  

caqIpAceDscp 1.3.6.1.4.1.9.9.179.1.3.2.1.19
Specifies the Dscp value to be matched against. This object could not be configured when the status of the entry, caqIpAceStatus, is active(1). Packets can be matched the DSCP level from 0 to 63. The value of this object is ignored whenever the value of caqIpAceTosMatchCritial object is not matchDscp(2).
OBJECT-TYPE    
  Dscp  

caqIpAceProtocolMatchCriteria 1.3.6.1.4.1.9.9.179.1.3.2.1.20
Indicates what field in the packet header for ICMP or IGMP or TCP protocol or IPv4 ESP (Enscrypted Security Payload) to be matched. none(1) = no comparison is to be done for ICMP/IGMP/TCP/ESP. matchIgmpType(2) means that the Type field of IGMP protocol packet header needs to be matched. If this value is specified, the caqIpAceIgmpType object in the same row should be configured. matchIcmpType(3) means that the Type field of ICMP protocol packet header needs to be matched. If this value is specified, the caqIpAceIcmpType object in the same row should be configured. matchIcmpTypeAndCode(4) means that both the Type and Code fields of ICMP protocol packet header need to be matched. If this value is specified, the caqIpAceIcmpType and caqIpAceIcmpCode object in the same row should be configured. matchEstablished(5) means that a match occurs if the TCP packet has the ACK or RST bits set. The non matching case is that of the intial TCP packet to form a connection. matchSecurityId(6) means that the Security Association Identifier field of IPv4 ESP packet header needs to be matched. If this value is specified, the caqIpAceSecurityId object in the same row should be configured. matchEapoudp(7) means that this ACE needs to be matched against the criteria for EAP (Extensible Authentication Protocol) over UDP purpose. matchUrlRedirect(8) means that this ACE needs to be matched against the criteria for URL redirection purpose.
OBJECT-TYPE    
  INTEGER none(1), matchIgmpType(2), matchIcmpType(3), matchIcmpTypeAndCode(4), matchEstablished(5), matchSecurityId(6), matchEapoudp(7), matchUrlRedirect(8)  

caqIpAceIcmpType 1.3.6.1.4.1.9.9.179.1.3.2.1.21
Indicates the message type of ICMP packets. The type is a number from 0 to 255. The value of this object is ignored whenever the value of caqIpAceProtocolMatchCritial object is not matchIcmpType(3) or matchIcmpTypeAndCode(4).
OBJECT-TYPE    
  Unsigned32 0..255  

caqIpAceIcmpCode 1.3.6.1.4.1.9.9.179.1.3.2.1.22
Indicates the message code of ICMP packets. The code is a number from 0 to 255. The value of this object is ignored whenever the value of caqIpAceProtocolMatchCritial object is not matchIcmpTypeAndCode(4).
OBJECT-TYPE    
  Unsigned32 0..255  

caqIpAceIgmpType 1.3.6.1.4.1.9.9.179.1.3.2.1.23
Indicates the message type of IGMP packets. The code is a number from 0 to 15. The value of this object is ignored whenever the value of caqIpAceProtocolMatchCritial object is not matchIgmpType(2).
OBJECT-TYPE    
  Unsigned32 0..15  

caqIpAceOrderPosition 1.3.6.1.4.1.9.9.179.1.3.2.1.24
The ordering position of this ACE in the ACL. If this entry is not in active(1) state, this object has value of 0.
OBJECT-TYPE    
  Unsigned32 0..65535  

caqIpAceBeforePosition 1.3.6.1.4.1.9.9.179.1.3.2.1.25
The object is to control the position of an ACE in the ACL. Indicates the order position of a new ACE before an active ACE which is already in the ACL. It means that the new ACE will replace the position of the ACE which the object specifies. For example, if there are 6 ACEs in an ACL, so the positions of those 6 ACEs will be 1, 2, 3, 4, 5, 6. If the user would like to add a new ACE and specifies 4 to be the value of this object, the old ACEs in positions, 4, 5, 6 will become 5, 6, 7 while the entry containing the new ACE is active. Be careful, for example, if the user would like to move an ACE whose position is 2 to before the ACE whose position is 5. He put the status of that entry to in-active and the position order will be 1, 2, 3, 4, 5. The old ACEs in positions 3, 4, 5, 6 becomes 2, 3, 4, 5. So, the user has to specify the object to 4, because the ACE in old position 5 has been moved to position 4. If not specified, the default value 0 will be used. And the new ACE is appended to the end of the ACL. 0 will be always returned if the status of this row is active. If the entry is from active(1) to notInService(2), this object should have default value.
OBJECT-TYPE    
  Unsigned32 0..65535  

caqIpAceStatus 1.3.6.1.4.1.9.9.179.1.3.2.1.26
The status of this IP ACE conceptual row entry. This object is used to manage creation, deletion and modification of rows in this table. An entry may not exist in the active state unless all objects in the entry have an appropriate value. Especially, it cannot be in active state unless the caqIpAceMatchedAction object in the entry point to an active entry (i.e its RowStatus object is active(1)) in the caqQosActionSelectTable or caqSecurityActionTable. Once a row becomes active, value in any other column within such row cannot be modified. If this row is the only ACE in an ACL and the value of its caqIpAclName object matches the value of caqClassifierAclName object in any active entry of the caqClassifierTable, removing this entry will also remove the associated entry in the caqClassifierTable. If the value of caqIpAceType in this row is 'systemGenerated', this row cannot be deleted or modified.
OBJECT-TYPE    
  RowStatus  

caqIpAceSecurityId 1.3.6.1.4.1.9.9.179.1.3.2.1.27
Indicates the Security Association Identifier of IPv4 ESP packets. The value of this object is ignored whenever the value of caqIpAceProtocolMatchCritial object is not matchSecurityId(6).
OBJECT-TYPE    
  Unsigned32 0 | 4..233  

caqIpAceSrcGroup 1.3.6.1.4.1.9.9.179.1.3.2.1.28
Indicates the source group name which the source IP address in the IP packet header belongs to. If this object is configured, the value of caqIpAceProtocolType object in the same row will have the value of 0.
OBJECT-TYPE    
  SnmpAdminString  

caqIpAceDestGroup 1.3.6.1.4.1.9.9.179.1.3.2.1.29
Indicates the destination group name which the destination IP address in the IP packet header belongs to. If this object is configured, the value of caqIpAceProtocolType object in the same row will have the value of 0.
OBJECT-TYPE    
  SnmpAdminString  

caqIpAceType 1.3.6.1.4.1.9.9.179.1.3.2.1.30
Indicates the ACE type.
OBJECT-TYPE    
  INTEGER configured(1), systemGenerated(2)  

caqIpxAceTable 1.3.6.1.4.1.9.9.179.1.3.3
This table contains a list of IPX ACEs. Each ACE consists of a filter specification and behavior associated with it which describes what action to carry out on packets which match. An ACL is defined as the set of ACEs of the same type (all QoS, or all Security). Within each feature (qos or security), each ACE is named by a combination of an AclName and an ACE index, such that all the ACEs which are named using the same AclName are part of the same ACL. This table is instantiated only if the ipxQos bit or ipxSecurity bit of caqAclCapabilities object is turned on.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqIpxAceEntry

caqIpxAceEntry 1.3.6.1.4.1.9.9.179.1.3.3.1
Each entry of caqIpxAceTable consists of a set of match creteria. For a IPX flow to match an entry, it has to match all the conditions specified in that entry.
OBJECT-TYPE    
  CaqIpxAceEntry  

caqIpxAceFeature 1.3.6.1.4.1.9.9.179.1.3.3.1.1
Indicates whether this entry is a Qos ACL or Security ACL. ACEs belongs to the same ACL should have the same value for this object.
OBJECT-TYPE    
  INTEGER qos(1), security(2)  

caqIpxAclName 1.3.6.1.4.1.9.9.179.1.3.3.1.2
The name of an ACL. Within a feature (qos or security), this name is unique across all of the ACL tables that identifies the list to which the entry belongs in the device.
OBJECT-TYPE    
  CaqAclName  

caqIpxAceIndex 1.3.6.1.4.1.9.9.179.1.3.3.1.3
The index of an IPX ACE within an ACL.
OBJECT-TYPE    
  Unsigned32 1..65535  

caqIpxAceMatchedAction 1.3.6.1.4.1.9.9.179.1.3.3.1.4
Indicates the action to be taken if a packet matches this ACE. If the value of this ACE's caqIpxAceFeature object is: 'qos(1)', then this object contains the index of an active row in caqQosActionSelectTable. If the value of this ACE's caqIpxAceFeature object is: 'security(2)', then this object contains the index of an active row in caqSecurityActionTable.
OBJECT-TYPE    
  Unsigned32 1..65535  

caqIpxAceSrcNet 1.3.6.1.4.1.9.9.179.1.3.3.1.5
Indicates the source network from which the packet is being sent. This is a 32-bits value that uniquely identifies network cable segment in IPX protocol. A network number of 0xFFFFFFFF matches all networks.
OBJECT-TYPE    
  STRING Size(4)  

caqIpxAceDestMatchCriteria 1.3.6.1.4.1.9.9.179.1.3.3.1.6
Indicate which matches to be checked for the destination network of the flow. matchProtocol(0) means that the flow protocol will be matched against the value specified by caqIpxAceProtocolType object in the same row. matchIpxDestNet(1) means that the flow destination network will be matched against the value specified by caqIpxAceDestNet object in the same row. matchIpxDestNode(2) means that the flow destination node will be matched against the value specified by caqIpxAceDestNode object in the same row. If this option bit is on, the matchIpxDestNet(1) bit has to be on also. matchIpxDestNetMask(3) means that the packet's flow destination network will be AND-ed with the value specified by caqIpxAceDestNetMask object in the same row and then compared against the value of caqIpxAceDestNet object. matchIpxDestNodeMask(4) means that the packet's flow destination node will be AND-ed with the value specified by caqIpxAceDestNodeMask object in the same row and then compared against the value of caqIpxAceDestNode object.
OBJECT-TYPE    
  BITS matchProtocol(0), matchIpxDestNet(1), matchIpxDestNode(2), matchIpxDestNetMask(3), matchIpxDestNodeMask(4)  

caqIpxAceProtocolType 1.3.6.1.4.1.9.9.179.1.3.3.1.7
The protocol number field in the IPX header used to indicate the higher layer protocol. It can be any, ncp, netbios, rip, sap or an integer between 0 to 255.
OBJECT-TYPE    
  Unsigned32 0..255  

caqIpxAceDestNet 1.3.6.1.4.1.9.9.179.1.3.3.1.8
Number of the destination network to which the packet is being sent. This is a 32-bit value that uniquely identifies the IPX network cable segment in IPX protocol. A network number of 0xFFFFFFFF matches all networks. The value of this object is ignored whenever the matchIpxDestNet(1) and matchIpxDestNetMask(3) bits of caqIpxAceDestMatchCriteria object are not on.
OBJECT-TYPE    
  STRING Size(4)  

caqIpxAceDestNode 1.3.6.1.4.1.9.9.179.1.3.3.1.9
Node on the destination network to which the packet is being sent. This is a 48 bits value. The value of this object is ignored whenever the matchIpxDestNode(2) and matchIpxDestNodeMask(4) bits of caqIpxAceDestMatchCriteria object are not on.
OBJECT-TYPE    
  STRING Size(6)  

caqIpxAceDestNetMask 1.3.6.1.4.1.9.9.179.1.3.3.1.10
Mask to be applied to the destination net. This is an 32-bit value that has the same format as destination net. The value of this object is ignored whenever the matchIpxDestNetMask(3) bit of caqIpxAceDestMatchCriteria object is not on.
OBJECT-TYPE    
  STRING Size(4)  

caqIpxAceDestNodeMask 1.3.6.1.4.1.9.9.179.1.3.3.1.11
Mask to be applied to the destination node. This is a 48-bit value. The value of this object is ignored whenever the matchIpxDestNodeMask(4) bit of caqIpxAceDestMatchCriteria object is not on.
OBJECT-TYPE    
  STRING Size(6)  

caqIpxAceOrderPosition 1.3.6.1.4.1.9.9.179.1.3.3.1.12
The ordering position of this ACE in the ACL. If this entry is not in active(1) state, this object has value of 0.
OBJECT-TYPE    
  Unsigned32 0..65535  

caqIpxAceBeforePosition 1.3.6.1.4.1.9.9.179.1.3.3.1.13
The object is to control the position of an ACE in the ACL. Specifies the order position of a new ACE before an active ACE which is already in the ACL. It means that the new ACE will replace the position of the ACE which the object specifies. For example, if there are 6 ACEs in an ACL, so the positions of those 6 ACEs will be 1, 2, 3, 4, 5, 6. If the user would like to add a new ACE and he specifies 4 to be the value of this object, the old ACEs in positions, 4, 5, 6 will become 5, 6, 7 while the entry containing the new ACE is active. The removing is similar. Be careful, for example, if the user would like to move an ACE whose position is 2 to before the ACE whose position is 5. He put the status of that entry to in-active and the position order will be 1, 2, 3, 4, 5. The old ACEs in positions 3, 4, 5, 6 becomes 2, 3, 4, 5. So, the user has to specify the object to 4, because the ACE in old position 5 has been moved to position 4. If not specified, the default value 0 will be used. And the new ACE is appended to the end of the ACL. 0 will be always returned if the status of this row is active. If the entry is from active(1) to notInService(2), this object should be default value.
OBJECT-TYPE    
  Unsigned32 0..65535  

caqIpxAceStatus 1.3.6.1.4.1.9.9.179.1.3.3.1.14
The status of this IPX ACE conceptual row entry. This object is used to manage creation, deletion and modification of rows in this table. An entry may not exist in the active state unless all objects in the entry have an appropriate value. Especially, it cannot be in active state unless the caqIpxAceMatchedAction object in the entry point to an active entry (i.e its RowStatus object is active(1)) in the caqQosActionSelectTable or caqSecurityActionTable. Once a row becomes active, value in any other column within such row cannot be modified. If this row is the only ACE in an ACL and the value of its caqIpxAclName object matches the value of caqClassifierAclName object in any active entry of the caqClassifierTable, removing this entry will also remove the associated entry in the caqClassifierTable.
OBJECT-TYPE    
  RowStatus  

caqMacAceTable 1.3.6.1.4.1.9.9.179.1.3.4
This table contains a list of MAC ACEs. Each ACE consists of a filter specification and behavior associated with it which describes what action to carry out on packets which match. An ACL is defined as the set of ACEs of the same type (all QoS, or all Security). Within a feature (qos or security), each ACE is named by a combination of an AclName and an ACE index, such that all the ACEs which are named using the same AclName are part of the same ACL. This table is instantiated only if the macQos bit or macSecurity bit of caqAclCapabilities object is turned on.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqMacAceEntry

caqMacAceEntry 1.3.6.1.4.1.9.9.179.1.3.4.1
Each entry of caqMacAceTable consist of a set of match criteria. For a layer 2 flow to match an entry, it has to match all the conditions specified in that entry.
OBJECT-TYPE    
  CaqMacAceEntry  

caqMacAceFeature 1.3.6.1.4.1.9.9.179.1.3.4.1.1
Indicates whether this entry is a Qos ACL or Security ACL.
OBJECT-TYPE    
  INTEGER qos(1), security(2)  

caqMacAclName 1.3.6.1.4.1.9.9.179.1.3.4.1.2
The name of an ACL. Within a feature (qos or security), this name is unique across all the ACL tables that identifies the list to which the entry belongs in the device.
OBJECT-TYPE    
  CaqAclName  

caqMacAceIndex 1.3.6.1.4.1.9.9.179.1.3.4.1.3
The index of an Mac ACE within an ACL.
OBJECT-TYPE    
  Unsigned32 1..65535  

caqMacAceMatchedAction 1.3.6.1.4.1.9.9.179.1.3.4.1.4
Indicates the action to be taken if a packet matches this ACE. If the value of this ACE's caqMacAceFeature object is: 'qos(1)', then this object contains the index of an active row in caqQosActionSelectTable. If the value of this ACE's caqMacAceFeature object is: 'security(2)', then this object contains the index of an active row in caqSecurityActionTable.
OBJECT-TYPE    
  Unsigned32 1..65535  

caqMacAceSrcMac 1.3.6.1.4.1.9.9.179.1.3.4.1.5
Indicates the 48 bits source MAC address. The packet's source address is AND-ed with the value of caqMacAceSrcMacMask and then compared against the value of this object. If this object value is 00-00-00-00-00-00, and the value of caqMacAceSrcMacMask object in the same entry is ff-ff-ff-ff-ff-ff, this entry matches any source Mac address.
OBJECT-TYPE    
  MacAddress  

caqMacAceSrcMacMask 1.3.6.1.4.1.9.9.179.1.3.4.1.6
Indicates the 48 bit source MAC address mask.
OBJECT-TYPE    
  MacAddress  

caqMacAceDestMac 1.3.6.1.4.1.9.9.179.1.3.4.1.7
Indicates the 48 bits destination MAC address. The packet's destination address is AND-ed with the value of caqMacAceDestMacMask and then compared against the value of this object. If this object value is 00-00-00-00-00-00, and the value of caqMacAceDestMacMask object in the same entry is ff-ff-ff-ff-ff-ff, this entry matches any destionation Mac address.
OBJECT-TYPE    
  MacAddress  

caqMacAceDestMacMask 1.3.6.1.4.1.9.9.179.1.3.4.1.8
Indicates the 48 bit destination MAC address mask.
OBJECT-TYPE    
  MacAddress  

caqMacAceEthertype 1.3.6.1.4.1.9.9.179.1.3.4.1.9
This 16-bit hexadecimal number indicates the matched Ethernet type. 0x0000 means any Ethernet type will be matched.
OBJECT-TYPE    
  Unsigned32 0000..FFFF  

caqMacAceOrderPosition 1.3.6.1.4.1.9.9.179.1.3.4.1.10
The ordering position of this ACE in the ACL. If this entry is not in active(1) state, this object has value of 0.
OBJECT-TYPE    
  Unsigned32 0..65535  

caqMacAceBeforePosition 1.3.6.1.4.1.9.9.179.1.3.4.1.11
The object is to control the position of an ACE in the ACL. Specifies the order position of a new ACE before a ACE which is already in the ACL. It means that the new ACE will replace the position of the ACE which the object specifies. For example, if there are 6 ACEs in an ACL, so the positions of those 6 ACEs will be 1, 2, 3, 4, 5, 6. If the user would like to add a new ACE and he specifies 4 to be the value of this object, the old ACEs in positions, 4, 5, 6 will become 5, 6, 7 while the entry containing the new ACE is active. The removing is similar. Be careful, for example, if the user would like to move an ACE whose position is 2 to before the ACE whose position is 5. He put the status of that entry to in-active and the position order will be 1, 2, 3, 4, 5. The old ACEs in positions 3, 4, 5, 6 becomes 2, 3, 4, 5. So, the user has to specify the object to 4, because the ACE in old position 5 has been moved to position 4. If not specified, the default value 0 will be used. And the new ACE is appended to the end of the ACL. 0 will be always returned if the status of this row is active. If the entry is from active to notInService, this object should has default value.
OBJECT-TYPE    
  Unsigned32 0..65535  

caqMacAceStatus 1.3.6.1.4.1.9.9.179.1.3.4.1.12
The status of this MAC ACE conceptual row entry. This object is used to manage creation, deletion and modification of rows in this table. An entry may not exist in the active state unless all objects in the entry have an appropriate value. Especially, it cannot be in active state unless the caqMacAceMatchedAction object in the entry point to an active entry (i.e its RowStatus object is active(1)) in the caqQosActionSelectTable or caqSecurityActionTable. Once a row becomes active, value in any other column within such row cannot be modified. If this row is the only ACE in an ACL and the value of its caqMacAclName object matches the value of caqClassifierAclName object in any active entry of the caqClassifierTable, removing this entry will also remove the associated entry in the caqClassifierTable.
OBJECT-TYPE    
  RowStatus  

caqMacAceMatchCriteria 1.3.6.1.4.1.9.9.179.1.3.4.1.13
Indicates which field in the packet header to be matched. matchCos(0) means that the packet Cos value will be matched against the value specified by caqMacAceCos object in the same row. matchVlan(1) means that the packet VLAN value will be matched against the value specified by caqMacAceVlan object in the same row.
OBJECT-TYPE    
  BITS matchCos(0), matchVlan(1)  

caqMacAceCos 1.3.6.1.4.1.9.9.179.1.3.4.1.14
Indicates the packet Cos value to be matched. The value of this object is ignored whenever the matchCos(0) bit of caqMacAceMatchCriteria object is not on.
OBJECT-TYPE    
  QosLayer2Cos  

caqMacAceVlan 1.3.6.1.4.1.9.9.179.1.3.4.1.15
Indicates the packet VLAN number to be matched. The value of this object is ignored whenever the matchVlan(1) bit of caqMacAceMatchCriteria object is not on.
OBJECT-TYPE    
  VlanIndex  

caqFlowPolicingCpb 1.3.6.1.4.1.9.9.179.1.3.5
Indicates the flow policing capability of the device. microFlow(0) indicates that microflow can be policed. aggregate(1) indicates that aggregate flow can be policed.
OBJECT-TYPE    
  BITS microFlow(0), aggregate(1)  

caqQosActionSelectTable 1.3.6.1.4.1.9.9.179.1.3.6
This table describes the actions of ACEs. Once an ACE is matched, it follows its MatchedAction object to an entry of this table to get an action for the matching ACE. An action includes policer information as well as an DSCP associated with trust state information of the matching ACE.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqQosActionSelectEntry

caqQosActionSelectEntry 1.3.6.1.4.1.9.9.179.1.3.6.1
An entry of an ACE action. It links to the entries of caqFlowPolicerTable with caqQosActionSelectMicroflow, caqQosActionSelectAggregate objects.
OBJECT-TYPE    
  CaqQosActionSelectEntry  

caqQosActionSelectIndex 1.3.6.1.4.1.9.9.179.1.3.6.1.1
The index of this table for indicating an ACE Action for QoS.
OBJECT-TYPE    
  Unsigned32 1..65535  

caqQosActionSelectTrust 1.3.6.1.4.1.9.9.179.1.3.6.1.2
Determines if the packets matching the ACE should be trusted or if a specific DSCP should be assigned to it. If trustCos(2) is specified, the final DSCP value should refer to caqCosToDscpDscp object in caqCosToDscpTable to transfer layer 2 CoS value to DSCP value. If trustIpPrec(3) is specified, the final DSCP value should refer to caqIpPrecToDscpDscp object in caqIpPrecToDscpTable to transfer IP Precedence value to DSCP value. If trustDscp(4) is specified, the final DSCP value is the one which packets carry. If noTrust(1) is specified, the final DSCP value will have the value of caqQosActionSelectDscp object. That is, if an instance of this object is noTrust(1), the caqQosActionSelectStatus object can not become 'active(1)' until a value has been assigned to the corresponding instance of caqQosActionSelectDscp.
OBJECT-TYPE    
  INTEGER noTrust(1), trustCos(2), trustIpPrec(3), trustDscp(4)  

caqQosActionSelectDscp 1.3.6.1.4.1.9.9.179.1.3.6.1.4
This object is only instantiated when the caqQosActionSelectTrust object in the same entry has been set to noTrust(1).
OBJECT-TYPE    
  Dscp  

caqQosActionSelectMicroflow 1.3.6.1.4.1.9.9.179.1.3.6.1.5
Indicates a policer name. The value of this object either matches the value of caqFlowPolicerName object of an active entry in caqFlowPolicerTable or has an empty string value. The ACE uses this object to link to a policer flow entry. If there is no microflow policer defined for the ACE pointed to this entry, this object should be an empty string. If the microflow(0) bit of caqFlowPolicingCpb object is turned off, this object should also be an empty string. Otherwise it should match the value of caqFlowPolicerName of an entry in the caqFlowPolicerTable which has its RowStatus value to be active(1) and the type of the policer should be microflow(1).
OBJECT-TYPE    
  CaqPolicerNameOrEmpty  

caqQosActionSelectAggregate 1.3.6.1.4.1.9.9.179.1.3.6.1.6
Indicates a policer name. The value of this object either matches the value of caqFlowPolicerName object of an active entry in caqFlowPolicerTable or has an empty string value. The ACE uses this object to link to a policer flow entry. If there is no aggregate policer defined for the ACE pointed to this entry, this object should be an empty string. If the aggregate(1) bit of caqFlowPolicingCpb object is turned off, this object should also be an an empty string. Otherwise it should match the value of caqFlowPolicerName of an entry in the caqFlowPolicerTable which has its RowStatus value to be active(1) and the type of the policer should be aggregate(2).
OBJECT-TYPE    
  CaqPolicerNameOrEmpty  

caqQosActionSelectStatus 1.3.6.1.4.1.9.9.179.1.3.6.1.7
The status of this Qos Action Select conceptual row entry. This object is used to manage creation, deletion and modification of rows in this table. An entry may not exist in the active state unless all objects in the entry have an appropriate value. Once a row becomes active, value in any other column within such row cannot be modified. If this row is pointed to by an active entry in the ACL tables, this object cannot be changed from active(1) to any other value.
OBJECT-TYPE    
  RowStatus  

caqFlowPolicerExcessRateSupport 1.3.6.1.4.1.9.9.179.1.3.7
Indicates whether the device supports excess rate configuration.
OBJECT-TYPE    
  TruthValue  

caqFlowPolicerTable 1.3.6.1.4.1.9.9.179.1.3.8
This table defines the flow policing rules. A flow policing rule comprises a rate, burst size and drop-or-mark indication.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqFlowPolicerEntry

caqFlowPolicerEntry 1.3.6.1.4.1.9.9.179.1.3.8.1
The attributes defining a flow policing rule.
OBJECT-TYPE    
  CaqFlowPolicerEntry  

caqFlowPolicerName 1.3.6.1.4.1.9.9.179.1.3.8.1.1
The name of a policer. This name has to be unique to identify a microflow or an aggregate policer in the device.
OBJECT-TYPE    
  CaqPolicerName  

caqFlowPolicerType 1.3.6.1.4.1.9.9.179.1.3.8.1.2
The type of this policer.
OBJECT-TYPE    
  INTEGER microflow(1), aggregate(2)  

caqFlowPolicerNormalRateRequest 1.3.6.1.4.1.9.9.179.1.3.8.1.3
The requested average rate of the flow. The base unit of this object is 1 kilo-bits per second. 0 may be specified for a rate which causes all packets to be out-of-profile. Out-of-profile indicates that a packet causes the committed access rate of the packet's flow to be exceeded. Committed access rate is the bandwidth that has been committed to a specific flow or group of flows. The committed rate can be enforced by policing or by shaping.
OBJECT-TYPE    
  Integer32 0 | 32..8000000  

caqFlowPolicerNormalRateGrant 1.3.6.1.4.1.9.9.179.1.3.8.1.4
The granted average rate of the flow. The base unit of this object is 1 kilo-bits per second. If the status of this row is not active, the value of this object will be the same as caqFlowPolicerNormalRateRequest's value. If the QoS function is enabled and the policy source is from local configuration, this MIB object is from the runtime hardware information. Due to hardware granularity, the granted value may not be the same as the value specified by caqFlowPolicerNormalRateRequest object. It will be the closest value to the requested one that the hardware can support.
OBJECT-TYPE    
  Integer32  

caqFlowPolicerNormalRateAction 1.3.6.1.4.1.9.9.179.1.3.8.1.5
The action for those normal rate out-of-profile packets. The action is to drop the packets or mark down its DSCP to the value of caqDscpMappingNRPolicedDscp defined in caqDscpMappingTable. If the caqFlowPolicerExcessRateSupport is true(1), this object cannot be set to drop(1). Setting the value of caqFlowPolicerExcessRateRequest object equal to the value of caqFlowPolicerNormalRateRequest object together with setting the value of caqFlowPolicerExcessRateAction object to drop(1) will effectively drop the packet at normal rate.
OBJECT-TYPE    
  INTEGER drop(1), policedDscp(2)  

caqFlowPolicerExcessRateRequest 1.3.6.1.4.1.9.9.179.1.3.8.1.6
The requested excess rate of the flow. The base unit of this object is 1 kilo-bits per second. 0 may be specified for a rate which causes all packets to be out-of-profile. Out-of-profile indicates that a packet causes the committed access rate of the packet's flow to be exceeded. Committed access rate is the bandwidth that has been committed to a specific flow or group of flows. The committed rate can be enforced by policing or by shaping. If the caqFlowPolicerExcessRateSupport is false(2), this object cannot be instantiated.
OBJECT-TYPE    
  Integer32 0 | 32..8000000  

caqFlowPolicerExcessRateGrant 1.3.6.1.4.1.9.9.179.1.3.8.1.7
The granted excess rate of the flow. The base unit of this object is 1 kilo-bits per second. If the status of this row is not active, the value of this object will be the same as caqFlowPolicerExcessRateRequest's value. If the QoS function is enabled and the policy source is from local configuration, this MIB object is from the runtime hardware information. Due to hardware granularity, the granted value may not be the same as the value specified by caqFlowPolicerExcessRateRequest object. It will be the closest value to the requested one that the hardware can support. If the caqFlowPolicerExcessRateSupport is false(2), this object cannot be instantiated.
OBJECT-TYPE    
  Integer32  

caqFlowPolicerExcessRateAction 1.3.6.1.4.1.9.9.179.1.3.8.1.8
The action for those excess rate out-of-profile packets. The action is to drop the packets or mark down its DSCP value to value of caqDscpMappingERPolicedDscp defined in caqDscpMappingTable. If the caqFlowPolicerExcessRateSupport is false(2), this object cannot be instantiated.
OBJECT-TYPE    
  INTEGER drop(1), policedDscp(2)  

caqFlowPolicerBurstSizeRequest 1.3.6.1.4.1.9.9.179.1.3.8.1.9
The requested burst rate of the flow. The base unit of this object is 1 kilo-bits.
OBJECT-TYPE    
  Integer32 1..32000  

caqFlowPolicerBurstSizeGrant 1.3.6.1.4.1.9.9.179.1.3.8.1.10
The granted burst rate of the flow. The base unit of this object is 1 kilo-bits. If the status of this row is not active, the value of this object will be the same as caqFlowPolicerBurstSizeRequest's value. If the QoS function is enabled and the policy source is from local configuration, this MIB object is from the runtime hardware information. Due to hardware granularity, the granted value may not be the same as the value specified by caqFlowPolicerBurstSizeRequest object. It will be the closest value to the requested one that the hardware can support.
OBJECT-TYPE    
  Integer32  

caqFlowPolicerStatus 1.3.6.1.4.1.9.9.179.1.3.8.1.11
The status of this flow policer conceptual row entry. This object is used to manage creation, deletion and modification of rows in this table. An entry may not exist in the active state unless all objects in the entry have an appropriate value. Once a row becomes active, value in any other column within such row cannot be modified. If this row is pointed to by an active entry in the caqQosActionSelectTable, this object cannot be changed from active(1) to any other value.
OBJECT-TYPE    
  RowStatus  

caqFlowPolicerExcessBurstRequest 1.3.6.1.4.1.9.9.179.1.3.8.1.12
The requested excess burst size of the flow. If the caqFlowPolicerExcessBurstSupport is false(2), this object cannot be instantiated.
OBJECT-TYPE    
  Unsigned32 1..32000  

caqFlowPolicerExcessBurstGrant 1.3.6.1.4.1.9.9.179.1.3.8.1.13
The granted excess burst size of the flow. If the status of this row is not active, the value of this object will be the same as caqFlowPolicerExcessBurstRequest's value. If the QoS function is enabled and the policy source is from local configuration, this MIB object is from the runtime hardware information. Due to hardware granularity, the granted value may not be the same as the value specified by caqFlowPolicerExcessBurstRequest object. It will be the closest value to the requested one that the hardware can support. If the caqFlowPolicerExcessBurstSupport is false(2), this object cannot be instantiated.
OBJECT-TYPE    
  Unsigned32 1..32000  

caqSecurityActionTable 1.3.6.1.4.1.9.9.179.1.3.9
This table describes the actions of Security ACEs. Once an ACE is matched and it can go through an entry of this table to find the Security action.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqSecurityActionEntry

caqSecurityActionEntry 1.3.6.1.4.1.9.9.179.1.3.9.1
An entry of a Security ACE action. It provides the action for for the traffic matching Security ACEs.
OBJECT-TYPE    
  CaqSecurityActionEntry  

caqSecurityActionIndex 1.3.6.1.4.1.9.9.179.1.3.9.1.1
The index of this table for indicating a Security ACE action entry.
OBJECT-TYPE    
  Unsigned32 1..65535  

caqSecurityAction 1.3.6.1.4.1.9.9.179.1.3.9.1.2
Determines the action that the device will take if the traffic matches the ACE. If permit(1) is specified, the matched traffic will be allowed through the device. If deny(2) is specified, the matched traffic will be blocked and dropped. If redirect(3) is specified, the matched traffic will be redirected to physical port(s) which should be configured in the caqSecurityRedirectPortList object. Redirect means taking packet coming in and putting it out of port(s) as is. If redirectWithAdj(4) is specified, the matched traffic will be redirected to the VLAN configured in the adjacency entry denoted by caqSecurityAdjIndex. If denyWithLog(5) is specified, the matched traffic will be blocked, dropped and logged. If denyArpInspection(6) is specified, the matched ARP traffic will be blocked and dropped. If denyArpInspWithLog(7) is specified, the matched ARP traffic will be blocked, dropped and logged. If permitArpInspection(8) is specified, the matched ARP traffic will be allowed through the device. if include(9) is specified, the matched trafic will be regulated according to the downloaded ACE type denoted by caqSecurityDownloadedAceFeature object.
OBJECT-TYPE    
  INTEGER permit(1), deny(2), redirect(3), redirectWithAdj(4), denyWithLog(5), denyArpInspection(6), denyArpInspWithLog(7), permitArpInspection(8), include(9)  

caqSecurityRedirectPortList 1.3.6.1.4.1.9.9.179.1.3.9.1.3
Indicates the set of physical port(s) that matched traffic is redirected to. Each octet within the value of this object specifies a set of eight ports, with the first octet specifying ports 1 through 8, the second octet specifying ports 9 through 16, etc. Within each octet, the most significant bit represents the lowest numbered port, and the least significant bit represents the highest numbered port. Thus, each port is represented by a single bit within the value of this object. If that bit has a value of '1' then that port is included in the set of redirect ports; the port is not included if its bit has a value of '0'. The value of this object is ignored whenever the value of caqSecurityAction object in the same row is not redirect(3).
OBJECT-TYPE    
  STRING Size(0..128)  

caqSecurityCapture 1.3.6.1.4.1.9.9.179.1.3.9.1.4
Indicates whether the matched traffic is to be captured. Capture means the packet is not only switched normally but also a copy of the switched packet is transmitted on the capture port(s). Traffic which is dropped cannot be captured; only traffic that is forwarded to its appropriate destination, can also be forwarded to a capture port. Redirected traffic cannot be captured. Packets are only output on a capture port if they are on a VLAN which is carried on that port. To capture traffic from many vlans, the capture port(s) should be a trunk carrying the required vlans. The capturing destination port(s) should be configured in caqSecurityAclCaptureIfTable.
OBJECT-TYPE    
  TruthValue  

caqSecurityActionStatus 1.3.6.1.4.1.9.9.179.1.3.9.1.5
The status of this Security ACE action conceptual row entry. This object is used to manage creation, deletion and modification of rows in this table. An entry may not exist in the active state unless all objects in the entry have appropriate value. If the value of caqSecurityAction object in the same row is redirectWithAdj(4), user must use the value of the index object of an active entry in caqAdjacencyTable to configure the caqSecurityAdjIndex object. Once a row becomes active, value in any other column within such row cannot be modified. If this row is pointed to by an active entry in the ACL tables, this object cannot be changed from active(1) to any other value.
OBJECT-TYPE    
  RowStatus  

caqSecurityAdjIndex 1.3.6.1.4.1.9.9.179.1.3.9.1.6
Indicates the index of an active adjacency entry in caqAdjacencyTable. The value of this object is ignored whenever the value of caqSecurityAction object in the same row is not redirectWithAdj(4).
OBJECT-TYPE    
  Unsigned32 0..65535  

caqSecurityArpMacAddress 1.3.6.1.4.1.9.9.179.1.3.9.1.7
Indicates the 48 bits Mac address used in ARP packet. The value of this object is ignored whenever the value of caqSecurityAction object in the same row is not one of the following values denyArpInspection(6), denyArpInspWithLog(7) and permitArpInspection(8).
OBJECT-TYPE    
  MacAddress  

caqSecurityRedirect2kPortList 1.3.6.1.4.1.9.9.179.1.3.9.1.8
Indicates the set of physical port(s) that matched traffic is redirected to. Each octet within the value of this object specifies a set of eight ports, with the first octet specifying ports 1 through 8, the second octet specifying ports 9 through 16, etc. Within each octet, the most significant bit represents the lowest numbered port, and the least significant bit represents the highest numbered port. Thus, each port is represented by a single bit within the value of this object. If that bit has a value of '1' then that port is included in the set of redirect ports; the port is not included if its bit has a value of '0'. The value of this object is ignored whenever the value of caqSecurityAction object in the same row is not redirect(3). This object can accommodate up to 2048 ports. A port number is the value of dot1dBasePort for the port in the BRIDGE-MIB (RFC 1493).
OBJECT-TYPE    
  STRING Size(0..256)  

caqSecurityDownloadedAceFeature 1.3.6.1.4.1.9.9.179.1.3.9.1.9
Indicates the feature type of the downloaded ACE. 'notApplicable' indicates that this security action entry is not applied to any downloaded ACE. 'dot1x' indicates that this security action entry is applied to downloaded ACE for 802.1x feature. 'macAuth' indicates that this security action entry is applied to downloaded ACE for Mac Authentication Bypass feature. 'webAuth' indicates that this security action entry is applied to downloaded ACE for Web-Proxy Authentication feature. 'eou' indicates that this security action entry is applied to downloaded ACE for Extensible Authentication Protocol over UDP (EOU) feature. 'ipPhone' indicates that this security action entry is applied to downloaded ACE for IP Phone feature. The value of this object is 'notApplicable' whenever the value of caqSecurityAction object in the same row is not 'include'. When an entry of this table is created with 'include' value specified for caqSecurityAction, 'notApplicable' cannot be used for this object value.
OBJECT-TYPE    
  INTEGER notApplicable(1), dot1x(2), macAuth(3), webAuth(4), eou(5), ipPhone(6)  

caqSecurityAclCaptureIfTable 1.3.6.1.4.1.9.9.179.1.3.10
This table contains all the physical ports which are capable of being capture interfaces on which captured packets are output.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqSecurityAclCaptureIfEntry

caqSecurityAclCaptureIfEntry 1.3.6.1.4.1.9.9.179.1.3.10.1
The index of this table is the ifIndex value of a physical port which is capable of being a capture interface on which captured packets are output.
OBJECT-TYPE    
  CaqSecurityAclCaptureIfEntry  

caqSecurityAclCaptureEnable 1.3.6.1.4.1.9.9.179.1.3.10.1.1
An interface can be a destination of captured traffic which matched any Security ACL. This object is to specify whether to enable or disable this interface as a destination of captured traffic.
OBJECT-TYPE    
  TruthValue  

caqFlowPolicerExcessBurstSupport 1.3.6.1.4.1.9.9.179.1.3.11
Indicates whether the device supports excess burst size configuration.
OBJECT-TYPE    
  TruthValue  

caqSecurityRateLimitFeatures 1.3.6.1.4.1.9.9.179.1.3.12
Indicates the features which implement rate limit on their traffic flows using the rate limit value denoted by caqSecurityAclRateLimit object. This rate limit value is shared among all features denoted by this object.
OBJECT-TYPE    
  BITS arpInspection(0), dot1xDHCP(1), dhcpSnooping(2)  

caqSecurityAclRateLimit 1.3.6.1.4.1.9.9.179.1.3.13
Indicates the maximum rate of all traffic flows subjected to rate limiting imposed by all features denoted by caqSecurityRateLimitFeatures object.
OBJECT-TYPE    
  Unsigned32  

caqQosDefaultActionTable 1.3.6.1.4.1.9.9.179.1.3.14
This table contains the QoS default action taken by the device for traffic which is not matched by a specific QoS ACE.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqQosDefaultActionEntry

caqQosDefaultActionEntry 1.3.6.1.4.1.9.9.179.1.3.14.1
The entries in this table are corresponding to the type of traffic as well as its direction and contain the default DSCP value, trust state and policers information. The number of entry in this table depends on what type of traffic supported by the device.
OBJECT-TYPE    
  CaqQosDefaultActionEntry  

caqQosTrafficDirection 1.3.6.1.4.1.9.9.179.1.3.14.1.1
Indicates whether this row's parameters are to be applied for ingress or for egress traffic.
OBJECT-TYPE    
  CaqDirection  

caqQosTrafficType 1.3.6.1.4.1.9.9.179.1.3.14.1.2
Indicates whether this row's parameters are to be applied for Ethernet, IP or IPX traffic.
OBJECT-TYPE    
  INTEGER mac(1), ip(2), ipx(3)  

caqQosDefaultTrustState 1.3.6.1.4.1.9.9.179.1.3.14.1.3
Indicates the default assigned trust state. If trustCos(2) is specified, the default DSCP value of an unmatched packet should refer to caqCosToDscpDscp object in caqCosToDscpTable to transfer layer 2 CoS value to DSCP value. If trustIpPrec(3) is specified, the default DSCP value of an unmatched packet should refer to caqIpPrecToDscpDscp object in caqIpPrecToDscpTable to transfer IP Precedence value to DSCP value. If trustDscp(4) is specified, the default DSCP value of an unmatched packet is the one which packets carry. If noTrust(1) is specified, the default DSCP value of an unmatched packet will have the value of caqQosDefaultDscp object.
OBJECT-TYPE    
  INTEGER noTrust(1), trustCos(2), trustIpPrec(3), trustDscp(4)  

caqQosDefaultDscp 1.3.6.1.4.1.9.9.179.1.3.14.1.4
This object is only instantiated when the caqQosDefaultTrust object in the same entry has been set to noTrust(1).
OBJECT-TYPE    
  Dscp  

caqQosDefaultMicroflow 1.3.6.1.4.1.9.9.179.1.3.14.1.5
Indicates a microflow policer name. The value of this object either matches the value of caqFlowPolicerName object of an active entry in caqFlowPolicerTable or has an empty string value. If there is no default microflow policer defined for unmatched traffic, this object should be an empty string. If the microflow(0) bit of caqFlowPolicingCpb object is turned off, this object should also be an empty string. Otherwise it should match the value of caqFlowPolicerName of an entry in the caqFlowPolicerTable which has its RowStatus value to be active(1) and the type of the policer should be microflow(1).
OBJECT-TYPE    
  CaqPolicerNameOrEmpty  

caqQosDefaultAggregate 1.3.6.1.4.1.9.9.179.1.3.14.1.6
Indicates an aggregate policer name. The value of this object either matches the value of caqFlowPolicerName object of an active entry in caqFlowPolicerTable or has an empty string value. If there is no default aggregate policer defined for unmatched traffic, this object should be an empty string. If the aggregate(1) bit of caqFlowPolicingCpb object is turned off, this object should also be an an empty string. Otherwise it should match the value of caqFlowPolicerName of an entry in the caqFlowPolicerTable which has its RowStatus value to be active(1) and the type of the policer should be aggregate(2).
OBJECT-TYPE    
  CaqPolicerNameOrEmpty  

caqAclFeatureCpb 1.3.6.1.4.1.9.9.179.1.3.15
Indicates the set of features that the device supports related to ACLs configured in the device. vlanAclHitCount(0) indicates that the device supports ACL hit count feature for ACLs attached to VLAN interfaces. portAclHitCount(1) indicates that the device supports ACL hit count feature for ACLs attached to physical interfaces.
OBJECT-TYPE    
  BITS vlanAclHitCount(0), portAclHitCount(1)  

caqL3PacketsDropByPolicer 1.3.6.1.4.1.9.9.179.1.4.1
Indicates the number of Layer 3 packets dropped due to policing.
OBJECT-TYPE    
  Counter64  

caqTosChangedIpPackets 1.3.6.1.4.1.9.9.179.1.4.2
Indicates the number of IP packets have the Tos value changed.
OBJECT-TYPE    
  Counter64  

caqCosChangedIpPackets 1.3.6.1.4.1.9.9.179.1.4.3
Indicates the number of IP packets have the Cos value changed.
OBJECT-TYPE    
  Counter64  

caqCosChangedNonIpPackets 1.3.6.1.4.1.9.9.179.1.4.4
Indicates the number of non IP packets have the Cos value changed.
OBJECT-TYPE    
  Counter64  

caqPortStatsTable 1.3.6.1.4.1.9.9.179.1.4.5
A table containing QoS statistics counters per physical interface.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqPortStatsEntry

caqPortStatsEntry 1.3.6.1.4.1.9.9.179.1.4.5.1
An entry contains QoS statistics maintained by the switching engine.
OBJECT-TYPE    
  CaqPortStatsEntry  

caqPortStatsDirection 1.3.6.1.4.1.9.9.179.1.4.5.1.1
Indicates traffic direction of an physical interface.
OBJECT-TYPE    
  CaqDirection  

caqPortStatsQueueNumber 1.3.6.1.4.1.9.9.179.1.4.5.1.2
Indicates the queue number of the interface for which statistics are collected. For example : if the port type of this interface is 1P2Q2T, this object can be 1, 2, 3.
OBJECT-TYPE    
  CaqQueueNumber  

caqPortStatsThresholdNumber 1.3.6.1.4.1.9.9.179.1.4.5.1.3
Indicates the threshold number of a queue on the interface for which statistics are collected. For example : if the port type of this interface is 1P2Q2T, this object can be 1, 2.
OBJECT-TYPE    
  CaqThresholdNumber  

caqPortStatsDropPkts 1.3.6.1.4.1.9.9.179.1.4.5.1.4
The number of packets have been received then dropped from the interface because they exceeded the threshold value configured at this queue and threshold of this interface.
OBJECT-TYPE    
  Counter64  

caqPortStatsDropPktsAveRate 1.3.6.1.4.1.9.9.179.1.4.5.1.5
The five minute linearly-decayed moving average of packets have been received then dropped from the interface because they exceeded the threshold value configured at this queue and threshold of this interface.
OBJECT-TYPE    
  Gauge32  

caqPortStatsDropPktsPeakRate 1.3.6.1.4.1.9.9.179.1.4.5.1.6
The peak rate of packets have been received then dropped from the interface because they exceeded the threshold value configured at this queue and threshold of this interface over the past five minutes.
OBJECT-TYPE    
  Gauge32  

caqFlowStatsTable 1.3.6.1.4.1.9.9.179.1.4.6
A table containing QoS statistics counter per flow.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqFlowStatsEntry

caqFlowStatsEntry 1.3.6.1.4.1.9.9.179.1.4.6.1
An entry contains the number of out of profile packet per flow maintained by the switching engine.
OBJECT-TYPE    
  CaqFlowStatsEntry  

caqFlowStatsOutOfProfilePackets 1.3.6.1.4.1.9.9.179.1.4.6.1.1
Indicates the number of out-of-profile packets in this flow.
OBJECT-TYPE    
  Counter64  

caqAggPolicerStatsTable 1.3.6.1.4.1.9.9.179.1.4.7
A table containing QoS statistics counter per aggregate policer.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqAggPolicerStatsEntry

caqAggPolicerStatsEntry 1.3.6.1.4.1.9.9.179.1.4.7.1
An entry contains the number of packet policed and the number of out of profile packets per aggregate policer.
OBJECT-TYPE    
  CaqAggPolicerStatsEntry  

caqAggPolicerName 1.3.6.1.4.1.9.9.179.1.4.7.1.1
The name of a policer. This name has to be unique to identify an aggregate policer in the device.
OBJECT-TYPE    
  CaqPolicerName  

caqAggPolicerPackets 1.3.6.1.4.1.9.9.179.1.4.7.1.2
Indicates the number of packets is policed by this aggregate policer. This object is only instantiated if such info is available in the device.
OBJECT-TYPE    
  Counter64  

caqAggPolicerNRExceedPackets 1.3.6.1.4.1.9.9.179.1.4.7.1.3
Indicates the number of packets exceeded the normal rate of this aggregate policer. This object in only instantiated if such info is available in the device.
OBJECT-TYPE    
  Counter64  

caqAggPolicerERExceedPackets 1.3.6.1.4.1.9.9.179.1.4.7.1.4
Indicates the number of packets exceeded the excess rate of this policer. This object is only instantiated if such info is available in the device and if excess rate is supported by the device as indicated by caqFlowPolicerExcessRateSupport object.
OBJECT-TYPE    
  Counter64  

caqAggPolicerOctets 1.3.6.1.4.1.9.9.179.1.4.7.1.5
Indicates the number of octets is policed by this aggregate policer. This object is only instantiated if such info is available in the device.
OBJECT-TYPE    
  Counter64  

caqAggPolicerNRExceedOctets 1.3.6.1.4.1.9.9.179.1.4.7.1.6
Indicates the number of octets exceeded the normal rate of this aggregate policer. This object is only instantiated if such info is available in the device.
OBJECT-TYPE    
  Counter64  

caqAggPolicerERExceedOctets 1.3.6.1.4.1.9.9.179.1.4.7.1.7
Indicates the number of octets exceeded the excess rate of this policer. This object is only instantiated if such info is available in the device and if excess rate is supported by the device as indicated by caqFlowPolicerExcessRateSupport object.
OBJECT-TYPE    
  Counter64  

caqAggPolicerOctetsRate 1.3.6.1.4.1.9.9.179.1.4.7.1.8
Indicates five minute linearly-decayed moving average of octets policed by this aggregate policer. This object is only instantiated if such info is available in the device.
OBJECT-TYPE    
  CounterBasedGauge64  

caqAggPolicerNRExceedOctetsRate 1.3.6.1.4.1.9.9.179.1.4.7.1.9
Indicates five minute linearly-decayed moving average of octets exceeded the normal rate of this aggregate policer. This object is only instantiated if such info is available in the device.
OBJECT-TYPE    
  CounterBasedGauge64  

caqAggPolicerERExceedOctetsRate 1.3.6.1.4.1.9.9.179.1.4.7.1.10
Indicates five minute linearly-decayed moving average of octets exceeded the excess rate of this policer. This object is only instantiated if such info is available in the device and if excess rate is supported by the device as indicated by caqFlowPolicerExcessRateSupport object.
OBJECT-TYPE    
  CounterBasedGauge64  

caqAggPolicerOctetsPeakRate 1.3.6.1.4.1.9.9.179.1.4.7.1.11
Indicates peak rate of octets is policed by this aggregate policer over the past five minute. This object is only instantiated if such info is available in the device.
OBJECT-TYPE    
  CounterBasedGauge64  

caqAggPolicerPacketsRate 1.3.6.1.4.1.9.9.179.1.4.7.1.12
Indicates five minute linearly-decayed moving average of packets policed by this aggregate policer. This object is only instantiated if such info is available in the device.
OBJECT-TYPE    
  CounterBasedGauge64  

caqAggPolicerNRExceedPacketsRate 1.3.6.1.4.1.9.9.179.1.4.7.1.13
Indicates five minute linearly-decayed moving average of packets exceeded the normal rate of this aggregate policer. This object is only instantiated if such info is available in the device.
OBJECT-TYPE    
  CounterBasedGauge64  

caqAggPolicerERExceedPacketsRate 1.3.6.1.4.1.9.9.179.1.4.7.1.14
Indicates five minute linearly-decayed moving average of packets exceeded the excess rate of this policer. This object is only instantiated if such info is available in the device and if excess rate is supported by the device as indicated by caqFlowPolicerExcessRateSupport object.
OBJECT-TYPE    
  CounterBasedGauge64  

caqAggPolicerPacketsPeakRate 1.3.6.1.4.1.9.9.179.1.4.7.1.15
Indicates peak rate of packets is policed by this aggregate policer over the past five minutes. This object is only instantiated if such info is available in the device.
OBJECT-TYPE    
  CounterBasedGauge64  

caqL3PacketsDropByPolicerAveRate 1.3.6.1.4.1.9.9.179.1.4.8
Indicates five minute linearly-decayed moving average of Layer 3 packets dropped due to policing.
OBJECT-TYPE    
  CounterBasedGauge64  

caqL3PacketsDropByPolicerPeakRate 1.3.6.1.4.1.9.9.179.1.4.9
Indicates the peak rate of Layer 3 packets dropped due to policing over the past five minutes.
OBJECT-TYPE    
  CounterBasedGauge64  

caqTosChangedIpPacketsAveRate 1.3.6.1.4.1.9.9.179.1.4.10
Indicates five minute linearly-decayed moving average of IP packets have the Tos value change.
OBJECT-TYPE    
  CounterBasedGauge64  

caqTosChangedIpPacketsPeakRate 1.3.6.1.4.1.9.9.179.1.4.11
Indicates the peak rate of IP packets have the Tos value change over the past five minute.
OBJECT-TYPE    
  CounterBasedGauge64  

caqCosChangedIpPacketsAveRate 1.3.6.1.4.1.9.9.179.1.4.12
Indicates five minute linearly-decayed moving average of IP packets have the Cos value change.
OBJECT-TYPE    
  CounterBasedGauge64  

caqCosChangedIpPacketsPeakRate 1.3.6.1.4.1.9.9.179.1.4.13
Indicates the peak rate of IP packets have the Cos value change over the past five minutes.
OBJECT-TYPE    
  CounterBasedGauge64  

caqCosChangedNonIpPacketsAveRate 1.3.6.1.4.1.9.9.179.1.4.14
Indicates five minute linearly-decayed moving average of non IP packets have the Cos value change.
OBJECT-TYPE    
  CounterBasedGauge64  

caqCosChangedNonIpPacketPeakRate 1.3.6.1.4.1.9.9.179.1.4.15
Indicates the peak rate of non IP packets have the Cos value change over the past five minutes.
OBJECT-TYPE    
  CounterBasedGauge64  

caqBridgedPolicerTable 1.3.6.1.4.1.9.9.179.1.5.1
This table provides configuration information for each (existing) VLAN on whether or not bridged packets are policed at the microflow level on that VLAN. This configuration is useful in situations in which there are insufficient resources to police bridged packets at the microflow level on all VLANs. This configuration has no effect on aggregate policing.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqBridgedPolicerEntry

caqBridgedPolicerEntry 1.3.6.1.4.1.9.9.179.1.5.1.1
A conceptual row in the caqBridgedPolicerTable to control if bridged packets are policed at microflow level on a particular VLAN.
OBJECT-TYPE    
  CaqBridgedPolicerEntry  

caqBridgedFlowVlanIndex 1.3.6.1.4.1.9.9.179.1.5.1.1.1
The VLAN-id of this VLAN.
OBJECT-TYPE    
  VlanIndex  

caqBridgedFlowEnabled 1.3.6.1.4.1.9.9.179.1.5.1.1.2
Enable or Disable this function. If this objects is set to true, the bridged packets will be policed at microflow level. If it is set to false, bridged packets won't be policed at microflow level. This value has no effect on aggregate policing. The default is false.
OBJECT-TYPE    
  TruthValue  

caqCosMacVlanRouterTable 1.3.6.1.4.1.9.9.179.1.5.2
This table is used either to assign a Cos value to frames on a specific VLAN and which have a specific destination MAC address and/or to indicate if the configured destination MAC address is of a router. This table is applied only for platform that supports these features.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqCosMacVlanRouterEntry

caqCosMacVlanRouterEntry 1.3.6.1.4.1.9.9.179.1.5.2.1
The Cos value to be assigned to frames on a specific VLAN and which have a specific destination MAC address and/or the configured destination MAC address is of a router.
OBJECT-TYPE    
  CaqCosMacVlanRouterEntry  

caqCosMacAddress 1.3.6.1.4.1.9.9.179.1.5.2.1.1
Indicates the destination MAC address to match against the flow.
OBJECT-TYPE    
  MacAddress  

caqCosVlanNumber 1.3.6.1.4.1.9.9.179.1.5.2.1.2
Indicates the VLAN number.
OBJECT-TYPE    
  VlanIndex  

caqMacAddressCpb 1.3.6.1.4.1.9.9.179.1.5.2.1.3
Indicates the capability of the destination MAC address denoted by caqCosMacAddress object in the same row. routerMac(0) means that it is a router Mac address. cosVlanMac(1) means that a Cos value is assigned to frames on a specific VLAN and which has this MAC address as its destination.
OBJECT-TYPE    
  BITS routerMac(0), cosVlanMac(1)  

caqCosValue 1.3.6.1.4.1.9.9.179.1.5.2.1.4
Indicates the Cos value. This object is only instantiated if the cosVlanMac bit in caqMacAddressCpb object is turned on.
OBJECT-TYPE    
  QosLayer2Cos  

caqCosMacVlanRouterStatus 1.3.6.1.4.1.9.9.179.1.5.2.1.5
The status of this conceptual row entry. This object is used to manage creation, deletion and modification of rows in this table. An entry may not exist in the active state unless all objects in the entry have an appropriate value. Once a row becomes active, value in any other column within such row cannot be modified except by setting caqCosMacVlanRouterStatus to notInService(2) for such row.
OBJECT-TYPE    
  RowStatus  

caqPbfStatus 1.3.6.1.4.1.9.9.179.1.6.1
Indicates the status of policy-based forwarding (PBF) engine. macAddrOk(1) indicates that the MAC address of the PBF engine is set successfully and PBF engine is operational. macAddrNotSet(2) indicates that the MAC address of the PBF engine is not set and PBF engine is not operational. msfcPresent(3) indicates that there is a Multiplayer Switch Feature Card (MSFC) present in the device thus the PBF engine is not operational.
OBJECT-TYPE    
  INTEGER macAddrOk(1), macAddrNotSet(2), msfcPresent(3)  

caqPbfMacAddress 1.3.6.1.4.1.9.9.179.1.6.2
Indicates the PBF engine MAC address. When the value of caqPbfStatus is msfcPresent(3), this object cannot be configured and its previously configured value is ignored.
OBJECT-TYPE    
  MacAddress  

caqAdjacencyTable 1.3.6.1.4.1.9.9.179.1.6.3
This table contains a list of adjacencies to use in policy-based forwarding (PBF). PBF is a feature that makes possible forwarding between two different VLANs without having a router.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqAdjacencyEntry

caqAdjacencyEntry 1.3.6.1.4.1.9.9.179.1.6.3.1
An entry defines an adjacency. Each adjacency consists of a destination VLAN, source and destination MAC address as well as adjacency name and MTU configuration.
OBJECT-TYPE    
  CaqAdjacencyEntry  

caqAdjIndex 1.3.6.1.4.1.9.9.179.1.6.3.1.1
Indicates the index of this adjacency.
OBJECT-TYPE    
  Unsigned32 1..65535  

caqAdjDstVlanNumber 1.3.6.1.4.1.9.9.179.1.6.3.1.2
Indicates the destination VLAN number of this adjacency.
OBJECT-TYPE    
  VlanIndex  

caqAdjDstMacAddress 1.3.6.1.4.1.9.9.179.1.6.3.1.3
Indicates the adjacency destination MAC address.
OBJECT-TYPE    
  MacAddress  

caqAdjSrcMacAddress 1.3.6.1.4.1.9.9.179.1.6.3.1.4
Indicates the adjacency source MAC address. If this object is not configured, it will contain the MAC address of the PBF engine which is denoted by caqPbfMacAddress object.
OBJECT-TYPE    
  MacAddress  

caqAdjName 1.3.6.1.4.1.9.9.179.1.6.3.1.5
Indicates the adjacency name. The adjacency name should be unique among all entries in this table.
OBJECT-TYPE    
  CaqAdjacencyName  

caqAdjMtu 1.3.6.1.4.1.9.9.179.1.6.3.1.6
Indicates the adjacency MTU.
OBJECT-TYPE    
  Unsigned32 576..18190  

caqAdjHitCount 1.3.6.1.4.1.9.9.179.1.6.3.1.7
Indicates the number of packets that have matched this adjacency's criteria. The value of this object is cleared when this row is derefenced by entries in caqSecurityActionTable.
OBJECT-TYPE    
  Counter64  

caqAdjStatus 1.3.6.1.4.1.9.9.179.1.6.3.1.8
Indicates the status of this adjacency conceptual entry. This object is used to manage creation, deletion and modification of rows in this table. An entry may not exist in the active state unless all objects in the entry have an appropriate value. Once a row becomes active, value in any other column within such row cannot be modified. This object cannot be changed from active(1) to any other value if the following two conditions are met: - There is an active entry in caqSecurityActionTable with caqSecurityAdjIndex equal to caqAdjIndex. - That entry has caqSecurityAction set to redirectWithAdj(4).
OBJECT-TYPE    
  RowStatus  

caqAclLogMaxFlow 1.3.6.1.4.1.9.9.179.1.7.1
Indicates the maximum number of traffic flow will be logged by the device.
OBJECT-TYPE    
  Unsigned32 256..2048  

caqAclSecurityLoggingRateLimit 1.3.6.1.4.1.9.9.179.1.7.2
Indicates the redirect rate of traffic flow subjected to security ACL logging.
OBJECT-TYPE    
  Unsigned32 500..5000  

caqAclRouterAclRateLimit 1.3.6.1.4.1.9.9.179.1.7.3
Indicates the redirect rate of traffic flow subjected to router ACL logging.
OBJECT-TYPE    
  Unsigned32 1..1000  

caqIpFlowLoggingTable 1.3.6.1.4.1.9.9.179.1.7.4
This table contains a list of IP flows that describes the IP traffic denied and logged by the device.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqIpFlowLoggingEntry

caqIpFlowLoggingEntry 1.3.6.1.4.1.9.9.179.1.7.4.1
An entry describes an IP flow, consisting of a set of data such as source and destination address, source and destination port as well as protocol specific information. To keep the table from overflow, each entry contains a TTL (Time to Live) object. An entry will be removed from this table when its TTL value reaches zero.
OBJECT-TYPE    
  CaqIpFlowLoggingEntry  

caqIpFlowLoggingIndex 1.3.6.1.4.1.9.9.179.1.7.4.1.1
The index of this table for indicating a logged IP flow.
OBJECT-TYPE    
  Unsigned32 1..65535  

caqIpFlowVlan 1.3.6.1.4.1.9.9.179.1.7.4.1.2
Indicates the VLAN number which this logged IP flow belongs.
OBJECT-TYPE    
  VlanIndex  

caqIpFlowIfIndex 1.3.6.1.4.1.9.9.179.1.7.4.1.3
Indicates the ifIndex of the interface where this logged IP flow arrived.
OBJECT-TYPE    
  InterfaceIndex  

caqIpFlowProtocolType 1.3.6.1.4.1.9.9.179.1.7.4.1.4
The protocol number field in the IP header of this logged IP flow as specified in RFC 1700.
OBJECT-TYPE    
  Unsigned32 0..255  

caqIpFlowAddrType 1.3.6.1.4.1.9.9.179.1.7.4.1.5
Indicates the address type for addresses specified in caqIpFlowSrcIp and caqIpFlowDestIp of this logged IP flow.
OBJECT-TYPE    
  InetAddressType  

caqIpFlowSrcIp 1.3.6.1.4.1.9.9.179.1.7.4.1.6
Indicates the source address of this logged IP flow.
OBJECT-TYPE    
  InetAddress  

caqIpFlowSrcPort 1.3.6.1.4.1.9.9.179.1.7.4.1.7
Indicates the source port number of this logged IP flow when its protocol field is TCP or UDP. The value of this object is -1 if the flow is not UDP or TCP traffic.
OBJECT-TYPE    
  Integer32 -1 | 0..65535  

caqIpFlowDestIp 1.3.6.1.4.1.9.9.179.1.7.4.1.8
Indicates the destination address of this logged IP flow.
OBJECT-TYPE    
  InetAddress  

caqIpFlowDestPort 1.3.6.1.4.1.9.9.179.1.7.4.1.9
Indicates the destination port number of this logged IP flow when its protocol field is TCP or UDP. The value of this object is -1 if the flow is not UDP or TCP traffic.
OBJECT-TYPE    
  Integer32 -1 | 0..65535  

caqIpFlowIcmpType 1.3.6.1.4.1.9.9.179.1.7.4.1.10
Indicates the message type of ICMP packets. The value of this object is -1 if the flow is not ICMP traffic.
OBJECT-TYPE    
  Integer32 -1 | 0..255  

caqIpFlowIcmpCode 1.3.6.1.4.1.9.9.179.1.7.4.1.11
Indicates the message code of ICMP packets. The value of this object is -1 if the flow is not ICMP traffic.
OBJECT-TYPE    
  Integer32 -1 | 0..255  

caqIpFlowIgmpType 1.3.6.1.4.1.9.9.179.1.7.4.1.12
Indicates the message type of IGMP packets. The value of this object is -1 if the flow is not IGMP traffic.
OBJECT-TYPE    
  Integer32 -1 | 0..15  

caqIpFlowArpOpcode 1.3.6.1.4.1.9.9.179.1.7.4.1.13
Indicates the ARP opcode value of this ARP flow. If the value of this object is notApplicable(1), this flow is not ARP traffic. If the value of this object is request(2), this flow is ARP request traffic. If the value of this object is reply(3), this flow is ARP reply traffic.
OBJECT-TYPE    
  INTEGER notApplicable(1), request(2), reply(3)  

caqIpFlowArpSrcMacAddr 1.3.6.1.4.1.9.9.179.1.7.4.1.14
Indicates the Ethernet Source Address value of this ARP flow. This object is ignored if the flow is not ARP traffic.
OBJECT-TYPE    
  MacAddress  

caqIpFlowArpHeaderSrcMacAddr 1.3.6.1.4.1.9.9.179.1.7.4.1.15
Indicates the Ethernet Source Address value included in the ARP header of this ARP flow. This object is ignored if the flow is not ARP traffic.
OBJECT-TYPE    
  MacAddress  

caqIpFlowPacketsCount 1.3.6.1.4.1.9.9.179.1.7.4.1.16
Indicates the number of packets that belong to this IP flow.
OBJECT-TYPE    
  Counter32  

caqIpFlowLoggingTTL 1.3.6.1.4.1.9.9.179.1.7.4.1.17
Indicates the TTL (Time to Live) of this entry. The entry is removed when its value of this object reaches 0.
OBJECT-TYPE    
  Unsigned32  

caqIpFlowArpLoggingSource 1.3.6.1.4.1.9.9.179.1.7.4.1.18
Indicates the source that triggered the logging of this ARP flow. This object value is 'notApplicable' if the flow is not ARP traffic. 'dai' indicates the logging source is Dynamic Arp Inspection feature. 'acl' indicates the logging source is a configured security access control list (ACL).
OBJECT-TYPE    
  INTEGER notApplicable(1), dai(2), acl(3)  

caqIpFlowArpAclName 1.3.6.1.4.1.9.9.179.1.7.4.1.19
Indicates the security ACL name which triggered the logging of this ARP flow. This object is ignored if the value of caqIpFlowArpLoggingSource object in the same row is not 'acl'.
OBJECT-TYPE    
  SnmpAdminString  

caqIpFlowArpAceNumber 1.3.6.1.4.1.9.9.179.1.7.4.1.20
Indicates the ACE number within the ACL denoted by caqIpFlowArpAclName object which triggered the logging of this ARP flow. This object is ignored if the value of caqIpFlowArpLoggingSource object in the same row is not 'acl'.
OBJECT-TYPE    
  Unsigned32  

caqAclArpInspMatchMac 1.3.6.1.4.1.9.9.179.1.8.2
Indicates whether for ARP packets MAC address matching of ethernet header and the source MAC address specified in ARP header is enabled. It also indicates the action taken when the addresses do not match. If this object value is disable(1), the device will not check for matching of source MAC address in ethernet header with the sender MAC address in ARP header for ARP packets. If this object value is enable(2), the device will check for matching of source MAC address in ethernet header with the sender MAC address in ARP header for ARP packets. A syslog message is generated if the MAC addresses check fails. If this object value is drop(3), the device will check for MAC addresses matching and ARP packets whose MAC addresses do not match will be dropped. If this object value is dropAndLog(4), the device will check for MAC addresses matching and ARP packets whose MAC addresses do not match will be dropped and logged into caqIpFlowLoggingTable.
OBJECT-TYPE    
  INTEGER disable(1), enable(2), drop(3), dropAndLog(4)  

caqAclArpInspAddrValidation 1.3.6.1.4.1.9.9.179.1.8.3
Indicates whether for ARP packets checking for valid source MAC and source IP address specified in ARP header is enabled. It also indicates the action taken when the addresses are not valid. If this object value is disable(1), the device will not check for valid MAC and IP address for ARP packets. If this object value is enable(2), the device will check for valid MAC and IP address for ARP packets. A syslog message is generated if the addresses check fails. If this object value is drop(3), the device will check for valid MAC and IP addresses. ARP packets whose have illegal MAC and IP addresses will be dropped. If this object value is dropAndLog(4), the device will check for valid MAC and IP addresses. ARP packets whose have invalid MAC and IP addresses will be dropped and logged into caqIpFlowLoggingTable.
OBJECT-TYPE    
  INTEGER disable(1), enable(2), drop(3), dropAndLog(4)  

caqArpInspGlobalForwardedPkts 1.3.6.1.4.1.9.9.179.1.8.4
Indicates the total number of packets subjected to ARP Inspection is forwarded.
OBJECT-TYPE    
  Counter64  

caqArpInspGlobalDroppedPkts 1.3.6.1.4.1.9.9.179.1.8.5
Indicates the total number of packets subjected to ARP Inspection is dropped.
OBJECT-TYPE    
  Counter64  

caqRARPForwardedPkts 1.3.6.1.4.1.9.9.179.1.8.6
Indicates the total number of packets subjected to Reverse ARP (RARP) Inspection is forwarded.
OBJECT-TYPE    
  Counter64  

caqMatchedMacFailedPkts 1.3.6.1.4.1.9.9.179.1.8.7
Indicates the total number of packets subjected to ARP Inspection whose MAC address specified in the ethernet header and the source MAC address specified in ARP header does not match.
OBJECT-TYPE    
  Counter64  

caqAddrValidationFailedPkts 1.3.6.1.4.1.9.9.179.1.8.8
Indicates the total number of ARP packets that have invalid source MAC address or invalid source IP address specified in the ARP header.
OBJECT-TYPE    
  Counter64  

caqArpInspIpDroppedPkts 1.3.6.1.4.1.9.9.179.1.8.9
Indicates the total number of IP packets dropped by ARP Inspection because of invalid IP address.
OBJECT-TYPE    
  Counter64  

caqArpInspStatsTable 1.3.6.1.4.1.9.9.179.1.8.10
A table containing ARP Inspection statistics counter per ACL.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqArpInspStatsEntry

caqArpInspStatsEntry 1.3.6.1.4.1.9.9.179.1.8.10.1
An entry contains the numbers of packet permitted or denied per ACL.
OBJECT-TYPE    
  CaqArpInspStatsEntry  

caqArpInspAclName 1.3.6.1.4.1.9.9.179.1.8.10.1.1
The name of an ACL that contains ACE used for ARP Inspection.
OBJECT-TYPE    
  CaqAclName  

caqArpInspForwardedPackets 1.3.6.1.4.1.9.9.179.1.8.10.1.2
Indicates the number of packets subjected to ARP Inspection is forwarded by this ACL.
OBJECT-TYPE    
  Counter64  

caqArpInspDroppedPackets 1.3.6.1.4.1.9.9.179.1.8.10.1.3
Indicates the number of packets subjected to ARP Inspection is dropped by this ACL.
OBJECT-TYPE    
  Counter64  

caqIfArpInspConfigTable 1.3.6.1.4.1.9.9.179.1.8.11
This table contains the configuration of several threshold values related to ARP Inspection at each physical interface.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqIfArpInspConfigEntry

caqIfArpInspConfigEntry 1.3.6.1.4.1.9.9.179.1.8.11.1
Each entry contains the configuration for drop threshold and shutdown threshold for ARP Inspection at each physical interface that supports this feature. Some of the interfaces (but not limited to) for which this feature might be applicable are: ifType = ethernetCsmacd(6).
OBJECT-TYPE    
  CaqIfArpInspConfigEntry  

caqIfArpInspDropThreshold 1.3.6.1.4.1.9.9.179.1.8.11.1.1
Indicates the drop threshold value where excess packets of a traffic flow subjected to ARP Inspection will be dropped if its rate is greater than this threshold value. If the value of this object is 0, no rate limit is applied for dropping ARP traffic at this interface.
OBJECT-TYPE    
  Unsigned32 0..5000  

caqIfArpInspShutdownThreshold 1.3.6.1.4.1.9.9.179.1.8.11.1.2
Indicates the threshold value where the interface will be shutdown if traffic rate subjected to ARP Inspection is greater than this threshold value. If the value of this object is 0, no ARP traffic rate limit is applied for shutting down the interface.
OBJECT-TYPE    
  Unsigned32 0..5000  

caqAclHitCountVlansLow 1.3.6.1.4.1.9.9.179.1.9.1
A string of octets containing one bit per VLAN for VLANs with VlanIndex value of 0 to 2047. The first octet corresponds to VLANs with VlanIndex values of 0 through 7; the second octet to VLANs 8 through 15; etc. The most significant bit of each octet corresponds to the lowest value VlanIndex in that octet. For each VLAN, if ACL hit count feature is enabled then the bit corresponding to that VLAN is set to '1'. Note that if the length of this string is less than 256 octets, any 'missing' octets are assumed to contain the value zero. A NMS may omit any zero-valued octets from the end of this string in order to reduce SetPDU size, and the agent may also omit zero-valued trailing octets, to reduce the size of GetResponse PDUs. This object is only instantiated when the vlanAclHitCount(0) bit is set to '1' in the caqAclFeatureCpb object.
OBJECT-TYPE    
  STRING Size(0..256)  

caqAclHitCountVlansHigh 1.3.6.1.4.1.9.9.179.1.9.2
A string of octets containing one bit per VLAN for VLANs with VlanIndex value of 2048 to 4095. The first octet corresponds to VLANs with VlanIndex values of 2048 through 2055; the second octet to VLANs 2056 through 2063; etc. The most significant bit of each octet corresponds to the lowest value VlanIndex in that octet. For each VLAN, if ACL hit count feature is enabled then the bit corresponding to that VLAN is set to '1'. Note that if the length of this string is less than 256 octets, any 'missing' octets are assumed to contain the value zero. A NMS may omit any zero-valued octets from the end of this string in order to reduce SetPDU size, and the agent may also omit zero-valued trailing octets, to reduce the size of GetResponse PDUs. This object is only instantiated when the vlanAclHitCount(0) bit is set to '1' in the caqAclFeatureCpb object.
OBJECT-TYPE    
  STRING Size(0..256)  

caqAclHitCountPortList 1.3.6.1.4.1.9.9.179.1.9.3
Indicates the set of physical port(s), in bridge port number, where ACL hit count feature is enabled. For each port, if ACL hit count feature is enabled then the bit corresponding to that port is set to '1'. This object is only instantiated when the portAclHitCount(1) bit is set to '1' in the caqAclFeatureCpb object.
OBJECT-TYPE    
  CiscoPortList  

caqAclHitCountTable 1.3.6.1.4.1.9.9.179.1.9.4
This table provides the hit count configuration on ACLs which support this feature.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqAclHitCountEntry

caqAclHitCountEntry 1.3.6.1.4.1.9.9.179.1.9.4.1
An entry indicates whether the hit count feature is enabled on a particular ACL as well as its statistic collection mode.
OBJECT-TYPE    
  CaqAclHitCountEntry  

caqAclHitCountAclType 1.3.6.1.4.1.9.9.179.1.9.4.1.1
Indicates the type of ACL. ipSecurity(1) indicates that this ACL is an IP Security ACL. ipxSecurity(2) indicates that this ACL is an IPX Security ACL. macSecurity(3) indicates that this ACL is a MAC Security ACL.
OBJECT-TYPE    
  CaqHitCountAclType  

caqAclHitCountAclName 1.3.6.1.4.1.9.9.179.1.9.4.1.2
Indicates the ACL name which should exist in the ACL tables e.g. in caqIpAceTable. This ACL must be matching the type specified in caqAclHitCountAclType in the same row.
OBJECT-TYPE    
  CaqAclName  

caqAclHitCountEnable 1.3.6.1.4.1.9.9.179.1.9.4.1.3
Indicates whether this ACL hit count is enabled.
OBJECT-TYPE    
  TruthValue  

caqAceHitCountTable 1.3.6.1.4.1.9.9.179.1.9.5
This table provides the hit count configuration on ACEs which support this feature.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqAceHitCountEntry

caqAceHitCountEntry 1.3.6.1.4.1.9.9.179.1.9.5.1
An entry indicates whether the hit count feature is enabled on a particular ACE as well as its hit count statistic.
OBJECT-TYPE    
  CaqAceHitCountEntry  

caqAceHitCountAclType 1.3.6.1.4.1.9.9.179.1.9.5.1.1
Indicates the type of ACL. ipSecurity(1) indicates that this ACL is an IP Security ACL. ipxSecurity(2) indicates that this ACL is an IPX Security ACL. macSecurity(3) indicates that this ACL is a MAC Security ACL.
OBJECT-TYPE    
  CaqHitCountAclType  

caqAceHitCountAclName 1.3.6.1.4.1.9.9.179.1.9.5.1.2
Indicates the ACL name which should exist in the ACL tables e.g. in caqIpAceTable. This ACL must be matching the type specified in caqAceHitCountAclType in the same row.
OBJECT-TYPE    
  CaqAclName  

caqAceHitCountAceIndex 1.3.6.1.4.1.9.9.179.1.9.5.1.3
The index of an ACE within an ACL.
OBJECT-TYPE    
  Unsigned32 1..65535  

caqAceHitCountEnable 1.3.6.1.4.1.9.9.179.1.9.5.1.4
Indicates whether this ACE hit count is enabled.
OBJECT-TYPE    
  TruthValue  

caqAceIngressHitCount 1.3.6.1.4.1.9.9.179.1.9.5.1.5
Indicates number of hit count for this ACE for ingress traffic.
OBJECT-TYPE    
  Counter64  

caqAceEgressHitCount 1.3.6.1.4.1.9.9.179.1.9.5.1.6
Indicates number of hit count for this ACE for egress traffic.
OBJECT-TYPE    
  Counter64  

caqIfAclHitCountTable 1.3.6.1.4.1.9.9.179.1.9.6
This table provides the ACL hit count statistics at an interface. An interface can be a physical port if the bit portAclHitCount(1) is set in the object caqAclFeatureCpb or a VLAN if the bit vlanAclHitCount(0) is set in the object caqAclFeatureCpb.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqIfAclHitCountEntry

caqIfAclHitCountEntry 1.3.6.1.4.1.9.9.179.1.9.6.1
Each entry indicates the number of hit count at each ACE belonged to an ACL which supports hit count collection at an interface where the ACL is attached.
OBJECT-TYPE    
  CaqIfAclHitCountEntry  

caqIfAclHitCountAclType 1.3.6.1.4.1.9.9.179.1.9.6.1.1
Indicates the type of ACL. ipSecurity(1) indicates that this ACL is an IP Security ACL. ipxSecurity(2) indicates that this ACL is an IPX Security ACL. macSecurity(3) indicates that this ACL is a MAC Security ACL.
OBJECT-TYPE    
  CaqHitCountAclType  

caqIfAclHitCountAclName 1.3.6.1.4.1.9.9.179.1.9.6.1.2
Indicates the ACL name which should exist in the ACL tables e.g. in caqIpAceTable. This ACL must be matching the type specified in caqIfAclHitCountAclType in the same row.
OBJECT-TYPE    
  CaqAclName  

caqIfAclHitCountAceIndex 1.3.6.1.4.1.9.9.179.1.9.6.1.3
The index of an ACE within an ACL.
OBJECT-TYPE    
  Unsigned32 1..65535  

caqIfAclIngressHitCount 1.3.6.1.4.1.9.9.179.1.9.6.1.4
Indicates the number of hit count of this ACE for ingress traffic on this interface.
OBJECT-TYPE    
  Counter64  

caqIfAclEgressHitCount 1.3.6.1.4.1.9.9.179.1.9.6.1.5
Indicates the number of hit count of this ACE for egress traffic on this interface.
OBJECT-TYPE    
  Counter64  

caqDownloadAclInfoTable 1.3.6.1.4.1.9.9.179.1.10.1
This table provides the management information for downloaded ACLs.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqDownloadAclInfoEntry

caqDownloadAclInfoEntry 1.3.6.1.4.1.9.9.179.1.10.1.1
An entry is populated for each downloaded ACL in the device.
OBJECT-TYPE    
  CaqDownloadAclInfoEntry  

caqDownloadAclName 1.3.6.1.4.1.9.9.179.1.10.1.1.1
This object indicates the name of a downloaded ACL.
OBJECT-TYPE    
  SnmpAdminString Size(1..255)  

caqDownloadAclUserCount 1.3.6.1.4.1.9.9.179.1.10.1.1.2
This object indicates the number of users (i.e., authenticated hosts) who are using this downloaded ACL.
OBJECT-TYPE    
  Unsigned32  

caqDownloadAclDownloadTime 1.3.6.1.4.1.9.9.179.1.10.1.1.3
This object indicates the time when this ACL is downloaded to the device.
OBJECT-TYPE    
  DateAndTime  

caqIpDownloadAceTable 1.3.6.1.4.1.9.9.179.1.10.2
This table contains a list of downloaded IP ACEs for security purpose. Each ACE consists of a filter specification and behavior associated with it which describes what action to carry out on packets which match. An ACL is defined as the set of ACEs. Each ACE is named by a combination of an AclName and an ACE index, such that all the ACEs which are named using the same AclName are part of the same ACL.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqIpDownloadAceEntry

caqIpDownloadAceEntry 1.3.6.1.4.1.9.9.179.1.10.2.1
An entry defines an ACE, consisting of a set of match criteria. For a packet to match an entry, it has to match all the criteria specified in that entry.
OBJECT-TYPE    
  CaqIpDownloadAceEntry  

caqIpDownloadAclName 1.3.6.1.4.1.9.9.179.1.10.2.1.1
The name of a downloaded IP ACL.
OBJECT-TYPE    
  SnmpAdminString  

caqIpDownloadAceIndex 1.3.6.1.4.1.9.9.179.1.10.2.1.2
The index of an ACE within a downloaded ACL.
OBJECT-TYPE    
  Unsigned32  

caqIpDownloadAceMatchedAction 1.3.6.1.4.1.9.9.179.1.10.2.1.3
Indicates the action to be taken if a packet matches this ACE. If 'permit' is specified, the matched packet will be allowed through the device. If 'deny' is specified, the matched packet will be blocked and dropped. If 'denyAndLog' is specified, the matched packet will be blocked, dropped and logged. If 'permitAndCapture' is specified, the matched packet will be allowed, and a copy of it will be forwarded to capture port(s).
OBJECT-TYPE    
  INTEGER permit(1), deny(2), denyAndLog(3), permitAndCapture(4)  

caqIpDownloadAceProtocolType 1.3.6.1.4.1.9.9.179.1.10.2.1.4
The protocol number field in the IP header used to indicate the higher layer protocol as specified in RFC 1700. A value value of 0 matches every IP packet. For example : 0 is IP, 1 is ICMP, 2 is IGMP, 4 is IP in IP encapsulation, 6 is TCP, 9 is IGRP, 17 is UDP, 47 is GRE, 50 is ESP, 51 is AH, 88 is IGRP, 89 is OSPF, 94 is KA9Q/NOS compatible IP over IP, 103 is PIMv2, 108 is PCP.
OBJECT-TYPE    
  CiscoIpProtocol  

caqIpDownloadAceAddrType 1.3.6.1.4.1.9.9.179.1.10.2.1.5
The type of IP address used by this ACE entry.
OBJECT-TYPE    
  InetAddressType  

caqIpDownloadAceSrcIp 1.3.6.1.4.1.9.9.179.1.10.2.1.6
The specified source IP address. The packet's source address is AND-ed with the value of caqIpDownloadAceSrcIpMask and then compared against the value of this object. If this object value is 0.0.0.0, and the value of caqIpDownloadAceSrcIpMask object in the same entry is 255.255.255.255, this entry matches any source IP address.
OBJECT-TYPE    
  InetAddress  

caqIpDownloadAceSrcIpMask 1.3.6.1.4.1.9.9.179.1.10.2.1.7
The specified source IP address mask.
OBJECT-TYPE    
  InetAddress  

caqIpDownloadAceSrcPortOp 1.3.6.1.4.1.9.9.179.1.10.2.1.8
Indicates how a packet's source TCP/UDP port number is to be compared. 'noOperator', which is the default value, means that no comparison is to be made with the source TCP/UDP port number. 'lt' means less than, 'gt' means greater than, 'eq' means equal, 'neq' means not equal. Those 4 operators are using the caqIpDownloadAceSrcPort object as an operand which is the only one needed. 'range' means that it compares the port value between two numbers, so this operator needs 2 operands. One operand is the starting port number of the range which is caqIpDownloadAceSrcPort object, and the other operand is the ending port number of the range which the caqIpDownloadAceSrcPortRange object is in.
OBJECT-TYPE    
  INTEGER noOperator(1), lt(2), gt(3), eq(4), neq(5), range(6)  

caqIpDownloadAceSrcPort 1.3.6.1.4.1.9.9.179.1.10.2.1.9
The source port number of the TCP or UDP protocol. If the caqIpDownloadAceSrcPortOp object in the same row is 'range', this object will be the starting port number of the port range.
OBJECT-TYPE    
  InetPortNumber  

caqIpDownloadAceSrcPortRange 1.3.6.1.4.1.9.9.179.1.10.2.1.10
The source port number of the TCP or UDP protocol. If the caqIpDownloadAceSrcPortOp object in the same row is 'range', this object will be the ending port number of the port range, otherwise the value of this object is ignored.
OBJECT-TYPE    
  InetPortNumber  

caqIpDownloadAceDestIp 1.3.6.1.4.1.9.9.179.1.10.2.1.11
The specified destination IP address. The packet's destination address is AND-ed with the value of caqIpDownloadAceDestIpMask and then compared against the value of this object. If this object value is 0.0.0.0 and the value of caqIpDownloadAceDestIpMask object in the same entry is 255.255.255.255, this entry matches any destination IP address.
OBJECT-TYPE    
  InetAddress  

caqIpDownloadAceDestIpMask 1.3.6.1.4.1.9.9.179.1.10.2.1.12
The specified destination IP address mask.
OBJECT-TYPE    
  InetAddress  

caqIpDownloadAceDestPortOp 1.3.6.1.4.1.9.9.179.1.10.2.1.13
Indicates how a packet's destination TCP/UDP port number is to be compared. 'noOperator', which is the default value, means that no comparison is to be made with the destination TCP/UDP port number. 'lt' means less than. 'gt' means greater than. 'eq' means equal. 'neq' means not equal. Those 4 operators are using the caqIpDownloadAceDestPort object as an operand which is the only one needed. 'range' means that it compares the port value between two numbers, so this operator needs 2 operands. One operand is the starting port number of the range which is caqIpDownloadAceDestPort object, and the other operand is the ending port number of the range which the caqIpDownloadAceDestPortRange object is in.
OBJECT-TYPE    
  INTEGER noOperator(1), lt(2), gt(3), eq(4), neq(5), range(6)  

caqIpDownloadAceDestPort 1.3.6.1.4.1.9.9.179.1.10.2.1.14
The destination port number of the TCP or UDP protocol. If the caqIpDownloadAceDestPortOp object in the same row is 'range' this object will be the starting port number of the port range.
OBJECT-TYPE    
  InetPortNumber  

caqIpDownloadAceDestPortRange 1.3.6.1.4.1.9.9.179.1.10.2.1.15
The destination port number of the TCP or UDP protocol. If the caqIpDownloadAceDestPortOp object in the same row is 'range', this object will be the ending port number of the port range, otherwise this object value is ignored.
OBJECT-TYPE    
  InetPortNumber  

caqIpDownloadAceTosMatchCriteria 1.3.6.1.4.1.9.9.179.1.10.2.1.16
Indicates what field of Tos octet in the packet header to be matched. 'none' means that there is no need to match the ToS octet. 'matchDscp' means that the DSCP value of packet header need to be matched. If this value is specified, the caqIpDownloadAceDscp object in the same row should have valid value. 'matchIpPrec' means that the IpPrecedence value of packet header need to be matched. If this value is specifed, the caqIpDownloadAceIpPrec object in the same row should have a valid value.
OBJECT-TYPE    
  INTEGER none(1), matchDscp(2), matchIpPrec(3)  

caqIpDownloadAceIpPrec 1.3.6.1.4.1.9.9.179.1.10.2.1.17
Specifies the IP precedence value to be matched against. The value of this object is ignored whenever the value of caqIpDownloadAceTosMatchCritial object is not 'matchIpPrec'.
OBJECT-TYPE    
  CaqIpPrecedence  

caqIpDownloadAceDscp 1.3.6.1.4.1.9.9.179.1.10.2.1.18
Specifies the Dscp value to be matched against. Packets can be matched to DSCP value from 0 to 63. The value of this object is ignored whenever the value of caqIpDownloadAceTosMatchCritial object is not 'matchDscp'.
OBJECT-TYPE    
  Dscp  

caqIpDnldAcePrtocolMatchCriteria 1.3.6.1.4.1.9.9.179.1.10.2.1.19
Indicates what field in the packet header for ICMP or IGMP or TCP protocol to be matched. 'none' means no comparison is to be done for ICMP/TCP. 'matchIcmpType' means that the Type field of ICMP protocol packet header needs to be matched. If this value is specified, the caqIpDownloadAceIcmpType object in the same row should have a valid value. 'matchIcmpTypeAndCode' means that both the Type and Code fields of ICMP protocol packet header need to be matched. If this value is specified, the caqIpDownloadAceIcmpType and caqIpDownloadAceIcmpCode object in the same row should have valid values. 'matchEstablished' means that a match occurs if the TCP packet has the ACK or RST bits set. The non matching case is that of the intial TCP packet to form a connection.
OBJECT-TYPE    
  INTEGER none(1), matchIcmpType(2), matchIcmpTypeAndCode(3), matchEstablished(4)  

caqIpDownloadAceIcmpType 1.3.6.1.4.1.9.9.179.1.10.2.1.20
Indicates the message type of ICMP packets. The type is a number from 0 to 255. The value of this object is ignored whenever the value of caqIpDnldAcePrtocolMatchCriteria object is not 'matchIcmpType' or 'matchIcmpTypeAndCode'.
OBJECT-TYPE    
  Unsigned32  

caqIpDownloadAceIcmpCode 1.3.6.1.4.1.9.9.179.1.10.2.1.21
Indicates the message code of ICMP packets. The code is a number from 0 to 255. The value of this object is ignored whenever the value of caqIpDnldAcePrtocolMatchCriteria object is not 'matchIcmpTypeAndCode'.
OBJECT-TYPE    
  Unsigned32  

caqIfDownloadAclTable 1.3.6.1.4.1.9.9.179.1.10.3
This table provides the management information for physical interface where downloaded ACLs are applied.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqIfDownloadAclEntry

caqIfDownloadAclEntry 1.3.6.1.4.1.9.9.179.1.10.3.1
An entry is populated for each interface that utilies downloaded ACLs in the device.
OBJECT-TYPE    
  CaqIfDownloadAclEntry  

caqIfDownloadAclFeature 1.3.6.1.4.1.9.9.179.1.10.3.1.1
This object indicates the security feature running at this interface and trigger the download of this ACL. 'dot1x' indicates that the 802.1x feature is running at this interface and trigger the download of this ACL. 'eou' indicates that the Extensible Authentication Protocol over UDP (EOU) feature is running at this interface and trigger the download of this ACL. 'macAuth' indicates that the Mac Authentication Bypass feature is running at this interface and trigger the download of this ACL. 'webAuth' indicates that the Web Authentication feature is running at this interface and trigger the download of this ACL.
OBJECT-TYPE    
  INTEGER dot1x(1), eou(2), macAuth(3), webAuth(4)  

caqIfDownloadAclAddressType 1.3.6.1.4.1.9.9.179.1.10.3.1.2
This object indicates the type of IP address of the host.
OBJECT-TYPE    
  InetAddressType  

caqIfDownloadAclHostAddress 1.3.6.1.4.1.9.9.179.1.10.3.1.3
This object indicates IP address of the host connected to this interface. The type of this address is determined by the value of caqIfDownloadAclAddressType object.
OBJECT-TYPE    
  InetAddress  

caqIfIpPhoneMapTable 1.3.6.1.4.1.9.9.179.1.10.4
This table provides the management information for the mapping of IP Phone to interface that utilizes downloaded ACL.
OBJECT-TYPE    
  SEQUENCE OF  
    CaqIfIpPhoneMapEntry

caqIfIpPhoneMapEntry 1.3.6.1.4.1.9.9.179.1.10.4.1
An entry is populated for each interface that has an IP Phone connected to and utilizes downloaded ACL.
OBJECT-TYPE    
  CaqIfIpPhoneMapEntry  

caqIfIpPhoneAddressType 1.3.6.1.4.1.9.9.179.1.10.4.1.1
This object indicates the type of IP address of the IP Phone connected to this interface.
OBJECT-TYPE    
  InetAddressType  

caqIfIpPhoneHostAddress 1.3.6.1.4.1.9.9.179.1.10.4.1.2
This object indicates the IP address of the IP Phone. The type of this address is determined by the value of the caqIfIpPhoneAddressType object.
OBJECT-TYPE    
  InetAddress  

caqMIBNotifications 1.3.6.1.4.1.9.9.179.2
OBJECT IDENTIFIER    

caqMIBConformance 1.3.6.1.4.1.9.9.179.3
OBJECT IDENTIFIER    

caqMIBCompliances 1.3.6.1.4.1.9.9.179.3.1
OBJECT IDENTIFIER    

caqMIBGroups 1.3.6.1.4.1.9.9.179.3.2
OBJECT IDENTIFIER    

caqMIBCompliance 1.3.6.1.4.1.9.9.179.3.1.1
An implementation is only required to support IPv4 addresses.
MODULE-COMPLIANCE    
  caqIpAceSrcIp InetAddress Size(4)
  caqIpAceSrcIpMask InetAddress Size(4)
  caqIpAceDestIp InetAddress Size(4)
  caqIpAceDestIpMask InetAddress Size(4)

caqMIBCompliance2 1.3.6.1.4.1.9.9.179.3.1.2
An implementation is only required to support IPv4 addresses.
MODULE-COMPLIANCE    
  caqIpAceSrcIp InetAddress Size(4)
  caqIpAceSrcIpMask InetAddress Size(4)
  caqIpAceDestIp InetAddress Size(4)
  caqIpAceDestIpMask InetAddress Size(4)

caqMIBCompliance3 1.3.6.1.4.1.9.9.179.3.1.3
An implementation is only required to support IPv4 addresses.
MODULE-COMPLIANCE    
  caqIpAceSrcIp InetAddress Size(4)
  caqIpAceSrcIpMask InetAddress Size(4)
  caqIpAceDestIp InetAddress Size(4)
  caqIpAceDestIpMask InetAddress Size(4)

caqMIBCompliance4 1.3.6.1.4.1.9.9.179.3.1.4
An implementation is only required to support IPv4 addresses.
MODULE-COMPLIANCE    
  caqIpAceSrcIp InetAddress Size(4)
  caqIpAceSrcIpMask InetAddress Size(4)
  caqIpAceDestIp InetAddress Size(4)
  caqIpAceDestIpMask InetAddress Size(4)

caqIfConfigGroup 1.3.6.1.4.1.9.9.179.3.2.1
A collection of objects providing the Qos configuration information at each physical interface on the device.
OBJECT-GROUP    

caqIfAclConfigGroup 1.3.6.1.4.1.9.9.179.3.2.2
A collection of objects providing the ACL information on the device.
OBJECT-GROUP    

caqAclCpbGroup 1.3.6.1.4.1.9.9.179.3.2.3
A collection of objects providing the ACL information on the device.
OBJECT-GROUP    

caqIpAceGroup 1.3.6.1.4.1.9.9.179.3.2.4
A collection of objects providing the IP ACE information.
OBJECT-GROUP    

caqIpxAceGroup 1.3.6.1.4.1.9.9.179.3.2.5
A collection of objects providing the IPX ACE information.
OBJECT-GROUP    

caqMacAceGroup 1.3.6.1.4.1.9.9.179.3.2.6
A collection of objects providing the MAC ACE information.
OBJECT-GROUP    

caqActionGroup 1.3.6.1.4.1.9.9.179.3.2.7
A collection of objects providing the ACE action information.
OBJECT-GROUP    

caqPolicingGroup 1.3.6.1.4.1.9.9.179.3.2.8
A collection of objects providing the microflow and aggregate flow configuration.
OBJECT-GROUP    

caqQosExcessRateGroup 1.3.6.1.4.1.9.9.179.3.2.9
A collection of objects providing Qos information on excess rate.
OBJECT-GROUP    

caqQosMappingGroup 1.3.6.1.4.1.9.9.179.3.2.10
A collection of objects providing Qos mapping information.
OBJECT-GROUP    

caqQueueAssignmentGroup 1.3.6.1.4.1.9.9.179.3.2.11
A collection of objects providing the queue assignment information.
OBJECT-GROUP    

caqQueueGroup 1.3.6.1.4.1.9.9.179.3.2.12
A collection of objects providing the queue information.
OBJECT-GROUP    

caqQosBridgedFlowPolicerGroup 1.3.6.1.4.1.9.9.179.3.2.13
A collection of objects providing the information on bridged packet policing.
OBJECT-GROUP    

caqQosMacVlanGroup 1.3.6.1.4.1.9.9.179.3.2.14
A collection of objects providing the classification information based on Mac address and vlan.
OBJECT-GROUP    

caqQosStatsGroup 1.3.6.1.4.1.9.9.179.3.2.15
A collection of objects providing the QoS statistics information.
OBJECT-GROUP    

caqSecurityGroup 1.3.6.1.4.1.9.9.179.3.2.16
A collection of objects providing the security information.
OBJECT-GROUP    

caqFlowPolicingCpbGroup 1.3.6.1.4.1.9.9.179.3.2.17
A collection of object providing the flow policing capability information.
OBJECT-GROUP    

caqQosStatsGroup2 1.3.6.1.4.1.9.9.179.3.2.18
A collection of objects providing the QoS statistics information per aggregate policer.
OBJECT-GROUP    

caqSecurityPBFGroup 1.3.6.1.4.1.9.9.179.3.2.19
A collection of objects providing the PBF configuration and statistics information.
OBJECT-GROUP    

caqQosExcessBurstGroup 1.3.6.1.4.1.9.9.179.3.2.20
A collection of objects providing Qos information on excess burst size.
OBJECT-GROUP    

caqIfTrustDeviceGroup 1.3.6.1.4.1.9.9.179.3.2.21
A collection of objects providing the trusted device configuration and operational state.
OBJECT-GROUP    

caqLoggingGroup 1.3.6.1.4.1.9.9.179.3.2.22
A collection of objects providing the security logging configuration and statistics.
OBJECT-GROUP    

caqArpInspGroup 1.3.6.1.4.1.9.9.179.3.2.23
A collection of objects providing the ARP Inspection configuration and statistics.
OBJECT-GROUP    

caqSecurityRateLimitGroup 1.3.6.1.4.1.9.9.179.3.2.24
A collection of objects providing the security acl feature rate limit configuration state.
OBJECT-GROUP    

caqDscpMutationGroup 1.3.6.1.4.1.9.9.179.3.2.25
A collection of objects providing the DSCP mutation configuration information.
OBJECT-GROUP    

caqQosDefaultActionGroup 1.3.6.1.4.1.9.9.179.3.2.26
A collection of objects providing the default Qos action configuration on the device.
OBJECT-GROUP    

caqIfAclConfigGroup2 1.3.6.1.4.1.9.9.179.3.2.27
A collection of object providing the additional ACL attachment configuration on the device.
OBJECT-GROUP    

caqIpEspGroup 1.3.6.1.4.1.9.9.179.3.2.28
A collection of object providing the Ip ESP traffic matching configuration on the device.
OBJECT-GROUP    

caqDscpRewriteGroup 1.3.6.1.4.1.9.9.179.3.2.29
A collection of object providing the configuration of DSCP rewrite feature on the device.
OBJECT-GROUP    

caqAggPolicerOctetStatsGroup 1.3.6.1.4.1.9.9.179.3.2.30
A collection of objects providing the QoS statistics information per aggregate policer in unit of octet.
OBJECT-GROUP    

caqSecurityGroup2 1.3.6.1.4.1.9.9.179.3.2.31
A collection of objects providing the security information.
OBJECT-GROUP    

caqIfSecurityAclConfigGroup 1.3.6.1.4.1.9.9.179.3.2.32
A collection of objects providing the security ACL information on the device.
OBJECT-GROUP    

caqIpAceExtGroup 1.3.6.1.4.1.9.9.179.3.2.33
A collection of objects providing the source and destination group information to configure IP ACL on the device.
OBJECT-GROUP    

caqAclHitCountGroup 1.3.6.1.4.1.9.9.179.3.2.34
A collection of objects providing the ACL hit count configuration and statistics on the device.
OBJECT-GROUP    

caqMacAceExtGroup 1.3.6.1.4.1.9.9.179.3.2.35
A collection of objects providing addtional matching criteria such as the VLAN, Cos information to configure MAC ACE on the device.
OBJECT-GROUP    

caqMacPktClassifyVlanGroup 1.3.6.1.4.1.9.9.179.3.2.36
A collection of objects providing the VLAN configuration for MAC packet classify feature on the device.
OBJECT-GROUP    

caqAclFeatureGroup 1.3.6.1.4.1.9.9.179.3.2.37
A collection of object providing what feature related to ACL that the device is capable of.
OBJECT-GROUP    

caqPortAclHitCountGroup 1.3.6.1.4.1.9.9.179.3.2.38
A collection of object providing the set of physical ports where ACL hit count feature is enabled.
OBJECT-GROUP    

caqVlanAclHitCountGroup 1.3.6.1.4.1.9.9.179.3.2.39
A collection of objects providing the set of VLANs where ACL hit count feature is enabled.
OBJECT-GROUP    

caqQosL3StatsRateGroup 1.3.6.1.4.1.9.9.179.3.2.40
A collection of objects providing the five minute linearly-decayed moving average QoS statistics for Layer 3 traffic.
OBJECT-GROUP    

caqQosL3StatsPeakGroup 1.3.6.1.4.1.9.9.179.3.2.41
A collection of objects providing the peak rate QoS statistics over past five minute period for Layer 3 traffic.
OBJECT-GROUP    

caqAggPolicerOctetsRateGroup 1.3.6.1.4.1.9.9.179.3.2.42
A collection of objects providing the five minute linearly-decayed octets moving average rate per aggregate policer.
OBJECT-GROUP    

caqAggPolicerPacketsRateGroup 1.3.6.1.4.1.9.9.179.3.2.43
A collection of objects providing the five minute linearly-decayed packets moving average rate per aggregate policer.
OBJECT-GROUP    

caqAggPolicerOctetsPeakGroup 1.3.6.1.4.1.9.9.179.3.2.44
A collection of objects providing the peak rate of octets over past five minute period per aggregate policer.
OBJECT-GROUP    

caqAggPolicerPacketsPeakGroup 1.3.6.1.4.1.9.9.179.3.2.45
A collection of objects providing the peak rate of packets over past five minute period per aggregate policer.
OBJECT-GROUP    

caqQosPortRateGroup 1.3.6.1.4.1.9.9.179.3.2.46
A collection of object providing the five minute linearly-decayed packets drop rate per interface.
OBJECT-GROUP    

caqQosPortPeakGroup 1.3.6.1.4.1.9.9.179.3.2.47
A collection of object providing the peak rate of packets over past five minute period per interface.
OBJECT-GROUP    

caqSecurityActionDnldAceGroup 1.3.6.1.4.1.9.9.179.3.2.48
A collection of object providing feature type of downloaded ACE.
OBJECT-GROUP    

caqSecurityDownloadAclInfoGroup 1.3.6.1.4.1.9.9.179.3.2.49
A collection of object providing downloaded ACL information.
OBJECT-GROUP    

caqSecurityDownloadIpAceGroup 1.3.6.1.4.1.9.9.179.3.2.50
A collection of object providing download IP ACE information.
OBJECT-GROUP    

caqIfDownloadAclMapGroup 1.3.6.1.4.1.9.9.179.3.2.51
A collection of object providing mapping information of downloaded ACL to capable interface.
OBJECT-GROUP    

caqIfIpPhoneMapGroup 1.3.6.1.4.1.9.9.179.3.2.52
A collection of object providing mapping information of IP phone to capable interface where downloaded ACL is utilized.
OBJECT-GROUP    

caqIpAceTypeGroup 1.3.6.1.4.1.9.9.179.3.2.53
A collection of object providing the type of an Ip ACE.
OBJECT-GROUP    

caqIpOperClassifierGroup 1.3.6.1.4.1.9.9.179.3.2.54
A collection of objects provides the operational mapping of IP ACLs to each applicable interface.
OBJECT-GROUP    

caqDownloadClassifierGroup 1.3.6.1.4.1.9.9.179.3.2.55
A collection of objects provides the mapping of ACLs to each applicable interface downloaded by security features.
OBJECT-GROUP    

caqArpLoggingSourceGroup 1.3.6.1.4.1.9.9.179.3.2.56
A collection of objects provides the logging source of ARP flow.
OBJECT-GROUP