FDRY-ACL-MIB DEFINITIONS ::= BEGIN

IMPORTS
   MODULE-IDENTITY, OBJECT-TYPE,
					 Unsigned32 	FROM SNMPv2-SMI	   -- [RFC2578]
   TEXTUAL-CONVENTION, RowStatus,
   DisplayString, TruthValue		FROM SNMPv2-TC			-- [RFC2579]
   Ipv6Address						FROM IPV6-TC			-- [RFC2465]
   fdryAcl							FROM FOUNDRY-SN-ROOT-MIB -- [snroo101]
   FdryVlanIdOrNoneTC				FROM FOUNDRY-SN-SWITCH-GROUP-MIB  --[snswitchu]
   ;

fdryAclMIB MODULE-IDENTITY
    LAST-UPDATED "201006020000Z"  -- 04 June 2010
    ORGANIZATION "Brocade Communications Systems, Inc."
    CONTACT-INFO
             "Technical Support Center
              130 Holger Way,
              San Jose, CA  95134
              Email:  ipsupport@brocade.com
              Phone: 1-800-752-8061
              URL:  www.brocade.com"
    DESCRIPTION
		"The Brocade proprietary MIB module for Ipv6 Access Control List.
		 It has new tables for Ipv6 Access Control List.

              Copyright 1996-2010 Brocade Communications Systems, Inc.
              All rights reserved.
              This Brocade Communications Systems SNMP Management Information Base Specification
              embodies Brocade Communications Systems' confidential and proprietary
              intellectual property. Brocade Communications Systems retains all
              title and ownership in the Specification, including any revisions.

              This Specification is supplied AS IS, and Brocade Communications Systems makes
              no warranty, either express or implied, as to the use,
              operation, condition, or performance of the specification, and any unintended
              consequence it may on the user environment."

    REVISION        "201006020000Z"  -- 04 June 2010
    DESCRIPTION
        "Changed the ORGANIZATION, CONTACT-INFO and DESCRIPTION fields."

    REVISION	 "200802140000Z"  -- 14 February 2008
    DESCRIPTION  "Initial version"

   ::= { fdryAcl 1 }

--
-- Textual Conventions
--
RtrStatus ::= TEXTUAL-CONVENTION
	STATUS	  current
	DESCRIPTION
		"Represents a status value such as disabled or enabled."
	SYNTAX	INTEGER {
						disabled(0),
						enabled (1)
					}

Action ::= TEXTUAL-CONVENTION
	STATUS	  current
	DESCRIPTION
		"Represents a action value such as deny or permit."
	SYNTAX	INTEGER {
						deny(0),
						permit (1)
					}

Operator ::= TEXTUAL-CONVENTION
	STATUS	  current
	DESCRIPTION
		"Represents a operators value, such as equal, not-equal, lesser than,
		greater than, range and undefined."
	SYNTAX	INTEGER {
						eq(0),
						neq (1),
						lt (2),
						gt (3),
						range (4),
						undefined (7)
					}

IpProtocol ::= TEXTUAL-CONVENTION
	STATUS	  current
	DESCRIPTION
		"Represents a transport protocol value."
	SYNTAX	Unsigned32 (0..256)

--
-- Top level components of this MIB.
--

fdryIpv6Acl		OBJECT IDENTIFIER ::= { fdryAclMIB 1 }

--
-- Ipv6 Access Control List Table
--
fdryIpv6AclTable       OBJECT-TYPE
	SYNTAX  SEQUENCE OF FdryIpv6AclEntry
	MAX-ACCESS  not-accessible
	STATUS  current
	DESCRIPTION
		"Table of Ipv6 Access Control List filters"
	::= { fdryIpv6Acl 1 }

fdryIpv6AclEntry       OBJECT-TYPE
	SYNTAX  FdryIpv6AclEntry
	MAX-ACCESS  not-accessible
	STATUS  current
	DESCRIPTION
		"An entry in the Ipv6 Access Control List filter table."
	INDEX   { fdryIpv6AclIndex }
	::= { fdryIpv6AclTable 1 }

FdryIpv6AclEntry ::= SEQUENCE {
	fdryIpv6AclIndex
		Unsigned32,
	fdryIpv6AclName
		DisplayString,
	fdryIpv6AclAction
		Action,
	fdryIpv6AclProtocol
		IpProtocol,
	fdryIpv6AclSourceIp
		Ipv6Address,
	fdryIpv6AclSourcePrefixLen
		Unsigned32,
	fdryIpv6AclSourceOperator
		Operator,
	fdryIpv6AclSourceOperand1
		Unsigned32,
	fdryIpv6AclSourceOperand2
		Unsigned32,
	fdryIpv6AclDestinationIp
		Ipv6Address,
	fdryIpv6AclDestinationPrefixLen
		Unsigned32,
	fdryIpv6AclDestinationOperator
		Operator,
	fdryIpv6AclDestinationOperand1
		Unsigned32,
	fdryIpv6AclDestinationOperand2
		Unsigned32,
	fdryIpv6AclEstablished
		RtrStatus,
	fdryIpv6AclLogOption
		TruthValue,
	fdryIpv6AclComments
		DisplayString,
	fdryIpv6AclRowStatus
		RowStatus,
	fdryIpv6AclVlanId
		FdryVlanIdOrNoneTC,
	fdryIpv6AclClauseString
		DisplayString
	}

fdryIpv6AclIndex       OBJECT-TYPE
	SYNTAX  Unsigned32
	MAX-ACCESS  not-accessible
	STATUS  current
	DESCRIPTION
		"The access control list item number for an entry.
		This is a unique number that identifies different
		Access list entries. This one has to be
		unique even though the name is not unique
		for a give access list with same or different source
		address, prefix length, destination address and destination
		prefix length, protocol type, action (permit/deny) type and the
		operator (neq, eq, gt and , lt)."
	::= { fdryIpv6AclEntry 1 }

fdryIpv6AclName		OBJECT-TYPE
	SYNTAX  DisplayString (SIZE (0..199))
	MAX-ACCESS  read-create
	STATUS  current
	DESCRIPTION
		"Access Control List name for an entry.
		This object is not writable on NI platforms."
	::= { fdryIpv6AclEntry 2 }

fdryIpv6AclAction      OBJECT-TYPE
	SYNTAX  Action
	MAX-ACCESS  read-create
	STATUS  current
	DESCRIPTION
		"Action to take if the ip packet matches
		with this access control list."
	::= { fdryIpv6AclEntry 3 }

fdryIpv6AclProtocol    OBJECT-TYPE
	SYNTAX  IpProtocol
	MAX-ACCESS  read-create
	STATUS  current
	DESCRIPTION
		"Transport protocols. 0 means any protocol."
	::= { fdryIpv6AclEntry 4 }

fdryIpv6AclSourceIp    OBJECT-TYPE
	SYNTAX  Ipv6Address
	MAX-ACCESS  read-create
	STATUS  current
	DESCRIPTION
		"Source Ipv6 address."
	::= { fdryIpv6AclEntry 5 }

fdryIpv6AclSourcePrefixLen  OBJECT-TYPE
	SYNTAX  Unsigned32
	MAX-ACCESS  read-create
	STATUS  current
	DESCRIPTION
		"Source IPv6 address prefix length."
    DEFVAL  {64}
 	::= { fdryIpv6AclEntry 6 }

fdryIpv6AclSourceOperator    OBJECT-TYPE
	SYNTAX  Operator
	MAX-ACCESS  read-create
	STATUS  current
	DESCRIPTION
		"Type of comparison to perform.
		for now, this only applys to tcp or udp
		to compare the port number"
	::= { fdryIpv6AclEntry 7 }

fdryIpv6AclSourceOperand1     OBJECT-TYPE
	SYNTAX  Unsigned32(0..65535)
	MAX-ACCESS  read-create
	STATUS  current
	DESCRIPTION
		"For now this only refers to transport
		protocol port number."
	::= { fdryIpv6AclEntry 8 }

fdryIpv6AclSourceOperand2     OBJECT-TYPE
	SYNTAX  Unsigned32(0..65535)
	MAX-ACCESS  read-create
	STATUS  current
	DESCRIPTION
		"For now this only refers to transport
		protocol port number."
	::= { fdryIpv6AclEntry 9 }

fdryIpv6AclDestinationIp      OBJECT-TYPE
	SYNTAX  Ipv6Address
	MAX-ACCESS  read-create
	STATUS  current
	DESCRIPTION
		"Destination Ipv6 address."
	::= { fdryIpv6AclEntry 10 }

fdryIpv6AclDestinationPrefixLen    OBJECT-TYPE
	SYNTAX  Unsigned32
	MAX-ACCESS  read-create
	STATUS  current
	DESCRIPTION
		"Destination IPv6 address prefix length."

    DEFVAL  {64}
 	::= { fdryIpv6AclEntry 11 }

fdryIpv6AclDestinationOperator    OBJECT-TYPE
	SYNTAX  Operator
	MAX-ACCESS  read-create
	STATUS  current
	DESCRIPTION
		"Type of comparison to perform.
		for now, this only applys to tcp or udp
		to compare the port number"
	::= { fdryIpv6AclEntry 12 }

fdryIpv6AclDestinationOperand1     OBJECT-TYPE
	SYNTAX  Unsigned32(0..65535)
	MAX-ACCESS  read-create
	STATUS  current
	DESCRIPTION
		"For now this only refers to transport
		protocol port number."
	::= { fdryIpv6AclEntry 13 }

fdryIpv6AclDestinationOperand2     OBJECT-TYPE
	SYNTAX  Unsigned32(0..65535)
	MAX-ACCESS  read-create
	STATUS  current
	DESCRIPTION
		"For now this only refers to transport
		protocol port number."
	::= { fdryIpv6AclEntry 14 }

fdryIpv6AclEstablished OBJECT-TYPE
	SYNTAX  RtrStatus
	MAX-ACCESS  read-create
	STATUS  current
	DESCRIPTION
		"Enable/Disable the filtering of established TCP
		packets of which the ACK or RESET flag is on. This
		additional filter only applies to TCP transport
		protocol."
	::= { fdryIpv6AclEntry 15 }

fdryIpv6AclLogOption OBJECT-TYPE
	SYNTAX  TruthValue
	MAX-ACCESS  read-create
	STATUS  current
	DESCRIPTION
		"Log flag, should be set to one to enable logging"
	::= { fdryIpv6AclEntry 16 }

fdryIpv6AclComments   OBJECT-TYPE
	SYNTAX  DisplayString (SIZE (0..255))
	MAX-ACCESS  read-create
	STATUS  current
	DESCRIPTION
		"Remark description of individual Access Control List entry."
	::= { fdryIpv6AclEntry 17 }

fdryIpv6AclRowStatus   OBJECT-TYPE
	SYNTAX	RowStatus
	MAX-ACCESS	read-create
	STATUS	current
	DESCRIPTION
			"To create or delete a access list
			entry."
		::= { fdryIpv6AclEntry 18 }

fdryIpv6AclVlanId   OBJECT-TYPE
	SYNTAX	FdryVlanIdOrNoneTC
	MAX-ACCESS	read-create
	STATUS	current
	DESCRIPTION
		"Optional VLAN ID to match against that of the incoming packet.
		By default, the VLAN ID field is ignored during the match. In this case,
		value 0 is returned."
	DEFVAL  { 0 }
		::= { fdryIpv6AclEntry 19 }

fdryIpv6AclClauseString   OBJECT-TYPE
	SYNTAX	DisplayString
	MAX-ACCESS	read-only
	STATUS	current
	DESCRIPTION
		"Returns the equivalent filter clause string."
		::= { fdryIpv6AclEntry 20 }


brcdIpv6AccessListTable	OBJECT-TYPE
	SYNTAX			SEQUENCE OF BrcdIpv6AccessListEntry
	MAX-ACCESS		not-accessible
	STATUS			current
	DESCRIPTION
		"Table of Ipv6 Access Control List.  This table only supports
		IPv6 ACLs with name length less than or equal to 110 characters
		SNMP walk operation will skip the entries if the IPv6 ACL name is
		greater than 110 characters."
	::= { fdryIpv6Acl 2 }

brcdIpv6AccessListEntry		OBJECT-TYPE
	SYNTAX			BrcdIpv6AccessListEntry
	MAX-ACCESS		not-accessible
	STATUS			current
	DESCRIPTION
		"An entry in the Ipv6 Access Control List table."
	INDEX   { IMPLIED brcdIpv6AccessListName }
	::= { brcdIpv6AccessListTable 1 }

BrcdIpv6AccessListEntry ::= SEQUENCE {
	brcdIpv6AccessListName
		DisplayString,
	brcdIpv6AccessListNextIndex
		Unsigned32,
	brcdIpv6AccessListRowStatus
		RowStatus
	}

brcdIpv6AccessListName	OBJECT-TYPE
	SYNTAX			DisplayString (SIZE (1..110))
	MAX-ACCESS		not-accessible
	STATUS			current
	DESCRIPTION
		"Name of the IPv6 Access Control List.  From SNMP the length
		of the IPv6 ACL name is restricted to 110 characters although
		from CLI it can be 200 characters, due to SNMP restriction on 
		sub OID length to be 128 for Index objects.  SNMP get/getnext
		will skip the IPv6 ACLs with more than 110 characters in it.
		SNMP set request will be rejected if the IPv6 ACL name length
		is more than 110 characters."
	::= { brcdIpv6AccessListEntry 1 }

brcdIpv6AccessListNextIndex	OBJECT-TYPE
	SYNTAX			Unsigned32
	MAX-ACCESS		read-only
	STATUS			current
	DESCRIPTION
		"When read provides the encoded Index - combination of IPv6 ACL id and 
		next available filter id - which can be used as index while creating 
		access list filter entry in the fdryIpv6AclTable."
	::= { brcdIpv6AccessListEntry 2 }

brcdIpv6AccessListRowStatus	OBJECT-TYPE
	SYNTAX			RowStatus
	MAX-ACCESS		read-create
	STATUS			current
	DESCRIPTION
		"To create or delete a Ipv6 access list entry. The supported values are 
		createAndGo(4) to create an entry in this table and destroy(6) to delete 
		an entry from this table.  Value of active(1) will be always returned for 
		SNMP Get/GetNext operations."
	::= { brcdIpv6AccessListEntry 3 }

END
