-- -----------------------------------------------------------------------------
-- MIB NAME : Access Control List(ACL) Common mib
-- FILE NAME: ACL.mib
-- DATE     : 2010/12/21
-- VERSION  : 2.15
-- PURPOSE  : To construct the MIB structure of Access Control List
--            for proprietary enterprise
-- -----------------------------------------------------------------------------
-- MODIFICTION HISTORY:
-- -----------------------------------------------------------------------------
-- Version, Date, Author
-- Description:
--  [New Object]
--  [Modification]
-- Notes: (Requested by who and which project)
--
-- Version 2.15, 2010/12/21, Marco Visaya
-- Description
-- 1. remove value range of swACLPktContMaskOption2OffsetsValue
-- Requested by Marco Visaya for project DES3200
--
-- Version 2.14, 2009/03/18, Marco Visaya
-- Description
-- 1. add swACLPktContMaskOption2
-- 2. add swACLPktContRuleOption2
-- 3. add swACLEthernetVlanMask
-- 4. add swACLIpVlanMask
-- Requested by Marco Visaya for project DES3200
--
-- Version 2.13, 2009/01/05, Oran Tang
-- Description:
-- 1.add swACLEtherRuleMatchVID in swACLEtherRuleTable
-- 2.add swACLIpRuleMatchVID in swACLIpRuleTable
-- 3.add swCpuAclEtherRuleMatchVID in swCpuAclEtherRuleTable
-- 4.add swCpuAclIpRuleMatchVID in swCpuAclIpRuleTable
--   for config the VLAN-ID which has the access rule.
-- 5.modify the description of swACLEtherRuleVlan
-- 6.modify the description of swACLEtherRuleVID
-- 7.modify the description of swACLIpRuleVlan
-- 8.modify the description of swACLIpRuleVID
-- 9.modify the description of swCpuAclEtherRuleVlan
-- 10.modify the description of swCpuAclIpRuleVlan
-- Requested by Oran Tang for project DGS3700.
--
-- Revision 2.12 2008/12/26 by Ronald Hsu, Yedda Liao
-- Description:
-- 1.Add 'arp-spoofing(11)' and 'bpdu-tunnel(12)' in the value list of objects swACLEthernetOwner,
--   swACLIpOwner, swACLPktContMaskOwner, swACLIpv6MaskOwner, swACLEtherRuleOwner, swACLIpRuleOwner,
--   swACLPktContRuleOwner and swACLIpv6RuleOwner.
--   For arp spoofing and bpdu tunnel function, we need to add the two types of the owner on these objects. 
-- 2.Add 'pppoe(10)','arp-spoofing(11)' and 'bpdu-tunnel(12)' in the value list of objects
--   swACLPktContMaskOptionOwner,swACLPktContRuleOptionOwner.
--   For PPPoE circuit ID insertion, ARP spoofing and BPDU tunnel functions, we need to add the three types 
--   of the owner on these objects. 
--
-- Revision 2.11 2008/11/21 by Ronald Hsu
-- 1.Add 'set-drop-precedence(5)' in the value list of object swACLEtherRulePermit,
--   swACLIpRulePermit, swACLPktContRulePermit, swACLIpv6RulePermit.
--
-- Revision 2.10 2008/10/16 by Ronald Hsu
-- Description:
-- 1.Add pppoe(10) in the value list of objects swACLEthernetOwner, swACLIpOwner, swACLPktContMaskOwner,
-- swACLIpv6MaskOwner, swACLEtherRuleOwner, swACLIpRuleOwner, swACLPktContRuleOwner and swACLIpv6RuleOwner.
-- Requested by project DES3500.
--
-- Version 2.09, 2008/05/05, Bonnnie
-- Description:
-- 1.add ismvlan(8) and dhcp-relay(9) in the value list of objects swACLEthernetOwner,swACLIpOwner,swACLPktContMaskOwner,
-- swACLIpv6MaskOwner, swACLPktContMaskOptionOwner,swACLEtherRuleOwner,swACLIpRuleOwner,swACLPktContRuleOwner,
-- swACLIpv6RuleOwner and swACLPktContRuleOptionOwner.
-- Requested by Bonnnie cheng for project DHS3628.
--
-- Version 2.08, 2008/04/18, Marco
-- Description:
-- [New Object]
-- [Modification]
-- 1. change range of the ff nodes to include case node is not active:
--      swACLEtherRule8021P
--      swACLIpRuleDscp
--      swAclIpRuleType
--      swAclIpRuleCode
--      swACLIpRuleSrcPort
--      swACLIpRuleDstPort
--      swACLIpRuleProtoID
--      swCpuAclEtherRule8021P
--      swCpuAclIpRuleDscp
--      swCpuAclIpRuleType
--      swCpuAclIpRuleCode
--      swCpuAclIpRuleSrcPort
--      swCpuAclIpRuleDstPort
--      swCpuAclIpRuleProtoID
-- removed *replaceprioritywith objects
-- Requested by Marco Visaya for project DES30XXP.
--
-- Version 2.07, 2008/04/11, Marco
-- Description:
-- [New Object]
-- 1. Added swACLEtherRuleReplacePriorityWith
-- 2. Added swACLIPRuleReplacePriorityWith
-- [Modification]
-- 1. Remove the range of xxxProfileID, and xxxRxRate. The maximum value of the objects depend on the device.
-- Requested by Marco Visaya for project DES30XXP.
--
--
-- Version 2.06, 2008/04/02, Kelvin
-- Description:
-- [New Object]
-- 1.add objects swACLIpv6MaskUseProtoType, swACLIpv6MaskTcpOption, swACLIpv6MaskUdpOption
-- swACLIpv6MaskTCPorUDPSrcPortMask, swACLIpv6MaskTCPorUDPDstPortMask in swACLIpv6MaskTable.
-- 2.add objects swACLIpv6RuleProtocol, swACLIpv6RuleSrcPort, swACLIpv6RuleDstPort in swACLIpv6RuleTable.
-- Requested by Kelvin Tao for project DGS3700.
--
-- Version 2.05, 2008/02/20, Kelvin
-- Description:
-- [New Object]
-- 1.add objects swACLEtherRuleVID in swACLEtherRuleTable.
-- 2.add objects swACLIpRuleVID in swACLIpRuleTable.
-- 3.add objects swACLPktContRuleVID in swACLPktContRuleTable.
-- 4.add objects swACLIpv6RuleVID in swACLIpv6RuleTable.
-- 5.add objects swACLPktContRuleOptionVID in swACLPktContRuleOptionTable.
-- Requested by Kelvin Tao for project DGS3700.
--
-- Version 2.04, 2008/01/15, Yan
-- Description:
-- [New Object]
-- 1.add objects swACLEtherRuleEnableReplaceTosPrecedence, swACLEtherRuleRepTosPrecedence in swACLEtherRuleTable.
-- 2.add objects swACLIpRuleEnableReplaceTosPrecedence, swACLIpRuleRepTosPrecedence in swACLIpRuleTable.
-- 3.add objects swACLPktContRuleEnableReplaceTosPrecedence, swACLPktContRuleRepTosPrecedence in swACLPktContRuleTable.
-- 4.add objects swACLIpv6RuleEnableReplaceDscp, swACLIpv6RuleRepDscp, swACLIpv6RuleEnableReplaceTosPrecedence and
-- swACLIpv6RuleRepTosPrecedence in swACLIpv6RuleTable.
-- 5.add objects swACLPktContRuleOptionEnableReplaceTosPrecedence, swACLPktContRuleOptionRepTosPrecedence in
-- swACLPktContRuleOptionTable.
-- Requested by Yan Zhang for project DES35XX.
--
-- Version 2.03, 2007/12/27 by Ronald Hsu
-- 1.Add 'lease-renew(4)' in the value list of object swACLPktContRulePermit.
-- Requested by Ronald Hsu for project DES3828R4.
--
-- Version 2.02, 2007/12/18, Jenny
-- Description:
-- [New Object]
-- 1.add object swACLPktContMaskOptionProfileName in swACLPktContMaskOptionTable.
-- 2.add object swACLIpv6MaskProfileName in swACLIpv6MaskTable.
-- 3.add object swACLIpProfileName in swACLIpTable.
-- 4.add object swACLEthernetProfileName in swACLEthernetTable.
-- 5.add object swACLPktContMaskProfileName in swACLPktContMaskTable.
-- Requested by Jenny for project DES35XX.
--
-- Version 2.01, 2007/05/15, Yan
-- Description:
-- [Modification]
-- 1. add Value List remark-dscp(4) of object swAclMeterActionForRateExceed, change the access
-- of objects swAclMeterRate and swAclMeterActionForRateExceed from read-write to read-create for CLI.
-- 2. change the access of object swACLIpRuleProtocol from read-only to read-write for supporting
-- the new chip of project DGS3600R2.
-- [New Object]
-- 1. add objects swACLIpSrcMacAddrMask, swACLIpRuleSrcMacAddress for supporting the lab-out project DGS3400R2.
-- 2. add tables swACLCounterTable, swACLPktContMaskOptionTable and swACLPktContRuleOptionTable for CLI.
-- 3. add read-only objects swACLTotalUsedRuleEntries, swACLTotalUnusedRuleEntries, swACLEthernetUnusedRuleEntries,
-- swACLIpUnusedRuleEntries, swACLPktContMaskUnusedRuleEntries, swACLIpv6MaskUnusedRuleEntries for CLI.
-- 4. add objects swCpuAclEtherRuleEtherPort, swCpuAclIpRulePort, swCpuAclPktContRulePort, swCpuAclIpv6RulePort for CLI.
-- 5. add object swCpuACLMaskDelAllState for supporting the lab-out project DGS3400R2.
-- 6. add objects swAclMeterRemarkDscp, swAclMeterBurstSize, swAclMeterMode, swAclMeterTrtcmCir, swAclMeterTrtcmCbs,
-- swAclMeterTrtcmPir, swAclMeterTrtcmPbs, swAclMeterTrtcmColorMode, swAclMeterTrtcmConformState, swAclMeterTrtcmConformReplaceDscp,
-- swAclMeterTrtcmConformCounterState, swAclMeterTrtcmExceedState, swAclMeterTrtcmExceedReplaceDscp, swAclMeterTrtcmExceedCounterState,
-- swAclMeterTrtcmViolateState, swAclMeterTrtcmViolateReplaceDscp, swAclMeterTrtcmViolateCounterState, swAclMeterSrtcmCir,
-- swAclMeterSrtcmCbs, swAclMeterSrtcmEbs, swAclMeterSrtcmColorMode, swAclMeterSrtcmConformState, swAclMeterSrtcmConformReplaceDscp,
-- swAclMeterSrtcmConformCounterState, swAclMeterSrtcmExceedState, swAclMeterSrtcmExceedReplaceDscp, swAclMeterSrtcmExceedCounterState,
-- swAclMeterSrtcmViolateState, swAclMeterSrtcmViolateReplaceDscp, swAclMeterSrtcmViolateCounterState, swAclMeterRowStatus for CLI.
-- 7. add objects swACLEtherRuleRxRate, swACLIpRuleRxRate, swACLPktContRuleRxRate, swACLIpv6RuleRxRate for supporting
-- the older CLI Command, and these objects could be used for some projects.
-- 8. add swIBPACLEthernetTable, swIBPACLIpTable, swIBPACLEtherRuleTable, swIBPACLIpRuleTable for keeping the OID
-- of lab-out project DGS3400R2, but these objects can not be used for other project, so the status is obsolete.
-- Requested by Yan for DGS3600R2.
--
-- Version 2.00, 2007/03/27, Yedda
-- This is the first formal version for universal MIB definition.
-- -----------------------------------------------------------------------------

ACLMGMT-MIB DEFINITIONS ::= BEGIN

    IMPORTS
        Counter32,Counter64,TimeTicks,NOTIFICATION-TYPE,
        MODULE-IDENTITY,OBJECT-TYPE,IpAddress, Unsigned32
                                        FROM SNMPv2-SMI
        MacAddress, RowStatus           FROM SNMPv2-TC
        DisplayString                   FROM RFC1213-MIB
        SnmpAdminString                                 FROM SNMP-FRAMEWORK-MIB
        dlink-common-mgmt                               FROM DLINK-ID-REC-MIB;

    swAclMgmtMIB MODULE-IDENTITY
            LAST-UPDATED "0903180000Z"
            ORGANIZATION "D-Link Corp."
            CONTACT-INFO
                "http://support.dlink.com"
            DESCRIPTION
                    "The structure of Access Control List information for the
                    proprietary enterprise."
        ::= { dlink-common-mgmt 9 }

    PortList                ::= OCTET STRING(SIZE (0..127))

    swAclCtrl                    OBJECT IDENTIFIER ::= { swAclMgmtMIB 1 }
    swAclMaskMgmt                OBJECT IDENTIFIER ::= { swAclMgmtMIB 2 }
    swAclRuleMgmt                OBJECT IDENTIFIER ::= { swAclMgmtMIB 3 }
    swCpuAclMaskMgmt             OBJECT IDENTIFIER ::= { swAclMgmtMIB 4 }
    swCpuAclRuleMgmt             OBJECT IDENTIFIER ::= { swAclMgmtMIB 5 }
    swAclMeteringMgmt            OBJECT IDENTIFIER ::= { swAclMgmtMIB 6 }
    
-- -----------------------------------------------------------------------------
-- Textual Conventions
-- -----------------------------------------------------------------------------
-- This definition may be excluded if IPv6 Supported
Ipv6Address ::= TEXTUAL-CONVENTION
        DISPLAY-HINT "2x:"
        STATUS       current
        DESCRIPTION
                "This data type is used to model IPv6 addresses.
                This is a binary string of 16 octets in network
                byte-order."
        SYNTAX       OCTET STRING (SIZE (16))

-- -----------------------------------------------------------------------------
-- swAclCtrl
-- -----------------------------------------------------------------------------
    swCpuInterfacefilterState OBJECT-TYPE
        SYNTAX INTEGER{
                enable(1),
                disable(2)
        }
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Enable or disable CPU Interface Filtering (also called Software ACL).
             The default is disabled. If enabled, the filtering entries in the
             swAclRuleMgmt tables will be set to active if its RuleSwAclState is
             enabled. If disabled, the software ACL function will be disabled."
        ::={ swAclCtrl 1}

    swACLTotalUsedRuleEntries OBJECT-TYPE
        SYNTAX INTEGER
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of used ACL rule entries."
        ::={ swAclCtrl 2}

    swACLTotalUnusedRuleEntries OBJECT-TYPE
        SYNTAX INTEGER
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of unused ACL rule entries."
        ::={ swAclCtrl 3}

-- -----------------------------------------------------------------------------
-- swACLEthernetTable
-- -----------------------------------------------------------------------------
    swACLEthernetTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwACLEthernetEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains ACL mask Ethernet information.
             The access profile will be created on the switch to define which
             part of each incoming frame's layer 2 header will be examined
             by the switch. Masks entered will be combined with the
             values the switch finds in the specified frame header fields."
        ::= { swAclMaskMgmt 1 }

    swACLEthernetEntry OBJECT-TYPE
        SYNTAX  SwACLEthernetEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about the ACL for Ethernet."
        INDEX  { swACLEthernetProfileID }
        ::= { swACLEthernetTable 1 }

    SwACLEthernetEntry ::=
        SEQUENCE {
            swACLEthernetProfileID
                INTEGER,
--            swACLEthernetPort
--                PortList,
            swACLEthernetUsevlan
                INTEGER,
            swACLEthernetMacAddrMaskState
                INTEGER,
            swACLEthernetSrcMacAddrMask
                MacAddress,
            swACLEthernetDstMacAddrMask
                MacAddress,
            swACLEthernetUse8021p
                INTEGER,
            swACLEthernetUseEthernetType
                INTEGER,
            swACLEthernetRowStatus
                RowStatus,
            swACLEthernetOwner
                INTEGER,
            swACLEthernetUnusedRuleEntries
                INTEGER,
            swACLEthernetProfileName
                DisplayString,
            swACLEthernetVlanMask
            	OCTET STRING
        }

    swACLEthernetProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only   --read-create
        STATUS  current
        DESCRIPTION
            "The ID of the ACL mask entry unique to the mask list. The maximum value of this object depends on the device."
        ::= { swACLEthernetEntry 1 }

--    swACLEthernetPort OBJECT-TYPE
--        SYNTAX  PortList
--        MAX-ACCESS  read-create
--        STATUS  current
--        DESCRIPTION
--            "This object indicates which port(s) should be filtered."
--        ::= { swACLEthernetEntry 2 }

    swACLEthernetUsevlan OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the switch will examine the VLAN part of each packet header."
        ::= { swACLEthernetEntry 2 }

    swACLEthernetMacAddrMaskState OBJECT-TYPE
                SYNTAX  INTEGER {
               other(1),
               dst-mac-addr(2),
               src-mac-addr(3),
               dst-src-mac-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of the MAC address mask.
                other (1) - Neither source MAC address nor destination MAC address are masked.
                dst-mac-addr (2) - Destination MAC addresses within received frames are
                    to be filtered when matched with the MAC address entry for the table.
                src-mac-addr (3) - Source MAC addresses within received frames are to
                    be filtered when matched with the MAC address entry for the table.
                dst-src-mac-addr (4) - Source or destination MAC addresses within received
                    frames are to be filtered when matched with the MAC address entry of the table."
        ::= { swACLEthernetEntry 3 }

    swACLEthernetSrcMacAddrMask OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object specifies the MAC address mask for the source MAC address."
        ::= { swACLEthernetEntry 4 }

    swACLEthernetDstMacAddrMask OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object specifies the MAC address mask for the destination MAC address."
        ::= { swACLEthernetEntry 5 }

    swACLEthernetUse8021p OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will examine the 802.1p priority value in the frame's header
              or not."
        ::= { swACLEthernetEntry 6 }

    swACLEthernetUseEthernetType OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will examine the Ethernet type value in each frame's header
              or not."
        ::= { swACLEthernetEntry 7 }

    swACLEthernetRowStatus OBJECT-TYPE --swACLEthernetState
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swACLEthernetEntry 8 }

    swACLEthernetOwner OBJECT-TYPE
        SYNTAX  INTEGER {
               any(1),
               acl(2),
               ipbind(3),
               other(4),
               dhcp(5),
               netbios(6),
               ext-netbios(7),
               ismvlan(8),
               dhcp-relay(9),
               pppoe(10),
               arp-spoofing(11),
               bpdu-tunnel(12)
               }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The owner of the ACL mask entry. The type of ACL entry created. ACL type
             entries can only be modified when being configured through the same
             type command. For example IP-MAC Binding entries can only be modified
             or deleted through the IP-MAC Binding configurations or commands."
        ::= { swACLEthernetEntry 9 }

    swACLEthernetUnusedRuleEntries OBJECT-TYPE
        SYNTAX INTEGER
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The number of unused rule entries  of this Ethernet profile entry."
        ::={ swACLEthernetEntry 10}

    swACLEthernetProfileName OBJECT-TYPE
        SYNTAX DisplayString(SIZE(1..32))
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "The name of the ACL mask entry unique to the mask list."
        ::= { swACLEthernetEntry 11 }
        
    swACLEthernetVlanMask OBJECT-TYPE
        SYNTAX OCTET STRING(SIZE(2))
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "The mask used for the VLAN ID.
             Valid values are from 0x0000 to 0x0FFF.
             Default value is 0x0FFF
            "
        ::= { swACLEthernetEntry 12 }        

-- -----------------------------------------------------------------------------
-- swACLIpTable
-- -----------------------------------------------------------------------------
    swACLIpTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwACLIpEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains the ACL mask for IP information.
             Access profiles will be created on the switch to define which
             part of the incoming frame's IP layer packet header will be
             examined by the switch. Masks entered will be combined
             with the values the switch finds in the specified frame
             header fields."
        ::= { swAclMaskMgmt 2 }

    swACLIpEntry OBJECT-TYPE
        SYNTAX  SwACLIpEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about the ACL of the IP Layer."
        INDEX  { swACLIpProfileID }
        ::= { swACLIpTable 1 }

    SwACLIpEntry ::=
        SEQUENCE {
            swACLIpProfileID
                INTEGER,
--            swACLIpPort
--                PortList,
            swACLIpUsevlan
                INTEGER,
            swACLIpIpAddrMaskState
                INTEGER,
            swACLIpSrcIpAddrMask
                IpAddress,
            swACLIpDstIpAddrMask
                IpAddress,
            swACLIpUseDSCP
                INTEGER,
            swACLIpUseProtoType
                INTEGER,
            swACLIpIcmpOption
                INTEGER,
            swACLIpIgmpOption
                INTEGER,
            swACLIpTcpOption
                INTEGER,
            swACLIpUdpOption
                INTEGER,
            swACLIpTCPorUDPSrcPortMask
                OCTET STRING,
            swACLIpTCPorUDPDstPortMask
                OCTET STRING,
            swACLIpTCPFlagBit
                INTEGER,
            swACLIpTCPFlagBitMask
                INTEGER,
            swACLIpProtoIDOption
                INTEGER,
            swACLIpProtoID
                INTEGER,
            swACLIpProtoIDMask
                OCTET STRING,
            swACLIpRowStatus
                RowStatus,
            swACLIpOwner
                INTEGER,
            swACLIpSrcMacAddrMask
                MacAddress,
            swACLIpUnusedRuleEntries
                INTEGER,
            swACLIpProfileName
                DisplayString,
            swACLIpVlanMask
                OCTET STRING
        }
    swACLIpProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
        ::= { swACLIpEntry 1 }

--    swACLIpPort OBJECT-TYPE
--        SYNTAX  PortList
--        MAX-ACCESS  read-create
--        STATUS  current
--        DESCRIPTION
--            "This object indicates which port(s) should be filtered."
--        ::= { swACLIpEntry 2 }

    swACLIpUsevlan OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates if the IP layer VLAN part is examined or not."
        ::= { swACLIpEntry 2 }

    swACLIpIpAddrMaskState OBJECT-TYPE
                SYNTAX  INTEGER {
               other(1),
               dst-ip-addr(2),
               src-ip-addr(3),
               dst-src-ip-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of IP address mask.

             other (1) - Neither source IP address nor destination IP address are
                masked.
             dst-ip-addr (2) - Destination IP addresses within received frames
                are to be filtered when matched with the IP address entry of the table.
             src-ip-addr (3) - Source IP addresses within received frames are
                to be filtered when matched with the IP address entry of the table.
             dst-src-ip-addr (4) - Destination or source IP addresses within received
                frames are to be filtered when matched with the IP address entry of the
                table."
        ::= { swACLIpEntry 3 }

    swACLIpSrcIpAddrMask OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object specifies the IP address mask for the source IP address."
        ::= { swACLIpEntry 4 }

    swACLIpDstIpAddrMask OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object specifies the IP address mask for the destination IP address."
        ::= { swACLIpEntry 5 }

    swACLIpUseDSCP OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates if the DSCP protocol in the packet header
             is to be examined or not."
        ::= { swACLIpEntry 6 }

    swACLIpUseProtoType OBJECT-TYPE
        SYNTAX  INTEGER {
               none(1),
               icmp(2),
               igmp(3),
               tcp(4),
               udp(5),
               protocolId(6)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "That object indicates which protocol will be examined."
        ::= { swACLIpEntry 7 }

    swACLIpIcmpOption OBJECT-TYPE
        SYNTAX  INTEGER {
               none(1),
               type(2),
               code(3),
               type-code(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates which fields are defined for ICMP.
             none (1)- Both fields are null.
             type (2)- Type field identified.
             code (3)- Code field identified.
             type-code (4)- Both ICMP fields identified.
            "
        ::= { swACLIpEntry 8 }

    swACLIpIgmpOption OBJECT-TYPE
        SYNTAX  INTEGER {
               enable(1),
               disable(2)
              }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Indicates if the IGMP options field is identified or not."
        ::= { swACLIpEntry 9 }

    swACLIpTcpOption OBJECT-TYPE
        SYNTAX  INTEGER {
               other(1),
               dst-addr(2),
               src-addr(3),
               dst-src-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of the filtered address of TCP.

             other (1) - Neither source port nor destination port are
                masked.
             dst-addr (2) - Packets will be filtered if this destination port
                is identified in received frames.
             src-addr (3) - Packets will be filtered if this source port is
                identified in received frames.
             dst-src-addr (4) - Packets will be filtered if this destination
                or source port is identified in received frames."
        ::= { swACLIpEntry 10 }

    swACLIpUdpOption OBJECT-TYPE
        SYNTAX  INTEGER {
               other(1),
               dst-addr(2),
               src-addr(3),
               dst-src-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of the filtered address of UDP .

             other (1) - Neither source port nor destination port are
                masked.
             dst-addr (2) - Packets will be filtered if this destination port
                is identified in received frames.
             src-addr (3) - Packets will be filtered if this source port is
                identified in received frames.
             dst-src-addr (4) - Packets will be filtered if this destination
                or source port is identified in received frames."

        ::= { swACLIpEntry 11 }

    swACLIpTCPorUDPSrcPortMask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(2))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a TCP port mask for the source port if swACLIpUseProtoType is TCP
             Specifies a UDP port mask for the source port if swACLIpUseProtoType is UDP.
             "
        ::= { swACLIpEntry 12 }

    swACLIpTCPorUDPDstPortMask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(2))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a TCP port mask for the destination port if swACLIpUseProtoType is TCP
             Specifies a UDP port mask for the destination port if swACLIpUseProtoType is UDP."
        ::= { swACLIpEntry 13 }

    swACLIpTCPFlagBit OBJECT-TYPE
                SYNTAX  INTEGER {
               enable(1),
               disable(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a TCP connection flag mask."
        ::= { swACLIpEntry 14 }

    swACLIpTCPFlagBitMask OBJECT-TYPE
        SYNTAX  INTEGER(0..63)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "A value which indicates the set of TCP flags that this
             entity may potentially offer. The value is a sum of flag bits.
             This sum initially takes the value zero. Then, for each flag, L,
             is added in the range 1 through 6, for which this node performs
             transactions where 2^(L-1) is added to the sum.
             Note that values should be calculated accordingly:

                 Flag      functionality
                   6        urg bit
                   5        ack bit
                   4        psh bit
                   3        rst bit
                   2        syn bit
                   1        fin bit
             For example, if you want to enable urg bit and ack bit, you
             should set value 48{2^(5-1) + 2^(6-1)}."
        ::= { swACLIpEntry 15 }

    swACLIpProtoIDOption OBJECT-TYPE
        SYNTAX  INTEGER {
               enable(1),
               disable(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will examine each frame's protocol ID field or not."
        ::= { swACLIpEntry 16 }

    swACLIpProtoID OBJECT-TYPE
        SYNTAX  INTEGER(0..255)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the IP protocol ID behind the IP header."
        ::= { swACLIpEntry 17 }

    swACLIpProtoIDMask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(20))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the IP protocol ID and the mask options
             behind the IP header."
        ::= { swACLIpEntry 18 }

    swACLIpRowStatus OBJECT-TYPE
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swACLIpEntry 19 }

    swACLIpOwner OBJECT-TYPE
        SYNTAX  INTEGER {
               any(1),
               acl(2),
               ipbind(3),
               other(4),
               dhcp(5),
               netbios(6),
               ext-netbios(7),
               ismvlan(8),
               dhcp-relay(9),
               pppoe(10),
               arp-spoofing(11),
               bpdu-tunnel(12)
               }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The owner of the ACL mask entry. The type of ACL entry created. ACL type
             entries can only be modified when being configured through the same
             type command. For example, IP-MAC Binding entries can only be modified
             or deleted through the IP-MAC Binding configurations or commands."
        ::= { swACLIpEntry 20 }

    swACLIpSrcMacAddrMask OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "This object specifies the MAC address mask for the source MAC address."
        ::= { swACLIpEntry 21 }

    swACLIpUnusedRuleEntries OBJECT-TYPE
        SYNTAX INTEGER
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The number of unused rule entries this IP profile entry."
        ::={ swACLIpEntry 22}

    swACLIpProfileName OBJECT-TYPE
        SYNTAX DisplayString(SIZE(1..32))
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "The name of the ACL mask entry unique to the mask list."
        ::= { swACLIpEntry 23 }
        
    swACLIpVlanMask OBJECT-TYPE
        SYNTAX OCTET STRING(SIZE(2))
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "The mask used for the VLAN ID.
             Valid values are from 0x0000 to 0x0FFF.
             Default value is 0x0FFF.
            "
        ::= { swACLIpEntry 24 }           

-- -----------------------------------------------------------------------------
-- swACLPktContMaskTable
-- -----------------------------------------------------------------------------
    swACLPktContMaskTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwACLPktContMaskEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains the ACL mask for user-defined information.
             An access profile will be created on the switch to define which part
             of each incoming frame's user-defined part of the packet header
             will be examined by switch. Masks entered will be combined
              with the values the switch finds in the specified frame header fields."
        ::= { swAclMaskMgmt 3 }

    swACLPktContMaskEntry OBJECT-TYPE
        SYNTAX  SwACLPktContMaskEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about user-defined ACLs."
        INDEX  { swACLPktContMaskProfileID }
        ::= { swACLPktContMaskTable 1 }

    SwACLPktContMaskEntry ::=
        SEQUENCE {
            swACLPktContMaskProfileID
                INTEGER,
--            swACLPktContMaskPort
--                PortList,
            swACLPktContMaskOffset0to15
                OCTET STRING,
            swACLPktContMaskOffset16to31
                OCTET STRING,
            swACLPktContMaskOffset32to47
                OCTET STRING,
            swACLPktContMaskOffset48to63
                OCTET STRING,
            swACLPktContMaskOffset64to79
                OCTET STRING,
            swACLPktContMaskRowStatus
                RowStatus,
            swACLPktContMaskOwner
                INTEGER,
            swACLPktContMaskUnusedRuleEntries
                INTEGER,
            swACLPktContMaskProfileName
                DisplayString
        }
    swACLPktContMaskProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only   --read-create
        STATUS  current
        DESCRIPTION
            "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
        ::= { swACLPktContMaskEntry 1 }

--    swACLPktContMaskPort OBJECT-TYPE
--        SYNTAX  PortList
--        MAX-ACCESS  read-create
--        STATUS  current
--        DESCRIPTION
--            "This object indicates which port(s) should be filtered."
--        ::= { swACLPktContMaskEntry 2 }

    swACLPktContMaskOffset0to15 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the packet content (Offset0to15) and
             the mask options."
        ::= { swACLPktContMaskEntry 2 }

    swACLPktContMaskOffset16to31 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the packet content (Offset16to31) and
             the mask options."
         ::= { swACLPktContMaskEntry 3 }

    swACLPktContMaskOffset32to47 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the packet content (Offset32to47) and
             the mask options."
        ::= { swACLPktContMaskEntry 4 }

    swACLPktContMaskOffset48to63 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the packet content (Offset48to63) and
             the mask options."
        ::= { swACLPktContMaskEntry 5 }

    swACLPktContMaskOffset64to79 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the packet content (Offset64to79) and
             the mask options."
        ::= { swACLPktContMaskEntry 6 }

    swACLPktContMaskRowStatus OBJECT-TYPE --swACLEthernetState
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swACLPktContMaskEntry 7 }

    swACLPktContMaskOwner OBJECT-TYPE
        SYNTAX  INTEGER {
               any(1),
               acl(2),
               ipbind(3),
               other(4),
               dhcp(5),
               netbios(6),
               ext-netbios(7),
               ismvlan(8),
               dhcp-relay(9),
               pppoe(10),
               arp-spoofing(11),
               bpdu-tunnel(12)
               }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
             "The owner of the ACL mask entry. The type of ACL entry created. ACL type
             entries can only be modified when being configured through the same
             type command. For example, IP-MAC Binding entries can only be modified
             or deleted through the IP-MAC Binding configurations or commands."
        ::= { swACLPktContMaskEntry 8 }

    swACLPktContMaskUnusedRuleEntries OBJECT-TYPE
        SYNTAX INTEGER
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The number of unused rule entries of this IP profile entry."
        ::={ swACLPktContMaskEntry 9}

    swACLPktContMaskProfileName OBJECT-TYPE
        SYNTAX DisplayString(SIZE(1..32))
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "The name of the ACL mask entry unique to the mask list."
        ::= { swACLPktContMaskEntry 10 }

-- -----------------------------------------------------------------------------
-- swACLIpv6MaskTable
-- -----------------------------------------------------------------------------
    swACLIpv6MaskTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwACLIpv6MaskEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
          "This table contains user-defined ACL mask information.
           An access profile will be created on the switch to define which
           parts of each incoming frame's IPv6 part of the packet header will
           be examined by the switch. Masks entered will be combined
           with the values the switch finds in the specified frame header fields."
        ::= { swAclMaskMgmt 4 }

    swACLIpv6MaskEntry OBJECT-TYPE
        SYNTAX  SwACLIpv6MaskEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
          "A list of information about user-defined ACLs."
        INDEX  { swACLIpv6MaskProfileID }
        ::= { swACLIpv6MaskTable 1 }

    SwACLIpv6MaskEntry ::=
        SEQUENCE {
            swACLIpv6MaskProfileID
                INTEGER,
--            swACLIpv6MaskPort
--                PortList,
            swACLIpv6MaskClass
                INTEGER,
            swACLIpv6MaskFlowlabel
                INTEGER,
            swACLIpv6IpAddrMaskState
                INTEGER,
            swACLIpv6MaskSrcIpv6Mask
                Ipv6Address,
            swACLIpv6MaskDstIpv6Mask
                Ipv6Address,
            swACLIpv6MaskRowStatus
                RowStatus,
            swACLIpv6MaskOwner
                INTEGER,
            swACLIpv6MaskUnusedRuleEntries
                INTEGER,
            swACLIpv6MaskProfileName
                DisplayString,
            swACLIpv6MaskUseProtoType
                INTEGER,
            swACLIpv6MaskTcpOption
                INTEGER,
            swACLIpv6MaskUdpOption
                INTEGER,
            swACLIpv6MaskTCPorUDPSrcPortMask
                OCTET STRING,
            swACLIpv6MaskTCPorUDPDstPortMask
                OCTET STRING
        }
    swACLIpv6MaskProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only   --read-create
        STATUS  current
        DESCRIPTION
            "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
        ::= { swACLIpv6MaskEntry 1 }

--    swACLIpv6MaskPort OBJECT-TYPE
--        SYNTAX  PortList
--        MAX-ACCESS  read-create
--        STATUS  current
--        DESCRIPTION
--            "This object indicates which port(s) should be filtered."
--        ::= { swACLIpv6MaskEntry 2 }

    swACLIpv6MaskClass OBJECT-TYPE
        SYNTAX  INTEGER {
               enable(1),
               disable(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the IPv6 class field and the mask options."
        ::= { swACLIpv6MaskEntry 2 }

    swACLIpv6MaskFlowlabel OBJECT-TYPE
        SYNTAX  INTEGER {
               enable(1),
               disable(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the IPv6 flowlabel field and the mask options."
        ::= { swACLIpv6MaskEntry 3 }

    swACLIpv6IpAddrMaskState OBJECT-TYPE
                SYNTAX  INTEGER {
               other(1),
               dst-ipv6-addr(2),
               src-ipv6-addr(3),
               dst-src-ipv6-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of the IPv6 address mask.

            other (1) - Neither source IPv6 address nor destination IPv6 address are
                masked.
            dst-ipv6-addr (2) - Received frame destination IPv6 address is
                currently used to be filtered as it meets with the IPv6
                address entry of the table.
            src-ipv6-addr (3) - Received frame source IPv6 address is currently
                used to be filtered as it meets with the IPv6 address entry of
                the table.
            dst-src-ipv6-addr (4) - Received frame destination IPv6 address or
                source IPv6 address is currently used to be filtered as it meets
                with the IPv6 address entry of the table."
        ::= { swACLIpv6MaskEntry 4 }

    swACLIpv6MaskSrcIpv6Mask OBJECT-TYPE
        SYNTAX  Ipv6Address
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the Source IPv6 address and the mask options.
            This should be a 16 byte octet string."
        ::= { swACLIpv6MaskEntry 5 }

    swACLIpv6MaskDstIpv6Mask OBJECT-TYPE
        SYNTAX  Ipv6Address
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the Destination IPv6 address and the mask options.
            This should be a 16 byte octet string."
        ::= { swACLIpv6MaskEntry 6 }

    swACLIpv6MaskRowStatus OBJECT-TYPE
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swACLIpv6MaskEntry 7 }

    swACLIpv6MaskOwner OBJECT-TYPE
        SYNTAX  INTEGER {
               any(1),
               acl(2),
               ipbind(3),
               other(4),
               dhcp(5),
               netbios(6),
               ext-netbios(7),
               ismvlan(8),
               dhcp-relay(9),
               pppoe(10),
               arp-spoofing(11),
               bpdu-tunnel(12)
               }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
           "The owner of the ACL mask entry. The type of ACL entry created. ACL type
            entries can only be modified when being configured through the same
            type command. For example, IP-MAC Binding entries can only be modified
            or deleted through the IP-MAC Binding configurations or commands."
        ::= { swACLIpv6MaskEntry 8 }

    swACLIpv6MaskUnusedRuleEntries OBJECT-TYPE
        SYNTAX INTEGER
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The number of unused rule entries of this IP profile entry."
        ::={ swACLIpv6MaskEntry 9}

    swACLIpv6MaskProfileName OBJECT-TYPE
        SYNTAX DisplayString(SIZE(1..32))
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "The name of the ACL mask entry unique to the mask list."
        ::= { swACLIpv6MaskEntry 10 }

    swACLIpv6MaskUseProtoType OBJECT-TYPE
        SYNTAX  INTEGER {
               none(1),
               tcp(2),
               udp(3)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "That object indicates which protocol will be examined."
        ::= { swACLIpv6MaskEntry 11 }

    swACLIpv6MaskTcpOption OBJECT-TYPE
        SYNTAX  INTEGER {
               other(1),
               dst-addr(2),
               src-addr(3),
               dst-src-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of the filtered address of TCP.

             other (1) - Neither source port nor destination port are
                masked.
             dst-addr (2) - Packets will be filtered if this destination port
                is identified in received frames.
             src-addr (3) - Packets will be filtered if this source port is
                identified in received frames.
             dst-src-addr (4) - Packets will be filtered if this destination
                or source port is identified in received frames."
        ::= { swACLIpv6MaskEntry 12 }

    swACLIpv6MaskUdpOption OBJECT-TYPE
        SYNTAX  INTEGER {
               other(1),
               dst-addr(2),
               src-addr(3),
               dst-src-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of the filtered address of UDP.

             other (1) - Neither source port nor destination port is
                masked.
             dst-addr (2) - Packets will be filtered if this destination port
                is identified in received frames.
             src-addr (3) - Packets will be filtered if this source port is
                identified in received frames.
             dst-src-addr (4) - Packets will be filtered if this destination
                or source port is identified in received frames."

        ::= { swACLIpv6MaskEntry 13 }

    swACLIpv6MaskTCPorUDPSrcPortMask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(2))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a TCP port mask for the source port if swACLIpv6MaskUseProtoType is TCP
             Specifies a UDP port mask for the source port if swACLIpv6MaskUseProtoType is UDP.
             "
        ::= { swACLIpv6MaskEntry 14 }

    swACLIpv6MaskTCPorUDPDstPortMask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(2))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a TCP port mask for the destination port if swACLIpv6MaskUseProtoType is TCP
             Specifies a UDP port mask for the destination port if swACLIpv6MaskUseProtoType is UDP."
        ::= { swACLIpv6MaskEntry 15 }

-- -----------------------------------------------------------------------------
-- swACLMaskDelAllState
-- -----------------------------------------------------------------------------
    swACLMaskDelAllState OBJECT-TYPE
        SYNTAX      INTEGER{
                none(1),
                start(2)
                }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "Used to delete all ACL masks."
        ::= { swAclMaskMgmt 5 }

-- -----------------------------------------------------------------------------
--swIBPACLEthernetTable
-- -----------------------------------------------------------------------------
    swIBPACLEthernetTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwIBPACLEthernetEntry
        MAX-ACCESS  not-accessible
        STATUS  obsolete
        DESCRIPTION
            "This table contains IP-MAC-Binding ACL mask Ethernet information.
             Access profiles will be created on the switch by row creation and to
             define which parts of each incoming frame's layer 2 header part
             the switch will examine. Masks can be entered that will be combined
             with the values the switch finds in the specified frame header fields."
        ::= { swAclMaskMgmt 6 }

    swIBPACLEthernetEntry OBJECT-TYPE
        SYNTAX  SwIBPACLEthernetEntry
        MAX-ACCESS  not-accessible
        STATUS  obsolete
        DESCRIPTION
            "A list of information about the Ethernet ACL."
        INDEX  { swIBPACLEthernetProfileID }
        ::= { swIBPACLEthernetTable 1 }

    SwIBPACLEthernetEntry ::=
        SEQUENCE {
            swIBPACLEthernetProfileID
                INTEGER,
            swIBPACLEthernetUseEthernetType
                INTEGER
        }
    swIBPACLEthernetProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "The ID of the ACL mask entry, unique in the mask list. The maximum value of this object depends on the device."
        ::= { swIBPACLEthernetEntry 1 }

    swIBPACLEthernetUseEthernetType OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "Specifies if the switch will examine the Ethernet type value in each frame's header
              or not."
        ::= { swIBPACLEthernetEntry 2 }

-- -----------------------------------------------------------------------------
--swIBPACLIpTable
-- -----------------------------------------------------------------------------
    swIBPACLIpTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwIBPACLIpEntry
        MAX-ACCESS  not-accessible
        STATUS  obsolete
        DESCRIPTION
            "This table contains IP-MAC-Binding IP ACL mask information.
             Access profiles will be created on the switch by row creation and to
             define which parts of each incoming frame's IP layer part of the header
             the switch will examine. Masks can be entered that will be combined
             with the values the switch finds in the specified frame header fields."
        ::= { swAclMaskMgmt 7 }

    swIBPACLIpEntry OBJECT-TYPE
        SYNTAX  SwIBPACLIpEntry
        MAX-ACCESS  not-accessible
        STATUS  obsolete
        DESCRIPTION
            "A list of information about the IP layer of the ACL."
        INDEX  { swIBPACLIpProfileID }
        ::= { swIBPACLIpTable 1 }

    SwIBPACLIpEntry ::=
        SEQUENCE {
            swIBPACLIpProfileID
                INTEGER,
            swIBPACLIpSrcMacAddrMask
                MacAddress,
            swIBPACLIpSrcIpAddrMask
                IpAddress
        }
    swIBPACLIpProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "The ID of the ACL mask entry, unique in the mask list. The maximum value of this object depends on the device."
        ::= { swIBPACLIpEntry 1 }

    swIBPACLIpSrcMacAddrMask OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "This object specifies the MAC address mask for the source MAC address."
        ::= { swIBPACLIpEntry 2 }

    swIBPACLIpSrcIpAddrMask OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "This object specifies IP address masks for the source IP address."
        ::= { swIBPACLIpEntry 3 }


-- -----------------------------------------------------------------------------
-- swACLPktContMaskOptionTable
-- -----------------------------------------------------------------------------
    swACLPktContMaskOptionTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwACLPktContMaskOptionEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains the ACL mask for user-defined option information.
             An access profile will be created on the switch to define which part
             of each incoming frame's user-defined part of the packet header
             will be examined by switch. Masks entered will be combined
             with the values the switch finds in the specified frame header fields."
        ::= { swAclMaskMgmt 8 }

    swACLPktContMaskOptionEntry OBJECT-TYPE
        SYNTAX  SwACLPktContMaskOptionEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about the user-defined ACL."
        INDEX  { swACLPktContMaskOptionProfileID }
        ::= { swACLPktContMaskOptionTable 1 }

    SwACLPktContMaskOptionEntry ::=
        SEQUENCE {
            swACLPktContMaskOptionProfileID
                INTEGER,
            swACLPktContMaskOffsetChunk1State
                INTEGER,
            swACLPktContMaskOffsetChunk1OffsetValue
                INTEGER,
            swACLPktContMaskOffsetChunk1Mask
                OCTET STRING,
            swACLPktContMaskOffsetChunk2State
                INTEGER,
            swACLPktContMaskOffsetChunk2OffsetValue
                INTEGER,
            swACLPktContMaskOffsetChunk2Mask
                OCTET STRING,
            swACLPktContMaskOffsetChunk3State
                INTEGER,
            swACLPktContMaskOffsetChunk3OffsetValue
                INTEGER,
            swACLPktContMaskOffsetChunk3Mask
                OCTET STRING,
            swACLPktContMaskOffsetChunk4State
                INTEGER,
            swACLPktContMaskOffsetChunk4OffsetValue
                INTEGER,
            swACLPktContMaskOffsetChunk4Mask
                OCTET STRING,
            swACLPktContMaskOptionRowStatus
                RowStatus,
            swACLPktContMaskOptionOwner
                INTEGER,
            swACLPktContMaskOptionUnusedRuleEntries
                INTEGER,
            swACLPktContMaskOptionProfileName
                DisplayString
        }
    swACLPktContMaskOptionProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the ACL mask entry, unique to the mask list. The maximum value of this object depends on the device."
        ::= { swACLPktContMaskOptionEntry 1 }

   swACLPktContMaskOffsetChunk1State OBJECT-TYPE
        SYNTAX  INTEGER {
                enabled(1),
                disabled(2)
                }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the state of chunk1."
        ::= { swACLPktContMaskOptionEntry 2 }

   swACLPktContMaskOffsetChunk1OffsetValue OBJECT-TYPE
        SYNTAX  INTEGER (0..31)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the frame content offset of chunk1."
        ::= { swACLPktContMaskOptionEntry 3 }

   swACLPktContMaskOffsetChunk1Mask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(4))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the frame content mask of chunk1."
        ::= { swACLPktContMaskOptionEntry 4 }

   swACLPktContMaskOffsetChunk2State OBJECT-TYPE
        SYNTAX  INTEGER {
                enabled(1),
                disabled(2)
                }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the state of chunk2."
        ::= { swACLPktContMaskOptionEntry 5 }

   swACLPktContMaskOffsetChunk2OffsetValue OBJECT-TYPE
        SYNTAX  INTEGER (0..31)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the frame content offset of chunk2."
        ::= { swACLPktContMaskOptionEntry 6 }

   swACLPktContMaskOffsetChunk2Mask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(4))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the frame content mask of chunk2."
        ::= { swACLPktContMaskOptionEntry 7 }

   swACLPktContMaskOffsetChunk3State OBJECT-TYPE
        SYNTAX  INTEGER {
                enabled(1),
                disabled(2)
                }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the state of chunk3."
        ::= { swACLPktContMaskOptionEntry 8 }

   swACLPktContMaskOffsetChunk3OffsetValue OBJECT-TYPE
        SYNTAX  INTEGER (0..31)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the frame content offset of chunk3."
        ::= { swACLPktContMaskOptionEntry 9 }

   swACLPktContMaskOffsetChunk3Mask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(4))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the frame content mask of chunk3."
        ::= { swACLPktContMaskOptionEntry 10 }

   swACLPktContMaskOffsetChunk4State OBJECT-TYPE
        SYNTAX  INTEGER {
                enabled(1),
                disabled(2)
                }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the state of chunk4."
        ::= { swACLPktContMaskOptionEntry 11 }

   swACLPktContMaskOffsetChunk4OffsetValue OBJECT-TYPE
        SYNTAX  INTEGER (0..31)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the frame content offset of chunk4."
        ::= { swACLPktContMaskOptionEntry 12 }

   swACLPktContMaskOffsetChunk4Mask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(4))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the frame content mask of chunk4."
        ::= { swACLPktContMaskOptionEntry 13 }

    swACLPktContMaskOptionRowStatus OBJECT-TYPE
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swACLPktContMaskOptionEntry 14 }

    swACLPktContMaskOptionOwner OBJECT-TYPE
        SYNTAX  INTEGER {
               any(1),
               acl(2),
               ipbind(3),
               other(4),
               dhcp(5),
               netbios(6),
               ext-netbios(7),
               ismvlan(8),
               dhcp-relay(9),
               pppoe(10),
               arp-spoofing(11),
               bpdu-tunnel(12)
               }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
             "The owner of the ACL mask entry. The type of ACL entry created. ACL type
             entries can only be modified when being configured through the same
             type command. For example, IP-MAC Binding entries can only be modified
             or deleted through the IP-MAC Binding configurations or commands."
        ::= { swACLPktContMaskOptionEntry 15 }

    swACLPktContMaskOptionUnusedRuleEntries OBJECT-TYPE
        SYNTAX INTEGER
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The number of unused rule entries of this IP profile entry."
        ::={ swACLPktContMaskOptionEntry 16}

    swACLPktContMaskOptionProfileName OBJECT-TYPE
        SYNTAX DisplayString(SIZE(1..32))
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "The name of the ACL mask entry unique to the mask list."
        ::= { swACLPktContMaskOptionEntry 17 }
        


-- -----------------------------------------------------------------------------
-- swACLPktContMaskOption2
-- -----------------------------------------------------------------------------
                
swACLPktContMaskOption2              OBJECT IDENTIFIER ::= { swAclMaskMgmt 10 }        
                
-- -----------------------------------------------------------------------------
-- swACLPktContMaskOption2Table
-- -----------------------------------------------------------------------------
    swACLPktContMaskOption2Table OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwACLPktContMaskOption2Entry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains the ACL mask for user-defined option 2 information.
             An access profile will be created on the switch to define which part
             of each incoming frame's user-defined part of the packet header
             will be examined by switch. Masks entered will be combined
             with the values the switch finds in the specified frame header fields.
             
             To create a packet content field with respect to an offset, an entry in the
             swACLPktContMaskOption2OffsetsTable must be created first. 
             
             On row creation, all entries in the corresponding profile defined in the
             swACLPktContMaskOption2OffsetsTable will be associated to the profile mask.
             
	         If any rule is using the profile mask the entries cannot be modified.
	                      
             "
        ::= { swACLPktContMaskOption2 1 }

    swACLPktContMaskOption2Entry OBJECT-TYPE
        SYNTAX  SwACLPktContMaskOption2Entry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about the user-defined ACL."
        INDEX  { swACLPktContMaskOption2ProfileID }
        ::= { swACLPktContMaskOption2Table 1 }

    SwACLPktContMaskOption2Entry ::=
        SEQUENCE {
            swACLPktContMaskOption2ProfileID
                INTEGER,
            swACLPktContMaskOption2SrcMac
                MacAddress,
            swACLPktContMaskOption2DstMac
                MacAddress,
            swACLPktContMaskOption2CTag
                OCTET STRING,
            swACLPktContMaskOption2STag
                OCTET STRING,
            swACLPktContMaskOption2Owner
                INTEGER,
            swACLPktContMaskOption2UnusedRuleEntries
                INTEGER,
            swACLPktContMaskOption2ProfileName
                DisplayString,
            swACLPktContMaskOption2RowStatus
            	RowStatus
        }
    swACLPktContMaskOption2ProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the ACL mask entry, unique to the mask list. The maximum value of this object depends on the device."
        ::= { swACLPktContMaskOption2Entry 1 }

        
    swACLPktContMaskOption2SrcMac OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the mask for source MAC address"
        ::= { swACLPktContMaskOption2Entry 2 }        
        
        
    swACLPktContMaskOption2DstMac OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the mask for destination MAC address"
        ::= { swACLPktContMaskOption2Entry 3 }   
        
   swACLPktContMaskOption2CTag  OBJECT-TYPE
       SYNTAX  OCTET STRING (SIZE(2))
       MAX-ACCESS  read-create
       STATUS  current
       DESCRIPTION
           "Specifies the mask for customer VLAN tag, valid values are only from 0x0000 to 0xFFFF."
       ::= { swACLPktContMaskOption2Entry 4 }        
        
   swACLPktContMaskOption2STag  OBJECT-TYPE
       SYNTAX  OCTET STRING (SIZE(2))
       MAX-ACCESS  read-create
       STATUS  current
       DESCRIPTION
           "Specifies the mask for service VLAN tag, valid values are only from 0x0000 to 0xFFFF."
       ::= { swACLPktContMaskOption2Entry 5 }     
       
    swACLPktContMaskOption2Owner OBJECT-TYPE
        SYNTAX  INTEGER {
               any(1),
               acl(2),
               ipbind(3),
               other(4),
               dhcp(5),
               netbios(6),
               ext-netbios(7),
               ismvlan(8),
               dhcp-relay(9),
               pppoe(10),
               arp-spoofing(11),
               bpdu-tunnel(12)
               }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
             "The owner of the ACL mask entry. The type of ACL entry created. ACL type
             entries can only be modified when being configured through the same
             type command. For example, IP-MAC Binding entries can only be modified
             or deleted through the IP-MAC Binding configurations or commands."
        ::= { swACLPktContMaskOption2Entry 6 }

    swACLPktContMaskOption2UnusedRuleEntries OBJECT-TYPE
        SYNTAX INTEGER
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The number of unused rule entries of this IP profile entry."
        ::={ swACLPktContMaskOption2Entry 7 }

    swACLPktContMaskOption2ProfileName OBJECT-TYPE
        SYNTAX DisplayString(SIZE(1..32))
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "The name of the ACL mask entry unique to the mask list."
        ::= { swACLPktContMaskOption2Entry 8 } 
        
    swACLPktContMaskOption2RowStatus OBJECT-TYPE
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swACLPktContMaskOption2Entry 9 }
       
-- -----------------------------------------------------------------------------
-- swACLPktContMaskOption2OffsetsTable
-- -----------------------------------------------------------------------------

    	
	swACLPktContMaskOption2OffsetsTable OBJECT-TYPE
	    SYNTAX  SEQUENCE OF SwACLPktContMaskOption2OffsetsEntry
	    MAX-ACCESS  not-accessible
	    STATUS  current
	    DESCRIPTION
	        "This table contains the ACL masks for the individual packet content offset user-defined option 2 information.
	         Entries created in this table will not set into the TCAM until a valid entry in the swACLPktContMaskOption2Table
	         is created.
	         
	         If any rule is using the profile mask the entries cannot be modified.
	        ."
	    ::= { swACLPktContMaskOption2 2 }
	
	swACLPktContMaskOption2OffsetsEntry OBJECT-TYPE
	    SYNTAX  SwACLPktContMaskOption2OffsetsEntry
	    MAX-ACCESS  not-accessible
	    STATUS  current
	    DESCRIPTION
	        "A list of information about the individual offsets for user-defined ACL."
	    INDEX  { swACLPktContMaskOption2OffsetsProfileID,swACLPktContMaskOption2OffsetsNum }
	    ::= { swACLPktContMaskOption2OffsetsTable 1 }
	
	SwACLPktContMaskOption2OffsetsEntry ::=
	    SEQUENCE {
	    	swACLPktContMaskOption2OffsetsProfileID
	    		INTEGER,
	    	swACLPktContMaskOption2OffsetsNum
	    		INTEGER,
			swACLPktContMaskOption2OffsetsReference
				INTEGER,
			swACLPktContMaskOption2OffsetsValue
				INTEGER,
			swACLPktContMaskOption2OffsetsMask
				OCTET STRING,
			swACLPktContMaskOption2OffsetsRowStatus
				RowStatus			
	    }
	       
	swACLPktContMaskOption2OffsetsProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the ACL mask entry, unique to the mask list. 
             This is the profile id to which this packet content field entry will be associated to.
            "
        ::= { swACLPktContMaskOption2OffsetsEntry 1 }		              
	        
		swACLPktContMaskOption2OffsetsNum OBJECT-TYPE
			SYNTAX      INTEGER (1..11)
			MAX-ACCESS  read-only
			STATUS      current
			DESCRIPTION
				"Specifies the offset number with respect to the profile."
			::= { swACLPktContMaskOption2OffsetsEntry 2 }
	        
		swACLPktContMaskOption2OffsetsReference OBJECT-TYPE
			SYNTAX      INTEGER{
			    l2(1),
			    l3(2),
			    l4(3)
			    }
			MAX-ACCESS  read-create
			STATUS      current
			DESCRIPTION
				"Specifies the reference of the offset.
						L2 - The offset will start counting from the byte 
						     after the end of the VLAN tags (start of ether type)
		                L3 - The offset will start counting right after the ether type field. 
		                     The packet must have a valid L2 header and a recognizeable ether type in 
		                     order to be recognized.
		                L4 - The offset will start counting right after the end of ip header. 
		                     The packet must have a valid IP header in order to be recognized.
				"
			::= { swACLPktContMaskOption2OffsetsEntry 3 }           
	
	               
		swACLPktContMaskOption2OffsetsValue OBJECT-TYPE
			SYNTAX      INTEGER
			MAX-ACCESS  read-create
			STATUS      current
			DESCRIPTION
				"Specifies the amount of bytes from the reference to the packet content field"
			::= { swACLPktContMaskOption2OffsetsEntry 4 }        		
			 
	
		swACLPktContMaskOption2OffsetsMask OBJECT-TYPE
			SYNTAX      OCTET STRING (SIZE(2))
			MAX-ACCESS  read-create
			STATUS      current
			DESCRIPTION
				"Specifies the mask for the packet content field"
			::= { swACLPktContMaskOption2OffsetsEntry 5 }        				
	
	    swACLPktContMaskOption2OffsetsRowStatus OBJECT-TYPE
	        SYNTAX  RowStatus
	        MAX-ACCESS  read-create
	        STATUS  current
	        DESCRIPTION
	            "This object indicates the status of this entry."
	        ::= { swACLPktContMaskOption2OffsetsEntry 6 }		
		

-- -----------------------------------------------------------------------------
-- swACLEtherRuleTable
-- -----------------------------------------------------------------------------
    swACLEtherRuleTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwACLEtherRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains Ethernet ACL information."
        ::= { swAclRuleMgmt 1 }

    swACLEtherRuleEntry OBJECT-TYPE
        SYNTAX  SwACLEtherRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about the ACL rule of the layer 2 part of each packet."
        INDEX  { swACLEtherRuleProfileID,swACLEtherRuleAccessID }
        ::= { swACLEtherRuleTable 1 }

    SwACLEtherRuleEntry ::=
        SEQUENCE {
            swACLEtherRuleProfileID
                INTEGER,
            swACLEtherRuleAccessID
                INTEGER,
            swACLEtherRuleVlan
                SnmpAdminString,
            swACLEtherRuleSrcMacAddress
                MacAddress,
            swACLEtherRuleDstMacAddress
                MacAddress,
            swACLEtherRule8021P
                INTEGER,
            swACLEtherRuleEtherType
                OCTET STRING,
            swACLEtherRuleEnablePriority
                INTEGER,
            swACLEtherRulePriority
                INTEGER,
            swACLEtherRuleReplacePriority
                INTEGER,
            swACLEtherRuleEnableReplaceDscp
                INTEGER,
            swACLEtherRuleRepDscp
                INTEGER,
            swACLEtherRulePermit
                INTEGER,
            swACLEtherRulePort
--                INTEGER,
                PortList,
--            swACLEtherRuleSwAclState
--                INTEGER,
            swACLEtherRuleRowStatus
                RowStatus,
            swACLEtherRuleOwner
                INTEGER,
            swACLEtherRuleRxRate
                INTEGER,
            swACLEtherRuleEnableReplaceTosPrecedence
                INTEGER,
            swACLEtherRuleRepTosPrecedence
                INTEGER,
            swACLEtherRuleVID
                INTEGER,
            swACLEtherRuleMatchVID
                INTEGER,
            swACLEtherRuleMaskVlan
                OCTET STRING,
            swACLEtherRuleMaskSrcMacAddress
                MacAddress,
            swACLEtherRuleMaskDstMacAddress
                MacAddress                
      }
    swACLEtherRuleProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the ACL rule entry, which is unique to the mask list.
             The maximum value of this object depends on the device."
        ::= { swACLEtherRuleEntry 1 }

    swACLEtherRuleAccessID OBJECT-TYPE
        SYNTAX  INTEGER (0..65535)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the the ACL rule entry relates to the swACLEtherRuleProfileID.
             When row creation is set to 0, assignment of an Access ID for ports is automatic
             and the swACLEtherRulePort creates Rule entries for the swACLEtherRulePort accordingly.
             When set from 1 to 65535, an access ID will be created for the swACLEtherRulePort.
             The swACLEtherRulePort must be set to one port only otherwise the row creation will fail.
            "
        ::= { swACLEtherRuleEntry 2 }

    swACLEtherRuleVlan OBJECT-TYPE
        SYNTAX  SnmpAdminString (SIZE (1..32))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will only apply to the packet with the VLAN ID indexed by this VLAN name."
        ::= { swACLEtherRuleEntry 3 }

    swACLEtherRuleSrcMacAddress OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will apply to only packets with
             this source MAC address."
        ::= { swACLEtherRuleEntry 4 }

    swACLEtherRuleDstMacAddress OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will apply to only packets
              with this destination MAC address."
        ::= { swACLEtherRuleEntry 5 }

    swACLEtherRule8021P OBJECT-TYPE
        SYNTAX  INTEGER(-1..7)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will apply only to packets with
              this 802.1p priority value. A value of -1 indicates that this node
              is not actively used."
        ::= { swACLEtherRuleEntry 6 }

    swACLEtherRuleEtherType OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE (2))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will apply only to packets with this
             hexadecimal 802.1Q Ethernet type value in the packet header."
        ::= { swACLEtherRuleEntry 7 }

    swACLEtherRuleEnablePriority OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will apply only to packets with
             priority value."
        ::= { swACLEtherRuleEntry 8 }

    swACLEtherRulePriority OBJECT-TYPE
        SYNTAX  INTEGER(0..7)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the priority will be changed in packets while the swACLEtherRuleEnablePriority
             is enabled ."
        ::= { swACLEtherRuleEntry 9 }

    swACLEtherRuleReplacePriority OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will change priorities of packets that match the access profile
             802.1p priority tag field or not ."
        ::= { swACLEtherRuleEntry 10 }

    swACLEtherRuleEnableReplaceDscp OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will change priorities of packets that match the access profile
             DSCP field or not.
             Replace DSCP and replace ToS precedence can not both be supported.
            "
        ::= { swACLEtherRuleEntry 11 }

    swACLEtherRuleRepDscp OBJECT-TYPE
        SYNTAX  INTEGER(0..63)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a value to be written to the DSCP field of an incoming packet
             that meets the criteria specified in the first part of the command.
             This value will over-write the value in the DSCP field of the packet."
        ::= { swACLEtherRuleEntry 12 }

    swACLEtherRulePermit OBJECT-TYPE
        SYNTAX  INTEGER {
               deny(1),
               permit(2),
               mirror(3),
               set-drop-precedence(5)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates if the result of the packet examination is 'permit' or 'deny'.
             The default is 'permit'.
             permit - Specifies that packets matching the access profile are
                      permitted to be forwarded by the switch.
             deny - Specifies that packets matching the access profile
                    are not permitted to be forwarded by the switch and will be filtered.
             mirror - Specifies that packets matching the access profile are copied to the mirror port.
                      Note : The ACL mirror function will start functioning after mirror has been enabled
                             and the mirror port has been configured.
             set-drop-precedence - Specifies that packets that matching the access profile are set
                                   to drop precedence."
        ::= { swACLEtherRuleEntry 13 }

    swACLEtherRulePort OBJECT-TYPE
--        SYNTAX  INTEGER (1..65535)
        SYNTAX  PortList
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will only apply to port(s).
             This object and swACLEtherRuleVID can not be set together."
        ::= { swACLEtherRuleEntry 14 }

--    swACLEtherRuleSwAclState OBJECT-TYPE
--        SYNTAX  INTEGER {
--               enable(1),
--               disable(2)
--               }
--        MAX-ACCESS  read-create
--        STATUS  current
--        DESCRIPTION
--            "Specifies that the access rule will only apply to the software ACL state."
--        ::= { swACLEtherRuleEntry 15 }

    swACLEtherRuleRowStatus OBJECT-TYPE --swACLEtherRuleState
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swACLEtherRuleEntry 15 }

    swACLEtherRuleOwner OBJECT-TYPE
        SYNTAX  INTEGER {
               any(1),
               acl(2),
               ipbind(3),
               other(4),
               dhcp(5),
               netbios(6),
               ext-netbios(7),
               ismvlan(8),
               dhcp-relay(9),
               pppoe(10),
               arp-spoofing(11),
               bpdu-tunnel(12)
               }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The owner of the ACL rule entry. Only owners can modify this entry."
        ::= { swACLEtherRuleEntry 16 }

    swACLEtherRuleRxRate  OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the rx rate, 0 denotes no_limit. The maximum value of this object depends on the device."
        ::= { swACLEtherRuleEntry 17 }

    swACLEtherRuleEnableReplaceTosPrecedence OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will change priorities of packets that match the access profile
             ToS precedence field or not.
             Replace DSCP and replace ToS precedence can not both be supported.
            "
        ::= { swACLEtherRuleEntry 18 }

    swACLEtherRuleRepTosPrecedence OBJECT-TYPE
        SYNTAX  INTEGER(0..7)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a value to be written to the ToS precedence field of an incoming packet
             that meets the criteria specified in the first part of the command.
             This value will over-write the value in the ToS precedence field of the packet."
        ::= { swACLEtherRuleEntry 19 }

    swACLEtherRuleVID OBJECT-TYPE
        SYNTAX  INTEGER (0..4094)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the VLAN-based ACL rule. There are two conditions:
             1. this rule will apply to all the ports;
             2. packets must belong to this VLAN.

             This object and swACLEtherRulePort can not be set together.
             When you set swACLEtherRulePort, the value of this object will automatically change to 0.
             And this object can not be set to 0."
        ::= { swACLEtherRuleEntry 20 }
        
   swACLEtherRuleMatchVID OBJECT-TYPE
        SYNTAX  INTEGER (0..4094)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will apply only to packets with
             this VLAN ID. It is applied to the specified ports configured by swACLEtherRulePort."
        ::= { swACLEtherRuleEntry 21 }

        
    swACLEtherRuleMaskVlan OBJECT-TYPE
        SYNTAX  OCTET STRING(SIZE(2))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the per rule mask for the VLAN field as defined in swACLEtherRuleVlan object.
             The value of this object when not in use is the corresponding mask in the profile mask.
             Once the value of this object is modified, the per rule mask will take effect.
            "
        ::= { swACLEtherRuleEntry 22 }

    swACLEtherRuleMaskSrcMacAddress OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the per rule mask for the source MAC addres field as defined in swACLEtherRuleSrcMacAddress object.
             The value of this object when not in use is the corresponding mask in the profile mask.            
             Once the value of this object is modified, the per rule mask will take effect.
            "
        ::= { swACLEtherRuleEntry 23 }

    swACLEtherRuleMaskDstMacAddress OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the per rule mask for the destination MAC addres field as defined in swACLEtherRuleDstMacAddress object.
             The value of this object when not in use is the corresponding mask in the profile mask.            
             Once the value of this object is modified, the per rule mask will take effect.
            "
        ::= { swACLEtherRuleEntry 24 }        

-- -----------------------------------------------------------------------------
-- swACLIpRuleTable
-- -----------------------------------------------------------------------------
    swACLIpRuleTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwACLIpRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            ""
        ::= { swAclRuleMgmt 2 }

    swACLIpRuleEntry OBJECT-TYPE
        SYNTAX  SwACLIpRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            ""
        INDEX  { swACLIpRuleProfileID , swACLIpRuleAccessID }
        ::= { swACLIpRuleTable 1 }

    SwACLIpRuleEntry ::=
        SEQUENCE {
            swACLIpRuleProfileID
                INTEGER,
            swACLIpRuleAccessID
                INTEGER,
            swACLIpRuleVlan
                SnmpAdminString,
            swACLIpRuleSrcIpaddress
                IpAddress,
            swACLIpRuleDstIpaddress
                IpAddress,
            swACLIpRuleDscp
                INTEGER,
            swACLIpRuleProtocol
                INTEGER,
            swACLIpRuleType
                INTEGER,
            swACLIpRuleCode
                INTEGER,
            swACLIpRuleSrcPort
                INTEGER,
            swACLIpRuleDstPort
                INTEGER,
            swACLIpRuleFlagBits
                INTEGER,
            swACLIpRuleProtoID
                INTEGER,
            swACLIpRuleUserMask
                OCTET STRING,
            swACLIpRuleEnablePriority
                INTEGER,
            swACLIpRulePriority
                INTEGER,
            swACLIpRuleReplacePriority
                INTEGER,
            swACLIpRuleEnableReplaceDscp
                INTEGER,
            swACLIpRuleRepDscp
                INTEGER,
            swACLIpRulePermit
                INTEGER,
            swACLIpRulePort
--              INTEGER,
                PortList,
--            swACLIpRuleSwAclState
--                INTEGER,
            swACLIpRuleRowStatus
                RowStatus,
            swACLIpRuleOwner
                INTEGER,
            swACLIpRuleRxRate
                INTEGER,
            swACLIpRuleSrcMacAddress
                MacAddress,
            swACLIpRuleEnableReplaceTosPrecedence
                INTEGER,
            swACLIpRuleRepTosPrecedence
                INTEGER,
            swACLIpRuleVID
                INTEGER,
            swACLIpRuleMatchVID
                INTEGER,
            swACLIpRuleMaskVlan
                OCTET STRING,
            swACLIpRuleMaskSrcIpaddress
                IpAddress,
            swACLIpRuleMaskDstIpaddress
                IpAddress,
            swACLIpRuleMaskSrcPort
                OCTET STRING,
            swACLIpRuleMaskDstPort
                OCTET STRING                
        }

    swACLIpRuleProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
        ::= { swACLIpRuleEntry 1 }

    swACLIpRuleAccessID OBJECT-TYPE
        SYNTAX  INTEGER (0..65535)
        MAX-ACCESS  read-only   --read-create
        STATUS  current
        DESCRIPTION
            "The ID of the ACL rule entry relates to swACLIPRuleProfileID.
             Row creation set to 0 indicates automatic assignment of the Access ID
             for the ports in the swACLIpRulePort to create Rule entries
             for swACLIpRulePort accordingly.
             Set to 1-65535 causes creation of an access ID for the swACLIpRulePort.
             The swACLIpRulePort must be set to one port only otherwise the row
             creation will fail."
        ::= { swACLIpRuleEntry 2 }

    swACLIpRuleVlan OBJECT-TYPE
        SYNTAX  SnmpAdminString (SIZE (1..32))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will only apply to packets with the VLAN ID indexed by this VLAN name."
        ::= { swACLIpRuleEntry 3 }

    swACLIpRuleSrcIpaddress OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies an IP source address."
        ::= { swACLIpRuleEntry 4 }

    swACLIpRuleDstIpaddress OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies an IP destination address."
        ::= { swACLIpRuleEntry 5 }

    swACLIpRuleDscp OBJECT-TYPE
        SYNTAX  INTEGER(-1..63)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the value of DSCP. The value can be configured from 0 to 63.
            A value of -1 indicates that this node is not actively used."
        ::= { swACLIpRuleEntry 6 }

    swACLIpRuleProtocol OBJECT-TYPE
        SYNTAX  INTEGER {
               none(1),
               icmp(2),
               igmp(3),
               tcp(4),
               udp(5),
               protocolId(6)
               }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
            "Specifies the IP protocol.
             For some older chips, this object can not be set. When getting this object,
             it always returns the type which has been configured in swACLIpEntry.

             For some newer chips, this object can only set the type which
             has been configured in swACLIpEntry. The default value is none (1).
            "
        ::= { swACLIpRuleEntry 7 }

    swACLIpRuleType OBJECT-TYPE
        SYNTAX  INTEGER(-1..255)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the value of ICMP type traffic.
            A value of -1 denotes that this object is not active."
        ::= { swACLIpRuleEntry 8 }

    swACLIpRuleCode OBJECT-TYPE
        SYNTAX  INTEGER(-1..255)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the value of ICMP code traffic.
            A value of -1 denotes that this object is not active."
        ::= { swACLIpRuleEntry 9 }

    swACLIpRuleSrcPort OBJECT-TYPE
        SYNTAX  INTEGER(-1..65535)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the range of the TCP/UDP source ports.
            A value of -1 indicates that this node is not actively used."
        ::= { swACLIpRuleEntry 10 }

    swACLIpRuleDstPort OBJECT-TYPE
        SYNTAX  INTEGER(-1..65535)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the TCP/UDP destination port range.
            A value of -1 indicates that this node is not actively used."
        ::= { swACLIpRuleEntry 11 }

    swACLIpRuleFlagBits OBJECT-TYPE
        SYNTAX  INTEGER(0..63)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "A value which indicates the set of TCP flags that this
             entity may potentially offer. The value is a sum of flag bits.
             This sum initially takes the value zero. Then, for each flag, L
             is added in the range 1 through 6, for which this node performs
             transactions, where 2^(L - 1) is added to the sum.
             Note that values should be calculated accordingly:

                 Flag      functionality
                   6        urg bit
                   5        ack bit
                   4        psh bit
                   3        rst bit
                   2        syn bit
                   1        fin bit
             For example, it you want to enable urg bit and ack bit, you
             should set value 48{2^(5-1) + 2^(6-1)}."
        ::= { swACLIpRuleEntry 12 }

    swACLIpRuleProtoID OBJECT-TYPE
        SYNTAX  INTEGER(-1..255)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the value of IP protocol ID traffic.
            A value of -1 indicates that this node is not actively used."
        ::= { swACLIpRuleEntry 13 }

    swACLIpRuleUserMask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(20))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the IP protocol ID and the range of
             options behind the IP header."
        ::= { swACLIpRuleEntry 14 }

    swACLIpRuleEnablePriority OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will apply only to packets with this
             priority value."
        ::= { swACLIpRuleEntry 15 }

    swACLIpRulePriority OBJECT-TYPE
        SYNTAX  INTEGER(0..7)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the priority will change in packets while the swACLIpRuleEnablePriority
             is enabled."
        ::= { swACLIpRuleEntry 16 }

    swACLIpRuleReplacePriority OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies whether the packets that match the access profile will change the
             802.1p priority tag field by the switch or not."
        ::= { swACLIpRuleEntry 17 }

    swACLIpRuleEnableReplaceDscp OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will change priorities of packets that match the access profile
             DSCP field or not.
             Replace DSCP and replace ToS precedence can not both be supported.
            "
        ::= { swACLIpRuleEntry 18 }

    swACLIpRuleRepDscp OBJECT-TYPE
        SYNTAX  INTEGER(0..63)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a value to be written to the DSCP field of an incoming packet
             that meets the criteria specified in the first part of the command.
             This value will over-write the value in the DSCP field of the packet."
        ::= { swACLIpRuleEntry 19 }

    swACLIpRulePermit OBJECT-TYPE
        SYNTAX  INTEGER {
               deny(1),
               permit(2),
               mirror(3),
               set-drop-precedence(5)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates if the result of the packet examination is 'permit' or 'deny'.
             The default is 'permit'.
             permit - Specifies that packets matching the access profile are
                      permitted to be forwarded by the switch.
             deny - Specifies that packets matching the access profile
                    are not permitted to be forwarded by the switch and will be filtered.
             mirror - Specifies the packets matching the access profile are copied
                      to the mirror port.
                      Note : The ACL mirror function will work after the mirror is enabled and the mirror port has
                             been configured.
             set-drop-precedence - Specifies the packets that match the access profile are set
                               to drop precedence."
        ::= { swACLIpRuleEntry 20 }

    swACLIpRulePort OBJECT-TYPE
--        SYNTAX  INTEGER (1..65535)
        SYNTAX  PortList
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will only apply to port(s).
             This object and swACLIpRuleVID can not be set together. "
        ::= { swACLIpRuleEntry 21 }

--    swACLIpRuleSwAclState OBJECT-TYPE
--        SYNTAX  INTEGER {
--               enable(1),
--               disable(2)
--               }
--        MAX-ACCESS  read-create
--        STATUS  current
--        DESCRIPTION
--            "Specifies that the access rule will only apply to the software ACL state."
--        ::= { swACLIpRuleEntry 22 }

    swACLIpRuleRowStatus OBJECT-TYPE
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swACLIpRuleEntry 22 }

    swACLIpRuleOwner OBJECT-TYPE
        SYNTAX  INTEGER {
               any(1),
               acl(2),
               ipbind(3),
               other(4),
               dhcp(5),
               netbios(6),
               ext-netbios(7),
               ismvlan(8),
               dhcp-relay(9),
               pppoe(10),
               arp-spoofing(11),
               bpdu-tunnel(12)
               }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The owner of the ACL rule entry. Only owners can modify this entry."
        ::= { swACLIpRuleEntry 23 }

    swACLIpRuleRxRate  OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the rx-rate, 0 denotes no_limit. The maximum value of this object depends on the device."
        ::= { swACLIpRuleEntry 24 }

   swACLIpRuleSrcMacAddress OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "Specifies that the access will only apply to packets with
             this source MAC address."
        ::= { swACLIpRuleEntry 25 }

    swACLIpRuleEnableReplaceTosPrecedence OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will change priorities of packets that match the access profile
             ToS precedence field or not.
             Replace DSCP and replace ToS precedence can not both be supported.
            "
        ::= { swACLIpRuleEntry 26 }

    swACLIpRuleRepTosPrecedence OBJECT-TYPE
        SYNTAX  INTEGER(0..7)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
             "Specifies a value to be written to the ToS precedence field of an incoming packet
              that meets the criteria specified in the first part of the command.
              This value will over-write the value in the ToS precedence field of the packet."
        ::= { swACLIpRuleEntry 27 }

    swACLIpRuleVID OBJECT-TYPE
        SYNTAX  INTEGER (0..4094)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the VLAN-based rule. There are two conditions:
             1. this rule will apply to all the ports;
             2. packets must belong to this VLAN.

             This object and swACLIpRulePort can not be set together.
             When you set swACLIpRulePort, the value of this object will automatically change to 0.
             And this object can not be set 0."
        ::= { swACLIpRuleEntry 28 }
        
    swACLIpRuleMatchVID OBJECT-TYPE
        SYNTAX  INTEGER (0..4094)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will apply only to packets with
             this VLAN ID. It is applied to the specified ports configured by swACLIpRulePort."
        ::= { swACLIpRuleEntry 29 }

    swACLIpRuleMaskVlan OBJECT-TYPE
        SYNTAX  OCTET STRING(SIZE(2))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the per rule mask for the VLAN as defined in swACLIpRuleVlan object. 
            The value of this object when not in use is the corresponding mask in the profile mask.
            Once the value of this object is modified, the per rule mask will take effect.
            This object is writeable only once.            
            "
        ::= { swACLIpRuleEntry 30 }

    swACLIpRuleMaskSrcIpaddress OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
			"Specifies the per rule mask for the source IP address as defined in swACLIpRuleSrcIpaddress object.
			The value of this object when not in use is the corresponding mask in the profile mask.
            Once the value of this object is modified, the per rule mask will take effect.
            This object is writeable only once.            
			"
        ::= { swACLIpRuleEntry 31 }

    swACLIpRuleMaskDstIpaddress OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
			"Specifies the per rule mask for the destination IP address as defined in swACLIpRuleMaskDstIpaddress object.
			The value of this object when not in use is the corresponding mask in the profile mask.
            Once the value of this object is modified, the per rule mask will take effect.
            This object is writeable only once.            
			"
        ::= { swACLIpRuleEntry 32 }


    swACLIpRuleMaskSrcPort OBJECT-TYPE
        SYNTAX  OCTET STRING(SIZE(2))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
			"Specifies the per rule mask for the L4 source port as defined in swACLIpRuleSrcPort object.
			The value of this object when not in use is the corresponding mask in the profile mask.
            Once the value of this object is modified, the per rule mask will take effect.
            This object is writeable only once.            
			"
        ::= { swACLIpRuleEntry 33 }

    swACLIpRuleMaskDstPort OBJECT-TYPE
        SYNTAX  OCTET STRING(SIZE(2))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
			"Specifies the per rule mask for the L4 destination port as defined in swACLIpRuleDstPort object.
            The value of this object when not in use is the corresponding mask in the profile mask.
            Once the value of this object is modified, the per rule mask will take effect.
            This object is writeable only once.            
            "
        ::= { swACLIpRuleEntry 34 }
        
-- -----------------------------------------------------------------------------
-- swACLPktContRuleTable
-- -----------------------------------------------------------------------------
    swACLPktContRuleTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwACLPktContRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains ACL rules regarding user-defined information."
        ::= { swAclRuleMgmt 3 }

    swACLPktContRuleEntry OBJECT-TYPE
        SYNTAX  SwACLPktContRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about the ACL rule of the user-defined part of each packet."
        INDEX  { swACLPktContRuleProfileID,swACLPktContRuleAccessID }
        ::= { swACLPktContRuleTable 1 }

    SwACLPktContRuleEntry ::=
        SEQUENCE {
            swACLPktContRuleProfileID
                INTEGER,
            swACLPktContRuleAccessID
                INTEGER,
            swACLPktContRuleOffset0to15
                OCTET STRING,
            swACLPktContRuleOffset16to31
                OCTET STRING,
            swACLPktContRuleOffset32to47
                OCTET STRING,
            swACLPktContRuleOffset48to63
                OCTET STRING,
            swACLPktContRuleOffset64to79
                OCTET STRING,
            swACLPktContRuleEnablePriority
                INTEGER,
            swACLPktContRulePriority
                INTEGER,
            swACLPktContRuleReplacePriority
                INTEGER,
            swACLPktContRuleEnableReplaceDscp
                INTEGER,
            swACLPktContRuleRepDscp
                INTEGER,
            swACLPktContRulePermit
                INTEGER,
            swACLPktContRulePort
--                INTEGER,
                PortList,
--            swACLPktContRuleSwAclState
--                INTEGER,
            swACLPktContRuleRowStatus
                RowStatus,
            swACLPktContRuleOwner
                INTEGER,
            swACLPktContRuleRxRate
                INTEGER,
            swACLPktContRuleEnableReplaceTosPrecedence
                INTEGER,
            swACLPktContRuleRepTosPrecedence
                INTEGER,
            swACLPktContRuleVID
                INTEGER
        }
    swACLPktContRuleProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
        ::= { swACLPktContRuleEntry 1 }

    swACLPktContRuleAccessID OBJECT-TYPE
        SYNTAX  INTEGER (0..65535)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the ACL rule entry in relation to the swACLPktContRuleProfileID.
             When row creation is set to 0, an access ID is automatically created
             for the ports in the swACLPktContRulePort to create rule entries
             for swACLPktContRulePort accordingly.
             Set to 1-65535 indicates to creswACLPktContRuleRepDscpate the exact access ID
             for the swACLPktContRulePort. The swACLPktContRulePort must be set to
             one port only, otherwise the row creation will fail."
        ::= { swACLPktContRuleEntry 2 }

    swACLPktContRuleOffset0to15 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the user-defined packet."
        ::= { swACLPktContRuleEntry 3 }

    swACLPktContRuleOffset16to31 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the user-defined packet."
        ::= { swACLPktContRuleEntry 4 }

    swACLPktContRuleOffset32to47 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the user-defined packet."
        ::= { swACLPktContRuleEntry 5 }

    swACLPktContRuleOffset48to63 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the user-defined packet."
        ::= { swACLPktContRuleEntry 6 }

    swACLPktContRuleOffset64to79 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the user-defined packet."
        ::= { swACLPktContRuleEntry 7 }

    swACLPktContRuleEnablePriority OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will apply only to packets with this
             priority value."
        ::= { swACLPktContRuleEntry 8 }

    swACLPktContRulePriority OBJECT-TYPE
        SYNTAX  INTEGER(0..7)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the priority will change for the packets while the swACLPktContRuleReplacePriority
             is enabled ."
        ::= { swACLPktContRuleEntry 9 }

    swACLPktContRuleReplacePriority OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will change priorities of packets that match the access profile
            802.1p priority tag or not."
        ::= { swACLPktContRuleEntry 10 }

    swACLPktContRuleEnableReplaceDscp OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will change priorities of packets that match the access profile
             DSCP field or not.
             Replace DSCP and replace ToS precedence can not both be supported.             "
        ::= { swACLPktContRuleEntry 11 }

    swACLPktContRuleRepDscp OBJECT-TYPE
        SYNTAX  INTEGER(0..63)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a value to be written to the DSCP field of an incoming packet
             that meets the criteria specified in the first part of the command.
             This value will over-write the value in the DSCP field of the packet."
        ::= { swACLPktContRuleEntry 12 }

    swACLPktContRulePermit OBJECT-TYPE
        SYNTAX  INTEGER {
               deny(1),
               permit(2),
               mirror(3),
               lease-renew(4),
               set-drop-precedence(5)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
        "This object indicates if the result of the packet examination is 'permit' or 'deny'.
         The default is 'permit'.
             permit - Specifies that packets matching the access profile are
                      permitted to be forwarded by the switch.
             deny - Specifies that packets matching the access profile
                    are not permitted to be forwarded by the switch and will be filtered.
             mirror - Specifies that the packets matching the access profile are copied to
                      the mirror port.
                      Note : The ACL mirror function will function after mirror is enabled
                      and a mirror port has been configured.
             lease-renew - Specifies the packets matching the access profile are copied to
                           the CPU.
                           Note : After a user enables the port's lease-renew state, all kinds of DHCP packets
                                  (including unicast and broadcast DHCP packets) will be copied to the CPU
                                  (using user ACL mask and rule).
             set-drop-precedence - Specifies that packets matching the access profile are set
                               to drop precedence."
        ::= { swACLPktContRuleEntry 13 }

    swACLPktContRulePort OBJECT-TYPE
--        SYNTAX  INTEGER (1..65535)
        SYNTAX  PortList
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
             "Specifies that the access rule will only apply to port(s).
              This object and swACLPktContRuleVID can not be set together. "
         ::= { swACLPktContRuleEntry 14 }

 --   swACLPktContRuleSwAclState OBJECT-TYPE
 --       SYNTAX  INTEGER {
 --              enable(1),
 --              disable(2)
--              }
--       MAX-ACCESS  read-create
--       STATUS  current
--       DESCRIPTION
--           "Specifies that the access rule will only apply to the software ACL state."
--       ::= { swACLPktContRuleEntry 15 }

    swACLPktContRuleRowStatus OBJECT-TYPE
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swACLPktContRuleEntry 15 }

    swACLPktContRuleOwner OBJECT-TYPE
        SYNTAX  INTEGER {
               any(1),
               acl(2),
               ipbind(3),
               other(4),
               dhcp(5),
               netbios(6),
               ext-netbios(7),
               ismvlan(8),
               dhcp-relay(9),
               pppoe(10),
               arp-spoofing(11),
               bpdu-tunnel(12)
               }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The owner of the ACL rule entry. Only owners can modify this entry."
        ::= { swACLPktContRuleEntry 16 }

   swACLPktContRuleRxRate  OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the rx-rate, 0 denotes no_limit. The maximum value of this object depends on the device."
        ::= { swACLPktContRuleEntry 17 }

    swACLPktContRuleEnableReplaceTosPrecedence OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will change priorities of packets that match the access profile
             ToS precedence field or not.
             Replace DSCP and replace ToS precedence can not both be supported.
            "
        ::= { swACLPktContRuleEntry 18 }

    swACLPktContRuleRepTosPrecedence OBJECT-TYPE
        SYNTAX  INTEGER(0..7)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a value to be written to the ToS precedence field of an incoming packet
             that meets the criteria specified in the first part of the command.
             This value will over-write the value in the ToS precedence field of the packet."
        ::= { swACLPktContRuleEntry 19 }

    swACLPktContRuleVID OBJECT-TYPE
        SYNTAX  INTEGER (0..4094)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies this rule only applies to the specified VLAN. There are two conditions:
             1.only the portlist that belongs to this VLAN will be included;
             2.packets must belong to this VLAN.

             This object and swACLPktContRulePort can not be set together.
             When you set swACLPktContRulePort, the value of this object will automatically change to 0.
             And this object can not be set 0."
        ::= { swACLPktContRuleEntry 20 }

-- -----------------------------------------------------------------------------
-- swACLIpv6RuleTable
-- -----------------------------------------------------------------------------
    swACLIpv6RuleTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwACLIpv6RuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains the IPv6 ACL rule information."
        ::= { swAclRuleMgmt 4 }

    swACLIpv6RuleEntry OBJECT-TYPE
        SYNTAX  SwACLIpv6RuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about ACL rules regarding the IPv6 part of each packet."
        INDEX  { swACLIpv6RuleProfileID,swACLIpv6RuleAccessID }
        ::= { swACLIpv6RuleTable 1 }

    SwACLIpv6RuleEntry ::=
        SEQUENCE {
            swACLIpv6RuleProfileID
                INTEGER,
            swACLIpv6RuleAccessID
                INTEGER,
            swACLIpv6RuleClass
                INTEGER,
            swACLIpv6RuleFlowlabel
                OCTET STRING,
            swACLIpv6RuleSrcIpv6Addr
                Ipv6Address,
            swACLIpv6RuleDstIpv6Addr
                Ipv6Address,
            swACLIpv6RuleEnablePriority
                INTEGER,
            swACLIpv6RulePriority
                INTEGER,
            swACLIpv6RuleReplacePriority
                INTEGER,
            swACLIpv6RulePermit
                INTEGER,
            swACLIpv6RulePort
--                INTEGER,
                PortList,
--            swACLIpv6RuleSwAclState
--                INTEGER,
            swACLIpv6RuleRowStatus
                RowStatus,
            swACLIpv6RuleOwner
                INTEGER,
            swACLIpv6RuleRxRate
                INTEGER,
            swACLIpv6RuleEnableReplaceDscp
                INTEGER,
            swACLIpv6RuleRepDscp
                INTEGER,
            swACLIpv6RuleEnableReplaceTosPrecedence
                INTEGER,
            swACLIpv6RuleRepTosPrecedence
                INTEGER,
            swACLIpv6RuleVID
                INTEGER,
            swACLIpv6RuleProtocol
                INTEGER,
            swACLIpv6RuleSrcPort
                INTEGER,
            swACLIpv6RuleDstPort
                INTEGER,
            swACLIpv6RuleMaskSrcIpv6Addr
                Ipv6Address,
             swACLIpv6RuleMaskDstIpv6Addr
                 Ipv6Address,
            swACLIpv6RuleMaskSrcPort
                OCTET STRING,
            swACLIpv6RuleMaskDstPort
                OCTET STRING                
        }
    swACLIpv6RuleProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
        ::= { swACLIpv6RuleEntry 1 }

    swACLIpv6RuleAccessID OBJECT-TYPE
        SYNTAX  INTEGER (0..65535)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the ACL rule entry relates to swACLIpv6RuleProfileID.
             When row creation is set to 0, this indicates the access ID
             will be assigned automatically for the ports in the swACLIpv6RulePort
             to create rule entries for swACLIpv6RulePort accordingly.
             Set to 1-65535 indicates creation of an access ID for the swACLIpv6RulePort.
             The swACLIpv6RulePort must be set to one port only, otherwise
             the row creation will fail."
        ::= { swACLIpv6RuleEntry 2 }

    swACLIpv6RuleClass OBJECT-TYPE
        SYNTAX  INTEGER (0..255)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the IPv6 class field."
        ::= { swACLIpv6RuleEntry 3 }

    swACLIpv6RuleFlowlabel OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(4))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the IPv6 flow label field."
        ::= { swACLIpv6RuleEntry 4 }

    swACLIpv6RuleSrcIpv6Addr OBJECT-TYPE
        SYNTAX  Ipv6Address
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the source IPv6 address.
            This should be a 16 byte octet string."
        ::= { swACLIpv6RuleEntry 5 }

    swACLIpv6RuleDstIpv6Addr OBJECT-TYPE
        SYNTAX  Ipv6Address
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the destination IPv6 address.
            This should be a 16 byte octet string."
        ::= { swACLIpv6RuleEntry 6 }

    swACLIpv6RuleEnablePriority OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will apply only to packets with
             priority value."
        ::= { swACLIpv6RuleEntry 7 }

    swACLIpv6RulePriority OBJECT-TYPE
        SYNTAX  INTEGER(0..7)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the priority will change in packets while the swACLIpv6RuleReplacePriority
             is enabled."
        ::= { swACLIpv6RuleEntry 8 }

    swACLIpv6RuleReplacePriority OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will change priorities of packets that match the access profile
             802.1p priority tag or not."
        ::= { swACLIpv6RuleEntry 9 }

    swACLIpv6RulePermit OBJECT-TYPE
        SYNTAX  INTEGER {
               deny(1),
               permit(2),
               mirror(3),
               set-drop-precedence(5)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
        "This object indicates if the result of the packet examination is 'permit' or 'deny'.
         The default is 'permit'.
             permit - Specifies that packets matching the access profile are
                      permitted to be forwarded by the switch.
             deny - Specifies that packets matching the access profile
                    are not permitted to be forwarded by the switch and will be filtered.
             mirror - Specifies that the packets matching the access profile are copied to
                      the mirror port.
                      Note : The ACL mirror function will function after mirror has been enabled
                      and a mirror port has been configured.
             set-drop-precedence - Specifies the packets matching the access profile are set
                               to drop precedence."
        ::= { swACLIpv6RuleEntry 10 }

    swACLIpv6RulePort OBJECT-TYPE
--        SYNTAX  INTEGER (1..65535)
        SYNTAX  PortList
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will apply only to port(s).
             This object and swACLIpv6RuleVID can not be set together. "
        ::= { swACLIpv6RuleEntry 11 }

--    swACLIpv6RuleSwAclState OBJECT-TYPE
--        SYNTAX  INTEGER {
--               enable(1),
--               disable(2)
--               }
--        MAX-ACCESS  read-create
--        STATUS  current
--        DESCRIPTION
--            "Specifies that the access rule will only apply to the software ACL state."
--        ::= { swACLIpv6RuleEntry 13 }

    swACLIpv6RuleRowStatus OBJECT-TYPE
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swACLIpv6RuleEntry 12 }

    swACLIpv6RuleOwner OBJECT-TYPE
        SYNTAX  INTEGER {
               any(1),
               acl(2),
               ipbind(3),
               other(4),
               dhcp(5),
               netbios(6),
               ext-netbios(7),
               ismvlan(8),
               dhcp-relay(9),
               pppoe(10),
               arp-spoofing(11),
               bpdu-tunnel(12)
               }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The owner of the ACL rule entry. Only owners can modify this entry."
        ::= { swACLIpv6RuleEntry 13 }

   swACLIpv6RuleRxRate  OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the rx-rate, 0 denotes no_limit. The maximum value of this object depends on the device."
        ::= { swACLIpv6RuleEntry 14 }

    swACLIpv6RuleEnableReplaceDscp OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will change priorities of packets that match the access profile
             DSCP field or not.
             Replace DSCP and replace ToS precedence can not both be supported.
            "
        ::= { swACLIpv6RuleEntry 15 }

    swACLIpv6RuleRepDscp OBJECT-TYPE
        SYNTAX  INTEGER(0..63)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a value to be written to the DSCP field of an incoming packet
             that meets the criteria specified in the first part of the command.
             This value will over-write the value in the DSCP field of the packet."
        ::= { swACLIpv6RuleEntry 16 }

    swACLIpv6RuleEnableReplaceTosPrecedence OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will change priorities of packets that match the access profile
             ToS precedence field or not.
             Replace DSCP and replace ToS precedence can not both be supported.
            "
        ::= { swACLIpv6RuleEntry 17 }

    swACLIpv6RuleRepTosPrecedence OBJECT-TYPE
        SYNTAX  INTEGER(0..7)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a value to be written to the ToS precedence field of an incoming packet
             that meets the criteria specified in the first part of the command.
             This value will over-write the value in the ToS precedence field of the packet."
        ::= { swACLIpv6RuleEntry 18 }

     swACLIpv6RuleVID OBJECT-TYPE
        SYNTAX  INTEGER (0..4094)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies this rule only applies to the specified VLAN. There are two conditions:
             1.only the portlist that belongs to this VLAN will be included;
             2.packets must belong to this VLAN.

             This object and swACLIpv6RulePort can not be set together.
             When you set swACLIpv6RulePort, the value of this object will automatically change to 0.
             And this object can not be set 0."
        ::= { swACLIpv6RuleEntry 19 }

    swACLIpv6RuleProtocol OBJECT-TYPE
        SYNTAX  INTEGER {
               none(1),
               tcp(2),
               udp(3)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the IPv6 protocol.
             For some older chips, this object can not be set. When getting this object,
             it always returns the type which has been configured in swACLIpv6Entry.

             For some newer chips, this object can only set the type which
             has been configured in swACLIpv6Entry. The default value is none (1).
            "
        ::= { swACLIpv6RuleEntry 20 }

    swACLIpv6RuleSrcPort OBJECT-TYPE
        SYNTAX  INTEGER(0..65535)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the range of the TCP/UDP source ports."
        ::= { swACLIpv6RuleEntry 21 }

    swACLIpv6RuleDstPort OBJECT-TYPE
        SYNTAX  INTEGER(0..65535)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the TCP/UDP destination ports range."
        ::= { swACLIpv6RuleEntry 22 }
        
    swACLIpv6RuleMaskSrcIpv6Addr OBJECT-TYPE
        SYNTAX  Ipv6Address
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the per rule mask of swACLIpv6RuleSrcIpv6Addr.
            This should be a 16 byte octet string.
            The value of this object when not in use is the corresponding mask in the profile mask.
            Once the value of this object is modified, the per rule mask will take effect.
            This object is writeable only once.            
            "
        ::= { swACLIpv6RuleEntry 23 }

     swACLIpv6RuleMaskDstIpv6Addr OBJECT-TYPE
         SYNTAX  Ipv6Address
         MAX-ACCESS  read-create
         STATUS  current
         DESCRIPTION
             "Specifies that the rule applies to the destination IPv6 address.
             This should be a 16 byte octet string."
         ::= { swACLIpv6RuleEntry 24 }

    swACLIpv6RuleMaskSrcPort OBJECT-TYPE
        SYNTAX  OCTET STRING(SIZE(2))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the per rule mask of swACLIpv6RuleSrcPort.
            The value of this object when not in use is the corresponding mask in the profile mask.
            Once the value of this object is modified, the per rule mask will take effect.
            This object is writeable only once.            
            "
        ::= { swACLIpv6RuleEntry 25 }

    swACLIpv6RuleMaskDstPort OBJECT-TYPE
        SYNTAX  OCTET STRING(SIZE(2))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the per rule mask of swACLIpv6RuleDstPort.
            The value of this object when not in use is the corresponding mask in the profile mask.
            Once the value of this object is modified, the per rule mask will take effect.
            This object is writeable only once.            
            "
        ::= { swACLIpv6RuleEntry 26 }        

-- -----------------------------------------------------------------------------
--swIBPACLEtherRuleTable
-- -----------------------------------------------------------------------------
    swIBPACLEtherRuleTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwIBPACLEtherRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  obsolete
        DESCRIPTION
            "This table contains IP-MAC-Binding Ethernet ACL Rule information."
        ::= { swAclRuleMgmt 5 }

    swIBPACLEtherRuleEntry OBJECT-TYPE
        SYNTAX  SwIBPACLEtherRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  obsolete
        DESCRIPTION
            "A list of information about the ACL rule of the layer 2 part of each packet."
        INDEX  { swIBPACLEtherRuleProfileID,swIBPACLEtherRuleAccessID }
        ::= { swIBPACLEtherRuleTable 1 }

    SwIBPACLEtherRuleEntry ::=
        SEQUENCE {
            swIBPACLEtherRuleProfileID
                INTEGER,
            swIBPACLEtherRuleAccessID
                INTEGER,
            swIBPACLEtherRuleEtherType
                OCTET STRING,
            swIBPACLEtherRulePermit
                INTEGER,
            swIBPACLEtherRulePort
                  PortList
        }
    swIBPACLEtherRuleProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "The ID of the ACL mask entry, unique in the mask list. The maximum value of this object depends on the device."
        ::= { swIBPACLEtherRuleEntry 1 }

    swIBPACLEtherRuleAccessID OBJECT-TYPE
        SYNTAX  INTEGER (0..65535)
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "The ID of the ACL rule entry in relation to swACLEtherRuleProfileID.
            When row creation is set to 0, this indicates automatically assigning an Access
            for the ports in the swACLEtherRulePort  to create rule entries for swACLEtherRulePort
            accordingly.
            Set to 1-65535 indicates to create the exact access ID for the swACLEtherRulePort
            and the swACLEtherRulePort must set one port only, otherwise the row creation will
            fail."
        ::= { swIBPACLEtherRuleEntry 2 }

    swIBPACLEtherRuleEtherType OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE (2))
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "Specifies that the access rule will apply only to packets with this
             802.1Q Ethernet type value in the packet header."
        ::= { swIBPACLEtherRuleEntry 3 }

    swIBPACLEtherRulePermit OBJECT-TYPE
        SYNTAX  INTEGER {
               deny(1),
               permit(2)
               }
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "This object indicates if the result of the examination is 'permit' or 'deny'.
             The default is 'permit' (1).
             permit - Specifies that packets that match the access profile are
                      permitted to be forwarded by the switch.
             deny - Specifies that packets that match the access profile
                    are not permitted to be forwarded by the switch and will be filtered."
        ::= { swIBPACLEtherRuleEntry 4 }

    swIBPACLEtherRulePort OBJECT-TYPE
        SYNTAX  PortList
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "Specifies that the access rule will only apply to port(s)."
        ::= { swIBPACLEtherRuleEntry 5 }

-- -----------------------------------------------------------------------------
--swIBPACLIpRuleTable
-- -----------------------------------------------------------------------------
    swIBPACLIpRuleTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwIBPACLIpRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  obsolete
        DESCRIPTION
            ""
        ::= { swAclRuleMgmt 6 }

    swIBPACLIpRuleEntry OBJECT-TYPE
        SYNTAX  SwIBPACLIpRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  obsolete
        DESCRIPTION
            ""
        INDEX  { swIBPACLIpRuleProfileID , swIBPACLIpRuleAccessID }
        ::= { swIBPACLIpRuleTable 1 }

    SwIBPACLIpRuleEntry ::=
        SEQUENCE {
            swIBPACLIpRuleProfileID
                INTEGER,
            swIBPACLIpRuleAccessID
                INTEGER,
            swIBPACLIpRuleSrcMacAddress
                MacAddress,
            swIBPACLIpRuleSrcIpaddress
                IpAddress,
            swIBPACLIpRulePermit
                INTEGER,
            swIBPACLIpRulePort
                PortList
        }
    swIBPACLIpRuleProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "The ID of the ACL mask entry, unique in the mask list. The maximum value of this object depends on the device."
        ::= { swIBPACLIpRuleEntry 1 }

    swIBPACLIpRuleAccessID OBJECT-TYPE
        SYNTAX  INTEGER (0..65535)
        MAX-ACCESS  read-only   --read-create
        STATUS  obsolete
        DESCRIPTION
            "The ID of the ACL rule entry in relation to swACLIPRuleProfileID.
            When the row creation is set to 0, this indicates assigning an access ID automatically
            for the ports in the swACLIpRulePort  to create rule entries for swACLIpRulePort
            accordingly.
            Set to 1-65535 indicates to create the exact access ID for the swACLIpRulePort
            and the swACLIpRulePort must be set for one port only, otherwise the row creation will
            fail."
        ::= { swIBPACLIpRuleEntry 2 }

   swIBPACLIpRuleSrcMacAddress OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "Specifies that the access rule will apply to only packets with
             this source MAC address."
        ::= { swIBPACLIpRuleEntry 3 }

    swIBPACLIpRuleSrcIpaddress OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "Specifies an IP source address."
        ::= { swIBPACLIpRuleEntry 4 }

    swIBPACLIpRulePermit OBJECT-TYPE
        SYNTAX  INTEGER {
               deny(1),
               permit(2)
               }
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "This object indicates if the result of the examination is 'permit' or 'deny'; the default is 'permit' (1)
             permit - Specifies that packets that match the access profile are
                      permitted to be forwarded by the switch.
             deny - Specifies that packets that match the access profile
                    are not permitted to be forwarded by the switch and will be filtered."
        ::= { swIBPACLIpRuleEntry 5 }

    swIBPACLIpRulePort OBJECT-TYPE
        SYNTAX  PortList
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "Specifies that the access rule will only apply to port(s)."
        ::= { swIBPACLIpRuleEntry 6 }

-- -----------------------------------------------------------------------------
--swACLPktContRuleOptionTable
-- -----------------------------------------------------------------------------
    swACLPktContRuleOptionTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwACLPktContRuleOptionEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains user-defined ACL information."
        ::= { swAclRuleMgmt 7 }

    swACLPktContRuleOptionEntry OBJECT-TYPE
        SYNTAX  SwACLPktContRuleOptionEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about the ACL rule regarding the user-defined part of each packet."
        INDEX  { swACLPktContRuleOptionProfileID,swACLPktContRuleOptionAccessID }
        ::= { swACLPktContRuleOptionTable 1 }

    SwACLPktContRuleOptionEntry ::=
        SEQUENCE {
            swACLPktContRuleOptionProfileID
                INTEGER,
            swACLPktContRuleOptionAccessID
                INTEGER,
           swACLPktContRuleOffsetChunk1OffsetValue
               INTEGER,
           swACLPktContRuleOffsetChunk1Content
               OCTET STRING,
           swACLPktContRuleOffsetChunk2OffsetValue
               INTEGER,
           swACLPktContRuleOffsetChunk2Content
               OCTET STRING,
           swACLPktContRuleOffsetChunk3OffsetValue
               INTEGER,
           swACLPktContRuleOffsetChunk3Content
               OCTET STRING,
           swACLPktContRuleOffsetChunk4OffsetValue
               INTEGER,
           swACLPktContRuleOffsetChunk4Content
               OCTET STRING,
            swACLPktContRuleOptionEnablePriority
                INTEGER,
            swACLPktContRuleOptionPriority
                INTEGER,
            swACLPktContRuleOptionReplacePriority
                INTEGER,
            swACLPktContRuleOptionEnableReplaceDscp
                INTEGER,
            swACLPktContRuleOptionRepDscp
                INTEGER,
            swACLPktContRuleOptionPermit
                INTEGER,
            swACLPktContRuleOptionPort
                PortList,
            swACLPktContRuleOptionRowStatus
                RowStatus,
            swACLPktContRuleOptionOwner
                INTEGER,
            swACLPktContRuleOptionRxRate
                INTEGER,
            swACLPktContRuleOptionEnableReplaceTosPrecedence
                INTEGER,
            swACLPktContRuleOptionRepTosPrecedence
                INTEGER,
            swACLPktContRuleOptionVID
                INTEGER
        }
    swACLPktContRuleOptionProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
        ::= { swACLPktContRuleOptionEntry 1 }

    swACLPktContRuleOptionAccessID OBJECT-TYPE
        SYNTAX  INTEGER (0..65535)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the ACL rule entry in relation to the swACLPktContRuleProfileID.
             When row creation is set to 0, access ID is automatically created
             for the ports in the swACLPktContRulePort to create rule entries
             for swACLPktContRulePort accordingly.
             Set to 1-65535 indicates to creswACLPktContRuleRepDscpate the exact access ID
             for the swACLPktContRulePort. The swACLPktContRulePort must be set to
             one port only, otherwise the row creation will fail."
        ::= { swACLPktContRuleOptionEntry 2 }

   swACLPktContRuleOffsetChunk1OffsetValue  OBJECT-TYPE
        SYNTAX  INTEGER (0..31)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "Displays the frame content offset of chunk1."
        ::= { swACLPktContRuleOptionEntry 3 }

   swACLPktContRuleOffsetChunk1Content  OBJECT-TYPE
       SYNTAX  OCTET STRING (SIZE(4))
       MAX-ACCESS  read-create
       STATUS  current
       DESCRIPTION
           "Specifies the frame content of chunk1."
       ::= { swACLPktContRuleOptionEntry 4 }

   swACLPktContRuleOffsetChunk2OffsetValue  OBJECT-TYPE
        SYNTAX  INTEGER (0..31)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "Displays the frame content offset of chunk2."
        ::= { swACLPktContRuleOptionEntry 5 }

    swACLPktContRuleOffsetChunk2Content  OBJECT-TYPE
       SYNTAX  OCTET STRING (SIZE(4))
       MAX-ACCESS  read-create
       STATUS  current
       DESCRIPTION
           "Specifies the frame content of chunk2."
       ::= { swACLPktContRuleOptionEntry 6 }

    swACLPktContRuleOffsetChunk3OffsetValue  OBJECT-TYPE
        SYNTAX  INTEGER (0..31)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "Displays the frame content offset of chunk3."
        ::= { swACLPktContRuleOptionEntry 7 }

    swACLPktContRuleOffsetChunk3Content  OBJECT-TYPE
       SYNTAX  OCTET STRING (SIZE(4))
       MAX-ACCESS  read-create
       STATUS  current
       DESCRIPTION
           "Specifies the frame content of chunk3."
       ::= { swACLPktContRuleOptionEntry 8 }

     swACLPktContRuleOffsetChunk4OffsetValue  OBJECT-TYPE
        SYNTAX  INTEGER (0..31)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "Displays the frame content offset of chunk4."
        ::= { swACLPktContRuleOptionEntry 9 }

     swACLPktContRuleOffsetChunk4Content  OBJECT-TYPE
       SYNTAX  OCTET STRING (SIZE(4))
       MAX-ACCESS  read-create
       STATUS  current
       DESCRIPTION
           "Specifies the frame content of chunk4."
       ::= { swACLPktContRuleOptionEntry 10 }

    swACLPktContRuleOptionEnablePriority OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will only apply to packets with this
             priority value."
        ::= { swACLPktContRuleOptionEntry 11 }

    swACLPktContRuleOptionPriority OBJECT-TYPE
        SYNTAX  INTEGER(0..7)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the priority will change for the packets while the swACLPktContRuleReplacePriority
         is enabled ."
        ::= { swACLPktContRuleOptionEntry 12 }

    swACLPktContRuleOptionReplacePriority OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will change priorities of packets that match the access profile
            802.1p priority tag or not."
        ::= { swACLPktContRuleOptionEntry 13 }

    swACLPktContRuleOptionEnableReplaceDscp OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will change priorities of packets that match the access profile
             DSCP field or not.
             Replace DSCP and replace ToS precedence can not both be supported.                 "
        ::= { swACLPktContRuleOptionEntry 14 }

    swACLPktContRuleOptionRepDscp OBJECT-TYPE
        SYNTAX  INTEGER(0..63)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a value to be written to the DSCP field of an incoming packet
             that meets the criteria specified in the first part of the command.
             This value will over-write the value in the DSCP field of the packet."
        ::= { swACLPktContRuleOptionEntry 15 }

    swACLPktContRuleOptionPermit OBJECT-TYPE
        SYNTAX  INTEGER {
               deny(1),
               permit(2),
               mirror(3)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates if the result of the packet examination is 'permit' or 'deny'.
             The default is 'permit'.
             permit - Specifies that packets that match the access profile are
                      permitted to be forwarded by the switch.
             deny - Specifies that packets that match the access profile
                    are not permitted to be forwarded by the switch and will be filtered.
             mirror - Specifies that the packets that match the access profile are copied to
                      the mirror port.
                      Note: The ACL mirror function will function after mirror is enabled
                      and a mirror port has been configured."
        ::= { swACLPktContRuleOptionEntry 16 }

    swACLPktContRuleOptionPort OBJECT-TYPE
        SYNTAX  PortList
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
             "Specifies that the access rule will only apply to port(s).
              This object and swACLPktContRuleOptionVID can not be set together. "
         ::= { swACLPktContRuleOptionEntry 17 }

    swACLPktContRuleOptionRowStatus OBJECT-TYPE
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swACLPktContRuleOptionEntry 18 }

    swACLPktContRuleOptionOwner OBJECT-TYPE
        SYNTAX  INTEGER {
               any(1),
               acl(2),
               ipbind(3),
               other(4),
               dhcp(5),
               netbios(6),
               ext-netbios(7),
               ismvlan(8),
               dhcp-relay(9),
               pppoe(10),
               arp-spoofing(11),
               bpdu-tunnel(12)
               }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The owner of the ACL rule entry. Only owners can modify this entry."
        ::= { swACLPktContRuleOptionEntry 19 }

   swACLPktContRuleOptionRxRate  OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the rx-rate, 0 denotes no_limit. The maximum value of this object depends on the device."
        ::= { swACLPktContRuleOptionEntry 20 }

    swACLPktContRuleOptionEnableReplaceTosPrecedence OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will change priorities of packets that match the access profile
             ToS precedence field or not.
             Replace DSCP and replace ToS precedence can not both be supported.
            "
        ::= { swACLPktContRuleOptionEntry 21 }

    swACLPktContRuleOptionRepTosPrecedence OBJECT-TYPE
        SYNTAX  INTEGER(0..7)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a value to be written to the ToS precedence field of an incoming packet
             that meets the criteria specified in the first part of the command.
             This value will over-write the value in the ToS precedence field of the packet."
        ::= { swACLPktContRuleOptionEntry 22 }

    swACLPktContRuleOptionVID OBJECT-TYPE
        SYNTAX  INTEGER (0..4094)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies this rule only applies to the specified VLAN. There are two conditions:
             1.only the portlist that belongs to this VLAN will be included;
             2.packets must belong to this VLAN.

             This object and swACLPktContRuleOptionPort can not be set together.
             When you set swACLPktContRuleOptionPort, the value of this object will automatically change to 0.
             And this object can not be set 0."
        ::= { swACLPktContRuleOptionEntry 23 }
        
        
        

-- -----------------------------------------------------------------------------
-- swACLCounterTable
-- -----------------------------------------------------------------------------
       swACLCounterTable OBJECT-TYPE
           SYNTAX      SEQUENCE OF SwACLCounterEntry
           MAX-ACCESS  not-accessible
           STATUS      current
           DESCRIPTION
               "This table maintains counter information associated with a specific
                rule in the ACL rule table. Please refer to the swACLEtherRuleTable,
                swACLIpRuleTable, swACLIpv6RuleTable and swACLPktContRuleTable
                for detailed ACL rule information."
           ::= { swAclRuleMgmt 8 }

       swACLCounterEntry OBJECT-TYPE
           SYNTAX      SwACLCounterEntry
           MAX-ACCESS  not-accessible
           STATUS      current
           DESCRIPTION
               "The entry maintains counter information associated with the ACL
                rule table."
           INDEX { swACLCounterProfileID, swACLCounterAccessID}
           ::= { swACLCounterTable 1 }

       SwACLCounterEntry ::=
           SEQUENCE {
               swACLCounterProfileID
                   INTEGER,
               swACLCounterAccessID
                   INTEGER,
               swACLCounterState
                   INTEGER,
               swACLCounterTotalCounter
                   Counter64,
               swACLCounterGreenCounter
                   Counter64,
               swACLCounterYellowCounter
                   Counter64,
               swACLCounterRedCounter
                   Counter64
           }

    swACLCounterProfileID OBJECT-TYPE
        SYNTAX      INTEGER
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "The ID of the ACL mask entry, which is unique in the mask
             list."
        ::= { swACLCounterEntry 1 }

    swACLCounterAccessID OBJECT-TYPE
        SYNTAX      INTEGER(1..65535)
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "The ID of the ACL rule entry as related to the
             swACLCounterProfileID."
        ::= { swACLCounterEntry 2 }

    swACLCounterState OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
            "Specifies whether the counter feature will be enabled/disabled.
             1. This is optional. The default is disable.
             2. If the rule is not bound with flow_meter, then all packets that match will be counted.
             If the rule is bound with flow_meter, then the 'counter' will be overridden.
             "
        ::= { swACLCounterEntry 3 }

    swACLCounterTotalCounter OBJECT-TYPE
        SYNTAX  Counter64
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The number of matched packets."
        ::= { swACLCounterEntry 4 }

    swACLCounterGreenCounter OBJECT-TYPE
        SYNTAX  Counter64
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The number of matched green packets."
        ::= { swACLCounterEntry 5 }

    swACLCounterYellowCounter OBJECT-TYPE
        SYNTAX  Counter64
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The number of matched yellow packets."
        ::= { swACLCounterEntry 6 }

    swACLCounterRedCounter OBJECT-TYPE
        SYNTAX  Counter64
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The number of matched red packets."
        ::= { swACLCounterEntry 7 }
        

-- -----------------------------------------------------------------------------
-- swACLPktContRuleOption2
-- -----------------------------------------------------------------------------
                
swACLPktContRuleOption2              OBJECT IDENTIFIER ::= { swAclRuleMgmt 10 }            
                
-- -----------------------------------------------------------------------------
--swACLPktContRuleOption2Table
-- -----------------------------------------------------------------------------
    swACLPktContRuleOption2Table OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwACLPktContRuleOption2Entry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains user-defined ACL information for option 2 type
            of packet contnet syntax.
            
		 	To qualify the data of a packet content field with respect to an offset, an entry in the
		 	swACLPktContRuleOption2OffsetsTable must be created first. 
		 	
		 	On row creation, all entries in the corresponding profile defined in the
		 	swACLPktContRuleOption2OffsetsTable will be associated to the ACL rule.            
            "
        ::= { swACLPktContRuleOption2 1 }

    swACLPktContRuleOption2Entry OBJECT-TYPE
        SYNTAX  SwACLPktContRuleOption2Entry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about the ACL rule regarding the user-defined part of each packet."
        INDEX  { swACLPktContRuleOption2ProfileID,swACLPktContRuleOption2AccessID }
        ::= { swACLPktContRuleOption2Table 1 }

    SwACLPktContRuleOption2Entry ::=
        SEQUENCE {
            swACLPktContRuleOption2ProfileID
                INTEGER,
            swACLPktContRuleOption2AccessID
                INTEGER,
            swACLPktContRuleOption2SrcMac
                MacAddress,
            swACLPktContRuleOption2DstMac
                MacAddress,
            swACLPktContRuleOption2CTag
                OCTET STRING,
            swACLPktContRuleOption2STag
                OCTET STRING,
            swACLPktContRuleOption2EnablePriority
                INTEGER,
            swACLPktContRuleOption2Priority
                INTEGER,
            swACLPktContRuleOption2ReplacePriority
                INTEGER,
            swACLPktContRuleOption2EnableReplaceDscp
                INTEGER,
            swACLPktContRuleOption2RepDscp
                INTEGER,
            swACLPktContRuleOption2Permit
                INTEGER,
            swACLPktContRuleOption2Port
                PortList,
            swACLPktContRuleOption2Owner
                INTEGER,
            swACLPktContRuleOption2EnableReplaceTosPrecedence
                INTEGER,
            swACLPktContRuleOption2RepTosPrecedence
                INTEGER,
            swACLPktContRuleOption2VID
                INTEGER,
            swACLPktContRuleOption2RowStatus
                RowStatus,
            swACLPktContRuleOption2MaskSrcMac
                MacAddress,
            swACLPktContRuleOption2MaskDstMac
                MacAddress,
            swACLPktContRuleOption2MaskCTag
                OCTET STRING,
            swACLPktContRuleOption2MaskSTag
                OCTET STRING                                
        }
        
    swACLPktContRuleOption2ProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
        ::= { swACLPktContRuleOption2Entry 1 }

    swACLPktContRuleOption2AccessID OBJECT-TYPE
        SYNTAX  INTEGER (0..65535)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the ACL rule entry in relation to the swACLPktContRuleOption2ProfileID.
             When row creation is set to 0, access ID is automatically assigned.
			"
        ::= { swACLPktContRuleOption2Entry 2 }
        
        
    swACLPktContRuleOption2SrcMac OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will apply to only packets with
             this source MAC address."
        ::= { swACLPktContRuleOption2Entry 3 }        
        
        
    swACLPktContRuleOption2DstMac OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will apply to only packets with
             this destination MAC address."
        ::= { swACLPktContRuleOption2Entry 4 }   
        
   swACLPktContRuleOption2CTag  OBJECT-TYPE
       SYNTAX  OCTET STRING (SIZE(2))
       MAX-ACCESS  read-create
       STATUS  current
       DESCRIPTION
           "Specifies the frame content of the customer VLAN tag, valid values are only from 0x0000 to 0xFFFF."
       ::= { swACLPktContRuleOption2Entry 5 }        
        
   swACLPktContRuleOption2STag  OBJECT-TYPE
       SYNTAX  OCTET STRING (SIZE(2))
       MAX-ACCESS  read-create
       STATUS  current
       DESCRIPTION
           "Specifies the frame content of the service VLAN tag, valid values are only from 0x0000 to 0xFFFF."
       ::= { swACLPktContRuleOption2Entry 6 }                             

   
    swACLPktContRuleOption2EnablePriority OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will only apply to packets with this
             priority value."
        ::= { swACLPktContRuleOption2Entry 7 }

    swACLPktContRuleOption2Priority OBJECT-TYPE
        SYNTAX  INTEGER(0..7)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the priority will change for the packets while the swACLPktContRuleOption2ReplacePriority
         is enabled ."
        ::= { swACLPktContRuleOption2Entry 8 }

    swACLPktContRuleOption2ReplacePriority OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will change priorities of packets that match the access profile
            802.1p priority tag or not."
        ::= { swACLPktContRuleOption2Entry 9 }

    swACLPktContRuleOption2EnableReplaceDscp OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will change priorities of packets that match the access profile
             DSCP field or not.
             Replace DSCP and replace ToS precedence can not both be supported.                 "
        ::= { swACLPktContRuleOption2Entry 10 }

    swACLPktContRuleOption2RepDscp OBJECT-TYPE
        SYNTAX  INTEGER(0..63)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a value to be written to the DSCP field of an incoming packet
             that meets the criteria specified in the first part of the command.
             This value will over-write the value in the DSCP field of the packet."
        ::= { swACLPktContRuleOption2Entry 11 }

    swACLPktContRuleOption2Permit OBJECT-TYPE
        SYNTAX  INTEGER {
               deny(1),
               permit(2),
               mirror(3)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates if the result of the packet examination is 'permit' or 'deny'.
             The default is 'permit'.
             permit - Specifies that packets that match the access profile are
                      permitted to be forwarded by the switch.
             deny - Specifies that packets that match the access profile
                    are not permitted to be forwarded by the switch and will be filtered.
             mirror - Specifies that the packets that match the access profile are copied to
                      the mirror port.
                      Note: The ACL mirror function will function after mirror is enabled
                      and a mirror port has been configured."
        ::= { swACLPktContRuleOption2Entry 12 }

    swACLPktContRuleOption2Port OBJECT-TYPE
        SYNTAX  PortList
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
             "Specifies that the access rule will only apply to port(s).
              This object and swACLPktContRuleOption2VID can not be set together. "
         ::= { swACLPktContRuleOption2Entry 13 }



    swACLPktContRuleOption2Owner OBJECT-TYPE
        SYNTAX  INTEGER {
               any(1),
               acl(2),
               ipbind(3),
               other(4),
               dhcp(5),
               netbios(6),
               ext-netbios(7),
               ismvlan(8),
               dhcp-relay(9),
               pppoe(10),
               arp-spoofing(11),
               bpdu-tunnel(12)
               }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The owner of the ACL rule entry. Only owners can modify this entry."
        ::= { swACLPktContRuleOption2Entry 17}

    swACLPktContRuleOption2EnableReplaceTosPrecedence OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will change priorities of packets that match the access profile
             ToS precedence field or not.
             Replace DSCP and replace ToS precedence can not both be supported.
            "
        ::= { swACLPktContRuleOption2Entry 18 }

    swACLPktContRuleOption2RepTosPrecedence OBJECT-TYPE
        SYNTAX  INTEGER(0..7)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a value to be written to the ToS precedence field of an incoming packet
             that meets the criteria specified in the first part of the command.
             This value will over-write the value in the ToS precedence field of the packet."
        ::= { swACLPktContRuleOption2Entry 19 }

    swACLPktContRuleOption2VID OBJECT-TYPE
        SYNTAX  INTEGER (0..4094)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies this rule only applies to the specified VLAN. There are two conditions:
             1.only the portlist that belongs to this VLAN will be included;
             2.packets must belong to this VLAN.

             This object and swACLPktContRuleOption2Port can not be set together.
             When you set swACLPktContRuleOption2Port, the value of this object will automatically change to 0.
             And this object can not be set 0."
        ::= { swACLPktContRuleOption2Entry 20 }      
        
    swACLPktContRuleOption2RowStatus OBJECT-TYPE
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swACLPktContRuleOption2Entry 21 }      
        
    swACLPktContRuleOption2MaskSrcMac OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the per rule mask of source MAC address field as defined in swACLPktContRuleOption2SrcMac object
            The value of this object when not in use is the corresponding mask in the profile mask.
            Once the value of this object is modified, the per rule mask will take effect.
            "
        ::= { swACLPktContRuleOption2Entry 22 }        
        
        
    swACLPktContRuleOption2MaskDstMac OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the per rule mask of source MAC address field as defined in swACLPktContRuleOption2DstMac object
            The value of this object when not in use is the corresponding mask in the profile mask.
            Once the value of this object is modified, the per rule mask will take effect.
            "
        ::= { swACLPktContRuleOption2Entry 23 }   
        
   swACLPktContRuleOption2MaskCTag  OBJECT-TYPE
       SYNTAX  OCTET STRING (SIZE(2))
       MAX-ACCESS  read-create
       STATUS  current
       DESCRIPTION
            "Specifies the per rule mask of the customer VLAN tag field as defined in swACLPktContRuleOption2CTag object
            The value of this object when not in use is the corresponding mask in the profile mask.
            Once the value of this object is modified, the per rule mask will take effect.
            "
       ::= { swACLPktContRuleOption2Entry 24 }        
        
   swACLPktContRuleOption2MaskSTag  OBJECT-TYPE
       SYNTAX  OCTET STRING (SIZE(2))
       MAX-ACCESS  read-create
       STATUS  current
       DESCRIPTION
            "Specifies the per rule mask of the service VLAN tag field as defined in swACLPktContRuleOption2STag object
            The value of this object when not in use is the corresponding mask in the profile mask.
            Once the value of this object is modified, the per rule mask will take effect.
            "
       ::= { swACLPktContRuleOption2Entry 25 }       



        
-- -----------------------------------------------------------------------------
--swACLPktContRuleOption2OffsetsTable
-- -----------------------------------------------------------------------------
    swACLPktContRuleOption2OffsetsTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwACLPktContRuleOption2OffsetsEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains the ACL rules for the individual packet 
            content offset user-defined option 2 information. 
            
			Entries created in this table will not set into the TCAM until a 
			valid entry in the swACLPktContMaskOption2Table is created.            
			"
        ::= { swACLPktContRuleOption2 2 }

    swACLPktContRuleOption2OffsetsEntry OBJECT-TYPE
        SYNTAX  SwACLPktContRuleOption2OffsetsEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about the ACL rule regarding the user-defined part of each packet."
        INDEX  { swACLPktContRuleOption2OffsetsProfileID,swACLPktContRuleOption2OffsetsAccessID,swACLPktContRuleOption2OffsetsNum }
        ::= { swACLPktContRuleOption2OffsetsTable 1 }

    SwACLPktContRuleOption2OffsetsEntry ::=
        SEQUENCE {
            swACLPktContRuleOption2OffsetsProfileID
                INTEGER,
            swACLPktContRuleOption2OffsetsAccessID
                INTEGER,
			swACLPktContRuleOption2OffsetsNum
				INTEGER,
			swACLPktContRuleOption2OffsetsData
				OCTET STRING,
            swACLPktContRuleOption2OffsetsRowStatus
                RowStatus,
      		swACLPktContRuleOption2OffsetsMask
      			OCTET STRING                      
        }
        
    swACLPktContRuleOption2OffsetsProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ACL profile id to which this packet content field entry will be associated."
        ::= { swACLPktContRuleOption2OffsetsEntry 1 }

    swACLPktContRuleOption2OffsetsAccessID OBJECT-TYPE
        SYNTAX  INTEGER (0..65535)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ACL access id to which this packet content field entry will be associated."
        ::= { swACLPktContRuleOption2OffsetsEntry 2 }        
            
    swACLPktContRuleOption2OffsetsNum OBJECT-TYPE
        SYNTAX  INTEGER (1..11)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The sequence number of the packet content field to qualify the packet content."
        ::= { swACLPktContRuleOption2OffsetsEntry 3 } 
        
    swACLPktContRuleOption2OffsetsData OBJECT-TYPE
        SYNTAX  OCTET STRING(SIZE(2))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "The data of the packet content field."
        ::= { swACLPktContRuleOption2OffsetsEntry 4 }         
        
        
    swACLPktContRuleOption2OffsetsRowStatus OBJECT-TYPE
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swACLPktContRuleOption2OffsetsEntry 5 }         
        
   swACLPktContRuleOption2OffsetsMask  OBJECT-TYPE
       SYNTAX  OCTET STRING (SIZE(2))
       MAX-ACCESS  read-create
       STATUS  current
       DESCRIPTION
           "Specifies the per rule mask of the frame content of each packet content offset field.
           The value of this object when not in use is the corresponding mask in the profile mask.
           Once the value of this object is modified, the per rule mask will take effect.
           "
       ::= { swACLPktContRuleOption2OffsetsEntry 6 }        

-- -----------------------------------------------------------------------------
-- swCpuAclEthernetTable
-- -----------------------------------------------------------------------------
    swCpuAclEthernetTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwCpuAclEthernetEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains software ACL mask Ethernet information.
             Access profiles will be created on the switch to define which
             part of each incoming frame's layer 2 header will be examined by
             the switch. Masks entered will be combined with the values
             the switch finds in the specified frame header fields."
        ::= { swCpuAclMaskMgmt 1 }

    swCpuAclEthernetEntry OBJECT-TYPE
        SYNTAX  SwCpuAclEthernetEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about Ethernet ACL masks."
        INDEX  { swCpuAclEthernetProfileID }
        ::= { swCpuAclEthernetTable 1 }

    SwCpuAclEthernetEntry ::=
        SEQUENCE {
            swCpuAclEthernetProfileID
                INTEGER,
            swCpuAclEthernetUsevlan
                INTEGER,
            swCpuAclEthernetMacAddrMaskState
                INTEGER,
            swCpuAclEthernetSrcMacAddrMask
                MacAddress,
            swCpuAclEthernetDstMacAddrMask
                MacAddress,
            swCpuAclEthernetUse8021p
                INTEGER,
            swCpuAclEthernetUseEthernetType
                INTEGER,
            swCpuAclEthernetRowStatus
                RowStatus
        }
    swCpuAclEthernetProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only   --read-create
        STATUS  current
        DESCRIPTION
            "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
        ::= { swCpuAclEthernetEntry 1 }

    swCpuAclEthernetUsevlan OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the switch will examine the VLAN part of each packet header."
        ::= { swCpuAclEthernetEntry 2 }

    swCpuAclEthernetMacAddrMaskState OBJECT-TYPE
        SYNTAX  INTEGER {
               other(1),
               dst-mac-addr(2),
               src-mac-addr(3),
               dst-src-mac-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of the MAC address mask.

            other (1) - Neither source MAC addresses nor destination MAC addresses are
                masked.
            dst-mac-addr (2) - Destination MAC addresses within received frames are
                to be filtered when matched with the MAC address entry of the table.
            src-mac-addr (3) - Source MAC address within received frames are to
                be filtered when matched with the MAC address entry of the table.
            dst-src-mac-addr (4) - Source or destination MAC addresses within received
                frames are to be filtered when matched with the MAC address entry of this table."
        ::= { swCpuAclEthernetEntry 3 }

    swCpuAclEthernetSrcMacAddrMask OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object specifies the MAC address mask for the source MAC address."
        ::= { swCpuAclEthernetEntry 4 }

    swCpuAclEthernetDstMacAddrMask OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object specifies the MAC address mask for the destination MAC address."
        ::= { swCpuAclEthernetEntry 5 }

    swCpuAclEthernetUse8021p OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will examine the 802.1p priority value in the frame's header
              or not."
        ::= { swCpuAclEthernetEntry 6 }

    swCpuAclEthernetUseEthernetType OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will examine the Ethernet type value in each frame's header
              or not."
        ::= { swCpuAclEthernetEntry 7 }

    swCpuAclEthernetRowStatus OBJECT-TYPE --swCpuAclEthernetState
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swCpuAclEthernetEntry 8 }

-- -----------------------------------------------------------------------------
-- swCpuAclIpTable
-- -----------------------------------------------------------------------------
    swCpuAclIpTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwCpuAclIpEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains software ACL mask IP information.
             Access profiles will be created on the switch to define which
             parts of each incoming frame's IP layer 2 header will be examined
             by the switch. Masks entered will be combined with the
             values the switch finds in the specified frame header fields."
        ::= { swCpuAclMaskMgmt 2 }

    swCpuAclIpEntry OBJECT-TYPE
        SYNTAX  SwCpuAclIpEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about the software ACL of the IP Layer."
        INDEX  { swCpuAclIpProfileID }
        ::= { swCpuAclIpTable 1 }

    SwCpuAclIpEntry ::=
        SEQUENCE {
            swCpuAclIpProfileID
                INTEGER,
            swCpuAclIpUsevlan
                INTEGER,
            swCpuAclIpIpAddrMaskState
                INTEGER,
            swCpuAclIpSrcIpAddrMask
                IpAddress,
            swCpuAclIpDstIpAddrMask
                IpAddress,
            swCpuAclIpUseDSCP
                INTEGER,
            swCpuAclIpUseProtoType
                INTEGER,
            swCpuAclIpIcmpOption
                INTEGER,
            swCpuAclIpIgmpOption
                INTEGER,
            swCpuAclIpTcpOption
                INTEGER,
            swCpuAclIpUdpOption
                INTEGER,
            swCpuAclIpTCPorUDPSrcPortMask
                OCTET STRING,
            swCpuAclIpTCPorUDPDstPortMask
                OCTET STRING,
            swCpuAclIpTCPFlagBit
                INTEGER,
            swCpuAclIpTCPFlagBitMask
                INTEGER,
            swCpuAclIpProtoIDOption
                INTEGER,
            swCpuAclIpProtoID
                INTEGER,
            swCpuAclIpProtoIDMask
                OCTET STRING,
            swCpuAclIpRowStatus
                RowStatus
        }

    swCpuAclIpProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
        ::= { swCpuAclIpEntry 1 }

    swCpuAclIpUsevlan OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates if the IP layer VLAN part is examined or not."
        ::= { swCpuAclIpEntry 2 }

    swCpuAclIpIpAddrMaskState OBJECT-TYPE
                SYNTAX  INTEGER {
               other(1),
               dst-ip-addr(2),
               src-ip-addr(3),
               dst-src-ip-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of IP address mask.

            other (1) - Neither source IP addresses nor destination IP address are
                masked.
            dst-ip-addr (2) - Destination IP addresses within received frames are
                to be filtered when matched with the IP address entry of this table.
            src-ip-addr (3) - Source IP addresses within received frames are to
                be filtered when matched with the IP address entry of this table.
            dst-src-ip-addr (4) - Destination or source IP addresses within received
                frames are to be filtered when matched with the IP address entry of the
                table."
        ::= { swCpuAclIpEntry 3 }

    swCpuAclIpSrcIpAddrMask OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object specifies the IP address mask for the source IP address."
        ::= { swCpuAclIpEntry 4 }

    swCpuAclIpDstIpAddrMask OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object specifies the IP address mask for the destination IP address."
        ::= { swCpuAclIpEntry 5 }

    swCpuAclIpUseDSCP OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates if the DSCP protocol in the packet header is to be examined or not."
        ::= { swCpuAclIpEntry 6 }

    swCpuAclIpUseProtoType OBJECT-TYPE
        SYNTAX  INTEGER {
               none(1),
               icmp(2),
               igmp(3),
               tcp(4),
               udp(5),
               protocolId(6)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates which protocol will be examined."
        ::= { swCpuAclIpEntry 7 }

    swCpuAclIpIcmpOption OBJECT-TYPE
        SYNTAX  INTEGER {
               none(1),
               type(2),
               code(3),
               type-code(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates which fields are identified for ICMP.
            none (1)- Both fields are null.
            type (2)- Type field identified.
            code (3)- Code field identified.
            type-code (4)- Both ICMP fields identified.
            "
        ::= { swCpuAclIpEntry 8 }

    swCpuAclIpIgmpOption OBJECT-TYPE
        SYNTAX  INTEGER {
               enable(1),
               disable(2)
              }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates if the IGMP options field is identified or not."
        ::= { swCpuAclIpEntry 9 }

    swCpuAclIpTcpOption OBJECT-TYPE
        SYNTAX  INTEGER {
               other(1),
               dst-addr(2),
               src-addr(3),
               dst-src-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of filtered addresses of TCP.

                other (1) - Neither source port nor destination port are
                masked.
             dst-addr (2) - Packets will be filtered if this destination port is
                identified in received frames.
             src-addr (3) - Packets will be filtered if this source port is
                identified in received frames.
             dst-src-addr (4) - Packets will be filtered is this destination or
                source port is identified in received frames."
        ::= { swCpuAclIpEntry 10 }

    swCpuAclIpUdpOption OBJECT-TYPE
        SYNTAX  INTEGER {
               other(1),
               dst-addr(2),
               src-addr(3),
               dst-src-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of filtered addresses of UDP.

            other (1) - Neither source port nor destination port are
                masked.
            dst-addr (2) - Packets will be filtered if this destination port
                is identified in received frames.
            src-addr (3) - Packets will be filtered if this source port
                is identified in received frames.
            dst-src-addr (4) - Packets will be filtered if this destination
                or source port is identified in received frames."

        ::= { swCpuAclIpEntry 11 }

    swCpuAclIpTCPorUDPSrcPortMask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(2))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a TCP port mask for the source port if swCpuAclIpUseProtoType is TCP.
             Specifies a UDP port mask for the source port if swCpuAclIpUseProtoType is UDP.
             "
        ::= { swCpuAclIpEntry 12 }

    swCpuAclIpTCPorUDPDstPortMask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(2))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a TCP port mask for the destination port if swCpuAclIpUseProtoType is TCP.
             Specifies a UDP port mask for the destination port if swCpuAclIpUseProtoType is UDP."
        ::= { swCpuAclIpEntry 13 }

    swCpuAclIpTCPFlagBit OBJECT-TYPE
                SYNTAX  INTEGER {
               enable(1),
               disable(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a TCP connection flag mask."
        ::= { swCpuAclIpEntry 14 }

    swCpuAclIpTCPFlagBitMask OBJECT-TYPE
        SYNTAX  INTEGER(0..63)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "A value which indicates the set of TCP flags that this
             entity may potentially offer. The value is a sum of flag bits.
             This sum initially takes the value zero. Then, for each flag, L
             is added in the range 1 through 6, for which this node performs
             transactions where 2^(L - 1) is added to the sum.
             Note that values should be calculated accordingly:

                 Flag      functionality
                   6        urg bit
                   5        ack bit
                   4        psh bit
                   3        rst bit
                   2        syn bit
                   1        fin bit
             For example, if you want to enable urg bit and ack bit, you
             should set value 48{2^(5-1) + 2^(6-1)}."
        ::= { swCpuAclIpEntry 15 }

    swCpuAclIpProtoIDOption OBJECT-TYPE
        SYNTAX  INTEGER {
               enable(1),
               disable(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will examine each frame's Protocol ID field or not."
        ::= { swCpuAclIpEntry 16 }

    swCpuAclIpProtoID OBJECT-TYPE
        SYNTAX  INTEGER(0..255)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            ""
        ::= { swCpuAclIpEntry 17 }


    swCpuAclIpProtoIDMask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(20))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the IP protocol ID and the mask options
             behind the IP header."
        ::= { swCpuAclIpEntry 18 }

    swCpuAclIpRowStatus OBJECT-TYPE
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swCpuAclIpEntry 19 }

-- -----------------------------------------------------------------------------
-- swCpuAclPktContMaskTable
-- -----------------------------------------------------------------------------
    swCpuAclPktContMaskTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwCpuAclPktContMaskEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains user-defined software ACL information.
             Access profiles will be created on the switch to define which
             part of each incoming frame's user-defined part of the packet header
             will be examined by the switch. Masks entered will be combined
              with the values the switch finds in the specified frame header fields."
        ::= { swCpuAclMaskMgmt 3 }

    swCpuAclPktContMaskEntry OBJECT-TYPE
        SYNTAX  SwCpuAclPktContMaskEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about user-defined software ACLs."
        INDEX  { swCpuAclPktContMaskProfileID }
        ::= { swCpuAclPktContMaskTable 1 }

    SwCpuAclPktContMaskEntry ::=
        SEQUENCE {
            swCpuAclPktContMaskProfileID
                INTEGER,
            swCpuAclPktContMaskOffset0to15
                OCTET STRING,
            swCpuAclPktContMaskOffset16to31
                OCTET STRING,
            swCpuAclPktContMaskOffset32to47
                OCTET STRING,
            swCpuAclPktContMaskOffset48to63
                OCTET STRING,
            swCpuAclPktContMaskOffset64to79
                OCTET STRING,
            swCpuAclPktContMaskRowStatus
                RowStatus
        }
    swCpuAclPktContMaskProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only   --read-create
        STATUS  current
        DESCRIPTION
            "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
        ::= { swCpuAclPktContMaskEntry 1 }

    swCpuAclPktContMaskOffset0to15 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the packet content (Offset0to15) and
             the mask options."
        ::= { swCpuAclPktContMaskEntry 2 }

    swCpuAclPktContMaskOffset16to31 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the packet content (Offset16to31) and
             the mask options."
         ::= { swCpuAclPktContMaskEntry 3 }

    swCpuAclPktContMaskOffset32to47 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the packet content (Offset32to47) and
             the mask options."
        ::= { swCpuAclPktContMaskEntry 4 }

    swCpuAclPktContMaskOffset48to63 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the packet content (Offset48to63) and
             the mask options."
        ::= { swCpuAclPktContMaskEntry 5 }

    swCpuAclPktContMaskOffset64to79 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the packet content (Offset64to79) and
             the mask options."
        ::= { swCpuAclPktContMaskEntry 6 }

    swCpuAclPktContMaskRowStatus OBJECT-TYPE --swCpuAclEthernetState
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swCpuAclPktContMaskEntry 7 }

-- -----------------------------------------------------------------------------
-- swCpuAclIpv6MaskTable
-- -----------------------------------------------------------------------------
    swCpuAclIpv6MaskTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwCpuAclIpv6MaskEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains IPv6 software ACL mask information.
             An access profile will be created on the switch to define which
             part of each incoming frame's IPv6 part of the packet header
             will be examined by switch. Masks entered will be combined
              with the values the switch finds in the specified frame header fields.  "
        ::= { swCpuAclMaskMgmt 4 }

    swCpuAclIpv6MaskEntry OBJECT-TYPE
        SYNTAX  SwCpuAclIpv6MaskEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about user-defined software ACLs."
        INDEX  { swCpuAclIpv6MaskProfileID }
        ::= { swCpuAclIpv6MaskTable 1 }

    SwCpuAclIpv6MaskEntry ::=
        SEQUENCE {
            swCpuAclIpv6MaskProfileID
                INTEGER,
            swCpuAclIpv6MaskClass
                INTEGER,
            swCpuAclIpv6MaskFlowlabel
                INTEGER,
            swCpuAclIpv6IpAddrMaskState
                INTEGER,
            swCpuAclIpv6MaskSrcIpv6Mask
                Ipv6Address,
            swCpuAclIpv6MaskDstIpv6Mask
                Ipv6Address,
            swCpuAclIpv6MaskRowStatus
                RowStatus
        }
    swCpuAclIpv6MaskProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only   --read-create
        STATUS  current
        DESCRIPTION
            "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
        ::= { swCpuAclIpv6MaskEntry 1 }

    swCpuAclIpv6MaskClass OBJECT-TYPE
        SYNTAX  INTEGER {
               enable(1),
               disable(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the IPv6 class field and the mask options."
        ::= { swCpuAclIpv6MaskEntry 2 }

    swCpuAclIpv6MaskFlowlabel OBJECT-TYPE
        SYNTAX  INTEGER {
               enable(1),
               disable(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the IPv6 flowlabel field and the mask options."
        ::= { swCpuAclIpv6MaskEntry 3 }

    swCpuAclIpv6IpAddrMaskState OBJECT-TYPE
        SYNTAX  INTEGER {
               other(1),
               dst-ipv6-addr(2),
               src-ipv6-addr(3),
               dst-src-ipv6-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of IPv6 address mask.

            other (1) - Neither source IPv6 address nor destination IPv6 address are
                masked.
             dst-ipv6-addr (2) - Packets will be filtered if this destination IPv6 address
                is identified as a match in received frames.
             src-ipv6-addr (3) - Packets will be filtered if this source IPv6 address
                is identified as a match in received frames.
             dst-src-ipv6-addr (4) - Packets will be filtered if this destination or source
                IPv6 address is identified as a match in received frames."
        ::= { swCpuAclIpv6MaskEntry 4 }

    swCpuAclIpv6MaskSrcIpv6Mask OBJECT-TYPE
        SYNTAX  Ipv6Address
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the source IPv6 address and the mask options.
            This should be a 16 byte octet string."
        ::= { swCpuAclIpv6MaskEntry 5 }

    swCpuAclIpv6MaskDstIpv6Mask OBJECT-TYPE
        SYNTAX  Ipv6Address
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the destination IPv6 address and the mask options.
            This should be a 16 byte octet string."
        ::= { swCpuAclIpv6MaskEntry 6 }

    swCpuAclIpv6MaskRowStatus OBJECT-TYPE
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swCpuAclIpv6MaskEntry 7 }

-- -----------------------------------------------------------------------------
--swCpuACLMaskDelAllState
-- -----------------------------------------------------------------------------
    swCpuACLMaskDelAllState OBJECT-TYPE
        SYNTAX      INTEGER{
                none(1),
                start(2)
                }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "Used to delete all software ACL masks."
        ::= { swCpuAclMaskMgmt 5 }

-- -----------------------------------------------------------------------------
-- swCpuAclEtherRuleTable
-- -----------------------------------------------------------------------------
    swCpuAclEtherRuleTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwCpuAclEtherRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains Ethernet software ACL rule information."
        ::= { swCpuAclRuleMgmt 1 }

    swCpuAclEtherRuleEntry OBJECT-TYPE
        SYNTAX  SwCpuAclEtherRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about the software ACL rule of the layer 2 part of each packet."
        INDEX  { swCpuAclEtherRuleProfileID,swCpuAclEtherRuleAccessID }
        ::= { swCpuAclEtherRuleTable 1 }

    SwCpuAclEtherRuleEntry ::=
        SEQUENCE {
            swCpuAclEtherRuleProfileID
                INTEGER,
            swCpuAclEtherRuleAccessID
                INTEGER,
            swCpuAclEtherRuleVlan
                SnmpAdminString,
            swCpuAclEtherRuleSrcMacAddress
                MacAddress,
            swCpuAclEtherRuleDstMacAddress
                MacAddress,
            swCpuAclEtherRule8021P
                INTEGER,
            swCpuAclEtherRuleEtherType
                OCTET STRING,
            swCpuAclEtherRulePermit
                INTEGER,
            swCpuAclEtherRuleRowStatus
                RowStatus,
            swCpuAclEtherRulePort
                PortList,
                        swCpuAclEtherRuleMatchVID
                                INTEGER
        }

    swCpuAclEtherRuleProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
        ::= { swCpuAclEtherRuleEntry 1 }

    swCpuAclEtherRuleAccessID OBJECT-TYPE
        SYNTAX  INTEGER (1..65535)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the software ACL rule entry as it relates to swCpuAclEtherRuleProfileID."
        ::= { swCpuAclEtherRuleEntry 2 }

    swCpuAclEtherRuleVlan OBJECT-TYPE
        SYNTAX  SnmpAdminString (SIZE (1..32))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will only apply to packets with the VLAN ID indexed by this VLAN name."
        ::= { swCpuAclEtherRuleEntry 3 }

    swCpuAclEtherRuleSrcMacAddress OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will only apply to the packets with
             this source MAC address."
        ::= { swCpuAclEtherRuleEntry 4 }

    swCpuAclEtherRuleDstMacAddress OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will only apply to the packets               with this destination MAC address."
        ::= { swCpuAclEtherRuleEntry 5 }

    swCpuAclEtherRule8021P OBJECT-TYPE
        SYNTAX  INTEGER(-1..7)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will only apply to packets with
              this 802.1p priority value. A value of -1 indicates that this node is not actively used."
        ::= { swCpuAclEtherRuleEntry 6 }

    swCpuAclEtherRuleEtherType OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE (2))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will only apply to packets with this
             802.1Q Ethernet type value in the packet header."
        ::= { swCpuAclEtherRuleEntry 7 }

    swCpuAclEtherRulePermit OBJECT-TYPE
        SYNTAX  INTEGER {
               deny(1),
               permit(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates if the result of the packet examination is to 'permit' or 'deny'.
             The default is 'permit'.
             permit - Specifies that packets that match the access profile are
                      permitted to be forwarded by the switch.
             deny - Specifies that packets that match the access profile
                    are not permitted to be forwarded by the switch and will be filtered."
        ::= { swCpuAclEtherRuleEntry 8 }

    swCpuAclEtherRuleRowStatus OBJECT-TYPE      --swCpuAclEtherRuleState
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swCpuAclEtherRuleEntry 9 }

     swCpuAclEtherRulePort OBJECT-TYPE
        SYNTAX  PortList
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will only apply to port(s)."
        ::= { swCpuAclEtherRuleEntry 10 }

    swCpuAclEtherRuleMatchVID OBJECT-TYPE
        SYNTAX  INTEGER (0..4094)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will apply only to packets with
             this VLAN ID."
        ::= { swCpuAclEtherRuleEntry 11 }
-- -----------------------------------------------------------------------------
-- swCpuAclIpRuleTable
-- -----------------------------------------------------------------------------
    swCpuAclIpRuleTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwCpuAclIpRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains IPv4 software ACL rule information."
        ::= { swCpuAclRuleMgmt 2 }

    swCpuAclIpRuleEntry OBJECT-TYPE
        SYNTAX  SwCpuAclIpRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about this software ACL rule."
        INDEX  { swCpuAclIpRuleProfileID , swCpuAclIpRuleAccessID }
        ::= { swCpuAclIpRuleTable 1 }

    SwCpuAclIpRuleEntry ::=
        SEQUENCE {
            swCpuAclIpRuleProfileID
                INTEGER,
            swCpuAclIpRuleAccessID
                INTEGER,
            swCpuAclIpRuleVlan
                SnmpAdminString,
            swCpuAclIpRuleSrcIpaddress
                IpAddress,
            swCpuAclIpRuleDstIpaddress
                IpAddress,
            swCpuAclIpRuleDscp
                INTEGER,
            swCpuAclIpRuleProtocol
                INTEGER,
            swCpuAclIpRuleType
                INTEGER,
            swCpuAclIpRuleCode
                INTEGER,
            swCpuAclIpRuleSrcPort
                INTEGER,
            swCpuAclIpRuleDstPort
                INTEGER,
            swCpuAclIpRuleFlagBits
                INTEGER,
            swCpuAclIpRuleProtoID
                INTEGER,
            swCpuAclIpRuleUserMask
                OCTET STRING,
            swCpuAclIpRulePermit
                INTEGER,
            swCpuAclIpRuleRowStatus
                RowStatus,
            swCpuAclIpRulePort
                PortList,
                        swCpuAclIpRuleMatchVID
                                INTEGER
        }

    swCpuAclIpRuleProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
        ::= { swCpuAclIpRuleEntry 1 }

    swCpuAclIpRuleAccessID OBJECT-TYPE
        SYNTAX  INTEGER (1..65535)
        MAX-ACCESS  read-only   --read-create
        STATUS  current
        DESCRIPTION
            "The ID of the software ACL for the IPv4 rule entry."
        ::= { swCpuAclIpRuleEntry 2 }

    swCpuAclIpRuleVlan OBJECT-TYPE
        SYNTAX  SnmpAdminString (SIZE (1..32))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will apply only to packets with the VLAN ID indexed by this VLAN name."
        ::= { swCpuAclIpRuleEntry 3 }

    swCpuAclIpRuleSrcIpaddress OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies an IP source address."
        ::= { swCpuAclIpRuleEntry 4 }

    swCpuAclIpRuleDstIpaddress OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies an IP destination address."
        ::= { swCpuAclIpRuleEntry 5 }

    swCpuAclIpRuleDscp OBJECT-TYPE
        SYNTAX  INTEGER(-1..63)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the value of DSCP. The value can be configured from 0 to 63.
            A value of -1 indicates that this node is not actively used."
        ::= { swCpuAclIpRuleEntry 6 }

    swCpuAclIpRuleProtocol OBJECT-TYPE
        SYNTAX  INTEGER {
               none(1),
               icmp(2),
               igmp(3),
               tcp(4),
               udp(5),
               protocolId(6)
               }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "Specifies the IP protocol which has been configured in swCpuAclIpEntry."
        ::= { swCpuAclIpRuleEntry 7 }

    swCpuAclIpRuleType OBJECT-TYPE
        SYNTAX  INTEGER(-1..255)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the rule applies to the value of ICMP type traffic.
            A value of -1 indicates that this node is not actively used."
        ::= { swCpuAclIpRuleEntry 8 }

    swCpuAclIpRuleCode OBJECT-TYPE
        SYNTAX  INTEGER(-1..255)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the rule applies to the value of ICMP code traffic.
            A value of -1 indicates that this node is not actively used."
        ::= { swCpuAclIpRuleEntry 9 }

    swCpuAclIpRuleSrcPort OBJECT-TYPE
        SYNTAX  INTEGER(-1..65535)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the rule applies to the range of TCP/UDP source ports.
            A value of -1 indicates that this node is not actively used."
        ::= { swCpuAclIpRuleEntry 10 }

    swCpuAclIpRuleDstPort OBJECT-TYPE
        SYNTAX  INTEGER(-1..65535)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the range of TCP/UDP destination ports.
            A value of -1 indicates that this node is not actively used."
        ::= { swCpuAclIpRuleEntry 11 }

    swCpuAclIpRuleFlagBits OBJECT-TYPE
        SYNTAX  INTEGER(0..63)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "A value which indicates the set of TCP flags that this
             entity may potentially offer. The value is a sum of flag bits.
             This sum initially takes the value zero. Then, for each flag, L
             is added in the range 1 through 6, for which this node performs
             transactions where, 2^(L - 1) is added to the sum.
             Note that values should be calculated accordingly:

                 Flag      functionality
                   6        urg bit
                   5        ack bit
                   4        psh bit
                   3        rst bit
                   2        syn bit
                   1        fin bit
             For example, it you want to enable urg bit and ack bit, you
             should set the value 48{2^(5-1) + 2^(6-1)}."
        ::= { swCpuAclIpRuleEntry 12 }

    swCpuAclIpRuleProtoID OBJECT-TYPE
        SYNTAX  INTEGER(-1..255)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the rule applies to the value of IP protocol ID traffic.
            A value of -1 indicates that this node is not actively used."
        ::= { swCpuAclIpRuleEntry 13 }

    swCpuAclIpRuleUserMask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(20))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the IP protocol ID and the range of
             options behind the IP header."
        ::= { swCpuAclIpRuleEntry 14 }

    swCpuAclIpRulePermit OBJECT-TYPE
        SYNTAX  INTEGER {
               deny(1),
               permit(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates if the result of the packet examination is to 'permit' or 'deny'.
             The default is 'permit'.
             permit - Specifies that packets that match the access profile are
                      permitted to be forwarded by the switch.
             deny - Specifies that packets that match the access profile
                    are not permitted to be forwarded by the switch and will be filtered."
        ::= { swCpuAclIpRuleEntry 15 }

    swCpuAclIpRuleRowStatus OBJECT-TYPE
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swCpuAclIpRuleEntry 16 }

     swCpuAclIpRulePort OBJECT-TYPE
        SYNTAX  PortList
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will only apply to port(s)."
        ::= { swCpuAclIpRuleEntry 17 }

     swCpuAclIpRuleMatchVID OBJECT-TYPE
        SYNTAX  INTEGER (0..4094)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will apply only to packets with
             this VLAN ID."
        ::= { swCpuAclIpRuleEntry 18 }
-- -----------------------------------------------------------------------------
-- swCpuAclPktContRuleTable
-- -----------------------------------------------------------------------------
    swCpuAclPktContRuleTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwCpuAclPktContRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains user-defined software ACL rule information."
        ::= { swCpuAclRuleMgmt 3 }

    swCpuAclPktContRuleEntry OBJECT-TYPE
        SYNTAX  SwCpuAclPktContRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about the software ACL rule of the user-defined part of each packet."
        INDEX  { swCpuAclPktContRuleProfileID,swCpuAclPktContRuleAccessID }
        ::= { swCpuAclPktContRuleTable 1 }

    SwCpuAclPktContRuleEntry ::=
        SEQUENCE {
            swCpuAclPktContRuleProfileID
                INTEGER,
            swCpuAclPktContRuleAccessID
                INTEGER,
            swCpuAclPktContRuleOffset0to15
                OCTET STRING,
            swCpuAclPktContRuleOffset16to31
                OCTET STRING,
            swCpuAclPktContRuleOffset32to47
                OCTET STRING,
            swCpuAclPktContRuleOffset48to63
                OCTET STRING,
            swCpuAclPktContRuleOffset64to79
                OCTET STRING,
            swCpuAclPktContRulePermit
                INTEGER,
            swCpuAclPktContRuleRowStatus
                RowStatus,
            swCpuAclPktContRulePort
                PortList
        }
    swCpuAclPktContRuleProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
        ::= { swCpuAclPktContRuleEntry 1 }

    swCpuAclPktContRuleAccessID OBJECT-TYPE
        SYNTAX  INTEGER (1..65535)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the software ACL rule entry related to swCpuAclPktContRuleProfileID."
        ::= { swCpuAclPktContRuleEntry 2 }

    swCpuAclPktContRuleOffset0to15 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the user-defined packet."
        ::= { swCpuAclPktContRuleEntry 3 }

    swCpuAclPktContRuleOffset16to31 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the user-defined packet."
        ::= { swCpuAclPktContRuleEntry 4 }

    swCpuAclPktContRuleOffset32to47 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the user-defined packet."
        ::= { swCpuAclPktContRuleEntry 5 }

    swCpuAclPktContRuleOffset48to63 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the user-defined packet."
        ::= { swCpuAclPktContRuleEntry 6 }

    swCpuAclPktContRuleOffset64to79 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the user-defined packet."
        ::= { swCpuAclPktContRuleEntry 7 }

    swCpuAclPktContRulePermit OBJECT-TYPE
        SYNTAX  INTEGER {
               deny(1),
               permit(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates if the result of the packet examination is to 'permit' or 'deny'.
             The default is 'permit'.
             permit - Specifies that packets that match the access profile are
                      permitted to be forwarded by the switch.
             deny - Specifies that packets that match the access profile
                    are not permitted to be forwarded by the switch and will be filtered."
        ::= { swCpuAclPktContRuleEntry 8 }

    swCpuAclPktContRuleRowStatus OBJECT-TYPE
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swCpuAclPktContRuleEntry 9 }

    swCpuAclPktContRulePort OBJECT-TYPE
        SYNTAX  PortList
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will only apply to port(s)."
       ::= { swCpuAclPktContRuleEntry 10 }

-- -----------------------------------------------------------------------------
-- swCpuAclIpv6RuleTable
-- -----------------------------------------------------------------------------
    swCpuAclIpv6RuleTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwCpuAclIpv6RuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains user-defined ACL rule information."
        ::= { swCpuAclRuleMgmt 4 }

    swCpuAclIpv6RuleEntry OBJECT-TYPE
        SYNTAX  SwCpuAclIpv6RuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about the ACL rule of the user-defined part of each packet."
        INDEX  { swCpuAclIpv6RuleProfileID,swCpuAclIpv6RuleAccessID }
        ::= { swCpuAclIpv6RuleTable 1 }

    SwCpuAclIpv6RuleEntry ::=
        SEQUENCE {
            swCpuAclIpv6RuleProfileID
                INTEGER,
            swCpuAclIpv6RuleAccessID
                INTEGER,
            swCpuAclIpv6RuleClass
                INTEGER,
            swCpuAclIpv6RuleFlowlabel
                OCTET STRING,
            swCpuAclIpv6RuleSrcIpv6Addr
                Ipv6Address,
            swCpuAclIpv6RuleDstIpv6Addr
                Ipv6Address,
            swCpuAclIpv6RulePermit
                INTEGER,
            swCpuAclIpv6RuleRowStatus
                RowStatus,
            swCpuAclIpv6RulePort
                PortList
        }
    swCpuAclIpv6RuleProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the ACL mask entry. This is unique in the mask list. The maximum value of this object depends on the device."
        ::= { swCpuAclIpv6RuleEntry 1 }

    swCpuAclIpv6RuleAccessID OBJECT-TYPE
        SYNTAX  INTEGER (1..65535)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the ACL rule entry in relation to swCpuAclIpv6RuleProfileID."
        ::= { swCpuAclIpv6RuleEntry 2 }

    swCpuAclIpv6RuleClass OBJECT-TYPE
        SYNTAX  INTEGER (0..255)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the IPv6 class field."
        ::= { swCpuAclIpv6RuleEntry 3 }

    swCpuAclIpv6RuleFlowlabel OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(4))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the IPv6 flowlabel field."
        ::= { swCpuAclIpv6RuleEntry 4 }

    swCpuAclIpv6RuleSrcIpv6Addr OBJECT-TYPE
        SYNTAX  Ipv6Address
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the source IPv6 address.
            This should be a 16 byte octet string."
        ::= { swCpuAclIpv6RuleEntry 5 }

    swCpuAclIpv6RuleDstIpv6Addr OBJECT-TYPE
        SYNTAX  Ipv6Address
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the destination IPv6 address.
            This should be a 16 byte octet string."
        ::= { swCpuAclIpv6RuleEntry 6 }

    swCpuAclIpv6RulePermit OBJECT-TYPE
        SYNTAX  INTEGER {
               deny(1),
               permit(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates if the result of the examination is to 'permit' or 'deny'.
             The default is 'permit' (1).
             permit - Specifies that packets that match the access profile are
                      permitted to be forwarded by the switch.
             deny - Specifies that packets that match the access profile
                    are not permitted to be forwarded by the switch and will be filtered."
        ::= { swCpuAclIpv6RuleEntry 7 }

    swCpuAclIpv6RuleRowStatus OBJECT-TYPE
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swCpuAclIpv6RuleEntry 8 }

    swCpuAclIpv6RulePort OBJECT-TYPE
        SYNTAX  PortList
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will apply only to port(s)."
       ::= { swCpuAclIpv6RuleEntry 9 }

-- -----------------------------------------------------------------------------
-- swAclMeteringMgmt
-- -----------------------------------------------------------------------------
        swAclMeterTable OBJECT-TYPE
                SYNTAX      SEQUENCE OF SwAclMeterEntry
                MAX-ACCESS  not-accessible
                STATUS      current
                DESCRIPTION
                   "This table is used to configure the flow-based metering function.
                    The access rule must first be created before the parameters of this
                    function can be applied. Users may set the preferred bandwidth for
                    this rule, in Kbps; once the bandwidth has been exceeded, overflow
                    packets will be either dropped or set for a drop precedence,
                    depending on user configuration."
                ::= { swAclMeteringMgmt 1 }

        swAclMeterEntry OBJECT-TYPE
                SYNTAX      SwAclMeterEntry
                MAX-ACCESS  not-accessible
                STATUS      current
                DESCRIPTION
                   "This entry displays parameters and configurations set for the flow
                    metering function."
                INDEX { swAclMeterProfileID, swAclMeterAccessID}
                ::= { swAclMeterTable 1 }

        SwAclMeterEntry ::=
           SEQUENCE {
               swAclMeterProfileID
                   INTEGER,
               swAclMeterAccessID
                   INTEGER,
               swAclMeterRate
                   INTEGER,
               swAclMeterActionForRateExceed
                   INTEGER,
               swAclMeterRemarkDscp
                   INTEGER,
               swAclMeterBurstSize
                   INTEGER,
               swAclMeterMode
                   INTEGER,
               swAclMeterTrtcmCir
                   INTEGER,
               swAclMeterTrtcmCbs
                   INTEGER,
               swAclMeterTrtcmPir
                   INTEGER,
               swAclMeterTrtcmPbs
                   INTEGER,
               swAclMeterTrtcmColorMode
                   INTEGER,
               swAclMeterTrtcmConformState
                   INTEGER,
               swAclMeterTrtcmConformReplaceDscp
                   INTEGER,
               swAclMeterTrtcmConformCounterState
                   INTEGER,
               swAclMeterTrtcmExceedState
                   INTEGER,
               swAclMeterTrtcmExceedReplaceDscp
                   INTEGER,
               swAclMeterTrtcmExceedCounterState
                   INTEGER,
               swAclMeterTrtcmViolateState
                   INTEGER,
               swAclMeterTrtcmViolateReplaceDscp
                   INTEGER,
               swAclMeterTrtcmViolateCounterState
                   INTEGER,
               swAclMeterSrtcmCir
                   INTEGER,
               swAclMeterSrtcmCbs
                   INTEGER,
               swAclMeterSrtcmEbs
                   INTEGER,
               swAclMeterSrtcmColorMode
                   INTEGER,
               swAclMeterSrtcmConformState
                   INTEGER,
               swAclMeterSrtcmConformReplaceDscp
                   INTEGER,
               swAclMeterSrtcmConformCounterState
                   INTEGER,
               swAclMeterSrtcmExceedState
                   INTEGER,
               swAclMeterSrtcmExceedReplaceDscp
                   INTEGER,
               swAclMeterSrtcmExceedCounterState
                   INTEGER,
               swAclMeterSrtcmViolateState
                   INTEGER,
               swAclMeterSrtcmViolateReplaceDscp
                   INTEGER,
               swAclMeterSrtcmViolateCounterState
                   INTEGER,
               swAclMeterRowStatus
                   RowStatus
           }

        swAclMeterProfileID OBJECT-TYPE
                SYNTAX      INTEGER
                MAX-ACCESS  read-only
                STATUS      current
                DESCRIPTION
                   "The ID of the ACL mask entry is unique in the mask list. The maximum value of this object depends on the device."
                ::= { swAclMeterEntry 1 }

        swAclMeterAccessID OBJECT-TYPE
                SYNTAX      INTEGER(1..65535)
                MAX-ACCESS  read-only
                STATUS      current
                DESCRIPTION
                   "The ID of the ACL rule entry as related to the swAclMeterProfileID."
                ::= { swAclMeterEntry 2 }

        swAclMeterRate OBJECT-TYPE
                SYNTAX INTEGER
                MAX-ACCESS  read-create
                STATUS      current
                DESCRIPTION
                   "Specifies the committed bandwidth in Kbps for the flow.
                    NOTE:
                        1. Specifying 0 will disable this flow meter setting.
                        2. Users must set the swAclMeterActionForRateExceed object to activate this entry."
                ::= { swAclMeterEntry 3 }

        swAclMeterActionForRateExceed OBJECT-TYPE
                SYNTAX INTEGER {
                           other(1),
               drop-packet(2),
                set-drop-precedence(3),
                remark-dscp(4)
               }
                MAX-ACCESS  read-create
                STATUS      current
                DESCRIPTION
                   "Specifies the action to take for those packets exceeding the committed rate.
                    NOTE:
                        Users must also set the swAclMeterRate to activate this entry."
                ::= { swAclMeterEntry 4 }

        swAclMeterRemarkDscp OBJECT-TYPE
            SYNTAX  INTEGER (0..63)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Mark the packet with a specified DSCP.
                 It can be set when swAclMeterActionForRateExceed sets remark-dscp (3)."
            ::= { swAclMeterEntry 5 }

       swAclMeterBurstSize OBJECT-TYPE
            SYNTAX  INTEGER
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "This specifies the burst size for the single rate two color mode.
                 The unit is Kbytes. That is to say, 1 means 1kbytes.
                 The set value range is 0..n, the value n is determined by project,
                 the value of 0 means to delete this flow_meter setting."
            ::= { swAclMeterEntry 6 }

        swAclMeterMode OBJECT-TYPE
            SYNTAX  INTEGER {
                   other(1),
                   tr-tcm(2),
                   sr-tcm(3)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "tr-tcm: two rate three color mode;
                 sr-tcm: single rate three color mode.
                "
            ::= { swAclMeterEntry 7 }

        swAclMeterTrtcmCir OBJECT-TYPE
            SYNTAX  INTEGER (1..156249)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the 'committed information rate' of 'two rate three color mode'.
                 The unit is Kbps."
            ::= { swAclMeterEntry 8 }

        swAclMeterTrtcmCbs OBJECT-TYPE
            SYNTAX  INTEGER (1..16384)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the 'committed burst size' of 'two rate three color mode'.
                 1.     The unit is Kbytes. That is to say, 1 means 1Kbytes.
                 2. This parameter is an optional parameter. The default value is 4*1024.
                 3. The max set value is 16*1024.
                "
            ::= { swAclMeterEntry 9 }

        swAclMeterTrtcmPir OBJECT-TYPE
            SYNTAX  INTEGER (1..156249)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the 'Peak Information Rate' of 'two rate three color mode'.
                 The unit is Kbps."
            ::= { swAclMeterEntry 10 }

        swAclMeterTrtcmPbs OBJECT-TYPE
            SYNTAX  INTEGER (1..16384)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the 'peak burst size' of 'two rate three color mode'.
                 1.     The unit is Kbytes. That is to say, 1 means 1kbytes.
                 2. This parameter is an optional parameter. The default value is 4*1024.
                 3. The max set value is 16*1024.
                "
            ::= { swAclMeterEntry 11 }

        swAclMeterTrtcmColorMode OBJECT-TYPE
            SYNTAX  INTEGER {
                   color-blind(1),
                   color-aware(2)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the meter mode.
                 The default is color-blind mode. The final color of the packet is determined
                 by the initial color of the packet and the metering result."
            ::= { swAclMeterEntry 12 }

        swAclMeterTrtcmConformState OBJECT-TYPE
            SYNTAX  INTEGER {
                   other(1),
                   permit(2),
                   replace-dscp(3)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the action state when packet is in 'green color'.
                 permit: permit the packet.
                 replace-dscp:  change the DSCP value of packet.
                "
            ::= { swAclMeterEntry 13 }

        swAclMeterTrtcmConformReplaceDscp OBJECT-TYPE
            SYNTAX  INTEGER (0..63)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the DSCP value of the packet when the packet is in 'green color'."
            ::= { swAclMeterEntry 14 }

        swAclMeterTrtcmConformCounterState OBJECT-TYPE
            SYNTAX  INTEGER {
                   enabled(1),
                   disabled(2)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the counter state when the packet is in 'green color'.
                 1.     This is optional. The default is 'disable'.
                 2.     The resource may be limited so that the counter can not be turned on. The limitation is project dependent.
                 3.     counter will be cleared when the function is disabled.
                "
            ::= { swAclMeterEntry 15 }

        swAclMeterTrtcmExceedState OBJECT-TYPE
            SYNTAX  INTEGER {
                   other(1),
                   permit(2),
                   replace-dscp(3),
                   drop(4)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the action state when packet is in 'yellow color'.
                 permit: permit the packet.
                 replace-dscp: change the DSCP value of the packet.
                 drop: drop the packet.
                "
            ::= { swAclMeterEntry 16 }

        swAclMeterTrtcmExceedReplaceDscp OBJECT-TYPE
            SYNTAX  INTEGER (0..63)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the DSCP value of packet when packet is in 'yellow color'."
            ::= { swAclMeterEntry 17 }

        swAclMeterTrtcmExceedCounterState OBJECT-TYPE
            SYNTAX  INTEGER {
                   enabled(1),
                   disabled(2)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the counter state when packet is in 'yellow color'.
                 1.     This is optional. The default is 'disable'.
                 2.     The resource may be limited so that the counter can not be turned on. The limitation is project dependent.
                 3.     counter will be cleared when the function is disabled.
                "
            ::= { swAclMeterEntry 18 }

        swAclMeterTrtcmViolateState OBJECT-TYPE
            SYNTAX  INTEGER {
                   other(1),
                   permit(2),
                   replace-dscp(3),
                   drop(4)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the action state when packet is in 'red color'.
                 permit: permit the packet.
                 replace-dscp: change the DSCP value of packet.
                 drop: drop the packet.
                "
            ::= { swAclMeterEntry 19 }

        swAclMeterTrtcmViolateReplaceDscp OBJECT-TYPE
            SYNTAX  INTEGER (0..63)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the DSCP value of the packet when packet is in 'red color'."
            ::= { swAclMeterEntry 20 }

        swAclMeterTrtcmViolateCounterState OBJECT-TYPE
            SYNTAX  INTEGER {
                   enabled(1),
                   disabled(2)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the counter state when packet is in 'red color'.
                 1.     This is optional. The default is 'disable'.
                 2.     The resource may be limited so that the counter can not be turned on. The limitation is project dependent.
                 3.     counter will be cleared when the function is disabled.
                "
            ::= { swAclMeterEntry 21 }

        swAclMeterSrtcmCir OBJECT-TYPE
            SYNTAX  INTEGER (1..156249)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the 'committed information rate' of 'single rate three color mode'.
                 The unit is Kbps."
            ::= { swAclMeterEntry 22 }

        swAclMeterSrtcmCbs OBJECT-TYPE
            SYNTAX  INTEGER (1..16384)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the 'committed burst size' of 'single rate three color mode'.
                 1.     The unit is Kbytes. That is to say, 1 means 1Kbytes.
                 2. The max set value is 16*1024.
                "
            ::= { swAclMeterEntry 23 }

        swAclMeterSrtcmEbs OBJECT-TYPE
            SYNTAX  INTEGER (1..16384)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the 'Excess burst size' of 'single rate three color mode'.
                 1.     The unit is Kbytes. That is to say, 1 means 1kbytes.
                 2. The max set value is 16*1024.
                "
            ::= { swAclMeterEntry 24 }

        swAclMeterSrtcmColorMode OBJECT-TYPE
            SYNTAX  INTEGER {
                   color-blind(1),
                   color-aware(2)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the meter mode.
                 The default is color-blind mode. The final color of packet is determined
                 by the initial color of the packet and the metering result."
            ::= { swAclMeterEntry 25 }

        swAclMeterSrtcmConformState OBJECT-TYPE
            SYNTAX  INTEGER {
                   other(1),
                   permit(2),
                   replace-dscp(3)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the action state when the packet is in 'green color'.
                 permit: permit the packet.
                 replace-dscp: change the DSCP value of packet.
                "
            ::= { swAclMeterEntry 26 }

        swAclMeterSrtcmConformReplaceDscp OBJECT-TYPE
            SYNTAX  INTEGER (0..63)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the DSCP value of the packet when packet is in 'green color'."
            ::= { swAclMeterEntry 27 }

        swAclMeterSrtcmConformCounterState OBJECT-TYPE
            SYNTAX  INTEGER {
                   enabled(1),
                   disabled(2)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the counter state when the packet is in 'green color'.
                 1.     This is optional. The default is 'disable'.
                 2.     The resource may be limited such that counter can not be turned on. The limitation is project dependent.
                 3.     counter will be cleared when the function is disabled.
                "
            ::= { swAclMeterEntry 28 }

        swAclMeterSrtcmExceedState OBJECT-TYPE
            SYNTAX  INTEGER {
                   other(1),
                   permit(2),
                   replace-dscp(3),
                   drop(4)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the action state when the packet is in 'yellow color'.
                 permit: permit the packet.
                 replace-dscp: change the DSCP value of packet.
                 drop: drop the packet.
                "
            ::= { swAclMeterEntry 29 }

        swAclMeterSrtcmExceedReplaceDscp OBJECT-TYPE
            SYNTAX  INTEGER (0..63)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the DSCP value of the packet when packet is in 'yellow color'."
            ::= { swAclMeterEntry 30 }

        swAclMeterSrtcmExceedCounterState OBJECT-TYPE
            SYNTAX  INTEGER {
                   enabled(1),
                   disabled(2)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the counter state when the packet is in 'yellow color'.
                 1.     This is optional. The default is 'disable'.
                 2.     The resource may be limited such that counter can not be turned on. The limitation is project dependent.
                 3.     counter will be cleared when the function is disabled.
                "
            ::= { swAclMeterEntry 31 }

        swAclMeterSrtcmViolateState OBJECT-TYPE
            SYNTAX  INTEGER {
                   other(1),
                   permit(2),
                   replace-dscp(3),
                   drop(4)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the action state when the packet is in 'red color'.
                 permit: permit the packet.
                 replace-dscp: change the DSCP value of packet.
                 drop: drop the packet.
                "
            ::= { swAclMeterEntry 32 }

        swAclMeterSrtcmViolateReplaceDscp OBJECT-TYPE
            SYNTAX  INTEGER (0..63)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the DSCP value of the packet when packet is in 'red color'."
            ::= { swAclMeterEntry 33 }

        swAclMeterSrtcmViolateCounterState OBJECT-TYPE
            SYNTAX  INTEGER {
                   enabled(1),
                   disabled(2)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the counter state when the packet is in 'red color'.
                 1.     This is optional. The default is 'disable'.
                 2.     The resource may be limited so that the counter can not be turned on. The limitation is project dependent.
                 3.     counter will be cleared when the function is disabled.
                "
            ::= { swAclMeterEntry 34 }

        swAclMeterRowStatus OBJECT-TYPE
            SYNTAX  RowStatus
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "This object indicates the status of this entry."
            ::= { swAclMeterEntry 35 }

        swAclMeteringNumOfEntryInUse OBJECT-TYPE
                SYNTAX      INTEGER
                MAX-ACCESS  read-only
                STATUS      current
                DESCRIPTION
                   "Used to display total entries of the flow metering."
                ::= { swAclMeteringMgmt 2 }
                
                 
                
                
END


