-- ACLMGMT mib 
-- Draft Ver 0.3 2003/3/30 04:04U 
-- History: 
--   Index in the Mask and Rule table, change their ACCESS from read-create to read-only
-- --------------------------------------------------------------------------------------
-- Draft Ver 0.1 2003/2/27 02:44U by Scott Sung
-- Draft Ver 0.2 2003/3/12 10:43U by Richard Chang
-- Draft Ver 0.3 2003/8/13 10:43U by Scott Sung ,add swACLIpTCPFlagBit for DGS3x12S
-- --------------------------------------------------------------------------------------
SW-DES3x50-ACLMGMT-MIB DEFINITIONS ::= BEGIN

    IMPORTS
        Counter32,Counter64,TimeTicks,NOTIFICATION-TYPE,
        MODULE-IDENTITY,OBJECT-TYPE,IpAddress, Unsigned32
                                        FROM SNMPv2-SMI
        MacAddress, RowStatus           FROM SNMPv2-TC
        DisplayString                   FROM RFC1213-MIB
    	SnmpAdminString					FROM SNMP-FRAMEWORK-MIB
		PortList						FROM Q-BRIDGE-MIB
    	dlink-mgmt  	                FROM DLINK-ID-REC-MIB;
    	
    swAclMgmtMIB MODULE-IDENTITY
	    LAST-UPDATED "0007150000Z"
	    ORGANIZATION "enterprise, Inc."
	    CONTACT-INFO
	        "   Customer Service

		    Postal: 

		       Tel: 

		    E-mail: "
	    DESCRIPTION
		    "The Structure of Access Control List  Information for the
		    proprietary enterprise."
        ::= { dlink-mgmt  5 }

    swAclMaskMgmt                OBJECT IDENTIFIER ::= { swAclMgmtMIB 1 }
    swAclRuleMgmt                OBJECT IDENTIFIER ::= { swAclMgmtMIB 2 }

     
--***************************************************************************
--swACLEthernetTable
--***************************************************************************
    swACLEthernetTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwACLEthernetEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contain ACL mask of Ethernet information.
             Access profiles will be created on the switch by row creation and to
              define which parts of each incoming frame's layer 2 part of header
              the switch will examine.  Masks can be entered that will be combined 
              with the values the switch finds in the  specified frame header fields.  "
        ::= { swAclMaskMgmt 1 }
        
    swACLEthernetEntry OBJECT-TYPE
        SYNTAX  SwACLEthernetEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about ACL of Ethernet."
        INDEX  { swACLEthernetProfileID }
        ::= { swACLEthernetTable 1 }
      
    SwACLEthernetEntry ::= 
        SEQUENCE {
            swACLEthernetProfileID
                INTEGER,
            swACLEthernetUsevlan
                INTEGER,
            swACLEthernetMacAddrMaskState
                INTEGER,
            swACLEthernetSrcMacAddrMask
                MacAddress,
            swACLEthernetDstMacAddrMask
                MacAddress,
            swACLEthernetUse8021p
                INTEGER,
            swACLEthernetUseEthernetType
                INTEGER,             
            swACLEthernetPort
                PortList,      
            swACLEthernetRowStatus
                RowStatus                                                         
        }
    swACLEthernetProfileID OBJECT-TYPE
        SYNTAX  INTEGER (1..255)
        MAX-ACCESS  read-only	--read-create
        STATUS  current
        DESCRIPTION
            "The ID of ACL mask entry ,and is unique in the mask list."
        ::= { swACLEthernetEntry 1 }
    
    swACLEthernetUsevlan OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the switch will examine the VLAN part of each packet header."
        ::= { swACLEthernetEntry 2 }        

    swACLEthernetMacAddrMaskState OBJECT-TYPE
		SYNTAX  INTEGER {
               other(1),
               dst-mac-addr(2),
               src-mac-addr(3),
               dst-src-mac-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of MAC address mask. 

            other(1) - Neither source MAC address nor destination MAC address are 
                masked.
            dst-mac-addr(2) - recieved frames's destination MAC address are  
                currently used to be filtered as it meets with the MAC 
                address entry of the table.
            src-mac-addr(3) - recieved frames's source MAC address are currently 
                used to be filtered as it meets with the MAC address entry 
                of the table.
            dst-src-mac-addr(4) - recieved frames's destination MAC address or 
                source MAC address are currently used to be filtered as it meets
                with the MAC address entry of the table."
        ::= { swACLEthernetEntry 3 }    
        
    swACLEthernetSrcMacAddrMask OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object Specifies the MAC address mask for the source MAC address."
        ::= { swACLEthernetEntry 4 }     
        
    swACLEthernetDstMacAddrMask OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object  Specifies the  MAC address mask for the destination MAC address."
        ::= { swACLEthernetEntry 5 }   
        
    swACLEthernetUse8021p OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will examine the 802.1p priority value in the frame's header
              or not."
        ::= { swACLEthernetEntry 6 }     
        
    swACLEthernetUseEthernetType OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will examine the Ethernet type value in each frame's header 
              or not."
        ::= { swACLEthernetEntry 7 }     
        
    swACLEthernetPort OBJECT-TYPE
        SYNTAX  PortList(SIZE (0..127))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "."
        ::= { swACLEthernetEntry 8 }  
        
    swACLEthernetRowStatus OBJECT-TYPE --swACLEthernetState
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swACLEthernetEntry 9 }        
        
        
--***************************************************************************
--swACLIpTable
--***************************************************************************  
    swACLIpTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwACLIpEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contain ACL mask of IP information.
             Access profiles will be created on the switch by row creation and to
              define which parts of each incoming frame's IP layer part of header
              the switch will examine.  Masks can be entered that will be combined 
              with the values the switch finds in the  specified frame header fields."
        ::= { swAclMaskMgmt 2 }
        
    swACLIpEntry OBJECT-TYPE
        SYNTAX  SwACLIpEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about ACL of IP Layer."
        INDEX  { swACLIpProfileID }
        ::= { swACLIpTable 1 }
      
    SwACLIpEntry ::= 
        SEQUENCE {
            swACLIpProfileID	
                INTEGER,
            swACLIpUsevlan
                INTEGER,
            swACLIpIpAddrMaskState
                INTEGER,
            swACLIpSrcIpAddrMask
                IpAddress,
            swACLIpDstIpAddrMask
                IpAddress,
            swACLIpUseDSCP		
                INTEGER,
            swACLIpUseProtoType
                INTEGER,        
            swACLIpIcmpOption	
                INTEGER,                        
            swACLIpIgmpOption
                INTEGER,                        
            swACLIpTcpOption
                INTEGER,                        
            swACLIpUdpOption	
             	INTEGER,   
			swACLIpTCPorUDPSrcPortMask
			    OCTET STRING,	
			swACLIpTCPorUDPDstPortMask
			    OCTET STRING,
			swACLIpTCPFlagBit
				INTEGER,			    	                                                
            swACLIpProtoIDOption
                INTEGER,                        
            swACLIpProtoIDMask
                OCTET STRING,	                     
            swACLIpPort		
                PortList,       
            swACLIpRowStatus	
                RowStatus                                                         
        }
    swACLIpProfileID OBJECT-TYPE
        SYNTAX  INTEGER (1..255)
        MAX-ACCESS  read-only	
        STATUS  current
        DESCRIPTION
            "The ID of ACL mask entry ,and is unique in the mask list."
        ::= { swACLIpEntry 1 }
    
    swACLIpUsevlan OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates if IP layer vlan is examined or not."
        ::= { swACLIpEntry 2 }        

    swACLIpIpAddrMaskState OBJECT-TYPE
		SYNTAX  INTEGER {
               other(1),
               dst-ip-addr(2),
               src-ip-addr(3),
               dst-src-ip-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of IP address mask. 

            other(1) - Neither source IP address nor destination IP address are 
                masked.
            dst-ip-addr(2) - recieved frames's destination IP address are 
                currently used to be filtered as it meets with the IP 
                address entry of the table.
            src-ip-addr(3) - recieved frames's source IP address are currently 
                used to be filtered as it meets with the IP address entry of
                the table.
            dst-src-ip-addr(4) - recieved frames's destination IP address or 
                source IP address are currently used to be filtered as it meets
                with the IP address entry of the table."
        ::= { swACLIpEntry 3 }    
        
    swACLIpSrcIpAddrMask OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object Specifies IP address mask for the source IP address."
        ::= { swACLIpEntry 4 }     
        
    swACLIpDstIpAddrMask OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object Specifies the IP address mask for the destination IP address."
        ::= { swACLIpEntry 5 }   
        
    swACLIpUseDSCP OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates DSCP protocol is is examined or not."
        ::= { swACLIpEntry 6 }     
        
    swACLIpUseProtoType OBJECT-TYPE
        SYNTAX  INTEGER {
               none(1),
               icmp(2),
               igmp(3),
               tcp(4),
               udp(5),
               protocolId(6)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "That object indicates which protocol will be examined."
        ::= { swACLIpEntry 7 }     

    swACLIpIcmpOption OBJECT-TYPE
        SYNTAX  INTEGER {
               none(1),
               type(2),
               code(3),
               type-code(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates which fields should be filled in of ICMP.
            none(1)- two fields are null.
            type(2)- type field should be filled in.     
            code(3)- code field should be filled in.  
            type-code(4)- not only type fileld but code field should be filled in.
            "
        ::= { swACLIpEntry 8 }     
        
    swACLIpIgmpOption OBJECT-TYPE
        SYNTAX  INTEGER {
               enable(1),
               disable(2)
              }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates Options of IGMP is examined or not."
        ::= { swACLIpEntry 9 }     

    swACLIpTcpOption OBJECT-TYPE
        SYNTAX  INTEGER {
               other(1),
               dst-addr(2),
               src-addr(3),
               dst-src-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of filtered address of TCP. 

           	other(1) - Neither source port nor destination port are 
                masked.
            dst-addr(2) - recieved frames's destination port are 
                currently used to be filtered .
            src-addr(3) - recieved frames's source port are currently 
                used to be filtered .
            dst-src-addr(4) - both recieved frames's destination port and 
                source port are currently used to be filtered ."
        ::= { swACLIpEntry 10 }     
            
    swACLIpUdpOption OBJECT-TYPE
        SYNTAX  INTEGER {
               other(1),
               dst-addr(2),
               src-addr(3),
               dst-src-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of filtered address of UDP . 

            other(1) - Neither source port nor destination port are 
                masked.
            dst-addr(2) - recieved frames's destination port are 
                currently used to be filtered .
            src-addr(3) - recieved frames's source port are currently 
                used to be filtered .
            dst-src-addr(4) - recieved frames's destination port or 
                source port are currently used to be filtered."

        ::= { swACLIpEntry 11 }         

    swACLIpTCPorUDPSrcPortMask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(2)) 
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a TCP port mask for the source port  if swACLIpUseProtoType is TCP
             Specifies a UDP port mask for the source port if swACLIpUseProtoType is UDP.
             "
        ::= { swACLIpEntry 12 }     

    swACLIpTCPorUDPDstPortMask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(2))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a TCP port mask for the destination port  if swACLIpUseProtoType is TCP
             Specifies a UDP port mask for the destination port if swACLIpUseProtoType is UDP."
        ::= { swACLIpEntry 13 }         

	swACLIpTCPFlagBit OBJECT-TYPE
		SYNTAX  INTEGER(0..63)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a TCP connection flag mask."
        ::= { swACLIpEntry 14 }

    swACLIpProtoIDOption OBJECT-TYPE
        SYNTAX  INTEGER {
               enable(1),
               disable(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the switch will examine each frame's Protocol ID field or not."
        ::= { swACLIpEntry 15 }    

    swACLIpProtoIDMask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(4)) 
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the IP protocol ID and the mask options
             behind the IP header."
        ::= { swACLIpEntry 16 }     

	swACLIpPort OBJECT-TYPE
        SYNTAX	PortList(SIZE (0..127))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "."
        ::= { swACLIpEntry 17 }
        
    swACLIpRowStatus OBJECT-TYPE	
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swACLIpEntry 18 }
		
	--****************************************************************************
	--swACLPayloadEntry
	--****************************************************************************
	swACLPayloadTable  OBJECT-TYPE
		SYNTAX  SEQUENCE OF SwACLPayloadEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            ""
            ::= { swAclMaskMgmt 3 }
      
	swACLPayloadEntry OBJECT-TYPE
		SYNTAX  SwACLPayloadEntry
		 MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            ""
        INDEX  { swACLPayloadProfileID }
		::= { swACLPayloadTable 1 }
            
	SwACLPayloadEntry ::= 
        SEQUENCE {
			swACLPayloadProfileID
         		INTEGER,
			swACLPayloadOffSet0to15
        		OCTET STRING,
			swACLPayloadOffSet16to31
				OCTET STRING,
			swACLPayloadOffSet32to47
				OCTET STRING,
			swACLPayloadOffSet48to63
				OCTET STRING,
			swACLPayloadOffSet64to79
				OCTET STRING,
			swACLPayloadPort
				PortList,
			swACLPayloadRowStatus
				RowStatus
       }
     
	swACLPayloadProfileID OBJECT-TYPE
        SYNTAX  INTEGER (1..255)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "."
        ::= { swACLPayloadEntry 1 }
	
	swACLPayloadOffSet0to15 OBJECT-TYPE
        SYNTAX  OCTET STRING(SIZE (16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "."
        ::= { swACLPayloadEntry 2}

    swACLPayloadOffSet16to31 OBJECT-TYPE
        SYNTAX  OCTET STRING(SIZE (16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "."
        ::= { swACLPayloadEntry 3}
        
    swACLPayloadOffSet32to47 OBJECT-TYPE
        SYNTAX   OCTET STRING(SIZE (16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "."
        ::= { swACLPayloadEntry 4 }
     
        
    swACLPayloadOffSet48to63 OBJECT-TYPE
        SYNTAX  OCTET STRING(SIZE (16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "."
        ::= { swACLPayloadEntry 5 }
        
    swACLPayloadOffSet64to79 OBJECT-TYPE
        SYNTAX  OCTET STRING(SIZE (16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "."
        ::= { swACLPayloadEntry 6 }    

	swACLPayloadPort OBJECT-TYPE
        SYNTAX  PortList(SIZE (0..127))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "."
       ::= { swACLPayloadEntry 7 }
        
	swACLPayloadRowStatus OBJECT-TYPE
       	SYNTAX RowStatus
       	MAX-ACCESS read-create
       	STATUS current
       	DESCRIPTION
       		"."
       	::= {swACLPayloadEntry 8}

--***************************************************************************
--swACLEtherRuleTable
--***************************************************************************  
    swACLEtherRuleTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwACLEtherRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contain ACL rule of ethernet information."
        ::= { swAclRuleMgmt 1 }
        
    swACLEtherRuleEntry OBJECT-TYPE
        SYNTAX  SwACLEtherRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about ACL rule of the layer 2 part of each packet."
        INDEX  { swACLEtherRuleProfileID,swACLEtherRuleAccessID }
        ::= { swACLEtherRuleTable 1 }
      
    SwACLEtherRuleEntry ::= 
        SEQUENCE {
            swACLEtherRuleProfileID		
                INTEGER,
            swACLEtherRuleAccessID
                INTEGER,
            swACLEtherRuleVlan
                SnmpAdminString,
            swACLEtherRuleSrcMacAddress
                MacAddress,
            swACLEtherRuleDstMacAddress	
                MacAddress,             
            swACLEtherRule8021P
                INTEGER,        
            swACLEtherRuleEtherType
                OCTET STRING,   
            swACLEtherRuleEnablePriority
                INTEGER,
            swACLEtherRulePriority
                INTEGER,             
            swACLEtherRuleReplacePriority	
                INTEGER,       
            swACLEtherRuleEnableReplaceDscp
                INTEGER,                    
            swACLEtherRuleRepDscp
                INTEGER,
			swACLEtherRulePermit
                INTEGER,
            swACLEtherRuleRowStatus
                RowStatus                                                         
        }
    swACLEtherRuleProfileID OBJECT-TYPE
        SYNTAX  INTEGER (1..255)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of ACL mask entry ,and is unique in the mask list."
        ::= { swACLEtherRuleEntry 1 }
    
    swACLEtherRuleAccessID OBJECT-TYPE
        SYNTAX  INTEGER (1..255)
        MAX-ACCESS  read-only	
        STATUS  current
        DESCRIPTION
            "The ID of ACL rule entry relate to swACLEtherRuleProfileID."
        ::= { swACLEtherRuleEntry 2 }        
         
    swACLEtherRuleVlan OBJECT-TYPE
        SYNTAX  SnmpAdminString (SIZE (1..32))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access  will apply to only to this VLAN."
        ::= { swACLEtherRuleEntry 3 }     
        
    swACLEtherRuleSrcMacAddress OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access will apply to only packets with
             this source MAC address."
        ::= { swACLEtherRuleEntry 4 }   
        
    swACLEtherRuleDstMacAddress OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access will apply to only packets
              with this destination MAC address."
        ::= { swACLEtherRuleEntry 5 }       
        
    swACLEtherRule8021P OBJECT-TYPE
        SYNTAX  INTEGER(0..7)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access will apply only to packets with
              this 802.1p priority value."
        ::= { swACLEtherRuleEntry 6 }      
        
    swACLEtherRuleEtherType OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE (2))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access will apply only to packets with this
             hexidecimal 802.1Q Ethernet type value in the packet header."
        ::= { swACLEtherRuleEntry 7 }      

    swACLEtherRuleEnablePriority OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access will apply only to packets with
             priority value."
        ::= { swACLEtherRuleEntry 8 }     
        
    swACLEtherRulePriority OBJECT-TYPE
        SYNTAX  INTEGER(0..7)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specific the priority will change to the packets while the swACLEtherRuleReplacePriority
             is enabled ."
        ::= { swACLEtherRuleEntry 9 }     
        
    swACLEtherRuleReplacePriority OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specific the packets that match the access profile will changed the
             802.1p priority tag field by the switch or not ."
        ::= { swACLEtherRuleEntry 10 }  
        
    swACLEtherRuleEnableReplaceDscp OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specific the packets that match the access profile will replaced the
             DSCP field by the switch or not ."
        ::= { swACLEtherRuleEntry 11 }  

    swACLEtherRuleRepDscp OBJECT-TYPE	
        SYNTAX  INTEGER(0..63)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "specify a value to be written to the DSCP field of an incoming packet
             that meets the criteria specified in the first part of the command.
             This value will over-write the value in the DSCP field of the packet."
        ::= { swACLEtherRuleEntry 12 }  
        
	swACLEtherRulePermit OBJECT-TYPE	
		SYNTAX  INTEGER {
               permit(1),
               deny(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates resoult of examination is permit or deny;default is permit(1)
             permit - Specifies that packets that match the access profile are 
                      permitted to be forwarded by the switch.
             deny - Specifies that packets that do not match the access profile
                    are not permitted to be forwarded by the switch and will be filtered."
        ::= { swACLEtherRuleEntry 13 }

    swACLEtherRuleRowStatus OBJECT-TYPE	--swACLEtherRuleState
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swACLEtherRuleEntry 14 }   

--***************************************************************************
--swACLIpRuleTable
--***************************************************************************  
    swACLIpRuleTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwACLIpRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "."
        ::= { swAclRuleMgmt 2 }
        
    swACLIpRuleEntry OBJECT-TYPE
        SYNTAX  SwACLIpRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "."
        INDEX  { swACLIpRuleProfileID , swACLIpRuleAccessID }
        ::= { swACLIpRuleTable 1 }
      
    SwACLIpRuleEntry ::= 
        SEQUENCE {
            swACLIpRuleProfileID
                INTEGER,
            swACLIpRuleAccessID
                INTEGER,
            swACLIpRuleVlan
                SnmpAdminString,
            swACLIpRuleSrcIpaddress  
            	IpAddress,
            swACLIpRuleDstIpaddress
            	IpAddress,
            swACLIpRuleDscp		 
            	INTEGER,
            swACLIpRuleProtocol
                INTEGER,
            swACLIpRuleType			
            	INTEGER,
            swACLIpRuleCode			
            	INTEGER,
            swACLIpRuleSrcPort		
            	INTEGER,
            swACLIpRuleDstPort		
            	INTEGER,
            swACLIpRuleFlagBits		
            	INTEGER,            	
            swACLIpRuleProtoID		
            	INTEGER,
            swACLIpRuleUserMask		
            	OCTET STRING,	
            swACLIpRuleEnablePriority
                INTEGER,
            swACLIpRulePriority
                INTEGER,             
            swACLIpRuleReplacePriority
                INTEGER,       
            swACLIpRuleEnableReplaceDscp
                INTEGER,                    
            swACLIpRuleRepDscp
                INTEGER,
			swACLIpRulePermit
                INTEGER,
            swACLIpRuleRowStatus	
                RowStatus                                                         
        }
    swACLIpRuleProfileID OBJECT-TYPE
        SYNTAX  INTEGER (1..255)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of ACL mask entry ,and is unique in the mask list."
        ::= { swACLIpRuleEntry 1 }
    
    swACLIpRuleAccessID OBJECT-TYPE
        SYNTAX  INTEGER (1..255)
        MAX-ACCESS  read-only	--read-create
        STATUS  current
        DESCRIPTION
            "The ID of ACL IP rule entry ."
        ::= { swACLIpRuleEntry 2 }        
        
    swACLIpRuleVlan OBJECT-TYPE
        SYNTAX  SnmpAdminString (SIZE (1..32))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access  will apply to only to this VLAN."
        ::= { swACLIpRuleEntry 3 }     
        
    swACLIpRuleSrcIpaddress OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specific an IP source address."
        ::= { swACLIpRuleEntry 4 }  

    swACLIpRuleDstIpaddress OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specific an IP destination address."
        ::= { swACLIpRuleEntry 5 }  
        
    swACLIpRuleDscp OBJECT-TYPE
        SYNTAX  INTEGER(0..63)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specific the value of dscp, the value can be configured 0 to 63"
        ::= { swACLIpRuleEntry 6 }       

    swACLIpRuleProtocol OBJECT-TYPE
        SYNTAX  INTEGER {
               none(1),
               icmp(2),
               igmp(3),
               tcp(4),
               udp(5),
               protocolId(6)
               }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "Specifies the IP protocol which has been configured in swACLIpEntry  ."
        ::= { swACLIpRuleEntry 7 }   

    swACLIpRuleType OBJECT-TYPE
        SYNTAX  INTEGER(0..255)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specific that the rule applies to the value of  icmp type traffic."
        ::= { swACLIpRuleEntry 8 }    

    swACLIpRuleCode OBJECT-TYPE
        SYNTAX  INTEGER(0..255)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specific that the rule applies to the value of icmp code traffic."
        ::= { swACLIpRuleEntry 9 }    

    swACLIpRuleSrcPort OBJECT-TYPE
        SYNTAX  INTEGER(0..65535)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specific that the rule applies the range of tcp/udp source port"
        ::= { swACLIpRuleEntry 10 }    

    swACLIpRuleDstPort OBJECT-TYPE
        SYNTAX  INTEGER(0..65535)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specific the range of tcp/udp destination port range"
        ::= { swACLIpRuleEntry 11 }    

    swACLIpRuleFlagBits OBJECT-TYPE
        SYNTAX  INTEGER(0..63)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "A value which indicates the set of TCP flags that this
            entity may potentially offers.  The value is a sum.  This
            sum initially takes the value zero, Then, for each flag, L,
            in the range 1 through 6, that this node performs
            transactions for, 2 raised to (L - 1) is added to the sum.
            Note that values should be calculated accordingly:

                 Flag      functionality
                   6        urg bit
                   5        ack bit
                   4        rsh bit
                   3        rst bit
                   2		syn bit
                   1 		fin bit                 
			For example,it you want to enable urg bit and ack bit,you
			should set vlaue 48(2^(5-1) + 2^(6-1))."
        ::= { swACLIpRuleEntry 12 } 

    swACLIpRuleProtoID OBJECT-TYPE
        SYNTAX  INTEGER(0..255)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specific that the rule applies to the value of  ip protocol id traffic"
        ::= { swACLIpRuleEntry 13 }    

    swACLIpRuleUserMask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(4))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specific that the rule applies to the ip protocol id and the range of
             options behind the IP header."
        ::= { swACLIpRuleEntry 14 }    
        
    swACLIpRuleEnablePriority OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access will apply only to packets with
             priority value."
        ::= { swACLIpRuleEntry 15 }     
        
    swACLIpRulePriority OBJECT-TYPE
        SYNTAX  INTEGER(0..7)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access profile will apply to packets that contain
              this value in their 802.1p priority field of their header."
        ::= { swACLIpRuleEntry 16 }     
        
    swACLIpRuleReplacePriority OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specific the packets that match the access profile will changed the
             802.1p priority tag field by the switch or not ."
        ::= { swACLIpRuleEntry 17 }  
        
    swACLIpRuleEnableReplaceDscp OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Indicate weather the DSCP field can be over-write or not. "
        ::= { swACLIpRuleEntry 18 }  

    swACLIpRuleRepDscp OBJECT-TYPE
        SYNTAX  INTEGER(0..63)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "specify a value to be written to the DSCP field of an incoming packet
             that meets the criteria specified in the first part of the command.
             This value will over-write the value in the DSCP field of the packet."
        ::= { swACLIpRuleEntry 19 }  
    
	swACLIpRulePermit OBJECT-TYPE
        SYNTAX  INTEGER {
               deny(1),
               permit(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates filter is permit or deny;
             default is permit(1)"
        ::= { swACLIpRuleEntry 20 }
	
    swACLIpRuleRowStatus OBJECT-TYPE	
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swACLIpRuleEntry 21 }            

	--****************************************************************************
--swACLPayloadEntry
--****************************************************************************
	swACLPayloadRuleTable  OBJECT-TYPE
		SYNTAX  SEQUENCE OF SwACLPayloadRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            ""
        ::= { swAclRuleMgmt 3 }
      
	swACLPayloadRuleEntry OBJECT-TYPE
		SYNTAX  SwACLPayloadRuleEntry
		MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            ""
        INDEX  { swACLPayloadRuleProfileID,swACLPayloadRuleAccessID } 
		::= { swACLPayloadRuleTable 1 }
            

	SwACLPayloadRuleEntry ::= 
        SEQUENCE {
			swACLPayloadRuleProfileID
         		INTEGER,
			swACLPayloadRuleAccessID
				INTEGER,
			swACLPayloadRuleOffSet0to15
				OCTET STRING,
			swACLPayloadRuleOffSet16to31
				OCTET STRING,
			swACLPayloadRuleOffSet32to47
				OCTET STRING,
			swACLPayloadRuleOffSet48to63
				OCTET STRING,
			swACLPayloadRuleOffSet64to79
				OCTET STRING,
			swACLPayloadRuleEnablePriority
				INTEGER,
			swACLPayloadRulePriority
				INTEGER,             
			swACLPayloadRuleReplacePriority
				INTEGER,       
			swACLPayloadRuleEnableReplaceDscp
				INTEGER,                    
			swACLPayloadRuleRepDscp
				INTEGER,
			swACLPayloadRulePermit
				INTEGER,
			swACLPayloadRuleRowStatus
				RowStatus   	 
        }
     
    swACLPayloadRuleProfileID OBJECT-TYPE
        SYNTAX  INTEGER (1..255)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            ""
        ::= { swACLPayloadRuleEntry 1 }
         
    swACLPayloadRuleAccessID OBJECT-TYPE
        SYNTAX  INTEGER (1..255)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            ""
        ::= { swACLPayloadRuleEntry 2 }      
    
	swACLPayloadRuleOffSet0to15 OBJECT-TYPE
        SYNTAX  OCTET STRING(SIZE (16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            ""
        ::= { swACLPayloadRuleEntry 3 }

    swACLPayloadRuleOffSet16to31 OBJECT-TYPE
        SYNTAX  OCTET STRING(SIZE (16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            ""
        ::= { swACLPayloadRuleEntry 4 }
        
    swACLPayloadRuleOffSet32to47 OBJECT-TYPE
        SYNTAX   OCTET STRING(SIZE (16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            ""
        ::= { swACLPayloadRuleEntry 5 }
     
        
    swACLPayloadRuleOffSet48to63 OBJECT-TYPE
        SYNTAX  OCTET STRING(SIZE (16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            ""
        ::= { swACLPayloadRuleEntry 6 }
        
    swACLPayloadRuleOffSet64to79 OBJECT-TYPE
        SYNTAX  OCTET STRING(SIZE (16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            ""
        ::= { swACLPayloadRuleEntry 7 }

	swACLPayloadRuleEnablePriority OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            ""
        ::= { swACLPayloadRuleEntry 8 }     
        
    swACLPayloadRulePriority OBJECT-TYPE
        SYNTAX  INTEGER(0..7)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access profile will apply to packets that contain
              this value in their 802.1p priority field of their header."
        ::= { swACLPayloadRuleEntry 9 }     
        
    swACLPayloadRuleReplacePriority OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            ""
        ::= { swACLPayloadRuleEntry 10 }  
        
    swACLPayloadRuleEnableReplaceDscp OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Indicate wether the DSCP field can be over-write or not "
        ::= { swACLPayloadRuleEntry 11 }  

    swACLPayloadRuleRepDscp OBJECT-TYPE
        SYNTAX  INTEGER(0..63)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "specify a value to be written to the DSCP field of an incoming packet
             that meets the criteria specified in the first part of the command.
             This value will over-write the value in the DSCP field of the packet."
        ::= { swACLPayloadRuleEntry 12 }
	
	swACLPayloadRulePermit OBJECT-TYPE
		SYNTAX INTEGER{
			permit(1),
			deny(2)	
		}
		MAX-ACCESS read-create
		STATUS  current
	    DESCRIPTION
	        ""
	    ::= { swACLPayloadRuleEntry 13 }
        
	swACLPayloadRuleRowStatus OBJECT-TYPE
		SYNTAX	RowStatus	
	    MAX-ACCESS  read-create
	    STATUS  current
	    DESCRIPTION
	        ""
	    ::= { swACLPayloadRuleEntry 14 }
          
END
