-- *****************************************************************
-- FS-ACL-MIB.mib:  FS Acl MIB file
--
-- March 2002, Wuzg
--
-- Copyright (c) 2002 by FS.COM Inc..
-- All rights reserved.
-- 
-- *****************************************************************
--

FS-ACL-MIB DEFINITIONS ::= BEGIN

IMPORTS
        MODULE-IDENTITY,
        OBJECT-TYPE,
        Integer32,
        Unsigned32,
        IpAddress
                FROM SNMPv2-SMI
        TruthValue,
        DisplayString,
        RowStatus,
        MacAddress
                FROM SNMPv2-TC
        MODULE-COMPLIANCE,
        OBJECT-GROUP
                FROM SNMPv2-CONF
        IfIndex,
        ConfigStatus
                FROM FS-TC        
        fsMgmt
                FROM FS-SMI;

fsAclMIB MODULE-IDENTITY
        LAST-UPDATED "200203200000Z"
        ORGANIZATION "FS.COM Inc.."
        CONTACT-INFO
                " 
                Tel: 400-865-2852 

                E-mail: https://www.fs.com/live_chat_service_mail.html"
        DESCRIPTION
                "This module defines fs acl mibs."
        REVISION      "200203200000Z"
        DESCRIPTION
                "Initial version of this MIB module."
        ::= { fsMgmt 17}

--ACLNO ::= TEXTUAL-CONVENTION
--    STATUS current
--    DESCRIPTION
--        " Serial number of Access control list entry, Access control list entry of 
--          bigger ACL number will have  higher implement priority. One ACL number 
--          corresponding to only one entry."
--    SYNTAX      INTEGER

-- Access control list
fsAclMIBObjects OBJECT IDENTIFIER ::= { fsAclMIB 1 }


fsAclTable OBJECT-TYPE
        SYNTAX SEQUENCE OF FSAclEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
               "A table of acl request entries."
        ::= { fsAclMIBObjects 1 }
    
fsAclEntry OBJECT-TYPE
        SYNTAX FSAclEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
                "Entry contains acl name and mode."  
        INDEX { fsAclName }
        ::= { fsAclTable 1 }
        
FSAclEntry ::= 
        SEQUENCE {
                fsAclName DisplayString,
                fsAclMode INTEGER,
                fsAclEntryStatus ConfigStatus
        } 
           
fsAclName OBJECT-TYPE
        SYNTAX DisplayString(SIZE (1..32))
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "Access list name of this entry.This value is unique for every entry
            When this string be used as an index,Value of a sub-identifier equal 
            ASCII value of corresponding character(first sub-identifier corresponds
            first character of string). The number of sub-identifiers of this string
            must be 32,If length of string is less than 32 the sub-identifier(0x0) 
            will be filled in tail."
        ::= { fsAclEntry  1 }
                
fsAclMode OBJECT-TYPE
        SYNTAX INTEGER{
               acl-ip-standard(1),   
               acl-ip-extended(2),   
               acl-mac-extended(3),  
               acl-expert(4), 
               acl-ipv6-extended(5)
            }
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
               " Config mode of this ACL"
        ::= { fsAclEntry 2 }    

fsAclEntryStatus OBJECT-TYPE
        SYNTAX ConfigStatus
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "Status of this entry, set its value to invalid will delete this entry.
            set its value to valid has no effect."
        ::= { fsAclEntry 3 }

--fsAceTable OBJECT-TYPEV
--        SYNTAX SEQUENCE OF FSAceEntry
--        MAX-ACCESS not-accessible
--        STATUS current
--        DESCRIPTION
--               "A table of ACE request entries."
--        ::= { fsAclMIBObjects 2 } this OID is obsolete
    
--fsAceEntry OBJECT-TYPE
--        SYNTAX FSAceEntry
--        MAX-ACCESS not-accessible
--        STATUS current
--        DESCRIPTION
--                "Entry contains ace parameters and results.
--                
--                A management station wishing to create an entry should
--                first generate a pseudo-random serial number to be used
--                as the index to a ace entry of a acl.  The station should
--                then create the associated entry.
--                
--                We must set all specifies valid values for the 
--                non-defaulted configuration objects, certainly, it should
--                also modify  the default values for the other configuration 
--                objects if the defaults are not appropriate.
--                                       
--                Once the appropriate instance of all the configuration
--                objects have been created or set,the row status should be set
--                to active to initiate the request."  
--        INDEX { fsAceAclName,fsAceIndex }
--        ::= { fsAceTable 1 }
--        
--FSAceEntry ::= 
--        SEQUENCE {
--                fsAceAclName DisplayString,
--                fsAceIndex Integer32,
--                fsAceIfAnyVID TruthValue,
--                fsAceVID Unsigned32,
--                fsAceIfAnySourceIp TruthValue,
--                fsAceSourceIp IpAddress,
--                fsAceIfAnySourceWildCard TruthValue,
--                fsAceSourceWildCard IpAddress,
--                fsAceIfAnySourceMacAddr TruthValue,
--                fsAceSourceMacAddr MacAddress,
--                fsAceIfAnyDestIp TruthValue,
--                fsAceDestIp IpAddress,
--                fsAceIfAnyDestWildCard TruthValue,
--                fsAceDestIpWildCard IpAddress,
--                fsAceIfAnyDestMacAddr TruthValue,
--                fsAceDestMacAddr MacAddress,
--                fsAceIfAnyEtherLikeType TruthValue,
--                fsAceEtherLikeType Integer32,
--                fsAceIfAnyIpProtocolField TruthValue,
--                fsAceIpProtocolField Integer32,
--                fsAceIfAnySourceProtocolPort TruthValue,
--                fsAceSourceProtocolPort Integer32,
--                fsAceIfAnyDestProtocolPort TruthValue,
--                fsAceDestProtocolPort Integer32,
--                fsAceIfAnyProtocolType TruthValue,
--                fsAceProtocolType Integer32,
--                fsAceFlowAction INTEGER,
--                fsAceEntryStauts RowStatus,
--                fsAceTimeRangeName DisplayString
--        }
--
--fsAceAclName OBJECT-TYPE
--        SYNTAX DisplayString(SIZE (1..32))
--        MAX-ACCESS read-only
--        STATUS current
--        DESCRIPTION
--            "Access list name of this ace belong to.
--            When this string be used as an index,Value of a sub-identifier equal 
--            ASCII value of corresponding character(first sub-identifier corresponds
--            first character of string). The number of sub-identifiers of this string
--            must be 32,If length of string is less than 32 the sub-identifier(0x0) 
--            will be filled in tail."
--        ::= { fsAceEntry  1 }
--
--fsAceIndex OBJECT-TYPE
--        SYNTAX Integer32(1..2147483647)
--        MAX-ACCESS read-only
--        STATUS current
--        DESCRIPTION
--               "Object which specifies a unique entry in the
--                fsAclTable.  A management station wishing
--                to initiate a acl operation should use a
--                pseudo-random value for this object when creating
--                or modifying an instance of a fsAclEntry.
--                The RowStatus semantics of the fsAclEntryStatus
--                object will prevent access conflicts."
--        ::= { fsAceEntry 2 }
--   
--fsAceIfAnyVID OBJECT-TYPE
--        SYNTAX TruthValue
--        MAX-ACCESS read-create
--        STATUS current
--        DESCRIPTION
--            "VID of class will not be checked if this value is true."
--        DEFVAL{ true }
--        ::= { fsAceEntry 3 }
--   
--fsAceVID OBJECT-TYPE
--        SYNTAX Unsigned32(0..4094)
--        MAX-ACCESS read-create
--        STATUS current
--        DESCRIPTION
--            "VID of Ace flow definition."
--        ::= { fsAceEntry 4 }
--    
--fsAceIfAnySourceIp OBJECT-TYPE
--        SYNTAX TruthValue
--        MAX-ACCESS read-create
--        STATUS current
--        DESCRIPTION
--            "Source Ip of class will not be checked if this value is true."
--        DEFVAL{ true }
--        ::= { fsAceEntry 5 }
--            
--fsAceSourceIp OBJECT-TYPE
--        SYNTAX IpAddress
--        MAX-ACCESS read-create
--        STATUS current
--        DESCRIPTION
--            "Sourece ip address of Ace flow definition."
--        ::= { fsAceEntry 6 }
--
--fsAceIfAnySourceWildCard OBJECT-TYPE
--        SYNTAX TruthValue
--        MAX-ACCESS read-create
--        STATUS current
--        DESCRIPTION
--            "Source Ip wild card of class will not be checked if this value is true."
--        DEFVAL{ true }
--        ::= { fsAceEntry 7 }
--                
--fsAceSourceWildCard OBJECT-TYPE
--        SYNTAX IpAddress
--        MAX-ACCESS read-create
--        STATUS current
--        DESCRIPTION
--            "Sourece ip wild card(in reverse ip address mask)of Ace flow definition."
--        ::= { fsAceEntry 8 }        
--
--fsAceIfAnySourceMacAddr OBJECT-TYPE
--        SYNTAX TruthValue
--        MAX-ACCESS read-create
--        STATUS current
--        DESCRIPTION
--            "Source mac address of class will not be checked if this value is true."
--        DEFVAL{ true }
--        ::= { fsAceEntry 9 }
--                
--fsAceSourceMacAddr OBJECT-TYPE
--        SYNTAX MacAddress
--        MAX-ACCESS read-create
--        STATUS current
--        DESCRIPTION
--            "Sourece Mac address of Ace flow definition."
--        ::= { fsAceEntry 10 }                
-- 
--fsAceIfAnyDestIp OBJECT-TYPE
--        SYNTAX TruthValue
--        MAX-ACCESS read-create
--        STATUS current
--        DESCRIPTION
--            "Destination Ip wild card of class will not be checked if this value is true."
--        DEFVAL{ true }
--        ::= { fsAceEntry 11 }
--         
--fsAceDestIp OBJECT-TYPE
--        SYNTAX IpAddress
--        MAX-ACCESS read-create
--        STATUS current
--        DESCRIPTION
--            "Destination ip address of Ace flow definition."
--        ::= { fsAceEntry 12 }
--
--fsAceIfAnyDestWildCard OBJECT-TYPE
--        SYNTAX TruthValue
--        MAX-ACCESS read-create
--        STATUS current
--        DESCRIPTION
--            "Source Ip wild card of class will not be checked if this value is true."
--        DEFVAL{ true }
--        ::= { fsAceEntry 13 }
--                
--fsAceDestIpWildCard OBJECT-TYPE
--        SYNTAX IpAddress
--        MAX-ACCESS read-create
--        STATUS current
--        DESCRIPTION
--            "Destination ip wild card(in reverse ip address mask) of Ace flow definition."
--        ::= { fsAceEntry 14 }        
--
--fsAceIfAnyDestMacAddr OBJECT-TYPE
--        SYNTAX TruthValue
--        MAX-ACCESS read-create
--        STATUS current
--        DESCRIPTION
--            "Source Ip wild card of class will not be checked if this value is true."
--        DEFVAL{ true }
--        ::= { fsAceEntry 15 }
--                
--fsAceDestMacAddr OBJECT-TYPE
--        SYNTAX MacAddress
--        MAX-ACCESS read-create
--        STATUS current
--        DESCRIPTION
--            "Destination Mac address of Ace flow definition."
--        ::= { fsAceEntry 16 }
--
--fsAceIfAnyEtherLikeType OBJECT-TYPE
--        SYNTAX TruthValue
--        MAX-ACCESS read-create
--        STATUS current
--        DESCRIPTION
--            "Ether Like Type in MAC packet will not be checked if this value is true."
--        DEFVAL{ true }
--        ::= { fsAceEntry 17 }
--            
--fsAceEtherLikeType OBJECT-TYPE
--        SYNTAX Integer32
--        MAX-ACCESS read-create
--        STATUS current
--        DESCRIPTION
--            "Ether Like Type in MAC packet of Ace flow definition. "
--        ::= { fsAceEntry 18 }
--
--fsAceIfAnyIpProtocolField OBJECT-TYPE
--        SYNTAX TruthValue
--        MAX-ACCESS read-create
--        STATUS current
--        DESCRIPTION
--            "Source Ip wild card of class will not be checked if this value is true."
--        DEFVAL{ true }
--        ::= { fsAceEntry 19 }
--            
--fsAceIpProtocolField OBJECT-TYPE
--        SYNTAX Integer32
--        MAX-ACCESS read-create
--        STATUS current
--        DESCRIPTION
--            "The value of protocol field in IP packet of Ace flow definition."
--        ::= { fsAceEntry 20 }
--      
--fsAceIfAnySourceProtocolPort OBJECT-TYPE
--        SYNTAX TruthValue
--        MAX-ACCESS read-create
--        STATUS current
--        DESCRIPTION
--            "The value of source protocol port in IP packet will not be checked if 
--             this value is true."
--        DEFVAL{ true }
--        ::= { fsAceEntry 21 }
--        
--fsAceSourceProtocolPort OBJECT-TYPE
--        SYNTAX Integer32
--        MAX-ACCESS read-create
--        STATUS current
--        DESCRIPTION
--            "The value of source protocol port in IP packet of Ace flow definition. It is 
--             significative only to those protocol which support this field."
--        ::= { fsAceEntry 22 }
--
--fsAceIfAnyDestProtocolPort OBJECT-TYPE
--        SYNTAX TruthValue
--        MAX-ACCESS read-create
--        STATUS current
--        DESCRIPTION
--            "he value of destination protocol port in IP packet will not be checked if 
--            this value is true."
--        DEFVAL{ true }
--        ::= { fsAceEntry 23 }
--        
--fsAceDestProtocolPort OBJECT-TYPE
--        SYNTAX Integer32
--        MAX-ACCESS read-create
--        STATUS current
--        DESCRIPTION
--            "The value of destination protocol port in IP packet of Ace flow definition. It is 
--             significative only to those protocol which support this field(tcp,udp)."
--        ::= { fsAceEntry 24 }        
--
--fsAceIfAnyProtocolType OBJECT-TYPE
--        SYNTAX TruthValue
--        MAX-ACCESS read-create
--        STATUS current
--        DESCRIPTION
--            "The value of protocol type field in IP packet will not be checked if this 
--            value is true."
--        DEFVAL{ true }
--        ::= { fsAceEntry 25 }
--            
--fsAceProtocolType OBJECT-TYPE
--        SYNTAX Integer32
--        MAX-ACCESS read-create
--        STATUS current
--        DESCRIPTION
--            "The value of protocol type field in IP packet of Ace flow definition. It is 
--             significative only to those protocol which support this field(icmp,igmp)."
--        ::= { fsAceEntry 26 }            
--                
--fsAceFlowAction OBJECT-TYPE
--        SYNTAX INTEGER{
--               permit(1),
--               delay(2) 
--        }
--        MAX-ACCESS read-create
--        STATUS current
--        DESCRIPTION
--            "Permit indicate that the kind of  flow which entry define will be allow to access ,
--             delay indicate that the kind of flow which entry define will be refuse to access"
--        ::= { fsAceEntry 27 }
--    
--fsAceEntryStauts OBJECT-TYPE
--        SYNTAX RowStatus
--        MAX-ACCESS read-create
--        STATUS current
--        DESCRIPTION
--            "entry status for this list."
--        ::= { fsAceEntry 28 }
--
--fsAceTimeRangeName OBJECT-TYPE
--    SYNTAX      DisplayString(SIZE (0..32))
--    MAX-ACCESS  not-accessible
--    STATUS      current
--    DESCRIPTION
--        "Name of time-range of this ACE match. It indicate that 
--         this ACE doesn't match any time-range if this string is null"
--    ::= { fsAceEntry 29 }
        

fsAclIfTable OBJECT-TYPE
        SYNTAX SEQUENCE OF FSAclIfEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "list of ACL interface objects."
        ::= { fsAclMIBObjects 3 }
    
fsAclIfEntry OBJECT-TYPE
        SYNTAX FSAclIfEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "Entry ACL interface information."
        INDEX { fsAclIfIndex }
        ::= { fsAclIfTable 1 }

FSAclIfEntry ::=
        SEQUENCE {
            fsAclIfIndex IfIndex,
            fsAclIfMaxEntryNum Integer32,
            fsAclIfCurruntEntryNum Integer32,
            fsIfInAclName  DisplayString,
            fsIfOutAclName DisplayString,
            fsAclIf6MaxEntryNum Integer32,
            fsAclIf6CurruntEntryNum Integer32,
            fsIf6InAclName  DisplayString,
            fsIf6OutAclName DisplayString
        }

fsAclIfIndex OBJECT-TYPE
        SYNTAX IfIndex
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            " "
        ::= { fsAclIfEntry 1 }

fsAclIfMaxEntryNum OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
               "Max num of ACL entry(ACE) in a interface."
        ::= { fsAclIfEntry 2 }

fsAclIfCurruntEntryNum OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
               "Currunt valid num of ACL entry(ACE) in a interface."
        ::= { fsAclIfEntry 3 }
        
fsIfInAclName OBJECT-TYPE
        SYNTAX DisplayString(SIZE (0..32))
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Access list name of ACL of this interface match for input. 
            It indicate that this interface doesn't match any ACL for input 
            if this string is null"
        ::= { fsAclIfEntry  4 }        
        
fsIfOutAclName OBJECT-TYPE
        SYNTAX DisplayString(SIZE (0..32))
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Access list name of ACL of this interface match for output. 
            It indicate that this interface doesn't match any ACL for output 
            if this string is null
            
            This relation function apply only L3 interface."
        ::= { fsAclIfEntry  5 }  
        
fsAclIf6MaxEntryNum OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
               "Max num of ACL6 entry(ACE) in a interface."
        ::= { fsAclIfEntry 6 }

fsAclIf6CurruntEntryNum OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
               "Currunt valid num of ACL6 entry(ACE) in a interface."
        ::= { fsAclIfEntry 7 }
        
fsIf6InAclName OBJECT-TYPE
        SYNTAX DisplayString(SIZE (0..32))
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Access list name of ACL6 of this interface match for input. 
            It indicate that this interface doesn't match any ACL for input 
            if this string is null"
        ::= { fsAclIfEntry  8 }        
        
fsIf6OutAclName OBJECT-TYPE
        SYNTAX DisplayString(SIZE (0..32))
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Access list name of ACL6 of this interface match for output. 
            It indicate that this interface doesn't match any ACL for output 
            if this string is null
            
            This relation function apply only L3 interface."
        ::= { fsAclIfEntry  9 }
        
fsAceExtTable OBJECT-TYPE
        SYNTAX SEQUENCE OF FSAceExtEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
               "A table of ACE request entries."
        ::= { fsAclMIBObjects 4 }
  
fsAceExtEntry OBJECT-TYPE
        SYNTAX FSAceExtEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
                "Entry contains ace parameters and results.
                
                A management station wishing to create an entry should
                first generate a pseudo-random serial number to be used
                as the index to a ace entry of a acl.  The station should
                then create the associated entry.
                
                We must set all specifies valid values for the 
                non-defaulted configuration objects, certainly, it should
                also modify  the default values for the other configuration 
                objects if the defaults are not appropriate.
                                       
                Once the appropriate instance of all the configuration
                objects have been created or set,the row status should be set
                to active to initiate the request."  
        INDEX { fsAceExtAclName,fsAceExtIndex }
        ::= { fsAceExtTable 1 }
        
FSAceExtEntry ::= 
        SEQUENCE {
                fsAceExtAclName DisplayString,
                fsAceExtIndex Integer32,
                fsAceExtIfAnyVID TruthValue,
                fsAceExtVID Unsigned32,
                fsAceExtIfAnySourceIp TruthValue,
                fsAceExtSourceIp IpAddress,
                fsAceExtIfAnySourceWildCard TruthValue,
                fsAceExtSourceWildCard IpAddress,
                fsAceExtIfAnySourceMacAddr TruthValue,
                fsAceExtSourceMacAddr MacAddress,
                fsAceExtIfAnyDestIp TruthValue,
                fsAceExtDestIp IpAddress,
                fsAceExtIfAnyDestWildCard TruthValue,
                fsAceExtDestIpWildCard IpAddress,
                fsAceExtIfAnyDestMacAddr TruthValue,
                fsAceExtDestMacAddr MacAddress,
                fsAceExtIfAnyEtherLikeType TruthValue,
                fsAceExtEtherLikeType Integer32,
                fsAceExtIfAnyIpProtocolField TruthValue,
                fsAceExtIpProtocolField Integer32,
                fsAceExtSourceProtocolPort Integer32,
                fsAceExtDestProtocolPort Integer32,
                fsAceExtIfAnyProtocolType TruthValue,
                fsAceExtProtocolType Integer32,
                fsAceExtFlowAction INTEGER,
                fsAceExtEntryStauts RowStatus,
                fsAceExtTimeRangeName DisplayString,
                fsAceExtSourcePortOp INTEGER,
                fsAceExtSourceProtocolPortRange Integer32,
                fsAceExtDestPortOp INTEGER,
                fsAceExtDestProtocolPortRange Integer32,
                fsAceExtIfAnyCos TruthValue,
                fsAceExtCos Integer32,
                fsAceExtIfAnyIpPrec TruthValue,
                fsAceExtIpPrec Integer32,
                fsAceExtIfAnyDscp TruthValue,
                fsAceExtDscp Integer32,
                fsAceExtIfAnySourceMacAddrWildCard TruthValue,
                fsAceExtSourceMacAddrWildCard MacAddress,
                fsAceExtIfAnyDestMacAddrWildCard TruthValue,
                fsAceExtDestMacAddrWildCard MacAddress,
                fsAceExtIfAnyTcpFlag TruthValue,
                fsAceExtTcpFlag Integer32,
                fsAceExtIfAnySourceIp6 TruthValue,
                fsAceExtSourceIp6 OCTET STRING,
                fsAceExtIfAnySourceIp6WildCard TruthValue,
                fsAceExtSourceIp6WildCard OCTET STRING,
                fsAceExtIfAnyDestIp6 TruthValue,
                fsAceExtDestIp6 OCTET STRING,
                fsAceExtIfAnyDestIp6WildCard TruthValue,
                fsAceExtDestIp6WildCard OCTET STRING
        }

fsAceExtAclName OBJECT-TYPE
        SYNTAX DisplayString(SIZE (1..32))
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "Access list name of this ace belong to.
            When this string be used as an index,Value of a sub-identifier equal 
            ASCII value of corresponding character(first sub-identifier corresponds
            first character of string). The number of sub-identifiers of this string
            must be 32,If length of string is less than 32 the sub-identifier(0x0) 
            will be filled in tail."
        ::= { fsAceExtEntry  1 }

fsAceExtIndex OBJECT-TYPE
        SYNTAX Integer32(1..2147483647)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
               "Object which specifies a unique entry in the
                fsAclTable.  A management station wishing
                to initiate a acl operation should use a
                pseudo-random value for this object when creating
                or modifying an instance of a fsAclEntry.
                The RowStatus semantics of the fsAclEntryStatus
                object will prevent access conflicts."
        ::= { fsAceExtEntry 2 }
   
fsAceExtIfAnyVID OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "VID of class will not be checked if this value is true."
        DEFVAL{ true }
        ::= { fsAceExtEntry 3 }
   
fsAceExtVID OBJECT-TYPE
        SYNTAX Unsigned32(0..4094)
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "VID of Ace flow definition."
        ::= { fsAceExtEntry 4 }
    
fsAceExtIfAnySourceIp OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "Source Ip of class will not be checked if this value is true."
        DEFVAL{ true }
        ::= { fsAceExtEntry 5 }
            
fsAceExtSourceIp OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "Sourece ip address of Ace flow definition."
        ::= { fsAceExtEntry 6 }

fsAceExtIfAnySourceWildCard OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "Source Ip wild card of class will not be checked if this value is true."
        DEFVAL{ true }
        ::= { fsAceExtEntry 7 }
                
fsAceExtSourceWildCard OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "Sourece ip wild card(in reverse ip address mask)of Ace flow definition."
        ::= { fsAceExtEntry 8 }        

fsAceExtIfAnySourceMacAddr OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "Source mac address of class will not be checked if this value is true."
        DEFVAL{ true }
        ::= { fsAceExtEntry 9 }
                
fsAceExtSourceMacAddr OBJECT-TYPE
        SYNTAX MacAddress
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "Sourece Mac address of Ace flow definition."
        ::= { fsAceExtEntry 10 }                
 
fsAceExtIfAnyDestIp OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "Destination Ip wild card of class will not be checked if this value is true."
        DEFVAL{ true }
        ::= { fsAceExtEntry 11 }
         
fsAceExtDestIp OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "Destination ip address of Ace flow definition."
        ::= { fsAceExtEntry 12 }

fsAceExtIfAnyDestWildCard OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "Source Ip wild card of class will not be checked if this value is true."
        DEFVAL{ true }
        ::= { fsAceExtEntry 13 }
                
fsAceExtDestIpWildCard OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "Destination ip wild card(in reverse ip address mask) of Ace flow definition."
        ::= { fsAceExtEntry 14 }        

fsAceExtIfAnyDestMacAddr OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "Source Ip wild card of class will not be checked if this value is true."
        DEFVAL{ true }
        ::= { fsAceExtEntry 15 }
                
fsAceExtDestMacAddr OBJECT-TYPE
        SYNTAX MacAddress
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "Destination Mac address of Ace flow definition."
        ::= { fsAceExtEntry 16 }

fsAceExtIfAnyEtherLikeType OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "Ether Like Type in MAC packet will not be checked if this value is true."
        DEFVAL{ true }
        ::= { fsAceExtEntry 17 }
            
fsAceExtEtherLikeType OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "Ether Like Type in MAC packet of Ace flow definition. "
        ::= { fsAceExtEntry 18 }

fsAceExtIfAnyIpProtocolField OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "Source Ip wild card of class will not be checked if this value is true."
        DEFVAL{ true }
        ::= { fsAceExtEntry 19 }
            
fsAceExtIpProtocolField OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "The value of protocol field in IP packet of Ace flow definition."
        ::= { fsAceExtEntry 20 }
      
fsAceExtSourceProtocolPort OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "The value of source protocol port in IP packet of Ace flow definition. It is 
             significative only to those protocol which support this field."
        ::= { fsAceExtEntry 21 }

fsAceExtDestProtocolPort OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "The value of destination protocol port in IP packet of Ace flow definition. It is 
             significative only to those protocol which support this field(tcp,udp)."
        ::= { fsAceExtEntry 22 }        

fsAceExtIfAnyProtocolType OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "The value of protocol type field in IP packet will not be checked if this 
            value is true."
        DEFVAL{ true }
        ::= { fsAceExtEntry 23 }
            
fsAceExtProtocolType OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "The value of protocol type field in IP packet of Ace flow definition. It is 
             significative only to those protocol which support this field(icmp,igmp)."
        ::= { fsAceExtEntry 24 }            
                
fsAceExtFlowAction OBJECT-TYPE
        SYNTAX INTEGER{
               permit(1),
               deny(2) 
        }
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "Permit indicate that the kind of  flow which entry define will be allow to access ,
             deny indicate that the kind of flow which entry define will be refuse to access"
        ::= { fsAceExtEntry 25 }
    
fsAceExtEntryStauts OBJECT-TYPE
        SYNTAX RowStatus
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "entry status for this list."
        ::= { fsAceExtEntry 26 }

fsAceExtTimeRangeName OBJECT-TYPE
    SYNTAX      DisplayString(SIZE (0..32))
    MAX-ACCESS  read-write 
    STATUS      current
    DESCRIPTION
        "Name of time-range of this ACE match. It indicate that 
         this ACE doesn't match any time-range if this string is null"
    ::= { fsAceExtEntry 27 }

fsAceExtSourcePortOp OBJECT-TYPE
        SYNTAX	 INTEGER {
               noOperator(1), 
               lt(2), 
               gt(3),
               eq(4), 
               neq(5), 
               range(6) 
        }
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "noOperator(1), which is the default value, means that no
             comparison is to be made with the Source TCP/UDP port
             number.
             lt(2) means less than.
             gt(3) means greater than.
             eq(4) means equal. 
             neq(5) means not equal." 
        ::= { fsAceExtEntry 28 }

fsAceExtSourceProtocolPortRange OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "The ending value of source protocol port in IP packet of Ace flow definition. It is 
             significative only to those protocol which support this field. The fsAceExtSourcePortOp
             must set to range(6)."
        ::= { fsAceExtEntry 29 }

fsAceExtDestPortOp OBJECT-TYPE
        SYNTAX	 INTEGER {
               noOperator(1), 
               lt(2), 
               gt(3),
               eq(4), 
               neq(5), 
               range(6) 
        }
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "noOperator(1), which is the default value, means that no
             comparison is to be made with the Dest TCP/UDP port
             number.
             lt(2) means less than.
             gt(3) means greater than.
             eq(4) means equal. 
             neq(5) means not equal." 
        ::= { fsAceExtEntry 30 }

fsAceExtDestProtocolPortRange OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "The ending value of dest protocol port in IP packet of Ace flow definition. It is 
             significative only to those protocol which support this field. The fsAceExtSourcePortOp
             must set to range(6)."
        ::= { fsAceExtEntry 31 }

fsAceExtIfAnyCos OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Cos will not be checked if this value is true."
        DEFVAL{ true }
        ::= { fsAceExtEntry 32 }
   
fsAceExtCos OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Cos of Ace flow definition."
        ::= { fsAceExtEntry 33 }

fsAceExtIfAnyIpPrec OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Ip precedence will not be checked if this value is true."
        DEFVAL{ true }
        ::= { fsAceExtEntry 34 }
   
fsAceExtIpPrec OBJECT-TYPE
        SYNTAX Integer32 
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Ip precedence of Ace flow definition."
        ::= { fsAceExtEntry 35 }

fsAceExtIfAnyDscp OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Dscp will not be checked if this value is true."
        DEFVAL{ true }
        ::= { fsAceExtEntry 36 }
   
fsAceExtDscp OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Dscp of Ace flow definition."
        ::= { fsAceExtEntry 37 }

fsAceExtIfAnyTcpFlag OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Tcp flag will not be checked if this value is true."
        DEFVAL{ true }
        ::= { fsAceExtEntry 38 }
   
fsAceExtTcpFlag OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Tcp flag of Ace flow definition."
        ::= { fsAceExtEntry 39 }
        
fsAceExtIfAnySourceMacAddrWildCard OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Source mac address wildcard of class will not be checked if this value is true."
        DEFVAL{ true }
        ::= { fsAceExtEntry 40 }
                
fsAceExtSourceMacAddrWildCard OBJECT-TYPE
        SYNTAX MacAddress
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Sourece Mac address wildcard of Ace flow definition."
        ::= { fsAceExtEntry 41 }                

fsAceExtIfAnyDestMacAddrWildCard OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Dest mac address wildcard of class will not be checked if this value is true."
        DEFVAL{ true }
        ::= { fsAceExtEntry 42 }
                
fsAceExtDestMacAddrWildCard OBJECT-TYPE
        SYNTAX MacAddress
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Dest Mac address wildcard of Ace flow definition."
        ::= { fsAceExtEntry 43 }                

fsAceExtIfAnySourceIp6 OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Source Ipv6 address of class will not be checked if this value is true."
        DEFVAL{ true }
        ::= { fsAceExtEntry 44 }
            
fsAceExtSourceIp6 OBJECT-TYPE
        SYNTAX OCTET STRING (SIZE (16))
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Sourece ipv6 address of Ace flow definition."
        ::= { fsAceExtEntry 45 }

fsAceExtIfAnySourceIp6WildCard OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Source Ipv6 address wild card of class will not be checked if this value is true."
        DEFVAL{ true }
        ::= { fsAceExtEntry 46 }
                
fsAceExtSourceIp6WildCard OBJECT-TYPE
        SYNTAX OCTET STRING (SIZE (16))
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Sourece ipv6 address wild card(in reverse ip address mask)of Ace flow definition."
        ::= { fsAceExtEntry 47 }        

fsAceExtIfAnyDestIp6 OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Dest Ipv6 address of class will not be checked if this value is true."
        DEFVAL{ true }
        ::= { fsAceExtEntry 48 }
            
fsAceExtDestIp6 OBJECT-TYPE
        SYNTAX OCTET STRING (SIZE (16))
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Dest ipv6 address of Ace flow definition."
        ::= { fsAceExtEntry 49 }

fsAceExtIfAnyDestIp6WildCard OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Dest Ipv6 address wild card of class will not be checked if this value is true."
        DEFVAL{ true }
        ::= { fsAceExtEntry 50 }
                
fsAceExtDestIp6WildCard OBJECT-TYPE
        SYNTAX OCTET STRING (SIZE (16))
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Dest ipv6 address wild card(in reverse ip address mask)of Ace flow definition."
        ::= { fsAceExtEntry 51 }        

-- conformance information

fsAclMIBConformance OBJECT IDENTIFIER ::= { fsAclMIB 2 }
fsAclMIBCompliances OBJECT IDENTIFIER ::= { fsAclMIBConformance 1 }
fsAclMIBGroups      OBJECT IDENTIFIER ::= { fsAclMIBConformance 2 }


-- compliance statements

fsAclMIBCompliance MODULE-COMPLIANCE
        STATUS  current
        DESCRIPTION
                "The compliance statement for entities which implement
                the FS Acl MIB"
        MODULE  -- this module
                MANDATORY-GROUPS { fsAclMIBGroup }
        ::= { fsAclMIBCompliances 1 }
        
        
-- units of conformance

fsAclMIBGroup OBJECT-GROUP
        OBJECTS {
                fsAclName,
                fsAclMode,
                fsAclEntryStatus,
        
                fsAceExtAclName,
                fsAceExtIndex,
                fsAceExtIfAnyVID,
                fsAceExtVID,
                fsAceExtIfAnySourceIp,
                fsAceExtSourceIp,
                fsAceExtIfAnySourceWildCard,
                fsAceExtSourceWildCard,
                fsAceExtIfAnySourceMacAddr,
                fsAceExtSourceMacAddr,
                fsAceExtIfAnyDestIp,
                fsAceExtDestIp,
                fsAceExtIfAnyDestWildCard,
                fsAceExtDestIpWildCard,
                fsAceExtIfAnyDestMacAddr,
                fsAceExtDestMacAddr,
                fsAceExtIfAnyEtherLikeType,
                fsAceExtEtherLikeType,
                fsAceExtIfAnyIpProtocolField,
                fsAceExtIpProtocolField,
                fsAceExtSourceProtocolPort,
                fsAceExtDestProtocolPort,
                fsAceExtProtocolType,
                fsAceExtProtocolType,
                fsAceExtFlowAction,
                fsAceExtEntryStauts,
                fsAceExtTimeRangeName,
                fsAceExtSourcePortOp,
                fsAceExtSourceProtocolPortRange,
             --   fsAceExtIfAnySourceProtocolPort,
                fsAceExtDestPortOp,
                fsAceExtDestProtocolPortRange,
             --   fsAceExtIfAnyDestProtocolPort,
                fsAceExtIfAnyCos,
                fsAceExtCos,
                fsAceExtIfAnyIpPrec,
                fsAceExtIpPrec,
                fsAceExtIfAnyDscp,
                fsAceExtDscp,
                fsAceExtIfAnyTcpFlag,
                fsAceExtTcpFlag,
                fsAceExtIfAnySourceMacAddrWildCard,
                fsAceExtSourceMacAddrWildCard,
                fsAceExtIfAnyDestMacAddrWildCard,
                fsAceExtDestMacAddrWildCard,
                fsAceExtIfAnySourceIp6,
                fsAceExtSourceIp6,
                fsAceExtIfAnySourceIp6WildCard,
                fsAceExtSourceIp6WildCard,
                fsAceExtIfAnyDestIp6,
                fsAceExtDestIp6,
                fsAceExtIfAnyDestIp6WildCard,
                fsAceExtDestIp6WildCard,
                fsAclIfIndex,
                fsAclIfMaxEntryNum,
                fsAclIfCurruntEntryNum,
                fsIfInAclName,
                fsIfOutAclName
        }
        STATUS  current
        DESCRIPTION
                "A collection of objects providing acl (echo) ability to a
                FS agent."
        ::= { fsAclMIBGroups 1 }        
        
END
