HM2-PLATFORM-QOS-ACL-MIB DEFINITIONS ::= BEGIN

-- 
-- ***********************************************************
-- Hirschmann Platform ACL MIB
-- ***********************************************************
--

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, OBJECT-IDENTITY,
    IpAddress, Integer32, 
	Unsigned32, Counter64, Gauge32          
                                         FROM SNMPv2-SMI
    TEXTUAL-CONVENTION, RowStatus, 
	MacAddress, TruthValue, 
	DisplayString, TimeStamp      
                                         FROM SNMPv2-TC

    InterfaceIndexOrZero                 FROM IF-MIB
    hm2PlatformQoS                       FROM HM2-PLATFORM-QOS-MIB
    HmEnabledStatus						 FROM HM2-TC-MIB;
                
hm2PlatformQosAcl MODULE-IDENTITY
    LAST-UPDATED "201212200000Z"
    ORGANIZATION "Hirschmann Automation and Control GmbH"
    CONTACT-INFO
        "Postal:     Stuttgarter Str. 45-51
                     72654 Neckartenzlingen
                     Germany
         Phone:      +49 7127 140
         E-mail:     hac.support@belden.com"
    DESCRIPTION 
        "The Hirschmann Platform2 MIB for Access Control Lists (ACL).
		 Copyright (C) 2012. All Rights Reserved."
    REVISION    "201212200000Z"
    DESCRIPTION 
        "Added new rule hit trap to allow sending of SNMPv1 traps."    
    REVISION    "201205020000Z"
    DESCRIPTION 
        "Updated with new prefix. Updated value ranges to work with configmgr."    
    REVISION    "201106120000Z"
    DESCRIPTION 
        "Initial version."

    ::= { hm2PlatformQoS 2  }


EtypeValue ::= TEXTUAL-CONVENTION
    DISPLAY-HINT "x"
    STATUS   current
    DESCRIPTION
       "Ethertype value of a packet.  The allowed value is 0x0600 to 0xFFFF.
       A value of 0 indicates, that this field is not used."
    SYNTAX   Unsigned32 (0..65535)   -- hex value 0x0600 to 0xFFFF
    
Ipv6AddressPrefix ::= TEXTUAL-CONVENTION
    DISPLAY-HINT "2x:"
    STATUS       current
    DESCRIPTION
        "This data type is used to model IPv6 address prefixes. This is a binary 
        string of up to 16 octets in network byte order."
    SYNTAX       OCTET STRING (SIZE (0..16))     

AclBurstSize ::= TEXTUAL-CONVENTION
    DISPLAY-HINT "d"
    STATUS   current
    DESCRIPTION
       "The number of kilobytes (Kbytes) in a packet that may be sent in a
       traffic stream without regard for other traffic streams."
    SYNTAX   Unsigned32 (0|1..128)

Hm2PortOperator ::= TEXTUAL-CONVENTION
    STATUS  current
    DESCRIPTION
       "The operator of a source/destination tcp/udp port for ip acl classes."
    SYNTAX  INTEGER
                {
         		eq(0),
         		neq(1),
         		lt(2),
         		gt(3)
                }

--**************************************************************************************
    
    hm2AgentAclNamedIpv4IndexNextFree OBJECT-TYPE
         SYNTAX       Integer32
         MAX-ACCESS   read-only
         STATUS       current
         DESCRIPTION
                     "This object contains an unused value for the hm2AgentAclIndex
                      to be used when creating a new named IPv4 ACL.  A value of zero
                      indicates the ACL table is full.
                      For MSP devices the IPv4 ACL indexes start with 1000."
    ::= { hm2PlatformQosAcl 14 }

    --**************************************************************************************
    
    hm2AgentAclTable OBJECT-TYPE
         SYNTAX      SEQUENCE OF Hm2AgentAclEntry
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION 
                     "A table of ACL instances."
         ::= { hm2PlatformQosAcl 1 }

    hm2AgentAclEntry OBJECT-TYPE
         SYNTAX      Hm2AgentAclEntry
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION 
                     "An ACL instance table entry."
         INDEX       { hm2AgentAclIndex }
         ::= { hm2AgentAclTable 1 }
         
    Hm2AgentAclEntry ::= SEQUENCE {         
           hm2AgentAclIndex
               Integer32,
           hm2AgentAclStatus
               RowStatus,
           hm2AgentAclName
               DisplayString,
           hm2AgentAclStatsAction
           	   INTEGER
           }
    
    hm2AgentAclIndex OBJECT-TYPE
         SYNTAX      Integer32 (0..2147483647)
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION
                     "The IP ACL table index this instance is associated with.
                      For MSP devices the IPv4 ACL indexes start with 1000."
         ::= { hm2AgentAclEntry 1 }
         
    hm2AgentAclStatus OBJECT-TYPE
         SYNTAX      RowStatus
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "Status of this instance.  Entries can not be deleted until all rows in 
                     the hm2AgentAclIfTable and hm2AgentAclRuleTable with corresponding values of hm2AgentAclIndex 
                     have been deleted.
                     
                     active(1)      - this ACL instance is active
                     createAndGo(4) - set to this value to create an instance
                     destroy(6)     - set to this value to delete an instance"
         ::= { hm2AgentAclEntry 2 }
    
    hm2AgentAclName OBJECT-TYPE
         SYNTAX      DisplayString (SIZE(1..31))
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The name of this IPv4 ACL entry, which must consist of
                      1 to 31 alphanumeric characters and uniquely identify
                      this IPv4 ACL. An existing IPv4 ACL can be renamed by
                      setting this object to a new name.

                      This object must be set to complete a new IPv4 ACL 
                      row instance."
         ::= { hm2AgentAclEntry 3 }
    
    hm2AgentAclStatsAction OBJECT-TYPE
         SYNTAX      INTEGER
         	 	 	 {
    					other(1),
    					flushAclHitCount(2)
         	 	 	 }
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                    "Setting the object to 'flushAclHitCount(2)' will reset hit counter statistics for all rules in this ACL.
                     Reading the object always returns 'other'."
         ::= { hm2AgentAclEntry 248 }

    --**************************************************************************************
    
    hm2AgentAclIfTable OBJECT-TYPE
         SYNTAX      SEQUENCE OF Hm2AgentAclIfEntry
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION 
                     "A table of ACL interface instances per direction."
         ::= { hm2PlatformQosAcl 8 }

    hm2AgentAclIfEntry OBJECT-TYPE
         SYNTAX      Hm2AgentAclIfEntry
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION 
                     "An ACL interface instance entry."
         INDEX       { hm2AgentAclIfIndex, hm2AgentAclIfDirection, hm2AgentAclIfSequence, hm2AgentAclIfAclType, hm2AgentAclIfAclId  }
         ::= { hm2AgentAclIfTable 1 }
         
    Hm2AgentAclIfEntry ::= SEQUENCE {         
           hm2AgentAclIfIndex
               Integer32,
           hm2AgentAclIfDirection
               INTEGER,
           hm2AgentAclIfSequence
               Unsigned32,
           hm2AgentAclIfAclType
               INTEGER,
           hm2AgentAclIfAclId
               Integer32,
           hm2AgentAclIfStatus
               RowStatus
           }
    
    hm2AgentAclIfIndex OBJECT-TYPE
         SYNTAX      Integer32 (0..2147483647)
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION
                     "The interface index to which this ACL instance applies."
         ::= { hm2AgentAclIfEntry 1 }
         
    hm2AgentAclIfDirection OBJECT-TYPE
         SYNTAX      INTEGER {
                      inbound(1),
                      outbound(2)
                     }
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION
                     "The interface direction to which this ACL instance applies."
         ::= { hm2AgentAclIfEntry 2 }
         
    hm2AgentAclIfSequence OBJECT-TYPE
         SYNTAX      Unsigned32 (1..4294967295)
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION
                     "The relative evaluation sequence of this ACL for this
                      interface and direction.  When multiple ACLs are allowed 
                      for a given interface and direction, the sequence number 
                      determines the order in which the list of ACLs are evaluated,
                      with lower sequence numbers given higher precedence.  The
                      sequence number value is arbitrary, but must be a unique
                      non-zero value for a given interface and direction.
                       
                      Setting this object to an existing sequence number 
                      value for a given interface and direction causes the 
                      ACL corresponding to that value to be replaced with
                      this ACL."
         ::= { hm2AgentAclIfEntry 3 }
         
    hm2AgentAclIfAclType OBJECT-TYPE
         SYNTAX      INTEGER {
                      ip(1),
                      mac(2),
                      ipv6(3)
                     }
         MAX-ACCESS  accessible-for-notify
         STATUS      current
         DESCRIPTION
                     "The type of this ACL, which is used to interpret the 
                      hm2AgentAclIfId object value.  Each type of ACL uses its own
                      numbering scheme for identification (see hm2AgentAclIfAclId object
                      for details).

                      The hm2AgentAclIfAclId object must be specified along with this 
                      object."
         ::= { hm2AgentAclIfEntry 4 }
         
    hm2AgentAclIfAclId OBJECT-TYPE
         SYNTAX      Integer32 (0..2147483647)
         MAX-ACCESS  accessible-for-notify
         STATUS      current
         DESCRIPTION
                     "The ACL identifier value, which is interpreted based on
                      the hm2AgentAclIfType object.

                      For the IP ACLs, the actual ACL number is its identifier
                      as follows:  IP standard ranges from 1-99, while 
                      IP extended ranges from 100-199. Here, hm2AgentAclIfAclId represents 
                      hm2AgentAclIndex. 

                      The MAC ACLs use an internally generated index value
                      that is assigned when the ACL is created. Here, hm2AgentAclIfAclId 
                      represents hm2AgentAclMacIndex.

                      The IPv6 ACLs use an internally generated index value
                      that is assigned when the ACL is created. Here, hm2AgentAclVlanAclId 
                      represents hm2AgentAclIpv6Index.  

                      The hm2AgentAclIfType object must be specified along with
                      this object."
         ::= { hm2AgentAclIfEntry 5 }
         
    hm2AgentAclIfStatus OBJECT-TYPE
         SYNTAX      RowStatus
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "Status of this instance.
                     
                     active(1)      - this ACL interface instance is active
                     createAndGo(4) - set to this value to assign an ACL to an interface and direction
                     destroy(6)     - set to this value to remove an ACL from an interface and direction"
         ::= { hm2AgentAclIfEntry 6 }


    --**************************************************************************************
    -- Layer 3 IP Access List Rules
    --
    --**************************************************************************************
    
    hm2AgentAclRuleTable OBJECT-TYPE
         SYNTAX      SEQUENCE OF Hm2AgentAclRuleEntry
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION 
                     "A table of IP ACL rule instances."
         ::= { hm2PlatformQosAcl 4 }

    hm2AgentAclRuleEntry OBJECT-TYPE
         SYNTAX      Hm2AgentAclRuleEntry
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION 
                     "A table of IP ACL Classification Rules"
         INDEX       { hm2AgentAclIndex, hm2AgentAclRuleIndex }
         ::= { hm2AgentAclRuleTable 1 }
         
    Hm2AgentAclRuleEntry ::= SEQUENCE {         
           hm2AgentAclRuleIndex
               Integer32,
           hm2AgentAclRuleAction
               INTEGER,
           hm2AgentAclRuleProtocol
               Integer32,
           hm2AgentAclRuleSrcIpAddress
               IpAddress,
           hm2AgentAclRuleSrcIpMask
               IpAddress,
           hm2AgentAclRuleSrcL4Port
               Integer32,
           hm2AgentAclRuleSrcL4PortRangeStart
               Integer32,
           hm2AgentAclRuleSrcL4PortRangeEnd
               Integer32,
           hm2AgentAclRuleDestIpAddress
               IpAddress,
           hm2AgentAclRuleDestIpMask
               IpAddress,
           hm2AgentAclRuleDestL4Port
               Integer32,
           hm2AgentAclRuleDestL4PortRangeStart
               Integer32,
           hm2AgentAclRuleDestL4PortRangeEnd
               Integer32,
           hm2AgentAclRuleIPDSCP
               Integer32,
           hm2AgentAclRuleIpPrecedence
               Integer32,
           hm2AgentAclRuleIpTosBits
               Integer32,
           hm2AgentAclRuleIpTosMask
               Integer32,
           hm2AgentAclRuleStatus
               RowStatus,
           hm2AgentAclRuleAssignQueueId
               Unsigned32,
           hm2AgentAclRuleRedirectIntf
               InterfaceIndexOrZero,
           hm2AgentAclRuleMatchEvery
              TruthValue,
           hm2AgentAclRuleMirrorIntf
               InterfaceIndexOrZero,
           hm2AgentAclRuleLogging
             TruthValue,
           hm2AgentAclRuleTimeRangeName
               DisplayString,
           hm2AgentAclRuleTimeRangeStatus
               INTEGER,
		   hm2AgentAclRuleRedirectExtAgentId
		   	   Unsigned32,
           hm2AgentAclRuleIcmpType
               Integer32,
           hm2AgentAclRuleIcmpCode
               Integer32,
           hm2AgentAclRuleIgmpType
               Integer32,
           hm2AgentAclRuleEstablished
               TruthValue,
           hm2AgentAclRuleFragments
               TruthValue,
           hm2AgentAclRuleIndexNextFree
               Integer32,               
           hm2AgentAclRuleRateLimitCrateUnit
		   	   INTEGER,
           hm2AgentAclRuleRateLimitCrate
               Unsigned32,
           hm2AgentAclRuleRateLimitCburst
               AclBurstSize,
           hm2AgentAclRuleStatsAction
               INTEGER,               
           hm2AgentAclRuleHitCount
               Counter64,
           hm2AgentAclRuleHitCountDiscontinuityTime
               TimeStamp,
          hm2AgentAclRuleTcpFlagBits
               Integer32,
           hm2AgentAclRuleTcpFlagMask
               Integer32,
          hm2AgentAclRuleSrcL4PortOperator
                   Hm2PortOperator,
          hm2AgentAclRuleDstL4PortOperator
           	   Hm2PortOperator
           }
    
    hm2AgentAclRuleIndex OBJECT-TYPE
         SYNTAX      Integer32 (0..2147483647)
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION
                     "The index of this rule instance within an IP ACL."
         ::= { hm2AgentAclRuleEntry 1 }
         
    hm2AgentAclRuleAction OBJECT-TYPE
         SYNTAX      INTEGER {
                      permit(1),
                      deny(2)
                      }
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The type of action this rule should perform."
         DEFVAL { deny }
         ::= { hm2AgentAclRuleEntry 2 }
         
    hm2AgentAclRuleProtocol OBJECT-TYPE
         SYNTAX      Integer32 (-1 | 0..255)
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "icmp - 1
                      igmp - 2
                      ip-in-ip - 4
                      tcp - 6
                      udp - 17
                      ip - 255 (ip all)
                      All values from 1 to 255 are valid. 0 disables this match
                      criteria."
         ::= { hm2AgentAclRuleEntry 3 }
           
    hm2AgentAclRuleSrcIpAddress OBJECT-TYPE
         SYNTAX      IpAddress
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The source IP address used in the ACL classification."
         ::= { hm2AgentAclRuleEntry 4 }

    hm2AgentAclRuleSrcIpMask OBJECT-TYPE
         SYNTAX      IpAddress
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The Source IP mask used in the ACL classification.
         This mask is expressed using wild-card notation, which
         is the 1's compliment of traditional subnet masks.
         Here, the 'don't care bits' are represented by binary 1's and 
         'do care bits' are represented by binary 0's."
         ::= { hm2AgentAclRuleEntry 5 }


    hm2AgentAclRuleSrcL4Port OBJECT-TYPE
         SYNTAX      Integer32
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The source port number (Layer 4) used in the ACL classification.
                     A value of -1 disables this criteria."                     
         ::= { hm2AgentAclRuleEntry 6 }

    hm2AgentAclRuleSrcL4PortRangeStart OBJECT-TYPE
         SYNTAX      Integer32
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The source port number(Layer 4) range start."
         ::= { hm2AgentAclRuleEntry 7 }

    hm2AgentAclRuleSrcL4PortRangeEnd OBJECT-TYPE
         SYNTAX      Integer32
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The source port number(Layer 4) range end."
         ::= { hm2AgentAclRuleEntry 8 }

    hm2AgentAclRuleDestIpAddress OBJECT-TYPE
         SYNTAX      IpAddress
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The destination IP address used in the ACL classification."
         ::= { hm2AgentAclRuleEntry 9 }

    hm2AgentAclRuleDestIpMask OBJECT-TYPE
         SYNTAX      IpAddress
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The destination IP mask used in the ACL classification.
         This mask is expressed using wild-card notation, which
         is  the 1's compliment of traditional subnet masks.
         Here, the 'don't care bits' are represented by binary 1's and 
         'do care bits' are represented by binary 0's. "
         ::= { hm2AgentAclRuleEntry 10 }

    hm2AgentAclRuleDestL4Port OBJECT-TYPE
         SYNTAX      Integer32
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The destination port number(Layer 4) used in ACl classification."
         ::= { hm2AgentAclRuleEntry 11 }

    hm2AgentAclRuleDestL4PortRangeStart OBJECT-TYPE
         SYNTAX      Integer32
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The destination port number(Layer 4) starting range used in ACL classification."
         ::= { hm2AgentAclRuleEntry 12 }

    hm2AgentAclRuleDestL4PortRangeEnd OBJECT-TYPE
         SYNTAX      Integer32
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The destination port number(Layer 4) ending range used in ACL classification."
         ::= { hm2AgentAclRuleEntry 13 }

    hm2AgentAclRuleIPDSCP OBJECT-TYPE
         SYNTAX      Integer32
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The Differentiated Services Code Point value.
                     A value of -1 indicates that this field is not used."
         ::= { hm2AgentAclRuleEntry 14 }

    hm2AgentAclRuleIpPrecedence OBJECT-TYPE
         SYNTAX      Integer32
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The type of service (TOS) IP precedence value.
                     A value of -1 indicates that this field is not used."
         ::= { hm2AgentAclRuleEntry 15 }

    hm2AgentAclRuleIpTosBits OBJECT-TYPE
         SYNTAX      Integer32
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The type of service (TOS) bits value."
         ::= { hm2AgentAclRuleEntry 16 }

    hm2AgentAclRuleIpTosMask OBJECT-TYPE
         SYNTAX      Integer32
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The type of service (TOS) mask value."
         ::= { hm2AgentAclRuleEntry 17 }

    hm2AgentAclRuleStatus OBJECT-TYPE
         SYNTAX      RowStatus
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "Status of this instance.
                     
                     active(1)      - this ACL rule is active
                     createAndGo(4) - set to this value to create an instance
                     destroy(6)     - set to this value to delete an instance"
         ::= { hm2AgentAclRuleEntry 18 }

    hm2AgentAclRuleAssignQueueId OBJECT-TYPE
         SYNTAX      Unsigned32 (0..7 | 4294967295)
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "Queue identifier to which all inbound packets matching this 
                      ACL rule are directed.  This object defaults to the standard
                      queue assignment for user priority 0 traffic per the IEEE 802.1D
                      specification based on the number of assignable queues in the 
                      system:
                         1-3 queues:  0
                         4-7 queues:  1
                           8 queues:  2
                      This default assignment is static and is not influenced by
                      other system configuration changes.
                      A value of 4294967295 indicates that this field is not used"
         ::= { hm2AgentAclRuleEntry 19 }
         
    hm2AgentAclRuleRedirectIntf OBJECT-TYPE
         SYNTAX      InterfaceIndexOrZero
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "A non-zero value indicates the external ifIndex to which all 
                      inbound packets matching this ACL rule are directed.  A 
                      value of zero means packet redirection is not in effect, which
                      is the default value of this object.  Note that packet
		      redirection and mirroring (hm2AgentAclRuleMirrorIntf object)
		      are mutually exclusive rule attributes."
         DEFVAL { 0 }
         ::= { hm2AgentAclRuleEntry 20 }
         
    hm2AgentAclRuleMatchEvery OBJECT-TYPE
         SYNTAX      TruthValue
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "Flag to indicate that the ACL rule is defined to match on every IP packet, 
                      regardless of content."
                      DEFVAL { false }             
         ::= { hm2AgentAclRuleEntry 21 }
         
    hm2AgentAclRuleMirrorIntf OBJECT-TYPE
         SYNTAX      InterfaceIndexOrZero
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "A non-zero value indicates the external ifIndex to which all 
                      inbound packets matching this ACL rule are copied.  A 
                      value of zero means packet mirroring is not in effect, which
                      is the default value of this object.  Note that packet
		      mirroring and redirection (hm2AgentAclRuleRedirectIntf object)
		      are mutually exclusive rule attributes."
         DEFVAL { 0 }
         ::= { hm2AgentAclRuleEntry 22 }
         
    hm2AgentAclRuleLogging OBJECT-TYPE
         SYNTAX      TruthValue
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "Flag to indicate that the ACL rule is being logged. 
                      A hardware count of the number of packets that match this rule
                      is reported via the hm2AgentAclTrapRuleLogEvent notification.

                      This object may be supported for a hm2AgentAclRuleAction 
		      setting of permit(1) and/or deny(2), depending on the
		      ACL feature capabilities of the device."
         ::= { hm2AgentAclRuleEntry 23 }     

    hm2AgentAclRuleTimeRangeName OBJECT-TYPE
         SYNTAX      DisplayString (SIZE(0..31))
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "Name of the time range, that the ACL rule 
                      has referenced. It has to start with a character and shall consist of
                      0 to 31 alphanumeric characters."
         ::= { hm2AgentAclRuleEntry 24 }

    hm2AgentAclRuleTimeRangeStatus OBJECT-TYPE
         SYNTAX      INTEGER {
                     inactive(1),
                     active(2)
                     }
         MAX-ACCESS  read-only
         STATUS      current
         DESCRIPTION
                     "Flag that indicates the ACL rule status.
                      If the status is active, it implies that the ACL rule is in effect.
                      If the status is inactive, it implies that the ACL rule is not in effect."
         ::= { hm2AgentAclRuleEntry 25 }
         
    hm2AgentAclRuleRedirectExtAgentId OBJECT-TYPE
         SYNTAX      Unsigned32 (0|1..100)
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "A non-zero value indicates the external control plane application 
                      agentId to which all inbound packets matching this ACL rule 
                      are directed.  A value of zero means redirection is not in 
                      effect, which is the default value of this object. Note that 
                      this action is mutually exclusive with redirect to 
                      interface(aclRuleRedirectIntf object) and mirroring 
                      (aclRuleMirrorIntf object) rule attributes."
         DEFVAL { 0 }
         ::= { hm2AgentAclRuleEntry 28 }
         
    hm2AgentAclRuleIcmpType OBJECT-TYPE
        SYNTAX      Integer32 (-1|0..255)
        MAX-ACCESS  read-create 
        STATUS      current
        DESCRIPTION
                   "ACL rule matches on the specified ICMP type. All values 
                   from 0 to 255 are valid. A value of -1 indicates that this field is not used."
        ::= { hm2AgentAclRuleEntry 29 }

    hm2AgentAclRuleIcmpCode OBJECT-TYPE
        SYNTAX      Integer32 (-1|0..255)
        MAX-ACCESS  read-create 
        STATUS      current
        DESCRIPTION
                    "ACL rule matches on the specified ICMP code. All values
                    from 0 to 255 are valid. A value of -1 indicates that this field is not used."
         ::= { hm2AgentAclRuleEntry 30}

    hm2AgentAclRuleIgmpType OBJECT-TYPE
         SYNTAX      Integer32 (0|1..255)
         MAX-ACCESS  read-create 
         STATUS      current
         DESCRIPTION
                     "ACL rule matches on the specified IGMP type. All values
                      from 1 to 255 are valid."
         ::= { hm2AgentAclRuleEntry 31 }

    hm2AgentAclRuleEstablished OBJECT-TYPE
         SYNTAX      TruthValue
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "Flag to indicate the ACL rule to match on TCP packets that 
                     has either RST or ACK bits set in the TCP header" 
         ::= { hm2AgentAclRuleEntry 32}

    hm2AgentAclRuleFragments OBJECT-TYPE
         SYNTAX      TruthValue
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "Flag to indicate the ACL rule to match if the packet is fragmented"
         ::= { hm2AgentAclRuleEntry 33}
                
	hm2AgentAclRuleIndexNextFree OBJECT-TYPE
         SYNTAX       Integer32
         MAX-ACCESS   read-only
         STATUS       current
         DESCRIPTION
                     "This object contains an unused value for the hm2AgentAclRuleIndex
                      to be used when creating a new named IPv4 ACL. A value of
                      zero indicates the ACL rule table is full."
         ::= { hm2AgentAclRuleEntry 248 }
              
	hm2AgentAclRuleRateLimitCrateUnit OBJECT-TYPE
	    SYNTAX       INTEGER {
	                 pps(1),
	                 kbps(2)
	                 }
		MAX-ACCESS   read-create
	    STATUS       current
	    DESCRIPTION
	                "The unit of the aclRuleRateLimitCrate.
	                 Can be either packets per second (pps)
	                 or kilobits per second (kbps)."
	    DEFVAL      { kbps }
	    ::= {hm2AgentAclRuleEntry 249 }
	
	hm2AgentAclRuleRateLimitCrate OBJECT-TYPE
         SYNTAX      Unsigned32 (0..10000000)
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "Committed rate attribute statement value, specified in kbps.
                     Value 0 disables this match criteria."
         DEFVAL { 0 }
         ::= { hm2AgentAclRuleEntry 250 }         
         
    hm2AgentAclRuleRateLimitCburst OBJECT-TYPE
         SYNTAX      AclBurstSize
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "Committed burst size attribute statement value, specified in kbytes.
                     Value 0 disables this match criteria."
         DEFVAL { 0 }
         ::= { hm2AgentAclRuleEntry 251 }

    hm2AgentAclRuleStatsAction OBJECT-TYPE
		SYNTAX       INTEGER {
					 other(1),
					 flushRuleHitCount(2)
					 }
		MAX-ACCESS   read-create
		STATUS       current
		DESCRIPTION
					"Setting the object to 'flushRuleHitCount(2)' will reset hit counter statistics.
					 Reading the object always returns 'other'."
		::= {hm2AgentAclRuleEntry 252 }
     	    
    hm2AgentAclRuleHitCount OBJECT-TYPE
         SYNTAX      Counter64
         MAX-ACCESS  read-only
         STATUS      current
         DESCRIPTION
                     "Number of packets that matched the ACL rule."
         ::= { hm2AgentAclRuleEntry 253 }

    hm2AgentAclRuleHitCountDiscontinuityTime OBJECT-TYPE
        SYNTAX      TimeStamp
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
                "The value of sysUpTime on the most recent occasion at which
                any one or more of this rule's counters suffered a discontinuity.
                If no such discontinuities have occurred since the last re-
                initialization of the local management subsystem, then this
                object contains a zero value."
        ::= { hm2AgentAclRuleEntry 254 }
        
     hm2AgentAclRuleTcpFlagBits OBJECT-TYPE
         SYNTAX      Integer32
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The TCP flag value."
         ::= { hm2AgentAclRuleEntry 255 }

    hm2AgentAclRuleTcpFlagMask OBJECT-TYPE
         SYNTAX      Integer32
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The TCP flag mask value."
         ::= { hm2AgentAclRuleEntry 256 }
         
    hm2AgentAclRuleSrcL4PortOperator OBJECT-TYPE
         SYNTAX      Hm2PortOperator	
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The operator for the source port."
         DEFVAL { eq }   
         ::= { hm2AgentAclRuleEntry 257 }     
     
    hm2AgentAclRuleDstL4PortOperator OBJECT-TYPE
         SYNTAX      Hm2PortOperator
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The operator for the destination port."
         DEFVAL { eq }   
         ::= { hm2AgentAclRuleEntry 258 }
--**************************************************************************************
    -- Layer 2 MAC Access Lists
    --
    --**************************************************************************************
    
    hm2AgentAclMacIndexNextFree OBJECT-TYPE
         SYNTAX       Integer32
         MAX-ACCESS   read-only
         STATUS       current
         DESCRIPTION
                     "This object contains an unused value for the hm2AgentAclMacIndex
                      to be used when creating a new MAC ACL.  A value of zero
                      indicates the ACL table is full.
                      For MSP devices the MAC ACL indexes start with 10000."
    ::= { hm2PlatformQosAcl 5 }

    --**************************************************************************************

    hm2AgentAclMacTable OBJECT-TYPE
         SYNTAX      SEQUENCE OF Hm2AgentAclMacEntry
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION 
                     "A table of MAC ACL instances."
         ::= { hm2PlatformQosAcl 6 }

    hm2AgentAclMacEntry OBJECT-TYPE
         SYNTAX      Hm2AgentAclMacEntry
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION 
                     "An ACL MAC instance table entry."
         INDEX       { hm2AgentAclMacIndex }
         ::= { hm2AgentAclMacTable 1 }
         
    Hm2AgentAclMacEntry ::= SEQUENCE {         
           hm2AgentAclMacIndex
               Integer32,
           hm2AgentAclMacName
               DisplayString,
           hm2AgentAclMacStatus
               RowStatus,
		   hm2AgentAclMacStatsAction
               INTEGER               
           }
    
    hm2AgentAclMacIndex OBJECT-TYPE
         SYNTAX      Integer32 (0..2147483647)
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION
                     "The MAC ACL table index this instance is associated with.
                      When creating a new MAC ACL, refer to the hm2AgentAclMacIndexNextFree
                      object to determine the next available hm2AgentAclMacIndex to use.
                      For MSP devices the MAC ACL indexes start with 10000."
         ::= { hm2AgentAclMacEntry 1 }
         
    hm2AgentAclMacName OBJECT-TYPE
         SYNTAX      DisplayString (SIZE(1..31))
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The name of this MAC ACL entry, which must consist of
                      1 to 31 alphanumeric characters and uniquely identify
                      this MAC ACL.  An existing MAC ACL can be renamed by
                      setting this object to a new name.

                      This object must be set to complete a new MAC ACL 
                      row instance."
         ::= { hm2AgentAclMacEntry 2 }
    
    hm2AgentAclMacStatus OBJECT-TYPE
         SYNTAX      RowStatus
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "Status of this instance.  ACL MAC entries can not be deleted until all rows in 
                     the hm2AgentAclIfTable and hm2AgentAclRuleTable with corresponding values of hm2AgentAclMacIndex 
                     have been deleted.
                     
                     active(1)      - this ACL instance is active
                     createAndGo(4) - set to this value to create an instance
                     destroy(6)     - set to this value to delete an instance

                     The hm2AgentAclMacName object must be set to complete this row instance."
         ::= { hm2AgentAclMacEntry 3 }

    hm2AgentAclMacStatsAction OBJECT-TYPE
         SYNTAX      INTEGER
         	 	 	 {
    					other(1),
    					flushAclHitCount(2)
         	 	 	 }
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
					"Setting the object to 'flushAclHitCount(2)' will reset hit counter statistics for the rules in this ACL.
					 Reading the object always returns 'other'."
         ::= { hm2AgentAclMacEntry 248 }

    --**************************************************************************************
    
    hm2AgentAclMacRuleTable OBJECT-TYPE
         SYNTAX      SEQUENCE OF Hm2AgentAclMacRuleEntry
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION 
                     "A table of layer 2 MAC ACL rule instances."
         ::= { hm2PlatformQosAcl 7 }

    hm2AgentAclMacRuleEntry OBJECT-TYPE
         SYNTAX      Hm2AgentAclMacRuleEntry
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION 
                     "A table of layer 2 MAC ACL classification rules."
         INDEX       { hm2AgentAclMacIndex, hm2AgentAclMacRuleIndex }
         ::= { hm2AgentAclMacRuleTable 1 }
         
    Hm2AgentAclMacRuleEntry ::= SEQUENCE {         
           hm2AgentAclMacRuleIndex
               Integer32,
           hm2AgentAclMacRuleAction
               INTEGER,
           hm2AgentAclMacRuleCos
               Unsigned32,
           hm2AgentAclMacRuleCos2
               Unsigned32,
           hm2AgentAclMacRuleDestMacAddr
               MacAddress,
           hm2AgentAclMacRuleDestMacMask
               MacAddress,
           hm2AgentAclMacRuleEtypeKey
               INTEGER,
           hm2AgentAclMacRuleEtypeValue
               EtypeValue,
           hm2AgentAclMacRuleSrcMacAddr
               MacAddress,
           hm2AgentAclMacRuleSrcMacMask
               MacAddress,
           hm2AgentAclMacRuleVlanId
               Unsigned32,
           hm2AgentAclMacRuleVlanIdRangeStart
               Unsigned32,
           hm2AgentAclMacRuleVlanIdRangeEnd
               Unsigned32,
           hm2AgentAclMacRuleVlanId2
               Unsigned32,
           hm2AgentAclMacRuleVlanId2RangeStart
               Unsigned32,
           hm2AgentAclMacRuleVlanId2RangeEnd
               Unsigned32,
           hm2AgentAclMacRuleStatus
               RowStatus,
           hm2AgentAclMacRuleAssignQueueId
               Unsigned32,
           hm2AgentAclMacRuleRedirectIntf
               InterfaceIndexOrZero,
           hm2AgentAclMacRuleMatchEvery
               TruthValue,
           hm2AgentAclMacRuleMirrorIntf
               InterfaceIndexOrZero,
           hm2AgentAclMacRuleLogging
               TruthValue,
           hm2AgentAclMacRuleTimeRangeName
               DisplayString,
           hm2AgentAclMacRuleTimeRangeStatus
               INTEGER,
           hm2AgentAclMacRuleIndexNextFree
               Integer32,
           hm2AgentAclMacRuleRateLimitCrateUnit
		   	   INTEGER,
           hm2AgentAclMacRuleRateLimitCrate
               Unsigned32,
           hm2AgentAclMacRuleRateLimitCburst
               AclBurstSize,
		   hm2AgentAclMacRuleStatsAction               
		   	   INTEGER,
           hm2AgentAclMacRuleHitCount
               Counter64,
           hm2AgentAclMacRuleHitCountDiscontinuityTime
               TimeStamp
           }
    
    hm2AgentAclMacRuleIndex OBJECT-TYPE
         SYNTAX      Integer32 (0..2147483647)
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION
                     "The index of this rule instance within an MAC ACL."
         ::= { hm2AgentAclMacRuleEntry 1 }
         
    hm2AgentAclMacRuleAction OBJECT-TYPE
         SYNTAX      INTEGER {
                      permit(1),
                      deny(2)
                      }
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The type of action this MAC ACL rule should perform."
         DEFVAL { deny }
         ::= { hm2AgentAclMacRuleEntry 2 }

--#ifdef HM_MODIFIED     /* Jeni Rotaru, 2017-10-25. */
--     					 /* Fix for Issue 30813 - ACL: Could not set back default value on 'COS' after set a non-default value from Web Interface. */
--                       /* Reason: Unsigned32 already has values from (0..4294967295) */
     hm2AgentAclMacRuleCos OBJECT-TYPE
         SYNTAX      Unsigned32
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The class of service (COS) used in the MAC ACL classification.

                      This is the three-bit user priority field in the 802.1Q tag 
                      header of a tagged Ethernet frame. For frames containing a 
                      double VLAN tag, this field is located in the first/outer tag.
                      A value of 4294967295 indicates that this field is not used."
         ::= { hm2AgentAclMacRuleEntry 3 }
                  
     hm2AgentAclMacRuleCos2 OBJECT-TYPE
         SYNTAX      Unsigned32 (0..7 | 4294967295)
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The secondary class of service (COS2) used in the MAC ACL classification.

                      This is the three-bit user priority field in the second/inner 802.1Q 
                      tag header of a double VLAN tagged Ethernet frame.
                      A value of 4294967295 indicates that this field is not used."
         ::= { hm2AgentAclMacRuleEntry 4 }
                  
    hm2AgentAclMacRuleDestMacAddr OBJECT-TYPE
         SYNTAX      MacAddress
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The destination MAC address used in the MAC ACL classification."
         ::= { hm2AgentAclMacRuleEntry 5 }
         
    hm2AgentAclMacRuleDestMacMask OBJECT-TYPE
         SYNTAX      MacAddress
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The destination MAC address mask used in the MAC ACL classification. 

                      This mask value identifies the portion of the hm2AgentAclMacRuleDestMacAddr
                      that is compared against a packet.
                      The 'don't care bits' are represented by binary 0's and 
                      'do care bits' are represented by binary 1's. 
                      A non-contiguous mask value is 
                      permitted."
         ::= { hm2AgentAclMacRuleEntry 6 }
         
    hm2AgentAclMacRuleEtypeKey OBJECT-TYPE
         SYNTAX      INTEGER {
                      custom(1),
                      appletalk(2),
                      arp(3),
                      ibmsna(4),
                      ipv4(5),
                      ipv6(6),
                      ipxold(7),
                      mplsmcast(8),
                      mplsucast(9),
                      netbios(10),
                      novell(11),
                      pppoedisc(12),
                      rarp(13),
                      pppoesess(14),
                      ipxnew(15),
                      profinet(16),
                      powerlink(17),
                      ethercat(18),
                      pppoe(248)
                     }
         MAX-ACCESS  read-create
         STATUS      current 
         DESCRIPTION
                     "The Ethertype keyword used in the MAC ACL classification.

                      A keyword of custom(1) requires that the hm2AgentAclMacRuleEtypeValue
                      object also be set."
         ::= { hm2AgentAclMacRuleEntry 7 }
         
    hm2AgentAclMacRuleEtypeValue OBJECT-TYPE
         SYNTAX      EtypeValue
         MAX-ACCESS  read-create
         STATUS      current 
         DESCRIPTION
                     "The Ethertype custom value used in the MAC ACL classification.
                     
                      This object is only valid if the hm2AgentAclMacRuleEtypeKey is set to 
                      custom(1).  Values ranging from 0x0600 to 0xFFFF
                      (1536 to 65535) are interpreted as the Ethertype. 
                      Lower values are interpreted as frame size.
                      A value of 0 indicates that this field is not used."
         ::= { hm2AgentAclMacRuleEntry 8 }
         
    hm2AgentAclMacRuleSrcMacAddr OBJECT-TYPE
         SYNTAX      MacAddress
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The source MAC address used in the MAC ACL classification."
         ::= { hm2AgentAclMacRuleEntry 9 }
         
    hm2AgentAclMacRuleSrcMacMask OBJECT-TYPE
         SYNTAX      MacAddress
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "The source MAC address mask used in the MAC ACL classification. 

                      This mask value identifies the portion of the hm2AgentAclMacRuleSrcMacAddr
                      that is compared against a packet.
                      The 'don't care bits' are represented by binary 0's and 
                      'do care bits' are represented by binary 1's.
                      A non-contiguous mask value is 
                      permitted."
         ::= { hm2AgentAclMacRuleEntry 10 }

    hm2AgentAclMacRuleVlanId OBJECT-TYPE
         SYNTAX      Unsigned32 (1..4042)
         MAX-ACCESS  read-create
         STATUS      current 
         DESCRIPTION
                     "The VLAN ID value used in the MAC ACL classification.

                      The VLAN ID field is defined as the 12-bit VLAN identifier
                      in the 802.1Q tag header of a tagged Ethernet frame which is 
                      contained in the first/outer tag of a double VLAN tagged frame."
         ::= { hm2AgentAclMacRuleEntry 11 }
         
    hm2AgentAclMacRuleVlanIdRangeStart OBJECT-TYPE
         SYNTAX      Unsigned32 (1..4042)
         MAX-ACCESS  read-create
         STATUS      current 
         DESCRIPTION
                     "The VLAN ID range start value used in the MAC ACL classification.
		      Setting this value greater than the current hm2AgentAclMacRuleVlanIdRangeEnd
		      changes the VLAN ID range end to the same value as the range start.

                      The VLAN ID field is defined as the 12-bit VLAN identifier
                      in the 802.1Q tag header of a tagged Ethernet frame which is 
                      contained in the first/outer tag of a double VLAN tagged frame."
         ::= { hm2AgentAclMacRuleEntry 12 }
         
    hm2AgentAclMacRuleVlanIdRangeEnd OBJECT-TYPE
         SYNTAX      Unsigned32 (1..4042)
         MAX-ACCESS  read-create
         STATUS      current 
         DESCRIPTION
                     "The VLAN ID range end value used in the MAC ACL classification.
		      Setting this value less than the current hm2AgentAclMacRuleVlanIdRangeStart
		      changes the VLAN ID range start to the same value as the range end.

                      The VLAN ID field is defined as the 12-bit VLAN identifier
                      in the 802.1Q tag header of a tagged Ethernet frame which is 
                      contained in the first/outer tag of a double VLAN tagged frame."
         ::= { hm2AgentAclMacRuleEntry 13 }
         
    hm2AgentAclMacRuleVlanId2 OBJECT-TYPE
         SYNTAX      Unsigned32 (1..4042)
         MAX-ACCESS  read-create
         STATUS      current 
         DESCRIPTION
                     "The secondary VLAN ID value used in the MAC ACL classification.

                      The secondary VLAN ID field is defined as the 12-bit VLAN identifier
                      in the second/inner 802.1Q tag header of a double VLAN tagged Ethernet 
                      frame."
         ::= { hm2AgentAclMacRuleEntry 14 }
         
    hm2AgentAclMacRuleVlanId2RangeStart OBJECT-TYPE
         SYNTAX      Unsigned32 (1..4042)
         MAX-ACCESS  read-create
         STATUS      current 
         DESCRIPTION
                     "The secondary VLAN ID range start value used in the MAC ACL classification.
		      Setting this value greater than the current hm2AgentAclMacRuleVlanId2RangeEnd
		      changes the Secondary VLAN ID range end to the same value as the range start.

                      The secondary VLAN ID field is defined as the 12-bit VLAN identifier
                      in the second/inner 802.1Q tag header of a double VLAN tagged Ethernet 
                      frame."
         ::= { hm2AgentAclMacRuleEntry 15 }
         
    hm2AgentAclMacRuleVlanId2RangeEnd OBJECT-TYPE
         SYNTAX      Unsigned32 (1..4042)
         MAX-ACCESS  read-create
         STATUS      current 
         DESCRIPTION
                     "The secondary VLAN ID range end value used in the MAC ACL classification.
		      Setting this value less than the current hm2AgentAclMacRuleVlanId2RangeStart
		      changes the Secondary VLAN ID range start to the same value as the range end.

                      The secondary VLAN ID field is defined as the 12-bit VLAN identifier
                      in the second/inner 802.1Q tag header of a double VLAN tagged Ethernet 
                      frame."
         ::= { hm2AgentAclMacRuleEntry 16 }
         
    hm2AgentAclMacRuleStatus OBJECT-TYPE
         SYNTAX      RowStatus
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "Status of this instance.
                     
                     active(1)      - this ACL Rule is active
                     createAndGo(4) - set to this value to create an instance
                     destroy(6)     - set to this value to delete an instance"
         ::= { hm2AgentAclMacRuleEntry 17 }

    hm2AgentAclMacRuleAssignQueueId OBJECT-TYPE
         SYNTAX      Unsigned32 (0..7 | 4294967295)
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "Queue identifier to which all inbound packets matching this 
                      MAC ACL rule are directed.  This object defaults to the standard
                      queue assignment for user priority 0 traffic per the IEEE 802.1D
                      specification based on the number of assignable queues in the 
                      system:
                         1-3 queues:  0
                         4-7 queues:  1
                           8 queues:  2
                      This default assignment is static and is not influenced by
                      other system configuration changes.
                      A value of 4294967295 indicates that this field is not used"
         ::= { hm2AgentAclMacRuleEntry 18 }
         
    hm2AgentAclMacRuleRedirectIntf OBJECT-TYPE
         SYNTAX      InterfaceIndexOrZero
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "A non-zero value indicates the external ifIndex to which all 
                      inbound packets matching this MAC ACL rule are directed.  A
                      value of zero means packet redirection is not in effect, which
                      is the default value of this object.  Note that packet
		      redirection and mirroring (hm2AgentAclMacRuleMirrorIntf object)
		      are mutually exclusive rule attributes."
         DEFVAL { 0 }
         ::= { hm2AgentAclMacRuleEntry 19 }
         
    hm2AgentAclMacRuleMatchEvery OBJECT-TYPE
         SYNTAX      TruthValue
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "Flag to indicate that the MAC ACL rule is defined to match all packets, 
                      regardless of Ethertype."
         ::= { hm2AgentAclMacRuleEntry 20 }
         
    hm2AgentAclMacRuleMirrorIntf OBJECT-TYPE
         SYNTAX      InterfaceIndexOrZero
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "A non-zero value indicates the external ifIndex to which all 
                      inbound packets matching this MAC ACL rule are copied.  A
                      value of zero means packet mirroring is not in effect, which
                      is the default value of this object.  Note that packet
                      mirroring and redirection (hm2AgentAclMacRuleRedirectIntf object)
                      are mutually exclusive rule attributes."
         DEFVAL { 0 }
         ::= { hm2AgentAclMacRuleEntry 21 }
         
    hm2AgentAclMacRuleLogging OBJECT-TYPE
         SYNTAX      TruthValue
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "Flag to indicate that the ACL rule is being logged. 
                      A hardware count of the number of packets that match this rule
                      is reported via the hm2AgentAclTrapRuleLogEvent notification.

                      This object may be supported for an hm2AgentAclMacRuleAction 
		      setting of permit(1) and/or deny(2), depending on the
		      ACL feature capabilities of the device."
         ::= { hm2AgentAclMacRuleEntry 22 }

   hm2AgentAclMacRuleTimeRangeName OBJECT-TYPE
         SYNTAX      DisplayString (SIZE(0..31))
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "Name of the time range, that the ACL rule
                      has referenced. It has to start with a character and shall consist of
                      0 to 31 alphanumeric characters."
         ::= { hm2AgentAclMacRuleEntry 23 }

    hm2AgentAclMacRuleTimeRangeStatus OBJECT-TYPE
         SYNTAX      INTEGER {
                     inactive(1),
                     active(2)
                     }
         MAX-ACCESS  read-only
         STATUS      current
         DESCRIPTION
                     "Flag that indicates the ACL rule status.
                      If the status is active, it implies that the ACL rule is in effect.
                      If the status is inactive, it implies that the ACL rule is not in effect."
         ::= { hm2AgentAclMacRuleEntry 24 }
         
    hm2AgentAclMacRuleIndexNextFree OBJECT-TYPE
         SYNTAX       Integer32
         MAX-ACCESS   read-only
         STATUS       current
         DESCRIPTION
                     "This object contains an unused value for the hm2AgentAclMacRuleIndex
                      to be used when creating a new MAC ACL. A value of
                      zero indicates the ACL rule table is full."
         ::= { hm2AgentAclMacRuleEntry 248 }   
     
     hm2AgentAclMacRuleRateLimitCrateUnit OBJECT-TYPE
	    SYNTAX       INTEGER {
	                 pps(1),
	                 kbps(2)
	                 }
		MAX-ACCESS   read-create
	    STATUS       current
	    DESCRIPTION
	                "The unit of the aclMacRuleRateLimitCrate.
	                 Can be either packets per second (pps)
	                 or kilobits per second (kbps)."
	    DEFVAL      { kbps }
	    ::= { hm2AgentAclMacRuleEntry 249 }
	    
	hm2AgentAclMacRuleRateLimitCrate OBJECT-TYPE
         SYNTAX      Unsigned32 (0..10000000)
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "Committed rate attribute statement value, specified in kbps.
                     Value 0 disables this match criteria."
		 DEFVAL { 0 }
         ::= { hm2AgentAclMacRuleEntry 250 }
            
	hm2AgentAclMacRuleRateLimitCburst OBJECT-TYPE
         SYNTAX      AclBurstSize
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "Committed burst size attribute statement value, specified in kbytes.
                     Value 0 disables this match criteria."
		 DEFVAL { 0 }         
         ::= { hm2AgentAclMacRuleEntry 251 }

    hm2AgentAclMacRuleStatsAction OBJECT-TYPE
		SYNTAX       INTEGER {
					 other(1),
					 flushRuleHitCount(2)
					 }
		MAX-ACCESS   read-create
		STATUS       current
		DESCRIPTION
					"Setting the object to 'flushRuleHitCount(2)' will reset hit counter statistics.
					 Reading the object always returns 'other'."
		::= {hm2AgentAclMacRuleEntry 252 }

    hm2AgentAclMacRuleHitCount OBJECT-TYPE
         SYNTAX      Counter64
         MAX-ACCESS  read-only
         STATUS      current
         DESCRIPTION
                     "Number of packets that matched the ACL rule."
         ::= { hm2AgentAclMacRuleEntry 253 }

    hm2AgentAclMacRuleHitCountDiscontinuityTime OBJECT-TYPE
        SYNTAX      TimeStamp
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
                "The value of sysUpTime on the most recent occasion at which
                any one or more of this rule's counters suffered a discontinuity.
                If no such discontinuities have occurred since the last re-
                initialization of the local management subsystem, then this
                object contains a zero value."
        ::= { hm2AgentAclMacRuleEntry 254 }

    --**************************************************************************************
    -- Global controls
    --
    --**************************************************************************************
    
    --**************************************************************************************
    --    hm2AgentAclLoggingGroup
    --**************************************************************************************

    hm2AgentAclLoggingGroup        OBJECT IDENTIFIER ::= { hm2PlatformQosAcl 9 }
                                    
    hm2AgentAclTrapRuleIndex OBJECT-TYPE
         SYNTAX      Integer32 (0..2147483647)
         MAX-ACCESS  accessible-for-notify
         STATUS      current
         DESCRIPTION
                     "The index of an ACL rule instance.
		      Used by hm2AgentAclTrapRuleLogEvent trap."
         ::= { hm2AgentAclLoggingGroup 2 }
         
    hm2AgentAclTrapRuleAction OBJECT-TYPE
         SYNTAX      INTEGER {
                      permit(1),
                      deny(2)
                      }
         MAX-ACCESS  accessible-for-notify
         STATUS      current
         DESCRIPTION
                     "The type of action this rule should perform, either 
		      permit(1) or deny(2).
		      Used by hm2AgentAclTrapRuleLogEvent trap."
         ::= { hm2AgentAclLoggingGroup 3 }
         
    hm2AgentAclTrapRuleHitCount OBJECT-TYPE
         SYNTAX      Counter64
         MAX-ACCESS  accessible-for-notify
         STATUS      current
         DESCRIPTION
                     "Number of packets that matched the ACL rule during the most
                      recent logging interval.  Used by hm2AgentAclTrapRuleLogEvent trap."
         ::= { hm2AgentAclLoggingGroup 4 }
         
    hm2AgentAclTrapFlag OBJECT-TYPE
         SYNTAX      HmEnabledStatus
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "ACL Trap Flag - Enables or disables ACL trap generation.
                     When this value is set to enable(1), ACL traps are 
                     sent from the switch when they occur."
         DEFVAL  { enable }  
         ::= { hm2AgentAclLoggingGroup 5 }

      hm2AgentAclTrapRuleTimeRangeName OBJECT-TYPE
         SYNTAX      DisplayString (SIZE(1..31))
         MAX-ACCESS  accessible-for-notify
         STATUS      current
         DESCRIPTION
                     "Name of the time range on which there is a notification received.
                      Used by hm2AgentAclTrapRuleTimeRangeEvent trap."
       ::= { hm2AgentAclLoggingGroup 6 }

     hm2AgentAclTrapRuleTimeRangeNotification OBJECT-TYPE
         SYNTAX      INTEGER {
                     activate(1),
                     deactivate(2),
                     delete(3)
                     }
         MAX-ACCESS  accessible-for-notify
         STATUS      current
         DESCRIPTION
                     "Flag to indicate the type of time range notification received.
                      Used by hm2AgentAclTrapRuleTimeRangeEvent trap."
      ::= { hm2AgentAclLoggingGroup 7 }

     hm2AgentAclTrapRuleInstallationStatus OBJECT-TYPE
         SYNTAX      INTEGER {
                     failure(1),
                     success(2)
                     }
         MAX-ACCESS  accessible-for-notify
         STATUS      current
         DESCRIPTION
                     "Value specifies the status of the ACL Rule installed in hardware as activated/deactivated.
                      Used by hm2AgentAclTrapRuleTimeRangeEvent trap."
      ::= { hm2AgentAclLoggingGroup 8 }

      hm2AgentAclTrapRuleHitCountHigh OBJECT-TYPE
         SYNTAX      Gauge32
         MAX-ACCESS  accessible-for-notify
         STATUS      current
         DESCRIPTION
              "Upper 32bit of number of packets that matched the ACL rule during the most
              recent logging interval.  Used by hm2AgentAclTrapRuleLogEventV1 trap."
         ::= { hm2AgentAclLoggingGroup 248 }
 
      hm2AgentAclTrapRuleHitCountLow OBJECT-TYPE
         SYNTAX      Gauge32
         MAX-ACCESS  accessible-for-notify
         STATUS      current
         DESCRIPTION
              "Lower 32bit of number of packets that matched the ACL rule during the most
              recent logging interval.  Used by hm2AgentAclTrapRuleLogEventV1 trap."
         ::= { hm2AgentAclLoggingGroup 249 }

    --**************************************************************************************
    -- ACL Trap Definitions
    --**************************************************************************************

    hm2AgentAclNotifications   OBJECT IDENTIFIER ::= { hm2PlatformQosAcl 0 }

    hm2AgentAclTrapRuleLogEvent NOTIFICATION-TYPE
        OBJECTS {
                 hm2AgentAclIfAclType,
		 hm2AgentAclIfAclId,
		 hm2AgentAclTrapRuleIndex,
		 hm2AgentAclTrapRuleAction,
                 hm2AgentAclTrapRuleHitCount
                }
        STATUS  current
        DESCRIPTION
            "This trap is generated on a periodic basis to indicate that an 
             ACL rule configured for logging was actively used by hardware to 
             take action on one or more packets.  The hm2AgentAclTrapRuleHitCount denotes 
             the number of packets that matched this rule during the most recent logging
             interval. ACL trap generation requires that the hm2AgentAclTrapFlag object
             is set to enable(1)."
         ::= { hm2AgentAclNotifications 1 }

    hm2AgentAclTrapRuleTimeRangeEvent NOTIFICATION-TYPE
        OBJECTS {
                 hm2AgentAclIfAclType,
                 hm2AgentAclIfAclId,
                 hm2AgentAclTrapRuleIndex,
                 hm2AgentAclTrapRuleTimeRangeName,
                 hm2AgentAclTrapRuleTimeRangeNotification,
                 hm2AgentAclTrapRuleInstallationStatus
                }
         STATUS  current
        DESCRIPTION
            "This trap is generated when there is a time range notification
             received on any Time based ACL rule.
             The hm2AgentAclTrapRuleTimeRangeName denotes the time range name associated with the ACL rule, 
             hm2AgentAclTrapRuleTimeRangeNotification indicates the type of notification received and 
             hm2AgentAclTrapRuleInstallationStatus indicates the installation status of ACL rule in the hardware.
             When activate notification is received, ACL rule is activated in the hardware.
             When deactivate notifcation is received, ACL rule is deactivated in the hardware. 
             When delete notification is received, ACL rule is activated in the hardware, if it is 
             not already activated. ACL trap generation requires the hm2AgentAclTrapFlag object to be set to enable(1)."
         ::= { hm2AgentAclNotifications 2 }
 
     hm2AgentAclTrapRuleLogEventV1 NOTIFICATION-TYPE
        OBJECTS {
                 hm2AgentAclIfAclType,
                 hm2AgentAclIfAclId,
                 hm2AgentAclTrapRuleIndex,
                 hm2AgentAclTrapRuleAction,
                 hm2AgentAclTrapRuleHitCountHigh,
                 hm2AgentAclTrapRuleHitCountLow
                }
        STATUS  current
        DESCRIPTION
            "This trap is generated on a periodic basis to indicate that an
             ACL rule configured for logging was actively used by hardware to
             take action on one or more packets.  The hm2AgentAclTrapRuleHitCount denotes
             the number of packets that matched this rule during the most recent logging
             interval. ACL trap generation requires that the hm2AgentAclTrapFlag object
             is set to enable(1).
             This version of the trap is only sent when device uses SNMPv1 style traps.
             Devices using SNMPv2 and above send hm2AgentAclTrapRuleLogeEvent instead.
            "
         ::= { hm2AgentAclNotifications 248 }

    --**************************************************************************************
             
--**************************************************************************************
    
    hm2AgentAclVlanTable OBJECT-TYPE
         SYNTAX      SEQUENCE OF Hm2AgentAclVlanEntry
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION 
                     "A table of ACL VLAN instances per direction."
         ::= { hm2PlatformQosAcl 13 }

    hm2AgentAclVlanEntry OBJECT-TYPE
         SYNTAX      Hm2AgentAclVlanEntry
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION 
                     "An ACL VLAN table entry."
         INDEX       { hm2AgentAclVlanIndex, hm2AgentAclVlanDirection, hm2AgentAclVlanSequence, hm2AgentAclVlanAclType, hm2AgentAclVlanAclId  }
         ::= { hm2AgentAclVlanTable 1 }
         
    Hm2AgentAclVlanEntry ::= SEQUENCE {         
           hm2AgentAclVlanIndex
               Integer32,
           hm2AgentAclVlanDirection
               INTEGER,
           hm2AgentAclVlanSequence
               Unsigned32,
           hm2AgentAclVlanAclType
               INTEGER,
           hm2AgentAclVlanAclId
               Integer32,
           hm2AgentAclVlanStatus
               RowStatus
           }
    
    hm2AgentAclVlanIndex OBJECT-TYPE
         SYNTAX      Integer32 (0..2147483647)
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION
                     "The VLAN to which this ACL instance applies."
         ::= { hm2AgentAclVlanEntry 1 }
         
    hm2AgentAclVlanDirection OBJECT-TYPE
         SYNTAX      INTEGER {
                      inbound(1),
                      outbound(2)
                     }
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION
                     "The VLAN direction to which this ACL instance applies."
         ::= { hm2AgentAclVlanEntry 2 }
         
    hm2AgentAclVlanSequence OBJECT-TYPE
         SYNTAX      Unsigned32 (1..4294967295)
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION
                     "The relative evaluation sequence of this ACL for this
                      VLAN and direction. When multiple ACLs are allowed 
                      for a given VLAN and direction, the sequence number 
                      determines the order in which the list of ACLs are evaluated,
                      with lower sequence numbers given higher precedence.  The
                      sequence number value is arbitrary, but must be an unique
                      non-zero value for a given VLAN and direction.
                       
                      Setting this object to an existing sequence number 
                      value for a given VLAN and direction causes the 
                      ACL corresponding to that value to be replaced with
                      this ACL."
         ::= { hm2AgentAclVlanEntry 3 }
         
    hm2AgentAclVlanAclType OBJECT-TYPE
         SYNTAX      INTEGER {
                      ip(1),
                      mac(2),
                      ipv6(3)
                     }
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION
                     "The type of this ACL, which is used to interpret the 
                      hm2AgentAclVlanId object value. Each type of ACL uses its own
                      numbering scheme for identification (see hm2AgentAclVlanAclId object
                      for details).

                      The hm2AgentAclVlanAclId object must be specified along with this 
                      object."
         ::= { hm2AgentAclVlanEntry 4 }
         
    hm2AgentAclVlanAclId OBJECT-TYPE
         SYNTAX      Integer32 (0..2147483647)
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION
                     "The ACL identifier value, which is interpreted based on
                      the hm2AgentAclVlanType object.

                      For the IP ACLs, the actual ACL number is its identifier
                      as follows:  IP standard ranges from 1-99, while 
                      IP extended ranges from 100-199. Here, hm2AgentAclVlanAclId represents 
                      hm2AgentAclIndex. 

                      The MAC ACLs use an internally generated index value 
                      that is assigned when the ACL is created. Here, hm2AgentAclVlanAclId 
                      represents hm2AgentAclMacIndex.

                      The IPv6 ACLs use an internally generated index value
                      that is assigned when the ACL is created. Here, hm2AgentAclVlanAclId 
                      represents hm2AgentAclIpv6Index.

                      The hm2AgentAclVlanType object must be specified along with
                      this object."
         ::= { hm2AgentAclVlanEntry 5 }
         
    hm2AgentAclVlanStatus OBJECT-TYPE
         SYNTAX      RowStatus
         MAX-ACCESS  read-create
         STATUS      current
         DESCRIPTION
                     "Status of this instance.
                     
                     active(1)      - this ACL VLAN instance is active
                     createAndGo(4) - set to this value to assign an ACL to a VLAN and direction
                     destroy(6)     - set to this value to remove an ACL from a VLAN and direction"
         ::= { hm2AgentAclVlanEntry 6 }
--**************************************************************************************
    hm2AgentOperatorRuleAssignOutboundInvalid OBJECT-IDENTITY
         STATUS        current
         DESCRIPTION   "IP ACL rule with 'greater than', 'lower than', 'not equal' operators cannot be assigned to an interface in outbound direction."
    ::= { hm2PlatformQosAcl 248 }

END
