RAD-ACL-MIB DEFINITIONS ::= BEGIN


-- It is RAD's intent to encourage the widespread use of
-- this Specification in connection with the management of
-- RAD products. RAD grants vendors, end-users,
-- and other interested parties a non-exclusive license to
-- use this Specification in connection with the management
-- of RAD products.

-- This Specification is supplied "as is," and RAD makes
-- no warranty, either express or implied, as to the use,
-- operation, condition, or performance of the Specification.


IMPORTS

       Integer32, Gauge32, Unsigned32, 
       OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE     FROM  SNMPv2-SMI
       sysName     FROM  SNMPv2-MIB
       TEXTUAL-CONVENTION, RowStatus, RowPointer     FROM  SNMPv2-TC
       SnmpAdminString     FROM  SNMP-FRAMEWORK-MIB
       InetAddressType, InetAddress, InetPortNumber, 
       InetAddressPrefixLength     FROM  INET-ADDRESS-MIB
       radSecurity     FROM  RAD-SMI-MIB
       systemsEvents, alarmEventLogSourceName, alarmEventLogAlarmOrEventId, 
       alarmEventLogDescription, alarmEventLogSeverity, alarmEventLogDateAndTime, 
       alarmEventReason     FROM  RAD-GEN-MIB; 

radAclMIB    MODULE-IDENTITY
        LAST-UPDATED "201605191805Z"  -- May 19, 2016
        ORGANIZATION "RAD Data Communications Ltd."
        CONTACT-INFO
        "System Department

         Email:  mibs@rad.com
         Postal: RAD Data Communications Ltd.
                 24 Raoul Wallenberg St.
                 Tel-Aviv 6971920
                 Israel

         Phone:  +972-3-645-5421
         Fax:    +972-3-760-7844"
         DESCRIPTION
            "ACL MIB."
    ::= {radSecurity 2 }


--
-- TEXTUAL-CONVENTIONs
--
--

AceMarkingType  ::=  TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "Specifies the Marking Type: DSCP, IP Precedence, or Pbit."
    SYNTAX      BITS
    {
    dscp         (0),
    ipPrecedence (1),
    pBit         (2)
    }

DscpMark    ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "Specifies the DSCP value."
    SYNTAX      Unsigned32 (0..63)

IpPrecedenceMark    ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "Specifies the IP precedence value ."
    SYNTAX      Unsigned32 (0..7)

PbitMark    ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "Specifies the VLAN P-Bit value."
    SYNTAX      Unsigned32 (0..7)

UdpTcpPortOp    ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
    "Indicates how a packet's destination TCP/UDP port number is
    to be compared.

    'noOperator(1)', which is the default value, means that no
    comparison is to be made with the destination TCP/UDP port
    number.

    lt(2) means less than.
    gt(3) means greater than.
    eq(4) means equal.
    neq(5) means not equal.

    range(6) means that it compares the port value between two
    numbers, so this operator needs 2 operands. One operand is the
    starting port number of the range, and the other operand is the ending port number
    of the range"
    SYNTAX INTEGER {
        noOperator  (1),
        lt          (2),
        gt          (3),
        eq          (4),
        neq         (5),
        range       (6)
        }


--Configuration Tables

aclConf   OBJECT IDENTIFIER ::= { radAclMIB 1 }

aclMainTable OBJECT-TYPE
       SYNTAX  SEQUENCE OF AclMainEntry
       MAX-ACCESS  not-accessible
       STATUS  current
       DESCRIPTION
        "ACL Configuration Table."
       ::= { aclConf 1 }

aclMainEntry OBJECT-TYPE
       SYNTAX AclMainEntry
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
          "An entry in the ACL main table"
       INDEX   { aclName }
       ::= { aclMainTable 1 }

AclMainEntry ::= SEQUENCE {
    aclName                 SnmpAdminString (SIZE (1..252)),
    aclNumberOfAce          Unsigned32,
    aclLastSeqeunceNumber   Unsigned32,
    aclResequenceCmd        Unsigned32,
    aclType                 INTEGER,
    aclIllegalEntityTypes   BITS,
    aclRowStatus            RowStatus 
 }

aclName OBJECT-TYPE
    SYNTAX      SnmpAdminString (SIZE (1..252))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Access Control List (ACL) name"
    ::= { aclMainEntry 1 }

aclNumberOfAce OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Number of Access Control Entries in this ACL"
    ::= { aclMainEntry 2 }

aclLastSeqeunceNumber OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Sequence Number of the last ACE in this ACL. "
    ::= { aclMainEntry 3 }

aclResequenceCmd OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Resequence Command, specifying step between ACE sequence numbers.
         For example, when resequence command with value of 100 is given,
         new sequence number will be  100 200 300 400 etc.
         Default Value - 10. Possible Set values - 1....10000.

         Upon resequence action completion,  Agent will reset this object value
         to '0'- to indicate the resequence action is finished,
         and to  allow the user to set the same (or other) value (e.g. 10) again.
         The value 0 can only be set by agent."
    ::= { aclMainEntry 4 }

aclType OBJECT-TYPE
    SYNTAX      INTEGER
    {
    ipv4 (1),
    ipv6 (2)
    }
    MAX-ACCESS read-create
    STATUS      current
    DESCRIPTION
        "ACL type. For IP ACLs, all ACEs of same ACL will have same InetAddressType value"
    DEFVAL  { ipv4}
    ::= { aclMainEntry 5 }

aclIllegalEntityTypes     OBJECT-TYPE
    SYNTAX      BITS
    {
    management      (0),
    routerInterface (1)
    }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This object is a bitmap of entity types.
         If a bit representing certain entity type is '1',
         ACL cannot be bound to that entity type.
         e.g. if bit (0) is '1', ACL  cannot be bound to management entity."
    ::= { aclMainEntry 6 }

aclRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Create/Destroy ACLs.
         When removing ACL which has associated ACE entries,
         all associated entries  (in aclAceTable and in all auxiliary (per protocol) tables)
         MUST  be removed before destroying ACL entry"
    ::= { aclMainEntry 7}


aclAceTable OBJECT-TYPE
       SYNTAX       SEQUENCE OF AclAceEntry
       MAX-ACCESS   not-accessible
       STATUS       current
       DESCRIPTION
        "Access Control Entry  (ACE) Table "
       ::= { aclConf 2 }

aclAceEntry OBJECT-TYPE
       SYNTAX       AclAceEntry
       MAX-ACCESS   not-accessible
       STATUS       current
       DESCRIPTION
          "ACE entry -  general ACE parameters , and pointer to Auxillary table."
       INDEX   {aclAceIdx  }
       ::= { aclAceTable 1 }

AclAceEntry ::= SEQUENCE {
    aclAceIdx                   Unsigned32,
    aclAceSequenceNumber        Unsigned32,
    aclAceType                  INTEGER,
    aclAcePointer               RowPointer,
    aclAcelog                   INTEGER,
    aclAceIllegalEntityTypes    BITS,
    aclAceAclName               SnmpAdminString (SIZE (1..252)),
    aclAceRowStatus             RowStatus 
 }

aclAceIdx               OBJECT-TYPE
    SYNTAX              Unsigned32
    MAX-ACCESS          not-accessible
    STATUS              current
    DESCRIPTION
        "ACE running Index . "
    ::= { aclAceEntry 1 }

aclAceSequenceNumber    OBJECT-TYPE
    SYNTAX              Unsigned32
    MAX-ACCESS          read-create
    STATUS              current
    DESCRIPTION
        "ACE Sequence Number "
    ::= { aclAceEntry 2 }

aclAceType OBJECT-TYPE
    SYNTAX      INTEGER
    {
    remark  (1),
    deny    (2),
    permit  (3)
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object specify ACE type:
         Remark, Deny or Permit.
         Remark type ACE  must include pointer (aclAcePointer) to aclAceRemarkTable
         Permit or Deny type ACE must include pointer to one of the other
         auxilliary tables (aclAceIP Table, aclAceICMPTable, aclAceTCPTable or aclAceUDPTable)."
    ::= { aclAceEntry 3 }

aclAcePointer OBJECT-TYPE
    SYNTAX      RowPointer
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Pointer to entry in one of the auxilary tables:
         aclAceRemarkTable, aclAceIP Table, aclAceICMPTable ,
         aclAceTCPTable, aclAceUDPTable.
         When an entry is created in this table,
         Agent must create associated entry in one of the  auxilary accroding to this pointer "
    ::= { aclAceEntry 4 }

aclAcelog OBJECT-TYPE
    SYNTAX      INTEGER
    {
    notApplicable   (1), --for ACE type = remark
    disable         (2),
    enable          (3)
    }
    MAX-ACCESS read-create
    STATUS      current
    DESCRIPTION
        "Enable or disable log of current ACE"
    ::= { aclAceEntry 5 }


aclAceIllegalEntityTypes     OBJECT-TYPE
    SYNTAX      BITS
    {
    management      (0),
    routerInterface (1)
    }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This object is a bitmap of entity types.
         If a bit representing certain entity type is '1', ACL containing
         current ACE cannot be bound to that entity type.
         e.g. if bit (0) is '1', ACL containing current ACE cannot be
         bound to a management entity."
    ::= { aclAceEntry 6 }

aclAceAclName       OBJECT-TYPE
    SYNTAX      SnmpAdminString (SIZE (1..252))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The name of the ACL to which this ACE belongs. ACL Name MUST exists
         in aclMainTable.
         Upon deletion of an ACL, all entries with deleted ACL Name
         must be deleted."
    ::= { aclAceEntry 7 }

aclAceRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Create or Destroy ACE "
    ::= { aclAceEntry 8 }


aclAceRemarkTable OBJECT-TYPE
       SYNTAX       SEQUENCE OF AclAceRemarkEntry
       MAX-ACCESS   not-accessible
       STATUS       current
       DESCRIPTION
        "ACE remark   Table.
         This table containing all remarks (free text which may describe ACEs) for all ACLs"
       ::= { aclConf 3 }

aclAceRemarkEntry OBJECT-TYPE
       SYNTAX       AclAceRemarkEntry
       MAX-ACCESS   not-accessible
       STATUS       current
       DESCRIPTION
          "ACE remarks "
       INDEX   { aclAceIdx }
       ::= { aclAceRemarkTable 1 }

AclAceRemarkEntry ::= SEQUENCE {
    aclAceRemark    SnmpAdminString (SIZE (1..252)) 
 }

aclAceRemark        OBJECT-TYPE
    SYNTAX          SnmpAdminString (SIZE (1..252))
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "Free text describing following ACEs"
    ::= {  aclAceRemarkEntry 1 }


aclAceIPTable OBJECT-TYPE
       SYNTAX       SEQUENCE OF AclAceIPEntry
       MAX-ACCESS   not-accessible
       STATUS       current
       DESCRIPTION
        "ACE IP   Table."
       ::= { aclConf 4 }

aclAceIPEntry OBJECT-TYPE
       SYNTAX       AclAceIPEntry
       MAX-ACCESS   not-accessible
       STATUS       current
       DESCRIPTION
          "IP match criteria"
       INDEX   { aclAceIdx }
       ::= { aclAceIPTable 1 }

AclAceIPEntry ::= SEQUENCE {
    aclAceIPSrcAddressType              InetAddressType,
    aclAceIPSrcAddress                  InetAddress,
    aclAceIPSrcAddressPrefixLength      InetAddressPrefixLength,
    aclAceIPDstAddressType              InetAddressType,
    aclAceIPDstAddress                  InetAddress,
    aclAceIPDstAddressPrefixLength      InetAddressPrefixLength,
    aclAceIPMarkingType                 AceMarkingType,
    aclAceIPDscp                        DscpMark,
    aclAceIPIpPrecedence                IpPrecedenceMark,
    aclAceIPProtocolNumber              Unsigned32,
    aclAceIPSetMarkingType              AceMarkingType,
    aclAceIPSetDscp                     DscpMark,
    aclAceIPSetIpPrecedence             IpPrecedenceMark,
    aclAceIPSetPbit                     PbitMark 
 }

aclAceIPSrcAddressType      OBJECT-TYPE
    SYNTAX          InetAddressType
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "Type of Internet address of aclAceIPSrcAddress
         Only ipV4 and ipv6 are supported."
    ::= {  aclAceIPEntry 1 }

aclAceIPSrcAddress      OBJECT-TYPE
    SYNTAX          InetAddress
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The IP address to match against the packet's source  IP address.
         The type of this address is determined by the value of the
         aclAceIPSrcAddressType object."
    ::= {  aclAceIPEntry 2 }

aclAceIPSrcAddressPrefixLength  OBJECT-TYPE
    SYNTAX          InetAddressPrefixLength
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The length of the CIDR Prefix carried in  aclAceIPSrcAddress"
    ::= {  aclAceIPEntry 3 }

aclAceIPDstAddressType      OBJECT-TYPE
    SYNTAX          InetAddressType
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "Type of Internet address of aclAceIPDstAddress .
         Only ipV4 and ipv6 are supported."
    ::= {  aclAceIPEntry 4 }

aclAceIPDstAddress      OBJECT-TYPE
    SYNTAX          InetAddress
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The IP address to match against the packet's destination  IP address.
         The type of this address is determined by the value of the
         aclAceIPDstAddressType object."
    ::= {  aclAceIPEntry 5 }

aclAceIPDstAddressPrefixLength  OBJECT-TYPE
    SYNTAX          InetAddressPrefixLength
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The length of the CIDR Prefix carried in aclAceIPDstAddress"
    ::= {  aclAceIPEntry 6 }

aclAceIPMarkingType OBJECT-TYPE
    SYNTAX          AceMarkingType
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "Specifies the marking type to be matched."
    ::= {  aclAceIPEntry 7 }

aclAceIPDscp    OBJECT-TYPE
    SYNTAX          DscpMark
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The DSCP value to match against the packet's DSCP field"
    ::= {  aclAceIPEntry 8 }

aclAceIPIpPrecedence    OBJECT-TYPE
    SYNTAX          IpPrecedenceMark
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The IP Precendece value to match against the packet's IP Precendece field"
    ::= {  aclAceIPEntry 9 }

aclAceIPProtocolNumber  OBJECT-TYPE
    SYNTAX          Unsigned32
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "IP protocol numbers used in the Protocol field of the IPv4 header and the Next Header field of IPv6 header."
    ::= {  aclAceIPEntry 10 }

aclAceIPSetMarkingType  OBJECT-TYPE
    SYNTAX          AceMarkingType
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "This object is used only for ACE type 'permit'.
         It indicates which priority parameter should be set in matched packet. "
    ::= {  aclAceIPEntry 11 }

aclAceIPSetDscp OBJECT-TYPE
    SYNTAX          DscpMark
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "DSCP value to set in matched packet"
    ::= {  aclAceIPEntry  12 }

aclAceIPSetIpPrecedence OBJECT-TYPE
    SYNTAX          IpPrecedenceMark
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "IP Precedence value to set in matched packet"
    ::= {  aclAceIPEntry 13}

aclAceIPSetPbit OBJECT-TYPE
    SYNTAX          PbitMark
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "Pbit (layer two priority) to set in matched packet"
    ::= {  aclAceIPEntry 14 }

aclAceICMPTable OBJECT-TYPE
       SYNTAX       SEQUENCE OF AclAceICMPEntry
       MAX-ACCESS   not-accessible
       STATUS       current
       DESCRIPTION
            "ACE ICMP   Table."
       ::= { aclConf 5 }

aclAceICMPEntry OBJECT-TYPE
       SYNTAX       AclAceICMPEntry
       MAX-ACCESS   not-accessible
       STATUS       current
       DESCRIPTION
          "ICMP entry"
       INDEX   { aclAceIdx }
       ::= { aclAceICMPTable 1 }

AclAceICMPEntry ::= SEQUENCE {
    aclAceICMPSrcAddressType            InetAddressType,
    aclAceICMPSrcAddress                InetAddress,
    aclAceICMPSrcAddressPrefixLength    InetAddressPrefixLength,
    aclAceICMPDstAddressType            InetAddressType,
    aclAceICMPDstAddress                InetAddress,
    aclAceICMPDstAddressPrefixLength    InetAddressPrefixLength,
    aclAceICMPMarkingType               AceMarkingType,
    aclAceICMPDscp                      DscpMark,
    aclAceICMPIpPrecedence              IpPrecedenceMark,
    aclAceICMPType                      Unsigned32,
    aclAceICMPCode                      Unsigned32,
    aclAceICMPSetMarkingType            AceMarkingType,
    aclAceICMPSetDscp                   DscpMark,
    aclAceICMPSetIpPrecedence           IpPrecedenceMark,
    aclAceICMPSetPbit                   PbitMark 
 }
            
aclAceICMPSrcAddressType        OBJECT-TYPE
    SYNTAX          InetAddressType
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "Type of Internet address of aclAceICMPSrcAddress
         Only ipV4 and ipv6 are supported."
    ::= {  aclAceICMPEntry 1 }

aclAceICMPSrcAddress        OBJECT-TYPE
    SYNTAX          InetAddress
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The IP address to match against the packet's source  IP address.
         The type of this address is determined by the value of the
         aclAceICMPSrcAddressType object."
    ::= {  aclAceICMPEntry 2 }

aclAceICMPSrcAddressPrefixLength    OBJECT-TYPE
    SYNTAX          InetAddressPrefixLength
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The length of the CIDR Prefix carried in aclAceICMPSrcAddress The length of the CIDR Prefix carried in SrcAddressPrefixLength"
    ::= {  aclAceICMPEntry 3 }

aclAceICMPDstAddressType        OBJECT-TYPE
    SYNTAX          InetAddressType
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "Type of Internet address of aclAceICMPDstAddressType .
         Only ipV4 and ipv6 are supported."
    ::= {  aclAceICMPEntry 4 }

    aclAceICMPDstAddress        OBJECT-TYPE
    SYNTAX          InetAddress
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The IP address to match against the packet's destination  IP address.
         The type of this address is determined by the value of the
         aclAceICMPDstAddress object."
    ::= {  aclAceICMPEntry 5 }

aclAceICMPDstAddressPrefixLength    OBJECT-TYPE
    SYNTAX          InetAddressPrefixLength
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The length of the CIDR Prefix carried in DstAddressPrefixLength"
    ::= {  aclAceICMPEntry 6 }

aclAceICMPMarkingType   OBJECT-TYPE
    SYNTAX          AceMarkingType
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "Specifies the marking type to be matched"
    ::= {  aclAceICMPEntry 7 }

aclAceICMPDscp  OBJECT-TYPE
    SYNTAX          DscpMark
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The DSCP value to match against the packet's DSCP field"
    ::= {  aclAceICMPEntry 8 }

aclAceICMPIpPrecedence  OBJECT-TYPE
    SYNTAX          IpPrecedenceMark
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The IP Precendece value to match against the packet's IP Precendece field"
    ::= {  aclAceICMPEntry 9 }

aclAceICMPType  OBJECT-TYPE
    SYNTAX          Unsigned32
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "ICMP message Type"
    ::= {  aclAceICMPEntry  10 }

aclAceICMPCode  OBJECT-TYPE
    SYNTAX          Unsigned32
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "ICMP message Code"
    ::= {  aclAceICMPEntry  11 }

aclAceICMPSetMarkingType    OBJECT-TYPE
    SYNTAX          AceMarkingType
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "This object is used only for ACE type 'permit'.
         It indicates which priority parameter should be set in matched packet. "
    ::= {  aclAceICMPEntry 12}

aclAceICMPSetDscp   OBJECT-TYPE
    SYNTAX          DscpMark
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "DSCP value to set in matched packet"
    ::= {  aclAceICMPEntry  13 }

aclAceICMPSetIpPrecedence   OBJECT-TYPE
    SYNTAX          IpPrecedenceMark
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "IP Precedence value to set in matched packet"
    ::= {  aclAceICMPEntry 14 }

aclAceICMPSetPbit   OBJECT-TYPE
    SYNTAX          PbitMark
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "Pbit (layer two priority) to set in matched packet"
    ::= {  aclAceICMPEntry 15 }

-- TCP Table

aclAceTCPTable OBJECT-TYPE
       SYNTAX       SEQUENCE OF AclAceTCPEntry
       MAX-ACCESS   not-accessible
       STATUS       current
       DESCRIPTION
            "ACE TCP  Table."
       ::= { aclConf 6 }

aclAceTCPEntry OBJECT-TYPE
       SYNTAX       AclAceTCPEntry
       MAX-ACCESS   not-accessible
       STATUS       current
       DESCRIPTION
          "ACE TCP entry"
       INDEX   { aclAceIdx }
       ::= { aclAceTCPTable 1 }

AclAceTCPEntry ::= SEQUENCE {
    aclAceTCPSrcAddressType             InetAddressType,
    aclAceTCPSrcAddress                 InetAddress,
    aclAceTCPSrcAddressPrefixLength     InetAddressPrefixLength,
    aclAceTCPDstAddressType             InetAddressType,
    aclAceTCPDstAddress                 InetAddress,
    aclAceTCPDstAddressPrefixLength     InetAddressPrefixLength,
    aclAceTCPMarkingType                AceMarkingType,
    aclAceTCPDscp                       DscpMark,
    aclAceTCPIpPrecedence               IpPrecedenceMark,
    aclAceTCPSrcPortOp                  UdpTcpPortOp,
    aclAceTCPSrcPort                    InetPortNumber,
    aclAceTCPSrcPortRange               InetPortNumber,
    aclAceTCPDstPortOp                  UdpTcpPortOp,
    aclAceTCPDstPort                    InetPortNumber,
    aclAceTCPDstPortRange               InetPortNumber,
    aclAceTCPSetMarkingType             AceMarkingType,
    aclAceTCPSetDscp                    DscpMark,
    aclAceTCPSetIpPrecedence            IpPrecedenceMark,
    aclAceTCPSetPbit                    PbitMark 
 }
aclAceTCPSrcAddressType         OBJECT-TYPE
    SYNTAX          InetAddressType
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "Type of Internet address of aclAceTCPSrcAddress
         Only ipV4 and ipv6 are supported."
    ::= {  aclAceTCPEntry 1}

aclAceTCPSrcAddress         OBJECT-TYPE
    SYNTAX          InetAddress
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The IP address to match against the packet's source  IP address.
         The type of this address is determined by the value of the
         aclAceTCPSrcAddressType object."
    ::= {  aclAceTCPEntry 2}

aclAceTCPSrcAddressPrefixLength OBJECT-TYPE
    SYNTAX          InetAddressPrefixLength
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The length of the CIDR Prefix carried in aclAceTCPSrcAddress"
    ::= {  aclAceTCPEntry 3}

aclAceTCPDstAddressType         OBJECT-TYPE
    SYNTAX          InetAddressType
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "Type of Internet address of aclAceTCPDstAddress .
         Only ipV4 and ipv6 are supported."
    ::= {  aclAceTCPEntry 4 }

aclAceTCPDstAddress         OBJECT-TYPE
    SYNTAX          InetAddress
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The IP address to match against the packet's destination  IP address.
         The type of this address is determined by the value of the
         aclAceTCPDstAddressType object."
    ::= {  aclAceTCPEntry 5 }

aclAceTCPDstAddressPrefixLength OBJECT-TYPE
    SYNTAX          InetAddressPrefixLength
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The length of the CIDR Prefix carried in aclAceTCPDstAddress"
    ::= {  aclAceTCPEntry 6 }

aclAceTCPMarkingType    OBJECT-TYPE
    SYNTAX          AceMarkingType
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "Specifies the marking type to be matched."
    ::= {  aclAceTCPEntry 7 }

aclAceTCPDscp   OBJECT-TYPE
    SYNTAX          DscpMark
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The DSCP value to match against the packet's DSCP field"
    ::= {  aclAceTCPEntry 8 }

aclAceTCPIpPrecedence   OBJECT-TYPE
    SYNTAX          IpPrecedenceMark
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The IP Precendece value to match against the packet's IP Precendece field"
    ::= {  aclAceTCPEntry 9 }

aclAceTCPSrcPortOp  OBJECT-TYPE
    SYNTAX          UdpTcpPortOp
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "Indicates how a packet's Source TCP port number is
         to be compared with aclAceTCPSrcPort and aclAceTCPSrcPortRange"
    ::= {  aclAceTCPEntry 10 }

aclAceTCPSrcPort     OBJECT-TYPE
    SYNTAX          InetPortNumber
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The TCP port number  to be matched against the packets TCP source port."
    ::= { aclAceTCPEntry 11 }

aclAceTCPSrcPortRange     OBJECT-TYPE
    SYNTAX          InetPortNumber
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The source port number of the  TCP  protocol.
         If the aclAceTCPSrcPortOp object in the same row is range(6),
         this object will be the ending port number of the port range.
         This object cannot be configured if
         aclAceTCPSrcPortOp in the same row is not range(6)"
    ::= { aclAceTCPEntry 12 }

aclAceTCPDstPortOp  OBJECT-TYPE
    SYNTAX          UdpTcpPortOp
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "Indicates how a packet's destination TCP port number is
         to be compared with aclAceTCPDstPort and aclAceTCPDstPortRange"
    ::= {  aclAceTCPEntry 13 }

aclAceTCPDstPort     OBJECT-TYPE
    SYNTAX          InetPortNumber
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The TCP port number to be matched against the packets TCP destination port"
    ::= { aclAceTCPEntry 14 }

    aclAceTCPDstPortRange     OBJECT-TYPE
    SYNTAX          InetPortNumber
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The destination port number of the  TCP  protocol.
         If the aclAceTCPDstPortOp object in the same row is range(6),
         this object will be the ending port number of the port range.
         This object cannot be configured if
         aclAceTCPDstPortOp in the same row is not range(6)"
    ::= { aclAceTCPEntry 15 }

aclAceTCPSetMarkingType OBJECT-TYPE
    SYNTAX          AceMarkingType
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "This object is used only for ACE type 'permit'.
         It indicates which priority parameter should be set in matched packet. "
    ::= {  aclAceTCPEntry 16 }

aclAceTCPSetDscp    OBJECT-TYPE
    SYNTAX          DscpMark
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "DSCP value to set in matched packet"
    ::= {  aclAceTCPEntry  17 }

aclAceTCPSetIpPrecedence    OBJECT-TYPE
    SYNTAX          IpPrecedenceMark
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "IP Precedence value to set in matched packet"
    ::= {  aclAceTCPEntry 18 }

aclAceTCPSetPbit    OBJECT-TYPE
    SYNTAX          PbitMark
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "Pbit (layer two priority) to set in matched packet"
    ::= {  aclAceTCPEntry 19 }

--   UDP  table

aclAceUDPTable OBJECT-TYPE
       SYNTAX       SEQUENCE OF AclAceUDPEntry
       MAX-ACCESS   not-accessible
       STATUS       current
       DESCRIPTION
            "ACE UDP   Table."
       ::= { aclConf 7 }

aclAceUDPEntry OBJECT-TYPE
       SYNTAX       AclAceUDPEntry
       MAX-ACCESS   not-accessible
       STATUS       current
       DESCRIPTION
          "ACE UDP entry"
       INDEX   { aclAceIdx }
       ::= { aclAceUDPTable 1 }

AclAceUDPEntry ::= SEQUENCE {
    aclAceUDPSrcAddressType             InetAddressType,
    aclAceUDPSrcAddress                 InetAddress,
    aclAceUDPSrcAddressPrefixLength     InetAddressPrefixLength,
    aclAceUDPDstAddressType             InetAddressType,
    aclAceUDPDstAddress                 InetAddress,
    aclAceUDPDstAddressPrefixLength     InetAddressPrefixLength,
    aclAceUDPMarkingType                AceMarkingType,
    aclAceUDPDscp                       DscpMark,
    aclAceUDPIpPrecedence               IpPrecedenceMark,
    aclAceUDPSrcPortOp                  UdpTcpPortOp,
    aclAceUDPSrcPort                    InetPortNumber,
    aclAceUDPSrcPortRange               InetPortNumber,
    aclAceUDPDstPortOp                  UdpTcpPortOp,
    aclAceUDPDstPort                    InetPortNumber,
    aclAceUDPDstPortRange               InetPortNumber,
    aclAceUDPSetMarkingType             AceMarkingType,
    aclAceUDPSetDscp                    DscpMark,
    aclAceUDPSetIpPrecedence            IpPrecedenceMark,
    aclAceUDPSetPbit                    PbitMark 
 }

aclAceUDPSrcAddressType         OBJECT-TYPE
    SYNTAX          InetAddressType
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "IP  Source Address"
    ::= {  aclAceUDPEntry 1 }

    aclAceUDPSrcAddress         OBJECT-TYPE
    SYNTAX          InetAddress
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "IP  Source Address"
    ::= {  aclAceUDPEntry 2 }

aclAceUDPSrcAddressPrefixLength OBJECT-TYPE
    SYNTAX          InetAddressPrefixLength
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The length of the CIDR Prefix carried in SrcAddressPrefixLength"
    ::= {  aclAceUDPEntry 3 }

aclAceUDPDstAddressType         OBJECT-TYPE
    SYNTAX          InetAddressType
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "X3 Description for DstAddress"
    ::= {  aclAceUDPEntry 4 }

aclAceUDPDstAddress         OBJECT-TYPE
    SYNTAX          InetAddress
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "X3 Description for DstAddress"
    ::= {  aclAceUDPEntry 5 }

aclAceUDPDstAddressPrefixLength OBJECT-TYPE
    SYNTAX          InetAddressPrefixLength
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The length of the CIDR Prefix carried in aclAceUDPDstAddress"
    ::= {  aclAceUDPEntry 6 }

aclAceUDPMarkingType    OBJECT-TYPE
    SYNTAX          AceMarkingType
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "Specifies the marking type to be matched"
    ::= {  aclAceUDPEntry 7 }

aclAceUDPDscp   OBJECT-TYPE
    SYNTAX          DscpMark
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The DSCP value to match against the packet's DSCP field"
    ::= {  aclAceUDPEntry 8 }

aclAceUDPIpPrecedence   OBJECT-TYPE
    SYNTAX          IpPrecedenceMark
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The IP Precendece value to match against the packet's IP Precendece field"
    ::= {  aclAceUDPEntry 9 }

aclAceUDPSrcPortOp  OBJECT-TYPE
    SYNTAX          UdpTcpPortOp
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "Indicates how a packet's source UDP port number is
         to be compared with aclAceUDPSrcPort and aclAceUDPSrcPortRange"
    ::= {  aclAceUDPEntry 10 }

aclAceUDPSrcPort     OBJECT-TYPE
    SYNTAX          InetPortNumber
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The UDP port number  to be matched against the packets UDP source port."
    ::= { aclAceUDPEntry 11 }

aclAceUDPSrcPortRange     OBJECT-TYPE
    SYNTAX          InetPortNumber
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The source port number of the  UDP protocol.
         If the aclAceUDPSrcPortOp object in the same row is range(6),
         this object will be the ending port number of the port range.
         This object cannot be configured if
         aclAceUDPSrcPortOp in the same row is not range(6)"
    ::= { aclAceUDPEntry 12 }

aclAceUDPDstPortOp  OBJECT-TYPE
    SYNTAX          UdpTcpPortOp
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "Indicates how a packet's destination UDP port number is
         to be compared with aclAceUDPDstPort and aclAceUDPDstPortRange"
    ::= {  aclAceUDPEntry 13 }

aclAceUDPDstPort     OBJECT-TYPE
    SYNTAX          InetPortNumber
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The UDP port number  to be matched against the packets UDP destination port number"
    ::= { aclAceUDPEntry 14 }

aclAceUDPDstPortRange     OBJECT-TYPE
    SYNTAX          InetPortNumber
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The destination port number of the  TCP  protocol.
         If the aclAceUDPDstPortOp object in the same row is range(6),
         this object will be the ending port number of the port range.
         This object cannot be configured if
         aclAceUDPDstPortOp in the same row is not range(6)"
    ::= { aclAceUDPEntry 15 }

aclAceUDPSetMarkingType OBJECT-TYPE
    SYNTAX          AceMarkingType
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "This object is used only for ACE type 'permit'.
         It indicates which priority parameter should be set in matched packet. "
    ::= {  aclAceUDPEntry 16 }

aclAceUDPSetDscp    OBJECT-TYPE
    SYNTAX          DscpMark
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "DSCP value to set in matched packet"
    ::= {  aclAceUDPEntry  17 }

aclAceUDPSetIpPrecedence    OBJECT-TYPE
    SYNTAX          IpPrecedenceMark
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "IP Precedence value to set in matched packet"
    ::= {  aclAceUDPEntry 18 }

aclAceUDPSetPbit    OBJECT-TYPE
    SYNTAX          PbitMark
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "Pbit (layer two priority) to set in matched packet"
    ::= {  aclAceUDPEntry 19 }

    
aclBindTable OBJECT-TYPE
       SYNTAX       SEQUENCE OF AclBindEntry
       MAX-ACCESS   not-accessible
       STATUS       current
       DESCRIPTION
            "ACL Bind to Entitity Table."
       ::= { aclConf 8 }

aclBindEntry OBJECT-TYPE
       SYNTAX       AclBindEntry
       MAX-ACCESS   not-accessible
       STATUS       current
       DESCRIPTION
            "Entry defines ACL bind to entity"
       INDEX   {aclBindEntityType, aclBindEntityIndex, aclBindDirection, aclBindAclType }
       ::= { aclBindTable 1 }

AclBindEntry ::= SEQUENCE {
    aclBindEntityType           INTEGER,
    aclBindEntityIndex          Integer32,
    aclBindDirection            INTEGER,
    aclBindAclType              INTEGER,
    aclBindAclName              SnmpAdminString (SIZE (1..252)),
    aclBindTimeElapsed          Gauge32,
    aclBindClearStatisticsCmd   INTEGER,
    aclBindRowStatus            RowStatus 
 }

 aclBindEntityType     OBJECT-TYPE
    SYNTAX          INTEGER
    {
    routerInterface (1),
    management      (2)
    }
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "This ocject defines whether ACL is bound to Router Interface
         or to Management entity."
    ::= { aclBindEntry 1 }

 aclBindEntityIndex     OBJECT-TYPE
    SYNTAX          Integer32
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "Entity Index"
    ::= { aclBindEntry 2 }

 aclBindDirection     OBJECT-TYPE
    SYNTAX          INTEGER
    {
    inbound     (2),
    outbound    (3)
    }
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "This object indicates the direction on which the access list works,
         which may be either inbound (for traffic entering the entity)
         or outbound (for traffic transmitted out of the entity)."
    ::= { aclBindEntry 3 }

aclBindAclType      OBJECT-TYPE
    SYNTAX          INTEGER
    {
    ipv4    (1),
    ipv6    (2)
    }
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "ACL type. For IP ACLs, all ACEs of same ACL will have same InetAddressType value"
    DEFVAL  { ipv4}
    ::= { aclBindEntry 4 }

aclBindAclName      OBJECT-TYPE
    SYNTAX          SnmpAdminString (SIZE (1..252))
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "This object indicates the name of ACL binded to this entity."
    ::= { aclBindEntry 5 }

aclBindTimeElapsed     OBJECT-TYPE
    SYNTAX          Gauge32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of seconds that have elapsed since
         the beginning of the current measurement period."
    ::= { aclBindEntry 6 }

aclBindClearStatisticsCmd     OBJECT-TYPE
    SYNTAX          INTEGER
    {
    off (1),
    on  (2)
    }
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "Clear statistics command. All Matches counters (of all ACEs)
         of ACL bound to entity are cleared."
    ::= { aclBindEntry 7}

aclBindRowStatus     OBJECT-TYPE
    SYNTAX          RowStatus
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "Create or delete ACL bind to entity"
    ::= { aclBindEntry 8}

-- Scalars collection

aclHandleTable OBJECT-TYPE
       SYNTAX       SEQUENCE OF AclHandleEntry
       MAX-ACCESS   not-accessible
       STATUS       current
       DESCRIPTION
            "Dummy table, includes single row of ACL handling parameters"
       ::= { aclConf 10 }

aclHandleEntry OBJECT-TYPE
       SYNTAX       AclHandleEntry
       MAX-ACCESS   not-accessible
       STATUS       current
       DESCRIPTION
          "ACL handling parameters"
       INDEX   { aclHandleIndex }
       ::= { aclHandleTable 1 }

AclHandleEntry ::= SEQUENCE {
    aclHandleIndex      Unsigned32,
    aclLoggingIntervel  Unsigned32 
 }

 aclHandleIndex     OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Dummy index = 1"
    ::= { aclHandleEntry 1 }

aclLoggingIntervel     OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Logging interval in seconds.
         The default value is 300 seconds = 5 minutes"
    ::= { aclHandleEntry 2 }

aclInvAceTable OBJECT-TYPE
       SYNTAX       SEQUENCE OF AclInvAceEntry
       MAX-ACCESS   not-accessible
       STATUS       current
       DESCRIPTION
        "Inverse table for Access Control Entry  (ACE) Table.
         This table is used for displaying ACEs ordered according their sequence number. "
       ::= { aclConf 11 }

aclInvAceEntry OBJECT-TYPE
       SYNTAX       AclInvAceEntry
       MAX-ACCESS   not-accessible
       STATUS       current
       DESCRIPTION
          "ACE Table inverse entry -  general ACE parameters , indexed by ACL Nam and Sequence Number,
           used for display sorted according to sequence number purpose."
       INDEX   { aclName ,  aclAceSequenceNumber }
       ::= { aclInvAceTable 1 }

AclInvAceEntry ::= SEQUENCE {
    aclInvAceIdx        Unsigned32,
    aclInvAceType       INTEGER,
    aclInvAcePointer    RowPointer,
    aclInvAcelog        INTEGER 
 }

aclInvAceIdx        OBJECT-TYPE
    SYNTAX          Unsigned32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "ACE running Index . "
    ::= { aclInvAceEntry 1 }

aclInvAceType OBJECT-TYPE
    SYNTAX          INTEGER
    {
    remark  (1),
    deny    (2),
    permit  (3)
    }
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object specify ACE type:
         Remark, Deny or Permit.
         Remark type ACE  must include pointer (aclAcePointer) to aclAceRemarkTable
         Permit or Deny type ACE must include pointer to one of the other
         auxilliary tables (aclAceIP Table, aclAceICMPTable, aclAceTCPTable or aclAceUDPTable)."
    ::= { aclInvAceEntry 2 }

aclInvAcePointer OBJECT-TYPE
    SYNTAX          RowPointer
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "Pointer to entry in one of the auxilary tables:
         aclAceRemarkTable, aclAceIP Table, aclAceICMPTable ,
         aclAceTCPTable, aclAceUDPTable. "
    ::= { aclInvAceEntry 3 }

aclInvAcelog OBJECT-TYPE
    SYNTAX          INTEGER
    {
    notApplicable   (1), --for ACE type = remark
    disable         (2),
    enable          (3)
    }
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "Enable or disable log of current ACE"
    ::= { aclInvAceEntry 4 }


--Statistics Tables

aclStats   OBJECT IDENTIFIER ::= { radAclMIB 2 }

aclAceStatsTable OBJECT-TYPE
       SYNTAX       SEQUENCE OF AclAceStatsEntry
       MAX-ACCESS   not-accessible
       STATUS       current
       DESCRIPTION
            "Statistics table"
       ::= { aclStats 1 }

aclAceStatsEntry OBJECT-TYPE
       SYNTAX       AclAceStatsEntry
       MAX-ACCESS   not-accessible
       STATUS       current
       DESCRIPTION
            "Statistics entry"
       INDEX   { aclBindEntityType, aclBindEntityIndex, aclBindDirection, aclType, aclAceIdx  }
       ::= { aclAceStatsTable 1 }

AclAceStatsEntry ::= SEQUENCE {
    aclAceStatsMatches   Gauge32,
    aclAceStatsClearCmd  INTEGER 
 }

 aclAceStatsMatches     OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Counts the number of packets that matched the
         statement indicated by aclAceIdx,
         of the ACL of type  indicated by aclType,
         which is bounded to the entity indicated by aclBindEntityType
         &  aclBindEntityIndex "
    ::= { aclAceStatsEntry 1 }

aclAceStatsClearCmd         OBJECT-TYPE
    SYNTAX      INTEGER
    {
    off (1),
    on  (2)
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Clear statistics command. ACE Matches counter (aclAceStatsMatches)
         is cleared."
    ::= { aclAceStatsEntry 2}


aclAceLogTable  OBJECT-TYPE
    SYNTAX      SEQUENCE OF AclAceLogEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "ACL log table.
         This table has limited number of rows, hence,
         is implemented as a cyclic table."
    ::= { aclStats 2 }

aclAceLogEntry  OBJECT-TYPE
    SYNTAX      AclAceLogEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each entry contains information on one ACE match."
    INDEX  { aclAceLogIndex }
    ::= { aclAceLogTable 1 }

AclAceLogEntry ::= SEQUENCE {
    aclAceLogIndex          Unsigned32,
    aclAceLogIPAddressType  InetAddressType,
    aclAceLogIPSrcAddress   InetAddress,
    aclAceLogIPDstAddress   InetAddress,
    aclAceLogProtocol       INTEGER,
    aclAceLogSrcPort        Unsigned32,
    aclAceLogDstPort        Unsigned32,
    aclAceLogIpProtocol     Unsigned32 
 }

aclAceLogIndex  OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Running index "
    ::= { aclAceLogEntry 1 }

aclAceLogIPAddressType OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Type of Internet address of source and destination fields
         of the matched packet. (aclAceLogIPSrcAddress and aclAceLogIPDstAddress).
         Only ipV4 and ipv6 are supported"
    ::= { aclAceLogEntry 2 }


aclAceLogIPSrcAddress  OBJECT-TYPE
    SYNTAX      InetAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Source IP address of the matched packet.
         If the IP address is unknown then  the value of this object
         will be empty"
    ::= { aclAceLogEntry 3 }


aclAceLogIPDstAddress  OBJECT-TYPE
    SYNTAX      InetAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Dest IP address of the the matched packet.
         If the IP address is unknown then  the value of this object
         will be empty"
    ::= { aclAceLogEntry 4 }

aclAceLogProtocol OBJECT-TYPE
    SYNTAX      INTEGER
                {
                ip      (1),
                icmp    (2),
                udp     (3),
                tcp     (4),
                unknown (255)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Matched packet protocol  - IP, ICMP, UDP or TCP.
         If the protocol is unknown then  the value of this object
         will be unknown(255)."
    ::= { aclAceLogEntry 5 }

aclAceLogSrcPort OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Matched packet source TCP/UDP port number.
         If the port is unknown or aclAceLogProtocol <> (tcp or udp) then
         the value of this object will be 0xFFFFFFFF"
    ::= { aclAceLogEntry 6}

aclAceLogDstPort OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Matched packet destination TCP/UDP port number.
         If the port is unknown or aclAceLogProtocol <>  (tcp or udp)  then
         the value of this object will be 0xFFFFFFFF"
    ::= { aclAceLogEntry 7}

aclAceLogIpProtocol OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "IP protocol number.
         If the protocol is unknown or  aclAceLogProtocol <> ip
         then the value of this object will be 0xFFFFFFFF"
    ::= { aclAceLogEntry 8 }



systemAclLogging  NOTIFICATION-TYPE
	OBJECTS { alarmEventLogSourceName, alarmEventLogAlarmOrEventId, alarmEventLogDescription, 
     alarmEventLogSeverity, alarmEventLogDateAndTime, alarmEventReason, 
     sysName, aclBindAclName, aclAceSequenceNumber, 
     aclAceType, aclAceStatsMatches, aclAceLogIPSrcAddress, 
     aclAceLogIPDstAddress, aclAceLogProtocol, aclAceLogSrcPort, 
     aclAceLogDstPort, aclAceLogIpProtocol } 
    STATUS current
    DESCRIPTION
        "This trap is sent whenever a packet matches ACL entry for which logging
         is enabled.     The ACL logging event is rate limited."
    ::= { systemsEvents 89 }

END
