-- -----------------------------------------------------------------------------
-- MIB NAME : Access Control List(ACL) Common mib
-- FILE NAME: ACL.mib
-- DATE     : 2008/04/18
-- VERSION  : 2.08
-- PURPOSE  : To construct the MIB structure of Access Control List
--            for proprietary enterprise
-- -----------------------------------------------------------------------------
-- MODIFICTION HISTORY:
-- -----------------------------------------------------------------------------
-- Version, Date, Author
-- Description:
--  [New Object]
--  [Modification]
-- Notes: (Requested by who and which project)
--
-- Version 2.08, 2008/04/18, Marco
-- Description:
-- [New Object]
-- [Modification]
-- 1. change range of the ff nodes to include case node is not active:
--	swACLEtherRule8021P
--	swACLIpRuleDscp
--  swAclIpRuleType
--	swAclIpRuleCode
--	swACLIpRuleSrcPort
--	swACLIpRuleDstPort
--	swACLIpRuleProtoID
--	swCpuAclEtherRule8021P
--	swCpuAclIpRuleDscp
--	swCpuAclIpRuleType
--	swCpuAclIpRuleCode
--	swCpuAclIpRuleSrcPort
--	swCpuAclIpRuleDstPort
--	swCpuAclIpRuleProtoID
-- removed *replaceprioritywith objects
-- Requested by Marco Visaya for project DES30XXP.
--
-- Version 2.07, 2008/04/11, Marco
-- Description:
-- [New Object]
-- 1. Added swACLEtherRuleReplacePriorityWith
-- 2. Added swACLIPRuleReplacePriorityWith
-- [Modification]
-- 1. Remove the range of xxxProfileID, and xxxRxRate. The maximum value of the objects depend on the device.
-- Requested by Marco Visaya for project DES30XXP.
--
--
-- Version 2.06, 2008/04/02, Kelvin
-- Description:
-- [New Object]
-- 1.add objects swACLIpv6MaskUseProtoType, swACLIpv6MaskTcpOption, swACLIpv6MaskUdpOption
-- swACLIpv6MaskTCPorUDPSrcPortMask, swACLIpv6MaskTCPorUDPDstPortMask in swACLIpv6MaskTable.
-- 2.add objects swACLIpv6RuleProtocol, swACLIpv6RuleSrcPort, swACLIpv6RuleDstPort in swACLIpv6RuleTable.
-- Requested by Kelvin Tao for project DGS3700.
--
-- Version 2.05, 2008/02/20, Kelvin
-- Description:
-- [New Object]
-- 1.add objects swACLEtherRuleVID in swACLEtherRuleTable.
-- 2.add objects swACLIpRuleVID in swACLIpRuleTable.
-- 3.add objects swACLPktContRuleVID in swACLPktContRuleTable.
-- 4.add objects swACLIpv6RuleVID in swACLIpv6RuleTable.
-- 5.add objects swACLPktContRuleOptionVID in swACLPktContRuleOptionTable.
-- Requested by Kelvin Tao for project DGS3700.
--
-- Version 2.04, 2008/01/15, Yan
-- Description:
-- [New Object]
-- 1.add objects swACLEtherRuleEnableReplaceTosPrecedence, swACLEtherRuleRepTosPrecedence in swACLEtherRuleTable.
-- 2.add objects swACLIpRuleEnableReplaceTosPrecedence, swACLIpRuleRepTosPrecedence in swACLIpRuleTable.
-- 3.add objects swACLPktContRuleEnableReplaceTosPrecedence, swACLPktContRuleRepTosPrecedence in swACLPktContRuleTable.
-- 4.add objects swACLIpv6RuleEnableReplaceDscp, swACLIpv6RuleRepDscp, swACLIpv6RuleEnableReplaceTosPrecedence and 
-- swACLIpv6RuleRepTosPrecedence in swACLIpv6RuleTable.
-- 5.add objects swACLPktContRuleOptionEnableReplaceTosPrecedence, swACLPktContRuleOptionRepTosPrecedence in 
-- swACLPktContRuleOptionTable.
-- Requested by Yan Zhang for project DES35XX.
--
-- Version 2.03, 2007/12/27 by Ronald Hsu
-- 1.Add 'lease-renew(4)' in the value list of object swACLPktContRulePermit.
-- Requested by Ronald Hsu for project DES3828R4.
--
-- Version 2.02, 2007/12/18, Jenny
-- Description:
-- [New Object]
-- 1.add object swACLPktContMaskOptionProfileName in swACLPktContMaskOptionTable.
-- 2.add object swACLIpv6MaskProfileName in swACLIpv6MaskTable.
-- 3.add object swACLIpProfileName in swACLIpTable.
-- 4.add object swACLEthernetProfileName in swACLEthernetTable.
-- 5.add object swACLPktContMaskProfileName in swACLPktContMaskTable.
-- Requested by Jenny for project DES35XX. 
--
-- Version 2.01, 2007/05/15, Yan
-- Description:
-- [Modification]
-- 1. add Value List remark-dscp(4) of object swAclMeterActionForRateExceed, change the access
-- of objects swAclMeterRate and swAclMeterActionForRateExceed from read-write to read-create for CLI.
-- 2. change the access of object swACLIpRuleProtocol from read-only to read-write for supporting
-- the new chip of project DGS3600R2.
-- [New Object]
-- 1. add objects swACLIpSrcMacAddrMask, swACLIpRuleSrcMacAddress for supporting the lab-out project DGS3400R2.
-- 2. add tables swACLCounterTable, swACLPktContMaskOptionTable and swACLPktContRuleOptionTable for CLI.
-- 3. add read-only objects swACLTotalUsedRuleEntries, swACLTotalUnusedRuleEntries, swACLEthernetUnusedRuleEntries,
-- swACLIpUnusedRuleEntries, swACLPktContMaskUnusedRuleEntries, swACLIpv6MaskUnusedRuleEntries for CLI.
-- 4. add objects swCpuAclEtherRuleEtherPort, swCpuAclIpRulePort, swCpuAclPktContRulePort, swCpuAclIpv6RulePort for CLI.
-- 5. add object swCpuACLMaskDelAllState for supporting the lab-out project DGS3400R2.
-- 6. add objects swAclMeterRemarkDscp, swAclMeterBurstSize, swAclMeterMode, swAclMeterTrtcmCir, swAclMeterTrtcmCbs,
-- swAclMeterTrtcmPir, swAclMeterTrtcmPbs, swAclMeterTrtcmColorMode, swAclMeterTrtcmConformState, swAclMeterTrtcmConformReplaceDscp,
-- swAclMeterTrtcmConformCounterState, swAclMeterTrtcmExceedState, swAclMeterTrtcmExceedReplaceDscp, swAclMeterTrtcmExceedCounterState,
-- swAclMeterTrtcmViolateState, swAclMeterTrtcmViolateReplaceDscp, swAclMeterTrtcmViolateCounterState, swAclMeterSrtcmCir,
-- swAclMeterSrtcmCbs, swAclMeterSrtcmEbs, swAclMeterSrtcmColorMode, swAclMeterSrtcmConformState, swAclMeterSrtcmConformReplaceDscp,
-- swAclMeterSrtcmConformCounterState, swAclMeterSrtcmExceedState, swAclMeterSrtcmExceedReplaceDscp, swAclMeterSrtcmExceedCounterState,
-- swAclMeterSrtcmViolateState, swAclMeterSrtcmViolateReplaceDscp, swAclMeterSrtcmViolateCounterState, swAclMeterRowStatus for CLI.
-- 7. add objects swACLEtherRuleRxRate, swACLIpRuleRxRate, swACLPktContRuleRxRate, swACLIpv6RuleRxRate for supporting
-- the older CLI Command, and these objects could be used for some projects.
-- 8. add swIBPACLEthernetTable, swIBPACLIpTable, swIBPACLEtherRuleTable, swIBPACLIpRuleTable for keeping the OID
-- of lab-out project DGS3400R2, but these objects can not be used for other project, so the status is obsolete.
-- Requested by Yan for DGS3600R2.
--
-- Version 2.00, 2007/03/27, Yedda
-- This is the first formal version for universal MIB definition.
-- -----------------------------------------------------------------------------

ACLMGMT-MIB DEFINITIONS ::= BEGIN

    IMPORTS
        Counter32,Counter64,TimeTicks,NOTIFICATION-TYPE,
        MODULE-IDENTITY,OBJECT-TYPE,IpAddress, Unsigned32
                                        FROM SNMPv2-SMI
        MacAddress, RowStatus           FROM SNMPv2-TC
        DisplayString                   FROM RFC1213-MIB
    	SnmpAdminString					FROM SNMP-FRAMEWORK-MIB
        dlink-common-mgmt				FROM DLINK-ID-REC-MIB;

    swAclMgmtMIB MODULE-IDENTITY
	    LAST-UPDATED "0804180000Z"
	    ORGANIZATION "D-Link Corp."
	    CONTACT-INFO
	        "http://support.dlink.com"
	    DESCRIPTION
		    "The structure of Access Control List information for the
		    proprietary enterprise."
        ::= { dlink-common-mgmt 9 }

    PortList                ::= OCTET STRING(SIZE (0..127))

    swAclCtrl 				     OBJECT IDENTIFIER ::= { swAclMgmtMIB 1 }
    swAclMaskMgmt                OBJECT IDENTIFIER ::= { swAclMgmtMIB 2 }
    swAclRuleMgmt                OBJECT IDENTIFIER ::= { swAclMgmtMIB 3 }
    swCpuAclMaskMgmt             OBJECT IDENTIFIER ::= { swAclMgmtMIB 4 }
    swCpuAclRuleMgmt             OBJECT IDENTIFIER ::= { swAclMgmtMIB 5 }
    swAclMeteringMgmt            OBJECT IDENTIFIER ::= { swAclMgmtMIB 6 }

-- -----------------------------------------------------------------------------
-- Textual Conventions
-- -----------------------------------------------------------------------------
-- This definition may be excluded if IPv6 Supported
Ipv6Address ::= TEXTUAL-CONVENTION
	DISPLAY-HINT "2x:"
	STATUS       current
	DESCRIPTION
		"This data type is used to model IPv6 addresses.
		This is a binary string of 16 octets in network
		byte-order."
	SYNTAX       OCTET STRING (SIZE (16))

-- -----------------------------------------------------------------------------
-- swAclCtrl
-- -----------------------------------------------------------------------------
    swCpuInterfacefilterState OBJECT-TYPE
    	SYNTAX INTEGER{
    		enable(1),
    		disable(2)
    	}
    	MAX-ACCESS read-write
    	STATUS current
    	DESCRIPTION
    	    "Enable or disable CPU Interface Filtering (also called Software ACL).
    	     The default is disabled. If enabled, the filtering entries in the
    	     swAclRuleMgmt tables will be set to active if its RuleSwAclState is
    	     enabled. If disabled, the software ACL function will be disabled."
    	::={ swAclCtrl 1}

    swACLTotalUsedRuleEntries OBJECT-TYPE
    	SYNTAX INTEGER
    	MAX-ACCESS read-only
    	STATUS current
    	DESCRIPTION
    	    "The total number of used ACL rule entries."
    	::={ swAclCtrl 2}

    swACLTotalUnusedRuleEntries OBJECT-TYPE
    	SYNTAX INTEGER
    	MAX-ACCESS read-only
    	STATUS current
    	DESCRIPTION
    	    "The total number of unused ACL rule entries."
    	::={ swAclCtrl 3}

-- -----------------------------------------------------------------------------
-- swACLEthernetTable
-- -----------------------------------------------------------------------------
    swACLEthernetTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwACLEthernetEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains ACL mask Ethernet information.
             The access profile will be created on the switch to define which
             part of each incoming frame's layer 2 header will be examined
             by the switch. Masks entered will be combined with the
             values the switch finds in the specified frame header fields."
        ::= { swAclMaskMgmt 1 }

    swACLEthernetEntry OBJECT-TYPE
        SYNTAX  SwACLEthernetEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about the ACL for Ethernet."
        INDEX  { swACLEthernetProfileID }
        ::= { swACLEthernetTable 1 }

    SwACLEthernetEntry ::=
        SEQUENCE {
            swACLEthernetProfileID
                INTEGER,
--            swACLEthernetPort
--                PortList,
            swACLEthernetUsevlan
                INTEGER,
            swACLEthernetMacAddrMaskState
                INTEGER,
            swACLEthernetSrcMacAddrMask
                MacAddress,
            swACLEthernetDstMacAddrMask
                MacAddress,
            swACLEthernetUse8021p
                INTEGER,
            swACLEthernetUseEthernetType
                INTEGER,
            swACLEthernetRowStatus
                RowStatus,
            swACLEthernetOwner
                INTEGER,
            swACLEthernetUnusedRuleEntries
                INTEGER,
            swACLEthernetProfileName
            	DisplayString
        }

    swACLEthernetProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only	--read-create
        STATUS  current
        DESCRIPTION
            "The ID of the ACL mask entry unique to the mask list. The maximum value of this object depends on the device."
        ::= { swACLEthernetEntry 1 }

--    swACLEthernetPort OBJECT-TYPE
--        SYNTAX  PortList
--        MAX-ACCESS  read-create
--        STATUS  current
--        DESCRIPTION
--            "This object indicates which port(s) should be filtered."
--        ::= { swACLEthernetEntry 2 }

    swACLEthernetUsevlan OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the switch will examine the VLAN part of each packet header."
        ::= { swACLEthernetEntry 2 }

    swACLEthernetMacAddrMaskState OBJECT-TYPE
		SYNTAX  INTEGER {
               other(1),
               dst-mac-addr(2),
               src-mac-addr(3),
               dst-src-mac-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of the MAC address mask.
          	other (1) - Neither source MAC address nor destination MAC address are masked.
          	dst-mac-addr (2) - Destination MAC addresses within received frames are
          	    to be filtered when matched with the MAC address entry for the table.
          	src-mac-addr (3) - Source MAC addresses within received frames are to
          	    be filtered when matched with the MAC address entry for the table.
          	dst-src-mac-addr (4) - Source or destination MAC addresses within received
          	    frames are to be filtered when matched with the MAC address entry of the table."
        ::= { swACLEthernetEntry 3 }

    swACLEthernetSrcMacAddrMask OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object specifies the MAC address mask for the source MAC address."
        ::= { swACLEthernetEntry 4 }

    swACLEthernetDstMacAddrMask OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object specifies the MAC address mask for the destination MAC address."
        ::= { swACLEthernetEntry 5 }

    swACLEthernetUse8021p OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will examine the 802.1p priority value in the frame's header
              or not."
        ::= { swACLEthernetEntry 6 }

    swACLEthernetUseEthernetType OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will examine the Ethernet type value in each frame's header
              or not."
        ::= { swACLEthernetEntry 7 }

    swACLEthernetRowStatus OBJECT-TYPE --swACLEthernetState
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swACLEthernetEntry 8 }

    swACLEthernetOwner OBJECT-TYPE
        SYNTAX  INTEGER {
               any(1),
               acl(2),
               ipbind(3),
               other(4),
               dhcp(5),
               netbios(6),
               ext-netbios(7)
               }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The owner of the ACL mask entry. The type of ACL entry created. ACL type
             entries can only be modified when being configured through the same
             type command. For example IP-MAC Binding entries can only be modified
             or deleted through the IP-MAC Binding configurations or commands."
        ::= { swACLEthernetEntry 9 }

    swACLEthernetUnusedRuleEntries OBJECT-TYPE
    	SYNTAX INTEGER
    	MAX-ACCESS read-only
    	STATUS current
    	DESCRIPTION
    	    "The number of unused rule entries  of this Ethernet profile entry."
    	::={ swACLEthernetEntry 10}

    swACLEthernetProfileName OBJECT-TYPE
    	SYNTAX DisplayString(SIZE(1..32))
    	MAX-ACCESS read-create
    	STATUS current
    	DESCRIPTION
	    "The name of the ACL mask entry unique to the mask list."
    	::= { swACLEthernetEntry 11 }
    	
-- -----------------------------------------------------------------------------
-- swACLIpTable
-- -----------------------------------------------------------------------------
    swACLIpTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwACLIpEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains the ACL mask for IP information.
             Access profiles will be created on the switch to define which
             part of the incoming frame's IP layer packet header will be
             examined by the switch. Masks entered will be combined
             with the values the switch finds in the specified frame
             header fields."
        ::= { swAclMaskMgmt 2 }

    swACLIpEntry OBJECT-TYPE
        SYNTAX  SwACLIpEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about the ACL of the IP Layer."
        INDEX  { swACLIpProfileID }
        ::= { swACLIpTable 1 }

    SwACLIpEntry ::=
        SEQUENCE {
            swACLIpProfileID
                INTEGER,
--            swACLIpPort
--                PortList,
            swACLIpUsevlan
                INTEGER,
            swACLIpIpAddrMaskState
                INTEGER,
            swACLIpSrcIpAddrMask
                IpAddress,
            swACLIpDstIpAddrMask
                IpAddress,
            swACLIpUseDSCP
                INTEGER,
            swACLIpUseProtoType
                INTEGER,
            swACLIpIcmpOption
                INTEGER,
            swACLIpIgmpOption
                INTEGER,
            swACLIpTcpOption
                INTEGER,
            swACLIpUdpOption
             	INTEGER,
            swACLIpTCPorUDPSrcPortMask
				OCTET STRING,
	    	swACLIpTCPorUDPDstPortMask
				OCTET STRING,
	    	swACLIpTCPFlagBit
				INTEGER,
            swACLIpTCPFlagBitMask
            	INTEGER,
            swACLIpProtoIDOption
                INTEGER,
			swACLIpProtoID
			    INTEGER,
            swACLIpProtoIDMask
                OCTET STRING,
            swACLIpRowStatus
                RowStatus,
            swACLIpOwner
                INTEGER,
--            swACLIpSrcMacAddrMask
--                MacAddress,
            swACLIpUnusedRuleEntries
                INTEGER,
            swACLIpProfileName
            	DisplayString
        }
    swACLIpProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
        ::= { swACLIpEntry 1 }

--    swACLIpPort OBJECT-TYPE
--        SYNTAX  PortList
--        MAX-ACCESS  read-create
--        STATUS  current
--        DESCRIPTION
--            "This object indicates which port(s) should be filtered."
--        ::= { swACLIpEntry 2 }

    swACLIpUsevlan OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates if the IP layer VLAN part is examined or not."
        ::= { swACLIpEntry 2 }

    swACLIpIpAddrMaskState OBJECT-TYPE
		SYNTAX  INTEGER {
               other(1),
               dst-ip-addr(2),
               src-ip-addr(3),
               dst-src-ip-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of IP address mask.

            other (1) - Neither source IP address nor destination IP address are
                masked.
             dst-ip-addr (2) - Destination IP addresses within received frames
          	are to be filtered when matched with the IP address entry of the table.
             src-ip-addr (3) - Source IP addresses within received frames are
          	to be filtered when matched with the IP address entry of the table.
             dst-src-ip-addr (4) - Destination or source IP addresses within received
          	frames are to be filtered when matched with the IP address entry of the
          	table."
        ::= { swACLIpEntry 3 }

    swACLIpSrcIpAddrMask OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object specifies the IP address mask for the source IP address."
        ::= { swACLIpEntry 4 }

    swACLIpDstIpAddrMask OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object specifies the IP address mask for the destination IP address."
        ::= { swACLIpEntry 5 }

    swACLIpUseDSCP OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates if the DSCP protocol in the packet header
             is to be examined or not."
        ::= { swACLIpEntry 6 }

    swACLIpUseProtoType OBJECT-TYPE
        SYNTAX  INTEGER {
               none(1),
               icmp(2),
               igmp(3),
               tcp(4),
               udp(5),
               protocolId(6)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "That object indicates which protocol will be examined."
        ::= { swACLIpEntry 7 }

    swACLIpIcmpOption OBJECT-TYPE
        SYNTAX  INTEGER {
               none(1),
               type(2),
               code(3),
               type-code(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates which fields are defined for ICMP.
             none (1)- Both fields are null.
             type (2)- Type field identified.
             code (3)- Code field identified.
             type-code (4)- Both ICMP fields identified.
            "
        ::= { swACLIpEntry 8 }

    swACLIpIgmpOption OBJECT-TYPE
        SYNTAX  INTEGER {
               enable(1),
               disable(2)
              }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Indicates if the IGMP options field is identified or not."
        ::= { swACLIpEntry 9 }

    swACLIpTcpOption OBJECT-TYPE
        SYNTAX  INTEGER {
               other(1),
               dst-addr(2),
               src-addr(3),
               dst-src-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of the filtered address of TCP.

             other (1) - Neither source port nor destination port are
                masked.
             dst-addr (2) - Packets will be filtered if this destination port
          	is identified in received frames.
             src-addr (3) - Packets will be filtered if this source port is
          	identified in received frames.
             dst-src-addr (4) - Packets will be filtered if this destination
          	or source port is identified in received frames."
        ::= { swACLIpEntry 10 }

    swACLIpUdpOption OBJECT-TYPE
        SYNTAX  INTEGER {
               other(1),
               dst-addr(2),
               src-addr(3),
               dst-src-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of the filtered address of UDP .

             other (1) - Neither source port nor destination port are
                masked.
             dst-addr (2) - Packets will be filtered if this destination port
          	is identified in received frames.
             src-addr (3) - Packets will be filtered if this source port is
          	identified in received frames.
             dst-src-addr (4) - Packets will be filtered if this destination
          	or source port is identified in received frames."

        ::= { swACLIpEntry 11 }

    swACLIpTCPorUDPSrcPortMask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(2))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a TCP port mask for the source port if swACLIpUseProtoType is TCP
             Specifies a UDP port mask for the source port if swACLIpUseProtoType is UDP.
             "
        ::= { swACLIpEntry 12 }

    swACLIpTCPorUDPDstPortMask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(2))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a TCP port mask for the destination port if swACLIpUseProtoType is TCP
             Specifies a UDP port mask for the destination port if swACLIpUseProtoType is UDP."
        ::= { swACLIpEntry 13 }

    swACLIpTCPFlagBit OBJECT-TYPE
		SYNTAX  INTEGER {
               enable(1),
               disable(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a TCP connection flag mask."
        ::= { swACLIpEntry 14 }

    swACLIpTCPFlagBitMask OBJECT-TYPE
        SYNTAX  INTEGER(0..63)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "A value which indicates the set of TCP flags that this
             entity may potentially offer. The value is a sum of flag bits.
             This sum initially takes the value zero. Then, for each flag, L,
             is added in the range 1 through 6, for which this node performs
             transactions where 2^(L-1) is added to the sum.
             Note that values should be calculated accordingly:

                 Flag      functionality
                   6        urg bit
                   5        ack bit
                   4        psh bit
                   3        rst bit
                   2		syn bit
                   1 		fin bit
		For example, if you want to enable urg bit and ack bit, you
		should set value 48{2^(5-1) + 2^(6-1)}."
        ::= { swACLIpEntry 15 }

    swACLIpProtoIDOption OBJECT-TYPE
        SYNTAX  INTEGER {
               enable(1),
               disable(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will examine each frame's protocol ID field or not."
        ::= { swACLIpEntry 16 }

    swACLIpProtoID OBJECT-TYPE
        SYNTAX  INTEGER(0..255)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the IP protocol ID behind the IP header."
        ::= { swACLIpEntry 17 }



    swACLIpProtoIDMask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(20))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the IP protocol ID and the mask options
             behind the IP header."
        ::= { swACLIpEntry 18 }

    swACLIpRowStatus OBJECT-TYPE
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swACLIpEntry 19 }

    swACLIpOwner OBJECT-TYPE
        SYNTAX  INTEGER {
               any(1),
               acl(2),
               ipbind(3),
               other(4),
               dhcp(5),
               netbios(6),
               ext-netbios(7)
               }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The owner of the ACL mask entry. The type of ACL entry created. ACL type
             entries can only be modified when being configured through the same
             type command. For example, IP-MAC Binding entries can only be modified
             or deleted through the IP-MAC Binding configurations or commands."
        ::= { swACLIpEntry 20 }

--     swACLIpSrcMacAddrMask OBJECT-TYPE
--         SYNTAX  MacAddress
--         MAX-ACCESS  read-only
--         STATUS  current
--         DESCRIPTION
--             "This object specifies the MAC address mask for the source MAC address."
--         ::= { swACLIpEntry 21 }

    swACLIpUnusedRuleEntries OBJECT-TYPE
    	SYNTAX INTEGER
    	MAX-ACCESS read-only
    	STATUS current
    	DESCRIPTION
    	    "The number of unused rule entries this IP profile entry."
    	::={ swACLIpEntry 22}

    swACLIpProfileName OBJECT-TYPE
    	SYNTAX DisplayString(SIZE(1..32))
    	MAX-ACCESS read-create
    	STATUS current
    	DESCRIPTION
	    "The name of the ACL mask entry unique to the mask list."
    	::= { swACLIpEntry 23 }
    	
-- -----------------------------------------------------------------------------
-- swACLPktContMaskTable
-- -----------------------------------------------------------------------------
    swACLPktContMaskTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwACLPktContMaskEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
	    "This table contains the ACL mask for user-defined information.
	     An access profile will be created on the switch to define which part
	     of each incoming frame's user-defined part of the packet header
	     will be examined by switch. Masks entered will be combined
              with the values the switch finds in the specified frame header fields."
        ::= { swAclMaskMgmt 3 }

    swACLPktContMaskEntry OBJECT-TYPE
        SYNTAX  SwACLPktContMaskEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about user-defined ACLs."
        INDEX  { swACLPktContMaskProfileID }
        ::= { swACLPktContMaskTable 1 }

    SwACLPktContMaskEntry ::=
        SEQUENCE {
            swACLPktContMaskProfileID
                INTEGER,
--            swACLPktContMaskPort
--                PortList,
            swACLPktContMaskOffset0to15
                OCTET STRING,
            swACLPktContMaskOffset16to31
                OCTET STRING,
            swACLPktContMaskOffset32to47
                OCTET STRING,
            swACLPktContMaskOffset48to63
                OCTET STRING,
            swACLPktContMaskOffset64to79
                OCTET STRING,
            swACLPktContMaskRowStatus
                RowStatus,
            swACLPktContMaskOwner
                INTEGER,
            swACLPktContMaskUnusedRuleEntries
                INTEGER,
            swACLPktContMaskProfileName
            	DisplayString    
        }
    swACLPktContMaskProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only	--read-create
        STATUS  current
        DESCRIPTION
	    "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
        ::= { swACLPktContMaskEntry 1 }

--    swACLPktContMaskPort OBJECT-TYPE
--        SYNTAX  PortList
--        MAX-ACCESS  read-create
--        STATUS  current
--        DESCRIPTION
--            "This object indicates which port(s) should be filtered."
--        ::= { swACLPktContMaskEntry 2 }

    swACLPktContMaskOffset0to15 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the packet content (Offset0to15) and
             the mask options."
        ::= { swACLPktContMaskEntry 2 }

    swACLPktContMaskOffset16to31 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the packet content (Offset16to31) and
             the mask options."
         ::= { swACLPktContMaskEntry 3 }

    swACLPktContMaskOffset32to47 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the packet content (Offset32to47) and
             the mask options."
        ::= { swACLPktContMaskEntry 4 }

    swACLPktContMaskOffset48to63 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the packet content (Offset48to63) and
             the mask options."
        ::= { swACLPktContMaskEntry 5 }

    swACLPktContMaskOffset64to79 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the packet content (Offset64to79) and
             the mask options."
        ::= { swACLPktContMaskEntry 6 }

    swACLPktContMaskRowStatus OBJECT-TYPE --swACLEthernetState
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swACLPktContMaskEntry 7 }

    swACLPktContMaskOwner OBJECT-TYPE
        SYNTAX  INTEGER {
               any(1),
               acl(2),
               ipbind(3),
               other(4),
               dhcp(5),
               netbios(6),
               ext-netbios(7)
               }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
             "The owner of the ACL mask entry. The type of ACL entry created. ACL type
             entries can only be modified when being configured through the same
             type command. For example, IP-MAC Binding entries can only be modified
             or deleted through the IP-MAC Binding configurations or commands."
        ::= { swACLPktContMaskEntry 8 }

    swACLPktContMaskUnusedRuleEntries OBJECT-TYPE
    	SYNTAX INTEGER
    	MAX-ACCESS read-only
    	STATUS current
    	DESCRIPTION
    	    "The number of unused rule entries of this IP profile entry."
    	::={ swACLPktContMaskEntry 9}

    swACLPktContMaskProfileName OBJECT-TYPE
    	SYNTAX DisplayString(SIZE(1..32))
    	MAX-ACCESS read-create
    	STATUS current
    	DESCRIPTION
	    "The name of the ACL mask entry unique to the mask list."
    	::= { swACLPktContMaskEntry 10 }

-- -----------------------------------------------------------------------------
-- swACLIpv6MaskTable
-- -----------------------------------------------------------------------------
    swACLIpv6MaskTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwACLIpv6MaskEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
          "This table contains user-defined ACL mask information.
           An access profile will be created on the switch to define which
           parts of each incoming frame's IPv6 part of the packet header will
           be examined by the switch. Masks entered will be combined
           with the values the switch finds in the specified frame header fields."
        ::= { swAclMaskMgmt 4 }

    swACLIpv6MaskEntry OBJECT-TYPE
        SYNTAX  SwACLIpv6MaskEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
          "A list of information about user-defined ACLs."
        INDEX  { swACLIpv6MaskProfileID }
        ::= { swACLIpv6MaskTable 1 }

    SwACLIpv6MaskEntry ::=
        SEQUENCE {
            swACLIpv6MaskProfileID
                INTEGER,
--            swACLIpv6MaskPort
--                PortList,
            swACLIpv6MaskClass
                INTEGER,
            swACLIpv6MaskFlowlabel
                INTEGER,
            swACLIpv6IpAddrMaskState
                INTEGER,
            swACLIpv6MaskSrcIpv6Mask
                Ipv6Address,
            swACLIpv6MaskDstIpv6Mask
                Ipv6Address,
            swACLIpv6MaskRowStatus
                RowStatus,
            swACLIpv6MaskOwner
                INTEGER,
            swACLIpv6MaskUnusedRuleEntries
                INTEGER,
            swACLIpv6MaskProfileName
            	DisplayString,
            swACLIpv6MaskUseProtoType
                INTEGER,
            swACLIpv6MaskTcpOption
                INTEGER,
            swACLIpv6MaskUdpOption
             	INTEGER,
            swACLIpv6MaskTCPorUDPSrcPortMask
                OCTET STRING,
            swACLIpv6MaskTCPorUDPDstPortMask
                OCTET STRING
        }
    swACLIpv6MaskProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only	--read-create
        STATUS  current
        DESCRIPTION
            "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
        ::= { swACLIpv6MaskEntry 1 }

--    swACLIpv6MaskPort OBJECT-TYPE
--        SYNTAX  PortList
--        MAX-ACCESS  read-create
--        STATUS  current
--        DESCRIPTION
--            "This object indicates which port(s) should be filtered."
--        ::= { swACLIpv6MaskEntry 2 }

    swACLIpv6MaskClass OBJECT-TYPE
        SYNTAX  INTEGER {
               enable(1),
               disable(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the IPv6 class field and the mask options."
        ::= { swACLIpv6MaskEntry 2 }

    swACLIpv6MaskFlowlabel OBJECT-TYPE
        SYNTAX  INTEGER {
               enable(1),
               disable(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the IPv6 flowlabel field and the mask options."
        ::= { swACLIpv6MaskEntry 3 }

    swACLIpv6IpAddrMaskState OBJECT-TYPE
		SYNTAX  INTEGER {
               other(1),
               dst-ipv6-addr(2),
               src-ipv6-addr(3),
               dst-src-ipv6-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of the IPv6 address mask.

            other (1) - Neither source IPv6 address nor destination IPv6 address are
                masked.
            dst-ipv6-addr (2) - Received frame destination IPv6 address is
                currently used to be filtered as it meets with the IPv6
                address entry of the table.
            src-ipv6-addr (3) - Received frame source IPv6 address is currently
                used to be filtered as it meets with the IPv6 address entry of
                the table.
            dst-src-ipv6-addr (4) - Received frame destination IPv6 address or
                source IPv6 address is currently used to be filtered as it meets
                with the IPv6 address entry of the table."
        ::= { swACLIpv6MaskEntry 4 }

    swACLIpv6MaskSrcIpv6Mask OBJECT-TYPE
        SYNTAX  Ipv6Address
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the Source IPv6 address and the mask options.
            This should be a 16 byte octet string."
        ::= { swACLIpv6MaskEntry 5 }

    swACLIpv6MaskDstIpv6Mask OBJECT-TYPE
        SYNTAX  Ipv6Address
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the Destination IPv6 address and the mask options.
            This should be a 16 byte octet string."
        ::= { swACLIpv6MaskEntry 6 }

    swACLIpv6MaskRowStatus OBJECT-TYPE
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swACLIpv6MaskEntry 7 }

    swACLIpv6MaskOwner OBJECT-TYPE
        SYNTAX  INTEGER {
               any(1),
               acl(2),
               ipbind(3),
               other(4),
               dhcp(5),
               netbios(6),
               ext-netbios(7)
               }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
           "The owner of the ACL mask entry. The type of ACL entry created. ACL type
            entries can only be modified when being configured through the same
            type command. For example, IP-MAC Binding entries can only be modified
            or deleted through the IP-MAC Binding configurations or commands."
        ::= { swACLIpv6MaskEntry 8 }

    swACLIpv6MaskUnusedRuleEntries OBJECT-TYPE
    	SYNTAX INTEGER
    	MAX-ACCESS read-only
    	STATUS current
    	DESCRIPTION
    	    "The number of unused rule entries of this IP profile entry."
    	::={ swACLIpv6MaskEntry 9}

    swACLIpv6MaskProfileName OBJECT-TYPE
    	SYNTAX DisplayString(SIZE(1..32))
    	MAX-ACCESS read-create
    	STATUS current
    	DESCRIPTION
	    "The name of the ACL mask entry unique to the mask list."
    	::= { swACLIpv6MaskEntry 10 }

    swACLIpv6MaskUseProtoType OBJECT-TYPE
        SYNTAX  INTEGER {
               none(1),
               tcp(2),
               udp(3)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "That object indicates which protocol will be examined."
        ::= { swACLIpv6MaskEntry 11 }
   	
    swACLIpv6MaskTcpOption OBJECT-TYPE
        SYNTAX  INTEGER {
               other(1),
               dst-addr(2),
               src-addr(3),
               dst-src-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of the filtered address of TCP.

             other (1) - Neither source port nor destination port are
                masked.
             dst-addr (2) - Packets will be filtered if this destination port
          	is identified in received frames.
             src-addr (3) - Packets will be filtered if this source port is
          	identified in received frames.
             dst-src-addr (4) - Packets will be filtered if this destination
          	or source port is identified in received frames."
        ::= { swACLIpv6MaskEntry 12 }

    swACLIpv6MaskUdpOption OBJECT-TYPE
        SYNTAX  INTEGER {
               other(1),
               dst-addr(2),
               src-addr(3),
               dst-src-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of the filtered address of UDP.

             other (1) - Neither source port nor destination port is
                masked.
             dst-addr (2) - Packets will be filtered if this destination port
          	is identified in received frames.
             src-addr (3) - Packets will be filtered if this source port is
          	identified in received frames.
             dst-src-addr (4) - Packets will be filtered if this destination
          	or source port is identified in received frames."

        ::= { swACLIpv6MaskEntry 13 }

    swACLIpv6MaskTCPorUDPSrcPortMask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(2))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a TCP port mask for the source port if swACLIpv6MaskUseProtoType is TCP
             Specifies a UDP port mask for the source port if swACLIpv6MaskUseProtoType is UDP.
             "
        ::= { swACLIpv6MaskEntry 14 }

    swACLIpv6MaskTCPorUDPDstPortMask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(2))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a TCP port mask for the destination port if swACLIpv6MaskUseProtoType is TCP
             Specifies a UDP port mask for the destination port if swACLIpv6MaskUseProtoType is UDP."
        ::= { swACLIpv6MaskEntry 15 }
    	
-- -----------------------------------------------------------------------------
-- swACLMaskDelAllState
-- -----------------------------------------------------------------------------
    swACLMaskDelAllState OBJECT-TYPE
        SYNTAX      INTEGER{
    		none(1),
    		start(2)
    		}
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "Used to delete all ACL masks."
        ::= { swAclMaskMgmt 5 }

-- -----------------------------------------------------------------------------
--swIBPACLEthernetTable
-- -----------------------------------------------------------------------------
    swIBPACLEthernetTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwIBPACLEthernetEntry
        MAX-ACCESS  not-accessible
        STATUS  obsolete
        DESCRIPTION
            "This table contains IP-MAC-Binding ACL mask Ethernet information.
             Access profiles will be created on the switch by row creation and to
              define which parts of each incoming frame's layer 2 header part
              the switch will examine. Masks can be entered that will be combined
              with the values the switch finds in the specified frame header fields."
        ::= { swAclMaskMgmt 6 }

    swIBPACLEthernetEntry OBJECT-TYPE
        SYNTAX  SwIBPACLEthernetEntry
        MAX-ACCESS  not-accessible
        STATUS  obsolete
        DESCRIPTION
            "A list of information about the Ethernet ACL."
        INDEX  { swIBPACLEthernetProfileID }
        ::= { swIBPACLEthernetTable 1 }

    SwIBPACLEthernetEntry ::=
        SEQUENCE {
            swIBPACLEthernetProfileID
                INTEGER,
            swIBPACLEthernetUseEthernetType
                INTEGER
        }
    swIBPACLEthernetProfileID OBJECT-TYPE
        SYNTAX  INTEGER 
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "The ID of the ACL mask entry, unique in the mask list. The maximum value of this object depends on the device."
        ::= { swIBPACLEthernetEntry 1 }

    swIBPACLEthernetUseEthernetType OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "Specifies if the switch will examine the Ethernet type value in each frame's header
              or not."
        ::= { swIBPACLEthernetEntry 2 }

-- -----------------------------------------------------------------------------
--swIBPACLIpTable
-- -----------------------------------------------------------------------------
    swIBPACLIpTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwIBPACLIpEntry
        MAX-ACCESS  not-accessible
        STATUS  obsolete
        DESCRIPTION
            "This table contains IP-MAC-Binding IP ACL mask information.
             Access profiles will be created on the switch by row creation and to
              define which parts of each incoming frame's IP layer part of the header
              the switch will examine. Masks can be entered that will be combined
              with the values the switch finds in the specified frame header fields."
        ::= { swAclMaskMgmt 7 }

    swIBPACLIpEntry OBJECT-TYPE
        SYNTAX  SwIBPACLIpEntry
        MAX-ACCESS  not-accessible
        STATUS  obsolete
        DESCRIPTION
            "A list of information about the IP layer of the ACL."
        INDEX  { swIBPACLIpProfileID }
        ::= { swIBPACLIpTable 1 }

    SwIBPACLIpEntry ::=
        SEQUENCE {
            swIBPACLIpProfileID
                INTEGER,
            swIBPACLIpSrcMacAddrMask
                MacAddress,
            swIBPACLIpSrcIpAddrMask
                IpAddress
        }
    swIBPACLIpProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "The ID of the ACL mask entry, unique in the mask list. The maximum value of this object depends on the device."
        ::= { swIBPACLIpEntry 1 }

    swIBPACLIpSrcMacAddrMask OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "This object specifies the MAC address mask for the source MAC address."
        ::= { swIBPACLIpEntry 2 }

    swIBPACLIpSrcIpAddrMask OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "This object specifies IP address masks for the source IP address."
        ::= { swIBPACLIpEntry 3 }


-- -----------------------------------------------------------------------------
-- swACLPktContMaskOptionTable
-- -----------------------------------------------------------------------------
    swACLPktContMaskOptionTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwACLPktContMaskOptionEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
	    "This table contains the ACL mask for user-defined option information.
	     An access profile will be created on the switch to define which part
	     of each incoming frame's user-defined part of the packet header
	     will be examined by switch. Masks entered will be combined
              with the values the switch finds in the specified frame header fields."
        ::= { swAclMaskMgmt 8 }

    swACLPktContMaskOptionEntry OBJECT-TYPE
        SYNTAX  SwACLPktContMaskOptionEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about the user-defined ACL."
        INDEX  { swACLPktContMaskOptionProfileID }
        ::= { swACLPktContMaskOptionTable 1 }

    SwACLPktContMaskOptionEntry ::=
        SEQUENCE {
            swACLPktContMaskOptionProfileID
                INTEGER,
	    swACLPktContMaskOffsetChunk1State
	          INTEGER,
	    swACLPktContMaskOffsetChunk1OffsetValue
	          INTEGER,
	    swACLPktContMaskOffsetChunk1Mask
	          OCTET STRING,
	    swACLPktContMaskOffsetChunk2State
	          INTEGER,
	    swACLPktContMaskOffsetChunk2OffsetValue
	          INTEGER,
	    swACLPktContMaskOffsetChunk2Mask
	          OCTET STRING,
	    swACLPktContMaskOffsetChunk3State
	          INTEGER,
	    swACLPktContMaskOffsetChunk3OffsetValue
	          INTEGER,
	    swACLPktContMaskOffsetChunk3Mask
	          OCTET STRING,
	    swACLPktContMaskOffsetChunk4State
	          INTEGER,
	    swACLPktContMaskOffsetChunk4OffsetValue
	          INTEGER,
	    swACLPktContMaskOffsetChunk4Mask
	          OCTET STRING,
            swACLPktContMaskOptionRowStatus
                RowStatus,
            swACLPktContMaskOptionOwner
                INTEGER,
            swACLPktContMaskOptionUnusedRuleEntries
            	INTEGER,
			swACLPktContMaskOptionProfileName
				DisplayString
        }
    swACLPktContMaskOptionProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
	    "The ID of the ACL mask entry, unique to the mask list. The maximum value of this object depends on the device."
        ::= { swACLPktContMaskOptionEntry 1 }


   swACLPktContMaskOffsetChunk1State OBJECT-TYPE
        SYNTAX  INTEGER {
        	enabled(1),
        	disabled(2)
        	}
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
	    "Specifies the state of chunk1."
        ::= { swACLPktContMaskOptionEntry 2 }

   swACLPktContMaskOffsetChunk1OffsetValue OBJECT-TYPE
        SYNTAX  INTEGER (0..31)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
	    "Specifies the frame content offset of chunk1."
        ::= { swACLPktContMaskOptionEntry 3 }

   swACLPktContMaskOffsetChunk1Mask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(4))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
	    "Specifies the frame content mask of chunk1."
        ::= { swACLPktContMaskOptionEntry 4 }

   swACLPktContMaskOffsetChunk2State OBJECT-TYPE
        SYNTAX  INTEGER {
        	enabled(1),
        	disabled(2)
        	}
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
	    "Specifies the state of chunk2."
        ::= { swACLPktContMaskOptionEntry 5 }

   swACLPktContMaskOffsetChunk2OffsetValue OBJECT-TYPE
        SYNTAX  INTEGER (0..31)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
	    "Specifies the frame content offset of chunk2."
        ::= { swACLPktContMaskOptionEntry 6 }

   swACLPktContMaskOffsetChunk2Mask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(4))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
	    "Specifies the frame content mask of chunk2."
        ::= { swACLPktContMaskOptionEntry 7 }

   swACLPktContMaskOffsetChunk3State OBJECT-TYPE
        SYNTAX  INTEGER {
        	enabled(1),
        	disabled(2)
        	}
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
	    "Specifies the state of chunk3."
        ::= { swACLPktContMaskOptionEntry 8 }

   swACLPktContMaskOffsetChunk3OffsetValue OBJECT-TYPE
        SYNTAX  INTEGER (0..31)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
	    "Specifies the frame content offset of chunk3."
        ::= { swACLPktContMaskOptionEntry 9 }

   swACLPktContMaskOffsetChunk3Mask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(4))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
	    "Specifies the frame content mask of chunk3."
        ::= { swACLPktContMaskOptionEntry 10 }

   swACLPktContMaskOffsetChunk4State OBJECT-TYPE
        SYNTAX  INTEGER {
        	enabled(1),
        	disabled(2)
        	}
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
	    "Specifies the state of chunk4."
        ::= { swACLPktContMaskOptionEntry 11 }

   swACLPktContMaskOffsetChunk4OffsetValue OBJECT-TYPE
        SYNTAX  INTEGER (0..31)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
	    "Specifies the frame content offset of chunk4."
        ::= { swACLPktContMaskOptionEntry 12 }

   swACLPktContMaskOffsetChunk4Mask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(4))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
	    "Specifies the frame content mask of chunk4."
        ::= { swACLPktContMaskOptionEntry 13 }

    swACLPktContMaskOptionRowStatus OBJECT-TYPE
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swACLPktContMaskOptionEntry 14 }

    swACLPktContMaskOptionOwner OBJECT-TYPE
        SYNTAX  INTEGER {
               any(1),
               acl(2),
               ipbind(3),
               other(4),
               dhcp(5),
               netbios(6),
               ext-netbios(7)
               }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
             "The owner of the ACL mask entry. The type of ACL entry created. ACL type
             entries can only be modified when being configured through the same
             type command. For example, IP-MAC Binding entries can only be modified
             or deleted through the IP-MAC Binding configurations or commands."
        ::= { swACLPktContMaskOptionEntry 15 }

    swACLPktContMaskOptionUnusedRuleEntries OBJECT-TYPE
    	SYNTAX INTEGER
    	MAX-ACCESS read-only
    	STATUS current
    	DESCRIPTION
    	    "The number of unused rule entries of this IP profile entry."
    	::={ swACLPktContMaskOptionEntry 16}

    swACLPktContMaskOptionProfileName OBJECT-TYPE
    	SYNTAX DisplayString(SIZE(1..32))
    	MAX-ACCESS read-create
    	STATUS current
    	DESCRIPTION
	    "The name of the ACL mask entry unique to the mask list."
    	::= { swACLPktContMaskOptionEntry 17 }
    	
-- -----------------------------------------------------------------------------
-- swACLEtherRuleTable
-- -----------------------------------------------------------------------------
    swACLEtherRuleTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwACLEtherRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains Ethernet ACL information."
        ::= { swAclRuleMgmt 1 }

    swACLEtherRuleEntry OBJECT-TYPE
        SYNTAX  SwACLEtherRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about the ACL rule of the layer 2 part of each packet."
        INDEX  { swACLEtherRuleProfileID,swACLEtherRuleAccessID }
        ::= { swACLEtherRuleTable 1 }

    SwACLEtherRuleEntry ::=
        SEQUENCE {
            swACLEtherRuleProfileID
                INTEGER,
            swACLEtherRuleAccessID
                INTEGER,
            swACLEtherRuleVlan
                SnmpAdminString,
            swACLEtherRuleSrcMacAddress
                MacAddress,
            swACLEtherRuleDstMacAddress
                MacAddress,
            swACLEtherRule8021P
                INTEGER,
            swACLEtherRuleEtherType
                OCTET STRING,
            swACLEtherRuleEnablePriority
                INTEGER,
            swACLEtherRulePriority
                INTEGER,
            swACLEtherRuleReplacePriority
                INTEGER,
            swACLEtherRuleEnableReplaceDscp
                INTEGER,
            swACLEtherRuleRepDscp
                INTEGER,
            swACLEtherRulePermit
                INTEGER,
            swACLEtherRulePort
--                INTEGER,
                PortList,
--            swACLEtherRuleSwAclState
--                INTEGER,
            swACLEtherRuleRowStatus
                RowStatus,
            swACLEtherRuleOwner
                INTEGER,
	    swACLEtherRuleRxRate
                INTEGER,
            swACLEtherRuleEnableReplaceTosPrecedence
                INTEGER,
            swACLEtherRuleRepTosPrecedence
                INTEGER,
            swACLEtherRuleVID
                INTEGER
        }
    swACLEtherRuleProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the ACL rule entry, which is unique to the mask list. 
             The maximum value of this object depends on the device."
        ::= { swACLEtherRuleEntry 1 }

    swACLEtherRuleAccessID OBJECT-TYPE
        SYNTAX  INTEGER (0..65535)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the the ACL rule entry relates to the swACLEtherRuleProfileID.
             When row creation is set to 0, assignment of an Access ID for ports is automatic
             and the swACLEtherRulePort creates Rule entries for the swACLEtherRulePort accordingly.
             When set from 1 to 65535, an access ID will be created for the swACLEtherRulePort.
             The swACLEtherRulePort must be set to one port only otherwise the row creation will fail.
            "
        ::= { swACLEtherRuleEntry 2 }

    swACLEtherRuleVlan OBJECT-TYPE
        SYNTAX  SnmpAdminString (SIZE (1..32))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will apply to this VLAN only."
        ::= { swACLEtherRuleEntry 3 }

    swACLEtherRuleSrcMacAddress OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will apply to only packets with
             this source MAC address."
        ::= { swACLEtherRuleEntry 4 }

    swACLEtherRuleDstMacAddress OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will apply to only packets
              with this destination MAC address."
        ::= { swACLEtherRuleEntry 5 }

    swACLEtherRule8021P OBJECT-TYPE
        SYNTAX  INTEGER(-1..7)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
	    "Specifies that the access rule will apply only to packets with
              this 802.1p priority value. A value of -1 indicates that this node
              is not actively used."
        ::= { swACLEtherRuleEntry 6 }

    swACLEtherRuleEtherType OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE (2))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will apply only to packets with this
             hexadecimal 802.1Q Ethernet type value in the packet header."
        ::= { swACLEtherRuleEntry 7 }

    swACLEtherRuleEnablePriority OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will apply only to packets with
             priority value."
        ::= { swACLEtherRuleEntry 8 }

    swACLEtherRulePriority OBJECT-TYPE
        SYNTAX  INTEGER(0..7)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the priority will be changed in packets while the swACLEtherRuleEnablePriority
             is enabled ."
        ::= { swACLEtherRuleEntry 9 }

    swACLEtherRuleReplacePriority OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will change priorities of packets that match the access profile
             802.1p priority tag field or not ."
        ::= { swACLEtherRuleEntry 10 }

    swACLEtherRuleEnableReplaceDscp OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will change priorities of packets that match the access profile
             DSCP field or not.
             Replace DSCP and replace ToS precedence can not both be supported. 
	    "
        ::= { swACLEtherRuleEntry 11 }

    swACLEtherRuleRepDscp OBJECT-TYPE
        SYNTAX  INTEGER(0..63)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a value to be written to the DSCP field of an incoming packet
             that meets the criteria specified in the first part of the command.
             This value will over-write the value in the DSCP field of the packet."
        ::= { swACLEtherRuleEntry 12 }

    swACLEtherRulePermit OBJECT-TYPE
        SYNTAX  INTEGER {
               deny(1),
               permit(2)
--               ,mirror(3)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates if the result of the packet examination is 'permit' or 'deny'.
             The default is 'permit'.
             permit - Specifies that packets that match the access profile are
                      permitted to be forwarded by the switch.
             deny - Specifies that packets that match the access profile
                    are not permitted to be forwarded by the switch and will be filtered."
--              mirror - Specifies the packets that match the access profile are copied to the mirror port.
--                       Note: The ACL mirror function will function after mirror has been enabled
--                              and the mirror port has been configured.
        ::= { swACLEtherRuleEntry 13 }

    swACLEtherRulePort OBJECT-TYPE
--        SYNTAX  INTEGER (1..65535)
        SYNTAX  PortList
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will only apply to port(s). 
             This object and swACLEtherRuleVID can not be set together."
        ::= { swACLEtherRuleEntry 14 }

--    swACLEtherRuleSwAclState OBJECT-TYPE
--        SYNTAX  INTEGER {
--               enable(1),
--               disable(2)
--               }
--        MAX-ACCESS  read-create
--        STATUS  current
--        DESCRIPTION
--            "Specifies that the access rule will only apply to the software ACL state."
--        ::= { swACLEtherRuleEntry 15 }

    swACLEtherRuleRowStatus OBJECT-TYPE	--swACLEtherRuleState
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swACLEtherRuleEntry 15 }

    swACLEtherRuleOwner OBJECT-TYPE
        SYNTAX  INTEGER {
               any(1),
               acl(2),
               ipbind(3),
               other(4),
               dhcp(5),
               netbios(6),
               ext-netbios(7)
               }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The owner of the ACL rule entry. Only owners can modify this entry."
        ::= { swACLEtherRuleEntry 16 }

    swACLEtherRuleRxRate  OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the rx rate, 0 denotes no_limit. The maximum value of this object depends on the device."
        ::= { swACLEtherRuleEntry 17 }

    swACLEtherRuleEnableReplaceTosPrecedence OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will change priorities of packets that match the access profile
             ToS precedence field or not.
             Replace DSCP and replace ToS precedence can not both be supported. 
            "
        ::= { swACLEtherRuleEntry 18 }

    swACLEtherRuleRepTosPrecedence OBJECT-TYPE
        SYNTAX  INTEGER(0..7)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a value to be written to the ToS precedence field of an incoming packet
             that meets the criteria specified in the first part of the command.
             This value will over-write the value in the ToS precedence field of the packet."
        ::= { swACLEtherRuleEntry 19 }

    swACLEtherRuleVID OBJECT-TYPE
        SYNTAX  INTEGER (0..4094)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies this rule only applies to the specified VLAN. There are two conditions:
             1.only the portlist that belongs to this VLAN will be included;
             2.packets must belong to this VLAN.
             
             This object and swACLEtherRulePort can not be set together.
	     When you set swACLEtherRulePort, the value of this object will automatically change to 0.
	     And this object can not be set to 0."
        ::= { swACLEtherRuleEntry 20 }

        
-- -----------------------------------------------------------------------------
-- swACLIpRuleTable
-- -----------------------------------------------------------------------------
    swACLIpRuleTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwACLIpRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            ""
        ::= { swAclRuleMgmt 2 }

    swACLIpRuleEntry OBJECT-TYPE
        SYNTAX  SwACLIpRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            ""
        INDEX  { swACLIpRuleProfileID , swACLIpRuleAccessID }
        ::= { swACLIpRuleTable 1 }

    SwACLIpRuleEntry ::=
        SEQUENCE {
            swACLIpRuleProfileID
                INTEGER,
            swACLIpRuleAccessID
                INTEGER,
            swACLIpRuleVlan
                SnmpAdminString,
            swACLIpRuleSrcIpaddress
            	IpAddress,
            swACLIpRuleDstIpaddress
            	IpAddress,
            swACLIpRuleDscp
            	INTEGER,
            swACLIpRuleProtocol
                INTEGER,
            swACLIpRuleType
            	INTEGER,
            swACLIpRuleCode
            	INTEGER,
            swACLIpRuleSrcPort
            	INTEGER,
            swACLIpRuleDstPort
            	INTEGER,
            swACLIpRuleFlagBits
            	INTEGER,
            swACLIpRuleProtoID
            	INTEGER,
            swACLIpRuleUserMask
            	OCTET STRING,
            swACLIpRuleEnablePriority
                INTEGER,
            swACLIpRulePriority
                INTEGER,
            swACLIpRuleReplacePriority
                INTEGER,
            swACLIpRuleEnableReplaceDscp
                INTEGER,
            swACLIpRuleRepDscp
                INTEGER,
            swACLIpRulePermit
            	INTEGER,
            swACLIpRulePort
--            	INTEGER,
                PortList,
--            swACLIpRuleSwAclState
--                INTEGER,
            swACLIpRuleRowStatus
                RowStatus,
            swACLIpRuleOwner
                INTEGER,
            swACLIpRuleRxRate
                INTEGER,
--	    swACLIpRuleSrcMacAddress
--                MacAddress,
            swACLIpRuleEnableReplaceTosPrecedence
                INTEGER,
            swACLIpRuleRepTosPrecedence
                INTEGER,
            swACLIpRuleVID
                INTEGER
        }

    swACLIpRuleProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
        ::= { swACLIpRuleEntry 1 }

    swACLIpRuleAccessID OBJECT-TYPE
        SYNTAX  INTEGER (0..65535)
        MAX-ACCESS  read-only	--read-create
        STATUS  current
        DESCRIPTION
            "The ID of the ACL rule entry relates to swACLIPRuleProfileID.
             Row creation set to 0 indicates automatic assignment of the Access ID
             for the ports in the swACLIpRulePort to create Rule entries
             for swACLIpRulePort accordingly.
             Set to 1-65535 causes creation of an access ID for the swACLIpRulePort.
             The swACLIpRulePort must be set to one port only otherwise the row
             creation will fail."
        ::= { swACLIpRuleEntry 2 }

    swACLIpRuleVlan OBJECT-TYPE
        SYNTAX  SnmpAdminString (SIZE (1..32))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will only apply to this VLAN."
        ::= { swACLIpRuleEntry 3 }

    swACLIpRuleSrcIpaddress OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies an IP source address."
        ::= { swACLIpRuleEntry 4 }

    swACLIpRuleDstIpaddress OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies an IP destination address."
        ::= { swACLIpRuleEntry 5 }

    swACLIpRuleDscp OBJECT-TYPE
        SYNTAX  INTEGER(-1..63)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the value of DSCP. The value can be configured from 0 to 63.
            A value of -1 indicates that this node is not actively used."
        ::= { swACLIpRuleEntry 6 }

    swACLIpRuleProtocol OBJECT-TYPE
        SYNTAX  INTEGER {
               none(1),
               icmp(2),
               igmp(3),
               tcp(4),
               udp(5),
               protocolId(6)
               }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
            "Specifies the IP protocol.
             For some older chips, this object can not be set. When getting this object,
             it always returns the type which has been configured in swACLIpEntry.

             For some newer chips, this object can only set the type which
             has been configured in swACLIpEntry. The default value is none (1).
            "
        ::= { swACLIpRuleEntry 7 }

    swACLIpRuleType OBJECT-TYPE
        SYNTAX  INTEGER(-1..255)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the value of ICMP type traffic.
            A value of -1 denotes that this object is not active."
        ::= { swACLIpRuleEntry 8 }

    swACLIpRuleCode OBJECT-TYPE
        SYNTAX  INTEGER(-1..255)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the value of ICMP code traffic.
            A value of -1 denotes that this object is not active."
        ::= { swACLIpRuleEntry 9 }

    swACLIpRuleSrcPort OBJECT-TYPE
        SYNTAX  INTEGER(-1..65535)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the range of the TCP/UDP source ports.
            A value of -1 indicates that this node is not actively used."
        ::= { swACLIpRuleEntry 10 }

    swACLIpRuleDstPort OBJECT-TYPE
        SYNTAX  INTEGER(-1..65535)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the TCP/UDP destination port range.
            A value of -1 indicates that this node is not actively used."
        ::= { swACLIpRuleEntry 11 }

    swACLIpRuleFlagBits OBJECT-TYPE
        SYNTAX  INTEGER(0..63)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "A value which indicates the set of TCP flags that this
             entity may potentially offer. The value is a sum of flag bits.
             This sum initially takes the value zero. Then, for each flag, L
             is added in the range 1 through 6, for which this node performs
             transactions, where 2^(L - 1) is added to the sum.
             Note that values should be calculated accordingly:

                 Flag      functionality
                   6        urg bit
                   5        ack bit
                   4        psh bit
                   3        rst bit
                   2		syn bit
                   1 		fin bit
	     For example, it you want to enable urg bit and ack bit, you
	     should set value 48{2^(5-1) + 2^(6-1)}."
        ::= { swACLIpRuleEntry 12 }

    swACLIpRuleProtoID OBJECT-TYPE
        SYNTAX  INTEGER(-1..255)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the value of IP protocol ID traffic.
            A value of -1 indicates that this node is not actively used."
        ::= { swACLIpRuleEntry 13 }

    swACLIpRuleUserMask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(20))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the IP protocol ID and the range of
             options behind the IP header."
        ::= { swACLIpRuleEntry 14 }

    swACLIpRuleEnablePriority OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will apply only to packets with this
             priority value."
        ::= { swACLIpRuleEntry 15 }

    swACLIpRulePriority OBJECT-TYPE
        SYNTAX  INTEGER(0..7)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the priority will change in packets while the swACLIpRuleEnablePriority
             is enabled."
        ::= { swACLIpRuleEntry 16 }

    swACLIpRuleReplacePriority OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies whether the packets that match the access profile will change the
             802.1p priority tag field by the switch or not."
        ::= { swACLIpRuleEntry 17 }

    swACLIpRuleEnableReplaceDscp OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will change priorities of packets that match the access profile
             DSCP field or not.
             Replace DSCP and replace ToS precedence can not both be supported.
            "
        ::= { swACLIpRuleEntry 18 }

    swACLIpRuleRepDscp OBJECT-TYPE
        SYNTAX  INTEGER(0..63)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a value to be written to the DSCP field of an incoming packet
             that meets the criteria specified in the first part of the command.
             This value will over-write the value in the DSCP field of the packet."
        ::= { swACLIpRuleEntry 19 }

    swACLIpRulePermit OBJECT-TYPE
        SYNTAX  INTEGER {
               deny(1),
               permit(2)
--               ,mirror(3)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates if the result of the packet examination is to 'permit' or 'deny'.
             The default is 'permit'.
             permit - Specifies that packets that match the access profile are
                      permitted to be forwarded by the switch.
             deny - Specifies that packets that match the access profile
                    are not permitted to be forwarded by the switch and will be filtered."
--              mirror - Specifies the packets that match the access profile are sent the copied one
--                       to the mirror port.
--                       Note: The ACL mirror function will work after the mirror is enabled and the mirror port has
--                       been configured.
        ::= { swACLIpRuleEntry 20 }

    swACLIpRulePort OBJECT-TYPE
--        SYNTAX  INTEGER (1..65535)
        SYNTAX  PortList
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will only apply to port(s). 
             This object and swACLIpRuleVID can not be set together. "
        ::= { swACLIpRuleEntry 21 }

--    swACLIpRuleSwAclState OBJECT-TYPE
--        SYNTAX  INTEGER {
--               enable(1),
--               disable(2)
--               }
--        MAX-ACCESS  read-create
--        STATUS  current
--        DESCRIPTION
--            "Specifies that the access rule will only apply to the software ACL state."
--        ::= { swACLIpRuleEntry 22 }

    swACLIpRuleRowStatus OBJECT-TYPE
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swACLIpRuleEntry 22 }

    swACLIpRuleOwner OBJECT-TYPE
        SYNTAX  INTEGER {
               any(1),
               acl(2),
               ipbind(3),
               other(4),
               dhcp(5),
               netbios(6),
               ext-netbios(7)
               }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The owner of the ACL rule entry. Only owners can modify this entry."
        ::= { swACLIpRuleEntry 23 }

    swACLIpRuleRxRate  OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the rx-rate, 0 denotes no_limit. The maximum value of this object depends on the device."
        ::= { swACLIpRuleEntry 24 }

--    swACLIpRuleSrcMacAddress OBJECT-TYPE
--         SYNTAX  MacAddress
--         MAX-ACCESS  read-only
--         STATUS  current
--         DESCRIPTION
--             "Specifies that the access will only apply to packets with
--              this source MAC address."
--         ::= { swACLIpRuleEntry 25 }

    swACLIpRuleEnableReplaceTosPrecedence OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will change priorities of packets that match the access profile
             ToS precedence field or not.
             Replace DSCP and replace ToS precedence can not both be supported.             
            "
        ::= { swACLIpRuleEntry 26 }

    swACLIpRuleRepTosPrecedence OBJECT-TYPE
        SYNTAX  INTEGER(0..7)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
             "Specifies a value to be written to the ToS precedence field of an incoming packet
              that meets the criteria specified in the first part of the command.
              This value will over-write the value in the ToS precedence field of the packet."
        ::= { swACLIpRuleEntry 27 }

    swACLIpRuleVID OBJECT-TYPE
        SYNTAX  INTEGER (0..4094)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies this rule only applies to the specified VLAN. There are two conditions:
             1.only the portlist that belongs to this VLAN will be included;
             2.packets must belong to this VLAN.

             This object and swACLIpRulePort can not be set together.
	     When you set swACLIpRulePort, the value of this object will automatically change to 0.
	     And this object can not be set 0."
        ::= { swACLIpRuleEntry 28 }

-- -----------------------------------------------------------------------------
-- swACLPktContRuleTable
-- -----------------------------------------------------------------------------
--     swACLPktContRuleTable OBJECT-TYPE
--         SYNTAX  SEQUENCE OF SwACLPktContRuleEntry
--         MAX-ACCESS  not-accessible
--         STATUS  current
--         DESCRIPTION
--             "This table contains ACL rules regarding user-defined information."
--         ::= { swAclRuleMgmt 3 }

--     swACLPktContRuleEntry OBJECT-TYPE
--         SYNTAX  SwACLPktContRuleEntry
--         MAX-ACCESS  not-accessible
--         STATUS  current
--         DESCRIPTION
--             "A list of information about the ACL rule of the user-defined part of each packet."
--         INDEX  { swACLPktContRuleProfileID,swACLPktContRuleAccessID }
--         ::= { swACLPktContRuleTable 1 }

--     SwACLPktContRuleEntry ::=
--         SEQUENCE {
--             swACLPktContRuleProfileID
--                 INTEGER,
--             swACLPktContRuleAccessID
--                 INTEGER,
--             swACLPktContRuleOffset0to15
--                 OCTET STRING,
--             swACLPktContRuleOffset16to31
--                 OCTET STRING,
--             swACLPktContRuleOffset32to47
--                 OCTET STRING,
--             swACLPktContRuleOffset48to63
--                 OCTET STRING,
--             swACLPktContRuleOffset64to79
--                 OCTET STRING,
--             swACLPktContRuleEnablePriority
--             	INTEGER,
--             swACLPktContRulePriority
--                 INTEGER,
--             swACLPktContRuleReplacePriority
--                 INTEGER,
--             swACLPktContRuleEnableReplaceDscp
--                 INTEGER,
--             swACLPktContRuleRepDscp
--                 INTEGER,
--             swACLPktContRulePermit
--                 INTEGER,
--             swACLPktContRulePort
--                INTEGER,
--                 PortList,
--             swACLPktContRuleSwAclState
--                 INTEGER,
--             swACLPktContRuleRowStatus
--                 RowStatus,
--             swACLPktContRuleOwner
--                 INTEGER,
-- 	    swACLPktContRuleRxRate
--                 INTEGER,
--             swACLPktContRuleEnableReplaceTosPrecedence
--                 INTEGER,
--             swACLPktContRuleRepTosPrecedence
--                 INTEGER,
--             swACLPktContRuleVID
--                 INTEGER
--         }
--     swACLPktContRuleProfileID OBJECT-TYPE
--         SYNTAX  INTEGER
--         MAX-ACCESS  read-only
--         STATUS  current
--         DESCRIPTION
-- 	    "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
--         ::= { swACLPktContRuleEntry 1 }

--     swACLPktContRuleAccessID OBJECT-TYPE
--         SYNTAX  INTEGER (0..65535)
--         MAX-ACCESS  read-only
--         STATUS  current
--         DESCRIPTION
--             "The ID of the ACL rule entry in relation to the swACLPktContRuleProfileID.
--              When row creation is set to 0, an access ID is automatically created
--              for the ports in the swACLPktContRulePort to create rule entries
--              for swACLPktContRulePort accordingly.
--              Set to 1-65535 indicates to creswACLPktContRuleRepDscpate the exact access ID
--              for the swACLPktContRulePort. The swACLPktContRulePort must be set to
--              one port only, otherwise the row creation will fail."
--         ::= { swACLPktContRuleEntry 2 }

--     swACLPktContRuleOffset0to15 OBJECT-TYPE
--         SYNTAX  OCTET STRING (SIZE(16))
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
--             "Specifies that the rule applies to the user-defined packet."
--         ::= { swACLPktContRuleEntry 3 }

--     swACLPktContRuleOffset16to31 OBJECT-TYPE
--         SYNTAX  OCTET STRING (SIZE(16))
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
--             "Specifies that the rule applies to the user-defined packet."
--         ::= { swACLPktContRuleEntry 4 }

--     swACLPktContRuleOffset32to47 OBJECT-TYPE
--         SYNTAX  OCTET STRING (SIZE(16))
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
--             "Specifies that the rule applies to the user-defined packet."
--         ::= { swACLPktContRuleEntry 5 }

--     swACLPktContRuleOffset48to63 OBJECT-TYPE
--         SYNTAX  OCTET STRING (SIZE(16))
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
--             "Specifies that the rule applies to the user-defined packet."
--         ::= { swACLPktContRuleEntry 6 }

--     swACLPktContRuleOffset64to79 OBJECT-TYPE
--         SYNTAX  OCTET STRING (SIZE(16))
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
--             "Specifies that the rule applies to the user-defined packet."
--         ::= { swACLPktContRuleEntry 7 }

--     swACLPktContRuleEnablePriority OBJECT-TYPE
--         SYNTAX  INTEGER {
--                enabled(1),
--                disabled(2)
--                }
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
--             "Specifies that the access rule will apply only to packets with this
--              priority value."
--         ::= { swACLPktContRuleEntry 8 }

--     swACLPktContRulePriority OBJECT-TYPE
--         SYNTAX  INTEGER(0..7)
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
-- 	    "Specifies the priority will change for the packets while the swACLPktContRuleReplacePriority
--              is enabled ."
--         ::= { swACLPktContRuleEntry 9 }

--     swACLPktContRuleReplacePriority OBJECT-TYPE
--         SYNTAX  INTEGER {
--                enabled(1),
--                disabled(2)
--                }
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
-- 	    "Specifies if the switch will change priorities of packets that match the access profile
-- 	    802.1p priority tag or not."
--         ::= { swACLPktContRuleEntry 10 }

--     swACLPktContRuleEnableReplaceDscp OBJECT-TYPE
--         SYNTAX  INTEGER {
--                enabled(1),
--                disabled(2)
--                }
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
--             "Specifies if the switch will change priorities of packets that match the access profile
-- 	     DSCP field or not.
--              Replace DSCP and replace ToS precedence can not both be supported.  	    "
--         ::= { swACLPktContRuleEntry 11 }

--     swACLPktContRuleRepDscp OBJECT-TYPE
--         SYNTAX  INTEGER(0..63)
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
--             "Specifies a value to be written to the DSCP field of an incoming packet
--              that meets the criteria specified in the first part of the command.
--              This value will over-write the value in the DSCP field of the packet."
--         ::= { swACLPktContRuleEntry 12 }

--     swACLPktContRulePermit OBJECT-TYPE
--         SYNTAX  INTEGER {
--                deny(1),
--                permit(2),
--                mirror(3),
--                lease-renew(4)
--                }
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
-- 	    "This object indicates if the result of the packet examination is 'permit' or 'deny'.
-- 	     The default is 'permit'.
--              permit - Specifies that packets that match the access profile are
--                       permitted to be forwarded by the switch.
--              deny - Specifies that packets that match the access profile
--                     are not permitted to be forwarded by the switch and will be filtered.
--              mirror - Specifies that the packets that match the access profile are copied to
--                       the mirror port.
--                       Note: The ACL mirror function will function after mirror is enabled
--                       and a mirror port has been configured.
--              lease-renew - Specifies the packets that match the access profile are copied to
--                            the CPU.
--                            Note : After user enables port's lease-renew state, all kinds of DHCP packets 
--                                   (including unicast and broadcast DHCP packets) will be copied to CPU 
--                                   (using user ACL mask and rule)."
--         ::= { swACLPktContRuleEntry 13 }

--     swACLPktContRulePort OBJECT-TYPE
--        SYNTAX  INTEGER (1..65535)
--         SYNTAX  PortList
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
--              "Specifies that the access rule will only apply to port(s). 
--               This object and swACLPktContRuleVID can not be set together. "
--          ::= { swACLPktContRuleEntry 14 }

 --   swACLPktContRuleSwAclState OBJECT-TYPE
 --       SYNTAX  INTEGER {
 --              enable(1),
 --              disable(2)
--              }
--       MAX-ACCESS  read-create
--       STATUS  current
--       DESCRIPTION
--           "Specifies that the access rule will only apply to the software ACL state."
--       ::= { swACLPktContRuleEntry 15 }

--     swACLPktContRuleRowStatus OBJECT-TYPE
--         SYNTAX  RowStatus
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
--             "This object indicates the status of this entry."
--         ::= { swACLPktContRuleEntry 15 }

--     swACLPktContRuleOwner OBJECT-TYPE
--         SYNTAX  INTEGER {
--                any(1),
--                acl(2),
--                ipbind(3),
--                other(4),
--                dhcp(5),
--                netbios(6),
--                ext-netbios(7)
--                }
--         MAX-ACCESS  read-only
--         STATUS  current
--         DESCRIPTION
--             "The owner of the ACL rule entry. Only owners can modify this entry."
--         ::= { swACLPktContRuleEntry 16 }

--    swACLPktContRuleRxRate  OBJECT-TYPE
--         SYNTAX  INTEGER
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
--             "Specifies the rx-rate, 0 denotes no_limit. The maximum value of this object depends on the device."
--         ::= { swACLPktContRuleEntry 17 }

--     swACLPktContRuleEnableReplaceTosPrecedence OBJECT-TYPE
--         SYNTAX  INTEGER {
--                enabled(1),
--                disabled(2)
--                }
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
--             "Specifies if the switch will change priorities of packets that match the access profile
--              ToS precedence field or not.
--              Replace DSCP and replace ToS precedence can not both be supported.  
--             "
--         ::= { swACLPktContRuleEntry 18 }

--     swACLPktContRuleRepTosPrecedence OBJECT-TYPE
--         SYNTAX  INTEGER(0..7)
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
--             "Specifies a value to be written to the ToS precedence field of an incoming packet
--              that meets the criteria specified in the first part of the command.
--              This value will over-write the value in the ToS precedence field of the packet."
--         ::= { swACLPktContRuleEntry 19 }

--     swACLPktContRuleVID OBJECT-TYPE
--         SYNTAX  INTEGER (0..4094)
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
--             "Specifies this rule only applies to the specified VLAN. There are two conditions:
--              1.only the portlist that belongs to this VLAN will be included;
--              2.packets must belong to this VLAN.

--              This object and swACLPktContRulePort can not be set together.
-- 	     When you set swACLPktContRulePort, the value of this object will automatically change to 0.
-- 	     And this object can not be set 0."
--         ::= { swACLPktContRuleEntry 20 }

-- -----------------------------------------------------------------------------
-- swACLIpv6RuleTable
-- -----------------------------------------------------------------------------
    swACLIpv6RuleTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwACLIpv6RuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains the IPv6 ACL rule information."
        ::= { swAclRuleMgmt 4 }

    swACLIpv6RuleEntry OBJECT-TYPE
        SYNTAX  SwACLIpv6RuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about ACL rules regarding the IPv6 part of each packet."
        INDEX  { swACLIpv6RuleProfileID,swACLIpv6RuleAccessID }
        ::= { swACLIpv6RuleTable 1 }

    SwACLIpv6RuleEntry ::=
        SEQUENCE {
            swACLIpv6RuleProfileID
                INTEGER,
            swACLIpv6RuleAccessID
                INTEGER,
            swACLIpv6RuleClass
                INTEGER,
            swACLIpv6RuleFlowlabel
                OCTET STRING,
            swACLIpv6RuleSrcIpv6Addr
                Ipv6Address,
            swACLIpv6RuleDstIpv6Addr
                Ipv6Address,
            swACLIpv6RuleEnablePriority
            	INTEGER,
            swACLIpv6RulePriority
                INTEGER,
            swACLIpv6RuleReplacePriority
                INTEGER,
            swACLIpv6RulePermit
                INTEGER,
            swACLIpv6RulePort
--                INTEGER,
                PortList,
--            swACLIpv6RuleSwAclState
--                INTEGER,
            swACLIpv6RuleRowStatus
                RowStatus,
            swACLIpv6RuleOwner
                INTEGER,
	    swACLIpv6RuleRxRate
                INTEGER,
            swACLIpv6RuleEnableReplaceDscp
                INTEGER,
            swACLIpv6RuleRepDscp
                INTEGER,                
            swACLIpv6RuleEnableReplaceTosPrecedence
                INTEGER,
            swACLIpv6RuleRepTosPrecedence
                INTEGER,
            swACLIpv6RuleVID
                INTEGER,
            swACLIpv6RuleProtocol
                INTEGER,
            swACLIpv6RuleSrcPort
            	INTEGER,
            swACLIpv6RuleDstPort
            	INTEGER
        }
    swACLIpv6RuleProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
        ::= { swACLIpv6RuleEntry 1 }

    swACLIpv6RuleAccessID OBJECT-TYPE
        SYNTAX  INTEGER (0..65535)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the ACL rule entry relates to swACLIpv6RuleProfileID.
             When row creation is set to 0, this indicates the access ID
             will be assigned automatically for the ports in the swACLIpv6RulePort
             to create rule entries for swACLIpv6RulePort accordingly.
             Set to 1-65535 indicates creation of an access ID for the swACLIpv6RulePort.
             The swACLIpv6RulePort must be set to one port only, otherwise
             the row creation will fail."
        ::= { swACLIpv6RuleEntry 2 }

    swACLIpv6RuleClass OBJECT-TYPE
        SYNTAX  INTEGER (0..255)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the IPv6 class field."
        ::= { swACLIpv6RuleEntry 3 }

    swACLIpv6RuleFlowlabel OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(4))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the IPv6 flow label field."
        ::= { swACLIpv6RuleEntry 4 }

    swACLIpv6RuleSrcIpv6Addr OBJECT-TYPE
        SYNTAX  Ipv6Address
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the source IPv6 address.
            This should be a 16 byte octet string."
        ::= { swACLIpv6RuleEntry 5 }

    swACLIpv6RuleDstIpv6Addr OBJECT-TYPE
        SYNTAX  Ipv6Address
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the destination IPv6 address.
            This should be a 16 byte octet string."
        ::= { swACLIpv6RuleEntry 6 }

    swACLIpv6RuleEnablePriority OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will apply only to packets with
             priority value."
        ::= { swACLIpv6RuleEntry 7 }

    swACLIpv6RulePriority OBJECT-TYPE
        SYNTAX  INTEGER(0..7)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the priority will change in packets while the swACLIpv6RuleReplacePriority
             is enabled."
        ::= { swACLIpv6RuleEntry 8 }

    swACLIpv6RuleReplacePriority OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will change priorities of packets that match the access profile
             802.1p priority tag or not."
        ::= { swACLIpv6RuleEntry 9 }

    swACLIpv6RulePermit OBJECT-TYPE
        SYNTAX  INTEGER {
               deny(1),
               permit(2),
               mirror(3)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates if the result of packet examination is to 'permit' or 'deny'.
	     The default is 'permit'.
             permit - Specifies that packets that match the access profile are
                      permitted to be forwarded by the switch.
             deny - Specifies that packets that match the access profile
                    are not permitted to be forwarded by the switch and will be filtered.
             mirror - Specifies the packets that match the access profile are copied to
                      the mirror port.
                      Note: The ACL mirror function will work after mirror has been enabled
                      and the mirror port has been configured."
        ::= { swACLIpv6RuleEntry 10 }

    swACLIpv6RulePort OBJECT-TYPE
--        SYNTAX  INTEGER (1..65535)
        SYNTAX  PortList
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will apply only to port(s). 
             This object and swACLIpv6RuleVID can not be set together. "
        ::= { swACLIpv6RuleEntry 11 }

--    swACLIpv6RuleSwAclState OBJECT-TYPE
--        SYNTAX  INTEGER {
--               enable(1),
--               disable(2)
--               }
--        MAX-ACCESS  read-create
--        STATUS  current
--        DESCRIPTION
--            "Specifies that the access rule will only apply to the software ACL state."
--        ::= { swACLIpv6RuleEntry 13 }

    swACLIpv6RuleRowStatus OBJECT-TYPE
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swACLIpv6RuleEntry 12 }

    swACLIpv6RuleOwner OBJECT-TYPE
        SYNTAX  INTEGER {
               any(1),
               acl(2),
               ipbind(3),
               other(4),
               dhcp(5),
               netbios(6),
               ext-netbios(7)
               }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The owner of the ACL rule entry. Only owners can modify this entry."
        ::= { swACLIpv6RuleEntry 13 }

   swACLIpv6RuleRxRate  OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the rx-rate, 0 denotes no_limit. The maximum value of this object depends on the device."
        ::= { swACLIpv6RuleEntry 14 }

    swACLIpv6RuleEnableReplaceDscp OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will change priorities of packets that match the access profile
             DSCP field or not.
             Replace DSCP and replace ToS precedence can not both be supported.              
            "
        ::= { swACLIpv6RuleEntry 15 }

    swACLIpv6RuleRepDscp OBJECT-TYPE
        SYNTAX  INTEGER(0..63)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a value to be written to the DSCP field of an incoming packet
             that meets the criteria specified in the first part of the command.
             This value will over-write the value in the DSCP field of the packet."
        ::= { swACLIpv6RuleEntry 16 }

    swACLIpv6RuleEnableReplaceTosPrecedence OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will change priorities of packets that match the access profile
             ToS precedence field or not.
             Replace DSCP and replace ToS precedence can not both be supported.              
            "
        ::= { swACLIpv6RuleEntry 17 }

    swACLIpv6RuleRepTosPrecedence OBJECT-TYPE
        SYNTAX  INTEGER(0..7)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a value to be written to the ToS precedence field of an incoming packet
             that meets the criteria specified in the first part of the command.
             This value will over-write the value in the ToS precedence field of the packet."
        ::= { swACLIpv6RuleEntry 18 }

     swACLIpv6RuleVID OBJECT-TYPE
        SYNTAX  INTEGER (0..4094)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies this rule only applies to the specified VLAN. There are two conditions:
             1.only the portlist that belongs to this VLAN will be included;
             2.packets must belong to this VLAN.

             This object and swACLIpv6RulePort can not be set together.
	     When you set swACLIpv6RulePort, the value of this object will automatically change to 0.
	     And this object can not be set 0."
        ::= { swACLIpv6RuleEntry 19 }

    swACLIpv6RuleProtocol OBJECT-TYPE
        SYNTAX  INTEGER {
               none(1),
               tcp(2),
               udp(3)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the IPv6 protocol.
             For some older chips, this object can not be set. When getting this object,
             it always returns the type which has been configured in swACLIpv6Entry.

             For some newer chips, this object can only set the type which
             has been configured in swACLIpv6Entry. The default value is none (1).
            "
        ::= { swACLIpv6RuleEntry 20 }

    swACLIpv6RuleSrcPort OBJECT-TYPE
        SYNTAX  INTEGER(0..65535)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the range of the TCP/UDP source ports."
        ::= { swACLIpv6RuleEntry 21 }

    swACLIpv6RuleDstPort OBJECT-TYPE
        SYNTAX  INTEGER(0..65535)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the TCP/UDP destination ports range."
        ::= { swACLIpv6RuleEntry 22 }

-- -----------------------------------------------------------------------------
--swIBPACLEtherRuleTable
-- -----------------------------------------------------------------------------
    swIBPACLEtherRuleTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwIBPACLEtherRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  obsolete
        DESCRIPTION
            "This table contains IP-MAC-Binding Ethernet ACL Rule information."
        ::= { swAclRuleMgmt 5 }

    swIBPACLEtherRuleEntry OBJECT-TYPE
        SYNTAX  SwIBPACLEtherRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  obsolete
        DESCRIPTION
            "A list of information about the ACL rule of the layer 2 part of each packet."
        INDEX  { swIBPACLEtherRuleProfileID,swIBPACLEtherRuleAccessID }
        ::= { swIBPACLEtherRuleTable 1 }

    SwIBPACLEtherRuleEntry ::=
        SEQUENCE {
            swIBPACLEtherRuleProfileID
                INTEGER,
            swIBPACLEtherRuleAccessID
                INTEGER,
            swIBPACLEtherRuleEtherType
                OCTET STRING,
            swIBPACLEtherRulePermit
                INTEGER,
            swIBPACLEtherRulePort
                  PortList
        }
    swIBPACLEtherRuleProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "The ID of the ACL mask entry, unique in the mask list. The maximum value of this object depends on the device."
        ::= { swIBPACLEtherRuleEntry 1 }

    swIBPACLEtherRuleAccessID OBJECT-TYPE
        SYNTAX  INTEGER (0..65535)
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "The ID of the ACL rule entry in relation to swACLEtherRuleProfileID.
            When row creation is set to 0, this indicates automatically assigning an Access 
            for the ports in the swACLEtherRulePort  to create rule entries for swACLEtherRulePort
            accordingly.
            Set to 1-65535 indicates to create the exact access ID for the swACLEtherRulePort
            and the swACLEtherRulePort must set one port only, otherwise the row creation will
            fail."
        ::= { swIBPACLEtherRuleEntry 2 }

    swIBPACLEtherRuleEtherType OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE (2))
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "Specifies that the access rule will apply only to packets with this
             802.1Q Ethernet type value in the packet header."
        ::= { swIBPACLEtherRuleEntry 3 }

    swIBPACLEtherRulePermit OBJECT-TYPE
        SYNTAX  INTEGER {
               deny(1),
               permit(2)
               }
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "This object indicates if the result of the examination is 'permit' or 'deny'.
             The default is 'permit' (1).
             permit - Specifies that packets that match the access profile are
                      permitted to be forwarded by the switch.
             deny - Specifies that packets that match the access profile
                    are not permitted to be forwarded by the switch and will be filtered."
        ::= { swIBPACLEtherRuleEntry 4 }

    swIBPACLEtherRulePort OBJECT-TYPE
        SYNTAX  PortList
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "Specifies that the access rule will only apply to port(s)."
        ::= { swIBPACLEtherRuleEntry 5 }

-- -----------------------------------------------------------------------------
--swIBPACLIpRuleTable
-- -----------------------------------------------------------------------------
    swIBPACLIpRuleTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwIBPACLIpRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  obsolete
        DESCRIPTION
            ""
        ::= { swAclRuleMgmt 6 }

    swIBPACLIpRuleEntry OBJECT-TYPE
        SYNTAX  SwIBPACLIpRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  obsolete
        DESCRIPTION
            ""
        INDEX  { swIBPACLIpRuleProfileID , swIBPACLIpRuleAccessID }
        ::= { swIBPACLIpRuleTable 1 }

    SwIBPACLIpRuleEntry ::=
        SEQUENCE {
            swIBPACLIpRuleProfileID
                INTEGER,
            swIBPACLIpRuleAccessID
                INTEGER,
	    swIBPACLIpRuleSrcMacAddress
                MacAddress,
            swIBPACLIpRuleSrcIpaddress
            	IpAddress,
            swIBPACLIpRulePermit
            	INTEGER,
            swIBPACLIpRulePort
                PortList
        }
    swIBPACLIpRuleProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "The ID of the ACL mask entry, unique in the mask list. The maximum value of this object depends on the device."
        ::= { swIBPACLIpRuleEntry 1 }

    swIBPACLIpRuleAccessID OBJECT-TYPE
        SYNTAX  INTEGER (0..65535)
        MAX-ACCESS  read-only	--read-create
        STATUS  obsolete
        DESCRIPTION
            "The ID of the ACL rule entry in relation to swACLIPRuleProfileID.
            When the row creation is set to 0, this indicates assigning an access ID automatically
            for the ports in the swACLIpRulePort  to create rule entries for swACLIpRulePort
            accordingly.
            Set to 1-65535 indicates to create the exact access ID for the swACLIpRulePort
            and the swACLIpRulePort must be set for one port only, otherwise the row creation will
            fail."
        ::= { swIBPACLIpRuleEntry 2 }

   swIBPACLIpRuleSrcMacAddress OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "Specifies that the access rule will apply to only packets with
             this source MAC address."
        ::= { swIBPACLIpRuleEntry 3 }

    swIBPACLIpRuleSrcIpaddress OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "Specifies an IP source address."
        ::= { swIBPACLIpRuleEntry 4 }

    swIBPACLIpRulePermit OBJECT-TYPE
        SYNTAX  INTEGER {
               deny(1),
               permit(2)
               }
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "This object indicates if the result of the examination is 'permit' or 'deny'; the default is 'permit' (1)
             permit - Specifies that packets that match the access profile are
                      permitted to be forwarded by the switch.
             deny - Specifies that packets that match the access profile
                    are not permitted to be forwarded by the switch and will be filtered."
        ::= { swIBPACLIpRuleEntry 5 }

    swIBPACLIpRulePort OBJECT-TYPE
        SYNTAX  PortList
        MAX-ACCESS  read-only
        STATUS  obsolete
        DESCRIPTION
            "Specifies that the access rule will only apply to port(s)."
        ::= { swIBPACLIpRuleEntry 6 }

-- -----------------------------------------------------------------------------
--swACLPktContRuleOptionTable
-- -----------------------------------------------------------------------------
--     swACLPktContRuleOptionTable OBJECT-TYPE
--         SYNTAX  SEQUENCE OF SwACLPktContRuleOptionEntry
--         MAX-ACCESS  not-accessible
--         STATUS  current
--         DESCRIPTION
--             "This table contains user-defined ACL information."
--         ::= { swAclRuleMgmt 7 }

--     swACLPktContRuleOptionEntry OBJECT-TYPE
--         SYNTAX  SwACLPktContRuleOptionEntry
--         MAX-ACCESS  not-accessible
--         STATUS  current
--         DESCRIPTION
--             "A list of information about the ACL rule regarding the user-defined part of each packet."
--         INDEX  { swACLPktContRuleOptionProfileID,swACLPktContRuleOptionAccessID }
--         ::= { swACLPktContRuleOptionTable 1 }

--     SwACLPktContRuleOptionEntry ::=
--         SEQUENCE {
--             swACLPktContRuleOptionProfileID
--                 INTEGER,
--             swACLPktContRuleOptionAccessID
--                 INTEGER,
--            swACLPktContRuleOffsetChunk1OffsetValue
--                INTEGER,
--            swACLPktContRuleOffsetChunk1Content
--                OCTET STRING,
--            swACLPktContRuleOffsetChunk2OffsetValue
--                INTEGER,
--            swACLPktContRuleOffsetChunk2Content
--                OCTET STRING,
--            swACLPktContRuleOffsetChunk3OffsetValue
--                INTEGER,
--            swACLPktContRuleOffsetChunk3Content
--                OCTET STRING,
--            swACLPktContRuleOffsetChunk4OffsetValue
--                INTEGER,
--            swACLPktContRuleOffsetChunk4Content
--                OCTET STRING,
--             swACLPktContRuleOptionEnablePriority
--             	INTEGER,
--             swACLPktContRuleOptionPriority
--                 INTEGER,
--             swACLPktContRuleOptionReplacePriority
--                 INTEGER,
--             swACLPktContRuleOptionEnableReplaceDscp
--                 INTEGER,
--             swACLPktContRuleOptionRepDscp
--                 INTEGER,
--             swACLPktContRuleOptionPermit
--                 INTEGER,
--             swACLPktContRuleOptionPort
--                 PortList,
--             swACLPktContRuleOptionRowStatus
--                 RowStatus,
--             swACLPktContRuleOptionOwner
--                 INTEGER,
-- 	    swACLPktContRuleOptionRxRate
--                 INTEGER,
--             swACLPktContRuleOptionEnableReplaceTosPrecedence
--                 INTEGER,
--             swACLPktContRuleOptionRepTosPrecedence
--                 INTEGER,
--             swACLPktContRuleOptionVID
--                 INTEGER
--         }
--     swACLPktContRuleOptionProfileID OBJECT-TYPE
--         SYNTAX  INTEGER
--         MAX-ACCESS  read-only
--         STATUS  current
--         DESCRIPTION
-- 	    "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
--         ::= { swACLPktContRuleOptionEntry 1 }

--     swACLPktContRuleOptionAccessID OBJECT-TYPE
--         SYNTAX  INTEGER (0..65535)
--         MAX-ACCESS  read-only
--         STATUS  current
--         DESCRIPTION
--             "The ID of the ACL rule entry in relation to the swACLPktContRuleProfileID.
--              When row creation is set to 0, access ID is automatically created
--              for the ports in the swACLPktContRulePort to create rule entries
--              for swACLPktContRulePort accordingly.
--              Set to 1-65535 indicates to creswACLPktContRuleRepDscpate the exact access ID
--              for the swACLPktContRulePort. The swACLPktContRulePort must be set to
--              one port only, otherwise the row creation will fail."
--         ::= { swACLPktContRuleOptionEntry 2 }

--    swACLPktContRuleOffsetChunk1OffsetValue  OBJECT-TYPE
--         SYNTAX  INTEGER (0..31)
--         MAX-ACCESS  read-only
--         STATUS  current
--         DESCRIPTION
-- 	    "Displays the frame content offset of chunk1."
--         ::= { swACLPktContRuleOptionEntry 3 }

--    swACLPktContRuleOffsetChunk1Content  OBJECT-TYPE
--        SYNTAX  OCTET STRING (SIZE(4))
--        MAX-ACCESS  read-create
--        STATUS  current
--        DESCRIPTION
--            "Specifies the frame content of chunk1."
--        ::= { swACLPktContRuleOptionEntry 4 }

--    swACLPktContRuleOffsetChunk2OffsetValue  OBJECT-TYPE
--         SYNTAX  INTEGER (0..31)
--         MAX-ACCESS  read-only
--         STATUS  current
--         DESCRIPTION
-- 	    "Displays the frame content offset of chunk2."
--         ::= { swACLPktContRuleOptionEntry 5 }

--     swACLPktContRuleOffsetChunk2Content  OBJECT-TYPE
--        SYNTAX  OCTET STRING (SIZE(4))
--        MAX-ACCESS  read-create
--        STATUS  current
--        DESCRIPTION
--            "Specifies the frame content of chunk2."
--        ::= { swACLPktContRuleOptionEntry 6 }

--     swACLPktContRuleOffsetChunk3OffsetValue  OBJECT-TYPE
--         SYNTAX  INTEGER (0..31)
--         MAX-ACCESS  read-only
--         STATUS  current
--         DESCRIPTION
-- 	    "Displays the frame content offset of chunk3."
--         ::= { swACLPktContRuleOptionEntry 7 }

--     swACLPktContRuleOffsetChunk3Content  OBJECT-TYPE
--        SYNTAX  OCTET STRING (SIZE(4))
--        MAX-ACCESS  read-create
--        STATUS  current
--        DESCRIPTION
--            "Specifies the frame content of chunk3."
--        ::= { swACLPktContRuleOptionEntry 8 }

--      swACLPktContRuleOffsetChunk4OffsetValue  OBJECT-TYPE
--         SYNTAX  INTEGER (0..31)
--         MAX-ACCESS  read-only
--         STATUS  current
--         DESCRIPTION
-- 	    "Displays the frame content offset of chunk4."
--         ::= { swACLPktContRuleOptionEntry 9 }

--      swACLPktContRuleOffsetChunk4Content  OBJECT-TYPE
--        SYNTAX  OCTET STRING (SIZE(4))
--        MAX-ACCESS  read-create
--        STATUS  current
--        DESCRIPTION
--            "Specifies the frame content of chunk4."
--        ::= { swACLPktContRuleOptionEntry 10 }

--     swACLPktContRuleOptionEnablePriority OBJECT-TYPE
--         SYNTAX  INTEGER {
--                enabled(1),
--                disabled(2)
--                }
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
--             "Specifies that the access rule will only apply to packets with this
--              priority value."
--         ::= { swACLPktContRuleOptionEntry 11 }

--     swACLPktContRuleOptionPriority OBJECT-TYPE
--         SYNTAX  INTEGER(0..7)
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
-- 	    "Specifies that the priority will change for the packets while the swACLPktContRuleReplacePriority
--          is enabled ."
--         ::= { swACLPktContRuleOptionEntry 12 }

--     swACLPktContRuleOptionReplacePriority OBJECT-TYPE
--         SYNTAX  INTEGER {
--                enabled(1),
--                disabled(2)
--                }
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
-- 	    "Specifies if the switch will change priorities of packets that match the access profile
-- 	    802.1p priority tag or not."
--         ::= { swACLPktContRuleOptionEntry 13 }

--     swACLPktContRuleOptionEnableReplaceDscp OBJECT-TYPE
--         SYNTAX  INTEGER {
--                enabled(1),
--                disabled(2)
--                }
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
--             "Specifies if the switch will change priorities of packets that match the access profile
-- 	     DSCP field or not.
--              Replace DSCP and replace ToS precedence can not both be supported.  	    	"
--         ::= { swACLPktContRuleOptionEntry 14 }

--     swACLPktContRuleOptionRepDscp OBJECT-TYPE
--         SYNTAX  INTEGER(0..63)
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
--             "Specifies a value to be written to the DSCP field of an incoming packet
--              that meets the criteria specified in the first part of the command.
--              This value will over-write the value in the DSCP field of the packet."
--         ::= { swACLPktContRuleOptionEntry 15 }

--     swACLPktContRuleOptionPermit OBJECT-TYPE
--         SYNTAX  INTEGER {
--                deny(1),
--                permit(2),
--                mirror(3)
--                }
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
-- 	    "This object indicates if the result of the packet examination is 'permit' or 'deny'.
-- 	     The default is 'permit'.
--              permit - Specifies that packets that match the access profile are
--                       permitted to be forwarded by the switch.
--              deny - Specifies that packets that match the access profile
--                     are not permitted to be forwarded by the switch and will be filtered.
--              mirror - Specifies that the packets that match the access profile are copied to
--                       the mirror port.
--                       Note: The ACL mirror function will function after mirror is enabled
--                       and a mirror port has been configured."
--         ::= { swACLPktContRuleOptionEntry 16 }

--     swACLPktContRuleOptionPort OBJECT-TYPE
--         SYNTAX  PortList
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
--              "Specifies that the access rule will only apply to port(s). 
--               This object and swACLPktContRuleOptionVID can not be set together. "
--          ::= { swACLPktContRuleOptionEntry 17 }

--     swACLPktContRuleOptionRowStatus OBJECT-TYPE
--         SYNTAX  RowStatus
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
--             "This object indicates the status of this entry."
--         ::= { swACLPktContRuleOptionEntry 18 }

--     swACLPktContRuleOptionOwner OBJECT-TYPE
--         SYNTAX  INTEGER {
--                any(1),
--                acl(2),
--                ipbind(3),
--                other(4),
--                dhcp(5),
--                netbios(6),
--                ext-netbios(7)
--                }
--         MAX-ACCESS  read-only
--         STATUS  current
--         DESCRIPTION
--             "The owner of the ACL rule entry. Only owners can modify this entry."
--         ::= { swACLPktContRuleOptionEntry 19 }

--    swACLPktContRuleOptionRxRate  OBJECT-TYPE
--         SYNTAX  INTEGER
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
--             "Specifies the rx-rate, 0 denotes no_limit. The maximum value of this object depends on the device."
--         ::= { swACLPktContRuleOptionEntry 20 }

--     swACLPktContRuleOptionEnableReplaceTosPrecedence OBJECT-TYPE
--         SYNTAX  INTEGER {
--                enabled(1),
--                disabled(2)
--                }
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
--             "Specifies if the switch will change priorities of packets that match the access profile
--              ToS precedence field or not.
--              Replace DSCP and replace ToS precedence can not both be supported.              
--             "
--         ::= { swACLPktContRuleOptionEntry 21 }

--     swACLPktContRuleOptionRepTosPrecedence OBJECT-TYPE
--         SYNTAX  INTEGER(0..7)
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
--             "Specifies a value to be written to the ToS precedence field of an incoming packet
--              that meets the criteria specified in the first part of the command.
--              This value will over-write the value in the ToS precedence field of the packet."
--         ::= { swACLPktContRuleOptionEntry 22 }

--     swACLPktContRuleOptionVID OBJECT-TYPE
--         SYNTAX  INTEGER (0..4094)
--         MAX-ACCESS  read-create
--         STATUS  current
--         DESCRIPTION
--             "Specifies this rule only applies to the specified VLAN. There are two conditions:
--              1.only the portlist that belongs to this VLAN will be included;
--              2.packets must belong to this VLAN.

--              This object and swACLPktContRuleOptionPort can not be set together.
-- 	     When you set swACLPktContRuleOptionPort, the value of this object will automatically change to 0.
-- 	     And this object can not be set 0."
--         ::= { swACLPktContRuleOptionEntry 23 }

-- -----------------------------------------------------------------------------
-- swACLCounterTable
-- -----------------------------------------------------------------------------
       swACLCounterTable OBJECT-TYPE
           SYNTAX      SEQUENCE OF SwACLCounterEntry
           MAX-ACCESS  not-accessible
           STATUS      current
           DESCRIPTION
               "This table maintains counter information associated with a specific
                rule in the ACL rule table. Please refer to the swACLEtherRuleTable,
                swACLIpRuleTable, swACLIpv6RuleTable and swACLPktContRuleTable
                for detailed ACL rule information."
           ::= { swAclRuleMgmt 8 }

       swACLCounterEntry OBJECT-TYPE
           SYNTAX      SwACLCounterEntry
           MAX-ACCESS  not-accessible
           STATUS      current
           DESCRIPTION
               "The entry maintains counter information associated with the ACL
                rule table."
           INDEX { swACLCounterProfileID, swACLCounterAccessID}
           ::= { swACLCounterTable 1 }

       SwACLCounterEntry ::=
           SEQUENCE {
               swACLCounterProfileID
                   INTEGER,
               swACLCounterAccessID
                   INTEGER,
               swACLCounterState
                   INTEGER,
               swACLCounterTotalCounter
                   Counter64,
               swACLCounterGreenCounter
                   Counter64,
               swACLCounterYellowCounter
                   Counter64,
               swACLCounterRedCounter
              	   Counter64
           }

    swACLCounterProfileID OBJECT-TYPE
        SYNTAX      INTEGER
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "The ID of the ACL mask entry, which is unique in the mask
             list."
        ::= { swACLCounterEntry 1 }

    swACLCounterAccessID OBJECT-TYPE
        SYNTAX      INTEGER(1..65535)
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "The ID of the ACL rule entry as related to the
             swACLCounterProfileID."
        ::= { swACLCounterEntry 2 }

    swACLCounterState OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
            "Specifies whether the counter feature will be enabled/disabled.
	     1.	This is optional. The default is disable.
	     2.	If the rule is not bound with flow_meter, then all packets that match will be counted.
	     If the rule is bound with flow_meter, then the 'counter' will be overridden.
	     "
        ::= { swACLCounterEntry 3 }

    swACLCounterTotalCounter OBJECT-TYPE
        SYNTAX  Counter64
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The number of matched packets."
        ::= { swACLCounterEntry 4 }

    swACLCounterGreenCounter OBJECT-TYPE
        SYNTAX  Counter64
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The number of matched green packets."
        ::= { swACLCounterEntry 5 }

    swACLCounterYellowCounter OBJECT-TYPE
        SYNTAX  Counter64
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The number of matched yellow packets."
        ::= { swACLCounterEntry 6 }

    swACLCounterRedCounter OBJECT-TYPE
        SYNTAX  Counter64
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The number of matched red packets."
        ::= { swACLCounterEntry 7 }

-- -----------------------------------------------------------------------------
-- swACLPktContRuleVarOffsetTable
-- -----------------------------------------------------------------------------
    swACLPktContRuleVarOffsetTable OBJECT-TYPE
           SYNTAX SEQUENCE OF SwACLPktContRuleVarOffsetEntry
           MAX-ACCESS  not-accessible
           STATUS current
           DESCRIPTION
               "This table is used to configure ACL user defined packet content 
               rules for devices that support limited selection of packet content."
           ::= { swAclRuleMgmt 9 }

	swACLPktContRuleVarOffsetEntry OBJECT-TYPE
		SYNTAX  SwACLPktContRuleVarOffsetEntry
		MAX-ACCESS  not-accessible
		STATUS  current
		DESCRIPTION
			"A list which contains information on the ACL rules for user-defined parts of a packet."
		INDEX  { swACLPktContRuleVarOffsetProfileID,swACLPktContRuleVarOffsetAccessID }
		::= { swACLPktContRuleVarOffsetTable 1 }

	SwACLPktContRuleVarOffsetEntry ::=
	SEQUENCE {
		swACLPktContRuleVarOffsetProfileID
			INTEGER,
		swACLPktContRuleVarOffsetAccessID
			INTEGER,
		swACLPktContRuleVarOffsetOffsetIndex1
			INTEGER,
		swACLPktContRuleVarOffsetMask1
			OCTET STRING,
		swACLPktContRuleVarOffsetData1
			OCTET STRING,
		swACLPktContRuleVarOffsetOffsetIndex2
			INTEGER,
		swACLPktContRuleVarOffsetMask2
			OCTET STRING,
		swACLPktContRuleVarOffsetData2
			OCTET STRING,
		swACLPktContRuleVarOffsetOffsetIndex3
			INTEGER,
		swACLPktContRuleVarOffsetMask3
			OCTET STRING,
		swACLPktContRuleVarOffsetData3
			OCTET STRING,
		swACLPktContRuleVarOffsetOffsetIndex4
			INTEGER,
		swACLPktContRuleVarOffsetMask4
			OCTET STRING,
		swACLPktContRuleVarOffsetData4
			OCTET STRING,
		swACLPktContRuleVarOffsetOffsetIndex5
			INTEGER,
		swACLPktContRuleVarOffsetMask5
			OCTET STRING,
		swACLPktContRuleVarOffsetData5
			OCTET STRING,
		swACLPktContRuleVarOffsetEnablePriority
			INTEGER,
		swACLPktContRuleVarOffsetPriority
			INTEGER,
		swACLPktContRuleVarOffsetReplacePriority
			INTEGER,
--		swACLPktContRuleVarOffsetEnableReplaceDscp
--			INTEGER,
--		swACLPktContRuleVarOffsetRepDscp
--			INTEGER,
		swACLPktContRuleVarOffsetRxRate
			INTEGER,
		swACLPktContRuleVarOffsetPermit
			INTEGER,
		swACLPktContRuleVarOffsetPort
			PortList,
--		swACLPktContRuleVarOffsetSwAclState
--			INTEGER,
--		swACLPktContRuleVarOffsetTimeRange
--			OCTET STRING,
		swACLPktContRuleVarOffsetRowStatus
			RowStatus,
		swACLPktContRuleVarOffsetReplacePriorityWith
			INTEGER
		}

	swACLPktContRuleVarOffsetProfileID OBJECT-TYPE
		SYNTAX  INTEGER (1..256)
		MAX-ACCESS  read-only
		STATUS  current
		DESCRIPTION
			"The ID of ACL mask entry, which is unique to the mask list."
		::= { swACLPktContRuleVarOffsetEntry 1 }

	swACLPktContRuleVarOffsetAccessID OBJECT-TYPE
		SYNTAX  INTEGER (1..65535)
		MAX-ACCESS  read-only
		STATUS  current
		DESCRIPTION
			"The ID of ACL rule entry related to swACLPktContRuleVarOffsetProfileID."
		::= { swACLPktContRuleVarOffsetEntry 2 }

	swACLPktContRuleVarOffsetOffsetIndex1 OBJECT-TYPE
		SYNTAX	INTEGER(0..76)
		MAX-ACCESS	read-create
		STATUS	current
		DESCRIPTION
			"Specifies the first offset will apply in getting the mask for this rule."
		::={ swACLPktContRuleVarOffsetEntry 8 }

	swACLPktContRuleVarOffsetMask1 OBJECT-TYPE
		SYNTAX	OCTET STRING (SIZE(4))
		MAX-ACCESS	read-only
		STATUS	current
		DESCRIPTION
			"Display the mask for this rule. This mask corresponds to swACLPktContRuleVarOffsetOffsetIndex1 and swACLPktContRuleVarOffsetData1."
		::={ swACLPktContRuleVarOffsetEntry 9 }

	swACLPktContRuleVarOffsetData1 OBJECT-TYPE
		SYNTAX	OCTET STRING (SIZE(4))
		MAX-ACCESS	read-create
		STATUS	current
		DESCRIPTION
			"Specifies the data for this rule. This rule relates to swACLPktContRuleVarOffsetOffsetIndex1 and swACLPktContRuleVarOffsetMask1."
		::={ swACLPktContRuleVarOffsetEntry 10 }

	swACLPktContRuleVarOffsetOffsetIndex2 OBJECT-TYPE
		SYNTAX	INTEGER(0..76)
		MAX-ACCESS	read-create
		STATUS	current
		DESCRIPTION
			"Specifies the second offset will apply in getting the mask for this rule."
		::={ swACLPktContRuleVarOffsetEntry 11 }

	swACLPktContRuleVarOffsetMask2 OBJECT-TYPE
		SYNTAX	OCTET STRING (SIZE(4))
		MAX-ACCESS	read-only
		STATUS	current
		DESCRIPTION
			"Display the mask for this rule. This mask corresponds to swACLPktContRuleVarOffsetOffsetIndex2 and swACLPktContRuleVarOffsetData2."
		::={ swACLPktContRuleVarOffsetEntry 12 }

	swACLPktContRuleVarOffsetData2 OBJECT-TYPE
		SYNTAX	OCTET STRING (SIZE(4))
		MAX-ACCESS	read-create
		STATUS	current
		DESCRIPTION
			"Specifies the data for this rule. This rule relates to swACLPktContRuleVarOffsetOffsetIndex2 and swACLPktContRuleVarOffsetMask2."
		::={ swACLPktContRuleVarOffsetEntry 13 }

	swACLPktContRuleVarOffsetOffsetIndex3 OBJECT-TYPE
		SYNTAX	INTEGER(0..76)
		MAX-ACCESS	read-create
		STATUS	current
		DESCRIPTION
			"Specifies the third offset will apply in getting the mask for this rule."
		::={ swACLPktContRuleVarOffsetEntry 14 }

	swACLPktContRuleVarOffsetMask3 OBJECT-TYPE
		SYNTAX	OCTET STRING (SIZE(4))
		MAX-ACCESS	read-only
		STATUS	current
		DESCRIPTION
			"Display the mask for this rule. This mask corresponds to swACLPktContRuleVarOffsetOffsetIndex3 and swACLPktContRuleVarOffsetData3."
		::={ swACLPktContRuleVarOffsetEntry 15 }

	swACLPktContRuleVarOffsetData3 OBJECT-TYPE
		SYNTAX	OCTET STRING (SIZE(4))
		MAX-ACCESS	read-create
		STATUS	current
		DESCRIPTION
			"Specifies the data for this rule. This rule relates to swACLPktContRuleVarOffsetOffsetIndex3 and swACLPktContRuleVarOffsetMask3."
		::={ swACLPktContRuleVarOffsetEntry 16 }

	swACLPktContRuleVarOffsetOffsetIndex4 OBJECT-TYPE
		SYNTAX	INTEGER(0..76)
		MAX-ACCESS	read-create
		STATUS	current
		DESCRIPTION
			"Specifies the fourth offset will apply in getting the mask for this rule."
		::={ swACLPktContRuleVarOffsetEntry 17 }

	swACLPktContRuleVarOffsetMask4 OBJECT-TYPE
		SYNTAX	OCTET STRING (SIZE(4))
		MAX-ACCESS	read-only
		STATUS	current
		DESCRIPTION
			"Display the mask for this rule. This mask corresponds to swACLPktContRuleVarOffsetOffsetIndex4 and swACLPktContRuleVarOffsetData4."
		::={ swACLPktContRuleVarOffsetEntry 18 }

	swACLPktContRuleVarOffsetData4 OBJECT-TYPE
		SYNTAX	OCTET STRING (SIZE(4))
		MAX-ACCESS	read-create
		STATUS	current
		DESCRIPTION
			"Specifies the data for this rule. This rule relates to swACLPktContRuleVarOffsetOffsetIndex4 and swACLPktContRuleVarOffsetMask4."
		::={ swACLPktContRuleVarOffsetEntry 19 }

	swACLPktContRuleVarOffsetOffsetIndex5 OBJECT-TYPE
		SYNTAX	INTEGER(0..76)
		MAX-ACCESS	read-create
		STATUS	current
		DESCRIPTION
			"Specifies the fifth offset will apply in getting the mask for this rule."
		::={ swACLPktContRuleVarOffsetEntry 20 }

	swACLPktContRuleVarOffsetMask5 OBJECT-TYPE
		SYNTAX	OCTET STRING (SIZE(4))
		MAX-ACCESS	read-only
		STATUS	current
		DESCRIPTION
			"Display the mask for this rule. This mask corresponds to swACLPktContRuleVarOffsetOffsetIndex5 and swACLPktContRuleVarOffsetData5."
		::={ swACLPktContRuleVarOffsetEntry 21 }

	swACLPktContRuleVarOffsetData5 OBJECT-TYPE
		SYNTAX	OCTET STRING (SIZE(4))
		MAX-ACCESS	read-create
		STATUS	current
		DESCRIPTION
			"Specifies the data for this rule. This rule relates to swACLPktContRuleVarOffsetOffsetIndex5 and swACLPktContRuleVarOffsetMask5."
		::={ swACLPktContRuleVarOffsetEntry 22 }

	swACLPktContRuleVarOffsetEnablePriority OBJECT-TYPE
		SYNTAX  INTEGER {
			enabled(1),
			disabled(2)
			}
		MAX-ACCESS  read-create
		STATUS  current
		DESCRIPTION
			"Specifies that the access rule will apply only to packets with this
			priority value."
		::= { swACLPktContRuleVarOffsetEntry 23 }

	swACLPktContRuleVarOffsetPriority OBJECT-TYPE
		SYNTAX  INTEGER(0..7)
		MAX-ACCESS  read-create
		STATUS  current
		DESCRIPTION
			"Specifies the priority will change to the packets."
		::= { swACLPktContRuleVarOffsetEntry 24 }

	swACLPktContRuleVarOffsetReplacePriority OBJECT-TYPE
		SYNTAX  INTEGER {
			enabled(1),
			disabled(2)
			}
		MAX-ACCESS  read-create
		STATUS  current
		DESCRIPTION
			"Specifies if the switch will change priorities of packets that match the access profile
			802.1p priority tag or not ."
		::= { swACLPktContRuleVarOffsetEntry 25 }

--	swACLPktContRuleVarOffsetEnableReplaceDscp OBJECT-TYPE
--		SYNTAX  INTEGER {
--			enabled(1),
--			disabled(2)
--			}
--		MAX-ACCESS  read-create
--		STATUS  current
--		DESCRIPTION
--			"Specifies if the switch will change priorities of packets that match the access profile
--			DSCP field or not ."
--		::= { swACLPktContRuleVarOffsetEntry 26 }

--	swACLPktContRuleVarOffsetRepDscp OBJECT-TYPE
--		SYNTAX  INTEGER(0..63)
--		MAX-ACCESS  read-create
--		STATUS  current
--		DESCRIPTION
--			"specify a value to be written to the DSCP field of an incoming packet
--			that meets the criteria specified in the first part of the command.
--			This value will over-write the value in the DSCP field of the packet."
--		::= { swACLPktContRuleVarOffsetEntry 27 }

	swACLPktContRuleVarOffsetRxRate	OBJECT-TYPE
		SYNTAX	INTEGER(64..1024000)
		MAX-ACCESS	read-write
		STATUS	current
		DESCRIPTION
			"Specifies that the access rule will apply an RX rate. 0 denotes no limit."
		::={ swACLPktContRuleVarOffsetEntry 28 }

	swACLPktContRuleVarOffsetPermit OBJECT-TYPE
		SYNTAX  INTEGER {
			deny(1),
			permit(2)
			}
		MAX-ACCESS  read-create
		STATUS  current
		DESCRIPTION
			"This object indicates the result of the packet examination is to permit or deny.
			The default is permit.
			permit - Specifies that packets that match the access profile are
			permitted to be forwarded by the switch.
			deny - Specifies that packets that do not match the access profile
			are not permitted to be forwarded by the switch and will be filtered."
		::= { swACLPktContRuleVarOffsetEntry 29 }

	swACLPktContRuleVarOffsetPort OBJECT-TYPE
		SYNTAX  PortList
		MAX-ACCESS  read-create
		STATUS  current
		DESCRIPTION
			"Specifies that the access rule will apply only to port(s)."
		::= { swACLPktContRuleVarOffsetEntry 30 }

--	swACLPktContRuleVarOffsetSwAclState OBJECT-TYPE
--		SYNTAX  INTEGER {
--			enable(1),
--			disable(2)
--			}
--		MAX-ACCESS  read-create
--		STATUS  current
--		DESCRIPTION
--			"Specifies that the access rule will apply only to software ACL state."
--		::= { swACLPktContRuleVarOffsetEntry 31 }

--	swACLPktContRuleVarOffsetTimeRange	 OBJECT-TYPE
--		SYNTAX	OCTET STRING(SIZE(1..32))
--		MAX-ACCESS	read-write
--		STATUS	current
--		DESCRIPTION
--			"Specifies that the access rule will apply to time range while Time-based ACL is enabled."
--		::={ swACLPktContRuleVarOffsetEntry 32 }

	swACLPktContRuleVarOffsetRowStatus OBJECT-TYPE
		SYNTAX  RowStatus
		MAX-ACCESS  read-create
		STATUS  current
		DESCRIPTION
			"This object indicates the status of this entry."
		::= { swACLPktContRuleVarOffsetEntry 33 }

	swACLPktContRuleVarOffsetReplacePriorityWith OBJECT-TYPE
        SYNTAX  INTEGER(0..7)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "The value of this node will be used to replace the 802.1p priority tag of the packet that matched the access profile."
        ::= { swACLPktContRuleVarOffsetEntry 34 }
        
-- -----------------------------------------------------------------------------
-- swCpuAclEthernetTable
-- -----------------------------------------------------------------------------
    swCpuAclEthernetTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwCpuAclEthernetEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains software ACL mask Ethernet information.
             Access profiles will be created on the switch to define which
             part of each incoming frame's layer 2 header will be examined by
             the switch. Masks entered will be combined with the values
             the switch finds in the specified frame header fields."
        ::= { swCpuAclMaskMgmt 1 }

    swCpuAclEthernetEntry OBJECT-TYPE
        SYNTAX  SwCpuAclEthernetEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about Ethernet ACL masks."
        INDEX  { swCpuAclEthernetProfileID }
        ::= { swCpuAclEthernetTable 1 }

    SwCpuAclEthernetEntry ::=
        SEQUENCE {
            swCpuAclEthernetProfileID
                INTEGER,
            swCpuAclEthernetUsevlan
                INTEGER,
            swCpuAclEthernetMacAddrMaskState
                INTEGER,
            swCpuAclEthernetSrcMacAddrMask
                MacAddress,
            swCpuAclEthernetDstMacAddrMask
                MacAddress,
            swCpuAclEthernetUse8021p
                INTEGER,
            swCpuAclEthernetUseEthernetType
                INTEGER,
            swCpuAclEthernetRowStatus
                RowStatus
        }
    swCpuAclEthernetProfileID OBJECT-TYPE
        SYNTAX  INTEGER 
        MAX-ACCESS  read-only	--read-create
        STATUS  current
        DESCRIPTION
            "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
        ::= { swCpuAclEthernetEntry 1 }

    swCpuAclEthernetUsevlan OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the switch will examine the VLAN part of each packet header."
        ::= { swCpuAclEthernetEntry 2 }

    swCpuAclEthernetMacAddrMaskState OBJECT-TYPE
		SYNTAX  INTEGER {
               other(1),
               dst-mac-addr(2),
               src-mac-addr(3),
               dst-src-mac-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of the MAC address mask.

            other (1) - Neither source MAC addresses nor destination MAC addresses are
                masked.
            dst-mac-addr (2) - Destination MAC addresses within received frames are
            	to be filtered when matched with the MAC address entry of the table.
            src-mac-addr (3) - Source MAC address within received frames are to
            	be filtered when matched with the MAC address entry of the table.
            dst-src-mac-addr (4) - Source or destination MAC addresses within received
            	frames are to be filtered when matched with the MAC address entry of this table."
        ::= { swCpuAclEthernetEntry 3 }

    swCpuAclEthernetSrcMacAddrMask OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object specifies the MAC address mask for the source MAC address."
        ::= { swCpuAclEthernetEntry 4 }

    swCpuAclEthernetDstMacAddrMask OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object specifies the MAC address mask for the destination MAC address."
        ::= { swCpuAclEthernetEntry 5 }

    swCpuAclEthernetUse8021p OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will examine the 802.1p priority value in the frame's header
              or not."
        ::= { swCpuAclEthernetEntry 6 }

    swCpuAclEthernetUseEthernetType OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will examine the Ethernet type value in each frame's header
              or not."
        ::= { swCpuAclEthernetEntry 7 }

    swCpuAclEthernetRowStatus OBJECT-TYPE --swCpuAclEthernetState
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swCpuAclEthernetEntry 8 }

-- -----------------------------------------------------------------------------
-- swCpuAclIpTable
-- -----------------------------------------------------------------------------
    swCpuAclIpTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwCpuAclIpEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains software ACL mask IP information.
             Access profiles will be created on the switch to define which
             parts of each incoming frame's IP layer 2 header will be examined
             by the switch. Masks entered will be combined with the
             values the switch finds in the specified frame header fields."
        ::= { swCpuAclMaskMgmt 2 }

    swCpuAclIpEntry OBJECT-TYPE
        SYNTAX  SwCpuAclIpEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about the software ACL of the IP Layer."
        INDEX  { swCpuAclIpProfileID }
        ::= { swCpuAclIpTable 1 }

    SwCpuAclIpEntry ::=
        SEQUENCE {
            swCpuAclIpProfileID
                INTEGER,
            swCpuAclIpUsevlan
                INTEGER,
            swCpuAclIpIpAddrMaskState
                INTEGER,
            swCpuAclIpSrcIpAddrMask
                IpAddress,
            swCpuAclIpDstIpAddrMask
                IpAddress,
            swCpuAclIpUseDSCP
                INTEGER,
            swCpuAclIpUseProtoType
                INTEGER,
            swCpuAclIpIcmpOption
                INTEGER,
            swCpuAclIpIgmpOption
                INTEGER,
            swCpuAclIpTcpOption
                INTEGER,
            swCpuAclIpUdpOption
             	INTEGER,
            swCpuAclIpTCPorUDPSrcPortMask
				OCTET STRING,
	    	swCpuAclIpTCPorUDPDstPortMask
				OCTET STRING,
	    	swCpuAclIpTCPFlagBit
				INTEGER,
            swCpuAclIpTCPFlagBitMask
            	INTEGER,
            swCpuAclIpProtoIDOption
                INTEGER,
			swCpuAclIpProtoID
			    INTEGER,
            swCpuAclIpProtoIDMask
                OCTET STRING,
            swCpuAclIpRowStatus
                RowStatus
        }

    swCpuAclIpProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
        ::= { swCpuAclIpEntry 1 }

    swCpuAclIpUsevlan OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates if the IP layer VLAN part is examined or not."
        ::= { swCpuAclIpEntry 2 }

    swCpuAclIpIpAddrMaskState OBJECT-TYPE
		SYNTAX  INTEGER {
               other(1),
               dst-ip-addr(2),
               src-ip-addr(3),
               dst-src-ip-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of IP address mask.

            other (1) - Neither source IP addresses nor destination IP address are
                masked.
            dst-ip-addr (2) - Destination IP addresses within received frames are
            	to be filtered when matched with the IP address entry of this table.
            src-ip-addr (3) - Source IP addresses within received frames are to
            	be filtered when matched with the IP address entry of this table.
            dst-src-ip-addr (4) - Destination or source IP addresses within received
            	frames are to be filtered when matched with the IP address entry of the
            	table."
        ::= { swCpuAclIpEntry 3 }

    swCpuAclIpSrcIpAddrMask OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object specifies the IP address mask for the source IP address."
        ::= { swCpuAclIpEntry 4 }

    swCpuAclIpDstIpAddrMask OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object specifies the IP address mask for the destination IP address."
        ::= { swCpuAclIpEntry 5 }

    swCpuAclIpUseDSCP OBJECT-TYPE
        SYNTAX  INTEGER {
               enabled(1),
               disabled(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates if the DSCP protocol in the packet header is to be examined or not."
        ::= { swCpuAclIpEntry 6 }

    swCpuAclIpUseProtoType OBJECT-TYPE
        SYNTAX  INTEGER {
               none(1),
               icmp(2),
               igmp(3),
               tcp(4),
               udp(5),
               protocolId(6)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates which protocol will be examined."
        ::= { swCpuAclIpEntry 7 }

    swCpuAclIpIcmpOption OBJECT-TYPE
        SYNTAX  INTEGER {
               none(1),
               type(2),
               code(3),
               type-code(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates which fields are identified for ICMP.
            none (1)- Both fields are null.
            type (2)- Type field identified.
            code (3)- Code field identified.
            type-code (4)- Both ICMP fields identified.
            "
        ::= { swCpuAclIpEntry 8 }

    swCpuAclIpIgmpOption OBJECT-TYPE
        SYNTAX  INTEGER {
               enable(1),
               disable(2)
              }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates if the IGMP options field is identified or not."
        ::= { swCpuAclIpEntry 9 }

    swCpuAclIpTcpOption OBJECT-TYPE
        SYNTAX  INTEGER {
               other(1),
               dst-addr(2),
               src-addr(3),
               dst-src-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of filtered addresses of TCP.

           	other (1) - Neither source port nor destination port are
                masked.
             dst-addr (2) - Packets will be filtered if this destination port is
            	identified in received frames.
             src-addr (3) - Packets will be filtered if this source port is
            	identified in received frames.
             dst-src-addr (4) - Packets will be filtered is this destination or
            	source port is identified in received frames."
        ::= { swCpuAclIpEntry 10 }

    swCpuAclIpUdpOption OBJECT-TYPE
        SYNTAX  INTEGER {
               other(1),
               dst-addr(2),
               src-addr(3),
               dst-src-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of filtered addresses of UDP.

            other (1) - Neither source port nor destination port are
                masked.
            dst-addr (2) - Packets will be filtered if this destination port
            	is identified in received frames.
            src-addr (3) - Packets will be filtered if this source port
            	is identified in received frames.
            dst-src-addr (4) - Packets will be filtered if this destination
            	or source port is identified in received frames."

        ::= { swCpuAclIpEntry 11 }

    swCpuAclIpTCPorUDPSrcPortMask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(2))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a TCP port mask for the source port if swCpuAclIpUseProtoType is TCP.
             Specifies a UDP port mask for the source port if swCpuAclIpUseProtoType is UDP.
             "
        ::= { swCpuAclIpEntry 12 }

    swCpuAclIpTCPorUDPDstPortMask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(2))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a TCP port mask for the destination port if swCpuAclIpUseProtoType is TCP.
             Specifies a UDP port mask for the destination port if swCpuAclIpUseProtoType is UDP."
        ::= { swCpuAclIpEntry 13 }

    swCpuAclIpTCPFlagBit OBJECT-TYPE
		SYNTAX  INTEGER {
               enable(1),
               disable(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies a TCP connection flag mask."
        ::= { swCpuAclIpEntry 14 }

    swCpuAclIpTCPFlagBitMask OBJECT-TYPE
        SYNTAX  INTEGER(0..63)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "A value which indicates the set of TCP flags that this
             entity may potentially offer. The value is a sum of flag bits.
             This sum initially takes the value zero. Then, for each flag, L
             is added in the range 1 through 6, for which this node performs
             transactions where 2^(L - 1) is added to the sum.
             Note that values should be calculated accordingly:

                 Flag      functionality
                   6        urg bit
                   5        ack bit
                   4        psh bit
                   3        rst bit
                   2		 syn bit
                   1 		 fin bit
			For example, if you want to enable urg bit and ack bit, you
	     should set value 48{2^(5-1) + 2^(6-1)}."
        ::= { swCpuAclIpEntry 15 }

    swCpuAclIpProtoIDOption OBJECT-TYPE
        SYNTAX  INTEGER {
               enable(1),
               disable(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies if the switch will examine each frame's Protocol ID field or not."
        ::= { swCpuAclIpEntry 16 }

    swCpuAclIpProtoID OBJECT-TYPE
        SYNTAX  INTEGER(0..255)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            ""
        ::= { swCpuAclIpEntry 17 }


    swCpuAclIpProtoIDMask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(20))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the IP protocol ID and the mask options
             behind the IP header."
        ::= { swCpuAclIpEntry 18 }

    swCpuAclIpRowStatus OBJECT-TYPE
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swCpuAclIpEntry 19 }

-- -----------------------------------------------------------------------------
-- swCpuAclPktContMaskTable
-- -----------------------------------------------------------------------------
    swCpuAclPktContMaskTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwCpuAclPktContMaskEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
	    "This table contains user-defined software ACL information.
	     Access profiles will be created on the switch to define which
	     part of each incoming frame's user-defined part of the packet header
	     will be examined by the switch. Masks entered will be combined
              with the values the switch finds in the specified frame header fields."
        ::= { swCpuAclMaskMgmt 3 }

    swCpuAclPktContMaskEntry OBJECT-TYPE
        SYNTAX  SwCpuAclPktContMaskEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about user-defined software ACLs."
        INDEX  { swCpuAclPktContMaskProfileID }
        ::= { swCpuAclPktContMaskTable 1 }

    SwCpuAclPktContMaskEntry ::=
        SEQUENCE {
            swCpuAclPktContMaskProfileID
                INTEGER,
            swCpuAclPktContMaskOffset0to15
                OCTET STRING,
            swCpuAclPktContMaskOffset16to31
                OCTET STRING,
            swCpuAclPktContMaskOffset32to47
                OCTET STRING,
            swCpuAclPktContMaskOffset48to63
                OCTET STRING,
            swCpuAclPktContMaskOffset64to79
                OCTET STRING,
            swCpuAclPktContMaskRowStatus
                RowStatus
        }
    swCpuAclPktContMaskProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only	--read-create
        STATUS  current
        DESCRIPTION
            "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
        ::= { swCpuAclPktContMaskEntry 1 }

    swCpuAclPktContMaskOffset0to15 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the packet content (Offset0to15) and
             the mask options."
        ::= { swCpuAclPktContMaskEntry 2 }

    swCpuAclPktContMaskOffset16to31 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the packet content (Offset16to31) and
             the mask options."
         ::= { swCpuAclPktContMaskEntry 3 }

    swCpuAclPktContMaskOffset32to47 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the packet content (Offset32to47) and
             the mask options."
        ::= { swCpuAclPktContMaskEntry 4 }

    swCpuAclPktContMaskOffset48to63 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the packet content (Offset48to63) and
             the mask options."
        ::= { swCpuAclPktContMaskEntry 5 }

    swCpuAclPktContMaskOffset64to79 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the packet content (Offset64to79) and
             the mask options."
        ::= { swCpuAclPktContMaskEntry 6 }

    swCpuAclPktContMaskRowStatus OBJECT-TYPE --swCpuAclEthernetState
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swCpuAclPktContMaskEntry 7 }

-- -----------------------------------------------------------------------------
-- swCpuAclIpv6MaskTable
-- -----------------------------------------------------------------------------
    swCpuAclIpv6MaskTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwCpuAclIpv6MaskEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains IPv6 software ACL mask information.
             An access profile will be created on the switch to define which
             part of each incoming frame's IPv6 part of the packet header
             will be examined by switch. Masks entered will be combined
              with the values the switch finds in the specified frame header fields.  "
        ::= { swCpuAclMaskMgmt 4 }

    swCpuAclIpv6MaskEntry OBJECT-TYPE
        SYNTAX  SwCpuAclIpv6MaskEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about user-defined software ACLs."
        INDEX  { swCpuAclIpv6MaskProfileID }
        ::= { swCpuAclIpv6MaskTable 1 }

    SwCpuAclIpv6MaskEntry ::=
        SEQUENCE {
            swCpuAclIpv6MaskProfileID
                INTEGER,
            swCpuAclIpv6MaskClass
                INTEGER,
            swCpuAclIpv6MaskFlowlabel
                INTEGER,
            swCpuAclIpv6IpAddrMaskState
                INTEGER,
            swCpuAclIpv6MaskSrcIpv6Mask
                Ipv6Address,
            swCpuAclIpv6MaskDstIpv6Mask
                Ipv6Address,
            swCpuAclIpv6MaskRowStatus
                RowStatus
        }
    swCpuAclIpv6MaskProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only	--read-create
        STATUS  current
        DESCRIPTION
            "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
        ::= { swCpuAclIpv6MaskEntry 1 }

    swCpuAclIpv6MaskClass OBJECT-TYPE
        SYNTAX  INTEGER {
               enable(1),
               disable(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the IPv6 class field and the mask options."
        ::= { swCpuAclIpv6MaskEntry 2 }

    swCpuAclIpv6MaskFlowlabel OBJECT-TYPE
        SYNTAX  INTEGER {
               enable(1),
               disable(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the IPv6 flowlabel field and the mask options."
        ::= { swCpuAclIpv6MaskEntry 3 }

    swCpuAclIpv6IpAddrMaskState OBJECT-TYPE
		SYNTAX  INTEGER {
               other(1),
               dst-ipv6-addr(2),
               src-ipv6-addr(3),
               dst-src-ipv6-addr(4)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of IPv6 address mask.

            other (1) - Neither source IPv6 address nor destination IPv6 address are
                masked.
             dst-ipv6-addr (2) - Packets will be filtered if this destination IPv6 address
		is identified as a match in received frames.
             src-ipv6-addr (3) - Packets will be filtered if this source IPv6 address
		is identified as a match in received frames.
             dst-src-ipv6-addr (4) - Packets will be filtered if this destination or source
		IPv6 address is identified as a match in received frames."
        ::= { swCpuAclIpv6MaskEntry 4 }

    swCpuAclIpv6MaskSrcIpv6Mask OBJECT-TYPE
        SYNTAX  Ipv6Address
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the source IPv6 address and the mask options.
            This should be a 16 byte octet string."
        ::= { swCpuAclIpv6MaskEntry 5 }

    swCpuAclIpv6MaskDstIpv6Mask OBJECT-TYPE
        SYNTAX  Ipv6Address
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the destination IPv6 address and the mask options.
            This should be a 16 byte octet string."
        ::= { swCpuAclIpv6MaskEntry 6 }

    swCpuAclIpv6MaskRowStatus OBJECT-TYPE
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swCpuAclIpv6MaskEntry 7 }

-- -----------------------------------------------------------------------------
--swCpuACLMaskDelAllState
-- -----------------------------------------------------------------------------
    swCpuACLMaskDelAllState OBJECT-TYPE
        SYNTAX      INTEGER{
    		none(1),
    		start(2)
    		}
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "Used to delete all software ACL masks."
        ::= { swCpuAclMaskMgmt 5 }

-- -----------------------------------------------------------------------------
-- swCpuAclEtherRuleTable
-- -----------------------------------------------------------------------------
    swCpuAclEtherRuleTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwCpuAclEtherRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains Ethernet software ACL rule information."
        ::= { swCpuAclRuleMgmt 1 }

    swCpuAclEtherRuleEntry OBJECT-TYPE
        SYNTAX  SwCpuAclEtherRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about the software ACL rule of the layer 2 part of each packet."
        INDEX  { swCpuAclEtherRuleProfileID,swCpuAclEtherRuleAccessID }
        ::= { swCpuAclEtherRuleTable 1 }

    SwCpuAclEtherRuleEntry ::=
        SEQUENCE {
            swCpuAclEtherRuleProfileID
                INTEGER,
            swCpuAclEtherRuleAccessID
                INTEGER,
            swCpuAclEtherRuleVlan
                SnmpAdminString,
            swCpuAclEtherRuleSrcMacAddress
                MacAddress,
            swCpuAclEtherRuleDstMacAddress
                MacAddress,
            swCpuAclEtherRule8021P
                INTEGER,
            swCpuAclEtherRuleEtherType
                OCTET STRING,
            swCpuAclEtherRulePermit
                INTEGER,
            swCpuAclEtherRuleRowStatus
                RowStatus,
            swCpuAclEtherRulePort
              	PortList
        }

    swCpuAclEtherRuleProfileID OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
        ::= { swCpuAclEtherRuleEntry 1 }

    swCpuAclEtherRuleAccessID OBJECT-TYPE
        SYNTAX  INTEGER (1..65535)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the software ACL rule entry as it relates to swCpuAclEtherRuleProfileID."
        ::= { swCpuAclEtherRuleEntry 2 }

    swCpuAclEtherRuleVlan OBJECT-TYPE
        SYNTAX  SnmpAdminString (SIZE (1..32))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will only apply to this VLAN."
        ::= { swCpuAclEtherRuleEntry 3 }

    swCpuAclEtherRuleSrcMacAddress OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will only apply to the packets with
             this source MAC address."
        ::= { swCpuAclEtherRuleEntry 4 }

    swCpuAclEtherRuleDstMacAddress OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will only apply to the packets               with this destination MAC address."
        ::= { swCpuAclEtherRuleEntry 5 }

    swCpuAclEtherRule8021P OBJECT-TYPE
        SYNTAX  INTEGER(-1..7)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will only apply to packets with
              this 802.1p priority value. A value of -1 indicates that this node is not actively used."
        ::= { swCpuAclEtherRuleEntry 6 }

    swCpuAclEtherRuleEtherType OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE (2))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will only apply to packets with this
             802.1Q Ethernet type value in the packet header."
        ::= { swCpuAclEtherRuleEntry 7 }

    swCpuAclEtherRulePermit OBJECT-TYPE
        SYNTAX  INTEGER {
               deny(1),
               permit(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates if the result of the packet examination is to 'permit' or 'deny'.
             The default is 'permit'.
             permit - Specifies that packets that match the access profile are
                      permitted to be forwarded by the switch.
             deny - Specifies that packets that match the access profile
                    are not permitted to be forwarded by the switch and will be filtered."
        ::= { swCpuAclEtherRuleEntry 8 }

    swCpuAclEtherRuleRowStatus OBJECT-TYPE	--swCpuAclEtherRuleState
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swCpuAclEtherRuleEntry 9 }

     swCpuAclEtherRulePort OBJECT-TYPE
        SYNTAX  PortList
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will only apply to port(s)."
        ::= { swCpuAclEtherRuleEntry 10 }

-- -----------------------------------------------------------------------------
-- swCpuAclIpRuleTable
-- -----------------------------------------------------------------------------
    swCpuAclIpRuleTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwCpuAclIpRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains IPv4 software ACL rule information."
        ::= { swCpuAclRuleMgmt 2 }

    swCpuAclIpRuleEntry OBJECT-TYPE
        SYNTAX  SwCpuAclIpRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about this software ACL rule."
        INDEX  { swCpuAclIpRuleProfileID , swCpuAclIpRuleAccessID }
        ::= { swCpuAclIpRuleTable 1 }

    SwCpuAclIpRuleEntry ::=
        SEQUENCE {
            swCpuAclIpRuleProfileID
                INTEGER,
            swCpuAclIpRuleAccessID
                INTEGER,
            swCpuAclIpRuleVlan
                SnmpAdminString,
            swCpuAclIpRuleSrcIpaddress
            	IpAddress,
            swCpuAclIpRuleDstIpaddress
            	IpAddress,
            swCpuAclIpRuleDscp
            	INTEGER,
            swCpuAclIpRuleProtocol
                INTEGER,
            swCpuAclIpRuleType
            	INTEGER,
            swCpuAclIpRuleCode
            	INTEGER,
            swCpuAclIpRuleSrcPort
            	INTEGER,
            swCpuAclIpRuleDstPort
            	INTEGER,
            swCpuAclIpRuleFlagBits
            	INTEGER,
            swCpuAclIpRuleProtoID
            	INTEGER,
            swCpuAclIpRuleUserMask
            	OCTET STRING,
            swCpuAclIpRulePermit
            	INTEGER,
            swCpuAclIpRuleRowStatus
                RowStatus,
            swCpuAclIpRulePort
            	PortList
        }

    swCpuAclIpRuleProfileID OBJECT-TYPE
        SYNTAX  INTEGER 
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
        ::= { swCpuAclIpRuleEntry 1 }

    swCpuAclIpRuleAccessID OBJECT-TYPE
        SYNTAX  INTEGER (1..65535)
        MAX-ACCESS  read-only	--read-create
        STATUS  current
        DESCRIPTION
            "The ID of the software ACL for the IPv4 rule entry."
        ::= { swCpuAclIpRuleEntry 2 }

    swCpuAclIpRuleVlan OBJECT-TYPE
        SYNTAX  SnmpAdminString (SIZE (1..32))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will apply only to this VLAN."
        ::= { swCpuAclIpRuleEntry 3 }

    swCpuAclIpRuleSrcIpaddress OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies an IP source address."
        ::= { swCpuAclIpRuleEntry 4 }

    swCpuAclIpRuleDstIpaddress OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies an IP destination address."
        ::= { swCpuAclIpRuleEntry 5 }

    swCpuAclIpRuleDscp OBJECT-TYPE
        SYNTAX  INTEGER(-1..63)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the value of DSCP, the value can be configured from 0 to 63.
            A value of -1 indicates that this node is not actively used."
        ::= { swCpuAclIpRuleEntry 6 }

    swCpuAclIpRuleProtocol OBJECT-TYPE
        SYNTAX  INTEGER {
               none(1),
               icmp(2),
               igmp(3),
               tcp(4),
               udp(5),
               protocolId(6)
               }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "Specifies the IP protocol which has been configured in swCpuAclIpEntry."
        ::= { swCpuAclIpRuleEntry 7 }

    swCpuAclIpRuleType OBJECT-TYPE
        SYNTAX  INTEGER(-1..255)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the rule applies to the value of ICMP type traffic.
            A value of -1 indicates that this node is not actively used."
        ::= { swCpuAclIpRuleEntry 8 }

    swCpuAclIpRuleCode OBJECT-TYPE
        SYNTAX  INTEGER(-1..255)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the rule applies to the value of ICMP code traffic.
            A value of -1 indicates that this node is not actively used."
        ::= { swCpuAclIpRuleEntry 9 }

    swCpuAclIpRuleSrcPort OBJECT-TYPE
        SYNTAX  INTEGER(-1..65535)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the rule applies to the range of TCP/UDP source ports.
            A value of -1 indicates that this node is not actively used."
        ::= { swCpuAclIpRuleEntry 10 }

    swCpuAclIpRuleDstPort OBJECT-TYPE
        SYNTAX  INTEGER(-1..65535)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the range of TCP/UDP destination ports.
            A value of -1 indicates that this node is not actively used."
        ::= { swCpuAclIpRuleEntry 11 }

    swCpuAclIpRuleFlagBits OBJECT-TYPE
        SYNTAX  INTEGER(0..63)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "A value which indicates the set of TCP flags that this
            entity may potentially offer. The value is a sum of flag bits.
            This sum initially takes the value zero. Then, for each flag, L
            is added in the range 1 through 6, for which this node performs
            transactions where, 2^(L - 1) is added to the sum.
            Note that values should be calculated accordingly:

                 Flag      functionality
                   6        urg bit
                   5        ack bit
                   4        psh bit
                   3        rst bit
                   2		 syn bit
                   1 		 fin bit
		For example, it you want to enable urg bit and ack bit, you
		should set the value 48{2^(5-1) + 2^(6-1)}."
        ::= { swCpuAclIpRuleEntry 12 }

    swCpuAclIpRuleProtoID OBJECT-TYPE
        SYNTAX  INTEGER(-1..255)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies the rule applies to the value of IP protocol ID traffic.
            A value of -1 indicates that this node is not actively used."
        ::= { swCpuAclIpRuleEntry 13 }

    swCpuAclIpRuleUserMask OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(20))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the IP protocol ID and the range of
             options behind the IP header."
        ::= { swCpuAclIpRuleEntry 14 }

    swCpuAclIpRulePermit OBJECT-TYPE
        SYNTAX  INTEGER {
               deny(1),
               permit(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates if the result of the packet examination is to 'permit' or 'deny'.
             The default is 'permit'.
             permit - Specifies that packets that match the access profile are
                      permitted to be forwarded by the switch.
             deny - Specifies that packets that match the access profile
                    are not permitted to be forwarded by the switch and will be filtered."
        ::= { swCpuAclIpRuleEntry 15 }

    swCpuAclIpRuleRowStatus OBJECT-TYPE
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swCpuAclIpRuleEntry 16 }

     swCpuAclIpRulePort OBJECT-TYPE
        SYNTAX  PortList
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will only apply to port(s)."
        ::= { swCpuAclIpRuleEntry 17 }

-- -----------------------------------------------------------------------------
-- swCpuAclPktContRuleTable
-- -----------------------------------------------------------------------------
    swCpuAclPktContRuleTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwCpuAclPktContRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
	    "This table contains user-defined software ACL rule information."
        ::= { swCpuAclRuleMgmt 3 }

    swCpuAclPktContRuleEntry OBJECT-TYPE
        SYNTAX  SwCpuAclPktContRuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
	    "A list of information about the software ACL rule of the user-defined part of each packet."
        INDEX  { swCpuAclPktContRuleProfileID,swCpuAclPktContRuleAccessID }
        ::= { swCpuAclPktContRuleTable 1 }

    SwCpuAclPktContRuleEntry ::=
        SEQUENCE {
            swCpuAclPktContRuleProfileID
                INTEGER,
            swCpuAclPktContRuleAccessID
                INTEGER,
            swCpuAclPktContRuleOffset0to15
                OCTET STRING,
            swCpuAclPktContRuleOffset16to31
                OCTET STRING,
            swCpuAclPktContRuleOffset32to47
                OCTET STRING,
            swCpuAclPktContRuleOffset48to63
                OCTET STRING,
            swCpuAclPktContRuleOffset64to79
                OCTET STRING,
            swCpuAclPktContRulePermit
                INTEGER,
            swCpuAclPktContRuleRowStatus
                RowStatus,
            swCpuAclPktContRulePort
                PortList
        }
    swCpuAclPktContRuleProfileID OBJECT-TYPE
        SYNTAX  INTEGER 
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
	    "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
        ::= { swCpuAclPktContRuleEntry 1 }

    swCpuAclPktContRuleAccessID OBJECT-TYPE
        SYNTAX  INTEGER (1..65535)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
	    "The ID of the software ACL rule entry related to swCpuAclPktContRuleProfileID."
        ::= { swCpuAclPktContRuleEntry 2 }

    swCpuAclPktContRuleOffset0to15 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the user-defined packet."
        ::= { swCpuAclPktContRuleEntry 3 }

    swCpuAclPktContRuleOffset16to31 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the user-defined packet."
        ::= { swCpuAclPktContRuleEntry 4 }

    swCpuAclPktContRuleOffset32to47 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the user-defined packet."
        ::= { swCpuAclPktContRuleEntry 5 }

    swCpuAclPktContRuleOffset48to63 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the user-defined packet."
        ::= { swCpuAclPktContRuleEntry 6 }

    swCpuAclPktContRuleOffset64to79 OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(16))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the user-defined packet."
        ::= { swCpuAclPktContRuleEntry 7 }

    swCpuAclPktContRulePermit OBJECT-TYPE
        SYNTAX  INTEGER {
               deny(1),
               permit(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
	    "This object indicates if the result of the packet examination is to 'permit' or 'deny'.
	     The default is 'permit'.
             permit - Specifies that packets that match the access profile are
                      permitted to be forwarded by the switch.
             deny - Specifies that packets that match the access profile
                    are not permitted to be forwarded by the switch and will be filtered."
        ::= { swCpuAclPktContRuleEntry 8 }

    swCpuAclPktContRuleRowStatus OBJECT-TYPE
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swCpuAclPktContRuleEntry 9 }

    swCpuAclPktContRulePort OBJECT-TYPE
        SYNTAX  PortList
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will only apply to port(s)."
       ::= { swCpuAclPktContRuleEntry 10 }

-- -----------------------------------------------------------------------------
-- swCpuAclIpv6RuleTable
-- -----------------------------------------------------------------------------
    swCpuAclIpv6RuleTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF SwCpuAclIpv6RuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This table contains user-defined ACL rule information."
        ::= { swCpuAclRuleMgmt 4 }

    swCpuAclIpv6RuleEntry OBJECT-TYPE
        SYNTAX  SwCpuAclIpv6RuleEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "A list of information about the ACL rule of the user-defined part of each packet."
        INDEX  { swCpuAclIpv6RuleProfileID,swCpuAclIpv6RuleAccessID }
        ::= { swCpuAclIpv6RuleTable 1 }

    SwCpuAclIpv6RuleEntry ::=
        SEQUENCE {
            swCpuAclIpv6RuleProfileID
                INTEGER,
            swCpuAclIpv6RuleAccessID
                INTEGER,
            swCpuAclIpv6RuleClass
                INTEGER,
            swCpuAclIpv6RuleFlowlabel
                OCTET STRING,
            swCpuAclIpv6RuleSrcIpv6Addr
                Ipv6Address,
            swCpuAclIpv6RuleDstIpv6Addr
                Ipv6Address,
            swCpuAclIpv6RulePermit
                INTEGER,
            swCpuAclIpv6RuleRowStatus
                RowStatus,
            swCpuAclIpv6RulePort
                PortList
        }
    swCpuAclIpv6RuleProfileID OBJECT-TYPE
        SYNTAX  INTEGER 
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the ACL mask entry. This is unique in the mask list. The maximum value of this object depends on the device."
        ::= { swCpuAclIpv6RuleEntry 1 }

    swCpuAclIpv6RuleAccessID OBJECT-TYPE
        SYNTAX  INTEGER (1..65535)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "The ID of the ACL rule entry in relation to swCpuAclIpv6RuleProfileID."
        ::= { swCpuAclIpv6RuleEntry 2 }

    swCpuAclIpv6RuleClass OBJECT-TYPE
        SYNTAX  INTEGER (0..255)
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the IPv6 class field."
        ::= { swCpuAclIpv6RuleEntry 3 }

    swCpuAclIpv6RuleFlowlabel OBJECT-TYPE
        SYNTAX  OCTET STRING (SIZE(4))
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the IPv6 flowlabel field."
        ::= { swCpuAclIpv6RuleEntry 4 }

    swCpuAclIpv6RuleSrcIpv6Addr OBJECT-TYPE
        SYNTAX  Ipv6Address
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the source IPv6 address.
            This should be a 16 byte octet string."
        ::= { swCpuAclIpv6RuleEntry 5 }

    swCpuAclIpv6RuleDstIpv6Addr OBJECT-TYPE
        SYNTAX  Ipv6Address
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the rule applies to the destination IPv6 address.
            This should be a 16 byte octet string."
        ::= { swCpuAclIpv6RuleEntry 6 }

    swCpuAclIpv6RulePermit OBJECT-TYPE
        SYNTAX  INTEGER {
               deny(1),
               permit(2)
               }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates if the result of the examination is to 'permit' or 'deny'.
             The default is 'permit' (1).
             permit - Specifies that packets that match the access profile are
                      permitted to be forwarded by the switch.
             deny - Specifies that packets that match the access profile
                    are not permitted to be forwarded by the switch and will be filtered."
        ::= { swCpuAclIpv6RuleEntry 7 }

    swCpuAclIpv6RuleRowStatus OBJECT-TYPE
        SYNTAX  RowStatus
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { swCpuAclIpv6RuleEntry 8 }

    swCpuAclIpv6RulePort OBJECT-TYPE
        SYNTAX  PortList
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "Specifies that the access rule will apply only to port(s)."
       ::= { swCpuAclIpv6RuleEntry 9 }

-- -----------------------------------------------------------------------------
-- swAclMeteringMgmt
-- -----------------------------------------------------------------------------
	swAclMeterTable OBJECT-TYPE
		SYNTAX      SEQUENCE OF SwAclMeterEntry
		MAX-ACCESS  not-accessible
		STATUS      current
		DESCRIPTION
		   "This table is used to configure the flow-based metering function.
		    The access rule must first be created before the parameters of this
		    function can be applied. Users may set the preferred bandwidth for
		    this rule, in Kbps; once the bandwidth has been exceeded, overflow
		    packets will be either dropped or set for a drop precedence,
		    depending on user configuration."
		::= { swAclMeteringMgmt 1 }

	swAclMeterEntry OBJECT-TYPE
		SYNTAX      SwAclMeterEntry
		MAX-ACCESS  not-accessible
		STATUS      current
		DESCRIPTION
		   "This entry displays parameters and configurations set for the flow
		    metering function."
		INDEX { swAclMeterProfileID, swAclMeterAccessID}
		::= { swAclMeterTable 1 }

	SwAclMeterEntry ::=
	   SEQUENCE {
	       swAclMeterProfileID
	           INTEGER,
	       swAclMeterAccessID
	           INTEGER,
	       swAclMeterRate
	           INTEGER,
	       swAclMeterActionForRateExceed
	           INTEGER,
               swAclMeterRemarkDscp
                   INTEGER,
               swAclMeterBurstSize
               	   INTEGER,
               swAclMeterMode
               	   INTEGER,
               swAclMeterTrtcmCir
                   INTEGER,
               swAclMeterTrtcmCbs
                   INTEGER,
	       swAclMeterTrtcmPir
                   INTEGER,
               swAclMeterTrtcmPbs
               	   INTEGER,
               swAclMeterTrtcmColorMode
                   INTEGER,
               swAclMeterTrtcmConformState
                   INTEGER,
	       swAclMeterTrtcmConformReplaceDscp
                   INTEGER,
               swAclMeterTrtcmConformCounterState
               	   INTEGER,
 	       swAclMeterTrtcmExceedState
                   INTEGER,
	       swAclMeterTrtcmExceedReplaceDscp
                   INTEGER,
               swAclMeterTrtcmExceedCounterState
               	   INTEGER,
               swAclMeterTrtcmViolateState
                   INTEGER,
               swAclMeterTrtcmViolateReplaceDscp
                   INTEGER,
	       swAclMeterTrtcmViolateCounterState
                   INTEGER,
 	       swAclMeterSrtcmCir
                   INTEGER,
               swAclMeterSrtcmCbs
               	   INTEGER,
               swAclMeterSrtcmEbs
               	   INTEGER,
               swAclMeterSrtcmColorMode
                   INTEGER,
               swAclMeterSrtcmConformState
                   INTEGER,
	       swAclMeterSrtcmConformReplaceDscp
                   INTEGER,
               swAclMeterSrtcmConformCounterState
               	   INTEGER,
 	       swAclMeterSrtcmExceedState
                   INTEGER,
	       swAclMeterSrtcmExceedReplaceDscp
                   INTEGER,
               swAclMeterSrtcmExceedCounterState
               	   INTEGER,
               swAclMeterSrtcmViolateState
                   INTEGER,
               swAclMeterSrtcmViolateReplaceDscp
                   INTEGER,
	       swAclMeterSrtcmViolateCounterState
                   INTEGER,
               swAclMeterRowStatus
               	   RowStatus
	   }

	swAclMeterProfileID OBJECT-TYPE
		SYNTAX      INTEGER
		MAX-ACCESS  read-only
		STATUS      current
		DESCRIPTION
		   "The ID of the ACL mask entry is unique in the mask list. The maximum value of this object depends on the device."
		::= { swAclMeterEntry 1 }

	swAclMeterAccessID OBJECT-TYPE
		SYNTAX      INTEGER(1..65535)
		MAX-ACCESS  read-only
		STATUS      current
		DESCRIPTION
		   "The ID of the ACL rule entry as related to the swAclMeterProfileID."
		::= { swAclMeterEntry 2 }

	swAclMeterRate OBJECT-TYPE
		SYNTAX INTEGER
		MAX-ACCESS  read-create
		STATUS      current
		DESCRIPTION
		   "Specifies the committed bandwidth in Kbps for the flow.
		    NOTE:
		    	1. Specifying 0 will disable this flow meter setting.
		    	2. Users must set the swAclMeterActionForRateExceed object to activate this entry."
		::= { swAclMeterEntry 3 }

	swAclMeterActionForRateExceed OBJECT-TYPE
		SYNTAX INTEGER {
			   other(1),
               drop-packet(2),
               	set-drop-precedence(3),
               	remark-dscp(4)
               }
		MAX-ACCESS  read-create
		STATUS      current
		DESCRIPTION
		   "Specifies the action to take for those packets exceeding the committed rate.
		    NOTE:
		    	Users must also set the swAclMeterRate to activate this entry."
		::= { swAclMeterEntry 4 }

        swAclMeterRemarkDscp OBJECT-TYPE
            SYNTAX  INTEGER (0..63)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Mark the packet with a specified DSCP.
                 It can be set when swAclMeterActionForRateExceed sets remark-dscp (3)."
            ::= { swAclMeterEntry 5 }

       swAclMeterBurstSize OBJECT-TYPE
            SYNTAX  INTEGER
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "This specifies the burst size for the single rate two color mode.
                 The unit is Kbytes. That is to say, 1 means 1kbytes.
                 The set value range is 0..n, the value n is determined by project,
                 the value of 0 means to delete this flow_meter setting."
            ::= { swAclMeterEntry 6 }

        swAclMeterMode OBJECT-TYPE
            SYNTAX  INTEGER {
                   other(1),
                   tr-tcm(2),
                   sr-tcm(3)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "tr-tcm: two rate three color mode;
                 sr-tcm: single rate three color mode.
                "
            ::= { swAclMeterEntry 7 }

        swAclMeterTrtcmCir OBJECT-TYPE
            SYNTAX  INTEGER (1..156249)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the 'committed information rate' of 'two rate three color mode'.
                 The unit is Kbps."
            ::= { swAclMeterEntry 8 }

        swAclMeterTrtcmCbs OBJECT-TYPE
            SYNTAX  INTEGER (1..16384)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the 'committed burst size' of 'two rate three color mode'.
                 1.	The unit is Kbytes. That is to say, 1 means 1Kbytes.
	         2. This parameter is an optional parameter. The default value is 4*1024.
	         3. The max set value is 16*1024.
	        "
            ::= { swAclMeterEntry 9 }

        swAclMeterTrtcmPir OBJECT-TYPE
            SYNTAX  INTEGER (1..156249)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the 'Peak Information Rate' of 'two rate three color mode'.
                 The unit is Kbps."
            ::= { swAclMeterEntry 10 }

        swAclMeterTrtcmPbs OBJECT-TYPE
            SYNTAX  INTEGER (1..16384)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the 'peak burst size' of 'two rate three color mode'.
                 1.	The unit is Kbytes. That is to say, 1 means 1kbytes.
	         2. This parameter is an optional parameter. The default value is 4*1024.
	         3. The max set value is 16*1024.
	        "
            ::= { swAclMeterEntry 11 }

        swAclMeterTrtcmColorMode OBJECT-TYPE
            SYNTAX  INTEGER {
                   color-blind(1),
                   color-aware(2)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the meter mode.
                 The default is color-blind mode. The final color of the packet is determined
                 by the initial color of the packet and the metering result."
            ::= { swAclMeterEntry 12 }

        swAclMeterTrtcmConformState OBJECT-TYPE
            SYNTAX  INTEGER {
                   other(1),
                   permit(2),
                   replace-dscp(3)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the action state when packet is in 'green color'.
                 permit: permit the packet.
                 replace-dscp:  change the DSCP value of packet.
                "
            ::= { swAclMeterEntry 13 }

        swAclMeterTrtcmConformReplaceDscp OBJECT-TYPE
            SYNTAX  INTEGER (0..63)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the DSCP value of the packet when the packet is in 'green color'."
            ::= { swAclMeterEntry 14 }

        swAclMeterTrtcmConformCounterState OBJECT-TYPE
            SYNTAX  INTEGER {
                   enabled(1),
                   disabled(2)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the counter state when the packet is in 'green color'.
	         1.	This is optional. The default is 'disable'.
	         2.	The resource may be limited so that the counter can not be turned on. The limitation is project dependent.
	         3.	counter will be cleared when the function is disabled.
	        "
            ::= { swAclMeterEntry 15 }

        swAclMeterTrtcmExceedState OBJECT-TYPE
            SYNTAX  INTEGER {
                   other(1),
                   permit(2),
                   replace-dscp(3),
                   drop(4)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the action state when packet is in 'yellow color'.
                 permit: permit the packet.
                 replace-dscp: change the DSCP value of the packet.
                 drop: drop the packet.
                "
            ::= { swAclMeterEntry 16 }

        swAclMeterTrtcmExceedReplaceDscp OBJECT-TYPE
            SYNTAX  INTEGER (0..63)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the DSCP value of packet when packet is in 'yellow color'."
            ::= { swAclMeterEntry 17 }

        swAclMeterTrtcmExceedCounterState OBJECT-TYPE
            SYNTAX  INTEGER {
                   enabled(1),
                   disabled(2)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the counter state when packet is in 'yellow color'.
	         1.	This is optional. The default is 'disable'.
	         2.	The resource may be limited so that the counter can not be turned on. The limitation is project dependent.
	         3.	counter will be cleared when the function is disabled.
	        "
            ::= { swAclMeterEntry 18 }

        swAclMeterTrtcmViolateState OBJECT-TYPE
            SYNTAX  INTEGER {
                   other(1),
                   permit(2),
                   replace-dscp(3),
                   drop(4)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the action state when packet is in 'red color'.
                 permit: permit the packet.
                 replace-dscp: change the DSCP value of packet.
                 drop: drop the packet.
                "
            ::= { swAclMeterEntry 19 }

        swAclMeterTrtcmViolateReplaceDscp OBJECT-TYPE
            SYNTAX  INTEGER (0..63)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the DSCP value of the packet when packet is in 'red color'."
            ::= { swAclMeterEntry 20 }

        swAclMeterTrtcmViolateCounterState OBJECT-TYPE
            SYNTAX  INTEGER {
                   enabled(1),
                   disabled(2)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the counter state when packet is in 'red color'.
	         1.	This is optional. The default is 'disable'.
	         2.	The resource may be limited so that the counter can not be turned on. The limitation is project dependent.
	         3.	counter will be cleared when the function is disabled.
	        "
            ::= { swAclMeterEntry 21 }

        swAclMeterSrtcmCir OBJECT-TYPE
            SYNTAX  INTEGER (1..156249)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the 'committed information rate' of 'single rate three color mode'.
                 The unit is Kbps."
            ::= { swAclMeterEntry 22 }

        swAclMeterSrtcmCbs OBJECT-TYPE
            SYNTAX  INTEGER (1..16384)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the 'committed burst size' of 'single rate three color mode'.
                 1.	The unit is Kbytes. That is to say, 1 means 1Kbytes.
	         2. The max set value is 16*1024.
	        "
            ::= { swAclMeterEntry 23 }

        swAclMeterSrtcmEbs OBJECT-TYPE
            SYNTAX  INTEGER (1..16384)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the 'Excess burst size' of 'single rate three color mode'.
                 1.	The unit is Kbytes. That is to say, 1 means 1kbytes.
	         2. The max set value is 16*1024.
	        "
            ::= { swAclMeterEntry 24 }

        swAclMeterSrtcmColorMode OBJECT-TYPE
            SYNTAX  INTEGER {
                   color-blind(1),
                   color-aware(2)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the meter mode.
                 The default is color-blind mode. The final color of packet is determined
                 by the initial color of the packet and the metering result."
            ::= { swAclMeterEntry 25 }

        swAclMeterSrtcmConformState OBJECT-TYPE
            SYNTAX  INTEGER {
                   other(1),
                   permit(2),
                   replace-dscp(3)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the action state when the packet is in 'green color'.
                 permit: permit the packet.
                 replace-dscp: change the DSCP value of packet.
                "
            ::= { swAclMeterEntry 26 }

        swAclMeterSrtcmConformReplaceDscp OBJECT-TYPE
            SYNTAX  INTEGER (0..63)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the DSCP value of the packet when packet is in 'green color'."
            ::= { swAclMeterEntry 27 }

        swAclMeterSrtcmConformCounterState OBJECT-TYPE
            SYNTAX  INTEGER {
                   enabled(1),
                   disabled(2)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the counter state when the packet is in 'green color'.
	         1.	This is optional. The default is 'disable'.
	         2.	The resource may be limited such that counter can not be turned on. The limitation is project dependent.
	         3.	counter will be cleared when the function is disabled.
	        "
            ::= { swAclMeterEntry 28 }

        swAclMeterSrtcmExceedState OBJECT-TYPE
            SYNTAX  INTEGER {
                   other(1),
                   permit(2),
                   replace-dscp(3),
                   drop(4)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the action state when the packet is in 'yellow color'.
                 permit: permit the packet.
                 replace-dscp: change the DSCP value of packet.
                 drop: drop the packet.
                "
            ::= { swAclMeterEntry 29 }

        swAclMeterSrtcmExceedReplaceDscp OBJECT-TYPE
            SYNTAX  INTEGER (0..63)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the DSCP value of the packet when packet is in 'yellow color'."
            ::= { swAclMeterEntry 30 }

        swAclMeterSrtcmExceedCounterState OBJECT-TYPE
            SYNTAX  INTEGER {
                   enabled(1),
                   disabled(2)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the counter state when the packet is in 'yellow color'.
	         1.	This is optional. The default is 'disable'.
	         2.	The resource may be limited such that counter can not be turned on. The limitation is project dependent.
	         3.	counter will be cleared when the function is disabled.
	        "
            ::= { swAclMeterEntry 31 }

        swAclMeterSrtcmViolateState OBJECT-TYPE
            SYNTAX  INTEGER {
                   other(1),
                   permit(2),
                   replace-dscp(3),
                   drop(4)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the action state when the packet is in 'red color'.
                 permit: permit the packet.
                 replace-dscp: change the DSCP value of packet.
                 drop: drop the packet.
                "
            ::= { swAclMeterEntry 32 }

        swAclMeterSrtcmViolateReplaceDscp OBJECT-TYPE
            SYNTAX  INTEGER (0..63)
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the DSCP value of the packet when packet is in 'red color'."
            ::= { swAclMeterEntry 33 }

        swAclMeterSrtcmViolateCounterState OBJECT-TYPE
            SYNTAX  INTEGER {
                   enabled(1),
                   disabled(2)
                   }
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "Specifies the counter state when the packet is in 'red color'.
	         1.	This is optional. The default is 'disable'.
	         2.	The resource may be limited so that the counter can not be turned on. The limitation is project dependent.
	         3.	counter will be cleared when the function is disabled.
	        "
            ::= { swAclMeterEntry 34 }

        swAclMeterRowStatus OBJECT-TYPE
            SYNTAX  RowStatus
            MAX-ACCESS  read-create
            STATUS  current
            DESCRIPTION
                "This object indicates the status of this entry."
            ::= { swAclMeterEntry 35 }

	swAclMeteringNumOfEntryInUse OBJECT-TYPE
		SYNTAX      INTEGER
		MAX-ACCESS  read-only
		STATUS      current
		DESCRIPTION
		   "Used to display total entries of the flow metering."
		::= { swAclMeteringMgmt 2 }

END
