--  *****************************************************************
--  DLINKSW-ACL-MIB.mib : ACL MIB
-- 
--  Copyright (c) 2013 D-Link Corporation, all rights reserved.
--   
--  *****************************************************************
DLINKSW-ACL-MIB DEFINITIONS ::= BEGIN


    IMPORTS
        MODULE-IDENTITY,
        OBJECT-TYPE,
        Integer32,
        Unsigned32,
        IpAddress,
        Counter64
            FROM SNMPv2-SMI
        MacAddress,
        DisplayString,
        TruthValue,
        RowStatus,
        TEXTUAL-CONVENTION
            FROM SNMPv2-TC
        MODULE-COMPLIANCE,
	    OBJECT-GROUP
		    FROM SNMPv2-CONF
        InterfaceIndex,     
        InterfaceIndexOrZero
            FROM IF-MIB  
        VlanId,VlanIdOrNone
            FROM Q-BRIDGE-MIB                                                
        InetAddressIPv6,
        InetAddressPrefixLength
            FROM INET-ADDRESS-MIB        
        dlinkIndustrialCommon
            FROM DLINK-ID-REC-MIB;


    dlinkSwAclMIB MODULE-IDENTITY
        LAST-UPDATED "201511260000Z"
        ORGANIZATION "D-Link Corp."
        CONTACT-INFO
            "        D-Link Corporation
             Postal: No. 289, Sinhu 3rd Rd., Neihu District,
             Taipei City 114, Taiwan, R.O.C
             Tel:     +886-2-66000123
             E-mail: tsd@dlink.com.tw
            "    
        DESCRIPTION
                "The Structure of Access Control List Information for the
                 proprietary enterprise."
 
        REVISION "201511260000Z"
        DESCRIPTION
            "Add DEFVAL for nodes dAclIpAccessRuleSrcPort,dAclIpAccessRuleQosPrecedence etc.
            And correct description of node dAclReSeqIncrement."
    
        REVISION "201507100000Z"
        DESCRIPTION
            "Add nodes to support vlan range, traffic class, l4 port mask operator, and mask for some nodes."

        REVISION "201401210000Z"
        DESCRIPTION
            "Obsolete nodes dAclMacAccessRuleLlcDSAP, dAclMacAccessRuleLlcSSAP and dAclMacAccessRuleLlcCntl."
        
        REVISION "201311130000Z"
        DESCRIPTION
            "Add 'deny-cpu'option for DlinkAclRuleType."
                 
        REVISION "201308200000Z"
        DESCRIPTION
            "Add nodes for counter function, access list remark, access list id, and some rule items."
            
        REVISION "201302080000Z"
        DESCRIPTION
            "This is the first version of the MIB file for 'ACL' functionality."         
        ::= { dlinkIndustrialCommon 28}

    DlinkAclRuleType ::= TEXTUAL-CONVENTION
        STATUS         current
        DESCRIPTION
             "The action type when the packets match the access profile.

             permit(1)- Specifies that packets that match the access rule are
                        permitted to be forwarded by the switch.
             deny(2)  - Specifies that packets that match the access rule
                        are not permitted to be forwarded by the switch and will be filtered.
             deny-cpu(3)- Specifies that packet that match the access rule are prevented to be 
             			copied to CPU and redirected to CPU. And the hardware forwarding behavior
             			should not be affected. 
            "
        SYNTAX         INTEGER {
            permit(1),
            deny(2),
            deny-cpu(3)         
        }

    DlinkAclPortOperatorType ::= TEXTUAL-CONVENTION
        STATUS         current
        DESCRIPTION
            " The type of UDP/TCP port operator indicates how a packet's
             TCP/UDP source or destination port number is compared.
            none(1) - No comparison.
            eq (2)- equal
            gt (3)- greater than.
            lt (4)- less than.
            neq(5)- not equal                            
            range(6)- compares the port value between two numbers. 
            mask(7)- check the bit corresponding to bit value 1, ignore the bit corresponding to bit value 0.                 
            "
        SYNTAX         INTEGER {
            none(1),
            eq(2),
            gt(3),
            lt(4),
            neq(5),
            range(6),
            mask(7)       
        }

    TcpFlag ::= TEXTUAL-CONVENTION
    	STATUS current
    	DESCRIPTION
        	"The TCP flag fields. Each bit defined as follow:
        		urgent(0) - urgent.
        		acknowledge(1) - acknowledge.
        		push(2) - push,
        		reset(3) - reset.
        		synchronize(4) - synchronize.
			finish (5) - finish.	
        "
    SYNTAX 			BITS {
    			urgent(0),
        		acknowledge(1),
        		push(2),
        		reset(3),
        		synchronize(4),
              finish (5)
      }
                
-- -----------------------------------------------------------------------------                                      
    dAclMIBNotifications    OBJECT IDENTIFIER ::= { dlinkSwAclMIB 0 }
    dAclMIBObjects          OBJECT IDENTIFIER ::= { dlinkSwAclMIB 1 }
    dAclMIBConformance      OBJECT IDENTIFIER ::= { dlinkSwAclMIB 2 }

-- -----------------------------------------------------------------------------
    dAclGeneral          OBJECT IDENTIFIER ::= { dAclMIBObjects 1 }
    
    dAclReSeqTable    OBJECT-TYPE
        SYNTAX          SEQUENCE OF DAclReSeqEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "A table consists of a list of information about how re-sequencing
            the rules in access lists.             
            "                        
        ::= { dAclGeneral 1 }
                          
    dAclReSeqEntry OBJECT-TYPE
        SYNTAX          DAclReSeqEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION            
            "An entry appears in this table for controlling the re-sequence of
            an access-list."
        INDEX  { dAclReSeqAccessListName }
        ::= { dAclReSeqTable 1 }

    DAclReSeqEntry ::= SEQUENCE {
        dAclReSeqAccessListName             DisplayString,
        dAclReSeqStartingNumber             Integer32,
        dAclReSeqIncrement                  Integer32
    }
    dAclReSeqAccessListName OBJECT-TYPE
        SYNTAX          DisplayString (SIZE (1..32))
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "Indicates the name of an access list."
        ::= { dAclReSeqEntry 1 }

    dAclReSeqStartingNumber OBJECT-TYPE
        SYNTAX          Integer32 ( 1..65535 )
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION
            "Indicates the initial value of sequence number of the corresponding
            access list."
        DEFVAL { 10 } 
        ::= { dAclReSeqEntry 2 }

    dAclReSeqIncrement OBJECT-TYPE
        SYNTAX          Integer32 ( 1..32 )
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION
            "Indicates the number that the sequence numbers step.
            If the increment value is 5 and the beginning sequence number is 20,
            the subsequent sequence numbers are 25, 30, 35, 40, and so on."
        DEFVAL { 10 } 
        ::= { dAclReSeqEntry 3 }
        
-- -----------------------------------------------------------------------------
    dAclMac              OBJECT IDENTIFIER ::= { dAclMIBObjects 2 }
    dAclMacAccessListNumber  OBJECT-TYPE
        SYNTAX          Unsigned32
        MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION
            "Indicates the number of entries present in the MAC access list
             table."
        ::= { dAclMac 1 }

    dAclMacAccessListTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF DAclMacAccessListEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "The table contains information about MAC access list."
        ::= { dAclMac 2 }

    dAclMacAccessListEntry OBJECT-TYPE
        SYNTAX          DAclMacAccessListEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "An entry defined in dAclMacAccessListTable. An entry is 
            created/removed when an MAC access list is created/deleted."
        INDEX { dAclMacAccessListName }
        ::= { dAclMacAccessListTable 1 }

    DAclMacAccessListEntry ::= SEQUENCE {
        dAclMacAccessListName           DisplayString,
        dAclMacAccessListRowStatus      RowStatus,
        dAclMacAccessListId				Integer32,
        dAclMacAccessListCounterEnabled		TruthValue,
        dAclMacAccessListClearStatAction  INTEGER,
        dAclMacAccessListRemark		DisplayString   
    }

    dAclMacAccessListName OBJECT-TYPE
        SYNTAX          DisplayString (SIZE (1..32))
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "The name of the MAC access list."
        ::= { dAclMacAccessListEntry 1 }

    dAclMacAccessListRowStatus OBJECT-TYPE
        SYNTAX      RowStatus
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "This object allows the dynamic creation and deletion of a MAC
            access list."
        ::= { dAclMacAccessListEntry 2 }
 
    dAclMacAccessListId OBJECT-TYPE
        SYNTAX          Integer32
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "The number of the MAC access list.
            If user specify value zero(0) for this node, agent will assign a number 
            	for it. After the table created, this node should not be changed."         
        ::= { dAclMacAccessListEntry 3 }
     
     dAclMacAccessListCounterEnabled	OBJECT-TYPE
        SYNTAX  			TruthValue
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
             "This object indicates the counter state of the access list is 
             enabled('true') or disabled('false'). And the counter state just 
             for the all interface that applied the access list in 
             dAclMacAccessGroupTable.             
             "
        ::= { dAclMacAccessListEntry 4 }
            
     dAclMacAccessListClearStatAction  	OBJECT-TYPE
        SYNTAX  			INTEGER{
			                clear(1),
			                noOp(2)
            }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object is used to clear statistics of the access list when set
            to 'clear'. No action is taken if this object is set to 'noOp'.
            The 'clear' action just for the all interface that applied the access 
            list in dAclMacAccessGroupTable.
            When read, the value 'noOp' is returned."
        ::= { dAclMacAccessListEntry 5 }    
          
     dAclMacAccessListRemark OBJECT-TYPE
        SYNTAX          DisplayString (SIZE (0..255))
        MAX-ACCESS       read-create
        STATUS          current
        DESCRIPTION
            "The description of the MAC access list."
        ::= { dAclMacAccessListEntry 6 }   
            
-- -----------------------------------------------------------------------------    
    dAclMacAccessRuleTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF DAclMacAccessRuleEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "A table consists of a list of rules for the MAC access list."
        ::= { dAclMac 3 }

    dAclMacAccessRuleEntry OBJECT-TYPE
        SYNTAX          DAclMacAccessRuleEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "An entry is defined dAclMacAccessRuleTable. 
            The first instance identifier index value identifies the 
            dAclMacAccessListEntry that a MAC access rule (dAclMacAccessRuleEntry)
            belongs to. An entry is removed from this table when its 
            corresponding dAclMacAccessListEntry is deleted."
        INDEX { 
            dAclMacAccessListName, 
            dAclMacAccessRuleSn 
        }
        ::= { dAclMacAccessRuleTable 1 }

    DAclMacAccessRuleEntry ::= SEQUENCE {
        dAclMacAccessRuleSn                 Integer32,
        dAclMacAccessRuleRowStatus          RowStatus,
        dAclMacAccessRuleAction             DlinkAclRuleType,
        dAclMacAccessRuleSrcMacAddr         MacAddress,
        dAclMacAccessRuleSrcMacWildcard     MacAddress,
        dAclMacAccessRuleDstMacAddr         MacAddress,
        dAclMacAccessRuleDstMacWildcard     MacAddress,
        dAclMacAccessRulePacketType         INTEGER,
        dAclMacAccessRuleEthernetType       Integer32,
        dAclMacAccessRuleLlcDSAP            Integer32,
        dAclMacAccessRuleLlcSSAP            Integer32,
        dAclMacAccessRuleLlcCntl            Integer32,
        dAclMacAccessRuleDot1p              Integer32, 
        dAclMacAccessRuleInnerDot1p         Integer32,
        dAclMacAccessRuleVlanID             VlanIdOrNone,   
        dAclMacAccessRuleInnerVlanID        VlanIdOrNone,
        dAclMacAccessRuleTimeName           DisplayString,    
        dAclMacAccessRuleEthernetTypeMask   OCTET STRING, 
        dAclMacAccessRuleDot1pMask          OCTET STRING, 
        dAclMacAccessRuleInnerDot1pMask     OCTET STRING,
        dAclMacAccessRuleVlanIDMask         OCTET STRING,   
        dAclMacAccessRuleInnerVlanIDMask    OCTET STRING, 
        dAclMacAccessRuleVlanRangeMin       VlanIdOrNone,
        dAclMacAccessRuleVlanRangeMax       VlanIdOrNone
        }

    dAclMacAccessRuleSn  OBJECT-TYPE
        SYNTAX          Integer32 (0..65535)
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "Specifies the sequence number of this rule. 
            The lower the number is, the higher the priority of the rule.
            The special value of 0 means the sequence number will be automatically 
            determined by the agent."
        ::= { dAclMacAccessRuleEntry 1 }

    dAclMacAccessRuleRowStatus OBJECT-TYPE
        SYNTAX          RowStatus
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "The row status variable, used according to installation
             and removal conventions for conceptual rows."
        ::= { dAclMacAccessRuleEntry 2 }

    dAclMacAccessRuleAction OBJECT-TYPE
        SYNTAX          DlinkAclRuleType
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object indicates the result of the packet examination is to
             permit or deny or prevent to CPU.           
            "
        ::= { dAclMacAccessRuleEntry 3 }

    dAclMacAccessRuleSrcMacAddr OBJECT-TYPE
        SYNTAX          MacAddress
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies a source MAC address."
        ::= { dAclMacAccessRuleEntry 4 }

    dAclMacAccessRuleSrcMacWildcard OBJECT-TYPE
        SYNTAX          MacAddress
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object is a wildcard bitmap to specify a group of source
            MAC addresses. The bit value 1 indicates the corresponding bit will
            be ignored. The bit value 0 indicates the corresponding bit will be
            checked. In other words, when the value of all 'ff'Hs indicates any
            source MAC address is specified. When the value of all '00'Hs indicates
            host source MAC address is specified."
        ::= { dAclMacAccessRuleEntry 5 }

    dAclMacAccessRuleDstMacAddr  OBJECT-TYPE
        SYNTAX          MacAddress
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies a destination MAC address."
        ::= { dAclMacAccessRuleEntry 6 }

    dAclMacAccessRuleDstMacWildcard  OBJECT-TYPE
        SYNTAX          MacAddress
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object is a wildcard bitmap to specify a group of destination
            MAC addresses. The bit value 1 indicates the corresponding bit will
            be ignored. The bit value 0 indicates the corresponding bit will be
            checked. In other words, when the value of all 'ff'Hs indicates any
            destination MAC address is specified. When the value of all '00'Hs 
            indicates host destination MAC address is specified."
        ::= { dAclMacAccessRuleEntry 7 }

    dAclMacAccessRulePacketType  OBJECT-TYPE
        SYNTAX          INTEGER { 
            none(1), 
            ethernet(2), 
            llc(3) 
        }
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies the Ethernet frame type. The value of none (1) means the 
            frame type is not specified."
        DEFVAL { none }    
        ::= { dAclMacAccessRuleEntry 8 }

    dAclMacAccessRuleEthernetType  OBJECT-TYPE
        SYNTAX      Integer32 (-1 | 0..65535)
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "Specifies the Ethernet type for an Ethernet II or SNAP packet.
             The special value of -1 means the Ethernet type value is not specified.             
             It is only meaningful when the dAclMacAccessRulePacketType is
              'ethernet'."
        DEFVAL { -1 }
        ::= { dAclMacAccessRuleEntry 9}

    dAclMacAccessRuleLlcDSAP  OBJECT-TYPE
        SYNTAX      Integer32 (-1 | 0..255)
        MAX-ACCESS  read-create
        STATUS      obsolete
        DESCRIPTION
            "Specifies the DSAP value for the LLC packet. If the value is -1, it
            means the DSAP number is not specified.
            It is only meaningful when the dAclMacAccessRulePacketType is 'llc'."
        DEFVAL { -1 }
        ::= { dAclMacAccessRuleEntry 10 }
       
    dAclMacAccessRuleLlcSSAP  OBJECT-TYPE
        SYNTAX      Integer32 (-1 | 0..255)
        MAX-ACCESS  read-create
        STATUS      obsolete
        DESCRIPTION
            "Specifies the SSAP value for the LLC packet. If the value is -1, it
            means the SSAP number is not specified.
            It is only meaningful when the dAclMacAccessRulePacketType is 'llc'."
        DEFVAL { -1 }    
        ::= { dAclMacAccessRuleEntry 11 }

    dAclMacAccessRuleLlcCntl  OBJECT-TYPE
        SYNTAX      Integer32 (-1 | 0..255)
        MAX-ACCESS  read-create
        STATUS      obsolete
        DESCRIPTION
            "Specifies the control field for the LLC packet. If the value is -1, it
            means the SSAP number is not specified.
            It is only meaningful when the dAclMacAccessRulePacketType is 'llc'."
        DEFVAL { -1 }
        ::= { dAclMacAccessRuleEntry 12 }

    dAclMacAccessRuleDot1p  OBJECT-TYPE
        SYNTAX      Integer32 (-1 | 0..7)
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "Specifies the priority value. The value of -1 means the priority
             is not specified."
        DEFVAL { -1 }
        ::= { dAclMacAccessRuleEntry 13 }

     dAclMacAccessRuleInnerDot1p  OBJECT-TYPE
        SYNTAX      Integer32 (-1 | 0..7)
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "Specifies the inner priority value. The value of -1 means the 
            inner priority is not specified."
        DEFVAL { -1 }
        ::= { dAclMacAccessRuleEntry 14 }
        
    dAclMacAccessRuleVlanID  OBJECT-TYPE
        SYNTAX          VlanIdOrNone
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies the VLAN ID.                                
             A value of zero indicates the VLAN ID is not specified.
             This node and dAclMacAccessRuleVlanRangeMin/dAclMacAccessRuleVlanRangeMax 
             cannot be specified at same time in a row."
        DEFVAL { 0 }
        ::= { dAclMacAccessRuleEntry 15 }

    dAclMacAccessRuleInnerVlanID  OBJECT-TYPE
        SYNTAX          VlanIdOrNone
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies the inner VLAN ID. A value of zero indicates 
            the inner VLAN ID is not specified."
        DEFVAL { 0 }
        ::= { dAclMacAccessRuleEntry 16 }
        
    dAclMacAccessRuleTimeName  OBJECT-TYPE
        SYNTAX          DisplayString
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies the name of time-period profile associated with
            the access-list delineating its activation period.
            The value 'NULL' means that this rule is not bound with any Time
            mechanism." 
        ::= { dAclMacAccessRuleEntry 17 }  
        
     dAclMacAccessRuleEthernetTypeMask  OBJECT-TYPE
        SYNTAX      OCTET STRING(SIZE(2))
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "Specifies the mask for ethernet type defined by dAclMacAccessRuleEthernetType.
             Valid values are from 0x0000 to 0xFFFF.
             Default value is 0xFFFF.
             This node is valid only for the dAclMacAccessRuleEthernetType specified."
         ::= { dAclMacAccessRuleEntry 18}
  
     dAclMacAccessRuleDot1pMask  OBJECT-TYPE
        SYNTAX OCTET STRING(SIZE(1))
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "Specifies the mask for priority defined by dAclMacAccessRuleDot1p.
             Valid values are from 0x00 to 0x07.
             Default value is 0x07.
             This node is valid only for the dAclMacAccessRuleDot1p specified."
         ::= { dAclMacAccessRuleEntry 19 }

     dAclMacAccessRuleInnerDot1pMask  OBJECT-TYPE
        SYNTAX OCTET STRING(SIZE(1))
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "Specifies the mask for inner priority defined by dAclMacAccessRuleInnerDot1p.
             Valid values are from 0x00 to 0x07.
             Default value is 0x07.
             This node is valid only for the dAclMacAccessRuleInnerDot1p specified."
        ::= { dAclMacAccessRuleEntry 20 }
        
     dAclMacAccessRuleVlanIDMask  OBJECT-TYPE
        SYNTAX OCTET STRING(SIZE(2))
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies the mask for VLAN ID defined by dAclMacAccessRuleVlanID.
             Valid values are from 0x0000 to 0x0FFF.
             This node and dAclMacAccessRuleVlanRangeMin/dAclMacAccessRuleVlanRangeMax 
             cannot be specified at same time in a row.
             Default value is 0x0FFF.
             This node is valid only for the dAclMacAccessRuleVlanID specified."
        ::= { dAclMacAccessRuleEntry 21 }

     dAclMacAccessRuleInnerVlanIDMask  OBJECT-TYPE
        SYNTAX OCTET STRING(SIZE(2))
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION  
            "Specifies the mask for inner VLAN ID defined by dAclMacAccessRuleInnerVlanID.
             Valid values are from 0x0000 to 0x0FFF.
             Default value is 0x0FFF.
             This node is valid only for the dAclMacAccessRuleInnerVlanID specified."
        ::= { dAclMacAccessRuleEntry 22 }       
    
     dAclMacAccessRuleVlanRangeMin  OBJECT-TYPE
        SYNTAX       VlanIdOrNone
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "Specifies the minimum outer VLAN ID of a VLAN range. A value of zero
             indicates the VLAN range is not specified.    
             This node and dAclMacAccessRuleVlanID/dAclMacAccessRuleVlanIDMask cannot
             be specified at same time in a row.
             This node is valid only for the dAclMacAccessRuleVlanRangeMax specified." 
        DEFVAL { 0 }
        ::= { dAclMacAccessRuleEntry 23 }
  
    dAclMacAccessRuleVlanRangeMax  OBJECT-TYPE
        SYNTAX       VlanIdOrNone
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "Specifies the maximum outer VLAN ID of a VLAN range. A value of zero
             indicates the VLAN range is not specified.    
             This node and dAclMacAccessRuleVlanID/dAclMacAccessRuleVlanIDMask cannot
             be specified at same time in a row.
             This node is valid only for the dAclMacAccessRuleVlanRangeMin specified."  
        DEFVAL { 0 }
        ::= { dAclMacAccessRuleEntry 24 } 

-- -----------------------------------------------------------------------------
    dAclMacAccessGroupTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF DAclMacAccessGroupEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "The table represents a list of MAC access group configuration."
        ::= { dAclMac 4 }

    dAclMacAccessGroupEntry OBJECT-TYPE
        SYNTAX          DAclMacAccessGroupEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "An entry in dAclMacAccessGroupTable contains interface specific 
            MAC access list association."
        INDEX { dAclMacAccessGroupIfIndex, dAclMacAccessGroupApplyDirection }
        ::= { dAclMacAccessGroupTable 1 }

    DAclMacAccessGroupEntry ::= SEQUENCE {
        dAclMacAccessGroupIfIndex    InterfaceIndex,
        dAclMacAccessGroupApplyDirection 	INTEGER,
        dAclMacAccessGroupRowStatus  RowStatus,
        dAclMacAccessGroupAclName  DisplayString,
        dAclMacAccessGroupAclId		Integer32
    }

    dAclMacAccessGroupIfIndex OBJECT-TYPE
        SYNTAX          InterfaceIndex
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "Indicates the ifIndex of the interface.
            Only physical port is valid interface."
        ::= { dAclMacAccessGroupEntry 1 }

    dAclMacAccessGroupApplyDirection OBJECT-TYPE
        SYNTAX          INTEGER{ 
            inbound(1),
            outbound(2)         
       	}
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
           	"Indicates whether this access list is to be attached to ingress
           	or egress direction." 
        ::= { dAclMacAccessGroupEntry 2 }
        
    dAclMacAccessGroupRowStatus OBJECT-TYPE
        SYNTAX          RowStatus
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "The row status variable, used according to installation
            and removal conventions for conceptual rows."
        ::= { dAclMacAccessGroupEntry 3 }

    dAclMacAccessGroupAclName OBJECT-TYPE
        SYNTAX          DisplayString (SIZE (1..32))
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "The name of the MAC access list to be applied.
            "             
        ::= { dAclMacAccessGroupEntry 4 }
        
    dAclMacAccessGroupAclId OBJECT-TYPE
        SYNTAX          Integer32
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "The ID of the MAC access list to be applied.
           	User maybe specify access list ID(by this object) or name (by 
           	dAclMacAccessGroupAclName) to be applied. If both access list 
           	ID and name are specified, the access list name specified by 
           	dAclMacAccessGroupAclName will be take.
            "             
        ::= { dAclMacAccessGroupEntry 5 }
-- -----------------------------------------------------------------------------
    dAclIp               OBJECT IDENTIFIER ::= { dAclMIBObjects 3 }
    dAclIpAccessListNumber  OBJECT-TYPE
        SYNTAX          Unsigned32
        MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION
            "Indicates the number of entries present in the IP access list 
            table."
        ::= { dAclIp 1 }

    dAclIpAccessListTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF DAclIpAccessListEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "The table contains IP access list configuration."
        ::= { dAclIp 2 }

    dAclIpAccessListEntry OBJECT-TYPE
        SYNTAX          DAclIpAccessListEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION            
            "An entry defined in dAclIpAccessListTable. An entry is 
            created/removed when an IP access list is created/deleted."
        INDEX { dAclIpAccessListName }
        ::= { dAclIpAccessListTable 1 }

    DAclIpAccessListEntry ::= SEQUENCE {
        dAclIpAccessListName        DisplayString,
        dAclIpAccessListRowStatus   RowStatus,
        dAclIpAccessExtended        TruthValue,
        dAclIpAccessListId			Integer32,
        dAclIpAccessListCounterEnabled	TruthValue,
        dAclIpAccessListClearStatAction 	INTEGER,
        dAclIpAccessListRemark		DisplayString        			
    }

    dAclIpAccessListName OBJECT-TYPE
        SYNTAX          DisplayString (SIZE (1..32))
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "The name of the IP access list."
        ::= { dAclIpAccessListEntry 1 }

    dAclIpAccessListRowStatus OBJECT-TYPE
        SYNTAX          RowStatus
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object allows the dynamic creation and
             deletion of an IP access list."
        ::= { dAclIpAccessListEntry 2 }

    dAclIpAccessExtended OBJECT-TYPE
        SYNTAX          TruthValue
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object indicates the IP access list is extended ('true') or 
            standard ('false').
            A standard ip access list means only IP address related i.e. 
            source or destination IP address is specified for the filter. 
            For an extended IP access list, more fields can be chosen for the
            filter."         
        ::= { dAclIpAccessListEntry 3 }
        
    dAclIpAccessListId OBJECT-TYPE
        SYNTAX          Integer32
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "The number of the IP access list.
            If user specify value zero(0) for this node, agent will assign a number 
            	for it. After the table created, this node should not be changed."         
        ::= { dAclIpAccessListEntry 4 }
     
     dAclIpAccessListCounterEnabled	OBJECT-TYPE
        SYNTAX  TruthValue
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
             "This object indicates the counter state of the access list is
              enabled('true') or disabled('false'). And the counter just for 
              the all interface that applied the access list in 
              dAclIpAccessGroupTable."
        ::= { dAclIpAccessListEntry 5 }
        
      dAclIpAccessListClearStatAction  	OBJECT-TYPE
        SYNTAX  			INTEGER{
			                clear(1),
			                noOp(2)
            }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object is used to clear statistics of the access list when set
            to 'clear'. No action is taken if this object is set to 'noOp'.
            The 'clear' action just for the all interface that applied the access
            list in dAclIpAccessGroupTable.
            When read, the value 'noOp' is returned."
        ::= { dAclIpAccessListEntry 6 }    
                    
     dAclIpAccessListRemark OBJECT-TYPE
        SYNTAX          DisplayString (SIZE (0..255))
        MAX-ACCESS       read-create
        STATUS          current
        DESCRIPTION
            "The description of the IP access list."
        ::= { dAclIpAccessListEntry 7 }   
        
-- -----------------------------------------------------------------------------    
    dAclIpAccessRuleTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF DAclIpAccessRuleEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION            
            "The table contains a list of IP access rules for IP access lists."
        ::= { dAclIp 3}

    dAclIpAccessRuleEntry OBJECT-TYPE
        SYNTAX          DAclIpAccessRuleEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "An entry is defined dAclIpAccessRuleTable. 
            The first instance identifier index value identifies the 
            dAclIpAccessListEntry that an IP access rule (dAclIpAccessRuleEntry)
            belongs to. An entry is removed from this table when its 
            corresponding dAclIpAccessRuleEntry is deleted."           
        INDEX { 
            dAclIpAccessListName, 
            dAclIpAccessRuleSn 
        }
        ::= { dAclIpAccessRuleTable 1 }

    DAclIpAccessRuleEntry ::= SEQUENCE {
        dAclIpAccessRuleSn         Integer32,
        dAclIpAccessRuleRowStatus        RowStatus,
        dAclIpAccessRuleAction           DlinkAclRuleType,
        dAclIpAccessRuleProtocol         INTEGER,
        dAclIpAccessRuleUserDefProtocol  Integer32,
        dAclIpAccessRuleSrcAddr          IpAddress,
        dAclIpAccessRuleSrcWildcard      IpAddress,                
        dAclIpAccessRuleDstAddr          IpAddress,
        dAclIpAccessRuleDstWildcard      IpAddress,        
        dAclIpAccessRuleSrcOperator      DlinkAclPortOperatorType,
        dAclIpAccessRuleSrcPort          Integer32,
        dAclIpAccessRuleSrcPortRange     Integer32,
        dAclIpAccessRuleDstOperator      DlinkAclPortOperatorType,
        dAclIpAccessRuleDstPort          Integer32,
        dAclIpAccessRuleDstPortRange     Integer32,         
        dAclIpAccessRuleQosPrecedence    Integer32,
        dAclIpAccessRuleQosTos           Integer32, 
        dAclIpAccessRuleQosDscp          Integer32,            
        dAclIpAccessRuleIcmpType         Integer32,
        dAclIpAccessRuleIcmpCode         Integer32,        
        dAclIpAccessRuleTimeName         DisplayString,
        dAclIpAccRuleTcpFlag			 TcpFlag,
        dAclIpAccRuleFragments		     TruthValue,
        dAclIpAccRuleUserDefProtocolMask  OCTET STRING,
        dAclIpAccRuleSrcPortMask          OCTET STRING,
        dAclIpAccRuleDstPortMask          OCTET STRING,
        dAclIpAccRuleQosPrecedenceMask    OCTET STRING,
        dAclIpAccRuleQosTosMask           OCTET STRING,
        dAclIpAccRuleQosDscpMask          OCTET STRING        
    }

    dAclIpAccessRuleSn OBJECT-TYPE
        SYNTAX          Integer32 (0..65535)
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
           "Specifies the sequence number of this rule. 
            The lower the number is, the higher the priority of the rule.
            The special value of 0 means the sequence number will be automatically 
            determined by the agent."
        ::= { dAclIpAccessRuleEntry 1 }

    dAclIpAccessRuleRowStatus OBJECT-TYPE
        SYNTAX          RowStatus
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "The row status variable, used according to installation
             and removal conventions for conceptual rows."
        ::= { dAclIpAccessRuleEntry 2 }

    dAclIpAccessRuleAction OBJECT-TYPE
        SYNTAX          DlinkAclRuleType
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object indicates the result of the packet examination is to
            permit or deny or prevent to CPU."
        ::= { dAclIpAccessRuleEntry 3 }

    dAclIpAccessRuleProtocol OBJECT-TYPE
        SYNTAX      INTEGER { 
            none(0),
            userDefine(1),
            tcp(2),
            udp(3),                             
            icmp(4),
            gre(5),
            esp(6),
            eigrp(7),
            igmp(8),
            ospf(9),
            pim(10),
            vrrp(11),
            ipinip(12),
            pcp(13)
        }
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "Specifies the IP protocol."
        ::= { dAclIpAccessRuleEntry 4 }

    dAclIpAccessRuleUserDefProtocol OBJECT-TYPE
        SYNTAX          Integer32 (-1 | 0..255)
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies the user defined protocol ID when the dAclIpAccessRuleProtocol
             is 'userDefine (1)'. The value of -1 means the user defined protocol ID
             is not specified."
        DEFVAL { -1 }                     
        ::= { dAclIpAccessRuleEntry 5 }

    dAclIpAccessRuleSrcAddr OBJECT-TYPE
        SYNTAX     IpAddress
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
            "Specifies a source IP address."
        ::= { dAclIpAccessRuleEntry 6 }

    dAclIpAccessRuleSrcWildcard OBJECT-TYPE
        SYNTAX     IpAddress
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION           
            "This object is a wildcard bitmap to specify a group of source IP
            addresses. The bit value 1 indicates the corresponding bit will
            be ignored. The bit value 0 indicates the corresponding bit will be
            checked. In other words, when the value of all 'ff'Hs indicates any
            IP source address is specified. When the value of all '00'Hs indicates
            host IP source address is specified."
        ::= { dAclIpAccessRuleEntry 7 }      
        
     dAclIpAccessRuleDstAddr OBJECT-TYPE
        SYNTAX     IpAddress
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
            "Specifies a destination IP address."
        ::= { dAclIpAccessRuleEntry 8 }

    dAclIpAccessRuleDstWildcard OBJECT-TYPE
        SYNTAX     IpAddress
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
            "This object is a wildcard bitmap to specify a group of destination IP
            addresses. The bit value 1 indicates the corresponding bit will
            be ignored. The bit value 0 indicates the corresponding bit will be
            checked. In other words, when the value of all 'ff'Hs indicates any
            IP destination address is specified. When the value of all '00'Hs indicates
            host IP destination address is specified."
        ::= { dAclIpAccessRuleEntry 9 }    
   
    dAclIpAccessRuleSrcOperator OBJECT-TYPE
        SYNTAX          DlinkAclPortOperatorType
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object indicates how a packet's source TCP/UDP port number is
            compared.
            When the value of this object is eq(2),gt(3),lt(4) or neq(5) uses
            the dAclIpAccessRuleSrcPort as an operand which is the only one needed. 
           
            When the value of this object is range(6) needs 2 operands. One is 
            dAclIpAccessRuleSrcPort, which is the starting port number of the 
            range, and the other operand is dAclIpAccessRuleSrcPortRange, 
            which is the ending port number of the range.
                  
            When the value of this object is mask(7) needs 2 operands. One is 
            dAclIpAccessRuleSrcPort, the other operand is dAclIpAccRuleSrcPortMask. 
            
            This object is used for TCP/UDP protocol only, hence when the object
            'dAclIpAccessRuleProtocol' is set to other than TCP/UDP, the object has
            to be 'none(1)'."
        ::= { dAclIpAccessRuleEntry 10 }
              
    dAclIpAccessRuleSrcPort OBJECT-TYPE
        SYNTAX          Integer32 (-1..65535)
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object indicates the source port number of TCP/UDP protocol.
            If the value is -1, it means the value is not specified.
            If the dAclIpAccessRuleSrcOperator object in the same row is
            range(6), this object will be the starting port number of the port
            range.
            This object only can be configured dAclIpAccessRuleSrcOperator in
            the same row is not 'none(1)'."      
        DEFVAL { -1 }
        ::= { dAclIpAccessRuleEntry 11 }

    dAclIpAccessRuleSrcPortRange OBJECT-TYPE
        SYNTAX          Integer32 (-1..65535)
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION            
            "The source port number of the TCP/UDP protocol. If the
            dAclIpAccessRuleSrcOperator object in the same row is range(6), this
            object will be the ending port number of the port range.
           The value of -1 means the ending port number is not specified."       
        DEFVAL { -1 } 
        ::= { dAclIpAccessRuleEntry 12 }
             
    dAclIpAccessRuleDstOperator OBJECT-TYPE
        SYNTAX          DlinkAclPortOperatorType
        MAX-ACCESS  read-create
        STATUS      current                           
        DESCRIPTION
            "This object indicates how a packet's TCP/UDP destination port number is
            compared.
            When the value of this object is eq(2),gt(3),lt(4) or neq(5) uses
            the dAclIpAccessRuleSrcPort as an operand which is the only one needed. 
           
            When the value of this object is range(6) needs 2 operands. One is 
            dAclIpAccessRuleSrcPort, which is the starting port number of the 
            range, and the other operand is dAclIpAccessRuleDstPortRange, 
            which is the ending port number of the range.
                  
            When the value of this object is mask(7) needs 2 operands. One is 
            dAclIpAccessRuleDstPort, the other operand is dAclIpAccRuleDstPortMask. 
            
            This object is used for TCP/UDP protocol only, hence when the object
            'dAclIpAccessRuleProtocol' is set to other than TCP/UDP, the object has
            to be 'none(1)'."
        ::= { dAclIpAccessRuleEntry 13 }
     
     dAclIpAccessRuleDstPort OBJECT-TYPE
        SYNTAX      Integer32 (-1..65535)
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "This object indicates the destination port number of TCP/UDP protocol.
            If the value is -1, it means the value is not specified.
            If the dAclIpAccessRuleDstOperator object in the same row is
            range(6), this object will be the starting port number of the port
            range.
            This object only can be configured dAclIpAccessRuleDstOperator in
            the same row is not 'none(1)'."         
        DEFVAL { -1 }
        ::= { dAclIpAccessRuleEntry 14 }
         
    dAclIpAccessRuleDstPortRange OBJECT-TYPE
        SYNTAX          Integer32 (-1..65535)
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION            
            "The destination port number of the TCP/UDP protocol. If the
            dAclIpAccessRuleDstOperator object in the same row is range(6), this
            object will be the ending port number of the port range.
            The value of -1 means the ending port number is not specified."        
        DEFVAL { -1 }
        ::= { dAclIpAccessRuleEntry 15 }
               
    dAclIpAccessRuleQosPrecedence  OBJECT-TYPE
        SYNTAX       Integer32 (-1 | 0..7)
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "Specifies the value of precedence.
             The value of -1 means the value is not specified or not applicable.     
             dAclIpAccessRuleQosPrecedence and  dAclIpAccessRuleQosDscp cannot
             be specified at same time in a row."
        DEFVAL { -1 }
        ::= { dAclIpAccessRuleEntry 16 }
  
    dAclIpAccessRuleQosTos  OBJECT-TYPE
        SYNTAX       Integer32 (-1 | 0..15)
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "Specifies the value of type of service.
             The value of -1 means the value is not specified or not applicable.                          
             dAclIpAccessRuleQosTos and  dAclIpAccessRuleQosDscp cannot
             be specified at same time in a row."
        DEFVAL { -1 }
        ::= { dAclIpAccessRuleEntry 17 } 
    
     dAclIpAccessRuleQosDscp  OBJECT-TYPE
        SYNTAX       Integer32 (-1 | 0..63)
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "Specifies the value of DSCP code.
             The value of -1 means the value is not specified or not applicable. 
             Neither dAclIpAccessRuleQosPrecedence nor dAclIpAccessRuleQosTos 
             cannot be specified with dAclIpAccessRuleQosDscp at same time
             in a row.
            "
        DEFVAL { -1 }
        ::= { dAclIpAccessRuleEntry 18 } 
        
     dAclIpAccessRuleIcmpType OBJECT-TYPE
        SYNTAX      Integer32 (-1 | 0..255)
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "This object indicates the type of ICMP protocol.
            If the value is -1, it means the value is not specified.
            This object is used for ICMP protocol only, hence when the object
            'dAclIpAccessRuleProtocol' is set to other than ICMP, the object has
            to be -1."
        DEFVAL { -1 }    
        ::= { dAclIpAccessRuleEntry 19 }
    
    dAclIpAccessRuleIcmpCode OBJECT-TYPE
        SYNTAX      Integer32 (-1 | 0..255)
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "This object indicates the code of ICMP protocol.
            If the value is -1, it means the value is not specified.
            This object is used for ICMP protocol only, hence when the object
            'dAclIpAccessRuleProtocol' is set to other than ICMP, the object has
            to be -1."
        DEFVAL { -1 }    
        ::= { dAclIpAccessRuleEntry 20 }
            
    dAclIpAccessRuleTimeName  OBJECT-TYPE
        SYNTAX      DisplayString
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "Specifies the name of time-period profile associated with the 
            access-list delineating its activation period.
            The value 'NULL' means that this rule is not bound with any Time
            mechanism."
        ::= { dAclIpAccessRuleEntry 21 }

	dAclIpAccRuleTcpFlag  OBJECT-TYPE
        SYNTAX       TcpFlag
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "Specifies the TCP flag fields. 
            This node is available only for TCP protocol. 
            The default value for this node is empty set, which means no TCP flag 
            values are set.  					
            "
        ::= { dAclIpAccessRuleEntry 22 } 
        
    dAclIpAccRuleFragments  OBJECT-TYPE
        SYNTAX       TruthValue
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "This object indicates the Packet fragment filtering status 
            is  enabled('true') or disabled('false').
            "
        ::= { dAclIpAccessRuleEntry 23 } 
    
      dAclIpAccRuleUserDefProtocolMask OBJECT-TYPE
        SYNTAX OCTET STRING(SIZE(1))
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies the mask for protocol ID defined by dAclIpAccessRuleUserDefProtocol. 
             Valid values are from 0x00 to 0xFF.
             Default value is 0xFF.
             This node is valid only for the dAclIpAccessRuleUserDefProtocol specified."                    
        ::= { dAclIpAccessRuleEntry 24 }
     
     dAclIpAccRuleSrcPortMask OBJECT-TYPE
        SYNTAX OCTET STRING(SIZE(2))
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies the mask for L4 source port defined by dAclIpAccessRuleSrcPort. 
             Valid values are from 0x0 to 0xFFFF.
             Default value is 0xFFFF.
             This object only can be configured dAclIpAccessRuleSrcOperator in the 
             same row is 'mask(7)'.              
             This node is valid only for the dAclIpAccessRuleSrcPort specified." 
        ::= { dAclIpAccessRuleEntry 25 } 
     
     dAclIpAccRuleDstPortMask OBJECT-TYPE                       
        SYNTAX OCTET STRING(SIZE(2))
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies the mask for L4 destination port defined by dAclIpAccessRuleDstPort. 
             Valid values are from 0x0 to 0xFFFF.
             Default value is 0xFFFF.
             This object only can be configured dAclIpAccessRuleDstOperator in the 
             same row is 'mask(7)'.
             This node is valid only for the dAclIpAccessRuleDstPort specified." 
        ::= { dAclIpAccessRuleEntry 26 } 
       
    dAclIpAccRuleQosPrecedenceMask  OBJECT-TYPE
        SYNTAX OCTET STRING(SIZE(1))
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "Specifies the mask for ip precedence defined by dAclIpAccessRuleQosPrecedence.
             Valid values are from 0x0 to 0x7.
             Default value is 0x7.
             This node is valid only for the dAclIpAccessRuleQosPrecedence specified." 
        ::= { dAclIpAccessRuleEntry 27 }
  
     dAclIpAccRuleQosTosMask  OBJECT-TYPE
        SYNTAX OCTET STRING(SIZE(1))
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "Specifies the mask for type of service defined by dAclIpAccessRuleQosTos.
             Valid values are from 0x0 to 0xF.
             Default value is 0xF.
             This node is valid only for the dAclIpAccessRuleQosTos specified." 
        ::= { dAclIpAccessRuleEntry 28 } 
    
     dAclIpAccRuleQosDscpMask  OBJECT-TYPE
        SYNTAX OCTET STRING(SIZE(1))
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "Specifies the mask for DSCP code defined by dAclIpAccessRuleQosDscp.
             Valid values are from 0x0 to 0x3F.
             Default value is 0x3F.
             This node is valid only for the dAclIpAccessRuleQosDscp specified." 
        ::= { dAclIpAccessRuleEntry 29 }
                
-- -----------------------------------------------------------------------------  
    dAclIpAccessGroupTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF DAclIpAccessGroupEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "The table represents a list of IP access group configuration."
        ::= { dAclIp 4 }

    dAclIpAccessGroupEntry OBJECT-TYPE
        SYNTAX          DAclIpAccessGroupEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION            
            "An entry in dAclIpAccessGroupTable contains interface specific 
            IP access list association."
        INDEX { dAclIpAccessGroupIfIndex,dAclIpAccessGroupApplyDirection}
        ::= { dAclIpAccessGroupTable 1 }

    DAclIpAccessGroupEntry ::= SEQUENCE {
        dAclIpAccessGroupIfIndex     InterfaceIndex,
        dAclIpAccessGroupApplyDirection INTEGER,
        dAclIpAccessGroupStatus      RowStatus,
        dAclIpAccessGroupAclName   DisplayString,
        dAclIpAccessGroupAclId 		Integer32
        }

    dAclIpAccessGroupIfIndex OBJECT-TYPE
        SYNTAX      InterfaceIndex
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "Indicates the ifIndex of the interface.
            Only physical port is valid interface."
        ::= { dAclIpAccessGroupEntry 1 }

    dAclIpAccessGroupApplyDirection OBJECT-TYPE
        SYNTAX      INTEGER{ 
            				inbound(1),
            				outbound(2)         
       					 }
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
           	"Indicates whether this access list is to be attached to ingress or egress direction." 
        ::= { dAclIpAccessGroupEntry 2 }
    dAclIpAccessGroupStatus OBJECT-TYPE
        SYNTAX      RowStatus
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The row status variable, used according to installation
             and removal conventions for conceptual rows."
        ::= { dAclIpAccessGroupEntry 3 }

    dAclIpAccessGroupAclName OBJECT-TYPE
        SYNTAX      DisplayString (SIZE (1..32))
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The name of the IP access list to be applied."
        ::= { dAclIpAccessGroupEntry 4 }

 	dAclIpAccessGroupAclId OBJECT-TYPE
        SYNTAX      Integer32
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The ID of the IP access list to be applied. 
           	User maybe specify access list ID(by this object) or name (by 
           	dAclIpAccessGroupAclName) to be applied. If both access list 
           	ID and name are specified, the access list name specified by 
           	dAclIpAccessGroupAclName will be take.
			"
        ::= { dAclIpAccessGroupEntry 5 }
-- -----------------------------------------------------------------------------
    dAclIPv6               OBJECT IDENTIFIER ::= { dAclMIBObjects 4 }
    dAclIPv6AccessListNumber  OBJECT-TYPE
        SYNTAX          Unsigned32
        MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION
            "Indicates the number of entries present in the IPv6 access list
            table."
        ::= { dAclIPv6 1 }

    dAclIPv6AccessListTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF DAclIPv6AccessListEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "The table contains IPv6 access list configuration."
        ::= { dAclIPv6 2 }

    dAclIPv6AccessListEntry OBJECT-TYPE
        SYNTAX          DAclIPv6AccessListEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION            
            "An entry defined in dAclIPv6AccessListTable. An entry is 
            created/removed when an IPv6 access list is created/deleted."
        INDEX { dAclIPv6AccessListName }
        ::= { dAclIPv6AccessListTable 1 }

    DAclIPv6AccessListEntry ::= SEQUENCE {
        dAclIPv6AccessListName          DisplayString,
        dAclIPv6AccessListRowStatus     RowStatus,
        dAclIPv6AccessExtended          TruthValue,
        dAclIPv6AccessListId		Integer32,
        dAclIPv6AccessListCounterEnabled		TruthValue,
        dAclIPv6AccessListClearStatAction 	INTEGER,
        dAclIPv6AccessListRemark        DisplayString
    }

    dAclIPv6AccessListName OBJECT-TYPE
        SYNTAX          DisplayString (SIZE (1..32))
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "The name of the IPv6 access list."
        ::= { dAclIPv6AccessListEntry 1 }

    dAclIPv6AccessListRowStatus OBJECT-TYPE
        SYNTAX          RowStatus
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object allows the dynamic creation and
             deletion of an IPv6 access list."
        ::= { dAclIPv6AccessListEntry 2 }

    dAclIPv6AccessExtended OBJECT-TYPE
        SYNTAX          TruthValue
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object indicates the IPv6 access list is extended ('true') or 
            standard ('false').
            A standard ip access list means only IPv6 address related i.e. 
            source or destination IPv6 address is specified for the filter. 
            For an extended IPv6 access list, more fields can be chosen for the
            filter."         
        ::= { dAclIPv6AccessListEntry 3 }
     	    
    dAclIPv6AccessListId OBJECT-TYPE
        SYNTAX          Integer32
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "The number of the IPv6 access list."         
        ::= { dAclIPv6AccessListEntry 4 }
     
    dAclIPv6AccessListCounterEnabled OBJECT-TYPE
        SYNTAX  TruthValue
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
             "This object indicates the counter state of the access list is
              enabled('true') or disabled('false'). And the counter just for 
              the all interface that applied the access list in 
              dAclIPv6AccessGroupTable."
        ::= { dAclIPv6AccessListEntry 5 }

     dAclIPv6AccessListClearStatAction  	OBJECT-TYPE
        SYNTAX  			INTEGER{
			                clear(1),
			                noOp(2)
            }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object is used to clear statistics of the access list when set
            to 'clear'. No action is taken if this object is set to 'noOp'.
            The 'clear' action just for the all interface that applied the access 
            list in dAclIPv6AccessGroupTable.
            When read, the value 'noOp' is returned."
        ::= { dAclIPv6AccessListEntry 6 }    
                   
    dAclIPv6AccessListRemark OBJECT-TYPE
        SYNTAX          DisplayString (SIZE (0..255))
        MAX-ACCESS       read-create
        STATUS          current
        DESCRIPTION
            "The description of the IPv6 access list."
        ::= { dAclIPv6AccessListEntry 7 }   
              
-- -----------------------------------------------------------------------------       
    dAclIPv6AccessRuleTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF DAclIPv6AccessRuleEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION            
            "The table contains a list of IPv6 access rules for IPv6 access lists."
        ::= { dAclIPv6 3}

    dAclIPv6AccessRuleEntry OBJECT-TYPE
        SYNTAX          DAclIPv6AccessRuleEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "An entry is defined dAclIPv6AccessRuleTable. 
            The first instance identifier index value identifies the 
            dAclIPv6AccessListEntry that an IPv6 access rule (dAclIPv6AccessRuleEntry)
            belongs to. An entry is removed from this table when its 
            corresponding dAclIPv6AccessRuleEntry is deleted."           
        INDEX { 
            dAclIPv6AccessListName, 
            dAclIPv6AccessRuleSn 
        }
        ::= { dAclIPv6AccessRuleTable 1 }

    DAclIPv6AccessRuleEntry ::= SEQUENCE {
        dAclIPv6AccessRuleSn         Integer32,
        dAclIPv6AccessRuleRowStatus        RowStatus,
        dAclIPv6AccessRuleAction           DlinkAclRuleType,
        dAclIPv6AccessRuleProtocol         INTEGER,
        dAclIPv6AccessRuleUserDefProtocol  Integer32,
        dAclIPv6AccessRuleSrcAddr          InetAddressIPv6,
        dAclIPv6AccessRuleSrcPrefixLen     InetAddressPrefixLength,         
        dAclIPv6AccessRuleDstAddr          InetAddressIPv6,
        dAclIPv6AccessRuleDstPrefixLen     InetAddressPrefixLength,
        dAclIPv6AccessRuleDstOperator      DlinkAclPortOperatorType,
        dAclIPv6AccessRuleSrcOperator      DlinkAclPortOperatorType,
        dAclIPv6AccessRuleSrcPort          Integer32,
        dAclIPv6AccessRuleSrcPortRange     Integer32,       
        dAclIPv6AccessRuleDstPort          Integer32,
        dAclIPv6AccessRuleDstPortRange     Integer32,
        dAclIPv6AccessRuleDscp             Integer32,                
        dAclIPv6AccessRuleIcmpType         Integer32,
        dAclIPv6AccessRuleIcmpCode         Integer32,
        dAclIPv6AccessRuleTimeName         DisplayString,
        dAclIPv6AccRuleTcpFlag			   TcpFlag, 
        dAclIPv6AccRuleFragments		   TruthValue,
        dAclIPv6AccRuleFlowLabel		   Integer32,        
        dAclIPv6AccRuleTrafficClass 	   Integer32,  	
        dAclIPv6AccRuleUserDefProtocolMask OCTET STRING,
        dAclIPv6AccRuleSrcPortMask         OCTET STRING, 
        dAclIPv6AccRuleDstPortMask         OCTET STRING,
        dAclIPv6AccRuleDscpMask            OCTET STRING,
        dAclIPv6AccRuleFlowLabelMask	   OCTET STRING,		 
        dAclIPv6AccRuleTrafficClassMask	   OCTET STRING      	
    }

    dAclIPv6AccessRuleSn OBJECT-TYPE
        SYNTAX          Integer32 (0..65535)
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "Specifies the sequence number of this rule. 
            The lower the number is, the higher the priority of the rule.
            The special value of 0 means the sequence number will be automatically
            determined by the agent."
        ::= { dAclIPv6AccessRuleEntry 1 }

    dAclIPv6AccessRuleRowStatus OBJECT-TYPE
        SYNTAX          RowStatus
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "The row status variable, used according to installation
             and removal conventions for conceptual rows."
        ::= { dAclIPv6AccessRuleEntry 2 }

    dAclIPv6AccessRuleAction OBJECT-TYPE
        SYNTAX          DlinkAclRuleType
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object indicates the result of the packet examination is to
            permit or deny or prevent to CPU."            
        ::= { dAclIPv6AccessRuleEntry 3 }

    dAclIPv6AccessRuleProtocol OBJECT-TYPE
        SYNTAX      INTEGER { 
            none(0),
            userDefine(1),  
            tcp(2),
            udp(3),                              
            icmp(4),
            esp(5),
            pcp(6),
            sctp(7)                              
        }
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "Specifies the IP protocol."
        ::= { dAclIPv6AccessRuleEntry 4 }

    dAclIPv6AccessRuleUserDefProtocol OBJECT-TYPE
        SYNTAX          Integer32 (-1 | 0..255)
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies the user defined protocol ID when the 
            dAclIPv6AccessRuleProtocol is 'userDefine (1)'. 
            The value of -1 means the user defined protocol ID is not
            specified."
        DEFVAL { -1 }                     
        ::= { dAclIPv6AccessRuleEntry 5 }

    dAclIPv6AccessRuleSrcAddr OBJECT-TYPE
        SYNTAX          InetAddressIPv6
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies a source IPv6 address."
        ::= { dAclIPv6AccessRuleEntry 6 }

    dAclIPv6AccessRuleSrcPrefixLen OBJECT-TYPE
        SYNTAX          InetAddressPrefixLength
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION           
            "Specifies the length in bits of source IPv6 address will be
            matched. In other words, the value of 0 indicates any source
            IPv6 address is specified. When the value of 128 indicates
            host IPv6 source address is specified."
        ::= { dAclIPv6AccessRuleEntry 7 }
           
    dAclIPv6AccessRuleDstAddr OBJECT-TYPE
        SYNTAX          InetAddressIPv6
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies a destination IPv6 address."
        ::= { dAclIPv6AccessRuleEntry 8 }

    dAclIPv6AccessRuleDstPrefixLen OBJECT-TYPE
        SYNTAX          InetAddressPrefixLength
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
           "Specifies the length in bits of destination IPv6 address will be
            matched. In other words, the value of 0 indicates any destination
            IPv6 address is specified. When the value of 128 indicates
            host IPv6 destination address is specified."
        ::= { dAclIPv6AccessRuleEntry 9 }

     dAclIPv6AccessRuleSrcOperator OBJECT-TYPE
        SYNTAX          DlinkAclPortOperatorType
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object indicates how a packet's TCP/UDP source port number is
            compared.
            When the value of this object is eq(2),gt(3),lt(4) or neq(5) uses
            the dAclIPv6AccessRuleSrcPort as an operand which is the only one needed. 
           
            When the value of this object is range(6) needs 2 operands. One is 
            dAclIPv6AccessRuleSrcPort, which is the starting port number of the 
            range, and the other operand is dAclIPv6AccessRuleSrcPortRange, 
            which is the ending port number of the range.
           
            When the value of this object is mask(7) needs 2 operands. One is 
            dAclIPv6AccessRuleSrcPort, the other operand is dAclIPv6AccessRuleSrcPortMask.  
                   
            This object is used for TCP/UDP protocol only, hence when the object
            'dAclIPv6AccessRuleProtocol' is set to other than TCP/UDP, the object has
            to be 'none(1)'."
        ::= { dAclIPv6AccessRuleEntry 10 }
              
    dAclIPv6AccessRuleSrcPort OBJECT-TYPE
        SYNTAX          Integer32 (-1..65535)
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object indicates the source port number of TCP/UDP protocol.
            If the value is -1, it means the value is not specified.
            If the dAclIPv6AccessRuleSrcOperator object in the same row is
            range(6), this object will be the starting port number of the port
            range.
            This object only can be configured dAclIPv6AccessRuleSrcOperator in
            the same row is not 'none(1)'."
        DEFVAL { -1 }
        ::= { dAclIPv6AccessRuleEntry 11 }

    dAclIPv6AccessRuleSrcPortRange OBJECT-TYPE
        SYNTAX          Integer32 (-1..65535)
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION            
            "The source port number of the TCP/UDP protocol. If the
            dAclIPv6AccessRuleSrcOperator object in the same row is range(6), this
            object will be the ending port number of the port range.
           The value of -1 means the ending port number is not specified."        
        DEFVAL { -1 }
        ::= { dAclIPv6AccessRuleEntry 12 }
                    
    dAclIPv6AccessRuleDstOperator OBJECT-TYPE
        SYNTAX          DlinkAclPortOperatorType
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object indicates how a packet's TCP/UDP destination port number is
            compared.
            When the value of this object is eq(2),gt(3),lt(4) or neq(5) uses
            the dAclIPv6AccessRuleDstPort as an operand which is the only one needed. 
           
            When the value of this object is range(6) needs 2 operands. One is 
            dAclIPv6AccessRuleDstPort, which is the starting port number of the 
            range, and the other operand is dAclIPv6AccessRuleDstPortRange, 
            which is the ending port number of the range.
            
            When the value of this object is mask(7) needs 2 operands. One is 
            dAclIPv6AccessRuleDstPort, the other operand is dAclIPv6AccessRuleDstPortMask.         
            
            This object is used for TCP/UDP protocol only, hence when the object
            'dAclIPv6AccessRuleProtocol' is set to other than TCP/UDP, the object has
            to be 'none(1)'."
        ::= { dAclIPv6AccessRuleEntry 13 }
     
     dAclIPv6AccessRuleDstPort OBJECT-TYPE
        SYNTAX      Integer32 (-1..65535)
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "This object indicates the destination port number of TCP/UDP protocol.
            If the value is -1, it means the value is not specified.
            If the dAclIPv6AccessRuleDstOperator object in the same row is
            range(6), this object will be the starting port number of the port
            range.
            This object only can be configured dAclIPv6AccessRuleDstOperator in
            the same row is not 'none(1)'."
        DEFVAL { -1 }
        ::= { dAclIPv6AccessRuleEntry 14 }
         
    dAclIPv6AccessRuleDstPortRange OBJECT-TYPE
        SYNTAX          Integer32 (-1..65535)
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION            
            "The destination port number of the TCP/UDP protocol. If the
            dAclIPv6AccessRuleDstOperator object in the same row is range(6), this
            object will be the ending port number of the port range.
            The value of -1 means the ending port number is not specified."        
        ::= { dAclIPv6AccessRuleEntry 15 }
           
    dAclIPv6AccessRuleDscp OBJECT-TYPE        
        SYNTAX       Integer32 (-1 | 0 .. 63)
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "Specifies the matching DSCP code value in IPv6 header.
            The value of -1 means the DSCP value is not specified." 
        DEFVAL { -1 }
        ::= { dAclIPv6AccessRuleEntry 16 }
    
     dAclIPv6AccessRuleIcmpType OBJECT-TYPE
        SYNTAX      Integer32 (-1 | 0..255)
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "This object indicates the type of ICMP protocol.
            The value of -1 means the ICMP type is not specified.
            This object is used for ICMP protocol only, hence when the object
            'dAclIPv6AccessRuleProtocol' is set to other than ICMP, the object has
            to be -1."
        DEFVAL { -1 }    
        ::= { dAclIPv6AccessRuleEntry 17 }
    
    dAclIPv6AccessRuleIcmpCode OBJECT-TYPE
        SYNTAX      Integer32 (-1 | 0..255)
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "This object indicates the code of ICMP protocol.
            If the value is -1, it means the value is not specified.
            This object is used for ICMP protocol only, hence when the object
            'dAclIPv6AccessRuleProtocol' is set to other than ICMP, the object has
            to be -1."
        DEFVAL { -1 }    
        ::= { dAclIPv6AccessRuleEntry 18 }
            
    dAclIPv6AccessRuleTimeName  OBJECT-TYPE
        SYNTAX      DisplayString
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "Specifies the name of time-period profile associated with the 
            access-list delineating its activation period.
            The value 'NULL' means that this rule is not bound with any Time
            mechanism."
        ::= { dAclIPv6AccessRuleEntry 19 }
        
	dAclIPv6AccRuleTcpFlag  OBJECT-TYPE
        SYNTAX        TcpFlag
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "Specifies the TCP flag fields. And this node is available only for TCP protocol. 
            	The default value for this node is empty set, which means no TCP flag values are set.  					
             	"
        ::= { dAclIPv6AccessRuleEntry 20 } 
        
    dAclIPv6AccRuleFragments  OBJECT-TYPE
        SYNTAX       TruthValue
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "This object indicates the Packet fragment filtering status 
            is  enabled('true') or disabled('false')."
        ::= { dAclIPv6AccessRuleEntry 21 } 
      
    dAclIPv6AccRuleFlowLabel  OBJECT-TYPE
        SYNTAX       Integer32 (-1 | 0..1048575)
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "This object indicates the Flow label value.
            The value of -1 means the flow-label value is not specified.
		"
        DEFVAL { -1 }
        ::= { dAclIPv6AccessRuleEntry 22 }  
     
     dAclIPv6AccRuleTrafficClass OBJECT-TYPE        
        SYNTAX       Integer32 (-1 | 0 .. 255)
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "Specifies the matching traffic class value in IPv6 header.
            The value of -1 means the traffic class value is not specified.
            This node and dAclIPv6AccessRuleDscp cannot be specified at same time in a row.
            " 
        DEFVAL { -1 }
        ::= { dAclIPv6AccessRuleEntry 23 }

     dAclIPv6AccRuleUserDefProtocolMask OBJECT-TYPE
        SYNTAX OCTET STRING(SIZE(1))
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies the mask for protocol ID defined by dAclIPv6AccessRuleUserDefProtocol. 
             Valid values are from 0x00 to 0xFF.
             Default value is 0xFF.
             This node is valid only for the dAclIPv6AccessRuleUserDefProtocol specified."                     
        ::= { dAclIPv6AccessRuleEntry 24 }
     
     dAclIPv6AccRuleSrcPortMask OBJECT-TYPE
        SYNTAX OCTET STRING(SIZE(2))
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies the mask for L4 source port defined by dAclIPv6AccessRuleSrcPort. 
             Valid values are from 0x0 to 0xFFFF.
             Default value is 0xFFFF.
             This object only can be configured dAclIPv6AccessRuleSrcOperator in the 
             same row is 'mask(7)'.              
             This node is valid only for the dAclIPv6AccessRuleSrcPort specified." 
        ::= { dAclIPv6AccessRuleEntry 25 } 
     
     dAclIPv6AccRuleDstPortMask OBJECT-TYPE
        SYNTAX OCTET STRING(SIZE(2))
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies the mask for L4 destination port defined by dAclIPv6AccessRuleDstPort. 
             Valid values are from 0x0 to 0xFFFF.
             Default value is 0xFFFF.
             This object only can be configured dAclIPv6AccessRuleDstOperator in the 
             same row is 'mask(7)'.
             This node is valid only for the dAclIPv6AccessRuleDstPort specified."  
        ::= { dAclIPv6AccessRuleEntry 26 } 
     
     dAclIPv6AccRuleDscpMask OBJECT-TYPE        
        SYNTAX OCTET STRING(SIZE(1))
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "Specifies the mask for DSCP code defined by dAclIPv6AccessRuleDscp.
             Valid values are from 0x0 to 0x3F.
             Default value is 0x3F.
             This node is valid only for the dAclIPv6AccessRuleDscp specified." 
        ::= { dAclIPv6AccessRuleEntry 27 }
        
     dAclIPv6AccRuleFlowLabelMask  OBJECT-TYPE
        SYNTAX OCTET STRING(SIZE(3))
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "Specifies the mask for Flow label value defined by dAclIPv6AccRuleFlowLabel.
             Valid values are from 0x0 to 0xFFFFF.
             Default value is 0xFFFFF.
             This node is valid only for the dAclIPv6AccRuleFlowLabel specified." 
       ::= { dAclIPv6AccessRuleEntry 28 }  
         
     dAclIPv6AccRuleTrafficClassMask  OBJECT-TYPE
        SYNTAX OCTET STRING(SIZE(1))
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "Specifies the mask for traffic class defined by dAclIPv6AccRuleTrafficClass.
             Valid values are from 0x0 to 0xFF.
             Default value is 0xFF.
             This node is valid only for the dAclIPv6AccRuleTrafficClass specified." 
        ::= { dAclIPv6AccessRuleEntry 29 } 
 
 -- -----------------------------------------------------------------------------  
    dAclIPv6AccessGroupTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF DAclIPv6AccessGroupEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "The table represents a list of IPv6 access group configuration."
        ::= { dAclIPv6 4 }

    dAclIPv6AccessGroupEntry OBJECT-TYPE
        SYNTAX          DAclIPv6AccessGroupEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION            
            "An entry in dAclIPv6AccessGroupTable contains interface specific 
            IPv6 access list association."
        INDEX { dAclIPv6AccessGroupIfIndex, dAclIpv6AccessGroupApplyDirection }
        ::= { dAclIPv6AccessGroupTable 1 }

    DAclIPv6AccessGroupEntry ::= SEQUENCE {
        dAclIPv6AccessGroupIfIndex     InterfaceIndex,
        dAclIpv6AccessGroupApplyDirection	INTEGER,
        dAclIPv6AccessGroupStatus      RowStatus,
        dAclIPv6AccessGroupAclName   DisplayString,
        dAclIPv6AccessGroupAclId		Integer32
        }

    dAclIPv6AccessGroupIfIndex OBJECT-TYPE
        SYNTAX      InterfaceIndex
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "Indicates the ifIndex of the interface.
            Only physical port is valid interface."
        ::= { dAclIPv6AccessGroupEntry 1 }
            
    dAclIpv6AccessGroupApplyDirection OBJECT-TYPE
        SYNTAX      INTEGER{ 
            				inbound(1),
            				outbound(2)         
       					 }
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
           	"Indicates whether this ACL access list is to be attached to ingress or egress direction." 
        ::= { dAclIPv6AccessGroupEntry 2 }
    dAclIPv6AccessGroupStatus OBJECT-TYPE
        SYNTAX      RowStatus
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The row status variable, used according to installation
             and removal conventions for conceptual rows."
        ::= { dAclIPv6AccessGroupEntry 3 }

     dAclIPv6AccessGroupAclName OBJECT-TYPE
        SYNTAX      DisplayString (SIZE (1..32))
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The name of the IPv6 access list to be applied."
        ::= { dAclIPv6AccessGroupEntry 4 }

 	dAclIPv6AccessGroupAclId OBJECT-TYPE
        SYNTAX      Integer32
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The ID of the IPv6 access list to be applied. 
           	User maybe specify access list ID(by this object) or name (by 
           	dAclIPv6AccessGroupAclName) to be applied. If both access list 
           	ID and name are specified, the access list name specified by 
           	dAclIPv6AccessGroupAclName will be take.
			"
        ::= { dAclIPv6AccessGroupEntry 5 }
-- -----------------------------------------------------------------------------
    dAclExpert              OBJECT IDENTIFIER ::= { dAclMIBObjects 5 }
    dAclExpertAccessListNumber  OBJECT-TYPE
        SYNTAX          Unsigned32
        MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION
            "Indicates the number of entries present in the extended expert 
            access list table."
        ::= { dAclExpert 1 }

    dAclExpertAccessListTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF DAclExpertAccessListEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "The table contains information about extended expert access list."
        ::= { dAclExpert 2 }

    dAclExpertAccessListEntry OBJECT-TYPE
        SYNTAX          DAclExpertAccessListEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "An entry defined in dAclExpertAccessListTable. An entry is 
            created/removed when an extended expert access list is 
            created/deleted."
        INDEX { dAclExpertAccessListName }
        ::= { dAclExpertAccessListTable 1 }

    DAclExpertAccessListEntry ::= SEQUENCE {
        dAclExpertAccessListName           DisplayString,
        dAclExpertAccessListRowStatus      RowStatus,
        dAclExpertAccessListId		   Integer32,
        dAclExpertAccessListCounterEnabled		TruthValue,
        dAclExpertAccessListClearStatAction 	INTEGER,
        dAclExpertAccessListRemark      DisplayString	
    }

    dAclExpertAccessListName OBJECT-TYPE
        SYNTAX          DisplayString (SIZE (1..32))
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "The name of the extended expert access list."
        ::= { dAclExpertAccessListEntry 1 }

    dAclExpertAccessListRowStatus OBJECT-TYPE
        SYNTAX      RowStatus
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "This object allows the dynamic creation and
             deletion of an extended expert access list."
        ::= { dAclExpertAccessListEntry 2 }
	
    dAclExpertAccessListId OBJECT-TYPE
        SYNTAX          Integer32
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "The number of the extended expert access list."         
        ::= { dAclExpertAccessListEntry 3 }
     	    
    dAclExpertAccessListCounterEnabled		OBJECT-TYPE
        SYNTAX 				TruthValue
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
             "This object indicates the counter state of the access list is
              enabled('true') or disabled('false'). And the counter just for 
              the all interface that applied the access list in
              dAclExpertAccessGroupTable."
        ::= { dAclExpertAccessListEntry 4 }
 
      dAclExpertAccessListClearStatAction  	OBJECT-TYPE
        SYNTAX  			INTEGER{
			                clear(1),
			                noOp(2)
            }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object is used to clear statistics of the access list when set
            to 'clear'. No action is taken if this object is set to 'noOp'.
            The 'clear' action just for the all interface that applied the access 
            list in dAclExpertAccessGroupTable.
            When read, the value 'noOp' is returned."
        ::= { dAclExpertAccessListEntry 5 }    
                  
    dAclExpertAccessListRemark OBJECT-TYPE
        SYNTAX          		DisplayString (SIZE (0..255))
        MAX-ACCESS       read-create
        STATUS          current
        DESCRIPTION
            "The description of the Expert access list."
        ::= { dAclExpertAccessListEntry 6 }   
                
-- -----------------------------------------------------------------------------          
    dAclExpertAccessRuleTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF DAclExpertAccessRuleEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "A table consists of a list of rules for the extended expert access list."
        ::= { dAclExpert 3 }

    dAclExpertAccessRuleEntry OBJECT-TYPE
        SYNTAX          DAclExpertAccessRuleEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "An entry is defined ddAclExpertAccessRuleTable. 
            The first instance identifier index value identifies the 
            dAclExpertAccessListEntry that a extended expert access rule
            (dAclExpertAccessRuleEntry) belongs to. 
            An entry is removed from this table when its 
            corresponding dAclExpertAccessListEntry is deleted."
        INDEX { 
            dAclExpertAccessListName, 
            dAclExpertAccRuleSn 
        }
        ::= { dAclExpertAccessRuleTable 1 }

    DAclExpertAccessRuleEntry ::= SEQUENCE {
        dAclExpertAccRuleSn           Integer32,
        dAclExpertAccRuleRowStatus          RowStatus,
        dAclExpertAccRuleAction             DlinkAclRuleType,
        dAclExpertAccRuleProtocol           INTEGER,
        dAclExpertAccRuleUserDefProtocol    Integer32,
        dAclExpertAccRuleSrcIpAddr          IpAddress,
        dAclExpertAccRuleSrcIpWildcard      IpAddress,
        dAclExpertAccRuleSrcMacAddr         MacAddress,
        dAclExpertAccRuleSrcMacWildcard     MacAddress,
        dAclExpertAccRuleSrcOperator        DlinkAclPortOperatorType,
        dAclExpertAccRuleSrcPort            Integer32,
        dAclExpertAccRuleSrcPortRange       Integer32,           
        dAclExpertAccRuleDstIpAddr          IpAddress,
        dAclExpertAccRuleDstIpWildcard      IpAddress,
        dAclExpertAccRuleDstMacAddr         MacAddress,
        dAclExpertAccRuleDstMacWildcard     MacAddress,
        dAclExpertAccRuleDstOperator        DlinkAclPortOperatorType,
        dAclExpertAccRuleDstPort            Integer32,
        dAclExpertAccRuleDstPortRange       Integer32,        
        dAclExpertAccRuleVlanID             VlanIdOrNone,   
        dAclExpertAccRuleInnerVlanID        VlanIdOrNone,       
        dAclExpertAccRuleQosPrecedence      Integer32,
        dAclExpertAccRuleQosTos             Integer32,
        dAclExpertAccRuleQosDscp            Integer32,
        dAclExpertAccRuleIcmpType           Integer32,
        dAclExpertAccRuleIcmpCode           Integer32,              
        dAclExpertAccRuleTimeName          DisplayString,
        dAclExpertAccRuleTcpFlag			TcpFlag,
        dAclExpertAccRuleFragments			TruthValue,
        dAclExpertAccRuleOuterCos			Integer32,
        dAclExpertAccRuleInnerCos			Integer32,
        dAclExpertAccRuleUserDefProtocolMask    OCTET STRING,
        dAclExpertAccRuleSrcPortMask            OCTET STRING, 
        dAclExpertAccRuleDstPortMask          	OCTET STRING,
        dAclExpertAccRuleVlanIDMask             OCTET STRING,   
        dAclExpertAccRuleInnerVlanIDMask        OCTET STRING,       
        dAclExpertAccRuleQosPrecedenceMask      OCTET STRING,
        dAclExpertAccRuleQosTosMask             OCTET STRING,
        dAclExpertAccRuleQosDscpMask            OCTET STRING, 
        dAclExpertAccRuleOuterCosMask		OCTET STRING,
        dAclExpertAccRuleInnerCosMask		OCTET STRING,
        dAclExpertAccRuleVlanRangeMin           VlanIdOrNone, 
        dAclExpertAccRuleVlanRangeMax           VlanIdOrNone
    }
                    
    dAclExpertAccRuleSn  OBJECT-TYPE
        SYNTAX          Integer32 (0..65535)
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
           "Specifies the sequence number of this rule. 
            The lower the number is, the higher the priority of the rule.
            The special value of 0 means the sequence number will be automatically 
            determined by the agent."
        ::= { dAclExpertAccessRuleEntry 1 }

    dAclExpertAccRuleRowStatus OBJECT-TYPE
        SYNTAX          RowStatus
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "The row status variable, used according to installation
             and removal conventions for conceptual rows."
        ::= { dAclExpertAccessRuleEntry 2 }

    dAclExpertAccRuleAction OBJECT-TYPE
        SYNTAX          DlinkAclRuleType
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object indicates the result of the packet examination is to
            permit or deny or prevent to CPU."            
        ::= { dAclExpertAccessRuleEntry 3 }

    dAclExpertAccRuleProtocol OBJECT-TYPE
        SYNTAX      INTEGER { 
            none(0),
            userDefine(1),
            tcp(2),
            udp(3),                             
            icmp(4),
            gre(5),
            esp(6),
            eigrp(7),
            igmp(8),
            ospf(9),
            pim(10),
            vrrp(11),
            ipinip(12),
            pcp(13)       
        }
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "Specifies the IP protocol."
        ::= { dAclExpertAccessRuleEntry 4 }

    dAclExpertAccRuleUserDefProtocol OBJECT-TYPE
        SYNTAX          Integer32 (-1 | 0..255)
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies the user defined protocol ID when the 
            dAclExpertAccRuleProtocol is 'userDefine (1)'. 
            The value of -1 means the user defined protocol ID is not
            specified."
        DEFVAL { -1 }                     
        ::= { dAclExpertAccessRuleEntry 5 }

    dAclExpertAccRuleSrcIpAddr OBJECT-TYPE
        SYNTAX          IpAddress
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies a source IP address."
        ::= { dAclExpertAccessRuleEntry 6 }

    dAclExpertAccRuleSrcIpWildcard OBJECT-TYPE
        SYNTAX     IpAddress
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION           
            "This object is a wildcard bitmap to specify a group of source IP
            addresses. The bit value 1 indicates the corresponding bit will
            be ignored. The bit value 0 indicates the corresponding bit will be
            checked. In other words, when the value of all 'ff'Hs indicates any
            IP source address is specified. When the value of all '00'Hs indicates
            host IP source address is specified."
        ::= { dAclExpertAccessRuleEntry 7 }
    
    dAclExpertAccRuleSrcMacAddr OBJECT-TYPE
        SYNTAX          MacAddress
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies a source MAC address."
        ::= { dAclExpertAccessRuleEntry 8 }

    dAclExpertAccRuleSrcMacWildcard OBJECT-TYPE
        SYNTAX          MacAddress
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object is a wildcard bitmap to specify a group of source
            MAC addresses. The bit value 1 indicates the corresponding bit will
            be ignored. The bit value 0 indicates the corresponding bit will be
            checked. In other words, when the value of all 'ff'Hs indicates any
            source MAC address is specified. When the value of all '00'Hs indicates
            host source MAC address is specified."
        ::= { dAclExpertAccessRuleEntry 9 }
        
    dAclExpertAccRuleSrcOperator OBJECT-TYPE
        SYNTAX          DlinkAclPortOperatorType
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object indicates how a packet's source TCP/UDP port number is
            compared.
            When the value of this object is eq(2),gt(3),lt(4) or neq(5) uses
            the dAclExpertAccsRuleSrcPort as an operand which is the only one needed. 
           
            When the value of this object is range(6) needs 2 operands. One is 
            dAclExpertAccsRuleSrcPort, which is the starting port number of the 
            range, and the other operand is dAclExpertAccsRuleSrcPortRange, 
            which is the ending port number of the range.  
            
            When the value of this object is mask(7) needs 2 operands. One is 
            dAclExpertAccsRuleSrcPort, the other operand is dAclExpertAccsRuleSrcPortMask.  
                  
            This object is used for TCP/UDP protocol only, hence when the object
            'dAclExpertAccRuleProtocol' is set to other than TCP/UDP, the object has
            to be 'none(1)'."
        ::= { dAclExpertAccessRuleEntry 10 }
              
    dAclExpertAccRuleSrcPort OBJECT-TYPE
        SYNTAX          Integer32 (-1..65535)
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object indicates the source port number of TCP/UDP protocol.
            If the value is -1, it means the value is not specified.
            If the dAclExpertAccsRuleSrcOperator object in the same row is
            range(6), this object will be the starting port number of the port
            range.
            This object only can be configured dAclExpertAccsRuleSrcOperator in
            the same row is not 'none(1)'."
        DEFVAL { -1 }
        ::= { dAclExpertAccessRuleEntry 11 }

    dAclExpertAccRuleSrcPortRange OBJECT-TYPE
        SYNTAX          Integer32 (-1..65535)
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION            
            "The source port number of the TCP/UDP protocol. If the
            dAclExpertAccsRuleSrcOperator object in the same row is range(6), this
            object will be the ending port number of the port range.
           The value of -1 means the ending port number is not specified."        
        DEFVAL { -1 }
        ::= { dAclExpertAccessRuleEntry 12 }
        
     dAclExpertAccRuleDstIpAddr OBJECT-TYPE
        SYNTAX     IpAddress
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
            "Specifies a destination IP address."
        ::= { dAclExpertAccessRuleEntry 13 }

    dAclExpertAccRuleDstIpWildcard OBJECT-TYPE
        SYNTAX     IpAddress
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
            "This object is a wildcard bitmap to specify a group of destination IP
            addresses. The bit value 1 indicates the corresponding bit will
            be ignored. The bit value 0 indicates the corresponding bit will be
            checked. In other words, when the value of all 'ff'Hs indicates any
            IP destination address is specified. When the value of all '00'Hs indicates
            host IP destination address is specified."
        ::= { dAclExpertAccessRuleEntry 14 }    
    
    dAclExpertAccRuleDstMacAddr  OBJECT-TYPE
        SYNTAX          MacAddress
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies a destination MAC address."
        ::= { dAclExpertAccessRuleEntry 15 }

    dAclExpertAccRuleDstMacWildcard  OBJECT-TYPE
        SYNTAX          MacAddress
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object is a wildcard bitmap to specify a group of destination
            MAC addresses. The bit value 1 indicates the corresponding bit will
            be ignored. The bit value 0 indicates the corresponding bit will be
            checked. In other words, when the value of all 'ff'Hs indicates any
            destination MAC address is specified. When the value of all '00'Hs 
            indicates host destination MAC address is specified."
        ::= { dAclExpertAccessRuleEntry 16 }
            
    dAclExpertAccRuleDstOperator OBJECT-TYPE
        SYNTAX          DlinkAclPortOperatorType
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object indicates how a packet's TCP/UDP destination port number is
            compared.
            When the value of this object is eq(2),gt(3),lt(4) or neq(5) uses
            the dAclExpertAccsRuleDstPort as an operand which is the only one needed. 
           
            When the value of this object is range(6) needs 2 operands. One is 
            dAclExpertAccsRuleDstPort, which is the starting port number of the 
            range, and the other operand is dAclExpertAccsRuleDstPortRange, 
            which is the ending port number of the range. 
             
            When the value of this object is mask(7) needs 2 operands. One is 
            dAclExpertAccsRuleDstPort, the other operand is dAclExpertAccsRuleDstPortMask.  
                  
            This object is used for TCP/UDP protocol only, hence when the object
            'dAclExpertAccRuleProtocol' is set to other than TCP/UDP, the object has
            to be 'none(1)'."
        ::= { dAclExpertAccessRuleEntry 17 }
     
     dAclExpertAccRuleDstPort OBJECT-TYPE
        SYNTAX      Integer32 (-1..65535)
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "This object indicates the destination port number of TCP/UDP protocol.
            If the value is -1, it means the value is not specified.
            If the dAclExpertAccsRuleDstOperator object in the same row is
            range(6), this object will be the starting port number of the port
            range.
            This object only can be configured dAclExpertAccsRuleDstOperator in
            the same row is not 'none(1)'."
        DEFVAL { -1 }
        ::= { dAclExpertAccessRuleEntry 18 }
         
    dAclExpertAccRuleDstPortRange OBJECT-TYPE
        SYNTAX          Integer32 (-1..65535)
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION            
            "The destination port number of the TCP/UDP protocol. If the
            dAclExpertAccsRuleDstOperator object in the same row is range(6), this
            object will be the ending port number of the port range.
            The value of -1 means the ending port number is not specified."        
        DEFVAL { -1 }
        ::= { dAclExpertAccessRuleEntry 19 }
        
    dAclExpertAccRuleVlanID  OBJECT-TYPE
        SYNTAX          VlanIdOrNone
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies the VLAN ID. 
            A value of zero indicates the VLAN ID is not specified."
        DEFVAL { 0 }
        ::= { dAclExpertAccessRuleEntry 20 }

    dAclExpertAccRuleInnerVlanID  OBJECT-TYPE
        SYNTAX          VlanIdOrNone
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies the inner VLAN ID. A value of zero indicates 
            the inner VLAN ID is not specified."
        DEFVAL { 0 }
        ::= { dAclExpertAccessRuleEntry 21 }
                      
    dAclExpertAccRuleQosPrecedence  OBJECT-TYPE
        SYNTAX       Integer32 (-1 | 0..7)
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "Specifies the value of precedence.
             The value of -1 means the value is not specified or not applicable.                          
             dAclExpertAccRuleQosPrecedence and dAclExpertAccRuleQosDscp cannot
             be specified at same time in a row."
        DEFVAL { -1 }
        ::= { dAclExpertAccessRuleEntry 22 }
  
    dAclExpertAccRuleQosTos  OBJECT-TYPE
        SYNTAX       Integer32 (-1 | 0..15)
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "Specifies the value of type of service.
             The value of -1 means the value is not specified or not applicable.                          
             dAclExpertAccRuleQosTos and dAclExpertAccRuleQosDscp cannot
             be specified at same time in a row."
        DEFVAL { -1 }
        ::= { dAclExpertAccessRuleEntry 23 } 
    
     dAclExpertAccRuleQosDscp  OBJECT-TYPE
        SYNTAX       Integer32 (-1 | 0..63)
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "Specifies the value of DSCP code.
             The value of -1 means the value is not specified or not applicable.                          
             Neither dAclExpertAccRuleQosPrecedence nor dAclExpertAccRuleQosTos
             can be specified with dAclExpertAccRuleQosDscp at same time in a 
             row."
        DEFVAL { -1 }
        ::= { dAclExpertAccessRuleEntry 24 } 
     
     dAclExpertAccRuleIcmpType OBJECT-TYPE
        SYNTAX          Integer32 (-1 | 0..255)
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object indicates the type of ICMP protocol.
            If the value is -1, it means the value is not specified.
            This object is used for ICMP protocol only, hence when the object
            'dAclExpertAccRuleProtocol' is set to other than ICMP, the object has
            to be -1."
        DEFVAL { -1 }    
        ::= { dAclExpertAccessRuleEntry 25 }
    
    dAclExpertAccRuleIcmpCode OBJECT-TYPE
        SYNTAX          Integer32 (-1 | 0..255)
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object indicates the code of ICMP protocol.
            If the value is -1, it means the value is not specified.
            This object is used for ICMP protocol only, hence when the object
            'dAclExpertAccRuleProtocol' is set to other than ICMP, the object has
            to be -1."
        DEFVAL { -1 }    
        ::= { dAclExpertAccessRuleEntry 26 }
    
    dAclExpertAccRuleTimeName  OBJECT-TYPE
        SYNTAX          DisplayString
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies the name of time-period profile associated with the 
            access-list delineating its activation period. 
            The value 'NULL' means that this rule is not bound with any Time
            mechanism." 
        ::= { dAclExpertAccessRuleEntry 27 }
        
    dAclExpertAccRuleTcpFlag  OBJECT-TYPE
         SYNTAX       TcpFlag
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "Specifies the TCP flag fields. 
            This node is available only for TCP protocol. 
            The default value for this node is empty set, which means no TCP flag
            values are set.  					
            "
        ::= { dAclExpertAccessRuleEntry 28 } 
        
    dAclExpertAccRuleFragments  OBJECT-TYPE
        SYNTAX       TruthValue
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "This object indicates the Packet fragment filtering status 
            is  enabled('true') or disabled('false')."
        ::= { dAclExpertAccessRuleEntry 29 } 
        
    dAclExpertAccRuleOuterCos  OBJECT-TYPE
        SYNTAX       Integer32 (-1 | 0..7)
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "Specifies the value of inner priority.
             The value of -1 means the value is not specified or not applicable.                          
         	"
        DEFVAL { -1 }
        ::= { dAclExpertAccessRuleEntry 30 }
                
    dAclExpertAccRuleInnerCos  OBJECT-TYPE
        SYNTAX       Integer32 (-1 | 0..7)
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "Specifies the value of inner priority, the node is availabe just for the 
            node dAclExpertAccRuleOuterCos be specified.
             The value of -1 means the value is not specified or not applicable.        
         	"
        DEFVAL { -1 }
        ::= { dAclExpertAccessRuleEntry 31 } 

     dAclExpertAccRuleUserDefProtocolMask OBJECT-TYPE
        SYNTAX OCTET STRING(SIZE(1))
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies the mask for protocol ID defined by dAclExpertAccRuleUserDefProtocol. 
             Valid values are from 0x00 to 0xFF.
             Default value is 0xFF.
             This node is valid only for the dAclExpertAccRuleUserDefProtocol specified."                    
        ::= { dAclExpertAccessRuleEntry 32 }
     
     dAclExpertAccRuleSrcPortMask OBJECT-TYPE
        SYNTAX OCTET STRING(SIZE(2))
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies the mask for L4 source port defined by dAclExpertAccRuleSrcPort. 
             Valid values are from 0x0 to 0xFFFF.
             Default value is 0xFFFF.
             This object only can be configured dAclExpertAccRuleSrcOperator in the 
             same row is 'mask(7)'.              
             "
        ::= { dAclExpertAccessRuleEntry 33 } 
     
     dAclExpertAccRuleDstPortMask OBJECT-TYPE
        SYNTAX OCTET STRING(SIZE(2))
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies the mask for L4 destination port defined by dAclExpertAccRuleDstPort. 
             Valid values are from 0x0 to 0xFFFF.
             Default value is 0xFFFF.
             This object only can be configured dAclExpertAccRuleDstOperator in the 
             same row is 'mask(7)'." 
        ::= { dAclExpertAccessRuleEntry 34 } 
        
     dAclExpertAccRuleVlanIDMask  OBJECT-TYPE
        SYNTAX OCTET STRING(SIZE(2))
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies the mask for VLAN ID defined by dAclExpertAccRuleVlanID.
             Valid values are from 0x0000 to 0x0FFF.
             This node and dAclExpertAccRuleVlanRangeMin/dAclExpertAccRuleVlanRangeMax 
             cannot be specified at same time in a row.
             Default value is 0x0FFF.
             This node is valid only for the dAclExpertAccRuleVlanID specified." 
        ::= { dAclExpertAccessRuleEntry 35 }

     dAclExpertAccRuleInnerVlanIDMask  OBJECT-TYPE
        SYNTAX OCTET STRING(SIZE(2))
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION  
            "Specifies the mask for inner VLAN ID defined by dAclExpertAccRuleInnerVlanID.
             Valid values are from 0x0000 to 0x0FFF.
             Default value is 0x0FFF.
             This node is valid only for the dAclExpertAccRuleInnerVlanID specified." 
        ::= { dAclExpertAccessRuleEntry 36 }  
        
    dAclExpertAccRuleQosPrecedenceMask  OBJECT-TYPE
        SYNTAX OCTET STRING(SIZE(1))
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "Specifies the mask for ip precedence defined by dAclExpertAccRuleQosPrecedence.
             Valid values are from 0x0 to 0x7.
             Default value is 0x7.
             This node is valid only for the dAclExpertAccRuleQosPrecedence specified." 
        ::= { dAclExpertAccessRuleEntry 37 }
  
     dAclExpertAccRuleQosTosMask  OBJECT-TYPE
        SYNTAX OCTET STRING(SIZE(1))
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "Specifies the mask for type of service defined by dAclExpertAccRuleQosTos.
             Valid values are from 0x0 to 0xF.
             Default value is 0xF.
             This node is valid only for the dAclExpertAccRuleQosTos specified." 
        ::= { dAclExpertAccessRuleEntry 38 } 
    
     dAclExpertAccRuleQosDscpMask  OBJECT-TYPE
        SYNTAX OCTET STRING(SIZE(1))
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "Specifies the mask for DSCP code defined by dAclExpertAccRuleQosDscp.
             Valid values are from 0x0 to 0x3F.
             Default value is 0x3F.
             This node is valid only for the dAclExpertAccRuleQosDscp specified." 
        ::= { dAclExpertAccessRuleEntry 39 } 
               
     dAclExpertAccRuleOuterCosMask  OBJECT-TYPE
        SYNTAX OCTET STRING(SIZE(1))
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "Specifies the mask for priority defined by dAclExpertAccRuleOuterCos.
             Valid values are from 0x00 to 0x07.
             Default value is 0x07.
             This node is valid only for the dAclExpertAccRuleOuterCos specified." 
         ::= { dAclExpertAccessRuleEntry 40 }
                      
     dAclExpertAccRuleInnerCosMask  OBJECT-TYPE
        SYNTAX OCTET STRING(SIZE(1))
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "Specifies the mask for inner priority defined by dAclExpertAccRuleInnerCos.
             Valid values are from 0x00 to 0x07.
             Default value is 0x07.
             This node is valid only for the dAclExpertAccRuleInnerCos specified." 
        ::= { dAclExpertAccessRuleEntry 41 }  
   
      dAclExpertAccRuleVlanRangeMin  OBJECT-TYPE
        SYNTAX       VlanIdOrNone
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "Specifies the minimum outer VLAN ID of a VLAN range. A value of zero
             indicates the VLAN range is not specified.    
             This node and dAclMacAccessRuleVlanID/dAclMacAccessRuleVlanIDMask cannot
             be specified at same time in a row.
             This node is valid only for the dAclExpertAccRuleVlanRangeMax specified."
        DEFVAL { 0 }
        ::= { dAclExpertAccessRuleEntry 42 }
  
    dAclExpertAccRuleVlanRangeMax  OBJECT-TYPE
        SYNTAX       VlanIdOrNone
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
            "Specifies the maximum outer VLAN ID of a VLAN range. A value of zero
             indicates the VLAN range is not specified.    
             This node and dAclMacAccessRuleVlanID/dAclMacAccessRuleVlanIDMask cannot
             be specified at same time in a row.
             This node is valid only for the dAclExpertAccRuleVlanRangeMin specified."
        DEFVAL { 0 }
        ::= { dAclExpertAccessRuleEntry 43 } 
     
-- -----------------------------------------------------------------------------   
    dAclExpertAccessGroupTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF DAclExpertAccessGroupEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "The table represents a list of extended expert access group 
            configuration."
        ::= { dAclExpert 4 }

    dAclExpertAccessGroupEntry OBJECT-TYPE
        SYNTAX          DAclExpertAccessGroupEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "An entry in dAclExpertAccessGroupTable contains interface specific 
           extended expert access list association."
        INDEX { dAclExpertAccessGroupIfIndex , dAclExpertAccessGroupApplyDirection }
        ::= { dAclExpertAccessGroupTable 1 }

    DAclExpertAccessGroupEntry ::= SEQUENCE {
        dAclExpertAccessGroupIfIndex    InterfaceIndex,
        dAclExpertAccessGroupApplyDirection INTEGER,
        dAclExpertAccessGroupRowStatus  RowStatus,
        dAclExpertAccessGroupAclName  DisplayString,
        dAclExpertAccessGroupAclId 		Integer32
    }

    dAclExpertAccessGroupIfIndex OBJECT-TYPE
        SYNTAX      InterfaceIndex
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "Indicates the ifIndex of the interface.
            Only physical port is valid interface."
        ::= { dAclExpertAccessGroupEntry 1 }

    dAclExpertAccessGroupApplyDirection OBJECT-TYPE
        SYNTAX      INTEGER{ 
            				inbound(1),
            				outbound(2)         
       					 }
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
           	"Indicates whether this ACL access list is to be attached to ingress or egress direction." 
	   ::= { dAclExpertAccessGroupEntry 2 }
    dAclExpertAccessGroupRowStatus OBJECT-TYPE
        SYNTAX      RowStatus
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The row status variable, used according to installation
            and removal conventions for conceptual rows."
        ::= { dAclExpertAccessGroupEntry 3 }

    dAclExpertAccessGroupAclName OBJECT-TYPE
        SYNTAX      DisplayString (SIZE (1..32))
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The name of the Expert access list to be applied."             
        ::= { dAclExpertAccessGroupEntry 4 }
   
    	dAclExpertAccessGroupAclId OBJECT-TYPE
        SYNTAX      Integer32
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The ID of the Expert access list to be applied. 
           	User maybe specify access list ID(by this object) or name (by 
           	dAclExpertAccessGroupAclName) to be applied. If both access list 
           	ID and name are specified, the access list name specified by 
           	dAclExpertAccessGroupAclName will be take.
           "
        ::= { dAclExpertAccessGroupEntry 5 }
-- -----------------------------------------------------------------------------
    dAclVlan             OBJECT IDENTIFIER ::= { dAclMIBObjects 6 }
   
    dAclVlanSubMapTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF DAclVlanSubMapEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION            
            "The table contains a list of sub-map configuration. The first
            instance identifier index value (dAclVlanAccMapName) identifies the
            entry(dAclVlanSubMapEntry) belongs to.            
            A VLAN access map can contain multiple sub-maps, the packet that
            matches a sub-map (that is packet permitted by the associated
            access-list) will take the action specified for the same entry. 
            No further check against the next sub-maps is done. 
            If the packet does not match a sub-map, then the next sub-map will
            be checked. The checking sequence is determined by the value of
            dAclVlanAccSubMapSeq for a same VLAN acess map."
        ::= { dAclVlan 1}

    dAclVlanSubMapEntry OBJECT-TYPE
        SYNTAX          DAclVlanSubMapEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "An entry is defined dAclVlanSubMapTable. 
            "           
        INDEX { 
            dAclVlanAccMapName, 
            dAclVlanAccSubMapSeq 
        }
        ::= { dAclVlanSubMapTable 1 }

    DAclVlanSubMapEntry ::= SEQUENCE {
        dAclVlanAccMapName                  DisplayString,
        dAclVlanAccSubMapSeq                Integer32,
        dAclVlanAccSubMapRowStatus	        RowStatus,
        dAclVlanAccSubMapMatchAclName       DisplayString,
        dAclVlanAccessSubMapAction          INTEGER,     
        dAclVlanAccSubMapRedirectIfIndex    InterfaceIndexOrZero,
        dAclVlanAccSubMapMatchAclId       Integer32
    }
      
     dAclVlanAccMapName OBJECT-TYPE
        SYNTAX          DisplayString (SIZE (1..32))
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "This object is used to specify the name of an VLAN
            acess map."
        ::= { dAclVlanSubMapEntry 1 }  
     
     dAclVlanAccSubMapSeq OBJECT-TYPE
        SYNTAX          Integer32 ( 0 | 1..65535 )
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "Indicates the sequence number of a VLAN access rule. 
             The value range is 1 to 65535.             
             The value of 0 indicates the number is not specified and
             sequence number will be automatically assigned.
             "
        ::= { dAclVlanSubMapEntry 2 }
    
    dAclVlanAccSubMapRowStatus OBJECT-TYPE
        SYNTAX      RowStatus
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The row status variable, used according to installation
            and removal conventions for conceptual rows."
        ::= { dAclVlanSubMapEntry 3 }

    dAclVlanAccSubMapMatchAclName OBJECT-TYPE
        SYNTAX          DisplayString (SIZE (1..32))
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object indicates the name of MAC/IP/IPv6 ACL 
            which will be associated."
        ::= { dAclVlanSubMapEntry 4 }
        
     dAclVlanAccessSubMapAction OBJECT-TYPE
         SYNTAX      INTEGER { 
            none(1),
            forward(2),
            drop(3),
            redirect(4)
        }
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "This object indicates the action when the packet that matches
            a sub-map (that is packet permitted by the associated access-list). "
        ::= { dAclVlanSubMapEntry 5 }
     
     dAclVlanAccSubMapRedirectIfIndex OBJECT-TYPE
        SYNTAX          InterfaceIndexOrZero
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object indicates ifIndex of the interface the packet will be 
            redirected.
            When the dAclVlanAccessAction in the same row 
            is set to other than 'redirect', the object has to be zero, 
            which indicates the redirected interface is not specified or not
            applicable."           
        ::= { dAclVlanSubMapEntry 6 }

    dAclVlanAccSubMapMatchAclId OBJECT-TYPE
        SYNTAX          Integer32
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object indicates the ID of MAC/IP/IPv6 ACL access list
            which will be associated. 
            User may specify access list ID(by this object) or name (by
            dAclVlanAccSubMapMatchAclName) to be applied. If both access list 
            ID and name are specified, the access list name specified by 
            dAclVlanAccSubMapMatchAclName will be take.
            "
        ::= { dAclVlanSubMapEntry 7 }
-- -----------------------------------------------------------------------------           
    dAclVlanFilterTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF DAclVlanFilterEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "The table represents a list of VLAN access map configuration."
        ::= { dAclVlan 2 }

    dAclVlanFilterEntry OBJECT-TYPE
        SYNTAX          DAclVlanFilterEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION            
            "An entry in dAclVlanFilterTable contains vlan-specific 
            VLAN access map association."
        INDEX { dAclVlanFilterVlanId }
        ::= { dAclVlanFilterTable 1 }

    DAclVlanFilterEntry ::= SEQUENCE {
        dAclVlanFilterVlanId            VlanId,
        dAclVlanFilterRowStatus         RowStatus,
        dAclVlanFilterVlanAccMapName    DisplayString
       
    }

    dAclVlanFilterVlanId OBJECT-TYPE
        SYNTAX      VlanId
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "Indicates the VLAN ID of the entry. "
        ::= { dAclVlanFilterEntry 1 }

    dAclVlanFilterRowStatus OBJECT-TYPE
        SYNTAX      RowStatus
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The row status variable, used according to installation
             and removal conventions for conceptual rows."
        ::= { dAclVlanFilterEntry 2 }

    dAclVlanFilterVlanAccMapName OBJECT-TYPE
        SYNTAX      DisplayString (SIZE (1..32))
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The name of the access list to be applied for the VLAN.
             NULL value indicates the access list is not specified."
        ::= { dAclVlanFilterEntry 3 }
        
-- -----------------------------------------------------------------------------
    dAclVlanAccessMapTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF DAclVlanAccessMapEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION            
            "The table contains a list of VLAN access map configuration. "
        ::= { dAclVlan 3}

    dAclVlanAccessMapEntry OBJECT-TYPE
        SYNTAX          DAclVlanAccessMapEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "An entry is defined dAclVlanAccessMapTable. 
            "           
        INDEX { 
            dAclVlanAccMapName             
        }
        ::= { dAclVlanAccessMapTable 1 }

    DAclVlanAccessMapEntry ::= SEQUENCE {
        dAclVlanAccessMapCounterEnabled       TruthValue,
        dAclVlanAccessMapClearStatAction 		INTEGER
    }
    
    dAclVlanAccessMapCounterEnabled OBJECT-TYPE
        SYNTAX  TruthValue
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
             "This object indicates the counter state of the VLAN access map 
             is enabled('true') or disabled('false').
             The counter state setting just for the all VLAN interface that applied
             the access map in dAclVlanFilterTable."
        ::= { dAclVlanAccessMapEntry 1 }
 
    dAclVlanAccessMapClearStatAction  	OBJECT-TYPE
        SYNTAX  			INTEGER{
			                clear(1),
			                noOp(2)
            }
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
            "This object is used to clear statistics of the VLAN access map 
            when set to 'clear'. No action is taken if this object is set to 'noOp'.
             The 'clear' action just for the all entry that applied the VLAN 
             access map in dAclVlanFilterTable.
            When read, the value 'noOp' is returned."
        ::= { dAclVlanAccessMapEntry 2 }    
        
-- -----------------------------------------------------------------------------
    dAclCounter             OBJECT IDENTIFIER ::= { dAclMIBObjects 7 }
    
    dAclAccessGroupCounterTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF DAclAccessGroupCounterEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION    
       	   "This table maintains counter information associated with 
       	   a specific access list rule in the access rule table. 
       	   Please refer to the dAclMacAccessRuleTable, dAclIpAccessRuleTable,
       	   dAclIPv6AccessRuleTable and dAclExpertAccessRuleTable for 
       	   detailed ACL rule information.
       	   "
        ::= { dAclCounter 1}

    dAclAccessGroupCounterEntry OBJECT-TYPE
        SYNTAX          DAclAccessGroupCounterEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "An entry is defined dAclAccessGroupCounterTable.
            "           
        INDEX { 
            dAclAccessGroupCounterAccListId, 
            dAclAccessGroupCounterAccRuleSn 
        }
        ::= { dAclAccessGroupCounterTable 1 }

    DAclAccessGroupCounterEntry ::= SEQUENCE {
        dAclAccessGroupCounterAccListId      Integer32,
        dAclAccessGroupCounterAccRuleSn      Integer32,
        dAclAccessGroupCounterIngressStat  Counter64,
        dAclAccessGroupCounterEgressStat  Counter64
    }

     dAclAccessGroupCounterAccListId OBJECT-TYPE
        SYNTAX      Integer32
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "The ID of an access list which access group counter enabled.
            the access list was defined by the tables:
            dAclMacAccessListTable, dAclIpAccessListTable,
            dAclIPv6AccessListTable, dAclExpertAccessListTable."
        ::= { dAclAccessGroupCounterEntry 1 }

     dAclAccessGroupCounterAccRuleSn OBJECT-TYPE
        SYNTAX      Integer32(1..65535)
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "Specifies the sequence number of this rule entry as related to the
             dAclAccessGroupCounterAccListId."
        ::= { dAclAccessGroupCounterEntry 2 }
        
     dAclAccessGroupCounterIngressStat OBJECT-TYPE
        SYNTAX  Counter64
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "This object indicates the total number of matched packets for the access rule
            applied on inbound of all interface in dAclMacAccessGroupTable,
            dAclIpAccessGroupTable, dAclIPv6AccessGroupTable, or 
            dAclExpertAccessGroupTable.
            "
        ::= { dAclAccessGroupCounterEntry 3 }
        
     dAclAccessGroupCounterEgressStat OBJECT-TYPE
        SYNTAX  Counter64
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "This object indicates the total number of matched packets for the access rule
            applied on outbound of all interface in dAclMacAccessGroupTable,
            dAclIpAccessGroupTable, dAclIPv6AccessGroupTable, or 
            dAclExpertAccessGroupTable.
            "
        ::= { dAclAccessGroupCounterEntry 4 }
        
-- -----------------------------------------------------------------------------
    dAclVlanFilterCounterTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF DAclVlanFilterCounterEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
       	   "This table maintains counter information associated with
       	   a specific access sub map in the dAclVlanSubMapTable.        	
       	   "
        ::= { dAclCounter 2}

    dAclVlanFilterCounterEntry OBJECT-TYPE
        SYNTAX          DAclVlanFilterCounterEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "An entry is defined dAclVlanFilterCounterTable.
            "
        INDEX {
            dAclVlanFilterCounterAccMapName,
            dAclVlanFilterCounterSubMapSeq
        }
        ::= { dAclVlanFilterCounterTable 1 }

    DAclVlanFilterCounterEntry ::= SEQUENCE {
        dAclVlanFilterCounterAccMapName    DisplayString,
        dAclVlanFilterCounterSubMapSeq     Integer32,
        dAclVlanFilterCounterStatistics  Counter64
        }

    dAclVlanFilterCounterAccMapName OBJECT-TYPE
        SYNTAX       DisplayString (SIZE (1..32))
        MAX-ACCESS   not-accessible
        STATUS       current
        DESCRIPTION
            "The name of a VLAN access map which counter enabled. the VLAN
            access map was defined by the dAclVlanSubMapTable.
            "
        ::= { dAclVlanFilterCounterEntry 1 }

    dAclVlanFilterCounterSubMapSeq OBJECT-TYPE
        SYNTAX      Integer32(1..65535)
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "Indicates the sequence number of a VLAN access sub map. the vlan
            sub map sequence number was defined by the dAclVlanSubMapTable."
        ::= { dAclVlanFilterCounterEntry 2 }
        
    dAclVlanFilterCounterStatistics OBJECT-TYPE
        SYNTAX  Counter64
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
            "This object indicates the total number of matched packets for the
            sub map that applied on all VLAN interface in dAclVlanFilterTable."
        ::= { dAclVlanFilterCounterEntry 3 }

--  ***************************************************************************	
--  Conformance
--  ***************************************************************************			   		
	dAclCompliances OBJECT IDENTIFIER ::= { dAclMIBConformance 1 }
		
	dAclCompliance MODULE-COMPLIANCE
		STATUS current
		DESCRIPTION 
			"The compliance statement for entities which implement the 
			DLINKSW-ACL-MIB."
		MODULE -- this module
		MANDATORY-GROUPS { 
		    dAclGenGroup,
		    dAclMacGroup,
		    dAclIpGroup
		}
		
		GROUP       dAclIPv6Group 
           DESCRIPTION 
              "This group is required only if the IPv6 access list feature
              is implemented by the agent."
		
		GROUP       dAclExpertGroup 
           DESCRIPTION 
              "This group is required only if the extended expert access list
              feature is implemented by the agent."
				
		GROUP       dAclVlanFilterGroup 
           DESCRIPTION 
              "This group is required only if vlan filter feature is implemented
              by the agent."
		::= { dAclCompliances 1 }
		
	dAclGroups OBJECT IDENTIFIER ::= { dAclMIBConformance 2 }
	
	dAclGenGroup OBJECT-GROUP
		OBJECTS { 
			dAclReSeqStartingNumber, dAclReSeqIncrement 
		}
		STATUS current
		DESCRIPTION 
			"A collection of objects providing general access list configuration."
		::= { dAclGroups 1 }
	
	dAclMacGroup OBJECT-GROUP
		OBJECTS { 
		    dAclMacAccessListNumber, dAclMacAccessListRowStatus, 
		    dAclMacAccessListId, dAclMacAccessListCounterEnabled,
		    dAclMacAccessListClearStatAction,dAclMacAccessListRemark,
		    dAclMacAccessRuleRowStatus, dAclMacAccessRuleAction, 
		    dAclMacAccessRuleSrcMacAddr, dAclMacAccessRuleSrcMacWildcard, 
		    dAclMacAccessRuleDstMacAddr, dAclMacAccessRuleDstMacWildcard, 
		    dAclMacAccessRulePacketType, dAclMacAccessRuleEthernetType, 
		    dAclMacAccessRuleLlcDSAP, dAclMacAccessRuleLlcSSAP, 
		    dAclMacAccessRuleLlcCntl, 
		    dAclMacAccessRuleDot1p, dAclMacAccessRuleInnerDot1p, 
		    dAclMacAccessRuleVlanID, dAclMacAccessRuleInnerVlanID, 
		    dAclMacAccessRuleTimeName, 
		    dAclMacAccessGroupRowStatus, 
		    dAclMacAccessGroupAclName,dAclMacAccessGroupAclId 			
		}
		STATUS current
		DESCRIPTION 
			"A collection of objects providing MAC access list configuration."
		::= { dAclGroups 2 }
					
	dAclIpGroup OBJECT-GROUP
		OBJECTS { 
		    dAclIpAccessListNumber, dAclIpAccessListRowStatus, 
		    dAclIpAccessExtended, dAclIpAccessListId,
		    dAclIpAccessListCounterEnabled, dAclIpAccessListClearStatAction,
		    dAclIpAccessListRemark, 
		    dAclIpAccessRuleRowStatus, dAclIpAccessRuleAction, 
		    dAclIpAccessRuleProtocol, dAclIpAccessRuleUserDefProtocol, 
		    dAclIpAccessRuleSrcAddr, dAclIpAccessRuleSrcWildcard, 		    
			dAclIpAccessRuleDstAddr, dAclIpAccessRuleDstWildcard, 
			dAclIpAccessRuleSrcOperator, dAclIpAccessRuleSrcPort, 
			dAclIpAccessRuleSrcPortRange, 
			dAclIpAccessRuleDstOperator, dAclIpAccessRuleDstPort,
			dAclIpAccessRuleDstPortRange, 
			dAclIpAccessRuleQosPrecedence, dAclIpAccessRuleQosTos, 
			dAclIpAccessRuleQosDscp,
			dAclIpAccessRuleIcmpType, dAclIpAccessRuleIcmpCode, 
			dAclIpAccessRuleTimeName, dAclIpAccRuleTcpFlag,
			dAclIpAccRuleFragments,
			dAclIpAccessGroupStatus, 
			dAclIpAccessGroupAclName, dAclIpAccessGroupAclId
		}
		STATUS current
		DESCRIPTION 
			"A collection of objects providing IP access list configuration."
		::= { dAclGroups 3 }
		
	dAclIPv6Group OBJECT-GROUP
		OBJECTS { 		    
		    dAclIPv6AccessListNumber, dAclIPv6AccessListRowStatus, 
		    dAclIPv6AccessExtended, dAclIPv6AccessListId,
		    dAclIPv6AccessListCounterEnabled,
		    dAclIPv6AccessListClearStatAction,
		    dAclIPv6AccessListRemark,        
		    dAclIPv6AccessRuleRowStatus, dAclIPv6AccessRuleAction, 
			dAclIPv6AccessRuleProtocol, dAclIPv6AccessRuleUserDefProtocol, 
			dAclIPv6AccessRuleSrcAddr, dAclIPv6AccessRuleSrcPrefixLen, 			
			dAclIPv6AccessRuleDstAddr, dAclIPv6AccessRuleDstPrefixLen, 
			dAclIPv6AccessRuleSrcOperator, dAclIPv6AccessRuleSrcPort, 
			dAclIPv6AccessRuleSrcPortRange, 
			dAclIPv6AccessRuleDstOperator, dAclIPv6AccessRuleDstPort, 
			dAclIPv6AccessRuleDstPortRange, 
			dAclIPv6AccessRuleDscp, 
			dAclIPv6AccessRuleIcmpType, dAclIPv6AccessRuleIcmpCode, 
			dAclIPv6AccessRuleTimeName, 
			dAclIPv6AccessGroupStatus, 
			dAclIPv6AccessGroupAclName,dAclIPv6AccessGroupAclId,
			dAclIPv6AccRuleTcpFlag, 
        		dAclIPv6AccRuleFragments,
        		dAclIPv6AccRuleFlowLabel
		}
		STATUS current
		DESCRIPTION 
			"A collection of objects providing IPv6 access list configuration."
		::= { dAclGroups 4 }    
	
	dAclExpertGroup OBJECT-GROUP
		OBJECTS { 		    
		    dAclExpertAccessListNumber, dAclExpertAccessListRowStatus, 
		    dAclExpertAccessListId, dAclExpertAccessListCounterEnabled,
		    dAclExpertAccessListClearStatAction, dAclExpertAccessListRemark,       
		    dAclExpertAccRuleRowStatus, dAclExpertAccRuleAction,  
		    dAclExpertAccRuleProtocol, dAclExpertAccRuleUserDefProtocol, 
		    dAclExpertAccRuleSrcIpAddr, dAclExpertAccRuleSrcIpWildcard, 
		    dAclExpertAccRuleSrcMacAddr, dAclExpertAccRuleSrcMacWildcard, 
		    dAclExpertAccRuleSrcOperator, dAclExpertAccRuleSrcPort, 
		    dAclExpertAccRuleSrcPortRange, 
		    dAclExpertAccRuleDstIpAddr, dAclExpertAccRuleDstIpWildcard, 
		    dAclExpertAccRuleDstMacAddr, dAclExpertAccRuleDstMacWildcard, 
		    dAclExpertAccRuleDstOperator, dAclExpertAccRuleDstPort, 
		    dAclExpertAccRuleDstPortRange, 
		    dAclExpertAccRuleVlanID, dAclExpertAccRuleInnerVlanID, 
		    dAclExpertAccRuleQosPrecedence, dAclExpertAccRuleQosTos, 
		    dAclExpertAccRuleQosDscp,
			dAclExpertAccRuleIcmpType, dAclExpertAccRuleIcmpCode, 
			dAclExpertAccRuleTimeName, 
			dAclExpertAccessGroupRowStatus, 
			dAclExpertAccessGroupAclName,dAclExpertAccessGroupAclId,
			dAclExpertAccRuleTcpFlag,
        		dAclExpertAccRuleFragments,
        		dAclExpertAccRuleOuterCos,
        		dAclExpertAccRuleInnerCos
		}
		STATUS current
		DESCRIPTION 
			"A collection of objects providing extended expert access list configuration."
		::= { dAclGroups 5 } 

    dAclVlanFilterGroup OBJECT-GROUP
		OBJECTS { 		    		   
		   dAclVlanAccSubMapRowStatus, dAclVlanAccSubMapMatchAclName, 
		   dAclVlanAccessSubMapAction, dAclVlanAccSubMapRedirectIfIndex, 
		   dAclVlanFilterRowStatus, dAclVlanFilterVlanAccMapName,
		   dAclVlanAccSubMapMatchAclId, dAclVlanAccessMapCounterEnabled,
		   dAclVlanAccessMapClearStatAction 		   
		}
		STATUS current
		DESCRIPTION 
			"A collection of objects providing VLAN access map configuration."			
		::= { dAclGroups 6 }		
		
	dAclCounterGroup OBJECT-GROUP
		OBJECTS { 		    		   
		   dAclAccessGroupCounterIngressStat,
		   dAclAccessGroupCounterEgressStat,
		   dAclVlanFilterCounterStatistics 	
		}
		STATUS current
		DESCRIPTION 
			"A collection of objects providing ACL counter information."			
		::= { dAclGroups 7 }		
END


