
ARICENT-ISS-ACL-MIB DEFINITIONS ::= BEGIN 

IMPORTS 
   MODULE-IDENTITY, OBJECT-TYPE, 
   Counter32, enterprises, Integer32, Unsigned32   
   FROM SNMPv2-SMI 
   InetAddressType, InetAddress, InetAddressPrefixLength
   FROM INET-ADDRESS-MIB
   RowStatus, TEXTUAL-CONVENTION, MacAddress, DisplayString, TruthValue 
   FROM SNMPv2-TC; 

   issAcl MODULE-IDENTITY 
      LAST-UPDATED "202309180000Z" -- September 18, 2023
      ORGANIZATION "ARICENT COMMUNICATIONS SOFTWARE" 
      CONTACT-INFO 

        "ARICENT COMMUNICATIONS SOFTWARE
         3460 Hillview Avenue,
         Palo Alto, CA 94304-1388, USA,
         Phone : +1-650-391-1088
         E-mail:support@aricent.com"

      DESCRIPTION "The MIB for AricentISSAcessControl." 

      REVISION    "202309180000Z" -- September 18, 2023
      DESCRIPTION "Defined issAclTrcFlag for ACL trace support"

      REVISION    "202208310000Z" -- August 31, 2022
      DESCRIPTION "Added issAclL3FilterSynBit to IssAclL3FilterEntry"

      REVISION    "200702150000Z"
      DESCRIPTION "The enterprise ID 29601 is assigned to ARICENT COMMUNICATIONS SOFTWARE."

   ::= { enterprises  aricent-communication-holding-ltd(29601) iss(2) 21 }


PortList ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "Each octet within this value specifies a set of eight
        ports, with the first octet specifying ports 1 through
        8, the second octet specifying ports 9 through 16, etc.
        Within each octet, the most significant bit represents
        the lowest numbered port, and the least significant bit
        represents the highest numbered port.  Thus, each port
        of the bridge is represented by a single bit within the
        value of this object.  If that bit has a value of '1'
        then that port is included in the set of ports; the port
        is not included if its bit has a value of '0'."
    SYNTAX      OCTET STRING

IndexInteger ::= TEXTUAL-CONVENTION
   DISPLAY-HINT "d"
   STATUS   current
   DESCRIPTION
        "An integer which may be used as a table index. If 0 then it is invalid."
   SYNTAX   Unsigned32 (1..65535)


IndexIntegerNextFree ::= TEXTUAL-CONVENTION
    DISPLAY-HINT "d"
    STATUS   current
    DESCRIPTION
       "An integer which may be used as a new Index in a table.

       The special value of 0 indicates that no more new entries can be
       created in the relevant table.

       When a MIB is used for configuration, an object with this SYNTAX
       always contains a legal value (if non-zero) for an index that is
       not currently used in the relevant table. The Command Generator
       (Network Management Application) reads this variable and uses the
       (non-zero) value read when creating a new row with an SNMP SET.
       When the SET is performed, the Command Responder (agent) must
       determine whether the value is indeed still unused; Two Network
       Management Applications may attempt to create a row
       (configuration entry) simultaneously and use the same value. If
       it is currently unused, the SET succeeds and the Command
       Responder (agent) changes the value of this object, according to
       an implementation-specific algorithm.  If the value is in use,

       however, the SET fails.  The Network Management Application must
       then re-read this variable to obtain a new usable value.

       An OBJECT-TYPE definition using this SYNTAX MUST specify the
       relevant table for which the object is providing this
       functionality."
    SYNTAX   Unsigned32 (0..4294967295)

EnabledStatus ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "A simple status value for the object."
    SYNTAX      INTEGER { enabled(1), disabled(2) }

ReservedFrameType ::= TEXTUAL-CONVENTION
    STATUS current
    DESCRIPTION
    "IfDirection specifies a direction of data travel on an
    transmission on the interface."
    SYNTAX  INTEGER {
                bpdu         (1),
                lacpdu-udld  (2),
                eap          (3),
                lldpdu       (4),
                other        (5),
                all          (6)
    }

--iss    OBJECT IDENTIFIER ::= { enterprises 2076 81 }

-- ----------------------------------------------------------------- -- 
-- groups in the MIB  
-- ----------------------------------------------------------------- -- 

      issAclRateControl           OBJECT IDENTIFIER ::= { issAcl 1 }
      issAclL2Filter              OBJECT IDENTIFIER ::= { issAcl 2 }
      issAclL3Filter              OBJECT IDENTIFIER ::= { issAcl 3 }
      issAclUserDefinedFilter     OBJECT IDENTIFIER ::= { issAcl 4 }
      issRedirectInterfaceGrp     OBJECT IDENTIFIER ::= { issAcl 5 }
      issRedirectIdNextFree       OBJECT IDENTIFIER ::= { issAcl 6 }
      issReservedFrameGrp         OBJECT IDENTIFIER ::= { issAcl 7 }
      issAclTrc                   OBJECT IDENTIFIER ::= { issAcl 8 }

-- Rate Control Group --------------------------------------------- --

issAclRateCtrlTable OBJECT-TYPE 
   SYNTAX      SEQUENCE OF IssAclRateCtrlEntry 
   MAX-ACCESS  not-accessible 
   STATUS      current 
   DESCRIPTION 
      "This object specifies a table to control the rate limiting parameters 
       either for the entire switch or for each interface in the switch."
   ::= { issAclRateControl 1 }

issAclRateCtrlEntry OBJECT-TYPE 
   SYNTAX      IssAclRateCtrlEntry 
   MAX-ACCESS  not-accessible 
   STATUS      current 
   DESCRIPTION 
      "This object specifies an entry which appears in this table for each physical
       interface in the switch."
   INDEX { issAclRateCtrlIndex }
   ::= { issAclRateCtrlTable 1 }
   
IssAclRateCtrlEntry ::= 
   SEQUENCE { 
      issAclRateCtrlIndex 
         Integer32, 
      issAclRateCtrlDLFLimitValue
         Integer32, 
      issAclRateCtrlBCASTLimitValue
         Integer32, 
      issAclRateCtrlMCASTLimitValue
         Integer32,
      issAclRateCtrlPortRateLimit
         Integer32,
      issAclRateCtrlPortBurstSize
         Integer32
  }

issAclRateCtrlIndex OBJECT-TYPE 
   SYNTAX      Integer32 (1..65535)
   MAX-ACCESS  not-accessible 
   STATUS      current 
   DESCRIPTION 
      "This object specifies the interface index for which the configuration in this 
       entry applies."
   ::= { issAclRateCtrlEntry 1 }
    
issAclRateCtrlDLFLimitValue OBJECT-TYPE 
   SYNTAX      Integer32 (0..2147483647)
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object is used to configure the limiting value for the maximum number
       of dlf packets that can be transmitted per second over this interface.
       Setting this object to the value zero disables rate limiting for 
       Destination lookup failure packets on this interface. The value that
       can be set for this object is limited by the underlying hardware"
       
   DEFVAL  {0}
   ::= { issAclRateCtrlEntry 2 }

issAclRateCtrlBCASTLimitValue OBJECT-TYPE 
   SYNTAX      Integer32 (0..2147483647)
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object is used to configure the limiting value for the maximum number
       of broadcast packets that can be transmitted per second over this 
       interface. Setting this object to the value zero disables rate 
       limiting for Broadcast packets on this interface. The value that
       can be set for this object is limited by the underlying hardware"
       
   DEFVAL  {0}
   ::= { issAclRateCtrlEntry 3 }


issAclRateCtrlMCASTLimitValue OBJECT-TYPE 
   SYNTAX      Integer32 (0..2147483647)
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object is used to configure the limiting value for the maximum number
       of multicast packets that can be transmitted per second over this 
       interface. Setting this object to the value zero disables rate 
       limiting for Multicast packets on this interface. The value that
       can be set for this object is limited by the underlying hardware"
       
   DEFVAL  {0}
   ::= { issAclRateCtrlEntry 4}

issAclRateCtrlPortRateLimit OBJECT-TYPE
   SYNTAX      Integer32 (0..80000000)
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
      "This object is used to configure interface Rate Limit (Packet that can be transferred
      on a port at a particular second).

      This object's value will take effect on the interface speed. Based
      on the operating speed of the port, the rate limit will be applied.
      This value can also be affected by the metering. A value of zero(0)
      disable rate limiting i.e. sets the port to full speed."

   ::= { issAclRateCtrlEntry 5 }

issAclRateCtrlPortBurstSize OBJECT-TYPE
   SYNTAX      Integer32 (0..80000000)
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
      "this object is used to configure interface Burst Pkt Rate. (Packet Burst that can be
       transferred on a port at a particular second)

      This object's value will take effect on the interface speed. Based
      on the operating speed of the port, the burst size of the port
      will be applied. This value can also be affected by the metering. A
      value of zero(0) disable burst rate limiting i.e. sets the port burst
      rate limit to full speed."

   ::= { issAclRateCtrlEntry 6 }


   

-- ------------------------------------------------------------------ 
-- L2 Filter Group --------------------------------------------------

issAclL2FilterTable OBJECT-TYPE 

   SYNTAX      SEQUENCE OF IssAclL2FilterEntry
   MAX-ACCESS  not-accessible 
   STATUS      current 
   DESCRIPTION 
       "This object specifies the table which is used to configure L2 filter rules in the system."
   ::= { issAclL2Filter 1 }

issAclL2FilterEntry OBJECT-TYPE 
   SYNTAX      IssAclL2FilterEntry
   MAX-ACCESS  not-accessible 
   STATUS      current 
   DESCRIPTION 
       "This object specifies that each entry in this table is a L2 filter rule.
       Index to the table is the L2 filter number."
   INDEX { issAclL2FilterNo}
   ::= { issAclL2FilterTable 1 }
   
IssAclL2FilterEntry ::= 
   SEQUENCE { 
      issAclL2FilterNo 
         Integer32, 
      issAclL2FilterPriority 
         Integer32, 
      issAclL2FilterEtherType
         Integer32, 
      issAclL2FilterProtocolType 
         Unsigned32, 
      issAclL2FilterDstMacAddr 
         MacAddress, 
      issAclL2FilterSrcMacAddr 
         MacAddress, 
      issAclL2FilterVlanId 
         Integer32,
      issAclL2FilterInPortList 
         PortList,
      issAclL2FilterAction 
         INTEGER, 
      issAclL2FilterMatchCount
         Counter32, 
      issAclL2FilterStatus
         RowStatus,
      issAclL2FilterOutPortList 
         PortList,
      issAclL2FilterDirection
         INTEGER,
      issAclL2FilterSubAction
         INTEGER, 
      issAclL2FilterSubActionId
         Integer32,
      issAclL2FilterRedirectId
         Integer32,
      issAclL2NextFilterNo 
         Integer32, 
      issAclL2NextFilterType 
          INTEGER,
      issAclL2FilterCfiDeiBit
          INTEGER,
      issAclL2FilterDP
          INTEGER,
      issAclL2FilterRestore
          DisplayString,
      issAclL2FilterDstMacAddrMask
         MacAddress, 
      issAclL2FilterSrcMacAddrMask
         MacAddress 
  }

issAclL2FilterNo OBJECT-TYPE 
   SYNTAX      Integer32 (1..65535)
   MAX-ACCESS  not-accessible 
   STATUS      current 
   DESCRIPTION 
      "This object specifies the L2 Filter rule number."
   ::= { issAclL2FilterEntry 1 }
    
issAclL2FilterPriority OBJECT-TYPE 
   SYNTAX      Integer32 (1..255)
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object specifies the priority of the L2 filter can be used to decide which filter rule
       is applicable when 
          --> the packet matches with more than one filter rules
          --> All the filter rules result in 'allow'ing the packet

      Higher value of 'filter priority' implies a higher priority.

      Usage of 'L2FilterPriority' is implementation dependant."
   DEFVAL  { 1 }
   ::= { issAclL2FilterEntry 2 }

issAclL2FilterEtherType OBJECT-TYPE 
   SYNTAX      Integer32 (0..65535)
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object specifies the value in the Type/Len field of a frame that will
      be matched to trigger this filter. The default value of
      this object is '0'. When this object is SET with the default
      value, frames are not matched for the value in the Type/Len
      field with the value set for this object."
   DEFVAL  { 0 }
   ::= { issAclL2FilterEntry 3 }

   
issAclL2FilterProtocolType OBJECT-TYPE 
   SYNTAX      Unsigned32 (0..65535) 
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object specifies the non IP protocol type to be filtered.
       aarp | amber | dec-spanning | decnet-iv | 
       diagnostic | dsm |etype-6000 | etype-8042 | 
       lat | lavc-sca | mop-console | mop-dump | 
       msdos | mumps | netbios | vines-echo |
       vines-ip | xns-idp: A non-IP protocol.

      A value of '0' means, the filter is applicable for all protocols."
   DEFVAL  { 0 }
   ::= { issAclL2FilterEntry 4 }

issAclL2FilterDstMacAddr OBJECT-TYPE 
   SYNTAX      MacAddress
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object specifies that the Destination MAC address to be matched with the packet. By Default, the
       Destination Mac Address will be zero which means dont care condition ie)
       any Dst Mac Address ."
   ::= { issAclL2FilterEntry 5 }

issAclL2FilterSrcMacAddr OBJECT-TYPE 
   SYNTAX      MacAddress
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object specifies that the Source MAC address to be matched with the packet. By Default, the Source 
       Mac Address will be zero which means dont care condition ie) any Src Mac 
       address"
   ::= { issAclL2FilterEntry 6 }


issAclL2FilterVlanId OBJECT-TYPE 
   SYNTAX      Integer32 (0..4094)
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object specifies that the Vlan Id to be filtered. In case of Provider bridges, This Vlan Id will
      be treated as customer Vlan Id. 
      A value of '0' means, this object is unused. Configuring this value is not
      allowed."
   DEFVAL  { 0 }
   ::= { issAclL2FilterEntry 7 }


issAclL2FilterInPortList OBJECT-TYPE 
   SYNTAX      PortList
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object specifies the complete set of ports over which this filter is applied
       for packets ingress at ports in this list.
       If the In port list is '0', the filter rule will not be installed in hardware.
       Even though the issAclL2FilterInPortList is configured, It is applicable only
       if issAclL2FilterDirection is configured as 'in'.
       By default inport list is maintained as '0'." 
   ::= { issAclL2FilterEntry 8 }

issAclL2FilterAction OBJECT-TYPE 
   SYNTAX      INTEGER {
                  allow (1),
                  drop  (2),
                  redirect (3)
               }
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object specifies the action to be taken on the packet if the filter
      rule matches.
      If the action is 'allow', the packet will be forwarded according
      to the forwarding rules.
      If the action is 'drop', the packet will be discarded.
      If the action is 'redirect', the packet will be switched according
      to the redirect rules."
   DEFVAL  { allow } 
   ::= { issAclL2FilterEntry 9 }

issAclL2FilterMatchCount OBJECT-TYPE 
   SYNTAX      Counter32
   MAX-ACCESS  read-only 
   STATUS      current 
   DESCRIPTION 
      "This object specifies the number of times this filter is matched."

   ::= { issAclL2FilterEntry 10 }

issAclL2FilterStatus OBJECT-TYPE 
   SYNTAX      RowStatus
   MAX-ACCESS  read-create 
   STATUS      current 
   DESCRIPTION 
        "This object specifies the status of this entry. An entry is
        created in this table when this object is SET to 'createAndWait'.
        The entry in this table is used when the status of this object 
        is SET 'active'. The entry in this table is not used when this 
        object is SET 'notInService'. An entry created in this table is
        be deleted when this object is SET 'destroy'."
   ::= { issAclL2FilterEntry 11 }

issAclL2FilterOutPortList OBJECT-TYPE 
   SYNTAX      PortList
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object specifies the complete set of ports over which this filter is applied
       for packets egress at Ports in this list.
      If the Out port list is '0', the filter rule is applicable for  the 
      outgoing packets on all ports.
      Even though the issAclL2FilterOutPortList is configured, It is applicable only
      if issAclL2FilterDirection is configured as 'out'.
      By default outport list is maintained as '0'." 
   ::= { issAclL2FilterEntry 12 }
   
issAclL2FilterDirection OBJECT-TYPE 
   SYNTAX      INTEGER {
                    in (1),
                    out (2)
               }
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object specifies the direction of this filter to be applied. By Default the
      filter will be applied on ingress direction.
      When the direction of this filter is 'in', It is applied on specified
      ports of the issAclL2FilterInPortList.
      When the direction of this filter is 'out', It is applied on specified
      ports of the issAclL2FilterOutPortList."
   DEFVAL  { in } 
   ::= { issAclL2FilterEntry 13 }

issAclL2FilterSubAction OBJECT-TYPE 
   SYNTAX      INTEGER {
                  none         (0),
                  modifyVlan   (1),
                  nestedVlan   (2),
                  stripOuterHdr (3),
                  modifyDP (4),
                  modifyTC (5),
                  modifyCfiDei (6)
               }
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
       "This object specifies that the action to be taken on the incoming packet is detailed below -
        none       - no action
        modifyVlan - Traffic matching ACL rule will have VLAN ID
                    classified/modified to value specified by this object.
        nestedVlan - Traffic matching ACL rule will have one additional VLAN Tag
                    added to the packet ( on top of existing VLAN tags, if any).
        Note - VLANID added is specified by mib object issAclL2FilterSubActionId
        strip-etherhdr-apply-nextfilter - Traffic matching ACL rule  will have 
        outer ethernet header stripped, Ex This can be used for stripping the 
        outer ethernet header for MPLS packet.
        modifyDP - Drop precedence of the traffic is modified
        modifyCfiDei - CFI or DEI bit of the packet is modifed
        modifyTC - TC of the traffic is modified."
   DEFVAL  { none } 
   ::= { issAclL2FilterEntry 14 }

issAclL2FilterSubActionId OBJECT-TYPE 
   SYNTAX      Integer32 (0..4094)
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object specifies that the Id to be used if the object as specified by 
	  issAclL2FilterSubAction is either modifyvlan or nestedvlan only.
      Non-Zero value need to be specify when issAclL2FilterSubAction is modify or Nested Vlan.
	  Value of Zero need to be specify when issAclL2FilterSubAction is none." 
   DEFVAL  { 0 } 
   ::= { issAclL2FilterEntry 15 }


issAclL2FilterRedirectId OBJECT-TYPE
   SYNTAX      Integer32 
   MAX-ACCESS  read-only
   STATUS      current
   DESCRIPTION
      "This object specifies the redirect index associated with L2Filter entry."
   ::= { issAclL2FilterEntry 16 }

issAclL2NextFilterNo OBJECT-TYPE 
   SYNTAX      Integer32 (1..65535)
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object specifies that the Next Filter rule number to be matched for traffic matching 
      the current ACL rule "
   ::= { issAclL2FilterEntry 17 }

issAclL2NextFilterType OBJECT-TYPE
   SYNTAX      INTEGER {
                l2filter      (0),
                l3filter      (1),
                userdefined   (2)
        }
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
 	"This object specifies the type of the next access-control list. 
	The type could take the value 'l2filter' for MAC-based ACLs and 'l3filter' for IP-based ACLs. 
	It takes the value 'userdefined' for filtering based on user-defined filters."
   ::= { issAclL2FilterEntry 18 }

issAclL2FilterCfiDeiBit OBJECT-TYPE
    SYNTAX      INTEGER {
            set (1),
            reset (2)
    }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
    "This object specifies the CfiDei bit value in the c-vlan tag or s-vlan tag of
    the packet to be applied in the filter."
    DEFVAL  { set }
    ::= { issAclL2FilterEntry 19}

issAclL2FilterDP OBJECT-TYPE
    SYNTAX      INTEGER {
              green (1),
              yellow (2),
              red (3)
    }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
    "This object specifies the drop precedence level to be applied in the filter."
    DEFVAL  { green }
    ::= { issAclL2FilterEntry 20 }

issAclL2FilterRestore                   OBJECT-TYPE
        SYNTAX                          DisplayString
        MAX-ACCESS                      read-write
        STATUS                          current
        DESCRIPTION
                " This  object stores the order of PCL index while storing
           the configurations."
    ::= { issAclL2FilterEntry 21 }
   
issAclL2FilterDstMacAddrMask OBJECT-TYPE 
   SYNTAX      MacAddress
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object specifies that the mask used to match the Destination MAC address with the packet. By Default, the Destination 
       Mac Address Mask will be ff:ff:ff:ff:ff:ff  which means macth exactly the Src Mac specified
       address"
   ::= { issAclL2FilterEntry 22 }

issAclL2FilterSrcMacAddrMask OBJECT-TYPE 
   SYNTAX      MacAddress
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object specifies that the mask used to match the Source MAC address with the packet. By Default, the Source 
       Mac Address Mask will be ff:ff:ff:ff:ff:ff  which means macth exactly the Src Mac specified
       address"
   ::= { issAclL2FilterEntry 23 }

-- ------------------------------------------------------------------ 
-- L3 Filter Group --------------------------------------------------

issAclL3FilterTable OBJECT-TYPE 
   SYNTAX      SEQUENCE OF IssAclL3FilterEntry
   MAX-ACCESS  not-accessible 
   STATUS      current 
   DESCRIPTION 
       "This object specifies a table to configure L3 filter rules in the system."
   ::= { issAclL3Filter 1 }

issAclL3FilterEntry OBJECT-TYPE 
   SYNTAX      IssAclL3FilterEntry
   MAX-ACCESS  not-accessible 
   STATUS      current 
   DESCRIPTION 
       "This object specifies that each entry in this table is a L3 filter rule.
         Index to the table is L3 filter number. "
   INDEX { issAclL3FilterNo}
   ::= { issAclL3FilterTable 1 }
   
IssAclL3FilterEntry ::= 
   SEQUENCE { 
      issAclL3FilterNo 
         Integer32, 
      issAclL3FilterPriority 
         Integer32, 
      issAclL3FilterProtocol  
         Integer32, 
      issAclL3FilterMessageType 
         Integer32, 
      issAclL3FilterMessageCode 
         Integer32, 
      issAclL3FilteAddrType     
         InetAddressType,
      issAclL3FilterDstIpAddr
         InetAddress, 
      issAclL3FilterSrcIpAddr 
         InetAddress, 
      issAclL3FilterDstIpAddrPrefixLength 
         InetAddressPrefixLength,
      issAclL3FilterSrcIpAddrPrefixLength 
         InetAddressPrefixLength,
      issAclL3FilterMinDstProtPort
         Unsigned32, 
      issAclL3FilterMaxDstProtPort
         Unsigned32, 
      issAclL3FilterMinSrcProtPort
         Unsigned32, 
      issAclL3FilterMaxSrcProtPort
         Unsigned32, 
      issAclL3FilterInPortList 
         PortList,
      issAclL3FilterOutPortList 
         PortList, 
      issAclL3FilterAckBit
         INTEGER,
      issAclL3FilterRstBit
         INTEGER,
      issAclL3FilterTos
         Integer32,
      issAclL3FilterDscp
         Integer32,
      issAclL3FilterDirection
         INTEGER, 
      issAclL3FilterAction 
         INTEGER, 
      issAclL3FilterMatchCount
         Counter32, 
      issAclL3FilterFlowId
         Unsigned32,
      issAclL3FilterStatus
         RowStatus,
      issAclL3FilterSubAction
         INTEGER, 
      issAclL3FilterSubActionId
         Integer32,
      issAclL3FilterRedirectId
         Integer32,
      issAclL3FilterRestore
         DisplayString,
      issAclL3FilterSynBit
         INTEGER

  }

issAclL3FilterNo OBJECT-TYPE 
   SYNTAX      Integer32 (1..65535)
   MAX-ACCESS  not-accessible 
   STATUS      current 
   DESCRIPTION 
      "L3 Filter rule number."
   ::= { issAclL3FilterEntry 1 }
    
issAclL3FilterPriority OBJECT-TYPE 
   SYNTAX      Integer32 (1..255)
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object specifies that the priority of the filter can be used to decide which filter rule
       is applicable when 
          --> the packet matches with more than one filter rules
          --> All the filter rules result in 'allow'ing the packet

      Higher value of 'L3 filter priority' implies a higher priority.
      Usage of 'L3FilterPriority' is implementation dependant."
   DEFVAL  { 1 }
   ::= { issAclL3FilterEntry 2 }
   
issAclL3FilterProtocol OBJECT-TYPE 
   SYNTAX      Integer32 (0..255)
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object specifies the type of protocol to be checked against the packet. The
      default value is 255. If the value is 255, it means that the
      protocol type can be anything and it will not be checked to 
      decide the action. "
   DEFVAL   { 255 }
   ::= { issAclL3FilterEntry 3 }
   
issAclL3FilterMessageType OBJECT-TYPE 
   SYNTAX      Integer32 (0..255)
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
     "This object specifies the message type to be checked against the packet. If the
      message type matches with the packet, then the packet will be
      dropped / allowed based on the action set in issAclL3FilterAction.
      The default value is 255. It means that message type is not
      configured and need not be checked.
      Generally the value zero is given as default. But here
      zero can be an ICMP Type value. Hence 255 is given as the
      default value. 
      Some ICMP message types are: 
           echoReply(0),
           destinationUnreachable(3),
           sourceQuench(4),
           redirect(5),
           echoRequest(8),
           timeExceeded(11),
           parameterProblem(12),
           timestampRequest(13),
           timestampReply(14),
           informationRequest(15),
           informationReply(16),
           addressMaskRequest(17),
           addressMaskReply (18),
           noICMPType(255)."
   DEFVAL  { 255 }
   ::= { issAclL3FilterEntry 4 }

issAclL3FilterMessageCode OBJECT-TYPE 
   SYNTAX      Integer32 (0..255)
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object specifies the message code to be checked against the packet. If the
      packet matches with the message code, then the packet will
      be dropped / allowed based on the action set in issAclL3FilterAction.
      The default value is 255. It means that message code is not 
      configured and need not be checked. Generally the value zero 
      will be given as default. But here, zero can be an ICMP Code 
      value. Hence 255 is given as the default value.
      Some ICMP message codes are :
           networkUnreachable(0),
           hostUnreachable(1),
           protocolUnreachable(2),
           portUnreachable(3),
           fragmentNeed(4),
           sourceRouteFail(5),
           destNetworkUnknown(6),
           destHostUnknown(7),
           srcHostIsolated(8),
           destNetworkAdminProhibited(9),
           destHostAdminProhibited(10),
           networkUnreachableTOS(11),
           hostUnreachableTOS(12),
           noICMPCode(255) 
      "
   DEFVAL   { 255 }
   ::= { issAclL3FilterEntry 5 }     
   
issAclL3FilteAddrType OBJECT-TYPE
    SYNTAX         InetAddressType
    MAX-ACCESS     read-create
    STATUS         current
    DESCRIPTION
       "This object specifies the type of IP address used by this classifier entry. While
       other types of addresses are defined in the InetAddressType
       textual convention, and DNS names, a classifier can only look at
       packets on the wire. Therefore, this object is limited to IPv4
       and IPv6 addresses."
    ::= { issAclL3FilterEntry 6 }


issAclL3FilterDstIpAddr OBJECT-TYPE
    SYNTAX         InetAddress
    MAX-ACCESS     read-create
    STATUS         current
    DESCRIPTION
       "This object specifies the IP address to match against the packet's destination IP
       address. This may not be a DNS name, but may be an IPv4 or IPv6
       prefix.  issAclL3FilterDstIpAddrPrefixLength indicates the
       number of bits that are relevant."
    ::= { issAclL3FilterEntry 7 }
    
issAclL3FilterSrcIpAddr OBJECT-TYPE
    SYNTAX         InetAddress
    MAX-ACCESS     read-create
    STATUS         current
    DESCRIPTION
       "This object specifies the IP address to match against the packet's source IP address.
       This may not be a DNS name, but may be an IPv4 or IPv6 prefix.
       issAclL3FilterSrcIpAddrPrefixLength indicates the number of
       bits that are relevant."
    ::= { issAclL3FilterEntry 8 }


issAclL3FilterDstIpAddrPrefixLength OBJECT-TYPE
    SYNTAX         InetAddressPrefixLength
    UNITS          "bits"
    MAX-ACCESS     read-create
    STATUS         current
    DESCRIPTION
       "This object specifies the length of the CIDR Prefix carried in
       issAclL3FilterDstIpAddr. In IPv4 addresses, a length of 0
       indicates a match of any address; a length of 32 indicates a
       match of a single host address, and a length between 0 and 32
       indicates the use of a CIDR Prefix. IPv6 is similar, except that
       prefix lengths range from 0..128."
    DEFVAL         { 0 }
    ::= { issAclL3FilterEntry 9 }


issAclL3FilterSrcIpAddrPrefixLength OBJECT-TYPE
    SYNTAX         InetAddressPrefixLength
    UNITS          "bits"
    MAX-ACCESS     read-create
    STATUS         current
    DESCRIPTION
       "This object specifies the length of the CIDR Prefix carried in
       issAclL3FilterSrcIpAddr. In IPv4 addresses, a length of 0
       indicates a match of any address; a length of 32 indicates a
       match of a single host address, and a length between 0 and 32
       indicates the use of a CIDR Prefix. IPv6 is similar, except that
       prefix lengths range from 0..128."
    DEFVAL         { 0 }
    ::= { issAclL3FilterEntry 10 }

issAclL3FilterMinDstProtPort OBJECT-TYPE
   SYNTAX      Unsigned32
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
      "This object specifies the minimum port in the destination port range. Please note 
       these ports are the TCP / UDP ports."
   DEFVAL   { 0 }
   ::= { issAclL3FilterEntry 11 }

issAclL3FilterMaxDstProtPort OBJECT-TYPE
   SYNTAX      Unsigned32
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
      "This object specifies the maximum port in the destination port range. Please note 
       these ports are the TCP / UDP ports."
   DEFVAL   { 65535 }
   ::= { issAclL3FilterEntry 12 }

issAclL3FilterMinSrcProtPort OBJECT-TYPE
   SYNTAX      Unsigned32
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
      "This object specifies the minimum port in the source port range. Please note 
       these ports are the TCP / UDP ports."
   DEFVAL   { 0 }
   ::= { issAclL3FilterEntry 13 }

issAclL3FilterMaxSrcProtPort OBJECT-TYPE
   SYNTAX      Unsigned32
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
      "This object specifies the maximum port in the source port range. Please note 
       these ports are the TCP / UDP ports."
   DEFVAL   { 65535 }
   ::= { issAclL3FilterEntry 14 }

issAclL3FilterInPortList OBJECT-TYPE 
   SYNTAX      PortList
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object specifies the complete set of ports over which if the packet arrives
      this filter rule will be applicable.
       If the In port list is '0', the filter rule will not be installed in hardware.
      By default inport list is maintained as '0'." 
   ::= { issAclL3FilterEntry 15 }

issAclL3FilterOutPortList OBJECT-TYPE 
   SYNTAX      PortList
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object specifies the complete set of ports over which if the packet goes out, 
      this filter rule will be applicable.
      If the outgoing port list is '0', the filter rule is applicable for all the 
      outgoing packets in all ports.
      By default outport list is maintained as '0'." 
   ::= { issAclL3FilterEntry 16 }

issAclL3FilterAckBit		OBJECT-TYPE
	SYNTAX	INTEGER	{
						establish(1),
						notEstablish(2),
					  	any(3)	
					}
	MAX-ACCESS	read-create
	STATUS		current
	DESCRIPTION
		"This object specifies the TCP ACK bit to be checked against the packet. The default 
		value is 'any'(3). It means that ACK bit will not be checked to decide the action."
	DEFVAL	{ any }
	::= { issAclL3FilterEntry 17 }

issAclL3FilterRstBit	 OBJECT-TYPE
	SYNTAX	INTEGER	{
						set(1),
						notSet(2),
				     	any(3)	
					}
	MAX-ACCESS	read-create
	STATUS		current
	DESCRIPTION
		"This object specifies the TCP RST bit to be checked against the packet. The default 
		value is 'any'(3). It means that RST bit will not be checked to 
		decide the action. "
	DEFVAL	{ any }
	::= { issAclL3FilterEntry 18 }

issAclL3FilterTos		OBJECT-TYPE
	SYNTAX		Integer32 (-1..7)
	MAX-ACCESS	read-create
	STATUS		current
	DESCRIPTION
		"This object specifies that the IP TOS bit to be checked against the packet. This is a 
		single byte integer of which the last three bits (least 
      significant bits) indicate Delay, Throughput and Reliability 
      i.e 'uuuuudtr', u-unused, d-delay, t-throughput, r-reliability.
		For example '6' indicates low delay and high throughput. 
                A value of '-1' means, the Tos Field becomes dont care"
	DEFVAL	{ -1 }
	::= { issAclL3FilterEntry 19 }

issAclL3FilterDscp		OBJECT-TYPE
	SYNTAX		Integer32 (-1..63)
	MAX-ACCESS	read-create
	STATUS		current
	DESCRIPTION
		"This object specifies that the IP Dscp value to be checked against the packet. 
        A value of '-1' means, the Dscp Field becomes dont care."
	DEFVAL	{ -1 }
	::= { issAclL3FilterEntry 20 }

issAclL3FilterDirection OBJECT-TYPE 
   SYNTAX      INTEGER {
                          in (1),
                          out(2) 
                       } 
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object specifies the direction of this filter to be applied. By Default the
      filter will be applied on ingress direction.
      When the direction of this filter is 'in', It is applied on specified
      ports of the issAclL3FilterInPortList.
      When the direction of this filter is 'out', It is applied on specified
      ports of the issAclL3FilterOutPortList."
   DEFVAL	{ in }
   ::= { issAclL3FilterEntry 21 }

issAclL3FilterAction OBJECT-TYPE 
   SYNTAX      INTEGER {
                  allow (1),
                  drop  (2),
                  redirect (3)
               }
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object specifies the action to be taken on the packet if the filter
      rule matches.
      
      If the action is 'allow', the packet will be sent to the
      ports in 'out port list'. If the out port list is '0', 
      the port over which the packet is to be switched will be decided
      based on further processing on the packet.

      If the action is 'drop', the packet will be discarded.

      If the action is 'redirect', the packet will be switched
      based on the redirect rule."

   DEFVAL  { allow } 
   ::= { issAclL3FilterEntry 22 }

issAclL3FilterMatchCount OBJECT-TYPE 
   SYNTAX      Counter32
   MAX-ACCESS  read-only 
   STATUS      current 
   DESCRIPTION 
      "This object specifies the number of times this filter is matched."

   ::= { issAclL3FilterEntry 23 }
   
issAclL3FilterFlowId OBJECT-TYPE
    SYNTAX         Unsigned32 (0..1048575)
    MAX-ACCESS     read-create
    STATUS         current
    DESCRIPTION
       "This object specifies the flow identifier in an IPv6 header."
    ::= { issAclL3FilterEntry 24 }

issAclL3FilterStatus OBJECT-TYPE 
   SYNTAX      RowStatus
   MAX-ACCESS  read-create 
   STATUS      current 
   DESCRIPTION 
        "This object specifies the status of this entry. An entry is
        created in this table when this object is SET to 'createAndWait'.
        The entry in this table is used when the status of this object 
        is SET 'active'. The entry in this table is not used when this 
        object is SET 'notInService'. An entry created in this table is
        be deleted when this object is SET 'destroy'."
   ::= { issAclL3FilterEntry 25 }
issAclL3FilterSubAction OBJECT-TYPE 
   SYNTAX      INTEGER {
                  none         (0),
                  modifyVlan   (1),
                  nestedVlan   (2)
               }
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object specifies the action that is  to be taken on the incoming packet
       value specified by this object is detailed below -
        none -  no action
        modifyVlan - Traffic matching ACL rule will have VLAN ID classified/modified 
                     to value specified by this object.
        nestedVlan -  Traffic matching ACL rule will have one additional VLAN Tag
                      added to the packet ( on top of existing VLAN tags, if any).
        Note - VLANID added is specified by mib object issAclL3FilterSubActionId." 
   DEFVAL  { none } 
   ::= { issAclL3FilterEntry 26 }

issAclL3FilterSubActionId OBJECT-TYPE 
   SYNTAX      Integer32 (0..4094)
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object specifies the Id to be used if the object as specified by  
	  issAcl3FilterSubAction is either modifyvlan or nestedvlan only.
      Non-Zero value need to be specify when issAclL3FilterSubAction is modify or Nested Vlan.
	  Value of Zero need to be specify when issAclL3FilterSubAction is none." 
 
   DEFVAL  { 0 } 
   ::= { issAclL3FilterEntry 27 }

issAclL3FilterRedirectId OBJECT-TYPE
   SYNTAX      Integer32
   MAX-ACCESS  read-only
   STATUS      current
   DESCRIPTION
      "This object specifies the redirect index associated with L3Filter entry."
   ::= { issAclL3FilterEntry 28 }

issAclL3FilterRestore                   OBJECT-TYPE
        SYNTAX                          DisplayString
        MAX-ACCESS                      read-write
        STATUS                          current
        DESCRIPTION
           "This object is used to store the order of PCL index while storing
		   the configurations."
   ::= { issAclL3FilterEntry 29 }

issAclL3FilterSynBit	 OBJECT-TYPE
	SYNTAX	INTEGER	{
						set(1),
						notSet(2),
				     	any(3)	
					}
	MAX-ACCESS	read-create
	STATUS		current
	DESCRIPTION
		"This object specifies the SYN RST bit to be checked against the packet. The default 
		value is 'any'(3). It means that SYN bit will not be checked to 
		decide the action. "
	DEFVAL	{ any }
	::= { issAclL3FilterEntry 30 }


------------------------------------------------------------------------------------------
-- User Defined Filter Table for specifying user defined packet header elements
-- Also used for supporting AND/OR/NOT operations on existing ACL rules
-- and deriving new user defined ACL rules
------------------------------------------------------------------------------------------

issAclUserDefinedFilterTable  OBJECT-TYPE
   SYNTAX     SEQUENCE OF FsIssAclUserDefinedFilterEntry
   MAX-ACCESS not-accessible
   STATUS     current
   DESCRIPTION
       "This object specifies the table which is used to configure user defined filter rules in the system.
	   This table is used for specifying the user defined packet header elements for application of filter rules.
	   This table could also be used for supporting AND, OR,NOT operations on existing filter rules and deriving
	   new user defined ACL rules."
    ::= { issAclUserDefinedFilter 1 }

issAclUserDefinedFilterEntry OBJECT-TYPE
   SYNTAX     FsIssAclUserDefinedFilterEntry
   MAX-ACCESS not-accessible
   STATUS     current
   DESCRIPTION
        "This object specifies the user defined filter entry indexed uniquely by issAclUserDefinedFilterId."
   INDEX { issAclUserDefinedFilterId }
   ::= { issAclUserDefinedFilterTable 1 }

FsIssAclUserDefinedFilterEntry ::=
   SEQUENCE {
       issAclUserDefinedFilterId                      IndexInteger,
       issAclUserDefinedFilterPktType                 INTEGER,
       issAclUserDefinedFilterOffSetBase              Integer32,
       issAclUserDefinedFilterOffSetValue             OCTET STRING,
       issAclUserDefinedFilterOffSetMask              OCTET STRING,
       issAclUserDefinedFilterPriority                Integer32, 
       issAclUserDefinedFilterAction                  INTEGER, 
       issAclUserDefinedFilterInPortList              PortList, 
       issAclUserDefinedFilterIdOneType               INTEGER,
       issAclUserDefinedFilterIdOne                   Unsigned32,
       issAclUserDefinedFilterIdTwoType               INTEGER,
       issAclUserDefinedFilterIdTwo                   Unsigned32,
       issAclUserDefinedFilterSubAction              INTEGER,
       issAclUserDefinedFilterSubActionId            Integer32,
       issAclUserDefinedFilterRedirectId              Integer32,
       issAclUserDefinedFilterStatus                  RowStatus

          }
issAclUserDefinedFilterId OBJECT-TYPE
   SYNTAX      IndexInteger
   MAX-ACCESS  not-accessible
   STATUS      current
   DESCRIPTION
         "This object specifies an Index to uniquely identify the User defined filter table entry."
   ::= { issAclUserDefinedFilterEntry 1 }


issAclUserDefinedFilterPktType OBJECT-TYPE
   SYNTAX   INTEGER {
          userDef(0),     -- user defined packet type
          ethernet(1),     -- ethernet packet
          ipv4(2),        -- packet type is IPv4
          ipv6(3),        -- packet type is IPv6
          ipv4tcp(4),     -- packet type is IPv4 TCP 
          ipv6tcp(5),      -- packet type is IPv6 TCP
          ipv4udp(6),     -- packet type is IPv4 UDP 
          ipv6udp(7),     -- packet type is IPv6 UDP 
          mpls(8),        -- packet type is MPLS 
          fragip(9)       -- fragmented IPv4/v6 packet
   }

   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION 
      "This object specifies the type of packet for which packet-filter match needs to be applied on incoming traffic."
   DEFVAL {0}  
   ::= { issAclUserDefinedFilterEntry 2 }

issAclUserDefinedFilterOffSetBase OBJECT-TYPE
   SYNTAX      Integer32
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION 
      "This object specifies the offset base from the start of packet header ( beginning of full packet) for which the match needs to 
	 be applied on incoming traffic. A value of 0 indicates Start of L2 Header, value 1 indicates start of L3 Header,
	 value 2 start of L4 Header, value 3 start of IPv6 start header, value 4 start from Ethertype and value 5
	 indicated start from MPLS Header(minus2). Other value are correctly invlaid and reserved for future use." 
   DEFVAL  { 0 }
   ::= { issAclUserDefinedFilterEntry 3 }

issAclUserDefinedFilterOffSetValue OBJECT-TYPE
   SYNTAX      OCTET STRING (SIZE (0..128))
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION 
      "This object specifies the offset value for which packet-filter match needs to be applied on incoming traffic. A value
       of zero indicates that this field is dont-care. The offset value is a contiguous set of 128 bytes from the OffSetBase.
	 For specifying non-contiguous elements in the packet header, the OffSetValue is ANDed with the OffsetMask to result in
	 the appropriate match on non-contiguous elements of the packet header."    
   ::= { issAclUserDefinedFilterEntry 4 }

issAclUserDefinedFilterOffSetMask OBJECT-TYPE
   SYNTAX      OCTET STRING (SIZE (0..128))
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION 
      "This object specifies the mask for the offset value. The actual user defined value to be used for matching incoming
       traffic is obtained after ANDing the OffsetValue and OffsetMask. A value of 0 indicates that this field is dont-care."
     
   ::= { issAclUserDefinedFilterEntry 5 }

issAclUserDefinedFilterPriority OBJECT-TYPE 
   SYNTAX      Integer32 (1..255)
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object specifies the priority of the filter that can be used to decide which filter rule
       is applicable when 
          --> the packet matches with more than one filter rules
          --> All the filter rules result in 'allow'ing the packet

      Higher value of 'UserDefined filter priority' implies a higher priority.
      Usage of 'UserDefinedFilterPriority' is implementation dependant."
   DEFVAL  { 1 }
   ::= { issAclUserDefinedFilterEntry 6 }

issAclUserDefinedFilterAction OBJECT-TYPE 
   SYNTAX      INTEGER {
                  allow    (1),
                  drop     (2),
                  redirect (3),
		  and      (4),
		  or       (5),
		  not      (6)
               }
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "Action value allow/drop/redirect specify the action to be taken on the packet if the filter rule matches.
     -->  If the action is 'allow', the packet will be sent to the
      	     ports as specified by issRedirectInterfaceGrpPortList. 

     -->  If the action is 'drop', the packet will be discarded.

     -->  If the action is 'redirect', the packet will be switched based on the redirect rule.
	Action value and/or/not specify the operation that is applied on base 
    access filter rules to derive a new user defined ACL rule. 
    For the below actions, the user defined offset values are not used for packet
	match.
	--> and : Apply AND operation on base filter rules identified uniquely by  <issAclUserDefinedFilterIdOneType, issAclUserDefinedFilterIdOne> AND  <issAclUserDefinedFilterIdTwoType,  issAclUserDefinedFilterIdTwo > to derive new user defined filter rule.
	--> or  : Apply OR operation on base filter rules identified uniquely by  <issAclUserDefinedFilterIdOneType, issAclUserDefinedFilterIdOne> AND  <issAclUserDefinedFilterIdTwoType,  issAclUserDefinedFilterIdTwo > The FilterAction corresponding to  issAclUserDefinedFilterIdOne will be applied on  issAclUserDefinedFilterIdTwo.
	--> not  : Apply NOT operation on base filter rule identified uniquely by  <issAclUserDefinedFilterIdOneType, issAclUserDefinedFilterIdOne> to derive new user defined filter rule."

   DEFVAL  { allow } 
   ::= { issAclUserDefinedFilterEntry 7 }

issAclUserDefinedFilterInPortList OBJECT-TYPE 
   SYNTAX      PortList
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object specifies the complete set of ports over which this filter is applied
       for packets ingress at ports in this list. Filter will be applied in
       chip when port list is not null.
       If the In port list is '0', the filter rule will not be installed in hardware.
       By default inport list is maintained as '0'." 
   ::= { issAclUserDefinedFilterEntry 8 }

issAclUserDefinedFilterIdOneType OBJECT-TYPE
   SYNTAX         INTEGER { macbased (1), ipbased (2) } 
   MAX-ACCESS     read-write
   STATUS         current
   DESCRIPTION
        "This Object specifies the type of the Base ACL rule 1 that is used for 
         deriving new ACL rule."
   ::= { issAclUserDefinedFilterEntry 9 }

issAclUserDefinedFilterIdOne OBJECT-TYPE
   SYNTAX    Unsigned32 (0..65535)
   MAX-ACCESS     read-write
   STATUS         current
   DESCRIPTION
        "This Object specifies the ID of the Base ACL rule 1 (MAC-based or IP-based) that is used for 
         deriving new ACL rule."
   ::= { issAclUserDefinedFilterEntry 10 }

issAclUserDefinedFilterIdTwoType OBJECT-TYPE
   SYNTAX         INTEGER { macbased (1) , ipbased (2) } 
   MAX-ACCESS     read-write
   STATUS         current
   DESCRIPTION
        "This Object specifies the type of the Base ACL rule 2 that is used for 
         deriving new ACL rule."
   ::= { issAclUserDefinedFilterEntry 11 }

issAclUserDefinedFilterIdTwo OBJECT-TYPE
   SYNTAX    Unsigned32 (0..65535)
   MAX-ACCESS     read-write
   STATUS         current
   DESCRIPTION
        "This Object specifies the ID of the Base ACL rule 2 (MAC-based or IP-based) that is used for 
         deriving new ACL rule."
   ::= { issAclUserDefinedFilterEntry 12 }

issAclUserDefinedFilterSubAction OBJECT-TYPE 
   SYNTAX      INTEGER {
                  none         (0),
                  modifyVlan   (1),
                  nestedVlan   (2)
               }
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object specifies the action that is to be taken on the incoming packet is detailed below -
       none       - no action
       modifyVlan - Traffic matching ACL rule will have VLAN ID classified/modified 
                     to value specified by this object.
                     The direction of VLAN ID modification is determined as follows -
       nestedVlan - Traffic matching ACL rule will have one additional VLAN Tag 
                     added to the packet ( on top of existing VLAN tags, if any). 
                     
       NOte  -       VLANID added is specified by issAclUserDefinedFilterSubActionId." 
   DEFVAL  { none }
   ::= { issAclUserDefinedFilterEntry 13 }

issAclUserDefinedFilterSubActionId OBJECT-TYPE 
   SYNTAX      Integer32 (0..4094)
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "Id to be used if the object as specified by  issAclUserDefinedFilterSubAction is either modifyvlan or nestedvlan only.
       Non-Zero value need to be specify when issAclUserDefinedFilterSubAction is modify 
       or Nested Vlan. Value of Zero need to be specify 
       when issAclUserDefinedFilterSubAction is none." 

        
   DEFVAL  { 0 } 
   ::= { issAclUserDefinedFilterEntry 14 }

issAclUserDefinedFilterRedirectId OBJECT-TYPE
   SYNTAX      Integer32
   MAX-ACCESS  read-only
   STATUS      current
   DESCRIPTION
      "This object specifies the redirect index associated with UserDefinedFilter entry."
   ::= { issAclUserDefinedFilterEntry 15 }

issAclUserDefinedFilterStatus OBJECT-TYPE 
   SYNTAX      RowStatus
   MAX-ACCESS  read-create 
   STATUS      current 
   DESCRIPTION 
        "This object speifies the status of this entry. An entry is
        created in this table when this object is SET to 'createAndWait'.
        The entry in this table is used when the status of this object 
        is SET 'active'. The entry in this table is not used when this 
        object is SET 'notInService'. An entry created in this table is
        be deleted when this object is SET 'destroy'."
   ::= { issAclUserDefinedFilterEntry 16 }





----------------------------------------
-- Redirect Interface Group Table
----------------------------------------

issRedirectInterfaceGrpTable  OBJECT-TYPE
   SYNTAX     SEQUENCE OF FsRedirectInterfaceGrpEntry
   MAX-ACCESS not-accessible
   STATUS     current
   DESCRIPTION
        "This object specifies an interface group which is a collection of physical ports ( or ) trunks that
        are grouped together for distributing traffic received on an ingress interface.
        Based on the access-list match on an incoming interface, traffic is distributed 
        among the member ports of an interface-group/virtual trunk." 
    ::= { issRedirectInterfaceGrp 1 }

issRedirectInterfaceGrpEntry OBJECT-TYPE
   SYNTAX     FsRedirectInterfaceGrpEntry
   MAX-ACCESS not-accessible
   STATUS     current
   DESCRIPTION
        "This object specifies that there is one entry in this table for each created Interface-Group. 
		An interface-group/virtual trunk is uniquely identified by the object 'issRedirectInterfaceGrpId'."
   INDEX { issRedirectInterfaceGrpId }
   ::= { issRedirectInterfaceGrpTable 1 }

FsRedirectInterfaceGrpEntry ::=
   SEQUENCE {
         issRedirectInterfaceGrpId                      IndexInteger,
         issRedirectInterfaceGrpFilterType              INTEGER,
         issRedirectInterfaceGrpFilterId                Unsigned32,
         issRedirectInterfaceGrpDistByte                Integer32,
         issRedirectInterfaceGrpPortList                PortList,
         issRedirectInterfaceGrpType                    INTEGER,
         issRedirectInterfaceGrpUdbPosition             Integer32,
         issRedirectInterfaceGrpStatus                  RowStatus
          }
issRedirectInterfaceGrpId OBJECT-TYPE
   SYNTAX      IndexInteger
   MAX-ACCESS  not-accessible
   STATUS      current
   DESCRIPTION
         "This object specifies an Index to the Redirect Interface Group table entry. Uniquely identifies the interface-group."
   ::= { issRedirectInterfaceGrpEntry 1 }


issRedirectInterfaceGrpFilterType OBJECT-TYPE
   SYNTAX      INTEGER {
                l2filter      (0),
                l3filter      (1),
                userdefined   (2)
        }
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
 	" This object specifies the type of the access-control list. The type could take the value 'l2filter' for MAC-based
	  ACLs and 'l3filter' for IP-based ACLs. It takes the value 'userdefined' for filtering based on user-defined 
          filters."
   ::= { issRedirectInterfaceGrpEntry 2 }


issRedirectInterfaceGrpFilterId OBJECT-TYPE
   SYNTAX    Unsigned32 (1..65535)
   MAX-ACCESS     read-write
   STATUS         current
   DESCRIPTION
        "This Object specifies the ID of the MAC-based, IP-based or UserDefined access control list/filter-rule, the details of 
         which should be matched against the incoming packet. The corresponding ACL/filter-rule can be applied to 
         this Interface Redirect Group only if the following objects are set with values mentioned below -
         a. 'issAclL2FilterAction'/'issAclL3FilterAction' -  redirect."
   ::= { issRedirectInterfaceGrpEntry 3 }

issRedirectInterfaceGrpDistByte OBJECT-TYPE
   SYNTAX       Integer32 (0..140)  
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
 	"This object specifies the Distribution Byte that needs to be used for deriving the traffic distribution hash-logic for the 
	 set of interfaces in the interface-group/virtual-trunk. The output of the hash-logic is an egress 
	 interface from amongst the member ports of a virtual trunk. Traffic would get redirected to this egress interface. 
       'udb' can take any value between (0..128). If srcip is selected, then Source IP in the packet header would be 
       used for distributing traffic. For encapsulated IP packets, inner IP can be used for traffic distribution." 
   ::= { issRedirectInterfaceGrpEntry 4 }

issRedirectInterfaceGrpPortList OBJECT-TYPE
   SYNTAX         PortList
   MAX-ACCESS     read-write
   STATUS         current
   DESCRIPTION
        "Each octet in this object specifies the IfIndex of a physical interface or manually aggregated trunk.Based on the value specified by issRedirectInterfaceGrpType This PortList specifies either of the below.
        -> if issRedirectInterfaceGrpType is portList it specifies 
           List of interfaces that comprise the redirect interface-group with Most Significant Bit Represents
           Lowest Port. 
        -> if issRedirectInterfaceGrpType is port then it specifies Single interface with Least Significant Octets
           taking up the interface Value ."  
   ::= { issRedirectInterfaceGrpEntry 5 }


issRedirectInterfaceGrpType OBJECT-TYPE
   SYNTAX         INTEGER { port (1) , portList (2) }
   MAX-ACCESS     read-write
   STATUS         current
   DESCRIPTION
        "This object specifies whether the redirected interface is a single port
        or portlist.If the value of this object is port(1) then the redirected 
        interface is a single interface .If the value of this object is 
        portlist(2) then the redirected interface consists of a group of ports."  
   ::= { issRedirectInterfaceGrpEntry 6 }

issRedirectInterfaceGrpUdbPosition OBJECT-TYPE 
   SYNTAX      Integer32 (0..128)
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "This object specifies the User defined postion of a byte in
	  the packet when the value of the object as specified by 
	  issRedirectInterfaceGrpDistByte is udb." 
   DEFVAL  { 0 }
   ::= { issRedirectInterfaceGrpEntry 7 }
issRedirectInterfaceGrpStatus OBJECT-TYPE
   SYNTAX      RowStatus
   MAX-ACCESS  read-create
   STATUS      current
   DESCRIPTION
	"This object specifies the status of this entry. An entry is
  	 created in this table when this object is SET to 'createAndWait'.
	 The entry is 'not-ready' when the mandatory parameters are not specified.
	 Following objects are mandatory parameters that need to be set before this object
	 can be SET to 'active' -
	 a. issRedirectInterfaceGrpFilterId
	 b. issRedirectInterfaceGrpPortList 
         The entry in this table is used when the status of this object is 
         SET to 'active'. The entry in this table is not used when this object is SET to 'notInService'. 
         An entry created in this table is deleted when this object is SET to 'destroy'."
   ::= { issRedirectInterfaceGrpEntry 8 }

-------------------------------------------------------------------
--SCALAR OBJECT 
-------------------------------------------------------------------

issRedirectInterfaceGrpIdNextFree OBJECT-TYPE
   SYNTAX       IndexIntegerNextFree
   MAX-ACCESS   read-only
   STATUS       current
   DESCRIPTION
   "This object value the next free index (issRedirectInterfaceGrpId)  
    to be used for creation of redirect interface entry, or a 
    zero to indicate that none exist"
   ::= { issRedirectIdNextFree 1 }

----------------------------------------
-- Reserved Frame Transmission Control
----------------------------------------

issReservedFrameCtrlTable  OBJECT-TYPE
   SYNTAX     SEQUENCE OF FsReservedFrameCtrlEntry
   MAX-ACCESS not-accessible
   STATUS     current
   DESCRIPTION
        "A table to configure IEEE802 Reserved Multicast-MAC Address filter rules in the system.
                The reserved transmission control function is a function that takes frames that normally are
                sent to the CPU and then it decides to either permit them or to stop forwarding them to the CPU." 
    ::= { issReservedFrameGrp 1 }

issReservedFrameCtrlEntry OBJECT-TYPE
   SYNTAX     FsReservedFrameCtrlEntry
   MAX-ACCESS not-accessible
   STATUS     current
   DESCRIPTION
                 "An Reserved-Frame-Tranmission-Entry is uniquely identified by the object 'issReservedFrameTxnCtrlId'."
   INDEX { issReservedFrameCtrlId }
   ::= { issReservedFrameCtrlTable 1 }

FsReservedFrameCtrlEntry ::=
   SEQUENCE {
         issReservedFrameCtrlId                      IndexInteger,
         issReservedFrameCtrlPktType                 ReservedFrameType,
         issReservedFrameCtrlAction                  INTEGER,
                 issReservedFrameCtrlOtherMacAddr            MacAddress,
         issReservedFrameCtrlOtherMacMask                  INTEGER,
                 issReservedFrameCtrlMatchCount              Counter32,
         issReservedFrameCtrlStatsEnabledStatus      EnabledStatus,
         issClearReservedFrameCtrlStats              TruthValue,
                 issReservedFrameCtrlStatus                  RowStatus
          }
issReservedFrameCtrlId OBJECT-TYPE
   SYNTAX      IndexInteger
   MAX-ACCESS  not-accessible
   STATUS      current
   DESCRIPTION
         "Index to the ReservedFrameTxnCtrl entry. Uniquely identifies the issReservedFrameTxnCtrl entry."
   ::= { issReservedFrameCtrlEntry 1 }

issReservedFrameCtrlPktType OBJECT-TYPE
   SYNTAX      ReservedFrameType
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
        " This object specifies the type of the PDUs. The type could take the following values
         bpdu - (MAC:01:80:C2:00:00:00) for Suppressing BPDU CPU transfer (Cannot be combined with Spanning Tree Protocol).
         lacpdu-udld - (MAC:01:80:C2:00:00:02) Suppressing Slow protocol frame CPU transfer (Cannot be combined with lacp and mlag lacp)
     eap - (MAC:01:80:C2:00:00:03) Suppressing IEEE802.1X EAP frame CPU transfer(Cannot be combined with IEEE802.1X.)
         lldpdu - Suppressing LLDPDU CPU transfer (Can not be combined with LLDP)
         all - MAC Range : 01:80:C2:00:00:00 to 01:80:C2:00:00:0F and 01:80:C2:00:00:20 to 01:80:C2:00:00:2F"
   ::= { issReservedFrameCtrlEntry 2 }

issReservedFrameCtrlAction OBJECT-TYPE 
   SYNTAX      INTEGER {
                  allow    (1),
                  drop     (2)
               }
   MAX-ACCESS  read-write 
   STATUS      current 
   DESCRIPTION 
      "Action value allow/drop specify the action to be taken on the packet if the ReservedFrameCtrl-entry matches.
     -->  If the action is 'allow', the packet will be forwarded. 
     -->  If the action is 'drop', the packet will be discarded."
   ::= { issReservedFrameCtrlEntry 3 }

issReservedFrameCtrlOtherMacAddr OBJECT-TYPE
   SYNTAX      MacAddress
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
       "Reserved Destination Multicast MAC address to be matched with the packet"

   ::= { issReservedFrameCtrlEntry 4 }

issReservedFrameCtrlOtherMacMask OBJECT-TYPE
   SYNTAX      INTEGER
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
      "The range of Mac addresses will be decided based on the Mask Specified.
        The possible  masks are :
        Mask Value       MAC addresses
        0xff             1 
        0xfe             2 
        0xfc             4
        0xf8             8
        0xf0             16
        0xe0             32."

   ::= { issReservedFrameCtrlEntry 5 }

issReservedFrameCtrlMatchCount OBJECT-TYPE
   SYNTAX      Counter32
   MAX-ACCESS  read-only
   STATUS      current
   DESCRIPTION
      "Number of times this ReservedFrameCtrl-entry is matched."

   ::= { issReservedFrameCtrlEntry 6 }

issReservedFrameCtrlStatsEnabledStatus OBJECT-TYPE
   SYNTAX      EnabledStatus
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
      "This object specifies the status of ReservedFrameCtrl-entry statistics collection.
       When set as enabled, the number of hits for the specific entry is collected and can
           be verified using the issReservedFrameCtrlMatchCount object.
           When set as disabled, the number of hits for the entry is not collected."
   DEFVAL   { disabled }
   ::= { issReservedFrameCtrlEntry 7 }

issClearReservedFrameCtrlStats OBJECT-TYPE
   SYNTAX      TruthValue
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
      "This object clears the hit count of the specific ReservedFrameCtrl-entry.
         
       When this object is set as 'true'(1), the hit count for the filter is 
       cleared and the object value is reset to 'false'(2). The get routine for
       this object always returns 'false'(2)."
   DEFVAL   { false }
   ::= { issReservedFrameCtrlEntry 8 }

issReservedFrameCtrlStatus OBJECT-TYPE
   SYNTAX      RowStatus
   MAX-ACCESS  read-create
   STATUS      current
   DESCRIPTION
        "This object indicates the status of this entry. An entry is
         created in this table when this object is SET to 'createAndWait'.
         The entry is 'not-ready' when the mandatory parameters are not specified.
         Following objects are mandatory parameters that need to be set before this object
         can be SET to 'active' -
         a. issReservedFrameCtrlId
         b. issReservedFrameCtrlPktType
     c. issReservedFrameCtrlAction
         The entry in this table is used when the status of this object is 
         SET to 'active'. The entry in this table is not used when this object is SET to 'notInService'. 
         An entry created in this table is deleted when this object is SET to 'destroy'."
   ::= { issReservedFrameCtrlEntry 9 }

-------------------------------------------------------------------
--SCALAR OBJECT 
-------------------------------------------------------------------

issAclTrcFlag OBJECT-TYPE
    SYNTAX      Unsigned32 (0..255)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION 
       "This object is used to enable trace statements in Acl module. 
        A four byte integer is used for enabling the trace level.  
        Each bit in the four byte integer represents a particular  
        trace level.  
        The mapping between the bit positions & the trace level is  
        as follows:  

            0 - Init and Shutdown traces 
            1 - Management traces 
            2 - Data Path traces 
            3 - Control Plane traces 
            5 - Traces related to all resources except buffers 
            6 - Buffer allocation/release traces 
            7 - All Failure traces 
            None of the bit is set the Disable the Trace,value(0). 

        The remaining bits are unused. Combination of levels are  
        also allowed. 

        For example if the bits 0 and 1 are set, then the trace 
        statement related to Init-Shutdown and management  
        will be printed. 

        The user has to enter the corresponding integer value for the 
        bits set. For example if bits 0 and 1 are to be set ,then user
        has to give the value 3." 

    ::= { issAclTrc 1 }

END
