--  =======================================================================
--  File        : osAcl.mib
--  Description : Private MIB support the functionality of access-lists
--  By          : Inna Levin
--  Date        : Dec 1,2008

-- Copyright (c) 2008 MRV.  All Rights Reserved.
--
--
-- Reproduction of this document is authorized on condition that this
-- copyright notice is included.  This MRV SNMP MIB Specification
-- embodies MRV's proprietary intellectual property.  MRV
-- retains all title and ownership in the specification, including any
-- revisions.
--
-- It is MRV's intent to encourage the widespread use of this
-- specification in connection with the management of MRV's
-- products. MRV grants vendor, end-users, and other interested
-- parties a non-exclusive license to use this specification in
-- connection with the management of MRV's products.
--
-- This specification is supplied "AS IS," and MRV makes no
-- warranty, either express or implied, as to the use, operation,
-- condition, or performance of the specification.
--
-- Copyright text courtesy of MRV
--
-- If you have any questions about this MIB, please call MRV
-- Technical Support Center at 1-800-858-7815 from inside USA or
-- 1-818-773-0900 from outside USA.
--
--
-- MRV retains the right to change this MIB without notification.

OS-ACL-MIB DEFINITIONS ::= BEGIN

        IMPORTS
                MODULE-IDENTITY, OBJECT-TYPE,
                enterprises, Integer32, Counter64               FROM SNMPv2-SMI
                TEXTUAL-CONVENTION                              FROM SNMPv2-TC
                DisplayString                                   FROM SNMPv2-TC
                oaOptiSwitch                                    FROM OS-COMMON-TC-MIB
                MODULE-COMPLIANCE, OBJECT-GROUP                 FROM SNMPv2-CONF;

osAcl        MODULE-IDENTITY
                LAST-UPDATED "201405270000Z"
                ORGANIZATION "MRV Communications, Inc."
                CONTACT-INFO
                   "Inna Levin
                    MRV Communication, Inc
                    http://www.mrv.com
                    Email:  ilevin@mrv.com"
                DESCRIPTION
                    "Private MIB support the functionality of access-lists."
                REVISION "201405270000Z" -- 27 May 2014
                DESCRIPTION
                    "Add osAclMatchingCounterTable."
                REVISION "200801080000Z"
                DESCRIPTION
                    "Initial edition."
                ::= { oaOptiSwitch 3 }

-- ************************************************************
-- MIB place Definition
-- ************************************************************
osAclGenConfGrp         OBJECT IDENTIFIER ::= { osAcl 50 }
osAclSupportGrp         OBJECT IDENTIFIER ::= { osAcl 100 }
osAclConformance        OBJECT IDENTIFIER ::= { osAcl 101 }
osAclMIBCompliances     OBJECT IDENTIFIER ::= { osAclConformance 1 }
osAclMIBGroups          OBJECT IDENTIFIER ::= { osAclConformance 2 }

-- ************************************************************
-- Textual converions
-- ************************************************************

SupportValue      ::= TEXTUAL-CONVENTION
                      STATUS       current
                      DESCRIPTION
                      "Represents a value, that reflects support of the feature on the Device." 
                      SYNTAX       INTEGER { notSupported(1), supported(2) }

AdminStatus ::= TEXTUAL-CONVENTION
                      STATUS       current
                      DESCRIPTION
                      "Represents a value, that reflects administrative status of the feature on the device." 
                      SYNTAX       INTEGER { valid (2), invalid (3) }

ParamType ::= TEXTUAL-CONVENTION
                      STATUS       current
                      DESCRIPTION
                      "Represents a value, that reflects administrative status of the feature on the device." 
                      SYNTAX       INTEGER { integer (2), octetString (3), displayString (4), noParam (5) }

ConditionType ::= TEXTUAL-CONVENTION
                      STATUS       current
                      DESCRIPTION
                      "Represents a relation of the feature to the parameter value." 
                      SYNTAX       INTEGER { eq (2), neq (3), lt (4), gt (5), le (6), ge (7), mask (8), none (9) }

VlanIdOrNone      ::= TEXTUAL-CONVENTION
                      DISPLAY-HINT "d"
                      STATUS       current
                      DESCRIPTION
                        "Has been stolen from Q-BRIDGE-MIB.
                        The VLAN-ID that uniquely identifies a specific VLAN,
                        or no VLAN.  The special value of zero is used to
                        indicate that no VLAN-ID is present or used.  This can
                        be used in any situation where an object or a table entry
                        must refer either to a specific VLAN, or to no VLAN.
   
                        Note that a MIB object that is defined using this
                        TEXTUAL-CONVENTION should clarify the meaning of
                        'no VLAN' (i.e., the special value 5000)."
                      SYNTAX       Integer32 (1..4095 | 5000)

PortIndexOrNone      ::= TEXTUAL-CONVENTION
                      DISPLAY-HINT "d"
                      STATUS       current
                      DESCRIPTION
                        "The port index that uniquely identifies a specific port,
                        or no port.  The special value of 5000 is used to
                        indicate that no port is used.  This can
                        be used in any situation where an object or a table entry
                        must refer either to a specific port, or to no port.
   
                        Note that a MIB object that is defined using this
                        TEXTUAL-CONVENTION should clarify the meaning of
                        'no port' (i.e., the special value 5000)."
                      SYNTAX       Integer32 (1..4999 | 5000)

-- ************************************************************
-- The ACLs Table
-- ************************************************************
osAclTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF OsAclEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
       "Table of defined access-list in the device."
    REFERENCE
       "CLI commands 'access-list extended WORD' and 'access-list flow WORD'."
    ::= { osAcl 1 }

osAclEntry   OBJECT-TYPE
    SYNTAX      OsAclEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
       "Contains entry of the table."
    INDEX { osAclName }
    ::= { osAclTable 1 }

OsAclEntry ::= SEQUENCE {
    osAclName               DisplayString,
    osAclType               INTEGER,
    osAclDefaultPolicy      INTEGER,
    osAclRemark             DisplayString,
    osAclActive             INTEGER,
    osAclAdminStatus        AdminStatus
}

osAclName   OBJECT-TYPE
    SYNTAX          DisplayString  (SIZE (0..19))
    MAX-ACCESS not-accessible
    STATUS   current
    DESCRIPTION
                "Access list name."
    REFERENCE
                "."
    ::= { osAclEntry 1 }

osAclType         OBJECT-TYPE
        SYNTAX	INTEGER {
                        extended    (2),
                        flow        (3),
                        protocols   (4)
                      }
        MAX-ACCESS        read-write
        STATUS            current
        DESCRIPTION
                "Type of the access-list: extended or flow."
        REFERENCE
                "CLI commands 'access-list extended WORD' and 'access-list flow WORD'."
    ::= { osAclEntry 2 }

osAclDefaultPolicy OBJECT-TYPE
        SYNTAX  INTEGER  {
                        deny   (2),
                        permit (3),
                        notSupported (4)
                     }
        MAX-ACCESS read-write
        STATUS          current
        DESCRIPTION
             "The default action to be performed for packet if no rule is matched."
        REFERENCE
                "CLI commands 'default policy (permit|deny)'."
 ::= { osAclEntry 3 }

osAclRemark OBJECT-TYPE
        SYNTAX          DisplayString -- (SIZE (0..100))
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION
         "Access list entry comment."
        REFERENCE
                "CLI commands 'remark .LINE'."
 ::= { osAclEntry 4 }

osAclActive OBJECT-TYPE
        SYNTAX INTEGER {
                        active     (1),
                        notActive  (2)
        } 
        MAX-ACCESS read-only
        STATUS          current
        DESCRIPTION
         "Whether the Acl is bound or not."
        REFERENCE
                "See value of the 'state' field in the CLI commands 'show access-list'."
 ::= { osAclEntry 5 } 

osAclAdminStatus OBJECT-TYPE
        SYNTAX AdminStatus
        MAX-ACCESS read-write
        STATUS          current
        DESCRIPTION
              "."
        REFERENCE
              "."
 ::= { osAclEntry 6 }

-- ************************************************************
-- The ACL Rules Table
-- ************************************************************
osAclRuleTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF OsAclRuleEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
       "Table of ACL rules."
    REFERENCE
       "CLI command under ACL node: 'rule RULE_NUM'."
    ::= { osAcl 2 }

osAclRuleEntry   OBJECT-TYPE
    SYNTAX      OsAclRuleEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
       "Contains entry of the table."
    INDEX { osAclName, osAclRuleIndex }
    ::= { osAclRuleTable 1 }

OsAclRuleEntry ::= SEQUENCE {              
    osAclRuleIndex                  Integer32,
    osAclRuleAdminStatus            INTEGER
}

osAclRuleIndex        OBJECT-TYPE
    SYNTAX            Integer32  (1..65535)
    MAX-ACCESS        not-accessible
    STATUS            current
    DESCRIPTION
       "."
    REFERENCE
       "."
    ::= { osAclRuleEntry 1 }

osAclRuleAdminStatus OBJECT-TYPE
        SYNTAX INTEGER  {
                        enable  (2),
                        disable (3),
                        invalid (4)
                     }
        MAX-ACCESS read-write
        STATUS          current
        DESCRIPTION
  "."
        REFERENCE
  "."
        ::= { osAclRuleEntry 2 }

-- ************************************************************
-- The ACL Rule Actions Table
-- ************************************************************
osAclRuleActionTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF OsAclRuleActionEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
       "Table of ACL rule actions."
    REFERENCE
       "CLI command under ACL rule node: 'action ...'."
    ::= { osAcl 3 }

osAclRuleActionEntry   OBJECT-TYPE
    SYNTAX      OsAclRuleActionEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
       "Contains entry of the table."
    INDEX { osAclName, osAclRuleIndex,  osAclRuleActionType }
    ::= { osAclRuleActionTable 1 }

OsAclRuleActionEntry ::= SEQUENCE {              
        osAclRuleActionType                 INTEGER,
        osAclRuleActionParamType            ParamType,
        osAclRuleActionParamValue           OCTET STRING,
        osAclRuleActionAdminStatus          AdminStatus
}

osAclRuleActionType        OBJECT-TYPE
    SYNTAX      INTEGER {
                        osAclRuleActionDeny 		    (2),  -- ParamType=noParam value="N/A"
                        osAclRuleActionPermit  		    (3),  -- ParamType=noParam value="N/A"
                        osAclRuleActionLayer2Loopback 	(4),  -- ParamType=integer value=r_port
                        osAclRuleActionTrapToCpu 	    (5),  -- ParamType=noParam value="N/A"
                        osAclRuleActionMirrorToCpu 	    (6),  -- ParamType=noParam value="N/A"
                        osAclRuleActionMirrorToAnalyser (7),  -- ParamType=noParam value="N/A"
                        osAclRuleActionRedirectPort	    (8),  -- ParamType=integer value=r_port
                        osAclRuleActionRedirectTag  	(9),  -- ParamType=integer value=r_tag
                        osAclRuleActionWithActionList  	(10), -- ParamType=displayString value=al_name
                        osAclRuleActionMarkServiceLevel (11), -- ParamType=integer value=<1-8>
                        osAclRuleActionMarkDscp  	    (12), -- ParamType=integer value=<0-63>
                        osAclRuleActionMarkVpt  	    (13), -- ParamType=integer value=<0-7>
                        osAclRuleActionMarkByDiffserv  	(14), -- ParamType=noParam value="N/A"
                        osAclRuleActionMarkSlByDscp  	(15), -- ParamType=noParam value="N/A"
                        osAclRuleActionSwapVlan  	    (16), -- ParamType=integer value=tag
                        osAclRuleActionNestedVlan  	    (17), -- ParamType=integer value=tag
                        osAclRuleActionSwapToClientTag  (18), -- ParamType=integer value=tag
                        osAclRuleActionSwapToServerTag  (19), -- ParamType=integer value=tag
                        osAclRuleActionRedirectToCpu    (20)  -- ParamType=noParam value="N/A"
    }
    MAX-ACCESS        not-accessible
    STATUS            current
    DESCRIPTION
       "."
    REFERENCE
       "."
    ::= { osAclRuleActionEntry 1 }

osAclRuleActionParamType        OBJECT-TYPE
    SYNTAX              ParamType
    MAX-ACCESS          read-write
    STATUS              current
    DESCRIPTION
       "."
    REFERENCE
       "."
    ::= { osAclRuleActionEntry 2 }

osAclRuleActionParamValue   OBJECT-TYPE
        SYNTAX          OCTET STRING  (SIZE (0..255))
        MAX-ACCESS read-write
        STATUS   current
        DESCRIPTION
                "ACL rule action parameter."
        REFERENCE
                "."
    ::= { osAclRuleActionEntry 3 }

osAclRuleActionAdminStatus OBJECT-TYPE
        SYNTAX AdminStatus
        MAX-ACCESS read-write
        STATUS          current
        DESCRIPTION
  "."
        REFERENCE
  "."
        ::= { osAclRuleActionEntry 4 }


-- ************************************************************
-- The ACL Rule Classifications Table
-- ************************************************************
osAclRuleClassTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF OsAclRuleClassEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
       "Table of ACL rule classifications."
    REFERENCE
       "CLI commands under ACL rule node."
    ::= { osAcl 4 }

osAclRuleClassEntry   OBJECT-TYPE
    SYNTAX      OsAclRuleClassEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
       "Contains entry of the table."
    INDEX { osAclName, osAclRuleIndex,  osAclRuleClassType, osAclRuleClassCondition }
    ::= { osAclRuleClassTable 1 }

OsAclRuleClassEntry ::= SEQUENCE {              
       osAclRuleClassType                         INTEGER,
       osAclRuleClassCondition                    ConditionType,
       osAclRuleClassParamType                    ParamType,
       osAclRuleClassParamValue                   OCTET STRING,
       osAclRuleClassAdminStatus                  AdminStatus
}

osAclRuleClassType        OBJECT-TYPE
    SYNTAX            INTEGER {
              osAclRuleClassSrcIp        	    (2) , -- There are 2 osAclRuleClassCondition indexes: eq and mask. 
                                                      -- Value="x x x x" ("0 0 0 0" means any)example of /etc/dhcp.conf for LINUX DHCP Server with option82 support
              osAclRuleClassDestIp          	(3) , -- There are 2 osAclRuleClassCondition indexes: eq and mask. 
                                                      -- Value="x x x x" ("0 0 0 0" means any)
              osAclRuleClassSrcPort    	        (4) , -- There are 2 options: 
                                                      -- 1) 2 osAclRuleClassCondition indexes (for range): ge (start) and le(end). 
                                                      --    Values are begin_port and end_port.
                                                      -- 2) 1 osAclRuleClassCondition index (for one port): eq. 
                                                      --    Value is one_port.
              osAclRuleClassDestPort    	    (5) , -- 1) 2 osAclRuleClassCondition indexes (for range): ge (start) and le(end). 
                                                      --    Values are begin_port and end_port.
                                                      -- 2) 1 osAclRuleClassCondition index (for one port): eq. 
                                                      --    Value is one_port.
              osAclRuleClassProtocol         	(6) , -- 1 osAclRuleClassCondition index : eq. value=<0-255>
              osAclRuleClassMacLookupResults  	(7) , -- 1 osAclRuleClassCondition index : eq. value={1(found), 2(not-found)}
              osAclRuleClassMacDaType   	    (8) , -- 1 osAclRuleClassCondition index : eq.
                                                      -- value={1(unicast), 2(multicast), 3(broadcast), 4(arp-broadcast)}
              osAclRuleClassVpt         	    (9) , --  1 osAclRuleClassCondition index : eq. value=<0-7>
              osAclRuleClassClientVpt       	(10) , -- 1 osAclRuleClassCondition index : eq. value=<0-7>
              osAclRuleClassDscp                (11) , -- There are 2 options: 
                                                       -- 1) 2 osAclRuleClassCondition indexes there is eq and mask
                                                       --    Values are dscp_value <0x0 - 0x3f> and dscp_mask <0x0 - 0x3f>
                                                       -- 2) 1 osAclRuleClassCondition index (for one port): eq. 
                                                       --    Value is one_port.
              osAclRuleClassMplsExp     	    (12) , -- 1 osAclRuleClassCondition index : eq. value=<0-7>. 
                                                       --    Used by MX and untagged packets for DX.
              osAclRuleClassMplsExpTagged   	(13) , -- 1 osAclRuleClassCondition index : eq. value=<0-7>. Used by tagged packets for DX.
              osAclRuleClassTag             	(14) , -- Packet tag or external (service) tag for q-in-q. 
                                                       -- 1 osAclRuleClassCondition index : eq. value= 2..4095
              osAclRuleClassClientTag       	(15) , -- Internal (client) tag for q-in-q. 
                                                       -- 1 osAclRuleClassCondition index : eq. value= 2..4095
              osAclRuleClassEthertype          	(16) , -- Ethertype for packet tag for non q-in-q or for external (service) tag for q-in-q. 
                                                       -- 1 osAclRuleClassCondition index : eq. value= 0x0000..0xffff
              osAclRuleClassClientEthertype    	(17) , -- Ethertype for internal (client) packet tag for q-in-q. 
                                                       -- 1 osAclRuleClassCondition index : eq. value= 0x0000..0xffff
              osAclRuleClassSrcMac          	(18) , -- 1 osAclRuleClassCondition index : eq. value=x:x:x:x:x:x
              osAclRuleClassDestMac        	    (19) , -- 1 osAclRuleClassCondition index : eq. value=x:x:x:x:x:x
              osAclRuleClassSrcPhyPort      	(20) , -- 1 osAclRuleClassCondition index : eq. value=port
              osAclRuleClassArp               	(21) , -- 1 osAclRuleClassCondition index : none.
              osAclRuleClassTaggedArp         	(22)   -- 1 osAclRuleClassCondition index : none.
    }
    MAX-ACCESS        not-accessible
    STATUS            current
    DESCRIPTION
       "."
    REFERENCE
       "."
    ::= { osAclRuleClassEntry 1 }

osAclRuleClassCondition        OBJECT-TYPE
    SYNTAX            ConditionType
    MAX-ACCESS        not-accessible
    STATUS            current
    DESCRIPTION
       "."
    REFERENCE
       "Example 1: parameter value for port range <110..150> in rule#10 of acl1 will be represented as following:
                   osAclRuleClassParamValue.acl1.10.osAclRuleClassSrcPort.ge == 110 , where osAclRuleClassCondition is ge
                   osAclRuleClassParamValue.acl1.10.osAclRuleClassSrcPort.le == 150 , where osAclRuleClassCondition is le
        Example 2: parameter value for source ip 194.90.136.111/24 in rule#10 of acl1 will be represented as following:
                   osAclRuleClassParamValue.acl1.10.osAclRuleClassSrcIp.eq == 194.90.136.111 , where osAclRuleClassCondition is eq
                   osAclRuleClassParamValue.acl1.10.osAclRuleClassSrcIp.mask == 255.255.255.0 , where osAclRuleClassCondition is mask
        Example 3: parameter value for protocol 23 will be represented as following:
                   osAclRuleClassParamValue.acl1.10.osAclRuleClassProtocol.eq == 23 , where osAclRuleClassCondition is eq
        Example 4: parameter value for ARP untagged packet will be represented as following:
                   osAclRuleClassParamValue.acl1.10.osAclRuleClassArp.none == '' , where osAclRuleClassCondition is eq"

    ::= { osAclRuleClassEntry 2 }

osAclRuleClassParamType        OBJECT-TYPE
    SYNTAX           ParamType
    MAX-ACCESS        read-write
    STATUS            current
    DESCRIPTION
       "."
    REFERENCE
       "."
    ::= { osAclRuleClassEntry 3 }

osAclRuleClassParamValue   OBJECT-TYPE
        SYNTAX          OCTET STRING  (SIZE (0..255))
        MAX-ACCESS read-write
        STATUS   current
        DESCRIPTION
                "ACL rule classification parameter."
        REFERENCE
                "."
    ::= { osAclRuleClassEntry 4 }

osAclRuleClassAdminStatus OBJECT-TYPE
        SYNTAX AdminStatus
        MAX-ACCESS read-write
        STATUS          current
        DESCRIPTION
  "."
        REFERENCE
  "."
        ::= { osAclRuleClassEntry 5 }

-- ************************************************************
-- The ACL Binding Table
-- ************************************************************
osAclBindingTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF OsAclBindingEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
       "Table of ACL bindings."
    REFERENCE
       "."
    ::= { osAcl 5 }

osAclBindingEntry   OBJECT-TYPE
    SYNTAX      OsAclBindingEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
       "Contains entry of the table."
    INDEX { osAclBindingPort, osAclBindingTag }
    ::= { osAclBindingTable 1 }

OsAclBindingEntry ::= SEQUENCE {              
        osAclBindingPort                          PortIndexOrNone,
        osAclBindingTag                           VlanIdOrNone,
        osAclBindingAclName                       DisplayString,
        osAclBindingAdminStatus                   AdminStatus
}

osAclBindingPort        OBJECT-TYPE
    SYNTAX            PortIndexOrNone
    MAX-ACCESS        not-accessible
    STATUS            current
    DESCRIPTION
       "If the binding is by port, then this is port to which acl is bound.
        If the binding is by vlan, then the port is not-care."
    REFERENCE
       "."
    ::= { osAclBindingEntry 1 }

osAclBindingTag        OBJECT-TYPE
    SYNTAX            VlanIdOrNone
    MAX-ACCESS   not-accessible
    STATUS            current
    DESCRIPTION
       "If the binding is by vlan, then this is tag of the interface to which acl is bound.
        If the binding is by port, then the tag is not-care."
    REFERENCE
       "."
    ::= { osAclBindingEntry 2 }


osAclBindingAclName        OBJECT-TYPE
    SYNTAX            DisplayString  (SIZE (0..19))
    MAX-ACCESS        read-write
    STATUS            current
    DESCRIPTION
       "The name of the bound ACL ."
    REFERENCE
       "."
    ::= { osAclBindingEntry 3 }

osAclBindingAdminStatus OBJECT-TYPE
        SYNTAX AdminStatus
        MAX-ACCESS read-write
        STATUS          current
        DESCRIPTION
  "."
        REFERENCE
  "."
        ::= { osAclBindingEntry 4 }

-- ************************************************************
-- The ACL Matching Counters Table
-- ************************************************************
osAclMatchingCounterTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF OsAclMatchingCounterEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
       "Table of ACL matching counters."
    ::= { osAcl 6 }

osAclMatchingCounterEntry  OBJECT-TYPE
    SYNTAX      OsAclMatchingCounterEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
       "Contains an entry of the table."
    INDEX { osAclMatchingCounterIndex }
    ::= { osAclMatchingCounterTable 1 }

OsAclMatchingCounterEntry ::= SEQUENCE {
        osAclMatchingCounterIndex        Integer32,
        osAclMatchingCounterPackets      Counter64,
        osAclMatchingCounterBytes        Counter64,
        osAclMatchingCounterAdminStatus  INTEGER,
        osAclMatchingCounterOperStatus   INTEGER
}

osAclMatchingCounterIndex OBJECT-TYPE
    SYNTAX            Integer32 (1..2048)
    MAX-ACCESS        not-accessible
    STATUS            current
    DESCRIPTION
       "Index of the matching counter."
    ::= { osAclMatchingCounterEntry 1 }

osAclMatchingCounterPackets OBJECT-TYPE
    SYNTAX            Counter64
    MAX-ACCESS        read-only
    STATUS            current
    DESCRIPTION
       "Number of packets that matched rules with this counter."
    ::= { osAclMatchingCounterEntry 2 }

osAclMatchingCounterBytes OBJECT-TYPE
    SYNTAX            Counter64
    MAX-ACCESS        read-only
    STATUS            current
    DESCRIPTION
       "Total bytes in packets that matched rules with this counter."
    ::= { osAclMatchingCounterEntry 3 }

osAclMatchingCounterAdminStatus OBJECT-TYPE
        SYNTAX INTEGER {
          nothing    (1),
          clear      (2)
        }
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION
          "."
        ::= { osAclMatchingCounterEntry 98 }

osAclMatchingCounterOperStatus OBJECT-TYPE
        SYNTAX INTEGER {
          inactive    (1),
          active      (2)
        }
        MAX-ACCESS    read-only
        STATUS        current
        DESCRIPTION
          "."
        ::= { osAclMatchingCounterEntry 99 }

osAclGenConfExtendedProfile OBJECT-TYPE
        SYNTAX  INTEGER {
            notSupported (0),
            normal       (1),
            doubleTag    (2),
            mplsExp      (3)
        }       
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        "Global extended profile configuration per Device."
        ::= { osAclGenConfGrp 5 }


-- ************************************************************
-- The feature support 
-- ************************************************************

osAclMibSupport    OBJECT-TYPE
        SYNTAX     SupportValue
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                       "The device supports osAcl mib objects."
             ::= { osAclSupportGrp 1 }

-- *******************************************************************
--  Conformance Information 
-- ******************************************************************* 

osAclMIBCompliance MODULE-COMPLIANCE
    STATUS current
    DESCRIPTION
        "The core compliance statement for all the implementations." 

    MODULE -- this module 
        MANDATORY-GROUPS { 
                          osAclMandatoryGroup
                         }

    ::= { osAclMIBCompliances 1 }

-- ...................................................................
-- Conformance Groups 
-- ................................................................... 
 
osAclMandatoryGroup  OBJECT-GROUP
    OBJECTS { 
        osAclType,
        osAclDefaultPolicy,
        osAclRemark,
        osAclActive,
        osAclAdminStatus,
        osAclRuleAdminStatus,
        osAclRuleActionParamType,
        osAclRuleActionParamValue,
        osAclRuleActionAdminStatus,
        osAclRuleClassParamType,
        osAclRuleClassParamValue,
        osAclRuleClassAdminStatus,
        osAclBindingAclName,
        osAclBindingAdminStatus,
        osAclMatchingCounterPackets,
        osAclMatchingCounterBytes,
        osAclMatchingCounterAdminStatus,
        osAclMatchingCounterOperStatus,
        osAclMibSupport,
        osAclGenConfExtendedProfile
    }
    STATUS current  
   DESCRIPTION 
        "."

    ::= { osAclMIBGroups 1 }


END

