
--------------------------------------------------------------------------------
-- File Name : ZTE-AN-SECURITY-SERVICE-MIB.mib
-- Date      : 2008-06-17
-- Author    : ZTE Nms dept.

--
-- Zte Service Mib for Access Node
-- 
-- 
--------------------------------------------------------------------------------


ZTE-AN-SECURITY-SERVICE-MIB    DEFINITIONS ::= BEGIN
    IMPORTS     
        MODULE-IDENTITY, OBJECT-TYPE,
            NOTIFICATION-TYPE, Integer32                FROM SNMPv2-SMI
        MacAddress,TruthValue,RowStatus                 FROM SNMPv2-TC   
        ifIndex                                         FROM RFC1213-MIB     
        ZxAnIfindex                                             FROM ZTE-AN-TC-MIB
        InetAddress,InetAddressType,InetAddressPrefixLength     FROM INET-ADDRESS-MIB
        zxAn, VlanId                                    FROM ZTE-AN-TC-MIB;


    zxAnSecSvcMib    MODULE-IDENTITY
        LAST-UPDATED    "200806171630Z"
        ORGANIZATION    "ZTE Corporation"
        CONTACT-INFO    "Guo Jingwen
                        Mail: guo.jingwen@zte.com.cn
                        Tel : 021-68897124"
        DESCRIPTION     "This MIB defines zte Access Node managed objects."
        ::=  {  zxAn  11  }  
    
            
    zxAnSecSvcObjects        OBJECT IDENTIFIER   ::=  {  zxAnSecSvcMib  1  }
    zxAnSecSvcTrapObjects    OBJECT IDENTIFIER   ::=  {  zxAnSecSvcMib  2  }
    
   
    
--------------------------------------------------------------------------------
-- Following objects are defined.
-- 1.Security Mgmt
-- 1.7 IP Source Guard Mgmt
-- 1.8 Reserved MAC Mgmt
-- 1.9 L2CP Mgmt
-- 1.10 Ipv6Filter Mgmt
-- 2.Trap
-------------------------------------------------------------------------------- 



--------------------------------------------------------------------------------
-- 1.Security Mgmt
--------------------------------------------------------------------------------
    zxAnSecSvcAntiAttack        OBJECT IDENTIFIER ::= { zxAnSecSvcObjects 1 }
    zxAnSecSvcPktLimit          OBJECT IDENTIFIER ::= { zxAnSecSvcObjects 2 }
    zxAnSecSvcMacAntiSnoofing   OBJECT IDENTIFIER ::= { zxAnSecSvcObjects 3 }
    zxAnSecSvcPrivateNetwork    OBJECT IDENTIFIER ::= { zxAnSecSvcObjects 4 }
--    zxAnSecSvcVlanTable         OBJECT IDENTIFIER ::= { zxAnSecSvcObjects 5 }
    zxAnSecSvcIpSourceGuard    OBJECT IDENTIFIER ::= { zxAnSecSvcObjects 7 }
    zxAnSecSvcReservedMac      OBJECT IDENTIFIER ::= { zxAnSecSvcObjects 8 }
    zxAnSecSvcL2cp             OBJECT IDENTIFIER ::= { zxAnSecSvcObjects 9 }
    zxAnSecSvcIpv6Filter       OBJECT IDENTIFIER ::= { zxAnSecSvcObjects 10}
--------------------------------------------------------------------------------
-- 1.1 Security Mgmt-AntiAttack
--------------------------------------------------------------------------------

    zxAnSecSvcAntiDosMgmt       OBJECT IDENTIFIER ::= { zxAnSecSvcAntiAttack 1 }

    zxAnSecSvcAntiDosAdminState OBJECT-TYPE
        SYNTAX      INTEGER {
            enable(1),
            disable(2)
        }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The desired state of the anti-dos.If the state is disable,
             anti-dos doesnot work up,and also there will be not any alarm 
             raised."
        DEFVAL  { disable }
        ::= { zxAnSecSvcAntiDosMgmt 1 }

    zxAnSecSvcAntiDosDropState OBJECT-TYPE
        SYNTAX      INTEGER {
            enable(1),
            disable(2)
        }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The desired state of the drop packets.If the state is enable,
             system will discard packets from MAC which in blacklist."
        DEFVAL  { disable }
        ::= { zxAnSecSvcAntiDosMgmt 2 }

    zxAnSecSvcAntiDosCurrentPackets OBJECT-TYPE   
        SYNTAX      Integer32
        UNITS       "pps"
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "The current packets per second that system checking."
        ::= { zxAnSecSvcAntiDosMgmt 3 }   

    zxAnSecSvcAntiDosAscThreshold OBJECT-TYPE
        SYNTAX      Integer32
        UNITS       "pps"
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The threshold that if current packets per second over it, system 
             will put the source MAC of packet into blacklist and raise a 
             alarm."
        ::= { zxAnSecSvcAntiDosMgmt 4 }

    zxAnSecSvcAntiDosDescThreshold OBJECT-TYPE
        SYNTAX      Integer32
        UNITS       "pps"
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The threshold that if current packets per second below it, system 
             will remove the source MAC of packet from blacklist and raise a 
             alarm restore."
        ::= { zxAnSecSvcAntiDosMgmt 5 }  

    zxAnSecSvcAntiDosSourceMac OBJECT-TYPE
        SYNTAX      MacAddress
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "The source MAC of packets,which will put into blacklist or remove 
             from blaklist."
        ::= { zxAnSecSvcAntiDosMgmt 6 }

    zxAnSecSvcAntiDosPortVlan OBJECT-TYPE
        SYNTAX      VlanId
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "The port VLAN that attack packet from."
        ::= { zxAnSecSvcAntiDosMgmt 7 }  

    zxAnSecSvrAntiDosBlockDuration OBJECT-TYPE
        SYNTAX      Integer32(1..600)
        UNITS       "Seconds"
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "Blocking duration indicates how long the packet which the source 
             MAC address is in the blacklist is blocked.
             
             When zxAnSecSvcAntiDosDropState is enabled(1), the blocked 
             packets will be discarded."
        DEFVAL  { 1 }
        ::= { zxAnSecSvcAntiDosMgmt 8 }

    zxAnSecAntiDosPktLmtByHwEnable OBJECT-TYPE
        SYNTAX      INTEGER {
            enabled(1),
            disabled(2)
        }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "Enable/disable the packet limit by hardware."
        DEFVAL  { disabled }
        ::= { zxAnSecSvcAntiDosMgmt 9 }

    zxAnSecAntiDosVportShutdownDur OBJECT-TYPE
        SYNTAX      Integer32(0..60)
        UNITS       "Seconds"
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "VPort shutdown duration.
             The VPort will be shutdown when receiving the packets which the 
             source MAC address is in the blacklist.
             
             Value 0 means not to shutdown VPort."
        DEFVAL  { 0 }
        ::= { zxAnSecSvcAntiDosMgmt 10 }

--------------------------------------------------------------------------------
-- 1.2 MAC Snoofing Mgmt
--------------------------------------------------------------------------------   
    
    zxAnMasEnable OBJECT-TYPE
        SYNTAX      TruthValue
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
             "Enable or disable Mac drift.1-truth,2-false.
             "
        DEFVAL { 1 }                   
        ::= { zxAnSecSvcMacAntiSnoofing 1 }
        
    zxAnMasUplinkProtectEnable OBJECT-TYPE
        SYNTAX      INTEGER
                    {
                          nniprotectenable(1),
                          nniprotectdisable(2),
                          uniprotect(3),
                          unimacprotect(4)
                    }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "Enable or disable uplink protect Mac drift."
        DEFVAL { nniprotectenable }                   
        ::= { zxAnSecSvcMacAntiSnoofing 2 }

    zxAnGlobalMacAntiSpfMacTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF ZxAnGlobalMacAntiSpfMacEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
         ""
        ::= { zxAnSecSvcMacAntiSnoofing 3 }

    zxAnGlobalMacAntiSpfMacEntry  OBJECT-TYPE
        SYNTAX      ZxAnGlobalMacAntiSpfMacEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "An entry containing anti drift mac address information."
        INDEX    { zxAnGlobalMacAntiSpfMacAddress }
        ::= { zxAnGlobalMacAntiSpfMacTable 1 }

     
    ZxAnGlobalMacAntiSpfMacEntry ::= SEQUENCE {
        zxAnGlobalMacAntiSpfMacAddress     MacAddress,
        zxAnGlobalMacAntiSpfMacRowStatus   RowStatus
    }
          
    zxAnGlobalMacAntiSpfMacAddress OBJECT-TYPE
        SYNTAX          MacAddress
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "MAC address"
        ::= { zxAnGlobalMacAntiSpfMacEntry 1 }

    zxAnGlobalMacAntiSpfMacRowStatus OBJECT-TYPE
        SYNTAX      RowStatus
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { zxAnGlobalMacAntiSpfMacEntry 50}                            
    
    zxAnSecSvcMacAntiSpfGlobalObject  OBJECT IDENTIFIER  
        ::= { zxAnSecSvcMacAntiSnoofing 50 }
        
    zxAnMasMacMoveReportEnable OBJECT-TYPE
        SYNTAX      INTEGER
            {
                enable(1),
                disable(2)
            }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
             "Enable or disable zxAnIfMacDriftTrap and 
              zxAnIfMacAntiDriftNotify."
        DEFVAL { disable }                   
        ::= { zxAnSecSvcMacAntiSpfGlobalObject 1 }
        
    zxAnSecSvcMacDriftAddress OBJECT-TYPE
        SYNTAX      MacAddress
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
             "Indicates the MAC address that is drifted between
              zxAnSecSvcMacDriftFromIfIndex and zxAnSecSvcMacDriftToIfIndex on 
              zxAnSecSvcMacDriftVlanId. 
              This object is instantiated only when 
              zxAnMasEnable and zxAnMasMacMoveReportEnable 
              value is set to enable(1) and a MAC drift is detected by the MAC 
              drift notification feature."
        ::= { zxAnSecSvcMacAntiSpfGlobalObject 2 }
        
    zxAnSecSvcMacDriftVlanId OBJECT-TYPE
        SYNTAX      Integer32
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
             "Indicates the VLAN on which the zxAnSecSvcMacDriftAddress is
              drifted from zxAnSecSvcMacDriftFromIfIndex to 
              zxAnSecSvcMacDriftToIfIndex.
              This object is instantiated only when
              zxAnMasEnable and zxAnMasMacMoveReportEnable 
              value is set to enable(1) and a MAC drift is detected by the MAC 
              drift notification feature."
        ::= { zxAnSecSvcMacAntiSpfGlobalObject 3 }
        
    zxAnSecSvcMacDriftFromIfIndex OBJECT-TYPE
        SYNTAX      Integer32
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
             "The value of the port from which the zxAnSecSvcMacDriftAddress
              is drifted to zxAnSecSvcMacDriftToIfIndex on 
              zxAnSecSvcMacDriftVlanId. 
              This object is instantiated only when
              zxAnMasEnable and zxAnMasMacMoveReportEnable 
              value is set to enable(1) and a MAC drift is detected by the MAC
              drift notification feature."
        ::= { zxAnSecSvcMacAntiSpfGlobalObject 4 }
        
    zxAnSecSvcMacDriftToIfIndex OBJECT-TYPE
        SYNTAX      Integer32
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
             "The value of the port to which the zxAnSecSvcMacDriftAddress is 
              drifted from zxAnSecSvcMacDriftFromIfIndex on 
              zxAnSecSvcMacDriftVlanId. 
              This object is instantiated only when 
              zxAnMasEnable and zxAnMasMacMoveReportEnable 
              value is set to enable(1) and a MAC drift is detected by the MAC
              drift notification feature."
        ::= { zxAnSecSvcMacAntiSpfGlobalObject 5 }
    
    zxAnMasMacMoveReportInterval OBJECT-TYPE
        SYNTAX      INTEGER(1..300)
        UNITS       "minute"
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The report interval of zxAnIfMacAntiDriftNotify which has the
             same VLAN and MAC address.
            "
        DEFVAL {  30  }
        ::= { zxAnSecSvcMacAntiSpfGlobalObject 6 }

-----------------------------------------------------------
    zxAnVlanMacAntiSpfTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF ZxAnVlanMacAntiSpfEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
         ""
        ::= { zxAnSecSvcMacAntiSnoofing 4 }

     zxAnVlanMacAntiSpfEntry  OBJECT-TYPE
       SYNTAX      ZxAnVlanMacAntiSpfEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
               "An entry containing anti drift mac address information."
       INDEX    { zxAnVlanMacAntiSpfVlanId }
       ::= { zxAnVlanMacAntiSpfTable 1 }

     
     ZxAnVlanMacAntiSpfEntry ::= SEQUENCE {
         zxAnVlanMacAntiSpfVlanId      Integer32,
         zxAnVlanMacAntiSpfEnable      INTEGER,
         zxAnVlanMacAntiSpfType        INTEGER,
         zxAnVlanMacAntiSpfRowStatus   RowStatus
     }
          
     zxAnVlanMacAntiSpfVlanId OBJECT-TYPE
        SYNTAX          Integer32
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
         "mac address"
        ::= { zxAnVlanMacAntiSpfEntry 1 }

     zxAnVlanMacAntiSpfEnable OBJECT-TYPE
        SYNTAX          INTEGER
                    {
                          enable(1),
                          disable(2)
                    }
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
         "mac address"
        ::= { zxAnVlanMacAntiSpfEntry 2 }

     zxAnVlanMacAntiSpfType OBJECT-TYPE
        SYNTAX          INTEGER
                    {
                          nniprotect(1),
                          nnimacprotext(2),
                          uniprotect(3),
                          unimacprotect(4)
                    }
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
         "mac address"
        ::= { zxAnVlanMacAntiSpfEntry 3 }

      zxAnVlanMacAntiSpfRowStatus OBJECT-TYPE
        SYNTAX      RowStatus
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { zxAnVlanMacAntiSpfEntry 50}          
        
---------------------------------------------------------------        
    zxAnVlanMacAntiSpfMacTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF ZxAnVlanMacAntiSpfMacEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
         ""
        ::= { zxAnSecSvcMacAntiSnoofing 5 }

     zxAnVlanMacAntiSpfMacEntry  OBJECT-TYPE
       SYNTAX      ZxAnVlanMacAntiSpfMacEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
               "An entry containing anti drift mac address information."
       INDEX    { zxAnVlanMacAntiSpfVlanId, zxAnVlanMacAntiSpfMacAddress }
       ::= { zxAnVlanMacAntiSpfMacTable 1 }

     
     ZxAnVlanMacAntiSpfMacEntry ::= SEQUENCE {
         zxAnVlanMacAntiSpfMacAddress     MacAddress,
         zxAnVlanMacAntiSpfMacRowStatus   RowStatus
     }
          
     zxAnVlanMacAntiSpfMacAddress OBJECT-TYPE
        SYNTAX          MacAddress
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
         "mac address"
        ::= { zxAnVlanMacAntiSpfMacEntry 1 }

      zxAnVlanMacAntiSpfMacRowStatus OBJECT-TYPE
        SYNTAX      RowStatus
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { zxAnVlanMacAntiSpfMacEntry 50}       
        
                                      
--------------------------------------------------------------------------------
-- 1.3 Packet Limit
--------------------------------------------------------------------------------

    zxAnSecSvcPacketLimitAllEnable OBJECT-TYPE
        SYNTAX      INTEGER{
                    enable(1),
                    disable(2)
                  }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        ""
        ::= { zxAnSecSvcPktLimit 1 }        
        
    zxAnSecSvcPacketLimitAll OBJECT-TYPE
        SYNTAX      INTEGER(100..65535)
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        ""
        ::= { zxAnSecSvcPktLimit 2 }        
        
    zxAnSecSvcPacketLimitArpEnable OBJECT-TYPE
        SYNTAX      INTEGER{
                    enable(1),
                    disable(2)
                  }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        ""
        ::= { zxAnSecSvcPktLimit 3 }        
        
    zxAnSecSvcPacketLimitArp OBJECT-TYPE
        SYNTAX      INTEGER(1..200)
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        ""
        ::= { zxAnSecSvcPktLimit 4 }                

    zxAnSecSvcPacketLimitIcmpEnable OBJECT-TYPE
        SYNTAX      INTEGER{
                    enable(1),
                    disable(2)
                  }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        ""
        ::= { zxAnSecSvcPktLimit 5 }        
        
    zxAnSecSvcPacketLimitIcmp OBJECT-TYPE
        SYNTAX      INTEGER(1..200)
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        ""
        ::= { zxAnSecSvcPktLimit 6 }                

    zxAnSecSvcPacketLimitIgmpEnable OBJECT-TYPE
        SYNTAX      INTEGER{
                    enable(1),
                    disable(2)
                  }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        ""
        ::= { zxAnSecSvcPktLimit 7 }        
        
    zxAnSecSvcPacketLimitIgmp OBJECT-TYPE
        SYNTAX      INTEGER(1..200)
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        ""
        ::= { zxAnSecSvcPktLimit 8 }                

    zxAnSecSvcPacketLimitBpduEnable OBJECT-TYPE
        SYNTAX      INTEGER{
                    enable(1),
                    disable(2)
                  }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        ""
        ::= { zxAnSecSvcPktLimit 9 }        
        
    zxAnSecSvcPacketLimitBpdu OBJECT-TYPE
        SYNTAX      INTEGER(1..200)
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        ""
        ::= { zxAnSecSvcPktLimit 10 }                

    zxAnSecSvcPacketLimitDhcpEnable OBJECT-TYPE
        SYNTAX      INTEGER{
                    enable(1),
                    disable(2)
                  }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        ""
        ::= { zxAnSecSvcPktLimit 11 }        
        
    zxAnSecSvcPacketLimitDhcp OBJECT-TYPE
        SYNTAX      INTEGER(1..200)
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        ""
        ::= { zxAnSecSvcPktLimit 12 }                

    zxAnSecSvcPacketLimitVbasEnable OBJECT-TYPE
        SYNTAX      INTEGER{
                    enable(1),
                    disable(2)
                  }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        ""
        ::= { zxAnSecSvcPktLimit 13 }        
        
    zxAnSecSvcPacketLimitVbas OBJECT-TYPE
        SYNTAX      INTEGER(1..200)
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        ""
        ::= { zxAnSecSvcPktLimit 14 }                

    zxAnSecSvcPacketLimitPPPOEEnable OBJECT-TYPE
        SYNTAX      INTEGER{
                    enable(1),
                    disable(2)
                  }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        ""
        ::= { zxAnSecSvcPktLimit 15 }        
        
    zxAnSecSvcPacketLimitPPPOE OBJECT-TYPE
        SYNTAX      INTEGER(1..200)
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        ""
        ::= { zxAnSecSvcPktLimit 16 }                

    zxAnSecSvcPacketLimitSNMPEnable OBJECT-TYPE
        SYNTAX      INTEGER{
                    enable(1),
                    disable(2)
                  }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        ""
        ::= { zxAnSecSvcPktLimit 17 }        
        
    zxAnSecSvcPacketLimitSNMP OBJECT-TYPE
        SYNTAX      INTEGER(1..200)
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        ""
        ::= { zxAnSecSvcPktLimit 18 }    
        
    zxAnSecSvcPktLimitV6IcmpEnable OBJECT-TYPE
        SYNTAX      INTEGER{
                    enable(1),
                    disable(2)
                  }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        "The IPv6 ICMP packets rate limit switch. 
        It will limit ICMPv6 rate first when zxAnSecSvcPktLimitV6IcmpEnable
        is enabled and at least one of the other four subtype switchs is 
        enabled at the same time. Subtype switchs include 
        zxAnSecSvcPktLimitV6NsEnable, zxAnSecSvcPktLimitV6NaEnable, 
        zxAnSecSvcPktLimitV6RsEnable and zxAnSecSvcPktLimitV6RaEnable."
        DEFVAL { disable }
        ::= { zxAnSecSvcPktLimit 19 } 
   
    zxAnSecSvcPktLimitV6Icmp OBJECT-TYPE
        SYNTAX      INTEGER(1..200)
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        "The maximum packets per second of IPv6 ICMP and unit is pps.
         It can be set value when zxAnSecSvcPktLimitV6IcmpEnable 
         is enabled. "
        DEFVAL { 1 }
        ::= { zxAnSecSvcPktLimit 20 }   
        
    zxAnSecSvcPktLimitV6NsEnable OBJECT-TYPE
        SYNTAX      INTEGER{
                    enable(1),
                    disable(2)
                  }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        "The neighbor solicitation packets rate limit switch."
        DEFVAL { disable }
        ::= { zxAnSecSvcPktLimit 21 } 
   
    zxAnSecSvcPktLimitV6Ns OBJECT-TYPE
        SYNTAX      INTEGER(1..200)
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        "The maximum packets per second of neighbor solicitation 
         and unit is pps. It can be set value when 
         zxAnSecSvcPktLimitV6NsEnable is enabled."
        DEFVAL { 1 }
        ::= { zxAnSecSvcPktLimit 22 }        
        
    zxAnSecSvcPktLimitV6NaEnable OBJECT-TYPE
        SYNTAX      INTEGER{
                    enable(1),
                    disable(2)
                  }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        "The neighbor advertisement packets rate limit switch."
        DEFVAL { disable }
        ::= { zxAnSecSvcPktLimit 23 } 
   
    zxAnSecSvcPktLimitV6Na OBJECT-TYPE
        SYNTAX      INTEGER(1..200)
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        "The maximum packets per second of neighbor advertisement 
         and unit is pps. It can be set value when 
         zxAnSecSvcPktLimitV6NaEnable is enabled."
        DEFVAL { 1 }
        ::= { zxAnSecSvcPktLimit 24 } 
        
    zxAnSecSvcPktLimitV6RsEnable OBJECT-TYPE
        SYNTAX      INTEGER{
                    enable(1),
                    disable(2)
                  }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        "The router solicitation packets rate limit switch."
        DEFVAL { disable }
        ::= { zxAnSecSvcPktLimit 25 } 
   
    zxAnSecSvcPktLimitV6Rs OBJECT-TYPE
        SYNTAX      INTEGER(1..200)
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        "The maximum packets per second of router solicitation 
         and unit is pps. It can be set value when 
         zxAnSecSvcPktLimitV6RsEnable is enabled."
        DEFVAL { 1 }
        ::= { zxAnSecSvcPktLimit 26 }         
        
    zxAnSecSvcPktLimitV6RaEnable OBJECT-TYPE
        SYNTAX      INTEGER{
                    enable(1),
                    disable(2)
                  }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        "The router advertisement packets rate limit switch."
        DEFVAL { disable }
        ::= { zxAnSecSvcPktLimit 27 } 
   
    zxAnSecSvcPktLimitV6Ra OBJECT-TYPE
        SYNTAX      INTEGER(1..200)
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        "The maximum packets per second of router advertisement 
         and unit is pps. It can be set value when 
         zxAnSecSvcPktLimitV6RaEnable is enabled."
        DEFVAL { 1 }
        ::= { zxAnSecSvcPktLimit 28 }       
        
    zxAnSecSvcPktLimitV6DhcpEnable OBJECT-TYPE
        SYNTAX      INTEGER{
                    enable(1),
                    disable(2)
                  }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        "The IPv6 DHCP packets rate limit switch."
        DEFVAL { disable }
        ::= { zxAnSecSvcPktLimit 29 }  
        
    zxAnSecSvcPktLimitV6Dhcp OBJECT-TYPE
        SYNTAX      INTEGER(1..200)
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
        "The maximum packets per second of IPv6 DHCP and unit is pps.
         It can be set value when zxAnSecSvcPktLimitV6DhcpEnable 
         is enabled. "
        DEFVAL { 1 }
        ::= { zxAnSecSvcPktLimit 30 }   
        
    zxAnSecSvcPktLimitSshEnable OBJECT-TYPE
        SYNTAX      INTEGER {
            enabled(1),
            disabled(2)
        }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The SSH packet rate limit switch."
        DEFVAL { disabled }
        ::= { zxAnSecSvcPktLimit 31 }  
              
    zxAnSecSvcPktLimitSsh OBJECT-TYPE
        SYNTAX      Integer32(1..200)
        UNITS       "pps"
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The SSH packet rate limit.
            It can be set value when zxAnSecSvcPktLimitSshEnable is enabled. "
        ::= { zxAnSecSvcPktLimit 32 }
        
    zxAnSecSvcPktLimitTelnetEnable OBJECT-TYPE
        SYNTAX      INTEGER{
            enabled(1),
            disabled(2)
        }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The telnet packet rate limit switch."
        DEFVAL { disabled }
        ::= { zxAnSecSvcPktLimit 33 }        
        
    zxAnSecSvcPktLimitTelnet OBJECT-TYPE
        SYNTAX      Integer32(1..200)
        UNITS       "pps"
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The telnet packet rate limit.
            It can be set value when zxAnSecSvcPktLimitTelnetEnable 
            is enabled. "
        ::= { zxAnSecSvcPktLimit 34 }
        
    zxAnSecSvcPktLimitBfdEnable OBJECT-TYPE
        SYNTAX      INTEGER{
            enabled(1),
            disabled(2)
        }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The bidirectional forwarding detection packet rate limit switch."
        DEFVAL { disabled }
        ::= { zxAnSecSvcPktLimit 35 }        
        
    zxAnSecSvcPktLimitBfd OBJECT-TYPE
        SYNTAX      Integer32(1..200)
        UNITS       "pps"
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The bidirectional forwarding detection packet rate limit.
            It can be set value when zxAnSecSvcPktLimitBfdEnable is enabled. "
        ::= { zxAnSecSvcPktLimit 36 }   
        
    zxAnSecSvcPktLimitZesrEnable OBJECT-TYPE
        SYNTAX      INTEGER{
            enabled(1),
            disabled(2)
        }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The ZTE ethernet switch ring packet rate limit switch."
        DEFVAL { disabled }
        ::= { zxAnSecSvcPktLimit 37 }        
        
    zxAnSecSvcPktLimitZesr OBJECT-TYPE
        SYNTAX      Integer32(1..200)
        UNITS       "pps"
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The ZTE ethernet switch ring packet rate limit.
            It can be set value when zxAnSecSvcPktLimitZesrEnable is enabled. "
        ::= { zxAnSecSvcPktLimit 38 } 
        
    zxAnSecSvcPktLimitStpEnable OBJECT-TYPE
        SYNTAX      INTEGER{
            enabled(1),
            disabled(2)
        }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The spanning tree protocol packet rate limit switch."
        DEFVAL { disabled }
        ::= { zxAnSecSvcPktLimit 39 }        
        
    zxAnSecSvcPktLimitStp OBJECT-TYPE
        SYNTAX      Integer32(1..200)
        UNITS       "pps"
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The spanning tree protocol packet rate limit.
            It can be set value when zxAnSecSvcPktLimitStpEnable is enabled. "
        ::= { zxAnSecSvcPktLimit 40 }  
        
    zxAnSecSvcPktLimitLacpEnable OBJECT-TYPE
        SYNTAX      INTEGER{
            enabled(1),
            disabled(2)
        }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The link aggregation control protocol packet rate limit switch."
        DEFVAL { disabled }
        ::= { zxAnSecSvcPktLimit 41 }        
        
    zxAnSecSvcPktLimitLacp OBJECT-TYPE
        SYNTAX      Integer32(1..200)
        UNITS       "pps"
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The link aggregation control protocol packet rate limit.
            It can be set value when zxAnSecSvcPktLimitLacpEnable 
            is enabled. "
        ::= { zxAnSecSvcPktLimit 42 }                           
        
    zxAnSecSvcPktLimitLldpEnable OBJECT-TYPE
        SYNTAX      INTEGER{
            enabled(1),
            disabled(2)
        }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The link layer discovery protocol packet rate limit switch."
        DEFVAL { disabled }
        ::= { zxAnSecSvcPktLimit 43 }        
        
    zxAnSecSvcPktLimitLldp OBJECT-TYPE
        SYNTAX      Integer32(1..200)
        UNITS       "pps"
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The link layer discovery protocol packet rate limit.
            It can be set value when zxAnSecSvcPktLimitLldpEnable is enabled. "
        ::= { zxAnSecSvcPktLimit 44 }
        
    zxAnSecSvcPktLimitRipEnable OBJECT-TYPE
        SYNTAX      INTEGER{
            enabled(1),
            disabled(2)
        }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The routing information protocol packet rate limit switch."
        DEFVAL { disabled }
        ::= { zxAnSecSvcPktLimit 45 }        
        
    zxAnSecSvcPktLimitRip OBJECT-TYPE
        SYNTAX      Integer32(1..200)
        UNITS       "pps"
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The routing information protocol packet rate limit.
            It can be set value when zxAnSecSvcPktLimitRipEnable is enabled. "
        ::= { zxAnSecSvcPktLimit 46 } 
        
    zxAnSecSvcPktLimitBgpEnable OBJECT-TYPE
        SYNTAX      INTEGER{
            enabled(1),
            disabled(2)
        }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The border gateway protocol packet rate limit switch."
        DEFVAL { disabled }
        ::= { zxAnSecSvcPktLimit 47 }        
        
    zxAnSecSvcPktLimitBgp OBJECT-TYPE
        SYNTAX      Integer32(1..200)
        UNITS       "pps"
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The border gateway protocol packet rate limit.
            It can be set value when zxAnSecSvcPktLimitBgpEnable is enabled. "
        ::= { zxAnSecSvcPktLimit 48 }
        
    zxAnSecSvcPktLimitOspfEnable OBJECT-TYPE
        SYNTAX      INTEGER{
            enabled(1),
            disabled(2)
        }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The open shortest path first packet rate limit switch."
        DEFVAL { disabled }
        ::= { zxAnSecSvcPktLimit 49 }        
        
    zxAnSecSvcPktLimitOspf OBJECT-TYPE
        SYNTAX      Integer32(1..200)
        UNITS       "pps"
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The open shortest path first packet rate limit.
            It can be set value when zxAnSecSvcPktLimitOspfEnable is enabled. "
        ::= { zxAnSecSvcPktLimit 50 }
        
    zxAnSecSvcPktLimitIsisEnable OBJECT-TYPE
        SYNTAX      INTEGER{
            enabled(1),
            disabled(2)
        }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The intermediate system to intermediate system packet rate limit 
            switch."
        DEFVAL { disabled }
        ::= { zxAnSecSvcPktLimit 51 }        
        
    zxAnSecSvcPktLimitIsis OBJECT-TYPE
        SYNTAX      Integer32(1..200)
        UNITS       "pps"
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The intermediate system to intermediate system packet rate limit.
            It can be set value when zxAnSecSvcPktLimitIsisEnable is enabled. "
        ::= { zxAnSecSvcPktLimit 52 }
        
    zxAnSecSvcPktLimitLdpEnable OBJECT-TYPE
        SYNTAX      INTEGER{
            enabled(1),
            disabled(2)
        }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The label distribution protocol packet rate limit switch."
        DEFVAL { disabled }
        ::= { zxAnSecSvcPktLimit 53 }        
        
    zxAnSecSvcPktLimitLdp OBJECT-TYPE
        SYNTAX      Integer32(1..200)
        UNITS       "pps"
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The label distribution protocol packet rate limit.
            It can be set value when zxAnSecSvcPktLimitLdpEnable is enabled. "
        ::= { zxAnSecSvcPktLimit 54 }    
        
    zxAnSecSvcPktLimitCfmEnable OBJECT-TYPE
        SYNTAX      INTEGER{
            enabled(1),
            disabled(2)
        }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The connectivity fault management packet rate limit switch."
        DEFVAL { disabled }
        ::= { zxAnSecSvcPktLimit 55 }        
        
    zxAnSecSvcPktLimitCfm OBJECT-TYPE
        SYNTAX      Integer32(1..200)
        UNITS       "pps"
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The connectivity fault management packet rate limit.
            It can be set value when zxAnSecSvcPktLimitCfmEnable is enabled. "
        ::= { zxAnSecSvcPktLimit 56 }                 

--------------------------------------------------------------------------------
-- 1.4 Private net work
--------------------------------------------------------------------------------  
     zxAnSecSvcPortInterworkInVlan   OBJECT-TYPE 
        SYNTAX    OCTET STRING (SIZE(0 .. 512))          
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION " This function in order to connect private network in accordance with 
                      the specified VLAN .The use of 512-octet specifies 4094 VLAN.
                      Each octet within this field specifies a set of eight
                      VLAN, with the first octet specifying ports 1 through
                      8, the second octet specifying ports 9 through 16, etc.
                      Within each octet, the most significant bit represents
                      the lowest numbered VLAN, and the least significant bit
                      represents the highest numbered VLAN.  Thus, each VLAN
                      of the service entity is represented by a single bit within the
                      value of this object.  If that bit has a value of '1'
                      then that VLAN is interwork VLAN; the VLAN is not interwork VLAN
                      if its bit has a value of '0'. "
        ::= { zxAnSecSvcPrivateNetwork 1}    

--------------------------------------------------------------------------------      
    zxAnSecSvcVlanTable OBJECT-TYPE
        SYNTAX      SEQUENCE OF ZxAnSecSvcVlanEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            ""
        ::= { zxAnSecSvcObjects 5 }
        
    zxAnSecSvcVlanEntry OBJECT-TYPE
        SYNTAX      ZxAnSecSvcVlanEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
        ""
        INDEX { zxAnSecSvcVlanId}
        ::= { zxAnSecSvcVlanTable 1 }

    ZxAnSecSvcVlanEntry ::= SEQUENCE {
        zxAnSecSvcVlanId                     VlanId,
        zxAnSecSvcVlanBroadcastRateLimit     Integer32,
        zxAnSecSvcVlanMulticastRateLimit     Integer32,
        zxAnSecSvcVlanUnknUcastRateLimit    Integer32,
        zxAnSecSvcVlanMulticastFloodMode  INTEGER,
        zxAnSecSvcVlanRateLimitRowStatus     RowStatus  
        }

    zxAnSecSvcVlanId  OBJECT-TYPE
        SYNTAX      VlanId
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
        "VlanId for Vlan interface."
        ::= { zxAnSecSvcVlanEntry 1 }

    zxAnSecSvcVlanBroadcastRateLimit  OBJECT-TYPE
        SYNTAX      Integer32
        UNITS       "kbps"
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
        "Indicates broadcast rate-limit"
        ::= { zxAnSecSvcVlanEntry 5 }
        
    zxAnSecSvcVlanMulticastRateLimit OBJECT-TYPE 
        SYNTAX          Integer32(0..1024000) 
        UNITS           "kbs" 
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION     "Max Multicast rate limit."
        DEFVAL { 1024000 }                
        ::=  {  zxAnSecSvcVlanEntry  6  }
        
   zxAnSecSvcVlanUnknUcastRateLimit OBJECT-TYPE 
        SYNTAX          Integer32(0..1024000) 
        UNITS           "kbs" 
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION     "Unknowcast  rate limit."
        DEFVAL { 1024000 }                
        ::=  {  zxAnSecSvcVlanEntry  7  }
        
   zxAnSecSvcVlanMulticastFloodMode OBJECT-TYPE 
        SYNTAX          INTEGER
        {
            floodingAll(1),
            floodingOnlyUnknown(2),
            dropUnknown(3),
            unsupported(4)
        }
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION     "Vlan multicast packets flooding mode."
        DEFVAL { floodingOnlyUnknown }                
        ::=  {  zxAnSecSvcVlanEntry  8  }
        
    zxAnSecSvcVlanRateLimitRowStatus    OBJECT-TYPE    
        SYNTAX            RowStatus
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION     "RowStatus of this table."
        ::=  {  zxAnSecSvcVlanEntry  10  }
        
                     
    
    zxAnSecGlbVlanIsolationEnable    OBJECT-TYPE 
        SYNTAX      INTEGER{
                    enable(1),
                    disable(2)
                  }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION "This object is in accordance with  'zxAnSecSvcPortInterworkInVlan',
                     if the value is true then indicates 'zxAnSecSvcPortInterworkInVlan' is enable."        
        ::= { zxAnSecSvcPrivateNetwork 2}
        
            
    zxAnSecSvcPortBridgeEnable   OBJECT-TYPE 
        SYNTAX      INTEGER{
                    enable(1),
                    disable(2)
                  }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION "This object is in accordance with  'zxAnSecSvcPortBridgeEnable',
                     if the value is true then indicates 'zxAnSecSvcPortBridgeEnable' is enable."        
        ::= { zxAnSecSvcPrivateNetwork 3}
        
         
   zxAnSecSvcOnuSwitchEnable   OBJECT-TYPE 
        SYNTAX      INTEGER{
                    enable(1),
                    disable(2)
                  }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION "This object is in accordance with  'zxAnSecSvcOnuSwitchEnable',
                     if the value is true then indicates 'zxAnSecSvcOnuSwitchEnable' is enable."        
        ::= { zxAnSecSvcPrivateNetwork 4} 
   
----------------------------------------------------------------------------
-- zxAnSecSvcInterworkVlanTable
----------------------------------------------------------------------------   
   zxAnSecSvcInterworkVlanTable   OBJECT-TYPE
        SYNTAX      SEQUENCE  OF  ZxAnSecSvcInterworkVlanEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION "When the value of 'zxAnSecGlbVlanIsolationEnable '
         is enable,the table  allowed be created,deleted,or the table can 
         not be created and deleted."
        ::=  { zxAnSecSvcPrivateNetwork  5 }

    zxAnSecSvcInterworkVlanEntry   OBJECT-TYPE
        SYNTAX      ZxAnSecSvcInterworkVlanEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION "An entry in zxAnSecSvcInterworkVlanTable."
        INDEX       { zxAnSecVlanIsolationSVid,zxAnSecVlanIsolationCVid }
        ::=  { zxAnSecSvcInterworkVlanTable 1 }

    ZxAnSecSvcInterworkVlanEntry  ::=  SEQUENCE 
    {
        zxAnSecVlanIsolationSVid                VlanId, 
        zxAnSecVlanIsolationCVid                Integer32,
        zxAnSecVlanIsolationRowStatus          RowStatus         
    }
    
    zxAnSecVlanIsolationSVid  OBJECT-TYPE 
        SYNTAX          VlanId         
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     "This object indicates SVLAN id "                 
        ::=  {  zxAnSecSvcInterworkVlanEntry  1  }
        
   zxAnSecVlanIsolationCVid  OBJECT-TYPE 
        SYNTAX          Integer32(0..4094)    
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     "This object indicates CVLAN id "                 
        ::=  {  zxAnSecSvcInterworkVlanEntry  2  }        
        
   zxAnSecVlanIsolationRowStatus  OBJECT-TYPE 
        SYNTAX          RowStatus         
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION     "RowStatus of this table. "     
        ::=  {  zxAnSecSvcInterworkVlanEntry  30  }
   
        
             
--------------------------------------------------------------------------------
-- .reserved MAC table
--------------------------------------------------------------------------------

    zxAnSecRsvdForwardMacTable   OBJECT-TYPE
        SYNTAX      SEQUENCE  OF  ZxAnSecRsvdForwardMacEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION "This table includes the reserved MAC for forwarding."
        ::=  { zxAnSecSvcObjects  6 }

    zxAnSecRsvdForwardMacEntry   OBJECT-TYPE
        SYNTAX      ZxAnSecRsvdForwardMacEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION "An entry in zxAnSecRsvdForwardMacTable."
        INDEX       { zxAnSecRsvdForwardMacIndex }
        ::=  { zxAnSecRsvdForwardMacTable 1 }

    ZxAnSecRsvdForwardMacEntry  ::=  SEQUENCE 
    {
        zxAnSecRsvdForwardMacIndex    Integer32, 
        zxAnSecRsvdForwardMac         MacAddress,
        zxAnSecRsvdForwardMacMask     MacAddress,        
        zxAnSecRsvdForwardMacRowStatus          RowStatus         
    }
    
    zxAnSecRsvdForwardMacIndex  OBJECT-TYPE 
        SYNTAX          Integer32(1..48)         
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     "This object indicates the mac index for forwarding. "                 
        ::=  {  zxAnSecRsvdForwardMacEntry  1  }
        
   zxAnSecRsvdForwardMac  OBJECT-TYPE 
        SYNTAX          MacAddress         
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION     "This object indicates the mac address for forwarding. "                 
        ::=  {  zxAnSecRsvdForwardMacEntry  2  }        
        
   zxAnSecRsvdForwardMacMask  OBJECT-TYPE 
        SYNTAX          MacAddress         
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION     "This object indicates the mac address mask for forwarding. " 
        DEFVAL { 'FFFFFFFFFFFF'H }                  
        ::=  {  zxAnSecRsvdForwardMacEntry  3  }
   
   zxAnSecRsvdForwardMacRowStatus    OBJECT-TYPE    
        SYNTAX            RowStatus
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION     "RowStatus of this table."
        ::=  {  zxAnSecRsvdForwardMacEntry  10  }                      
                                        
--------------------------------------------------------------------------------
-- 1.7 IP Source Guard Mgmt
--------------------------------------------------------------------------------    
    zxAnSecSvcSrcGuardGlobalGroup    OBJECT IDENTIFIER   ::=  
                {  zxAnSecSvcIpSourceGuard  1  }
     
    zxAnIpSrcGuardGlobalEnable OBJECT-TYPE
        SYNTAX      TruthValue
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
             "This object indicates whether IP Source Guard is enabled.
             If this object is set to 'true', IP Source Guard is
             enabled.  If this object is set to 'false', IP Source Guard is
             disabled.
             "
        DEFVAL { false }               
        ::= { zxAnSecSvcSrcGuardGlobalGroup 1 }

    zxAnSecSvcSrcGuardIpv4BindLimit OBJECT-TYPE
        SYNTAX      Integer32(0..8)
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
          "This object indicates the maximum number of IPv4 addresses per U 
          reference point in the upstream.The total number of IPv4 and 
          IPv6 can not exceed 8."
        DEFVAL { 8 }
        ::= { zxAnSecSvcSrcGuardGlobalGroup 2 } 

    zxAnSecSvcSrcGuardIpv6BindLimit OBJECT-TYPE
        SYNTAX      Integer32(0..8)
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
          "This object indicates the maximum number of IPv6 prefixes per U 
          reference point in the upstream.The total number of IPv4 and 
          IPv6 can not exceed 8."
        DEFVAL { 8 }
        ::= { zxAnSecSvcSrcGuardGlobalGroup 3 }
    
    zxAnIpSrcGuardBindType OBJECT-TYPE
        SYNTAX      INTEGER
        {
            ip(1),
            ipAndMac(2)
        }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
             "IP source guar binding type. 
              
              ip(1) - IP source guard bind IP address only.
              IipAndMac(2) - IP source guard bind both IP address and MAC 
                             address."
        DEFVAL { ip }               
        ::= { zxAnSecSvcSrcGuardGlobalGroup 4 }
    
    zxAnSecSvcIfSrcGuardConfigTable OBJECT-TYPE
        SYNTAX       SEQUENCE OF ZxAnSecSvcIfSrcGuardConfigEntry
        MAX-ACCESS   not-accessible
        STATUS       current
        DESCRIPTION
            "A table provides the mechanism to enable or disable
          IP Source Guard at each interface capable of this feature. 
          When DHCP Snooping is enabled at an interface, a list of
          IP addresses is obtained through DHCP Snooping for this
          particular interface. If IP Source Guard is enabled, only
          traffic from these IP addresses is allowed to pass through
          the interface."
        ::= { zxAnSecSvcIpSourceGuard 2 }
        
    zxAnSecSvcIfSrcGuardConfigEntry OBJECT-TYPE
       SYNTAX       ZxAnSecSvcIfSrcGuardConfigEntry
       MAX-ACCESS   not-accessible
       STATUS       current
       DESCRIPTION
          "A row instance contains the configuration to enable
          or disable IP Source Guard at each physical interface
          capable of this feature."
       INDEX { zxAnSecSvcRack,zxAnSecSvcShelf,zxAnSecSvcSlot,
               zxAnSecSvcPort,zxAnSecSvcOnu,zxAnSecSvcCircuitType,
               zxAnSecSvcLogicalId }
         ::= { zxAnSecSvcIfSrcGuardConfigTable 1 }
         
    ZxAnSecSvcIfSrcGuardConfigEntry ::= SEQUENCE {        
        zxAnSecSvcRack                    INTEGER,
        zxAnSecSvcShelf                   INTEGER,
        zxAnSecSvcSlot                    INTEGER,
        zxAnSecSvcPort                    INTEGER,
        zxAnSecSvcOnu                     INTEGER,
        zxAnSecSvcCircuitType             INTEGER,
        zxAnSecSvcLogicalId               OBJECT IDENTIFIER,
        zxAnIpSrcGuardIfEnable            TruthValue
        }
       
    zxAnSecSvcRack  OBJECT-TYPE
        SYNTAX      INTEGER(1..255)        
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "This object indicates the rack number."
        ::= { zxAnSecSvcIfSrcGuardConfigEntry 1 }   
          
    zxAnSecSvcShelf  OBJECT-TYPE
        SYNTAX      INTEGER(1..255)        
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "This object indicates the shelf number."
        ::= { zxAnSecSvcIfSrcGuardConfigEntry 2 }         
        
    zxAnSecSvcSlot  OBJECT-TYPE
        SYNTAX      INTEGER(1..255)        
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "This object indicates the slot number."
        ::= { zxAnSecSvcIfSrcGuardConfigEntry 3 }     
        
    zxAnSecSvcPort  OBJECT-TYPE
        SYNTAX      INTEGER(1..255)        
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "This object indicates the physical port number."
        ::= { zxAnSecSvcIfSrcGuardConfigEntry 4 }     
                
    zxAnSecSvcOnu  OBJECT-TYPE
        SYNTAX      INTEGER(0..255)        
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
          "When zxAnSecSvcCircuitType are 'onu' or 'gemportOrLlid' or 
             'servicePort' this object indicates 'onu ID'.
           When zxAnSecSvcCircuitType are 'physicalPort' or 'bridgePort'
              its value is '0'.             
             "
        ::= { zxAnSecSvcIfSrcGuardConfigEntry 5 }                  
    
    zxAnSecSvcCircuitType  OBJECT-TYPE
        SYNTAX      INTEGER        
        {    
            physicalPort(1),  
            bridgePort(2), 
            onu(3),
            gemportOrLlid(4),   
            servicePort(11)                    
        }
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "This object indicates the type of port.
            "                       
        ::= { zxAnSecSvcIfSrcGuardConfigEntry 6 }
                 
    zxAnSecSvcLogicalId OBJECT-TYPE
        SYNTAX      OBJECT IDENTIFIER        
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
         "This value is an oid which indicats the logical index.
          When zxAnSecSvcCircuitType is 'physicalPort' its value is '0'.
          When zxAnSecSvcCircuitType is 'bridgePort' this object includes 
            {pvc} , such as oid {1} indicates  pvc1 .
          When zxAnSecSvcCircuitType is 'onu' its value is '0'.            
          When zxAnSecSvcCircuitType is 'gemportOrLlid' this object includes 
            {gemport/llid} , such as oid {1} indicates  gemport1/llid1 .
          When zxAnSecSvcCircuitType is 'servicePort' this object includes 
            {serviceportID} , such as oid {1} indicates  serviceportID1 .            
            "
        ::= { zxAnSecSvcIfSrcGuardConfigEntry 7 }    
        
                                
    zxAnIpSrcGuardIfEnable OBJECT-TYPE
        SYNTAX      TruthValue
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
             "This object indicates whether IP Source Guard is enabled
            at this interface.If this object is set to 'true', IP Source Guard
            is enabled. Traffic coming to this interface will be forwarded  if 
            it is from the list of IP addresses obtained through DHCP Snooping.
            Otherwise, it is denied.
              If this object is set to 'false', IP Source Guard is  disabled.
              1-truth,2-false."
       DEFVAL { false }          
        ::= { zxAnSecSvcIfSrcGuardConfigEntry 8 }    
        
                                 
    zxAnSecSvcIfSrcGuardAddrTable OBJECT-TYPE
        SYNTAX       SEQUENCE OF ZxAnSecSvcIfSrcGuardAddrEntry
        MAX-ACCESS   not-accessible
        STATUS       current
        DESCRIPTION
           "A table provides the information on IP addresses used
            for IP Source Guard purpose at each interface   capable 
            of this feature. "
        ::= { zxAnSecSvcIpSourceGuard 3 }
        
    zxAnSecSvcIfSrcGuardAddrEntry OBJECT-TYPE
        SYNTAX       ZxAnSecSvcIfSrcGuardAddrEntry
            MAX-ACCESS   not-accessible
            STATUS       current
            DESCRIPTION
           "A row instance contains the IP address type and IP
           address used for IP Source Guard purpose at each
           interface capable of this feature."
            INDEX { zxAnSecSvcRack,zxAnSecSvcShelf,
                    zxAnSecSvcSlot,zxAnSecSvcPort,zxAnSecSvcOnu,
                    zxAnSecSvcCircuitType,
                    zxAnSecSvcLogicalId,
                    zxAnSecSvcIfSrcGuardClntBindType,
                    zxAnSecSvcIfSrcGuardIpAddrType,
                    zxAnSecSvcIfSrcGuardIpAddress
                    }
            ::= { zxAnSecSvcIfSrcGuardAddrTable 1 }
            
    ZxAnSecSvcIfSrcGuardAddrEntry ::= SEQUENCE {
        zxAnSecSvcIfSrcGuardClntBindType  INTEGER,
        zxAnSecSvcIfSrcGuardIpAddrType   InetAddressType,
        zxAnSecSvcIfSrcGuardIpAddress    InetAddress,
        zxAnSecSvcIfSrcGuardPfxLen       InetAddressPrefixLength,
        zxAnSecSvcIfSrcGuardMacAddr      MacAddress,
        zxAnSecSvcIfSrcGuardVlan         INTEGER,
        zxAnSecSvcIfSrcGuardRowStatus    RowStatus
        }
        
    zxAnSecSvcIfSrcGuardClntBindType  OBJECT-TYPE       
        SYNTAX      INTEGER
        {
            static(1),       
            dynamic(2)
        }
        MAX-ACCESS      not-accessible
            STATUS      current  
            DESCRIPTION                  
           "This object indicates bind type of client ip address.
            If this value is  'static'  zxAnSecSvcIfSrcGuardPfxLen
             and zxAnSecSvcIfSrcGuardVlan are optional property."    
        ::= { zxAnSecSvcIfSrcGuardAddrEntry 1 }
        
    zxAnSecSvcIfSrcGuardIpAddrType OBJECT-TYPE
        SYNTAX      InetAddressType
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
           "This object indicates the type of IP address denoted
            in zxAnSecSvcIfSrcGuardIpAddress object."
        ::= { zxAnSecSvcIfSrcGuardAddrEntry 2 }
        
    zxAnSecSvcIfSrcGuardIpAddress OBJECT-TYPE
        SYNTAX      InetAddress
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
          "This object indicates the IP address obtained at
         this interface through DHCP Snooping or static configuration."
        ::= { zxAnSecSvcIfSrcGuardAddrEntry 3 }
        
    zxAnSecSvcIfSrcGuardPfxLen OBJECT-TYPE
        SYNTAX      InetAddressPrefixLength
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
          "This object indicates the IPv6 address mask obtained at
         this interface through DHCP Snooping or static configuration.
         This object is an optional property,only available to IPv6.
         If this object is invalid  the value will be '0'.
         "
        ::= { zxAnSecSvcIfSrcGuardAddrEntry 4 }    
        
    zxAnSecSvcIfSrcGuardMacAddr OBJECT-TYPE
        SYNTAX      MacAddress
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
          "This object indicates the MAC address obtained at
         this interface through DHCP Snooping or static configuration."
        ::= { zxAnSecSvcIfSrcGuardAddrEntry 5 }    
        
    zxAnSecSvcIfSrcGuardVlan OBJECT-TYPE
        SYNTAX      INTEGER(0..4094)
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
          "This object indicates the vlan obtained at
         this interface through DHCP Snooping or static configuration.
         If this object is invalid  the value will be '0'."
        ::= { zxAnSecSvcIfSrcGuardAddrEntry 6 } 
        
    zxAnSecSvcIfSrcGuardRowStatus OBJECT-TYPE
        SYNTAX      RowStatus
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "This object indicates the status of this entry."
        ::= { zxAnSecSvcIfSrcGuardAddrEntry 20}
          
--------------------------------------------------------------------------------
-- 1.8 Reserved MAC Mgmt
--------------------------------------------------------------------------------

    zxAnSecSvcIfRsvdMacTable   OBJECT-TYPE
        SYNTAX      SEQUENCE  OF  ZxAnSecSvcIfRsvdMacEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION "The table includes the reserved MAC address. L2 packets  
                    will be forworded by the policy of this table first. 
                    The note:the NE need to support get-next to the slot level."
        ::=  { zxAnSecSvcReservedMac  1 }

    zxAnSecSvcIfRsvdMacEntry   OBJECT-TYPE
        SYNTAX      ZxAnSecSvcIfRsvdMacEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION "An entry in zxAnSecSvcIfRsvdMacTable."
        INDEX       { zxAnSecSvcIfRsvdMacRack, zxAnSecSvcIfRsvdMacShelf,
                      zxAnSecSvcIfRsvdMacSlot, zxAnSecSvcIfRsvdMacPort,
                      zxAnSecSvcIfRsvdMacNumber}
        ::=  { zxAnSecSvcIfRsvdMacTable 1 }

    ZxAnSecSvcIfRsvdMacEntry  ::=  SEQUENCE 
    {
        zxAnSecSvcIfRsvdMacRack          Integer32,
        zxAnSecSvcIfRsvdMacShelf         Integer32,
        zxAnSecSvcIfRsvdMacSlot          Integer32,
        zxAnSecSvcIfRsvdMacPort          Integer32,
        zxAnSecSvcIfRsvdMacNumber        Integer32,
        zxAnSecSvcIfRsvdMacStartAddr     MacAddress,
        zxAnSecSvcIfRsvdMacEndAddr       MacAddress, 
        zxAnSecSvcIfRsvdMacForwardPolicy INTEGER,       
        zxAnSecSvcIfRsvdMacRowStatus     RowStatus         
    }
    
    zxAnSecSvcIfRsvdMacRack  OBJECT-TYPE 
        SYNTAX          Integer32         
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     "Rack number of the port. "                 
        ::=  {  zxAnSecSvcIfRsvdMacEntry  1  }
        
    zxAnSecSvcIfRsvdMacShelf  OBJECT-TYPE 
        SYNTAX          Integer32         
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     "Shelf number of the port. "                 
        ::=  {  zxAnSecSvcIfRsvdMacEntry  2  }
        
    zxAnSecSvcIfRsvdMacSlot  OBJECT-TYPE 
        SYNTAX          Integer32         
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     "Slot number of the port. "                 
        ::=  {  zxAnSecSvcIfRsvdMacEntry  3  }
        
    zxAnSecSvcIfRsvdMacPort  OBJECT-TYPE 
        SYNTAX          Integer32         
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     "The port number. "                 
        ::=  {  zxAnSecSvcIfRsvdMacEntry  4  }  
        
    zxAnSecSvcIfRsvdMacNumber  OBJECT-TYPE 
        SYNTAX          Integer32(1..64)         
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     "MAC address number. "                 
        ::=  {  zxAnSecSvcIfRsvdMacEntry  5  }
        
    zxAnSecSvcIfRsvdMacStartAddr  OBJECT-TYPE 
        SYNTAX          MacAddress         
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION     "Start MAC address. "               
        ::=  {  zxAnSecSvcIfRsvdMacEntry  6  }        
        
    zxAnSecSvcIfRsvdMacEndAddr  OBJECT-TYPE 
        SYNTAX          MacAddress         
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION     "End MAC address. "                  
        ::=  {  zxAnSecSvcIfRsvdMacEntry  7  }
        
    zxAnSecSvcIfRsvdMacForwardPolicy  OBJECT-TYPE 
        SYNTAX          INTEGER 
        {
            discard(1),
            transparent(2),
            localProcessing(3),
            snooping(4)
        }         
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION     
            "This object indicates the forwarding policy of L2 packets,
             its values are as follow:
             discard         (1) - discard this packet;
             transparent     (2) - this packet is transmitted transparently;
             localProcessing (3) - this packet is processed by local;
             snooping        (4) - transparent(2) + localProcessing(3);
            " 
        DEFVAL { transparent }                  
        ::=  {  zxAnSecSvcIfRsvdMacEntry  8  }
   
    zxAnSecSvcIfRsvdMacRowStatus    OBJECT-TYPE    
        SYNTAX          RowStatus
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION     "RowStatus of this table."
        ::=  {  zxAnSecSvcIfRsvdMacEntry  30  }
        
    zxAnSecSvcRsvdMacTable   OBJECT-TYPE
        SYNTAX      SEQUENCE  OF  ZxAnSecSvcRsvdMacEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION 
            "The table includes the reserved MAC address.
             L2 packets will be forworded by the policy of this table first.
            "
        ::=  { zxAnSecSvcReservedMac  2 }

    zxAnSecSvcRsvdMacEntry   OBJECT-TYPE
        SYNTAX      ZxAnSecSvcRsvdMacEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION 
            "An entry in zxAnSecSvcRsvdMacTable."
        INDEX
            {
                zxAnSecSvcRsvdMacNumber
            }
        ::=  { zxAnSecSvcRsvdMacTable 1 }

    ZxAnSecSvcRsvdMacEntry  ::=  SEQUENCE 
        {
            zxAnSecSvcRsvdMacNumber          Integer32,
            zxAnSecSvcRsvdMacStartAddr       MacAddress,
            zxAnSecSvcRsvdMacEndAddr         MacAddress, 
            zxAnSecSvcRsvdMacForwardPolicy   INTEGER,       
            zxAnSecSvcRsvdMacRowStatus       RowStatus         
        }
        
    zxAnSecSvcRsvdMacNumber  OBJECT-TYPE 
        SYNTAX          Integer32(1..64)         
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     
            "MAC address number."                 
        ::=  {  zxAnSecSvcRsvdMacEntry  1  }
        
    zxAnSecSvcRsvdMacStartAddr  OBJECT-TYPE 
        SYNTAX          MacAddress         
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION     
            "Starting MAC address. "               
        ::=  {  zxAnSecSvcRsvdMacEntry  2  }        
        
    zxAnSecSvcRsvdMacEndAddr  OBJECT-TYPE 
        SYNTAX          MacAddress         
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION     
            "Ending MAC address. "                  
        ::=  {  zxAnSecSvcRsvdMacEntry  3  }
        
    zxAnSecSvcRsvdMacForwardPolicy  OBJECT-TYPE 
        SYNTAX          INTEGER 
        {
            discard(1),
            transparent(2)
        }         
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION     
            "This object indicates the forwarding policy of L2 packets,
             its values are as follow:
             discard         (1) - discard this packet;
             transparent     (2) - this packet is transmitted transparently;
            " 
        DEFVAL { discard }                  
        ::=  {  zxAnSecSvcRsvdMacEntry  4  }
   
    zxAnSecSvcRsvdMacRowStatus    OBJECT-TYPE    
        SYNTAX          RowStatus
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION     
            "RowStatus of this table."
        ::=  {  zxAnSecSvcRsvdMacEntry  30  }
                                                                 
--------------------------------------------------------------------------------
-- 1.9 L2CP Mgmt
--------------------------------------------------------------------------------
    zxAnSecSvcL2cpGlobal  OBJECT IDENTIFIER    ::=  {  zxAnSecSvcL2cp  1  }   
 
    zxAnSecSvcL2cpVlanConfNextId  OBJECT-TYPE
        SYNTAX      Integer32(0..32)
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "This object contains an unused value for zxAnSecSvcL2cpVlanConfId 
             in the zxAnSecSvcL2cpVlanConfTable,or 0 to indicate that none 
             exist.
            "
        ::= { zxAnSecSvcL2cpGlobal 1 }        
        
    zxAnSecSvcL2cpVlanConfTable   OBJECT-TYPE
        SYNTAX      SEQUENCE  OF  ZxAnSecSvcL2cpVlanConfEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION 
            "This table includes the L2CP records for forwarding or discarding."
        ::=  { zxAnSecSvcL2cp  2 }

    zxAnSecSvcL2cpVlanConfEntry   OBJECT-TYPE
        SYNTAX      ZxAnSecSvcL2cpVlanConfEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION 
            "An entry in zxAnSecSvcL2cpVlanConfTable."
        INDEX       { zxAnSecSvcL2cpVlanConfId }
        ::=  { zxAnSecSvcL2cpVlanConfTable 1 }       

    ZxAnSecSvcL2cpVlanConfEntry  ::=  SEQUENCE 
    {
        zxAnSecSvcL2cpVlanConfId                Integer32, 
        zxAnSecSvcL2cpVlanConfDestMac           MacAddress,
        zxAnSecSvcL2cpVlanConfMacMask           MacAddress,
        zxAnSecSvcL2cpVlanConfVid               Integer32,
        zxAnSecSvcL2cpVlanConfVlanMask          Integer32,  
        zxAnSecSvcL2cpVlanConfFwdPolicy         INTEGER,       
        zxAnSecSvcL2cpVlanConfRowStatus         RowStatus         
    }
    
    zxAnSecSvcL2cpVlanConfId  OBJECT-TYPE 
        SYNTAX          Integer32(1..32)         
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     
            "This object indicates the L2CP records ID. "                 
        ::=  {  zxAnSecSvcL2cpVlanConfEntry  1  }
        
   zxAnSecSvcL2cpVlanConfDestMac  OBJECT-TYPE 
        SYNTAX          MacAddress         
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION     
            "This object indicates the packet destination MAC address of the 
             L2CP record. "                 
        ::=  {  zxAnSecSvcL2cpVlanConfEntry  2  }        
        
   zxAnSecSvcL2cpVlanConfMacMask  OBJECT-TYPE 
        SYNTAX          MacAddress         
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION     
            "This is the wildcard mask for the zxAnSecSvcL2cpVlanConfDestMac 
             bits that must match. 1 bits in the mask indicate the 
             corresponding bits in the zxAnSecSvcL2cpVlanConfDestMac must match 
             in order for the matching to be successful, and 0 bits are don't 
             care bits in the matching. 
             A value of zero causes only packets of source address the same as 
             zxAnSecSvcL2cpVlanConfDestMac to match." 
        DEFVAL { 'FFFFFFFFFFFF'H }                  
        ::=  {  zxAnSecSvcL2cpVlanConfEntry  3  }

   zxAnSecSvcL2cpVlanConfVid  OBJECT-TYPE 
        SYNTAX          Integer32(1..4094)          
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION     
            "This object indicates the VLAN value of the packet."                  
        ::=  {  zxAnSecSvcL2cpVlanConfEntry  4  }

     zxAnSecSvcL2cpVlanConfVlanMask  OBJECT-TYPE 
        SYNTAX          Integer32(0..4095)          
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION     
            "This is the wildcard mask for the zxAnSecSvcL2cpVlanConfVid 
             bits that must match. 1 bits in the mask indicate the 
             corresponding bits in the zxAnSecSvcL2cpVlanConfVid must match 
             in order for the matching to be successful, and 0 bits are don't 
             care bits in the matching. 
             A value of zero causes only packets of source address the same as 
             zxAnSecSvcL2cpVlanConfVid to match." 
        DEFVAL { 4095 }                
        ::=  {  zxAnSecSvcL2cpVlanConfEntry  5  }

    zxAnSecSvcL2cpVlanConfFwdPolicy  OBJECT-TYPE 
        SYNTAX          INTEGER 
        {
            discard(1),
            forward(2)
        }          
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION     
            "This object indicates the forwarding policy of L2 packets,
             its values are as follow:
             discard       (1) - discard this packet;
             forward       (2) - the packet is transmitted transparently. " 
        DEFVAL { discard }                
        ::=  {  zxAnSecSvcL2cpVlanConfEntry  6  }
   
   zxAnSecSvcL2cpVlanConfRowStatus    OBJECT-TYPE    
        SYNTAX          RowStatus
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION     
            "RowStatus of the zxAnSecSvcL2cpVlanConfTable table."
        ::=  {  zxAnSecSvcL2cpVlanConfEntry  50  }       
        
   zxAnSecSvcL2cpDefaultTable   OBJECT-TYPE
        SYNTAX      SEQUENCE  OF  ZxAnSecSvcL2cpDefaultEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION 
            "This table includes the default L2CP records."
        ::=  { zxAnSecSvcL2cp  3 }

    zxAnSecSvcL2cpDefaultEntry   OBJECT-TYPE
        SYNTAX      ZxAnSecSvcL2cpDefaultEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION 
            "An entry in zxAnSecSvcL2cpDefaultTable."
        INDEX       { zxAnSecSvcL2cpDefaultId }
        ::=  { zxAnSecSvcL2cpDefaultTable 1 }

    ZxAnSecSvcL2cpDefaultEntry  ::=  SEQUENCE 
    {
        zxAnSecSvcL2cpDefaultId                 Integer32, 
        zxAnSecSvcL2cpDefaultDestMac            MacAddress,
        zxAnSecSvcL2cpDefaultMacMask            MacAddress, 
        zxAnSecSvcL2cpDefaultFwdPolicy          INTEGER       
    }
    
    zxAnSecSvcL2cpDefaultId  OBJECT-TYPE 
        SYNTAX          Integer32(1..32)         
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     
            "This object indicates the default L2CP records ID."                 
        ::=  {  zxAnSecSvcL2cpDefaultEntry  1  }
        
   zxAnSecSvcL2cpDefaultDestMac  OBJECT-TYPE 
        SYNTAX          MacAddress         
        MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION     
            "This object indicates the packet destination MAC address of the 
             default L2CP record. "                 
        ::=  {  zxAnSecSvcL2cpDefaultEntry  2  }        
        
   zxAnSecSvcL2cpDefaultMacMask  OBJECT-TYPE 
        SYNTAX          MacAddress         
        MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION     
            "This is the wildcard mask for the zxAnSecSvcL2cpDefaultDestMac bits 
             that must match. 1 bits in the mask indicate the corresponding bits 
             in the zxAnAclHybridRuleDestMac must match in order for the 
             matching to be successful, and 0 bits are don't care bits in the 
             matching. 
             A value of zero causes only packets of source address the same as 
             zxAnSecSvcL2cpDefaultDestMac to match." 
        DEFVAL { 'FFFFFFFFFFFF'H }                  
        ::=  {  zxAnSecSvcL2cpDefaultEntry  3  }

    zxAnSecSvcL2cpDefaultFwdPolicy  OBJECT-TYPE 
        SYNTAX          INTEGER 
        {
            discard(1),
            forward(2)
        }          
        MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION     
            "This object indicates the forwarding policy of L2 packets,
             its values are as follow:
             discard     (1) - discard this packet;
             forward     (2) - the packet is transmitted transparently. " 
        DEFVAL { discard }                
        ::=  {  zxAnSecSvcL2cpDefaultEntry  6  }                   
        
--------------------------------------------------------------------------------
-- 1.10 Ipv6Filter Mgmt
--------------------------------------------------------------------------------
    zxAnSecSvcIpv6FiltGlobalObjects OBJECT IDENTIFIER 
        ::= { zxAnSecSvcIpv6Filter 1 }

    zxAnIpv6FiltVlanConfNextId  OBJECT-TYPE
        SYNTAX      Integer32(0..32)
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "This object contains an unused value for zxAnIpv6FiltVlanConfId
             in the zxAnSecSvcIpv6FiltVlanConfTable.
             The value 0 indicates that no unassigned entries are available.
            "
        ::= { zxAnSecSvcIpv6FiltGlobalObjects 1 }
    
    zxAnSecSvcIpv6FiltVlanConfTable   OBJECT-TYPE
        SYNTAX      SEQUENCE  OF  ZxAnSecSvcIpv6FiltVlanConfEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "This table includes the IPv6 filter records."
        ::=  { zxAnSecSvcIpv6Filter  2 }

    zxAnSecSvcIpv6FiltVlanConfEntry   OBJECT-TYPE
        SYNTAX      ZxAnSecSvcIpv6FiltVlanConfEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "An entry in zxAnSecSvcIpv6FiltVlanConfTable."
        INDEX { zxAnIpv6FiltVlanConfId }
        ::=  { zxAnSecSvcIpv6FiltVlanConfTable 1 }

    ZxAnSecSvcIpv6FiltVlanConfEntry  ::=  SEQUENCE
    {
        zxAnIpv6FiltVlanConfId                Integer32,
        zxAnIpv6FiltVlanConfVid               Integer32,
        zxAnIpv6FiltVlanConfVlanMask          Integer32,
        zxAnIpv6FiltVlanConfRowStatus         RowStatus
    }

   zxAnIpv6FiltVlanConfId  OBJECT-TYPE
        SYNTAX          Integer32(1..32)
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "This object indicates the IPv6 filter records ID. "
        ::=  {  zxAnSecSvcIpv6FiltVlanConfEntry  1  }

    zxAnIpv6FiltVlanConfVid  OBJECT-TYPE
        SYNTAX          Integer32(1..4094)
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object indicates the VLAN value of the packet."
        ::=  {  zxAnSecSvcIpv6FiltVlanConfEntry  2  }

    zxAnIpv6FiltVlanConfVlanMask  OBJECT-TYPE
        SYNTAX          Integer32(0..4095)
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This is the wildcard mask for the zxAnIpv6FiltVlanConfVid bits 
             that must match. 
             1 bits in the mask indicate the corresponding bits in the 
             zxAnIpv6FiltVlanConfVid must match in order for the matching to 
             be successful, and 0 bits are don't care bits in the matching.
             A value of zero causes only packets of source address the same as
             zxAnIpv6FiltVlanConfVid to match."
        DEFVAL { 4095 }
        ::=  {  zxAnSecSvcIpv6FiltVlanConfEntry  3  }

   zxAnIpv6FiltVlanConfRowStatus    OBJECT-TYPE
        SYNTAX          RowStatus
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "RowStatus of the zxAnSecSvcIpv6FiltVlanConfTable table."
        ::=  {  zxAnSecSvcIpv6FiltVlanConfEntry  50  }                                                                     
--------------------------------------------------------------------------------
-- 2.Trap
--------------------------------------------------------------------------------
    zxAnSecSvcAntiDosFault NOTIFICATION-TYPE
        OBJECTS { ifIndex,  zxAnSecSvcAntiDosSourceMac, zxAnSecSvcAntiDosPortVlan }
        STATUS             current
        DESCRIPTION
           "It indicate current packets per second over zxAnSecSvcAntiDosAscThreshold,
           The source MAC of packet will put into blacklist.The variable ifIndex indicate
           trap position,it's type is ZxAnIfindex,detail info about ZxAnIfindex please
           refer to ZTE-AN-TC-MIB.mib file."
       ::= { zxAnSecSvcTrapObjects 1 }            

    zxAnSecSvcAntiDosFaultCleared NOTIFICATION-TYPE
        OBJECTS { ifIndex,  zxAnSecSvcAntiDosSourceMac, zxAnSecSvcAntiDosPortVlan }
        STATUS             current
        DESCRIPTION
           "It indicate current packets per second below zxAnSecSvcAntiDosDescThreshold,
           The source MAC of packet will remove from blacklist.The variable ifIndex indicate
           trap position,it's type is ZxAnIfindex,detail info about ZxAnIfindex please
           refer to ZTE-AN-TC-MIB.mib file."
       ::= { zxAnSecSvcTrapObjects 2 }   
       
    zxAnIfMacAntiDriftNotify NOTIFICATION-TYPE
        OBJECTS 
            {
                zxAnSecSvcMacDriftAddress, 
                zxAnSecSvcMacDriftVlanId, 
                zxAnSecSvcMacDriftFromIfIndex, 
                zxAnSecSvcMacDriftToIfIndex
            }
        STATUS  current
        DESCRIPTION
            "If both zxAnMasEnable and zxAnMasMacMoveReportEnable
             is enable, zxAnIfMacAntiDriftNotify is generated when a MAC address
             is drifted between two interfaces."
        ::= { zxAnSecSvcTrapObjects 3 } 
END
