-- This file was included in WWP MIB release 04-16-00-0047
 -- 
 -- CIENA-CES-ACCESS-LIST-MIB
 --                                                                                         

 CIENA-CES-ACCESS-LIST-MIB DEFINITIONS ::= BEGIN

 
 IMPORTS        
   Integer32, Unsigned32, Counter64, OBJECT-TYPE, MODULE-IDENTITY
        FROM SNMPv2-SMI
        
   DisplayString, MacAddress, TruthValue, TEXTUAL-CONVENTION            
        FROM SNMPv2-TC  
        
   cienaCesConfig
        FROM CIENA-SMI         
                                                  
   CienaGlobalState
        FROM CIENA-TC
        
   InetAddressType, InetAddress, InetAddressPrefixLength, InetPortNumber  
        FROM INET-ADDRESS-MIB;  
    
    
 cienaCesAccessListMIB MODULE-IDENTITY
        LAST-UPDATED "201504020000Z"
        ORGANIZATION "Ciena, Inc"
        CONTACT-INFO
            "Mib Meister
             115 North Sullivan Road
             Spokane Valley, WA 99037                     
             USA             
             Phone:  +1 509 242 9000
             Email:  support@ciena.com"                              
        DESCRIPTION
            "This MIB module defines objects that describe Hardware 
             ACLs (Access Control Lists).      
             The MIB describes different objects that enable the
             network administrator to remotely view ACL profile/rule, 
             configuration in addition to monitoring ACL rule statistics."

        REVISION  "201504020000Z"
        DESCRIPTION
            "The initial version of this MIB module."        
        ::= { cienaCesConfig 35 }



 --
 -- Node definitions
 --
   
 cienaCesAccessListMIBObjects     OBJECT IDENTIFIER ::= { cienaCesAccessListMIB 1 }

 cienaCesAclConfiguration         OBJECT IDENTIFIER ::= { cienaCesAccessListMIBObjects 1 }
 cienaCesAclStatistics            OBJECT IDENTIFIER ::= { cienaCesAccessListMIBObjects 2 }
  
 cienaCesAccessListMIBConformance OBJECT IDENTIFIER ::= { cienaCesAccessListMIB 2 } 
 
 cienaCesAccessListMIBCompliances OBJECT IDENTIFIER ::= { cienaCesAccessListMIBConformance 1 }     
 cienaCesAccessListMIBGroups      OBJECT IDENTIFIER ::= { cienaCesAccessListMIBConformance 2 }



 -- 
 -- Textual Conventions                                              
 --  
            
 AclFilterAction ::= TEXTUAL-CONVENTION
     STATUS       current
     DESCRIPTION  "An enumeration value to indicate the filter action applied by an ACL rule."
     SYNTAX       INTEGER
                  {
                     allow(1),
                     deny(2)
                  } 

 AclTrafficDirection ::= TEXTUAL-CONVENTION
     STATUS       current
     DESCRIPTION  "An enumeration value to indicate the traffic direction to which
                   an ACL profile is applied."
     SYNTAX       INTEGER
                  {
                     ingress(1),
                     egress(2)
                  } 

 AclIpFragmentMatchType ::= TEXTUAL-CONVENTION
     STATUS       current
     DESCRIPTION  "An enumeration value to indicate the type of IP fragment filtering
                   to be done as part of an ACL rule."
     SYNTAX       INTEGER
                  {
                     any(1),
                     isfragment(2),
                     notfragment(3)                    
                  }
 
 AclL4PortMatchType ::= TEXTUAL-CONVENTION
     STATUS       current
     DESCRIPTION  "An enumeration value to indicate the type of match to perform on
                   an L4 src/dst port filter term."
     SYNTAX       INTEGER
                  {
                     any(1),
                     single(2),
                     range(3)
                  } 
 
 AclInterfaceType ::= TEXTUAL-CONVENTION
     STATUS       current
     DESCRIPTION  "An enumeration value to indicate the type of interface to which
                   an ACL profile is attached."
     SYNTAX       INTEGER
                  {
                     port(1),
                     vlan(2),
                     virtualswitch(3),
                     ipinterface(4),
                     remoteinterface(5),
                     localinterface(6)
                  }

 AclL4DstProtocol ::= TEXTUAL-CONVENTION
     STATUS       current
     DESCRIPTION  "An enumeration value to indicate the L4 destination protocol
                   specified as part of an ACL rule filter term."
     SYNTAX       INTEGER
                  {
                     any(1),
                     bgp(2),
                     bootpclient(3),                     
                     bootpserver(4),                     
                     dhcpclient(5),                     
                     dhcpserver(6),                     
                     dhcpv6client(7),
                     dhcpv6server(8),
                     dns(9),
                     ftp(10),
                     http(11),
                     ldp(12),
                     ntp(13),
                     olsr(14),
                     rip(15),
                     rpc(16),
                     snmp(17),
                     snmptrap(18),
                     ssh(19),
                     syslog(20),  
                     tacacs(21),
                     telnet(22),
                     tftp(23),
                     twampctrl(24)
                  } 
 
  
 --
 -- ACL Global Config Objects 
 --
 
 cienaCesAclGlobalConfig  OBJECT IDENTIFIER ::= { cienaCesAclConfiguration 1 }
    
 cienaCesAclAdminStatus OBJECT-TYPE
     SYNTAX      CienaGlobalState
     MAX-ACCESS  read-only
     STATUS      current
     DESCRIPTION
         "Indicates whether the ACL feature is globally enabled or disabled."
    ::= { cienaCesAclGlobalConfig 1 }

 cienaCesAclFilterMode OBJECT-TYPE
    SYNTAX      INTEGER
                {
                   l2l3combo(1),
                   l3only(2)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Indicates which global ACL device mode is currently in use."
    ::= { cienaCesAclGlobalConfig 2 }

 cienaCesAclNumAclProfileDefs OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Indicates the total number of configured ACL profile definitions on the device."
    ::= { cienaCesAclGlobalConfig 3 }

 cienaCesAclRemainingAclProfileDefs OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Indicates the number of remaining ACL profile definitions that can be configured on the device."
    ::= { cienaCesAclGlobalConfig 4 }

 cienaCesAclNumAclRuleDefs OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Indicates the total number of configured ACL rule definitions on the device."
    ::= { cienaCesAclGlobalConfig 5 }

 cienaCesAclRemainingAclRuleDefs OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Indicates the number of remaining ACL rule definitions that can be configured on the device."
    ::= { cienaCesAclGlobalConfig 6 }



 --
 --  ACL Profile Config Table
 --                                   
 cienaCesAclProfileConfigTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF CienaCesAclProfileConfigTableEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table of ACL profiles configured on the device. Each
         entry contains the ACL profile configuration data."  
    ::= { cienaCesAclConfiguration 2 }
               
 cienaCesAclProfileConfigTableEntry OBJECT-TYPE
    SYNTAX      CienaCesAclProfileConfigTableEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An entry containing the ACL profile configuration data."
    INDEX { cienaCesAclProfileId }
    ::= { cienaCesAclProfileConfigTable 1 }
                
 CienaCesAclProfileConfigTableEntry ::=  SEQUENCE { 
    cienaCesAclProfileId                     Integer32,
    cienaCesAclProfileName                   DisplayString,  
    cienaCesAclProfileAdminState             CienaGlobalState,
    cienaCesAclProfileOperState              CienaGlobalState,    
    cienaCesAclProfileDefaultFilterAction    AclFilterAction,
    cienaCesAclProfileNumRules               Integer32,
    cienaCesAclProfileAttachedInterfaces     Unsigned32
    }
        
 cienaCesAclProfileId OBJECT-TYPE
    SYNTAX      Integer32 (1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The unique identifier of this ACL profile."
    ::= { cienaCesAclProfileConfigTableEntry 1 }
            
 cienaCesAclProfileName OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (1..31))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The unique name of this ACL profile."
    ::= { cienaCesAclProfileConfigTableEntry 2 }

 cienaCesAclProfileAdminState OBJECT-TYPE
    SYNTAX      CienaGlobalState
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The configured administrative State of the ACL profile."
    ::= { cienaCesAclProfileConfigTableEntry 3 }

 cienaCesAclProfileOperState OBJECT-TYPE
    SYNTAX      CienaGlobalState
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The Operational State of the ACL profile.
         A profile is operationally enabled if it is administratively enabled
         and attached to at least one interface. It is otherwise disabled.
         Note that the ACL feature must also be globally enabled for
         any profile to be operationally enabled."
    ::= { cienaCesAclProfileConfigTableEntry 4 }

 cienaCesAclProfileDefaultFilterAction OBJECT-TYPE
    SYNTAX      AclFilterAction
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The configured default filter action for this ACL profile."
    ::= { cienaCesAclProfileConfigTableEntry 5 }

 cienaCesAclProfileNumRules OBJECT-TYPE
    SYNTAX      Integer32 (1..256)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The number of ACL rules configured in this profile. There will always
         be at least one rule defined in each profile - the default rule."
    ::= { cienaCesAclProfileConfigTableEntry 6 }

 cienaCesAclProfileAttachedInterfaces OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The number of interfaces to which this profile is attached."
    ::= { cienaCesAclProfileConfigTableEntry 7 }


 --
 --  ACL Rule Config Table
 --                                   
 cienaCesAclRuleConfigTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF CienaCesAclRuleConfigTableEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table of ACL rules configured on the device. Each
         entry contains the ACL rule configuration data."  
    ::= { cienaCesAclConfiguration 3 }
               
 cienaCesAclRuleConfigTableEntry OBJECT-TYPE
    SYNTAX      CienaCesAclRuleConfigTableEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An entry containing the ACL rule configuration data."
    INDEX { cienaCesAclProfileId, 
            cienaCesAclRulePrecedence 
          }
    ::= { cienaCesAclRuleConfigTable 1 }
                
 CienaCesAclRuleConfigTableEntry ::=  SEQUENCE { 
    cienaCesAclRulePrecedence              Unsigned32,    
    cienaCesAclRuleName                    DisplayString,
    cienaCesAclRuleFilterAction            AclFilterAction,
    cienaCesAclRuleMatchAny                TruthValue,     
    cienaCesAclRuleMatchSrcMacAddr         TruthValue,                                                                                                                                                                                                                               
    cienaCesAclRuleSrcMacAddr              MacAddress,
    cienaCesAclRuleSrcMacAddrMask          MacAddress,
    cienaCesAclRuleMatchDstMacAddr         TruthValue,    
    cienaCesAclRuleDstMacAddr              MacAddress,    
    cienaCesAclRuleDstMacAddrMask          MacAddress,
    cienaCesAclRuleMatchOuterVid           TruthValue,    
    cienaCesAclRuleOuterVid                Unsigned32,
    cienaCesAclRuleOuterVidMask            Unsigned32,
    cienaCesAclRuleMatchOuterPcp           TruthValue,            
    cienaCesAclRuleOuterPcp                Unsigned32,
    cienaCesAclRuleOuterPcpMask            Unsigned32,
    cienaCesAclRuleMatchOuterDei           TruthValue,            
    cienaCesAclRuleOuterDei                Unsigned32,
    cienaCesAclRuleMatchBaseEtype          TruthValue,        
    cienaCesAclRuleBaseEtype               Unsigned32,
    cienaCesAclRuleMatchSrcIpAddr          TruthValue,
    cienaCesAclRuleSrcIpAddrType           InetAddressType,            
    cienaCesAclRuleSrcIpAddr               InetAddress,
    cienaCesAclRuleSrcIpAddrPrefixLength   InetAddressPrefixLength,
    cienaCesAclRuleMatchDstIpAddr          TruthValue,
    cienaCesAclRuleDstIpAddrType           InetAddressType,                            
    cienaCesAclRuleDstIpAddr               InetAddress,
    cienaCesAclRuleDstIpAddrPrefixLength   InetAddressPrefixLength,
    cienaCesAclRuleMatchIpProtocol         TruthValue,            
    cienaCesAclRuleIpProtocol              Unsigned32,
    cienaCesAclRuleMatchDscp               TruthValue,            
    cienaCesAclRuleDscp                    Unsigned32,
    cienaCesAclRuleDscpMask                Unsigned32,
    cienaCesAclRuleMatchL4SrcPort          AclL4PortMatchType,        
    cienaCesAclRuleL4SrcPort               InetPortNumber,    
    cienaCesAclRuleL4SrcPortUpper          InetPortNumber,
    cienaCesAclRuleMatchL4DstPort          AclL4PortMatchType,                
    cienaCesAclRuleL4DstPort               InetPortNumber,    
    cienaCesAclRuleL4DstPortUpper          InetPortNumber,
    cienaCesAclRuleMatchL4DstProtocol      AclL4DstProtocol,
    cienaCesAclRuleMatchIpFragment         AclIpFragmentMatchType,
    cienaCesAclRuleMatchTcpFlags           TruthValue,    
    cienaCesAclRuleTcpFlags                DisplayString
    }
        
 cienaCesAclRulePrecedence OBJECT-TYPE
    SYNTAX      Unsigned32 (0..255)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The unique precedence value (within the profile) of this ACL rule."
    ::= { cienaCesAclRuleConfigTableEntry 1 }
            
 cienaCesAclRuleName OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (1..31))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The unique name (within the profile) of this ACL rule."
    ::= { cienaCesAclRuleConfigTableEntry 2 }

 cienaCesAclRuleFilterAction OBJECT-TYPE
    SYNTAX      AclFilterAction
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The configured filter action for this ACL rule."
    ::= { cienaCesAclRuleConfigTableEntry 3 }

 cienaCesAclRuleMatchAny OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "True if the ACL rule matches any traffic, False otherwise. 
         Matching on any traffic automatically disregards all the remaining fields."
    ::= { cienaCesAclRuleConfigTableEntry 4 }

 cienaCesAclRuleMatchSrcMacAddr OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "True if the ACL rule matches on the source MAC address, False otherwise.
         When True, the cienaCesAclRuleSrcMacAddr and cienaCesAclRuleSrcMacAddrMask fields
         will contain the source MAC address and mask that are to be matched by this rule."
    ::= { cienaCesAclRuleConfigTableEntry 5 }

 cienaCesAclRuleSrcMacAddr OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Contains the source MAC address that is to be matched by this rule.  
         This field is not applicable when the cienaCesAclRuleMatchSrcMacAddr field is set to False."
    ::= { cienaCesAclRuleConfigTableEntry 6 }

 cienaCesAclRuleSrcMacAddrMask OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Contains the source MAC address mask that is to be matched by this rule.  
         This field is not applicable when the cienaCesAclRuleMatchSrcMacAddr field is set to False."
    ::= { cienaCesAclRuleConfigTableEntry 7 }

 cienaCesAclRuleMatchDstMacAddr OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "True if the ACL rule matches on the destination MAC address, False otherwise.
         When True, the cienaCesAclRuleDstMacAddr and cienaCesAclRuleDstMacAddrMask fields
         will contain the destination MAC address and mask that are to be matched by this rule."
    ::= { cienaCesAclRuleConfigTableEntry 8 }

 cienaCesAclRuleDstMacAddr OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Contains the destination MAC address that is to be matched by this rule.  
         This field is not applicable when the cienaCesAclRuleMatchDstMacAddr field is set to False."
    ::= { cienaCesAclRuleConfigTableEntry 9 }

 cienaCesAclRuleDstMacAddrMask OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Contains the destination MAC address mask that is to be matched by this rule.  
         This field is not applicable when the cienaCesAclRuleMatchDstMacAddr field is set to False."
    ::= { cienaCesAclRuleConfigTableEntry 10 }

 cienaCesAclRuleMatchOuterVid OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "True if the ACL rule matches on the outer VID, False otherwise.
         When True, the cienaCesAclRuleOuterVid and cienaCesAclRuleOuterVidMask fields
         will contain the outer VID value and mask that are to be matched by this rule."
    ::= { cienaCesAclRuleConfigTableEntry 11 }

 cienaCesAclRuleOuterVid OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Contains the outer VID that is to be matched by this rule.  
         This field is not applicable when the cienaCesAclRuleMatchOuterVid field is set to False."
    ::= { cienaCesAclRuleConfigTableEntry 12 }

 cienaCesAclRuleOuterVidMask OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Contains the outer VID mask that is to be matched by this rule.  
         This field is not applicable when the cienaCesAclRuleMatchOuterVid field is set to False."
    ::= { cienaCesAclRuleConfigTableEntry 13 }

 cienaCesAclRuleMatchOuterPcp OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "True if the ACL rule matches on the outer PCP, False otherwise.
         When True, the cienaCesAclRuleOuterPcp and cienaCesAclRuleOuterPcpMask fields
         will contain the outer PCP value and mask that are to be matched by this rule."
    ::= { cienaCesAclRuleConfigTableEntry 14 }
 
  cienaCesAclRuleOuterPcp OBJECT-TYPE
    SYNTAX      Unsigned32 (0..7)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Contains the outer PCP that is to be matched by this rule.  
         This field is not applicable when the cienaCesAclRuleMatchOuterPcp field is set to False."
    ::= { cienaCesAclRuleConfigTableEntry 15 }

 cienaCesAclRuleOuterPcpMask OBJECT-TYPE
    SYNTAX      Unsigned32 (0..7)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Contains the outer PCP mask that is to be matched by this rule.  
         This field is not applicable when the cienaCesAclRuleMatchOuterPcp field is set to False."
    ::= { cienaCesAclRuleConfigTableEntry 16 }

 cienaCesAclRuleMatchOuterDei OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "True if the ACL rule matches on the outer DEI bit, False otherwise.
         When True, the cienaCesAclRuleOuterDei field
         will contain the outer DEI value that is to be matched by this rule."
    ::= { cienaCesAclRuleConfigTableEntry 17 }

  cienaCesAclRuleOuterDei OBJECT-TYPE
    SYNTAX      Unsigned32 (0..1)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Contains the outer DEI bit that is to be matched by this rule. 
         This field is not applicable when the cienaCesAclRuleMatchOuterDei field is set to False."
    ::= { cienaCesAclRuleConfigTableEntry 18 }

 cienaCesAclRuleMatchBaseEtype OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "True if the ACL rule matches on the base ethertype, False otherwise.
         When True, the cienaCesAclRuleBaseEtype field
         will contain the base ethertype value that is to be matched by this rule."
    ::= { cienaCesAclRuleConfigTableEntry 19 }

  cienaCesAclRuleBaseEtype OBJECT-TYPE
    SYNTAX      Unsigned32 (0..65535)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Contains the base ethertype that is to be matched by this rule. 
         This field is not applicable when the cienaCesAclRuleMatchBaseEtype field is set to False."
    ::= { cienaCesAclRuleConfigTableEntry 20 }

 cienaCesAclRuleMatchSrcIpAddr OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "True if the ACL rule matches on the source IP address, False otherwise.
         When True, the cienaCesAclRuleSrcIpAddrType field will contain the 
         IP address type (IPv4 or IPv6) and the cienaCesAclRuleSrcIpAddr and 
         cienaCesAclRuleSrcIpAddrPrefixLength fields will contain the IP address
         value and mask that are to be matched by this rule."
    ::= { cienaCesAclRuleConfigTableEntry 21 }

 cienaCesAclRuleSrcIpAddrType OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Identifies the address family of the source IP address (IPv4/IPv6). This field is  
         not applicable when the cienaCesAclRuleMatchSrcIpAddr field is set to False"
    ::= { cienaCesAclRuleConfigTableEntry 22 }

 cienaCesAclRuleSrcIpAddr OBJECT-TYPE
    SYNTAX      InetAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Contains the source IP address that is to be matched by this rule.  
         This field is not applicable when the cienaCesAclRuleMatchSrcIpAddr field is set to False."
    ::= { cienaCesAclRuleConfigTableEntry 23 }

 cienaCesAclRuleSrcIpAddrPrefixLength OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Contains the prefix length of the source IP address that is to be matched by this rule.  
         This field is not applicable when the cienaCesAclRuleMatchSrcIpAddr field is set to False."
    ::= { cienaCesAclRuleConfigTableEntry 24 }

 cienaCesAclRuleMatchDstIpAddr OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "True if the ACL rule matches on the destination IP address, False otherwise.
         When True, the cienaCesAclRuleDstIpAddrType field will contain the 
         IP address type (IPv4 or IPv6) and the cienaCesAclRuleDstIpAddr and 
         cienaCesAclRuleDstIpAddrPrefixLength fields will contain the IP address
         value and mask that are to be matched by this rule."
    ::= { cienaCesAclRuleConfigTableEntry 25 }

 cienaCesAclRuleDstIpAddrType OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Identifies the address family of the destination IP address (IPv4/IPv6).   
         This field is not applicable when the cienaCesAclRuleMatchDstIpAddr field is set to False"
    ::= { cienaCesAclRuleConfigTableEntry 26 }

 cienaCesAclRuleDstIpAddr OBJECT-TYPE
    SYNTAX      InetAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Contains the destination IP address that is to be matched by this rule.  
         This field is not applicable when the cienaCesAclRuleMatchDstIpAddr field is set to False."
    ::= { cienaCesAclRuleConfigTableEntry 27 }

 cienaCesAclRuleDstIpAddrPrefixLength OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Contains the prefix length of the destination IP address that is to be matched by this rule.  
         This field is not applicable when the cienaCesAclRuleMatchDstIpAddr field is set to False."
    ::= { cienaCesAclRuleConfigTableEntry 28 }

 cienaCesAclRuleMatchIpProtocol OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "True if the ACL rule matches on the IP protocol, False otherwise.
         When True, the cienaCesAclRuleIpProtocol field
         will contain the IP protocol value that is to be matched by this rule."
    ::= { cienaCesAclRuleConfigTableEntry 29 }

 cienaCesAclRuleIpProtocol OBJECT-TYPE
    SYNTAX      Unsigned32 (0..255)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Contains the IP protocol value that is to be matched by this rule. This field is 
         not applicable when the cienaCesAclRuleMatchIpProtocol field is set to False."
    ::= { cienaCesAclRuleConfigTableEntry 30 }

 cienaCesAclRuleMatchDscp OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "True if the ACL rule matches on the DSCP value, False otherwise.
         When True, the cienaCesAclRuleDscp and cienaCesAclRuleDscpMask fields
         will contain the DSCP value and mask that are to be matched by this rule."
    ::= { cienaCesAclRuleConfigTableEntry 31 }

  cienaCesAclRuleDscp OBJECT-TYPE
    SYNTAX      Unsigned32 (0..63)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Contains the DSCP value that is to be matched by this rule.  
         This field is not applicable when the cienaCesAclRuleMatchDscp field is set to False."
    ::= { cienaCesAclRuleConfigTableEntry 32 }

 cienaCesAclRuleDscpMask OBJECT-TYPE
    SYNTAX      Unsigned32 (0..63)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Contains the outer DSCP mask that is to be matched by this rule. 
         This field is not applicable when the cienaCesAclRuleMatchDscp field is set to False."
    ::= { cienaCesAclRuleConfigTableEntry 33 }

 cienaCesAclRuleMatchL4SrcPort OBJECT-TYPE
    SYNTAX      AclL4PortMatchType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Indicates the type of L4 source port matching that the ACL rule is performing.
         A value of 'any' indicates that the rule matches any L4 source port.
         A value of 'single' indicates that the rules matches on a single L4 source port 
         specified in the cienaCesAclRuleL4SrcPort field. A value of 'range' indicates that 
         the rule matches on a range of ports, with the cienaCesAclRuleL4SrcPort field specifiying
         the lower bound and the cienaCesAclRuleL4SrcPortUpper specifying the upper bound of the range."
    ::= { cienaCesAclRuleConfigTableEntry 34 }

 cienaCesAclRuleL4SrcPort OBJECT-TYPE
    SYNTAX      InetPortNumber
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Contains the lower bound or single L4 source port value that is to be matched by this rule 
         depending on the value of cienaCesAclRuleMatchL4SrcPort.  
         This field is not applicable when the cienaCesAclRuleMatchL4SrcPort field is set to 'any'."
    ::= { cienaCesAclRuleConfigTableEntry 35 }

 cienaCesAclRuleL4SrcPortUpper OBJECT-TYPE
    SYNTAX      InetPortNumber
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Contains the upper bound of the L4 source port range that is to be matched by this rule 
         depending on the value of cienaCesAclRuleMatchL4SrcPort.  
         This field is not applicable when the cienaCesAclRuleMatchL4SrcPort field is set to 'any' or 'single'."
    ::= { cienaCesAclRuleConfigTableEntry 36 }

 cienaCesAclRuleMatchL4DstPort OBJECT-TYPE
    SYNTAX      AclL4PortMatchType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Indicates the type of L4 destination port matching that the ACL rule is performing.
         A value of 'any' indicates that the rule matches any L4 destination port.
         A value of 'single' indicates that the rules matches on a single L4 destination port 
         specified in the cienaCesAclRuleL4SrcPort field. A value of 'range' indicates that 
         the rule matches on a range of ports, with the cienaCesAclRuleL4DstPort field specifiying
         the lower bound and the cienaCesAclRuleL4DstPortUpper specifying the upper bound of the range."
    ::= { cienaCesAclRuleConfigTableEntry 37 }

 cienaCesAclRuleL4DstPort OBJECT-TYPE
    SYNTAX      InetPortNumber
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Contains the lower bound or single L4 destination port value that is to be matched by this rule 
         depending on the value of cienaCesAclRuleMatchL4DstPort.  
         This field is not applicable when the cienaCesAclRuleMatchL4DstPort field is set to 'any'."
    ::= { cienaCesAclRuleConfigTableEntry 38 }

 cienaCesAclRuleL4DstPortUpper OBJECT-TYPE
    SYNTAX      InetPortNumber
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Contains the upper bound of the L4 destination port range that is to be matched by this rule 
         depending on the value of cienaCesAclRuleMatchL4DstPort.  
         This field is not applicable when the cienaCesAclRuleMatchL4DstPort field is set to 'any' or 'single'."
    ::= { cienaCesAclRuleConfigTableEntry 39 }

 cienaCesAclRuleMatchL4DstProtocol OBJECT-TYPE
    SYNTAX      AclL4DstProtocol
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Indicates the L4 destination protocol name that is to be matched by this rule. 
         A value of 'any' indicates that the rule will match any protocol. Note that
         this field is mutually exclusive with cienaCesAclRuleMatchL4DstPort - i.e. only
         one of these fields can have a value different from 'any' at a given time."
    ::= { cienaCesAclRuleConfigTableEntry 40 }

 cienaCesAclRuleMatchIpFragment OBJECT-TYPE
    SYNTAX      AclIpFragmentMatchType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Indicates the type of IP fragment matching that is to be matched by this rule.
         A value of 'any' indicates that the rule will match both fragmented and non-fragmented
         packets. A value of 'fragment' indicates that the rule will match only fragmented packets. 
         A value of 'nonfragment' indicates that the rule will match only non-fragmented (head) packets."
    ::= { cienaCesAclRuleConfigTableEntry 41 }

 cienaCesAclRuleMatchTcpFlags OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "True if the ACL rule matches on specific TCP Flags, False otherwise.
         When True, the cienaCesAclRuleTcpFlags field will contain the TCP Flags 
         that are to be matched by this rule."
    ::= { cienaCesAclRuleConfigTableEntry 42 }

 cienaCesAclRuleTcpFlags OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Contains a comma-separated uppercase string list of TCP Flags 
         that are to be matched by this rule, i.e. 'SYN,ACK,RST,...'. 
         This field is not applicable when the cienaCesAclRuleMatchTcpFlags 
         field is set to False."
    ::= { cienaCesAclRuleConfigTableEntry 43 }


 --
 --  ACL Profile Attachment Table
 --                                   
 cienaCesAclProfileAttachmentTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF CienaCesAclProfileAttachmentTableEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table showing the interface attachments for each
         profile on the device. Each entry contains the name of
         the interface and the traffic direction on which the profile is applied." 
    ::= { cienaCesAclConfiguration 4 }
               
 cienaCesAclProfileAttachmentTableEntry OBJECT-TYPE
    SYNTAX      CienaCesAclProfileAttachmentTableEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An entry containing the ACL profile attachment data."
    INDEX { cienaCesAclProfileId, 
            cienaCesAclInterfaceType, 
            cienaCesAclInterfaceId 
          }
    ::= { cienaCesAclProfileAttachmentTable 1 }
                
 CienaCesAclProfileAttachmentTableEntry ::=  SEQUENCE { 
    cienaCesAclInterfaceType     AclInterfaceType,  
    cienaCesAclInterfaceId       Integer32,  
    cienaCesAclInterfaceName     DisplayString,
    cienaCesAclDirection         AclTrafficDirection                
    }
                    
 cienaCesAclInterfaceType OBJECT-TYPE
    SYNTAX      AclInterfaceType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The type of the interface to which this ACL profile is attached."
    ::= { cienaCesAclProfileAttachmentTableEntry 1 }

 cienaCesAclInterfaceId OBJECT-TYPE
    SYNTAX      Integer32 (1..1048576)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The ID of the interface to which this ACL profile is attached."
    ::= { cienaCesAclProfileAttachmentTableEntry 2 }

 cienaCesAclInterfaceName OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (1..31))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The name of the interface to which this ACL profile is attached."
    ::= { cienaCesAclProfileAttachmentTableEntry 3 }

 cienaCesAclDirection OBJECT-TYPE
    SYNTAX      AclTrafficDirection
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The interface's traffic direction (ingress/egress) on which the ACL profile is applied."
    ::= { cienaCesAclProfileAttachmentTableEntry 4 }



 --
 --  ACL Profile Global Rule Stats Table
 --                                   
 cienaCesAclProfileGlobalRuleStatsTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF CienaCesAclProfileGlobalRuleStatsTableEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table of global ACL profile rule statistics. Global ACL profile rule statistics
         are the aggregate counts of the hit statistics for all instances of the ACL profile's rules."  
    ::= { cienaCesAclStatistics 1 }
               
 cienaCesAclProfileGlobalRuleStatsTableEntry OBJECT-TYPE
    SYNTAX      CienaCesAclProfileGlobalRuleStatsTableEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An entry containing the ACL profile global rule hit statistics."
    INDEX { cienaCesAclProfileId, 
            cienaCesAclRulePrecedence 
          }
    ::= { cienaCesAclProfileGlobalRuleStatsTable 1 }
                
 CienaCesAclProfileGlobalRuleStatsTableEntry ::=  SEQUENCE { 
    cienaCesAclGlobalRuleStatsPacketCount      Counter64,
    cienaCesAclGlobalRuleStatsByteCount        Counter64
    }
        
 cienaCesAclGlobalRuleStatsPacketCount OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The number of packets that matched this ACL rule."
    ::= { cienaCesAclProfileGlobalRuleStatsTableEntry 1 }

 cienaCesAclGlobalRuleStatsByteCount OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The number of bytes that matched this ACL rule."
    ::= { cienaCesAclProfileGlobalRuleStatsTableEntry 2 }


 --
 --  ACL Profile Rule Instance Stats Table
 --                                   
 cienaCesAclProfileRuleInstanceStatsTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF CienaCesAclProfileRuleInstanceStatsTableEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table of ACL profile rule instance statistics. These ACL rule hit statistics are
         specific to the rules applied on the particular interface."  
    ::= { cienaCesAclStatistics 2 }
               
 cienaCesAclProfileRuleInstanceStatsTableEntry OBJECT-TYPE
    SYNTAX      CienaCesAclProfileRuleInstanceStatsTableEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An entry containing the ACL profile rule instance hit statistics."
    INDEX { cienaCesAclProfileId, 
            cienaCesAclInterfaceType,
            cienaCesAclInterfaceId, 
            cienaCesAclRulePrecedence 
          }
    ::= { cienaCesAclProfileRuleInstanceStatsTable 1 }
                
 CienaCesAclProfileRuleInstanceStatsTableEntry ::=  SEQUENCE { 
    cienaCesAclRuleInstanceStatsPacketCount       Counter64,
    cienaCesAclRuleInstanceStatsByteCount         Counter64
    }
        
 cienaCesAclRuleInstanceStatsPacketCount OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The number of packets that matched this ACL rule instance."
    ::= { cienaCesAclProfileRuleInstanceStatsTableEntry 1 }

 cienaCesAclRuleInstanceStatsByteCount OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The number of bytes that matched this ACL rule instance."
    ::= { cienaCesAclProfileRuleInstanceStatsTableEntry 2 }



END

