TEST : Validation for ACL Rules and created flows.
Also added ACL in the list.

Change-Id: I6842c72da0d2a87c1f2c77b83f6406ac73d8ceb4
diff --git a/src/test/acl/__init__.py b/src/test/acl/__init__.py
new file mode 100644
index 0000000..c38f621
--- /dev/null
+++ b/src/test/acl/__init__.py
@@ -0,0 +1,26 @@
+#
+# Copyright 2016-present Ciena Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+import os,sys
+##add the python path to lookup the utils
+working_dir = os.path.dirname(os.path.realpath(sys.argv[-1]))
+utils_dir = os.path.join(working_dir, '../utils')
+fsm_dir = os.path.join(working_dir, '../fsm')
+cli_dir = os.path.join(working_dir, '../cli')
+subscriber_dir = os.path.join(working_dir, '../subscriber')
+__path__.append(utils_dir)
+__path__.append(fsm_dir)
+__path__.append(cli_dir)
+__path__.append(subscriber_dir)
diff --git a/src/test/acl/aclTest.py b/src/test/acl/aclTest.py
new file mode 100644
index 0000000..8bc5f24
--- /dev/null
+++ b/src/test/acl/aclTest.py
@@ -0,0 +1,1159 @@
+#
+# Copyright 2016-present Ciena Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+import unittest
+from nose.tools import *
+from scapy.all import *
+from OnosCtrl import OnosCtrl, get_mac
+from OltConfig import OltConfig
+from OnosFlowCtrl import OnosFlowCtrl
+from onosclidriver import OnosCliDriver
+from CordContainer import Container, Onos
+from portmaps import g_subscriber_port_map
+from CordTestServer import cord_test_onos_restart
+from ACL import ACLTest
+import threading
+import time
+import os
+import json
+import pexpect
+log.setLevel('INFO')
+
+class acl_exchange(unittest.TestCase):
+
+    app = ('org.onosproject.acl')
+    device_id = 'of:' + get_mac('ovsbr0')
+    test_path = os.path.dirname(os.path.realpath(__file__))
+    onos_config_path = os.path.join(test_path, '..', 'setup/onos-config')
+    GATEWAY = '192.168.10.50'
+    INGRESS_PORT = 1
+    EGRESS_PORT = 2
+    ingress_iface = 1
+    egress_iface = 2
+    MAX_PORTS = 100
+    CURRENT_PORT_NUM = egress_iface 
+    ACL_SRC_IP = '192.168.20.3/32'
+    ACL_DST_IP = '192.168.30.2/32'
+    ACL_SRC_IP_RULE_2 = '192.168.40.3/32'
+    ACL_DST_IP_RULE_2 = '192.168.50.2/32'
+    ACL_SRC_IP_PREFIX_24 = '192.168.20.3/24'
+    ACL_DST_IP_PREFIX_24 = '192.168.30.2/24'
+    HOST_DST_IP = '192.168.30.0/24'
+    HOST_DST_IP_RULE_2 = '192.168.50.0/24'
+
+    @classmethod
+    def setUpClass(cls):
+        cls.olt = OltConfig()
+        cls.port_map,_ = cls.olt.olt_port_map()
+        if not cls.port_map:
+            cls.port_map = g_subscriber_port_map
+        time.sleep(3)
+        log.info('port_map = %s'%cls.port_map[1] )
+
+    @classmethod
+    def tearDownClass(cls):
+        '''Deactivate the acl app'''
+
+
+    def setUp(self):
+        ''' Activate the acl app'''
+        self.maxDiff = None ##for assert_equal compare outputs on failure
+        self.onos_ctrl = OnosCtrl(self.app)
+        status, _ = self.onos_ctrl.activate()
+        assert_equal(status, True)
+        time.sleep(3)
+        status, _ = ACLTest.remove_acl_rule()
+        log.info('Start setup')
+        assert_equal(status, True)
+
+    def tearDown(self):
+        '''Deactivate the acl app'''
+        log.info('Tear down setup')
+        self.CURRENT_PORT_NUM = 4 
+
+    def cliEnter(self):
+        retries = 0
+        while retries < 3:
+            self.cli = OnosCliDriver(connect = True)
+            if self.cli.handle:
+                break
+            else:
+                retries += 1
+                time.sleep(2)
+
+    def cliExit(self):
+        self.cli.disconnect()
+
+    @classmethod
+    def acl_hosts_add(cls, dstHostIpMac, egress_iface_count = 1,  egress_iface_num = None):
+        index = 0
+        if egress_iface_num is None:
+            egress_iface_num = cls.egress_iface
+        for ip,_ in dstHostIpMac:
+            egress = cls.port_map[egress_iface_num]
+            log.info('Assigning ip %s to interface %s' %(ip, egress))
+            config_cmds_egress = ( 'ifconfig {} 0'.format(egress),
+                                   'ifconfig {0} up'.format(egress),
+                                   'ifconfig {0} {1}'.format(egress, ip),
+                                   'arping -I {0} {1} -c 2'.format(egress, ip.split('/')[0]),
+                                   'ifconfig {0}'.format(egress),
+                                 )
+            for cmd in config_cmds_egress:
+                os.system(cmd)
+            index += 1
+            if index == egress_iface_count:
+               break
+            egress_iface_count += 1
+            egress_iface_num += 1
+            
+
+    @classmethod
+    def acl_hosts_remove(cls, egress_iface_count = 1,  egress_iface_num = None):
+        if egress_iface_num is None:
+           egress_iface_num = cls.egress_iface  
+        n = 0
+        for n in range(egress_iface_count):
+           egress = cls.port_map[egress_iface_num]
+           config_cmds_egress = ('ifconfig {} 0'.format(egress))
+           os.system(config_cmds_egress)
+           egress_iface_num += 1
+
+#    @classmethod
+    def acl_rule_traffic_send_recv(self, srcMac, dstMac, srcIp, dstIp, ingress =None, egress=None, ip_proto=None, dstPortNum = None, positive_test = True):
+        if ingress is None:
+           ingress = self.ingress_iface
+        if egress is None:
+           egress = self.egress_iface
+        ingress = self.port_map[ingress]
+        egress = self.port_map[egress]
+        self.success = False if positive_test else True
+        timeout = 10 if positive_test else 1
+        count = 2 if positive_test else 1
+        self.start_sending = True
+        def recv_task():
+            def recv_cb(pkt):
+                log.info('Pkt seen with ingress ip %s, egress ip %s' %(pkt[IP].src, pkt[IP].dst))
+                self.success = True if positive_test else False
+            sniff(count=count, timeout=timeout,
+                  lfilter = lambda p: IP in p and p[IP].dst == dstIp.split('/')[0] and p[IP].src == srcIp.split('/')[0],
+                  prn = recv_cb, iface = egress)
+            self.start_sending = False
+
+        t = threading.Thread(target = recv_task)
+        t.start()
+        L2 = Ether(src = srcMac, dst = dstMac)
+        L3 = IP(src = srcIp.split('/')[0], dst = dstIp.split('/')[0])
+        pkt = L2/L3
+        log.info('Sending a packet with dst ip %s, src ip %s , dst mac %s src mac %s on port %s to verify if flows are correct' %
+                 (dstIp.split('/')[0], srcIp.split('/')[0], dstMac, srcMac, ingress))
+        while self.start_sending is True:
+            sendp(pkt, count=50, iface = ingress)
+        t.join()
+        assert_equal(self.success, True)
+
+    @classmethod
+    def onos_load_config(cls, config):
+        status, code = OnosCtrl.config(config)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+
+    def test_acl_allow_rule(self):
+        acl_rule = ACLTest()
+        status, code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+	aclRules1 = result.json()['aclRules']
+	log.info('Added ACL rules  = %s' %result.json()['aclRules'])
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 1)
+
+    def test_acl_allow_rule_with_24_bit_mask(self):
+        acl_rule = ACLTest()
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP_PREFIX_24, dstIp =self.ACL_DST_IP_PREFIX_24, action = 'allow')
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+	log.info('Added ACL rules  = %s' %result.json()['aclRules'])
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 1)
+
+    def test_acl_deny_rule(self):
+        acl_rule = ACLTest()
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'deny')
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+	aclRules1 = result.json()['aclRules']
+	log.info('Added ACL rules  = %s' %result.json()['aclRules'])
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 1)
+
+    def test_acl_deny_rule_with_24_bit_mask(self):
+        acl_rule = ACLTest()
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP_PREFIX_24, dstIp =self.ACL_DST_IP_PREFIX_24, action = 'deny')
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+	log.info('Added ACL rules  = %s' %result.json()['aclRules'])
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 1)
+
+    def test_acl_add_remove_rule(self):
+        acl_rule = ACLTest()
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+	log.info('Added ACL rules  = %s' %result.json()['aclRules'])
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        status, code = acl_rule.remove_acl_rule(acl_Id[0])
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+
+    def test_acl_add_remove_all_rules(self):
+        acl_rule = ACLTest()
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
+        status,code = acl_rule.adding_acl_rule('v4', srcIp='10.10.10.10/24', dstIp ='20.20.20.20/24', action = 'deny')
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+	log.info('Added ACL rules  = %s' %result.json()['aclRules'])
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        status, _ = ACLTest.remove_acl_rule()
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        
+    def test_acl_remove_all_rules_without_add(self):
+        status, _ = ACLTest.remove_acl_rule()
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+
+    def test_acl_allow_and_deny_rule_for_same_src_and_dst_ip(self):
+        acl_rule = ACLTest()
+        status, code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'deny')
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, False)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+	log.info('Added ACL rules  = %s' %result.json()['aclRules'])
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 1)
+        status, _ = ACLTest.remove_acl_rule()
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        
+    def test_acl_allow_rules_for_matched_dst_ips(self):
+        acl_rule = ACLTest()
+        status, code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp ='192.168.30.2/24', action = 'allow')
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        status, code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, False)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+	log.info('Added ACL rules  = %s' %result.json()['aclRules'])
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 1)
+        status, _ = ACLTest.remove_acl_rule()
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+
+    def test_acl_with_matching_src_and_dst_ip_traffic(self):
+        ingress = self.ingress_iface
+        egress = self.CURRENT_PORT_NUM
+	acl_rule = ACLTest()
+        status, code, host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
+        self.CURRENT_PORT_NUM += 1
+        time.sleep(5)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        srcMac = '00:00:00:00:00:11'
+        dstMac = host_ip_mac[0][1]
+        self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1,  egress_iface_num = egress )
+        status, code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
+        time.sleep(10)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+	aclRules1 = result.json()['aclRules']
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 1)
+	log.info('Added ACL rules = %s' %result.json()['aclRules'])
+        self.cliEnter()
+        ##Now verify
+        hosts = json.loads(self.cli.hosts(jsonFormat = True))
+        log.info('Discovered hosts: %s' %hosts)
+        flows = json.loads(self.cli.flows(jsonFormat = True))
+        flows = filter(lambda f: f['flows'], flows)
+        #log.info('Flows: %s' %flows)
+        assert_not_equal(len(flows), 0)
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP')
+        self.cliExit()
+        self.acl_hosts_remove(egress_iface_count = 1,  egress_iface_num = egress)
+
+    def test_acl_with_matching_24bit_mask_src_and_dst_ip_traffic(self):
+        ingress = self.ingress_iface
+        egress = self.CURRENT_PORT_NUM
+        acl_rule = ACLTest()
+        status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
+        self.CURRENT_PORT_NUM += 1
+        time.sleep(5)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        srcMac = '00:00:00:00:00:11'
+        dstMac = host_ip_mac[0][1]
+        self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1,  egress_iface_num = egress )
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP_PREFIX_24, dstIp =self.ACL_DST_IP_PREFIX_24, action = 'allow')
+        time.sleep(10)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 1)
+	log.info('Added ACL rules  = %s' %result.json()['aclRules'])
+        self.cliEnter()
+        ##Now verify
+        hosts = json.loads(self.cli.hosts(jsonFormat = True))
+        log.info('Discovered hosts: %s' %hosts)
+        flows = json.loads(self.cli.flows(jsonFormat = True))
+        flows = filter(lambda f: f['flows'], flows)
+        #log.info('Flows: %s' %flows)
+        assert_not_equal(len(flows), 0)
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP, ingress =ingress, egress = egress, ip_proto = 'UDP')
+        self.cliExit()
+        self.acl_hosts_remove(egress_iface_count = 1,  egress_iface_num = egress)
+
+    def test_acl_with_non_matching_src_and_dst_ip_traffic(self):
+        ingress = self.ingress_iface
+        egress = self.CURRENT_PORT_NUM
+	acl_rule = ACLTest()
+        status, code, host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
+        self.CURRENT_PORT_NUM += 1
+        time.sleep(5)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        srcMac = '00:00:00:00:00:11'
+        dstMac = host_ip_mac[0][1]
+        self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1,  egress_iface_num = egress )
+        status, code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
+        time.sleep(10)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+	aclRules1 = result.json()['aclRules']
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 1)
+	log.info('Added ACL rules  = %s' %result.json()['aclRules'])
+        self.cliEnter()
+        ##Now verify
+        hosts = json.loads(self.cli.hosts(jsonFormat = True))
+        log.info('Discovered hosts: %s' %hosts)
+        flows = json.loads(self.cli.flows(jsonFormat = True))
+        flows = filter(lambda f: f['flows'], flows)
+        #log.info('Flows: %s' %flows)
+        assert_not_equal(len(flows), 0)
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac, srcIp ='192.168.40.1/24', dstIp = self.ACL_DST_IP, ingress=ingress, egress = egress, ip_proto = 'UDP', positive_test = False )
+        self.cliExit()
+        self.acl_hosts_remove(egress_iface_count = 1,  egress_iface_num = egress)
+
+    def test_acl_deny_rule_with_matching_src_and_dst_ip_traffic(self):
+        ingress = self.ingress_iface
+        egress = self.CURRENT_PORT_NUM
+        acl_rule = ACLTest()
+        status, code, host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
+        self.CURRENT_PORT_NUM += 1
+        time.sleep(5)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        srcMac = '00:00:00:00:00:11'
+        dstMac = host_ip_mac[0][1]
+        self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1,  egress_iface_num = egress )
+        status, code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'deny')
+        time.sleep(10)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 1)
+	log.info('Added ACL rules  = %s' %result.json()['aclRules'])
+        self.cliEnter()
+        ##Now verify
+        hosts = json.loads(self.cli.hosts(jsonFormat = True))
+        log.info('Discovered hosts: %s' %hosts)
+        flows = json.loads(self.cli.flows(jsonFormat = True))
+        flows = filter(lambda f: f['flows'], flows)
+        #log.info('Flows: %s' %flows)
+        assert_not_equal(len(flows), 0)
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', positive_test = False)
+        self.cliExit()
+        self.acl_hosts_remove(egress_iface_count = 1,  egress_iface_num = egress)
+
+    def test_acl_deny_rule_with_src_and_dst_ip_applying_24_bit_mask_for_matching_traffic(self):
+        ingress = self.ingress_iface
+        egress = self.CURRENT_PORT_NUM
+        acl_rule = ACLTest()
+        status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
+        self.CURRENT_PORT_NUM += 1
+        time.sleep(5)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        srcMac = '00:00:00:00:00:11'
+        dstMac = host_ip_mac[0][1]
+        self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1,  egress_iface_num = egress )
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP_PREFIX_24, dstIp =self.ACL_DST_IP_PREFIX_24, action = 'deny')
+        time.sleep(10)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 1)
+	log.info('Added ACL rules  = %s' %result.json()['aclRules'])
+        self.cliEnter()
+        ##Now verify
+        hosts = json.loads(self.cli.hosts(jsonFormat = True))
+        log.info('Discovered hosts: %s' %hosts)
+        flows = json.loads(self.cli.flows(jsonFormat = True))
+        flows = filter(lambda f: f['flows'], flows)
+        #log.info('Flows: %s' %flows)
+        assert_not_equal(len(flows), 0)
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP_PREFIX_24, dstIp = self.ACL_DST_IP_PREFIX_24,ingress =ingress, egress = egress, ip_proto = 'UDP', positive_test = False)
+        self.cliExit()
+        self.acl_hosts_remove(egress_iface_count = 1,  egress_iface_num = egress)
+
+    def test_acl_deny_rule_with_non_matching_src_and_dst_ip_traffic(self):
+        ingress = self.ingress_iface
+        egress = self.CURRENT_PORT_NUM
+        acl_rule = ACLTest()
+        status, code, host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
+        self.CURRENT_PORT_NUM += 1
+        time.sleep(5)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        srcMac = '00:00:00:00:00:11'
+        dstMac = host_ip_mac[0][1]
+        self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1,  egress_iface_num = egress )
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
+        time.sleep(10)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 1)
+	log.info('Added ACL rules  = %s' %result.json()['aclRules'])
+        self.cliEnter()
+        ##Now verify
+        hosts = json.loads(self.cli.hosts(jsonFormat = True))
+        log.info('Discovered hosts: %s' %hosts)
+        flows = json.loads(self.cli.flows(jsonFormat = True))
+        flows = filter(lambda f: f['flows'], flows)
+        #log.info('Flows: %s' %flows)
+        assert_not_equal(len(flows), 0)
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp ='192.168.40.1/24', dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', positive_test = False)
+        self.cliExit()
+        self.acl_hosts_remove(egress_iface_count = 1,  egress_iface_num = egress)
+
+    def test_acl_allow_and_deny_rules_with_matching_src_and_dst_ip_traffic(self):
+        ingress = self.ingress_iface
+        egress = self.CURRENT_PORT_NUM
+        acl_rule = ACLTest()
+        status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
+        self.CURRENT_PORT_NUM += 1
+        time.sleep(5)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        srcMac = '00:00:00:00:00:11'
+        dstMac = host_ip_mac[0][1]
+        self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1,  egress_iface_num = egress )
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
+        time.sleep(10)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 1)
+	log.info('Added ACL rules  = %s' %result.json()['aclRules'])
+        self.cliEnter()
+        ##Now verify
+        hosts = json.loads(self.cli.hosts(jsonFormat = True))
+        log.info('Discovered hosts: %s' %hosts)
+        flows = json.loads(self.cli.flows(jsonFormat = True))
+        flows = filter(lambda f: f['flows'], flows)
+        #log.info('Flows: %s' %flows)
+        assert_not_equal(len(flows), 0)
+        egress = self.CURRENT_PORT_NUM
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress ,ip_proto = 'UDP')
+        status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP_RULE_2)
+        self.CURRENT_PORT_NUM += 1
+        time.sleep(5)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        dstMac = host_ip_mac[0][1]
+        self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1,  egress_iface_num = egress )
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP_RULE_2, dstIp =self.ACL_DST_IP_RULE_2, action = 'deny')
+        time.sleep(10)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 2)
+	log.info('Added ACL rules  = %s' %result.json()['aclRules'])
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP_RULE_2, dstIp = self.ACL_DST_IP_RULE_2,ingress =ingress, egress = egress, ip_proto = 'UDP', positive_test = False)
+        ### crossing checking that we should not receive allow acl rule traffic on onther host non matched traffic
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, positive_test = False)
+        self.cliExit()
+        self.acl_hosts_remove(egress_iface_count = 1,  egress_iface_num = egress)
+
+    def test_acl_for_l4_acl_rule(self):
+        acl_rule = ACLTest()
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='TCP', dstTpPort ='222', action = 'allow')
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+	aclRules1 = result.json()['aclRules']
+	log.info('Added ACL rules  = %s' %result.json()['aclRules'])
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 1)
+
+    def test_acl_for_remove_l4_rule(self):
+        acl_rule = ACLTest()
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='UDP', dstTpPort ='245', action = 'allow')
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+	log.info('Added ACL rules  = %s' %result.json()['aclRules'])
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        status, code = acl_rule.remove_acl_rule(acl_Id[0])
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+
+    def test_acl_for_remove_l4_rules(self):
+        acl_rule = ACLTest()
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='TCP', dstTpPort ='567', action = 'allow')
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='UDP', dstTpPort ='245', action = 'deny')
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='ICMP', dstTpPort ='1',action = 'allow')
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+	log.info('Added ACL rules  = %s' %result.json()['aclRules'])
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 3)
+        status, _ = ACLTest.remove_acl_rule()
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+
+    def test_acl_adding_specific_l4_and_all_l4_allow_rule(self):
+        acl_rule = ACLTest()
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='TCP', dstTpPort ='222', action = 'allow')
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+	log.info('Added ACL rules  = %s' %result.json()['aclRules'])
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 2)
+
+    def test_acl_adding_all_l4_and_specific_l4_allow_rule(self):
+        acl_rule = ACLTest()
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='UDP', dstTpPort ='345', action = 'allow')
+        if status is True:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+	log.info('Added ACL rules  = %s' %result.json()['aclRules'])
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 1)
+
+    def test_acl_with_specific_l4_and_all_l4_deny_rule(self):
+        acl_rule = ACLTest()
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='TCP', dstTpPort ='222', action = 'deny')
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'deny')
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+	log.info('Added ACL rules  = %s' %result.json()['aclRules'])
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 2)
+
+    def test_acl_with_all_l4_and_specific_l4_deny_rule(self):
+        acl_rule = ACLTest()
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'deny')
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='UDP', dstTpPort ='345', action = 'deny')
+        if status is True:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+	log.info('Added ACL rules  = %s' %result.json()['aclRules'])
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 1)
+
+    def test_acl_with_specific_l4_deny_and_all_l4_allow_rule(self):
+        acl_rule = ACLTest()
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='TCP', dstTpPort ='222', action = 'deny')
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+	log.info('Added ACL rules  = %s' %result.json()['aclRules'])
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 2)
+
+    def test_acl_deny_all_l4_and_allow_specific_l4_rule(self):
+        acl_rule = ACLTest()
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'deny')
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='UDP', dstTpPort ='345', action = 'allow')
+        if status is True:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+	log.info('Added ACL rules  = %s' %result.json()['aclRules'])
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 1)
+
+    def test_acl_tcp_port_allow_rule_for_matching_and_non_matching_traffic(self):
+        ingress = self.ingress_iface
+        egress = self.CURRENT_PORT_NUM
+        acl_rule = ACLTest()
+        status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
+        self.CURRENT_PORT_NUM += 1
+        time.sleep(5)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        srcMac = '00:00:00:00:00:11'
+        dstMac = host_ip_mac[0][1]
+        self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1,  egress_iface_num = egress )
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='TCP', dstTpPort ='222', action = 'allow')
+        time.sleep(20)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 1)
+        log.info('Added ACL Rules = %s' %result.json()['aclRules'])
+        self.cliEnter()
+        ##Now verify
+        hosts = json.loads(self.cli.hosts(jsonFormat = True))
+        log.info('Discovered hosts: %s' %hosts)
+        flows = json.loads(self.cli.flows(jsonFormat = True))
+        flows = filter(lambda f: f['flows'], flows)
+        #log.info('Flows: %s' %flows)
+        assert_not_equal(len(flows), 0)
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'TCP', dstPortNum = 222)
+        ## Non-matching traffic for TCP portocol testing
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'TCP', dstPortNum = 444, positive_test = False)
+        self.cliExit()
+        self.acl_hosts_remove(egress_iface_count = 1,  egress_iface_num = egress)
+
+    def test_acl_udp_port_allow_rule_for_matching_and_non_matching_traffic(self):
+        ingress = self.ingress_iface
+        egress = self.CURRENT_PORT_NUM
+        acl_rule = ACLTest()
+        status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
+        self.CURRENT_PORT_NUM += 1
+        time.sleep(5)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        srcMac = '00:00:00:00:00:11'
+        dstMac = host_ip_mac[0][1]
+        self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1,  egress_iface_num = egress )
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='UDP', dstTpPort ='456', action = 'allow')
+        time.sleep(20)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 1)
+        log.info('Added ACL Rules = %s' %result.json()['aclRules'])
+        self.cliEnter()
+        ##Now verify
+        hosts = json.loads(self.cli.hosts(jsonFormat = True))
+        log.info('Discovered hosts: %s' %hosts)
+        flows = json.loads(self.cli.flows(jsonFormat = True))
+        flows = filter(lambda f: f['flows'], flows)
+        #log.info('Flows: %s' %flows)
+        assert_not_equal(len(flows), 0)
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', dstPortNum = 456)
+        ## Non-matching traffic for TCP portocol testing
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', dstPortNum = 654, positive_test = False)
+        self.cliExit()
+        self.acl_hosts_remove(egress_iface_count = 1,  egress_iface_num = egress)
+
+    def test_acl_icmp_port_allow_rule_for_matching_and_non_matching_traffic(self):
+        ingress = self.ingress_iface
+        egress = self.CURRENT_PORT_NUM
+        acl_rule = ACLTest()
+        status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
+        self.CURRENT_PORT_NUM += 1
+        time.sleep(5)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        srcMac = '00:00:00:00:00:11'
+        dstMac = host_ip_mac[0][1]
+        self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1,  egress_iface_num = egress )
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='ICMP', dstTpPort ='1', action = 'allow')
+        time.sleep(20)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 1)
+        log.info('Added ACL Rules = %s' %result.json()['aclRules'])
+        self.cliEnter()
+        ##Now verify
+        hosts = json.loads(self.cli.hosts(jsonFormat = True))
+        log.info('Discovered hosts: %s' %hosts)
+        flows = json.loads(self.cli.flows(jsonFormat = True))
+        flows = filter(lambda f: f['flows'], flows)
+        #log.info('Flows: %s' %flows)
+        assert_not_equal(len(flows), 0)
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'ICMP', dstPortNum = 1)
+        ## Non-matching traffic for TCP portocol testing
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'ICMP', dstPortNum = 2, positive_test = False)
+        self.cliExit()
+        self.acl_hosts_remove(egress_iface_count = 1,  egress_iface_num = egress)
+
+    def test_acl_tcp_port_deny_rule_for_matching_and_non_matching_traffic(self):
+        ingress = self.ingress_iface
+        egress = self.CURRENT_PORT_NUM
+        acl_rule = ACLTest()
+        status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
+        self.CURRENT_PORT_NUM += 1
+        time.sleep(5)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        srcMac = '00:00:00:00:00:11'
+        dstMac = host_ip_mac[0][1]
+        self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1,  egress_iface_num = egress )
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='TCP', dstTpPort ='222', action = 'deny')
+        time.sleep(20)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 1)
+        log.info('Added ACL Rules = %s' %result.json()['aclRules'])
+        self.cliEnter()
+        ##Now verify
+        hosts = json.loads(self.cli.hosts(jsonFormat = True))
+        log.info('Discovered hosts: %s' %hosts)
+        flows = json.loads(self.cli.flows(jsonFormat = True))
+        flows = filter(lambda f: f['flows'], flows)
+        #log.info('Flows: %s' %flows)
+        assert_not_equal(len(flows), 0)
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'TCP', dstPortNum = 222, positive_test = False)
+        ## Non-matching traffic for TCP portocol testing
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'TCP', dstPortNum = 444, positive_test = False)
+        self.cliExit()
+        self.acl_hosts_remove(egress_iface_count = 1,  egress_iface_num = egress)
+
+    def test_acl_udp_port_deny_rule_for_matching_and_non_matching_traffic(self):
+        ingress = self.ingress_iface
+        egress = self.CURRENT_PORT_NUM
+        acl_rule = ACLTest()
+        status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
+        self.CURRENT_PORT_NUM += 1
+        time.sleep(5)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        srcMac = '00:00:00:00:00:11'
+        dstMac = host_ip_mac[0][1]
+        self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1,  egress_iface_num = egress )
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='UDP', dstTpPort ='654', action = 'deny')
+        time.sleep(20)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 1)
+        log.info('Added ACL Rules = %s' %result.json()['aclRules'])
+        self.cliEnter()
+        ##Now verify
+        hosts = json.loads(self.cli.hosts(jsonFormat = True))
+        log.info('Discovered hosts: %s' %hosts)
+        flows = json.loads(self.cli.flows(jsonFormat = True))
+        flows = filter(lambda f: f['flows'], flows)
+        #log.info('Flows: %s' %flows)
+        assert_not_equal(len(flows), 0)
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', dstPortNum = 654, positive_test = False)
+        ## Non-matching traffic for TCP portocol testing
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', dstPortNum = 444, positive_test = False)
+        self.cliExit()
+        self.acl_hosts_remove(egress_iface_count = 1,  egress_iface_num = egress)
+
+    def test_acl_icmp_port_deny_rule_for_matching_and_non_matching_traffic(self):
+        ingress = self.ingress_iface
+        egress = self.CURRENT_PORT_NUM
+        acl_rule = ACLTest()
+        status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
+        self.CURRENT_PORT_NUM += 1
+        time.sleep(5)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        srcMac = '00:00:00:00:00:11'
+        dstMac = host_ip_mac[0][1]
+        self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1,  egress_iface_num = egress )
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='ICMP', dstTpPort ='1', action = 'deny')
+        time.sleep(20)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 1)
+        log.info('Added ACL Rules = %s' %result.json()['aclRules'])
+        self.cliEnter()
+        ##Now verify
+        hosts = json.loads(self.cli.hosts(jsonFormat = True))
+        log.info('Discovered hosts: %s' %hosts)
+        flows = json.loads(self.cli.flows(jsonFormat = True))
+        flows = filter(lambda f: f['flows'], flows)
+        #log.info('Flows: %s' %flows)
+        assert_not_equal(len(flows), 0)
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'ICMP', dstPortNum = 1, positive_test = False)
+        ## Non-matching traffic for TCP portocol testing
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'ICMP', dstPortNum = 2, positive_test = False)
+        self.cliExit()
+        self.acl_hosts_remove(egress_iface_count = 1,  egress_iface_num = egress)
+
+    def test_acl_two_allow_rules_for_tcp_port_matching_traffic(self):
+        ingress = self.ingress_iface
+        egress = self.CURRENT_PORT_NUM
+        acl_rule = ACLTest()
+        status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
+        self.CURRENT_PORT_NUM += 1
+        time.sleep(5)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        srcMac = '00:00:00:00:00:11'
+        dstMac = host_ip_mac[0][1]
+        self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1,  egress_iface_num = egress )
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='TCP', dstTpPort ='222', action = 'allow')
+        time.sleep(10)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 1)
+        log.info('Added ACL rules = %s' %result.json()['aclRules'])
+        self.cliEnter()
+        ##Now verify
+        hosts = json.loads(self.cli.hosts(jsonFormat = True))
+        log.info('Discovered hosts: %s' %hosts)
+        flows = json.loads(self.cli.flows(jsonFormat = True))
+        flows = filter(lambda f: f['flows'], flows)
+        #log.info('Flows: %s' %flows)
+        assert_not_equal(len(flows), 0)
+        egress = self.CURRENT_PORT_NUM
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'TCP', dstPortNum = 222)
+        status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP_RULE_2)
+        self.CURRENT_PORT_NUM += 1
+        time.sleep(5)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        dstMac = host_ip_mac[0][1]
+        self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1,  egress_iface_num = egress )
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP_RULE_2, dstIp =self.ACL_DST_IP_RULE_2, ipProto ='TCP', dstTpPort ='345', action = 'allow')
+        time.sleep(10)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 2)
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP_RULE_2, dstIp = self.ACL_DST_IP_RULE_2,ingress =ingress, egress = egress, ip_proto = 'TCP', dstPortNum = 345)
+        ### crossing checking that we should not receive allow acl rule traffic on onther host non matched traffic
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'TCP', dstPortNum = 222, positive_test = False)
+        self.cliExit()
+        self.acl_hosts_remove(egress_iface_count = 2,  egress_iface_num = egress-1)
+
+    def test_acl_two_allow_rules_for_udp_ports_matching_traffic(self):
+        ingress = self.ingress_iface
+        egress = self.CURRENT_PORT_NUM
+        acl_rule = ACLTest()
+        status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
+        self.CURRENT_PORT_NUM += 1
+        time.sleep(5)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        srcMac = '00:00:00:00:00:11'
+        dstMac = host_ip_mac[0][1]
+        self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1,  egress_iface_num = egress )
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, ipProto ='UDP', dstTpPort ='987', action = 'allow')
+        time.sleep(10)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 1)
+        log.info('Added ACL rules = %s' %result.json()['aclRules'])
+        self.cliEnter()
+        ##Now verify
+        hosts = json.loads(self.cli.hosts(jsonFormat = True))
+        log.info('Discovered hosts: %s' %hosts)
+        flows = json.loads(self.cli.flows(jsonFormat = True))
+        flows = filter(lambda f: f['flows'], flows)
+        #log.info('Flows: %s' %flows)
+        assert_not_equal(len(flows), 0)
+        egress = self.CURRENT_PORT_NUM
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', dstPortNum = 987)
+        status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP_RULE_2)
+        self.CURRENT_PORT_NUM += 1
+        time.sleep(5)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        dstMac = host_ip_mac[0][1]
+        self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1,  egress_iface_num = egress )
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP_RULE_2, dstIp =self.ACL_DST_IP_RULE_2, ipProto ='TCP', dstTpPort ='345', action = 'allow')
+        time.sleep(10)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 2)
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP_RULE_2, dstIp = self.ACL_DST_IP_RULE_2,ingress =ingress, egress = egress, ip_proto = 'TCP', dstPortNum = 345)
+        ### crossing checking that we should not receive allow acl rule traffic on onther host non matched traffic
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', dstPortNum = 987, positive_test = False)
+        self.cliExit()
+        self.acl_hosts_remove(egress_iface_count = 2,  egress_iface_num = egress-1)
+
+    def test_acl_two_allow_rules_for_src_ips_dst_ips_and_l4_ports_matching_traffic(self):
+        ingress = self.ingress_iface
+        egress = self.CURRENT_PORT_NUM
+        acl_rule = ACLTest()
+        status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
+        self.CURRENT_PORT_NUM += 1
+        time.sleep(5)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        srcMac = '00:00:00:00:00:11'
+        dstMac = host_ip_mac[0][1]
+        self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1,  egress_iface_num = egress )
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'allow')
+        time.sleep(10)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 1)
+        log.info('Added ACL rules = %s' %result.json()['aclRules'])
+        self.cliEnter()
+        ##Now verify
+        hosts = json.loads(self.cli.hosts(jsonFormat = True))
+        log.info('Discovered hosts: %s' %hosts)
+        flows = json.loads(self.cli.flows(jsonFormat = True))
+        flows = filter(lambda f: f['flows'], flows)
+        #log.info('Flows: %s' %flows)
+        assert_not_equal(len(flows), 0)
+        egress = self.CURRENT_PORT_NUM
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP')
+        status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP_RULE_2)
+        self.CURRENT_PORT_NUM += 1
+        time.sleep(5)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        dstMac = host_ip_mac[0][1]
+        self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1,  egress_iface_num = egress )
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP_RULE_2, dstIp =self.ACL_DST_IP_RULE_2, ipProto ='TCP', dstTpPort ='345', action = 'allow')
+        time.sleep(10)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 2)
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP_RULE_2, dstIp = self.ACL_DST_IP_RULE_2,ingress =ingress, egress = egress, ip_proto = 'TCP', dstPortNum = 345)
+        ### crossing checking that we should not receive allow acl rule traffic on onther host non matched traffic
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', dstPortNum = 987, positive_test = False)
+        self.cliExit()
+        self.acl_hosts_remove(egress_iface_count = 2,  egress_iface_num = egress-1)
+
+    def test_acl_allow_and_deny_rules_for_src_ips_dst_ips_and_l4_ports_matching_traffic(self):
+        ingress = self.ingress_iface
+        egress = self.CURRENT_PORT_NUM
+        acl_rule = ACLTest()
+        status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP)
+        self.CURRENT_PORT_NUM += 1
+        time.sleep(5)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        srcMac = '00:00:00:00:00:11'
+        dstMac = host_ip_mac[0][1]
+        self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1,  egress_iface_num = egress )
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP, dstIp =self.ACL_DST_IP, action = 'deny')
+        time.sleep(10)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 1)
+        log.info('Added ACL rules = %s' %result.json()['aclRules'])
+        self.cliEnter()
+        ##Now verify
+        hosts = json.loads(self.cli.hosts(jsonFormat = True))
+        log.info('Discovered hosts: %s' %hosts)
+        flows = json.loads(self.cli.flows(jsonFormat = True))
+        flows = filter(lambda f: f['flows'], flows)
+        #log.info('Flows: %s' %flows)
+        assert_not_equal(len(flows), 0)
+        egress = self.CURRENT_PORT_NUM
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', positive_test = False)
+        status,code,host_ip_mac = acl_rule.generate_onos_interface_config(iface_num= self.CURRENT_PORT_NUM, iface_name = 'b1',iface_count = 1, iface_ip = self.HOST_DST_IP_RULE_2)
+        self.CURRENT_PORT_NUM += 1
+        time.sleep(5)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        dstMac = host_ip_mac[0][1]
+        self.acl_hosts_add(dstHostIpMac = host_ip_mac, egress_iface_count = 1,  egress_iface_num = egress )
+        status,code = acl_rule.adding_acl_rule('v4', srcIp=self.ACL_SRC_IP_RULE_2, dstIp =self.ACL_DST_IP_RULE_2, ipProto ='UDP', dstTpPort ='345', action = 'allow')
+        time.sleep(10)
+        if status is False:
+            log.info('JSON request returned status %d' %code)
+            assert_equal(status, True)
+        result = acl_rule.get_acl_rules()
+        aclRules1 = result.json()['aclRules']
+        acl_Id = map(lambda d: d['id'], aclRules1)
+        assert_equal(len(acl_Id), 2)
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP_RULE_2, dstIp = self.ACL_DST_IP_RULE_2,ingress =ingress, egress = egress, ip_proto = 'UDP', dstPortNum = 345)
+        ### crossing checking that we should not receive allow acl rule traffic on onther host non matched traffic
+        self.acl_rule_traffic_send_recv(srcMac = srcMac, dstMac = dstMac ,srcIp =self.ACL_SRC_IP, dstIp = self.ACL_DST_IP,ingress =ingress, egress = egress, ip_proto = 'UDP', dstPortNum = 987, positive_test = False)
+        self.cliExit()
+        self.acl_hosts_remove(egress_iface_count = 2,  egress_iface_num = egress-1)
+
+
+
diff --git a/src/test/setup/cord-test.py b/src/test/setup/cord-test.py
index 54ca9c9..b37fa6a 100755
--- a/src/test/setup/cord-test.py
+++ b/src/test/setup/cord-test.py
@@ -38,7 +38,7 @@
                        )
     basename = 'cord-tester'
     IMAGE = 'cord-test/nose'
-    ALL_TESTS = ('tls', 'dhcp', 'dhcprelay','igmp', 'subscriber', 'cordSubscriber', 'vrouter', 'flows', 'proxyarp')
+    ALL_TESTS = ('tls', 'dhcp', 'dhcprelay','igmp', 'subscriber', 'cordSubscriber', 'vrouter', 'flows', 'proxyarp', 'acl')
 
     def __init__(self, tests, instance = 0, num_instances = 1, ctlr_ip = None, image = IMAGE, tag = 'latest',
                  env = None, rm = False, update = False):
diff --git a/src/test/utils/ACL.py b/src/test/utils/ACL.py
new file mode 100644
index 0000000..1492868
--- /dev/null
+++ b/src/test/utils/ACL.py
@@ -0,0 +1,120 @@
+#
+# Copyright 2016-present Ciena Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+import json
+import requests
+import os,sys,time
+from scapy.all import *
+from OnosCtrl import OnosCtrl, get_mac
+from OnosFlowCtrl import OnosFlowCtrl
+
+conf.verb = 0 # Disable Scapy verbosity
+conf.checkIPaddr = 0 # Don't check response packets for matching destination IPs
+
+class ACLTest:
+
+    auth = ('karaf', 'karaf')
+    controller = os.getenv('ONOS_CONTROLLER_IP') or 'localhost'   
+    add_acl_rule_url = 'http://%s:8181/onos/v1/acl/rules' %(controller)
+    remove_acl_rule_url = 'http://%s:8181/onos/v1/acl/rules/%s' %(controller, id)
+    clear_all_acl_rule_url = 'http://%s:8181/onos/v1/acl/rules' %(controller)
+    iface_create_onos_url = 'http://%s:8181/onos/v1/network/configuration' %(controller)
+    device_id = 'of:' + get_mac('ovsbr0')
+    MAX_PORTS = 100
+
+    def __init__(self, ipv4Prefix ='v4', srcIp ='null', dstIp ='null', ipProto = 'null', dstTpPort = 0, action = 'null', ingress_iface = 1, egress_iface = 2,iface_num = 0, iface_name = 'null', iface_count = 0, iface_ip = 'null'):
+        self.ipv4Prefix = ipv4Prefix
+        self.srcIp = srcIp
+        self.ingress_iface = ingress_iface
+        self.egress_iface = egress_iface
+        self.dstIp = dstIp
+        self.ipProto = ipProto
+        self.dstTpPort = dstTpPort
+        self.action = action
+        self.iface_count = iface_count
+        self.iface_num = iface_num
+        self.iface_name = iface_name
+        self.iface_ip = iface_ip
+
+    def adding_acl_rule(self, ipv4Prefix, srcIp, dstIp, ipProto ='null', dstTpPort='null', action= 'include'):
+        '''This function is generating ACL json file and post to ONOS for creating a ACL rule'''
+        if ipv4Prefix is 'v4':
+           acl_dict = {} 
+           if srcIp and dstIp and action:
+              acl_dict['srcIp'] = '{}'.format(srcIp)
+              acl_dict['dstIp'] = '{}'.format(dstIp)
+              acl_dict['action'] = '{}'.format(action)
+           if ipProto is not 'null':
+              acl_dict['ipProto'] = '{}'.format(ipProto)
+           if dstTpPort is not 'null':
+              acl_dict['dstTpPort'] = '{}'.format(dstTpPort)
+        json_data = json.dumps(acl_dict)
+        resp = requests.post(self.add_acl_rule_url, auth = self.auth, data = json_data)
+        return resp.ok, resp.status_code
+
+    def get_acl_rules(self):
+        '''This function is getting a ACL rules from ONOS with json formate'''
+        resp = requests.get(self.add_acl_rule_url, auth = self.auth)
+        return resp
+
+    @classmethod
+    def remove_acl_rule(cls,id = None):
+        '''This function is delete one or all  ACL rules in ONOS'''
+        if id is None:
+           remove_acl_rule_url = 'http://%s:8181/onos/v1/acl/rules' %(cls.controller)
+        else:
+           remove_acl_rule_url = 'http://%s:8181/onos/v1/acl/rules/%s' %(cls.controller, id)
+        resp = requests.delete(remove_acl_rule_url, auth = cls.auth)
+        return resp.ok, resp.status_code
+  
+    def generate_onos_interface_config(self,iface_num = 4, iface_name = 'null',iface_count = 1,iface_ip = '198.162.10.1'):
+        '''This function is generate interface config data in json format and post to ONOS for creating it '''
+        ''' To add interfaces on ONOS to test acl with trffic'''
+        num = 0
+        egress_host_list = []
+        interface_list = []
+        ip = iface_ip.split('/')[0]
+        start_iface_ip = ip.split('.')
+        start_ip = ( int(start_iface_ip[0]) << 24) | ( int(start_iface_ip[1]) << 16)  |  ( int(start_iface_ip[2]) << 8) | 0
+        end_ip =  ( 200 << 24 ) | (168 << 16)  |  (10 << 8) | 0
+        ports_dict = { 'ports' : {} }
+        for n in xrange(start_ip, end_ip, 256):
+            port_map = ports_dict['ports']
+            port = iface_num if num < self.MAX_PORTS - 1 else self.MAX_PORTS - 1
+            device_port_key = '{0}/{1}'.format(self.device_id, port)
+            try:
+                interfaces = port_map[device_port_key]['interfaces']
+            except:
+                port_map[device_port_key] = { 'interfaces' : [] }
+                interfaces = port_map[device_port_key]['interfaces']
+            ip = n + 2
+            peer_ip = n + 1
+            ips = '%d.%d.%d.%d/%d'%( (ip >> 24) & 0xff, ( (ip >> 16) & 0xff ), ( (ip >> 8 ) & 0xff ), ip & 0xff, int(iface_ip.split('/')[1]))
+            peer = '%d.%d.%d.%d' % ( (peer_ip >> 24) & 0xff, ( ( peer_ip >> 16) & 0xff ), ( (peer_ip >> 8 ) & 0xff ), peer_ip & 0xff )
+            mac = RandMAC()._fix()
+            egress_host_list.append((peer, mac))
+            if num < self.MAX_PORTS - 1:
+               interface_dict = { 'name' : '{0}-{1}'.format(iface_name,port), 'ips': [ips], 'mac' : mac }
+               interfaces.append(interface_dict)
+               interface_list.append(interface_dict['name'])
+            else:
+               interfaces[0]['ips'].append(ips)
+            num += 1
+            if num == iface_count:
+               break
+        json_data = json.dumps(ports_dict)
+        resp = requests.post(self.iface_create_onos_url, auth = self.auth, data = json_data)
+        return resp.ok, resp.status_code, egress_host_list
+