CISCO-ACL-MIB

This MIB module defines objects that describe Cisco Access
Control Lists (ACL).

This MIB describes different objects that enable the
network administrator to remotely configure ACLs, apply them
to interfaces and monitor their usage statistics.

A typical application of this MIB module will facilitate
monitoring of ACL match (sometimes referred as hit) counts.
However, by no means does the definition of this MIB module
prevent other applications from using it.

An ACL is an ordered list of statements that deny or permit
packets based on matching fields contained within the packet
header (layer 3 source and destination addresses, layer 4
protocol, layer 4 source and destination port numbers, etc.) In
addition there is an implicit *Deny All* at the end of the ACL.
ACLs are used to perform packet filtering to control
which packets are allowed through the network. Such control
can help limit network traffic, and restrict the access of
applications and devices on the network. Each one of these
statements is referred to as an Access List Control Entry
(ACE).
Here is an example of an ACL configuration.
    ipv4 access-list V4Example
     10 permit tcp any any
    !
    ipv6 access-list V6Example
     10 permit tcp any any
    !

The mechanism for monitoring ACL usage is by configuring, in
the desired ACEs a counter label. A counter label is a name
that is given to a counter and is defined in any ACE. ACEs
that share the same Counter label name will have their counters
aggregated into the same label.
Here is an example of how to use counter labels.
    ipv4 access-list V4CounterExample
     10 permit tcp any any counter CountPermits
     20 permit udp any any counter CountPermits

The same applies to IPv6 ACLs.

This MIB consists of following tables:
    * caAclCfgTable
        Defines the ACLs configured in the device.
    * caAclIPV4ACECfgTable
        Defines the ACEs that make up an IPV4 ACL.
    * caAclIPV6ACECfgTable
        Defines the ACEs that make up an IPV6 ACL.
    * caAclAccessGroupCfgTable
        Defines the Access Control Groups (ACG) applied to
        interfaces on the device.
    * caAclLabelIntfStatsTable
        Defines the statistics for a specific  ACE with counter
        labels attached to interfaces on the device.

Imported Objects

ciscoMgmtCISCO-SMI
CiscoIpProtocolCISCO-TC
ifIndexIF-MIB
InetAddressType, InetPortNumber, InetAddressINET-ADDRESS-MIB
SnmpAdminStringSNMP-FRAMEWORK-MIB
MODULE-COMPLIANCE, OBJECT-GROUPSNMPv2-CONF
MODULE-IDENTITY, OBJECT-TYPE, Counter64, Unsigned32, Integer32SNMPv2-SMI
TEXTUAL-CONVENTION, RowStatusSNMPv2-TC
ciscoACLMIB.1.3.6.1.4.1.9.9.808
caAclMIBObjects .1.3.6.1.4.1.9.9.808.1
caAclConfiguration .1.3.6.1.4.1.9.9.808.1.1
caAclCfgTable .1.3.6.1.4.1.9.9.808.1.1.1
caAclCfgTableEntry .1.3.6.1.4.1.9.9.808.1.1.1.1
caAclIndex .1.3.6.1.4.1.9.9.808.1.1.1.1.1
caAclAddressType .1.3.6.1.4.1.9.9.808.1.1.1.1.2
caAclName .1.3.6.1.4.1.9.9.808.1.1.1.1.3
caAclRowStatus .1.3.6.1.4.1.9.9.808.1.1.1.1.4
caAclIPV4ACECfgTable .1.3.6.1.4.1.9.9.808.1.1.2
caAclIPV4ACECfgTableEntry .1.3.6.1.4.1.9.9.808.1.1.2.1
caAclIPV4ACESequenceNumber .1.3.6.1.4.1.9.9.808.1.1.2.1.1
caAclIPV4ACESourcePortGroup .1.3.6.1.4.1.9.9.808.1.1.2.1.10
caAclIPV4ACEDestinationAddress .1.3.6.1.4.1.9.9.808.1.1.2.1.11
caAclIPV4ACEDestinationWildCardMask .1.3.6.1.4.1.9.9.808.1.1.2.1.12
caAclIPV4ACEDestinationNetworkGroup .1.3.6.1.4.1.9.9.808.1.1.2.1.13
caAclIPV4ACEDestinationPortOperator .1.3.6.1.4.1.9.9.808.1.1.2.1.14
caAclIPV4ACEDestinationPort .1.3.6.1.4.1.9.9.808.1.1.2.1.15
caAclIPV4ACEDestinationPortUpper .1.3.6.1.4.1.9.9.808.1.1.2.1.16
caAclIPV4ACEDestinationPortGroup .1.3.6.1.4.1.9.9.808.1.1.2.1.17
caAclIPV4ACEDscpValue .1.3.6.1.4.1.9.9.808.1.1.2.1.18
caAclIPV4ACETcpFlagsValue .1.3.6.1.4.1.9.9.808.1.1.2.1.19
caAclIPV4ACEAction .1.3.6.1.4.1.9.9.808.1.1.2.1.2
caAclIPV4ACETcpFlagsMask .1.3.6.1.4.1.9.9.808.1.1.2.1.20
caAclIPV4ACETcpFlagsMatchType .1.3.6.1.4.1.9.9.808.1.1.2.1.21
caAclIPV4ACETosValue .1.3.6.1.4.1.9.9.808.1.1.2.1.22
caAclIPV4ACEPrecedenceValue .1.3.6.1.4.1.9.9.808.1.1.2.1.23
caAclIPV4ACELogOption .1.3.6.1.4.1.9.9.808.1.1.2.1.24
caAclIPV4ACECounterLabel .1.3.6.1.4.1.9.9.808.1.1.2.1.25
caAclIPV4ACERemark .1.3.6.1.4.1.9.9.808.1.1.2.1.26
caAclIPV4ACERowStatus .1.3.6.1.4.1.9.9.808.1.1.2.1.27
caAclIPV4ACEProtocol .1.3.6.1.4.1.9.9.808.1.1.2.1.3
caAclIPV4ACESourceAddress .1.3.6.1.4.1.9.9.808.1.1.2.1.4
caAclIPV4ACESourceWildCardMask .1.3.6.1.4.1.9.9.808.1.1.2.1.5
caAclIPV4ACESourceNetworkGroup .1.3.6.1.4.1.9.9.808.1.1.2.1.6
caAclIPV4ACESourcePortOperator .1.3.6.1.4.1.9.9.808.1.1.2.1.7
caAclIPV4ACESourcePort .1.3.6.1.4.1.9.9.808.1.1.2.1.8
caAclIPV4ACESourcePortUpper .1.3.6.1.4.1.9.9.808.1.1.2.1.9
caAclIPV6ACECfgTable .1.3.6.1.4.1.9.9.808.1.1.3
caAclIPV6ACECfgTableEntry .1.3.6.1.4.1.9.9.808.1.1.3.1
caAclIPV6ACESequenceNumber .1.3.6.1.4.1.9.9.808.1.1.3.1.1
caAclIPV6ACESourcePortGroup .1.3.6.1.4.1.9.9.808.1.1.3.1.10
caAclIPV6ACEDestinationAddress .1.3.6.1.4.1.9.9.808.1.1.3.1.11
caAclIPV6ACEDestinationPrefixLength .1.3.6.1.4.1.9.9.808.1.1.3.1.12
caAclIPV6ACEDestinationNetworkGroup .1.3.6.1.4.1.9.9.808.1.1.3.1.13
caAclIPV6ACEDestinationPortOperator .1.3.6.1.4.1.9.9.808.1.1.3.1.14
caAclIPV6ACEDestinationPort .1.3.6.1.4.1.9.9.808.1.1.3.1.15
caAclIPV6ACEDestinationPortUpper .1.3.6.1.4.1.9.9.808.1.1.3.1.16
caAclIPV6ACEDestinationPortGroup .1.3.6.1.4.1.9.9.808.1.1.3.1.17
caAclIPV6ACETrafficClassValue .1.3.6.1.4.1.9.9.808.1.1.3.1.18
caAclIPV6ACETcpFlagsValue .1.3.6.1.4.1.9.9.808.1.1.3.1.19
caAclIPV6ACEAction .1.3.6.1.4.1.9.9.808.1.1.3.1.2
caAclIPV6ACETcpFlagsMask .1.3.6.1.4.1.9.9.808.1.1.3.1.20
caAclIPV6ACETcpFlagsMatchType .1.3.6.1.4.1.9.9.808.1.1.3.1.21
caAclIPV6ACELogOption .1.3.6.1.4.1.9.9.808.1.1.3.1.22
caAclIPV6ACECounterLabel .1.3.6.1.4.1.9.9.808.1.1.3.1.23
caAclIPV6ACERemark .1.3.6.1.4.1.9.9.808.1.1.3.1.24
caAclIPV6ACERowStatus .1.3.6.1.4.1.9.9.808.1.1.3.1.25
caAclIPV6ACEProtocol .1.3.6.1.4.1.9.9.808.1.1.3.1.3
caAclIPV6ACESourceAddress .1.3.6.1.4.1.9.9.808.1.1.3.1.4
caAclIPV6ACESourcePrefixLength .1.3.6.1.4.1.9.9.808.1.1.3.1.5
caAclIPV6ACESourceNetworkGroup .1.3.6.1.4.1.9.9.808.1.1.3.1.6
caAclIPV6ACESourcePortOperator .1.3.6.1.4.1.9.9.808.1.1.3.1.7
caAclIPV6ACESourcePort .1.3.6.1.4.1.9.9.808.1.1.3.1.8
caAclIPV6ACESourcePortUpper .1.3.6.1.4.1.9.9.808.1.1.3.1.9
caAclAccessGroupCfgTable .1.3.6.1.4.1.9.9.808.1.1.4
caAclAccessGroupCfgEntry .1.3.6.1.4.1.9.9.808.1.1.4.1
caAclAccessGroupACL .1.3.6.1.4.1.9.9.808.1.1.4.1.1
caAclAccessGroupCfgAddressType .1.3.6.1.4.1.9.9.808.1.1.4.1.2
caAclAccessGroupDirection .1.3.6.1.4.1.9.9.808.1.1.4.1.3
caAclAccessGroupSequenceNumber .1.3.6.1.4.1.9.9.808.1.1.4.1.4
caAclAccessGroupRowStatus .1.3.6.1.4.1.9.9.808.1.1.4.1.5
caAclStats .1.3.6.1.4.1.9.9.808.1.2
caAclLabelIntfStatsTable .1.3.6.1.4.1.9.9.808.1.2.1
caAclLabelIntfStatsEntry .1.3.6.1.4.1.9.9.808.1.2.1.1
caAclIntfStatsCounterLabelName .1.3.6.1.4.1.9.9.808.1.2.1.1.1
caAclIntfStatsPackets .1.3.6.1.4.1.9.9.808.1.2.1.1.2
caAclIntfStatsOctets .1.3.6.1.4.1.9.9.808.1.2.1.1.3
caAclMIBConformance .1.3.6.1.4.1.9.9.808.2
caAclMIBACEConform .1.3.6.1.4.1.9.9.808.2.1
caAclMIBACECompliances .1.3.6.1.4.1.9.9.808.2.1.1
caAclMIBCfgGroups .1.3.6.1.4.1.9.9.808.2.1.2