CISCO-ACL-MIB MIB – Observium MIB Browser

CISCO-ACL-MIB

        This MIB module defines objects that describe Cisco Access
Control Lists (ACL).
        
This MIB describes different objects that enable the
network administrator to remotely configure ACLs, apply them
to interfaces and monitor their usage statistics.
        
A typical application of this MIB module will facilitate
monitoring of ACL match (sometimes referred as hit) counts.
However, by no means does the definition of this MIB module
prevent other applications from using it.
        
An ACL is an ordered list of statements that deny or permit
packets based on matching fields contained within the packet
header (layer 3 source and destination addresses, layer 4
protocol, layer 4 source and destination port numbers, etc.) In
addition there is an implicit *Deny All* at the end of the ACL.
ACLs are used to perform packet filtering to control
which packets are allowed through the network. Such control
can help limit network traffic, and restrict the access of
applications and devices on the network. Each one of these
statements is referred to as an Access List Control Entry
(ACE).
Here is an example of an ACL configuration.
    ipv4 access-list V4Example
     10 permit tcp any any
    !
    ipv6 access-list V6Example
     10 permit tcp any any
    !
        
The mechanism for monitoring ACL usage is by configuring, in
the desired ACEs a counter label. A counter label is a name
that is given to a counter and is defined in any ACE. ACEs
that share the same Counter label name will have their counters
aggregated into the same label.
Here is an example of how to use counter labels.
    ipv4 access-list V4CounterExample
     10 permit tcp any any counter CountPermits
     20 permit udp any any counter CountPermits
        
The same applies to IPv6 ACLs.
        
This MIB consists of following tables:
    * caAclCfgTable
        Defines the ACLs configured in the device.
    * caAclIPV4ACECfgTable
        Defines the ACEs that make up an IPV4 ACL.
    * caAclIPV6ACECfgTable
        Defines the ACEs that make up an IPV6 ACL.
    * caAclAccessGroupCfgTable
        Defines the Access Control Groups (ACG) applied to
        interfaces on the device.
    * caAclLabelIntfStatsTable
        Defines the statistics for a specific  ACE with counter
        labels attached to interfaces on the device.

ciscoACLMIB 1.3.6.1.4.1.9.9.808

Imported Objects

CISCO-SMI	ciscoMgmt
CISCO-TC	CiscoIpProtocol
IF-MIB	ifIndex
INET-ADDRESS-MIB	InetAddress InetAddressType InetPortNumber
SNMP-FRAMEWORK-MIB	SnmpAdminString
SNMPv2-CONF	MODULE-COMPLIANCE OBJECT-GROUP
SNMPv2-SMI	Counter64 Integer32 MODULE-IDENTITY OBJECT-TYPE Unsigned32
SNMPv2-TC	RowStatus TEXTUAL-CONVENTION

Type Definitions (8)

CaAclACLIndex	Unsigned32	`range: 1..4294967295`
CaAclAction	Enumeration	`permit(1)` `deny(2)`
CaAclLogOption	Enumeration	`log(1)` `logInput(2)`
CaAclPortOperator	Enumeration	`lt(1)` `gt(2)` `eq(3)` `neq(4)` `range(5)`
CaAclPrecedenceValue	Enumeration	`routine(0)` `priority(1)` `immediate(2)` `flash(3)` `flashOverride(4)` `critical(5)` `internet(6)` `network(7)`
CaAclSequenceNumber	Unsigned32	`range: 1..4294967295`
CaAclTcpFlagsMatch	Enumeration	`matchAny(1)` `matchAll(2)` `matchNone(3)`
CaAclTrafficDirection	Enumeration	`ingress(1)` `egress(2)`

Objects (82)

ciscoACLMIB		`.1.3.6.1.4.1.9.9.808`
caAclMIBObjects		`.1.3.6.1.4.1.9.9.808.1`
caAclConfiguration		`.1.3.6.1.4.1.9.9.808.1.1`
caAclCfgTable		`.1.3.6.1.4.1.9.9.808.1.1.1`
caAclCfgTableEntry	caAclIndexcaAclAddressType	`.1.3.6.1.4.1.9.9.808.1.1.1.1`
caAclIndex	CaAclACLIndex	`.1.3.6.1.4.1.9.9.808.1.1.1.1.1`
caAclAddressType	INET-ADDRESS-MIBInetAddressType	`.1.3.6.1.4.1.9.9.808.1.1.1.1.2`
caAclName r/w	OctetString	`.1.3.6.1.4.1.9.9.808.1.1.1.1.3`
caAclRowStatus r/w	SNMPv2-TCRowStatus	`.1.3.6.1.4.1.9.9.808.1.1.1.1.4`
caAclIPV4ACECfgTable		`.1.3.6.1.4.1.9.9.808.1.1.2`
caAclIPV4ACECfgTableEntry	caAclIndexcaAclAddressTypecaAclIPV4ACESequenceNumber	`.1.3.6.1.4.1.9.9.808.1.1.2.1`
caAclIPV4ACESequenceNumber	CaAclSequenceNumber	`.1.3.6.1.4.1.9.9.808.1.1.2.1.1`
caAclIPV4ACESourcePortGroup r/w	OctetString	`.1.3.6.1.4.1.9.9.808.1.1.2.1.10`
caAclIPV4ACEDestinationAddress r/w	INET-ADDRESS-MIBInetAddress	`.1.3.6.1.4.1.9.9.808.1.1.2.1.11`
caAclIPV4ACEDestinationWildCardMask r/w	INET-ADDRESS-MIBInetAddress	`.1.3.6.1.4.1.9.9.808.1.1.2.1.12`
caAclIPV4ACEDestinationNetworkGroup r/w	OctetString	`.1.3.6.1.4.1.9.9.808.1.1.2.1.13`
caAclIPV4ACEDestinationPortOperator r/w	CaAclPortOperator	`.1.3.6.1.4.1.9.9.808.1.1.2.1.14`
caAclIPV4ACEDestinationPort r/w	INET-ADDRESS-MIBInetPortNumber	`.1.3.6.1.4.1.9.9.808.1.1.2.1.15`
caAclIPV4ACEDestinationPortUpper r/w	INET-ADDRESS-MIBInetPortNumber	`.1.3.6.1.4.1.9.9.808.1.1.2.1.16`
caAclIPV4ACEDestinationPortGroup r/w	OctetString	`.1.3.6.1.4.1.9.9.808.1.1.2.1.17`
caAclIPV4ACEDscpValue r/w	Unsigned32	`.1.3.6.1.4.1.9.9.808.1.1.2.1.18`
caAclIPV4ACETcpFlagsValue r/w	Unsigned32	`.1.3.6.1.4.1.9.9.808.1.1.2.1.19`
caAclIPV4ACEAction r/w	CaAclAction	`.1.3.6.1.4.1.9.9.808.1.1.2.1.2`
caAclIPV4ACETcpFlagsMask r/w	Unsigned32	`.1.3.6.1.4.1.9.9.808.1.1.2.1.20`
caAclIPV4ACETcpFlagsMatchType r/w	CaAclTcpFlagsMatch	`.1.3.6.1.4.1.9.9.808.1.1.2.1.21`
caAclIPV4ACETosValue r/w	Unsigned32	`.1.3.6.1.4.1.9.9.808.1.1.2.1.22`
caAclIPV4ACEPrecedenceValue r/w	CaAclPrecedenceValue	`.1.3.6.1.4.1.9.9.808.1.1.2.1.23`
caAclIPV4ACELogOption r/w	CaAclLogOption	`.1.3.6.1.4.1.9.9.808.1.1.2.1.24`
caAclIPV4ACECounterLabel r/w	OctetString	`.1.3.6.1.4.1.9.9.808.1.1.2.1.25`
caAclIPV4ACERemark r/w	OctetString	`.1.3.6.1.4.1.9.9.808.1.1.2.1.26`
caAclIPV4ACERowStatus r/w	SNMPv2-TCRowStatus	`.1.3.6.1.4.1.9.9.808.1.1.2.1.27`
caAclIPV4ACEProtocol r/w	CISCO-TCCiscoIpProtocol	`.1.3.6.1.4.1.9.9.808.1.1.2.1.3`
caAclIPV4ACESourceAddress r/w	INET-ADDRESS-MIBInetAddress	`.1.3.6.1.4.1.9.9.808.1.1.2.1.4`
caAclIPV4ACESourceWildCardMask r/w	INET-ADDRESS-MIBInetAddress	`.1.3.6.1.4.1.9.9.808.1.1.2.1.5`
caAclIPV4ACESourceNetworkGroup r/w	OctetString	`.1.3.6.1.4.1.9.9.808.1.1.2.1.6`
caAclIPV4ACESourcePortOperator r/w	CaAclPortOperator	`.1.3.6.1.4.1.9.9.808.1.1.2.1.7`
caAclIPV4ACESourcePort r/w	INET-ADDRESS-MIBInetPortNumber	`.1.3.6.1.4.1.9.9.808.1.1.2.1.8`
caAclIPV4ACESourcePortUpper r/w	INET-ADDRESS-MIBInetPortNumber	`.1.3.6.1.4.1.9.9.808.1.1.2.1.9`
caAclIPV6ACECfgTable		`.1.3.6.1.4.1.9.9.808.1.1.3`
caAclIPV6ACECfgTableEntry	caAclIndexcaAclAddressTypecaAclIPV6ACESequenceNumber	`.1.3.6.1.4.1.9.9.808.1.1.3.1`
caAclIPV6ACESequenceNumber	CaAclSequenceNumber	`.1.3.6.1.4.1.9.9.808.1.1.3.1.1`
caAclIPV6ACESourcePortGroup r/w	OctetString	`.1.3.6.1.4.1.9.9.808.1.1.3.1.10`
caAclIPV6ACEDestinationAddress r/w	INET-ADDRESS-MIBInetAddress	`.1.3.6.1.4.1.9.9.808.1.1.3.1.11`
caAclIPV6ACEDestinationPrefixLength r/w	Integer32	`.1.3.6.1.4.1.9.9.808.1.1.3.1.12`
caAclIPV6ACEDestinationNetworkGroup r/w	OctetString	`.1.3.6.1.4.1.9.9.808.1.1.3.1.13`
caAclIPV6ACEDestinationPortOperator r/w	CaAclPortOperator	`.1.3.6.1.4.1.9.9.808.1.1.3.1.14`
caAclIPV6ACEDestinationPort r/w	INET-ADDRESS-MIBInetPortNumber	`.1.3.6.1.4.1.9.9.808.1.1.3.1.15`
caAclIPV6ACEDestinationPortUpper r/w	INET-ADDRESS-MIBInetPortNumber	`.1.3.6.1.4.1.9.9.808.1.1.3.1.16`
caAclIPV6ACEDestinationPortGroup r/w	OctetString	`.1.3.6.1.4.1.9.9.808.1.1.3.1.17`
caAclIPV6ACETrafficClassValue r/w	Unsigned32	`.1.3.6.1.4.1.9.9.808.1.1.3.1.18`
caAclIPV6ACETcpFlagsValue r/w	Unsigned32	`.1.3.6.1.4.1.9.9.808.1.1.3.1.19`
caAclIPV6ACEAction r/w	CaAclAction	`.1.3.6.1.4.1.9.9.808.1.1.3.1.2`
caAclIPV6ACETcpFlagsMask r/w	Unsigned32	`.1.3.6.1.4.1.9.9.808.1.1.3.1.20`
caAclIPV6ACETcpFlagsMatchType r/w	CaAclTcpFlagsMatch	`.1.3.6.1.4.1.9.9.808.1.1.3.1.21`
caAclIPV6ACELogOption r/w	CaAclLogOption	`.1.3.6.1.4.1.9.9.808.1.1.3.1.22`
caAclIPV6ACECounterLabel r/w	OctetString	`.1.3.6.1.4.1.9.9.808.1.1.3.1.23`
caAclIPV6ACERemark r/w	OctetString	`.1.3.6.1.4.1.9.9.808.1.1.3.1.24`
caAclIPV6ACERowStatus r/w	SNMPv2-TCRowStatus	`.1.3.6.1.4.1.9.9.808.1.1.3.1.25`
caAclIPV6ACEProtocol r/w	CISCO-TCCiscoIpProtocol	`.1.3.6.1.4.1.9.9.808.1.1.3.1.3`
caAclIPV6ACESourceAddress r/w	INET-ADDRESS-MIBInetAddress	`.1.3.6.1.4.1.9.9.808.1.1.3.1.4`
caAclIPV6ACESourcePrefixLength r/w	Integer32	`.1.3.6.1.4.1.9.9.808.1.1.3.1.5`
caAclIPV6ACESourceNetworkGroup r/w	OctetString	`.1.3.6.1.4.1.9.9.808.1.1.3.1.6`
caAclIPV6ACESourcePortOperator r/w	CaAclPortOperator	`.1.3.6.1.4.1.9.9.808.1.1.3.1.7`
caAclIPV6ACESourcePort r/w	INET-ADDRESS-MIBInetPortNumber	`.1.3.6.1.4.1.9.9.808.1.1.3.1.8`
caAclIPV6ACESourcePortUpper r/w	INET-ADDRESS-MIBInetPortNumber	`.1.3.6.1.4.1.9.9.808.1.1.3.1.9`
caAclAccessGroupCfgTable		`.1.3.6.1.4.1.9.9.808.1.1.4`
caAclAccessGroupCfgEntry	IF-MIBifIndexcaAclAccessGroupCfgAddressTypecaAclAccessGroupDirectioncaAclAccessGroupSequenceNumber	`.1.3.6.1.4.1.9.9.808.1.1.4.1`
caAclAccessGroupACL r/w	CaAclACLIndex	`.1.3.6.1.4.1.9.9.808.1.1.4.1.1`
caAclAccessGroupCfgAddressType	INET-ADDRESS-MIBInetAddressType	`.1.3.6.1.4.1.9.9.808.1.1.4.1.2`
caAclAccessGroupDirection	CaAclTrafficDirection	`.1.3.6.1.4.1.9.9.808.1.1.4.1.3`
caAclAccessGroupSequenceNumber	CaAclSequenceNumber	`.1.3.6.1.4.1.9.9.808.1.1.4.1.4`
caAclAccessGroupRowStatus r/w	SNMPv2-TCRowStatus	`.1.3.6.1.4.1.9.9.808.1.1.4.1.5`
caAclStats		`.1.3.6.1.4.1.9.9.808.1.2`
caAclLabelIntfStatsTable		`.1.3.6.1.4.1.9.9.808.1.2.1`
caAclLabelIntfStatsEntry	IF-MIBifIndexcaAclAccessGroupCfgAddressTypecaAclAccessGroupDirectioncaAclIntfStatsCounterLabelName	`.1.3.6.1.4.1.9.9.808.1.2.1.1`
caAclIntfStatsCounterLabelName	OctetString	`.1.3.6.1.4.1.9.9.808.1.2.1.1.1`
caAclIntfStatsPackets	packetsSNMPv2-SMICounter64	`.1.3.6.1.4.1.9.9.808.1.2.1.1.2`
caAclIntfStatsOctets	bytesSNMPv2-SMICounter64	`.1.3.6.1.4.1.9.9.808.1.2.1.1.3`
caAclMIBConformance		`.1.3.6.1.4.1.9.9.808.2`
caAclMIBACEConform		`.1.3.6.1.4.1.9.9.808.2.1`
caAclMIBACECompliances		`.1.3.6.1.4.1.9.9.808.2.1.1`
caAclMIBCfgGroups		`.1.3.6.1.4.1.9.9.808.2.1.2`