CISCO-ACL-MIB

This MIB module defines objects that describe Cisco Access Control Lists (ACL). This MIB describes different objects that enable the network administrator to remotely configure ACLs, apply them to interfaces and monitor their usage statistics. A typical application of this MIB module will facilitate monitoring of ACL match (sometimes referred as hit) counts. However, by no means does the definition of this MIB module prevent other applications from using it. An ACL is an ordered list of statements that deny or permit packets based on matching fields contained within the packet header (layer 3 source and destination addresses, layer 4 protocol, layer 4 source and destination port numbers, etc.) In addition there is an implicit *Deny All* at the end of the ACL. ACLs are used to perform packet filtering to control which packets are allowed through the network. Such control can help limit network traffic, and restrict the access of applications and devices on the network. Each one of these statements is referred to as an Access List Control Entry (ACE). Here is an example of an ACL configuration. ipv4 access-list V4Example 10 permit tcp any any ! ipv6 access-list V6Example 10 permit tcp any any ! The mechanism for monitoring ACL usage is by configuring, in the desired ACEs a counter label. A counter label is a name that is given to a counter and is defined in any ACE. ACEs that share the same Counter label name will have their counters aggregated into the same label. Here is an example of how to use counter labels. ipv4 access-list V4CounterExample 10 permit tcp any any counter CountPermits 20 permit udp any any counter CountPermits The same applies to IPv6 ACLs. This MIB consists of following tables: * caAclCfgTable Defines the ACLs configured in the device. * caAclIPV4ACECfgTable Defines the ACEs that make up an IPV4 ACL. * caAclIPV6ACECfgTable Defines the ACEs that make up an IPV6 ACL. * caAclAccessGroupCfgTable Defines the Access Control Groups (ACG) applied to interfaces on the device. * caAclLabelIntfStatsTable Defines the statistics for a specific ACE with counter labels attached to interfaces on the device.

MIB content (82 objects)

1.3.6.1.4.1.9.9.808 ciscoACLMIB
1.3.6.1.4.1.9.9.808.1 caAclMIBObjects
1.3.6.1.4.1.9.9.808.1.1 caAclConfiguration
1.3.6.1.4.1.9.9.808.1.2 caAclStats
1.3.6.1.4.1.9.9.808.2 caAclMIBConformance
1.3.6.1.4.1.9.9.808.2.1 caAclMIBACEConform
1.3.6.1.4.1.9.9.808.2.1.1 caAclMIBACECompliances
1.3.6.1.4.1.9.9.808.2.1.2 caAclMIBCfgGroups
1.3.6.1.4.1.9.9.808.1.1.1 caAclCfgTable
1.3.6.1.4.1.9.9.808.1.1.2 caAclIPV4ACECfgTable
1.3.6.1.4.1.9.9.808.1.1.3 caAclIPV6ACECfgTable
1.3.6.1.4.1.9.9.808.1.1.4 caAclAccessGroupCfgTable
1.3.6.1.4.1.9.9.808.1.2.1 caAclLabelIntfStatsTable
1.3.6.1.4.1.9.9.808.1.1.1.1 caAclCfgTableEntry
1.3.6.1.4.1.9.9.808.1.1.2.1 caAclIPV4ACECfgTableEntry
1.3.6.1.4.1.9.9.808.1.1.3.1 caAclIPV6ACECfgTableEntry
1.3.6.1.4.1.9.9.808.1.1.4.1 caAclAccessGroupCfgEntry
1.3.6.1.4.1.9.9.808.1.2.1.1 caAclLabelIntfStatsEntry
1.3.6.1.4.1.9.9.808.1.1.1.1.1 caAclIndex
1.3.6.1.4.1.9.9.808.1.1.1.1.2 caAclAddressType
1.3.6.1.4.1.9.9.808.1.1.1.1.3 caAclName
1.3.6.1.4.1.9.9.808.1.1.1.1.4 caAclRowStatus
1.3.6.1.4.1.9.9.808.1.1.2.1.1 caAclIPV4ACESequenceNumber
1.3.6.1.4.1.9.9.808.1.1.2.1.2 caAclIPV4ACEAction
1.3.6.1.4.1.9.9.808.1.1.2.1.3 caAclIPV4ACEProtocol
1.3.6.1.4.1.9.9.808.1.1.2.1.4 caAclIPV4ACESourceAddress
1.3.6.1.4.1.9.9.808.1.1.2.1.5 caAclIPV4ACESourceWildCardMask
1.3.6.1.4.1.9.9.808.1.1.2.1.6 caAclIPV4ACESourceNetworkGroup
1.3.6.1.4.1.9.9.808.1.1.2.1.7 caAclIPV4ACESourcePortOperator
1.3.6.1.4.1.9.9.808.1.1.2.1.8 caAclIPV4ACESourcePort
1.3.6.1.4.1.9.9.808.1.1.2.1.9 caAclIPV4ACESourcePortUpper
1.3.6.1.4.1.9.9.808.1.1.2.1.10 caAclIPV4ACESourcePortGroup
1.3.6.1.4.1.9.9.808.1.1.2.1.11 caAclIPV4ACEDestinationAddress
1.3.6.1.4.1.9.9.808.1.1.2.1.12 caAclIPV4ACEDestinationWildCardMask
1.3.6.1.4.1.9.9.808.1.1.2.1.13 caAclIPV4ACEDestinationNetworkGroup
1.3.6.1.4.1.9.9.808.1.1.2.1.14 caAclIPV4ACEDestinationPortOperator
1.3.6.1.4.1.9.9.808.1.1.2.1.15 caAclIPV4ACEDestinationPort
1.3.6.1.4.1.9.9.808.1.1.2.1.16 caAclIPV4ACEDestinationPortUpper
1.3.6.1.4.1.9.9.808.1.1.2.1.17 caAclIPV4ACEDestinationPortGroup
1.3.6.1.4.1.9.9.808.1.1.2.1.18 caAclIPV4ACEDscpValue
1.3.6.1.4.1.9.9.808.1.1.2.1.19 caAclIPV4ACETcpFlagsValue
1.3.6.1.4.1.9.9.808.1.1.2.1.20 caAclIPV4ACETcpFlagsMask
1.3.6.1.4.1.9.9.808.1.1.2.1.21 caAclIPV4ACETcpFlagsMatchType
1.3.6.1.4.1.9.9.808.1.1.2.1.22 caAclIPV4ACETosValue
1.3.6.1.4.1.9.9.808.1.1.2.1.23 caAclIPV4ACEPrecedenceValue
1.3.6.1.4.1.9.9.808.1.1.2.1.24 caAclIPV4ACELogOption
1.3.6.1.4.1.9.9.808.1.1.2.1.25 caAclIPV4ACECounterLabel
1.3.6.1.4.1.9.9.808.1.1.2.1.26 caAclIPV4ACERemark
1.3.6.1.4.1.9.9.808.1.1.2.1.27 caAclIPV4ACERowStatus
1.3.6.1.4.1.9.9.808.1.1.3.1.1 caAclIPV6ACESequenceNumber
1.3.6.1.4.1.9.9.808.1.1.3.1.2 caAclIPV6ACEAction
1.3.6.1.4.1.9.9.808.1.1.3.1.3 caAclIPV6ACEProtocol
1.3.6.1.4.1.9.9.808.1.1.3.1.4 caAclIPV6ACESourceAddress
1.3.6.1.4.1.9.9.808.1.1.3.1.5 caAclIPV6ACESourcePrefixLength
1.3.6.1.4.1.9.9.808.1.1.3.1.6 caAclIPV6ACESourceNetworkGroup
1.3.6.1.4.1.9.9.808.1.1.3.1.7 caAclIPV6ACESourcePortOperator
1.3.6.1.4.1.9.9.808.1.1.3.1.8 caAclIPV6ACESourcePort
1.3.6.1.4.1.9.9.808.1.1.3.1.9 caAclIPV6ACESourcePortUpper
1.3.6.1.4.1.9.9.808.1.1.3.1.10 caAclIPV6ACESourcePortGroup
1.3.6.1.4.1.9.9.808.1.1.3.1.11 caAclIPV6ACEDestinationAddress
1.3.6.1.4.1.9.9.808.1.1.3.1.12 caAclIPV6ACEDestinationPrefixLength
1.3.6.1.4.1.9.9.808.1.1.3.1.13 caAclIPV6ACEDestinationNetworkGroup
1.3.6.1.4.1.9.9.808.1.1.3.1.14 caAclIPV6ACEDestinationPortOperator
1.3.6.1.4.1.9.9.808.1.1.3.1.15 caAclIPV6ACEDestinationPort
1.3.6.1.4.1.9.9.808.1.1.3.1.16 caAclIPV6ACEDestinationPortUpper
1.3.6.1.4.1.9.9.808.1.1.3.1.17 caAclIPV6ACEDestinationPortGroup
1.3.6.1.4.1.9.9.808.1.1.3.1.18 caAclIPV6ACETrafficClassValue
1.3.6.1.4.1.9.9.808.1.1.3.1.19 caAclIPV6ACETcpFlagsValue
1.3.6.1.4.1.9.9.808.1.1.3.1.20 caAclIPV6ACETcpFlagsMask
1.3.6.1.4.1.9.9.808.1.1.3.1.21 caAclIPV6ACETcpFlagsMatchType
1.3.6.1.4.1.9.9.808.1.1.3.1.22 caAclIPV6ACELogOption
1.3.6.1.4.1.9.9.808.1.1.3.1.23 caAclIPV6ACECounterLabel
1.3.6.1.4.1.9.9.808.1.1.3.1.24 caAclIPV6ACERemark
1.3.6.1.4.1.9.9.808.1.1.3.1.25 caAclIPV6ACERowStatus
1.3.6.1.4.1.9.9.808.1.1.4.1.1 caAclAccessGroupACL
1.3.6.1.4.1.9.9.808.1.1.4.1.2 caAclAccessGroupCfgAddressType
1.3.6.1.4.1.9.9.808.1.1.4.1.3 caAclAccessGroupDirection
1.3.6.1.4.1.9.9.808.1.1.4.1.4 caAclAccessGroupSequenceNumber
1.3.6.1.4.1.9.9.808.1.1.4.1.5 caAclAccessGroupRowStatus
1.3.6.1.4.1.9.9.808.1.2.1.1.1 caAclIntfStatsCounterLabelName
1.3.6.1.4.1.9.9.808.1.2.1.1.2 caAclIntfStatsPackets
1.3.6.1.4.1.9.9.808.1.2.1.1.3 caAclIntfStatsOctets

Informations

Organization: Cisco Systems, Inc.
Contact info: Cisco Systems Customer Service Postal: 170 West Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: cs-snmp@cisco.com

Revisions

2013-03-27 00:00: The initial version of this MIB module.