This MIB module defines objects that describe Cisco Access
Control Lists (ACL).
This MIB describes different objects that enable the
network administrator to remotely configure ACLs, apply them
to interfaces and monitor their usage statistics.
A typical application of this MIB module will facilitate
monitoring of ACL match (sometimes referred as hit) counts.
However, by no means does the definition of this MIB module
prevent other applications from using it.
An ACL is an ordered list of statements that deny or permit
packets based on matching fields contained within the packet
header (layer 3 source and destination addresses, layer 4
protocol, layer 4 source and destination port numbers, etc.) In
addition there is an implicit *Deny All* at the end of the ACL.
ACLs are used to perform packet filtering to control
which packets are allowed through the network. Such control
can help limit network traffic, and restrict the access of
applications and devices on the network. Each one of these
statements is referred to as an Access List Control Entry
(ACE).
Here is an example of an ACL configuration.
ipv4 access-list V4Example
10 permit tcp any any
!
ipv6 access-list V6Example
10 permit tcp any any
!
The mechanism for monitoring ACL usage is by configuring, in
the desired ACEs a counter label. A counter label is a name
that is given to a counter and is defined in any ACE. ACEs
that share the same Counter label name will have their counters
aggregated into the same label.
Here is an example of how to use counter labels.
ipv4 access-list V4CounterExample
10 permit tcp any any counter CountPermits
20 permit udp any any counter CountPermits
The same applies to IPv6 ACLs.
This MIB consists of following tables:
* caAclCfgTable
Defines the ACLs configured in the device.
* caAclIPV4ACECfgTable
Defines the ACEs that make up an IPV4 ACL.
* caAclIPV6ACECfgTable
Defines the ACEs that make up an IPV6 ACL.
* caAclAccessGroupCfgTable
Defines the Access Control Groups (ACG) applied to
interfaces on the device.
* caAclLabelIntfStatsTable
Defines the statistics for a specific ACE with counter
labels attached to interfaces on the device.
ciscoACLMIB OBJECT IDENTIFIER ::= { ciscoMgmt 808 }
ciscoACLMIB MODULE-IDENTITY LAST-UPDATED "201303270000Z" ORGANIZATION "Cisco Systems, Inc." CONTACT-INFO "Cisco Systems Customer Service Postal: 170 West Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: [email protected]" DESCRIPTION "This MIB module defines objects that describe Cisco Access Control Lists (ACL). This MIB describes different objects that enable the network administrator to remotely configure ACLs, apply them to interfaces and monitor their usage statistics. A typical application of this MIB module will facilitate monitoring of ACL match (sometimes referred as hit) counts. However, by no means does the definition of this MIB module prevent other applications from using it. An ACL is an ordered list of statements that deny or permit packets based on matching fields contained within the packet header (layer 3 source and destination addresses, layer 4 protocol, layer 4 source and destination port numbers, etc.) In addition there is an implicit *Deny All* at the end of the ACL. ACLs are used to perform packet filtering to control which packets are allowed through the network. Such control can help limit network traffic, and restrict the access of applications and devices on the network. Each one of these statements is referred to as an Access List Control Entry (ACE). Here is an example of an ACL configuration. ipv4 access-list V4Example 10 permit tcp any any ! ipv6 access-list V6Example 10 permit tcp any any ! The mechanism for monitoring ACL usage is by configuring, in the desired ACEs a counter label. A counter label is a name that is given to a counter and is defined in any ACE. ACEs that share the same Counter label name will have their counters aggregated into the same label. Here is an example of how to use counter labels. ipv4 access-list V4CounterExample 10 permit tcp any any counter CountPermits 20 permit udp any any counter CountPermits The same applies to IPv6 ACLs. This MIB consists of following tables: * caAclCfgTable Defines the ACLs configured in the device. * caAclIPV4ACECfgTable Defines the ACEs that make up an IPV4 ACL. * caAclIPV6ACECfgTable Defines the ACEs that make up an IPV6 ACL. * caAclAccessGroupCfgTable Defines the Access Control Groups (ACG) applied to interfaces on the device. * caAclLabelIntfStatsTable Defines the statistics for a specific ACE with counter labels attached to interfaces on the device. " REVISION "201303270000Z" DESCRIPTION "The initial version of this MIB module." ::= { ciscoMgmt 808 }
| OID | Name | Sub children | Sub Nodes Total | Description |
|---|---|---|---|---|
| 1.3.6.1.4.1.9.9.808.1 | caAclMIBObjects | 2 | 76 | None |
| 1.3.6.1.4.1.9.9.808.2 | caAclMIBConformance | 1 | 9 | None |
To many brothers! Only 100 nearest brothers are shown.
| OID | Name | Sub children | Sub Nodes Total | Description |
|---|---|---|---|---|
| ... | ||||
| 1.3.6.1.4.1.9.9.758 | ciscoTelepresenceExchangeSystemMIB | 3 | 173 | The main purpose of this MIB is to provide product component level configuration, status, statistics, events, and alarm notificat… |
| 1.3.6.1.4.1.9.9.759 | ciscoGdoiMIB | 3 | 213 | This MIB module defines objects for managing the GDOI protocol. Copyright (c) The IETF Trust (2010). This version of this MIB mo… |
| 1.3.6.1.4.1.9.9.760 | ciscoPtpMIB | 3 | 182 | The MIB module for PTPv2 (IEEE1588 - 2008) Overview of PTPv2 (IEEE 1588-2008) This IEEE standard defines a protocol enabling prec… |
| 1.3.6.1.4.1.9.9.761 | ciscoNetsyncMIB | 3 | 104 | The Synchronous Ethernet (SyncE) MIB is defined for monitoring network synchronization based on ITU-T G.781 clock selection. Sync… |
| 1.3.6.1.4.1.9.9.762 | ciscoWanOptimizationMIB | 3 | 302 | This MIB is for managing Wide Area Network (WAN) Optimization systems. The objective of WAN optimization system is to reduce as m… |
| 1.3.6.1.4.1.9.9.763 | ciscoVideoTc | 0 | 0 | This MIB module defines a collection of common video-related textual conventions to be used in Cisco MIBS for video-capable produ… |
| 1.3.6.1.4.1.9.9.764 | ciscoUbeMIB | 2 | 12 | This MIB describes objects used for managing Cisco Unified Border Element (CUBE). The Cisco Unified Border Element (CUBE) is a Ci… |
| 1.3.6.1.4.1.9.9.765 | ciscoFlowCloneMIB | 3 | 44 | This MIB module defines objects that manages flow cloning feature. A flow cloning can be described as a hardware or software enti… |
| 1.3.6.1.4.1.9.9.766 | ciscoIpslaVideoProfileMIB | 3 | 29 | IP SLA is a capability which utilizes active monitoring for network performance. It can be used for network troubleshooting, net… |
| 1.3.6.1.4.1.9.9.767 | ciscoLwappDot11ClientRmMIB | 3 | 64 | This MIB is intended to be implemented on all those devices operating as Central controllers, that terminate the Light Weight Acc… |
| 1.3.6.1.4.1.9.9.768 | ciscoEntitySensorHistoryMIB | 2 | 20 | This MIB module defines objects that describe collections and measurement information for each sensor supporting historical data … |
| 1.3.6.1.4.1.9.9.769 | ciscoMediaQualityMIB | 3 | 214 | This MIB module enhances the DIAL-CONTROL-MIB (RFC2128) by providing call information and voice and video quality statistics of c… |
| 1.3.6.1.4.1.9.9.770 | ciscoTcpMetricsMIB | 4 | 22 | This MIB module defines objects that describe the quality metrics of TCP streams. GLOSSARY ============ Flow Monitor - a hardware o… |
| 1.3.6.1.4.1.9.9.771 | ciscoMediaMetricsMIB | 4 | 38 | This MIB module defines objects that describe the quality metrics of Media streams. GLOSSARY ============ Flow Monitor - a hardware… |
| 1.3.6.1.4.1.9.9.772 | ciscoPfrMIB | 3 | 303 | This MIB module defines objects that describe Performance Routing (PfR). Standard routing protocols base routing decisions on re… |
| 1.3.6.1.4.1.9.9.773 | ciscoSwitchRateLimiterMIB | 3 | 28 | This MIB module defines management objects for the Switch Rate Limiter features on Cisco Layer 2 and Layer 3 devices. Rate limits … |
| 1.3.6.1.4.1.9.9.774 | ciscoVdcMIB | 3 | 90 | CISCO-VDC-MIB |
| 1.3.6.1.4.1.9.9.775 | ciscoSelectiveVrfDownloadMIB | 3 | 41 | This MIB module defines objects describing selective VRF download. The selective VRF download feature makes a best effort to dow… |
| 1.3.6.1.4.1.9.9.776 | ciscoNetflowLiteMIB | 3 | 56 | This MIB provides a method to configure Netflow-lite feature and get information in these areas: 1. Exporter config information a… |
| 1.3.6.1.4.1.9.9.777 | ciscoDsgIfExtMIB | 3 | 15 | A MIB module for extending the DSG-IF-MIB (ITU-T J.128 10/2008) to add objects which provide additional management information ab… |
| 1.3.6.1.4.1.9.9.779 | ciscoPmonMIB | 3 | 14 | This MIB module is for providing the port monitoring information. |
| 1.3.6.1.4.1.9.9.782 | ciscoSubscriberIdentityTcMIB | 0 | 0 | This MIB module defines textual conventions describing subscriber session identities. A subscriber session identity consists of … |
| 1.3.6.1.4.1.9.9.783 | ciscoDynamicTemplateTcMIB | 0 | 0 | This MIB module defines textual conventions used by the CISCO-DYNAMIC-TEMPLATE-MIB and MIB modules that use and expand on dynamic… |
| 1.3.6.1.4.1.9.9.784 | ciscoDynamicTemplateMIB | 3 | 152 | This MIB defines objects that describe dynamic templates. A dynamic template is a set of configuration attributes that a system … |
| 1.3.6.1.4.1.9.9.785 | ciscoSubscriberSessionTcMIB | 0 | 0 | This MIB module defines textual conventions describing subscriber sessions. |
| 1.3.6.1.4.1.9.9.786 | ciscoSubscriberSessionMIB | 3 | 187 | This MIB defines objects describing subscriber sessions, or more specifically, subscriber sessions terminated by a RAS. A subscr… |
| 1.3.6.1.4.1.9.9.789 | ciscoFlowMetadataMIB | 3 | 30 | The MIB module for managing Cisco medianet flow metadata. Metadata, in the simplest form, is data that qualifies other data. Flow… |
| 1.3.6.1.4.1.9.9.790 | ciscoSwitchCefMIB | 3 | 33 | This MIB module defines management objects for the CEF features on Cisco Layer 2 and Layer 3 devices. Definition of some of the t… |
| 1.3.6.1.4.1.9.9.791 | ciscoAppNavMIB | 2 | 51 | This MIB module defines SNMP management objects describing the AppNav technology. A device, which implements the AppNav technolog… |
| 1.3.6.1.4.1.9.9.793 | ciscoMspMIB | 3 | 54 | Objective of media services proxy is to provide media services to end-points and its flows identified by a set of protocols. Medi… |
| 1.3.6.1.4.1.9.9.798 | ciscoLocalAuthUserMIB | 3 | 40 | This MIB module defines objects describing users authenticated locally by a Network Access Server (NAS). + | | | … |
| 1.3.6.1.4.1.9.9.800 | ciscoMediatraceMIB | 3 | 191 | Mediatrace helps to isolate and troubleshoot network degradation problems by enabling a network administrator to discover an Inte… |
| 1.3.6.1.4.1.9.9.801 | ciscoFabricPathTopologyMIB | 3 | 40 | This MIB module defines managed objects that facilitate the management of Cisco's FabricPath Topology technology. |
| 1.3.6.1.4.1.9.9.803 | ciscoSwitchFabricMIB | 3 | 30 | This MIB module defined managed objects that facilitates the management of switching fabric information in a Cisco switch. |
| 1.3.6.1.4.1.9.9.804 | ciscoHardwareIpVerifyMIB | 3 | 13 | This MIB module defines management objects for configuration and monitoring of the Intrusion Detection System (IDS) that checks f… |
| 1.3.6.1.4.1.9.9.806 | ciscoL2natMIB | 2 | 80 | Network Address Translation (NAT) involves translating the source and or destination IP addresses of packets as they traverse fro… |
| 1.3.6.1.4.1.9.9.807 | ciscoVpcMIB | 3 | 73 | This MIB module defines MIB objects which provide management information for configuring and monitoring of Virtual Port Channel(V… |
| 1.3.6.1.4.1.9.9.809 | ciscoWebExMeetingMIB | 3 | 58 | Cisco WebEx Collaboration Host is a software-only system, with hardware independence a key goal. To that end, it will be designed… |
| 1.3.6.1.4.1.9.9.810 | ciscoOtvMIB | 3 | 129 | This MIB module is for configuration & statistic query of Overlay Transport Virtualization (OTV) functionality on Cisco routers a… |
| 1.3.6.1.4.1.9.9.811 | ciscoVlanIfTableRelationshipMIB | 1 | 12 | None |
| 1.3.6.1.4.1.9.9.812 | ciscoLptsMIB | 3 | 22 | The MIB module for Local Packet Transport Services(LPTS) related information like the flows and the policer values related to var… |
| 1.3.6.1.4.1.9.9.813 | ciscoPfcExtMIB | 3 | 27 | This MIB module defines management objects for monitoring information of Priority-based Flow Control. The following terms are used… |
| 1.3.6.1.4.1.9.9.814 | ciscoLivedataMIB | 3 | 57 | Cisco LiveData is the next generation reporting product for Cisco Unified Contact Center Enterprise (CCE). Cisco LiveData provid… |
| 1.3.6.1.4.1.9.9.816 | ciscoVpnLicUsageMonitorMIB | 2 | 60 | Acronyms and Definitions The following acronyms and terms are used in this document: IPSec: Secure IP Protocol VPN: Virtual Priva… |
| 1.3.6.1.4.1.9.9.817 | ciscoWanCellExtMIB | 3 | 81 | This MIB module is an extension of CISCO-WAN-3G-MIB.my, and it provides network management support for Cisco cellular WAN 4G/LTE p… |
| 1.3.6.1.4.1.9.9.818 | ciscoNatCgnExtMIB | 3 | 69 | This MIB module extends the IETF draft NAT MIB available at http://tools.ietf.org/html/draft-ietf-behave-nat-mib-11 The extension… |
| 1.3.6.1.4.1.9.9.819 | ciscoWpanMIB | 3 | 25 | This MIB module defines management objects for configuration and monitoring of Wireless Personal Area Network (WPAN). Personal Are… |
| 1.3.6.1.4.1.9.9.820 | ciscoNetworkVirtualizationOverlayMIB | 3 | 61 | This MIB module is for managing Network Virtualization Overlay functionality on Cisco devices. The following terms are used throu… |
| 1.3.6.1.4.1.9.9.821 | ciscoCableIronBusStatMIB | 3 | 22 | This is the MIB module for Cable Iron Bus Statistics for DOCSIS-compliant Cable Modem Termination Systems (CMTS). The Statistics … |
| 1.3.6.1.4.1.9.9.822 | ciscoDtiExtMIB | 3 | 12 | This MIB module provides the trap objects necessary to monitor the DOCSIS Timing Interface devices. |
| 1.3.6.1.4.1.9.9.824 | ciscoQpLbgMIB | 3 | 74 | This MIB module represents the Qam-Partition (QP) and Load Balance Group (LBG) parameters in the headend and it is supported by … |
| 1.3.6.1.4.1.9.9.825 | ciscoLispExtMIB | 3 | 77 | This MIB is an extension to the IETF LISP-MIB module defined in RFC 7052. It contains Cisco defined managed objects and traps to … |
| 1.3.6.1.4.1.9.9.827 | ciscoUspMIB | 3 | 80 | The MIB Module for the management of the Cisco Unified SIP Proxy (CUSP) service. CUSP is a Session Initiation Protocol (SIP) prox… |
| 1.3.6.1.4.1.9.9.828 | ciscoOpticalMIB | 3 | 176 | This MIB module defines the managed objects for physical layer characteristics of optical interfaces and performance statistics o… |
| 1.3.6.1.4.1.9.9.829 | ciscoSslvpnMIB | 3 | 53 | This MIB module defines management objects for configuration and monitoring of the Cisco secure gateway that implements SSLVPN. Gl… |
| 1.3.6.1.4.1.9.9.831 | ciscoSmartLicMIB | 3 | 78 | The MIB module for managing licenses on the system. The licensing mechanism provides flexibility to enforce licensing for various… |
| ... | ||||