CISCO-ACL-MIB

File: CISCO-ACL-MIB.mib (63012 bytes)

Imported modules

SNMPv2-SMI SNMPv2-TC SNMPv2-CONF
SNMP-FRAMEWORK-MIB INET-ADDRESS-MIB IF-MIB
CISCO-TC CISCO-SMI

Imported symbols

MODULE-IDENTITY OBJECT-TYPE Counter64
Unsigned32 Integer32 TEXTUAL-CONVENTION
RowStatus MODULE-COMPLIANCE OBJECT-GROUP
SnmpAdminString InetAddressType InetPortNumber
InetAddress ifIndex CiscoIpProtocol
ciscoMgmt

Defined Types

CaAclTrafficDirection  
Enumeration value indicating the direction of the ACL ingress - in the ingress (input) direction, egress - in the egress (output) direction.
TEXTUAL-CONVENTION    
  INTEGER ingress(1), egress(2)  

CaAclACLIndex  
A unique value, greater than zero, for each ACL name in the managed system. It is recommended that these values be assigned contiguously starting from 1. The value for each ACL name must remains constant at least from one re-initialization of the entity's network management system to the next re-initialization.
TEXTUAL-CONVENTION    
  Unsigned32 1..4294967295  

CaAclSequenceNumber  
A unsigned 32-bit integer value.
TEXTUAL-CONVENTION    
  Unsigned32 1..4294967295  

CaAclPortOperator  
This textual convention represents the operator that will be applied on the transport layer source/destination ports. The port in packets to be filtered and the port (or port range in case of range(5)). lt(1) - match ports that are small than the configured value. gt(2) - match ports that are greater than the configured value. eq(3) - match ports that are equal to the configured value. neq(4) - match ports that are not equal to the configured value. range(5) - match ports in the range of configured values, inclusive.
TEXTUAL-CONVENTION    
  INTEGER lt(1), gt(2), eq(3), neq(4), range(5)  

CaAclAction  
Enumeration value indicating the action to be taken on packets that match the ACE. permit(1) the packet will be considered for further processing. deny(2) the packet will be dropped without any further processing.
TEXTUAL-CONVENTION    
  INTEGER permit(1), deny(2)  

CaAclLogOption  
Enumeration value indicating the log option that is to be applied to an ACE. Currently the options are log-input and log. The difference between log and logInput is that logInput logs all the information as in log, with the addition of ingress interface as well as the MAC address of the device that last handled the packet.
TEXTUAL-CONVENTION    
  INTEGER log(1), logInput(2)  

CaAclTcpFlagsMatch  
An enumeration value indicating the type of matching that is to be done on the TCP flags field of the packet, providing that the packet being filtered is a TCP packet. matchAny(1) - take caAclAction if any of TCP flags in the packet match the configured value. matchAll(2) - take caAclAction only if all the TCP flags in packet match the configured value. matchNone(3) - take caAclAction only if none of the TCP flags in the packet match the configure value.
TEXTUAL-CONVENTION    
  INTEGER matchAny(1), matchAll(2), matchNone(3)  

CaAclPrecedenceValue  
An enumeration value indicating the value of the precedence field. It is specified as a number between 0 and 7, as defined in RFC-791.
TEXTUAL-CONVENTION    
  INTEGER routine(0), priority(1), immediate(2), flash(3), flashOverride(4), critical(5), internet(6), network(7)  

CaAclCfgTableEntry  
SEQUENCE    
  caAclIndex CaAclACLIndex
  caAclAddressType InetAddressType
  caAclName SnmpAdminString
  caAclRowStatus RowStatus

CaAclIPV4ACECfgTableEntry  
SEQUENCE    
  caAclIPV4ACESequenceNumber CaAclSequenceNumber
  caAclIPV4ACEAction CaAclAction
  caAclIPV4ACEProtocol CiscoIpProtocol
  caAclIPV4ACESourceAddress InetAddress
  caAclIPV4ACESourceWildCardMask InetAddress
  caAclIPV4ACESourceNetworkGroup SnmpAdminString
  caAclIPV4ACESourcePortOperator CaAclPortOperator
  caAclIPV4ACESourcePort InetPortNumber
  caAclIPV4ACESourcePortUpper InetPortNumber
  caAclIPV4ACESourcePortGroup SnmpAdminString
  caAclIPV4ACEDestinationAddress InetAddress
  caAclIPV4ACEDestinationWildCardMask InetAddress
  caAclIPV4ACEDestinationNetworkGroup SnmpAdminString
  caAclIPV4ACEDestinationPortOperator CaAclPortOperator
  caAclIPV4ACEDestinationPort InetPortNumber
  caAclIPV4ACEDestinationPortUpper InetPortNumber
  caAclIPV4ACEDestinationPortGroup SnmpAdminString
  caAclIPV4ACEDscpValue Unsigned32
  caAclIPV4ACETcpFlagsValue Unsigned32
  caAclIPV4ACETcpFlagsMask Unsigned32
  caAclIPV4ACETcpFlagsMatchType CaAclTcpFlagsMatch
  caAclIPV4ACETosValue Unsigned32
  caAclIPV4ACEPrecedenceValue CaAclPrecedenceValue
  caAclIPV4ACELogOption CaAclLogOption
  caAclIPV4ACECounterLabel SnmpAdminString
  caAclIPV4ACERemark SnmpAdminString
  caAclIPV4ACERowStatus RowStatus

CaAclIPV6ACECfgTableEntry  
SEQUENCE    
  caAclIPV6ACESequenceNumber CaAclSequenceNumber
  caAclIPV6ACEAction CaAclAction
  caAclIPV6ACEProtocol CiscoIpProtocol
  caAclIPV6ACESourceAddress InetAddress
  caAclIPV6ACESourcePrefixLength Integer32
  caAclIPV6ACESourceNetworkGroup SnmpAdminString
  caAclIPV6ACESourcePortOperator CaAclPortOperator
  caAclIPV6ACESourcePort InetPortNumber
  caAclIPV6ACESourcePortUpper InetPortNumber
  caAclIPV6ACESourcePortGroup SnmpAdminString
  caAclIPV6ACEDestinationAddress InetAddress
  caAclIPV6ACEDestinationPrefixLength Integer32
  caAclIPV6ACEDestinationNetworkGroup SnmpAdminString
  caAclIPV6ACEDestinationPortOperator CaAclPortOperator
  caAclIPV6ACEDestinationPort InetPortNumber
  caAclIPV6ACEDestinationPortUpper InetPortNumber
  caAclIPV6ACEDestinationPortGroup SnmpAdminString
  caAclIPV6ACETrafficClassValue Unsigned32
  caAclIPV6ACETcpFlagsValue Unsigned32
  caAclIPV6ACETcpFlagsMask Unsigned32
  caAclIPV6ACETcpFlagsMatchType CaAclTcpFlagsMatch
  caAclIPV6ACELogOption CaAclLogOption
  caAclIPV6ACECounterLabel SnmpAdminString
  caAclIPV6ACERemark SnmpAdminString
  caAclIPV6ACERowStatus RowStatus

CaAclAccessGroupCfgEntry  
SEQUENCE    
  caAclAccessGroupACL CaAclACLIndex
  caAclAccessGroupCfgAddressType InetAddressType
  caAclAccessGroupDirection CaAclTrafficDirection
  caAclAccessGroupSequenceNumber CaAclSequenceNumber
  caAclAccessGroupRowStatus RowStatus

CaAclLabelIntfStatsEntry  
SEQUENCE    
  caAclIntfStatsCounterLabelName SnmpAdminString
  caAclIntfStatsPackets Counter64
  caAclIntfStatsOctets Counter64

Defined Values

ciscoACLMIB 6.4.1.9.9.808
This MIB module defines objects that describe Cisco Access Control Lists (ACL). This MIB describes different objects that enable the network administrator to remotely configure ACLs, apply them to interfaces and monitor their usage statistics. A typical application of this MIB module will facilitate monitoring of ACL match (sometimes referred as hit) counts. However, by no means does the definition of this MIB module prevent other applications from using it. An ACL is an ordered list of statements that deny or permit packets based on matching fields contained within the packet header (layer 3 source and destination addresses, layer 4 protocol, layer 4 source and destination port numbers, etc.) In addition there is an implicit *Deny All* at the end of the ACL. ACLs are used to perform packet filtering to control which packets are allowed through the network. Such control can help limit network traffic, and restrict the access of applications and devices on the network. Each one of these statements is referred to as an Access List Control Entry (ACE). Here is an example of an ACL configuration. ipv4 access-list V4Example 10 permit tcp any any ! ipv6 access-list V6Example 10 permit tcp any any ! The mechanism for monitoring ACL usage is by configuring, in the desired ACEs a counter label. A counter label is a name that is given to a counter and is defined in any ACE. ACEs that share the same Counter label name will have their counters aggregated into the same label. Here is an example of how to use counter labels. ipv4 access-list V4CounterExample 10 permit tcp any any counter CountPermits 20 permit udp any any counter CountPermits The same applies to IPv6 ACLs. This MIB consists of following tables: * caAclCfgTable Defines the ACLs configured in the device. * caAclIPV4ACECfgTable Defines the ACEs that make up an IPV4 ACL. * caAclIPV6ACECfgTable Defines the ACEs that make up an IPV6 ACL. * caAclAccessGroupCfgTable Defines the Access Control Groups (ACG) applied to interfaces on the device. * caAclLabelIntfStatsTable Defines the statistics for a specific ACE with counter labels attached to interfaces on the device.
MODULE-IDENTITY    

caAclMIBObjects 6.4.1.9.9.808.1
OBJECT IDENTIFIER    

caAclMIBConformance 6.4.1.9.9.808.2
OBJECT IDENTIFIER    

caAclConfiguration 6.4.1.9.9.808.1.1
OBJECT IDENTIFIER    

caAclStats 6.4.1.9.9.808.1.2
OBJECT IDENTIFIER    

caAclMIBACEConform 6.4.1.9.9.808.2.1
OBJECT IDENTIFIER    

caAclMIBACECompliances 6.4.1.9.9.808.2.1.1
OBJECT IDENTIFIER    

caAclMIBCfgGroups 6.4.1.9.9.808.2.1.2
OBJECT IDENTIFIER    

caAclCfgTable 6.4.1.9.9.808.1.1.1
A table of ACL definitions. Each entry in this table defines a unique IPV4 or IPV6 ACL.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    CaAclCfgTableEntry

caAclCfgTableEntry 6.4.1.9.9.808.1.1.1.1
A conceptual row in the caAclTable. Each entry of this table consists of acl index and the address type. This is so that the table may contain both IPV4 and IPV6 ACLs.
Status: current Access: not-accessible
OBJECT-TYPE    
  CaAclCfgTableEntry  

caAclIndex 6.4.1.9.9.808.1.1.1.1.1
An arbitrary (system assigned) index for each ACL name. The index is unique for each ACL name in the device, but is further qualified by the address family. For example, consider the following configuration: ipv4 access-list ACL1 10 permit ipv4 any any ! ipv6 access-list ACL1 10 permit ipv6 any any In this case the caAclIndex value for both ACLs will be the same.
Status: current Access: not-accessible
OBJECT-TYPE    
  CaAclACLIndex  

caAclAddressType 6.4.1.9.9.808.1.1.1.1.2
This object defines the address family of the ACL.
Status: current Access: not-accessible
OBJECT-TYPE    
  InetAddressType  

caAclName 6.4.1.9.9.808.1.1.1.1.3
A string that identifies the ACL name.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(1..64)  

caAclRowStatus 6.4.1.9.9.808.1.1.1.1.4
This object is used to create, modify, or delete an entry in the caAclTable. A row can be created using the 'CreateAndGo' option. When the row is successfully created, the RowStatus will be set to active by the agent. Once a row becomes active, values in any other column within the row cannot be modified. A row may be deleted by setting the RowStatus for 'destroy'.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

caAclIPV4ACECfgTable 6.4.1.9.9.808.1.1.2
A table of IPV4 ACE definitions. The ACE definition controls whether packets are accepted or rejected. The access control may be applied before sending the packet to the forwarding engine, or may be applied after the packet is processed by the forwarding engine. If two ACE entries with the same sequence number are configured the latter will overwrite the former.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    CaAclIPV4ACECfgTableEntry

caAclIPV4ACECfgTableEntry 6.4.1.9.9.808.1.1.2.1
A conceptual row in the caAclIPV4ACLTable. Each entry of this table consists of a set of match criteria for a given ACL.
Status: current Access: not-accessible
OBJECT-TYPE    
  CaAclIPV4ACECfgTableEntry  

caAclIPV4ACESequenceNumber 6.4.1.9.9.808.1.1.2.1.1
This object uniquely identifies an ACE within an ACL. Sequence numbers are assigned to each permit/deny statement, causing the system to insert the statement in that numbered position within the ACL. If two ACE entries with the same sequence number are configured, the latter one will overwrite the former.
Status: current Access: not-accessible
OBJECT-TYPE    
  CaAclSequenceNumber  

caAclIPV4ACEAction 6.4.1.9.9.808.1.1.2.1.2
This object indicates the type of action to be taken if the packet matches the given criteria. If it is set to permit(1), all packets matching this ACE will be allowed for further processing. If it is set to deny(2), all packets matching this ACE will be discarded.
Status: current Access: read-create
OBJECT-TYPE    
  CaAclAction  

caAclIPV4ACEProtocol 6.4.1.9.9.808.1.1.2.1.3
This object identifies the layer 3 protocol type to be filtered by the ACE. Protocol numbers are defined in the Network Working Group Request For Comment documents.
Status: current Access: read-create
OBJECT-TYPE    
  CiscoIpProtocol  

caAclIPV4ACESourceAddress 6.4.1.9.9.808.1.1.2.1.4
This object determines the address of the network or host from which the packet is being sent. If this object value is 0.0.0.0 and the value of caAclIPV4ACESourceWildCardMask object in the same entry is 255.255.255.255, this entry matches any source address. If this object value is not 0.0.0.0 and the value of caAclIPV4ACESourceWildCardMask is 0.0.0.0, this entry matches specific host address defined in this object.
Status: current Access: read-create
OBJECT-TYPE    
  InetAddress  

caAclIPV4ACESourceWildCardMask 6.4.1.9.9.808.1.1.2.1.5
This object determines the mask of wild card address bits for caAclIPV4ACESourceAddress. Wild card masking is to indicate to the system whether to check or ignore the corresponding IP address bits when comparing the address bits in an ACL to a packet being submitted to the ACL. The default wild card mask is 0.0.0.0. The wild card mask is the inverse of a regular subnet mask. If the mask value 0.0.0.255 is applied to 1.2.3.0.
Status: current Access: read-create
OBJECT-TYPE    
  InetAddress  

caAclIPV4ACESourceNetworkGroup 6.4.1.9.9.808.1.1.2.1.6
This object defines the Source Network Object Group from which the packet is being sent.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(1..64)  

caAclIPV4ACESourcePortOperator 6.4.1.9.9.808.1.1.2.1.7
This object defines the operation to be performed to the layer source port field. Source port fields are present only for IGMP, ICMP, SCTP, TCP, and UDP protocols. If caAclIPV4ACEProtocol is none of the ones listed above, this field should set to noOperator(1), which means not comparison is to be performed. If this field is set to range(5) then two port numbers are necessary. I.e., Both caAclIPV4ACESourcePort and caAclIPV4ACESourcePortUpper need to be provided.
Status: current Access: read-create
OBJECT-TYPE    
  CaAclPortOperator  

caAclIPV4ACESourcePort 6.4.1.9.9.808.1.1.2.1.8
This object defines the source port number of the layer 4 protocol. This is the field to be matched with the specified source port based on the caAclIPV4ACESourcePortOperator. If caAclIPV4ACESourcePortOperator is range(5) then this object will have the inclusive lower bound of the source port range that is to be matched.
Status: current Access: read-create
OBJECT-TYPE    
  InetPortNumber  

caAclIPV4ACESourcePortUpper 6.4.1.9.9.808.1.1.2.1.9
This object defines the inclusive upper bound of the layer 4 source port range that is to be matched.
Status: current Access: read-create
OBJECT-TYPE    
  InetPortNumber  

caAclIPV4ACESourcePortGroup 6.4.1.9.9.808.1.1.2.1.10
This object defines the Source Port Object Group from which the packet is being sent.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(1..64)  

caAclIPV4ACEDestinationAddress 6.4.1.9.9.808.1.1.2.1.11
This object determines the address of the network or host to which the packet is being sent. If this object value is 0.0.0.0 and the value of caAclIPV4ACLDestinationWildCardMask object in the same entry is 255.255.255.255, this entry matches any source IP address. If this object value is not 0.0.0.0 and the value of caAclIPV4ACLDestinationWildCardMask is 0.0.0.0, this entry matches the specific host address defined in this object.
Status: current Access: read-create
OBJECT-TYPE    
  InetAddress  

caAclIPV4ACEDestinationWildCardMask 6.4.1.9.9.808.1.1.2.1.12
This object determines the mask of wild card address bits for caAclIPV4ACLDestinationAddress. Wild card masking is to indicate to the system whether to check or ignore the corresponding IP address bits when comparing the address bits in an ACE to a packet being submitted to the ACE. The default wild card mask is 0.0.0.0. The wild card mask is the inverse of a regular subnet mask. If the mask value 0.0.0.255 is applied to the address 1.2.3.4, it will match all traffic from subnet 1.2.3.0.
Status: current Access: read-create
OBJECT-TYPE    
  InetAddress  

caAclIPV4ACEDestinationNetworkGroup 6.4.1.9.9.808.1.1.2.1.13
This object defines the Destination Network Object Group to which the packet is being sent.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(1..64)  

caAclIPV4ACEDestinationPortOperator 6.4.1.9.9.808.1.1.2.1.14
This object defines the operation to be performed to the layer destination port field. Source port fields are present only for IGMP, ICMP, SCTP, TCP, and UDP protocols. If caAclIPV4ACLProtocol is none of the ones listed above, this field should set to noOperator(1), which means not comparison is to be performed. If this field is set to range(5) then two port numbers are necessary. I.e., Both caAclIPV4ACEDestinationPort and caAclIPV4ACEDestinationPortUpper need to be provided.
Status: current Access: read-create
OBJECT-TYPE    
  CaAclPortOperator  

caAclIPV4ACEDestinationPort 6.4.1.9.9.808.1.1.2.1.15
This object defines the destination port number of the layer 4 protocol. This is the field to be matched with the specified destination port based on the caAclIPV4ACLSourceOperator. If caAclIPV4ACLDestinationOperator is range(5) then this object will have the inclusive lower bound of the destination port range that is to be matched.
Status: current Access: read-create
OBJECT-TYPE    
  InetPortNumber  

caAclIPV4ACEDestinationPortUpper 6.4.1.9.9.808.1.1.2.1.16
This object defines the inclusive upper bound of the layer 4 destination port range that is to be matched.
Status: current Access: read-create
OBJECT-TYPE    
  InetPortNumber  

caAclIPV4ACEDestinationPortGroup 6.4.1.9.9.808.1.1.2.1.17
This object defines the Source Port Object Group to which the packet is being sent.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(1..64)  

caAclIPV4ACEDscpValue 6.4.1.9.9.808.1.1.2.1.18
This object defines the dscp value that will be considered in the match criteria against the value in the packet.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32 0..63  

caAclIPV4ACETcpFlagsValue 6.4.1.9.9.808.1.1.2.1.19
This object defines the value of the TCP flags which will be considered in the match criteria based on caAclIPV4ACLTcpFlagsMatchType. Users can select any desired combination of the TCP flags on which to filter TCP packets.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32 0..255  

caAclIPV4ACETcpFlagsMask 6.4.1.9.9.808.1.1.2.1.20
This object defines the mask value of the TCP flags field.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32 0..255  

caAclIPV4ACETcpFlagsMatchType 6.4.1.9.9.808.1.1.2.1.21
This object defines the type of matching to be done on the TCP flags field.
Status: current Access: read-create
OBJECT-TYPE    
  CaAclTcpFlagsMatch  

caAclIPV4ACETosValue 6.4.1.9.9.808.1.1.2.1.22
This object defines the value of the TOS field to be filtered. Packets can be filtered by the TOS level as specified by a number from 0 to 15. Use the value 16 to indicate that the TOS field should be ignored during matching.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32 0..16  

caAclIPV4ACEPrecedenceValue 6.4.1.9.9.808.1.1.2.1.23
This object indicates the value of the precedence field to be filtered.
Status: current Access: read-create
OBJECT-TYPE    
  CaAclPrecedenceValue  

caAclIPV4ACELogOption 6.4.1.9.9.808.1.1.2.1.24
This object defines the value of the log option field to be applied to packets that match this ACE entry.
Status: current Access: read-create
OBJECT-TYPE    
  CaAclLogOption  

caAclIPV4ACECounterLabel 6.4.1.9.9.808.1.1.2.1.25
This object defines the counter label name for this ACE. ACEs that share the same counter label name will have their hit counts aggregated into the same counter label name.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(1..64)  

caAclIPV4ACERemark 6.4.1.9.9.808.1.1.2.1.26
This object defines a comment in the ACL. It helps the user to define some meaningful comment to identify the ACE quickly, or to know the purpose of a set of ACEs. This field is not used during packet matching.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(1..100)  

caAclIPV4ACERowStatus 6.4.1.9.9.808.1.1.2.1.27
This object is used to create, modify, or delete an entry in the caAclIPV4ACLTable. A row can be created using the 'CreateAndGo' option. When the row is successfully created, the RowStatus will be set to active by the agent. A row may be deleted by setting the RowStatus for 'destroy'. The minimum objects required to delete a row in this table is simply the sequence number (caAclIPV4ACESequenceNumber).
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

caAclIPV6ACECfgTable 6.4.1.9.9.808.1.1.3
A table of IPV6 ACE definitions. The ACE definition controls whether packets are accepted or rejected. The access control may be applied before sending the packet to the forwarding engine, or may be applied after the packet is processed by the forwarding engine.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    CaAclIPV6ACECfgTableEntry

caAclIPV6ACECfgTableEntry 6.4.1.9.9.808.1.1.3.1
A conceptual row in the caAclIPV6ACLTable. Each entry of this table consists of a set of match criteria for a given ACL.
Status: current Access: not-accessible
OBJECT-TYPE    
  CaAclIPV6ACECfgTableEntry  

caAclIPV6ACESequenceNumber 6.4.1.9.9.808.1.1.3.1.1
This object uniquely identifies an ACE within an ACL. Sequence numbers are assigned to each permit/deny statement, causing the system to insert the statement in that numbered position within the ACL.
Status: current Access: not-accessible
OBJECT-TYPE    
  CaAclSequenceNumber  

caAclIPV6ACEAction 6.4.1.9.9.808.1.1.3.1.2
This object indicates the type of action to be taken if the packet matches the given criteria. If it is set to permit(1), all packets matching this ACE will be allowed for further processing. If it is set to deny(2), all packets matching this ACE will be discarded.
Status: current Access: read-create
OBJECT-TYPE    
  CaAclAction  

caAclIPV6ACEProtocol 6.4.1.9.9.808.1.1.3.1.3
This object identifies the protocol type to be filtered by the ACE. Protocol numbers are defined in the Network Working Group Request For Comment (RFC) documents.
Status: current Access: read-create
OBJECT-TYPE    
  CiscoIpProtocol  

caAclIPV6ACESourceAddress 6.4.1.9.9.808.1.1.3.1.4
This object determines the address of the network or host from which the packet is being sent. If this object value is 0::0 and the value of caAclIPV6ACLSourcePrefixLength is 0 then this matches any source address. If this object value is not 0::0 and the value of caAclIPV6ACLSourcePrefixLength is less than 128, this entry matches the all the addresses that are in the sub-net. If this object value is 0::0 and the value of caAclIPV6ACLSourcePrefixLength is also 0, this entry matches all hosts.
Status: current Access: read-create
OBJECT-TYPE    
  InetAddress  

caAclIPV6ACESourcePrefixLength 6.4.1.9.9.808.1.1.3.1.5
This object determines the number of bits in the field caAclIPV6ACLSourceAddress to be checked. If the value of this object is 0, then the source address in the packet must match caAclIPV6ACESourceAddress exactly for the ACE action to be taken.
Status: current Access: read-create
OBJECT-TYPE    
  Integer32 0..128  

caAclIPV6ACESourceNetworkGroup 6.4.1.9.9.808.1.1.3.1.6
This object defines the Source Network Object Group from which the packet is being sent.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(1..64)  

caAclIPV6ACESourcePortOperator 6.4.1.9.9.808.1.1.3.1.7
This object defines the operation to be performed to the layer source port field. Source port fields are present only for IGMP, ICMP, SCTP, TCP, and UDP protocols. If caAclIPV6ACLProtocol is none of the ones listed above, this field should set to noOperator(1), which means not comparison is to be performed. If this field is set to range(5) then two port numbers are necessary. I.e., Both caAclIPV6ACLSourcePort and caAclIPV6ACLSourcePortUpper need to be provided.
Status: current Access: read-create
OBJECT-TYPE    
  CaAclPortOperator  

caAclIPV6ACESourcePort 6.4.1.9.9.808.1.1.3.1.8
This object defines the source port number of the layer 4 protocol. This is the field to be matched with the specified source port based on the caAclIPV6ACLSourceOperator. If caAclIPV6ACLSourceOperator is range(5) then this object wail have the inclusive lower bound of the source port range that is to be matched.
Status: current Access: read-create
OBJECT-TYPE    
  InetPortNumber  

caAclIPV6ACESourcePortUpper 6.4.1.9.9.808.1.1.3.1.9
This object defines the inclusive upper bound of the layer 4 source port range that is to be matched.
Status: current Access: read-create
OBJECT-TYPE    
  InetPortNumber  

caAclIPV6ACESourcePortGroup 6.4.1.9.9.808.1.1.3.1.10
This object defines the Source Port Object Group from which the packet is being sent.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(1..64)  

caAclIPV6ACEDestinationAddress 6.4.1.9.9.808.1.1.3.1.11
This object determines the address of the network or host to which the packet is being sent. If this object value is 0::0 and the value of caAclIPV6ACLSourcePrefixLength is 0 then this matches any source address. If this object value is not 0::0 and the value of caAclIPV6ACLSourcePrefixLength is less than 128, this entry matches the all the addresses that are in the sub-net. If this object value is 0::0 and the value of caAclIPV6ACLSourcePrefixLength is also 0, this entry matches all osts.
Status: current Access: read-create
OBJECT-TYPE    
  InetAddress  

caAclIPV6ACEDestinationPrefixLength 6.4.1.9.9.808.1.1.3.1.12
This object determines the number of bits in the field caAclIPV6ACLDestinationAddress to be checked. If the value of this object is 0, then the source address in the packet must match caAclIPV6ACEDestinationAddress exactly for the ACE action to be taken.
Status: current Access: read-create
OBJECT-TYPE    
  Integer32 0..128  

caAclIPV6ACEDestinationNetworkGroup 6.4.1.9.9.808.1.1.3.1.13
This object defines the Source Network Object Group to which the packet is being sent.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(1..64)  

caAclIPV6ACEDestinationPortOperator 6.4.1.9.9.808.1.1.3.1.14
This object defines the operation to be performed to the layer destination port field. Source port fields are present only for IGMP, ICMP, SCTP, TCP, and UDP protocols. If caAclIPV6ACLProtocol is none of the ones listed above, this field should set to noOperator(1), which means no comparison is to be performed. If this field is set to range(5) then two port numbers are necessary. I.e., Both caAclIPV6ACLDestinationPort and caAclIPV6ACLDestinationPortUpper need to be provided.
Status: current Access: read-create
OBJECT-TYPE    
  CaAclPortOperator  

caAclIPV6ACEDestinationPort 6.4.1.9.9.808.1.1.3.1.15
This object defines the destination port number of the layer 4 protocol. This is the field to be matched with the specified destination port based on the caAclIPV6ACLSourceOperator. If caAclIPV6ACLDestinationOperator is range(5) then this object will have the inclusive lower bound of the destination port range that is to be matched.
Status: current Access: read-create
OBJECT-TYPE    
  InetPortNumber  

caAclIPV6ACEDestinationPortUpper 6.4.1.9.9.808.1.1.3.1.16
This object defines the inclusive upper bound of the layer 4 destination port range that is to be matched.
Status: current Access: read-create
OBJECT-TYPE    
  InetPortNumber  

caAclIPV6ACEDestinationPortGroup 6.4.1.9.9.808.1.1.3.1.17
This object defines the Source Port Object Group to which the packet is being sent.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(1..64)  

caAclIPV6ACETrafficClassValue 6.4.1.9.9.808.1.1.3.1.18
This object defines the traffic class value that will be considered in the match criteria against the value in the packet.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32 0..255  

caAclIPV6ACETcpFlagsValue 6.4.1.9.9.808.1.1.3.1.19
This object defines the value of the TCP flags which will be considered in the match criteria based on caAclIPV6ACLTcpFlagsMatchType. Users can select any desired combination of the TCP flags on which to filter TCP packets.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32 0..255  

caAclIPV6ACETcpFlagsMask 6.4.1.9.9.808.1.1.3.1.20
This object defines the mask value of the TCP flags field.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32 0..255  

caAclIPV6ACETcpFlagsMatchType 6.4.1.9.9.808.1.1.3.1.21
This object defines the type of matching to be done on the TCP flags field.
Status: current Access: read-create
OBJECT-TYPE    
  CaAclTcpFlagsMatch  

caAclIPV6ACELogOption 6.4.1.9.9.808.1.1.3.1.22
This object defines the value of the log option field to be applied to packets that match this ACE entry.
Status: current Access: read-create
OBJECT-TYPE    
  CaAclLogOption  

caAclIPV6ACECounterLabel 6.4.1.9.9.808.1.1.3.1.23
This object defines the counter label name for this ACE. ACEs that share the same counter label name will have their hit counts aggregated into the same counter label name.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(1..64)  

caAclIPV6ACERemark 6.4.1.9.9.808.1.1.3.1.24
This object defines a comment in the ACL. It helps the user to define some meaningful comment to identify the ACE quickly, or to know the purpose of a set of ACEs. This field is not used during packet matching.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(1..100)  

caAclIPV6ACERowStatus 6.4.1.9.9.808.1.1.3.1.25
This object is used to create, modify, or delete an entry in the caAclIPV6ACLTable. A row can be created using the 'CreateAndGo' option. When the row is successfully created, the RowStatus will be set to active by the agent. A row may be deleted by setting the RowStatus for 'destroy'. The minimum objects required to delete a row in this table is simply the sequence number (caAclIPV6ACESequenceNumber).
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

caAclAccessGroupCfgTable 6.4.1.9.9.808.1.1.4
This table lists the ACLs configured on the device and applied on an interface in the ingress or egress direction.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    CaAclAccessGroupCfgEntry

caAclAccessGroupCfgEntry 6.4.1.9.9.808.1.1.4.1
This entry describes an ACL configured on the device and applied to an interface.
Status: current Access: not-accessible
OBJECT-TYPE    
  CaAclAccessGroupCfgEntry  

caAclAccessGroupACL 6.4.1.9.9.808.1.1.4.1.1
The name of the ACL associated with this entry.
Status: current Access: read-create
OBJECT-TYPE    
  CaAclACLIndex  

caAclAccessGroupCfgAddressType 6.4.1.9.9.808.1.1.4.1.2
This entry describes the address family of the access group being applied on the interface.
Status: current Access: not-accessible
OBJECT-TYPE    
  InetAddressType  

caAclAccessGroupDirection 6.4.1.9.9.808.1.1.4.1.3
This object defines the direction in which the ACL is applied.
Status: current Access: not-accessible
OBJECT-TYPE    
  CaAclTrafficDirection  

caAclAccessGroupSequenceNumber 6.4.1.9.9.808.1.1.4.1.4
This object uniquely identifies the order that Access Group applied to a interface. It can be used by platforms that support applying more than one Access List per address family per direction. For example: interface GigabitEthernet 0/0 ipv4 access-group ACL1 ACL2 ACL2 ingress !
Status: current Access: not-accessible
OBJECT-TYPE    
  CaAclSequenceNumber  

caAclAccessGroupRowStatus 6.4.1.9.9.808.1.1.4.1.5
This object is used to create, modify, or delete an entry in the caAclAccessGroupCfgTable. A row can be created using the 'CreateAndGo' option. When the row is successfully created, the RowStatus will be set to active by the agent. Once a row becomes active, values in any other column within the row cannot be modified. A row may be deleted by setting the RowStatus for 'destroy'.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

caAclLabelIntfStatsTable 6.4.1.9.9.808.1.2.1
This table describes the statistics for all ACEs with assigned counter labels, attached to interfaces on the device. An entry in this table is created when an ACL containing an ACE that references the specified counter label name is applied to an interface. An entry in this table is deleted when an ACL containing an ACE that references the specified counter lable name is removed from an interface.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    CaAclLabelIntfStatsEntry

caAclLabelIntfStatsEntry 6.4.1.9.9.808.1.2.1.1
Each entry in this table provides the aggregated counters for all ACEs applied on the given interface/direction that have been assigned the same counter label.
Status: current Access: not-accessible
OBJECT-TYPE    
  CaAclLabelIntfStatsEntry  

caAclIntfStatsCounterLabelName 6.4.1.9.9.808.1.2.1.1.1
The counter label index associated with this set of statistics.
Status: current Access: not-accessible
OBJECT-TYPE    
  SnmpAdminString Size(1..64)  

caAclIntfStatsPackets 6.4.1.9.9.808.1.2.1.1.2
The total number of packets that match this counter label.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

caAclIntfStatsOctets 6.4.1.9.9.808.1.2.1.1.3
The total number of octets that match this counter label.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

caAclMIBCfgGroup 6.4.1.9.9.808.2.1.2.1
This group contains objects describing ACLs.
Status: current Access: read-only
OBJECT-GROUP    

caAclIPV4ACLMIBACEGroup 6.4.1.9.9.808.2.1.2.2
This group is a collection of objects providing IPV4 ACE feature.
Status: current Access: read-only
OBJECT-GROUP    

caAclIPV6ACLMIBACEGroup 6.4.1.9.9.808.2.1.2.3
This group is a collection of objects providing IPV6 ACE feature.
Status: current Access: read-only
OBJECT-GROUP    

caAclMIBAccessGroupCfgGroup 6.4.1.9.9.808.2.1.2.4
This group contains the objects describing the access group configuration.
Status: current Access: read-only
OBJECT-GROUP    

caAclMIBCounterGroup 6.4.1.9.9.808.2.1.2.5
This group contains the objects describing the ACE counter label.
Status: current Access: read-only
OBJECT-GROUP    

caAclMIBCompliance 6.4.1.9.9.808.2.1.1.1
This compliance statement specifies the minimal requirements that an implementation must meet in order to claim full compliance with the definitions of the C-ACL-MIB.
Status: current Access: read-only
MODULE-COMPLIANCE    

Generation date: July 28, 2023, 16:18:13, Copyright © 2007 - 2022 - Circitor