Table Of Contents
Viewing MPLS Logical Inventory
MPLS VPN Logical Inventory Overview
Viewing MPLS VPN Properties
Viewing Routing Entities
Viewing the ARP Table
Viewing Rate Limit Information
Viewing a Label Switched Entity
MPLS Interfaces Tab
Label Switching Table Tab
Traffic Engineering LSPs Tab
VRF Table Tab
LDP Neighbors Tab
Viewing MP-BGP Information
Viewing VRF Information
Viewing Port Configuration
Viewing Cross VRF Routing Entries
Viewing Pseudowire End-to End Emulation Tunnels
Viewing MPLS TE Tunnel Information
Viewing Access List Information
Viewing MPLS Logical Inventory
The following topics describe the device logical inventory specific to MPLS VPNs including routing entities, LSEs, BGP neighbors, Multiprotocol BGP (MP-BGP), VRF instances, and pseudowire and TE tunnels. Topics include:
•
MPLS VPN Logical Inventory Overview—Introduces the concepts of physical and logical inventory.
•Viewing MPLS VPN Properties—Describes MPLS VPN logical inventory properties viewed from the inventory window including routing entities, label switched entities, MP-BGP properties, and VRF properties.
•Viewing Port Configuration—Describes port configuration information.
•Viewing Pseudowire End-to End Emulation Tunnels—Describes the Layer 2 pseudowire tunnel properties.
•Viewing MPLS TE Tunnel Information—Describes the TE tunnel properties.
•Viewing Access List Information—Describes access list item properties.
Note For a general description of logical inventory and the inventory window, see the Cisco Active Network Abstraction 3.6.6 User Guide.
MPLS VPN Logical Inventory Overview
Every NE managed by Cisco ANA is assigned to an autonomous virtual network element (VNE). The VNE continuously investigates the NE status and configuration so that Cisco ANA can display an accurate virtual model of both the NE and the network in which the NE resides.
VNEs continuously update an NE's physical and logical inventory. You can view an NE's physical and logical inventory in the Cisco ANA device inventory window. The physical inventory contains all the NE physical components (and their properties) such as chassis, shelves, cards, and ports. The VNE detects status changes or the addition or removal of components (such as a card) and reflects the changes in the physical inventory.
Cisco ANA VNEs also investigate the logical inventory of each device. The logical inventory reflects dynamic data such as configurations, forwarding, and service-related components including traffic profiles. The logical inventory also displays virtual circuits, cross-connect tables, routing, bridging, and LSE tables, and other logical elements. Cisco ANA NetworkVision displays the physical and logical inventory and allows you to drill down to detailed physical and logical inventory views.
Viewing MPLS VPN Properties
Cisco ANA maintains a real-time, autodiscovered, physical and logical inventory of the network elements and the relationships among them. Cisco ANA automatically reflects every addition, deletion, and modification that occurs in the network. MPLS VPN logical inventory information displayed in the inventory window changes according to the item selected in the tree pane.
To view the Cisco ANA inventory window:
Step 1 Right-click a device in the Cisco ANA NetworkVision tree or map pane and choose Inventory.
The device logical and physical inventories are presented in the inventory window (Figure 5-1). The window title bar displays the name of the device whose logical and physical properties are displayed. The tree pane displays the logical and physical inventory categories in tree and branch representation. If you choose Logical Inventory or Physical Inventory in the tree pane, the logical and physical container categories appear in the Cisco ANA tree pane. For logical inventory, the containers are traffic containers, forwarding component containers, and tunnel containers.
The properties pane (located in the Cisco ANA window workspace) displays physical and logical inventory information relating to the properties of the item selected in the tree pane.
Step 2 To view MPLS VPN logical inventory properties, do one of the following in the Cisco ANA Logical Inventory tree pane:
•Click an MPLS VPN logical inventory branch to display the MPLS VPN logical inventory properties in the Cisco ANA workspace, or
•Double-click the last MPLS VPN logical inventory tree branch to display the logical inventory properties appear in a separate [logical inventory branch name] Properties window.
Figure 5-1 Inventory Window
1
|
Device inventory window
|
3
|
Logical inventory
|
2
|
Logical inventory container groups
|
4
|
Physical inventory
|
Step 3 To view the specific MPLS VPN properties, see the following sections:
•Viewing Routing Entities
•Viewing the ARP Table
•Viewing Rate Limit Information
•Label Switching Table Tab
•Traffic Engineering LSPs Tab
•LDP Neighbors Tab
•Viewing MP-BGP Information
Step 4 When finished, press Ctrl + F4 to close the inventory window.
Viewing Routing Entities
The Routing Entity logical inventory branch displays the following routing entity information:
•Changes Number—The number of changes to the currently displayed routing entity.
•Name—The name of the routing entity.
The IP Interfaces tab includes the following information:
•Name—The site name; for example, ATM4/0.100(10.0.0.1) is a combination of the interface name and IP address used to reach the site.
•IP Address—The IP address of the interface.
•Mask—The details of the dotted decimal mask.
•State—The state of the subinterface, either Up or Down.
•Interface—The interface name.
•Description—A description of the interface.
•Input Access List—If an input access list is assigned to an IP interface, the list is shown as an IP interface property, and a hyperlink highlights the related access list in the Access List table. When an access list is assigned to the inbound traffic on an IP interface, the actions assigned to the packet are performed. For information about actions, see Viewing Access List Information.
•Output Access List—If an output access list is assigned to an IP interface, the list is shown as an IP interface property, and a hyperlink highlights the related access list in the Access List table. When an access list is assigned to the outbound traffic on an IP interface, the actions assigned to the packet are performed. For information about actions, see Viewing Access List Information.
•Rate Limits—If a rate limit is configured on an IP interface, the limit is shown as an IP interface property. This option is checked when a rate limit is defined on the IP interface, meaning the access list is a rate limit access list. IP interface traffic is measured and includes the average rate, normal burst size, excess burst size, conform action, and exceed action.
Note Double-clicking a row displays the properties of the IP interface. When a rate limit is configured on the IP interface, the Rate Limits tab is displayed. For more information about rate limits, see Viewing Rate Limit Information.
Note The Input Access, Output Access, and Rate Limits parameters apply only to Cisco IOS devices.
•IP Sec Map Name—The IP Security (IPSec) crypto map name.
•Site Name—The name of the business element to which the interface is attached.
•Sending Alarms—This option is currently unavailable.
The Routing Table tab displays the following information:
•Destination—The destination of the specific network.
•Next Hop—The CE router address from which to continue to get to a specific address. This field is empty when the routing entry goes to a PE router.
•Mask—The mask of the specific network.
•Type—The type can be direct (local) or indirect.
•Routing Protocol—The routing protocol used to communicate with other routers.
•Sending Alarms—This option is currently unavailable.
•Outgoing Interface Name—The name of the outgoing interface; displayed if the Routing Protocol type is local.
Viewing the ARP Table
The ARP Entity branch displays the following Address Resolution Protocol (ARP) information:
•MAC—The interface MAC address.
•Interface—The interface name.
•IP Address—The interface IP address.
•Type—Indicates the interface type:
–Dynamic—An entry that was learned by the device according to network traffic.
–Static—An entry that was learned by a local interface or by configuring a static route.
–Other—An entry that was learned by another method not explicitly defined.
–Invalid—In SNMP, this type is used to remove an ARP entry from the table.
Viewing Rate Limit Information
Select Routing Entities > Routing Entity > IP Interfaces tab and double-click a specific row to display the IP interface properties. If a rate limit is configured on the IP interface, the Rate Limits tab is displayed.
Note Rate limit information is relevant only for Cisco IOS devices.
The following information is displayed in the Rate Limits tab of the IP Interface Properties dialog box:
•Type—The rate limit direction, either Input or Output.
•Max Burst—Excess burst size in bytes.
•Normal Burst—Normal burst size in bytes.
•Bit Per Second—Average rate in bits per second.
•Conform Action—The action that can be performed on the packet if it conforms to the specified rate limit (rule), for example, continue, drop, change a bit, or transmit.
•Exceed Action—The action that can be performed on the packet if it exceeds the specified rate limit (rule), for example, continue, drop, change a bit, or transmit.
•Access List—A hyperlink that highlights the related access list in the Access List table.
•Sending Alarms—This option is currently unavailable.
Viewing a Label Switched Entity
The LSEs logical inventory branch displays incoming and outgoing label information. The Label Switching Properties window might contain the following tabs, which are described in the following sections:
•MPLS Interfaces Tab
•Label Switching Table Tab
•Traffic Engineering LSPs Tab
•Traffic Engineering LSPs Tab
•LDP Neighbors Tab
MPLS Interfaces Tab
The MPLS Interfaces tab provides information about the MPLS interfaces. The following information is displayed:
•ID—The interface identification.
•Distribution Protocol Type—The protocol used to establish the session, which may be LDP (Label Distribution Protocol) or TDP (Tag Distribution Protocol).
•MPLS TE Properties—Indicates whether or not MPLS traffic engineering (TE) properties are included, either checked or unchecked.
•Sending Alarms—Indicates whether or not the interface is sending alarms.
Label Switching Table Tab
The Label Switching Table tab describes the MPLS label switching entries used for traversing the MPLS core networks. The following information is displayed:
•Incoming Label—The details of the incoming MPLS label.
•Action—The type of action, namely, POP, swap, aggregate, or untagged. If an action is defined as POP, an outgoing label is not required. If an action is defined as untagged, an outgoing label is not present.
•Outgoing Label—The details of the outgoing MPLS label.
•Out Interface—The name of the outgoing interface, displayed as a hyperlink to the device physical inventory port subinterface.
•IP Destination—The IP address of the destination network.
•Destination Mask—The subnet mask of the destination network.
•Next Hop—The IP address of the next MPLS interface in the path. The IP address is used for resolving the MAC address of the next MPLS interface that you want to reach.
•Sending Alarms—This option is currently unavailable.
When a TE tunnel starts, you can view the initial TE tunnel information by selecting the LSEs/Label Switching sub-branch and viewing the information displayed in the Traffic Engineering LSPs tab. For more information, see Viewing MPLS TE Tunnel Information.
Traffic Engineering LSPs Tab
The Traffic Engineering LSPs tab describes the MPLS traffic engineering Label Switched Paths (LSPs) provisioned on the switch entity. MPLS traffic engineering LSP, an extension to MPLS TE, provides flexibility when configuring LSP attributes for MPLS TE tunnels. Traffic engineering LSP properties include:
•LSP Type—The LSP role: head, tail, middle, all, remote
•Source Address—The source IP address.
•In Interface—The input interface.
•In label—The input label.
•Out Interface—The output interface.
•Out Label—The output label.
•Destination Address—The destination IP address.
•LSP Name—The LSP name.
•LSP ID—The LSP identification.
•Average Bandwidth—The average tunnel bandwidth.
•Burst—The tunnel burst rate, in kb/s.
•Peak—The tunnel peak rate, in kb/s.
•Sending Alarms—Indicates whether or not the entity is sending alarms.
VRF Table Tab
The VRF Table tab describes the MPLS paths that terminate locally at a VRF. The following information is displayed:
•Incoming Label—The details of the incoming VRF label.
•Action—The action that will be invoked: push, pop, swap, or untagged.
•VRF—The VRF name as a hyperlink; displays the VRF properties.
•IP Destination—The destination IP address.
•Destination Mask—The destination IP subnet mask.
•Next Hop—The next hop.
•Out Interface—The out interface.
•Sending Alarms—This option is currently unavailable.
LDP Neighbors Tab
The LDP Neighbors tab provides details of all MPLS interface peers that use the Label Distribution Protocol (LDP). LDP enables neighboring provider (P) or PE routers acting as label switch routers (LSRs) in an MPLS-aware network to exchange label prefix binding information, which is required for forwarding traffic. The LSRs discover potential peers in the network with which they can establish LDP sessions in order to negotiate and exchange the labels (addresses) to be used for forwarding packets.
Two LDP peer discovery types are supported:
•Basic discovery—Used to discover directly connected LDP LSRs. An LSR sends hello messages to the all-routers-on-this-subnet multicast address, on interfaces for which LDP has been configured.
•Extended discovery—Used between indirectly connected LDP LSRs. An LSR sends targeted hello messages to specific IP addresses. Targeted sessions are configured because the routers are not physically connected, and broadcasting would not reach the peers. The IP addresses of both peers are required for extended discovery.
Note If two LSRs are connected with two separate interfaces, two LDP discoveries are performed.
The following properties are displayed on the LDP Neighbors tab for each LDP peer:
•LDP ID—The LDP identifier of the neighbor (peer) for the session.
•Transport IP Address—The IP address advertised by the peer in the hello message or the hello source address.
•Session State—The current state of the session, which may be one of the following:
–Transient
–Initialized
–Open Rec
–Open Sent
–Operational
•Protocol Type—The protocol used to establish the session, which may be LDP or TDP (Tag Distribution Protocol).
•Label Distribution Method—The method of label distribution. This might be Downstream or Downstream On Demand.
•Session Keepalive Interval—The negotiated number of seconds between keepalive messages.
•Session Hold Time—The amount of time (in seconds) that an LDP session can be maintained with an LDP peer, without receiving LDP traffic or an LDP keepalive message from the peer.
•Discovery Sources—An indication of whether the peer has one or more discovery sources.
Note You can see the discovery sources in the LDP Neighbor Properties window, by double-clicking the row of the peer in the table.
•Sending Alarms—This option is currently unavailable.
Double-clicking an entry (peer) in the table opens the LDP Neighbor Properties window that displays the basic and targeted discovery sources for the peer. Each peer can have several discovery sources. The following information is displayed:
•Interface Name—The interface on which LDP is configured.
•Source IP Address—The IP address of the peer that sends the targeted hello messages for extended discovery.
•Adjacency Type—The type of LDP adjacency used for discovery, which may be Link (basic) or Targeted (extended).
•Sending Alarms—This option is currently unavailable.
Viewing MP-BGP Information
The MP-BGP branch displays information about a router's BGP neighbors. Clicking the high-level MP-BGP category displays the following property in the Cisco ANA workspace:
•MPBGP—The MP-BGP peer running on the local router.
Right-clicking MP-BGPs and choosing Properties displays the same property in the MPBGPs - FW Component Container Properties window.
Clicking a MPBGP entity displays a list of the routers used in the MP-BGP network and includes the configuration and status of the connections between the router displayed in the inventory and all other BGP members. Right-clicking the MPBGP entity and choosing Properties displays the same properties in MPBGP - [MP-BGP name} Properties window. The following information is displayed:
•Local AS—The Autonomous System (AS) to which the router belongs.
The BGP Neighbors table contains the following information:
•Peer Remote Address—The BGP peer remote IP address used by the BGP peer to exchange routing information with the local BGP peer.
•Peer ID—The IP address by which the BGP recognizes and converses with its neighbor.
•VRF Name—The remote peer VRF name.
•Peer Keep Alive—The time interval in seconds between successive keepalive messages. The keepalive time is negotiated with the neighbor after the connection is established.
•Peer State—The state of the connection between the local and remote BGP peers. Valid values are Idle, Connect, Active, Open Set, Open Confirm, and Established.
•BGP Neighbor Type—The BGP neighbor type, either client or non-client. Route reflector advertising is based on the BGP neighbor type. To client peers, a route reflector advertises all routes learned from both client and non-client peers. To non-client peers, the route reflector advertises only the routes received from client peers. For more information about route reflectors, see BGP Neighbor Loss Scenario, page 8-5.
•Peer Hold Time—The BGP Hold Time value (in seconds) that is used when negotiating with peers. If the router does not receive successive keepalive, update, or notification messages within the period specified in the Hold Time field of the open message, the BGP connection to the peer is closed.
•Peer Remote AS—The the remote peer AS.
•Distribute Through Interface—The local interface through which BGP information is distributed to BGP neighbors.
•Sending Alarms—Not currently available.
Viewing VRF Information
Cisco ANA NetworkVision enables you to view VRF instances, and the import and export policies that apply to each VRF.
Note The inventory window displays VRF associations only if they exist.
The following fields are displayed at the top of the VRF Properties dialog box:
•Route Distinguisher—The route distinguisher configured in the VRF.
•Name—The name of the VRF.
The Export/Import Route Targets areas displayed in the VRF Properties dialog box specify separately the export and import policies for each VRF.
The VRF Properties dialog box is divided into two tabs, namely, the Sites and VRF Table tabs. The sites tab displays the interfaces connected to the VRF and the configuration of the interfaces. The following columns are displayed in the Sites tab:
•Name—The name of the site; for example, ATM4/0.100(10.0.0.1) is a combination of the interface name and IP address used to reach the site.
•IP Address—The IP address of the interface.
•Mask—The details of the dotted decimal mask.
•State—The state of the subinterface, namely, Up or Down.
•Description—A description of the interface.
•Input Access List—The access list applied to the inbound traffic of the interface.
Note This parameter is relevant only for Cisco IOS devices.
•Output Access List—The access list applied to the outbound traffic of the interface.
Note This parameter is relevant only for Cisco IOS devices.
•Rate Limits—Measures traffic for the IP interfaces on Cisco devices, including the average rate, normal burst size, excess burst size, conform-action, and exceed action.
•IP Sec Map Name—The IP Security (IPSec) map name.
•Site Name—The name of the business element to which the interface is attached.
•Sending Alarms—This option is currently unavailable.
The VRF Table tab contains the VRF routing table for the device, which is a collection of routes that are available or reachable to all the destinations or networks in the VRF. In addition, the forwarding table contains MPLS encapsulation information.
The following columns are displayed in the VRF Table tab:
•Destination—The destination of the specific network.
•Mask—The mask of the specific network.
•Next Hop—The CE router address from which to continue to get to a specific address. This field is empty when the routing entry goes to the PE.
•BGP Next Hop—The PE address from where to continue to get to a specific address. This field is empty when the routing entry goes to the CE.
•VRF Out Label—The label sent with MPLS traffic.
•VRF In Label—The label that is expected when MPLS traffic is received.
•MPLS Label—The MPLS label.
•Type—The type can be direct (local) or indirect.
•Routing Protocol—The routing protocol used to communicate with other sites and VRFs, either BGP or local.
•Sending Alarms—This option is currently unavailable.
•Outgoing Int Name—The name of the outgoing interface; displayed if the Routing Protocol type is local.
Step 5 Press Ctrl + F4 to close the VRF Properties window.
Viewing Port Configuration
In addition to viewing logical inventory information from the logical inventory tree branch, you can also view services provisioned on physical ports by clicking a physical port in the physical inventory tree branch. Information that is displayed includes:
•Physical layer information.
•Layer 2 information, for example, ATM and Ethernet.
•The subinterfaces used by a VRF.
For detailed information on viewing physical inventory information, see the Cisco Active Network Abstraction 3.6.6 User Guide.
Figure 5-2 shows an example of port information (including the subinterfaces) displayed when a port is selected in the physical inventory branch of the inventory window.
Figure 5-2 Port Information in the Inventory Window
The subinterface is the logical interface defined in the device; all its parameters can be part of its configuration. The following information is displayed in the subinterface table for the selected port:
•Address—The IP address defined in the subinterface.
•Mask—The details of the dotted decimal mask.
•VC—If the subinterface is defined above an ATM or Frame-Relay physical interface and it uses a VC-based encapsulation, it is the VC used in this encapsulation.
•IP Interface—A hyperlink that displays the VRF properties in the inventory window for the IP interface.
•VRF Name—The name of the VRF.
•Is MPLS—Whether this is an MPLS interface, namely, enabled (true) or disabled (false).
•Sending Alarms—Whether the alarm for the required port has been enabled (true) or disabled (false).
•Tunnel Edge—Whether this is a tunnel edge, namely, enabled (true) or disabled (false).
Viewing Cross VRF Routing Entries
The Cross VRF routing entries display routing information learned from the BGP neighbors (BGP knowledge base). The cross VRF routing entry parameters are displayed in the Cross VRF Properties window. To display the cross VRF routing entries, double-click an entry (row) in the Cross VRFs tab of the MP BGP Properties pane. The following information is displayed:
•Destination—The destination of the specific network.
•Mask—The mask of the specific network.
•Next Hop—The PE address from where to continue to get to a specific address.
•Out Going VRF—The VRF routing entry that points to the other VRF in the same PE. The outgoing VRF is the VRF that is pointed to by the Cross VRF entry.
•Out Tag—The MPLS label inserted in the MPLS label stack by this PE router to reach the destination address that is connected to the other VRF.
•In Tag—The MPLS label used by this router to identify traffic arriving at the destination address, it was advertised by this PE router and is inserted in the MPLS label stack by the PE from which the traffic originated.
•Sending Alarms—This option is currently unavailable.
Viewing Pseudowire End-to End Emulation Tunnels
The Pseudo Wire Tunnels branch displays a list of the Layer 2 tunnel edge properties (per edge), including tunnel status and VC labels. The following information is displayed in the Tunnel Edges table:
•Port—The name of the subinterface or port.
•Peer—The details of the selected LCP peer (edge peer).
•Peer VC Label—The MPLS label that is used by this router to identify or access the tunnel. It is inserted in the MPLS label stack by the peer router.
•Tunnel Status—The operational state of the tunnel, namely, up or down.
•Local VC Label—The MPLS label that is used by this router to identify or access the tunnel. It is inserted in the MPLS label stack by the local router.
•Local Router IP—The IP address of this tunnel edge, which is used as the MPLS router ID.
•Tunnel ID—The identifier that, along with the router IP addresses of the two tunnel edges, identifies the PWE3 tunnel.
•Peer Router IP—The IP of the peer tunnel edge, which is used as the MPLS router ID.
•Signaling Protocol—The protocol used by MPLS to build the tunnel, for example, LDP or TDP.
•Sending Alarms—This option is currently unavailable.
For information on viewing Links in MPLS TE tunnels see Chapter 8, "Impact Analysis in MPLS Networks" and Chapter 9, "Using Cisco ANA PathTracer in MPLS Networks."
Viewing MPLS TE Tunnel Information
The Traffic Engineering Tunnels branch displays specific TE tunnel information. The name of the table is displayed at the top of the Properties window in the title bar. The following information is displayed in the Tunnel Edges table:
•Name—The name of the TE tunnel (in Cisco devices it is the interface name).
•Tunnel Destination—The IP address of the device in which the tunnel ends.
•Administrative Status—The administrative state of the tunnel, namely, up or down.
•Operational Status—The operational state of the tunnel, namely, up or down.
•Outgoing Label—The TE tunnel's MPLS label distinguishing the LSP selection in the next device.
•Description—A textual description of the tunnel.
•Outgoing Interface—The interface through which the tunnel exits the device.
•Bandwidth (Kbps)—Bandwidth specification for this tunnel.
•Setup Priority—The tunnel's priority upon path setup.
•Hold Priority—The tunnel's priority after path setup, when other tunnels try to remove it and claim its resources.
•Affinity—The tunnel's preferential bits for specific links.
•Affinity Mask—Dictates which bits from the tunnel's affinity should be compared to which bits of the link's attribute bits.
•Auto Route—If enabled, destinations behind the tunnel are routed through the tunnel.
•Lockdown—If enabled, the tunnel cannot be rerouted.
•Path Type—The tunnel path type, either dynamic or explicit. If dynamic, the tunnel is routed along the ordinary routing decisions after taking into account the tunnel constraints such as attributes, priority, and bandwidth. If explicit, the route is explicitly mapped with the included and excluded links.
•Average Rate, Burst and Peak—Flow specification measured for this tunnel (in Kb/s).
•LSP ID—LSP identification number.
•Sending Alarms—This option is currently unavailable.
•EXP Bit—The MPLS experimental bit used for policy-based tunnel selection (PBTS) traffic. This information is available only for Cisco CRS-1 routers running Cisco IOS XR 3.6 software in MPLS or MPLS VPN networks.
The Traffic Engineering LSPs Label Switching sub-branch displays the TE tunnel LSP information. Devices that have LSPs running TE tunnels (either as a head end, mid-point, or a tail end), display the following information:
•LSP Type—The type of LSP:
–Head—A tunnel starting at this device.
–Midpoint—A tunnel passing through this device.
–Tail—A tunnel terminating at this device.
•Source Address—IP address of the device where the tunnel begins, that is, the tunnel head.
•In Interface and Label—Occupied only for midpoint or tail LSPs, this label is advertised to the previous device on this interface as the LSP's next label.
•Out Interface and Label—Occupied only for head or midpoint LSPs, this label is appended to tunnel packets going out through this interface to the next hop along the tunnel's path.
•Destination Address—The IP address of the device at the end of the tunnel.
•LSP name—A name identifying the tunnel.
•LSP ID—LSP identification number.
•Average Bandwidth—Average bandwidth for this tunnel (in Kb/s).
•Burst—Burst flow specification for this tunnel (in Kb/s).
•Peak—Peak flow specification for this tunnel (in Kb/s).
•Sending Alarms—This option is currently unavailable.
Viewing Access List Information
The Access List branch allows you to classify and filter IP packets on inbound and outbound interfaces. The access list displays a set of entries that define the traffic that is permitted or denied access according to such parameters as IP subnet, protocol, port, and others.
Note Access list information is relevant only for Cisco IOS devices.
Each row in the Access List table represents an access list. The following information is displayed:
•Name—The name of the access list.
•Type—The type of access list:
–Standard—Tests the source address (does not check for protocols).
–Extended—Tests the source and destination addresses as well as the TCP/IP protocols and source or destination ports.
–Named—The same as the standard and extended types with a string identifier.
•Access List Entries—Whether the access list has entries (checked) or not (unchecked).
•Sending Alarms—This option is currently unavailable.
Double-clicking a row in the Access List table displays the entries of the list. The entries define what happens (permit or deny the action) when the rules are met. The following information is displayed in the Access List Properties dialog box:
•Id—The identifier (name) of the access list entry.
•Action—The type of action that will occur when the rules are met:
–Permit—If the rules match, proceeds to the next rule.
–Deny—If the rules do not match, does not proceed to the next rule.
•Protocol—The type of protocol that is checked, for example, IP, TCP, ICMP, and other protocols.
•Source—The packet source IP address.
•Source Wildcard—Defines the source range that will be included in the match using wildcard masking to identify whether to check (0) or ignore (1) corresponding IP address bits.
•Source Port Action—Defines the action to be performed at the source port level. Examples include: port number equal to, lower than, or greater than, x, where x is defined in the Source Port Range field.
•Source Port Range—Defines the single source port or range of source ports to be checked according to the Source Port Action field.
•Destination—The IP destination of the packet.
•Destination Wildcard—Defines the destination range that will be included in the match using wildcard masking to identify whether to check (0) or ignore (1) corresponding IP address bits.
•Destination Port Action—Defines the action to be performed at the destination port level. Examples include: port number is equal to, lower than, or greater than, x, where x is defined in the Destination Port Range field.
•Destination Port Range—Defines the single destination port or range of destination ports to be checked according to the Destination Port Action field.
•Precedence—The Quality of Service (QoS) of the IP packet for packet classification purposes, namely, Type of Service (TOS) or Differentiated Services Code Point (DSCP).
•Protocol Specific—Indicates whether or not the entry has additional protocol definitions, either checked or unchecked. You can view the additional protocol definitions by double-clicking the Access List Properties row. The Access List Entry Properties displays the details, for example, if the protocol is ICMP, the Access List Entry Properties entry defines the ICMP message, for example, echo (which is the ping request).
•Matches—The number of packets matching the specific rule.
•Sending Alarms—This option is currently unavailable.
