Cisco Active Network Abstraction Technology Support and Information Model Reference Manual, 3.6.6 - Access Control Lists [Cisco Active Network Abstraction]

Table Of Contents

Access Control Lists

Technology Description

ACLs

Inventory and Information Model Objects (IMOs)

Access List Traffic Descriptor

Access List Entry

Vendor-Specific Inventory and IMOs

Network Topology

Service Alarms

Access Control Lists

This chapter describes the level of support that Cisco ANA provides for Access Control Lists (ACLs), as follows:

•Technology Description

•Inventory and Information Model Objects (IMOs)

•Vendor-Specific Inventory and IMOs

•Network Topology

•Service Alarms

Technology Description

ACLs

An ACL is a group of statements. Each defines a pattern that would be found in an IP packet. As each packet comes through an interface with an associated access list, the list is scanned from top to bottom, in the exact order that it was entered, for a pattern that matches the incoming packet. A permit or deny rule associated with each pattern determines that packet's fate. A mask (like a wild card) can also be used to determine how much of an IP source or destination address to apply to the pattern match. The pattern statement can also include a TCP or UDP (User Datagram Protocol) port.

Inventory and Information Model Objects (IMOs)

This section currently describes Cisco's Quality of Service (QoS) objects, although they may appear to be generic QoS objects that may be used by other vendors.

This section describes the following IMOs:

•Access List Traffic Descriptor (IAccessList)

•Access List Entry (IAccessListEntry)

Access List Traffic Descriptor

The Access List Traffic Descriptor, with its Access List Entry objects, describes the access list of a single type (Unknown, Standard, Extended and Rate Limit). It is aggregated by a Traffic Descriptor Container object (see Common Components).

Table 16-1 Access List Traffic Descriptor (IAccessList)

Attribute Name

Attribute Description

Scheme

Polling Interval

Type

Access list type (Unknown, Standard, Extended, Rate Limit)

Any

Configuration

Access List Entries Table

Array of Access List Entry objects

Any

Configuration

Name

Traffic descriptor name

Any

Configuration

Index

Traffic descriptor index

Any

Configuration

Access List Entry

Table 16-2 Access List Entry (IAccessListEntry)

Attribute Name

Attribute Description

Scheme

Polling Interval

Entry Identification

Entry identifier

Any

Configuration

Action Logic

Action logic (Unknown, Permit, Deny)

Any

Configuration

Source and Destination Address

Source and destination IP address

Any

Configuration

Source and Destination Wildcard

Source and destination IP wildcard

Any

Configuration

Protocol Type

Internet Assigned Numbers Authority (IANA) type of the protocol (HOPORT, ICMP, IGMP, GGP, IP in IP, ST, TCP, CBT, EGP, IGP, ...)

Any

Configuration

Source and Destination Ports Ranges

Source and destination TCP/UDP ports ranges

Any

Configuration

Source and Destination Port Action

Source and destination port action (Null, Equal, Not Equal, Greater Than, Less Than, Range)

Any

Configuration

Protocol Specific Info

Protocol specific information

Any

Configuration

Differential Services Code Points

Differential Services Code Points (DSCP)

Any

Configuration

Type of Service

Type of Service (ToS) (Normal (0), Min Cost (1), Max Reliability (2), 3, Max Throughput (4), 5, 6, 7, Min Delay (8), 9, 10, 11, 12, 13, 14, 15)

Any

Configuration

Precedence

Precedence (Routine (0), Priority (1), Immediate (2), Flash (3), Flash Override (4), Critical (5), Internet (6), Network (7))

Any

Configuration

Matches

Matches count

Any

Configuration

Vendor-Specific Inventory and IMOs

There are no vendor-specific inventory or IMOs for this technology.

Network Topology

There is no specific network topology associated with this technology.

Service Alarms

There are no faults or alarms associated with this technology.