Cisco Active Network Abstraction Technology Support and Information Model Reference Manual, 3.6.1 - Access Control Lists "ACLs" [Cisco Active Network Abstraction]

Table Of Contents

Access Control Lists "ACLs"

Technology Description

Access Control Lists (ACLs)

Inventory and Information Model Objects (IMOs)

Access List Traffic Descriptor

Access List Entry

Network Topology

Service Alarms

Access Control Lists "ACLs"

This chapter describes the level of support that Cisco ANA provides for ACLs, as follows:

•Technology Description

•Inventory and Information Model Objects (IMOs)

•Network Topology

•Service Alarms

Technology Description

Access Control Lists (ACLs)

Access Control List (ACL) is a group of statements; each defines a pattern that would be found in an IP packet. As each packet comes through an interface with an associated access list, the list is scanned from top to bottom, in the exact order that it was entered, for a pattern that matches the incoming packet. A permit or deny rule associated with the pattern determines that packet's fate. A mask can also be used, which is like a wild card, to determine how much of an IP source or destination address to apply to the pattern match. The pattern statement can also include a TCP or UDP (User Datagram Protocol) port.

Inventory and Information Model Objects (IMOs)

This section currently describes Cisco's Quality of Service (QoS) objects, although they may appear to be generic QoS objects that may be used by other vendors.

This section includes the following tables:

•Access List Traffic Descriptor (IAccessList)

•Access List Entry (IAccessListEntry)

Access List Traffic Descriptor

The following Access List Traffic Descriptor with its Access List Entry objects describes the access list of a single type (Unknown, Standard, Extended and Rate Limit), and is being aggregated by a Traffic Descriptor Container object (see Common (Shared by Several)).

Table 16-1 Access List Traffic Descriptor (IAccessList)

Attribute Name

Attribute Description

Scheme

Polling Interval

Type

Access list type (Unknown, Standard, Extended, Rate Limit)

Any

Configuration

Access List Entries Table

Array of Access List Entries

Any

Configuration

Name

Traffic descriptor name

Any

Configuration

Index

Traffic descriptor index

Any

Configuration

Access List Entry

Table 16-2 Access List Entry (IAccessListEntry)

Attribute Name

Attribute Description

Scheme

Polling Interval

Entry Identification

Entry identification

Any

Configuration

Action Logic

Action logic (Unknown, Permit, Deny)

Any

Configuration

Source and Destination Address

Source and destination IP address

Any

Configuration

Source and Destination Wildcard

Source and destination IP wildcard

Any

Configuration

Protocol Type

IANA type of the protocol (HOPORT, ICMP, IGMP, GGP, IP in IP, ST, TCP, CBT, EGP, IGP, ...)

Any

Configuration

Source and Destination Ports Ranges

Source and destination TCP/UDP ports ranges

Any

Configuration

Source and Destination Port Action

Source and destination port action (Null, Equal, Not Equal, Greater Than, Less Than, Range)

Any

Configuration

Protocol Specific Info

Protocol specific information

Any

Configuration

Differential Services Code Points

Differential Services Code Points (DSCP)

Any

Configuration

Type of Service

Type of Service (ToS) (Normal (0), Min Cost (1), Max Reliability (2), 3, Max Throughput (4), 5, 6, 7, Min Delay (8), 9, 10, 11, 12, 13, 14, 15)

Any

Configuration

Precedence

Precedence (Routine (0), Priority (1), Immediate (2), Flash (3), Flash Override (4), Critical (5), Internet (6), Network (7))

Any

Configuration

Matches

Matches count

Any

Configuration

Network Topology

There is no network topology related to this technology.

Service Alarms

There are no faults and alarms related to this technology.