Model Object Types
A detailed description of each Object Type in the model is presented
in this section.
AccessList
Description:
Represents an Access
Control List on the Device. AccessLists
are represented in the model by two distinct flavors, each having a different
type of rule. Cisco style access lists have rules of type AclExtendedRule
(which allow only one source and destination address per rule); Juniper,
PIX, Linux,
and some other devices have access lists that use rules of type AclGroupedRule
(which allow multiple source or destination addresses per rule).
Parent Object Type(s):
Device
Child Object Type(s):
AclExtendedRule,
AclGroupedRule
Ordered By:
AclName
Sample config text:
r2621(config)#access-list 100 ?
deny
Specify
packets to reject
dynamic
Specify
a DYNAMIC list of PERMITs or DENYs
permit
Specify
packets to forward
remark
Access
list entry comment

AclDstNetworkGroup
Description:
A NetworkGroup
used for Access List destination addresses
Parent Object Type(s):
AclGroupedRule
Child Object Type(s):
NetworkGroupEntry
Ordered By:
GroupName
See NetworkGroup for a list of attributes.
AclDstPortGroup
Description:
A PortGroup used
for Access List destination ports
Parent Object Type(s):
AclGroupedRule
Child Object Type(s):
PortGroupEntry
Ordered By:
GroupName
See PortGroup for a list of attributes.
AclExtendedRule
Description:
A Cisco type Access
List rule within an AccessList. This can be a Standard or Extended rule.
The extended rule is used to capture a full set of extended attributes
and may be sparsely populated only as needed to collect the attributes
of the rule.
Parent Object Type(s):
AccessList
Child Object Type(s):
none
Ordered By:
RuleNumber
Sample configuration text:
r2621(config)#access-list 100 permit ip ?
A.B.C.D
Source
address
any
Any
source host
host
A
single source host
r2621(config)#access-list 100 permit ip
% Incomplete command.
r2621(config)#access-list 100 permit ip ?
A.B.C.D
Source
address
any
Any
source host
host
A
single source host
r2621(config)#access-list 100 permit ip host 1.1.1.0 ?
A.B.C.D
Destination
address
any
Any
destination host
host
A
single destination host
r2621(config)#access-list 100 permit ip host 1.1.1.0 any ?
dscp
Match
packets with given dscp
value
fragments
Check
non-initial fragments
log
Log
matches against this entry
log-input
Log
matches against this entry, including input interface
precedence
Match packets with given precedence value
time-range
Specify
a time-range
tos
Match
packets with given TOS
value
<cr>


AclGroupedRule
Description:
A Juniper style
Access List rule within an AccessList. The ACL
Grouped rule extends the basic rule settings allowing lists of attribute
values and groups of IP addresses, Subnets,
and Ports. The
ACL Grouped
Rule is only supported by certain classes of equipment allowing list and
dynamically created attributes to be assigned to rules. The
rule will usually be associated with one or more Network Groups or Port
Groups specifying the network IP addresses, Network Masks, and Ports.
Parent Object Type(s):
AccessList
Child Object Type(s):
AclOption,
DstNetworkGroup,
DstPortGroup,
SrcNetworkGroup,
SrcPortGroup
Ordered By:
RuleNumber, SrcIpAddress,
DstIpAddress,
SrcPortList,
DstPortList
(in that order). (Note that if a Device does not supply rule numbers,
the Device driver will generate them automatically so as to keep the rules
in proper order).
Attributes supported in AclGroupedRule:


