No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NETCONF YANG API Reference

AR100, AR120, AR160, AR1200, AR2200, AR3200, and AR3600 V300R003

NETCONF YANG API Reference
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ACL

ACL

This section describes the data model of the ACL, and provides samples of creating, deleting, and modifying an ACL.

Data Model

The data model files matching ACL are ietf-acl.yang and huawei-acl.yang, quoted the basic definition in ietf-packet-fields.yang.

Table 3-1152 ACL

Object

Description

ietf-acl:access-lists/access-list

Indicates that the operation request (creating, deleting, and modifying) object is an ACL. It is only used to contain sub-objects, but does not have any data meaning.

ietf-acl:access-lists/access-list/access-control-list-name

Indicates the name of the ACL. It is the ACL number, which is unique. The value range is as follows:

  • ACLs 2000 to 2999 are basic ACLs.
  • ACLs 3000 to 3999 are advanced ACLs.

ietf-acl:access-lists/access-list/access-list-entries/access-list-entry/rule-name

Indicates the rule name of an ACL. The rule name is a unique identifier in a certain ACL object. Different ACL objects can have the same rule name. The value ranges from 0 to 4294967294.

ietf-acl:access-lists/access-list/access-list-entries/access-list-entry/matches/protocol

Indicates the protocol type when ACL rule matches the packets represented by numeral. The value ranges from 0 to 255. Among which, 0 indicates any protocol, 1 indicates ICMP, 6 indicates TCP, 17 indicates UDP, 47 indicates GRE, 2 indicates IGMP, and 89 indicates OSPF.

ietf-acl:access-lists/access-list/access-list-entries/access-list-entry/actions/permit

Indicates that it permits the packets that match a rule. Permit and deny actions are mutually exclusive. There is no need to fill in details. The format for delivering is <permit/>.

ietf-acl:access-lists/access-list/access-list-entries/access-list-entry/actions/deny

Indicates that it denies the packets that match a rule. Permit and deny actions are mutually exclusive. There is no need to fill in details. The format for delivering is <deny/>.

ietf-acl:access-lists/access-list/access-list-entries/access-list-entry/matches/source-ipv4-network

Indicates the source address information for the ACL rule matching packets. The format of delivering is 4.4.4.2/24, indicating wildcard mask in 24 bits. For the router, the mask is 1.1.1.0 0.0.0.255.

ietf-acl:access-lists/access-list/access-list-entries/access-list-entry/matches/destination-ipv4-network

Indicates the destination address information for the ACL rule matching packets. The format of delivering is 4.4.4.2/24, indicating wildcard mask in 24 bits. For the router, the mask is 1.1.1.0 0.0.0.255.

ietf-acl:access-lists/access-list/access-list-entries/access-list-entry/matches/source-port-range/lower-port

Indicates the start source port of the UDP or TCP packets matching the ACL rules. The value ranging from 0 to 65535 is valid only when the protocol of packets is TCP or UDP. If the source-port-range of the parent object is delivered, then the sub-object is mandatory.

ietf-acl:access-lists/access-list/access-list-entries/access-list-entry/matches/source-port-range/upper-port

Indicates the end source port of the UDP or TCP packets matching the ACL rules. The value ranging from 0 to 65535 is optional. Without this object, it indicates that the start port and end port are the same.

ietf-acl:access-lists/access-list/access-list-entries/access-list-entry/matches/destination-port-range/lower-port

Indicates the start port of the UDP or TCP packets matching the ACL rules. The value ranging from 0 to 65535 is valid only when the protocol of packets is TCP or UDP. If the destination-port-range of the parent object is delivered, then the sub-object is mandatory.

ietf-acl:access-lists/access-list/access-list-entries/access-list-entry/matches/destination-port-range/upper-port

Indicates the end source port of the UDP or TCP packets matching the ACL rules. The value ranging from 0 to 65535 is optional. Without this object, it indicates that the start port and end port are the same.

/ietf-acl:access-lists/access-list/access-list-entries/access-list-entry/matches/huawei-acl:vni

Indicates the VNI ID of packets matching an ACL rule. The VNI ID is an integer ranging from 1 to 16777215.

/ietf-acl:access-lists/access-list/access-list-entries/access-list-entry/matches/huawei-acl:vpn-instance

Indicates the VPN instance name of packets matching an ACL rule. The name is a string of 1 to 31 characters without spaces. Letters, digits, underscores (_), and dots (.) are allowed.

/ietf-acl:access-lists/access-list/access-list-entries/access-list-entry/matches/huawei-acl:time-range

Indicates a time range during which ACL rules take effect. The value is a string of 1 to 32 characters. If this parameter is not specified, ACL rules take effect at any time.

Creating an ACL

This section provides a sample of creating an ACL.

Table 3-1153 Creating an ACL

Operation

XPATH

edit-config:default

ietf-acl:access-lists/access-list

Data Requirements
Table 3-1154 Creating an ACL

Item

Data

Description

ACL name

3001

Create an ACL and set the name to 3001.

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_c23762ad85b7458086e74cf306062478">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <access-lists xmlns="urn:ietf:params:xml:ns:yang:ietf-acl">
    <access-list>
     <access-control-list-name>3001</access-control-list-name>
    </access-list>
   </access-lists>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_c23762ad85b7458086e74cf306062478">   
  <ok/>  
</rpc-reply> 

Deleting an ACL

This section provides a sample of deleting an ACL.

Table 3-1155 Deleting an ACL

Operation

XPATH

edit-config:remove

ietf-acl:access-lists/access-list

Data Requirements
Table 3-1156 Deleting an ACL

Item

Data

Description

ACL name

3001

Delete the ACL 3001.

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_c23762ad85b7458086e74cf306062478">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <access-lists xmlns="urn:ietf:params:xml:ns:yang:ietf-acl">
    <access-list xc:operation="remove">
     <access-control-list-name>3001</access-control-list-name>
    </access-list>
   </access-lists>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_c23762ad85b7458086e74cf306062478">
  <ok/>  
</rpc-reply> 

Creating an ACL Rule

This section provides a sample of creating an ACL rule.

Table 3-1157 Creating an ACL rule

Operation

XPATH

edit-config:default

ietf-acl:access-lists/access-list/access-list-entries/access-list-entry/rule-name

Data Requirements
Table 3-1158 Creating an ACL rule

Item

Data

Description

ACL name

3001

Create an ACL rule in ACL 3001, and set the rule name to 0, action to deny, protocol type to TCP, and source and destination IP addresses to 10.1.1.0/24 and 20.1.1.1/32, respectively. The source port numbers range from 4 to 5, and the destination port numbers range from 6 to 7. The VNI ID is 100. The name of the VPN instance is vpna.

Rule name

0

Action

deny

Protocol type

6

Source address information

10.1.1.0/24

Start source port number

4

End source port number

5

Destination IP address

20.1.1.1/32

Start destination port number

6

End destination port number

7

VNI ID

100

Name of the VPN instance

vpna

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_c23762ad85b7458086e74cf306062478">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <access-lists xmlns="urn:ietf:params:xml:ns:yang:ietf-acl">
    <access-list>
     <access-control-list-name>3001</access-control-list-name>
     <access-list-entries>
      <access-list-entry>
       <rule-name>0</rule-name>
       <actions>
        <deny/>
       </actions>
       <matches>
        <protocol>6</protocol>
        <source-ipv4-network>10.1.1.0/24</source-ipv4-network>
        <destination-ipv4-network>20.1.1.1/32</destination-ipv4-network>
        <source-port-range>
         <lower-port>4</lower-port>
         <upper-port>5</upper-port>
        </source-port-range> 
        <destination-port-range>
         <lower-port>6</lower-port>
         <upper-port>7</upper-port>
        </destination-port-range>
       </matches>
      </access-list-entry>
     </access-list-entries>
    </access-list>
   </access-lists>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_c23762ad85b7458086e74cf306062478">   
  <ok/>  
</rpc-reply> 

Modifying an ACL Rule

This section provides a sample of modifying an ACL rule.

Table 3-1159 Modifying an ACL rule

Operation

XPATH

edit-config:replace

ietf-acl:access-lists/access-list/access-list-entries/access-list-entry/rule-name

Data Requirements
Table 3-1160 Modifying an ACL rule

Item

Data

Description

ACL name

3001

Modify the rule 0 in ACL 3001, of which the action is set to deny, and protocol type is set to 6. Modify the source and destination IP addresses to 10.1.2.0/24 and 20.1.1.2/32, respectively, source port numbers to starting form 14 to 15, and destination port numbers to starting from 16 to 17. The VNI ID is 100. The name of the VPN instance is vpna.

Rule name

0

Action

deny

Protocol type

6

Source address information

10.1.2.0/24

Start source port number

14

End source port number

15

Destination IP address

20.1.1.2/32

Start destination port number

16

End destination port number

17

VNI ID

100

Name of the VPN instance

vpna

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_c23762ad85b7458086e74cf306062478">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <access-lists xmlns="urn:ietf:params:xml:ns:yang:ietf-acl">
    <access-list>
     <access-control-list-name>3001</access-control-list-name>
     <access-list-entries>
      <access-list-entry xc:operation="replace">
       <rule-name>0</rule-name>
       <actions>
        <deny/>
       </actions>
       <matches>
        <protocol>6</protocol>
        <source-ipv4-network>10.1.2.0/24</source-ipv4-network>
        <destination-ipv4-network>20.1.1.2/32</destination-ipv4-network>
        <source-port-range>
         <lower-port>14</lower-port>
         <upper-port>15</upper-port>
        </source-port-range> 
        <destination-port-range>
         <lower-port>16</lower-port>
         <upper-port>17</upper-port>
        </destination-port-range>
       </matches>
      </access-list-entry>
     </access-list-entries>
    </access-list>
   </access-lists>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_c23762ad85b7458086e74cf306062478">
  <ok/>  
</rpc-reply> 

Deleting an ACL Rule

This section provides a sample of deleting an ACL rule.

Table 3-1161 Deleting an ACL rule

Operation

XPATH

edit-config:remove

ietf-acl:access-lists/access-list/access-list-entries/access-list-entry/rule-name

Data Requirements
Table 3-1162 Deleting an ACL rule

Item

Data

Description

ACL name

3001

Delete rule 0 in ACL 3001.

Rule name

0

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_c23762ad85b7458086e74cf306062478">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <access-lists xmlns="urn:ietf:params:xml:ns:yang:ietf-acl">
    <access-list>
     <access-control-list-name>3001</access-control-list-name>
     <access-list-entries>
      <access-list-entry xc:operation="remove">
       <rule-name>0</rule-name>
      </access-list-entry>
     </access-list-entries>
    </access-list>
   </access-lists>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_c23762ad85b7458086e74cf306062478">
  <ok/>  
</rpc-reply> 
Translation
Download
Updated: 2019-03-06

Document ID: EDOC1100022096

Views: 8398

Downloads: 69

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next