No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NETCONF YANG API Reference

AR100, AR120, AR160, AR1200, AR2200, AR3200, and AR3600 V300R003

NETCONF YANG API Reference
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
SAC

SAC

NOTE:

V300R003C10 and later versions support application identification using the first packet. (DNS-assisted application identification using the first packet is supported since V300R003C00.)

Data Model

The data model file matching SAC is huawei-sac.yang.

Table 3-1984 SAC

Object

Description

ietf-interfaces:interfaces/interface/huawei-sac:sac

Indicates that the object of requesting an operation (creation, deletion, or modification) is the SAC configuration. It is a root object, which is only used to contain sub-objects.

ietf-interfaces:interfaces/interface/huawei-sac:sac/statistic-enable-flag

Indicates whether to enable the SA statistics function on an interface. By default, the SA statistics function is disabled on an interface.

  • true: This function is enabled.
  • false: This function is disabled.

huawei-sac:sac-global-config/first-packet-dns-enable

Indicates whether to enable DNS-assisted application identification using the first packet. By default, DNS-assisted application identification using the first packet is disabled.

  • true: This function is enabled.
  • false: This function is disabled.

huawei-sac:sac-global-config/first-packet-ports-enable

Indicates whether to enable application identification using the first packet based on the protocol and port number. By default, a device is disabled identifying applications using the first packet based on the protocol and port number.

  • true: This function is enabled.
  • false: This function is disabled.

huawei-sac:application-config/user-defined-applications/user-defined-application/name

Indicates the name of a user-defined first-packet identification application. The value is a string of 5 to 34 case-sensitive characters and must start with FUD_, for example, FUD_user. The name cannot contain spaces, question marks (?), commas (,), hyphens (-), and double quotation marks (").

huawei-sac:application-config/user-defined-applications/user-defined-application/advance-rule-flag

Indicates whether to enable application identification using the first packet based on advanced ACL rules. By default, a device is enabled to identify user-defined applications using the first packet based on advanced ACL rules.

  • true: This function is enabled.
  • false: This function is disabled.

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/id

Indicates the ID of a rule for user-defined application identification using the first packet. The value is an integer in the range from 0 to 59999.

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/domain

Indicates the domain name suffix of a rule for user-defined application identification using the first packet. The value is a string of 3 to 127 case-insensitive characters without spaces, and can be a combination of digits, letters, dots (.), asterisks (*), and hyphens (-). At most two non-consecutive asterisks (*) can be contained.

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/protocol

Indicates the protocol of a rule for user-defined application identification using the first packet. Currently, TCP and UDP are supported.

  • 6: TCP
  • 17: UDP

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/destination-port-range/lower-port

Indicates the start destination port number of a rule for user-defined application identification using the first packet. The value is an integer in the range from 1 to 65535.

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/destination-port-range/upper-port

Indicates the end destination port number of a rule for user-defined application identification using the first packet. The value is an integer in the range from 1 to 65535.

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/destination-ipv4-network

Indicates the destination IP address and mask length of a rule for user-defined application identification using the first packet. The value is in the format IP address/mask length, where:

  • The IP address is in dotted decimal notation.
  • The mask length is an integer in the range from 1 to 32.

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/source-ipv4-network

Indicates the source IP address and mask length of a rule for user-defined application identification using the first packet. The value is in the format IP address/mask length, where:

  • The IP address is in dotted decimal notation.
  • The mask length is an integer in the range from 1 to 32.

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/source-port-range/lower-port

Indicates the start source port number of a rule for user-defined application identification using the first packet. The value is an integer in the range from 1 to 65535.

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/source-port-range/upper-port

Indicates the end source port number of a rule for user-defined application identification using the first packet. The value is an integer in the range from 1 to 65535.

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/dscp

Indicates the DSCP priority of a rule for user-defined application identification using the first packet. The value can be the DiffServ code in the range from 0 to 63.

Configuring SA Statistics on an Interface

Enabling SA Statistics on an Interface

This section provides a sample of enabling SA statistics on an interface.

Table 3-1985 Enabling SA statistics on an interface

Operation

XPATH

edit-config: default

ietf-interfaces:interfaces/interface/huawei-sac:sac

NOTE:

Only WAN interfaces support this function.

Data Requirements
Table 3-1986 Enabling SA statistics on an interface

Item

Data

Description

Interface name

GigabitEthernet0/0/1

Enable SA statistics on GigabitEthernet0/0/1.

Whether the SA statistics function is enabled

true

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
    <interface>
     <name>GigabitEthernet 0/0/1</name>
     <type xmlns:iana="urn:ietf:params:xml:ns:yang:iana-if-type">hiperlan2</type>
     <sac xmlns="urn:huawei:params:xml:ns:yang:huawei-sac">
      <statistic-enable-flag>true</statistic-enable-flag>
     </sac>
    </interface>
   </interfaces>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0"> 
  <ok/> 
</rpc-reply> 
Disabling SA Statistics on an Interface

This section provides a sample of disabling SA statistics on an interface.

Table 3-1987 Disabling SA statistics on an interface

Operation

XPATH

edit-config: remove

ietf-interfaces:interfaces/interface/huawei-sac:sac

NOTE:

Only WAN interfaces support this function.

Data Requirements
Table 3-1988 Disabling SA statistics on an interface

Item

Data

Description

Interface name

GigabitEthernet0/0/1

Disable SA statistics on GigabitEthernet0/0/1.

Whether the SA statistics function is enabled

true

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
    <interface>
     <name>GigabitEthernet 0/0/1</name>
     <type xmlns:iana="urn:ietf:params:xml:ns:yang:iana-if-type">hiperlan2</type>
     <sac xmlns="urn:huawei:params:xml:ns:yang:huawei-sac" xc:operation="remove">
      <statistic-enable-flag>true</statistic-enable-flag>
     </sac>
    </interface>
   </interfaces>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0"> 
  <ok/> 
</rpc-reply> 
Modifying SA Statistics on an Interface

This section provides a sample of modifying SA statistics on an interface.

Table 3-1989 Modifying SA statistics on an interface

Operation

XPATH

edit-config: replace

ietf-interfaces:interfaces/interface/huawei-sac:sac

NOTE:

Only WAN interfaces support this function.

Data Requirements
Table 3-1990 Modifying SA statistics on an interface

Item

Data

Description

Interface name

GigabitEthernet 0/0/1

Modify the SA statistics function on GigabitEthernet0/0/1. The value true indicates that the function is enabled and the value false indicates that the function is disabled.

Whether the SA statistics function is enabled

true

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
   <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
    <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
     <interface>
      <name>GigabitEthernet 0/0/1</name>
      <type xmlns:iana="urn:ietf:params:xml:ns:yang:iana-if-type">hiperlan2</type>
      <sac xmlns="urn:huawei:params:xml:ns:yang:huawei-sac" xc:operation="replace">
       <statistic-enable-flag>true</statistic-enable-flag>
     </sac>
    </interface>
   </interfaces>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0"> 
  <ok/> 
</rpc-reply> 

Configuring DNS-Assisted Application Identification Using the First Packet

Enabling DNS-Assisted Application Identification Using the First Packet

This section provides a sample of enabling DNS-assisted application identification using the first packet.

Table 3-1991 Enabling DNS-assisted application identification using the first packet

Operation

XPATH

edit-config:merge

huawei-sac:sac-global-config/first-packet-dns-enable

Data Requirements
Table 3-1992 Enabling DNS-assisted application identification using the first packet

Item

Data

Description

Enabling DNS-assisted application identification using the first packet

true

Enable DNS-assisted application identification using the first packet.

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_c6c6ad5cd01e4cb7a98bd65b7fd1498d">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <security-engine-config xmlns="urn:huawei:params:xml:ns:yang:huawei-security-engine" xc:operation="merge">
    <enable-security-engine/>
   </security-engine-config>
   <sac-global-config xmlns="urn:huawei:params:xml:ns:yang:huawei-sac">    
     <first-packet-dns-enable xc:operation="merge">true</first-packet-dns-enable> 
   </sac-global-config>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_c6c6ad5cd01e4cb7a98bd65b7fd1498d"> 
  <ok/> 
</rpc-reply> 
Disabling DNS-Assisted Application Identification Using the First Packet

This section provides a sample of disabling DNS-assisted application identification using the first packet.

Table 3-1993 Disabling DNS-assisted application identification using the first packet

Operation

XPATH

edit-config:merge

huawei-sac:sac-global-config/first-packet-dns-enable

Data Requirements
Table 3-1994 Disabling DNS-assisted application identification using the first packet

Item

Data

Description

Enabling DNS-assisted application identification using the first packet

false

Disable DNS-assisted application identification using the first packet.

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_c6c6ad5cd01e4cb7a98bd65b7fd1498d">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <sac-global-config xmlns="urn:huawei:params:xml:ns:yang:huawei-sac">    
     <first-packet-dns-enable xc:operation="merge">true</first-packet-dns-enable> 
   </sac-global-config>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_c6c6ad5cd01e4cb7a98bd65b7fd1498d"> 
  <ok/> 
</rpc-reply> 

Configuring Application Identification Using the First Packet Based on the Protocol and Port Number

Enabling Application Identification Using the First Packet Based on the Protocol and Port Number

This section provides a sample of enabling application identification using the first packet based on the protocol and port number.

Table 3-1995 Enabling application identification using the first packet based on the protocol and port number

Operation

XPATH

edit-config:merge

huawei-sac:sac-global-config/first-packet-ports-enable

Data Requirements
Table 3-1996 Enabling application identification using the first packet based on the protocol and port number

Item

Data

Description

Enabling flag

true

Enable application identification using the first packet based on the protocol and port number for a device.

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
 <edit-config> 
  <target> 
   <running/> 
  </target> 
  <error-option>rollback-on-error</error-option> 
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> 
   <sac-global-config xmlns="urn:huawei:params:xml:ns:yang:huawei-sac"> 
    <first-packet-ports-enable xc:operation="merge">true</first-packet-ports-enable> 
   </sac-global-config>  
  </config> 
 </edit-config> 
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
  <ok/>  
</rpc-reply> 
Disabling Application Identification Using the First Packet Based on the Protocol and Port Number

This section provides a sample of disabling application identification using the first packet based on the protocol and port number.

Table 3-1997 Disabling application identification using the first packet based on the protocol and port number

Operation

XPATH

edit-config:merge

huawei-sac:sac-global-config/first-packet-ports-enable

Data Requirements
Table 3-1998 Disabling application identification using the first packet based on the protocol and port number

Item

Data

Description

Enabling flag

false

Disable application identification using the first packet based on the protocol and port number for a device.

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
 <edit-config> 
  <target> 
   <running/> 
  </target> 
  <error-option>rollback-on-error</error-option> 
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> 
   <sac-global-config xmlns="urn:huawei:params:xml:ns:yang:huawei-sac"> 
    <first-packet-ports-enable xc:operation="merge">false</first-packet-ports-enable> 
   </sac-global-config>  
  </config> 
 </edit-config> 
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
  <ok/>  
</rpc-reply> 

Configuring a User-Defined First-Packet Identification Application

Creating a User-Defined First-Packet Identification Application

This section provides a sample of creating a user-defined first-packet identification application.

Table 3-1999 Creating a user-defined first-packet identification application

Operation

XPATH

edit-config:merge

huawei-sac:application-config/user-defined-applications/user-defined-application/name

Data Requirements
Table 3-2000 Creating a user-defined first-packet identification application

Item

Data

Description

Name of the user-defined first-packet identification application

FUD_https

Create a user-defined first-packet identification application named FUD_https.

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
 <edit-config> 
  <target> 
   <running/> 
  </target> 
  <error-option>rollback-on-error</error-option> 
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> 
   <application-config xmlns="urn:huawei:params:xml:ns:yang:huawei-sac"> 
    <user-defined-applications> 
     <user-defined-application xc:operation="merge"> 
      <name>FUD_https</name> 
     </user-defined-application> 
    </user-defined-applications> 
   </application-config>  
  </config> 
 </edit-config> 
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
  <ok/>  
</rpc-reply> 
Deleting a User-Defined First-Packet Identification Application

This section provides a sample of deleting a user-defined first-packet identification application.

Table 3-2001 Deleting a user-defined first-packet identification application

Operation

XPATH

edit-config:remove

huawei-sac:application-config/user-defined-applications/user-defined-application/name

Data Requirements
Table 3-2002 Deleting a user-defined first-packet identification application

Item

Data

Description

Name of the user-defined first-packet identification application

FUD_https

Delete the user-defined first-packet identification application named FUD_https.

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
 <edit-config> 
  <target> 
   <running/> 
  </target> 
  <error-option>rollback-on-error</error-option> 
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> 
   <application-config xmlns="urn:huawei:params:xml:ns:yang:huawei-sac"> 
    <user-defined-applications> 
     <user-defined-application xc:operation="remove"> 
      <name>FUD_https</name> 
     </user-defined-application> 
    </user-defined-applications> 
   </application-config>  
  </config> 
 </edit-config> 
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
  <ok/>  
</rpc-reply> 

Configuring User-Defined Application Identification Using the First Packet Based on Advanced ACL Rules

Enabling User-Defined Application Identification Using the First Packet Based on Advanced ACL Rules

This section provides a sample of enabling user-defined application identification using the first packet based on advanced ACL rules.

Table 3-2003 Enabling user-defined application identification using the first packet based on advanced ACL rules

Operation

XPATH

edit-config:merge

huawei-sac:application-config/user-defined-applications/user-defined-application/advance-rule-flag

Data Requirements
Table 3-2004 Enabling user-defined application identification using the first packet based on advanced ACL rules

Item

Data

Description

Name of the user-defined first-packet identification application

FUD_https

Enable user-defined application identification using the first packet based on advanced ACL rules for an application named FUD_https.

Enabling flag

true

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
 <edit-config> 
  <target> 
   <running/> 
  </target> 
  <error-option>rollback-on-error</error-option> 
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> 
   <application-config xmlns="urn:huawei:params:xml:ns:yang:huawei-sac"> 
    <user-defined-applications> 
     <user-defined-application xc:operation="merge"> 
      <name>FUD_https</name> 
      <advance-rule-flag>true</advance-rule-flag> 
     </user-defined-application> 
    </user-defined-applications> 
   </application-config>  
  </config> 
 </edit-config> 
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
  <ok/>  
</rpc-reply> 
Disabling User-Defined Application Identification Using the First Packet Based on Advanced ACL Rules

This section provides a sample of disabling user-defined application identification using the first packet based on advanced ACL rules.

Table 3-2005 Disabling user-defined application identification using the first packet based on advanced ACL rules

Operation

XPATH

edit-config:merge

huawei-sac:application-config/user-defined-applications/user-defined-application/advance-rule-flag

Data Requirements
Table 3-2006 Disabling user-defined application identification using the first packet based on advanced ACL rules

Item

Data

Description

Name of the user-defined first-packet identification application

FUD_https

Disable user-defined application identification using the first packet based on advanced ACL rules for an application named FUD_https.

Enabling flag

false

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
 <edit-config> 
  <target> 
   <running/> 
  </target> 
  <error-option>rollback-on-error</error-option> 
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> 
   <application-config xmlns="urn:huawei:params:xml:ns:yang:huawei-sac"> 
    <user-defined-applications> 
     <user-defined-application xc:operation="merge"> 
      <name>FUD_https</name> 
      <advance-rule-flag>false</advance-rule-flag> 
     </user-defined-application> 
    </user-defined-applications> 
   </application-config>  
  </config> 
 </edit-config> 
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
  <ok/>  
</rpc-reply> 

Configuring DNS Domain Name Rules for User-Defined First-Packet Identification Applications

Creating DNS Domain Name Rules for User-Defined First-Packet Identification Applications

This section provides a sample of creating a DNS domain name rule for user-defined first-packet identification applications.

Table 3-2007 Creating a DNS domain name rule for user-defined first-packet identification applications

Operation

XPATH

edit-config:merge

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/id

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/domain

Data Requirements
Table 3-2008 Creating a DNS domain name rule for user-defined first-packet identification applications

Item

Data

Description

Name of the user-defined first-packet identification application

FUD_https3

Create a DNS domain name rule whose ID is 21 and domain name is baidu.com for the user-defined first-packet identification application FUD_https3.

NOTICE:

Before configuring a DNS domain name rule, you must disable user-defined application identification using the first packet based on advanced ACL rules.

Whether to enable the advanced ACL

false

Rule ID

21

Domain name

baidu.com

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
 <edit-config> 
  <target> 
   <running/> 
  </target> 
  <error-option>rollback-on-error</error-option> 
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> 
   <application-config xmlns="urn:huawei:params:xml:ns:yang:huawei-sac"> 
    <user-defined-applications> 
     <user-defined-application xc:operation="merge"> 
      <name>FUD_https3</name> 
      <advance-rule-flag>false</advance-rule-flag> 
      <rule xc:operation="merge"> 
       <id>21</id> 
       <domain>baidu.com</domain> 
      </rule> 
     </user-defined-application> 
    </user-defined-applications> 
   </application-config>  
  </config> 
 </edit-config> 
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
  <ok/>  
</rpc-reply> 
Modifying DNS Domain Name Rules for User-Defined First-Packet Identification Applications

This section provides a sample of modifying a DNS domain name rule for user-defined first-packet identification applications.

Table 3-2009 Modifying a DNS domain name rule for user-defined first-packet identification applications

Operation

XPATH

edit-config:replace

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/id

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/domain

Data Requirements
Table 3-2010 Modifying a DNS domain name rule for user-defined first-packet identification applications

Item

Data

Description

Name of the user-defined first-packet identification application

FUD_https3

Modify the domain name of the DNS domain name rule whose ID is 21 to google.com for the user-defined first-packet identification application FUD_https3.

Whether to enable the advanced ACL

false

Rule ID

21

Domain name

google.com

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
 <edit-config> 
  <target> 
   <running/> 
  </target> 
  <error-option>rollback-on-error</error-option> 
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> 
   <application-config xmlns="urn:huawei:params:xml:ns:yang:huawei-sac"> 
    <user-defined-applications> 
     <user-defined-application xc:operation="merge"> 
      <name>FUD_https3</name> 
      <advance-rule-flag>false</advance-rule-flag> 
      <rule xc:operation="replace"> 
       <id>21</id> 
       <domain>google.com</domain> 
      </rule> 
     </user-defined-application> 
    </user-defined-applications> 
   </application-config>  
  </config> 
 </edit-config> 
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
  <ok/>  
</rpc-reply> 
Deleting DNS Domain Name Rules for User-Defined First-Packet Identification Applications

This section provides a sample of deleting a DNS domain name rule for user-defined first-packet identification applications.

Table 3-2011 Deleting a DNS domain name rule for user-defined first-packet identification applications

Operation

XPATH

edit-config:remove

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/id

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/domain

Data Requirements
Table 3-2012 Deleting a DNS domain name rule for user-defined first-packet identification applications

Item

Data

Description

Name of the user-defined first-packet identification application

FUD_https3

Delete a DNS domain name rule whose ID is 21 and domain name is google.com for the user-defined first-packet identification application FUD_https3.

Whether to enable the advanced ACL

false

Rule ID

21

Domain name

google.com

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
 <edit-config> 
  <target> 
   <running/> 
  </target> 
  <error-option>rollback-on-error</error-option> 
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> 
   <application-config xmlns="urn:huawei:params:xml:ns:yang:huawei-sac"> 
    <user-defined-applications> 
     <user-defined-application xc:operation="merge"> 
      <name>FUD_https3</name> 
      <advance-rule-flag>false</advance-rule-flag> 
      <rule xc:operation="remove"> 
       <id>21</id> 
       <domain>google.com</domain> 
      </rule> 
     </user-defined-application> 
    </user-defined-applications> 
   </application-config>  
  </config> 
 </edit-config> 
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
  <ok/>  
</rpc-reply> 

Configuring Rules Combining the Protocol and Port Number for User-Defined First-Packet Identification Applications

Creating Rules Combining the Protocol and Port Number for User-Defined First-Packet Identification Applications

This section provides a sample of creating a rule combining the protocol and port number for user-defined first-packet identification applications.

Table 3-2013 Creating a rule combining the protocol and port number for user-defined first-packet identification applications

Operation

XPATH

edit-config:merge

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/id

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/protocol

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/destination-port-range/lower-port

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/destination-port-range/upper-port

Data Requirements
Table 3-2014 Creating a rule combining the protocol and port number for user-defined first-packet identification applications

Item

Data

Description

Name of the user-defined first-packet identification application

FUD_https1

Create a rule combining the protocol and port number for the user-defined first-packet identification application named FUD_https1. The information about the rule is as follows:

  • Rule ID: 21
  • Protocol: UDP
  • Start destination port number: 30
  • End destination port number: 70
NOTICE:
  • The start destination port number must be smaller than the end destination port number; otherwise, the configuration fails.
  • Before configuring a rule combining the protocol and port number, you must disable user-defined application identification using the first packet based on advanced ACL rules.

Whether to enable the advanced ACL

false

Rule ID

21

Protocol

17

Start destination port number

30

End destination port number

70

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
 <edit-config> 
  <target> 
   <running/> 
  </target> 
  <error-option>rollback-on-error</error-option> 
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> 
   <application-config xmlns="urn:huawei:params:xml:ns:yang:huawei-sac"> 
    <user-defined-applications> 
     <user-defined-application> 
      <name>FUD_https1</name> 
      <advance-rule-flag>false</advance-rule-flag> 
      <rule xc:operation="merge"> 
       <id>21</id> 
       <protocol>17</protocol> 
       <destination-port-range> 
        <lower-port>30</lower-port> 
        <upper-port>70</upper-port> 
       </destination-port-range> 
      </rule> 
     </user-defined-application> 
    </user-defined-applications> 
   </application-config>  
  </config> 
 </edit-config> 
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
  <ok/>  
</rpc-reply> 
Modifying Rules Combining the Protocol and Port Number for User-Defined First-Packet Identification Applications

This section provides a sample of modifying a rule combining the protocol and port number for user-defined first-packet identification applications.

Table 3-2015 Modifying a rule combining the protocol and port number for user-defined first-packet identification applications

Operation

XPATH

edit-config:replace

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/id

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/protocol

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/destination-port-range/lower-port

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/destination-port-range/upper-port

Data Requirements
Table 3-2016 Modifying a rule combining the protocol and port number for user-defined first-packet identification applications

Item

Data

Description

Name of the user-defined first-packet identification application

FUD_https1

Modify the protocol, start destination port number, and end destination port number to TCP, 40, and 80, respectively, for the rule 21 that is configured for the user-defined first-packet identification application FUD_https1.

Whether to enable the advanced ACL

false

Rule ID

21

Protocol

6

Start destination port number

40

End destination port number

80

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
 <edit-config> 
  <target> 
   <running/> 
  </target> 
  <error-option>rollback-on-error</error-option> 
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> 
   <application-config xmlns="urn:huawei:params:xml:ns:yang:huawei-sac"> 
    <user-defined-applications> 
     <user-defined-application> 
      <name>FUD_https1</name> 
      <advance-rule-flag>false</advance-rule-flag> 
      <rule xc:operation="replace"> 
       <id>21</id> 
       <protocol>6</protocol> 
       <destination-port-range> 
        <lower-port>40</lower-port> 
        <upper-port>80</upper-port> 
       </destination-port-range> 
      </rule> 
     </user-defined-application> 
    </user-defined-applications> 
   </application-config>  
  </config> 
 </edit-config> 
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
  <ok/>  
</rpc-reply> 
Deleting Rules Combining the Protocol and Port Number for User-Defined First-Packet Identification Applications

This section provides a sample of deleting a rule combining the protocol and port number for user-defined first-packet identification applications.

Table 3-2017 Deleting a rule combining the protocol and port number for user-defined first-packet identification applications

Operation

XPATH

edit-config:remove

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/id

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/protocol

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/destination-port-range/lower-port

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/destination-port-range/upper-port

Data Requirements
Table 3-2018 Deleting a rule combining the protocol and port number for user-defined first-packet identification applications

Item

Data

Description

Name of the user-defined first-packet identification application

FUD_https1

Delete a rule combining the protocol and port number for the user-defined first-packet identification application named FUD_https1. The information about the rule is as follows:

  • Rule ID: 21
  • Protocol: TCP
  • Start destination port number: 40
  • End destination port number: 80

Whether to enable the advanced ACL

false

Rule ID

21

Protocol

6

Start destination port number

40

End destination port number

80

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
 <edit-config> 
  <target> 
   <running/> 
  </target> 
  <error-option>rollback-on-error</error-option> 
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> 
   <application-config xmlns="urn:huawei:params:xml:ns:yang:huawei-sac"> 
    <user-defined-applications> 
     <user-defined-application> 
      <name>FUD_https1</name> 
      <advance-rule-flag>false</advance-rule-flag> 
      <rule xc:operation="remove"> 
       <id>21</id> 
       <protocol>6</protocol> 
       <destination-port-range> 
        <lower-port>40</lower-port> 
        <upper-port>80</upper-port> 
       </destination-port-range> 
      </rule> 
     </user-defined-application> 
    </user-defined-applications> 
   </application-config>  
  </config> 
 </edit-config> 
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
  <ok/>  
</rpc-reply> 

Configuring Rules Based on 5-Tuple and/or DSCP Information for User-Defined First-Packet Identification Applications

Creating Rules Based on 5-Tuple and/or DSCP Information for User-Defined First-Packet Identification Applications

This section provides a sample of creating a rule based on 5-tuple and/or DSCP information for user-defined first-packet identification applications.

Table 3-2019 Creating a rule based on 5-tuple and/or DSCP information for user-defined first-packet identification applications

Operation

XPATH

edit-config:merge

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/id

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/dscp

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/protocol

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/destination-ipv4-network

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/source-ipv4-network

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/source-port-range/lower-port

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/source-port-range/upper-port

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/destination-port-range/lower-port

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/destination-port-range/upper-port

Data Requirements
Table 3-2020 Creating a rule based on 5-tuple and/or DSCP information for user-defined first-packet identification applications

Item

Data

Description

Name of the user-defined first-packet identification application

FUD_https2

Create a rule based on 5-tuple and/or DSCP information for the user-defined first-packet identification application named FUD_https2. The information about the rule is as follows:

  • Rule ID: 23
  • DSCP priority: 8
  • Protocol: TCP
  • Destination IP address and mask length: 10.2.1.1/24
  • Start destination port number: 30
  • End destination port number: 70
  • Source IP address and mask length: 10.1.1.1/24
  • Start source port number: 40
  • End source port number: 60
NOTICE:
  • The start destination port number must be smaller than the end destination port number; otherwise, the configuration fails.
  • The start source port number must be smaller than the end source port number; otherwise, the configuration fails.
  • Before configuring a rule based on 5-tuple and/or DSCP information, you must enable user-defined application identification using the first packet based on advanced ACL rules.
  • For a rule based on 5-tuple and/or DSCP information, the protocol type is optional.

Whether to enable the advanced ACL

true

Rule ID

23

DSCP priority

8

Protocol

6

Destination IP address/mask length

10.2.1.1/24

Start destination port number

30

End destination port number

70

Source IP address/mask length

10.1.1.1/24

Start source port number

40

End source port number

60

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
 <edit-config> 
  <target> 
   <running/> 
  </target> 
  <error-option>rollback-on-error</error-option> 
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> 
   <application-config xmlns="urn:huawei:params:xml:ns:yang:huawei-sac"> 
    <user-defined-applications> 
     <user-defined-application xc:operation="merge"> 
      <name>FUD_https2</name> 
      <advance-rule-flag>true</advance-rule-flag> 
      <rule> 
       <id>23</id> 
       <dscp>8</dscp> 
       <protocol>6</protocol> 
       <destination-ipv4-network>10.2.1.1/24</destination-ipv4-network> 
       <destination-port-range> 
        <lower-port>30</lower-port> 
        <upper-port>70</upper-port> 
       </destination-port-range> 
       <source-ipv4-network>10.1.1.1/24</source-ipv4-network> 
       <source-port-range> 
        <lower-port>40</lower-port> 
        <upper-port>60</upper-port> 
       </source-port-range> 
      </rule> 
     </user-defined-application> 
    </user-defined-applications> 
   </application-config>  
  </config> 
 </edit-config> 
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
  <ok/>  
</rpc-reply> 
Modifying Rules Based on 5-Tuple and/or DSCP Information for User-Defined First-Packet Identification Applications

This section provides a sample of modifying a rule based on 5-tuple and/or DSCP information for user-defined first-packet identification applications.

Table 3-2021 Modifying a rule based on 5-tuple and/or DSCP information for user-defined first-packet identification applications

Operation

XPATH

edit-config:replace

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/id

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/dscp

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/protocol

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/destination-ipv4-network

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/source-ipv4-network

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/source-port-range/lower-port

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/source-port-range/upper-port

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/destination-port-range/lower-port

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/destination-port-range/upper-port

Data Requirements
Table 3-2022 Modifying a rule based on 5-tuple and/or DSCP information for user-defined first-packet identification applications

Item

Data

Description

Name of the user-defined first-packet identification application

FUD_https2

Modify a rule based on 5-tuple and/or DSCP information for the user-defined first-packet identification application named FUD_https2. A rule with the ID 23 is modified as follows:

  • DSCP priority: 7
  • Protocol: UDP
  • Destination IP address and mask length: 10.2.1.2/24
  • Start destination port number: 50
  • End destination port number: 80
  • Source IP address and mask length: 10.1.1.2/24
  • Start source port number: 60
  • End source port number: 90

Whether to enable the advanced ACL

true

Rule ID

23

DSCP priority

7

Protocol

17

Destination IP address/mask length

10.2.1.2/24

Start destination port number

50

End destination port number

80

Source IP address/mask length

10.1.1.2/24

Start source port number

60

End source port number

90

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
 <edit-config> 
  <target> 
   <running/> 
  </target> 
  <error-option>rollback-on-error</error-option> 
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> 
   <application-config xmlns="urn:huawei:params:xml:ns:yang:huawei-sac"> 
    <user-defined-applications> 
     <user-defined-application xc:operation="merge"> 
      <name>FUD_https2</name> 
      <advance-rule-flag>true</advance-rule-flag> 
      <rule xc:operation="replace"> 
       <id>23</id> 
       <dscp>7</dscp> 
       <protocol>17</protocol> 
       <destination-ipv4-network>10.2.1.2/24</destination-ipv4-network> 
       <destination-port-range> 
        <lower-port>50</lower-port> 
        <upper-port>80</upper-port> 
       </destination-port-range> 
       <source-ipv4-network>10.1.1.2/24</source-ipv4-network> 
       <source-port-range> 
        <lower-port>60</lower-port> 
        <upper-port>90</upper-port> 
       </source-port-range> 
      </rule> 
     </user-defined-application> 
    </user-defined-applications> 
   </application-config>  
  </config> 
 </edit-config> 
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
  <ok/>  
</rpc-reply> 
Deleting Rules Based on 5-Tuple and/or DSCP Information for User-Defined First-Packet Identification Applications

This section provides a sample of deleting a rule based on 5-tuple and/or DSCP information for user-defined first-packet identification applications.

Table 3-2023 Deleting a rule based on 5-tuple and/or DSCP information for user-defined first-packet identification applications

Operation

XPATH

edit-config:remove

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/id

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/dscp

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/protocol

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/destination-ipv4-network

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/source-ipv4-network

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/source-port-range/lower-port

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/source-port-range/upper-port

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/destination-port-range/lower-port

huawei-sac:application-config/user-defined-applications/user-defined-application/rule/destination-port-range/upper-port

Data Requirements
Table 3-2024 Deleting a rule based on 5-tuple and/or DSCP information for user-defined first-packet identification applications

Item

Data

Description

Name of the user-defined first-packet identification application

FUD_https2

Delete a rule based on 5-tuple and/or DSCP information for the user-defined first-packet identification application named FUD_https2. The information about the rule is as follows:

  • Rule ID: 23
  • DSCP priority: 7
  • Protocol: UDP
  • Destination IP address and mask length: 10.2.1.2/24
  • Start destination port number: 50
  • End destination port number: 80
  • Source IP address and mask length: 10.1.1.2/24
  • Start source port number: 60
  • End source port number: 90

Whether to enable the advanced ACL

true

Rule ID

23

DSCP priority

7

Protocol

17

Destination IP address/mask length

10.2.1.2/24

Start destination port number

50

End destination port number

80

Source IP address/mask length

10.1.1.2/24

Start source port number

60

End source port number

90

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
 <edit-config> 
  <target> 
   <running/> 
  </target> 
  <error-option>rollback-on-error</error-option> 
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> 
   <application-config xmlns="urn:huawei:params:xml:ns:yang:huawei-sac"> 
    <user-defined-applications> 
     <user-defined-application xc:operation="merge"> 
      <name>FUD_https2</name> 
      <advance-rule-flag>true</advance-rule-flag> 
      <rule xc:operation="remove"> 
       <id>23</id> 
       <dscp>7</dscp> 
       <protocol>17</protocol> 
       <destination-ipv4-network>10.2.1.2/24</destination-ipv4-network> 
       <destination-port-range> 
        <lower-port>50</lower-port> 
        <upper-port>80</upper-port> 
       </destination-port-range> 
       <source-ipv4-network>10.1.1.2/24</source-ipv4-network> 
       <source-port-range> 
        <lower-port>60</lower-port> 
        <upper-port>90</upper-port> 
       </source-port-range> 
      </rule> 
     </user-defined-application> 
    </user-defined-applications> 
   </application-config>  
  </config> 
 </edit-config> 
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_1986"> 
  <ok/>  
</rpc-reply> 
Translation
Download
Updated: 2019-03-06

Document ID: EDOC1100022096

Views: 9641

Downloads: 69

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next