No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NETCONF YANG API Reference

AR100, AR120, AR160, AR1200, AR2200, AR3200, and AR3600 V300R003

NETCONF YANG API Reference
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ACL6

ACL6

This section describes the data model of ACL6 (IPv6 ACL), and provides samples of creating, configuring, modifying, and deleting an ACL6.

Data Model

The data model files matching ACL6 are ietf-acl.yang and huawei-acl.yang.
Table 3-1163 ACL6

Object

Description

/ietf-acl:access-lists/access-list/access-control-list-name

Indicates the name of an ACL6. It is the ACL IPv6 number, which is unique globally. The IPv6 ACL and IPv4 ACL use the same object. Therefore, enter ipv6:number for an IPv6 ACL. The value range of number is as follows:

  • Basic ACL6: 2000 to 2999.
  • Advanced ACL6: 3000 to 3999.

/ietf-acl:access-lists/access-list/huawei-acl:ipv6-flag

Indicates the flag of an IPv6 ACL.

/ietf-acl:access-lists/access-list/access-list-entries/access-list-entry/rule-name

Indicates the name of an ACL6 rule. The rule name is a unique identifier in a certain ACL6 object. The same rule name can be configured in different ACL6 objects. The value ranges from 0 to 4294967294.

/ietf-acl:access-lists/access-list/access-list-entries/access-list-entry/matches/protocol

Indicates the protocol type of packets that match an ACL6 rule. The value ranges from 1 to 255. Value 58 indicates ICMPv6, 6 indicates TCP, 17 indicates UDP, 47 indicates GRE, and 89 indicates OSPF.

/ietf-acl:access-lists/access-list/access-list-entries/access-list-entry/actions/permit

Permits the packets that match a rule. Permit and deny actions are mutually exclusive. This object is delivered in the format of <permit/>.

/ietf-acl:access-lists/access-list/access-list-entries/access-list-entry/actions/deny

Denies the packets that match a rule. Permit and deny actions are mutually exclusive. This object is delivered in the format of <deny/>.

/ietf-acl:access-lists/access-list/access-list-entries/access-list-entry/matches/source-ipv6-network

Indicates the source address of packets that match an ACL6 rule. The value is in the format of fc00:1::1/64.

/ietf-acl:access-lists/access-list/access-list-entries/access-list-entry/matches/destination-ipv6-network

Indicates the destination address of packets that match an ACL6 rule. The value is in the format of fc00:1::1/64.

/ietf-acl:access-lists/access-list/access-list-entries/access-list-entry/matches/dscp

Indicates the Differentiated Services Code Point (DSCP) value of packets that match an ACL6 rule. The value is an integer that ranges from 0 to 63.

/ietf-acl:access-lists/access-list/access-list-entries/access-list-entry/matches/huawei-acl:time-range

Indicates a time range during which ACL6 rules take effect. The value is a string of 1 to 32 characters. If this parameter is not specified, ACL6 rules take effect at any time.

Creating an ACL6

This section provides a sample of creating an ACL6.

Table 3-1164 Creating an ACL6

Operation

XPATH

edit-config: default

/ietf-acl:access-lists/access-list

Data Requirements
Table 3-1165 Creating an ACL6

Item

Data

Description

ACL6 name

3001

Create an ACL6 and set the name to 3001.

ACL6 flag

true

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_c23762ad85b7458086e74cf306062478">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <access-lists xmlns="urn:ietf:params:xml:ns:yang:ietf-acl">
    <access-list>
     <access-control-list-name>3001</access-control-list-name>
     <ipv6-flag xmlns="urn:huawei:params:xml:ns:yang:huawei-acl">true</ipv6-flag>
    </access-list>
   </access-lists>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_c23762ad85b7458086e74cf306062478">
  <ok/> 
</rpc-reply> 

Configuring an ACL6 Rule for Matching Packets Based on the Source Address

This section provides a sample of configuring an ACL6 rule for matching packets based on the source address.

Table 3-1166 Creating an ACL6 rule for matching packets based on the source address

Operation

XPATH

edit-config: default

/ietf-acl:access-lists/access-list

Data Requirements
Table 3-1167 Creating an ACL6 rule for matching packets based on the source address

Item

Data

Description

ACL6 name

3001

Create ACL6 rule 1 in ACL6 3001, and set the source address to fc00:3::1/64, the protocol type to 6, and the action to permit.

ACL6 flag

true

Rule name

1

Action

permit

Protocol type

6

Source address

fc00:3::1/64

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_c23762ad85b7458086e74cf306062478">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <access-lists xmlns="urn:ietf:params:xml:ns:yang:ietf-acl">
    <access-list>
     <access-control-list-name>3001</access-control-list-name>
     <ipv6-flag xmlns="urn:huawei:params:xml:ns:yang:huawei-acl">true</ipv6-flag>
     <access-list-entries>
      <access-list-entry>
       <rule-name>1</rule-name>
       <actions>
        <permit/>
       </actions>
       <matches>
        <protocol>6</protocol>
        <source-ipv6-network>fc00:3::1/64</source-ipv6-network>
       </matches>
      </access-list-entry>
     </access-list-entries>
    </access-list>
   </access-lists>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_c23762ad85b7458086e74cf306062478">
  <ok/> 
</rpc-reply>

Configuring an ACL6 Rule for Matching Packets Based on the Destination Address

This section provides a sample of configuring an ACL6 rule for matching packets based on the destination address.

Table 3-1168 Creating an ACL6 rule for matching packets based on the destination address

Operation

XPATH

edit-config: default

/ietf-acl:access-lists/access-list

Data Requirements
Table 3-1169 Creating an ACL6 rule for matching packets based on the destination address

Item

Data

Description

ACL6 name

3001

Create ACL6 rule 1 in ACL6 3001, and set the destination address to fc00:1::1/64, the protocol type to 6, and the action to permit.

ACL6 flag

true

Rule name

1

Action

permit

Protocol type

6

Destination address

fc00:1::1/64

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_c23762ad85b7458086e74cf306062478">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <access-lists xmlns="urn:ietf:params:xml:ns:yang:ietf-acl">
    <access-list>
     <access-control-list-name>3001</access-control-list-name>
     <ipv6-flag xmlns="urn:huawei:params:xml:ns:yang:huawei-acl">true</ipv6-flag>
     <access-list-entries>
      <access-list-entry>
       <rule-name>1</rule-name>
       <actions>
        <permit/>
       </actions>
       <matches>
        <protocol>6</protocol>
        <destination-ipv6-network>fc00:1::1/64</destination-ipv6-network>
       </matches>
      </access-list-entry>
     </access-list-entries>
    </access-list>
   </access-lists>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_c23762ad85b7458086e74cf306062478">
  <ok/> 
</rpc-reply>

Configuring an ACL6 Rule for Matching Packets Based on the DSCP

This section provides a sample of configuring an ACL6 rule for matching packets based on the DSCP.

Table 3-1170 Creating an ACL6 rule for matching packets based on the DSCP

Operation

XPATH

edit-config: default

/ietf-acl:access-lists/access-list

Data Requirements
Table 3-1171 Creating an ACL6 rule for matching packets based on the DSCP

Item

Data

Description

ACL6 name

3001

Create ACL6 rule 1 in ACL6 3001, and set the DSCP value to 6, the protocol type to 6, and the action to permit.

ACL6 flag

true

Rule name

1

Action

permit

Protocol type

6

DSCP

6

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_c23762ad85b7458086e74cf306062478">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <access-lists xmlns="urn:ietf:params:xml:ns:yang:ietf-acl">
    <access-list>
     <access-control-list-name>3001</access-control-list-name>
     <ipv6-flag xmlns="urn:huawei:params:xml:ns:yang:huawei-acl">true</ipv6-flag>
     <access-list-entries>
      <access-list-entry>
       <rule-name>1</rule-name>
       <actions>
        <permit/>
       </actions>
       <matches>
        <protocol>6</protocol>
        <dscp>6</dscp>
       </matches>
      </access-list-entry>
     </access-list-entries>
    </access-list>
   </access-lists>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_c23762ad85b7458086e74cf306062478">
  <ok/> 
</rpc-reply>

Modifying an ACL6 Rule

This section provides a sample of modifying an ACL6 rule.

Table 3-1172 Modifying an ACL6 rule

Operation

XPATH

edit-config:replace

/ietf-acl:access-lists/access-list

Data Requirements
Table 3-1173 Modifying an ACL6 rule

Item

Data

Description

ACL6 name

3001

Modify rule 1 in ACL6 3001. Modify the protocol type to 6, the DSCP to 10, the source address to fc00:3::2/64, and the destination address to fc00:1::2/64.

ACL6 flag

true

ACL6 rule

1

Protocol type

6

DSCP

10

Source address

fc00:3::2/64

Destination address

fc00:1::2/64

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_c23762ad85b7458086e74cf306062478">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <access-lists xmlns="urn:ietf:params:xml:ns:yang:ietf-acl">
    <access-list xc:operation="replace">
     <access-control-list-name>3001</access-control-list-name>
     <ipv6-flag xmlns="urn:huawei:params:xml:ns:yang:huawei-acl">true</ipv6-flag>
     <access-list-entries>
      <access-list-entry>
       <rule-name>1</rule-name>
       <actions>
        <permit/>
       </actions>
       <matches>
        <protocol>6</protocol>
        <dscp>10</dscp>
        <destination-ipv6-network>fc00:1::2/64</destination-ipv6-network>
        <source-ipv6-network>fc00:3::2/64</source-ipv6-network>
       </matches>
      </access-list-entry>
     </access-list-entries>
    </access-list>
   </access-lists>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_c23762ad85b7458086e74cf306062478">
  <ok/> 
</rpc-reply>

Deleting an ACL6 Rule

This section provides a sample of deleting an ACL6 rule.

Table 3-1174 Deleting an ACL6 rule

Operation

XPATH

edit-config:remove

ietf-acl:access-lists/access-list/access-list-entries/access-list-entry

Data Requirements
Table 3-1175 Deleting an ACL6 rule

Item

Data

Description

ACL6 name

3001

Delete rule 1 from ACL6 3001.

Rule name

1

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_c23762ad85b7458086e74cf306062478">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <access-lists xmlns="urn:ietf:params:xml:ns:yang:ietf-acl">
    <access-list>
     <access-control-list-name>3001</access-control-list-name>
     <access-list-entries>
      <access-list-entry xc:operation="remove">
       <rule-name>1</rule-name>
      </access-list-entry>
     </access-list-entries>
    </access-list>
   </access-lists>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_c23762ad85b7458086e74cf306062478">
  <ok/> 
</rpc-reply> 
Translation
Download
Updated: 2019-03-06

Document ID: EDOC1100022096

Views: 8601

Downloads: 69

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next