No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R012C00 NETCONF YANG API Reference

This document describes the NETCONF YANG API functions supported by the switch, including the data model and samples.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Policy Association

Policy Association

Data Model

The configuration model files matching policy association are ietf-interfaces.yang, huawei-nac.yang, and huawei-aaa.yang.

Table 2-600  Data model
Object Description Value Remarks
/huawei-nac:nac-access/policy-association/as-access/controller-ip Indicates an IP address of a control device. The value is in dotted decimal notation.

Only the access device supports this object.

/huawei-nac:nac-access/policy-association/as-access/vlanif Indicates the source VLANIF interface of the CAPWAP tunnel established between the access device and control device. The value is an integer that ranges from 1 to 4094.

Only the access device supports this object.

/huawei-nac:nac-access/policy-association/as-auth/auth-mode

Set the access device authentication mode to none authentication.

The value can only be set to none.

By default, authentication is required when an access device establishes a CAPWAP tunnel with a control device.

Only the control device supports this object.

/huawei-nac:nac-access/policy-association/as-auth/whitelist-mac-address

Add the specified MAC address to an access device authentication whitelist so that the access device with this MAC address does not need to be authenticated when establishing a CAPWAP tunnel with the control device.

The value is a character string. Multiple MAC addresses can be configured.

Only the control device supports this object.

/ietf-interfaces:interfaces/interface/huawei-nac:police-gang-control/access-point/ucl-policy-enabled

Indicates whether a control point that directly forwards user traffic is configured to filter user traffic based on a user ACL before forwarding the traffic.

The value is of the Boolean type:
  • true: This function is enabled.
  • false: This function is disabled.
The default value is false.
Only the S5720HI, S5730HI, S6720HI, LE1D2S04SEC0 card, LE1D2X32SEC0 card, LE1D2H02QEC0 card, and X series cards support this object.

ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-nac:police-gang-control/huawei-nac:access-point/huawei-nac:enable

Indicates whether to enable the remote access control function on the interface of the access device.

The value is of the Boolean type:

  • true: The function is enabled.
  • false: The function is disabled.

The default value is false.

Only the access device supports this object.

ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-nac:police-gang-control/huawei-nac:access-point/huawei-nac:open

Indicates whether to disable right control of the access point.

The value is of the Boolean type:

  • true: This function is disabled.
  • false: This function is enabled.

The default value is false.

Only the access device supports this object.

ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-nac:police-gang-control/huawei-nac:access-point/huawei-nac:max-user-num

Indicates the maximum number of access users allowed on an interface of an access device.

The value is an integer in the range from 1 to 256.

Only the access device supports this object.

/huawei-aaa:aaa/service-scheme/name

/huawei-aaa:aaa/service-scheme/remote-authorize/authorize-parameters

Configures user authorization information to be delivered to access devices.

The value is the combination of ACL, UCL group, and CAR.

Only the control device supports this object.

/huawei-aaa:aaa/service-scheme/name

/huawei-aaa:aaa/service-scheme/local-authorize

Configures user authorization information to be delivered to control devices.

The value is the combination of ACL, UCL group, and CAR.

Only the control device supports this object.

Configuring Policy Association on an Access Device

This section provides a sample of configuring policy association on an access device using the config method.

Table 2-601  Configuring policy association on an access device

Operation

XPATH

edit-config:config

  • /huawei-nac:nac-access/policy-association/as-access/controller-ip
  • /huawei-nac:nac-access/policy-association/as-access/vlanif
Data Requirements
Item Data Description
IP address of the control device 10.1.1.1 -
Source VLANIF interface of the CAPWAP tunnel established between the access device and control device 100 -
Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac:nac-access xmlns:hw-nac="urn:huawei:params:xml:ns:yang:huawei-nac">
        <hw-nac:policy-association>
          <hw-nac:as-access>
            <hw-nac:controller-ip>10.1.1.1</hw-nac:controller-ip>
            <hw-nac:vlanif>100</hw-nac:vlanif>
          </hw-nac:as-access>
        </hw-nac:policy-association>
      </hw-nac:nac-access>
    </config>
  </edit-config>
</rpc>
Response Example

# Sample of successful response.

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
  <ok/>
</rpc-reply>

# Sample of failed response.

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-nac:nac-access/policy-association/as-access/vlanif</error-path>
    <error-message>parse rpc config error.(Value "5000" does not satisfy the constraint "1..4094" (range, length, or pattern).).</error-message>
  </rpc-error>
</rpc-reply>

Configuring the Access Device Authentication Mode

This section provides a sample of configuring the access device authentication mode using the edit-config method.

Table 2-602  Configuring the access device authentication mode

Operation

XPATH

edit-config /huawei-nac:nac-access/policy-association/as-auth/auth-mode
Data Requirements
Table 2-603  Setting the access device authentication mode to none authentication

Item

Data

Description

Authentication mode none -

Request Example

<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac:nac-access xmlns:hw-nac="urn:huawei:params:xml:ns:yang:huawei-nac">
        <hw-nac:policy-association>
          <hw-nac:as-auth>
            <hw-nac:auth-mode>none</hw-nac:auth-mode>
          </hw-nac:as-auth>
        </hw-nac:policy-association>
      </hw-nac:nac-access>
    </config>
  </edit-config>
</rpc>

Response Example

# Sample of successful response.

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

# Sample of failed response.

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>The configuration/operation does not support.</error-message>
    <error-info>Error on node /huawei-nac:nac-access/policy-association/as-auth/auth-mode</error-info>
  </rpc-error>
</rpc-reply>
Table 2-604  Deleting the access device authentication mode configuration of none authentication

Item

Data

Description

Authentication mode none -

Request Example

<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="5" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac:nac-access xmlns:hw-nac="urn:huawei:params:xml:ns:yang:huawei-nac">
        <hw-nac:policy-association xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="delete">
          <hw-nac:as-auth>
            <hw-nac:auth-mode>none</hw-nac:auth-mode>
          </hw-nac:as-auth>
        </hw-nac:policy-association>
      </hw-nac:nac-access>
    </config>
  </edit-config>
</rpc>

Response Example

# Sample of successful response.

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="5">
 <ok/>
</rpc-reply>

# Sample of failed response.

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="5">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>data-missing</error-tag>
    <error-severity>error</error-severity>
    <error-path/>
    <error-message>edit operation failed.</error-message>
  </rpc-error>
</rpc-reply>

Configuring a MAC Address Whitelist for Access Device Authentication

This section provides a sample of configuring a MAC address whitelist for access device authentication.

Table 2-605  Configuring a MAC address whitelist for access device authentication

Operation

XPATH

edit-config /huawei-nac:nac-access/policy-association/as-auth/whitelist-mac-address
Data Requirements
Table 2-606  Configuring a MAC address whitelist for access device authentication

Item

Data

Description

MAC address whitelist for access device authentication 00:aa:aa:aa:aa:aa Multiple MAC address whitelists can be configured at a time.

Request Example

<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="5" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac:nac-access xmlns:hw-nac="urn:huawei:params:xml:ns:yang:huawei-nac">
        <hw-nac:policy-association>
          <hw-nac:as-auth>
            <hw-nac:whitelist-mac-address>00:aa:aa:aa:aa:aa</hw-nac:whitelist-mac-address>
          </hw-nac:as-auth>
        </hw-nac:policy-association>
      </hw-nac:nac-access>
    </config>
  </edit-config>
</rpc>

Response Example

# Sample of successful response.

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="5">
 <ok/>
</rpc-reply>

# Sample of failed response.

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="5">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>The configuration/operation does not support.</error-message>
    <error-info>Error on node /huawei-nac:nac-access/policy-association/as-auth/whitelist-mac-address[.="00:aa:aa:aa:aa:aa"]</error-info>
  </rpc-error>
</rpc-reply>
Table 2-607  Deleting the configured MAC address whitelist used for access device authentication

Item

Data

Description

MAC address whitelist for access device authentication 00:aa:aa:aa:aa:aa Multiple MAC address whitelists can be deleted at a time.

Request Example

?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="6" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-nac:nac-access xmlns:hw-nac="urn:huawei:params:xml:ns:yang:huawei-nac">
        <hw-nac:policy-association xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="delete">
          <hw-nac:as-auth>
            <hw-nac:whitelist-mac-address>00:aa:aa:aa:aa:aa</hw-nac:whitelist-mac-address>
          </hw-nac:as-auth>
        </hw-nac:policy-association>
      </hw-nac:nac-access>
    </config>
  </edit-config>
</rpc>

Response Example

# Sample of successful response.

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="6">
 <ok/>
</rpc-reply>

# Sample of failed response.

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="6">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>The configuration/operation does not support.</error-message>
    <error-info>Error on node /huawei-nac:nac-access/policy-association/as-auth/whitelist-mac-address[.="00:aa:aa:aa:aa:aa"]</error-info>
  </rpc-error>
</rpc-reply>

Enabling Remote Access Control on the Interface of an Access Device

This section provides a sample of enabling remote access control on the interface of an access device using the merge method.

Table 2-608  Enabling remote access control on the interface of an access device

Operation

XPATH

edit-config:merge

ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-nac:police-gang-control/huawei-nac:access-point/huawei-nac:enable

Data Requirements
Table 2-609  Enabling remote access control on the interface of an access device

Item

Data

Description

name

GigabitEthernet0/0/13

-

enabled

true

-

Request Example
<?xml version="1.0" encoding="UTF-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
    <edit-config>
        <target>
            <running/>
        </target>
        <error-option>rollback-on-error</error-option>
        <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
            <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces" xc:operation="merge">
                <interface>
                    <name>GigabitEthernet0/0/13</name>
                    <type xmlns:iana="urn:ietf:params:xml:ns:yang:iana-if-type">iana:ethernetCsmacd</type>
                    <enabled>true</enabled>
                    <police-gang-control xmlns="urn:huawei:params:xml:ns:yang:huawei-nac">
                        <access-point>
                            <enable>true</enable>
                        </access-point>
                    </police-gang-control>
                </interface>
            </interfaces>
        </config>
    </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/ietf-interfaces:interfaces/interface[name='GigabitEthernet0/0/13']/huawei-nac:police-gang-control/access-point/enable</error-path>
    <error-message>parse rpc config error.(Invalid value "error" in "enable" element.).</error-message>
  </rpc-error>
</rpc-reply>

Disabling Right Control of the Access Point

This section provides a sample of disabling right control of the access point using the merge method.

Table 2-610  Disabling right control of the access point

Operation

XPATH

edit-config:merge

ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-nac:police-gang-control/huawei-nac:access-point/huawei-nac:open

Data Requirements
Table 2-611  Disabling right control of the access point

Item

Data

Description

open

true

-

Request Example
<?xml version="1.0" encoding="UTF-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
    <edit-config>
        <target>
            <running/>
        </target>
        <error-option>rollback-on-error</error-option>
        <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
            <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces" xc:operation="merge">
                <interface>
                    <name>GigabitEthernet0/0/13</name>
                    <type xmlns:iana="urn:ietf:params:xml:ns:yang:iana-if-type">iana:ethernetCsmacd</type>
                    <enabled>true</enabled>
                    <police-gang-control xmlns="urn:huawei:params:xml:ns:yang:huawei-nac">
                        <access-point>
                            <open>true</open>
                        </access-point>
                    </police-gang-control>
                </interface>
            </interfaces>
        </config>
    </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/ietf-interfaces:interfaces/interface[name='GigabitEthernet0/0/13']/huawei-nac:police-gang-control/access-point/open</error-path>
    <error-message>parse rpc config error.(Invalid value "error" in "open" element.).</error-message>
  </rpc-error>
</rpc-reply>

Configuring the Maximum Number of Access Users Allowed on an Interface of an Access Device

This section provides a sample of configuring the maximum number of access users allowed on the interface of an access device using the merge method.

Table 2-612  Configuring the maximum number of access users allowed on the interface of an access device

Operation

XPATH

edit-config:merge

ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-nac:police-gang-control/huawei-nac:access-point/huawei-nac:max-user-num

Data Requirements
Table 2-613  Configuring the maximum number of access users allowed on the interface of an access device

Item

Data

Description

max-user-num

10

-

Request Example
<?xml version="1.0" encoding="UTF-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
    <edit-config>
        <target>
            <running/>
        </target>
        <error-option>rollback-on-error</error-option>
        <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
            <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces" xc:operation="merge">
                <interface>
                    <name>GigabitEthernet0/0/13</name>
                    <type xmlns:iana="urn:ietf:params:xml:ns:yang:iana-if-type">iana:ethernetCsmacd</type>
                    <enabled>true</enabled>
                    <police-gang-control xmlns="urn:huawei:params:xml:ns:yang:huawei-nac">
                        <access-point>
                            <max-user-num>10</max-user-num>
                        </access-point>
                    </police-gang-control>
                </interface>
            </interfaces>
        </config>
    </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>Unrecognized information.</error-message>
    <error-info>Error on node /ietf-interfaces:interfaces/interface[name="GigabitEthernet0/0/13"]/huawei-nac:police-gang-control/access-point/max-user-num</error-info>
  </rpc-error>
</rpc-reply>

Configuring User Authorization Information to Be Delivered to Access Devices

This section provides a sample of configuring user authorization information to be delivered to access devices using the merge method.

Table 2-614  Configuring user authorization information to be delivered to access devices

Operation

XPATH

edit-config:merge

/huawei-aaa:aaa/service-scheme/name

/huawei-aaa:aaa/service-scheme/remote-authorize/authorize-parameters

Data Requirements
Table 2-615  Configuring user authorization information to be delivered to access devices

Item

Data

Description

authorize-parameters

acl car ucl-group

-

Request Example
<?xml version="1.0" encoding="UTF-8"?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-aaa:aaa xmlns:hw-aaa="urn:huawei:params:xml:ns:yang:huawei-aaa">
        <hw-aaa:service-scheme>
          <hw-aaa:name>xuandong_001</hw-aaa:name>
          <hw-aaa:vsys>pub</hw-aaa:vsys>
          <hw-aaa:remote-authorize>
            <hw-aaa:authorize-parameters>acl car ucl-group</hw-aaa:authorize-parameters>
          </hw-aaa:remote-authorize>
        </hw-aaa:service-scheme>
      </hw-aaa:aaa>
    </config>
  </edit-config>
</rpc>>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="6">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-aaa:aaa/service-scheme[name='xuandong_001'][vsys='pub']/remote-authorize/authorize-parameters</error-path>
    <error-message>parse rpc config error.(Invalid value "error" in "authorize-parameters" element.).</error-message>
  </rpc-error>
</rpc-reply>

Configuring User Authorization Information to Be Delivered to Control Devices

This section provides a sample of configuring user authorization information to be delivered to control devices using the merge method.

Table 2-616  Configuring user authorization information to be delivered to control devices

Operation

XPATH

edit-config:merge

/huawei-aaa:aaa/service-scheme/name

/huawei-aaa:aaa/service-scheme/local-authorize

Data Requirements
Table 2-617  Configuring user authorization information to be delivered to control devices

Item

Data

Description

authorize-parameters

acl car ucl-group priority vlan

-

none

true

-

Request Example

# Configure user authorization information to be delivered to control devices.

<?xml version="1.0" encoding="UTF-8"?>
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-aaa:aaa xmlns:hw-aaa="urn:huawei:params:xml:ns:yang:huawei-aaa">
        <hw-aaa:service-scheme>
          <hw-aaa:name>xuandong_001</hw-aaa:name>
          <hw-aaa:vsys>pub</hw-aaa:vsys>
          <hw-aaa:local-authorize>
            <hw-aaa:authorize-parameters>acl car ucl-group priority vlan</hw-aaa:authorize-parameters>
          </hw-aaa:local-authorize>
        </hw-aaa:service-scheme>
      </hw-aaa:aaa>
    </config>
  </edit-config>
</rpc>

# Configure not to deliver user authorization information to control devices.

<rpc message-id="7" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-aaa:aaa xmlns:hw-aaa="urn:huawei:params:xml:ns:yang:huawei-aaa">
        <hw-aaa:service-scheme>
          <hw-aaa:name>xuandong_001</hw-aaa:name>
          <hw-aaa:vsys>pub</hw-aaa:vsys>
          <hw-aaa:local-authorize>
            <hw-aaa:none>true</hw-aaa:none>
          </hw-aaa:local-authorize>
        </hw-aaa:service-scheme>
      </hw-aaa:aaa>
    </config>
  </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0">
 <ok/>
</rpc-reply>

Sample of failed response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="8">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/huawei-aaa:aaa/service-scheme[name='xuandong_001'][vsys='pub']/local-authorize/none</error-path>
    <error-message>parse rpc config error.(Invalid value "error" in "none" element.).</error-message>
  </rpc-error>
</rpc-reply>

Configuring the Control Point That Directly Forwards User Traffic to Filter User Traffic Based on a User ACL Before Forwarding the Traffic

This section provides a sample of configuring the control point that directly forwards user traffic to filter user traffic based on a user ACL before forwarding the traffic.

Table 2-618  Configuring the control point that directly forwards user traffic to filter user traffic based on a user ACL before forwarding the traffic.

Operation

XPATH

edit-config:config

/ietf-interfaces:interfaces/interface/huawei-nac:police-gang-control/access-point/ucl-policy-enabled
Data Requirements
Item Data Description
Interface XGigabitEthernet0/0/1 -

Whether the control point that directly forwards user traffic is configured to filter user traffic based on a user ACL before forwarding the traffic.

true -
Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="1" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <if:interfaces xmlns:if="urn:ietf:params:xml:ns:yang:ietf-interfaces">
        <if:interface>
          <if:name>XGigabitEthernet0/0/1</if:name>
          <if:type xmlns:iana-if-type="urn:ietf:params:xml:ns:yang:iana-if-type">iana-if-type:ethernetCsmacd</if:type>
          <hw-nac:police-gang-control xmlns:hw-nac="urn:huawei:params:xml:ns:yang:huawei-nac">
            <hw-nac:access-point>
              <hw-nac:ucl-policy-enabled>true</hw-nac:ucl-policy-enabled>
            </hw-nac:access-point>
          </hw-nac:police-gang-control>
        </if:interface>
      </if:interfaces>
    </config>
  </edit-config>
</rpc>
Response Example

# Sample of successful response.

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
  <ok/>
</rpc-reply>

# Sample of failed response.

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-path>/ietf-interfaces:interfaces/interface[name='XGigabitEthernet0/0/1']/huawei-nac:police-gang-control/access-point/ucl-policy-enabled</error-path>
    <error-message>parse rpc config error.(Invalid value in "ucl-policy-enabled" element.).</error-message>
  </rpc-error>
</rpc-reply>
Translation
Download
Updated: 2018-09-01

Document ID: EDOC1100037962

Views: 6338

Downloads: 8

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next