No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
S12700 and S12700E V200R019C10 NETCONF YANG API Reference

This document describes the NETCONF YANG API functions supported by the switch, including the data model and samples.

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ACL-based Simplified Traffic Policy Management

ACL-based Simplified Traffic Policy Management

This section describes the configuration model of ACL-based simplified traffic policy management and provides examples of XML packets.

Data Model

The configuration model file matching ACL-based simplified traffic policy management is huawei-sacl.yang.

Table 2-399 ACL-based simplified traffic policy management

Object

Description

Value

Remarks

/huawei-sacl:traffic-filter-apply/directions/direction

Indicates the direction for global packet filtering.
The value is of the enumerated type:
  • inbound
  • outbound

N/A

/huawei-sacl:traffic-filter-apply/directions/acls/acl

Indicates the ACL for global packet filtering.

The value must be an ACL specified in the /ietf-acl:access-lists/ietf-acl:access-list/ietf-acl:access-control-list-name object in the ietf-acl.yang file.

Only IPv4 ACLs are supported.

/huawei-sacl:traffic-filter-apply/directions/acls/ipv6-flag

Indicates the type of an ACL.
Boolean value:
  • true: IPv6 ACL
  • false: IPv4 ACL

The default value is false.

N/A

/huawei-sacl:traffic-filter-apply/directions/acls/statistic

Indicates whether to globally enable the function of collecting traffic statistics based on ACLs.
Boolean value:
  • true: The function of collecting traffic statistics based on ACLs is globally enabled.
  • false: The function of collecting traffic statistics based on ACLs is not globally enabled.

The default value is false.

N/A

/huawei-sacl:traffic-remark-apply/directions/direction

Indicates the direction for global packet re-marking.
The value is of the enumerated type:
  • inbound
  • outbound

N/A

/huawei-sacl:traffic-remark-apply/directions/acl

Indicates the ACL for global packet re-marking.

The value must be an ACL configured in ietf-acl.yang. The ACL is specified in the /ietf-acl:access-lists/ietf-acl:access-list/ietf-acl:access-control-list-name object.

N/A

/huawei-sacl:traffic-remark-apply/directions/local-precedence

Indicates the re-marked local priority of a packet.

The value is an integer in the range from 0 to 7.

A larger value indicates a higher priority.

/huawei-sacl:traffic-secure-apply/directions/direction

Indicates the direction for global packet filtering.
The value is of the enumerated type:
  • inbound
  • outbound

Currently, this object can be set only to inbound.

/huawei-sacl:traffic-secure-apply/directions/acls/acl

Indicates the ACL for global packet filtering.

The value must be an ACL specified in the /ietf-acl:access-lists/ietf-acl:access-list/ietf-acl:access-control-list-name object in the ietf-acl.yang file.

Only IPv4 ACLs are supported.

/huawei-sacl:traffic-secure-apply/directions/acls/ruleid

Indicates the ID of the ACL rule for global packet filtering.

The value is an integer in the range from 0 to 4294967295.

If this object is set to 4294967295 (all Fs), the rule ID is not specified.

/huawei-sacl:traffic-secure-apply/directions/acls/statistic

Indicates whether to globally enable the function of collecting traffic statistics based on ACLs.
Boolean value:
  • true: The function of collecting traffic statistics based on ACLs is globally enabled.
  • false: The function of collecting traffic statistics based on ACLs is not globally enabled.

The default value is false.

N/A

/ietf-interfaces:interfaces/interface/huawei-sacl:traffic-filter-apply/directions/direction

Indicates the direction for packet filtering on an interface.
The value is of the enumerated type:
  • inbound
  • outbound

N/A

/ietf-interfaces:interfaces/interface/huawei-sacl:traffic-filter-apply/directions/acls/acl

Indicates the ACL for packet filtering on an interface.

The value must be an ACL specified in the /ietf-acl:access-lists/ietf-acl:access-list/ietf-acl:access-control-list-name object in the ietf-acl.yang file.

Only IPv4 ACLs are supported.

/ietf-interfaces:interfaces/interface/huawei-sacl:traffic-filter-apply/directions/acls/ipv6-flag

Indicates the type of an ACL.
Boolean value:
  • true: IPv6 ACL
  • false: IPv4 ACL

The default value is false.

N/A

/ietf-interfaces:interfaces/interface/huawei-sacl:traffic-filter-apply/directions/acls/statistic

Indicates whether to enable the function of collecting traffic statistics based on ACLs on an interface.
Boolean value:
  • true: The function of collecting traffic statistics based on ACLs is enabled on an interface.
  • false: The function of collecting traffic statistics based on ACLs is disabled on an interface.

The default value is false.

N/A

/ietf-interfaces:interfaces/interface/huawei-sacl:traffic-secure-apply/directions/direction

Indicates the direction for packet filtering on an interface.
The value is of the enumerated type:
  • inbound
  • outbound

Currently, this object can be set only to inbound.

/ietf-interfaces:interfaces/interface/huawei-sacl:traffic-secure-apply/directions/acls/acl

Indicates the ACL for packet filtering on an interface.

The value must be an ACL specified in the /ietf-acl:access-lists/ietf-acl:access-list/ietf-acl:access-control-list-name object in the ietf-acl.yang file.

Only IPv4 ACLs are supported.

/ietf-interfaces:interfaces/interface/huawei-sacl:traffic-secure-apply/directions/acls/ruleid

Indicates the ID of an ACL for packet filtering on an interface.

The value is an integer in the range from 0 to 4294967295.

If this object is set to 4294967295 (all Fs), the rule ID is not specified.

/ietf-interfaces:interfaces/interface/huawei-sacl:traffic-secure-apply/directions/acls/statistic

Indicates whether to enable the function of collecting traffic statistics based on ACLs on an interface.
Boolean value:
  • true: The function of collecting traffic statistics based on ACLs is enabled on an interface.
  • false: The function of collecting traffic statistics based on ACLs is disabled on an interface.

The default value is false.

N/A

/huawei-sacl:get-traffic-apply-status/input/acls/acl

Indicates the name of an ACL in an ACL-based simplified traffic policy.

The value must be an ACL specified in the /ietf-acl:access-lists/ietf-acl:access-list/ietf-acl:access-control-list-name object in the ietf-acl.yang file.

N/A

/huawei-sacl:get-traffic-apply-status/input/acls/ruleid

Indicates the ID of an ACL rule in an ACL-based simplified traffic policy.

The value is an integer in the range from 0 to 4294967295.

If this object is set to 4294967295 (all Fs), the rule ID is not specified.

/huawei-sacl:get-traffic-apply-status/input/acls/application-type

Indicates the filtering type in an ACL-based simplified traffic policy.
The value is of the enumerated type:
  • filter
  • secure

N/A

/huawei-sacl:get-traffic-apply-status/input/acls/application-view

Indicates whether an ACL-based simplified traffic policy is applied globally or on an interface.
The value is of the enumerated type:
  • global: An ACL-based simplified traffic policy is applied globally.
  • interface: An ACL-based simplified traffic policy is applied on an interface.

N/A

/huawei-sacl:get-traffic-apply-status/input/acls/interface-global

Indicates the name of an interface to which an ACL-based simplified traffic policy is applied.
The value is a string of 1 to 256 characters.
  • If the ACL-based simplified traffic policy is applied in the system view, this object can be set to any value.
  • If the ACL-based simplified traffic policy is applied in the interface view, this object can be set to a specific interface name, for example, GigabitEthernet1/0/1.

N/A

/huawei-sacl:get-traffic-apply-status/input/acls/direction

Indicates the direction in which an ACL-based simplified traffic policy is applied.
The value is of the enumerated type:
  • inbound
  • outbound

N/A

/huawei-sacl:get-traffic-apply-statistic/input/acls/acl

Indicates the name of an ACL in ACL-based traffic statistics.

The value must be an ACL specified in the /ietf-acl:access-lists/ietf-acl:access-list/ietf-acl:access-control-list-name object in the ietf-acl.yang file.

N/A

/huawei-sacl:get-traffic-apply-statistic/input/acls/ruleid

Indicates the ID of an ACL rule in ACL-based traffic statistics.

The value is an integer in the range from 0 to 4294967295.

If this object is set to 4294967295 (all Fs), the rule ID is not specified.

/huawei-sacl:get-traffic-apply-statistic/input/acls/application-type

Indicates the filtering type in ACL-based traffic statistics.
The value is of the enumerated type:
  • filter
  • secure

N/A

/huawei-sacl:get-traffic-apply-statistic/input/acls/application-view

Indicates whether ACL-based traffic statistics are collected globally or on an interface.
The value is of the enumerated type:
  • global: ACL-based traffic statistics are collected globally.
  • interface: ACL-based traffic statistics are collected on an interface.

N/A

/huawei-sacl:get-traffic-apply-statistic/input/acls/interface-global

Indicates the name of an interface in ACL-based traffic statistics.
The value is a string of 1 to 256 characters.
  • If the ACL-based simplified traffic policy is applied in the system view, this object can be set to any value.
  • If the ACL-based simplified traffic policy is applied in the interface view, this object can be set to a specific interface name, for example, GigabitEthernet1/0/1.

N/A

/huawei-sacl:get-traffic-apply-statistic/input/acls/direction

Indicates the direction in which ACL-based traffic statistics are collected.
The value is of the enumerated type:
  • inbound
  • outbound

N/A

/huawei-sacl:get-traffic-apply-statistic/input/clearflag

Indicates whether to clear the statistics after the query.
Boolean value:
  • true: Statistics are cleared after the query.
  • false: Statistics are not cleared after the query.

The default value is false.

N/A

Configuring ACL-based Packet Filtering and Traffic Statistics Collection

This section describes how to configure ACL-based packet filtering and traffic statistics collection using the edit-config method.

Table 2-400 Configuring ACL-based packet filtering and traffic statistics collection

Operation

XPATH

edit-config
  • /huawei-sacl:traffic-filter-apply/directions/direction
  • /huawei-sacl:traffic-filter-apply/directions/acls/acl
  • /huawei-sacl:traffic-filter-apply/directions/acls/ipv6-flag
  • /huawei-sacl:traffic-filter-apply/directions/acls/statistic
  • /huawei-sacl:traffic-secure-apply/directions/direction
  • /huawei-sacl:traffic-secure-apply/directions/acls/acl
  • /huawei-sacl:traffic-secure-apply/directions/acls/ruleid
  • /huawei-sacl:traffic-secure-apply/directions/acls/statistic
  • /ietf-interfaces:interfaces/interface/huawei-sacl:traffic-filter-apply/directions/direction
  • /ietf-interfaces:interfaces/interface/huawei-sacl:traffic-filter-apply/directions/acls/acl
  • /ietf-interfaces:interfaces/interface/huawei-sacl:traffic-filter-apply/directions/acls/ipv6-flag
  • /ietf-interfaces:interfaces/interface/huawei-sacl:traffic-filter-apply/directions/acls/statistic
  • /ietf-interfaces:interfaces/interface/huawei-sacl:traffic-secure-apply/directions/direction
  • /ietf-interfaces:interfaces/interface/huawei-sacl:traffic-secure-apply/directions/acls/acl
  • /ietf-interfaces:interfaces/interface/huawei-sacl:traffic-secure-apply/directions/acls/ruleid
  • /ietf-interfaces:interfaces/interface/huawei-sacl:traffic-secure-apply/directions/acls/statistic

Data Requirements

Configure ACL-based packet filtering and traffic statistics collection.

Table 2-401 Globally configuring ACL-based packet filtering and traffic statistics collection

Item

Data

Description

Direction for global packet filtering

inbound

Globally configure packet filtering and traffic statistics collection based on IPv4 ACL 3201.

ACL for global packet filtering

3201

Type of an ACL

false

Whether to globally enable the function of collecting traffic statistics based on ACLs

true

Direction for global packet filtering

inbound

Globally configure packet filtering and traffic statistics collection based on rule 2 of IPv4 ACL 3201.

ACL for global packet filtering

3201

ID of the ACL rule for global packet filtering

2

Whether to globally enable the function of collecting traffic statistics based on ACLs

true
Table 2-402 Configuring ACL-based packet filtering and traffic statistics collection on an interface

Item

Data

Description

Direction for packet filtering on an interface

inbound

Configure packet filtering and traffic statistics collection based on IPv4 ACL 3201 in the inbound direction of GigabitEthernet1/0/1.

ACL for packet filtering on an interface

3201

Type of an ACL

false

Whether to enable the function of collecting traffic statistics based on ACLs on an interface

true

Direction for packet filtering on an interface

inbound

Configure packet filtering and traffic statistics collection based on rule 2 of IPv4 ACL 3201 in the inbound direction of GigabitEthernet1/0/1.

ACL for packet filtering on an interface

3201

ID of an ACL for packet filtering on an interface

2

Whether to enable the function of collecting traffic statistics based on ACLs on an interface

true

Request Example

<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="6">
  <edit-config>
    <target>
      <running/>
    </target>
    <config xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
      <access-lists  xmlns="urn:ietf:params:xml:ns:yang:ietf-acl">
        <access-list>
          <access-control-list-name>3201</access-control-list-name>
          <access-control-list-type xmlns:ietf-acl="urn:ietf:params:xml:ns:yang:ietf-acl">ietf-acl:IP-access-control-list</access-control-list-type>
          <access-list-entries>
            <access-list-entry>
              <rule-name>2</rule-name>
              <matches>
                <source-port-range>
                  <lower-port>1</lower-port>
                </source-port-range>
                <protocol>6</protocol>
              </matches>
              <actions>
                <permit/>
              </actions>
            </access-list-entry>
           </access-list-entries>
          <ipv6-flag xmlns="urn:huawei:params:xml:ns:yang:huawei-acl">false</ipv6-flag>
        </access-list>
      </access-lists>

      <hw-sacl:traffic-filter-apply xmlns:hw-sacl="urn:huawei:params:xml:ns:yang:huawei-sacl">
        <hw-sacl:directions>
          <hw-sacl:direction>inbound</hw-sacl:direction>
          <hw-sacl:acls>
            <hw-sacl:acl>3201</hw-sacl:acl>
            <hw-sacl:ipv6-flag>false</hw-sacl:ipv6-flag>
            <hw-sacl:statistic>true</hw-sacl:statistic>
          </hw-sacl:acls>
        </hw-sacl:directions>
      </hw-sacl:traffic-filter-apply>

      <hw-sacl:traffic-secure-apply xmlns:hw-sacl="urn:huawei:params:xml:ns:yang:huawei-sacl">
        <hw-sacl:directions>
          <hw-sacl:direction>inbound</hw-sacl:direction>
          <hw-sacl:acls>
            <hw-sacl:acl>3201</hw-sacl:acl>
            <hw-sacl:ruleid>2</hw-sacl:ruleid>
            <hw-sacl:statistic>true</hw-sacl:statistic>
          </hw-sacl:acls>
        </hw-sacl:directions>
      </hw-sacl:traffic-secure-apply>
      
      <if:interfaces xmlns:if="urn:ietf:params:xml:ns:yang:ietf-interfaces">
        <if:interface>
          <if:name>GigabitEthernet1/0/1</if:name>
          <if:type xmlns:iana-if-type="urn:ietf:params:xml:ns:yang:iana-if-type">iana-if-type:ethernetCsmacd</if:type>
          <hw-sacl:traffic-filter-apply xmlns:hw-sacl="urn:huawei:params:xml:ns:yang:huawei-sacl">
            <hw-sacl:directions>
              <hw-sacl:direction>inbound</hw-sacl:direction>
              <hw-sacl:acls>
                <hw-sacl:acl>3201</hw-sacl:acl>
                <hw-sacl:ipv6-flag>false</hw-sacl:ipv6-flag>
                <hw-sacl:statistic>true</hw-sacl:statistic>
              </hw-sacl:acls>
            </hw-sacl:directions>
          </hw-sacl:traffic-filter-apply>
          <hw-sacl:traffic-secure-apply xmlns:hw-sacl="urn:huawei:params:xml:ns:yang:huawei-sacl">
            <hw-sacl:directions>
              <hw-sacl:direction>inbound</hw-sacl:direction>
              <hw-sacl:acls>
                <hw-sacl:acl>3201</hw-sacl:acl>
                <hw-sacl:ruleid>2</hw-sacl:ruleid>
                <hw-sacl:statistic>true</hw-sacl:statistic>
              </hw-sacl:acls>
            </hw-sacl:directions>
          </hw-sacl:traffic-secure-apply>
        </if:interface>
      </if:interfaces>
    </config>
  </edit-config>
</rpc>

Response Example

Sample of successful response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="9">
  <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="10">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>The traffic-filter does not support ipv6 acl.</error-message>
    <error-info>Error on node /huawei-sacl:traffic-filter-apply/directions[direction="inbound"]/acls[acl="3201"]</error-info>
  </rpc-error>
</rpc-reply>

Querying an ACL-based Simplified Traffic Policy

This section describes how to query an ACL-based simplified traffic policy using the rpc method.

Table 2-403 Querying an ACL-based simplified traffic policy

Operation

XPATH

rpc
  • /huawei-sacl:get-traffic-apply-status/input/acls/acl
  • /huawei-sacl:get-traffic-apply-status/input/acls/ruleid
  • /huawei-sacl:get-traffic-apply-status/input/acls/application-type
  • /huawei-sacl:get-traffic-apply-status/input/acls/application-view
  • /huawei-sacl:get-traffic-apply-status/input/acls/interface-global
  • /huawei-sacl:get-traffic-apply-status/input/acls/direction
  • /huawei-sacl:get-traffic-apply-statistic/input/acls/acl
  • /huawei-sacl:get-traffic-apply-statistic/input/acls/ruleid
  • /huawei-sacl:get-traffic-apply-statistic/input/acls/application-type
  • /huawei-sacl:get-traffic-apply-statistic/input/acls/application-view
  • /huawei-sacl:get-traffic-apply-statistic/input/acls/interface-global
  • /huawei-sacl:get-traffic-apply-statistic/input/acls/direction
  • /huawei-sacl:get-traffic-apply-statistic/input/clearflag

Data Requirement 1

Query the status of an ACL-based simplified traffic policy.

Item

Data

Description

Name of an ACL in an ACL-based simplified traffic policy

3000

Query an ACL-based simplified traffic policy whose name is 3000.

ID of an ACL rule in an ACL-based simplified traffic policy

1

Query an ACL-based simplified traffic policy whose rule ID is 1.

Filtering type in an ACL-based simplified traffic policy

filter

Query an ACL-based simplified traffic policy whose filtering type is filter.

Whether an ACL-based simplified traffic policy is applied globally or on an interface

global

Query an ACL-based simplified traffic policy that is applied globally.

Name of an interface to which an ACL-based simplified traffic policy is applied

global

Query an ACL-based simplified traffic policy that is applied globally.

Direction in which an ACL-based simplified traffic policy is applied

inbound

Query an ACL-based simplified traffic policy that is applied in the inbound direction.

Request Example

<?xml version="1.0" encoding="UTF-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="2">
  <hw-sacl:get-traffic-apply-status xmlns:hw-sacl="urn:huawei:params:xml:ns:yang:huawei-sacl">
    <hw-sacl:acls>
      <hw-sacl:acl>3000</hw-sacl:acl>
      <hw-sacl:ruleid>1</hw-sacl:ruleid>
      <hw-sacl:application-type>filter</hw-sacl:application-type>
      <hw-sacl:application-view>global</hw-sacl:application-view>
      <hw-sacl:direction>inbound</hw-sacl:direction>
      <hw-sacl:interface-global>global</hw-sacl:interface-global>
    </hw-sacl:acls>
  </hw-sacl:get-traffic-apply-status>
</rpc>

Response Example

Sample of successful response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="2">
  <data>
    <get-traffic-apply-status xmlns="urn:huawei:params:xml:ns:yang:huawei-sacl">
      <acls>
        <acl>3000</acl>
        <ruleid>1</ruleid>
        <application-type>filter</application-type>
        <application-view>global</application-view>
        <interface-global>global</interface-global>
        <direction>inbound</direction>
        <application-result>
          <slot>0</slot>
          <status>success</status>
          <failure-message/>
        </application-result>
      </acls>
    </get-traffic-apply-status>
  </data>
</rpc-reply>

Sample of failed response

None

Data Requirement 2

Query ACL-based traffic statistics.

Item

Data

Description

Name of an ACL in ACL-based traffic statistics

3000

Query traffic statistics that are collected based on ACL 3000.

ID of an ACL rule in ACL-based traffic statistics

1

Query traffic statistics that are collected based on ACL rule ID 1.

Filtering type in ACL-based traffic statistics

secure

Query traffic statistics whose filtering type is secure.

Whether ACL-based traffic statistics are collected globally or on an interface

global

Collect ACL-based traffic statistics globally.

Name of an interface on which ACL-based traffic statistics are collected

global

Collect ACL-based traffic statistics globally.

Direction in which ACL-based traffic statistics are collected

inbound

Collect ACL-based traffic statistics in the inbound direction.

Whether to clear the statistics after the query

false

The statistics are not cleared after the query.

Request Example

<?xml version="1.0" encoding="UTF-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="3">
  <hw-sacl:get-traffic-apply-statistic xmlns:hw-sacl="urn:huawei:params:xml:ns:yang:huawei-sacl">
    <hw-sacl:acls>
      <hw-sacl:acl>3000</hw-sacl:acl>
      <hw-sacl:ruleid>1</hw-sacl:ruleid>
      <hw-sacl:application-type>secure</hw-sacl:application-type>
      <hw-sacl:application-view>global</hw-sacl:application-view>
      <hw-sacl:direction>inbound</hw-sacl:direction>
      <hw-sacl:interface-global>global</hw-sacl:interface-global>
</hw-sacl:acls>
<hw-sacl:clearflag>false</hw-sacl:clearflag>
  </hw-sacl:get-traffic-apply-statistic>
</rpc>

Response Example

Sample of successful response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="3">
  <data>
    <get-traffic-apply-statistic xmlns="urn:huawei:params:xml:ns:yang:huawei-sacl">
      <acls>
        <acl>3000</acl>
        <ruleid>1</ruleid>
        <application-type>secure</application-type>
        <application-view>global</application-view>
        <interface-global>global</interface-global>
        <direction>inbound</direction>
        <statistic>
          <statistic-key>
            <slot-statistic>0</slot-statistic>
            <match-permit-packet>9.767K</match-permit-packet>
            <match-permit-byte>1.392M</match-permit-byte>
            <match-discarded-packet>0</match-discarded-packet>
            <match-discarded-byte>0</match-discarded-byte>
          </statistic-key>
        </statistic>
      </acls>
    </get-traffic-apply-statistic>
  </data>
</rpc-reply>

Sample of failed response

None

Translation
简体中文
Download
Updated: 2022-05-25

Document ID: EDOC1100126933

Views: 64979

Downloads: 82

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :