This YANG module defines a component that describing the configuration of Access Control Lists (ACLs).
Version: 2014-10-10
module ietf-acl { yang-version 1; namespace "urn:ietf:params:xml:ns:yang:ietf-acl"; prefix acl; import ietf-yang-types { prefix ietf; } import packet-fields { prefix packet-fields; } organization "IETF NETMOD (NETCONF Data Modeling Language) Working Group"; contact "WG Web: http://tools.ietf.org/wg/netmod/ WG List: netmod@ietf.org WG Chair: Juergen Schoenwaelder j.schoenwaelder@jacobs-university.de WG Chair: Tom Nadeau tnadeau@lucidvision.com Editor: Dean Bogdanovic deanb@juniper.net Editor: Kiran Agrahara Sreenivasa kkoushik@brocade.com Editor: Lisa Huang yihuan@cisco.com Editor: Dana Blair dblair@cisco.com"; description "This YANG module defines a component that describing the configuration of Access Control Lists (ACLs)."; revision "2014-10-10" { description "Creating base model for netmod."; reference "RFC 6020: YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)"; } identity acl-base { description "Base acl type for all ACL type identifiers."; } identity ip-acl { base acl:acl-base; description "layer 3 ACL type"; } identity eth-acl { base acl:acl-base; description "layer 2 ACL type"; } typedef acl-type { type identityref { base acl-base; } description "This type is used to refer to an Access Control List (ACL) type"; } typedef acl-ref { type leafref { path "/acl:access-lists/acl:access-list/acl:acl-name"; } description "This type is used by data models that need to referenced an acl"; } container access-lists { description "Access control lists."; list access-list { key "acl-name"; description " An access list (acl) is an ordered list of access list entries (ace). Each ace has a sequence number to define the order, list of match criteria, and a list of actions. Since there are several kinds of acls implementeded with different attributes for each and different for each vendor, this model accomodates customizing acls for each kind and for each vendor. "; leaf acl-name { type string; description "The name of access-list. A device MAY restrict the length and value of this name, possibly space and special characters are not allowed."; } leaf acl-type { type acl-type; description "Type of ACL"; } container acl-oper-data { config false; description "Overall ACL operational data"; leaf match-counter { type ietf:counter64; description "Total match count for ACL"; } leaf-list targets { type string; description "List of targets where ACL is applied"; } } // container acl-oper-data container access-list-entries { description "The access-list-entries container contains a list of access-list-entry(ACE)."; list access-list-entry { key "rule-name"; ordered-by user; description "List of access list entries(ACE)"; leaf rule-name { type string; description "Entry name."; } container matches { description "Define match criteria"; choice ace-type { description "Type of ace."; case ace-ip { container source-port-range { description "inclusive range of source ports"; leaf lower-port { type inet:port-number; mandatory true; } leaf upper-port { type inet:port-number; } } // container source-port-range container destination-port-range { description "inclusive range of destination ports"; leaf lower-port { type inet:port-number; mandatory true; } leaf upper-port { type inet:port-number; } } // container destination-port-range leaf dscp { type inet:dscp; } leaf ip-protocol { type uint8; } choice ace-ip-version { description "Choice of IP version."; case ace-ipv4 { leaf destination-ipv4-address { type inet:ipv4-prefix; } leaf source-ipv4-address { type inet:ipv4-prefix; } } // case ace-ipv4 case ace-ipv6 { leaf destination-ipv6-address { type inet:ipv6-prefix; } leaf source-ipv6-address { type inet:ipv6-prefix; } leaf flow-label { type inet:ipv6-flow-label; } } // case ace-ipv6 } // choice ace-ip-version } // case ace-ip case ace-eth { leaf destination-mac-address { type yang:mac-address; } leaf destination-mac-address-mask { type yang:mac-address; } leaf source-mac-address { type yang:mac-address; } leaf source-mac-address-mask { type yang:mac-address; } } // case ace-eth } // choice ace-type leaf input-interface { type string; description "Packet was received on this interface"; } container absolute { description "Absolute time and date that the associated function starts going into effect."; leaf start { type yang:date-and-time; description "Start time and date"; } leaf end { type yang:date-and-time; description "Absolute end time and date"; } leaf active { type boolean; default "true"; description "Specify the associated function active or inactive state when starts going into effect"; } } // container absolute } // container matches container actions { description "Define action criteria"; choice packet-handling { default 'deny'; description "Packet handling action."; leaf deny { type empty; description "Deny action."; } leaf permit { type empty; description "Permit action."; } } // choice packet-handling } // container actions container ace-oper-data { config false; description "Per ace operational data"; leaf match-counter { type ietf:counter64; description "Number of matches for an ace"; } } // container ace-oper-data } // list access-list-entry } // container access-list-entries } // list access-list } // container access-lists } // module ietf-acl
© 2023 YumaWorks, Inc. All rights reserved.