This module contains a collection of YANG definitions for Cisco IOS-XR ipv6-acl package configuration. This module contains def...
Version: 2020-12-04
module Cisco-IOS-XR-ipv6-acl-cfg { yang-version 1; namespace "http://cisco.com/ns/yang/Cisco-IOS-XR-ipv6-acl-cfg"; prefix ipv6-acl-cfg; import ietf-inet-types { prefix inet; } import Cisco-IOS-XR-types { prefix xr; } import cisco-semver { prefix semver; } import Cisco-IOS-XR-common-acl-datatypes { prefix dt1; } import Cisco-IOS-XR-ipv6-acl-datatypes { prefix dt2; } include Cisco-IOS-XR-ipv6-ace-cfg { revision-date "2020-12-04"; } organization "Cisco Systems, Inc."; contact "Cisco Systems, Inc. Customer Service Postal: 170 West Tasman Drive San Jose, CA 95134 Tel: +1 800 553-NETS E-mail: cs-yang@cisco.com"; description "This module contains a collection of YANG definitions for Cisco IOS-XR ipv6-acl package configuration. This module contains definitions for the following management objects: ipv6-acl-and-prefix-list: IPv6 ACL configuration data Copyright (c) 2013-2020 by Cisco Systems, Inc. All rights reserved."; revision "2020-12-04" { description "7.4.1 revision. Fixing Remark Length 2020-11-23 7.3.2 revision. changing the bag version"; } revision "2019-10-22" { description "7.0.1 revision. Fixing ICMP TYPE CODE datatype from Enum to RangeEnum"; } revision "2019-04-05" { description "Establish semantic version baseline."; } revision "2018-04-03" { description "6.5.1 revision. Correct enum value for Next-hop-type."; } revision "2018-03-23" { description "6.5.1 revision. Removing none-next-type."; } revision "2018-03-13" { description "6.5.1 revision. Using YANG bit types for tcp flags."; } revision "2018-01-03" { description "6.4.1 revision. Fixed a few typos in the description."; } revision "2015-11-09" { description "IOS XR 6.0 revision."; } semver:module-version "1.2.0"; semver:module-version "1.1.1"; semver:module-version "1.0.0"; container ipv6-acl-and-prefix-list { description "IPv6 ACL configuration data"; container prefixes { description "Table of prefix lists"; list prefix { key "name"; description "Name of a prefix list"; container prefix-list-entries { description "Sequence of entries forming a prefix list"; list prefix-list-entry { key "sequence-number"; description "A prefix list entry; either a description (remark) or a prefix to match against"; leaf sequence-number { type dt1:Acl-sequence-number-range; description "Sequence number of prefix list"; } leaf grant { type dt2:Ipv6-acl-grant-enum; description "Whether to forward or drop packets matching the prefix list"; } leaf ipv6-address-as-string { type string; description "The IPv6 address if entered with the ZoneMutually exclusive with Prefix and PrefixMask"; } leaf zone { type string; description "IPv6 Zone if entered with the IPV6AddressMutually exclusive with Prefix and PrefixMask"; } leaf prefix { type inet:ipv6-address-no-zone; description "IPv6 address prefix to match"; } leaf prefix-mask { type xr:Ipv6-prefix-length; description "MaskLength of IPv6 address prefix"; } leaf match-exact-length { type dt2:Ipv6-prefix-match-exact-length; description "Set to perform an exact prefix length match. Item is mutually exclusive with minimum and maximum length match items"; } leaf exact-prefix-length { type xr:Ipv6-prefix-length; description "If exact prefix length matching specified, set the length of prefix to be matched"; } leaf match-max-length { type dt2:Ipv6-prefix-match-max-length; description "Set to perform a maximum length prefix match . Item is mutually exclusive with exact length match item"; } leaf max-prefix-length { type xr:Ipv6-prefix-length; description "If maximum length prefix matching specified, set the maximum length of prefix to be matched"; } leaf match-min-length { type dt2:Ipv6-prefix-match-min-length; description "Set to perform a minimum length prefix match . Item is mutually exclusive with exact length match item"; } leaf min-prefix-length { type xr:Ipv6-prefix-length; description "If minimum length prefix matching specified, set the minimum length of prefix to be matched"; } leaf remark { type dt2:Ipv6-acl-prefix-remark-name; description "Comments or a description for the prefix list. Item is mutually exclusive with all others in the object"; } } // list prefix-list-entry } // container prefix-list-entries leaf name { type dt2:Ipv6-acl-prefix-list-name; description "Name of a prefix list"; } } // list prefix } // container prefixes container log-update { description "Control access lists log updates"; leaf threshold { type dt2:Ipv6-acl-log-threshold-range; description "Log update threshold (number of hits)"; } leaf rate { type dt2:Ipv6-acl-log-rate-range; description "Log update rate (log messages per second)"; } } // container log-update container accesses { description "Table of access lists"; list access { key "name"; description "An ACL"; container access-list-entries { description "ACL entry table; contains list of access list entries"; list access-list-entry { key "sequence-number"; description "An ACL entry; either a description (remark) or anAccess List Entry to match against"; leaf sequence-number { type dt2:Ipv6-acl-sequence-number-range; description "Sequence number of access list entry"; } leaf grant { type ipv6-acl-dt:Ipv6-acl-grant-enum; description "Forwarding action for the packet. This is required for any non-remark ACE. Leave unspecified otherwise."; } leaf protocol-operator { type ipv6-acl-dt:Ipv6-acl-operator-enum; description "Protocol operator. User can specify equal or leave it unspecified for singleton protocol match, or specify range for protocol range match."; } leaf protocol { type ipv6-acl-dt:Ipv6-acl-protocol-number; description "Protocol number to match. It can be used for the lower bound (range operator) or single value (equal operator). Any value not in the permissible range will be rejected. When leave unspecified, default value is ipv6."; reference "RFC 758 - ASSIGNED INTERNET PROTOCOL NUMBERS"; } leaf protocol2 { type ipv6-acl-dt:Ipv6-acl-protocol-number; description "Protocol2 to match. It is used in upper bound (range operator). Any value not in the permissible range will be rejected."; reference "RFC 758 - ASSIGNED INTERNET PROTOCOL NUMBERS"; } container source-network { description "Source network settings."; leaf source-address { type inet:ipv6-address; description "Source IPv6 address, leave unspecified if inputting as IPv6 address with wildcarding."; reference "RFC 4291"; } leaf source-wild-card-bits { type xr:Ipv6-prefix-length; description "Wildcard bits to apply to source-address (if specified), leave unspecified for no wildcarding."; reference "RFC 4291"; } leaf source-mask { type inet:ipv6-address-no-zone; description "Source address mask. Either source-wild-card-bits or source-mask is. supported, not both. Leave unspecified. for any."; reference "RFC 4291"; } } // container source-network container destination-network { description "Destination network settings."; leaf destination-address { type inet:ipv6-address; description "Destination IPv6 address, leave unspecified if inputting as IPv6 address with wildcarding."; reference "RFC 4291"; } leaf destination-wild-card-bits { type xr:Ipv6-prefix-length; description "Wildcard bits to apply to destination destination-address (if specified), leave unspecified for no wildcarding."; reference "RFC 4291"; } leaf destination-mask { type inet:ipv6-address-no-zone; description "Destination address mask. Either destination-wild-card-bits or destination-mask. is supported, not both. Leave unspecified for any."; reference "RFC 4291"; } } // container destination-network container source-port { when "../protocol = '6' or ../protocol = 'tcp' or ../protocol = '17' or ../protocol = 'udp' or ../protocol = '132' or ../protocol = 'sctp'" { description "Applicable only to TCP, SCTP and UDP."; } description "Source port settings."; leaf source-operator { type ipv6-acl-dt:Ipv6-acl-operator-enum; description "Source port comparison operator. This is a required field if any source port value is given, otherwise, config will be rejected. Leave unspecified if no source port comparison is to be done."; } leaf first-source-port { type ipv6-acl-dt:Ipv6-acl-port-number; description "Lower source port for comparison. It can be used for the lower bound (range operator) or single value (equal, less, greater..etc). Any value not in the permissible range will be rejected. Leave unspecified otherwise."; reference "RFC 1700 - WELL KNOWN PORT NUMBERS"; } leaf second-source-port { type ipv6-acl-dt:Ipv6-acl-port-number; description "Upper source port for comparion. It is used in the upper bound (range operator). Any value not in the permissible range will be rejected. Leave unspecified otherwise."; reference "RFC 1700 - WELL KNOWN PORT NUMBERS"; } } // container source-port container destination-port { when "../protocol = '6' or ../protocol = 'tcp' or ../protocol = '17' or ../protocol = 'udp' or ../protocol = '132' or ../protocol = 'sctp'" { description "Applicable only to TCP, SCTP and UDP."; } description "Destination port settings."; leaf destination-operator { type ipv6-acl-dt:Ipv6-acl-operator-enum; description "Destination port comparison operator. This is a required field if any destination port value is given, otherwise, config will be rejected. Leave unspecified if no destination port comparison is to be done."; } leaf first-destination-port { type ipv6-acl-dt:Ipv6-acl-port-number; description "Lower destination port for comparison. It can be used for the lower bound (range operator) or single value (equal, less, greater..etc). Any value not in the permissible range will be rejected. Leave unspecified otherwise."; reference "RFC 1700 - WELL KNOWN PORT NUMBERS"; } leaf second-destination-port { type ipv6-acl-dt:Ipv6-acl-port-number; description "Upper destination port for comparison. It is used in the upper bound (range operator). Any value not in the permissible range will be rejected. Leave unspecified otherwise."; reference "RFC 1700 - WELL KNOWN PORT NUMBERS"; } } // container destination-port container icmp { when "../protocol = '58' or ../protocol = 'icmpv6'" { description "Applicable only to ICMPv6."; } description "ICMP settings."; leaf icmp-type-code { type ipv6-acl-dt:Ipv6-acl-icmp-type-code-enum; description "Well known ICMP message code types to match, leave unspecified if ICMP message code type comparion is not to be performed."; reference "RFC 2463"; } } // container icmp container tcp { when "../protocol = '6' or ../protocol = 'tcp'" { description "Applicable only to TCP."; } description "TCP settings."; leaf tcp-bits-match-operator { type ipv6-acl-dt:Ipv6-acl-tcp-match-operator-enum; description "TCP Bits match operator. Leave unspecified if flexible comparison of TCP bits is not required."; } leaf tcp-bits { type ipv6-acl-dt:Ipv6-acl-tcp-bits-number; description "TCP bits to match. Leave unspecified if comparison of TCP bits is not required."; reference "RFC 793 Section 3.1 Control Bits"; } leaf tcp-bits-mask { type ipv6-acl-dt:Ipv6-acl-tcp-bits-number; description "TCP bits mask to use for flexible TCP matching. Leave unspecified if it is not required."; } } // container tcp container packet-length { description "Packet length settings."; leaf packet-length-operator { type ipv6-acl-dt:Ipv6-acl-operator-enum; description "Packet length operator applicable if packet length is to be compared. This is a required field if any packet-length value is given, otherwise, config will be rejected."; } leaf packet-length-min { type ipv6-acl-dt:Ipv6-acl-plen-range; description "Mininum packet length value for comparison. It can be used for the lower bound (range operator) or single value (equal, less, greater..etc). Any value not in the permissible range will be rejected. Leave unspecified otherwise."; } leaf packet-length-max { type ipv6-acl-dt:Ipv6-acl-plen-range; description "Maximum packet length value for comparison. It is used in the upper bound (range operator). Any value not in the permissible range will be rejected. Leave unspecified otherwise."; } } // container packet-length container time-to-live { description "TTL settings."; leaf time-to-live-operator { type ipv6-acl-dt:Ipv6-acl-operator-enum; description "TTL operator is applicable if TTL is to be compared. This is a required field if any TTL value is given, otherwise, config will be rejected. Leave unspecified if TTL classification is not required."; } leaf time-to-live-min { type ipv6-acl-dt:Ipv6-acl-ttl-range; description "Mininum TTL value for comparison. It can be used for the lower bound (range operator) or single value (equal, less, greater..etc). Any value not in the permissible range will be rejected. Leave unspecified otherwise."; reference "RFC 791 Section 3.2 - Time to Live"; } leaf time-to-live-max { type ipv6-acl-dt:Ipv6-acl-ttl-range; description "Maximum TTL value for comparison. It is used in the upper bound (range operator). Any value not in the permissible range will be rejected. Leave unspecified otherwise."; reference "RFC 791 Section 3.2 - Time to Live"; } } // container time-to-live choice Dscptype { container DSCPValues { description "DSCP settings."; leaf dscp-operator { type ipv6-acl-dt:Ipv6-acl-operator-enum; description "Enumerated DSCP operator values. Used when operator needs to be configured. Leave unspecified if DSCP operator is not required. Note: if the dscp operator is not set, it logically behaves same as equal operator."; } leaf dscp-lower { type ipv6-acl-dt:Ipv6-acl-dscp-number; description "DSCP value to match (if a value was specified). It can be used for the lower bound (range operator) or single value (equal, less, greater..etc) or without any operator. Any value not in the permissible range will be rejected. Leave unspecified if DSCP comparison is not to be performed."; reference "RFC 2474"; } leaf dscp-upper { type ipv6-acl-dt:Ipv6-acl-dscp-number; description "DSCP value to match (if a value was specified). It can be used in the upper bound (range operator) Any value not in the permissible range will be rejected. Leave unspecified if DSCP range comparison is not to be performed."; reference "RFC 2474"; } } // container DSCPValues leaf dscp { type ipv6-acl-dt:Ipv6-acl-dscp-number; description "DSCP value to match without any operators. Any value not in the permissible range will be rejected. Leave unspecified if DSCP comparison is not to be performed. For Setting dscp values, use the dscp container as this leaf will be deprecated soon."; reference "RFC 2474"; } } // choice Dscptype leaf precedence { type ipv6-acl-dt:Ipv6-acl-precedence-number; description "Precedence value to match (if a protocol was specified). Any value not in the permissible range will be rejected. Leave unspecified if precedence comparion is not to be performed."; reference "RFC 791 Section 3.1 - Precedence"; } container next-hop { description "Next-hop settings."; leaf next-hop-type { type Next-hop-type; description "The nexthop type."; } container next-hop-1 { description "The first next-hop settings."; leaf next-hop { type inet:ipv6-address-no-zone; description "The IPv6 address of the next-hop."; } leaf vrf-name { type string { length "1..32"; } description "The VRF name of the next-hop."; } leaf track-name { type string { length "1..32"; } description "The object tracking name for the next-hop."; } } // container next-hop-1 container next-hop-2 { description "The second next-hop settings."; leaf next-hop { type inet:ipv6-address-no-zone; description "The IPv6 address of the next-hop."; } leaf vrf-name { type string { length "1..32"; } description "The VRF name of the next-hop."; } leaf track-name { type string { length "1..32"; } description "The object tracking name for the next-hop."; } } // container next-hop-2 container next-hop-3 { description "The third next-hop settings."; leaf next-hop { type inet:ipv6-address-no-zone; description "The IPv6 address of the next-hop."; } leaf vrf-name { type string { length "1..32"; } description "The VRF name of the next-hop."; } leaf track-name { type string { length "1..32"; } description "The object tracking name for the next-hop."; } } // container next-hop-3 } // container next-hop leaf counter-name { type string { length "1..64"; } description "Name of counter to aggregate hardware statistics."; } leaf log-option { type ipv6-acl-dt:Ipv6-acl-logging-enum; description "Log the packet on this access-list-entry/rule."; } leaf capture { type boolean; description "Enable capture if set to TRUE."; } leaf undetermined-transport { type boolean; description "Enable undetermined-transport if set to TRUE."; } leaf icmp-off { type empty; description "To turn off ICMP generation for deny ACEs."; } leaf qos-group { type ipv6-acl-dt:Ipv6-acl-qos-group-number; description "Set qos-group number. Any value not in the permissible range will be rejected."; } leaf set-ttl { type ipv6-acl-dt:Ipv6-acl-ttl-range; description "Set TTL Value. Any value not in the permissible range will be rejected."; } container header-flags { description "Match if header-flag is present."; leaf routing { type empty; description "Match if routing header is present."; reference "RFC 2460 Section 4"; } leaf destopts { type empty; description "Match if destops header is present."; reference "RFC 2460 Section 4"; } leaf hop-by-hop { type empty; description "Match if hop-by-hop header is present."; reference "RFC 2460 Section 4"; } leaf fragments { type empty; description "Match if fragments header is present."; reference "RFC 2460 Section 4"; } leaf authen { type empty; description "Match if authen header is present."; reference "RFC 2460 Section 4"; } } // container header-flags leaf remark { type string { length "0..255"; } description "Description for the access-list-entry/rules."; } leaf source-prefix-group { type string { length "1..64"; } description "IPv6 source network object group name."; } leaf destination-prefix-group { type string { length "1..64"; } description "IPv6 destination network object group name."; } leaf source-port-group { type string { length "1..64"; } description "Source port object group name."; } leaf destination-port-group { type string { length "1..64"; } description "Destination port object group name."; } leaf sequence-str { type string { length "1..64"; } description "Sequence String for the ace."; } } // list access-list-entry } // container access-list-entries leaf name { type dt2:Ipv6-acl-prefix-list-name; description "Name of the access list"; } } // list access } // container accesses } // container ipv6-acl-and-prefix-list } // module Cisco-IOS-XR-ipv6-acl-cfg
© 2024 YumaWorks, Inc. All rights reserved.