openconfig-acl

This module defines configuration and operational state data for network access control lists (i.e., filters, rules, etc.). ACL...

  • Version: 2022-12-20

    openconfig-acl@2022-12-20


    
      module openconfig-acl {
    
        yang-version 1;
    
        namespace
          "http://openconfig.net/yang/acl";
    
        prefix oc-acl;
    
        import openconfig-packet-match {
          prefix oc-match;
        }
        import openconfig-interfaces {
          prefix oc-if;
        }
        import openconfig-yang-types {
          prefix oc-yang;
        }
        import openconfig-extensions {
          prefix oc-ext;
        }
    
        organization "OpenConfig working group";
    
        contact
          "OpenConfig working group
    www.openconfig.net";
    
        description
          "This module defines configuration and operational state
    data for network access control lists (i.e., filters, rules,
    etc.).  ACLs are organized into ACL sets, with each set
    containing one or more ACL entries.  ACL sets are identified
    by a unique name, while each entry within a set is assigned
    a sequence-id that determines the order in which the ACL
    rules are applied to a packet.  Note that ACLs are evaluated
    in ascending order based on the sequence-id (low to high).
    
    Individual ACL rules specify match criteria based on fields in
    the packet, along with an action that defines how matching
    packets should be handled. Entries have a type that indicates
    the type of match criteria, e.g., MAC layer, IPv4, IPv6, etc.";
    
        revision "2022-12-20" {
          description
            "Remove unused openconfig-inet-types import";
          reference
            "1.3.1";
    
        }
    
        revision "2022-06-01" {
          description
            "Add the management of prefix lists
    that can be used in matches";
          reference
            "1.3.0";
    
        }
    
        revision "2022-01-14" {
          description
            "Fix when statements for MIXED mode ACLs";
          reference
            "1.2.2";
    
        }
    
        revision "2021-06-16" {
          description
            "Remove trailing whitespace";
          reference
            "1.2.1";
    
        }
    
        revision "2021-03-17" {
          description "Add MPLS filter Support.";
          reference
            "1.2.0";
    
        }
    
        revision "2019-11-27" {
          description
            "Fix xpaths in when statements.";
          reference
            "1.1.1";
    
        }
    
        revision "2019-10-25" {
          description "Update when statements.";
          reference
            "1.1.0";
    
        }
    
        revision "2018-11-21" {
          description
            "Add OpenConfig module metadata extensions.";
          reference
            "1.0.2";
    
        }
    
        revision "2018-04-24" {
          description
            "Clarified order of ACL evaluation";
          reference
            "1.0.1";
    
        }
    
        revision "2017-05-26" {
          description
            "Separated ACL entries by type";
          reference
            "1.0.0";
    
        }
    
        revision "2016-08-08" {
          description
            "OpenConfig public release";
          reference
            "0.2.0";
    
        }
    
        revision "2016-01-22" {
          description "Initial revision";
          reference
            "TBD";
    
        }
    
        oc-ext:openconfig-version "1.3.1";
        oc-ext:regexp-posix;
        oc-ext:catalog-organization "openconfig";
        oc-ext:origin "openconfig";
    
        identity ACL_TYPE {
          description
            "Base identity for types of ACL sets";
        }
    
        identity ACL_IPV4 {
          base ACL_TYPE;
          description
            "IP-layer ACLs with IPv4 addresses";
        }
    
        identity ACL_IPV6 {
          base ACL_TYPE;
          description
            "IP-layer ACLs with IPv6 addresses";
        }
    
        identity ACL_L2 {
          base ACL_TYPE;
          description "MAC-layer ACLs";
        }
    
        identity ACL_MIXED {
          base ACL_TYPE;
          description
            "Mixed-mode ACL that specifies L2 and L3 protocol
    fields.  This ACL type is not implemented by many
    routing/switching devices.";
        }
    
        identity ACL_MPLS {
          base ACL_TYPE;
          description
            "An ACL that matches on fields from the MPLS header.";
        }
    
        identity FORWARDING_ACTION {
          description
            "Base identity for actions in the forwarding category";
        }
    
        identity ACCEPT {
          base FORWARDING_ACTION;
          description "Accept the packet";
        }
    
        identity DROP {
          base FORWARDING_ACTION;
          description
            "Drop packet without sending any ICMP error message";
        }
    
        identity REJECT {
          base FORWARDING_ACTION;
          description
            "Drop the packet and send an ICMP error message to the source";
        }
    
        identity LOG_ACTION {
          description
            "Base identity for defining the destination for logging
    actions";
        }
    
        identity LOG_SYSLOG {
          base LOG_ACTION;
          description "Log the packet in Syslog";
        }
    
        identity LOG_NONE {
          base LOG_ACTION;
          description "No logging";
        }
    
        identity ACL_COUNTER_CAPABILITY {
          description
            "Base identity for system to indicate how it is able to report
    counters";
        }
    
        identity INTERFACE_ONLY {
          base ACL_COUNTER_CAPABILITY;
          description
            "ACL counters are available and reported only per interface";
        }
    
        identity AGGREGATE_ONLY {
          base ACL_COUNTER_CAPABILITY;
          description
            "ACL counters are aggregated over all interfaces, and reported
    only per ACL entry";
        }
    
        identity INTERFACE_AGGREGATE {
          base ACL_COUNTER_CAPABILITY;
          description
            "ACL counters are reported per interface, and also aggregated
    and reported per ACL entry.";
        }
      }  // module openconfig-acl
    

© 2023 YumaWorks, Inc. All rights reserved.