This module contains a collection of YANG definitions for ACL statistical data. Copyright (c) 2016-2017, 2019-2020 by Cisco Syst...
Version: 2021-03-01
module Cisco-IOS-XE-acl-oper { yang-version 1; namespace "http://cisco.com/ns/yang/Cisco-IOS-XE-acl-oper"; prefix acl-ios-xe-oper; import ietf-inet-types { prefix inet; } import ietf-yang-types { prefix yang; } import cisco-semver { prefix cisco-semver; } organization "Cisco Systems, Inc."; contact "Cisco Systems, Inc. Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 Tel: +1 1800 553-NETS E-mail: cs-yang@cisco.com"; description "This module contains a collection of YANG definitions for ACL statistical data. Copyright (c) 2016-2017, 2019-2020 by Cisco Systems, Inc. All rights reserved."; revision "2021-03-01" { description "Update copyright"; reference "1.4.1"; } revision "2020-11-01" { description "Added support of associating ACL with Geolocation group"; reference "1.4.0"; } revision "2020-03-01" { description "Augmented Access Lists with Access List type and Access List Entries with ACE rule data"; reference "1.3.0"; } revision "2019-05-01" { description "Added semantic version"; reference "1.2.0"; } revision "2018-10-29" { description "Cleaned up spelling errors in descriptions."; reference "1.1.0"; } revision "2017-02-07" { description "Initial revision"; reference "1.0.0"; } cisco-semver:module-version "1.4.1"; cisco-semver:module-version "1.4.0"; cisco-semver:module-version "1.3.0"; cisco-semver:module-version "1.2.0"; cisco-semver:module-version "1.1.0"; cisco-semver:module-version "1.0.0"; typedef acl-action-type { type enumeration { enum "permit" { value 0; description "Permit matching packets"; } enum "deny" { value 1; description "Deny matching packets"; } } description "Action to be taken on packets matching the rule"; } typedef acl-port-operator-type { type enumeration { enum "equals" { value 0; description "Equals to the given port"; } enum "not-equals" { value 1; description "Not equal to the given port"; } enum "lesser-than" { value 2; description "Lesser than the given port"; } enum "greater-than" { value 3; description "Greater than the given port"; } enum "range" { value 4; description "Range between the ports, including the given ports"; } } description "Specifies what operation to use while checking if the protocol port matches the given port(s)"; } typedef access-list-type { type enumeration { enum "v4-standard-acl" { value 0; description "IPv4 standard Access Control List"; } enum "v4-extended-acl" { value 1; description "Ipv4 Extended Access Control List"; } enum "v4-role-based-acl" { value 2; description "IPv4 Role based Access Control List"; } enum "v6-acl" { value 3; description "Regular IPv6 Access Control List"; } enum "v6-role-based-acl" { value 4; description "IPv6 Role based Access Control List"; } } description "Basic Access Control List type"; } typedef acl-protocol-type { type enumeration { enum "protocol-any" { value 0; description "Any IP protocol"; } enum "protocol-number" { value 1; description "Number assigned to the IP protocol"; } enum "protocol-object-group" { value 2; description "Service object-group name containing the protocol(s)"; } } description "Options to configure the protocol for matching packets"; } typedef acl-port-option-type { type enumeration { enum "port-any" { value 0; description "Protocol port is not configured"; } enum "port-configured" { value 1; description "Protocol port is configured"; } } description "ACL port configuration options"; } typedef acl-v4-address-type { type enumeration { enum "v4-address-wildcard" { value 0; description "IPv4 address and wildcard"; } enum "v4-host" { value 1; description "IPv4 host address"; } enum "v4-object-group" { value 2; description "IPv4 network object group containing IPv4 addresses"; } enum "v4-fqdn-group" { value 3; description "Name of the FQDN group associated with this entry"; } enum "v4-any" { value 4; description "Any IPv4 address in this position"; } enum "v4-geo-group" { value 5; description "Name of the geolocation group associated with this entry"; } } description "Options to configure IPv4 address"; } typedef acl-v6-address-type { type enumeration { enum "v6-address-prefix" { value 0; description "IPv6 address and prefix length used to match the packet"; } enum "v6-address-wildcard" { value 1; description "IPv6 address and wildcard used to match the packet"; } enum "v6-host" { value 2; description "IPv6 host address used to match the packet"; } enum "v6-object-group" { value 3; description "Name of IPv6 network object group containing the address(es)"; } enum "v6-fqdn-group" { value 4; description "Name of the FQDN group associated with this entry"; } enum "v6-any" { value 5; description "Matches with any IPv6 address on the packet"; } enum "v6-geo-group" { value 6; description "Name of the geolocation group associated with this entry"; } } description "Options to configure IPv6 address"; } typedef access-list-type-flags { type bits { bit internal { position 0; description "ACL generated by the system for internal use"; } bit downloaded { position 1; description "ACL downloaded into the device"; } bit per-user { position 2; description "Per user ACL, configured programmatically"; } } description "Access Control List flags"; } grouping acl-protocol { description "Protocol to match packets"; choice protocol-choice { description "Protocol configuration options"; leaf any { type empty; description "Any IP protocol"; } leaf number { type uint8; description "Number assigned to the IP protocol"; } leaf object-group { type string; description "Service object-group name containing the protocol(s)"; } } // choice protocol-choice } // grouping acl-protocol grouping acl-port-data { description "ACL entry port configuration data"; leaf port-operator { type acl-port-operator-type; description "Specifies what operation to use while checking if the protocol port matches the given port(s)"; } leaf-list ports { type uint16; ordered-by user; description "When the port match is \"less than\" or \"greater than\" then the port list will have one entry for the operation. When the port match is \"range\" then port list will have two values with the range being between the values. When the port match is \"equals\" and \"not equals\", then there may be up to 10 number of ports."; } } // grouping acl-port-data grouping acl-port { description "Port configuration for the protocol"; choice port-option-choice { description "Indicates whether the port was configured or not"; leaf any { type empty; description "Port is not configured. So, all ports will be matched"; } container port-data { description "Port configuration to be matched against the packet"; uses acl-ios-xe-oper:acl-port-data; } // container port-data } // choice port-option-choice } // grouping acl-port grouping acl-v4-address-wildcard { description "IPv4 network address and wildcard"; leaf address { type inet:ipv4-address; description "IPv4 network address"; } leaf wildcard { type inet:ipv4-address; description "Wildcard or inverted network mask"; } } // grouping acl-v4-address-wildcard grouping acl-v4-address { description "IPv4 address to be matched in this position"; choice v4-address-choice { description "Options to configure IPv4 address"; container address-wildcard { description "IPv4 address and wildcard"; uses acl-ios-xe-oper:acl-v4-address-wildcard; } // container address-wildcard leaf host { type inet:ipv4-address; description "IPv4 host address"; } leaf object-group { type string; description "IPv4 network object group containing IPv4 addresses"; } leaf fqdn-group { type string; description "Name of the FQDN group associated with this entry"; } leaf any { type empty; description "Any IPv4 address in this position"; } leaf geo-group { type string; description "Name of the geolocation group associated with this entry"; } } // choice v4-address-choice } // grouping acl-v4-address grouping acl-v4-standard-ace-data { description "IPv4 Standard Access List entry details"; leaf action { type acl-action-type; description "Indicates if the packets were permitted or denied"; } container source-address { description "Source address used to match the packets"; uses acl-ios-xe-oper:acl-v4-address; } // container source-address } // grouping acl-v4-standard-ace-data grouping acl-v4-extended-ace-data { description "IPv4 ACE data"; leaf action { type acl-action-type; description "Indicates if the packets were permitted or denied"; } container protocol { description "Protocol used to match the packets"; uses acl-ios-xe-oper:acl-protocol; } // container protocol container source-address { description "Source address used to match the packets"; uses acl-ios-xe-oper:acl-v4-address; } // container source-address container source-port { description "Source port used to match the packets"; uses acl-ios-xe-oper:acl-port; } // container source-port container destination-address { description "Destination address used to match the packets"; uses acl-ios-xe-oper:acl-v4-address; } // container destination-address container destination-port { description "Destination port used to match the packets"; uses acl-ios-xe-oper:acl-port; } // container destination-port } // grouping acl-v4-extended-ace-data grouping acl-v4-role-based-ace-data { description "IPv4 Role based ACE data"; leaf action { type acl-action-type; description "Indicates if the packets were permitted or denied"; } container protocol { description "Protocol used to match the packets"; uses acl-ios-xe-oper:acl-protocol; } // container protocol container source-port { description "Source port used to match the packets"; uses acl-ios-xe-oper:acl-port; } // container source-port container destination-port { description "Destination port used to match the packets"; uses acl-ios-xe-oper:acl-port; } // container destination-port } // grouping acl-v4-role-based-ace-data grouping acl-v6-address-wildcard { description "IPv6 address and wildcard"; leaf address { type inet:ipv6-address; description "IPv6 address"; } leaf wildcard { type inet:ipv6-address; description "Wildcard used with the IPv6 address"; } } // grouping acl-v6-address-wildcard grouping acl-v6-address { description "IPv6 address configuration"; choice v6-address-choice { description "Options to configure IPv6 address"; leaf address-prefix { type inet:ip-prefix; description "IPv6 address and prefix length used to match the packet"; } container address-wildcard { description "IPv6 address and wildcard used to match the packet"; uses acl-ios-xe-oper:acl-v6-address-wildcard; } // container address-wildcard leaf host { type inet:ipv6-address; description "IPv6 host address used to match the packet"; } leaf object-group { type string; description "Name of IPv6 network object group containing the address(es)"; } leaf fqdn-group { type string; description "Name of the FQDN group associated with this entry"; } leaf any { type empty; description "Matches with any IPv6 address on the packet"; } leaf geo-group { type string; description "Name of the geolocation group associated with this entry"; } } // choice v6-address-choice } // grouping acl-v6-address grouping acl-v6-ace-data { description "IPv6 Access Control List entry"; leaf action { type acl-action-type; description "Indicates if the packets were permitted or denied"; } container protocol { description "Protocol used to match the packets"; uses acl-ios-xe-oper:acl-protocol; } // container protocol container source-address { description "Source address used to match the packets"; uses acl-ios-xe-oper:acl-v6-address; } // container source-address container source-port { description "Source port used to match the packets"; uses acl-ios-xe-oper:acl-port; } // container source-port container destination-address { description "Destination address used to match the packets"; uses acl-ios-xe-oper:acl-v6-address; } // container destination-address container destination-port { description "Destination port used to match the packets"; uses acl-ios-xe-oper:acl-port; } // container destination-port } // grouping acl-v6-ace-data grouping acl-v6-role-based-ace-data { description "IPv6 Role based Access Control List entry"; leaf action { type acl-action-type; description "Indicates if the packets were permitted or denied"; } container protocol { description "Protocol used to match the packets"; uses acl-ios-xe-oper:acl-protocol; } // container protocol container source-port { description "Source port used to match the packets"; uses acl-ios-xe-oper:acl-port; } // container source-port container destination-port { description "Destination port used to match the packets"; uses acl-ios-xe-oper:acl-port; } // container destination-port } // grouping acl-v6-role-based-ace-data grouping ace-rule-data { description "ACL entry parameters used for matching"; choice acl-rule-choice { description "ACL entry rules based on ACL type"; container v4-standard-ace-rule { description "IPv4 Standard ACL rule matching parameters"; uses acl-ios-xe-oper:acl-v4-standard-ace-data; } // container v4-standard-ace-rule container v4-extended-ace-rule { description "IPv4 extended ACL rule matching parameters"; uses acl-ios-xe-oper:acl-v4-extended-ace-data; } // container v4-extended-ace-rule container v4-role-based-ace-rule { description "IPv4 Role-based ACL rule matching parameters"; uses acl-ios-xe-oper:acl-v4-role-based-ace-data; } // container v4-role-based-ace-rule container v6-ace-rule { description "IPv6 regular ACL rule matching parameters"; uses acl-ios-xe-oper:acl-v6-ace-data; } // container v6-ace-rule container v6-role-based-ace-rule { description "IPv6 Role based ACL rule matching parameters"; uses acl-ios-xe-oper:acl-v6-role-based-ace-data; } // container v6-role-based-ace-rule } // choice acl-rule-choice } // grouping ace-rule-data grouping ace-oper-data { description "ACE operational data"; leaf match-counter { type yang:counter64; description "Number of matches for an access list entry"; } } // grouping ace-oper-data grouping access-list-entry { description "Entry representing ACE list entry"; leaf rule-name { type uint32; description "Entry number."; } container access-list-entries-oper-data { description "Per access list entries operational data"; uses acl-ios-xe-oper:ace-oper-data; } // container access-list-entries-oper-data container access-list-entries-rule-data { description "Per access list entries rule data"; uses acl-ios-xe-oper:ace-rule-data; } // container access-list-entries-rule-data } // grouping access-list-entry grouping access-list { description "A list of access-list-entry(ACE)"; leaf access-control-list-name { type string; description "The name of access-list. A device MAY restrict the length and value of this name, possibly space and special characters are not allowed"; } container access-list-entries { description "access-list-entry(ACE) information"; list access-list-entry { key "rule-name"; description "A list of ACEs"; uses acl-ios-xe-oper:access-list-entry; } // list access-list-entry } // container access-list-entries leaf access-control-list-type { type access-list-type; description "Basic type of access control list"; } leaf access-control-list-type-flags { type access-list-type-flags; description "Other information about the access list"; } } // grouping access-list container access-lists { config false; description "This is top level container for Access Control Lists. It can have one or more Access Control List."; list access-list { key "access-control-list-name"; description "An access list (acl) is an ordered list of access list entries (ACE). Each access control entries has a list of match criteria, and a list of actions. Since there are several kinds of access control lists implemented with different attributes for each and different for each vendor, this model accommodates customizing access control lists for each kind and for each vendor."; uses acl-ios-xe-oper:access-list; } // list access-list } // container access-lists } // module Cisco-IOS-XE-acl-oper
© 2023 YumaWorks, Inc. All rights reserved.