This module contains a collection of YANG definitions for Cisco IOS-XR ipv4-acl package configuration. This module contains def...
Version: 2020-12-04
module Cisco-IOS-XR-ipv4-acl-cfg { yang-version 1; namespace "http://cisco.com/ns/yang/Cisco-IOS-XR-ipv4-acl-cfg"; prefix ipv4-acl-cfg; import ietf-inet-types { prefix inet; } import Cisco-IOS-XR-types { prefix xr; } import cisco-semver { prefix semver; } import Cisco-IOS-XR-ipv4-acl-datatypes { prefix dt1; } include Cisco-IOS-XR-ipv4-ace-cfg { revision-date "2020-12-04"; } organization "Cisco Systems, Inc."; contact "Cisco Systems, Inc. Customer Service Postal: 170 West Tasman Drive San Jose, CA 95134 Tel: +1 800 553-NETS E-mail: cs-yang@cisco.com"; description "This module contains a collection of YANG definitions for Cisco IOS-XR ipv4-acl package configuration. This module contains definitions for the following management objects: ipv4-acl-and-prefix-list: IPv4 ACL configuration data Copyright (c) 2013-2020 by Cisco Systems, Inc. All rights reserved."; revision "2020-12-04" { description "7.4.1 revision. Fixing Remark Length 2020-11-23 7.3.2 revision. Changing the bag version"; } revision "2019-10-22" { description "7.0.1 revision. Fixing ICMP TYPE CODE datatype from Enum to RangeEnum"; } revision "2019-04-05" { description "Establish semantic version baseline."; } revision "2018-05-08" { description "6.5.1 revision. Remove the when statement for fragments."; } revision "2018-04-03" { description "6.5.1 revision. Correct enum value for Next-hop-type."; } revision "2018-03-23" { description "6.5.1 revision. Removing none-next-type."; } revision "2018-02-01" { description "Using YANG bit types for tcp flags."; } revision "2018-01-03" { description "6.4.1 revision. Fixed a few typos in the description."; } revision "2017-10-15" { description "Removed presence statement generated from internal CLI data."; } revision "2015-11-09" { description "IOS XR 6.0 revision."; } semver:module-version "2.0.0"; semver:module-version "1.1.1"; semver:module-version "1.0.0"; container ipv4-acl-and-prefix-list { description "IPv4 ACL configuration data"; container accesses { description "Table of access lists. Entries in this table and the AccessListExistenceTable table must be kept consistent"; list access { key "access-list-name"; description "An ACL"; container access-list-entries { description "ACL entry table; contains list of ACEs"; list access-list-entry { key "sequence-number"; description "An ACL entry; either a description (remark) or an ACE to match against"; leaf sequence-number { type dt1:Ipv4-acl-sequence-number-range-acl; description "Sequence number for this entry"; } leaf grant { type ipv4-acl-dt:Ipv4-acl-grant-enum; description "Forwarding action for the packet. This is required for any non-remark ACE. Leave unspecified otherwise."; } leaf protocol-operator { type ipv4-acl-dt:Ipv4-acl-operator-enum; description "Protocol operator. User can specify equal or leave it unspecified for singleton protocol match, or specify range for protocol range match."; } leaf protocol { type ipv4-acl-dt:Ipv4-acl-protocol-number; description "Protocol number to match. It can be used for the lower bound (range operator) or single value (equal operator). Any value not in the permissible range will be rejected. When leave unspecified, default value is ipv4."; reference "RFC 758 - ASSIGNED INTERNET PROTOCOL NUMBERS"; } leaf protocol2 { type ipv4-acl-dt:Ipv4-acl-protocol-number; description "Protocol2 to match. It is used in upper bound (range operator). Any value not in the permissible range will be rejected."; reference "RFC 758 - ASSIGNED INTERNET PROTOCOL NUMBERS"; } container source-network { description "Source network settings."; leaf source-address { type inet:ipv4-address-no-zone; description "Source IPv4 address to match, leave unspecified for any."; } leaf source-wild-card-bits { type inet:ipv4-address-no-zone; description "Wildcard bits to apply to source address (if specified), leave unspecified for no wildcarding."; } leaf source-prefix-length { type xr:Ipv4-prefix-length; description "Prefix length to apply to source address (if specified), leave unspecified for no wildcarding."; } } // container source-network container destination-network { description "Destination network settings."; leaf destination-address { type inet:ipv4-address-no-zone; description "Destination IPv4 address to match (if a protocol was specified), leave unspecified for any."; } leaf destination-wild-card-bits { type inet:ipv4-address-no-zone; description "Wildcard bits to apply to destination address (if specified), leave unspecified for no wildcarding."; } leaf destination-prefix-length { type xr:Ipv4-prefix-length; description "Prefix length to apply to destination address (if specified), leave unspecified for no wildcarding."; } } // container destination-network container source-port { when "../protocol = '6' or ../protocol = 'tcp' or ../protocol = '17' or ../protocol = 'udp' or ../protocol = '132' or ../protocol = 'sctp'" { description "Applicable only to TCP, SCTP and UDP."; } description "Source port settings."; leaf source-operator { type ipv4-acl-dt:Ipv4-acl-operator-enum; description "Source port comparison operator. This is a required field if any source port value is given, otherwise, config will be rejected. Leave unspecified if no source port comparison is to be done."; } leaf first-source-port { type ipv4-acl-dt:Ipv4-acl-port-number; description "Lower source port for comparison. It can be used for the lower bound (range operator) or single value (equal, less, greater..etc). Any value not in the permissible range will be rejected. Leave unspecified otherwise."; reference "RFC 1700 - WELL KNOWN PORT NUMBERS"; } leaf second-source-port { type ipv4-acl-dt:Ipv4-acl-port-number; description "Upper source port for comparion. It is used in the upper bound (range operator). Any value not in the permissible range will be rejected. Leave unspecified otherwise."; reference "RFC 1700 - WELL KNOWN PORT NUMBERS"; } } // container source-port container destination-port { when "../protocol = '6' or ../protocol = 'tcp' or ../protocol = '17' or ../protocol = 'udp' or ../protocol = '132' or ../protocol = 'sctp'" { description "Applicable only to TCP, SCTP and UDP."; } description "Destination port settings."; leaf destination-operator { type ipv4-acl-dt:Ipv4-acl-operator-enum; description "Destination port comparison operator. This is a required field if any destination port value is given, otherwise, config will be rejected. Leave unspecified if no destination port comparison is to be done."; } leaf first-destination-port { type ipv4-acl-dt:Ipv4-acl-port-number; description "Lower destination port for comparison. It can be used for the lower bound (range operator) or single value (equal, less, greater..etc). Any value not in the permissible range will be rejected. Leave unspecified otherwise."; reference "RFC 1700 - WELL KNOWN PORT NUMBERS"; } leaf second-destination-port { type ipv4-acl-dt:Ipv4-acl-port-number; description "Upper destination port for comparison. It is used in the upper bound (range operator). Any value not in the permissible range will be rejected. Leave unspecified otherwise."; reference "RFC 1700 - WELL KNOWN PORT NUMBERS"; } } // container destination-port container icmp { when "../protocol = '1' or ../protocol = 'icmp'" { description "Applicable only to ICMP."; } description "ICMP settings."; leaf icmp-type-code { type ipv4-acl-dt:Ipv4-acl-icmp-type-code-enum; description "Well known ICMP message code types to match, leave unspecified if ICMP message code type comparion is not to be performed."; reference "RFC 792"; } } // container icmp container tcp { when "../protocol = '6' or ../protocol = 'tcp'" { description "Applicable only to TCP."; } description "TCP settings."; leaf tcp-bits-match-operator { type ipv4-acl-dt:Ipv4-acl-tcp-match-operator-enum; description "TCP Bits match operator. Leave unspecified if flexible comparison of TCP bits is not required."; } leaf tcp-bits { type ipv4-acl-dt:Ipv4-acl-tcp-bits-number; description "TCP bits to match. Leave unspecified if comparison of TCP bits is not required."; reference "RFC 793 Section 3.1 Control Bits"; } leaf tcp-bits-mask { type ipv4-acl-dt:Ipv4-acl-tcp-bits-number; description "TCP bits mask to use for flexible TCP matching. Leave unspecified if tcp-bits-match-operator is unspecified."; } } // container tcp container packet-length { description "Packet length settings."; leaf packet-length-operator { type ipv4-acl-dt:Ipv4-acl-operator-enum; description "Packet length operator applicable if packet length is to be compared. This is a required field if any packet-length value is given, otherwise, config will be rejected."; } leaf packet-length-min { type ipv4-acl-dt:Ipv4-acl-plen-range; description "Mininum packet length value for comparison. It can be used for the lower bound (range operator) or single value (equal, less, greater..etc). Any value not in the permissible range will be rejected. Leave unspecified otherwise."; } leaf packet-length-max { type ipv4-acl-dt:Ipv4-acl-plen-range; description "Maximum packet length value for comparison. It is used in the upper bound (range operator). Any value not in the permissible range will be rejected. Leave unspecified otherwise."; } } // container packet-length container time-to-live { description "TTL settings."; leaf time-to-live-operator { type ipv4-acl-dt:Ipv4-acl-operator-enum; description "TTL operator is applicable if TTL is to be compared. This is a required field if any TTL value is given, otherwise, config will be rejected. Leave unspecified if TTL classification is not required."; } leaf time-to-live-min { type ipv4-acl-dt:Ipv4-acl-ttl-range; description "Mininum TTL value for comparison. It can be used for the lower bound (range operator) or single value (equal, less, greater..etc). Any value not in the permissible range will be rejected. Leave unspecified otherwise."; reference "RFC 791 Section 3.2 - Time to Live"; } leaf time-to-live-max { type ipv4-acl-dt:Ipv4-acl-ttl-range; description "Maximum TTL value for comparison. It is used in the upper bound (range operator). Any value not in the permissible range will be rejected. Leave unspecified otherwise."; reference "RFC 791 Section 3.2 - Time to Live"; } } // container time-to-live container fragment-offset { description "Fragment-offset settings."; leaf fragment-offset-operator { type ipv4-acl-dt:Ipv4-acl-operator-enum; description "Fragment-offset operator if fragment-offset is to be compared. This is a required field if any fragment-offset value is given, otherwise, config will be rejected. Leave unspecified if fragment-offset classification is not required."; } leaf fragment-offset-1 { type ipv4-acl-dt:Ipv4-acl-frag-offset-range; description "Fragment-offset value for comparison. It can be used for the lower bound (range operator) or single value (equal, less, greater..etc). Any value not in the permissible range will be rejected. Leave unspecified otherwise."; reference "RFC 791 Section 2.3 - Fragmentation"; } leaf fragment-offset-2 { type ipv4-acl-dt:Ipv4-acl-frag-offset-range; description "Second fragment-offset value for comparison. It is used in the upper bound (range operator). Any value not in the permissible range will be rejected. Leave unspecified otherwise."; reference "RFC 791 Section 2.3 - Fragmentation"; } } // container fragment-offset leaf fragment-type { type ipv4-acl-dt:Ipv4-acl-frag-flags; description "Fragment flags, such as dont-fragment, is-fragment, first-fragment and last-fragment."; reference "RFC 791 Section 2.3 - Fragmentation"; } container next-hop { description "Next-hop settings."; leaf next-hop-type { type Next-hop-type; description "The nexthop type."; } container next-hop-1 { description "The first next-hop settings."; leaf next-hop { type inet:ipv4-address-no-zone; description "The IPv4 address of the next-hop."; } leaf vrf-name { type string { length "1..32"; } description "The VRF name of the next-hop."; } leaf track-name { type string { length "1..32"; } description "The object tracking name for the next-hop."; } } // container next-hop-1 container next-hop-2 { description "The second next-hop settings."; leaf next-hop { type inet:ipv4-address-no-zone; description "The IPv4 address of the next-hop."; } leaf vrf-name { type string { length "1..32"; } description "The VRF name of the next-hop."; } leaf track-name { type string { length "1..32"; } description "The object tracking name for the next-hop."; } } // container next-hop-2 container next-hop-3 { description "The third next-hop settings."; leaf next-hop { type inet:ipv4-address-no-zone; description "The IPv4 address of the next-hop."; } leaf vrf-name { type string { length "1..32"; } description "The VRF name of the next-hop."; } leaf track-name { type string { length "1..32"; } description "The object tracking name for the next-hop."; } } // container next-hop-3 } // container next-hop leaf counter-name { type string { length "1..64"; } description "Name of counter to aggregate hardware statistics."; } leaf igmp-message-type { when "../protocol = '2' or ../protocol = 'igmp'" { description "Applicable only to IGMP."; } type ipv4-acl-dt:Ipv4-acl-igmp-number; description "IGMP message type to match. Leave unspecified if no message type comparison is to be done."; reference "RFC 3376"; } container dscp { description "DSCP settings."; leaf dscp-operator { type ipv4-acl-dt:Ipv4-acl-operator-enum; description "DSCP operator is applicable only when DSCP range is configured. Leave unspecified if DSCP range is not required."; } leaf dscp-min { type ipv4-acl-dt:Ipv4-acl-dscp-number; description "Mininum DSCP value for comparison. It can be used for the lower bound (range operator) or single value (equal, less, greater..etc). Any value not in the permissible range will be rejected. Leave unspecified otherwise."; reference "RFC 2474"; } leaf dscp-max { type ipv4-acl-dt:Ipv4-acl-dscp-number; description "Maximum DSCP value for comparison. It is used in the upper bound (range operator). Any value not in the permissible range will be rejected. Leave unspecified otherwise."; reference "RFC 2474"; } } // container dscp leaf precedence { type ipv4-acl-dt:Ipv4-acl-precedence-number; description "Precedence value to match (if a protocol was specified). Any value not in the permissible range will be rejected. Leave unspecified if precedence comparion is not to be performed."; reference "RFC 791 Section 3.1 - Precedence"; } leaf log-option { type ipv4-acl-dt:Ipv4-acl-logging-enum; description "Log the packet on this access-list-entry/rule."; } leaf capture { type boolean; description "Enable capture if set to TRUE."; } leaf icmp-off { type empty; description "To turn off ICMP generation for deny ACEs."; } leaf qos-group { type ipv4-acl-dt:Ipv4-acl-qos-group-number; description "Set qos-group number. Any value not in the permissible range will be rejected."; } leaf set-ttl { type ipv4-acl-dt:Ipv4-acl-ttl-range; description "Set TTL Value. Any value not in the permissible range will be rejected."; } leaf fragments { type empty; description "Check non-initial fragments. Item is mutually exclusive with TCP, SCTP, UDP, IGMP and ICMP comparions and with logging."; reference "RFC 791 Section 2.3 - Fragmentation"; } leaf remark { type string { length "0..255"; } description "Description for the access-list-entry/rule."; } leaf source-prefix-group { type string { length "1..64"; } description "IPv4 source network object group name."; } leaf destination-prefix-group { type string { length "1..64"; } description "IPv4 destination network object group name."; } leaf source-port-group { type string { length "1..64"; } description "Source port object group name."; } leaf destination-port-group { type string { length "1..64"; } description "Destination port object group name."; } leaf sequence-str { type string { length "1..64"; } description "Sequence String for the ace."; } } // list access-list-entry } // container access-list-entries leaf access-list-name { type xr:Cisco-ios-xr-string { length "1..64"; } description "Access list name - 64 characters max"; } } // list access } // container accesses container prefixes { description "Table of ACL prefix lists. Entries in this table and the PrefixListExistenceTable table must be kept consistent"; list prefix { key "prefix-list-name"; description "Name of a prefix list"; container prefix-list-entries { description "Sequence of entries forming a prefix list"; list prefix-list-entry { key "sequence-number"; description "A prefix list entry; either a description (remark) or a prefix to match against"; leaf sequence-number { type dt1:Ipv4-acl-sequence-number-range; description "Sequence number of prefix list"; } leaf grant { type dt1:Ipv4-acl-grant-enum; description "Whether to forward or drop packets matching the prefix list"; } leaf prefix { type inet:ipv4-address-no-zone; description "IPv4 address prefix to match"; } leaf netmask { type inet:ipv4-address-no-zone; description "Mask of IPv4 address prefix"; } leaf match-exact-length { type empty; description "Set to perform an exact prefix length match. Item is mutually exclusive with minimum and maximum length match items"; } leaf exact-prefix-length { type dt1:Ipv4-acl-prefix-length-range; description "If exact prefix length matching specified, set the length of prefix to be matched"; } leaf match-max-length { type empty; description "Set to perform a maximum length prefix match . Item is mutually exclusive with exact length match item"; } leaf max-prefix-length { type dt1:Ipv4-acl-prefix-length-range; description "If maximum length prefix matching specified, set the maximum length of prefix to be matched"; } leaf match-min-length { type empty; description "Set to perform a minimum length prefix match . Item is mutually exclusive with exact length match item"; } leaf min-prefix-length { type dt1:Ipv4-acl-prefix-length-range; description "If minimum length prefix matching specified, set the minimum length of prefix to be matched"; } leaf remark { type string { length "1..256"; } description "Comments or a description for the prefix list. Item is mutually exclusive with all others in the object"; } } // list prefix-list-entry } // container prefix-list-entries leaf prefix-list-name { type string; description "Prefix list name - max 32 characters"; } } // list prefix } // container prefixes container log-update { description "Control access lists log updates"; leaf threshold { type dt1:Ipv4-acl-log-threshold-range; description "Log update threshold (number of hits)"; } leaf rate { type dt1:Ipv4-acl-log-rate-range; description "Log update rate (log msgs per second)"; } } // container log-update } // container ipv4-acl-and-prefix-list } // module Cisco-IOS-XR-ipv4-acl-cfg
© 2024 YumaWorks, Inc. All rights reserved.