VLAN management.
Version: 2021-08-12
module huawei-vlan { yang-version 1; namespace "urn:huawei:yang:huawei-vlan"; prefix vlan; import huawei-extension { prefix ext; } import huawei-pub-type { prefix pub-type; } import huawei-ifm { prefix ifm; } organization "Huawei Technologies Co., Ltd."; contact "Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: http://www.huawei.com Email: support@huawei.com"; description "VLAN management."; revision "2021-08-12" { description "Modify the description of leaf type and member-port."; reference "Huawei private."; } revision "2020-02-07" { description "Add leaf band-width-kbps."; reference "Huawei private."; } revision "2019-04-29" { description "Initial revision."; reference "Huawei private."; } ext:task-name "vlan"; typedef vlan-id { type uint16 { range "1..4094"; } description "VLAN ID."; } typedef vlan-type { type enumeration { enum "common" { value 1; description "VLAN type is common VLAN."; } enum "super" { value 2; description "VLAN type is super-VLAN."; } enum "sub" { value 3; description "VLAN type is sub-VLAN."; } } description "VLAN type."; } typedef admin-status { type enumeration { enum "up" { value 1; description "Administratively up."; } enum "down" { value 0; description "Administratively down."; } } description "VLAN administrative."; } typedef oper-status { type enumeration { enum "up" { value 1; description "Status is up."; } enum "down" { value 0; description "Status is down."; } } description "State."; } typedef enable-status { type enumeration { enum "enable" { value 1; description "VLAN enable status is enable."; } enum "disable" { value 0; description "VLAN enable status is disable."; } } description "VLAN enable status."; } typedef access-type { type enumeration { enum "access" { value 1; description "Access port that accepts packets without VLAN tags."; } enum "trunk" { value 2; description "Trunk port that accepts packets with VLAN tags."; } enum "hybrid" { value 3; description "Hybrid port that accepts packets with or without VLAN tags."; } enum "dot1qtunnel" { value 4; description "Dot1q tunnel interface that allows packet with double VLAN tags to pass."; } } description "VLAN access type."; } typedef tag-mode { type enumeration { enum "untag" { value 0; description "VLAN tag mode is untagged."; } enum "tag" { value 1; description "VLAN tag mode is tagged."; } } description "VLAN tag mode."; } container vlan { description "VLAN management."; container vlans { description "List of VLAN."; list vlan { key "id"; max-elements 4094; description "Configure VLAN information."; leaf id { type vlan-id; description "VLAN ID."; } leaf name { type string { length "1..31"; } description "VLAN name."; } leaf description { type string { length "1..80"; } description "VLAN description."; } leaf type { type vlan-type; default "common"; description "VLAN type."; } leaf admin-status { type admin-status; default "up"; description "Administrative status of a VLAN."; } leaf broadcast-discard { type enable-status; default "disable"; description "Discard broadcast packets."; } leaf unknown-multicast-discard { type enable-status; default "disable"; description "Discard unknown multicast packets."; } leaf mac-learning { type enable-status; default "enable"; description "Whether MAC address leaning is enabled in a VLAN."; } leaf statistic-enable { type enable-status; default "disable"; description "Whether VLAN statistics collection is enabled."; } leaf statistic-discard { when "../statistic-enable='enable'"; type enable-status; default "disable"; description "Whether BUM discard statistics collection is enabled."; } leaf mac-aging-time { when "not(../type='super')"; type uint32 { range "0|60..1000000"; } units "s"; description "MAC address aging time, 0 indicates that MAC addresses do not age."; } leaf super-vlan { when "../type='sub'"; type leafref { path "/vlan:vlan/vlan:vlans/vlan:vlan/vlan:id"; } must "/vlan:vlan/vlan:vlans/vlan:vlan[id=current()]/vlan:type = 'super'"; mandatory true; description "The corresponding super-VLAN ID when the VLAN is a sub-VLAN."; } container unkown-unicast-discard { description "Configure drop unknown unicast."; leaf discard { type enable-status; default "disable"; description "Discard unknown unicast packets."; } leaf mac-learning-enable { when "../discard='enable'"; type enable-status; default "disable"; description "Enable unknown unicast MAC address learning."; } } // container unkown-unicast-discard container suppression { description "Configure traffic suppression."; leaf inbound { type enable-status; default "disable"; description "Whether inbound suppression is enable."; } leaf outbound { type enable-status; default "disable"; description "Whether outbound suppression is enable."; } } // container suppression container member-ports { config false; description "List of ports in a VLAN."; list member-port { key "interface-name"; description "Statistics of ports in a VLAN."; leaf interface-name { type leafref { path "/ifm:ifm/ifm:interfaces/ifm:interface/ifm:name"; } description "Names of ports in a VLAN."; } leaf access-type { type access-type; description "Port link type."; } leaf state { type oper-status; description "Port state."; } leaf tag-mode { type tag-mode; description "Port tag mode."; } } // list member-port } // container member-ports container vlan-statistic { config false; description "Statistics of VLAN state."; leaf inbound-packets { type uint64; units "packet"; description "Number of inbound packets."; } leaf outbound-packets { type uint64; units "packet"; description "Number of outbound packets."; } leaf inbound-bytes { type uint64; units "Byte"; description "Number of inbound bytes."; } leaf outbound-bytes { type uint64; units "Byte"; description "Number of outbound bytes."; } leaf inbound-unicasts { type uint64; description "Number of inbound unicasts."; } leaf inbound-broadcasts { type uint64; description "Number of inbound broadcasts."; } leaf inbound-multicasts { type uint64; description "Number of inbound multicasts."; } leaf inbound-unkunicast-drops { type uint64; description "Number of inbound unknown unicast drops."; } leaf inbound-unkmulticast-drops { type uint64; description "Number of inbound unknown multicast drops."; } leaf inbound-brdcast-drops { type uint64; description "Number of inbound broadcast drops."; } leaf outbound-unicasts { type uint64; description "Number of outbound unicasts."; } leaf outbound-broadcasts { type uint64; description "Number of outbound broadcasts."; } leaf outbound-multicasts { type uint64; description "Number of outbound multicasts."; } } // container vlan-statistic container igmp-snooping { when "/mc:multicast/ims:igmp-snooping/ims:global-enable"; description "Configure Layer 2 multicast in the VLAN."; container global { must "proxy-enable='false' or (querier-enable='false' and report-suppress='false')"; must "(../../vlan:type='common') or (../../vlan:type='super' and ( proxy-enable='false' or (not (/vlan:vlan/vlan:vlans/vlan:vlan[vlan:super-vlan=current()/../../vlan:id]/ims:igmp-snooping/ims:global/ims:querier-enable='true') and not (/vlan:vlan/vlan:vlans/vlan:vlan[vlan:super-vlan=current()/../../vlan:id]/ims:igmp-snooping/ims:global/ims:report-suppress='true')))) or (../../vlan:type='sub' and (proxy-enable='false' or (not (/vlan:vlan/vlan:vlans/vlan:vlan[vlan:id=current()/../../vlan:super-vlan]/ims:igmp-snooping/ims:global/ims:querier-enable='true') and not(/vlan:vlan/vlan:vlans/vlan:vlan[vlan:id=current()/../../vlan:super-vlan]/ims:igmp-snooping/ims:global/ims:report-suppress='true') and not(/vlan:vlan/vlan:vlans/vlan:vlan[vlan:super-vlan=current()/../../vlan:super-vlan]/ims:igmp-snooping/ims:global/ims:querier-enable='true') and not(/vlan:vlan/vlan:vlans/vlan:vlan[vlan:super-vlan=current()/../../vlan:super-vlan]/ims:igmp-snooping/ims:global/ims:report-suppress='true'))))"; description "Configure Layer 2 multicast in the VLAN."; leaf ssm-acl { type acl:acl4-identity; must "(/acl:acl/acl:groups/acl:group[acl:number=number(current())] and (/acl:acl/acl:groups/acl:group[acl:number=number(current())]/acl:type='basic')) or (/acl:acl/acl:groups/acl:group[acl:identity=current()] and (/acl:acl/acl:groups/acl:group[acl:identity=current()]/acl:type='basic'))"; description "SSM group range policy."; } leaf version { type uint32 { range "1..3"; } default "2"; description "Layer 2 multicast version on an interface."; } leaf ssm-mapping-enable { type boolean; default "false"; description "Enable/disable SSM mapping."; } leaf ssm-mapping-policy { when "../ssm-mapping-enable='true'"; type string { length "1..31"; } must "not(../../ssm-mapping-groups/ssm-mapping-group)"; description "Configure a policy for SSM mapping."; } leaf report-suppress { type boolean; default "false"; description "Enable/disable the function of suppressing report messages."; } leaf static-group-suppress-dynamic-join { type boolean; default "false"; description "Enable/disable a Layer 2 device from sending Layer 2 multicast report and leave messages of a group that has been configured as a static group on the upstream device."; } leaf enable { type boolean; default "false"; description "Enable/disable Layer 2 multicast snooping in the VLAN."; } leaf group-policy-acl { type acl:acl4-identity; must "(/acl:acl/acl:groups/acl:group[acl:number=number(current())] and (/acl:acl/acl:groups/acl:group[acl:number=number(current())]/acl:type='basic' or /acl:acl/acl:groups/acl:group[acl:number=number(current())]/acl:type='advance')) or (/acl:acl/acl:groups/acl:group[acl:identity=current()] and (/acl:acl/acl:groups/acl:group[acl:identity=current()]/acl:type='basic' or /acl:acl/acl:groups/acl:group[acl:identity=current()]/acl:type='advance'))"; description "Configure a policy for filtering multicast groups on an interface to control the range of multicast groups that hosts can join."; } leaf group-policy-version { when "../group-policy-acl"; type uint32 { range "1..3"; } description "A group policy applies only to a specified Layer 2 multicast version."; } leaf max-response-time { type uint32 { range "1..25"; } units "s"; default "10"; description "Maximum response time for a Layer 2 multicast Query message. This time is used to control the deadline for user hosts to send report messages."; } leaf immediately-leave { type boolean; default "false"; description "Enable/disable prompt-leave. Prompt-Leave allows an interface to immediately delete a group record after receiving a leave message for this group, without sending a last-member query message."; } leaf immediately-leave-acl { when "../immediately-leave='true'"; type acl:acl4-identity; must "(/acl:acl/acl:groups/acl:group[acl:number=number(current())] and (/acl:acl/acl:groups/acl:group[acl:number=number(current())]/acl:type='basic' or /acl:acl/acl:groups/acl:group[acl:number=number(current())]/acl:type='advance')) or (/acl:acl/acl:groups/acl:group[acl:identity=current()] and (/acl:acl/acl:groups/acl:group[acl:identity=current()]/acl:type='basic' or /acl:acl/acl:groups/acl:group[acl:identity=current()]/acl:type='advance'))"; description "ACL used to control the applicable range of Layer 2 multicast prompt-leave."; } leaf proxy-enable { type boolean; default "false"; description "Enable/disable Layer 2 multicast snooping proxy."; } leaf multicast-group-model { type snooping-mode; default "asm-ssm"; description "Layer 2 multicast group join mode."; } leaf ip-policy-acl { type acl:acl4-identity; must "(/acl:acl/acl:groups/acl:group[acl:number=number(current())] and (/acl:acl/acl:groups/acl:group[acl:number=number(current())]/acl:type='basic' or /acl:acl/acl:groups/acl:group[acl:number=number(current())]/acl:type='advance')) or (/acl:acl/acl:groups/acl:group[acl:identity=current()] and (/acl:acl/acl:groups/acl:group[acl:identity=current()]/acl:type='basic' or /acl:acl/acl:groups/acl:group[acl:identity=current()]/acl:type='advance'))"; description "IP filter policy."; } leaf query-ip-policy-acl { type acl:acl4-identity; must "(/acl:acl/acl:groups/acl:group[acl:number=number(current())] and (/acl:acl/acl:groups/acl:group[acl:number=number(current())]/acl:type='basic' or /acl:acl/acl:groups/acl:group[acl:number=number(current())]/acl:type='advance')) or (/acl:acl/acl:groups/acl:group[acl:identity=current()] and (/acl:acl/acl:groups/acl:group[acl:identity=current()]/acl:type='basic' or /acl:acl/acl:groups/acl:group[acl:identity=current()]/acl:type='advance'))"; description "Querier IP policy."; } leaf querier-election { type boolean; default "false"; description "Enable/disable Layer 2 multicast querier election."; } leaf proxy-router-protocol-pass { type boolean; default "false"; description "Enable/disable a Layer 2 multicast snooping proxy-enabled device to transparently transmit Layer 2 multicast report messages."; } leaf querier-enable { type boolean; default "false"; description "Enable/disable a Layer 2 multicast querier."; } leaf query-interval { type uint32 { range "1..65535"; } units "s"; default "60"; description "Interval at which a device sends general query messages."; } leaf require-router-alert { type boolean; default "false"; description "Enable/disable a device to permit only Layer 2 multicast messages that contain the router-alert option in the IP header."; } leaf send-router-alert { type boolean; default "true"; description "Enable/disable a device to send Layer 2 multicast router alert."; } leaf robustness { type uint32 { range "2..5"; } default "2"; description "Number of times for retransmitting a message to avoid packet loss."; } leaf last-member-query-interval { type uint32 { range "1..5"; } units "s"; default "1"; description "Interval at which a last-member query message is sent."; } leaf router-aging-time { type uint32 { range "1..1000"; } units "s"; default "180"; description "Aging time of dynamic router ports. The aging time of a dynamic router port is default value or equals to the holdtime value contained in a PIM hello packet."; } leaf router-port-learning { type boolean; default "true"; description "Enable/disable dynamic router port learning."; } leaf source-life-time { type uint32 { range "60..1000"; } units "s"; default "210"; description "Aging time for entries triggered by multicast flows."; } leaf pim-forward-to-router-port-only { type boolean; default "false"; description "Enable/disable PIM messages forwarding to router port only."; } leaf send-query-source-address { type inet:ipv4-address-no-zone { pattern '(12[0-6]|1[0-1]\d|[1-9]\d|[1-9])(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}|(12[8-9]|1[3-9]\d|2[0-1]\d|22[0-3])(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}'; } description "Source IP address for Layer 2 multicast General Query messages."; } } // container global container multicast-vlan { must "../global/enable='true'"; must "../../vlan:type='common'"; must "not (/mc:multicast/ims:igmp-snooping/ims:instances/ims:instance[ims:vlan-id=current()/../../vlan:id])"; presence "Enable multicast VLAN."; description "Configure multicast VLAN."; leaf user-vlans { type pub-type:vlan-range; description "User VLAN of the multicast VLAN."; } leaf querier-election-user-vlans { when "../user-vlans"; type pub-type:vlan-range; description "Enable the querier election function in user VLANs."; } leaf send-query-prune-source-port { type boolean; default "false"; description "Enable/disable a multicast VLAN from sending General Query messages back through the source interface in the user VLAN."; } } // container multicast-vlan container ssm-mapping-groups { description "List of SSM mapping configurations."; list ssm-mapping-group { must "not(../../global/ssm-mapping-policy)"; key "group-address mask-length source-address"; max-elements 128; description "Configure SSM mapping of a VLAN."; leaf group-address { type inet:ipv4-address-no-zone { pattern '(22[4-9]|23\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}'; } description "Address of a multicast group."; } leaf mask-length { type uint32 { range "4..32"; } description "Mask length of a group address."; } leaf source-address { type inet:ipv4-address-no-zone { pattern '([1-9]|[1-9]\d|1[0-1]\d|12[0-68-9]|1[3-9]\d|2[0-1]\d|22[0-3])(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}'; } description "Multicast source IPv4 address."; } } // list ssm-mapping-group } // container ssm-mapping-groups container group-ports { config false; description "List of layer 2 multicast port information."; list group-port { key "group-address source-address"; description "Layer 2 multicast port state."; leaf group-address { type inet:ip-address-no-zone; description "Address of a multicast group."; } leaf source-address { type inet:ip-address-no-zone; description "Multicast source address."; } leaf up-time { type pub-type:time-tick; units "s"; description "Time since a router port was discovered."; } leaf entry-flag { type entry-flag-type; description "Entity flag."; } leaf source-flag { type source-flag-type; description "Source flag."; } container ports { description "List of port state."; list port { key "interface"; description "Port state."; leaf interface { type leafref { path "/ifm:ifm/ifm:interfaces/ifm:interface/ifm:name"; } description "Interface name."; } leaf up-time { type pub-type:time-tick; description "Time since a router port was discovered."; } leaf expire-time { type pub-type:time-tick { } description "Time after which a port will be deleted from the router port record table."; } leaf port-flag { type string { length "0..64"; } description "Port flag. S: static; D: dynamic; M: SSM-mapping."; } } // list port } // container ports } // list group-port } // container group-ports } // container igmp-snooping container mld-snooping { when "/mc:multicast/ims:mld-snooping/ims:global-enable"; description "Configure Layer 2 multicast configurations in the VLAN."; container ssm-mapping-groups { description "List of SSM mapping configurations."; list ssm-mapping-group { must "not(/mc:multicast/ims:igmp-snooping/ims:instances/ims:instance[ims:vlan-id=current()/../../../vlan:id])"; key "group-address mask-length source-address"; max-elements 128; description "Configure SSM mapping of a VLAN."; leaf group-address { type inet:ipv6-address-no-zone { pattern '[Ff]{2}[0-9A-Fa-f][03-9a-fA-F].+'; } description "Address of a multicast group."; } leaf mask-length { type uint32 { range "16 | 32 | 64 | 128"; } description "Mask length of a group address."; } leaf source-address { type inet:ipv6-address-no-zone; description "Multicast source IPv6 address. Value restrictions: The value cannot be any of the following: All 0s: 0::0, Loopback address: 0::1, Multicast address: ff00::0/8, Link-local address: fe80::0/10, In the format of ::x.x.x.x, class A addresses do not contain network segments 0 and 127. Class A, B, and C addresses cannot be network numbers or broadcast numbers."; } } // list ssm-mapping-group } // container ssm-mapping-groups } // container mld-snooping container dhcp-vlan { description "Configure DHCP attributes in a VLAN."; container interface-option82-formats { description "List of configuring the format of the Option 82 field for an interface in the specified VLAN."; list interface-option82-format { key "if-name"; description "Configure the format of the Option 82 field for an interface in the specified VLAN."; leaf if-name { type leafref { path "/ifm:ifm/ifm:interfaces/ifm:interface/ifm:name"; } description "Interface name. The interface must be the member interface of this VLAN."; } leaf option82-format { type option82-format; mandatory true; description "DHCP option82 format."; } leaf user-define-text { when "../option82-format = 'self-define' or ../option82-format = 'user-defined'"; type string { length "1..255"; pattern '([^\t]{1,})'; } mandatory true; description "DHCP option82 user-defined string."; } } // list interface-option82-format } // container interface-option82-formats container interface-option82-insert-settings { description "List of configuring all interfaces in a VLAN to insert or forcibly insert DHCP Option82 to DHCP packets."; list interface-option82-insert-setting { key "if-name"; description "Configure all interfaces in a VLAN to insert or forcibly insert DHCP Option82 to DHCP packets."; leaf if-name { type leafref { path "/ifm:ifm/ifm:interfaces/ifm:interface/ifm:name"; } description "Interface name. The interface must be the member interface of this VLAN."; } choice option82-insert-format { mandatory true; description "Specify DHCP option82 insertion format."; case insert-format { description "Configure all interfaces in a VLAN to insert DHCP Option82 to DHCP packets."; leaf insert { type empty; description "Configure all interfaces in a VLAN to insert DHCP Option82 to DHCP packets."; } } // case insert-format case rebuild-format { description "Configure all interfaces in a VLAN to forcibly insert DHCP Option82 to DHCP packets."; leaf rebuild { type empty; description "Configure all interfaces in a VLAN to forcibly insert DHCP Option82 to DHCP packets."; } } // case rebuild-format } // choice option82-insert-format } // list interface-option82-insert-setting } // container interface-option82-insert-settings container option82-insert-setting { description "Configure all interfaces in a VLAN to insert or forcibly insert DHCP option82 to DHCP packets."; choice option82-insert-format { description "Specify DHCP option82 insertion format."; case insert-format { description "Configure all interfaces in a VLAN to insert DHCP option82 to DHCP packets."; leaf insert { type empty; description "Configure all interfaces in a VLAN to insert DHCP option82 to DHCP packets."; } } // case insert-format case rebuild-format { description "Configure all interfaces in a VLAN to forcibly insert DHCP option82 to DHCP packets."; leaf rebuild { type empty; description "Configure all interfaces in a VLAN to forcibly insert DHCP option82 to DHCP packets."; } } // case rebuild-format } // choice option82-insert-format } // container option82-insert-setting } // container dhcp-vlan container dhcp-snooping-vlan { when "/dhcp:dhcp/dhcp:snooping/dhcp:global/dhcp:enable='true'"; description "Configure DHCP snooping VLAN attributes."; container basic-attribute { description "Configure basic attributes of DHCP snooping on a VLAN."; leaf enable { type boolean; default "false"; description "Enable/disable DHCP snooping in a VLAN. DHCP snooping cannot be enabled on both a VLANIF interface and a VLAN, DHCP snooping cannot be enabled both on a VBDIF interface and in a BD, DHCP snooping cannot be enabled on both a VBDIF interface and a Layer 2 sub-interface."; } leaf trust-enable { type boolean; default "false"; description "Enable/disable configuration information of a trusted VLAN."; } leaf check-arp-enable { type boolean; default "false"; description "Enable/disable ARP check."; } leaf alarm-arp-enable { type boolean; default "false"; description "Enable/disable the ARP alarm function."; } leaf alarm-arp-threshold { type uint16 { range "1..1000"; } description "ARP alarm threshold."; } leaf check-ip-enable { type boolean; default "false"; description "Enable/disable IP check."; } leaf alarm-ip-enable { type boolean; default "false"; description "Enable/disable the IP alarm function."; } leaf alarm-ip-threshold { type uint16 { range "1..1000"; } description "IP alarm threshold."; } leaf alarm-reply-enable { type boolean; default "false"; description "Enable/disable the alarm function when the number of discarded untrusted packets reaches the configured threshold."; } leaf alarm-reply-threshold { type uint16 { range "1..1000"; } description "Untrusted packet discarding alarm threshold."; } leaf check-mac-enable { type boolean; default "false"; description "Enable/disable consistency check on MAC address."; } leaf alarm-mac-enable { type boolean; default "false"; description "Enable/disable the consistency check alarm on MAC address."; } leaf alarm-mac-threshold { type uint16 { range "1..1000"; } description "Consistency check alarm threshold on MAC address."; } leaf check-user-bind-enable { type boolean; default "false"; description "Enable/disable the check on DHCP snooping binding table."; } leaf alarm-user-bind-enable { type boolean; default "false"; description "Enable/disable the user binding table alarm."; } leaf alarm-user-bind-threshold { type uint16 { range "1..1000"; } description "User binding table alarm threshold."; } leaf max-user-number { type uint16 { range "1..16384"; } description "Maximum number of users allowed on all DHCP snooping-enabled interfaces in a VLAN."; } leaf alarm-user-limit-enable { type boolean; default "false"; description "Enable/disable the user limit alarm."; } leaf alarm-user-limit-threshold { type uint16 { range "1..100"; } default "100"; description "User limit alarm threshold."; } } // container basic-attribute container vlan-interfaces { description "List of configuring DHCP snooping-enabled interfaces in a VLAN."; list vlan-interface { key "if-name"; description "Configure a DHCP snooping-enabled interface in a VLAN."; leaf if-name { type leafref { path "/ifm:ifm/ifm:interfaces/ifm:interface/ifm:name"; } description "Interface name."; } leaf enable { type boolean; default "false"; description "Enable/disable DHCP snooping on an interface in a VLAN."; } leaf trust-flag { type boolean; default "false"; description "Enable/disable DHCP snooping VLAN interface trust."; } leaf check-arp-enable { type boolean; default "false"; description "Enable/disable ARP check."; } leaf alarm-arp-enable { type boolean; default "false"; description "Enable/disable the ARP alarm function."; } leaf alarm-arp-threshold { type uint32 { range "1..1000"; } description "ARP alarm threshold."; } leaf check-ip-enable { type boolean; default "false"; description "Enable/disable IP check."; } leaf alarm-ip-enable { type boolean; default "false"; description "Enable/disable the IP alarm function."; } leaf alarm-ip-threshold { type uint32 { range "1..1000"; } description "IP alarm threshold."; } leaf alarm-reply-enable { type boolean; default "false"; description "Enable/disable alarm of dropping untrusted packet."; } leaf alarm-reply-threshold { type uint32 { range "1..1000"; } description "Threshold of dropping untrusted packet alarm."; } leaf check-mac-address-enable { type boolean; default "false"; description "Enable/disable consistency check on MAC addresses."; } leaf alarm-mac-address-enable { type boolean; default "false"; description "Enable/disable the consistency check alarm for MAC addresses."; } leaf alarm-mac-address-threshold { type uint32 { range "1..1000"; } description "Consistency check alarm threshold for MAC address."; } leaf check-request-enable { type boolean; default "false"; description "Enable/disable DHCP user binding table check."; } leaf alarm-request-enable { type boolean; default "false"; description "Enable/disable DHCP userbind table alarm."; } leaf alarm-request-threshold { type uint32 { range "1..1000"; } description "DHCP userbind table alarm threshold."; } leaf max-user-number { type uint32 { range "1..16384"; } description "Maximum number of users allowed on a DHCP snooping-enabled interface in a VLAN."; } leaf alarm-user-limit-enable { type boolean; default "false"; description "Enable/disable the user limit alarm."; } leaf alarm-user-limit-threshold { type uint32 { range "1..100"; } default "100"; description "User limit alarm threshold."; } } // list vlan-interface } // container vlan-interfaces container static-binds { description "List of static binding tables in a VLAN."; list static-bind { must "(cevlan-id=0) or (cevlan-id!=0 and if-name)"; key "ip-address cevlan-id"; description "Configure a static binding table in a VLAN."; leaf ip-address { type inet:ipv4-address-no-zone; description "IP address."; } leaf cevlan-id { type uint16 { range "0..4094"; } description "CE VLAN ID."; } leaf mac-address { type pub-type:mac-address { length "0..255"; } description "MAC address."; } leaf if-name { type leafref { path "/ifm:ifm/ifm:interfaces/ifm:interface/ifm:name"; } description "Interface name."; } } // list static-bind } // container static-binds } // container dhcp-snooping-vlan container mac-flapping { description "Configure MAC flapping."; container loop-detect { presence "Loop detect configuration."; description "Configure VLAN MAC flapping entry."; leaf loop-times { type uint32 { range "3..1000"; } mandatory true; description "Number of MAC address flappings."; } leaf detect-cycle { type uint32 { range "3..30"; } units "s"; mandatory true; description "Detection cycle."; } leaf cycles { type uint32 { range "1..15"; } mandatory true; description "Number of cycles."; } leaf action { type alarm-enable; mandatory true; description "Action taken after a loop occurs. The action can be reporting an alarm or blocking an interface."; } leaf retry-times { when "../action='block'"; type uint32 { range "0..5"; } must "(../retry-times and ../block-time) or (not(../retry-times) and not(../block-time))"; description "Retry times."; } leaf block-time { when "../action='block'"; type uint32 { range "10..65535"; } units "s"; must "(../retry-times and ../block-time) or (not(../retry-times) and not(../block-time))"; description "Blocking time."; } } // container loop-detect container precise-block { presence "precise-block"; description "Configure precise blocking policy table."; } // container precise-block } // container mac-flapping container mac-addresss { description "List of VLAN forwarding table."; list mac-address { must "not (mac:ce-default and mac:ce-vlan-id)"; key "address"; description "Configure VLAN forwarding entry."; leaf address { type pub-type:mac-address { pattern '[0-9a-f][0|2|4|6|8|a|c|e][0-9a-f]{2}(-[0-9a-f]{4}){2}'; } description "MAC address."; } choice mac-type { mandatory true; description "MAC type."; case black-hole { description "Blackhole type."; leaf black-hole { type empty; mandatory true; description "Blackhole type."; } } // case black-hole case static { description "Static type."; leaf out-interface-name { type leafref { path "/ifm:ifm/ifm:interfaces/ifm:interface/ifm:name"; } must "/ifm:ifm/ifm:interfaces/ifm:interface[ifm:name=current()]/ethernet:ethernet/ethernet:main-interface/ethernet:l2-attribute/ethernet:pvid=current()/../../../vlan:id or /ifm:ifm/ifm:interfaces/ifm:interface[ifm:name=current()]/ethernet:ethernet/ethernet:main-interface/ethernet:l2-attribute/ethernet:vlan-stackings/ethernet:vlan-stacking[ethernet:stacking-vlan=current()/../../../vlan:id] or /ifm:ifm/ifm:interfaces/ifm:interface[ifm:name=current()]/ethernet:ethernet/ethernet:main-interface/ethernet:l2-attribute/ethernet:vlan-mappings/ethernet:vlan-mapping[ethernet:mapping-vlan=current()/../../../vlan:id] or /ifm:ifm/ifm:interfaces/ifm:interface[ifm:name=current()]/ethernet:ethernet/ethernet:main-interface/ethernet:l2-attribute/ethernet:trunk-vlans"; mandatory true; description "Outbound interface name. The to-be-delivered VLAN ID must be the default VLAN ID, the VLAN ID in the outer VLAN tag, the post-mapping VLAN ID, or a VLAN ID in the list of allowed VLANs on the specified interface."; } leaf ce-default { type empty; must "/ifm:ifm/ifm:interfaces/ifm:interface[ifm:name=current()/../out-interface-name]/ethernet:ethernet/ethernet:main-interface/ethernet:l2-attribute/ethernet:vlan-stackings/ethernet:vlan-stacking[ethernet:stacking-vlan=current()/../../../vlan:id]/ethernet:ce-default"; description "CE default VLAN. If the to-be-delivered VLAN ID is neither the VLAN ID in the outer VLAN tag to be added to a tagged packet, nor the post-mapping VLAN ID, nor a VLAN ID in the list of allowed VLANs on the specified interface, ce-default is mandatory."; } leaf ce-vlan-id { type uint16 { range "1..4094"; } must "/ifm:ifm/ifm:interfaces/ifm:interface[ifm:name=current()/../out-interface-name]/ethernet:ethernet/ethernet:main-interface/ethernet:l2-attribute/ethernet:vlan-stackings/ethernet:vlan-stacking[ethernet:stacking-vlan=current()/../../../vlan:id]/ethernet:trans-vlans or /ifm:ifm/ifm:interfaces/ifm:interface[ifm:name=current()/../out-interface-name]/ethernet:ethernet/ethernet:main-interface/ethernet:l2-attribute/ethernet:vlan-mappings/ethernet:vlan-mapping[ethernet:mapping-vlan=current()/../../../vlan:id]/ethernet:trans-vlans"; description "CE VLAN ID. The CE VLAN ID must exist in the list of VLAN IDs that can be received by adding the outer VLAN tag carrying the to-be-delivered VLAN ID, or in the list of VLAN IDs that can be mapped to the to-be-delivered VLAN ID on the specified interface. If the to-be-delivered VLAN ID is neither the default VLAN ID, nor the VLAN ID in the outer VLAN tag to be added to an untagged packet, nor a VLAN ID in the list of allowed VLANs on the specified interface, CE VLAN ID is mandatory."; } } // case static } // choice mac-type } // list mac-address } // container mac-addresss container mac-limit { when "../vlan:type!='super'"; presence "MAC address limit."; description "Configure MAC address limit."; leaf maximum { type uint32 { range "0..2048000"; } must "not(../rate=0) or (../rate=0 and ../maximum>0)"; mandatory true; description "Maximum number of MAC addresses that can be learned. The value 0 means unlimited."; } leaf rate { type uint16 { range "0..1000"; } units "ms"; must "not(../maximum=0) or (../maximum=0 and ../rate>0)"; default "0"; description "Interval at which MAC addresses are learned. The value 0 indicates that no rate limit is set."; } leaf action { type mac-limit-forward; default "discard"; description "Discard or forward after the number of learned MAC addresses reaches the maximum number."; } leaf alarm { type mac-enable-status; default "enable"; description "Whether an alarm is generated after the number of learned MAC addresses reaches the maximum number."; } leaf up-threshold { when "../maximum>0"; type uint8 { range "1..100"; } must "(not(../up-threshold) and not(../down-threshold)) or ((../up-threshold and ../down-threshold) and (../up-threshold>=../down-threshold))"; description "Upper limit for the number of MAC addresses."; } leaf down-threshold { when "../maximum>0"; type uint8 { range "1..100"; } must "(not(../up-threshold) and not(../down-threshold)) or ((../up-threshold and ../down-threshold) and (../up-threshold>=../down-threshold))"; description "Lower limit for the number of MAC addresses."; } } // container mac-limit container mac-hops { config false; description "List of the VLAN MAC hop info."; list mac-hop { key "mac-address interface-name"; config false; description "Operational data of VLAN MAC hop info."; leaf mac-address { type pub-type:mac-address { length "0..255"; } config false; description "MAC address."; } leaf interface-name { type leafref { path "/ifm:ifm/ifm:interfaces/ifm:interface/ifm:name"; } config false; description "Interface name."; } leaf detect-time { type string { length "1..20"; } config false; description "Detect time."; } } // list mac-hop } // container mac-hops container loop-detect-suppression { config false; description "Statistics of the VLAN suppression."; leaf interface-name { type leafref { path "/ifm:ifm/ifm:interfaces/ifm:interface/ifm:name"; } config false; description "Interface name."; } leaf cir { type uint32; config false; description "Committed information rate."; } leaf time { type string { length "1..20"; } config false; description "Suppression generation time."; } leaf state { type string { length "1..15"; } config false; description "Suppression state."; } leaf slot { type string { length "1..20"; } config false; description "Slot ID."; } } // container loop-detect-suppression } // list vlan } // container vlans container instances { description "List of VLAN instances."; list instance { key "id"; description "Configure instances."; leaf id { type uint16 { range "1..4094"; } description "Instance ID."; } leaf vlan-list { type pub-type:vlan-range; mandatory true; description "VLAN list."; } } // list instance } // container instances container default-instance { config false; description "Statistics of default instance VLANs."; leaf vlan-list { type pub-type:vlan-range; description "VLAN list."; } } // container default-instance } // container vlan } // module huawei-vlan
© 2023 YumaWorks, Inc. All rights reserved.