This YANG module defines a component that describing the configuration of Access Control Lists (ACLs). Redistribution and use in...
Version: 2015-03-17
module ietf-access-control-list { yang-version 1; namespace "urn:ietf:params:xml:ns:yang:ietf-access-control-list"; prefix acl; import ietf-yang-types { prefix yang; } import ietf-packet-fields { prefix packet-fields; } organization "IETF NETMOD (NETCONF Data Modeling Language) Working Group"; contact "WG Web: http://tools.ietf.org/wg/netmod/ WG List: netmod@ietf.org WG Chair: Juergen Schoenwaelder j.schoenwaelder@jacobs-university.de WG Chair: Tom Nadeau tnadeau@lucidvision.com Editor: Dean Bogdanovic deanb@juniper.net Editor: Kiran Agrahara Sreenivasa kkoushik@brocade.com Editor: Lisa Huang lyihuang@juniper.net Editor: Dana Blair dblair@cisco.com"; description "This YANG module defines a component that describing the configuration of Access Control Lists (ACLs). Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). This version of this YANG module is part of RFC XXXX; see the RFC itself for full legal notices."; revision "2015-03-17" { description "Base model for Network Access Control List (ACL)."; reference "RFC XXXX: Network Access Control List (ACL) YANG Data Model"; } identity acl-base { description "Base Access Control List type for all Access Control List type identifiers."; } identity ip-acl { base acl:acl-base; description "IP Access Control List is a common name for lists that contain layer 3 and/or layer 4 match conditions."; } identity eth-acl { base acl:acl-base; description "Ethernet Access Control List is name for layer 2 Ethernet technology Access Control List types, like 10/100/1000baseT or WiFi Access Control List"; } typedef acl-type { type identityref { base acl-base; } description "This type is used to refer to an Access Control List (ACL) type"; } typedef access-control-list-ref { type leafref { path "/access-lists/acl/acl-name"; } description "This type is used by data models that need to reference an Access Control List"; } container access-lists { description "This is a top level container for Access Control Lists. It can have one or more Access Control Lists."; list acl { key "acl-name"; description "An Access Control List(ACL) is an ordered list of Access List Entries (ACE). Each Access Control Entry has a list of match criteria and a list of actions. Since there are several kinds of Access Control Lists implemented with different attributes for different vendors, this model accommodates customizing Access Control Lists for each kind and for each vendor."; container acl-oper-data { config false; description "Overall Access Control List operational data"; } // container acl-oper-data container access-list-entries { description "The access-list-entries container contains a list of access-list-entries(ACE)."; list ace { key "rule-name"; ordered-by user; description "List of access list entries(ACE)"; container matches { description "Definitions for match criteria for this Access List Entry."; choice ace-type { description "Type of access list entry."; case ace-ip { description "IP Access List Entry."; choice ace-ip-version { description "IP version used in this Acess List Entry."; case ace-ipv4 { uses packet-fields:acl-ipv4-header-fields; } // case ace-ipv4 case ace-ipv6 { uses packet-fields:acl-ipv6-header-fields; } // case ace-ipv6 } // choice ace-ip-version uses packet-fields:acl-ip-header-fields; } // case ace-ip case ace-eth { description "Ethernet Access List entry."; uses packet-fields:acl-eth-header-fields; } // case ace-eth } // choice ace-type uses packet-fields:metadata; } // container matches container actions { description "Definitions of action criteria for this Access List Entry."; choice packet-handling { default "deny"; description "Packet handling action."; leaf deny { type empty; description "Deny action."; } leaf permit { type empty; description "Permit action."; } } // choice packet-handling } // container actions container ace-oper-data { config false; description "Operational data for this Access List Entry."; leaf match-counter { type yang:counter64; description "Number of matches for this Access List Entry"; } } // container ace-oper-data leaf rule-name { type string; description "A unique name identifying this Access List Entry(ACE)."; } } // list ace } // container access-list-entries leaf acl-name { type string; description "The name of access-list. A device MAY restrict the length and value of this name, possibly space and special characters are not allowed."; } leaf acl-type { type acl-type; description "It is recommended to have an Access Control List with uniform access list entries, all of the same type. When this type is not explicitly specified, if vendor implementation permits, the access control entries in the list can be mixed, by containing L2, L3 and L4 entries"; } } // list acl } // container access-lists } // module ietf-access-control-list
© 2023 YumaWorks, Inc. All rights reserved.