This YANG module defines a component that describing the configuration of Access Control Lists (ACLs).
Version: 2014-10-10
module ietf-acl { yang-version 1; namespace "urn:ietf:params:xml:ns:yang:ietf-acl"; prefix acl; import ietf-yang-types { prefix ietf; } import packet-fields { prefix packet-fields; } organization "IETF NETMOD (NETCONF Data Modeling Language) Working Group"; contact "WG Web: http://tools.ietf.org/wg/netmod/ WG List: netmod@ietf.org WG Chair: Juergen Schoenwaelder j.schoenwaelder@jacobs-university.de WG Chair: Tom Nadeau tnadeau@lucidvision.com Editor: Dean Bogdanovic deanb@juniper.net Editor: Kiran Agrahara Sreenivasa kkoushik@brocade.com Editor: Lisa Huang yihuan@cisco.com Editor: Dana Blair dblair@cisco.com"; description "This YANG module defines a component that describing the configuration of Access Control Lists (ACLs)."; revision "2014-10-10" { description "Creating base model for netmod."; reference "RFC 6020: YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)"; } identity acl-base { description "Base acl type for all ACL type identifiers."; } identity ip-acl { base acl:acl-base; description "layer 3 ACL type"; } identity eth-acl { base acl:acl-base; description "layer 2 ACL type"; } typedef acl-type { type identityref { base acl-base; } description "This type is used to refer to an Access Control List (ACL) type"; } typedef acl-ref { type leafref { path "/acl:access-lists/acl:access-list/acl:acl-name"; } description "This type is used by data models that need to referenced an acl"; } container access-lists { description "Access control lists."; list access-list { key "acl-name"; description " An access list (acl) is an ordered list of access list entries (ace). Each ace has a sequence number to define the order, list of match criteria, and a list of actions. Since there are several kinds of acls implementeded with different attributes for each and different for each vendor, this model accomodates customizing acls for each kind and for each vendor. "; leaf acl-name { type string; description "The name of access-list. A device MAY restrict the length and value of this name, possibly space and special characters are not allowed."; } leaf acl-type { type acl-type; description "Type of ACL"; } container acl-oper-data { config false; description "Overall ACL operational data"; leaf match-counter { type ietf:counter64; description "Total match count for ACL"; } leaf-list targets { type string; description "List of targets where ACL is applied"; } } // container acl-oper-data container access-list-entries { description "The access-list-entries container contains a list of access-list-entry(ACE)."; list access-list-entry { key "rule-name"; ordered-by user; description "List of access list entries(ACE)"; leaf rule-name { type string; description "Entry name."; } container matches { description "Define match criteria"; choice ace-type { description "Type of ace."; case ace-ip { uses packet-fields:acl-ip-header-fields; choice ace-ip-version { description "Choice of IP version."; case ace-ipv4 { uses packet-fields:acl-ipv4-header-fields; } // case ace-ipv4 case ace-ipv6 { uses packet-fields:acl-ipv6-header-fields; } // case ace-ipv6 } // choice ace-ip-version } // case ace-ip case ace-eth { uses packet-fields:acl-eth-header-fields; } // case ace-eth } // choice ace-type uses packet-fields:metadata; } // container matches container actions { description "Define action criteria"; choice packet-handling { default 'deny'; description "Packet handling action."; leaf deny { type empty; description "Deny action."; } leaf permit { type empty; description "Permit action."; } } // choice packet-handling } // container actions container ace-oper-data { config false; description "Per ace operational data"; leaf match-counter { type ietf:counter64; description "Number of matches for an ace"; } } // container ace-oper-data } // list access-list-entry } // container access-list-entries } // list access-list } // container access-lists } // module ietf-acl
© 2023 YumaWorks, Inc. All rights reserved.