NETCONF Configuration Guide
...
ACL
ACL
11 min
asternos acl this chapter provides examples on how to use netconf to manage acl configurations on asternos devices create acl table with rules and bind to interface request example to create acl via edit config \<config>\<top> \<access lists> \<access list operation="create"> \<name>l3in\</name> \<type>l3\</type> \<stage>ingress\</stage> \<description>l3in\</description> \<bind intfs>ethernet1\</bind intfs> \<bind intfs>ethernet2\</bind intfs> \<access list entries> \<access list entry> \<ruleid>10\</ruleid> \<actions> \<packet action>forward\</packet action> \</actions> \<matches> \<ethernet type>0x800\</ethernet type> \<source ip>12 1 2 3\</source ip> \<destination ip>13 1 3 2\</destination ip> \<ip type>ipv4any\</ip type> \</matches> \</access list entry> \<access list entry> \<ruleid>11\</ruleid> \<actions> \<packet action>trap\</packet action> \</actions> \<matches> \<outer vlan>100\</outer vlan> \<vlan pri>1\</vlan pri> \<ip protocol>17\</ip protocol> \<source port>31020\</source port> \<destination port>21030\</destination port> \</matches> \</access list entry> \</access list entries> \</access list> \</access lists> \</top>\</config> response example \<rpc reply xmlns="urn\ ietf\ params\ xml\ ns\ netconf\ base 1 0" message id="urn\ uuid\ f20f182e f568 49d0 ad82 aaac24244f74"> \<ok/> \</rpc reply> create acl rule entries request example to create acl via edit config \<config>\<top> \<access lists> \<access list> \<name>l3in\</name> \<access list entries operation="create"> \<access list entry> \<ruleid>100\</ruleid> \<actions> \<packet action>forward\</packet action> \</actions> \<matches> \<ethernet type>0x800\</ethernet type> \<source ip>120 10 20 40\</source ip> \<destination ip>13 10 30 20\</destination ip> \<ip type>ipv4any\</ip type> \</matches> \</access list entry> \</access list entries> \</access list> \</access lists> \</top>\</config> response example \<rpc reply xmlns="urn\ ietf\ params\ xml\ ns\ netconf\ base 1 0" message id="urn\ uuid\ f20f182e f568 49d0 ad82 aaac24244f74"> \<ok/> \</rpc reply> delete acl rule entry request example to delete acl via edit config \<config>\<top> \<access lists> \<access list> \<name>l3in\</name> \<access list entries> \<access list entry operation="delete"> \<ruleid>10\</ruleid> \</access list entry> \</access list entries> \</access list> \</access lists> \</top>\</config> response example \<rpc reply xmlns="urn\ ietf\ params\ xml\ ns\ netconf\ base 1 0" message id="urn\ uuid\ f20f182e f568 49d0 ad82 aaac24244f74"> \<ok/> \</rpc reply> delete acl table request example to delete acl via edit config \<config>\<top> \<access lists> \<access list operation="delete"> \<name>l3in\</name> \</access list> \</access lists> \</top>\</config> response example \<rpc reply xmlns="urn\ ietf\ params\ xml\ ns\ netconf\ base 1 0" message id="urn\ uuid\ f20f182e f568 49d0 ad82 aaac24244f74"> \<ok/> \</rpc reply> get acl table request example to get acl via get config \<filter type="subtree"> \<top> \<access lists> \<access list> \<name>l3in\</name> \</access list> \</access lists> \</top> \</filter> response example \<rpc reply xmlns="urn\ ietf\ params\ xml\ ns\ netconf\ base 1 0" message id="urn\ uuid 8948502b d510 4013 a34a 854febf01b0b"> \<data> \<top> \<access lists xmlns="http //asterfusion com/ns/yang/asternos acl"> \<access list> \<name>l3in\</name> \<type>l3\</type> \<stage>ingress\</stage> \<description>l3in\</description> \<bind intfs>ethernet1\</bind intfs> \<bind intfs>ethernet2\</bind intfs> \<access list entries> \<access list entry> \<ruleid>10\</ruleid> \<actions> \<packet action>forward\</packet action> \</actions> \<matches> \<ethernet type>0x800\</ethernet type> \<ip type>ipv4any\</ip type> \<source ip>12 1 2 3\</source ip> \<destination ip>13 1 3 2\</destination ip> \</matches> \</access list entry> \<access list entry> \<ruleid>11\</ruleid> \<actions> \<packet action>trap\</packet action> \</actions> \<matches> \<outer vlan>100\</outer vlan> \<ip protocol>17\</ip protocol> \<source port>31020\</source port> \<destination port>21030\</destination port> \<vlan pri>1\</vlan pri> \</matches> \</access list entry> \</access list entries> \</access list> \</access lists> \</top> \</data> \</rpc reply> show acl counters request example to show acl counters via rpc show counters acl \<rpc> \<show counters acl> \<table name>l3in\</table name> \</show counters acl> \</rpc> response example \<rpc reply xmlns="urn\ ietf\ params\ xml\ ns\ netconf\ base 1 0" message id="urn\ uuid\ ad92a25d 8612 411e 9d82 a9c9572c6563"> \<data xmlns="http //asterfusion com/ns/yang/asternos acl"> rule name table name prio packets count bytes count \ 11 l3in 1011 0 0 10 l3in 1010 0 0 \</data> \</rpc reply> clear acl counters request example to clear acl counters via rpc clear counters acl \<rpc> \<clear counters acl/> \</rpc> response example \<rpc reply xmlns="urn\ ietf\ params\ xml\ ns\ netconf\ base 1 0" message id="urn\ uuid\ f20f182e f568 49d0 ad82 aaac24244f74"> \<ok/> \</rpc reply>
