ACL
11 min
\<font color="#1d50a2">asternos acl\</font> this chapter provides examples on how to use netconf to manage acl configurations on asternos devices \<font color="#1d50a2">create acl table with rules and bind to interface\</font> request example to create acl via edit config \<config>\<top> \<access lists> \<access list operation="create"> \<name>l3in\</name> \<type>l3\</type> \<stage>ingress\</stage> \<description>l3in\</description> \<bind intfs>ethernet1\</bind intfs> \<bind intfs>ethernet2\</bind intfs> \<access list entries> \<access list entry> \<ruleid>10\</ruleid> \<actions> \<packet action>forward\</packet action> \</actions> \<matches> \<ethernet type>0x800\</ethernet type> \<source ip>12 1 2 3\</source ip> \<destination ip>13 1 3 2\</destination ip> \<ip type>ipv4any\</ip type> \</matches> \</access list entry> \<access list entry> \<ruleid>11\</ruleid> \<actions> \<packet action>trap\</packet action> \</actions> \<matches> \<outer vlan>100\</outer vlan> \<vlan pri>1\</vlan pri> \<ip protocol>17\</ip protocol> \<source port>31020\</source port> \<destination port>21030\</destination port> \</matches> \</access list entry> \</access list entries> \</access list> \</access lists> \</top>\</config> response example \<rpc reply xmlns="urn\ ietf\ params\ xml\ ns\ netconf\ base 1 0" message id="urn\ uuid\ f20f182e f568 49d0 ad82 aaac24244f74"> \<ok/> \</rpc reply> \<font color="#1d50a2">create acl rule entries\</font> request example to create acl via edit config \<config>\<top> \<access lists> \<access list> \<name>l3in\</name> \<access list entries operation="create"> \<access list entry> \<ruleid>100\</ruleid> \<actions> \<packet action>forward\</packet action> \</actions> \<matches> \<ethernet type>0x800\</ethernet type> \<source ip>120 10 20 40\</source ip> \<destination ip>13 10 30 20\</destination ip> \<ip type>ipv4any\</ip type> \</matches> \</access list entry> \</access list entries> \</access list> \</access lists> \</top>\</config> response example \<rpc reply xmlns="urn\ ietf\ params\ xml\ ns\ netconf\ base 1 0" message id="urn\ uuid\ f20f182e f568 49d0 ad82 aaac24244f74"> \<ok/> \</rpc reply> \<font color="#1d50a2">delete acl rule entry\</font> request example to delete acl via edit config \<config>\<top> \<access lists> \<access list> \<name>l3in\</name> \<access list entries> \<access list entry operation="delete"> \<ruleid>10\</ruleid> \</access list entry> \</access list entries> \</access list> \</access lists> \</top>\</config> response example \<rpc reply xmlns="urn\ ietf\ params\ xml\ ns\ netconf\ base 1 0" message id="urn\ uuid\ f20f182e f568 49d0 ad82 aaac24244f74"> \<ok/> \</rpc reply> \<font color="#1d50a2">delete acl table\</font> request example to delete acl via edit config \<config>\<top> \<access lists> \<access list operation="delete"> \<name>l3in\</name> \</access list> \</access lists> \</top>\</config> response example \<rpc reply xmlns="urn\ ietf\ params\ xml\ ns\ netconf\ base 1 0" message id="urn\ uuid\ f20f182e f568 49d0 ad82 aaac24244f74"> \<ok/> \</rpc reply> \<font color="#1d50a2">get acl table\</font> request example to get acl via get config \<filter type="subtree"> \<top> \<access lists> \<access list> \<name>l3in\</name> \</access list> \</access lists> \</top> \</filter> response example \<rpc reply xmlns="urn\ ietf\ params\ xml\ ns\ netconf\ base 1 0" message id="urn\ uuid 8948502b d510 4013 a34a 854febf01b0b"> \<data> \<top> \<access lists xmlns="http //asterfusion com/ns/yang/asternos acl"> \<access list> \<name>l3in\</name> \<type>l3\</type> \<stage>ingress\</stage> \<description>l3in\</description> \<bind intfs>ethernet1\</bind intfs> \<bind intfs>ethernet2\</bind intfs> \<access list entries> \<access list entry> \<ruleid>10\</ruleid> \<actions> \<packet action>forward\</packet action> \</actions> \<matches> \<ethernet type>0x800\</ethernet type> \<ip type>ipv4any\</ip type> \<source ip>12 1 2 3\</source ip> \<destination ip>13 1 3 2\</destination ip> \</matches> \</access list entry> \<access list entry> \<ruleid>11\</ruleid> \<actions> \<packet action>trap\</packet action> \</actions> \<matches> \<outer vlan>100\</outer vlan> \<ip protocol>17\</ip protocol> \<source port>31020\</source port> \<destination port>21030\</destination port> \<vlan pri>1\</vlan pri> \</matches> \</access list entry> \</access list entries> \</access list> \</access lists> \</top> \</data> \</rpc reply> \<font color="#1d50a2">show acl counters\</font> request example to show acl counters via rpc show counters acl \<rpc> \<show counters acl> \<table name>l3in\</table name> \</show counters acl> \</rpc> response example \<rpc reply xmlns="urn\ ietf\ params\ xml\ ns\ netconf\ base 1 0" message id="urn\ uuid\ ad92a25d 8612 411e 9d82 a9c9572c6563"> \<data xmlns="http //asterfusion com/ns/yang/asternos acl"> rule name table name prio packets count bytes count \ 11 l3in 1011 0 0 10 l3in 1010 0 0 \</data> \</rpc reply> \<font color="#1d50a2">clear acl counters\</font> request example to clear acl counters via rpc clear counters acl \<rpc> \<clear counters acl/> \</rpc> response example \<rpc reply xmlns="urn\ ietf\ params\ xml\ ns\ netconf\ base 1 0" message id="urn\ uuid\ f20f182e f568 49d0 ad82 aaac24244f74"> \<ok/> \</rpc reply>
