4 namespace "urn:ietf:params:xml:ns:yang:ietf-acl";
8 import ietf-yang-types {
12 import packet-fields {
13 prefix "packet-fields";
17 "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
20 "WG Web: http://tools.ietf.org/wg/netmod/
21 WG List: netmod@ietf.org
23 WG Chair: Juergen Schoenwaelder
24 j.schoenwaelder@jacobs-university.de
27 tnadeau@lucidvision.com
29 Editor: Dean Bogdanovic
32 Editor: Kiran Agrahara Sreenivasa
42 "This YANG module defines a component that describing the
43 configuration of Access Control Lists (ACLs).";
46 description "Creating base model for netmod.";
48 "RFC 6020: YANG - A Data Modeling Language for the
49 Network Configuration Protocol (NETCONF)";
53 description "Base acl type for all ACL type identifiers.";
58 description "layer 3 ACL type";
62 description "layer 2 ACL type";
70 "This type is used to refer to an Access Control List
76 path "/acl:access-lists/acl:access-list/acl:acl-name";
78 description "This type is used by data models that
79 need to referenced an acl";
82 container access-lists {
84 "Access control lists.";
89 An access list (acl) is an ordered list of
90 access list entries (ace). Each ace has a
91 sequence number to define the order, list
92 of match criteria, and a list of actions.
93 Since there are several kinds of acls
94 implementeded with different attributes for
95 each and different for each vendor, this
96 model accomodates customizing acls for
97 each kind and for each vendor.
102 description "The name of access-list.
103 A device MAY restrict the length and value of
104 this name, possibly space and special
105 characters are not allowed.";
110 description "Type of ACL";
113 container acl-oper-data {
116 description "Overall ACL operational data";
119 description "Total match count for ACL";
124 description "List of targets where ACL is applied";
128 container access-list-entries {
129 description "The access-list-entries container contains
130 a list of access-list-entry(ACE).";
132 list access-list-entry {
136 description "List of access list entries(ACE)";
139 description "Entry name.";
143 description "Define match criteria";
145 description "Type of ace.";
147 uses packet-fields:acl-ip-header-fields;
148 choice ace-ip-version {
149 description "Choice of IP version.";
151 uses packet-fields:acl-ipv4-header-fields;
154 uses packet-fields:acl-ipv6-header-fields;
159 uses packet-fields:acl-eth-header-fields;
162 uses packet-fields:metadata;
166 description "Define action criteria";
167 choice packet-handling {
170 description "Packet handling action.";
174 description "Deny action.";
180 description "Permit action.";
186 container ace-oper-data {
189 description "Per ace operational data";
192 description "Number of matches for an ace";