1 module ietf-access-control-list {
3 namespace "urn:ietf:params:xml:ns:yang:ietf-access-control-list";
5 import ietf-yang-types {
6 prefix yang; revision-date 2013-07-15;
8 import ietf-packet-fields {
9 prefix packet-fields; revision-date 2016-02-18;
11 organization "IETF NETMOD (NETCONF Data Modeling Language)
14 "WG Web: http://tools.ietf.org/wg/netmod/
15 WG List: netmod@ietf.org
16 WG Chair: Juergen Schoenwaelder
17 j.schoenwaelder@jacobs-university.de
19 tnadeau@lucidvision.com
20 Editor: Dean Bogdanovic
22 Editor: Kiran Agrahara Sreenivasa
29 "This YANG module defines a component that describing the
30 configuration of Access Control Lists (ACLs).
31 Copyright (c) 2016 IETF Trust and the persons identified as
32 the document authors. All rights reserved.
33 Redistribution and use in source and binary forms, with or
34 without modification, is permitted pursuant to, and subject
35 to the license terms contained in, the Simplified BSD
36 License set forth in Section 4.c of the IETF Trust's Legal
37 Provisions Relating to IETF Documents
38 (http://trustee.ietf.org/license-info).
39 This version of this YANG module is part of RFC XXXX; see
40 the RFC itself for full legal notices.";
43 "Base model for Network Access Control List (ACL).";
45 "RFC XXXX: Network Access Control List (ACL)
50 "Base Access Control List type for all Access Control List type
56 "ACL that primarily matches on fields from the IPv4 header
57 (e.g. IPv4 destination address) and layer 4 headers (e.g. TCP
58 destination port). An acl of type ipv4-acl does not contain
59 matches on fields in the ethernet header or the IPv6 header.";
64 "ACL that primarily matches on fields from the IPv6 header
65 (e.g. IPv6 destination address) and layer 4 headers (e.g. TCP
66 destination port). An acl of type ipv6-acl does not contain
67 matches on fields in the ethernet header or the IPv4 header.";
72 "ACL that primarily matches on fields in the ethernet header,
73 like 10/100/1000baseT or WiFi Access Control List. An acl of
74 type eth-acl does not contain matches on fields in the IPv4
75 header, IPv6 header or layer 4 headers.";
82 "This type is used to refer to an Access Control List
85 typedef access-control-list-ref {
87 path "/access-lists/acl/acl-name";
90 "This type is used by data models that need to reference an
93 container access-lists {
95 "This is a top level container for Access Control Lists.
96 It can have one or more Access Control Lists.";
98 key "acl-type acl-name";
100 "An Access Control List(ACL) is an ordered list of
101 Access List Entries (ACE). Each Access Control Entry has a
102 list of match criteria and a list of actions.
103 Since there are several kinds of Access Control Lists
104 implemented with different attributes for
105 different vendors, this
106 model accommodates customizing Access Control Lists for
107 each kind and for each vendor.";
111 "The name of access-list. A device MAY restrict the length
112 and value of this name, possibly space and special
113 characters are not allowed.";
118 "Type of access control list. Indicates the primary intended
119 type of match criteria (e.g. ethernet, IPv4, IPv6, mixed, etc)
120 used in the list instance.";
122 container acl-oper-data {
125 "Overall Access Control List operational data";
127 container access-list-entries {
129 "The access-list-entries container contains
130 a list of access-list-entries(ACE).";
135 "List of access list entries(ACE)";
139 "A unique name identifying this Access List
144 "Definitions for match criteria for this Access List
148 "Type of access list entry.";
150 description "IP Access List Entry.";
151 choice ace-ip-version {
153 "IP version used in this Access List Entry.";
155 uses packet-fields:acl-ipv4-header-fields;
158 uses packet-fields:acl-ipv6-header-fields;
161 uses packet-fields:acl-ip-header-fields;
165 "Ethernet Access List entry.";
166 uses packet-fields:acl-eth-header-fields;
169 uses packet-fields:metadata;
173 "Definitions of action criteria for this Access List
175 choice packet-handling {
178 "Packet handling action.";
195 container ace-oper-data {
198 "Operational data for this Access List Entry.";
202 "Number of matches for this Access List Entry";