This section describes how to configure, modify, and delete an ACL rule using the edit-config method.
Operation |
XPATH |
|---|---|
edit-config:create edit-config:replace edit-config:delete |
|
Item |
Data |
Description |
|---|---|---|
ACL name |
test1 |
Create an ACL named test1. |
ACL type |
IP-access-control-list |
Set the ACL type to IP-access-control-list. |
ACL rule name |
1 |
Set the ACL rule name to 1. |
Action in the ACL rule |
NA |
Discard packets that match the ACL rule. |
Type of protocol packets matching the ACL rule |
6 |
Specify TCP protocol packets to match the ACL rule. |
Source port of the TCP packets matching the ACL rule |
lower-port: 1 upper-port: N/A |
Specify port 1 to any port as the source port range of TCP packets that match the ACL rule. |
Destination port of the TCP packets matching the ACL rule |
lower-port: 1 upper-port: 3 |
Specify ports 1 to 3 as the destination port range of TCP packets that match the ACL rule. |
Source addresses of packets that match the ACL rule |
10.1.1.1/16 |
Specify 10.1.1.1/16 as the source addresses of packets that match the ACL rule. |
Destination addresses of packets that match the ACL rule |
10.2.1.1/24 |
Specify 10.2.1.1/24 as the destination addresses of packets that match the ACL rule. |
DSCP |
0 |
Set the DSCP value to 0 for the ACL rule. |
Name of the time range within which the ACL rule takes effect |
abc |
Apply the ACL rule in a time range named abc. |
Request example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="5" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<config>
<access-control-list:access-lists xmlns:access-control-list="urn:ietf:params:xml:ns:yang:ietf-acl">
<access-control-list:access-list>
<access-control-list:access-control-list-name>test1</access-control-list:access-control-list-name>
<access-control-list:access-control-list-type>IP-access-control-list</access-control-list:access-control-list-type>
<access-control-list:access-list-entries>
<access-control-list:access-list-entry>
<access-control-list:rule-name>1</access-control-list:rule-name>
<access-control-list:matches>
<access-control-list:source-port-range>
<access-control-list:lower-port>1</access-control-list:lower-port>
</access-control-list:source-port-range>
<access-control-list:destination-port-range>
<access-control-list:lower-port>1</access-control-list:lower-port>
<access-control-list:upper-port>3</access-control-list:upper-port>
</access-control-list:destination-port-range>
<access-control-list:dscp>0</access-control-list:dscp>
<access-control-list:protocol>6</access-control-list:protocol>
<access-control-list:destination-ipv4-network>10.2.1.1/24</access-control-list:destination-ipv4-network>
<access-control-list:source-ipv4-network>10.1.1.1/16</access-control-list:source-ipv4-network>
</access-control-list:matches>
<access-control-list:actions>
<access-control-list:deny></access-control-list:deny>
</access-control-list:actions>
<hw-acl:time-range xmlns:hw-acl="urn:huawei:params:xml:ns:yang:huawei-acl">abc</hw-acl:time-range>
</access-control-list:access-list-entry>
</access-control-list:access-list-entries>
</access-control-list:access-list>
</access-control-list:access-lists>
</config>
</edit-config>
</rpc>
Response example
Sample of successful response
<?xml version='1.0' encoding='UTF-8'?> <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="3"> <ok/> </rpc-reply>
Sample of failed response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="7">
<rpc-error>
<error-type>application</error-type>
<error-tag>operation-failed</error-tag>
<error-severity>error</error-severity>
<error-message>parse rpc config error.</error-message>
</rpc-error>
</rpc-reply>
The following provides only the item to be modified. For other items, see data requirement 1.
Item |
Data |
Description |
|---|---|---|
Destination port of the TCP packets matching the ACL rule |
lower-port: 1 upper-port: 6 |
Modify the destination port range of TCP packets that match the ACL rule from ports 1 to 3 to ports 1 to 6. |
Request example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="8" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<config>
<access-control-list:access-lists xmlns:access-control-list="urn:ietf:params:xml:ns:yang:ietf-acl">
<access-control-list:access-list>
<access-control-list:access-control-list-name>test1</access-control-list:access-control-list-name>
<access-control-list:access-control-list-type>IP-access-control-list</access-control-list:access-control-list-type>
<access-control-list:access-list-entries>
<access-control-list:access-list-entry>
<access-control-list:rule-name>1</access-control-list:rule-name>
<access-control-list:matches>
<access-control-list:source-port-range>
<access-control-list:lower-port>1</access-control-list:lower-port>
</access-control-list:source-port-range>
<access-control-list:destination-port-range>
<access-control-list:lower-port>1</access-control-list:lower-port>
<access-control-list:upper-port xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="replace">6</access-control-list:upper-port>
</access-control-list:destination-port-range>
<access-control-list:dscp>0</access-control-list:dscp>
<access-control-list:protocol>6</access-control-list:protocol>
<access-control-list:destination-ipv4-network>10.2.1.1/24</access-control-list:destination-ipv4-network>
<access-control-list:source-ipv4-network>10.1.1.1/16</access-control-list:source-ipv4-network>
</access-control-list:matches>
<hw-acl:time-range xmlns:hw-acl="urn:huawei:params:xml:ns:yang:huawei-acl">abc</hw-acl:time-range>
</access-control-list:access-list-entry>
</access-control-list:access-list-entries>
</access-control-list:access-list>
</access-control-list:access-lists>
</config>
</edit-config>
</rpc>
Response example
Sample of successful response
<?xml version='1.0' encoding='UTF-8'?> <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="3"> <ok/> </rpc-reply>
Sample of failed response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="4">
<rpc-error>
<error-app-tag>-1</error-app-tag>
<error-message>Service process failed.</error-message>
<error-info>Error on node /ietf-acl:access-lists/access-list[access-control-list-name="test1"]</error-info>
</rpc-error>
</rpc-reply>
The following provides only the item to be modified. For other items, see data requirement 1.
Item |
Data |
Description |
|---|---|---|
Destination port of the TCP packets matching the ACL rule |
lower-port: 1 upper-port: N/A |
Modify the destination port range of TCP packets that match the ACL rule to port 1 to any port. |
Request example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="9" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<config>
<access-control-list:access-lists xmlns:access-control-list="urn:ietf:params:xml:ns:yang:ietf-acl">
<access-control-list:access-list>
<access-control-list:access-control-list-name>test1</access-control-list:access-control-list-name>
<access-control-list:access-control-list-type>IP-access-control-list</access-control-list:access-control-list-type>
<access-control-list:access-list-entries>
<access-control-list:access-list-entry>
<access-control-list:rule-name>1</access-control-list:rule-name>
<access-control-list:matches>
<access-control-list:source-port-range>
<access-control-list:lower-port>1</access-control-list:lower-port>
</access-control-list:source-port-range>
<access-control-list:destination-port-range>
<access-control-list:lower-port>1</access-control-list:lower-port>
<access-control-list:upper-port xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="delete">6</access-control-list:upper-port>
</access-control-list:destination-port-range>
<access-control-list:dscp>0</access-control-list:dscp>
<access-control-list:protocol>6</access-control-list:protocol>
<access-control-list:destination-ipv4-network>10.2.1.1/24</access-control-list:destination-ipv4-network>
<access-control-list:source-ipv4-network>10.1.1.1/16</access-control-list:source-ipv4-network>
</access-control-list:matches>
<hw-acl:time-range xmlns:hw-acl="urn:huawei:params:xml:ns:yang:huawei-acl">abc</hw-acl:time-range>
</access-control-list:access-list-entry>
</access-control-list:access-list-entries>
</access-control-list:access-list>
</access-control-list:access-lists>
</config>
</edit-config>
</rpc>
Response example
Sample of successful response
<?xml version='1.0' encoding='UTF-8'?> <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="3"> <ok/> </rpc-reply>
Sample of failed response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="7">
<rpc-error>
<error-type>application</error-type>
<error-tag>operation-failed</error-tag>
<error-severity>error</error-severity>
<error-message>edit operation failed.</error-message>
</rpc-error>
</rpc-reply>