This section describes how to configure and delete an IPv6 ACL rule using the edit-config method.
Operation |
XPATH |
|---|---|
edit-config |
|
Item |
Data |
Description |
|---|---|---|
Name or ID of an ACL to be created |
ipv6:3600 |
- |
Whether the created ACL is an IPv4 ACL or an IPv6 ACL |
true |
- |
ACL type |
IP-access-control-list |
- |
ACL rule ID |
1 |
- |
Action in the ACL rule |
Space (The permit action is used.) |
Allow packets matching the ACL rule to pass. |
Type of protocol packets matching the ACL rule |
6 |
- |
Source port of the TCP packets matching the ACL rule |
|
- |
Destination port of the TCP packets matching the ACL rule |
|
- |
Source addresses of packets that match the IPv6 ACL rule |
2001:db8:1::1/64 |
- |
Destination addresses of packets that match the IPv6 ACL rule |
2001:db8:1::2/64 |
- |
DSCP |
60 |
- |
Name of the time range within which the ACL rule takes effect |
t1 |
- |
Start time of the time range |
12:23:34 |
- |
End time of the time range |
23:34:56 |
- |
Validity period |
friday |
- |
Request example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="1" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<config>
<hw-time-range:time-ranges xmlns:hw-time-range="urn:huawei:params:xml:ns:yang:huawei-time-range">
<hw-time-range:time-range>
<hw-time-range:vsys>public</hw-time-range:vsys>
<hw-time-range:name>t1</hw-time-range:name>
<hw-time-range:period-time>
<hw-time-range:start>12:23:34</hw-time-range:start>
<hw-time-range:end>23:34:56</hw-time-range:end>
<hw-time-range:weekday>friday</hw-time-range:weekday>
</hw-time-range:period-time>
</hw-time-range:time-range>
</hw-time-range:time-ranges>
<access-control-list:access-lists xmlns:access-control-list="urn:ietf:params:xml:ns:yang:ietf-acl">
<access-control-list:access-list>
<access-control-list:access-control-list-name>ipv6:3600</access-control-list:access-control-list-name>
<access-control-list:access-control-list-type>IP-access-control-list</access-control-list:access-control-list-type>
<access-control-list:access-list-entries>
<access-control-list:access-list-entry>
<access-control-list:rule-name>1</access-control-list:rule-name>
<access-control-list:matches>
<access-control-list:source-port-range>
<access-control-list:lower-port>50</access-control-list:lower-port>
<access-control-list:upper-port>60</access-control-list:upper-port>
</access-control-list:source-port-range>
<access-control-list:destination-port-range>
<access-control-list:lower-port>70</access-control-list:lower-port>
<access-control-list:upper-port>80</access-control-list:upper-port>
</access-control-list:destination-port-range>
<access-control-list:dscp>60</access-control-list:dscp>
<access-control-list:protocol>6</access-control-list:protocol>
<access-control-list:source-ipv6-network>2001:db8:1::1/64</access-control-list:source-ipv6-network>
<access-control-list:destination-ipv6-network>2001:db8:1::2/64</access-control-list:destination-ipv6-network>
<hw-acl:time-range xmlns:hw-acl="urn:huawei:params:xml:ns:yang:huawei-acl">t1</hw-acl:time-range>
</access-control-list:matches>
<access-control-list:actions>
<access-control-list:permit> </access-control-list:permit>
</access-control-list:actions>
</access-control-list:access-list-entry>
</access-control-list:access-list-entries>
<hw-acl:ipv6-flag xmlns:hw-acl="urn:huawei:params:xml:ns:yang:huawei-acl">true</hw-acl:ipv6-flag>
</access-control-list:access-list>
</access-control-list:access-lists>
</config>
</edit-config>
</rpc>
Response example
# Sample of successful response
##### Ok Reply or Operation Successful ##### <?xml version='1.0' encoding='UTF-8'?> <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1"> <ok/> </rpc-reply>
# Sample of failed response
##### Error Reply or Operation Failed #####
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
<rpc-error>
<error-app-tag>-1</error-app-tag>
<error-message>The acl6 must start with "ipv6:".</error-message>
<error-info>Error on node /ietf-acl:access-lists/access-list[access-control-list-name="ipv:3600"]</error-info>
</rpc-error>
</rpc-reply>
Delete the configuration performed in Data Requirement 1.
Request example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="2" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<config>
<hw-time-range:time-ranges xmlns:hw-time-range="urn:huawei:params:xml:ns:yang:huawei-time-range">
<hw-time-range:time-range xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="delete">
<hw-time-range:vsys>public</hw-time-range:vsys>
<hw-time-range:name>t1</hw-time-range:name>
<hw-time-range:period-time>
<hw-time-range:start>12:23:34</hw-time-range:start>
<hw-time-range:end>23:34:56</hw-time-range:end>
<hw-time-range:weekday>friday</hw-time-range:weekday>
</hw-time-range:period-time>
</hw-time-range:time-range>
</hw-time-range:time-ranges>
<access-control-list:access-lists xmlns:access-control-list="urn:ietf:params:xml:ns:yang:ietf-acl">
<access-control-list:access-list xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="delete">
<access-control-list:access-control-list-name>ipv6:3600</access-control-list:access-control-list-name>
<access-control-list:access-control-list-type>IP-access-control-list</access-control-list:access-control-list-type>
<access-control-list:access-list-entries>
<access-control-list:access-list-entry>
<access-control-list:rule-name>1</access-control-list:rule-name>
<access-control-list:matches>
<access-control-list:source-port-range>
<access-control-list:lower-port>50</access-control-list:lower-port>
<access-control-list:upper-port>60</access-control-list:upper-port>
</access-control-list:source-port-range>
<access-control-list:destination-port-range>
<access-control-list:lower-port>70</access-control-list:lower-port>
<access-control-list:upper-port>80</access-control-list:upper-port>
</access-control-list:destination-port-range>
<access-control-list:dscp>60</access-control-list:dscp>
<access-control-list:protocol>6</access-control-list:protocol>
<access-control-list:source-ipv6-network>2001:db8:1::1/64</access-control-list:source-ipv6-network>
<access-control-list:destination-ipv6-network>2001:db8:1::2/64</access-control-list:destination-ipv6-network>
<hw-acl:time-range xmlns:hw-acl="urn:huawei:params:xml:ns:yang:huawei-acl">t1</hw-acl:time-range>
</access-control-list:matches>
<access-control-list:actions>
<access-control-list:permit> </access-control-list:permit>
</access-control-list:actions>
</access-control-list:access-list-entry>
</access-control-list:access-list-entries>
<hw-acl:ipv6-flag xmlns:hw-acl="urn:huawei:params:xml:ns:yang:huawei-acl">true</hw-acl:ipv6-flag>
</access-control-list:access-list>
</access-control-list:access-lists>
</config>
</edit-config>
</rpc>
Response example
# Sample of successful response
##### Ok Reply or Operation Successful ##### <?xml version='1.0' encoding='UTF-8'?> <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="2"> <ok/> </rpc-reply>
# Sample of failed response
##### Error Reply or Operation Failed #####
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="2">
<rpc-error>
<error-app-tag>-1</error-app-tag>
<error-message>Service process failed.</error-message>
<error-info>Error on node /ietf-acl:access-lists/access-list[access-control-list-name="test1"]</error-info>
</rpc-error>
</rpc-reply>