< Home

Configuring ACL-based Packet Filtering and Traffic Statistics Collection

This section describes how to configure ACL-based packet filtering and traffic statistics collection using the edit-config method.

Table 1 Configuring ACL-based packet filtering and traffic statistics collection

Operation

XPATH

edit-config
  • /huawei-sacl:traffic-filter-apply/directions/direction
  • /huawei-sacl:traffic-filter-apply/directions/acls/acl
  • /huawei-sacl:traffic-filter-apply/directions/acls/ipv6-flag
  • /huawei-sacl:traffic-filter-apply/directions/acls/statistic
  • /huawei-sacl:traffic-secure-apply/directions/direction
  • /huawei-sacl:traffic-secure-apply/directions/acls/acl
  • /huawei-sacl:traffic-secure-apply/directions/acls/ruleid
  • /huawei-sacl:traffic-secure-apply/directions/acls/statistic
  • /ietf-interfaces:interfaces/interface/huawei-sacl:traffic-filter-apply/directions/direction
  • /ietf-interfaces:interfaces/interface/huawei-sacl:traffic-filter-apply/directions/acls/acl
  • /ietf-interfaces:interfaces/interface/huawei-sacl:traffic-filter-apply/directions/acls/ipv6-flag
  • /ietf-interfaces:interfaces/interface/huawei-sacl:traffic-filter-apply/directions/acls/statistic
  • /ietf-interfaces:interfaces/interface/huawei-sacl:traffic-secure-apply/directions/direction
  • /ietf-interfaces:interfaces/interface/huawei-sacl:traffic-secure-apply/directions/acls/acl
  • /ietf-interfaces:interfaces/interface/huawei-sacl:traffic-secure-apply/directions/acls/ruleid
  • /ietf-interfaces:interfaces/interface/huawei-sacl:traffic-secure-apply/directions/acls/statistic

Data Requirements

Configure ACL-based packet filtering and traffic statistics collection.

Table 2 Globally configuring ACL-based packet filtering and traffic statistics collection

Item

Data

Description

Direction for global packet filtering

inbound

Globally configure packet filtering and traffic statistics collection based on IPv4 ACL 3201.

ACL for global packet filtering

3201

Type of an ACL

false

Whether to globally enable the function of collecting traffic statistics based on ACLs

true

Direction for global packet filtering

inbound

Globally configure packet filtering and traffic statistics collection based on rule 2 of IPv4 ACL 3201.

ACL for global packet filtering

3201

ID of the ACL rule for global packet filtering

2

Whether to globally enable the function of collecting traffic statistics based on ACLs

true
Table 3 Configuring ACL-based packet filtering and traffic statistics collection on an interface

Item

Data

Description

Direction for packet filtering on an interface

inbound

Configure packet filtering and traffic statistics collection based on IPv4 ACL 3201 in the inbound direction of GigabitEthernet0/0/1.

ACL for packet filtering on an interface

3201

Type of an ACL

false

Whether to enable the function of collecting traffic statistics based on ACLs on an interface

true

Direction for packet filtering on an interface

inbound

Configure packet filtering and traffic statistics collection based on rule 2 of IPv4 ACL 3201 in the inbound direction of GigabitEthernet0/0/1.

ACL for packet filtering on an interface

3201

ID of an ACL for packet filtering on an interface

2

Whether to enable the function of collecting traffic statistics based on ACLs on an interface

true

Request Example

<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="6">
  <edit-config>
    <target>
      <running/>
    </target>
    <config xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
      <access-lists  xmlns="urn:ietf:params:xml:ns:yang:ietf-acl">
        <access-list>
          <access-control-list-name>3201</access-control-list-name>
          <access-control-list-type xmlns:ietf-acl="urn:ietf:params:xml:ns:yang:ietf-acl">ietf-acl:IP-access-control-list</access-control-list-type>
          <access-list-entries>
            <access-list-entry>
              <rule-name>2</rule-name>
              <matches>
                <source-port-range>
                  <lower-port>1</lower-port>
                </source-port-range>
                <protocol>6</protocol>
              </matches>
              <actions>
                <permit/>
              </actions>
            </access-list-entry>
           </access-list-entries>
          <ipv6-flag xmlns="urn:huawei:params:xml:ns:yang:huawei-acl">false</ipv6-flag>
        </access-list>
      </access-lists>

      <hw-sacl:traffic-filter-apply xmlns:hw-sacl="urn:huawei:params:xml:ns:yang:huawei-sacl">
        <hw-sacl:directions>
          <hw-sacl:direction>inbound</hw-sacl:direction>
          <hw-sacl:acls>
            <hw-sacl:acl>3201</hw-sacl:acl>
            <hw-sacl:ipv6-flag>false</hw-sacl:ipv6-flag>
            <hw-sacl:statistic>true</hw-sacl:statistic>
          </hw-sacl:acls>
        </hw-sacl:directions>
      </hw-sacl:traffic-filter-apply>

      <hw-sacl:traffic-secure-apply xmlns:hw-sacl="urn:huawei:params:xml:ns:yang:huawei-sacl">
        <hw-sacl:directions>
          <hw-sacl:direction>inbound</hw-sacl:direction>
          <hw-sacl:acls>
            <hw-sacl:acl>3201</hw-sacl:acl>
            <hw-sacl:ruleid>2</hw-sacl:ruleid>
            <hw-sacl:statistic>true</hw-sacl:statistic>
          </hw-sacl:acls>
        </hw-sacl:directions>
      </hw-sacl:traffic-secure-apply>
      
      <if:interfaces xmlns:if="urn:ietf:params:xml:ns:yang:ietf-interfaces">
        <if:interface>
          <if:name>GigabitEthernet0/0/1</if:name>
          <if:type xmlns:iana-if-type="urn:ietf:params:xml:ns:yang:iana-if-type">iana-if-type:ethernetCsmacd</if:type>
          <hw-sacl:traffic-filter-apply xmlns:hw-sacl="urn:huawei:params:xml:ns:yang:huawei-sacl">
            <hw-sacl:directions>
              <hw-sacl:direction>inbound</hw-sacl:direction>
              <hw-sacl:acls>
                <hw-sacl:acl>3201</hw-sacl:acl>
                <hw-sacl:ipv6-flag>false</hw-sacl:ipv6-flag>
                <hw-sacl:statistic>true</hw-sacl:statistic>
              </hw-sacl:acls>
            </hw-sacl:directions>
          </hw-sacl:traffic-filter-apply>
          <hw-sacl:traffic-secure-apply xmlns:hw-sacl="urn:huawei:params:xml:ns:yang:huawei-sacl">
            <hw-sacl:directions>
              <hw-sacl:direction>inbound</hw-sacl:direction>
              <hw-sacl:acls>
                <hw-sacl:acl>3201</hw-sacl:acl>
                <hw-sacl:ruleid>2</hw-sacl:ruleid>
                <hw-sacl:statistic>true</hw-sacl:statistic>
              </hw-sacl:acls>
            </hw-sacl:directions>
          </hw-sacl:traffic-secure-apply>
        </if:interface>
      </if:interfaces>
    </config>
  </edit-config>
</rpc>

Response Example

Sample of successful response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="9">
  <ok/>
</rpc-reply>

Sample of failed response

<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="10">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>The traffic-filter does not support ipv6 acl.</error-message>
    <error-info>Error on node /huawei-sacl:traffic-filter-apply/directions[direction="inbound"]/acls[acl="3201"]</error-info>
  </rpc-error>
</rpc-reply>
Parent Topic: ACL-based Simplified Traffic Policy Management
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >