Scribd
Upload
129 views6,475 pages

Hpe Comware 7 Netconf XML API Reference

This document provides an overview and reference for Comware 7 NETCONF XML API related to ACL configuration and management. It includes: - Descriptions of XML structures, tables, columns and data types for ACL groups, named ACL groups, and applying ACL policies to interfaces, zones, and zone pairs. - Explanations of ACL configuration options including type (e.g. IPv4, IPv6), number, resetting counters, and restrictions on certain data types. - References for configuring and managing access control lists and applying ACL policies on HPE Comware 7 devices via NETCONF XML API.

Uploaded by

Dream CCIE
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
129 views6,475 pages

Hpe Comware 7 Netconf XML API Reference

This document provides an overview and reference for Comware 7 NETCONF XML API related to ACL configuration and management. It includes: - Descriptions of XML structures, tables, columns and data types for ACL groups, named ACL groups, and applying ACL policies to interfaces, zones, and zone pairs. - Explanations of ACL configuration options including type (e.g. IPv4, IPv6), number, resetting counters, and restrictions on certain data types. - References for configuring and managing access control lists and applying ACL policies on HPE Comware 7 devices via NETCONF XML API.

Uploaded by

Dream CCIE
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6475

HPE Comware 7

NETCONF XML API Reference

The information in this document is subject to change without notice.


© Copyright 2018 Hewlett Packard Enterprise Development LP
Contents
802.1X ···························································································1
802.1X/IF ··································································································································· 1
802.1X /FreeIp ···························································································································· 1
802.1X /Protocol ·························································································································· 2
802.1X /EadAssist ························································································································ 2

i
802.1X
802.1X/IF
Message Explanation
Can't set a nonexistent VLAN as a guest VLAN. VLAN do not exist.
Can't set a nonexistent VLAN as an Auth-Fail
VLAN do not exist.
VLAN.
Can't set a nonexistent VLAN as a critical VLAN. VLAN do not exist.
Failed to enable 802.1X on the interface, Failed to enable 802.1X on the interface, because it is a link
because it is a link aggregation member port aggregation member port

Can't enable 802.1X for port security mode is Can't enable 802.1X for port security mode is configured on the
configured on the port. port.

Can't enable 802.1x for port security is enabled. Can't enable 802.1x for port security is enabled.
Can't configure port-control for port security is
Can't configure port-control for port security is enabled.
enabled.
Can't configure port-control for port security mode Can't configure port-control for port security mode is configured
is configured on the port. on the port.

Can't configure port-method for port security is Can't configure port-method for port security is enabled.
enabled.

Can't configure port-method for port security Can't configure port-method for port security mode is configured
mode is configured on the port. on the port.

Can't configure port-method for MAC Can't configure port-method for MAC authentication is enabled
authentication is enabled on the port. on the port.

The specified number must be higher than the The specified number must be higher than the current number of
current number of online users. online users.

Can't set a dynamic VLAN as an guest VLAN. Can't set a dynamic VLAN as an guest VLAN.
Can't set a dynamic VLAN as a Auth-Fail VLAN. Can't set a dynamic VLAN as a Auth-Fail VLAN.
Can't set a dynamic VLAN as a critical VLAN. Can't set a dynamic VLAN as a critical VLAN.
Port security, MAC authentication, and 802.1X
Port security, MAC authentication, and 802.1X authentication are
authentication are not supported on Layer 2
not supported on Layer 2 aggregate interfaces.
aggregate interfaces.

802.1X /FreeIp
Message Explanation
The maximum number of free-IP segments has The maximum number of free-IP segments has reached.
reached.

Invalid IP address or subnet mask. Invalid IP address or subnet mask.

1
802.1X /Protocol
Message Explanation
Can't enable 802.1x for port security is enabled. Can't enable 802.1x for port security is enabled.
Can't disable 802.1X for port security is enabled. Can't disable 802.1X for port security is enabled.

802.1X /EadAssist
Message Explanation
Can't enable the EAD assistant function when Can't enable the EAD assistant function when MAC
MAC authentication is enabled globally. authentication is enabled globally.

Can't enable the EAD assistant function when Can't enable the EAD assistant function when port security is
port security is enabled globally. enabled globally.

2
Contents
ACL·······························································································1
ACL/Groups ································································································································ 1
XML structure ······················································································································· 1
Table description ··················································································································· 1
Columns ······························································································································ 1
ACL/NamedGroups ······················································································································ 2
XML structure ······················································································································· 2
Table description ··················································································································· 2
Columns ······························································································································ 2
ACL/PfilterApply ·························································································································· 3
XML structure ······················································································································· 3
Table description ··················································································································· 3
Columns ······························································································································ 4
ACL/ZonePairPfilterApply ·············································································································· 4
XML structure ······················································································································· 5
Table description ··················································································································· 5
Columns ······························································································································ 5

i
ACL
ACL/Groups
This table contains ACL information.

XML structure
<ACL>
<Groups>
<Group>
<GroupType></GroupType>
<GroupID></GroupID>
<CountClear></CountClear>
</Group>
</Groups>
</ACL>

Table description
Item Description
Feature name ACL
Table name Groups
Table type Multi-instance table
Row name Group
Restrictions None

Columns
Column Column Column
Data type and restrictions Remarks
name description type
Enumeration:
• 1—IPv4.
GroupType ACL type. Index • 2—IPv6. N/A
• 3—MAC.
• 4—User-defined.
The value range
depends on the
GroupType column.
Unsigned integer.
GroupID ACL number. Index • 2000 to 5999 if
Value range: 2000 to 5999. GroupType is 1.
• 2000 to 3999 if
GroupType is 2.
CountClear Resets counters. N/A This column must be empty. N/A

1
ACL/NamedGroups
This table contains named ACL information.

XML structure
<ACL>
<NamedGroups>
<Group>
<GroupType></GroupType>
<GroupIndex></GroupIndex>
<CountClear></CountClear>
</Group>
</NamedGroups>
</ACL>

Table description
Item Description
Feature name ACL
Table name NamedGroups
Table type Multi-instance table
Row name Group
Restrictions None

Columns
Column Column Column
Data type and restrictions Remarks
name description type
Enumeration:
• 1—IPv4.
GroupType ACL type. Index • 2—IPv6. N/A
• 3—MAC.
• 4—User-defined.

2
Column Column Column
Data type and restrictions Remarks
name description type
An ACL name must start
with an English letter
and cannot be all.
String. The value range
Length: 1 to 63 characters. depends on the
GroupType column.
• ACL name:
ACL name or Case-insensitive string of • 2000 to 3999 if
GroupIndex Index
number. 1 to 63 characters. GroupType is 1.
• ACL number: • 2000 to 3999 if
String of digits in the GroupType is 2.
range of 2000 to 5999. • 4000 to 4999 if
GroupType is 3.
• 5000 to 5999 if
GroupType is 4.
CountClear Resets counters. N/A This column must be empty. N/A

ACL/PfilterApply
This table contains packet filter application information.

XML structure
<ACL>
<PfilterApply>
<Pfilter>
<AppObjType></AppObjType>
<AppObjIndex></AppObjIndex>
<AppDirection></AppDirection>
<AppAclType></AppAclType>
<AppAclGroup></AppAclGroup>
<CountClear></CountClear>
</Pfilter>
</PfilterApply>
</ACL>

Table description
Item Description
Feature name ACL
Table name PfilterApply
Table type Multi-instance table
Row name Pfilter
Restrictions None

3
Columns
Column Column Data type and
Column name Remarks
description type restrictions
Enumeration:
Type of the
• 1—Interface.
AppObjType application Index N/A
object. • 2—VLAN.
• 3—Global.
The value depends on the
AppObjType column.
• Interface index if
Index of the Unsigned integer. AppObjType is 1.
AppObjIndex application Index Value range: 0 to • VLAN ID in the range
object. 4294967295. of 1 to 4094 if
AppObjType is 2.
• The value is 0 if
AppObjType is 3.
Enumeration:
Application
AppDirection
direction.
Index • 1—Inbound. N/A
• 2—Outbound.
Enumeration:
• 1—IPv4.
• 2—IPv6.
• 3—Ethernet frame • Type 5 is a special
AppAclType ACL type. Index header ACL. ACL.
• 4—User-defined
ACL.
• 5—ACL with the
default action.
An ACL name must start
String. with an English letter and
Length: 1 to 63 cannot be all.
characters. The value range depends
• ACL name: on the AppAclType column.
Case-insensitive
• 2000 to 3999 if
string of 1 to 63
ACL name or AppAclType is 1.
AppAclGroup Index characters.
number. • 2000 to 3999 if
• ACL number:
AppAclType is 2.
String of digits
valued 0 or in the • 4000 to 4999 if
range of 2000 to AppAclType is 3.
5999. • 5000 to 5999 if
AppAclType is 4.
• 0 if AppAclType is 5.
Resets This column must be
CountClear N/A N/A
counters. empty.

ACL/ZonePairPfilterApply
This table contains packet filter application information for zone-pair.

4
XML structure
<ACL>
<ZonePairPfilterApply>
<Pfilter>
<SrcZone></SrcZone>
<DestZone></DestZone>
<AclType></AclType>
<AclGroup></AclGroup>
<Clear></Clear>
</Pfilter>
</ZonePairPfilterApply>
</ACL>

Table description
Item Description
Feature name ACL
Table name ZonePairPfilterApply
Table type Multi-instance table
Row name Pfilter
Restrictions None

Columns
Column Column Data type and
Column name Remarks
description type restrictions
String, case insensitive.
Name of the
SrcZone
source zone.
Index • Length: 1 to 31 Cannot contain midline( - ).
characters.

Name of the String, case insensitive.


DestZone destination Index • Length: 1 to 31 Cannot contain midline( - ).
zone. characters.
Enumeration:
Type 3 is not supported in
• 1—IPv4 ACL.
the current software
AclType ACL type. Index • 2—IPv6 ACL. version, and is reserved for
• 3—Ethernet frame future support.
header ACL.
An ACL name must start
• ACL name: with an English letter and
Case-insensitive cannot be all.
string of 1 to 63
The value range depends
ACL name or characters.
AclGroup Index on the AppAclType column.
number. • ACL number:
An unsigned integer • 2000 to 5999 if
in the range of 2000 AppAclType is 1.
to 5999. • 2000 to 3999 if
AppAclType is 2.

5
Column Column Data type and
Column name Remarks
description type restrictions
Resets This column must be
Clear N/A N/A
counters. empty.

6
Contents
ACL·······························································································1
ACL/Groups ······························································································································ 1
XML structure ····················································································································· 1
Table description ················································································································· 1
Columns ···························································································································· 1
ACL/NamedGroups ···················································································································· 2
XML structure ····················································································································· 2
Table description ················································································································· 3
Columns ···························································································································· 3
ACL/Intervals ···························································································································· 4
XML structure ····················································································································· 4
Table description ················································································································· 4
Columns ···························································································································· 5
ACL/IPv4BasicRules··················································································································· 5
XML structure ····················································································································· 5
Table description ················································································································· 6
Columns ···························································································································· 6
ACL/IPv4NamedBasicRules ········································································································· 7
XML structure ····················································································································· 8
Table description ················································································································· 8
Columns ···························································································································· 8
ACL/IPv6BasicRules················································································································· 10
XML structure ··················································································································· 10
Table description ··············································································································· 11
Columns ·························································································································· 11
ACL/IPv6NamedBasicRules ······································································································· 13
XML structure ··················································································································· 13
Table description ··············································································································· 13
Columns ·························································································································· 14
ACL/IPv4AdvanceRules ············································································································ 15
XML structure ··················································································································· 15
Table description ··············································································································· 17
Columns ·························································································································· 18
ACL/IPv4NamedAdvanceRules··································································································· 25
XML structure ··················································································································· 25
Table description ··············································································································· 27
Columns ·························································································································· 27
ACL/IPv6AdvanceRules ············································································································ 35
XML structure ··················································································································· 35
Table description ··············································································································· 37
Columns ·························································································································· 37
ACL/IPv6NamedAdvanceRules··································································································· 42
XML structure ··················································································································· 42
Table description ··············································································································· 43
Columns ·························································································································· 43
ACL/MACRules ······················································································································· 48
XML structure ··················································································································· 48
Table description ··············································································································· 49
Columns ·························································································································· 50
ACL/MACNamedRules·············································································································· 53
XML structure ··················································································································· 53
Table description ··············································································································· 54
Columns ·························································································································· 54
ACL/PfilterIgnoreAction ············································································································· 57
XML structure ··················································································································· 57
Table description ··············································································································· 57
Columns ·························································································································· 57

i
ACL/PfilterDefAction ················································································································· 58
XML structure ··················································································································· 58
Table description ··············································································································· 58
Columns ·························································································································· 58
ACL/PfilterApply ······················································································································ 58
XML structure ··················································································································· 59
Table description ··············································································································· 59
Columns ·························································································································· 59
ACL/UserRules ······················································································································· 60
XML structure ··················································································································· 60
Table description ··············································································································· 62
Columns ·························································································································· 62
ACL/UserNamedRules ·············································································································· 66
XML structure ··················································································································· 66
Table description ··············································································································· 68
Columns ·························································································································· 68
ACL/ZonePairPfilterApply ·········································································································· 73
XML structure ··················································································································· 73
Table description ··············································································································· 73
Columns ·························································································································· 74

ii
ACL
ACL/Groups
This table contains ACL information.

XML structure
<ACL>
<Groups>
<Group>
<GroupType></GroupType>
<GroupID></GroupID>
<MatchOrder></MatchOrder>
<Step></Step>
<Name></Name>
<Description></Description>
</Group>
</Groups>
</ACL>

Table description
Item Description
Feature name ACL
Table name Groups
Table type Multi-instance table
Row name Group
Restrictions None
Support for row creation and deletion Yes

Columns
Column Column Colum Data type and
Remarks
name description n type restrictions
Enumeration:
• 1—IPv4.
GroupType ACL type Index • 2—IPv6. N/A
• 3—MAC.
• 4—User-defined.

1
Column Column Colum Data type and
Remarks
name description n type restrictions
The value range depends on the
GroupType column.
• 2000 to 5999 if GroupType is 1.
 IPv4 basic ACL: 2000 to
2999.
 IPv4 advanced ACL: 3000 to
Unsigned integer. 3999.
GroupID ACL number Index  Ethernet frame header ACL:
Value range: 2000 to 4000 to 4999.
5999.
 User-defined ACL: 5000 to
5999.
• 2000 to 3999 if GroupType is 2.
 IPv6 basic ACL: 2000 to
2999.
 IPv6 advanced ACL: 3000 to
3999.
Enumeration:
• 1—Config
(default). In this
order, rules are The match order can only be
Order in which sorted in modified for ACLs that do not contain
MatchOrder the rules are N/A ascending order of any rules.
sorted rule ID. The match order can only be config
• 2—Auto. In this for user-defined ACLs.
order, rules are
sorted in
depth-first order.

ACL rule Unsigned integer.


The rule numbering step for
Step numbering N/A Value range: 1 to 20.
user-defined ACLs can only be 5.
step Default: 5.
String, case-insensitive.
Length: 1 to 63
Name ACL name N/A characters. Name is supported for number ACL.
The string must start
with an English letter.
String, case-sensitive.
ACL By default, an ACL has no
Description N/A Length: 1 to 127
description description.
characters.

ACL/NamedGroups
This table contains named ACL information.

XML structure
<ACL>
<NamedGroups>
<Group>
<GroupType></GroupType>

2
<GroupCategory></GroupCategory>
<GroupIndex></GroupIndex>
<MatchOrder></MatchOrder>
<Step></Step>
<Description></Description>
</Group>
</NamedGroups>
</ACL>

Table description
Item Description
Feature name ACL
Table name NamedGroups
Table type Multi-instance table
Row name Group
Restrictions None
Support for row creation and deletion Yes

Columns
Column Column Colum Data type and
Remarks
name description n type restrictions
Enumeration:
• 1—IPv4.
GroupType ACL type Index • 2—IPv6. N/A
• 3—MAC.
• 4—User-defined.
The value range depends on the
Enumeration: GroupType column.
GroupCateg • 0—invalid. • 1 to 2 if GroupType is 1 or 2.
ACL Category Index
ory • 1—basic.  basic ACL: 1.
• 2—advanced.  advanced ACL: 2.
• 0 if GroupType is 3 or 4.
An ACL name must start with an
English letter and cannot be all.
String. The value range depends on the
Length: 1 to 63 GroupType column.
characters.
• 2000 to 3999 if GroupType is 1.
• ACL name:
 IPv4 basic ACL: 2000 to
ACL name or Case-insensitive
GroupIndex Index 2999.
number string of 1 to 63
characters.  IPv4 advanced ACL: 3000 to
3999.
• ACL number:
String of digits in • 2000 to 3999 if GroupType is 2.
the range of 2000  IPv6 basic ACL: 2000 to
to 5999. 2999.
 IPv6 advanced ACL: 3000 to
3999.

3
Column Column Colum Data type and
Remarks
name description n type restrictions
• 4000 to 4999 if GroupType is 3.
 Ethernet frame header ACL:
4000 to 4999.
• 5000 to 5999 if GroupType is 4.
User-defined ACL: 5000 to 5999.
Enumeration:
• 1—Config
(default). In this
order, rules are The match order can only be
Order in which sorted in modified for ACLs that do not contain
MatchOrder the rules are N/A ascending order of any rules.
sorted rule ID. The match order can only be config
• 2—Auto. In this for user-defined ACLs.
order, rules are
sorted in
depth-first order.

ACL rule Unsigned integer.


The rule numbering step for
Step numbering N/A Value range: 1 to 20.
user-defined ACLs can only be 5.
step Default: 5.
String, case-sensitive.
ACL By default, an ACL has no
Description N/A Length: 1 to 127
description description.
characters.

ACL/Intervals
This table contains ACL interval information.

XML structure
<ACL>
<Intervals>
<Interval>
<IntervalType></IntervalType>
<IntervalValue></IntervalValue>
</Interval>
</Intervals>
</ACL>

Table description
Item Description
Feature name ACL
Table name Intervals
Table type Multi-instance table
Row name Interval

4
Restrictions None
Support for row creation and deletion Yes

Columns
Column Column Data type and
Column name Remarks
description type restrictions
The type of the interval specified
for generating packet filtering
Enumeration: logs or traps.
The type of
IntervalType
the interval
Index • 1—logging. You cannot create, merge, or
• 2—trap. replace an interval when there is
an effective interval of a different
type.
Unsigned integer.
The value of
IntervalValue N/A Value range: 5 to It must be a multiple of 5.
the interval
1440.

ACL/IPv4BasicRules
This table contains information about IPv4 basic ACL rules.

XML structure
<ACL>
<IPv4BasicRules>
<Rule>
<GroupID></GroupID>
<RuleID></RuleID>
<Action></Action>
<SrcAny></SrcAny>
<SrcIPv4>
<SrcIPv4Addr></SrcIPv4Addr>
<SrcIPv4Wildcard></SrcIPv4Wildcard>
</SrcIPv4>
<SrcObjectGroup></SrcObjectGroup>
<Fragment></Fragment>
<TimeRange></TimeRange>
<VRF></VRF>
<Counting></Counting>
<Logging></Logging>
<Comment></Comment>
</Rule>
</IPv4BasicRules>
</ACL>

5
Table description
Item Description
Feature name ACL
Table name IPv4BasicRules
Table type Multi-instance table
Row name Rule
Restrictions None
Support for row creation and deletion Yes

Columns
Column Column Column
Data type and restrictions Remarks
name description type
You must create an ACL
Unsigned integer. first before you create,
GroupID ACL number. Index
Value range: 2000 to 2999. merge, or replace rules for
it.
If you set this column to
65535, the system
Unsigned integer. automatically assigns a
Value range: 0 to 65535. new rule ID. This rule ID is
RuleID Rule ID. Index
The value 65535 is an invalid the nearest higher
rule ID. multiple of the numbering
step to the current highest
rule ID, starting from 0.
You cannot specify an
action when you remove
Action on or delete a rule.
Enumeration:
packets You must specify an
Action
matching the
N/A • 1—Deny.
action when you replace a
rule. • 2—Permit. rule, or when you merge
or create a rule that does
not exist.
Boolean:

Whether a rule • true—Matches any


source IP addresses This column must be
matches any
SrcAny N/A (default). configured together with
source IP
• false—Matches the the SrcIPv4 column.
addresses.
specified source IP
address.
This column must be
Members include: configured together with
Source IPv4 Data the SrcAny column.
SrcIPv4
information. structure • SrcIPv4Addr.
• SrcIPv4Wildcard. The two members must
both be specified.
Example: 1.1.1.1.
Source IPv4 String, dotted decimal This column is available
SrcIPv4Addr N/A
address. notation. when the SrcAny column
is false.

6
Column Column Column
Data type and restrictions Remarks
name description type
It must be empty when the
SrcAny column is true.
Example: 255.255.255.0.
This column is available
Wildcard mask
SrcIPv4Wildc String, dotted decimal when the SrcAny column
for the source N/A
ard notation. is false.
IPv4 address.
It must be empty when the
SrcAny column is true.

String, case-insensitive. This column and the


SrcObjectGro Source object
N/A SrcAny column cannot
up group name. Length: 1 to 31 characters. both be configured.
Boolean:
Whether a rule • true—Matches only
matches only non-first fragments.
Fragment N/A N/A
non-first • false—Matches both
fragments. fragments and
non-fragments (default).
String, case-insensitive.
Length: 1 to 32 characters.
TimeRange Time range. N/A It cannot be the word all.
The string must start with an
English letter.
String, case-sensitive.
VRF VRF. N/A N/A
Length: 1 to 31 characters.
Boolean:

Whether to • true—Counts the rule


Counting count the rule N/A matches. N/A
matches. • false—Does not count
the rule matches
(default).
Boolean:

Whether to log • true—Logs rule match


Logging rule match N/A events. N/A
events. • false—Does not log
rule match events
(default).
A comment can only be
configured for an existing
rule.
Rule String, case-sensitive.
Comment N/A When the MatchOrder
comment. Length: 1 to 127 characters.
column is 2, you can
modify only the comment
for a rule.

ACL/IPv4NamedBasicRules
This table contains information about namd IPv4 basic ACL rules.

7
XML structure
<ACL>
<IPv4NamedBasicRules>
<Rule>
<GroupIndex></GroupIndex>
<RuleID></RuleID>
<Action></Action>
<SrcAny></SrcAny>
<SrcIPv4>
<SrcIPv4Addr></SrcIPv4Addr>
<SrcIPv4Wildcard></SrcIPv4Wildcard>
</SrcIPv4>
<SrcObjectGroup></SrcObjectGroup>
<Fragment></Fragment>
<TimeRange></TimeRange>
<VRF></VRF>
<Counting></Counting>
<Logging></Logging>
<Comment></Comment>
</Rule>
</IPv4NamedBasicRules>
</ACL>

Table description
Item Description
Feature name ACL
Table name IPv4NamedBasicRules
Table type Multi-instance table
Row name Rule
Restrictions None
Support for row creation and deletion Yes

Columns
Column Column Column
Data type and restrictions Remarks
name description type
String.
Length: 1 to 63 characters.
• ACL name: You must create an ACL
ACL name or Case-insensitive string first before you create,
GroupIndex Index
number. of 1 to 63 characters. merge, or replace rules for
• ACL number: it.
String of digits in the
range of 2000 to 2999.

8
Column Column Column
Data type and restrictions Remarks
name description type
If you set this column to
65535, the system
Unsigned integer. automatically assigns a
Value range: 0 to 65535. new rule ID. This rule ID is
RuleID Rule ID. Index
The value 65535 is an invalid the nearest higher
rule ID. multiple of the numbering
step to the current highest
rule ID, starting from 0.
You cannot specify an
action when you remove
Action on or delete a rule.
Enumeration:
packets You must specify an
Action
matching the
N/A • 1—Deny.
action when you replace a
rule. • 2—Permit. rule, or when you merge
or create a rule that does
not exist.
Boolean:

Whether a rule • true—Matches any


source IP addresses This column must be
matches any
SrcAny N/A (default). configured together with
source IP
• false—Matches the the SrcIPv4 column.
addresses.
specified source IP
address.
This column must be
Members include: configured together with
Source IPv4 Data the SrcAny column.
SrcIPv4
information. structure • SrcIPv4Addr.
• SrcIPv4Wildcard. The two members must
both be specified.
Example: 1.1.1.1.
This column is available
Source IPv4 String, dotted decimal when the SrcAny column
SrcIPv4Addr N/A
address. notation. is false.
It must be empty when the
SrcAny column is true.
Example: 255.255.255.0.
This column is available
Wildcard mask
SrcIPv4Wildc String, dotted decimal when the SrcAny column
for the source N/A
ard notation. is false.
IPv4 address.
It must be empty when the
SrcAny column is true.

String, case-insensitive. This column and the


SrcObjectGro Source object
N/A SrcAny column cannot
up group name.
Length: 1 to 31 characters. both be configured.

Boolean:
Whether a rule • true—Matches only
matches only non-first fragments.
Fragment N/A N/A
non-first • false—Matches both
fragments. fragments and
non-fragments (default).
String, case-insensitive.
TimeRange Time range. N/A It cannot be the word all.
Length: 1 to 32 characters.

9
Column Column Column
Data type and restrictions Remarks
name description type
The string must start with an
English letter.
String, case-sensitive.
VRF VRF. N/A N/A
Length: 1 to 31 characters.
Boolean:

Whether to • true—Counts the rule


Counting count the rule N/A matches. N/A
matches. • false—Does not count
the rule matches
(default).
Boolean:

Whether to log • true—Logs rule match


Logging rule match N/A events. N/A
events. • false—Does not log
rule match events
(default).
A comment can only be
configured for an existing
rule.
Rule String, case-sensitive.
Comment N/A When the MatchOrder
comment. Length: 1 to 127 characters.
column is 2, you can
modify only the comment
for a rule.

ACL/IPv6BasicRules
This table contains information about IPv6 basic ACL rules.

XML structure
<ACL>
<IPv6BasicRules>
<Rule>
<GroupID></GroupID>
<RuleID></RuleID>
<Action></Action>
<SrcAny></SrcAny>
<SrcIPv6>
<SrcIPv6Addr></SrcIPv6Addr>
<SrcIPv6Prefix></SrcIPv6Prefix>
</SrcIPv6>
<SrcObjectGroup></SrcObjectGroup>
<RoutingTypeAny></RoutingTypeAny>
<RoutingTypeValue></RoutingTypeValue>
<Fragment></Fragment>
<TimeRange></TimeRange>
<VRF></VRF>
<Counting></Counting>

10
<Logging></Logging>
<Comment></Comment>
</Rule>
</IPv6BasicRules>
</ACL>

Table description
Item Description
Feature name ACL
Table name IPv6BasicRules
Table type Multi-instance table
Row name Rule
Restrictions None
Support for row creation and deletion Yes

Columns
Column Column Column
Data type and restrictions Remarks
name description type
You must create an ACL
Unsigned integer. first before you create,
GroupID ACL number. Index
Value range: 2000 to 2999. merge, or replace rules for
it.
If you set this column to
65535, the system
Unsigned integer. automatically assigns a
Value range: 0 to 65535. new rule ID. This rule ID is
RuleID Rule ID. Index
The value 65535 is an invalid rule the nearest higher
ID. multiple of the numbering
step to the current highest
rule ID, starting from 0.
You cannot specify an
action when you remove
Action on or delete a rule.
Enumeration:
packets You must specify an
Action
matching the
N/A • 1—Deny.
action when you replace a
rule. • 2—Permit. rule, or when you merge
or create a rule that does
not exist.
Boolean:
Whether a rule
matches any • true—Matches any source This column must be
SrcAny N/A IPv6 addresses (default). configured together with
source IP
• false—Matches the specified the SrcIPv6 column.
addresses.
source IPv6 address.

Members include: This column must be


Source IPv6 Data configured together with
SrcIPv6
information. structure • SrcIPv6Addr. the SrcAny column.
• SrcIPv6Prefix.
The two members must

11
Column Column Column
Data type and restrictions Remarks
name description type
both be specified.
Example: 1:1::1:1.
This column is available
SrcIPv6Ad Source IPv6 Hexadecimal string, when the SrcAny column
N/A
dr address. colon-separated. is false.
It must be empty when the
SrcAny column is true.
This column is available
Length of the when the SrcAny column
SrcIPv6Pr Unsigned integer.
source IPv6 N/A is false.
efix Value range: 1 to 128.
address prefix. It must be empty when the
SrcAny column is true.

String, case-insensitive. This column and the


SrcObject Source object
N/A SrcAny column cannot
Group group name. Length: 1 to 31 characters. both be configured.
Boolean:
Whether a rule
matches any • true—Matches any types of This column and the
RoutingTy routing header. RoutingTypeValue
types of N/A
peAny • false—Matches the specified column cannot both be
routing
type of routing header configured.
header.
(default).
This column and the
RoutingTy Routing Unsigned integer. RoutingTypeAny column
N/A
peValue header type. Value range: 0 to 255. cannot both be
configured.
Boolean:
Whether a rule • true—Matches only non-first
matches only fragments.
Fragment N/A N/A
non-first • false—Matches both
fragments. fragments and non-fragments
(default).
String, case-insensitive.
TimeRang Length: 1 to 32 characters.
Time range. N/A It cannot be the word all.
e The string must start with an
English letter.
String, case-sensitive.
VRF VRF. N/A N/A
Length: 1 to 31 characters.
Boolean:
Whether to • true—Counts the rule
Counting count the rule N/A matches. N/A
matches. • false—Does not count the
rule matches (default).
Boolean:
Whether to log • true—Logs rule match
Logging rule match N/A events. N/A
events. • false—Does not log rule
match events (default).

String, case-sensitive. A comment can only be


Rule
Comment N/A configured for an existing
comment. Length: 1 to 127 characters. rule.

12
Column Column Column
Data type and restrictions Remarks
name description type
When the MatchOrder
column is 2, you can
modify only the comment
for a rule.

ACL/IPv6NamedBasicRules
This table contains information about named IPv6 basic ACL rules.

XML structure
<ACL>
<IPv6NamedBasicRules>
<Rule>
<GroupIndex></GroupIndex>
<RuleID></RuleID>
<Action></Action>
<SrcAny></SrcAny>
<SrcIPv6>
<SrcIPv6Addr></SrcIPv6Addr>
<SrcIPv6Prefix></SrcIPv6Prefix>
</SrcIPv6>
<SrcObjectGroup></SrcObjectGroup>
<RoutingTypeAny></RoutingTypeAny>
<RoutingTypeValue></RoutingTypeValue>
<Fragment></Fragment>
<TimeRange></TimeRange>
<VRF></VRF>
<Counting></Counting>
<Logging></Logging>
<Comment></Comment>
</Rule>
</IPv6NamedBasicRules>
</ACL>

Table description
Item Description
Feature name ACL
Table name IPv6NamedBasicRules
Table type Multi-instance table
Row name Rule
Restrictions None
Support for row creation and deletion Yes

13
Columns
Column Column Column
Data type and restrictions Remarks
name description type
String.
Length: 1 to 63 characters.
• ACL name: You must create an ACL
GroupInde ACL name or Case-insensitive string of 1 to first before you create,
Index
x number. 63 characters. merge, or replace rules for
• ACL number: it.
String of digits in the range of
2000 to 2999.
If you set this column to
65535, the system
Unsigned integer. automatically assigns a
Value range: 0 to 65535. new rule ID. This rule ID is
RuleID Rule ID. Index
The value 65535 is an invalid rule the nearest higher
ID. multiple of the numbering
step to the current highest
rule ID, starting from 0.
You cannot specify an
action when you remove
Action on or delete a rule.
Enumeration:
packets You must specify an
Action
matching the
N/A • 1—Deny.
action when you replace a
rule. • 2—Permit. rule, or when you merge
or create a rule that does
not exist.
Boolean:
Whether a rule
matches any • true—Matches any source This column must be
SrcAny N/A IPv6 addresses (default). configured together with
source IP
• false—Matches the specified the SrcIPv6 column.
addresses.
source IPv6 address.
This column must be
Members include: configured together with
Source IPv6 Data the SrcAny column.
SrcIPv6
information. structure • SrcIPv6Addr.
• SrcIPv6Prefix. The two members must
both be specified.
Example: 1:1::1:1.
This column is available
SrcIPv6Ad Source IPv6 Hexadecimal string, when the SrcAny column
N/A
dr address. colon-separated. is false.
It must be empty when the
SrcAny column is true.
This column is available
Length of the when the SrcAny column
SrcIPv6Pr Unsigned integer.
source IPv6 N/A is false.
efix Value range: 1 to 128.
address prefix. It must be empty when the
SrcAny column is true.

String, case-insensitive. This column and the


SrcObject Source object
N/A SrcAny column cannot
Group group name. Length: 1 to 31 characters. both be configured.

14
Column Column Column
Data type and restrictions Remarks
name description type
Boolean:
Whether a rule
matches any • true—Matches any types of This column and the
RoutingTy routing header. RoutingTypeValue
types of N/A
peAny • false—Matches the specified column cannot both be
routing
type of routing header configured.
header.
(default).
This column and the
RoutingTy Routing Unsigned integer. RoutingTypeAny column
N/A
peValue header type. Value range: 0 to 255. cannot both be
configured.
Boolean:
Whether a rule • true—Matches only non-first
matches only fragments.
Fragment N/A N/A
non-first • false—Matches both
fragments. fragments and non-fragments
(default).
String, case-insensitive.
TimeRang Length: 1 to 32 characters.
Time range. N/A It cannot be the word all.
e The string must start with an
English letter.
String, case-sensitive.
VRF VRF. N/A N/A
Length: 1 to 31 characters.
Boolean:
Whether to • true—Counts the rule
Counting count the rule N/A matches. N/A
matches. • false—Does not count the
rule matches (default).
Boolean:
Whether to log • true—Logs rule match
Logging rule match N/A events. N/A
events. • false—Does not log rule
match events (default).
A comment can only be
configured for an existing
rule.
Rule String, case-sensitive.
Comment N/A When the MatchOrder
comment. Length: 1 to 127 characters.
column is 2, you can
modify only the comment
for a rule.

ACL/IPv4AdvanceRules
This table contains information about IPv4 advanced ACL rules.

XML structure
<ACL>
<IPv4AdvanceRules>

15
<Rule>
<GroupID></GroupID>
<RuleID></RuleID>
<Action></Action>
<ProtocolType></ProtocolType>
<SrcAny></SrcAny>
<SrcIPv4>
<SrcIPv4Addr></SrcIPv4Addr>
<SrcIPv4Wildcard></SrcIPv4Wildcard>
</SrcIPv4>
<SrcObjectGroup></SrcObjectGroup>
<DstAny></DstAny>
<DstIPv4>
<DstIPv4Addr></DstIPv4Addr>
<DstIPv4Wildcard></DstIPv4Wildcard>
</DstIPv4>
<DstObjectGroup></DstObjectGroup>
<ECN></ECN>
<DSCP></DSCP>
<DSCPRange>
<StartDSCP></StartDSCP>
<EndDSCP></EndDSCP>
</DSCPRange>
<Precedence></Precedence>
<TOS></TOS>
<SrcPort>
<SrcPortOp></SrcPortOp>
<SrcPortValue1></SrcPortValue1>
<SrcPortValue2></SrcPortValue2>
</SrcPort>
<DstPort>
<DstPortOp></DstPortOp>
<DstPortValue1></DstPortValue1>
<DstPortValue2></DstPortValue2>
</DstPort>
<TcpFlag>
<ACK></ACK>
<FIN></FIN>
<PSH></PSH>
<RST></RST>
<SYN></SYN>
<URG></URG>
</TcpFlag>
<Established></Established>
<ICMP>
<ICMPType></ICMPType>
<ICMPCode></ICMPCode>
</ICMP>

16
<Fragment></Fragment>
<TimeRange></TimeRange>
<VRF></VRF>
<QoSLocalID></QoSLocalID>
<EncapType></EncapType>
<InProtocolType></InProtocolType>
<VxlanID></VxlanID>
<InSrcAny></InSrcAny>
<InSrcIPv4>
<InSrcIPv4Addr></InSrcIPv4Addr>
<InSrcIPv4Wildcard></InSrcIPv4Wildcard>
</InSrcIPv4>
<InDstAny></InDstAny>
<InDstIPv4>
<InDstIPv4Addr></InDstIPv4Addr>
<InDstIPv4Wildcard></InDstIPv4Wildcard>
</InDstIPv4>
<InSrcPort>
<InSrcPortOp></InSrcPortOp>
<InSrcPortValue1></InSrcPortValue1>
<InSrcPortValue2></InSrcPortValue2>
</InSrcPort>
<InDstPort>
<InDstPortOp></InDstPortOp>
<InDstPortValue1></InDstPortValue1>
<InDstPortValue2></InDstPortValue2>
</InDstPort>
<InEstablished></InEstablished>
<Counting></Counting>
<Logging></Logging>
<Comment></Comment>
</Rule>
</IPv4AdvanceRules>
</ACL>

Table description
Item Description
Feature name ACL
Table name IPv4AdvanceRules
Table type Multi-instance table
Row name Rule
Restrictions None
Support for row creation and deletion Yes

17
Columns
Column Column Column
Data type and restrictions Remarks
name description type
You must create an ACL
Unsigned integer. first before you create,
GroupID ACL number. Index
Value range: 3000 to 3999. merge, or replace rules for
it.
If you set this column to
65535, the system
Unsigned integer. automatically assigns a
Value range: 0 to 65535. new rule ID. This rule ID is
RuleID Rule ID. Index
The value 65535 is an invalid the nearest higher
rule ID. multiple of the numbering
step to the current highest
rule ID, starting from 0.
You cannot specify an
action when you remove
or delete a rule.
Enumeration:
Action on packets You must specify an
Action
matching the rule.
N/A • 1—Deny.
action when you replace a
• 2—Permit. rule, or when you merge
or create a rule that does
not exist.
You cannot specify a
protocol type when you
Unsigned integer. remove or delete a rule.
ProtocolTy Value range: 0 to 256. You must specify a
Protocol type. N/A protocol type or an
pe The value 256 represents all encapsulation type when
IPv4 protocols. you replace a rule, or
when you merge or create
a rule that does not exist.
Boolean:
• true—Matches any The VXLAN
Whether a rule encapsulation supports
matches any source IP addresses
SrcAny N/A (default). this column.
source IP
addresses. • false—Matches the This column must be
specified source IP configured together with
address. the SrcIPv4 column.

This column must be


Members include: configured together with
Source IPv4 Data the SrcAny column.
SrcIPv4
information. structure • SrcIPv4Addr.
• SrcIPv4Wildcard. The two members must
both be specified.
Example: 1.1.1.1.
This column is available
SrcIPv4Ad Source IPv4 String, dotted decimal when the SrcAny column
N/A
dr address. notation. is false.
It must be empty when the
SrcAny column is true.
Example: 255.255.255.0.
Wildcard mask for
SrcIPv4Wi String, dotted decimal This column is available
the source IPv4 N/A
ldcard notation. when the SrcAny column
address.
is false.

18
Column Column Column
Data type and restrictions Remarks
name description type
It must be empty when the
SrcAny column is true.

String, case-insensitive. This column and the


SrcObject Source object
N/A SrcAny column cannot
Group group name. Length: 1 to 31 characters. both be configured.
Boolean:
• true—Matches any The VXLAN
Whether a rule encapsulation supports
matches any destination IP
DstAny N/A addresses (default). this column.
destination IP
addresses. • false—Matches the This column must be
specified destination IP configured together with
address. the DstIPv4 column.

This column must be


Members include: configured together with
Destination IPv4 Data the DstAny column.
DstIPv4
information. structure • DstIPv4Addr.
• DstIPv4Wildcard. The two members must
both be specified.
Example: 1.1.1.1.
This column is available
DstIPv4Ad Destination IPv4 String, dotted decimal when the DstAny column
N/A
dr address. notation. is false.
It must be empty when the
DstAny column is true.
Example: 255.255.255.0.
This column is available
Wildcard mask for
DstIPv4Wi String, dotted decimal when the DstAny column
the destination N/A
ldcard notation. is false.
IPv4 address.
It must be empty when the
DstAny column is true.

String, case-insensitive. This column and the


DstObject Destination object
N/A DstAny column cannot
Group group name. Length: 1 to 31 characters. both be configured.
Unsigned integer. ECN and TOS cannot be
ECN ECN flag. N/A
Value range: 0 to 3. specified together.

Unsigned integer.
DSCP DSCP priority. N/A N/A
Value range: 0 to 63.
Members include: DSCP and DSCPRange
DSCPRan DSCP priority Data
ge structure • StartDSCP cannot be specified
range. together.
• EndDSCP

StartDSC Start DSCP Unsigned integer. The end DSCP must be


priority of a DSCP N/A
P Value range: 0 to 63. greater than start DSCP.
priority range.
End DSCP priority Unsigned integer.
EndDSCP of a DSCP priority N/A N/A
range. Value range: 0 to 63.

Unsigned integer. The DSCP priority and the


Precedenc