Data model – Brocade Network Advisor SMI Agent Developers Guide v12.3.0 User Manual
Page 86
70
Brocade Network Advisor SMI Agent Developer’s Guide
53-1003159-01
CEE switch support
3
•
Even though ACLs can be Layer 2-specific (MAC) or Layer 3-specific (IP), they can only be
applied on the same type of interface. Because an interface can only be set to Layer 2 mode,
Layer 2 ACLs and only ACLs with MAC source and destination addresses are supported.
Data model
There is no SNIA model for CEE ACLs. The DMTF DSP1039 version 1.0.0 for the Role-Based
Authorization Profile to model these ACLs will be followed. All mandatory classes and properties as
stated in this profile will be supported. The following detailed notes describe the class diagram as
shown in
•
The CEE ACL policy is defined at the scope of the switch. This policy represented by an instance
of Brocade_CEEACLPolicy is associated to the scoping system, which is the
Brocade_EthernetSwitch through Brocade_CEEACLPolicyInEthernetSwitch.
•
Each CEE ACL policy may contain zero or more rules. All the rules within a policy are
represented by a single instance of Brocade_CEEACLRules. The composition is through
Brocade_CEEACLRulesInPolicy. There is one instance of Brocade_CEEACLRules for every
Brocade_CEEACLPolicy on the Brocade_EthernetSwitch.
•
The Brocade_CEEACLRules.ActivityQualifiers array contains an array of strings, each string
represents one rule within the policy. Each string contains the details of the sequence number,
source, destination, count, Ether Type and privilege of the rule in a specific format.
•
The Brocade_CEEACLRules.QualifierFormats array contains an array of strings, each string
represents the format for the rule in the Brocade_CEEACLRules.ActivityQualifiers array at the
same index.
•
All the possible values for the Brocade_CEEACLRules.QualifierFormats array are published in
the Brocade_CEEACLServiceCapabilities.QualifierFormatsSupported as an array of strings. The
value in the Brocade_CEEACLRules.QualifierFormats property is a subset of these formats.
•
A policy may be empty. In such a case, the Brocade_CEEACLPolicy is associated to a
Brocade_CEEACLRules instance in which the Brocade_CEEACLRules.ActivityQualifiers and
Brocade_CEEACLRules.QualifierFormats properties are empty.
•
If a CEE ACL policy has been applied to a port, LAG or VLAN, this information can be discovered
by traversing the Brocade_CEEACLPolicyOnEthernetPort, Brocade_CEEACLPolicyOnLAG, or
Brocade_CEEACLPolicyOnVLAN respectively to the appropriate ManagedElement.
•
For every Brocade_EthernetSwitch instance, there is an instance of Brocade_CEEACLService.
This service provides the ability to create, delete, modify, and assign CEE ACL policies.
•
The capabilities of the service are published by a single instance of
Brocade_CEEACLServiceCapabilities associated to the service through
Brocade_CEEACLServiceElementCapabilities.
•
Brocade_CEEACLPolicy can be created using the Brocade_CEEACLService.CreateRole()
extrinsic method. Only the input parameters RoleTemplate and Privileges are supported. The
successful execution of this method results in the creation of an instance of
Brocade_CEEACLPolicy being associated to an instance of Brocade_CEEACLRules. The path of
the newly created Brocade_CEEACLPolicy instance is returned in the output parameter Role.
The Brocade_CEEACLPolicy is associated to the appropriate Brocade_EthernetSwitch instance
on which it is defined. The Brocade_CEEACLPolicy instance is not associated to a port, LAG or
VLAN. This is done as a separate operation.