Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual

Network OS NETCONF Operations Guide

415

53-1003231-02

IP ACL

28

a. In the <seq-id> element, set a sequence number for the rule to identify the rule and

determine the sequence in which rules are applied (lowest <seq-id> first).

b. In the <action> element, specify “deny” to create a rule in the IP ACL to drop traffic with

the source IP address, “permit” to create a rule in the IP ACL to permit traffic with the
source IP address, or “hard-drop” to create a rule in the IP ACL to force drop traffic.

c. In the <src-host-any-sip> element, specify “any” to permit or deny traffic from any source

IP address, or “host” to permit or deny traffic from a specific IP address.

d. In the <src-host-ip> element, specify the IP address of source traffic to be permitted or

denied if “host” is specified in the <src-host-any-sip> element.

For a complete list of <seq> node leaf elements, refer to the brocade-ip-access-list.yang file or
the brocade-ipv6-access-list.yang file.

The following example creates an extended IP ACL named stdACL3 that includes the following
rules:

•

Rule 5 permits traffic from host 10.20.33.4.

•

Rule 15 denies traffic from any source.

<?xml version="1.0" encoding="UTF-8"?>

<rpc message-id="2408" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">

<edit-config>

<target>

<running/>

</target>

<config>

<ip-acl xmlns="urn:brocade.com:mgmt:brocade-ip-access-list">

<ip>

<access-list>

<standard>

<name>stdACL3</name>

<seq>

<seq-id>5</seq-id>

<action>permit</action>

<src-host-any-sip>host</src-host-any-sip>

<src-host-ip>10.20.33.4</src-host-ip>

</seq>

<seq>

<seq-id>15</seq-id>

<action>deny</action>

<src-host-any-sip>any</src-host-any-sip>

</seq>

</standard>

</access-list>

</ip>

</ip-acl>

</config>

</edit-config>

</rpc>

<rpc-reply message-id="2408" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">

<ok/>

</rpc-reply>