OcNOS-SP : OpenConfig Command Reference : ACL Openconfig Translation
ACL Openconfig Translation
Configure Primary IP Address
This XML configuration snippet is used to create an ACL (access control list) entry to operate over L2 data traffic..
Release
This configuration was introduced in OcNOS version 6.1.0.
OpenConfig NetConf Payload
<acl xmlns="http://openconfig.net/yang/acl">
<acl-sets>
<acl-set>
<name>ACL_OC_L2</name>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_L2</type>
<config>
<name>ACL_OC_L2</name>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_L2</type>
<description>ACL L2 CFG Test</description>
</config>
<acl-entries>
<acl-entry>
<sequence-id>1</sequence-id>
<config>
<sequence-id>1</sequence-id>
</config>
<l2>
<config>
<destination-mac>00BB.CCDD.EEFF</destination-mac>
<destination-mac-mask>AC00.0000.0000</destination-mac-mask>
<ethertype>ETHERTYPE_IPV4</ethertype>
<source-mac>0000.CCDD.EEFF</source-mac>
<source-mac-mask>AABB.0000.0000</source-mac-mask>
</config>
</l2>
<actions>
<config>
<forwarding-action
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACCEPT</forwarding-action>
</config>
</actions>
</acl-entry>
</acl-entries>
</acl-set>
</acl-sets>
</acl>
OcNOS CLI Command
mac access-list ACL_OC_L2
remark ACL L2 CFG Test
1 permit 0000.CCDD.EEFF AABB.0000.0000 00BB.CCDD.EEFF AC00.0000.0000 ipv4
!
OcNOS NetConf Payload
<acl xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-acl">
<acl-sets>
<acl-set>
<name>ACL_OC_L2</name>
<type>mac</type>
<config>
<name>ACL_OC_L2</name>
<type>mac</type>
<description>ACL L2 CFG Test</description>
</config>
<acl-entries>
<acl-entry>
<sequence-id>1</sequence-id>
<config>
<sequence-id>1</sequence-id>
</config>
<mac>
<config>
<destination-mac-address>0000.0000.0000</destination-mac-address>
<destination-mac-mask>AA32.CCDD.EE10</destination-mac-mask>
<ethertype>ipv4</ethertype>
<source-mac-address>0000.0000.00EE</source-mac-address>
<source-mac-mask>AABB.CCDD.EE11</source-mac-mask>
<forwarding-action>permit</forwarding-action>
</config>
</mac>
</acl-entry>
</acl-entries>
</acl-set>
</acl-sets>
</acl>
Validation with NetConf get
<acl xmlns="http://openconfig.net/yang/acl">
<acl-sets>
<acl-set>
<name>ACL_OC_L2</name>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_L2</type>
<config>
<name>ACL_OC_L2</name>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_L2</type>
<description>ACL L2 CFG Test</description>
</config>
<acl-entries>
<acl-entry>
<sequence-id>1</sequence-id>
<config>
<sequence-id>1</sequence-id>
</config>
<mac>
<config>
<source-mac>0000.CCDD.EEFF</source-mac>
<source-mac-mask>AABB.0000.0000</source-mac-mask>
<ethertype>ETHERTYPE_IPV4</ethertype>
<destination-mac>00BB.CCDD.EEFF</destination-mac>
<destination-mac-mask>AC00.0000.0000</destination-mac-mask>
</config>
</mac>
<actions>
<config>
<forwarding-action
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACCEPT</forwarding-action>
</config>
</actions>
</acl-entry>
</acl-entries>
</acl-set>
</acl-sets>
</acl>
Restrictions
N/A
Create IPv4 entries
This XML configuration snippet is used to create an ACL entry to operate over IPv4 data traffic.
Release
This configuration was introduced in OcNOS version 6.1.0.
OpenConfig NetConf Payload
<acl xmlns="http://openconfig.net/yang/acl">
<acl-sets>
<acl-set>
<name>ACL_OC_IPV4</name>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_IPV4</type>
<config>
<name>ACL_OC_IPV4</name>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_IPV4</type>
<description>ACL TFW Test</description>
</config>
<acl-entries>
<acl-entry>
<sequence-id>10</sequence-id>
<config>
<sequence-id>10</sequence-id>
</config>
<ipv4>
<config>
<source-address>1.1.1.0/24</source-address>
<destination-address>2.2.2.0/24</destination-address>
<dscp>18</dscp>
<protocol>6</protocol>
</config>
</ipv4>
<actions>
<config>
<forwarding-action
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACCEPT</forwarding-action>
</config>
</actions>
<transport>
<config>
<explicit-tcp-flags
xmlns:oc-pkt-match-types="http://openconfig.net/yang/packet-match-types">oc-pkt-match-types:TCP_SYN</explicit-tcp-flags>
<source-port>22</source-port>
<destination-port>80</destination-port>
</config>
</transport>
</acl-entry>
</acl-entries>
</acl-set>
</acl-sets>
</acl>
OcNOS CLI Command
ip access-list ACL_OC_IPV4
remark ACL TFW Test
10 permit tcp 1.1.1.0/24 2.2.2.0/24 dscp af21 syn
!
OcNOS NetConf Payload
<acl xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-acl">
<acl-sets>
<acl-set>
<name>ACL_OC_IPV4</name>
<type>ip</type>
<config>
<name>ACL_OC_IPV4</name>
<type>ip</type>
<description>ACL TFW Test</description>
</config>
<acl-entries>
<acl-entry>
<sequence-id>10</sequence-id>
<config>
<sequence-id>10</sequence-id>
</config>
<ipv4>
<config>
<source-address>1.1.1.0/24</source-address>
<destination-address>2.2.2.0/24</destination-address>
<dscp>18</dscp>
<protocol-tcp />
<tcp-source-port>22</tcp-source-port>
<tcp-destination-port>80</tcp-destination-port>
<tcp-flags>syn</tcp-flags>
<forwarding-action>permit</forwarding-action>
</config>
</ipv4>
</acl-entry>
</acl-entries>
</acl-set>
</acl-sets>
</acl>
Validation with NetConf get
<acl xmlns="http://openconfig.net/yang/acl">
<acl-sets>
<acl-set>
<name>ACL_OC_IPV4</name>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_IPV4</type>
<config>
<name>ACL_OC_IPV4</name>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_IPV4</type>
<description>ACL TFW Test</description>
</config>
<acl-entries>
<acl-entry>
<sequence-id>10</sequence-id>
<config>
<sequence-id>10</sequence-id>
</config>
<ipv4>
<config>
<source-address>1.1.1.0/24</source-address>
<destination-address>2.2.2.0/24</destination-address>
<dscp>18</dscp>
<protocol>6</protocol>
</config>
</ipv4>
<actions>
<config>
<forwarding-action
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACCEPT</forwarding-action>
</config>
</actions>
<transport>
<config>
<explicit-tcp-flags
xmlns:oc-pkt-match-types="http://openconfig.net/yang/packet-match-types">oc-pkt-match-types:TCP_SYN</explicit-tcp-flags>
</config>
</transport>
</acl-entry>
</acl-entries>
</acl-set>
</acl-sets>
</acl>
Restrictions
The old Open Config leaf /oc-acl:acl/acl-sets/acl-set/acl-entries/acl-entry[sequence-id]/transport/config/tcp-flags and was renamed on Open Config v2.0.0., now it is named explicit-tcp-flags. The new XPath is /oc-acl:acl/acl-sets/acl-set/acl-entries/acl-entry/transport/config/explicit-tcp-flags.
OpenConfig leaves /acl/acl-sets/acl-set/acl-entries/acl-entry/transport/config/explicit-tcp-flags and /acl/acl-sets/acl-set/acl-entries/acl-entry/transport/state/explicit-tcp-flags have the following mapping:
 
OpenConfig XPath /oc-acl:acl/acl-sets/acl-set/acl-entries/acl-entry/transport/config/explicit-tcp-flags
OcNOS XPath /acl/acl-sets/acl-set/acl-entries/acl-entry/ipv4/config/tcp-flags
TCP_ACK
ack
TCP_FIN
fin
TCP_PSH
psh
TCP_RST
rst
TCP_SYN
syn
TCP_URG
urg
TCP_IPI_ESTABLISHED
(Pay attention, this value was add by OcNOS through deviation file ipi-oc-acl-deviations.yang)
established
Create IPv6 entries
This XML configuration snippet is used to create an ACL (access control list) entry to operate over IPv6 data traffic.
Release
This configuration was introduced in OcNOS version 6.1.0.
OpenConfig NetConf Payload
<acl xmlns="http://openconfig.net/yang/acl">
<acl-sets>
<acl-set>
<name>ACL_OC_IPV6</name>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_IPV6</type>
<config>
<name>ACL_OC_IPV6</name>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_IPV6</type>
<description>ACL TFW Test</description>
</config>
<acl-entries>
<acl-entry>
<sequence-id>11</sequence-id>
<config>
<sequence-id>11</sequence-id>
</config>
<ipv6>
<config>
<source-address>2000::/8</source-address>
<destination-address>2001::/16</destination-address>
<dscp>23</dscp>
<protocol>6</protocol>
</config>
</ipv6>
<actions>
<config>
<forwarding-action
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:REJECT</forwarding-action>
</config>
</actions>
</acl-entry>
</acl-entries>
</acl-set>
</acl-sets>
</acl>
OcNOS CLI Command
ipv6 access-list ACL_OC_IPV6
remark ACL TFW Test
11 deny tcp 2000::/8 2001::/16 dscp 23
!
OcNOS NetConf Payload
<acl xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-acl">
<acl-sets>
<acl-set>
<name>ACL_OC_IPV6</name>
<type>ipv6</type>
<config>
<name>ACL_OC_IPV6</name>
<type>ipv6</type>
<description>ACL TFW Test</description>
</config>
<acl-entries>
<acl-entry>
<sequence-id>11</sequence-id>
<config>
<sequence-id>11</sequence-id>
</config>
<ipv6>
<config>
<source-address>2000::/8</source-address>
<destination-address>2001::/16</destination-address>
<dscp>23</dscp>
<protocol-tcp />
<forwarding-action>deny</forwarding-action>
</config>
</ipv6>
</acl-entry>
</acl-entries>
</acl-set>
</acl-sets>
</acl>
Validation with NetConf get
<acl xmlns="http://openconfig.net/yang/acl">
<acl-sets>
<acl-set>
<name>ACL_OC_IPV6</name>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_IPV6</type>
<config>
<name>ACL_OC_IPV6</name>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_IPV6</type>
<description>ACL TFW Test</description>
</config>
<acl-entries>
<acl-entry>
<sequence-id>11</sequence-id>
<config>
<sequence-id>11</sequence-id>
</config>
<ipv6>
<config>
<source-address>2000::/8</source-address>
<destination-address>2001::/16</destination-address>
<dscp>23</dscp>
<protocol>6</protocol>
</config>
</ipv6>
<actions>
<config>
<forwarding-action
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:REJECT</forwarding-action>
</config>
</actions>
</acl-entry>
</acl-entries>
</acl-set>
</acl-sets>
</acl>
Restrictions
The old Open Config leaf /oc-acl:acl/acl-sets/acl-set/acl-entries/acl-entry[sequence-id]/transport/config/tcp-flags was renamed on Open Config v2.0.0., now it is named explicit-tcp-flags. The new XPath is /oc-acl:acl/acl-sets/acl-set/acl-entries/acl-entry/transport/config/explicit-tcp-flags.
OpenConfig leaves /acl/acl-sets/acl-set/acl-entries/acl-entry/transport/config/explicit-tcp-flags and /acl/acl-sets/acl-set/acl-entries/acl-entry/transport/state/explicit-tcp-flags have the following mapping:
 
OpenConfig XPath /oc-acl:acl/acl-sets/acl-set/acl-entries/acl-entry/transport/config/explicit-tcp-flags
OcNOS XPath /acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/config/tcp-flags
TCP_ACK
ack
TCP_FIN
fin
TCP_PSH
psh
TCP_RST
rst
TCP_SYN
syn
TCP_URG
urg
TCP_IPI_ESTABLISHED
(Pay attention, this value was add by OcNOS through deviation file ipi-oc-acl-deviations.yang)
established
Create interfaces egress for IPv4/IPv6
This XML configuration snippet is used to associate an ACL (access control list) entry type IPv4/IPv6 to an interface on egress direction.
The interface can associate only one ACL (access control list) entry at time..
Release
This configuration was introduced in OcNOS version 6.1.0.
OpenConfig NetConf Payload
<acl xmlns="http://openconfig.net/yang/acl">
<interfaces>
<interface>
<id>eth1</id>
<config>
<id>eth1</id>
</config>
<egress-acl-sets>
<egress-acl-set>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_IPV4</type>
<set-name>ACL_OC_IPV4</set-name>
<config>
<set-name>ACL_OC_IPV4</set-name>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_IPV4</type>
</config>
</egress-acl-set>
</egress-acl-sets>
<interface-ref>
<config>
<interface>eth1</interface>
</config>
</interface-ref>
</interface>
</interfaces>
</acl>
OcNOS CLI Command
ip access-list ACL_OC_IPV4
remark ACL TFW Test
10 permit tcp 1.1.1.0/24 2.2.2.0/24 dscp af21 syn
!
interface eth1
ip access-group ACL_OC_IPV4 out
OcNOS NetConf Payload
<acl xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-acl">
<interfaces>
<interface>
<name>eth1</name>
<config>
<name>eth1</name>
</config>
<egress-acl-sets>
<egress-acl-set>
<acl-type>ip</acl-type>
<access-groups>
<access-group>
<acl-name>ACL_OC_IPV4</acl-name>
<config>
<acl-name>ACL_OC_IPV4</acl-name>
</config>
</access-group>
</access-groups>
<config>
<acl-type>ip</acl-type>
</config>
</egress-acl-set>
</egress-acl-sets>
</interface>
</interfaces>
</acl>
Validation with NetConf get
<acl xmlns="http://openconfig.net/yang/acl">
<interfaces>
<interface>
<id>eth1</id>
<config>
<id>eth1</id>
</config>
<egress-acl-sets>
<egress-acl-set>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_IPV4</type>
<set-name>ACL_OC_IPV4</set-name>
<config>
<set-name>ACL_OC_IPV4</set-name>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_IPV4</type>
</config>
</egress-acl-set>
</egress-acl-sets>
<interface-ref>
<config>
<interface>eth1</interface>
</config>
</interface-ref>
</interface>
</interfaces>
</acl>
Restrictions
Only one ACL entry can be associate on interface on egress direction.
/acl/interfaces/interface/id
This leaf must have the format “<interface>.<subinterface>”, e.g., xe10.2, and it is limited to 32 characters.
Create interfaces ingress for IPv4/IPv6
This XML configuration snippet is used to associate an ACL (access control list) entry type IPv4/IPv6 to an interface on ingress direction.
The interface can associate only one ACL (access control list) entry at time.
Release
This configuration was introduced in OcNOS version 6.1.0.
OpenConfig NetConf Payload
<acl xmlns="http://openconfig.net/yang/acl">
<interfaces>
<interface>
<id>eth1</id>
<config>
<id>eth1</id>
</config>
<ingress-acl-sets>
<ingress-acl-set>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_IPV4</type>
<set-name>ACL_OC_IPV4</set-name>
<config>
<set-name>ACL_OC_IPV4</set-name>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_IPV4</type>
</config>
</ingress-acl-set>
</ingress-acl-sets>
<interface-ref>
<config>
<interface>eth1</interface>
</config>
</interface-ref>
</interface>
</interfaces>
</acl>
 
OcNOS CLI Command
ip access-list ACL_OC_IPV4
remark ACL TFW Test
10 permit tcp 1.1.1.0/24 2.2.2.0/24 dscp af21 syn
!
interface eth1
ip access-group ACL_OC_IPV4 in
OcNOS NetConf Payload
<acl xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-acl">
<interfaces>
<interface>
<name>eth1</name>
<config>
<name>eth1</name>
</config>
<ingress-acl-sets>
<ingress-acl-set>
<acl-type>ip</acl-type>
<access-groups>
<access-group>
<acl-name>ACL_OC_IPV4</acl-name>
<config>
<acl-name>ACL_OC_IPV4</acl-name>
</config>
</access-group>
</access-groups>
<config>
<acl-type>ip</acl-type>
</config>
</ingress-acl-set>
</ingress-acl-sets>
</interface>
</interfaces>
</acl>
Validation with NetConf get
<acl xmlns="http://openconfig.net/yang/acl">
<interfaces>
<interface>
<id>eth1</id>
<config>
<id>eth1</id>
</config>
<ingress-acl-sets>
<ingress-acl-set>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_IPV4</type>
<set-name>ACL_OC_IPV4</set-name>
<config>
<set-name>ACL_OC_IPV4</set-name>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_IPV4</type>
</config>
</ingress-acl-set>
</ingress-acl-sets>
<interface-ref>
<config>
<interface>eth1</interface>
</config>
</interface-ref>
</interface>
</interfaces>
</acl>
Restrictions
Only one ACL (access control list) entry can be associate on interface on ingress direction.
 
/acl/interfaces/interface/id
This leaf must have the format “<interface>.<subinterface>”, e.g., xe10.2, and it is limited to 32 characters.
Create interfaces egress for L2
This XML configuration snippet is used to associate an ACL (access control list) entry type L2 to an interface on egress direction.
The interface can associate only one ACL (access control list) entry at time.
Release
This configuration was introduced in OcNOS version 6.1.0.
OpenConfig NetConf Payload
<acl xmlns="http://openconfig.net/yang/acl">
<interfaces>
<interface>
<id>eth3</id>
<config>
<id>eth3</id>
</config>
<egress-acl-sets>
<egress-acl-set>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_L2</type>
<set-name>ACL_OC_L2</set-name>
<config>
<set-name>ACL_OC_L2</set-name>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_L2</type>
</config>
</egress-acl-set>
</egress-acl-sets>
<interface-ref>
<config>
<interface>eth3</interface>
</config>
</interface-ref>
</interface>
</interfaces>
</acl>
OcNOS CLI Command
mac access-list ACL_OC_L2
remark ACL L2 CFG Test
1 permit 0000.CCDD.EEFF AABB.0000.0000 00BB.CCDD.EEFF AC00.0000.0000 ipv4
!
interface eth3
mac access-group ACL_OC_L2 out
!
OcNOS NetConf Payload
<acl xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-acl">
<interfaces>
<interface>
<name>eth3</name>
<config>
<name>eth3</name>
</config>
<egress-acl-sets>
<egress-acl-set>
<acl-type>mac</acl-type>
<access-groups>
<access-group>
<acl-name>ACL_OC_L2</acl-name>
<config>
<acl-name>ACL_OC_L2</acl-name>
</config>
</access-group>
</access-groups>
<config>
<acl-type>mac</acl-type>
</config>
</egress-acl-set>
</egress-acl-sets>
</interface>
</interfaces>
</acl>
Validation with NetConf get
<acl xmlns="http://openconfig.net/yang/acl">
<interfaces>
<interface>
<id>eth3</id>
<config>
<id>eth3</id>
</config>
<egress-acl-sets>
<egress-acl-set>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_L2</type>
<set-name>ACL_OC_L2</set-name>
<config>
<set-name>ACL_OC_L2</set-name>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_L2</type>
</config>
</egress-acl-set>
</egress-acl-sets>
<interface-ref>
<config>
<interface>eth3</interface>
</config>
</interface-ref>
</interface>
</interfaces>
</acl>
Restrictions
Only one ACL (access control list) entry can be associate on interface on egress direction.
/acl/interfaces/interface/id
This leaf must have the format “<interface>.<subinterface>”, e.g., xe10.2, and it is limited to 32 characters.
Create interfaces ingress for L2
This XML configuration snippet is used to associate an ACL (access control list) entry type L2 to an interface on ingress direction.
The interface can associate only one ACL entry at time..
Release
This configuration was introduced in OcNOS version 6.1.0.
OpenConfig NetConf Payload
<acl xmlns="http://openconfig.net/yang/acl">
<interfaces>
<interface>
<id>eth3</id>
<config>
<id>eth3</id>
</config>
<ingress-acl-sets>
<ingress-acl-set>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_L2</type>
<set-name>ACL_OC_L2</set-name>
<config>
<set-name>ACL_OC_L2</set-name>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_L2</type>
</config>
</ingress-acl-set>
</ingress-acl-sets>
<interface-ref>
<config>
<interface>eth3</interface>
</config>
</interface-ref>
</interface>
</interfaces>
</acl>
OcNOS CLI Command
mac access-list ACL_OC_L2
remark ACL L2 CFG Test
1 permit 0000.CCDD.EEFF AABB.0000.0000 00BB.CCDD.EEFF AC00.0000.0000 ipv4
!
interface eth3
mac access-group ACL_OC_L2 in
!
OcNOS NetConf Payload
<acl xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-acl">
<interfaces>
<interface>
<name>eth3</name>
<config>
<name>eth3</name>
</config>
<ingress-acl-sets>
<ingress-acl-set>
<acl-type>mac</acl-type>
<access-groups>
<access-group>
<acl-name>ACL_OC_L2</acl-name>
<config>
<acl-name>ACL_OC_L2</acl-name>
</config>
</access-group>
</access-groups>
<config>
<acl-type>mac</acl-type>
</config>
</ingress-acl-set>
</ingress-acl-sets>
</interface>
</interfaces>
</acl>
Validation with NetConf get
<acl xmlns="http://openconfig.net/yang/acl">
<interfaces>
<interface>
<id>eth3</id>
<config>
<id>eth3</id>
</config>
<ingress-acl-sets>
<ingress-acl-set>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_L2</type>
<set-name>ACL_OC_L2</set-name>
<config>
<set-name>ACL_OC_L2</set-name>
<type
xmlns:oc-acl="http://openconfig.net/yang/acl">oc-acl:ACL_L2</type>
</config>
</ingress-acl-set>
</ingress-acl-sets>
<interface-ref>
<config>
<interface>eth3</interface>
</config>
</interface-ref>
</interface>
</interfaces>
</acl>
Restrictions
Only one ACL (access control list) entry can be associate on interface on ingress direction.
/acl/interfaces/interface/id
This leaf must have the format “<interface>.<subinterface>”, e.g., xe10.2, and it is limited to 32 characters.