Class vz:RsDenyRule (CONCRETE)

Class ID:1325
Class Label: Deny Rule
Encrypted: false - Exportable: true - Persistent: true - Configurable: true - Subject to Quota: Disabled
Relationship Type: named
Relationship Cardinality: n-to-m
Relationship From: vz:TSubj
Relationship From Rel: vz:RsDenyRule
Relationship To: vz:Filter
Relationship To Rel: vz:RtDenyRule
Enforceable: true
Resolvable: true
Write Access: [admin, tenant-security]
Read Access: [admin, tenant-security]
Creatable/Deletable: yes (see Container Mos for details)
Semantic Scope: EPG
Semantic Scope Evaluation Rule: Parent
Monitoring Policy Source: Parent
Monitoring Flags : [ IsObservable: true, HasStats: false, HasFaults: true, HasHealth: true, HasEventRules: false ]

A filter is a group of resolvable filter entries. Each filter entry is a combination of network traffic classification properties. Note that this relation is an internal object.

Naming Rules
RN FORMAT: rsdenyRule-{tnVzFilterName}

    [1] PREFIX=rsdenyRule- PROPERTY = tnVzFilterName




DN FORMAT: 

[1] uni/tn-{name}/taboo-{name}/tsubj-{name}/rsdenyRule-{tnVzFilterName}

                


Diagram

Super Mo: pol:NToRef,
Container Mos: vz:TSubj (deletable:yes),


Containers Hierarchies
[V] top:Root  This class represents the root element in the object hierarchy. All managed objects in the system are descendants of the Root element.
 ├
[V] fabric:Topology The root for IFC topology.
 
 ├
[V] fabric:Pod A pod.
 
 
 ├
[V] fabric:Node The root node for the APIC.
 
 
 
 ├
[V] ctx:Local The local Context.
 
 
 
 
 ├
[V] ctx:Application The context application.
 
 
 
 
 
 ├
[V] pol:Uni Represents policy definition/resolution universe.
 
 
 
 
 
 
 ├
[V] fv:Tenant A policy owner in the virtual fabric. A tenant can be either a private or a shared entity. For example, you can create a tenant with contexts and bridge domains shared by other tenants. A shared type of tenant is typically named common, default, or infra.
 
 
 
 
 
 
 
 ├
[V] vz:Taboo A Taboo contract provides a way for an endpoint group to specify the subjects on which communication is not allowed.
 
 
 
 
 
 
 
 
 ├
[V] vz:TSubj The subjects for a service contract represents a sub-application running behind an endpoint group, such as an exchange server. A subject is parented by the contract.
 
 
 
 
 
 
 
 
 
 ├
[V] vz:RsDenyRule A filter is a group of resolvable filter entries. Each filter entry is a combination of network traffic classification properties. Note that this relation is an internal object.
[V] top:Root  This class represents the root element in the object hierarchy. All managed objects in the system are descendants of the Root element.
 ├
[V] pol:Uni Represents policy definition/resolution universe.
 
 ├
[V] fv:Tenant A policy owner in the virtual fabric. A tenant can be either a private or a shared entity. For example, you can create a tenant with contexts and bridge domains shared by other tenants. A shared type of tenant is typically named common, default, or infra.
 
 
 ├
[V] vz:Taboo A Taboo contract provides a way for an endpoint group to specify the subjects on which communication is not allowed.
 
 
 
 ├
[V] vz:TSubj The subjects for a service contract represents a sub-application running behind an endpoint group, such as an exchange server. A subject is parented by the contract.
 
 
 
 
 ├
[V] vz:RsDenyRule A filter is a group of resolvable filter entries. Each filter entry is a combination of network traffic classification properties. Note that this relation is an internal object.


Contained Hierarchy
[V] vz:RsDenyRule A filter is a group of resolvable filter entries. Each filter entry is a combination of network traffic classification properties. Note that this relation is an internal object.
 ├
[V] fault:Counts An immutable object that provides the number of critical, major, minor, and warning faults raised on its parent object and its subtree.
 ├
[V] fault:Inst Contains detailed information of a fault. This object is attached as a child of the object on which the fault condition occurred. One instance object is created for each fault condition of the parent object. A fault instance object is identified by a fault code.
 ├
[V] health:Inst A base class for a health score instance.(Switch only)


Inheritance
[V] reln:Inst This is generated and used only by internal processes.
 ├
[V] reln:To This is generated and used only by internal processes.
 
 ├
[V] pol:NToRef Represents a source name.
 
 
 ├
[V] vz:RsDenyRule A filter is a group of resolvable filter entries. Each filter entry is a combination of network traffic classification properties. Note that this relation is an internal object.


Events
                vz:RsDenyRule:creation__vz_RsDenyRule
vz:RsDenyRule:modification__vz_RsDenyRule
vz:RsDenyRule:deletion__vz_RsDenyRule


Faults
                vz:RsDenyRule:ResolveFail
pol:NToRef:mismatchTarget


Fsms
                


Properties Summary
Defined in: vz:RsDenyRule
vz:RAction
          scalar:Bitmask8
directives  (vz:RsDenyRule:directives)
           The filter directives assigned to the taboo contract.
reference:BinRef monPolDn  (vz:RsDenyRule:monPolDn)
          
reln:ClassId
          scalar:Enum16
tCl  (vz:RsDenyRule:tCl)
           Overrides:reln:Inst:tCl
           null
naming:Name
          string:Basic
tnVzFilterName  (vz:RsDenyRule:tnVzFilterName)
           The filter name.
Defined in: pol:NToRef
reln:Dn
          reference:BinRef
tContextDn  (pol:NToRef:tContextDn)
           Specifies the target context distinguished name.
string:Basic tRn  (pol:NToRef:tRn)
           Specifies the target's related name.
reln:TargetType
          scalar:Enum8
tType  (pol:NToRef:tType)
           Overrides:reln:To:tType
           Represents the type of target. The target type for this object is named.
Defined in: reln:To
scalar:Bool forceResolve  (reln:To:forceResolve)
           Whether the relation should force pull the target.
reln:ResolverType
          scalar:Enum8
rType  (reln:To:rType)
           Represents the type of resolver.
reln:State
          scalar:Enum8
state  (reln:To:state)
           Represents the state of the relationship.
reln:StateQual
          scalar:Enum8
stateQual  (reln:To:stateQual)
           Represents the state qualifier of the relationship.
Defined in: reln:Inst
reln:Dn
          reference:BinRef
tDn  (reln:Inst:tDn)
           The distinguished name of the target.
Defined in: mo:TopProps
mo:ModificationChildAction
          scalar:Bitmask32
childAction  (mo:TopProps:childAction)
           Delete or ignore. For internal use only.
reference:BinRef dn  (mo:TopProps:dn)
           A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module.
reference:BinRN rn  (mo:TopProps:rn)
           Identifies an object from its siblings within the context of its parent object. The distinguished name contains a sequence of relative names.
mo:ModificationStatus
          scalar:Bitmask32
status  (mo:TopProps:status)
           The upgrade status. This property is for internal use only.
Defined in: mo:Modifiable
mo:TStamp
          scalar:Date
modTs  (mo:Modifiable:modTs)
           The time when this object was last modified.
Defined in: mo:Resolvable
mo:Owner
          scalar:Enum8
lcOwn  (mo:Resolvable:lcOwn)
           A value that indicates how this object was created. For internal use only.
Defined in: mo:Ownable
scalar:Uint16 uid  (mo:Ownable:uid)
           A unique identifier for this object.
Properties Detail

childAction

Type: mo:ModificationChildAction
Primitive Type: scalar:Bitmask32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelChildAction
    Comments:
Delete or ignore. For internal use only.
Constants
deleteAll 16384u deleteAll NO COMMENTS
ignore 4096u ignore NO COMMENTS
deleteNonPresent 8192u deleteNonPresent NO COMMENTS
DEFAULT 0 --- This type is used to





directives

Type: vz:RAction
Primitive Type: scalar:Bitmask8

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Comments:
The filter directives assigned to the taboo contract.
Constants
none 0 none log
log 2 log NO COMMENTS
DEFAULT none(0) none log





dn

Type: reference:BinRef

Units: null
Encrypted: false
Access: implicit
Category: TopLevelDn
    Comments:
A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module.



forceResolve

Type: scalar:Bool

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
Whether the relation should force pull the target.
Constants
no false --- NO COMMENTS
yes true --- NO COMMENTS
DEFAULT yes(true) --- NO COMMENTS





lcOwn

Type: mo:Owner
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
A value that indicates how this object was created. For internal use only.
Constants
local 0 Local NO COMMENTS
policy 1 Policy NO COMMENTS
replica 2 Replica NO COMMENTS
resolveOnBehalf 3 ResolvedOnBehalf NO COMMENTS
implicit 4 Implicit NO COMMENTS
DEFAULT local(0) Local NO COMMENTS





modTs

Type: mo:TStamp
Primitive Type: scalar:Date

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
The time when this object was last modified.
Constants
never 0ull never NO COMMENTS
DEFAULT never(0ull) never NO COMMENTS





monPolDn

Type: reference:BinRef

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:



rType

Type: reln:ResolverType
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
Represents the type of resolver.
Constants
mo 1 mo NO COMMENTS
service 2 service NO COMMENTS
local 3 local NO COMMENTS
DEFAULT mo(1) mo NO COMMENTS





rn

Type: reference:BinRN

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRn
    Comments:
Identifies an object from its siblings within the context of its parent object. The distinguished name contains a sequence of relative names.



state

Type: reln:State
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
Represents the state of the relationship.
Constants
unformed 0 unformed the relationship is not formed
formed 1 formed the relationship is formed with the target object
missing-target 2 missing-target target does not exist
invalid-target 4 invalid-target invalid target DN
cardinality-violation 5 cardinality-violation cardinality violation - When relations are created such that they violate the cardinality, state of the relation would be set to this.
DEFAULT unformed(0) unformed the relationship is not formed





stateQual

Type: reln:StateQual
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
Represents the state qualifier of the relationship.
Constants
none 0 none no issue
mismatch-target 1 mismatch-target target not found, using default
default-target 2 default-target target not specified, using default
DEFAULT none(0) none no issue





status

Type: mo:ModificationStatus
Primitive Type: scalar:Bitmask32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelStatus
    Comments:
The upgrade status. This property is for internal use only.
Constants
created 2u created In a setter method: specifies that an object should be created. An error is returned if the object already exists.
In the return value of a setter method: indicates that an object has been created.
modified 4u modified In a setter method: specifies that an object should be modified
In the return value of a setter method: indicates that an object has been modified.
deleted 8u deleted In a setter method: specifies that an object should be deleted.
In the return value of a setter method: indicates that an object has been deleted.
DEFAULT 0 --- This type controls the life cycle of objects passed in the XML API.

When used in a setter method (such as configConfMo), the ModificationStatus specifies whether an object should be created, modified, deleted or removed.
In the return value of a setter method, the ModificationStatus indicates the actual operation that was performed. For example, the ModificationStatus is set to "created" if the object was created. The ModificationStatus is not set if the object was neither created, modified, deleted or removed.

When invoking a setter method, the ModificationStatus is optional:
If a setter method such as configConfMo is invoked and the ModificationStatus is not set, the system automatically determines if the object should be created or modified.






tCl

Type: reln:ClassId
Primitive Type: scalar:Enum16

Overrides:reln:Inst:tCl
Units: null Encrypted: false Access: implicit Category: TopLevelRegular
    Comments:
null
Constants
unspecified 0 unspecified NO COMMENTS
vzFilter 1362 --- NO COMMENTS
DEFAULT vzFilter(1362) --- NO COMMENTS





tContextDn

Type: reln:Dn
Primitive Type: reference:BinRef

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
Specifies the target context distinguished name.



tDn

Type: reln:Dn
Primitive Type: reference:BinRef

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
The distinguished name of the target.



tRn

Type: string:Basic

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
Specifies the target's related name.



tType

Type: reln:TargetType
Primitive Type: scalar:Enum8

Overrides:reln:To:tType
Units: null Encrypted: false Access: implicit Category: TopLevelRegular
    Comments:
Represents the type of target. The target type for this object is named.
Constants
name 0 name NO COMMENTS
mo 1 mo NO COMMENTS
all 2 all NO COMMENTS
DEFAULT name(0) name NO COMMENTS





tnVzFilterName

Type: naming:Name
Primitive Type: string:Basic

Units: null
Encrypted: false
Naming Property -- [NAMING RULES]
Access: naming
Category: TopLevelRegular
Property Validators:
    Range:  min: "1"  max: "64"
        Allowed Chars:
            Regex: [a-zA-Z0-9_.:-]+
    Comments:
The filter name.



uid

Type: scalar:Uint16

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
A unique identifier for this object.