Class actrl:Rule (CONCRETE)

Class ID:2481
Class Label: Rule
Encrypted: false - Exportable: false - Persistent: true - Configurable: false - Subject to Quota: Disabled
Write Access: [NON CONFIGURABLE]
Read Access: [admin, tenant-security]
Creatable/Deletable: yes (see Container Mos for details)
Semantic Scope: EPG
Semantic Scope Evaluation Rule: Explicit
Monitoring Policy Source: Explicit
Monitoring Flags : [ IsObservable: true, HasStats: true, HasFaults: true, HasHealth: true, HasEventRules: false ]

The zoning rules for tenant endpoint groups.

Naming Rules
RN FORMAT: rule-{scopeId}-s-{sPcTag}-d-{dPcTag}-f-{fltId}

    [1] PREFIX=rule- PROPERTY = scopeId


    [2] PREFIX=-s- PROPERTY = sPcTag


    [3] PREFIX=-d- PROPERTY = dPcTag


    [4] PREFIX=-f- PROPERTY = fltId




DN FORMAT: 

[0] topology/pod-{id}/node-{id}/sys/actrl/scope-{id}/rule-{scopeId}-s-{sPcTag}-d-{dPcTag}-f-{fltId}

[1] sys/actrl/scope-{id}/rule-{scopeId}-s-{sPcTag}-d-{dPcTag}-f-{fltId}

                


Diagram

Super Mo: actrl:ARule,
Container Mos: actrl:Scope (deletable:yes),
Contained Mos: vz:RuleOwner, vz:TrCreatedBy,
Relations To: actrl:AuxRule, svccopy:DestGrp, vz:ToEPg, fv:ProtEPg, svcredir:DestGrp, sts:VNode, vlan:CktEp,
Relations: actrl:RsAuxRule, actrl:RsToCopyDestGrp, actrl:RsToEpgConn, actrl:RsToEpgProt, actrl:RsToRedirDestGrp, actrl:RsToStsVNode, actrl:RsToVlanCkt,


Containers Hierarchies
[V] top:Root  This class represents the root element in the object hierarchy. All managed objects in the system are descendants of the Root element.
 ├
[V] fabric:Topology The root for IFC topology.
 
 ├
[V] fabric:Pod A pod.
 
 
 ├
[V] fabric:Node The root node for the APIC.
 
 
 
 ├
[V] top:System The APIC uses a policy model to combine data into a health score. Health scores can be aggregated for a variety of areas such as for the infrastructure, applications, or services. The category health score is calculated using a Lp -Norm formula. The health score penalty equals 100 minus the health score. The health score penalty represents the overall health score penalties of a set of MOs that belong to a given category and are children or direc...
 
 
 
 
 ├
[V] actrl:Entity The ACTRL control plane entity information.
 
 
 
 
 
 ├
[V] actrl:Scope The scope of the zoning rules.
 
 
 
 
 
 
 ├
[V] actrl:Rule The zoning rules for tenant endpoint groups.
[V] top:Root  This class represents the root element in the object hierarchy. All managed objects in the system are descendants of the Root element.
 ├
[V] top:System The APIC uses a policy model to combine data into a health score. Health scores can be aggregated for a variety of areas such as for the infrastructure, applications, or services. The category health score is calculated using a Lp -Norm formula. The health score penalty equals 100 minus the health score. The health score penalty represents the overall health score penalties of a set of MOs that belong to a given category and are children or direc...
 
 ├
[V] actrl:Entity The ACTRL control plane entity information.
 
 
 ├
[V] actrl:Scope The scope of the zoning rules.
 
 
 
 ├
[V] actrl:Rule The zoning rules for tenant endpoint groups.


Contained Hierarchy
[V] actrl:Rule The zoning rules for tenant endpoint groups.
 ├
[V] actrl:RsAuxRule 
 ├
[V] actrl:RsToCopyDestGrp  Relationship to the copy service object
 ├
[V] actrl:RsToEpgConn 
 ├
[V] actrl:RsToEpgProt 
 ├
[V] actrl:RsToRedirDestGrp  Relationship to the service object for pbr redirection
 ├
[V] actrl:RsToStsVNode 
 ├
[V] actrl:RsToVlanCkt  Relationship to the vlan::CktEp Used for DVS USEG feature for ref counting number of Ckts using this rule Single vlanCktEp will be shared by multiple base EPGs in a given BD
 ├
[V] fault:Counts An immutable object that provides the number of critical, major, minor, and warning faults raised on its parent object and its subtree.
 ├
[V] fault:Delegate Exposes internal faults to the user. A fault delegate object can be defined on IFC (for example, for an endpoint group) and when the fault is raised (for example, under an endpoint policy on a switch), a fault delegate object is created on IFC under the specified object. A fault delegate object follows the lifecycle of the original fault instance object, being created, modified, or deleted based on the changes of the original fault.
 ├
[V] fault:Inst Contains detailed information of a fault. This object is attached as a child of the object on which the fault condition occurred. One instance object is created for each fault condition of the parent object. A fault instance object is identified by a fault code.
 ├
[V] health:Inst A base class for a health score instance.(Switch only)
 ├
[V] vz:RuleOwner 
 
 ├
[V] fault:Delegate Exposes internal faults to the user. A fault delegate object can be defined on IFC (for example, for an endpoint group) and when the fault is raised (for example, under an endpoint policy on a switch), a fault delegate object is created on IFC under the specified object. A fault delegate object follows the lifecycle of the original fault instance object, being created, modified, or deleted based on the changes of the original fault.
 ├
[V] vz:TrCreatedBy  Tracks the resource that created a Taboo rule.
 
 ├
[V] fault:Delegate Exposes internal faults to the user. A fault delegate object can be defined on IFC (for example, for an endpoint group) and when the fault is raised (for example, under an endpoint policy on a switch), a fault delegate object is created on IFC under the specified object. A fault delegate object follows the lifecycle of the original fault instance object, being created, modified, or deleted based on the changes of the original fault.


Inheritance
[V] naming:NamedObject An abstract base class for an object that contains a name.
 ├
[V] pol:Obj Represents a generic policy object.
 
 ├
[V] pol:Instr Represents a policy control instrumentation object.
 
 
 ├
[V] nw:FltRule A filter rule.
 
 
 
 ├
[V] actrl:ARule An ordered set of rules specifying access control policies based on src/dst policy tag and filter ID.
 
 
 
 
 ├
[V] actrl:Rule The zoning rules for tenant endpoint groups.


Stat Counters
scalar:Uint64 COUNTER: opflex:OvsContract:revBytes(bytes)
           received bytes (reverse)
          Comments: byte counter
scalar:Uint64 COUNTER: opflex:OvsContract:revPkts(packets)
           received packets (reverse)
          Comments: packet counter
scalar:Uint64 COUNTER: opflex:OvsContract:bytes(bytes)
           received bytes
          Comments: byte counter
scalar:Uint64 COUNTER: opflex:OvsContract:pkts(packets)
           received packets
          Comments: packet counter
scalar:Uint64 COUNTER: actrl:RuleHit:revPkts(packets)
           reverse hit packets
          Comments: Reverse Packet Stats Counter
scalar:Uint64 COUNTER: actrl:RuleHit:pkts(packets)
           hit packets
          Comments: Packet Stats Counter
scalar:Uint64 COUNTER: actrl:RuleHit:egrPkts(packets)
           egress hit packets
          Comments: Egress packet hit counter
scalar:Uint64 COUNTER: actrl:RuleHit:ingrPkts(packets)
           ingress hit packets
          Comments: Ingress packet hit counter


Stats
[V] actrl:Rule The zoning rules for tenant endpoint groups.
 ├
[V] actrl:RuleHit15min A class that represents the most current statistics for rule hits in a 15 minute sampling interval. This class updates every 5 minutes.
 ├
[V] actrl:RuleHit1d A class that represents the most current statistics for rule hits in a 1 day sampling interval. This class updates every hour.
 ├
[V] actrl:RuleHit1h A class that represents the most current statistics for rule hits in a 1 hour sampling interval. This class updates every 15 minutes.
 ├
[V] actrl:RuleHit1mo A class that represents the most current statistics for rule hits in a 1 month sampling interval. This class updates every day.
 ├
[V] actrl:RuleHit1qtr A class that represents the most current statistics for rule hits in a 1 quarter sampling interval. This class updates every day.
 ├
[V] actrl:RuleHit1w A class that represents the most current statistics for rule hits in a 1 week sampling interval. This class updates every day.
 ├
[V] actrl:RuleHit1year A class that represents the most current statistics for rule hits in a 1 year sampling interval. This class updates every day.
 ├
[V] actrl:RuleHit5min A class that represents the most current statistics for rule hits in a 5 minute sampling interval. This class updates every 10 seconds.
 ├
[V] actrl:RuleHitHist15min A class that represents historical statistics for rule hits in a 15 minute sampling interval. This class updates every 5 minutes.
 ├
[V] actrl:RuleHitHist1d A class that represents historical statistics for rule hits in a 1 day sampling interval. This class updates every hour.
 ├
[V] actrl:RuleHitHist1h A class that represents historical statistics for rule hits in a 1 hour sampling interval. This class updates every 15 minutes.
 ├
[V] actrl:RuleHitHist1mo A class that represents historical statistics for rule hits in a 1 month sampling interval. This class updates every day.
 ├
[V] actrl:RuleHitHist1qtr A class that represents historical statistics for rule hits in a 1 quarter sampling interval. This class updates every day.
 ├
[V] actrl:RuleHitHist1w A class that represents historical statistics for rule hits in a 1 week sampling interval. This class updates every day.
 ├
[V] actrl:RuleHitHist1year A class that represents historical statistics for rule hits in a 1 year sampling interval. This class updates every day.
 ├
[V] actrl:RuleHitHist5min A class that represents historical statistics for rule hits in a 5 minute sampling interval. This class updates every 10 seconds.
 ├
[V] opflex:OvsContract15min A class that represents the most current statistics for ovs contract stats in a 15 minute sampling interval. This class updates every 5 minutes.
 ├
[V] opflex:OvsContract1d A class that represents the most current statistics for ovs contract stats in a 1 day sampling interval. This class updates every hour.
 ├
[V] opflex:OvsContract1h A class that represents the most current statistics for ovs contract stats in a 1 hour sampling interval. This class updates every 15 minutes.
 ├
[V] opflex:OvsContract1mo A class that represents the most current statistics for ovs contract stats in a 1 month sampling interval. This class updates every day.
 ├
[V] opflex:OvsContract1qtr A class that represents the most current statistics for ovs contract stats in a 1 quarter sampling interval. This class updates every day.
 ├
[V] opflex:OvsContract1w A class that represents the most current statistics for ovs contract stats in a 1 week sampling interval. This class updates every day.
 ├
[V] opflex:OvsContract1year A class that represents the most current statistics for ovs contract stats in a 1 year sampling interval. This class updates every day.
 ├
[V] opflex:OvsContract5min A class that represents the most current statistics for ovs contract stats in a 5 minute sampling interval. This class updates every 10 seconds.
 ├
[V] opflex:OvsContractHist15min A class that represents historical statistics for ovs contract stats in a 15 minute sampling interval. This class updates every 5 minutes.
 ├
[V] opflex:OvsContractHist1d A class that represents historical statistics for ovs contract stats in a 1 day sampling interval. This class updates every hour.
 ├
[V] opflex:OvsContractHist1h A class that represents historical statistics for ovs contract stats in a 1 hour sampling interval. This class updates every 15 minutes.
 ├
[V] opflex:OvsContractHist1mo A class that represents historical statistics for ovs contract stats in a 1 month sampling interval. This class updates every day.
 ├
[V] opflex:OvsContractHist1qtr A class that represents historical statistics for ovs contract stats in a 1 quarter sampling interval. This class updates every day.
 ├
[V] opflex:OvsContractHist1w A class that represents historical statistics for ovs contract stats in a 1 week sampling interval. This class updates every day.
 ├
[V] opflex:OvsContractHist1year A class that represents historical statistics for ovs contract stats in a 1 year sampling interval. This class updates every day.
 ├
[V] opflex:OvsContractHist5min A class that represents historical statistics for ovs contract stats in a 5 minute sampling interval. This class updates every 10 seconds.


Events
                


Faults
                


Fsms
                


Properties Summary
Defined in: actrl:Rule
scalar:Bitmask64 actrlCfgFailedBmp  (actrl:Rule:actrlCfgFailedBmp)
           The rule failed configuration information.
scalar:Time actrlCfgFailedTs  (actrl:Rule:actrlCfgFailedTs)
           The day and time the configured rule failed.
scalar:UByte actrlCfgState  (actrl:Rule:actrlCfgState)
           The rule configuration state.
actrl:PcTag
          scalar:Uint32
dPcTag  (actrl:Rule:dPcTag)
           Overrides:actrl:ARule:dPcTag
           Specifies the destination policy tag.
actrl:FltId
          scalar:Uint32
fltId  (actrl:Rule:fltId)
           Overrides:actrl:ARule:fltId
           The rule filter identifier.
reference:BinRef monPolDn  (actrl:Rule:monPolDn)
          
actrl:PcTag
          scalar:Uint32
sPcTag  (actrl:Rule:sPcTag)
           Overrides:actrl:ARule:sPcTag
           Specifies the source policy tag.
actrl:ScopeId
          scalar:Uint32
scopeId  (actrl:Rule:scopeId)
           Overrides:actrl:ARule:scopeId
           The scope identifier. Internally assigned.
Defined in: actrl:ARule
actrl:Action
          scalar:Bitmask32
action  (actrl:ARule:action)
           The action required when the condition is met.
actrl:Direction
          scalar:Enum8
direction  (actrl:ARule:direction)
           Specifies the connector direction.
actrl:RuleId
          scalar:Uint32
id  (actrl:ARule:id)
           An identifier .
qosp:Dscp
          scalar:UByte
markDscp  (actrl:ARule:markDscp)
          
actrl:OperSt
          scalar:Enum8
operSt  (actrl:ARule:operSt)
           The runtime state of the object or policy.
actrl:OperStQual
          scalar:Bitmask8
operStQual  (actrl:ARule:operStQual)
           The chassis operational status qualifier.
actrl:RulePrio
          scalar:UByte
prio  (actrl:ARule:prio)
           The QoS priority class ID.
qos:Prio
          scalar:Enum8
qosGrp  (actrl:ARule:qosGrp)
          
actrl:RuleT
          scalar:Enum8
type  (actrl:ARule:type)
           The specific type of the object or component.
Defined in: nw:FltRule
naming:Name
          string:Basic
name  (nw:FltRule:name)
           Overrides:pol:Obj:name | naming:NamedObject:name
           The name of the object.
Defined in: pol:Instr
naming:Descr
          string:Basic
descr  (pol:Instr:descr)
           Specifies a control instrumentation description.
Defined in: naming:NamedObject
naming:NameAlias
          string:Basic
nameAlias  (naming:NamedObject:nameAlias)
           NO COMMENTS
Defined in: mo:TopProps
mo:ModificationChildAction
          scalar:Bitmask32
childAction  (mo:TopProps:childAction)
           Delete or ignore. For internal use only.
reference:BinRef dn  (mo:TopProps:dn)
           A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module.
reference:BinRN rn  (mo:TopProps:rn)
           Identifies an object from its siblings within the context of its parent object. The distinguished name contains a sequence of relative names.
mo:ModificationStatus
          scalar:Bitmask32
status  (mo:TopProps:status)
           The upgrade status. This property is for internal use only.
Defined in: mo:Resolvable
mo:Owner
          scalar:Enum8
lcOwn  (mo:Resolvable:lcOwn)
           A value that indicates how this object was created. For internal use only.
Defined in: mo:Modifiable
mo:TStamp
          scalar:Date
modTs  (mo:Modifiable:modTs)
           The time when this object was last modified.
Properties Detail

action

Type: actrl:Action
Primitive Type: scalar:Bitmask32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
The action required when the condition is met.
Constants
deny 16u Deny deny
count 1u count count
log 2u log log
copy 32u copy NO COMMENTS
permit 4u permit NO COMMENTS
threshold_redir 64u redirect with threshold NO COMMENTS
redir 8u redirect NO COMMENTS
DEFAULT permit(4u) permit NO COMMENTS





actrlCfgFailedBmp

Type: scalar:Bitmask64

Units: null
Encrypted: false
Access: oper
Category: TopLevelRegular
    Comments:
The rule failed configuration information.
Constants
actrl:RulelcOwn_failed_flag -9223372036854775808ull --- NO COMMENTS
actrl:Ruleid_failed_flag 128ull --- NO COMMENTS
actrl:RulescopeId_failed_flag 16384ull --- NO COMMENTS
actrl:RuledPcTag_failed_flag 16ull --- NO COMMENTS
actrl:Rulename_failed_flag 1ull --- NO COMMENTS
actrl:Ruleprio_failed_flag 2048ull --- NO COMMENTS
actrl:RulemodTs_failed_flag 2305843009213693952ull --- NO COMMENTS
actrl:RulemarkDscp_failed_flag 256ull --- NO COMMENTS
actrl:RulenameAlias_failed_flag 2ull --- NO COMMENTS
actrl:Ruletype_failed_flag 32768ull --- NO COMMENTS
actrl:Ruledirection_failed_flag 32ull --- NO COMMENTS
actrl:RuleqosGrp_failed_flag 4096ull --- NO COMMENTS
actrl:Ruledescr_failed_flag 4ull --- NO COMMENTS
actrl:RulemonPolDn_failed_flag 524288ull --- NO COMMENTS
actrl:RulefltId_failed_flag 64ull --- NO COMMENTS
actrl:RulesPcTag_failed_flag 8192ull --- NO COMMENTS
actrl:Ruleaction_failed_flag 8ull --- NO COMMENTS
DEFAULT 0 --- NO COMMENTS





actrlCfgFailedTs

Type: scalar:Time

Units: null
Encrypted: false
Access: oper
Category: TopLevelRegular
    Comments:
The day and time the configured rule failed.



actrlCfgState

Type: scalar:UByte

Units: null
Encrypted: false
Access: oper
Category: TopLevelRegular
    Comments:
The rule configuration state.



childAction

Type: mo:ModificationChildAction
Primitive Type: scalar:Bitmask32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelChildAction
    Comments:
Delete or ignore. For internal use only.
Constants
deleteAll 16384u deleteAll NO COMMENTS
ignore 4096u ignore NO COMMENTS
deleteNonPresent 8192u deleteNonPresent NO COMMENTS
DEFAULT 0 --- This type is used to





dPcTag

Type: actrl:PcTag
Primitive Type: scalar:Uint32

Overrides:actrl:ARule:dPcTag
Units: null Encrypted: false Naming Property -- [NAMING RULES] Access: naming Category: TopLevelRegular
    Comments:
Specifies the destination policy tag.
Constants
any 0u any NO COMMENTS
DEFAULT 0 --- Policy control tag





descr

Type: naming:Descr
Primitive Type: string:Basic

Like: naming:Described:descr
Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
    Comments:
Specifies a control instrumentation description.



direction

Type: actrl:Direction
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
Specifies the connector direction.
Constants
uni-dir 1 Uni-directional Unidirectional
bi-dir 2 Bi-directional Unidirectional
uni-dir-ignore 3 Uni-directional-Ignore Unidirectional-Ignore - used with the dummy Rule Mo, which accompanies the bi-dir Rule Mo
DEFAULT uni-dir(1) Uni-directional Unidirectional





dn

Type: reference:BinRef

Units: null
Encrypted: false
Access: implicit
Category: TopLevelDn
    Comments:
A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module.



fltId

Type: actrl:FltId
Primitive Type: scalar:Uint32

Overrides:actrl:ARule:fltId
Units: null Encrypted: false Naming Property -- [NAMING RULES] Access: naming Category: TopLevelRegular
    Comments:
The rule filter identifier.
Constants
implarp 0xfffdu Implicit filter id for arp NO COMMENTS
implicit 0xfffeu Implicit filter id for internal consumption NO COMMENTS
default 0xffffu Default filter id This is the default filter id, representing a wildcard
DEFAULT 0 --- Filter id





id

Type: actrl:RuleId
Primitive Type: scalar:Uint32

Units: null
Encrypted: false
Access: create
Category: TopLevelRegular
    Comments:
An identifier .



lcOwn

Type: mo:Owner
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
A value that indicates how this object was created. For internal use only.
Constants
local 0 Local NO COMMENTS
policy 1 Policy NO COMMENTS
replica 2 Replica NO COMMENTS
resolveOnBehalf 3 ResolvedOnBehalf NO COMMENTS
implicit 4 Implicit NO COMMENTS
DEFAULT local(0) Local NO COMMENTS





markDscp

Type: qosp:Dscp
Primitive Type: scalar:UByte

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
    Comments:
Constants
CS0 0 CS0 CS0
CS1 8 CS1 CS1
AF11 10 AF11 low drop AF11 low drop
AF12 12 AF12 medium drop AF12 medium drop
AF13 14 AF13 high drop AF13 high drop
CS2 16 CS2 CS2
AF21 18 AF21 low drop AF21 low drop
AF22 20 AF22 medium drop AF22 medium drop
AF23 22 AF23 high drop AF22 high drop
CS3 24 CS3 CS3
AF31 26 AF31 low drop AF31 low drop
AF32 28 AF32 medium drop AF32 medium drop
AF33 30 AF33 high drop AF33 high drop
CS4 32 CS4 CS4
AF41 34 AF41 low drop AF41 low drop
AF42 36 AF42 medium drop AF42 medium drop
AF43 38 AF43 high drop AF42 high drop
CS5 40 CS5 CS5
VA 44 Voice Admit VA
EF 46 Expedited Forwarding EF
CS6 48 CS6 CS6
CS7 56 CS7 CS7
unspecified 64 Unspecified Unspecified
DEFAULT unspecified(64) Unspecified Unspecified





modTs

Type: mo:TStamp
Primitive Type: scalar:Date

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
The time when this object was last modified.
Constants
never 0ull never NO COMMENTS
DEFAULT never(0ull) never NO COMMENTS





monPolDn

Type: reference:BinRef

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:



name

Type: naming:Name
Primitive Type: string:Basic

Overrides:pol:Obj:name  |  naming:NamedObject:name
Units: null Encrypted: false Access: admin Category: TopLevelRegular
    Comments:
The name of the object.



nameAlias

Type: naming:NameAlias
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
    Comments:
NO COMMENTS



operSt

Type: actrl:OperSt
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: oper
Category: TopLevelRegular
    Comments:
The runtime state of the object or policy.
Constants
enabled 1 enabled Operational state is Enabled
disabled 2 disabled Operational state is Disabled
DEFAULT disabled(2) disabled Operational state is Disabled





operStQual

Type: actrl:OperStQual
Primitive Type: scalar:Bitmask8

Units: null
Encrypted: false
Access: oper
Category: TopLevelRegular
    Comments:
The chassis operational status qualifier.
Constants
hwprog-fail 1 Hardware Programming Failed Hardware programming failed
swprog-fail 2 Software programming failed Software programming failed
hwprog-fail-tcam-full 4 Hardware programming failed as TCAM was full Hardware programming failed tcam full
DEFAULT 0 --- Reasons for rule being disabled.





prio

Type: actrl:RulePrio
Primitive Type: scalar:UByte

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
The QoS priority class ID.
Constants
class-eq-filter 1 class-eq-filter NO COMMENTS
class-eq-deny 2 class-eq-deny NO COMMENTS
class-eq-allow 3 class-eq-allow NO COMMENTS
prov-nonshared-to-cons 4 prov-nonshared-to-cons NO COMMENTS
black_list 5 black_list NO COMMENTS
fabric_infra 6 fabric_infra NO COMMENTS
fully_qual 7 fully_qual NO COMMENTS
system_incomplete 8 system_incomplete NO COMMENTS
src_dst_any 9 src_dst_any NO COMMENTS
shsrc_any_filt_perm 10 shsrc_any_filt_perm NO COMMENTS
shsrc_any_any_perm 11 shsrc_any_any_perm NO COMMENTS
shsrc_any_any_deny 12 shsrc_any_any_deny NO COMMENTS
src_any_filter 13 src_any_filter NO COMMENTS
any_dest_filter 14 any_dest_filter NO COMMENTS
src_any_any 15 src_any_any NO COMMENTS
any_dest_any 16 any_dest_any NO COMMENTS
any_any_filter 17 any_any_filter NO COMMENTS
grp_src_any_any_deny 18 grp_src_any_any_deny NO COMMENTS
grp_any_dest_any_deny 19 grp_any_dest_any_deny NO COMMENTS
grp_any_any_any_permit 20 grp_any_any_any_permit NO COMMENTS
any_any_any 21 any_any_any NO COMMENTS
any_vrf_any_deny 22 any_vrf_any_deny NO COMMENTS
default_action 23 default_action NO COMMENTS
DEFAULT 0 --- Rule priority, this is the priority for a set of rules





qosGrp

Type: qos:Prio
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
Constants
unspecified 0 Unspecified NO COMMENTS
level3 1 Level3 User configurable classes
level2 2 Level2 NO COMMENTS
level1 3 Level1 NO COMMENTS
policy-plane 4 policy-plane System Classes. Not user configurable
control-plane 5 control-plane NO COMMENTS
span 6 span NO COMMENTS
DEFAULT unspecified(0) Unspecified NO COMMENTS





rn

Type: reference:BinRN

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRn
    Comments:
Identifies an object from its siblings within the context of its parent object. The distinguished name contains a sequence of relative names.



sPcTag

Type: actrl:PcTag
Primitive Type: scalar:Uint32

Overrides:actrl:ARule:sPcTag
Units: null Encrypted: false Naming Property -- [NAMING RULES] Access: naming Category: TopLevelRegular
    Comments:
Specifies the source policy tag.
Constants
any 0u any NO COMMENTS
DEFAULT 0 --- Policy control tag





scopeId

Type: actrl:ScopeId
Primitive Type: scalar:Uint32

Overrides:actrl:ARule:scopeId
Units: null Encrypted: false Naming Property -- [NAMING RULES] Access: naming Category: TopLevelRegular
    Comments:
The scope identifier. Internally assigned.
Constants
defaultValue 1u --- NO COMMENTS





status

Type: mo:ModificationStatus
Primitive Type: scalar:Bitmask32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelStatus
    Comments:
The upgrade status. This property is for internal use only.
Constants
created 2u created In a setter method: specifies that an object should be created. An error is returned if the object already exists.
In the return value of a setter method: indicates that an object has been created.
modified 4u modified In a setter method: specifies that an object should be modified
In the return value of a setter method: indicates that an object has been modified.
deleted 8u deleted In a setter method: specifies that an object should be deleted.
In the return value of a setter method: indicates that an object has been deleted.
DEFAULT 0 --- This type controls the life cycle of objects passed in the XML API.

When used in a setter method (such as configConfMo), the ModificationStatus specifies whether an object should be created, modified, deleted or removed.
In the return value of a setter method, the ModificationStatus indicates the actual operation that was performed. For example, the ModificationStatus is set to "created" if the object was created. The ModificationStatus is not set if the object was neither created, modified, deleted or removed.

When invoking a setter method, the ModificationStatus is optional:
If a setter method such as configConfMo is invoked and the ModificationStatus is not set, the system automatically determines if the object should be created or modified.






type

Type: actrl:RuleT
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
The specific type of the object or component.
Constants
tenant 1 Tenant tenant
mgmt 2 Management management
snmp 3 SNMP snmp
bd_flood 4 Flood BD flood rule
vrf_default 5 Vrf Vrf default rule
infra 6 Infra Infra rule
DEFAULT tenant(1) Tenant tenant