Class actrl:ARule (ABSTRACT)

Class ID:2474
Class Label: Rule
Encrypted: false - Exportable: false - Persistent: true - Configurable: false - Subject to Quota: Disabled - Abstraction Layer: Concrete Model - APIC NX Processing: Disabled
Write Access: [NON CONFIGURABLE]
Read Access: [admin, tenant-security]
Creatable/Deletable: derived (see Container Mos for details)
Semantic Scope: EPG
Semantic Scope Evaluation Rule: Explicit
Monitoring Policy Source: Explicit
Monitoring Flags : [ IsObservable: false, HasStats: false, HasFaults: false, HasHealth: false, HasEventRules: false ]

An ordered set of rules specifying access control policies based on src/dst policy tag and filter ID.

Naming Rules


DN FORMAT: 

                


Diagram

Super Mo: nw:FltRule,
Sub Mos: actrl:MgmtRule, actrl:Rule, actrl:SnmpRule,
Contained Mos: vz:ObservableRuleOwner, vz:RuleOwner, vz:TrCreatedBy,
Relations To: actrl:AuxRule, svccopy:DestGrp, vz:ToEPg, fv:ProtEPg, svcredir:DestGrp, sts:VNode, vlan:CktEp,
Relations: actrl:RsAuxRule, actrl:RsToCopyDestGrp, actrl:RsToEpgConn, actrl:RsToEpgProt, actrl:RsToRedirDestGrp, actrl:RsToStsVNode, actrl:RsToVlanCkt,


Inheritance
[V] naming:NamedObject An abstract base class for an object that contains a name.
 ├
[V] pol:Obj Represents a generic policy object.
 
 ├
[V] pol:Instr Represents a policy control instrumentation object.
 
 
 ├
[V] nw:FltRule A filter rule.
 
 
 
 ├
[V] actrl:ARule An ordered set of rules specifying access control policies based on src/dst policy tag and filter ID.
 
 
 
 
 ├
[V] actrl:MgmtRule The zoning rules for management endpoint groups.
 
 
 
 
 ├
[V] actrl:Rule The zoning rules for tenant endpoint groups.
 
 
 
 
 ├
[V] actrl:SnmpRule The zoning rules for SNMP endpoint groups.


Events
                


Faults
                


Fsms
                


Properties Summary
Defined in: actrl:ARule
actrl:Action
          scalar:Bitmask32
action  (actrl:ARule:action)
           The action required when the condition is met.
naming:Name
          string:Basic
ctrctName  (actrl:ARule:ctrctName)
           Contract name
actrl:PcTag
          scalar:Uint32
dPcTag  (actrl:ARule:dPcTag)
           Specifies the destination policy tag.
actrl:Direction
          scalar:Enum8
direction  (actrl:ARule:direction)
           Specifies the connector direction.
actrl:FltId
          scalar:Uint32
fltId  (actrl:ARule:fltId)
          
actrl:RuleId
          scalar:Uint32
id  (actrl:ARule:id)
           An identifier .
vz:Intent
          scalar:Enum8
intent  (actrl:ARule:intent)
           The intent of the rule: install: the rule should be install in the switch estimate: the rule is for estimate and not for programming in the switch
qosp:Dscp
          scalar:UByte
markDscp  (actrl:ARule:markDscp)
          
actrl:OperSt
          scalar:Enum8
operSt  (actrl:ARule:operSt)
           The runtime state of the object or policy.
actrl:OperStQual
          scalar:Bitmask8
operStQual  (actrl:ARule:operStQual)
           The chassis operational status qualifier.
actrl:RulePrio
          scalar:UByte
prio  (actrl:ARule:prio)
           The QoS priority class ID.
qos:Prio
          scalar:Enum8
qosGrp  (actrl:ARule:qosGrp)
          
actrl:PcTag
          scalar:Uint32
sPcTag  (actrl:ARule:sPcTag)
           Specifies the source policy tag.
actrl:ScopeId
          scalar:Uint32
scopeId  (actrl:ARule:scopeId)
           The scope identifier. Internally assigned.
actrl:RuleT
          scalar:Enum8
type  (actrl:ARule:type)
           The specific type of the object or component.
Defined in: nw:FltRule
naming:Name
          string:Basic
name  (nw:FltRule:name)
           Overrides:pol:Obj:name | naming:NamedObject:name
           The name of the object.
Defined in: pol:Instr
naming:Descr
          string:Basic
descr  (pol:Instr:descr)
           Specifies a control instrumentation description.
Defined in: naming:NamedObject
naming:NameAlias
          string:Basic
nameAlias  (naming:NamedObject:nameAlias)
           NO COMMENTS
Defined in: mo:TopProps
mo:ModificationChildAction
          scalar:Bitmask32
childAction  (mo:TopProps:childAction)
           Delete or ignore. For internal use only.
reference:BinRef dn  (mo:TopProps:dn)
           A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module.
reference:BinRN rn  (mo:TopProps:rn)
           Identifies an object from its siblings within the context of its parent object. The distinguished name contains a sequence of relative names.
mo:ModificationStatus
          scalar:Bitmask32
status  (mo:TopProps:status)
           The upgrade status. This property is for internal use only.
Properties Detail

action

Type: actrl:Action
Primitive Type: scalar:Bitmask32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
The action required when the condition is met.
Constants
permit_override 1024u permit override NO COMMENTS
redir_override 128u redir override NO COMMENTS
deny 16u Deny deny
count 1u count count
no_stats 256u no stats NO COMMENTS
log 2u log log
copy 32u copy NO COMMENTS
permit 4u permit NO COMMENTS
analytics_vld 512u enable analytics NO COMMENTS
threshold_redir 64u redirect with threshold NO COMMENTS
redir 8u redirect NO COMMENTS
DEFAULT permit(4u) permit NO COMMENTS





childAction

Type: mo:ModificationChildAction
Primitive Type: scalar:Bitmask32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelChildAction
    Comments:
Delete or ignore. For internal use only.
Constants
deleteAll 16384u deleteAll NO COMMENTS
ignore 4096u ignore NO COMMENTS
deleteNonPresent 8192u deleteNonPresent NO COMMENTS
DEFAULT 0 --- This type is used to





ctrctName

Type: naming:Name
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
Contract name



dPcTag

Type: actrl:PcTag
Primitive Type: scalar:Uint32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
Specifies the destination policy tag.
Constants
any 0u any NO COMMENTS
DEFAULT 0 --- Policy control tag





descr

Type: naming:Descr
Primitive Type: string:Basic

Like: naming:Described:descr
Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
    Comments:
Specifies a control instrumentation description.



direction

Type: actrl:Direction
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
Specifies the connector direction.
Constants
uni-dir 1 Uni-directional Unidirectional
bi-dir 2 Bi-directional Unidirectional
uni-dir-ignore 3 Uni-directional-Ignore Unidirectional-Ignore - used with the dummy Rule Mo, which accompanies the bi-dir Rule Mo
DEFAULT uni-dir(1) Uni-directional Unidirectional





dn

Type: reference:BinRef

Units: null
Encrypted: false
Access: implicit
Category: TopLevelDn
    Comments:
A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module.



fltId

Type: actrl:FltId
Primitive Type: scalar:Uint32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
Constants
implarp 0xfffdu Implicit filter id for arp NO COMMENTS
implicit 0xfffeu Implicit filter id for internal consumption NO COMMENTS
default 0xffffu Default filter id This is the default filter id, representing a wildcard
DEFAULT 0 --- Filter id





id

Type: actrl:RuleId
Primitive Type: scalar:Uint32

Units: null
Encrypted: false
Access: create
Category: TopLevelRegular
    Comments:
An identifier .



intent

Type: vz:Intent
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
The intent of the rule: install: the rule should be install in the switch estimate: the rule is for estimate and not for programming in the switch
Constants
install 0 install rules in hardware NO COMMENTS
estimate_delete 1 process configuration and estimate number of rules for deleting contract NO COMMENTS
estimate_add 2 process configuration and estimate number of rules for adding contract NO COMMENTS
DEFAULT install(0) install rules in hardware NO COMMENTS





markDscp

Type: qosp:Dscp
Primitive Type: scalar:UByte

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
    Comments:
Constants
CS0 0 CS0 CS0
CS1 8 CS1 CS1
AF11 10 AF11 low drop AF11 low drop
AF12 12 AF12 medium drop AF12 medium drop
AF13 14 AF13 high drop AF13 high drop
CS2 16 CS2 CS2
AF21 18 AF21 low drop AF21 low drop
AF22 20 AF22 medium drop AF22 medium drop
AF23 22 AF23 high drop AF22 high drop
CS3 24 CS3 CS3
AF31 26 AF31 low drop AF31 low drop
AF32 28 AF32 medium drop AF32 medium drop
AF33 30 AF33 high drop AF33 high drop
CS4 32 CS4 CS4
AF41 34 AF41 low drop AF41 low drop
AF42 36 AF42 medium drop AF42 medium drop
AF43 38 AF43 high drop AF42 high drop
CS5 40 CS5 CS5
VA 44 Voice Admit VA
EF 46 Expedited Forwarding EF
CS6 48 CS6 CS6
CS7 56 CS7 CS7
unspecified 64 Unspecified Unspecified
DEFAULT unspecified(64) Unspecified Unspecified





name

Type: naming:Name
Primitive Type: string:Basic

Overrides:pol:Obj:name  |  naming:NamedObject:name
Units: null Encrypted: false Access: admin Category: TopLevelRegular
    Comments:
The name of the object.



nameAlias

Type: naming:NameAlias
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
    Comments:
NO COMMENTS



operSt

Type: actrl:OperSt
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: oper
Category: TopLevelRegular
    Comments:
The runtime state of the object or policy.
Constants
enabled 1 enabled Operational state is Enabled
disabled 2 disabled Operational state is Disabled
DEFAULT disabled(2) disabled Operational state is Disabled





operStQual

Type: actrl:OperStQual
Primitive Type: scalar:Bitmask8

Units: null
Encrypted: false
Access: oper
Category: TopLevelRegular
    Comments:
The chassis operational status qualifier.
Constants
hwprog-fail 1 Hardware Programming Failed Hardware programming failed
swprog-fail 2 Software programming failed Software programming failed
hwprog-fail-tcam-full 4 Hardware programming failed as TCAM was full Hardware programming failed tcam full
hwprog-fail-hash-collision 8 Hardware programming failed due to hash collision Hardware programming failed hash collision
DEFAULT 0 --- Reasons for rule being disabled.





prio

Type: actrl:RulePrio
Primitive Type: scalar:UByte

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
The QoS priority class ID.
Constants
class-eq-filter 1 class-eq-filter NO COMMENTS
class-eq-deny 2 class-eq-deny NO COMMENTS
class-eq-allow 3 class-eq-allow NO COMMENTS
prov-nonshared-to-cons 4 prov-nonshared-to-cons NO COMMENTS
black_list 5 black_list NO COMMENTS
fabric_infra 6 fabric_infra NO COMMENTS
fully_qual 7 fully_qual NO COMMENTS
system_incomplete 8 system_incomplete NO COMMENTS
src_dst_any 9 src_dst_any NO COMMENTS
shsrc_any_filt_perm 10 shsrc_any_filt_perm NO COMMENTS
shsrc_any_any_perm 11 shsrc_any_any_perm NO COMMENTS
shsrc_any_any_deny 12 shsrc_any_any_deny NO COMMENTS
src_any_filter 13 src_any_filter NO COMMENTS
any_dest_filter 14 any_dest_filter NO COMMENTS
src_any_any 15 src_any_any NO COMMENTS
any_dest_any 16 any_dest_any NO COMMENTS
any_any_filter 17 any_any_filter NO COMMENTS
grp_src_any_any_deny 18 grp_src_any_any_deny NO COMMENTS
grp_any_dest_any_deny 19 grp_any_dest_any_deny NO COMMENTS
grp_any_any_any_permit 20 grp_any_any_any_permit NO COMMENTS
any_any_any 21 any_any_any NO COMMENTS
any_vrf_any_deny 22 any_vrf_any_deny NO COMMENTS
default_action 23 default_action NO COMMENTS
DEFAULT 0 --- Rule priority, this is the priority for a set of rules





qosGrp

Type: qos:Prio
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
Constants
unspecified 0 Unspecified NO COMMENTS
level3 1 Level3 (Default) User configurable classes
level2 2 Level2 NO COMMENTS
level1 3 Level1 NO COMMENTS
policy-plane 4 policy-plane System Classes. Not user configurable
control-plane 5 control-plane NO COMMENTS
span 6 span NO COMMENTS
level6 7 Level6 NO COMMENTS
level5 8 Level5 NO COMMENTS
level4 9 Level4 NO COMMENTS
DEFAULT unspecified(0) Unspecified NO COMMENTS





rn

Type: reference:BinRN

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRn
    Comments:
Identifies an object from its siblings within the context of its parent object. The distinguished name contains a sequence of relative names.



sPcTag

Type: actrl:PcTag
Primitive Type: scalar:Uint32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
Specifies the source policy tag.
Constants
any 0u any NO COMMENTS
DEFAULT 0 --- Policy control tag





scopeId

Type: actrl:ScopeId
Primitive Type: scalar:Uint32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
The scope identifier. Internally assigned.
Constants
defaultValue 1u --- NO COMMENTS





status

Type: mo:ModificationStatus
Primitive Type: scalar:Bitmask32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelStatus
    Comments:
The upgrade status. This property is for internal use only.
Constants
created 2u created In a setter method: specifies that an object should be created. An error is returned if the object already exists.
In the return value of a setter method: indicates that an object has been created.
modified 4u modified In a setter method: specifies that an object should be modified
In the return value of a setter method: indicates that an object has been modified.
deleted 8u deleted In a setter method: specifies that an object should be deleted.
In the return value of a setter method: indicates that an object has been deleted.
DEFAULT 0 --- This type controls the life cycle of objects passed in the XML API.

When used in a setter method (such as configConfMo), the ModificationStatus specifies whether an object should be created, modified, deleted or removed.
In the return value of a setter method, the ModificationStatus indicates the actual operation that was performed. For example, the ModificationStatus is set to "created" if the object was created. The ModificationStatus is not set if the object was neither created, modified, deleted or removed.

When invoking a setter method, the ModificationStatus is optional:
If a setter method such as configConfMo is invoked and the ModificationStatus is not set, the system automatically determines if the object should be created or modified.






type

Type: actrl:RuleT
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
The specific type of the object or component.
Constants
tenant 1 Tenant tenant
mgmt 2 Management management
snmp 3 SNMP snmp
bd_flood 4 Flood BD flood rule
vrf_default 5 Vrf Vrf default rule
infra 6 Infra Infra rule
DEFAULT tenant(1) Tenant tenant