| submodule ietf-snmp-usm { |
| |
| belongs-to ietf-snmp { |
| prefix snmp; |
| } |
| |
| import ietf-yang-types { |
| prefix yang; |
| } |
| import ietf-netconf-acm { |
| prefix nacm; |
| } |
| |
| include ietf-snmp-common; |
| include ietf-snmp-target; |
| include ietf-snmp-proxy; |
| |
| organization |
| "IETF NETMOD (NETCONF Data Modeling Language) Working Group"; |
| |
| contact |
| "WG Web: <http://tools.ietf.org/wg/netmod/> |
| WG List: <mailto:netmod@ietf.org> |
| |
| WG Chair: Thomas Nadeau |
| <mailto:tnadeau@lucidvision.com> |
| |
| WG Chair: Juergen Schoenwaelder |
| <mailto:j.schoenwaelder@jacobs-university.de> |
| |
| Editor: Martin Bjorklund |
| <mailto:mbj@tail-f.com> |
| |
| Editor: Juergen Schoenwaelder |
| <mailto:j.schoenwaelder@jacobs-university.de>"; |
| |
| description |
| "This submodule contains a collection of YANG definitions for |
| configuring the User-based Security Model (USM) of SNMP. |
| |
| Copyright (c) 2014 IETF Trust and the persons identified as |
| authors of the code. All rights reserved. |
| |
| Redistribution and use in source and binary forms, with or |
| without modification, is permitted pursuant to, and subject |
| to the license terms contained in, the Simplified BSD License |
| set forth in Section 4.c of the IETF Trust's Legal Provisions |
| Relating to IETF Documents |
| (http://trustee.ietf.org/license-info). |
| |
| This version of this YANG module is part of RFC 7407; see |
| the RFC itself for full legal notices."; |
| |
| reference |
| "RFC 3414: User-based Security Model (USM) for version 3 of the |
| Simple Network Management Protocol (SNMPv3)"; |
| |
| revision 2014-12-10 { |
| description |
| "Initial revision."; |
| reference |
| "RFC 7407: A YANG Data Model for SNMP Configuration"; |
| } |
| |
| grouping key { |
| leaf key { |
| type yang:hex-string; |
| mandatory true; |
| nacm:default-deny-all; |
| description |
| "Localized key specified as a list of colon-specified |
| hexadecimal octets."; |
| } |
| } |
| |
| grouping user-list { |
| list user { |
| key "name"; |
| |
| reference |
| "RFC 3414: User-based Security Model (USM) for version 3 |
| of the Simple Network Management Protocol (SNMPv3). |
| SNMP-USER-BASED-SM-MIB.usmUserTable"; |
| |
| leaf name { |
| type snmp:identifier; |
| reference |
| "RFC 3414: User-based Security Model (USM) for version 3 |
| of the Simple Network Management Protocol (SNMPv3). |
| SNMP-USER-BASED-SM-MIB.usmUserName"; |
| } |
| container auth { |
| presence "enables authentication"; |
| description |
| "Enables authentication of the user."; |
| choice protocol { |
| mandatory true; |
| reference |
| "RFC 3414: User-based Security Model (USM) for version 3 |
| of the Simple Network Management Protocol (SNMPv3). |
| SNMP-USER-BASED-SM-MIB.usmUserAuthProtocol"; |
| container md5 { |
| uses key; |
| reference |
| "RFC 3414: User-based Security Model (USM) for |
| version 3 of the Simple Network Management Protocol |
| (SNMPv3). |
| SNMP-USER-BASED-SM-MIB.usmHMACMD5AuthProtocol"; |
| } |
| container sha { |
| uses key; |
| reference |
| "RFC 3414: User-based Security Model (USM) for |
| version 3 of the Simple Network Management Protocol |
| (SNMPv3). |
| SNMP-USER-BASED-SM-MIB.usmHMACSHAAuthProtocol"; |
| } |
| } |
| } |
| container priv { |
| must "../auth" { |
| error-message |
| "when privacy (confidentiality) is used, " |
| + "authentication must also be used"; |
| } |
| presence "enables encryption"; |
| description |
| "Enables encryption of SNMP messages."; |
| |
| choice protocol { |
| mandatory true; |
| reference |
| "RFC 3414: User-based Security Model (USM) for version 3 |
| of the Simple Network Management Protocol (SNMPv3). |
| SNMP-USER-BASED-SM-MIB.usmUserPrivProtocol"; |
| container des { |
| uses key; |
| reference |
| "RFC 3414: User-based Security Model (USM) for |
| version 3 of the Simple Network Management Protocol |
| (SNMPv3). |
| SNMP-USER-BASED-SM-MIB.usmDESPrivProtocol"; |
| } |
| container aes { |
| uses key; |
| |
| reference |
| "RFC 3826: The Advanced Encryption Standard (AES) |
| Cipher Algorithm in the SNMP User-based Security |
| Model. |
| SNMP-USM-AES-MIB.usmAesCfb128Protocol"; |
| } |
| } |
| } |
| } |
| } |
| |
| augment /snmp:snmp { |
| |
| container usm { |
| description |
| "Configuration of the User-based Security Model."; |
| container local { |
| uses user-list; |
| } |
| |
| list remote { |
| key "engine-id"; |
| |
| leaf engine-id { |
| type snmp:engine-id; |
| reference |
| "RFC 3414: User-based Security Model (USM) for version 3 |
| of the Simple Network Management Protocol (SNMPv3). |
| SNMP-USER-BASED-SM-MIB.usmUserEngineID"; |
| } |
| |
| uses user-list; |
| } |
| } |
| } |
| |
| grouping usm-target-params { |
| container usm { |
| description |
| "User-based SNMPv3 parameters type. |
| |
| Represents snmpTargetParamsMPModel '3' and |
| snmpTargetParamsSecurityModel '3'."; |
| leaf user-name { |
| type snmp:security-name; |
| mandatory true; |
| |
| reference |
| "RFC 3413: Simple Network Management Protocol (SNMP). |
| Applications. |
| SNMP-TARGET-MIB.snmpTargetParamsSecurityName"; |
| } |
| leaf security-level { |
| type snmp:security-level; |
| mandatory true; |
| reference |
| "RFC 3413: Simple Network Management Protocol (SNMP). |
| Applications. |
| SNMP-TARGET-MIB.snmpTargetParamsSecurityLevel"; |
| } |
| } |
| } |
| |
| augment /snmp:snmp/snmp:target-params/snmp:params { |
| case usm { |
| uses usm-target-params; |
| } |
| } |
| |
| } |