This module contains a collection of YANG definitions for AAA operational data. Copyright (c) 2017-2019, 2021 by Cisco Systems, ...
Version: 2021-07-01
module Cisco-IOS-XE-aaa-oper { yang-version 1; namespace "http://cisco.com/ns/yang/Cisco-IOS-XE-aaa-oper"; prefix aaa-ios-xe-oper; import ietf-inet-types { prefix inet; } import ietf-yang-types { prefix yang; } import cisco-semver { prefix cisco-semver; } organization "Cisco Systems, Inc."; contact "Cisco Systems, Inc. Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 Tel: +1 1800 553-NETS E-mail: cs-yang@cisco.com"; description "This module contains a collection of YANG definitions for AAA operational data. Copyright (c) 2017-2019, 2021 by Cisco Systems, Inc. All rights reserved."; revision "2021-07-01" { description "- Added additional counters for RADIUS server for MAB and Dot1x transactions."; reference "1.4.0"; } revision "2019-05-01" { description "- Added support for AAA FQDN and AAA users info. - Added semantic version"; reference "1.3.0"; } revision "2018-10-29" { description "Cleaned up spelling errors in descriptions."; reference "1.2.0"; } revision "2018-04-16" { description "Added support for AAA RADIUS and TACACS statistics native model. Added support for AAA LDAP counters native model. Introduced additional counters for RADIUS server. The additional counters are Messages-sent, Messages-received and Errors-received. Introduced group name as one of the server key information for both RADIUS and TACACS. For TACACS added port information also as one of the server key info."; reference "1.1.0"; } revision "2017-11-01" { description "Initial revision"; reference "1.0.0"; } cisco-semver:module-version "1.4.0"; cisco-semver:module-version "1.3.0"; cisco-semver:module-version "1.2.0"; cisco-semver:module-version "1.1.0"; cisco-semver:module-version "1.0.0"; typedef aaa-sess-prot-type { type enumeration { enum "aaa-sess-proto-type-none" { value 0; description "No Protocol type"; } enum "aaa-sess-proto-type-invalid" { value 1; description "Invalid Protocol type "; } enum "aaa-sess-proto-type-lcp" { value 2; description "LCP Protocol type "; } enum "aaa-sess-proto-type-ip" { value 3; description "IP Protocol type "; } enum "aaa-sess-proto-type-ipsec" { value 4; description "IPSEC Protocol type "; } enum "aaa-sess-proto-type-ipx" { value 5; description "IPX Protocol type "; } enum "aaa-sess-proto-type-atalk" { value 6; description "ATALK Protocol type "; } enum "aaa-sess-proto-type-xremote" { value 7; description "XREMOTE Protocol type "; } enum "aaa-sess-proto-type-tn3270" { value 8; description "TN3270 Protocol type "; } enum "aaa-sess-proto-type-telnet" { value 9; description "TELNET Protocol type "; } enum "aaa-sess-proto-type-tcp-clear" { value 10; description "TCP_CLEAR Protocol type "; } enum "aaa-sess-proto-type-rlogin" { value 11; description "RLOGIN Protocol type "; } enum "aaa-sess-proto-type-lat" { value 12; description "LAT Protocol type "; } enum "aaa-sess-proto-type-pad" { value 13; description "PAD Protocol type "; } enum "aaa-sess-proto-type-osicp" { value 14; description "OSICP Protocol type "; } enum "aaa-sess-proto-type-tagcp" { value 15; description "TAGCP Protocol type "; } enum "aaa-sess-proto-type-bacp" { value 16; description "BACP Protocol type "; } enum "aaa-sess-proto-type-decnet" { value 17; description "DECNET Protocol type "; } enum "aaa-sess-proto-type-ccp" { value 18; description "CCP Protocol type "; } enum "aaa-sess-proto-type-cdp" { value 19; description "CDP Protocol type "; } enum "aaa-sess-proto-type-bridging" { value 20; description "BRIDGING Protocol type "; } enum "aaa-sess-proto-type-nbf" { value 21; description "NBF Protocol type "; } enum "aaa-sess-proto-type-bap" { value 22; description "BAP Protocol type "; } enum "aaa-sess-proto-type-multilink" { value 23; description "MULTILINK Protocol type "; } enum "aaa-sess-proto-type-h323" { value 24; description "H323 Protocol type "; } enum "aaa-sess-proto-type-unknown" { value 25; description "UNKNOWN Protocol type "; } enum "aaa-sess-proto-type-call-accept" { value 26; description "CALL ACCEPT Protocol type "; } enum "aaa-sess-proto-type-vpdn-session" { value 27; description "VPDN SESSION Protocol type "; } enum "aaa-sess-proto-type-rm-call-status" { value 28; description "RM CALL STATUS Protocol type "; } enum "aaa-sess-proto-type-rm-nas-status" { value 29; description "RM NAS STATUS Protocol type "; } enum "aaa-sess-proto-type-dial-in" { value 30; description "DIAL IN Protocol type "; } enum "aaa-sess-proto-type-dial-out" { value 31; description "DIAL OUT Protocol type "; } enum "aaa-sess-proto-type-ss7" { value 32; description "SS7 Protocol type "; } enum "aaa-sess-proto-type-rms-stop" { value 33; description "RMS STOP Protocol type "; } enum "aaa-sess-proto-type-rms-start" { value 34; description "RMS START Protocol type "; } enum "aaa-sess-proto-type-vpdn" { value 35; description "VPDN Protocol type "; } enum "aaa-sess-proto-type-sss" { value 36; description "SSS Protocol type "; } enum "aaa-sess-proto-type-subscriber" { value 37; description "SUBSCRIBER Protocol type "; } enum "aaa-sess-proto-type-atm" { value 38; description "ATM Protocol type "; } enum "aaa-sess-proto-type-ssh" { value 39; description "SSH Protocol type "; } enum "aaa-sess-proto-type-ipv6" { value 40; description "IPV6 Protocol type "; } enum "aaa-sess-proto-type-aironet" { value 41; description "AIRONET Protocol type "; } enum "aaa-sess-proto-type-pppoe" { value 42; description "PPOE Protocol type "; } enum "aaa-sess-proto-type-entity" { value 43; description "ENTITY Protocol type "; } enum "aaa-sess-proto-type-cdma" { value 44; description "CDMA Protocol type "; } enum "aaa-sess-proto-type-crb" { value 45; description "CRB Protocol type "; } enum "aaa-sess-proto-type-template" { value 46; description "TEMPLATE Protocol type "; } enum "aaa-sess-proto-type-aaa" { value 47; description "AAA Protocol type "; } enum "aaa-sess-proto-type-epd" { value 48; description "EPD Protocol type "; } enum "aaa-sess-proto-type-mac" { value 49; description "MAC Protocol type "; } enum "aaa-sess-proto-type-leap" { value 50; description "LEAP Protocol type "; } enum "aaa-sess-proto-type-igmp" { value 51; description "IGMP Protocol type "; } enum "aaa-sess-proto-type-webvpn" { value 52; description "WEBVPN Protocol type "; } enum "aaa-sess-proto-type-cts" { value 53; description "CTS Protocol type "; } enum "aaa-sess-proto-type-radius" { value 54; description "RADIUS Protocol type "; } enum "aaa-sess-proto-type-evc" { value 55; description "EVC Protocol type "; } enum "aaa-sess-proto-type-elmi" { value 56; description "ELMI Protocol type "; } enum "aaa-sess-proto-type-dot1x" { value 57; description "DOT1X Protocol type "; } enum "aaa-sess-proto-type-dtp" { value 58; description "DTP Protocol type "; } enum "aaa-sess-proto-type-lacp" { value 59; description "LACP Protocol type "; } enum "aaa-sess-proto-type-pagp" { value 60; description "PAGP Protocol type "; } enum "aaa-sess-proto-type-stp" { value 61; description "STP Protocol type "; } enum "aaa-sess-proto-type-vtp" { value 62; description "VTP Protocol type "; } enum "aaa-sess-proto-type-ethernet-mac-tunnel" { value 63; description "ETHERNET MAC TUNNEL Protocol type "; } enum "aaa-sess-proto-type-bridge-domain" { value 64; description "BRIDGE DOMAIN Protocol type "; } enum "aaa-sess-proto-type-ethernet-cfm" { value 65; description "ETHERNET CFM Protocol type "; } enum "aaa-sess-proto-type-ethernet-service-instance" { value 66; description "ETHERNET SERVICE INSTANCE Protocol type "; } enum "aaa-sess-proto-type-service-group" { value 67; description "SERVICE GROUP Protocol type "; } enum "aaa-sess-proto-type-ip-dhcp-snooping" { value 68; description "IP DHCP SNOOPING Protocol type "; } enum "aaa-sess-proto-type-ip-source-guard" { value 69; description "IP SOURCE GUARD Protocol type "; } enum "aaa-sess-proto-type-error-disable" { value 70; description "ERROR DISABLE Protocol type "; } enum "aaa-sess-proto-type-cmac-bridge-domain" { value 71; description "CMAC BRIDGE DOMAIN Protocol type "; } enum "aaa-sess-proto-type-mac-in-mac-tunnel" { value 72; description "MAC IN MAC TUNNEL Protocol type "; } enum "aaa-sess-proto-type-l2vpn" { value 73; description "L2VPN Protocol type "; } enum "aaa-sess-proto-type-snmp" { value 74; description "SNMP Protocol type "; } } description "AAA protocol type is used by clients to indicate how the session is established."; } typedef aaa-user-role { type enumeration { enum "aaa-user-role-invalid" { value 0; description "invalid user role"; } enum "aaa-user-role-default" { value 1; description "Default Admin User"; } enum "aaa-user-role-lobby" { value 2; description "Lobby Admin User"; } enum "aaa-user-role-mgmt" { value 3; description "Management User"; } enum "aaa-user-role-network" { value 4; description "Network User"; } enum "aaa-user-role-guest" { value 5; description "Guest user"; } enum "aaa-user-role-remote" { value 6; description "Remote Admin User"; } enum "aaa-user-role-remote-lobby" { value 7; description "Remote Lobby user"; } } description "User access role"; } typedef aaa-fqdn-prot-type { type enumeration { enum "aaa-fqdn-prot-type-invalid" { value 0; description "Invalid protocol"; } enum "aaa-fqdn-prot-type-radius" { value 1; description "Radius Protocol"; } enum "aaa-fqdn-prot-type-tacacs" { value 2; description "TACACS Protocol"; } enum "aaa-fqdn-prot-type-ldap" { value 3; description "LDAP protocol"; } enum "aaa-fqdn-prot-type-diameter" { value 4; description "Diameter Protocol"; } } description "AAA Protocol Type"; } container aaa-data { config false; description "Operational state of AAA"; list aaa-radius-stats { key "group-name radius-server-ip auth-port acct-port"; description "Radius server statistics"; leaf group-name { type string; description "AAA group name in which the server is defined. For public servers the group name is "PUBLIC GROUP" by default."; } leaf radius-server-ip { type inet:ip-address; description "Radius server IP address"; } leaf auth-port { type uint16; description "Radius server auth-port"; } leaf acct-port { type uint16; description "Radius server accounting port"; } leaf authen-retried-access-requests { type uint32; description "Authentication retried access requests"; } leaf authen-access-accepts { type uint32; description "Authentication access accepts"; } leaf authen-access-rejects { type uint32; description "Authentication access rejects"; } leaf authen-timeout-access-requests { type uint32; description "Authentication Timeout access requests"; } leaf author-retried-access-requests { type uint32; description "Authorization retried access requests"; } leaf author-access-accepts { type uint32; description "Authorization access accepts"; } leaf author-access-rejects { type uint32; description "Authorization access rejects"; } leaf author-timeout-access-requests { type uint32; description "Authorization Timeout access requests"; } leaf connection-opens { type uint32; description "Number of new connection requests sent to the RADIUS server."; } leaf connection-closes { type uint32; description "Number of connection close requests sent to the server."; } leaf connection-aborts { type uint32; description "Number of connections aborted. These do not include connections that are closed gracefully."; } leaf connection-failures { type uint32; description "Number of connection failures to the RADIUS server."; } leaf connection-timeouts { type uint32; description "Number of connection timeouts to the RADIUS server."; } leaf authen-messages-sent { type uint32; description "Number of authentication messages sent to the RADIUS server."; } leaf author-messages-sent { type uint32; description "Number of authorization messages sent to the RADIUS server."; } leaf acct-messages-sent { type uint32; description "Number of accounting messages sent to the RADIUS server."; } leaf authen-messages-received { type uint32; description "Number of authentication messages received by the RADIUS server."; } leaf author-messages-received { type uint32; description "Number of authorization messages received by the RADIUS server."; } leaf authen-errors-received { type uint32; description "Number of authentication error messages received from the RADIUS server."; } leaf author-errors-received { type uint32; description "Number of authorization error messages received from the RADIUS server."; } leaf acct-errors-received { type uint32; description "Number of accounting error messages received from the RADIUS server."; } leaf stats-time { type yang:date-and-time; description "Time from which the statistics are valid. This field will be updated when a RADIUS server is configured and also when the RADIUS server statistics are cleared."; } leaf eap-authen-avg-resp-time { type uint32; units "milliseconds"; description "Dot1x authentication average response time in milliseconds."; } leaf eap-authen-total-response { type uint32; description "Number of valid Dot1x authentication responses."; } leaf eap-authen-total-txns { type uint32; description "Number of Dot1x session transactions."; } leaf eap-authen-success-txns { type uint32; description "Number of Success Dot1x session transactions."; } leaf eap-authen-failed-txns { type uint32; description "Number of Failed Dot1x session transactions."; } leaf eap-authen-total-timeouts { type uint32; description "Number of Dot1x session timeouts."; } leaf eap-authen-total-failover { type uint32; description "Number of Dot1x session failover requests"; } leaf mac-authen-avg-resp-time { type uint32; units "milliseconds"; description "MAB authentication average response time in milliseconds."; } leaf mac-authen-total-response { type uint32; description "Number of valid MAB authentication responses."; } leaf mac-authen-total-txns { type uint32; description "Number of MAB session transactions."; } leaf mac-authen-success-txns { type uint32; description "Number of Success MAB session transactions."; } leaf mac-authen-failed-txns { type uint32; description "Number of Failed MAB session transactions."; } leaf mac-authen-total-timeouts { type uint32; description "Number of MAB session timeouts."; } leaf mac-authen-total-failover { type uint32; description "Number of MAB session failover requests"; } leaf mac-author-avg-resp-time { type uint32; units "milliseconds"; description "MAB authorization average response time in milliseconds."; } leaf mac-author-total-response { type uint32; description "Number of valid MAB authorization responses."; } leaf mac-author-total-txns { type uint32; description "Number of MAB authorization session transactions."; } leaf mac-author-success-txns { type uint32; description "Number of Success MAB authorization session transactions."; } leaf mac-author-failed-txns { type uint32; description "Number of Failed MAB authorization session transactions."; } leaf mac-author-total-timeouts { type uint32; description "Number of MAB authorization session timeouts."; } leaf mac-author-total-failover { type uint32; description "Number of MAB authorization session failover requests"; } } // list aaa-radius-stats list aaa-tacacs-stats { key "group-name tacacs-server-address port"; description "AAA TACACS server statistics"; leaf group-name { type string; description "AAA group name in which the server is defined. For public servers the group name is "PUBLIC GROUP" by default."; } leaf tacacs-server-address { type inet:ip-address; description "TACACS server IP address"; } leaf port { type uint16; description "TACACS server port"; } leaf connection-opens { type uint32; description "Number of new connection requests sent to the server"; } leaf connection-closes { type uint32; description "Number of connection close requests sent to the server"; } leaf connection-aborts { type uint32; description "Number of aborted connections to the server. These do not include connections that are close gracefully"; } leaf connection-failures { type uint32; description "Number of connection failures to the server"; } leaf connection-timeouts { type uint32; description "Number of connection timeouts to the server"; } leaf messages-sent { type uint32; description "Number of messages sent to the server"; } leaf messages-received { type uint32; description "Number of messages received by the server"; } leaf errors-received { type uint32; description "Number of error messages received from the server"; } leaf stats-start-time { type yang:date-and-time; description "This attribute contains stats collection start time. Stats collection starts when the TACACS server is configured"; } } // list aaa-tacacs-stats list aaa-ldap-counters { key "ldap-server-address ldap-server-port"; description "LDAP server counters"; leaf ldap-server-address { type inet:ip-address; description "LDAP server IP address"; } leaf ldap-server-port { type uint16; description "LDAP server listening port - TCP"; } leaf connection-opens { type uint32; description "Number of new connection requests sent to the LDAP server."; } leaf messages-sent { type uint32; description "Number of messages sent to the LDAP server."; } leaf messages-received { type uint32; description "Number of messages received by the LDAP server."; } leaf errors-received { type uint32; description "Number of error messages received from the LDAP server."; } leaf connection-closes { type uint32; description "Number of connection close requests sent to the server."; } leaf connection-aborts { type uint32; description "Number of connections aborted. These do not include connections that are close gracefully."; } leaf connection-failures { type uint32; description "Number of connection failures to the LDAP server."; } leaf connection-timeouts { type uint32; description "Number of connection timeouts to the LDAP server."; } leaf counters-start-time { type yang:date-and-time; description "This attribute contains LDAP counters collection start time. Counters collection starts when a LDAP server is configured. Counters collection will be reset when the LDAP server counters are cleared."; } } // list aaa-ldap-counters list aaa-users { key "username"; description "List of current users"; leaf username { type string; description "The username used to logged into the device"; } list aaa-sessions { key "aaa-uid"; description "Sessions associated with the users"; leaf aaa-uid { type uint32; description "AAA Unique ID"; } leaf session-id { type uint32; description "AAA Session ID"; } leaf ip-addr { type inet:ip-address; description "Source IP address that initiated the session"; } leaf protocol { type aaa-sess-prot-type; description "AAA protocol type Protocol used in this session."; } leaf login-time { type yang:date-and-time; description "Login-time for this session present in aaa code."; } } // list aaa-sessions } // list aaa-users list aaa-username-type { key "user-type"; description "AAA user role type"; leaf user-type { type aaa-user-role; description "The role type of the user"; } list aaa-user-info { key "username"; description "info associated with the user"; leaf username { type string; description "AAA username"; } leaf creator { type string; description "Name of the administrator who created the user"; } leaf description { type string; description "Description of the user"; } leaf view-name { type string; description "Parser View attached to the user"; } leaf start-time { type yang:date-and-time; description "Creation time of the user"; } leaf expiry-time { type yang:date-and-time; description "Expiry time of the user"; } leaf max-login-limit { type uint32; description "Maximum login limit for the user"; } } // list aaa-user-info } // list aaa-username-type list aaa-fqdn-info { key "fqdn-name"; description "AAA FQDN Information"; leaf fqdn-name { type string; description "AAA FQDN Name."; } leaf protocol { type aaa-fqdn-prot-type; description "AAA Protocol in use."; } leaf-list active-ipv4 { type string; ordered-by user; description "FQDN active IPv4 data."; } leaf-list active-ipv6 { type string; ordered-by user; description "FQDN active IPv6 data."; } leaf-list member-of-group { type string; ordered-by user; description "Names of the groups that the FQDN belongs to."; } } // list aaa-fqdn-info } // container aaa-data } // module Cisco-IOS-XE-aaa-oper
© 2023 YumaWorks, Inc. All rights reserved.