This module contains a collection of YANG definitions for AAA operational data. Copyright (c) 2017-2019, 2021 by Cisco Systems, ...
Version: 2021-07-01
module Cisco-IOS-XE-aaa-oper { yang-version 1; namespace "http://cisco.com/ns/yang/Cisco-IOS-XE-aaa-oper"; prefix aaa-ios-xe-oper; import ietf-inet-types { prefix inet; } import ietf-yang-types { prefix yang; } import cisco-semver { prefix cisco-semver; } organization "Cisco Systems, Inc."; contact "Cisco Systems, Inc. Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 Tel: +1 1800 553-NETS E-mail: cs-yang@cisco.com"; description "This module contains a collection of YANG definitions for AAA operational data. Copyright (c) 2017-2019, 2021 by Cisco Systems, Inc. All rights reserved."; revision "2021-07-01" { description "- Added additional counters for RADIUS server for MAB and Dot1x transactions."; reference "1.4.0"; } revision "2019-05-01" { description "- Added support for AAA FQDN and AAA users info. - Added semantic version"; reference "1.3.0"; } revision "2018-10-29" { description "Cleaned up spelling errors in descriptions."; reference "1.2.0"; } revision "2018-04-16" { description "Added support for AAA RADIUS and TACACS statistics native model. Added support for AAA LDAP counters native model. Introduced additional counters for RADIUS server. The additional counters are Messages-sent, Messages-received and Errors-received. Introduced group name as one of the server key information for both RADIUS and TACACS. For TACACS added port information also as one of the server key info."; reference "1.1.0"; } revision "2017-11-01" { description "Initial revision"; reference "1.0.0"; } cisco-semver:module-version "1.4.0"; cisco-semver:module-version "1.3.0"; cisco-semver:module-version "1.2.0"; cisco-semver:module-version "1.1.0"; cisco-semver:module-version "1.0.0"; typedef aaa-sess-prot-type { type enumeration { enum "aaa-sess-proto-type-none" { value 0; description "No Protocol type"; } enum "aaa-sess-proto-type-invalid" { value 1; description "Invalid Protocol type "; } enum "aaa-sess-proto-type-lcp" { value 2; description "LCP Protocol type "; } enum "aaa-sess-proto-type-ip" { value 3; description "IP Protocol type "; } enum "aaa-sess-proto-type-ipsec" { value 4; description "IPSEC Protocol type "; } enum "aaa-sess-proto-type-ipx" { value 5; description "IPX Protocol type "; } enum "aaa-sess-proto-type-atalk" { value 6; description "ATALK Protocol type "; } enum "aaa-sess-proto-type-xremote" { value 7; description "XREMOTE Protocol type "; } enum "aaa-sess-proto-type-tn3270" { value 8; description "TN3270 Protocol type "; } enum "aaa-sess-proto-type-telnet" { value 9; description "TELNET Protocol type "; } enum "aaa-sess-proto-type-tcp-clear" { value 10; description "TCP_CLEAR Protocol type "; } enum "aaa-sess-proto-type-rlogin" { value 11; description "RLOGIN Protocol type "; } enum "aaa-sess-proto-type-lat" { value 12; description "LAT Protocol type "; } enum "aaa-sess-proto-type-pad" { value 13; description "PAD Protocol type "; } enum "aaa-sess-proto-type-osicp" { value 14; description "OSICP Protocol type "; } enum "aaa-sess-proto-type-tagcp" { value 15; description "TAGCP Protocol type "; } enum "aaa-sess-proto-type-bacp" { value 16; description "BACP Protocol type "; } enum "aaa-sess-proto-type-decnet" { value 17; description "DECNET Protocol type "; } enum "aaa-sess-proto-type-ccp" { value 18; description "CCP Protocol type "; } enum "aaa-sess-proto-type-cdp" { value 19; description "CDP Protocol type "; } enum "aaa-sess-proto-type-bridging" { value 20; description "BRIDGING Protocol type "; } enum "aaa-sess-proto-type-nbf" { value 21; description "NBF Protocol type "; } enum "aaa-sess-proto-type-bap" { value 22; description "BAP Protocol type "; } enum "aaa-sess-proto-type-multilink" { value 23; description "MULTILINK Protocol type "; } enum "aaa-sess-proto-type-h323" { value 24; description "H323 Protocol type "; } enum "aaa-sess-proto-type-unknown" { value 25; description "UNKNOWN Protocol type "; } enum "aaa-sess-proto-type-call-accept" { value 26; description "CALL ACCEPT Protocol type "; } enum "aaa-sess-proto-type-vpdn-session" { value 27; description "VPDN SESSION Protocol type "; } enum "aaa-sess-proto-type-rm-call-status" { value 28; description "RM CALL STATUS Protocol type "; } enum "aaa-sess-proto-type-rm-nas-status" { value 29; description "RM NAS STATUS Protocol type "; } enum "aaa-sess-proto-type-dial-in" { value 30; description "DIAL IN Protocol type "; } enum "aaa-sess-proto-type-dial-out" { value 31; description "DIAL OUT Protocol type "; } enum "aaa-sess-proto-type-ss7" { value 32; description "SS7 Protocol type "; } enum "aaa-sess-proto-type-rms-stop" { value 33; description "RMS STOP Protocol type "; } enum "aaa-sess-proto-type-rms-start" { value 34; description "RMS START Protocol type "; } enum "aaa-sess-proto-type-vpdn" { value 35; description "VPDN Protocol type "; } enum "aaa-sess-proto-type-sss" { value 36; description "SSS Protocol type "; } enum "aaa-sess-proto-type-subscriber" { value 37; description "SUBSCRIBER Protocol type "; } enum "aaa-sess-proto-type-atm" { value 38; description "ATM Protocol type "; } enum "aaa-sess-proto-type-ssh" { value 39; description "SSH Protocol type "; } enum "aaa-sess-proto-type-ipv6" { value 40; description "IPV6 Protocol type "; } enum "aaa-sess-proto-type-aironet" { value 41; description "AIRONET Protocol type "; } enum "aaa-sess-proto-type-pppoe" { value 42; description "PPOE Protocol type "; } enum "aaa-sess-proto-type-entity" { value 43; description "ENTITY Protocol type "; } enum "aaa-sess-proto-type-cdma" { value 44; description "CDMA Protocol type "; } enum "aaa-sess-proto-type-crb" { value 45; description "CRB Protocol type "; } enum "aaa-sess-proto-type-template" { value 46; description "TEMPLATE Protocol type "; } enum "aaa-sess-proto-type-aaa" { value 47; description "AAA Protocol type "; } enum "aaa-sess-proto-type-epd" { value 48; description "EPD Protocol type "; } enum "aaa-sess-proto-type-mac" { value 49; description "MAC Protocol type "; } enum "aaa-sess-proto-type-leap" { value 50; description "LEAP Protocol type "; } enum "aaa-sess-proto-type-igmp" { value 51; description "IGMP Protocol type "; } enum "aaa-sess-proto-type-webvpn" { value 52; description "WEBVPN Protocol type "; } enum "aaa-sess-proto-type-cts" { value 53; description "CTS Protocol type "; } enum "aaa-sess-proto-type-radius" { value 54; description "RADIUS Protocol type "; } enum "aaa-sess-proto-type-evc" { value 55; description "EVC Protocol type "; } enum "aaa-sess-proto-type-elmi" { value 56; description "ELMI Protocol type "; } enum "aaa-sess-proto-type-dot1x" { value 57; description "DOT1X Protocol type "; } enum "aaa-sess-proto-type-dtp" { value 58; description "DTP Protocol type "; } enum "aaa-sess-proto-type-lacp" { value 59; description "LACP Protocol type "; } enum "aaa-sess-proto-type-pagp" { value 60; description "PAGP Protocol type "; } enum "aaa-sess-proto-type-stp" { value 61; description "STP Protocol type "; } enum "aaa-sess-proto-type-vtp" { value 62; description "VTP Protocol type "; } enum "aaa-sess-proto-type-ethernet-mac-tunnel" { value 63; description "ETHERNET MAC TUNNEL Protocol type "; } enum "aaa-sess-proto-type-bridge-domain" { value 64; description "BRIDGE DOMAIN Protocol type "; } enum "aaa-sess-proto-type-ethernet-cfm" { value 65; description "ETHERNET CFM Protocol type "; } enum "aaa-sess-proto-type-ethernet-service-instance" { value 66; description "ETHERNET SERVICE INSTANCE Protocol type "; } enum "aaa-sess-proto-type-service-group" { value 67; description "SERVICE GROUP Protocol type "; } enum "aaa-sess-proto-type-ip-dhcp-snooping" { value 68; description "IP DHCP SNOOPING Protocol type "; } enum "aaa-sess-proto-type-ip-source-guard" { value 69; description "IP SOURCE GUARD Protocol type "; } enum "aaa-sess-proto-type-error-disable" { value 70; description "ERROR DISABLE Protocol type "; } enum "aaa-sess-proto-type-cmac-bridge-domain" { value 71; description "CMAC BRIDGE DOMAIN Protocol type "; } enum "aaa-sess-proto-type-mac-in-mac-tunnel" { value 72; description "MAC IN MAC TUNNEL Protocol type "; } enum "aaa-sess-proto-type-l2vpn" { value 73; description "L2VPN Protocol type "; } enum "aaa-sess-proto-type-snmp" { value 74; description "SNMP Protocol type "; } } description "AAA protocol type is used by clients to indicate how the session is established."; } typedef aaa-user-role { type enumeration { enum "aaa-user-role-invalid" { value 0; description "invalid user role"; } enum "aaa-user-role-default" { value 1; description "Default Admin User"; } enum "aaa-user-role-lobby" { value 2; description "Lobby Admin User"; } enum "aaa-user-role-mgmt" { value 3; description "Management User"; } enum "aaa-user-role-network" { value 4; description "Network User"; } enum "aaa-user-role-guest" { value 5; description "Guest user"; } enum "aaa-user-role-remote" { value 6; description "Remote Admin User"; } enum "aaa-user-role-remote-lobby" { value 7; description "Remote Lobby user"; } } description "User access role"; } typedef aaa-fqdn-prot-type { type enumeration { enum "aaa-fqdn-prot-type-invalid" { value 0; description "Invalid protocol"; } enum "aaa-fqdn-prot-type-radius" { value 1; description "Radius Protocol"; } enum "aaa-fqdn-prot-type-tacacs" { value 2; description "TACACS Protocol"; } enum "aaa-fqdn-prot-type-ldap" { value 3; description "LDAP protocol"; } enum "aaa-fqdn-prot-type-diameter" { value 4; description "Diameter Protocol"; } } description "AAA Protocol Type"; } grouping aaa-sessions { description "AAA session information associated with the user"; leaf aaa-uid { type uint32; description "AAA Unique ID"; } leaf session-id { type uint32; description "AAA Session ID"; } leaf ip-addr { type inet:ip-address; description "Source IP address that initiated the session"; } leaf protocol { type aaa-sess-prot-type; description "AAA protocol type Protocol used in this session."; } leaf login-time { type yang:date-and-time; description "Login-time for this session present in aaa code."; } } // grouping aaa-sessions grouping aaa-users { description "The record will be queried by using username field as the primary key to the parent table. For each user, aaa_uid identifies the session as there can be multiple sessions with same username. For example, same username could login from telnet and ssh. We can have two different sessions with two unique ids for the same username."; leaf username { type string; description "The username used to logged into the device"; } list aaa-sessions { key "aaa-uid"; description "Sessions associated with the users"; uses aaa-ios-xe-oper:aaa-sessions; } // list aaa-sessions } // grouping aaa-users grouping aaa-user-info { description "Local/Remote User access information"; leaf username { type string; description "AAA username"; } leaf creator { type string; description "Name of the administrator who created the user"; } leaf description { type string; description "Description of the user"; } leaf view-name { type string; description "Parser View attached to the user"; } leaf start-time { type yang:date-and-time; description "Creation time of the user"; } leaf expiry-time { type yang:date-and-time; description "Expiry time of the user"; } leaf max-login-limit { type uint32; description "Maximum login limit for the user"; } } // grouping aaa-user-info grouping aaa-username-type { description "Records of users of particular access type"; leaf user-type { type aaa-user-role; description "The role type of the user"; } list aaa-user-info { key "username"; description "info associated with the user"; uses aaa-ios-xe-oper:aaa-user-info; } // list aaa-user-info } // grouping aaa-username-type grouping aaa-radius-stats-key { description "Radius server statistics unique key"; leaf group-name { type string; description "AAA group name in which the server is defined. For public servers the group name is \"PUBLIC GROUP\" by default."; } leaf radius-server-ip { type inet:ip-address; description "Radius server IP address"; } leaf auth-port { type uint16; description "Radius server auth-port"; } leaf acct-port { type uint16; description "Radius server accounting port"; } } // grouping aaa-radius-stats-key grouping aaa-radius-stats { description "Radius server statistics"; leaf authen-retried-access-requests { type uint32; description "Authentication retried access requests"; } leaf authen-access-accepts { type uint32; description "Authentication access accepts"; } leaf authen-access-rejects { type uint32; description "Authentication access rejects"; } leaf authen-timeout-access-requests { type uint32; description "Authentication Timeout access requests"; } leaf author-retried-access-requests { type uint32; description "Authorization retried access requests"; } leaf author-access-accepts { type uint32; description "Authorization access accepts"; } leaf author-access-rejects { type uint32; description "Authorization access rejects"; } leaf author-timeout-access-requests { type uint32; description "Authorization Timeout access requests"; } leaf connection-opens { type uint32; description "Number of new connection requests sent to the RADIUS server."; } leaf connection-closes { type uint32; description "Number of connection close requests sent to the server."; } leaf connection-aborts { type uint32; description "Number of connections aborted. These do not include connections that are closed gracefully."; } leaf connection-failures { type uint32; description "Number of connection failures to the RADIUS server."; } leaf connection-timeouts { type uint32; description "Number of connection timeouts to the RADIUS server."; } leaf authen-messages-sent { type uint32; description "Number of authentication messages sent to the RADIUS server."; } leaf author-messages-sent { type uint32; description "Number of authorization messages sent to the RADIUS server."; } leaf acct-messages-sent { type uint32; description "Number of accounting messages sent to the RADIUS server."; } leaf authen-messages-received { type uint32; description "Number of authentication messages received by the RADIUS server."; } leaf author-messages-received { type uint32; description "Number of authorization messages received by the RADIUS server."; } leaf authen-errors-received { type uint32; description "Number of authentication error messages received from the RADIUS server."; } leaf author-errors-received { type uint32; description "Number of authorization error messages received from the RADIUS server."; } leaf acct-errors-received { type uint32; description "Number of accounting error messages received from the RADIUS server."; } leaf stats-time { type yang:date-and-time; description "Time from which the statistics are valid. This field will be updated when a RADIUS server is configured and also when the RADIUS server statistics are cleared."; } leaf eap-authen-avg-resp-time { type uint32; units "milliseconds"; description "Dot1x authentication average response time in milliseconds."; } leaf eap-authen-total-response { type uint32; description "Number of valid Dot1x authentication responses."; } leaf eap-authen-total-txns { type uint32; description "Number of Dot1x session transactions."; } leaf eap-authen-success-txns { type uint32; description "Number of Success Dot1x session transactions."; } leaf eap-authen-failed-txns { type uint32; description "Number of Failed Dot1x session transactions."; } leaf eap-authen-total-timeouts { type uint32; description "Number of Dot1x session timeouts."; } leaf eap-authen-total-failover { type uint32; description "Number of Dot1x session failover requests"; } leaf mac-authen-avg-resp-time { type uint32; units "milliseconds"; description "MAB authentication average response time in milliseconds."; } leaf mac-authen-total-response { type uint32; description "Number of valid MAB authentication responses."; } leaf mac-authen-total-txns { type uint32; description "Number of MAB session transactions."; } leaf mac-authen-success-txns { type uint32; description "Number of Success MAB session transactions."; } leaf mac-authen-failed-txns { type uint32; description "Number of Failed MAB session transactions."; } leaf mac-authen-total-timeouts { type uint32; description "Number of MAB session timeouts."; } leaf mac-authen-total-failover { type uint32; description "Number of MAB session failover requests"; } leaf mac-author-avg-resp-time { type uint32; units "milliseconds"; description "MAB authorization average response time in milliseconds."; } leaf mac-author-total-response { type uint32; description "Number of valid MAB authorization responses."; } leaf mac-author-total-txns { type uint32; description "Number of MAB authorization session transactions."; } leaf mac-author-success-txns { type uint32; description "Number of Success MAB authorization session transactions."; } leaf mac-author-failed-txns { type uint32; description "Number of Failed MAB authorization session transactions."; } leaf mac-author-total-timeouts { type uint32; description "Number of MAB authorization session timeouts."; } leaf mac-author-total-failover { type uint32; description "Number of MAB authorization session failover requests"; } } // grouping aaa-radius-stats grouping aaa-tacacs-stats-key { description "TACACS server statistics unique key"; leaf group-name { type string; description "AAA group name in which the server is defined. For public servers the group name is \"PUBLIC GROUP\" by default."; } leaf tacacs-server-address { type inet:ip-address; description "TACACS server IP address"; } leaf port { type uint16; description "TACACS server port"; } } // grouping aaa-tacacs-stats-key grouping aaa-tacacs-stats { description "AAA session information associated with the TACACS Server"; leaf connection-opens { type uint32; description "Number of new connection requests sent to the server"; } leaf connection-closes { type uint32; description "Number of connection close requests sent to the server"; } leaf connection-aborts { type uint32; description "Number of aborted connections to the server. These do not include connections that are close gracefully"; } leaf connection-failures { type uint32; description "Number of connection failures to the server"; } leaf connection-timeouts { type uint32; description "Number of connection timeouts to the server"; } leaf messages-sent { type uint32; description "Number of messages sent to the server"; } leaf messages-received { type uint32; description "Number of messages received by the server"; } leaf errors-received { type uint32; description "Number of error messages received from the server"; } leaf stats-start-time { type yang:date-and-time; description "This attribute contains stats collection start time. Stats collection starts when the TACACS server is configured"; } } // grouping aaa-tacacs-stats grouping aaa-ldap-counters-key { description "LDAP server counters unique key"; leaf ldap-server-address { type inet:ip-address; description "LDAP server IP address"; } leaf ldap-server-port { type uint16; description "LDAP server listening port - TCP"; } } // grouping aaa-ldap-counters-key grouping aaa-ldap-counters { description "LDAP server counters"; leaf connection-opens { type uint32; description "Number of new connection requests sent to the LDAP server."; } leaf messages-sent { type uint32; description "Number of messages sent to the LDAP server."; } leaf messages-received { type uint32; description "Number of messages received by the LDAP server."; } leaf errors-received { type uint32; description "Number of error messages received from the LDAP server."; } leaf connection-closes { type uint32; description "Number of connection close requests sent to the server."; } leaf connection-aborts { type uint32; description "Number of connections aborted. These do not include connections that are close gracefully."; } leaf connection-failures { type uint32; description "Number of connection failures to the LDAP server."; } leaf connection-timeouts { type uint32; description "Number of connection timeouts to the LDAP server."; } leaf counters-start-time { type yang:date-and-time; description "This attribute contains LDAP counters collection start time. Counters collection starts when a LDAP server is configured. Counters collection will be reset when the LDAP server counters are cleared."; } } // grouping aaa-ldap-counters grouping aaa-fqdn-info { description "FQDN Information"; leaf fqdn-name { type string; description "AAA FQDN Name."; } leaf protocol { type aaa-fqdn-prot-type; description "AAA Protocol in use."; } leaf-list active-ipv4 { type string; ordered-by user; description "FQDN active IPv4 data."; } leaf-list active-ipv6 { type string; ordered-by user; description "FQDN active IPv6 data."; } leaf-list member-of-group { type string; ordered-by user; description "Names of the groups that the FQDN belongs to."; } } // grouping aaa-fqdn-info container aaa-data { config false; description "Operational state of AAA"; list aaa-radius-stats { key "group-name radius-server-ip auth-port acct-port"; description "Radius server statistics"; uses aaa-ios-xe-oper:aaa-radius-stats-key; uses aaa-ios-xe-oper:aaa-radius-stats; } // list aaa-radius-stats list aaa-tacacs-stats { key "group-name tacacs-server-address port"; description "AAA TACACS server statistics"; uses aaa-ios-xe-oper:aaa-tacacs-stats-key; uses aaa-ios-xe-oper:aaa-tacacs-stats; } // list aaa-tacacs-stats list aaa-ldap-counters { key "ldap-server-address ldap-server-port"; description "LDAP server counters"; uses aaa-ios-xe-oper:aaa-ldap-counters-key; uses aaa-ios-xe-oper:aaa-ldap-counters; } // list aaa-ldap-counters list aaa-users { key "username"; description "List of current users"; uses aaa-ios-xe-oper:aaa-users; } // list aaa-users list aaa-username-type { key "user-type"; description "AAA user role type"; uses aaa-ios-xe-oper:aaa-username-type; } // list aaa-username-type list aaa-fqdn-info { key "fqdn-name"; description "AAA FQDN Information"; uses aaa-ios-xe-oper:aaa-fqdn-info; } // list aaa-fqdn-info } // container aaa-data } // module Cisco-IOS-XE-aaa-oper
© 2023 YumaWorks, Inc. All rights reserved.