This module contains a collection of YANG definitions for identity operational data. Copyright (c) 2020-2021 by Cisco Systems, I...
Version: 2021-07-01
module Cisco-IOS-XE-identity-oper { yang-version 1; namespace "http://cisco.com/ns/yang/Cisco-IOS-XE-identity-oper"; prefix identity-ios-xe-oper; import Cisco-IOS-XE-aaa-types { prefix aaa-types; } import ietf-inet-types { prefix inet; } import ietf-yang-types { prefix yang; } import cisco-semver { prefix cisco-semver; } organization "Cisco Systems, Inc."; contact "Cisco Systems, Inc. Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 Tel: +1 1800 553-NETS E-mail: cs-yang@cisco.com"; description "This module contains a collection of YANG definitions for identity operational data. Copyright (c) 2020-2021 by Cisco Systems, Inc. All rights reserved."; revision "2021-07-01" { description "- Added Intel device data to device classifier client operational data - Added unique session Id"; reference "1.4.0"; } revision "2021-03-01" { description "- Removed device OS and vendor source constraints"; reference "1.3.0"; } revision "2020-11-01" { description "- Added accounting list"; reference "1.2.0"; } revision "2020-03-01" { description "- Added counters for Web authentication backpressure queue - Added is-user-profile flag to identify whether a service template is downloaded from an external server"; reference "1.1.0"; } revision "2019-11-01" { description "Initial revision"; reference "1.0.0"; } cisco-semver:module-version "1.4.0"; cisco-semver:module-version "1.3.0"; cisco-semver:module-version "1.2.0"; cisco-semver:module-version "1.1.0"; cisco-semver:module-version "1.0.0"; typedef session-blocked-on-state { type enumeration { enum "flags-none" { value 0; description "Session Blocked on None"; } enum "event-async-caller-unknown" { value 1; description "Session Blocked on Asynchronous Caller Unknown"; } enum "event-async-caller-apply-up" { value 2; description "Session Blocked on Asynchronous User-profile Application"; } enum "event-async-caller-apply-authorization" { value 3; description "Session Blocked on Authorization"; } enum "event-async-caller-remove-up" { value 4; description "Session Blocked on Asynchronous User-profile Removal"; } enum "event-async-caller-pre" { value 5; description "Session Blocked on Asynchronous PRE Event"; } enum "event-async-caller-async-teardown" { value 6; description "Session Blocked on Asynchronous Teardown"; } enum "event-async-caller-final-delete" { value 7; description "Session Blocked on Final Delete"; } } description "Session Block On State"; } typedef authentication-method-id { type enumeration { enum "invalid-method-id" { value 0; description "Denotes an Invalid method ID"; } enum "dot1x-auth-id" { value 1; description "IEEE 802.1X Authenticator ID"; } enum "mab-id" { value 2; description "Mac-Auth-Bypass Method"; } enum "web-auth-id" { value 3; description "Web Authentication"; } enum "static-method-id" { value 4; description "Static method Identifier"; } enum "eou" { value 5; description "Eap Over UDP Method identifier"; } enum "dot1x-supp-id" { value 6; description "IEEE 802.1X Supplicant ID"; } } description "IDs representing various authentication"; } typedef context-state { type enumeration { enum "idle" { value 0; description "Session Idle State"; } enum "running" { value 1; description "Session in Authentication Running State"; } enum "no-more-methods" { value 2; description "Session in No more authentication methods state"; } enum "authc-success" { value 3; description "Session Authentication Success State"; } enum "authc-failed" { value 4; description "Session Authentication Fail State"; } enum "authz-success" { value 5; description "Session Authorization Success State"; } enum "authz-failed" { value 6; description "Session authorization failed state"; } } description "Session Manager Session State"; } typedef session-domain { type enumeration { enum "domain-unknown" { value 0; description "Unknown Domain"; } enum "data" { value 1; description "Data Domain"; } enum "voice" { value 2; description "Voice Domain"; } } description "Session's domain"; } typedef session-target-scope { type enumeration { enum "scope-unknown" { value 0; description "Session's scope Unknown"; } enum "client" { value 1; description "Session's Scope : Client"; } enum "interface" { value 2; description "Interface Scope"; } } description "Session's scope"; } typedef control-direction { type enumeration { enum "control-direction-unknown" { value 0; description "Interface config, Control-direction: Unknown"; } enum "both" { value 1; description "Interface config, Control-direction: Both"; } enum "in" { value 2; description "Interface config, Control-direction: In"; } } description "Interface Configuration: control-direction"; } typedef port-type { type enumeration { enum "port-type-unknown" { value 0; description "Interface config, Port-type: Unknown"; } enum "l2" { value 1; description "Interface config, Port-type: L2 Port"; } enum "l3" { value 2; description "Interface config, Port-type: L3 Port"; } enum "dot11" { value 4; description "Interface config, Port-type: Dot11 port"; } } description "Interface config, Port-type"; } typedef webauth-type { type enumeration { enum "app-id-min" { value 0; description "Web authentication type Minimum"; } enum "app-id-ezvpn" { value 1; description "Web authentication type EZVPN"; } enum "app-id-authproxy" { value 2; description "Web authentication type auth-proxy"; } enum "app-id-consent" { value 3; description "Web authentication type consent"; } enum "app-id-authproxy-with-consent" { value 4; description "Web authentication type auth-proxy with consent"; } enum "app-id-authbypass" { value 5; description "Web authentication type auth-bypass"; } enum "app-id-max" { value 6; description "Web authentication type max"; } } description "Web authentication type"; } typedef webauth-state { type enumeration { enum "webauth-init" { value 0; description "Web authentication state initialized"; } enum "webauth-http-next-password" { value 1; description "Web authentication state http next password"; } enum "webauth-get-redirect" { value 2; description "Web authentication state get redirect"; } enum "webauth-login" { value 3; description "Web authentication state login"; } enum "webauth-authenticating" { value 4; description "Web authentication state authenticating"; } enum "webauth-authentication-fail" { value 5; description "Web authentication state authentication fail"; } enum "webauth-nrh-authentication-fail" { value 6; description "Web authentication state Non-Responsive Host authentication fail"; } enum "webauth-authentication-success" { value 7; description "Web authentication state authentication success"; } enum "webauth-nrh-authentication-success" { value 8; description "Web authentication state Non-Responsive Host authentication success"; } enum "webauth-authorized" { value 9; description "Web authentication state authorized"; } } description "Web authentication state"; } typedef pre-event { type enumeration { enum "event-none" { value 0; description "No PRE Event"; } enum "invalid-event" { value 1; description "Invalid Event"; } enum "rx-method-event-new-mac" { value 2; description "New MAC Event"; } enum "rx-method-event-agent-found" { value 3; description "Agent Found Event"; } enum "rx-method-event-authc-success" { value 4; description "Authentication Success Event"; } enum "rx-method-event-violation" { value 5; description "Violation Event"; } enum "rx-method-event-authc-remote-success" { value 6; description "Remote Authentication Success Event"; } enum "rx-method-event-authc-fail" { value 7; description "Authentication Fail Event"; } enum "rx-method-event-authc-remote-fail" { value 8; description "Remote Authentication Fail Event"; } enum "rx-method-event-session-started" { value 9; description "Session Started Event"; } enum "rx-method-event-pdu" { value 10; description "PDU Event"; } enum "event-authz-success" { value 11; description "Authorization Success Event"; } enum "event-authz-fail" { value 12; description "Authorization Fail Event"; } enum "event-start" { value 13; description "Start Event"; } enum "apply-user-profile" { value 14; description "Apply User Profile Event"; } enum "remove-user-profile" { value 15; description "Remove User Profile Event"; } enum "multiple-identity-update" { value 16; description "Multi-Identity Update Event"; } enum "single-identity-update" { value 17; description "Single-Identity Update Event"; } enum "rx-identity-update" { value 18; description "Received Identity Update Event"; } enum "event-delete" { value 19; description "Delete Event"; } enum "event-delete-final" { value 20; description "Delete Final Event"; } enum "event-delete-all" { value 21; description "Delete All Event"; } enum "event-delete-sb" { value 22; description "Delete Sub-block Event"; } enum "event-start-tick-timer" { value 23; description "Tick Timer Start Event"; } enum "event-start-event-processing" { value 24; description "Event Processing Start Event"; } enum "rx-pre-event-async-cb" { value 25; description "Asynchronous Callback Event"; } enum "rx-pre-event-external" { value 26; description "External Event"; } } description "Policy Rule Engine Event"; } typedef protocol-type { type enumeration { enum "cdp" { value 0; description "Protocol Type CDP"; } enum "lldp" { value 1; description "Protocol Type LLDP"; } enum "dhcp" { value 2; description "Protocol Type DHCP"; } enum "mdns" { value 3; description "Protocol Type MDNS"; } enum "sip" { value 4; description "Protocol Type SIP"; } enum "h323" { value 5; description "Protocol Type H323"; } enum "http" { value 6; description "Protocol Type HTTP"; } enum "dhcpv6" { value 7; description "Protocol Type DHCPv6"; } enum "dot11-device-analytics" { value 8; description "Protocol Type dot11 device analytics"; } } description "Protocol Type"; } typedef dc-db-attr-type-e { type enumeration { enum "proto-none" { value 0; description "Protocol Not Assigned"; } enum "proto-oui" { value 1; description "Protocol OUI"; } enum "proto-cdp" { value 2; description "Protocol CDP"; } enum "proto-lldp" { value 3; description "Protocol LLDP"; } enum "proto-dhcp" { value 4; description "Protocol DHCP"; } enum "proto-mdns" { value 5; description "Protocol MDNS"; } enum "proto-http" { value 6; description "Protocol HTTP"; } enum "proto-sip" { value 7; description "Protocol SIP"; } enum "proto-h323" { value 8; description "Protocol H323"; } enum "proto-snmp" { value 9; description "Protocol SNMP"; } enum "proto-nmap" { value 10; description "Protocol Network Mapper"; } enum "proto-dot11-device-analytics" { value 11; description "802.11 Association Frames for different vendors"; } } description "Device Classifier Protocol Source"; } typedef dc-power-type-e { type enumeration { enum "power-none" { value 0; description "Power Type Not Assigned"; } enum "ac-powered" { value 1; description "Power Type AC"; } enum "dc-powered" { value 2; description "Power Type DC"; } } description "Device Classifier Power Type"; } typedef authentication-state { type enumeration { enum "auth-not-running" { value 0; description "Authentication not running"; } enum "auth-running" { value 1; description "Authentication running"; } enum "auth-failover" { value 2; description "Authentication state failover"; } enum "auth-success" { value 3; description "Authentication success"; } enum "auth-failed" { value 4; description "Authentication failed"; } enum "auth-stopped" { value 5; description "Authentication stopped"; } } description "Authentication state"; } typedef authentication-event { type enumeration { enum "event-success" { value 1; description "Authentication event successful"; } enum "event-invalid-credential" { value 2; description "Authentication event failure due to invalid credentials"; } enum "event-aaa-server-dead" { value 3; description "Authentication event failure due to AAA server not reachable"; } enum "event-no-client-response" { value 4; description "Authentication event failure due to no response from client"; } enum "event-timeout" { value 5; description "Authentication event failure due to timeout"; } enum "event-aaa-server-alive" { value 6; description "Authentication event AAA server alive"; } enum "event-linksec-fail" { value 7; description "Authentication event failure to secure link"; } enum "event-aaa-not-ready" { value 8; description "Authentication event fail due to AAA not ready"; } enum "event-no-method-configuration" { value 9; description "Authentication event fail due to no method configuration"; } enum "event-deprecated" { value 10; description "Authentication event deprecated"; } } description "Authentication event"; } typedef auth-attribute-action { type enumeration { enum "action-merge" { value 1; description "Authenticator attribute action Merge"; } enum "action-replace" { value 2; description "Authenticator attribute action Replace"; } enum "action-replace-all" { value 3; description "Authenticator attribute action Replace All"; } } description "Authenticator attribute action"; } typedef dot1x-auth-state { type enumeration { enum "dot1x-auth-unknown" { value 0; description "802.1x Authenticator State Unknown"; } enum "dot1x-auth-initialize" { value 1; description "802.1x Authenticator State Initialize"; } enum "dot1x-auth-disconnected" { value 2; description "802.1x Authenticator State Disconnected"; } enum "dot1x-auth-connecting" { value 3; description "802.1x Authenticator State Connecting"; } enum "dot1x-auth-authenticating" { value 4; description "802.1x Authenticator State Authenticating"; } enum "dot1x-auth-authenticated" { value 5; description "802.1x Authenticator State Authenticated"; } enum "dot1x-auth-aborting" { value 6; description "802.1x Authenticator State Aborting"; } enum "dot1x-auth-held" { value 7; description "802.1x Authenticator State Held"; } enum "dot1x-auth-force-authorized" { value 8; description "802.1x Authenticator State Force Authorized"; } enum "dot1x-auth-force-unauthorized" { value 9; description "802.1x Authenticator State Force Unauthorized"; } enum "dot1x-auth-restart" { value 10; description "802.1x Authenticator State Restart"; } enum "dot1x-auth-fallback" { value 11; description "802.1x Authenticator State Fallback"; } enum "dot1x-auth-result" { value 12; description "802.1x Authenticator State Authentication result"; } enum "dot1x-auth-authz-success" { value 13; description "802.1x Authenticator State Authorization success"; } enum "dot1x-auth-authz-fail" { value 14; description "802.1x Authenticator State Authorization fail"; } } description "802.1x authenticator state"; } typedef dot1x-auth-backend-state { type enumeration { enum "dot1x-auth-backend-state-unknown" { value 0; description "802.1x Authenticator back-end state (Unknown)"; } enum "dot1x-auth-backend-state-request" { value 1; description "802.1x Authenticator back-end state (Request)"; } enum "dot1x-auth-backend-state-response" { value 2; description "Authenticator back-end state (Response)"; } enum "dot1x-auth-backend-state-success" { value 3; description "802.1x Authenticator back-end state (Success)"; } enum "dot1x-auth-backend-state-fail" { value 4; description "802.1x Authenticator back-end state (Fail)"; } enum "dot1x-auth-backend-state-timeout" { value 5; description "802.1x Authenticator back-end state (Timeout)"; } enum "dot1x-auth-backend-state-idle" { value 6; description "802.1x Authenticator back-end state (Idle)"; } enum "dot1x-auth-backend-state-initialize" { value 7; description "802.1x Authenticator back-end state (Initialize)"; } enum "dot1x-auth-backend-state-ignore" { value 8; description "802.1x Authenticator back-end state (Ignore)"; } } description "802.1x Authenticator Back-end state"; } typedef mab-auth-state { type enumeration { enum "mab-state-unknown" { value 0; description "MAB state Unknown"; } enum "mab-state-initialize" { value 1; description "MAB state Initialize"; } enum "mab-state-acquiring" { value 2; description "MAB state acquiring"; } enum "mab-state-authorizing" { value 3; description "MAB state Authorizing"; } enum "mab-state-terminate" { value 4; description "MAB state Terminate"; } } description "MAC Authentication Bypass (MAB) State"; } typedef dot1x-supplicant-state { type enumeration { enum "dot1x-supp-state-unknown" { value 0; description "802.1x Supplicant state Unknown"; } enum "dot1x-supp-state-initialize" { value 1; description "802.1x Supplicant state Initialize"; } enum "dot1x-supp-state-logoff" { value 2; description "802.1x Supplicant state Logoff"; } enum "dot1x-supp-state-disconnected" { value 3; description "802.1x Supplicant state Disconnected"; } enum "dot1x-supp-state-connecting" { value 4; description "802.1x Supplicant state Connecting"; } enum "dot1x-supp-state-authenticating" { value 5; description "802.1x Supplicant state Authenticating"; } enum "dot1x-supp-state-held" { value 6; description "802.1x Supplicant state Held"; } enum "dot1x-supp-state-authenticated" { value 7; description "802.1x Supplicant state Authenticated"; } enum "dot1x-supp-state-restart" { value 8; description "802.1x Supplicant state Restart"; } enum "dot1x-supp-state-force-auth" { value 9; description "802.1x Supplicant state Force Authorized"; } enum "dot1x-supp-state-force-unauth" { value 10; description "802.1x Supplicant state Force Unauthorized"; } } description "802.1x Supplicant state"; } typedef dot1x-supplicant-port-state { type enumeration { enum "dot1x-supp-port-state-unknown" { value 0; description "802.1x Supplicant port state Unknown"; } enum "dot1x-supp-port-state-initialize" { value 1; description "802.1x Supplicant port state Initialize"; } enum "dot1x-supp-port-state-authorized" { value 2; description "802.1x Supplicant port state Authorized"; } enum "dot1x-supp-port-state-unauthorized" { value 3; description "802.1x Supplicant port state Unauthorized"; } } description "802.1x Supplicant PAE port state"; } typedef dot1x-supplicant-backend-state { type enumeration { enum "dot1x-supp-backend-state-unknown" { value 0; description "802.1x supplicant back-end state Unknown"; } enum "dot1x-supp-backend-state-initialize" { value 1; description "802.1x supplicant back-end state Initialize"; } enum "dot1x-supp-backend-state-request" { value 2; description "802.1x supplicant back-end state Request"; } enum "dot1x-supp-backend-state-response" { value 3; description "802.1x supplicant back-end state Response"; } enum "dot1x-supp-backend-state-success" { value 4; description "802.1x supplicant back-end state Success"; } enum "dot1x-supp-backend-state-fail" { value 5; description "802.1x supplicant back-end state Fail"; } enum "dot1x-supp-backend-state-timeout" { value 6; description "802.1x supplicant back-end state Timeout"; } enum "dot1x-supp-backend-state-idle" { value 7; description "802.1x supplicant back-end state Idle"; } enum "dot1x-supp-backend-state-receive" { value 8; description "802.1x supplicant back-end state Receive"; } } description "802.1x Supplicant Back-end state"; } typedef attribute-format { type enumeration { enum "format-invalid" { value 0; description "Attribute format Invalid"; } enum "format-string" { value 1; description "Attribute format String"; } enum "format-binary" { value 2; description "Attribute format Binary"; } enum "format-ulong" { value 3; description "Attribute format Unsigned Long"; } enum "format-enum" { value 4; description "Attribute format Enumeration"; } enum "format-ipv4" { value 5; description "Attribute format IPv4 address"; } enum "format-ipv6" { value 6; description "Attribute format IPv6 address"; } enum "format-mac" { value 7; description "Attribute format MAC address"; } enum "format-string-attr" { value 8; description "Attribute format String attribute"; } enum "format-utc-time" { value 9; description "Attribute format UTC Time"; } enum "format-boolean" { value 10; description "Attribute format Boolean"; } enum "format-opaque-binary" { value 11; description "Attribute format Opaque binary"; } enum "format-special" { value 12; description "Attribute format Special"; } enum "format-ipx-network" { value 13; description "Attribute format IPX Network"; } enum "format-ulonglong" { value 14; description "Attribute format Unsigned Long Long"; } enum "format-tagged-string" { value 15; description "Attribute format Tagged string"; } enum "format-tagged-ulong" { value 16; description "Attribute format Tagged Unsigned Long"; } enum "format-tagged-opaque-binary" { value 17; description "Attribute format Tagged opaque binary"; } enum "format-tagged-enum" { value 18; description "Attribute format Tagged enumeration"; } enum "format-grouped" { value 19; description "Attribute format Grouped"; } enum "format-address" { value 20; description "Attribute format Address"; } enum "format-diameter-identity" { value 21; description "Attribute format Diameter Identity"; } enum "format-ip-filter-rule" { value 22; description "Attribute format IP Filter rule"; } enum "format-qos-filter-rule" { value 23; description "Attribute format QoS Filter rule"; } enum "format-string-dn" { value 24; description "Attribute format String DN"; } enum "format-max" { value 25; description "Attribute format Max"; } } description "AAA attribute Format"; } typedef service-source { type enumeration { enum "source-none" { value 0; description "Service source None"; } enum "source-local" { value 1; description "Service source Local"; } enum "source-pmap" { value 2; description "Service source Parameter-Map"; } enum "source-aaa" { value 3; description "Service source AAA"; } enum "source-local-wlan" { value 4; description "Service source Local WLAN"; } } description "Policy Service source"; } typedef service-status { type enumeration { enum "service-status-unknown" { value 0; description "Service status Unknown"; } enum "service-status-error" { value 1; description "Service status Error"; } enum "service-status-new" { value 2; description "Service status New"; } enum "service-status-loading" { value 3; description "Service status Loading"; } enum "service-status-req-apply" { value 4; description "Service status Request apply"; } enum "service-status-applied" { value 5; description "Service status Applied"; } enum "service-status-req-unapply" { value 6; description "Service status Request unapply"; } enum "service-status-unapplied" { value 7; description "Service status Unapplied"; } enum "service-status-failure" { value 8; description "Service status Failure"; } enum "service-status-max" { value 9; description "Service status Max"; } } description "Policy Service status"; } typedef protocol-map { type bits { bit protocol-map-oui { position 0; description "OUI Based Classification Bit"; } bit protocol-map-cdp { position 1; description "CDP Based Classification Bit"; } bit protocol-map-lldp { position 2; description "LLDP Based Classification Bit"; } bit protocol-map-dhcp { position 3; description "DHCP Based Classification Bit"; } bit protocol-map-mdns { position 4; description "MDNS Based Classification Bit"; } bit protocol-map-http { position 5; description "HTTP Based Classification Bit"; } bit protocol-map-sip { position 6; description "SIP Based Classification Bit"; } bit protocol-map-h323 { position 7; description "H323 Based Classification Bit"; } bit protocol-map-snmp { position 8; description "SNMP Based Classification Bit"; } bit protocol-map-nmap { position 9; description "Network Mapper Based Classification Bit"; } bit protocol-map-dot11-device-analytics { position 10; description "802.11 Association Frames Based Classification Bit for different vendors"; } } description "Flags for Protocols used for Client Classification"; } grouping sm-device-classifier-data { description "Device classification data"; leaf dc-profile-name { type string; description "Device classifier profile name"; } leaf dc-device-name { type string; description "Classifier device name"; } leaf dc-device-class { type string; description "Classifier device class"; } } // grouping sm-device-classifier-data grouping sm-audit-id { description "Session Audit id"; leaf aid { type string { length "0 .. 25"; } description "Audit identifier"; } } // grouping sm-audit-id grouping sm-posture-token { description "Session posture token"; leaf token { type string { length "0 .. 61"; } description "Posture token"; } } // grouping sm-posture-token grouping sm-pdata { description "Session sensor protocol data"; leaf-list data { type uint8; ordered-by user; description "Protocol data"; } } // grouping sm-pdata grouping sm-protocol-tlv { description "Session sensor Type Length Vector"; leaf type { type uint16; description "Sensor protocol type"; } leaf length { type uint16; description "Sensor data length"; } container value { description "Sensor data value"; uses identity-ios-xe-oper:sm-pdata; } // container value } // grouping sm-protocol-tlv grouping sm-protocol-data { description "Session sensor data"; leaf proto-type { type protocol-type; description "Sensor protocol type"; } list tlv { description "Sensor protocol Type Length Vector"; uses identity-ios-xe-oper:sm-protocol-tlv; } // list tlv } // grouping sm-protocol-data grouping sm-protocol-info { description "Session sensor protocol information"; list protocol-data { description "Sensor protocol data"; uses identity-ios-xe-oper:sm-protocol-data; } // list protocol-data } // grouping sm-protocol-info grouping sm-clients-pen-del-node { description "List of clients pending deletion"; leaf client-name { type string; description "Client name"; } } // grouping sm-clients-pen-del-node grouping sm-aaa-server-details { description "AAA server details"; leaf server-address { type inet:ip-address; description "AAA server address"; } leaf server-status { type aaa-types:aaa-req-status; description "AAA server status"; } leaf server-authport { type uint16; description "AAA server authenticator port"; } leaf server-acctport { type uint16; description "AAA server accounting port"; } } // grouping sm-aaa-server-details grouping sm-context { description "Session context data"; leaf mac { type yang:mac-address; description "Session MAC address"; } leaf ipv4 { type inet:ipv4-address; description "Session IPv4 address"; } leaf-list ipv6 { type inet:ipv6-address; max-elements 16; ordered-by user; description "Session IPv6 addresses"; } leaf intf-iifid { type uint32; description "Interface index identifier"; } leaf method-id { type authentication-method-id; description "Method identifier"; } leaf domain { type session-domain; description "Session domain"; } leaf scope { type session-target-scope; description "Session scope"; } container audit-id { description "Audit session identifier"; uses identity-ios-xe-oper:sm-audit-id; } // container audit-id container posture-token { description "Posture token"; uses identity-ios-xe-oper:sm-posture-token; } // container posture-token leaf acct-sess-id { type uint32; description "Accounting session identifier"; } leaf aaa-sess-id { type uint32; description "AAA unique identifier"; } leaf sess-iifid { type uint32; description "Session iif identifier"; } leaf username { type string; description "Session username"; } leaf vlan-id { type uint32; description "Session VLAN identifier"; } leaf linksec-secured { type boolean; description "Link secured"; } leaf state { type context-state; description "Session context state"; } leaf port-type { type port-type; description "Port type of session"; } leaf authorized { type boolean; description "Session authorized"; } leaf user-role { type string; description "Session user role"; } leaf device-type { type string; description "Session device type"; } leaf protocol-map { type uint32; description "Classifier protocol map"; } container dc-data { description "Device classification data"; uses identity-ios-xe-oper:sm-device-classifier-data; } // container dc-data leaf control-direction { type control-direction; description "Port control direction of session"; } leaf reauth-timeout { type uint32; units "seconds"; description "Reauthentication timeout in seconds"; } leaf reauth-timestamp { type uint64; description "Reauthentication Timestamp"; } leaf paused-reauth { type boolean; description "Paused Reauthentication"; } leaf reauth-ip-change { type boolean; description "Reauthentication ip change"; } leaf reauth-act-terminate { type boolean; description "Terminate on reauthentication"; } leaf reauth-using-current-method { type uint8; description "Reauthentication using current method"; } leaf reauth-remain-time { type uint32; units "seconds"; description "Reauthentication remaining time in seconds"; } leaf term-cause { type uint32; description "Session termination cause"; } leaf aaa-timeout-seen { type boolean; description "AAA timeout seen"; } leaf authz-fail-count { type uint32; description "Authorization fail count"; } leaf ssn-flags { type uint32; description "Session Flags"; } leaf intf-name { type string; description "Interface name of session"; } leaf policy-name { type string; description "Policy on session interface"; } leaf blocked-on-state { type session-blocked-on-state; description "Session blocked on state"; } leaf pre-event { type pre-event; description "Policy Rule Engine event on which session is blocked"; } list pen-del-client-list { description "List of clients pending deletion"; uses identity-ios-xe-oper:sm-clients-pen-del-node; } // list pen-del-client-list leaf acct-update-timeout { type uint32; units "seconds"; description "Session accounting update timeout in seconds"; } leaf acct-update-timestamp { type uint64; description "Session accounting update timestamp"; } container aaa-server { description "AAA server details"; uses identity-ios-xe-oper:sm-aaa-server-details; } // container aaa-server container sensor { description "Session sensor data"; uses identity-ios-xe-oper:sm-protocol-info; } // container sensor leaf client-join-time { type yang:date-and-time; units "seconds"; description "Client join time in seconds"; } leaf device-name { type string; description "Classified device platform name"; } leaf acct-mlist { type string; description "Accounting method-list"; } leaf ext-acct-sess-id { type string; description "Extended Accounting session identifier"; } } // grouping sm-context grouping sm-domain-key { description "Session Domain key"; leaf domain { type session-domain; description "Session domain"; } leaf mac { type yang:mac-address; description "Session MAC address"; } } // grouping sm-domain-key grouping sm-acct-sess-info { description "Accounting session information"; leaf id { type uint32; description "Accounting session id"; } leaf mac { type yang:mac-address; description "Session MAC address"; } } // grouping sm-acct-sess-info grouping sm-intf-key { description "Interface level key for session"; leaf intf-iifid { type uint32; description "Interface iif index"; } leaf mac { type yang:mac-address; description "Session MAC address"; } } // grouping sm-intf-key grouping sm-username-key { description "Username level key for session"; leaf username { type string; description "Client username"; } leaf mac { type yang:mac-address; description "Session MAC address"; } } // grouping sm-username-key grouping sm-method-key { description "Method level key for session"; leaf method { type uint32; description "Session method"; } leaf mac { type yang:mac-address; description "Session MAC address"; } } // grouping sm-method-key grouping dc-client-info { description "Device Classification info of client"; leaf client-mac { type yang:mac-address; description "Client MAC address"; } leaf device-type { type string; description "Client Device Classification"; } leaf protocol-map { type protocol-map; description "A Map of Protocols used for Device Classification"; } leaf confidence-level { type uint32; description "Confidence Level of classification"; } leaf classified-time { type yang:date-and-time; description "Time of Classification"; } leaf day-zero-dc { type string; description "MAC based Device Classification"; } leaf sw-version { when "(../sw-version-src != 'proto-none') and (../sw-version-src != 'proto-dot11-device-analytics')"; type string; description "Software Version of the Client"; } leaf sw-version-src { type dc-db-attr-type-e; description "Network Protocol used as a source of device's software version info"; } leaf device-os { when "(../device-os-src != 'proto-none')"; type string; description "Device Operating System"; } leaf device-sub-version { when "(../device-os-src != 'proto-none')"; type string; description "Device Sub-Version"; } leaf device-os-src { type dc-db-attr-type-e; description "Network Protocol used as a source of device's operating system info"; } leaf device-name { type string; description "Name of the Device"; } leaf device-vendor { when "(../device-vendor-src != 'proto-none')"; type string; description "Device Vendor"; } leaf device-vendor-src { type dc-db-attr-type-e; description "Network Protocol used as a source of device's vendor info"; } leaf sales-code { when "(../sales-code-src != 'proto-none') and (../sales-code-src != 'proto-dot11-device-analytics')"; type string; description "Sales Code for Devices"; } leaf sales-code-src { type dc-db-attr-type-e; description "Network Protocol used as a source of device's sales code info"; } leaf device { when "(../device-src != 'proto-none') and (../device-src != 'proto-dot11-device-analytics')"; type string; description "Form of the Device"; } leaf device-src { type dc-db-attr-type-e; description "Network Protocol used as a source of device's form info"; } leaf country-name { when "(../country-name-src != 'proto-none') and (../country-name-src != 'proto-dot11-device-analytics')"; type string; description "Country of the device"; } leaf country-name-src { type dc-db-attr-type-e; description "Network Protocol used as a source of device's country name info"; } leaf model-name { when "(../model-name-src != 'proto-none')"; type string; description "Model name of the device"; } leaf model-name-src { type dc-db-attr-type-e; description "Network protocol used as a source of device model name info"; } leaf power-type { when "(../power-type-src != 'proto-none')"; type dc-power-type-e; description "Power type of the device"; } leaf power-type-src { type dc-db-attr-type-e; description "Network protocol used as a source of device power type info"; } leaf hw-model { when "(../hw-model-src != 'proto-none')"; type string; description "Hardware model of the device"; } leaf hw-model-src { type dc-db-attr-type-e; description "Network protocol used as a source of device hardware model info"; } } // grouping dc-client-info grouping sm-method-data-key { description "Method data key"; leaf mac { type yang:mac-address; description "Session MAC address"; } leaf method-id { type authentication-method-id; description "Session authenticating method identifier"; } } // grouping sm-method-data-key grouping sm-method-data { description "Session method data"; leaf method-auth-state { type authentication-state; description "Method authentication state"; } leaf method-auth-event { type authentication-event; description "Method authentication event"; } leaf priority { type uint8; description "Method priority, ranges from 1 to 254"; } leaf retries { type uint8; description "Number of times to retry failed authentications"; } leaf retry-count { type uint8; description "Method retry count"; } leaf retry-time { type uint8; units "seconds"; description "Time interval between retries in seconds"; } leaf result-ignored { type uint8; description "Method result ignored"; } leaf agent-seen { type uint8; description "Is 802.1x capable agent seen"; } leaf auth-attr-action { type auth-attribute-action; description "Method authentication attribute action"; } leaf authc-mlist-len { type uint8 { range "0 .. 31"; } description "Authentication method-list length"; } leaf authc-mlist { type string; description "Authentication method-list"; } leaf authz-mlist { type string; description "Authorization method-list"; } } // grouping sm-method-data grouping sm-dot1x-auth-data { description "802.1x authentication data"; leaf mac { type yang:mac-address; description "Session MAC address"; } leaf dot1x-is-supported { type uint8; description "Is 802.1x supported on the port"; } leaf auth-state { type dot1x-auth-state; description "802.1x authenticator state"; } leaf auth-bend-state { type dot1x-auth-backend-state; description "802.1x authentication back-end state"; } leaf eapol-ver { type uint32; description "EAPoL Version"; } leaf intf-iifid { type uint32; description "Interface Index for the session"; } leaf last-eap-id { type uint8; description "EAP identifier of last eap packet"; } leaf eap-method { type uint8; description "EAP method used"; } } // grouping sm-dot1x-auth-data grouping sm-mab-auth-data { description "MAB authentication data"; leaf mac { type yang:mac-address; description "Session MAC address"; } leaf auth-state { type mab-auth-state; description "MAB Authentication state"; } leaf auth-status { type boolean; description "MAB authentication status"; } leaf intf-iifid { type uint32; description "Interface index for the session"; } } // grouping sm-mab-auth-data grouping sm-web-auth-data { description "Web-authentication data"; leaf mac { type yang:mac-address; description "Session MAC address"; } leaf init-state-timeout { type uint32; description "Web-authentication initialization state timeout"; } leaf retry-count { type uint16; description "Web-authentication retry count"; } leaf no-data-count { type uint16; description "Web-authentication count of no data sessions"; } leaf deny-of-service { type uint8; description "Is service denied for the session"; } leaf state { type webauth-state; description "Web-authentication state"; } leaf acl-flags { type uint8; description "Web-authentication ACL flags"; } leaf appl-id { type webauth-type; description "Web-authentication application identifier"; } leaf client-ipv4-addr { type inet:ipv4-address; description "Client IPv4 address"; } leaf-list ipv6 { type inet:ipv6-address; max-elements 16; ordered-by user; description "List of Client IPv6 addresses"; } leaf intf-iifid { type uint32; description "Interface index for the session"; } leaf webauth-type { type uint8; description "Web-authentication type"; } leaf is-cwa-session { type boolean; description "Is Central Web-Authentication Session"; } leaf is-sleeping { type boolean; description "Is Sleeping client"; } leaf is-service-denied { type boolean; description "Is Service denied"; } } // grouping sm-web-auth-data grouping sm-dot1x-supp-data { description "802.1x Supplicant Data"; leaf intf-iifid { type uint32; description "Interface index for the session"; } leaf dest-mac { type yang:mac-address; description "Client MAC address"; } leaf state { type dot1x-supplicant-state; description "802.1x Supplicant state"; } leaf bend-state { type dot1x-supplicant-backend-state; description "802.1x Supplicant back-end state"; } leaf port-state { type dot1x-supplicant-port-state; description "802.1x Supplicant port state"; } } // grouping sm-dot1x-supp-data grouping sm-dot1x-auth-stats { description "802.1x Authenticator interface level statistics"; leaf intf-iifid { type uint32; description "Interface index"; } leaf eapol-frames-rx { type uint32; description "Total EAPoL frames received"; } leaf eapol-frames-tx { type uint32; description "Total EAPoL frames transmitted"; } leaf eapol-start-frames-rx { type uint32; description "Total EAPoL Start frames received"; } leaf eapol-logoff-frames-rx { type uint32; description "Total EAPoL Logoff frames received"; } leaf eapol-resp-id-frames-rx { type uint32; description "Total EAPoL Response identifier frames received"; } leaf eapol-resp-frames-rx { type uint32; description "Total EAPoL Response frames received"; } leaf eapol-req-id-frames-tx { type uint32; description "Total EAPoL Request identifier frames transmitted"; } leaf eapol-req-frames-tx { type uint32; description "Total EAPoL Request frames transmitted"; } leaf invalid-eapol-frames-rx { type uint32; description "Total Invalid EAPoL frames received"; } leaf eap-length-error-frames-rx { type uint32; description "Total EAPoL frames with EAP length error received"; } leaf last-eapol-frame-version { type uint32; description "Last EAPoL frame version"; } leaf last-eapol-frame-source { type yang:mac-address; description "Last EAPoL frame source MAC address"; } } // grouping sm-dot1x-auth-stats grouping sm-dot1x-supp-stats { description "802.1x Supplicant interface level statistics"; leaf intf-iifid { type uint32; description "Interface index"; } leaf eapol-frames-rx { type uint32; description "Total EAPoL frames received"; } leaf eapol-req-frames-rx { type uint32; description "Total EAPoL Request frames received"; } leaf invalid-eapol-frames-rx { type uint32; description "Total Invalid EAPoL frames received"; } leaf eapol-frames-len-error-rx { type uint32; description "Total EAPoL frames with Length error received"; } leaf last-eapol-frame-version { type uint32; description "Last EAPoL frame version"; } leaf last-eapol-frame-source { type yang:mac-address; description "Last EAPoL frame source MAC address"; } leaf eapol-frames-tx { type uint32; description "Total EAPoL frames transmitted"; } leaf eapol-start-frames-tx { type uint32; description "Total EAPoL Start frames transmitted"; } leaf eapol-logoff-frames-tx { type uint32; description "Total EAPoL Logoff frames transmitted"; } leaf eapol-resp-frames-tx { type uint32; description "Total EAPoL Response frames transmitted"; } } // grouping sm-dot1x-supp-stats grouping sm-dot1x-global-stats { description "802.1x Global statistics"; leaf eapol-rx { type uint32; description "Total EAPoL frames received"; } leaf eapol-rx-start { type uint32; description "Total EAPoL Start frames received"; } leaf eapol-rx-logoff { type uint32; description "Total EAPoL Logoff frames received"; } leaf eapol-rx-resp { type uint32; description "Total EAPoL Response frames received"; } leaf eapol-rx-resp-id { type uint32; description "Total EAPoL Response identifier frames received"; } leaf eapol-rx-req { type uint32; description "Total EAPoL Request frames received"; } leaf eapol-rx-invalid { type uint32; description "Total Invalid EAPoL frames received"; } leaf eapol-rx-len-error { type uint32; description "Total EAPoL frames with Length error received"; } leaf eapol-tx { type uint32; description "Total EAPoL frames transmitted"; } leaf eapol-tx-start { type uint32; description "Total EAPoL Start frames transmitted"; } leaf eapol-tx-logoff { type uint32; description "Total EAPoL Logoff frames transmitted"; } leaf eapol-tx-resp { type uint32; description "Total EAPoL Response frames transmitted"; } leaf eapol-tx-req { type uint32; description "Total EAPoL Request frames transmitted"; } leaf eapol-retx-req { type uint32; description "Total EAPoL Request frames re-transmitted"; } leaf eapol-retx-req-fail { type uint32; description "Total EAPoL Request frames re-transmitted failed"; } leaf eapol-tx-req-id { type uint32; description "Total EAPoL Request identifier frames transmitted"; } leaf eapol-retx-req-id { type uint32; description "Total EAPoL Request identifier frames re-transmitted"; } leaf eapol-retx-req-id-fail { type uint32; description "Total EAPoL Request identifier frames re-transmitted fail"; } } // grouping sm-dot1x-global-stats grouping sm-webauth-http-stats { description "Web-authentication HTTP statistics"; leaf http-request-count { type uint32; description "HTTP request count"; } leaf read-event-count { type uint32; description "Socket read event count"; } leaf read-complete-count { type uint32; description "Socket read complete count"; } leaf write-event-count { type uint32; description "Socket write event count"; } leaf write-complete-count { type uint32; description "Socket write complete count"; } leaf aaa-message-count { type uint32; description "AAA message count"; } leaf ssl-event-read-wouldblk-count { type uint32; description "SSL socket event read block count"; } leaf ssl-event-write-wouldblk-count { type uint32; description "SSL socket event write block count"; } leaf ssl-event-ok-count { type uint32; description "SSL socket event OK count"; } leaf http-new-req-no-session-error { type uint32; description "HTTP socket new request no session error"; } leaf http-new-req-ctx-exists-error { type uint32; description "HTTP socket new request Context exist error"; } leaf num-of-socket-opened { type uint32; description "Number of sockets opened"; } leaf num-of-socket-closed { type uint32; description "Number of sockets closed"; } leaf-list http-counters { type uint32; max-elements 32; ordered-by user; description "List of HTTP transaction counter"; } } // grouping sm-webauth-http-stats grouping sm-webauth-duration-stats { description "Web-authentication duration statistics"; leaf total { type uint32; units "seconds"; description "Total duration in seconds"; } leaf max { type uint32; units "seconds"; description "Maximum duration in seconds"; } leaf min { type uint32; units "seconds"; description "Minimum duration in seconds"; } leaf samples { type uint32; description "Sample count"; } } // grouping sm-webauth-duration-stats grouping sm-webauth-backpressure-counters { description "Web authentication backpressure queue counters"; leaf ssl-handshake-pending-count { type uint32; description "Pending SSL handshake count"; } leaf https-new-request-pending-count { type uint32; description "Pending HTTPS requests"; } leaf aaa-reply-pending-count { type uint32; description "Pending AAA replies"; } } // grouping sm-webauth-backpressure-counters grouping sm-webauth-stats { description "Web-authentication statistics"; container http-stats { description "HTTP statistics"; uses identity-ios-xe-oper:sm-webauth-http-stats; } // container http-stats container iom-reading { description "IOM socket reading statistics"; uses identity-ios-xe-oper:sm-webauth-duration-stats; } // container iom-reading container method-reading { description "Method reading statistics"; uses identity-ios-xe-oper:sm-webauth-duration-stats; } // container method-reading container iom-writing { description "IOM socket writing statistics"; uses identity-ios-xe-oper:sm-webauth-duration-stats; } // container iom-writing container method-writing { description "Method writing statistics"; uses identity-ios-xe-oper:sm-webauth-duration-stats; } // container method-writing container iom-aaa { description "IOM AAA response statistics"; uses identity-ios-xe-oper:sm-webauth-duration-stats; } // container iom-aaa container method-aaa { description "Method AAA response statistics"; uses identity-ios-xe-oper:sm-webauth-duration-stats; } // container method-aaa leaf num-of-sleeping-clients { type uint32; description "Number of sleeping clients"; } leaf session-count { type uint32; description "Session count"; } leaf half-open-count { type uint32; description "Half open socket count"; } container backpressure-counters { description "Web authentication backpressure counters"; uses identity-ios-xe-oper:sm-webauth-backpressure-counters; } // container backpressure-counters } // grouping sm-webauth-stats grouping sm-webauth-ipv4-to-mac { description "IPv4 to MAC address mapping for a session"; leaf ipv4-addr { type inet:ipv4-address; description "IPv4 address of the session"; } leaf mac-addr { type yang:mac-address; description "MAC address of the session"; } } // grouping sm-webauth-ipv4-to-mac grouping cts-sgt-tag-st { description "Trustsec Secure Group Tag"; leaf sgt-tag { type uint32; description "Secure Group Tag"; } } // grouping cts-sgt-tag-st grouping cts-sgt-flag-st { description "Trustsec Secure Group Tag flag"; leaf sgt-flag { type uint8; description "Secure Group Tag flag"; } } // grouping cts-sgt-flag-st grouping cts-sgt-st { description "Trustsec Secure Group Tag values"; container tag { description "Secure Group Tag value"; uses identity-ios-xe-oper:cts-sgt-tag-st; } // container tag container flag { description "Secure Group Tag flag value"; uses identity-ios-xe-oper:cts-sgt-flag-st; } // container flag leaf gen-num-len { type uint8; description "Generated number length"; } leaf-list gen-num { type uint8; max-elements 60; ordered-by user; description "Generated number"; } } // grouping cts-sgt-st grouping cts-ipv6-list { description "IPv6 address list"; leaf ipv6 { type inet:ipv6-address; description "IPv6 address"; } } // grouping cts-ipv6-list grouping st-cts-epm-bindings { description "Trustsec bindings"; leaf ip-addr { type inet:ipv4-address; description "IPv4 address"; } container sgt-info { description "Secure Group Tag information"; uses identity-ios-xe-oper:cts-sgt-st; } // container sgt-info leaf mac { type yang:mac-address; description "MAC address"; } leaf vlan-id { type uint32; description "Vlan identifier"; } list ipv6-addr-list { description "IPv6 address list"; uses identity-ios-xe-oper:cts-ipv6-list; } // list ipv6-addr-list leaf ip-context { type uint16; description "IP context"; } } // grouping st-cts-epm-bindings grouping sm-webauth-ipv6-to-mac { description "IPv6 to MAC address mapping for a session"; leaf ipv6-addr { type inet:ipv6-address; description "IPv6 address of the session"; } leaf mac-addr { type yang:mac-address; description "MAC address of the session"; } } // grouping sm-webauth-ipv6-to-mac grouping sm-aaa-attr-meta { description "AAA attribute Meta-data"; container service { description "AAA service type"; uses aaa-types:aaa-service-type; } // container service container protocol { description "AAA protocol type"; uses aaa-types:aaa-protocol-type; } // container protocol leaf tag { type uint16; description "AAA attribute tag"; } leaf prefix-required { type uint8; description "Is prefix required for AAA attribute"; } leaf mandatory { type uint8; description "Is AAA attribute mandatory"; } } // grouping sm-aaa-attr-meta grouping sm-aaa-attr-node { description "AAA attribute Node"; leaf aaa-attr-type { type aaa-types:aaa-attribute-type-tdl; description "AAA attribute type"; } leaf aaa-attr-value { type binary; description "AAA attribute value"; } container aaa-attr-meta { description "AAA attribute meta-data value"; uses identity-ios-xe-oper:sm-aaa-attr-meta; } // container aaa-attr-meta leaf sm-attr-fmt { type attribute-format; description "AAA attribute format"; } } // grouping sm-aaa-attr-node grouping sm-aaa-attr-list { description "AAA attribute list"; list attr-list { description "Attribute list"; uses identity-ios-xe-oper:sm-aaa-attr-node; } // list attr-list } // grouping sm-aaa-attr-list grouping epm-svc-key { description "Service key"; leaf svc-name { type string { length "0 .. 255"; } description "Service template name"; } } // grouping epm-svc-key grouping epm-local-attr { description "AAA attribute locally applied"; container applied-attrs { description "Successfully applied Local AAA attributes"; uses identity-ios-xe-oper:sm-aaa-attr-list; } // container applied-attrs container failed-attrs { description "Failed Local AAA attributes"; uses identity-ios-xe-oper:sm-aaa-attr-list; } // container failed-attrs } // grouping epm-local-attr grouping epm-svc-node { description "Session service node"; container svc-key { description "Service template name key"; uses identity-ios-xe-oper:epm-svc-key; } // container svc-key leaf svc-status { type service-status; description "Service template status"; } leaf svc-source { type service-source; description "Service template source"; } leaf svc-precedence { type uint8; description "Service template precedence"; } leaf svc-flags { type uint8; description "Service template flags"; } leaf is-param-map { type boolean; description "Has service template been applied via Parameter-Map"; } leaf svc-mlist { type string; description "Service template method list"; } container applied-attrs { description "Successfully applied Service template attributes"; uses identity-ios-xe-oper:sm-aaa-attr-list; } // container applied-attrs container failed-attrs { description "Service template failed attributes"; uses identity-ios-xe-oper:sm-aaa-attr-list; } // container failed-attrs leaf is-user-profile { type boolean; description "Flag tells whether service template is defined on external server or defined locally on controller"; } } // grouping epm-svc-node grouping epm-svc-block { description "Policy Service block"; leaf mac { type yang:mac-address; description "MAC address of the session"; } leaf prev-template-name { type string; description "Template previously applied"; } leaf template-name { type string; description "Currently applied Template"; } container local-db-attr { description "AAA attributes locally applied to session"; uses identity-ios-xe-oper:epm-local-attr; } // container local-db-attr leaf tgt-scope { type session-target-scope; description "Target scope"; } leaf up-source { type service-source; description "User-profile source"; } leaf up-mlist { type string; description "User-profile method list"; } leaf svcb-flags { type uint32; description "Policy profile flags"; } leaf is-up-failed { type boolean; description "Is User-profile application failed"; } leaf up-precedence { type uint8; description "User-profile precedence"; } leaf sync-seq-no { type uint8; description "Synchronization sequence Number"; } leaf is-vlan-group-present { type boolean; description "Is Vlan Group associated with session"; } leaf res-vlan-id { type uint32; description "Resultant Vlan Identifier"; } leaf anchor-vlan-id { type uint32; description "Anchor Vlan Identifier"; } leaf anchor-vlan-override { type boolean; description "Anchor Vlan over-ride"; } list epm-svc-list { description "Policy service-template list"; uses identity-ios-xe-oper:epm-svc-node; } // list epm-svc-list container up-applied-attrs { description "Successfully applied User-profile attributes"; uses identity-ios-xe-oper:sm-aaa-attr-list; } // container up-applied-attrs container up-failed-attrs { description "User-profile attributes failed attributes"; uses identity-ios-xe-oper:sm-aaa-attr-list; } // container up-failed-attrs container up-attrs { description "User-profile AAA attributes"; uses identity-ios-xe-oper:sm-aaa-attr-list; } // container up-attrs leaf res-vlan-name { type string; description "Resultant Vlan Name"; } leaf epm-svc-flags { type uint32; description "Policy Service specific flags"; } } // grouping epm-svc-block grouping epm-fqdn-profile { description "FQDN MUD profile list as part of authorization policy"; leaf fqdn-profile { type string; description "FQDN MUD profile name"; } } // grouping epm-fqdn-profile grouping epm-domain-name-ipv4-list { description "List of IPv4 address for a domain name"; leaf ipv4-addr { type inet:ipv4-address; description "IPv4 address for a domain name"; } } // grouping epm-domain-name-ipv4-list grouping epm-domain-name-ipv6-list { description "List of IPv6 address for a domain name"; leaf-list ipv6 { type inet:ipv6-address; max-elements 16; ordered-by user; description "IPv6 address for a domain name"; } } // grouping epm-domain-name-ipv6-list grouping epm-domain-name-data { description "Domain name mapping for FQDN policy"; leaf domain-name { type string; description "Domain name for an FQDN session"; } list epm-fqdn-profile-list { description "List of FQDN profiles containing this domain name"; uses identity-ios-xe-oper:epm-fqdn-profile; } // list epm-fqdn-profile-list list epm-domain-name-ipv4-list { description "List of IPv4 addresses hosting this domain name"; uses identity-ios-xe-oper:epm-domain-name-ipv4-list; } // list epm-domain-name-ipv4-list list epm-domain-name-ipv6-list { description "List of IPv6 addresses hosting this domain name"; uses identity-ios-xe-oper:epm-domain-name-ipv6-list; } // list epm-domain-name-ipv6-list leaf ref-count { type uint8; description "Number of sessions have applied this domain name as authorization policy"; } } // grouping epm-domain-name-data grouping epm-ipv4-domain-name-list { description "List of domain names hosted on an IPv4 address"; leaf domain-name { type string; description "FQDN domain name"; } } // grouping epm-ipv4-domain-name-list grouping epm-domain-name-ipv4 { description "IPv4 address mapping for FQDN domain names"; leaf ipv4-addr { type inet:ipv4-address; description "IPv4 address for a domain name from DNS response"; } leaf ttl { type uint32; description "Time-to-live for IPv4 address, as part of DNS response"; } list ipv4-domain-name-list { description "List of domain names hosted on this IPv4 address"; uses identity-ios-xe-oper:epm-ipv4-domain-name-list; } // list ipv4-domain-name-list leaf ttl-timer-timestamp { type yang:date-and-time; description "Timestamp when starting TTL timer"; } } // grouping epm-domain-name-ipv4 grouping epm-ipv6-domain-name-list { description "List of domain names hosted on an IPv6 address"; leaf domain-name { type string; description "FQDN domain name"; } } // grouping epm-ipv6-domain-name-list grouping epm-domain-name-ipv6 { description "IPv6 address mapping for FQDN domain names"; leaf ipv6-addr { type inet:ipv6-address; description "IPv6 address for a domain name from DNS response"; } leaf ttl { type uint32; description "Time-to-live for IPv6 address, as part of DNS response"; } list ipv6-domain-name-list { description "List of domain names hosted on this IPv6 address"; uses identity-ios-xe-oper:epm-ipv6-domain-name-list; } // list ipv6-domain-name-list leaf ttl-timer-timestamp { type yang:date-and-time; description "timestamp when starting TTL timer"; } } // grouping epm-domain-name-ipv6 container identity-oper-data { config false; description "identity operational data"; list session-context-data { key "mac"; description "List of session manager contexts"; uses identity-ios-xe-oper:sm-context; } // list session-context-data list session-domain-data { key "domain mac"; description "List of sessions based on Domains"; uses identity-ios-xe-oper:sm-domain-key; } // list session-domain-data list session-accounting-data { key "id"; description "List of accounting information of the sessions"; uses identity-ios-xe-oper:sm-acct-sess-info; } // list session-accounting-data list session-interface-data { key "intf-iifid mac"; description "List of sessions based on Interfaces"; uses identity-ios-xe-oper:sm-intf-key; } // list session-interface-data list session-username-data { key "username mac"; description "List of sessions based on Username"; uses identity-ios-xe-oper:sm-username-key; } // list session-username-data list session-method-data { key "method mac"; description "List of sessions based on Method"; uses identity-ios-xe-oper:sm-method-key; } // list session-method-data list common-method-data { key "mac method-id"; description "Common method data for a session"; uses identity-ios-xe-oper:sm-method-data; uses identity-ios-xe-oper:sm-method-data-key; } // list common-method-data list dot1x-auth-data { key "mac"; description "802.1x authentication data for a session"; uses identity-ios-xe-oper:sm-dot1x-auth-data; } // list dot1x-auth-data list mab-auth-data { key "mac"; description "MAB authentication data for a session"; uses identity-ios-xe-oper:sm-mab-auth-data; } // list mab-auth-data list web-auth-data { key "mac"; description "Web authentication data for a session"; uses identity-ios-xe-oper:sm-web-auth-data; } // list web-auth-data list dot1x-supplicant-data { key "intf-iifid"; description "802.1x supplicant data for an interface"; uses identity-ios-xe-oper:sm-dot1x-supp-data; } // list dot1x-supplicant-data list dot1x-authenticator-stats { key "intf-iifid"; description "802.1x authenticator statistics for an interface"; uses identity-ios-xe-oper:sm-dot1x-auth-stats; } // list dot1x-authenticator-stats list dot1x-supplicant-stats { key "intf-iifid"; description "802.1x supplicant statistics for an interface"; uses identity-ios-xe-oper:sm-dot1x-supp-stats; } // list dot1x-supplicant-stats container dot1x-global-stats { presence "dot1x-global-stats"; description "802.1x global statistics"; uses identity-ios-xe-oper:sm-dot1x-global-stats; } // container dot1x-global-stats container webauth-stats { presence "webauth-stats"; description "Web-authentication statistics"; uses identity-ios-xe-oper:sm-webauth-stats; } // container webauth-stats list webauth-ipv4-to-mac { key "ipv4-addr"; description "IPv4 to MAC address mapping for a session"; uses identity-ios-xe-oper:sm-webauth-ipv4-to-mac; } // list webauth-ipv4-to-mac list webauth-ipv6-to-mac { key "ipv6-addr"; description "IPv6 to MAC address mapping for a session"; uses identity-ios-xe-oper:sm-webauth-ipv6-to-mac; } // list webauth-ipv6-to-mac list epm-domain-name { key "domain-name"; description "FQDN domain names applied on sessions"; uses identity-ios-xe-oper:epm-domain-name-data; } // list epm-domain-name list epm-domain-name-ipv4 { key "ipv4-addr"; description "DNS IPv4 address to TTL mapping for domain names"; uses identity-ios-xe-oper:epm-domain-name-ipv4; } // list epm-domain-name-ipv4 list epm-domain-name-ipv6 { key "ipv6-addr"; description "DNS IPv6 address to TTL mapping for domain names"; uses identity-ios-xe-oper:epm-domain-name-ipv6; } // list epm-domain-name-ipv6 list cts-epm-bindings { key "mac"; description "Trustsec Policy Bindings"; uses identity-ios-xe-oper:st-cts-epm-bindings; } // list cts-epm-bindings list epm-service-block { key "mac"; description "Policy Service Block"; uses identity-ios-xe-oper:epm-svc-block; } // list epm-service-block list dc-info { key "client-mac"; description "Device Classifier Client Operational Data"; uses identity-ios-xe-oper:dc-client-info; } // list dc-info } // container identity-oper-data } // module Cisco-IOS-XE-identity-oper
© 2023 YumaWorks, Inc. All rights reserved.