Cisco-IOS-XE-wireless-rogue-types

This module contains a collection of YANG definitions for wireless rogue data types. Copyright (c) 2016-2020 by Cisco Systems, I...

  • Version: 2020-11-01

    Cisco-IOS-XE-wireless-rogue-types@2020-11-01


    
  module Cisco-IOS-XE-wireless-rogue-types {

    yang-version 1;

    namespace
      "http://cisco.com/ns/yang/Cisco-IOS-XE-wireless-rogue-types";

    prefix wireless-rogue-types;

    import Cisco-IOS-XE-wireless-enum-types {
      prefix wireless-enum-types;
    }
    import cisco-semver {
      prefix cisco-semver;
    }

    organization "Cisco Systems, Inc.";

    contact
      "Cisco Systems, Inc.
Customer Service

Postal: 170 W Tasman Drive
San Jose, CA 95134

Tel: +1 1800 553-NETS

E-mail: cs-yang@cisco.com";

    description
      "This module contains a collection of YANG definitions
for wireless rogue data types.
Copyright (c) 2016-2020 by Cisco Systems, Inc.
All rights reserved.";

    revision "2020-11-01" {
      description
        "- New rogue rule conditions for WPA3 and must-constraints for rule condition name matching condition flags.
- The maximum value of the duration condition of rogue rule changed to 24 hours.";
      reference
        "5.2.0";

    }

    revision "2019-05-01" {
      description
        "- New configuration for notification upon rule match
- Added semantic version";
      reference
        "5.1.0";

    }

    revision "2018-10-29" {
      description
        "- validation for class type custom
- Cleaned up spelling errors in descriptions.";
      reference
        "5.0.0";

    }

    revision "2018-05-18" {
      description "Added validation";
      reference
        "4.0.0";

    }

    revision "2018-03-22" {
      description
        "Add encryption indicator and new defaults";
      reference
        "3.0.0";

    }

    revision "2018-01-24" {
      description
        "The first generally available version";
      reference
        "2.0.0";

    }

    revision "2017-05-05" {
      description "Initial revision";
      reference
        "1.0.0";

    }

    cisco-semver:module-version "5.2.0";
    cisco-semver:module-version "5.1.0";
    cisco-semver:module-version "5.0.0";
    cisco-semver:module-version "4.0.0";
    cisco-semver:module-version "3.0.0";
    cisco-semver:module-version "2.0.0";
    cisco-semver:module-version "1.0.0";

    grouping st-rule-data-cfg {
      description
        "Rogue rule types for Config";
      leaf class-type {
        type wireless-enum-types:rogue-class-type;
        must
          "(../enable = 'false') or (../class-type = 'rogue-classtype-friendly' and (../state = 'rogue-state-trusted' or ../state = 'rogue-state-alert' or ../state = 'rogue-state-acknowledged')) or (../class-type = 'rogue-classtype-malicious' and (../state = 'rogue-state-contained' or ../state = 'rogue-state-alert')) or (../class-type = 'rogue-classtype-custom' and (../state = 'rogue-state-contained' or ../state = 'rogue-state-alert')) or (../class-type = 'rogue-classtype-unclassified' and ../state = 'rogue-state-deleted')" {
          error-message
            "Please define a valid class/state classification";
          error-app-tag "must-violation";
        }
        default
          "rogue-classtype-unclassified";
        description "Classification type";
      }

      leaf state {
        type wireless-enum-types:rogue-state;
        description "Rogue state";
      }

      leaf severity-score {
        when
          "(../class-type = 'rogue-classtype-custom')";
        type uint32 {
          range "1 .. 100";
        }
        description "Severity score";
      }

      leaf class-type-custom-name {
        when
          "(../class-type = 'rogue-classtype-custom')";
        type string;
        description
          "Custom name of the classification";
      }

      leaf match-op {
        type wireless-enum-types:apf-rogue-rule-rule-match-op;
        must
          "../match-op = 'rule-match-any' or ../match-op = 'rule-match-all'" {
          error-message
            "Match operation can be ALL or ANY";
          error-app-tag "must-violation";
        }
        default "rule-match-any";
        description "Match operation";
      }

      leaf priority-num {
        type int32 {
          range "1 .. 512";
        }
        mandatory true;
        description
          "priority number for the rogue rule";
      }

      leaf enable {
        type boolean;
        default "false";
        description "Enable the rule";
      }

      leaf notify {
        type boolean;
        default "true";
        description
          "Notification on rule match";
      }
    }  // grouping st-rule-data-cfg

    grouping st-rule-condition-cfg {
      description
        "Rogue rule for conditional config";
      leaf rssi {
        type int32 {
          range "-128 .. 0";
        }
        must
          "(../../cond-name != 'rssi' and ../rssi = 0) or (../../cond-name = 'rssi')" {
          error-message
            "The condition name must reflect the condition flags. It must be 'rssi' if rssi condition is set";
          error-app-tag "must-violation";
        }
        description
          "Receiving signal strength indicator";
      }

      leaf client-count {
        type uint32 {
          range "1 .. 10";
        }
        must
          "(../../cond-name != 'client-count' and ../client-count = 0) or (../../cond-name = 'client-count')" {
          error-message
            "The condition name must reflect the condition flags. It must be 'client-count' if client-count condition is set";
          error-app-tag "must-violation";
        }
        description
          "Number of client present";
      }

      leaf no-encryption {
        type boolean;
        must
          "((../../cond-name = 'no-encryption') and (../no-encryption = 'true')) or ((../../cond-name != 'no-encryption') and (../no-encryption != 'true'))" {
          error-message
            "The condition name must reflect the condition flags. It must be 'no-encryption' if no-encryption condition is set";
          error-app-tag "must-violation";
        }
        default "false";
        description "no encryption";
      }

      leaf managed-ssid {
        type boolean;
        must
          "((../../cond-name = 'managed-ssid') and (../managed-ssid = 'true')) or ((../../cond-name != 'managed-ssid') and (../managed-ssid != 'true'))" {
          error-message
            "The condition name must reflect the condition flags. It must be 'managed-ssid' if managed-ssid condition is set";
          error-app-tag "must-violation";
        }
        default "false";
        description "Status of managed ssid";
      }

      leaf duration {
        type uint32 {
          range "0 .. 86400";
        }
        must
          "(../../cond-name != 'duration' and ../duration = 0) or (../../cond-name = 'duration')" {
          error-message
            "The condition name must reflect the condition flags. It must be 'duration' if duration condition is set";
          error-app-tag "must-violation";
        }
        description
          "Rogue AP detected for more than the specified duration time";
      }

      leaf any-encryption {
        type boolean;
        must
          "((../../cond-name = 'any-encryption') and (../any-encryption = 'true')) or ((../../cond-name != 'any-encryption') and (../any-encryption != 'true'))" {
          error-message
            "The condition name must reflect the condition flags. It must be 'any-encryption' if any-encryption condition is set";
          error-app-tag "must-violation";
        }
        description "any type of encryption";
      }

      leaf wpa-encryption {
        type boolean;
        must
          "((../../cond-name = 'wpa-encryption') and (../wpa-encryption = 'true')) or ((../../cond-name != 'wpa-encryption') and (../wpa-encryption != 'true'))" {
          error-message
            "The condition name must reflect the condition flags. It must be 'wpa-encryption' if wpa-encryption condition is set";
          error-app-tag "must-violation";
        }
        description "WPA encryption";
      }

      leaf wpa2-encryption {
        type boolean;
        must
          "((../../cond-name = 'wpa2-encryption') and (../wpa2-encryption = 'true')) or ((../../cond-name != 'wpa2-encryption') and (../wpa2-encryption != 'true'))" {
          error-message
            "The condition name must reflect the condition flags. It must be 'wpa2-encryption' if wpa2-encryption condition is set";
          error-app-tag "must-violation";
        }
        description "WPA2 encryption";
      }

      leaf wpa3-sae-encryption {
        type boolean;
        must
          "((../../cond-name = 'wpa3-sae-encryption') and (../wpa3-sae-encryption = 'true')) or ((../../cond-name != 'wpa3-sae-encryption') and (../wpa3-sae-encryption != 'true'))" {
          error-message
            "The condition name must reflect the condition flags. It must be 'wpa3-sae-encryption' if wpa3-sae-encryption condition is set";
          error-app-tag "must-violation";
        }
        description "WPA3 SAE encryption";
      }

      leaf wpa3-owe-encryption {
        type boolean;
        must
          "((../../cond-name = 'wpa3-owe-encryption') and (../wpa3-owe-encryption = 'true')) or ((../../cond-name != 'wpa3-owe-encryption') and (../wpa3-owe-encryption != 'true'))" {
          error-message
            "The condition name must reflect the condition flags. It must be 'wpa3-owe-encryption' if wpa3-owe-encryption condition is set";
          error-app-tag "must-violation";
        }
        description "WPA3 OWE encryption";
      }
    }  // grouping st-rule-condition-cfg

    grouping st-rule-data-op {
      description
        "Rogue rule types for oper data";
      leaf hit-cnt {
        type uint32;
        description "Number of rule hit";
      }
    }  // grouping st-rule-data-op
  }  // module Cisco-IOS-XE-wireless-rogue-types

© 2023 YumaWorks, Inc. All rights reserved.