This module contains a collection of YANG definitions for wireless rogue data types. Copyright (c) 2016-2020 by Cisco Systems, I...
Version: 2020-11-01
module Cisco-IOS-XE-wireless-rogue-types { yang-version 1; namespace "http://cisco.com/ns/yang/Cisco-IOS-XE-wireless-rogue-types"; prefix wireless-rogue-types; import Cisco-IOS-XE-wireless-enum-types { prefix wireless-enum-types; } import cisco-semver { prefix cisco-semver; } organization "Cisco Systems, Inc."; contact "Cisco Systems, Inc. Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 Tel: +1 1800 553-NETS E-mail: cs-yang@cisco.com"; description "This module contains a collection of YANG definitions for wireless rogue data types. Copyright (c) 2016-2020 by Cisco Systems, Inc. All rights reserved."; revision "2020-11-01" { description "- New rogue rule conditions for WPA3 and must-constraints for rule condition name matching condition flags. - The maximum value of the duration condition of rogue rule changed to 24 hours."; reference "5.2.0"; } revision "2019-05-01" { description "- New configuration for notification upon rule match - Added semantic version"; reference "5.1.0"; } revision "2018-10-29" { description "- validation for class type custom - Cleaned up spelling errors in descriptions."; reference "5.0.0"; } revision "2018-05-18" { description "Added validation"; reference "4.0.0"; } revision "2018-03-22" { description "Add encryption indicator and new defaults"; reference "3.0.0"; } revision "2018-01-24" { description "The first generally available version"; reference "2.0.0"; } revision "2017-05-05" { description "Initial revision"; reference "1.0.0"; } cisco-semver:module-version "5.2.0"; cisco-semver:module-version "5.1.0"; cisco-semver:module-version "5.0.0"; cisco-semver:module-version "4.0.0"; cisco-semver:module-version "3.0.0"; cisco-semver:module-version "2.0.0"; cisco-semver:module-version "1.0.0"; grouping st-rule-data-cfg { description "Rogue rule types for Config"; leaf class-type { type wireless-enum-types:rogue-class-type; must "(../enable = 'false') or (../class-type = 'rogue-classtype-friendly' and (../state = 'rogue-state-trusted' or ../state = 'rogue-state-alert' or ../state = 'rogue-state-acknowledged')) or (../class-type = 'rogue-classtype-malicious' and (../state = 'rogue-state-contained' or ../state = 'rogue-state-alert')) or (../class-type = 'rogue-classtype-custom' and (../state = 'rogue-state-contained' or ../state = 'rogue-state-alert')) or (../class-type = 'rogue-classtype-unclassified' and ../state = 'rogue-state-deleted')" { error-message "Please define a valid class/state classification"; error-app-tag "must-violation"; } default "rogue-classtype-unclassified"; description "Classification type"; } leaf state { type wireless-enum-types:rogue-state; description "Rogue state"; } leaf severity-score { when "(../class-type = 'rogue-classtype-custom')"; type uint32 { range "1 .. 100"; } description "Severity score"; } leaf class-type-custom-name { when "(../class-type = 'rogue-classtype-custom')"; type string; description "Custom name of the classification"; } leaf match-op { type wireless-enum-types:apf-rogue-rule-rule-match-op; must "../match-op = 'rule-match-any' or ../match-op = 'rule-match-all'" { error-message "Match operation can be ALL or ANY"; error-app-tag "must-violation"; } default "rule-match-any"; description "Match operation"; } leaf priority-num { type int32 { range "1 .. 512"; } mandatory true; description "priority number for the rogue rule"; } leaf enable { type boolean; default "false"; description "Enable the rule"; } leaf notify { type boolean; default "true"; description "Notification on rule match"; } } // grouping st-rule-data-cfg grouping st-rule-condition-cfg { description "Rogue rule for conditional config"; leaf rssi { type int32 { range "-128 .. 0"; } must "(../../cond-name != 'rssi' and ../rssi = 0) or (../../cond-name = 'rssi')" { error-message "The condition name must reflect the condition flags. It must be 'rssi' if rssi condition is set"; error-app-tag "must-violation"; } description "Receiving signal strength indicator"; } leaf client-count { type uint32 { range "1 .. 10"; } must "(../../cond-name != 'client-count' and ../client-count = 0) or (../../cond-name = 'client-count')" { error-message "The condition name must reflect the condition flags. It must be 'client-count' if client-count condition is set"; error-app-tag "must-violation"; } description "Number of client present"; } leaf no-encryption { type boolean; must "((../../cond-name = 'no-encryption') and (../no-encryption = 'true')) or ((../../cond-name != 'no-encryption') and (../no-encryption != 'true'))" { error-message "The condition name must reflect the condition flags. It must be 'no-encryption' if no-encryption condition is set"; error-app-tag "must-violation"; } default "false"; description "no encryption"; } leaf managed-ssid { type boolean; must "((../../cond-name = 'managed-ssid') and (../managed-ssid = 'true')) or ((../../cond-name != 'managed-ssid') and (../managed-ssid != 'true'))" { error-message "The condition name must reflect the condition flags. It must be 'managed-ssid' if managed-ssid condition is set"; error-app-tag "must-violation"; } default "false"; description "Status of managed ssid"; } leaf duration { type uint32 { range "0 .. 86400"; } must "(../../cond-name != 'duration' and ../duration = 0) or (../../cond-name = 'duration')" { error-message "The condition name must reflect the condition flags. It must be 'duration' if duration condition is set"; error-app-tag "must-violation"; } description "Rogue AP detected for more than the specified duration time"; } leaf any-encryption { type boolean; must "((../../cond-name = 'any-encryption') and (../any-encryption = 'true')) or ((../../cond-name != 'any-encryption') and (../any-encryption != 'true'))" { error-message "The condition name must reflect the condition flags. It must be 'any-encryption' if any-encryption condition is set"; error-app-tag "must-violation"; } description "any type of encryption"; } leaf wpa-encryption { type boolean; must "((../../cond-name = 'wpa-encryption') and (../wpa-encryption = 'true')) or ((../../cond-name != 'wpa-encryption') and (../wpa-encryption != 'true'))" { error-message "The condition name must reflect the condition flags. It must be 'wpa-encryption' if wpa-encryption condition is set"; error-app-tag "must-violation"; } description "WPA encryption"; } leaf wpa2-encryption { type boolean; must "((../../cond-name = 'wpa2-encryption') and (../wpa2-encryption = 'true')) or ((../../cond-name != 'wpa2-encryption') and (../wpa2-encryption != 'true'))" { error-message "The condition name must reflect the condition flags. It must be 'wpa2-encryption' if wpa2-encryption condition is set"; error-app-tag "must-violation"; } description "WPA2 encryption"; } leaf wpa3-sae-encryption { type boolean; must "((../../cond-name = 'wpa3-sae-encryption') and (../wpa3-sae-encryption = 'true')) or ((../../cond-name != 'wpa3-sae-encryption') and (../wpa3-sae-encryption != 'true'))" { error-message "The condition name must reflect the condition flags. It must be 'wpa3-sae-encryption' if wpa3-sae-encryption condition is set"; error-app-tag "must-violation"; } description "WPA3 SAE encryption"; } leaf wpa3-owe-encryption { type boolean; must "((../../cond-name = 'wpa3-owe-encryption') and (../wpa3-owe-encryption = 'true')) or ((../../cond-name != 'wpa3-owe-encryption') and (../wpa3-owe-encryption != 'true'))" { error-message "The condition name must reflect the condition flags. It must be 'wpa3-owe-encryption' if wpa3-owe-encryption condition is set"; error-app-tag "must-violation"; } description "WPA3 OWE encryption"; } } // grouping st-rule-condition-cfg grouping st-rule-data-op { description "Rogue rule types for oper data"; leaf hit-cnt { type uint32; description "Number of rule hit"; } } // grouping st-rule-data-op } // module Cisco-IOS-XE-wireless-rogue-types
© 2023 YumaWorks, Inc. All rights reserved.