Model for managing site configurations Copyright (c) 2016-2021 by Cisco Systems, Inc. All rights reserved.
Version: 2021-07-01
module Cisco-IOS-XE-wireless-site-cfg { yang-version 1; namespace "http://cisco.com/ns/yang/Cisco-IOS-XE-wireless-site-cfg"; prefix wireless-site-cfg; import Cisco-IOS-XE-wireless-ap-types { prefix wireless-ap-types; } import Cisco-IOS-XE-wireless-enum-types { prefix wireless-enum-types; } import Cisco-IOS-XE-wireless-types { prefix wireless-types; } import ietf-inet-types { prefix inet; } import ietf-yang-types { prefix yang; } import cisco-semver { prefix cisco-semver; } organization "Cisco Systems, Inc."; contact "Cisco Systems, Inc. Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 Tel: +1 1800 553-NETS E-mail: cs-yang@cisco.com"; description "Model for managing site configurations Copyright (c) 2016-2021 by Cisco Systems, Inc. All rights reserved."; revision "2021-07-01" { description "- Added AP user management password constraints - Added support to enable AP DHCP broadcast in fabric configuration - Added option to configure IPv4 multicast group for AP in fabric configuration - Added option to configure country in AP profile"; reference "9.0.0"; } revision "2021-03-01" { description "- Add ASCII 32-126 and leading/trailing spaces restriction for AP profile name and site tag name - Added support for AP stats - Added support for Office Extended AP configuration - Added support DTLS cipher suite server preference AP configuration"; reference "8.0.0"; } revision "2020-11-01" { description "- Added AWIPS Forensic configuration - Added support for antenna monitoring configuration"; reference "7.4.0"; } revision "2020-07-01" { description "- Added support for traffic distribution stats configuration - Added AP DHCP fallback option - Added obsolete status for LED flash configuration"; reference "7.3.0"; } revision "2020-03-01" { description "- Deprecated old IOS BLE model - CAPWAP window size configuration - Added fabric config support for AP ARP caching - Added support for AP proxy"; reference "7.2.0"; } revision "2019-11-01" { description "- Added configuration to enable AWIPS - Added Accounting information - Added support for IOX application hosting on APs - Added support for Auxiliary Client Interface on APs - Added support for BSSID stats configuration - Add public-ip-discovery and private-ip-discovery flag under AP config profile - Added AP LED flash mode and duration timer configuration - Added support for BSSID neighbor stats configuration"; reference "7.1.0"; } revision "2019-09-20" { description "- Added obsolete status for Lawful Interception"; reference "7.0.0"; } revision "2019-05-01" { description "- Removal of unused container related to Remote LAN port entry. - Add GAS rate limiting setting for Hotspot 2.0 - Add NTP server information to be used by AP - Added client RSSI stats configuration - Add constraint check to image download profile name - Added semantic version - Added obsolete status for NTP server attribute"; reference "6.0.0"; } revision "2019-03-13" { description "- Removed master AP list config under site tag config - Add DHCP server configuration - Removal of unused leaves - Cleaned up spelling errors in descriptions - Removal of unused leaves related to AP config profile - Removal of unused container related to Remote LAN port entry - Cleaned up descriptions - Making sure configured structure and structure send on protocol are aligned for AP profile - Restrict password type options available for local user under AP capture profile - Removed CAPWAP window size configuration from AP join profile."; reference "5.0.0"; } revision "2018-06-15" { description "AIRsense feature renamed to Intelligent Capture"; reference "4.0.0"; } revision "2018-03-21" { description "Leaf removal and default changes"; reference "3.0.0"; } revision "2018-01-24" { description "The first generally available version"; reference "2.0.0"; } revision "2017-05-05" { description "Initial revision"; reference "1.0.0"; } cisco-semver:module-version "9.0.0"; cisco-semver:module-version "8.0.0"; cisco-semver:module-version "7.4.0"; cisco-semver:module-version "7.3.0"; cisco-semver:module-version "7.2.0"; cisco-semver:module-version "7.1.0"; cisco-semver:module-version "7.0.0"; cisco-semver:module-version "6.0.0"; cisco-semver:module-version "5.0.0"; cisco-semver:module-version "4.0.0"; cisco-semver:module-version "3.0.0"; cisco-semver:module-version "2.0.0"; cisco-semver:module-version "1.0.0"; container site-cfg-data { description "Yang model for site related config"; container ap-cfg-profiles { description "Encompasses the ap config profile"; list ap-cfg-profile { key "profile-name"; description "List of AP config profiles"; leaf profile-name { type string { pattern '[!-~]([ -~]*[!-~])?'; } description "The ap configuration profile name"; } leaf description { type string; default ""; description "Description for the ap configuration profile"; } leaf ble-beacon-interval { type uint8 { range "1 .. 10"; } default "1"; description "The BLE beacon interval for the AP"; } leaf ble-beacon-advpwr { type uint8 { range "40 .. 100"; } default "59"; description "The BLE beacon power"; } leaf data-encryption-flag { type boolean; description "The data encryption status of AP"; } leaf ap-packet-capture-profile { type string; default ""; description "Profile name for packet capture"; } leaf ap-trace-profile { type string; default ""; description "AP trace profile name applied on the AP"; } container stats-timer { description "This object specifies the stats timer for the AP"; leaf stats-timer { type uint16 { range "0 .. 65535"; } default "180"; description "APs stats timer"; } } // container stats-timer container led-state { description "The LED state of all the access points should be enabled or disabled."; leaf led-state { type boolean; default "true"; description "True if LED state is enabled otherwise disabled."; } } // container led-state container link-latency { description "The link auditing options"; leaf link-latency-flag { type wireless-ap-types:enm-link-latency-type; default "link-auditing-disable"; description "Specifies the different link auditing options"; } } // container link-latency container jumbo-mtu { description "True if jumbo mtu is enabled for the AP"; leaf jumbo-mtu { type boolean; description "True if jumbo mtu is enabled for the AP"; } } // container jumbo-mtu container ap-mode { description "Mode of operation of the AP"; leaf ap-sub-mode { type wireless-ap-types:ap-sub-mode-type; description "Defines the AP sub mode"; } leaf fast-channel { type uint32; description "Fast channel mode"; } } // container ap-mode container poe { description "Power over ethernet configurations"; leaf pre-standard8023af-switch-flag { type boolean; default "false"; description "PreStandard 802.3af Switch"; } leaf power-injector-state { type boolean; default "false"; description "Power Injector State"; } leaf power-injector-selection { type wireless-ap-types:power-injector-sel-type; default "pwrinj-unknown"; description "power injector selection"; } leaf injector-switch-mac { type yang:mac-address; default "00:00:00:00:00:00"; description "mac address of the power injector switch"; } } // container poe container device-mgmt { description "Device management related configurations"; leaf telnet { type boolean; default "false"; description "This object specifies whether Telnet session can be established to the AP"; } leaf ssh { type boolean; default "false"; description "This object specifies whether SSH session can be established to the AP"; } } // container device-mgmt container user-mgmt { description "User management related configuration"; leaf username { type string { length "0..32"; } must "(((string-length(current()) != 0) and (string-length(../password) != 0) and (string-length(../secret) != 0)) or ((string-length(current()) = 0) and (string-length(../password) = 0) and (string-length(../secret) = 0)))" { error-message "Partial configuration of AP user management username, password and secret is not allowed"; error-app-tag "must-violation"; } default ""; description "AP user management username"; } leaf password { type string; must "((../password-type != 'clear') or (/wireless-apf-cfg:apf-cfg-data/wireless-apf-cfg:apf/wireless-apf-cfg:pwd-pol-def = 'false') or (not((contains(current(), 'cisco')) or (contains(current(), 'c!sco')) or (contains(current(), 'ci$co')) or (contains(current(), 'c1$co')) or (contains(current(), 'c1sco')) or (contains(current(), 'c!$co')) or (contains(current(), 'Cisco')) or (contains(current(), 'C!sco')) or (contains(current(), 'Ci$co')) or (contains(current(), 'C1$co')) or (contains(current(), 'C1sco')) or (contains(current(), 'C!$co')) or (contains(current(), 'CISCO')) or (contains(current(), 'C1SCO')) or (contains(current(), 'C!SCO')) or (contains(current(), 'C!$CO')) or (contains(current(), 'CISC0')) or (contains(current(), 'cisc0')) or (contains(current(), 'Cisc0')) or (contains(current(), 'c!$c0')) or (contains(current(), 'C!$c0')) or (contains(current(), 'C1$c0')) or (contains(current(), 'c1$c0')) or (contains(current(), 'C1sc0')) or (contains(current(), 'c1sc0')) or (contains(current(), 'ciscO')) or (contains(current(), 'CiscO')) or (contains(current(), 'c1scO')) or (contains(current(), 'c!scO')) or (contains(current(), 'c1$cO')) or (contains(current(), 'C1scO')) or (contains(current(), 'c!$cO')) or (contains(current(), 'ci$cO')) or (contains(current(), 'C!scO')))))" { error-message "AP user management password should not contain default password e.g., cisco, Cisco, c!sco, ci$co, c!sco"; error-app-tag "must-violation"; } must "((../password-type != 'clear') or (/wireless-apf-cfg:apf-cfg-data/wireless-apf-cfg:apf/wireless-apf-cfg:pwd-pol-def = 'false') or (not( (contains(current(), 'ocsic')) or (contains(current(), 'ocs!c')) or (contains(current(), 'oc$ic')) or (contains(current(), 'oc$1c')) or (contains(current(), 'ocs1c')) or (contains(current(), 'oc$!c')) or (contains(current(), 'ocsiC')) or (contains(current(), 'ocs!C')) or (contains(current(), 'oc$iC')) or (contains(current(), 'oc$1C')) or (contains(current(), 'ocs1C')) or (contains(current(), 'oc$!C')) or (contains(current(), 'OCSIC')) or (contains(current(), 'OCS1C')) or (contains(current(), 'OCS!C')) or (contains(current(), 'OC$!C')) or (contains(current(), '0CSIC')) or (contains(current(), '0csic')) or (contains(current(), '0csiC')) or (contains(current(), '0c$!c')) or (contains(current(), '0c$!C')) or (contains(current(), '0c$1C')) or (contains(current(), '0c$1c')) or (contains(current(), '0cs1C')) or (contains(current(), '0cs1c')) or (contains(current(), 'Ocs1c')) or (contains(current(), 'Oc$1C')) or (contains(current(), 'Ocsic')) or (contains(current(), 'Ocs!c')) or (contains(current(), 'Oc$iC')) or (contains(current(), 'OcsiC')) or (contains(current(), 'Oc$!C')))))" { error-message "AP user management password should not contain default reverse password"; error-app-tag "must-violation"; } must "((../password-type != 'clear') or (/wireless-apf-cfg:apf-cfg-data/wireless-apf-cfg:apf/wireless-apf-cfg:pwd-pol-def = 'false') or (contains(current(), 'a')) or (contains(current(), 'b')) or (contains(current(), 'c')) or (contains(current(), 'd')) or (contains(current(), 'e')) or (contains(current(), 'f')) or (contains(current(), 'g')) or (contains(current(), 'h')) or (contains(current(), 'i')) or (contains(current(), 'j')) or (contains(current(), 'k')) or (contains(current(), 'l')) or (contains(current(), 'm')) or (contains(current(), 'n')) or (contains(current(), 'o')) or (contains(current(), 'p')) or (contains(current(), 'q')) or (contains(current(), 'r')) or (contains(current(), 's')) or (contains(current(), 't')) or (contains(current(), 'u')) or (contains(current(), 'v')) or (contains(current(), 'w')) or (contains(current(), 'x')) or (contains(current(), 'y')) or (contains(current(), 'z')))" { error-message "AP user management password must contain at least one lower case letter"; error-app-tag "must-violation"; } must "((../password-type != 'clear') or (/wireless-apf-cfg:apf-cfg-data/wireless-apf-cfg:apf/wireless-apf-cfg:pwd-pol-def = 'false') or (contains(current(), 'A')) or (contains(current(), 'B')) or (contains(current(), 'C')) or (contains(current(), 'D')) or (contains(current(), 'E')) or (contains(current(), 'F')) or (contains(current(), 'G')) or (contains(current(), 'H')) or (contains(current(), 'I')) or (contains(current(), 'J')) or (contains(current(), 'K')) or (contains(current(), 'L')) or (contains(current(), 'M')) or (contains(current(), 'N')) or (contains(current(), 'O')) or (contains(current(), 'P')) or (contains(current(), 'Q')) or (contains(current(), 'R')) or (contains(current(), 'S')) or (contains(current(), 'T')) or (contains(current(), 'U')) or (contains(current(), 'V')) or (contains(current(), 'W')) or (contains(current(), 'X')) or (contains(current(), 'Y')) or (contains(current(), 'Z')))" { error-message "AP user management password must contain at least one upper case letter"; error-app-tag "must-violation"; } must "((../password-type != 'clear') or (/wireless-apf-cfg:apf-cfg-data/wireless-apf-cfg:apf/wireless-apf-cfg:pwd-pol-def = 'false') or (contains(current(), '0')) or (contains(current(), '1')) or (contains(current(), '2')) or (contains(current(), '3')) or (contains(current(), '4')) or (contains(current(), '5')) or (contains(current(), '6')) or (contains(current(), '7')) or (contains(current(), '8')) or (contains(current(), '9')))" { error-message "AP user management password must contain at least one digit"; error-app-tag "must-violation"; } must "((../password-type != 'clear') or (/wireless-apf-cfg:apf-cfg-data/wireless-apf-cfg:apf/wireless-apf-cfg:pwd-pol-def = 'false') or (not((contains(current(), 'aaa')) or (contains(current(), 'AAA')) or (contains(current(), 'bbb')) or (contains(current(), 'BBB')) or (contains(current(), 'ccc')) or (contains(current(), 'CCC')) or (contains(current(), 'ddd')) or (contains(current(), 'DDD')) or (contains(current(), 'eee')) or (contains(current(), 'EEE')) or (contains(current(), 'fff')) or (contains(current(), 'FFF')) or (contains(current(), 'ggg')) or (contains(current(), 'GGG')) or (contains(current(), 'hhh')) or (contains(current(), 'HHH')) or (contains(current(), 'iii')) or (contains(current(), 'III')) or (contains(current(), 'jjj')) or (contains(current(), 'JJJ')) or (contains(current(), 'kkk')) or (contains(current(), 'KKK')) or (contains(current(), 'lll')) or (contains(current(), 'LLL')) or (contains(current(), 'mmm')) or (contains(current(), 'MMM')) or (contains(current(), 'nnn')) or (contains(current(), 'NNN')) or (contains(current(), 'ooo')) or (contains(current(), 'OOO')) or (contains(current(), 'ppp')) or (contains(current(), 'PPP')) or (contains(current(), 'qqq')) or (contains(current(), 'QQQ')) or (contains(current(), 'rrr')) or (contains(current(), 'RRR')) or (contains(current(), 'sss')) or (contains(current(), 'SSS')) or (contains(current(), 'ttt')) or (contains(current(), 'TTT')) or (contains(current(), 'uuu')) or (contains(current(), 'UUU')) or (contains(current(), 'vvv')) or (contains(current(), 'VVV')) or (contains(current(), 'www')) or (contains(current(), 'WWW')) or (contains(current(), 'xxx')) or (contains(current(), 'XXX')) or (contains(current(), 'yyy')) or (contains(current(), 'YYY')) or (contains(current(), 'zzz')) or (contains(current(), 'ZZZ')))))" { error-message "AP user management password should not contain more than two repetitions of characters"; } must "((../password-type != 'clear') or (/wireless-apf-cfg:apf-cfg-data/wireless-apf-cfg:apf/wireless-apf-cfg:pwd-pol-def = 'false') or (not((contains(current(), 'abc')) or (contains(current(), 'ABC')) or (contains(current(), 'bcd')) or (contains(current(), 'BCD')) or (contains(current(), 'cde')) or (contains(current(), 'CDE')) or (contains(current(), 'def')) or (contains(current(), 'DEF')) or (contains(current(), 'efg')) or (contains(current(), 'EFG')) or (contains(current(), 'fgh')) or (contains(current(), 'FGH')) or (contains(current(), 'ghi')) or (contains(current(), 'GHI')) or (contains(current(), 'hij')) or (contains(current(), 'HIJ')) or (contains(current(), 'ijk')) or (contains(current(), 'IJK')) or (contains(current(), 'jkl')) or (contains(current(), 'JKL')) or (contains(current(), 'klm')) or (contains(current(), 'KLM')) or (contains(current(), 'lmn')) or (contains(current(), 'LMN')) or (contains(current(), 'mno')) or (contains(current(), 'MNO')) or (contains(current(), 'nop')) or (contains(current(), 'NOP')) or (contains(current(), 'opq')) or (contains(current(), 'OPQ')) or (contains(current(), 'pqr')) or (contains(current(), 'PQR')) or (contains(current(), 'qrs')) or (contains(current(), 'QRS')) or (contains(current(), 'rst')) or (contains(current(), 'RST')) or (contains(current(), 'stu')) or (contains(current(), 'STU')) or (contains(current(), 'tuv')) or (contains(current(), 'TUV')) or (contains(current(), 'uvw')) or (contains(current(), 'UVW')) or (contains(current(), 'vwx')) or (contains(current(), 'VWX')) or (contains(current(), 'wxy')) or (contains(current(), 'WXY')) or (contains(current(), 'xyz')) or (contains(current(), 'XYZ')))))" { error-message "AP user management password should not contain sequential characters"; error-app-tag "must-violation"; } must "((../password-type != 'clear') or (/wireless-apf-cfg:apf-cfg-data/wireless-apf-cfg:apf/wireless-apf-cfg:pwd-pol-def = 'false') or (not((contains(current(), '000')) or (contains(current(), '111')) or (contains(current(), '222')) or (contains(current(), '333')) or (contains(current(), '444')) or (contains(current(), '555')) or (contains(current(), '666')) or (contains(current(), '777')) or (contains(current(), '888')) or (contains(current(), '999')))))" { error-message "AP user management password should not contain more than two repetitions of digits"; error-app-tag "must-violation"; } must "((../password-type != 'clear') or (/wireless-apf-cfg:apf-cfg-data/wireless-apf-cfg:apf/wireless-apf-cfg:pwd-pol-def = 'false') or (not((contains(current(), '012')) or (contains(current(), '123')) or (contains(current(), '234')) or (contains(current(), '345')) or (contains(current(), '456')) or (contains(current(), '567')) or (contains(current(), '678')) or (contains(current(), '789')))))" { error-message "AP user management password should not contain sequential digits"; error-app-tag "must-violation"; } must "((../password-type != 'clear') or (/wireless-apf-cfg:apf-cfg-data/wireless-apf-cfg:apf/wireless-apf-cfg:pwd-pol-def = 'false') or (string-length(current()) >= 8))" { error-message "AP user management password length should not be less than 8, when the AP user management password type is clear text and wireless default password policy is enabled"; error-app-tag "must-violation"; } must "((../password-type != 'clear') or (string-length(current()) <= 120))" { error-message "AP user management password length should not exceed 120, when the AP user management password type is clear text"; error-app-tag "must-violation"; } default ""; description "AP user management password. Following criteria should be met if wireless password policy is configured. - Default passwords (cisco, Cisco, C!sco, ci$co, ..) are not allowed. - Reverse default passwords are not allowed. - At least one lower case letter is mandatory. - At least one upper case letter is mandatory. - At least one digit is mandatory. - Special characters are allowed, but not mandatory. - More than two sequential chars or digits (e.g., abc, 123) are not allowed. - More than two repeated chars or digits (e.g., 111, aaa) are not allowed. - Minimum password length is 8. Restriction: AP management password of cleartext type must contain ASCII characters only. This rule is not implemented using constraints."; } leaf password-type { type wireless-enum-types:crypt-type; must "((current() = 'clear') or (current() = 'aes'))" { error-message "AP user management password type should be either clear text or aes encryption type only"; error-app-tag "must-violation"; } default "clear"; description "AP user management password type"; } leaf secret { type string; must "((../secret-type != 'clear') or (string-length(current()) <= 120))" { error-message "AP user management secret length should not exceed 120, when the AP user management secret type is clear text"; error-app-tag "must-violation"; } default ""; description "AP user management secret"; } leaf secret-type { type wireless-enum-types:crypt-type; must "((current() = 'clear') or (current() = 'aes'))" { error-message "AP user management secret type should be either clear text or aes encryption type only"; error-app-tag "must-violation"; } default "clear"; description "AP user management secret type"; } } // container user-mgmt container tcp-mss { description "IPV4 tcp mss related configurations"; leaf adjust-mss { type boolean; default "true"; description "adjust mss"; } leaf tcp-adjust-mss { type uint16 { range "536 .. 1363"; } default "1250"; description "This object represents the Global AP TCP MSS value"; } } // container tcp-mss container tunnel { description "The global capwap prefer-mode"; leaf preferred-mode { type wireless-enum-types:preferred-mode-type; default "preferred-mode-unconfig"; description "Represents the CAPWAP prefer-mode"; } leaf udp-lite { type wireless-enum-types:ipv6-capwap-checksum-type; default "udplite-checksum-disabled"; description "Represents IPv6 CAPWAP data checksum type"; } } // container tunnel container capwap-timer { description "CAPWAP timer related configurations"; leaf heart-beat-timeout { type uint8 { range "1 .. 30"; } default "30"; description "This object represents the Heartbeattimeout for the AP discovery"; } leaf discovery-timeout { type uint8 { range "1 .. 10"; } default "10"; description "This object represents the timeout for the AP discovery"; } leaf fast-heart-beat-timeout { type uint8 { range "0 .. 10"; } default "0"; description "This object represents the timeout value for the heart beat timer."; } leaf primary-discovery-timeout { type uint16 { range "30 .. 3000"; } default "120"; description "This object represents the timeout for the primary AP discovery"; } leaf primed-join-timeout { type uint16 { range "0 .. 43200"; } default "0"; description "This object represents the primed timeout for the AP discovery"; } } // container capwap-timer container retransmit-timer { description "The retransmit timer"; leaf count { type uint8 { range "3 .. 8"; } default "5"; description "retransmit timer count"; } leaf interval { type uint8 { range "2 .. 5"; } default "3"; description "retransmit timer interval"; } } // container retransmit-timer container login-credentials { description "The Global AP 802.1x Supplicant Authentication login credentials"; leaf dot1x-username { type string { length "0..32"; } must "(((string-length(current()) != 0) and (string-length(../dot1x-password) != 0)) or ((string-length(current()) = 0) and (string-length(../dot1x-password) = 0)))" { error-message "Partial configuration of AP dot1x username and password is not allowed"; error-app-tag "must-violation"; } default ""; description "AP dot1x authentication username"; } leaf dot1x-password { type string; must "((../dot1x-password-type != 'clear') or (string-length(current()) <= 120))" { error-message "AP dot1x password length should not exceed 120, when the AP dot1x password type is clear text"; error-app-tag "must-violation"; } default ""; description "AP dot1x authentication password"; } leaf dot1x-password-type { type wireless-enum-types:crypt-type; must "((current() = 'clear') or (current() = 'aes'))" { error-message "AP dot1x password type should be either clear text or aes encryption type only"; error-app-tag "must-violation"; } default "clear"; description "AP dot1x authentication password type"; } } // container login-credentials container dot1x-eap-type-info { description "Global AP 802.1x EAP type info"; leaf dot1x-eap-type { type wireless-ap-types:enm-ap-dot1x-eap-type; default "dot1x-eap-fast"; description "Dot1x EAP auth type"; } } // container dot1x-eap-type-info container lsc-ap-auth-type-info { description "Global AP 802.1x LSC AP auth type info"; leaf lsc-ap-auth-type { type wireless-ap-types:enm-lsc-ap-auth-state-type; default "lsc-ap-auth-capwap-dtls"; description "LSC AP auth type"; } } // container lsc-ap-auth-type-info container coredump { description "AP core dump related configurations"; leaf coredump-flag { type wireless-enum-types:memory-core-dump-flag; default "tftp-coredump-disable"; description "coredump flag indicate if coredump is enabled and whether its compress or uncompress"; } leaf tftp-server-address { type inet:ip-address; default "0.0.0.0"; description "tftp server address to be used to move the core dump"; } leaf corefile-name { type string; default "default"; description "core file name"; } } // container coredump container syslog { description "AP sys log related configurations"; leaf facility-value { type wireless-ap-types:syslog-facility-value; default "facility-kern"; description "facility value"; } leaf log-level { type wireless-types:syslog-trap-level; default "syslog-level-information"; description "log level"; } leaf host { type inet:ip-address; default "255.255.255.255"; description "host name"; } leaf tls-mode { type boolean; description "TLS mode for secure syslog"; } } // container syslog container backup-controllers { must "not((string-length(primary-controller-name) = 0) and (primary-controller-ip != '0.0.0.0')) " { error-message "Primary Controller IP can not be configured without Primary controller name"; error-app-tag "must-violation"; } must "not((string-length(secondary-controller-name) = 0) and (secondary-controller-ip != '0.0.0.0')) " { error-message "Secondary Controller IP can not be configured without Secondary controller name"; error-app-tag "must-violation"; } description "Backup controller configuration for the AP"; leaf fallback-enabled { type boolean; default "true"; description "Backup Controllers fallback enabled"; } leaf primary-controller-name { type string; default ""; description "the AP's primary controller name"; } leaf secondary-controller-name { type string; default ""; description "the AP's secondary controller name"; } leaf primary-controller-ip { type inet:ip-address; default "0.0.0.0"; description "the AP's primary controller ip address"; } leaf secondary-controller-ip { type inet:ip-address; default "0.0.0.0"; description "the AP's secondary controller ip address"; } } // container backup-controllers container hyperlocation { description "Hyperlocation configuration for the AP"; leaf hyperlocation-enable { type boolean; default "false"; description "enable hyperlocation"; } leaf pak-rssi-threshold-detection { type int32 { range "-100 .. -50"; } default "-100"; description "pak rssi threshold detection"; } leaf pak-rssi-threshold-trigger { type uint8 { range "1 .. 100"; } must "../pak-rssi-threshold-reset < ../pak-rssi-threshold-trigger" { error-message "pak-rssi-threshold-trigger must be greater than pak-rssi-threshold-reset"; error-app-tag "must-violation"; } default "10"; description "pak rssi threshold trigger"; } leaf pak-rssi-threshold-reset { type uint8 { range "0 .. 99"; } default "8"; description "pak rssi threshold reset"; } } // container hyperlocation container rogue-detection { description "Rogue detection related parameters"; leaf profile-name { type string; description "rogue profile name"; } leaf rogue-detection-monitor-mode-report-interval { type uint32 { range "10 .. 300"; } default "10"; description "time interval at which monitor mode report for AP rogue detection is generated"; } leaf ap-rogue-detection-min-rssi { type int32 { range "-128 .. -70"; } default "-90"; description "minmum RSSI for AP rogue detection"; } leaf ap-rogue-detection-transient-interval { type uint32 { range "0 .. 1800"; } default "0"; description "transient interval for AP rogue detection"; } leaf rogue-containment-flexconnect { type boolean; default "false"; description "rogue Containment in flexconnect"; } leaf rogue-containment-autorate { type boolean; default "false"; description "rogue Containment autorate"; } leaf ap-rogue-detection { type boolean; default "true"; description "rogue AP detection"; } } // container rogue-detection container lag-info { description "The AP-lag status of all the access points in the profile whether enabled or disabled."; leaf ap-lag-enabled { type boolean; default "false"; description "boolean to indicate whether ap lag enabled is used"; } } // container lag-info container tftp-down-grade { description "Tftp downgrade related configurations"; leaf tftp-downgrade-ip-address { type inet:ip-address; default "0.0.0.0"; description "tftp downgrade ip address"; } leaf tftp-downgrade-filename { type string; default ""; description "tftp downgrade file name"; } } // container tftp-down-grade container traffic-limit { description "The maximum dot1x session limit for the AP"; leaf max1x-session-limit-per-ap { type uint8; default "0"; description "maximum dot1x session limits allowed per AP"; } } // container traffic-limit container cdp { description "True, if cdp is enabled for the AP"; leaf cdp-enable { type boolean; default "true"; description "True if CDP enabled for the AP"; } } // container cdp leaf ntp-server { type inet:ip-address; default "0.0.0.0"; status obsolete; description "NTP server IP address"; } container capwap-window { description "CAPWAP transport window size for the AP"; leaf window-size { type uint8 { range "1 .. 50"; } default "1"; description "CAPWAP window size for request packets in multiwindow queue"; } } // container capwap-window container mesh { description "Mesh related config the AP"; leaf mesh-profile-name { type string; default "default-mesh-profile"; description "Specifies the mesh profile name for the AP"; } } // container mesh container reporting-interval { description "Interval at which AP should send client stats"; leaf radio-24ghz { type uint8 { range "5 .. 90"; } default "90"; description "Report Interval at which AP sends Client Stats for all the clients connected to 24ghz radio in seconds"; } leaf radio-5ghz { type uint8 { range "5 .. 90"; } default "90"; description "Report Interval at which AP sends Client Stats for all the clients connected to 5ghz radio in seconds"; } } // container reporting-interval container ext-module { description "AP External Module related configurations"; leaf enable { type boolean; default "false"; description "This object specifies whether AP External Module is enabled or not"; } } // container ext-module container icap { description "Configuration of ICap subscriptions"; leaf full-trace-enabled { type boolean; default "false"; description "Full packet trace subscription enabled"; } leaf partial-trace-enabled { type boolean; default "false"; description "Partial packet trace subscription enabled"; } leaf partial-trace-proto-all { type boolean; default "false"; description "Collect partial packet traces for all protocols"; } leaf partial-trace-proto-mgmt-all { type boolean; default "false"; description "Collect partial packet traces for all management protocols"; } leaf partial-trace-proto-mgmt-assoc { type boolean; default "false"; description "Collect partial packet traces for association management protocols"; } leaf partial-trace-proto-mgmt-auth { type boolean; default "false"; description "Collect partial packet traces for authentication management protocols"; } leaf partial-trace-proto-mgmt-probe { type boolean; default "false"; description "Collect partial packet traces for probing management protocols"; } leaf partial-trace-proto-data-all { type boolean; default "false"; description "Collect partial packet traces for all data protocols"; } leaf partial-trace-proto-data-arp { type boolean; default "false"; description "Collect partial packet traces for the ARP protocol"; } leaf partial-trace-proto-data-dhcp { type boolean; default "false"; description "Collect partial packet traces for the DHCP protocol"; } leaf partial-trace-proto-data-dhcpv6 { type boolean; default "false"; description "Collect partial packet traces for the DHCPv6 protocol"; } leaf partial-trace-proto-data-dns { type boolean; default "false"; description "Collect partial packet traces for the DNS protocol"; } leaf partial-trace-proto-data-eap { type boolean; default "false"; description "Collect partial packet traces for the EAP protocol"; } leaf partial-trace-proto-data-icmp { type boolean; default "false"; description "Collect partial packet traces for the ICMP protocol"; } leaf partial-trace-proto-data-icmpv6 { type boolean; default "false"; description "Collect partial packet traces for the ICMPv6 protocol"; } leaf partial-trace-proto-cisco-all { type boolean; default "false"; description "Collect partial packet traces for all Cisco proprietary protocol"; } leaf partial-trace-proto-cisco-ndp { type boolean; default "false"; description "Collect partial packet traces for the NDP protocol"; } leaf anomaly-det-enabled { type boolean; default "false"; description "Anomaly detection subscription enabled"; } leaf anomaly-det-trigger-trace-ap { type boolean; default "false"; description "Trigger AP packet trace on anomaly detection"; } leaf anomaly-det-dhcp-timeout { type uint8 { range "1 .. 120"; } default "5"; description "DHCP timeout for anomaly detection"; } leaf client-stats-enabled { type boolean; default "false"; description "Client statistics subscription enabled"; } leaf client-stats-freq { type uint16 { range "30 .. 3600"; } default "30"; description "Frequency for client statistics collection, in seconds"; } leaf ap-stats-system-enabled { type boolean; default "false"; description "AP system statistics subscription enabled"; } leaf ap-stats-system-freq { type uint16 { range "30 .. 3600"; } default "30"; description "Frequency for AP system statistics collection, in seconds"; } leaf ap-stats-memory-enabled { type boolean; default "false"; description "AP memory statistics subscription enabled"; } leaf ap-stats-memory-freq { type uint16 { range "30 .. 3600"; } default "30"; description "Frequency for AP memory statistics collection, in seconds"; } leaf ap-stats-interface-enabled { type boolean; default "false"; description "AP interface statistics subscription enabled"; } leaf ap-stats-interface-freq { type uint16 { range "30 .. 3600"; } default "30"; description "Frequency for AP interface statistics collection, in seconds"; } leaf ap-stats-routing-enabled { type boolean; default "false"; description "AP routing statistics subscription enabled"; } leaf ap-stats-routing-freq { type uint16 { range "30 .. 3600"; } default "30"; description "Frequency for AP routing statistics collection, in seconds"; } leaf ap-stats-radio-enabled { type boolean; default "false"; description "AP radio statistics subscription enabled"; } leaf ap-stats-radio-freq { type uint16 { range "30 .. 3600"; } default "30"; description "Frequency for AP radio statistics collection, in seconds"; } leaf ap-stats-wlan-enabled { type boolean; default "false"; description "AP WLAN statistics subscription enabled"; } leaf ap-stats-wlan-freq { type uint16 { range "30 .. 3600"; } default "30"; description "Frequency for AP WLAN statistics collection, in seconds"; } leaf ap-stats-dns-enabled { type boolean; default "false"; description "AP DNS statistics subscription enabled"; } leaf ap-stats-dns-freq { type uint16 { range "30 .. 3600"; } default "30"; description "Frequency for AP DNS statistics collection, in seconds"; } leaf rf-spectrum-enabled { type boolean; default "false"; description "Radiofrequency spectrum subscription enabled"; } leaf rf-spectrum-slot0-enabled { type boolean; default "false"; description "Radio slot 0 used for radiofrequency spectrum measurements"; } leaf rf-spectrum-slot1-enabled { type boolean; default "false"; description "Radio slot 1 used for radiofrequency spectrum measurements"; } leaf rf-spectrum-slot2-enabled { type boolean; default "false"; description "Radio slot 2 used for radiofrequency spectrum measurements"; } leaf adr-individual-enable { type boolean; default "true"; description "Anomaly detection report individual enabled"; } leaf adr-individual-throttle { type uint32 { range "0 .. 500"; } default "5"; description "Number of events per 5 minutes for anomaly detection individual reports"; } leaf adr-summary-enable { type boolean; default "false"; description "Anomaly detection report summary enabled"; } leaf adr-summary-frequency { type uint32 { range "3 .. 60"; } units "minutes"; default "5"; description "Frequency for anomaly detection summary reports"; } leaf client-filter-stats-freq { type uint32 { range "5 .. 3600"; } units "seconds"; default "5"; description "Frequency for filtered client statistics collection"; } leaf client-filter-stats-enabled { type boolean; default "false"; description "Client statistics subscription enabled for filtered clients"; } leaf aggr-trace { type boolean; default "false"; description "Aggregate full packet trace enabled"; } } // container icap container lawful-interception { status obsolete; description "Lawful Interception related configurations"; leaf enable { type boolean; default "false"; description "This object specifies whether Lawful Interception is enabled or not"; } leaf timer-interval { type uint16 { range "60 .. 600"; } default "60"; description "This object represents the timer interval in seconds for periodic Lawful Interception updates"; } } // container lawful-interception container persistent-ssid-broadcast { description "True if persistent SSID broadcast is enabled on the AP"; leaf enable { type boolean; default "false"; description "This object specifies whether Persistent SSID Broadcast is enabled or not"; } } // container persistent-ssid-broadcast container dhcp-server { description "DHCP server related configuration"; leaf enable { type boolean; default "false"; description "DHCP server is enabled or not"; } } // container dhcp-server container usb-module-status { description "Status of USB configuration if disabled/enabled"; leaf enable { type boolean; default "true"; description "Boolean to represent if USB is enabled/disabled"; } } // container usb-module-status container halo-ble-entries { status deprecated; description "Encompasses the halo ble configurations"; list halo-ble-entry { key "beacon-id"; description "Encompasses the halo ble configurations"; leaf beacon-id { type uint8 { range "0 .. 4"; } description "BLE ibeacon ID for which global BLE configurations to be applied."; } leaf txpower { type uint8 { range "0 .. 52"; } default "0"; description "TX power of particular ibeacon for HALO enabled APs that have joined the controller.The TX power is based on size of proximity zone needed."; } leaf enabled { type boolean; default "false"; description "The status of the BLE beacons. enable(1) - enable the BLE beacon disable(2) - disable the BLE beacon."; } leaf uuid { type string; default "00000000-0000-0000-0000-000000000000"; description "The UUID (universally unique identifier) which is a 128-bit value"; } } // list halo-ble-entry } // container halo-ble-entries container icap-full-packet-trace-client-mac-address-entries { description "Selects the clients for which to collect traces, by client MAC address."; list icap-full-packet-trace-client-mac-address-entry { key "addr"; description "Specifies the client MAC address."; leaf addr { type yang:mac-address; description "MAC address"; } } // list icap-full-packet-trace-client-mac-address-entry } // container icap-full-packet-trace-client-mac-address-entries container icap-partial-packet-trace-client-mac-address-entries { description "Selects the clients for which to collect traces, by client MAC address."; list icap-partial-packet-trace-client-mac-address-entry { key "addr"; description "The client MAC address."; leaf addr { type yang:mac-address; description "MAC address"; } } // list icap-partial-packet-trace-client-mac-address-entry } // container icap-partial-packet-trace-client-mac-address-entries container icap-anomaly-detection-client-mac-address-entries { description "Selects the clients for which to collect traces, by client MAC address."; list icap-anomaly-detection-client-mac-address-entry { key "addr"; description "The client MAC address."; leaf addr { type yang:mac-address; description "MAC address"; } } // list icap-anomaly-detection-client-mac-address-entry } // container icap-anomaly-detection-client-mac-address-entries container icap-client-statistics-client-mac-address-entries { description "Selects the clients for which to collect statistics, by client MAC address."; list icap-client-statistics-client-mac-address-entry { key "addr"; description "The client MAC address."; leaf addr { type yang:mac-address; description "MAC address"; } } // list icap-client-statistics-client-mac-address-entry } // container icap-client-statistics-client-mac-address-entries container gas-rate-limit { description "Contains GAS rate limiting related configurations"; leaf enable { type boolean; default "false"; description "This object specifies whether GAS rate limit on the AP is enabled or not"; } leaf num-req-per-interval { type uint8 { range "1 .. 100"; } description "Maximum number of GAS requests allowed per AP slot in a given interval"; } leaf interval-msec { type uint16 { range "100 .. 10000"; } description "Interval in milliseconds to define GAS request rate limit"; } } // container gas-rate-limit container qosmap { description "QoS Map configuration"; leaf ap-trusts-upstream-dscp { type boolean; default "true"; description "AP uses upstream DSCP instead of 802.11e UP to mark outer CAPWAP header MAC CoS and IP DSCP"; } leaf qosmap-action-frame { type boolean; default "true"; description "802.11 QoS Map action frame is sent when QoS Map DSCP to UP mapping changes"; } } // container qosmap container qosmap-dscp-to-ups { description "QoS Map - DSCP tp UP (User Priority) mapping ranges"; list qosmap-dscp-to-up { key "up"; description "QoS Map - DSCP tp UP (User Priority) mapping range"; leaf dscp-low { type uint8 { range "0 .. 63"; } default "0"; description "DSCP range lower boundary"; } leaf dscp-high { type uint8 { range "0 .. 63"; } default "0"; description "DSCP range upper boundary"; } leaf up { type uint8 { range "0 .. 7"; } description "User Priority"; } leaf up-to-dscp { type uint8 { range "0 .. 63"; } default "0"; description "AP upstream traffic User Priority to DSCP mapping"; } } // list qosmap-dscp-to-up } // container qosmap-dscp-to-ups container qosmap-dscp-to-up-exceptions { description "QoS Map - DSCP tp UP (User Priority) mapping exceptions"; list qosmap-dscp-to-up-exception { key "dscp"; description "QoS Map - DSCP tp UP (User Priority) mapping exception"; leaf dscp { type uint8 { range "0 .. 63"; } description "DSCP to be mapped to User Priority"; } leaf up { type uint8 { range "0 .. 7"; } default "0"; description "User Priority"; } } // list qosmap-dscp-to-up-exception } // container qosmap-dscp-to-up-exceptions container client-rssi { description "Configuration of Client RSSI statistics reporting"; leaf client-rssi-stats { type boolean; default "true"; description "Represents Client RSSI statistics reporting status Possible values are: True - Client RSSI statistics reporting from AP is enabled False - Client RSSI statistics reporting from AP is disabled"; } leaf client-rssi-stats-interval { type uint16 { range "30 .. 300"; } units "seconds"; default "30"; description "Reporting interval for the Client RSSI statistics from AP to WLC"; } } // container client-rssi container ntp-server-info { must "(ntp-address != '255.255.255.0') and (ntp-address != '255.255.0.0') and (ntp-address != '255.0.0.0')" { error-message "Invalid IPv4 host address provided"; error-app-tag "must-violation"; } must "ntp-address != '255.255.255.255'" { error-message "Broadcast IPv4 address is invalid"; error-app-tag "must-violation"; } must "not(starts-with(ntp-address, '127.'))" { error-message "Loopback IPv4 address is invalid"; error-app-tag "must-violation"; } must "not(starts-with(ntp-address, '224.')) and not(starts-with(ntp-address, '225.')) and not(starts-with(ntp-address, '226.')) and not(starts-with(ntp-address, '227.')) and not(starts-with(ntp-address, '228.')) and not(starts-with(ntp-address, '229.')) and not(starts-with(ntp-address, '230.')) and not(starts-with(ntp-address, '231.')) and not(starts-with(ntp-address, '232.')) and not(starts-with(ntp-address, '233.')) and not(starts-with(ntp-address, '234.')) and not(starts-with(ntp-address, '235.')) and not(starts-with(ntp-address, '236.')) and not(starts-with(ntp-address, '237.')) and not(starts-with(ntp-address, '238.')) and not(starts-with(ntp-address, '239.'))" { error-message "Multicast IPv4 address is invalid"; error-app-tag "must-violation"; } must "not(contains(substring(ntp-address, 1, 4), 'fe80'))" { error-message "Link-local IPv6 address is invalid"; error-app-tag "must-violation"; } must "not(contains(substring(ntp-address, 1, 4), 'fec0'))" { error-message "Site-local IPv6 address is invalid"; error-app-tag "must-violation"; } description "NTP server information to be used by AP"; leaf ntp-address { type inet:ip-address; default "0.0.0.0"; description "NTP server IP address"; } leaf trust-key { type string; default ""; description "The trust key to use in NTP authentication"; } leaf trust-key-type { type wireless-enum-types:crypt-type; default "clear"; description "The encryption to use when storing the trust key locally"; } leaf key-id { type uint32 { range "1 .. 65535"; } default "1"; description "An integer key id that identifies the NTP authentication key"; } leaf key-type { type wireless-ap-types:enm-ap-ntp-key-type; default "ap-ntp-key-type-md5"; description "The key digest type"; } leaf key-format { type wireless-ap-types:enm-ap-ntp-key-format; default "ap-ntp-key-format-ascii"; description "The key digest format"; } } // container ntp-server-info leaf awips-enabled { type boolean; default "false"; description "Flag to enable AWIPS"; } container accounting { description "AP Accounting information"; leaf method-list { type string; description "Method list name"; } } // container accounting container apphost { description "Configuration of IOX application hosting"; leaf enable { type boolean; default "false"; description "Enable IOX application hosting"; } } // container apphost container aux-client-interface { description "Configuration of Auxiliary Client Interface"; leaf vlan-id { type uint16 { range "0 .. 4094"; } default "0"; description "VLAN to which the Auxiliary Client traffic is assigned"; } } // container aux-client-interface container proxy { description "Proxy configuration provisioned to AP"; leaf hostname { type string; description "HTTP proxy hostname"; } leaf port { type uint16 { range "0 .. 65535"; } description "HTTP proxy port"; } leaf no-proxy-list { type string; description "List of URLs to be excluded from proxying"; } } // container proxy leaf grpc-enable { type boolean; default "false"; description "Enable GRPC server on AP"; } leaf bssid-enable-stats { type boolean; default "false"; description "Flag to enable BSSID stats on AP"; } leaf bssid-stats-frequency { type uint32 { range "1 .. 180"; } units "seconds"; default "30"; description "Time frequency on AP to send BSSID stats"; } leaf private-ip-discovery { type boolean; default "true"; description "Discovery Response from private IP is enabled or disabled"; } leaf public-ip-discovery { type boolean; default "true"; description "Discovery Response from public IP is enabled or disabled"; } container led-flash { status obsolete; description "LED flash mode and timer configuration of all the access points"; leaf flash-sec { type uint16 { range "0 .. 3600"; } units "seconds"; default "0"; description "LED flash timer duration for AP."; } leaf led-flash-mode { type wireless-ap-types:enm-ap-led-flash-mode; default "led-flash-mode-indefinite"; description "LED flash mode configuration: Indefinite, disable or for a particular duration"; } } // container led-flash leaf bssid-neighbor-stats-enable { type boolean; default "false"; description "Flag to enable BSSID neighbor statistics on AP"; } leaf bssid-neighbor-stats-frequency { type uint32 { range "1 .. 180"; } units "seconds"; default "30"; description "Time interval between consecutive BSSID neighbor stats update send by the AP"; } container traffic-distribution { description "Traffic Distribution Statistics Configuration"; leaf status { type boolean; default "true"; description "Enable/Disable client traffic distribution stats"; } leaf interval { type uint16 { range "30 .. 3600"; } units "seconds"; default "300"; description "Interval at which AP will send the statistics"; } } // container traffic-distribution container dhcp-fallback { description "Allow AP to fallback to DHCP if it can not join controller via Static IP"; leaf dhcp-fallback { type boolean; default "true"; description "Represents AP fallback to DHCP, if AP fails to join via static IP address"; } } // container dhcp-fallback container oeap { description "Office Extended AP configuration"; leaf oeap-data-encr { type boolean; default "true"; description "Enable/Disable Data Encryption on Office Extended AP"; } leaf oeap-rogue-detect { type boolean; default "false"; description "Enable/Disable Rogue Detection on Office Extended AP"; } leaf is-local-net { type boolean; default "true"; description "Enable/Disable Local Access on Office Extended AP"; } leaf prov-ssid { type boolean; default "true"; description "Enable/Disable Provisional SSID on Office Extended AP"; } } // container oeap leaf awips-forensic-enabled { type boolean; must "(../awips-forensic-enabled = 'false') or ((../awips-forensic-enabled = 'true') and (../awips-enabled = 'true'))" { error-message "Forensic capture cannot be enabled without AWIPS"; error-app-tag "must-violation"; } default "false"; description "Flag to enable AWIPS forensic"; } container antenna-monitor { description "Per AP profile antenna monitoring configuration"; leaf enabled { type boolean; default "false"; description "Status of antenna monitoring configuration. Possible values are: True - Antenna monitoring is enabled. False - Antenna monitoring is disabled."; } leaf rssi-fail-threshold { type uint8 { range "10 .. 90"; } units "dB"; default "40"; description "RSSI failure threshold value for antenna monitoring"; } leaf weak-rssi { type int16 { range "-90 .. -10"; } units "dBm"; default "-60"; description "Weak RSSI value for antenna monitoring"; } leaf detection-time { type uint8 { range "9 .. 180"; } units "minutes"; default "12"; description "Detection time for antenna monitoring"; } } // container antenna-monitor container stats-monitor { description "Per AP profile ap stats configuration"; leaf enable { type boolean; default "false"; description "AP stats collection and processing enabled"; } leaf sample-intvl { when "boolean(../enable)"; type uint16 { range "2 .. 900"; } units "seconds"; default "30"; description "Sampling interval"; } leaf stats-intvl { when "boolean(../enable)"; type uint16 { range "120 .. 900"; } units "seconds"; default "300"; description "Statistics interval"; } leaf alarm-hold-time { when "boolean(../enable) and boolean(../alarms-enable)"; type uint16 { range "0 .. 3600"; } units "seconds"; default "6"; description "Alarm hold time"; } leaf trap-retx-time { when "boolean(../enable) and boolean(../alarms-enable)"; type uint16 { range "0 .. 65535"; } units "seconds"; default "0"; description "Alarm trap retransmission time"; } leaf alarms-enable { when "boolean(../enable)"; type empty; description "AP stats alarms enabled"; } leaf cpu-threshold { when "boolean(../enable) and boolean(../alarms-enable)"; type uint16 { range "0 .. 100"; } units "percentage"; default "0"; description "CPU threshold"; } leaf mem-threshold { when "boolean(../enable) and boolean(../alarms-enable)"; type uint16 { range "0 .. 100"; } units "percentage"; default "0"; description "Memory threshold"; } } // container stats-monitor container ap-dtls-config { description "Per AP profile AP DTLS configuration"; leaf ctrl-pref { type boolean; default "true"; description "Give preference to cipher suites defined in controller"; } } // container ap-dtls-config container ap-country { description "Per AP profile AP country configuration"; leaf country-code { type wireless-enum-types:country-code; must "(../country-code = 'ae' or ../country-code = 'al' or ../country-code = 'ar' or ../country-code = 'at' or ../country-code = 'au' or ../country-code = 'ba' or ../country-code = 'bb' or ../country-code = 'bd' or ../country-code = 'be' or ../country-code = 'bg' or ../country-code = 'bh' or ../country-code = 'bm' or ../country-code = 'bn' or ../country-code = 'bo' or ../country-code = 'br' or ../country-code = 'by' or ../country-code = 'ca' or ../country-code = 'ch' or ../country-code = 'cl' or ../country-code = 'cm' or ../country-code = 'cn' or ../country-code = 'co' or ../country-code = 'cr' or ../country-code = 'cu' or ../country-code = 'cy' or ../country-code = 'cz' or ../country-code = 'de' or ../country-code = 'dk' or ../country-code = 'do' or ../country-code = 'dz' or ../country-code = 'ec' or ../country-code = 'ee' or ../country-code = 'eg' or ../country-code = 'el' or ../country-code = 'es' or ../country-code = 'fi' or ../country-code = 'fj' or ../country-code = 'fr' or ../country-code = 'gb' or ../country-code = 'gh' or ../country-code = 'gi' or ../country-code = 'gr' or ../country-code = 'hk' or ../country-code = 'hr' or ../country-code = 'hu' or ../country-code = 'id' or ../country-code = 'ie' or ../country-code = 'il' or ../country-code = 'in' or ../country-code = 'io' or ../country-code = 'iq' or ../country-code = 'is' or ../country-code = 'it' or ../country-code = 'jm' or ../country-code = 'jo' or ../country-code = 'j2' or ../country-code = 'j4' or ../country-code = 'ke' or ../country-code = 'kn' or ../country-code = 'kw' or ../country-code = 'kz' or ../country-code = 'lb' or ../country-code = 'li' or ../country-code = 'lk' or ../country-code = 'lt' or ../country-code = 'lu' or ../country-code = 'lv' or ../country-code = 'ly' or ../country-code = 'ma' or ../country-code = 'mc' or ../country-code = 'me' or ../country-code = 'mk' or ../country-code = 'mn' or ../country-code = 'mo' or ../country-code = 'mt' or ../country-code = 'mx' or ../country-code = 'my' or ../country-code = 'ng' or ../country-code = 'nl' or ../country-code = 'no' or ../country-code = 'nz' or ../country-code = 'om' or ../country-code = 'pa' or ../country-code = 'pe' or ../country-code = 'ph' or ../country-code = 'pk' or ../country-code = 'pl' or ../country-code = 'pr' or ../country-code = 'pt' or ../country-code = 'py' or ../country-code = 'qa' or ../country-code = 'ro' or ../country-code = 'rs' or ../country-code = 'ru' or ../country-code = 'sa' or ../country-code = 'se' or ../country-code = 'sg' or ../country-code = 'si' or ../country-code = 'sk' or ../country-code = 'th' or ../country-code = 'ti' or ../country-code = 'tn' or ../country-code = 'tr' or ../country-code = 'tw' or ../country-code = 'ua' or ../country-code = 'us' or ../country-code = 'uy' or ../country-code = 've' or ../country-code = 'vn' or ../country-code = 'za' or ../country-code = 'unconfigured')" { error-message "Unsupported country"; error-app-tag "must-violation"; } default "unconfigured"; description "AP country code"; } } // container ap-country container ap-tz-config { description "AP timezone configuration"; leaf tz-enabled { type boolean; default "false"; description "AP timezone is set in controller"; } leaf offset-hour { type int8 { range "-12 .. 14"; } units "hours"; default "0"; description "Offset hour for timezone"; } leaf offset-min { type int8 { range "0 .. 59"; } units "minutes"; default "0"; description "Offset minute for timezone"; } leaf mode { type wireless-ap-types:timezone-payload-mode; default "ap-tz-not-configured"; description "Payload mode of timezone"; } } // container ap-tz-config } // list ap-cfg-profile } // container ap-cfg-profiles container ap-packet-capture-profiles { description "AP packet capture profile configuration"; list ap-packet-capture-profile { key "profile-name"; description "List of AP packet capture profiles"; leaf profile-name { type string; description "The profile name of the packet capture profile"; } leaf description { type string; description "Description of the packet capture profile"; } leaf buffer-size { type uint16 { range "1024 .. 4096"; } default "2048"; description "The size of the buffer Access Point should use to copy the captured packets for client and dump it to the FTP server. Default value is 2048 kilobytes"; } leaf duration { type uint16 { range "1 .. 60"; } default "10"; description "Duration for which the Access Point should capture packets for specified client. Default value is 10"; } leaf truncate-len { type uint16 { range "0 .. 1500"; } default "0"; description "Length of the packet after truncation while capturing packets on the Access Point. Default value is 0 which indicates captured packet should contain the full payload length"; } leaf ftp-server-ip { type inet:ip-address; default "0.0.0.0"; description "The IP Address of the FTP server. Access Point will dump the captured packets to a file in this ftp server"; } leaf ftp-path { type string; default ""; description "The directory path in the ftp server for storing the file which contains the captured packets in the Access Point."; } leaf ftp-username { type string; default ""; description "The username to login into the ftp server in order to transfer the captured packets from the Access Point."; } leaf ftp-password { type string; default ""; description "The password to login into the ftp server in order to transfer the captured packets from the Access Point."; } leaf ftp-password-type { type wireless-enum-types:crypt-type; must "((current() = 'clear') or (current() = 'aes'))" { error-message "Password type should be either clear text or AES encryption"; error-app-tag "must-violation"; } default "clear"; description "This object specifies the password type to login into the ftp server in order to transfer the captured packets from the Access Point."; } leaf classifier-control { type boolean; default "true"; description "The filters for 802.11 control packets, while capturing packets on the Access Point. A value of 'true' indicates 802.11 control packets should be captured. A value of 'false' indicates 802.11 control packets should not be captured. Default value is true"; } leaf classifier-management { type boolean; default "true"; description "The filters for 802.11 Management packets, while capturing packets on the Access Point. A value of 'true' indicates 802.11 Management packets should be captured. A value of 'false' indicates 802.11 Management packets should not be captured. Default value is true"; } leaf classifier-data { type boolean; default "false"; description "The filters for 802.11 Data packets, while capturing packets on the Access Point. A value of 'true' indicates 802.11 Data packets should be captured. A value of 'false' indicates 802.11 Data packets should not be captured. Default value is false"; } leaf classifier-dot1x { type boolean; default "false"; description "The filters for 802.11 Dot1x packets, while capturing packets on the Access Point. A value of 'true' indicates 802.11 Dot1x packets should be captured. A value of 'false' indicates 802.11 Dot1x packets should not be captured. Default value is false"; } leaf classifier-arp { type boolean; default "false"; description "The filters for ARP packets while capturing packets on the Access Point. A value of 'true' indicates ARP packets should be captured. A value of 'false' indicates ARP packets should not be captured.Default value is false"; } leaf classifier-iapp { type boolean; default "false"; description "The filters for 802.11 IAPP packets, while capturing packets on the Access Point. A value of 'true' indicates IAPP packets should be captured. A value of 'false' indicates IAPP packets should not be captured. Default value is false"; } leaf classifier-ip { type boolean; default "false"; description "The filters for IP packets, while capturing packets on the Access Point. A value of ' true' indicates IP packets should be captured. A value of false' indicates IP packets should not be captured. Default value is false"; } leaf classifier-tcp { type boolean; default "false"; description "The filters for TCP packets while capturing packets on the Access Point. Value of 'true' indicates IP packets should be captured. Value of 'false' indicates IP packets should not be captured. Default value is false"; } leaf classifier-tcp-port { type uint16 { range "0 .. 65535"; } default "0"; description "The filters for TCP packets, while capturing packets on the Access Point Value of 'true' indicates IP packets should be captured. Value of 'false' indicates IP packets should not be captured. Default value is false"; } leaf classifier-udp { type boolean; default "false"; description "The filters for TCP packets, while capturing packets on the Access Point. Value of 'true' indicates IP packets should be captured. Value of 'false' indicates IP packets should not be captured. Default value is fals"; } leaf classifier-udp-port { type uint16 { range "0 .. 65535"; } default "0"; description "The filter value port number for UDP packets, while capturing packets on the Access Point. Default value is 0 which indicates all UDP packets should be captured"; } leaf classifier-broadcast { type boolean; default "false"; description "The filters for 802.11 Broadcast packets, while capturing packets on the Access Point. A value of 'true' indicates Broadcast packets should be captured.A value of 'false' indicates Broadcast packets should not be captured. Default value is false"; } leaf classifier-multicast { type boolean; default "false"; description "The filters for 802.11 Multicast packets, while capturing packets on the Access Point. A value of 'true' indicates Multicast packets should be captured. A value of 'false' indicates Multicast packets should not be captured. Default value is false"; } } // list ap-packet-capture-profile } // container ap-packet-capture-profiles container ap-trace-profiles { description "AP trace profile configuration"; list ap-trace-profile { key "profile-name"; description "List of AP trace capture profiles"; leaf profile-name { type string; description "Trace profile name of the AP"; } leaf description { type string; description "Description of the AP trace profile"; } leaf ap-trace-client-console-log { type boolean; default "false"; description "Flag to enable console logs at the AP"; } leaf ap-trace-client-filter-arp { type boolean; default "false"; description "Trace filter to enable client's ARP packets tracing at the AP"; } leaf ap-trace-client-filter-assoc { type boolean; default "false"; description "Trace filter to enable client's association packets tracing at the AP"; } leaf ap-trace-client-filter-auth { type boolean; default "false"; description "Trace filter to enable client's authentication packets at the AP"; } leaf ap-trace-client-filter-dhcp { type boolean; default "false"; description "Trace filter to enable client's DHCP packets tracing at the AP"; } leaf ap-trace-client-filter-eap { type boolean; default "false"; description "Trace filter to enable client's EAP packets tracing at the AP"; } leaf ap-trace-client-filter-icmp { type boolean; default "false"; description "Trace filter to enable client's ICMP packets tracing at the AP"; } leaf ap-trace-client-filter-ndp { type boolean; default "false"; description "Trace filter to enable client's NDP packets tracing at the AP"; } leaf ap-trace-client-filter-probe { type boolean; default "false"; description "Trace filter to enable client's probe packets tracing at the AP"; } } // list ap-trace-profile } // container ap-trace-profiles container site-tag-configs { description "Site tag configuration"; list site-tag-config { key "site-tag-name"; description "List of site tag configurations"; leaf site-tag-name { type string { pattern '[!-~]([ -~]*[!-~])?'; } description "Each entry represents a conceptual row in cLSiteTagConfigTable and corresponds to an Site Tag in a Elastic Wireless Controller."; } leaf description { type string; default ""; description "Description of the Site Tag"; } leaf flex-profile { type string; default "default-flex-profile"; description "The flex profile which is part of the Site tag"; } leaf ap-join-profile { type string; default "default-ap-profile"; description "The Ap Join profile which is part of the Site tag"; } leaf is-local-site { type boolean; default "true"; description "This parameter is set to enable local site"; } leaf fabric-control-plane-name { type string; description "Fabric Control Plane Name"; } leaf image-download-profile-name { type string; must "(../image-download-profile-name = 'default')" { error-message "image download profile name should be default"; error-app-tag "must-violation"; } default "default"; description "Image Download Profile Name"; } leaf arp-caching { type boolean; default "true"; description "Enable or disable AP ARP caching"; } leaf dhcp-bcast { type boolean; default "false"; description "Enable or disable fabric AP DHCP broadcast"; } leaf fabric-mcast-ipv4-addr { type inet:ipv4-address; must "(../fabric-mcast-ipv4-addr = '0.0.0.0') or starts-with(../fabric-mcast-ipv4-addr, '224.') or starts-with(../fabric-mcast-ipv4-addr, '225.') or starts-with(../fabric-mcast-ipv4-addr, '226.') or starts-with(../fabric-mcast-ipv4-addr, '227.') or starts-with(../fabric-mcast-ipv4-addr, '228.') or starts-with(../fabric-mcast-ipv4-addr, '229.') or starts-with(../fabric-mcast-ipv4-addr, '230.') or starts-with(../fabric-mcast-ipv4-addr, '231.') or starts-with(../fabric-mcast-ipv4-addr, '232.') or starts-with(../fabric-mcast-ipv4-addr, '233.') or starts-with(../fabric-mcast-ipv4-addr, '234.') or starts-with(../fabric-mcast-ipv4-addr, '235.') or starts-with(../fabric-mcast-ipv4-addr, '236.') or starts-with(../fabric-mcast-ipv4-addr, '237.') or starts-with(../fabric-mcast-ipv4-addr, '238.') or starts-with(../fabric-mcast-ipv4-addr, '239.')" { error-message "Fabric multicast group IPv4 address must be in range 224.0.0.0-239.255.255.255 or 0.0.0.0"; error-app-tag "must-violation"; } default "232.255.255.1"; description "Fabric multicast group IPv4 address"; } } // list site-tag-config } // container site-tag-configs } // container site-cfg-data } // module Cisco-IOS-XE-wireless-site-cfg
© 2023 YumaWorks, Inc. All rights reserved.