This module contains a collection of YANG definitions for Cisco IOS-XR aaa-lib package configuration. This module contains defi...
Version: 2020-10-22
module Cisco-IOS-XR-aaa-lib-cfg { yang-version 1; namespace "http://cisco.com/ns/yang/Cisco-IOS-XR-aaa-lib-cfg"; prefix aaa-lib-cfg; import Cisco-IOS-XR-types { prefix xr; } import cisco-semver { prefix semver; } import Cisco-IOS-XR-aaa-lib-datatypes { prefix dt1; } organization "Cisco Systems, Inc."; contact "Cisco Systems, Inc. Customer Service Postal: 170 West Tasman Drive San Jose, CA 95134 Tel: +1 800 553-NETS E-mail: cs-yang@cisco.com"; description "This module contains a collection of YANG definitions for Cisco IOS-XR aaa-lib package configuration. This module contains definitions for the following management objects: aaa: Authentication, Authorization and Accounting Copyright (c) 2013-2020 by Cisco Systems, Inc. All rights reserved."; revision "2020-10-22" { description "Fixing backward compatibility error in module."; } revision "2019-04-05" { description "Establish semantic version baseline."; } revision "2017-11-14" { description "Modified Accounting method to support local accounting as syslog"; } revision "2017-05-01" { description "Fixing backward compatibility error in module."; } revision "2015-11-09" { description "IOS XR 6.0 revision."; } semver:module-version "1.1.0"; semver:module-version "1.0.1"; container aaa { description "Authentication, Authorization and Accounting"; container authorization-nacms { description "AAA authorization NACM"; list authorization-nacm { key "type listname"; description "Configurations related to NACM authorization"; leaf type { type xr:Cisco-ios-xr-string; description "nacm: Authorize NACM operations"; } leaf listname { type xr:Cisco-ios-xr-string; description "List name for AAA NACM authorization"; } leaf merge-type { type dt1:Aaanacm-group-merge; description "MergeType"; } leaf method1 { type dt1:Aaa-method; description "Method Type"; } leaf method2 { type dt1:Aaa-method; description "Method Type"; } leaf method3 { type dt1:Aaa-method; description "Method Type"; } leaf method4 { type dt1:Aaa-method; description "Method Type"; } leaf server-group-name1 { type string; description "Server group name"; } leaf server-group-name2 { type string; description "Server group name"; } leaf server-group-name3 { type string; description "Server group name"; } leaf server-group-name4 { type string; description "Server group name"; } } // list authorization-nacm } // container authorization-nacms container accountings { description "AAA accounting"; list accounting { key "type listname"; description "Configurations related to accounting"; leaf type { type xr:Cisco-ios-xr-string; description "exec:Account exec sessions, commands: Account CLI commands"; } leaf listname { type xr:Cisco-ios-xr-string; description "Named accounting list"; } leaf rp-failover { type dt1:Aaa-accounting-rp-failover; description "rpfailover"; } leaf broadcast { type dt1:Aaa-accounting-broadcast; description "Broadcast"; } leaf type-xr { type dt1:Aaa-accounting; description "Stop only/Start Stop"; } leaf method1 { type dt1:Aaa-method-accounting; description "Method Type"; } leaf method2 { type dt1:Aaa-method-accounting; description "Method Type"; } leaf method3 { type dt1:Aaa-method-accounting; description "Method Type"; } leaf method4 { type dt1:Aaa-method-accounting; description "Method Type"; } leaf server-group-name1 { type string; description "Server group name"; } leaf server-group-name2 { type string; description "Server group name"; } leaf server-group-name3 { type string; description "Server group name"; } leaf server-group-name4 { type string; description "Server group name"; } } // list accounting } // container accountings container authorizations { description "AAA authorization"; list authorization { key "type listname"; description "Configurations related to authorization"; leaf type { type xr:Cisco-ios-xr-string; description "network: Authorize IKE requests, commands: Authorize CLI commands"; } leaf listname { type xr:Cisco-ios-xr-string; description "List name for AAA authorization"; } leaf method1 { type dt1:Aaa-method; description "Method Type"; } leaf method2 { type dt1:Aaa-method; description "Method Type"; } leaf method3 { type dt1:Aaa-method; description "Method Type"; } leaf method4 { type dt1:Aaa-method; description "Method Type"; } leaf server-group-name1 { type string; description "Server group name"; } leaf server-group-name2 { type string; description "Server group name"; } leaf server-group-name3 { type string; description "Server group name"; } leaf server-group-name4 { type string; description "Server group name"; } } // list authorization } // container authorizations container accounting-update { presence "Indicates a accounting-update node is configured."; description "Configuration related to 'update' accounting"; leaf type { type dt1:Aaa-accounting-update; mandatory true; description "newinfo/periodic"; } leaf periodic-interval { type uint32 { range "0..35791394"; } units "minute"; description "Periodic update interval in minutes"; } } // container accounting-update container banner { description "AAA banner"; leaf login { type string; description "AAA login banner"; } } // container banner container authentications { description "AAA authentication"; list authentication { key "type listname"; description "Configurations related to authentication"; leaf type { type xr:Cisco-ios-xr-string; description "login: Authenticate login sessions, ppp: Authenticate ppp sessions"; } leaf listname { type xr:Cisco-ios-xr-string; description "List name for AAA authentication"; } leaf method1 { type dt1:Aaa-method; description "Method Type"; } leaf method2 { type dt1:Aaa-method; description "Method Type"; } leaf method3 { type dt1:Aaa-method; description "Method Type"; } leaf method4 { type dt1:Aaa-method; description "Method Type"; } leaf server-group-name1 { type string; description "Server group name"; } leaf server-group-name2 { type string; description "Server group name"; } leaf server-group-name3 { type string; description "Server group name"; } leaf server-group-name4 { type string; description "Server group name"; } } // list authentication } // container authentications container password-policies { description "Configure password-policy"; list password-policy { key "name"; description "Password Policy name"; container lifetime { description "Liftime of the password"; leaf years { type Aaa-pass-policy-years; description "Number of years"; } leaf months { type Aaa-pass-policy-months; description "Number of months"; } leaf hours { type Aaa-pass-policy-hours; units "hour"; description "Number of hours"; } leaf minutes { type Aaa-pass-policy-minutes; units "minute"; description "Number of minutes"; } leaf seconds { type Aaa-pass-policy-seconds; units "second"; description "Number of seconds"; } leaf days { type Aaa-pass-policy-days; units "day"; description "Number of days"; } } // container lifetime container lockout-time { description "Lockout time for the maximum authentication failures"; leaf hours { type Aaa-pass-policy-hours; units "hour"; description "Number of hours"; } leaf minutes { type Aaa-pass-policy-minutes; units "minute"; description "Number of minutes"; } leaf seconds { type Aaa-pass-policy-lockout-seconds; units "second"; description "Number of seconds"; } leaf days { type Aaa-pass-policy-lockout-days; units "day"; description "Number of days"; } } // container lockout-time container restrict-old-time { description "Time limit for old password to be considered for new password check"; leaf years { type Aaa-pass-policy-years; description "Number of years"; } leaf months { type Aaa-pass-policy-months; description "Number of months"; } leaf days { type Aaa-pass-policy-days; units "day"; description "Number of days"; } } // container restrict-old-time container warninterval { description "Warninterval of the password"; leaf years { type Aaa-pass-policy-years; description "Number of years"; } leaf months { type Aaa-pass-policy-months; description "Number of months"; } leaf hours { type Aaa-pass-policy-hours; units "hour"; description "Number of hours"; } leaf minutes { type Aaa-pass-policy-minutes; units "minute"; description "Number of minutes"; } leaf seconds { type Aaa-pass-policy-seconds; units "second"; description "Number of seconds"; } leaf days { type Aaa-pass-policy-days; units "day"; description "Number of days"; } } // container warninterval leaf restrict-password-advanced { type empty; description "Imposes advanced constraints on new password"; } leaf lower-case { type Aaa-pass-policy-case-length; description "Number of lower-case characters"; } leaf restrict-password-reverse { type empty; description "Restrict usage of reversed old password as new password"; } leaf upper-case { type Aaa-pass-policy-case-length; description "Number of upper-case characters"; } leaf max-length { type Aaa-pass-policy-length; description "Maximum length of the password"; } leaf restrict-old-count { type Aaa-pass-policy-restrict-old-count; description "Number of old passwords to be considered for new password check"; } leaf restrict-username-reverse { type empty; description "Restrict usage of reversed username as passwordRestrict associated username to be used as password"; } leaf min-char-change { type Aaa-pass-policy-case-length; description "Number of characters change required between old and new passwords"; } leaf special-char { type Aaa-pass-policy-case-length; description "Number of special characters"; } leaf numeric { type Aaa-pass-policy-case-length; description "Number of numeric characters"; } leaf restrict-username { type empty; description "Restrict associated username to be used as password"; } leaf max-char-repetition { type Aaa-pass-policy-char-repeat-length; description "Number of times a character can repeat consecutively in new password"; } leaf min-length { type Aaa-pass-policy-length; description "Minimum length of the password"; } leaf authen-max-attempts { type Aaa-pass-policy-authen-attempts; description "Number of maximum authentication attempts"; } leaf name { type xr:Cisco-ios-xr-string { length "1..252"; } description "Password Policy name"; } } // list password-policy } // container password-policies container server-groups { description "AAA group definitions"; container radius-server-groups { description "RADIUS server group definition"; list radius-server-group { key "server-group-name"; description "RADIUS server group name"; container accounting { description "List of filters in server group"; container request { description "Specify a filter in server group"; leaf action { type Aaa-action; description "Specify the attribute list type accept or reject"; } leaf attribute-list-name { type string; description "Name of RADIUS attribute list"; } } // container request container reply { description "Specify a filter in server group"; leaf action { type Aaa-action; description "Specify the attribute list type accept or reject"; } leaf attribute-list-name { type string; description "Name of RADIUS attribute list"; } } // container reply } // container accounting container servers { description "List of RADIUS servers present in the group"; list server { key "ordering-index ip-address auth-port-number acct-port-number"; description "A server to include in the server group"; leaf ordering-index { type uint32; description "This is used to sort the servers in the order of precedence"; } leaf ip-address { type inet:ip-address-no-zone; description "IP address of RADIUS server"; } leaf auth-port-number { type inet:port-number; description "Authentication Port number (standard port 1645)"; } leaf acct-port-number { type inet:port-number; description "Accounting Port number (standard port 1646)"; } } // list server } // container servers container private-servers { description "List of private RADIUS servers present in the group"; list private-server { key "ordering-index ip-address auth-port-number acct-port-number"; description "A private server to include in the server group"; container private-key { description "RADIUS encryption key"; leaf text { type xr:Proprietary-password; description "Encryption key"; } leaf encrypt-type { type Scrt-encryption; default "type7"; description "Encryption Type"; } } // container private-key leaf private-timeout { type Aaa-radius-timeout; default "5"; description "Time to wait for a RADIUS server to reply"; } leaf ignore-accounting-port { type boolean; description "Ignore Accounting port"; } leaf private-retransmit { type Aaa-radius-retransmit; default "3"; description "Number of times to retransmit a request to the RADIUS server"; } leaf idle-time { type Aaa-radius-idle-time; default "5"; description "Idle time for the radius Server"; } leaf username { type string; description "Username to be tested for automated testing"; } leaf ignore-auth-port { type boolean; description "Ignore authentication Port"; } leaf ordering-index { type uint32; description "This is used to sort the servers in the order of precedence"; } leaf ip-address { type inet:ip-address-no-zone; description "IP address of RADIUS server"; } leaf auth-port-number { type inet:port-number; description "Authentication Port number (standard port 1645)"; } leaf acct-port-number { type inet:port-number; description "Accounting Port number (standard port 1646)"; } } // list private-server } // container private-servers container server-group-throttle { presence "Contains mandatory nodes that used to set default values"; description "Radius throttling options"; leaf access { type Aaa-throttle-access; mandatory true; description "To flow control the number of access requests sent to a radius server"; } leaf accounting { type Aaa-throttle-accounting; mandatory true; description "To flow control the number of accounting requests sent to a radius server"; } leaf access-timeout { type Aaa-throttle-access-timeout; mandatory true; description "Specify the number of timeouts exceeding which a throttled access request is dropped"; } } // container server-group-throttle container load-balance { description "Radius load-balancing options"; container method { description "Method by which the next host will be picked"; container name { presence "Contains mandatory nodes that used to set default values"; description "Batch size for selection of the server"; leaf least-outstanding { type uint32; mandatory true; description "Pick the server with the least transactions outstanding"; } leaf batch-size { type uint32 { range "1..1500"; } mandatory true; description "Batch size for selection of the server"; } leaf ignore-preferred-server { type boolean; mandatory true; description "Disable preferred server for this Server Group"; } } // container name } // container method } // container load-balance container authorization { description "List of filters in server group"; container request { description "Specify a filter in server group"; leaf action { type Aaa-action; description "Specify the attribute list type accept or reject"; } leaf attribute-list-name { type string; description "Name of RADIUS attribute list"; } } // container request container reply { description "Specify a filter in server group"; leaf action { type Aaa-action; description "Specify the attribute list type accept or reject"; } leaf attribute-list-name { type string; description "Name of RADIUS attribute list"; } } // container reply } // container authorization leaf dead-time { type Aaa-radius-dead-time; units "minute"; description "This indicates the length of time (in minutes) for which RADIUS servers present in this group remain marked as dead"; } leaf source-interface { type xr:Interface-name; description "Specify interface for source address in RADIUS packets"; } leaf vrf { type string; description "Specify VRF name of RADIUS group"; } leaf server-group-name { type xr:Cisco-ios-xr-string; description "RADIUS server group name"; } } // list radius-server-group } // container radius-server-groups container diameter-server-groups { description "DIAMETER server group definition"; list diameter-server-group { key "server-group-name"; description "DIAMETER server group name"; container servers { description "List of DIAMETER servers present in the group"; list server { key "ordering-index peer-name"; description "A server to include in the server group"; leaf ordering-index { type uint32; description "This is used to sort the servers in the order of precedence"; } leaf peer-name { type xr:Cisco-ios-xr-string; description "Name for the diameter peer configuration"; } } // list server } // container servers leaf server-group-name { type xr:Cisco-ios-xr-string; description "DIAMETER server group name"; } } // list diameter-server-group } // container diameter-server-groups } // container server-groups leaf default-taskgroup { type string; description "This class is used for setting the default taskgroup to be used for remote server authentication"; } leaf admin-accounting { type string; description "This class is used to enable/disable admin-accounting"; } container usernames { description "Configure local usernames"; list username { key "ordering-index name"; description "Local username"; container password-policy { description "Mention Password policy for the user"; leaf name { type xr:Cisco-ios-xr-string { length "1..252"; } description "Password Policy name"; } leaf password { type xr:Proprietary-password; description "The user's password"; } } // container password-policy container secret { description "Specify the secret for the user"; leaf type { type Aaa-password; description "Password type"; } leaf secret5 { when "../type = 'type5'" { description "../Type = Type5"; } type xr:Md5-password; description "The user's secret password"; } leaf secret8 { when "../type = 'type8'" { description "../Type = Type8"; } type xr:Type8-password; description "Type 8 password"; } leaf secret9 { when "../type = 'type9'" { description "../Type = Type9"; } type xr:Type9-password; description "Type 9 password"; } leaf secret10 { when "../type = 'type10'" { description "../Type = Type10"; } type xr:Type10-password; description "Type 10 password"; } } // container secret container usergroup-under-usernames { description "Specify the usergroup to which this user belongs"; list usergroup-under-username { key "name"; description "Name of the usergroup"; leaf name { type xr:Cisco-ios-xr-string; description "Name of the usergroup"; } } // list usergroup-under-username } // container usergroup-under-usernames leaf login-history { type Aaa-login-history; description "To display previous login details after login is successful."; } leaf password { type xr:Proprietary-password; description "Specify the password for the user"; } leaf directory { type string { length "1..512"; } description "Specify the directory for the user"; } leaf shell-type { type string { length "1..32"; } description "Specify the shell-type for the user"; } leaf policy { type xr:Cisco-ios-xr-string { length "1..252"; } description "Mention Secret policy for the user"; } leaf ordering-index { type uint32; description "This is used to sort the users in the order of precedence"; } leaf name { type string; description "Username"; } } // list username } // container usernames container taskgroups { description "Specify a taskgroup to inherit from"; list taskgroup { key "name"; description "Taskgroup name"; container taskgroup-under-taskgroups { description "Specify a taskgroup to inherit from"; list taskgroup-under-taskgroup { key "name"; description "Name of the task group to include"; leaf name { type xr:Cisco-ios-xr-string; description "Name of the task group to include"; } } // list taskgroup-under-taskgroup } // container taskgroup-under-taskgroups container tasks { description "Specify task IDs to be part of this group"; list task { key "type task-id"; description "Task ID to be included"; leaf type { type Aaa-locald-task-class; description "This specifies the operation permitted for this task eg: read/write/execute/debug"; } leaf task-id { type Aaa-locald-task-id; description "Task ID to which permission is to be granted (please use class AllTasks to get a list of valid task IDs)"; } } // list task } // container tasks leaf description { type string; description "Description for the task group"; } leaf name { type string; description "Taskgroup name"; } } // list taskgroup } // container taskgroups container usergroups { description "Specify a Usergroup to inherit from"; list usergroup { key "name"; description "Usergroup name"; container taskgroup-under-usergroups { description "Task group associated with this group"; list taskgroup-under-usergroup { key "name"; description "Name of the task group"; leaf name { type xr:Cisco-ios-xr-string; description "Name of the task group"; } } // list taskgroup-under-usergroup } // container taskgroup-under-usergroups container usergroup-under-usergroups { description "User group to be inherited by this group"; list usergroup-under-usergroup { key "name"; description "Name of the user group"; leaf name { type xr:Cisco-ios-xr-string; description "Name of the user group"; } } // list usergroup-under-usergroup } // container usergroup-under-usergroups leaf description { type string; description "Description for the user group"; } leaf name { type string; description "Usergroup name"; } } // list usergroup } // container usergroups container radius { description "Remote Access Dial-In User Service"; container hosts { description "List of RADIUS servers"; list host { key "ordering-index ip-address auth-port-number acct-port-number"; description "Instance of a RADIUS server"; container host-key { description "RADIUS encryption key"; leaf text { type xr:Proprietary-password; description "Encryption key"; } leaf encrypt-type { type Scrt-encryption; default "type7"; description "Encryption Type"; } } // container host-key leaf host-retransmit { type Aaa-radius-retransmit; default "3"; description "Number of times to retransmit a request to the RADIUS server"; } leaf host-timeout { type Aaa-radius-timeout; default "5"; description "Time to wait for a RADIUS server to reply"; } leaf ordering-index { type uint32; description "This is used to sort the servers in the order of precedence"; } leaf ip-address { type inet:ip-address-no-zone; description "IP address of RADIUS server"; } leaf auth-port-number { type inet:port-number; description "Authentication Port number (standard port 1645)"; } leaf acct-port-number { type inet:port-number; description "Accounting Port number (standard port 1646)"; } leaf ignore-accounting-port { type boolean; description "Time to wait for a RADIUS server to reply"; } leaf idle-time { type Aaa-radius-timeout; default "5"; description "Idle time for RADIUS server"; } leaf username { type string; description "Username to be tested for automated testing"; } leaf ignore-auth-port { type boolean; description "Time to wait for a RADIUS server to reply"; } } // list host } // container hosts container dead-criteria { description "RADIUS server dead criteria"; leaf tries { type Aaa-radius-dead-detect-tries; description "The number of consecutive timeouts the router must experience in order to mark the server as dead. All transmissions, including the initial transmit and all retransmits, will be counted"; } leaf time { type Aaa-radius-dead-detect-time; description "The minimum amount of time which must elapse since the router last received a valid RADIUS packet from the server prior to marking it dead"; } } // container dead-criteria container disallow { description "disallow null-username"; leaf null-username { type uint32; description "Disallow null-username"; } } // container disallow container ipv6 { description "IPv6 configuration"; leaf dscp { type Aaa-dscp-value; description "Specify the DSCP value"; } } // container ipv6 container dynamic-authorization { description "RADIUS dynamic authorization"; container clients { description "Client data"; list client { key "ip-address"; description "Client data"; leaf ip-address { type inet:ip-address-no-zone; description "IP address of COA client"; } container server-key { description "RADIUS CoA client encryption key"; leaf text { type xr:Proprietary-password; description "Encryption key"; } leaf encrypt-type { type Sct-encryption; default "type7"; description "Encryption Type"; } } // container server-key } // list client list client-vrf-name { key "vrf-name ip-address"; description "Client data"; leaf vrf-name { type xr:Cisco-ios-xr-string; description "VRF name"; } leaf ip-address { type inet:ip-address-no-zone; description "IP address of COA client"; } container server-key { description "RADIUS CoA client encryption key"; leaf text { type xr:Proprietary-password; description "Encryption key"; } leaf encrypt-type { type Sct-encryption; default "type7"; description "Encryption Type"; } } // container server-key } // list client-vrf-name } // container clients leaf ignore { type Aaa-select-key; description "Ignore option for server key or session key"; } leaf port { type uint32 { range "1000..5000"; } description "Specify the COA server port to listen on"; } leaf authentication-type { type Aaa-authentication; description "RADIUS dynamic authorization type"; } container server-key { description "RADIUS CoA client encryption key"; leaf text { type xr:Proprietary-password; description "Encryption key"; } leaf encrypt-type { type Sct-encryption; default "type7"; description "Encryption Type"; } } // container server-key } // container dynamic-authorization container load-balance-options { description "Radius load-balancing options"; container load-balance-method { description "Method by which the next host will be picked"; container batch-size { presence "Contains mandatory nodes that used to set default values"; description "Batch size for selection of the server"; leaf batch-size { type uint32 { range "1..1500"; } mandatory true; description "Batch size for selection of the server"; } leaf ignore-preferred-server { type boolean; mandatory true; description "Disable preferred server for this Server Group"; } } // container batch-size } // container load-balance-method } // container load-balance-options container vrfs { description "List of VRFs"; list vrf { key "vrf-name"; description "A VRF"; leaf source-interface { type xr:Interface-name; description "Specify interface for source address in RADIUS packets"; } leaf vrf-name { type xr:Cisco-ios-xr-string; description "VRF name. Specify 'default' for defalut VRF"; } } // list vrf } // container vrfs container throttle { presence "Indicates a throttle node is configured."; description "Radius throttling options"; leaf access { type Aaa-throttle-access; mandatory true; description "To flow control the number of access requests sent to a radius server"; } leaf accounting { type Aaa-throttle-accounting; mandatory true; description "To flow control the number of accounting requests sent to a radius server"; } leaf access-timeout { type Aaa-throttle-access-timeout; mandatory true; description "Specify the number of timeouts exceeding which a throttled access request is dropped"; } } // container throttle container vsa { description "Unknown VSA (Vendor Specific Attribute) ignore configuration for RADIUS server"; container attribute { description "Vendor Specific Attribute"; container ignore { description "Ignore the VSA"; leaf unknown { type empty; description "Ignore the VSA and no prefix will reject the unknown VSA"; } } // container ignore } // container attribute } // container vsa container ipv4 { description "IPv4 configuration"; leaf dscp { type Aaa-dscp-value; description "Specify the DSCP value"; } } // container ipv4 container radius-attribute { description "attribute"; container filter-id-11 { description "Filter-Id attribute configuration"; container defaults { description "Set the attribute default direction"; leaf direction { type Aaa-direction; description "Filtering is applied to ingress(inbound)/egress(outbound) packets only"; } } // container defaults } // container filter-id-11 container acct-multi-session-id { description "Acct-Session-Id attribute(44)"; container include-parent-session-id { description "Prepend Acct-Session-Id attribute with Nas-Port-Id"; leaf config { type Aaa-config; description "false/true"; } } // container include-parent-session-id } // container acct-multi-session-id container acct-session-id { description "Acct-Session-Id attribute(44)"; container prepend-nas-port-id { description "Prepend Acct-Session-Id attribute with Nas-Port-Id"; leaf config { type Aaa-config; description "false/true"; } } // container prepend-nas-port-id } // container acct-session-id } // container radius-attribute container attributes { description "Table of attribute list"; list attribute { key "attribute-list-name"; description "Attribute list name"; container vendor-ids { description "Vendor Specific Attribute"; list vendor-id { key "vendor-id"; description "Vendor ID of vsa"; leaf vendor-id { type uint32; description "Vendor Id of vsa"; } list vendor-type { key "vendor-type"; description "Vendor Type of vsa"; leaf vendor-type { type uint32; description "Vendor Type of vsa"; } list attribute-name { key "attribute-name"; description "Attribute Name of vsa"; leaf attribute-name { type xr:Cisco-ios-xr-string; description "Attribute Name of vsa"; } list attribute-name-absent { key "attribute-name-absent"; description "AttributeName of vsa is absent"; leaf attribute-name-absent { type uint32; description "AttributeName of vsa is absent"; } list attribute-name-present { key "attribute-name-present"; description "AttributeName of vsa is present"; leaf attribute-name-present { type uint32; description "AttributeName of vsa is present"; } } // list attribute-name-present } // list attribute-name-absent } // list attribute-name } // list vendor-type } // list vendor-id } // container vendor-ids leaf attribute { type string; description "Specify RADIUS attribute"; } leaf attribute-list-name { type xr:Cisco-ios-xr-string; description "Attribute list name"; } } // list attribute } // container attributes container key { description "RADIUS encryption key"; leaf text { type xr:Proprietary-password; description "Encryption key"; } leaf encrypt-type { type Scrt-encryption; default "type7"; description "Encryption Type"; } } // container key container source-port { description "Source port"; leaf extended { type empty; description "Enable source-port extend "; } } // container source-port leaf retransmit { type Aaa-radius-retransmit-with-disable; default "3"; description "Number of times to retransmit a request to the RADIUS server(0-Disable)"; } leaf dead-time { type Aaa-radius-dead-time; units "minute"; description "This indicates the length of time (in minutes) for which a RADIUS server remains marked as dead"; } leaf timeout { type Aaa-radius-timeout; default "5"; description "Time to wait for a RADIUS server to reply"; } leaf ignore-accounting-port { type boolean; description "Time to wait for a RADIUS server to reply"; } leaf idle-time { type Aaa-radius-timeout; default "5"; description "Idle time for RADIUS server"; } leaf username { type string; description "Username to be tested for automated testing"; } leaf ignore-auth-port { type boolean; description "Time to wait for a RADIUS server to reply"; } } // container radius container diameter { description "Diameter base protocol"; container gy { description "Start diameter policy-if"; leaf retransmit { type uint32 { range "1..10"; } description "Set retransmit count"; } leaf enable { type boolean; default "true"; description "Enable or disable gy"; } leaf dest-host { type string { length "1..256"; } description "Destination Host name in FQDN format"; } leaf tx-timer { type Aaa-diameter-timeout; description "Transaction timer value"; } leaf service-context-id { type string { length "1..256"; } description "Service Context ID in FQDN format"; } } // container gy container origin { description "Origin sub commands"; leaf realm { type string { length "1..256"; } description "Origin Realm String"; } leaf host { type xr:Cisco-ios-xr-string { length "1..256"; } description "Host name in FQDN format"; } } // container origin container nas { description "Start diameter Nas"; leaf enable { type boolean; default "true"; description "Enable or disable nas"; } leaf dest-host { type string { length "1..256"; } description "Destination Host name in FQDN format"; } } // container nas container diameter-tls { description "TLS sub commands"; leaf trustpoint { type string; description "Trustpoint label to be used"; } } // container diameter-tls container peers { description "List of diameter peers"; list peer { key "peer-name"; description "Diameter peer instance"; container peer-timer { description "Timers used for the peer"; leaf transaction { type Aaa-diameter-timeout; description "Timer value in seconds"; } leaf connection { type Aaa-diameter-timeout; description "Timer value in seconds"; } leaf watchdog { type Aaa-diameter-timeout; description "Timer value in seconds"; } } // container peer-timer container peer-type { description "Peer Type"; leaf server { type boolean; description "Enabled or disabled"; } } // container peer-type container origin-realms { description "List of origin realms"; list origin-realm { key "origin-realm-name"; description "Diameter Origin realm instance"; container access-intf-names { description "List of Access Interfaces"; list access-intf-name { key "access-intf-name"; description "Diameter Origin realm Access intf instance"; leaf access-intf-name { type xr:Interface-name; description "Specify a access interface"; } } // list access-intf-name } // container access-intf-names leaf origin-realm-name { type xr:Cisco-ios-xr-string { length "1..256"; } description "Origin realm information"; } } // list origin-realm } // container origin-realms leaf host-destination { type string { length "1..256"; } description "Destination host information"; } leaf auth-session-stateless { type boolean; description "Enabled or disabled"; } leaf ipv4-address { type inet:ipv4-address-no-zone; description "IPv4 address of diameter server"; } leaf realm-destination { type string { length "1..256"; } description "Realm to which the peer belongs to"; } leaf tcp-transport { type Aaa-diameter-port; description "Specify a Diameter transport protocol"; } leaf source-interface { type xr:Interface-name; description "Specify interface for source address in DIAMETER packets"; } leaf ipv6-address { type inet:ip-address-no-zone; description "IPv6 address of diameter server"; } leaf tls-transport { type Aaa-diameter-tls; description "Specify a Diameter security type"; } leaf vrf-ip { type string; description "VRF the peer belongs to"; } leaf peer-name { type xr:Cisco-ios-xr-string; description "Name for the diameter peer configuration"; } } // list peer } // container peers container diams { description "Attribute list configuration for test command"; list diam { key "list-id"; description "attribute list configuration"; container diam-attr-defs { description "Specify an attribute definition"; list diam-attr-def { key "vendor-id attribute-id"; description "vendor id"; container diam-attr-value { description "attr subcommands"; leaf type-string { type string; description "String type"; } leaf type-ipv4-address { type inet:ipv4-address-no-zone; description "IPv4 address type"; } leaf type-binary { type string; description "Binary type"; } leaf type-boolean { type uint32 { range "0..4294967295"; } description "Boolean type"; } leaf type-enum { type uint32 { range "0..4294967295"; } description "Enumeration type"; } leaf type-grouped { type uint32 { range "0..99"; } description "Grouped attribute"; } leaf type-ulong { type uint32 { range "0..4294967295"; } description "Numeric type"; } leaf type-identity { type string; description "Diameter-identity type"; } leaf data-type { type Aaa-diameter-attr; description "Dataypte of attribute"; } leaf type-ulonglong { type uint32 { range "0..4294967295"; } description "Numeric type"; } leaf type-utc { type uint32 { range "0..4294967295"; } description "Numeric type"; } leaf mandatory { type uint32 { range "0..1"; } description "Is mandatory?"; } } // container diam-attr-value leaf vendor-id { type uint32 { range "0..4294967295"; } description "value for vendor id"; } leaf attribute-id { type uint32 { range "1..65535"; } description "enter attribute id"; } } // list diam-attr-def } // container diam-attr-defs leaf list-id { type uint32 { range "0..99"; } description "attribute list number"; } } // list diam } // container diams container gx { description "Start diameter policy-if"; leaf retransmit { type uint32 { range "1..10"; } description "Set retransmit count"; } leaf enable { type boolean; default "true"; description "Enable or disable gx"; } leaf dest-host { type string { length "1..256"; } description "Destination Host name in FQDN format"; } leaf tx-timer { type Aaa-diameter-timeout; description "Transaction timer value"; } } // container gx container services { description "Service sub commands"; list service { key "service-name"; description "Diameter Service instance"; leaf monitoring-key { type string; description "Name for the diameter Service Monitoring configuration"; } leaf service-name { type xr:Cisco-ios-xr-string; description "Name for the diameter Service configuration"; } } // list service } // container services container diameter-timer { description "Timers used for the peer"; leaf transaction { type Aaa-diameter-timeout; description "Timer value in seconds"; } leaf connection { type Aaa-diameter-timeout; description "Timer value in seconds"; } leaf watchdog { type Aaa-diameter-timeout; description "Timer value in seconds"; } } // container diameter-timer container vendor { description "Vendor specific"; container supported { description "Supported vendors"; leaf cisco { type boolean; description "Cisco attribute support"; } leaf threegpp { type boolean; description "3GPP attribute support"; } leaf etsi { type boolean; description "Etsi attribute support"; } leaf vodafone { type boolean; description "Vodafone attribute support"; } } // container supported } // container vendor leaf source-interface { type xr:Interface-name; description "Specify interface for source address in DIAMETER packets"; } } // container diameter } // container aaa } // module Cisco-IOS-XR-aaa-lib-cfg
© 2023 YumaWorks, Inc. All rights reserved.