This module contains a collection of YANG definitions for Cisco IOS-XR aaa-protocol-radius package configuration. This YANG mod...
Version: 2020-08-26
module Cisco-IOS-XR-aaa-protocol-radius-cfg { yang-version 1; namespace "http://cisco.com/ns/yang/Cisco-IOS-XR-aaa-protocol-radius-cfg"; prefix aaa-protocol-radius-cfg; import ietf-inet-types { prefix inet; } import Cisco-IOS-XR-types { prefix xr; } import cisco-semver { prefix semver; } import Cisco-IOS-XR-aaa-locald-cfg { prefix a1; } import Cisco-IOS-XR-aaa-lib-cfg { prefix a2; } organization "Cisco Systems, Inc."; contact "Cisco Systems, Inc. Customer Service Postal: 170 West Tasman Drive San Jose, CA 95134 Tel: +1 800 553-NETS E-mail: cs-yang@cisco.com"; description "This module contains a collection of YANG definitions for Cisco IOS-XR aaa-protocol-radius package configuration. This YANG module augments the Cisco-IOS-XR-aaa-locald-cfg, Cisco-IOS-XR-aaa-lib-cfg modules with configuration data. Copyright (c) 2013-2020 by Cisco Systems, Inc. All rights reserved."; revision "2020-08-26" { description "Fixed key display problem in netconf request 2020-04-20 Added Type 6 support for Secret/Key"; } revision "2019-10-31" { description "Added mandatory nodes and presence containers"; } revision "2019-05-20" { description "Made access and accounting to mandatory."; } revision "2019-04-05" { description "Establish semantic version baseline."; } revision "2017-09-07" { description "Fixed type translation error."; } revision "2017-05-01" { description "Fixing backward compatibility error in module."; } revision "2015-11-09" { description "IOS XR 6.0 revision."; } semver:module-version "3.0.0"; semver:module-version "2.0.0"; semver:module-version "1.0.0"; typedef Aaa-radius-timeout { type uint32 { range "1..1000"; } description "Aaa radius timeout"; } typedef Aaa-dscp-value { type union { type enumeration { enum "af11" { value 10; description "Match packets with AF11 DSCP"; } enum "af12" { value 12; description "Match packets with AF12 DSCP"; } enum "af13" { value 14; description "Match packets with AF13 DSCP"; } enum "af21" { value 18; description "Match packets with AF21 DSCP"; } enum "af22" { value 20; description "Match packets with AF22 DSCP"; } enum "af23" { value 22; description "Match packets with AF23 DSCP"; } enum "af31" { value 26; description "Match packets with AF31 DSCP"; } enum "af32" { value 28; description "Match packets with AF32 DSCP"; } enum "af33" { value 30; description "Match packets with AF33 DSCP"; } enum "af41" { value 34; description "Match packets with AF41 DSCP"; } enum "af42" { value 36; description "Match packets with AF42 DSCP"; } enum "af43" { value 38; description "Match packets with AF43 DSCP"; } enum "cs1" { value 8; description "Match packets with CS1 DSCP"; } enum "cs2" { value 16; description "Match packets with CS2 DSCP"; } enum "cs3" { value 24; description "Match packets with CS3 DSCP"; } enum "cs4" { value 32; description "Match packets with CS4 DSCP"; } enum "cs5" { value 40; description "Match packets with CS5 DSCP"; } enum "cs6" { value 48; description "Match packets with CS6 DSCP"; } enum "cs7" { value 56; description "Match packets with CS7 DSCP"; } enum "default" { value 0; description "Match packets with 0000 DSCP"; } enum "ef" { value 46; description "Match packets with EF DSCP"; } } type uint32 { range "0..63"; } } description "Aaa dscp value"; } typedef Sct-encryption { type enumeration { enum "type6" { value 6; description "Type 6 encryption"; } enum "type7" { value 7; description "Type 7 encryption"; } } description "Sct encryption"; } typedef Aaa-action { type enumeration { enum "accept" { value 1; description "Accept"; } enum "reject" { value 2; description "Reject"; } } description "Aaa action"; } typedef Scrt-encryption { type enumeration { enum "type6" { value 6; description "Type 6 encryption"; } enum "type7" { value 7; description "Type 7 encryption"; } } description "Scrt encryption"; } typedef Aaa-authentication { type enumeration { enum "all" { value 101; description "All"; } enum "any" { value 102; description "Any"; } enum "session-key" { value 103; description "Session key"; } } description "Aaa authentication"; } typedef Aaa-select-key { type enumeration { enum "server-key" { value 1; description "Server key"; } enum "session-key" { value 2; description "Session key"; } } description "Aaa select key"; } typedef Aaa-throttle-access-timeout { type uint32 { range "1..10"; } description "Aaa throttle access timeout"; } typedef Aaa-radius-dead-detect-tries { type uint32 { range "1..100"; } description "Aaa radius dead detect tries"; } typedef Aaa-radius-dead-time { type uint32 { range "1..1440"; } description "Aaa radius dead time"; } typedef Aaa-throttle-accounting { type uint32 { range "0..65535"; } description "Aaa throttle accounting"; } typedef Aaa-radius-idle-time { type uint32 { range "1..60"; } description "Aaa radius idle time"; } typedef Aaa-direction { type enumeration { enum "inbound" { value 0; description "Inbound"; } enum "outbound" { value 1; description "Outbound"; } } description "Aaa direction"; } typedef Aaa-radius-dead-detect-time { type uint32 { range "1..120"; } description "Aaa radius dead detect time"; } typedef Aaa-radius-retransmit { type uint32 { range "1..100"; } description "Aaa radius retransmit"; } typedef Aaa-throttle-access { type uint32 { range "0..65535"; } description "Aaa throttle access"; } typedef Aaa-config { type enumeration { enum "false" { value 0; description "False"; } enum "true" { value 1; description "True"; } } description "Aaa config"; } typedef Aaa-radius-retransmit-with-disable { type uint32 { range "0..100"; } description "Aaa radius retransmit with disable"; } grouping IGNORE-ACCOUNTING-PORT { description "Common node of radius, host"; leaf ignore-accounting-port { type boolean; description "Time to wait for a RADIUS server to reply"; } } // grouping IGNORE-ACCOUNTING-PORT grouping IDLE-TIME { description "Common node of radius, host"; leaf idle-time { type Aaa-radius-timeout; default "5"; description "Idle time for RADIUS server"; } } // grouping IDLE-TIME grouping USERNAME { description "Common node of radius, host"; leaf username { type string; description "Username to be tested for automated testing"; } } // grouping USERNAME grouping REPLY { description "Common node of authorization, accounting"; container reply { description "Specify a filter in server group"; leaf action { type Aaa-action; description "Specify the attribute list type accept or reject"; } leaf attribute-list-name { type string; description "Name of RADIUS attribute list"; } } // container reply } // grouping REPLY grouping DSCP { description "Common node of ipv4, ipv6"; leaf dscp { type Aaa-dscp-value; description "Specify the DSCP value"; } } // grouping DSCP grouping SERVER-KEY { description "Common node of client, dynamic-authorization"; container server-key { description "RADIUS CoA client encryption key"; leaf text { type xr:Proprietary-password; description "Encryption key"; } leaf encrypt-type { type Sct-encryption; default "type7"; description "Encryption Type"; } } // container server-key } // grouping SERVER-KEY grouping IGNORE-AUTH-PORT { description "Common node of radius, host"; leaf ignore-auth-port { type boolean; description "Time to wait for a RADIUS server to reply"; } } // grouping IGNORE-AUTH-PORT grouping REQUEST { description "Common node of authorization, accounting"; container request { description "Specify a filter in server group"; leaf action { type Aaa-action; description "Specify the attribute list type accept or reject"; } leaf attribute-list-name { type string; description "Name of RADIUS attribute list"; } } // container request } // grouping REQUEST augment /a2:aaa { description "This augment extends the configuration data of 'Cisco-IOS-XR-aaa-lib-cfg'"; container radius { description "Remote Access Dial-In User Service"; container hosts { description "List of RADIUS servers"; list host { key "ordering-index ip-address auth-port-number acct-port-number"; description "Instance of a RADIUS server"; container host-key { description "RADIUS encryption key"; leaf text { type xr:Proprietary-password; description "Encryption key"; } leaf encrypt-type { type Scrt-encryption; default "type7"; description "Encryption Type"; } } // container host-key leaf host-retransmit { type Aaa-radius-retransmit; default "3"; description "Number of times to retransmit a request to the RADIUS server"; } leaf host-timeout { type Aaa-radius-timeout; default "5"; description "Time to wait for a RADIUS server to reply"; } leaf ordering-index { type uint32; description "This is used to sort the servers in the order of precedence"; } leaf ip-address { type inet:ip-address-no-zone; description "IP address of RADIUS server"; } leaf auth-port-number { type inet:port-number; description "Authentication Port number (standard port 1645)"; } leaf acct-port-number { type inet:port-number; description "Accounting Port number (standard port 1646)"; } uses IGNORE-ACCOUNTING-PORT; uses IDLE-TIME; uses USERNAME; uses IGNORE-AUTH-PORT; } // list host } // container hosts container dead-criteria { description "RADIUS server dead criteria"; leaf tries { type Aaa-radius-dead-detect-tries; description "The number of consecutive timeouts the router must experience in order to mark the server as dead. All transmissions, including the initial transmit and all retransmits, will be counted"; } leaf time { type Aaa-radius-dead-detect-time; description "The minimum amount of time which must elapse since the router last received a valid RADIUS packet from the server prior to marking it dead"; } } // container dead-criteria container disallow { description "disallow null-username"; leaf null-username { type uint32; description "Disallow null-username"; } } // container disallow container ipv6 { description "IPv6 configuration"; uses DSCP; } // container ipv6 container dynamic-authorization { description "RADIUS dynamic authorization"; container clients { description "Client data"; grouping CLIENT-CONTENT { description "CLIENT CONTENT"; uses SERVER-KEY; } // grouping CLIENT-CONTENT list client { key "ip-address"; description "Client data"; leaf ip-address { type inet:ip-address-no-zone; description "IP address of COA client"; } uses CLIENT-CONTENT; } // list client list client-vrf-name { key "vrf-name ip-address"; description "Client data"; leaf vrf-name { type xr:Cisco-ios-xr-string; description "VRF name"; } leaf ip-address { type inet:ip-address-no-zone; description "IP address of COA client"; } uses CLIENT-CONTENT; } // list client-vrf-name } // container clients leaf ignore { type Aaa-select-key; description "Ignore option for server key or session key"; } leaf port { type uint32 { range "1000..5000"; } description "Specify the COA server port to listen on"; } leaf authentication-type { type Aaa-authentication; description "RADIUS dynamic authorization type"; } uses SERVER-KEY; } // container dynamic-authorization container load-balance-options { description "Radius load-balancing options"; container load-balance-method { description "Method by which the next host will be picked"; container batch-size { presence "Contains mandatory nodes that used to set default values"; description "Batch size for selection of the server"; leaf batch-size { type uint32 { range "1..1500"; } mandatory true; description "Batch size for selection of the server"; } leaf ignore-preferred-server { type boolean; mandatory true; description "Disable preferred server for this Server Group"; } } // container batch-size } // container load-balance-method } // container load-balance-options container vrfs { description "List of VRFs"; list vrf { key "vrf-name"; description "A VRF"; leaf source-interface { type xr:Interface-name; description "Specify interface for source address in RADIUS packets"; } leaf vrf-name { type xr:Cisco-ios-xr-string; description "VRF name. Specify 'default' for defalut VRF"; } } // list vrf } // container vrfs container throttle { presence "Indicates a throttle node is configured."; description "Radius throttling options"; leaf access { type Aaa-throttle-access; mandatory true; description "To flow control the number of access requests sent to a radius server"; } leaf accounting { type Aaa-throttle-accounting; mandatory true; description "To flow control the number of accounting requests sent to a radius server"; } leaf access-timeout { type Aaa-throttle-access-timeout; mandatory true; description "Specify the number of timeouts exceeding which a throttled access request is dropped"; } } // container throttle container vsa { description "Unknown VSA (Vendor Specific Attribute) ignore configuration for RADIUS server"; container attribute { description "Vendor Specific Attribute"; container ignore { description "Ignore the VSA"; leaf unknown { type empty; description "Ignore the VSA and no prefix will reject the unknown VSA"; } } // container ignore } // container attribute } // container vsa container ipv4 { description "IPv4 configuration"; uses DSCP; } // container ipv4 container radius-attribute { description "attribute"; container filter-id-11 { description "Filter-Id attribute configuration"; container defaults { description "Set the attribute default direction"; leaf direction { type Aaa-direction; description "Filtering is applied to ingress(inbound)/egress(outbound) packets only"; } } // container defaults } // container filter-id-11 container acct-multi-session-id { description "Acct-Session-Id attribute(44)"; container include-parent-session-id { description "Prepend Acct-Session-Id attribute with Nas-Port-Id"; leaf config { type Aaa-config; description "false/true"; } } // container include-parent-session-id } // container acct-multi-session-id container acct-session-id { description "Acct-Session-Id attribute(44)"; container prepend-nas-port-id { description "Prepend Acct-Session-Id attribute with Nas-Port-Id"; leaf config { type Aaa-config; description "false/true"; } } // container prepend-nas-port-id } // container acct-session-id } // container radius-attribute container attributes { description "Table of attribute list"; list attribute { key "attribute-list-name"; description "Attribute list name"; container vendor-ids { description "Vendor Specific Attribute"; list vendor-id { key "vendor-id"; description "Vendor ID of vsa"; leaf vendor-id { type uint32; description "Vendor Id of vsa"; } list vendor-type { key "vendor-type"; description "Vendor Type of vsa"; leaf vendor-type { type uint32; description "Vendor Type of vsa"; } list attribute-name { key "attribute-name"; description "Attribute Name of vsa"; leaf attribute-name { type xr:Cisco-ios-xr-string; description "Attribute Name of vsa"; } list attribute-name-absent { key "attribute-name-absent"; description "AttributeName of vsa is absent"; leaf attribute-name-absent { type uint32; description "AttributeName of vsa is absent"; } list attribute-name-present { key "attribute-name-present"; description "AttributeName of vsa is present"; leaf attribute-name-present { type uint32; description "AttributeName of vsa is present"; } } // list attribute-name-present } // list attribute-name-absent } // list attribute-name } // list vendor-type } // list vendor-id } // container vendor-ids leaf attribute { type string; description "Specify RADIUS attribute"; } leaf attribute-list-name { type xr:Cisco-ios-xr-string; description "Attribute list name"; } } // list attribute } // container attributes container key { description "RADIUS encryption key"; leaf text { type xr:Proprietary-password; description "Encryption key"; } leaf encrypt-type { type Scrt-encryption; default "type7"; description "Encryption Type"; } } // container key container source-port { description "Source port"; leaf extended { type empty; description "Enable source-port extend "; } } // container source-port leaf retransmit { type Aaa-radius-retransmit-with-disable; default "3"; description "Number of times to retransmit a request to the RADIUS server(0-Disable)"; } leaf dead-time { type Aaa-radius-dead-time; units "minute"; description "This indicates the length of time (in minutes) for which a RADIUS server remains marked as dead"; } leaf timeout { type Aaa-radius-timeout; default "5"; description "Time to wait for a RADIUS server to reply"; } uses IGNORE-ACCOUNTING-PORT; uses IDLE-TIME; uses USERNAME; uses IGNORE-AUTH-PORT; } // container radius } augment /a2:aaa/a1:server-groups { description "This augment extends the configuration data of 'Cisco-IOS-XR-aaa-locald-cfg'"; container radius-server-groups { description "RADIUS server group definition"; list radius-server-group { key "server-group-name"; description "RADIUS server group name"; container accounting { description "List of filters in server group"; uses REQUEST; uses REPLY; } // container accounting container servers { description "List of RADIUS servers present in the group"; list server { key "ordering-index ip-address auth-port-number acct-port-number"; description "A server to include in the server group"; leaf ordering-index { type uint32; description "This is used to sort the servers in the order of precedence"; } leaf ip-address { type inet:ip-address-no-zone; description "IP address of RADIUS server"; } leaf auth-port-number { type inet:port-number; description "Authentication Port number (standard port 1645)"; } leaf acct-port-number { type inet:port-number; description "Accounting Port number (standard port 1646)"; } } // list server } // container servers container private-servers { description "List of private RADIUS servers present in the group"; list private-server { key "ordering-index ip-address auth-port-number acct-port-number"; description "A private server to include in the server group"; container private-key { description "RADIUS encryption key"; leaf text { type xr:Proprietary-password; description "Encryption key"; } leaf encrypt-type { type Scrt-encryption; default "type7"; description "Encryption Type"; } } // container private-key leaf private-timeout { type Aaa-radius-timeout; default "5"; description "Time to wait for a RADIUS server to reply"; } leaf ignore-accounting-port { type boolean; description "Ignore Accounting port"; } leaf private-retransmit { type Aaa-radius-retransmit; default "3"; description "Number of times to retransmit a request to the RADIUS server"; } leaf idle-time { type Aaa-radius-idle-time; default "5"; description "Idle time for the radius Server"; } leaf username { type string; description "Username to be tested for automated testing"; } leaf ignore-auth-port { type boolean; description "Ignore authentication Port"; } leaf ordering-index { type uint32; description "This is used to sort the servers in the order of precedence"; } leaf ip-address { type inet:ip-address-no-zone; description "IP address of RADIUS server"; } leaf auth-port-number { type inet:port-number; description "Authentication Port number (standard port 1645)"; } leaf acct-port-number { type inet:port-number; description "Accounting Port number (standard port 1646)"; } } // list private-server } // container private-servers container server-group-throttle { presence "Contains mandatory nodes that used to set default values"; description "Radius throttling options"; leaf access { type Aaa-throttle-access; mandatory true; description "To flow control the number of access requests sent to a radius server"; } leaf accounting { type Aaa-throttle-accounting; mandatory true; description "To flow control the number of accounting requests sent to a radius server"; } leaf access-timeout { type Aaa-throttle-access-timeout; mandatory true; description "Specify the number of timeouts exceeding which a throttled access request is dropped"; } } // container server-group-throttle container load-balance { description "Radius load-balancing options"; container method { description "Method by which the next host will be picked"; container name { presence "Contains mandatory nodes that used to set default values"; description "Batch size for selection of the server"; leaf least-outstanding { type uint32; mandatory true; description "Pick the server with the least transactions outstanding"; } leaf batch-size { type uint32 { range "1..1500"; } mandatory true; description "Batch size for selection of the server"; } leaf ignore-preferred-server { type boolean; mandatory true; description "Disable preferred server for this Server Group"; } } // container name } // container method } // container load-balance container authorization { description "List of filters in server group"; uses REQUEST; uses REPLY; } // container authorization leaf dead-time { type Aaa-radius-dead-time; units "minute"; description "This indicates the length of time (in minutes) for which RADIUS servers present in this group remain marked as dead"; } leaf source-interface { type xr:Interface-name; description "Specify interface for source address in RADIUS packets"; } leaf vrf { type string; description "Specify VRF name of RADIUS group"; } leaf server-group-name { type xr:Cisco-ios-xr-string; description "RADIUS server group name"; } } // list radius-server-group } // container radius-server-groups } } // module Cisco-IOS-XR-aaa-protocol-radius-cfg
© 2023 YumaWorks, Inc. All rights reserved.