This module contains a collection of YANG definitions for Cisco IOS-XR aaa-tacacs package configuration. This YANG module augme...
Version: 2020-11-24
module Cisco-IOS-XR-aaa-tacacs-cfg { yang-version 1; namespace "http://cisco.com/ns/yang/Cisco-IOS-XR-aaa-tacacs-cfg"; prefix aaa-tacacs-cfg; import ietf-inet-types { prefix inet; } import Cisco-IOS-XR-types { prefix xr; } import cisco-semver { prefix semver; } import Cisco-IOS-XR-aaa-lib-cfg { prefix a1; } import Cisco-IOS-XR-aaa-locald-cfg { prefix a2; } organization "Cisco Systems, Inc."; contact "Cisco Systems, Inc. Customer Service Postal: 170 West Tasman Drive San Jose, CA 95134 Tel: +1 800 553-NETS E-mail: cs-yang@cisco.com"; description "This module contains a collection of YANG definitions for Cisco IOS-XR aaa-tacacs package configuration. This YANG module augments the Cisco-IOS-XR-aaa-lib-cfg, Cisco-IOS-XR-aaa-locald-cfg modules with configuration data. Copyright (c) 2013-2020 by Cisco Systems, Inc. All rights reserved."; revision "2020-11-24" { description "Added single connect idle timeout support config for private server. 2020-08-19 Added support for Holddown Time. 2020-04-20 Added support for Type 6."; } revision "2020-01-28" { description "Added single connect support config for private server group. 2019-08-29 Added new config for idle timeout for single connection."; } revision "2019-04-05" { description "Establish semantic version baseline."; } revision "2017-09-07" { description "Fixed type translation error."; } revision "2015-11-09" { description "IOS XR 6.0 revision."; } semver:module-version "2.0.0"; semver:module-version "1.2.0"; semver:module-version "1.1.0"; typedef Tacacs-dscp-value { type union { type enumeration { enum "af11" { value 10; description "Match packets with AF11 DSCP"; } enum "af12" { value 12; description "Match packets with AF12 DSCP"; } enum "af13" { value 14; description "Match packets with AF13 DSCP"; } enum "af21" { value 18; description "Match packets with AF21 DSCP"; } enum "af22" { value 20; description "Match packets with AF22 DSCP"; } enum "af23" { value 22; description "Match packets with AF23 DSCP"; } enum "af31" { value 26; description "Match packets with AF31 DSCP"; } enum "af32" { value 28; description "Match packets with AF32 DSCP"; } enum "af33" { value 30; description "Match packets with AF33 DSCP"; } enum "af41" { value 34; description "Match packets with AF41 DSCP"; } enum "af42" { value 36; description "Match packets with AF42 DSCP"; } enum "af43" { value 38; description "Match packets with AF43 DSCP"; } enum "cs1" { value 8; description "Match packets with CS1 DSCP"; } enum "cs2" { value 16; description "Match packets with CS2 DSCP"; } enum "cs3" { value 24; description "Match packets with CS3 DSCP"; } enum "cs4" { value 32; description "Match packets with CS4 DSCP"; } enum "cs5" { value 40; description "Match packets with CS5 DSCP"; } enum "cs6" { value 48; description "Match packets with CS6 DSCP"; } enum "cs7" { value 56; description "Match packets with CS7 DSCP"; } enum "default" { value 0; description "Match packets with 0000 DSCP"; } enum "ef" { value 46; description "Match packets with EF DSCP"; } } type uint32 { range "0..63"; } } description "Tacacs dscp value"; } typedef Aaa-tacacs-holddown-time { type uint32 { range "0..1200"; } description "Aaa tacacs holddown time"; } typedef Secret-encryption { type enumeration { enum "type6" { value 6; description "Type 6 encryption"; } enum "type7" { value 7; description "Type 7 encryption"; } } description "Secret encryption"; } typedef Aaa-tacacs-timeout { type uint32 { range "1..1000"; } description "Aaa tacacs timeout"; } typedef Aaa-tacacs-port-range { type uint32 { range "1..65535"; } description "Aaa tacacs port range"; } grouping KEY { description "Common node of tacacs, host, private-server"; container key { description "Set TACACS+ encryption key"; leaf text { type xr:Proprietary-password; description "Encryption key"; } leaf encrypt-type { type Secret-encryption; default "type7"; description "Encryption Type"; } } // container key } // grouping KEY grouping TIMEOUT { description "Common node of tacacs, host, private-server"; leaf timeout { type Aaa-tacacs-timeout; default "5"; description "Time to wait for a TACACS+ server to reply"; } } // grouping TIMEOUT grouping HOLDDOWN-TIME { description "Common node of tacacs, host, tacacs-server-group, private-server"; leaf holddown-time { type Aaa-tacacs-holddown-time; default "0"; description "Time for which a TACACS+ server remains marked as dead"; } } // grouping HOLDDOWN-TIME grouping DSCP { description "Common node of ipv4, ipv6"; leaf dscp { type Tacacs-dscp-value; description "Specify the DSCP value"; } } // grouping DSCP grouping SINGLE-CONNECT { description "Common node of tacacs, host, private-server"; leaf single-connect { type boolean; default "false"; description "Use a single connection for all sessions for a given TACACS+ server"; } } // grouping SINGLE-CONNECT grouping SINGLE-CONNECT-IDLE-TIMEOUT { description "Common node of tacacs, host, private-server"; leaf single-connect-idle-timeout { type uint32 { range "5..7200"; } units "second"; description "Idle timeout for single connection to the TACACS+ server"; } } // grouping SINGLE-CONNECT-IDLE-TIMEOUT augment /a1:aaa { description "This augment extends the configuration data of 'Cisco-IOS-XR-aaa-lib-cfg'"; container tacacs { description "Modify TACACS+ query parameters"; container ipv6 { description "IPv6 configuration"; uses DSCP; } // container ipv6 container hosts { description "Specify a TACACS+ server"; list host { key "ordering-index ip-address port-number"; description "One of the TACACS+ servers"; leaf ordering-index { type uint32; description "This is used to sort the servers in the order of precedence"; } leaf ip-address { type inet:ip-address-no-zone; description "IP address of TACACS+ server"; } leaf port-number { type Aaa-tacacs-port-range; description "Port number (standard 49)"; } uses KEY; uses TIMEOUT; uses SINGLE-CONNECT; uses SINGLE-CONNECT-IDLE-TIMEOUT; uses HOLDDOWN-TIME; } // list host } // container hosts container ipv4 { description "IPv4 configuration"; uses DSCP; } // container ipv4 container vrfs { description "List of VRFs"; list vrf { key "vrf-name"; description "A VRF"; leaf source-interface { type xr:Interface-name; description "Specify interface for source address in TACACS+ packets"; } leaf vrf-name { type xr:Cisco-ios-xr-string; description "VRF name. Specify 'default' for default VRF"; } } // list vrf } // container vrfs uses KEY; uses TIMEOUT; uses SINGLE-CONNECT; uses SINGLE-CONNECT-IDLE-TIMEOUT; uses HOLDDOWN-TIME; } // container tacacs } augment /a1:aaa/a2:server-groups { description "This augment extends the configuration data of 'Cisco-IOS-XR-aaa-locald-cfg'"; container tacacs-server-groups { description "TACACS+ server-group definition"; list tacacs-server-group { key "server-group-name"; description "TACACS+ Server group name"; container servers { description "Specify a TACACS+ server"; list server { key "ordering-index ip-address"; description "A server to include in the server group"; leaf ordering-index { type uint32; description "This is used to sort the servers in the order of precedence"; } leaf ip-address { type inet:ip-address-no-zone; description "IP address of TACACS+ server"; } } // list server } // container servers container private-servers { description "List of private TACACS servers present in the group"; list private-server { key "ordering-index ip-address port-number"; description "A private server to include in the server group"; leaf ordering-index { type uint32; description "This is used to sort the servers in the order of precedence"; } leaf ip-address { type inet:ip-address-no-zone; description "IP address of TACACS+ server"; } leaf port-number { type Aaa-tacacs-port-range; description "Port number (standard 49)"; } uses KEY; uses TIMEOUT; uses SINGLE-CONNECT; uses SINGLE-CONNECT-IDLE-TIMEOUT; uses HOLDDOWN-TIME; } // list private-server } // container private-servers leaf vrf { type string; description "Specify VRF name of TACACS group"; } leaf server-group-name { type xr:Cisco-ios-xr-string; description "TACACS+ Server group name"; } uses HOLDDOWN-TIME; } // list tacacs-server-group } // container tacacs-server-groups } } // module Cisco-IOS-XR-aaa-tacacs-cfg
© 2023 YumaWorks, Inc. All rights reserved.