This module contains a collection of YANG definitions for Cisco IOS-XR crypto-macsec-mka package configuration. This module con...
Version: 2021-05-20
module Cisco-IOS-XR-crypto-macsec-mka-cfg { yang-version 1; namespace "http://cisco.com/ns/yang/Cisco-IOS-XR-crypto-macsec-mka-cfg"; prefix crypto-macsec-mka-cfg; import Cisco-IOS-XR-types { prefix xr; } import cisco-semver { prefix semver; } organization "Cisco Systems, Inc."; contact "Cisco Systems, Inc. Customer Service Postal: 170 West Tasman Drive San Jose, CA 95134 Tel: +1 800 553-NETS E-mail: cs-yang@cisco.com"; description "This module contains a collection of YANG definitions for Cisco IOS-XR crypto-macsec-mka package configuration. This module contains definitions for the following management objects: macsec: MACSec MKA Copyright (c) 2013-2021 by Cisco Systems, Inc. All rights reserved."; revision "2021-05-20" { description "Changed the sysdb path for ppk submode in policy 2020-08-24 MKA PPK 2020-08-17 Pause Frame In Clear"; } revision "2020-04-08" { description "MKA Fallback 2019-05-27 MKA ISSU"; } revision "2019-04-05" { description "MKA ISSU"; } revision "2015-11-09" { description "IOS XR 6.0 revision."; } semver:module-version "1.3.0"; semver:module-version "1.2.0"; semver:module-version "1.1.0"; typedef Macsec-mka-window-size { type uint32 { range "0..1024"; } description "Macsec mka window size"; } typedef Macsec-mka-security-policy { type enumeration { enum "should-secure" { value 0; description "should secure"; } enum "must-secure" { value 1; description "must secure"; } } description "Macsec mka security policy"; } typedef Macsec-mka-key-server-priority { type uint32 { range "0..255"; } description "Macsec mka key server priority"; } typedef Macsec-mka-policy-exception { type enumeration { enum "lacp-in-clear" { value 1; description "lacp in clear"; } } description "Macsec mka policy exception"; } typedef Macsec-mka-cipher-suite { type enumeration { enum "gcm-aes-128" { value 1; description "GCM AES 128"; } enum "gcm-aes-256" { value 2; description "GCM AES 256"; } enum "gcm-aes-xpn-128" { value 3; description "GCM AES XPN 128"; } enum "gcm-aes-xpn-256" { value 4; description "GCM AES XPN 256"; } } description "Macsec mka cipher suite"; } typedef Macsec-mka-conf-offset { type enumeration { enum "conf-off-set-0" { value 0; description "CONF OFFSET 0"; } enum "conf-off-set-30" { value 30; description "CONF OFFSET 30"; } enum "conf-off-set-50" { value 50; description "CONF OFFSET 50"; } } description "Macsec mka conf offset"; } typedef Macsec-mka-sak-rekey-interval { type uint32 { range "1..43200"; } description "Macsec mka sak rekey interval"; } typedef Macsec-mka-sak-rekey-interval-sec { type uint32 { range "60..2592000"; } description "Macsec mka sak rekey interval sec"; } typedef Macsec-mka-vlan-tags-in-clear { type uint32 { range "1..2"; } description "Macsec mka vlan tags in clear"; } container macsec { description "MACSec MKA"; container policy-names { description "MACSec Policy"; list policy-name { key "name"; description "MACsec Policy Name"; container allow { description "To allow certains data in clear text"; leaf lacp-in-clear { type empty; description "To allow lacp packets in clear text"; } leaf pause-frame-in-clear { type empty; description "To allow pause frames in clear text"; } } // container allow container suspend-for { description "suspendFor timer value for mka suspension"; leaf disable { type empty; description "Disable suspend for in issu"; } } // container suspend-for container ppk { description "PPK mode related policy"; leaf ppk-sub { type empty; description "This indicates existance of PPK"; } leaf sks-profile { type xr:Cisco-ios-xr-string { length "1..253"; } description "SKS Profile Name"; } } // container ppk leaf suspend-on-request-disable { type empty; description "Disable suspend on request in issu"; } leaf delay-protection { type empty; description "Enables data delay protection"; } leaf security-policy { type Macsec-mka-security-policy; description "Security-Policy of Policy"; } leaf created { type empty; description "This indicates the existence of Policy"; } leaf key-server-priority { type Macsec-mka-key-server-priority; description "Key-Server-Priority of Policy"; } leaf conf-offset { type Macsec-mka-conf-offset; description "Conf-Offset of Policy"; } leaf sak-rekey-interval { type Macsec-mka-sak-rekey-interval; units "minute"; description "DEPRECATED-Interval(in minutes) after which key-server generates new SAK for a Secured Session, Default: OFF, recommended to use seconds option"; } leaf policy-exception { type Macsec-mka-policy-exception; description "Macsec policy exception for packets to be in clear"; } leaf window-size { type Macsec-mka-window-size; description "Window-Size of Policy"; } leaf enable-legacy-fallback { type empty; description "Enable legacy fallback functionality"; } leaf cipher-suite { type Macsec-mka-cipher-suite; description "Cipher-suite of Policy"; } leaf include-icv-indicator { type empty; description "Enables Include ICV Indicator paramset in MKPDU"; } leaf use-eapol-pae-in-icv { type empty; description "Enable use eapol pae address in icv"; } leaf sak-rekey-interval-sec { type Macsec-mka-sak-rekey-interval-sec; units "second"; description "Interval(in seconds) after which key-server generates new SAK for a Secured Session, Default: OFF"; } leaf vlan-tags-in-clear { type Macsec-mka-vlan-tags-in-clear; description "VLAN-Tags-In-Clear of Policy"; } leaf enable-legacy-sak-write { type empty; description "To interop with legacy ncs5500 coherent systems"; } leaf name { type xr:Cisco-ios-xr-string { length "1..16"; } description "Name of the Policy of maximum length 16"; } } // list policy-name } // container policy-names leaf shutdown { type empty; description "Disable macsec on all data ports(system wide), has no impact on macsec configs"; } } // container macsec } // module Cisco-IOS-XR-crypto-macsec-mka-cfg
© 2024 YumaWorks, Inc. All rights reserved.