module Cisco-IOS-XR-dot1x-cfg {

    yang-version 1;

    namespace
      "http://cisco.com/ns/yang/Cisco-IOS-XR-dot1x-cfg";

    prefix dot1x-cfg;

    import Cisco-IOS-XR-types {
      prefix xr;
    }
    import cisco-semver {
      prefix semver;
    }

    organization "Cisco Systems, Inc.";

    contact
      "Cisco Systems, Inc.
     Customer Service
     
     Postal: 170 West Tasman Drive
     San Jose, CA 95134
     
     Tel: +1 800 553-NETS
     
     E-mail: cs-yang@cisco.com";

    description
      "This module contains a collection of YANG definitions
     for Cisco IOS-XR dot1x package configuration.
     
     This module contains definitions
     for the following management objects:
       dot1x: Global Dot1x Configuration
       eap: Global EAP Configuration
     
     Copyright (c) 2013-2020 by Cisco Systems, Inc.
     All rights reserved.";

    revision "2020-10-08" {
      description "EAP TTLS/EAP Attestation";
    }

    revision "2019-08-23" {
      description "Host Mode";
    }

    revision "2019-04-05" {
      description
        "Establish semantic version baseline.";
    }

    revision "2015-11-09" {
      description "IOS XR 6.0 revision.";
    }

    semver:module-version "1.1.0";
    semver:module-version "1.1.0";
    semver:module-version "1.0.0";

    typedef Dot1xpae {
      type string {
        pattern
          "(supplicant)|(authenticator)|(both)";
      }
      description
        "supplicant:PAE Type as Supplicant, authenticator:
       PAE type as Authenticator, both: PAE type as
       Supplicant & Authenticator";
    }

    typedef Dot1x-reauth-local-interval {
      type uint32 {
        range "60..5184000";
      }
      description
        "Dot1x reauth local interval";
    }

    typedef Dot1x-host-mode {
      type enumeration {
        enum "single-host" {
          value 1;
          description "single host";
        }
        enum "multi-host" {
          value 2;
          description "multiple host mode";
        }
        enum "multi-auth" {
          value 3;
          description
            "multiple authentication mode";
        }
      }
      description "Dot1x host mode";
    }

    typedef Dot1x-server-dead-action {
      type enumeration {
        enum "auth-fail" {
          value 0;
          description
            "server dead action auth-fail";
        }
        enum "auth-retry" {
          value 1;
          description
            "server dead action auth-retry";
        }
      }
      description "Dot1x server dead action";
    }

    container dot1x {
      description
        "Global Dot1x Configuration";
      list dot1x-profile {
        key "profile-name";
        description
          "Global Dot1x Profile Name";
        container supplicant {
          description
            "Dot1x Supplicant Related Configuration";
          leaf eap-profile {
            type string {
              length "1..63";
            }
            description
              "EAP Profile for Supplicant";
          }
        }  // container supplicant

        container authenticator {
          description
            "Dot1x Authenticator Related Configuration";
          container timers {
            description
              "Timers for Authenticator";
            container reauth-time {
              description
                "After this time ReAuthentication will be
               trigerred";
              leaf server {
                type boolean;
                description
                  "Reauth will be triggerred based on the EAP
                 server configuration";
              }

              leaf local {
                type Dot1x-reauth-local-interval;
                units "second";
                description
                  "Reauth will be triggerred based on the
                 configuration in box";
              }
            }  // container reauth-time
          }  // container timers

          leaf eap-profile {
            type string {
              length "1..63";
            }
            description
              "EAP Profile for Local EAP Server";
          }

          leaf host-mode {
            type Dot1x-host-mode;
            description
              "set the host mode for authentication";
          }

          leaf server-dead {
            type Dot1x-server-dead-action;
            description
              "dot1x authenticator action on AAA server
             unreachability";
          }
        }  // container authenticator

        leaf pae {
          type Dot1xpae;
          description
            "Dot1x PAE (Port Access Entity) Role";
        }

        leaf profile-name {
          type xr:Cisco-ios-xr-string {
            length "1..63";
          }
          description
            "Name of the Dot1x Profile";
        }
      }  // list dot1x-profile
    }  // container dot1x

    container eap {
      description "Global EAP Configuration";
      list eap-profile {
        key "profile-name";
        description
          "Global EAP Profile Configuration";
        container eaptls {
          description
            "EAP TLS Configuration";
          leaf pki-trustpoint {
            type xr:Cisco-ios-xr-string {
              length "1..63";
            }
            description
              "Configure PKI Trustpoint";
          }
        }  // container eaptls

        leaf allow-eap-tls1-0 {
          type empty;
          description
            "Configure backward compatibility for TLS 1.0";
        }

        leaf identity {
          type string {
            length "1..63";
          }
          description
            "Configure EAP Identity/UserName";
        }

        leaf profile-name {
          type xr:Cisco-ios-xr-string {
            length "1..63";
          }
          description
            "Name of the EAP Profile";
        }
      }  // list eap-profile
    }  // container eap
  }  // module Cisco-IOS-XR-dot1x-cfg