This module contains a collection of YANG definitions for Cisco IOS-XR aaa package configuration. This YANG module augments the...
Version: 2021-02-08
module Cisco-IOS-XR-um-aaa-cfg { yang-version 1; namespace "http://cisco.com/ns/yang/Cisco-IOS-XR-um-aaa-cfg"; prefix um-aaa-cfg; import cisco-semver { prefix semver; } organization "Cisco Systems, Inc."; contact "Cisco Systems, Inc. Customer Service Postal: 170 West Tasman Drive San Jose, CA 95134 Tel: +1 800 553-NETS E-mail: cs-yang@cisco.com"; description "This module contains a collection of YANG definitions for Cisco IOS-XR aaa package configuration. This YANG module augments the modules with configuration data. Copyright (c) 2021 by Cisco Systems, Inc. All rights reserved."; revision "2021-02-08" { description "Initial release"; } semver:module-version "1.0.0"; container aaa { description "Authentication, Authorization and Accounting"; container authentication { description "AAA Authentication data"; container ppp { description "Set authentication lists for PPP"; list authentication-list { key "list-name"; description "List name for AAA authentication"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA authentication"; } container local { must "not(../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../local) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../local) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../local) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container local { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../../local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container tacacs { must "(../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Second server-group"; container local { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-2/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container tacacs { must "(../../group-2/local or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../local or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Second server-group"; container local { must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-3/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container tacacs { must "(../../group-3/local or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../local or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list authentication-list } // container ppp container onepk { description "Set authentication lists for OnePk"; list authentication-list { key "list-name"; description "List name for AAA authentication"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA authentication"; } container local { must "not(../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../local) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../local) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../local) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container local { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../../local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container tacacs { must "(../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Second server-group"; container local { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-2/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container tacacs { must "(../../group-2/local or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../local or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Second server-group"; container local { must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-3/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container tacacs { must "(../../group-3/local or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../local or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list authentication-list } // container onepk container login { description "Set authentication lists for login"; list authentication-list { key "list-name"; description "List name for AAA authentication"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA authentication"; } container local { must "not(../line or ../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container line { must "not(../local or ../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a line node is configured."; description "Use line password for authentication"; } // container line container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../local or ../../../line) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../local or ../../../line) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../local or ../../../line) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container local { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../line or ../tacacs or ../radius or ../server-group-name or ../../../local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container line { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../../line)"; presence "Indicates a line node is configured."; description "Use line password for authentication"; } // container line container tacacs { must "(../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../line or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../line or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../line or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Second server-group"; container local { must "(../../group-2/line or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../line or ../tacacs or ../radius or ../server-group-name or ../../group-2/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container line { must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../group-2/line)"; presence "Indicates a line node is configured."; description "Use line password for authentication"; } // container line container tacacs { must "(../../group-2/local or ../../group-2/line or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../line or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/local or ../../group-2/line or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../local or ../line or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/local or ../../group-2/line or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../line or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Second server-group"; container local { must "(../../group-3/line or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../line or ../tacacs or ../radius or ../server-group-name or ../../group-3/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container line { must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../group-3/line)"; presence "Indicates a line node is configured."; description "Use line password for authentication"; } // container line container tacacs { must "(../../group-3/local or ../../group-3/line or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../line or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/local or ../../group-3/line or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../local or ../line or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/local or ../../group-3/line or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../line or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list authentication-list } // container login } // container authentication container authorization { description "AAA Authorization data"; container exec { description "Set authorization lists for EXEC"; list authorization-list { must "local or none or groups/group-1/tacacs or groups/group-1/server-group-name"; key "list-name"; description "List name for AAA authorization"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA authorization"; } container local { must "not(../none or ../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "not(../local or ../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../local or ../../../none) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../local or ../../../none) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../local or ../../../none) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container local { must "(../../../local or ../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../../local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../../local or ../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../../none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../../local or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../none or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../none or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../../local or ../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container local { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../tacacs or ../radius or ../server-group-name or ../../group-2/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name or ../../group-2/local) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-2/local or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../local or ../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Second server-group"; container local { must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../tacacs or ../radius or ../server-group-name or ../../group-3/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-3/local or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../local or ../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list authorization-list } // container exec container eventmanager { description "Set Event Manager authorization method"; list authorization-list { must "local or groups/group-1/tacacs or groups/group-1/server-group-name"; key "list-name"; description "List name for AAA authorization"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA authorization"; } container local { must "not(../groups/group-1/tacacs or ../groups/group-1/server-group-name)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../local) and not(../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "not(../../../local) and not(../tacacs)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container local { must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../tacacs or ../server-group-name or ../../../local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container tacacs { must "(../../../local or ../../group-1/server-group-name) and not(../local or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../tacacs)"; description "server-group name"; } } // container group-2 } // container groups } // list authorization-list } // container eventmanager container commands { description "For EXEC (shell) commands"; list authorization-list { must "none or groups/group-1/tacacs or groups/group-1/server-group-name"; key "list-name"; description "List name for AAA authorization"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA authorization"; } container none { must "not(../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../none) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../none) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../none) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container none { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../../none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-1/tacacs or ../../group-1/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container none { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/tacacs or ../../group-2/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Fourth server-group"; container none { must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/tacacs or ../../group-3/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list authorization-list } // container commands container api { description "For XML requests"; list authorization-list { must "none or groups/group-1/tacacs or groups/group-1/server-group-name"; key "list-name"; description "List name for AAA authorization"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA authorization"; } container none { must "not(../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../none) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../none) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../none) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container none { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../../none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-1/tacacs or ../../group-1/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container none { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/tacacs or ../../group-2/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Fourth server-group"; container none { must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/tacacs or ../../group-3/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list authorization-list } // container api container onepk { description "Set authorization lists for ONE-PK"; list authorization-list { must "local or none or groups/group-1/tacacs or groups/group-1/server-group-name"; key "list-name"; description "List name for AAA authorization"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA authorization"; } container local { must "not(../none or ../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "not(../local or ../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../local or ../../../none) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../local or ../../../none) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../local or ../../../none) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container local { must "(../../../local or ../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../../local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../../local or ../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../../none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../../local or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../none or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../none or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../../local or ../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container local { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../tacacs or ../radius or ../server-group-name or ../../group-2/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name or ../../group-2/local) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-2/local or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../local or ../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Second server-group"; container local { must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../tacacs or ../radius or ../server-group-name or ../../group-3/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-3/local or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../local or ../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list authorization-list } // container onepk container nacm { description "Set authorization lists for NACM"; list authorization-list { must "local or none or groups/group-1/tacacs or groups/group-1/server-group-name or only-external/local or only-external/none or only-external/groups/group-1/tacacs or only-external/groups/group-1/server-group-name or prefer-external/local or prefer-external/none or prefer-external/groups/group-1/tacacs or prefer-external/groups/group-1/server-group-name"; key "list-name"; description "List name for AAA authorization"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA authorization"; } container local { must "not(../none or ../groups/group-1/tacacs or ../groups/group-1/server-group-name)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "not(../local or ../groups/group-1/tacacs or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../local or ../../../none) and not(../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "not(../../../local or ../../../none) and not(../tacacs)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container local { must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../tacacs or ../server-group-name or ../../../local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../tacacs or ../server-group-name or ../../../none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../../local or ../../group-1/server-group-name) and not(../local or ../none or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../none or ../tacacs)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container local { must "(../../group-2/tacacs or ../../group-2/server-group-name or ../../group-2/local) and not(../none or ../tacacs or ../server-group-name or ../../group-2/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-2/tacacs or ../../group-2/server-group-name) and not(../local or ../tacacs or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-2/local or ../../group-2/server-group-name) and not(../local or ../none or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../local or ../none or ../tacacs)"; description "server-group name"; } } // container group-3 container group-4 { description "Second server-group"; container local { must "(../../group-3/tacacs or ../../group-3/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-3/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../local or ../tacacs or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-3/local or ../../group-3/server-group-name) and not(../local or ../none or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../local or ../none or ../tacacs)"; description "server-group name"; } } // container group-4 } // container groups container only-external { description "only external groups"; container local { must "not(../none or ../groups/group-1/tacacs or ../groups/group-1/server-group-name)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "not(../local or ../groups/group-1/tacacs or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../local or ../../../none) and not(../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "not(../../../local or ../../../none) and not(../tacacs)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container local { must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../tacacs or ../server-group-name or ../../../local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../tacacs or ../server-group-name or ../../../none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../../local or ../../group-1/server-group-name) and not(../local or ../none or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../none or ../tacacs)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container local { must "(../../group-2/tacacs or ../../group-2/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-2/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-2/tacacs or ../../group-2/server-group-name or ../../group-2/local) and not(../local or ../tacacs or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-2/local or ../../group-2/server-group-name) and not(../local or ../none or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../local or ../none or ../tacacs)"; description "server-group name"; } } // container group-3 container group-4 { description "Second server-group"; container local { must "(../../group-3/tacacs or ../../group-3/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-3/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../local or ../tacacs or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-3/local or ../../group-3/server-group-name) and not(../local or ../none or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../local or ../none or ../tacacs)"; description "server-group name"; } } // container group-4 } // container groups } // container only-external container prefer-external { description "Prefer external groups with local groups"; container local { must "not(../none or ../groups/group-1/tacacs or ../groups/group-1/server-group-name)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "not(../local or ../groups/group-1/tacacs or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../local or ../../../none) and not(../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "not(../../../local or ../../../none) and not(../tacacs)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container local { must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../tacacs or ../server-group-name or ../../../local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../tacacs or ../server-group-name or ../../../none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../../local or ../../group-1/server-group-name) and not(../local or ../none or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../none or ../tacacs)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container local { must "(../../group-2/tacacs or ../../group-2/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-2/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-2/tacacs or ../../group-2/server-group-name or ../../group-2/local) and not(../local or ../tacacs or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-2/local or ../../group-2/server-group-name) and not(../local or ../none or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../local or ../none or ../tacacs)"; description "server-group name"; } } // container group-3 container group-4 { description "Second server-group"; container local { must "(../../group-3/tacacs or ../../group-3/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-3/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../local or ../tacacs or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-3/local or ../../group-3/server-group-name) and not(../local or ../none or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../local or ../none or ../tacacs)"; description "server-group name"; } } // container group-4 } // container groups } // container prefer-external } // list authorization-list } // container nacm container network { description "For network services (such as IKE)"; list authorization-list { must "local or none or groups/group-1/tacacs or groups/group-1/server-group-name"; key "list-name"; description "List name for AAA authorization"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA authorization"; } container local { must "not(../none or ../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "not(../local or ../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../local or ../../../none) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../local or ../../../none) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../local or ../../../none) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container local { must "(../../../local or ../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../../local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../../local or ../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../../none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../../local or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../none or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../none or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../../local or ../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container local { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../tacacs or ../radius or ../server-group-name or ../../group-2/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name or ../../group-2/local) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-2/local or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../local or ../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Second server-group"; container local { must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../tacacs or ../radius or ../server-group-name or ../../group-3/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-3/local or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../local or ../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list authorization-list } // container network } // container authorization container accounting { description "AAA Accounting data"; container update { description "For starting Network UPDATE accounting"; container newinfo { must "not(../periodic)"; presence "Indicates a newinfo node is configured."; description "Update records for new accountable information only"; } // container newinfo leaf periodic { type uint32 { range "1..35791394"; } must "not(../newinfo)"; description "Update records at periodic intervals"; } } // container update container exec { description "For starting an EXEC (shell)"; list accounting-list { must "(start-stop or stop-only) and (none or groups/group-1/tacacs or groups/group-1/radius or groups/group-1/server-group-name)"; key "list-name"; description "List name for AAA accounting"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA accounting"; } container start-stop { must "not(../stop-only)"; presence "Indicates a start-stop node is configured."; description "start and stop records"; } // container start-stop container stop-only { must "not(../start-stop)"; presence "Indicates a stop-only node is configured."; description "stop records only"; } // container stop-only container none { must "not(../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../none) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../none) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../none) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container none { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../tacacs or ../radius or ../server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-1/tacacs or ../../group-1/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container none { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-2/none or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/none or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/none or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Fourth server-group"; container none { must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-3/none or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list accounting-list } // container exec container commands { description "For EXEC (shell) commands"; list accounting-list { must "(start-stop or stop-only) and (none or local or groups/group-1/tacacs or groups/group-1/radius or groups/group-1/server-group-name)"; key "list-name"; description "List name for AAA accounting"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA accounting"; } container start-stop { must "not(../stop-only)"; presence "Indicates a start-stop node is configured."; description "start and stop records"; } // container start-stop container stop-only { must "not(../start-stop)"; presence "Indicates a stop-only node is configured."; description "stop records only"; } // container stop-only container none { must "not(../local or ../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container local { must "not(../none or ../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../none or ../../../local) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../none or ../../../local) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../none or ../../../local) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container local { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../tacacs or ../radius or ../server-group-name or ../../../local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../../none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../none or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../none or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container local { must "(../../group-2/none or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../tacacs or ../radius or ../server-group-name or ../../group-2/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-2/local or ../../group-2/none or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/local or ../../group-2/none or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../local or ../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/local or ../../group-2/none or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Second server-group"; container local { must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../tacacs or ../radius or ../server-group-name or ../../group-3/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-3/local or ../../group-3/none or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/local or ../../group-3/none or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../local or ../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/local or ../../group-3/none or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list accounting-list } // container commands container api { description "For XML requests"; list accounting-list { must "(start-stop or stop-only) and (none or groups/group-1/tacacs or groups/group-1/radius or groups/group-1/server-group-name)"; key "list-name"; description "List name for AAA accounting"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA accounting"; } container start-stop { must "not(../stop-only)"; presence "Indicates a start-stop node is configured."; description "start and stop records"; } // container start-stop container stop-only { must "not(../start-stop)"; presence "Indicates a stop-only node is configured."; description "stop records only"; } // container stop-only container none { must "not(../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../none) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../none) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../none) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container none { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../tacacs or ../radius or ../server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-1/tacacs or ../../group-1/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container none { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-2/none or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/none or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/none or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Fourth server-group"; container none { must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-3/none or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list accounting-list } // container api container system { description "For System events"; container rp-failover { description "flag for rp-failover"; list accounting-list { must "(start-stop or stop-only) and (none or groups/group-1/tacacs or groups/group-1/radius or groups/group-1/server-group-name)"; key "list-name"; description "List name for AAA accounting"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA accounting"; } container start-stop { must "not(../stop-only)"; presence "Indicates a start-stop node is configured."; description "start and stop records"; } // container start-stop container stop-only { must "not(../start-stop)"; presence "Indicates a stop-only node is configured."; description "stop records only"; } // container stop-only container none { must "not(../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../none) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../none) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../none) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container none { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../tacacs or ../radius or ../server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-1/tacacs or ../../group-1/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container none { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-2/none or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/none or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/none or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Fourth server-group"; container none { must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../tacacs or ../radius or ../server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-3/none or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list accounting-list } // container rp-failover list accounting-list { must "start-stop and (none or groups/group-1/tacacs or groups/group-1/radius or groups/group-1/server-group-name)"; key "list-name"; description "List name for AAA accounting"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA accounting"; } container start-stop { presence "Indicates a start-stop node is configured."; description "start and stop records"; } // container start-stop container broadcast { presence "Indicates a broadcast node is configured."; description "Set broadcast accounting"; } // container broadcast container none { must "not(../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../none) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../none) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../none) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container none { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../tacacs or ../radius or ../server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-1/tacacs or ../../group-1/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container none { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-2/none or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/none or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/none or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Fourth server-group"; container none { must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-3/none or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list accounting-list } // container system container network { description "For network services (such as IKE, PPP)"; list accounting-list { must "(start-stop or stop-only) and (none or groups/group-1/tacacs or groups/group-1/radius or groups/group-1/server-group-name)"; key "list-name"; description "List name for AAA accounting"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA accounting"; } container start-stop { must "not(../stop-only)"; presence "Indicates a start-stop node is configured."; description "start and stop records"; } // container start-stop container stop-only { must "not(../start-stop)"; presence "Indicates a stop-only node is configured."; description "stop records only"; } // container stop-only container none { must "not(../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../none) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../none) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../none) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container none { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../tacacs or ../radius or ../server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-1/tacacs or ../../group-1/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container none { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-2/none or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/none or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/none or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Fourth server-group"; container none { must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-3/none or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list accounting-list } // container network container onepk { description "For ONE-PK services"; list accounting-list { must "(start-stop or stop-only) and (none or groups/group-1/tacacs or groups/group-1/radius or groups/group-1/server-group-name)"; key "list-name"; description "List name for AAA accounting"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA accounting"; } container start-stop { must "not(../stop-only)"; presence "Indicates a start-stop node is configured."; description "start and stop records"; } // container start-stop container stop-only { must "not(../start-stop)"; presence "Indicates a stop-only node is configured."; description "stop records only"; } // container stop-only container none { must "not(../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../none) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../none) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../none) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container none { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../tacacs or ../radius or ../server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-1/tacacs or ../../group-1/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container none { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-2/none or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/none or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/none or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Fourth server-group"; container none { must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-3/none or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list accounting-list } // container onepk } // container accounting container banner { description "AAA banner"; leaf login { type string { length "1..1015"; } description "LINE"; } } // container banner } // container aaa } // module Cisco-IOS-XR-um-aaa-cfg
© 2023 YumaWorks, Inc. All rights reserved.