This module contains a collection of YANG definitions for Cisco IOS-XR aaa package configuration. This YANG module augments the...
Version: 2021-02-08
module Cisco-IOS-XR-um-aaa-cfg { yang-version 1; namespace "http://cisco.com/ns/yang/Cisco-IOS-XR-um-aaa-cfg"; prefix um-aaa-cfg; import cisco-semver { prefix semver; } organization "Cisco Systems, Inc."; contact "Cisco Systems, Inc. Customer Service Postal: 170 West Tasman Drive San Jose, CA 95134 Tel: +1 800 553-NETS E-mail: cs-yang@cisco.com"; description "This module contains a collection of YANG definitions for Cisco IOS-XR aaa package configuration. This YANG module augments the modules with configuration data. Copyright (c) 2021 by Cisco Systems, Inc. All rights reserved."; revision "2021-02-08" { description "Initial release"; } semver:module-version "1.0.0"; container aaa { description "Authentication, Authorization and Accounting"; container authentication { description "AAA Authentication data"; container ppp { description "Set authentication lists for PPP"; list authentication-list { key "list-name"; description "List name for AAA authentication"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA authentication"; } container local { must "not(../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../local) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../local) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../local) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container local { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../../local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container tacacs { must "(../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Second server-group"; container local { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-2/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container tacacs { must "(../../group-2/local or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../local or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Second server-group"; container local { must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-3/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container tacacs { must "(../../group-3/local or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../local or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list authentication-list } // container ppp container onepk { description "Set authentication lists for OnePk"; list authentication-list { key "list-name"; description "List name for AAA authentication"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA authentication"; } container local { must "not(../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../local) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../local) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../local) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container local { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../../local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container tacacs { must "(../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Second server-group"; container local { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-2/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container tacacs { must "(../../group-2/local or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../local or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Second server-group"; container local { must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-3/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container tacacs { must "(../../group-3/local or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../local or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list authentication-list } // container onepk container login { description "Set authentication lists for login"; list authentication-list { key "list-name"; description "List name for AAA authentication"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA authentication"; } container local { must "not(../line or ../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container line { must "not(../local or ../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a line node is configured."; description "Use line password for authentication"; } // container line container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../local or ../../../line) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../local or ../../../line) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../local or ../../../line) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container local { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../line or ../tacacs or ../radius or ../server-group-name or ../../../local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container line { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../../line)"; presence "Indicates a line node is configured."; description "Use line password for authentication"; } // container line container tacacs { must "(../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../line or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../line or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../line or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Second server-group"; container local { must "(../../group-2/line or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../line or ../tacacs or ../radius or ../server-group-name or ../../group-2/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container line { must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../group-2/line)"; presence "Indicates a line node is configured."; description "Use line password for authentication"; } // container line container tacacs { must "(../../group-2/local or ../../group-2/line or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../line or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/local or ../../group-2/line or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../local or ../line or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/local or ../../group-2/line or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../line or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Second server-group"; container local { must "(../../group-3/line or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../line or ../tacacs or ../radius or ../server-group-name or ../../group-3/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container line { must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../group-3/line)"; presence "Indicates a line node is configured."; description "Use line password for authentication"; } // container line container tacacs { must "(../../group-3/local or ../../group-3/line or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../line or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/local or ../../group-3/line or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../local or ../line or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/local or ../../group-3/line or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../line or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list authentication-list } // container login } // container authentication container authorization { description "AAA Authorization data"; container exec { description "Set authorization lists for EXEC"; list authorization-list { must "local or none or groups/group-1/tacacs or groups/group-1/server-group-name"; key "list-name"; description "List name for AAA authorization"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA authorization"; } container local { must "not(../none or ../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "not(../local or ../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../local or ../../../none) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../local or ../../../none) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../local or ../../../none) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container local { must "(../../../local or ../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../../local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../../local or ../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../../none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../../local or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../none or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../none or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../../local or ../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container local { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../tacacs or ../radius or ../server-group-name or ../../group-2/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name or ../../group-2/local) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-2/local or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../local or ../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Second server-group"; container local { must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../tacacs or ../radius or ../server-group-name or ../../group-3/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-3/local or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../local or ../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list authorization-list } // container exec container eventmanager { description "Set Event Manager authorization method"; list authorization-list { must "local or groups/group-1/tacacs or groups/group-1/server-group-name"; key "list-name"; description "List name for AAA authorization"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA authorization"; } container local { must "not(../groups/group-1/tacacs or ../groups/group-1/server-group-name)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../local) and not(../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "not(../../../local) and not(../tacacs)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container local { must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../tacacs or ../server-group-name or ../../../local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container tacacs { must "(../../../local or ../../group-1/server-group-name) and not(../local or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../tacacs)"; description "server-group name"; } } // container group-2 } // container groups } // list authorization-list } // container eventmanager container commands { description "For EXEC (shell) commands"; list authorization-list { must "none or groups/group-1/tacacs or groups/group-1/server-group-name"; key "list-name"; description "List name for AAA authorization"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA authorization"; } container none { must "not(../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../none) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../none) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../none) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container none { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../../none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-1/tacacs or ../../group-1/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container none { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/tacacs or ../../group-2/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Fourth server-group"; container none { must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/tacacs or ../../group-3/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list authorization-list } // container commands container api { description "For XML requests"; list authorization-list { must "none or groups/group-1/tacacs or groups/group-1/server-group-name"; key "list-name"; description "List name for AAA authorization"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA authorization"; } container none { must "not(../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../none) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../none) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../none) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container none { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../../none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-1/tacacs or ../../group-1/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container none { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/tacacs or ../../group-2/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Fourth server-group"; container none { must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/tacacs or ../../group-3/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list authorization-list } // container api container onepk { description "Set authorization lists for ONE-PK"; list authorization-list { must "local or none or groups/group-1/tacacs or groups/group-1/server-group-name"; key "list-name"; description "List name for AAA authorization"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA authorization"; } container local { must "not(../none or ../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "not(../local or ../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../local or ../../../none) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../local or ../../../none) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../local or ../../../none) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container local { must "(../../../local or ../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../../local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../../local or ../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../../none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../../local or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../none or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../none or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../../local or ../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container local { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../tacacs or ../radius or ../server-group-name or ../../group-2/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name or ../../group-2/local) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-2/local or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../local or ../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Second server-group"; container local { must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../tacacs or ../radius or ../server-group-name or ../../group-3/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-3/local or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../local or ../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list authorization-list } // container onepk container nacm { description "Set authorization lists for NACM"; list authorization-list { must "local or none or groups/group-1/tacacs or groups/group-1/server-group-name or only-external/local or only-external/none or only-external/groups/group-1/tacacs or only-external/groups/group-1/server-group-name or prefer-external/local or prefer-external/none or prefer-external/groups/group-1/tacacs or prefer-external/groups/group-1/server-group-name"; key "list-name"; description "List name for AAA authorization"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA authorization"; } container local { must "not(../none or ../groups/group-1/tacacs or ../groups/group-1/server-group-name)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "not(../local or ../groups/group-1/tacacs or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../local or ../../../none) and not(../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "not(../../../local or ../../../none) and not(../tacacs)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container local { must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../tacacs or ../server-group-name or ../../../local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../tacacs or ../server-group-name or ../../../none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../../local or ../../group-1/server-group-name) and not(../local or ../none or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../none or ../tacacs)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container local { must "(../../group-2/tacacs or ../../group-2/server-group-name or ../../group-2/local) and not(../none or ../tacacs or ../server-group-name or ../../group-2/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-2/tacacs or ../../group-2/server-group-name) and not(../local or ../tacacs or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-2/local or ../../group-2/server-group-name) and not(../local or ../none or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../local or ../none or ../tacacs)"; description "server-group name"; } } // container group-3 container group-4 { description "Second server-group"; container local { must "(../../group-3/tacacs or ../../group-3/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-3/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../local or ../tacacs or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-3/local or ../../group-3/server-group-name) and not(../local or ../none or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../local or ../none or ../tacacs)"; description "server-group name"; } } // container group-4 } // container groups container only-external { description "only external groups"; container local { must "not(../none or ../groups/group-1/tacacs or ../groups/group-1/server-group-name)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "not(../local or ../groups/group-1/tacacs or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../local or ../../../none) and not(../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "not(../../../local or ../../../none) and not(../tacacs)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container local { must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../tacacs or ../server-group-name or ../../../local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../tacacs or ../server-group-name or ../../../none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../../local or ../../group-1/server-group-name) and not(../local or ../none or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../none or ../tacacs)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container local { must "(../../group-2/tacacs or ../../group-2/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-2/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-2/tacacs or ../../group-2/server-group-name or ../../group-2/local) and not(../local or ../tacacs or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-2/local or ../../group-2/server-group-name) and not(../local or ../none or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../local or ../none or ../tacacs)"; description "server-group name"; } } // container group-3 container group-4 { description "Second server-group"; container local { must "(../../group-3/tacacs or ../../group-3/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-3/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../local or ../tacacs or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-3/local or ../../group-3/server-group-name) and not(../local or ../none or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../local or ../none or ../tacacs)"; description "server-group name"; } } // container group-4 } // container groups } // container only-external container prefer-external { description "Prefer external groups with local groups"; container local { must "not(../none or ../groups/group-1/tacacs or ../groups/group-1/server-group-name)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "not(../local or ../groups/group-1/tacacs or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../local or ../../../none) and not(../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "not(../../../local or ../../../none) and not(../tacacs)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container local { must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../tacacs or ../server-group-name or ../../../local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../tacacs or ../server-group-name or ../../../none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../../local or ../../group-1/server-group-name) and not(../local or ../none or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../none or ../tacacs)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container local { must "(../../group-2/tacacs or ../../group-2/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-2/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-2/tacacs or ../../group-2/server-group-name or ../../group-2/local) and not(../local or ../tacacs or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-2/local or ../../group-2/server-group-name) and not(../local or ../none or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../local or ../none or ../tacacs)"; description "server-group name"; } } // container group-3 container group-4 { description "Second server-group"; container local { must "(../../group-3/tacacs or ../../group-3/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-3/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../local or ../tacacs or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-3/local or ../../group-3/server-group-name) and not(../local or ../none or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs leaf server-group-name { type string { length "1..253"; } must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../local or ../none or ../tacacs)"; description "server-group name"; } } // container group-4 } // container groups } // container prefer-external } // list authorization-list } // container nacm container network { description "For network services (such as IKE)"; list authorization-list { must "local or none or groups/group-1/tacacs or groups/group-1/server-group-name"; key "list-name"; description "List name for AAA authorization"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA authorization"; } container local { must "not(../none or ../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "not(../local or ../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../local or ../../../none) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../local or ../../../none) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../local or ../../../none) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container local { must "(../../../local or ../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../../local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../../local or ../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../../none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../../local or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../none or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../../local or ../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../none or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../../local or ../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container local { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../tacacs or ../radius or ../server-group-name or ../../group-2/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name or ../../group-2/local) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-2/local or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../local or ../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Second server-group"; container local { must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../tacacs or ../radius or ../server-group-name or ../../group-3/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "no authorization"; } // container none container tacacs { must "(../../group-3/local or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../local or ../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list authorization-list } // container network } // container authorization container accounting { description "AAA Accounting data"; container update { description "For starting Network UPDATE accounting"; container newinfo { must "not(../periodic)"; presence "Indicates a newinfo node is configured."; description "Update records for new accountable information only"; } // container newinfo leaf periodic { type uint32 { range "1..35791394"; } must "not(../newinfo)"; description "Update records at periodic intervals"; } } // container update container exec { description "For starting an EXEC (shell)"; list accounting-list { must "(start-stop or stop-only) and (none or groups/group-1/tacacs or groups/group-1/radius or groups/group-1/server-group-name)"; key "list-name"; description "List name for AAA accounting"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA accounting"; } container start-stop { must "not(../stop-only)"; presence "Indicates a start-stop node is configured."; description "start and stop records"; } // container start-stop container stop-only { must "not(../start-stop)"; presence "Indicates a stop-only node is configured."; description "stop records only"; } // container stop-only container none { must "not(../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../none) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../none) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../none) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container none { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../tacacs or ../radius or ../server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-1/tacacs or ../../group-1/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container none { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-2/none or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/none or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/none or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Fourth server-group"; container none { must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-3/none or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list accounting-list } // container exec container commands { description "For EXEC (shell) commands"; list accounting-list { must "(start-stop or stop-only) and (none or local or groups/group-1/tacacs or groups/group-1/radius or groups/group-1/server-group-name)"; key "list-name"; description "List name for AAA accounting"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA accounting"; } container start-stop { must "not(../stop-only)"; presence "Indicates a start-stop node is configured."; description "start and stop records"; } // container start-stop container stop-only { must "not(../start-stop)"; presence "Indicates a stop-only node is configured."; description "stop records only"; } // container stop-only container none { must "not(../local or ../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container local { must "not(../none or ../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../none or ../../../local) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../none or ../../../local) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../none or ../../../local) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container local { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../tacacs or ../radius or ../server-group-name or ../../../local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../../none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../none or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-1/tacacs or ../../group-1/server-group-name) and not(../local or ../none or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../local or ../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container local { must "(../../group-2/none or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../tacacs or ../radius or ../server-group-name or ../../group-2/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-2/local or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-2/local or ../../group-2/none or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/local or ../../group-2/none or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../local or ../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/local or ../../group-2/none or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../local or ../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Second server-group"; container local { must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../tacacs or ../radius or ../server-group-name or ../../group-3/local)"; presence "Indicates a local node is configured."; description "Local command accounting using syslog"; } // container local container none { must "(../../group-3/local or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../tacacs or ../radius or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-3/local or ../../group-3/none or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/local or ../../group-3/none or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../local or ../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/local or ../../group-3/none or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../local or ../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list accounting-list } // container commands container api { description "For XML requests"; list accounting-list { must "(start-stop or stop-only) and (none or groups/group-1/tacacs or groups/group-1/radius or groups/group-1/server-group-name)"; key "list-name"; description "List name for AAA accounting"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA accounting"; } container start-stop { must "not(../stop-only)"; presence "Indicates a start-stop node is configured."; description "start and stop records"; } // container start-stop container stop-only { must "not(../start-stop)"; presence "Indicates a stop-only node is configured."; description "stop records only"; } // container stop-only container none { must "not(../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../none) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../none) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../none) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container none { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../tacacs or ../radius or ../server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-1/tacacs or ../../group-1/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container none { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-2/none or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/none or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/none or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Fourth server-group"; container none { must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-3/none or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list accounting-list } // container api container system { description "For System events"; container rp-failover { description "flag for rp-failover"; list accounting-list { must "(start-stop or stop-only) and (none or groups/group-1/tacacs or groups/group-1/radius or groups/group-1/server-group-name)"; key "list-name"; description "List name for AAA accounting"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA accounting"; } container start-stop { must "not(../stop-only)"; presence "Indicates a start-stop node is configured."; description "start and stop records"; } // container start-stop container stop-only { must "not(../start-stop)"; presence "Indicates a stop-only node is configured."; description "stop records only"; } // container stop-only container none { must "not(../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../none) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../none) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../none) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container none { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../tacacs or ../radius or ../server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-1/tacacs or ../../group-1/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container none { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-2/none or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/none or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/none or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Fourth server-group"; container none { must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../tacacs or ../radius or ../server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-3/none or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list accounting-list } // container rp-failover list accounting-list { must "start-stop and (none or groups/group-1/tacacs or groups/group-1/radius or groups/group-1/server-group-name)"; key "list-name"; description "List name for AAA accounting"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA accounting"; } container start-stop { presence "Indicates a start-stop node is configured."; description "start and stop records"; } // container start-stop container broadcast { presence "Indicates a broadcast node is configured."; description "Set broadcast accounting"; } // container broadcast container none { must "not(../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../none) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../none) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../none) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container none { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../tacacs or ../radius or ../server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-1/tacacs or ../../group-1/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container none { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-2/none or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/none or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/none or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Fourth server-group"; container none { must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-3/none or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list accounting-list } // container system container network { description "For network services (such as IKE, PPP)"; list accounting-list { must "(start-stop or stop-only) and (none or groups/group-1/tacacs or groups/group-1/radius or groups/group-1/server-group-name)"; key "list-name"; description "List name for AAA accounting"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA accounting"; } container start-stop { must "not(../stop-only)"; presence "Indicates a start-stop node is configured."; description "start and stop records"; } // container start-stop container stop-only { must "not(../start-stop)"; presence "Indicates a stop-only node is configured."; description "stop records only"; } // container stop-only container none { must "not(../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../none) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../none) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../none) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container none { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../tacacs or ../radius or ../server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-1/tacacs or ../../group-1/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container none { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-2/none or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/none or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/none or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Fourth server-group"; container none { must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-3/none or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list accounting-list } // container network container onepk { description "For ONE-PK services"; list accounting-list { must "(start-stop or stop-only) and (none or groups/group-1/tacacs or groups/group-1/radius or groups/group-1/server-group-name)"; key "list-name"; description "List name for AAA accounting"; leaf list-name { type union { type string { pattern 'default'; } type string { length "1..253"; } } description "List name for AAA accounting"; } container start-stop { must "not(../stop-only)"; presence "Indicates a start-stop node is configured."; description "start and stop records"; } // container start-stop container stop-only { must "not(../start-stop)"; presence "Indicates a stop-only node is configured."; description "stop records only"; } // container stop-only container none { must "not(../groups/group-1/tacacs or ../groups/group-1/radius or ../groups/group-1/server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container groups { description "Use Server-group"; container group-1 { description "First server-group"; container tacacs { must "not(../../../none) and not(../radius or ../server-group-name)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "not(../../../none) and not(../tacacs or ../server-group-name)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "not(../../../none) and not(../tacacs or ../radius)"; description "server-group name"; } } // container group-1 container group-2 { description "Second server-group"; container none { must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../tacacs or ../radius or ../server-group-name)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-1/tacacs or ../../group-1/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-1/tacacs or ../../group-1/radius or ../../group-1/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-2 container group-3 { description "Third server-group"; container none { must "(../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-2/none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-2/none or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-2/none or ../../group-2/tacacs or ../../group-2/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-2/none or ../../group-2/tacacs or ../../group-2/radius or ../../group-2/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-3 container group-4 { description "Fourth server-group"; container none { must "(../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../tacacs or ../radius or ../server-group-name or ../../group-3/none)"; presence "Indicates a none node is configured."; description "No accounting"; } // container none container tacacs { must "(../../group-3/none or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../radius or ../server-group-name or ../../group-1/tacacs or ../../group-2/tacacs or ../../group-3/tacacs)"; presence "Indicates a tacacs node is configured."; description "Use list of all TACACS+ hosts"; } // container tacacs container radius { must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/server-group-name) and not(../none or ../tacacs or ../server-group-name or ../../group-1/radius or ../../group-2/radius or ../../group-3/radius)"; presence "Indicates a radius node is configured."; description "Use list of all RADIUS hosts"; } // container radius leaf server-group-name { type string { length "1..253"; } must "(../../group-3/none or ../../group-3/tacacs or ../../group-3/radius or ../../group-3/server-group-name) and not(../none or ../tacacs or ../radius)"; description "server-group name"; } } // container group-4 } // container groups } // list accounting-list } // container onepk } // container accounting container banner { description "AAA banner"; leaf login { type string { length "1..1015"; } description "LINE"; } } // container banner container group { description "AAA group definitions"; container server { description "AAA Server group definition"; container tacacs { description "TACACS+ server-group definition"; container server-groups { description "Server group name"; list server-group { key "server-group-name"; description "Server group name"; leaf server-group-name { type string { length "1..253"; } description "Server group name"; } container servers { description "Specify a TACACS+ server (Max 10)"; list server { key "ordering-index address"; description "Specify a TACACS+ server (Max 10)"; leaf ordering-index { type uint32; description "This is used to sort the servers in the order of precedence"; } leaf address { type inet:ip-address-no-zone; description "Specify a TACACS+ server (Max 10)"; } } // list server } // container servers leaf vrf { type xr:Cisco-ios-xr-string { length "1..32"; } description "VRF to which this server group belongs to"; } leaf holddown-time { type uint32 { range "0..1200"; } description "Time for which TACACS servers of this group is marked as dead"; } container server-privates { description "Specify a private (to this server group) TACACS+ server (max 10)"; list server-private { key "ordering-index address port"; max-elements 10; description "Specify a private (to this server group) TACACS+ server (max 10)"; leaf ordering-index { type uint32; description "This is used to sort the servers in the order of precedence"; } leaf address { type inet:ip-address-no-zone; description "Specify a private (to this server group) TACACS+ server (max 10)"; } leaf port { type uint32 { range "1..65535"; } description "TCP port for TACACS+ server (default is 49)"; } container key { description "Set TACACS+ encryption key"; leaf seven { type xr:Proprietary-password; must "not(../six)"; description "Specifies that an encrypted key will follow"; } leaf six { if-feature check_input_typ6_validity; type xr:Proprietary-password; must "not(../seven)"; description "Specifies that an encrypted type 6 key will follow"; } } // container key container single-connection { presence "Indicates a single-connection node is configured."; description "Reuse connection to this server for all requests(2)"; } // container single-connection leaf single-connection-idle-timeout { type uint32 { range "500..7200"; } description "Idle timeout for a single-connection to the server"; } leaf timeout { type uint32 { range "1..1000"; } description "Time to wait for a TACACS server to reply"; } leaf holddown-time { type uint32 { range "0..1200"; } description "Time for which this TACACS server is marked as dead"; } } // list server-private } // container server-privates } // list server-group } // container server-groups } // container tacacs } // container server } // container group container tacacs-server { description "TACACS+ server definition"; container hosts { description "Specify a TACACS+ server"; list host { key "ordering-index address port"; description "Specify a TACACS+ server"; leaf ordering-index { type uint32; description "This is used to sort the servers in the order of precedence"; } leaf address { type inet:ip-address-no-zone; description "Specify a TACACS+ server"; } leaf port { type uint32 { range "1..65535"; } description "TCP port for TACACS+ server (default is 49)"; } leaf timeout { type uint32 { range "1..1000"; } description "Time to wait for this TACACS server to reply (overrides default)"; } leaf holddown-time { type uint32 { range "0..1200"; } description "Time for which this TACACS server is marked as dead"; } container key { description "per-server encryption key (overrides default)"; leaf seven { type xr:Proprietary-password; must "not(../six)"; description "Specifies that an encrypted key will follow"; } leaf six { if-feature check_input_typ6_validity; type xr:Proprietary-password; must "not(../seven)"; description "Specifies that an encrypted type 6 key will follow"; } } // container key container single-connection { presence "Indicates a single-connection node is configured."; description "Reuse connection to this server for all requests"; } // container single-connection leaf single-connection-idle-timeout { type uint32 { range "500..7200"; } description "Idle timeout for a single-connection to the server"; } } // list host } // container hosts container key { description "Set TACACS+ encryption key"; leaf seven { type xr:Proprietary-password; must "not(../six)"; description "Specifies that an encrypted key will follow"; } leaf six { if-feature check_input_typ6_validity; type xr:Proprietary-password; must "not(../seven)"; description "Specifies that an encrypted type 6 key will follow"; } } // container key leaf timeout { type uint32 { range "1..1000"; } description "Time to wait for a TACACS server to reply"; } leaf holddown-time { type uint32 { range "0..1200"; } description "Time for which a TACACS server is marked as dead"; } container ipv4 { description "Mark the dscp bit for ipv4 packets"; leaf dscp { type union { type uint32 { range "0..63"; } type enumeration { enum "default" { value 0; description "Match packets with default dscp (000000)"; } enum "cs1" { value 8; description "Match packets with CS1(precedence 1) dscp (001000)"; } enum "af11" { value 10; description "Match packets with AF11 dscp (001010)"; } enum "af12" { value 12; description "Match packets with AF12 dscp (001100)"; } enum "af13" { value 14; description "Match packets with AF13 dscp (001110)"; } enum "cs2" { value 16; description "Match packets with CS2(precedence 2) dscp (010000)"; } enum "af21" { value 18; description "Match packets with AF21 dscp (010010)"; } enum "af22" { value 20; description "Match packets with AF22 dscp (010100)"; } enum "af23" { value 22; description "Match packets with AF23 dscp (010110)"; } enum "cs3" { value 24; description "Match packets with CS3(precedence 3) dscp (011000)"; } enum "af31" { value 26; description "Match packets with AF31 dscp (011010)"; } enum "af32" { value 28; description "Match packets with AF32 dscp (011100)"; } enum "af33" { value 30; description "Match packets with AF33 dscp (011110)"; } enum "cs4" { value 32; description "Match packets with CS4(precedence 4) dscp (100000)"; } enum "af41" { value 34; description "Match packets with AF41 dscp (100010)"; } enum "af42" { value 36; description "Match packets with AF42 dscp (100100)"; } enum "af43" { value 38; description "Match packets with AF43 dscp (100110)"; } enum "cs5" { value 40; description "Match packets with CS5(precedence 5) dscp (101000)"; } enum "ef" { value 46; description "Match packets with EF dscp (101110)"; } enum "cs6" { value 48; description "Match packets with CS6(precedence 6) dscp (110000)"; } enum "cs7" { value 56; description "Match packets with CS7(precedence 7) dscp (111000)"; } } } description "Set IP DSCP (DiffServ CodePoint)"; } } // container ipv4 container ipv6 { description "Mark the dscp bit for ipv6 packets"; leaf dscp { type union { type uint32 { range "0..63"; } type enumeration { enum "default" { value 0; description "Match packets with default dscp (000000)"; } enum "cs1" { value 8; description "Match packets with CS1(precedence 1) dscp (001000)"; } enum "af11" { value 10; description "Match packets with AF11 dscp (001010)"; } enum "af12" { value 12; description "Match packets with AF12 dscp (001100)"; } enum "af13" { value 14; description "Match packets with AF13 dscp (001110)"; } enum "cs2" { value 16; description "Match packets with CS2(precedence 2) dscp (010000)"; } enum "af21" { value 18; description "Match packets with AF21 dscp (010010)"; } enum "af22" { value 20; description "Match packets with AF22 dscp (010100)"; } enum "af23" { value 22; description "Match packets with AF23 dscp (010110)"; } enum "cs3" { value 24; description "Match packets with CS3(precedence 3) dscp (011000)"; } enum "af31" { value 26; description "Match packets with AF31 dscp (011010)"; } enum "af32" { value 28; description "Match packets with AF32 dscp (011100)"; } enum "af33" { value 30; description "Match packets with AF33 dscp (011110)"; } enum "cs4" { value 32; description "Match packets with CS4(precedence 4) dscp (100000)"; } enum "af41" { value 34; description "Match packets with AF41 dscp (100010)"; } enum "af42" { value 36; description "Match packets with AF42 dscp (100100)"; } enum "af43" { value 38; description "Match packets with AF43 dscp (100110)"; } enum "cs5" { value 40; description "Match packets with CS5(precedence 5) dscp (101000)"; } enum "ef" { value 46; description "Match packets with EF dscp (101110)"; } enum "cs6" { value 48; description "Match packets with CS6(precedence 6) dscp (110000)"; } enum "cs7" { value 56; description "Match packets with CS7(precedence 7) dscp (111000)"; } } } description "Set IP DSCP (DiffServ CodePoint)"; } } // container ipv6 } // container tacacs-server container tacacs { description "TACACS+ configuration commands"; leaf source-interface { type xr:Interface-name; description "Specify interface for source address in TACACS+ packets"; } container vrfs { description "VRF for this source interface configuration"; list vrf { key "vrf-name"; leaf vrf-name { type xr:Cisco-ios-xr-string { length "1..1024"; } description "Name of the VRF"; } leaf source-interface { type xr:Interface-name; mandatory true; description "Specify interface for source address in TACACS+ packets"; } } // list vrf } // container vrfs } // container tacacs container group { description "AAA group definitions"; container server { description "AAA Server group definition"; container diameter { description "DIAMETER server-group definition"; container server-groups { description "Server group name"; list server-group { key "server-group-name"; description "Server group name"; leaf server-group-name { type xr:Cisco-ios-xr-string { length "1..800"; } description "Server group name"; } container servers { description "Specify a DIAMETER server"; list server { key "server-name"; description "Specify a DIAMETER server"; leaf server-name { type xr:Cisco-ios-xr-string { length "1..800"; } description "Specify a DIAMETER server"; } } // list server } // container servers } // list server-group } // container server-groups } // container diameter } // container server } // container group container diameter { description "DIAMETER server definition"; container peers { description "Peer configuration"; list peer { key "peer-name"; description "Name for the diameter peer configuration"; leaf peer-name { type string { length "1..800"; } description "Name for the diameter peer configuration"; } container address { description "Specify a Diameter peer address"; leaf ipv4 { type inet:ipv4-address-no-zone; description "IPv4 Address"; } leaf ipv6 { type inet:ipv6-address-no-zone; description "IPv6 Address"; } } // container address container destination { description "Peer information"; leaf host { type xr:Cisco-ios-xr-string { length "1..256"; } description "host information"; } leaf realm { type xr:Cisco-ios-xr-string { length "1..256"; } description "realm information"; } } // container destination container ip { description "IP specific commands"; container vrf { description "VRF the peer belongs to"; leaf forwarding { type xr:Cisco-ios-xr-string { length "1..800"; } description "Forwarding table"; } } // container vrf } // container ip container timer { description "Timers used for the peer"; leaf connection { type uint32 { range "6..1000"; } description "Connection retry timer"; } leaf transaction { type uint32 { range "6..1000"; } description "Transaction timer"; } leaf watchdog { type uint32 { range "6..1000"; } description "Watchdog timer"; } } // container timer container transport { description "Specify a Diameter transport"; container tcp { description "Specify a Diameter transport protocol"; leaf port { type uint32 { range "1..65535"; } description "Port number on which the peer is running(default is 3868)"; } } // container tcp container security-type { description "Specify a Diameter security type"; container tls { presence "Indicates a tls node is configured."; description "Use tls for Diameter transport"; } // container tls } // container security-type } // container transport leaf source-interface { type xr:Interface-name; description "Specify interface for source address in DIAMETER packets"; } container peer-type { description "Peer Type"; container server { presence "Indicates a server node is configured."; description "Peer is a server"; } // container server } // container peer-type container preferred-server { presence "Indicates a preferred-server node is configured."; description "Enable Preferred server for the peer"; } // container preferred-server container origin { description "origin sub command"; container realms { description "origin realm information"; list realm { key "realm-name"; description "origin realm information"; leaf realm-name { type xr:Cisco-ios-xr-string { length "1..256"; } description "origin realm information"; } container access-interfaces { description "Specify a access interface "; list access-interface { key "access-interface-name"; description "Specify a access interface "; leaf access-interface-name { type xr:Interface-name; description "Specify a access interface "; } } // list access-interface } // container access-interfaces } // list realm } // container realms } // container origin container auth-session-stateless { presence "Indicates a auth-session-stateless node is configured."; description "Maintain NASREQ session stateless"; } // container auth-session-stateless } // list peer } // container peers container origin { description "Origin sub commands"; leaf host { type xr:Cisco-ios-xr-string { length "1..256"; } description "host information"; } leaf realm { type xr:Cisco-ios-xr-string { length "1..256"; } description "Realm information "; } } // container origin container timer { description "Timers used for the peer"; leaf connection { type uint32 { range "6..1000"; } description "Connection retry timer"; } leaf transaction { type uint32 { range "6..1000"; } description "Transaction timer"; } leaf watchdog { type uint32 { range "6..1000"; } description "Watchdog timer"; } } // container timer container service { description "Peer configuration"; list peer { key "peer-name"; description "Name for the diameter peer configuration"; leaf peer-name { type string { length "1..800"; } description "Name for the diameter peer configuration"; } leaf monitoring-key { type xr:Cisco-ios-xr-string { length "1..800"; } description "Peer configuration"; } } // list peer } // container service leaf source-interface { type xr:Interface-name; description "Specify interface for source address in DIAMETER packets"; } container vendor { description "Vendor specific"; container supported { description "Supported vendors"; container threegpp { presence "Indicates a threegpp node is configured."; description "3GPP attribute support"; } // container threegpp container cisco { presence "Indicates a cisco node is configured."; description "Cisco attribute support"; } // container cisco container vodafone { presence "Indicates a vodafone node is configured."; description "Vodafone attribute support"; } // container vodafone container etsi { presence "Indicates a etsi node is configured."; description "Etsi attribute support"; } // container etsi } // container supported } // container vendor container tls { description "TLS sub commands"; leaf trustpoint { type xr:Cisco-ios-xr-string { length "1..800"; } description "trustpoint information"; } } // container tls container subscription-id { description "Subscription-Id AVP, to identify the end user's subscription"; leaf type { type uint32 { range "0..4"; } description "Type of indentifier carried by subscription-Id AVP"; } } // container subscription-id container gx { description "Start diameter policy-if"; container enable { presence "Indicates an enable node is configured."; } // container enable leaf tx-timer { type uint32 { range "6..1000"; } description "Set transaction timer"; } leaf retransmit { type uint32 { range "1..10"; } description "Set retransmit count"; } leaf dest-host { type xr:Cisco-ios-xr-string { length "1..256"; } description "Set retransmit count"; } } // container gx container gy { description "Start diameter prepaid service"; container enable { presence "Indicates an enable node is configured."; } // container enable leaf tx-timer { type uint32 { range "6..1000"; } description "Set transaction timer"; } leaf retransmit { type uint32 { range "1..10"; } description "Set retransmit count"; } leaf dest-host { type xr:Cisco-ios-xr-string { length "1..256"; } description "Set destination host"; } leaf service-context-id { type xr:Cisco-ios-xr-string { length "1..256"; } description "Set service context id"; } } // container gy container nas { description "Start diameter Nas"; container enable { presence "Indicates an enable node is configured."; } // container enable leaf dest-host { type xr:Cisco-ios-xr-string { length "1..256"; } description "Set destination host for NAS"; } } // container nas container quota-high-usage { description "To disable quota high usage disconnect (applicable only for GX_PLUS)"; container disconnect-disable { presence "Indicates a disconnect-disable node is configured."; description "To disable quota high usage disconnect (applicable only for GX_PLUS)"; } // container disconnect-disable } // container quota-high-usage container attribute { description "Attribute list configuration for test command"; container lists { description "attribute list configuration"; list list { key "attribute-list-number"; description "attribute list number"; leaf attribute-list-number { type uint32 { range "0..99"; } description "attribute list number"; } container attribute { description "Specify an attribute definition"; container attribute-lists { list attribute-list { key "attribute-id"; leaf attribute-id { type uint32 { range "1..65535"; } description "Attribute id"; } leaf address { type inet:ipv4-address-no-zone; description "Address format"; } leaf binary { type xr:Cisco-ios-xr-string { length "1..1024"; } description "Binary type"; } leaf boolean { type uint32 { range "0..4294967295"; } description "Boolean type"; } leaf diameter-identity { type xr:Cisco-ios-xr-string { length "1..1024"; } description "diameter identity"; } leaf enum { type uint32 { range "0..4294967295"; } description "Enumeration type"; } leaf grouped { type uint32 { range "0..99"; } description "Grouped attribute"; } leaf string { type xr:Cisco-ios-xr-string { length "1..1024"; } description "String type"; } leaf ulong { type uint32 { range "0..4294967295"; } description "Numeric type"; } leaf ulonglong { type uint32 { range "0..4294967295"; } description "Numeric type"; } leaf utc { type uint32 { range "0..4294967295"; } description "Numeric type"; } container mandatory { presence "Indicates a mandatory node is configured."; description "specify if the attribute is mandatory"; } // container mandatory } // list attribute-list } // container attribute-lists container vendor-id-attribute-lists { list vendor-id-attribute-list { key "attribute-id vendor-id"; leaf attribute-id { type uint32 { range "1..65535"; } description "Attribute id"; } leaf vendor-id { type uint32 { range "0..4294967295"; } description "vendor id"; } leaf address { type inet:ipv4-address-no-zone; description "Address format"; } leaf binary { type xr:Cisco-ios-xr-string { length "1..1024"; } description "Binary type"; } leaf boolean { type uint32 { range "0..4294967295"; } description "Boolean type"; } leaf diameter-identity { type xr:Cisco-ios-xr-string { length "1..1024"; } description "diameter identity"; } leaf enum { type uint32 { range "0..4294967295"; } description "Enumeration type"; } leaf grouped { type uint32 { range "0..99"; } description "Grouped attribute"; } leaf string { type xr:Cisco-ios-xr-string { length "1..1024"; } description "String type"; } leaf ulong { type uint32 { range "0..4294967295"; } description "Numeric type"; } leaf ulonglong { type uint32 { range "0..4294967295"; } description "Numeric type"; } leaf utc { type uint32 { range "0..4294967295"; } description "Numeric type"; } container mandatory { presence "Indicates a mandatory node is configured."; description "specify if the attribute is mandatory"; } // container mandatory } // list vendor-id-attribute-list } // container vendor-id-attribute-lists } // container attribute } // list list } // container lists } // container attribute } // container diameter container nacm { description "NACM configuration"; container read-default { description "Read default flag"; container permit { must "not(../deny)"; presence "Indicates a permit node is configured."; description "Permit read operation by default."; } // container permit container deny { must "not(../permit)"; presence "Indicates a deny node is configured."; description "Deny read operation by default."; } // container deny } // container read-default container write-default { description "Write default flag"; container permit { must "not(../deny)"; presence "Indicates a permit node is configured."; description "Permit write operation by default."; } // container permit container deny { must "not(../permit)"; presence "Indicates a deny node is configured."; description "Deny write operation by default."; } // container deny } // container write-default container exec-default { description "Exec default flag"; container permit { must "not(../deny)"; presence "Indicates a permit node is configured."; description "Permit exec operation by default."; } // container permit container deny { must "not(../permit)"; presence "Indicates a deny node is configured."; description "Deny exec operation by default."; } // container deny } // container exec-default container enable-external-groups { description "Enable external groups flag"; container true { must "not(../false)"; presence "Indicates a true node is configured."; description "Enable external groups by default."; } // container true container false { must "not(../true)"; presence "Indicates a false node is configured."; description "Disable external groups by default."; } // container false } // container enable-external-groups container groups { description "Specify groups in nacm"; list group { must "usernames"; key "group-name"; description "Specify groups in nacm"; leaf group-name { type xr:Cisco-ios-xr-string { length "1..800"; } description "Specify groups in nacm"; } container usernames { presence "Indicates a usernames node is configured."; description "Usernames list to add under nacm group"; leaf-list username { type xr:Cisco-ios-xr-string { length "1..800"; } max-elements 16; description "Username to add under nacm group"; } } // container usernames } // list group } // container groups container rule-lists { description "Specify rule-list in nacm"; list rule-list { key "index name"; description "Specify rule-list in nacm"; leaf index { type xr:Cisco-ios-xr-string { length "1..800"; } description "Specify rule-list in nacm"; } leaf name { type xr:Cisco-ios-xr-string { length "1..800"; } description "Name of nacm rule-list"; } container groupnames { description "Specify groups under rule-list"; leaf-list groupname { type xr:Cisco-ios-xr-string { length "1..800"; } max-elements 16; description "Groupname to add under nacm rule-list"; } } // container groupnames container rules { description "Specify rules in nacm rule-list"; list rule { key "index name"; description "Specify rules in nacm rule-list"; leaf index { type xr:Cisco-ios-xr-string { length "1..800"; } description "Specify rules in nacm rule-list"; } leaf name { type xr:Cisco-ios-xr-string { length "1..800"; } description "Name of nacm rule in rule-list"; } container action { description "Action for rule"; container permit { must "not(../deny)"; presence "Indicates a permit node is configured."; description "Action value for rule"; } // container permit container deny { must "not(../permit)"; presence "Indicates a deny node is configured."; description "Action value for rule"; } // container deny } // container action leaf module-name { type string { length "1..800"; } description "Module-name for rule"; } container rule-type { description "Rule-type values for rule"; leaf rpc { type string { length "1..800"; } must "not(../data-node)"; description "Rule-type rpc"; } leaf data-node { type string { length "1..800"; } must "not(../rpc)"; description "rule-type data-node"; } } // container rule-type container access-operations { presence "Indicates a access-operations node is configured."; description "Access-operations for rule"; leaf create { type uint32 { range "0..1"; } mandatory true; description "Create bit for rule"; } leaf read { type uint32 { range "0..1"; } mandatory true; description "Read bit for rule"; } leaf update { type uint32 { range "0..1"; } mandatory true; description "Update bit for rule"; } leaf delete { type uint32 { range "0..1"; } mandatory true; description "Delete bit for rule"; } leaf exec { type uint32 { range "0..1"; } mandatory true; description "Exec bit for rule"; } leaf all { type uint32 { range "0..1"; } mandatory true; description "All bits for rule"; } } // container access-operations leaf comment { type string { length "1..800"; } description "Comment for rule"; } } // list rule } // container rules } // list rule-list } // container rule-lists } // container nacm } // container aaa } // module Cisco-IOS-XR-um-aaa-cfg
© 2023 YumaWorks, Inc. All rights reserved.