SNMP.
Version: 2020-04-13
module huawei-snmp { yang-version 1; namespace "urn:huawei:yang:huawei-snmp"; prefix snmp; import huawei-pub-type { prefix pub-type; } import ietf-inet-types { prefix inet; } import huawei-extension { prefix ext; } include huawei-snmp-type; organization "Huawei Technologies Co., Ltd."; contact "Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: http://www.huawei.com Email: support@huawei.com"; description "SNMP."; revision "2020-04-13" { description "YANG refactoring extension."; reference "Huawei private."; } revision "2020-03-27" { description "YANG refactoring extension."; reference "Huawei private."; } revision "2020-03-16" { description "Modify description syntax."; reference "Huawei private."; } revision "2020-03-10" { description "Modify description syntax."; reference "Huawei private."; } revision "2020-02-07" { description "Modify description engine ID."; reference "Huawei private."; } revision "2019-12-26" { description "Modify description syntax."; reference "Huawei private."; } revision "2019-11-29" { description "YANG refactoring extension."; reference "Huawei private."; } revision "2019-10-26" { description "YANG refactoring extension."; reference "Huawei private."; } revision "2019-04-23" { description "Init revision."; reference "Huawei private."; } ext:task-name "snmp"; container snmp { description "SNMP."; container agent-flag { description "Configure SNMP agent parameters."; leaf agent-enable { type boolean; default "false"; description "Enable/disable SNMP Agent Switch."; } } // container agent-flag container engine { description "Configure SNMP engine parameters."; leaf version { type snmp-version; default "v3"; description "Version supported by SNMP engine."; } leaf id { ext:dynamic-default; type snmp-engine-id; description "Engine ID of the SNMP, official unique identifier. By default, the VRP uses an internal algorithm to automatically generate an engine ID. The engine ID consists of an enterprise number and device information. When the engine ID changes, all existing SNMP USM users will be deleted."; } leaf max-msg-size { type int32 { range "484..17940"; } default "12000"; description "Maximum length of packet supported by SNMP engine."; } } // container engine container system { description "Configure SNMP parameters."; leaf trap-source-interface-name { type pub-type:if-name; description "Name of the interface to send the trap message."; } leaf trap-source-ipv4-address { type inet:ipv4-address-no-zone; description "Source IP to send trap/notification message."; } leaf inform-timeout { type uint32 { range "1..1800"; } units "s"; default "15"; description "Wait for the confirmation of the sent alarm till timeout."; } leaf inform-resend-times { type uint32 { range "0..10"; } default "3"; description "Maximum number of times the trap packet should be sent if confirmation of alarm is not received."; } leaf inform-pend-number { type uint32 { range "1..2048"; } default "39"; description "Number of alarms sent for which confirmation is still pending."; } leaf packet-priority { type uint32 { range "0..7"; } default "6"; description "The priority of SNMP response packet."; } leaf trap-packet-priority { type uint32 { range "0..7"; } default "6"; description "The priority of SNMP trap packet."; } leaf listen-port { type uint32 { range "161 | 1025..65535"; } default "161"; description "SNMP listen port."; } leaf trap-listen-port { type uint32 { range "1025..65535"; } description "SNMP trap port."; } leaf acl { type string { length "1..64"; } description "SNMP protocol level ACL."; } leaf community-cmplx-check { type boolean; default "true"; description "Enable/disable community complexity check switch."; } leaf usm-user-cmplx-check { type boolean; default "true"; description "Enable/disable USM user password complexity check switch."; } leaf ext-err-code-enable { type boolean; default "false"; description "Enable/disable extend error code switch."; } leaf set-cache-enable { type boolean; default "false"; description "Enable/disable set-cache switch."; } leaf local-user-cmplx-check { type boolean; default "true"; description "Enable/disable local user password complexity check switch."; } leaf protocol-source-interface-name { type pub-type:if-name; status obsolete; description "SNMP protocol source interface. The node /snmp:snmp/snmp:system/snmp:protocol-source-interface-name is not supported currently. You are advised to use the node /snmp:snmp/snmp:source-interfaces/snmp:source-interface/snmp:interface-name."; } leaf password-min-length { type uint32 { range "8..16"; } default "8"; description "SNMP password minimum length."; } leaf getbulk-timeout { type uint32 { range "0..600"; } units "s"; default "2"; description "Timeout period of SNMP get-bulk."; } leaf protocol-source-ipv6-address { type inet:ipv6-address-no-zone; status obsolete; description "SNMP protocol source IPv6 address. The node /snmp:snmp/snmp:system/snmp:protocol-source-ipv6-address is not supported currently. You are advised to use the node /snmp:snmp/snmp:ipv6-sources/snmp:ipv6-source/snmp:src-ipv6-address."; } leaf vpn-instance-name { type string { length "1..31"; } must "../vpn-instance-name='_public_' or ../is-public-net='false'"; description "VPN instance Name."; } leaf ipv6-vpn-instance-name { type string { length "1..31"; } must "../ipv6-vpn-instance-name='_public_' or ../is-ipv6-public-net='false'"; description "VPN instance Name."; } leaf is-public-net { type boolean; default "false"; description "Enable/disable receive SNMP IPv4 message from public net."; } leaf is-ipv6-public-net { type boolean; default "false"; description "Enable/disable receive SNMP IPv6 message from public net."; } leaf ctx-engineid-check-enable { type boolean; default "false"; description "Enable/disable context engine id check switch."; } leaf ipv4-listen-disable { type boolean; default "false"; description "Enable/disable IPv4 listen function switch."; } leaf ipv6-listen-disable { type boolean; default "false"; description "Enable/disable IPv6 listen function switch."; } leaf ipv6-trap-source-ip { type inet:ipv6-address-no-zone; description "IPv6 source IP to send trap/notification message."; } leaf ipv6-trap-source-vpn { type string { length "1..31"; } must "../ipv6-trap-source-ip"; description "VPN instance name. The specified VPN instance must exist and IPv6-family must be enabled in the VPN instance."; } } // container system container source-interfaces { description "List of source interfaces."; list source-interface { key "interface-name"; max-elements 20; description "Configure Source interface entry."; leaf interface-name { type pub-type:if-name; description "Source interface name."; } } // list source-interface } // container source-interfaces container isolate-source-interfaces { description "List of isolate source interfaces."; list isolate-source-interface { key "interface-name src-ipv4-address"; max-elements 20; description "Configure isolate source interface entry."; leaf interface-name { type pub-type:if-name; must "count(/snmp/source-interfaces/source-interface[interface-name = current()]) = 0"; description "Source interface name."; } leaf src-ipv4-address { type inet:ipv4-address-no-zone; description "Source IPv4 address."; } } // list isolate-source-interface } // container isolate-source-interfaces container ipv6-sources { description "List of source IPv6 address."; list ipv6-source { key "src-ipv6-address"; max-elements 20; description "Configure source IPv6 address entry."; leaf src-ipv6-address { type inet:ipv6-address-no-zone; description "Source IPv6 address."; } leaf vpn-name { type string { length "1..31"; } description "Source IPv6 VPN instance name."; } } // list ipv6-source } // container ipv6-sources container isolate-ipv6-sources { description "List of configure isolate source IPv6 address."; list isolate-ipv6-source { key "interface-name src-ipv6-address"; max-elements 20; description "Configure source IPv6 address entry."; leaf interface-name { type pub-type:if-name; description "Source interface name."; } leaf src-ipv6-address { type inet:ipv6-address-no-zone; must "count(/snmp/ipv6-sources/ipv6-source[src-ipv6-address = current()]) = 0"; description "Source IPv6 address."; } } // list isolate-ipv6-source } // container isolate-ipv6-sources container all-interface { description "Configure all-interface."; leaf all-ipv4-interface { type boolean; default "false"; description "Enable/disable bind all IPv4 interface."; } leaf all-ipv6-interface { type boolean; default "false"; description "Enable/disable bind all IPv6 interface."; } } // container all-interface container target-hosts { description "List of target host for traps and informs."; list target-host { key "nms-name"; max-elements 20; description "Configure target host entry."; leaf nms-name { type string { length "1..32"; } description "Unique name to identify target host entry."; } leaf domain { type snmp-domain; mandatory true; description "Address domain."; } leaf address { type inet:ip-address-no-zone; mandatory true; description "Network address."; } leaf target-inform-timeout { when "../notify-type = 'inform'"; type int32 { range "1..1800"; } units "s"; default "15"; description "Timeout period of SNMP inform packets for the target."; } leaf target-inform-resend-times { when "../notify-type = 'inform'"; type int32 { range "0..10"; } default "3"; description "Maximum number of time to re-transmit the SNMP inform packet if acknowledgement is not received from the target."; } leaf notify-type { type snmp-notify; mandatory true; description "Notify type about alarm message."; } leaf vpn-instance-name { type string { length "1..31"; } must "../vpn-instance-name='_public_' or ../is-public-net='false'"; description "VPN instance name."; } leaf port-number { type uint32 { range "0..65535"; } default "162"; description "UDP port number used by network management to receive alarm messages."; } choice params { mandatory true; description "This choice is augmented with case nodes containing configuration parameters specific to the security model."; case v1 { description "Security model SNMPv1."; leaf security-name-v1 { when "../notify-type != 'inform'"; type pub-type:password-extend { length "1..32 | 48 | 56 | 68..168"; } mandatory true; description "SNMPV1 security name."; } } // case v1 case v2c { description "Security model v2c."; leaf security-name-v2c { type pub-type:password-extend { length "1..32 | 48 | 56 | 68..168"; } mandatory true; description "SNMPV2c security name."; } } // case v2c case usm { description "Security model SNMPv3."; leaf usm-name { type string { length "1..32"; } mandatory true; description "Usm name."; } leaf security-level { type snmp-security-level; mandatory true; description "Security level indicating whether to use authentication and encryption."; } } // case usm } // choice params leaf private-netmanager { type boolean; default "false"; description "Enable/disable private VB's for target host."; } leaf is-public-net { type boolean; default "false"; description "Enable/disable Public Net-manager for target Host."; } leaf ext-vb { type boolean; default "false"; description "Enable/disable extended VB's for target host."; } leaf notify-fltr-profile-name { type string { length "1..32"; } description "To configure notification filter profile for target host."; } leaf retries-num { type uint32; config false; description "Number of retries made in sending inform."; } leaf pending-num { type uint32; config false; description "Number of informs which are waiting for acknowledgement."; } leaf sent-num { type uint32; config false; description "Number of packets sent."; } leaf dropped-num { type uint32; config false; description "Number of packets dropped while sending."; } leaf failed-num { type uint32; config false; description "Number of informs failed to receive acknowledgement."; } leaf confirmed-num { type uint32; config false; description "Number of informs received acknowledgement."; } leaf interface-name { type pub-type:if-name; description "The specified source interface must exist and an IP address must be configured on the interface."; } leaf is-need-heart-beat { type boolean; default "false"; description "Enable/disable isNeedHeartBeat."; } leaf heart-beat-time { when "../is-need-heart-beat = 'true'"; type uint32 { range "1..48"; } units "h"; default "24"; description "Heart beat time."; } leaf status { type boolean; default "false"; config false; description "Is target alive."; } container host-alarm { description "Configure of the NMS host."; leaf enable-alarm { type host-enable-flag; default "true"; description "Report alarms to a host."; } } // container host-alarm } // list target-host } // container target-hosts container mib-views { description "List of VACM view to configure MIB subtree."; list mib-view { key "view-name sub-tree"; description "Configure name of MIB View entry."; leaf view-name { type string { length "1..32"; } description "Name of subtree's MIB view entry."; } leaf sub-tree { type string { length "1..255"; } description "MIB subtree."; } leaf type { type snmp-filter; mandatory true; description "Filter (include | exclude)."; } } // list mib-view } // container mib-views container v3-groups { description "List of SNMPv3 groups."; list v3-group { key "group-name security-level"; max-elements 20; description "Configure SNMPv3 group entry."; leaf group-name { type string { length "1..32"; } description "Unique name to identify the SNMPv3 group."; } leaf security-level { type snmp-security-level; description "Security level indicating whether to use authentication and encryption."; } leaf read-view-name { type leafref { path "/snmp:snmp/snmp:mib-views/snmp:mib-view/snmp:view-name"; } description "MIB view name for read."; } leaf write-view-name { type leafref { path "/snmp:snmp/snmp:mib-views/snmp:mib-view/snmp:view-name"; } description "MIB view name for write."; } leaf notify-view-name { type leafref { path "/snmp:snmp/snmp:mib-views/snmp:mib-view/snmp:view-name"; } description "MIB view name for notification."; } leaf acl-number { type string { length "1..64"; } description "ACL, leafref path /acl/aclGroups/aclGroup/aclNumOrName or /acl/aclGroup6s/aclGroup6/aclNumOrName."; } } // list v3-group } // container v3-groups container usm-users { description "List of USM users for SNMPv3."; list usm-user { key "user-name"; max-elements 20; description "Configure USM user entry."; leaf user-name { type string { length "1..32"; } description "Unique name to identify the USM user."; } leaf group-name { type string { length "1..32"; } description "Name of the group where user belongs to."; } leaf is-auth-localized { type boolean; default "false"; config false; description "The flag of localized authentication-mode."; } leaf auth-protocol { type snmp-authenmode; default "noAuth"; description "Authentication protocol."; } leaf auth-key { when "../auth-protocol != 'noAuth'"; type pub-type:password-extend { length "1..432"; } must "string-length(../auth-key)>=../../../system/password-min-length or ../../../system/usm-user-cmplx-check='false'"; mandatory true; description "The authentication password."; } leaf is-priv-localized { type boolean; default "false"; config false; description "The flag of localized privacy-mode."; } leaf priv-protocol { type snmp-privacy; must "../priv-protocol='noPriv' or (../priv-protocol!='noPriv' and ../auth-protocol!='noAuth')"; default "noPriv"; description "Encryption protocol."; } leaf priv-key { when "../auth-protocol!='noAuth' and ../priv-protocol!='noPriv'"; type pub-type:password-extend { length "1..432"; } must "string-length(../priv-key)>=../../../system/password-min-length or ../../../system/usm-user-cmplx-check='false'"; mandatory true; description "The encryption password."; } leaf acl-number { type string { length "1..64"; } description "ACL, leafref path /acl/aclGroups/aclGroup/aclNumOrName or /acl/aclGroup6s/aclGroup6/aclNumOrName."; } leaf active-status { type string { length "1..9"; } config false; description "User block state."; } leaf left-lock-time { type uint32 { range "0..4294967295"; } units "s"; config false; description "Left lock time of locked user."; } } // list usm-user } // container usm-users container local-users { description "List of local users for SNMPv3."; list local-user { key "name"; max-elements 1000; description "Configure local User entry."; leaf name { type string { length "1..32"; } description "Unique name to identify the local user."; } leaf auth-protocol { type snmp-local-authenmode; mandatory true; description "Authentication protocol (md5 | sha | sha2-224 | sha2-256 | sha2-384 | sha2-512)."; } leaf auth-key { type pub-type:password-extend { length "1..432"; } must "((../../../system/local-user-cmplx-check='true') and (string-length(../auth-key)) >= ../../../system/password-min-length) or (../../../system/local-user-cmplx-check!='true')"; mandatory true; description "The authentication password."; } leaf priv-protocol { type snmp-local-privacy; mandatory true; description "Encryption protocol."; } leaf priv-key { type pub-type:password-extend { length "1..432"; } must "((../../../system/local-user-cmplx-check='true') and (string-length(../priv-key)) >= ../../../system/password-min-length) or (../../../system/local-user-cmplx-check!='true')"; mandatory true; description "The encryption password."; } leaf active-status { type string { length "1..9"; } config false; description "User block state."; } leaf left-lock-time { type uint32 { range "1..4294967295"; } units "s"; config false; description "Left lock time of locked user."; } } // list local-user } // container local-users container communitys { status deprecated; description "List of SNMP communtiy for SNMPv1 and SNMPv2. The node communitys is deprecated. You are advised to use the node standard-communitys."; list community { key "name"; max-elements 25; status deprecated; description "Configure community entry."; leaf name { type pub-type:password-extend { length "1..32 | 44 | 56 | 80 | 88..168"; } must "string-length(../name)>=../../../system/password-min-length or ../../../system/community-cmplx-check='false'"; status deprecated; description "Unique name to identify the community."; } leaf access-right { type snmp-access; mandatory true; status deprecated; description "Access right."; } leaf view-name { type string { length "1..32"; } status deprecated; description "MIB name."; } leaf acl { type string { length "1..64"; } status deprecated; description "ACL, leafref path /acl/aclGroups/aclGroup/aclNumOrName or /acl/aclGroup6s/aclGroup6/aclNumOrName."; } leaf alias-name { type string { length "1..32"; } must "(../alias-name!=../name)"; status deprecated; description "Unique alias name to identify community."; } } // list community } // container communitys container standard-communitys { description "List of SNMP communtiy for SNMPv1 and SNMPv2."; list standard-community { key "alias-name"; unique "name"; max-elements 25; description "Configure community entry."; leaf alias-name { type string { length "1..32"; } must "(../alias-name!=../name)"; description "Unique alias name to identify community."; } leaf name { type pub-type:password-extend { length "1..32 | 44 | 56 | 80 | 88..168"; } must "string-length(../name)>=../../../system/password-min-length or ../../../system/community-cmplx-check='false'"; mandatory true; description "Unique name to identify the community."; } leaf access-right { type snmp-access; mandatory true; description "Access right."; } leaf view-name { type string { length "1..32"; } description "MIB name."; } leaf acl { type string { length "1..64"; } description "ACL, leafref path /acl:acl/acl:groups/acl:group/acl:identity or /acl:acl/acl:group6s/acl:group6/acl:identity."; } } // list standard-community } // container standard-communitys container black-list { description "Configure blacklist parameters."; leaf ip-disable { type boolean; default "false"; description "Enable/disable IP blocker."; } leaf user-disable { type boolean; default "false"; description "Enable/disable user blocker."; } leaf user-fail-count { type uint32 { range "0..10"; } default "5"; description "User failure count."; } leaf user-period { type uint32 { range "1..120"; } default "5"; description "User blocked period."; } leaf user-reactive-time { type uint32 { range "0..1000"; } units "min"; default "5"; description "User reactive period."; } } // container black-list container notification { description "Configure the notification log global parameters."; leaf notif-log-enable { type boolean; default "false"; description "Enable/disable notification log switch."; } leaf notif-global-ageout { type uint32 { range "0 | 12..36"; } units "h"; default "24"; description "The notification aging time."; } leaf notif-global-limit { type uint32 { range "1..15000"; } default "500"; description "Maximum number of notification entries to be stored."; } } // container notification container ntfy-fltr-prfs { description "List of notify filter profiles."; list ntfy-fltr-prf { key "name subtree"; max-elements 20; description "Configure notify filter profile entry."; leaf name { type string { length "1..32"; } description "Name to identify notify filter profile."; } leaf subtree { type string { length "1..255"; } description "Subtree name of MIB object for trap/notification."; } leaf type { type snmp-filter; default "included"; description "Filter (include | exclude)."; } } // list ntfy-fltr-prf } // container ntfy-fltr-prfs container glbal-stats { config false; description "SNMP statistics."; leaf in-pkts { type uint32 { range "0..4294967295"; } config false; description "Number of packets received by the equipment."; } leaf out-pkts { type uint32 { range "0..4294967295"; } config false; description "Number of packets sent by the equipment."; } leaf in-bad-versions { type uint32 { range "0..4294967295"; } config false; description "Received received version is not Supported by SNMP engine for these number of packets."; } leaf in-bad-cmmty-names { type uint32 { range "0..4294967295"; } config false; description "Number of packets the device received with invalid group name."; } leaf in-bad-cmmty-users { type uint32 { range "0..4294967295"; } config false; description "Number of packets received by the device with group name corresponding to permission error."; } leaf in-asn-parse-errs { type uint32 { range "0..4294967295"; } config false; description "Number of packets received with ASN.1/BER errors."; } leaf in-too-bigs { type uint32 { range "0..4294967295"; } config false; description "Number of packets received by the SNMP protocol entities having error status field value 'in-too-bigs'."; } leaf in-nosuch-names { type uint32 { range "0..4294967295"; } config false; description "Number of packets received by the SNMP protocol entities having error status field value 'in-nosuch-names'."; } leaf in-bad-values { type uint32 { range "0..4294967295"; } config false; description "Number of packets received by the SNMP protocol entities having error status field value 'in-bad-values'."; } leaf in-read-onlys { type uint32 { range "0..4294967295"; } config false; description "Number of packets received by the SNMP protocol entities having error status field value 'in-read-onlys'."; } leaf in-gen-errs { type uint32 { range "0..4294967295"; } config false; description "Number of packets received by the SNMP protocol entities having error status field value 'in-gen-errs'."; } leaf in-total-req-vars { type uint32 { range "0..4294967295"; } config false; description "This number indicates the success of the SNMP entities to obtain the value from the nodes of MIB."; } leaf in-total-set-vars { type uint32 { range "0..4294967295"; } config false; description "This number indicates the success of the SNMP entities to set the value of the nodes of MIB."; } leaf in-get-reqs { type uint32 { range "0..4294967295"; } config false; description "Number of packets of 'Get' type received and processed by the equipment."; } leaf in-get-nexts { type uint32 { range "0..4294967295"; } config false; description "Number of packets of 'Get-Next' type received and processed by the equipment."; } leaf in-set-reqs { type uint32 { range "0..4294967295"; } config false; description "Number of packets of 'Set' type received and processed by the equipment."; } leaf in-get-resps { type uint32 { range "0..4294967295"; } config false; description "Number of packets of 'Get-Response' type received and processed by the equipment."; } leaf in-traps { type uint32 { range "0..4294967295"; } config false; description "Number of packets of 'Trap' type received and processed by the equipment."; } leaf out-too-bigs { type uint32 { range "0..4294967295"; } config false; description "Number of PDU generated by the SNMP protocol entities having error status field value 'outTooBig'."; } leaf out-nosuch-names { type uint32 { range "0..4294967295"; } config false; description "Number of PDU generated by the SNMP protocol entities having error status field value 'NoSuchName'."; } leaf out-bad-values { type uint32 { range "0..4294967295"; } config false; description "Number of PDU generated by the SNMP protocol entities having error status field value 'BadValue'."; } leaf out-gen-errs { type uint32 { range "0..4294967295"; } config false; description "Out Gen Errors."; } leaf out-get-reqs { type uint32 { range "0..4294967295"; } config false; description "Number of packets of 'Get' type generated by the equipment."; } leaf out-get-nexts { type uint32 { range "0..4294967295"; } config false; description "Number of packets of 'Get-Next' type generated by the equipment."; } leaf out-set-reqs { type uint32 { range "0..4294967295"; } config false; description "Number of packets of 'set' type generated by the equipment."; } leaf out-get-resps { type uint32 { range "0..4294967295"; } config false; description "Number of packets of 'Get Response' type generated by the equipment."; } leaf out-traps { type uint32 { range "0..4294967295"; } config false; description "Number of packets of 'Trap' type generated by the equipment."; } leaf silent-drops { type uint32 { range "0..4294967295"; } config false; description "Silent drops."; } leaf in-get-bulks { type uint32 { range "0..4294967295"; } config false; description "Number of packets of 'Get-Bulk' type received and processed by the equipment."; } leaf out-get-bulks { type uint32 { range "0..4294967295"; } config false; description "Number of packets of 'Get-Bulk' type generated by the equipment."; } leaf in-informs { type uint32 { range "0..4294967295"; } config false; description "Number of packets of 'Inform' type received and processed by the equipment."; } leaf in-proxy-pkts { type uint32 { range "0..4294967295"; } config false; description "Number of proxy packets received by the equipment."; } leaf proxy-drops { type uint32 { range "0..4294967295"; } config false; description "Proxy drops."; } } // container glbal-stats container usm-stats { config false; description "USM statistics."; leaf unknown-user-mame { type uint32 { range "0..2147483647"; } config false; description "Number of packets with unknown userName received and discarded by the equipment."; } leaf wrong-digests { type uint32 { range "0..2147483647"; } config false; description "Number of packets not having the expected digest value, received and dropped by the equipment."; } leaf unsuppt-sec-levs { type uint32 { range "0..2147483647"; } config false; description "Number of packets with invalid/unknown security level received and discarded by the equipment."; } leaf out-tm-windows { type uint32 { range "0..2147483647"; } config false; description "Authentication packets outside window."; } leaf unknown-engine-ids { type uint32 { range "0..2147483647"; } config false; description "Number of packets received from an unknown engine ID which are dropped by equipment."; } leaf decryption-errs { type uint32 { range "0..2147483647"; } config false; description "Number of packets dropped by the equipment due to the failure of decrypting the packet."; } } // container usm-stats container mpd-stats { config false; description "Message processsing and statistics."; leaf unknown-sec-model { type uint32; config false; description "Number of packets discarded because references do not support security model."; } leaf inval-msgs { type uint32; config false; description "Total number of packets discarded because they contained illegal information."; } leaf unknown-pduhandle { type uint32; config false; description "Total number of packets with unknown PDU handle discarded by the equipment."; } } // container mpd-stats container ntfcation-stats { config false; description "Global notification log statistics."; leaf total-ntfs-logged { type uint32; config false; description "Number of notification logs saved."; } leaf total-ntfs-bumped { type uint32; config false; description "Number of notification logs removed."; } leaf total-log-entrs { type uint32; config false; description "Current number of notification log entries."; } } // container ntfcation-stats container proxy { description "Configure SNMP proxy."; container communitys { status deprecated; description "List of SNMP proxy communtiy for SNMPv1 and SNMPv2. The node communitys is deprecated. You are advised to use the node standard-communitys."; list community { key "name"; max-elements 20; status deprecated; description "Configure community entry."; leaf name { type pub-type:password-extend { length "1..32 | 88..168"; } must "string-length(../name)>=../../../../system/password-min-length or ../../../../system/community-cmplx-check='false'"; status deprecated; description "Unique name to identify the community."; } leaf engine-id { ext:support-filter "true"; type snmp-engine-id; mandatory true; status deprecated; description "Remote engine ID of the SNMP community."; } leaf acl { type string { length "1..64"; } status deprecated; description "ACL, leafref path /acl/aclGroups/aclGroup/aclNumOrName or /acl/aclGroup6s/aclGroup6/aclNumOrName."; } leaf alias-name { type string { length "1..32"; } must "(../alias-name!=../name)"; status deprecated; description "Unique alias name to identify community."; } } // list community } // container communitys container standard-communitys { description "List of SNMP proxy communtiy for SNMPv1 and SNMPv2."; list standard-community { key "alias-name"; unique "name"; max-elements 20; description "Configure community entry."; leaf alias-name { type string { length "1..32"; } must "(../alias-name!=../name)"; description "Unique alias name to identify community."; } leaf name { type pub-type:password-extend { length "1..32 | 88..168"; } must "string-length(../name)>=../../../../system/password-min-length or ../../../../system/community-cmplx-check='false'"; mandatory true; description "Unique name to identify the community."; } leaf engine-id { ext:support-filter "true"; type snmp-engine-id; mandatory true; description "Remote engine ID of the SNMP community."; } leaf acl { type string { length "1..64"; } description "ACL, leafref path /acl:acl/acl:groups/acl:group/acl:identity or /acl:acl/acl:group6s/acl:group6/acl:identity."; } } // list standard-community } // container standard-communitys container target-hosts { description "List of alarm hosts."; list target-host { key "name"; max-elements 20; description "Configure address and related params of target host entry which sends alarm."; leaf name { type string { length "1..32"; } must "count(/snmp/target-hosts/target-host[nms-name = current()]) = 0"; description "Unique name to identify proxy target host entry."; } leaf domain { type snmp-domain; mandatory true; description "Address domain of target host."; } leaf address { type inet:ip-address-no-zone; mandatory true; description "Network address of target host."; } leaf timeout { type int32 { range "1..1800"; } units "s"; default "15"; description "Timeout period of SNMP packets (in seconds) for the target."; } leaf vpn { type string { length "1..31"; } must "not(../public-net='true') or (../public-net='true' and ../vpn='_public_')"; description "VPN instance name."; } leaf port-num { type uint32 { range "1..65535"; } mandatory true; description "UDP port number used by network management to receive forwarded packets."; } choice params { mandatory true; description "This choice is augmented with case nodes containing configuration parameters specific to the security model."; case v1 { description "Security model SNMPv1."; leaf security-name-v1 { type pub-type:password-extend { length "1..32 | 48 | 56 | 68..168"; } mandatory true; description "SNMPV1 security name."; } } // case v1 case v2c { description "Security model v2c."; leaf security-name-v2c { type pub-type:password-extend { length "1..32 | 48 | 56 | 68..168"; } mandatory true; description "SNMPV2c security name."; } } // case v2c case usm { description "Security model SNMPv3."; leaf usm-name { type string { length "1..32"; } mandatory true; description "Usm name."; } leaf security-level { type snmp-security-level; mandatory true; description "Security level indicating whether to use authentication and encryption."; } } // case usm } // choice params leaf interface-name { type pub-type:if-name; description "Name of the interface to send the forwarded packets."; } leaf public-net { type boolean; default "false"; description "Enable/disable public net-manager for target host."; } } // list target-host } // container target-hosts container rules { description "List of proxy rules."; list rule { key "name"; max-elements 20; description "Configure proxy rule entry."; leaf name { type string { length "1..32"; } description "Unique name to identify proxy rule entry."; } leaf type { type snmp-proxy-type; mandatory true; description "Proxy rule for message type (read | write | trap | inform)."; } leaf engine-id { type snmp-engine-id; mandatory true; description "Remote engine ID for the proxy rule."; } leaf host-name { type string { length "1..32"; } mandatory true; description "Proxy target host name to forward the packet, leafref path /snmp:snmp/snmp:proxy/snmp:target-hosts/snmp:target-host/snmp:name."; } leaf security-model { type snmp-target-host-version; must "(../type='inform' and (../security-model='v2c' or ../security-model='v3') ) or ((not(../type='inform') and (../security-model='v1' or ../security-model='v2c' or ../security-model='v3') ))"; mandatory true; description "Security model."; } leaf security-name { when "../security-model != 'v3'"; type pub-type:password-extend { length "1..32 | 48 | 56 | 68..168"; } mandatory true; description "Security name."; } leaf security-v3-name { when "../security-model='v3'"; type string { length "1..32"; } mandatory true; description "Security name v3."; } leaf security-level { type snmp-security-level; must "(../security-model!='v3' and ../security-level='noAuthNoPriv') or (../security-model='v3')"; default "noAuthNoPriv"; description "Security level indicating whether to use authentication and encryption."; } } // list rule } // container rules list usm-users { key "engine-id"; description "Configure SNMP remote usm user list."; leaf engine-id { type snmp-engine-id; description "Remote engine ID of the USM user."; } list usm-user { key "user-name"; max-elements 20; description "Configure SNMPv3 USM user entry."; leaf user-name { type string { length "1..32"; } description "Unique name to identify the SNMPv3 USM user."; } leaf group-name { type string { length "1..32"; } description "Name of the group where user belongs to SNMPv3."; } leaf is-auth-localized { type boolean; default "false"; config false; description "The flag of localized authentication-mode."; } leaf auth-protocol { type snmp-authenmode; default "noAuth"; description "Authentication protocol of SNMPv3 user."; } leaf auth-key { when "../auth-protocol != 'noAuth'"; type pub-type:password-extend { length "1..432"; } must "string-length(../auth-key)>=../../../../system/password-min-length or ../../../../system/usm-user-cmplx-check='false'"; mandatory true; description "The authentication password."; } leaf is-priv-localized { type boolean; default "false"; config false; description "The flag of localized privacy-mode."; } leaf priv-protocol { type snmp-privacy; must "../priv-protocol='noPriv' or (../priv-protocol!='noPriv' and ../auth-protocol!='noAuth')"; default "noPriv"; description "Encryption protocol of SNMPv3 user."; } leaf priv-key { when "../auth-protocol!='noAuth' and ../priv-protocol!='noPriv'"; type pub-type:password-extend { length "1..432"; } must "string-length(../priv-key)>=../../../../system/password-min-length or ../../../../system/usm-user-cmplx-check='false'"; mandatory true; description "The encryption password of SNMPv3 user."; } leaf acl-number { type string { length "1..64"; } description "ACL used to limit the host which can use SNMP to access network elements."; } leaf active-status { type string { length "1..9"; } config false; description "SNMPv3 user block state."; } leaf left-lock-time { type uint32 { range "0..4294967295"; } units "s"; config false; description "Left lock time of locked user."; } } // list usm-user } // list usm-users container source-interfaces { description "List of source interfaces."; list source-interface { key "interface-name"; max-elements 20; description "Configure source interface entry."; leaf interface-name { type pub-type:if-name; description "Specify the source interface name."; } } // list source-interface } // container source-interfaces container isolate-source-interfaces { description "List of isolate source interfaces."; list isolate-source-interface { key "interface-name src-ipv4-address"; max-elements 20; description "Configure isolate source interface entry."; leaf interface-name { type pub-type:if-name; must "count(/snmp/proxy/source-interfaces/source-interface[interface-name = current()]) = 0"; description "Source interface name."; } leaf src-ipv4-address { type inet:ipv4-address-no-zone; description "Source IPv4 address."; } } // list isolate-source-interface } // container isolate-source-interfaces container ipv6-sources { description "List of configure source IPv6 address."; list ipv6-source { key "src-ipv6-address"; max-elements 20; description "Configure source IPv6 address entry."; leaf src-ipv6-address { type inet:ipv6-address-no-zone; description "Source IPv6 address."; } leaf vpn-name { type string { length "1..31"; } description "Source IPv6 VPN instance name."; } } // list ipv6-source } // container ipv6-sources container isolate-ipv6-sources { description "List of configure isolate source IPv6 address."; list isolate-ipv6-source { key "interface-name src-ipv6-address"; max-elements 20; description "Configure source IPv6 address entry."; leaf interface-name { type pub-type:if-name; description "Source interface name."; } leaf src-ipv6-address { type inet:ipv6-address-no-zone; must "count(/snmp/proxy/ipv6-sources/ipv6-source[src-ipv6-address = current()]) = 0"; description "Source IPv6 address."; } } // list isolate-ipv6-source } // container isolate-ipv6-sources container all-interface { description "Configure bind all interface."; leaf all-ipv4-interface { type boolean; default "false"; description "Enable/disable bind all IPv4 interface."; } leaf all-ipv6-interface { type boolean; default "false"; description "Enable/disable bind all IPv6 interface."; } } // container all-interface } // container proxy } // container snmp rpc activate-users { description "Activate the users blocked by authentication failure."; input { container activate-users { description "List of users blocked by authentication failure."; list activate-user { key "name"; description "Activate the user blocked by authentication failure."; leaf name { type string { length "1..32"; } description "Unique name to identify the USM user."; } leaf engine-id { ext:support-filter "true"; type string { length "10..64"; pattern '(([0-9a-fA-F])*)'; } description "Remote engine ID."; } } // list activate-user } // container activate-users } } // rpc activate-users } // module huawei-snmp
© 2023 YumaWorks, Inc. All rights reserved.