ieee802-dot1x-types

Port-based network access control allows a network administrator to restrict the use of IEEE 802 LAN service access points (port...

  • Version: 2020-02-18

    ieee802-dot1x-types@2020-02-18


    
      module ieee802-dot1x-types {
    
        yang-version 1;
    
        namespace
          "urn:ieee:std:802.1X:yang:ieee802-dot1x-types";
    
        prefix dot1x-types;
    
        organization
          "Institute of Electrical and Electronics Engineers";
    
        contact
          "WG-URL: http://www.ieee802.org/1
        WG-EMail: stds-802-1-L@ieee.org
    
        Contact: IEEE 802.1 Working Group Chair
        Postal: C/O IEEE 802.1 Working Group
                IEEE Standards Association
                445 Hoes Lane
                Piscataway
                NJ 08854
                USA
        
        E-mail: STDS-802-1-L@LISTSERV.IEEE.ORG";
    
        description
          "Port-based network access control allows a network administrator
        to restrict the use of IEEE 802 LAN service access points (ports)
        to secure communication between authenticated and authorized
        devices. IEEE Std 802.1X specifies an architecture, functional
        elements, and protocols that support mutual authentication
        between the clients of ports attached to the same LAN and secure
        communication between the ports. The following control allows a
        port to be reinitialized, terminating (and potentially
        restarting) authentication exchanges and MKA operation, based on
        a data model described in a set of YANG modules.";
    
        revision "2020-02-18" {
          description
            "Updated Contact information.";
        }
    
        revision "2019-05-28" {
          description
            "Updates based upon comment resolution on draft
          D1.0 of P802.1X-Rev.";
          reference
            "IEEE Std 802.1X-2020, Port-Based Network Access Control.";
    
        }
    
    
        typedef pae-nid {
          type string {
            length "0..100";
          }
          description
            "Network Identity, which is a UTF-8 string identifying a
          network or network service.";
          reference
            "IEEE 802.1X-2020 Clause 3, Clause 10.1, Clause 12.6";
    
        }
    
        typedef pae-session-user-name {
          type string {
            length "0..253";
          }
          description
            "Session user name, which is a UTF-8 string, representing the
          identity of the peer Supplicant.";
          reference
            "IEEE 802.1X-2020 Clause 12.5.1";
    
        }
    
        typedef pae-session-id {
          type string {
            length "3..253";
          }
          description
            "Session Identifier, which is a UTF-8 string, uniquely
          identifying the session within the context of the PAE's
          system.";
          reference
            "IEEE 802.1X-2020 Clause 12.5.1";
    
        }
    
        typedef pae-nid-capabilities {
          type bits {
            bit eap {
              position 0;
              description "EAP";
            }
            bit eapMka {
              position 1;
              description "EAP + MKA";
            }
            bit eapMkaMacSec {
              position 2;
              description "EAP + MKA + MACsec";
            }
            bit mka {
              position 3;
              description "MKA";
            }
            bit mkaMacSec {
              position 4;
              description "MKA + MACsec";
            }
            bit higherLayer {
              position 5;
              description
                "Higher Layer (WebAuth)";
            }
            bit higherLayerFallback {
              position 6;
              description
                "Higher Layer Fallback (WebAuth)";
            }
            bit vendorSpecific {
              position 7;
              description
                "Vendor specific authentication mechanisms";
            }
          }
          description
            "Authentication and protection capabilities supported for the
          NID. Indicates the combinations of authentication and
          protection capabilities supported for the NID. Any set of these
          combinations can be supported.";
          reference
            "IEEE 802.1X-2020 Clause 10.1, Clause 11.12.3";
    
        }
    
        typedef pae-access-status {
          type enumeration {
            enum "no-access" {
              value 0;
              description
                "Other than to authentication services, and to services
              announced as available in the absence of authentication
              (unauthenticated).";
            }
            enum "remedial-access" {
              value 1;
              description
                "The access granted is severely limited, possibly to
              remedial services.";
            }
            enum "restricted-access" {
              value 2;
              description
                "The Controlled Port is operational, but restrictions have
              been applied by the network that can limit access to some
              resources.";
            }
            enum "expected-access" {
              value 3;
              description
                "The Controlled Port is operational, and access provided is
              as expected for successful authentication and authorization
              for the NID.";
            }
          }
          description
            "Indicates the transmitter's Controlled Port operational status
          and current level of access resulting from authentication and
          the consequent authorization controls applied by that port's
          clients.";
          reference
            "IEEE 802.1X-2020 Clause 10.4, Clause 12.5";
    
        }
    
        typedef mka-kn {
          type uint32;
          description
            "Indicates a Key Number (KN) used in MKA. It is assigned by
          the Key Server (sequentially beginning with 1).";
          reference
            "IEEE 802.1X-2020 Clause 9.8, Clause 9.16";
    
        }
    
        typedef mka-an {
          type uint32;
          description
            "A number that is concatenated with a MACsec Secure Channel
          Identifier to identify a Secure Association. Indicates an
          Association Number (AN) assigned by the Key Server for use with
          the key number for transmission.";
          reference
            "IEEE 802.1X-2020 Clause 9.8, Clause 9.16";
    
        }
    
        typedef pae-ckn {
          type string {
            length "1..32";
          }
          description
            "Indicates the CAK name to identify the Connectivity
          Association Key (CAK) which is the root key in the MACsec Key
          Agreement key hierarchy. All potential members of the CA use
          the same CKN.";
          reference
            "IEEE 802.1X-2020 Clause 9.3.1, Clause 6.2";
    
        }
    
        typedef pae-kmd {
          type string {
            length "0..253";
          }
          description
            "A Key Management Domain (KMD). A string of up to 253 UTF-8
          characters that names the transmitting authenticator's key
          management domain.";
          reference
            "IEEE Clause 12.6";
    
        }
    
        typedef pae-auth-data {
          type string;
          description
            "Authorization data associated with the CAK.";
          reference
            "IEEE 802.1X-2020 Clause 9.16";
    
        }
    
        typedef sci-list-entry {
          type string {
            length "8";
          }
          description
            "8 octet string, where the first 6 octets represents the MAC
          Address (in canonical format), and the next 2 octets represents
          the Port Identifier.";
          reference
            "IEEE 802.1AE Clause 7.1.2, Clause 10.7.1";
    
        }
    
        typedef pae-if-index {
          type int32 {
            range "1..2147483647";
          }
          description
            "The interface index value represented by this interface.";
        }
      }  // module ieee802-dot1x-types
    

© 2023 YumaWorks, Inc. All rights reserved.