ietf-snmp-tls

This submodule contains a collection of YANG definitions for configuring the Transport Layer Security Transport Model (TLSTM) of...

  • Version: 2014-12-10

    ietf-snmp-tls@2014-12-10


    
      submodule ietf-snmp-tls {
    
        yang-version 1;
    
        belongs-to ietf-snmp {
            prefix snmp;
        }
    
        import ietf-inet-types {
          prefix inet;
        }
        import ietf-x509-cert-to-name {
          prefix x509c2n;
        }
    
        include ietf-snmp-common;
        include ietf-snmp-engine;
        include ietf-snmp-target;
    
        organization
          "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
    
        contact
          "WG Web:   <http://tools.ietf.org/wg/netmod/>
         WG List:  <mailto:netmod@ietf.org>
    
         WG Chair: Thomas Nadeau
                   <mailto:tnadeau@lucidvision.com>
    
         WG Chair: Juergen Schoenwaelder
                   <mailto:j.schoenwaelder@jacobs-university.de>
    
         Editor:   Martin Bjorklund
                   <mailto:mbj@tail-f.com>
    
         Editor:   Juergen Schoenwaelder
                   <mailto:j.schoenwaelder@jacobs-university.de>";
    
        description
          "This submodule contains a collection of YANG definitions for
         configuring the Transport Layer Security Transport Model (TLSTM)
         of SNMP.
    
         Copyright (c) 2014 IETF Trust and the persons identified as
         authors of the code.  All rights reserved.
    
         Redistribution and use in source and binary forms, with or
         without modification, is permitted pursuant to, and subject
         to the license terms contained in, the Simplified BSD License
         set forth in Section 4.c of the IETF Trust's Legal Provisions
         Relating to IETF Documents
         (http://trustee.ietf.org/license-info).
    
         This version of this YANG module is part of RFC 7407; see
         the RFC itself for full legal notices.";
    
        reference
          "RFC 6353: Transport Layer Security (TLS) Transport Model for
            the Simple Network Management Protocol (SNMP)";
    
    
        revision "2014-12-10" {
          description "Initial revision.";
          reference
            "RFC 7407: A YANG Data Model for SNMP Configuration";
    
        }
    
    
        feature tlstm {
          description
            "A server implements this feature if it supports the
          Transport Layer Security Transport Model for SNMP.";
          reference
            "RFC 6353: Transport Layer Security (TLS) Transport Model for
              the Simple Network Management Protocol (SNMP)";
    
        }
    
        augment /snmp:snmp/snmp:engine/snmp:listen/snmp:transport {
          if-feature tlstm;
          container tls {
            description
              "A list of IPv4 and IPv6 addresses and ports to which the
               engine listens for SNMP messages over TLS.";
            leaf ip {
              type inet:ip-address;
              mandatory true;
              description
                "The IPv4 or IPv6 address on which the engine listens
                 for SNMP messages over TLS.";
            }
    
            leaf port {
              type inet:port-number;
              description
                "The TCP port on which the engine listens for SNMP
                 messages over TLS.
    
                 If the port is not configured, an engine that
                 acts as a Command Responder uses port 10161, and
                 an engine that acts as a Notification Receiver
                 uses port 10162.";
            }
          }  // container tls
          container dtls {
            description
              "A list of IPv4 and IPv6 addresses and ports to which the
               engine listens for SNMP messages over DTLS.";
            leaf ip {
              type inet:ip-address;
              mandatory true;
              description
                "The IPv4 or IPv6 address on which the engine listens
                 for SNMP messages over DTLS.";
            }
    
            leaf port {
              type inet:port-number;
              description
                "The UDP port on which the engine listens for SNMP
                 messages over DTLS.
    
                 If the port is not configured, an engine that
                 acts as a Command Responder uses port 10161, and
                 an engine that acts as a Notification Receiver
                 uses port 10162.";
            }
          }  // container dtls
        }
    
        augment /snmp:snmp {
          if-feature tlstm;
          container tlstm {
            uses x509c2n:cert-to-name {
              description
                "Defines how certificates are mapped to names.  The
               resulting name is used as a security name.";
              refine cert-to-name/map-type {
                description
                  "Mappings that use the snmpTlstmCertToTSNData column
                 need to augment the cert-to-name list with
                 additional configuration objects corresponding
                 to the snmpTlstmCertToTSNData value.  Such objects
                 should use the 'when' statement to make them
                 conditional based on the map-type.";
              }
            }
          }  // container tlstm
        }
    
        grouping tls-transport {
          leaf ip {
            type inet:host;
            mandatory true;
            reference
              "RFC 3413: Simple Network Management Protocol (SNMP).
                Applications.
                SNMP-TARGET-MIB.snmpTargetAddrTAddress
               RFC 6353: Transport Layer Security (TLS) Transport Model
                for the Simple Network Management Protocol (SNMP).
                SNMP-TLS-TM-MIB.SnmpTLSAddress";
    
          }
    
          leaf port {
            type inet:port-number;
            default '10161';
            reference
              "RFC 3413: Simple Network Management Protocol (SNMP).
                Applications.
                SNMP-TARGET-MIB.snmpTargetAddrTAddress
               RFC 6353: Transport Layer Security (TLS) Transport Model
                for the Simple Network Management Protocol (SNMP).
                SNMP-TLS-TM-MIB.SnmpTLSAddress";
    
          }
    
          leaf client-fingerprint {
            type x509c2n:tls-fingerprint;
            reference
              "RFC 6353: Transport Layer Security (TLS) Transport Model
                for the Simple Network Management Protocol (SNMP).
                SNMP-TLS-TM-MIB.snmpTlstmParamsClientFingerprint";
    
          }
    
          leaf server-fingerprint {
            type x509c2n:tls-fingerprint;
            reference
              "RFC 6353: Transport Layer Security (TLS) Transport Model
                for the Simple Network Management Protocol (SNMP).
                SNMP-TLS-TM-MIB.snmpTlstmAddrServerFingerprint";
    
          }
    
          leaf server-identity {
            type admin-string;
            reference
              "RFC 6353: Transport Layer Security (TLS) Transport Model
                for the Simple Network Management Protocol (SNMP).
                SNMP-TLS-TM-MIB.snmpTlstmAddrServerIdentity";
    
          }
        }  // grouping tls-transport
    
        augment /snmp:snmp/snmp:target/snmp:transport {
          if-feature tlstm;
          case tls {
            reference
              "RFC 6353: Transport Layer Security (TLS) Transport Model
                for the Simple Network Management Protocol (SNMP).
                SNMP-TLS-TM-MIB.snmpTLSTCPDomain";
    
            container tls {
              uses tls-transport;
            }  // container tls
          }  // case tls
        }
    
        augment /snmp:snmp/snmp:target/snmp:transport {
          if-feature tlstm;
          case dtls {
            reference
              "RFC 6353: Transport Layer Security (TLS) Transport Model
                for the Simple Network Management Protocol (SNMP).
                SNMP-TLS-TM-MIB.snmpDTLSUDPDomain";
    
            container dtls {
              uses tls-transport;
            }  // container dtls
          }  // case dtls
        }
      }  // submodule ietf-snmp-tls
    

© 2023 YumaWorks, Inc. All rights reserved.