Junos access configuration module
Version: 2019-01-01
module junos-ex-conf-access { yang-version 1; namespace "http://yang.juniper.net/junos-ex/conf/access"; prefix jc-access; import junos-common-ddl-extensions { prefix junos; revision-date "2019-01-01"; } import junos-common-types { prefix jt; revision-date "2019-01-01"; } import junos-ex-conf-root { prefix jc; revision-date "2019-01-01"; } organization "Juniper Networks, Inc."; contact "yang-support@juniper.net"; description "Junos access configuration module"; revision "2019-01-01" { description "Junos: 21.3R1.9"; } augment /jc:configuration { uses access-group; } augment /jc:configuration/jc:groups { uses access-group; } grouping access-group { container access { description "Network access configuration"; uses juniper-access-options; } // container access } // grouping access-group grouping juniper-access-options { uses apply-advanced; leaf address-pool-manager { type empty; description "Master toggle to enable APM services on the system"; } list radius-server { key "name"; ordered-by user; description "RADIUS server configuration"; uses access-radius-server-object; } // list radius-server list radius-server-name { key "name"; ordered-by user; description "RADIUS server FQDN configuration"; uses access-radius-server-name-object; } // list radius-server-name list domain-name-server { key "name"; ordered-by user; description "Default DNS server's IPv4 address"; leaf name { type jt:ipv4addr; description "Address"; } uses apply-advanced; } // list domain-name-server list domain-name-server-inet { key "name"; ordered-by user; description "DNS server's IPv4 address"; leaf name { type jt:ipv4addr; description "Address"; } uses apply-advanced; } // list domain-name-server-inet list domain-name-server-inet6 { key "name"; ordered-by user; description "DNS server's IPv6 address"; leaf name { type jt:ipv6addr; description "Address"; } uses apply-advanced; } // list domain-name-server-inet6 list wins-server { key "name"; ordered-by user; description "Default WINS server's IPv4 address"; leaf name { type jt:ipv4addr; description "Address"; } uses apply-advanced; } // list wins-server list address-pool { key "name"; ordered-by user; description "Address pool"; uses address-pool-object; } // list address-pool list group-profile { key "name"; ordered-by user; description "Group profile to use for this client"; uses group-profile-object; } // list group-profile list profile { key "name"; ordered-by user; description "Set of attributes that define access"; leaf name { type string { length "1 .. 63"; } description "Profile name"; } uses apply-advanced; leaf-list accounting-order { junos:must "(!(any ".. client <*> l2tp"))"; junos:must-message "Not supported in tunnel client profile configuration"; junos:must "(!(any ".. client <*> ike"))"; junos:must-message "Not supported in IKE configuration"; type enumeration { enum "radius" { value 0; description "Remote Authentication Dial-In User Service"; } } ordered-by user; description "Order in which accounting mechanisms are used"; } leaf-list authentication-order { type enumeration { enum "radius" { junos:must "(!(any ".. .. client <*> l2tp"))"; junos:must-message "Authentication-order cannot include RADIUS for tunnel client profile"; value 0; description "Remote Authentication Dial-In User Service"; } enum "password" { value 1; description "Locally configured password in access profile"; } enum "none" { value 2; description "No authentication performed"; } enum "nasreq" { value 3; description "Diameter based authentication and authorization using NASREQ application protocol"; } enum "nas-5g" { value 4; description "Authentication and authorization using 3GPP N1 and N2 signaling"; } enum "ldap" { junos:must "((!(any ".. .. client <*> l2tp") && !(any ".. .. client <*> ppp")))"; junos:must-message "Authentication-order cannot include LDAP for tunnel, ppp client profile"; junos:must "((!(".. .. authentication-order $$={radius}") && (!(".. .. authentication-order $$={securid}") && !(".. .. authentication-order $$={s6a}"))))"; junos:must-message "Only one of ldap, radius, ecurid or s6a can be specified"; value 5; description "Lightweight Directory Access Protocol"; } enum "securid" { junos:must "((!(any ".. .. client <*> l2tp") && !(any ".. .. client <*> ppp")))"; junos:must-message "Authentication-order cannot include securid for tunnel, ppp client profile"; junos:must "((!(".. .. authentication-order $$={radius}") && (!(".. .. authentication-order $$={ldap}") && !(".. .. authentication-order $$={s6a}"))))"; junos:must-message "Only one of ldap, radius, securid or s6a can be specified"; value 6; description "RSA SecurID Authentication"; } enum "s6a" { junos:must "((!(any ".. .. client <*> l2tp") && !(any ".. .. client <*> ppp")))"; junos:must-message "Authentication-order cannot include S6A for tunnel, ppp client profile"; junos:must "((!(".. .. authentication-order $$={radius}") && (!(".. .. authentication-order $$={securid}") && !(".. .. authentication-order $$={ldap}"))))"; junos:must-message "Only one of ldap, radius, securid or s6a can be specified"; value 7; description "S6a Authentication"; } } ordered-by user; description "Order in which authentication mechanisms are used"; } leaf-list authorization-order { type enumeration { enum "jsrc" { value 0; description "Diameter based authorization using Juniper's SRC application protocol"; } enum "nasreq" { value 1; description "Diameter based authorization using NASREQ application protocol"; } enum "none" { value 2; description "No authorization performed"; } } ordered-by user; description "Order in which authorization mechanisms are used"; } leaf provisioning-order { type enumeration { enum "jsrc" { value 0; description "Address authorization via SRC"; } enum "gx-plus" { value 1; description "Policy/service provisioning via GXPLUS"; } enum "pcrf" { value 2; description "Policy/service provisioning via PCRF"; } } description "Order in which provisioning mechanisms are used"; } leaf-list preauthentication-order { junos:must "(!(".. radius attributes exclude calling-station-id access-request"))"; junos:must-message "calling-station-id is excluded from access request"; type enumeration { enum "radius" { value 0; description "Remote Authentication Dial-In User Service"; } } ordered-by user; description "Order in which preauthentication mechanisms are used"; } leaf-list charging-service-list { junos:must "(".. provisioning-order pcrf")"; junos:must-message "charging-service-list requires provisioning-order pcrf"; junos:must "(!(".. service accounting-order"))"; junos:must-message "charging-service-list is mutually exclusive with service accounting"; type enumeration { enum "ocs" { value 0; description "Online charging service"; } } ordered-by user; description "List of used 3gpp charging servicess"; } list domain-name-server { key "name"; ordered-by user; description "Default DNS server's IPv4 address"; leaf name { type jt:ipv4addr; description "Address"; } uses apply-advanced; } // list domain-name-server list domain-name-server-inet { key "name"; ordered-by user; description "DNS server's IPv4 address"; leaf name { type jt:ipv4addr; description "Address"; } uses apply-advanced; } // list domain-name-server-inet list domain-name-server-inet6 { key "name"; ordered-by user; description "DNS server's IPv6 address"; leaf name { type jt:ipv6addr; description "Address"; } uses apply-advanced; } // list domain-name-server-inet6 list wins-server { key "name"; ordered-by user; description "Default WINS server's IPv4 address"; leaf name { type jt:ipv4addr; description "Address"; } uses apply-advanced; } // list wins-server list client { junos:must "(((!(any ". <*> l2tp") || !(any ". <*> ppp")) && ((!(any ". <*> l2tp") || !(any ". <*> ike")) && (!(any ". <*> ike") || !(any ". <*> ppp")))))"; junos:must-message "All clients in one profile must be either PPP or L2TP or IKE"; key "name"; description "Entity requesting access"; uses access-client-object; } // list client container address-assignment { description "Address assignment pool"; uses apply-advanced; leaf pool { type string { length "1 .. 63"; } description "Name of address-assignment pool"; } leaf inet6-pool { type string { length "1 .. 63"; } description "Name of address-assignment pool for family inet6"; } } // container address-assignment leaf session-limit-per-username { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 16"; } } description "Maximum number of sessions allowed per username"; } container local { status deprecated; description "Set configuration for local reporting - obsolete config"; uses apply-advanced; leaf flat-file-profile { junos:must "("accounting-options flat-file-profile $$")"; junos:must-message "referenced flat-file-profile must be defined in accounting-options"; type string; description "Specifies that the service accounting will be reported as per flat-file profile"; } } // container local container radius { description "Set of RADIUS configurations"; uses apply-advanced; leaf-list authentication-server { type jt:ipaddr; ordered-by user; description "The authentication server list to use in the specified order to send authentication messages"; } leaf-list accounting-server { type jt:ipaddr; ordered-by user; description "The accounting server list to use in the specified order to send accounting messages"; } leaf-list preauthentication-server { type jt:ipv4addr; ordered-by user; description "The preauthentication server list to use in the specified order to send preauthentication messages"; } leaf authentication-server-name { junos:must "(!(".. authentication-server"))"; junos:must-message "cannot have both authentication-server and authentication-server-name"; junos:must "(("access radius-server-name $$" || ".. .. radius-server-name $$"))"; junos:must-message "referenced radius-server-name must be defined"; type string { length "4 .. 255"; } description "The authentication server to use to send authentication messages"; } leaf accounting-server-name { junos:must "(!(".. accounting-server"))"; junos:must-message "cannot have both accounting-server and accounting-server-name"; junos:must "(("access radius-server-name $$" || ".. .. radius-server-name $$"))"; junos:must-message "referenced radius-server-name must be defined"; type string { length "4 .. 255"; } description "The accounting server to use to send accounting messages"; } container options { description "Specifies the RADIUS options"; uses apply-advanced; leaf ethernet-port-type-virtual { type empty; description "Type of physical port to authenticate the user is virtual (RADIUS attribute 61)"; } container interface-description-format { description "Interface description in the NAS-port-ID attribute"; uses apply-advanced; leaf exclude-sub-interface { type empty; description "Exclude sub-interface from interface description"; } leaf exclude-adapter { type empty; description "Exclude adapter from interface description"; } leaf exclude-channel { type empty; description "Exclude channel from interface description"; } } // container interface-description-format leaf nas-identifier { type string { length "1 .. 64"; } description "NAS-Identifier to be used for authentication and accounting requests (RADIUS attribute 32)"; } container nas-port-extended-format { description "RADIUS client's use of an extended format for RADIUS attribute 5"; uses apply-advanced; leaf ae-width { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 32"; } } units "bits"; description "Number of bits for the aggregated ethernet identifier field"; } leaf slot-width { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 32"; } } units "bits"; description "Number of bits for the slot field"; } leaf adapter-width { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 32"; } } units "bits"; description "Number of bits for the adapter field"; } leaf port-width { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 32"; } } units "bits"; description "Number of bits for the port field"; } leaf pw-width { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 32"; } } units "bits"; description "Number of bits for the pseudo-wire field"; } leaf stacked-vlan-width { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 32"; } } units "bits"; description "Number of bits for the S-VLAN subinterface field"; } leaf vlan-width { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 32"; } } units "bits"; description "Number of bits for the VLAN subinterface field"; } container atm { description "ATM specific parameters for NAS Port"; uses apply-advanced; leaf slot-width { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 32"; } } units "bits"; description "Number of bits for the ATM slot field"; } leaf adapter-width { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 32"; } } units "bits"; description "Number of bits for the ATM adapter field"; } leaf port-width { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 32"; } } units "bits"; description "Number of bits for the ATM port field"; } leaf vpi-width { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 32"; } } units "bits"; description "Number of bits for the ATM VPI field"; } leaf vci-width { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 32"; } } units "bits"; description "Number of bits for the ATM VCI field"; } } // container atm } // container nas-port-extended-format leaf nas-port-id-delimiter { type string { length "1"; } description "Single character delimiter character to use in the NAS-Port-Id"; } container nas-port-id-format { description "Format methods for building the NAS-Port-Id radius attribute"; uses apply-advanced; leaf nas-identifier { type empty; description "Include the nas-identifier value"; } leaf interface-description { type empty; description "Include the interface-description value"; } leaf agent-circuit-id { type empty; description "Include (ACI) agent-circuit-id value"; } leaf agent-remote-id { type empty; description "Include (ARI) agent-remote-id value"; } leaf postpend-vlan-tags { type empty; description "Include the vlan tag(s) using :<outer>-<inner>"; } leaf interface-text-description { type empty; description "Include the interfaces description string"; } leaf-list concatenated-vlan-tags { type enumeration { enum "fixed-size-outer-tag" { value 0; description "Fixed size outer VLAN tag value of 4 octets"; } enum "fixed-size-inner-tag" { value 1; description "Fixed size inner VLAN tag value of 4 octets"; } } ordered-by user; description "Include the vlan tag(s) as a concatenated string"; } leaf-list order { junos:must "((!(".. nas-identifier") && (!(".. interface-description") && (!(".. agent-circuit-id") && (!(".. agent-remote-id") && (!(".. postpend-vlan-tags") && (!(".. concatenated-vlan-tags") && !(".. interface-text-description"))))))))"; junos:must-message "Order is mutually exclusive with other nas-port-id-format options"; type enumeration { enum "nas-identifier" { value 0; description "Include the nas-identifier value"; } enum "agent-circuit-id" { value 1; description "Include (ACI) agent-circuit-id value"; } enum "agent-remote-id" { value 2; description "Include (ARI) agent-remote-id value"; } enum "interface-description" { value 3; description "Include the interface-description value"; } enum "interface-text-description" { value 4; description "Include the interface's description string"; } enum "postpend-vlan-tags" { value 5; description "Include the vlan tag(s) using :<outer>-<inner>"; } } ordered-by user; description "Order of options for appearance in the NAS-Port-Id string"; } } // container nas-port-id-format container nas-port-type { description "Translation mechanism for changing the NAS-Port-Type radius attribute"; uses apply-advanced; leaf ethernet { type string; description "Translation mechanism for changing the Ethernet value"; } } // container nas-port-type leaf calling-station-id-delimiter { type string { length "1"; } description "Single character separator for calling-station-id"; } container calling-station-id-format { description "Format method for building the calling-station-id"; uses apply-advanced; leaf nas-identifier { type empty; description "Include the nas-identifier value"; } leaf interface-description { type empty; description "Include the interface-description value"; } leaf agent-circuit-id { type empty; description "Include agent-circuit-id value"; } leaf agent-remote-id { type empty; description "Include agent-remote-id value"; } leaf mac-address { type empty; description "Include mac-address value"; } leaf interface-text-description { type empty; description "Include the interfaces description string"; } leaf stacked-vlan { type empty; description "Include the stacked vlan tag value"; } leaf vlan { type empty; description "Include the vlan tag value"; } } // container calling-station-id-format leaf accounting-session-id-format { type enumeration { enum "decimal" { value 0; description "Decimal-session-identifier"; } enum "description" { value 1; description "Description Format: <jnpr> <interface-type> <interface-specifier>:<session-identifier>"; } } description "Decimal format or description format for the accounting session ID"; } leaf accounting-session-id-strict { type empty; description "Enforce exact match of accounting-session-id in CoA processing"; } leaf revert-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 604800"; } } units "seconds"; description "Time after which to revert to primary server"; } leaf vlan-nas-port-stacked-format { type empty; description "Include the S-VLAN ID, in addition to the VLAN ID, for subscribers on Ethernet interfaces"; } leaf client-authentication-algorithm { type enumeration { enum "direct" { value 0; description "Contacts the first AAA server on the list for each request, the second AAA server if the first one fails, and so on"; } enum "round-robin" { value 1; description "Contacts the first AAA server for the first request, the second AAA server for the second request, and so on"; } } description "Algorithm to access the RADIUS servers for authentication"; } leaf client-accounting-algorithm { type enumeration { enum "direct" { value 0; description "Contacts the first AAA server on the list for each request, the second AAA server if the first one fails, and so on"; } enum "round-robin" { value 1; description "Contacts the first AAA server for the first request, the second AAA server for the second request, and so on"; } } description "Algorithm to access the RADIUS servers for accounting"; } leaf juniper-access-line-attributes { type empty; description "Include the Juniper (IANA 4874) access line VSAs in requests to RADIUS servers"; } container ip-address-change-notify { junos:must "(".. .. .. accounting address-change-immediate-update")"; junos:must-message "address-change-immediate-update must be configured"; presence "enable ip-address-change-notify"; description "Include IPv4-Release-Control VSA (26-164) in requests to RADIUS server"; leaf message { type string { length "1 .. 32"; } description "Message to be added in IPv4-Release-Control VSA (26-164)"; } } // container ip-address-change-notify leaf coa-dynamic-variable-validation { type empty; description "Enable strict dynamic variable validation (no undefined variable) in CoA processing"; } leaf chap-challenge-in-request-authenticator { type empty; description "Use 16-byte CHAP challenge as Request Authenticator"; } container service-activation { description "Service activation requirement for successful login"; uses apply-advanced; leaf extensible-service { type enumeration { enum "required-at-login" { value 0; description "Service activation must succeed to allow subscriber login"; } enum "optional-at-login" { value 1; description "Service activation success is not required to allow subscriber login"; } } default "optional-at-login"; description "Service activation of extensible services requirement for successful login"; } leaf dynamic-profile { type enumeration { enum "required-at-login" { value 0; description "Service activation must succeed to allow subscriber login"; } enum "optional-at-login" { value 1; description "Service activation success is not required to allow subscriber login"; } } default "required-at-login"; description "Service activation of dynamic-profile services requirement for successful login"; } } // container service-activation leaf accounting-username-original { type empty; description "Use orignal (un-modified) username in accounting messages"; } } // container options container attributes { description "Specifies how RADIUS attributes should be handled"; uses apply-advanced; container ignore { description "Ignores the specified attribute in RADIUS Access-Accept messages"; uses apply-advanced; leaf output-filter { type empty; description "Juniper (IANA 4874) Output-filter / Egress-Policy-Name (VSA 26-11)"; } leaf input-filter { type empty; description "Juniper (IANA 4874) Input-filter / Ingress-Policy-Name (VSA 26-10)"; } leaf framed-ip-netmask { type empty; description "Framed-IP-Netmask (attribute 9)"; } leaf logical-system-routing-instance { type empty; description "Juniper (IANA 4874) Logical-system-routing-instance / Virtual-Router (VSA 26-1)"; } leaf dynamic-iflset-name { type empty; description "Juniper (IANA 4874) Dynamic interface set / Qos-Set-Name (VSA 26-130)"; } leaf idle-timeout { type empty; description "Idle-Timeout (attribute 28)"; } leaf session-timeout { type empty; description "Session-Timeout (attribute 27)"; } leaf-list standard-attribute { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 255"; } } ordered-by user; description "RADIUS standard attribute number"; } list vendor-id { key "name"; ordered-by user; description "Specify the vendor-identifier for a vendor-specific attribute (VSA)"; leaf name { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 16777215"; } } description "Vendor IANA enterprise number"; } uses apply-advanced; leaf-list vendor-attribute { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 255"; } } ordered-by user; description "Vendor specific attribute number"; } } // list vendor-id } // container ignore container exclude { description "Configures the exclusion of RADIUS attributes in RADIUS messages"; uses apply-advanced; list standard-attribute { key "name"; ordered-by user; description "Specify RADIUS standard attribute number"; leaf name { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 255"; } } description "RADIUS standard attribute number"; } uses apply-advanced; leaf-list packet-type { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-on" { value 1; description "RADIUS Accounting-On Message"; } enum "accounting-off" { value 2; description "RADIUS Accounting-Off message"; } enum "accounting-start" { value 3; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 4; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Specify packet types to be excluded"; } } // list standard-attribute list vendor-id { key "name"; ordered-by user; description "Specify the vendor-identifier for a vendor-specific attribute (VSA)"; leaf name { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 16777215"; } } description "Vendor IANA enterprise number"; } uses apply-advanced; list vendor-attribute { key "name"; ordered-by user; description "Specify vendor specific attribute number"; leaf name { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 255"; } } description "Vendor specific attribute number"; } uses apply-advanced; leaf-list packet-type { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-on" { value 1; description "RADIUS Accounting-On Message"; } enum "accounting-off" { value 2; description "RADIUS Accounting-Off message"; } enum "accounting-start" { value 3; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 4; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Specify packet types to be excluded"; } } // list vendor-attribute } // list vendor-id leaf-list accounting-authentic { type enumeration { enum "accounting-on" { value 0; description "RADIUS Accounting-On Message"; } enum "accounting-off" { value 1; description "RADIUS Accounting-Off message"; } enum "accounting-start" { value 2; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 3; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 45, Acct-Authentic"; } leaf-list accounting-delay-time { type enumeration { enum "accounting-on" { value 0; description "RADIUS Accounting-On Message"; } enum "accounting-off" { value 1; description "RADIUS Accounting-Off message"; } enum "accounting-start" { value 2; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 3; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 41, Acct-Delay-Time"; } leaf-list accounting-session-id { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } } ordered-by user; description "Excludes RADIUS attribute 44, Acct-Session-ID"; } leaf-list accounting-terminate-cause { type enumeration { enum "accounting-off" { value 0; description "RADIUS Accounting-Off message"; } } ordered-by user; description "Excludes RADIUS attribute 49, Acct-Terminate-Cause"; } leaf-list called-station-id { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 30, Called-Station-ID"; } leaf-list calling-station-id { type enumeration { enum "access-request" { junos:must "(!(".. .. .. .. .. preauthentication-order"))"; junos:must-message "Preauthentication-order and exclude calling-station-id in access-request are mutually exclusive"; value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 31, Calling-Station-ID"; } leaf-list class { type enumeration { enum "accounting-start" { value 0; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 1; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 25, Class"; } leaf-list delegated-ipv6-prefix { type enumeration { enum "accounting-start" { value 0; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 1; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 123, Delegated-IPv6-Prefix"; } leaf-list dhcp-options { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 26-55, DHCP-Options"; } leaf-list dhcp-gi-address { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 26-57, DHCP-GI-Address"; } leaf-list dhcp-mac-address { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 26-56, DHCP-MAC-Address"; } leaf-list output-filter { type enumeration { enum "accounting-start" { value 0; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 1; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 26-11, Egress-Policy-Name"; } leaf-list event-time-stamp { type enumeration { enum "accounting-on" { value 0; description "RADIUS Accounting-On Message"; } enum "accounting-off" { value 1; description "RADIUS Accounting-Off message"; } enum "accounting-start" { value 2; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 3; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 55, Event-Timestamp"; } leaf-list filter-id { type enumeration { enum "accounting-start" { value 0; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 1; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 11, Filter-Id"; } leaf-list framed-ip-address { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 8, Framed-IP-Address"; } leaf-list framed-ip-netmask { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 9, Framed-IP-Netmask"; } leaf-list framed-ip-route { type enumeration { enum "accounting-start" { value 0; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 1; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 22, Framed-Route"; } leaf-list framed-ipv6-address { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 168, Framed-IPV6-Address"; } leaf-list framed-ipv6-pool { type enumeration { enum "accounting-start" { value 0; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 1; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 100, Framed-IPv6-Pool"; } leaf-list framed-ipv6-prefix { type enumeration { enum "accounting-start" { value 0; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 1; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 97, Framed-IPv6-Prefix"; } leaf-list framed-ipv6-route { type enumeration { enum "accounting-start" { value 0; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 1; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 99, Framed-IPv6-Route"; } leaf-list framed-pool { type enumeration { enum "accounting-start" { value 0; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 1; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 88, Framed-Pool"; } leaf-list input-filter { type enumeration { enum "accounting-start" { value 0; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 1; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 26-10, Ingress-Policy-Name"; } leaf-list input-gigapackets { type enumeration { enum "accounting-stop" { value 0; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) VSA 26-42, Acct-Input-Gigapackets"; } leaf-list input-gigawords { type enumeration { enum "accounting-stop" { value 0; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 52, Acct-Input-Gigawords"; } leaf-list input-ipv6-packets { type enumeration { enum "accounting-stop" { value 0; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) VSA 26-153, Acct-Input-IPv6-Packets"; } leaf-list input-ipv6-gigawords { type enumeration { enum "accounting-stop" { value 0; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) VSA 26-155, Acct-Input-IPv6-Gigawords"; } leaf-list input-ipv6-octets { type enumeration { enum "accounting-stop" { value 0; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) VSA 26-151, Acct-Input-IPv6-Octets"; } leaf-list interface-description { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 26-63, Interface-Desc"; } leaf-list nas-identifier { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-on" { value 1; description "RADIUS Accounting-On Message"; } enum "accounting-off" { value 2; description "RADIUS Accounting-Off message"; } enum "accounting-start" { value 3; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 4; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 32, NAS-identifier"; } leaf-list nas-port { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 5, NAS-Port"; } leaf-list nas-port-id { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 87, NAS-Port-ID"; } leaf-list nas-port-type { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 61, NAS-Port-Type"; } leaf-list output-gigapackets { type enumeration { enum "accounting-stop" { value 0; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) VSA 26-43, Acct-Output-Gigapackets"; } leaf-list output-gigawords { type enumeration { enum "accounting-stop" { value 0; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 53, Acct-Output-Gigawords"; } leaf-list output-ipv6-packets { type enumeration { enum "accounting-stop" { value 0; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) VSA 26-154, Acct-Output-IPv6-Packets"; } leaf-list output-ipv6-gigawords { type enumeration { enum "accounting-stop" { value 0; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) VSA 26-156, Acct-Output-IPv6-Gigawords"; } leaf-list output-ipv6-octets { type enumeration { enum "accounting-stop" { value 0; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) VSA 26-152, Acct-Output-IPv6-Octets"; } leaf-list dynamic-iflset-name { type enumeration { enum "accounting-start" { value 0; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 1; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 26-130, Dynamic-Iflset-Name"; } leaf-list dsl-forum-attributes { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes DSL Forum RADIUS attributes (RFC 4679)"; } leaf-list l2c-upstream-data { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) DSL VSA 26-92, L2C-Upstream-Data"; } leaf-list l2c-downstream-data { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) DSL VSA 26-93, L2C-Downstream-Data"; } leaf-list acc-loop-cir-id { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) DSL VSA 26-110, Acc-Loop-Cir-Id"; } leaf-list acc-aggr-cir-id-bin { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) DSL VSA 26-111, Acc-Aggr-Cir-Id-Bin"; } leaf-list acc-aggr-cir-id-asc { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) DSL VSA 26-112, Acc-Aggr-Cir-Id-Asc"; } leaf-list act-data-rate-up { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) DSL VSA 26-113, Act-Data-Rate-Up"; } leaf-list act-data-rate-dn { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) DSL VSA 26-114, Act-Data-Rate-Dn"; } leaf-list min-data-rate-up { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) DSL VSA 26-115, Min-Data-Rate-Up"; } leaf-list min-data-rate-dn { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) DSL VSA 26-116, Min-Data-Rate-Dn"; } leaf-list att-data-rate-up { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) DSL VSA 26-117, Att-Data-Rate-Up"; } leaf-list att-data-rate-dn { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) DSL VSA 26-118, Att-Data-Rate-Dn"; } leaf-list max-data-rate-up { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) DSL VSA 26-119, Max-Data-Rate-Up"; } leaf-list max-data-rate-dn { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) DSL VSA 26-120, Max-Data-Rate-Dn"; } leaf-list min-lp-data-rate-up { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) DSL VSA 26-121, Min-Lp-Data-Rate-Up"; } leaf-list min-lp-data-rate-dn { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) DSL VSA 26-122, Min-Lp-Data-Rate-Dn"; } leaf-list max-interlv-delay-up { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) DSL VSA 26-123, Max-Interlv-Delay-Up"; } leaf-list act-interlv-delay-up { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) DSL VSA 26-124, Act-Interlv-Delay-Up"; } leaf-list max-interlv-delay-dn { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) DSL VSA 26-125, Max-Interlv-Delay-Dn"; } leaf-list act-interlv-delay-dn { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) DSL VSA 26-126, Act-Interlv-Delay-Dn"; } leaf-list dsl-line-state { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) DSL VSA 26-127, DSL-Line-State"; } leaf-list dsl-type { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) DSL VSA 26-128, DSL-Type"; } leaf-list downstream-calculated-qos-rate { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) DSL VSA 26-141, Downstream-Calculated-QoS-Rate"; } leaf-list upstream-calculated-qos-rate { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) DSL VSA 26-142, Upstream-Calculated-QoS-Rate"; } leaf-list cos-shaping-rate { type enumeration { enum "accounting-start" { value 0; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 1; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) VSA 26-177, Cos-Shaping-Rate"; } leaf-list framed-interface-id { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 96, Framed-Interface-Id"; } leaf-list chargeable-user-identity { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } } ordered-by user; description "Excludes RADIUS attribute 89, Chargeable-User-Identity"; } leaf-list l2tp-tx-connect-speed { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) VSA 26-162, , L2TP-Tx-Connect-Speed"; } leaf-list l2tp-rx-connect-speed { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) VSA 26-163, , L2TP-Rx-Connect-Speed"; } leaf-list tunnel-type { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 64, Tunnel-Type"; } leaf-list tunnel-medium-type { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 65, Tunnel-Medium-Type"; } leaf-list tunnel-client-endpoint { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 66, Tunnel-Client-Endpoint"; } leaf-list tunnel-server-endpoint { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 67, Tunnel-Server-Endpoint"; } leaf-list tunnel-assignment-id { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 82, Tunnel-Assignment-Id"; } leaf-list tunnel-client-auth-id { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 90, Tunnel-Client-Auth-Id"; } leaf-list tunnel-server-auth-id { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 91, Tunnel-Server-Auth-Id"; } leaf-list acct-tunnel-connection { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 68, Acct-Tunnel-Connection"; } leaf-list acc-loop-remote-id { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) VSA 26-XXX, ERX-Acc-Loop-Remote-Id"; } leaf-list acc-loop-encap { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) VSA 26-182, ERX-Acc-Loop-Encap"; } leaf-list pppoe-description { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 26-24, PPPOE-Description"; } leaf-list virtual-router { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes Juniper (IANA 4874) VSA 26-1, Virtual-Router"; } leaf-list first-relay-ipv4-address { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 26-189, DHCP-First-Relay-IPv4-Address"; } leaf-list first-relay-ipv6-address { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 26-190, DHCP-First-Relay-IPv6-Address"; } leaf-list dhcpv6-options { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } enum "accounting-start" { value 1; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 2; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 26-207, DHCPv6-Options"; } leaf-list dhcp-header { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } } ordered-by user; description "Excludes RADIUS attribute 26-208, DHCP-Header"; } leaf-list dhcpv6-header { type enumeration { enum "access-request" { value 0; description "RADIUS Access-Request message"; } } ordered-by user; description "Excludes RADIUS attribute 26-209, DHCPv6-Header"; } leaf-list acct-request-reason { type enumeration { enum "accounting-start" { value 0; description "RADIUS Accounting-Start message"; } enum "accounting-stop" { value 1; description "RADIUS Accounting-Stop message"; } } ordered-by user; description "Excludes RADIUS attribute 26-210, Acct-Request-Reason"; } } // container exclude } // container attributes } // container radius container session-options { description "Options for an authenticated client's session"; uses apply-advanced; leaf-list client-group { type string; ordered-by user; description "One or more groups to which client belongs"; } leaf client-idle-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "10 .. 1440"; } } units "minutes"; description "Time in minutes of idleness after which access is denied"; } leaf client-idle-timeout-ingress-only { type empty; description "Idle timeout applies to ingress traffic only"; } leaf client-session-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 527040"; } } units "minutes"; description "Time in minutes since initial access after which access is denied"; } container strip-user-name { description "Options for stripping user name string"; uses apply-advanced; container delimiter { description "Allowable delimiter characters for strip user name separation"; leaf characters { type string { length "1 .. 8"; } description "Sequence of characters without spaces and commas"; } } // container delimiter container parse-direction { description "Strip user name parsing direction"; choice direction { leaf right-to-left { type empty; description "Parse the username from right to left"; } leaf left-to-right { type empty; description "Parse the username field from left to right"; } } // choice direction } // container parse-direction } // container strip-user-name container pcc-context { description "Pcc context configurations"; uses apply-advanced; leaf pcef-profile { junos:must "("services pcef profile $$")"; junos:must-message "Referenced pcef profile must be defined"; type string; description "Pcef profile name"; } leaf input-service-set { junos:must "("services service-set $$")"; junos:must-message "Referenced service-set must be defined"; type string; description "Input service-set name"; } leaf output-service-set { junos:must "("services service-set $$")"; junos:must-message "Referenced service-set must be defined"; type string; description "Output service-set name"; } leaf input-ipv6-service-set { junos:must "("services service-set $$")"; junos:must-message "Referenced service-set must be defined"; type string; description "Input ipv6 service set name"; } leaf output-ipv6-service-set { junos:must "("services service-set $$")"; junos:must-message "Referenced service-set must be defined"; type string; description "Output ipv6 service set name"; } leaf input-service-filter { junos:must "("firewall family inet service-filter $$")"; junos:must-message "Referenced service-filter must be defined"; type string; description "Input service filter name"; } leaf output-service-filter { junos:must "("firewall family inet service-filter $$")"; junos:must-message "Referenced service-filter must be defined"; type string; description "Output service filter name"; } leaf input-ipv6-service-filter { junos:must "("firewall family inet6 service-filter $$")"; junos:must-message "Referenced service-filter must be defined"; type string; description "Input ipv6 service filter name"; } leaf output-ipv6-service-filter { junos:must "("firewall family inet6 service-filter $$")"; junos:must-message "Referenced service-filter must be defined"; type string; description "Output ipv6 service filter name"; } } // container pcc-context } // container session-options container client-name-filter { description "Restrictions on client names"; uses access-client-name-filter-object; } // container client-name-filter container ldap-options { junos:must "((!(any ".. client <*> l2tp") && (!(any ".. client <*> ike") && !(any ".. client <*> ppp"))))"; junos:must-message "'ldap-options' statement is not supported in L2TP, IKE, or PPP configuration"; description "Lightweight Directory Access Protocol options"; uses access-ldap-options; } // container ldap-options list ldap-server { junos:must "(".. ldap-options")"; junos:must-message "ldap-options must be configured when ldap-server is configured"; junos:must "((!(any ".. client <*> l2tp") && (!(any ".. client <*> ike") && !(any ".. client <*> ppp"))))"; junos:must-message "'ldap-server' statement is not supported in L2TP, IKE, or PPP configuration"; key "name"; ordered-by user; description "Lightweight Directory Access Protocol server"; uses ldap-server-object; } // list ldap-server list radius-server { junos:must "(!(any ".. client <*> l2tp"))"; junos:must-message "Not supported in L2TP configuration"; key "name"; ordered-by user; description "RADIUS server configuration"; uses profile-radius-server-object; } // list radius-server list radius-server-name { junos:must "(!(any ".. client <*> l2tp"))"; junos:must-message "Not supported in L2TP configuration"; key "name"; ordered-by user; description "RADIUS server FQDN configuration"; uses profile-radius-server-name-object; } // list radius-server-name container radius-options { description "RADIUS options"; uses access-radius-options; } // container radius-options container accounting { description "Specifies the accounting options"; uses apply-advanced; leaf-list order { type enumeration { enum "radius" { value 0; description "Remote authentication dial-in user service"; } } ordered-by user; description "Order in which accounting mechanisms are used"; } leaf accounting-stop-on-failure { type empty; description "Send an Acct-Stop message if a user fails authentication, but AAA-server grants access"; } leaf accounting-stop-on-access-deny { type empty; description "Send an Acct-Stop message if AAA-server denies access"; } leaf immediate-update { type empty; description "Send an Acct-Update message on receipt of a Acct-response for the Acct-Start message"; } leaf coa-immediate-update { type empty; description "Send an Acct-Update message on completion of processing a change of authorization"; } leaf address-change-immediate-update { type empty; description "Send an Acct-Update message to notify address change"; } leaf update-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "10 .. 1440"; } } units "minutes"; description "The interval in min btw accounting updates(Interim-stats off,if unspecified)"; } leaf statistics { type enumeration { enum "volume-time" { value 0; description "Configures the option to report both volume and uptime"; } enum "time" { value 1; description "Configures the option to report only uptime"; } } description "Reports set of statistics attributes based on reporting type"; } leaf wait-for-acct-on-ack { type empty; description "Wait for ACCT-ON-ACK"; } leaf send-acct-status-on-config-change { type empty; description "Send ACCT-ON/OFF on config change"; } leaf duplication { type empty; description "Send duplicated accounting reports if applied"; } leaf-list duplication-filter { type enumeration { enum "interim-original" { value 0; description "Do not send original accounting interims"; } enum "interim-duplicated" { value 1; description "Do not send duplicated accounting interims"; } enum "exclude-attributes" { value 2; description "Use duplication access profile exclude attributes"; } } ordered-by user; description "Configure duplication filters"; } container duplication-vrf { description "Duplication vrf configurations"; uses apply-advanced; leaf vrf-name { type string { length "1 .. 257"; } description "VRF name"; } leaf-list access-profile-name { type string { length "1 .. 63"; } max-elements 5; ordered-by user; description "Access profile name"; } } // container duplication-vrf leaf-list duplication-attribute-format { type enumeration { enum "username" { value 0; description "Username"; } } ordered-by user; description "Use attribute format defined under duplication accouting access-profile"; } leaf ancp-speed-change-immediate-update { type empty; description "Send an Acct-Update message when ANCP speed change is detected"; } leaf family-state-change-immediate-update { type empty; description "Send an Acct-Update message to notify address family activation state change"; } } // container accounting container service { description "Subscriber service configurations"; uses apply-advanced; leaf accounting-order { type enumeration { enum "activation-protocol" { value 0; description "Send service accounting reports via service activation protocol"; } enum "radius" { value 1; description "Send service accounting reports via radius protocol"; } enum "local" { junos:must "(".. .. local flat-file-profile")"; junos:must-message "local flat-file-profile must be configured under access profile for accounting-order local"; value 2; description "Send service accounting for local reporting - obsolete config"; } } description "Order in which accounting mechanism service is used"; } container accounting { description "Specifies the service accounting options"; uses apply-advanced; leaf update-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "10 .. 1440"; } } units "minutes"; description "The interval in minutes between accounting updates(Interim-stats off, if not specified)"; } leaf statistics { junos:must "(!(".. .. accounting-order $$={local}"))"; junos:must-message "Statistics configuration is no-op when accounting-order is set to local for flat-file based accounting"; type enumeration { enum "time" { value 0; description "Configures the option to report only uptime"; } enum "volume-time" { value 1; description "Configures the option to report both volume and uptime"; } } description "Reports set of statistics attributes based on reporting type"; } } // container accounting } // container service container jsrc { description "Set of JSRC configurations"; uses apply-advanced; container attributes { description "Specifies how JSRC attributes should be handled"; uses apply-advanced; container exclude { description "Configures the exclusion of JSRC attributes in DIAMETER messages"; uses apply-advanced; leaf-list user-name { type enumeration { enum "authorization-request" { value 0; description "Authorization AA-Request message"; } enum "provisioning-request" { value 1; description "Provisioning AA-Request message"; } } ordered-by user; description "Excludes Diameter attribute 1, User-Name"; } } // container exclude } // container attributes } // container jsrc list subscriber { key "name"; description "Locally authenticated subscriber configuration"; uses localauth-subscriber-object; } // list subscriber } // list profile container address-assignment { description "Address assignment configuration"; uses address-assignment-type; } // container address-assignment container address-protection { presence "enable address-protection"; description "Initiate Duplicate Address Protection"; uses apply-advanced; leaf reassign-on-match { type empty; description "Disconnect owning session and reassign to this session"; } } // container address-protection container address-preservation { description "Enable address preservation"; uses apply-advanced; leaf address-types { type enumeration { enum "delegated-prefix" { value 0; description "Address preservation delegated prefix"; } } } leaf aging-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "3600 .. 604800"; } } units "seconds"; default "86400"; description "Time to hold address reservation"; } } // container address-preservation leaf linked-pool-aggregation { type empty; description "Enable linked pools aggregation"; } container domain { description "Domain map configuration"; uses domain-map-type; } // container domain container ppp-options { presence "enable ppp-options"; description "Point-to-Point Protocol (PPP) specific options"; uses apply-advanced; container compliance { description "Standards compliance definition"; uses apply-advanced; leaf-list rfc { type enumeration { enum "2486" { value 0; description "RFC 2486 compliant"; } } ordered-by user; description "Enforce compliance with RFC standards"; } } // container compliance } // container ppp-options container gx-plus { junos:must "(!(".. pcrf"))"; junos:must-message "pcrf is mutually exclusive with gx-plus"; description "GX-PLUS configuration"; uses gx-plus-definition; } // container gx-plus container pcrf { description "PCRF configuration"; uses pcrf-definition; } // container pcrf container ocs { description "OCS configuration"; uses ocs-definition; } // container ocs container radsec { description "RADSEC configuration"; uses radsec-definition; } // container radsec container s6a { description "S6a configuration"; uses s6a-definition; } // container s6a leaf report-interface-descriptions { type empty; description "Support reporting of interface descriptions"; } container nasreq { description "Nasreq configuration"; uses nasreq-definition; } // container nasreq list protocol-attributes { key "name"; ordered-by user; description "Protocol specific attribute configuration"; uses protocol-attribute-type; } // list protocol-attributes list aaa-options { key "name"; ordered-by user; description "AAA option configurations"; leaf name { junos:must "((".. access-profile" || (".. aaa-context" || ".. subscriber-context")))"; junos:must-message "at least one of attritues is configured"; type string { length "1 .. 63"; } description "AAA options name"; } uses apply-advanced; leaf access-profile { junos:must "("access profile $$")"; junos:must-message "referenced access profile must be defined"; type string { length "1 .. 63"; } description "Access profile name"; } leaf aaa-context { type string; description "AAA context"; } leaf subscriber-context { type string; description "Subscriber context"; } } // list aaa-options leaf disable-tenant-access { type empty; description "Disable access to root lsys profiles for tenants"; } container radius-options { description "RADIUS options"; uses access-radius-options; } // container radius-options container ldap-options { description "Lightweight Directory Access Protocol options"; uses access-ldap-options; } // container ldap-options list ldap-server { junos:must "(".. ldap-options")"; junos:must-message "ldap-options must be configured when ldap-server is configured"; key "name"; ordered-by user; description "Lightweight Directory Access Protocol server options"; uses ldap-server-object; } // list ldap-server list securid-server { key "name"; max-elements 1; ordered-by user; description "SecurID server configuration"; uses securid-server-object; } // list securid-server container accounting-backup-options { description "Pending accounting backup-options "; uses apply-advanced; leaf max-pending-accounting-stops { junos:must "(!(any "access profile <*> provisioning-order $$={pcrf}"))"; junos:must-message "backup accounting is not supported with pcrf provisioning"; type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 168000"; } } description "Max pending accouting stops"; } leaf max-withhold-time { junos:must "(!(any "access profile <*> provisioning-order $$={pcrf}"))"; junos:must-message "backup accounting is not supported with pcrf provisioning"; type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 1440"; } } units "minutes"; description "Maximum time in mins to hold the pending accounting stops"; } } // container accounting-backup-options container terminate-code { description "Terminate code mapping configuration"; uses apply-advanced; container aaa { description "AAA terminate-code mapping configuration"; uses apply-advanced; container deny { description "Terminate-code specification"; uses apply-advanced; container authentication-denied { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container authentication-denied container no-resources { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container no-resources container server-request-timeout { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container server-request-timeout } // container deny container service-shutdown { description "Terminate-code specification"; uses apply-advanced; container network-logout { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container network-logout container remote-reset { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container remote-reset container subscriber-logout { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container subscriber-logout container time-limit { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container time-limit container volume-limit { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container volume-limit } // container service-shutdown container shutdown { description "Terminate-code specification"; uses apply-advanced; container administrative-reset { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container administrative-reset container idle-timeout { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container idle-timeout container reassign-on-match { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container reassign-on-match container remote-reset { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container remote-reset container session-timeout { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container session-timeout } // container shutdown } // container aaa container dhcp { description "DHCP terminate-code mapping configuration"; uses apply-advanced; container client-request { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container client-request container lost-carrier { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container lost-carrier container nak { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container nak container nas-logout { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container nas-logout container no-offers { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container no-offers } // container dhcp container hybrid-access { description "HYBRID-ACCESS terminate-code mapping configuration"; uses apply-advanced; container admin-down { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container admin-down container client-request { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container client-request container lost-carrier { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container lost-carrier container nak { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container nak container nas-logout { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container nas-logout container no-resource { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container no-resource } // container hybrid-access container vlan { description "VLAN terminate-code mapping configuration"; uses apply-advanced; container admin-logout { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container admin-logout container admin-reconnect { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container admin-reconnect container other { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container other container out-of-band { description "Terminate-code specification"; uses apply-advanced; container access-interface-down { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container access-interface-down container admin-access-interface-down { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container admin-access-interface-down container admin-core-interface-down { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container admin-core-interface-down container ancp { description "Terminate-code specification"; uses apply-advanced; container port-down { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container port-down container port-vlan-id-change { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container port-vlan-id-change } // container ancp container core-interface-down { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container core-interface-down container l2-wholesale { description "Terminate-code specification"; uses apply-advanced; container no-free-vlans { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container no-free-vlans } // container l2-wholesale } // container out-of-band container profile-request-error { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container profile-request-error container sdb-error { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container sdb-error container subscriber-activate-error { description "Terminate-code specification"; uses apply-advanced; container radius { description "Radius Acct-Terminate-Cause configuration"; leaf acct-terminate-cause { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Set value"; } } // container radius } // container subscriber-activate-error } // container vlan } // container terminate-code } // grouping juniper-access-options grouping access-client-name-filter-object { description "Restrictions on client names authenticated on this server"; uses apply-advanced; leaf domain-name { type string; description "Domain name to match (must be part of username)"; } leaf separator { type string { length "1"; } description "Separator character in domain name"; } leaf count { type union { type string { pattern "<.*>|$.*"; } type uint8 { range "0 .. 255"; } } default "0"; description "Number of separator instances"; } } // grouping access-client-name-filter-object grouping access-client-object { leaf name { type string; description "Name of entity requesting access"; } uses apply-advanced; leaf no-rfc2486 { type empty; description "RFC2486 compliance is not enforced"; } leaf chap-secret { type jt:unreadable; description "CHAP secret"; } leaf pap-password { type jt:unreadable; description "PAP password"; } choice client_type { case case_1 { } // case case_1 case case_2 { } // case case_2 container ike { presence "enable ike"; description "Configuration for dynamic IKE peers"; uses apply-advanced; leaf initiate-dead-peer-detection { type empty; description "Initiate dead peer detection"; } container dead-peer-detection { junos:must "(".. initiate-dead-peer-detection")"; junos:must-message "[ edit access profile <*> client * ike initiate-dead-peer-detection ] must be set"; presence "enable dead-peer-detection"; description "Dead peer detection options"; uses apply-advanced; leaf interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 180"; } } units "seconds"; default "10"; description "Interval at which the DPD messages should be sent"; } leaf threshold { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 10"; } } default "3"; description "Maximum number of DPD messages"; } } // container dead-peer-detection container respond-bad-spi { presence "enable respond-bad-spi"; description "Respond to IPsec packets with bad security parameter index (SPI) values"; leaf max-responses { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 30"; } } default "5"; description "Maximum number of times to respond"; } } // container respond-bad-spi choice name { case case_1 { } // case case_1 case case_2 { } // case case_2 } // choice name container reverse-route { presence "enable reverse-route"; description "Reverse route parameters"; uses apply-advanced; container preference { description "Preference value"; leaf metric-value { type union { type uint32; type string { pattern "<.*>|$.*"; } } description "Metric value"; } } // container preference } // container reverse-route } // container ike } // choice client_type leaf-list client-group { type string; ordered-by user; description "One or more groups to which the client belongs"; } container firewall-user { description "Client is configured as a firewall user"; uses apply-advanced; leaf password { type string { length "1 .. 128"; } description "Password for user"; } } // container firewall-user } // grouping access-client-object grouping access-ldap-options { uses apply-advanced; leaf revert-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 4294967295"; } } units "seconds"; default "600"; description "Time after which to revert to primary server"; } leaf base-distinguished-name { type string; description "Suffix when assembling user distinguished name (DN) or base DN under which to search for user DN"; } choice search_type { container assemble { presence "enable assemble"; description "Derive user distinguished name from 'common-name' and 'base-distinguished-name'"; uses apply-advanced; leaf common-name { type string; default "cn"; description "Prefix in user distinguished name (for example, 'cn' or 'uid')"; } } // container assemble container search { presence "enable search"; description "Search for user's distinguished name"; uses apply-advanced; leaf search-filter { type string; description "Filter to use in search (examples: 'cn=' or 'givenName=')"; } container admin-search { presence "enable admin-search"; description "Perform an administrator search to find user's distinguished name"; uses apply-advanced; leaf distinguished-name { type string; description "Administrator's distinguished name"; } leaf password { type jt:unreadable; description "Administrator password"; } } // container admin-search } // container search } // choice search_type } // grouping access-ldap-options grouping access-radius-options { uses apply-advanced; leaf revert-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 604800"; } } units "seconds"; default "60"; description "Time after which to revert to primary server"; } leaf timeout-grace { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 30"; } } units "seconds"; default "10"; description "The period after a RADIUS server times out before marking the server as dead"; } leaf request-rate { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "100 .. 4000"; } } default "500"; description "Maximum number of RADIUS requests sent per second"; } leaf interim-rate { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "50 .. 4000"; } } default "500"; description "Maximum number of RADIUS requests sent per second"; } leaf interim-update-tolerance { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 600"; } } units "seconds"; default "60"; status deprecated; description "Maximum tolerance for Interim Updates to RADIUS"; } container unique-nas-port { junos:must "(!(any "access profile <*> radius options vlan-nas-port-stacked-format"))"; junos:must-message "unique-nas-port is not supported with vlan-nas-port-stacked-format"; junos:must "(!(any "access profile <*> radius options nas-port-extended-format"))"; junos:must-message "unique-nas-port is not supported with nas-port-extended-format"; presence "enable unique-nas-port"; description "Use unique value for NAS-Port radius attribute"; uses apply-advanced; leaf chassis-id { junos:must "(".. chassis-id-width")"; junos:must-message "chassis-id-width must be configured"; type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 127"; } } description "Configure chassis identifier field of NAS-Port"; } leaf chassis-id-width { junos:must "(".. chassis-id")"; junos:must-message "chassis-id must be configured"; type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 7"; } } units "bits"; description "Number of bits for the chassis identifier field of NAS-Port"; } } // container unique-nas-port } // grouping access-radius-options grouping access-radius-server-name-object { leaf name { type string { junos:posix-pattern "^[[:alnum:]._-]+$"; junos:pattern-message "Invalid FQDN"; length "4 .. 255"; } description "Fully qualified domain name of the RADIUS server"; } uses apply-advanced; leaf dns-query-interval { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "10 .. 1440"; } } units "minutes"; default "60"; description "Frequency of RADIUS server name resolution"; } leaf accounting-port { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 65535"; } } default "1813"; description "RADIUS server accounting port number"; } leaf radsec-destination { junos:must "(!(".. preauthentication-order"))"; junos:must-message "RADSEC is mutually exclusive with preauthentication"; junos:must "("access radsec destination $$")"; junos:must-message "RADSEC destination must be defined"; type union { type uint32; type string { pattern "<.*>|$.*"; } } description "RADSEC destination"; } leaf port { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 65535"; } } default "1812"; description "RADIUS server authentication port number"; } leaf preauthentication-port { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 65535"; } } description "RADIUS server preauthentication port number"; } leaf dynamic-request-port { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 65535"; } } default "3799"; description "RADIUS client dynamic request port number"; } leaf secret { type jt:unreadable; description "Shared secret with the RADIUS server"; } leaf preauthentication-secret { type jt:unreadable; description "Shared secret with the RADIUS server"; } leaf timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 1000"; } } units "seconds"; default "3"; description "Request timeout period"; } leaf retry { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 100"; } } default "3"; description "Retry attempts"; } leaf accounting-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 1000"; } } units "seconds"; default "0"; description "Accounting request timeout period"; } leaf accounting-retry { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 100"; } } default "0"; description "Accounting retry attempts"; } leaf max-outstanding-requests { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 2000"; } } default "1000"; description "Maximum requests in flight to server"; } leaf source-address { type jt:ipaddr; description "Use specified address as source address"; } leaf routing-instance { junos:must "(("routing-instances $$" || any "tenants <*> routing-instances $$"))"; junos:must-message "referenced routing-instance must be defined"; type string; description "Use specified routing instance"; } } // grouping access-radius-server-name-object grouping access-radius-server-object { leaf name { type jt:ipaddr; description "RADIUS server address"; } uses apply-advanced; leaf port { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 65535"; } } default "1812"; description "RADIUS server authentication port number"; } leaf preauthentication-port { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 65535"; } } description "RADIUS server preauthentication port number"; } leaf accounting-port { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 65535"; } } default "1813"; description "Port number to send RADIUS accounting messages"; } leaf dynamic-request-port { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 65535"; } } default "3799"; description "RADIUS client dynamic request port number"; } leaf secret { type jt:unreadable; description "Shared secret with the RADIUS server"; } leaf preauthentication-secret { type jt:unreadable; description "Shared secret with the RADIUS server"; } leaf timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 1000"; } } units "seconds"; default "3"; description "Request timeout period"; } leaf retry { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 100"; } } default "3"; description "Retry attempts"; } leaf accounting-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 1000"; } } units "seconds"; default "0"; description "Accounting request timeout period"; } leaf accounting-retry { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 100"; } } default "0"; description "Accounting retry attempts"; } leaf max-outstanding-requests { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 2000"; } } default "1000"; description "Maximum requests in flight to server"; } leaf source-address { type jt:ipaddr; description "Use specified address as source address"; } leaf routing-instance { junos:must "(("routing-instances $$" || any "tenants <*> routing-instances $$"))"; junos:must-message "referenced routing-instance must be defined"; type string; description "Use specified routing instance"; } leaf radsec-destination { junos:must "(!(".. preauthentication-order"))"; junos:must-message "RADSEC is mutually exclusive with preauthentication"; junos:must "("access radsec destination $$")"; junos:must-message "RADSEC destination must be defined"; type union { type uint32; type string { pattern "<.*>|$.*"; } } description "RADSEC destination"; } } // grouping access-radius-server-object grouping address-assignment-type { description "Address assignment configuration"; uses apply-advanced; container neighbor-discovery-router-advertisement { description "Designated NDRA pool for this instance"; leaf ndra-name { junos:must "(".. .. pool $$ family inet6")"; junos:must-message "designated NDRA pool must be configured and family inet6 must be set"; type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]{0,62}$"; junos:pattern-message "Must be a string beginning with a number or letter and consisting of no more than 63 total letters, numbers, dashes and underscores."; length "1 .. 63"; } description "Designated NDRA pool name"; } } // container neighbor-discovery-router-advertisement leaf high-utilization { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "2 .. 99"; } } description "Generate an SNMP trap when address pool use surpasses this percentage"; } leaf abated-utilization { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 98"; } } description "Generate an SNMP clear trap when address pool use falls below this percentage"; } leaf high-utilization-v6 { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "2 .. 99"; } } description "Generate an SNMP trap when address pool use surpasses this percentage"; } leaf abated-utilization-v6 { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 98"; } } description "Generate an SNMP clear trap when address pool use falls below this percentage"; } list pool { key "name"; ordered-by user; description "Address pool"; leaf name { junos:must "(!(".. link $$"))"; junos:must-message "Link cannot be self referential"; type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]{0,62}$"; junos:pattern-message "Must be a string beginning with a number or letter and consisting of no more than 63 total letters, numbers, dashes and underscores."; length "1 .. 63"; } description "Address pool name"; } uses apply-advanced; leaf active-drain { type empty; description "Notify client of pool active drain mode"; } leaf hold-down { type empty; description "Place pool in passive drain mode"; } leaf link { junos:must "(".. .. pool $$")"; junos:must-message "Link must be to a valid pool name"; type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]{0,62}$"; junos:pattern-message "Must be a string beginning with a number or letter and consisting of no more than 63 total letters, numbers, dashes and underscores."; length "1 .. 63"; } description "Address pool link name"; } container family { presence "enable family"; description "Address family"; choice family_type { container inet { presence "enable inet"; description "IPv4"; uses apply-advanced; leaf network { type jt:ipv4prefix; description "Network address"; } list range { key "name"; ordered-by user; description "Address range"; leaf name { type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]{0,62}$"; junos:pattern-message "Must be a string beginning with a number or letter and consisting of no more than 63 total letters, numbers, dashes and underscores."; length "1 .. 63"; } description "Range name"; } uses apply-advanced; leaf low { type jt:ipv4addr; description "Lower limit of address range"; } leaf high { type jt:ipv4addr; description "Upper limit of address range"; } } // list range container dhcp-attributes { description "DHCP options and match criteria"; uses dhcp-attribute-type; } // container dhcp-attributes container xauth-attributes { description "Configure xauth attributes"; uses apply-advanced; leaf primary-dns { type jt:ipv4prefix; description "Specify the primary-dns IP address"; } leaf secondary-dns { type jt:ipv4prefix; description "Specify the secondary-dns IP address"; } leaf primary-wins { type jt:ipv4prefix; description "Specify the primary-wins IP address"; } leaf secondary-wins { type jt:ipv4prefix; description "Specify the secondary-wins IP address"; } } // container xauth-attributes list host { key "name"; ordered-by user; description "Hostname for static reservations"; leaf name { junos:must "((".. hardware-address" || ".. user-name"))"; junos:must-message "either host's hardware address or identifier must be set"; type string { length "1 .. 256"; } description "Hostname"; } uses apply-advanced; leaf hardware-address { type jt:mac-addr; description "Hardware address"; } leaf ip-address { type jt:ipv4addr; description "Reserved address"; } choice host-identifier-type { leaf user-name { type empty; description "Set subscriber user name as host identifier"; } } // choice host-identifier-type } // list host list excluded-address { key "name"; max-elements 20; ordered-by user; description "Excluded Addresses"; leaf name { type jt:ipv4addr; description "Excluded address"; } uses apply-advanced; } // list excluded-address list excluded-range { key "name"; max-elements 20; ordered-by user; description "Excluded address range"; leaf name { type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]{0,62}$"; junos:pattern-message "Must be a string beginning with a number or letter and consisting of no more than 63 total letters, numbers, dashes and underscores."; length "1 .. 63"; } description "Range name"; } uses apply-advanced; leaf low { type jt:ipv4addr; description "Lower limit of excluded address range"; } leaf high { type jt:ipv4addr; description "Upper limit of excluded address range"; } } // list excluded-range } // container inet container inet6 { presence "enable inet6"; description "IPv6"; uses apply-advanced; leaf prefix { type jt:ipv6prefix-mandatory; description "IPv6 network prefix"; } list range { key "name"; ordered-by user; description "IPv6 address range"; leaf name { type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]{0,62}$"; junos:pattern-message "Must be a string beginning with a number or letter and consisting of no more than 63 total letters, numbers, dashes and underscores."; length "1 .. 63"; } description "Range name"; } uses apply-advanced; leaf low { junos:must "(".. high")"; junos:must-message "range upper bound must be defined"; type jt:ipv6prefix-mandatory; description "Lower limit of ipv6 address range"; } leaf high { junos:must "(".. low")"; junos:must-message "range lower bound must be defined"; type jt:ipv6prefix-mandatory; description "Upper limit of ipv6 address range"; } leaf prefix-length { junos:must "(!(".. low"))"; junos:must-message "range lower bound may not be defined"; type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 128"; } } description "IPv6 delegated prefix length"; } } // list range container dhcp-attributes { description "DHCP options and match criteria"; uses dhcp-attribute-type; } // container dhcp-attributes container xauth-attributes { description "Configure xauth ipv6 attributes"; uses apply-advanced; leaf primary-dns-ipv6 { type jt:ipv6addr; description "Specify the primary-dns IPv6 address"; } leaf secondary-dns-ipv6 { type jt:ipv6addr; description "Specify the secondary-dns IPv6 address"; } } // container xauth-attributes list host { key "name"; ordered-by user; description "Hostname for static reservations"; leaf name { junos:must "((".. hardware-address" || ".. user-name"))"; junos:must-message "either host's hardware address or identifier must be set"; type string { length "1 .. 256"; } description "Hostname"; } uses apply-advanced; leaf hardware-address { type jt:mac-addr; description "Hardware address"; } leaf ip-address { type jt:ipv6addr; description "Reserved address"; } choice host-identifier-type { leaf user-name { type empty; description "Set subscriber user name as host identifier"; } } // choice host-identifier-type } // list host list excluded-address { key "name"; max-elements 20; ordered-by user; description "Excluded Addresses"; leaf name { type jt:ipv6addr; description "Excluded address"; } uses apply-advanced; } // list excluded-address list excluded-range { key "name"; max-elements 20; ordered-by user; description "Excluded address range"; leaf name { type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]{0,62}$"; junos:pattern-message "Must be a string beginning with a number or letter and consisting of no more than 63 total letters, numbers, dashes and underscores."; length "1 .. 63"; } description "Range name"; } uses apply-advanced; leaf low { type jt:ipv6addr; description "Lower limit of excluded address range"; } leaf high { type jt:ipv6addr; description "Upper limit of excluded address range"; } } // list excluded-range } // container inet6 } // choice family_type } // container family } // list pool list domain-profile { key "name"; ordered-by user; description "Address domain profile"; leaf name { type string { length "1 .. 63"; } description "Pool domain profile name"; } uses apply-advanced; container family { description "Network family to which this configuration belongs"; uses apply-advanced; container inet { description "The IPv4 internet family"; uses apply-advanced; leaf preferred-prefix-length { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "8 .. 30"; } } description "Preferred prefix length"; } leaf source-partition-qualifier { type string { length "1 .. 63"; } description "Prefix source qualifier appended to location for partition name"; } container excluded-address { description "Excluded addresses from allocation"; leaf-list last-octet { type union { type string { pattern "<.*>|$.*"; } type uint8 { range "0 .. 255"; } } ordered-by user; description "Last octet of the excluded address"; } } // container excluded-address leaf install-discard-routes { type empty; description "Install discard route domain pool prefix"; } leaf dhcp-router-host-part { type union { type string { pattern "<.*>|$.*"; } type uint8 { range "1 .. 8"; } } description "DHCP host address component to be excluded and passed to DHCP"; } leaf protocol-attributes { junos:must "("access protocol-attributes $$")"; junos:must-message "referenced protocol-attributes must be defined"; type string { length "1 .. 63"; } description "Access protocol-attributes name"; } } // container inet } // container family } // list domain-profile } // grouping address-assignment-type grouping address-pool-object { leaf name { type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]{0,62}$"; junos:pattern-message "Must be a string beginning with a number or letter and consisting of no more than 63 total letters, numbers, dashes and underscores."; length "1 .. 63"; } description "Address pool name"; } uses apply-advanced; choice address_choice { leaf address { type jt:ipv4prefix; description "Address or address prefix"; } container address-range { presence "enable address-range"; description "Range of addresses for pool"; leaf low { type jt:ipv4addr; description "Lower limit of address range"; } leaf high { type jt:ipv4addr; description "Upper limit of address range"; } } // container address-range } // choice address_choice } // grouping address-pool-object grouping apply-advanced { description "Apply advanced configuration logic"; leaf-list apply-groups { type string; ordered-by user; description "Groups from which to inherit configuration data"; } leaf-list apply-groups-except { type string; ordered-by user; description "Don't inherit configuration data from these groups"; } list apply-macro { key "name"; ordered-by user; description "Macro and parameters for commit script expansion"; uses apply-macro-type; } // list apply-macro } // grouping apply-advanced grouping apply-macro-type { description "Macro data for commit-script expansion"; leaf name { type string; description "Name of the macro to be expanded"; } list data { key "name"; uses macro-data-type; } // list data } // grouping apply-macro-type grouping dhcp-attribute-type { uses apply-advanced; container option-match { description "Match"; uses apply-advanced; container option-82 { uses apply-advanced; list circuit-id { key "name"; ordered-by user; description "Circuit ID portion of the option 82"; leaf name { type string; } leaf range { type string; description "Range name"; } } // list circuit-id list remote-id { key "name"; ordered-by user; description "Remote ID portion of the option 82"; leaf name { type string; } leaf range { type string; description "Range name"; } } // list remote-id } // container option-82 } // container option-match leaf maximum-lease-time { type string; units "seconds"; description "Maximum lease time advertised to clients"; } leaf server-identifier { type jt:ipv4addr; description "Server Identifier - IP address value"; } leaf grace-period { type union { type uint32; type string { pattern "<.*>|$.*"; } } units "seconds"; description "Grace period for leases"; } leaf domain-name { type string { junos:posix-pattern "^[[:alnum:]._-]+$"; junos:pattern-message "Must be a string of letters, numbers, dashes or underscores"; } description "Domain name advertised to clients"; } list name-server { key "name"; ordered-by user; description "Domain name servers available to the client"; leaf name { type jt:ipv4addr; description "DNS server's IPv4 address"; } uses apply-advanced; } // list name-server list wins-server { key "name"; ordered-by user; description "WINS name servers"; leaf name { type jt:ipv4addr; description "WINS server's IPv4 address"; } uses apply-advanced; } // list wins-server list router { key "name"; ordered-by user; description "Routers advertised to clients"; leaf name { type jt:ipv4addr; description "Router's IPv4 address"; } uses apply-advanced; } // list router leaf boot-file { type string; description "Boot filename advertised to clients"; } leaf boot-server { type string { junos:posix-pattern "^[[:alnum:]._-]+$"; junos:pattern-message "Must be a string of letters, numbers, dashes or underscores"; } description "Boot server advertised to clients"; } leaf tftp-server { type jt:ipv4addr; description "TFTP server IP address advertised to clients"; } leaf netbios-node-type { type enumeration { enum "b-node" { value 0; description "Broadcast node"; } enum "p-node" { value 1; description "Peer-to-peer node"; } enum "m-node" { value 2; description "Mixed Node"; } enum "h-node" { value 3; description "Hybrid node"; } } description "Type of NETBIOS node advertised to clients"; } leaf sip-server-domain-name { type string { junos:posix-pattern "^[[:alnum:]._-]+$"; junos:pattern-message "Must be a string of letters, numbers, dashes or underscores"; } description "SIP server domain name available to clients"; } list sip-server-address { key "name"; ordered-by user; description "SIP Servers list of IPv6 addresses available to the client"; leaf name { type jt:ipv6addr; description "SIP Server's IPv6 address"; } uses apply-advanced; } // list sip-server-address list dns-server { key "name"; ordered-by user; description "Domain name servers available to the client"; leaf name { type jt:ipv6addr; description "DNS server's IPv6 address"; } uses apply-advanced; } // list dns-server list option { key "name"; ordered-by user; description "DHCP option"; leaf name { type union { type uint32; type string { pattern "<.*>|$.*"; } } description "DHCP option identifier code"; } choice option-type-choice { leaf flag { type enumeration { enum "true" { value 0; description "True value"; } enum "false" { value 1; description "False value"; } enum "on" { value 2; description "On value"; } enum "off" { value 3; description "Off value"; } } description "Boolean flag value"; } leaf byte { type union { type uint8; type string { pattern "<.*>|$.*"; } } description "Unsigned 8-bit value"; } leaf short { type union { type int16; type string { pattern "<.*>|$.*"; } } description "Signed 16-bit numeric value"; } leaf unsigned-short { type union { type uint16; type string { pattern "<.*>|$.*"; } } description "Unsigned 16-bit numeric value"; } leaf integer { type union { type int32; type string { pattern "<.*>|$.*"; } } description "Signed 32-bit numeric value"; } leaf unsigned-integer { type union { type uint32; type string { pattern "<.*>|$.*"; } } description "Unsigned 32-bit numeric value"; } leaf hex-string { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; length "1 .. 510"; } description "Hexadecimal string"; } leaf string { type string { length "1 .. 254"; } description "Character string value"; } leaf ip-address { type jt:ipv4addr; description "IP address value"; } leaf ipv6-address { type jt:ipv6addr; description "IPV6 address value"; } container array { presence "enable array"; description "Array of values"; uses apply-advanced; choice option-type-array-choice { leaf-list flag { type enumeration { enum "true" { value 0; description "True value"; } enum "false" { value 1; description "False value"; } enum "on" { value 2; description "On value"; } enum "off" { value 3; description "Off value"; } } ordered-by user; description "Array of boolean flag values"; } leaf-list byte { type union { type uint8; type string { pattern "<.*>|$.*"; } } ordered-by user; description "Array of unsigned 8-bit values"; } leaf-list short { type union { type int16; type string { pattern "<.*>|$.*"; } } ordered-by user; description "Array of signed 16-bit numeric values"; } leaf-list unsigned-short { type union { type uint16; type string { pattern "<.*>|$.*"; } } ordered-by user; description "Array of 16-bit numeric values"; } leaf-list integer { type union { type int32; type string { pattern "<.*>|$.*"; } } ordered-by user; description "Array of signed 32-bit numeric values"; } leaf-list unsigned-integer { type union { type uint32; type string { pattern "<.*>|$.*"; } } ordered-by user; description "Array of unsigned 32-bit numeric values"; } leaf-list hex-string { type string { length "1 .. 510"; } ordered-by user; description "Hexadecimal string"; } leaf-list string { type string { length "1 .. 254"; } ordered-by user; description "Array of character string values"; } leaf-list ip-address { type jt:ipv4addr; ordered-by user; description "Array of IP address values"; } leaf-list ipv6-address { type jt:ipv6addr; ordered-by user; description "Array of IPv6 address values"; } } // choice option-type-array-choice } // container array } // choice option-type-choice } // list option leaf valid-lifetime { junos:must "(!(".. maximum-lease-time"))"; junos:must-message "'valid-lifetime' statement cannot be included along with 'maximum-lease-time'"; type string; units "seconds"; description "Valid lifetime advertised to clients"; } leaf preferred-lifetime { junos:must "(!(".. maximum-lease-time"))"; junos:must-message "'preferred-lifetime' statement cannot be included along with 'maximum-lease-time'"; type string; units "seconds"; description "Preferred lifetime advertised to clients"; } leaf t1-percentage { junos:must "(!(".. t2-rebinding-time"))"; junos:must-message "T1 must be configured in seconds to match T2"; junos:must "(!(".. t1-renewal-time"))"; junos:must-message "T1 time in seconds already configured"; type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 100"; } } units "percent"; description "T1 time as percentage of preferred lifetime or max lease"; } leaf t2-percentage { junos:must "(!(".. t1-renewal-time"))"; junos:must-message "T2 must be configured in seconds to match T1"; junos:must "(!(".. t2-rebinding-time"))"; junos:must-message "T2 time in seconds already configured"; type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 100"; } } units "percent"; description "T2 time as percentage of preferred lifetime or max lease"; } leaf exclude-prefix-len { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 128"; } } description "Length of IPv6 prefix to be excluded from delegated prefix"; } leaf t1-renewal-time { junos:must "(!(".. t2-percentage"))"; junos:must-message "T1 must be configured as percentage to match T2"; junos:must "(!(".. t1-percentage"))"; junos:must-message "T1 time as percentage already configured"; type union { type uint32; type string { pattern "<.*>|$.*"; } } units "seconds"; description "T1 renewal time"; } leaf t2-rebinding-time { junos:must "(!(".. t1-percentage"))"; junos:must-message "T2 must be configured as percentage to match T1"; type union { type uint32; type string { pattern "<.*>|$.*"; } } units "seconds"; description "T2 rebinding time"; } } // grouping dhcp-attribute-type grouping domain-map-type { description "Domain map configuration"; uses apply-advanced; list map { key "name"; ordered-by user; description "Domain map definitions"; leaf name { type string { length "1 .. 64"; } description "Domain map name"; } uses apply-advanced; choice aaa_ri_or_ls { leaf aaa-routing-instance { type string; description "Routing instance to be used for applying AAA services"; } list aaa-logical-system { key "name"; max-elements 1; ordered-by user; description "Logical system to be used for applying AAA services"; leaf name { junos:must "("logical-systems $$")"; junos:must-message "Referenced logical system must be defined"; type string; description "Logical system name"; } uses apply-advanced; leaf aaa-routing-instance { type string; description "Routing instance to be used for applying AAA services"; } } // list aaa-logical-system } // choice aaa_ri_or_ls leaf access-profile { junos:must "("access profile $$")"; junos:must-message "Referenced access profile must be defined"; type string { length "1 .. 63"; } description "Access profile to be used for applying AAA services"; } leaf address-pool { type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]{0,62}$"; junos:pattern-message "Must be a string beginning with a number or letter and consisting of no more than 63 total letters, numbers, dashes and underscores."; length "1 .. 63"; } description "Address pool to use for providing address-allocation services"; } leaf dynamic-profile { junos:must "("dynamic-profiles $$")"; junos:must-message "Dynamic profile must be defined"; type string; description "Dynamic profile to be used for this client's session"; } leaf override-password { type string { length "1 .. 64"; } description "Use this password for authentication"; } leaf override-chap-password { type string { length "1 .. 64"; } description "Use this CHAP password for authentication"; } leaf using-user-password { junos:must "(".. override-chap-password")"; junos:must-message "override-chap-password must be defined"; type empty; description "Send overridden CHAP-Password using User-Password"; } list padn { key "name"; max-elements 16; ordered-by user; status deprecated; description "PPPoE Active Discovery Network parameters to apply for this client's session"; leaf name { type jt:ipv4addr; description "Destination IP address"; } uses apply-advanced; leaf mask { type jt:ipv4addr; description "Destination mask"; } leaf metric { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "0 .. 255"; } } description "Metric value"; } } // list padn choice target_ri_or_ls { leaf target-routing-instance { type string; description "Routing instance the client's session will be mapped to"; } list target-logical-system { key "name"; max-elements 1; ordered-by user; description "Logical system the client's session will be mapped to"; leaf name { junos:must "("logical-systems $$")"; junos:must-message "Referenced logical system must be defined"; type string; description "Logical system name"; } uses apply-advanced; leaf target-routing-instance { type string; description "Routing instance the client's session will be mapped to"; } } // list target-logical-system } // choice target_ri_or_ls leaf strip-domain { junos:must "(!(".. strip-username"))"; junos:must-message "Mutually exclusive with strip-username"; type empty; description "Enable domain name stripping from the username"; } container strip-username { junos:must "(!(".. strip-domain"))"; junos:must-message "Mutually exclusive with strip-domain"; presence "enable strip-username"; description "Enable user name stripping from the username"; choice direction { leaf right-to-left { type empty; description "Strip to first domain delimiter on the right"; } leaf left-to-right { type empty; description "Strip to first domain delimiter on the left"; } } // choice direction } // container strip-username list sub-domain { key "name"; max-elements 16; ordered-by user; description "Sub-Domain definitions"; leaf name { type string { length "1 .. 64"; } description "Sub-Domain name"; } uses apply-advanced; choice aaa_ri_or_ls { leaf aaa-routing-instance { junos:must "(".. qualifier")"; junos:must-message "Qualifier must be defined in sub-domain"; type string; description "Routing instance to be used for applying AAA services"; } list aaa-logical-system { junos:must "(".. qualifier")"; junos:must-message "Qualifier must be defined in sub-domain"; key "name"; max-elements 1; ordered-by user; description "Logical system to be used for applying AAA services"; leaf name { junos:must "("logical-systems $$")"; junos:must-message "Referenced logical system must be defined"; type string; description "Logical system name"; } uses apply-advanced; leaf aaa-routing-instance { type string; description "Routing instance to be used for applying AAA services"; } } // list aaa-logical-system } // choice aaa_ri_or_ls leaf access-profile { junos:must "(".. qualifier")"; junos:must-message "Qualifier must be defined in sub-domain"; junos:must "("access profile $$")"; junos:must-message "Referenced access profile must be defined"; type string { length "1 .. 63"; } description "Access profile to be used for applying AAA services"; } leaf address-pool { junos:must "(".. qualifier")"; junos:must-message "Qualifier must be defined in sub-domain"; type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]{0,62}$"; junos:pattern-message "Must be a string beginning with a number or letter and consisting of no more than 63 total letters, numbers, dashes and underscores."; length "1 .. 63"; } description "Address pool to use for providing address-allocation services"; } leaf dynamic-profile { junos:must "(".. qualifier")"; junos:must-message "Qualifier must be defined in sub-domain"; junos:must "("dynamic-profiles $$")"; junos:must-message "Dynamic profile must be defined"; type string; description "Dynamic profile to be used for this client's session"; } leaf override-password { junos:must "(".. qualifier")"; junos:must-message "Qualifier must be defined in sub-domain"; type string { length "1 .. 64"; } description "Use this password for authentication"; } leaf override-chap-password { junos:must "(".. qualifier")"; junos:must-message "Qualifier must be defined in sub-domain"; type string { length "1 .. 64"; } description "Use this CHAP password for authentication"; } leaf using-user-password { junos:must "(".. qualifier")"; junos:must-message "Qualifier must be defined in sub-domain"; junos:must "(".. override-chap-password")"; junos:must-message "override-chap-password must be defined"; type empty; description "Send overridden CHAP-Password using User-Password"; } list padn { junos:must "(".. qualifier")"; junos:must-message "Qualifier must be defined in sub-domain"; key "name"; max-elements 16; ordered-by user; status deprecated; description "PPPoE Active Discovery Network parameters to apply for this client's session"; leaf name { type jt:ipv4addr; description "Destination IP address"; } uses apply-advanced; leaf mask { type jt:ipv4addr; description "Destination mask"; } leaf metric { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "0 .. 255"; } } description "Metric value"; } } // list padn choice target_ri_or_ls { leaf target-routing-instance { junos:must "(".. qualifier")"; junos:must-message "Qualifier must be defined in sub-domain"; type string; description "Routing instance the client's session will be mapped to"; } list target-logical-system { junos:must "(".. qualifier")"; junos:must-message "Qualifier must be defined in sub-domain"; key "name"; max-elements 1; ordered-by user; description "Logical system the client's session will be mapped to"; leaf name { junos:must "("logical-systems $$")"; junos:must-message "Referenced logical system must be defined"; type string; description "Logical system name"; } uses apply-advanced; leaf target-routing-instance { type string; description "Routing instance the client's session will be mapped to"; } } // list target-logical-system } // choice target_ri_or_ls leaf strip-domain { junos:must "(".. qualifier")"; junos:must-message "Qualifier must be defined in sub-domain"; junos:must "(!(".. strip-username"))"; junos:must-message "Mutually exclusive with strip-username"; type empty; description "Enable domain name stripping from the username"; } container strip-username { junos:must "(".. qualifier")"; junos:must-message "Qualifier must be defined in sub-domain"; junos:must "(!(".. strip-domain"))"; junos:must-message "Mutually exclusive with strip-domain"; presence "enable strip-username"; description "Enable user name stripping from the username"; choice direction { leaf right-to-left { type empty; description "Strip to first domain delimiter on the right"; } leaf left-to-right { type empty; description "Strip to first domain delimiter on the left"; } } // choice direction } // container strip-username container qualifier { description "Qualifier definition for sub-domain"; uses apply-advanced; choice sub_domain_qualifier_choice { leaf-list vlan-id-list { type jt:vlan-range; description "Apply access-profile only for the vlan-id specified in the vlan-id-list"; } } // choice sub_domain_qualifier_choice } // container qualifier } // list sub-domain } // list map container parse-order { description "Order in which search parsing is conducted (i.e. look for domain-namd or realm-name first)"; choice order { leaf domain-first { type empty; description "Search for domain name in username field before searching for realm name"; } leaf realm-first { type empty; description "Search for realm name in username field before searching for domain name"; } } // choice order } // container parse-order container delimiter { description "Allowable delimiter characters for domain name separation"; leaf characters { type string { length "1 .. 8"; } description "Sequence of characters without spaces and commas"; } } // container delimiter container parse-direction { description "Domain name parsing direction"; choice direction { leaf right-to-left { type empty; description "Parse the username from right to left"; } leaf left-to-right { type empty; description "Parse the username field from left to right to find domain name"; } } // choice direction } // container parse-direction container realm-delimiter { description "Allowable delimiter characters for realm name separation"; leaf characters { type string { length "1 .. 8"; } description "Sequence of characters without spaces and commas"; } } // container realm-delimiter container realm-parse-direction { description "Realm name parsing direction"; choice direction { leaf left-to-right { type empty; description "Parse the username field from left to right to find realm name"; } leaf right-to-left { type empty; description "Parse the username field from right to left to find realm name"; } } // choice direction } // container realm-parse-direction } // grouping domain-map-type grouping group-profile-object { leaf name { type string { junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$"; junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores."; length "1 .. 63"; } description "Group profile name"; } uses apply-advanced; container ppp { junos:must "(!(".. l2tp"))"; junos:must-message "A group-profile can have either PPP or L2TP attributes only"; presence "enable ppp"; description "Configuration for Point-to-Point Protocol"; uses apply-advanced; leaf framed-pool { junos:must "("access address-pool $$")"; junos:must-message "referenced address pool must be defined"; type string { length "1 .. 63"; } description "Address pool used to assign an address for the user"; } leaf idle-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 4294967295"; } } units "seconds"; default "0"; description "Idle timeout before termination of session"; } container ppp-options { presence "enable ppp-options"; description "Point-to-Point Protocol interface-specific options"; uses apply-advanced; leaf pap { type empty; description "Password Authentication Protocol"; } leaf chap { type empty; description "Challenge Handshake Authentication Protocol"; } container initiate-ncp { description "Enable server initiated NCP"; uses apply-advanced; leaf ip { type empty; description "Enable server initiated IPNCP"; } leaf ipv6 { type empty; description "Enable server initiated IPv6NCP"; } leaf dual-stack-passive { type empty; description "Disable server initiated IPNCP/IPv6NCP for dual-stack client"; } } // container initiate-ncp leaf peer-ip-address-optional { type empty; description "Set Peer IP Address Optional in IP NCP Negotiations"; } leaf ipcp-suggest-dns-option { type empty; description "Suggest peer to negotiate with DNS Addresses options"; } leaf ignore-magic-number-mismatch { type empty; description "Ignore magic-number validation failure in LCP keepalive"; } leaf aaa-options { junos:must "("access aaa-options $$")"; junos:must-message "referenced aaa-options name must be defined"; type string { length "1 .. 63"; } description "Attach AAA options name to group-profile"; } } // container ppp-options leaf keepalive { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "0 .. 32767"; } } units "seconds"; default "10"; description "PPP keepalive interval"; } leaf primary-dns { type string; description "Primary DNS server name"; } leaf secondary-dns { type string; description "Secondary DNS server name"; } leaf primary-wins { type string; description "Primary wins server name"; } leaf secondary-wins { type string; description "Secondary wins server name"; } leaf encapsulation-overhead { type union { type string { pattern "<.*>|$.*"; } type int8 { range "-63 .. 64"; } } description "Encapsulation overhead for Class of Service calculation"; } leaf cell-overhead { type empty; description "ATM cell overhead for Class of Service calculation"; } leaf interface-id { type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]{0,62}$"; junos:pattern-message "Must be a string beginning with a number or letter and consisting of no more than 63 total letters, numbers, dashes and underscores."; length "1 .. 63"; } description "Interface identifier to look up session information"; } } // container ppp } // grouping group-profile-object grouping gx-plus-definition { description "GX-PLUS configuration definition"; uses apply-advanced; list partition { key "name"; ordered-by user; description "GX-PLUS partition configuration"; leaf name { type string { length "1 .. 63"; } description "GX-PLUS partition name"; } uses apply-advanced; leaf diameter-instance { junos:must "("diameter origin")"; junos:must-message "Diameter origin must be defined in the [edit diameter origin] hierarchy"; type string { junos:posix-pattern "master"; junos:pattern-message "Only one diameter instance is supported"; length "1 .. 63"; } description "GX-PLUS diameter instance"; } leaf destination-realm { type string { length "1 .. 255"; } description "GX-PLUS destination realm"; } leaf destination-host { type string { length "1 .. 255"; } description "GX-PLUS destination host"; } } // list partition container global { presence "enable global"; description "GX-PLUS global parameters"; uses apply-advanced; leaf include-ipv6 { type empty; description "Send provisioning request for IPv6-only subscribers"; } leaf max-outstanding-requests { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 40"; } } default "40"; description "Maximum number of outstanding requests"; } } // container global } // grouping gx-plus-definition grouping ldap-server-object { leaf name { type string { junos:posix-pattern "^[[:alnum:]._-]+$"; junos:pattern-message "Hostname can only contain alphanumeric characters, '.', '-', and '_'. The format of IPv4 address is 'n.n.n.n'"; } description "Hostname or IPv4 address of LDAP server"; } uses apply-advanced; leaf port { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 65535"; } } default "389"; description "LDAP server port number"; } leaf source-address { type jt:ipv4addr; description "Use specified address as source address"; } leaf routing-instance { junos:must "(("routing-instances $$" || any "tenants <*> routing-instances $$"))"; junos:must-message "referenced routing-instance must be defined"; type string; description "Use specified routing instance"; } leaf retry { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 10"; } } default "3"; description "Number of times to resend requests"; } leaf timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "3 .. 90"; } } units "seconds"; default "5"; description "Delay before resending unacknowledged request"; } leaf tls-type { type enumeration { enum "start-tls" { value 0; description "Negotiate start-tls for connection"; } } } leaf tls-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "3 .. 90"; } } units "seconds"; default "5"; description "Limit on tls handshake time"; } leaf tls-min-version { type enumeration { enum "v1.1" { value 0; description "Require tls 1.1 and 1.2"; } enum "v1.2" { value 1; description "Require tls 1.2"; } } default "v1.2"; } leaf no-tls-certificate-check { type empty; description "Do not validate peer certificate"; } leaf tls-peer-name { type string { length "1 .. 255"; } description "Expected peer fdqn"; } } // grouping ldap-server-object grouping localauth-subscriber-object { leaf name { type string; description "Subscriber username"; } uses apply-advanced; leaf password { type string { length "1 .. 64"; } description "Password for the subscriber"; } leaf framed-ip-address { type jt:ipv4addr; description "IP address to assign to the subscriber"; } leaf framed-pool { junos:must "("access address-assignment pool $$")"; junos:must-message "referenced address pool must be defined"; type string { length "1 .. 63"; } description "Pool name to assign an IP address to the subscriber"; } leaf delegated-pool { junos:must "("access address-assignment pool $$")"; junos:must-message "referenced address pool must be defined"; type string { length "1 .. 64"; } description "Pool name to assign an IPv6 delegated prefix to the subscriber"; } leaf framed-ipv6-pool { junos:must "("access address-assignment pool $$")"; junos:must-message "referenced address pool must be defined"; type string { length "1 .. 64"; } description "Pool name to assign an IPv6 address or NDRA prefix to the subscriber"; } choice ri_or_ls { leaf target-routing-instance { type string; description "Routing instance to be assigned to the subscriber"; } container target-logical-system { presence "enable target-logical-system"; description "Logical system to be assigned to the subscriber"; uses apply-advanced; leaf logical-system-name { junos:must "("logical-systems $$")"; junos:must-message "Referenced logical system must be defined"; type string; description "Logical system name"; } leaf target-routing-instance { type string; description "Routing instance "; } } // container target-logical-system } // choice ri_or_ls } // grouping localauth-subscriber-object grouping macro-data-type { leaf name { type string; description "Keyword part of the keyword-value pair"; } leaf value { type string; description "Value part of the keyword-value pair"; } } // grouping macro-data-type grouping nasreq-definition { description "NASREQ configuration definition"; uses apply-advanced; list partition { key "name"; ordered-by user; description "NASREQ partition definition"; leaf name { type string { length "1 .. 63"; } description "NASREQ partition name"; } uses apply-advanced; leaf diameter-instance { junos:must "("diameter origin")"; junos:must-message "Diameter origin must be defined in the [edit diameter origin] hierarchy"; type string { junos:posix-pattern "master"; junos:pattern-message "Only one diameter instance is supported"; length "1 .. 63"; } description "NASREQ diameter instance"; } leaf destination-realm { type string { length "1 .. 255"; } description "NASREQ destination realm"; } leaf destination-host { type string { length "1 .. 255"; } description "NASREQ destination host"; } } // list partition leaf timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "5 .. 30"; } } units "seconds"; default "20"; description "Time period that a NASREQ request waits on the transmit queue before failing"; } leaf request-retry { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 3"; } } default "0"; description "Number of times to retry NASREQ request when DIAMETER fails with timeout."; } leaf max-outstanding-requests { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "20 .. 2000"; } } default "40"; description "Number of unanswered NASREQ requests sent to server"; } } // grouping nasreq-definition grouping ocs-definition { description "OCS configuration definition"; uses apply-advanced; list partition { key "name"; max-elements 1; ordered-by user; description "OCS partition configuration"; leaf name { type string { length "1 .. 63"; } description "OCS partition name"; } uses apply-advanced; leaf alternative-partition-name { type string { length "1 .. 63"; } description "Alternative diameter partition"; } leaf called-station-id { type string { length "1 .. 255"; } description "OCS called station id"; } leaf charging-id { type union { type uint32; type string { pattern "<.*>|$.*"; } } description "OCS charging id"; } leaf destination-realm { type string { length "1 .. 255"; } description "OCS destination realm"; } leaf destination-host { type string { length "1 .. 255"; } description "OCS destination host"; } leaf diameter-instance { junos:must "("diameter origin")"; junos:must-message "Diameter origin must be defined in the [edit diameter origin] hierarchy"; type string { junos:posix-pattern "master"; junos:pattern-message "Only one diameter instance is supported"; length "1 .. 63"; } description "OCS diameter instance"; } leaf draining { type empty; description "Set this PCRF partiton to draining state"; } leaf draining-response-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } units "seconds"; default "30"; description "Final response timeout in draining mode"; } leaf force-continue { type empty; description "Expect/force 'continue' as cc-failure-handling value"; } leaf ggsn-address { type jt:ipaddr; description "Value of ggsn-address avp reported to ocs"; } leaf ggsn-mcc-mnc { type string; description "Value of 3gpp-ggsn-mcc-mnc avp reported to ocs"; } leaf final-response-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } units "seconds"; default "86400"; description "Final response timeout"; } leaf max-outstanding-requests { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 40"; } } default "40"; description "Maximum number of outstanding requests"; } leaf send-origin-state-id { type empty; description "Include origin-state-id avp"; } container user-name-include { description "Add user-name options"; uses apply-advanced; leaf delimiter { type string { length "1"; } description "Change delimiter/separator character"; } leaf domain-name { type string { length "1 .. 64"; } description "Domain name"; } leaf interface-name { type empty; description "Include interface-name"; } leaf base-interface-name { type empty; description "Include base-interface-name"; } leaf mac-address { type empty; description "Include MAC address"; } leaf nas-port-id { type empty; description "Include nas-port-id"; } leaf origin-host { type empty; description "Include origin-host"; } leaf origin-realm { type empty; description "Include origin-host"; } leaf user-prefix { type string { length "1 .. 64"; } description "Add user defined prefix"; } leaf user-name { type empty; description "Include user-name"; } } // container user-name-include } // list partition container global { description "OCS global parameters"; uses apply-advanced; leaf service-context-id { type string { length "1 .. 255"; } description "Service context-id for OCS"; } } // container global } // grouping ocs-definition grouping pcrf-definition { description "PCRF configuration definition"; uses apply-advanced; list partition { key "name"; max-elements 1; ordered-by user; description "PCRF partition configuration"; leaf name { type string { length "1 .. 63"; } description "PCRF partition name"; } uses apply-advanced; leaf accept-sdr { type empty; description "Accept service discovery requests"; } leaf destination-realm { type string { length "1 .. 255"; } description "PCRF destination realm"; } leaf destination-host { type string { length "1 .. 255"; } description "PCRF destination host"; } leaf diameter-instance { junos:must "("diameter origin")"; junos:must-message "Diameter origin must be defined in the [edit diameter origin] hierarchy"; type string { junos:posix-pattern "master"; junos:pattern-message "Only one diameter instance is supported"; length "1 .. 63"; } description "PCRF diameter instance"; } leaf draining { type empty; description "Set this PCRF partiton to draining state"; } leaf draining-response-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } units "seconds"; default "30"; description "Logout response timeout in draining mode"; } leaf ip-can-type { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 2147483647"; } } default "77"; description "Value of IP-CAN-Type AVP for this PCRF partition"; } container local-decision { description "Local decision configuration"; uses apply-advanced; choice permission { leaf grant { type empty; description "Grant user connection by default"; } leaf deny { type empty; description "Deny user connection by default"; } } // choice permission leaf reinit-on-failure { junos:must "((".. grant" && ".. .. use-session-stamp"))"; junos:must-message "A reinit requires grant and session-stamp to be configured"; type empty; description "Reinit from local-active state on receiving result 5012"; } leaf reinit-on-rar { junos:must "((".. grant" && ".. .. use-session-stamp"))"; junos:must-message "A reinit requires grant and session-stamp to be configured"; type empty; description "Reinit from local-active state on received rar"; } leaf reinit-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 90"; } } units "seconds"; default "10"; description "Local reinit timeout"; } leaf timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 90"; } } units "seconds"; default "90"; description "Local decision timeout"; } } // container local-decision leaf logout-response-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } units "seconds"; default "86400"; description "Logout response timeout"; } leaf max-outstanding-requests { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 40"; } } default "40"; description "Maximum number of outstanding requests"; } leaf report-local-rule { type empty; description "Report installed local rule to PCRF"; } leaf report-resource-allocation { type empty; description "Report rule installation failuresto PCRF"; } leaf report-successful-resource-allocation { type empty; description "Report rule installation successes to PCRF"; } leaf send-dyn-subscription-indicator { type empty; description "Include Juniper-Dyn-Subscription-Indidicator into ccr-i"; } leaf send-network-family-indicator { type empty; description "Include Juniper-Network-Family-Indidicator into ccr-i"; } leaf send-origin-state-id { type empty; description "Include origin-state-id avp"; } leaf subscription-id-type { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 2147483647"; } } default "4"; description "Value of subscription-id-type AVP for this PCRF partition"; } container subscription-id-data-include { description "Add subscription-id-data options"; uses apply-advanced; leaf delimiter { type string { length "1"; } description "Change delimiter/separator character"; } leaf domain-name { type string { length "1 .. 64"; } description "Domain name"; } leaf interface-name { type empty; description "Include interface-name"; } leaf vlan-tags { type empty; description "Include interface vlan tags (svlan-vlan)"; } leaf base-interface-name { type empty; description "Include base-interface-name"; } leaf mac-address { type empty; description "Include MAC address"; } leaf nas-port-id { type empty; description "Include nas-port-id"; } leaf origin-host { type empty; description "Include origin-host"; } leaf origin-realm { type empty; description "Include origin-host"; } leaf user-prefix { type string { length "1 .. 64"; } description "Add user defined prefix"; } leaf user-name { type empty; description "Include user-name"; } } // container subscription-id-data-include leaf use-session-stamp { type empty; description "Use session init timestamp as part of session-id"; } leaf update-response-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } units "seconds"; default "3600"; description "Update response timeout"; } } // list partition container global { description "PCRF global parameters"; uses apply-advanced; list rule-param { key "name"; ordered-by user; description "Charging juniper-param avp configuraion"; leaf name { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "12000 .. 12019"; } } description "Code for this juniper-param avp"; } uses apply-advanced; leaf param-name { type string { length "1 .. 255"; } description "Name associatated with this juniper-param avp"; } leaf log-name { type string { length "1 .. 255"; } description "Log-name associatated with this juniper-param avp"; } } // list rule-param } // container global } // grouping pcrf-definition grouping profile-radius-server-name-object { leaf name { type string { junos:posix-pattern "^[[:alnum:]._-]+$"; junos:pattern-message "Invalid FQDN"; length "4 .. 255"; } description "Fully qualified domain name of the RADIUS server"; } uses apply-advanced; leaf dns-query-interval { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "10 .. 1440"; } } units "minutes"; default "60"; description "Frequency of RADIUS server name resolution"; } leaf radsec-destination { junos:must "(!(".. preauthentication-order"))"; junos:must-message "RADSEC is mutually exclusive with preauthentication"; junos:must "("access radsec destination $$")"; junos:must-message "RADSEC destination must be defined"; type union { type uint32; type string { pattern "<.*>|$.*"; } } description "RADSEC destination"; } leaf port { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 65535"; } } default "1812"; description "RADIUS server authentication port number"; } leaf preauthentication-port { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 65535"; } } description "RADIUS server preauthentication port number"; } leaf dynamic-request-port { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 65535"; } } default "3799"; description "RADIUS client dynamic request port number"; } leaf secret { type jt:unreadable; description "Shared secret with the RADIUS server"; } leaf preauthentication-secret { type jt:unreadable; description "Shared secret with the RADIUS server"; } leaf timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 1000"; } } units "seconds"; default "3"; description "Request timeout period"; } leaf retry { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 100"; } } default "3"; description "Retry attempts"; } leaf accounting-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 1000"; } } units "seconds"; default "0"; description "Accounting request timeout period"; } leaf accounting-retry { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 100"; } } default "0"; description "Accounting retry attempts"; } leaf max-outstanding-requests { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 2000"; } } default "1000"; description "Maximum requests in flight to server"; } leaf source-address { type jt:ipaddr; description "Use specified address as source address"; } leaf routing-instance { junos:must "(("routing-instances $$" || any "tenants <*> routing-instances $$"))"; junos:must-message "referenced routing-instance must be defined"; type string; description "Use specified routing instance"; } } // grouping profile-radius-server-name-object grouping profile-radius-server-object { leaf name { type jt:ipaddr; description "RADIUS server address"; } uses apply-advanced; leaf port { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 65535"; } } default "1812"; description "RADIUS server authentication port number"; } leaf preauthentication-port { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 65535"; } } description "RADIUS server preauthentication port number"; } leaf dynamic-request-port { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 65535"; } } default "3799"; description "RADIUS client dynamic request port number"; } leaf secret { type jt:unreadable; description "Shared secret with the RADIUS server"; } leaf preauthentication-secret { type jt:unreadable; description "Shared secret with the RADIUS server"; } leaf timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 1000"; } } units "seconds"; default "3"; description "Request timeout period"; } leaf retry { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 100"; } } default "3"; description "Retry attempts"; } leaf accounting-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 1000"; } } units "seconds"; default "0"; description "Accounting request timeout period"; } leaf accounting-retry { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 100"; } } default "0"; description "Accounting retry attempts"; } leaf max-outstanding-requests { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 2000"; } } default "1000"; description "Maximum requests in flight to server"; } leaf source-address { type jt:ipaddr; description "Use specified address as source address"; } leaf routing-instance { junos:must "(("routing-instances $$" || any "tenants <*> routing-instances $$"))"; junos:must-message "referenced routing-instance must be defined"; type string; description "Use specified routing instance"; } leaf radsec-destination { junos:must "("access radsec destination $$")"; junos:must-message "RADSEC destination must be defined"; type union { type uint32; type string { pattern "<.*>|$.*"; } } description "RADSEC destination"; } } // grouping profile-radius-server-object grouping protocol-attribute-type { description "Protocol specific attribute configuration"; leaf name { type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]{0,62}$"; junos:pattern-message "Must be a string beginning with a number or letter and consisting of no more than 63 total letters, numbers, dashes and underscores."; length "1 .. 63"; } description "Name for this protocol attribute group"; } uses apply-advanced; container dhcp { description "DHCPv4 configurable attributes"; uses dhcp-attribute-type; } // container dhcp container dhcpv6 { description "DHCPv6 configurable attributes"; uses dhcp-attribute-type; } // container dhcpv6 } // grouping protocol-attribute-type grouping radsec-definition { description "RADSEC configuration definition"; uses apply-advanced; list destination { key "name"; max-elements 16; ordered-by user; description "RADSEC destination configuration"; leaf name { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 65535"; } } description "RADSEC destination id"; } uses apply-advanced; leaf address { type jt:ipaddr; description "Destination IP address"; } container dynamic-requests { presence "enable dynamic-requests"; description "Accept dynamic requests"; uses apply-advanced; leaf source-address { junos:must "(("access radius-server $$" || ".. .. .. radius-server $$"))"; junos:must-message "source radius-server address must be defined"; type jt:ipaddr; description "Source address for dynamic requests"; } leaf source-port { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 65535"; } } default "2083"; description "Source port for dynamic requests"; } choice source-lsri-instance { container logical-system { description "Logical system for dynamic requests"; leaf logical-system-name { junos:must "("logical-systems $$")"; junos:must-message "referenced logical system must be defined"; type string { junos:posix-pattern "^[a-zA-Z0-9_-]{1,63}$"; junos:pattern-message "Logical-system name is a string consisting of up to 63 letters, numbers, dashes and underscores"; } description "Name of logical system for dynamic requests"; } leaf routing-instance { junos:must "("logical-systems ${logical-system} routing-instances $$")"; junos:must-message "Referenced routing instance must be defined"; type union { type string { pattern "default"; } type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } } description "Routing instance for dynamic requests"; } } // container logical-system leaf routing-instance { junos:must "("routing-instances $$")"; junos:must-message "referenced routing instance must be defined"; type union { type string { pattern "default"; } type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } } description "Routing instance for dynamic requests"; } } // choice source-lsri-instance } // container dynamic-requests leaf id-reuse-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 3600"; } } default "120"; description "Radius id may be reused after this timeout"; } choice lsri-instance { container logical-system { description "Logical system to be used"; leaf logical-system-name { junos:must "("logical-systems $$")"; junos:must-message "referenced logical system must be defined"; type string { junos:posix-pattern "^[a-zA-Z0-9_-]{1,63}$"; junos:pattern-message "Logical-system name is a string consisting of up to 63 letters, numbers, dashes and underscores"; } description "Name of logical system"; } leaf routing-instance { junos:must "("logical-systems ${logical-system} routing-instances $$")"; junos:must-message "Referenced routing instance must be defined"; type union { type string { pattern "default"; } type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } } description "Routing instance to be used"; } } // container logical-system leaf routing-instance { junos:must "("routing-instances $$")"; junos:must-message "referenced routing instance must be defined"; type union { type string { pattern "default"; } type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } } description "Routing instance to be used"; } } // choice lsri-instance leaf max-tx-buffers { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "32 .. 3200"; } } default "100"; description "Maximum number of tx-buffers"; } leaf port { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 65535"; } } default "2083"; description "Desitnaion port"; } leaf source-address { type jt:ipaddr; description "Source IP address for destination"; } leaf tls-certificate { type string { length "1 .. 255"; } description "TLS certificate"; } leaf tls-force-ciphers { type enumeration { enum "medium" { value 0; description "Add medium grade ciphers"; } enum "low" { value 1; description "Add medium and low grade ciphers"; } } } leaf tls-min-version { type enumeration { enum "v1.1" { value 0; description "Require tls 1.1 and 1.2"; } enum "v1.2" { value 1; description "Require tls 1.2"; } } default "v1.2"; } leaf tls-peer-name { type string { length "1 .. 255"; } description "Expected peer fdqn"; } leaf tls-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "3 .. 90"; } } units "seconds"; default "5"; description "Limit on tls handshake time"; } } // list destination } // grouping radsec-definition grouping s6a-definition { description "S6a configuration definition"; uses apply-advanced; list partition { key "name"; max-elements 1; ordered-by user; description "S6A partition configuration"; leaf name { type string { length "1 .. 63"; } description "S6a partition name"; } uses apply-advanced; leaf destination-realm { type string { length "1 .. 255"; } description "S6A destination realm"; } leaf destination-host { type string { length "1 .. 255"; } description "S6A destination host"; } leaf diameter-instance { junos:must "("diameter origin")"; junos:must-message "Diameter origin must be defined in the [edit diameter origin] hierarchy"; type string { junos:posix-pattern "master"; junos:pattern-message "Only one diameter instance is supported"; length "1 .. 63"; } description "S6A diameter instance"; } leaf max-outstanding-requests { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1024"; } } default "40"; description "Maximum number of outstanding requests"; } leaf response-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 30"; } } units "seconds"; default "15"; description "Response timeout"; } } // list partition } // grouping s6a-definition grouping securid-server-object { leaf name { type string; description "Name of the SecurID server"; } uses apply-advanced; leaf configuration-file { type string { length "1 .. 1024"; } description "Path to the SecurID server configuration (sdconf.rec) file"; } } // grouping securid-server-object } // module junos-ex-conf-access
© 2023 YumaWorks, Inc. All rights reserved.