|
Packit |
8fb591 |
submodule ietf-snmp-tls {
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
belongs-to ietf-snmp {
|
|
Packit |
8fb591 |
prefix snmp;
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
import ietf-inet-types {
|
|
Packit |
8fb591 |
prefix inet;
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
import ietf-x509-cert-to-name {
|
|
Packit |
8fb591 |
prefix x509c2n;
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
include ietf-snmp-common;
|
|
Packit |
8fb591 |
include ietf-snmp-engine;
|
|
Packit |
8fb591 |
include ietf-snmp-target;
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
organization
|
|
Packit |
8fb591 |
"IETF NETMOD (NETCONF Data Modeling Language) Working Group";
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
contact
|
|
Packit |
8fb591 |
"WG Web: <http://tools.ietf.org/wg/netmod/>
|
|
Packit |
8fb591 |
WG List: <mailto:netmod@ietf.org>
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
WG Chair: Thomas Nadeau
|
|
Packit |
8fb591 |
<mailto:tnadeau@lucidvision.com>
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
WG Chair: Juergen Schoenwaelder
|
|
Packit |
8fb591 |
<mailto:j.schoenwaelder@jacobs-university.de>
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
Editor: Martin Bjorklund
|
|
Packit |
8fb591 |
<mailto:mbj@tail-f.com>
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
Editor: Juergen Schoenwaelder
|
|
Packit |
8fb591 |
<mailto:j.schoenwaelder@jacobs-university.de>";
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
description
|
|
Packit |
8fb591 |
"This submodule contains a collection of YANG definitions for
|
|
Packit |
8fb591 |
configuring the Transport Layer Security Transport Model (TLSTM)
|
|
Packit |
8fb591 |
of SNMP.
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
Copyright (c) 2014 IETF Trust and the persons identified as
|
|
Packit |
8fb591 |
authors of the code. All rights reserved.
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
Redistribution and use in source and binary forms, with or
|
|
Packit |
8fb591 |
without modification, is permitted pursuant to, and subject
|
|
Packit |
8fb591 |
to the license terms contained in, the Simplified BSD License
|
|
Packit |
8fb591 |
set forth in Section 4.c of the IETF Trust's Legal Provisions
|
|
Packit |
8fb591 |
Relating to IETF Documents
|
|
Packit |
8fb591 |
(http://trustee.ietf.org/license-info).
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
This version of this YANG module is part of RFC 7407; see
|
|
Packit |
8fb591 |
the RFC itself for full legal notices.";
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
reference
|
|
Packit |
8fb591 |
"RFC 6353: Transport Layer Security (TLS) Transport Model for
|
|
Packit |
8fb591 |
the Simple Network Management Protocol (SNMP)";
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
revision 2014-12-10 {
|
|
Packit |
8fb591 |
description
|
|
Packit |
8fb591 |
"Initial revision.";
|
|
Packit |
8fb591 |
reference
|
|
Packit |
8fb591 |
"RFC 7407: A YANG Data Model for SNMP Configuration";
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
feature tlstm {
|
|
Packit |
8fb591 |
description
|
|
Packit |
8fb591 |
"A server implements this feature if it supports the
|
|
Packit |
8fb591 |
Transport Layer Security Transport Model for SNMP.";
|
|
Packit |
8fb591 |
reference
|
|
Packit |
8fb591 |
"RFC 6353: Transport Layer Security (TLS) Transport Model for
|
|
Packit |
8fb591 |
the Simple Network Management Protocol (SNMP)";
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
augment /snmp:snmp/snmp:engine/snmp:listen/snmp:transport {
|
|
Packit |
8fb591 |
if-feature tlstm;
|
|
Packit |
8fb591 |
case tls {
|
|
Packit |
8fb591 |
container tls {
|
|
Packit |
8fb591 |
description
|
|
Packit |
8fb591 |
"A list of IPv4 and IPv6 addresses and ports to which the
|
|
Packit |
8fb591 |
engine listens for SNMP messages over TLS.";
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
leaf ip {
|
|
Packit |
8fb591 |
type inet:ip-address;
|
|
Packit |
8fb591 |
mandatory true;
|
|
Packit |
8fb591 |
description
|
|
Packit |
8fb591 |
"The IPv4 or IPv6 address on which the engine listens
|
|
Packit |
8fb591 |
for SNMP messages over TLS.";
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
leaf port {
|
|
Packit |
8fb591 |
type inet:port-number;
|
|
Packit |
8fb591 |
description
|
|
Packit |
8fb591 |
"The TCP port on which the engine listens for SNMP
|
|
Packit |
8fb591 |
messages over TLS.
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
If the port is not configured, an engine that
|
|
Packit |
8fb591 |
acts as a Command Responder uses port 10161, and
|
|
Packit |
8fb591 |
an engine that acts as a Notification Receiver
|
|
Packit |
8fb591 |
uses port 10162.";
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
case dtls {
|
|
Packit |
8fb591 |
container dtls {
|
|
Packit |
8fb591 |
description
|
|
Packit |
8fb591 |
"A list of IPv4 and IPv6 addresses and ports to which the
|
|
Packit |
8fb591 |
engine listens for SNMP messages over DTLS.";
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
leaf ip {
|
|
Packit |
8fb591 |
type inet:ip-address;
|
|
Packit |
8fb591 |
mandatory true;
|
|
Packit |
8fb591 |
description
|
|
Packit |
8fb591 |
"The IPv4 or IPv6 address on which the engine listens
|
|
Packit |
8fb591 |
for SNMP messages over DTLS.";
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
leaf port {
|
|
Packit |
8fb591 |
type inet:port-number;
|
|
Packit |
8fb591 |
description
|
|
Packit |
8fb591 |
"The UDP port on which the engine listens for SNMP
|
|
Packit |
8fb591 |
messages over DTLS.
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
If the port is not configured, an engine that
|
|
Packit |
8fb591 |
acts as a Command Responder uses port 10161, and
|
|
Packit |
8fb591 |
an engine that acts as a Notification Receiver
|
|
Packit |
8fb591 |
uses port 10162.";
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
augment /snmp:snmp {
|
|
Packit |
8fb591 |
if-feature tlstm;
|
|
Packit |
8fb591 |
container tlstm {
|
|
Packit |
8fb591 |
uses x509c2n:cert-to-name {
|
|
Packit |
8fb591 |
description
|
|
Packit |
8fb591 |
"Defines how certificates are mapped to names. The
|
|
Packit |
8fb591 |
resulting name is used as a security name.";
|
|
Packit |
8fb591 |
refine cert-to-name/map-type {
|
|
Packit |
8fb591 |
description
|
|
Packit |
8fb591 |
"Mappings that use the snmpTlstmCertToTSNData column
|
|
Packit |
8fb591 |
need to augment the cert-to-name list with
|
|
Packit |
8fb591 |
additional configuration objects corresponding
|
|
Packit |
8fb591 |
to the snmpTlstmCertToTSNData value. Such objects
|
|
Packit |
8fb591 |
should use the 'when' statement to make them
|
|
Packit |
8fb591 |
conditional based on the map-type.";
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
grouping tls-transport {
|
|
Packit |
8fb591 |
leaf ip {
|
|
Packit |
8fb591 |
type inet:host;
|
|
Packit |
8fb591 |
mandatory true;
|
|
Packit |
8fb591 |
reference
|
|
Packit |
8fb591 |
"RFC 3413: Simple Network Management Protocol (SNMP).
|
|
Packit |
8fb591 |
Applications.
|
|
Packit |
8fb591 |
SNMP-TARGET-MIB.snmpTargetAddrTAddress
|
|
Packit |
8fb591 |
RFC 6353: Transport Layer Security (TLS) Transport Model
|
|
Packit |
8fb591 |
for the Simple Network Management Protocol (SNMP).
|
|
Packit |
8fb591 |
SNMP-TLS-TM-MIB.SnmpTLSAddress";
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
leaf port {
|
|
Packit |
8fb591 |
type inet:port-number;
|
|
Packit |
8fb591 |
default 10161;
|
|
Packit |
8fb591 |
reference
|
|
Packit |
8fb591 |
"RFC 3413: Simple Network Management Protocol (SNMP).
|
|
Packit |
8fb591 |
Applications.
|
|
Packit |
8fb591 |
SNMP-TARGET-MIB.snmpTargetAddrTAddress
|
|
Packit |
8fb591 |
RFC 6353: Transport Layer Security (TLS) Transport Model
|
|
Packit |
8fb591 |
for the Simple Network Management Protocol (SNMP).
|
|
Packit |
8fb591 |
SNMP-TLS-TM-MIB.SnmpTLSAddress";
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
leaf client-fingerprint {
|
|
Packit |
8fb591 |
type x509c2n:tls-fingerprint;
|
|
Packit |
8fb591 |
reference
|
|
Packit |
8fb591 |
"RFC 6353: Transport Layer Security (TLS) Transport Model
|
|
Packit |
8fb591 |
for the Simple Network Management Protocol (SNMP).
|
|
Packit |
8fb591 |
SNMP-TLS-TM-MIB.snmpTlstmParamsClientFingerprint";
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
leaf server-fingerprint {
|
|
Packit |
8fb591 |
type x509c2n:tls-fingerprint;
|
|
Packit |
8fb591 |
reference
|
|
Packit |
8fb591 |
"RFC 6353: Transport Layer Security (TLS) Transport Model
|
|
Packit |
8fb591 |
for the Simple Network Management Protocol (SNMP).
|
|
Packit |
8fb591 |
SNMP-TLS-TM-MIB.snmpTlstmAddrServerFingerprint";
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
leaf server-identity {
|
|
Packit |
8fb591 |
type snmp:admin-string;
|
|
Packit |
8fb591 |
reference
|
|
Packit |
8fb591 |
"RFC 6353: Transport Layer Security (TLS) Transport Model
|
|
Packit |
8fb591 |
for the Simple Network Management Protocol (SNMP).
|
|
Packit |
8fb591 |
SNMP-TLS-TM-MIB.snmpTlstmAddrServerIdentity";
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
augment /snmp:snmp/snmp:target/snmp:transport {
|
|
Packit |
8fb591 |
if-feature tlstm;
|
|
Packit |
8fb591 |
case tls {
|
|
Packit |
8fb591 |
reference
|
|
Packit |
8fb591 |
"RFC 6353: Transport Layer Security (TLS) Transport Model
|
|
Packit |
8fb591 |
for the Simple Network Management Protocol (SNMP).
|
|
Packit |
8fb591 |
SNMP-TLS-TM-MIB.snmpTLSTCPDomain";
|
|
Packit |
8fb591 |
container tls {
|
|
Packit |
8fb591 |
uses tls-transport;
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
augment /snmp:snmp/snmp:target/snmp:transport {
|
|
Packit |
8fb591 |
if-feature tlstm;
|
|
Packit |
8fb591 |
case dtls {
|
|
Packit |
8fb591 |
reference
|
|
Packit |
8fb591 |
"RFC 6353: Transport Layer Security (TLS) Transport Model
|
|
Packit |
8fb591 |
for the Simple Network Management Protocol (SNMP).
|
|
Packit |
8fb591 |
SNMP-TLS-TM-MIB.snmpDTLSUDPDomain";
|
|
Packit |
8fb591 |
container dtls {
|
|
Packit |
8fb591 |
uses tls-transport;
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
}
|
|
Packit |
8fb591 |
}
|