|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
xmlns="urn:ietf:params:xml:ns:yang:yin:1"
|
|
Packit |
8fb591 |
xmlns:snmp="urn:ietf:params:xml:ns:yang:ietf-snmp"
|
|
Packit |
8fb591 |
xmlns:inet="urn:ietf:params:xml:ns:yang:ietf-inet-types"
|
|
Packit |
8fb591 |
xmlns:x509c2n="urn:ietf:params:xml:ns:yang:ietf-x509-cert-to-name">
|
|
Packit |
8fb591 |
<belongs-to module="ietf-snmp">
|
|
Packit |
8fb591 |
<prefix value="snmp"/>
|
|
Packit |
8fb591 |
</belongs-to>
|
|
Packit |
8fb591 |
<import module="ietf-inet-types">
|
|
Packit |
8fb591 |
<prefix value="inet"/>
|
|
Packit |
8fb591 |
</import>
|
|
Packit |
8fb591 |
<import module="ietf-x509-cert-to-name">
|
|
Packit |
8fb591 |
<prefix value="x509c2n"/>
|
|
Packit |
8fb591 |
</import>
|
|
Packit |
8fb591 |
<include module="ietf-snmp-common"/>
|
|
Packit |
8fb591 |
<include module="ietf-snmp-engine"/>
|
|
Packit |
8fb591 |
<include module="ietf-snmp-target"/>
|
|
Packit |
8fb591 |
<organization>
|
|
Packit |
8fb591 |
<text>IETF NETMOD (NETCONF Data Modeling Language) Working Group</text>
|
|
Packit |
8fb591 |
</organization>
|
|
Packit |
8fb591 |
<contact>
|
|
Packit |
8fb591 |
<text>WG Web: <http://tools.ietf.org/wg/netmod/>
|
|
Packit |
8fb591 |
WG List: <mailto:netmod@ietf.org>
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
WG Chair: Thomas Nadeau
|
|
Packit |
8fb591 |
<mailto:tnadeau@lucidvision.com>
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
WG Chair: Juergen Schoenwaelder
|
|
Packit |
8fb591 |
<mailto:j.schoenwaelder@jacobs-university.de>
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
Editor: Martin Bjorklund
|
|
Packit |
8fb591 |
<mailto:mbj@tail-f.com>
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
Editor: Juergen Schoenwaelder
|
|
Packit |
8fb591 |
<mailto:j.schoenwaelder@jacobs-university.de></text>
|
|
Packit |
8fb591 |
</contact>
|
|
Packit |
8fb591 |
<description>
|
|
Packit |
8fb591 |
<text>This submodule contains a collection of YANG definitions for
|
|
Packit |
8fb591 |
configuring the Transport Layer Security Transport Model (TLSTM)
|
|
Packit |
8fb591 |
of SNMP.
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
Copyright (c) 2014 IETF Trust and the persons identified as
|
|
Packit |
8fb591 |
authors of the code. All rights reserved.
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
Redistribution and use in source and binary forms, with or
|
|
Packit |
8fb591 |
without modification, is permitted pursuant to, and subject
|
|
Packit |
8fb591 |
to the license terms contained in, the Simplified BSD License
|
|
Packit |
8fb591 |
set forth in Section 4.c of the IETF Trust's Legal Provisions
|
|
Packit |
8fb591 |
Relating to IETF Documents
|
|
Packit |
8fb591 |
(http://trustee.ietf.org/license-info).
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
This version of this YANG module is part of RFC 7407; see
|
|
Packit |
8fb591 |
the RFC itself for full legal notices.</text>
|
|
Packit |
8fb591 |
</description>
|
|
Packit |
8fb591 |
<reference>
|
|
Packit |
8fb591 |
<text>RFC 6353: Transport Layer Security (TLS) Transport Model for
|
|
Packit |
8fb591 |
the Simple Network Management Protocol (SNMP)</text>
|
|
Packit |
8fb591 |
</reference>
|
|
Packit |
8fb591 |
<revision date="2014-12-10">
|
|
Packit |
8fb591 |
<description>
|
|
Packit |
8fb591 |
<text>Initial revision.</text>
|
|
Packit |
8fb591 |
</description>
|
|
Packit |
8fb591 |
<reference>
|
|
Packit |
8fb591 |
<text>RFC 7407: A YANG Data Model for SNMP Configuration</text>
|
|
Packit |
8fb591 |
</reference>
|
|
Packit |
8fb591 |
</revision>
|
|
Packit |
8fb591 |
<feature name="tlstm">
|
|
Packit |
8fb591 |
<description>
|
|
Packit |
8fb591 |
<text>A server implements this feature if it supports the
|
|
Packit |
8fb591 |
Transport Layer Security Transport Model for SNMP.</text>
|
|
Packit |
8fb591 |
</description>
|
|
Packit |
8fb591 |
<reference>
|
|
Packit |
8fb591 |
<text>RFC 6353: Transport Layer Security (TLS) Transport Model for
|
|
Packit |
8fb591 |
the Simple Network Management Protocol (SNMP)</text>
|
|
Packit |
8fb591 |
</reference>
|
|
Packit |
8fb591 |
</feature>
|
|
Packit |
8fb591 |
<augment target-node="/snmp:snmp/snmp:engine/snmp:listen/snmp:transport">
|
|
Packit |
8fb591 |
<if-feature name="tlstm"/>
|
|
Packit |
8fb591 |
<case name="tls">
|
|
Packit |
8fb591 |
<container name="tls">
|
|
Packit |
8fb591 |
<description>
|
|
Packit |
8fb591 |
<text>A list of IPv4 and IPv6 addresses and ports to which the
|
|
Packit |
8fb591 |
engine listens for SNMP messages over TLS.</text>
|
|
Packit |
8fb591 |
</description>
|
|
Packit |
8fb591 |
<leaf name="ip">
|
|
Packit |
8fb591 |
<type name="inet:ip-address"/>
|
|
Packit |
8fb591 |
<mandatory value="true"/>
|
|
Packit |
8fb591 |
<description>
|
|
Packit |
8fb591 |
<text>The IPv4 or IPv6 address on which the engine listens
|
|
Packit |
8fb591 |
for SNMP messages over TLS.</text>
|
|
Packit |
8fb591 |
</description>
|
|
Packit |
8fb591 |
</leaf>
|
|
Packit |
8fb591 |
<leaf name="port">
|
|
Packit |
8fb591 |
<type name="inet:port-number"/>
|
|
Packit |
8fb591 |
<description>
|
|
Packit |
8fb591 |
<text>The TCP port on which the engine listens for SNMP
|
|
Packit |
8fb591 |
messages over TLS.
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
If the port is not configured, an engine that
|
|
Packit |
8fb591 |
acts as a Command Responder uses port 10161, and
|
|
Packit |
8fb591 |
an engine that acts as a Notification Receiver
|
|
Packit |
8fb591 |
uses port 10162.</text>
|
|
Packit |
8fb591 |
</description>
|
|
Packit |
8fb591 |
</leaf>
|
|
Packit |
8fb591 |
</container>
|
|
Packit |
8fb591 |
</case>
|
|
Packit |
8fb591 |
<case name="dtls">
|
|
Packit |
8fb591 |
<container name="dtls">
|
|
Packit |
8fb591 |
<description>
|
|
Packit |
8fb591 |
<text>A list of IPv4 and IPv6 addresses and ports to which the
|
|
Packit |
8fb591 |
engine listens for SNMP messages over DTLS.</text>
|
|
Packit |
8fb591 |
</description>
|
|
Packit |
8fb591 |
<leaf name="ip">
|
|
Packit |
8fb591 |
<type name="inet:ip-address"/>
|
|
Packit |
8fb591 |
<mandatory value="true"/>
|
|
Packit |
8fb591 |
<description>
|
|
Packit |
8fb591 |
<text>The IPv4 or IPv6 address on which the engine listens
|
|
Packit |
8fb591 |
for SNMP messages over DTLS.</text>
|
|
Packit |
8fb591 |
</description>
|
|
Packit |
8fb591 |
</leaf>
|
|
Packit |
8fb591 |
<leaf name="port">
|
|
Packit |
8fb591 |
<type name="inet:port-number"/>
|
|
Packit |
8fb591 |
<description>
|
|
Packit |
8fb591 |
<text>The UDP port on which the engine listens for SNMP
|
|
Packit |
8fb591 |
messages over DTLS.
|
|
Packit |
8fb591 |
|
|
Packit |
8fb591 |
If the port is not configured, an engine that
|
|
Packit |
8fb591 |
acts as a Command Responder uses port 10161, and
|
|
Packit |
8fb591 |
an engine that acts as a Notification Receiver
|
|
Packit |
8fb591 |
uses port 10162.</text>
|
|
Packit |
8fb591 |
</description>
|
|
Packit |
8fb591 |
</leaf>
|
|
Packit |
8fb591 |
</container>
|
|
Packit |
8fb591 |
</case>
|
|
Packit |
8fb591 |
</augment>
|
|
Packit |
8fb591 |
<augment target-node="/snmp:snmp">
|
|
Packit |
8fb591 |
<if-feature name="tlstm"/>
|
|
Packit |
8fb591 |
<container name="tlstm">
|
|
Packit |
8fb591 |
<uses name="x509c2n:cert-to-name">
|
|
Packit |
8fb591 |
<description>
|
|
Packit |
8fb591 |
<text>Defines how certificates are mapped to names. The
|
|
Packit |
8fb591 |
resulting name is used as a security name.</text>
|
|
Packit |
8fb591 |
</description>
|
|
Packit |
8fb591 |
<refine target-node="cert-to-name/map-type">
|
|
Packit |
8fb591 |
<description>
|
|
Packit |
8fb591 |
<text>Mappings that use the snmpTlstmCertToTSNData column
|
|
Packit |
8fb591 |
need to augment the cert-to-name list with
|
|
Packit |
8fb591 |
additional configuration objects corresponding
|
|
Packit |
8fb591 |
to the snmpTlstmCertToTSNData value. Such objects
|
|
Packit |
8fb591 |
should use the 'when' statement to make them
|
|
Packit |
8fb591 |
conditional based on the map-type.</text>
|
|
Packit |
8fb591 |
</description>
|
|
Packit |
8fb591 |
</refine>
|
|
Packit |
8fb591 |
</uses>
|
|
Packit |
8fb591 |
</container>
|
|
Packit |
8fb591 |
</augment>
|
|
Packit |
8fb591 |
<grouping name="tls-transport">
|
|
Packit |
8fb591 |
<leaf name="ip">
|
|
Packit |
8fb591 |
<type name="inet:host"/>
|
|
Packit |
8fb591 |
<mandatory value="true"/>
|
|
Packit |
8fb591 |
<reference>
|
|
Packit |
8fb591 |
<text>RFC 3413: Simple Network Management Protocol (SNMP).
|
|
Packit |
8fb591 |
Applications.
|
|
Packit |
8fb591 |
SNMP-TARGET-MIB.snmpTargetAddrTAddress
|
|
Packit |
8fb591 |
RFC 6353: Transport Layer Security (TLS) Transport Model
|
|
Packit |
8fb591 |
for the Simple Network Management Protocol (SNMP).
|
|
Packit |
8fb591 |
SNMP-TLS-TM-MIB.SnmpTLSAddress</text>
|
|
Packit |
8fb591 |
</reference>
|
|
Packit |
8fb591 |
</leaf>
|
|
Packit |
8fb591 |
<leaf name="port">
|
|
Packit |
8fb591 |
<type name="inet:port-number"/>
|
|
Packit |
8fb591 |
<default value="10161"/>
|
|
Packit |
8fb591 |
<reference>
|
|
Packit |
8fb591 |
<text>RFC 3413: Simple Network Management Protocol (SNMP).
|
|
Packit |
8fb591 |
Applications.
|
|
Packit |
8fb591 |
SNMP-TARGET-MIB.snmpTargetAddrTAddress
|
|
Packit |
8fb591 |
RFC 6353: Transport Layer Security (TLS) Transport Model
|
|
Packit |
8fb591 |
for the Simple Network Management Protocol (SNMP).
|
|
Packit |
8fb591 |
SNMP-TLS-TM-MIB.SnmpTLSAddress</text>
|
|
Packit |
8fb591 |
</reference>
|
|
Packit |
8fb591 |
</leaf>
|
|
Packit |
8fb591 |
<leaf name="client-fingerprint">
|
|
Packit |
8fb591 |
<type name="x509c2n:tls-fingerprint"/>
|
|
Packit |
8fb591 |
<reference>
|
|
Packit |
8fb591 |
<text>RFC 6353: Transport Layer Security (TLS) Transport Model
|
|
Packit |
8fb591 |
for the Simple Network Management Protocol (SNMP).
|
|
Packit |
8fb591 |
SNMP-TLS-TM-MIB.snmpTlstmParamsClientFingerprint</text>
|
|
Packit |
8fb591 |
</reference>
|
|
Packit |
8fb591 |
</leaf>
|
|
Packit |
8fb591 |
<leaf name="server-fingerprint">
|
|
Packit |
8fb591 |
<type name="x509c2n:tls-fingerprint"/>
|
|
Packit |
8fb591 |
<reference>
|
|
Packit |
8fb591 |
<text>RFC 6353: Transport Layer Security (TLS) Transport Model
|
|
Packit |
8fb591 |
for the Simple Network Management Protocol (SNMP).
|
|
Packit |
8fb591 |
SNMP-TLS-TM-MIB.snmpTlstmAddrServerFingerprint</text>
|
|
Packit |
8fb591 |
</reference>
|
|
Packit |
8fb591 |
</leaf>
|
|
Packit |
8fb591 |
<leaf name="server-identity">
|
|
Packit |
8fb591 |
<type name="snmp:admin-string"/>
|
|
Packit |
8fb591 |
<reference>
|
|
Packit |
8fb591 |
<text>RFC 6353: Transport Layer Security (TLS) Transport Model
|
|
Packit |
8fb591 |
for the Simple Network Management Protocol (SNMP).
|
|
Packit |
8fb591 |
SNMP-TLS-TM-MIB.snmpTlstmAddrServerIdentity</text>
|
|
Packit |
8fb591 |
</reference>
|
|
Packit |
8fb591 |
</leaf>
|
|
Packit |
8fb591 |
</grouping>
|
|
Packit |
8fb591 |
<augment target-node="/snmp:snmp/snmp:target/snmp:transport">
|
|
Packit |
8fb591 |
<if-feature name="tlstm"/>
|
|
Packit |
8fb591 |
<case name="tls">
|
|
Packit |
8fb591 |
<reference>
|
|
Packit |
8fb591 |
<text>RFC 6353: Transport Layer Security (TLS) Transport Model
|
|
Packit |
8fb591 |
for the Simple Network Management Protocol (SNMP).
|
|
Packit |
8fb591 |
SNMP-TLS-TM-MIB.snmpTLSTCPDomain</text>
|
|
Packit |
8fb591 |
</reference>
|
|
Packit |
8fb591 |
<container name="tls">
|
|
Packit |
8fb591 |
<uses name="tls-transport"/>
|
|
Packit |
8fb591 |
</container>
|
|
Packit |
8fb591 |
</case>
|
|
Packit |
8fb591 |
</augment>
|
|
Packit |
8fb591 |
<augment target-node="/snmp:snmp/snmp:target/snmp:transport">
|
|
Packit |
8fb591 |
<if-feature name="tlstm"/>
|
|
Packit |
8fb591 |
<case name="dtls">
|
|
Packit |
8fb591 |
<reference>
|
|
Packit |
8fb591 |
<text>RFC 6353: Transport Layer Security (TLS) Transport Model
|
|
Packit |
8fb591 |
for the Simple Network Management Protocol (SNMP).
|
|
Packit |
8fb591 |
SNMP-TLS-TM-MIB.snmpDTLSUDPDomain</text>
|
|
Packit |
8fb591 |
</reference>
|
|
Packit |
8fb591 |
<container name="dtls">
|
|
Packit |
8fb591 |
<uses name="tls-transport"/>
|
|
Packit |
8fb591 |
</container>
|
|
Packit |
8fb591 |
</case>
|
|
Packit |
8fb591 |
</augment>
|
|
Packit |
8fb591 |
</submodule>
|