<?xml version="1.0" encoding="UTF-8"?>
<submodule name="ietf-snmp-tls"
xmlns="urn:ietf:params:xml:ns:yang:yin:1"
xmlns:snmp="urn:ietf:params:xml:ns:yang:ietf-snmp"
xmlns:inet="urn:ietf:params:xml:ns:yang:ietf-inet-types"
xmlns:x509c2n="urn:ietf:params:xml:ns:yang:ietf-x509-cert-to-name">
<belongs-to module="ietf-snmp">
<prefix value="snmp"/>
</belongs-to>
<import module="ietf-inet-types">
<prefix value="inet"/>
</import>
<import module="ietf-x509-cert-to-name">
<prefix value="x509c2n"/>
</import>
<include module="ietf-snmp-common"/>
<include module="ietf-snmp-engine"/>
<include module="ietf-snmp-target"/>
<organization>
<text>IETF NETMOD (NETCONF Data Modeling Language) Working Group</text>
</organization>
<contact>
<text>WG Web: <http://tools.ietf.org/wg/netmod/>
WG List: <mailto:netmod@ietf.org>
WG Chair: Thomas Nadeau
<mailto:tnadeau@lucidvision.com>
WG Chair: Juergen Schoenwaelder
<mailto:j.schoenwaelder@jacobs-university.de>
Editor: Martin Bjorklund
<mailto:mbj@tail-f.com>
Editor: Juergen Schoenwaelder
<mailto:j.schoenwaelder@jacobs-university.de></text>
</contact>
<description>
<text>This submodule contains a collection of YANG definitions for
configuring the Transport Layer Security Transport Model (TLSTM)
of SNMP.
Copyright (c) 2014 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC 7407; see
the RFC itself for full legal notices.</text>
</description>
<reference>
<text>RFC 6353: Transport Layer Security (TLS) Transport Model for
the Simple Network Management Protocol (SNMP)</text>
</reference>
<revision date="2014-12-10">
<description>
<text>Initial revision.</text>
</description>
<reference>
<text>RFC 7407: A YANG Data Model for SNMP Configuration</text>
</reference>
</revision>
<feature name="tlstm">
<description>
<text>A server implements this feature if it supports the
Transport Layer Security Transport Model for SNMP.</text>
</description>
<reference>
<text>RFC 6353: Transport Layer Security (TLS) Transport Model for
the Simple Network Management Protocol (SNMP)</text>
</reference>
</feature>
<augment target-node="/snmp:snmp/snmp:engine/snmp:listen/snmp:transport">
<if-feature name="tlstm"/>
<case name="tls">
<container name="tls">
<description>
<text>A list of IPv4 and IPv6 addresses and ports to which the
engine listens for SNMP messages over TLS.</text>
</description>
<leaf name="ip">
<type name="inet:ip-address"/>
<mandatory value="true"/>
<description>
<text>The IPv4 or IPv6 address on which the engine listens
for SNMP messages over TLS.</text>
</description>
</leaf>
<leaf name="port">
<type name="inet:port-number"/>
<description>
<text>The TCP port on which the engine listens for SNMP
messages over TLS.
If the port is not configured, an engine that
acts as a Command Responder uses port 10161, and
an engine that acts as a Notification Receiver
uses port 10162.</text>
</description>
</leaf>
</container>
</case>
<case name="dtls">
<container name="dtls">
<description>
<text>A list of IPv4 and IPv6 addresses and ports to which the
engine listens for SNMP messages over DTLS.</text>
</description>
<leaf name="ip">
<type name="inet:ip-address"/>
<mandatory value="true"/>
<description>
<text>The IPv4 or IPv6 address on which the engine listens
for SNMP messages over DTLS.</text>
</description>
</leaf>
<leaf name="port">
<type name="inet:port-number"/>
<description>
<text>The UDP port on which the engine listens for SNMP
messages over DTLS.
If the port is not configured, an engine that
acts as a Command Responder uses port 10161, and
an engine that acts as a Notification Receiver
uses port 10162.</text>
</description>
</leaf>
</container>
</case>
</augment>
<augment target-node="/snmp:snmp">
<if-feature name="tlstm"/>
<container name="tlstm">
<uses name="x509c2n:cert-to-name">
<description>
<text>Defines how certificates are mapped to names. The
resulting name is used as a security name.</text>
</description>
<refine target-node="cert-to-name/map-type">
<description>
<text>Mappings that use the snmpTlstmCertToTSNData column
need to augment the cert-to-name list with
additional configuration objects corresponding
to the snmpTlstmCertToTSNData value. Such objects
should use the 'when' statement to make them
conditional based on the map-type.</text>
</description>
</refine>
</uses>
</container>
</augment>
<grouping name="tls-transport">
<leaf name="ip">
<type name="inet:host"/>
<mandatory value="true"/>
<reference>
<text>RFC 3413: Simple Network Management Protocol (SNMP).
Applications.
SNMP-TARGET-MIB.snmpTargetAddrTAddress
RFC 6353: Transport Layer Security (TLS) Transport Model
for the Simple Network Management Protocol (SNMP).
SNMP-TLS-TM-MIB.SnmpTLSAddress</text>
</reference>
</leaf>
<leaf name="port">
<type name="inet:port-number"/>
<default value="10161"/>
<reference>
<text>RFC 3413: Simple Network Management Protocol (SNMP).
Applications.
SNMP-TARGET-MIB.snmpTargetAddrTAddress
RFC 6353: Transport Layer Security (TLS) Transport Model
for the Simple Network Management Protocol (SNMP).
SNMP-TLS-TM-MIB.SnmpTLSAddress</text>
</reference>
</leaf>
<leaf name="client-fingerprint">
<type name="x509c2n:tls-fingerprint"/>
<reference>
<text>RFC 6353: Transport Layer Security (TLS) Transport Model
for the Simple Network Management Protocol (SNMP).
SNMP-TLS-TM-MIB.snmpTlstmParamsClientFingerprint</text>
</reference>
</leaf>
<leaf name="server-fingerprint">
<type name="x509c2n:tls-fingerprint"/>
<reference>
<text>RFC 6353: Transport Layer Security (TLS) Transport Model
for the Simple Network Management Protocol (SNMP).
SNMP-TLS-TM-MIB.snmpTlstmAddrServerFingerprint</text>
</reference>
</leaf>
<leaf name="server-identity">
<type name="snmp:admin-string"/>
<reference>
<text>RFC 6353: Transport Layer Security (TLS) Transport Model
for the Simple Network Management Protocol (SNMP).
SNMP-TLS-TM-MIB.snmpTlstmAddrServerIdentity</text>
</reference>
</leaf>
</grouping>
<augment target-node="/snmp:snmp/snmp:target/snmp:transport">
<if-feature name="tlstm"/>
<case name="tls">
<reference>
<text>RFC 6353: Transport Layer Security (TLS) Transport Model
for the Simple Network Management Protocol (SNMP).
SNMP-TLS-TM-MIB.snmpTLSTCPDomain</text>
</reference>
<container name="tls">
<uses name="tls-transport"/>
</container>
</case>
</augment>
<augment target-node="/snmp:snmp/snmp:target/snmp:transport">
<if-feature name="tlstm"/>
<case name="dtls">
<reference>
<text>RFC 6353: Transport Layer Security (TLS) Transport Model
for the Simple Network Management Protocol (SNMP).
SNMP-TLS-TM-MIB.snmpDTLSUDPDomain</text>
</reference>
<container name="dtls">
<uses name="tls-transport"/>
</container>
</case>
</augment>
</submodule>