RFC 7407
A YANG Data Model for SNMP Configuration
4.7. Submodule 'ietf-snmp-proxy'
<CODE BEGINS> file "ietf-snmp-proxy.yang" submodule ietf-snmp-proxy { belongs-to ietf-snmp { prefix snmp; } include ietf-snmp-common; include ietf-snmp-target; organization "IETF NETMOD (NETCONF Data Modeling Language) Working Group"; contact "WG Web: <http://tools.ietf.org/wg/netmod/> WG List: <mailto:netmod@ietf.org> WG Chair: Thomas Nadeau <mailto:tnadeau@lucidvision.com> WG Chair: Juergen Schoenwaelder <mailto:j.schoenwaelder@jacobs-university.de> Editor: Martin Bjorklund <mailto:mbj@tail-f.com> Editor: Juergen Schoenwaelder <mailto:j.schoenwaelder@jacobs-university.de>"; description "This submodule contains a collection of YANG definitions for configuring SNMP proxies. Copyright (c) 2014 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). This version of this YANG module is part of RFC 7407; see the RFC itself for full legal notices.";
reference
"RFC 3413: Simple Network Management Protocol (SNMP)
Applications";
revision 2014-12-10 {
description
"Initial revision.";
reference
"RFC 7407: A YANG Data Model for SNMP Configuration";
}
feature proxy {
description
"A server implements this feature if it can act as an
SNMP proxy.";
reference
"RFC 3413: Simple Network Management Protocol (SNMP)
Applications";
}
augment /snmp:snmp {
if-feature snmp:proxy;
list proxy {
key name;
description
"List of proxy parameters.";
reference
"RFC 3413: Simple Network Management Protocol (SNMP).
Applications.
SNMP-PROXY-MIB.snmpProxyTable";
leaf name {
type snmp:identifier;
description
"Identifies the proxy parameter entry.";
reference
"RFC 3413: Simple Network Management Protocol (SNMP).
Applications.
SNMP-PROXY-MIB.snmpProxyName";
}
leaf type {
type enumeration {
enum read { value 1; }
enum write { value 2; }
enum trap { value 3; }
enum inform { value 4; }
}
mandatory true;
reference
"RFC 3413: Simple Network Management Protocol (SNMP).
Applications.
SNMP-PROXY-MIB.snmpProxyType";
}
leaf context-engine-id {
type snmp:engine-id;
mandatory true;
reference
"RFC 3413: Simple Network Management Protocol (SNMP).
Applications.
SNMP-PROXY-MIB.snmpProxyContextEngineID";
}
leaf context-name {
type snmp:context-name;
reference
"RFC 3413: Simple Network Management Protocol (SNMP).
Applications.
SNMP-PROXY-MIB.snmpProxyContextName";
}
leaf target-params-in {
type snmp:identifier;
description
"The name of a target parameters list entry.
Implementations MAY restrict the values of this
leaf to be one of the available values of
/snmp/target-params/name in a valid configuration.";
reference
"RFC 3413: Simple Network Management Protocol (SNMP).
Applications.
SNMP-PROXY-MIB.snmpProxyTargetParamsIn";
}
leaf single-target-out {
when "../type = 'read' or ../type = 'write'";
type snmp:identifier;
description
"Implementations MAY restrict the values of this leaf
to be one of the available values of /snmp/target/name in
a valid configuration.";
reference
"RFC 3413: Simple Network Management Protocol (SNMP).
Applications.
SNMP-PROXY-MIB.snmpProxySingleTargetOut";
}
leaf multiple-target-out {
when "../type = 'trap' or ../type = 'inform'";
type snmp:tag-value;
description
"Implementations MAY restrict the values of this leaf
to be one of the available values of /snmp/target/tag in
a valid configuration.";
reference
"RFC 3413: Simple Network Management Protocol (SNMP).
Applications.
SNMP-PROXY-MIB.snmpProxyMultipleTargetOut";
}
}
}
}
<CODE ENDS>
4.8. Submodule 'ietf-snmp-community'
<CODE BEGINS> file "ietf-snmp-community.yang"
submodule ietf-snmp-community {
belongs-to ietf-snmp {
prefix snmp;
}
import ietf-netconf-acm {
prefix nacm;
}
include ietf-snmp-common;
include ietf-snmp-target;
include ietf-snmp-proxy;
organization
"IETF NETMOD (NETCONF Data Modeling Language) Working Group";
contact
"WG Web: <http://tools.ietf.org/wg/netmod/>
WG List: <mailto:netmod@ietf.org>
WG Chair: Thomas Nadeau
<mailto:tnadeau@lucidvision.com>
WG Chair: Juergen Schoenwaelder
<mailto:j.schoenwaelder@jacobs-university.de>
Editor: Martin Bjorklund
<mailto:mbj@tail-f.com>
Editor: Juergen Schoenwaelder
<mailto:j.schoenwaelder@jacobs-university.de>";
description
"This submodule contains a collection of YANG definitions
for configuring community-based SNMP.
Copyright (c) 2014 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC 7407; see
the RFC itself for full legal notices.";
reference
"RFC 3584: Coexistence between Version 1, Version 2, and
Version 3 of the Internet-standard Network
Management Framework";
revision 2014-12-10 {
description
"Initial revision.";
reference
"RFC 7407: A YANG Data Model for SNMP Configuration";
}
augment /snmp:snmp {
list community {
key index;
description
"List of communities.";
reference
"RFC 3584: Coexistence between Version 1, Version 2,
and Version 3 of the Internet-standard
Network Management Framework.
SNMP-COMMUNITY-MIB.snmpCommunityTable";
leaf index {
type snmp:identifier;
description
"Index into the community list.";
reference
"RFC 3584: Coexistence between Version 1, Version 2,
and Version 3 of the Internet-standard
Network Management Framework.
SNMP-COMMUNITY-MIB.snmpCommunityIndex";
}
choice name {
nacm:default-deny-all;
description
"The community name, specified as either a string or
a binary value. The binary name is used when the
community name contains characters that are not legal
in a string.
If not set, the value of 'security-name' is operationally
used as the snmpCommunityName.";
reference
"RFC 3584: Coexistence between Version 1, Version 2,
and Version 3 of the Internet-standard
Network Management Framework.
SNMP-COMMUNITY-MIB.snmpCommunityName";
leaf text-name {
type string;
description
"A community name that can be represented as a
YANG string.";
}
leaf binary-name {
type binary;
description
"A community name represented as a binary value.";
}
}
leaf security-name {
type snmp:security-name;
mandatory true;
nacm:default-deny-all;
description
"The snmpCommunitySecurityName of this entry.";
reference
"RFC 3584: Coexistence between Version 1, Version 2,
and Version 3 of the Internet-standard
Network Management Framework.
SNMP-COMMUNITY-MIB.snmpCommunitySecurityName";
}
leaf engine-id {
if-feature snmp:proxy;
type snmp:engine-id;
description
"If not set, the value of the local SNMP engine is
operationally used by the device.";
reference
"RFC 3584: Coexistence between Version 1, Version 2,
and Version 3 of the Internet-standard
Network Management Framework.
SNMP-COMMUNITY-MIB.snmpCommunityContextEngineID";
}
leaf context {
type snmp:context-name;
default "";
description
"The context in which management information is accessed
when using the community string specified by this entry.";
reference
"RFC 3584: Coexistence between Version 1, Version 2,
and Version 3 of the Internet-standard
Network Management Framework.
SNMP-COMMUNITY-MIB.snmpCommunityContextName";
}
leaf target-tag {
type snmp:tag-value;
description
"Used to limit access for this community to the specified
targets.
Implementations MAY restrict the values of this leaf
to be one of the available values of /snmp/target/tag in
a valid configuration.";
reference
"RFC 3584: Coexistence between Version 1, Version 2,
and Version 3 of the Internet-standard
Network Management Framework.
SNMP-COMMUNITY-MIB.snmpCommunityTransportTag";
}
}
}
grouping v1-target-params {
container v1 {
description
"SNMPv1 parameters type.
Represents snmpTargetParamsMPModel '0',
snmpTargetParamsSecurityModel '1', and
snmpTargetParamsSecurityLevel 'noAuthNoPriv'.";
leaf security-name {
type snmp:security-name;
mandatory true;
description
"Implementations MAY restrict the values of this leaf
to be one of the available values of
/snmp/community/security-name in a valid configuration.";
reference
"RFC 3413: Simple Network Management Protocol (SNMP).
Applications.
SNMP-TARGET-MIB.snmpTargetParamsSecurityName";
}
}
}
grouping v2c-target-params {
container v2c {
description
"SNMPv2 community parameters type.
Represents snmpTargetParamsMPModel '1',
snmpTargetParamsSecurityModel '2', and
snmpTargetParamsSecurityLevel 'noAuthNoPriv'.";
leaf security-name {
type snmp:security-name;
mandatory true;
description
"Implementations MAY restrict the values of this leaf
to be one of the available values of
/snmp/community/security-name in a valid configuration.";
reference
"RFC 3413: Simple Network Management Protocol (SNMP).
Applications.
SNMP-TARGET-MIB.snmpTargetParamsSecurityName";
}
}
}
augment /snmp:snmp/snmp:target-params/snmp:params {
case v1 {
uses v1-target-params;
}
case v2c {
uses v2c-target-params;
}
}
augment /snmp:snmp/snmp:target {
when "snmp:v1 or snmp:v2c";
leaf mms {
type union {
type enumeration {
enum "unknown" { value 0; }
}
type int32 {
range "484..max";
}
}
default "484";
description
"The maximum message size.";
reference
"RFC 3584: Coexistence between Version 1, Version 2,
and Version 3 of the Internet-standard
Network Management Framework.
SNMP-COMMUNITY-MIB.snmpTargetAddrMMS";
}
}
}
<CODE ENDS>
4.9. Submodule 'ietf-snmp-vacm'
<CODE BEGINS> file "ietf-snmp-vacm.yang"
submodule ietf-snmp-vacm {
belongs-to ietf-snmp {
prefix snmp;
}
include ietf-snmp-common;
organization
"IETF NETMOD (NETCONF Data Modeling Language) Working Group";
contact
"WG Web: <http://tools.ietf.org/wg/netmod/>
WG List: <mailto:netmod@ietf.org>
WG Chair: Thomas Nadeau
<mailto:tnadeau@lucidvision.com>
WG Chair: Juergen Schoenwaelder
<mailto:j.schoenwaelder@jacobs-university.de>
Editor: Martin Bjorklund
<mailto:mbj@tail-f.com>
Editor: Juergen Schoenwaelder
<mailto:j.schoenwaelder@jacobs-university.de>";
description
"This submodule contains a collection of YANG definitions
for configuring the View-based Access Control Model (VACM)
of SNMP.
Copyright (c) 2014 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC 7407; see
the RFC itself for full legal notices.";
reference
"RFC 3415: View-based Access Control Model (VACM) for the
Simple Network Management Protocol (SNMP)";
revision 2014-12-10 {
description
"Initial revision.";
reference
"RFC 7407: A YANG Data Model for SNMP Configuration";
}
typedef view-name {
type snmp:identifier;
description
"The view-name type represents an SNMP VACM view name.";
}
typedef group-name {
type snmp:identifier;
description
"The group-name type represents an SNMP VACM group name.";
}
augment /snmp:snmp {
container vacm {
description
"Configuration of the View-based Access Control Model.";
list group {
key name;
description
"VACM groups.
This data model has a different structure than the MIB.
Groups are explicitly defined in this list, and group
members are defined in the 'member' list (mapped to
vacmSecurityToGroupTable), and access for the group is
defined in the 'access' list (mapped to
vacmAccessTable).";
reference
"RFC 3415: View-based Access Control Model (VACM) for the
Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmSecurityToGroupTable
SNMP-VIEW-BASED-ACM-MIB.vacmAccessTable";
leaf name {
type group-name;
description
"The name of this VACM group.";
reference
"RFC 3415: View-based Access Control Model (VACM) for the
Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmGroupName";
}
list member {
key "security-name";
description
"A member of this VACM group.
A specific combination of security-name and
security-model MUST NOT be present in more than
one group.";
reference
"RFC 3415: View-based Access Control Model (VACM) for the
Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmSecurityToGroupTable";
leaf security-name {
type snmp:security-name;
description
"The securityName of a group member.";
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmSecurityName";
}
leaf-list security-model {
type snmp:security-model;
min-elements 1;
description
"The security models under which this security-name
is a member of this group.";
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmSecurityModel";
}
}
list access {
key "context security-model security-level";
description
"Definition of access right for groups.";
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmAccessTable";
leaf context {
type snmp:context-name;
description
"The context (prefix) under which the access rights
apply.";
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmAccessContextPrefix";
}
leaf context-match {
type enumeration {
enum exact { value 1; }
enum prefix { value 2; }
}
default exact;
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmAccessContextMatch";
}
leaf security-model {
type snmp:security-model-or-any;
description
"The security model under which the access rights
apply.";
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmAccessSecurityModel";
}
leaf security-level {
type snmp:security-level;
description
"The minimum security level under which the access
rights apply.";
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmAccessSecurityLevel";
}
leaf read-view {
type view-name;
description
"The name of the MIB view of the SNMP context
authorizing read access. If this leaf does not
exist in a configuration, it maps to a zero-length
vacmAccessReadViewName.
Implementations MAY restrict the values of this
leaf to be one of the available values of
/snmp/vacm/view/name in a valid configuration.";
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmAccessReadViewName";
}
leaf write-view {
type view-name;
description
"The name of the MIB view of the SNMP context
authorizing write access. If this leaf does not
exist in a configuration, it maps to a zero-length
vacmAccessWriteViewName.
Implementations MAY restrict the values of this
leaf to be one of the available values of
/snmp/vacm/view/name in a valid configuration.";
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmAccessWriteViewName";
}
leaf notify-view {
type view-name;
description
"The name of the MIB view of the SNMP context
authorizing notify access. If this leaf does not
exist in a configuration, it maps to a zero-length
vacmAccessNotifyViewName.
Implementations MAY restrict the values of this
leaf to be one of the available values of
/snmp/vacm/view/name in a valid configuration.";
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmAccessNotifyViewName";
}
}
}
list view {
key name;
description
"Definition of MIB views.";
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilyTable";
leaf name {
type view-name;
description
"The name of this VACM MIB view.";
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilyName";
}
leaf-list include {
type snmp:wildcard-object-identifier;
description
"A family of subtrees included in this MIB view.";
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilySubtree
SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilyMask
SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilyType";
}
leaf-list exclude {
type snmp:wildcard-object-identifier;
description
"A family of subtrees excluded from this MIB view.";
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilySubtree
SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilyMask
SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilyType";
}
}
}
}
}
<CODE ENDS>
4.10. Submodule 'ietf-snmp-usm'
This YANG submodule imports YANG extensions from [RFC6536].
<CODE BEGINS> file "ietf-snmp-usm.yang"
submodule ietf-snmp-usm {
belongs-to ietf-snmp {
prefix snmp;
}
import ietf-yang-types {
prefix yang;
}
import ietf-netconf-acm {
prefix nacm;
}
include ietf-snmp-common;
include ietf-snmp-target;
include ietf-snmp-proxy;
organization
"IETF NETMOD (NETCONF Data Modeling Language) Working Group";
contact
"WG Web: <http://tools.ietf.org/wg/netmod/>
WG List: <mailto:netmod@ietf.org>
WG Chair: Thomas Nadeau
<mailto:tnadeau@lucidvision.com>
WG Chair: Juergen Schoenwaelder
<mailto:j.schoenwaelder@jacobs-university.de>
Editor: Martin Bjorklund
<mailto:mbj@tail-f.com>
Editor: Juergen Schoenwaelder
<mailto:j.schoenwaelder@jacobs-university.de>";
description
"This submodule contains a collection of YANG definitions for
configuring the User-based Security Model (USM) of SNMP.
Copyright (c) 2014 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC 7407; see
the RFC itself for full legal notices.";
reference
"RFC 3414: User-based Security Model (USM) for version 3 of the
Simple Network Management Protocol (SNMPv3)";
revision 2014-12-10 {
description
"Initial revision.";
reference
"RFC 7407: A YANG Data Model for SNMP Configuration";
}
grouping key {
leaf key {
type yang:hex-string;
mandatory true;
nacm:default-deny-all;
description
"Localized key specified as a list of colon-specified
hexadecimal octets.";
}
}
grouping user-list {
list user {
key "name";
reference
"RFC 3414: User-based Security Model (USM) for version 3
of the Simple Network Management Protocol (SNMPv3).
SNMP-USER-BASED-SM-MIB.usmUserTable";
leaf name {
type snmp:identifier;
reference
"RFC 3414: User-based Security Model (USM) for version 3
of the Simple Network Management Protocol (SNMPv3).
SNMP-USER-BASED-SM-MIB.usmUserName";
}
container auth {
presence "enables authentication";
description
"Enables authentication of the user.";
choice protocol {
mandatory true;
reference
"RFC 3414: User-based Security Model (USM) for version 3
of the Simple Network Management Protocol (SNMPv3).
SNMP-USER-BASED-SM-MIB.usmUserAuthProtocol";
container md5 {
uses key;
reference
"RFC 3414: User-based Security Model (USM) for
version 3 of the Simple Network Management Protocol
(SNMPv3).
SNMP-USER-BASED-SM-MIB.usmHMACMD5AuthProtocol";
}
container sha {
uses key;
reference
"RFC 3414: User-based Security Model (USM) for
version 3 of the Simple Network Management Protocol
(SNMPv3).
SNMP-USER-BASED-SM-MIB.usmHMACSHAAuthProtocol";
}
}
}
container priv {
must "../auth" {
error-message
"when privacy (confidentiality) is used, "
+ "authentication must also be used";
}
presence "enables encryption";
description
"Enables encryption of SNMP messages.";
choice protocol {
mandatory true;
reference
"RFC 3414: User-based Security Model (USM) for version 3
of the Simple Network Management Protocol (SNMPv3).
SNMP-USER-BASED-SM-MIB.usmUserPrivProtocol";
container des {
uses key;
reference
"RFC 3414: User-based Security Model (USM) for
version 3 of the Simple Network Management Protocol
(SNMPv3).
SNMP-USER-BASED-SM-MIB.usmDESPrivProtocol";
}
container aes {
uses key;
reference
"RFC 3826: The Advanced Encryption Standard (AES)
Cipher Algorithm in the SNMP User-based Security
Model.
SNMP-USM-AES-MIB.usmAesCfb128Protocol";
}
}
}
}
}
augment /snmp:snmp {
container usm {
description
"Configuration of the User-based Security Model.";
container local {
uses user-list;
}
list remote {
key "engine-id";
leaf engine-id {
type snmp:engine-id;
reference
"RFC 3414: User-based Security Model (USM) for version 3
of the Simple Network Management Protocol (SNMPv3).
SNMP-USER-BASED-SM-MIB.usmUserEngineID";
}
uses user-list;
}
}
}
grouping usm-target-params {
container usm {
description
"User-based SNMPv3 parameters type.
Represents snmpTargetParamsMPModel '3' and
snmpTargetParamsSecurityModel '3'.";
leaf user-name {
type snmp:security-name;
mandatory true;
reference
"RFC 3413: Simple Network Management Protocol (SNMP).
Applications.
SNMP-TARGET-MIB.snmpTargetParamsSecurityName";
}
leaf security-level {
type snmp:security-level;
mandatory true;
reference
"RFC 3413: Simple Network Management Protocol (SNMP).
Applications.
SNMP-TARGET-MIB.snmpTargetParamsSecurityLevel";
}
}
}
augment /snmp:snmp/snmp:target-params/snmp:params {
case usm {
uses usm-target-params;
}
}
}
<CODE ENDS>
4.11. Submodule 'ietf-snmp-tsm'
<CODE BEGINS> file "ietf-snmp-tsm.yang"
submodule ietf-snmp-tsm {
belongs-to ietf-snmp {
prefix snmp;
}
include ietf-snmp-common;
include ietf-snmp-target;
include ietf-snmp-proxy;
organization
"IETF NETMOD (NETCONF Data Modeling Language) Working Group";
contact
"WG Web: <http://tools.ietf.org/wg/netmod/>
WG List: <mailto:netmod@ietf.org>
WG Chair: Thomas Nadeau
<mailto:tnadeau@lucidvision.com>
WG Chair: Juergen Schoenwaelder
<mailto:j.schoenwaelder@jacobs-university.de>
Editor: Martin Bjorklund
<mailto:mbj@tail-f.com>
Editor: Juergen Schoenwaelder
<mailto:j.schoenwaelder@jacobs-university.de>";
description
"This submodule contains a collection of YANG definitions for
configuring the Transport Security Model (TSM) of SNMP.
Copyright (c) 2014 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC 7407; see
the RFC itself for full legal notices.";
reference
"RFC 5591: Transport Security Model for the
Simple Network Management Protocol (SNMP)";
revision 2014-12-10 {
description
"Initial revision.";
reference
"RFC 7407: A YANG Data Model for SNMP Configuration";
}
feature tsm {
description
"A server implements this feature if it supports the
Transport Security Model for SNMP.";
reference
"RFC 5591: Transport Security Model for the
Simple Network Management Protocol (SNMP)";
}
augment /snmp:snmp {
if-feature tsm;
container tsm {
description
"Configuration of the Transport Security Model.";
leaf use-prefix {
type boolean;
default false;
reference
"RFC 5591: Transport Security Model for the Simple
Network Management Protocol (SNMP).
SNMP-TSM-MIB.snmpTsmConfigurationUsePrefix";
}
}
}
grouping tsm-target-params {
container tsm {
description
"Transport-based security SNMPv3 parameters type.
Represents snmpTargetParamsMPModel '3' and
snmpTargetParamsSecurityModel '4'.";
leaf security-name {
type snmp:security-name;
mandatory true;
reference
"RFC 3413: Simple Network Management Protocol (SNMP).
Applications.
SNMP-TARGET-MIB.snmpTargetParamsSecurityName";
}
leaf security-level {
type snmp:security-level;
mandatory true;
reference
"RFC 3413: Simple Network Management Protocol (SNMP).
Applications.
SNMP-TARGET-MIB.snmpTargetParamsSecurityLevel";
}
}
}
augment /snmp:snmp/snmp:target-params/snmp:params {
if-feature tsm;
case tsm {
uses tsm-target-params;
}
}
}
<CODE ENDS>
4.12. Submodule 'ietf-snmp-tls'
<CODE BEGINS> file "ietf-snmp-tls.yang"
submodule ietf-snmp-tls {
belongs-to ietf-snmp {
prefix snmp;
}
import ietf-inet-types {
prefix inet;
}
import ietf-x509-cert-to-name {
prefix x509c2n;
}
include ietf-snmp-common;
include ietf-snmp-engine;
include ietf-snmp-target;
organization
"IETF NETMOD (NETCONF Data Modeling Language) Working Group";
contact
"WG Web: <http://tools.ietf.org/wg/netmod/>
WG List: <mailto:netmod@ietf.org>
WG Chair: Thomas Nadeau
<mailto:tnadeau@lucidvision.com>
WG Chair: Juergen Schoenwaelder
<mailto:j.schoenwaelder@jacobs-university.de>
Editor: Martin Bjorklund
<mailto:mbj@tail-f.com>
Editor: Juergen Schoenwaelder
<mailto:j.schoenwaelder@jacobs-university.de>";
description
"This submodule contains a collection of YANG definitions for
configuring the Transport Layer Security Transport Model (TLSTM)
of SNMP.
Copyright (c) 2014 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC 7407; see
the RFC itself for full legal notices.";
reference
"RFC 6353: Transport Layer Security (TLS) Transport Model for
the Simple Network Management Protocol (SNMP)";
revision 2014-12-10 {
description
"Initial revision.";
reference
"RFC 7407: A YANG Data Model for SNMP Configuration";
}
feature tlstm {
description
"A server implements this feature if it supports the
Transport Layer Security Transport Model for SNMP.";
reference
"RFC 6353: Transport Layer Security (TLS) Transport Model for
the Simple Network Management Protocol (SNMP)";
}
augment /snmp:snmp/snmp:engine/snmp:listen/snmp:transport {
if-feature tlstm;
case tls {
container tls {
description
"A list of IPv4 and IPv6 addresses and ports to which the
engine listens for SNMP messages over TLS.";
leaf ip {
type inet:ip-address;
mandatory true;
description
"The IPv4 or IPv6 address on which the engine listens
for SNMP messages over TLS.";
}
leaf port {
type inet:port-number;
description
"The TCP port on which the engine listens for SNMP
messages over TLS.
If the port is not configured, an engine that
acts as a Command Responder uses port 10161, and
an engine that acts as a Notification Receiver
uses port 10162.";
}
}
}
case dtls {
container dtls {
description
"A list of IPv4 and IPv6 addresses and ports to which the
engine listens for SNMP messages over DTLS.";
leaf ip {
type inet:ip-address;
mandatory true;
description
"The IPv4 or IPv6 address on which the engine listens
for SNMP messages over DTLS.";
}
leaf port {
type inet:port-number;
description
"The UDP port on which the engine listens for SNMP
messages over DTLS.
If the port is not configured, an engine that
acts as a Command Responder uses port 10161, and
an engine that acts as a Notification Receiver
uses port 10162.";
}
}
}
}
augment /snmp:snmp {
if-feature tlstm;
container tlstm {
uses x509c2n:cert-to-name {
description
"Defines how certificates are mapped to names. The
resulting name is used as a security name.";
refine cert-to-name/map-type {
description
"Mappings that use the snmpTlstmCertToTSNData column
need to augment the cert-to-name list with
additional configuration objects corresponding
to the snmpTlstmCertToTSNData value. Such objects
should use the 'when' statement to make them
conditional based on the map-type.";
}
}
}
}
grouping tls-transport {
leaf ip {
type inet:host;
mandatory true;
reference
"RFC 3413: Simple Network Management Protocol (SNMP).
Applications.
SNMP-TARGET-MIB.snmpTargetAddrTAddress
RFC 6353: Transport Layer Security (TLS) Transport Model
for the Simple Network Management Protocol (SNMP).
SNMP-TLS-TM-MIB.SnmpTLSAddress";
}
leaf port {
type inet:port-number;
default 10161;
reference
"RFC 3413: Simple Network Management Protocol (SNMP).
Applications.
SNMP-TARGET-MIB.snmpTargetAddrTAddress
RFC 6353: Transport Layer Security (TLS) Transport Model
for the Simple Network Management Protocol (SNMP).
SNMP-TLS-TM-MIB.SnmpTLSAddress";
}
leaf client-fingerprint {
type x509c2n:tls-fingerprint;
reference
"RFC 6353: Transport Layer Security (TLS) Transport Model
for the Simple Network Management Protocol (SNMP).
SNMP-TLS-TM-MIB.snmpTlstmParamsClientFingerprint";
}
leaf server-fingerprint {
type x509c2n:tls-fingerprint;
reference
"RFC 6353: Transport Layer Security (TLS) Transport Model
for the Simple Network Management Protocol (SNMP).
SNMP-TLS-TM-MIB.snmpTlstmAddrServerFingerprint";
}
leaf server-identity {
type snmp:admin-string;
reference
"RFC 6353: Transport Layer Security (TLS) Transport Model
for the Simple Network Management Protocol (SNMP).
SNMP-TLS-TM-MIB.snmpTlstmAddrServerIdentity";
}
}
augment /snmp:snmp/snmp:target/snmp:transport {
if-feature tlstm;
case tls {
reference
"RFC 6353: Transport Layer Security (TLS) Transport Model
for the Simple Network Management Protocol (SNMP).
SNMP-TLS-TM-MIB.snmpTLSTCPDomain";
container tls {
uses tls-transport;
}
}
}
augment /snmp:snmp/snmp:target/snmp:transport {
if-feature tlstm;
case dtls {
reference
"RFC 6353: Transport Layer Security (TLS) Transport Model
for the Simple Network Management Protocol (SNMP).
SNMP-TLS-TM-MIB.snmpDTLSUDPDomain";
container dtls {
uses tls-transport;
}
}
}
}
<CODE ENDS>
4.13. Submodule 'ietf-snmp-ssh'
<CODE BEGINS> file "ietf-snmp-ssh.yang" submodule ietf-snmp-ssh { belongs-to ietf-snmp { prefix snmp; } import ietf-inet-types { prefix inet; } include ietf-snmp-common; include ietf-snmp-engine; include ietf-snmp-target; organization "IETF NETMOD (NETCONF Data Modeling Language) Working Group"; contact "WG Web: <http://tools.ietf.org/wg/netmod/> WG List: <mailto:netmod@ietf.org> WG Chair: Thomas Nadeau <mailto:tnadeau@lucidvision.com> WG Chair: Juergen Schoenwaelder <mailto:j.schoenwaelder@jacobs-university.de> Editor: Martin Bjorklund <mailto:mbj@tail-f.com> Editor: Juergen Schoenwaelder <mailto:j.schoenwaelder@jacobs-university.de>"; description "This submodule contains a collection of YANG definitions for configuring the Secure Shell Transport Model (SSHTM) of SNMP. Copyright (c) 2014 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC 7407; see
the RFC itself for full legal notices.";
reference
"RFC 5592: Secure Shell Transport Model for the
Simple Network Management Protocol (SNMP)";
revision 2014-12-10 {
description
"Initial revision.";
reference
"RFC 7407: A YANG Data Model for SNMP Configuration";
}
feature sshtm {
description
"A server implements this feature if it supports the
Secure Shell Transport Model for SNMP.";
reference
"RFC 5592: Secure Shell Transport Model for the
Simple Network Management Protocol (SNMP)";
}
augment /snmp:snmp/snmp:engine/snmp:listen/snmp:transport {
if-feature sshtm;
case ssh {
container ssh {
description
"The IPv4 or IPv6 address and port to which the
engine listens for SNMP messages over SSH.";
leaf ip {
type inet:ip-address;
mandatory true;
description
"The IPv4 or IPv6 address on which the engine listens
for SNMP messages over SSH.";
}
leaf port {
type inet:port-number;
description
"The TCP port on which the engine listens for SNMP
messages over SSH.
If the port is not configured, an engine that
acts as a Command Responder uses port 5161, and
an engine that acts as a Notification Receiver
uses port 5162.";
}
}
}
}
augment /snmp:snmp/snmp:target/snmp:transport {
if-feature sshtm;
case ssh {
reference
"RFC 5592: Secure Shell Transport Model for the
Simple Network Management Protocol (SNMP).
SNMP-SSH-TM-MIB.snmpSSHDomain";
container ssh {
leaf ip {
type inet:host;
mandatory true;
reference
"RFC 3413: Simple Network Management Protocol (SNMP).
Applications.
SNMP-TARGET-MIB.snmpTargetAddrTAddress
RFC 5592: Secure Shell Transport Model for the
Simple Network Management Protocol (SNMP).
SNMP-SSH-TM-MIB.SnmpSSHAddress";
}
leaf port {
type inet:port-number;
default 5161;
reference
"RFC 3413: Simple Network Management Protocol (SNMP).
Applications.
SNMP-TARGET-MIB.snmpTargetAddrTAddress
RFC 5592: Secure Shell Transport Model for the
Simple Network Management Protocol (SNMP).
SNMP-SSH-TM-MIB.SnmpSSHAddress";
}
leaf username {
type string;
reference
"RFC 3413: Simple Network Management Protocol (SNMP).
Applications.
SNMP-TARGET-MIB.snmpTargetAddrTAddress
RFC 5592: Secure Shell Transport Model for the
Simple Network Management Protocol (SNMP).
SNMP-SSH-TM-MIB.SnmpSSHAddress";
}
}
}
}
}
<CODE ENDS>
(page 71 continued on part 4)
