netconfcentral logo

ieee802-dot1ae@2019-07-18



  module ieee802-dot1ae {

    yang-version 1.1;

    namespace
      "urn:ieee:std:802.1AE:yang:ieee802-dot1ae";

    prefix dot1ae;

    import ieee802-dot1ae-types {
      prefix dot1aetypes;
    }
    import ietf-yang-types {
      prefix yang;
    }
    import ietf-interfaces {
      prefix if;
    }
    import ietf-system {
      prefix sys;
    }
    import iana-if-type {
      prefix ianaift;
    }
    import ieee802-dot1x-types {
      prefix dot1x-types;
    }

    organization
      "Institute of Electrical and Electronics Engineers";

    contact
      "WG-URL: http://grouper.ieee.org/groups/802/1/
     WG-EMail: stds-802-1@ieee.org
       Contact: IEEE 802.1 Working Group Chair
       Postal: C/O IEEE 802.1 Working Group
       IEEE Standards Association
            445 Hoes Lane
            P.O. Box 1331
            Piscataway
            NJ 08855-1331
            USA

    E-mail: STDS-802-1-L@LISTSERV.IEEE.ORG";

    description
      "The MAC security entity (SecY) MIB module. A SecY is a protocol
    shim providing MAC Security (MACsec) in an interface stack.

    Each SecY transmits MACsec protected frames on one or more Secure Channels
    (SCs) to each of the other SecYs attached to the same LAN and participating
    in the same Secure Connectivity Association (CA). The CA is a security
    relationship, that is established and maintained by key agreement protocols
    and supported by MACsec to provide full connectivity between its
    participants.  Each SC provides unidirectional point to multipoint
    connectivity from one participant to all the others and is supported by a
    succession of similarly point to multipoint Secure Associations (SAs). The
    Secure Association  Key (SAK) used to protect frames is changed as an SA is
    replaced by its (overlapping) successor so fresh keys can be used without
    disrupting a long lived SC and CA.

    Two different upper interfaces, a Controlled Port (for frames protected by
    MACsec, providing an instance of the secure MAC service) and an
    Uncontrolled Port (for frames not requiring protection, like the key
    agreement frames used to establish the CA and distribute keys) are
    associated with a SecY shim.

    __________________________________________________________________
    |                               |                                |
    |  Controlled Port Interface    |   Uncontrolled Port Interface  |
    |_______________________________|________________________________|
    |                                                                |
    |                    Physical Interface                          |
    |________________________________________________________________|
    Example MACsec Interface Stack.
  ";

    revision "2019-07-18" {
      description
        "Updates based upon comment resolution on draft TBD ";
      reference
        "IEEE 802.1AE-2018, Media Access Control (MAC) Security.";

    }

  }  // module ieee802-dot1ae