netconfcentral logo

ieee802-dot1x-types@2019-05-28



  module ieee802-dot1x-types {

    yang-version 1;

    namespace
      "urn:ieee:std:802.1X:yang:ieee802-dot1x-types";

    prefix dot1x-types;

    organization
      "Institute of Electrical and Electronics Engineers";

    contact
      "WG-URL: http://grouper.ieee.org/groups/802/1/
    WG-EMail: stds-802-1@ieee.org

    Contact: IEEE 802.1 Working Group Chair
    Postal: C/O IEEE 802.1 Working Group
            IEEE Standards Association
            445 Hoes Lane
            P.O. Box 1331
            Piscataway
            NJ 08855-1331
            USA
 	
    E-mail: STDS-802-1-L@LISTSERV.IEEE.ORG";

    description
      "Port-based network access control allows a network administrator
    to restrict the use of IEEE 802 LAN service access points (ports)
    to secure communication between authenticated and authorized
    devices. IEEE Std 802.1X specifies an architecture, functional
    elements, and protocols that support mutual authentication
    between the clients of ports attached to the same LAN and secure
    communication between the ports. The following control allows a
    port to be reinitialized, terminating (and potentially
    restarting) authentication exchanges and MKA operation, based on
    a data model described in a set of YANG modules.";

    revision "2019-05-28" {
      description
        "Updates based upon comment resolution on draft
      D1.0 of P802.1X-Rev.";
      reference
        "IEEE Std 802.1X-2020, Port-Based Network Access Control.";

    }


    typedef pae-nid {
      type string {
        length "0..100";
      }
      description
        "Network Identity, which is a UTF-8 string identifying a
      network or network service.";
      reference
        "IEEE 802.1X-2020 Clause 3, Clause 10.1, Clause 12.6";

    }

    typedef pae-session-user-name {
      type string {
        length "0..253";
      }
      description
        "Session user name, which is a UTF-8 string, representing the
      identity of the peer Supplicant.";
      reference
        "IEEE 802.1X-2020 Clause 12.5.1";

    }

    typedef pae-session-id {
      type string {
        length "3..253";
      }
      description
        "Session Identifier, which is a UTF-8 string, uniquely
      identifying the session within the context of the PAE's
      system.";
      reference
        "IEEE 802.1X-2020 Clause 12.5.1";

    }

    typedef pae-nid-capabilities {
      type bits {
        bit eap {
          position 0;
          description "EAP";
        }
        bit eapMka {
          position 1;
          description "EAP + MKA";
        }
        bit eapMkaMacSec {
          position 2;
          description "EAP + MKA + MACsec";
        }
        bit mka {
          position 3;
          description "MKA";
        }
        bit mkaMacSec {
          position 4;
          description "MKA + MACsec";
        }
        bit higherLayer {
          position 5;
          description
            "Higher Layer (WebAuth)";
        }
        bit higherLayerFallback {
          position 6;
          description
            "Higher Layer Fallback (WebAuth)";
        }
        bit vendorSpecific {
          position 7;
          description
            "Vendor specific authentication mechanisms";
        }
      }
      description
        "Authentication and protection capabilities supported for the
      NID. Indicates the combinations of authentication and
      protection capabilities supported for the NID. Any set of these
      combinations can be supported.";
      reference
        "IEEE 802.1X-2020 Clause 10.1, Clause 11.12.3";

    }

    typedef pae-access-status {
      type enumeration {
        enum "no-access" {
          value 0;
          description
            "Other than to authentication services, and to services
          announced as available in the absence of authentication
          (unauthenticated).";
        }
        enum "remedial-access" {
          value 1;
          description
            "The access granted is severely limited, possibly to
          remedial services.";
        }
        enum "restricted-access" {
          value 2;
          description
            "The Controlled Port is operational, but restrictions have
          been applied by the network that can limit access to some
          resources.";
        }
        enum "expected-access" {
          value 3;
          description
            "The Controlled Port is operational, and access provided is
          as expected for successful authentication and authorization
          for the NID.";
        }
      }
      description
        "Indicates the transmitter's Controlled Port operational status
      and current level of access resulting from authentication and
      the consequent authorization controls applied by that port's
      clients.";
      reference
        "IEEE 802.1X-2020 Clause 10.4, Clause 12.5";

    }

    typedef mka-kn {
      type uint32;
      description
        "Indicates a Key Number (KN) used in MKA. It is assigned by
      the Key Server (sequentially beginning with 1).";
      reference
        "IEEE 802.1X-2020 Clause 9.8, Clause 9.16";

    }

    typedef mka-an {
      type uint32;
      description
        "A number that is concatenated with a MACsec Secure Channel
      Identifier to identify a Secure Association. Indicates an
      Association Number (AN) assigned by the Key Server for use with
      the key number for transmission.";
      reference
        "IEEE 802.1X-2020 Clause 9.8, Clause 9.16";

    }

    typedef pae-ckn {
      type string {
        length "1..32";
      }
      description
        "Indicates the CAK name to identify the Connectivity
      Association Key (CAK) which is the root key in the MACsec Key
      Agreement key hierarchy. All potential members of the CA use
      the same CKN.";
      reference
        "IEEE 802.1X-2020 Clause 9.3.1, Clause 6.2";

    }

    typedef pae-kmd {
      type string {
        length "0..253";
      }
      description
        "A Key Management Domain (KMD). A string of up to 253 UTF-8
      characters that names the transmitting authenticator's key
      management domain.";
      reference
        "IEEE Clause 12.6";

    }

    typedef pae-auth-data {
      type string;
      description
        "Authorization data associated with the CAK.";
      reference
        "IEEE 802.1X-2020 Clause 9.16";

    }

    typedef sci-list-entry {
      type string {
        length "8";
      }
      description
        "8 octet string, where the first 6 octets represents the MAC
      Address (in canonical format), and the next 2 octets represents
      the Port Identifier.";
      reference
        "IEEE 802.1AE Clause 7.1.2, Clause 10.7.1";

    }

    typedef pae-if-index {
      type int32 {
        range "1..2147483647";
      }
      description
        "The interface index value represented by this interface.";
    }
  }  // module ieee802-dot1x-types