| draft-ietf-netmod-snmp-cfg-04.txt | draft-ietf-netmod-snmp-cfg-05.txt | |||
|---|---|---|---|---|
| Network Working Group M. Bjorklund | Network Working Group M. Bjorklund | |||
| Internet-Draft Tail-f Systems | Internet-Draft Tail-f Systems | |||
| Intended status: Standards Track J. Schoenwaelder | Intended status: Standards Track J. Schoenwaelder | |||
| Expires: August 14, 2014 Jacobs University | Expires: November 20, 2014 Jacobs University | |||
| February 10, 2014 | May 19, 2014 | |||
| A YANG Data Model for SNMP Configuration | A YANG Data Model for SNMP Configuration | |||
| draft-ietf-netmod-snmp-cfg-04 | draft-ietf-netmod-snmp-cfg-05 | |||
| Abstract | Abstract | |||
| This document defines a collection of YANG definitions for | This document defines a collection of YANG definitions for | |||
| configuring SNMP engines. | configuring SNMP engines. | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| skipping to change at page 1, line 32 | skipping to change at page 1, line 32 | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on August 14, 2014. | This Internet-Draft will expire on November 20, 2014. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2014 IETF Trust and the persons identified as the | Copyright (c) 2014 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 31 | skipping to change at page 2, line 31 | |||
| 2.13. Secure Shell Transport Model Configuration . . . . . . . . 13 | 2.13. Secure Shell Transport Model Configuration . . . . . . . . 13 | |||
| 3. Implementation Guidelines . . . . . . . . . . . . . . . . . . 15 | 3. Implementation Guidelines . . . . . . . . . . . . . . . . . . 15 | |||
| 3.1. Supporting read-only SNMP Access . . . . . . . . . . . . . 15 | 3.1. Supporting read-only SNMP Access . . . . . . . . . . . . . 15 | |||
| 3.2. Supporting read-write SNMP access . . . . . . . . . . . . 16 | 3.2. Supporting read-write SNMP access . . . . . . . . . . . . 16 | |||
| 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 17 | 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 4.1. Module 'ietf-x509-cert-to-name' . . . . . . . . . . . . . 17 | 4.1. Module 'ietf-x509-cert-to-name' . . . . . . . . . . . . . 17 | |||
| 4.2. Module 'ietf-snmp' . . . . . . . . . . . . . . . . . . . . 22 | 4.2. Module 'ietf-snmp' . . . . . . . . . . . . . . . . . . . . 22 | |||
| 4.3. Submodule 'ietf-snmp-common' . . . . . . . . . . . . . . . 25 | 4.3. Submodule 'ietf-snmp-common' . . . . . . . . . . . . . . . 25 | |||
| 4.4. Submodule 'ietf-snmp-engine' . . . . . . . . . . . . . . . 29 | 4.4. Submodule 'ietf-snmp-engine' . . . . . . . . . . . . . . . 29 | |||
| 4.5. Submodule 'ietf-snmp-target' . . . . . . . . . . . . . . . 32 | 4.5. Submodule 'ietf-snmp-target' . . . . . . . . . . . . . . . 32 | |||
| 4.6. Submodule 'ietf-snmp-notification' . . . . . . . . . . . . 35 | 4.6. Submodule 'ietf-snmp-notification' . . . . . . . . . . . . 36 | |||
| 4.7. Submodule 'ietf-snmp-proxy' . . . . . . . . . . . . . . . 39 | 4.7. Submodule 'ietf-snmp-proxy' . . . . . . . . . . . . . . . 40 | |||
| 4.8. Submodule 'ietf-snmp-community' . . . . . . . . . . . . . 42 | 4.8. Submodule 'ietf-snmp-community' . . . . . . . . . . . . . 42 | |||
| 4.9. Submodule 'ietf-snmp-vacm' . . . . . . . . . . . . . . . . 46 | 4.9. Submodule 'ietf-snmp-vacm' . . . . . . . . . . . . . . . . 47 | |||
| 4.10. Submodule 'ietf-snmp-usm' . . . . . . . . . . . . . . . . 52 | 4.10. Submodule 'ietf-snmp-usm' . . . . . . . . . . . . . . . . 52 | |||
| 4.11. Submodule 'ietf-snmp-tsm' . . . . . . . . . . . . . . . . 56 | 4.11. Submodule 'ietf-snmp-tsm' . . . . . . . . . . . . . . . . 56 | |||
| 4.12. Submodule 'ietf-snmp-tls' . . . . . . . . . . . . . . . . 59 | 4.12. Submodule 'ietf-snmp-tls' . . . . . . . . . . . . . . . . 59 | |||
| 4.13. Submodule 'ietf-snmp-ssh' . . . . . . . . . . . . . . . . 63 | 4.13. Submodule 'ietf-snmp-ssh' . . . . . . . . . . . . . . . . 63 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 66 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 67 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 68 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 69 | |||
| 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 71 | 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 72 | |||
| 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 72 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 73 | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . . 72 | 8.1. Normative References . . . . . . . . . . . . . . . . . . . 73 | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . . 72 | 8.2. Informative References . . . . . . . . . . . . . . . . . . 73 | |||
| Appendix A. Example configurations . . . . . . . . . . . . . . . 74 | Appendix A. Example configurations . . . . . . . . . . . . . . . 75 | |||
| A.1. Engine Configuration Example . . . . . . . . . . . . . . . 74 | A.1. Engine Configuration Example . . . . . . . . . . . . . . . 75 | |||
| A.2. Community Configuration Example . . . . . . . . . . . . . 74 | A.2. Community Configuration Example . . . . . . . . . . . . . 75 | |||
| A.3. User-based Security Model Configuration Example . . . . . 75 | A.3. User-based Security Model Configuration Example . . . . . 76 | |||
| A.4. Target and Notification Configuration Example . . . . . . 77 | A.4. Target and Notification Configuration Example . . . . . . 78 | |||
| A.5. Proxy Configuration Example . . . . . . . . . . . . . . . 78 | A.5. Proxy Configuration Example . . . . . . . . . . . . . . . 79 | |||
| A.6. View-based Access Control Model Configuration Example . . 81 | A.6. View-based Access Control Model Configuration Example . . 82 | |||
| A.7. Transport Layer Security Transport Model Configuration | A.7. Transport Layer Security Transport Model Configuration | |||
| Example . . . . . . . . . . . . . . . . . . . . . . . . . 83 | Example . . . . . . . . . . . . . . . . . . . . . . . . . 84 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 85 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 86 | |||
| 1. Introduction | 1. Introduction | |||
| This document defines a YANG [RFC6020] data model for the | This document defines a YANG [RFC6020] data model for the | |||
| configuration of SNMP engines. The configuration model is consistent | configuration of SNMP engines. The configuration model is consistent | |||
| with the MIB modules defined in [RFC3411], [RFC3412], [RFC3413], | with the MIB modules defined in [RFC3411], [RFC3412], [RFC3413], | |||
| [RFC3414], [RFC3415], [RFC3418], [RFC3584], [RFC5591], [RFC5592], and | [RFC3414], [RFC3415], [RFC3418], [RFC3584], [RFC5591], [RFC5592], and | |||
| [RFC6353] but takes advantage of YANG's ability to define | [RFC6353] but takes advantage of YANG's ability to define | |||
| hierarchical configuration data models. | hierarchical configuration data models. | |||
| skipping to change at page 6, line 20 | skipping to change at page 6, line 20 | |||
| 2.4. Engine Configuration | 2.4. Engine Configuration | |||
| The submodule "ietf-snmp-engine", which defines configuration | The submodule "ietf-snmp-engine", which defines configuration | |||
| parameters that are specific to SNMP engines, has the following | parameters that are specific to SNMP engines, has the following | |||
| structure: | structure: | |||
| +--rw snmp | +--rw snmp | |||
| +--rw engine | +--rw engine | |||
| +--rw enabled? boolean | +--rw enabled? boolean | |||
| +--rw listen | +--rw listen* [name] | |||
| | +--rw udp* [ip port] | | +--rw name snmp:identifier | |||
| | +--rw ip inet:ip-address | | +--rw (transport) | |||
| | +--rw port inet:port-number | | +--:(udp) | |||
| | +--rw udp | ||||
| | +--rw ip inet:ip-address | ||||
| | +--rw port? inet:port-number | ||||
| +--rw version | +--rw version | |||
| | +--rw v1? empty | | +--rw v1? empty | |||
| | +--rw v2c? empty | | +--rw v2c? empty | |||
| | +--rw v3? empty | | +--rw v3? empty | |||
| +--rw engine-id? snmp:engine-id | +--rw engine-id? snmp:engine-id | |||
| +--rw enable-authen-traps? boolean | +--rw enable-authen-traps? boolean | |||
| The leaf "/snmp/engine/enabled" can be used to enable/disable an SNMP | The leaf "/snmp/engine/enabled" can be used to enable/disable an SNMP | |||
| engine. | engine. | |||
| The container "/snmp/engine/listen" provides configuration of the | The list "/snmp/engine/listen" provides configuration of the | |||
| transport endpoints the engine is listening to. In this submodule, | transport endpoints the engine is listening to. In this submodule, | |||
| SNMP over UDP is defined. TLS and Datagram Transport Layer Security | SNMP over UDP is defined. SSH, TLS and Datagram Transport Layer | |||
| (DTLS) are also supported, defined in "ietf-snmp-tls" (Section 2.12). | Security (DTLS) are also supported, defined in "ietf-snmp-ssh" | |||
| The "listen" container is expected to be augmented for other | (Section 2.13) and "ietf-snmp-tls" (Section 2.12), respectively. The | |||
| transports. | "transport" choice is expected to be augmented for other transports. | |||
| The "/snmp/engine/version" container can be used to enable/disable | The "/snmp/engine/version" container can be used to enable/disable | |||
| the different message processing models. | the different message processing models. | |||
| 2.5. Target Configuration | 2.5. Target Configuration | |||
| The submodule "ietf-snmp-target", which defines configuration | The submodule "ietf-snmp-target", which defines configuration | |||
| parameters that correspond to the objects in SNMP-TARGET-MIB, has the | parameters that correspond to the objects in SNMP-TARGET-MIB, has the | |||
| following structure: | following structure: | |||
| skipping to change at page 7, line 51 | skipping to change at page 7, line 51 | |||
| parameters that correspond to the objects in SNMP-NOTIFICATION-MIB, | parameters that correspond to the objects in SNMP-NOTIFICATION-MIB, | |||
| has the following structure: | has the following structure: | |||
| +--rw snmp | +--rw snmp | |||
| +--rw notify* [name] | +--rw notify* [name] | |||
| | +--rw name snmp:identifier | | +--rw name snmp:identifier | |||
| | +--rw tag snmp:identifier | | +--rw tag snmp:identifier | |||
| | +--rw type? enumeration | | +--rw type? enumeration | |||
| +--rw notify-filter-profile* [name] | +--rw notify-filter-profile* [name] | |||
| +--rw name snmp:identifier | +--rw name snmp:identifier | |||
| +--rw include* wildcard-object-identifier | +--rw include* snmp:wildcard-object-identifier | |||
| +--rw exclude* wildcard-object-identifier | +--rw exclude* snmp:wildcard-object-identifier | |||
| It also augments the "target-params" list defined in the | It also augments the "target-params" list defined in the | |||
| "ietf-snmp-target" submodule (Section 2.5) with one leaf: | "ietf-snmp-target" submodule (Section 2.5) with one leaf: | |||
| +--rw snmp | +--rw snmp | |||
| +--rw target-params* [name] | +--rw target-params* [name] | |||
| ... | ... | |||
| +--rw notify-filter-profile? leafref | +--rw notify-filter-profile? leafref | |||
| An entry in the list "/snmp/notify" corresponds to an | An entry in the list "/snmp/notify" corresponds to an | |||
| "snmpNotifyEntry". | "snmpNotifyEntry". | |||
| An entry in the list "/snmp/notify-filter-profile" corresponds to an | An entry in the list "/snmp/notify-filter-profile" corresponds to an | |||
| "snmpNotifyFilterProfileEntry". In the MIB, there is a sparse | "snmpNotifyFilterProfileEntry". In the MIB, there is a sparse | |||
| relationship between "snmpTargetParamsTable" and | relationship between "snmpTargetParamsTable" and | |||
| skipping to change at page 9, line 29 | skipping to change at page 9, line 29 | |||
| +--rw security-name snmp:security-name | +--rw security-name snmp:security-name | |||
| +--rw engine-id? snmp:engine-id | +--rw engine-id? snmp:engine-id | |||
| +--rw context? snmp:context-name | +--rw context? snmp:context-name | |||
| +--rw target-tag? snmp:identifier | +--rw target-tag? snmp:identifier | |||
| It also augments the "/snmp/target-params/params" choice with nodes | It also augments the "/snmp/target-params/params" choice with nodes | |||
| for the Community-Based Security Model used by SNMPv1 and SNMPv2c: | for the Community-Based Security Model used by SNMPv1 and SNMPv2c: | |||
| +--rw snmp | +--rw snmp | |||
| +--rw target-params* [name] | +--rw target-params* [name] | |||
| ... | | ... | |||
| +--rw (params)? | | +--rw (params)? | |||
| | +--:(v1) | | +--:(v1) | |||
| | | +--rw v1 | | | +--rw v1 | |||
| | | +--rw security-name snmp:security-name | | | +--rw security-name snmp:security-name | |||
| | +--:(v2c) | | +--:(v2c) | |||
| | +--rw v2c | | +--rw v2c | |||
| | +--rw security-name snmp:security-name | | +--rw security-name snmp:security-name | |||
| +--rw target* [name] | ||||
| +--rw mms? union | +--rw mms? union | |||
| An entry in the list "/snmp/community" corresponds to an | An entry in the list "/snmp/community" corresponds to an | |||
| "snmpCommunityEntry". | "snmpCommunityEntry". | |||
| When a case "v1" or "v2c" is chosen, it implies a | When a case "v1" or "v2c" is chosen, it implies a | |||
| snmpTargetParamsMPModel 0 (SNMPv1) or 1 (SNMPv2), and a | snmpTargetParamsMPModel 0 (SNMPv1) or 1 (SNMPv2), and a | |||
| snmpTargetParamsSecurityModel 1 (SNMPv1) or 2 (SNMPv2), respectively. | snmpTargetParamsSecurityModel 1 (SNMPv1) or 2 (SNMPv2), respectively. | |||
| Both cases implies a snmpTargetParamsSecurityLevel of noAuthNoPriv. | Both cases implies a snmpTargetParamsSecurityLevel of noAuthNoPriv. | |||
| skipping to change at page 11, line 10 | skipping to change at page 11, line 10 | |||
| +--rw user* [name] | +--rw user* [name] | |||
| +-- {common user params} | +-- {common user params} | |||
| The "{common user params}" are: | The "{common user params}" are: | |||
| +--rw name snmp:identifier | +--rw name snmp:identifier | |||
| +--rw auth! | +--rw auth! | |||
| | +--rw (protocol) | | +--rw (protocol) | |||
| | +--:(md5) | | +--:(md5) | |||
| | | +--rw md5 | | | +--rw md5 | |||
| | | +-- rw key string | | | +-- rw key yang:hex-string | |||
| | +--:(sha) | | +--:(sha) | |||
| | +--rw sha | | +--rw sha | |||
| | +-- rw key string | | +-- rw key yang:hex-string | |||
| +--rw priv! | +--rw priv! | |||
| +--rw (protocol) | +--rw (protocol) | |||
| +--:(des) | +--:(des) | |||
| | +--rw des | | +--rw des | |||
| | +-- rw key string | | +-- rw key yang:hex-string | |||
| +--:(aes) | +--:(aes) | |||
| +--rw aes | +--rw aes | |||
| +-- rw key string | +-- rw key yang:hex-string | |||
| It also augments the "/snmp/target-params/params" choice with nodes | It also augments the "/snmp/target-params/params" choice with nodes | |||
| for the SNMP User-based Security Model. | for the SNMP User-based Security Model. | |||
| +--rw snmp | +--rw snmp | |||
| +--rw target-params* [name] | +--rw target-params* [name] | |||
| ... | ... | |||
| +--rw (params)? | +--rw (params)? | |||
| +--:(usm) | +--:(usm) | |||
| +--rw usm | +--rw usm | |||
| +--rw user-name snmp:security-name | +--rw user-name snmp:security-name | |||
| +--rw security-level security-level | +--rw security-level security-level | |||
| In the MIB, there is a single table with local and remote users, | In the MIB, there is a single table with local and remote users, | |||
| indexed by the engine id and user name. In the YANG model, there is | indexed by the engine id and user name. In the YANG model, there is | |||
| skipping to change at page 11, line 51 | skipping to change at page 11, line 51 | |||
| the YANG model. However, the localized key can be changed. This | the YANG model. However, the localized key can be changed. This | |||
| implies that if the engine id is changed, all users keys need to be | implies that if the engine id is changed, all users keys need to be | |||
| changed as well. | changed as well. | |||
| 2.11. Transport Security Model Configuration | 2.11. Transport Security Model Configuration | |||
| The submodule "ietf-snmp-tsm", which defines configuration parameters | The submodule "ietf-snmp-tsm", which defines configuration parameters | |||
| that correspond to the objects in SNMP-TSM-MIB, has the following | that correspond to the objects in SNMP-TSM-MIB, has the following | |||
| structure: | structure: | |||
| +--rw snmp | +--rw snmp | |||
| +--rw tsm | +--rw tsm | |||
| +--rw use-prefix? boolean | +--rw use-prefix? boolean | |||
| It also augments the "/snmp/target-params/params" choice with nodes | It also augments the "/snmp/target-params/params" choice with nodes | |||
| for the SNMP Transport Security Model. | for the SNMP Transport Security Model. | |||
| +--rw snmp | +--rw snmp | |||
| +--rw target-params* [name] | +--rw target-params* [name] | |||
| ... | ... | |||
| +--rw (params)? | +--rw (params)? | |||
| +--:(tsm) | +--:(tsm) | |||
| +--rw tsm | +--rw tsm | |||
| +--rw security-name snmp:security-name | +--rw security-name snmp:security-name | |||
| +--rw security-level security-level | +--rw security-level security-level | |||
| This submodule defines the feature "tsm". A server implements this | This submodule defines the feature "tsm". A server implements this | |||
| feature if it supports the Transport Security Model (tsm) [RFC5591]. | feature if it supports the Transport Security Model (tsm) [RFC5591]. | |||
| 2.12. Transport Layer Security Transport Model Configuration | 2.12. Transport Layer Security Transport Model Configuration | |||
| The submodule "ietf-snmp-tls", which defines configuration parameters | The submodule "ietf-snmp-tls", which defines configuration parameters | |||
| that correspond to the objects in SNMP-TLS-TM-MIB, has the following | that correspond to the objects in SNMP-TLS-TM-MIB, has the following | |||
| structure: | structure: | |||
| +--rw snmp | +--rw snmp | |||
| ... | ... | |||
| +--rw target* [name] | +--rw target* [name] | |||
| | ... | | ... | |||
| | +--rw (transport) | | +--rw (transport) | |||
| | ... | | ... | |||
| | +--:(tls) | | +--:(tls) | |||
| | | +--rw tls | | | +--rw tls | |||
| | | +-- {common (d)tls transport params} | | | +-- {common (d)tls transport params} | |||
| | +--:(dtls) | | +--:(dtls) | |||
| | +--rw dtls | | +--rw dtls | |||
| | +-- {common (d)tls transport params} | | +-- {common (d)tls transport params} | |||
| +--rw tlstm | +--rw tlstm | |||
| +--rw cert-to-name* [id] | +--rw cert-to-name* [id] | |||
| +--rw id uint32 | +--rw id uint32 | |||
| +--rw fingerprint x509c2n:tls-fingerprint | +--rw fingerprint x509c2n:tls-fingerprint | |||
| +--rw map-type identityref | +--rw map-type identityref | |||
| +--rw name string | +--rw name string | |||
| The "{common (d)tls transport params}" are: | The "{common (d)tls transport params}" are: | |||
| +--rw ip? inet:host | +--rw ip? inet:host | |||
| +--rw port? inet:port-number | +--rw port? inet:port-number | |||
| +--rw client-fingerprint? x509c2n:tls-fingerprint | +--rw client-fingerprint? x509c2n:tls-fingerprint | |||
| +--rw server-fingerprint? x509c2n:tls-fingerprint | +--rw server-fingerprint? x509c2n:tls-fingerprint | |||
| +--rw server-identity? snmp:admin-string | +--rw server-identity? snmp:admin-string | |||
| It also augments the "/snmp/engine/listen" container with objects for | It also augments the "/snmp/engine/listen/transport" choice with | |||
| the D(TLS) transport endpoints: | objects for the D(TLS) transport endpoints: | |||
| +--rw snmp | +--rw snmp | |||
| +--rw engine | +--rw engine | |||
| ... | ... | |||
| +--rw listen | +--rw listen* [name] | |||
| ... | ... | |||
| +--rw tls* [ip port] | +--rw (transport) | |||
| | +--rw ip inet:ip-address | ... | |||
| | +--rw port inet:port-number | +--:(tls) | |||
| +--rw dtls* [ip port] | | +--rw tls | |||
| +--rw ip inet:ip-address | | +--rw ip inet:ip-address | |||
| +--rw port inet:port-number | | +--rw port? inet:port-number | |||
| +--:(dtls) | ||||
| +--rw dtls | ||||
| +--rw ip inet:ip-address | ||||
| +--rw port? inet:port-number | ||||
| This submodule defines the feature "tlstm". A server implements this | This submodule defines the feature "tlstm". A server implements this | |||
| feature if it supports the Transport Layer Security (TLS) Transport | feature if it supports the Transport Layer Security (TLS) Transport | |||
| Model (tlstm) [RFC6353]. | Model (tlstm) [RFC6353]. | |||
| 2.13. Secure Shell Transport Model Configuration | 2.13. Secure Shell Transport Model Configuration | |||
| The submodule "ietf-snmp-ssh", which defines configuration parameters | The submodule "ietf-snmp-ssh", which defines configuration parameters | |||
| that correspond to the objects in SNMP-SSH-TM-MIB, has the following | that correspond to the objects in SNMP-SSH-TM-MIB, has the following | |||
| structure: | structure: | |||
| +--rw snmp | +--rw snmp | |||
| ... | ... | |||
| +--rw target* [name] | +--rw target* [name] | |||
| ... | ... | |||
| +--rw (transport) | +--rw (transport) | |||
| ... | ... | |||
| +--:(ssh) | +--:(ssh) | |||
| +--rw ssh | +--rw ssh | |||
| +--rw ip inet:host | +--rw ip inet:host | |||
| +--rw port? inet:port-number | +--rw port? inet:port-number | |||
| +--rw username? string | +--rw username? string | |||
| It also augments the "/snmp/engine/listen" container with objects for | It also augments the "/snmp/engine/listen/transport" choice with | |||
| the SSH transport endpoints: | objects for the SSH transport endpoints: | |||
| +--rw snmp | +--rw snmp | |||
| +--rw engine | +--rw engine | |||
| ... | ... | |||
| +--rw listen | +--rw listen* [name] | |||
| ... | ... | |||
| +--rw ssh* [ip port] | +--rw (transport) | |||
| ... | ||||
| +--:(ssh) | ||||
| +--rw ssh | ||||
| +--rw ip inet:host | ||||
| +--rw port? inet:port-number | ||||
| +--rw username? string | ||||
| This submodule defines the feature "sshtm". A server implements this | This submodule defines the feature "sshtm". A server implements this | |||
| feature if it supports the Secure Shell (SSH) Transport Model (sshtm) | feature if it supports the Secure Shell (SSH) Transport Model (sshtm) | |||
| [RFC5592]. | [RFC5592]. | |||
| 3. Implementation Guidelines | 3. Implementation Guidelines | |||
| This section describes some challenges for implementations that | This section describes some challenges for implementations that | |||
| support both the YANG models defined in this document, and either | support both the YANG models defined in this document, and either | |||
| read-write or read-only SNMP access to the same data, using the | read-write or read-only SNMP access to the same data, using the | |||
| skipping to change at page 18, line 21 | skipping to change at page 18, line 21 | |||
| // RFC Ed.: replace XXXX with actual RFC number and remove this | // RFC Ed.: replace XXXX with actual RFC number and remove this | |||
| // note. | // note. | |||
| reference | reference | |||
| "RFC6353: Transport Layer Security (TLS) Transport Model for | "RFC6353: Transport Layer Security (TLS) Transport Model for | |||
| the Simple Network Management Protocol (SNMP)"; | the Simple Network Management Protocol (SNMP)"; | |||
| // RFC Ed.: update the date below with the date of RFC publication | // RFC Ed.: update the date below with the date of RFC publication | |||
| // and remove this note. | // and remove this note. | |||
| revision 2014-02-09 { | revision 2014-05-06 { | |||
| description | description | |||
| "Initial revision."; | "Initial revision."; | |||
| reference | reference | |||
| "RFC XXXX: A YANG Data Model for SNMP Configuration"; | "RFC XXXX: A YANG Data Model for SNMP Configuration"; | |||
| } | } | |||
| typedef tls-fingerprint { | typedef tls-fingerprint { | |||
| type yang:hex-string { | type yang:hex-string { | |||
| pattern '([0-9a-fA-F]){2}(:([0-9a-fA-F]){2}){0,254}'; | pattern '([0-9a-fA-F]){2}(:([0-9a-fA-F]){2}){0,254}'; | |||
| skipping to change at page 23, line 11 | skipping to change at page 23, line 11 | |||
| <CODE BEGINS> file "ietf-snmp.yang" | <CODE BEGINS> file "ietf-snmp.yang" | |||
| module ietf-snmp { | module ietf-snmp { | |||
| namespace "urn:ietf:params:xml:ns:yang:ietf-snmp"; | namespace "urn:ietf:params:xml:ns:yang:ietf-snmp"; | |||
| prefix snmp; | prefix snmp; | |||
| // RFC Ed.: update the dates below with the date of RFC publication | // RFC Ed.: update the dates below with the date of RFC publication | |||
| // and remove this note. | // and remove this note. | |||
| include ietf-snmp-common { | include ietf-snmp-common { | |||
| revision-date 2014-02-09; | revision-date 2014-05-06; | |||
| } | } | |||
| include ietf-snmp-engine { | include ietf-snmp-engine { | |||
| revision-date 2014-02-09; | revision-date 2014-05-06; | |||
| } | } | |||
| include ietf-snmp-target { | include ietf-snmp-target { | |||
| revision-date 2014-02-09; | revision-date 2014-05-06; | |||
| } | } | |||
| include ietf-snmp-notification { | include ietf-snmp-notification { | |||
| revision-date 2014-02-09; | revision-date 2014-05-06; | |||
| } | } | |||
| include ietf-snmp-proxy { | include ietf-snmp-proxy { | |||
| revision-date 2014-02-09; | revision-date 2014-05-06; | |||
| } | } | |||
| include ietf-snmp-community { | include ietf-snmp-community { | |||
| revision-date 2014-02-09; | revision-date 2014-05-06; | |||
| } | } | |||
| include ietf-snmp-usm { | include ietf-snmp-usm { | |||
| revision-date 2014-02-09; | revision-date 2014-05-06; | |||
| } | } | |||
| include ietf-snmp-tsm { | include ietf-snmp-tsm { | |||
| revision-date 2014-02-09; | revision-date 2014-05-06; | |||
| } | } | |||
| include ietf-snmp-vacm { | include ietf-snmp-vacm { | |||
| revision-date 2014-02-09; | revision-date 2014-05-06; | |||
| } | } | |||
| include ietf-snmp-tls { | include ietf-snmp-tls { | |||
| revision-date 2014-02-09; | revision-date 2014-05-06; | |||
| } | } | |||
| include ietf-snmp-ssh { | include ietf-snmp-ssh { | |||
| revision-date 2014-02-09; | revision-date 2014-05-06; | |||
| } | } | |||
| organization | organization | |||
| "IETF NETMOD (NETCONF Data Modeling Language) Working Group"; | "IETF NETMOD (NETCONF Data Modeling Language) Working Group"; | |||
| contact | contact | |||
| "WG Web: <http://tools.ietf.org/wg/netmod/> | "WG Web: <http://tools.ietf.org/wg/netmod/> | |||
| WG List: <mailto:netmod@ietf.org> | WG List: <mailto:netmod@ietf.org> | |||
| WG Chair: Thomas Nadeau | WG Chair: Thomas Nadeau | |||
| skipping to change at page 24, line 38 | skipping to change at page 24, line 38 | |||
| This version of this YANG module is part of RFC XXXX; see | This version of this YANG module is part of RFC XXXX; see | |||
| the RFC itself for full legal notices."; | the RFC itself for full legal notices."; | |||
| // RFC Ed.: replace XXXX with actual RFC number and remove this | // RFC Ed.: replace XXXX with actual RFC number and remove this | |||
| // note. | // note. | |||
| // RFC Ed.: update the date below with the date of RFC publication | // RFC Ed.: update the date below with the date of RFC publication | |||
| // and remove this note. | // and remove this note. | |||
| revision 2014-02-09 { | revision 2014-05-06 { | |||
| description | description | |||
| "Initial revision."; | "Initial revision."; | |||
| reference | reference | |||
| "RFC XXXX: A YANG Data Model for SNMP Configuration"; | "RFC XXXX: A YANG Data Model for SNMP Configuration"; | |||
| } | } | |||
| } | } | |||
| <CODE ENDS> | <CODE ENDS> | |||
| skipping to change at page 26, line 12 | skipping to change at page 26, line 12 | |||
| This version of this YANG module is part of RFC XXXX; see | This version of this YANG module is part of RFC XXXX; see | |||
| the RFC itself for full legal notices."; | the RFC itself for full legal notices."; | |||
| // RFC Ed.: replace XXXX with actual RFC number and remove this | // RFC Ed.: replace XXXX with actual RFC number and remove this | |||
| // note. | // note. | |||
| // RFC Ed.: update the date below with the date of RFC publication | // RFC Ed.: update the date below with the date of RFC publication | |||
| // and remove this note. | // and remove this note. | |||
| revision 2014-02-09 { | revision 2014-05-06 { | |||
| description | description | |||
| "Initial revision."; | "Initial revision."; | |||
| reference | reference | |||
| "RFC XXXX: A YANG Data Model for SNMP Configuration"; | "RFC XXXX: A YANG Data Model for SNMP Configuration"; | |||
| } | } | |||
| /* Collection of SNMP specific data types */ | /* Collection of SNMP specific data types */ | |||
| typedef admin-string { | typedef admin-string { | |||
| type string { | type string { | |||
| skipping to change at page 30, line 13 | skipping to change at page 30, line 13 | |||
| (http://trustee.ietf.org/license-info). | (http://trustee.ietf.org/license-info). | |||
| This version of this YANG module is part of RFC XXXX; see | This version of this YANG module is part of RFC XXXX; see | |||
| the RFC itself for full legal notices."; | the RFC itself for full legal notices."; | |||
| // RFC Ed.: replace XXXX with actual RFC number and remove this | // RFC Ed.: replace XXXX with actual RFC number and remove this | |||
| // note. | // note. | |||
| // RFC Ed.: update the date below with the date of RFC publication | // RFC Ed.: update the date below with the date of RFC publication | |||
| // and remove this note. | // and remove this note. | |||
| revision 2014-02-09 { | revision 2014-05-06 { | |||
| description | description | |||
| "Initial revision."; | "Initial revision."; | |||
| reference | reference | |||
| "RFC XXXX: A YANG Data Model for SNMP Configuration"; | "RFC XXXX: A YANG Data Model for SNMP Configuration"; | |||
| } | } | |||
| augment /snmp:snmp { | augment /snmp:snmp { | |||
| container engine { | container engine { | |||
| description | description | |||
| "Configuration of the SNMP engine."; | "Configuration of the SNMP engine."; | |||
| leaf enabled { | leaf enabled { | |||
| type boolean; | type boolean; | |||
| default "false"; | default "false"; | |||
| description | description | |||
| "Enables the SNMP engine."; | "Enables the SNMP engine."; | |||
| } | } | |||
| container listen { | list listen { | |||
| key "name"; | ||||
| description | description | |||
| "Configuration of the transport endpoints on which the | "Configuration of the transport endpoints on which the | |||
| engine listens. Submodules providing configuration for | engine listens."; | |||
| additional transports are expected to augment this | ||||
| container."; | ||||
| list udp { | leaf name { | |||
| key "ip port"; | type snmp:identifier; | |||
| description | description | |||
| "A list of IPv4 and IPv6 addresses and ports to which the | "An arbitrary name for the list entry."; | |||
| engine listens."; | } | |||
| leaf ip { | choice transport { | |||
| type inet:ip-address; | mandatory true; | |||
| description | description | |||
| "The IPv4 or IPv6 address on which the engine | "The transport protocol specific parameters for this | |||
| listens."; | endpoint. Submodules providing configuration for | |||
| additional transports are expected to augment this | ||||
| choice."; | ||||
| case udp { | ||||
| container udp { | ||||
| leaf ip { | ||||
| type inet:ip-address; | ||||
| mandatory true; | ||||
| description | ||||
| "The IPv4 or IPv6 address on which the engine | ||||
| listens."; | ||||
| } | ||||
| leaf port { | ||||
| type inet:port-number; | ||||
| description | ||||
| "The UDP port on which the engine listens. | ||||
| } | If the port is not configured, an engine that | |||
| leaf port { | acts as a Command Responder uses port 161, and | |||
| type inet:port-number; | an engine that acts as a Notification Receiver | |||
| description | uses port 162."; | |||
| "The UDP port on which the engine listens."; | } | |||
| } | ||||
| } | } | |||
| } | } | |||
| } | } | |||
| container version { | container version { | |||
| description | description | |||
| "SNMP version used by the engine"; | "SNMP version used by the engine"; | |||
| leaf v1 { | leaf v1 { | |||
| type empty; | type empty; | |||
| } | } | |||
| skipping to change at page 33, line 17 | skipping to change at page 33, line 35 | |||
| // RFC Ed.: replace XXXX with actual RFC number and remove this | // RFC Ed.: replace XXXX with actual RFC number and remove this | |||
| // note. | // note. | |||
| reference | reference | |||
| "RFC3413: Simple Network Management Protocol (SNMP) | "RFC3413: Simple Network Management Protocol (SNMP) | |||
| Applications"; | Applications"; | |||
| // RFC Ed.: update the date below with the date of RFC publication | // RFC Ed.: update the date below with the date of RFC publication | |||
| // and remove this note. | // and remove this note. | |||
| revision 2014-02-09 { | revision 2014-05-06 { | |||
| description | description | |||
| "Initial revision."; | "Initial revision."; | |||
| reference | reference | |||
| "RFC XXXX: A YANG Data Model for SNMP Configuration"; | "RFC XXXX: A YANG Data Model for SNMP Configuration"; | |||
| } | } | |||
| augment /snmp:snmp { | augment /snmp:snmp { | |||
| list target { | list target { | |||
| key name; | key name; | |||
| skipping to change at page 37, line 5 | skipping to change at page 37, line 22 | |||
| // RFC Ed.: replace XXXX with actual RFC number and remove this | // RFC Ed.: replace XXXX with actual RFC number and remove this | |||
| // note. | // note. | |||
| reference | reference | |||
| "RFC3413: Simple Network Management Protocol (SNMP) | "RFC3413: Simple Network Management Protocol (SNMP) | |||
| Applications"; | Applications"; | |||
| // RFC Ed.: update the date below with the date of RFC publication | // RFC Ed.: update the date below with the date of RFC publication | |||
| // and remove this note. | // and remove this note. | |||
| revision 2014-02-09 { | revision 2014-05-06 { | |||
| description | description | |||
| "Initial revision."; | "Initial revision."; | |||
| reference | reference | |||
| "RFC XXXX: A YANG Data Model for SNMP Configuration"; | "RFC XXXX: A YANG Data Model for SNMP Configuration"; | |||
| } | } | |||
| feature notification-filter { | feature notification-filter { | |||
| description | description | |||
| "A server implements this feature if it supports SNMP | "A server implements this feature if it supports SNMP | |||
| notification filtering."; | notification filtering."; | |||
| skipping to change at page 40, line 43 | skipping to change at page 41, line 15 | |||
| // RFC Ed.: replace XXXX with actual RFC number and remove this | // RFC Ed.: replace XXXX with actual RFC number and remove this | |||
| // note. | // note. | |||
| reference | reference | |||
| "RFC3413: Simple Network Management Protocol (SNMP) | "RFC3413: Simple Network Management Protocol (SNMP) | |||
| Applications"; | Applications"; | |||
| // RFC Ed.: update the date below with the date of RFC publication | // RFC Ed.: update the date below with the date of RFC publication | |||
| // and remove this note. | // and remove this note. | |||
| revision 2014-02-09 { | revision 2014-05-06 { | |||
| description | description | |||
| "Initial revision."; | "Initial revision."; | |||
| reference | reference | |||
| "RFC XXXX: A YANG Data Model for SNMP Configuration"; | "RFC XXXX: A YANG Data Model for SNMP Configuration"; | |||
| } | } | |||
| feature proxy { | feature proxy { | |||
| description | description | |||
| "A server implements this feature if it can act as an | "A server implements this feature if it can act as an | |||
| SNMP Proxy"; | SNMP Proxy"; | |||
| skipping to change at page 43, line 41 | skipping to change at page 44, line 12 | |||
| // RFC Ed.: replace XXXX with actual RFC number and remove this | // RFC Ed.: replace XXXX with actual RFC number and remove this | |||
| // note. | // note. | |||
| reference | reference | |||
| "RFC3584: Coexistence between Version 1, Version 2, and Version 3 | "RFC3584: Coexistence between Version 1, Version 2, and Version 3 | |||
| of the Internet-standard Network Management Framework"; | of the Internet-standard Network Management Framework"; | |||
| // RFC Ed.: update the date below with the date of RFC publication | // RFC Ed.: update the date below with the date of RFC publication | |||
| // and remove this note. | // and remove this note. | |||
| revision 2014-02-09 { | revision 2014-05-06 { | |||
| description | description | |||
| "Initial revision."; | "Initial revision."; | |||
| reference | reference | |||
| "RFC XXXX: A YANG Data Model for SNMP Configuration"; | "RFC XXXX: A YANG Data Model for SNMP Configuration"; | |||
| } | } | |||
| augment /snmp:snmp { | augment /snmp:snmp { | |||
| list community { | list community { | |||
| key index; | key index; | |||
| skipping to change at page 48, line 8 | skipping to change at page 48, line 28 | |||
| // RFC Ed.: replace XXXX with actual RFC number and remove this | // RFC Ed.: replace XXXX with actual RFC number and remove this | |||
| // note. | // note. | |||
| reference | reference | |||
| "RFC3415: View-based Access Control Model (VACM) for the | "RFC3415: View-based Access Control Model (VACM) for the | |||
| Simple Network Management Protocol (SNMP)"; | Simple Network Management Protocol (SNMP)"; | |||
| // RFC Ed.: update the date below with the date of RFC publication | // RFC Ed.: update the date below with the date of RFC publication | |||
| // and remove this note. | // and remove this note. | |||
| revision 2014-02-09 { | revision 2014-05-06 { | |||
| description | description | |||
| "Initial revision."; | "Initial revision."; | |||
| reference | reference | |||
| "RFC XXXX: A YANG Data Model for SNMP Configuration"; | "RFC XXXX: A YANG Data Model for SNMP Configuration"; | |||
| } | } | |||
| typedef view-name { | typedef view-name { | |||
| type snmp:identifier; | type snmp:identifier; | |||
| description | description | |||
| "The view-name type represents an SNMP VACM view name."; | "The view-name type represents an SNMP VACM view name."; | |||
| skipping to change at page 53, line 41 | skipping to change at page 54, line 12 | |||
| // RFC Ed.: replace XXXX with actual RFC number and remove this | // RFC Ed.: replace XXXX with actual RFC number and remove this | |||
| // note. | // note. | |||
| reference | reference | |||
| "RFC3414: User-based Security Model (USM) for version 3 of the | "RFC3414: User-based Security Model (USM) for version 3 of the | |||
| Simple Network Management Protocol (SNMPv3)."; | Simple Network Management Protocol (SNMPv3)."; | |||
| // RFC Ed.: update the date below with the date of RFC publication | // RFC Ed.: update the date below with the date of RFC publication | |||
| // and remove this note. | // and remove this note. | |||
| revision 2014-02-09 { | revision 2014-05-06 { | |||
| description | description | |||
| "Initial revision."; | "Initial revision."; | |||
| reference | reference | |||
| "RFC XXXX: A YANG Data Model for SNMP Configuration"; | "RFC XXXX: A YANG Data Model for SNMP Configuration"; | |||
| } | } | |||
| grouping key { | grouping key { | |||
| leaf key { | leaf key { | |||
| type yang:hex-string; | type yang:hex-string; | |||
| mandatory true; | mandatory true; | |||
| skipping to change at page 57, line 35 | skipping to change at page 58, line 5 | |||
| // RFC Ed.: replace XXXX with actual RFC number and remove this | // RFC Ed.: replace XXXX with actual RFC number and remove this | |||
| // note. | // note. | |||
| reference | reference | |||
| "RFC5591: Transport Security Model for the | "RFC5591: Transport Security Model for the | |||
| Simple Network Management Protocol (SNMP)"; | Simple Network Management Protocol (SNMP)"; | |||
| // RFC Ed.: update the date below with the date of RFC publication | // RFC Ed.: update the date below with the date of RFC publication | |||
| // and remove this note. | // and remove this note. | |||
| revision 2014-02-09 { | revision 2014-05-06 { | |||
| description | description | |||
| "Initial revision."; | "Initial revision."; | |||
| reference | reference | |||
| "RFC XXXX: A YANG Data Model for SNMP Configuration"; | "RFC XXXX: A YANG Data Model for SNMP Configuration"; | |||
| } | } | |||
| feature tsm { | feature tsm { | |||
| description | description | |||
| "A server implements this feature if it supports the | "A server implements this feature if it supports the | |||
| Transport Security Model for SNMP."; | Transport Security Model for SNMP."; | |||
| skipping to change at page 60, line 25 | skipping to change at page 60, line 40 | |||
| // RFC Ed.: replace XXXX with actual RFC number and remove this | // RFC Ed.: replace XXXX with actual RFC number and remove this | |||
| // note. | // note. | |||
| reference | reference | |||
| "RFC6353: Transport Layer Security (TLS) Transport Model for | "RFC6353: Transport Layer Security (TLS) Transport Model for | |||
| the Simple Network Management Protocol (SNMP)"; | the Simple Network Management Protocol (SNMP)"; | |||
| // RFC Ed.: update the date below with the date of RFC publication | // RFC Ed.: update the date below with the date of RFC publication | |||
| // and remove this note. | // and remove this note. | |||
| revision 2014-02-09 { | revision 2014-05-06 { | |||
| description | description | |||
| "Initial revision."; | "Initial revision."; | |||
| reference | reference | |||
| "RFC XXXX: A YANG Data Model for SNMP Configuration"; | "RFC XXXX: A YANG Data Model for SNMP Configuration"; | |||
| } | } | |||
| feature tlstm { | feature tlstm { | |||
| description | description | |||
| "A server implements this feature if it supports the | "A server implements this feature if it supports the | |||
| Transport Layer Security Transport Model for SNMP."; | Transport Layer Security Transport Model for SNMP."; | |||
| reference | reference | |||
| "RFC6353: Transport Layer Security (TLS) Transport Model for | "RFC6353: Transport Layer Security (TLS) Transport Model for | |||
| the Simple Network Management Protocol (SNMP)"; | the Simple Network Management Protocol (SNMP)"; | |||
| } | } | |||
| augment /snmp:snmp/snmp:engine/snmp:listen { | augment /snmp:snmp/snmp:engine/snmp:listen/snmp:transport { | |||
| if-feature tlstm; | if-feature tlstm; | |||
| list tls { | case tls { | |||
| key "ip port"; | container tls { | |||
| description | ||||
| "A list of IPv4 and IPv6 addresses and ports to which the | ||||
| engine listens for SNMP messages over TLS."; | ||||
| leaf ip { | ||||
| type inet:ip-address; | ||||
| description | ||||
| "The IPv4 or IPv6 address on which the engine listens | ||||
| for SNMP messages over TLS."; | ||||
| } | ||||
| leaf port { | ||||
| type inet:port-number; | ||||
| description | description | |||
| "The TCP port on which the engine listens for SNMP | "A list of IPv4 and IPv6 addresses and ports to which the | |||
| messages over TLS."; | engine listens for SNMP messages over TLS."; | |||
| } | ||||
| } | ||||
| list dtls { | ||||
| key "ip port"; | ||||
| description | ||||
| "A list of IPv4 and IPv6 addresses and ports to which the | ||||
| engine listens for SNMP messages over DTLS."; | ||||
| leaf ip { | leaf ip { | |||
| type inet:ip-address; | type inet:ip-address; | |||
| description | mandatory true; | |||
| "The IPv4 or IPv6 address on which the engine listens | description | |||
| for SNMP messages over DTLS."; | "The IPv4 or IPv6 address on which the engine listens | |||
| for SNMP messages over TLS."; | ||||
| } | ||||
| leaf port { | ||||
| type inet:port-number; | ||||
| description | ||||
| "The TCP port on which the engine listens for SNMP | ||||
| messages over TLS. | ||||
| If the port is not configured, an engine that | ||||
| acts as a Command Responder uses port 10161, and | ||||
| an engine that acts as a Notification Receiver | ||||
| uses port 10162."; | ||||
| } | ||||
| } | } | |||
| leaf port { | } | |||
| type inet:port-number; | case dtls { | |||
| container dtls { | ||||
| description | description | |||
| "The UDP port on which the engine listens for SNMP messages | "A list of IPv4 and IPv6 addresses and ports to which the | |||
| over DTLS."; | engine listens for SNMP messages over DTLS."; | |||
| leaf ip { | ||||
| type inet:ip-address; | ||||
| mandatory true; | ||||
| description | ||||
| "The IPv4 or IPv6 address on which the engine listens | ||||
| for SNMP messages over DTLS."; | ||||
| } | ||||
| leaf port { | ||||
| type inet:port-number; | ||||
| description | ||||
| "The UDP port on which the engine listens for SNMP | ||||
| messages over DTLS. | ||||
| If the port is not configured, an engine that | ||||
| acts as a Command Responder uses port 10161, and | ||||
| an engine that acts as a Notification Receiver | ||||
| uses port 10162."; | ||||
| } | ||||
| } | } | |||
| } | } | |||
| } | } | |||
| augment /snmp:snmp { | augment /snmp:snmp { | |||
| if-feature tlstm; | if-feature tlstm; | |||
| container tlstm { | container tlstm { | |||
| uses x509c2n:cert-to-name { | uses x509c2n:cert-to-name { | |||
| description | description | |||
| "Defines how certificates are mapped to names. The | "Defines how certificates are mapped to names. The | |||
| skipping to change at page 64, line 25 | skipping to change at page 65, line 8 | |||
| // RFC Ed.: replace XXXX with actual RFC number and remove this | // RFC Ed.: replace XXXX with actual RFC number and remove this | |||
| // note. | // note. | |||
| reference | reference | |||
| "RFC5592: Secure Shell Transport Model for the | "RFC5592: Secure Shell Transport Model for the | |||
| Simple Network Management Protocol (SNMP)"; | Simple Network Management Protocol (SNMP)"; | |||
| // RFC Ed.: update the date below with the date of RFC publication | // RFC Ed.: update the date below with the date of RFC publication | |||
| // and remove this note. | // and remove this note. | |||
| revision 2014-02-09 { | revision 2014-05-06 { | |||
| description | description | |||
| "Initial revision."; | "Initial revision."; | |||
| reference | reference | |||
| "RFC XXXX: A YANG Data Model for SNMP Configuration"; | "RFC XXXX: A YANG Data Model for SNMP Configuration"; | |||
| } | } | |||
| feature sshtm { | feature sshtm { | |||
| description | description | |||
| "A server implements this feature if it supports the | "A server implements this feature if it supports the | |||
| Secure Shell Transport Model for SNMP."; | Secure Shell Transport Model for SNMP."; | |||
| reference | reference | |||
| "RFC5592: Secure Shell Transport Model for the | "RFC5592: Secure Shell Transport Model for the | |||
| Simple Network Management Protocol (SNMP)"; | Simple Network Management Protocol (SNMP)"; | |||
| } | } | |||
| augment /snmp:snmp/snmp:engine/snmp:listen { | augment /snmp:snmp/snmp:engine/snmp:listen/snmp:transport { | |||
| if-feature sshtm; | if-feature sshtm; | |||
| list ssh { | case ssh { | |||
| key "ip port"; | container ssh { | |||
| description | ||||
| "A list of IPv4 and IPv6 addresses and ports to which the | ||||
| engine listens for SNMP messages over SSH."; | ||||
| leaf ip { | ||||
| type inet:ip-address; | ||||
| description | ||||
| "The IPv4 or IPv6 address on which the engine listens | ||||
| for SNMP messages over SSH."; | ||||
| } | ||||
| leaf port { | ||||
| type inet:port-number; | ||||
| description | description | |||
| "The TCP port on which the engine listens for SNMP | "The IPv4 or IPv6 address and port to which the | |||
| messages over SSH."; | engine listens for SNMP messages over SSH."; | |||
| leaf ip { | ||||
| type inet:ip-address; | ||||
| mandatory true; | ||||
| description | ||||
| "The IPv4 or IPv6 address on which the engine listens | ||||
| for SNMP messages over SSH."; | ||||
| } | ||||
| leaf port { | ||||
| type inet:port-number; | ||||
| description | ||||
| "The TCP port on which the engine listens for SNMP | ||||
| messages over SSH. | ||||
| If the port is not configured, an engine that | ||||
| acts as a Command Responder uses port 5161, and | ||||
| an engine that acts as a Notification Receiver | ||||
| uses port 5162."; | ||||
| } | ||||
| } | } | |||
| } | } | |||
| } | } | |||
| augment /snmp:snmp/snmp:target/snmp:transport { | augment /snmp:snmp/snmp:target/snmp:transport { | |||
| if-feature sshtm; | if-feature sshtm; | |||
| case ssh { | case ssh { | |||
| reference "SNMP-SSH-TM-MIB.snmpSSHDomain"; | reference "SNMP-SSH-TM-MIB.snmpSSHDomain"; | |||
| container ssh { | container ssh { | |||
| leaf ip { | leaf ip { | |||
| type inet:host; | type inet:host; | |||
| mandatory true; | mandatory true; | |||
| reference "SNMP-TARGET-MIB.snmpTargetAddrTAddress | reference "SNMP-TARGET-MIB.snmpTargetAddrTAddress | |||
| SNMP-SSH-TM-MIB.SnmpSSHAddress"; | SNMP-SSH-TM-MIB.SnmpSSHAddress"; | |||
| skipping to change at page 74, line 17 | skipping to change at page 75, line 17 | |||
| A.1. Engine Configuration Example | A.1. Engine Configuration Example | |||
| Below is an XML instance document showing a configuration of an SNMP | Below is an XML instance document showing a configuration of an SNMP | |||
| engine listening on UDP port 161 on IPv4 and IPv6 endpoints and | engine listening on UDP port 161 on IPv4 and IPv6 endpoints and | |||
| accepting SNMPv2c and SNMPv3 messages. | accepting SNMPv2c and SNMPv3 messages. | |||
| <snmp xmlns="urn:ietf:params:xml:ns:yang:ietf-snmp"> | <snmp xmlns="urn:ietf:params:xml:ns:yang:ietf-snmp"> | |||
| <engine> | <engine> | |||
| <enabled>true</enabled> | <enabled>true</enabled> | |||
| <listen> | <listen> | |||
| <name>all-ipv4-udp</name> | ||||
| <udp> | <udp> | |||
| <ip>0.0.0.0</ip> | <ip>0.0.0.0</ip> | |||
| <port>161</port> | <port>161</port> | |||
| </udp> | </udp> | |||
| </listen> | ||||
| <listen> | ||||
| <name>all-ipv6-udp</name> | ||||
| <udp> | <udp> | |||
| <ip>::</ip> | <ip>::</ip> | |||
| <port>161</port> | <port>161</port> | |||
| </udp> | </udp> | |||
| </listen> | </listen> | |||
| <version> | <version> | |||
| <v2c/> | <v2c/> | |||
| <v3/> | <v3/> | |||
| </version> | </version> | |||
| <engine-id>80:00:02:b8:04:61:62:63</engine-id> | <engine-id>80:00:02:b8:04:61:62:63</engine-id> | |||
| End of changes. 69 change blocks. | ||||
| 206 lines changed or deleted | 259 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||