module ieee802-dot1x-types { namespace "urn:ieee:std:802.1X:yang:ieee802-dot1x-types"; prefix "dot1x-types"; organization "Institute of Electrical and Electronics Engineers"; contact "WG-URL: http://www.ieee802.org/1 WG-EMail: stds-802-1-L@ieee.org Contact: IEEE 802.1 Working Group Chair Postal: C/O IEEE 802.1 Working Group IEEE Standards Association 445 Hoes Lane Piscataway NJ 08854 USA E-mail: STDS-802-1-L@LISTSERV.IEEE.ORG"; description "Port-based network access control allows a network administrator to restrict the use of IEEE 802 LAN service access points (ports) to secure communication between authenticated and authorized devices. IEEE Std 802.1X specifies an architecture, functional elements, and protocols that support mutual authentication between the clients of ports attached to the same LAN and secure communication between the ports. The following control allows a port to be reinitialized, terminating (and potentially restarting) authentication exchanges and MKA operation, based on a data model described in a set of YANG modules."; revision 2020-02-18 { description "Updated Contact information."; } revision 2019-05-28 { description "Updates based upon comment resolution on draft D1.0 of P802.1X-Rev."; reference "IEEE Std 802.1X-2020, Port-Based Network Access Control."; } /* ---------------------------------------------- * Type definitions used by dot1X YANG module * ---------------------------------------------- */ typedef pae-nid { type string { length "0..100"; } description "Network Identity, which is a UTF-8 string identifying a network or network service."; reference "IEEE 802.1X-2020 Clause 3, Clause 10.1, Clause 12.6"; } typedef pae-session-user-name { type string { length "0..253"; } description "Session user name, which is a UTF-8 string, representing the identity of the peer Supplicant."; reference "IEEE 802.1X-2020 Clause 12.5.1"; } typedef pae-session-id { type string { length "3..253"; } description "Session Identifier, which is a UTF-8 string, uniquely identifying the session within the context of the PAE's system."; reference "IEEE 802.1X-2020 Clause 12.5.1"; } typedef pae-nid-capabilities { type bits { bit eap { position 0; description "EAP"; } bit eapMka { position 1; description "EAP + MKA"; } bit eapMkaMacSec { position 2; description "EAP + MKA + MACsec"; } bit mka { position 3; description "MKA"; } bit mkaMacSec { position 4; description "MKA + MACsec"; } bit higherLayer { position 5; description "Higher Layer (WebAuth)"; } bit higherLayerFallback { position 6; description "Higher Layer Fallback (WebAuth)"; } bit vendorSpecific { position 7; description "Vendor specific authentication mechanisms"; } } description "Authentication and protection capabilities supported for the NID. Indicates the combinations of authentication and protection capabilities supported for the NID. Any set of these combinations can be supported."; reference "IEEE 802.1X-2020 Clause 10.1, Clause 11.12.3"; } typedef pae-access-status { type enumeration { enum no-access { description "Other than to authentication services, and to services announced as available in the absence of authentication (unauthenticated)."; } enum remedial-access { description "The access granted is severely limited, possibly to remedial services."; } enum restricted-access { description "The Controlled Port is operational, but restrictions have been applied by the network that can limit access to some resources."; } enum expected-access { description "The Controlled Port is operational, and access provided is as expected for successful authentication and authorization for the NID."; } } description "Indicates the transmitter's Controlled Port operational status and current level of access resulting from authentication and the consequent authorization controls applied by that port's clients."; reference "IEEE 802.1X-2020 Clause 10.4, Clause 12.5"; } typedef mka-kn { type uint32; description "Indicates a Key Number (KN) used in MKA. It is assigned by the Key Server (sequentially beginning with 1)."; reference "IEEE 802.1X-2020 Clause 9.8, Clause 9.16"; } typedef mka-an { type uint32; description "A number that is concatenated with a MACsec Secure Channel Identifier to identify a Secure Association. Indicates an Association Number (AN) assigned by the Key Server for use with the key number for transmission."; reference "IEEE 802.1X-2020 Clause 9.8, Clause 9.16"; } typedef pae-ckn { type string { length "1..32"; } description "Indicates the CAK name to identify the Connectivity Association Key (CAK) which is the root key in the MACsec Key Agreement key hierarchy. All potential members of the CA use the same CKN."; reference "IEEE 802.1X-2020 Clause 9.3.1, Clause 6.2"; } typedef pae-kmd { type string { length "0..253"; } description "A Key Management Domain (KMD). A string of up to 253 UTF-8 characters that names the transmitting authenticator's key management domain."; reference "IEEE Clause 12.6"; } typedef pae-auth-data { type string; description "Authorization data associated with the CAK."; reference "IEEE 802.1X-2020 Clause 9.16"; } typedef sci-list-entry { type string { length "8"; } description "8 octet string, where the first 6 octets represents the MAC Address (in canonical format), and the next 2 octets represents the Port Identifier."; reference "IEEE 802.1AE Clause 7.1.2, Clause 10.7.1"; } typedef pae-if-index { type int32 { range "1..2147483647"; } description "The interface index value represented by this interface."; } } // ieee802-dot1x-types