submodule ietf-snmp-usm {
belongs-to ietf-snmp {
prefix snmp;
}
include ietf-snmp-common;
include ietf-snmp-target;
include ietf-snmp-proxy;
organization
"IETF NETMOD (NETCONF Data Modeling Language) Working Group";
contact
"WG Web:
WG List:
WG Chair: David Kessens
WG Chair: Juergen Schoenwaelder
Editor: Martin Bjorklund
Editor: Juergen Schoenwaelder
";
description
"This submodule contains a collection of YANG definitions for
configuring the User-based Security Model (USM) of SNMP.
Copyright (c) 2011 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices.";
// RFC Ed.: replace XXXX with actual RFC number and remove this
// note.
reference
"RFC3414: User-based Security Model (USM) for version 3 of the
Simple Network Management Protocol (SNMPv3).";
// RFC Ed.: update the date below with the date of RFC publication
// and remove this note.
revision 2012-06-05 {
description
"Initial revision.";
reference
"RFC XXXX: A YANG Data Model for SNMP Configuration";
}
grouping key {
leaf key {
type string {
pattern '([0-9a-fA-F]){2}(:([0-9a-fA-F]){2})*';
}
mandatory true;
description
"Localized key specified as a list of colon-specified
hexa-decimal octets";
}
}
grouping user-list {
list user {
key "name";
reference "SNMP-USER-BASED-SM-MIB.usmUserTable";
leaf name {
type snmp:identifier;
reference "SNMP-USER-BASED-SM-MIB.usmUserName";
}
container auth {
presence "enables authentication";
description
"Enables authentication of the user";
choice protocol {
mandatory true;
reference "SNMP-USER-BASED-SM-MIB.usmUserAuthProtocol";
container md5 {
uses key;
reference
"SNMP-USER-BASED-SM-MIB.usmHMACMD5AuthProtocol";
}
container sha {
uses key;
reference
"SNMP-USER-BASED-SM-MIB.usmHMACSHAAuthProtocol";
}
}
}
container priv {
must "../auth" {
error-message
"when privacy is used, authentication must also be used";
}
presence "enables encryption";
description
"Enables encryption of SNMP messages.";
choice protocol {
mandatory true;
reference "SNMP-USER-BASED-SM-MIB.usmUserPrivProtocol";
container des {
uses key;
reference "SNMP-USER-BASED-SM-MIB.usmDESPrivProtocol";
}
container aes {
uses key;
reference "SNMP-USM-AES-MIB.usmAesCfb128Protocol";
}
}
}
}
}
augment /snmp:snmp {
container usm {
description
"Configuration of the User-based Security Model";
container local {
uses user-list;
}
list remote {
key "engine-id";
leaf engine-id {
type snmp:engine-id;
reference "SNMP-USER-BASED-SM-MIB.usmUserEngineID";
}
uses user-list;
}
}
}
grouping usm-target-params {
container usm {
description
"User based SNMPv3 parameters type.
Represents snmpTargetParamsMPModel '3' and
snmpTargetParamsSecurityModel '3'";
leaf user-name {
type snmp:security-name;
mandatory true;
reference
"SNMP-TARGET-MIB.snmpTargetParamsSecurityName";
}
leaf security-level {
type security-level;
mandatory true;
reference
"SNMP-TARGET-MIB.snmpTargetParamsSecurityLevel";
}
}
}
augment /snmp:snmp/snmp:target/snmp:params {
case usm {
uses usm-target-params;
}
}
augment /snmp:snmp/snmp:proxy/snmp:params-in/snmp:params {
case usm {
uses usm-target-params;
}
}
augment /snmp:snmp/snmp:target {
leaf engine-id {
type leafref {
path "/snmp/usm/remote/engine-id";
}
must '../usm/user-name' {
error-message
"When engine-id is set, usm/user-name must also be set.";
}
must '/snmp/usm/remote[engine-id=current()]/'
+ 'user[name=current()/../usm/user-name]' {
error-message
"When engine-id is set, the usm/user-name must exist in
the /snmp/usm/remote list for this engine-id.";
}
description
"Needed only if this target can receive InformRequest-PDUs
over SNMPv3.
This object is not present in the SNMP MIBs. In
RFC 3412, it is a implementation specific matter how this
engine-id is handled.";
reference "RFC 3412 7.1.9a";
}
}
}