1 module ieee802-dot1x-types {
3 namespace "urn:ieee:std:802.1X:yang:ieee802-dot1x-types";
7 "Institute of Electrical and Electronics Engineers";
10 "WG-URL: http://www.ieee802.org/1
11 WG-EMail: stds-802-1-L@ieee.org
13 Contact: IEEE 802.1 Working Group Chair
14 Postal: C/O IEEE 802.1 Working Group
15 IEEE Standards Association
21 E-mail: STDS-802-1-L@LISTSERV.IEEE.ORG";
24 "Port-based network access control allows a network administrator
25 to restrict the use of IEEE 802 LAN service access points (ports)
26 to secure communication between authenticated and authorized
27 devices. IEEE Std 802.1X specifies an architecture, functional
28 elements, and protocols that support mutual authentication
29 between the clients of ports attached to the same LAN and secure
30 communication between the ports. The following control allows a
31 port to be reinitialized, terminating (and potentially
32 restarting) authentication exchanges and MKA operation, based on
33 a data model described in a set of YANG modules.";
37 "Updated Contact information.";
42 "Updates based upon comment resolution on draft
43 D1.0 of P802.1X-Rev.";
45 "IEEE Std 802.1X-2020, Port-Based Network Access Control.";
48 /* ----------------------------------------------
49 * Type definitions used by dot1X YANG module
50 * ----------------------------------------------
58 "Network Identity, which is a UTF-8 string identifying a
59 network or network service.";
61 "IEEE 802.1X-2020 Clause 3, Clause 10.1, Clause 12.6";
64 typedef pae-session-user-name {
69 "Session user name, which is a UTF-8 string, representing the
70 identity of the peer Supplicant.";
72 "IEEE 802.1X-2020 Clause 12.5.1";
75 typedef pae-session-id {
80 "Session Identifier, which is a UTF-8 string, uniquely
81 identifying the session within the context of the PAE's
84 "IEEE 802.1X-2020 Clause 12.5.1";
87 typedef pae-nid-capabilities {
102 "EAP + MKA + MACsec";
117 "Higher Layer (WebAuth)";
119 bit higherLayerFallback {
122 "Higher Layer Fallback (WebAuth)";
127 "Vendor specific authentication mechanisms";
131 "Authentication and protection capabilities supported for the
132 NID. Indicates the combinations of authentication and
133 protection capabilities supported for the NID. Any set of these
134 combinations can be supported.";
136 "IEEE 802.1X-2020 Clause 10.1, Clause 11.12.3";
139 typedef pae-access-status {
143 "Other than to authentication services, and to services
144 announced as available in the absence of authentication
147 enum remedial-access {
149 "The access granted is severely limited, possibly to
152 enum restricted-access {
154 "The Controlled Port is operational, but restrictions have
155 been applied by the network that can limit access to some
158 enum expected-access {
160 "The Controlled Port is operational, and access provided is
161 as expected for successful authentication and authorization
166 "Indicates the transmitter's Controlled Port operational status
167 and current level of access resulting from authentication and
168 the consequent authorization controls applied by that port's
171 "IEEE 802.1X-2020 Clause 10.4, Clause 12.5";
177 "Indicates a Key Number (KN) used in MKA. It is assigned by
178 the Key Server (sequentially beginning with 1).";
180 "IEEE 802.1X-2020 Clause 9.8, Clause 9.16";
186 "A number that is concatenated with a MACsec Secure Channel
187 Identifier to identify a Secure Association. Indicates an
188 Association Number (AN) assigned by the Key Server for use with
189 the key number for transmission.";
191 "IEEE 802.1X-2020 Clause 9.8, Clause 9.16";
199 "Indicates the CAK name to identify the Connectivity
200 Association Key (CAK) which is the root key in the MACsec Key
201 Agreement key hierarchy. All potential members of the CA use
204 "IEEE 802.1X-2020 Clause 9.3.1, Clause 6.2";
212 "A Key Management Domain (KMD). A string of up to 253 UTF-8
213 characters that names the transmitting authenticator's key
219 typedef pae-auth-data {
222 "Authorization data associated with the CAK.";
224 "IEEE 802.1X-2020 Clause 9.16";
227 typedef sci-list-entry {
232 "8 octet string, where the first 6 octets represents the MAC
233 Address (in canonical format), and the next 2 octets represents
234 the Port Identifier.";
236 "IEEE 802.1AE Clause 7.1.2, Clause 10.7.1";
239 typedef pae-if-index {
241 range "1..2147483647";
244 "The interface index value represented by this interface.";
247 } // ieee802-dot1x-types