--- /dev/null
+module ieee802-dot1x-types {
+
+ namespace "urn:ieee:std:802.1X:yang:ieee802-dot1x-types";
+ prefix "dot1x-types";
+
+ organization
+ "Institute of Electrical and Electronics Engineers";
+
+ contact
+ "WG-URL: http://www.ieee802.org/1
+ WG-EMail: stds-802-1-L@ieee.org
+
+ Contact: IEEE 802.1 Working Group Chair
+ Postal: C/O IEEE 802.1 Working Group
+ IEEE Standards Association
+ 445 Hoes Lane
+ Piscataway
+ NJ 08854
+ USA
+
+ E-mail: STDS-802-1-L@LISTSERV.IEEE.ORG";
+
+ description
+ "Port-based network access control allows a network administrator
+ to restrict the use of IEEE 802 LAN service access points (ports)
+ to secure communication between authenticated and authorized
+ devices. IEEE Std 802.1X specifies an architecture, functional
+ elements, and protocols that support mutual authentication
+ between the clients of ports attached to the same LAN and secure
+ communication between the ports. The following control allows a
+ port to be reinitialized, terminating (and potentially
+ restarting) authentication exchanges and MKA operation, based on
+ a data model described in a set of YANG modules.";
+
+ revision 2020-02-18 {
+ description
+ "Updated Contact information.";
+ }
+
+ revision 2019-05-28 {
+ description
+ "Updates based upon comment resolution on draft
+ D1.0 of P802.1X-Rev.";
+ reference
+ "IEEE Std 802.1X-2020, Port-Based Network Access Control.";
+ }
+
+ /* ----------------------------------------------
+ * Type definitions used by dot1X YANG module
+ * ----------------------------------------------
+ */
+
+ typedef pae-nid {
+ type string {
+ length "0..100";
+ }
+ description
+ "Network Identity, which is a UTF-8 string identifying a
+ network or network service.";
+ reference
+ "IEEE 802.1X-2020 Clause 3, Clause 10.1, Clause 12.6";
+ }
+
+ typedef pae-session-user-name {
+ type string {
+ length "0..253";
+ }
+ description
+ "Session user name, which is a UTF-8 string, representing the
+ identity of the peer Supplicant.";
+ reference
+ "IEEE 802.1X-2020 Clause 12.5.1";
+ }
+
+ typedef pae-session-id {
+ type string {
+ length "3..253";
+ }
+ description
+ "Session Identifier, which is a UTF-8 string, uniquely
+ identifying the session within the context of the PAE's
+ system.";
+ reference
+ "IEEE 802.1X-2020 Clause 12.5.1";
+ }
+
+ typedef pae-nid-capabilities {
+ type bits {
+ bit eap {
+ position 0;
+ description
+ "EAP";
+ }
+ bit eapMka {
+ position 1;
+ description
+ "EAP + MKA";
+ }
+ bit eapMkaMacSec {
+ position 2;
+ description
+ "EAP + MKA + MACsec";
+ }
+ bit mka {
+ position 3;
+ description
+ "MKA";
+ }
+ bit mkaMacSec {
+ position 4;
+ description
+ "MKA + MACsec";
+ }
+ bit higherLayer {
+ position 5;
+ description
+ "Higher Layer (WebAuth)";
+ }
+ bit higherLayerFallback {
+ position 6;
+ description
+ "Higher Layer Fallback (WebAuth)";
+ }
+ bit vendorSpecific {
+ position 7;
+ description
+ "Vendor specific authentication mechanisms";
+ }
+ }
+ description
+ "Authentication and protection capabilities supported for the
+ NID. Indicates the combinations of authentication and
+ protection capabilities supported for the NID. Any set of these
+ combinations can be supported.";
+ reference
+ "IEEE 802.1X-2020 Clause 10.1, Clause 11.12.3";
+ }
+
+ typedef pae-access-status {
+ type enumeration {
+ enum no-access {
+ description
+ "Other than to authentication services, and to services
+ announced as available in the absence of authentication
+ (unauthenticated).";
+ }
+ enum remedial-access {
+ description
+ "The access granted is severely limited, possibly to
+ remedial services.";
+ }
+ enum restricted-access {
+ description
+ "The Controlled Port is operational, but restrictions have
+ been applied by the network that can limit access to some
+ resources.";
+ }
+ enum expected-access {
+ description
+ "The Controlled Port is operational, and access provided is
+ as expected for successful authentication and authorization
+ for the NID.";
+ }
+ }
+ description
+ "Indicates the transmitter's Controlled Port operational status
+ and current level of access resulting from authentication and
+ the consequent authorization controls applied by that port's
+ clients.";
+ reference
+ "IEEE 802.1X-2020 Clause 10.4, Clause 12.5";
+ }
+
+ typedef mka-kn {
+ type uint32;
+ description
+ "Indicates a Key Number (KN) used in MKA. It is assigned by
+ the Key Server (sequentially beginning with 1).";
+ reference
+ "IEEE 802.1X-2020 Clause 9.8, Clause 9.16";
+ }
+
+ typedef mka-an {
+ type uint32;
+ description
+ "A number that is concatenated with a MACsec Secure Channel
+ Identifier to identify a Secure Association. Indicates an
+ Association Number (AN) assigned by the Key Server for use with
+ the key number for transmission.";
+ reference
+ "IEEE 802.1X-2020 Clause 9.8, Clause 9.16";
+ }
+
+ typedef pae-ckn {
+ type string {
+ length "1..32";
+ }
+ description
+ "Indicates the CAK name to identify the Connectivity
+ Association Key (CAK) which is the root key in the MACsec Key
+ Agreement key hierarchy. All potential members of the CA use
+ the same CKN.";
+ reference
+ "IEEE 802.1X-2020 Clause 9.3.1, Clause 6.2";
+ }
+
+ typedef pae-kmd {
+ type string {
+ length "0..253";
+ }
+ description
+ "A Key Management Domain (KMD). A string of up to 253 UTF-8
+ characters that names the transmitting authenticator's key
+ management domain.";
+ reference
+ "IEEE Clause 12.6";
+ }
+
+ typedef pae-auth-data {
+ type string;
+ description
+ "Authorization data associated with the CAK.";
+ reference
+ "IEEE 802.1X-2020 Clause 9.16";
+ }
+
+ typedef sci-list-entry {
+ type string {
+ length "8";
+ }
+ description
+ "8 octet string, where the first 6 octets represents the MAC
+ Address (in canonical format), and the next 2 octets represents
+ the Port Identifier.";
+ reference
+ "IEEE 802.1AE Clause 7.1.2, Clause 10.7.1";
+ }
+
+ typedef pae-if-index {
+ type int32 {
+ range "1..2147483647";
+ }
+ description
+ "The interface index value represented by this interface.";
+ }
+
+} // ieee802-dot1x-types