draft-ietf-netmod-snmp-cfg-04.txt   draft-ietf-netmod-snmp-cfg-05.txt 
Network Working Group M. Bjorklund Network Working Group M. Bjorklund
Internet-Draft Tail-f Systems Internet-Draft Tail-f Systems
Intended status: Standards Track J. Schoenwaelder Intended status: Standards Track J. Schoenwaelder
Expires: August 14, 2014 Jacobs University Expires: November 20, 2014 Jacobs University
February 10, 2014 May 19, 2014
A YANG Data Model for SNMP Configuration A YANG Data Model for SNMP Configuration
draft-ietf-netmod-snmp-cfg-04 draft-ietf-netmod-snmp-cfg-05
Abstract Abstract
This document defines a collection of YANG definitions for This document defines a collection of YANG definitions for
configuring SNMP engines. configuring SNMP engines.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
skipping to change at page 1, line 32 skipping to change at page 1, line 32
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 14, 2014. This Internet-Draft will expire on November 20, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 31 skipping to change at page 2, line 31
2.13. Secure Shell Transport Model Configuration . . . . . . . . 13 2.13. Secure Shell Transport Model Configuration . . . . . . . . 13
3. Implementation Guidelines . . . . . . . . . . . . . . . . . . 15 3. Implementation Guidelines . . . . . . . . . . . . . . . . . . 15
3.1. Supporting read-only SNMP Access . . . . . . . . . . . . . 15 3.1. Supporting read-only SNMP Access . . . . . . . . . . . . . 15
3.2. Supporting read-write SNMP access . . . . . . . . . . . . 16 3.2. Supporting read-write SNMP access . . . . . . . . . . . . 16
4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 17 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.1. Module 'ietf-x509-cert-to-name' . . . . . . . . . . . . . 17 4.1. Module 'ietf-x509-cert-to-name' . . . . . . . . . . . . . 17
4.2. Module 'ietf-snmp' . . . . . . . . . . . . . . . . . . . . 22 4.2. Module 'ietf-snmp' . . . . . . . . . . . . . . . . . . . . 22
4.3. Submodule 'ietf-snmp-common' . . . . . . . . . . . . . . . 25 4.3. Submodule 'ietf-snmp-common' . . . . . . . . . . . . . . . 25
4.4. Submodule 'ietf-snmp-engine' . . . . . . . . . . . . . . . 29 4.4. Submodule 'ietf-snmp-engine' . . . . . . . . . . . . . . . 29
4.5. Submodule 'ietf-snmp-target' . . . . . . . . . . . . . . . 32 4.5. Submodule 'ietf-snmp-target' . . . . . . . . . . . . . . . 32
4.6. Submodule 'ietf-snmp-notification' . . . . . . . . . . . . 35 4.6. Submodule 'ietf-snmp-notification' . . . . . . . . . . . . 36
4.7. Submodule 'ietf-snmp-proxy' . . . . . . . . . . . . . . . 39 4.7. Submodule 'ietf-snmp-proxy' . . . . . . . . . . . . . . . 40
4.8. Submodule 'ietf-snmp-community' . . . . . . . . . . . . . 42 4.8. Submodule 'ietf-snmp-community' . . . . . . . . . . . . . 42
4.9. Submodule 'ietf-snmp-vacm' . . . . . . . . . . . . . . . . 46 4.9. Submodule 'ietf-snmp-vacm' . . . . . . . . . . . . . . . . 47
4.10. Submodule 'ietf-snmp-usm' . . . . . . . . . . . . . . . . 52 4.10. Submodule 'ietf-snmp-usm' . . . . . . . . . . . . . . . . 52
4.11. Submodule 'ietf-snmp-tsm' . . . . . . . . . . . . . . . . 56 4.11. Submodule 'ietf-snmp-tsm' . . . . . . . . . . . . . . . . 56
4.12. Submodule 'ietf-snmp-tls' . . . . . . . . . . . . . . . . 59 4.12. Submodule 'ietf-snmp-tls' . . . . . . . . . . . . . . . . 59
4.13. Submodule 'ietf-snmp-ssh' . . . . . . . . . . . . . . . . 63 4.13. Submodule 'ietf-snmp-ssh' . . . . . . . . . . . . . . . . 63
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 66 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 67
6. Security Considerations . . . . . . . . . . . . . . . . . . . 68 6. Security Considerations . . . . . . . . . . . . . . . . . . . 69
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 71 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 72
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 72 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 73
8.1. Normative References . . . . . . . . . . . . . . . . . . . 72 8.1. Normative References . . . . . . . . . . . . . . . . . . . 73
8.2. Informative References . . . . . . . . . . . . . . . . . . 72 8.2. Informative References . . . . . . . . . . . . . . . . . . 73
Appendix A. Example configurations . . . . . . . . . . . . . . . 74 Appendix A. Example configurations . . . . . . . . . . . . . . . 75
A.1. Engine Configuration Example . . . . . . . . . . . . . . . 74 A.1. Engine Configuration Example . . . . . . . . . . . . . . . 75
A.2. Community Configuration Example . . . . . . . . . . . . . 74 A.2. Community Configuration Example . . . . . . . . . . . . . 75
A.3. User-based Security Model Configuration Example . . . . . 75 A.3. User-based Security Model Configuration Example . . . . . 76
A.4. Target and Notification Configuration Example . . . . . . 77 A.4. Target and Notification Configuration Example . . . . . . 78
A.5. Proxy Configuration Example . . . . . . . . . . . . . . . 78 A.5. Proxy Configuration Example . . . . . . . . . . . . . . . 79
A.6. View-based Access Control Model Configuration Example . . 81 A.6. View-based Access Control Model Configuration Example . . 82
A.7. Transport Layer Security Transport Model Configuration A.7. Transport Layer Security Transport Model Configuration
Example . . . . . . . . . . . . . . . . . . . . . . . . . 83 Example . . . . . . . . . . . . . . . . . . . . . . . . . 84
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 85 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 86
1. Introduction 1. Introduction
This document defines a YANG [RFC6020] data model for the This document defines a YANG [RFC6020] data model for the
configuration of SNMP engines. The configuration model is consistent configuration of SNMP engines. The configuration model is consistent
with the MIB modules defined in [RFC3411], [RFC3412], [RFC3413], with the MIB modules defined in [RFC3411], [RFC3412], [RFC3413],
[RFC3414], [RFC3415], [RFC3418], [RFC3584], [RFC5591], [RFC5592], and [RFC3414], [RFC3415], [RFC3418], [RFC3584], [RFC5591], [RFC5592], and
[RFC6353] but takes advantage of YANG's ability to define [RFC6353] but takes advantage of YANG's ability to define
hierarchical configuration data models. hierarchical configuration data models.
skipping to change at page 6, line 20 skipping to change at page 6, line 20
2.4. Engine Configuration 2.4. Engine Configuration
The submodule "ietf-snmp-engine", which defines configuration The submodule "ietf-snmp-engine", which defines configuration
parameters that are specific to SNMP engines, has the following parameters that are specific to SNMP engines, has the following
structure: structure:
+--rw snmp +--rw snmp
+--rw engine +--rw engine
+--rw enabled? boolean +--rw enabled? boolean
+--rw listen +--rw listen* [name]
| +--rw udp* [ip port] | +--rw name snmp:identifier
| +--rw ip inet:ip-address | +--rw (transport)
| +--rw port inet:port-number | +--:(udp)
| +--rw udp
| +--rw ip inet:ip-address
| +--rw port? inet:port-number
+--rw version +--rw version
| +--rw v1? empty | +--rw v1? empty
| +--rw v2c? empty | +--rw v2c? empty
| +--rw v3? empty | +--rw v3? empty
+--rw engine-id? snmp:engine-id +--rw engine-id? snmp:engine-id
+--rw enable-authen-traps? boolean +--rw enable-authen-traps? boolean
The leaf "/snmp/engine/enabled" can be used to enable/disable an SNMP The leaf "/snmp/engine/enabled" can be used to enable/disable an SNMP
engine. engine.
The container "/snmp/engine/listen" provides configuration of the The list "/snmp/engine/listen" provides configuration of the
transport endpoints the engine is listening to. In this submodule, transport endpoints the engine is listening to. In this submodule,
SNMP over UDP is defined. TLS and Datagram Transport Layer Security SNMP over UDP is defined. SSH, TLS and Datagram Transport Layer
(DTLS) are also supported, defined in "ietf-snmp-tls" (Section 2.12). Security (DTLS) are also supported, defined in "ietf-snmp-ssh"
The "listen" container is expected to be augmented for other (Section 2.13) and "ietf-snmp-tls" (Section 2.12), respectively. The
transports. "transport" choice is expected to be augmented for other transports.
The "/snmp/engine/version" container can be used to enable/disable The "/snmp/engine/version" container can be used to enable/disable
the different message processing models. the different message processing models.
2.5. Target Configuration 2.5. Target Configuration
The submodule "ietf-snmp-target", which defines configuration The submodule "ietf-snmp-target", which defines configuration
parameters that correspond to the objects in SNMP-TARGET-MIB, has the parameters that correspond to the objects in SNMP-TARGET-MIB, has the
following structure: following structure:
skipping to change at page 7, line 51 skipping to change at page 7, line 51
parameters that correspond to the objects in SNMP-NOTIFICATION-MIB, parameters that correspond to the objects in SNMP-NOTIFICATION-MIB,
has the following structure: has the following structure:
+--rw snmp +--rw snmp
+--rw notify* [name] +--rw notify* [name]
| +--rw name snmp:identifier | +--rw name snmp:identifier
| +--rw tag snmp:identifier | +--rw tag snmp:identifier
| +--rw type? enumeration | +--rw type? enumeration
+--rw notify-filter-profile* [name] +--rw notify-filter-profile* [name]
+--rw name snmp:identifier +--rw name snmp:identifier
+--rw include* wildcard-object-identifier +--rw include* snmp:wildcard-object-identifier
+--rw exclude* wildcard-object-identifier +--rw exclude* snmp:wildcard-object-identifier
It also augments the "target-params" list defined in the It also augments the "target-params" list defined in the
"ietf-snmp-target" submodule (Section 2.5) with one leaf: "ietf-snmp-target" submodule (Section 2.5) with one leaf:
+--rw snmp +--rw snmp
+--rw target-params* [name] +--rw target-params* [name]
... ...
+--rw notify-filter-profile? leafref +--rw notify-filter-profile? leafref
An entry in the list "/snmp/notify" corresponds to an An entry in the list "/snmp/notify" corresponds to an
"snmpNotifyEntry". "snmpNotifyEntry".
An entry in the list "/snmp/notify-filter-profile" corresponds to an An entry in the list "/snmp/notify-filter-profile" corresponds to an
"snmpNotifyFilterProfileEntry". In the MIB, there is a sparse "snmpNotifyFilterProfileEntry". In the MIB, there is a sparse
relationship between "snmpTargetParamsTable" and relationship between "snmpTargetParamsTable" and
skipping to change at page 9, line 29 skipping to change at page 9, line 29
+--rw security-name snmp:security-name +--rw security-name snmp:security-name
+--rw engine-id? snmp:engine-id +--rw engine-id? snmp:engine-id
+--rw context? snmp:context-name +--rw context? snmp:context-name
+--rw target-tag? snmp:identifier +--rw target-tag? snmp:identifier
It also augments the "/snmp/target-params/params" choice with nodes It also augments the "/snmp/target-params/params" choice with nodes
for the Community-Based Security Model used by SNMPv1 and SNMPv2c: for the Community-Based Security Model used by SNMPv1 and SNMPv2c:
+--rw snmp +--rw snmp
+--rw target-params* [name] +--rw target-params* [name]
... | ...
+--rw (params)? | +--rw (params)?
| +--:(v1) | +--:(v1)
| | +--rw v1 | | +--rw v1
| | +--rw security-name snmp:security-name | | +--rw security-name snmp:security-name
| +--:(v2c) | +--:(v2c)
| +--rw v2c | +--rw v2c
| +--rw security-name snmp:security-name | +--rw security-name snmp:security-name
+--rw target* [name]
+--rw mms? union +--rw mms? union
An entry in the list "/snmp/community" corresponds to an An entry in the list "/snmp/community" corresponds to an
"snmpCommunityEntry". "snmpCommunityEntry".
When a case "v1" or "v2c" is chosen, it implies a When a case "v1" or "v2c" is chosen, it implies a
snmpTargetParamsMPModel 0 (SNMPv1) or 1 (SNMPv2), and a snmpTargetParamsMPModel 0 (SNMPv1) or 1 (SNMPv2), and a
snmpTargetParamsSecurityModel 1 (SNMPv1) or 2 (SNMPv2), respectively. snmpTargetParamsSecurityModel 1 (SNMPv1) or 2 (SNMPv2), respectively.
Both cases implies a snmpTargetParamsSecurityLevel of noAuthNoPriv. Both cases implies a snmpTargetParamsSecurityLevel of noAuthNoPriv.
skipping to change at page 11, line 10 skipping to change at page 11, line 10
+--rw user* [name] +--rw user* [name]
+-- {common user params} +-- {common user params}
The "{common user params}" are: The "{common user params}" are:
+--rw name snmp:identifier +--rw name snmp:identifier
+--rw auth! +--rw auth!
| +--rw (protocol) | +--rw (protocol)
| +--:(md5) | +--:(md5)
| | +--rw md5 | | +--rw md5
| | +-- rw key string | | +-- rw key yang:hex-string
| +--:(sha) | +--:(sha)
| +--rw sha | +--rw sha
| +-- rw key string | +-- rw key yang:hex-string
+--rw priv! +--rw priv!
+--rw (protocol) +--rw (protocol)
+--:(des) +--:(des)
| +--rw des | +--rw des
| +-- rw key string | +-- rw key yang:hex-string
+--:(aes) +--:(aes)
+--rw aes +--rw aes
+-- rw key string +-- rw key yang:hex-string
It also augments the "/snmp/target-params/params" choice with nodes It also augments the "/snmp/target-params/params" choice with nodes
for the SNMP User-based Security Model. for the SNMP User-based Security Model.
+--rw snmp +--rw snmp
+--rw target-params* [name] +--rw target-params* [name]
... ...
+--rw (params)? +--rw (params)?
+--:(usm) +--:(usm)
+--rw usm +--rw usm
+--rw user-name snmp:security-name +--rw user-name snmp:security-name
+--rw security-level security-level +--rw security-level security-level
In the MIB, there is a single table with local and remote users, In the MIB, there is a single table with local and remote users,
indexed by the engine id and user name. In the YANG model, there is indexed by the engine id and user name. In the YANG model, there is
skipping to change at page 11, line 51 skipping to change at page 11, line 51
the YANG model. However, the localized key can be changed. This the YANG model. However, the localized key can be changed. This
implies that if the engine id is changed, all users keys need to be implies that if the engine id is changed, all users keys need to be
changed as well. changed as well.
2.11. Transport Security Model Configuration 2.11. Transport Security Model Configuration
The submodule "ietf-snmp-tsm", which defines configuration parameters The submodule "ietf-snmp-tsm", which defines configuration parameters
that correspond to the objects in SNMP-TSM-MIB, has the following that correspond to the objects in SNMP-TSM-MIB, has the following
structure: structure:
+--rw snmp +--rw snmp
+--rw tsm +--rw tsm
+--rw use-prefix? boolean +--rw use-prefix? boolean
It also augments the "/snmp/target-params/params" choice with nodes It also augments the "/snmp/target-params/params" choice with nodes
for the SNMP Transport Security Model. for the SNMP Transport Security Model.
+--rw snmp +--rw snmp
+--rw target-params* [name] +--rw target-params* [name]
... ...
+--rw (params)? +--rw (params)?
+--:(tsm) +--:(tsm)
+--rw tsm +--rw tsm
+--rw security-name snmp:security-name +--rw security-name snmp:security-name
+--rw security-level security-level +--rw security-level security-level
This submodule defines the feature "tsm". A server implements this This submodule defines the feature "tsm". A server implements this
feature if it supports the Transport Security Model (tsm) [RFC5591]. feature if it supports the Transport Security Model (tsm) [RFC5591].
2.12. Transport Layer Security Transport Model Configuration 2.12. Transport Layer Security Transport Model Configuration
The submodule "ietf-snmp-tls", which defines configuration parameters The submodule "ietf-snmp-tls", which defines configuration parameters
that correspond to the objects in SNMP-TLS-TM-MIB, has the following that correspond to the objects in SNMP-TLS-TM-MIB, has the following
structure: structure:
+--rw snmp +--rw snmp
... ...
+--rw target* [name] +--rw target* [name]
| ... | ...
| +--rw (transport) | +--rw (transport)
| ... | ...
| +--:(tls) | +--:(tls)
| | +--rw tls | | +--rw tls
| | +-- {common (d)tls transport params} | | +-- {common (d)tls transport params}
| +--:(dtls) | +--:(dtls)
| +--rw dtls | +--rw dtls
| +-- {common (d)tls transport params} | +-- {common (d)tls transport params}
+--rw tlstm +--rw tlstm
+--rw cert-to-name* [id] +--rw cert-to-name* [id]
+--rw id uint32 +--rw id uint32
+--rw fingerprint x509c2n:tls-fingerprint +--rw fingerprint x509c2n:tls-fingerprint
+--rw map-type identityref +--rw map-type identityref
+--rw name string +--rw name string
The "{common (d)tls transport params}" are: The "{common (d)tls transport params}" are:
+--rw ip? inet:host +--rw ip? inet:host
+--rw port? inet:port-number +--rw port? inet:port-number
+--rw client-fingerprint? x509c2n:tls-fingerprint +--rw client-fingerprint? x509c2n:tls-fingerprint
+--rw server-fingerprint? x509c2n:tls-fingerprint +--rw server-fingerprint? x509c2n:tls-fingerprint
+--rw server-identity? snmp:admin-string +--rw server-identity? snmp:admin-string
It also augments the "/snmp/engine/listen" container with objects for It also augments the "/snmp/engine/listen/transport" choice with
the D(TLS) transport endpoints: objects for the D(TLS) transport endpoints:
+--rw snmp +--rw snmp
+--rw engine +--rw engine
... ...
+--rw listen +--rw listen* [name]
... ...
+--rw tls* [ip port] +--rw (transport)
| +--rw ip inet:ip-address ...
| +--rw port inet:port-number +--:(tls)
+--rw dtls* [ip port] | +--rw tls
+--rw ip inet:ip-address | +--rw ip inet:ip-address
+--rw port inet:port-number | +--rw port? inet:port-number
+--:(dtls)
+--rw dtls
+--rw ip inet:ip-address
+--rw port? inet:port-number
This submodule defines the feature "tlstm". A server implements this This submodule defines the feature "tlstm". A server implements this
feature if it supports the Transport Layer Security (TLS) Transport feature if it supports the Transport Layer Security (TLS) Transport
Model (tlstm) [RFC6353]. Model (tlstm) [RFC6353].
2.13. Secure Shell Transport Model Configuration 2.13. Secure Shell Transport Model Configuration
The submodule "ietf-snmp-ssh", which defines configuration parameters The submodule "ietf-snmp-ssh", which defines configuration parameters
that correspond to the objects in SNMP-SSH-TM-MIB, has the following that correspond to the objects in SNMP-SSH-TM-MIB, has the following
structure: structure:
+--rw snmp +--rw snmp
... ...
+--rw target* [name] +--rw target* [name]
... ...
+--rw (transport) +--rw (transport)
... ...
+--:(ssh) +--:(ssh)
+--rw ssh +--rw ssh
+--rw ip inet:host +--rw ip inet:host
+--rw port? inet:port-number +--rw port? inet:port-number
+--rw username? string +--rw username? string
It also augments the "/snmp/engine/listen" container with objects for It also augments the "/snmp/engine/listen/transport" choice with
the SSH transport endpoints: objects for the SSH transport endpoints:
+--rw snmp +--rw snmp
+--rw engine +--rw engine
... ...
+--rw listen +--rw listen* [name]
... ...
+--rw ssh* [ip port] +--rw (transport)
...
+--:(ssh)
+--rw ssh
+--rw ip inet:host
+--rw port? inet:port-number
+--rw username? string
This submodule defines the feature "sshtm". A server implements this This submodule defines the feature "sshtm". A server implements this
feature if it supports the Secure Shell (SSH) Transport Model (sshtm) feature if it supports the Secure Shell (SSH) Transport Model (sshtm)
[RFC5592]. [RFC5592].
3. Implementation Guidelines 3. Implementation Guidelines
This section describes some challenges for implementations that This section describes some challenges for implementations that
support both the YANG models defined in this document, and either support both the YANG models defined in this document, and either
read-write or read-only SNMP access to the same data, using the read-write or read-only SNMP access to the same data, using the
skipping to change at page 18, line 21 skipping to change at page 18, line 21
// RFC Ed.: replace XXXX with actual RFC number and remove this // RFC Ed.: replace XXXX with actual RFC number and remove this
// note. // note.
reference reference
"RFC6353: Transport Layer Security (TLS) Transport Model for "RFC6353: Transport Layer Security (TLS) Transport Model for
the Simple Network Management Protocol (SNMP)"; the Simple Network Management Protocol (SNMP)";
// RFC Ed.: update the date below with the date of RFC publication // RFC Ed.: update the date below with the date of RFC publication
// and remove this note. // and remove this note.
revision 2014-02-09 { revision 2014-05-06 {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: A YANG Data Model for SNMP Configuration"; "RFC XXXX: A YANG Data Model for SNMP Configuration";
} }
typedef tls-fingerprint { typedef tls-fingerprint {
type yang:hex-string { type yang:hex-string {
pattern '([0-9a-fA-F]){2}(:([0-9a-fA-F]){2}){0,254}'; pattern '([0-9a-fA-F]){2}(:([0-9a-fA-F]){2}){0,254}';
skipping to change at page 23, line 11 skipping to change at page 23, line 11
<CODE BEGINS> file "ietf-snmp.yang" <CODE BEGINS> file "ietf-snmp.yang"
module ietf-snmp { module ietf-snmp {
namespace "urn:ietf:params:xml:ns:yang:ietf-snmp"; namespace "urn:ietf:params:xml:ns:yang:ietf-snmp";
prefix snmp; prefix snmp;
// RFC Ed.: update the dates below with the date of RFC publication // RFC Ed.: update the dates below with the date of RFC publication
// and remove this note. // and remove this note.
include ietf-snmp-common { include ietf-snmp-common {
revision-date 2014-02-09; revision-date 2014-05-06;
} }
include ietf-snmp-engine { include ietf-snmp-engine {
revision-date 2014-02-09; revision-date 2014-05-06;
} }
include ietf-snmp-target { include ietf-snmp-target {
revision-date 2014-02-09; revision-date 2014-05-06;
} }
include ietf-snmp-notification { include ietf-snmp-notification {
revision-date 2014-02-09; revision-date 2014-05-06;
} }
include ietf-snmp-proxy { include ietf-snmp-proxy {
revision-date 2014-02-09; revision-date 2014-05-06;
} }
include ietf-snmp-community { include ietf-snmp-community {
revision-date 2014-02-09; revision-date 2014-05-06;
} }
include ietf-snmp-usm { include ietf-snmp-usm {
revision-date 2014-02-09; revision-date 2014-05-06;
} }
include ietf-snmp-tsm { include ietf-snmp-tsm {
revision-date 2014-02-09; revision-date 2014-05-06;
} }
include ietf-snmp-vacm { include ietf-snmp-vacm {
revision-date 2014-02-09; revision-date 2014-05-06;
} }
include ietf-snmp-tls { include ietf-snmp-tls {
revision-date 2014-02-09; revision-date 2014-05-06;
} }
include ietf-snmp-ssh { include ietf-snmp-ssh {
revision-date 2014-02-09; revision-date 2014-05-06;
} }
organization organization
"IETF NETMOD (NETCONF Data Modeling Language) Working Group"; "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
contact contact
"WG Web: <http://tools.ietf.org/wg/netmod/> "WG Web: <http://tools.ietf.org/wg/netmod/>
WG List: <mailto:netmod@ietf.org> WG List: <mailto:netmod@ietf.org>
WG Chair: Thomas Nadeau WG Chair: Thomas Nadeau
skipping to change at page 24, line 38 skipping to change at page 24, line 38
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
// RFC Ed.: replace XXXX with actual RFC number and remove this // RFC Ed.: replace XXXX with actual RFC number and remove this
// note. // note.
// RFC Ed.: update the date below with the date of RFC publication // RFC Ed.: update the date below with the date of RFC publication
// and remove this note. // and remove this note.
revision 2014-02-09 { revision 2014-05-06 {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: A YANG Data Model for SNMP Configuration"; "RFC XXXX: A YANG Data Model for SNMP Configuration";
} }
} }
<CODE ENDS> <CODE ENDS>
skipping to change at page 26, line 12 skipping to change at page 26, line 12
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
// RFC Ed.: replace XXXX with actual RFC number and remove this // RFC Ed.: replace XXXX with actual RFC number and remove this
// note. // note.
// RFC Ed.: update the date below with the date of RFC publication // RFC Ed.: update the date below with the date of RFC publication
// and remove this note. // and remove this note.
revision 2014-02-09 { revision 2014-05-06 {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: A YANG Data Model for SNMP Configuration"; "RFC XXXX: A YANG Data Model for SNMP Configuration";
} }
/* Collection of SNMP specific data types */ /* Collection of SNMP specific data types */
typedef admin-string { typedef admin-string {
type string { type string {
skipping to change at page 30, line 13 skipping to change at page 30, line 13
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
// RFC Ed.: replace XXXX with actual RFC number and remove this // RFC Ed.: replace XXXX with actual RFC number and remove this
// note. // note.
// RFC Ed.: update the date below with the date of RFC publication // RFC Ed.: update the date below with the date of RFC publication
// and remove this note. // and remove this note.
revision 2014-02-09 { revision 2014-05-06 {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: A YANG Data Model for SNMP Configuration"; "RFC XXXX: A YANG Data Model for SNMP Configuration";
} }
augment /snmp:snmp { augment /snmp:snmp {
container engine { container engine {
description description
"Configuration of the SNMP engine."; "Configuration of the SNMP engine.";
leaf enabled { leaf enabled {
type boolean; type boolean;
default "false"; default "false";
description description
"Enables the SNMP engine."; "Enables the SNMP engine.";
} }
container listen { list listen {
key "name";
description description
"Configuration of the transport endpoints on which the "Configuration of the transport endpoints on which the
engine listens. Submodules providing configuration for engine listens.";
additional transports are expected to augment this
container.";
list udp { leaf name {
key "ip port"; type snmp:identifier;
description description
"A list of IPv4 and IPv6 addresses and ports to which the "An arbitrary name for the list entry.";
engine listens."; }
leaf ip { choice transport {
type inet:ip-address; mandatory true;
description description
"The IPv4 or IPv6 address on which the engine "The transport protocol specific parameters for this
listens."; endpoint. Submodules providing configuration for
additional transports are expected to augment this
choice.";
case udp {
container udp {
leaf ip {
type inet:ip-address;
mandatory true;
description
"The IPv4 or IPv6 address on which the engine
listens.";
}
leaf port {
type inet:port-number;
description
"The UDP port on which the engine listens.
} If the port is not configured, an engine that
leaf port { acts as a Command Responder uses port 161, and
type inet:port-number; an engine that acts as a Notification Receiver
description uses port 162.";
"The UDP port on which the engine listens."; }
}
} }
} }
} }
container version { container version {
description description
"SNMP version used by the engine"; "SNMP version used by the engine";
leaf v1 { leaf v1 {
type empty; type empty;
} }
skipping to change at page 33, line 17 skipping to change at page 33, line 35
// RFC Ed.: replace XXXX with actual RFC number and remove this // RFC Ed.: replace XXXX with actual RFC number and remove this
// note. // note.
reference reference
"RFC3413: Simple Network Management Protocol (SNMP) "RFC3413: Simple Network Management Protocol (SNMP)
Applications"; Applications";
// RFC Ed.: update the date below with the date of RFC publication // RFC Ed.: update the date below with the date of RFC publication
// and remove this note. // and remove this note.
revision 2014-02-09 { revision 2014-05-06 {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: A YANG Data Model for SNMP Configuration"; "RFC XXXX: A YANG Data Model for SNMP Configuration";
} }
augment /snmp:snmp { augment /snmp:snmp {
list target { list target {
key name; key name;
skipping to change at page 37, line 5 skipping to change at page 37, line 22
// RFC Ed.: replace XXXX with actual RFC number and remove this // RFC Ed.: replace XXXX with actual RFC number and remove this
// note. // note.
reference reference
"RFC3413: Simple Network Management Protocol (SNMP) "RFC3413: Simple Network Management Protocol (SNMP)
Applications"; Applications";
// RFC Ed.: update the date below with the date of RFC publication // RFC Ed.: update the date below with the date of RFC publication
// and remove this note. // and remove this note.
revision 2014-02-09 { revision 2014-05-06 {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: A YANG Data Model for SNMP Configuration"; "RFC XXXX: A YANG Data Model for SNMP Configuration";
} }
feature notification-filter { feature notification-filter {
description description
"A server implements this feature if it supports SNMP "A server implements this feature if it supports SNMP
notification filtering."; notification filtering.";
skipping to change at page 40, line 43 skipping to change at page 41, line 15
// RFC Ed.: replace XXXX with actual RFC number and remove this // RFC Ed.: replace XXXX with actual RFC number and remove this
// note. // note.
reference reference
"RFC3413: Simple Network Management Protocol (SNMP) "RFC3413: Simple Network Management Protocol (SNMP)
Applications"; Applications";
// RFC Ed.: update the date below with the date of RFC publication // RFC Ed.: update the date below with the date of RFC publication
// and remove this note. // and remove this note.
revision 2014-02-09 { revision 2014-05-06 {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: A YANG Data Model for SNMP Configuration"; "RFC XXXX: A YANG Data Model for SNMP Configuration";
} }
feature proxy { feature proxy {
description description
"A server implements this feature if it can act as an "A server implements this feature if it can act as an
SNMP Proxy"; SNMP Proxy";
skipping to change at page 43, line 41 skipping to change at page 44, line 12
// RFC Ed.: replace XXXX with actual RFC number and remove this // RFC Ed.: replace XXXX with actual RFC number and remove this
// note. // note.
reference reference
"RFC3584: Coexistence between Version 1, Version 2, and Version 3 "RFC3584: Coexistence between Version 1, Version 2, and Version 3
of the Internet-standard Network Management Framework"; of the Internet-standard Network Management Framework";
// RFC Ed.: update the date below with the date of RFC publication // RFC Ed.: update the date below with the date of RFC publication
// and remove this note. // and remove this note.
revision 2014-02-09 { revision 2014-05-06 {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: A YANG Data Model for SNMP Configuration"; "RFC XXXX: A YANG Data Model for SNMP Configuration";
} }
augment /snmp:snmp { augment /snmp:snmp {
list community { list community {
key index; key index;
skipping to change at page 48, line 8 skipping to change at page 48, line 28
// RFC Ed.: replace XXXX with actual RFC number and remove this // RFC Ed.: replace XXXX with actual RFC number and remove this
// note. // note.
reference reference
"RFC3415: View-based Access Control Model (VACM) for the "RFC3415: View-based Access Control Model (VACM) for the
Simple Network Management Protocol (SNMP)"; Simple Network Management Protocol (SNMP)";
// RFC Ed.: update the date below with the date of RFC publication // RFC Ed.: update the date below with the date of RFC publication
// and remove this note. // and remove this note.
revision 2014-02-09 { revision 2014-05-06 {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: A YANG Data Model for SNMP Configuration"; "RFC XXXX: A YANG Data Model for SNMP Configuration";
} }
typedef view-name { typedef view-name {
type snmp:identifier; type snmp:identifier;
description description
"The view-name type represents an SNMP VACM view name."; "The view-name type represents an SNMP VACM view name.";
skipping to change at page 53, line 41 skipping to change at page 54, line 12
// RFC Ed.: replace XXXX with actual RFC number and remove this // RFC Ed.: replace XXXX with actual RFC number and remove this
// note. // note.
reference reference
"RFC3414: User-based Security Model (USM) for version 3 of the "RFC3414: User-based Security Model (USM) for version 3 of the
Simple Network Management Protocol (SNMPv3)."; Simple Network Management Protocol (SNMPv3).";
// RFC Ed.: update the date below with the date of RFC publication // RFC Ed.: update the date below with the date of RFC publication
// and remove this note. // and remove this note.
revision 2014-02-09 { revision 2014-05-06 {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: A YANG Data Model for SNMP Configuration"; "RFC XXXX: A YANG Data Model for SNMP Configuration";
} }
grouping key { grouping key {
leaf key { leaf key {
type yang:hex-string; type yang:hex-string;
mandatory true; mandatory true;
skipping to change at page 57, line 35 skipping to change at page 58, line 5
// RFC Ed.: replace XXXX with actual RFC number and remove this // RFC Ed.: replace XXXX with actual RFC number and remove this
// note. // note.
reference reference
"RFC5591: Transport Security Model for the "RFC5591: Transport Security Model for the
Simple Network Management Protocol (SNMP)"; Simple Network Management Protocol (SNMP)";
// RFC Ed.: update the date below with the date of RFC publication // RFC Ed.: update the date below with the date of RFC publication
// and remove this note. // and remove this note.
revision 2014-02-09 { revision 2014-05-06 {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: A YANG Data Model for SNMP Configuration"; "RFC XXXX: A YANG Data Model for SNMP Configuration";
} }
feature tsm { feature tsm {
description description
"A server implements this feature if it supports the "A server implements this feature if it supports the
Transport Security Model for SNMP."; Transport Security Model for SNMP.";
skipping to change at page 60, line 25 skipping to change at page 60, line 40
// RFC Ed.: replace XXXX with actual RFC number and remove this // RFC Ed.: replace XXXX with actual RFC number and remove this
// note. // note.
reference reference
"RFC6353: Transport Layer Security (TLS) Transport Model for "RFC6353: Transport Layer Security (TLS) Transport Model for
the Simple Network Management Protocol (SNMP)"; the Simple Network Management Protocol (SNMP)";
// RFC Ed.: update the date below with the date of RFC publication // RFC Ed.: update the date below with the date of RFC publication
// and remove this note. // and remove this note.
revision 2014-02-09 { revision 2014-05-06 {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: A YANG Data Model for SNMP Configuration"; "RFC XXXX: A YANG Data Model for SNMP Configuration";
} }
feature tlstm { feature tlstm {
description description
"A server implements this feature if it supports the "A server implements this feature if it supports the
Transport Layer Security Transport Model for SNMP."; Transport Layer Security Transport Model for SNMP.";
reference reference
"RFC6353: Transport Layer Security (TLS) Transport Model for "RFC6353: Transport Layer Security (TLS) Transport Model for
the Simple Network Management Protocol (SNMP)"; the Simple Network Management Protocol (SNMP)";
} }
augment /snmp:snmp/snmp:engine/snmp:listen { augment /snmp:snmp/snmp:engine/snmp:listen/snmp:transport {
if-feature tlstm; if-feature tlstm;
list tls { case tls {
key "ip port"; container tls {
description
"A list of IPv4 and IPv6 addresses and ports to which the
engine listens for SNMP messages over TLS.";
leaf ip {
type inet:ip-address;
description
"The IPv4 or IPv6 address on which the engine listens
for SNMP messages over TLS.";
}
leaf port {
type inet:port-number;
description description
"The TCP port on which the engine listens for SNMP "A list of IPv4 and IPv6 addresses and ports to which the
messages over TLS."; engine listens for SNMP messages over TLS.";
}
}
list dtls {
key "ip port";
description
"A list of IPv4 and IPv6 addresses and ports to which the
engine listens for SNMP messages over DTLS.";
leaf ip { leaf ip {
type inet:ip-address; type inet:ip-address;
description mandatory true;
"The IPv4 or IPv6 address on which the engine listens description
for SNMP messages over DTLS."; "The IPv4 or IPv6 address on which the engine listens
for SNMP messages over TLS.";
}
leaf port {
type inet:port-number;
description
"The TCP port on which the engine listens for SNMP
messages over TLS.
If the port is not configured, an engine that
acts as a Command Responder uses port 10161, and
an engine that acts as a Notification Receiver
uses port 10162.";
}
} }
leaf port { }
type inet:port-number; case dtls {
container dtls {
description description
"The UDP port on which the engine listens for SNMP messages "A list of IPv4 and IPv6 addresses and ports to which the
over DTLS."; engine listens for SNMP messages over DTLS.";
leaf ip {
type inet:ip-address;
mandatory true;
description
"The IPv4 or IPv6 address on which the engine listens
for SNMP messages over DTLS.";
}
leaf port {
type inet:port-number;
description
"The UDP port on which the engine listens for SNMP
messages over DTLS.
If the port is not configured, an engine that
acts as a Command Responder uses port 10161, and
an engine that acts as a Notification Receiver
uses port 10162.";
}
} }
} }
} }
augment /snmp:snmp { augment /snmp:snmp {
if-feature tlstm; if-feature tlstm;
container tlstm { container tlstm {
uses x509c2n:cert-to-name { uses x509c2n:cert-to-name {
description description
"Defines how certificates are mapped to names. The "Defines how certificates are mapped to names. The
skipping to change at page 64, line 25 skipping to change at page 65, line 8
// RFC Ed.: replace XXXX with actual RFC number and remove this // RFC Ed.: replace XXXX with actual RFC number and remove this
// note. // note.
reference reference
"RFC5592: Secure Shell Transport Model for the "RFC5592: Secure Shell Transport Model for the
Simple Network Management Protocol (SNMP)"; Simple Network Management Protocol (SNMP)";
// RFC Ed.: update the date below with the date of RFC publication // RFC Ed.: update the date below with the date of RFC publication
// and remove this note. // and remove this note.
revision 2014-02-09 { revision 2014-05-06 {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: A YANG Data Model for SNMP Configuration"; "RFC XXXX: A YANG Data Model for SNMP Configuration";
} }
feature sshtm { feature sshtm {
description description
"A server implements this feature if it supports the "A server implements this feature if it supports the
Secure Shell Transport Model for SNMP."; Secure Shell Transport Model for SNMP.";
reference reference
"RFC5592: Secure Shell Transport Model for the "RFC5592: Secure Shell Transport Model for the
Simple Network Management Protocol (SNMP)"; Simple Network Management Protocol (SNMP)";
} }
augment /snmp:snmp/snmp:engine/snmp:listen { augment /snmp:snmp/snmp:engine/snmp:listen/snmp:transport {
if-feature sshtm; if-feature sshtm;
list ssh { case ssh {
key "ip port"; container ssh {
description
"A list of IPv4 and IPv6 addresses and ports to which the
engine listens for SNMP messages over SSH.";
leaf ip {
type inet:ip-address;
description
"The IPv4 or IPv6 address on which the engine listens
for SNMP messages over SSH.";
}
leaf port {
type inet:port-number;
description description
"The TCP port on which the engine listens for SNMP "The IPv4 or IPv6 address and port to which the
messages over SSH."; engine listens for SNMP messages over SSH.";
leaf ip {
type inet:ip-address;
mandatory true;
description
"The IPv4 or IPv6 address on which the engine listens
for SNMP messages over SSH.";
}
leaf port {
type inet:port-number;
description
"The TCP port on which the engine listens for SNMP
messages over SSH.
If the port is not configured, an engine that
acts as a Command Responder uses port 5161, and
an engine that acts as a Notification Receiver
uses port 5162.";
}
} }
} }
} }
augment /snmp:snmp/snmp:target/snmp:transport { augment /snmp:snmp/snmp:target/snmp:transport {
if-feature sshtm; if-feature sshtm;
case ssh { case ssh {
reference "SNMP-SSH-TM-MIB.snmpSSHDomain"; reference "SNMP-SSH-TM-MIB.snmpSSHDomain";
container ssh { container ssh {
leaf ip { leaf ip {
type inet:host; type inet:host;
mandatory true; mandatory true;
reference "SNMP-TARGET-MIB.snmpTargetAddrTAddress reference "SNMP-TARGET-MIB.snmpTargetAddrTAddress
SNMP-SSH-TM-MIB.SnmpSSHAddress"; SNMP-SSH-TM-MIB.SnmpSSHAddress";
skipping to change at page 74, line 17 skipping to change at page 75, line 17
A.1. Engine Configuration Example A.1. Engine Configuration Example
Below is an XML instance document showing a configuration of an SNMP Below is an XML instance document showing a configuration of an SNMP
engine listening on UDP port 161 on IPv4 and IPv6 endpoints and engine listening on UDP port 161 on IPv4 and IPv6 endpoints and
accepting SNMPv2c and SNMPv3 messages. accepting SNMPv2c and SNMPv3 messages.
<snmp xmlns="urn:ietf:params:xml:ns:yang:ietf-snmp"> <snmp xmlns="urn:ietf:params:xml:ns:yang:ietf-snmp">
<engine> <engine>
<enabled>true</enabled> <enabled>true</enabled>
<listen> <listen>
<name>all-ipv4-udp</name>
<udp> <udp>
<ip>0.0.0.0</ip> <ip>0.0.0.0</ip>
<port>161</port> <port>161</port>
</udp> </udp>
</listen>
<listen>
<name>all-ipv6-udp</name>
<udp> <udp>
<ip>::</ip> <ip>::</ip>
<port>161</port> <port>161</port>
</udp> </udp>
</listen> </listen>
<version> <version>
<v2c/> <v2c/>
<v3/> <v3/>
</version> </version>
<engine-id>80:00:02:b8:04:61:62:63</engine-id> <engine-id>80:00:02:b8:04:61:62:63</engine-id>
 End of changes. 69 change blocks. 
206 lines changed or deleted 259 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/