-
Notifications
You must be signed in to change notification settings - Fork 1.5k
/
Copy pathsonic-system-tacacs.yang
172 lines (147 loc) · 5.06 KB
/
sonic-system-tacacs.yang
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
module sonic-system-tacacs {
namespace "http://github.com/sonic-net/sonic-system-tacacs";
prefix ssys;
yang-version 1.1;
import ietf-inet-types {
prefix inet;
}
import sonic-port {
prefix port;
}
import sonic-portchannel {
prefix lag;
}
/*
import sonic-vlan {
prefix vlan;
}
*/
import sonic-loopback-interface {
prefix loopback;
}
import sonic-interface {
prefix interface;
}
import sonic-mgmt_port {
prefix mgmt-port;
}
revision 2021-04-15 {
description "Initial revision.";
}
typedef auth_type_enumeration {
type enumeration {
enum pap;
enum chap;
enum mschap;
enum login;
}
}
container sonic-system-tacacs {
container TACPLUS_SERVER {
list TACPLUS_SERVER_LIST {
max-elements 8;
key "ipaddress";
leaf ipaddress {
type inet:host;
description
"TACACS+ server's Domain name or IP address (IPv4 or IPv6)";
}
leaf priority {
default 1;
type uint8 {
range "1..64" {
error-message "TACACS server priority must be 1..64";
}
}
description "Server priority";
}
leaf tcp_port {
type inet:port-number;
default 49;
description "TCP port to communite with TACACS+ server";
}
leaf timeout {
default 5;
type uint16 {
range "1..60" {
error-message "TACACS server timeout must be 1..60";
}
}
description "TACACS+ server timeout";
}
leaf auth_type {
type auth_type_enumeration;
default pap;
description "Authentication type";
}
leaf passkey {
type string {
length "1..65";
pattern "[^ #,]*" {
error-message 'TACACS shared secret (Valid chars are ASCII printable except SPACE, "#", and ",")';
}
}
}
leaf vrf {
type string {
pattern "mgmt|default" {
error-message "Error: Invalid VRF name";
}
}
description
"VRF name";
}
}
}
container TACPLUS {
container global {
leaf auth_type {
type auth_type_enumeration;
default pap;
}
leaf timeout {
type uint16 {
range "1..60" {
error-message "TACACS timeout must be 1..60";
}
}
default 5;
}
leaf passkey {
type string {
length "1..65";
pattern "[^ #,]*" {
error-message 'TACACS shared secret (Valid chars are ASCII printable except SPACE, "#", and ",")';
}
}
description "Shared secret used for encrypting the communication";
}
leaf src_intf {
type union {
type leafref {
path "/port:sonic-port/port:PORT/port:PORT_LIST/port:name";
}
type leafref {
path "/lag:sonic-portchannel/lag:PORTCHANNEL/lag:PORTCHANNEL_LIST/lag:name";
}
/*
type leafref {
path "/vlan:sonic-vlan/vlan:VLAN/vlan:VLAN_LIST/vlan:name";
}
*/
type string {
pattern 'Vlan([0-9]{1,3}|[1-3][0-9]{3}|[4][0][0-8][0-9]|[4][0][9][0-4])';
}
type leafref {
path "/loopback:sonic-loopback-interface/loopback:LOOPBACK_INTERFACE/loopback:LOOPBACK_INTERFACE_LIST/loopback:name";
}
type leafref {
path "/mgmt-port:sonic-mgmt_port/mgmt-port:MGMT_PORT/mgmt-port:MGMT_PORT_LIST/mgmt-port:name";
}
}
description "Source IP to use from source interface for TACACS+ server communication.";
}
}
}
}
}