-
Notifications
You must be signed in to change notification settings - Fork 1.5k
/
Copy pathsonic-system-radius.yang
215 lines (179 loc) · 6.48 KB
/
sonic-system-radius.yang
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
module sonic-system-radius {
namespace "http://github.com/sonic-net/sonic-system-radius";
prefix ssys;
yang-version 1.1;
import ietf-inet-types {
prefix inet;
}
import sonic-port {
prefix port;
}
import sonic-portchannel {
prefix lag;
}
// Comment sonic-vlan import here until libyang back-links issue is resolved for VLAN leaf reference.
// import sonic-vlan {
// prefix vlan;
// }
import sonic-loopback-interface {
prefix loopback;
}
import sonic-mgmt_port {
prefix mgmt-port;
}
import sonic-interface {
prefix interface;
}
description
"SONiC RADIUS";
revision 2022-11-11 {
description "Initial revision.";
}
typedef auth_type_enumeration {
type enumeration {
enum pap;
enum chap;
enum mschapv2;
}
}
container sonic-system-radius {
container RADIUS {
container global {
leaf passkey {
type string {
length "1..65";
pattern "[^ #,]*" {
error-message 'RADIUS shared secret (Valid chars are ASCII printable except SPACE, "#", and ",")';
}
}
description
'RADIUS global shared secret (Valid chars are ASCII printable except SPACE, "#", and ",")';
}
leaf auth_type {
default "pap";
type auth_type_enumeration;
description
"RADIUS global method used for authenticating the comm. mesg.";
}
leaf src_ip {
type inet:ip-address;
description
"source IP address (IPv4 or IPv6) for the outgoing RADIUS pkts.";
}
leaf nas_ip {
type inet:ip-address;
description
"NAS-IP|IPV6-Address attribute for the outgoing RADIUS pkts.";
}
leaf statistics {
type boolean;
description
"Should statistics collection be enabled/disabled";
}
leaf timeout {
default 5;
type uint16 {
range "1..60" {
error-message "RADIUS timeout must be 1..60";
}
}
}
leaf retransmit {
default 3;
type uint8 {
range "0..10" {
error-message "RADIUS retransmit must be 0..10";
}
}
}
}
}
container RADIUS_SERVER {
list RADIUS_SERVER_LIST {
key "ipaddress";
max-elements 8;
leaf ipaddress {
type inet:host;
description
"RADIUS server's Domain name or IP address (IPv4 or IPv6)";
}
leaf auth_port {
default 1812;
type inet:port-number;
description
"RADIUS authentication port number.";
}
leaf passkey {
type string {
length "1..65";
pattern "[^ #,]*" {
error-message 'RADIUS shared secret (Valid chars are ASCII printable except SPACE, "#", and ",")';
}
}
description
'RADIUS servers shared secret (Valid chars are ASCII printable except SPACE, "#", and ",")';
}
leaf auth_type {
default "pap";
type auth_type_enumeration;
description
"RADIUS server's method used for authenticating the comm. mesg.";
}
leaf priority {
type uint8 {
range "1..64" {
error-message "RADIUS priority must be 1..64";
}
}
description
"RADIUS server's priority";
}
leaf timeout {
default 5;
type uint16 {
range "1..60" {
error-message "RADIUS timeout must be 1..60";
}
}
}
leaf retransmit {
default 3;
type uint8 {
range "0..10" {
error-message "RADIUS retransmit must be 0..10";
}
}
}
leaf vrf {
type string {
pattern "mgmt|default" {
error-message "Error: Invalid VRF name";
}
}
description
"VRF name";
}
leaf src_intf {
type union {
type leafref {
path "/port:sonic-port/port:PORT/port:PORT_LIST/port:name";
}
type leafref {
path "/lag:sonic-portchannel/lag:PORTCHANNEL/lag:PORTCHANNEL_LIST/lag:name";
}
type string {
pattern 'Vlan([0-9]{1,3}|[1-3][0-9]{3}|[4][0][0-8][0-9]|[4][0][9][0-4])';
}
type leafref {
path "/loopback:sonic-loopback-interface/loopback:LOOPBACK_INTERFACE/loopback:LOOPBACK_INTERFACE_LIST/loopback:name";
}
type leafref {
path "/mgmt-port:sonic-mgmt_port/mgmt-port:MGMT_PORT/mgmt-port:MGMT_PORT_LIST/mgmt-port:name";
}
}
description "Source interface to use for RADIUS server communication.";
}
}
}
}
}