mac-security
AsterNOS YANG Model for MacSecurity.
module: asternos-mac-security
augment /if:interfaces/if:interface: +--rw mac-security +--rw port-security | +--rw enabled? boolean | +--rw sticky-enabled? boolean | +--rw violation-action? enumeration | +--rw maximum? uint16 | +--rw secure-addresses | +--rw secure-address* [vlan-id mac-address] | +--rw mac-address yang:mac-address | +--rw vlan-id uint16 +--rw mac-limit | +--rw maximum? uint32 +--rw mac-learning-priority | +--rw priority? priority +--rw mac-learning-group? uint8
rpcs: +---x show-mac-limit | +---w input | | +---w (filter) | | +--:(port-name) | | | +---w port-name? cmn:ethernet-port-name | | +--:(portchannel-name) | | | +---w portchannel-name? cmn:port-channel-name | | +--:(vlan-id) | | | +---w vlan-id? cmn:vlan-id | | +--:(all) | | +---w all? empty | +--ro output | +--ro data? <anydata> +---x show-mac-learning-priority | +---w input | | +---w interface? union | +--ro output | +--ro data? <anydata> +---x show-mac-learning-group | +---w input | | +---w interface? union | +--ro output | +--ro data? <anydata> +---x show-port-security | +---w input | | +---w interface? union | +--ro output | +--ro data? <anydata> +---x show-port-security-address | +---w input | | +---w interface? union | +--ro output | +--ro data? <anydata> +---x clear-port-security-address +---w input | +---w interface? union | +---w fdb-type? enumeration +--ro output +--ro data? <anydata>Resources
Section titled “Resources”Resource List
Section titled “Resource List”| Path | Access |
|---|---|
| /?/interfaces/interface/mac-security | Read-Write |
| /?/interfaces/interface/mac-security/port-security | Read-Write |
| /?/interfaces/interface/mac-security/port-security/enabled | Read-Write |
| /?/interfaces/interface/mac-security/port-security/sticky-enabled | Read-Write |
| /?/interfaces/interface/mac-security/port-security/violation-action | Read-Write |
| /?/interfaces/interface/mac-security/port-security/maximum | Read-Write |
| /?/interfaces/interface/mac-security/port-security/secure-addresses | Read-Write |
| /?/interfaces/interface/mac-security/port-security/secure-addresses/secure-address | Read-Write |
| /?/interfaces/interface/mac-security/port-security/secure-addresses/secure-address/mac-address | Read-Write |
| /?/interfaces/interface/mac-security/port-security/secure-addresses/secure-address/vlan-id | Read-Write |
| /?/interfaces/interface/mac-security/mac-limit | Read-Write |
| /?/interfaces/interface/mac-security/mac-limit/maximum | Read-Write |
| /?/interfaces/interface/mac-security/mac-learning-priority | Read-Write |
| /?/interfaces/interface/mac-security/mac-learning-priority/priority | Read-Write |
| /?/interfaces/interface/mac-security/mac-learning-group | Read-Write |
Detailed Nodes
Section titled “Detailed Nodes”/?/interfaces/interface/mac-security
Section titled “/?/interfaces/interface/mac-security”Path
/?/interfaces/interface/mac-security
Node Type
container
Access
Read-Write
/?/interfaces/interface/mac-security/port-security
Section titled “/?/interfaces/interface/mac-security/port-security”Path
/?/interfaces/interface/mac-security/port-security
Node Type
container
Description
Port security configurations for port
Access
Read-Write
/?/interfaces/interface/mac-security/port-security/enabled
Section titled “/?/interfaces/interface/mac-security/port-security/enabled”Path
/?/interfaces/interface/mac-security/port-security/enabled
Node Type
leaf
Description
Enable port security on this interface.
Access
Read-Write
Data Type
Constraints
Valid in [true, false]
/?/interfaces/interface/mac-security/port-security/sticky-enabled
Section titled “/?/interfaces/interface/mac-security/port-security/sticky-enabled”Path
/?/interfaces/interface/mac-security/port-security/sticky-enabled
Node Type
leaf
Description
Enable sticky MAC on this interface.
Access
Read-Write
Data Type
Constraints
Valid in [true, false]
/?/interfaces/interface/mac-security/port-security/violation-action
Section titled “/?/interfaces/interface/mac-security/port-security/violation-action”Path
/?/interfaces/interface/mac-security/port-security/violation-action
Node Type
leaf
Description
Action to take when security violation occurs
Access
Read-Write
Data Type
Constraints
Enumeration with options:
- protect
- restrict
- shutdown
/?/interfaces/interface/mac-security/port-security/maximum
Section titled “/?/interfaces/interface/mac-security/port-security/maximum”Path
/?/interfaces/interface/mac-security/port-security/maximum
Node Type
leaf
Description
Maximum number of secure MAC addresses allowed on this port
Access
Read-Write
Data Type
/?/interfaces/interface/mac-security/port-security/secure-addresses
Section titled “/?/interfaces/interface/mac-security/port-security/secure-addresses”Path
/?/interfaces/interface/mac-security/port-security/secure-addresses
Node Type
container
Access
Read-Write
/?/interfaces/interface/mac-security/port-security/secure-addresses/secure-address
Section titled “/?/interfaces/interface/mac-security/port-security/secure-addresses/secure-address”Path
/?/interfaces/interface/mac-security/port-security/secure-addresses/secure-address
Node Type
list
Description
Statically configured secure MAC addresses
Access
Read-Write
/?/interfaces/interface/mac-security/port-security/secure-addresses/secure-address/mac-address
Section titled “/?/interfaces/interface/mac-security/port-security/secure-addresses/secure-address/mac-address”Path
/?/interfaces/interface/mac-security/port-security/secure-addresses/secure-address/mac-address
Node Type
leaf
Description
Static secure MAC address
Access
Read-Write
Data Type
Constraints
The mac-address type represents an IEEE 802 MAC address.
The canonical representation uses lowercase characters.
In the value set and its semantics, this type is equivalent to the MacAddress textual convention of the SMIv2.
/?/interfaces/interface/mac-security/port-security/secure-addresses/secure-address/vlan-id
Section titled “/?/interfaces/interface/mac-security/port-security/secure-addresses/secure-address/vlan-id”Path
/?/interfaces/interface/mac-security/port-security/secure-addresses/secure-address/vlan-id
Node Type
leaf
Access
Read-Write
Data Type
Constraints
Valid range: 1 to 4094
/?/interfaces/interface/mac-security/mac-limit
Section titled “/?/interfaces/interface/mac-security/mac-limit”Path
/?/interfaces/interface/mac-security/mac-limit
Node Type
container
Access
Read-Write
/?/interfaces/interface/mac-security/mac-limit/maximum
Section titled “/?/interfaces/interface/mac-security/mac-limit/maximum”Path
/?/interfaces/interface/mac-security/mac-limit/maximum
Node Type
leaf
Description
Set LAG dynamic MAC quantity limit.
Access
Read-Write
Data Type
Constraints
Valid range: 0 to 32000
/?/interfaces/interface/mac-security/mac-learning-priority
Section titled “/?/interfaces/interface/mac-security/mac-learning-priority”Path
/?/interfaces/interface/mac-security/mac-learning-priority
Node Type
container
Access
Read-Write
/?/interfaces/interface/mac-security/mac-learning-priority/priority
Section titled “/?/interfaces/interface/mac-security/mac-learning-priority/priority”Path
/?/interfaces/interface/mac-security/mac-learning-priority/priority
Node Type
leaf
Description
Set interface MAC learning priority.
Access
Read-Write
Data Type
Constraints
Enumeration with options:
- low
- high
/?/interfaces/interface/mac-security/mac-learning-group
Section titled “/?/interfaces/interface/mac-security/mac-learning-group”Path
/?/interfaces/interface/mac-security/mac-learning-group
Node Type
leaf
Description
Address movement between same priority interfaces is allowed only if both interfaces belong to the same learning group.
Access
Read-Write
Data Type
Constraints
Valid range: 0 to 15