trustsec_oper

package
v0.0.0-...-50def94 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 2, 2023 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

This module contains a collection of YANG definitions for monitoring of Cisco Trustsec operational information on Role based permissions, IP-SGT bindings and SXP connections. Copyright (c) 2016-2017 by Cisco Systems, Inc. All rights reserved.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CtsOdmBindingSource 

type CtsOdmBindingSource string

CtsOdmBindingSource represents Binding Source enumeration 

const (
	// Default Security Group Tag binding value in this device
	// for the given IP-Address
	CtsOdmBindingSource_default_ CtsOdmBindingSource = "default"

	// Security Group Tag binding value in this device for the given
	// IP-Address is learned from a VLAN
	CtsOdmBindingSource_from_vlan CtsOdmBindingSource = "from-vlan"

	// Security Group Tag binding value in this device
	// for the given
	// IP-Address is configure from CLI (Command Line Inteface)
	CtsOdmBindingSource_from_cli CtsOdmBindingSource = "from-cli"

	// Security Group Tag binding value in this device
	// for the given IP-Address is learned from a L3 (Layer 3) interface
	CtsOdmBindingSource_from_l3if CtsOdmBindingSource = "from-l3if"

	// Security Group Tag binding value in this device
	// for the given IP-Address is learned via SXP
	// binding exchange protocol
	CtsOdmBindingSource_from_cfp CtsOdmBindingSource = "from-cfp"

	// Security Group Tag binding value in this
	// device for the given
	// IP-Address is learned via IP-ARP protocol
	CtsOdmBindingSource_from_ip_arp CtsOdmBindingSource = "from-ip-arp"

	// Security Group Tag binding value in this device
	// for the given IP-Address is learned locally
	CtsOdmBindingSource_from_local CtsOdmBindingSource = "from-local"

	// Security Group Tag binding value in this device
	// for the given IP-Address is learned via Security Group Tag
	// caching from datapath.
	CtsOdmBindingSource_from_sgt_caching CtsOdmBindingSource = "from-sgt-caching"

	// Security Group Tag binding value in this device
	// for the given IP-Address is configured from CLI-high priority.
	CtsOdmBindingSource_from_cli_hi CtsOdmBindingSource = "from-cli-hi"
)

type SxpConMode 

type SxpConMode string

SxpConMode represents SXP Connection mode 

const (
	// SXP Connection mode is Invalid
	SxpConMode_con_mode_invalid SxpConMode = "con-mode-invalid"

	// SXP Connection mode is Speaker
	SxpConMode_con_mode_speaker SxpConMode = "con-mode-speaker"

	// SXP Connection mode is Listener
	SxpConMode_con_mode_listener SxpConMode = "con-mode-listener"

	// SXP Connection mode is Both (Speaker and Listener)
	SxpConMode_con_mode_both SxpConMode = "con-mode-both"
)

type SxpConState 

type SxpConState string

SxpConState represents SXP Connection state 

const (
	// SXP Connection state is OFF
	SxpConState_state_off SxpConState = "state-off"

	// SXP Connection state is Pending-On
	SxpConState_state_pending_on SxpConState = "state-pending-on"

	// SXP Connection state is ON
	SxpConState_state_on SxpConState = "state-on"

	// SXP Connection state is Delete-Hold-Down
	SxpConState_state_delete_hold_down SxpConState = "state-delete-hold-down"

	// SXP Connection state is Not-Applicable
	SxpConState_state_not_applicable SxpConState = "state-not-applicable"
)

type TrustsecState 

type TrustsecState struct {
	EntityData types.CommonEntityData
	YFilter    yfilter.YFilter

	// Security Group Tag value corresponding to an IP-Address  in the given VRF
	// instance in this device.
	CtsRolebasedSgtmaps TrustsecState_CtsRolebasedSgtmaps

	// Role based permissions between a Source Security Group and a Destination
	// Security Group are configured by the administrator in the Identity Services
	// Engine or in the Device.
	CtsRolebasedPolicies TrustsecState_CtsRolebasedPolicies

	// Trustsec SXP connection is used between Cisco devices to propagate Security
	// Group Tags from one device to  another device. One of the device will be in
	// Speaker  mode or Listener mode or both the devices can be in both the
	// connection modes.
	CtsSxpConnections TrustsecState_CtsSxpConnections
}

TrustsecState This is top level container for Cisco Trusted Security solution operational data. It can have Security Group Tag binding information for the given IP-Address, Role based permissions between a Source Security Group Tag and a Destination Security Group, SXP Connection information for a given peer IP-Address in this device

func (*TrustsecState) GetEntityData 

func (trustsecState *TrustsecState) GetEntityData() *types.CommonEntityData

type TrustsecState_CtsRolebasedPolicies 

type TrustsecState_CtsRolebasedPolicies struct {
	EntityData types.CommonEntityData
	YFilter    yfilter.YFilter

	// Role based permissions between a Source Security Group and a Destination
	// Security Group can be retrieved from the device using a Security Group Tag
	// and Destination Group Tag value. The type is slice of
	// TrustsecState_CtsRolebasedPolicies_CtsRolebasedPolicy.
	CtsRolebasedPolicy []*TrustsecState_CtsRolebasedPolicies_CtsRolebasedPolicy
}

TrustsecState_CtsRolebasedPolicies Role based permissions between a Source Security Group and a Destination Security Group are configured by the administrator in the Identity Services Engine or in the Device

func (*TrustsecState_CtsRolebasedPolicies) GetEntityData 

func (ctsRolebasedPolicies *TrustsecState_CtsRolebasedPolicies) GetEntityData() *types.CommonEntityData

type TrustsecState_CtsRolebasedPolicies_CtsRolebasedPolicy 

type TrustsecState_CtsRolebasedPolicies_CtsRolebasedPolicy struct {
	EntityData types.CommonEntityData
	YFilter    yfilter.YFilter
	YListKey   string

	// This attribute is a key. Source Security Group Tag number. This value must
	// be in the inclusive range of -1 to 65519. The type is interface{} with
	// range: -2147483648..2147483647.
	SrcSgt interface{}

	// This attribute is a key. Destination Security Tag number. This value must
	// be in the inclusive range of -1 to 65519. The type is interface{} with
	// range: -2147483648..2147483647.
	DstSgt interface{}

	// List of Security Group Access Control List names separated by
	// semi-colon(;). The type is string.
	SgaclName interface{}

	// Number of Security Group Access Control Lists that are currently applied
	// between the Source Security Group and the Destination Security Group. This
	// should match the number of Security Group Access Control List names in
	// sgacl-name. The type is interface{} with range: 0..4294967295.
	NumOfSgacl interface{}

	// Indicates the monitor mode status between the Source Security Group and
	// Destination Security Group is currently enabled or disabled. This will be
	// TRUE if monitor mode is enabled and FALSE if it is disabled. The type is
	// bool.
	MonitorMode interface{}

	// Duration of the Role based permissions that are applied between a Source
	// Security Group and a Destination Security Group. The duration is
	// represented in seconds. The type is interface{} with range:
	// 0..18446744073709551615.
	PolicyLifeTime interface{}

	// Indicates the time when the Role based permissions between a Source
	// Security Group and a Destination Security Group was modified or updated
	// last. The value will be represented as date and time  corresponding to the
	// local time zone of the Identify Services Engine when the Role based
	// permissions was modified or updated last. The type is string with pattern:
	// \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(\.\d+)?(Z|[\+\-]\d{2}:\d{2}).
	LastUpdatedTime interface{}

	// Total number of packets that have been denied by the Role based permissions
	// between a Source Security Group and a Destination Security Group. This
	// corresponds to total packets denied in both hardware and software
	// forwarding paths of the device. The type is interface{} with range:
	// 0..18446744073709551615.
	TotalDenyCount interface{}

	// Total number of packets that have been permitted by the Role based
	// permissions between a Source Security Group and a Destination Security
	// Group. This corresponds to total packets allowed in both hardware and
	// software forwarding paths of the device. The type is interface{} with
	// range: 0..18446744073709551615.
	TotalPermitCount interface{}

	// Number of packets that have been denied in the  software forwarding path of
	// the device by the Role based permissions between a Source Security Group
	// and a Destination Security Group. The type is interface{} with range:
	// 0..18446744073709551615.
	SoftwareDenyCount interface{}

	// Number of packets that have been permitted in the software forwarding path
	// of the device by the Role based permissions between a Source Security Group
	// and a Destination Security Group. The type is interface{} with range:
	// 0..18446744073709551615.
	SoftwarePermitCount interface{}

	// Number of packets that have been denied in the hardware forwarding path of
	// the device by the Role based permissions between a Source Security Group
	// and a Destination Security Group. The type is interface{} with range:
	// 0..18446744073709551615.
	HardwareDenyCount interface{}

	// Number of packets that have been permitted in the hardware forwarding path
	// of the device by the Role based permissions between a Source Security Group
	// and a Destination Security Group. The type is interface{} with range:
	// 0..18446744073709551615.
	HardwarePermitCount interface{}

	// Number of packets that have been monitored in the software forwarding path
	// of the device by the Role based permissions between a Source Security Group
	// and a Destination Security Group. The type is interface{} with range:
	// 0..18446744073709551615.
	SoftwareMonitorCount interface{}

	// Number of packets that have been monitored in the hardware forwarding path
	// of the device by the Role based permissions between a Source Security Group
	// and a Destination Security Group. The type is interface{} with range:
	// 0..18446744073709551615.
	HardwareMonitorCount interface{}
}

TrustsecState_CtsRolebasedPolicies_CtsRolebasedPolicy Role based permissions between a Source Security Group and a Destination Security Group can be retrieved from the device using a Security Group Tag and Destination Group Tag value

func (*TrustsecState_CtsRolebasedPolicies_CtsRolebasedPolicy) GetEntityData 

func (ctsRolebasedPolicy *TrustsecState_CtsRolebasedPolicies_CtsRolebasedPolicy) GetEntityData() *types.CommonEntityData

type TrustsecState_CtsRolebasedSgtmaps 

type TrustsecState_CtsRolebasedSgtmaps struct {
	EntityData types.CommonEntityData
	YFilter    yfilter.YFilter

	// Security Group Tag is assigned for an IP-Address based on the user
	// permissions and authorization  level as configured by the network
	// administrator in Identity Service Engine server or in the device locally.
	// The type is slice of TrustsecState_CtsRolebasedSgtmaps_CtsRolebasedSgtmap.
	CtsRolebasedSgtmap []*TrustsecState_CtsRolebasedSgtmaps_CtsRolebasedSgtmap
}

TrustsecState_CtsRolebasedSgtmaps Security Group Tag value corresponding to an IP-Address in the given VRF instance in this device

func (*TrustsecState_CtsRolebasedSgtmaps) GetEntityData 

func (ctsRolebasedSgtmaps *TrustsecState_CtsRolebasedSgtmaps) GetEntityData() *types.CommonEntityData

type TrustsecState_CtsRolebasedSgtmaps_CtsRolebasedSgtmap 

type TrustsecState_CtsRolebasedSgtmaps_CtsRolebasedSgtmap struct {
	EntityData types.CommonEntityData
	YFilter    yfilter.YFilter
	YListKey   string

	// This attribute is a key. IP-Prefix information to find its corresponding
	// Secure Group Tag. Only IPv4 prefix information is supported currently to
	// get the Security Group Tag binding in this device. The type is one of the
	// following types: string with pattern:
	// (([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/(([0-9])|([1-2][0-9])|(3[0-2])),
	// or string with pattern:
	// ((:|[0-9a-fA-F]{0,4}):)([0-9a-fA-F]{0,4}:){0,5}((([0-9a-fA-F]{0,4}:)?(:|[0-9a-fA-F]{0,4}))|(((25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])))(/(([0-9])|([0-9]{2})|(1[0-1][0-9])|(12[0-8]))).
	Ip interface{}

	// This attribute is a key. VRF-Name to find the Security Group Tag for the
	// corresponding IP-Address in this VRF instance. Only default VRF is
	// supported currently which is indicated by (empty string). The type is
	// string.
	VrfName interface{}

	// Security Group Tag value corresponding to the given IP-Address. The type is
	// interface{} with range: -2147483648..2147483647.
	Sgt interface{}

	// Source information via which the Security Group Tag binding was learned in
	// this device. The type is CtsOdmBindingSource.
	Source interface{}
}

TrustsecState_CtsRolebasedSgtmaps_CtsRolebasedSgtmap Security Group Tag is assigned for an IP-Address based on the user permissions and authorization level as configured by the network administrator in Identity Service Engine server or in the device locally

func (*TrustsecState_CtsRolebasedSgtmaps_CtsRolebasedSgtmap) GetEntityData 

func (ctsRolebasedSgtmap *TrustsecState_CtsRolebasedSgtmaps_CtsRolebasedSgtmap) GetEntityData() *types.CommonEntityData

type TrustsecState_CtsSxpConnections 

type TrustsecState_CtsSxpConnections struct {
	EntityData types.CommonEntityData
	YFilter    yfilter.YFilter

	// Trustsec SXP connection information from a device can be retrieved with the
	// SXP connection peer IP address. Only IPv4 address as Peer IP and default
	// VRF instance in device is supported currently. The type is slice of
	// TrustsecState_CtsSxpConnections_CtsSxpConnection.
	CtsSxpConnection []*TrustsecState_CtsSxpConnections_CtsSxpConnection
}

TrustsecState_CtsSxpConnections Trustsec SXP connection is used between Cisco devices to propagate Security Group Tags from one device to another device. One of the device will be in Speaker mode or Listener mode or both the devices can be in both the connection modes

func (*TrustsecState_CtsSxpConnections) GetEntityData 

func (ctsSxpConnections *TrustsecState_CtsSxpConnections) GetEntityData() *types.CommonEntityData

type TrustsecState_CtsSxpConnections_CtsSxpConnection 

type TrustsecState_CtsSxpConnections_CtsSxpConnection struct {
	EntityData types.CommonEntityData
	YFilter    yfilter.YFilter
	YListKey   string

	// This attribute is a key. IP-Address information of the peer of an SXP
	// connection in this device. Only IPv4 address is currently supported. The
	// type is one of the following types: string with pattern:
	// (([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(%[\p{N}\p{L}]+)?,
	// or string with pattern:
	// ((:|[0-9a-fA-F]{0,4}):)([0-9a-fA-F]{0,4}:){0,5}((([0-9a-fA-F]{0,4}:)?(:|[0-9a-fA-F]{0,4}))|(((25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])))(%[\p{N}\p{L}]+)?.
	PeerIp interface{}

	// This attribute is a key. vrf-name string of the VRF instance in this
	// device, to which the peer of an SXP connection belongs to. Only default VRF
	// is supported currently which is indicated by empty string. The type is
	// string.
	VrfName interface{}

	// Source IP-Address of the SXP connection in this device for the given peer
	// IP-Address. The type is one of the following types: string with pattern:
	// (([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(%[\p{N}\p{L}]+)?,
	// or string with pattern:
	// ((:|[0-9a-fA-F]{0,4}):)([0-9a-fA-F]{0,4}:){0,5}((([0-9a-fA-F]{0,4}:)?(:|[0-9a-fA-F]{0,4}))|(((25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])))(%[\p{N}\p{L}]+)?.
	SourceIp interface{}

	// SXP speaker state information of the SXP connection in this device. This
	// information is valid only if the local mode of the SXP connection in this
	// device is Speaker. The type is SxpConState.
	SpeakerState interface{}

	// Duration of the SXP speaker of the SXP connection in this device. This
	// information is valid only if the local mode of the SXP connection is
	// Speaker. The type is interface{} with range: 0..18446744073709551615.
	SpeakerDuration interface{}

	// SXP listener state information of the SXP  connection in this device. This
	// information is valid only if the local mode of the SXP connection in the
	// device is Listener. The type is SxpConState.
	ListenerState interface{}

	// Duration of the SXP listener of the SXP connection in this device. This
	// information is valid Only if the local mode of the SXP connection is
	// Listener. The type is interface{} with range: 0..18446744073709551615.
	ListenerDuration interface{}

	// SXP connection mode of this device for the SXP connection with the given
	// peer. The type is SxpConMode.
	LocalMode interface{}
}

TrustsecState_CtsSxpConnections_CtsSxpConnection Trustsec SXP connection information from a device can be retrieved with the SXP connection peer IP address. Only IPv4 address as Peer IP and default VRF instance in device is supported currently

func (*TrustsecState_CtsSxpConnections_CtsSxpConnection) GetEntityData 

func (ctsSxpConnection *TrustsecState_CtsSxpConnections_CtsSxpConnection) GetEntityData() *types.CommonEntityData

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.