diff --git a/release/models/system/.spec.yml b/release/models/system/.spec.yml index 92061e9bf..bb0d1ed09 100644 --- a/release/models/system/.spec.yml +++ b/release/models/system/.spec.yml @@ -10,6 +10,7 @@ - yang/system/openconfig-hashing.yang - yang/system/openconfig-license.yang - yang/system/openconfig-procmon.yang + - yang/system/openconfig-snmp.yang - yang/system/openconfig-system.yang - yang/system/openconfig-system-bootz.yang - yang/system/openconfig-system-controlplane.yang diff --git a/release/models/system/openconfig-snmp.yang b/release/models/system/openconfig-snmp.yang new file mode 100644 index 000000000..51a383346 --- /dev/null +++ b/release/models/system/openconfig-snmp.yang @@ -0,0 +1,509 @@ +module openconfig-snmp { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/system/snmp"; + + prefix "oc-snmp"; + + // import some basic types + import ietf-yang-types { + prefix yang; + } + + import openconfig-inet-types { + prefix oc-inet; + } + + import openconfig-acl { + prefix oc-acl; + } + + import openconfig-extensions { + prefix oc-ext; + } + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module defines configuration and operational state + data for SNMP services on network systems. + + This module is limited to community-based SNMP. + SNMPv3 is out of scope."; + + oc-ext:openconfig-version "0.1.0"; + + revision "2026-05-05" { + description + "Initial revision."; + reference + "0.1.0"; + } + + oc-ext:regexp-posix; + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + + identity SNMP_NOTIFICATION_EVENT { + description + "Base identity for SNMP notification event types."; + } + + identity ALL { + base SNMP_NOTIFICATION_EVENT; + description + "Enable all SNMP notification event types."; + } + + identity AUTHENTICATION { + base SNMP_NOTIFICATION_EVENT; + description + "Enable authentication failure notifications."; + } + + identity LINE_STATUS { + base SNMP_NOTIFICATION_EVENT; + description + "Enable line/session status change notifications + (e.g., console or VTY login/logout events)."; + } + + typedef snmp-access-mode { + type enumeration { + enum READ_ONLY { + description + "Read-only community access."; + } + enum READ_WRITE { + description + "Read-write community access."; + } + } + description + "SNMP access mode for a community."; + } + + typedef snmp-version { + type enumeration { + enum V1 { + description + "SNMP version 1."; + } + enum V2C { + description + "SNMP version 2c."; + } + } + description + "SNMP protocol version for a receiver or community + in this module."; + } + + typedef snmp-notification-type { + type enumeration { + enum TRAP { + description + "Unacknowledged notification (SNMPv1 trap or + SNMPv2c trap PDU)."; + } + enum INFORM { + description + "Acknowledged notification (SNMPv2c inform + request). Only valid when version is V2C."; + } + } + description + "SNMP notification delivery mechanism."; + } + + grouping snmp-global-config { + description + "Configuration data for global SNMP settings."; + + leaf contact { + type string; + description + "Configured SNMP contact string."; + } + + leaf location { + type string; + description + "Configured SNMP location string."; + } + } + + grouping snmp-global-state { + description + "Operational state data for global SNMP settings. + Reserved for future operational counters such as + total requests received or invalid community + attempts."; + } + + grouping snmp-community-manager-config { + description + "Configuration data for allowed SNMP manager + prefixes."; + + leaf prefix { + type oc-inet:ip-prefix; + description + "Allowed manager prefix for this community."; + } + } + + grouping snmp-community-manager-state { + description + "Operational state data for community manager + prefixes. Reserved for future per-manager + counters."; + } + + grouping snmp-community-manager-top { + description + "Top-level grouping for community manager + prefixes."; + + container managers { + description + "List of allowed manager prefixes for a + community."; + + list manager { + key "prefix"; + description + "List of SNMP manager prefixes allowed to use + this community."; + + leaf prefix { + type leafref { + path "../config/prefix"; + } + description + "Reference to community manager prefix."; + } + + container config { + description + "Configuration data for a community + manager."; + uses snmp-community-manager-config; + } + + container state { + config false; + description + "Operational state data for a community + manager."; + uses snmp-community-manager-config; + uses snmp-community-manager-state; + } + } + } + } + + grouping snmp-community-config { + description + "Configuration data for SNMP communities."; + + leaf name { + type string; + description + "SNMP community name."; + } + + leaf access-mode { + type snmp-access-mode; + description + "Access mode for this community."; + } + + leaf version { + type snmp-version; + description + "SNMP version associated with this community. + Only V1 and V2C are supported by this module."; + } + + leaf access-list { + type leafref { + path "/oc-acl:acl/oc-acl:acl-sets/oc-acl:acl-set" + + "/oc-acl:config/oc-acl:name"; + } + description + "Reference to an ACL restricting which managers + may use this community. Used together with + access-list-type to uniquely identify the ACL + set. When set, the managers list is ignored and + access is governed solely by this ACL. If + omitted, the managers list is consulted; if + both are absent, access is unrestricted."; + } + + leaf access-list-type { + type leafref { + path "/oc-acl:acl/oc-acl:acl-sets/oc-acl:acl-set" + + "/oc-acl:config/oc-acl:type"; + } + description + "Type of the ACL set referenced by access-list. + Required to uniquely identify the ACL set when + multiple sets share the same name with different + types (e.g., IPv4 and IPv6)."; + } + } + + grouping snmp-community-state { + description + "Operational state data for SNMP communities. + Reserved for future per-community counters."; + } + + grouping snmp-community-top { + description + "Top-level grouping for SNMP community configuration."; + + container communities { + description + "List of SNMP communities."; + + list community { + key "name"; + description + "List of configured SNMP communities."; + + leaf name { + type leafref { + path "../config/name"; + } + description + "Reference to the community list key."; + } + + container config { + description + "Configuration data for an SNMP community."; + uses snmp-community-config; + } + + container state { + config false; + description + "Operational state data for an SNMP community."; + uses snmp-community-config; + uses snmp-community-state; + } + + uses snmp-community-manager-top; + } + } + } + + grouping snmp-receiver-config { + description + "Configuration data for SNMP notification receivers."; + + leaf name { + type string; + description + "Unique name identifying this receiver entry."; + } + + leaf address { + type oc-inet:ip-address; + description + "Receiver address for notifications."; + } + + leaf port { + type oc-inet:port-number; + description + "UDP port used for notifications. If omitted, + the standard SNMP trap port (162) is used."; + } + + leaf version { + type snmp-version; + description + "SNMP version used for this receiver. Only V1 + and V2C are supported by this module."; + } + + leaf community { + type string; + description + "Community string used for v1/v2c + notifications."; + } + + leaf notification-type { + type snmp-notification-type; + description + "Notification delivery mechanism for this + receiver. TRAP sends unacknowledged + notifications; INFORM sends acknowledged + notifications (V2C only). If omitted, TRAP + is assumed."; + } + + leaf-list event-type { + type identityref { + base SNMP_NOTIFICATION_EVENT; + } + description + "Event types enabled for this specific receiver. + If empty, the receiver inherits the globally + configured event-type list under + notifications/config. If both are empty, no + notifications are sent. If the global list + contains ALL, all event types are sent unless + this receiver-level list restricts them to a + subset."; + } + } + + grouping snmp-receiver-state { + description + "Operational state data for SNMP receivers."; + + leaf notifications-sent { + type yang:counter64; + description + "Total notifications sent to this receiver."; + } + + leaf notifications-dropped { + type yang:counter64; + description + "Total notifications dropped for this + receiver."; + } + } + + grouping snmp-receiver-top { + description + "Top-level grouping for SNMP notification receivers."; + + container receivers { + description + "List of configured notification receivers."; + + list receiver { + key "name"; + description + "List of SNMP notification receivers."; + + leaf name { + type leafref { + path "../config/name"; + } + description + "Reference to receiver name list key."; + } + + container config { + description + "Configuration data for a notification receiver."; + uses snmp-receiver-config; + } + + container state { + config false; + description + "Operational state data for a notification receiver."; + uses snmp-receiver-config; + uses snmp-receiver-state; + } + } + } + } + + grouping snmp-notifications-config { + description + "Configuration data for SNMP notifications."; + + leaf-list event-type { + type identityref { + base SNMP_NOTIFICATION_EVENT; + } + description + "Globally enabled notification event types. + This list provides a default set of events for + all receivers. Individual receivers may override + this by specifying their own event-type list. + If ALL is included, all event types are enabled + globally; specific identities should not be + combined with ALL."; + } + } + + grouping snmp-notifications-state { + description + "Operational state data for SNMP notifications. + Reserved for future global notification + counters."; + } + + grouping snmp-notifications-top { + description + "Top-level grouping for SNMP notifications."; + + container notifications { + description + "Configuration and state for SNMP notifications."; + + container config { + description + "Configuration data for SNMP notifications."; + uses snmp-notifications-config; + } + + container state { + config false; + description + "Operational state data for SNMP notifications."; + uses snmp-notifications-config; + uses snmp-notifications-state; + } + + uses snmp-receiver-top; + } + } + + grouping snmp-top { + description + "Top-level grouping for SNMP configuration and state."; + + container snmp { + description + "Configuration and operational state for + SNMP community access, notifications, and + trap receivers on a network device."; + + container config { + description + "Configuration data for SNMP."; + uses snmp-global-config; + } + + container state { + config false; + description + "Operational state data for SNMP."; + uses snmp-global-config; + uses snmp-global-state; + } + + uses snmp-community-top; + uses snmp-notifications-top; + } + } +} diff --git a/release/models/system/openconfig-system.yang b/release/models/system/openconfig-system.yang index f191d3833..c5d4bb396 100644 --- a/release/models/system/openconfig-system.yang +++ b/release/models/system/openconfig-system.yang @@ -13,6 +13,7 @@ module openconfig-system { import openconfig-types { prefix oc-types; } import openconfig-extensions { prefix oc-ext; } import openconfig-aaa { prefix oc-aaa; } + import openconfig-snmp { prefix oc-snmp; } import openconfig-system-logging { prefix oc-log; } import openconfig-system-terminal { prefix oc-sys-term; } import openconfig-procmon { prefix oc-proc; } @@ -1390,6 +1391,7 @@ module openconfig-system { uses system-macaddr-top; uses system-memory-top; uses system-ntp-top; + uses oc-snmp:snmp-top; } }