scottk/ols-ucentral-schema
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/ols-ucentral-schema.git synced 2025-10-30 17:47:59 +00:00
Code Issues Packages Projects Releases 3 Wiki Activity

Extend schema to add dynamic authorization (CoA) support

Browse Source 
- Extend schema/switch.yml to support configuring
  DAC list (origin of CoA and DM messages), as well as
  configiguring DAS (port on which receive CoA + DM) etc.
- Extend state/unit.yml to report back to the cloud
  current DAS configuration and DAC config.

Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu>
This commit is contained in:
Oleksandr Mazur
2024-01-08 10:53:22 +02:00
parent a57682c9ef
commit 4e9d466c81
2 changed files with 102 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
schema/switch.yml
View File

@@ -129,3 +129,58 @@ properties:
type: integer type: integer
maximum: 64 maximum: 64
minimum: 1 minimum: 1
dynamic-authorization:
description:
Additional dynamic authorization (RFC 5176 compliant) - configure option for DAS that enable RM and CoA processing.
type: object
properties:
auth-type:
description:
Sets the accepted authorization types for dynamic RADIUS clients.
all - Selects all COA client authentication types. All authentication attributes must match for the authentication to succeed.
any - Selects any COA client authentication type. Any authentication attribute may match for the authentication to succeed.
session-key - Indicates that the session-key must match for authentication to succeed.
type: string
enum:
- all
- any
- session-key
bounce-port-ignore:
description:
Sets the switch to ignore bounce-port requests from dynamic authorization clients.
type: boolean
default: false
disable-port-ignore:
description:
Sets the switch to ignore requests from dynamic authorization clients.
type: boolean
default: false
ignore-server-key:
description:
Do not attmept to authenticate with the server key.
type: boolean
default: false
ignore-session-key:
description:
Do not attmept to authenticate with the session key.
type: boolean
default: false
server-key:
description:
Sets the shared secret to verify client COA requests for this server.
type: string
client:
description:
Configure DAC.
type: array
items:
type: object
properties:
address:
description:
A valid IP address or hostname of a DAC.
type: string
server-key:
description:
Sets the shared secret to verify client COA requests for this server.
type: string

48
state/unit.yml
View File

@@ -74,4 +74,50 @@ properties:
examples: examples:
- "ON" - "ON"
- "OFF" - "OFF"
ieee8021x:
description:
This section describes the global (device-wise) 802.1X (port access control) state and config applied.
type: object
properties:
dynamic-authorization:
description:
Reported DAS-related state info.
type: object
properties:
stats:
description:
Cumulative statistics for all configured DACs.
type: object
properties:
coa_req_received:
description:
Number of CoA requests received.
type: number
coa_ack_sent:
description:
Number of CoA ACK responses sent.
type: number
coa_nak_sent:
description:
Number of CoA NAK responses sent.
type: number
coa_ignored:
description:
Number of CoA requests ignored.
type: number
coa_wrong_attr:
description:
Number of CoA requests received with invalid (unsupported) attributes.
type: number
coa_wrong_attr_value:
description:
Number of CoA requests received with invalid (unsupported) attribute value.
type: number
coa_wrong_session_context:
description:
Number of CoA requests received with inexisting session context.
type: number
administratively_prohibited_req:
description:
Number of CoA requests that are sent if the NAS is configured to prohibit honoring of CoA-Request or Disconnect-Request packets for the specified session.
type: number