Requested revision
Standard: | 802.1AEdk | Clause: | 23.11.2 |
Clause title: | ieee802-dot1ae-pry YANG Module |
Rationale for revision
We are relaxing the "when" statements in augments.
This change aligns 802.1AE with 802.1X.
Proposed text
Change:
when "if:type = 'ianaift:ethernetCsmacd' or if:type = "
+ "'ianaift:ilan' or if:type = 'ianaift:macSecControlledIF' or "
+ "if:type = 'ianaift:ptm' or if:type = 'ianaift:bridge'" {
description
"Augment interfaces with 802.1ae MACsec System specific
configuration nodes.";
}
page 180: line 23
augment "/if:interfaces/if:interface" {
when
"derived-from-or-self(if:type,'ianaift:ethernetCsmacd') or "+
"derived-from-or-self(if:type,'ianaift:ilan') or "+
"derived-from-or-self(if:type,'ianaift:macSecControlledIF') or "+
"derived-from-or-self(if:type,'ianaift:ptm') or "+
"derived-from-or-self(if:type,'ianaift:bridge')" {
description
"Augment interfaces with 802.1ae MACsec System specific
configuration nodes. Warning if interfaces are
derived from these types they must preserve the property
that PAE, PRY and MACsec applies to the whole interface. For
example applying this to only one member of a link aggregation
would not satisfy this requirement.";
}
Impact on existing networks
This change is backward compatible. It allows derived types for the
set above to allow 802.1AE configuration on new types of interfaces.
This is common practice in YANG modules. The above Warning (or
agreed equivalent) should be added to warn users that any derived types
do not introduce security issues. The proposed change requires yang 1.1
Originator
Name: | Don Fedyk | Email: | dfedyk@labn.net |
Affiliation: | LabN Consulting | ||
Submitted: | 2022-12-22 |