1. Maintenance Items
  2. 0353
  3. Request
Requested revision
Standard:802.1X-2020Clause:14.5.2
Clause title:ieee802-dot1x-types YANG module
Rationale for revision
The Broadband forum asked IEEE 802.1 to change the definition of the 802.1X
model to use derived-from-or-self. This allows other to use the base YANG
without changing the YANG model if they add types that are derived from
the existing set.  See liaison:
https://www.ieee802.org/1/files/public/docs2022/liaison-BBF-1X-YANGmodel-0322.pdf
Proposed text
Update ieee802-dot1x.yang to indicate yang-version "1.1";

Change:

page 240: (Line 358 in ieee802-dot1x.yang)

Old:

  augment "/if:interfaces/if:interface" {
    when "if:type = 'ianaift:ethernetCsmacd' or
          if:type = 'ianaift:ilan' or
          if:type = 'ianaift:macSecControlledIF' or
          if:type = 'ianaift:ptm' or
          if:type = 'ianaift:bridge'" {
      description
        "Applies to the Controlled Port of SecY or PAC shim or
        Ethernet related Interface.";
    }


New:

  augment "/if:interfaces/if:interface" {
    when
      "derived-from-or-self(if:type,'ianaift:ethernetCsmacd') or "+
      "derived-from-or-self(if:type,'ianaift:ilan') or "+
      "derived-from-or-self(if:type,'ianaift:macSecControlledIF') or "+
      "derived-from-or-self(if:type,'ianaift:ptm') or "+
      "derived-from-or-self(if:type,'ianaift:bridge')" {
      description
        "Applies to the Controlled Port of SecY or PAC shim or
         Ethernet related Interface. Warning if interfaces are
         derived from these types they must preserve the property
         that PAE and MACsec applies to the whole interface. For
         example applying this to only one member of a link aggregation
         would not satisfy this requirement.
    }
Impact on existing networks
This change is backward compatible. It allows derived types for the set above to allow 802.1X configuration on new types of interfaces. This is common practice in YANG modules. The above Warning (or agreed similar text) should be added to warn users that any derived types do not introduce security issues. This change requires yang-version "1.1";
Originator
Name:Don FedykEmail:dfedyk@labn.net
Affiliation:LabN Consulting
Submitted:2023-01-03