| ietf-system-tacacs-plus@2026-03-13.yang | ietf-system-tacacs-plus@2026-03-13.formatted.yang | |||
|---|---|---|---|---|
| skipping to change at line 572 ¶ | skipping to change at line 571 ¶ | |||
| description | description | |||
| "Configurable parameters for the TLS Hello message."; | "Configurable parameters for the TLS Hello message."; | |||
| reference | reference | |||
| "RFC 9887: Terminal Access Controller Access-Control | "RFC 9887: Terminal Access Controller Access-Control | |||
| System Plus (TACACS+) over TLS 1.3, | System Plus (TACACS+) over TLS 1.3, | |||
| Section 5.1"; | Section 5.1"; | |||
| uses tlscmn:hello-params-grouping { | uses tlscmn:hello-params-grouping { | |||
| refine "tls-versions/min" { | refine "tls-versions/min" { | |||
| must "not(derived-from-or-self(current(), " | must "not(derived-from-or-self(current(), " | |||
| + "'tlscmn:tls12'))" { | + "'tlscmn:tls12'))" { | |||
| error-message | error-message "TLS 1.2 is not supported as min TLS version"; | |||
| "TLS 1.2 is not supported as min TLS version"; | ||||
| } | } | |||
| } | } | |||
| refine "tls-versions/max" { | refine "tls-versions/max" { | |||
| must "not(derived-from-or-self(current(), " | must "not(derived-from-or-self(current(), " | |||
| + "'tlscmn:tls12'))" { | + "'tlscmn:tls12'))" { | |||
| error-message | error-message "TLS 1.2 is not supported as max TLS version"; | |||
| "TLS 1.2 is not supported as max TLS version"; | ||||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| grouping tls-client { | grouping tls-client { | |||
| description | description | |||
| "A grouping for configuring a TLS client without any | "A grouping for configuring a TLS client without any | |||
| consideration for how an underlying TCP session is | consideration for how an underlying TCP session is | |||
| established."; | established."; | |||
| skipping to change at line 795 ¶ | skipping to change at line 792 ¶ | |||
| "Specifies the interface from which the IP address | "Specifies the interface from which the IP address | |||
| is derived for use as the source for outbound | is derived for use as the source for outbound | |||
| TACACS+ packets."; | TACACS+ packets."; | |||
| } | } | |||
| } | } | |||
| } | } | |||
| leaf vrf-instance { | leaf vrf-instance { | |||
| type leafref { | type leafref { | |||
| path "/ni:network-instances/ni:network-instance/ni:name"; | path "/ni:network-instances/ni:network-instance/ni:name"; | |||
| } | } | |||
| must "(not(../source-interface)) or " | must '(not(../source-interface)) or ' | |||
| + "(current() = /if:interfaces/if:interface" | + '(current() = /if:interfaces/if:interface' | |||
| + "[if:name = current()/../source-interface]" | + '[if:name = current()/../source-interface]' | |||
| + "/ni:bind-ni-name)" { | + '/ni:bind-ni-name)' { | |||
| error-message | error-message | |||
| "VRF instance must match the network instance of the | "VRF instance must match the network instance of the | |||
| source interface."; | source interface."; | |||
| } | } | |||
| description | description | |||
| "Specifies the VPN Routing and Forwarding (VRF) instance | "Specifies the VPN Routing and Forwarding (VRF) instance | |||
| to use to communicate with the TACACS+ server. | to use to communicate with the TACACS+ server. | |||
| If 'source-interface' is configured, this value MUST | If 'source-interface' is configured, this value MUST | |||
| match the network instance bound to the source interface | match the network instance bound to the source interface | |||
| (via bind-ni-name)."; | (via bind-ni-name)."; | |||
| End of changes. 3 change blocks. | ||||
| 8 lines changed or deleted | 6 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||