On Tue, Nov 29, 2016 at 02:58:10PM +0000, Bogaert, Bart (Nokia - BE) wrote: > Hi, > > We're trying to figure out how to prevent a NC client from changing the type > of an interface. Assume that we have an interface stack defined and the > lowest layer of the stack (the physical interface) is of type fastdsl. In > principle a NC client can send an edit-config to the server and change the > type of that interface to something else. It is still a valid YANG model > but it does not make any sense any more. Is there a way to express in YANG > that this type of change is not allowed rather than having some SW > application in the device interacting with the NC server and responding with > an error to avoid this change? The server just can't ignore this change and > leave the type as it was since then the client and the server are no longer > aligned. >
The server has to reject edits that can't be applied to the hardware that is present. Changing fastdsl to ethernet likely would be such a change that can't be applied. Despite of this, you can of course configure access control such that attempts to modify the interface type will be reject. But access control is an added feature; a NC implementation still needs to be able to deal with config change requests that cannot be applied to the resources that are present. > This message (including any attachments) contains confidential information > intended for a specific individual and purpose, and is protected by law. If > you are not the intended recipient, you should delete this message. Any > disclosure, copying, or distribution of this message, or the taking of any > action based on it, is strictly prohibited without the prior consent of its > author. I assume there is consent by the author that the IETF archives these messages since the author has read the Note Well... /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 <http://www.jacobs-university.de/> _______________________________________________ netmod mailing list [email protected] https://www.ietf.org/mailman/listinfo/netmod
