mirror of
https://github.com/hsnodgrass/snmp_mib_archive.git
synced 2025-04-17 16:03:04 +00:00
1227 lines
49 KiB
Plaintext
1227 lines
49 KiB
Plaintext
-- *********************************************************************
|
|
-- CISCO-AAA-SERVER-EXT-MIB.my: AAA Server Extension MIB
|
|
--
|
|
-- November 2003, Sanjeev C Joshi
|
|
-- July 2004, Charuhas Ghatge
|
|
-- May 2005, Vijay J.
|
|
-- Copyright (c) 2003,2004,2005 by cisco Systems, Inc.
|
|
-- All rights reserved.
|
|
--
|
|
-- *********************************************************************
|
|
|
|
CISCO-AAA-SERVER-EXT-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
Unsigned32
|
|
FROM SNMPv2-SMI
|
|
InetAddressType,
|
|
InetAddress
|
|
FROM INET-ADDRESS-MIB
|
|
MODULE-COMPLIANCE, OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
RowStatus,
|
|
TruthValue,
|
|
TEXTUAL-CONVENTION,
|
|
DisplayString
|
|
FROM SNMPv2-TC
|
|
SnmpAdminString
|
|
FROM SNMP-FRAMEWORK-MIB
|
|
ciscoMgmt
|
|
FROM CISCO-SMI
|
|
casConfigEntry,
|
|
CiscoAAAProtocol
|
|
FROM CISCO-AAA-SERVER-MIB
|
|
TimeIntervalMin,
|
|
TimeIntervalSec
|
|
FROM CISCO-TC;
|
|
|
|
ciscoAAAServerExtMIB MODULE-IDENTITY
|
|
LAST-UPDATED "200505230000Z"
|
|
ORGANIZATION "Cisco Systems, Inc."
|
|
CONTACT-INFO
|
|
" Cisco Systems
|
|
Customer Service
|
|
|
|
Postal: 170 W Tasman Drive
|
|
San Jose, CA 95134
|
|
USA
|
|
|
|
Tel: +1 800 553-NETS
|
|
|
|
E-mail: cs-aaa@cisco.com"
|
|
DESCRIPTION
|
|
"This MIB is an extension to the CISCO-AAA-SERVER-MIB.
|
|
This MIB module enhances the 'casConfigTable' to
|
|
include other types of Server addresses.
|
|
This also provides management of :
|
|
- Generic configurations as applied on the AAA
|
|
module.
|
|
- Global configuration settings, i.e., settings for
|
|
all the AAA Servers instrumented in one instance
|
|
of this MIB.
|
|
- Server Group configuration
|
|
- Application-to-AAA Function-to-Server Group
|
|
mapping configuration."
|
|
REVISION "200505230000Z"
|
|
DESCRIPTION
|
|
" - Added notConfigured(3) enumeration
|
|
to CiscoAAAServerKeyEncrType TC.
|
|
- Added cAAALoginAuthTypeMSCHAP
|
|
under cAAASvrExtGenericConfig.
|
|
- Added cAAAServerProtoDirectedReq in
|
|
cAAASvrExtProtocolParamTable.
|
|
- Added cAAASvrGrpConfigDeadTime in
|
|
cAAASvrExtSvrGrpConfigTable.
|
|
- Added following objects in cAAASvrExtConfigTable.
|
|
cAAAServerRootDN
|
|
cAAAServerIdleTime
|
|
cAAAServerTestUser
|
|
cAAAServerTestPassword
|
|
- Added cAAASvrExtSvrGrpLDAPConfigTable."
|
|
REVISION "200505090000Z"
|
|
DESCRIPTION
|
|
"Added cAAASvrExtClearAccLog."
|
|
REVISION "200311140000Z"
|
|
DESCRIPTION
|
|
"Initial version of this MIB."
|
|
::= { ciscoMgmt 367 }
|
|
|
|
--
|
|
-- AAA Server MIB object definitions
|
|
--
|
|
|
|
ciscoAAASvrExtMIBObjects OBJECT IDENTIFIER
|
|
::= { ciscoAAAServerExtMIB 1 }
|
|
ciscoAAASvrExtMIBConformance OBJECT IDENTIFIER
|
|
::= { ciscoAAAServerExtMIB 2 }
|
|
|
|
cAAASvrExtGenericConfig OBJECT IDENTIFIER
|
|
::= { ciscoAAASvrExtMIBObjects 1 }
|
|
cAAASvrExtSvrTableConfig OBJECT IDENTIFIER
|
|
::= { ciscoAAASvrExtMIBObjects 2 }
|
|
cAAASvrExtProtoParamConfig OBJECT IDENTIFIER
|
|
::= { ciscoAAASvrExtMIBObjects 3 }
|
|
cAAASvrExtSvrGrpConfig OBJECT IDENTIFIER
|
|
::= { ciscoAAASvrExtMIBObjects 4 }
|
|
cAAASvrExtAppSvrGrpMapConfig OBJECT IDENTIFIER
|
|
::= { ciscoAAASvrExtMIBObjects 5 }
|
|
|
|
--
|
|
-- Textual Conventions
|
|
--
|
|
|
|
CiscoAAAServerKeyEncrType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Encryption type used for the AAA Server auth key.
|
|
|
|
plain(1) - Key is in Plain Text.
|
|
encrypted(2) - Key is Encrypted.
|
|
notConfigured(3) - Key is not configured.
|
|
."
|
|
SYNTAX INTEGER {
|
|
plain(1),
|
|
encrypted(2),
|
|
notConfigured(3)
|
|
}
|
|
|
|
--
|
|
-- Generic configurations for AAA module - cAAASvrExtGenericConfig
|
|
--
|
|
|
|
cAAASvrExtLocalAccLogMaxSize OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..100000000)
|
|
UNITS "bytes"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum size of the accounting log file in bytes.
|
|
The log file is stored on local persistent storage at the
|
|
device. If the size is set to a smaller value than the
|
|
existing one, then smaller log will be available for view
|
|
by the user."
|
|
::= { cAAASvrExtGenericConfig 1 }
|
|
|
|
cAAASvrExtSvrGrpSvrListMaxEnt OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..64)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of AAA Server entries that
|
|
the agent supports within a Server Group.
|
|
This puts the restriction of number of AAA Servers
|
|
in the 'cAAAServerList' of
|
|
'cAAASvrExtSvrGrpConfigTable'."
|
|
::= { cAAASvrExtGenericConfig 2 }
|
|
|
|
cAAASvrExtAppToSvrGrpMaxEnt OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..64)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of Server Groups entries that
|
|
the agent supports for application type on per
|
|
AAA operation basis excluding the 'Local' and 'Trivial'
|
|
modes.
|
|
This puts the restriction of number of Server Groups
|
|
in the 'cAAASvrGrpList' of
|
|
'cAAASvrExtSerSvrGrpConfigTable'."
|
|
::= { cAAASvrExtGenericConfig 3 }
|
|
|
|
cAAASvrExtClearAccLog OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
clear(1),
|
|
noOp(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object clears the accounting log, when set
|
|
to 'clear'.
|
|
No action is taken if this object is set to 'noOp'.
|
|
When read, the value 'noOp' is returned."
|
|
|
|
::= { cAAASvrExtGenericConfig 4 }
|
|
|
|
cAAALoginAuthTypeMSCHAP OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This indicates whether the MSCHAP authentication mechanism
|
|
should be used for authenticating the user through remote
|
|
AAA Server during login.
|
|
|
|
The value 'true(1)' indicates MSCHAP authentication
|
|
should be used.
|
|
|
|
The value 'false(2)' indicates that the default
|
|
authentication mechanism should be used.
|
|
|
|
The value of this object is used for authentication during
|
|
user's login only."
|
|
DEFVAL { false }
|
|
::= { cAAASvrExtGenericConfig 5 }
|
|
|
|
--
|
|
-- Server Configuration Table cAAASvrExtSvrTableConfig
|
|
--
|
|
|
|
cAAASvrExtConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF AAASvrExtEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table extends the 'casConfigTable' from
|
|
CISCO-AAA-SERVER-MIB to provide configuration
|
|
flexibility.
|
|
An entry cannot be created until at least one of the
|
|
following objects/object-set are instantiated :
|
|
- cAAAServerAddrType and cAAAServerAddr set
|
|
Or
|
|
- casAddress of casConfigTable
|
|
If both 'casAddress' and 'cAAAServerAddr'(along with
|
|
'cAAAServerAddrType') are set during the row creation,
|
|
the values need to be consistent. Else it results in
|
|
an error."
|
|
::= { cAAASvrExtSvrTableConfig 1 }
|
|
|
|
cAAASvrExtConfigEntry OBJECT-TYPE
|
|
SYNTAX AAASvrExtEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry (conceptual row) in cAAASvrExtConfigTable."
|
|
AUGMENTS { casConfigEntry }
|
|
::= { cAAASvrExtConfigTable 1}
|
|
|
|
AAASvrExtEntry ::=
|
|
SEQUENCE {
|
|
cAAAServerAddrType InetAddressType,
|
|
cAAAServerAddr InetAddress,
|
|
cAAAServerKeyEncrType CiscoAAAServerKeyEncrType,
|
|
cAAAServerDeadTime TimeIntervalMin,
|
|
cAAAServerTimeOut TimeIntervalSec,
|
|
cAAAServerRetransmits Unsigned32,
|
|
cAAAServerRootDN SnmpAdminString,
|
|
cAAAServerIdleTime TimeIntervalMin,
|
|
cAAAServerTestUser SnmpAdminString,
|
|
cAAAServerTestPassword SnmpAdminString
|
|
}
|
|
|
|
cAAAServerAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of address of the AAA Server as specified
|
|
by object 'cAAAServerAddr'.
|
|
If the user sets 'casAddress' column of the
|
|
'casConfigTable', then 'cAAAServerAddrType' is
|
|
appropriately filled by the agent.
|
|
If the user specifies a value other than 'ipv4',
|
|
then the 'casAddress' is set to zero-length string."
|
|
DEFVAL { ipv4 }
|
|
::= { cAAASvrExtConfigEntry 1 }
|
|
|
|
cAAAServerAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The address of the AAA Server.
|
|
If the users sets 'casAddress' column of the
|
|
'casConfigTable', then 'cAAAServerAddr' is
|
|
appropriately filled by the agent."
|
|
::= { cAAASvrExtConfigEntry 2 }
|
|
|
|
cAAAServerKeyEncrType OBJECT-TYPE
|
|
SYNTAX CiscoAAAServerKeyEncrType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The encryption type of the corresponding instance
|
|
of the server key 'casKey' in the augmented row of
|
|
the 'casConfigTable'."
|
|
DEFVAL { plain }
|
|
::= { cAAASvrExtConfigEntry 3 }
|
|
|
|
cAAAServerDeadTime OBJECT-TYPE
|
|
SYNTAX TimeIntervalMin (0..1440)
|
|
UNITS "minutes"
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This indicates the length of time in minutes that the
|
|
system will mark the server dead when a AAA server does
|
|
not respond to an authentication request. During the
|
|
interval of the dead time, any authentication request
|
|
that comes up would not be sent to that AAA server that
|
|
was marked as dead.
|
|
This value overrides value set in the
|
|
'cAAAServerProtoDeadTime' of the
|
|
'cAAASvrExtProtocolParamTable' for this server.
|
|
If this value is zero, then the value set in the
|
|
'cAAAServerProtoDeadTime' is used."
|
|
DEFVAL { 0 }
|
|
::= { cAAASvrExtConfigEntry 4 }
|
|
|
|
cAAAServerTimeOut OBJECT-TYPE
|
|
SYNTAX TimeIntervalSec (0..1000)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time in seconds between retransmissions to
|
|
the AAA server.This value overrides value set in the
|
|
'cAAAServerProtoTimeOut' of the
|
|
'cAAASvrExtProtocolParamTable' for this server.
|
|
If this value is zero, then the value set in the
|
|
'cAAAServerProtoTimeOut' is used."
|
|
DEFVAL { 0 }
|
|
::= { cAAASvrExtConfigEntry 5 }
|
|
|
|
cAAAServerRetransmits OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..100)
|
|
UNITS "retransmits"
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The additional number of times the AAA server should be
|
|
tried by the AAA client before giving up on the server.
|
|
This value overrides value set in the
|
|
'cAAAServerProtoTimeOut' of the
|
|
'cAAASvrExtProtocolParamTable' for this server.
|
|
If this value is zero, then the value set in the
|
|
'cAAAServerProtoRetransmits' is used."
|
|
DEFVAL { 0 }
|
|
::= { cAAASvrExtConfigEntry 6 }
|
|
|
|
cAAAServerRootDN OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(0..64))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the root Distinguished Name
|
|
to be used in authenticating the access to LDAP
|
|
server database."
|
|
DEFVAL { "" }
|
|
::= { cAAASvrExtConfigEntry 7 }
|
|
|
|
cAAAServerIdleTime OBJECT-TYPE
|
|
SYNTAX TimeIntervalMin (0..1440)
|
|
UNITS "minutes"
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This indicates the time interval in minutes, at which the
|
|
system will periodically test the AAA Server by
|
|
sending test packets to the server. The default value
|
|
of 0 means that the AAA server will not be tested
|
|
periodically."
|
|
DEFVAL { 0 }
|
|
::= { cAAASvrExtConfigEntry 8 }
|
|
|
|
cAAAServerTestUser OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (1..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The username to be used in the test packets sent
|
|
to AAA Server to test if the Server responds to the
|
|
requests or not."
|
|
::= { cAAASvrExtConfigEntry 9 }
|
|
|
|
cAAAServerTestPassword OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (1..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The password to be used in test packets sent to AAA
|
|
Server to test if the Server responds to the
|
|
requests or not.
|
|
|
|
A zero-length string is always returned when this
|
|
object is read."
|
|
::= { cAAASvrExtConfigEntry 10 }
|
|
|
|
--
|
|
-- AAA protocol parameter configuration - cAAASvrExtProtoParamConfig
|
|
--
|
|
|
|
cAAASvrExtProtocolParamTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF ProtocolParamEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains the per-protocol parameters for use by
|
|
all AAA Servers instrumented in one instance of this MIB."
|
|
::= { cAAASvrExtProtoParamConfig 1 }
|
|
|
|
|
|
cAAASvrExtProtocolParamEntry OBJECT-TYPE
|
|
SYNTAX ProtocolParamEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry (conceptual row) in
|
|
'cAAASvrExtProtocolParamTable'. Each row of the
|
|
table indicates the protocol parameters setting
|
|
for a particular AAA protocol. New entries can
|
|
not be created. The existing rows can only be
|
|
modified."
|
|
INDEX { cAAAServerProtocol }
|
|
::= { cAAASvrExtProtocolParamTable 1 }
|
|
|
|
ProtocolParamEntry ::=
|
|
SEQUENCE {
|
|
cAAAServerProtocol CiscoAAAProtocol,
|
|
cAAAServerProtoAuthKey DisplayString,
|
|
cAAAServerProtoKeyEncrType CiscoAAAServerKeyEncrType,
|
|
cAAAServerProtoDeadTime TimeIntervalMin,
|
|
cAAAServerProtoTimeOut TimeIntervalSec,
|
|
cAAAServerProtoRetransmits Unsigned32,
|
|
cAAAServerProtoSvrTableMaxEnt Unsigned32,
|
|
cAAAServerProtoDirectedReq TruthValue
|
|
|
|
}
|
|
|
|
cAAAServerProtocol OBJECT-TYPE
|
|
SYNTAX CiscoAAAProtocol
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The AAA Protocol for which these settings are
|
|
being applied."
|
|
::= { cAAASvrExtProtocolParamEntry 1 }
|
|
|
|
cAAAServerProtoAuthKey OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The key used in encrypting the packets passed
|
|
between the AAA server and the client.This key
|
|
must match the one configured on the server.
|
|
This Object is similar to the 'caskey'.
|
|
If the 'caskey' of the 'casConfigTable' is
|
|
administratively set to zero length string,
|
|
then this key used.
|
|
Retrieving the value of this object via SNMP will
|
|
always return an empty string for security reasons."
|
|
DEFVAL { "" }
|
|
::= { cAAASvrExtProtocolParamEntry 2 }
|
|
|
|
cAAAServerProtoKeyEncrType OBJECT-TYPE
|
|
SYNTAX CiscoAAAServerKeyEncrType
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The encryption type of the server key
|
|
'cAAAServerProtoAuthKey'."
|
|
DEFVAL { plain }
|
|
::= { cAAASvrExtProtocolParamEntry 3 }
|
|
|
|
cAAAServerProtoDeadTime OBJECT-TYPE
|
|
SYNTAX TimeIntervalMin (0..1440)
|
|
UNITS "minutes"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The DeadTime setting for AAA Servers.
|
|
If 'cAAAServerDeadTime' of 'cAAASvrExtConfigTable' is zero,
|
|
this value is used.
|
|
This indicates the length of time in minutes that the
|
|
system will mark the server dead when a AAA server does
|
|
not respond to an authentication request. During the
|
|
interval of the dead time, any authentication request
|
|
that comes up would not be sent to that AAA server
|
|
that was marked as dead. The default value of 0 means
|
|
that the AAA servers will not be marked dead if they
|
|
do not respond."
|
|
DEFVAL { 0 }
|
|
::= { cAAASvrExtProtocolParamEntry 4 }
|
|
|
|
cAAAServerProtoTimeOut OBJECT-TYPE
|
|
SYNTAX TimeIntervalSec (1..1000)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time in seconds between retransmissions to
|
|
the AAA server.
|
|
If 'cAAAServerTimeOut' of 'cAAASvrExtConfigTable' is zero
|
|
, this value is used."
|
|
DEFVAL { 1 }
|
|
::= { cAAASvrExtProtocolParamEntry 5 }
|
|
|
|
cAAAServerProtoRetransmits OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..100)
|
|
UNITS "retransmits"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The additional number of times the AAA server should be
|
|
tried by the AAA client before giving up on the server.
|
|
If 'cAAAServerRetransmits' of 'cAAASvrExtConfigTable' is
|
|
zero, this value is used."
|
|
DEFVAL { 1 }
|
|
::= { cAAASvrExtProtocolParamEntry 6 }
|
|
|
|
cAAAServerProtoSvrTableMaxEnt OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..65536)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each instance of this object specifies the maximum
|
|
number of AAA server entries in the 'casConfigTable',
|
|
for a particular protocol."
|
|
::= { cAAASvrExtProtocolParamEntry 7 }
|
|
|
|
cAAAServerProtoDirectedReq OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is to specify whether a user could choose
|
|
a AAA server for authentication during login.
|
|
|
|
The value 'true(1)' indicates that a user can specify
|
|
the remote AAA server for authentication during login.
|
|
If the user specifies the login name as
|
|
'username@hostname', then the authentication request
|
|
will be sent to remote AAA server 'hostname' with
|
|
username as 'username'. An entry should exist in
|
|
cAAASvrExtConfigTable with 'cAAAServerAddr' value
|
|
'hostname'. The configuration in
|
|
cAAASvrExtAppSvrGrpConfigTable is not used, if the
|
|
specified remote AAA server fails to respond.
|
|
|
|
The value 'false(2)' indicates user cannot specify the
|
|
remote AAA server for authentication during login.
|
|
If user specifies the login name as 'username@hostname',
|
|
then the complete string will be treated as username and
|
|
the user will be authenticated as per configuration in
|
|
cAAASvrExtAppSvrGrpConfigTable."
|
|
DEFVAL { false }
|
|
::= { cAAASvrExtProtocolParamEntry 8 }
|
|
|
|
--
|
|
-- Server Group Configuration Table - cAAASvrExtSvrGrpConfig
|
|
--
|
|
|
|
cAAASvrExtSvrGrpConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF ServerGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table consisting of entries for Server Groups.
|
|
A server group consists of a number of AAA servers
|
|
implementing the same AAA protocol. Multiple server
|
|
groups (usually one group for TACACS+ and one group
|
|
for RADIUS) can be used for the same service for
|
|
authentication, authorization and accounting purpose.
|
|
An entry cannot be created until following objects are
|
|
instantiated
|
|
- cAAASvrGrpName
|
|
- cAAASvrGrpProtocol
|
|
- cAAAServerList with at least one member
|
|
Note that an implementation may support any number of
|
|
permanent rows which cannot be deleted. These permanent
|
|
groups are system defined groups and not created by the
|
|
user."
|
|
::= { cAAASvrExtSvrGrpConfig 1 }
|
|
|
|
cAAASvrExtSvrGrpConfigEntry OBJECT-TYPE
|
|
SYNTAX ServerGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry (conceptual row) in the
|
|
cAAASvrExtSvrGrpConfigTable. "
|
|
INDEX { cAAASvrGrpIndex }
|
|
::= { cAAASvrExtSvrGrpConfigTable 1}
|
|
|
|
ServerGroupEntry ::=
|
|
SEQUENCE {
|
|
cAAASvrGrpIndex Unsigned32,
|
|
cAAASvrGrpName SnmpAdminString,
|
|
cAAASvrGrpProtocol CiscoAAAProtocol,
|
|
cAAAServerList OCTET STRING,
|
|
cAAASvrGrpConfigRowStatus RowStatus,
|
|
cAAASvrGrpConfigDeadTime TimeIntervalMin
|
|
|
|
}
|
|
|
|
cAAASvrGrpIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..100)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index for each of the Server Group entries."
|
|
::= { cAAASvrExtSvrGrpConfigEntry 1 }
|
|
|
|
cAAASvrGrpName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (1..64))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the Server Group. The 'cAAASvrGrpName'
|
|
has to be specified by the user during the creation
|
|
of this row entry.
|
|
The cAAASvrGrpName can not be modified when
|
|
cAAASvrGrpConfigRowStatus is 'active'."
|
|
::= { cAAASvrExtSvrGrpConfigEntry 2 }
|
|
|
|
cAAASvrGrpProtocol OBJECT-TYPE
|
|
SYNTAX CiscoAAAProtocol
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The AAA Protocol to which this Server Group belongs to.
|
|
The cAAASvrGrpProtocol can not be modified when
|
|
cAAASvrGrpConfigRowStatus is 'active'."
|
|
DEFVAL {tacacsplus}
|
|
::= { cAAASvrExtSvrGrpConfigEntry 3 }
|
|
|
|
cAAAServerList OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(4..256))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This represents ordered list of AAA Servers which form
|
|
this Server Group.
|
|
This object contains list of the AAA Servers as defined
|
|
in the 'casConfigTable'.
|
|
The value of this object is a concatenation of one or
|
|
more 4-octet strings, where each 4-octet string represents
|
|
a 32-bit 'casIndex' value of 'casConfigTable' in network
|
|
byte order. This Index along with the 'cAAASvrGrpProtocol'
|
|
that is set in the same row form the composite index in
|
|
the 'casConfigTable'.
|
|
The order in which servers occur within the value of this
|
|
object determines the Server priority in that group. The
|
|
first one will be 'Primary' and the rest are 'secondary'
|
|
( others).
|
|
At least one index has to be provided when creating this
|
|
row. A Server Group can not exist without any members.
|
|
The maximum AAA Servers that can be specified is limited
|
|
by 'cAAASvrExtSvrGrpSvrListMaxEnt' value."
|
|
::= { cAAASvrExtSvrGrpConfigEntry 4 }
|
|
|
|
cAAASvrGrpConfigRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of this conceptual row.This object can not
|
|
be set to 'active' unless the corresponding value of
|
|
'cAAASvrGrpName' is unique. Once value of this object
|
|
is set to 'active', the associated entry can not be
|
|
modified except destroyed by setting this object to
|
|
destroy(6)."
|
|
::= { cAAASvrExtSvrGrpConfigEntry 5 }
|
|
|
|
cAAASvrGrpConfigDeadTime OBJECT-TYPE
|
|
SYNTAX TimeIntervalMin (0..1440)
|
|
UNITS "minutes"
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The DeadTime setting for AAA Server Group.
|
|
This indicates the length of time in minutes that the
|
|
system will mark the server dead when a AAA server does
|
|
not respond to an authentication request. During the
|
|
interval of the dead time, any authentication request
|
|
that comes up would not be sent to that AAA server
|
|
that was marked as dead. The default value of 0 means
|
|
that the AAA servers will not be marked dead if they
|
|
do not respond."
|
|
DEFVAL { 0 }
|
|
::= { cAAASvrExtSvrGrpConfigEntry 6 }
|
|
|
|
--
|
|
-- AAA Server Group Configuration for LDAP Protocol.
|
|
--
|
|
cAAASvrExtSvrGrpLDAPConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CAAASvrExtSvrGrpLDAPConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table is extension to cAAASvrExtSvrGrpConfigTable.
|
|
|
|
An entry will be created in this table
|
|
by the agent whenever an entry is created
|
|
in cAAASvrExtSvrGrpConfigTable with
|
|
cAAASvrGrpProtocol set to 'ldap'.
|
|
|
|
An entry will get destroyed by the agent
|
|
whenever corresponding entry in
|
|
cAAASvrExtSvrGrpConfigTable identified
|
|
by cAAASvrGrpIndex is destroyed.
|
|
|
|
The SNMP Manager can not create
|
|
or destroy entries in this table.
|
|
The SNMP Manager can modify columnar
|
|
objects in this table."
|
|
::= { cAAASvrExtSvrGrpConfig 2 }
|
|
|
|
cAAASvrExtSvrGrpLDAPConfigEntry OBJECT-TYPE
|
|
SYNTAX CAAASvrExtSvrGrpLDAPConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the table. Each entry corresponds
|
|
to LDAP server group identified by
|
|
a corresponding entry in cAAASvrExtSvrGrpConfigTable
|
|
with cAAASvrGrpProtocol value of 'ldap'.
|
|
Each entry contains information on LDAP Base
|
|
Distinguished Name, Filter and user profile."
|
|
INDEX { cAAASvrGrpIndex }
|
|
::= { cAAASvrExtSvrGrpLDAPConfigTable 1}
|
|
|
|
CAAASvrExtSvrGrpLDAPConfigEntry ::=
|
|
SEQUENCE {
|
|
cAAASvrGrpLDAPBaseDN SnmpAdminString,
|
|
cAAASvrGrpLDAPFilterUser SnmpAdminString,
|
|
cAAASvrGrpLDAPUserProfile SnmpAdminString
|
|
}
|
|
|
|
cAAASvrGrpLDAPBaseDN OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (0..64))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the base entry in the
|
|
LDAP hierarchy where the LDAP server should begin
|
|
searching when it receives an authorization request."
|
|
DEFVAL { "" }
|
|
::= { cAAASvrExtSvrGrpLDAPConfigEntry 1 }
|
|
|
|
cAAASvrGrpLDAPFilterUser OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (0..128))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the filter to be
|
|
used to search user entry in LDAP server
|
|
database."
|
|
REFERENCE
|
|
"RFC2254 - Section 3. LDAP Search Filter Definition."
|
|
DEFVAL { "" }
|
|
::= { cAAASvrExtSvrGrpLDAPConfigEntry 2 }
|
|
|
|
cAAASvrGrpLDAPUserProfile OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (0..64))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the attribute type for
|
|
user profile private attribute. This attribute
|
|
is requested in search request to the LDAP server."
|
|
DEFVAL { "" }
|
|
::= { cAAASvrExtSvrGrpLDAPConfigEntry 3 }
|
|
--
|
|
-- Application-Server Group mapping configuration
|
|
-- cAAASvrExtAppSvrGrpMapConfig
|
|
--
|
|
|
|
cAAASvrExtAppSvrGrpConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF AppSvrGrpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table associating the AAA server groups for
|
|
specific AAA function for a given Application
|
|
and Application Sub-Type. If the device encounters
|
|
ERRORs from server(s) in first group of
|
|
'cAAASvrGrpList',it will try servers in next
|
|
server group. The order in which Server Groups occur
|
|
within the value of 'cAAASvrGrpList' decides the order
|
|
of trial for AAA function.
|
|
Similarly, within a server group, each server
|
|
in the group will be tried one by one until one
|
|
of them responds with either SUCCESS or FAIL.
|
|
In case all the Server Groups return ERROR,
|
|
'Local' mechanism ('cAAASvrGrpLocal') followed by
|
|
'Trivial' mechanism ('cAAASvrGrpTrivial') are tried,
|
|
if so configured."
|
|
::= { cAAASvrExtAppSvrGrpMapConfig 1 }
|
|
|
|
cAAASvrExtAppSvrGrpConfigEntry OBJECT-TYPE
|
|
SYNTAX AppSvrGrpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry (conceptual row) in the
|
|
cAAASvrExtSerSvrGrpConfigTable.
|
|
New entries can not be created. The existing
|
|
rows only can be modified."
|
|
INDEX { cAAAApplicationType,
|
|
cAAAApplicationSubType,
|
|
cAAAFunction }
|
|
::= { cAAASvrExtAppSvrGrpConfigTable 1}
|
|
|
|
AppSvrGrpEntry ::=
|
|
SEQUENCE {
|
|
cAAAApplicationType INTEGER,
|
|
cAAAApplicationSubType INTEGER,
|
|
cAAAFunction INTEGER,
|
|
cAAASvrGrpLocal TruthValue,
|
|
cAAASvrGrpTrivial TruthValue,
|
|
cAAASvrGrpList OCTET STRING
|
|
}
|
|
|
|
cAAAApplicationType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
default (1),
|
|
login (2),
|
|
dhchap (3),
|
|
iSCSI (4)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Application type for which this AAA configuration
|
|
is applied.
|
|
Each of these applications uses AAA services on the device.
|
|
'login' application includes console, telnet and SSH based
|
|
login using the username and password.
|
|
DHCHAP (Diffie Hellman Challenge Handshake Authentication
|
|
Protocol) is a FC-SP compliant authentication protocol that
|
|
can be used for switch-to-switch, host-to-switch and
|
|
host-to-host authentication. DHCHAP is of the applications
|
|
for AAA. DH-CHAP is basically combination of bi-directional
|
|
CHAP authentication ([4]) with Diffie-Hellman exchange.
|
|
iSCSI (Small Computer Systems Interface over IP) is an SCSI
|
|
transport protocol for mapping of block-oriented storage
|
|
data over TCP/IP networks.
|
|
The 'default' application type indicates the default
|
|
configurations which can be used by all the applications,
|
|
unless overridden by specific application types."
|
|
REFERENCE
|
|
" - Fibre Channel Security Protocols (FC-SP) REV. 1.0,
|
|
T11 FC-SP Working Document T11/03-149v0.pdf
|
|
- Challenge Handshake Authentication Protocol (CHAP)
|
|
RFC 1994
|
|
- iSCSI Internet Draft
|
|
."
|
|
::= { cAAASvrExtAppSvrGrpConfigEntry 1 }
|
|
|
|
cAAAApplicationSubType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
all (1),
|
|
console(2)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Application Sub-Type. This is very specific to
|
|
the application attached and indicates the
|
|
sub-application.
|
|
For 'login' application:
|
|
- If the 'cAAAApplicationSubType' is 'all', the
|
|
configuration appearing in the corresponding row
|
|
is used by all the 'login' applications.
|
|
- If the 'cAAAApplicationSubType' is 'console',
|
|
console login uses this configuration instead
|
|
of the 'all'.
|
|
For the 'dhchap' application, the only allowed
|
|
'cAAAApplicationSubType' is 'all'. This means, the
|
|
configuration appearing in the corresponding row is
|
|
used by all the 'dhchap' applications.
|
|
For the 'iSCSI' application, the only allowed
|
|
'cAAAApplicationSubType' is 'all'. This means, the
|
|
configuration appearing in the corresponding row is
|
|
used by all the iSCSI applications.
|
|
For the 'default' application,
|
|
- the allowed 'cAAAApplicationSubType' values are
|
|
'all' and 'console', when 'cAAAFunction' is
|
|
'authorization'
|
|
- the allowed 'cAAAApplicationSubType' value is
|
|
'all', when 'cAAAFunction' is 'accounting'
|
|
."
|
|
::= { cAAASvrExtAppSvrGrpConfigEntry 2 }
|
|
|
|
cAAAFunction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
authentication (1),
|
|
authorization (2),
|
|
accounting (3)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The AAA function to which this application
|
|
configuration row corresponds to."
|
|
::= { cAAASvrExtAppSvrGrpConfigEntry 3 }
|
|
|
|
cAAASvrGrpLocal OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value 'true(1)' indicates 'Local' AAA
|
|
is allowed.
|
|
The value 'false(2)' indicates 'Local' AAA
|
|
is not allowed.
|
|
'Local' AAA is used only after trying all the Server
|
|
Groups in the 'cAAASvrGrpList'.
|
|
The 'Local' AAA means all the AAA functions
|
|
are performed using the local AAA Service
|
|
provided in the Device.
|
|
|
|
The value of this object can not be set to 'false'
|
|
in the following conditions :
|
|
- 'cAAAApplicationType' is 'default' and 'cAAAFuction'
|
|
is 'authentication' or 'accounting'
|
|
|
|
and
|
|
|
|
- value of corresponding instance of
|
|
'cAAASvrGrpTrivial' is 'false' and no server groups
|
|
configured in the value of the corresponding instance
|
|
of 'cAAASvrGrpList'
|
|
|
|
The value of this object can not be set to 'true'
|
|
if the 'cAAAFuction' value is 'authorization'."
|
|
::= { cAAASvrExtAppSvrGrpConfigEntry 4 }
|
|
|
|
cAAASvrGrpTrivial OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value 'true(1)' indicates 'Trivial' AAA
|
|
is allowed.
|
|
The value 'false(2)' indicates 'Trivial' AAA
|
|
is not allowed.
|
|
'Trivial' AAA is used only after trying all the Server
|
|
Groups in the 'cAAASvrGrpList' and 'Local' AAA
|
|
(if configured).
|
|
Trivial AAA corresponds to one of the following
|
|
based on the value of corresponding instance of
|
|
'AAAFunction':
|
|
- User name based authentication, if 'cAAAFunction'
|
|
value is 'authentication'
|
|
- No Authorization check, if 'cAAAFunction'
|
|
value is 'authorization'
|
|
- No accounting, if 'cAAAFunction'
|
|
value is 'accounting'
|
|
|
|
The value of this object can not be set to 'false'
|
|
in the following conditions :
|
|
- 'cAAAApplicationSubType' is 'all' and 'cAAAFuction'
|
|
is 'authorization'
|
|
|
|
and
|
|
|
|
- value of corresponding instance of 'cAAASvrGrpLocal'
|
|
is 'false' and no server groups configured in the
|
|
value of the corresponding instance of 'cAAASvrGrpList'
|
|
|
|
The value of this object can not be set to 'true'
|
|
in the following conditions :
|
|
- when 'cAAAApplicationType' is 'iSCSI' ,
|
|
'cAAAApplicationSubType' is 'all' and
|
|
'cAAAFuction' is 'authentication'
|
|
|
|
- when 'cAAAApplicationType' is 'dhchap' ,
|
|
'cAAAApplicationSubType' is 'all' and
|
|
'cAAAFuction' is 'authentication'
|
|
."
|
|
::= { cAAASvrExtAppSvrGrpConfigEntry 5 }
|
|
|
|
cAAASvrGrpList OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..256))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This represents ordered list of AAA Server Groups that are
|
|
configured for this application to perform AAA functions.
|
|
This object contains list of the AAA Server Groups as
|
|
defined in the 'cAAASvrExtSvrGrpConfigTable'.
|
|
The value of this object is a concatenation of zero or
|
|
more 4-octet strings, where each 4-octet string represents
|
|
a 32-bit 'cAAASvrGrpIndex' value of server group
|
|
('cAAASvrExtSvrGrpConfigTable') in network byte order.
|
|
The order in which Server Groups occur within the value of
|
|
this object determines the Server Group priority in the
|
|
list.
|
|
The maximum number of Server Groups that can be
|
|
specified in this row is limited by
|
|
'cAAASvrExtAppToSvrGrpMaxEnt' value."
|
|
::= { cAAASvrExtAppSvrGrpConfigEntry 6 }
|
|
--
|
|
-- Conformance
|
|
--
|
|
|
|
ciscoAAASvrExtMIBCompliances OBJECT IDENTIFIER
|
|
::= { ciscoAAASvrExtMIBConformance 1 }
|
|
ciscoAAASvrExtMIBGroups OBJECT IDENTIFIER
|
|
::= { ciscoAAASvrExtMIBConformance 2 }
|
|
|
|
ciscoAAAServerMIBCompliance MODULE-COMPLIANCE
|
|
STATUS deprecated -- superceede by
|
|
-- ciscoAAAServerMIBCompliance1
|
|
DESCRIPTION
|
|
"The compliance statement for entities which implement the
|
|
CISCO-AAA-SERVER-EXT-MIB."
|
|
MODULE
|
|
MANDATORY-GROUPS { cAAASvrExtGenericConfGroup,
|
|
cAAASvrExtSvrTableConfGroup,
|
|
cAAASvrExtProtoParamConfigGroup }
|
|
GROUP cAAASvrExtSvrGroupConfGroup
|
|
DESCRIPTION
|
|
"This group is required only if the Server Group
|
|
configuration is implemented by the agent."
|
|
GROUP cAAASvrExtAppSvrGroupConfGroup
|
|
DESCRIPTION
|
|
"This group is required only if the Server Group
|
|
and application-to-server group mapping configuration
|
|
is implemented by the agent."
|
|
::= { ciscoAAASvrExtMIBCompliances 1 }
|
|
|
|
ciscoAAAServerMIBCompliance1 MODULE-COMPLIANCE
|
|
STATUS deprecated -- superceede by
|
|
-- ciscoAAAServerMIBCompliance2
|
|
|
|
DESCRIPTION
|
|
"The compliance statement for entities which implement the
|
|
CISCO-AAA-SERVER-EXT-MIB."
|
|
MODULE
|
|
MANDATORY-GROUPS { cAAASvrExtGenericConfGroup1,
|
|
cAAASvrExtSvrTableConfGroup,
|
|
cAAASvrExtProtoParamConfigGroup }
|
|
GROUP cAAASvrExtSvrGroupConfGroup
|
|
DESCRIPTION
|
|
"This group is required only if the Server Group
|
|
configuration is implemented by the agent."
|
|
GROUP cAAASvrExtAppSvrGroupConfGroup
|
|
DESCRIPTION
|
|
"This group is required only if the Server Group
|
|
and application-to-server group mapping configuration
|
|
is implemented by the agent."
|
|
::= { ciscoAAASvrExtMIBCompliances 2 }
|
|
|
|
ciscoAAAServerMIBCompliance2 MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for entities which implement the
|
|
CISCO-AAA-SERVER-EXT-MIB."
|
|
MODULE
|
|
MANDATORY-GROUPS { cAAASvrExtGenericConfGroup1,
|
|
cAAASvrExtSvrTableConfGroup,
|
|
cAAASvrExtProtoParamConfigGroup1 }
|
|
GROUP cAAASvrExtSvrGroupConfGroup2
|
|
DESCRIPTION
|
|
"This group is required only if the Server Group
|
|
configuration is implemented by the agent."
|
|
GROUP cAAASvrExtAppSvrGroupConfGroup
|
|
DESCRIPTION
|
|
"This group is required only if the Server Group
|
|
and application-to-server group mapping configuration
|
|
is implemented by the agent."
|
|
GROUP cAAASvrExtSvrTableLDAPConfGroup
|
|
DESCRIPTION
|
|
"This group is required only if AAA is
|
|
supported using LDAP protocol."
|
|
GROUP cAAASvrExtSvrGroupLDAPConfGroup
|
|
DESCRIPTION
|
|
"This group is required only if AAA is
|
|
supported using LDAP protocol."
|
|
GROUP cAAASvrExtSvrMonitorConfGroup
|
|
DESCRIPTION
|
|
"This group is required only if the Server Monitoring
|
|
configuration is implemented by the agent."
|
|
GROUP cAAASvrExtGenericConfGroup2
|
|
DESCRIPTION
|
|
"This group is required only if MSCHAP authentication
|
|
can be enabled/disabled."
|
|
::= { ciscoAAASvrExtMIBCompliances 3 }
|
|
--
|
|
-- Units of Conformance
|
|
--
|
|
|
|
cAAASvrExtGenericConfGroup OBJECT-GROUP
|
|
OBJECTS { cAAASvrExtLocalAccLogMaxSize }
|
|
STATUS deprecated -- superceeded by
|
|
-- cAAASvrExtGenericConfGroup1
|
|
DESCRIPTION
|
|
"A collection of objects Generic configuration."
|
|
::= { ciscoAAASvrExtMIBGroups 1 }
|
|
|
|
cAAASvrExtSvrTableConfGroup OBJECT-GROUP
|
|
OBJECTS { cAAAServerAddrType,
|
|
cAAAServerAddr,
|
|
cAAAServerKeyEncrType,
|
|
cAAAServerDeadTime,
|
|
cAAAServerTimeOut,
|
|
cAAAServerRetransmits }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects for AAA Server configuration."
|
|
::= { ciscoAAASvrExtMIBGroups 2 }
|
|
|
|
cAAASvrExtProtoParamConfigGroup OBJECT-GROUP
|
|
OBJECTS { cAAAServerProtoAuthKey,
|
|
cAAAServerProtoKeyEncrType,
|
|
cAAAServerProtoDeadTime,
|
|
cAAAServerProtoTimeOut,
|
|
cAAAServerProtoRetransmits,
|
|
cAAAServerProtoSvrTableMaxEnt
|
|
}
|
|
STATUS deprecated -- replaced by
|
|
-- cAAASvrExtProtoParamConfigGroup1
|
|
DESCRIPTION
|
|
"A collection of objects for AAA per-protocol parameter
|
|
configuration."
|
|
::= { ciscoAAASvrExtMIBGroups 3 }
|
|
|
|
cAAASvrExtSvrGroupConfGroup OBJECT-GROUP
|
|
OBJECTS { cAAASvrGrpName,
|
|
cAAASvrGrpProtocol,
|
|
cAAAServerList,
|
|
cAAASvrGrpConfigRowStatus,
|
|
cAAASvrExtSvrGrpSvrListMaxEnt }
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"A collection of objects for AAA Server Group
|
|
configuration."
|
|
::= { ciscoAAASvrExtMIBGroups 4 }
|
|
|
|
cAAASvrExtAppSvrGroupConfGroup OBJECT-GROUP
|
|
OBJECTS { cAAASvrGrpLocal,
|
|
cAAASvrGrpTrivial,
|
|
cAAASvrGrpList,
|
|
cAAASvrExtAppToSvrGrpMaxEnt }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects for Application-to-Server
|
|
Group mapping configuration."
|
|
::= { ciscoAAASvrExtMIBGroups 5 }
|
|
|
|
cAAASvrExtGenericConfGroup1 OBJECT-GROUP
|
|
OBJECTS { cAAASvrExtLocalAccLogMaxSize,
|
|
cAAASvrExtClearAccLog }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects Generic configuration."
|
|
::= { ciscoAAASvrExtMIBGroups 6 }
|
|
|
|
cAAASvrExtGenericConfGroup2 OBJECT-GROUP
|
|
OBJECTS { cAAALoginAuthTypeMSCHAP }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects Generic configuration."
|
|
::= { ciscoAAASvrExtMIBGroups 7 }
|
|
|
|
cAAASvrExtSvrGroupConfGroup2 OBJECT-GROUP
|
|
OBJECTS { cAAASvrGrpName,
|
|
cAAASvrGrpProtocol,
|
|
cAAAServerList,
|
|
cAAASvrGrpConfigRowStatus,
|
|
cAAASvrExtSvrGrpSvrListMaxEnt,
|
|
cAAASvrGrpConfigDeadTime
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects for AAA Server Group
|
|
configuration."
|
|
::= { ciscoAAASvrExtMIBGroups 8 }
|
|
|
|
cAAASvrExtProtoParamConfigGroup1 OBJECT-GROUP
|
|
OBJECTS { cAAAServerProtoAuthKey,
|
|
cAAAServerProtoKeyEncrType,
|
|
cAAAServerProtoDeadTime,
|
|
cAAAServerProtoTimeOut,
|
|
cAAAServerProtoRetransmits,
|
|
cAAAServerProtoSvrTableMaxEnt,
|
|
cAAAServerProtoDirectedReq
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects for AAA per-protocol parameter
|
|
configuration."
|
|
::= { ciscoAAASvrExtMIBGroups 9 }
|
|
|
|
cAAASvrExtSvrTableLDAPConfGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cAAAServerRootDN
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects for AAA Server using
|
|
LDAP protocol."
|
|
::= { ciscoAAASvrExtMIBGroups 10 }
|
|
|
|
cAAASvrExtSvrGroupLDAPConfGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cAAASvrGrpLDAPBaseDN,
|
|
cAAASvrGrpLDAPFilterUser,
|
|
cAAASvrGrpLDAPUserProfile
|
|
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects for LDAP Server Group
|
|
configuration."
|
|
::= { ciscoAAASvrExtMIBGroups 11 }
|
|
|
|
cAAASvrExtSvrMonitorConfGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cAAAServerIdleTime,
|
|
cAAAServerTestUser,
|
|
cAAAServerTestPassword
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects for configuring AAA Server
|
|
monitoring."
|
|
::= { ciscoAAASvrExtMIBGroups 12 }
|
|
|
|
END
|
|
|