CISCO-AAA-CLIENT-MIB

File: CISCO-AAA-CLIENT-MIB.mib (15050 bytes)

Imported modules

SNMPv2-SMI SNMPv2-CONF SNMPv2-TC
CISCO-SMI

Imported symbols

MODULE-IDENTITY OBJECT-TYPE Integer32
MODULE-COMPLIANCE OBJECT-GROUP TEXTUAL-CONVENTION
TruthValue ciscoMgmt

Defined Types

SessionType  
TEXTUAL-CONVENTION    
  current INTEGER telnet(1), console(2), http(3)

AuthenMethod  
TEXTUAL-CONVENTION    
  current INTEGER tacacs(1), radius(2), kerberos(3), local(4)

LoginMode  
TEXTUAL-CONVENTION    
  current INTEGER login(1), enable(2)

CacPriorityEntry  
SEQUENCE    
  cacSession SessionType
  cacAuthen AuthenMethod
  cacLoginMode LoginMode
  cacEnable TruthValue
  cacPriorityNumber Integer32
  cacPrimaryMethod TruthValue

CacLoginConfigEntry  
SEQUENCE    
  cacMaxLoginAttempt Integer32
  cacLockoutPeriod Integer32
  cacLockoutPeriodExt Integer32

Defined Values

ciscoAAAClientMIB 1.3.6.1.4.1.9.9.158
This MIB module provides data for authentication method priority based on Authentication, Authorization, Accounting (AAA) protocols. References: The TACACS+ Protocol Version 1.78, Internet Draft RFC 1411 Telnet Authentication: Kerberos Version 4. RFC 1964 The Kerberos Version 5 GSS-API Mechanism.
MODULE-IDENTITY    

cacMIBObjects 1.3.6.1.4.1.9.9.158.1
OBJECT IDENTIFIER    

cacPriority 1.3.6.1.4.1.9.9.158.1.1
OBJECT IDENTIFIER    

cacLoginConfig 1.3.6.1.4.1.9.9.158.1.2
OBJECT IDENTIFIER    

cacPriorityTable 1.3.6.1.4.1.9.9.158.1.1.1
This table contains entries for AAA authentication methods configured in the system. At startup, agent set up all the entries of the table. All authentication methods will be disabled except local authentication will be enabled for each session type and login mode. Users later can enable/disable a specific authentication method through cacEnable object. The following table describes the startup state of each authentication method and session type in normal login mode and enable login mode. AuthenMethod Console Session Telnet Session Http Session ------------ ---------------- ---------------- ------------ tacacs disabled disabled disabled radius disabled disabled disabled kerberos disabled disabled disabled local enabled(*) enabled(*) enabled(*) (*) denotes primary method.
OBJECT-TYPE    
  SEQUENCE OF  
    CacPriorityEntry

cacPriorityEntry 1.3.6.1.4.1.9.9.158.1.1.1.1
An entry containing the priority number of an authentication method used in a session.
OBJECT-TYPE    
  CacPriorityEntry  

cacSession 1.3.6.1.4.1.9.9.158.1.1.1.1.1
This is the session type used to connect to the network device.
OBJECT-TYPE    
  SessionType  

cacAuthen 1.3.6.1.4.1.9.9.158.1.1.1.1.2
This is the authentication method used to authenticate users.
OBJECT-TYPE    
  AuthenMethod  

cacLoginMode 1.3.6.1.4.1.9.9.158.1.1.1.1.3
This is the login mode user used to login to the network device.
OBJECT-TYPE    
  LoginMode  

cacEnable 1.3.6.1.4.1.9.9.158.1.1.1.1.4
It indicates whether the authentication method denoted by cacAuthen is enabled or not. When this object is true(1), the authentication method denoted by cacAuthen is enabled. When this object is false(2), the authentication method denoted by cacAuthen is disabled. If the value of cacAuthen is local, the value of this object cannot be set to false(2).
OBJECT-TYPE    
  TruthValue  

cacPriorityNumber 1.3.6.1.4.1.9.9.158.1.1.1.1.5
This is the priority number of an authentication method to be used in user authentication for a session. This value is automatically assigned and reflects the relative priority of the authentication method denoted by cacAuthen with respected to already configured authentication methods. It is assigned in the order in which the authentication method is enabled by the user through cacEnable. The higher value has the higher priority. This object is used to determine the fallback order in case the primary authentication method indicated by cacPrimaryMethod failed. If the authentication method denoted by cacAuthen is disabled for the type of session denoted by cacSession, the value of this object is equal to 0.
OBJECT-TYPE    
  Integer32 0..4  

cacPrimaryMethod 1.3.6.1.4.1.9.9.158.1.1.1.1.6
It indicates whether the authentication method denoted by cacAuthen is the primary (first one to be tried) method when there are multiple authentication method configured. Setting this object to true(1) will make the authentication method denoted by cacAuthen to be the primary authentication method for the session denoted by cacSession. The previously configured primary method will be changed to false(2). Setting this object to false(2) is not allowed.
OBJECT-TYPE    
  TruthValue  

cacLoginConfigTable 1.3.6.1.4.1.9.9.158.1.2.1
A table that contains login configuration which is associated with this system.
OBJECT-TYPE    
  SEQUENCE OF  
    CacLoginConfigEntry

cacLoginConfigEntry 1.3.6.1.4.1.9.9.158.1.2.1.1
An entry containing the configuration of the login.
OBJECT-TYPE    
  CacLoginConfigEntry  

cacMaxLoginAttempt 1.3.6.1.4.1.9.9.158.1.2.1.1.1
Indicates the maximum number of login attempts allowed. Setting this variable to 0 will disable the attempt limit checking. If the login session type does not support this attempt limit checking, the value of this object can only be set to 0.
OBJECT-TYPE    
  Integer32 0 | 3..10  

cacLockoutPeriod 1.3.6.1.4.1.9.9.158.1.2.1.1.2
Indicates the lockout period after the maximum number of login attempt is met. For console, the console input will be frozen during this period. For remote logins, the connection will be closed and any subsequent access from that station will be closed during the lockout time. Setting this variable to 0 will disable the lockout. If the login session type does not support this lockout period, the value of this object can only be set to 0. If the lockout period is greater than the maximum value reportable by this object then this object should report its maximum value (600) and cacLockoutPeriodExt must be used to report the lockout period.
OBJECT-TYPE    
  Integer32 0 | 30..600  

cacLockoutPeriodExt 1.3.6.1.4.1.9.9.158.1.2.1.1.3
Specifies the lockout period after the maximum number of login attempt is met. For console, the console input will be frozen during this period. For remote logins, the connection will be closed and any subsequent access from that station will be closed during the lockout time. Setting this variable to 0 will disable the lockout. If the login session type does not support this lockout period, the value of this object can only be set to 0.
OBJECT-TYPE    
  Integer32 0 | 30..43200  

cacMIBNotifications 1.3.6.1.4.1.9.9.158.2
OBJECT IDENTIFIER    

cacMIBConformance 1.3.6.1.4.1.9.9.158.3
OBJECT IDENTIFIER    

cacMIBCompliances 1.3.6.1.4.1.9.9.158.3.1
OBJECT IDENTIFIER    

cacMIBGroups 1.3.6.1.4.1.9.9.158.3.2
OBJECT IDENTIFIER    

cacMIBCompliance 1.3.6.1.4.1.9.9.158.3.1.1
The compliance statement for entities which implement the CISCO AAA Client MIB
MODULE-COMPLIANCE    

cacMIBCompliance2 1.3.6.1.4.1.9.9.158.3.1.2
The compliance statement for entities which implement the CISCO AAA Client MIB
MODULE-COMPLIANCE    

cacPriorityGroup 1.3.6.1.4.1.9.9.158.3.2.1
A collection of objects providing the AAA client priority information.
OBJECT-GROUP    

cacLoginConfigGroup 1.3.6.1.4.1.9.9.158.3.2.2
A collection of objects providing the AAA client login configuration.
OBJECT-GROUP    

cacLoginConfigGroupRev1 1.3.6.1.4.1.9.9.158.3.2.3
A collection of objects providing the AAA client login configuration.
OBJECT-GROUP