CISCO-RADIUS-MIB

File: CISCO-RADIUS-MIB.mib (44504 bytes)

Imported modules

SNMPv2-SMI SNMPv2-CONF SNMPv2-TC
INET-ADDRESS-MIB SNMP-FRAMEWORK-MIB CISCO-TC
CISCO-SMI

Imported symbols

MODULE-IDENTITY NOTIFICATION-TYPE OBJECT-TYPE
Unsigned32 MODULE-COMPLIANCE NOTIFICATION-GROUP
OBJECT-GROUP RowStatus TEXTUAL-CONVENTION
TruthValue InetAddressType InetAddress
SnmpAdminString TimeIntervalMin TimeIntervalSec
CiscoPort ciscoMgmt

Defined Types

CiscoRadiusAuthKey  
TEXTUAL-CONVENTION    
  current STRING Size(0..65)

CiscoRadiusRoundTripTimePercent  
TEXTUAL-CONVENTION    
  current Unsigned32 1..100

CiscoRadiusRetransPercent  
TEXTUAL-CONVENTION    
  current Unsigned32 1..100

CrRadiusServerEntry  
SEQUENCE    
  crRadiusServerIndex Unsigned32
  crRadiusServerAddrType InetAddressType
  crRadiusServerAddr InetAddress
  crRadiusServerAuthPort CiscoPort
  crRadiusServerAcctPort CiscoPort
  crRadiusServerKey CiscoRadiusAuthKey
  crRadiusServerType INTEGER
  crRadiusServerMode INTEGER
  crRadiusServerRowStatus RowStatus
  crRadiusServerRTTThldNorm CiscoRadiusRoundTripTimePercent
  crRadiusServerRTTThldHi CiscoRadiusRoundTripTimePercent
  crRadiusServerRetransThldNorm CiscoRadiusRetransPercent
  crRadiusServerRetransThldHi CiscoRadiusRetransPercent

CrVlanGroupEntry  
SEQUENCE    
  crVlanGroupName SnmpAdminString
  crVlanGroupVlansLow STRING
  crVlanGroupVlansHigh STRING
  crVlanGroupRowStatus RowStatus

CrRadiusKeepAliveServerEntry  
SEQUENCE    
  crRadiusKeepAliveServerStatus INTEGER

Defined Values

ciscoRadiusMIB 1.3.6.1.4.1.9.9.288
MIB module for monitoring and configuring authentication and logging services using RADIUS (Remote Authentication Dial In User Service) related objects. The RADIUS (RFC2865) framework consists of clients and servers. A client is responsible for passing user information to designated RADIUS servers, and then acting on the response which is returned. RADIUS server is responsible for receiving user connection requests, authenticating the user, and then returning all configuration information necessary for the client to deliver service to the user. This MIB module also contains objects for enabling/disabling telnet and SSH (Secure Shell) authentication. Secure Shell is program which is used to log into another machine over a secured session.
MODULE-IDENTITY    

ciscoRadiusMIBObjects 1.3.6.1.4.1.9.9.288.1
OBJECT IDENTIFIER    

ciscoRadiusMIBConformance 1.3.6.1.4.1.9.9.288.2
OBJECT IDENTIFIER    

crRadiusGenericConfig 1.3.6.1.4.1.9.9.288.1.1
OBJECT IDENTIFIER    

crRadiusServerConfig 1.3.6.1.4.1.9.9.288.1.2
OBJECT IDENTIFIER    

crRadiusAttributesConfig 1.3.6.1.4.1.9.9.288.1.3
OBJECT IDENTIFIER    

crRadiusVlanConfigGroup 1.3.6.1.4.1.9.9.288.1.4
OBJECT IDENTIFIER    

crRadiusKeepAliveConfig 1.3.6.1.4.1.9.9.288.1.5
OBJECT IDENTIFIER    

crRadiusServerNotifCntl 1.3.6.1.4.1.9.9.288.1.6
OBJECT IDENTIFIER    

ciscoRadiusMIBNotifications 1.3.6.1.4.1.9.9.288.3
OBJECT IDENTIFIER    

crRadiusLoginAuthentication 1.3.6.1.4.1.9.9.288.1.1.1
The login authentication using RADIUS feature is enabled for telnet/SSH sessions if the 'telnet (0) ' bit is set, and disabled if this bit is reset. The login authentication using RADIUS feature is enabled for console sessions if the 'console (1) ' bit is set, and disabled if this bit is reset. The login authentication using RADIUS feature is enabled for remote web sessions if the 'http (2) ' bit is set, and disabled if this bit is reset.
OBJECT-TYPE    
  BITS telnet(0), console(1), http(2)  

crRadiusDeadtime 1.3.6.1.4.1.9.9.288.1.1.2
Indicates the length of time in minutes that the system will mark the server dead when a RADIUS server does not respond to an authentication request. During the interval of the dead time, any authentication request that comes up would not be sent to that RADIUS server that was marked as dead. The default value of 0 means that the RADIUS servers will not be marked dead if they do not respond.
OBJECT-TYPE    
  TimeIntervalMin 0..1440  

crRadiusAuthKey 1.3.6.1.4.1.9.9.288.1.1.3
The key used in encrypting the packets passed between the RADIUS server and the client. This key must match the one configured on the server. A zero-length string is always returned when this object is read.
OBJECT-TYPE    
  CiscoRadiusAuthKey  

crRadiusTimeout 1.3.6.1.4.1.9.9.288.1.1.4
This is the time in seconds between retransmissions to the RADIUS server.
OBJECT-TYPE    
  TimeIntervalSec 1..1000  

crRadiusRetransmits 1.3.6.1.4.1.9.9.288.1.1.5
The additional number of times the RADIUS server should be tried by the RADIUS client before giving up on the server.
OBJECT-TYPE    
  Unsigned32 0..100  

crRadiusAccountingLogMaxSize 1.3.6.1.4.1.9.9.288.1.1.6
The maximum size of the accounting log file in bytes. The log file is stored on local persistent storage at the device. If the size is set to a smaller value than the existing one, then smaller log will be available for view by the user.
OBJECT-TYPE    
  Unsigned32 0..30000  

crRadiusAccountingMethod 1.3.6.1.4.1.9.9.288.1.1.7
The accounting method on the device. If bit 0 is set, the accounting method is RADIUS. If bit 1 is set, then the accounting method is local. It is possible for the user to set both the bits so that both the RADIUS as well as local accounting methods are used. It is also possible to set none of the methods; in this case the switch will not do any accounting.
OBJECT-TYPE    
  BITS radius(0), local(1)  

crRadiusFramedIpAddrIncluded 1.3.6.1.4.1.9.9.288.1.3.1
Specifies if Access-Request packets will include Framed-IP-Address attributes.
OBJECT-TYPE    
  TruthValue  

crRadiusFramedMtu 1.3.6.1.4.1.9.9.288.1.3.2
Specifies the Framed-MTU attribute value to be sent to the RADIUS server.
OBJECT-TYPE    
  Unsigned32  

crRadiusServerTableMaxEntries 1.3.6.1.4.1.9.9.288.1.2.1
The maximum number of entries that the agent supports in the crRadiusServerTable.
OBJECT-TYPE    
  Unsigned32 0..65536  

crRadiusServerTable 1.3.6.1.4.1.9.9.288.1.2.2
This table lists RADIUS servers.
OBJECT-TYPE    
  SEQUENCE OF  
    CrRadiusServerEntry

crRadiusServerEntry 1.3.6.1.4.1.9.9.288.1.2.2.1
A RADIUS server table entry. Users can add/delete entries in this table using object 'crRadiusServerRowStatus'. An entry cannot be created until following objects are instantiated : - crRadiusServerAddrType - crRadiusServerAddr Also, following objects cannot be modified when 'crRadiusServerRowStatus' is 'active' : - crRadiusServerAddrType - crRadiusServerAddr To modify above objects, the entry must be deleted and re-created with new values of above objects. If 'crRadiusServerKey' is not instantiated or is a zero-length string, then value of the object 'crRadiusAuthkey' is used as the key to communicate with the corresponding RADIUS server.
OBJECT-TYPE    
  CrRadiusServerEntry  

crRadiusServerIndex 1.3.6.1.4.1.9.9.288.1.2.2.1.1
An arbitrary integer value, greater than zero, and less than and equal to crRadiusServerTableMaxEntries, which identifies a RADIUS Server in this table. The value of this object must be persistent across reboots/reinitialization of the device.
OBJECT-TYPE    
  Unsigned32 1..4294967295  

crRadiusServerAddrType 1.3.6.1.4.1.9.9.288.1.2.2.1.2
The type of address of the RADIUS Server as specified by object 'crRadiusServerAddr'.
OBJECT-TYPE    
  InetAddressType  

crRadiusServerAddr 1.3.6.1.4.1.9.9.288.1.2.2.1.3
The address of the RADIUS Server.
OBJECT-TYPE    
  InetAddress  

crRadiusServerAuthPort 1.3.6.1.4.1.9.9.288.1.2.2.1.4
This is the destination UDP port number to which RADIUS authentication messages should be sent. The RADIUS server will not be used for authentication if this port number is 0.
OBJECT-TYPE    
  CiscoPort  

crRadiusServerAcctPort 1.3.6.1.4.1.9.9.288.1.2.2.1.5
This is the destination UDP port number to which RADIUS accounting messages should be sent.
OBJECT-TYPE    
  CiscoPort  

crRadiusServerKey 1.3.6.1.4.1.9.9.288.1.2.2.1.6
The key used in encrypting the packets passed between the RADIUS server and the client. This key must match the one configured on the server. A zero-length string is always returned when this object is read. Note that if this object is a zero length string, then 'crRadiusAuthKey' is used as the key for this server.
OBJECT-TYPE    
  CiscoRadiusAuthKey  

crRadiusServerType 1.3.6.1.4.1.9.9.288.1.2.2.1.7
Type of the RADIUS server. other (1), - a lower priority server primary (2) - the primary server which is tried first by the RADIUS client.
OBJECT-TYPE    
  INTEGER other(1), primary(2)  

crRadiusServerMode 1.3.6.1.4.1.9.9.288.1.2.2.1.8
Mode of the RADIUS server. none (1) - neither authentication nor accounting authAndAcct (2) - both authentication and accounting authOnly (3) - only for authentication acctOnly (4) - only for accounting.
OBJECT-TYPE    
  INTEGER none(1), authAndAcct(2), authOnly(3), acctOnly(4)  

crRadiusServerRowStatus 1.3.6.1.4.1.9.9.288.1.2.2.1.9
Status of this row.
OBJECT-TYPE    
  RowStatus  

crRadiusServerRTTThldNorm 1.3.6.1.4.1.9.9.288.1.2.2.1.10
This object represents the normal threshold on the round-trip time of RADIUS authentication messages. This is measured as a percentage of configured round-trip time as per RFC-2865. If the round-trip time is less than or equal to this threshold, the agent generates the crRadiusServerRTTNormNotif notification. The value configured through this object should never be greater than that configured through crRadiusServerRTTThldHi.
OBJECT-TYPE    
  CiscoRadiusRoundTripTimePercent  

crRadiusServerRTTThldHi 1.3.6.1.4.1.9.9.288.1.2.2.1.11
This object represents the high threshold on the round-trip time of RADIUS authentication messages. This is measured as a percentage of configured round-trip time as per RFC-2865. If the round-trip time is greater than or equal to this threshold, the agent generates the crRadiusServerRTTHiNotif notification. The value configured through this object should never be smaller than that configured through crRadiusServerRTTThldNorm.
OBJECT-TYPE    
  CiscoRadiusRoundTripTimePercent  

crRadiusServerRetransThldNorm 1.3.6.1.4.1.9.9.288.1.2.2.1.12
This object represents the normal threshold on the retransmitted RADIUS authentication messages per session. This is measured as a percentage of crRadiusRetransmits. If the number of retransmits is less than or equal to this threshold, the agent generates the crRadiusServerRetransNormNotif notification. The value configured through this object should never be greater than that configured through crRadiusServerRetransThldHi.
OBJECT-TYPE    
  CiscoRadiusRetransPercent  

crRadiusServerRetransThldHi 1.3.6.1.4.1.9.9.288.1.2.2.1.13
This object represents the high threshold on the retransmitted RADIUS authentication messages per session. This is measured as a percentage of crRadiusRetransmits. If the number of retransmits is greater than or equal to this threshold, the agent generates the crRadiusServerRetransHiNotif notification. The value configured through this object should never be smaller than that configured through crRadiusServerRetransThldNorm.
OBJECT-TYPE    
  CiscoRadiusRetransPercent  

crRadiusVlanAssignmentEnabled 1.3.6.1.4.1.9.9.288.1.4.1
Specifies if VLANs will be assigned by RADIUS server via the tunnel attribute during the authentication.
OBJECT-TYPE    
  TruthValue  

crVlanGroupTable 1.3.6.1.4.1.9.9.288.1.4.2
A table containing VLAN Group Mapping information for the purpose of distributing users across multiple VLANs which have the same group name.
OBJECT-TYPE    
  SEQUENCE OF  
    CrVlanGroupEntry

crVlanGroupEntry 1.3.6.1.4.1.9.9.288.1.4.2.1
An entry containing an VLAN Group Mapping information applicable to a particular VLAN. Entries in this table can be created or deleted using cpaeVlanGroupRowStatus object.
OBJECT-TYPE    
  CrVlanGroupEntry  

crVlanGroupName 1.3.6.1.4.1.9.9.288.1.4.2.1.1
Specifies the name of the VLAN group.
OBJECT-TYPE    
  SnmpAdminString  

crVlanGroupVlansLow 1.3.6.1.4.1.9.9.288.1.4.2.1.2
A string of octets containing one bit per VLAN for VLANs with VlanIndex value of 0 to 2047. Each octet within this value specifies a set of eight VLANs, with the first octet specifying VLANs 0 through 7, the second octet specifying VLANs 8 through 15, etc. Within each octet, the most significant bit represents the lowest numbered VLAN, and the least significant bit represents the highest numbered VLAN. Thus, each VLAN of the device is represented by a single bit within the value of this object. If that bit has a value of '1' then that VLAN is included in the group; the VLAN is not mapped to the group if its bit has a value of '0'.
OBJECT-TYPE    
  STRING Size(0..256)  

crVlanGroupVlansHigh 1.3.6.1.4.1.9.9.288.1.4.2.1.3
A string of octets containing one bit per VLAN for VLANs with VlanIndex value of 2048 to 4095. Each octet within this value specifies a set of eight VLANs, with the first octet specifying VLANs 2048 through 2055, the second octet specifying VLANs 2056 through 2063, etc. Within each octet, the most significant bit represents the lowest numbered VLAN, and the least significant bit represents the highest numbered VLAN. Thus, each VLAN of the device is represented by a single bit within the value of this object. If that bit has a value of '1' then that VLAN is included in the group; the VLAN is not mapped to the group if its bit has a value of '0'.
OBJECT-TYPE    
  STRING Size(0..256)  

crVlanGroupRowStatus 1.3.6.1.4.1.9.9.288.1.4.2.1.4
This object is used to manage the creation and deletion of rows in this table. The only way to create an entry is by setting the value createAndGo(4), and the only way to delete an entry is by setting the value destroy(6) to this object.
OBJECT-TYPE    
  RowStatus  

crRadiusKeepAliveEnabled 1.3.6.1.4.1.9.9.288.1.5.1
Specifies whether RADIUS keep-alive feature is enabled or not.
OBJECT-TYPE    
  TruthValue  

crRadiusKeepAliveInterval 1.3.6.1.4.1.9.9.288.1.5.2
Specifies the RADIUS keep-alive interval value. When the object value of crRadiusKeepAliveEnabled is 'true', a tracking message is sent to every configured RADIUS server at the interval of crRadiusKeepAliveInterval to query the status of the server.
OBJECT-TYPE    
  Unsigned32  

crRadiusKeepAliveServerTable 1.3.6.1.4.1.9.9.288.1.5.3
This table contains the keep-alive information on every RADIUS server configured on the system.
OBJECT-TYPE    
  SEQUENCE OF  
    CrRadiusKeepAliveServerEntry

crRadiusKeepAliveServerEntry 1.3.6.1.4.1.9.9.288.1.5.3.1
An entry containing keep-alive information of a corresponding RADIUS server configured in crRadiusServerTable.
OBJECT-TYPE    
  CrRadiusKeepAliveServerEntry  

crRadiusKeepAliveServerStatus 1.3.6.1.4.1.9.9.288.1.5.3.1.1
Indicates the current keep-alive status of the RADIUS server. other : none of the following. init : the server is in init state. active : the server is in active state. checkup: the server is in checkup state. dead : the server is in dead state. This object is only instantiated when the corresponding instance value of crRadiusServerRowStatus is 'active' and the object value of crRadiusKeepAliveEnabled is 'true'.
OBJECT-TYPE    
  INTEGER other(1), init(2), active(3), checkup(4), dead(5)  

crRadiusPortAutoInitialize 1.3.6.1.4.1.9.9.288.1.5.4
Specifies whether a port's state machines will be re- initialized if their state machines are in 'aaaFail' when a RADIUS server becomes available.
OBJECT-TYPE    
  TruthValue  

crRadiusKeepAliveUserName 1.3.6.1.4.1.9.9.288.1.5.5
Specifies the user name used in keep-alive communication with RADIUS server.
OBJECT-TYPE    
  SnmpAdminString  

crRadiusServerRTTNormNotifEnable 1.3.6.1.4.1.9.9.288.1.6.1
This object is used to control the generation of crRadiusServerRTTNormNotif notification. A value of 'true' indicates that the notification will be generated when the current server round-trip time is less than or equal to crRadiusServerRTTThldNorm.
OBJECT-TYPE    
  TruthValue  

crRadiusServerRTTHiNotifEnable 1.3.6.1.4.1.9.9.288.1.6.2
This object is used to control the generation of crRadiusServerRTTHiNotif notification. A value of 'true' indicates that the notification will be generated when the current server round-trip time is greater than or equal to crRadiusServerRTTThldHi.
OBJECT-TYPE    
  TruthValue  

crRadiusServerRetransNormNotifEnable 1.3.6.1.4.1.9.9.288.1.6.3
This object is used to control the generation of crRadiusServerRetransNormNotif notification. A value of 'true' indicates that the notification will be generated when the current number of server retransmissions are less than or equal to crRadiusServerRetransThldNorm.
OBJECT-TYPE    
  TruthValue  

crRadiusServerRetransHiNotifEnable 1.3.6.1.4.1.9.9.288.1.6.4
This object is used to control the generation of crRadiusServerRetransHiNotif notification. A value of 'true' indicates that the notification will be generated when the current number of server retransmissions are greater than or equal to crRadiusServerRetransThldHi.
OBJECT-TYPE    
  TruthValue  

crRadiusServerRTTNormNotif 1.3.6.1.4.1.9.9.288.3.1
This notification indicates that the current server round-trip time is less than or equal to crRadiusServerRTTThldNorm. Once sent, this notification will be disarmed until the round-trip time exceeds the value configured through crRadiusServerRTTThldHi.
NOTIFICATION-TYPE    

crRadiusServerRTTHiNotif 1.3.6.1.4.1.9.9.288.3.2
This notification indicates that the current server round-trip time is greater than or equal to crRadiusServerRTTThldHi. Once sent, this notification will be disarmed until the round-trip time falls below the value configured through crRadiusServerRTTThldNorm.
NOTIFICATION-TYPE    

crRadiusServerRetransNormNotif 1.3.6.1.4.1.9.9.288.3.3
This notification indicates that the current number of server retransmissions are less than or equal to crRadiusServerRetransThldNorm. Once sent, this notification will be disarmed until the number of retransmissions exceed the value configured through crRadiusServerRetransThldHi.
NOTIFICATION-TYPE    

crRadiusServerRetransHiNotif 1.3.6.1.4.1.9.9.288.3.4
This notification indicates that the current number of server retransmissions are greater than or equal to crRadiusServerRetransThldHi. Once sent, this notification will be disarmed until the number of retransmissions falls below the value configured through crRadiusServerRetransThldNorm.
NOTIFICATION-TYPE    

ciscoRadiusMIBCompliances 1.3.6.1.4.1.9.9.288.2.1
OBJECT IDENTIFIER    

ciscoRadiusMIBGroups 1.3.6.1.4.1.9.9.288.2.2
OBJECT IDENTIFIER    

ciscoRadiusMIBCompliance 1.3.6.1.4.1.9.9.288.2.1.1
Only read-only access is needed to be implemented.
MODULE-COMPLIANCE    
  crRadiusTimeout TimeIntervalSec 1..60
  crRadiusRetransmits Unsigned32 0..5
  crRadiusServerAddrType INTEGER ipv4(1), dns(16)
  crRadiusServerRowStatus INTEGER active(1), createAndGo(4), destroy(6)

ciscoRadiusMIBCompliance2 1.3.6.1.4.1.9.9.288.2.1.2
Only read-only access is needed to be implemented.
MODULE-COMPLIANCE    
  crRadiusTimeout TimeIntervalSec 1..60
  crRadiusRetransmits Unsigned32 0..5
  crRadiusServerAddrType INTEGER ipv4(1), dns(16)
  crRadiusServerRowStatus INTEGER active(1), createAndGo(4), destroy(6)

ciscoRadiusMIBCompliance3 1.3.6.1.4.1.9.9.288.2.1.3
Only read-only access is needed to be implemented.
MODULE-COMPLIANCE    
  crRadiusTimeout TimeIntervalSec 1..60
  crRadiusRetransmits Unsigned32 0..5
  crRadiusServerAddrType INTEGER ipv4(1), dns(16)
  crRadiusServerRowStatus INTEGER active(1), createAndGo(4), destroy(6)

ciscoRadiusMIBCompliance4 1.3.6.1.4.1.9.9.288.2.1.4
Only read-only access is needed to be implemented.
MODULE-COMPLIANCE    
  crRadiusTimeout TimeIntervalSec 1..60
  crRadiusRetransmits Unsigned32 0..5
  crRadiusServerAddrType INTEGER ipv4(1), dns(16)
  crRadiusServerRowStatus INTEGER active(1), createAndGo(4), destroy(6)

crmConfigurationGroup 1.3.6.1.4.1.9.9.288.2.2.1
A collection of objects for RADIUS configuration.
OBJECT-GROUP    

crmAttributesGroup 1.3.6.1.4.1.9.9.288.2.2.2
A collection of objects for RADIUS attributes configuration.
OBJECT-GROUP    

crmVlanConfigGroup 1.3.6.1.4.1.9.9.288.2.2.3
A collection of objects for RADIUS Vlans assignment configuration.
OBJECT-GROUP    

crmKeepAliveGroup 1.3.6.1.4.1.9.9.288.2.2.4
A collection of objects for RADIUS keep-alive information.
OBJECT-GROUP    

crmAutoInitializeConfigGroup 1.3.6.1.4.1.9.9.288.2.2.5
A collection of objects for RADIUS auto initialize configuration.
OBJECT-GROUP    

crmAttributesGroup2 1.3.6.1.4.1.9.9.288.2.2.6
A collection of additional objects for RADIUS attributes configuration.
OBJECT-GROUP    

crmRadiusKeepAliveUserGroup 1.3.6.1.4.1.9.9.288.2.2.7
A collection of objects for RADIUS keep-alive user configuration.
OBJECT-GROUP    

crmRadiusServerNotifGroup 1.3.6.1.4.1.9.9.288.2.2.8
This collection of notifications is used to monitor the responsiveness of the RADIUS server.
NOTIFICATION-GROUP    

crmConfigurationGroupSup1 1.3.6.1.4.1.9.9.288.2.2.9
This group supplements crmConfigurationGroup, to configure the thresholds on the round-trip times and retransmission counts.
OBJECT-GROUP    

crmRadiusServerNotifCntlGroup 1.3.6.1.4.1.9.9.288.2.2.10
This collection of objects control the generation of notifications related to RADIUS server.
OBJECT-GROUP