ONEACCESS-AAA-MIB
File:
ONEACCESS-AAA-MIB.mib (23150 bytes)
Imported modules
Imported symbols
Defined Types
OacAAARadiusServerConfigEntry |
|
SEQUENCE |
|
|
|
|
oacAAARadiusServerInfo |
DisplayString |
|
|
oacAAARadiusServerPort |
INTEGER |
|
|
oacAAARadiusServerSharedKey |
OCTET STRING |
|
|
oacAAARadiusServerRetries |
INTEGER |
|
|
oacAAARadiusServerTimeout |
INTEGER |
|
|
oacAAARadiusServerInterface |
InterfaceIndex |
|
|
oacAAARadiusServerRowStatus |
RowStatus |
|
OacAAATacacsServerConfigEntry |
|
SEQUENCE |
|
|
|
|
oacAAATacacsServerInfo |
DisplayString |
|
|
oacAAATacacsServerPort |
INTEGER |
|
|
oacAAATacacsServerSharedKey |
OCTET STRING |
|
|
oacAAATacacsServerTimeout |
INTEGER |
|
|
oacAAATacacsServerInterface |
InterfaceIndex |
|
|
oacAAATacacsServerRowStatus |
RowStatus |
|
OacAAAAuthenticationServerConfigEntry |
|
SEQUENCE |
|
|
|
|
oacAAAAuthenticationFeature |
INTEGER |
|
|
oacAAAAuthenticationReqSrc |
INTEGER |
|
|
oacAAAAuthenticationSvrType |
OCTET STRING |
|
|
oacAAAAuthenticationServerRowStatus |
RowStatus |
|
OacAAAAuthenticationConfigBannerSeqEntry |
|
SEQUENCE |
|
|
|
|
oacAAAAuthenticationBannerSequence |
INTEGER |
|
|
oacAAAAuthenticationBannerString |
OCTET STRING |
|
|
oacAAAAuthenticationBannerSeqRowStatus |
RowStatus |
|
OacAAAGroupServerConfigEntry |
|
SEQUENCE |
|
|
|
|
oacAAAServerGroupName |
DisplayString |
|
|
oacAAAServerGroupType |
INTEGER |
|
|
oacAAAServerGroupServerInfo |
DisplayString |
|
|
oacAAAServerGroupRowStatus |
RowStatus |
|
OacAAAAccCmdsConfigEntry |
|
SEQUENCE |
|
|
|
|
oacAAAAccCmdAccessLevel |
INTEGER |
|
|
oacAAAAccTacacsGroupName |
DisplayString |
|
|
oacAAAAccCmdsRowStatus |
RowStatus |
|
Defined Values
oacAAAConfigMIB |
1.3.6.1.4.1.13191.1.100.690 |
Fixed the issues related to octet string range |
MODULE-IDENTITY |
|
|
|
oacAAARadiusServerConfigTable |
1.3.6.1.4.1.13191.10.3.4.10.1.1 |
Configuring Radius Server:
For the device to authenticate with an radius server
database, the following parameters have to be configured.
The cli command for adding a radius server details is
radius-server [] [ ]
The snmp table will contain the following attributes.
1) hostname or IP Address String
2) Radius Server Port Integer 1-65535
3) Shared Key String.
4) Retransmit Integer 1-100 default 3
5) Timeout Integer 1-600 default 3
6) Interface InterfaceIndex |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
OacAAARadiusServerConfigEntry |
|
oacAAARadiusServerConfigEntry |
1.3.6.1.4.1.13191.10.3.4.10.1.1.1 |
The Radius Server config entry will hold the details
of one radius servers configured for the client to
send the requests for authentication.
This table is indexed on oacAAARadiusServrInfo which can
be either an ipaddress or hostname of the Radius Server.
|
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
OacAAARadiusServerConfigEntry |
|
|
oacAAARadiusServerInfo |
1.3.6.1.4.1.13191.10.3.4.10.1.1.1.1 |
The Info can be an :
A.B.C.D IPv4 host address
A.B.C.D Ipv4 subnet
hostname Hostname. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
DisplayString |
|
|
oacAAARadiusServerPort |
1.3.6.1.4.1.13191.10.3.4.10.1.1.1.2 |
The default server port to which radius client will
connect to a radius server is 1812. But the user can
always specify the port to which the client should
connect when contacting the configured radius server. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
1..65535 |
|
oacAAARadiusServerSharedKey |
1.3.6.1.4.1.13191.10.3.4.10.1.1.1.3 |
Pre shared key between the radius client and server. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(8..255) |
|
oacAAARadiusServerRetries |
1.3.6.1.4.1.13191.10.3.4.10.1.1.1.4 |
The Client can do the configured number of retries to
this radius server before moving to the next radius server.
The default number of retries is 3. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
1..100 |
|
oacAAARadiusServerTimeout |
1.3.6.1.4.1.13191.10.3.4.10.1.1.1.5 |
The nummber of seconds to wait before to call a timeout.
The default value is 3 seconds. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
1..600 |
|
oacAAARadiusServerInterface |
1.3.6.1.4.1.13191.10.3.4.10.1.1.1.6 |
The interface for this device to use to contact the radius
server for auth requests. It is identified by the ifIndex.
Each interface/unit is identified by an ifIndex. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InterfaceIndex |
|
|
oacAAARadiusServerRowStatus |
1.3.6.1.4.1.13191.10.3.4.10.1.1.1.7 |
The Row status for an entry in the oacAAARadiusServerConfigTable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
oacAAARadiusConfigAccPort |
1.3.6.1.4.1.13191.10.3.4.10.1.2 |
Set the port for Radius accouting.
reset or deletion of this value is not possible
the port value can only be modified. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
1..65535 |
|
oacAAATacacsServerConfigTable |
1.3.6.1.4.1.13191.10.3.4.10.1.3 |
Configuring Tacacs client:
The cli to add tacacs server info for the tacacs client is
tacacs-server [] [ ]
Hence the snmp table for to hold the tacacs server info has the following
1) hostname or IP Address OCTET STRING
2) TACACs serverport Integer 1-65535
3) Shared Key OCTET STRING
4) Timeout integer 1-600 default 3
5) Interface InterfaceIndex |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
OacAAATacacsServerConfigEntry |
|
oacAAATacacsServerConfigEntry |
1.3.6.1.4.1.13191.10.3.4.10.1.3.1 |
An entry holds the information per tacacs server configured.
the entry is uniquely identified/indexed by the oacAAATacacsServerInfo
which can be either the IPv4 address or an hostname. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
OacAAATacacsServerConfigEntry |
|
|
oacAAATacacsServerInfo |
1.3.6.1.4.1.13191.10.3.4.10.1.3.1.1 |
The Info can be an :
A.B.C.D IPv4 host address
A.B.C.D Ipv4 subnet
hostname Hostname. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
DisplayString |
|
|
oacAAATacacsServerPort |
1.3.6.1.4.1.13191.10.3.4.10.1.3.1.2 |
The default for an tacacs client to connect to tacacs server
is 49. But this can vary depending on the server configuration.
Hence when a tacacs server is added the port on which this server
is running has to be specified. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
1..65535 |
|
oacAAATacacsServerSharedKey |
1.3.6.1.4.1.13191.10.3.4.10.1.3.1.3 |
The shared key will be used to authenticate a tacacs client
with the tacacs server. This has key is different from the
user authentication keys. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(8..255) |
|
oacAAATacacsServerTimeout |
1.3.6.1.4.1.13191.10.3.4.10.1.3.1.4 |
The default timeout value for an client to wait for a response
from the tacacs server is set to 3 seconds. but this can be
modified by setting a value. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
1..600 |
|
oacAAATacacsServerInterface |
1.3.6.1.4.1.13191.10.3.4.10.1.3.1.5 |
The interface which this tacacs client should use to contact
the configured tacacs server. The interface is identified by
the ifIndex. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InterfaceIndex |
|
|
oacAAAAuthenticationServerConfigTable |
1.3.6.1.4.1.13191.10.3.4.10.1.5 |
AAA configuration on OneOS
The AAA servers can be configured to either authenticate
user login or authenticate enable commands for a given user.
OneOS can either use all radius servers or all tacas servers
or a group of configured radius servers
or a group of configured tacacs servers
or only the local database. By default if a radius/tacacs
servers are configured, ONEOS will use the AAA servers in the
order in which they are configured.
The following commands are available to configure the AAA servers.
aaa authentication login {default|console|network} {|radius|tacacs}
aaa authentication enable {default|console|network} {|radius|tacacs}
Hence the following will be the attributes for the
AAA authentication configuration table
1) Authentication for (login or enable) Integer as enum
2) Authentication from (default or console or network) Integer as enum
3) Authentication servertype String |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
OacAAAAuthenticationServerConfigEntry |
|
oacAAAAuthenticationServerConfigEntry |
1.3.6.1.4.1.13191.10.3.4.10.1.5.1 |
An entry will define how a login/enable from console or network
will use which group of servers of either radius or tacacs.
Each entry is uniquly identified by an dual index. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
OacAAAAuthenticationServerConfigEntry |
|
|
oacAAAAuthenticationFeature |
1.3.6.1.4.1.13191.10.3.4.10.1.5.1.1 |
A user can login to the device and just monitor. A user can
configure the device when he enters the enabled mode. The device
will challenge an user for authentication when ever he enters and
enabled command. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
login(1), enable(2) |
|
oacAAAAuthenticationReqSrc |
1.3.6.1.4.1.13191.10.3.4.10.1.5.1.2 |
The user can access the device either thru the default mode or
from the console or from the network like ssh and telnet. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
default(1), console(2), network(3) |
|
oacAAAAuthenticationSvrType |
1.3.6.1.4.1.13191.10.3.4.10.1.5.1.3 |
The authentication servers can be either a group of radius
serves or a group of tacacs servers or all radius servers or all
tacacs server. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(1..255) |
|
oacAAAAuthenticationConfigBannerSeqEntry |
1.3.6.1.4.1.13191.10.3.4.10.1.6.1 |
Each entry will hold one banner string |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
OacAAAAuthenticationConfigBannerSeqEntry |
|
|
oacAAAAuthenticationBannerSequence |
1.3.6.1.4.1.13191.10.3.4.10.1.6.1.1 |
The maximum number of strings that can be stored are 40. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
1..40 |
|
oacAAAAuthenticationBannerString |
1.3.6.1.4.1.13191.10.3.4.10.1.6.1.2 |
banner test is a set of string maximum upto 255 characters. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(1..255) |
|
oacAAAGroupServerConfigTable |
1.3.6.1.4.1.13191.10.3.4.10.1.7 |
Configuring AAA Group Servers:
The cli command to configure a group of servers
aaa group server { radius | tacacs }
server {| }
The SNMP table for group servers will be
1) group name OCTET STRING
2) group type INTEGER (ENUM)
3) server OCTET STRING |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
OacAAAGroupServerConfigEntry |
|
oacAAAGroupServerConfigEntry |
1.3.6.1.4.1.13191.10.3.4.10.1.7.1 |
A group server entry will hold information about an
configured radius or tacacs server to which group it belongs to. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
OacAAAGroupServerConfigEntry |
|
|
oacAAAServerGroupType |
1.3.6.1.4.1.13191.10.3.4.10.1.7.1.2 |
Only server of type defined above can be added to this group.
all the servers can be either of type radius or type tacacs. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
radius(1), tacacs(2) |
|
oacAAAServerGroupServerInfo |
1.3.6.1.4.1.13191.10.3.4.10.1.7.1.3 |
This object will hold the inforamtion about the server,
which can be an IPv4 Address or an Hostname. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
DisplayString |
|
|
oacAAAAccCmdsConfigTable |
1.3.6.1.4.1.13191.10.3.4.10.1.9 |
This table provides the information for AAA accounting commands.
SNMP table for the above command will be
1) access level of the command INTEGER 0-15
2) tacacs+ group OCTET STRING default all. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
OacAAAAccCmdsConfigEntry |
|
oacAAAAccCmdsConfigEntry |
1.3.6.1.4.1.13191.10.3.4.10.1.9.1 |
each entry will define an access level and the tacacs group name. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
OacAAAAccCmdsConfigEntry |
|
|
oacAAAAccCmdAccessLevel |
1.3.6.1.4.1.13191.10.3.4.10.1.9.1.1 |
The command access level for which accounting has to be done. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
0..15 |
|
oacAAAAccTacacsGroupName |
1.3.6.1.4.1.13191.10.3.4.10.1.9.1.2 |
The group of servers that can be used to perform accounting
for a given command access level. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
DisplayString |
|
|
oacAAAAccConfigExecStartStop |
1.3.6.1.4.1.13191.10.3.4.10.1.10 |
Set EXEC accounting and the method is default, to use
start-stop record accounting notice. Uses TACACS+ server for accounting. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..255) |
|
oacAAAAccConfigSystemStartStop |
1.3.6.1.4.1.13191.10.3.4.10.1.11 |
Set System accounting and the method is default, to use
start-stop record accounting notice. Uses TACACS+ server for accounting. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..255) |
|
oacAAAConfigGroup |
1.3.6.1.4.1.13191.10.3.4.10.2.1.1 |
Group of AAA objects |
Status: current |
Access: read-write |
OBJECT-GROUP |
|
|
|
oacAAACompls |
1.3.6.1.4.1.13191.10.3.4.10.2.2 |
OBJECT IDENTIFIER |
|
|
|