ONEACCESS-AAA-MIB

File: ONEACCESS-AAA-MIB.mib (23150 bytes)

Imported modules

SNMPv2-CONF SNMPv2-SMI SNMPv2-TC
IF-MIB ONEACCESS-GLOBAL-REG

Imported symbols

OBJECT-GROUP IpAddress Integer32
Counter32 Counter64 OBJECT-TYPE
MODULE-IDENTITY DisplayString RowStatus
PhysAddress TruthValue InterfaceIndex
oacExpIMManagement oacMIBModules

Defined Types

OacAAARadiusServerConfigEntry  
SEQUENCE    
  oacAAARadiusServerInfo DisplayString
  oacAAARadiusServerPort INTEGER
  oacAAARadiusServerSharedKey OCTET STRING
  oacAAARadiusServerRetries INTEGER
  oacAAARadiusServerTimeout INTEGER
  oacAAARadiusServerInterface InterfaceIndex
  oacAAARadiusServerRowStatus RowStatus

OacAAATacacsServerConfigEntry  
SEQUENCE    
  oacAAATacacsServerInfo DisplayString
  oacAAATacacsServerPort INTEGER
  oacAAATacacsServerSharedKey OCTET STRING
  oacAAATacacsServerTimeout INTEGER
  oacAAATacacsServerInterface InterfaceIndex
  oacAAATacacsServerRowStatus RowStatus

OacAAAAuthenticationServerConfigEntry  
SEQUENCE    
  oacAAAAuthenticationFeature INTEGER
  oacAAAAuthenticationReqSrc INTEGER
  oacAAAAuthenticationSvrType OCTET STRING
  oacAAAAuthenticationServerRowStatus RowStatus

OacAAAAuthenticationConfigBannerSeqEntry  
SEQUENCE    
  oacAAAAuthenticationBannerSequence INTEGER
  oacAAAAuthenticationBannerString OCTET STRING
  oacAAAAuthenticationBannerSeqRowStatus RowStatus

OacAAAGroupServerConfigEntry  
SEQUENCE    
  oacAAAServerGroupName DisplayString
  oacAAAServerGroupType INTEGER
  oacAAAServerGroupServerInfo DisplayString
  oacAAAServerGroupRowStatus RowStatus

OacAAAAccCmdsConfigEntry  
SEQUENCE    
  oacAAAAccCmdAccessLevel INTEGER
  oacAAAAccTacacsGroupName DisplayString
  oacAAAAccCmdsRowStatus RowStatus

Defined Values

oacAAAConfigMIB 1.3.6.1.4.1.13191.1.100.690
Fixed the issues related to octet string range
MODULE-IDENTITY    

oacAAAConfig 1.3.6.1.4.1.13191.10.3.4.10
OBJECT IDENTIFIER    

oacAAAConfigObjects 1.3.6.1.4.1.13191.10.3.4.10.1
OBJECT IDENTIFIER    

oacAAAConfigConformance 1.3.6.1.4.1.13191.10.3.4.10.2
OBJECT IDENTIFIER    

oacAAARadiusServerConfigTable 1.3.6.1.4.1.13191.10.3.4.10.1.1
Configuring Radius Server: For the device to authenticate with an radius server database, the following parameters have to be configured. The cli command for adding a radius server details is radius-server [] [ ] The snmp table will contain the following attributes. 1) hostname or IP Address String 2) Radius Server Port Integer 1-65535 3) Shared Key String. 4) Retransmit Integer 1-100 default 3 5) Timeout Integer 1-600 default 3 6) Interface InterfaceIndex
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    OacAAARadiusServerConfigEntry

oacAAARadiusServerConfigEntry 1.3.6.1.4.1.13191.10.3.4.10.1.1.1
The Radius Server config entry will hold the details of one radius servers configured for the client to send the requests for authentication. This table is indexed on oacAAARadiusServrInfo which can be either an ipaddress or hostname of the Radius Server.
Status: current Access: not-accessible
OBJECT-TYPE    
  OacAAARadiusServerConfigEntry  

oacAAARadiusServerInfo 1.3.6.1.4.1.13191.10.3.4.10.1.1.1.1
The Info can be an : A.B.C.D IPv4 host address A.B.C.D Ipv4 subnet hostname Hostname.
Status: current Access: read-create
OBJECT-TYPE    
  DisplayString  

oacAAARadiusServerPort 1.3.6.1.4.1.13191.10.3.4.10.1.1.1.2
The default server port to which radius client will connect to a radius server is 1812. But the user can always specify the port to which the client should connect when contacting the configured radius server.
Status: current Access: read-create
OBJECT-TYPE    
  INTEGER 1..65535  

oacAAARadiusServerSharedKey 1.3.6.1.4.1.13191.10.3.4.10.1.1.1.3
Pre shared key between the radius client and server.
Status: current Access: read-create
OBJECT-TYPE    
  OCTET STRING Size(8..255)  

oacAAARadiusServerRetries 1.3.6.1.4.1.13191.10.3.4.10.1.1.1.4
The Client can do the configured number of retries to this radius server before moving to the next radius server. The default number of retries is 3.
Status: current Access: read-create
OBJECT-TYPE    
  INTEGER 1..100  

oacAAARadiusServerTimeout 1.3.6.1.4.1.13191.10.3.4.10.1.1.1.5
The nummber of seconds to wait before to call a timeout. The default value is 3 seconds.
Status: current Access: read-create
OBJECT-TYPE    
  INTEGER 1..600  

oacAAARadiusServerInterface 1.3.6.1.4.1.13191.10.3.4.10.1.1.1.6
The interface for this device to use to contact the radius server for auth requests. It is identified by the ifIndex. Each interface/unit is identified by an ifIndex.
Status: current Access: read-create
OBJECT-TYPE    
  InterfaceIndex  

oacAAARadiusServerRowStatus 1.3.6.1.4.1.13191.10.3.4.10.1.1.1.7
The Row status for an entry in the oacAAARadiusServerConfigTable.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

oacAAARadiusConfigAccPort 1.3.6.1.4.1.13191.10.3.4.10.1.2
Set the port for Radius accouting. reset or deletion of this value is not possible the port value can only be modified.
Status: current Access: read-write
OBJECT-TYPE    
  INTEGER 1..65535  

oacAAATacacsServerConfigTable 1.3.6.1.4.1.13191.10.3.4.10.1.3
Configuring Tacacs client: The cli to add tacacs server info for the tacacs client is tacacs-server [] [ ] Hence the snmp table for to hold the tacacs server info has the following 1) hostname or IP Address OCTET STRING 2) TACACs serverport Integer 1-65535 3) Shared Key OCTET STRING 4) Timeout integer 1-600 default 3 5) Interface InterfaceIndex
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    OacAAATacacsServerConfigEntry

oacAAATacacsServerConfigEntry 1.3.6.1.4.1.13191.10.3.4.10.1.3.1
An entry holds the information per tacacs server configured. the entry is uniquely identified/indexed by the oacAAATacacsServerInfo which can be either the IPv4 address or an hostname.
Status: current Access: not-accessible
OBJECT-TYPE    
  OacAAATacacsServerConfigEntry  

oacAAATacacsServerInfo 1.3.6.1.4.1.13191.10.3.4.10.1.3.1.1
The Info can be an : A.B.C.D IPv4 host address A.B.C.D Ipv4 subnet hostname Hostname.
Status: current Access: read-create
OBJECT-TYPE    
  DisplayString  

oacAAATacacsServerPort 1.3.6.1.4.1.13191.10.3.4.10.1.3.1.2
The default for an tacacs client to connect to tacacs server is 49. But this can vary depending on the server configuration. Hence when a tacacs server is added the port on which this server is running has to be specified.
Status: current Access: read-create
OBJECT-TYPE    
  INTEGER 1..65535  

oacAAATacacsServerSharedKey 1.3.6.1.4.1.13191.10.3.4.10.1.3.1.3
The shared key will be used to authenticate a tacacs client with the tacacs server. This has key is different from the user authentication keys.
Status: current Access: read-create
OBJECT-TYPE    
  OCTET STRING Size(8..255)  

oacAAATacacsServerTimeout 1.3.6.1.4.1.13191.10.3.4.10.1.3.1.4
The default timeout value for an client to wait for a response from the tacacs server is set to 3 seconds. but this can be modified by setting a value.
Status: current Access: read-create
OBJECT-TYPE    
  INTEGER 1..600  

oacAAATacacsServerInterface 1.3.6.1.4.1.13191.10.3.4.10.1.3.1.5
The interface which this tacacs client should use to contact the configured tacacs server. The interface is identified by the ifIndex.
Status: current Access: read-create
OBJECT-TYPE    
  InterfaceIndex  

oacAAATacacsServerRowStatus 1.3.6.1.4.1.13191.10.3.4.10.1.3.1.6
The Rowstatus for this entry.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

oacAAATacacsConfigUseUsername 1.3.6.1.4.1.13191.10.3.4.10.1.4
usage of user name for authentication for enable command.
Status: current Access: read-write
OBJECT-TYPE    
  TruthValue  

oacAAAAuthenticationServerConfigTable 1.3.6.1.4.1.13191.10.3.4.10.1.5
AAA configuration on OneOS The AAA servers can be configured to either authenticate user login or authenticate enable commands for a given user. OneOS can either use all radius servers or all tacas servers or a group of configured radius servers or a group of configured tacacs servers or only the local database. By default if a radius/tacacs servers are configured, ONEOS will use the AAA servers in the order in which they are configured. The following commands are available to configure the AAA servers. aaa authentication login {default|console|network} {|radius|tacacs} aaa authentication enable {default|console|network} {|radius|tacacs} Hence the following will be the attributes for the AAA authentication configuration table 1) Authentication for (login or enable) Integer as enum 2) Authentication from (default or console or network) Integer as enum 3) Authentication servertype String
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    OacAAAAuthenticationServerConfigEntry

oacAAAAuthenticationServerConfigEntry 1.3.6.1.4.1.13191.10.3.4.10.1.5.1
An entry will define how a login/enable from console or network will use which group of servers of either radius or tacacs. Each entry is uniquly identified by an dual index.
Status: current Access: not-accessible
OBJECT-TYPE    
  OacAAAAuthenticationServerConfigEntry  

oacAAAAuthenticationFeature 1.3.6.1.4.1.13191.10.3.4.10.1.5.1.1
A user can login to the device and just monitor. A user can configure the device when he enters the enabled mode. The device will challenge an user for authentication when ever he enters and enabled command.
Status: current Access: read-create
OBJECT-TYPE    
  INTEGER login(1), enable(2)  

oacAAAAuthenticationReqSrc 1.3.6.1.4.1.13191.10.3.4.10.1.5.1.2
The user can access the device either thru the default mode or from the console or from the network like ssh and telnet.
Status: current Access: read-create
OBJECT-TYPE    
  INTEGER default(1), console(2), network(3)  

oacAAAAuthenticationSvrType 1.3.6.1.4.1.13191.10.3.4.10.1.5.1.3
The authentication servers can be either a group of radius serves or a group of tacacs servers or all radius servers or all tacacs server.
Status: current Access: read-create
OBJECT-TYPE    
  OCTET STRING Size(1..255)  

oacAAAAuthenticationServerRowStatus 1.3.6.1.4.1.13191.10.3.4.10.1.5.1.4
The Row status for this entry.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

oacAAAAuthenticationConfigBannerSeqTable 1.3.6.1.4.1.13191.10.3.4.10.1.6
This table holds upto 40 banner messages used in authentication
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    OacAAAAuthenticationConfigBannerSeqEntry

oacAAAAuthenticationConfigBannerSeqEntry 1.3.6.1.4.1.13191.10.3.4.10.1.6.1
Each entry will hold one banner string
Status: current Access: not-accessible
OBJECT-TYPE    
  OacAAAAuthenticationConfigBannerSeqEntry  

oacAAAAuthenticationBannerSequence 1.3.6.1.4.1.13191.10.3.4.10.1.6.1.1
The maximum number of strings that can be stored are 40.
Status: current Access: read-create
OBJECT-TYPE    
  INTEGER 1..40  

oacAAAAuthenticationBannerString 1.3.6.1.4.1.13191.10.3.4.10.1.6.1.2
banner test is a set of string maximum upto 255 characters.
Status: current Access: read-create
OBJECT-TYPE    
  OCTET STRING Size(1..255)  

oacAAAAuthenticationBannerSeqRowStatus 1.3.6.1.4.1.13191.10.3.4.10.1.6.1.3
The row status of this entry
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

oacAAAGroupServerConfigTable 1.3.6.1.4.1.13191.10.3.4.10.1.7
Configuring AAA Group Servers: The cli command to configure a group of servers aaa group server { radius | tacacs } server {| } The SNMP table for group servers will be 1) group name OCTET STRING 2) group type INTEGER (ENUM) 3) server OCTET STRING
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    OacAAAGroupServerConfigEntry

oacAAAGroupServerConfigEntry 1.3.6.1.4.1.13191.10.3.4.10.1.7.1
A group server entry will hold information about an configured radius or tacacs server to which group it belongs to.
Status: current Access: not-accessible
OBJECT-TYPE    
  OacAAAGroupServerConfigEntry  

oacAAAServerGroupName 1.3.6.1.4.1.13191.10.3.4.10.1.7.1.1
The group name which is the index for each entry.
Status: current Access: read-create
OBJECT-TYPE    
  DisplayString  

oacAAAServerGroupType 1.3.6.1.4.1.13191.10.3.4.10.1.7.1.2
Only server of type defined above can be added to this group. all the servers can be either of type radius or type tacacs.
Status: current Access: read-create
OBJECT-TYPE    
  INTEGER radius(1), tacacs(2)  

oacAAAServerGroupServerInfo 1.3.6.1.4.1.13191.10.3.4.10.1.7.1.3
This object will hold the inforamtion about the server, which can be an IPv4 Address or an Hostname.
Status: current Access: read-create
OBJECT-TYPE    
  DisplayString  

oacAAAServerGroupRowStatus 1.3.6.1.4.1.13191.10.3.4.10.1.7.1.4
The row status for this entry.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

oacAAAAuthorizationConfigCmdLevelDefTacacs 1.3.6.1.4.1.13191.10.3.4.10.1.8
To enable AAA authorization for a given privilege level
Status: current Access: read-write
OBJECT-TYPE    
  INTEGER 0..15  

oacAAAAccCmdsConfigTable 1.3.6.1.4.1.13191.10.3.4.10.1.9
This table provides the information for AAA accounting commands. SNMP table for the above command will be 1) access level of the command INTEGER 0-15 2) tacacs+ group OCTET STRING default all.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    OacAAAAccCmdsConfigEntry

oacAAAAccCmdsConfigEntry 1.3.6.1.4.1.13191.10.3.4.10.1.9.1
each entry will define an access level and the tacacs group name.
Status: current Access: not-accessible
OBJECT-TYPE    
  OacAAAAccCmdsConfigEntry  

oacAAAAccCmdAccessLevel 1.3.6.1.4.1.13191.10.3.4.10.1.9.1.1
The command access level for which accounting has to be done.
Status: current Access: read-create
OBJECT-TYPE    
  INTEGER 0..15  

oacAAAAccTacacsGroupName 1.3.6.1.4.1.13191.10.3.4.10.1.9.1.2
The group of servers that can be used to perform accounting for a given command access level.
Status: current Access: read-create
OBJECT-TYPE    
  DisplayString  

oacAAAAccCmdsRowStatus 1.3.6.1.4.1.13191.10.3.4.10.1.9.1.3
The row status for this entry.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

oacAAAAccConfigExecStartStop 1.3.6.1.4.1.13191.10.3.4.10.1.10
Set EXEC accounting and the method is default, to use start-stop record accounting notice. Uses TACACS+ server for accounting.
Status: current Access: read-write
OBJECT-TYPE    
  OCTET STRING Size(0..255)  

oacAAAAccConfigSystemStartStop 1.3.6.1.4.1.13191.10.3.4.10.1.11
Set System accounting and the method is default, to use start-stop record accounting notice. Uses TACACS+ server for accounting.
Status: current Access: read-write
OBJECT-TYPE    
  OCTET STRING Size(0..255)  

oacAAAConfigGroups 1.3.6.1.4.1.13191.10.3.4.10.2.1
OBJECT IDENTIFIER    

oacAAAConfigGroup 1.3.6.1.4.1.13191.10.3.4.10.2.1.1
Group of AAA objects
Status: current Access: read-write
OBJECT-GROUP    

oacAAACompls 1.3.6.1.4.1.13191.10.3.4.10.2.2
OBJECT IDENTIFIER