From 98a672123c7872f6b9b75a9a2b6bb3aea504de6a Mon Sep 17 00:00:00 2001 From: David Leutgeb Date: Tue, 5 Dec 2023 12:25:34 +0100 Subject: Initial commit --- MIBS/nokia/ALCATEL-IND1-AAA-MIB | 2889 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 2889 insertions(+) create mode 100644 MIBS/nokia/ALCATEL-IND1-AAA-MIB (limited to 'MIBS/nokia/ALCATEL-IND1-AAA-MIB') diff --git a/MIBS/nokia/ALCATEL-IND1-AAA-MIB b/MIBS/nokia/ALCATEL-IND1-AAA-MIB new file mode 100644 index 0000000..a1a55d2 --- /dev/null +++ b/MIBS/nokia/ALCATEL-IND1-AAA-MIB @@ -0,0 +1,2889 @@ +ALCATEL-IND1-AAA-MIB DEFINITIONS ::= BEGIN + + IMPORTS + MODULE-IDENTITY, OBJECT-IDENTITY, OBJECT-TYPE, IpAddress, Unsigned32, NOTIFICATION-TYPE + FROM SNMPv2-SMI + DisplayString, MacAddress, RowStatus + FROM SNMPv2-TC + MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP + FROM SNMPv2-CONF + SnmpAdminString FROM SNMP-FRAMEWORK-MIB + InetAddressType, InetAddress + FROM INET-ADDRESS-MIB + softentIND1AAA, alaAaaTraps + FROM ALCATEL-IND1-BASE; + + + alcatelIND1AAAMIB MODULE-IDENTITY + LAST-UPDATED "200704030000Z" + ORGANIZATION "Alcatel-Lucent" + CONTACT-INFO + "Please consult with Customer Service to ensure the most appropriate + version of this document is used with the products in question: + + Alcatel-Lucent, Enterprise Solutions Division + (Formerly Alcatel Internetworking, Incorporated) + 26801 West Agoura Road + Agoura Hills, CA 91301-5122 + United States Of America + + Telephone: North America +1 800 995 2696 + Latin America +1 877 919 9526 + Europe +31 23 556 0100 + Asia +65 394 7933 + All Other +1 818 878 4507 + + Electronic Mail: support@ind.alcatel.com + World Wide Web: http://alcatel-lucent.com/wps/portal/enterprise + File Transfer Protocol: ftp://ftp.ind.alcatel.com/pub/products/mibs" + + DESCRIPTION + "This module describes an authoritative enterprise-specific Simple + Network Management Protocol (SNMP) Management Information Base (MIB): + + For the Birds Of Prey Product Line + Authentication, Authorization, and Accounting (AAA) Subsystem. + + The right to make changes in specification and other information + contained in this document without prior notice is reserved. + + No liability shall be assumed for any incidental, indirect, special, or + consequential damages whatsoever arising from or related to this + document or the information contained herein. + + Vendors, end-users, and other interested parties are granted + non-exclusive license to use this specification in connection with + management of the products for which it is intended to be used. + + Copyright (C) 1995-2007 Alcatel-Lucent + ALL RIGHTS RESERVED WORLDWIDE" + + REVISION "200704030000Z" + DESCRIPTION + "The latest version of this MIB Module." + + ::= { softentIND1AAA 1 } + + + + alcatelIND1AAAMIBObjects OBJECT-IDENTITY + STATUS current + DESCRIPTION + "Branch For Authentication, Authorization, and Accounting (AAA) + Subsystem Managed Objects." + ::= { alcatelIND1AAAMIB 1 } + + + alcatelIND1AAAMIBConformance OBJECT-IDENTITY + STATUS current + DESCRIPTION + "Branch For Authentication, Authorization, and Accounting (AAA) + Subsystem Conformance Information." + ::= { alcatelIND1AAAMIB 2 } + + + alcatelIND1AAAMIBGroups OBJECT-IDENTITY + STATUS current + DESCRIPTION + "Branch For Authentication, Authorization, and Accounting (AAA) + Subsystem Units Of Conformance." + ::= { alcatelIND1AAAMIBConformance 1 } + + + alcatelIND1AAAMIBCompliances OBJECT-IDENTITY + STATUS current + DESCRIPTION + "Branch For Authentication, Authorization, and Accounting (AAA) + Subsystem Compliance Statements." + ::= { alcatelIND1AAAMIBConformance 2 } + + + +-- Overview of the AAA MIB +-- +-- this MIB provides configuration of the AAA services including the +-- servers and the local user database +-- + +-- AAA server MIB + + aaaServerMIB OBJECT IDENTIFIER ::= { alcatelIND1AAAMIBObjects 1 } + +-- +-- Server configuration table +-- + + aaaServerTable OBJECT-TYPE + SYNTAX SEQUENCE OF AaaServerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table shows current configuration for each AAA server." + ::= { aaaServerMIB 1 } + + aaaServerEntry OBJECT-TYPE + SYNTAX AaaServerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An AAA server configuration identified by its protocol + and its index. An entry is created/removed when a server + is defined or undefined with IOS configuration commands + via CLI or by issuing appropriate sets to this table + using snmp." + INDEX { aaasName } + ::= { aaaServerTable 1 } + + AaaServerEntry ::= SEQUENCE + { + aaasName DisplayString, + aaasProtocol INTEGER, + aaasHostName DisplayString, + aaasIpAddress IpAddress, + aaasHostName2 DisplayString, + aaasIpAddress2 IpAddress, + aaasRetries INTEGER, + aaasTimout INTEGER, + aaasRadKey DisplayString, + aaasRadAuthPort INTEGER, + aaasRadAcctPort INTEGER, + aaasLdapPort INTEGER, + aaasLdapDn DisplayString, + aaasLdapPasswd DisplayString, + aaasLdapSearchBase DisplayString, + aaasLdapServType INTEGER, + aaasLdapEnableSsl INTEGER, + aaasAceClear INTEGER, + aaasRowStatus RowStatus, + aaasTacacsKey DisplayString, + aaasTacacsPort INTEGER, + aaasHttpPort INTEGER, + aaasHttpDirectory DisplayString, + aaasHttpProxyHostName DisplayString, + aaasHttpProxyIpAddress IpAddress, + aaasHttpProxyPort INTEGER, + aaasVrfName DisplayString + } + + aaasName OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the server. + This name is given by the operator to refer the server." + ::= { aaaServerEntry 1} + + aaasProtocol OBJECT-TYPE + SYNTAX INTEGER + { + radius(1), + ldap(2), + ace(3), + tacacs(4) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Protocol used with the server: + radius(1) - RADIUS + ldap(2) - LDAP + ace(3) - ACE + tacacs(4) - TACACS+" + ::= { aaaServerEntry 2} + + aaasHostName OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 64 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "DNS name of the server host." + ::= { aaaServerEntry 3} + + aaasIpAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "IP address of the server host." + ::= { aaaServerEntry 4} + + aaasHostName2 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 64 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "DNS name of the backup server host." + ::= { aaaServerEntry 5} + + aaasIpAddress2 OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "IP address of the backup server host." + ::= { aaaServerEntry 6} + + aaasRetries OBJECT-TYPE + SYNTAX INTEGER ( 0 .. 32 ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + " Number of retries the switch makes to the server to + authenticate a user before trying the next backup server. + The default value is 3." + DEFVAL { 3 } + ::= { aaaServerEntry 7} + + aaasTimout OBJECT-TYPE + SYNTAX INTEGER ( 0 .. 512 ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Time-out for server replies to authentication requests. + The default value is 2." + DEFVAL { 2 } + ::= { aaaServerEntry 8} + + aaasRadKey OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 64 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The shared secret is a string of characters known to the switch + and to the RADIUS server, but it is not sent out over the network. + The secret can be any text string and must be configured here as + well as on the server. The secret is stored encrypted using a two + way algorithm." + ::= { aaaServerEntry 9} + + + aaasRadAuthPort OBJECT-TYPE + SYNTAX INTEGER ( 0 .. 65535 ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "For RADIUS server only. + Port number for authentication request; + the host is not used for authentication if set to 0. + The default value is 1645." + DEFVAL { 1645 } + ::= { aaaServerEntry 10} + + aaasRadAcctPort OBJECT-TYPE + SYNTAX INTEGER ( 0 .. 65535 ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "For RADIUS server only. + Port number for accounting request; + the host is not used for authentication if set to 0. + The default value is 1646." + DEFVAL { 1646 } + ::= { aaaServerEntry 11} + + aaasLdapPort OBJECT-TYPE + SYNTAX INTEGER ( 0 .. 65535 ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "For LDAP server only. + Port number for LDAP server host." + DEFVAL { 0 } + ::= { aaaServerEntry 12} + + aaasLdapDn OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 255 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "For LDAP server only. + the super user dn, i.e., the administrative distinguished name + recognized by the LDAP-enabled directory servers + (e.g., cn=manager)" + ::= { aaaServerEntry 13} + + aaasLdapPasswd OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "For LDAP server only. + the super user password, i.e., the administrative password + recognized by LDAP-enabled directory servers (e.g., secret). + The secret is stored encrypted using a two way algorithm." + ::= { aaaServerEntry 14} + + aaasLdapSearchBase OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 64 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "For LDAP server only. + Search base recognized by LDAP-enabled + directory servers (e.g.,o=company, c=US)." + ::= { aaaServerEntry 15} + + aaasLdapServType OBJECT-TYPE + SYNTAX INTEGER + { + ns(0), + generic(1), + netscape(2), + novell(3), + sun(4), + microsoft(5) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "For LDAP server only. + Directory server type used in LDAP Authentication: + ns(0) - non significant value + generic(1) - Generic Schema + netscape(2) - Netscape Directory Server + novell(3) - Novell NDS + sun(4) - Sun Directory Services + microsoft(5) - Microsoft Active Directory" + DEFVAL { netscape } + ::= { aaaServerEntry 16} + + aaasLdapEnableSsl OBJECT-TYPE + SYNTAX INTEGER + { + ns(0), + true(1), + false(2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Only for LDAP server. + Specify if the connection between the swtich and the LDAP server + use a SSL session." + DEFVAL { false } + ::= { aaaServerEntry 17} + + aaasAceClear OBJECT-TYPE + SYNTAX INTEGER + { + ns(0), + true(1), + false(2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Only for ACE server. + The ACE/Server generates a secrets that it sends to clients + for authentication. While you cannot configure the secret on + the switch, you can clear it. + To clear the current ACE/Server secret, set this OID. + After clearing the secret on the switch, you must also clear + the secret from the ACE server." + DEFVAL { false } + ::= { aaaServerEntry 18} + + + aaasRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this table entry." + DEFVAL { notInService } + ::= { aaaServerEntry 19} + + aaasTacacsKey OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 64 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The shared secret is a string of characters known to the switch + and to the TACACS+ server, but it is not sent out over the network. + The secret can be any text string and must be configured here as + well as on the server. The secret is stored encrypted using a two + way algorithm." + ::= { aaaServerEntry 20} + + + aaasTacacsPort OBJECT-TYPE + SYNTAX INTEGER ( 0 .. 65535 ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "For TACACS+ server only. + Port number for LDAP server host." + DEFVAL { 49 } + ::= { aaaServerEntry 21} + + aaasHttpPort OBJECT-TYPE + SYNTAX INTEGER ( 0 .. 65535 ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "For HTTP server only. + Port number for LDAP server host." + ::= { aaaServerEntry 22} + + aaasHttpDirectory OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 64 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "For HTTP server only. + A combination of directory tree and filename where the CRL can be found." + ::= { aaaServerEntry 23} + + aaasHttpProxyHostName OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 64 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "For HTTP server only. + DNS name of the proxy server." + ::= { aaaServerEntry 24} + + aaasHttpProxyIpAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "For HTTP server only. + IP address of the proxy server." + ::= { aaaServerEntry 25} + + aaasHttpProxyPort OBJECT-TYPE + SYNTAX INTEGER ( 0 .. 65535 ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "For HTTP server only. + Port number for HTTP proxy server." + ::= { aaaServerEntry 26} + + aaasVrfName OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the VRF that the server is on. + This VRF name is valid only when the server type is RADIUS. + (aaasProtocol = 1 (Radius)." + ::= { aaaServerEntry 27} + + + +-- AAA authentication accounting MIB + + aaaAuthAcctMIB OBJECT IDENTIFIER ::= { alcatelIND1AAAMIBObjects 2 } + +-- +-- Authenticated Vlan configuration table +-- + + aaaAuthVlanTable OBJECT-TYPE + SYNTAX SEQUENCE OF AaaAuthVlanEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table allow to display and modify the configuration of the + authentication servers for the authenticated vlans." + ::= { aaaAuthAcctMIB 1 } + + aaaAuthVlanEntry OBJECT-TYPE + SYNTAX AaaAuthVlanEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "There can be one or several entries in this table. In case of + single authority, all vlan are authenticated by the same set of + servers, the aaatvVlan index is then equal to 0. In case of multiple + authorities, each authenticated vlan has its own list of servers." + INDEX { aaatvVlan } + ::= { aaaAuthVlanTable 1 } + + AaaAuthVlanEntry ::= SEQUENCE + { + aaatvVlan INTEGER, + aaatvName1 DisplayString, + aaatvName2 DisplayString, + aaatvName3 DisplayString, + aaatvName4 DisplayString, + aaatvRowStatus RowStatus, + aaatvCertificate INTEGER + } + + aaatvVlan OBJECT-TYPE + SYNTAX INTEGER ( 0 .. 65535 ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "It indicate the vlan number authenticated by the servers. + The value (0) means that all vlan are authenticated by the same + servers (single mode configuration)." + ::= { aaaAuthVlanEntry 1} + + aaatvName1 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the server. + It corresponds to an index value of the aaaServerTable + An Ace server can not be used in front hand." + ::= { aaaAuthVlanEntry 2} + + aaatvName2 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the server. + It corresponds to an index value of the aaaServerTable + An Ace server can not be used in front hand." + DEFVAL { "" } + ::= { aaaAuthVlanEntry 3} + + aaatvName3 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the server. + It corresponds to an index value of the aaaServerTable + An Ace server can not be used in front hand." + DEFVAL { "" } + ::= { aaaAuthVlanEntry 4} + + aaatvName4 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the server. + It corresponds to an index value of the aaaServerTable + An Ace server can not be used in front hand." + DEFVAL { "" } + ::= { aaaAuthVlanEntry 5} + + aaatvRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this table entry." + DEFVAL { notInService } + ::= { aaaAuthVlanEntry 6} + + aaatvCertificate OBJECT-TYPE + SYNTAX INTEGER + { + noCertificate(0), + certificateOnly(1), + certificateWithPassword(2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "use of x509 user certificate during the HTTPs session establisment. + noCertificate(0)- no user certificate is required, + certificateOnly(1) - the DN from the certifiicate is used to access to the authorization + data of the user + certificateWithPassword(2) - the user must execute a log-in procedure with user + name and password after his certificate validation" + DEFVAL { noCertificate } + ::= { aaaAuthVlanEntry 7} + + +-- +-- Authenticated switch access configuration table +-- + + aaaAuthSATable OBJECT-TYPE + SYNTAX SEQUENCE OF AaaAuthSAEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table allow to display and modify the configuration of the + authentication servers for the switch accesses." + ::= { aaaAuthAcctMIB 2 } + + aaaAuthSAEntry OBJECT-TYPE + SYNTAX AaaAuthSAEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A switch access authentication entry is specified by the type + of access." + INDEX { aaatsInterface} + ::= { aaaAuthSATable 1 } + + AaaAuthSAEntry ::= SEQUENCE + { + aaatsInterface INTEGER, + aaatsName1 DisplayString, + aaatsName2 DisplayString, + aaatsName3 DisplayString, + aaatsName4 DisplayString, + aaatsRowStatus RowStatus, + aaatsCertificate INTEGER + } + + aaatsInterface OBJECT-TYPE + SYNTAX INTEGER + { + default(1), + console(2), + telnet(3), + ftp(4), + http(5), + snmp(6), + ssh(7) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Type of connection that must be authenticated + default(1) -define the default authentication method for console, + telnet, ftp, snmp , http and ssh. If the operator + interface is not especially configured the default value + is applied to this interface." + ::= { aaaAuthSAEntry 1} + + + aaatsName1 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the server. + Special value 'local' correspond to the local database. + Other name correspond to an index value of the aaaServerTable + snmp entry can only use ldap server and local database." + ::= { aaaAuthSAEntry 2} + + aaatsName2 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of a server used if the precedent is not accessible. + Special value 'local' correspond to the local database. + Other name correspond to an index value of the aaaServerTable + snmp entry can only use ldap server and local database." + DEFVAL { "" } + ::= { aaaAuthSAEntry 3} + + aaatsName3 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of a server used if the precedent is not accessible. + Special value 'local' correspond to the local database. + Other name correspond to an index value of the aaaServerTable + snmp entry can only use ldap server and local database." + DEFVAL { "" } + ::= { aaaAuthSAEntry 4} + + aaatsName4 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of a server used if the precedent is not accessible. + Special value 'local' correspond to the local database. + Other name correspond to an index value of the aaaServerTable + snmp entry can only use ldap server and local database." + DEFVAL { "" } + ::= { aaaAuthSAEntry 5} + + aaatsRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this table entry." + DEFVAL { notInService } + ::= { aaaAuthSAEntry 7} + + aaatsCertificate OBJECT-TYPE + SYNTAX INTEGER + { + noCertificate(0), + certificateOnly(1), + certificateWithPassword(2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "use of x509 user certificate during the HTTPs session establisment. + noCertificate(0)- no user certificate is required, + certificateOnly(1) - the DN from the certifiicate is used to access to the authorization + data of the user + certificateWithPassword(2) - the user must execute a log-in procedure with user + name and password after his certificate validation" + DEFVAL { noCertificate } + ::= { aaaAuthSAEntry 8} + +-- +-- Accounting configuration table for vlan +-- + + aaaAcctVlanTable OBJECT-TYPE + SYNTAX SEQUENCE OF AaaAcctVlanEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table allows to display and configure the accounting + servers for authenticated Vlans." + ::= { aaaAuthAcctMIB 3 } + + aaaAcctVlanEntry OBJECT-TYPE + SYNTAX AaaAcctVlanEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "There can be one or several entries in this table. In case of + single authority, accounting information for all vlans are sent + to the same set of servers, the aaatVlan index is then equal to 0. In case of multiple + authorities, each authenticated vlan has its own list of servers." + INDEX { aaacvVlan } + ::= { aaaAcctVlanTable 1 } + + AaaAcctVlanEntry ::= SEQUENCE + { + aaacvVlan INTEGER, + aaacvName1 DisplayString, + aaacvName2 DisplayString, + aaacvName3 DisplayString, + aaacvName4 DisplayString, + aaacvRowStatus RowStatus + } + + + aaacvVlan OBJECT-TYPE + SYNTAX INTEGER ( 0 .. 65535 ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Current vlan number. + The value (0) for avlan interface means that all authenticated + vlans use the same servers for authentication." + ::= { aaaAcctVlanEntry 1} + + aaacvName1 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the server. + Special value 'local' correspond to the local log. + Other name correspond to an index value of the aaaServerTable + An Ace server can not be used for accounting." + ::= { aaaAcctVlanEntry 2} + + aaacvName2 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of a server used if the precedent is not accessible. + Special value 'local' correspond to the local log. + Other name correspond to an index value of the aaaServerTable + An Ace server can not be used for accounting." + DEFVAL { "" } + ::= { aaaAcctVlanEntry 3} + + aaacvName3 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of a server used if the precedent is not accessible. + Special value 'local' correspond to the local log. + Other name correspond to an index value of the aaaServerTable + An Ace server can not be used for accounting." + DEFVAL { "" } + ::= { aaaAcctVlanEntry 4} + + aaacvName4 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of a server used if the precedent is not accessible. + Special value 'local' correspond to the local log. + Other name correspond to an index value of the aaaServerTable + An Ace server can not be used for accounting." + DEFVAL { "" } + ::= { aaaAcctVlanEntry 5} + + aaacvRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this table entry." + DEFVAL { notInService } + ::= { aaaAcctVlanEntry 6} + + + +-- +-- Accounting configuration table for switch accesses +-- + + aaaAcctSATable OBJECT-TYPE + SYNTAX SEQUENCE OF AaaAcctSAEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table shows current configuration for Switch access accounting." + ::= { aaaAuthAcctMIB 4 } + + aaaAcctSAEntry OBJECT-TYPE + SYNTAX AaaAcctSAEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Accounting configuration for switch access." + INDEX { aaacsInterface } + ::= { aaaAcctSATable 1 } + + AaaAcctSAEntry ::= SEQUENCE + { + aaacsInterface INTEGER, + aaacsName1 DisplayString, + aaacsName2 DisplayString, + aaacsName3 DisplayString, + aaacsName4 DisplayString, + aaacsRowStatus RowStatus + } + + aaacsInterface OBJECT-TYPE + SYNTAX INTEGER ( 1 .. 1 ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "For now, accounting for console, telnet, ftp, http, snmp, ssh are stored + in the same set of servers, the index is always (1)." + DEFVAL { 1 } + ::= { aaaAcctSAEntry 1} + + + aaacsName1 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the server. + Special value 'local' correspond to the local log. + Other name correspond to an index value of the aaaServerTable + An Ace server can not be used for accounting." + ::= { aaaAcctSAEntry 2} + + aaacsName2 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of a server used if the precedent is not accessible. + Special value 'local' correspond to the local log. + Other name correspond to an index value of the aaaServerTable + An Ace server can not be used for accounting." + DEFVAL { "" } + ::= { aaaAcctSAEntry 3} + + aaacsName3 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of a server used if the precedent is not accessible. + Special value 'local' correspond to the local log. + Other name correspond to an index value of the aaaServerTable + An Ace server can not be used for accounting." + DEFVAL { "" } + ::= { aaaAcctSAEntry 4} + + aaacsName4 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of a server used if the precedent is not accessible. + Special value 'local' correspond to the local log. + Other name correspond to an index value of the aaaServerTable + An Ace server can not be used for accounting." + DEFVAL { "" } + ::= { aaaAcctSAEntry 5} + + aaacsRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this table entry." + DEFVAL { notInService } + ::= { aaaAcctSAEntry 6} + + +-- +-- Authenticated 802.1x configuration table +-- + + aaaAuth8021xTable OBJECT-TYPE + SYNTAX SEQUENCE OF AaaAuth8021xEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table shows current configuration for 802.1X authentication." + ::= { aaaAuthAcctMIB 5 } + + aaaAuth8021xEntry OBJECT-TYPE + SYNTAX AaaAuth8021xEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "configuration for 802.1X authentication." + INDEX { aaatxInterface } + ::= { aaaAuth8021xTable 1 } + + AaaAuth8021xEntry ::= SEQUENCE + { + aaatxInterface INTEGER, + aaatxName1 DisplayString, + aaatxName2 DisplayString, + aaatxName3 DisplayString, + aaatxName4 DisplayString, + aaatxOpen INTEGER, + aaatxRowStatus RowStatus + } + + + aaatxInterface OBJECT-TYPE + SYNTAX INTEGER ( 1 .. 1 ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "For now, the index is always (1)." + DEFVAL { 1 } + ::= { aaaAuth8021xEntry 1} + + + aaatxName1 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the server. + It corresponds to an index value of the aaaServerTable + Only RADIUS server can be used in front hand." + ::= { aaaAuth8021xEntry 2} + + aaatxName2 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the server. + It corresponds to an index value of the aaaServerTable + Only RADIUS server can be used in front hand." + DEFVAL { "" } + ::= { aaaAuth8021xEntry 3} + + aaatxName3 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the server. + It corresponds to an index value of the aaaServerTable + Only RADIUS server can be used in front hand." + DEFVAL { "" } + ::= { aaaAuth8021xEntry 4} + + aaatxName4 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the server. + It corresponds to an index value of the aaaServerTable + Only RADIUS server can be used in front hand." + DEFVAL { "" } + ::= { aaaAuth8021xEntry 5} + + aaatxOpen OBJECT-TYPE + SYNTAX INTEGER + { + global(1), + unique(2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Type of port openning after authentication. If open-global(1) the port treats packet with unknown MAC addresses like an un-authenticated port. If open-unique(2), the port drops incomming packet with unknown MAC addresses." + DEFVAL { unique} + ::= { aaaAuth8021xEntry 6} + + aaatxRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this table entry." + DEFVAL { notInService } + ::= { aaaAuth8021xEntry 7} + +-- +-- Accounting configuration table for 802.1x +-- + + + aaaAcct8021xTable OBJECT-TYPE + SYNTAX SEQUENCE OF AaaAcct8021xEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table shows current configuration for 802.1X accounting." + ::= { aaaAuthAcctMIB 6 } + + aaaAcct8021xEntry OBJECT-TYPE + SYNTAX AaaAcct8021xEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Configuration for 802.1X accounting." + INDEX { aaacxInterface } + ::= { aaaAcct8021xTable 1 } + + AaaAcct8021xEntry ::= SEQUENCE + { + aaacxInterface INTEGER, + aaacxName1 DisplayString, + aaacxName2 DisplayString, + aaacxName3 DisplayString, + aaacxName4 DisplayString, + aaacxRowStatus RowStatus + } + + + aaacxInterface OBJECT-TYPE + SYNTAX INTEGER ( 1 .. 1 ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "For now, the index is always (1)." + DEFVAL { 1 } + ::= { aaaAcct8021xEntry 1} + + aaacxName1 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the server. + It corresponds to an index value of the aaaServerTable + Only RADIUS server can be used in front hand." + ::= { aaaAcct8021xEntry 2} + + aaacxName2 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the server. + It corresponds to an index value of the aaaServerTable + Only RADIUS server can be used in front hand." + DEFVAL { "" } + ::= { aaaAcct8021xEntry 3} + + aaacxName3 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the server. + It corresponds to an index value of the aaaServerTable + Only RADIUS server can be used in front hand." + DEFVAL { "" } + ::= { aaaAcct8021xEntry 4} + + aaacxName4 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the server. + It corresponds to an index value of the aaaServerTable + Only RADIUS server can be used in front hand." + DEFVAL { "" } + ::= { aaaAcct8021xEntry 5} + + aaacxRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this table entry." + DEFVAL { notInService } + ::= { aaaAcct8021xEntry 6} + + +-- +-- PKI agent configuration +-- + + aaaPkiTable OBJECT-TYPE + SYNTAX SEQUENCE OF AaaPkiEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table shows current configuration for PKI." + ::= { aaaAuthAcctMIB 7 } + + aaaPkiEntry OBJECT-TYPE + SYNTAX AaaPkiEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Configuration for PKI." + INDEX { aaatpInterface } + ::= { aaaPkiTable 1 } + + AaaPkiEntry ::= SEQUENCE + { + aaatpInterface INTEGER, + aaatpName1 DisplayString, + aaatpName2 DisplayString, + aaatpName3 DisplayString, + aaatpName4 DisplayString, + aaatpLevel INTEGER, + aaatpRowStatus RowStatus + } + + + aaatpInterface OBJECT-TYPE + SYNTAX INTEGER ( 1 .. 1 ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "For now, the index is always (1)." + DEFVAL { 1 } + ::= { aaaPkiEntry 1} + + aaatpName1 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the server contening the CRL. + It corresponds to an index value of the aaaServerTable" + ::= { aaaPkiEntry 2} + + aaatpName2 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the server contening the CRL. + It corresponds to an index value of the aaaServerTable" + DEFVAL { "" } + ::= { aaaPkiEntry 3} + + aaatpName3 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the server contening the CRL. + It corresponds to an index value of the aaaServerTable" + DEFVAL { "" } + ::= { aaaPkiEntry 4} + + aaatpName4 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the server contening the CRL. + It corresponds to an index value of the aaaServerTable" + DEFVAL { "" } + ::= { aaaPkiEntry 5} + + aaatpLevel OBJECT-TYPE + SYNTAX INTEGER + { + certificate(1), + notRevoked(2), + repository(3) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "level of control to do on the user certificate. + certificate means that there is a valid chain of certificate between the user certificate and a root certificate known by the switch. The root certificates are managed using specific pki commands. + All certificates are valid and well signed. + not-revoked means that using CRL or other ways configuring using pki commands the non-revocation of the certificate is checked. + repository means that after the precedent control, there is a binary comparison of the certificate on the server and the one received during the authorization (instantaneous revocation possible) + This verification is only possible when the access handler is configured with certificateOnly" + DEFVAL { certificate } + ::= { aaaPkiEntry 6} + + aaatpRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this table entry." + DEFVAL { notInService } + ::= { aaaPkiEntry 7} + + +-- +-- Servers used for MAC based authentication -- + + aaaAuthMACTable OBJECT-TYPE + SYNTAX SEQUENCE OF AaaAuthMACEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table shows current configuration for non-suplicant ( MAC based ) authentication." + ::= { aaaAuthAcctMIB 8 } + + aaaAuthMACEntry OBJECT-TYPE + SYNTAX AaaAuthMACEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "configuration for MAC based authentication." + INDEX { aaatxInterface } + ::= { aaaAuthMACTable 1 } + + AaaAuthMACEntry ::= SEQUENCE + { + aaaMacInterface INTEGER, + aaaMacSrvrName1 DisplayString, + aaaMacSrvrName2 DisplayString, + aaaMacSrvrName3 DisplayString, + aaaMacSrvrName4 DisplayString, + aaaMacSrvrRowStatus RowStatus + } + + + aaaMacInterface OBJECT-TYPE + SYNTAX INTEGER ( 1 .. 1 ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "For now, the index is always (1)." + DEFVAL { 1 } + ::= { aaaAuthMACEntry 1} + + + aaaMacSrvrName1 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the server. + It corresponds to an index value of the aaaServerTable + Only RADIUS server can be used in front hand." + ::= { aaaAuthMACEntry 2} + + aaaMacSrvrName2 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the server. + It corresponds to an index value of the aaaServerTable + Only RADIUS server can be used in front hand." + DEFVAL { "" } + ::= { aaaAuthMACEntry 3} + + aaaMacSrvrName3 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the server. + It corresponds to an index value of the aaaServerTable + Only RADIUS server can be used in front hand." + DEFVAL { "" } + ::= { aaaAuthMACEntry 4} + + aaaMacSrvrName4 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the server. + It corresponds to an index value of the aaaServerTable + Only RADIUS server can be used in front hand." + DEFVAL { "" } + ::= { aaaAuthMACEntry 5} + + + aaaMacSrvrRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this table entry." + DEFVAL { notInService } + ::= { aaaAuthMACEntry 6} + + +-- +-- Accounting configuration table for commands +-- + aaaAcctCmdTable OBJECT-TYPE + SYNTAX SEQUENCE OF AaaAcctCmdEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table stores the commands that will be logged during an accounting session. + This feature is valid only for Tacacs+ accounting" + ::= { aaaAuthAcctMIB 9 } + + aaaAcctCmdEntry OBJECT-TYPE + SYNTAX AaaAcctCmdEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Tacacs+ Accounting configuration for executed commands." + INDEX { aaacmdInterface } + ::= { aaaAcctCmdTable 1 } + + AaaAcctCmdEntry ::= SEQUENCE + { + aaacmdInterface INTEGER, + aaacmdSrvName1 DisplayString, + aaacmdSrvName2 DisplayString, + aaacmdSrvName3 DisplayString, + aaacmdSrvName4 DisplayString, + aaacmdRowStatus RowStatus + } + + aaacmdInterface OBJECT-TYPE + SYNTAX INTEGER ( 1 .. 1 ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "For now, accounting for console, telnet, ftp, http, snmp, ssh are stored + in the same set of servers, the index is always (1)." + DEFVAL { 1 } + ::= { aaaAcctCmdEntry 1} + + + aaacmdSrvName1 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the Tacacs+ server. + Other name correspond to an index value of the aaaServerTable" + ::= { aaaAcctCmdEntry 2} + + aaacmdSrvName2 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the Tacacs+ server used if the precedent is not accessible. + Other name correspond to an index value of the aaaServerTable" + DEFVAL { "" } + ::= { aaaAcctCmdEntry 3} + + aaacmdSrvName3 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the Tacacs+ server used if the precedent is not accessible. + Other name correspond to an index value of the aaaServerTable" + DEFVAL { "" } + ::= { aaaAcctCmdEntry 4} + + aaacmdSrvName4 OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the Tacacs+ server used if the precedent is not accessible. + Other name correspond to an index value of the aaaServerTable" + DEFVAL { "" } + ::= { aaaAcctCmdEntry 5} + + aaacmdRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this table entry." + DEFVAL { notInService } + ::= { aaaAcctCmdEntry 6} + + + +-- +-- user local database configuration table +-- + aaaUserMIB OBJECT IDENTIFIER ::= { alcatelIND1AAAMIBObjects 3 } + + aaaUserTable OBJECT-TYPE + SYNTAX SEQUENCE OF AaaUserEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table shows current configuration for the local user database." + ::= { aaaUserMIB 1 } + + aaaUserEntry OBJECT-TYPE + SYNTAX AaaUserEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An user configuration identified by its user name." + INDEX { aaauUserName } + ::= { aaaUserTable 1 } + + AaaUserEntry ::= SEQUENCE + { + aaauUserName DisplayString, + aaauPassword DisplayString, + aaauReadRight1 Unsigned32, + aaauReadRight2 Unsigned32, + aaauWriteRight1 Unsigned32, + aaauWriteRight2 Unsigned32, + aaauProfile INTEGER, + aaauSnmpLevel INTEGER, + aaauSnmpAuthKey OCTET STRING, + aaauRowStatus RowStatus, + aaauOldPassword DisplayString, + aaauEndUserProfile DisplayString, + aaauPasswordExpirationDate DisplayString, + aaauPasswordExpirationInMinute INTEGER, + aaauPasswordAllowModifyDate DisplayString, + aaauPasswordLockoutEnable INTEGER, + aaauBadAtempts INTEGER + + } + + aaauUserName OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 63 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Name of the user." + ::= { aaaUserEntry 1} + + aaauPassword OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 47 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Password of the user. For get response the password in encoded in a + one way method. This makes the password readable by noone." + ::= { aaaUserEntry 2} + + aaauReadRight1 OBJECT-TYPE + SYNTAX Unsigned32 ( 0 .. 4294967295 ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the families that the user can execute with read right. + Each bit of the 32-bit integer mask represents a command's family + number. When the family bit is set, the user is allowed to run + commands of this family.First part of the bitmask.If the value is + not specified, the value configured for the 'default' user is taken" + ::= { aaaUserEntry 3} + + aaauReadRight2 OBJECT-TYPE + SYNTAX Unsigned32 ( 0 .. 4294967295 ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the families that the user can execute with read right. + Each bit of the 32-bit integer mask represents a command's family + number. When the family bit is set, the user is allowed to run + commands of this family.Second part of the bitmask.If the value is + not specified, the value configured for the 'default' user is taken" + ::= { aaaUserEntry 4} + + + aaauWriteRight1 OBJECT-TYPE + SYNTAX Unsigned32 ( 0 .. 4294967295 ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the families that the user can execute with write right. + Each bit of the 32-bit integer mask represents a command's family + number. When the family bit is set, the user is allowed to run commands of + this family. First part of the bitmask.If the value is + not specified, the value configured for the 'default' user is taken" + ::= { aaaUserEntry 5} + + aaauWriteRight2 OBJECT-TYPE + SYNTAX Unsigned32 ( 0 .. 4294967295 ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the families that the user can execute with write right. + Each bit of the 32-bit integer mask represents a command's family + number. When the family bit is set, the user is allowed to run commands of + this family. Second part of the bitmask.If the value is + not specified, the value configured for the 'default' user is taken" + ::= { aaaUserEntry 6} + + aaauProfile OBJECT-TYPE + SYNTAX INTEGER ( 0 .. 2147483647 ) + MAX-ACCESS read-create + STATUS obsolete + DESCRIPTION + "Specifies the profile number. + A profile number in the user account database represents the geographic + privilege. This number points to an entry in the table of the user profiles." + DEFVAL { 0 } + ::= { aaaUserEntry 7} + + aaauSnmpLevel OBJECT-TYPE + SYNTAX INTEGER + { + no(1), + noauth(2), + sha(3), + md5(4), + shaDes(5), + md5Des(6) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies if the user is authorized to use SNMP and if yes its security level. + no(1) - Not authorized to use SNMP. + noauth(2) - SNMPv1,SNMPv2c or SNMPv3 without authentication. + sha(3) - SNMPv3 with SHA authentication and no encryption. + md5(4) - SNMPv3 with MD5 authentication and no encryption. + sha-des(5) - SNMPv3 with SHA authentication and encryption. + md5-des(6) - SNMPv3 with MD5 authentication and encryption. + If the value is not specified, the value configured for the 'default' user + is taken" + ::= { aaaUserEntry 8} + + aaauSnmpAuthKey OBJECT-TYPE + SYNTAX OCTET STRING ( SIZE( 0 .. 255 ) ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Authentication key of the user. The key is encoded in a two way method. + The encryption key is deducted from this key." + ::= { aaaUserEntry 9} + + aaauRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this table entry." + DEFVAL { notInService } + ::= { aaaUserEntry 10} + + aaauOldPassword OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 47 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Internal use" + ::= { aaaUserEntry 11} + + aaauEndUserProfile OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the END user profile name." + ::= { aaaUserEntry 12} + + aaauPasswordExpirationDate OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 16 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The local time of when the password would be expired. + This date will be reset once the value of + aaaAsaDefaultPasswordExpirationInDays is updated. + + Only the following format is valid: + + mm/dd/yyyy hh:mm + + where + mm - month (1-12) + dd - day (1-31) + yyyy - year (2000-2050) + hh - hour (1-24) + mm - minute (1-59) + + Password will not be expired if set to empty string" + ::= { aaaUserEntry 13} + + aaauPasswordExpirationInMinute OBJECT-TYPE + SYNTAX INTEGER ( -1 .. 216000 ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Number of minutes from now till the password expiration time. + Setting this object will update aaauPasswordExpirationDate. + If -1, password will not be expired. + If 0, password has been expired." + ::= { aaaUserEntry 14} + + aaauPasswordAllowModifyDate OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 16 ) ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The local time of when the password can be start to be modified. + This date will be reset once the value of + aaauPasswordAllowModifyDate is updated. + + Only the following format is valid: + + mm/dd/yyyy hh:mm + + where + mm - month (1-12) + dd - day (1-31) + yyyy - year (2000-2050) + hh - hour (1-24) + mm - minute (1-59) + + Password will not be expired if set to empty string" + ::= { aaaUserEntry 15} + + aaauPasswordLockoutEnable OBJECT-TYPE + SYNTAX INTEGER {lockout(1),unlock(2),expired(3)} + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Indicate whether this account is locked out." + DEFVAL { unlock } + ::= { aaaUserEntry 16} + + aaauBadAtempts OBJECT-TYPE + SYNTAX INTEGER ( 0 .. 999 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number bad password attempts in the observation window." + DEFVAL { 0 } + ::= { aaaUserEntry 17} + +-- +-- Authenticated users table +-- + + aaaAuthenticatedUserTable OBJECT-TYPE + SYNTAX SEQUENCE OF AaaAuthenticatedUserEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Provide the list of users currently authenticated into the + switch for bridging purpose." + ::= { alcatelIND1AAAMIBObjects 4 } + + aaaAuthenticatedUserEntry OBJECT-TYPE + SYNTAX AaaAuthenticatedUserEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the AaaAuthenticatedUserTable." + INDEX {aaaaMacAddress} + ::= { aaaAuthenticatedUserTable 1 } + + AaaAuthenticatedUserEntry ::= SEQUENCE + { + aaaaMacAddress MacAddress, + aaaaUserName DisplayString, + aaaaSlot INTEGER, + aaaaPort INTEGER, + aaaaVlan INTEGER, + aaaaDrop INTEGER + } + + aaaaMacAddress OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Mac address of the user's device." + ::= { aaaAuthenticatedUserEntry 1 } + + aaaaUserName OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 32 ) ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Login name of the user." + ::= { aaaAuthenticatedUserEntry 2 } + + aaaaSlot OBJECT-TYPE + SYNTAX INTEGER ( 0 .. 2147483647 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Slot number on which user is connected." + ::= { aaaAuthenticatedUserEntry 3 } + + aaaaPort OBJECT-TYPE + SYNTAX INTEGER ( 0 .. 2147483647 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Port number on which the user is connected." + ::= { aaaAuthenticatedUserEntry 4 } + + aaaaVlan OBJECT-TYPE + SYNTAX INTEGER ( 0 .. 65535 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Vlan number on which the user is authenticated." + ::= { aaaAuthenticatedUserEntry 5 } + + aaaaDrop OBJECT-TYPE + SYNTAX INTEGER { true(1), false(2) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Allow to remove a Mac address from a Vlan. + The corresponding user is logged out of the network." + DEFVAL { false } + ::= { aaaAuthenticatedUserEntry 6 } + + + +-- Authenticated vlan specific configuration MIB + + aaaAvlanConfig OBJECT IDENTIFIER ::= { alcatelIND1AAAMIBObjects 5 } + +-- +-- Authenticated vlan configuration group +-- + + aaaAvlanDnsName OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 0 .. 255 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Dns name used to get the authentication Web + page when authenticating using http." + ::= { aaaAvlanConfig 1} + + + aaaAvlanDhcpDefGateway OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "IP address that is used as the DHCP gateway address + before the user get authenticated.It specifies the subnet + into which a client receives its IP address prior to + authentication" + ::= { aaaAvlanConfig 2} + + aaaAvlanDefaultTraffic OBJECT-TYPE + SYNTAX INTEGER + { + ns(0), + true(1), + false(2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Enable the traffic in the default vlan prior to authentication + if the value is true" + ::= { aaaAvlanConfig 3} + + aaaAvlanPortBound OBJECT-TYPE + SYNTAX INTEGER + { + ns(0), + true(1), + false(2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Associate a MAC address to a specific Vlan on an authenticated + port (printers, ...)" + ::= { aaaAvlanConfig 4} + + aaaAvlanLanguage OBJECT-TYPE + SYNTAX INTEGER + { + ns(0), + true(1), + false(2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Force to read the language specific file for HTTP AVLAN (label.txt)" + ::= { aaaAvlanConfig 5} + + +-- ASA specific configuration MIB + + aaaAsaConfig OBJECT IDENTIFIER ::= { alcatelIND1AAAMIBObjects 6 } + +-- +-- ASA configuration group +-- + + aaaAsaPasswordSizeMin OBJECT-TYPE + SYNTAX INTEGER ( 0 .. 14 ) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Minimum number of digits of the passwords + ( nominator aaauPassword)." + DEFVAL { 0 } + ::= { aaaAsaConfig 1} + + aaaAsaDefaultPasswordExpirationInDays OBJECT-TYPE + SYNTAX INTEGER ( 0 .. 150 ) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Default password expiration time in days to be applied to all users. + Updating this object will reset aaauPasswordExpirationDate. + Password expiration will not be enforced if set to 0." + DEFVAL { 0 } + ::= { aaaAsaConfig 2} + + aaaAsaPasswordContainUserName OBJECT-TYPE + SYNTAX INTEGER {enable(1),disable(2)} + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Indicate whether check password contains username or not." + DEFVAL { disable } + ::= { aaaAsaConfig 3} + + aaaAsaPasswordMinUpperCase OBJECT-TYPE + SYNTAX INTEGER ( 0 .. 7 ) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Minimum number of English uppercase characters required for password. 0 is disable" + DEFVAL { 0 } + ::= { aaaAsaConfig 4} + + aaaAsaPasswordMinLowerCase OBJECT-TYPE + SYNTAX INTEGER ( 0 .. 7 ) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Minimum number of English lowercase characters required for password 0 is disable." + DEFVAL { 0 } + ::= { aaaAsaConfig 5} + + aaaAsaPasswordMinDigit OBJECT-TYPE + SYNTAX INTEGER ( 0 .. 7 ) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Minimum number of base-10 digits required for password. 0 is disable" + DEFVAL { 0 } + ::= { aaaAsaConfig 6} + + aaaAsaPasswordMinNonAlphan OBJECT-TYPE + SYNTAX INTEGER ( 0 .. 7 ) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Minimum number of non-alphanumeric required for password. 0 is disable" + DEFVAL { 0 } + ::= { aaaAsaConfig 7} + + aaaAsaPasswordHistory OBJECT-TYPE + SYNTAX INTEGER ( 0 .. 24 ) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Password history feature will prevent users from repeatedly using the same password. 0 is disable" + DEFVAL { 4 } + ::= { aaaAsaConfig 8} + + aaaAsaPasswordMinAge OBJECT-TYPE + SYNTAX INTEGER ( 0 .. 150 ) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The password can't be modified in these days. 0 is disable" + DEFVAL { 0 } + ::= { aaaAsaConfig 9} + + aaaAsaLockoutWindow OBJECT-TYPE + SYNTAX INTEGER ( 0 .. 99999 ) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The window of time in which the system increments the bad logon count.(minutes) 0 is disable" + DEFVAL { 0 } + ::= { aaaAsaConfig 10} + + aaaAsaLockoutDuration OBJECT-TYPE + SYNTAX INTEGER ( 0 .. 99999 ) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The amount of time that an account is locked due to the aaauLockoutThreshold being exceeded.(minutes) 0 is disable" + DEFVAL { 0 } + ::= { aaaAsaConfig 11} + + aaaAsaLockoutThreshold OBJECT-TYPE + SYNTAX INTEGER ( 0 .. 999 ) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The number of invalid logon attempts that are permitted before the account is locked out. 0 is disable" + DEFVAL { 0 } + ::= { aaaAsaConfig 12} + + aaaAsaROUserPingTrtEnable OBJECT-TYPE + SYNTAX INTEGER { + disable (0), + enable (1) + } + MAX-ACCESS read-write + STATUS obsolete + DESCRIPTION + "Global user config to allow/deny ping + and traceroute cmds for read-only user. + 0 - disable + 1 - enable " + DEFVAL { disable } + ::= { aaaAsaConfig 13} + + aaaAsaAccessPolicyAdminConsoleOnly OBJECT-TYPE + SYNTAX INTEGER {enable(1),disable(2)} + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Enable or disable AdminUser console only restriction" + DEFVAL { disable } + ::= { aaaAsaConfig 14} + +-- Authenticated IP address vlan specific configuration MIB + + aaaAvlanAddressTable OBJECT-TYPE + SYNTAX SEQUENCE OF AaaAvlanAddressEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Vlan authenticated IP address Table" + ::= { alcatelIND1AAAMIBObjects 7 } + + aaaAvlanAddressEntry OBJECT-TYPE + SYNTAX AaaAvlanAddressEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Vlan authenticated IP address entry" + INDEX {aaaAvlanId} + ::= { aaaAvlanAddressTable 1 } + + AaaAvlanAddressEntry ::= SEQUENCE + { + aaaAvlanId INTEGER, + aaaAvlanIpAddress IpAddress + + } + + aaaAvlanId OBJECT-TYPE + SYNTAX INTEGER ( 1 .. 4094 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Vlan Id corresponding to the authenticated IP address" + ::= { aaaAvlanAddressEntry 1 } + + aaaAvlanIpAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Authenticated IP address for this vlan id" + ::= { aaaAvlanAddressEntry 2} + + + +-- User Network Profile Table configuration MIB + + aaaUserNetProfileTable OBJECT-TYPE + SYNTAX SEQUENCE OF AaaUserNetProfileEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "User Network Profile Table" + ::= { alcatelIND1AAAMIBObjects 8 } + + aaaUserNetProfileEntry OBJECT-TYPE + SYNTAX AaaUserNetProfileEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "User Network Profile entry" + INDEX {aaaUserNetProfileName} + ::= { aaaUserNetProfileTable 1 } + + AaaUserNetProfileEntry ::= SEQUENCE + { + aaaUserNetProfileName DisplayString, + aaaUserNetProfileVlanID INTEGER, + aaaUserNetProfileRowStatus RowStatus, + aaaUserNetProfileHICflag INTEGER, + aaaUserNetProfileQosPolicyListName DisplayString + } + + aaaUserNetProfileName OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 1 .. 32 ) ) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The name of this profile." + ::= { aaaUserNetProfileEntry 1 } + + aaaUserNetProfileVlanID OBJECT-TYPE + SYNTAX INTEGER (1 .. 4094) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The VLAN id for this profile." + ::= { aaaUserNetProfileEntry 2} + + aaaUserNetProfileRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this table entry." + ::= { aaaUserNetProfileEntry 3} + + aaaUserNetProfileHICflag OBJECT-TYPE + SYNTAX INTEGER (1 .. 2) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The flag to indicate if HIC is enabled (1) or disabled (2)." + ::= { aaaUserNetProfileEntry 4} + + aaaUserNetProfileQosPolicyListName OBJECT-TYPE + SYNTAX DisplayString ( SIZE( 1 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The name of the QoS Policy List name that will be used if this + User Network Profile is applied for a given device along with + aaaUserNetProfileVlanID." + ::= { aaaUserNetProfileEntry 5 } + + + + +-- Radius Agent IP Information + + aaaRadAgentConfig OBJECT-TYPE + SYNTAX INTEGER (1 .. 3) + MAX-ACCESS read-write + STATUS obsolete + DESCRIPTION + "The Agent Config Information + 1 -- Default(Loopback0 or closest IP) + 2 -- Non Loopback0 + 3 -- Interface IP Specified by User + This object has been obsoleted. Use the alaIpManagedIntfEntry objects + in AlcatelIND1Ip.mib" + DEFVAL { 1 } + ::= { alcatelIND1AAAMIBObjects 9} + + aaaRadAgentIP OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-write + STATUS obsolete + DESCRIPTION + "The Agent IP Address in Radius Packets. + This object has been obsoleted. Use the alaIpManagedIntfEntry + objects in AlcatelIND1Ip.mib" + ::= { alcatelIND1AAAMIBObjects 10} + + +-- START: AAA HIC-Related MIB ------------------ + aaaHicConfig OBJECT IDENTIFIER ::= { alcatelIND1AAAMIBObjects 11 } + +-- HIC Server Table MIB -- + + aaaHicSvrTable OBJECT-TYPE + SYNTAX SEQUENCE OF AaaHicSvrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table shows current configuration for each HIC server." + ::= { aaaHicConfig 1 } + + aaaHicSvrEntry OBJECT-TYPE + SYNTAX AaaHicSvrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A HIC server configuration." + INDEX { aaaHicSvrName } + ::= { aaaHicSvrTable 1 } + + AaaHicSvrEntry ::= SEQUENCE + { + aaaHicSvrName SnmpAdminString, + aaaHicSvrIpAddr IpAddress, + aaaHicSvrPort INTEGER, + aaaHicSvrKey SnmpAdminString, + aaaHicSvrRowStatus RowStatus, + aaaHicSvrStatus INTEGER + } + + aaaHicSvrName OBJECT-TYPE + SYNTAX SnmpAdminString ( SIZE( 1 .. 31 ) ) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Name of the server. + This name is given by the operator to refer the server." + ::= { aaaHicSvrEntry 1} + + aaaHicSvrIpAddr OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "IP address of the server host." + ::= { aaaHicSvrEntry 2} + + + aaaHicSvrPort OBJECT-TYPE + SYNTAX INTEGER ( 1025 .. 65535 ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "For HIC server only. Port number for HIC request" + DEFVAL { 11707 } + ::= { aaaHicSvrEntry 3} + + aaaHicSvrKey OBJECT-TYPE + SYNTAX SnmpAdminString ( SIZE( 1 .. 31 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The shared secret is a string of characters known to the switch + and to the HIC server. It is used to compute the digest to + preserve the integrity between the HIC server and the AoS Switch. + The secret is stored encrypted using a two way algorithm." + ::= { aaaHicSvrEntry 4} + + aaaHicSvrRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this table entry." + ::= { aaaHicSvrEntry 5} + + aaaHicSvrStatus OBJECT-TYPE + SYNTAX INTEGER {down(1), up(2)} + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "HIC server status." + DEFVAL { down } + ::= { aaaHicSvrEntry 6} + + +-- HIC Allowed/Exception IP Table MIB -- + + aaaHicAllowedTable OBJECT-TYPE + SYNTAX SEQUENCE OF AaaHicAllowedEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table contains the list of allowed/exception IP Addresses the + the HIC hosts allowed to access during HIC. Those are the IP addresses + of the Remediation/Patch servers, and the Web Agent Download server." + ::= { aaaHicConfig 2 } + + aaaHicAllowedEntry OBJECT-TYPE + SYNTAX AaaHicAllowedEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A Remediation server configuration." + INDEX { aaaHicAllowedName } + ::= { aaaHicAllowedTable 1 } + + AaaHicAllowedEntry ::= SEQUENCE + { + aaaHicAllowedName SnmpAdminString, + aaaHicAllowedIpAddr IpAddress, + aaaHicAllowedIpMask IpAddress, + aaaHicAllowedRowStatus RowStatus + } + + aaaHicAllowedName OBJECT-TYPE + SYNTAX SnmpAdminString ( SIZE( 1 .. 31 ) ) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Name of the server. + This name is given by the operator to refer the server." + ::= { aaaHicAllowedEntry 1} + + aaaHicAllowedIpAddr OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "IP address of the allowed entry." + ::= { aaaHicAllowedEntry 2} + + aaaHicAllowedIpMask OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "IP Mask of the allowed entry." + DEFVAL { 'ffffffff'h } + ::= { aaaHicAllowedEntry 3} + + aaaHicAllowedRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this table entry." + ::= { aaaHicAllowedEntry 4} + +-- HIC Override MAC Table MIB -- + + aaaHicOverrideTable OBJECT-TYPE + SYNTAX SEQUENCE OF AaaHicOverrideEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table shows list of MAC addresses that overrides the + existing HIC status." + ::= { aaaHicConfig 3 } + + aaaHicOverrideEntry OBJECT-TYPE + SYNTAX AaaHicOverrideEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "HIC MAC override list configuration." + INDEX { aaaHicOverrideMac } + ::= { aaaHicOverrideTable 1 } + + AaaHicOverrideEntry ::= SEQUENCE + { + aaaHicOverrideMac MacAddress, + aaaHicOverrideStatus INTEGER, + aaaHicOverrideRowStatus RowStatus + } + + aaaHicOverrideMac OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Static MAC address index to each override entry." + ::= { aaaHicOverrideEntry 1} + + aaaHicOverrideStatus OBJECT-TYPE + SYNTAX INTEGER {enforce(1),bypass(2)} + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Overriding status of each static MAC address." + DEFVAL { enforce } + ::= { aaaHicOverrideEntry 2} + + aaaHicOverrideRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this table entry." + ::= { aaaHicOverrideEntry 3} + + +-- HIC Host Table MIB -- + + aaaHicHostTable OBJECT-TYPE + SYNTAX SEQUENCE OF AaaHicHostEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table shows list of HIC Hosts and their active HIC status." + ::= { aaaHicConfig 4 } + + aaaHicHostEntry OBJECT-TYPE + SYNTAX AaaHicHostEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "HIC Host status information." + INDEX { aaaHicHostMac } + ::= { aaaHicHostTable 1 } + + AaaHicHostEntry ::= SEQUENCE + { + aaaHicHostMac MacAddress, + aaaHicHostStatus INTEGER + } + + aaaHicHostMac OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Static MAC address index to each override entry." + ::= { aaaHicHostEntry 1} + + aaaHicHostStatus OBJECT-TYPE + SYNTAX INTEGER {inprogress(1),success(2),fail(3),timeout(4)} + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "HIC status of each HIC Host." + DEFVAL { fail } + ::= { aaaHicHostEntry 2} + +-- Global HIC Configuration Information -- + aaaHicConfigInfo OBJECT IDENTIFIER ::= { aaaHicConfig 5 } + + aaaHicStatus OBJECT-TYPE + SYNTAX INTEGER {enable(1), disable(2)} + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "HIC Status. The HIC server has to be configured before HIC + can be enabled." + DEFVAL { disable } + ::= { aaaHicConfigInfo 1} + + aaaHicAllowed1Name OBJECT-TYPE + SYNTAX SnmpAdminString ( SIZE( 0 .. 31 ) ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Name of the rem server. + This name is given by the operator to refer the remediation server." + ::= { aaaHicConfigInfo 2} + + aaaHicAllowed2Name OBJECT-TYPE + SYNTAX SnmpAdminString ( SIZE( 0 .. 31 ) ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Name of the rem server. + This name is given by the operator to refer the alternate remediation server." + ::= { aaaHicConfigInfo 3} + + aaaHicAllowed3Name OBJECT-TYPE + SYNTAX SnmpAdminString ( SIZE( 0 .. 31 ) ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Name of the rem server. + This name is given by the operator to refer the alternate remediation server." + ::= { aaaHicConfigInfo 4} + + aaaHicAllowed4Name OBJECT-TYPE + SYNTAX SnmpAdminString ( SIZE( 0 .. 31 ) ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Name of the rem server. + This name is given by the operator to refer the alternate remediation server." + ::= { aaaHicConfigInfo 5 } + + aaaHicWebAgentDownloadUrl OBJECT-TYPE + SYNTAX SnmpAdminString ( SIZE( 0 .. 127 ) ) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The URL for web agent download." + ::= { aaaHicConfigInfo 6} + + aaaHicCustomHttpProxyPort OBJECT-TYPE + SYNTAX INTEGER ( 1025 .. 65535 ) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The custom HTTP port for QoS to intercept the host's initial HTTP request." + DEFVAL { 8080 } + ::= { aaaHicConfigInfo 7} + + + + +-- END: AAA HIC-Related MIB ------------------ + + + + -- AAA Classification IP network address rule *** + + aaaUNPIpNetRuleTable OBJECT-TYPE + SYNTAX SEQUENCE OF AaaUNPIpNetRuleEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of IP network address rules. This is used to match + the InetAddress of a packet to a User Network Profile entry." + ::= { alcatelIND1AAAMIBObjects 12 } + + aaaUNPIpNetRuleEntry OBJECT-TYPE + SYNTAX AaaUNPIpNetRuleEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An IP network address rule entry." + INDEX { aaaUNPIpNetRuleAddrType, + aaaUNPIpNetRuleAddr, + aaaUNPIpNetRuleMask } + ::= { aaaUNPIpNetRuleTable 1 } + + AaaUNPIpNetRuleEntry ::= SEQUENCE { + aaaUNPIpNetRuleAddrType + InetAddressType, + aaaUNPIpNetRuleAddr + InetAddress, + aaaUNPIpNetRuleMask + InetAddress, + aaaUNPIpNetRuleProfileName + SnmpAdminString, + aaaUNPIpNetRuleRowStatus + RowStatus + } + + aaaUNPIpNetRuleAddrType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IP network address type used for VLAN classification. For now + Only IPv4 is supported." + ::= { aaaUNPIpNetRuleEntry 1 } + + aaaUNPIpNetRuleAddr OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IP network address used for VLAN classification. Only IPv4 is + supported." + ::= { aaaUNPIpNetRuleEntry 2 } + + aaaUNPIpNetRuleMask OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IP network mask applying to the IP network address." + ::= { aaaUNPIpNetRuleEntry 3 } + + + aaaUNPIpNetRuleProfileName OBJECT-TYPE + SYNTAX SnmpAdminString ( SIZE( 1 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The profile name in the User Network Profile Table to be + applied." + ::= { aaaUNPIpNetRuleEntry 4 } + + aaaUNPIpNetRuleRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Row Status for creating/deleting rules." + ::= { aaaUNPIpNetRuleEntry 5 } + + -- xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx + + + -- AAA Classification MAC address rule *** + + aaaUNPMacRuleTable OBJECT-TYPE + SYNTAX SEQUENCE OF AaaUNPMacRuleEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of MAC address rules. This is used to match + the MAC Address of a packet to a User Network Profile entry " + ::= { alcatelIND1AAAMIBObjects 13 } + + aaaUNPMacRuleEntry OBJECT-TYPE + SYNTAX AaaUNPMacRuleEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A MAC rule entry." + INDEX {aaaUNPMacRuleAddr } + ::= { aaaUNPMacRuleTable 1 } + + AaaUNPMacRuleEntry ::= SEQUENCE { + aaaUNPMacRuleAddr + MacAddress, + aaaUNPMacRuleProfileName + SnmpAdminString, + aaaUNPMacRuleRowStatus + RowStatus + } + + aaaUNPMacRuleAddr OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The MAC address used for VLAN classification." + ::= { aaaUNPMacRuleEntry 1 } + + aaaUNPMacRuleProfileName OBJECT-TYPE + SYNTAX SnmpAdminString ( SIZE( 1 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The profile name in the User Network Profile Table to be + applied." + ::= { aaaUNPMacRuleEntry 2 } + + aaaUNPMacRuleRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Row Status for creating/deleting rules." + ::= { aaaUNPMacRuleEntry 3 } + + -- xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx + + -- AAA Classification MAC range rule *** + + aaaUNPMacRangeRuleTable OBJECT-TYPE + SYNTAX SEQUENCE OF AaaUNPMacRangeRuleEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of MAC range rules. This is used to match + the MAC Address Range of a packet to a User Network Profile entry." + ::= { alcatelIND1AAAMIBObjects 14 } + + aaaUNPMacRangeRuleEntry OBJECT-TYPE + SYNTAX AaaUNPMacRangeRuleEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A MAC range rule entry." + INDEX {aaaUNPMacRangeRuleLoAddr } + ::= { aaaUNPMacRangeRuleTable 1 } + + AaaUNPMacRangeRuleEntry ::= SEQUENCE { + aaaUNPMacRangeRuleLoAddr + MacAddress, + aaaUNPMacRangeRuleHiAddr + MacAddress, + aaaUNPMacRangeRuleProfileName + SnmpAdminString, + aaaUNPMacRangeRuleRowStatus + RowStatus + } + + aaaUNPMacRangeRuleLoAddr OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The lower bound of MAC address range used for VLAN classification." + ::= { aaaUNPMacRangeRuleEntry 1 } + + aaaUNPMacRangeRuleHiAddr OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The upper bound of MAC address range used for VLAN classification." + ::= { aaaUNPMacRangeRuleEntry 2 } + + aaaUNPMacRangeRuleProfileName OBJECT-TYPE + SYNTAX SnmpAdminString ( SIZE( 1 .. 32 ) ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The profile name in the User Network Profile Table to be + applied." + ::= { aaaUNPMacRangeRuleEntry 3 } + + aaaUNPMacRangeRuleRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Row Status for creating/deleting rules." + ::= { aaaUNPMacRangeRuleEntry 4 } + +-- +-- AAA-HIC Trap description +-- + +alaAaaTrapsDesc OBJECT IDENTIFIER ::= { alaAaaTraps 1 } +alaAaaTrapsDescRoot OBJECT IDENTIFIER ::= { alaAaaTrapsDesc 0 } +alaAaaTrapsObj OBJECT IDENTIFIER ::= { alaAaaTraps 2 } + + aaaHicServerTrap NOTIFICATION-TYPE + OBJECTS { + aaaHSvrIpAddress + } + STATUS current + DESCRIPTION + "AAA HIC server down Trap is sent when the HIC server is down." + ::= {alaAaaTrapsDescRoot 1 } + +-- +-- Object used in the trap +-- + + aaaHSvrIpAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION "HIC/Rem/WebDL server's IP address." + ::= { alaAaaTrapsObj 1 } + + +-- +-- Compliance Statements +-- + + alcatelIND1AAAMIBCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "Compliance statement for + Authentication, Authorization, and Accounting (AAA) Subsystem." + MODULE -- this module + + MANDATORY-GROUPS + { + aaaServerMIBGroup, + aaaAuthAcctGroup, + aaaUserMIBGroup + } + + ::= { alcatelIND1AAAMIBCompliances 1 } + + +-- +-- Units Of Conformance +-- + + aaaServerMIBGroup OBJECT-GROUP + OBJECTS + { + aaasName, -- Server configuration table + aaasProtocol, + aaasHostName, + aaasIpAddress, + aaasHostName2, + aaasIpAddress2, + aaasRetries, + aaasTimout, + aaasRadKey, + aaasRadAuthPort, + aaasRadAcctPort, + aaasLdapPort, + aaasLdapDn, + aaasLdapPasswd, + aaasLdapSearchBase, + aaasLdapServType, + aaasLdapEnableSsl, + aaasAceClear, + aaasRowStatus, + aaasTacacsKey, + aaasTacacsPort, + aaasHttpPort, + aaasHttpDirectory, + aaasHttpProxyHostName, + aaasHttpProxyIpAddress, + aaasHttpProxyPort, + aaasVrfName + } + STATUS current + DESCRIPTION + "Collection of objects for management of AAA Server." + ::= { alcatelIND1AAAMIBGroups 1 } + + + aaaAuthAcctGroup OBJECT-GROUP + OBJECTS + { + aaatvVlan, -- Authenticated Vlan configuration table + aaatvName1, + aaatvName2, + aaatvName3, + aaatvName4, + aaatvRowStatus, + aaatvCertificate, + + aaatsInterface, -- Authenticated switch access configuration table + aaatsName1, + aaatsName2, + aaatsName3, + aaatsName4, + aaatsRowStatus, + aaatsCertificate, + + aaacvVlan, -- Accounting configuration table for vlan + aaacvName1, + aaacvName2, + aaacvName3, + aaacvName4, + aaacvRowStatus, + + aaacsInterface, -- Accounting configuration table for switch accesses + aaacsName1, + aaacsName2, + aaacsName3, + aaacsName4, + aaacsRowStatus, + + aaatxInterface, -- Authentication configuration table for 802.1x + aaatxName1, + aaatxName2, + aaatxName3, + aaatxName4, + aaatxOpen, + aaatxRowStatus, + + aaacxInterface, -- Accounting configuration table for 802.1x + aaacxName1, + aaacxName2, + aaacxName3, + aaacxName4, + aaacxRowStatus, + + aaatpInterface, -- PKI agent configuration + aaatpName1, + aaatpName2, + aaatpName3, + aaatpName4, + aaatpLevel, + aaatpRowStatus, + + aaacmdInterface, + aaacmdSrvName1, + aaacmdSrvName2, + aaacmdSrvName3, + aaacmdSrvName4, + aaacmdRowStatus +} + STATUS current + DESCRIPTION + "Collection of objects for management of AAA Authentication Accounting." + ::= { alcatelIND1AAAMIBGroups 2 } + + + aaaUserMIBGroup OBJECT-GROUP + OBJECTS + { + aaauUserName, -- User local database configuration table + aaauPassword, + aaauReadRight1, + aaauReadRight2, + aaauWriteRight1, + aaauWriteRight2, + aaauProfile, + aaauSnmpLevel, + aaauSnmpAuthKey, + aaauRowStatus, + aaauOldPassword, + aaauEndUserProfile, + aaauPasswordExpirationDate, + aaauPasswordExpirationInMinute, + aaauPasswordAllowModifyDate, + aaauPasswordLockoutEnable , + aaauBadAtempts, + aaaAsaPasswordSizeMin, -- ASA specific configuration MIB + aaaAsaDefaultPasswordExpirationInDays, + aaaAsaPasswordContainUserName, + aaaAsaPasswordMinUpperCase, + aaaAsaPasswordMinLowerCase, + aaaAsaPasswordMinDigit, + aaaAsaPasswordMinNonAlphan, + aaaAsaPasswordHistory, + aaaAsaPasswordMinAge, + aaaAsaLockoutWindow, + aaaAsaLockoutDuration, + aaaAsaLockoutThreshold, + aaaAsaROUserPingTrtEnable, + aaaAsaAccessPolicyAdminConsoleOnly + } + STATUS current + DESCRIPTION + "Collection of objects for management of AAA User Local Database." + ::= { alcatelIND1AAAMIBGroups 3 } + + aaaHicGroup OBJECT-GROUP + OBJECTS + { + -- HIC Server table + aaaHicSvrIpAddr, + aaaHicSvrPort, + aaaHicSvrKey, + aaaHicSvrRowStatus, + aaaHicSvrStatus, + -- Allowed/Exception IP Address table + aaaHicAllowedIpAddr, + aaaHicAllowedRowStatus, + -- HIC Override table + aaaHicOverrideStatus, + aaaHicOverrideRowStatus, + -- HIC Host status table + aaaHicHostStatus, + aaaHicStatus, -- Global HIC config data + aaaHicAllowed1Name, + aaaHicAllowed2Name, + aaaHicAllowed3Name, + aaaHicAllowed4Name, + aaaHicWebAgentDownloadUrl, + aaaHicCustomHttpProxyPort + } + STATUS current + DESCRIPTION + "Collection of objects for management of AAA HIC." + ::= { alcatelIND1AAAMIBGroups 4 } + + aaaTrapsGroup NOTIFICATION-GROUP + NOTIFICATIONS { + aaaHicServerTrap + } + STATUS current + DESCRIPTION + "Collection of Traps for AAA HIC servers." + ::= { alcatelIND1AAAMIBGroups 5 } + +END -- cgit v1.2.3