1-- This file is corresponding to Release 9.1.10.101 from 2014/08/11 00:00:00
2
3
4-- (C)opyright 2004-2014 bintec elmeg GmbH, All Rights Reserved
5--  $RCSfile: mibtacacsp,v $
6-- $Revision: 1.7 $
7
8BIANCA-BRICK-TACACSP-MIB DEFINITIONS ::= BEGIN
9
10        IMPORTS
11            Counter, IpAddress, enterprises
12                FROM RFC1155-SMI
13
14            DisplayString
15                FROM RFC1158-MIB
16
17            OBJECT-TYPE
18                FROM RFC-1212;
19
20    bintec 	OBJECT IDENTIFIER ::= { enterprises 272 }
21    bintecsec 	OBJECT IDENTIFIER ::= { bintec 254 }
22    tacacsp	OBJECT IDENTIFIER
23		::= { bintecsec  13 }
24
25	tacacspServerTable OBJECT-TYPE
26	    SYNTAX  SEQUENCE OF TacacspServerEntry
27	    ACCESS  not-accessible
28	    STATUS  mandatory
29	    DESCRIPTION
30		""
31	::= { tacacsp 1 }
32
33	tacacspServerEntry OBJECT-TYPE
34	    SYNTAX  TacacspServerEntry
35	    ACCESS  not-accessible
36	    STATUS  mandatory
37	    DESCRIPTION
38		""
39	    INDEX { tacacspSrvPriority }
40	::= { tacacspServerTable 1 }
41
42	TacacspServerEntry ::=
43	    SEQUENCE {
44		tacacspSrvPriority			INTEGER,
45		tacacspSrvAddress			IpAddress,
46		tacacspSrvTcpPort			INTEGER,
47		tacacspSrvSecret			DisplayString,
48		tacacspSrvTimeout			INTEGER,
49--		tacacspSrvRetries			INTEGER,
50		tacacspSrvAdminStatus			INTEGER,
51		tacacspSrvOperStatus			INTEGER,
52		tacacspSrvPolicy			INTEGER,
53		tacacspSrvEncrMode			INTEGER,
54		tacacspSrvMultiSession			INTEGER,
55--		tacacspSrvKeepalive			INTEGER,
56		tacacspSrvPppAuth			INTEGER,
57		tacacspSrvLoginAuth			INTEGER,
58		tacacspSrvAccounting			INTEGER,
59		tacacspSrvBlockTimeout			INTEGER,
60		tacacspSrvAuthentNoResp			INTEGER,
61		tacacspSrvAuthentNegResp		INTEGER,
62		tacacspSrvPrivLvlOnLogin		INTEGER
63	    }
64
65	tacacspSrvPriority OBJECT-TYPE
66	    SYNTAX  INTEGER (0..9)
67	    ACCESS  read-write
68	    STATUS  mandatory
69
70	    DESCRIPTION
71		"The TACACS+ server with the lowest priority is the first
72		 used for an TACACS+ AAA request. If there is no response
73		 or the access was denied (in the non-authoritave case only,
74		 see also tacacspSrvPolicy) the TACACS+ server with the next
75		 lowest priority will be used. The default value is 0."
76	    DEFVAL { 0 }
77	::= { tacacspServerEntry 1 }
78
79	tacacspSrvAddress OBJECT-TYPE
80	    SYNTAX  IpAddress
81	    ACCESS  read-write
82	    STATUS  mandatory
83
84	    DESCRIPTION
85		"The TACACS+ server IP address."
86	::= { tacacspServerEntry 2 }
87
88	tacacspSrvTcpPort OBJECT-TYPE
89	    SYNTAX  INTEGER
90	    ACCESS  read-only
91	    STATUS  mandatory
92
93	    DESCRIPTION
94		"The Login Host Protocol (TACACS) TCP port assigned
95	   	 by the IANA."
96	    DEFVAL { 49 }
97	::= { tacacspServerEntry 3 }
98
99	tacacspSrvSecret OBJECT-TYPE
100	    SYNTAX  DisplayString
101	    ACCESS  read-write
102	    STATUS  mandatory
103
104	    DESCRIPTION
105		"The shared secret between the TACACS+ server and the NAS
106		 (encryption key in the TACACS+ server's configuration file)."
107	    DEFVAL { "" }
108	::= { tacacspServerEntry 4 }
109
110	tacacspSrvTimeout OBJECT-TYPE
111	    SYNTAX  INTEGER (1..60)
112	    ACCESS  read-write
113	    STATUS  mandatory
114
115	    DESCRIPTION
116		"The amount of seconds waiting for an outstanding TACACS+
117		 response. Default is three seconds."
118	    DEFVAL { 3 }
119	::= { tacacspServerEntry 5 }
120
121--	tacacspSrvRetries OBJECT-TYPE
122--	    SYNTAX  INTEGER (0..10)
123--	    ACCESS  read-write
124--	    STATUS  mandatory
125--
126--	    DESCRIPTION
127--		"The number of retries sent for each request."
128--	    DEFVAL { 1 }
129--	::= { tacacspServerEntry 6 }
130
131	tacacspSrvAdminStatus OBJECT-TYPE
132	    SYNTAX  INTEGER {
133			up(1),
134			down(2),
135			delete(3)
136		}
137	    ACCESS  read-write
138	    STATUS  mandatory
139
140	    DESCRIPTION
141		"The administrative status of this TACACS+ server entry,
142		 if set to up(1) the associated server will be used
143		 for authentication, authorization and accounting according
144		 the priority (see tacacspSrvPriority) and the current
145		 operational status (see tacacspSrvOperStatus). Otherwise
146		 this entry will not be considered for TACACS+ AAA requests."
147	    DEFVAL { up }
148	::= { tacacspServerEntry 7 }
149
150	tacacspSrvOperStatus OBJECT-TYPE
151	    SYNTAX  INTEGER {
152			up(1),
153			blocked(2),
154			down(3)
155		}
156	    ACCESS  read-only
157	    STATUS  mandatory
158
159	    DESCRIPTION
160		"The operational status of this TACACS+ server entry, the
161		 status blocked will be set after a failed TACACS+ request.
162		 If set to blocked(2) or down(3) this entry will not be
163		 considered for TACACS+ AAA requests."
164	    DEFVAL { up }
165	::= { tacacspServerEntry 8 }
166
167	tacacspSrvPolicy OBJECT-TYPE
168	    SYNTAX  INTEGER {
169			authoritative(1),
170			non-authoritative(2)
171		}
172	    ACCESS  read-write
173	    STATUS  mandatory
174
175	    DESCRIPTION
176		"If set to authoritative(1), a negative answer to a
177		 request will be accepted. This is not necessarily
178		 true when set to non-authoritative(2), where the
179		 next TACACS+ server will be asked until there is
180		 finally an authoritative(1) server configured."
181	    DEFVAL { non-authoritative }
182	::= { tacacspServerEntry 9 }
183
184	tacacspSrvEncrMode OBJECT-TYPE
185	    SYNTAX  INTEGER {
186			encrypt(1),
187			cleartext(2)
188		}
189	    ACCESS  read-write
190	    STATUS  mandatory
191
192	    DESCRIPTION
193		"If set to encrypt(1) the TACACS+ packet will be MD5
194		 encrypted. Otherwise - if set to cleartext(2) - the packet
195		 and therefore all related information will be send
196		 unencrypted. This mode is intended for testing but not
197		 recommended for normal use."
198	    DEFVAL { encrypt }
199	::= { tacacspServerEntry 10 }
200
201	tacacspSrvMultiSession OBJECT-TYPE
202	    SYNTAX  INTEGER {
203			enabled(1),
204			disabled(2)
205		}
206	    ACCESS  read-write
207	    STATUS  mandatory
208
209	    DESCRIPTION
210		"If enabled(1) multiple TACACS+ sessions (subsequent TACACS+
211		 requests) may be supported simultaneously over a single TCP
212		 connection. If multiple sessions are not being multiplexed
213		 over a single TCP connection, a new connection will be opened
214		 for each TACACS+ session and closed at the end of that
215		 session."
216	    DEFVAL { disabled }
217	::= { tacacspServerEntry 11 }
218
219--	tacacspSrvKeepalive OBJECT-TYPE
220--	    SYNTAX  INTEGER {
221--			enabled(1),
222--			disabled(2)
223--		}
224--	    ACCESS  read-write
225--	    STATUS  mandatory
226--
227--	    DESCRIPTION
228--		"Enables the periodicaly keep alive check of established
229--		 (see tacacspSrvOperStatus) TACACS+ server."
230--	    DEFVAL { disabled }
231--	::= { tacacspServerEntry 12 }
232
233	tacacspSrvPppAuth OBJECT-TYPE
234	    SYNTAX  INTEGER {
235			disabled(1),
236			enabled(2)
237		}
238	    ACCESS  read-write
239	    STATUS  mandatory
240
241	    DESCRIPTION
242		"Enables the PPP authentication for the associated TACACS+
243		 server."
244	    DEFVAL { disabled }
245	::= { tacacspServerEntry 13 }
246
247	tacacspSrvLoginAuth OBJECT-TYPE
248	    SYNTAX  INTEGER {
249			disabled(1),
250			enabled(2)
251		}
252	    ACCESS  read-write
253	    STATUS  mandatory
254
255	    DESCRIPTION
256		"Enables the login authentication (shell) for the associated
257		 TACACS+ server."
258	    DEFVAL { enabled }
259	::= { tacacspServerEntry 14 }
260
261	tacacspSrvAccounting OBJECT-TYPE
262	    SYNTAX  INTEGER {
263			disabled(1),
264			enabled(2)
265		}
266	    ACCESS  read-write
267	    STATUS  mandatory
268
269	    DESCRIPTION
270		"Enables the TACACS+ accounting for the associated TACACS+
271		 server."
272	    DEFVAL { disabled }
273	::= { tacacspServerEntry 15 }
274
275	tacacspSrvBlockTimeout OBJECT-TYPE
276	    SYNTAX  INTEGER (0..3600)
277	    ACCESS  read-write
278	    STATUS  mandatory
279
280	    DESCRIPTION
281		"Timeout in seconds for the blocked status (see also
282		 tacacspSrvOperStatus), if expired, the operational status
283		 is set to up(1) or down(3) according the the current
284		 tacacspSrvAdminStatus. When set to zero, the operational
285		 status is never set to blocked."
286	    DEFVAL { 60 }
287	::= { tacacspServerEntry 16 }
288
289
290	tacacspSrvAuthentNoResp OBJECT-TYPE
291	    SYNTAX  INTEGER {
292			connection-bydefault(1),
293			connection-bylocalloginpwd(2),
294			connection-forbidden(3)
295		}
296	    ACCESS  read-write
297	    STATUS  mandatory
298	    DESCRIPTION
299		"Possible actions for the client when no response from servers :
300		  - allowing the connection to the router by local login pwd (2)
301		  - or stop the negociation (3)."
302	    DEFVAL { 1 }
303	::= { tacacspServerEntry 17 }
304
305	tacacspSrvAuthentNegResp OBJECT-TYPE
306	    SYNTAX  INTEGER {
307			connection-bydefault(1),
308			connection-bylocalloginpwd(2),
309			connection-forbidden(3)
310		}
311	    ACCESS  read-write
312	    STATUS  mandatory
313	    DESCRIPTION
314		"Possible actions for the client when negative response :
315		 from servers.
316		 - allowing the connection to the router by local login pwd (2)
317		 -  or stop the negociation (3)."
318	    DEFVAL { 1 }
319	::= { tacacspServerEntry 18 }
320
321	tacacspSrvPrivLvlOnLogin OBJECT-TYPE
322	    SYNTAX  INTEGER (-1..15)
323	    ACCESS  read-write
324	    STATUS  mandatory
325
326	    DESCRIPTION
327		"Configurable TACACS+ privilege level assigned after
328		 successful authentication procedure. This user-specific
329		 privilege level is needed for the subsequent command
330		 authorization request(s). Note that the user is free to
331		 change that initial privilege level via the 'enab<n>'
332		 command, provided that it's enabled on the TACACS+ server.
333		 If set to -1, this parameter will be ignored."
334	    DEFVAL { 1 }
335	::= { tacacspServerEntry 19 }
336
337
338END
339