1-- ***************************************************************** 2-- CISCO-AAA-SERVER-MIB.my: Cisco AAA Server MIB file. 3-- 4-- Copyright (c) 1999-2003 by cisco Systems, Inc. 5-- All rights reserved. 6-- ***************************************************************** 7 8 9 10CISCO-AAA-SERVER-MIB DEFINITIONS ::= BEGIN 11 12 13IMPORTS 14 MODULE-IDENTITY, 15 NOTIFICATION-TYPE, 16 OBJECT-TYPE, 17 Counter32, 18 IpAddress, Unsigned32 19 FROM SNMPv2-SMI 20 MODULE-COMPLIANCE, 21 OBJECT-GROUP, NOTIFICATION-GROUP 22 FROM SNMPv2-CONF 23 TimeInterval, DisplayString, 24 TruthValue, RowStatus, 25 TEXTUAL-CONVENTION 26 FROM SNMPv2-TC 27 ciscoExperiment 28 FROM CISCO-SMI; 29 30 31ciscoAAAServerMIB MODULE-IDENTITY 32 LAST-UPDATED "200311170000Z" 33 ORGANIZATION "Cisco Systems, Inc." 34 CONTACT-INFO 35 " Cisco Systems 36 Customer Service 37 38 Postal: 170 W Tasman Drive 39 San Jose, CA 95134 40 USA 41 42 Tel: +1 800 553-NETS 43 44 E-mail: cs-aaa@cisco.com" 45 DESCRIPTION 46 "The MIB module for monitoring communications and status 47 of AAA Server operation 48 " 49 REVISION "200311170000Z" 50 DESCRIPTION 51 "Expanded the list of AAA protocols to include LDAP, 52 Kerberos, NTLM and SDI; defined textual convention 53 CiscoAAAProtocol to denote the type of AAA protocols. 54 " 55 56 REVISION "200203280000Z" 57 DESCRIPTION 58 "Imported Unsigned32 from SNMPv2-SMI instead of 59 CISCO-TC" 60 REVISION "200001200000Z" 61 DESCRIPTION 62 "Added objects to support AAA server configuration 63 casConfigTable 64 casProtocol 65 casIndex 66 casAddress 67 casAuthenPort 68 casAcctPort 69 casConfigRowStatus 70 " 71 ::= { ciscoExperiment 56 } 72 73 74 75-- Overview of AAA Server MIB 76-- 77-- MIB description 78-- 79-- 80-- This MIB provides configuration and statistics reflecting the state 81-- of AAA Server operation within the device and AAA communications 82-- with external servers. 83-- 84-- AAA stands for authentication, authorization, and accounting 85-- 86-- The AAA Server MIB provides the following information: 87-- 1) A Table for configuring AAA servers 88-- 2) Identities of external AAA servers 89-- 3) Distinct statistics for each AAA function 90-- 4) Status of servers providing AAA functions 91-- 92-- A server is defined as a logical entity which provides any 93-- of the three AAA functions. A TACACS+ server consists of 94-- all three functions with a single IP address and single TCP 95-- port. A RADIUS server consists of the authentication/accounting 96-- pair with a single IP address but distinct UDP ports, or 97-- it may be just one of authentication or accounting. It is 98-- possible to have two distinct RADIUS servers at the same IP 99-- address, one providing authentication only, the other accounting 100-- only. 101-- 102 103-- +++++++++++++++++++++++++++++++++++++++++++++++++++ 104-- Local Textual Conventions 105-- +++++++++++++++++++++++++++++++++++++++++++++++++++ 106 107CiscoAAAProtocol ::= TEXTUAL-CONVENTION 108 STATUS current 109 DESCRIPTION 110 "Protocol used with this server. 111 tacacsplus(1) - TACACS+ 112 113 radius(2) - RADIUS 114 115 ldap(3) - Light Weight Directory Protocol 116 117 kerberos(4) - Kerberos 118 119 ntlm(5) - Authentication/Authorization using 120 NT Domain 121 122 sdi(6) - Authentication/Authorization using 123 Secure ID 124 125 other(7) - Other protocols 126 " 127 REFERENCE 128 " 129 RFC 2138 Remote Authentication Dial In User Service 130 (RADIUS) 131 RFC 2139 RADIUS Accounting 132 The TACACS+ Protocol Version 1.78, Internet Draft 133 " 134 SYNTAX INTEGER { 135 tacacsplus(1), 136 radius(2), 137 ldap(3), 138 kerberos(4), 139 ntlm(5), 140 sdi(6), 141 other(7) 142 } 143 144 145-- AAA Server MIB object definitions 146 147cAAAServerMIBObjects OBJECT IDENTIFIER ::= { ciscoAAAServerMIB 1 } 148 149 150-- Configuration objects 151 152casConfig OBJECT IDENTIFIER ::= { cAAAServerMIBObjects 1 } 153 154 155-- Statistics objects 156 157casStatistics OBJECT IDENTIFIER ::= { cAAAServerMIBObjects 2 } 158 159 160 161-- 162-- Notification Configuration 163-- 164 165casServerStateChangeEnable OBJECT-TYPE 166 SYNTAX TruthValue 167 MAX-ACCESS read-write 168 STATUS current 169 DESCRIPTION 170 "This variable controls the generation of 171 casServerStateChange notification. 172 173 When this variable is true(1), generation of 174 casServerStateChange notifications is enabled. 175 When this variable is false(2), generation of 176 casServerStateChange notifications is disabled. 177 178 The default value is false(2). 179 " 180 ::= { casConfig 1 } 181 182-- 183-- Server Configuration Table 184-- 185 186casConfigTable OBJECT-TYPE 187 SYNTAX SEQUENCE OF CasConfigEntry 188 MAX-ACCESS not-accessible 189 STATUS current 190 DESCRIPTION 191 "This table shows current configurations for each 192 AAA server, allows existing servers to be removed 193 and new ones to be created. 194 " 195 ::= { casConfig 2 } 196 197casConfigEntry OBJECT-TYPE 198 SYNTAX CasConfigEntry 199 MAX-ACCESS not-accessible 200 STATUS current 201 DESCRIPTION 202 "An AAA server configuration identified by its protocol 203 and its index. 204 205 An entry is created/removed when a server is defined 206 or undefined with IOS configuration commands via 207 CLI or by issuing appropriate sets to this table 208 using snmp. 209 210 A management station wishing to create an entry should 211 first generate a random number to be used as the index 212 to this sparse table. The station should then create the 213 associated instance of the row status and row index objects. 214 It must also, either in the same or in successive PDUs, 215 create an instance of casAddress where casAddress is the 216 IP address of the server to be added. 217 218 It should also modify the default values for casAuthenPort, 219 casAcctPort if the defaults are not appropriate. 220 221 If casKey is a zero-length string or is not explicitly set, 222 then the global key will be used. Otherwise, this value 223 is used as the key for this server instance. 224 225 Once the appropriate instance of all the configuration 226 objects have been created, either by an explicit SNMP set 227 request or by default, the row status should be set to 228 active(1) to initiate the request. 229 230 After the AAA server is made active, the entry can not be 231 modified - the only allowed operation after this is to 232 destroy the entry by setting casConfigRowStatus to destroy(6). 233 234 casPriority is automatically assigned once the entry is 235 made active and reflects the relative priority of the 236 defined server with respect to already configured servers. 237 Newly-created servers will be assigned the lowest priority. 238 To reassign server priorities to existing server entries, 239 it may be necessary to destroy and recreate entries in order 240 of priority. 241 242 Entries in this table with casConfigRowStatus equal to 243 active(1) remain in the table until destroyed. 244 245 Entries in this table with casConfigRowStatus equal to 246 values other than active(1) will be destroyed after timeout 247 (5 minutes). 248 249 If a server address being created via SNMP exists already 250 in another active casConfigEntry, then a newly created row 251 can not be made active until the original row with the 252 with the same server address value is destroyed. 253 254 Upon reload, casIndex values may be changed, but the 255 priorities that were saved before reload will be retained, 256 with lowest priority number corresponding to the higher 257 priority servers. 258 " 259 INDEX { casProtocol, 260 casIndex } 261 ::= { casConfigTable 1} 262 263CasConfigEntry ::= 264 SEQUENCE { 265 casProtocol CiscoAAAProtocol, 266 casIndex Unsigned32, 267 casAddress IpAddress, 268 casAuthenPort INTEGER, 269 casAcctPort INTEGER, 270 casKey DisplayString, 271 casPriority Unsigned32, 272 casConfigRowStatus RowStatus 273 } 274 275casProtocol OBJECT-TYPE 276 SYNTAX CiscoAAAProtocol 277 MAX-ACCESS not-accessible 278 STATUS current 279 DESCRIPTION 280 "The variable denotes the protocol used by the 281 managed device with the AAA server corresponding to 282 this entry in the table. 283 " 284 ::= { casConfigEntry 1 } 285 286casIndex OBJECT-TYPE 287 SYNTAX Unsigned32 (1..4294967295) 288 MAX-ACCESS not-accessible 289 STATUS current 290 DESCRIPTION 291 "A management station wishing to initiate a new AAA server 292 configuration should use a random value for this object 293 when creating an instance of casConfigEntry. 294 295 The RowStatus semantics of the casConfigRowStatus object 296 will prevent access conflicts. 297 298 If the randomly chosen casIndex value for row creation 299 is already in use by an existing entry, snmp set to the 300 casIndex value will fail. 301 " 302 303 ::= { casConfigEntry 2 } 304 305casAddress OBJECT-TYPE 306 SYNTAX IpAddress 307 MAX-ACCESS read-create 308 STATUS current 309 DESCRIPTION 310 "The IP address of the server. 311 " 312 313 ::= { casConfigEntry 3 } 314 315casAuthenPort OBJECT-TYPE 316 SYNTAX INTEGER (0..65535) 317 MAX-ACCESS read-create 318 STATUS current 319 DESCRIPTION 320 "UDP/TCP port used for authentication in the configuration 321 322 For TACACS+, this object should be explictly set. 323 324 Default value is the IOS default for radius: 1645. 325 " 326 DEFVAL { 1645 } 327 ::= { casConfigEntry 4 } 328 329casAcctPort OBJECT-TYPE 330 SYNTAX INTEGER (0..65535) 331 MAX-ACCESS read-create 332 STATUS current 333 DESCRIPTION 334 "UDP/TCP port used for accounting service in the configuration 335 336 For TACACS+, the value of casAcctPort is ignored. 337 casAuthenPort will be used instead. 338 339 Default value is the IOS default for radius: 1646. 340 " 341 DEFVAL { 1646 } 342 ::= { casConfigEntry 5 } 343 344casKey OBJECT-TYPE 345 SYNTAX DisplayString 346 MAX-ACCESS read-create 347 STATUS current 348 DESCRIPTION 349 "The server key to be used with this server. 350 351 Retrieving the value of this object via SNMP will 352 return an empty string for security reasons. 353 " 354 DEFVAL { "" } 355 ::= { casConfigEntry 6 } 356 357casPriority OBJECT-TYPE 358 SYNTAX Unsigned32 (1..4294967295) 359 MAX-ACCESS read-only 360 STATUS current 361 DESCRIPTION 362 "A number that indicates the priority of the server in 363 this entry. Lower numbers indicate higher priority. 364 " 365 ::= { casConfigEntry 7 } 366 367 368casConfigRowStatus OBJECT-TYPE 369 SYNTAX RowStatus 370 MAX-ACCESS read-create 371 STATUS current 372 DESCRIPTION 373 "The status of this table entry. Once the entry status is 374 set to active, the associated entry cannot be modified 375 except destroyed by setting this object to destroy(6). 376 " 377 ::= { casConfigEntry 8 } 378 379-- 380-- Server Statistics 381-- 382 383casStatisticsTable OBJECT-TYPE 384 SYNTAX SEQUENCE OF CasStatisticsEntry 385 MAX-ACCESS not-accessible 386 STATUS current 387 DESCRIPTION 388 " 389 Table providing statistics for each server. 390 " 391 ::= { casStatistics 1 } 392 393casStatisticsEntry OBJECT-TYPE 394 SYNTAX CasStatisticsEntry 395 MAX-ACCESS not-accessible 396 STATUS current 397 DESCRIPTION 398 "Statistical information about a particular server. 399 400 Objects in this table are read-only and appear 401 automatically whenever a row in the casConfigTable 402 is made active. 403 404 Objects in this table disappear when casConfigRowStatus 405 for the corresponding casConfigEntry is set to the 406 destroy(6) state. 407 " 408 AUGMENTS { casConfigEntry } 409 ::= { casStatisticsTable 1 } 410 411CasStatisticsEntry::= 412 SEQUENCE { 413 casAuthenRequests Counter32, 414 casAuthenRequestTimeouts Counter32, 415 casAuthenUnexpectedResponses Counter32, 416 casAuthenServerErrorResponses Counter32, 417 casAuthenIncorrectResponses Counter32, 418 casAuthenResponseTime TimeInterval, 419 casAuthenTransactionSuccesses Counter32, 420 casAuthenTransactionFailures Counter32, 421 casAuthorRequests Counter32, 422 casAuthorRequestTimeouts Counter32, 423 casAuthorUnexpectedResponses Counter32, 424 casAuthorServerErrorResponses Counter32, 425 casAuthorIncorrectResponses Counter32, 426 casAuthorResponseTime TimeInterval, 427 casAuthorTransactionSuccesses Counter32, 428 casAuthorTransactionFailures Counter32, 429 casAcctRequests Counter32, 430 casAcctRequestTimeouts Counter32, 431 casAcctUnexpectedResponses Counter32, 432 casAcctServerErrorResponses Counter32, 433 casAcctIncorrectResponses Counter32, 434 casAcctResponseTime TimeInterval, 435 casAcctTransactionSuccesses Counter32, 436 casAcctTransactionFailures Counter32, 437 casState INTEGER, 438 casCurrentStateDuration TimeInterval, 439 casPreviousStateDuration TimeInterval, 440 casTotalDeadTime TimeInterval, 441 casDeadCount Counter32 442 } 443 444-- 445-- Authentication statistics 446-- 447 448casAuthenRequests OBJECT-TYPE 449 SYNTAX Counter32 450 MAX-ACCESS read-only 451 STATUS current 452 DESCRIPTION 453 "The number of authentication requests sent to 454 this server since it is made active. 455 456 Retransmissions due to request timeouts are 457 counted as distinct requests. 458 " 459 ::= { casStatisticsEntry 1 } 460 461casAuthenRequestTimeouts OBJECT-TYPE 462 SYNTAX Counter32 463 MAX-ACCESS read-only 464 STATUS current 465 DESCRIPTION 466 "The number of authentication requests which have 467 timed out since it is made active. 468 469 A timeout results in a retransmission of the request 470 If the maximum number of attempts has been reached, 471 no further retransmissions will be attempted. 472 " 473 ::= { casStatisticsEntry 2 } 474 475casAuthenUnexpectedResponses OBJECT-TYPE 476 SYNTAX Counter32 477 MAX-ACCESS read-only 478 STATUS current 479 DESCRIPTION 480 "The number of unexpected authentication responses received 481 from this server since it is made active. 482 483 An example is a delayed response to a request which had 484 already timed out. 485 " 486 ::= { casStatisticsEntry 3 } 487 488casAuthenServerErrorResponses OBJECT-TYPE 489 SYNTAX Counter32 490 MAX-ACCESS read-only 491 STATUS current 492 DESCRIPTION 493 "The number of server ERROR authentication responses 494 received from this server since it is made active. 495 496 These are responses indicating that the server itself 497 has identified an error with its authentication 498 operation. 499 " 500 ::= { casStatisticsEntry 4 } 501 502casAuthenIncorrectResponses OBJECT-TYPE 503 SYNTAX Counter32 504 MAX-ACCESS read-only 505 STATUS current 506 DESCRIPTION 507 "The number of authentication responses which could not 508 be processed since it is made active. 509 510 Reasons include inability to decrypt the response, 511 invalid fields, or the response is not valid based on 512 the request. 513 " 514 ::= { casStatisticsEntry 5 } 515 516casAuthenResponseTime OBJECT-TYPE 517 SYNTAX TimeInterval 518 MAX-ACCESS read-only 519 STATUS current 520 DESCRIPTION 521 "Average response time for authentication requests sent 522 to this server, excluding timeouts, since system 523 re-initialization. 524 " 525 ::= { casStatisticsEntry 6 } 526 527casAuthenTransactionSuccesses OBJECT-TYPE 528 SYNTAX Counter32 529 MAX-ACCESS read-only 530 STATUS current 531 DESCRIPTION 532 "The number of authentication transactions with this 533 server which succeeded since it is made active. 534 535 A transaction may include multiple request 536 retransmissions if timeouts occur. 537 538 A transaction is successful if the server responds 539 with either an authentication pass or fail. 540 " 541 ::= { casStatisticsEntry 7 } 542 543casAuthenTransactionFailures OBJECT-TYPE 544 SYNTAX Counter32 545 MAX-ACCESS read-only 546 STATUS current 547 DESCRIPTION 548 "The number of authentication transactions with this 549 server which failed since it is made active. 550 551 A transaction may include multiple request 552 retransmissions if timeouts occur. 553 554 A transaction failure occurs if maximum resends have 555 been met or the server aborts the transaction. 556 " 557 ::= { casStatisticsEntry 8 } 558 559-- 560-- Authorization statistics 561-- 562 563casAuthorRequests OBJECT-TYPE 564 SYNTAX Counter32 565 MAX-ACCESS read-only 566 STATUS current 567 DESCRIPTION 568 "The number of authorization requests sent to 569 this server since it is made active. 570 571 Retransmissions due to request timeouts are 572 counted as distinct requests. 573 574 This object is not instantiated for protocols which do 575 not support a distinct authorization function. 576 " 577 ::= { casStatisticsEntry 9 } 578 579casAuthorRequestTimeouts OBJECT-TYPE 580 SYNTAX Counter32 581 MAX-ACCESS read-only 582 STATUS current 583 DESCRIPTION 584 "The number of authorization requests which have 585 timed out since it is made active. 586 587 A timeout results in a retransmission of the request 588 If the maximum number of attempts has been reached, 589 no further retransmissions will be attempted. 590 591 This object is not instantiated for protocols which do 592 not support a distinct authorization function. 593 " 594 ::= { casStatisticsEntry 10 } 595 596casAuthorUnexpectedResponses OBJECT-TYPE 597 SYNTAX Counter32 598 MAX-ACCESS read-only 599 STATUS current 600 DESCRIPTION 601 "The number of unexpected authorization responses received 602 from this server since it is made active. 603 604 An example is a delayed response to a request which 605 had already timed out. 606 607 This object is not instantiated for protocols which do 608 not support a distinct authorization function. 609 " 610 ::= { casStatisticsEntry 11 } 611 612casAuthorServerErrorResponses OBJECT-TYPE 613 SYNTAX Counter32 614 MAX-ACCESS read-only 615 STATUS current 616 DESCRIPTION 617 "The number of server ERROR authorization responses 618 received from this server since it is made active. 619 620 These are responses indicating that the server itself 621 has identified an error with its authorization 622 operation. 623 624 This object is not instantiated for protocols which do 625 not support a distinct authorization function. 626 " 627 ::= { casStatisticsEntry 12 } 628 629casAuthorIncorrectResponses OBJECT-TYPE 630 SYNTAX Counter32 631 MAX-ACCESS read-only 632 STATUS current 633 DESCRIPTION 634 "The number of authorization responses which could not 635 be processed since it is made active. 636 637 Reasons include inability to decrypt the response, 638 invalid fields, or the response is not valid based on 639 the request. 640 641 This object is not instantiated for protocols which do 642 not support a distinct authorization function. 643 " 644 ::= { casStatisticsEntry 13 } 645 646casAuthorResponseTime OBJECT-TYPE 647 SYNTAX TimeInterval 648 MAX-ACCESS read-only 649 STATUS current 650 DESCRIPTION 651 "Average response time for authorization requests sent 652 to this server, excluding timeouts, since system 653 re-initialization. 654 655 This object is not instantiated for protocols which do 656 not support a distinct authorization function. 657 " 658 ::= { casStatisticsEntry 14 } 659 660casAuthorTransactionSuccesses OBJECT-TYPE 661 SYNTAX Counter32 662 MAX-ACCESS read-only 663 STATUS current 664 DESCRIPTION 665 "The number of authorization transactions with this 666 server which succeeded since it is made active. 667 668 A transaction may include multiple request 669 retransmissions if timeouts occur. 670 671 A transaction is successful if the server responds 672 with either an authorization pass or fail. 673 674 This object is not instantiated for protocols which do 675 not support a distinct authorization function. 676 " 677 ::= { casStatisticsEntry 15 } 678 679casAuthorTransactionFailures OBJECT-TYPE 680 SYNTAX Counter32 681 MAX-ACCESS read-only 682 STATUS current 683 DESCRIPTION 684 "The number of authorization transactions with this 685 server which failed since it is made active. 686 687 A transaction may include multiple request 688 retransmissions if timeouts occur. 689 690 A transaction failure occurs if maximum resends have 691 been met or the server aborts the transaction. 692 693 This object is not instantiated for protocols which do 694 not support a distinct authorization function. 695 " 696 ::= { casStatisticsEntry 16 } 697 698-- 699-- Accounting statistics 700-- 701 702casAcctRequests OBJECT-TYPE 703 SYNTAX Counter32 704 MAX-ACCESS read-only 705 STATUS current 706 DESCRIPTION 707 "The number of accounting requests sent to 708 this server since system re-initialization. 709 710 Retransmissions due to request timeouts are 711 counted as distinct requests. 712 " 713 ::= { casStatisticsEntry 17 } 714 715casAcctRequestTimeouts OBJECT-TYPE 716 SYNTAX Counter32 717 MAX-ACCESS read-only 718 STATUS current 719 DESCRIPTION 720 "The number of accounting requests which have 721 timed out since system re-initialization. 722 723 A timeout results in a retransmission of the request 724 If the maximum number of attempts has been reached, 725 no further retransmissions will be attempted. 726 727 " 728 ::= { casStatisticsEntry 18 } 729 730casAcctUnexpectedResponses OBJECT-TYPE 731 SYNTAX Counter32 732 MAX-ACCESS read-only 733 STATUS current 734 DESCRIPTION 735 "The number of unexpected accounting responses received 736 from this server since system re-initialization. 737 738 An example is a delayed response to a request which had 739 already timed out. 740 " 741 ::= { casStatisticsEntry 19 } 742 743casAcctServerErrorResponses OBJECT-TYPE 744 SYNTAX Counter32 745 MAX-ACCESS read-only 746 STATUS current 747 DESCRIPTION 748 "The number of server ERROR accounting responses received 749 from this server since system re-initialization. 750 751 These are responses indicating that the server itself 752 has identified an error with its accounting 753 operation. 754 " 755 ::= { casStatisticsEntry 20 } 756 757casAcctIncorrectResponses OBJECT-TYPE 758 SYNTAX Counter32 759 MAX-ACCESS read-only 760 STATUS current 761 DESCRIPTION 762 "The number of accounting responses which could not 763 be processed since system re-initialization. 764 765 Reasons include inability to decrypt the response, 766 invalid fields, or the response is not valid based on 767 the request. 768 " 769 ::= { casStatisticsEntry 21 } 770 771casAcctResponseTime OBJECT-TYPE 772 SYNTAX TimeInterval 773 MAX-ACCESS read-only 774 STATUS current 775 DESCRIPTION 776 "Average response time for accounting requests sent 777 to this server,, since system re-initialization 778 excluding timeouts. 779 " 780 ::= { casStatisticsEntry 22 } 781 782casAcctTransactionSuccesses OBJECT-TYPE 783 SYNTAX Counter32 784 MAX-ACCESS read-only 785 STATUS current 786 DESCRIPTION 787 "The number of accounting transactions with this 788 server which succeeded since system re-initialization. 789 790 A transaction may include multiple request 791 retransmissions if timeouts occur. 792 793 A transaction is successful if the server responds 794 with either an accounting pass or fail. 795 " 796 ::= { casStatisticsEntry 23 } 797 798casAcctTransactionFailures OBJECT-TYPE 799 SYNTAX Counter32 800 MAX-ACCESS read-only 801 STATUS current 802 DESCRIPTION 803 "The number of accounting transactions with this 804 server which failed since system re-initialization. 805 806 A transaction may include multiple request 807 retransmissions if timeouts occur. 808 809 A transaction failure occurs if maximum resends have 810 been met or the server aborts the transaction. 811 " 812 ::= { casStatisticsEntry 24 } 813 814-- 815-- Server availability 816-- 817 818casState OBJECT-TYPE 819 SYNTAX INTEGER { 820 up(1), 821 dead(2) 822 } 823 MAX-ACCESS read-only 824 STATUS current 825 DESCRIPTION 826 "Current state of this server. 827 828 up(1) - Server responding to requests 829 830 dead(2) - Server failed to respond 831 832 A server is marked dead if it does not respond after 833 maximum retransmissions. 834 835 A server is marked up again either after a waiting 836 period or if some response is received from it. 837 838 The initial value of casState is 'up(1)' at system 839 re-initialization. This will only transistion to 'dead(2)' 840 if an attempt to communicate fails. 841 " 842 ::= { casStatisticsEntry 25 } 843 844casCurrentStateDuration OBJECT-TYPE 845 SYNTAX TimeInterval 846 MAX-ACCESS read-only 847 STATUS current 848 DESCRIPTION 849 "This object provides the elapsed time the server has 850 been in its current state as shown in casState. 851 " 852 ::= { casStatisticsEntry 26 } 853 854casPreviousStateDuration OBJECT-TYPE 855 SYNTAX TimeInterval 856 MAX-ACCESS read-only 857 STATUS current 858 DESCRIPTION 859 "This object provides the elapsed time the server was 860 been in its previous state prior to the most recent 861 transistion of casState. 862 863 This value is zero if the server has not changed state. 864 " 865 ::= { casStatisticsEntry 27 } 866 867casTotalDeadTime OBJECT-TYPE 868 SYNTAX TimeInterval 869 MAX-ACCESS read-only 870 STATUS current 871 DESCRIPTION 872 "The total elapsed time this server's casState has 873 had the value 'dead(2)' since system re-initialization. 874 " 875 ::= { casStatisticsEntry 28 } 876 877casDeadCount OBJECT-TYPE 878 SYNTAX Counter32 879 MAX-ACCESS read-only 880 STATUS current 881 DESCRIPTION 882 "The number of times this server's casState has 883 transitioned to 'dead(2)' since system re-initialization. 884 " 885 ::= { casStatisticsEntry 29 } 886 887 888 889 890-- ****************************************************************** 891-- Notifications 892-- ****************************************************************** 893cAAAServerMIBNotificationPrefix OBJECT IDENTIFIER ::= 894 { ciscoAAAServerMIB 2 } 895 896cAAAServerMIBNotifications OBJECT IDENTIFIER ::= 897 { cAAAServerMIBNotificationPrefix 0 } 898 899casServerStateChange NOTIFICATION-TYPE 900 OBJECTS { casState, 901 casPreviousStateDuration, 902 casTotalDeadTime } 903 STATUS current 904 DESCRIPTION 905 "An AAA server state change notification is generated 906 whenever casState changes value. 907 " 908 ::= { cAAAServerMIBNotifications 1 } 909 910 911 912-- ****************************************************************** 913-- Conformance and Compliance 914-- ****************************************************************** 915cAAAServerMIBConformance OBJECT IDENTIFIER ::= { ciscoAAAServerMIB 3 } 916 917casMIBCompliances OBJECT IDENTIFIER ::= { cAAAServerMIBConformance 1 } 918casMIBGroups OBJECT IDENTIFIER ::= { cAAAServerMIBConformance 2 } 919 920-- compliance statements 921 922casMIBCompliance MODULE-COMPLIANCE 923 STATUS current 924 DESCRIPTION 925 "The compliance statement for entities which 926 implement the CISCO AAA Server MIB" 927 MODULE -- this module 928 MANDATORY-GROUPS 929 { 930 casConfigGroup, 931 casStatisticsGroup, 932 casServerNotificationGroup 933 } 934 935 OBJECT casAddress 936 MIN-ACCESS read-only 937 DESCRIPTION 938 "Create/Write access is not required." 939 940 OBJECT casAuthenPort 941 MIN-ACCESS read-only 942 DESCRIPTION 943 "Create/Write access is not required." 944 945 OBJECT casAcctPort 946 MIN-ACCESS read-only 947 DESCRIPTION 948 "Create/Write access is not required." 949 950 OBJECT casKey 951 MIN-ACCESS read-only 952 DESCRIPTION 953 "Create/Write access is not required." 954 955 OBJECT casConfigRowStatus 956 MIN-ACCESS read-only 957 DESCRIPTION 958 "Create/Write access is not required." 959 960 961 ::= { casMIBCompliances 1 } 962 963 964-- units of conformance 965 966casStatisticsGroup OBJECT-GROUP 967 OBJECTS { 968 casAuthenRequests, 969 casAuthenRequestTimeouts, 970 casAuthenUnexpectedResponses, 971 casAuthenServerErrorResponses, 972 casAuthenIncorrectResponses, 973 casAuthenResponseTime, 974 casAuthenTransactionSuccesses, 975 casAuthenTransactionFailures, 976 casAuthorRequests, 977 casAuthorRequestTimeouts, 978 casAuthorUnexpectedResponses, 979 casAuthorServerErrorResponses, 980 casAuthorIncorrectResponses, 981 casAuthorResponseTime, 982 casAuthorTransactionSuccesses, 983 casAuthorTransactionFailures, 984 casAcctRequests, 985 casAcctRequestTimeouts, 986 casAcctUnexpectedResponses, 987 casAcctServerErrorResponses, 988 casAcctIncorrectResponses, 989 casAcctResponseTime, 990 casAcctTransactionSuccesses, 991 casAcctTransactionFailures, 992 casState, 993 casCurrentStateDuration, 994 casPreviousStateDuration, 995 casTotalDeadTime, 996 casDeadCount 997 } 998 STATUS current 999 DESCRIPTION 1000 "Objects for providing AAA server statistics and status. 1001 " 1002 ::= { casMIBGroups 1 } 1003 1004casConfigGroup OBJECT-GROUP 1005 OBJECTS { 1006 casServerStateChangeEnable, 1007 casAddress, 1008 casAuthenPort, 1009 casAcctPort, 1010 casKey, 1011 casPriority, 1012 casConfigRowStatus 1013 } 1014 STATUS current 1015 DESCRIPTION 1016 "Objects for configuring the AAA servers. 1017 " 1018 ::= { casMIBGroups 2 } 1019 1020casServerNotificationGroup NOTIFICATION-GROUP 1021 NOTIFICATIONS { casServerStateChange } 1022 STATUS current 1023 DESCRIPTION 1024 "The collection of notifications used for 1025 monitoring AAA server status" 1026 ::= { casMIBGroups 3 } 1027 1028 1029 1030END 1031 1032