1-- ********************************************************************* 2-- CISCO-RADIUS-MIB.my: Radius Configuration MIB 3-- 4-- October 2002, Vinay Gaonkar 5-- March 2004, Binh Le 6-- Jan 2009, Paari Elangovan 7-- 8-- Copyright (c) 2002-2009 by cisco Systems, Inc. 9-- 10 11-- All rights reserved. 12-- 13-- ******************************************************************* 14 15CISCO-RADIUS-MIB DEFINITIONS ::= BEGIN 16 17IMPORTS 18 MODULE-IDENTITY, 19 NOTIFICATION-TYPE, 20 OBJECT-TYPE, 21 Unsigned32 22 FROM SNMPv2-SMI 23 MODULE-COMPLIANCE, 24 NOTIFICATION-GROUP, 25 OBJECT-GROUP 26 FROM SNMPv2-CONF 27 RowStatus, 28 TEXTUAL-CONVENTION, 29 TruthValue 30 FROM SNMPv2-TC 31 InetAddressType, 32 InetAddress 33 FROM INET-ADDRESS-MIB 34 SnmpAdminString 35 FROM SNMP-FRAMEWORK-MIB 36 TimeIntervalMin, 37 TimeIntervalSec, 38 CiscoPort 39 FROM CISCO-TC 40 ciscoMgmt 41 FROM CISCO-SMI; 42 43 44ciscoRadiusMIB MODULE-IDENTITY 45 LAST-UPDATED "200902060000Z" 46 ORGANIZATION "Cisco Systems Inc." 47 CONTACT-INFO 48 "Cisco Systems 49 Customer Service 50 Postal: 170 W Tasman Drive 51 San Jose, CA 95134 52 USA 53 Tel: +1 800 553 -NETS 54 E-mail: cs-san@cisco.com" 55 DESCRIPTION 56 "MIB module for monitoring and configuring 57 authentication and logging services using RADIUS 58 (Remote Authentication Dial In User Service) related 59 objects. 60 61 The RADIUS (RFC2865) framework consists of clients and 62 servers. A client is responsible for passing user 63 information to designated RADIUS servers, and then 64 acting on the response which is returned. 65 66 RADIUS server is responsible for receiving user 67 connection requests, authenticating the user, and then 68 returning all configuration information necessary for 69 the client to deliver service to the user. 70 71 This MIB module also contains objects for 72 enabling/disabling telnet and SSH (Secure Shell) 73 authentication. Secure Shell is program which is used 74 to log into another machine over a secured session." 75 REVISION "200902060000Z" 76 DESCRIPTION 77 "The following objects have been added 78 [1] crRadiusServerRTTThldNorm 79 [2] crRadiusServerRTTThldHi 80 [3] crRadiusServerRetransThldNorm 81 [4] crRadiusServerRetransThldHi 82 [5] crRadiusServerRTTNormNotifEnable 83 [6] crRadiusServerRTTHiNotifEnable 84 [7] crRadiusServerRetransNormNotifEnable 85 [8] crRadiusServerRetransHiNotifEnable 86 87 The following notifications have been added 88 [1] crRadiusServerRTTNormNotif 89 [2] crRadiusServerRTTHiNotif 90 [3] crRadiusServerRetransNormNotif 91 [4] crRadiusServerRetransHiNotif 92 93 The following object-groups have been added 94 [1] crmRadiusServerNotifGroup 95 [2] crmNotificationControlGroup 96 [3] crmRadiusServerNotifCntlGroup 97 98 The compliance statement ciscoRadiusMIBCompliance3 has been 99 deprecated by ciscoRadiusMIBCompliance4." 100 REVISION "200707220000Z" 101 DESCRIPTION 102 "Added support of crmRadiusKeepAliveUserGroup." 103 REVISION "200701030000Z" 104 DESCRIPTION 105 "Added support of 106 crmKeepAliveGroup, 107 crmAutoInitializeConfigGroup, and 108 crmAttributesGroup2." 109 REVISION "200403030000Z" 110 DESCRIPTION 111 "Added support of 112 crRadiusFramedIpAddrIncluded, 113 crRadiusVlanAssignmentEnabled, 114 crVlanGroupTable. 115 116 Added http(2) bit to crRadiusLoginAuthentication." 117 REVISION "200211090000Z" 118 DESCRIPTION 119 "Removed the TC CiscoRadiusAuthKeyType. 120 Added new TC CiscoRadiusAuthKey. 121 Removed the objects crRadiusAuthKeyType and 122 crRadiusServerKeyType. 123 Changed the SYNTAX of objects crRadiusAuthKey and 124 crRadiusServerKey." 125 REVISION "200210080000Z" 126 DESCRIPTION 127 "Initial version of this MIB module." 128 ::= { ciscoMgmt 288 } 129 130 131ciscoRadiusMIBObjects OBJECT IDENTIFIER 132 ::= { ciscoRadiusMIB 1 } 133 134ciscoRadiusMIBConformance OBJECT IDENTIFIER 135 ::= { ciscoRadiusMIB 2 } 136 137crRadiusGenericConfig OBJECT IDENTIFIER 138 ::= { ciscoRadiusMIBObjects 1 } 139 140crRadiusServerConfig OBJECT IDENTIFIER 141 ::= { ciscoRadiusMIBObjects 2 } 142 143crRadiusAttributesConfig OBJECT IDENTIFIER 144 ::= { ciscoRadiusMIBObjects 3 } 145 146crRadiusVlanConfigGroup OBJECT IDENTIFIER 147 ::= { ciscoRadiusMIBObjects 4 } 148 149crRadiusKeepAliveConfig OBJECT IDENTIFIER 150 ::= { ciscoRadiusMIBObjects 5 } 151 152crRadiusServerNotifCntl OBJECT IDENTIFIER 153 ::= { ciscoRadiusMIBObjects 6 } 154 155ciscoRadiusMIBNotifications OBJECT IDENTIFIER 156 ::= { ciscoRadiusMIB 3 } 157 158 159-- Textual Conventions 160 161CiscoRadiusAuthKey ::= TEXTUAL-CONVENTION 162 STATUS current 163 DESCRIPTION 164 "The authentication key of a radius server. 165 The first octet of this object contains the the type of key. 166 The octets following the first octet contain the key. 167 If the value of the first object is ascii value 'p', then the 168 key is in plain text. 169 If the value of first object is ascii value 'e', the key is 170 encrypted. 171 Note that this object has same format as TC DisplayString." 172 SYNTAX OCTET STRING (SIZE (0..65)) 173 174CiscoRadiusRoundTripTimePercent ::= TEXTUAL-CONVENTION 175 DISPLAY-HINT "d-2" 176 STATUS current 177 DESCRIPTION 178 "This textual convention represents a round-trip time per 179 session expressed as a percent of the round-trip time 180 configured for the RADIUS server." 181 SYNTAX Unsigned32 (1..100) 182 183CiscoRadiusRetransPercent ::= TEXTUAL-CONVENTION 184 DISPLAY-HINT "d-2" 185 STATUS current 186 DESCRIPTION 187 "This textual convention represents the number of retransmisions 188 per session expressed as a percent of the retransmissions 189 configured for the RADIUS server." 190 SYNTAX Unsigned32 (1..100) 191 192-- the RADIUS Configuration group 193 194crRadiusLoginAuthentication OBJECT-TYPE 195 SYNTAX BITS { 196 telnet(0), 197 console(1), 198 http(2) 199 } 200 MAX-ACCESS read-write 201 STATUS current 202 DESCRIPTION 203 "The login authentication using RADIUS feature is enabled for 204 telnet/SSH sessions if the 'telnet (0) ' bit is set, and 205 disabled if this bit is reset. 206 207 The login authentication using RADIUS feature is enabled for 208 console sessions if the 'console (1) ' bit is set, and 209 disabled if this bit is reset. 210 211 The login authentication using RADIUS feature is enabled for 212 remote web sessions if the 'http (2) ' bit is set, and 213 disabled if this bit is reset." 214 DEFVAL { { } } 215 ::= { crRadiusGenericConfig 1 } 216 217crRadiusDeadtime OBJECT-TYPE 218 SYNTAX TimeIntervalMin (0..1440) 219 UNITS "minutes" 220 MAX-ACCESS read-write 221 STATUS current 222 DESCRIPTION 223 "Indicates the length of time in minutes that the system will 224 mark the server dead when a RADIUS server does not respond to 225 an authentication request. During the interval of the dead 226 time, any authentication request that comes up would not be 227 sent to that RADIUS server that was marked as dead. The 228 default value of 0 means that the RADIUS servers will not be 229 marked dead if they do not respond." 230 DEFVAL { 0 } 231 ::= { crRadiusGenericConfig 2 } 232 233crRadiusAuthKey OBJECT-TYPE 234 SYNTAX CiscoRadiusAuthKey 235 MAX-ACCESS read-write 236 STATUS current 237 DESCRIPTION 238 "The key used in encrypting the packets passed between the 239 RADIUS server and the client. This key must match the one 240 configured on the server. 241 242 A zero-length string is always returned when this object is 243 read." 244 ::= { crRadiusGenericConfig 3 } 245 246crRadiusTimeout OBJECT-TYPE 247 SYNTAX TimeIntervalSec (1..1000) 248 UNITS "seconds" 249 MAX-ACCESS read-write 250 STATUS current 251 DESCRIPTION 252 "This is the time in seconds between retransmissions to 253 the RADIUS server." 254 DEFVAL { 1 } 255 ::= { crRadiusGenericConfig 4 } 256 257crRadiusRetransmits OBJECT-TYPE 258 SYNTAX Unsigned32 (0..100) 259 UNITS "retransmits" 260 MAX-ACCESS read-write 261 STATUS current 262 DESCRIPTION 263 "The additional number of times the RADIUS server should be 264 tried by the RADIUS client before giving up on the server." 265 DEFVAL { 1 } 266 ::= { crRadiusGenericConfig 5 } 267 268crRadiusAccountingLogMaxSize OBJECT-TYPE 269 SYNTAX Unsigned32 (0..30000) 270 UNITS "bytes" 271 MAX-ACCESS read-write 272 STATUS current 273 DESCRIPTION 274 "The maximum size of the accounting log file in bytes. 275 The log file is stored on local persistent storage at the 276 device. If the size is set to a smaller value than the 277 existing one, then smaller log will be available for view 278 by the user." 279 DEFVAL { 30000 } 280 ::= { crRadiusGenericConfig 6 } 281 282crRadiusAccountingMethod OBJECT-TYPE 283 SYNTAX BITS { 284 radius(0), 285 local(1) 286 } 287 MAX-ACCESS read-write 288 STATUS current 289 DESCRIPTION 290 "The accounting method on the device. If bit 0 291 is set, the accounting method is RADIUS. If bit 1 292 is set, then the accounting method is local. It is 293 possible for the user to set both the bits so that 294 both the RADIUS as well as local accounting methods 295 are used. It is also possible to set none of the 296 methods; in this case the switch will not do any 297 accounting." 298 ::= { crRadiusGenericConfig 7 } 299 300crRadiusFramedIpAddrIncluded OBJECT-TYPE 301 SYNTAX TruthValue 302 MAX-ACCESS read-write 303 STATUS current 304 DESCRIPTION 305 "Specifies if Access-Request packets will include 306 Framed-IP-Address attributes." 307 ::= { crRadiusAttributesConfig 1 } 308 309crRadiusFramedMtu OBJECT-TYPE 310 SYNTAX Unsigned32 311 MAX-ACCESS read-write 312 STATUS current 313 DESCRIPTION 314 "Specifies the Framed-MTU attribute value to be sent to 315 the RADIUS server." 316 REFERENCE "RFC2865: Section 5.12" 317 ::= { crRadiusAttributesConfig 2 } 318 319crRadiusServerTableMaxEntries OBJECT-TYPE 320 SYNTAX Unsigned32 (0..65536) 321 MAX-ACCESS read-only 322 STATUS current 323 DESCRIPTION 324 "The maximum number of entries that the agent supports in the 325 crRadiusServerTable." 326 ::= { crRadiusServerConfig 1 } 327-- crRadiusServerTable 328 329crRadiusServerTable OBJECT-TYPE 330 SYNTAX SEQUENCE OF CrRadiusServerEntry 331 MAX-ACCESS not-accessible 332 STATUS current 333 DESCRIPTION 334 "This table lists RADIUS servers." 335 ::= { crRadiusServerConfig 2 } 336 337crRadiusServerEntry OBJECT-TYPE 338 SYNTAX CrRadiusServerEntry 339 MAX-ACCESS not-accessible 340 STATUS current 341 DESCRIPTION 342 "A RADIUS server table entry. 343 344 Users can add/delete entries in this table using object 345 'crRadiusServerRowStatus'. 346 347 An entry cannot be created until following objects are 348 instantiated : 349 - crRadiusServerAddrType 350 - crRadiusServerAddr 351 352 Also, following objects cannot be modified when 353 'crRadiusServerRowStatus' is 'active' : 354 - crRadiusServerAddrType 355 - crRadiusServerAddr 356 357 To modify above objects, the entry must be deleted and 358 re-created with new values of above objects. 359 360 If 'crRadiusServerKey' is not instantiated or is a 361 zero-length string, then value of the object 362 'crRadiusAuthkey' is used as the key to communicate with the 363 corresponding RADIUS server." 364 INDEX { crRadiusServerIndex } 365 ::= { crRadiusServerTable 1 } 366 367CrRadiusServerEntry ::= SEQUENCE { 368 crRadiusServerIndex Unsigned32, 369 crRadiusServerAddrType InetAddressType, 370 crRadiusServerAddr InetAddress, 371 crRadiusServerAuthPort CiscoPort, 372 crRadiusServerAcctPort CiscoPort, 373 crRadiusServerKey CiscoRadiusAuthKey, 374 crRadiusServerType INTEGER, 375 crRadiusServerMode INTEGER, 376 crRadiusServerRowStatus RowStatus, 377 crRadiusServerRTTThldNorm CiscoRadiusRoundTripTimePercent, 378 crRadiusServerRTTThldHi CiscoRadiusRoundTripTimePercent, 379 crRadiusServerRetransThldNorm CiscoRadiusRetransPercent, 380 crRadiusServerRetransThldHi CiscoRadiusRetransPercent 381} 382 383crRadiusServerIndex OBJECT-TYPE 384 SYNTAX Unsigned32 (1..4294967295) 385 MAX-ACCESS not-accessible 386 STATUS current 387 DESCRIPTION 388 "An arbitrary integer value, greater than zero, and less than 389 and equal to crRadiusServerTableMaxEntries, which identifies 390 a RADIUS Server in this table. 391 The value of this object must be persistent across 392 reboots/reinitialization of the device." 393 ::= { crRadiusServerEntry 1 } 394 395crRadiusServerAddrType OBJECT-TYPE 396 SYNTAX InetAddressType 397 MAX-ACCESS read-create 398 STATUS current 399 DESCRIPTION 400 "The type of address of the RADIUS Server as specified by 401 object 'crRadiusServerAddr'." 402 DEFVAL { ipv4 } 403 ::= { crRadiusServerEntry 2 } 404 405crRadiusServerAddr OBJECT-TYPE 406 SYNTAX InetAddress 407 MAX-ACCESS read-create 408 STATUS current 409 DESCRIPTION 410 "The address of the RADIUS Server." 411 ::= { crRadiusServerEntry 3 } 412 413crRadiusServerAuthPort OBJECT-TYPE 414 SYNTAX CiscoPort 415 MAX-ACCESS read-create 416 STATUS current 417 DESCRIPTION 418 "This is the destination UDP port number to which RADIUS 419 authentication messages should be sent. The RADIUS server 420 will not be used for authentication if this port number is 421 0." 422 DEFVAL { 1812 } 423 ::= { crRadiusServerEntry 4 } 424 425crRadiusServerAcctPort OBJECT-TYPE 426 SYNTAX CiscoPort 427 MAX-ACCESS read-create 428 STATUS current 429 DESCRIPTION 430 "This is the destination UDP port number to which RADIUS 431 accounting messages should be sent." 432 DEFVAL { 1813 } 433 ::= { crRadiusServerEntry 5 } 434 435crRadiusServerKey OBJECT-TYPE 436 SYNTAX CiscoRadiusAuthKey 437 MAX-ACCESS read-create 438 STATUS current 439 DESCRIPTION 440 "The key used in encrypting the packets passed between the 441 RADIUS server and the client. This key must match the one 442 configured on the server. 443 444 A zero-length string is always returned when this object is 445 read. 446 447 Note that if this object is a zero length string, then 448 'crRadiusAuthKey' is used as the key for this server." 449 DEFVAL { '00000000'H } 450 ::= { crRadiusServerEntry 6 } 451 452crRadiusServerType OBJECT-TYPE 453 SYNTAX INTEGER { 454 other(1), 455 primary(2) 456 } 457 MAX-ACCESS read-create 458 STATUS current 459 DESCRIPTION 460 "Type of the RADIUS server. 461 other (1), - a lower priority server 462 primary (2) - the primary server which is tried first 463 by the RADIUS client." 464 DEFVAL { other } 465 ::= { crRadiusServerEntry 7 } 466 467crRadiusServerMode OBJECT-TYPE 468 SYNTAX INTEGER { 469 none(1), 470 authAndAcct(2), 471 authOnly(3), 472 acctOnly(4) 473 } 474 MAX-ACCESS read-create 475 STATUS current 476 DESCRIPTION 477 "Mode of the RADIUS server. 478 none (1) - neither authentication nor 479 accounting 480 authAndAcct (2) - both authentication and 481 accounting 482 authOnly (3) - only for authentication 483 acctOnly (4) - only for accounting." 484 DEFVAL { authAndAcct } 485 ::= { crRadiusServerEntry 8 } 486 487crRadiusServerRowStatus OBJECT-TYPE 488 SYNTAX RowStatus 489 MAX-ACCESS read-create 490 STATUS current 491 DESCRIPTION 492 "Status of this row." 493 ::= { crRadiusServerEntry 9 } 494 495crRadiusServerRTTThldNorm OBJECT-TYPE 496 SYNTAX CiscoRadiusRoundTripTimePercent 497 UNITS "percent" 498 MAX-ACCESS read-create 499 STATUS current 500 DESCRIPTION 501 "This object represents the normal threshold on the 502 round-trip time of RADIUS authentication messages. This is 503 measured as a percentage of configured round-trip time as per 504 RFC-2865. If the round-trip time is less than or equal to this 505 threshold, the agent generates the crRadiusServerRTTNormNotif 506 notification. The value configured through this object should 507 never be greater than that configured through 508 crRadiusServerRTTThldHi." 509 ::= { crRadiusServerEntry 10 } 510 511crRadiusServerRTTThldHi OBJECT-TYPE 512 SYNTAX CiscoRadiusRoundTripTimePercent 513 UNITS "percent" 514 MAX-ACCESS read-create 515 STATUS current 516 DESCRIPTION 517 "This object represents the high threshold on the round-trip 518 time of RADIUS authentication messages. This is measured as a 519 percentage of configured round-trip time as per RFC-2865. If the 520 round-trip time is greater than or equal to this threshold, the 521 agent generates the crRadiusServerRTTHiNotif notification. The 522 value configured through this object should never be smaller 523 than that configured through crRadiusServerRTTThldNorm." 524 ::= { crRadiusServerEntry 11 } 525 526crRadiusServerRetransThldNorm OBJECT-TYPE 527 SYNTAX CiscoRadiusRetransPercent 528 UNITS "percent" 529 MAX-ACCESS read-create 530 STATUS current 531 DESCRIPTION 532 "This object represents the normal threshold on the 533 retransmitted RADIUS authentication messages per session. This 534 is measured as a percentage of crRadiusRetransmits. If the 535 number of retransmits is less than or equal to this threshold, 536 the agent generates the crRadiusServerRetransNormNotif 537 notification. The value configured through this object should 538 never be greater than that configured through 539 crRadiusServerRetransThldHi." 540 ::= { crRadiusServerEntry 12 } 541 542crRadiusServerRetransThldHi OBJECT-TYPE 543 SYNTAX CiscoRadiusRetransPercent 544 UNITS "percent" 545 MAX-ACCESS read-create 546 STATUS current 547 DESCRIPTION 548 "This object represents the high threshold on the retransmitted 549 RADIUS authentication messages per session. This is measured as 550 a percentage of crRadiusRetransmits. If the number of 551 retransmits is greater than or equal to this threshold, the 552 agent generates the crRadiusServerRetransHiNotif notification. 553 The value configured through this object should never be smaller 554 than that configured through crRadiusServerRetransThldNorm." 555 ::= { crRadiusServerEntry 13 } 556 557 558 559crRadiusVlanAssignmentEnabled OBJECT-TYPE 560 SYNTAX TruthValue 561 MAX-ACCESS read-write 562 STATUS current 563 DESCRIPTION 564 "Specifies if VLANs will be assigned by RADIUS server 565 via the tunnel attribute during the authentication." 566 ::= { crRadiusVlanConfigGroup 1 } 567 568crVlanGroupTable OBJECT-TYPE 569 SYNTAX SEQUENCE OF CrVlanGroupEntry 570 MAX-ACCESS not-accessible 571 STATUS current 572 DESCRIPTION 573 "A table containing VLAN Group Mapping information for the 574 purpose of distributing users across multiple VLANs which 575 have the same group name." 576 ::= { crRadiusVlanConfigGroup 2 } 577 578crVlanGroupEntry OBJECT-TYPE 579 SYNTAX CrVlanGroupEntry 580 MAX-ACCESS not-accessible 581 STATUS current 582 DESCRIPTION 583 "An entry containing an VLAN Group Mapping information 584 applicable to a particular VLAN. Entries in this table can 585 be created or deleted using cpaeVlanGroupRowStatus object." 586 INDEX { crVlanGroupName } 587 ::= { crVlanGroupTable 1 } 588 589CrVlanGroupEntry ::= SEQUENCE { 590 crVlanGroupName SnmpAdminString, 591 crVlanGroupVlansLow OCTET STRING, 592 crVlanGroupVlansHigh OCTET STRING, 593 crVlanGroupRowStatus RowStatus 594} 595 596crVlanGroupName OBJECT-TYPE 597 SYNTAX SnmpAdminString 598 MAX-ACCESS not-accessible 599 STATUS current 600 DESCRIPTION 601 "Specifies the name of the VLAN group." 602 ::= { crVlanGroupEntry 1 } 603 604crVlanGroupVlansLow OBJECT-TYPE 605 SYNTAX OCTET STRING (SIZE (0..256)) 606 MAX-ACCESS read-create 607 STATUS current 608 DESCRIPTION 609 "A string of octets containing one bit per VLAN for VLANs 610 with VlanIndex value of 0 to 2047. 611 612 Each octet within this value specifies a set of eight 613 VLANs, with the first octet specifying VLANs 0 through 614 7, the second octet specifying VLANs 8 through 15, etc. 615 Within each octet, the most significant bit represents 616 the lowest numbered VLAN, and the least significant bit 617 represents the highest numbered VLAN. Thus, each VLAN 618 of the device is represented by a single bit within 619 the value of this object. If that bit has a value of 620 '1' then that VLAN is included in the group; the VLAN 621 is not mapped to the group if its bit has a value of 622 '0'." 623 ::= { crVlanGroupEntry 2 } 624 625crVlanGroupVlansHigh OBJECT-TYPE 626 SYNTAX OCTET STRING (SIZE (0..256)) 627 MAX-ACCESS read-create 628 STATUS current 629 DESCRIPTION 630 "A string of octets containing one bit per VLAN for VLANs 631 with VlanIndex value of 2048 to 4095. 632 633 Each octet within this value specifies a set of eight 634 VLANs, with the first octet specifying VLANs 2048 through 635 2055, the second octet specifying VLANs 2056 through 2063, 636 etc. Within each octet, the most significant bit represents 637 the lowest numbered VLAN, and the least significant bit 638 represents the highest numbered VLAN. Thus, each VLAN 639 of the device is represented by a single bit within 640 the value of this object. If that bit has a value of 641 '1' then that VLAN is included in the group; the VLAN 642 is not mapped to the group if its bit has a value of 643 '0'." 644 ::= { crVlanGroupEntry 3 } 645 646crVlanGroupRowStatus OBJECT-TYPE 647 SYNTAX RowStatus 648 MAX-ACCESS read-create 649 STATUS current 650 DESCRIPTION 651 "This object is used to manage the creation and deletion 652 of rows in this table. 653 654 The only way to create an entry is by setting the value 655 createAndGo(4), and the only way to delete an entry is by 656 setting the value destroy(6) to this object." 657 ::= { crVlanGroupEntry 4 } 658 659 660 661-- RADIUS keep-alive Group 662-- 663-- RADIUS keep-alive feature provides RADIUS tracking configuration. 664-- With RADIUS keep-alive feature enabled, a tracking message is sent to 665-- every configured RADIUS servers after every keep-alive timer to 666-- query the status of the servers. 667 668crRadiusKeepAliveEnabled OBJECT-TYPE 669 SYNTAX TruthValue 670 MAX-ACCESS read-write 671 STATUS current 672 DESCRIPTION 673 "Specifies whether RADIUS keep-alive feature is 674 enabled or not." 675 ::= { crRadiusKeepAliveConfig 1 } 676 677crRadiusKeepAliveInterval OBJECT-TYPE 678 SYNTAX Unsigned32 679 UNITS "seconds" 680 MAX-ACCESS read-write 681 STATUS current 682 DESCRIPTION 683 "Specifies the RADIUS keep-alive interval value. When the 684 object value of crRadiusKeepAliveEnabled is 'true', 685 a tracking message is sent to every configured RADIUS 686 server at the interval of crRadiusKeepAliveInterval to 687 query the status of the server." 688 ::= { crRadiusKeepAliveConfig 2 } 689 690crRadiusKeepAliveServerTable OBJECT-TYPE 691 SYNTAX SEQUENCE OF CrRadiusKeepAliveServerEntry 692 MAX-ACCESS not-accessible 693 STATUS current 694 DESCRIPTION 695 "This table contains the keep-alive information on 696 every RADIUS server configured on the system." 697 ::= { crRadiusKeepAliveConfig 3 } 698 699crRadiusKeepAliveServerEntry OBJECT-TYPE 700 SYNTAX CrRadiusKeepAliveServerEntry 701 MAX-ACCESS not-accessible 702 STATUS current 703 DESCRIPTION 704 "An entry containing keep-alive information of a 705 corresponding RADIUS server configured in 706 crRadiusServerTable." 707 INDEX { crRadiusServerIndex } 708 ::= { crRadiusKeepAliveServerTable 1 } 709 710CrRadiusKeepAliveServerEntry ::= SEQUENCE { 711 crRadiusKeepAliveServerStatus INTEGER 712} 713 714crRadiusKeepAliveServerStatus OBJECT-TYPE 715 SYNTAX INTEGER { 716 other(1), 717 init(2), 718 active(3), 719 checkup(4), 720 dead(5) 721 } 722 MAX-ACCESS read-only 723 STATUS current 724 DESCRIPTION 725 "Indicates the current keep-alive status of the RADIUS server. 726 727 other : none of the following. 728 init : the server is in init state. 729 active : the server is in active state. 730 checkup: the server is in checkup state. 731 dead : the server is in dead state. 732 733 This object is only instantiated when the corresponding 734 instance value of crRadiusServerRowStatus is 'active' and 735 the object value of crRadiusKeepAliveEnabled is 'true'." 736 ::= { crRadiusKeepAliveServerEntry 1 } 737 738 739 740crRadiusPortAutoInitialize OBJECT-TYPE 741 SYNTAX TruthValue 742 MAX-ACCESS read-write 743 STATUS current 744 DESCRIPTION 745 "Specifies whether a port's state machines will be re- 746 initialized if their state machines are in 'aaaFail' 747 when a RADIUS server becomes available." 748 ::= { crRadiusKeepAliveConfig 4 } 749 750crRadiusKeepAliveUserName OBJECT-TYPE 751 SYNTAX SnmpAdminString 752 MAX-ACCESS read-write 753 STATUS current 754 DESCRIPTION 755 "Specifies the user name used in keep-alive communication 756 with RADIUS server." 757 ::= { crRadiusKeepAliveConfig 5 } 758 759-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 760-- The RADIUS Server Notif Control Group 761-- 762-- This group of objects controls the sending of 763-- RADIUS Server Notifications 764-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 765 766crRadiusServerRTTNormNotifEnable OBJECT-TYPE 767 SYNTAX TruthValue 768 MAX-ACCESS read-write 769 STATUS current 770 DESCRIPTION 771 "This object is used to control the generation of 772 crRadiusServerRTTNormNotif notification. A value of 'true' 773 indicates that the notification will be generated when the 774 current server round-trip time is less than or equal to 775 crRadiusServerRTTThldNorm." 776 DEFVAL { false } 777 ::= { crRadiusServerNotifCntl 1 } 778 779crRadiusServerRTTHiNotifEnable OBJECT-TYPE 780 SYNTAX TruthValue 781 MAX-ACCESS read-write 782 STATUS current 783 DESCRIPTION 784 "This object is used to control the generation of 785 crRadiusServerRTTHiNotif notification. A value of 'true' 786 indicates that the notification will be generated when the 787 current server round-trip time is greater than or equal to 788 crRadiusServerRTTThldHi." 789 DEFVAL { false } 790 ::= { crRadiusServerNotifCntl 2 } 791 792crRadiusServerRetransNormNotifEnable OBJECT-TYPE 793 SYNTAX TruthValue 794 MAX-ACCESS read-write 795 STATUS current 796 DESCRIPTION 797 "This object is used to control the generation of 798 crRadiusServerRetransNormNotif notification. A value of 'true' 799 indicates that the notification will be generated when the 800 current number of server retransmissions are less than or 801 equal to crRadiusServerRetransThldNorm." 802 DEFVAL { false } 803 ::= { crRadiusServerNotifCntl 3 } 804 805crRadiusServerRetransHiNotifEnable OBJECT-TYPE 806 SYNTAX TruthValue 807 MAX-ACCESS read-write 808 STATUS current 809 DESCRIPTION 810 "This object is used to control the generation of 811 crRadiusServerRetransHiNotif notification. A value of 'true' 812 indicates that the notification will be generated when the 813 current number of server retransmissions are greater than or 814 equal to crRadiusServerRetransThldHi." 815 DEFVAL { false } 816 ::= { crRadiusServerNotifCntl 4 } 817 818crRadiusServerRTTNormNotif NOTIFICATION-TYPE 819 OBJECTS { 820 crRadiusServerRTTThldNorm, 821 crRadiusServerAddr, 822 crRadiusServerAuthPort 823 } 824 STATUS current 825 DESCRIPTION 826 "This notification indicates that the current server round-trip 827 time is less than or equal to crRadiusServerRTTThldNorm. Once 828 sent, this notification will be disarmed until the round-trip 829 time exceeds the value configured through 830 crRadiusServerRTTThldHi." 831 ::= { ciscoRadiusMIBNotifications 1 } 832 833crRadiusServerRTTHiNotif NOTIFICATION-TYPE 834 OBJECTS { 835 crRadiusServerRTTThldHi, 836 crRadiusServerAddr, 837 crRadiusServerAuthPort 838 } 839 STATUS current 840 DESCRIPTION 841 "This notification indicates that the current server round-trip 842 time is greater than or equal to crRadiusServerRTTThldHi. Once 843 sent, this notification will be disarmed until the round-trip 844 time falls below the value configured through 845 crRadiusServerRTTThldNorm." 846 ::= { ciscoRadiusMIBNotifications 2 } 847 848crRadiusServerRetransNormNotif NOTIFICATION-TYPE 849 OBJECTS { 850 crRadiusServerRetransThldNorm, 851 crRadiusServerAddr, 852 crRadiusServerAuthPort 853 } 854 STATUS current 855 DESCRIPTION 856 "This notification indicates that the current number of server 857 retransmissions are less than or equal to 858 crRadiusServerRetransThldNorm. Once sent, this notification will 859 be disarmed until the number of retransmissions exceed the value 860 configured through crRadiusServerRetransThldHi." 861 ::= { ciscoRadiusMIBNotifications 3 } 862 863crRadiusServerRetransHiNotif NOTIFICATION-TYPE 864 OBJECTS { 865 crRadiusServerRetransThldHi, 866 crRadiusServerAddr, 867 crRadiusServerAuthPort 868 } 869 STATUS current 870 DESCRIPTION 871 "This notification indicates that the current number of server 872 retransmissions are greater than or equal to 873 crRadiusServerRetransThldHi. Once sent, this notification will 874 be disarmed until the number of retransmissions falls below the 875 value configured through crRadiusServerRetransThldNorm." 876 ::= { ciscoRadiusMIBNotifications 4 } 877-- Conformance 878 879ciscoRadiusMIBCompliances OBJECT IDENTIFIER 880 ::= { ciscoRadiusMIBConformance 1 } 881 882ciscoRadiusMIBGroups OBJECT IDENTIFIER 883 ::= { ciscoRadiusMIBConformance 2 } 884 885 886ciscoRadiusMIBCompliance MODULE-COMPLIANCE 887 STATUS deprecated 888 DESCRIPTION 889 "The compliance statement for entities which implement the 890 CISCO-RADIUS-MIB." 891 MODULE -- this module 892 MANDATORY-GROUPS { crmConfigurationGroup } 893 894 OBJECT crRadiusTimeout 895 SYNTAX TimeIntervalSec (1..60) 896 DESCRIPTION 897 "Only the range 1-60 needs to be supported." 898 899 OBJECT crRadiusRetransmits 900 SYNTAX Unsigned32 (0..5) 901 DESCRIPTION 902 "Only the range 0-5 needs to be supported." 903 904 OBJECT crRadiusServerAddrType 905 SYNTAX INTEGER { 906 ipv4(1), 907 dns(16) 908 } 909 DESCRIPTION 910 "Only dns and ipv4 addresses are needed to be supported." 911 912 OBJECT crRadiusServerRowStatus 913 SYNTAX INTEGER { 914 active(1), 915 createAndGo(4), 916 destroy(6) 917 } 918 DESCRIPTION 919 "Only 'active', 'createAndGo' and 'destroy' are needed to be 920 supported." 921 922 OBJECT crRadiusDeadtime 923 MIN-ACCESS read-only 924 DESCRIPTION 925 "Only read-only access is needed to be implemented." 926 ::= { ciscoRadiusMIBCompliances 1 } 927 928ciscoRadiusMIBCompliance2 MODULE-COMPLIANCE 929 STATUS deprecated 930 DESCRIPTION 931 "The compliance statement for entities which implement the 932 CISCO-RADIUS-MIB." 933 MODULE -- this module 934 MANDATORY-GROUPS { crmConfigurationGroup } 935 936 GROUP crmAttributesGroup 937 DESCRIPTION 938 "This group is mandatory only in implementation 939 which support RADIUS attribute configuration." 940 941 GROUP crmKeepAliveGroup 942 DESCRIPTION 943 "This group is mandatory only for implementation 944 which supports RADIUS keep-alive feature." 945 946 GROUP crmAutoInitializeConfigGroup 947 DESCRIPTION 948 "This group is mandatory only for implementation 949 which supports RADIUS port auto initialization." 950 951 GROUP crmAttributesGroup2 952 DESCRIPTION 953 "This group is mandatory only in implementation 954 which support additional RADIUS attribute 955 configuration." 956 957 OBJECT crRadiusTimeout 958 SYNTAX TimeIntervalSec (1..60) 959 DESCRIPTION 960 "Only the range 1-60 needs to be supported." 961 962 OBJECT crRadiusRetransmits 963 SYNTAX Unsigned32 (0..5) 964 DESCRIPTION 965 "Only the range 0-5 needs to be supported." 966 967 OBJECT crRadiusServerAddrType 968 SYNTAX INTEGER { 969 ipv4(1), 970 dns(16) 971 } 972 DESCRIPTION 973 "Only dns and ipv4 addresses are needed to be supported." 974 975 OBJECT crRadiusServerRowStatus 976 SYNTAX INTEGER { 977 active(1), 978 createAndGo(4), 979 destroy(6) 980 } 981 DESCRIPTION 982 "Only 'active', 'createAndGo' and 'destroy' are needed to be 983 supported." 984 985 OBJECT crRadiusDeadtime 986 MIN-ACCESS read-only 987 DESCRIPTION 988 "Only read-only access is needed to be implemented." 989 ::= { ciscoRadiusMIBCompliances 2 } 990 991ciscoRadiusMIBCompliance3 MODULE-COMPLIANCE 992 STATUS deprecated 993 DESCRIPTION 994 "The compliance statement for entities which implement the 995 CISCO-RADIUS-MIB." 996 MODULE -- this module 997 MANDATORY-GROUPS { crmConfigurationGroup } 998 999 GROUP crmAttributesGroup 1000 DESCRIPTION 1001 "This group is mandatory only in implementation 1002 which supports RADIUS attribute configuration." 1003 1004 GROUP crmKeepAliveGroup 1005 DESCRIPTION 1006 "This group is mandatory only in implementation 1007 which supports RADIUS keep-alive feature." 1008 1009 GROUP crmAutoInitializeConfigGroup 1010 DESCRIPTION 1011 "This group is mandatory only in implementation 1012 which supports RADIUS port auto initialization." 1013 1014 GROUP crmAttributesGroup2 1015 DESCRIPTION 1016 "This group is mandatory only in implementation 1017 which supports additional RADIUS attribute 1018 configuration." 1019 1020 GROUP crmVlanConfigGroup 1021 DESCRIPTION 1022 "This group is mandatory only in implementation 1023 which supports RADIUS VLAN assignment configuration." 1024 1025 GROUP crmRadiusKeepAliveUserGroup 1026 DESCRIPTION 1027 "This group is mandatory only in implementation 1028 which supports RADIUS keep-alive user configuration." 1029 1030 OBJECT crRadiusTimeout 1031 SYNTAX TimeIntervalSec (1..60) 1032 DESCRIPTION 1033 "Only the range 1-60 needs to be supported." 1034 1035 OBJECT crRadiusRetransmits 1036 SYNTAX Unsigned32 (0..5) 1037 DESCRIPTION 1038 "Only the range 0-5 needs to be supported." 1039 1040 OBJECT crRadiusServerAddrType 1041 SYNTAX INTEGER { 1042 ipv4(1), 1043 dns(16) 1044 } 1045 DESCRIPTION 1046 "Only dns and ipv4 addresses are needed to be supported." 1047 1048 OBJECT crRadiusServerRowStatus 1049 SYNTAX INTEGER { 1050 active(1), 1051 createAndGo(4), 1052 destroy(6) 1053 } 1054 DESCRIPTION 1055 "Only 'active', 'createAndGo' and 'destroy' are needed to be 1056 supported." 1057 1058 OBJECT crRadiusDeadtime 1059 MIN-ACCESS read-only 1060 DESCRIPTION 1061 "Only read-only access is needed to be implemented." 1062 ::= { ciscoRadiusMIBCompliances 3 } 1063 1064ciscoRadiusMIBCompliance4 MODULE-COMPLIANCE 1065 STATUS current 1066 DESCRIPTION 1067 "The compliance statement for entities which implement the 1068 CISCO-RADIUS-MIB." 1069 MODULE -- this module 1070 MANDATORY-GROUPS { 1071 crmConfigurationGroup, 1072 crmConfigurationGroupSup1, 1073 crmRadiusServerNotifGroup, 1074 crmRadiusServerNotifCntlGroup 1075 } 1076 1077 GROUP crmAttributesGroup 1078 DESCRIPTION 1079 "This group is mandatory only in implementation 1080 which supports RADIUS attribute configuration." 1081 1082 GROUP crmKeepAliveGroup 1083 DESCRIPTION 1084 "This group is mandatory only in implementation 1085 which supports RADIUS keep-alive feature." 1086 1087 GROUP crmAutoInitializeConfigGroup 1088 DESCRIPTION 1089 "This group is mandatory only in implementation 1090 which supports RADIUS port auto initialization." 1091 1092 GROUP crmAttributesGroup2 1093 DESCRIPTION 1094 "This group is mandatory only in implementation 1095 which supports additional RADIUS attribute 1096 configuration." 1097 1098 GROUP crmVlanConfigGroup 1099 DESCRIPTION 1100 "This group is mandatory only in implementation 1101 which supports RADIUS VLAN assignment configuration." 1102 1103 GROUP crmRadiusKeepAliveUserGroup 1104 DESCRIPTION 1105 "This group is mandatory only in implementation 1106 which supports RADIUS keep-alive user configuration." 1107 1108 OBJECT crRadiusTimeout 1109 SYNTAX TimeIntervalSec (1..60) 1110 DESCRIPTION 1111 "Only the range 1-60 needs to be supported." 1112 1113 OBJECT crRadiusRetransmits 1114 SYNTAX Unsigned32 (0..5) 1115 DESCRIPTION 1116 "Only the range 0-5 needs to be supported." 1117 1118 OBJECT crRadiusServerAddrType 1119 SYNTAX INTEGER { 1120 ipv4(1), 1121 dns(16) 1122 } 1123 DESCRIPTION 1124 "Only dns and ipv4 addresses are needed to be supported." 1125 1126 OBJECT crRadiusServerRowStatus 1127 SYNTAX INTEGER { 1128 active(1), 1129 createAndGo(4), 1130 destroy(6) 1131 } 1132 DESCRIPTION 1133 "Only 'active', 'createAndGo' and 'destroy' are needed to be 1134 supported." 1135 1136 OBJECT crRadiusDeadtime 1137 MIN-ACCESS read-only 1138 DESCRIPTION 1139 "Only read-only access is needed to be implemented." 1140 ::= { ciscoRadiusMIBCompliances 4 } 1141 1142-- Units of Conformance 1143 1144crmConfigurationGroup OBJECT-GROUP 1145 OBJECTS { 1146 crRadiusLoginAuthentication, 1147 crRadiusAuthKey, 1148 crRadiusTimeout, 1149 crRadiusRetransmits, 1150 crRadiusDeadtime, 1151 crRadiusAccountingLogMaxSize, 1152 crRadiusAccountingMethod, 1153 crRadiusServerTableMaxEntries, 1154 crRadiusServerAddrType, 1155 crRadiusServerAddr, 1156 crRadiusServerAuthPort, 1157 crRadiusServerAcctPort, 1158 crRadiusServerKey, 1159 crRadiusServerType, 1160 crRadiusServerMode, 1161 crRadiusServerRowStatus 1162 } 1163 STATUS current 1164 DESCRIPTION 1165 "A collection of objects for RADIUS configuration." 1166 ::= { ciscoRadiusMIBGroups 1 } 1167 1168crmAttributesGroup OBJECT-GROUP 1169 OBJECTS { crRadiusFramedIpAddrIncluded } 1170 STATUS current 1171 DESCRIPTION 1172 "A collection of objects for RADIUS attributes 1173 configuration." 1174 ::= { ciscoRadiusMIBGroups 2 } 1175 1176crmVlanConfigGroup OBJECT-GROUP 1177 OBJECTS { 1178 crRadiusVlanAssignmentEnabled, 1179 crVlanGroupVlansLow, 1180 crVlanGroupVlansHigh, 1181 crVlanGroupRowStatus 1182 } 1183 STATUS current 1184 DESCRIPTION 1185 "A collection of objects for RADIUS Vlans assignment 1186 configuration." 1187 ::= { ciscoRadiusMIBGroups 3 } 1188 1189crmKeepAliveGroup OBJECT-GROUP 1190 OBJECTS { 1191 crRadiusKeepAliveEnabled, 1192 crRadiusKeepAliveInterval, 1193 crRadiusKeepAliveServerStatus 1194 } 1195 STATUS current 1196 DESCRIPTION 1197 "A collection of objects for RADIUS keep-alive 1198 information." 1199 ::= { ciscoRadiusMIBGroups 4 } 1200 1201crmAutoInitializeConfigGroup OBJECT-GROUP 1202 OBJECTS { crRadiusPortAutoInitialize } 1203 STATUS current 1204 DESCRIPTION 1205 "A collection of objects for RADIUS auto initialize 1206 configuration." 1207 ::= { ciscoRadiusMIBGroups 5 } 1208 1209crmAttributesGroup2 OBJECT-GROUP 1210 OBJECTS { crRadiusFramedMtu } 1211 STATUS current 1212 DESCRIPTION 1213 "A collection of additional objects for RADIUS 1214 attributes configuration." 1215 ::= { ciscoRadiusMIBGroups 6 } 1216 1217crmRadiusKeepAliveUserGroup OBJECT-GROUP 1218 OBJECTS { crRadiusKeepAliveUserName } 1219 STATUS current 1220 DESCRIPTION 1221 "A collection of objects for RADIUS keep-alive 1222 user configuration." 1223 ::= { ciscoRadiusMIBGroups 7 } 1224 1225crmRadiusServerNotifGroup NOTIFICATION-GROUP 1226 NOTIFICATIONS { 1227 crRadiusServerRTTNormNotif, 1228 crRadiusServerRTTHiNotif, 1229 crRadiusServerRetransNormNotif, 1230 crRadiusServerRetransHiNotif 1231 } 1232 STATUS current 1233 DESCRIPTION 1234 "This collection of notifications is used to monitor the 1235 responsiveness of the RADIUS server." 1236 ::= { ciscoRadiusMIBGroups 8 } 1237 1238crmConfigurationGroupSup1 OBJECT-GROUP 1239 OBJECTS { 1240 crRadiusServerRTTThldNorm, 1241 crRadiusServerRTTThldHi, 1242 crRadiusServerRetransThldNorm, 1243 crRadiusServerRetransThldHi 1244 } 1245 STATUS current 1246 DESCRIPTION 1247 "This group supplements crmConfigurationGroup, to 1248 configure the thresholds on the round-trip times and 1249 retransmission counts." 1250 ::= { ciscoRadiusMIBGroups 9 } 1251 1252crmRadiusServerNotifCntlGroup OBJECT-GROUP 1253 OBJECTS { 1254 crRadiusServerRTTNormNotifEnable, 1255 crRadiusServerRTTHiNotifEnable, 1256 crRadiusServerRetransNormNotifEnable, 1257 crRadiusServerRetransHiNotifEnable 1258 } 1259 STATUS current 1260 DESCRIPTION 1261 "This collection of objects control the generation of 1262 notifications related to RADIUS server." 1263 ::= { ciscoRadiusMIBGroups 10 } 1264 1265END 1266