CADANT-AAA-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Integer32, Unsigned32, Counter32, TimeTicks, IpAddress FROM SNMPv2-SMI TEXTUAL-CONVENTION, TruthValue, RowStatus, DisplayString FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF SnmpAdminString FROM SNMP-FRAMEWORK-MIB InetAddressIPv4or6, AAAmethod, AccountingType, LineType, SshService, SshAuthMethod, SshCipher, SshMacAlg, SshCipherType, SshProtocol, SshKeyExchangeMethod, SshKeyType FROM CADANT-TC cadAuthentication FROM CADANT-PRODUCTS-MIB; cadAAA MODULE-IDENTITY LAST-UPDATED "201509300000Z" -- September 30, 2015 ORGANIZATION "Arris International Inc." CONTACT-INFO " Customer Support Postal: Arris International Inc. 4343 Commerce Court Lisle, IL 60532 Phone: +1 630 281 3000 Email: support@cadant.com" DESCRIPTION "The MIB module describes the proprietary AAA configuration parameters used to support authentication and authorization in the C4." REVISION "201509300000Z" -- September 30, 2015 DESCRIPTION "Import SshKeyExchangeMethod and SshKeyType." REVISION "201508200000Z" -- August 20, 2015 DESCRIPTION "Fix legal range for cadSshPort and cadSshMax Clients. Change cadSshServerKeyType and cadSshKeyExhange from read-write to read-only." REVISION "201507160000Z" -- Jul 16, 2015 DESCRIPTION "Expand PemKey to 2800 max octets. Add cadSshServerKeyType and cadSshKeyExhange. Remove unused cadSshTelnetEnabled and cadSshFtpEnabled." REVISION "201310220000Z" -- October 22, 2013 DESCRIPTION "Add RADIUS support." REVISION "200910090000Z" -- October 9, 2009 DESCRIPTION "Remove RADIUS support." REVISION "200509230000Z" DESCRIPTION "Updated cadSshSessionEntry" REVISION "200506090000Z" DESCRIPTION "Modify the range value for cadAuthGroup and cadAuthorizationGroup." REVISION "200411300000Z" DESCRIPTION "Added cadSshPasswordAuthRequired, cadSshPublicKeyAuthRequired, cadSshPublicKeyAuthFirst, and cadSshMaxAuthFailures." REVISION "200408270000Z" DESCRIPTION "Added back the cmd node for backward compatability." REVISION "200408190000Z" DESCRIPTION "Moved cadCLIcommandPrivilegeLevelTable from cadAAA.12 to cadAAA.14, since index has changed from type CmdNode to DisplayString." REVISION "200407200000Z" DESCRIPTION "Added cadSshPortForwardingEnabled." REVISION "200402240000Z" DESCRIPTION "Changed type for cadGroupPort from INTEGER to Integer32." REVISION "200402180000Z" DESCRIPTION "Added server port to the server group table." REVISION "200308220000Z" DESCRIPTION "Added command privilege level to the line table." REVISION "200308200000Z" DESCRIPTION "Added accounting type to the line table." REVISION "200308150000Z" DESCRIPTION "Added accounting method list table." REVISION "200308010000Z" DESCRIPTION "Add attribute to store original privilege level." REVISION "200307160000Z" DESCRIPTION "Allow zero length TACACS+ key." REVISION "200306130000Z" DESCRIPTION "Increased the length of user ids and passwords to 64." REVISION "200305150000Z" DESCRIPTION "Added table of CLI commands to privilege level mapping." REVISION "200305080000Z" DESCRIPTION "Added RowStatus to table of enable passwords." REVISION "200305070000Z" DESCRIPTION "Enable passwords are now stored in a table indexed by privilege level." REVISION "200304010000Z" DESCRIPTION "Add Authorization MIB." REVISION "200303140000Z" DESCRIPTION "Add TACACS+ MIB." REVISION "200210160000Z" DESCRIPTION "Add ciphers to SSH configuration." REVISION "200208300000Z" DESCRIPTION "Reduced size of 'name' type objects to 16." REVISION "200208210000Z" DESCRIPTION "Change radius key length." REVISION "200207250000Z" DESCRIPTION "Add support for SSH sessions and status tables." ::= { cadAuthentication 1 } -- -- Textual conventions -- PemKey ::= TEXTUAL-CONVENTION DISPLAY-HINT "2800a" STATUS current DESCRIPTION " An rsa/dsa digital key in PEM format." SYNTAX OCTET STRING (SIZE(0..2800)) CmdNode ::= TEXTUAL-CONVENTION DISPLAY-HINT "1x:" STATUS current DESCRIPTION " Address of the command node associated with the CLI command" SYNTAX OCTET STRING (SIZE(4)) -- -- The line is the basic AAA configuration object in the system -- cadLineTable OBJECT-TYPE SYNTAX SEQUENCE OF CadLineEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table reflects the AAA configuration for each line (vty or console) in the system." ::= { cadAAA 2 } cadLineEntry OBJECT-TYPE SYNTAX CadLineEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { cadLineIndex } ::= { cadLineTable 1 } CadLineEntry ::= SEQUENCE { cadLineIndex Integer32, cadLineType LineType, cadLineEnabled TruthValue, cadLineSessionTimeout Integer32, cadLineIdleTimeout Integer32, cadLinePagination Integer32, cadLineBaud Integer32, cadLinePassword OCTET STRING, cadLineLoginAuthMethodList SnmpAdminString, cadLineEnableAuthMethodList SnmpAdminString, cadLineAuthorMethodList SnmpAdminString, cadLineShellAccountingMethodList SnmpAdminString, cadLineCommandAccountingMethodList SnmpAdminString, cadLineShellAccountingType AccountingType, cadLineCommandAccountingType AccountingType, cadLineCommandAccountingPrivilegeLevel Integer32 } cadLineIndex OBJECT-TYPE SYNTAX Integer32 (1..19) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The line index corresponding to a console or vty line. These are preallocated by the system at startup." ::= { cadLineEntry 1 } cadLineType OBJECT-TYPE SYNTAX LineType MAX-ACCESS read-only STATUS current DESCRIPTION "The type (vty or console) of the access line." DEFVAL { vty } ::= { cadLineEntry 2 } cadLineEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The status of the line. When enabled, the line is available for access to the C4." DEFVAL { false } ::= { cadLineEntry 3 } cadLineSessionTimeout OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Session length in seconds. The C4 automatically terminates the the session when this interval expires. A value of zero indicates no timeout." DEFVAL { 0 } ::= { cadLineEntry 4 } cadLineIdleTimeout OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Maximum idle time in seconds. The C4 automatically terminates the session if no I/O activity occurs within this interval. A value of zero indicates no timeout." DEFVAL { 0 } ::= { cadLineEntry 5 } cadLinePagination OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of lines of consecutive output to display before pausing and prompting the user. A value of zero indicates no pagination." DEFVAL { 0 } ::= { cadLineEntry 6 } cadLineBaud OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Baud rate in bits per second. This is applicable to console lines only and is saved in the eeprom." DEFVAL { 9600 } ::= { cadLineEntry 7 } cadLinePassword OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..64)) MAX-ACCESS read-only STATUS current DESCRIPTION "The (encrypted) password associated with this line if line-based authentication is active. This is the line password." ::= { cadLineEntry 8 } cadLineLoginAuthMethodList OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(0..16)) MAX-ACCESS read-only STATUS current DESCRIPTION "The authentication methods used in allowing login access on this line. This is a partial index into the cadAuthMethodTable. An empty string indicates no authentication is possible and effectively disables the line." DEFVAL { ''H } ::= { cadLineEntry 9 } cadLineEnableAuthMethodList OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(0..16)) MAX-ACCESS read-only STATUS current DESCRIPTION "The authentication methods used in allowing enable access on this line. This is a partial index into the cadAuthMethodTable. An empty string indicates no authentication is possible and effectively disables the line." DEFVAL { ''H } ::= { cadLineEntry 10 } cadLineAuthorMethodList OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(0..16)) MAX-ACCESS read-only STATUS current DESCRIPTION "The authorization methods used in allowing different privledge levels on this line. This is a partial index into the cadAuthorMethodTable. An empty string indicates no authorization is possible, in that case, authorization is equivalent to authentication." DEFVAL { ''H } ::= { cadLineEntry 11 } cadLineShellAccountingMethodList OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(0..16)) MAX-ACCESS read-only STATUS current DESCRIPTION "The method list used for shell accounting. An empty string indicates no command accounting is possible." DEFVAL { ''H } ::= { cadLineEntry 12 } cadLineCommandAccountingMethodList OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(0..16)) MAX-ACCESS read-only STATUS current DESCRIPTION "The method list used for command accounting. Accounting will be done only for commands whose privilege level is greater than or equal to cadLineCommandAccountingPrivilegeLevel. An empty string indicates no command accounting is possible." DEFVAL { ''H } ::= { cadLineEntry 13 } cadLineShellAccountingType OBJECT-TYPE SYNTAX AccountingType MAX-ACCESS read-only STATUS current DESCRIPTION "Accounting type for shell accounting. The accounting type is used to decide whether accounting records are sent at the initiation and termination of a session or only at the termination of a session." DEFVAL { start-stop } ::= { cadLineEntry 14 } cadLineCommandAccountingType OBJECT-TYPE SYNTAX AccountingType MAX-ACCESS read-only STATUS current DESCRIPTION "Accounting type for command accounting. The accounting type is used to decide whether accounting records are sent at the initiation and termination of a command or only at the termination of a command." DEFVAL { stop-only } ::= { cadLineEntry 15 } cadLineCommandAccountingPrivilegeLevel OBJECT-TYPE SYNTAX Integer32 (0..15) MAX-ACCESS read-only STATUS current DESCRIPTION "When command accounting is enabled, accounting records will be sent only for commands whose privilege level is greater than or equal to cadLineCommandAccountingPrivilegeLevel." DEFVAL { 0 } ::= { cadLineEntry 16 } -- -- -- Authorization Method table -- cadAuthorizationMethodTable OBJECT-TYPE SYNTAX SEQUENCE OF CadAuthorizationMethodEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of methods which are used in determining the type and sequence of authorization." ::= { cadAAA 3 } cadAuthorizationMethodEntry OBJECT-TYPE SYNTAX CadAuthorizationMethodEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row describes a single AAA method. Order is used in determining the sequence in which the methods are applied." INDEX { cadAuthorizationListName, cadAuthorizationListIndex } ::= { cadAuthorizationMethodTable 1 } CadAuthorizationMethodEntry ::= SEQUENCE { cadAuthorizationListName SnmpAdminString, cadAuthorizationListIndex Integer32, cadAuthorizationType AAAmethod, cadAuthorizationGroup SnmpAdminString, cadAuthorizationRowStatus RowStatus } cadAuthorizationListName OBJECT-TYPE SYNTAX SnmpAdminString(SIZE(1..16)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The name of the authorization method list. Each list can have a number of different authorization methods that are tried in order to authorize the command." ::= { cadAuthorizationMethodEntry 1 } cadAuthorizationListIndex OBJECT-TYPE SYNTAX Integer32 (0|1..32) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The order in the authorization sequence when this method is used. A value of zero allows the snmp agent to choose the next hightest available index that preserves the list order." ::= { cadAuthorizationMethodEntry 2 } cadAuthorizationType OBJECT-TYPE SYNTAX AAAmethod MAX-ACCESS read-only STATUS current DESCRIPTION "" ::= { cadAuthorizationMethodEntry 3 } cadAuthorizationGroup OBJECT-TYPE SYNTAX SnmpAdminString(SIZE(0..16)) MAX-ACCESS read-only STATUS current DESCRIPTION "The name of the group used in TACACS+ method. The default names of 'tac_default' represent the entire set of defined TACACS+ servers." ::= { cadAuthorizationMethodEntry 4 } cadAuthorizationRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-only STATUS current DESCRIPTION "" ::= { cadAuthorizationMethodEntry 5 } -- -- Authentication Method table -- cadAuthMethodTable OBJECT-TYPE SYNTAX SEQUENCE OF CadAuthMethodEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of methods which are used in determining the type and sequence of authentication." ::= { cadAAA 4 } cadAuthMethodEntry OBJECT-TYPE SYNTAX CadAuthMethodEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row describes a single AAA method. Order is used in determining the sequence in which the methods are applied." INDEX { cadAuthListName, cadAuthListIndex } ::= { cadAuthMethodTable 1 } CadAuthMethodEntry ::= SEQUENCE { cadAuthListName SnmpAdminString, cadAuthListIndex Integer32, cadAuthType AAAmethod, cadAuthGroup SnmpAdminString, cadAuthRowStatus RowStatus } cadAuthListName OBJECT-TYPE SYNTAX SnmpAdminString(SIZE(1..16)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The name of the authentication method list. Each list can have a number of different authentication methods that are tried in order to authenticate the user." ::= { cadAuthMethodEntry 1 } cadAuthListIndex OBJECT-TYPE SYNTAX Integer32 (0|1..32) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The order in the authentication sequence when this method is used. A value of zero allows the snmp agent to choose the next hightest available index that preserves the list order." ::= { cadAuthMethodEntry 2 } cadAuthType OBJECT-TYPE SYNTAX AAAmethod MAX-ACCESS read-only STATUS current DESCRIPTION "" ::= { cadAuthMethodEntry 3 } cadAuthGroup OBJECT-TYPE SYNTAX SnmpAdminString(SIZE(0..16)) MAX-ACCESS read-only STATUS current DESCRIPTION "The name of the group used in RADIUS/TACACS+ methods. The default names of 'default' and 'tac_default' represent the entire set of defined RADIUS and TACACS+ servers respectively." ::= { cadAuthMethodEntry 4 } cadAuthRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-only STATUS current DESCRIPTION "" ::= { cadAuthMethodEntry 5 } -- -- Accountinvg Method table -- cadAccountingMethodTable OBJECT-TYPE SYNTAX SEQUENCE OF CadAccountingMethodEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of methods which are used in determining the type and sequence of accounting." ::= { cadAAA 5 } cadAccountingMethodEntry OBJECT-TYPE SYNTAX CadAccountingMethodEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row describes a single AAA method. Order is used in determining the sequence in which the methods are applied." INDEX { cadAccountingListName, cadAccountingListIndex } ::= { cadAccountingMethodTable 1 } CadAccountingMethodEntry ::= SEQUENCE { cadAccountingListName SnmpAdminString, cadAccountingListIndex Integer32, cadAccountingType AAAmethod, cadAccountingGroup SnmpAdminString, cadAccountingRowStatus RowStatus } cadAccountingListName OBJECT-TYPE SYNTAX SnmpAdminString(SIZE(1..16)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The name of the accounting method list. Each list can have a number of different accounting methods that are tried in order to authorize the command." ::= { cadAccountingMethodEntry 1 } cadAccountingListIndex OBJECT-TYPE SYNTAX Integer32 (0|1..32) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The order in the accounting sequence when this method is used. A value of zero allows the snmp agent to choose the next hightest available index that preserves the list order." ::= { cadAccountingMethodEntry 2 } cadAccountingType OBJECT-TYPE SYNTAX AAAmethod MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { cadAccountingMethodEntry 3 } cadAccountingGroup OBJECT-TYPE SYNTAX SnmpAdminString(SIZE(1..16)) MAX-ACCESS read-only STATUS current DESCRIPTION "The name of the group used in TACACS+ method. The default names of 'tac_default' represent the entire set of defined TACACS+ servers." ::= { cadAccountingMethodEntry 4 } cadAccountingRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-only STATUS current DESCRIPTION "" ::= { cadAccountingMethodEntry 5 } -- -- The AAA Server Group Table -- cadServerGroupTable OBJECT-TYPE SYNTAX SEQUENCE OF CadServerGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" ::= { cadAAA 6 } cadServerGroupEntry OBJECT-TYPE SYNTAX CadServerGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This is the cross-reference table linking server group names used in authentication lists to the ordered set of individual servers." INDEX { cadGroupName, cadGroupIndex } ::= { cadServerGroupTable 1 } CadServerGroupEntry ::= SEQUENCE { cadGroupName SnmpAdminString, cadGroupIndex Integer32, cadGroupType INTEGER, cadGroupIpAddress InetAddressIPv4or6, cadGroupPort Integer32, cadGroupRowStatus RowStatus } cadGroupName OBJECT-TYPE SYNTAX SnmpAdminString(SIZE(1..16)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Server Group name. The group name 'radius' includes all defined radius servers on the C4." ::= { cadServerGroupEntry 1 } cadGroupIndex OBJECT-TYPE SYNTAX Integer32 (0|1..32) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Orders the group based on the order in which the servers were defined. A value of zero allows the snmp agent to choose the next largest available index that preserves the list order." ::= { cadServerGroupEntry 2 } cadGroupType OBJECT-TYPE SYNTAX INTEGER { radius(1), tacacs(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Orders the group based on the order in which the servers were defined." DEFVAL { radius } ::= { cadServerGroupEntry 3 } cadGroupIpAddress OBJECT-TYPE SYNTAX InetAddressIPv4or6 MAX-ACCESS read-only STATUS current DESCRIPTION "Ip address of the AAA server." ::= { cadServerGroupEntry 4 } cadGroupPort OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Port number of the AAA server." ::= { cadServerGroupEntry 5 } cadGroupRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-only STATUS current DESCRIPTION "" ::= { cadServerGroupEntry 6 } -- -- RADIUS Server table -- cadRadiusTable OBJECT-TYPE SYNTAX SEQUENCE OF CadRadiusEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table defines the configuration parameters of the RADIUS servers used for authentication by the C4." ::= { cadAAA 7 } cadRadiusEntry OBJECT-TYPE SYNTAX CadRadiusEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { cadRadiusIpAddress } ::= { cadRadiusTable 1 } CadRadiusEntry ::= SEQUENCE { cadRadiusIpAddress InetAddressIPv4or6, cadRadiusAuthPort Integer32, cadRadiusAcctPort Integer32, cadRadiusTimeout Integer32, cadRadiusRetrans Integer32, cadRadiusKey OCTET STRING, cadRadiusAuthServerIndex Integer32, cadRadiusRowStatus RowStatus } cadRadiusIpAddress OBJECT-TYPE SYNTAX InetAddressIPv4or6 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IP address of the radius server host." ::= { cadRadiusEntry 1 } cadRadiusAuthPort OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The UDP port to use for RADIUS authentication." DEFVAL { 1812 } ::= { cadRadiusEntry 2 } cadRadiusAcctPort OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The UDP port to use for RADIUS accounting records." DEFVAL { 1813 } ::= { cadRadiusEntry 3 } cadRadiusTimeout OBJECT-TYPE SYNTAX Integer32 (0..1500) MAX-ACCESS read-only STATUS current DESCRIPTION "Time in seconds to wait between retransmissions of a RADIUS request." DEFVAL { 3 } ::= { cadRadiusEntry 4 } cadRadiusRetrans OBJECT-TYPE SYNTAX Integer32 (0..15) MAX-ACCESS read-only STATUS current DESCRIPTION "The number of retransmissions before declaring a RADIUS server dead." DEFVAL { 5 } ::= { cadRadiusEntry 5 } cadRadiusKey OBJECT-TYPE SYNTAX OCTET STRING(SIZE(1..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "The shared secret used between the C4 and the RADIUS server." ::= { cadRadiusEntry 7 } cadRadiusAuthServerIndex OBJECT-TYPE SYNTAX Integer32(1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The index in the radiusAuthServerEntry table corresponding to this radius host." ::= { cadRadiusEntry 8 } cadRadiusRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-only STATUS current DESCRIPTION "" ::= { cadRadiusEntry 9 } -- -- TACACS+ Server table -- cadTacacsTable OBJECT-TYPE SYNTAX SEQUENCE OF CadTacacsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table defines the configuration parameters of the TACACS+ servers used by the C4." ::= { cadAAA 8 } cadTacacsEntry OBJECT-TYPE SYNTAX CadTacacsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { cadTacacsIpAddress } ::= { cadTacacsTable 1 } CadTacacsEntry ::= SEQUENCE { cadTacacsIpAddress InetAddressIPv4or6, cadTacacsPort Integer32, cadTacacsTimeout Integer32, cadTacacsKey OCTET STRING, cadTacacsSingleConnect TruthValue, cadTacacsServerIndex Integer32, cadTacacsRowStatus RowStatus } cadTacacsIpAddress OBJECT-TYPE SYNTAX InetAddressIPv4or6 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IP address of the TACACS+ server host." ::= { cadTacacsEntry 1 } cadTacacsPort OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The TCP port to use for TACACS+ authentication." DEFVAL { 49 } ::= { cadTacacsEntry 2 } cadTacacsTimeout OBJECT-TYPE SYNTAX Integer32 (0..1500) MAX-ACCESS read-only STATUS current DESCRIPTION "Time in seconds before TCP times out." DEFVAL { 3 } ::= { cadTacacsEntry 3 } cadTacacsKey OBJECT-TYPE SYNTAX OCTET STRING(SIZE(0..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "The shared secret used between the C4 and the TACACS+ server." ::= { cadTacacsEntry 4 } cadTacacsSingleConnect OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates whether this TACACS+ server will support multiplexing of multiple sessions over a single TCP connection." DEFVAL { false } ::= { cadTacacsEntry 5 } cadTacacsServerIndex OBJECT-TYPE SYNTAX Integer32(1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The index in the tacacsServerEntry table corresponding to this tacacs host." ::= { cadTacacsEntry 6 } cadTacacsRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-only STATUS current DESCRIPTION "" ::= { cadTacacsEntry 7 } -- -- SSH daemon parameters -- cadSshConfig OBJECT IDENTIFIER ::= { cadAAA 9 } cadSshEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The current adminstative status of the SSH server. True implies the SSH server is active." DEFVAL { false } ::= { cadSshConfig 1 } cadSshPort OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "Port on which the SSH server listens." DEFVAL { 22 } ::= { cadSshConfig 2 } cadSshSessionIdleTimeout OBJECT-TYPE SYNTAX Integer32 (0..12000) MAX-ACCESS read-only STATUS current DESCRIPTION "Seconds the SSH server will allow an established connection to remain idle connection before terminating it. 0 implies an unlimited idle timeout." DEFVAL { 0 } ::= { cadSshConfig 3 } cadSshMaxClients OBJECT-TYPE SYNTAX Integer32 (0..20) MAX-ACCESS read-only STATUS current DESCRIPTION "Maximum number of active SSH clients allowed by the SSH server. 0 implies the upper range of 20." DEFVAL { 0 } ::= { cadSshConfig 4 } cadSshPasswordAuthEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "True means that password authentication is allowed by the SSH server. False implies that public key authentication must be allowed. Setting this object fo false(2) will automatically cause cadSshPasswordAuthRequired to be set to false(2)." DEFVAL { true } ::= { cadSshConfig 5 } cadSshPublicKeyAuthEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "When true, the SSH server will allow clients to authenticate using a digital signature. If false, password authentication must be allowed. Setting this object to false(2) will automatically cause cadSshPublicKeyAuthRequired and cadSshPublicKeyAuthFirst to be set to false(2)." DEFVAL { true } ::= { cadSshConfig 6 } cadSshCliLoginEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "When true, the SSH server will allow clients to login into the CLI." DEFVAL { true } ::= { cadSshConfig 7 } cadSshSecureFtpEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "When true, the SSH server will allow clients to establish secure ftp sessions." DEFVAL { true } ::= { cadSshConfig 8 } cadSshPublicKey OBJECT-TYPE SYNTAX PemKey MAX-ACCESS read-only STATUS current DESCRIPTION "The SSH server's public key." ::= { cadSshConfig 11 } cadSshPrivateKey OBJECT-TYPE SYNTAX PemKey MAX-ACCESS read-only STATUS current DESCRIPTION "The SSH server private key" ::= { cadSshConfig 12 } cadSshCiphers OBJECT-TYPE SYNTAX SshCipher MAX-ACCESS read-only STATUS current DESCRIPTION "SSH message encryption ciphers" DEFVAL { '7C'H } -- arcfour, blowfish, 3des, cast, and aes are enabled ::= { cadSshConfig 13 } cadSshPortForwardingEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Set this object to true(1) if SSH port forwarding is to be enabled. Otherwise, this object should be false(2) if SSH port forwarding is disabled." DEFVAL { false } ::= { cadSshConfig 14 } cadSshPasswordAuthRequired OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "If cadSshPasswordAuthEnabled is set to true(1), then setting cadSshPasswordAuthRequired to true(1) instructs the SSH server to require password authentication from connecting clients. If cadSshPasswordAuthEnabled is set to true(1) and this object it set to false(2), then password authentication may not be necessary as long as cadSshPublicAuthEnabled is set to true(1). Otherwise, if cadSshPasswordAuthEnabled is set to false(2), any attempt to set cadSshPasswordAuthRequired to true(1) will be rejected." DEFVAL { false } -- password authentication not required ::= { cadSshConfig 15 } cadSshPublicKeyAuthRequired OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "If cadSshPublicKeyAuthEnabled is set to true(1), then setting cadSshPublicKeyAuthRequired to true(1) instructs the SSH server to require public key authentication from connecting clients. If cadSshPublicKeyAuthRequired is set to true(1) and this object it set to false(2), then public key authentication may not be necessary as long as cadSshPasswordAuthEnabled is set to true(1). Otherwise, if cadSshPublicKeyAuthEnabled is set to false(2), any attempt to set cadSshPublicKeyAuthRequired to true(1) will be rejected. Setting this object to false(2) will automatically cause cadSshPublicKeyAuthFirst to be set to false(2)." DEFVAL { false } -- public key authentication not required ::= { cadSshConfig 16 } cadSshPublicKeyAuthFirst OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "If both cadSshPublicKeyAuthEnabled and cadSshPublicKeyAuthRequired are set to true(1), then this object may set to true(1). Otherwise, attempts to set this object to true(1) will fail. If set to true(1) and cadSshPasswordAuthRequired is set to true, then the SSH server will required public key authentication to preceed password authentication." DEFVAL { false } -- public key auth not required to be before password auth ::= { cadSshConfig 17 } cadSshMaxAuthFailures OBJECT-TYPE SYNTAX Unsigned32 (0..64) MAX-ACCESS read-only STATUS current DESCRIPTION "The SSH server will reject clients who fail to authorize after this many attempts." DEFVAL { 3 } -- SSH server will reject after the 3rd failure ::= { cadSshConfig 18 } cadSshServerKeyType OBJECT-TYPE SYNTAX SshKeyType MAX-ACCESS read-only STATUS current DESCRIPTION "The SSH server key type (DSA-1024 or RSA-2048)." DEFVAL { unknown } ::= { cadSshConfig 19 } cadSshKeyExchange OBJECT-TYPE SYNTAX SshKeyExchangeMethod MAX-ACCESS read-only STATUS current DESCRIPTION "The SSH server key exhange method." DEFVAL { '80'H } -- dh-gr1-sha1 enabled ::= { cadSshConfig 20 } -- -- Local Password File -- cadPasswordTable OBJECT-TYPE SYNTAX SEQUENCE OF CadPasswordEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table reflects the local user passwords defined for the C4." ::= { cadAAA 10 } cadPasswordEntry OBJECT-TYPE SYNTAX CadPasswordEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { cadPassUser } ::= { cadPasswordTable 1 } CadPasswordEntry ::= SEQUENCE { cadPassUser SnmpAdminString, cadPassPassword OCTET STRING, cadPassAuthLevel INTEGER, cadPassPublicKey PemKey, cadPassRowStatus RowStatus } cadPassUser OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..64)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Local user name defined on the C4." ::= { cadPasswordEntry 1 } cadPassPassword OBJECT-TYPE SYNTAX OCTET STRING(SIZE(0..64)) MAX-ACCESS read-only STATUS current DESCRIPTION "Encrypted password for local user defined on the C4." ::= { cadPasswordEntry 2 } cadPassAuthLevel OBJECT-TYPE SYNTAX INTEGER { priviledged(1), normal(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Authorization level for this user account." DEFVAL { normal } ::= { cadPasswordEntry 3 } cadPassPublicKey OBJECT-TYPE SYNTAX PemKey MAX-ACCESS read-only STATUS current DESCRIPTION "User's public key for use by SSH" ::= { cadPasswordEntry 4 } cadPassRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-only STATUS current DESCRIPTION "" ::= { cadPasswordEntry 5 } -- -- CMTS global enable passwords -- cadEnablePasswordTable OBJECT-TYPE SYNTAX SEQUENCE OF CadEnablePasswordEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table reflects the local enable passwords defined for various privilege levels." ::= { cadAAA 11 } cadEnablePasswordEntry OBJECT-TYPE SYNTAX CadEnablePasswordEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { cadPrivilegeLevel } ::= { cadEnablePasswordTable 1 } CadEnablePasswordEntry ::= SEQUENCE { cadPrivilegeLevel INTEGER, cadEnablePassword OCTET STRING, cadEnablePasswordRowStatus RowStatus } cadPrivilegeLevel OBJECT-TYPE SYNTAX INTEGER(0..15) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Privilege level." ::= { cadEnablePasswordEntry 1 } cadEnablePassword OBJECT-TYPE SYNTAX OCTET STRING(SIZE(0..64)) MAX-ACCESS read-only STATUS current DESCRIPTION "Encrypted enable password associated with the privilege level." ::= { cadEnablePasswordEntry 2 } cadEnablePasswordRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-only STATUS current DESCRIPTION "" ::= { cadEnablePasswordEntry 3 } -- Keeping the OID and name from a previous definition reserved cadCLIcommandPrivilegeLevelTable OBJECT IDENTIFIER ::= { cadAAA 12 } -- -- CMTS CLI command <-> privilege level mapping -- cadCLIcommandPrivilegeTable OBJECT-TYPE SYNTAX SEQUENCE OF CadCLIcommandPrivilegeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table reflects the mapping of CLI commands to privilege levels." ::= { cadAAA 14 } cadCLIcommandPrivilegeEntry OBJECT-TYPE SYNTAX CadCLIcommandPrivilegeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { cadCLIcommandPrivilegeCommand } ::= { cadCLIcommandPrivilegeTable 1 } CadCLIcommandPrivilegeEntry ::= SEQUENCE { cadCLIcommandPrivilegeNodeAddr CmdNode, cadCLIcommandPrivilegeCommand DisplayString, cadCLIcommandPrivilegeOriginalLevel INTEGER, cadCLIcommandPrivilegeNewLevel INTEGER, cadCLIcommandPrivilegeRowStatus RowStatus } cadCLIcommandPrivilegeNodeAddr OBJECT-TYPE SYNTAX CmdNode MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "Address of the command node that uniquely identifies a CLI command." ::= { cadCLIcommandPrivilegeEntry 1 } cadCLIcommandPrivilegeCommand OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS not-accessible STATUS current DESCRIPTION "Fully expanded CLI command text that uniquely identifies this command node." ::= { cadCLIcommandPrivilegeEntry 2 } cadCLIcommandPrivilegeOriginalLevel OBJECT-TYPE SYNTAX INTEGER(0..15) MAX-ACCESS read-create STATUS current DESCRIPTION "Original privilege level defined at compile time." DEFVAL { 0 } ::= { cadCLIcommandPrivilegeEntry 3 } cadCLIcommandPrivilegeNewLevel OBJECT-TYPE SYNTAX INTEGER(0..15) MAX-ACCESS read-create STATUS current DESCRIPTION "Configured privilege level that overrides cadCLIcommandPrivilegeOriginalLevel" DEFVAL { 0 } ::= { cadCLIcommandPrivilegeEntry 4 } cadCLIcommandPrivilegeRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Control object for this row" DEFVAL { createAndGo } ::= { cadCLIcommandPrivilegeEntry 5 } -- -- -- cadSshStatus OBJECT IDENTIFIER ::= { cadAAA 13 } cadSshServerVersion OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The current version information for this C4 SSH server." ::= { cadSshStatus 1 } cadSshOfferedProtocols OBJECT-TYPE SYNTAX SshProtocol MAX-ACCESS read-only STATUS current DESCRIPTION "SSH Protocols available on this C4 SSH server." ::= { cadSshStatus 2 } cadSshServerRunning OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "If true, the C4 SSH server is active." ::= { cadSshStatus 3 } cadSshSessionTable OBJECT-TYPE SYNTAX SEQUENCE OF CadSshSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table defines the configuration parameters of the RADIUS servers used for authentication by the C4." ::= { cadSshStatus 4 } cadSshSessionEntry OBJECT-TYPE SYNTAX CadSshSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { cadSshSessionIndex } ::= { cadSshSessionTable 1 } CadSshSessionEntry ::= SEQUENCE { cadSshSessionIndex Integer32, cadSshConnectionId Integer32, cadSshUser SnmpAdminString, cadSshClientIpAddr InetAddressIPv4or6, cadSshServiceType SshService, cadSshAuthMethod SshAuthMethod, cadSshCipherType SshCipherType, cadSshMacAlg SshMacAlg, cadSshClientSw SnmpAdminString, cadSshSessionRowStatus RowStatus } cadSshSessionIndex OBJECT-TYPE SYNTAX Integer32 (1..32) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The session index corresponding to a SSH session. These are preallocated by the system at startup." ::= { cadSshSessionEntry 1 } cadSshConnectionId OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The connection identifier for this SSH session." ::= { cadSshSessionEntry 2 } cadSshUser OBJECT-TYPE SYNTAX SnmpAdminString(SIZE(1..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "" ::= { cadSshSessionEntry 3 } cadSshClientIpAddr OBJECT-TYPE SYNTAX InetAddressIPv4or6 MAX-ACCESS read-only STATUS current DESCRIPTION "The client IP address." ::= { cadSshSessionEntry 4 } cadSshServiceType OBJECT-TYPE SYNTAX SshService MAX-ACCESS read-only STATUS current DESCRIPTION "" ::= { cadSshSessionEntry 5 } cadSshAuthMethod OBJECT-TYPE SYNTAX SshAuthMethod MAX-ACCESS read-only STATUS current DESCRIPTION "The authentication method for this session." ::= { cadSshSessionEntry 6 } cadSshCipherType OBJECT-TYPE SYNTAX SshCipherType MAX-ACCESS read-only STATUS current DESCRIPTION "" ::= { cadSshSessionEntry 7 } cadSshMacAlg OBJECT-TYPE SYNTAX SshMacAlg MAX-ACCESS read-only STATUS current DESCRIPTION "" ::= { cadSshSessionEntry 8 } cadSshClientSw OBJECT-TYPE SYNTAX SnmpAdminString(SIZE(1..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "" ::= { cadSshSessionEntry 9 } cadSshSessionRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-only STATUS current DESCRIPTION "" ::= { cadSshSessionEntry 10 } -- conformance information cadAAAConformance OBJECT IDENTIFIER ::= { cadAAA 20 } cadAAAGroups OBJECT IDENTIFIER ::= { cadAAAConformance 1 } cadAAACompliances OBJECT IDENTIFIER ::= { cadAAAConformance 2 } -- compliance statements cadAAACompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement " MODULE -- this module MANDATORY-GROUPS { cadAAALineGroup, cadAAAMethodGroup, cadAAAServerGroup, cadAAAProtocolGroup, cadAAASshGroup, cadAAAPasswordGroup } GROUP cadAAALineGroup DESCRIPTION "This group defines line configuration for the C4." GROUP cadAAAMethodGroup DESCRIPTION "This group defines the AAA methods for the C4." GROUP cadAAAServerGroup DESCRIPTION "This group defines the server cross reference group for AAA." GROUP cadAAAProtocolGroup DESCRIPTION "This group defines AAA protocol information for the C4." GROUP cadAAASshGroup DESCRIPTION "This group defines AAA SSH protocol information for the C4." GROUP cadAAAPasswordGroup DESCRIPTION "This group defines AAA password information for the C4." GROUP cadAAAEnableGroup DESCRIPTION "This group defines AAA enable password information for the C4." ::= { cadAAACompliances 1 } -- units of conformance cadAAALineGroup OBJECT-GROUP OBJECTS { cadLineType, cadLineEnabled, cadLineSessionTimeout, cadLineIdleTimeout, cadLinePagination, cadLineBaud, cadLinePassword, cadLineLoginAuthMethodList, cadLineEnableAuthMethodList, cadLineAuthorMethodList, cadLineShellAccountingMethodList, cadLineCommandAccountingMethodList, cadLineShellAccountingType, cadLineCommandAccountingType, cadLineCommandAccountingPrivilegeLevel } STATUS current DESCRIPTION "This group defines line configuration for the C4." ::= { cadAAAGroups 1 } cadAAAMethodGroup OBJECT-GROUP OBJECTS { cadAuthType, cadAuthGroup } STATUS current DESCRIPTION "This group defines the AAA methods for the C4." ::= { cadAAAGroups 2 } cadAAAServerGroup OBJECT-GROUP OBJECTS { cadGroupIpAddress, cadGroupType } STATUS current DESCRIPTION "This group defines the server cross reference group for AAA." ::= { cadAAAGroups 3 } cadAAAProtocolGroup OBJECT-GROUP OBJECTS { cadTacacsPort, cadTacacsTimeout, cadTacacsKey, cadTacacsSingleConnect, cadTacacsServerIndex } STATUS current DESCRIPTION "This group defines AAA protocol information for the C4." ::= { cadAAAGroups 4 } cadAAASshGroup OBJECT-GROUP OBJECTS { cadSshEnabled, cadSshPort, cadSshSessionIdleTimeout, cadSshMaxClients, cadSshPasswordAuthEnabled, cadSshPublicKeyAuthEnabled, cadSshCliLoginEnabled, cadSshSecureFtpEnabled, cadSshPublicKey, cadSshPrivateKey, cadSshCiphers, cadSshPortForwardingEnabled, cadSshPasswordAuthRequired, cadSshPublicKeyAuthRequired, cadSshPublicKeyAuthFirst, cadSshMaxAuthFailures, cadSshServerKeyType, cadSshKeyExchange } STATUS current DESCRIPTION "This group defines AAA SSH information for the C4." ::= { cadAAAGroups 5 } cadAAAPasswordGroup OBJECT-GROUP OBJECTS { cadPassPassword, cadPassAuthLevel, cadPassPublicKey } STATUS current DESCRIPTION "This group defines AAA local password information for the C4." ::= { cadAAAGroups 6 } cadAAAEnableGroup OBJECT-GROUP OBJECTS { cadEnablePassword } STATUS current DESCRIPTION "This group defines AAA local enable password information for the C4." ::= { cadAAAGroups 7 } END