-- **************************************************************************** -- **************************************************************************** -- Copyright(c) 2004 Mediatrix Telecom, Inc. -- NOTICE: -- This document contains information that is confidential and proprietary -- to Mediatrix Telecom, Inc. -- Mediatrix Telecom, Inc. reserves all rights to this document as well as -- to the Intellectual Property of the document and the technology and -- know-how that it includes and represents. -- This publication cannot be reproduced, neither in whole nor in part in -- any form whatsoever without written prior approval by -- Mediatrix Telecom, Inc. -- Mediatrix Telecom, Inc. reserves the right to revise this publication -- and make changes at any time and without the obligation to notify any -- person and/or entity of such revisions and/or changes. -- **************************************************************************** -- **************************************************************************** MX-AAA-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Integer32 FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF MxEnableState, MxActivationState, MxIpHostName, MxIpAddress, MxIpPort, MxAdvancedIpPort, MxIpSubnetMask, MxDigitMap FROM MX-TC MxUInt64, MxFloat32, MxIpHostNamePort, MxIpAddr, MxIpAddrPort, MxIpAddrMask, MxUri, MxUrl FROM MX-TC2 mediatrixServices FROM MX-SMI2; aaaMIB MODULE-IDENTITY LAST-UPDATED "1910210000Z" ORGANIZATION " Mediatrix Telecom, Inc. " CONTACT-INFO " Mediatrix Telecom, Inc. 4229, Garlock Street Sherbrooke (Quebec) Canada Phone: (819) 829-8749 " DESCRIPTION " Authentication, Authorization and Accounting The Authentication, Authorization and Accounting (AAA) service manages the administrator accounts and grants or denies access to various parameters. " ::= { mediatrixServices 1000 } aaaMIBObjects OBJECT IDENTIFIER ::= { aaaMIB 1 } -- ***************************************************************************** -- Table:Users -- ***************************************************************************** usersTable OBJECT-TYPE SYNTAX SEQUENCE OF UsersEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " Users This table contains the users that are allowed in the system. " ::= { aaaMIBObjects 100 } usersEntry OBJECT-TYPE SYNTAX UsersEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " A row in table Users. " INDEX { usersUserName } ::= { usersTable 1 } UsersEntry ::= SEQUENCE { usersUserName OCTET STRING, usersPassword OCTET STRING, usersAccessRights INTEGER, usersLockProtectionEnable MxEnableState, usersDelete INTEGER } -- Index:User Name usersUserName OBJECT-TYPE SYNTAX OCTET STRING ( SIZE(0..50) ) MAX-ACCESS read-only STATUS current DESCRIPTION " User Name Contains the user name. Cannot be empty. " DEFVAL { "" } ::= { usersEntry 100 } -- Columnar:Password usersPassword OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-write STATUS current DESCRIPTION " Password Contains the user's password. " DEFVAL { "" } ::= { usersEntry 200 } -- Columnar:Access Rights usersAccessRights OBJECT-TYPE SYNTAX INTEGER { admin(100) , user(200) , observer(300) } MAX-ACCESS read-write STATUS current DESCRIPTION " Access Rights Identifies the user role defining the access rights. * Admin: User has administrator access rights and is allowed to read, modify and execute all configuration objects of the unit. * User: User has end-user access rights. * Observer: User has observer access rights. " DEFVAL { admin } ::= { usersEntry 250 } -- Columnar:Users Lock Protection Enable usersLockProtectionEnable OBJECT-TYPE SYNTAX MxEnableState MAX-ACCESS read-write STATUS current DESCRIPTION " Users Lock Protection Enable To configure the locking mechanism to protect a user account against brute force attacks. * Enable: The user account will be temporarily locked after repetitive login failures. * Disable: The user account will never be locked, regardless of the amount of failed login attempts. Refer to the LoginLockedMaxRetry and LoginLockedTimeoutS parameters for more configuration. " DEFVAL { enable } ::= { usersEntry 275 } -- Row command:Delete usersDelete OBJECT-TYPE SYNTAX INTEGER { noOp(0), delete(10) } MAX-ACCESS read-write STATUS current DESCRIPTION " Delete Deletes this row. Note: a system restart is required to completely remove the user. The current activities of this user are not terminated on removal. " DEFVAL { noOp } ::= { usersEntry 300 } -- End of table:Users -- ***************************************************************************** -- Table:Users Status -- ***************************************************************************** usersStatusTable OBJECT-TYPE SYNTAX SEQUENCE OF UsersStatusEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " Users Status This table displays the list of all currently allowed users. " ::= { aaaMIBObjects 150 } usersStatusEntry OBJECT-TYPE SYNTAX UsersStatusEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " A row in table Users Status. " INDEX { usersStatusUserName } ::= { usersStatusTable 1 } UsersStatusEntry ::= SEQUENCE { usersStatusUserName OCTET STRING, usersStatusPassword OCTET STRING, usersStatusLocked INTEGER } -- Index:User Name usersStatusUserName OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION " User Name Contains the user name. " ::= { usersStatusEntry 100 } -- Columnar:Password usersStatusPassword OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION " Password Contains the user's password. " ::= { usersStatusEntry 200 } -- Columnar:Users Status Locked usersStatusLocked OBJECT-TYPE SYNTAX INTEGER { unlocked(100) , locked(200) } MAX-ACCESS read-only STATUS current DESCRIPTION " Users Status Locked Indicates when a user account has been temporarily locked due to excessive login failures. All login attempts will be rejected while the user account is locked. See the UsersLockProtectionEnable parameter for more details. " ::= { usersStatusEntry 300 } -- End of table:Users Status -- Scalar:Batch User batchUser OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-write STATUS current DESCRIPTION " Batch User User name that is used for scheduled tasks. " DEFVAL { "" } ::= { aaaMIBObjects 200 } -- ***************************************************************************** -- Table:Services Aaa Type -- ***************************************************************************** servicesAaaTypeTable OBJECT-TYPE SYNTAX SEQUENCE OF ServicesAaaTypeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " Services Aaa Type Aaa type used by services. " ::= { aaaMIBObjects 300 } servicesAaaTypeEntry OBJECT-TYPE SYNTAX ServicesAaaTypeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " A row in table Services Aaa Type. " INDEX { servicesAaaTypeService } ::= { servicesAaaTypeTable 1 } ServicesAaaTypeEntry ::= SEQUENCE { servicesAaaTypeService OCTET STRING, servicesAaaTypeAuthenticationType INTEGER, servicesAaaTypeAccountingType INTEGER } -- Index:Service Name servicesAaaTypeService OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION " Service Name Service name for which the Aaa types are configured. " DEFVAL { "" } ::= { servicesAaaTypeEntry 100 } -- Columnar:Authentication Type servicesAaaTypeAuthenticationType OBJECT-TYPE SYNTAX INTEGER { local(100) , radius(200) } MAX-ACCESS read-write STATUS current DESCRIPTION " Authentication Type Authentication type a service uses for incoming authentication requests. * Local: Incoming authentication attempts are validated against the user names and passwords stored in the Aaa.Users table. * Radius: Incoming authentication attempts are validated against the first responding Radius server configured in the Aaa.RadiusServers table. When no servers reply or when no server is configured in the Aaa.RadiusServers table, an authentication attempt of type Local is performed against the user names and passwords stored in the Aaa.Users table. " DEFVAL { local } ::= { servicesAaaTypeEntry 200 } -- Columnar:Accounting Type servicesAaaTypeAccountingType OBJECT-TYPE SYNTAX INTEGER { none(100) , radius(200) } MAX-ACCESS read-write STATUS current DESCRIPTION " Accounting Type Accounting type a service uses once a user is successfully authenticated on the unit. Accounting starts once users are successfully authenticated and stops when their session is over. * None: Accounting is disabled. * Radius: Accounting is done by the first responding Radius server configured in the Aaa.RadiusServers table. " DEFVAL { none } ::= { servicesAaaTypeEntry 300 } -- End of table:Services Aaa Type -- **************************************************************************** -- Group:Radius Configuration -- **************************************************************************** radiusGroup OBJECT IDENTIFIER ::= { aaaMIBObjects 10000 } -- Scalar:Radius Servers Requests Timeout radiusServersTimeoutS OBJECT-TYPE SYNTAX Unsigned32 ( 1..5 ) MAX-ACCESS read-write STATUS current DESCRIPTION " Radius Servers Requests Timeout Maximum time, in seconds, the unit waits for a reply from a Radius server. When the timeout is reached, the request is sent to the next configured server in the Aaa.RadiusServers table. " DEFVAL { 5 } ::= { radiusGroup 100 } -- Scalar:Radius User Access Rights radiusUserAccessRights OBJECT-TYPE SYNTAX INTEGER { admin(100) , user(200) , observer(300) } MAX-ACCESS read-write STATUS current DESCRIPTION " Radius User Access Rights Identifies the user role defining the access rights for all Radius users. * Admin: User has administrator access rights and is allowed to read, modify and execute all configuration objects of the unit. * User: User has end-user access rights. * Observer: User has observer access rights. " DEFVAL { admin } ::= { radiusGroup 200 } -- *************************************************************************** -- Table:Radius Servers -- *************************************************************************** radiusServersTable OBJECT-TYPE SYNTAX SEQUENCE OF RadiusServersEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " Radius Servers Radius servers used by services. " ::= { radiusGroup 1000 } radiusServersEntry OBJECT-TYPE SYNTAX RadiusServersEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " A row in table Radius Servers. " INDEX { radiusServersService, radiusServersPriority } ::= { radiusServersTable 1 } RadiusServersEntry ::= SEQUENCE { radiusServersService OCTET STRING, radiusServersPriority Unsigned32, radiusServersAuthenticationHost MxIpHostNamePort, radiusServersAuthenticationSecret OCTET STRING, radiusServersAccountingHost MxIpHostNamePort, radiusServersAccountingSecret OCTET STRING } -- Index:Service Name radiusServersService OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION " Service Name Name of the service for which Radius servers are configured. " ::= { radiusServersEntry 100 } -- Index:Radius Server Priority radiusServersPriority OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION " Radius Server Priority Radius server priority determining their usage order for Aaa requests. " ::= { radiusServersEntry 200 } -- Columnar:Radius Host for Authentication radiusServersAuthenticationHost OBJECT-TYPE SYNTAX MxIpHostNamePort MAX-ACCESS read-write STATUS current DESCRIPTION " Radius Host for Authentication Hostname and port of a Radius server used for authentication requests. " DEFVAL { "" } ::= { radiusServersEntry 300 } -- Columnar:Radius Authentication Server Secret Key radiusServersAuthenticationSecret OBJECT-TYPE SYNTAX OCTET STRING ( SIZE(0..512) ) MAX-ACCESS read-write STATUS current DESCRIPTION " Radius Authentication Server Secret Key Secret key shared between the Radius server and the unit. The AuthenticationSecret key must be the same as the secret key stored on the Radius authentication server set in the RadiusServers.AuthenticationHost column. " DEFVAL { "" } ::= { radiusServersEntry 400 } -- Columnar:Radius Host for Accounting radiusServersAccountingHost OBJECT-TYPE SYNTAX MxIpHostNamePort MAX-ACCESS read-write STATUS current DESCRIPTION " Radius Host for Accounting Hostname and port of a Radius server used for accounting requests. " DEFVAL { "" } ::= { radiusServersEntry 500 } -- Columnar:Radius Accounting Server Secret Key radiusServersAccountingSecret OBJECT-TYPE SYNTAX OCTET STRING ( SIZE(0..512) ) MAX-ACCESS read-write STATUS current DESCRIPTION " Radius Accounting Server Secret Key Secret key shared between the Radius server and the unit. The AccountingSecret key must be the same as the secret key stored on the Radius accounting server set in the RadiusServers.AccountingHost column. " DEFVAL { "" } ::= { radiusServersEntry 600 } -- End of table:Radius Servers -- End of group:Radius Configuration -- **************************************************************************** -- Group:Security Configuration -- **************************************************************************** securityGroup OBJECT IDENTIFIER ::= { aaaMIBObjects 20000 } -- Scalar:Login Locked Max Retry loginLockedMaxRetry OBJECT-TYPE SYNTAX Unsigned32 ( 1..5 ) MAX-ACCESS read-write STATUS current DESCRIPTION " Login Locked Max Retry Defines the maximum number of failed login attempts allowed before temporarily locking the user account. This parameter has no effect when the LockProtectionEnable parameter is disabled. " DEFVAL { 5 } ::= { securityGroup 100 } -- Scalar:Login Locked Timeout loginLockedTimeoutS OBJECT-TYPE SYNTAX Unsigned32 ( 5..3600 ) MAX-ACCESS read-write STATUS current DESCRIPTION " Login Locked Timeout Defines the duration of the locked period (in seconds), after which the user is allowed to log in again. This parameter has no effect when the LockProtectionEnable parameter is disabled. " DEFVAL { 300 } ::= { securityGroup 200 } -- End of group:Security Configuration -- **************************************************************************** -- Group:Notification Messages Configuration -- **************************************************************************** notificationsGroup OBJECT IDENTIFIER ::= { aaaMIBObjects 60010 } -- Scalar:Minimal Severity of Notification minSeverity OBJECT-TYPE SYNTAX INTEGER { disable(0) , debug(100) , info(200) , warning(300) , error(400) , critical (500) } MAX-ACCESS read-write STATUS current DESCRIPTION " Minimal Severity of Notification Sets the minimal severity to issue a notification message incoming from this service. * Disable: No notification is issued. * Debug: All notification messages are issued. * Info: Notification messages with a 'Informational' and higher severity are issued. * Warning: Notification messages with a 'Warning' and higher severity are issued. * Error: Notification messages with an 'Error' and higher severity are issued. * Critical: Notification messages with a 'Critical' severity are issued. " DEFVAL { warning } ::= { notificationsGroup 100 } -- End of group:Notification Messages Configuration -- **************************************************************************** -- Group:Configuration Settings -- **************************************************************************** configurationGroup OBJECT IDENTIFIER ::= { aaaMIBObjects 60020 } -- Scalar:Need Restart needRestartInfo OBJECT-TYPE SYNTAX INTEGER { no(0) , yes(100) } MAX-ACCESS read-only STATUS current DESCRIPTION " Need Restart Indicates if the service needs to be restarted for the configuration to fully take effect. * Yes: Service needs to be restarted. * No: Service does not need to be restarted. Services can be restarted by using the Scm.ServiceCommands.Restart command. " ::= { configurationGroup 100 } -- End of group:Configuration Settings END