ZTE-AN-ACCESS-CTRL-AAA-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Integer32 FROM SNMPv2-SMI RowStatus,DisplayString, TEXTUAL-CONVENTION FROM SNMPv2-TC InetAddress,InetAddressType FROM INET-ADDRESS-MIB zxAn FROM ZTE-AN-TC-MIB; zxAnAccessCtrlAaaMib MODULE-IDENTITY LAST-UPDATED "201211071000Z" ORGANIZATION "ZTE Corporation" CONTACT-INFO "ZTE shanghai software development dept.III Zhang Jianjun 021-68897226 " DESCRIPTION "This MIB defines managed objects of ZTE AAA management." REVISION "201211071000Z" -- November 07, 2012 at 10:00 GMT DESCRIPTION "Initial version of this MIB module." ::= { zxAn 90 } zxAnAaaAuthenticationObjects OBJECT IDENTIFIER ::= { zxAnAccessCtrlAaaMib 2 } zxAnAaaAuthorizationObjects OBJECT IDENTIFIER ::= { zxAnAccessCtrlAaaMib 3 } zxAnAaaAccountingObjects OBJECT IDENTIFIER ::= { zxAnAccessCtrlAaaMib 4 } -------------------------------------------------------------------------------- -- Textual Conventions -------------------------------------------------------------------------------- ZxAnAaaAuthenMethodPriority ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This is the priority order of an authentication method to be used in user authentication for a session. At start up, the agent assigns the value of this object. Later this can be changed by the management station. This object reflects the relative priority of the authentication method denoted by zxAnAaaAuthenLocalPriority and zxAnAaaAuthenTacacsplusPriority with respect to already configured authentication methods. The zero value indicates that the priority is not set and that the authentication methods are applied in ascending order. Each object must contain a unique value for priority or zero. In the case when a priority is set for a value that is already used by existing object the existing object's priority will be swapped." SYNTAX Integer32(0..2) ZxAnAaaAuthorMethodPriority ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This is the priority order of an authorization method to be used in user authorization for a session. At start up, the agent assigns the value of this object. Later this can be changed by the management station. This object reflects the relative priority of the authorization method denoted by zxAnAaaAuthorLocalPriority and zxAnAaaAuthorTacacsplusPriority with respect to already configured authorization methods. The zero value indicates that the priority is not set and that the authorization methods are applied in ascending order. Each object must contain a unique value for priority or zero. In the case when a priority is set for a value that is already used by existing object the existing object's priority will be swapped." SYNTAX Integer32(0..2) -------------------------------------------------------------------------------- -- Following objects are defined. -- 1. AAA Global Configuration -- 2. AAA Authentication Objects -- 2.1 AAA Authentication Global Objects -- 2.2 AAA Authentication Session Table -- 2.3 AAA Authentication Login Table -- 3. AAA Authorization Objects -- 3.1 AAA Authorization Global Objects -- 3.2 AAA Authorization Session Table -- 4. AAA Accounting Objects -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- -- 1. AAA Global Configuration -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- -- 2. AAA Authentication Objects -------------------------------------------------------------------------------- zxAnAaaAuthenGlobalObjects OBJECT IDENTIFIER ::= { zxAnAaaAuthenticationObjects 1 } -------------------------------------------------------------------------------- -- 2.1 AAA Authentication Global Objects -------------------------------------------------------------------------------- zxAnAaaAuthenLocalPriority OBJECT-TYPE SYNTAX ZxAnAaaAuthenMethodPriority MAX-ACCESS read-write STATUS current DESCRIPTION "The local authentication method priority." DEFVAL { 0 } ::= { zxAnAaaAuthenGlobalObjects 1 } zxAnAaaAuthenTacacsplusPriority OBJECT-TYPE SYNTAX ZxAnAaaAuthenMethodPriority MAX-ACCESS read-write STATUS current DESCRIPTION "The TACACS+ authentication method priority." DEFVAL { 0 } ::= { zxAnAaaAuthenGlobalObjects 2 } zxAnAaaAuthenNoAuthenMethodEn OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enable or disable the no authentication method. enabled(1) - Use no authentication as the last method. disabled(2) - Don't use no authentication method. This object must be set with zxAnAaaAuthenLocalPriority, zxAnAaaAuthenTacacsplusPriority at the same time." DEFVAL { disabled } ::= { zxAnAaaAuthenGlobalObjects 3 } zxAnAaaAuthenTacacsplusGroupName OBJECT-TYPE SYNTAX DisplayString(SIZE(0..32)) MAX-ACCESS read-write STATUS current DESCRIPTION "The tacacs plus authentication group name. If zxAnAaaAuthenTacacsplusPriority is zero(0), zxAnAaaAuthenTacacsplusGroupName should be empty string. If the value of zxAnAaaAuthenTacacsplusPriority is not zero(0), zxAnAaaAuthenTacacsplusGroupName must be set with zxAnAaaAuthenTacacsplusPriority at the same time." ::= { zxAnAaaAuthenGlobalObjects 4 } -------------------------------------------------------------------------------- -- 2.2 AAA Authentication Session Table -------------------------------------------------------------------------------- zxAnAaaAuthenticationSession OBJECT IDENTIFIER ::= { zxAnAaaAuthenticationObjects 2 } zxAnAaaAuthenSessionTable OBJECT-TYPE SYNTAX SEQUENCE OF ZxAnAaaAuthenSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Authentication session table." ::= { zxAnAaaAuthenticationSession 2 } zxAnAaaAuthenSessionEntry OBJECT-TYPE SYNTAX ZxAnAaaAuthenSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Authentication session table entry." INDEX { zxAnAaaAuthenSessionType } ::= { zxAnAaaAuthenSessionTable 1 } ZxAnAaaAuthenSessionEntry ::= SEQUENCE { zxAnAaaAuthenSessionType INTEGER, zxAnAaaAuthenSessionMethod INTEGER, zxAnAaaAuthenSessionRadiusGrpId Integer32, zxAnAaaAuthenSessionRowStatus RowStatus } zxAnAaaAuthenSessionType OBJECT-TYPE SYNTAX INTEGER { telnet(1), ssh(2) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "This is the session type used to connect to the device. telnet(1) indicates telnet session. ssh(2) indicates SSH session." ::= { zxAnAaaAuthenSessionEntry 1 } zxAnAaaAuthenSessionMethod OBJECT-TYPE SYNTAX INTEGER { local(1), tacacsPlus(2), radius(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "This is the authentication method used to authenticate users. local(1) indicates that local password is used for authentication. Which password is used depend on what login mode users specified. tacacsPlus(2) indicates that TACACS+ method is used for authentication. radius(3) indicates that RADIUS method is used for authentication." DEFVAL { local } ::= { zxAnAaaAuthenSessionEntry 2 } zxAnAaaAuthenSessionRadiusGrpId OBJECT-TYPE SYNTAX Integer32(0..10) MAX-ACCESS read-create STATUS current DESCRIPTION "The RADIUS group ID. When zxAnAaaAuthenMethod is radius(3), this object must be set at the same time. Value 0 means RADIUS group ID is not configured." DEFVAL { 0 } ::= { zxAnAaaAuthenSessionEntry 3 } zxAnAaaAuthenSessionRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this conceptual row. The supported actions of this conceptual row only include: 'createAndGo' and 'destroy'. To create a row in this table, a manager must set this object to createAndGo(4), and must comply with the multi-variables binding rule described in zxAnAaaAuthenSessionEntry. To delete a row in this table, a manager must set this object to destroy(6). To get this object, the agent always returns active(1)." ::= { zxAnAaaAuthenSessionEntry 50 } -------------------------------------------------------------------------------- -- 2.3 AAA Authentication Login Table -------------------------------------------------------------------------------- zxAnAaaAuthenticaitonLogin OBJECT IDENTIFIER ::= { zxAnAaaAuthenticationObjects 3 } zxAnAaaAuthenLoginTable OBJECT-TYPE SYNTAX SEQUENCE OF ZxAnAaaAuthenLoginEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Login mode authentication table." REFERENCE "Used by MAP." ::= { zxAnAaaAuthenticaitonLogin 2 } zxAnAaaAuthenLoginEntry OBJECT-TYPE SYNTAX ZxAnAaaAuthenLoginEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Login mode authentication table entry." INDEX { zxAnAaaAuthenLoginMode } ::= { zxAnAaaAuthenLoginTable 1 } ZxAnAaaAuthenLoginEntry ::= SEQUENCE { zxAnAaaAuthenLoginMode INTEGER, zxAnAaaAuthenLoginLocalPri ZxAnAaaAuthenMethodPriority, zxAnAaaAuthenLoginTacacsplusPri ZxAnAaaAuthenMethodPriority, zxAnAaaAuthenLoginNoAuthMethodEn INTEGER, zxAnAaaAuthenLoginTacplusGrpName DisplayString, zxAnAaaAuthenLoginRowStatus RowStatus } zxAnAaaAuthenLoginMode OBJECT-TYPE SYNTAX INTEGER { login(1), enable(2) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "This is the login mode user used to login to the network device. login(1) indicates the normal mode. enable(2) indicates the privileged mode." ::= { zxAnAaaAuthenLoginEntry 1 } zxAnAaaAuthenLoginLocalPri OBJECT-TYPE SYNTAX ZxAnAaaAuthenMethodPriority MAX-ACCESS read-create STATUS current DESCRIPTION "The local authentication method priority." DEFVAL { 0 } ::= { zxAnAaaAuthenLoginEntry 2 } zxAnAaaAuthenLoginTacacsplusPri OBJECT-TYPE SYNTAX ZxAnAaaAuthenMethodPriority MAX-ACCESS read-create STATUS current DESCRIPTION "The TACACS+ authentication method priority." DEFVAL { 0 } ::= { zxAnAaaAuthenLoginEntry 3 } zxAnAaaAuthenLoginNoAuthMethodEn OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Enable or disable the none authentication method. enabled(1) - Use none authentication as the last method. disabled(2) - Don't use none authentication method." DEFVAL { disabled } ::= { zxAnAaaAuthenLoginEntry 4 } zxAnAaaAuthenLoginTacplusGrpName OBJECT-TYPE SYNTAX DisplayString(SIZE(0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The TACACS+ authentication group name. If zxAnAaaAuthenLoginTacacsplusPri is zero(0), zxAnAaaAuthenLoginTacplusGrpName should be empty string. If the value of zxAnAaaAuthenLoginTacacsplusPri is not zero(0), zxAnAaaAuthenLoginTacplusGrpName must be set with zxAnAaaAuthenLoginTacacsplusPri at the same time." ::= { zxAnAaaAuthenLoginEntry 5 } zxAnAaaAuthenLoginRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this conceptual row. The supported actions of this conceptual row only include: 'createAndGo' and 'destroy'. To create a row in this table, a manager must set this object to createAndGo(4), and must comply with the multi-variables binding rule described in zxAnAaaAuthenLoginEntry. To delete a row in this table, a manager must set this object to destroy(6). To get this object, the agent always returns active(1)." ::= { zxAnAaaAuthenLoginEntry 50 } -------------------------------------------------------------------------------- -- 3. AAA Authorization Objects -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- -- 3.1 AAA Authorization Global Objects -------------------------------------------------------------------------------- zxAnAaaAuthorGlobalObjects OBJECT IDENTIFIER ::= { zxAnAaaAuthorizationObjects 1 } zxAnAaaAuthorLocalPriority OBJECT-TYPE SYNTAX ZxAnAaaAuthorMethodPriority MAX-ACCESS read-write STATUS current DESCRIPTION "The local authorization method priority." DEFVAL { 0 } ::= { zxAnAaaAuthorGlobalObjects 1 } zxAnAaaAuthorTacacsplusPriority OBJECT-TYPE SYNTAX ZxAnAaaAuthorMethodPriority MAX-ACCESS read-write STATUS current DESCRIPTION "The TACACS+ authorization method priority." DEFVAL { 0 } ::= { zxAnAaaAuthorGlobalObjects 2 } zxAnAaaAuthorNoAuthorMethodEn OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enable or disable the authorization method. enabled(1) - Use none authorization as the last method. disabled(2) - Don't use none authorization method. This object must be set with zxAnAaaAuthorLocalPriority, zxAnAaaAuthorTacacsplusPriority at the same time." DEFVAL { disabled } ::= { zxAnAaaAuthorGlobalObjects 3 } zxAnAaaAuthorTacacsplusGroupName OBJECT-TYPE SYNTAX DisplayString(SIZE(0..32)) MAX-ACCESS read-write STATUS current DESCRIPTION "The name of TACACS+ authorization group name. If zxAnAaaAuthorTacacsplusPriority is zero(0), zxAnAaaAuthorTacacsplusGroupName should be empty string. If the value of zxAnAaaAuthorTacacsplusPriority is not zero(0), zxAnAaaAuthorTacacsplusGroupName must be set with zxAnAaaAuthorTacacsplusPriority at the same time." ::= { zxAnAaaAuthorGlobalObjects 4 } -------------------------------------------------------------------------------- -- 3.2 AAA Authorization Session Table -------------------------------------------------------------------------------- zxAnAaaAuthorizationSession OBJECT IDENTIFIER ::= { zxAnAaaAuthorizationObjects 3 } zxAnAaaAuthorSessionTable OBJECT-TYPE SYNTAX SEQUENCE OF ZxAnAaaAuthorSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Authorization session table." ::= { zxAnAaaAuthorizationSession 2 } zxAnAaaAuthorSessionEntry OBJECT-TYPE SYNTAX ZxAnAaaAuthorSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Authorization session table entry." INDEX { zxAnAaaAuthorSessionType } ::= { zxAnAaaAuthorSessionTable 1 } ZxAnAaaAuthorSessionEntry ::= SEQUENCE { zxAnAaaAuthorSessionType INTEGER, zxAnAaaAuthorSessionMethod INTEGER, zxAnAaaAuthorSessionSshMode INTEGER, zxAnAaaAuthorSessionRowStatus RowStatus } zxAnAaaAuthorSessionType OBJECT-TYPE SYNTAX INTEGER { telnet(1), ssh(2) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "This is the session type used to connect to the device. telnet(1) indicates telnet session. ssh(2) indicates SSH session." ::= { zxAnAaaAuthorSessionEntry 1 } zxAnAaaAuthorSessionMethod OBJECT-TYPE SYNTAX INTEGER { local(1), tacacsPlus(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This is the authorization method used to authorize users. local(1) indicates that local password is used for authorization. Which password is used depend on what login mode users specified. tacacsPlus(2) indicates that TACACS+ method is used for authorization." DEFVAL { local } ::= { zxAnAaaAuthorSessionEntry 2 } zxAnAaaAuthorSessionSshMode OBJECT-TYPE SYNTAX INTEGER { nouse(1), chap(2), pap(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to control authorization mode when user login from SSH." DEFVAL { chap } ::= { zxAnAaaAuthorSessionEntry 3 } zxAnAaaAuthorSessionRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this conceptual row. The supported actions of this conceptual row only include: 'createAndGo' and 'destroy'. To create a row in this table, a manager must set this object to createAndGo(4), and must comply with the multi-variables binding rule described in zxAnAaaAuthorSessionEntry. To delete a row in this table, a manager must set this object to destroy(6). To get this object, the agent always returns active(1). " ::= { zxAnAaaAuthorSessionEntry 50 } -------------------------------------------------------------------------------- -- 4. AAA Accounting Objects -------------------------------------------------------------------------------- zxAnAaaAccountPrivilege OBJECT IDENTIFIER ::= { zxAnAaaAccountingObjects 2 } zxAnAaaAccountPrivilegeTable OBJECT-TYPE SYNTAX SEQUENCE OF ZxAnAaaAccountPrivilegeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Accounting privilege table." ::= { zxAnAaaAccountPrivilege 2 } zxAnAaaAccountPrivilegeEntry OBJECT-TYPE SYNTAX ZxAnAaaAccountPrivilegeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Accounting privilege table entry." INDEX { zxAnAaaAccountUserPrivilege } ::= { zxAnAaaAccountPrivilegeTable 1 } ZxAnAaaAccountPrivilegeEntry ::= SEQUENCE { zxAnAaaAccountUserPrivilege Integer32, zxAnAaaAccountTacacsplusGrpName DisplayString, zxAnAaaAccountPrivilegeRowStatus RowStatus } zxAnAaaAccountUserPrivilege OBJECT-TYPE SYNTAX Integer32(1..15) MAX-ACCESS not-accessible STATUS current DESCRIPTION "User privilege level." ::= { zxAnAaaAccountPrivilegeEntry 1 } zxAnAaaAccountTacacsplusGrpName OBJECT-TYPE SYNTAX DisplayString(SIZE(1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The TACACS+ group name." ::= { zxAnAaaAccountPrivilegeEntry 2 } zxAnAaaAccountPrivilegeRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this conceptual row. The supported actions of this conceptual row only include: 'createAndGo' and 'destroy'. To create a row in this table, a manager must set this object to createAndGo(4), and must comply with the multi-variables binding rule described in zxAnAaaAccountPrivilegeEntry. To delete a row in this table, a manager must set this object to destroy(6). To get this object, the agent always returns active(1)." ::= { zxAnAaaAccountPrivilegeEntry 50 } END