-- ZyXEL Communications Corporation -- Private Enterprise MIB definition -- This file describes the ZyXEL Communications Corporation Enterprise MIB. -- It contains ZyXEL products OIDs, and common managed objects. -- $Log: ZYXEL-AAA-MIB.mib $ -- Revision 1.7 2013/12/06 07:01:39 ccho -- remove uncessary imports -- Revision 1.6 2013/11/20 06:50:37 ccho -- renaming identifier name for SMI.V2 -- Revision 1.5 2013/11/06 05:40:43 ccho -- fix mib style -- Revision 1.4 2012/12/10 06:28:03 Kevin -- redefine oid -- Revision 1.3 2012/09/19 07:27:28 Kevin -- if it's leaf node, revise the vender name from zyxel to zy -- Revision 1.2 2012/07/05 06:21:58 Kevin -- 1. upgrade from SNMP to SNMPv2 -- 2. clean warning -- Revision 1.1 2012/05/30 07:08:42 Kevin -- Initial revision ZYXEL-AAA-MIB DEFINITIONS ::= BEGIN IMPORTS OBJECT-TYPE FROM SNMPv2-SMI -- RFC2578 MODULE-IDENTITY FROM SNMPv2-SMI DisplayString FROM SNMPv2-TC EnabledStatus FROM P-BRIDGE-MIB NOTIFICATION-TYPE FROM SNMPv2-SMI Integer32 FROM SNMPv2-SMI esMgmt FROM ZYXEL-ES-SMI; zyxelAaa MODULE-IDENTITY LAST-UPDATED "201207010000Z" ORGANIZATION "Enterprise Solution ZyXEL" CONTACT-INFO "" DESCRIPTION "The subtree for authentication, authorization and accounting (AAA)" ::= { esMgmt 94 } zyxelAaaSetup OBJECT IDENTIFIER ::= { zyxelAaa 1 } zyxelAaaTrapInfoObjects OBJECT IDENTIFIER ::= { zyxelAaa 2 } zyxelAaaNotifications OBJECT IDENTIFIER ::= { zyxelAaa 3 } -- 1.zyxelAaaSetup zyxelAaaAuthenticationSetup OBJECT IDENTIFIER ::= { zyxelAaaSetup 1 } -- authenticationTypeTable zyxelAaaAuthenticationTypeTable OBJECT-TYPE SYNTAX SEQUENCE OF ZyxelAaaAuthenticationTypeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table contains authentication type configuration." ::= { zyxelAaaAuthenticationSetup 1 } zyxelAaaAuthenticationTypeEntry OBJECT-TYPE SYNTAX ZyxelAaaAuthenticationTypeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry contains authentication type configuration." INDEX { zyAaaAuthenticationTypeName } ::= { zyxelAaaAuthenticationTypeTable 1 } ZyxelAaaAuthenticationTypeEntry ::= SEQUENCE { zyAaaAuthenticationTypeName DisplayString, zyAaaAuthenticationTypeMethodList OCTET STRING } zyAaaAuthenticationTypeName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS not-accessible STATUS current DESCRIPTION "'Privilege Enable' means to authenticate access privilege level for administrator accounts (users for switch management). 'Login' means to authenticate administrator accounts (users for switch management)." ::= { zyxelAaaAuthenticationTypeEntry 1 } zyAaaAuthenticationTypeMethodList OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-write STATUS current DESCRIPTION "There are three methods for the switch to authenticate the two types. The switch checks the methods in the order you configure them (first Method 1, then Method 2 and finally Method 3). You must configure the settings in the Method 1 field. If you want the switch to check other sources for authentication, specified them in Method 2 and Method 3 fields." ::= { zyxelAaaAuthenticationTypeEntry 2 } zyxelAaaAuthorizationSetup OBJECT IDENTIFIER ::= { zyxelAaaSetup 2 } zyAaaAuthorizationConsoleState OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Enable/Disable authorization on console for the switch." ::= { zyxelAaaAuthorizationSetup 1 } -- zyxelAaaAuthorizationTypeTable zyxelAaaAuthorizationTypeTable OBJECT-TYPE SYNTAX SEQUENCE OF ZyxelAaaAuthorizationTypeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table contains authorization type configuration." ::= { zyxelAaaAuthorizationSetup 2 } zyxelAaaAuthorizationTypeEntry OBJECT-TYPE SYNTAX ZyxelAaaAuthorizationTypeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry contains authorization type configuration. " INDEX { zyAaaAuthorizationTypeName } ::= { zyxelAaaAuthorizationTypeTable 1 } ZyxelAaaAuthorizationTypeEntry ::= SEQUENCE { zyAaaAuthorizationTypeName DisplayString, zyAaaAuthorizationTypeState EnabledStatus, zyAaaAuthorizationTypeMethod INTEGER } zyAaaAuthorizationTypeName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS not-accessible STATUS current DESCRIPTION "'Exec' allows an administrator which logs in the switch through Telnet or SSH to have different access privilege level assigned via the external server. 'Dot1x' allows an IEEE 802.1x client to have different bandwidth limit or VLAN ID assigned via the external server." ::= { zyxelAaaAuthorizationTypeEntry 1 } zyAaaAuthorizationTypeState OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Enable/Disable authorization for a specified event type." ::= { zyxelAaaAuthorizationTypeEntry 2 } zyAaaAuthorizationTypeMethod OBJECT-TYPE SYNTAX INTEGER{ radius(1), tacacs(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enter whether you want to use RADIUS or TACACS+ for authorization of specific types of events. RADIUS is the only method for IEEE 802.1x authorization." ::= { zyxelAaaAuthorizationTypeEntry 3 } -- zyxelAaaAccountingSetup zyxelAaaAccountingSetup OBJECT IDENTIFIER ::= { zyxelAaaSetup 3 } zyAaaAccountingUpdatePeriod OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "The amount of time in minutes before the switch sends an update to the accounting server." ::= { zyxelAaaAccountingSetup 1 } -- accountingTypeTable zyxelAaaAccountingTypeTable OBJECT-TYPE SYNTAX SEQUENCE OF ZyxelAaaAccountingTypeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table contains accounting type configuration." ::= { zyxelAaaAccountingSetup 2 } zyxelAaaAccountingTypeEntry OBJECT-TYPE SYNTAX ZyxelAaaAccountingTypeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry contains accounting type configuration." INDEX { zyAaaAccountingTypeName } ::= { zyxelAaaAccountingTypeTable 1 } ZyxelAaaAccountingTypeEntry ::= SEQUENCE { zyAaaAccountingTypeName DisplayString, zyAaaAccountingTypeState EnabledStatus, zyAaaAccountingTypeBroadcastState EnabledStatus, zyAaaAccountingTypeMode INTEGER, zyAaaAccountingTypeMethod INTEGER, zyAaaAccountingTypePrivilege INTEGER } zyAaaAccountingTypeName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS not-accessible STATUS current DESCRIPTION "'System' means the switch will send information when the following system events occur: system boots up, system shuts down, system accounting is enabled, and system accounting is disabled. 'Exec' means the switch will send information when an administrator logs in and logs out via the console port, telnet or SSH. 'Dot1x' means the switch will send information when an IEEE 802.1x client begins a session (authenticates via the switch), ends a session as well as interim updates of a session. 'Commands' means the switch to send information when commands of specified privilege level and higher are executed on the switch." ::= { zyxelAaaAccountingTypeEntry 1 } zyAaaAccountingTypeState OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Enable/Disable accounting for a specified event type." ::= { zyxelAaaAccountingTypeEntry 2 } zyAaaAccountingTypeBroadcastState OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Enable/Disable this to have the switch send accounting information to all configured accounting servers at the same time." ::= { zyxelAaaAccountingTypeEntry 3 } zyAaaAccountingTypeMode OBJECT-TYPE SYNTAX INTEGER{ notAvailable(255), startStop(1), stopOnly(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The switch supports two modes of recording login events. Select 'startStop' to have the switch send information to the accounting server when a user begins a session, during a user's session (if it lasts past the Update Period), and when a user ends a session. Select 'stopOnly' to have the switch send information to the accounting server only when a user ends a session." ::= { zyxelAaaAccountingTypeEntry 4 } zyAaaAccountingTypeMethod OBJECT-TYPE SYNTAX INTEGER{ radius(1), tacacs(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enter whether you want to use RADIUS or TACACS+ for accounting of specified types of events." ::= { zyxelAaaAccountingTypeEntry 5 } zyAaaAccountingTypePrivilege OBJECT-TYPE SYNTAX INTEGER{ notAvailable(255), privilege0(0), privilege1(1), privilege2(2), privilege3(3), privilege4(4), privilege5(5), privilege6(6), privilege7(7), privilege8(8), privilege9(9), privilege10(10), privilege11(11), privilege12(12), privilege13(13), privilege14(14) } MAX-ACCESS read-write STATUS current DESCRIPTION "This is only configurable for commands type of event. Enter the threshold command privilege level for which the switch should send accounting information. The switch will send accounting information when commands at the level you specify and higher are executed on the switch." ::= { zyxelAaaAccountingTypeEntry 6 } -- 2. zyxelAaaTrapInfoObjects Traps zyAaaTrapAuthenticationMethod OBJECT-TYPE SYNTAX INTEGER{ snmp(0), ftp(1), console(2), ssh(3), https(4), http(5), telnet(6) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "This trap displays which authentication method is failed." ::= { zyxelAaaTrapInfoObjects 1 } zyAaaTrapAuthorizationMethod OBJECT-TYPE SYNTAX INTEGER { dot1x(0), ssh(1), http(2), telnet(3), ftp(4), console(5) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "This trap displays which authorization method is failed." ::= { zyxelAaaTrapInfoObjects 2 } -- 3. zyxelAaaNotifications Traps zyAaaAuthenticationFailure NOTIFICATION-TYPE OBJECTS { zyAaaTrapAuthenticationMethod } STATUS current DESCRIPTION "Management connection authentication has failed." ::= { zyxelAaaNotifications 1 } zyAaaAuthorizationFailure NOTIFICATION-TYPE OBJECTS { zyAaaTrapAuthorizationMethod } STATUS current DESCRIPTION "Management connection authorization has failed." ::= { zyxelAaaNotifications 2 } END