CM-SECURITY-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Integer32, IpAddress, Unsigned32 FROM SNMPv2-SMI DateAndTime, DisplayString, TruthValue, RowStatus, StorageType, TEXTUAL-CONVENTION FROM SNMPv2-TC OBJECT-GROUP, MODULE-COMPLIANCE FROM SNMPv2-CONF fsp150cm FROM ADVA-MIB IpVersion, UserInterfaceType FROM CM-COMMON-MIB Ipv6Address FROM IPV6-TC usmUserEntry FROM SNMP-USER-BASED-SM-MIB SnmpAdminString FROM SNMP-FRAMEWORK-MIB; cmSecurityMIB MODULE-IDENTITY LAST-UPDATED "201606140000Z" ORGANIZATION "ADVA Optical Networking" CONTACT-INFO " Raghav Trivedi ADVA Optical Networking, Inc. Tel: +1 972 759-1239 E-mail: rtrivedi@advaoptical.com Postal: 2301 N. Greenville Ave. #300 Richardson, TX USA 75082" DESCRIPTION "This module defines the Security MIB definitions used by the F3 (FSP150CM/CC) product lines. These are used to manage the user/authentication for CLI/GUI sessions. Copyright (C) ADVA Optical Networking." REVISION "201606140000Z" DESCRIPTION " Notes from release 201606140000Z (1) added cmSecurityUserRemoteCryptoUser to cmSecurityUserTable Notes from release 201602080000Z (1)Added literal netconf to CmSecurityPrivLevel Notes from release 201509180000Z (1)Added cmSecurityCryptoPassword attribute to cmSecurityUserTable Note from release 201106270000Z, (1)Added f3TacacsPrivLevelControlEnabled, f3TacacsDefaultPrivLevel Note from release 201104140000Z, (1)Added cmSecurityUserAction to support remove-lockout Note from release 201101050000Z, (1)Added f3UsmUserTable - an augment to UsmUserTable Note from release 201002120000Z, (1)MIBs updated for supported functionality in R4.3CC and R4.1CM (a)cmRemoteAuthServerTable has new objects cmRemoteAuthServerAccountingPort to support RADIUS accounting Notes from release 200903190000Z, (1)MIB version ready for release FSP150CC GE101, GE206 devices (a)Added Textual convention CmSecurityPolicyStrength (b)Added MIB scalar cmSecurityPolicyStrength (2)Following changes are made to the cmSecurityUserTable, (a)cmSecurityUserPassword column to modify security user password (b)cmSecurityUserStorageType and cmSecurityUserRowStatus columns added thereby allowing creation/deletion of Security Users (c)cmSecurityUserComment, cmSecurityUserPrivLevel, cmSecurityUserLoginTimeout, cmSecurityUserNumFailedLoginAttempts, cmSecurityUserCliPagingEnable columns are now read-write to allow write access. Notes from release 200803030000Z, (1)MIB version ready for release FSP150CM 3.1." ::= {fsp150cm 10} -- -- OID definitions -- cmSecurityObjects OBJECT IDENTIFIER ::= {cmSecurityMIB 1} cmSecurityConformance OBJECT IDENTIFIER ::= {cmSecurityMIB 2} cmSecurityNotifications OBJECT IDENTIFIER ::= {cmSecurityMIB 3} -- -- Textual conventions. -- CmRemoteAuthProtocol ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Enumerations for remote authentication protocol. none - No remote authentication protocol, radius - RADIUS (Remote Authentication Dial-In User Service), tacacs - TACACS+(Terminal Access Controller Access Control System)." SYNTAX INTEGER { none (1), radius (2), tacacs (3) } CmSecurityAccessOrder ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Enumerations for order for security access. local - Local database for user/security validation, remote - Remote protocol for user/security validation." SYNTAX INTEGER { local (1), remote (2) } CmSecurityAuthType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Enumerations for remote authentication protocol types. pap - Password Authentication Protocol, chap - Challenge-Handshake Authentication Protocol." SYNTAX INTEGER { pap (1), chap (2) } CmSecurityPrivLevel ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Enumerations for Security Privilege Level. retrieve - Retrieve Privilege Level (can only VIEW management information), maintenance - Maintenance Privilege Level (can VIEW management, as well as perform maintenance operations such as loopbacks, etherjack diagnosis etc.) provisioning - Provisioning Privilege Level (can perform Provisioning operations) superuser - Super User Privilege Level (can perform all operations) testuser - Retrieve Privilege Level and some maintenance, provisioning operations. cryptouser - Crypto User Privilege Level (can perform security operations) netconf - NETCONF Privilege Level" SYNTAX INTEGER { not-applicable(0), retrieve (1), maintenance (2), provisioning (3), superuser (4), testuser (5), cryptouser (6), netconf (7) } CmRemoteAuthOrder ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Enumerations for order for remote authentication access. first - first to access the remote authentication, second - second to access the remote authentication, third - third to access the remote authentication." SYNTAX INTEGER { first (1), second (2), third (3) } CmSecurityPolicyStrength ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Enumerations for security policy strength low - Low Security Policy, medium - Medium Security Policy, high - High Security Policy." SYNTAX INTEGER { low (1), medium (2), high (3) } UsmUserAccessType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Enumerations for type of USM User read-only - Read only, read-write - Read write , trap-only - Trap Only." SYNTAX INTEGER { read-only (1), read-write (2), trap-only (3) } SecurityUserAction ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Provides ability to manage security users." SYNTAX INTEGER { not-applicable(0), remove-lockout(1) -- removes the locked out condition on security user } SnmpSecurityTrapType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Provides ability to manage security traps. all - trap is reported when user logs in, logs out or is locked out loginFailed - trap is reported only when user failed to log in disabled - security traps are disabled." SYNTAX INTEGER { all(1), loginFailed(2), disabled(3) } PrivilegeRequestAction ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Privilege request action." SYNTAX INTEGER { undefined(0), none(1), approve(2), deny(3), cancel(4) } PrivilegeRequestState ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Privilege request state." SYNTAX INTEGER { none(1), requestSent(2), requestCanceled(3), requestApproved(4), requestDenied(5), requestTimeout(6), accessExpired(7), accessCanceled(8) } -- -- Scalar definitions. -- cmAuthProtocol OBJECT-TYPE SYNTAX CmRemoteAuthProtocol MAX-ACCESS read-write STATUS current DESCRIPTION "Remote user authentication protocol." ::= { cmSecurityObjects 1 } cmAccessOrder OBJECT-TYPE SYNTAX CmSecurityAccessOrder MAX-ACCESS read-write STATUS current DESCRIPTION "Order of access for security, i.e. try 'local' first or 'remote' first." ::= { cmSecurityObjects 2 } cmAuthType OBJECT-TYPE SYNTAX CmSecurityAuthType MAX-ACCESS read-write STATUS current DESCRIPTION "In case of remote authentication, the chosen protocol." ::= { cmSecurityObjects 3 } cmNASIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "In case of remote authentication RADIUS, the Network Access Server's IP Address." ::= { cmSecurityObjects 4 } -- cmSecurityUserTable is { cmSecurityObjects 5 } -- cmRemoteAuthServerTable is { cmSecurityObjects 6 } cmSecurityPolicyStrength OBJECT-TYPE SYNTAX CmSecurityPolicyStrength MAX-ACCESS read-write STATUS current DESCRIPTION "This object represents the security policy strength of the system. Based on this value, the system puts additional restrictions on the user id and password rules." ::= { cmSecurityObjects 7 } cmRemoteAuthServerAccountingEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object allows to enable/disable RADIUS Accounting on all authentication servers." ::= { cmSecurityObjects 8 } -- f3UsmUserTable is { cmSecurityObjects 9 } f3TacacsPrivLevelControlEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object allows to enable/disable the use of ENABLE authorization control to determine the Privilege Level configured by the remote authentication server. This object is only valid for TACACS+. Default value of this object is TRUE." ::= { cmSecurityObjects 10 } f3TacacsDefaultPrivLevel OBJECT-TYPE SYNTAX CmSecurityPrivLevel MAX-ACCESS read-write STATUS current DESCRIPTION "This object allows specification of the default privilege level of the TACACS+ user, when the use of ENABLE authorization control is DISABLED, i.e. f3TacacsPrivLevelControlEnabled is set to FALSE." ::= { cmSecurityObjects 11 } f3NasIpv6Addr OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-write STATUS current DESCRIPTION "This object describe the ipv6 address." ::= { cmSecurityObjects 12 } f3SecurityTrapType OBJECT-TYPE SYNTAX SnmpSecurityTrapType MAX-ACCESS read-write STATUS current DESCRIPTION "This object provides ability to manage whether report security trap." ::= { cmSecurityObjects 13 } f3SecurityTrapInfo OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "This object is used to describe the security trap info. This object is used only in trap and GET operation on this object will return empty string." ::= { cmSecurityObjects 14 } -- f3PrivilegeChangeTable is { CmSecurityObjects 15 } f3UserPrivMgmtControl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to enable/disable User Privilege Management." ::= { cmSecurityObjects 16 } f3UserPrivRspTimeout OBJECT-TYPE SYNTAX Integer32 (1..60) UNITS "minutes" MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to set response timeout for user privilege upgrade request in minutes." ::= { cmSecurityObjects 17 } -- -- Table definitions. -- -- -- Security User Table -- cmSecurityUserTable OBJECT-TYPE SYNTAX SEQUENCE OF CmSecurityUserEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of entries corresponding to the security users. Entries cannot be created in this table by management application action." ::= { cmSecurityObjects 5 } cmSecurityUserEntry OBJECT-TYPE SYNTAX CmSecurityUserEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing information applicable to a particular security user." INDEX { cmSecurityUserName, cmSecurityUserRemoteUser } ::= { cmSecurityUserTable 1 } CmSecurityUserEntry ::= SEQUENCE { cmSecurityUserName DisplayString, cmSecurityUserComment DisplayString, cmSecurityUserPrivLevel CmSecurityPrivLevel, cmSecurityUserLoginTimeout Integer32, cmSecurityUserNumFailedLoginAttempts Integer32, cmSecurityUserLastLoginTime DateAndTime, cmSecurityUserLockedout TruthValue, cmSecurityUserLastLockedoutTime DateAndTime, cmSecurityUserCliPagingEnable TruthValue, cmSecurityUserRemoteUser TruthValue, cmSecurityUserPassword DisplayString, cmSecurityUserStorageType StorageType, cmSecurityUserRowStatus RowStatus, cmSecurityUserAction SecurityUserAction, cmSecurityCryptoPassword DisplayString, cmSecurityUserRemoteCryptoUser TruthValue } cmSecurityUserName OBJECT-TYPE SYNTAX DisplayString (SIZE (1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "Security User Name." ::= { cmSecurityUserEntry 1 } cmSecurityUserComment OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-create STATUS current DESCRIPTION "Notes on Security User." ::= { cmSecurityUserEntry 2 } cmSecurityUserPrivLevel OBJECT-TYPE SYNTAX CmSecurityPrivLevel MAX-ACCESS read-create STATUS current DESCRIPTION "Security User Privilege Level." ::= { cmSecurityUserEntry 3 } cmSecurityUserLoginTimeout OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "Security User Login Timeout." ::= { cmSecurityUserEntry 4 } cmSecurityUserNumFailedLoginAttempts OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Security User Number of Failed Login Attempts." ::= { cmSecurityUserEntry 5 } cmSecurityUserLastLoginTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Security User Last Login Time." ::= { cmSecurityUserEntry 6 } cmSecurityUserLockedout OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Whether the security user has been locked out." ::= { cmSecurityUserEntry 7 } cmSecurityUserLastLockedoutTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Security User Last Locked out Time." ::= { cmSecurityUserEntry 8 } cmSecurityUserCliPagingEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Whether the security user has CLI paging enabled." ::= { cmSecurityUserEntry 9 } cmSecurityUserRemoteUser OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Whether the security user is a remote user." ::= { cmSecurityUserEntry 10 } cmSecurityUserPassword OBJECT-TYPE SYNTAX DisplayString (SIZE (0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "Password of the security user. Note that this attribute is a SET only attribute." ::= { cmSecurityUserEntry 11 } cmSecurityUserStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of storage configured for this entry." ::= { cmSecurityUserEntry 12 } cmSecurityUserRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this row. An entry MUST NOT exist in the active state unless all objects in the entry have an appropriate value, as described in the description clause for each writable object. The values of cmSecurityUserRowStatus supported are createAndGo(4) and destroy(6). All mandatory attributes must be specified in a single SNMP SET request with cmSecurityUserRowStatus value as createAndGo(4). Upon successful row creation, this object has a value of active(1). The cmSecurityUserRowStatus object may be modified if the associated instance of this object is equal to active(1)." ::= { cmSecurityUserEntry 13 } cmSecurityUserAction OBJECT-TYPE SYNTAX SecurityUserAction MAX-ACCESS read-write STATUS current DESCRIPTION "This object provides ability to perform specific actions on security user. remove-lockout - this removes the locked out condition on the security user ." ::= { cmSecurityUserEntry 14 } cmSecurityCryptoPassword OBJECT-TYPE SYNTAX DisplayString (SIZE (0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "Second level password used in connectguard configurations. This applies only to crypto users. Note that this attribute is a SET only attribute." ::= { cmSecurityUserEntry 15 } cmSecurityUserRemoteCryptoUser OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates if a security user is a remote crypto user." ::= { cmSecurityUserEntry 16 } -- -- Remote Authentication Server Table -- cmRemoteAuthServerTable OBJECT-TYPE SYNTAX SEQUENCE OF CmRemoteAuthServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of entries corresponding to the remote authentication servers. Entries cannot be created in this table by management application action." ::= { cmSecurityObjects 6 } cmRemoteAuthServerEntry OBJECT-TYPE SYNTAX CmRemoteAuthServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing information applicable to a particular remote authentication server." INDEX { cmRemoteAuthServerIndex } ::= { cmRemoteAuthServerTable 1 } CmRemoteAuthServerEntry ::= SEQUENCE { cmRemoteAuthServerIndex Integer32, cmRemoteAuthServerEnabled TruthValue, cmRemoteAuthServerOrder CmRemoteAuthOrder, cmRemoteAuthServerIpAddress IpAddress, cmRemoteAuthServerPort Integer32, cmRemoteAuthServerNumRetries Integer32, cmRemoteAuthServerTimeout Integer32, cmRemoteAuthServerSecret DisplayString, cmRemoteAuthServerAccountingPort Integer32, cmRemoteAuthServerIpVersion IpVersion, cmRemoteAuthServerIpv6Addr Ipv6Address } cmRemoteAuthServerIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Unique index to address/configure a specific Remote Authentication Server." ::= { cmRemoteAuthServerEntry 1 } cmRemoteAuthServerEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object allows enabling/disabling a Remote Authentication Server." ::= { cmRemoteAuthServerEntry 2 } cmRemoteAuthServerOrder OBJECT-TYPE SYNTAX CmRemoteAuthOrder MAX-ACCESS read-write STATUS current DESCRIPTION "This object determines the order in which the Remote Authentication Servers are accessed for security information." ::= { cmRemoteAuthServerEntry 3 } cmRemoteAuthServerIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object allows to specify an IP Address for the Remote Authentication Server." ::= { cmRemoteAuthServerEntry 4 } cmRemoteAuthServerPort OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "This object allows to specify a Port for Remote Authentication Server." ::= { cmRemoteAuthServerEntry 5 } cmRemoteAuthServerNumRetries OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "This object allows to specify the number of retries the Remote Authentication Server must be tried for security access before giving up." ::= { cmRemoteAuthServerEntry 6 } cmRemoteAuthServerTimeout OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "This object allows to specify the timeout period for timing out a security access request to the Remote Authentication Server." ::= { cmRemoteAuthServerEntry 7 } cmRemoteAuthServerSecret OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "This allows configuration of secret password for Remote Authentication Server request." ::= { cmRemoteAuthServerEntry 8 } cmRemoteAuthServerAccountingPort OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "This object allows to specify a Port for RADIUS Accounting." ::= { cmRemoteAuthServerEntry 9 } cmRemoteAuthServerIpVersion OBJECT-TYPE SYNTAX IpVersion MAX-ACCESS read-write STATUS current DESCRIPTION "This object describe the Ip Version." ::= { cmRemoteAuthServerEntry 10 } cmRemoteAuthServerIpv6Addr OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-write STATUS current DESCRIPTION "This object describe the Ipv6 Address." ::= { cmRemoteAuthServerEntry 11 } -- -- USM User Extension Table -- f3UsmUserTable OBJECT-TYPE SYNTAX SEQUENCE OF F3UsmUserEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table is the extension of the F3 USM User Table." ::= { cmSecurityObjects 9 } f3UsmUserEntry OBJECT-TYPE SYNTAX F3UsmUserEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the F3 USM User Table." AUGMENTS { usmUserEntry } ::= { f3UsmUserTable 1 } F3UsmUserEntry ::= SEQUENCE { f3UsmUserAccessType UsmUserAccessType } f3UsmUserAccessType OBJECT-TYPE SYNTAX UsmUserAccessType MAX-ACCESS read-only STATUS current DESCRIPTION "This indicates the type of USM User, read-only, read-write, trap-only." ::= { f3UsmUserEntry 1 } f3PrivilegeChangeTable OBJECT-TYPE SYNTAX SEQUENCE OF F3PrivilegeChangeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table is used for Restricted User Login via NMS. This is for users with lower privileges to elevate them to higher ones for limited amount of time." ::= { cmSecurityObjects 15 } f3PrivilegeChangeEntry OBJECT-TYPE SYNTAX F3PrivilegeChangeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Column for privilegeChangeTable." INDEX { f3PrivilegeChangeId } ::= { f3PrivilegeChangeTable 1 } F3PrivilegeChangeEntry ::= SEQUENCE { f3PrivilegeChangeId Unsigned32, f3PrivilegeChangeUserName SnmpAdminString, f3PrivilegeChangeIpv4Address IpAddress, f3PrivilegeChangeIpv6Address Ipv6Address, f3PrivilegeChangeTerminalIpv4Address IpAddress, f3PrivilegeChangeTerminalIpv6Address Ipv6Address, f3PrivilegeChangeInterface UserInterfaceType, f3PrivilegeChangeCurrentPrivilege CmSecurityPrivLevel, f3PrivilegeChangeRequestedPrivilege CmSecurityPrivLevel, f3PrivilegeChangeDuration Unsigned32, f3PrivilegeChangeAction PrivilegeRequestAction, f3PrivilegeChangeState PrivilegeRequestState, f3PrivilegeChangeRemainingTime Unsigned32, f3PrivilegeChangeRemoteName SnmpAdminString } f3PrivilegeChangeId OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Unique index identifying a request." ::= { f3PrivilegeChangeEntry 1 } f3PrivilegeChangeUserName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The name string for user authentication purposes" ::= { f3PrivilegeChangeEntry 2 } f3PrivilegeChangeIpv4Address OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "IPv4 address of interface to which user's terminal is connected." ::= { f3PrivilegeChangeEntry 3 } f3PrivilegeChangeIpv6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-only STATUS current DESCRIPTION "IPv6 address of interface to which user's terminal is connected." ::= { f3PrivilegeChangeEntry 4 } f3PrivilegeChangeTerminalIpv4Address OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Source IPv4 address of connected terminal." ::= { f3PrivilegeChangeEntry 5 } f3PrivilegeChangeTerminalIpv6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-only STATUS current DESCRIPTION "Source IPv6 address of connected terminal." ::= { f3PrivilegeChangeEntry 6 } f3PrivilegeChangeInterface OBJECT-TYPE SYNTAX UserInterfaceType MAX-ACCESS read-only STATUS current DESCRIPTION "Interface used by the user" ::= { f3PrivilegeChangeEntry 7 } f3PrivilegeChangeCurrentPrivilege OBJECT-TYPE SYNTAX CmSecurityPrivLevel MAX-ACCESS read-only STATUS current DESCRIPTION "Current privilege level of the user, who is requesting role upgrade." ::= { f3PrivilegeChangeEntry 8 } f3PrivilegeChangeRequestedPrivilege OBJECT-TYPE SYNTAX CmSecurityPrivLevel MAX-ACCESS read-only STATUS current DESCRIPTION "Privilege requested by user for session." ::= { f3PrivilegeChangeEntry 9 } f3PrivilegeChangeDuration OBJECT-TYPE SYNTAX Unsigned32 (1..480) UNITS "minutes" MAX-ACCESS read-only STATUS current DESCRIPTION "Requested time period by user (in minutes)." ::= { f3PrivilegeChangeEntry 10 } f3PrivilegeChangeAction OBJECT-TYPE SYNTAX PrivilegeRequestAction MAX-ACCESS read-write STATUS current DESCRIPTION "Privilege request action." ::= { f3PrivilegeChangeEntry 11 } f3PrivilegeChangeState OBJECT-TYPE SYNTAX PrivilegeRequestState MAX-ACCESS read-only STATUS current DESCRIPTION "Privilege request state." ::= { f3PrivilegeChangeEntry 12 } f3PrivilegeChangeRemainingTime OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "Time remaining in session with upgrade user privilege (in seconds)." ::= { f3PrivilegeChangeEntry 13 } f3PrivilegeChangeRemoteName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The name string for Radius/Tacacs authentication purposes." ::= { f3PrivilegeChangeEntry 14 } --- ---Notifications --- f3SecurityTrap NOTIFICATION-TYPE STATUS current DESCRIPTION "This is security trap. Security traps are reported according to value of f3SecurityTrapType object." ::= { cmSecurityNotifications 1 } f3PrivilegeChangeTrap NOTIFICATION-TYPE OBJECTS { f3PrivilegeChangeState, f3PrivilegeChangeUserName, f3PrivilegeChangeIpv4Address, f3PrivilegeChangeIpv6Address, f3PrivilegeChangeTerminalIpv4Address, f3PrivilegeChangeTerminalIpv6Address, f3PrivilegeChangeInterface, f3PrivilegeChangeCurrentPrivilege, f3PrivilegeChangeRequestedPrivilege, f3PrivilegeChangeDuration } STATUS current DESCRIPTION "This trap is sent every time a privilege change request is changed (added, modified, removed)." ::= { cmSecurityNotifications 2 } -- -- Conformance -- cmSecurityCompliances OBJECT IDENTIFIER ::= {cmSecurityConformance 1} cmSecurityGroups OBJECT IDENTIFIER ::= {cmSecurityConformance 2} cmSecurityCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "Describes the requirements for conformance to the CM Security group." MODULE -- this module MANDATORY-GROUPS { cmSecurityObjectGroup } ::= { cmSecurityCompliances 1 } cmSecurityObjectGroup OBJECT-GROUP OBJECTS { cmAuthProtocol, cmAccessOrder, cmAuthType, cmNASIpAddress, cmSecurityPolicyStrength, cmRemoteAuthServerAccountingEnabled, f3TacacsPrivLevelControlEnabled, f3TacacsDefaultPrivLevel, f3NasIpv6Addr, f3SecurityTrapType, f3SecurityTrapInfo, cmSecurityUserName, cmSecurityUserComment, cmSecurityUserPrivLevel, cmSecurityUserLoginTimeout, cmSecurityUserNumFailedLoginAttempts, cmSecurityUserLastLoginTime, cmSecurityUserLockedout, cmSecurityUserLastLockedoutTime, cmSecurityUserCliPagingEnable, cmSecurityUserRemoteUser, cmSecurityUserPassword, cmSecurityUserStorageType, cmSecurityUserRowStatus, cmSecurityUserAction, cmSecurityCryptoPassword, cmRemoteAuthServerIndex, cmRemoteAuthServerEnabled, cmRemoteAuthServerOrder, cmRemoteAuthServerIpAddress, cmRemoteAuthServerPort, cmRemoteAuthServerNumRetries, cmRemoteAuthServerTimeout, cmRemoteAuthServerSecret, cmRemoteAuthServerAccountingPort, cmRemoteAuthServerIpVersion, cmRemoteAuthServerIpv6Addr, f3UsmUserAccessType, f3PrivilegeChangeUserName, f3PrivilegeChangeIpv4Address, f3PrivilegeChangeIpv6Address, f3PrivilegeChangeTerminalIpv4Address, f3PrivilegeChangeTerminalIpv6Address, f3PrivilegeChangeInterface, f3PrivilegeChangeCurrentPrivilege, f3PrivilegeChangeRequestedPrivilege, f3PrivilegeChangeDuration, f3PrivilegeChangeAction, f3PrivilegeChangeState, f3PrivilegeChangeRemainingTime, f3PrivilegeChangeRemoteName } STATUS current DESCRIPTION "A collection of objects used to manage the CM Security group." ::= { cmSecurityGroups 1 } cmSecurityNotifGroup NOTIFICATION-GROUP NOTIFICATIONS { f3SecurityTrap } STATUS current DESCRIPTION "A collection of notifications used in the CM Security group." ::= { cmSecurityGroups 2 } END