-- This file is corresponding to Release 9.1.10.101 from 2014/08/11 00:00:00 -- (C)opyright 2004-2014 bintec elmeg GmbH, All Rights Reserved -- $RCSfile: mibtacacsp,v $ -- $Revision: 1.7 $ BIANCA-BRICK-TACACSP-MIB DEFINITIONS ::= BEGIN IMPORTS Counter, IpAddress, enterprises FROM RFC1155-SMI DisplayString FROM RFC1158-MIB OBJECT-TYPE FROM RFC-1212; bintec OBJECT IDENTIFIER ::= { enterprises 272 } bintecsec OBJECT IDENTIFIER ::= { bintec 254 } tacacsp OBJECT IDENTIFIER ::= { bintecsec 13 } tacacspServerTable OBJECT-TYPE SYNTAX SEQUENCE OF TacacspServerEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "" ::= { tacacsp 1 } tacacspServerEntry OBJECT-TYPE SYNTAX TacacspServerEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "" INDEX { tacacspSrvPriority } ::= { tacacspServerTable 1 } TacacspServerEntry ::= SEQUENCE { tacacspSrvPriority INTEGER, tacacspSrvAddress IpAddress, tacacspSrvTcpPort INTEGER, tacacspSrvSecret DisplayString, tacacspSrvTimeout INTEGER, -- tacacspSrvRetries INTEGER, tacacspSrvAdminStatus INTEGER, tacacspSrvOperStatus INTEGER, tacacspSrvPolicy INTEGER, tacacspSrvEncrMode INTEGER, tacacspSrvMultiSession INTEGER, -- tacacspSrvKeepalive INTEGER, tacacspSrvPppAuth INTEGER, tacacspSrvLoginAuth INTEGER, tacacspSrvAccounting INTEGER, tacacspSrvBlockTimeout INTEGER, tacacspSrvAuthentNoResp INTEGER, tacacspSrvAuthentNegResp INTEGER, tacacspSrvPrivLvlOnLogin INTEGER } tacacspSrvPriority OBJECT-TYPE SYNTAX INTEGER (0..9) ACCESS read-write STATUS mandatory DESCRIPTION "The TACACS+ server with the lowest priority is the first used for an TACACS+ AAA request. If there is no response or the access was denied (in the non-authoritave case only, see also tacacspSrvPolicy) the TACACS+ server with the next lowest priority will be used. The default value is 0." DEFVAL { 0 } ::= { tacacspServerEntry 1 } tacacspSrvAddress OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "The TACACS+ server IP address." ::= { tacacspServerEntry 2 } tacacspSrvTcpPort OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The Login Host Protocol (TACACS) TCP port assigned by the IANA." DEFVAL { 49 } ::= { tacacspServerEntry 3 } tacacspSrvSecret OBJECT-TYPE SYNTAX DisplayString ACCESS read-write STATUS mandatory DESCRIPTION "The shared secret between the TACACS+ server and the NAS (encryption key in the TACACS+ server's configuration file)." DEFVAL { "" } ::= { tacacspServerEntry 4 } tacacspSrvTimeout OBJECT-TYPE SYNTAX INTEGER (1..60) ACCESS read-write STATUS mandatory DESCRIPTION "The amount of seconds waiting for an outstanding TACACS+ response. Default is three seconds." DEFVAL { 3 } ::= { tacacspServerEntry 5 } -- tacacspSrvRetries OBJECT-TYPE -- SYNTAX INTEGER (0..10) -- ACCESS read-write -- STATUS mandatory -- -- DESCRIPTION -- "The number of retries sent for each request." -- DEFVAL { 1 } -- ::= { tacacspServerEntry 6 } tacacspSrvAdminStatus OBJECT-TYPE SYNTAX INTEGER { up(1), down(2), delete(3) } ACCESS read-write STATUS mandatory DESCRIPTION "The administrative status of this TACACS+ server entry, if set to up(1) the associated server will be used for authentication, authorization and accounting according the priority (see tacacspSrvPriority) and the current operational status (see tacacspSrvOperStatus). Otherwise this entry will not be considered for TACACS+ AAA requests." DEFVAL { up } ::= { tacacspServerEntry 7 } tacacspSrvOperStatus OBJECT-TYPE SYNTAX INTEGER { up(1), blocked(2), down(3) } ACCESS read-only STATUS mandatory DESCRIPTION "The operational status of this TACACS+ server entry, the status blocked will be set after a failed TACACS+ request. If set to blocked(2) or down(3) this entry will not be considered for TACACS+ AAA requests." DEFVAL { up } ::= { tacacspServerEntry 8 } tacacspSrvPolicy OBJECT-TYPE SYNTAX INTEGER { authoritative(1), non-authoritative(2) } ACCESS read-write STATUS mandatory DESCRIPTION "If set to authoritative(1), a negative answer to a request will be accepted. This is not necessarily true when set to non-authoritative(2), where the next TACACS+ server will be asked until there is finally an authoritative(1) server configured." DEFVAL { non-authoritative } ::= { tacacspServerEntry 9 } tacacspSrvEncrMode OBJECT-TYPE SYNTAX INTEGER { encrypt(1), cleartext(2) } ACCESS read-write STATUS mandatory DESCRIPTION "If set to encrypt(1) the TACACS+ packet will be MD5 encrypted. Otherwise - if set to cleartext(2) - the packet and therefore all related information will be send unencrypted. This mode is intended for testing but not recommended for normal use." DEFVAL { encrypt } ::= { tacacspServerEntry 10 } tacacspSrvMultiSession OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } ACCESS read-write STATUS mandatory DESCRIPTION "If enabled(1) multiple TACACS+ sessions (subsequent TACACS+ requests) may be supported simultaneously over a single TCP connection. If multiple sessions are not being multiplexed over a single TCP connection, a new connection will be opened for each TACACS+ session and closed at the end of that session." DEFVAL { disabled } ::= { tacacspServerEntry 11 } -- tacacspSrvKeepalive OBJECT-TYPE -- SYNTAX INTEGER { -- enabled(1), -- disabled(2) -- } -- ACCESS read-write -- STATUS mandatory -- -- DESCRIPTION -- "Enables the periodicaly keep alive check of established -- (see tacacspSrvOperStatus) TACACS+ server." -- DEFVAL { disabled } -- ::= { tacacspServerEntry 12 } tacacspSrvPppAuth OBJECT-TYPE SYNTAX INTEGER { disabled(1), enabled(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Enables the PPP authentication for the associated TACACS+ server." DEFVAL { disabled } ::= { tacacspServerEntry 13 } tacacspSrvLoginAuth OBJECT-TYPE SYNTAX INTEGER { disabled(1), enabled(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Enables the login authentication (shell) for the associated TACACS+ server." DEFVAL { enabled } ::= { tacacspServerEntry 14 } tacacspSrvAccounting OBJECT-TYPE SYNTAX INTEGER { disabled(1), enabled(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Enables the TACACS+ accounting for the associated TACACS+ server." DEFVAL { disabled } ::= { tacacspServerEntry 15 } tacacspSrvBlockTimeout OBJECT-TYPE SYNTAX INTEGER (0..3600) ACCESS read-write STATUS mandatory DESCRIPTION "Timeout in seconds for the blocked status (see also tacacspSrvOperStatus), if expired, the operational status is set to up(1) or down(3) according the the current tacacspSrvAdminStatus. When set to zero, the operational status is never set to blocked." DEFVAL { 60 } ::= { tacacspServerEntry 16 } tacacspSrvAuthentNoResp OBJECT-TYPE SYNTAX INTEGER { connection-bydefault(1), connection-bylocalloginpwd(2), connection-forbidden(3) } ACCESS read-write STATUS mandatory DESCRIPTION "Possible actions for the client when no response from servers : - allowing the connection to the router by local login pwd (2) - or stop the negociation (3)." DEFVAL { 1 } ::= { tacacspServerEntry 17 } tacacspSrvAuthentNegResp OBJECT-TYPE SYNTAX INTEGER { connection-bydefault(1), connection-bylocalloginpwd(2), connection-forbidden(3) } ACCESS read-write STATUS mandatory DESCRIPTION "Possible actions for the client when negative response : from servers. - allowing the connection to the router by local login pwd (2) - or stop the negociation (3)." DEFVAL { 1 } ::= { tacacspServerEntry 18 } tacacspSrvPrivLvlOnLogin OBJECT-TYPE SYNTAX INTEGER (-1..15) ACCESS read-write STATUS mandatory DESCRIPTION "Configurable TACACS+ privilege level assigned after successful authentication procedure. This user-specific privilege level is needed for the subsequent command authorization request(s). Note that the user is free to change that initial privilege level via the 'enab' command, provided that it's enabled on the TACACS+ server. If set to -1, this parameter will be ignored." DEFVAL { 1 } ::= { tacacspServerEntry 19 } END