472 lines
16 KiB
Plaintext
472 lines
16 KiB
Plaintext
CISCOSB-RADIUS-COA DEFINITIONS ::= BEGIN
|
|
|
|
-- Title: CISCOSB CoA Radius Private Extension
|
|
-- Version: 9.50
|
|
-- Date: 01-Jul-2022
|
|
|
|
IMPORTS
|
|
Unsigned32, IpAddress,Counter32,
|
|
MODULE-IDENTITY, OBJECT-TYPE FROM SNMPv2-SMI
|
|
TruthValue, RowStatus, DisplayString,
|
|
DateAndTime, TimeStamp,
|
|
TEXTUAL-CONVENTION FROM SNMPv2-TC
|
|
InetAddressType,InetAddress,InetAddressIPv6 FROM INET-ADDRESS-MIB -- RFC2851
|
|
switch001, rlRadius,rlAAAEap FROM CISCOSB-MIB;
|
|
|
|
rlRadiusCoA MODULE-IDENTITY
|
|
LAST-UPDATED "202207010000Z"
|
|
ORGANIZATION "Cisco Systems, Inc."
|
|
CONTACT-INFO
|
|
"Postal: 170 West Tasman Drive
|
|
San Jose , CA 95134-1706
|
|
USA
|
|
|
|
|
|
Website: Cisco Small Business Support Community <http://www.cisco.com/go/smallbizsupport>"
|
|
|
|
DESCRIPTION
|
|
"The private MIB module definition for CoA Radius feature
|
|
in CISCOSB devices."
|
|
REVISION "202207010000Z"
|
|
DESCRIPTION
|
|
"Added this MODULE-IDENTITY clause."
|
|
::= { switch001 247 }
|
|
|
|
--
|
|
-- Radius CoA Client Inet table
|
|
--
|
|
|
|
rlRadiusCoAClientInetTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF RlRadiusCoAClientInetEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table listing the RADIUS CoA entry."
|
|
::= { rlRadiusCoA 1 }
|
|
|
|
rlRadiusCoAClientInetEntry OBJECT-TYPE
|
|
SYNTAX RlRadiusCoAClientInetEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The entry in RADIUS CoA table."
|
|
INDEX { rlRadiusCoAClientInetAddressType,
|
|
rlRadiusCoAClientInetAddress }
|
|
::= { rlRadiusCoAClientInetTable 1 }
|
|
|
|
|
|
RlRadiusCoAClientInetEntry ::= SEQUENCE {
|
|
rlRadiusCoAClientInetAddressType InetAddressType,
|
|
rlRadiusCoAClientInetAddress InetAddress,
|
|
rlRadiusCoAClientInetKey DisplayString,
|
|
rlRadiusCoAClientInetKeyDigest OCTET STRING,
|
|
rlRadiusCoAClientInetClearCountersAction TruthValue,
|
|
rlRadiusCoAClientInetRowStatus RowStatus
|
|
}
|
|
|
|
rlRadiusCoAClientInetAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Inet address type of RADIUS CoA referred to
|
|
in this table entry."
|
|
::= { rlRadiusCoAClientInetEntry 1}
|
|
|
|
rlRadiusCoAClientInetAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Inet address of the RADIUS CoA
|
|
referred to in this table entry."
|
|
::= { rlRadiusCoAClientInetEntry 2 }
|
|
|
|
rlRadiusCoAClientInetKey OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(0..128|160))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Secret key to be shared with this RADIUS CoA. The key with length of 160 means the key is not set"
|
|
DEFVAL { "" }
|
|
::= { rlRadiusCoAClientInetEntry 3 }
|
|
|
|
rlRadiusCoAClientInetKeyDigest OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Digest of the rlRadiusCoAClientInetKey"
|
|
::= { rlRadiusCoAClientInetEntry 4 }
|
|
|
|
rlRadiusCoAClientInetClearCountersAction OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Set to TRUE to clear the Radius CoA Client counters."
|
|
::= { rlRadiusCoAClientInetEntry 5 }
|
|
|
|
rlRadiusCoAClientInetRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Radius CoA Client Entry status"
|
|
::= { rlRadiusCoAClientInetEntry 6 }
|
|
|
|
|
|
--
|
|
-- Radius CoA Client counters action table
|
|
--
|
|
|
|
rlRadiusCoAClientInetCountersTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF RlRadiusCoAClientInetCountersEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "MIB to show radius CoA counters per client"
|
|
::= { rlRadiusCoA 2 }
|
|
|
|
rlRadiusCoAClientInetCountersEntry OBJECT-TYPE
|
|
SYNTAX RlRadiusCoAClientInetCountersEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "The row definition for this table."
|
|
INDEX { rlRadiusCoAClientInetAddressType,
|
|
rlRadiusCoAClientInetAddress }
|
|
::= { rlRadiusCoAClientInetCountersTable 1 }
|
|
|
|
RlRadiusCoAClientInetCountersEntry::= SEQUENCE {
|
|
rlRadiusCoAClientInetAverageResponseTime Unsigned32,
|
|
rlRadiusCoAClientInetCoARequests Counter32,
|
|
rlRadiusCoAClientInetCoATransactions Counter32,
|
|
rlRadiusCoAClientInetCoARetransmissions Counter32,
|
|
rlRadiusCoAClientInetCoAActiveTransactions Counter32,
|
|
rlRadiusCoAClientInetCoAAckResponses Counter32,
|
|
rlRadiusCoAClientInetCoANakResponses Counter32,
|
|
rlRadiusCoAClientInetCoAInvalidRequests Counter32,
|
|
rlRadiusCoAClientInetCoAErrors Counter32,
|
|
rlRadiusCoAClientInetDisconnectRequests Counter32,
|
|
rlRadiusCoAClientInetDisconnectTransactions Counter32,
|
|
rlRadiusCoAClientInetDisconnectRetransmissions Counter32,
|
|
rlRadiusCoAClientInetDisconnectActiveTransactions Counter32,
|
|
rlRadiusCoAClientInetDisconnectAckResponses Counter32,
|
|
rlRadiusCoAClientInetDisconnectNakResponses Counter32,
|
|
rlRadiusCoAClientInetDisconnectInvalidRequests Counter32,
|
|
rlRadiusCoAClientInetDisconnectErrors Counter32
|
|
}
|
|
|
|
rlRadiusCoAClientInetAverageResponseTime OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Average Ack response time in milliseconds"
|
|
::= { rlRadiusCoAClientInetCountersEntry 1 }
|
|
|
|
rlRadiusCoAClientInetCoARequests OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Counts the CoA Requests received from CoA clients"
|
|
::= { rlRadiusCoAClientInetCountersEntry 2 }
|
|
|
|
rlRadiusCoAClientInetCoATransactions OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Counts CoA completed transactions. A Completed transaction occurs once the
|
|
Switch send an CoA-ACK or CoA-NAK in response to a CoA-Request from a CoA client"
|
|
::= { rlRadiusCoAClientInetCountersEntry 3 }
|
|
|
|
rlRadiusCoAClientInetCoARetransmissions OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Counts received retransmitted CoA Requests. A retransmitted CoA-Requests is a Request in which the Request identifier is identical
|
|
to the identifier of a previous Request"
|
|
::= { rlRadiusCoAClientInetCountersEntry 4 }
|
|
|
|
rlRadiusCoAClientInetCoAActiveTransactions OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Transactions that are currently active. An active transaction is a
|
|
transaction in which a CoA-Request from a COA Client has been received but an CoA-ACK or CoA-NAK
|
|
response has not been sent yet. Once an CoA-ACK or CoA-NAK is sent this counter is decremented"
|
|
::= { rlRadiusCoAClientInetCountersEntry 5 }
|
|
|
|
rlRadiusCoAClientInetCoAAckResponses OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Counts the number of CoA-Ack responses sent by the switch"
|
|
::= { rlRadiusCoAClientInetCountersEntry 6 }
|
|
|
|
rlRadiusCoAClientInetCoANakResponses OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Counts the number of CoA-Nak responses sent by the switch"
|
|
::= { rlRadiusCoAClientInetCountersEntry 7 }
|
|
|
|
rlRadiusCoAClientInetCoAInvalidRequests OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Counts invalid CoA-requests received by the switch. An invalid request is one of the following:
|
|
- A Request in which the secret in the Request does not match the Secret configured on the device
|
|
- A Request with no session identifier
|
|
- A Request with an unsupported attribute
|
|
- A Request in which a supported attribute is empty
|
|
- A Request which is discarded because the event-timestamp is not current, or if eventtimestamp is mandatory and received request does not include this attributes"
|
|
::= { rlRadiusCoAClientInetCountersEntry 8 }
|
|
|
|
rlRadiusCoAClientInetCoAErrors OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Counts errors upon receiving CoA-Request. An error can be an internal error in which a request cannot be
|
|
processed due to resource issue, or if a secret has not been configured for the CoA client"
|
|
::= { rlRadiusCoAClientInetCountersEntry 9 }
|
|
|
|
rlRadiusCoAClientInetDisconnectRequests OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Counts the Disconnect Requests received from CoA clients"
|
|
::= { rlRadiusCoAClientInetCountersEntry 10 }
|
|
|
|
rlRadiusCoAClientInetDisconnectTransactions OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Counts Disconnect completed transactions. A Completed transaction occurs once the
|
|
Switch send an Disconnect-ACK or Disconnect-NAK in response to a Disconnect-Request from a CoA client."
|
|
::= { rlRadiusCoAClientInetCountersEntry 11 }
|
|
|
|
rlRadiusCoAClientInetDisconnectRetransmissions OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Counts received retransmitted Disconnect Requests. A retransmitted Disconnect-Requests is a Request in which the Request identifier is identical
|
|
to the identifier of a previous Request"
|
|
::= { rlRadiusCoAClientInetCountersEntry 12 }
|
|
|
|
rlRadiusCoAClientInetDisconnectActiveTransactions OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Transactions that are currently active. An active transaction is a
|
|
transaction in which a Disconnect-Request from a COA Client has been received but an Disconnect-ACK or Disconnect-NAK
|
|
response has not been sent yet. Once an Disconnect-ACK or Disconnect-NAK is sent this counter is decremented"
|
|
::= { rlRadiusCoAClientInetCountersEntry 13 }
|
|
|
|
rlRadiusCoAClientInetDisconnectAckResponses OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Counts the number of Disconnect-Ack responses sent by the switch"
|
|
::= { rlRadiusCoAClientInetCountersEntry 14 }
|
|
|
|
rlRadiusCoAClientInetDisconnectNakResponses OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Counts the number of Disconnect-Nak responses sent by the switch"
|
|
::= { rlRadiusCoAClientInetCountersEntry 15 }
|
|
|
|
rlRadiusCoAClientInetDisconnectInvalidRequests OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Counts invalid Disconnect-requests received by the switch. An invalid request is one of the following:
|
|
- A Request in which the secret in the Request does not match the Secret configured on the device
|
|
- A Request with no session identifier
|
|
- A Request with an unsupported attribute
|
|
- A Request in which a supported attribute is empty"
|
|
::= { rlRadiusCoAClientInetCountersEntry 16 }
|
|
|
|
rlRadiusCoAClientInetDisconnectErrors OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Counts errors upon receiving Disconnect-Request. An error can be an internal error in which a request cannot be
|
|
processed due to resource issue, or if a secret has not been configured for the CoA client"
|
|
::= { rlRadiusCoAClientInetCountersEntry 17 }
|
|
|
|
|
|
--
|
|
-- Radius CoA Clear All counters
|
|
--
|
|
|
|
rlRadiusCoAClearCountersAction OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"To clear Radius CoA counters for all clients."
|
|
DEFVAL { false }
|
|
::= { rlRadiusCoA 3 }
|
|
|
|
|
|
--
|
|
-- Radius CoA port
|
|
--
|
|
|
|
rlRadiusCoARxUdpPort OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"To define the UDP port used for Radius CoA requests."
|
|
DEFVAL { 3799 }
|
|
::= { rlRadiusCoA 4 }
|
|
|
|
--
|
|
-- Radius CoA Client Default Secret Key
|
|
--
|
|
|
|
rlRadiusCoAGlobalKey OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(0..128|160))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Global Secret key to be shared with this all Radius CoA clients. The key with length of 160 means the key is not set"
|
|
DEFVAL { "" }
|
|
::= { rlRadiusCoA 5 }
|
|
|
|
--
|
|
-- Radius CoA Client Default Secret Key Digest
|
|
--
|
|
|
|
rlRadiusCoAGlobalKeyDigest OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Global Secret key Digest"
|
|
::= { rlRadiusCoA 6 }
|
|
|
|
--
|
|
-- Radius CoA Ignore Secret Key
|
|
--
|
|
|
|
rlRadiusCoAIgnoreServerKey OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"To ignore the CoA server-key"
|
|
DEFVAL { false }
|
|
::= { rlRadiusCoA 7 }
|
|
|
|
--
|
|
-- Radius CoA Event-Timestamp Attribute behavior
|
|
--
|
|
|
|
rlRadiusCoAEventTimeStampDropPacket OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"To configure the device to discard a Packet of Disconnect (POD) Request or Change of
|
|
Authorization (CoA) Request that do not include an Event-Timestamp Attribute"
|
|
DEFVAL { false }
|
|
::= { rlRadiusCoA 8 }
|
|
|
|
--
|
|
-- Radius CoA behavior for username domain stripping for received PoD and CoA
|
|
--
|
|
|
|
RlRadiusCoAUserNameDomainStrippingType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Behavior for username domain stripping for received PoD and CoA"
|
|
SYNTAX INTEGER {
|
|
disable(0),
|
|
leftToRight(1),
|
|
rightToLeft(2)
|
|
}
|
|
|
|
|
|
RlRadiusCoAUserNameDomainDelimiter ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"To configure the username domain delimitator for received PoD and CoA Requests"
|
|
SYNTAX INTEGER {
|
|
at(1),
|
|
hyphen(2),
|
|
slash(3),
|
|
backSlash(4),
|
|
hash(5),
|
|
dollar(6),
|
|
percent(7)
|
|
}
|
|
|
|
rlRadiusCoAUserNameDomainStrippingMethod OBJECT-TYPE
|
|
SYNTAX RlRadiusCoAUserNameDomainStrippingType
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"To enable and define the behavior for username domain stripping for received PoD and CoA
|
|
Requests"
|
|
DEFVAL { disable }
|
|
::= { rlRadiusCoA 9 }
|
|
|
|
--
|
|
-- Radius CoA username domain delimitator for received PoD and CoA Requests
|
|
--
|
|
|
|
rlRadiusCoAUserNameDomainStrippingDelimiter OBJECT-TYPE
|
|
SYNTAX RlRadiusCoAUserNameDomainDelimiter
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"To configure the username domain delimitator for received PoD and CoA Requests"
|
|
DEFVAL { at }
|
|
::= { rlRadiusCoA 10 }
|
|
|
|
--
|
|
-- AAAEAP Ignore disable-port command VSA
|
|
--
|
|
|
|
rlAAAEapIgnoreCommandDisablePort OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"To configure the device to ignore a RADIUS Change of Authorization (CoA) disable port command VSA"
|
|
DEFVAL { false }
|
|
::= { rlRadiusCoA 11 }
|
|
|
|
--
|
|
-- AAAEAP Ignore bounce-port command VSA
|
|
--
|
|
|
|
rlAAAEapIgnoreCommandBouncePort OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"To configure the device to ignore a RADIUS Change of Authorization (CoA) bounce port command VSA"
|
|
DEFVAL { false }
|
|
::= { rlRadiusCoA 12 }
|
|
|
|
END
|