314 lines
11 KiB
Plaintext
314 lines
11 KiB
Plaintext
|
|
RC-TACACS-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE, Integer32
|
|
FROM SNMPv2-SMI
|
|
TEXTUAL-CONVENTION, RowStatus, TruthValue
|
|
FROM SNMPv2-TC
|
|
InetAddressType, InetAddress, InetPortNumber
|
|
FROM INET-ADDRESS-MIB
|
|
rcTacacs
|
|
FROM RAPID-CITY;
|
|
|
|
rcTacacsMib MODULE-IDENTITY
|
|
LAST-UPDATED "201512240000Z"
|
|
ORGANIZATION "Bay Networks, Rapid-City Group"
|
|
CONTACT-INFO "Yu-Ten Lee
|
|
Postal: Nortel Networks, Inc.
|
|
4655 Great America Parkway
|
|
Santa Clara, CA 95052-8185
|
|
|
|
Tel: 408-495-2560
|
|
Fax: 408-495-6680
|
|
E-mail: ylee@nortelnetworks.com"
|
|
|
|
DESCRIPTION "Enterprise MIB for TACACS"
|
|
|
|
REVISION "201512240000Z" -- 24 December 2015
|
|
DESCRIPTION "Version 13: Increased the range of rcTacacsGlobalLastUserName
|
|
from 1..128 to 0..128. (prempa)"
|
|
|
|
REVISION "200804070000Z" -- 7 Apr 2008
|
|
DESCRIPTION "Version 12: Added rcTacacsNncliCommandAuthorizationEnabled
|
|
and rcTacacsNncliCommandAuthorizationLevels."
|
|
|
|
REVISION "200804020000Z" -- 02 Apr 2008
|
|
DESCRIPTION "Version 11: Change syntax of rcTacacsAccounting and
|
|
rcTacacsAuthentication to BITS."
|
|
|
|
REVISION "200712260000Z" -- 26 Dec 2007
|
|
DESCRIPTION "Version 10: Added rcTacacsAccounting and rcTacacsAuthentication nodes"
|
|
|
|
REVISION "200608220000Z" -- 22 Aug 2006
|
|
DESCRIPTION "Version 9: Changed the description for rcTacacsServerPortNumber"
|
|
|
|
REVISION "200511180000Z" -- 18 Nov 2005
|
|
DESCRIPTION "Version 8: Changed the description for rcTacacsServerPortNumber"
|
|
|
|
REVISION "200509070000Z" -- 07 Sep 2005
|
|
DESCRIPTION "Version 7: Updated the desc for rcTacacsServerKey"
|
|
|
|
REVISION "200506090000Z" -- 09 June 2005
|
|
DESCRIPTION "Version 6: Changed the default value for sourceIpInterfaceEnable"
|
|
|
|
REVISION "200505240000Z" -- 24 May 2005
|
|
DESCRIPTION "Version 5: Updated rcTacacs numbering"
|
|
|
|
REVISION "200505100000Z" -- 10 May 2005
|
|
DESCRIPTION "Version 4: Updated the range on rcTacacsServerTimeout"
|
|
|
|
REVISION "200504200000Z" -- 20 April 2005
|
|
DESCRIPTION "Version 3: Updated rcTacacsGlobalLastUserName.
|
|
Reversed rcTacacs and rcTacacsMib."
|
|
|
|
REVISION "200504060000Z" -- 06 April 2005
|
|
DESCRIPTION "Version 2: Added IPv6 support. Eliminated textual-conventions.
|
|
General cleanup."
|
|
|
|
REVISION "200502160000Z" -- 16 February 2005
|
|
DESCRIPTION "Version 1: Initial version"
|
|
|
|
::= { rcTacacs 0 }
|
|
|
|
-- --------------------------------------------------
|
|
-- rcTacacsGlobal Group
|
|
-- --------------------------------------------------
|
|
|
|
rcTacacsGlobal OBJECT IDENTIFIER ::= { rcTacacs 1 }
|
|
|
|
rcTacacsGlobalEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Enable/disable this feature."
|
|
DEFVAL { false }
|
|
::= { rcTacacsGlobal 1 }
|
|
|
|
rcTacacsGlobalLastUserName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "The last user for which authentication was attempted using TACACS+."
|
|
::= { rcTacacsGlobal 2 }
|
|
|
|
rcTacacsGlobalLastAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "The type of address for the TACACS+ server that was most recently accessed"
|
|
::= { rcTacacsGlobal 3 }
|
|
|
|
rcTacacsGlobalLastAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "The address of the TACACS+ server that was most recently accessed"
|
|
::= { rcTacacsGlobal 4 }
|
|
|
|
rcTacacsAccounting OBJECT-TYPE
|
|
SYNTAX BITS {
|
|
cli(0),
|
|
ppp(1)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Determines which application will be accounted by tacacs+."
|
|
DEFVAL { { } }
|
|
::= { rcTacacsGlobal 5 }
|
|
|
|
rcTacacsAuthentication OBJECT-TYPE
|
|
SYNTAX BITS {
|
|
cli(0),
|
|
ppp(1),
|
|
web(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Determines which application will be authenticated by tacacs+."
|
|
DEFVAL { { cli } }
|
|
::= { rcTacacsGlobal 6 }
|
|
|
|
rcTacacsNncliCommandAuthorizationEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "This object controls whether TACACS+ will be used for
|
|
authorization of individual NNCLI commands."
|
|
DEFVAL { false }
|
|
::= { rcTacacsGlobal 7 }
|
|
|
|
rcTacacsNncliCommandAuthorizationLevels OBJECT-TYPE
|
|
SYNTAX BITS {
|
|
level0(0),
|
|
level1(1),
|
|
level2(2),
|
|
level3(3),
|
|
level4(4),
|
|
level5(5),
|
|
level6(6),
|
|
level7(7),
|
|
level8(8),
|
|
level9(9),
|
|
level10(10),
|
|
level11(11),
|
|
level12(12),
|
|
level13(13),
|
|
level14(14),
|
|
level15(15)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "This object controls which NNCLI command privilege levels
|
|
will be authorized by TACACS+."
|
|
DEFVAL { { } }
|
|
::= { rcTacacsGlobal 8 }
|
|
|
|
|
|
-- --------------------------------------------------
|
|
-- rcTacacsServerTable
|
|
-- --------------------------------------------------
|
|
|
|
rcTacacsServerTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF RcTacacsServerEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "The (conceptual) table listing the TACACS+ servers with
|
|
which the client shares a secret."
|
|
::= { rcTacacs 2 }
|
|
|
|
rcTacacsServerEntry OBJECT-TYPE
|
|
SYNTAX RcTacacsServerEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "An entry (conceptual row) representing a TACACS+ server
|
|
with which the client shares a secret."
|
|
INDEX { rcTacacsServerAddressType, rcTacacsServerAddress }
|
|
::= { rcTacacsServerTable 1 }
|
|
|
|
RcTacacsServerEntry ::= SEQUENCE {
|
|
rcTacacsServerAddressType InetAddressType,
|
|
rcTacacsServerAddress InetAddress,
|
|
rcTacacsServerPortNumber InetPortNumber,
|
|
rcTacacsServerConnectionType INTEGER,
|
|
rcTacacsServerConnectionStatus INTEGER,
|
|
rcTacacsServerTimeout Integer32,
|
|
rcTacacsServerKey OCTET STRING,
|
|
rcTacacsServerSourceIpInterfaceEnabled TruthValue,
|
|
rcTacacsServerSourceIpInterfaceType InetAddressType,
|
|
rcTacacsServerSourceIpInterface InetAddress,
|
|
rcTacacsServerPriority Integer32,
|
|
rcTacacsServerRowStatus RowStatus
|
|
}
|
|
|
|
rcTacacsServerAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "Specifies the type of IP address used on the Tacacs+ server."
|
|
::= { rcTacacsServerEntry 1 }
|
|
|
|
rcTacacsServerAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "The IP address of the TACACS+ server referred to in this table entry."
|
|
::= { rcTacacsServerEntry 2 }
|
|
|
|
rcTacacsServerPortNumber OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "The TCP port on which the client establishes a connection to the server.
|
|
A value of 0 indicates that the system specified default value is used."
|
|
DEFVAL { 49 }
|
|
::= { rcTacacsServerEntry 3 }
|
|
|
|
rcTacacsServerConnectionType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
singleConnection(1),
|
|
perSessionConnection(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "Specifies TCP connection type between device and TACACS+ server.
|
|
Either a single open connection between a device and server
|
|
(SingleConnection), or open/close connection per communication
|
|
session (PerSessionConnection)."
|
|
DEFVAL { perSessionConnection }
|
|
::= { rcTacacsServerEntry 4 }
|
|
|
|
rcTacacsServerConnectionStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
connected(1),
|
|
notConnected(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "Specifies status TCP connection type between device and TACACS+
|
|
server."
|
|
::= { rcTacacsServerEntry 5 }
|
|
|
|
rcTacacsServerTimeout OBJECT-TYPE
|
|
SYNTAX Integer32 (10..30)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "The maximum time (in seconds) to wait for this TACACS+ server to reply."
|
|
DEFVAL { 10 }
|
|
::= { rcTacacsServerEntry 6 }
|
|
|
|
rcTacacsServerKey OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..128))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "Secret key to be shared with this TACACS+ server.
|
|
If the key length is zero that indicates no encryption is being used."
|
|
DEFVAL { ''H }
|
|
::= { rcTacacsServerEntry 7 }
|
|
|
|
rcTacacsServerSourceIpInterfaceEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "Specifies whether source address specification is enabled."
|
|
DEFVAL { false }
|
|
::= { rcTacacsServerEntry 8 }
|
|
|
|
rcTacacsServerSourceIpInterfaceType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "Specifies the type of IP address used on the interface that
|
|
connects to the Tacacs+ server. If this value is unknown(0),
|
|
then a system-wide default value will be used."
|
|
DEFVAL { unknown }
|
|
::= { rcTacacsServerEntry 9 }
|
|
|
|
rcTacacsServerSourceIpInterface OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "IP address of the interface to use with this server."
|
|
DEFVAL { ''H }
|
|
::= { rcTacacsServerEntry 10 }
|
|
|
|
rcTacacsServerPriority OBJECT-TYPE
|
|
SYNTAX Integer32 (1..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "Determines the order in which the TACACS+ servers will be used,
|
|
when 1 is the highest priority. If more than one server share
|
|
the same priority - they will be used in lexicographic order
|
|
(the order of entries in this table)."
|
|
DEFVAL { 1 }
|
|
::= { rcTacacsServerEntry 11 }
|
|
|
|
rcTacacsServerRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "The row status variable, can be set to destroy or createAndGo."
|
|
::= { rcTacacsServerEntry 12 }
|
|
|
|
END
|