661 lines
20 KiB
Plaintext
661 lines
20 KiB
Plaintext
-- ****************************************************************************
|
|
-- ****************************************************************************
|
|
-- Copyright(c) 2004 Mediatrix Telecom, Inc.
|
|
-- NOTICE:
|
|
-- This document contains information that is confidential and proprietary
|
|
-- to Mediatrix Telecom, Inc.
|
|
-- Mediatrix Telecom, Inc. reserves all rights to this document as well as
|
|
-- to the Intellectual Property of the document and the technology and
|
|
-- know-how that it includes and represents.
|
|
-- This publication cannot be reproduced, neither in whole nor in part in
|
|
-- any form whatsoever without written prior approval by
|
|
-- Mediatrix Telecom, Inc.
|
|
-- Mediatrix Telecom, Inc. reserves the right to revise this publication
|
|
-- and make changes at any time and without the obligation to notify any
|
|
-- person and/or entity of such revisions and/or changes.
|
|
-- ****************************************************************************
|
|
-- ****************************************************************************
|
|
|
|
MX-AAA-MIB
|
|
DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
Unsigned32,
|
|
Integer32
|
|
FROM SNMPv2-SMI
|
|
MODULE-COMPLIANCE,
|
|
OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
MxEnableState,
|
|
MxActivationState,
|
|
MxIpHostName,
|
|
MxIpAddress,
|
|
MxIpPort,
|
|
MxAdvancedIpPort,
|
|
MxIpSubnetMask,
|
|
MxDigitMap
|
|
FROM MX-TC
|
|
MxUInt64,
|
|
MxFloat32,
|
|
MxIpHostNamePort,
|
|
MxIpAddr,
|
|
MxIpAddrPort,
|
|
MxIpAddrMask,
|
|
MxUri,
|
|
MxUrl
|
|
FROM MX-TC2
|
|
mediatrixServices
|
|
FROM MX-SMI2;
|
|
|
|
aaaMIB MODULE-IDENTITY
|
|
LAST-UPDATED "1910210000Z"
|
|
ORGANIZATION " Mediatrix Telecom, Inc. "
|
|
CONTACT-INFO " Mediatrix Telecom, Inc.
|
|
4229, Garlock Street
|
|
Sherbrooke (Quebec)
|
|
Canada
|
|
Phone: (819) 829-8749
|
|
"
|
|
DESCRIPTION " Authentication, Authorization and Accounting
|
|
|
|
The Authentication, Authorization and Accounting (AAA) service
|
|
manages the administrator accounts and grants or denies access
|
|
to various parameters.
|
|
"
|
|
::= { mediatrixServices 1000 }
|
|
|
|
aaaMIBObjects OBJECT IDENTIFIER ::= { aaaMIB 1 }
|
|
|
|
-- *****************************************************************************
|
|
|
|
-- Table:Users
|
|
|
|
-- *****************************************************************************
|
|
|
|
usersTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF UsersEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION " Users
|
|
|
|
This table contains the users that are allowed in the system.
|
|
"
|
|
::= { aaaMIBObjects 100 }
|
|
usersEntry OBJECT-TYPE
|
|
SYNTAX UsersEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION " A row in table Users. "
|
|
INDEX {
|
|
usersUserName
|
|
}
|
|
|
|
::= { usersTable 1 }
|
|
|
|
UsersEntry ::= SEQUENCE
|
|
{
|
|
usersUserName OCTET STRING,
|
|
usersPassword OCTET STRING,
|
|
usersAccessRights INTEGER,
|
|
usersLockProtectionEnable MxEnableState,
|
|
usersDelete INTEGER
|
|
}
|
|
|
|
-- Index:User Name
|
|
|
|
usersUserName OBJECT-TYPE
|
|
SYNTAX OCTET STRING ( SIZE(0..50) )
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " User Name
|
|
|
|
Contains the user name. Cannot be empty.
|
|
"
|
|
DEFVAL { "" }
|
|
::= { usersEntry 100 }
|
|
|
|
-- Columnar:Password
|
|
|
|
usersPassword OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Password
|
|
|
|
Contains the user's password.
|
|
"
|
|
DEFVAL { "" }
|
|
::= { usersEntry 200 }
|
|
|
|
-- Columnar:Access Rights
|
|
|
|
usersAccessRights OBJECT-TYPE
|
|
SYNTAX INTEGER { admin(100) , user(200) , observer(300) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Access Rights
|
|
|
|
Identifies the user role defining the access rights.
|
|
|
|
* Admin: User has administrator access rights and is allowed
|
|
to read, modify and execute all configuration objects of
|
|
the unit.
|
|
* User: User has end-user access rights.
|
|
* Observer: User has observer access rights.
|
|
|
|
"
|
|
DEFVAL { admin }
|
|
::= { usersEntry 250 }
|
|
|
|
-- Columnar:Users Lock Protection Enable
|
|
|
|
usersLockProtectionEnable OBJECT-TYPE
|
|
SYNTAX MxEnableState
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Users Lock Protection Enable
|
|
|
|
To configure the locking mechanism to protect a user account
|
|
against brute force attacks.
|
|
|
|
* Enable: The user account will be temporarily locked after
|
|
repetitive login failures.
|
|
* Disable: The user account will never be locked, regardless
|
|
of the amount of failed login attempts.
|
|
|
|
Refer to the LoginLockedMaxRetry and LoginLockedTimeoutS
|
|
parameters for more configuration.
|
|
|
|
"
|
|
DEFVAL { enable }
|
|
::= { usersEntry 275 }
|
|
|
|
-- Row command:Delete
|
|
|
|
usersDelete OBJECT-TYPE
|
|
SYNTAX INTEGER { noOp(0), delete(10) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Delete
|
|
|
|
Deletes this row.
|
|
|
|
Note: a system restart is required to completely remove the
|
|
user. The current activities of this user are not terminated on
|
|
removal.
|
|
|
|
"
|
|
DEFVAL { noOp }
|
|
::= { usersEntry 300 }
|
|
|
|
-- End of table:Users
|
|
|
|
-- *****************************************************************************
|
|
|
|
-- Table:Users Status
|
|
|
|
-- *****************************************************************************
|
|
|
|
usersStatusTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF UsersStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION " Users Status
|
|
|
|
This table displays the list of all currently allowed users.
|
|
"
|
|
::= { aaaMIBObjects 150 }
|
|
usersStatusEntry OBJECT-TYPE
|
|
SYNTAX UsersStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION " A row in table Users Status. "
|
|
INDEX {
|
|
usersStatusUserName
|
|
}
|
|
|
|
::= { usersStatusTable 1 }
|
|
|
|
UsersStatusEntry ::= SEQUENCE
|
|
{
|
|
usersStatusUserName OCTET STRING,
|
|
usersStatusPassword OCTET STRING,
|
|
usersStatusLocked INTEGER
|
|
}
|
|
|
|
-- Index:User Name
|
|
|
|
usersStatusUserName OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " User Name
|
|
|
|
Contains the user name.
|
|
"
|
|
::= { usersStatusEntry 100 }
|
|
|
|
-- Columnar:Password
|
|
|
|
usersStatusPassword OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Password
|
|
|
|
Contains the user's password.
|
|
"
|
|
::= { usersStatusEntry 200 }
|
|
|
|
-- Columnar:Users Status Locked
|
|
|
|
usersStatusLocked OBJECT-TYPE
|
|
SYNTAX INTEGER { unlocked(100) , locked(200) }
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Users Status Locked
|
|
|
|
Indicates when a user account has been temporarily locked due
|
|
to excessive login failures. All login attempts will be
|
|
rejected while the user account is locked. See the
|
|
UsersLockProtectionEnable parameter for more details.
|
|
"
|
|
::= { usersStatusEntry 300 }
|
|
|
|
-- End of table:Users Status
|
|
|
|
-- Scalar:Batch User
|
|
|
|
batchUser OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Batch User
|
|
|
|
User name that is used for scheduled tasks.
|
|
"
|
|
DEFVAL { "" }
|
|
::= { aaaMIBObjects 200 }
|
|
|
|
-- *****************************************************************************
|
|
|
|
-- Table:Services Aaa Type
|
|
|
|
-- *****************************************************************************
|
|
|
|
servicesAaaTypeTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF ServicesAaaTypeEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION " Services Aaa Type
|
|
|
|
Aaa type used by services.
|
|
"
|
|
::= { aaaMIBObjects 300 }
|
|
servicesAaaTypeEntry OBJECT-TYPE
|
|
SYNTAX ServicesAaaTypeEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION " A row in table Services Aaa Type. "
|
|
INDEX {
|
|
servicesAaaTypeService
|
|
}
|
|
|
|
::= { servicesAaaTypeTable 1 }
|
|
|
|
ServicesAaaTypeEntry ::= SEQUENCE
|
|
{
|
|
servicesAaaTypeService OCTET STRING,
|
|
servicesAaaTypeAuthenticationType INTEGER,
|
|
servicesAaaTypeAccountingType INTEGER
|
|
}
|
|
|
|
-- Index:Service Name
|
|
|
|
servicesAaaTypeService OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Service Name
|
|
|
|
Service name for which the Aaa types are configured.
|
|
"
|
|
DEFVAL { "" }
|
|
::= { servicesAaaTypeEntry 100 }
|
|
|
|
-- Columnar:Authentication Type
|
|
|
|
servicesAaaTypeAuthenticationType OBJECT-TYPE
|
|
SYNTAX INTEGER { local(100) , radius(200) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Authentication Type
|
|
|
|
Authentication type a service uses for incoming authentication
|
|
requests.
|
|
|
|
* Local: Incoming authentication attempts are validated
|
|
against the user names and passwords stored in the
|
|
Aaa.Users table.
|
|
* Radius: Incoming authentication attempts are validated
|
|
against the first responding Radius server configured in
|
|
the Aaa.RadiusServers table. When no servers reply or when
|
|
no server is configured in the Aaa.RadiusServers table, an
|
|
authentication attempt of type Local is performed against
|
|
the user names and passwords stored in the Aaa.Users table.
|
|
|
|
"
|
|
DEFVAL { local }
|
|
::= { servicesAaaTypeEntry 200 }
|
|
|
|
-- Columnar:Accounting Type
|
|
|
|
servicesAaaTypeAccountingType OBJECT-TYPE
|
|
SYNTAX INTEGER { none(100) , radius(200) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Accounting Type
|
|
|
|
Accounting type a service uses once a user is successfully
|
|
authenticated on the unit. Accounting starts once users are
|
|
successfully authenticated and stops when their session is
|
|
over.
|
|
|
|
* None: Accounting is disabled.
|
|
* Radius: Accounting is done by the first responding Radius
|
|
server configured in the Aaa.RadiusServers table.
|
|
|
|
"
|
|
DEFVAL { none }
|
|
::= { servicesAaaTypeEntry 300 }
|
|
|
|
-- End of table:Services Aaa Type
|
|
|
|
-- ****************************************************************************
|
|
|
|
-- Group:Radius Configuration
|
|
|
|
-- ****************************************************************************
|
|
|
|
radiusGroup OBJECT IDENTIFIER
|
|
::= { aaaMIBObjects 10000 }
|
|
-- Scalar:Radius Servers Requests Timeout
|
|
|
|
radiusServersTimeoutS OBJECT-TYPE
|
|
SYNTAX Unsigned32 ( 1..5 )
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Radius Servers Requests Timeout
|
|
|
|
Maximum time, in seconds, the unit waits for a reply from a
|
|
Radius server. When the timeout is reached, the request is
|
|
sent to the next configured server in the Aaa.RadiusServers
|
|
table.
|
|
"
|
|
DEFVAL { 5 }
|
|
::= { radiusGroup 100 }
|
|
|
|
-- Scalar:Radius User Access Rights
|
|
|
|
radiusUserAccessRights OBJECT-TYPE
|
|
SYNTAX INTEGER { admin(100) , user(200) , observer(300) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Radius User Access Rights
|
|
|
|
Identifies the user role defining the access rights for all
|
|
Radius users.
|
|
|
|
* Admin: User has administrator access rights and is allowed
|
|
to read, modify and execute all configuration objects of
|
|
the unit.
|
|
* User: User has end-user access rights.
|
|
* Observer: User has observer access rights.
|
|
|
|
"
|
|
DEFVAL { admin }
|
|
::= { radiusGroup 200 }
|
|
|
|
-- ***************************************************************************
|
|
|
|
-- Table:Radius Servers
|
|
|
|
-- ***************************************************************************
|
|
|
|
radiusServersTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF RadiusServersEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION " Radius Servers
|
|
|
|
Radius servers used by services.
|
|
"
|
|
::= { radiusGroup 1000 }
|
|
radiusServersEntry OBJECT-TYPE
|
|
SYNTAX RadiusServersEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION " A row in table Radius Servers. "
|
|
INDEX {
|
|
radiusServersService,
|
|
radiusServersPriority
|
|
}
|
|
|
|
::= { radiusServersTable 1 }
|
|
|
|
RadiusServersEntry ::= SEQUENCE
|
|
{
|
|
radiusServersService OCTET STRING,
|
|
radiusServersPriority Unsigned32,
|
|
radiusServersAuthenticationHost MxIpHostNamePort,
|
|
radiusServersAuthenticationSecret OCTET STRING,
|
|
radiusServersAccountingHost MxIpHostNamePort,
|
|
radiusServersAccountingSecret OCTET STRING
|
|
}
|
|
|
|
-- Index:Service Name
|
|
|
|
radiusServersService OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Service Name
|
|
|
|
Name of the service for which Radius servers are configured.
|
|
"
|
|
::= { radiusServersEntry 100 }
|
|
|
|
-- Index:Radius Server Priority
|
|
|
|
radiusServersPriority OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Radius Server Priority
|
|
|
|
Radius server priority determining their usage order for Aaa
|
|
requests.
|
|
"
|
|
::= { radiusServersEntry 200 }
|
|
|
|
-- Columnar:Radius Host for Authentication
|
|
|
|
radiusServersAuthenticationHost OBJECT-TYPE
|
|
SYNTAX MxIpHostNamePort
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Radius Host for Authentication
|
|
|
|
Hostname and port of a Radius server used for authentication
|
|
requests.
|
|
"
|
|
DEFVAL { "" }
|
|
::= { radiusServersEntry 300 }
|
|
|
|
-- Columnar:Radius Authentication Server Secret Key
|
|
|
|
radiusServersAuthenticationSecret OBJECT-TYPE
|
|
SYNTAX OCTET STRING ( SIZE(0..512) )
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Radius Authentication Server Secret Key
|
|
|
|
Secret key shared between the Radius server and the unit. The
|
|
AuthenticationSecret key must be the same as the secret key
|
|
stored on the Radius authentication server set in the
|
|
RadiusServers.AuthenticationHost column.
|
|
"
|
|
DEFVAL { "" }
|
|
::= { radiusServersEntry 400 }
|
|
|
|
-- Columnar:Radius Host for Accounting
|
|
|
|
radiusServersAccountingHost OBJECT-TYPE
|
|
SYNTAX MxIpHostNamePort
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Radius Host for Accounting
|
|
|
|
Hostname and port of a Radius server used for accounting
|
|
requests.
|
|
"
|
|
DEFVAL { "" }
|
|
::= { radiusServersEntry 500 }
|
|
|
|
-- Columnar:Radius Accounting Server Secret Key
|
|
|
|
radiusServersAccountingSecret OBJECT-TYPE
|
|
SYNTAX OCTET STRING ( SIZE(0..512) )
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Radius Accounting Server Secret Key
|
|
|
|
Secret key shared between the Radius server and the unit. The
|
|
AccountingSecret key must be the same as the secret key
|
|
stored on the Radius accounting server set in the
|
|
RadiusServers.AccountingHost column.
|
|
"
|
|
DEFVAL { "" }
|
|
::= { radiusServersEntry 600 }
|
|
|
|
-- End of table:Radius Servers
|
|
|
|
-- End of group:Radius Configuration
|
|
|
|
-- ****************************************************************************
|
|
|
|
-- Group:Security Configuration
|
|
|
|
-- ****************************************************************************
|
|
|
|
securityGroup OBJECT IDENTIFIER
|
|
::= { aaaMIBObjects 20000 }
|
|
-- Scalar:Login Locked Max Retry
|
|
|
|
loginLockedMaxRetry OBJECT-TYPE
|
|
SYNTAX Unsigned32 ( 1..5 )
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Login Locked Max Retry
|
|
|
|
Defines the maximum number of failed login attempts allowed
|
|
before temporarily locking the user account.
|
|
|
|
This parameter has no effect when the LockProtectionEnable
|
|
parameter is disabled.
|
|
|
|
"
|
|
DEFVAL { 5 }
|
|
::= { securityGroup 100 }
|
|
|
|
-- Scalar:Login Locked Timeout
|
|
|
|
loginLockedTimeoutS OBJECT-TYPE
|
|
SYNTAX Unsigned32 ( 5..3600 )
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Login Locked Timeout
|
|
|
|
Defines the duration of the locked period (in seconds), after
|
|
which the user is allowed to log in again.
|
|
|
|
This parameter has no effect when the LockProtectionEnable
|
|
parameter is disabled.
|
|
|
|
"
|
|
DEFVAL { 300 }
|
|
::= { securityGroup 200 }
|
|
|
|
-- End of group:Security Configuration
|
|
|
|
-- ****************************************************************************
|
|
|
|
-- Group:Notification Messages Configuration
|
|
|
|
-- ****************************************************************************
|
|
|
|
notificationsGroup OBJECT IDENTIFIER
|
|
::= { aaaMIBObjects 60010 }
|
|
-- Scalar:Minimal Severity of Notification
|
|
|
|
minSeverity OBJECT-TYPE
|
|
SYNTAX INTEGER { disable(0) , debug(100) , info(200) , warning(300) ,
|
|
error(400) , critical (500) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Minimal Severity of Notification
|
|
|
|
Sets the minimal severity to issue a notification message
|
|
incoming from this service.
|
|
|
|
* Disable: No notification is issued.
|
|
* Debug: All notification messages are issued.
|
|
* Info: Notification messages with a 'Informational' and
|
|
higher severity are issued.
|
|
* Warning: Notification messages with a 'Warning' and higher
|
|
severity are issued.
|
|
* Error: Notification messages with an 'Error' and higher
|
|
severity are issued.
|
|
* Critical: Notification messages with a 'Critical' severity
|
|
are issued.
|
|
|
|
"
|
|
DEFVAL { warning }
|
|
::= { notificationsGroup 100 }
|
|
|
|
-- End of group:Notification Messages Configuration
|
|
|
|
-- ****************************************************************************
|
|
|
|
-- Group:Configuration Settings
|
|
|
|
-- ****************************************************************************
|
|
|
|
configurationGroup OBJECT IDENTIFIER
|
|
::= { aaaMIBObjects 60020 }
|
|
-- Scalar:Need Restart
|
|
|
|
needRestartInfo OBJECT-TYPE
|
|
SYNTAX INTEGER { no(0) , yes(100) }
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Need Restart
|
|
|
|
Indicates if the service needs to be restarted for the
|
|
configuration to fully take effect.
|
|
|
|
* Yes: Service needs to be restarted.
|
|
* No: Service does not need to be restarted.
|
|
|
|
Services can be restarted by using the
|
|
Scm.ServiceCommands.Restart command.
|
|
|
|
"
|
|
::= { configurationGroup 100 }
|
|
|
|
-- End of group:Configuration Settings
|
|
|
|
END
|