You are here:

MonitorTools.com > Technical documentation > SNMP > MIB > Cisco > CISCO-AAA-CLIENT-MIB
ActiveXperts Network Monitor 2019##AdminFavorites

CISCO-AAA-CLIENT-MIB by vendor Cisco

CISCO-AAA-CLIENT-MIB file content

The SNMP protocol is used to for conveying information and commands between agents and managing entities. SNMP uses the User Datagram Protocol (UDP) as the transport protocol for passing data between managers and agents. The reasons for using UDP for SNMP are, firstly it has low overheads in comparison to TCP, which uses a 3-way hand shake for connection. Secondly, in congested networks, SNMP over TCP is a bad idea because TCP in order to maintain reliability will flood the network with retransmissions.

Management information (MIB) is represented as a collection of managed objects. These objects together form a virtual information base called MIB. An agent may implement many MIBs, but all agents must implement a particular MIB called MIB-II [16]. This standard defines variables for things such as interface statistics (interface speeds, MTU, octets sent, octets received, etc.) as well as various other things pertaining to the system itself (system location, system contact, etc.). The main goal of MIB-II is to provide general TCP/IP management information.

Use ActiveXperts Network Monitor 2019 to import vendor-specific MIB files, inclusing CISCO-AAA-CLIENT-MIB.


Vendor: Cisco
Mib: CISCO-AAA-CLIENT-MIB  [download]  [view objects]
Tool: ActiveXperts Network Monitor 2019 [download]    (ships with advanced SNMP/MIB tools)
-- *****************************************************************
-- CISCO-AAA-CLIENT-MIB.my: Cisco AAA Client MIB
--
-- February 2000, Edward Pham 
-- May      2001, Liwei Lue
-- October  2001, Jayakumar Kadirvelu
--
-- Copyright (c) 2000-2001 by cisco Systems, Inc.
-- All rights reserved.
-- *****************************************************************
--

CISCO-AAA-CLIENT-MIB DEFINITIONS ::= BEGIN

IMPORTS
        MODULE-IDENTITY,
        OBJECT-TYPE,
        Integer32
                FROM SNMPv2-SMI
        MODULE-COMPLIANCE,
        OBJECT-GROUP
                FROM SNMPv2-CONF
        TEXTUAL-CONVENTION,
        TruthValue
                FROM SNMPv2-TC
        ciscoMgmt
                FROM CISCO-SMI;
 

ciscoAAAClientMIB MODULE-IDENTITY
        LAST-UPDATED    "200111190000Z"
        ORGANIZATION    "Cisco Systems, Inc."
        CONTACT-INFO
                "       Cisco Systems
                        Customer Service

                Postal: 170 W. Tasman Drive
                        San Jose, CA  95134
                        USA
 
                Tel: +1 800 553-NETS
 
                E-mail: cs-aaa@cisco.com"
        DESCRIPTION
                "This MIB module provides data for authentication method 
                 priority based on Authentication, Authorization, 
                 Accounting (AAA) protocols.


                 References:
                     The TACACS+ Protocol Version 1.78, Internet Draft
                     RFC 1411 Telnet Authentication: Kerberos Version 4.
                     RFC 1964 The Kerberos Version 5 GSS-API Mechanism.
                "
        REVISION        "200111190000Z"
        DESCRIPTION
        "Deprecate object cacLockoutPeriod and add a new object 
         cacLockoutPeriodExt.
        "
        REVISION        "200105100000Z"
        DESCRIPTION
        "Initial version
        "
       ::= { ciscoMgmt 158 }


--
-- Textual Conventions
--

--
--  Session Type textual convention
--
SessionType ::= TEXTUAL-CONVENTION
      STATUS       current
      DESCRIPTION
      "Represents a session type.

      telnet(1) indicates telnet session.

      console(2) indicates console session.

      http(3) indicates http session.

      " 
      SYNTAX       INTEGER {
                        telnet (1),
                        console (2),
                        http (3)
                   }



--
--  Authentication method textual convention
--
AuthenMethod ::= TEXTUAL-CONVENTION
     STATUS       current
     DESCRIPTION
     "Represents authentication method.

     tacacs(1) indicates that TACACS method is used for
     authentication.

     radius(2) indicates that RADIUS method is used for
     authentication.

     kerberos(3) indicates that KERBEROS method is used
     for authentication.

     local(4) indicates that local password is used
     for authentication. Which password is used depend
     on what login mode users specified. 
     "
     SYNTAX        INTEGER {
                        tacacs (1),
                        radius (2),
                        kerberos (3),
                        local (4) 
                        }


--
--  Login Mode textual convention
--
LoginMode ::= TEXTUAL-CONVENTION
     STATUS       current
     DESCRIPTION
     "Represents login mode.

     login(1) indicates the normal mode.

     enable(2) indicates the privileged mode.
     "
     SYNTAX        INTEGER {
                        login (1),
                        enable (2)
                        }


-- AAA Client MIB objects definitions

cacMIBObjects OBJECT IDENTIFIER ::= { ciscoAAAClientMIB 1 }


-- The AAA Client MIB consists of the following groups
-- [1] AAA Client Priority Group (cacPriority)
-- [2] AAA Client Login Config Group (cacLoginConfig)

cacPriority       OBJECT IDENTIFIER ::= { cacMIBObjects 1 }
cacLoginConfig    OBJECT IDENTIFIER ::= { cacMIBObjects 2 }




--****************************************************************************
-- AAA Client Priority Group
--****************************************************************************
--
--

--
-- Priority Table 
-- 

cacPriorityTable OBJECT-TYPE
        SYNTAX      SEQUENCE OF CacPriorityEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
          "This table contains entries for AAA authentication 
           methods configured in the system. At startup, agent 
           set up all the entries of the table. All authentication
           methods will be disabled except local authentication will 
           be enabled for each session type and login mode. Users 
           later can enable/disable a specific authentication method 
           through cacEnable object. 
 
           The following table describes the startup state of each
           authentication method and session type in normal login
           mode and enable login mode.
 
           AuthenMethod Console Session   Telnet Session    Http Session
           ------------ ----------------  ----------------  ------------
           tacacs       disabled          disabled          disabled
           radius       disabled          disabled          disabled
           kerberos     disabled          disabled          disabled
           local        enabled(*)        enabled(*)        enabled(*)
 
           (*) denotes primary method.
           "
        ::= { cacPriority 1 }

cacPriorityEntry OBJECT-TYPE
        SYNTAX      CacPriorityEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "An entry containing the priority number of an authentication
            method used in a session. 
            "
        INDEX       { cacSession, cacAuthen, cacLoginMode }
        ::= { cacPriorityTable 1 }


CacPriorityEntry ::=
        SEQUENCE {
            cacSession               SessionType, 
            cacAuthen                AuthenMethod, 
            cacLoginMode             LoginMode,  
            cacEnable                TruthValue,
            cacPriorityNumber        Integer32,
            cacPrimaryMethod         TruthValue
        }


cacSession OBJECT-TYPE
       SYNTAX      SessionType
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "This is the session type used to connect to the network
           device.
           "
       ::= { cacPriorityEntry 1 }


cacAuthen OBJECT-TYPE
       SYNTAX      AuthenMethod 
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "This is the authentication method used to authenticate 
           users. 
           "
       ::= { cacPriorityEntry 2 }


cacLoginMode OBJECT-TYPE
       SYNTAX      LoginMode
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "This is the login mode user used to login to the network
           device.
           "
       ::= { cacPriorityEntry 3 }


cacEnable OBJECT-TYPE
       SYNTAX      TruthValue 
       MAX-ACCESS  read-write 
       STATUS      current
       DESCRIPTION
          "It indicates whether the authentication method denoted by
          cacAuthen is enabled or not.

          When this object is true(1), the authentication method denoted
          by cacAuthen is enabled.

          When this object is false(2), the authentication method denoted
          by cacAuthen is disabled.

          If the value of cacAuthen is local, the value of this
          object cannot be set to false(2). 
          "
       ::= { cacPriorityEntry 4 }


cacPriorityNumber OBJECT-TYPE
       SYNTAX      Integer32 (0..4) 
       MAX-ACCESS  read-only 
       STATUS      current
       DESCRIPTION
          "This is the priority number of an authentication method to 
          be used in user authentication for a session. This value is 
          automatically assigned and reflects the relative priority 
          of the authentication method denoted by cacAuthen with 
          respected to already configured authentication methods. 
          It is assigned in the order in which the authentication
          method is enabled by the user through cacEnable.  
          The higher value has the higher priority. This object
          is used to determine the fallback order in case the
          primary authentication method indicated by cacPrimaryMethod
          failed.  

          If the authentication method denoted by cacAuthen is disabled 
          for the type of session denoted by cacSession, the value
          of this object is equal to 0.
          " 
       ::= { cacPriorityEntry 5 }


cacPrimaryMethod OBJECT-TYPE
       SYNTAX      TruthValue
       MAX-ACCESS  read-write
       STATUS      current
       DESCRIPTION
          "It indicates whether the authentication method denoted by
          cacAuthen is the primary (first one to be tried) method 
          when there are multiple authentication method configured.

          Setting this object to true(1) will make the authentication 
          method denoted by cacAuthen to be the primary authentication
          method for the session denoted by cacSession. The previously
          configured primary method will be changed to false(2).
          
          Setting this object to false(2) is not allowed.	
          " 
       ::= { cacPriorityEntry 6 }


-- -------------------------------------------------------------
-- AAA Client Login Config Group
-- -------------------------------------------------------------

cacLoginConfigTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF CacLoginConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table that contains login configuration 
         which is associated with this system.
        "
    ::= { cacLoginConfig 1 }

cacLoginConfigEntry  OBJECT-TYPE
    SYNTAX      CacLoginConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An entry containing the configuration of the login.
        "
    INDEX { cacLoginMode, cacSession }
    ::= { cacLoginConfigTable 1 }

CacLoginConfigEntry ::=
    SEQUENCE {
        cacMaxLoginAttempt     Integer32,
        cacLockoutPeriod       Integer32,
        cacLockoutPeriodExt    Integer32 
    }

cacMaxLoginAttempt    OBJECT-TYPE
        SYNTAX       Integer32 (0|3..10)
        MAX-ACCESS   read-write
        STATUS       current
        DESCRIPTION
            "Indicates the maximum number of login attempts allowed.
             Setting this variable to 0 will disable the attempt
             limit checking.

             If the login session type does not support this attempt 
             limit checking, the value of this object can only be set 
             to 0.
            "
        DEFVAL { 3 }
        ::= { cacLoginConfigEntry 1 }


cacLockoutPeriod  OBJECT-TYPE
        SYNTAX      Integer32 (0|30..600)
        UNITS       "seconds"
        MAX-ACCESS  read-write
        STATUS      deprecated
        DESCRIPTION
            "Indicates the lockout period after the maximum number
             of login attempt is met. For console, the console input
             will be frozen during this period. For remote logins, the
             connection will be closed and any subsequent access
             from that station will be closed during the lockout time.

             Setting this variable to 0 will disable the lockout.
             If the login session type does not support this lockout 
             period, the value of this object can only be set to 0.
         
            If the lockout period is greater than the maximum value
            reportable by this object then this object should report 
            its maximum value (600) and cacLockoutPeriodExt must be
            used to report the lockout period.
            "
        DEFVAL { 30 }
        ::= { cacLoginConfigEntry 2 }

cacLockoutPeriodExt OBJECT-TYPE
        SYNTAX      Integer32 (0|30..43200)
        UNITS       "seconds"
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "Specifies the lockout period after the maximum number
             of login attempt is met. For console, the console input
             will be frozen during this period. For remote logins, the
             connection will be closed and any subsequent access
             from that station will be closed during the lockout time.

             Setting this variable to 0 will disable the lockout.
             If the login session type does not support this lockout
             period, the value of this object can only be set to 0.
            "
        DEFVAL { 30 }
        ::= { cacLoginConfigEntry 3 }

--****************************************************************************
-- Notifications
--****************************************************************************
cacMIBNotifications       OBJECT IDENTIFIER ::= { ciscoAAAClientMIB 2 }




cacMIBConformance OBJECT IDENTIFIER ::=
                                { ciscoAAAClientMIB 3 }
cacMIBCompliances OBJECT IDENTIFIER ::=
                                { cacMIBConformance 1 }
cacMIBGroups      OBJECT IDENTIFIER ::=
                                { cacMIBConformance 2 }

-- compliance statements

cacMIBCompliance MODULE-COMPLIANCE
        STATUS      deprecated
        DESCRIPTION
            "The compliance statement for entities which
             implement the CISCO AAA Client MIB"
        MODULE      -- this module
        MANDATORY-GROUPS
            { 
                cacPriorityGroup,
                cacLoginConfigGroup
            }
        ::= { cacMIBCompliances 1 }


cacMIBCompliance2 MODULE-COMPLIANCE
        STATUS      current
        DESCRIPTION
            "The compliance statement for entities which
             implement the CISCO AAA Client MIB"
        MODULE      -- this module
        MANDATORY-GROUPS
            {
                cacPriorityGroup,
                cacLoginConfigGroupRev1
            }
        ::= { cacMIBCompliances 2 }

-- units of conformance


cacPriorityGroup OBJECT-GROUP
        OBJECTS {
            cacEnable,
            cacPriorityNumber,
            cacPrimaryMethod
        }
        STATUS      current
        DESCRIPTION
            "A collection of objects providing the
             AAA client priority information.
            "
        ::= { cacMIBGroups 1 }


cacLoginConfigGroup OBJECT-GROUP
        OBJECTS {
            cacMaxLoginAttempt,
            cacLockoutPeriod
        }
        STATUS      deprecated
        DESCRIPTION
            "A collection of objects providing the
             AAA client login configuration.
            "
        ::= { cacMIBGroups 2 }

cacLoginConfigGroupRev1 OBJECT-GROUP
        OBJECTS {
            cacMaxLoginAttempt,
            cacLockoutPeriodExt
        }
        STATUS      current
        DESCRIPTION
            "A collection of objects providing the
             AAA client login configuration. 
            "
        ::= { cacMIBGroups 3 }

END