-- ********************************************************************* -- CISCO-RADIUS-MIB.my: Radius Configuration MIB -- -- October 2002, Vinay Gaonkar -- March 2004, Binh Le -- Jan 2009, Paari Elangovan -- -- Copyright (c) 2002-2009 by cisco Systems, Inc. -- -- All rights reserved. -- -- ******************************************************************* CISCO-RADIUS-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32 FROM SNMPv2-SMI MODULE-COMPLIANCE, NOTIFICATION-GROUP, OBJECT-GROUP FROM SNMPv2-CONF RowStatus, TEXTUAL-CONVENTION, TruthValue FROM SNMPv2-TC InetAddressType, InetAddress FROM INET-ADDRESS-MIB SnmpAdminString FROM SNMP-FRAMEWORK-MIB TimeIntervalMin, TimeIntervalSec, CiscoPort FROM CISCO-TC ciscoMgmt FROM CISCO-SMI; ciscoRadiusMIB MODULE-IDENTITY LAST-UPDATED "200902060000Z" ORGANIZATION "Cisco Systems Inc." CONTACT-INFO "Cisco Systems Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553 -NETS E-mail: cs-san@cisco.com" DESCRIPTION "MIB module for monitoring and configuring authentication and logging services using RADIUS (Remote Authentication Dial In User Service) related objects. The RADIUS (RFC2865) framework consists of clients and servers. A client is responsible for passing user information to designated RADIUS servers, and then acting on the response which is returned. RADIUS server is responsible for receiving user connection requests, authenticating the user, and then returning all configuration information necessary for the client to deliver service to the user. This MIB module also contains objects for enabling/disabling telnet and SSH (Secure Shell) authentication. Secure Shell is program which is used to log into another machine over a secured session." REVISION "200902060000Z" DESCRIPTION "The following objects have been added [1] crRadiusServerRTTThldNorm [2] crRadiusServerRTTThldHi [3] crRadiusServerRetransThldNorm [4] crRadiusServerRetransThldHi [5] crRadiusServerRTTNormNotifEnable [6] crRadiusServerRTTHiNotifEnable [7] crRadiusServerRetransNormNotifEnable [8] crRadiusServerRetransHiNotifEnable The following notifications have been added [1] crRadiusServerRTTNormNotif [2] crRadiusServerRTTHiNotif [3] crRadiusServerRetransNormNotif [4] crRadiusServerRetransHiNotif The following object-groups have been added [1] crmRadiusServerNotifGroup [2] crmNotificationControlGroup [3] crmRadiusServerNotifCntlGroup The compliance statement ciscoRadiusMIBCompliance3 has been deprecated by ciscoRadiusMIBCompliance4." REVISION "200707220000Z" DESCRIPTION "Added support of crmRadiusKeepAliveUserGroup." REVISION "200701030000Z" DESCRIPTION "Added support of crmKeepAliveGroup, crmAutoInitializeConfigGroup, and crmAttributesGroup2." REVISION "200403030000Z" DESCRIPTION "Added support of crRadiusFramedIpAddrIncluded, crRadiusVlanAssignmentEnabled, crVlanGroupTable. Added http(2) bit to crRadiusLoginAuthentication." REVISION "200211090000Z" DESCRIPTION "Removed the TC CiscoRadiusAuthKeyType. Added new TC CiscoRadiusAuthKey. Removed the objects crRadiusAuthKeyType and crRadiusServerKeyType. Changed the SYNTAX of objects crRadiusAuthKey and crRadiusServerKey." REVISION "200210080000Z" DESCRIPTION "Initial version of this MIB module." ::= { ciscoMgmt 288 } ciscoRadiusMIBObjects OBJECT IDENTIFIER ::= { ciscoRadiusMIB 1 } ciscoRadiusMIBConformance OBJECT IDENTIFIER ::= { ciscoRadiusMIB 2 } crRadiusGenericConfig OBJECT IDENTIFIER ::= { ciscoRadiusMIBObjects 1 } crRadiusServerConfig OBJECT IDENTIFIER ::= { ciscoRadiusMIBObjects 2 } crRadiusAttributesConfig OBJECT IDENTIFIER ::= { ciscoRadiusMIBObjects 3 } crRadiusVlanConfigGroup OBJECT IDENTIFIER ::= { ciscoRadiusMIBObjects 4 } crRadiusKeepAliveConfig OBJECT IDENTIFIER ::= { ciscoRadiusMIBObjects 5 } crRadiusServerNotifCntl OBJECT IDENTIFIER ::= { ciscoRadiusMIBObjects 6 } ciscoRadiusMIBNotifications OBJECT IDENTIFIER ::= { ciscoRadiusMIB 3 } -- Textual Conventions CiscoRadiusAuthKey ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The authentication key of a radius server. The first octet of this object contains the the type of key. The octets following the first octet contain the key. If the value of the first object is ascii value 'p', then the key is in plain text. If the value of first object is ascii value 'e', the key is encrypted. Note that this object has same format as TC DisplayString." SYNTAX OCTET STRING (SIZE (0..65)) CiscoRadiusRoundTripTimePercent ::= TEXTUAL-CONVENTION DISPLAY-HINT "d-2" STATUS current DESCRIPTION "This textual convention represents a round-trip time per session expressed as a percent of the round-trip time configured for the RADIUS server." SYNTAX Unsigned32 (1..100) CiscoRadiusRetransPercent ::= TEXTUAL-CONVENTION DISPLAY-HINT "d-2" STATUS current DESCRIPTION "This textual convention represents the number of retransmisions per session expressed as a percent of the retransmissions configured for the RADIUS server." SYNTAX Unsigned32 (1..100) -- the RADIUS Configuration group crRadiusLoginAuthentication OBJECT-TYPE SYNTAX BITS { telnet(0), console(1), http(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The login authentication using RADIUS feature is enabled for telnet/SSH sessions if the 'telnet (0) ' bit is set, and disabled if this bit is reset. The login authentication using RADIUS feature is enabled for console sessions if the 'console (1) ' bit is set, and disabled if this bit is reset. The login authentication using RADIUS feature is enabled for remote web sessions if the 'http (2) ' bit is set, and disabled if this bit is reset." DEFVAL { { } } ::= { crRadiusGenericConfig 1 } crRadiusDeadtime OBJECT-TYPE SYNTAX TimeIntervalMin (0..1440) UNITS "minutes" MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates the length of time in minutes that the system will mark the server dead when a RADIUS server does not respond to an authentication request. During the interval of the dead time, any authentication request that comes up would not be sent to that RADIUS server that was marked as dead. The default value of 0 means that the RADIUS servers will not be marked dead if they do not respond." DEFVAL { 0 } ::= { crRadiusGenericConfig 2 } crRadiusAuthKey OBJECT-TYPE SYNTAX CiscoRadiusAuthKey MAX-ACCESS read-write STATUS current DESCRIPTION "The key used in encrypting the packets passed between the RADIUS server and the client. This key must match the one configured on the server. A zero-length string is always returned when this object is read." ::= { crRadiusGenericConfig 3 } crRadiusTimeout OBJECT-TYPE SYNTAX TimeIntervalSec (1..1000) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "This is the time in seconds between retransmissions to the RADIUS server." DEFVAL { 1 } ::= { crRadiusGenericConfig 4 } crRadiusRetransmits OBJECT-TYPE SYNTAX Unsigned32 (0..100) UNITS "retransmits" MAX-ACCESS read-write STATUS current DESCRIPTION "The additional number of times the RADIUS server should be tried by the RADIUS client before giving up on the server." DEFVAL { 1 } ::= { crRadiusGenericConfig 5 } crRadiusAccountingLogMaxSize OBJECT-TYPE SYNTAX Unsigned32 (0..30000) UNITS "bytes" MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum size of the accounting log file in bytes. The log file is stored on local persistent storage at the device. If the size is set to a smaller value than the existing one, then smaller log will be available for view by the user." DEFVAL { 30000 } ::= { crRadiusGenericConfig 6 } crRadiusAccountingMethod OBJECT-TYPE SYNTAX BITS { radius(0), local(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "The accounting method on the device. If bit 0 is set, the accounting method is RADIUS. If bit 1 is set, then the accounting method is local. It is possible for the user to set both the bits so that both the RADIUS as well as local accounting methods are used. It is also possible to set none of the methods; in this case the switch will not do any accounting." ::= { crRadiusGenericConfig 7 } crRadiusFramedIpAddrIncluded OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies if Access-Request packets will include Framed-IP-Address attributes." ::= { crRadiusAttributesConfig 1 } crRadiusFramedMtu OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the Framed-MTU attribute value to be sent to the RADIUS server." REFERENCE "RFC2865: Section 5.12" ::= { crRadiusAttributesConfig 2 } crRadiusServerTableMaxEntries OBJECT-TYPE SYNTAX Unsigned32 (0..65536) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of entries that the agent supports in the crRadiusServerTable." ::= { crRadiusServerConfig 1 } -- crRadiusServerTable crRadiusServerTable OBJECT-TYPE SYNTAX SEQUENCE OF CrRadiusServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists RADIUS servers." ::= { crRadiusServerConfig 2 } crRadiusServerEntry OBJECT-TYPE SYNTAX CrRadiusServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A RADIUS server table entry. Users can add/delete entries in this table using object 'crRadiusServerRowStatus'. An entry cannot be created until following objects are instantiated : - crRadiusServerAddrType - crRadiusServerAddr Also, following objects cannot be modified when 'crRadiusServerRowStatus' is 'active' : - crRadiusServerAddrType - crRadiusServerAddr To modify above objects, the entry must be deleted and re-created with new values of above objects. If 'crRadiusServerKey' is not instantiated or is a zero-length string, then value of the object 'crRadiusAuthkey' is used as the key to communicate with the corresponding RADIUS server." INDEX { crRadiusServerIndex } ::= { crRadiusServerTable 1 } CrRadiusServerEntry ::= SEQUENCE { crRadiusServerIndex Unsigned32, crRadiusServerAddrType InetAddressType, crRadiusServerAddr InetAddress, crRadiusServerAuthPort CiscoPort, crRadiusServerAcctPort CiscoPort, crRadiusServerKey CiscoRadiusAuthKey, crRadiusServerType INTEGER, crRadiusServerMode INTEGER, crRadiusServerRowStatus RowStatus, crRadiusServerRTTThldNorm CiscoRadiusRoundTripTimePercent, crRadiusServerRTTThldHi CiscoRadiusRoundTripTimePercent, crRadiusServerRetransThldNorm CiscoRadiusRetransPercent, crRadiusServerRetransThldHi CiscoRadiusRetransPercent } crRadiusServerIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary integer value, greater than zero, and less than and equal to crRadiusServerTableMaxEntries, which identifies a RADIUS Server in this table. The value of this object must be persistent across reboots/reinitialization of the device." ::= { crRadiusServerEntry 1 } crRadiusServerAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of address of the RADIUS Server as specified by object 'crRadiusServerAddr'." DEFVAL { ipv4 } ::= { crRadiusServerEntry 2 } crRadiusServerAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The address of the RADIUS Server." ::= { crRadiusServerEntry 3 } crRadiusServerAuthPort OBJECT-TYPE SYNTAX CiscoPort MAX-ACCESS read-create STATUS current DESCRIPTION "This is the destination UDP port number to which RADIUS authentication messages should be sent. The RADIUS server will not be used for authentication if this port number is 0." DEFVAL { 1812 } ::= { crRadiusServerEntry 4 } crRadiusServerAcctPort OBJECT-TYPE SYNTAX CiscoPort MAX-ACCESS read-create STATUS current DESCRIPTION "This is the destination UDP port number to which RADIUS accounting messages should be sent." DEFVAL { 1813 } ::= { crRadiusServerEntry 5 } crRadiusServerKey OBJECT-TYPE SYNTAX CiscoRadiusAuthKey MAX-ACCESS read-create STATUS current DESCRIPTION "The key used in encrypting the packets passed between the RADIUS server and the client. This key must match the one configured on the server. A zero-length string is always returned when this object is read. Note that if this object is a zero length string, then 'crRadiusAuthKey' is used as the key for this server." DEFVAL { '00000000'H } ::= { crRadiusServerEntry 6 } crRadiusServerType OBJECT-TYPE SYNTAX INTEGER { other(1), primary(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Type of the RADIUS server. other (1), - a lower priority server primary (2) - the primary server which is tried first by the RADIUS client." DEFVAL { other } ::= { crRadiusServerEntry 7 } crRadiusServerMode OBJECT-TYPE SYNTAX INTEGER { none(1), authAndAcct(2), authOnly(3), acctOnly(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "Mode of the RADIUS server. none (1) - neither authentication nor accounting authAndAcct (2) - both authentication and accounting authOnly (3) - only for authentication acctOnly (4) - only for accounting." DEFVAL { authAndAcct } ::= { crRadiusServerEntry 8 } crRadiusServerRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Status of this row." ::= { crRadiusServerEntry 9 } crRadiusServerRTTThldNorm OBJECT-TYPE SYNTAX CiscoRadiusRoundTripTimePercent UNITS "percent" MAX-ACCESS read-create STATUS current DESCRIPTION "This object represents the normal threshold on the round-trip time of RADIUS authentication messages. This is measured as a percentage of configured round-trip time as per RFC-2865. If the round-trip time is less than or equal to this threshold, the agent generates the crRadiusServerRTTNormNotif notification. The value configured through this object should never be greater than that configured through crRadiusServerRTTThldHi." ::= { crRadiusServerEntry 10 } crRadiusServerRTTThldHi OBJECT-TYPE SYNTAX CiscoRadiusRoundTripTimePercent UNITS "percent" MAX-ACCESS read-create STATUS current DESCRIPTION "This object represents the high threshold on the round-trip time of RADIUS authentication messages. This is measured as a percentage of configured round-trip time as per RFC-2865. If the round-trip time is greater than or equal to this threshold, the agent generates the crRadiusServerRTTHiNotif notification. The value configured through this object should never be smaller than that configured through crRadiusServerRTTThldNorm." ::= { crRadiusServerEntry 11 } crRadiusServerRetransThldNorm OBJECT-TYPE SYNTAX CiscoRadiusRetransPercent UNITS "percent" MAX-ACCESS read-create STATUS current DESCRIPTION "This object represents the normal threshold on the retransmitted RADIUS authentication messages per session. This is measured as a percentage of crRadiusRetransmits. If the number of retransmits is less than or equal to this threshold, the agent generates the crRadiusServerRetransNormNotif notification. The value configured through this object should never be greater than that configured through crRadiusServerRetransThldHi." ::= { crRadiusServerEntry 12 } crRadiusServerRetransThldHi OBJECT-TYPE SYNTAX CiscoRadiusRetransPercent UNITS "percent" MAX-ACCESS read-create STATUS current DESCRIPTION "This object represents the high threshold on the retransmitted RADIUS authentication messages per session. This is measured as a percentage of crRadiusRetransmits. If the number of retransmits is greater than or equal to this threshold, the agent generates the crRadiusServerRetransHiNotif notification. The value configured through this object should never be smaller than that configured through crRadiusServerRetransThldNorm." ::= { crRadiusServerEntry 13 } crRadiusVlanAssignmentEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies if VLANs will be assigned by RADIUS server via the tunnel attribute during the authentication." ::= { crRadiusVlanConfigGroup 1 } crVlanGroupTable OBJECT-TYPE SYNTAX SEQUENCE OF CrVlanGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing VLAN Group Mapping information for the purpose of distributing users across multiple VLANs which have the same group name." ::= { crRadiusVlanConfigGroup 2 } crVlanGroupEntry OBJECT-TYPE SYNTAX CrVlanGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing an VLAN Group Mapping information applicable to a particular VLAN. Entries in this table can be created or deleted using cpaeVlanGroupRowStatus object." INDEX { crVlanGroupName } ::= { crVlanGroupTable 1 } CrVlanGroupEntry ::= SEQUENCE { crVlanGroupName SnmpAdminString, crVlanGroupVlansLow OCTET STRING, crVlanGroupVlansHigh OCTET STRING, crVlanGroupRowStatus RowStatus } crVlanGroupName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS not-accessible STATUS current DESCRIPTION "Specifies the name of the VLAN group." ::= { crVlanGroupEntry 1 } crVlanGroupVlansLow OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..256)) MAX-ACCESS read-create STATUS current DESCRIPTION "A string of octets containing one bit per VLAN for VLANs with VlanIndex value of 0 to 2047. Each octet within this value specifies a set of eight VLANs, with the first octet specifying VLANs 0 through 7, the second octet specifying VLANs 8 through 15, etc. Within each octet, the most significant bit represents the lowest numbered VLAN, and the least significant bit represents the highest numbered VLAN. Thus, each VLAN of the device is represented by a single bit within the value of this object. If that bit has a value of '1' then that VLAN is included in the group; the VLAN is not mapped to the group if its bit has a value of '0'." ::= { crVlanGroupEntry 2 } crVlanGroupVlansHigh OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..256)) MAX-ACCESS read-create STATUS current DESCRIPTION "A string of octets containing one bit per VLAN for VLANs with VlanIndex value of 2048 to 4095. Each octet within this value specifies a set of eight VLANs, with the first octet specifying VLANs 2048 through 2055, the second octet specifying VLANs 2056 through 2063, etc. Within each octet, the most significant bit represents the lowest numbered VLAN, and the least significant bit represents the highest numbered VLAN. Thus, each VLAN of the device is represented by a single bit within the value of this object. If that bit has a value of '1' then that VLAN is included in the group; the VLAN is not mapped to the group if its bit has a value of '0'." ::= { crVlanGroupEntry 3 } crVlanGroupRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to manage the creation and deletion of rows in this table. The only way to create an entry is by setting the value createAndGo(4), and the only way to delete an entry is by setting the value destroy(6) to this object." ::= { crVlanGroupEntry 4 } -- RADIUS keep-alive Group -- -- RADIUS keep-alive feature provides RADIUS tracking configuration. -- With RADIUS keep-alive feature enabled, a tracking message is sent to -- every configured RADIUS servers after every keep-alive timer to -- query the status of the servers. crRadiusKeepAliveEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies whether RADIUS keep-alive feature is enabled or not." ::= { crRadiusKeepAliveConfig 1 } crRadiusKeepAliveInterval OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the RADIUS keep-alive interval value. When the object value of crRadiusKeepAliveEnabled is 'true', a tracking message is sent to every configured RADIUS server at the interval of crRadiusKeepAliveInterval to query the status of the server." ::= { crRadiusKeepAliveConfig 2 } crRadiusKeepAliveServerTable OBJECT-TYPE SYNTAX SEQUENCE OF CrRadiusKeepAliveServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the keep-alive information on every RADIUS server configured on the system." ::= { crRadiusKeepAliveConfig 3 } crRadiusKeepAliveServerEntry OBJECT-TYPE SYNTAX CrRadiusKeepAliveServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing keep-alive information of a corresponding RADIUS server configured in crRadiusServerTable." INDEX { crRadiusServerIndex } ::= { crRadiusKeepAliveServerTable 1 } CrRadiusKeepAliveServerEntry ::= SEQUENCE { crRadiusKeepAliveServerStatus INTEGER } crRadiusKeepAliveServerStatus OBJECT-TYPE SYNTAX INTEGER { other(1), init(2), active(3), checkup(4), dead(5) } MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the current keep-alive status of the RADIUS server. other : none of the following. init : the server is in init state. active : the server is in active state. checkup: the server is in checkup state. dead : the server is in dead state. This object is only instantiated when the corresponding instance value of crRadiusServerRowStatus is 'active' and the object value of crRadiusKeepAliveEnabled is 'true'." ::= { crRadiusKeepAliveServerEntry 1 } crRadiusPortAutoInitialize OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies whether a port's state machines will be re- initialized if their state machines are in 'aaaFail' when a RADIUS server becomes available." ::= { crRadiusKeepAliveConfig 4 } crRadiusKeepAliveUserName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the user name used in keep-alive communication with RADIUS server." ::= { crRadiusKeepAliveConfig 5 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- The RADIUS Server Notif Control Group -- -- This group of objects controls the sending of -- RADIUS Server Notifications -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ crRadiusServerRTTNormNotifEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to control the generation of crRadiusServerRTTNormNotif notification. A value of 'true' indicates that the notification will be generated when the current server round-trip time is less than or equal to crRadiusServerRTTThldNorm." DEFVAL { false } ::= { crRadiusServerNotifCntl 1 } crRadiusServerRTTHiNotifEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to control the generation of crRadiusServerRTTHiNotif notification. A value of 'true' indicates that the notification will be generated when the current server round-trip time is greater than or equal to crRadiusServerRTTThldHi." DEFVAL { false } ::= { crRadiusServerNotifCntl 2 } crRadiusServerRetransNormNotifEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to control the generation of crRadiusServerRetransNormNotif notification. A value of 'true' indicates that the notification will be generated when the current number of server retransmissions are less than or equal to crRadiusServerRetransThldNorm." DEFVAL { false } ::= { crRadiusServerNotifCntl 3 } crRadiusServerRetransHiNotifEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to control the generation of crRadiusServerRetransHiNotif notification. A value of 'true' indicates that the notification will be generated when the current number of server retransmissions are greater than or equal to crRadiusServerRetransThldHi." DEFVAL { false } ::= { crRadiusServerNotifCntl 4 } crRadiusServerRTTNormNotif NOTIFICATION-TYPE OBJECTS { crRadiusServerRTTThldNorm, crRadiusServerAddr, crRadiusServerAuthPort } STATUS current DESCRIPTION "This notification indicates that the current server round-trip time is less than or equal to crRadiusServerRTTThldNorm. Once sent, this notification will be disarmed until the round-trip time exceeds the value configured through crRadiusServerRTTThldHi." ::= { ciscoRadiusMIBNotifications 1 } crRadiusServerRTTHiNotif NOTIFICATION-TYPE OBJECTS { crRadiusServerRTTThldHi, crRadiusServerAddr, crRadiusServerAuthPort } STATUS current DESCRIPTION "This notification indicates that the current server round-trip time is greater than or equal to crRadiusServerRTTThldHi. Once sent, this notification will be disarmed until the round-trip time falls below the value configured through crRadiusServerRTTThldNorm." ::= { ciscoRadiusMIBNotifications 2 } crRadiusServerRetransNormNotif NOTIFICATION-TYPE OBJECTS { crRadiusServerRetransThldNorm, crRadiusServerAddr, crRadiusServerAuthPort } STATUS current DESCRIPTION "This notification indicates that the current number of server retransmissions are less than or equal to crRadiusServerRetransThldNorm. Once sent, this notification will be disarmed until the number of retransmissions exceed the value configured through crRadiusServerRetransThldHi." ::= { ciscoRadiusMIBNotifications 3 } crRadiusServerRetransHiNotif NOTIFICATION-TYPE OBJECTS { crRadiusServerRetransThldHi, crRadiusServerAddr, crRadiusServerAuthPort } STATUS current DESCRIPTION "This notification indicates that the current number of server retransmissions are greater than or equal to crRadiusServerRetransThldHi. Once sent, this notification will be disarmed until the number of retransmissions falls below the value configured through crRadiusServerRetransThldNorm." ::= { ciscoRadiusMIBNotifications 4 } -- Conformance ciscoRadiusMIBCompliances OBJECT IDENTIFIER ::= { ciscoRadiusMIBConformance 1 } ciscoRadiusMIBGroups OBJECT IDENTIFIER ::= { ciscoRadiusMIBConformance 2 } ciscoRadiusMIBCompliance MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "The compliance statement for entities which implement the CISCO-RADIUS-MIB." MODULE -- this module MANDATORY-GROUPS { crmConfigurationGroup } OBJECT crRadiusTimeout SYNTAX TimeIntervalSec (1..60) DESCRIPTION "Only the range 1-60 needs to be supported." OBJECT crRadiusRetransmits SYNTAX Unsigned32 (0..5) DESCRIPTION "Only the range 0-5 needs to be supported." OBJECT crRadiusServerAddrType SYNTAX INTEGER { ipv4(1), dns(16) } DESCRIPTION "Only dns and ipv4 addresses are needed to be supported." OBJECT crRadiusServerRowStatus SYNTAX INTEGER { active(1), createAndGo(4), destroy(6) } DESCRIPTION "Only 'active', 'createAndGo' and 'destroy' are needed to be supported." OBJECT crRadiusDeadtime MIN-ACCESS read-only DESCRIPTION "Only read-only access is needed to be implemented." ::= { ciscoRadiusMIBCompliances 1 } ciscoRadiusMIBCompliance2 MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "The compliance statement for entities which implement the CISCO-RADIUS-MIB." MODULE -- this module MANDATORY-GROUPS { crmConfigurationGroup } GROUP crmAttributesGroup DESCRIPTION "This group is mandatory only in implementation which support RADIUS attribute configuration." GROUP crmKeepAliveGroup DESCRIPTION "This group is mandatory only for implementation which supports RADIUS keep-alive feature." GROUP crmAutoInitializeConfigGroup DESCRIPTION "This group is mandatory only for implementation which supports RADIUS port auto initialization." GROUP crmAttributesGroup2 DESCRIPTION "This group is mandatory only in implementation which support additional RADIUS attribute configuration." OBJECT crRadiusTimeout SYNTAX TimeIntervalSec (1..60) DESCRIPTION "Only the range 1-60 needs to be supported." OBJECT crRadiusRetransmits SYNTAX Unsigned32 (0..5) DESCRIPTION "Only the range 0-5 needs to be supported." OBJECT crRadiusServerAddrType SYNTAX INTEGER { ipv4(1), dns(16) } DESCRIPTION "Only dns and ipv4 addresses are needed to be supported." OBJECT crRadiusServerRowStatus SYNTAX INTEGER { active(1), createAndGo(4), destroy(6) } DESCRIPTION "Only 'active', 'createAndGo' and 'destroy' are needed to be supported." OBJECT crRadiusDeadtime MIN-ACCESS read-only DESCRIPTION "Only read-only access is needed to be implemented." ::= { ciscoRadiusMIBCompliances 2 } ciscoRadiusMIBCompliance3 MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "The compliance statement for entities which implement the CISCO-RADIUS-MIB." MODULE -- this module MANDATORY-GROUPS { crmConfigurationGroup } GROUP crmAttributesGroup DESCRIPTION "This group is mandatory only in implementation which supports RADIUS attribute configuration." GROUP crmKeepAliveGroup DESCRIPTION "This group is mandatory only in implementation which supports RADIUS keep-alive feature." GROUP crmAutoInitializeConfigGroup DESCRIPTION "This group is mandatory only in implementation which supports RADIUS port auto initialization." GROUP crmAttributesGroup2 DESCRIPTION "This group is mandatory only in implementation which supports additional RADIUS attribute configuration." GROUP crmVlanConfigGroup DESCRIPTION "This group is mandatory only in implementation which supports RADIUS VLAN assignment configuration." GROUP crmRadiusKeepAliveUserGroup DESCRIPTION "This group is mandatory only in implementation which supports RADIUS keep-alive user configuration." OBJECT crRadiusTimeout SYNTAX TimeIntervalSec (1..60) DESCRIPTION "Only the range 1-60 needs to be supported." OBJECT crRadiusRetransmits SYNTAX Unsigned32 (0..5) DESCRIPTION "Only the range 0-5 needs to be supported." OBJECT crRadiusServerAddrType SYNTAX INTEGER { ipv4(1), dns(16) } DESCRIPTION "Only dns and ipv4 addresses are needed to be supported." OBJECT crRadiusServerRowStatus SYNTAX INTEGER { active(1), createAndGo(4), destroy(6) } DESCRIPTION "Only 'active', 'createAndGo' and 'destroy' are needed to be supported." OBJECT crRadiusDeadtime MIN-ACCESS read-only DESCRIPTION "Only read-only access is needed to be implemented." ::= { ciscoRadiusMIBCompliances 3 } ciscoRadiusMIBCompliance4 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for entities which implement the CISCO-RADIUS-MIB." MODULE -- this module MANDATORY-GROUPS { crmConfigurationGroup, crmConfigurationGroupSup1, crmRadiusServerNotifGroup, crmRadiusServerNotifCntlGroup } GROUP crmAttributesGroup DESCRIPTION "This group is mandatory only in implementation which supports RADIUS attribute configuration." GROUP crmKeepAliveGroup DESCRIPTION "This group is mandatory only in implementation which supports RADIUS keep-alive feature." GROUP crmAutoInitializeConfigGroup DESCRIPTION "This group is mandatory only in implementation which supports RADIUS port auto initialization." GROUP crmAttributesGroup2 DESCRIPTION "This group is mandatory only in implementation which supports additional RADIUS attribute configuration." GROUP crmVlanConfigGroup DESCRIPTION "This group is mandatory only in implementation which supports RADIUS VLAN assignment configuration." GROUP crmRadiusKeepAliveUserGroup DESCRIPTION "This group is mandatory only in implementation which supports RADIUS keep-alive user configuration." OBJECT crRadiusTimeout SYNTAX TimeIntervalSec (1..60) DESCRIPTION "Only the range 1-60 needs to be supported." OBJECT crRadiusRetransmits SYNTAX Unsigned32 (0..5) DESCRIPTION "Only the range 0-5 needs to be supported." OBJECT crRadiusServerAddrType SYNTAX INTEGER { ipv4(1), dns(16) } DESCRIPTION "Only dns and ipv4 addresses are needed to be supported." OBJECT crRadiusServerRowStatus SYNTAX INTEGER { active(1), createAndGo(4), destroy(6) } DESCRIPTION "Only 'active', 'createAndGo' and 'destroy' are needed to be supported." OBJECT crRadiusDeadtime MIN-ACCESS read-only DESCRIPTION "Only read-only access is needed to be implemented." ::= { ciscoRadiusMIBCompliances 4 } -- Units of Conformance crmConfigurationGroup OBJECT-GROUP OBJECTS { crRadiusLoginAuthentication, crRadiusAuthKey, crRadiusTimeout, crRadiusRetransmits, crRadiusDeadtime, crRadiusAccountingLogMaxSize, crRadiusAccountingMethod, crRadiusServerTableMaxEntries, crRadiusServerAddrType, crRadiusServerAddr, crRadiusServerAuthPort, crRadiusServerAcctPort, crRadiusServerKey, crRadiusServerType, crRadiusServerMode, crRadiusServerRowStatus } STATUS current DESCRIPTION "A collection of objects for RADIUS configuration." ::= { ciscoRadiusMIBGroups 1 } crmAttributesGroup OBJECT-GROUP OBJECTS { crRadiusFramedIpAddrIncluded } STATUS current DESCRIPTION "A collection of objects for RADIUS attributes configuration." ::= { ciscoRadiusMIBGroups 2 } crmVlanConfigGroup OBJECT-GROUP OBJECTS { crRadiusVlanAssignmentEnabled, crVlanGroupVlansLow, crVlanGroupVlansHigh, crVlanGroupRowStatus } STATUS current DESCRIPTION "A collection of objects for RADIUS Vlans assignment configuration." ::= { ciscoRadiusMIBGroups 3 } crmKeepAliveGroup OBJECT-GROUP OBJECTS { crRadiusKeepAliveEnabled, crRadiusKeepAliveInterval, crRadiusKeepAliveServerStatus } STATUS current DESCRIPTION "A collection of objects for RADIUS keep-alive information." ::= { ciscoRadiusMIBGroups 4 } crmAutoInitializeConfigGroup OBJECT-GROUP OBJECTS { crRadiusPortAutoInitialize } STATUS current DESCRIPTION "A collection of objects for RADIUS auto initialize configuration." ::= { ciscoRadiusMIBGroups 5 } crmAttributesGroup2 OBJECT-GROUP OBJECTS { crRadiusFramedMtu } STATUS current DESCRIPTION "A collection of additional objects for RADIUS attributes configuration." ::= { ciscoRadiusMIBGroups 6 } crmRadiusKeepAliveUserGroup OBJECT-GROUP OBJECTS { crRadiusKeepAliveUserName } STATUS current DESCRIPTION "A collection of objects for RADIUS keep-alive user configuration." ::= { ciscoRadiusMIBGroups 7 } crmRadiusServerNotifGroup NOTIFICATION-GROUP NOTIFICATIONS { crRadiusServerRTTNormNotif, crRadiusServerRTTHiNotif, crRadiusServerRetransNormNotif, crRadiusServerRetransHiNotif } STATUS current DESCRIPTION "This collection of notifications is used to monitor the responsiveness of the RADIUS server." ::= { ciscoRadiusMIBGroups 8 } crmConfigurationGroupSup1 OBJECT-GROUP OBJECTS { crRadiusServerRTTThldNorm, crRadiusServerRTTThldHi, crRadiusServerRetransThldNorm, crRadiusServerRetransThldHi } STATUS current DESCRIPTION "This group supplements crmConfigurationGroup, to configure the thresholds on the round-trip times and retransmission counts." ::= { ciscoRadiusMIBGroups 9 } crmRadiusServerNotifCntlGroup OBJECT-GROUP OBJECTS { crRadiusServerRTTNormNotifEnable, crRadiusServerRTTHiNotifEnable, crRadiusServerRetransNormNotifEnable, crRadiusServerRetransHiNotifEnable } STATUS current DESCRIPTION "This collection of objects control the generation of notifications related to RADIUS server." ::= { ciscoRadiusMIBGroups 10 } END