You are here:

MonitorTools.com > Technical documentation > SNMP > MIB > Cisco > CISCO-RADIUS-MIB
ActiveXperts Network Monitor 2019##AdminFavorites

CISCO-RADIUS-MIB by vendor Cisco

CISCO-RADIUS-MIB file content

The SNMP protocol is used to for conveying information and commands between agents and managing entities. SNMP uses the User Datagram Protocol (UDP) as the transport protocol for passing data between managers and agents. The reasons for using UDP for SNMP are, firstly it has low overheads in comparison to TCP, which uses a 3-way hand shake for connection. Secondly, in congested networks, SNMP over TCP is a bad idea because TCP in order to maintain reliability will flood the network with retransmissions.

Management information (MIB) is represented as a collection of managed objects. These objects together form a virtual information base called MIB. An agent may implement many MIBs, but all agents must implement a particular MIB called MIB-II [16]. This standard defines variables for things such as interface statistics (interface speeds, MTU, octets sent, octets received, etc.) as well as various other things pertaining to the system itself (system location, system contact, etc.). The main goal of MIB-II is to provide general TCP/IP management information.

Use ActiveXperts Network Monitor 2019 to import vendor-specific MIB files, inclusing CISCO-RADIUS-MIB.


Vendor: Cisco
Mib: CISCO-RADIUS-MIB  [download]  [view objects]
Tool: ActiveXperts Network Monitor 2019 [download]    (ships with advanced SNMP/MIB tools)
-- *********************************************************************
-- CISCO-RADIUS-MIB.my: Radius Configuration Mib
--
-- October 2002, Vinay Gaonkar
-- March   2004, Binh Le
--
-- Copyright (c) 2002, 2003, 2004 by cisco Systems, Inc.
-- All rights reserved.
-- 
-- *********************************************************************

CISCO-RADIUS-MIB DEFINITIONS ::= BEGIN

IMPORTS        
     MODULE-IDENTITY, OBJECT-TYPE, 
     Unsigned32                          FROM SNMPv2-SMI
     MODULE-COMPLIANCE, OBJECT-GROUP     FROM SNMPv2-CONF
     RowStatus,  TEXTUAL-CONVENTION,
     TruthValue                          FROM SNMPv2-TC
     InetAddressType, InetAddress        FROM INET-ADDRESS-MIB   
     SnmpAdminString                     FROM SNMP-FRAMEWORK-MIB
     ciscoMgmt                           FROM CISCO-SMI
     TimeIntervalMin, TimeIntervalSec,        
     CiscoPort                           FROM CISCO-TC;


ciscoRadiusMIB MODULE-IDENTITY
        LAST-UPDATED "200403030000Z"
        ORGANIZATION "Cisco Systems Inc. "
        CONTACT-INFO
                "     Cisco Systems
                      Customer Service
                Postal: 170 W Tasman Drive
                      San Jose, CA  95134
                      USA
                Tel: +1 800 553 -NETS
                E-mail: cs-san@cisco.com"
        DESCRIPTION
                "MIB module for monitoring and configuring 
                authentication and logging services using RADIUS
                (Remote Authentication Dial In User Service) related 
                objects.

                The RADIUS (RFC2865) framework consists of clients and 
                servers. A client is responsible for passing user 
                information to designated RADIUS servers, and then 
                acting on the response which is returned.

                RADIUS server is responsible for receiving user 
                connection requests, authenticating the user, and then
                returning all configuration information necessary for 
                the client to deliver service to the user.

                This MIB module also contains objects for 
                enabling/disabling telnet and SSH (Secure Shell) 
                authentication. Secure Shell is program which is used 
                to log into another machine over a secured session."

        REVISION   "200403030000Z"
        DESCRIPTION
                "Added support of 
                    crRadiusFramedIpAddrIncluded,
                    crRadiusVlanAssignmentEnabled,
                    crVlanGroupTable.

                 Added http(2) bit to crRadiusLoginAuthentication."

        REVISION   "200211090000Z"
        DESCRIPTION
                "Removed the TC CiscoRadiusAuthKeyType.
                Added new TC CiscoRadiusAuthKey.
                Removed the objects crRadiusAuthKeyType and 
                crRadiusServerKeyType.
                Changed the SYNTAX of objects crRadiusAuthKey and 
                crRadiusServerKey."

        REVISION   "200210080000Z"
        DESCRIPTION
                "Initial version of this MIB module."
        ::= { ciscoMgmt 288 }

ciscoRadiusMIBObjects OBJECT IDENTIFIER     ::= { ciscoRadiusMIB 1 }
ciscoRadiusMIBConformance OBJECT IDENTIFIER ::= { ciscoRadiusMIB 2 }
crRadiusGenericConfig    OBJECT IDENTIFIER 
                                     ::= { ciscoRadiusMIBObjects 1 }    
crRadiusServerConfig     OBJECT IDENTIFIER 
                                     ::= { ciscoRadiusMIBObjects 2 }
crRadiusAttributesConfig OBJECT IDENTIFIER
                                     ::= { ciscoRadiusMIBObjects 3 }
crRadiusVlanConfigGroup  OBJECT IDENTIFIER
                                     ::= { ciscoRadiusMIBObjects 4 }

-- Textual Conventions
CiscoRadiusAuthKey ::= TEXTUAL-CONVENTION
    STATUS   current
    DESCRIPTION
           "The authentication key of a radius server.
           The first octet of this object contains the the type of key.
           The octets following the first octet contain the key.
           If the value of the first object is ascii value 'p', then the
           key is in plain text.
           If the value of first object is ascii value 'e', the key is 
           encrypted.
           Note that this object has same format as TC DisplayString."
    SYNTAX OCTET STRING (SIZE (0..65))

--
-- the RADIUS Configuration group
--

crRadiusLoginAuthentication OBJECT-TYPE
    SYNTAX        BITS { telnet (0), console (1), http (2) }
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION   
           "The login authentication using RADIUS feature is enabled for
           telnet/SSH sessions if the 'telnet (0) ' bit is set, and 
           disabled if this bit is reset.

           The login authentication using RADIUS feature is enabled for
           console sessions if the 'console (1) ' bit is set, and 
           disabled if this bit is reset.

           The login authentication using RADIUS feature is enabled for
           remote web sessions if the 'http (2) ' bit is set, and 
           disabled if this bit is reset."
    DEFVAL { {} }
    ::= { crRadiusGenericConfig 1 }

crRadiusDeadtime OBJECT-TYPE
    SYNTAX        TimeIntervalMin (0..1440)
    UNITS         "minutes"
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION   
           "Indicates the length of time in minutes that the system will
           mark the server dead when a RADIUS server does not respond to
           an authentication request.  During the interval of the dead 
           time, any authentication request that comes up would not be 
           sent to that RADIUS server that was marked as dead. The 
           default value of 0 means that the RADIUS servers will not be
           marked dead if they do not respond."
    DEFVAL { 0 }
    ::= { crRadiusGenericConfig 2 }

crRadiusAuthKey OBJECT-TYPE
    SYNTAX        CiscoRadiusAuthKey
    MAX-ACCESS    read-write
    STATUS        current                        
    DESCRIPTION   
           "The key used in encrypting the packets passed between the 
           RADIUS server and the client. This key must match the one 
           configured on the server.

           A zero-length string is always returned when this object is 
           read."
    ::= { crRadiusGenericConfig 3 }

crRadiusTimeout OBJECT-TYPE
    SYNTAX        TimeIntervalSec (1..1000)
    UNITS         "seconds"
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION   
           "This is the time in seconds between retransmissions to
           the RADIUS server."
    DEFVAL { 1 }
    ::= { crRadiusGenericConfig 4 }  
        
crRadiusRetransmits OBJECT-TYPE
    SYNTAX        Unsigned32 (0..100)
    UNITS         "retransmits"
    MAX-ACCESS    read-write
    STATUS        current                     
    DESCRIPTION   
           "The additional number of times the RADIUS server should be 
           tried by the RADIUS client before giving up on the server."
    DEFVAL { 1 }
    ::= { crRadiusGenericConfig 5 }       

crRadiusAccountingLogMaxSize  OBJECT-TYPE
    SYNTAX              Unsigned32 (0..30000)
    UNITS               "bytes"
    MAX-ACCESS          read-write
    STATUS              current
    DESCRIPTION   
           "The maximum size of the accounting log file in bytes. 
            The log file is stored on local persistent storage at the
            device. If the size is set to a smaller value than the 
            existing one, then smaller log will be available for view 
            by the user."
    DEFVAL { 30000 }
    ::= { crRadiusGenericConfig 6 }

crRadiusAccountingMethod  OBJECT-TYPE
    SYNTAX          BITS { radius(0), local(1) }
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION   
           "The accounting method on the device. If bit 0
            is set, the accounting method is RADIUS. If bit 1
            is set, then the accounting method is local. It is
            possible for the user to set both the bits so that
            both the RADIUS as well as local accounting methods
            are used. It is also possible to set none of the 
            methods; in this case the switch will not do any
            accounting."
    ::= { crRadiusGenericConfig 7 }

crRadiusFramedIpAddrIncluded OBJECT-TYPE
    SYNTAX        TruthValue
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
           "Specifies if Access-Request packets will include
            Framed-IP-Address attributes."
    ::= { crRadiusAttributesConfig 1 }

crRadiusServerTableMaxEntries OBJECT-TYPE
    SYNTAX        Unsigned32 (0..65536)
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION   
           "The maximum number of entries that the agent supports in the
           crRadiusServerTable."
    ::= { crRadiusServerConfig 1 }

--
-- crRadiusServerTable
--
                          
crRadiusServerTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF CrRadiusServerEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION   
           "This table lists RADIUS servers."
    ::= { crRadiusServerConfig 2 }
                                 
crRadiusServerEntry OBJECT-TYPE
    SYNTAX        CrRadiusServerEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION   
           "A RADIUS server table entry.
           
           Users can add/delete entries in this table using object
           'crRadiusServerRowStatus'. 

           An entry cannot be created until following objects are 
           instantiated :
           - crRadiusServerAddrType
           - crRadiusServerAddr

           Also, following objects cannot be modified when 
           'crRadiusServerRowStatus' is 'active' :
           - crRadiusServerAddrType
           - crRadiusServerAddr

           To modify above objects, the entry must be deleted and 
           re-created with new values of above objects.
           
           If 'crRadiusServerKey' is not instantiated or is a 
           zero-length string, then value of the object 
           'crRadiusAuthkey' is used as the key to communicate with the
           corresponding RADIUS server."
    INDEX  { crRadiusServerIndex}
    ::= { crRadiusServerTable 1 }

CrRadiusServerEntry ::=
    SEQUENCE {                             
          crRadiusServerIndex        Unsigned32,
          crRadiusServerAddrType     InetAddressType,
          crRadiusServerAddr         InetAddress,
          crRadiusServerAuthPort     CiscoPort,
          crRadiusServerAcctPort     CiscoPort,
          crRadiusServerKey          CiscoRadiusAuthKey,
          crRadiusServerType         INTEGER,
          crRadiusServerMode         INTEGER,
          crRadiusServerRowStatus    RowStatus
    }

crRadiusServerIndex OBJECT-TYPE
    SYNTAX        Unsigned32 (1..4294967295)
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION   
           "An arbitrary integer value, greater than zero, and less than
           and equal to crRadiusServerTableMaxEntries, which identifies
           a RADIUS Server in this table.
           The value of this object must be persistent across 
           reboots/reinitialization of the device."
    ::= { crRadiusServerEntry 1 }

crRadiusServerAddrType OBJECT-TYPE
    SYNTAX        InetAddressType
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION   
           "The type of address of the RADIUS Server as specified by 
           object 'crRadiusServerAddr'."
    DEFVAL { ipv4 }
    ::= { crRadiusServerEntry 2 }

crRadiusServerAddr OBJECT-TYPE
    SYNTAX        InetAddress
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION   
           "The address of the RADIUS Server."
    ::= { crRadiusServerEntry 3 }

crRadiusServerAuthPort OBJECT-TYPE
    SYNTAX        CiscoPort
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION   
           "This is the destination UDP port number to which RADIUS 
           authentication messages should be sent. The RADIUS server 
           will not be used for authentication if this port number is 
           0."
    DEFVAL { 1812 }
    ::= { crRadiusServerEntry 4 }

crRadiusServerAcctPort OBJECT-TYPE
    SYNTAX        CiscoPort
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION  
           "This is the destination UDP port number to which RADIUS 
           accounting messages should be sent."
    DEFVAL { 1813 }
    ::= { crRadiusServerEntry 5 }

crRadiusServerKey OBJECT-TYPE
    SYNTAX        CiscoRadiusAuthKey
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
           "The key used in encrypting the packets passed between the 
           RADIUS server and the client. This key must match the one 
           configured on the server.

           A zero-length string is always returned when this object is 
           read.
       
           Note that if this object is a zero length string, then 
           'crRadiusAuthKey' is used as the key for this server."
    DEFVAL { ''H }
    ::= { crRadiusServerEntry 6 }

crRadiusServerType OBJECT-TYPE
    SYNTAX        INTEGER {
                     other (1),
                     primary (2)
                  }
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION   
           "Type of the RADIUS server.
                other (1),  - a lower priority server
                primary (2) - the primary server which is tried first
                               by the RADIUS client.
           "
    DEFVAL { other }
    ::= { crRadiusServerEntry 7 }                         
       
crRadiusServerMode OBJECT-TYPE
    SYNTAX        INTEGER {
                      none (1),
                      authAndAcct (2),
                      authOnly (3),
                      acctOnly (4)
                  }
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION  
           "Mode of the RADIUS server.
              none (1)        - neither authentication nor
                                accounting 
              authAndAcct (2) - both authentication and 
                                accounting
              authOnly (3)    - only for authentication
              acctOnly (4)    - only for accounting.
           "
    DEFVAL {authAndAcct}
    ::= { crRadiusServerEntry 8 }
 
crRadiusServerRowStatus OBJECT-TYPE
    SYNTAX        RowStatus
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION   
           "Status of this row."
    ::= { crRadiusServerEntry 9 }

crRadiusVlanAssignmentEnabled OBJECT-TYPE
    SYNTAX        TruthValue
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "Specifies if VLANs will be assigned by RADIUS server 
         via the tunnel attribute during the authentication."
    ::= { crRadiusVlanConfigGroup 1 }


crVlanGroupTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF CrVlanGroupEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A table containing VLAN Group Mapping information for the
         purpose of distributing users across multiple VLANs which
         have the same group name."
    ::= { crRadiusVlanConfigGroup 2 }

crVlanGroupEntry OBJECT-TYPE
    SYNTAX        CrVlanGroupEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry containing an VLAN Group Mapping information
         applicable to a particular VLAN. Entries in this table can
         be created or deleted using cpaeVlanGroupRowStatus object."
    INDEX { crVlanGroupName }
    ::= { crVlanGroupTable 1 }

CrVlanGroupEntry ::= SEQUENCE {
    crVlanGroupName             SnmpAdminString,
    crVlanGroupVlansLow         OCTET STRING,
    crVlanGroupVlansHigh        OCTET STRING,
    crVlanGroupRowStatus        RowStatus
}


crVlanGroupName OBJECT-TYPE
    SYNTAX        SnmpAdminString 
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "Specifies the name of the VLAN group."
    ::= { crVlanGroupEntry 1 }

crVlanGroupVlansLow OBJECT-TYPE
    SYNTAX        OCTET STRING (SIZE(0..256))
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "A string of octets containing one bit per VLAN for VLANs
         with VlanIndex value of 0 to 2047. 

         Each octet within this value specifies a set of eight
         VLANs, with the first octet specifying VLANs 0 through
         7, the second octet specifying VLANs 8 through 15, etc.
         Within each octet, the most significant bit represents
         the lowest numbered VLAN, and the least significant bit
         represents the highest numbered VLAN. Thus, each VLAN
         of the device is represented by a single bit within
         the value of this object. If that bit has a value of
         '1' then that VLAN is included in the group; the VLAN
         is not mapped to the group if its bit has a value of
         '0'."
    ::= { crVlanGroupEntry 2 }

crVlanGroupVlansHigh OBJECT-TYPE
    SYNTAX        OCTET STRING (SIZE(0..256))
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "A string of octets containing one bit per VLAN for VLANs
         with VlanIndex value of 2048 to 4095. 

         Each octet within this value specifies a set of eight
         VLANs, with the first octet specifying VLANs 2048 through
         2055, the second octet specifying VLANs 2056 through 2063,
         etc. Within each octet, the most significant bit represents
         the lowest numbered VLAN, and the least significant bit
         represents the highest numbered VLAN. Thus, each VLAN
         of the device is represented by a single bit within
         the value of this object. If that bit has a value of
         '1' then that VLAN is included in the group; the VLAN
         is not mapped to the group if its bit has a value of
         '0'."
    ::= { crVlanGroupEntry 3 }

crVlanGroupRowStatus OBJECT-TYPE
    SYNTAX        RowStatus
    MAX-ACCESS    read-create
    STATUS        current
    DESCRIPTION
        "This object is used to manage the creation and deletion
         of rows in this table.

         The only way to create an entry is by setting the value
         createAndGo(4), and the only way to delete an entry is by
         setting the value destroy(6) to this object."
    ::= { crVlanGroupEntry 4 }

--
-- Conformance
--
ciscoRadiusMIBCompliances
       OBJECT IDENTIFIER ::= { ciscoRadiusMIBConformance 1 }
ciscoRadiusMIBGroups
       OBJECT IDENTIFIER ::= { ciscoRadiusMIBConformance 2 }

ciscoRadiusMIBCompliance MODULE-COMPLIANCE
    STATUS   current   
    DESCRIPTION
           "The compliance statement for entities which implement the 
           CISCO-RADIUS-MIB."
    MODULE 
          MANDATORY-GROUPS { crmConfigurationGroup}

    OBJECT crRadiusTimeout
    SYNTAX        TimeIntervalSec (1..60)
    DESCRIPTION
           "Only the range 1-60 needs to be supported."

    OBJECT crRadiusRetransmits
    SYNTAX        Unsigned32 (0..5)
    DESCRIPTION
           "Only the range 0-5 needs to be supported."

    OBJECT crRadiusServerAddrType             
    SYNTAX      INTEGER {
                   ipv4 (1),
                   dns (16)                                     
               }                                               
    DESCRIPTION 
           "Only dns and ipv4 addresses are needed to be supported."
               
    OBJECT crRadiusServerRowStatus             
    SYNTAX      INTEGER {
                   active (1),                                     
                   createAndGo (4),
                   destroy (6)
               }                                               
    DESCRIPTION 
           "Only 'active', 'createAndGo' and 'destroy' are needed to be
           supported."
       
    OBJECT crRadiusDeadtime             
    MIN-ACCESS read-only
    DESCRIPTION 
           "Only read-only access is needed to be implemented."

    ::= { ciscoRadiusMIBCompliances 1 }

-- Units of Conformance

crmConfigurationGroup  OBJECT-GROUP
    OBJECTS  { crRadiusLoginAuthentication, 
               crRadiusAuthKey, 
               crRadiusTimeout, 
               crRadiusRetransmits, 
               crRadiusDeadtime,
               crRadiusAccountingLogMaxSize,
               crRadiusAccountingMethod,
               crRadiusServerTableMaxEntries,
               crRadiusServerAddrType,
               crRadiusServerAddr,
               crRadiusServerAuthPort,
               crRadiusServerAcctPort,
               crRadiusServerKey,
               crRadiusServerType,
               crRadiusServerMode,
               crRadiusServerRowStatus
             }
    STATUS   current
    DESCRIPTION
           "A collection of objects for RADIUS configuration."
    ::= { ciscoRadiusMIBGroups 1 }

crmAttributesGroup OBJECT-GROUP
    OBJECTS { crRadiusFramedIpAddrIncluded }
    STATUS  current
    DESCRIPTION
           "A collection of objects for RADIUS attributes
            configuration."
    ::= { ciscoRadiusMIBGroups 2 }

crmVlanConfigGroup OBJECT-GROUP
    OBJECTS { crRadiusVlanAssignmentEnabled,
              crVlanGroupVlansLow,
              crVlanGroupVlansHigh,
              crVlanGroupRowStatus
            }
    STATUS  current
    DESCRIPTION
           "A collection of objects for RADIUS Vlans assignment
            configuration."
    ::= { ciscoRadiusMIBGroups 3 }

END