CISCO-AAA-SERVER-EXT-MIB device MIB details by Cisco
CISCO-AAA-SERVER-EXT-MIB file content
The SNMP protocol is used to for conveying information and commands between agents and managing entities. SNMP uses the User Datagram Protocol (UDP) as the transport protocol for passing data between managers and agents. The reasons for using UDP for SNMP are, firstly it has low overheads in comparison to TCP, which uses a 3-way hand shake for connection. Secondly, in congested networks, SNMP over TCP is a bad idea because TCP in order to maintain reliability will flood the network with retransmissions.
Management information (MIB) is represented as a collection of managed objects. These objects together form a virtual information base called MIB. An agent may implement many MIBs, but all agents must implement a particular MIB called MIB-II [16]. This standard defines variables for things such as interface statistics (interface speeds, MTU, octets sent, octets received, etc.) as well as various other things pertaining to the system itself (system location, system contact, etc.). The main goal of MIB-II is to provide general TCP/IP management information.
Use ActiveXperts Network Monitor 2024 to import vendor-specific MIB files, inclusing CISCO-AAA-SERVER-EXT-MIB.
| Vendor: | Cisco |
|---|---|
| Mib: | CISCO-AAA-SERVER-EXT-MIB [download] [view objects] |
| Tool: | ActiveXperts Network Monitor 2024 [download] (ships with advanced SNMP/MIB tools) |
-- ********************************************************************* -- CISCO-AAA-SERVER-EXT-MIB.my: AAA Server Extension MIB -- -- November 2003, Sanjeev C Joshi -- -- Copyright (c) 2003 by cisco Systems, Inc. -- All rights reserved. -- -- ********************************************************************* CISCO-AAA-SERVER-EXT-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32 FROM SNMPv2-SMI InetAddressType, InetAddress FROM INET-ADDRESS-MIB MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF RowStatus, TruthValue, TEXTUAL-CONVENTION, DisplayString FROM SNMPv2-TC SnmpAdminString FROM SNMP-FRAMEWORK-MIB ciscoMgmt FROM CISCO-SMI casConfigEntry, CiscoAAAProtocol FROM CISCO-AAA-SERVER-MIB TimeIntervalMin, TimeIntervalSec FROM CISCO-TC; ciscoAAAServerExtMIB MODULE-IDENTITY LAST-UPDATED "200311140000Z" ORGANIZATION "Cisco Systems, Inc." CONTACT-INFO " Cisco Systems Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: cs-aaa@cisco.com" DESCRIPTION "This MIB is an extension to the CISCO-AAA-SERVER-MIB. This MIB module enhances the 'casConfigTable' to include other types of Server addresses. This also provides management of : - Generic configurations as applied on the AAA module. - Global configuration settings, i.e., settings for all the AAA Servers instrumented in one instance of this MIB. - Server Group configuration - Application-to-AAA Function-to-Server Group mapping configuration." REVISION "200311140000Z" DESCRIPTION "Initial version of this MIB." ::= { ciscoMgmt 367 } -- -- AAA Server MIB object definitions -- ciscoAAASvrExtMIBObjects OBJECT IDENTIFIER ::= { ciscoAAAServerExtMIB 1 } ciscoAAASvrExtMIBConformance OBJECT IDENTIFIER ::= { ciscoAAAServerExtMIB 2 } cAAASvrExtGenericConfig OBJECT IDENTIFIER ::= { ciscoAAASvrExtMIBObjects 1 } cAAASvrExtSvrTableConfig OBJECT IDENTIFIER ::= { ciscoAAASvrExtMIBObjects 2 } cAAASvrExtProtoParamConfig OBJECT IDENTIFIER ::= { ciscoAAASvrExtMIBObjects 3 } cAAASvrExtSvrGrpConfig OBJECT IDENTIFIER ::= { ciscoAAASvrExtMIBObjects 4 } cAAASvrExtAppSvrGrpMapConfig OBJECT IDENTIFIER ::= { ciscoAAASvrExtMIBObjects 5 } -- -- Textual Conventions -- CiscoAAAServerKeyEncrType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Encryption type used for the AAA Server auth key. plain(1) - Plain Text encrypted(2) - Encrypted ." SYNTAX INTEGER { plain(1), encrypted(2) } -- -- Generic configurations for AAA module - cAAASvrExtGenericConfig -- cAAASvrExtLocalAccLogMaxSize OBJECT-TYPE SYNTAX Unsigned32 (0..100000000) UNITS "bytes" MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum size of the accounting log file in bytes. The log file is stored on local persistent storage at the device. If the size is set to a smaller value than the existing one, then smaller log will be available for view by the user." ::= { cAAASvrExtGenericConfig 1 } cAAASvrExtSvrGrpSvrListMaxEnt OBJECT-TYPE SYNTAX Unsigned32 (1..64) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of AAA Server entries that the agent supports within a Server Group. This puts the restriction of number of AAA Servers in the 'cAAAServerList' of 'cAAASvrExtSvrGrpConfigTable'." ::= { cAAASvrExtGenericConfig 2 } cAAASvrExtAppToSvrGrpMaxEnt OBJECT-TYPE SYNTAX Unsigned32 (0..64) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of Server Groups entries that the agent supports for application type on per AAA operation basis excluding the 'Local' and 'Trivial' modes. This puts the restriction of number of Server Groups in the 'cAAASvrGrpList' of 'cAAASvrExtSerSvrGrpConfigTable'." ::= { cAAASvrExtGenericConfig 3 } -- -- Server Configuration Table cAAASvrExtSvrTableConfig -- cAAASvrExtConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF AAASvrExtEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table extends the 'casConfigTable' from CISCO-AAA-SERVER-MIB to provide configuration flexibility. An entry cannot be created until at least one of the following objects/object-set are instantiated : - cAAAServerAddrType and cAAAServerAddr set Or - casAddress of casConfigTable If both 'casAddress' and 'cAAAServerAddr'(along with 'cAAAServerAddrType') are set during the row creation, the values need to be consistent. Else it results in an error." ::= { cAAASvrExtSvrTableConfig 1 } cAAASvrExtConfigEntry OBJECT-TYPE SYNTAX AAASvrExtEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) in cAAASvrExtConfigTable." AUGMENTS { casConfigEntry } ::= { cAAASvrExtConfigTable 1} AAASvrExtEntry ::= SEQUENCE { cAAAServerAddrType InetAddressType, cAAAServerAddr InetAddress, cAAAServerKeyEncrType CiscoAAAServerKeyEncrType, cAAAServerDeadTime TimeIntervalMin, cAAAServerTimeOut TimeIntervalSec, cAAAServerRetransmits Unsigned32 } cAAAServerAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of address of the AAA Server as specified by object 'cAAAServerAddr'. If the user sets 'casAddress' column of the 'casConfigTable', then 'cAAAServerAddrType' is appropriately filled by the agent. If the user specifies a value other than 'ipv4', then the 'casAddress' is set to zero-length string." DEFVAL { ipv4 } ::= { cAAASvrExtConfigEntry 1 } cAAAServerAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The address of the AAA Server. If the users sets 'casAddress' column of the 'casConfigTable', then 'cAAAServerAddr' is appropriately filled by the agent." ::= { cAAASvrExtConfigEntry 2 } cAAAServerKeyEncrType OBJECT-TYPE SYNTAX CiscoAAAServerKeyEncrType MAX-ACCESS read-create STATUS current DESCRIPTION "The encryption type of the corresponding instance of the server key 'casKey' in the augmented row of the 'casConfigTable'." DEFVAL { plain } ::= { cAAASvrExtConfigEntry 3 } cAAAServerDeadTime OBJECT-TYPE SYNTAX TimeIntervalMin (0..1440) UNITS "minutes" MAX-ACCESS read-create STATUS current DESCRIPTION "This indicates the length of time in minutes that the system will mark the server dead when a AAA server does not respond to an authentication request. During the interval of the dead time, any authentication request that comes up would not be sent to that AAA server that was marked as dead. This value overrides value set in the 'cAAAServerProtoDeadTime' of the 'cAAASvrExtProtocolParamTable' for this server. If this value is zero, then the value set in the 'cAAAServerProtoDeadTime' is used." DEFVAL { 0 } ::= { cAAASvrExtConfigEntry 4 } cAAAServerTimeOut OBJECT-TYPE SYNTAX TimeIntervalSec (0..1000) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The time in seconds between retransmissions to the AAA server.This value overrides value set in the 'cAAAServerProtoTimeOut' of the 'cAAASvrExtProtocolParamTable' for this server. If this value is zero, then the value set in the 'cAAAServerProtoTimeOut' is used." DEFVAL { 0 } ::= { cAAASvrExtConfigEntry 5 } cAAAServerRetransmits OBJECT-TYPE SYNTAX Unsigned32 (0..100) UNITS "retransmits" MAX-ACCESS read-create STATUS current DESCRIPTION "The additional number of times the AAA server should be tried by the AAA client before giving up on the server. This value overrides value set in the 'cAAAServerProtoTimeOut' of the 'cAAASvrExtProtocolParamTable' for this server. If this value is zero, then the value set in the 'cAAAServerProtoRetransmits' is used." DEFVAL { 0 } ::= { cAAASvrExtConfigEntry 6 } -- -- AAA protocol parameter configuration - cAAASvrExtProtoParamConfig -- cAAASvrExtProtocolParamTable OBJECT-TYPE SYNTAX SEQUENCE OF ProtocolParamEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the per-protocol parameters for use by all AAA Servers instrumented in one instance of this MIB." ::= { cAAASvrExtProtoParamConfig 1 } cAAASvrExtProtocolParamEntry OBJECT-TYPE SYNTAX ProtocolParamEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) in 'cAAASvrExtProtocolParamTable'. Each row of the table indicates the protocol parameters setting for a particular AAA protocol. New entries can not be created. The existing rows can only be modified." INDEX { cAAAServerProtocol } ::= { cAAASvrExtProtocolParamTable 1 } ProtocolParamEntry ::= SEQUENCE { cAAAServerProtocol CiscoAAAProtocol, cAAAServerProtoAuthKey DisplayString, cAAAServerProtoKeyEncrType CiscoAAAServerKeyEncrType, cAAAServerProtoDeadTime TimeIntervalMin, cAAAServerProtoTimeOut TimeIntervalSec, cAAAServerProtoRetransmits Unsigned32, cAAAServerProtoSvrTableMaxEnt Unsigned32 } cAAAServerProtocol OBJECT-TYPE SYNTAX CiscoAAAProtocol MAX-ACCESS not-accessible STATUS current DESCRIPTION "The AAA Protocol for which these settings are being applied." ::= { cAAASvrExtProtocolParamEntry 1 } cAAAServerProtoAuthKey OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "The key used in encrypting the packets passed between the AAA server and the client.This key must match the one configured on the server. This Object is similar to the 'caskey'. If the 'caskey' of the 'casConfigTable' is administratively set to zero length string, then this key used. Retrieving the value of this object via SNMP will always return an empty string for security reasons." DEFVAL { "" } ::= { cAAASvrExtProtocolParamEntry 2 } cAAAServerProtoKeyEncrType OBJECT-TYPE SYNTAX CiscoAAAServerKeyEncrType MAX-ACCESS read-write STATUS current DESCRIPTION "The encryption type of the server key 'cAAAServerProtoAuthKey'." DEFVAL { plain } ::= { cAAASvrExtProtocolParamEntry 3 } cAAAServerProtoDeadTime OBJECT-TYPE SYNTAX TimeIntervalMin (0..1440) UNITS "minutes" MAX-ACCESS read-write STATUS current DESCRIPTION "The DeadTime setting for AAA Servers. If 'cAAAServerDeadTime' of 'cAAASvrExtConfigTable' is zero, this value is used. This indicates the length of time in minutes that the system will mark the server dead when a AAA server does not respond to an authentication request. During the interval of the dead time, any authentication request that comes up would not be sent to that AAA server that was marked as dead. The default value of 0 means that the AAA servers will not be marked dead if they do not respond." DEFVAL { 0 } ::= { cAAASvrExtProtocolParamEntry 4 } cAAAServerProtoTimeOut OBJECT-TYPE SYNTAX TimeIntervalSec (1..1000) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "The time in seconds between retransmissions to the AAA server. If 'cAAAServerTimeOut' of 'cAAASvrExtConfigTable' is zero , this value is used." DEFVAL { 1 } ::= { cAAASvrExtProtocolParamEntry 5 } cAAAServerProtoRetransmits OBJECT-TYPE SYNTAX Unsigned32 (0..100) UNITS "retransmits" MAX-ACCESS read-write STATUS current DESCRIPTION "The additional number of times the AAA server should be tried by the AAA client before giving up on the server. If 'cAAAServerRetransmits' of 'cAAASvrExtConfigTable' is zero, this value is used." DEFVAL { 1 } ::= { cAAASvrExtProtocolParamEntry 6 } cAAAServerProtoSvrTableMaxEnt OBJECT-TYPE SYNTAX Unsigned32 (0..65536) MAX-ACCESS read-only STATUS current DESCRIPTION "Each instance of this object specifies the maximum number of AAA server entries in the 'casConfigTable', for a particular protocol." ::= { cAAASvrExtProtocolParamEntry 7 } -- -- Server Group Configuration Table - cAAASvrExtSvrGrpConfig -- cAAASvrExtSvrGrpConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF ServerGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table consisting of entries for Server Groups. A server group consists of a number of AAA servers implementing the same AAA protocol. Multiple server groups (usually one group for TACACS+ and one group for RADIUS) can be used for the same service for authentication, authorization and accounting purpose. An entry cannot be created until following objects are instantiated - cAAASvrGrpName - cAAASvrGrpProtocol - cAAAServerList with at least one member Note that an implementation may support any number of permanent rows which cannot be deleted. These permanent groups are system defined groups and not created by the user." ::= { cAAASvrExtSvrGrpConfig 1 } cAAASvrExtSvrGrpConfigEntry OBJECT-TYPE SYNTAX ServerGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) in the cAAASvrExtSvrGrpConfigTable. " INDEX { cAAASvrGrpIndex } ::= { cAAASvrExtSvrGrpConfigTable 1} ServerGroupEntry ::= SEQUENCE { cAAASvrGrpIndex Unsigned32, cAAASvrGrpName SnmpAdminString, cAAASvrGrpProtocol CiscoAAAProtocol, cAAAServerList OCTET STRING, cAAASvrGrpConfigRowStatus RowStatus } cAAASvrGrpIndex OBJECT-TYPE SYNTAX Unsigned32 (1..100) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index for each of the Server Group entries." ::= { cAAASvrExtSvrGrpConfigEntry 1 } cAAASvrGrpName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "The name of the Server Group. The 'cAAASvrGrpName' has to be specified by the user during the creation of this row entry. The cAAASvrGrpName can not be modified when cAAASvrGrpConfigRowStatus is 'active'." ::= { cAAASvrExtSvrGrpConfigEntry 2 } cAAASvrGrpProtocol OBJECT-TYPE SYNTAX CiscoAAAProtocol MAX-ACCESS read-create STATUS current DESCRIPTION "The AAA Protocol to which this Server Group belongs to. The cAAASvrGrpProtocol can not be modified when cAAASvrGrpConfigRowStatus is 'active'." DEFVAL {tacacsplus} ::= { cAAASvrExtSvrGrpConfigEntry 3 } cAAAServerList OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4..256)) MAX-ACCESS read-create STATUS current DESCRIPTION "This represents ordered list of AAA Servers which form this Server Group. This object contains list of the AAA Servers as defined in the 'casConfigTable'. The value of this object is a concatenation of one or more 4-octet strings, where each 4-octet string represents a 32-bit 'casIndex' value of 'casConfigTable' in network byte order. This Index along with the 'cAAASvrGrpProtocol' that is set in the same row form the composite index in the 'casConfigTable'. The order in which servers occur within the value of this object determines the Server priority in that group. The first one will be 'Primary' and the rest are 'secondary' ( others). At least one index has to be provided when creating this row. A Server Group can not exist without any members. The maximum AAA Servers that can be specified is limited by 'cAAASvrExtSvrGrpSvrListMaxEnt' value." ::= { cAAASvrExtSvrGrpConfigEntry 4 } cAAASvrGrpConfigRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this conceptual row.This object can not be set to 'active' unless the corresponding value of 'cAAASvrGrpName' is unique. Once value of this object is set to 'active', the associated entry can not be modified except destroyed by setting this object to destroy(6)." ::= { cAAASvrExtSvrGrpConfigEntry 5 } -- -- Application-Server Group mapping configuration -- cAAASvrExtAppSvrGrpMapConfig -- cAAASvrExtAppSvrGrpConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF AppSvrGrpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table associating the AAA server groups for specific AAA function for a given Application and Application Sub-Type. If the device encounters ERRORs from server(s) in first group of 'cAAASvrGrpList',it will try servers in next server group. The order in which Server Groups occur within the value of 'cAAASvrGrpList' decides the order of trial for AAA function. Similarly, within a server group, each server in the group will be tried one by one until one of them responds with either SUCCESS or FAIL. In case all the Server Groups return ERROR, 'Local' mechanism ('cAAASvrGrpLocal') followed by 'Trivial' mechanism ('cAAASvrGrpTrivial') are tried, if so configured." ::= { cAAASvrExtAppSvrGrpMapConfig 1 } cAAASvrExtAppSvrGrpConfigEntry OBJECT-TYPE SYNTAX AppSvrGrpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) in the cAAASvrExtSerSvrGrpConfigTable. New entries can not be created. The existing rows only can be modified." INDEX { cAAAApplicationType, cAAAApplicationSubType, cAAAFunction } ::= { cAAASvrExtAppSvrGrpConfigTable 1} AppSvrGrpEntry ::= SEQUENCE { cAAAApplicationType INTEGER, cAAAApplicationSubType INTEGER, cAAAFunction INTEGER, cAAASvrGrpLocal TruthValue, cAAASvrGrpTrivial TruthValue, cAAASvrGrpList OCTET STRING } cAAAApplicationType OBJECT-TYPE SYNTAX INTEGER { default (1), login (2), dhchap (3), iSCSI (4) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Application type for which this AAA configuration is applied. Each of these applications uses AAA services on the device. 'login' application includes console, telnet and SSH based login using the username and password. DHCHAP (Diffie Hellman Challenge Handshake Authentication Protocol) is a FC-SP compliant authentication protocol that can be used for switch-to-switch, host-to-switch and host-to-host authentication. DHCHAP is of the applications for AAA. DH-CHAP is basically combination of bi-directional CHAP authentication ([4]) with Diffie-Hellman exchange. iSCSI (Small Computer Systems Interface over IP) is an SCSI transport protocol for mapping of block-oriented storage data over TCP/IP networks. The 'default' application type indicates the default configurations which can be used by all the applications, unless overridden by specific application types." REFERENCE " - Fibre Channel Security Protocols (FC-SP) REV. 1.0, T11 FC-SP Working Document T11/03-149v0.pdf - Challenge Handshake Authentication Protocol (CHAP) RFC 1994 - iSCSI Internet Draft ." ::= { cAAASvrExtAppSvrGrpConfigEntry 1 } cAAAApplicationSubType OBJECT-TYPE SYNTAX INTEGER { all (1), console(2) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Application Sub-Type. This is very specific to the application attached and indicates the sub-application. For 'login' application: - If the 'cAAAApplicationSubType' is 'all', the configuration appearing in the corresponding row is used by all the 'login' applications. - If the 'cAAAApplicationSubType' is 'console', console login uses this configuration instead of the 'all'. For the 'dhchap' application, the only allowed 'cAAAApplicationSubType' is 'all'. This means, the configuration appearing in the corresponding row is used by all the 'dhchap' applications. For the 'iSCSI' application, the only allowed 'cAAAApplicationSubType' is 'all'. This means, the configuration appearing in the corresponding row is used by all the iSCSI applications. For the 'default' application, - the allowed 'cAAAApplicationSubType' values are 'all' and 'console', when 'cAAAFunction' is 'authorization' - the allowed 'cAAAApplicationSubType' value is 'all', when 'cAAAFunction' is 'accounting' ." ::= { cAAASvrExtAppSvrGrpConfigEntry 2 } cAAAFunction OBJECT-TYPE SYNTAX INTEGER { authentication (1), authorization (2), accounting (3) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "The AAA function to which this application configuration row corresponds to." ::= { cAAASvrExtAppSvrGrpConfigEntry 3 } cAAASvrGrpLocal OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value 'true(1)' indicates 'Local' AAA is allowed. The value 'false(2)' indicates 'Local' AAA is not allowed. 'Local' AAA is used only after trying all the Server Groups in the 'cAAASvrGrpList'. The 'Local' AAA means all the AAA functions are performed using the local AAA Service provided in the Device. The value of this object can not be set to 'false' in the following conditions : - 'cAAAApplicationType' is 'default' and 'cAAAFuction' is 'authentication' or 'accounting' and - value of corresponding instance of 'cAAASvrGrpTrivial' is 'false' and no server groups configured in the value of the corresponding instance of 'cAAASvrGrpList' The value of this object can not be set to 'true' if the 'cAAAFuction' value is 'authorization'." ::= { cAAASvrExtAppSvrGrpConfigEntry 4 } cAAASvrGrpTrivial OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value 'true(1)' indicates 'Trivial' AAA is allowed. The value 'false(2)' indicates 'Trivial' AAA is not allowed. 'Trivial' AAA is used only after trying all the Server Groups in the 'cAAASvrGrpList' and 'Local' AAA (if configured). Trivial AAA corresponds to one of the following based on the value of corresponding instance of 'AAAFunction': - User name based authentication, if 'cAAAFunction' value is 'authentication' - No Authorization check, if 'cAAAFunction' value is 'authorization' - No accounting, if 'cAAAFunction' value is 'accounting' The value of this object can not be set to 'false' in the following conditions : - 'cAAAApplicationSubType' is 'all' and 'cAAAFuction' is 'authorization' and - value of corresponding instance of 'cAAASvrGrpLocal' is 'false' and no server groups configured in the value of the corresponding instance of 'cAAASvrGrpList' The value of this object can not be set to 'true' in the following conditions : - when 'cAAAApplicationType' is 'iSCSI' , 'cAAAApplicationSubType' is 'all' and 'cAAAFuction' is 'authentication' - when 'cAAAApplicationType' is 'dhchap' , 'cAAAApplicationSubType' is 'all' and 'cAAAFuction' is 'authentication' ." ::= { cAAASvrExtAppSvrGrpConfigEntry 5 } cAAASvrGrpList OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..256)) MAX-ACCESS read-write STATUS current DESCRIPTION "This represents ordered list of AAA Server Groups that are configured for this application to perform AAA functions. This object contains list of the AAA Server Groups as defined in the 'cAAASvrExtSvrGrpConfigTable'. The value of this object is a concatenation of zero or more 4-octet strings, where each 4-octet string represents a 32-bit 'cAAASvrGrpIndex' value of server group ('cAAASvrExtSvrGrpConfigTable') in network byte order. The order in which Server Groups occur within the value of this object determines the Server Group priority in the list. The maximum number of Server Groups that can be specified in this row is limited by 'cAAASvrExtAppToSvrGrpMaxEnt' value." ::= { cAAASvrExtAppSvrGrpConfigEntry 6 } -- -- Conformance -- ciscoAAASvrExtMIBCompliances OBJECT IDENTIFIER ::= { ciscoAAASvrExtMIBConformance 1 } ciscoAAASvrExtMIBGroups OBJECT IDENTIFIER ::= { ciscoAAASvrExtMIBConformance 2 } ciscoAAAServerMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for entities which implement the CISCO-AAA-SERVER-EXT-MIB." MODULE MANDATORY-GROUPS { cAAASvrExtGenericConfGroup, cAAASvrExtSvrTableConfGroup, cAAASvrExtProtoParamConfigGroup } GROUP cAAASvrExtSvrGroupConfGroup DESCRIPTION "This group is required only if the Server Group configuration is implemented by the agent." GROUP cAAASvrExtAppSvrGroupConfGroup DESCRIPTION "This group is required only if the Server Group and application-to-server group mapping configuration is implemented by the agent." ::= { ciscoAAASvrExtMIBCompliances 1 } -- -- Units of Conformance -- cAAASvrExtGenericConfGroup OBJECT-GROUP OBJECTS { cAAASvrExtLocalAccLogMaxSize } STATUS current DESCRIPTION "A collection of objects Generic configuration." ::= { ciscoAAASvrExtMIBGroups 1 } cAAASvrExtSvrTableConfGroup OBJECT-GROUP OBJECTS { cAAAServerAddrType, cAAAServerAddr, cAAAServerKeyEncrType, cAAAServerDeadTime, cAAAServerTimeOut, cAAAServerRetransmits } STATUS current DESCRIPTION "A collection of objects for AAA Server configuration." ::= { ciscoAAASvrExtMIBGroups 2 } cAAASvrExtProtoParamConfigGroup OBJECT-GROUP OBJECTS { cAAAServerProtoAuthKey, cAAAServerProtoKeyEncrType, cAAAServerProtoDeadTime, cAAAServerProtoTimeOut, cAAAServerProtoRetransmits, cAAAServerProtoSvrTableMaxEnt } STATUS current DESCRIPTION "A collection of objects for AAA per-protocol parameter configuration." ::= { ciscoAAASvrExtMIBGroups 3 } cAAASvrExtSvrGroupConfGroup OBJECT-GROUP OBJECTS { cAAASvrGrpName, cAAASvrGrpProtocol, cAAAServerList, cAAASvrGrpConfigRowStatus, cAAASvrExtSvrGrpSvrListMaxEnt } STATUS current DESCRIPTION "A collection of objects for AAA Server Group configuration." ::= { ciscoAAASvrExtMIBGroups 4 } cAAASvrExtAppSvrGroupConfGroup OBJECT-GROUP OBJECTS { cAAASvrGrpLocal, cAAASvrGrpTrivial, cAAASvrGrpList, cAAASvrExtAppToSvrGrpMaxEnt } STATUS current DESCRIPTION "A collection of objects for Application-to-Server Group mapping configuration." ::= { ciscoAAASvrExtMIBGroups 5 } END