CISCO-RADIUS-MIB device MIB details by Cisco
CISCO-RADIUS-MIB file content
The SNMP protocol is used to for conveying information and commands between agents and managing entities. SNMP uses the User Datagram Protocol (UDP) as the transport protocol for passing data between managers and agents. The reasons for using UDP for SNMP are, firstly it has low overheads in comparison to TCP, which uses a 3-way hand shake for connection. Secondly, in congested networks, SNMP over TCP is a bad idea because TCP in order to maintain reliability will flood the network with retransmissions.
Management information (MIB) is represented as a collection of managed objects. These objects together form a virtual information base called MIB. An agent may implement many MIBs, but all agents must implement a particular MIB called MIB-II [16]. This standard defines variables for things such as interface statistics (interface speeds, MTU, octets sent, octets received, etc.) as well as various other things pertaining to the system itself (system location, system contact, etc.). The main goal of MIB-II is to provide general TCP/IP management information.
Use ActiveXperts Network Monitor 2024 to import vendor-specific MIB files, inclusing CISCO-RADIUS-MIB.
| Vendor: | Cisco |
|---|---|
| Mib: | CISCO-RADIUS-MIB [download] [view objects] |
| Tool: | ActiveXperts Network Monitor 2024 [download] (ships with advanced SNMP/MIB tools) |
-- ********************************************************************* -- CISCO-RADIUS-MIB.my: Radius Configuration Mib -- -- October 2002, Vinay Gaonkar -- March 2004, Binh Le -- -- Copyright (c) 2002, 2003, 2004 by cisco Systems, Inc. -- All rights reserved. -- -- ********************************************************************* CISCO-RADIUS-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32 FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF RowStatus, TEXTUAL-CONVENTION, TruthValue FROM SNMPv2-TC InetAddressType, InetAddress FROM INET-ADDRESS-MIB SnmpAdminString FROM SNMP-FRAMEWORK-MIB ciscoMgmt FROM CISCO-SMI TimeIntervalMin, TimeIntervalSec, CiscoPort FROM CISCO-TC; ciscoRadiusMIB MODULE-IDENTITY LAST-UPDATED "200403030000Z" ORGANIZATION "Cisco Systems Inc. " CONTACT-INFO " Cisco Systems Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553 -NETS E-mail: cs-san@cisco.com" DESCRIPTION "MIB module for monitoring and configuring authentication and logging services using RADIUS (Remote Authentication Dial In User Service) related objects. The RADIUS (RFC2865) framework consists of clients and servers. A client is responsible for passing user information to designated RADIUS servers, and then acting on the response which is returned. RADIUS server is responsible for receiving user connection requests, authenticating the user, and then returning all configuration information necessary for the client to deliver service to the user. This MIB module also contains objects for enabling/disabling telnet and SSH (Secure Shell) authentication. Secure Shell is program which is used to log into another machine over a secured session." REVISION "200403030000Z" DESCRIPTION "Added support of crRadiusFramedIpAddrIncluded, crRadiusVlanAssignmentEnabled, crVlanGroupTable. Added http(2) bit to crRadiusLoginAuthentication." REVISION "200211090000Z" DESCRIPTION "Removed the TC CiscoRadiusAuthKeyType. Added new TC CiscoRadiusAuthKey. Removed the objects crRadiusAuthKeyType and crRadiusServerKeyType. Changed the SYNTAX of objects crRadiusAuthKey and crRadiusServerKey." REVISION "200210080000Z" DESCRIPTION "Initial version of this MIB module." ::= { ciscoMgmt 288 } ciscoRadiusMIBObjects OBJECT IDENTIFIER ::= { ciscoRadiusMIB 1 } ciscoRadiusMIBConformance OBJECT IDENTIFIER ::= { ciscoRadiusMIB 2 } crRadiusGenericConfig OBJECT IDENTIFIER ::= { ciscoRadiusMIBObjects 1 } crRadiusServerConfig OBJECT IDENTIFIER ::= { ciscoRadiusMIBObjects 2 } crRadiusAttributesConfig OBJECT IDENTIFIER ::= { ciscoRadiusMIBObjects 3 } crRadiusVlanConfigGroup OBJECT IDENTIFIER ::= { ciscoRadiusMIBObjects 4 } -- Textual Conventions CiscoRadiusAuthKey ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The authentication key of a radius server. The first octet of this object contains the the type of key. The octets following the first octet contain the key. If the value of the first object is ascii value 'p', then the key is in plain text. If the value of first object is ascii value 'e', the key is encrypted. Note that this object has same format as TC DisplayString." SYNTAX OCTET STRING (SIZE (0..65)) -- -- the RADIUS Configuration group -- crRadiusLoginAuthentication OBJECT-TYPE SYNTAX BITS { telnet (0), console (1), http (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The login authentication using RADIUS feature is enabled for telnet/SSH sessions if the 'telnet (0) ' bit is set, and disabled if this bit is reset. The login authentication using RADIUS feature is enabled for console sessions if the 'console (1) ' bit is set, and disabled if this bit is reset. The login authentication using RADIUS feature is enabled for remote web sessions if the 'http (2) ' bit is set, and disabled if this bit is reset." DEFVAL { {} } ::= { crRadiusGenericConfig 1 } crRadiusDeadtime OBJECT-TYPE SYNTAX TimeIntervalMin (0..1440) UNITS "minutes" MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates the length of time in minutes that the system will mark the server dead when a RADIUS server does not respond to an authentication request. During the interval of the dead time, any authentication request that comes up would not be sent to that RADIUS server that was marked as dead. The default value of 0 means that the RADIUS servers will not be marked dead if they do not respond." DEFVAL { 0 } ::= { crRadiusGenericConfig 2 } crRadiusAuthKey OBJECT-TYPE SYNTAX CiscoRadiusAuthKey MAX-ACCESS read-write STATUS current DESCRIPTION "The key used in encrypting the packets passed between the RADIUS server and the client. This key must match the one configured on the server. A zero-length string is always returned when this object is read." ::= { crRadiusGenericConfig 3 } crRadiusTimeout OBJECT-TYPE SYNTAX TimeIntervalSec (1..1000) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "This is the time in seconds between retransmissions to the RADIUS server." DEFVAL { 1 } ::= { crRadiusGenericConfig 4 } crRadiusRetransmits OBJECT-TYPE SYNTAX Unsigned32 (0..100) UNITS "retransmits" MAX-ACCESS read-write STATUS current DESCRIPTION "The additional number of times the RADIUS server should be tried by the RADIUS client before giving up on the server." DEFVAL { 1 } ::= { crRadiusGenericConfig 5 } crRadiusAccountingLogMaxSize OBJECT-TYPE SYNTAX Unsigned32 (0..30000) UNITS "bytes" MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum size of the accounting log file in bytes. The log file is stored on local persistent storage at the device. If the size is set to a smaller value than the existing one, then smaller log will be available for view by the user." DEFVAL { 30000 } ::= { crRadiusGenericConfig 6 } crRadiusAccountingMethod OBJECT-TYPE SYNTAX BITS { radius(0), local(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "The accounting method on the device. If bit 0 is set, the accounting method is RADIUS. If bit 1 is set, then the accounting method is local. It is possible for the user to set both the bits so that both the RADIUS as well as local accounting methods are used. It is also possible to set none of the methods; in this case the switch will not do any accounting." ::= { crRadiusGenericConfig 7 } crRadiusFramedIpAddrIncluded OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies if Access-Request packets will include Framed-IP-Address attributes." ::= { crRadiusAttributesConfig 1 } crRadiusServerTableMaxEntries OBJECT-TYPE SYNTAX Unsigned32 (0..65536) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of entries that the agent supports in the crRadiusServerTable." ::= { crRadiusServerConfig 1 } -- -- crRadiusServerTable -- crRadiusServerTable OBJECT-TYPE SYNTAX SEQUENCE OF CrRadiusServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists RADIUS servers." ::= { crRadiusServerConfig 2 } crRadiusServerEntry OBJECT-TYPE SYNTAX CrRadiusServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A RADIUS server table entry. Users can add/delete entries in this table using object 'crRadiusServerRowStatus'. An entry cannot be created until following objects are instantiated : - crRadiusServerAddrType - crRadiusServerAddr Also, following objects cannot be modified when 'crRadiusServerRowStatus' is 'active' : - crRadiusServerAddrType - crRadiusServerAddr To modify above objects, the entry must be deleted and re-created with new values of above objects. If 'crRadiusServerKey' is not instantiated or is a zero-length string, then value of the object 'crRadiusAuthkey' is used as the key to communicate with the corresponding RADIUS server." INDEX { crRadiusServerIndex} ::= { crRadiusServerTable 1 } CrRadiusServerEntry ::= SEQUENCE { crRadiusServerIndex Unsigned32, crRadiusServerAddrType InetAddressType, crRadiusServerAddr InetAddress, crRadiusServerAuthPort CiscoPort, crRadiusServerAcctPort CiscoPort, crRadiusServerKey CiscoRadiusAuthKey, crRadiusServerType INTEGER, crRadiusServerMode INTEGER, crRadiusServerRowStatus RowStatus } crRadiusServerIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary integer value, greater than zero, and less than and equal to crRadiusServerTableMaxEntries, which identifies a RADIUS Server in this table. The value of this object must be persistent across reboots/reinitialization of the device." ::= { crRadiusServerEntry 1 } crRadiusServerAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of address of the RADIUS Server as specified by object 'crRadiusServerAddr'." DEFVAL { ipv4 } ::= { crRadiusServerEntry 2 } crRadiusServerAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The address of the RADIUS Server." ::= { crRadiusServerEntry 3 } crRadiusServerAuthPort OBJECT-TYPE SYNTAX CiscoPort MAX-ACCESS read-create STATUS current DESCRIPTION "This is the destination UDP port number to which RADIUS authentication messages should be sent. The RADIUS server will not be used for authentication if this port number is 0." DEFVAL { 1812 } ::= { crRadiusServerEntry 4 } crRadiusServerAcctPort OBJECT-TYPE SYNTAX CiscoPort MAX-ACCESS read-create STATUS current DESCRIPTION "This is the destination UDP port number to which RADIUS accounting messages should be sent." DEFVAL { 1813 } ::= { crRadiusServerEntry 5 } crRadiusServerKey OBJECT-TYPE SYNTAX CiscoRadiusAuthKey MAX-ACCESS read-create STATUS current DESCRIPTION "The key used in encrypting the packets passed between the RADIUS server and the client. This key must match the one configured on the server. A zero-length string is always returned when this object is read. Note that if this object is a zero length string, then 'crRadiusAuthKey' is used as the key for this server." DEFVAL { ''H } ::= { crRadiusServerEntry 6 } crRadiusServerType OBJECT-TYPE SYNTAX INTEGER { other (1), primary (2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Type of the RADIUS server. other (1), - a lower priority server primary (2) - the primary server which is tried first by the RADIUS client. " DEFVAL { other } ::= { crRadiusServerEntry 7 } crRadiusServerMode OBJECT-TYPE SYNTAX INTEGER { none (1), authAndAcct (2), authOnly (3), acctOnly (4) } MAX-ACCESS read-create STATUS current DESCRIPTION "Mode of the RADIUS server. none (1) - neither authentication nor accounting authAndAcct (2) - both authentication and accounting authOnly (3) - only for authentication acctOnly (4) - only for accounting. " DEFVAL {authAndAcct} ::= { crRadiusServerEntry 8 } crRadiusServerRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Status of this row." ::= { crRadiusServerEntry 9 } crRadiusVlanAssignmentEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies if VLANs will be assigned by RADIUS server via the tunnel attribute during the authentication." ::= { crRadiusVlanConfigGroup 1 } crVlanGroupTable OBJECT-TYPE SYNTAX SEQUENCE OF CrVlanGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing VLAN Group Mapping information for the purpose of distributing users across multiple VLANs which have the same group name." ::= { crRadiusVlanConfigGroup 2 } crVlanGroupEntry OBJECT-TYPE SYNTAX CrVlanGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing an VLAN Group Mapping information applicable to a particular VLAN. Entries in this table can be created or deleted using cpaeVlanGroupRowStatus object." INDEX { crVlanGroupName } ::= { crVlanGroupTable 1 } CrVlanGroupEntry ::= SEQUENCE { crVlanGroupName SnmpAdminString, crVlanGroupVlansLow OCTET STRING, crVlanGroupVlansHigh OCTET STRING, crVlanGroupRowStatus RowStatus } crVlanGroupName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS not-accessible STATUS current DESCRIPTION "Specifies the name of the VLAN group." ::= { crVlanGroupEntry 1 } crVlanGroupVlansLow OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..256)) MAX-ACCESS read-create STATUS current DESCRIPTION "A string of octets containing one bit per VLAN for VLANs with VlanIndex value of 0 to 2047. Each octet within this value specifies a set of eight VLANs, with the first octet specifying VLANs 0 through 7, the second octet specifying VLANs 8 through 15, etc. Within each octet, the most significant bit represents the lowest numbered VLAN, and the least significant bit represents the highest numbered VLAN. Thus, each VLAN of the device is represented by a single bit within the value of this object. If that bit has a value of '1' then that VLAN is included in the group; the VLAN is not mapped to the group if its bit has a value of '0'." ::= { crVlanGroupEntry 2 } crVlanGroupVlansHigh OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..256)) MAX-ACCESS read-create STATUS current DESCRIPTION "A string of octets containing one bit per VLAN for VLANs with VlanIndex value of 2048 to 4095. Each octet within this value specifies a set of eight VLANs, with the first octet specifying VLANs 2048 through 2055, the second octet specifying VLANs 2056 through 2063, etc. Within each octet, the most significant bit represents the lowest numbered VLAN, and the least significant bit represents the highest numbered VLAN. Thus, each VLAN of the device is represented by a single bit within the value of this object. If that bit has a value of '1' then that VLAN is included in the group; the VLAN is not mapped to the group if its bit has a value of '0'." ::= { crVlanGroupEntry 3 } crVlanGroupRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to manage the creation and deletion of rows in this table. The only way to create an entry is by setting the value createAndGo(4), and the only way to delete an entry is by setting the value destroy(6) to this object." ::= { crVlanGroupEntry 4 } -- -- Conformance -- ciscoRadiusMIBCompliances OBJECT IDENTIFIER ::= { ciscoRadiusMIBConformance 1 } ciscoRadiusMIBGroups OBJECT IDENTIFIER ::= { ciscoRadiusMIBConformance 2 } ciscoRadiusMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for entities which implement the CISCO-RADIUS-MIB." MODULE MANDATORY-GROUPS { crmConfigurationGroup} OBJECT crRadiusTimeout SYNTAX TimeIntervalSec (1..60) DESCRIPTION "Only the range 1-60 needs to be supported." OBJECT crRadiusRetransmits SYNTAX Unsigned32 (0..5) DESCRIPTION "Only the range 0-5 needs to be supported." OBJECT crRadiusServerAddrType SYNTAX INTEGER { ipv4 (1), dns (16) } DESCRIPTION "Only dns and ipv4 addresses are needed to be supported." OBJECT crRadiusServerRowStatus SYNTAX INTEGER { active (1), createAndGo (4), destroy (6) } DESCRIPTION "Only 'active', 'createAndGo' and 'destroy' are needed to be supported." OBJECT crRadiusDeadtime MIN-ACCESS read-only DESCRIPTION "Only read-only access is needed to be implemented." ::= { ciscoRadiusMIBCompliances 1 } -- Units of Conformance crmConfigurationGroup OBJECT-GROUP OBJECTS { crRadiusLoginAuthentication, crRadiusAuthKey, crRadiusTimeout, crRadiusRetransmits, crRadiusDeadtime, crRadiusAccountingLogMaxSize, crRadiusAccountingMethod, crRadiusServerTableMaxEntries, crRadiusServerAddrType, crRadiusServerAddr, crRadiusServerAuthPort, crRadiusServerAcctPort, crRadiusServerKey, crRadiusServerType, crRadiusServerMode, crRadiusServerRowStatus } STATUS current DESCRIPTION "A collection of objects for RADIUS configuration." ::= { ciscoRadiusMIBGroups 1 } crmAttributesGroup OBJECT-GROUP OBJECTS { crRadiusFramedIpAddrIncluded } STATUS current DESCRIPTION "A collection of objects for RADIUS attributes configuration." ::= { ciscoRadiusMIBGroups 2 } crmVlanConfigGroup OBJECT-GROUP OBJECTS { crRadiusVlanAssignmentEnabled, crVlanGroupVlansLow, crVlanGroupVlansHigh, crVlanGroupRowStatus } STATUS current DESCRIPTION "A collection of objects for RADIUS Vlans assignment configuration." ::= { ciscoRadiusMIBGroups 3 } END