The MIB module for monitoring communications and status of AAA Server operation
Version: 2003-11-17
module CISCO-AAA-SERVER-MIB { yang-version 1; namespace "urn:ietf:params:xml:ns:yang:smiv2:CISCO-AAA-SERVER-MIB"; prefix CISCO-AAA-SERVER-MIB; import SNMPv2-TC { prefix snmpv2-tc; } import ietf-inet-types { prefix inet; } import ietf-yang-smiv2 { prefix smiv2; } import ietf-yang-types { prefix yang; } organization "Cisco Systems, Inc."; contact " Cisco Systems Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: cs-aaa@cisco.com"; description "The MIB module for monitoring communications and status of AAA Server operation"; revision "2003-11-17" { description "Expanded the list of AAA protocols to include LDAP, Kerberos, NTLM and SDI; defined textual convention CiscoAAAProtocol to denote the type of AAA protocols."; } revision "2002-03-28" { description "Imported Unsigned32 from SNMPv2-SMI instead of CISCO-TC"; } revision "2000-01-20" { description "Added objects to support AAA server configuration casConfigTable casProtocol casIndex casAddress casAuthenPort casAcctPort casConfigRowStatus"; } smiv2:alias "casStatisticsTable" { description " Table providing statistics for each server."; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1"; } smiv2:alias "casStatisticsEntry" { description "Statistical information about a particular server. Objects in this table are read-only and appear automatically whenever a row in the casConfigTable is made active. Objects in this table disappear when casConfigRowStatus for the corresponding casConfigEntry is set to the destroy(6) state."; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1"; } smiv2:alias "ciscoAAAServerMIB" { smiv2:oid "1.3.6.1.4.1.9.10.56"; } smiv2:alias "cAAAServerMIBObjects" { smiv2:oid "1.3.6.1.4.1.9.10.56.1"; } smiv2:alias "casConfig" { smiv2:oid "1.3.6.1.4.1.9.10.56.1.1"; } smiv2:alias "casStatistics" { smiv2:oid "1.3.6.1.4.1.9.10.56.1.2"; } smiv2:alias "cAAAServerMIBNotificationPrefix" { smiv2:oid "1.3.6.1.4.1.9.10.56.2"; } smiv2:alias "cAAAServerMIBNotifications" { smiv2:oid "1.3.6.1.4.1.9.10.56.2.0"; } smiv2:alias "cAAAServerMIBConformance" { smiv2:oid "1.3.6.1.4.1.9.10.56.3"; } smiv2:alias "casMIBCompliances" { smiv2:oid "1.3.6.1.4.1.9.10.56.3.1"; } smiv2:alias "casMIBGroups" { smiv2:oid "1.3.6.1.4.1.9.10.56.3.2"; } typedef CiscoAAAProtocol { type enumeration { enum "tacacsplus" { value 1; } enum "radius" { value 2; } enum "ldap" { value 3; } enum "kerberos" { value 4; } enum "ntlm" { value 5; } enum "sdi" { value 6; } enum "other" { value 7; } } description "Protocol used with this server. tacacsplus(1) - TACACS+ radius(2) - RADIUS ldap(3) - Light Weight Directory Protocol kerberos(4) - Kerberos ntlm(5) - Authentication/Authorization using NT Domain sdi(6) - Authentication/Authorization using Secure ID other(7) - Other protocols"; reference " RFC 2138 Remote Authentication Dial In User Service (RADIUS) RFC 2139 RADIUS Accounting The TACACS+ Protocol Version 1.78, Internet Draft"; } container CISCO-AAA-SERVER-MIB { config false; container casConfig { smiv2:oid "1.3.6.1.4.1.9.10.56.1.1"; leaf casServerStateChangeEnable { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.1.1"; type boolean; description "This variable controls the generation of casServerStateChange notification. When this variable is true(1), generation of casServerStateChange notifications is enabled. When this variable is false(2), generation of casServerStateChange notifications is disabled. The default value is false(2)."; } } // container casConfig container casConfigTable { smiv2:oid "1.3.6.1.4.1.9.10.56.1.1.2"; description "This table shows current configurations for each AAA server, allows existing servers to be removed and new ones to be created."; list casConfigEntry { smiv2:oid "1.3.6.1.4.1.9.10.56.1.1.2.1"; key "casProtocol casIndex"; description "An AAA server configuration identified by its protocol and its index. An entry is created/removed when a server is defined or undefined with IOS configuration commands via CLI or by issuing appropriate sets to this table using snmp. A management station wishing to create an entry should first generate a random number to be used as the index to this sparse table. The station should then create the associated instance of the row status and row index objects. It must also, either in the same or in successive PDUs, create an instance of casAddress where casAddress is the IP address of the server to be added. It should also modify the default values for casAuthenPort, casAcctPort if the defaults are not appropriate. If casKey is a zero-length string or is not explicitly set, then the global key will be used. Otherwise, this value is used as the key for this server instance. Once the appropriate instance of all the configuration objects have been created, either by an explicit SNMP set request or by default, the row status should be set to active(1) to initiate the request. After the AAA server is made active, the entry can not be modified - the only allowed operation after this is to destroy the entry by setting casConfigRowStatus to destroy(6). casPriority is automatically assigned once the entry is made active and reflects the relative priority of the defined server with respect to already configured servers. Newly-created servers will be assigned the lowest priority. To reassign server priorities to existing server entries, it may be necessary to destroy and recreate entries in order of priority. Entries in this table with casConfigRowStatus equal to active(1) remain in the table until destroyed. Entries in this table with casConfigRowStatus equal to values other than active(1) will be destroyed after timeout (5 minutes). If a server address being created via SNMP exists already in another active casConfigEntry, then a newly created row can not be made active until the original row with the with the same server address value is destroyed. Upon reload, casIndex values may be changed, but the priorities that were saved before reload will be retained, with lowest priority number corresponding to the higher priority servers."; leaf casProtocol { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.1.2.1.1"; type CiscoAAAProtocol; description "The variable denotes the protocol used by the managed device with the AAA server corresponding to this entry in the table."; } leaf casIndex { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.1.2.1.2"; type uint32 { range "1..4294967295"; } description "A management station wishing to initiate a new AAA server configuration should use a random value for this object when creating an instance of casConfigEntry. The RowStatus semantics of the casConfigRowStatus object will prevent access conflicts. If the randomly chosen casIndex value for row creation is already in use by an existing entry, snmp set to the casIndex value will fail."; } leaf casAddress { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.1.2.1.3"; type inet:ipv4-address; description "The IP address of the server."; } leaf casAuthenPort { smiv2:defval "1645"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.1.2.1.4"; type int32 { range "0..65535"; } description "UDP/TCP port used for authentication in the configuration For TACACS+, this object should be explictly set. Default value is the IOS default for radius: 1645."; } leaf casAcctPort { smiv2:defval "1646"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.1.2.1.5"; type int32 { range "0..65535"; } description "UDP/TCP port used for accounting service in the configuration For TACACS+, the value of casAcctPort is ignored. casAuthenPort will be used instead. Default value is the IOS default for radius: 1646."; } leaf casKey { smiv2:defval ""; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.1.2.1.6"; type snmpv2-tc:DisplayString; description "The server key to be used with this server. Retrieving the value of this object via SNMP will return an empty string for security reasons."; } leaf casPriority { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.1.2.1.7"; type uint32 { range "1..4294967295"; } description "A number that indicates the priority of the server in this entry. Lower numbers indicate higher priority."; } leaf casConfigRowStatus { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.1.2.1.8"; type snmpv2-tc:RowStatus; description "The status of this table entry. Once the entry status is set to active, the associated entry cannot be modified except destroyed by setting this object to destroy(6)."; } } // list casConfigEntry } // container casConfigTable } // container CISCO-AAA-SERVER-MIB augment /CISCO-AAA-SERVER-MIB:CISCO-AAA-SERVER-MIB/CISCO-AAA-SERVER-MIB:casConfigTable/CISCO-AAA-SERVER-MIB:casConfigEntry { smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1"; description "Statistical information about a particular server. Objects in this table are read-only and appear automatically whenever a row in the casConfigTable is made active. Objects in this table disappear when casConfigRowStatus for the corresponding casConfigEntry is set to the destroy(6) state."; leaf casAuthenRequests { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.1"; type yang:counter32; description "The number of authentication requests sent to this server since it is made active. Retransmissions due to request timeouts are counted as distinct requests."; } leaf casAuthenRequestTimeouts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.2"; type yang:counter32; description "The number of authentication requests which have timed out since it is made active. A timeout results in a retransmission of the request If the maximum number of attempts has been reached, no further retransmissions will be attempted."; } leaf casAuthenUnexpectedResponses { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.3"; type yang:counter32; description "The number of unexpected authentication responses received from this server since it is made active. An example is a delayed response to a request which had already timed out."; } leaf casAuthenServerErrorResponses { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.4"; type yang:counter32; description "The number of server ERROR authentication responses received from this server since it is made active. These are responses indicating that the server itself has identified an error with its authentication operation."; } leaf casAuthenIncorrectResponses { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.5"; type yang:counter32; description "The number of authentication responses which could not be processed since it is made active. Reasons include inability to decrypt the response, invalid fields, or the response is not valid based on the request."; } leaf casAuthenResponseTime { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.6"; type snmpv2-tc:TimeInterval; description "Average response time for authentication requests sent to this server, excluding timeouts, since system re-initialization."; } leaf casAuthenTransactionSuccesses { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.7"; type yang:counter32; description "The number of authentication transactions with this server which succeeded since it is made active. A transaction may include multiple request retransmissions if timeouts occur. A transaction is successful if the server responds with either an authentication pass or fail."; } leaf casAuthenTransactionFailures { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.8"; type yang:counter32; description "The number of authentication transactions with this server which failed since it is made active. A transaction may include multiple request retransmissions if timeouts occur. A transaction failure occurs if maximum resends have been met or the server aborts the transaction."; } leaf casAuthorRequests { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.9"; type yang:counter32; description "The number of authorization requests sent to this server since it is made active. Retransmissions due to request timeouts are counted as distinct requests. This object is not instantiated for protocols which do not support a distinct authorization function."; } leaf casAuthorRequestTimeouts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.10"; type yang:counter32; description "The number of authorization requests which have timed out since it is made active. A timeout results in a retransmission of the request If the maximum number of attempts has been reached, no further retransmissions will be attempted. This object is not instantiated for protocols which do not support a distinct authorization function."; } leaf casAuthorUnexpectedResponses { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.11"; type yang:counter32; description "The number of unexpected authorization responses received from this server since it is made active. An example is a delayed response to a request which had already timed out. This object is not instantiated for protocols which do not support a distinct authorization function."; } leaf casAuthorServerErrorResponses { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.12"; type yang:counter32; description "The number of server ERROR authorization responses received from this server since it is made active. These are responses indicating that the server itself has identified an error with its authorization operation. This object is not instantiated for protocols which do not support a distinct authorization function."; } leaf casAuthorIncorrectResponses { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.13"; type yang:counter32; description "The number of authorization responses which could not be processed since it is made active. Reasons include inability to decrypt the response, invalid fields, or the response is not valid based on the request. This object is not instantiated for protocols which do not support a distinct authorization function."; } leaf casAuthorResponseTime { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.14"; type snmpv2-tc:TimeInterval; description "Average response time for authorization requests sent to this server, excluding timeouts, since system re-initialization. This object is not instantiated for protocols which do not support a distinct authorization function."; } leaf casAuthorTransactionSuccesses { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.15"; type yang:counter32; description "The number of authorization transactions with this server which succeeded since it is made active. A transaction may include multiple request retransmissions if timeouts occur. A transaction is successful if the server responds with either an authorization pass or fail. This object is not instantiated for protocols which do not support a distinct authorization function."; } leaf casAuthorTransactionFailures { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.16"; type yang:counter32; description "The number of authorization transactions with this server which failed since it is made active. A transaction may include multiple request retransmissions if timeouts occur. A transaction failure occurs if maximum resends have been met or the server aborts the transaction. This object is not instantiated for protocols which do not support a distinct authorization function."; } leaf casAcctRequests { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.17"; type yang:counter32; description "The number of accounting requests sent to this server since system re-initialization. Retransmissions due to request timeouts are counted as distinct requests."; } leaf casAcctRequestTimeouts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.18"; type yang:counter32; description "The number of accounting requests which have timed out since system re-initialization. A timeout results in a retransmission of the request If the maximum number of attempts has been reached, no further retransmissions will be attempted."; } leaf casAcctUnexpectedResponses { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.19"; type yang:counter32; description "The number of unexpected accounting responses received from this server since system re-initialization. An example is a delayed response to a request which had already timed out."; } leaf casAcctServerErrorResponses { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.20"; type yang:counter32; description "The number of server ERROR accounting responses received from this server since system re-initialization. These are responses indicating that the server itself has identified an error with its accounting operation."; } leaf casAcctIncorrectResponses { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.21"; type yang:counter32; description "The number of accounting responses which could not be processed since system re-initialization. Reasons include inability to decrypt the response, invalid fields, or the response is not valid based on the request."; } leaf casAcctResponseTime { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.22"; type snmpv2-tc:TimeInterval; description "Average response time for accounting requests sent to this server,, since system re-initialization excluding timeouts."; } leaf casAcctTransactionSuccesses { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.23"; type yang:counter32; description "The number of accounting transactions with this server which succeeded since system re-initialization. A transaction may include multiple request retransmissions if timeouts occur. A transaction is successful if the server responds with either an accounting pass or fail."; } leaf casAcctTransactionFailures { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.24"; type yang:counter32; description "The number of accounting transactions with this server which failed since system re-initialization. A transaction may include multiple request retransmissions if timeouts occur. A transaction failure occurs if maximum resends have been met or the server aborts the transaction."; } leaf casState { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.25"; type enumeration { enum "up" { value 1; } enum "dead" { value 2; } } description "Current state of this server. up(1) - Server responding to requests dead(2) - Server failed to respond A server is marked dead if it does not respond after maximum retransmissions. A server is marked up again either after a waiting period or if some response is received from it. The initial value of casState is 'up(1)' at system re-initialization. This will only transistion to 'dead(2)' if an attempt to communicate fails."; } leaf casCurrentStateDuration { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.26"; type snmpv2-tc:TimeInterval; description "This object provides the elapsed time the server has been in its current state as shown in casState."; } leaf casPreviousStateDuration { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.27"; type snmpv2-tc:TimeInterval; description "This object provides the elapsed time the server was been in its previous state prior to the most recent transistion of casState. This value is zero if the server has not changed state."; } leaf casTotalDeadTime { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.28"; type snmpv2-tc:TimeInterval; description "The total elapsed time this server's casState has had the value 'dead(2)' since system re-initialization."; } leaf casDeadCount { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.56.1.2.1.1.29"; type yang:counter32; description "The number of times this server's casState has transitioned to 'dead(2)' since system re-initialization."; } } notification casServerStateChange { smiv2:oid "1.3.6.1.4.1.9.10.56.2.0.1"; description "An AAA server state change notification is generated whenever casState changes value."; container object-1 { leaf casProtocol { type leafref { path "/CISCO-AAA-SERVER-MIB:CISCO-AAA-SERVER-MIB/CISCO-AAA-SERVER-MIB:casConfigTable/CISCO-AAA-SERVER-MIB:casConfigEntry/CISCO-AAA-SERVER-MIB:casProtocol"; } } leaf casIndex { type leafref { path "/CISCO-AAA-SERVER-MIB:CISCO-AAA-SERVER-MIB/CISCO-AAA-SERVER-MIB:casConfigTable/CISCO-AAA-SERVER-MIB:casConfigEntry/CISCO-AAA-SERVER-MIB:casIndex"; } } leaf casState { type leafref { path "/CISCO-AAA-SERVER-MIB:CISCO-AAA-SERVER-MIB/CISCO-AAA-SERVER-MIB:casConfigTable/CISCO-AAA-SERVER-MIB:casConfigEntry/CISCO-AAA-SERVER-MIB:casState"; } } } // container object-1 container object-2 { leaf casProtocol { type leafref { path "/CISCO-AAA-SERVER-MIB:CISCO-AAA-SERVER-MIB/CISCO-AAA-SERVER-MIB:casConfigTable/CISCO-AAA-SERVER-MIB:casConfigEntry/CISCO-AAA-SERVER-MIB:casProtocol"; } } leaf casIndex { type leafref { path "/CISCO-AAA-SERVER-MIB:CISCO-AAA-SERVER-MIB/CISCO-AAA-SERVER-MIB:casConfigTable/CISCO-AAA-SERVER-MIB:casConfigEntry/CISCO-AAA-SERVER-MIB:casIndex"; } } leaf casPreviousStateDuration { type leafref { path "/CISCO-AAA-SERVER-MIB:CISCO-AAA-SERVER-MIB/CISCO-AAA-SERVER-MIB:casConfigTable/CISCO-AAA-SERVER-MIB:casConfigEntry/CISCO-AAA-SERVER-MIB:casPreviousStateDuration"; } } } // container object-2 container object-3 { leaf casProtocol { type leafref { path "/CISCO-AAA-SERVER-MIB:CISCO-AAA-SERVER-MIB/CISCO-AAA-SERVER-MIB:casConfigTable/CISCO-AAA-SERVER-MIB:casConfigEntry/CISCO-AAA-SERVER-MIB:casProtocol"; } } leaf casIndex { type leafref { path "/CISCO-AAA-SERVER-MIB:CISCO-AAA-SERVER-MIB/CISCO-AAA-SERVER-MIB:casConfigTable/CISCO-AAA-SERVER-MIB:casConfigEntry/CISCO-AAA-SERVER-MIB:casIndex"; } } leaf casTotalDeadTime { type leafref { path "/CISCO-AAA-SERVER-MIB:CISCO-AAA-SERVER-MIB/CISCO-AAA-SERVER-MIB:casConfigTable/CISCO-AAA-SERVER-MIB:casConfigEntry/CISCO-AAA-SERVER-MIB:casTotalDeadTime"; } } } // container object-3 } // notification casServerStateChange } // module CISCO-AAA-SERVER-MIB
© 2023 YumaWorks, Inc. All rights reserved.