RC-TACACS-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Integer32 FROM SNMPv2-SMI TEXTUAL-CONVENTION, RowStatus, TruthValue FROM SNMPv2-TC InetAddressType, InetAddress, InetPortNumber FROM INET-ADDRESS-MIB rcTacacs FROM RAPID-CITY; rcTacacsMib MODULE-IDENTITY LAST-UPDATED "200804070000Z" ORGANIZATION "Bay Networks, Rapid-City Group" CONTACT-INFO "Yu-Ten Lee Postal: Nortel Networks, Inc. 4655 Great America Parkway Santa Clara, CA 95052-8185 Tel: 408-495-2560 Fax: 408-495-6680 E-mail: ylee@nortelnetworks.com" DESCRIPTION "Enterprise MIB for TACACS" REVISION "200804070000Z" -- 7 Apr 2008 DESCRIPTION "Version 12: Added rcTacacsNncliCommandAuthorizationEnabled and rcTacacsNncliCommandAuthorizationLevels." REVISION "200804020000Z" -- 02 Apr 2008 DESCRIPTION "Version 11: Change syntax of rcTacacsAccounting and rcTacacsAuthentication to BITS." REVISION "200712260000Z" -- 26 Dec 2007 DESCRIPTION "Version 10: Added rcTacacsAccounting and rcTacacsAuthentication nodes" REVISION "200608220000Z" -- 22 Aug 2006 DESCRIPTION "Version 9: Changed the description for rcTacacsServerPortNumber" REVISION "200511180000Z" -- 18 Nov 2005 DESCRIPTION "Version 8: Changed the description for rcTacacsServerPortNumber" REVISION "200509070000Z" -- 07 Sep 2005 DESCRIPTION "Version 7: Updated the desc for rcTacacsServerKey" REVISION "200506090000Z" -- 09 June 2005 DESCRIPTION "Version 6: Changed the default value for sourceIpInterfaceEnable" REVISION "200505240000Z" -- 24 May 2005 DESCRIPTION "Version 5: Updated rcTacacs numbering" REVISION "200505100000Z" -- 10 May 2005 DESCRIPTION "Version 4: Updated the range on rcTacacsServerTimeout" REVISION "200504200000Z" -- 20 April 2005 DESCRIPTION "Version 3: Updated rcTacacsGlobalLastUserName. Reversed rcTacacs and rcTacacsMib." REVISION "200504060000Z" -- 06 April 2005 DESCRIPTION "Version 2: Added IPv6 support. Eliminated textual-conventions. General cleanup." REVISION "200502160000Z" -- 16 February 2005 DESCRIPTION "Version 1: Initial version" ::= { rcTacacs 0 } -- -------------------------------------------------- -- rcTacacsGlobal Group -- -------------------------------------------------- rcTacacsGlobal OBJECT IDENTIFIER ::= { rcTacacs 1 } rcTacacsGlobalEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Enable/disable this feature." DEFVAL { false } ::= { rcTacacsGlobal 1 } rcTacacsGlobalLastUserName OBJECT-TYPE SYNTAX OCTET STRING (SIZE(1..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "The last user for which authentication was attempted using TACACS+." ::= { rcTacacsGlobal 2 } rcTacacsGlobalLastAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of address for the TACACS+ server that was most recently accessed" ::= { rcTacacsGlobal 3 } rcTacacsGlobalLastAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The address of the TACACS+ server that was most recently accessed" ::= { rcTacacsGlobal 4 } rcTacacsAccounting OBJECT-TYPE SYNTAX BITS { cli(0), ppp(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "Determines which application will be accounted by tacacs+." DEFVAL { { } } ::= { rcTacacsGlobal 5 } rcTacacsAuthentication OBJECT-TYPE SYNTAX BITS { cli(0), ppp(1), web(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Determines which application will be authenticated by tacacs+." DEFVAL { { cli } } ::= { rcTacacsGlobal 6 } rcTacacsNncliCommandAuthorizationEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object controls whether TACACS+ will be used for authorization of individual NNCLI commands." DEFVAL { false } ::= { rcTacacsGlobal 7 } rcTacacsNncliCommandAuthorizationLevels OBJECT-TYPE SYNTAX BITS { level0(0), level1(1), level2(2), level3(3), level4(4), level5(5), level6(6), level7(7), level8(8), level9(9), level10(10), level11(11), level12(12), level13(13), level14(14), level15(15) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object controls which NNCLI command privilege levels will be authorized by TACACS+." DEFVAL { { } } ::= { rcTacacsGlobal 8 } -- -------------------------------------------------- -- rcTacacsServerTable -- -------------------------------------------------- rcTacacsServerTable OBJECT-TYPE SYNTAX SEQUENCE OF RcTacacsServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The (conceptual) table listing the TACACS+ servers with which the client shares a secret." ::= { rcTacacs 2 } rcTacacsServerEntry OBJECT-TYPE SYNTAX RcTacacsServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) representing a TACACS+ server with which the client shares a secret." INDEX { rcTacacsServerAddressType, rcTacacsServerAddress } ::= { rcTacacsServerTable 1 } RcTacacsServerEntry ::= SEQUENCE { rcTacacsServerAddressType InetAddressType, rcTacacsServerAddress InetAddress, rcTacacsServerPortNumber InetPortNumber, rcTacacsServerConnectionType INTEGER, rcTacacsServerConnectionStatus INTEGER, rcTacacsServerTimeout Integer32, rcTacacsServerKey OCTET STRING, rcTacacsServerSourceIpInterfaceEnabled TruthValue, rcTacacsServerSourceIpInterfaceType InetAddressType, rcTacacsServerSourceIpInterface InetAddress, rcTacacsServerPriority Integer32, rcTacacsServerRowStatus RowStatus } rcTacacsServerAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "Specifies the type of IP address used on the Tacacs+ server." ::= { rcTacacsServerEntry 1 } rcTacacsServerAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IP address of the TACACS+ server referred to in this table entry." ::= { rcTacacsServerEntry 2 } rcTacacsServerPortNumber OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS read-create STATUS current DESCRIPTION "The TCP port on which the client establishes a connection to the server. A value of 0 indicates that the system specified default value is used." DEFVAL { 49 } ::= { rcTacacsServerEntry 3 } rcTacacsServerConnectionType OBJECT-TYPE SYNTAX INTEGER { singleConnection(1), perSessionConnection(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies TCP connection type between device and TACACS+ server. Either a single open connection between a device and server (SingleConnection), or open/close connection per communication session (PerSessionConnection)." DEFVAL { perSessionConnection } ::= { rcTacacsServerEntry 4 } rcTacacsServerConnectionStatus OBJECT-TYPE SYNTAX INTEGER { connected(1), notConnected(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies status TCP connection type between device and TACACS+ server." ::= { rcTacacsServerEntry 5 } rcTacacsServerTimeout OBJECT-TYPE SYNTAX Integer32 (10..30) MAX-ACCESS read-create STATUS current DESCRIPTION "The maximum time (in seconds) to wait for this TACACS+ server to reply." DEFVAL { 10 } ::= { rcTacacsServerEntry 6 } rcTacacsServerKey OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..128)) MAX-ACCESS read-create STATUS current DESCRIPTION "Secret key to be shared with this TACACS+ server. If the key length is zero that indicates no encryption is being used." DEFVAL { ''H } ::= { rcTacacsServerEntry 7 } rcTacacsServerSourceIpInterfaceEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies whether source address specification is enabled." DEFVAL { false } ::= { rcTacacsServerEntry 8 } rcTacacsServerSourceIpInterfaceType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the type of IP address used on the interface that connects to the Tacacs+ server. If this value is unknown(0), then a system-wide default value will be used." DEFVAL { unknown } ::= { rcTacacsServerEntry 9 } rcTacacsServerSourceIpInterface OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "IP address of the interface to use with this server." DEFVAL { ''H } ::= { rcTacacsServerEntry 10 } rcTacacsServerPriority OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Determines the order in which the TACACS+ servers will be used, when 1 is the highest priority. If more than one server share the same priority - they will be used in lexicographic order (the order of entries in this table)." DEFVAL { 1 } ::= { rcTacacsServerEntry 11 } rcTacacsServerRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The row status variable, can be set to destroy or createAndGo." ::= { rcTacacsServerEntry 12 } END