--**MOD+*********************************************************************** --* Module: hpicfAutz.mib --* -- Copyright (C) 2006-2014 Hewlett Packard Enterprise Development LP -- * All Rights Reserved. -- * -- * The contents of this software are proprietary and confidential -- * to the Hewlett Packard Enterprise Development LP. No part of this -- * program may be photocopied, reproduced, or translated into another -- * programming language without prior written consent of the -- * Hewlett Packard Enterprise Development LP. --* --* Purpose: This file contains MIB definition of HP-AUTZ-MIB --* --**MOD-*********************************************************************** HP-AUTZ-MIB DEFINITIONS ::= BEGIN IMPORTS hpSwitch FROM HP-ICF-OID InetAddressType, InetAddress FROM INET-ADDRESS-MIB OBJECT-GROUP, MODULE-COMPLIANCE, NOTIFICATION-GROUP FROM SNMPv2-CONF RowStatus FROM SNMPv2-TC OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE, Integer32 FROM SNMPv2-SMI; -- 1.3.6.1.4.1.11.2.14.11.5.1.32 hpSwitchAuthorizationMIB MODULE-IDENTITY LAST-UPDATED "201408040000Z" -- August 04, 2014 at 00:00 GMT ORGANIZATION "HP Networking" CONTACT-INFO "Hewlett Packard Company 8000 Foothills Blvd. Roseville, CA 95747" DESCRIPTION "This MIB module contains the definitions of objects for managing the user authorization service on HP networking devices." REVISION "201408040000Z" -- August 04, 2014 DESCRIPTION "Added hpSwitchAutzServicePrimaryMethod hpSwitchAutzServiceCommandsLevel. to support 'auto' authorixzation and command access level." REVISION "201102070000Z" -- February 07, 2011 DESCRIPTION "Added hpSwitchLocalMgmtPrivGroupsTable, hpSwitchLocalMgmtPrivCommandsTable." REVISION "200708290000Z" -- August 29, 2007 at 00:00 GMT DESCRIPTION "Added hpicfSwitchAuthServerFail notification" REVISION "200510050000Z" -- October 05, 2005 at 00:00 GMT DESCRIPTION "Initial version." ::= { hpSwitch 32 } -- -- Node definitions -- -- 1.3.6.1.4.1.11.2.14.11.5.1.32.0 hpicfSwitchAuthorizationNotifications OBJECT IDENTIFIER ::= { hpSwitchAuthorizationMIB 0 } -- 1.3.6.1.4.1.11.2.14.11.5.1.32.0.1 hpicfSwitchAuthServerFail NOTIFICATION-TYPE OBJECTS { hpicfSwitchAuthServerType, hpicfSwitchAuthServerIPType, hpicfSwitchAuthServerIP } STATUS current DESCRIPTION "This notification indicates that the specified server is not reachable." ::= { hpicfSwitchAuthorizationNotifications 1 } -- 1.3.6.1.4.1.11.2.14.11.5.1.32.1 hpSwitchAuthorizationConfig OBJECT IDENTIFIER ::= { hpSwitchAuthorizationMIB 1 } -- 1.3.6.1.4.1.11.2.14.11.5.1.32.1.1 hpSwitchAutzServiceTable OBJECT-TYPE SYNTAX SEQUENCE OF HpSwitchAutzServiceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The (conceptual) table listing the authorization service types." ::= { hpSwitchAuthorizationConfig 1 } -- 1.3.6.1.4.1.11.2.14.11.5.1.32.1.1.1 hpSwitchAutzServiceEntry OBJECT-TYPE SYNTAX HpSwitchAutzServiceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) in the hpSwitchAutzServiceTable." INDEX { hpSwitchAutzServiceType } ::= { hpSwitchAutzServiceTable 1 } HpSwitchAutzServiceEntry ::= SEQUENCE { hpSwitchAutzServiceType INTEGER, hpSwitchAutzServicePrimaryMethod INTEGER, hpSwitchAutzServiceSecondaryMethod INTEGER, hpSwitchAutzServiceCommandsLevel INTEGER } -- 1.3.6.1.4.1.11.2.14.11.5.1.32.1.1.1.1 hpSwitchAutzServiceType OBJECT-TYPE SYNTAX INTEGER { commands(1), exec(2), network(3) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "Signifies the authorization service type for which this entry contains configuration information." ::= { hpSwitchAutzServiceEntry 1 } -- 1.3.6.1.4.1.11.2.14.11.5.1.32.1.1.1.2 hpSwitchAutzServicePrimaryMethod OBJECT-TYPE SYNTAX INTEGER { local(1), tacacs(2), radius(3), none(4), auto(5) } MAX-ACCESS read-write STATUS current DESCRIPTION "The primary method used for authorization. This object can be set only when the authorization service type is command. A value of local (1) indicates that authorization is performed locally. A value of tacacs (2) indicates that authorization is performed using TACACS+. A value of radius (3) indicates that authorization is performed using RADIUS. A value of none (4) indicates that authorization is not performed. A value of auto (5) indicates that authorization is performed by the same protocol that is configured for authentication." ::= { hpSwitchAutzServiceEntry 2 } -- 1.3.6.1.4.1.11.2.14.11.5.1.32.1.1.1.3 hpSwitchAutzServiceSecondaryMethod OBJECT-TYPE SYNTAX INTEGER { local(1), none(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the secondary (backup) method used for authorization." ::= { hpSwitchAutzServiceEntry 3 } hpSwitchAutzServiceCommandsLevel OBJECT-TYPE SYNTAX INTEGER { all(1), managerlevelonly(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the command level that requires authorization. A value of all (1) indicates that authorization is required for all commands. A value of managerLevelOnly (2) indicates that the authorization is required only for manager level commands. This object is only valid when the value of hpSwitchAutzServiceType is (commands). The default is (all)." DEFVAL {all} ::= { hpSwitchAutzServiceEntry 4 } -- 1.3.6.1.4.1.11.2.14.11.5.1.32.1.2 hpicfSwitchAuthObjects OBJECT IDENTIFIER ::= { hpSwitchAuthorizationConfig 2 } -- 1.3.6.1.4.1.11.2.14.11.5.1.32.1.2.1 hpicfSwitchAuthServerType OBJECT-TYPE SYNTAX INTEGER { radius(1), tacacs(2), other(9) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Authorization server type reported in hpicfSwitchAuthorization notifications." ::= { hpicfSwitchAuthObjects 1 } -- 1.3.6.1.4.1.11.2.14.11.5.1.32.1.2.2 hpicfSwitchAuthServerIPType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "InetAddressType of the address reported in hpicfSwitchAuthServerIP." ::= { hpicfSwitchAuthObjects 2 } -- 1.3.6.1.4.1.11.2.14.11.5.1.32.1.2.3 hpicfSwitchAuthServerIP OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "This object is used in an hpicfSwitchAuthorizationNotification to report the IP address of the affected server." ::= { hpicfSwitchAuthObjects 3 } -- 1.3.6.1.4.1.11.2.14.11.5.1.32.1.3 hpSwitchAuthConfigObjects OBJECT IDENTIFIER ::= { hpSwitchAuthorizationConfig 3 } -- 1.3.6.1.4.1.11.2.14.11.5.1.32.1.3.1 hpicfSwitchAuthServerNotifyEnable OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The operational status of hpicfSwitchAuthServerFail notifications. The default value is 1 (Enabled). A value of 2 represents Disabled. Writing this object requires authentication, such as provided by SNMPv3." ::= { hpSwitchAuthConfigObjects 1 } -- ------------------------------------------------------------ -- Local Managment Privilege Groups Table -- ------------------------------------------------------------ -- 1.3.6.1.4.1.11.2.14.11.5.1.32.1.4 hpSwitchAuthLocalPrivConfigObjects OBJECT IDENTIFIER ::= { hpSwitchAuthorizationConfig 4 } hpSwitchLocalMgmtPrivGroupsTable OBJECT-TYPE SYNTAX SEQUENCE OF HpSwitchLocalMgmtPrivGroupsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists the local management privilege group names." ::= { hpSwitchAuthLocalPrivConfigObjects 1 } hpSwitchLocalMgmtPrivGroupsEntry OBJECT-TYPE SYNTAX HpSwitchLocalMgmtPrivGroupsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Local Management Groups entry." INDEX { hpSwitchLocalMgmtPrivGroupIndex } ::= { hpSwitchLocalMgmtPrivGroupsTable 1 } HpSwitchLocalMgmtPrivGroupsEntry ::= SEQUENCE { hpSwitchLocalMgmtPrivGroupIndex Integer32, hpSwitchLocalMgmtPrivGroupName OCTET STRING, hpSwitchLocalMgmtPrivGroupStatus RowStatus } hpSwitchLocalMgmtPrivGroupIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index value which uniquely identifies a row in the group table. The values, One (1) is reserved for a predefined manager group, Two (2) is reserved for usernames that are not assigned to a group. The privileges for usernames that do not have a group assignment is the same as operator'. " ::= { hpSwitchLocalMgmtPrivGroupsEntry 1 } hpSwitchLocalMgmtPrivGroupName OBJECT-TYPE SYNTAX OCTET STRING ( SIZE (1..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "The name of a given Local Management server group." ::= { hpSwitchLocalMgmtPrivGroupsEntry 2 } hpSwitchLocalMgmtPrivGroupStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of the local management privilege group row." ::= { hpSwitchLocalMgmtPrivGroupsEntry 3 } -- ------------------------------------------------------------ -- Local Managment Privilege Commands Table -- ------------------------------------------------------------ hpSwitchLocalMgmtPrivCommandsTable OBJECT-TYPE SYNTAX SEQUENCE OF HpSwitchLocalMgmtPrivCommandsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists the local management Privilege Command Match strings." ::= { hpSwitchAuthLocalPrivConfigObjects 2 } hpSwitchLocalMgmtPrivCommandsEntry OBJECT-TYPE SYNTAX HpSwitchLocalMgmtPrivCommandsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Local Management Commands entry." INDEX { hpSwitchLocalMgmtPrivGroupIndex, hpSwitchLocalMgmtPrivCmdSequenceIndex } ::= { hpSwitchLocalMgmtPrivCommandsTable 1 } HpSwitchLocalMgmtPrivCommandsEntry ::= SEQUENCE { hpSwitchLocalMgmtPrivCmdSequenceIndex Integer32, hpSwitchLocalMgmtPrivCmdMatchStr OCTET STRING, hpSwitchLocalMgmtPrivCmdPriv INTEGER, hpSwitchLocalMgmtPrivCmdSendLog INTEGER, hpSwitchLocalMgmtPrivCmdStatus RowStatus } hpSwitchLocalMgmtPrivCmdSequenceIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index value which uniquely identifies a row in the command table. See the documentation for the number of sequences allowed." ::= { hpSwitchLocalMgmtPrivCommandsEntry 1 } hpSwitchLocalMgmtPrivCmdMatchStr OBJECT-TYPE SYNTAX OCTET STRING ( SIZE (0..65535)) MAX-ACCESS read-create STATUS current DESCRIPTION "The syntax of a command within a group. See the documentation for the maximum length of the command name." ::= { hpSwitchLocalMgmtPrivCommandsEntry 2 } hpSwitchLocalMgmtPrivCmdPriv OBJECT-TYPE SYNTAX INTEGER { permit(1), deny(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The privilege associated with commands that match the command string." ::= { hpSwitchLocalMgmtPrivCommandsEntry 3 } hpSwitchLocalMgmtPrivCmdSendLog OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Determines if a log message is generated when commands matching this command string are attempted." DEFVAL {disable} ::= { hpSwitchLocalMgmtPrivCommandsEntry 4 } hpSwitchLocalMgmtPrivCmdStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of the local management privilege command row." ::= { hpSwitchLocalMgmtPrivCommandsEntry 5 } -- Compliance Statements -- 1.3.6.1.4.1.11.2.14.11.5.1.32.2 hpSwitchAuthorizationConformance OBJECT IDENTIFIER ::= { hpSwitchAuthorizationMIB 2 } -- 1.3.6.1.4.1.11.2.14.11.5.1.32.2.1 hpSwitchAuthorizationMIBCompliances OBJECT IDENTIFIER ::= { hpSwitchAuthorizationConformance 1 } -- 1.3.6.1.4.1.11.2.14.11.5.1.32.2.1.1 hpSwitchAuthorizationMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for devices implementing the HP-AUTZ-MIB." MODULE -- this module MANDATORY-GROUPS { hpSwitchAuthorizationConfigGroup } ::= { hpSwitchAuthorizationMIBCompliances 1 } hpSwitchLocalMgmtPrivGrpMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for listing the local management privilege methods to be tried for granting different access levels through various access tasks" MODULE -- this module MANDATORY-GROUPS { hpSwitchAutzLocalMgmtPrivGroup } OBJECT hpSwitchLocalMgmtPrivGroupName MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT hpSwitchLocalMgmtPrivCmdMatchStr MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT hpSwitchLocalMgmtPrivCmdPriv MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT hpSwitchLocalMgmtPrivCmdSendLog MIN-ACCESS read-only DESCRIPTION "Write access is not required. " ::= { hpSwitchAuthorizationMIBCompliances 2 } hpSwitchLocalMgmtPrivGrpMIBCompliance1 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for listing the local management privilege methods to be tried for granting different access levels through various access tasks" MODULE -- this module MANDATORY-GROUPS { hpSwitchAutzLocalMgmtPrivGroup1 } ::= { hpSwitchAuthorizationMIBCompliances 3 } hpSwitchAuthorizationObjectsGrpMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for listing the local management privilege methods to be tried for granting different access levels through various access tasks" MODULE -- this module MANDATORY-GROUPS { hpicfSwitchAuthorizationObjectsGroup } ::= { hpSwitchAuthorizationMIBCompliances 4 } hpSwitchAuthorizationNotificationGrpMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for listing the local management privilege methods to be tried for granting different access levels through various access tasks" MODULE -- this module MANDATORY-GROUPS { hpicfSwitchAuthorizationNotificationGroup } ::= { hpSwitchAuthorizationMIBCompliances 5 } -- 1.3.6.1.4.1.11.2.14.11.5.1.32.2.2 hpSwitchAuthorizationMIBGroups OBJECT IDENTIFIER ::= { hpSwitchAuthorizationConformance 2 } -- 1.3.6.1.4.1.11.2.14.11.5.1.32.2.2.1 hpSwitchAuthorizationConfigGroup OBJECT-GROUP OBJECTS { hpSwitchAutzServicePrimaryMethod, hpSwitchAutzServiceSecondaryMethod, hpSwitchAutzServiceCommandsLevel, hpicfSwitchAuthServerNotifyEnable } STATUS current DESCRIPTION "A collection of objects to support authorization service." ::= { hpSwitchAuthorizationMIBGroups 1 } -- 1.3.6.1.4.1.11.2.14.11.5.1.32.2.2.2 hpicfSwitchAuthorizationNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { hpicfSwitchAuthServerFail } STATUS current DESCRIPTION "A group of switch authorization notifications." ::= { hpSwitchAuthorizationMIBGroups 2 } -- 1.3.6.1.4.1.11.2.14.11.5.1.32.2.2.3 hpicfSwitchAuthorizationObjectsGroup OBJECT-GROUP OBJECTS { hpicfSwitchAuthServerType, hpicfSwitchAuthServerIPType, hpicfSwitchAuthServerIP } STATUS current DESCRIPTION "A group of switch authorization objects." ::= { hpSwitchAuthorizationMIBGroups 3 } hpSwitchAutzLocalMgmtPrivGroup OBJECT-GROUP OBJECTS { hpSwitchLocalMgmtPrivGroupName, hpSwitchLocalMgmtPrivCmdMatchStr, hpSwitchLocalMgmtPrivCmdPriv, hpSwitchLocalMgmtPrivCmdSendLog } STATUS current DESCRIPTION "A collection of objects for configuring Local Manangement Privilege Groups" ::= { hpSwitchAuthorizationMIBGroups 4 } hpSwitchAutzLocalMgmtPrivGroup1 OBJECT-GROUP OBJECTS { hpSwitchLocalMgmtPrivCmdStatus, hpSwitchLocalMgmtPrivGroupStatus } STATUS current DESCRIPTION "A collection of objects for configuring Local Mangement Privilege Groups" ::= { hpSwitchAuthorizationMIBGroups 5 } END