CISCO-AAA-SERVER-EXT-MIB Table View

Table-centric layout grouping table, row, and column objects.

Standard view Table view
Tables
5
Rows
5
Columns
33

cAAASvrExtConfigTable

table
.1.3.6.1.4.1.9.9.367.1.2.1 · 1 row entry · 10 columns
Open in standard view 
This table extends the 'casConfigTable'  from 
CISCO-AAA-SERVER-MIB to provide configuration 
flexibility.
An entry cannot be created until at least one of the
following objects/object-set are instantiated :
- cAAAServerAddrType and cAAAServerAddr set
          Or 
- casAddress of casConfigTable
If both 'casAddress' and 'cAAAServerAddr'(along with
'cAAAServerAddrType') are set during the row creation,
the values need to be consistent. Else it results in
an error.
cAAASvrExtConfigEntry entry .1.3.6.1.4.1.9.9.367.1.2.1.1
An entry (conceptual row) in cAAASvrExtConfigTable.
Indexes
No indexes recorded
Column Syntax OID
cAAAServerAddrType
The type of address of the AAA Server as specified
by object 'cAAAServerAddr'.
If the user sets 'casAddress' column of the
'casConfigTable', then 'cAAAServerAddrType' is
appropriately filled by the agent.
If the use…
INET-ADDRESS-MIBInetAddressTyper/w
Textual Convention: INET-ADDRESS-MIBInetAddressType Enumeration
Type Values:
0unknown
1ipv4
2ipv6
3ipv4z
4ipv6z
16dns
25l2vpn
 .1.3.6.1.4.1.9.9.367.1.2.1.1.1
cAAAServerAddr
The address of the AAA Server.
If the users sets 'casAddress' column of the
'casConfigTable', then 'cAAAServerAddr' is
appropriately filled by the agent.
INET-ADDRESS-MIBInetAddressr/w
Textual Convention: INET-ADDRESS-MIBInetAddress OctetString
Type Constraints:
range: 0..255
 .1.3.6.1.4.1.9.9.367.1.2.1.1.2
cAAAServerKeyEncrType
The encryption type of the corresponding instance
of the server key 'casKey' in the augmented row of
the 'casConfigTable'.
CiscoAAAServerKeyEncrTyper/w
Textual Convention: CiscoAAAServerKeyEncrType Enumeration
Type Values:
1plain
2encrypted
3notConfigured
 .1.3.6.1.4.1.9.9.367.1.2.1.1.3
cAAAServerDeadTime
This indicates the length of time in minutes that the
system will mark the server dead when a AAA server does
not respond to an authentication request. During the
interval of the dead time, any authentication request
t…
minutesUnsigned32r/w
Constraints:
range: 0-1440
 .1.3.6.1.4.1.9.9.367.1.2.1.1.4
cAAAServerTimeOut
The time in seconds between retransmissions to
the AAA server.This value overrides value set in the
'cAAAServerProtoTimeOut' of the
'cAAASvrExtProtocolParamTable' for this server.
If this value is zero, then the valu…
secondsUnsigned32r/w
Constraints:
range: 0-1000
 .1.3.6.1.4.1.9.9.367.1.2.1.1.5
cAAAServerRetransmits
The additional number of times the AAA server should be
tried by the AAA client before giving up on the server.
This value overrides value set in the
'cAAAServerProtoTimeOut' of the
'cAAASvrExtProtocolParamTable' for…
retransmitsUnsigned32r/w
Constraints:
range: 0-100
 .1.3.6.1.4.1.9.9.367.1.2.1.1.6
cAAAServerRootDN
This object specifies the root Distinguished Name
to be used in authenticating the access to LDAP
server database.
OctetStringr/w
Constraints:
range: 0-64
 .1.3.6.1.4.1.9.9.367.1.2.1.1.7
cAAAServerIdleTime
This indicates the time interval in minutes, at which the
system will periodically test the AAA Server by
sending test packets to the server. The default value
of 0 means that the AAA server will not be tested
periodica…
minutesUnsigned32r/w
Constraints:
range: 0-1440
 .1.3.6.1.4.1.9.9.367.1.2.1.1.8
cAAAServerTestUser
The username to be used in the test packets sent
to AAA Server to test if the Server responds to the
requests or not.
OctetStringr/w
Constraints:
range: 1-32
 .1.3.6.1.4.1.9.9.367.1.2.1.1.9
cAAAServerTestPassword
The password to be used in test packets sent to AAA
Server to test if the Server responds to the
requests or not.

A zero-length string is always returned when this
object is read.
OctetStringr/w
Constraints:
range: 1-32
 .1.3.6.1.4.1.9.9.367.1.2.1.1.10

cAAASvrExtProtocolParamTable

table
.1.3.6.1.4.1.9.9.367.1.3.1 · 1 row entry · 8 columns
Open in standard view 
This table contains the per-protocol parameters for use by
all AAA Servers instrumented in one instance of this MIB.
cAAASvrExtProtocolParamEntry entry .1.3.6.1.4.1.9.9.367.1.3.1.1
An entry (conceptual row) in
'cAAASvrExtProtocolParamTable'. Each row of the
table indicates the protocol parameters setting
for a particular AAA protocol. New entries can
not be created. The existing rows can only …
Indexes
cAAAServerProtocol
Column Syntax OID
cAAAServerProtocol
The AAA Protocol for which these settings are
being applied.
CISCO-AAA-SERVER-MIBCiscoAAAProtocol
Textual Convention: CISCO-AAA-SERVER-MIBCiscoAAAProtocol Enumeration
Type Values:
1tacacsplus
2radius
3ldap
4kerberos
5ntlm
6sdi
7other
 .1.3.6.1.4.1.9.9.367.1.3.1.1.1
cAAAServerProtoAuthKey
The key used in encrypting the packets passed
between the AAA server and the client.This key
must match the one configured on the server.
This Object is similar to the 'caskey'.
If the 'caskey' of the 'casConfigTable' i…
SNMPv2-TCDisplayStringr/w
Textual Convention: SNMPv2-TCDisplayString OctetString
Type Constraints:
range: 0..255
 .1.3.6.1.4.1.9.9.367.1.3.1.1.2
cAAAServerProtoKeyEncrType
The encryption type of the server key
'cAAAServerProtoAuthKey'.
CiscoAAAServerKeyEncrTyper/w
Textual Convention: CiscoAAAServerKeyEncrType Enumeration
Type Values:
1plain
2encrypted
3notConfigured
 .1.3.6.1.4.1.9.9.367.1.3.1.1.3
cAAAServerProtoDeadTime
The DeadTime setting for AAA Servers.
If 'cAAAServerDeadTime' of 'cAAASvrExtConfigTable' is zero,
this value is used.
This indicates the length of time in minutes that the
system will mark the server dead when a AAA se…
minutesUnsigned32r/w
Constraints:
range: 0-1440
 .1.3.6.1.4.1.9.9.367.1.3.1.1.4
cAAAServerProtoTimeOut
The time in seconds between retransmissions to
the AAA server.
If 'cAAAServerTimeOut' of 'cAAASvrExtConfigTable' is zero
, this value is used.
secondsUnsigned32r/w
Constraints:
range: 1-1000
 .1.3.6.1.4.1.9.9.367.1.3.1.1.5
cAAAServerProtoRetransmits
The additional number of times the AAA server should be
tried by the AAA client before giving up on the server.
If 'cAAAServerRetransmits' of 'cAAASvrExtConfigTable' is
zero, this value is used.
retransmitsUnsigned32r/w
Constraints:
range: 0-100
 .1.3.6.1.4.1.9.9.367.1.3.1.1.6
cAAAServerProtoSvrTableMaxEnt
Each instance of this object specifies the maximum
number of AAA server entries in the 'casConfigTable',
for a particular protocol.
Unsigned32
Constraints:
range: 0-65536
 .1.3.6.1.4.1.9.9.367.1.3.1.1.7
cAAAServerProtoDirectedReq
This object is to specify whether a user could choose
a AAA server for authentication during login.

The value 'true(1)' indicates that a user can specify
the remote AAA server for authentication during l…
SNMPv2-TCTruthValuer/w
Textual Convention: SNMPv2-TCTruthValue Enumeration
Type Values:
1true
2false
 .1.3.6.1.4.1.9.9.367.1.3.1.1.8

cAAASvrExtSvrGrpConfigTable

table
.1.3.6.1.4.1.9.9.367.1.4.1 · 1 row entry · 6 columns
Open in standard view 
A table consisting of entries for Server Groups. 
A server group consists of a number of AAA servers
implementing the same AAA protocol. Multiple server
groups (usually one group for TACACS+ and one group
for RADIUS) can be used for the same service for
authentication, authorization and accounting purpose.
An entry cannot be created until following objects are 
instantiated
- cAAASvrGrpName
- cAAASvrGrpProtocol
- cAAAServerList with at least one member
Note that an implementation may support any number of
permanent rows which cannot be deleted. These permanent
groups are system defined groups and not created by the
user.
cAAASvrExtSvrGrpConfigEntry entry .1.3.6.1.4.1.9.9.367.1.4.1.1
An entry (conceptual row) in the
cAAASvrExtSvrGrpConfigTable.
Indexes
cAAASvrGrpIndex
Column Syntax OID
cAAASvrGrpIndex
The index for each of the Server Group entries.
Unsigned32
Constraints:
range: 1-100
 .1.3.6.1.4.1.9.9.367.1.4.1.1.1
cAAASvrGrpName
The name of the Server Group. The 'cAAASvrGrpName'
has to be specified by the user during the creation
of this row entry.
The cAAASvrGrpName can not be modified when
cAAASvrGrpConfigRowStatus is 'active'.
OctetStringr/w
Constraints:
range: 1-64
 .1.3.6.1.4.1.9.9.367.1.4.1.1.2
cAAASvrGrpProtocol
The AAA Protocol to which this Server Group belongs to.
The cAAASvrGrpProtocol can not be modified when
cAAASvrGrpConfigRowStatus is 'active'.
CISCO-AAA-SERVER-MIBCiscoAAAProtocolr/w
Textual Convention: CISCO-AAA-SERVER-MIBCiscoAAAProtocol Enumeration
Type Values:
1tacacsplus
2radius
3ldap
4kerberos
5ntlm
6sdi
7other
 .1.3.6.1.4.1.9.9.367.1.4.1.1.3
cAAAServerList
This represents ordered list of AAA Servers which form
this Server Group.
This object contains list of the AAA Servers as defined
in the 'casConfigTable'.
The value of this object is a concatenation of one or
more 4-o…
OctetStringr/w
Constraints:
range: 4-256
 .1.3.6.1.4.1.9.9.367.1.4.1.1.4
cAAASvrGrpConfigRowStatus
The status of this conceptual row.This object can not
be set to 'active' unless the corresponding value of
'cAAASvrGrpName' is unique. Once value of this object
is set to 'active', the associated entry can not be
mod…
SNMPv2-TCRowStatusr/w
Textual Convention: SNMPv2-TCRowStatus Enumeration
Type Values:
1active
2notInService
3notReady
4createAndGo
5createAndWait
6destroy
 .1.3.6.1.4.1.9.9.367.1.4.1.1.5
cAAASvrGrpConfigDeadTime
The DeadTime setting for AAA Server Group.
This indicates the length of time in minutes that the
system will mark the server dead when a AAA server does
not respond to an authentication request. During the
interval of t…
minutesUnsigned32r/w
Constraints:
range: 0-1440
 .1.3.6.1.4.1.9.9.367.1.4.1.1.6

cAAASvrExtSvrGrpLDAPConfigTable

table
.1.3.6.1.4.1.9.9.367.1.4.2 · 1 row entry · 3 columns
Open in standard view 
This table is extension to cAAASvrExtSvrGrpConfigTable.
          
An entry will be created in this table
by the agent whenever an entry is created
in cAAASvrExtSvrGrpConfigTable with 
cAAASvrGrpProtocol set to 'ldap'.
          
An entry will get destroyed by the agent
whenever corresponding entry in
cAAASvrExtSvrGrpConfigTable identified
by cAAASvrGrpIndex is destroyed.
          
The SNMP Manager can not create
or destroy entries in this table.
The SNMP Manager can modify columnar
objects in this table.
cAAASvrExtSvrGrpLDAPConfigEntry entry .1.3.6.1.4.1.9.9.367.1.4.2.1
An entry in the table. Each entry corresponds
to LDAP server group identified by
a corresponding entry in cAAASvrExtSvrGrpConfigTable
with cAAASvrGrpProtocol value of 'ldap'.
Each entry contains information on LDAP Bas…
Indexes
cAAASvrGrpIndex
Column Syntax OID
cAAASvrGrpLDAPBaseDN
This object specifies the base entry in the
LDAP hierarchy where the LDAP server should begin
searching when it receives an authorization request.
OctetStringr/w
Constraints:
range: 0-64
 .1.3.6.1.4.1.9.9.367.1.4.2.1.1
cAAASvrGrpLDAPFilterUser
This object specifies the filter to be
used to search user entry in LDAP server
database.
OctetStringr/w
Constraints:
range: 0-128
 .1.3.6.1.4.1.9.9.367.1.4.2.1.2
cAAASvrGrpLDAPUserProfile
This object specifies the attribute type for
user profile private attribute. This attribute
is requested in search request to the LDAP server.
OctetStringr/w
Constraints:
range: 0-64
 .1.3.6.1.4.1.9.9.367.1.4.2.1.3

cAAASvrExtAppSvrGrpConfigTable

table
.1.3.6.1.4.1.9.9.367.1.5.1 · 1 row entry · 6 columns
Open in standard view 
A table associating the AAA server groups for 
specific  AAA function for a given  Application 
and Application Sub-Type. If the device encounters
ERRORs from server(s) in first group of 
'cAAASvrGrpList',it will try servers in next 
server group. The order in which Server Groups occur
within the value of 'cAAASvrGrpList' decides the order
of trial for AAA  function. 
Similarly, within a server group, each server 
in the group will be tried one by one until one
of them responds with either SUCCESS or FAIL. 
In case all the Server Groups return ERROR,
'Local' mechanism ('cAAASvrGrpLocal') followed by 
'Trivial' mechanism ('cAAASvrGrpTrivial') are tried,
if so configured.
cAAASvrExtAppSvrGrpConfigEntry entry .1.3.6.1.4.1.9.9.367.1.5.1.1
An entry (conceptual row) in the
cAAASvrExtSerSvrGrpConfigTable.
New entries can not be created. The existing
rows only can be modified.
Indexes
cAAAApplicationType cAAAApplicationSubType cAAAFunction
Column Syntax OID
cAAAApplicationType
The Application type for which this AAA configuration
is applied.
Each of these applications uses AAA services on the device.
'login' application includes console, telnet and SSH based
login using the username and pas…
Enumeration
Enumerated Values:
1default
2login
3dhchap
4iSCSI
 .1.3.6.1.4.1.9.9.367.1.5.1.1.1
cAAAApplicationSubType
The Application Sub-Type. This is very specific to
the application attached and indicates the
sub-application.
For 'login' application:
- If the 'cAAAApplicationSubType' is 'all', the
configuration appearing in…
Enumeration
Enumerated Values:
1all
2console
 .1.3.6.1.4.1.9.9.367.1.5.1.1.2
cAAAFunction
The AAA function to which this application
configuration row corresponds to.
Enumeration
Enumerated Values:
1authentication
2authorization
3accounting
 .1.3.6.1.4.1.9.9.367.1.5.1.1.3
cAAASvrGrpLocal
The value 'true(1)' indicates 'Local' AAA
is allowed.
The value 'false(2)' indicates 'Local' AAA
is not allowed.
'Local' AAA is used only after trying all the Server
Groups in the 'cAAASvrGrpList'.
The 'Local' AAA m…
SNMPv2-TCTruthValuer/w
Textual Convention: SNMPv2-TCTruthValue Enumeration
Type Values:
1true
2false
 .1.3.6.1.4.1.9.9.367.1.5.1.1.4
cAAASvrGrpTrivial
The value 'true(1)' indicates 'Trivial' AAA
is allowed.
The value 'false(2)' indicates 'Trivial' AAA
is not allowed.
'Trivial' AAA is used only after trying all the Server
Groups in the 'cAAASvrGrpList' and 'Local…
SNMPv2-TCTruthValuer/w
Textual Convention: SNMPv2-TCTruthValue Enumeration
Type Values:
1true
2false
 .1.3.6.1.4.1.9.9.367.1.5.1.1.5
cAAASvrGrpList
This represents ordered list of AAA Server Groups that are
configured for this application to perform AAA functions.
This object contains list of the AAA Server Groups as
defined in the 'cAAASvrExtSvrGrpConfigTable'.
Th…
OctetStringr/w
Constraints:
range: 0-256
 .1.3.6.1.4.1.9.9.367.1.5.1.1.6