RGBN-AAA-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, enterprises, Unsigned32, IpAddress
        FROM SNMPv2-SMI
    TEXTUAL-CONVENTION, RowStatus, DisplayString
        FROM SNMPv2-TC
    RgbnAdminState
        FROM RGBN-BASE-MIB;

rgbnAaaMIB MODULE-IDENTITY
    LAST-UPDATED    "200909080000Z" -- 8-sept-2009, midnight
    ORGANIZATION    "RGB Networks"
    CONTACT-INFO    "Postal:
                        RGB Networks Inc
                        390 West Java Drive
                        Sunnyvale, CA 94089

                    WEB:
                        http://www.rgbnetworks.com

                    Email:
                        info@rgbnetworks.com
                    "
    DESCRIPTION
        "AAA management

        Copyright (C) RGB Networks."

    -- revision descriptions in reverse chronological order
    REVISION        "200909080000Z" -- 8-sept-2009, midnight
    DESCRIPTION
        "Following updates:
         1) Updated the description for rgbnAaaServerSharedSecret.
         2) Added table rgbnAaaLocalUserTable, which contains local
            users. However, it is commented out for the present."

    REVISION        "200905180000Z" -- 18-may-2009, midnight
    DESCRIPTION
        "Initial Version of MIB module."
    ::= { enterprises rgbnetworks(19601) rgbnG2Modules(3) 2 }

-- Top level OID branches
rgbnAaaNotifications OBJECT IDENTIFIER ::= { rgbnAaaMIB 0 }
rgbnAaaObjects OBJECT IDENTIFIER ::= { rgbnAaaMIB 1 }
rgbnAaaConformance OBJECT IDENTIFIER ::= { rgbnAaaMIB 2 }
    rgbnAaaCompliances OBJECT IDENTIFIER ::= { rgbnAaaConformance 1 }
    rgbnAaaGroups OBJECT IDENTIFIER ::= { rgbnAaaConformance 2 }

-- textual conventions
RgbnAaaProtocol ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "Type of AAA protocol."
    SYNTAX INTEGER {
                radius(1),
                tacacsplus(2)
                }

-- +++++++++++++++++++++++++++++++++++++++++++

rgbnAaaGlobal OBJECT IDENTIFIER ::= { rgbnAaaObjects 1 }

rgbnAaaMaxNumRetries OBJECT-TYPE
    SYNTAX      Unsigned32(0..3)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The maximum number of retries to attempt when
        contacting an AAA server."
    ::= { rgbnAaaGlobal 1 }

rgbnAaaPrefProtocol OBJECT-TYPE
    SYNTAX      RgbnAaaProtocol
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The preferred AAA protocol to use for AAA authentication.
        When the value is 'radius(1)', then all the RADUIS servers will
        be contacted for AAA authentication before trying any
        TACACS+ server, regardless of the value of rgbnAaaServerOrder."
    ::= { rgbnAaaGlobal 2 }

rgbnAaaRemoteOnly OBJECT-TYPE
    SYNTAX      RgbnAdminState
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The control of use of local authentication. The values are:
            disable(1) - if no AAA provides an authentication response,
                       then perform local authentication
            enable(2) - use only AAA servers for authentication
        Also see object rgbnAaaAdminState."
--    DEFVAL      { disable }
    ::= { rgbnAaaGlobal 3 }

rgbnAaaAdminState OBJECT-TYPE
    SYNTAX      RgbnAdminState
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The 'admin state' of AAA server use. The values are:
            disable(1) - do not use AAA servers for authentication,
                         (that is, do only local authentication)
            enable(2) - use AAA servers for authentication
        Also see object rgbnAaaRemoteOnly."
--    DEFVAL      { disable }
    ::= { rgbnAaaGlobal 4 }

rgbnAaaServerTimeout OBJECT-TYPE
    SYNTAX      Unsigned32(1..10)
    UNITS       "seconds"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
            "The number of seconds to wait for response from
            an AAA server."
    ::= { rgbnAaaGlobal 5 }

-- +++++++++++++++++++++++++++++++++++++++++++

rgbnAaaServerTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF RgbnAaaServerEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table of AAA servers used by the system. The number
        of entries is configuration dependent, and the maximum
        number of entries is implementation dependent."
    ::= { rgbnAaaObjects 2 }

rgbnAaaServerEntry OBJECT-TYPE
    SYNTAX      RgbnAaaServerEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A row in the AAA server table. Rows are created
        via use of object rgbnAaaServerRowStatus. Only the
        'createAndGo' and 'destroy' operations are supported.
        On creation, the values must be specified for objects
        rgbnAaaServerPort, rgbnAaaServerProto and rgbnAaaServerSharedSecret."
    INDEX {rgbnAaaServerIpAddr }
    ::= { rgbnAaaServerTable 1 }

RgbnAaaServerEntry ::= SEQUENCE {
    rgbnAaaServerIpAddr IpAddress,
    rgbnAaaServerPort Unsigned32,
    rgbnAaaServerProto RgbnAaaProtocol,
    rgbnAaaServerAdminState RgbnAdminState,
    rgbnAaaServerSharedSecret DisplayString,
    rgbnAaaServerOrder Unsigned32,
    rgbnAaaServerRowStatus RowStatus
}

rgbnAaaServerIpAddr OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The IPv4 Address of the AAA server."
    ::= { rgbnAaaServerEntry 1 }

rgbnAaaServerPort OBJECT-TYPE
    SYNTAX      Unsigned32(0..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The UDP port when the AAA protocol RADIUS is configured
        or the TCP port when the AAA protocol TACACS+ is
        configured."
    ::= { rgbnAaaServerEntry 2 }

rgbnAaaServerProto OBJECT-TYPE
    SYNTAX      RgbnAaaProtocol
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The AAA protocol used to communicate with the AAA server."
    ::= { rgbnAaaServerEntry 3 }

rgbnAaaServerAdminState OBJECT-TYPE
    SYNTAX      RgbnAdminState
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The 'admin state' of this row. The values are:
            disable(1) - do not use the server for AAA operations
            enable(2) - server may be used for AAA operations
        "
    DEFVAL      { disable }
    ::= { rgbnAaaServerEntry 4 }

rgbnAaaServerSharedSecret OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The secret shared between the system and the AAA server.
        Note: this shared secret must also be configured on the
        AAA server. Note that the value is sensitive, and should
        be protected on write."
    ::= { rgbnAaaServerEntry 5 }

rgbnAaaServerOrder OBJECT-TYPE
    SYNTAX      Unsigned32(1..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The order of server to be used for authentication.
        When authentication is to be performed, the list of
        servers are ordered by this value in ascending order.
        Authentication starts with the first server on the list
        (the one with the lowest value). The server is contacted
        for authentication. If a response is obtained, then it
        is used for the response to the authentication request.
        If no response is received, then the next server is
        contacted, and so forth until a response is obtained
        or authentication has been tried with all servers in
        the list. This is only modifiable field, when new server
        is added, order of server is created automatically from the system."
    ::= { rgbnAaaServerEntry 6 }

rgbnAaaServerRowStatus OBJECT-TYPE
    SYNTAX      RowStatus { active(1), createAndGo(4), destroy(6) }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The status of the row. Only 'one-shot creation' is allowed.
        The value of any writable object in this table can be modified
        when the value is 'active(1)'."
    ::= { rgbnAaaServerEntry 7 }

-- +++++++++++++++++++++++++++++++++++++++++++

--rgbnAaaLocalUserTable OBJECT-TYPE
--    SYNTAX      SEQUENCE OF RgbnAaaLocalUserEntry
--    MAX-ACCESS  not-accessible
--    STATUS      current
--    DESCRIPTION
--        "A table of locally configured users. The number
--        of entries is configuration dependent, and the maximum
--        number of entries is implementation dependent."
--    ::= { rgbnAaaObjects 3 }
--
--rgbnAaaLocalUserEntry OBJECT-TYPE
--    SYNTAX      RgbnAaaLocalUserEntry
--    MAX-ACCESS  not-accessible
--    STATUS      current
--    DESCRIPTION
--        "A row in the locally configured users table. Rows are created
--        via use of object rgbnAaaLocalUserRowStatus. Only the
--        'createAndGo' and 'destroy' operations are supported."
--    INDEX { rgbnAaaLocalUserName }
--    ::= { rgbnAaaLocalUserTable 1 }
--
--RgbnAaaLocalUserEntry ::= SEQUENCE {
--    rgbnAaaLocalUserName DisplayString,
--    rgbnAaaLocalUserRowStatus RowStatus,
--    rgbnAaaLocalUserRole INTEGER,
--    rgbnAaaLocalUserPassword DisplayString
--}
--
--rgbnAaaLocalUserName OBJECT-TYPE
--    SYNTAX      DisplayString(SIZE(1..128))
--    MAX-ACCESS  not-accessible
--    STATUS      current
--    DESCRIPTION
--        "The user's name."
--    ::= { rgbnAaaLocalUserEntry 1 }
--
--rgbnAaaLocalUserRowStatus OBJECT-TYPE
--    SYNTAX      RowStatus
--    MAX-ACCESS  read-create
--    STATUS      current
--    DESCRIPTION
--        "The status of the row. Only 'one-shot creation' is allowed."
--    ::= { rgbnAaaLocalUserEntry 2 }
--
--rgbnAaaLocalUserRole OBJECT-TYPE
--    SYNTAX      INTEGER {
--                    user(1),
--                    operator(2),
--                    administrator(3)
--                    }
--    MAX-ACCESS  read-create
--    STATUS      current
--    DESCRIPTION
--        "The role of the user. This affects the operations that
--        can be performed. The values:
--            user(1) - can perform monitoring operations on a
--                            subset of the the management objects
--            operator(2) - can perform read/write/create/action
--                            operations on all except for 
--                            administrative objects.
--            administrator(3) - can perform all operations on
--                            all objects."
--    DEFVAL  { user }
--    ::= { rgbnAaaLocalUserEntry 3 }
--
--rgbnAaaLocalUserPassword OBJECT-TYPE
--    SYNTAX      DisplayString(SIZE(1..128))
--    MAX-ACCESS  read-create
--    STATUS      current
--    DESCRIPTION
--        "The user's password. A read will return a zero length
--        string. Note that the value is sensitive, and should
--        be protected on write. Note: the action changeLocalUserPw
--        should be used with object RGBN-CORE-MIB::rgbnCoreActionType
--        to change the password of an existing user."
--    DEFVAL  { "" }
--    ::= { rgbnAaaLocalUserEntry 4 }

END
