ELTEX-MES-ISS-AAA-MIB DEFINITIONS ::= BEGIN

-- Title:      ELTEX AAA Private MIB
-- Version:    1.1
-- Date:       05 Jun 2020

IMPORTS
        MODULE-IDENTITY, OBJECT-TYPE, Unsigned32
            FROM SNMPv2-SMI
        OBJECT-GROUP
            FROM SNMPv2-CONF
        TruthValue, DisplayString, RowStatus
            FROM SNMPv2-TC
        eltMesIss
            FROM ELTEX-MES-ISS-MIB
        mcTrapDescr
            FROM ELTEX-SMI-ACTUAL;

eltMesIssAaaMIB MODULE-IDENTITY
        LAST-UPDATED "202208030000Z"
        ORGANIZATION "Eltex Enterprise, Ltd."
        CONTACT-INFO
                "eltex-co.ru"
        DESCRIPTION
                "AAA MIB definitions."
        REVISION "202208030000Z"
        DESCRIPTION "Added AAA method 'none'."
        REVISION "202202150000Z"
        DESCRIPTION "Added AAA chain feature for WEB."
        REVISION "202107020000Z"
        DESCRIPTION "Implemented AAA methods lists."
        REVISION "202010290000Z"
        DESCRIPTION "Added remote command authorization."
        REVISION "202006050000Z"
        DESCRIPTION "Added TACACS attributes."
        REVISION "201901310000Z"
        DESCRIPTION "Initial revision."
    ::= { eltMesIss 7 }

eltMesIssAaaObjects              OBJECT IDENTIFIER ::= { eltMesIssAaaMIB 1 }
eltMesIssAaaNotifications        OBJECT IDENTIFIER ::= { eltMesIssAaaMIB 2 }

eltMesIssAaaGlobalConfig         OBJECT IDENTIFIER ::= { eltMesIssAaaObjects 1 }
eltMesIssAaaLineConfig           OBJECT IDENTIFIER ::= { eltMesIssAaaObjects 2 }
eltMesIssAaaWebConfig            OBJECT IDENTIFIER ::= { eltMesIssAaaObjects 3 }

eltMesIssAaaTacacsGlobalConfig   OBJECT IDENTIFIER ::= { eltMesIssAaaGlobalConfig 2 }
eltMesIssAaaRadiusGlobalConfig   OBJECT IDENTIFIER ::= { eltMesIssAaaGlobalConfig 3 }
eltMesIssAaaMethodGlobalConfig   OBJECT IDENTIFIER ::= { eltMesIssAaaGlobalConfig 6 }

eltMesIssAaaNotificationsPrefix  OBJECT IDENTIFIER ::= { eltMesIssAaaNotifications 0 }

-- eltMesIssAaaEnableAuthentication OBJECT-TYPE ::= { eltMesIssAaaTacacsGlobalConfig 1 }
eltMesIssAaaTacacsAttrConfig     OBJECT IDENTIFIER ::= { eltMesIssAaaTacacsGlobalConfig 2 }

-- ========================================================================== --
--                            Textual Conventions                             --
-- ========================================================================== --

EltMesIssAaaAuthenticationMethod ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "Authentication method."
    SYNTAX  INTEGER {
        local(1),
        remoteRadius(2),
        remoteTacacs(3),
        none(4)
    }

EltMesIssAaaAuthenticationModeType ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "Authentication mode. Break stops the process of
         authentication on first failure, chain passes through
         the whole list."
    SYNTAX  INTEGER {
        chain(1),
        break(2)
    }

EltMesIssAaaLineType ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "Line type."
    SYNTAX  INTEGER {
        console(1),
        telnet(2),
        ssh(3)
    }

EltMesIssAaaTacacsAuthenticationType ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "Tacacs authentication type."
    SYNTAX  INTEGER {
        ascii(1),
        pap(2)
    }

EltMesIssAaaAuthorizationMethod ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "Authorization method."
    SYNTAX  INTEGER {
        local(1),
        remoteTacacs(2),
        tacacsFallbackToLocal(3),
        global(255)
    }

-- ========================================================================== --
--                               Global Objects                               --
-- ========================================================================== --

eltMesIssAaaEnableAuthentication OBJECT-TYPE
    SYNTAX EltMesIssAaaAuthenticationMethod
    MAX-ACCESS  read-write
    STATUS      deprecated
    DESCRIPTION
        "Configures the mechanism by which the user enable has to be
        authenticated for accessing to manage the switch. Authentication
        is done either locally or in the remote side through a RADIUS Server or TACACS.
        If Authentication is configured as radiusFallbackToLocal or tacacsFallbackToLocal
        then Local authentication  provides a back door or a secondary option
        for authentication if the server fails."
    DEFVAL  { local }
    ::= { eltMesIssAaaGlobalConfig 1 }

eltMesIssAaaTacacsAuthenticationType OBJECT-TYPE
    SYNTAX      EltMesIssAaaTacacsAuthenticationType
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Configures TACACS authentication type."
    DEFVAL  { pap }
    ::= { eltMesIssAaaTacacsGlobalConfig 1 }

eltMesIssAaaAuthenticationMode OBJECT-TYPE
    SYNTAX EltMesIssAaaAuthenticationModeType
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Configures the authentication mode (chain or break)
         switch uses to pass through the configured authentication
         lists of methods."
    DEFVAL  { break }
    ::= { eltMesIssAaaGlobalConfig 5 }

-- ========================================================================== --
--                             Method list table                              --
-- ========================================================================== --

eltMesIssAaaMethodListTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EltMesIssAaaMethodListEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The table specifies all methods list per method name."
    ::= { eltMesIssAaaMethodGlobalConfig 1 }

eltMesIssAaaMethodListEntry OBJECT-TYPE
    SYNTAX      EltMesIssAaaMethodListEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The row definition for this table."
    INDEX { eltMesIssAaaMethodListName,
            eltMesIssAaaAuthenticationMethodIndex }
    ::= { eltMesIssAaaMethodListTable 1 }

EltMesIssAaaMethodListEntry ::= SEQUENCE {
    eltMesIssAaaMethodListName               DisplayString,
    eltMesIssAaaAuthenticationMethodIndex    INTEGER (1..4),
    eltMesIssAaaMethodType                   EltMesIssAaaAuthenticationMethod,
    eltMesIssAaaMethodRowStatus              RowStatus
}

eltMesIssAaaMethodListName OBJECT-TYPE
    SYNTAX      DisplayString (SIZE(3..20))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Methods' List Name"
    ::= { eltMesIssAaaMethodListEntry 1 }

eltMesIssAaaAuthenticationMethodIndex OBJECT-TYPE
    SYNTAX      INTEGER (1..4)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Method type index in list.
         The smallest index has the highest priority."
    ::= { eltMesIssAaaMethodListEntry 2 }

eltMesIssAaaMethodType  OBJECT-TYPE
    SYNTAX      EltMesIssAaaAuthenticationMethod
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Method type that will be used in the methods'
         list."
    ::= { eltMesIssAaaMethodListEntry 3 }

eltMesIssAaaMethodRowStatus     OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Method status in the list."
    ::= { eltMesIssAaaMethodListEntry 4 }

-- ========================================================================== --
--                                Line Config                                 --
-- ========================================================================== --

eltMesIssAaaLineLoginAuthenticationTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EltMesIssAaaLineLoginAuthenticationEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A list of login authentication mechanisms for line."
    ::= { eltMesIssAaaLineConfig 1 }

eltMesIssAaaLineLoginAuthenticationEntry OBJECT-TYPE
    SYNTAX      EltMesIssAaaLineLoginAuthenticationEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
      "An entry containing login authentication mechanism for line."
    INDEX { eltMesIssAaaLineLoginAuthenticationLineType }
    ::= { eltMesIssAaaLineLoginAuthenticationTable 1 }

EltMesIssAaaLineLoginAuthenticationEntry ::=  SEQUENCE {
        eltMesIssAaaLineLoginAuthenticationLineType
            EltMesIssAaaLineType,
        eltMesIssAaaLineLoginMethodListName
            DisplayString
    }

eltMesIssAaaLineLoginAuthenticationLineType OBJECT-TYPE
    SYNTAX      EltMesIssAaaLineType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Line type."
    ::= { eltMesIssAaaLineLoginAuthenticationEntry 1 }

eltMesIssAaaLineLoginMethodListName OBJECT-TYPE
    SYNTAX      DisplayString (SIZE(3..20))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Login authentication name of the list of methods for line."
    ::= { eltMesIssAaaLineLoginAuthenticationEntry 2 }

eltMesIssAaaLineEnableAuthenticationTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EltMesIssAaaLineEnableAuthenticationEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A list of enable authentication mechanisms for line."
    ::= { eltMesIssAaaLineConfig 2 }

eltMesIssAaaLineEnableAuthenticationEntry OBJECT-TYPE
    SYNTAX      EltMesIssAaaLineEnableAuthenticationEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
      "An entry containing enable authentication mechanism for line."
    INDEX { eltMesIssAaaLineEnableAuthenticationLineType }
    ::= { eltMesIssAaaLineEnableAuthenticationTable 1 }

EltMesIssAaaLineEnableAuthenticationEntry ::=
    SEQUENCE {
        eltMesIssAaaLineEnableAuthenticationLineType
            EltMesIssAaaLineType,
        eltMesIssAaaLineEnableMethodListName
            DisplayString
    }

eltMesIssAaaLineEnableAuthenticationLineType OBJECT-TYPE
    SYNTAX      EltMesIssAaaLineType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Line type."
    ::= { eltMesIssAaaLineEnableAuthenticationEntry 1 }

eltMesIssAaaLineEnableMethodListName OBJECT-TYPE
    SYNTAX      DisplayString (SIZE(3..20))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Enable authentication name of the list of methods for line."
    ::= { eltMesIssAaaLineEnableAuthenticationEntry 2 }

eltMesIssAaaLineIdleTimeoutTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EltMesIssAaaLineIdleTimeoutEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A list of idle timeout configuration for line"
    ::= { eltMesIssAaaLineConfig 3 }

eltMesIssAaaLineIdleTimeoutEntry OBJECT-TYPE
   SYNTAX      EltMesIssAaaLineIdleTimeoutEntry
   MAX-ACCESS  not-accessible
   STATUS      current
   DESCRIPTION
      "An entry containing idle timeout for line."
   INDEX { eltMesIssAaaLineIdleTimeoutLineType }
   ::= { eltMesIssAaaLineIdleTimeoutTable 1 }

EltMesIssAaaLineIdleTimeoutEntry ::=
    SEQUENCE {
        eltMesIssAaaLineIdleTimeoutLineType
            EltMesIssAaaLineType,
        eltMesIssLineIdleTimeout
            Unsigned32
    }

eltMesIssAaaLineIdleTimeoutLineType OBJECT-TYPE
    SYNTAX      EltMesIssAaaLineType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Line type."
    ::= { eltMesIssAaaLineIdleTimeoutEntry 1 }

eltMesIssLineIdleTimeout OBJECT-TYPE
    SYNTAX      Unsigned32 (1..18000)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Idle timeout for line."
    DEFVAL  { 1800 }
    ::= { eltMesIssAaaLineIdleTimeoutEntry 2 }

-- ========================================================================== --
--                         WEB authentication config                          --
-- ========================================================================== --

eltMesIssAaaWebLoginMethodListName OBJECT-TYPE
    SYNTAX      DisplayString (SIZE(3..20))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Login authentication name of the list of methods for WEB."
    ::= { eltMesIssAaaWebConfig 1 }

-- ========================================================================== --
--                  Commands Authorization Rule Global table                  --
-- ========================================================================== --

eltMesIssAaaCommandAuthorizationTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EltMesIssAaaCommandAuthorizationEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A list of command authorization mechanisms per privilege level."
    ::= { eltMesIssAaaGlobalConfig 4 }

eltMesIssAaaCommandAuthorizationEntry OBJECT-TYPE
   SYNTAX      EltMesIssAaaCommandAuthorizationEntry
   MAX-ACCESS  not-accessible
   STATUS      current
   DESCRIPTION
      "An entry containing command authorization mechanism per privilege level."
   INDEX { eltMesIssAaaCommandAuthorizationPrivilege }
   ::= { eltMesIssAaaCommandAuthorizationTable 1 }

EltMesIssAaaCommandAuthorizationEntry ::=
    SEQUENCE {
        eltMesIssAaaCommandAuthorizationPrivilege
            Unsigned32 (1..15),
        eltMesIssAaaCommandAuthorizationMethod
            EltMesIssAaaAuthorizationMethod
    }

eltMesIssAaaCommandAuthorizationPrivilege OBJECT-TYPE
    SYNTAX      Unsigned32 (1..15)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "User privilege level."
    ::= { eltMesIssAaaCommandAuthorizationEntry 1 }

eltMesIssAaaCommandAuthorizationMethod OBJECT-TYPE
    SYNTAX      EltMesIssAaaAuthorizationMethod
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Authorization method for privilege."
    DEFVAL  { local }
    ::= { eltMesIssAaaCommandAuthorizationEntry 2 }

-- ========================================================================== --
--                    Commands Authorization Rule per line                    --
-- ========================================================================== --

eltMesIssAaaLineCommandAuthorizationTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EltMesIssAaaLineCommandAuthorizationEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A list of command authorization mechanisms for line."
    ::= { eltMesIssAaaLineConfig 4 }

eltMesIssAaaLineCommandAuthorizationEntry OBJECT-TYPE
    SYNTAX      EltMesIssAaaLineCommandAuthorizationEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An entry containing command authorization mechanism for line."
    INDEX { eltMesIssAaaLineCommandAuthorizationLineType }
    ::= { eltMesIssAaaLineCommandAuthorizationTable 1 }

EltMesIssAaaLineCommandAuthorizationEntry ::=
    SEQUENCE {
        eltMesIssAaaLineCommandAuthorizationLineType
            EltMesIssAaaLineType,
        eltMesIssAaaLineCommandAuthorizationMethod
            EltMesIssAaaAuthorizationMethod
    }

eltMesIssAaaLineCommandAuthorizationLineType OBJECT-TYPE
    SYNTAX      EltMesIssAaaLineType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Line type."
    ::= { eltMesIssAaaLineCommandAuthorizationEntry 1 }

eltMesIssAaaLineCommandAuthorizationMethod OBJECT-TYPE
    SYNTAX      EltMesIssAaaAuthorizationMethod
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Authorization method for line."
    DEFVAL  { global }
    ::= { eltMesIssAaaLineCommandAuthorizationEntry 2 }

-- ========================================================================== --
--                             TACACS attributes                              --
-- ========================================================================== --

eltMesIssAaaTacacsAttrPortConfigTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EltMesIssAaaTacacsAttrPortConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A list of TACACS attributes configuring mechanism."
    ::= { eltMesIssAaaTacacsAttrConfig 1 }

eltMesIssAaaTacacsAttrPortConfigEntry OBJECT-TYPE
   SYNTAX      EltMesIssAaaTacacsAttrPortConfigEntry
   MAX-ACCESS  not-accessible
   STATUS      current
   DESCRIPTION
      "An entry containing TACACS attributes configuring
      mechanism."
   INDEX { eltMesIssAaaTacacsAttrPortLineType }
   ::= { eltMesIssAaaTacacsAttrPortConfigTable 1 }

EltMesIssAaaTacacsAttrPortConfigEntry ::=
    SEQUENCE {
        eltMesIssAaaTacacsAttrPortLineType
            EltMesIssAaaLineType,
        eltMesIssAaaTacacsAttrPortFormat
            OCTET STRING
    }

eltMesIssAaaTacacsAttrPortLineType OBJECT-TYPE
    SYNTAX      EltMesIssAaaLineType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Line type."
    ::= { eltMesIssAaaTacacsAttrPortConfigEntry 1 }

eltMesIssAaaTacacsAttrPortFormat OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..255))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "User defined string to use as port attribute
        in TACACS packets. Specify port
        string template:
             <%n: line session index>,
             <%%: single %>."
    ::= { eltMesIssAaaTacacsAttrPortConfigEntry 2 }

-- ========================================================================== --
--                               Notifications                                --
-- ========================================================================== --

eltMesIssAaaUserTrap NOTIFICATION-TYPE
    OBJECTS   { mcTrapDescr }
    STATUS current
    DESCRIPTION
        "A eltMesIssAaaUserTrap is generated when user
         connects/rejects/disconnects from the session."
    ::= { eltMesIssAaaNotificationsPrefix 1 }

END

