ZTE-AN-ACCESS-CTRL-AAA-MIB DEFINITIONS ::= BEGIN

    IMPORTS
        MODULE-IDENTITY, OBJECT-TYPE, Integer32     FROM SNMPv2-SMI
        RowStatus,DisplayString,
        TEXTUAL-CONVENTION                          FROM SNMPv2-TC
        InetAddress,InetAddressType                 FROM INET-ADDRESS-MIB
        zxAn                                        FROM ZTE-AN-TC-MIB;

    zxAnAccessCtrlAaaMib MODULE-IDENTITY
        LAST-UPDATED    "201211071000Z"
        ORGANIZATION    "ZTE Corporation"
        CONTACT-INFO    "ZTE shanghai software development dept.III 
                         Zhang Jianjun  021-68897226 "
        DESCRIPTION     "This MIB defines managed objects of ZTE AAA 
                         management."
        REVISION        "201211071000Z"    -- November 07, 2012 at 10:00 GMT
        DESCRIPTION     "Initial version of this MIB module."
        ::= { zxAn 90 }
                 
    zxAnAaaAuthenticationObjects   
                                OBJECT IDENTIFIER ::= { zxAnAccessCtrlAaaMib 2 }
    zxAnAaaAuthorizationObjects OBJECT IDENTIFIER ::= { zxAnAccessCtrlAaaMib 3 }   
    zxAnAaaAccountingObjects    OBJECT IDENTIFIER ::= { zxAnAccessCtrlAaaMib 4 }

--------------------------------------------------------------------------------
-- Textual Conventions
--------------------------------------------------------------------------------

    ZxAnAaaAuthenMethodPriority ::= TEXTUAL-CONVENTION
        STATUS      current
        DESCRIPTION
            "This is the priority order of an authentication method to be used 
             in user authentication for a session. At start up, the agent 
             assigns the value of this object. Later this can be changed by the 
             management station. This object reflects the relative priority of 
             the authentication method denoted by zxAnAaaAuthenLocalPriority and
             zxAnAaaAuthenTacacsplusPriority with respect to already configured 
             authentication methods. 
             
             The zero value indicates that the priority is not set and that the 
             authentication methods are applied in ascending order. Each object 
             must contain a unique value for priority or zero. In the case when 
             a priority is set for a value that is already used by existing 
             object the existing object's priority will be swapped."
        SYNTAX      Integer32(0..2)
        
    ZxAnAaaAuthorMethodPriority ::= TEXTUAL-CONVENTION
        STATUS      current
        DESCRIPTION
            "This is the priority order of an authorization method to be used 
             in user authorization for a session. At start up, the agent 
             assigns the value of this object. Later this can be changed by the 
             management station. This object reflects the relative priority of 
             the authorization method denoted by zxAnAaaAuthorLocalPriority and
             zxAnAaaAuthorTacacsplusPriority with respect to already configured 
             authorization methods. 
             
             The zero value indicates that the priority is not set and that the 
             authorization methods are applied in ascending order. Each object 
             must contain a unique value for priority or zero. In the case when 
             a priority is set for a value that is already used by existing 
             object the existing object's priority will be swapped."
        SYNTAX      Integer32(0..2)
    
--------------------------------------------------------------------------------
-- Following objects are defined.
-- 1.  AAA Global Configuration 
-- 2.  AAA Authentication Objects
-- 2.1 AAA Authentication Global Objects
-- 2.2 AAA Authentication Session Table
-- 2.3 AAA Authentication Login Table
-- 3.  AAA Authorization Objects
-- 3.1 AAA Authorization Global Objects
-- 3.2 AAA Authorization Session Table
-- 4.  AAA Accounting Objects
--------------------------------------------------------------------------------   
   
--------------------------------------------------------------------------------
-- 1.  AAA Global Configuration 
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
-- 2.  AAA Authentication Objects
--------------------------------------------------------------------------------

    zxAnAaaAuthenGlobalObjects 
        OBJECT IDENTIFIER ::= { zxAnAaaAuthenticationObjects 1 }
      
--------------------------------------------------------------------------------
-- 2.1 AAA Authentication Global Objects
--------------------------------------------------------------------------------
        
    zxAnAaaAuthenLocalPriority  OBJECT-TYPE
        SYNTAX      ZxAnAaaAuthenMethodPriority
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The local authentication method priority."
        DEFVAL { 0 }
        ::= { zxAnAaaAuthenGlobalObjects 1 }
        
    zxAnAaaAuthenTacacsplusPriority  OBJECT-TYPE
        SYNTAX      ZxAnAaaAuthenMethodPriority
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The TACACS+ authentication method priority."
        DEFVAL { 0 }
        ::= { zxAnAaaAuthenGlobalObjects 2 }

    zxAnAaaAuthenNoAuthenMethodEn  OBJECT-TYPE
        SYNTAX      INTEGER
        {
            enabled(1),
            disabled(2)
        }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "Enable or disable the no authentication method.
             enabled(1)  - Use no authentication as the last method.
             disabled(2) - Don't use no authentication method.

             This object must be set with zxAnAaaAuthenLocalPriority, 
             zxAnAaaAuthenTacacsplusPriority at the same time."
        DEFVAL { disabled }
        ::= { zxAnAaaAuthenGlobalObjects 3 }
        
    zxAnAaaAuthenTacacsplusGroupName  OBJECT-TYPE
        SYNTAX      DisplayString(SIZE(0..32))
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The tacacs plus authentication group name.
             
             If zxAnAaaAuthenTacacsplusPriority is zero(0), 
             zxAnAaaAuthenTacacsplusGroupName should be empty string.
             If the value of zxAnAaaAuthenTacacsplusPriority is not zero(0),
             zxAnAaaAuthenTacacsplusGroupName must be set with 
             zxAnAaaAuthenTacacsplusPriority at the same time."
        ::= { zxAnAaaAuthenGlobalObjects 4 }

--------------------------------------------------------------------------------
-- 2.2 AAA Authentication Session Table
--------------------------------------------------------------------------------
    
    zxAnAaaAuthenticationSession OBJECT IDENTIFIER 
                                 ::= { zxAnAaaAuthenticationObjects 2 }
    
    zxAnAaaAuthenSessionTable  OBJECT-TYPE
        SYNTAX      SEQUENCE OF ZxAnAaaAuthenSessionEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION 
            "Authentication session table."
        ::= { zxAnAaaAuthenticationSession 2 }

    zxAnAaaAuthenSessionEntry  OBJECT-TYPE
        SYNTAX      ZxAnAaaAuthenSessionEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION 
            "Authentication session table entry."
        INDEX  { zxAnAaaAuthenSessionType }
        ::= { zxAnAaaAuthenSessionTable 1 }
        
    ZxAnAaaAuthenSessionEntry ::= SEQUENCE {
        zxAnAaaAuthenSessionType        INTEGER,        
        zxAnAaaAuthenSessionMethod      INTEGER,
        zxAnAaaAuthenSessionRadiusGrpId Integer32,
        zxAnAaaAuthenSessionRowStatus   RowStatus
        }
    
    zxAnAaaAuthenSessionType  OBJECT-TYPE
        SYNTAX      INTEGER  
        { 
            telnet(1),
            ssh(2)
        } 
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "This is the session type used to connect to the device.
            
             telnet(1) indicates telnet session.
             ssh(2) indicates SSH session."
        ::= { zxAnAaaAuthenSessionEntry 1 }
        
    zxAnAaaAuthenSessionMethod  OBJECT-TYPE
        SYNTAX      INTEGER  
        { 
            local(1),
            tacacsPlus(2),
            radius(3)
        } 
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "This is the authentication method used to authenticate users.
            
             local(1) indicates that local password is used for authentication. 
             Which password is used depend on what login mode users specified. 
             tacacsPlus(2) indicates that TACACS+ method is used for 
             authentication.
             radius(3) indicates that RADIUS method is used for authentication."
        DEFVAL { local }
        ::= { zxAnAaaAuthenSessionEntry 2 }

    zxAnAaaAuthenSessionRadiusGrpId  OBJECT-TYPE
        SYNTAX      Integer32(0..10)
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The RADIUS group ID. 
             When zxAnAaaAuthenMethod is radius(3), this object must be set at
             the same time.
             
             Value 0 means RADIUS group ID is not configured."
        DEFVAL { 0 } 
        ::= { zxAnAaaAuthenSessionEntry 3 }
            
    zxAnAaaAuthenSessionRowStatus  OBJECT-TYPE
        SYNTAX      RowStatus
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION     
            "The status of this conceptual row.
            
            The supported actions of this conceptual row only include:
            'createAndGo' and 'destroy'.

            To create a row in this table, a manager must set this object to 
            createAndGo(4), and must comply with the multi-variables binding 
            rule described in zxAnAaaAuthenSessionEntry.
    
            To delete a row in this table, a manager must set this object to 
            destroy(6). 
             
            To get this object, the agent always returns active(1)."
        ::= { zxAnAaaAuthenSessionEntry 50 }

--------------------------------------------------------------------------------
-- 2.3 AAA Authentication Login Table
--------------------------------------------------------------------------------

    zxAnAaaAuthenticaitonLogin  OBJECT IDENTIFIER  ::=  
                                { zxAnAaaAuthenticationObjects 3 } 
 
    zxAnAaaAuthenLoginTable  OBJECT-TYPE
        SYNTAX      SEQUENCE OF ZxAnAaaAuthenLoginEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION 
            "Login mode authentication table."
        REFERENCE 
            "Used by MAP."
        ::= { zxAnAaaAuthenticaitonLogin 2 }

    zxAnAaaAuthenLoginEntry  OBJECT-TYPE
        SYNTAX      ZxAnAaaAuthenLoginEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION 
            "Login mode authentication table entry."
        INDEX  
        { 
            zxAnAaaAuthenLoginMode 
        }
        ::= { zxAnAaaAuthenLoginTable 1 }
        
    ZxAnAaaAuthenLoginEntry ::= SEQUENCE {
        zxAnAaaAuthenLoginMode           INTEGER,        
        zxAnAaaAuthenLoginLocalPri       ZxAnAaaAuthenMethodPriority,
        zxAnAaaAuthenLoginTacacsplusPri  ZxAnAaaAuthenMethodPriority,
        zxAnAaaAuthenLoginNoAuthMethodEn INTEGER,
        zxAnAaaAuthenLoginTacplusGrpName DisplayString,
        zxAnAaaAuthenLoginRowStatus      RowStatus
        }
        
    zxAnAaaAuthenLoginMode  OBJECT-TYPE
        SYNTAX      INTEGER  
        { 
            login(1),
            enable(2)
        }
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "This is the login mode user used to login to the network device.
 
             login(1) indicates the normal mode.
             enable(2) indicates the privileged mode."  
        ::= { zxAnAaaAuthenLoginEntry 1 }
        
    zxAnAaaAuthenLoginLocalPri  OBJECT-TYPE
        SYNTAX      ZxAnAaaAuthenMethodPriority
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The local authentication method priority."
        DEFVAL { 0 }  
        ::= { zxAnAaaAuthenLoginEntry 2 }
        
    zxAnAaaAuthenLoginTacacsplusPri  OBJECT-TYPE
        SYNTAX      ZxAnAaaAuthenMethodPriority
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The TACACS+ authentication method priority."
        DEFVAL { 0 } 
        ::= { zxAnAaaAuthenLoginEntry 3 }
        
    zxAnAaaAuthenLoginNoAuthMethodEn  OBJECT-TYPE
        SYNTAX      INTEGER
        {
            enabled(1),
            disabled(2)
        }
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "Enable or disable the none authentication method.
             enabled(1)  - Use none authentication as the last method.
             disabled(2) - Don't use none authentication method."
        DEFVAL { disabled } 
        ::= { zxAnAaaAuthenLoginEntry 4 }
        
    zxAnAaaAuthenLoginTacplusGrpName  OBJECT-TYPE
        SYNTAX      DisplayString(SIZE(0..32))
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The TACACS+ authentication group name. 
            
             If zxAnAaaAuthenLoginTacacsplusPri is zero(0), 
             zxAnAaaAuthenLoginTacplusGrpName should be empty string.
             If the value of zxAnAaaAuthenLoginTacacsplusPri is not zero(0),
             zxAnAaaAuthenLoginTacplusGrpName must be set with 
             zxAnAaaAuthenLoginTacacsplusPri at the same time."
        ::= { zxAnAaaAuthenLoginEntry 5 }
       
    zxAnAaaAuthenLoginRowStatus  OBJECT-TYPE
        SYNTAX      RowStatus
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION     
            "The status of this conceptual row.
            
            The supported actions of this conceptual row only include:
            'createAndGo' and 'destroy'.

            To create a row in this table, a manager must set this object to 
            createAndGo(4), and must comply with the multi-variables binding 
            rule described in zxAnAaaAuthenLoginEntry.
    
            To delete a row in this table, a manager must set this object to 
            destroy(6). 
             
            To get this object, the agent always returns active(1)."
        ::= { zxAnAaaAuthenLoginEntry 50 }  
        
--------------------------------------------------------------------------------
-- 3.  AAA Authorization Objects
--------------------------------------------------------------------------------
    
--------------------------------------------------------------------------------
-- 3.1 AAA Authorization Global Objects
--------------------------------------------------------------------------------
    
    zxAnAaaAuthorGlobalObjects OBJECT IDENTIFIER  ::=  
                                 { zxAnAaaAuthorizationObjects 1 }

    zxAnAaaAuthorLocalPriority  OBJECT-TYPE
        SYNTAX      ZxAnAaaAuthorMethodPriority
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The local authorization method priority."
        DEFVAL { 0 }
        ::= { zxAnAaaAuthorGlobalObjects 1 }

    zxAnAaaAuthorTacacsplusPriority  OBJECT-TYPE
        SYNTAX      ZxAnAaaAuthorMethodPriority
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The TACACS+ authorization method priority."
        DEFVAL { 0 }
        ::= { zxAnAaaAuthorGlobalObjects 2 }

    zxAnAaaAuthorNoAuthorMethodEn  OBJECT-TYPE
        SYNTAX      INTEGER
        {
            enabled(1),
            disabled(2)
        }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "Enable or disable the authorization method.
             enabled(1)  - Use none authorization as the last method.
             disabled(2) - Don't use none authorization method.
             
             This object must be set with zxAnAaaAuthorLocalPriority, 
             zxAnAaaAuthorTacacsplusPriority at the same time."
        DEFVAL { disabled }
        ::= { zxAnAaaAuthorGlobalObjects 3 }
        
    zxAnAaaAuthorTacacsplusGroupName  OBJECT-TYPE
        SYNTAX      DisplayString(SIZE(0..32))
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The name of TACACS+ authorization group name. 
            
             If zxAnAaaAuthorTacacsplusPriority is zero(0), 
             zxAnAaaAuthorTacacsplusGroupName should be empty string.
             If the value of zxAnAaaAuthorTacacsplusPriority is not zero(0),
             zxAnAaaAuthorTacacsplusGroupName must be set with 
             zxAnAaaAuthorTacacsplusPriority at the same time."
        ::= { zxAnAaaAuthorGlobalObjects 4 }

--------------------------------------------------------------------------------
-- 3.2 AAA Authorization Session Table
--------------------------------------------------------------------------------
    
    zxAnAaaAuthorizationSession OBJECT IDENTIFIER 
                                ::= { zxAnAaaAuthorizationObjects 3 }
    
    zxAnAaaAuthorSessionTable  OBJECT-TYPE
        SYNTAX      SEQUENCE OF ZxAnAaaAuthorSessionEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION 
            "Authorization session table."
        ::= { zxAnAaaAuthorizationSession 2 }

    zxAnAaaAuthorSessionEntry  OBJECT-TYPE
        SYNTAX      ZxAnAaaAuthorSessionEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION 
            "Authorization session table entry."
        INDEX  { zxAnAaaAuthorSessionType }
        ::= { zxAnAaaAuthorSessionTable 1 }
        
    ZxAnAaaAuthorSessionEntry ::= SEQUENCE {
        zxAnAaaAuthorSessionType            INTEGER,        
        zxAnAaaAuthorSessionMethod          INTEGER,
        zxAnAaaAuthorSessionSshMode         INTEGER,
        zxAnAaaAuthorSessionRowStatus       RowStatus
        }
    
    zxAnAaaAuthorSessionType  OBJECT-TYPE
        SYNTAX      INTEGER  
        { 
            telnet(1),
            ssh(2)
        } 
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "This is the session type used to connect to the device.
            
             telnet(1) indicates telnet session.
             ssh(2) indicates SSH session."
        ::= { zxAnAaaAuthorSessionEntry 1 }
        
    zxAnAaaAuthorSessionMethod  OBJECT-TYPE
        SYNTAX      INTEGER  
        { 
            local(1),
            tacacsPlus(2)
        } 
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "This is the authorization method used to authorize users.
            
             local(1) indicates that local password is used for authorization. 
             Which password is used depend on what login mode users specified. 
             tacacsPlus(2) indicates that TACACS+ method is used for 
             authorization."
        DEFVAL { local }
        ::= { zxAnAaaAuthorSessionEntry 2 }
        
    zxAnAaaAuthorSessionSshMode OBJECT-TYPE
        SYNTAX      INTEGER  
        { 
            nouse(1),
            chap(2),
            pap(3)
        } 
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "This object is used to control authorization mode when user login 
             from SSH."
        DEFVAL { chap }    
        ::= { zxAnAaaAuthorSessionEntry 3 }
            
    zxAnAaaAuthorSessionRowStatus  OBJECT-TYPE
        SYNTAX      RowStatus
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION     
            "The status of this conceptual row.
            
            The supported actions of this conceptual row only include:
            'createAndGo' and 'destroy'.

            To create a row in this table, a manager must set this object to 
            createAndGo(4), and must comply with the multi-variables binding 
            rule described in zxAnAaaAuthorSessionEntry.
    
            To delete a row in this table, a manager must set this object to 
            destroy(6). 
             
            To get this object, the agent always returns active(1). "
        ::= { zxAnAaaAuthorSessionEntry 50 }

--------------------------------------------------------------------------------
-- 4.  AAA Accounting Objects
--------------------------------------------------------------------------------
    
    zxAnAaaAccountPrivilege OBJECT IDENTIFIER 
                            ::= { zxAnAaaAccountingObjects 2 }
    
    zxAnAaaAccountPrivilegeTable  OBJECT-TYPE
        SYNTAX      SEQUENCE OF ZxAnAaaAccountPrivilegeEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION 
            "Accounting privilege table."
        ::= { zxAnAaaAccountPrivilege 2 }

    zxAnAaaAccountPrivilegeEntry  OBJECT-TYPE
        SYNTAX      ZxAnAaaAccountPrivilegeEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION 
            "Accounting privilege table entry."
        INDEX  
        { 
            zxAnAaaAccountUserPrivilege 
        }
        ::= { zxAnAaaAccountPrivilegeTable 1 }
        
    ZxAnAaaAccountPrivilegeEntry ::= SEQUENCE {
        zxAnAaaAccountUserPrivilege      Integer32,        
        zxAnAaaAccountTacacsplusGrpName  DisplayString,
        zxAnAaaAccountPrivilegeRowStatus RowStatus
        }
    
    zxAnAaaAccountUserPrivilege  OBJECT-TYPE
        SYNTAX      Integer32(1..15)
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "User privilege level."
        ::= { zxAnAaaAccountPrivilegeEntry 1 }
        
    zxAnAaaAccountTacacsplusGrpName  OBJECT-TYPE
        SYNTAX      DisplayString(SIZE(1..32)) 
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The TACACS+ group name."
        ::= { zxAnAaaAccountPrivilegeEntry 2 }

    zxAnAaaAccountPrivilegeRowStatus  OBJECT-TYPE
        SYNTAX      RowStatus
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION     
            "The status of this conceptual row.
            
            The supported actions of this conceptual row only include:
            'createAndGo' and 'destroy'.

            To create a row in this table, a manager must set this object to
            createAndGo(4), and must comply with the multi-variables binding
            rule described in zxAnAaaAccountPrivilegeEntry.
    
            To delete a row in this table, a manager must set this object to
            destroy(6). 
             
            To get this object, the agent always returns active(1)."
        ::= { zxAnAaaAccountPrivilegeEntry 50 }

END
