diff options
| author | David Leutgeb <david.leutgeb@mannundmouse.com> | 2023-12-05 12:25:34 +0100 |
|---|---|---|
| committer | David Leutgeb <david.leutgeb@mannundmouse.com> | 2023-12-05 12:25:34 +0100 |
| commit | 98a672123c7872f6b9b75a9a2b6bb3aea504de6a (patch) | |
| tree | 9b13bd7f563c3198047bd359195327cf28b3caf0 /MIBS/siae/SIAE-USER-MIB | |
| download | mibs-main.tar.gz mibs-main.zip | |
Diffstat (limited to 'MIBS/siae/SIAE-USER-MIB')
| -rw-r--r-- | MIBS/siae/SIAE-USER-MIB | 664 |
1 files changed, 664 insertions, 0 deletions
diff --git a/MIBS/siae/SIAE-USER-MIB b/MIBS/siae/SIAE-USER-MIB new file mode 100644 index 0000000..97f78fc --- /dev/null +++ b/MIBS/siae/SIAE-USER-MIB @@ -0,0 +1,664 @@ +-- ---------------------------------------------------------------------------- +-- +-- SIAE MICROELETTRONICA s.p.a. +-- +-- Via Michelangelo Buonarroti, 21 +-- 20093 - Cologno Monzese +-- Milano +-- ITALY +-- +-- ---------------------------------------------------------------------------- +-- ---------------------------------------------------------------------------- + +SIAE-USER-MIB + DEFINITIONS ::= BEGIN + + IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, + IpAddress + FROM SNMPv2-SMI + DisplayString, + RowStatus, + StorageType + FROM SNMPv2-TC + SnmpAdminString + FROM SNMP-FRAMEWORK-MIB + siaeMib + FROM SIAE-TREE-MIB; + + accessControl MODULE-IDENTITY + LAST-UPDATED "201609170000Z" + ORGANIZATION "SIAE MICROELETTRONICA spa" + CONTACT-INFO + "SIAE MICROELETTONICA s.p.a. + Via Michelangelo Buonarroti, 21 + 20093 - Cologno Monzese + Milano - ITALY + Phone : +39-02-27325-1 + E-mail: tbd@siaemic.com + " + DESCRIPTION + "User privileges and credentials for SIAE equipment access + control. + " + REVISION "201609170000Z" + DESCRIPTION + "Added accessControlExtLoginTable. + " + REVISION "201404080000Z" + DESCRIPTION + "Introduced accessControlGroupTelnet leaf + Fixed IMPORTS clause + " + REVISION "201402030000Z" + DESCRIPTION + "Improved description of accessControlMibVersion + " + REVISION "201304160000Z" + DESCRIPTION + "Initial version 01.00.00 + " + ::= { siaeMib 5 } + +------------------------------------------------------------------------------ +-- accessControl GROUP +------------------------------------------------------------------------------ +-- +-- This MIB defines the objects to access the system: users and groups. +-- Each user belongs to a group that identifies the access privileges to all +-- available protocols. A login table shows the users logged in the system. +-- AccessControlClientTable defines the client credentials to use a given +-- service. +-- +-- +------------------------------------------------------------------------------ + +------ Beginning ------------------------------------------------------------- + + accessControlMibVersion OBJECT-TYPE + SYNTAX INTEGER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Numerical version of this module. + The string version of this MIB have the following format: + XX.YY.ZZ + so, for example, the value 1 should be interpreted as 00.00.01 + and the value 10001 should be interpreted as 01.00.01." + DEFVAL {1} + ::= {accessControl 1} + +------- Begin of accessControlGroupTable +-- + accessControlGroupTable OBJECT-TYPE + SYNTAX SEQUENCE OF AccessControlGroupRecord + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Table with Group records." + ::= {accessControl 2} + + accessControlGroupRecord OBJECT-TYPE + SYNTAX AccessControlGroupRecord + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Group record. At most 10 records can be present in + accessControlGroupTable." + INDEX {accessControlGroupName} + ::= {accessControlGroupTable 1} + + AccessControlGroupRecord ::= + SEQUENCE { + accessControlGroupName SnmpAdminString, + accessControlGroupProfile INTEGER, + accessControlGroupHttp INTEGER, + accessControlGroupHttps INTEGER, + accessControlGroupSnmp INTEGER, + accessControlGroupFtp INTEGER, + accessControlGroupSftp INTEGER, + accessControlGroupSsh INTEGER, + accessControlGroupRowStatus RowStatus, + accessControlGroupCli INTEGER + } + + accessControlGroupName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(1..31)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "ASCII string identifying the Group, used as index for the table." + ::= {accessControlGroupRecord 1} + + accessControlGroupProfile OBJECT-TYPE + SYNTAX INTEGER { + admin (1), + readwrite (2), + maintenance (3), + readonly (4) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object defines the group access privileges. 'Admin' profile can + read and write all MIB, 'readwrite' profile can write all MIB leaves + but it can not manage users, 'maintenance' profile can do only manual + operations, while 'readonly' can only perform get operations." + ::= {accessControlGroupRecord 2} + + accessControlGroupHttp OBJECT-TYPE + SYNTAX INTEGER { + deny (1), + allow (2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object allows or denies a given group using http protocol + for WebLct to access equipment." + ::= {accessControlGroupRecord 3} + + accessControlGroupHttps OBJECT-TYPE + SYNTAX INTEGER { + deny (1), + allow (2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object allows or denies a given group using https protocol + for WebLct to access equipment." + ::= {accessControlGroupRecord 4} + + accessControlGroupSnmp OBJECT-TYPE + SYNTAX INTEGER { + deny (1), + allowV1 (2), + allowV2c (3), + allowV3 (4) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object allows or denies a given group using snmp + protocol to access network equipment. If snmp protocol + is enabled, it is possible to choose between V1, V2c + and V3 versions of snmp." + ::= {accessControlGroupRecord 5} + + accessControlGroupFtp OBJECT-TYPE + SYNTAX INTEGER { + deny (1), + allow (2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object allows or denies a given group using ftp + protocol." + ::= {accessControlGroupRecord 6} + + accessControlGroupSftp OBJECT-TYPE + SYNTAX INTEGER { + deny (1), + allow (2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object allows or denies a given group using sftp + protocol." + ::= {accessControlGroupRecord 7} + + accessControlGroupSsh OBJECT-TYPE + SYNTAX INTEGER { + deny (1), + allow (2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object allows or denies a given group using ssh + protocol." + ::= {accessControlGroupRecord 8} + + accessControlGroupRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is used to manage a row in accessControlGroupTable." + ::= {accessControlGroupRecord 9} + + accessControlGroupCli OBJECT-TYPE + SYNTAX INTEGER { + deny (1), + allow (2) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object allows or denies a given group using both cli through + serial port and remote cli (telnet). Only 'admin' profile is + allowed to use cli and can execute all commands." + ::= {accessControlGroupRecord 10} + +-- +------- End of accessControlGroupTable + +-- +------- The following table defines the users of the equipment, +------- connected to the group table. + +------- Begin of accessControlUserTable +-- + accessControlUserTable OBJECT-TYPE + SYNTAX SEQUENCE OF AccessControlUserRecord + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Table with User records. At most 10 records can be present in + accessControlUserTable." + ::= {accessControl 3} + + accessControlUserRecord OBJECT-TYPE + SYNTAX AccessControlUserRecord + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "User record." + INDEX {accessControlUserName} + ::= {accessControlUserTable 1} + + AccessControlUserRecord ::= + SEQUENCE { + accessControlUserName SnmpAdminString, + accessControlUserGroupName SnmpAdminString, + accessControlUserPwd DisplayString, + accessControlUserSnmpAuthProt INTEGER, + accessControlUserSnmpAuthKey OCTET STRING, + accessControlUserSnmpPrivProt INTEGER, + accessControlUserSnmpPrivKey OCTET STRING, + accessControlUserTimeout INTEGER, + accessControlUserRowStatus RowStatus + } + + accessControlUserName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(1..31)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "ASCII string identifying the user." + ::= {accessControlUserRecord 1} + + accessControlUserGroupName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(1..31)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object specifies which group this user belongs to. + It must refers to an entry of accessControlGroupTable." + ::= {accessControlUserRecord 2} + + accessControlUserPwd OBJECT-TYPE + SYNTAX DisplayString (SIZE(1..31)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object specifies the login password of the specified + user." + ::= {accessControlUserRecord 3} + + accessControlUserSnmpAuthProt OBJECT-TYPE + SYNTAX INTEGER { + noAuth (1), + md5 (2), + sha (3) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is used to set the user authentication protocol + if the related group can use snmp protocol." + ::= {accessControlUserRecord 4} + + accessControlUserSnmpAuthKey OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object specifies the user authentication key if + the related group can use snmpv3 protocol." + ::= {accessControlUserRecord 5} + + accessControlUserSnmpPrivProt OBJECT-TYPE + SYNTAX INTEGER { + noPriv (1), + des (2), + aes (3) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is used to set the user cipher protocol if + the related group can use snmp protocol." + ::= {accessControlUserRecord 6} + + accessControlUserSnmpPrivKey OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(0..127)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object specifies the user cipher key if the related + group can use snmpv3 protocol." + ::= {accessControlUserRecord 7} + + accessControlUserTimeout OBJECT-TYPE + SYNTAX INTEGER (0..3600) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object defines the user timeout after login operation. + Zero timeout means no timeout." + DEFVAL {300} + ::= {accessControlUserRecord 8} + + accessControlUserRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is used to manage an instance in accessControlUserTable." + ::= {accessControlUserRecord 9} + +-- +------- End of accessControlUserTable + +-- +------- The following table defines the users logged in the system. + +------- Begin of accessControlLoginTable +-- + accessControlLoginTable OBJECT-TYPE + SYNTAX SEQUENCE OF AccessControlLoginRecord + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Table with Login records. At most 4 users via WebLct, + 10 users via snmp and 10 users via cli can be logged + at the same time in the equipment." + ::= {accessControl 4} + + accessControlLoginRecord OBJECT-TYPE + SYNTAX AccessControlLoginRecord + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Login record. The create operation is performed by setting + accessControlLoginPwd object." + INDEX {accessControlLoginIpAddress, + accessControlLoginUserName, + accessControlLoginType} + ::= {accessControlLoginTable 1} + + AccessControlLoginRecord ::= + SEQUENCE { + accessControlLoginUserName SnmpAdminString, + accessControlLoginIpAddress IpAddress, + accessControlLoginRequest INTEGER, + accessControlLoginTrapEnable INTEGER, + accessControlLoginType INTEGER, + accessControlLoginPwd OCTET STRING, + accessControlLoginPolling INTEGER + } + + accessControlLoginUserName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(1..31)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object defines the name of the logged user." + ::= {accessControlLoginRecord 1} + + accessControlLoginIpAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object defines the IP address of the logged user." + ::= {accessControlLoginRecord 2} + + accessControlLoginRequest OBJECT-TYPE + SYNTAX INTEGER { + noAction (1), + logout (2), + forcelogout (3) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object is used to do logout or to force logout + of other users. Only users with 'admin' profile can + force logout." + ::= {accessControlLoginRecord 3} + + accessControlLoginTrapEnable OBJECT-TYPE + SYNTAX INTEGER { + disable (1), + enable (2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object enables/disables trap receiver for a + given user." + DEFVAL {disable} + ::= {accessControlLoginRecord 4} + + accessControlLoginType OBJECT-TYPE + SYNTAX INTEGER { + web (1), + snmp (2), + cli (3) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object identifies login type." + ::= {accessControlLoginRecord 5} + + accessControlLoginPwd OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(1..31)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object is used to create a row in the table. It + must correspond to the user password defined in + accessControlUserTable." + ::= {accessControlLoginRecord 6} + + accessControlLoginPolling OBJECT-TYPE + SYNTAX INTEGER { + polling (1) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object is used to refresh the timeout of the related instance + of the table. To keep user logged in, manager must read this object + before the end of accessControlUserTimeout. For cli users execution + of cli commands refreshes timeout." + ::= {accessControlLoginRecord 7} + +-- +------- End of accessControlLoginTable + +-- +------- The following table defines the user credentials required to access +------- FTP and SFTP services. + +------- Begin of accessControlClientTable +-- + accessControlClientTable OBJECT-TYPE + SYNTAX SEQUENCE OF AccessControlClientRecord + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Table with records that show client credentials to + access FTP and SFTP services." + ::= {accessControl 5} + + accessControlClientRecord OBJECT-TYPE + SYNTAX AccessControlClientRecord + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Client credentials record for a given user." + INDEX {accessControlClientService} + ::= {accessControlClientTable 1} + + AccessControlClientRecord ::= + SEQUENCE { + accessControlClientService INTEGER, + accessControlClientServiceStatus INTEGER, + accessControlClientName SnmpAdminString, + accessControlClientPwd SnmpAdminString, + accessControlClientStorageType StorageType, + accessControlClientRowStatus RowStatus + } + + accessControlClientService OBJECT-TYPE + SYNTAX INTEGER { + ftp (1), + sftp (2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is used to identify the service that a given user + can access as client." + ::= {accessControlClientRecord 1} + + accessControlClientServiceStatus OBJECT-TYPE + SYNTAX INTEGER { + disable (1), + enable (2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is used to enable/disable the FTP/SFTP client + on the equipment. If both clients are enabled, SFTP client + is adopted." + ::= {accessControlClientRecord 2} + + accessControlClientName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(1..31)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "ASCII string identifying the client name." + DEFVAL {""} + ::= {accessControlClientRecord 3} + + accessControlClientPwd OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(1..31)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "ASCII string identifying the client password." + DEFVAL {""} + ::= {accessControlClientRecord 4} + + accessControlClientStorageType OBJECT-TYPE + SYNTAX StorageType + MAX-ACCESS read-create + STATUS current + DESCRIPTION "The storage type for this conceptual row. + " + DEFVAL {nonVolatile} + ::= {accessControlClientRecord 5} + + accessControlClientRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this conceptual row." + ::= {accessControlClientRecord 6} + +-- +------- End of accessControlClientTable + + +-- +------- The following table augments accessControlLoginTable +------- to show additional information about logged users. + +------- Begin of accessControlExtLoginTable +-- + + accessControlExtLoginTable OBJECT-TYPE + SYNTAX SEQUENCE OF AccessControlExtLoginRecord + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table that contains additional information about + every user that is logged into the equipment." + ::= { accessControl 6 } + + accessControlExtLoginRecord OBJECT-TYPE + SYNTAX AccessControlExtLoginRecord + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Additional information record for a given logged + user." + AUGMENTS { accessControlLoginRecord } + ::= { accessControlExtLoginTable 1 } + + AccessControlExtLoginRecord ::= + SEQUENCE{ + accessControlExtLoginProfile INTEGER, + accessControlExtLoginAuthMode INTEGER + } + + accessControlExtLoginProfile OBJECT-TYPE + SYNTAX INTEGER { + admin (1), + readwrite (2), + maintenance (3), + readonly (4) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object defines the access privileges associated to logged user. + 'Admin' profile can read and write all MIB, 'readwrite' profile can + write all MIB leaves but it can not manage users, 'maintenance' can + do only manual operations, while 'readonly' can only perform get + operations. In case of local authentication, the user profile is found + in local database, while, if authentication is remote, the profile is + assigned by remote server." + ::= { accessControlExtLoginRecord 1 } + + accessControlExtLoginAuthMode OBJECT-TYPE + SYNTAX INTEGER { + local (1), + remote (2) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object shows if logged user has been authenticated locally or by remote + server (i.e RADIUS, TACACS, etc...)." + ::= { accessControlExtLoginRecord 2 } + +-- +------- End of accessControlExtLoginTable + + +------ End group ------------------------------------------------------------- + +END + |