-- This file is corresponding to Release 9.1.10.101 from 2014/08/11 00:00:00


-- (C)opyright 1991-2014 bintec elmeg GmbH, All Rights Reserved
--  $RCSfile: mibsec,v $ 
-- $Revision: 1.55 $ 

BIANCA-BRICK-SEC-MIB DEFINITIONS ::= BEGIN
 
        IMPORTS
            Counter, enterprises
                FROM RFC1155-SMI

            DisplayString
                FROM RFC1158-MIB

	    BitValue, HexValue
		FROM BINTEC-MIB
 
            OBJECT-TYPE
                FROM RFC-1212;

    bintec 	OBJECT IDENTIFIER ::= { enterprises 272 }
    bintecsec 	OBJECT IDENTIFIER 
		::= { bintec 254 }
	biboAdmAdminCommunity OBJECT-TYPE
	    SYNTAX  DisplayString (SIZE (0..255))
	    ACCESS  read-write
	    STATUS  mandatory

	    DESCRIPTION
		"The Community name used for admin access"
	    DEFVAL { "bintec" }
	::= { bintecsec 1 }

	biboAdmReadCommunity OBJECT-TYPE
	    SYNTAX  DisplayString (SIZE (0..255))
	    ACCESS  read-write
	    STATUS  mandatory

	    DESCRIPTION
		"The Community name used for read-only access."
	    DEFVAL { "public" }
	::= { bintecsec 2 }

	biboAdmWriteCommunity OBJECT-TYPE
	    SYNTAX  DisplayString (SIZE (0..255))
	    ACCESS  read-write
	    STATUS  mandatory

	    DESCRIPTION
		"The Community name used for read-write access."
	    DEFVAL { "public" }
	::= { bintecsec 3 }

	biboAdmLicenseTable OBJECT-TYPE
	    SYNTAX  SEQUENCE OF BiboAdmLicenseEntry
	    ACCESS  not-accessible
	    STATUS  mandatory
	    DESCRIPTION
		"This table contains the licenses, purchased for this
		 BIANCA/BRICK. Each entry describes a license. Each
		 license can enable one or more features of the
		 BIANCA/BRICK, when the activation key is correct.
		 Please Note, that a license is only valid for the
		 BIANCA/BRICK it has been purchased for."
	::= { bintecsec 4 }

	biboAdmLicenseEntry OBJECT-TYPE
	    SYNTAX  BiboAdmLicenseEntry
	    ACCESS  not-accessible
	    STATUS  mandatory
	    DESCRIPTION
		""
	    INDEX   { biboAdmLicenseKey }
	::= { biboAdmLicenseTable 1 }

	BiboAdmLicenseEntry ::=
	    SEQUENCE {
		biboAdmLicenseSerialNumber		INTEGER,
		biboAdmLicenseMask			INTEGER,
		biboAdmLicenseKey			DisplayString,
		biboAdmLicenseState			INTEGER,

		biboAdmLicenseSerialId			DisplayString,
		biboAdmLicenseHwSerial			DisplayString,
		biboAdmLicenseLicType			INTEGER
	    }

	biboAdmLicenseSerialNumber OBJECT-TYPE
	    SYNTAX  INTEGER (0..999999) 
	    ACCESS  read-write
	    STATUS  mandatory

	    DESCRIPTION
		"This object specifies the serial number of the license in 
		 case of a numerical license (together with 'Mask' and 'Key')."
	::= { biboAdmLicenseEntry 1 }

	biboAdmLicenseMask OBJECT-TYPE
	    SYNTAX  INTEGER (0..8388607)
	    ACCESS  read-write
	    STATUS  mandatory

	    DESCRIPTION
		"The LicenseMask is a bitfield, that specifies the different
		 features enabled by the license. (only used on a numerical 
		 license)."
	::= { biboAdmLicenseEntry 2 }

	biboAdmLicenseKey OBJECT-TYPE
	    SYNTAX  DisplayString 
	    ACCESS  read-write
	    STATUS  mandatory

	    DESCRIPTION
		"This object contains the activation key. A license is only
		 valid, if the activation key is correct."
	::= { biboAdmLicenseEntry 3 }

	biboAdmLicenseState OBJECT-TYPE
	    SYNTAX  INTEGER { ok(1), not-ok(2), delete(3), internal-ok(4), 
			      internal-erase(5), not-supported(6) }
	    ACCESS  read-write
	    STATUS  mandatory

	    DESCRIPTION
		"To delete a license from the system, this object has
		 to be set to delete. In case of an 'internal-ok' license the
		 license can be erased from the modules EEPROM, if it is set
		 to 'internal-erase'.
		 The state will be 'not-supported' if a license refers to 
		 a feature which is not supported by the image loaded.
		 With 'delete' it is only deleted from the main board 
		 flash memory."
	    DEFVAL { not-ok }
	::= { biboAdmLicenseEntry 4 }

	biboAdmLicenseSerialId OBJECT-TYPE
	    SYNTAX  DisplayString 
	    ACCESS  read-write
	    STATUS  mandatory

	    DESCRIPTION
		"This object specifies the serial id string of the license in
		 case of string license (together with 'Key')."
	::= { biboAdmLicenseEntry 5 }

	biboAdmLicenseHwSerial OBJECT-TYPE
	    SYNTAX  DisplayString 
	    ACCESS  read-only
	    STATUS  mandatory

	    DESCRIPTION
		"This object contains the device Hardware serial number
		 for which the license is purchased for."
	::= { biboAdmLicenseEntry 6 }

	biboAdmLicenseLicType OBJECT-TYPE
	    SYNTAX INTEGER {
		ip(1), capi(2), bridge(3), x25(4), ipx(5), stac(6),
		frame-relay(7), tapi(8), ospf(9), extended-lan(10),
		tunneling(11), taf(12), extended-wan(13), leased-line(14),
		e25(29),
		ipsec(33), ipseccb-ipxfer(34), bgp(35),
		uefs(36), siplan(37), siptrunk(38), pim(39),
		call-by-call(40), fax(41), sipout(42), brrp(43),
		wlan-controller(44), terminal-option(45),
		data-encr-accel(46), voice-mail-system(47), pptp(48),
		ethernet(128), bri(129), g703(130), pri(131), 
		modem(132), g7032pri(133), slots(134), e3(135), 
		serial(136), shdsl(137), vdsl(138)
	    } 
	    ACCESS  read-only
	    STATUS  mandatory

	    DESCRIPTION
		"The type of licenseable feature."
	::= { biboAdmLicenseEntry 7 }



	biboAdmRadiusSecret OBJECT-TYPE
	    SYNTAX  DisplayString (SIZE (0..255))
	    ACCESS  read-write
	    STATUS  mandatory

	    DESCRIPTION
		"The shared secret for RADIUS access."
	    DEFVAL { "" }
	::= { bintecsec 5 }

	biboAdmHttpPassword OBJECT-TYPE
	    SYNTAX  DisplayString (SIZE (0..255))
	    ACCESS  read-write
	    STATUS  mandatory

	    DESCRIPTION
		"The password for HTTP access."
	    DEFVAL { "bintec" }
	::= { bintecsec 6 }


        biboAdmLoginTable OBJECT-TYPE
            SYNTAX  SEQUENCE OF BiboAdmLoginEntry
            ACCESS  not-accessible
            STATUS  mandatory
            DESCRIPTION
                 "The biboAdmLoginTable defines additional users and
                  their passwords, and the commnd to be executed
		  at login."
        ::= { bintecsec 7 }
 
        biboAdmLoginEntry OBJECT-TYPE
            SYNTAX  BiboAdmLoginEntry
            ACCESS  not-accessible
            STATUS  mandatory
            DESCRIPTION
                ""
            INDEX { biboAdmLoginUser }
        ::= { biboAdmLoginTable 1 }
 
        BiboAdmLoginEntry ::=
            SEQUENCE {
                biboAdmLoginUser                        DisplayString,
                biboAdmLoginPassword                    DisplayString,
                biboAdmLoginCommand                     DisplayString,
                biboAdmLoginState                       INTEGER,
                biboAdmLoginSnmpShellCommand            DisplayString,
                biboAdmLoginSNMPAccessLevel             INTEGER,
                biboAdmLoginShellAccessLevel            INTEGER,
                biboAdmLoginHTTPAccessRights            BITS,
                biboAdmLoginGUIAccessLevel              INTEGER,
                biboAdmLoginActivityMonAccessLevel      INTEGER,
                biboAdmLoginApDiscAccessLevel           INTEGER,
                biboAdmLoginHTTPAccessClass             INTEGER,
                biboAdmLoginGUIAccessMask               HexValue,
                biboAdmLoginGUIWriteAccessMask          HexValue,
                biboAdmLoginPasswordChangeRequired      INTEGER
            }
 
        biboAdmLoginUser OBJECT-TYPE
            SYNTAX  DisplayString
            ACCESS  read-write
            STATUS  mandatory
 
            DESCRIPTION
                "This is the login name."
        ::= { biboAdmLoginEntry 1 }
 
        biboAdmLoginPassword OBJECT-TYPE
            SYNTAX  DisplayString
            ACCESS  read-write
            STATUS  mandatory
 
            DESCRIPTION
                "This is the user password."
        ::= { biboAdmLoginEntry 2 }

        biboAdmLoginCommand OBJECT-TYPE
            SYNTAX  DisplayString
            ACCESS  read-write
            STATUS  obsolete
             DESCRIPTION
                "This is the command, which is started at login, 
		 e.g. sh, telnet. All external commands are possible.

		 Variable got replaced by biboAdmLoginSnmpShellCommand."
        ::= { biboAdmLoginEntry 3 }
 
        biboAdmLoginState OBJECT-TYPE
            SYNTAX  INTEGER { valid(1), delete(2), invalid(3) }
            ACCESS  read-write
            STATUS  mandatory
 
            DESCRIPTION
                "The variable is used to disable or discard the entry."
            DEFVAL { valid }
        ::= { biboAdmLoginEntry 4 }
 
        biboAdmLoginSnmpShellCommand OBJECT-TYPE
            SYNTAX  DisplayString
            ACCESS  read-write
            STATUS  mandatory
 
            DESCRIPTION
                "This is the command, which is started upon shell login;
                 examples are 'telnet <IPaddr>', 'ifstat' or 'ps -ef'.
                 All external commands are possible, SNMP as well as all other
                 internal commands can be emulated via:

		    sh -c '<cmd>[;<cmd> ... ]'

		 Obsoletes biboAdmLoginCommand."
        ::= { biboAdmLoginEntry 5 }
 
        biboAdmLoginSNMPAccessLevel OBJECT-TYPE
            SYNTAX  INTEGER {
                    no-access(1),
                    read(2),
                    write(3),
                    admin(4)
            }
            ACCESS  read-write
            STATUS  mandatory
 
            DESCRIPTION
                "Define SNMP access level for account.
                 Available access levels are:
                     no-access(1),
                     read(2),
                     write(3),
                     admin(4)
                 They match SNMP communities but for value no-access which
                 disables SNMP access for that account.
 
                 Default value is no-access in order to avoid unintentionally
                 granting access rights."
            DEFVAL { no-access }
        ::= { biboAdmLoginEntry 6 }
 
        biboAdmLoginShellAccessLevel OBJECT-TYPE
            SYNTAX  INTEGER (0..1)
            ACCESS  read-write
            STATUS  mandatory
 
            DESCRIPTION
                "Define Shell access level for account.
                 Available access levels are 0 and 1, basically switching shell
                 access off or on, respectively.
 
                 Default value is 0 in order to avoid unintentionally granting
                 access rights."
            DEFVAL { 0 }
        ::= { biboAdmLoginEntry 7 }
 
        biboAdmLoginHTTPAccessRights OBJECT-TYPE
            SYNTAX  BITS {
		admin(0),
		fci(1),
		maint(2),
		easp(3)
	    }
            ACCESS  read-write
            STATUS  mandatory
 
            DESCRIPTION
                "Define HTTP access rights for account which are defined as bit field.
                 Available access right bits are currently:
                     bit 0: admin - access to any and all pages
                     bit 1: fci - access to web configuration interface
                     bit 2: maint - access to system maintenance pages
                                    (update of images, import and export of configurations
                                    and the like)
                     bit 3: easp - access to pages dedicated for use by external
                                    applications (currently only Dime Manager)
 
                 If bit 0 (admin) is set, all other bit values are ignored and assumed
                 as set (i.e. access allowed). This allows for defining unrestricted access
                 in a forward-compatible manner even when new bits should be
                 introduced.
 
                 A value of 0 turns HTTP access off completely.
                 Other values grant HTTP access in an application dependent
                 manner; each value may be interpreted differently on different
                 products.
 
                 Default value is 0 in order to avoid unintentionally granting
                 access rights."
            DEFVAL { { } }
        ::= { biboAdmLoginEntry 8 }
 
        biboAdmLoginGUIAccessLevel OBJECT-TYPE
            SYNTAX  INTEGER (0..255)
            ACCESS  read-write
            STATUS  obsolete
 
            DESCRIPTION
                "Define GUI access level for account.
                 Available access levels reach from 0 to 255.
 
                 Value 0 turns GUI access off, value 1 defines allmighty
                 administrator role.
                 Other values grant GUI access in an application dependend
                 manner; each value may be interpreted differently on different
                 products.
 
                 Default value is 0 in order to avoid unintentinoally granting
                 access rights."
            DEFVAL { 0 }
        ::= { biboAdmLoginEntry 9 }
 
        biboAdmLoginActivityMonAccessLevel OBJECT-TYPE
            SYNTAX  INTEGER (0..1)
            ACCESS  read-write
            STATUS  mandatory
 
            DESCRIPTION
                "Define activitiy monitor access level for account.
 
                 Value 0 inhibits any means of influencing system by activity
                 monitor mechanisms.
                 Value 1 grants full access.
 
                 NOTE:
                   This variable is currently only valid for special users
                   admin and write (SNMP communities).
                   For all other users it is ignored.
 
                 Default value is 0 in order to avoid unintentinoally granting
                 access rights."
            DEFVAL { 0 }
        ::= { biboAdmLoginEntry 10 }
 
        biboAdmLoginApDiscAccessLevel OBJECT-TYPE
            SYNTAX  INTEGER (0..1)
            ACCESS  read-write
            STATUS  mandatory
 
            DESCRIPTION
                "Define access level for access point discovery instances.
 
                 Value 0 inhibits any means of influencing system by access
                 point discovery mechanisms.
                 Value 1 grants full access.
 
                 NOTE:
                   This variable is currently only valid for special user admin
                   (SNMP community).
                   For all other users it is ignored.
 
                 Default value is 0."
            DEFVAL { 0 }
        ::= { biboAdmLoginEntry 11 }

       biboAdmLoginHTTPAccessClass OBJECT-TYPE
            SYNTAX  INTEGER {
                    user(1),
                    admin(2)
            }
            ACCESS  read-write
            STATUS  mandatory
 
            DESCRIPTION
                "Define SNMP access class for account.
                 Available access levels are:
                     user(1),
                     admin(2),

                 HTTP access class allows HTTP sessions to be classified and
		 realize limitation of HTTP sessions while allowing for
		 prioritizing sessions over user sessions. This ensures
		 manageability of the system even if normal users flood system
		 with their requests.
 
                 Default value is user."
            DEFVAL { user }
        ::= { biboAdmLoginEntry 12 }

        biboAdmLoginGUIAccessMask OBJECT-TYPE
            SYNTAX  HexValue 
            ACCESS  read-write
            STATUS  mandatory
 
           DESCRIPTION
                "Define GUI access level bits for account.
                 Available access levels bits reach from 0 to 30
 
                 Value 0 turns GUI access off, 
                 bit 0 (value 1) is reserved
                 bit 1 (value 2) defines almighty administrator role.
                 Other values grant GUI access  depending on
                 biboAdmGuiAccessTable entries. The default behavior (if
                 there is no entry in biboAdmGuiAccessTable) is application
                 dependent; each value may be interpreted differently on
                 different products.
 
                 Default value is 0 in order to avoid unintentionally granting
                 access rights."
            DEFVAL { 0 }
        ::= { biboAdmLoginEntry 13 }


         biboAdmLoginGUIWriteAccessMask OBJECT-TYPE
            SYNTAX  HexValue 
            ACCESS  read-write
            STATUS  mandatory

           DESCRIPTION
                "Define GUI write access level bits for account.
                 Available write access levels bits reach from 0 to 30

                 Value 0 turns GUI write access off,
                 bit 0 (value 1) is reserved
                 bit 1 (value 2) defines almighty administrator role.
                 Other values grant GUI access depending on
                 biboAdmGuiAccessTable entries. The default behavior
                 (if there is no entry in biboAdmGuiAccessTable) is
                 application dependent; each value may be interpreted
                 differently on different products."
            DEFVAL { 0x7FFFFFFE }
        ::= { biboAdmLoginEntry 14 }

         biboAdmLoginPasswordChangeRequired OBJECT-TYPE
            SYNTAX  INTEGER { 
			  enabled(1), 
			  disabled(2) 
			  }
              ACCESS  read-write
              STATUS  mandatory

              DESCRIPTION
                "If biboAdmLoginPasswordChangeRequired is set to enabled
		 the GUI demands a password change for this user at the
                 next login.  After the password change GUI sets this value
                 to disabled."
              DEFVAL { disabled }
        ::= { biboAdmLoginEntry 15 }

	biboAdmPublicKey OBJECT-TYPE
	    SYNTAX  OCTET STRING
	    ACCESS  read-only
	    STATUS  mandatory

	    DESCRIPTION
		"Generated public key for TAF client access"
	::= { bintecsec 10 }

	biboAdmPrivateKey OBJECT-TYPE
	    SYNTAX  OCTET STRING
	    ACCESS  not-accessible
	    STATUS  mandatory

	    DESCRIPTION
		""
	::= { bintecsec 11 }

	biboAdmActMonPassword OBJECT-TYPE
	    SYNTAX  DisplayString (SIZE (0..255))
	    ACCESS  read-write
	    STATUS  mandatory

	    DESCRIPTION
		"The password for Activity Monitor access."
	    DEFVAL { "" }
	::= { bintecsec 12 }

-- bintecsec 13 is used for tacacsp

-- biboAdmGuiAccessTable
        biboAdmGuiAccessTable OBJECT-TYPE
            SYNTAX  SEQUENCE OF BiboAdmGuiAccessEntry
            ACCESS  not-accessible
            STATUS  mandatory
            DESCRIPTION
                 "The biboAdmGuiAccessTable defines 'required access level' for
                  GUI access IDs."
        ::= { bintecsec 14 }

        biboAdmGuiAccessEntry OBJECT-TYPE
            SYNTAX  BiboAdmGuiAccessEntry
            ACCESS  not-accessible
            STATUS  mandatory
            DESCRIPTION
                ""
            INDEX { biboAdmGuiAccessIndex }
       ::= { biboAdmGuiAccessTable 1 }

        BiboAdmGuiAccessEntry ::=
            SEQUENCE {
                biboAdmGuiAccessIndex                   INTEGER,
--		biboAdmGuiAccessID                      DisplayString,
                biboAdmGuiAccessState                   INTEGER,
                biboAdmGuiAccessRequiredLvlMask         HexValue
            }

        biboAdmGuiAccessIndex OBJECT-TYPE
            SYNTAX  INTEGER
            ACCESS  read-write
            STATUS  mandatory
            DESCRIPTION
                "The GUI access index of the associated id."
        ::= { biboAdmGuiAccessEntry 1 }

--        biboAdmGuiAccessID OBJECT-TYPE
--            SYNTAX  DisplayString (SIZE (0..50))
--	    ACCESS  read-only
--	    STATUS  mandatory
--
--            DESCRIPTION
--                "This is the GUI access id."
--
--        ::= { biboAdmGuiAccessEntry 2 }

       biboAdmGuiAccessState OBJECT-TYPE
            SYNTAX  INTEGER { valid(1), delete(2), invalid(3) }
            ACCESS  read-write
            STATUS  mandatory

            DESCRIPTION
                "Make entry valid/invalid or discard it."
            DEFVAL { valid }
        ::= { biboAdmGuiAccessEntry 3 }

       biboAdmGuiAccessRequiredLvlMask OBJECT-TYPE

            SYNTAX  HexValue 
            ACCESS  read-write
            STATUS  mandatory

            DESCRIPTION
               "Define required GUI access level bits.
                Available access levels bits reach from 0 to 30
                Normal behavior: Only users get access to the part of GUI
                which is specified by biboAdmGuiAccessInedx, which have at
                least  one bit set in biboAdmLoginGUIAccessMaks which is
                also set in here.

                System administrator and users which have admin rights
                (bit 1 (2)) in biboAdmLoginGUIAccessLevel have always
                access to any GUI part. This can be overruled by setting
                bit 0 in biboAdmGuiAccessRequiredLevel."
            DEFVAL { 0 }
        ::= { biboAdmGuiAccessEntry 4 }


        biboAdmGuiAccessLevelTable OBJECT-TYPE
            SYNTAX  SEQUENCE OF BiboAdmGuiAccessLevelEntry
            ACCESS  not-accessible
            STATUS  mandatory

            DESCRIPTION
                 "This table holds a description for used
                  level bits."
        ::= { bintecsec 15 }

        biboAdmGuiAccessLevelEntry OBJECT-TYPE
            SYNTAX  BiboAdmGuiAccessLevelEntry
            ACCESS  not-accessible
            STATUS  mandatory
            DESCRIPTION
                 ""
            INDEX { biboAdmGuiAccessLevelBitNr }
       ::= { biboAdmGuiAccessLevelTable 1 }

        BiboAdmGuiAccessLevelEntry ::=
            SEQUENCE {
                biboAdmGuiAccessLevelBitNr              INTEGER,
                biboAdmGuiAccessLevelState              INTEGER,
                biboAdmGuiAccessLevelDescription        DisplayString
            }

        biboAdmGuiAccessLevelBitNr OBJECT-TYPE
            SYNTAX  INTEGER (0..30)
            ACCESS  read-write
            STATUS  mandatory

            DESCRIPTION
                "Access level bit."

        ::= { biboAdmGuiAccessLevelEntry 1 }

        biboAdmGuiAccessLevelState OBJECT-TYPE
            SYNTAX  INTEGER { valid(1), delete(2), invalid(3) }
            ACCESS  read-write
            STATUS  mandatory

            DESCRIPTION
                "Make entry valid/invalid or discard it."
            DEFVAL { valid }
        ::= { biboAdmGuiAccessLevelEntry 2 }

        biboAdmGuiAccessLevelDescription OBJECT-TYPE
            SYNTAX  DisplayString
            ACCESS  read-write
            STATUS  mandatory

            DESCRIPTION
                "Description for this access level bit."

        ::= { biboAdmGuiAccessLevelEntry 3 }

END
