ELTEX-MES-AAA DEFINITIONS ::= BEGIN

-- Title:      ELTEX MES AAA Extension Private
-- Version:    2.2
-- Date:       15 Nov 2017
--
-- 11-Jul-2016 - Added eltAAAAccountingCommandsMethod
-- 15-Nov-2017 - Added eltMesAAALine objects

IMPORTS
    eltMes, eltMesRadius, eltMesTacacs              FROM ELTEX-MES
    MODULE-IDENTITY, OBJECT-TYPE                    FROM SNMPv2-SMI
    TEXTUAL-CONVENTION, TruthValue                  FROM SNMPv2-TC
    DisplayString                                   FROM SNMPv2-TC
    RlAAAAccountingMethod                           FROM RADLAN-AAA
    rndErrorDesc, rndErrorSeverity                  FROM RADLAN-DEVICEPARAMS-MIB;

--
-- AAA MIB
--

eltMesAAA MODULE-IDENTITY
        LAST-UPDATED "201509210000Z"
        ORGANIZATION "Eltex Ltd."
        CONTACT-INFO
                "http://www.eltex.nsk.ru"
        DESCRIPTION
                "The private MIB module definition for Authentication, Authorization and Accounting
                 in Eltex MES devices."
        ::= { eltMes 79 }

EltAAAServiceType  ::= TEXTUAL-CONVENTION
   STATUS current
   DESCRIPTION    "Line service type."
   SYNTAX INTEGER {
      console(0),
      telnet(1),
      ssh(2)
}

eltMesAAANotifications OBJECT IDENTIFIER ::= { eltMesAAA 0 }
        
EltAAAMethodListModeType  ::= TEXTUAL-CONVENTION
   STATUS current
   DESCRIPTION    "Authentication mode type."
   SYNTAX INTEGER {
      eltAAAMethodListModeTypeChain(0),
      eltAAAMethodListModeTypeBreak(1)
}

eltAAAMethodListMode OBJECT-TYPE
    SYNTAX   EltAAAMethodListModeType
    MAX-ACCESS   read-write
    STATUS   current
    DESCRIPTION "Specify the authentication mode."
  ::= { eltMesAAA 1 }

eltAAAAccountingCommandsMethod OBJECT-TYPE
    SYNTAX   RlAAAAccountingMethod
    MAX-ACCESS   read-write
    STATUS   current
    DESCRIPTION "Specify a method used for accounting of user commands."
  ::= { eltMesAAA 2 }

---
--- Line MIB Objects
---

eltMesAAALine          OBJECT IDENTIFIER ::= { eltMesAAA 3 }

eltAAALineTelnetMaxLoginAttempts OBJECT-TYPE
    SYNTAX      INTEGER  (1..10)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION "The maximum number of unsuccessful login attempts into
                 a Telnet session made before the connection is closed."
    ::= { eltMesAAALine 1 }

eltAAALineSshMaxLoginAttempts OBJECT-TYPE
    SYNTAX      INTEGER  (1..10)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION "The maximum number of unsuccessful login attempts into
                 a SSH session made before the connection is closed."
    ::= { eltMesAAALine 2 }

--
-- RADIUS attributes
--

eltMesRadiusAttr OBJECT IDENTIFIER ::= { eltMesRadius 1 }

eltRadiusAttrNasIdAccessEnable OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Enable or disable including NAS-Identifier attribute in Access Request messages"
    DEFVAL      { false }
    ::= { eltMesRadiusAttr 1 }

eltRadiusAttrNasIdFormatString OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE(0..32))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The format string for NAS-Identifier RADIUS attribute."
    DEFVAL      { "%h" }
    ::= { eltMesRadiusAttr 2 }

--
-- TACACS attributes
--

eltMesTacacsAttr OBJECT IDENTIFIER ::= { eltMesTacacs 1 }

eltTacacsAttrPortConfigTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EltTacacsAttrPortConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A list of TACACS attributes configuring mechanism."
    ::= { eltMesTacacsAttr 1 }

eltTacacsAttrPortConfigEntry OBJECT-TYPE
   SYNTAX      EltTacacsAttrPortConfigEntry
   MAX-ACCESS  not-accessible
   STATUS      current
   DESCRIPTION
       "An entry containing TACACS attributes configuring
        mechanism."
   INDEX { eltTacacsAttrPortLineType }
   ::= { eltTacacsAttrPortConfigTable 1 }

EltTacacsAttrPortConfigEntry ::=
    SEQUENCE {
        eltTacacsAttrPortLineType
            EltAAAServiceType,
        eltTacacsAttrPortFormat
            OCTET STRING
    }

eltTacacsAttrPortLineType OBJECT-TYPE
    SYNTAX      EltAAAServiceType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Line type."
    ::= { eltTacacsAttrPortConfigEntry 1 }

eltTacacsAttrPortFormat OBJECT-TYPE
    SYNTAX      OCTET STRING
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "User defined string to use as port attribute
         in TACACS packets. Specify port
         string template:
              <%n: line session index>,
              <%%: single %>."
    ::= { eltTacacsAttrPortConfigEntry 2 }

--
-- Dynamic Authorization MIB Objects
--
eltMesDynamicAuthorization OBJECT IDENTIFIER ::= { eltMesAAA 4 }
eltMesDynamicAuthorizationGlobals OBJECT IDENTIFIER ::= { eltMesDynamicAuthorization 1 }

eltDynamicAuthorizationRadiusEnable OBJECT-TYPE
   SYNTAX       TruthValue
   MAX-ACCESS   read-write
   STATUS       current
   DESCRIPTION
       "Specifies whether Dynamic Radius Server enabled on the switch. "
   DEFVAL  { false }
   ::= { eltMesDynamicAuthorizationGlobals 1 }

eltDynamicAuthorizationRadiusPort OBJECT-TYPE
    SYNTAX INTEGER (1..65535)
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION
        "To define the accounting UDP port used for dynamic authentication requests."
    DEFVAL  { 3799 }
    ::= { eltMesDynamicAuthorizationGlobals 2 }

--
-- Command Authorization MIB Objects
--
eltAAAAuthorizationCommandsMethodListName OBJECT-TYPE
    SYNTAX   OCTET STRING (SIZE(3..20))
    MAX-ACCESS   read-write
    STATUS   current
    DESCRIPTION "Specify the name of authorization list used for authorization of user commands."
    DEFVAL { "cmd_default" }
  ::= { eltMesAAA 5 }

---
--- Notifications
---

eltAAAUserTrap NOTIFICATION-TYPE
    OBJECTS   {rndErrorDesc, rndErrorSeverity}
    STATUS current
    DESCRIPTION
        "A eltAAAUserTrap is generated when user
         connect/reject/disconnect from the session."
    ::= { eltMesAAANotifications 1 }


END
