-- *****************************************************************
-- RBN-TACACS-MIB               Redback TACACS+ MIB
--
-- Copyright (c) 2004 RedBack Networks, Inc.
-- All rights reserved.
-- 
-- *****************************************************************

RBN-TACACS-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, Unsigned32,
    NOTIFICATION-TYPE                      FROM SNMPv2-SMI
    TEXTUAL-CONVENTION                     FROM SNMPv2-TC
    MODULE-COMPLIANCE, OBJECT-GROUP,
    NOTIFICATION-GROUP                     FROM SNMPv2-CONF
    SnmpAdminString                        FROM SNMP-FRAMEWORK-MIB
    InetAddress, InetAddressType           FROM INET-ADDRESS-MIB
    rbnMgmt                                FROM RBN-SMI;

rbnTacacsMib MODULE-IDENTITY
    LAST-UPDATED "200403011800Z" -- March 1, 2004
    ORGANIZATION "RedBack Networks, Inc."
    CONTACT-INFO
        "       RedBack Networks, Inc.

        Postal: 300 Holger Way
                San Jose, CA  95134-1362
                USA

         Phone: +1 408 750-5000
           Fax: +1 408 750-5599

        E-mail: mib-info@redback.com"
    DESCRIPTION
        "This Redback MIB defines a notification for the state
         of the TACACS+ server."
    REVISION	 "200403011800Z" -- March 1, 2004
    DESCRIPTION
        "Initial verison."

    ::= { rbnMgmt 33 }

rbnTacacsMIBNotifications OBJECT IDENTIFIER ::= { rbnTacacsMib 0 }
rbnTacacsMIBObjects       OBJECT IDENTIFIER ::= { rbnTacacsMib 1 }
rbnTacacsMIBConformance   OBJECT IDENTIFIER ::= { rbnTacacsMib 2 }

rbnTacacsObjects          OBJECT IDENTIFIER ::= { rbnTacacsMIBObjects 1 }
rbnTacacsAcctObjects      OBJECT IDENTIFIER ::= { rbnTacacsMIBObjects 2 }
rbnTacacsNotifyObjects    OBJECT IDENTIFIER ::= { rbnTacacsMIBObjects 3 }

--
-- Textual Conventions
--

RbnTacacsState ::= TEXTUAL-CONVENTION
    STATUS current
    DESCRIPTION
        "The current state of a TACACS+ server. When a server is
         initially configured its state is 'unknown'. When requests
         are sent to this server it will transition to either 'up' or
         'down', depending on whether the server replies to the
         requests. It will then transition between 'up' and 'down'
         accordingly. It will never transition back to 'unknown'."
    SYNTAX INTEGER {
        unknown(1),            -- state on initial creation
        up(2),                 -- server is responding
        down(3)                -- server is not responding
    }

RbnTacacsReason ::= TEXTUAL-CONVENTION
    STATUS current
    DESCRIPTION
        "When a TACACS+ server transitions to a new state, this identifies
         the reason for the transition. "
    SYNTAX INTEGER {
        -- the following are only valid for a transition to 'up'
        responding(1),          -- server is responding

        -- the following are only valid for a transition to 'down'
        packetTimeout(2),       -- the server is not responding and a
                                -- packet-level timeout has occurred
        serverTimeout(3),       -- the server is not responding and a
                                -- server-level timeout has occurred
        serverError(4)          -- server has an error resulting in
                                -- a transition to down state
    }

--
-- TACACS+ notification objects
--
-- these objects will only appear in notifications
--

rbnTacacsContext OBJECT-TYPE
    SYNTAX     SnmpAdminString (SIZE (1..63))
    MAX-ACCESS accessible-for-notify
    STATUS     current
    DESCRIPTION
        "The name of the context in which this server is configured."
    ::= { rbnTacacsNotifyObjects 1 }

rbnTacacsServerIndex OBJECT-TYPE
    SYNTAX     Unsigned32 (1..4294967295)
    MAX-ACCESS accessible-for-notify
    STATUS     current
    DESCRIPTION
        "A unique index value assigned to each TACACS server"
    ::= { rbnTacacsNotifyObjects 2 }

rbnTacacsServerAddressType OBJECT-TYPE
    SYNTAX     InetAddressType
    MAX-ACCESS accessible-for-notify
    STATUS     current
    DESCRIPTION
        "The type of address contained in rbnTacacsServerAddress."
    ::= { rbnTacacsNotifyObjects 3 }

rbnTacacsServerAddress OBJECT-TYPE
    SYNTAX     InetAddress
    MAX-ACCESS accessible-for-notify
    STATUS     current
    DESCRIPTION
          "The TACACS+ server address."
    ::= { rbnTacacsNotifyObjects 4 }

rbnTacacsServerPort OBJECT-TYPE
    SYNTAX     Unsigned32(0..65535)
    MAX-ACCESS accessible-for-notify
    STATUS     current
    DESCRIPTION
          "The TCP port number."
    ::= { rbnTacacsNotifyObjects 5 }

rbnTacacsServerState OBJECT-TYPE
    SYNTAX     RbnTacacsState
    MAX-ACCESS accessible-for-notify
    STATUS     current
    DESCRIPTION
        "The current state of the TACACS+ server."
    ::= { rbnTacacsNotifyObjects 6 }

rbnTacacsServerReason OBJECT-TYPE
    SYNTAX     RbnTacacsReason
    MAX-ACCESS accessible-for-notify
    STATUS     current
    DESCRIPTION
        "The reason for the server's last state change."
    ::= { rbnTacacsNotifyObjects 7 }

rbnTacacsUserName OBJECT-TYPE
    SYNTAX     SnmpAdminString (SIZE (0..128))
    MAX-ACCESS accessible-for-notify
    STATUS     current
    DESCRIPTION
        "The name of the user the system was trying to authenticate
         or send accouting information for when the TACACS+ server
         transitioned to 'down'.

         Note: the 'username' is only valid when transitioning due to
         a packet-level timeout.

         When transitioning due to any other reason the value for this
         object will be a zero-length string."
    ::= { rbnTacacsNotifyObjects 8 }

rbnTacacsServerMsg OBJECT-TYPE
    SYNTAX     SnmpAdminString (SIZE (0..256))
    MAX-ACCESS accessible-for-notify
    STATUS     current
    DESCRIPTION
        "A text string optionally provided by the TACACS+ server when
         rbnTacacsServerReason is 'serverError'. In all other cases
         this is a zero-length string."
    ::= { rbnTacacsNotifyObjects 9 }
         
--
-- TACACS+ notifications
--

rbnTacacsStateChange NOTIFICATION-TYPE
    OBJECTS { 
        rbnTacacsContext,
        rbnTacacsServerIndex,
        rbnTacacsServerAddressType,
        rbnTacacsServerAddress,
        rbnTacacsServerPort,
        rbnTacacsServerState, 
        rbnTacacsServerReason,
        rbnTacacsUserName,
        rbnTacacsServerMsg
    }
    STATUS  current
    DESCRIPTION
        "This notification signifies that a TACACS+ authorization
         server has transitioned to 'up' or 'down'.

         Note: if rbnTacacsState's value is 'down' and
         rbnTacacsReason's value is 'packetTimeout', then
         rbnTacacsUserName's value will be a username. For all other
         cases, rbnTacacsUserName's value will be a zero-length
         string.
         
         If rbnTacacsServerReason is 'serverError', then rbnTacacsServerMsg
         may contain a string from the server, otherwise the value is a
         zero-length string."
    ::= { rbnTacacsMIBNotifications 1 }


--
-- compliance statements
--
rbnTacacsCompliances OBJECT IDENTIFIER ::= { rbnTacacsMIBConformance 1 }
rbnTacacsGroups      OBJECT IDENTIFIER ::= { rbnTacacsMIBConformance 2 }

rbnTacacsCompliance MODULE-COMPLIANCE
    STATUS current
    DESCRIPTION
        "The compliance statement for SNMP entities which implement
        the Redback TACACS+ MIB."
    MODULE  -- this module
    MANDATORY-GROUPS {
        rbnTacacsNotifyObjectsGroup,
        rbnTacacsNotifyGroup
    }
    ::= { rbnTacacsCompliances 1 }

rbnTacacsNotifyObjectsGroup OBJECT-GROUP
    OBJECTS {
        rbnTacacsContext,
        rbnTacacsServerIndex,
        rbnTacacsServerAddressType,
        rbnTacacsServerAddress,
        rbnTacacsServerPort,
        rbnTacacsServerState, 
        rbnTacacsServerReason,
        rbnTacacsUserName,
        rbnTacacsServerMsg
    }
    STATUS current
    DESCRIPTION
        "The collection of objects used only in notifications."
    ::= { rbnTacacsGroups 2 }

rbnTacacsNotifyGroup NOTIFICATION-GROUP
    NOTIFICATIONS {
        rbnTacacsStateChange
    }
    STATUS current
    DESCRIPTION
        "Notification for tracking the status of TACACS+ servers."
    ::= { rbnTacacsGroups 3 }


END
