RAD-TACACS-MIB DEFINITIONS ::= BEGIN

IMPORTS

       InetAddressType, InetAddress     FROM  INET-ADDRESS-MIB
       SnmpAdminString     FROM  SNMP-FRAMEWORK-MIB
       Counter32, Unsigned32, OBJECT-TYPE, 
       MODULE-IDENTITY     FROM  SNMPv2-SMI
       TEXTUAL-CONVENTION, RowStatus     FROM  SNMPv2-TC
       radSecurity     FROM  RAD-SMI-MIB; 

    radTacacsPlus MODULE-IDENTITY
        LAST-UPDATED "201609191808Z"  -- September 19, 2016
        ORGANIZATION "RAD Data Communications Ltd."
        CONTACT-INFO
        "System Department

         Email:  mibs@rad.com
         Postal: RAD Data Communications Ltd.
                 24 Raoul Wallenberg St.
                 Tel-Aviv 6971920
                 Israel

         Phone:  +972-3-645-5421
         Fax:    +972-3-760-7844"
         DESCRIPTION
            "TACACS MIB."
    ::= { radSecurity 1 }


-- Definition of a client Terminal Access Controller Access Control System Plus (TACACS+)


-- Textual conventions
RadTacacsKeyString ::= TEXTUAL-CONVENTION
      STATUS  current
      DESCRIPTION
      "A string to keep a TACACS Plus key. Its lenght is limited to 255 characters."
      SYNTAX      OCTET STRING (SIZE(0..255))


-- TACACS Plus Server Required Parameters


tacplusAuthServerTable OBJECT-TYPE
      SYNTAX      SEQUENCE OF TacplusAuthServerEntry
      MAX-ACCESS  not-accessible
      STATUS      current
      DESCRIPTION
      "The (conceptual) table listing the TACACS+ authentication
      servers with which the client shares a secret key."
        ::= { radTacacsPlus 1 }

tacplusAuthServerEntry OBJECT-TYPE
      SYNTAX      TacplusAuthServerEntry
      MAX-ACCESS  not-accessible
      STATUS      current
      DESCRIPTION
      "An entry (conceptual row) representing a TACACS+
      authentication server with which the client shares
      a secret key."
      INDEX     { tacplusServerAddressType, tacplusServerAddress, tacplusServerPort }
        ::= { tacplusAuthServerTable 1 }

TacplusAuthServerEntry ::= SEQUENCE {
    tacplusServerAddressType        InetAddressType,
    tacplusServerAddress            InetAddress,
    tacplusServerPort               Unsigned32,
    tacplusRowStatus                RowStatus,
    tacplusSecretKey                RadTacacsKeyString,
    tacplusRetryCount               Unsigned32,
    tacplusTimeout                  Unsigned32,
    tacplusAuthentStatus            INTEGER,
    tacplusAccountingPort           Unsigned32,
    tacplusServerGroup              Unsigned32,
    tacplusAuthenticationPort       Unsigned32 
 }

tacplusServerAddressType OBJECT-TYPE
      SYNTAX        InetAddressType
      MAX-ACCESS    not-accessible
      STATUS        current
      DESCRIPTION
      "This variable represents the TACACS+ Server Address Type
      indicating ipv4(1), ipv6(2). The object identifiers for
      the InetAddressType object and the InetAddress object MUST
      have the same length and the last sub-identifier of the
      InetAddressType object MUST be 1 less than the last
      sub-identifier of the InetAddress object."
      ::= { tacplusAuthServerEntry 1 }

tacplusServerAddress OBJECT-TYPE
      SYNTAX      InetAddress
      MAX-ACCESS  not-accessible
      STATUS      current
      DESCRIPTION
      "The IP address of the TACACS+ authentication server
      referred to in this table entry."
      ::= { tacplusAuthServerEntry 2 }

tacplusServerPort OBJECT-TYPE
      SYNTAX      Unsigned32 (1..65535)
      MAX-ACCESS  not-accessible
      STATUS      current
      DESCRIPTION
      "In current implementation this index shall me equal to '1'.
       The TCP port configuration shall be done via the objects in the table."
      ::= { tacplusAuthServerEntry 3 }

tacplusRowStatus OBJECT-TYPE
      SYNTAX      RowStatus
      MAX-ACCESS  read-create
      STATUS      current
      DESCRIPTION
      "The status of the TACACS server entry.
       In order for this object to become active, the following
       row objects must be defined:
       tacplusSecretKey
       All other objects can assume default values.
       In order to set the admin Status of the server to 'down' use the
       notInService function."
      ::= { tacplusAuthServerEntry 4 }


tacplusSecretKey OBJECT-TYPE
      SYNTAX      RadTacacsKeyString
      MAX-ACCESS  read-create
      STATUS      current
      DESCRIPTION
      "This is the secret key shared between the Client and Server TACACS+."
      DEFVAL    { "" }
      ::= { tacplusAuthServerEntry 6 }


tacplusRetryCount OBJECT-TYPE
      SYNTAX      Unsigned32 (1..10)
      MAX-ACCESS  read-create
      STATUS      current
      DESCRIPTION
      "This object indicates the threshold number of permitted Authentication requests.
      If the number of authentication requests crosses the threshold number then the device will
      not attempt to send additional Authentication requests until it will reboot or reset.
      The default value is 3 authentication attempt requests."
      DEFVAL { 3 }
      ::= { tacplusAuthServerEntry 7 }


tacplusTimeout OBJECT-TYPE
      SYNTAX      Unsigned32 (1..255)
      MAX-ACCESS  read-create
      STATUS      current
      DESCRIPTION
      "The delay in seconds that a specific TACACS+ server responds to a client request.
      The default value is 5 seconds."
      DEFVAL    { 5 }
      ::= { tacplusAuthServerEntry 8 }

tacplusAuthentStatus OBJECT-TYPE
      SYNTAX      INTEGER {
      authenticated           (1),
      authenticationFailure   (2),
      unknownFailure          (3),
      idle                    (4)
      }
      MAX-ACCESS  read-only
      STATUS      current
      DESCRIPTION
      "Authentication Status reflects possible results of the authentication process.
        Authenticated(1) means that the authentication succeeded.
        AuthenticationFailure(2) means that the authentication process failed due
        to wrong credential.
        UnknownFailure(4) means that the authentication process failed due to a server
        or internal error.
        Idle(4) is the initial default value."
      DEFVAL    { idle }
      ::= { tacplusAuthServerEntry 9 }

-- Entry 10 is free



tacplusAccountingPort OBJECT-TYPE
      SYNTAX      Unsigned32 (1..65535)
      MAX-ACCESS  read-create
      STATUS      current
      DESCRIPTION
      "The TCP port used for Accounting.
       This parameter shall be configured only if the Accounting TCP port is
       different from 49."
      DEFVAL    { 49 }
      ::= { tacplusAuthServerEntry 11 }

tacplusServerGroup   OBJECT-TYPE
      SYNTAX      Unsigned32 (0..65535)
      MAX-ACCESS  read-create
      STATUS      current
      DESCRIPTION
      "The associate group (in tacplusServerGroupId).
      By default the value is 0."
      ::= { tacplusAuthServerEntry 12 }

tacplusAuthenticationPort OBJECT-TYPE
      SYNTAX      Unsigned32 (1..65535)
      MAX-ACCESS  read-create
      STATUS      current
      DESCRIPTION
      "The TCP port used for Authentication.
       This parameter shall be configured only if the Authentication TCP port is
       different from 49."
      DEFVAL    { 49 }
      ::= { tacplusAuthServerEntry 13 }


 --       TACACS+ Statistics Entry per Server


tacplusStatsTable OBJECT-TYPE
      SYNTAX      SEQUENCE OF TacplusStatsEntry
      MAX-ACCESS  not-accessible
      STATUS      current
      DESCRIPTION
      "This table contains the statistics per TACACS+ server instance."
      ::= { radTacacsPlus 2 }

tacplusStatsEntry OBJECT-TYPE
      SYNTAX      TacplusStatsEntry
      MAX-ACCESS  not-accessible
      STATUS      current
      DESCRIPTION
      "A TACACS+ server instance statistics table entry."
      AUGMENTS  { tacplusAuthServerEntry }
      ::= { tacplusStatsTable 1 }

TacplusStatsEntry ::= SEQUENCE {
    tacplusClearStaticsCmd              INTEGER,
    tacplusAuthRequests                 Counter32,
    tacplusAuthenRequestTimeouts        Counter32,
    tacplusAuthenUnexpectedResponses    Counter32,
    tacplusAuthenServerErrorResponses   Counter32,
    tacplusAuthenIncorrectResponses     Counter32,
    tacplusAuthenTransactionSuccesses   Counter32,
    tacplusAuthenTransactionFailures    Counter32,
    tacplusAuthenPendingRequests        Counter32 
 }


 tacplusClearStaticsCmd OBJECT-TYPE
      SYNTAX      INTEGER {
      on  (1),
      off (2)
      }
      MAX-ACCESS  read-write
      STATUS      current
      DESCRIPTION
      "This object will allow to initialize the statistic counters of a given
      TACACS+ server instance.
       on(1) means that the statistics will be cleared. The Agent will change the value
       of this MIB object to off(2) automatically, after performing the command.
       off(2) is the default value. Setting this object to off(2), will do nothing."
      DEFVAL    { off }
      ::= { tacplusStatsEntry 1 }


tacplusAuthRequests OBJECT-TYPE
     SYNTAX      Counter32
     MAX-ACCESS  read-only
     STATUS      current
     DESCRIPTION
     "Counter that measures the number of authentications performed toward a specific TACACS+ server."
     ::= { tacplusStatsEntry 2 }

tacplusAuthenRequestTimeouts OBJECT-TYPE
     SYNTAX      Counter32
     MAX-ACCESS  read-only
     STATUS      current
     DESCRIPTION
     "Counter that measures the number of transaction timeouts that were occured between the client and server."
     ::= { tacplusStatsEntry 3 }

tacplusAuthenUnexpectedResponses OBJECT-TYPE
     SYNTAX      Counter32
     MAX-ACCESS  read-only
     STATUS      current
     DESCRIPTION
     "Counter that is incremented when the tacacs+ client receives a tacacs+ packet which
     is not expected at that time. This could happen because of delay response to a request
     which has already timed out."
     ::= { tacplusStatsEntry 4 }

tacplusAuthenServerErrorResponses OBJECT-TYPE
     SYNTAX      Counter32
     MAX-ACCESS  read-only
     STATUS      current
     DESCRIPTION
     "Counter that measures the number of errors received from the tacacs+ server."
     ::= { tacplusStatsEntry 5 }

tacplusAuthenIncorrectResponses OBJECT-TYPE
     SYNTAX      Counter32
     MAX-ACCESS  read-only
     STATUS      current
     DESCRIPTION
     "This counter is incremented when tacacs+ client fails to decrypt the packets or
     when the client finds an invalid field in the tacacs+ packet or when the client
     receives a response which is not valid based on the request."
     ::= { tacplusStatsEntry 6 }

tacplusAuthenTransactionSuccesses OBJECT-TYPE
     SYNTAX      Counter32
     MAX-ACCESS  read-only
     STATUS      current
     DESCRIPTION
     "Counter that measures the successfully transactions between the client and server tacacs+."
     ::= { tacplusStatsEntry 7 }

tacplusAuthenTransactionFailures OBJECT-TYPE
     SYNTAX      Counter32
     MAX-ACCESS  read-only
     STATUS      current
     DESCRIPTION
     "This counter is increamented when tacacs+ client receives an abort from the server or
     when the server fails to respond even after maximum resend (RetryCount)."
     ::= { tacplusStatsEntry 8 }

tacplusAuthenPendingRequests OBJECT-TYPE
     SYNTAX      Counter32
     MAX-ACCESS  read-only
     STATUS      current
     DESCRIPTION
     "This counter is incremented when a tacacs+ client sends a request and it is decremented
     when tacaplus client receives a response or when a timeout occurs."
     ::= { tacplusStatsEntry 9 }


-- ------------------
-- Server Group Table
-- ------------------


tacplusServerGroupTable      OBJECT-TYPE
      SYNTAX      SEQUENCE OF TacplusServerGroupEntry
      MAX-ACCESS  not-accessible
      STATUS      current
      DESCRIPTION
      "This table contains the groups of tacacs servers."
      ::= { radTacacsPlus 3 }

tacplusServerGroupEntry      OBJECT-TYPE
      SYNTAX      TacplusServerGroupEntry
      MAX-ACCESS  not-accessible
      STATUS      current
      DESCRIPTION
      "A TACACS+ server group table entry."
      INDEX     { tacplusServerGroupId }
      ::= { tacplusServerGroupTable 1 }

TacplusServerGroupEntry ::= SEQUENCE {
    tacplusServerGroupId                Unsigned32,
    tacplusServerGroupRowStatus         RowStatus,
    tacplusServerGroupName              SnmpAdminString,
    tacplusServerGroupAccountingMode    BITS 
 }

tacplusServerGroupId     OBJECT-TYPE
      SYNTAX      Unsigned32
      MAX-ACCESS  not-accessible
      STATUS      current
      DESCRIPTION
      "The ID for the group"
      ::= { tacplusServerGroupEntry 1 }

tacplusServerGroupRowStatus     OBJECT-TYPE
      SYNTAX      RowStatus
      MAX-ACCESS  read-create
      STATUS      current
      DESCRIPTION
      "The status of this table entry."
      ::= { tacplusServerGroupEntry 2 }

tacplusServerGroupName     OBJECT-TYPE
      SYNTAX      SnmpAdminString
      MAX-ACCESS  read-create
      STATUS      current
      DESCRIPTION
      "The name of the group"
      ::= { tacplusServerGroupEntry 3 }

tacplusServerGroupAccountingMode     OBJECT-TYPE
      SYNTAX      BITS
      {
       shell     (0),
       system    (1),
       commands  (2)
       }
      MAX-ACCESS  read-create
      STATUS      current
      DESCRIPTION
      "The group type, the group can be configured as:
      Bit 0 = shell
      Bit 1 = system
      Bit 2 = commands
      By default all bits are inactive (bit # = 0)."
      ::= { tacplusServerGroupEntry 4 }
      
      
END
