-- ZyXEL Communications Corporation
-- Private Enterprise MIB definition 
  
-- This file describes the ZyXEL Communications Corporation Enterprise MIB.
-- It contains ZyXEL products OIDs, and common managed objects.

-- $Log: ZYXEL-AAA-MIB.mib $ 
-- Revision 1.7  2013/12/06 07:01:39  ccho 
-- remove uncessary imports 
-- Revision 1.6  2013/11/20 06:50:37  ccho 
-- renaming identifier name for SMI.V2 
-- Revision 1.5  2013/11/06 05:40:43  ccho 
-- fix mib style 
-- Revision 1.4  2012/12/10 06:28:03  Kevin 
-- redefine oid 
-- Revision 1.3  2012/09/19 07:27:28  Kevin 
-- if it's leaf node, revise the vender name from zyxel to zy 
-- Revision 1.2  2012/07/05 06:21:58  Kevin 
-- 1. upgrade from SNMP to SNMPv2  
-- 2. clean warning 
-- Revision 1.1  2012/05/30 07:08:42  Kevin 
-- Initial revision 

ZYXEL-AAA-MIB DEFINITIONS ::= BEGIN

    IMPORTS
	OBJECT-TYPE
		FROM SNMPv2-SMI			-- RFC2578	
		
	MODULE-IDENTITY
		FROM SNMPv2-SMI
	
	DisplayString                                          
	  	FROM SNMPv2-TC
	  	
	EnabledStatus
		FROM  P-BRIDGE-MIB

	NOTIFICATION-TYPE
		FROM SNMPv2-SMI

	Integer32
		FROM SNMPv2-SMI

	esMgmt			
		FROM ZYXEL-ES-SMI;

	zyxelAaa MODULE-IDENTITY
		LAST-UPDATED	"201207010000Z"    
		ORGANIZATION "Enterprise Solution ZyXEL"     
		CONTACT-INFO
			""	   
		DESCRIPTION
			"The subtree for authentication, authorization and accounting (AAA)"
		::= { esMgmt 94 }

	zyxelAaaSetup     			OBJECT IDENTIFIER ::= { zyxelAaa 1 }    
	zyxelAaaTrapInfoObjects  	OBJECT IDENTIFIER ::= { zyxelAaa 2 } 
	zyxelAaaNotifications  		OBJECT IDENTIFIER ::= { zyxelAaa 3 }
	
--  1.zyxelAaaSetup
	
        zyxelAaaAuthenticationSetup OBJECT IDENTIFIER ::= { zyxelAaaSetup 1 }

-- 		authenticationTypeTable
        zyxelAaaAuthenticationTypeTable OBJECT-TYPE
        SYNTAX	SEQUENCE OF ZyxelAaaAuthenticationTypeEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
        "The table contains authentication type configuration."
        ::= { zyxelAaaAuthenticationSetup 1 }
        
		zyxelAaaAuthenticationTypeEntry OBJECT-TYPE
        SYNTAX	ZyxelAaaAuthenticationTypeEntry
        MAX-ACCESS	not-accessible
        STATUS	current
        DESCRIPTION    	
		"An entry contains authentication type configuration."
        INDEX          	{ zyAaaAuthenticationTypeName }
        ::= { zyxelAaaAuthenticationTypeTable 1 }

        ZyxelAaaAuthenticationTypeEntry ::=
           SEQUENCE {
        	zyAaaAuthenticationTypeName			DisplayString,
        	zyAaaAuthenticationTypeMethodList	OCTET STRING
           }

        zyAaaAuthenticationTypeName OBJECT-TYPE
        SYNTAX  DisplayString
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
        "'Privilege Enable' means to authenticate access privilege level for administrator accounts (users for switch management). 
		 'Login' means to authenticate administrator accounts (users for switch management)."
        ::= { zyxelAaaAuthenticationTypeEntry 1 }

        zyAaaAuthenticationTypeMethodList OBJECT-TYPE
        SYNTAX  OCTET STRING
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
        "There are three methods for the switch to authenticate the two types. 
		 The switch checks the methods in the order you configure them 
		 (first Method 1, then Method 2 and finally Method 3). 
		 You must configure the settings in the Method 1 field. 
		 If you want the switch to check other sources for authentication, 
		 specified them in Method 2 and Method 3 fields."
        ::= { zyxelAaaAuthenticationTypeEntry 2 }   
        
        
		zyxelAaaAuthorizationSetup      	OBJECT IDENTIFIER ::= { zyxelAaaSetup 2 }
		
		zyAaaAuthorizationConsoleState OBJECT-TYPE
		SYNTAX  EnabledStatus
		MAX-ACCESS  read-write
		STATUS  current
		DESCRIPTION
        "Enable/Disable authorization on console for the switch."
		::= { zyxelAaaAuthorizationSetup 1 }
		
-- 		zyxelAaaAuthorizationTypeTable
		zyxelAaaAuthorizationTypeTable OBJECT-TYPE
        SYNTAX	SEQUENCE OF ZyxelAaaAuthorizationTypeEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
        "The table contains authorization type configuration."
        ::= { zyxelAaaAuthorizationSetup 2 }
        
   		zyxelAaaAuthorizationTypeEntry OBJECT-TYPE
        SYNTAX	ZyxelAaaAuthorizationTypeEntry
        MAX-ACCESS	not-accessible
        STATUS	current
        DESCRIPTION    	
		"An entry contains authorization type configuration. "
        INDEX          	{ zyAaaAuthorizationTypeName }
        ::= { zyxelAaaAuthorizationTypeTable 1 }

        ZyxelAaaAuthorizationTypeEntry ::=
           SEQUENCE {
         	zyAaaAuthorizationTypeName		DisplayString,
         	zyAaaAuthorizationTypeState		EnabledStatus,	         	
         	zyAaaAuthorizationTypeMethod	INTEGER
           }

		zyAaaAuthorizationTypeName OBJECT-TYPE
		SYNTAX  DisplayString
		MAX-ACCESS  not-accessible
		STATUS  current
		DESCRIPTION
        "'Exec' allows an administrator which logs in the switch through Telnet 
		 or SSH to have different access privilege level assigned via the external server. 
		 'Dot1x' allows an IEEE 802.1x client to have different bandwidth limit or VLAN ID 
		 assigned via the external server."
		::= { zyxelAaaAuthorizationTypeEntry 1 }

		zyAaaAuthorizationTypeState OBJECT-TYPE
		SYNTAX  EnabledStatus
		MAX-ACCESS  read-write
		STATUS  current
		DESCRIPTION
        "Enable/Disable authorization for a specified event type."
		::= { zyxelAaaAuthorizationTypeEntry 2 }

		zyAaaAuthorizationTypeMethod OBJECT-TYPE
		SYNTAX  INTEGER{		
       	 	radius(1),
			tacacs(2)		
		}
		MAX-ACCESS  read-write
		STATUS  current
		DESCRIPTION
        "Enter whether you want to use RADIUS or TACACS+ for authorization of 
		 specific types of events. RADIUS is the only method for IEEE 802.1x authorization."
		::= { zyxelAaaAuthorizationTypeEntry 3 }
	 

--		zyxelAaaAccountingSetup	    
	    
    	zyxelAaaAccountingSetup      	OBJECT IDENTIFIER ::= { zyxelAaaSetup 3 }      
		zyAaaAccountingUpdatePeriod OBJECT-TYPE
		SYNTAX  Integer32
		MAX-ACCESS  read-write
		STATUS  current
		DESCRIPTION
        "The amount of time in minutes before the switch sends an update to the accounting server."
		::= { zyxelAaaAccountingSetup 1 }		
	
-- 		accountingTypeTable
        zyxelAaaAccountingTypeTable OBJECT-TYPE
        SYNTAX	SEQUENCE OF ZyxelAaaAccountingTypeEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
        "The table contains accounting type configuration."
        ::= { zyxelAaaAccountingSetup 2 }
        
		zyxelAaaAccountingTypeEntry OBJECT-TYPE
        SYNTAX	ZyxelAaaAccountingTypeEntry
        MAX-ACCESS	not-accessible
        STATUS	current
        DESCRIPTION    	
		"An entry contains accounting type configuration."
        INDEX          	{ zyAaaAccountingTypeName }
        ::= { zyxelAaaAccountingTypeTable 1 }

        ZyxelAaaAccountingTypeEntry ::=
        SEQUENCE {
         	zyAaaAccountingTypeName				DisplayString,
        	zyAaaAccountingTypeState			EnabledStatus,	         	
         	zyAaaAccountingTypeBroadcastState	EnabledStatus,	         	
         	zyAaaAccountingTypeMode				INTEGER,
         	zyAaaAccountingTypeMethod			INTEGER,
         	zyAaaAccountingTypePrivilege		INTEGER        	
        }

		zyAaaAccountingTypeName OBJECT-TYPE
		SYNTAX  DisplayString
		MAX-ACCESS  not-accessible
		STATUS  current
		DESCRIPTION
        "'System' means the switch will send information when the following 
		     system events occur: system boots up, system shuts down, system 
		     accounting is enabled, and system accounting is disabled. 
		  'Exec' means the switch will send information when an administrator 
		     logs in and logs out via the console port, telnet or SSH. 
		  'Dot1x' means the switch will send information when an IEEE 802.1x 
		     client begins a session (authenticates via the switch), ends a session 
			 as well as interim updates of a session. 
		  'Commands' means the switch to send information when commands of specified 
		     privilege level and higher are executed on the switch."
		::= { zyxelAaaAccountingTypeEntry 1 }

		zyAaaAccountingTypeState OBJECT-TYPE
		SYNTAX  EnabledStatus
		MAX-ACCESS  read-write
		STATUS  current
		DESCRIPTION
        "Enable/Disable accounting for a specified event type."
		::= { zyxelAaaAccountingTypeEntry 2 }

		zyAaaAccountingTypeBroadcastState OBJECT-TYPE
		SYNTAX  EnabledStatus
		MAX-ACCESS  read-write
		STATUS  current
		DESCRIPTION
        "Enable/Disable this to have the switch send accounting information to 
		 all configured accounting servers at the same time."
		::= { zyxelAaaAccountingTypeEntry 3 }

		zyAaaAccountingTypeMode OBJECT-TYPE
		SYNTAX  INTEGER{
			notAvailable(255),
        	startStop(1),
			stopOnly(2)		
		}
		MAX-ACCESS  read-write
		STATUS  current
		DESCRIPTION
       	"The switch supports two modes of recording login events. Select 'startStop' to 
		 have the switch send information to the accounting server when a user begins a 
		 session, during a user's session (if it lasts past the Update Period), 
		 and when a user ends a session. Select 'stopOnly' to have the switch send 
		 information to the accounting server only when a user ends a session."
		::= { zyxelAaaAccountingTypeEntry 4 }

		zyAaaAccountingTypeMethod OBJECT-TYPE
		SYNTAX  INTEGER{		
        	radius(1),
			tacacs(2)		
		}
		MAX-ACCESS  read-write
		STATUS  current
		DESCRIPTION
        "Enter whether you want to use RADIUS or TACACS+ for accounting of specified types of events."
		::= { zyxelAaaAccountingTypeEntry 5 }

		zyAaaAccountingTypePrivilege OBJECT-TYPE
		SYNTAX  INTEGER{	
			notAvailable(255),
			privilege0(0),
			privilege1(1),
			privilege2(2),
			privilege3(3),
			privilege4(4),
			privilege5(5),
			privilege6(6),
			privilege7(7),
			privilege8(8),
			privilege9(9),
			privilege10(10),
			privilege11(11),
			privilege12(12),
			privilege13(13),
			privilege14(14)        		
		}
		MAX-ACCESS  read-write
		STATUS  current
		DESCRIPTION
        "This is only configurable for commands type of event. Enter the threshold command 
		 privilege level for which the switch should send accounting information. 
		 The switch will send accounting information when commands at the level you specify 
		 and higher are executed on the switch."
		::= { zyxelAaaAccountingTypeEntry 6 }
 
  
--	2. zyxelAaaTrapInfoObjects Traps 
		
		zyAaaTrapAuthenticationMethod OBJECT-TYPE
        SYNTAX  INTEGER{
			snmp(0), 
			ftp(1), 
			console(2), 
			ssh(3), 
			https(4), 
			http(5), 
			telnet(6)
		}
        MAX-ACCESS  not-accessible
        STATUS  current  
       	DESCRIPTION
        "This trap displays which authentication method is failed."
        ::= { zyxelAaaTrapInfoObjects 1 }
      
		zyAaaTrapAuthorizationMethod OBJECT-TYPE
        SYNTAX  INTEGER {
			dot1x(0), 
			ssh(1), 
			http(2), 
			telnet(3), 
			ftp(4),
			console(5)
		}
        MAX-ACCESS  not-accessible
        STATUS  current 
        DESCRIPTION
        "This trap displays which authorization method is failed."
        ::= { zyxelAaaTrapInfoObjects 2 } 
 
--	3. zyxelAaaNotifications Traps 
	
		zyAaaAuthenticationFailure NOTIFICATION-TYPE
		OBJECTS {
				zyAaaTrapAuthenticationMethod
         }       
		STATUS  current
		DESCRIPTION
        "Management connection authentication has failed."
		::= { zyxelAaaNotifications 1 }      

		zyAaaAuthorizationFailure NOTIFICATION-TYPE
		OBJECTS {
				zyAaaTrapAuthorizationMethod
         }       
		STATUS  current
		DESCRIPTION
        "Management connection authorization has failed."
		::= { zyxelAaaNotifications 2 } 		
		

END

