ALCATEL-IND1-AAA-MIB: View SNMP OID List / Download MIB

Branch For Authentication, Authorization, and Accounting (AAA) Subsystem Managed Objects.

This table shows current configuration for each AAA server.

An AAA server configuration identified by its protocol and its index. An entry is created/removed when a server is defined or undefined with IOS configuration commands via CLI or by issuing appropriate sets to this table using snmp.

Name of the server. This name is given by the operator to refer the server.

Protocol used with the server: radius(1) - RADIUS ldap(2) - LDAP ace(3) - ACE tacacs(4) - TACACS+

DNS name of the server host.

IP address of the server host.

DNS name of the backup server host.

IP address of the backup server host.

Number of retries the switch makes to the server to authenticate a user before trying the next backup server. The default value is 3.

Time-out for server replies to authentication requests. The default value is 2.

The shared secret is a string of characters known to the switch and to the RADIUS server, but it is not sent out over the network. The secret can be any text string and must be configured here as well as on the server. The secret is stored encrypted using a two way algorithm.

For RADIUS server only. Port number for authentication request; the host is not used for authentication if set to 0. The default value is 1645.

For RADIUS server only. Port number for accounting request; the host is not used for authentication if set to 0. The default value is 1646.

For LDAP server only. Port number for LDAP server host.

For LDAP server only. the super user dn, i.e., the administrative distinguished name recognized by the LDAP-enabled directory servers (e.g., cn=manager)

For LDAP server only. the super user password, i.e., the administrative password recognized by LDAP-enabled directory servers (e.g., secret). The secret is stored encrypted using a two way algorithm.

For LDAP server only. Search base recognized by LDAP-enabled directory servers (e.g.,o=company, c=US).

For LDAP server only. Directory server type used in LDAP Authentication: ns(0) - non significant value generic(1) - Generic Schema netscape(2) - Netscape Directory Server novell(3) - Novell NDS sun(4) - Sun Directory Services microsoft(5) - Microsoft Active Directory

Only for LDAP server. Specify if the connection between the swtich and the LDAP server use a SSL session.

Only for ACE server. The ACE/Server generates a secrets that it sends to clients for authentication. While you cannot configure the secret on the switch, you can clear it. To clear the current ACE/Server secret, set this OID. After clearing the secret on the switch, you must also clear the secret from the ACE server.

The status of this table entry.

The shared secret is a string of characters known to the switch and to the TACACS+ server, but it is not sent out over the network. The secret can be any text string and must be configured here as well as on the server. The secret is stored encrypted using a two way algorithm.

For TACACS+ server only. Port number for LDAP server host.

For HTTP server only. Port number for LDAP server host.

For HTTP server only. A combination of directory tree and filename where the CRL can be found.

For HTTP server only. DNS name of the proxy server.

For HTTP server only. IP address of the proxy server.

For HTTP server only. Port number for HTTP proxy server.

Name of the VRF that the server is on. This VRF name is valid only when the server type is RADIUS. (aaasProtocol = 1 (Radius).

Only for Radius Server. This Attribute contains a text string which identifies the case of the Mac Address Authentication.

Only for Radius Server. This Attribute contains a text string which identifies the port of the NAS which is authenticating the user.

Only for Radius Server. This Attribute contains a text string which identifies the port of the NAS which is authenticating the user.

Only for Radius Server. It indicates the type of the physical port of the NAS which is authenticating the user.

This Attribute shall set Mac-address-format to uppercase or lowercase. By default the format will be uppercase.

Getting command based Accounting Session_ID

To enable/disable mac-address case feature

The current status of the configured server

To Enable/Disable Radius-Health-Check feature

To set polling value for each radius server

To enable/disable failover for radius server

Username for Radius server

Password for radius server

The status of primary server

The status of backup server

Getting command based authorization from theTACACS+ server

This object indicates the value of wait time from the TACACS+ server

This table allow to display and modify the configuration of the authentication servers for the authenticated vlans.

There can be one or several entries in this table. In case of single authority, all vlan are authenticated by the same set of servers, the aaatvVlan index is then equal to 0. In case of multiple authorities, each authenticated vlan has its own list of servers.

It indicate the vlan number authenticated by the servers. The value (0) means that all vlan are authenticated by the same servers (single mode configuration).

Name of the server. It corresponds to an index value of the aaaServerTable An Ace server can not be used in front hand.

Name of the server. It corresponds to an index value of the aaaServerTable An Ace server can not be used in front hand.

Name of the server. It corresponds to an index value of the aaaServerTable An Ace server can not be used in front hand.

Name of the server. It corresponds to an index value of the aaaServerTable An Ace server can not be used in front hand.

The status of this table entry.

use of x509 user certificate during the HTTPs session establisment. noCertificate(0)- no user certificate is required, certificateOnly(1) - the DN from the certifiicate is used to access to the authorization data of the user certificateWithPassword(2) - the user must execute a log-in procedure with user name and password after his certificate validation

This table allow to display and modify the configuration of the authentication servers for the switch accesses.

A switch access authentication entry is specified by the type of access.

Type of connection that must be authenticated default(1) -define the default authentication method for console, telnet, ftp, snmp , http and ssh. If the operator interface is not especially configured the default value is applied to this interface.

Name of the server. Special value local correspond to the local database. Other name correspond to an index value of the aaaServerTable snmp entry can only use ldap server and local database.

Name of a server used if the precedent is not accessible. Special value local correspond to the local database. Other name correspond to an index value of the aaaServerTable snmp entry can only use ldap server and local database.

Name of a server used if the precedent is not accessible. Special value local correspond to the local database. Other name correspond to an index value of the aaaServerTable snmp entry can only use ldap server and local database.

Name of a server used if the precedent is not accessible. Special value local correspond to the local database. Other name correspond to an index value of the aaaServerTable snmp entry can only use ldap server and local database.

Name of a server used if the precedent is not accessible. Special value local correspond to the local database. Other name correspond to an index value of the aaaServerTable snmp entry can only use ldap server and local database.

The status of this table entry.

use of x509 user certificate during the HTTPs session establisment. noCertificate(0)- no user certificate is required, certificateOnly(1) - the DN from the certifiicate is used to access to the authorization data of the user certificateWithPassword(2) - the user must execute a log-in procedure with user name and password after his certificate validation

This table allows to display and configure the accounting servers for authenticated Vlans.

There can be one or several entries in this table. In case of single authority, accounting information for all vlans are sent to the same set of servers, the aaatVlan index is then equal to 0. In case of multiple authorities, each authenticated vlan has its own list of servers.

Current vlan number. The value (0) for avlan interface means that all authenticated vlans use the same servers for authentication.

Name of the server. Special value local correspond to the local log. Other name correspond to an index value of the aaaServerTable An Ace server can not be used for accounting.

Name of a server used if the precedent is not accessible. Special value local correspond to the local log. Other name correspond to an index value of the aaaServerTable An Ace server can not be used for accounting.

Name of a server used if the precedent is not accessible. Special value local correspond to the local log. Other name correspond to an index value of the aaaServerTable An Ace server can not be used for accounting.

Name of a server used if the precedent is not accessible. Special value local correspond to the local log. Other name correspond to an index value of the aaaServerTable An Ace server can not be used for accounting.

The status of this table entry.

This table shows current configuration for Switch access accounting.

Accounting configuration for switch access.

For now, accounting for console, telnet, ftp, http, snmp, ssh are stored in the same set of servers, the index is always (1).

Name of the server. Special value local correspond to the local log. Other name correspond to an index value of the aaaServerTable An Ace server can not be used for accounting.

Name of a server used if the precedent is not accessible. Special value local correspond to the local log. Other name correspond to an index value of the aaaServerTable An Ace server can not be used for accounting.

Name of a server used if the precedent is not accessible. Special value local correspond to the local log. Other name correspond to an index value of the aaaServerTable An Ace server can not be used for accounting.

Name of a server used if the precedent is not accessible. Special value local correspond to the local log. Other name correspond to an index value of the aaaServerTable An Ace server can not be used for accounting.

The status of this table entry.

Getting command based Accounting Session_ID

Name of a server used if the precedent is not accessible. Special value local correspond to the local log. Other name correspond to an index value of the aaaServerTable An Ace server can not be used for accounting.

This table shows current configuration for 802.1X authentication.

configuration for 802.1X authentication.

For now, the index is always (1).

Name of the server. It corresponds to an index value of the aaaServerTable Only RADIUS server can be used in front hand.

Name of the server. It corresponds to an index value of the aaaServerTable Only RADIUS server can be used in front hand.

Name of the server. It corresponds to an index value of the aaaServerTable Only RADIUS server can be used in front hand.

Name of the server. It corresponds to an index value of the aaaServerTable Only RADIUS server can be used in front hand.

Type of port openning after authentication. If open-global(1) the port treats packet with unknown MAC addresses like an un-authenticated port. If open-unique(2), the port drops incomming packet with unknown MAC addresses.

The status of this table entry.

Name of the server. It corresponds to an index value of the aaaServerTable Only RADIUS server can be used in front hand.

This table shows current configuration for 802.1X accounting.

Configuration for 802.1X accounting.

For now, the index is always (1).

Name of the server. It corresponds to an index value of the aaaServerTable Only RADIUS server can be used in front hand.

Name of the server. It corresponds to an index value of the aaaServerTable Only RADIUS server can be used in front hand.

Name of the server. It corresponds to an index value of the aaaServerTable Only RADIUS server can be used in front hand.

Name of the server. It corresponds to an index value of the aaaServerTable Only RADIUS server can be used in front hand.

The status of this table entry.

Name of the server. It corresponds to an index value of the aaaServerTable Only RADIUS server can be used in front hand.

This table shows current configuration for PKI.

Configuration for PKI.

For now, the index is always (1).

Name of the server contening the CRL. It corresponds to an index value of the aaaServerTable

Name of the server contening the CRL. It corresponds to an index value of the aaaServerTable

Name of the server contening the CRL. It corresponds to an index value of the aaaServerTable

Name of the server contening the CRL. It corresponds to an index value of the aaaServerTable

level of control to do on the user certificate. certificate means that there is a valid chain of certificate between the user certificate and a root certificate known by the switch. The root certificates are managed using specific pki commands. All certificates are valid and well signed. not-revoked means that using CRL or other ways configuring using pki commands the non-revocation of the certificate is checked. repository means that after the precedent control, there is a binary comparison of the certificate on the server and the one received during the authorization (instantaneous revocation possible) This verification is only possible when the access handler is configured with certificateOnly

The status of this table entry.

This table shows current configuration for non-suplicant ( MAC based ) authentication.

configuration for MAC based authentication.

For now, the index is always (1).

Name of the server. It corresponds to an index value of the aaaServerTable Only RADIUS server can be used in front hand.

Name of the server. It corresponds to an index value of the aaaServerTable Only RADIUS server can be used in front hand.

Name of the server. It corresponds to an index value of the aaaServerTable Only RADIUS server can be used in front hand.

Name of the server. It corresponds to an index value of the aaaServerTable Only RADIUS server can be used in front hand.

The status of this table entry.

Name of the server. It corresponds to an index value of the aaaServerTable Only RADIUS server can be used in front hand.

This table stores the commands that will be logged during an accounting session. This feature is valid only for Tacacs+ accounting

Tacacs+ Accounting configuration for executed commands.

For now, accounting for console, telnet, ftp, http, snmp, ssh are stored in the same set of servers, the index is always (1).

Name of the Tacacs+ server. Other name correspond to an index value of the aaaServerTable

Name of the Tacacs+ server used if the precedent is not accessible. Other name correspond to an index value of the aaaServerTable

Name of the Tacacs+ server used if the precedent is not accessible. Other name correspond to an index value of the aaaServerTable

Name of the Tacacs+ server used if the precedent is not accessible. Other name correspond to an index value of the aaaServerTable

The status of this table entry.

Name of the Tacacs+ server used if the precedent is not accessible. Other name correspond to an index value of the aaaServerTable

This table shows current configuration for MAC accounting.

Configuration for MAC accounting.

For now, the index is always (1).

Name of the server. It corresponds to an index value of the aaaServerTable Only RADIUS server can be used in front hand.

Name of the server. It corresponds to an index value of the aaaServerTable Only RADIUS server can be used in front hand.

Name of the server. It corresponds to an index value of the aaaServerTable Only RADIUS server can be used in front hand.

Name of the server. It corresponds to an index value of the aaaServerTable Only RADIUS server can be used in front hand.

The status of this table entry.

Name of the server. It corresponds to an index value of the aaaServerTable Only RADIUS server can be used in front hand.

This table shows current configuration for the local user database.

An user configuration identified by its user name.

Name of the user.

Password of the user. For get response the password in encoded in a one way method. This makes the password readable by noone.

Specifies the families that the user can execute with read right. Each bit of the 32-bit integer mask represents a commands family number. When the family bit is set, the user is allowed to run commands of this family.First part of the bitmask.If the value is not specified, the value configured for the default user is taken

Specifies the families that the user can execute with read right. Each bit of the 32-bit integer mask represents a commands family number. When the family bit is set, the user is allowed to run commands of this family.Second part of the bitmask.If the value is not specified, the value configured for the default user is taken

Specifies the families that the user can execute with write right. Each bit of the 32-bit integer mask represents a commands family number. When the family bit is set, the user is allowed to run commands of this family. First part of the bitmask.If the value is not specified, the value configured for the default user is taken

Specifies the families that the user can execute with write right. Each bit of the 32-bit integer mask represents a commands family number. When the family bit is set, the user is allowed to run commands of this family. Second part of the bitmask.If the value is not specified, the value configured for the default user is taken

Specifies the profile number. A profile number in the user account database represents the geographic privilege. This number points to an entry in the table of the user profiles.

Specifies if the user is authorized to use SNMP and if yes its security level. no(1) - Not authorized to use SNMP. noauth(2) - SNMPv1,SNMPv2c or SNMPv3 without authentication. sha(3) - SNMPv3 with SHA authentication and no encryption. md5(4) - SNMPv3 with MD5 authentication and no encryption. sha-des(5) - SNMPv3 with SHA authentication and encryption. md5-des(6) - SNMPv3 with MD5 authentication and encryption. shaAes(7) - SNMPv3 with SHA authentication and Aes encryption. shaAes192(8) - SNMPv3 with SHA authentication and Aes192 encryption. shaAes256(9) - SNMPv3 with SHA authentication and Aes256 encryption. sha3Des(10) - SNMPv3 with SHA authentication and 3Des encryption. sha224(11) - SNMPv3 with SHA224 authentication and no encryption. sha256(12) - SNMPv3 with SHA256 authentication and no encryption. sha224Aes(13) - SNMPv3 with SHA224 authentication and Aes encryption. sha224Aes192(14) - SNMPv3 with SHA224 authentication and Aes192 encryption. sha224Aes256(15) - SNMPv3 with SHA224 authentication and Aes256 encryption. sha2243Des(16) - SNMPv3 with SHA224 authentication and 3Des encryption. sha256Aes(17) - SNMPv3 with SHA256 authentication and Aes encryption. sha256Aes192(18) - SNMPv3 with SHA256 authentication and Aes192 encryption. sha256Aes256(19) - SNMPv3 with SHA256 authentication and Aes256 encryption. sha2563Des(20) - SNMPv3 with SHA256 authentication and 3Des encryption. If the value is not specified, the value configured for the default user is taken

Authentication key of the user. The key is encoded in a two way method. The encryption key is deducted from this key.

The status of this table entry.

Internal use

Specifies the END user profile name.

The local time of when the password would be expired. This date will be reset once the value of aaaAsaDefaultPasswordExpirationInDays is updated. Only the following format is valid: mm/dd/yyyy hh:mm where mm - month (1-12) dd - day (1-31) yyyy - year (2000-2050) hh - hour (1-24) mm - minute (1-59) Password will not be expired if set to empty string

Number of minutes from now till the password expiration time. Setting this object will update aaauPasswordExpirationDate. If -1, password will not be expired. If 0, password has been expired.

The local time of when the password can be start to be modified. This date will be reset once the value of aaauPasswordAllowModifyDate is updated. Only the following format is valid: mm/dd/yyyy hh:mm where mm - month (1-12) dd - day (1-31) yyyy - year (2000-2050) hh - hour (1-24) mm - minute (1-59) Password will not be expired if set to empty string

Indicate whether this account is locked out.

Number bad password attempts in the observation window.

Enable or disable User SNMP only restriction

Privacy Password of the user. For get response the password in encoded in a one way method. This makes the password readable by none.

Provide the list of users currently authenticated into the switch for bridging purpose.

An entry in the AaaAuthenticatedUserTable.

Mac address of the users device.

Login name of the user.

Slot number on which user is connected.

Port number on which the user is connected.

Vlan number on which the user is authenticated.

Allow to remove a Mac address from a Vlan. The corresponding user is logged out of the network.

Dns name used to get the authentication Web page when authenticating using http.

IP address that is used as the DHCP gateway address before the user get authenticated.It specifies the subnet into which a client receives its IP address prior to authentication

Enable the traffic in the default vlan prior to authentication if the value is true

Associate a MAC address to a specific Vlan on an authenticated port (printers, ...)

Force to read the language specific file for HTTP AVLAN (label.txt)

Minimum number of digits of the passwords ( nominator aaauPassword).

Default password expiration time in days to be applied to all users. Updating this object will reset aaauPasswordExpirationDate. Password expiration will not be enforced if set to 0.

Indicate whether check password contains username or not.

Minimum number of English uppercase characters required for password. 0 is disable

Minimum number of English lowercase characters required for password 0 is disable.

Minimum number of base-10 digits required for password. 0 is disable

Minimum number of non-alphanumeric required for password. 0 is disable

Password history feature will prevent users from repeatedly using the same password. 0 is disable

The password cant be modified in these days. 0 is disable

The window of time in which the system increments the bad logon count.(minutes) 0 is disable

The amount of time that an account is locked due to the aaauLockoutThreshold being exceeded.(minutes) 0 is disable

The number of invalid logon attempts that are permitted before the account is locked out. 0 is disable

Global user config to allow/deny ping and traceroute cmds for read-only user. 0 - disable 1 - enable

Enable or disable AdminUser console only restriction

Password to be used for reading certificate

Globally sets the access mode as enhanced or default. 0 - default 1 - enhanced

This object indicates the value of the threshold for failed login attempts from an IP address after which the IP address will be banned from switch access

Enable or disable Management station in Enhanced mode

Vlan authenticated IP address Table

Vlan authenticated IP address entry

Vlan Id corresponding to the authenticated IP address

Authenticated IP address for this vlan id

User Network Profile Table

User Network Profile entry

The name of this profile.

The VLAN id for this profile.

The status of this table entry.

The flag to indicate if HIC is enabled (1) or disabled (2).

The name of the QoS Policy List name that will be used if this User Network Profile is applied for a given device along with aaaUserNetProfileVlanID.

Maximum Ingress Bandwidth (Kbits/sec) allowed for traffic associated to this profile. If -1, specifies Not Applicable Bandwidth means Ingress Bw will not be applied.

Maximum Egress Bandwidth (Kbits/sec) allowed for traffic associated to this profile. If -1, specifies Not Applicable Bandwidth means Egress Bw will not be applied.

Maximum Default Depth (Kbits/sec) associated to Bandwidth. If -1, specifies Not Applicable Depth.For depth value of -1 and 0 default optimal depth will be applied, otherwise BW will be applied with depth specified

The redirection url is used to re-direct to the Clearpass page for the BYOD feature.

The Agent Config Information 1 -- Default(Loopback0 or closest IP) 2 -- Non Loopback0 3 -- Interface IP Specified by User This object has been obsoleted. Use the alaIpManagedIntfEntry objects in AlcatelIND1Ip.mib

The Agent IP Address in Radius Packets. This object has been obsoleted. Use the alaIpManagedIntfEntry objects in AlcatelIND1Ip.mib

This table shows current configuration for each HIC server.

A HIC server configuration.

Name of the server. This name is given by the operator to refer the server.

IP address of the server host.

For HIC server only. Port number for HIC request

The shared secret is a string of characters known to the switch and to the HIC server. It is used to compute the digest to preserve the integrity between the HIC server and the AoS Switch. The secret is stored encrypted using a two way algorithm.

The status of this table entry.

HIC server status.

Role of the server either primary or backup

The server connection specifies the current mode of the server either active or inactive.

This table contains the list of allowed/exception IP Addresses the the HIC hosts allowed to access during HIC. Those are the IP addresses of the Remediation/Patch servers, and the Web Agent Download server.

A Remediation server configuration.

Name of the server. This name is given by the operator to refer the server.

IP address of the allowed entry.

IP Mask of the allowed entry.

The status of this table entry.

This table shows list of MAC addresses that overrides the existing HIC status.

HIC MAC override list configuration.

Static MAC address index to each override entry.

Overriding status of each static MAC address.

The status of this table entry.

This table shows list of HIC Hosts and their active HIC status.

HIC Host status information.

Static MAC address index to each override entry.

HIC status of each HIC Host.

HIC Status. The HIC server has to be configured before HIC can be enabled.

Name of the rem server. This name is given by the operator to refer the remediation server.

Name of the rem server. This name is given by the operator to refer the alternate remediation server.

Name of the rem server. This name is given by the operator to refer the alternate remediation server.

Name of the rem server. This name is given by the operator to refer the alternate remediation server.

The URL for web agent download.

The custom HTTP port for QoS to intercept the hosts initial HTTP request.

Background-poll-interval provides time frequency in seconds for background polling packets.

The server-failure-mode specifies the policy to be followed in case both the servers are not reachable, value can be either passthrough or hold

A list of IP network address rules. This is used to match the InetAddress of a packet to a User Network Profile entry.

An IP network address rule entry.

The IP network address type used for VLAN classification. For now Only IPv4 is supported.

The IP network address used for VLAN classification. Only IPv4 is supported.

The IP network mask applying to the IP network address.

The profile name in the User Network Profile Table to be applied.

Row Status for creating/deleting rules.

A list of MAC address rules. This is used to match the MAC Address of a packet to a User Network Profile entry

A MAC rule entry.

The MAC address used for VLAN classification.

The profile name in the User Network Profile Table to be applied.

Row Status for creating/deleting rules.

A list of MAC range rules. This is used to match the MAC Address Range of a packet to a User Network Profile entry.

A MAC range rule entry.

The lower bound of MAC address range used for VLAN classification.

The upper bound of MAC address range used for VLAN classification.

The profile name in the User Network Profile Table to be applied.

Row Status for creating/deleting rules.

This table shows current configuration for HIC server down UNP mapping.

A HIC server down UNP configuration.

The profile name which needs to be modified when the HIC server is down.

The target UNP profile name to which the host needs to be moved when the HIC server is down.

Row Status for creating/deleting UNP mapping.

This table is used to configure ClearPass redirect server name with its Ip address and url list.

Redirect server configuration.

The name of the ClearPass redirect server name.

The Ip Address for the clearpass rediret server for BYOD feature.

The redirect URL configured on the server. Maximum it can accept 5 URLs.

The redirect URL configured on the server. Maximum it can accept 5 URLs.

The redirect URL configured on the server. Maximum it can accept 5 URLs.

The redirect URL configured on the server. Maximum it can accept 5 URLs.

The redirect URL configured on the server. Maximum it can accept 5 URLs.

The Rowstatus of the Redirect Server Entry.

This table is used to configure redirect URLs for the redirection to happen.

Redirect URL configuration.Maximum 5 entries can be allowed

The name of the redirect URL.At maximum 5 redirect URLS can be allowed per switch.

The URL where the redirect should happen. At maximum 5 URLS can be allowed per switch.

The RowStatus of the table entry.

This is used to configure the pause timer value. Default value is 0.

This command is used to globally enable/disable port bounce config in switch.

A table to list port bounce status in slot/port basis.

Entries for aaa port bounce slot/port status.

The physical slot number to enable/disable port bounce.

The interface number of the switch.

Enabling/Disabling Port bounce in slot/port basis.

This table is used to configure the BYOD white list IP address.

BYOD White List IP configuration.

The Ip Address added as a whitelist entry.

The IP network mask applying to the whitelist IP address.

The RowStatus of the table entry.

This table is used to configure SwitchAccess management stations Ip address.

SwitchAccessManagementStation configuration.

The Ip Address for the SwitchAccess management station

The Ip Address mask for the SwitchAccess management station

The Rowstatus of the AaaSwitchAccessMgmtStationEntry. 0 (allowed) 1 (blocked).

This table is used to retrieve the Banned Ip address.

SwitchAccessManagementStation configuration.

To see the list of ip addresses which are banned

The Rowstatus of the AaaSwitchAccessBannedIpEntry. 1 - active. 0 - inactive.

This table is used to create the read write permissions for the each session.

Priv mask configuration identified by the access type

Name of the access type

Specifies the families through the access type can execute with read right. Each bit of the 32-bit integer mask represents a commands family number. When the family bit is set, through the access type the user is allowed to run commands of this family.First part of the bitmask.If the value is not specified, the value configured for the default.

Specifies the families through the access type can execute with read right. Each bit of the 32-bit integer mask represents a commands family number. When the family bit is set, through the access type the user is allowed to run commands of this family.First part of the bitmask.If the value is not specified, the value configured for the default.

Specifies the families through the access type can execute with read right. Each bit of the 32-bit integer mask represents a commands family number. When the family bit is set, through the access type the user is allowed to run commands of this family.First part of the bitmask.If the value is not specified, the value configured for the default.

Specifies the families through the access type can execute with read right. Each bit of the 32-bit integer mask represents a commands family number. When the family bit is set, through the access type the user is allowed to run commands of this family.First part of the bitmask.If the value is not specified, the value configured for the default.

The status of this table entry.

Name of the CA bundle file (in PEM format) stored in /flash/switch directory.

Name of the CRL file (in PEM format) stored in /flash/switch directory.

Name of the rsa key file stored in /flash/switch directory.

Name of the certificate to be verified stored in /flash/switch directory.

Name of the self-signed certificate file stored in /flash/switch directory.

Name of the key file file stored in /flash/switch directory.

The valid period in days of certificate.

The certificate common name.

The certificate organization name .

The certificate organization unit.

Locality of the certificate organization.

The state of certificate organization.

The country of certificate organization.

Create/delete self-signed certificate stored in /flash/switch directory.

The domain name of csr file stored in /flash/switch directory.

Name of key file stored in /flash/switch directory.

The csr common name.

The csr organization name .

The csr organization unit.

Locality of the certificate organization.

The state of certificate organization.

The country of certificate organization.

Branch For Authentication, Authorization, and Accounting (AAA) Subsystem Conformance Information.

Branch For Authentication, Authorization, and Accounting (AAA) Subsystem Units Of Conformance.

Branch For Authentication, Authorization, and Accounting (AAA) Subsystem Compliance Statements.

HIC/Rem/WebDL servers IP address.

Current active HIC servers IP address.

HIC servers Role.

HIC servers Name.

System name

This is the IP-address with which authentication request is sent. It is the IP-Address of the switch

This the port-ID, which is filled in Auth-request.

user-name string.

Type of authentication which took place.

Failure reason for which authentication failed.