CISCO-REMOTE-ACCESS-MONITOR-MIB: View SNMP OID List / Download MIB

Acronyms and Definitions The following acronyms and terms are used in this document: IPSec: Secure IP Protocol VPN: Virtual Private Network RAS: Remote Access Service ISP: Internet Service Provider. LAN: Local Area Network Group: A collection of remote access users grouped and managed together as a single entity for administrative convenience. Session: A Remote Access Session. SVC: SSL VPN Client Webvpn: VPN connection established using web browser. Overview of the MIB This is a MIB Module for monitoring the structures in Virtual Private Networks based remote access networks. The MIB seeks to create a common model of Remote Access across implementations of the service on layer 2 (PPTP, L2TP, L2F), layer 3 (IPsec) and layer 4 (SSL) virtual private networks. The MIB defines counters and objects of interest to performance/fault monitoring in a way which is independent of the technology of the remote access implementation. MIB contains eight major groups of objects which are used to manage Remote Access connections: a) Remote Access capacity group This section defines metrics to gauge the limits of resources on this device which are critical to RAS service. b) Remote Access resource usage group This section defines metrics to gauge the usage of resources on this device which are critical to RAS service service. c) Current activity and performance of RAS service This section defines metrics to gauge the current remote access activity. d) Remote Access Service failures This section defines metrics to monitor session failures and failures of the service itself, measured at aggregate level, session level and group level. e) Security violations in the Remote Access service This section defines metrics which reflect the state of remote access service of interest to Security Operations staff in an enterprise. f) Threshold group (allows definition of high water marks) This section allows the management entity to define thresholds to set high water marks on critical metrics. g) Notifications This section defines notifications to signal significant events pertaining to the Remote Access Service.

This notification is generated when the managed entity detects that the number of sessions established exceeds the set threshold crasThrMaxSessions. Once the notification has been issued, further notifications are suppressed till the value returns below the specified threshold.

This notification is generated when the managed entity detects that the number of login attempts (over all users) exceeds the set threshold for throughput (crasThrMaxFailedAuths). Once the notification has been issued, further notifications are suppressed till the value returns below the specified threshold.

This notification is generated when the managed entity detects that the current throughput of the device exceeds the set threshold for throughput (crasThrMaxThroughput). Once the notification has been issued, further notiifcations are suppressed till the value returns below the specified threshold.

The maximum number of remote access sessions that may be supported on this device. If the device imposes no arbitrary limit on the maximum number of sessions, it should return a value of 0.

The maximum number of remote access users for whom Remote Access sessions may be supported on this device. If the device imposes no arbitrary limit on the maximum number of users, it should return a value of 0.

The maximum number of remote access groups that may be defined on this device. 'Group' refers to a collection of users grouped together for administrative convenience. If the device imposes no arbitrary limit on the maximum number of groups, it should return a value of 0.

The maximum number of hardware crypto accelerators which can be installed on this device to support remote access sessions. 'cryptoaccelerator' denotes a hardware/software entity which the managed entity uses to offload some or all computations pertaining to cryptographic operations. If the device imposes no arbitrary limit on the number of crypto accelerators to support Remote Access function, it should return a value of 0.

The average bandwidth used by all the active remote access sessions.

The number of currently active sessions. A session is a connection terminating on the managed entity which has been established to provide remote access connectivity to a user. A session is said to be 'active' if it is ready to carry application traffic between the user and the managed entity. A session which is not active is defined to be 'dormant'.

The number of remote access sessions which were previously active but which where since terminated. Measured since the last reboot of the device.

The number of users who have active sessions.

The number of user groups whose members have active sessions.

The total number of packets received by all currently and previously active remote access sessions.

The total number of packets transmitted by all currently and previously active remote access sessions.

The total number of octets received by all currently and previously active remote access sessions. This value is accumulated BEFORE determining whether or not the packet should be decompressed.

The total number of decompressed octets received by all current and previous remote access sessions. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of crasGlobalInOctets.

The total number of octets transmitted by all currently and previously active remote access sessions. This value is accumulated AFTER determining whether or not the packet should be compressed.

The total number of uncompressed octets sent by all current and previous remote access sessions. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of crasGlobalOutOctets.

The total number of packets which were dropped during receive processing by all currently and previously active remote access sessions.

The total number of packets which were dropped during receive processing by all currently and previously active remote access sessions.

This table lists all the currently active sessions. For each session, it lists the attributes (user, group, protocol, security), statistics (packet and octets) and status.

Each entry contains the attributes, statistics and status of an active session.

The name of the user associated with this remote access session.

The name of the user group to which this remote access session belongs.

Unique index to distinguish between multiple Remote Access Sessions associated with the same user. The value of crasSessionIndex must increase monotonically till it wraps. An implementation may choose to wrap this index before the value of 2147483647.

The method used to authenticate the user prior to establishing the session.

The method used to authorize the user prior to establishing the session.

The number of seconds elapsed since this session was established.

The type of the address returned in 'crasLocalAddress'.

The IP address assigned to the client of this session in the private network assigned by the managed entity.

The type of the address returned in 'crasISPAddress'.

The IP address of the peer (client) assigned by the ISP. This is the address of the client device in the public network.

The protocol underlying this remote access session.

A reference to MIB definitions specific to the protocol underlying corresponding to the session or tunnel used to realized the remote access session corresponding to this conceptual row. For instance, if this remote access session is based on IPsec, then this object must contain the complete instance identifier of the IPsec tunnel corresponding to this remote access session. If no MIB definitions specific to the underlying protocol are available, the value should be set to the OBJECT IDENTIFIER { 0 0 }.

The algorithm used by this remote access session to encrypt its payload.

The algorithm used by this remote access session to to validate packets.

The algorithm used by this remote access session to compress packets.

The interval in seconds between two successive heartbeats employed by this session. Value of 0 denotes that no heartbeat is used.

The string identifying the vendor of the client application initiating this Remote Access session.

The string identifying the version of the of the client application initiating the Remote Access session. This can be used by the administrator to identify which users are running unsupported client versions.

The string identifying the vendor of the operating system on which the client application initiating the Remote Access Session is running.

The string identifying the version of the operating system of the entity which initiated this Remote Access session.

The type of the address returned in 'crasPrimWINSServer'.

The IP address of the primary WINS server assigned managed entity to this client session.

The type of the address returned in 'crasSecWINSServer'.

The IP address of the secondary WINS server assigned by the managed entity to this client session.

The type of the address returned in 'crasPrimDNSServer'.

The IP address of the primary DNS server assigned by the managed entity to this client session.

The type of the address returned in 'crasSecDNSServer'.

The IP address of the secondary DNS server assigned by the managed entity to this client session.

The type of the address returned in 'crasDHCPServer'.

The IP address of the DHCP server assigned by the managed entity to this client session.

The total number of packets received by this Remote Access session.

The total number of packets transmitted by this Remote Access Session.

The total number of packets received for processing on this session which were dropped by the managed entity.

The total number of outgoing packets on this session which were dropped during transmit processing by the managed entity.

The total number of octets received by this Remote Access Session. This value is accumulated BEFORE determining whether or not the packet should be decompressed.

The total number of octets transmitted by this Remote Access Session. This value is accumulated AFTER determining whether or not the packet should be compressed.

The state of the remote access session corresponding to this conceptual row. The management entity may use this object to terminate an established session by setting value of the object to 'terminating'.

This table lists all the currently active remote access user groups. For each group, it lists the attributes (group, aggregate activity, aggregate traffic), and status.

Each entry contains the attributes, statistics and status of an active session.

The name of the active user group corresponding to this entry.

The number of users in this group currently connected to the managed device.

The total number of packets received by this session.

The total number of packets transmitted by this session.

The total number of packets dropped by this session which were received for processing.

The total number of outgoing packets which were dropped during transmit processing by this session.

The total number of octets received by this session.

The total number of octets transmitted by this session.

The number of currently active Email proxy sessions.

The number of cumulative Email proxy sessions since system up.

The number of peak concurrent Email proxy sessions since system up.

The number of currently active IPSec sessions.

The number of cumulative IPSec sessions since system up.

The number of peak concurrent Email proxy sessions since system up.

The number of currently active LAN to LAN sessions.

The number of cumulative LAN to LAN sessions since system up.

The number of peak concurrent LAN to LAN sessions since system up.

The number of currently active Load Balancing sessions.

The number of cumulative Load Balancing sessions since system up.

The number of peak concurrent Load Balancing sessions since system up.

The number of currently active SVC sessions.

The number of cumulative SVC sessions since system up.

The number of peak concurrent SVC sessions since system up.

The number of currently active Webvpn sessions.

The number of cumulative Webvpn sessions since system up.

The number of peak concurrent Webvpn sessions since system up.

The number of attempts to establish sessions which failed, since the last reboot of the managed device.

The number of session setup attempts, counted since the last time the notification 'ciscoRasTooManyFailedAuths' was issued, which were declined due to authentication or authorization failure.

The number of session setup attempts that failed due to insufficient resources.

The number of sessions which were successfully setup but were since terminated abnormally.

The window size of the Remote Access Failure tables. The failure tables for session and group failures maintain only the last crasFailTableSize number of failure records. A value of 0 for this MIB variable indicates that archiving of the failures is disabled. An implementation may choose suitable minimum and maximum values for this element based on the local policy and available resources. If an SNMP SET request specifies a value outside this window for this element, a BAD VALUE may be returned.

This table records the last 'N' session failures, where 'N' is the value of the MIB element 'crasFailTableSize' defined earlier. A failure could be a failure to establish a session ('setup' failure) or a failure of a session after it was established ('operational' failure).

Each entry contains the attributes associated with a remote access session failure.

The index of the session failure table. The value of the index is a number which begins at one and is incremented with each session failure. The value of this object will wrap at 4,294,967,295.

The name of the user associated with this failed remote access session.

The name of the user group to which this failed remote access session belongs.

The type of the failure: 1 = failure occurred during session setup 2 = failed occurred after the session was setup successfully. Enumeration: 'operationalFailure': 2, 'setupFailure': 1.

The reason for the failure. Possible reasons include: 1 = other (error which cannot be classified in any of the types listed below). 2 = internal error occurred 3 = failed to authenticate the peer/user 4 = failed to authorize the peer/user 5 = system capacity exceeded (memory, cpu, max users etc) 6 = peer requested to abort the session or the setup 7 = lost peer's heartbeat 8 = local management request. Enumeration: 'sysCapExceeded': 5, 'internalError': 2, 'authorizationFailure': 4, 'operRequest': 8, 'peerLost': 7, 'authenticationFailure': 3, 'peerAbortRequest': 6, 'other': 1.

The value of the MIB element 'sysUpTime' at the time of the failure.

The index of the session which failed (in case this was an operational failure). In case of setup failures (where the value of 'crasSessFailType' of this conceptual row is 'operationalFailure'), the value of this object is undefined and should not be processed.

The type of the address returned in 'crasSessFailISPAddr'.

The public address of the peer.

The type of the address returned in 'crasSessFailLocalAddr'.

The address assigned to the peer by the local address management mechanism. In case no address was assigned to the peer when the failure occurred, this MIB variable would contain the IPv4 address value 0.0.0.0

The value of column 'crasSessFailIndex' corresponding to the last row added to the crasSessFailTable. The value of this object is undefined and should not be processed by the management entity if the value of the object 'crasFailTableSize' is 0.

This table records the last 'N' occurrences of failures (setup or operational) per user group, where 'N' is the value of the MIB element 'crasFailTableSize' defined earlier. When 'N' entries have been created, the failure information about a new user group must be created by deleting the oldest entry in this table.

Each entry contains the summary of failures for a specific user group.

The name of the user group to which this failure record corresponds. This is the index of the group failure table.

The number of sessions belonging to this group which failed authentication; counted since last reboot.

The number of session setup attempts which failed due to insufficient resources.

The number of session setup attempts which were declined by the managed entity due to local policy. These would include sessions which were denied due to rate control settings.

The number of established sessions which were terminated by explicit management action. The termination may have been triggered locally or based on a request from the peer.

The number of established sessions which were terminated due to insufficient reasons, internal error or other reasons not caused by management action.

The total number of user accounts which were disabled due to repeated login failures.

The maximum number of sessions which are successfully setup after which the managed entity should alert the network management entity using the notification 'ciscoRasTooManySessions', if the notification has been enabled. A value of 0 indicates that the threshold has not been set.

The value of object 'crasNumDeclinedSessions' at which the managed entity should alert the network management entity using the notification 'ciscoRasTooManyFailedAuths', if the notification has been enabled. A value of 0 indicates that the threshold has not been set.

The highest throughput of the Remote Access Service at which the managed entity should alert the network management entity using the notification 'ciscoRasTooHighThroughput', if the notification has been enabled. The notification is disabled till the value of the aggregate throughput of the managed entity drops below the value of this object. A value of 0 indicates that the threshold has not been set.

This object defines the administrative state of sending the trap to signal the violation of the Max session threshold.

This object defines the administrative state of sending the trap to signal the violation of the Max authentication failure count threshold.

This object defines the administrative state of sending the trap to signal the violation of the Max throughput threshold.

The compliance statement for SNMP entities the Cisco Remote Access Monitoring MIB.

The compliance statement for SNMP entities the Cisco Remote Access Monitoring MIB.

This group consists of the MIB objects pertaining to Remote Access Service capacity parameters defined in the Cisco Remote Access MIB.

This group consists of the MIB objects pertaining to Remote Access Service resource usage parameters defined in the Cisco Remote Access MIB.

This group consists of the MIB objects pertaining to the Cisco Remote Access MIB Activity group. Following are definitions of some terms used in this compliance group: User: A remote access user. Group: A collection of remote access users grouped and managed together as a single entity for administrative convenience. ISP: Internet Service Provider. Crypto Accelerator 'Crypto Accelerator' denotes a device which the managed entity uses to offload some or all computations pertaining to cryptographic operations. Session A connection terminating on the managed device which has been established to provide remote access connectivity to a user.

This group consists of the MIB objects pertaining to activity of user groups.

This group categorizes objects pertaining to failures in the Remote Access Service which are essential for successful monitoring of the service.

This group categorizes optional objects pertaining to failures in the Remote Access Service.

This group categorizes objects pertaining to the monitoring state of security in the Remote Access Service.

This group categorizes objects which are used to establish baseline values of metrics instrumenting the Remote Access Service.

This group of objects controls the sending of notifications defined in this MIB module.

This group contains the notifications for the Remote Access MIB.

This group contains activity information related to sessions.