Professional Documents
Culture Documents
01 10 Huawei Aaa Mib
01 10 Huawei Aaa Mib
Switches
MIB Reference 10 HUAWEI-AAA-MIB
10 HUAWEI-AAA-MIB
Root directory:
iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).huawei(2011).huaweiMg
mt(5).hwAaa(2)
10.4.1 hwAuthenSchemeTable
hwAuthenSchemeTable is an authentication scheme table. You can use this table
to add, delete, query, and modify configurations of authentication schemes. The
device provides a default authentication scheme default, which can be modified
but cannot be deleted.
The index of this table is hwAuthenSchemeName.
if RADIUS
authentication
is unavailable.
● 7 (tacacs):
HWTACACS
authentication
● 8
(tacacsLocal):
HWTACACS
authentication
, and then
local
authentication
if HWTACACS
authentication
is unavailable.
● 9
(localTacacs):
local
authentication
, and then
HWTACACS
authentication
if the user
name used for
local
authentication
does not exist.
● 10
(tacacsNoauth
): HWTACACS
authentication
, and then
non-
authentication
if HWTACACS
authentication
is unavailable.
● 11
(localNoauth):
local
authentication
, and then
non-
authentication
if the user
name used for
local
authentication
does not exist.
● 12
(radiusTacacs):
RADIUS
authentication
, and then
HWTACACS
authentication
if RADIUS
authentication
is unavailable.
● 13
(tacacsRadius)
: HWTACACS
authentication
, and then
RADIUS
authentication
if HWTACACS
authentication
is unavailable.
● 14
(localRadiusN
oauth): local
authentication
, and then
RADIUS
authentication
if the user
name used for
local
authentication
does not exist,
and then non-
authentication
if RADIUS
authentication
is unavailable.
● 15
(localTacacsN
oauth): local
authentication
, and then
HWTACACS
authentication
if the user
name used for
local
authentication
does not exist,
and then non-
authentication
if HWTACACS
authentication
is unavailable.
● 16
(radiusLocalN
oauth):
RADIUS
authentication
, and then
local
authentication
if RADIUS
authentication
is unavailable,
and then non-
authentication
if the user
name used for
local
authentication
does not exist.
● 17
(radiusTacacs
Noauth):
RADIUS
authentication
, and then
HWTACACS
authentication
if RADIUS
authentication
is unavailable,
and then non-
authentication
if HWTACACS
authentication
is unavailable.
● 18
(tacacsLocalN
oauth):
HWTACACS
authentication
, and then
local
authentication
if HWTACACS
authentication
is unavailable,
and then non-
authentication
if the user
name used for
local
authentication
does not exist.
● 19
(tacacsRadius
Noauth):
HWTACACS
authentication
, and then
RADIUS
authentication
if HWTACACS
authentication
is unavailable,
and then non-
authentication
if RADIUS
authentication
is unavailable.
● 20
(localRadiusTa
cacs): local
authentication
, and then
RADIUS
authentication
if the user
name used for
local
authentication
does not exist,
and then
HWTACACS
authentication
if RADIUS
authentication
is unavailable.
● 21
(radiusLocalTa
cacs): RADIUS
authentication
, and then
local
authentication
if RADIUS
authentication
is unavailable,
and then
HWTACACS
authentication
if the user
name used for
local
authentication
does not exist.
● 22
(localTacacsRa
dius): local
authentication
, and then
HWTACACS
authentication
if the user
name used for
local
authentication
does not exist,
and then
RADIUS
authentication
if HWTACACS
authentication
is unavailable.
● 23
(radiusTacacsL
ocal): RADIUS
authentication
, and then
HWTACACS
authentication
if RADIUS
authentication
is unavailable,
and then local
authentication
if HWTACACS
authentication
is unavailable.
● 24
(tacacsLocalRa
dius):
HWTACACS
authentication
, and then
local
authentication
if HWTACACS
authentication
is unavailable,
and then
RADIUS
authentication
if the user
name used for
local
authentication
does not exist.
● 25
(tacacsRadiusL
ocal):
HWTACACS
authentication
, and then
RADIUS
authentication
if HWTACACS
authentication
is unavailable,
and then local
authentication
if RADIUS
authentication
is unavailable.
● 26
(localRadiusTa
cacsNoauth):
local
authentication
, and then
RADIUS
authentication
if the user
name used for
local
authentication
does not exist,
and then
HWTACACS
authentication
if RADIUS
authentication
is unavailable,
and then non-
authentication
if HWTACACS
authentication
is unavailable.
● 27
(localTacacsRa
diusNoauth):
local
authentication
, and then
HWTACACS
authentication
if the user
name used for
local
authentication
does not exist,
and then
RADIUS
authentication
if HWTACACS
authentication
is unavailable,
and then no
authentication
if RADIUS
authentication
is unavailable.
● 28
(radiusLocalTa
cacsNoauth):
RADIUS
authentication
, and then
local
authentication
if RADIUS
authentication
is unavailable,
and then
HWTACACS
authentication
if the user
name used for
local
authentication
is unavailable,
and then non-
authentication
if HWTACACS
authentication
is unavailable.
● 29
(radiusTacacsL
ocalNoauth):
RADIUS
authentication
, and then
HWTACACS
authentication
if RADIUS
authentication
is unavailable,
and then local
authentication
if HWTACACS
authentication
is unavailable,
and then no
authentication
if the user
name used for
local
authentication
does not exist.
● 30
(tacacsLocalRa
diusNoauth):
HWTACACS
authentication
, and then
local
authentication
if HWTACACS
authentication
is unavailable,
and then
RADIUS
authentication
if the user
name used for
local
authentication
is unavailable,
and then no
authentication
if RADIUS
authentication
is unavailable.
● 31
(tacacsRadiusL
ocalNoauth):
HWTACACS
authentication
, and then
RADIUS
authentication
if HWTACACS
authentication
is unavailable,
and then local
authentication
if RADIUS
authentication
is unavailable,
and then no
authentication
if the user
name used for
local
authentication
does not exist.
Creation Restriction
None
Modification Restriction
None
Deletion Restriction
When an authentication scheme is being used by a domain, you cannot delete the
authentication scheme.
To delete the authentication scheme, unbind it from the domain first.
Access Restriction
None
10.4.2 hwAcctSchemeTable
The hwAcctSchemeTable is an accounting scheme table. You can use this table to
configure basic attributes of an accounting scheme. The device provides a default
accounting scheme default. You can modify the default accounting scheme but
cannot delete it.
The indexes of this table are hwAcctSchemeName.
Creation Restriction
None.
Modification Restriction
The hwAcctRowStatus object can be created or deleted but cannot be modified.
Deletion Restriction
When an accounting scheme is being used by a domain, you cannot delete the
accounting scheme.
Access Restriction
None.
10.4.3 hwAcctSchemeExtTable
Creation Restriction
None.
Modification Restriction
If you use the hwIfRealtimeAcct object to disable real-time accounting, the value
of hwAcctRealTimeInter in the hwAcctSchemeTable is invalid.
Deletion Restriction
When an accounting scheme is being used by a domain, you cannot delete the
accounting scheme.
To delete the accounting scheme, unbind it from the domain first.
Access Restriction
None.
10.4.4 hwAAAOfflineRecordTable
hwAAAOfflineRecordTable records information about offline AAA users.
Creation Restriction
No entry can be created in this table.
Modification Restriction
The entries in this table cannot be modified.
Deletion Restriction
The entries in this table cannot be deleted.
Access Restriction
None
10.4.5 hwAAASetting
hwAAASetting is a global configuration table that sets the domain name delimiter,
delimiter between the domain name and security code, parsing direction of the
domain name, and location of the domain name.
NOTE
Creation Restriction
This hwDomainNameDelimiter must be different from the
hwDomainNameSecurityDelimiter.
Modification Restriction
This hwDomainNameDelimiter must be different from the
hwDomainNameSecurityDelimiter.
Deletion Restriction
None
Access Restriction
None
10.4.6 hwAAAState
This table displays the number of online users on a device.
Creation Restriction
No entry can be created in this table.
Modification Restriction
The entries in this table cannot be modified.
Deletion Restriction
The entries in this table cannot be deleted.
Access Restriction
The entries in this table can be read with restriction.
10.4.7 hwDomainTable
The hwDomainTable is a domain information table. You can use this table to
configure basic attributes of a domain. The device provides two default domains,
namely, default and default_admin. The default domains can be modified but
cannot be deleted.
The index of this table is hwDomainName.
Creation Restriction
None.
Modification Restriction
The modification restrictions are as follows:
● The authentication scheme specified for a domain must exist; otherwise, the
configuration fails.
● The accounting scheme specified for a domain must exist; otherwise, the
configuration fails.
● The RADIUS server group specified for level-1 authentication and accounting
in a domain must exist; otherwise, the configuration fails.
● The service scheme specified for a domain must exist; otherwise, the
configuration fails.
Deletion Restriction
A domain cannot be deleted in the following situations:
● The domain contains users.
● The domain is a default domain.
Access Restriction
None.
10.4.8 hwDomainExtTable
hwDomainExtTable configures extended attributes of a domain, including the
domain status and the HWTACACS server template and authorization template
bound to the domain.
The index of this table is hwDomainName.
Creation Restriction
None.
Modification Restriction
The modification restrictions are as follows:
● The authorization scheme specified for the domain must exist; otherwise, the
configuration fails.
● The TACACS server group specified for the domain must exist; otherwise, the
configuration fails.
Deletion Restriction
A domain cannot be deleted in the following situations:
● The domain contains users.
● The domain is a default domain.
Access Restriction
None.
10.4.9 hwAuthorSchemeTable
hwAuthorSchemeTable is an authorization scheme table. You can use this table to
create an authorization scheme. The device provides a default authorization
scheme default. The default authorization scheme can be modified but cannot be
deleted.
The index of this table is hwAuthorSchemeName.
then if-
authenticated
authorization if
HWTACACS
authorization fails.
● 8: localnone(8):
local authorization,
and then direct
authorization if the
user name used for
local authorization
does not exist.
● 9: localhwtacacs(9):
local authorization,
and then
HWTACACS
authorization if the
user name used for
local authorization
does not exist.
● 10: localifauthenti-
cated(10): local
authorization, and
then if-
authenticated
authorization if the
user name used for
local authorization
does not exist.
● 11: ifauthenticated-
none(11): if-
authenticated
authorization, and
then direct
authorization if if-
authenticated
authorization fails.
● 12: ifauthenticated-
local(12): if-
authenticated
authorization, and
then local
authorization if if-
authenticated
authorization fails.
● 13:
ifauthenticatedhw-
tacacs(13): if-
authenticated
authorization, and
then HWTACACS
authorization if if-
authenticated
authorization fails.
● 14:
localhwtacacsnone(
14): local
authorization, and
then HWTACACS
authorization if the
user name used for
local authorization
does not exist, and
then direct
authorization if
HWTACACS
authorization fails.
● 15: localifauthenti-
catednone(15):
local authorization,
and then if-
authenticated
authorization if the
user name used for
local authorization
does not exist, and
then direct
authorization if if-
authenticated
authorization fails.
● 16:
hwtacacslocalnone(
16): HWTACACS
authorization, and
then local
authorization if
HWTACACS
authorization fails,
and then direct
authorization if the
user name used for
local authorization
does not exist.
● 17:
hwtacacsifauthenti-
catednone(17):
HWTACACS
authorization, and
then if-
authenticated
authorization if
HWTACACS
authorization fails,
and then direct
authorization if if-
authenticated
authorization fails.
● 18: ifauthenticated-
localnone(18): if-
authenticated
authorization, and
then local
authorization if if-
authenticated
authorization fails,
and then direct
authorization if the
user name used for
local authorization
does not exist.
● 19:
ifauthenticatedhw-
tacacsnone(19): if-
authenticated
authorization, and
then HWTACACS
authorization if if-
authenticated
authorization fails,
and then direct
authorization if
HWTACACS
authorization fails.
● 20:
localhwtacacsifau-
thenticated(20):
local authorization,
and then
HWTACACS
authorization if the
authorization if if-
authenticated
authorization fails.
● 24: ifauthenticated-
localhwtacacs(24):
if-authenticated
authorization, and
then local
authorization if if-
authenticated
authorization fails,
and then
HWTACACS
authorization if the
user name used for
local authorization
does not exist.
● 25:
ifauthenticatedhw-
tacacslocal(25): if-
authenticated
authorization, and
then HWTACACS
authorization if if-
authenticated
authorization fails,
and then local
authorization if
HWTACACS
authorization fails.
● 26:
localhwtacacsifau-
thenticatednone(26
): local
authorization, and
then HWTACACS
authorization if the
user name used for
local authorization
does not exist, and
then if-
authenticated
authorization if
HWTACACS
authorization fails,
and then direct
authorization if if-
authenticated
authorization fails.
● 27: localifauthenti-
catedhwtacacsnon
e(27): local
authorization, and
then if-
authenticated
authorization if the
user name used for
local authorization
does not exist, and
then HWTACACS
authorization if if-
authenticated
authorization fails,
and then direct
authorization if
HWTACACS
authorization fails.
● 28:
hwtacaslocalifau-
thenticatednone(28
): HWTACACS
authorization, and
then local
authorization if
HWTACACS
authorization fails,
and then if-
authenticated
authorization if the
user name used for
local authorization
does not exist, and
then direct
authorization if if-
authenticated
authorization fails.
● 29:
hwtacacsifauthenti-
catedlocalnone(29):
HWTACACS
authorization, and
then if-
authenticated
authorization if
HWTACACS
authorization fails,
and then local
authorization if if-
authenticated
authorization fails,
and then direct
authorization if the
user name used for
local authorization
does not exist.
● 30: ifauthenticated-
localhwtacacsnone(
30): if-
authenticated
authorization, and
then local
authorization if if-
authenticated
authorization fails,
and then
HWTACACS
authorization if the
user name used for
local authorization
does not exist, and
then direct
authorization if
HWTACACS
authorization fails.
● 31:
ifauthenticatedhw-
tacacslocalnone(31)
: if-authenticated
authorization, and
then HWTACACS
authorization if if-
authenticated
authorization fails,
and then local
authorization if
HWTACACS
authorization fails,
and then direct
authorization if the
user name used for
local authorization
does not exist.
Creation Restriction
None
Modification Restriction
None
Deletion Restriction
An object cannot be deleted when it is referenced by a domain that is being used.
Access Restriction
None
10.4.10 hwLocalUserTable
The hwLocalUserTable is used to create, configure, and delete local users.
The index of this table is hwLocalUserName.
Creation Restriction
The entries in this table can be created without restriction.
Modification Restriction
The entries in this table can be modified without restriction.
Deletion Restriction
The entries in this table can be deleted without restriction.
Access Restriction
The entries in this table can be read without restriction.
10.4.11 hwLocalUserExtTable
Creation Restriction
None
Modification Restriction
None
Deletion Restriction
None
Access Restriction
None
10.4.12 hwRecordSchemeTable
hwRecordSchemeTable is a table of a recording scheme, including the recording
scheme name and a TAC template name. You can add, delete, modify, or query
the recording scheme.
Creation Restriction
None.
Modification Restriction
hwRecordSchemeName and hwRecordRowStatus can be created and deleted, but
cannot be modified.
Access Restriction
None.
10.4.13 hwServiceSchemeTable
The hwServiceSchemeTable is a service scheme table. You can use this table to
configure authorization information in a service scheme.
The index of this table is hwServiceSchemeName.
Creation Restriction
None
Modification Restriction
None
Deletion Restriction
The recording scheme being used by a domain cannot be deleted. To delete the
recording scheme, you must unbind the recording scheme from the domain.
Access Restriction
None.
10.4.14 hwUserGroupTable
hwUserGroupTable is a user group configuration table. You can use this table to
configure user authorization information in a user group.
The index of this table is hwUserGroupIndex.
NOTE
The functions provided by this MIB only apply to the NAC common mode.
Creation Restriction
Before configuring a VLAN or an ACL, ensure that the VLAN or ACL has been
created.
Modification Restriction
The bound user group cannot be modified. You cannot modify the configuration
of the user group that has been enabled.
Deletion Restriction
This table cannot be deleted when any user exists in the user group.
Access Restriction
None
10.4.15 hwAccessTable
This table displays information about access users.
The index of this table is hwAccessIndex.
then
local
authent
ication
if
RADIUS
authent
ication
fails.
● 6:
remote
RADIUS
authent
ication
and
then
none
authent
ication
if
RADIUS
authent
ication
fails.
● 7:
HWTAC
ACS
authent
ication
● 8: local
authent
ication
and
then
HWTAC
ACS
authent
ication
if the
user
name
for
local
authent
ication
does
not
exist.
● 9:
HWTAC
ACS
authent
ication
and
then
local
authent
ication
if
HWTAC
ACS
authent
ication
fails.
● 10:
HWTAC
ACS
authent
ication
and
then
none
authent
ication
if
HWTAC
ACS
authent
ication
fails.
Creation Restriction
No entry can be created in this table.
Modification Restriction
The entries in this table cannot be modified.
Deletion Restriction
The entries in this table cannot be deleted.
Access Restriction
None
10.4.16 hwAccessExtTable
This table is the access user extension table and displays information about access
users.
The index of this table is hwAccessIndex.
22:proxyle
asedline(2
2),
23:relaylea
sedline(23
),
24:e1pos(2
4),
25:lactunn
el(25),
26:lnstunn
el(26),
27:mip(27)
,
28:deviceu
ser(28),
29:pppoeo
r(29),
30:pppoeo
vlanor(30)
,
31:ordinar
yvlanor(31
),
32:http(32
),
33:web(33
),
34:wlan(3
4),
35:mac(35
), or
36:vm(36).
Creation Restriction
No entry can be created in this table.
Modification Restriction
The entries in this table cannot be modified.
Deletion Restriction
The entries in this table cannot be deleted.
Access Restriction
None
10.4.17 hwCutAccessUserTable
This table disconnects access users.
The index of this table is hwAccessIndex.
NOTE
Creation Restriction
No entry can be created in this table.
Modification Restriction
The entries in this table cannot be modified.
Deletion Restriction
The entries in this table cannot be deleted.
Access Restriction
This table does not support multi-node combination configuration.
10.4.18 hwAuthEventCfgTable
NOTE
Creation Restriction
None
Modification Restriction
None
Deletion Restriction
None
Access Restriction
None
10.4.19 hwAuthorCmdTable
hwAuthorCmdTable is a command line authorization information table including
the user level and command line authorization mode.
The index of this table is hwAuthorCmdLevel.
Creation Restriction
You can create entries in this table.
Modification Restriction
The entries in this table can be modified.
Deletion Restriction
The entries in this table can be deleted.
Access Restriction
The entries in this table can be read without restriction.
10.4.20 hwOfflineReasonStatTable
This table describes user login failure and offline reasons and statistics on the
reasons.
The index of this table is hwOfflineReason.
Creation Restriction
You can create entries in this table.
Modification Restriction
The entries in this table can be modified.
Deletion Restriction
The entries in this table can be deleted.
Access Restriction
The entries in this table can be read without restriction.
10.4.21 hwLocalUserPwPolicyAdmin
NOTE
This table does not support multi-node combination configuration.
Creation Restriction
None
Modification Restriction
None
Deletion Restriction
None
Access Restriction
None
10.4.22 hwLocalUserPwPolicyAcc
The hwLocalUserPwPolicyAcc is used to create, set, and delete the password policy
of the local access users.
NOTE
This table does not support multi-node combination configuration.
Creation Restriction
None
Modification Restriction
None
Deletion Restriction
None
Access Restriction
None
10.4.23 userAuthenProfileTable
userAuthenProfileTable is used by the administrator to perform operations on the
authentication profile.
The index of this table is userAuthenProfileName.
Creation Restriction
None
Modification Restriction
User authentication profiles can only be added or deleted but cannot be modified.
Deletion Restriction
None
Access Restriction
None
10.4.24 userAuthenticationFreeRuleTable
userAuthenticationFreeRuleTable is used to create and delete authentication-free
rule profiles.
The index of this table is userAuthenticationFreeRuleName.
Creation Restriction
None
Modification Restriction
Authentication-free rule profiles can only be added or deleted but cannot be
modified.
Deletion Restriction
None
Access Restriction
None
10.4.25 hwDot1xAccessProfileTable
hwDot1xAccessProfileTable is used by the administrator to perform operations on
an 802.1X access profile.
The index of this table is hwDot1xAccessProfileName.
Creation Restriction
None
Modification Restriction
802.1X access profiles can only be modified or deleted but cannot be added.
Deletion Restriction
None
Access Restriction
None
10.4.26 hwMACAuthenAccessProfileTable
hwMACAuthenAccessProfileTable is used by the administrator to perform
operations on a MAC access profile.
The index of this table is hwMACAuthenAccessProfileName.
Creation Restriction
None
Modification Restriction
MAC access profiles can only be modified or deleter, but cannot be added.
Deletion Restriction
None
Access Restriction
None
10.4.27 hwPortalAccessProfileTable
Creation Restriction
None
Modification Restriction
Portal access profiles can only be modified or deleted but cannot be added.
Deletion Restriction
None
Access Restriction
None
10.4.28 userAuthenticationFreeRuleExtTable
Creation Restriction
None
Modification Restriction
None
Deletion Restriction
None
Access Restriction
None
10.4.29 hwReAuthenUserTable
This table describes re-authentication information of a MAC address user or
802.1X user who has a specified MAC address.
Creation Restriction
You can create entries in this table.
Modification Restriction
The entries in this table can be modified.
Deletion Restriction
The entries in this table can be deleted.
Access Restriction
Currently, only write is supported.
10.4.30 hwAccessUserNumberTable
This table displays information related to the number of access users.
Creation Restriction
No entry can be created in this table.
Modification Restriction
The entries in this table cannot be modified.
Deletion Restriction
The entries in this table cannot be deleted.
Access Restriction
None.
10.5.1 hwMacMovedQuietMaxUserAlarm
OID Object Binding Description Impl
Name Variable emen
ted
Specif
icatio
ns
10.5.2 hwMacMovedQuietUserClearAlarm
OID Object Binding Description Impl
Name Variable emen
ted
Specif
icatio
ns