With IPHost Network Monitor you can run simple snmp requests against a Cisco device in your network.
casServerStateChangeEnable
Cisco AAA Server Server State Change Enable
1.3.6.1.4.1.9.10.56.1.1.1
This variable controls the generation of casServerStateChange notification. When this variable is true(1), generation of casServerStateChange notifications is enabled. When this variable is false(2), generation of casServerStateChange notifications is disabled. The default value is false(2). ::= { casConfig 1 } -- -- Server Configuration Table -- SYNTAX SEQUENCE OF CasConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION This table shows current configurations for each AAA server, allows existing servers to be removed and new ones to be created. ::= { casConfig 2 } SYNTAX CasConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION An AAA server configuration identified by its protocol and its index. An entry is created/removed when a server is defined or undefined with IOS configuration commands via CLI or by issuing appropriate sets to this table using snmp. A management station wishing to create an entry should first generate a random number to be used as the index to this sparse table. The station should then create the associated instance of the row status and row index objects. It must also, either in the same or in successive PDUs, create an instance of casAddress where casAddress is the IP address of the server to be added. It should also modify the default values for casAuthenPort, casAcctPort if the defaults are not appropriate. If casKey is a zero-length string or is not explicitly set, then the global key will be used. Otherwise, this value is used as the key for this server instance. Once the appropriate instance of all the configuration objects have been created, either by an explicit SNMP set request or by default, the row status should be set to active(1) to initiate the request. After the AAA server is made active, the entry can not be modified - the only allowed operation after this is to destroy the entry by setting casConfigRowStatus to destroy(6). casPriority is automatically assigned once the entry is made active and reflects the relative priority of the defined server with respect to already configured servers. Newly-created servers will be assigned the lowest priority. To reassign server priorities to existing server entries, it may be necessary to destroy and recreate entries in order of priority. Entries in this table with casConfigRowStatus equal to active(1) remain in the table until destroyed. Entries in this table with casConfigRowStatus equal to values other than active(1) will be destroyed after timeout (5 minutes). If a server address being created via SNMP exists already in another active casConfigEntry, then a newly created row can not be made active until the original row with the with the same server address value is destroyed. Upon reload, casIndex values may be changed, but the priorities that were saved before reload will be retained, with lowest priority number corresponding to the higher priority servers. INDEX { casProtocol, casIndex } ::= { casConfigTable 1} CasConfigEntry ::= SEQUENCE { casProtocol CiscoAAAProtocol, casIndex Unsigned32, casAddress IpAddress, casAuthenPort INTEGER, casAcctPort INTEGER, casKey DisplayString, casPriority Unsigned32, casConfigRowStatus RowStatus } SYNTAX CiscoAAAProtocol MAX-ACCESS not-accessible STATUS current DESCRIPTION The variable denotes the protocol used by the managed device with the AAA server corresponding to this entry in the table. ::= { casConfigEntry 1 } SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION A management station wishing to initiate a new AAA server configuration should use a random value for this object when creating an instance of casConfigEntry. The RowStatus semantics of the casConfigRowStatus object will prevent access conflicts. If the randomly chosen casIndex value for row creation is already in use by an existing entry, snmp set to the casIndex value will fail. ::= { casConfigEntry 2 } SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION The IP address of the server. ::= { casConfigEntry 3 } SYNTAX INTEGER (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION UDP/TCP port used for authentication in the configuration For TACACS+, this object should be explictly set. Default value is the IOS default for radius: 1645. DEFVAL { 1645 } ::= { casConfigEntry 4 } SYNTAX INTEGER (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION UDP/TCP port used for accounting service in the configuration For TACACS+, the value of casAcctPort is ignored. casAuthenPort will be used instead. Default value is the IOS default for radius: 1646. DEFVAL { 1646 } ::= { casConfigEntry 5 } SYNTAX DisplayString MAX-ACCESS read-create STATUS current DESCRIPTION The server key to be used with this server. Retrieving the value of this object via SNMP will return an empty string for security reasons. DEFVAL { "" } ::= { casConfigEntry 6 } SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS read-only STATUS current DESCRIPTION A number that indicates the priority of the server in this entry. Lower numbers indicate higher priority. ::= { casConfigEntry 7 } SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION The status of this table entry. Once the entry status is set to active, the associated entry cannot be modified except destroyed by setting this object to destroy(6). ::= { casConfigEntry 8 } -- -- Server Statistics -- SYNTAX SEQUENCE OF CasStatisticsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION Table providing statistics for each server. ::= { casStatistics 1 } SYNTAX CasStatisticsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION Statistical information about a particular server. Objects in this table are read-only and appear automatically whenever a row in the casConfigTable is made active. Objects in this table disappear when casConfigRowStatus for the corresponding casConfigEntry is set to the destroy(6) state. AUGMENTS { casConfigEntry } ::= { casStatisticsTable 1 } CasStatisticsEntry::= SEQUENCE { casAuthenRequests Counter32, casAuthenRequestTimeouts Counter32, casAuthenUnexpectedResponses Counter32, casAuthenServerErrorResponses Counter32, casAuthenIncorrectResponses Counter32, casAuthenResponseTime TimeInterval, casAuthenTransactionSuccesses Counter32, casAuthenTransactionFailures Counter32, casAuthorRequests Counter32, casAuthorRequestTimeouts Counter32, casAuthorUnexpectedResponses Counter32, casAuthorServerErrorResponses Counter32, casAuthorIncorrectResponses Counter32, casAuthorResponseTime TimeInterval, casAuthorTransactionSuccesses Counter32, casAuthorTransactionFailures Counter32, casAcctRequests Counter32, casAcctRequestTimeouts Counter32, casAcctUnexpectedResponses Counter32, casAcctServerErrorResponses Counter32, casAcctIncorrectResponses Counter32, casAcctResponseTime TimeInterval, casAcctTransactionSuccesses Counter32, casAcctTransactionFailures Counter32, casState INTEGER, casCurrentStateDuration TimeInterval, casPreviousStateDuration TimeInterval, casTotalDeadTime TimeInterval, casDeadCount Counter32 } -- -- Authentication statistics -- SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION The number of authentication requests sent to this server since it is made active. Retransmissions due to request timeouts are counted as distinct requests. ::= { casStatisticsEntry 1 } SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION The number of authentication requests which have timed out since it is made active. A timeout results in a retransmission of the request If the maximum number of attempts has been reached, no further retransmissions will be attempted. ::= { casStatisticsEntry 2 } SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION The number of unexpected authentication responses received from this server since it is made active. An example is a delayed response to a request which had already timed out. ::= { casStatisticsEntry 3 } SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION The number of server ERROR authentication responses received from this server since it is made active. These are responses indicating that the server itself has identified an error with its authentication operation. ::= { casStatisticsEntry 4 } SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION The number of authentication responses which could not be processed since it is made active. Reasons include inability to decrypt the response, invalid fields, or the response is not valid based on the request. ::= { casStatisticsEntry 5 } SYNTAX TimeInterval MAX-ACCESS read-only STATUS current DESCRIPTION Average response time for authentication requests sent to this server, excluding timeouts, since system re-initialization. ::= { casStatisticsEntry 6 } SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION The number of authentication transactions with this server which succeeded since it is made active. A transaction may include multiple request retransmissions if timeouts occur. A transaction is successful if the server responds with either an authentication pass or fail. ::= { casStatisticsEntry 7 } SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION The number of authentication transactions with this server which failed since it is made active. A transaction may include multiple request retransmissions if timeouts occur. A transaction failure occurs if maximum resends have been met or the server aborts the transaction. ::= { casStatisticsEntry 8 } -- -- Authorization statistics -- SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION The number of authorization requests sent to this server since it is made active. Retransmissions due to request timeouts are counted as distinct requests. This object is not instantiated for protocols which do not support a distinct authorization function. ::= { casStatisticsEntry 9 } SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION The number of authorization requests which have timed out since it is made active. A timeout results in a retransmission of the request If the maximum number of attempts has been reached, no further retransmissions will be attempted. This object is not instantiated for protocols which do not support a distinct authorization function. ::= { casStatisticsEntry 10 } SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION The number of unexpected authorization responses received from this server since it is made active. An example is a delayed response to a request which had already timed out. This object is not instantiated for protocols which do not support a distinct authorization function. ::= { casStatisticsEntry 11 } SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION The number of server ERROR authorization responses received from this server since it is made active. These are responses indicating that the server itself has identified an error with its authorization operation. This object is not instantiated for protocols which do not support a distinct authorization function. ::= { casStatisticsEntry 12 } SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION The number of authorization responses which could not be processed since it is made active. Reasons include inability to decrypt the response, invalid fields, or the response is not valid based on the request. This object is not instantiated for protocols which do not support a distinct authorization function. ::= { casStatisticsEntry 13 } SYNTAX TimeInterval MAX-ACCESS read-only STATUS current DESCRIPTION Average response time for authorization requests sent to this server, excluding timeouts, since system re-initialization. This object is not instantiated for protocols which do not support a distinct authorization function. ::= { casStatisticsEntry 14 } SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION The number of authorization transactions with this server which succeeded since it is made active. A transaction may include multiple request retransmissions if timeouts occur. A transaction is successful if the server responds with either an authorization pass or fail. This object is not instantiated for protocols which do not support a distinct authorization function. ::= { casStatisticsEntry 15 } SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION The number of authorization transactions with this server which failed since it is made active. A transaction may include multiple request retransmissions if timeouts occur. A transaction failure occurs if maximum resends have been met or the server aborts the transaction. This object is not instantiated for protocols which do not support a distinct authorization function. ::= { casStatisticsEntry 16 } -- -- Accounting statistics -- SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION The number of accounting requests sent to this server since system re-initialization. Retransmissions due to request timeouts are counted as distinct requests. ::= { casStatisticsEntry 17 } SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION The number of accounting requests which have timed out since system re-initialization. A timeout results in a retransmission of the request If the maximum number of attempts has been reached, no further retransmissions will be attempted. ::= { casStatisticsEntry 18 } SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION The number of unexpected accounting responses received from this server since system re-initialization. An example is a delayed response to a request which had already timed out. ::= { casStatisticsEntry 19 } SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION The number of server ERROR accounting responses received from this server since system re-initialization. These are responses indicating that the server itself has identified an error with its accounting operation. ::= { casStatisticsEntry 20 } SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION The number of accounting responses which could not be processed since system re-initialization. Reasons include inability to decrypt the response, invalid fields, or the response is not valid based on the request. ::= { casStatisticsEntry 21 } SYNTAX TimeInterval MAX-ACCESS read-only STATUS current DESCRIPTION Average response time for accounting requests sent to this server,, since system re-initialization excluding timeouts. ::= { casStatisticsEntry 22 } SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION The number of accounting transactions with this server which succeeded since system re-initialization. A transaction may include multiple request retransmissions if timeouts occur. A transaction is successful if the server responds with either an accounting pass or fail. ::= { casStatisticsEntry 23 } SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION The number of accounting transactions with this server which failed since system re-initialization. A transaction may include multiple request retransmissions if timeouts occur. A transaction failure occurs if maximum resends have been met or the server aborts the transaction. ::= { casStatisticsEntry 24 } -- -- Server availability -- SYNTAX INTEGER { up(1), dead(2) } MAX-ACCESS read-only STATUS current DESCRIPTION Current state of this server. up(1) - Server responding to requests dead(2) - Server failed to respond A server is marked dead if it does not respond after maximum retransmissions. A server is marked up again either after a waiting period or if some response is received from it. The initial value of casState is 'up(1)' at system re-initialization. This will only transistion to 'dead(2)' if an attempt to communicate fails. ::= { casStatisticsEntry 25 } SYNTAX TimeInterval MAX-ACCESS read-only STATUS current DESCRIPTION This object provides the elapsed time the server has been in its current state as shown in casState. ::= { casStatisticsEntry 26 } SYNTAX TimeInterval MAX-ACCESS read-only STATUS current DESCRIPTION This object provides the elapsed time the server was been in its previous state prior to the most recent transistion of casState. This value is zero if the server has not changed state. ::= { casStatisticsEntry 27 } SYNTAX TimeInterval MAX-ACCESS read-only STATUS current DESCRIPTION The total elapsed time this server's casState has had the value 'dead(2)' since system re-initialization. ::= { casStatisticsEntry 28 } SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION The number of times this server's casState has transitioned to 'dead(2)' since system re-initialization. ::= { casStatisticsEntry 29 } -- ****************************************************************** -- Notifications -- ****************************************************************** cAAAServerMIBNotificationPrefix OBJECT IDENTIFIER ::= { ciscoAAAServerMIB 2 } cAAAServerMIBNotifications OBJECT IDENTIFIER ::= { cAAAServerMIBNotificationPrefix 0 } casServerStateChange NOTIFICATION-TYPE OBJECTS { casState, casPreviousStateDuration, casTotalDeadTime } STATUS current DESCRIPTION An AAA server state change notification is generated whenever casState changes value. ::= { cAAAServerMIBNotifications 1 } -- ****************************************************************** -- Conformance and Compliance -- ****************************************************************** cAAAServerMIBConformance OBJECT IDENTIFIER ::= { ciscoAAAServerMIB 3 } casMIBCompliances OBJECT IDENTIFIER ::= { cAAAServerMIBConformance 1 } casMIBGroups OBJECT IDENTIFIER ::= { cAAAServerMIBConformance 2 } -- compliance statements casMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION The compliance statement for entities which implement the CISCO AAA Server MIB Create/Write access is not required. Create/Write access is not required. Create/Write access is not required. Create/Write access is not required. Create/Write access is not required.
Back to CISCO-AAA-SERVER-MIB MIB page.
IPHost Network monitor allows you to monitor casServerStateChangeEnable on Cisco device via the SNMP protocol. Download IPHost Network Monitor (500 monitors for 30 days, 50 monitors free forever) to start monitoring Cisco firewalls right now.