|
|
This document introduces the Cisco AAA Session MIB, which provides enhanced capability on all current Cisco AS5x00 universal access server platforms, beginning with Cisco IOS Release 12.1(3)T. The AAA Session MIB feature enables the monitoring and termination of end user client connections by providing access to client data objects via the Simple Network Management Protocol (SNMP).
The AAA Session MIB feature permits customers to monitor and terminate their authenticated client connections using SNMP. The client data is presented so that it correlates directly to the accounting information reported by AAA to either the Remote Access Dial-In User Service (RADIUS) or the Terminal Access Controller Access Control System (TACACS). Also provided by this feature is additional real-time information (such as idle times), providing extra criteria for use by SNMP networks for assessing whether or not to terminate an active call.
To terminate users via SNMP, the global command mode command aaa session-mib must be added to the configuration and set to the value disconnect, by entering the command in the form: aaa session-mib disconnect. Refer to the section "Command Reference".
 |
Note If this command is not enabled and not set to disconnect, the network management station is able only to poll the table, but not to perform set operations and disconnect users. |
Table 1 shows the SNMP end-user data objects that can be used to monitor and terminate authenticated client connections with the AAA Session MIB feature:
SessionId | The session identification used by the AAA accounting protocol (same value as reported by RADIUS attribute Acct-Session-Id). |
UserId | The user login ID, or zero-length string if a login is unavailable. |
IpAddr | The IP address of the session, or 0.0.0.0 if an IP address is not applicable or is unavailable. |
IdleTime | The elapsed time in seconds that this session has been idle. |
Disconnect | The session termination object used to disconnect the given client. |
CallId | The entry index corresponding to this accounting session that the CallTracker record stored. |
Table 2 shows the AAA summary information provided by the AAA Session MIB feature, using SNMP, on a per-system basis:
ActiveTableEntries | Number of sessions currently active. |
ActiveTableHighWaterMark | Maximum number of sessions present at once since last system reinstallation. |
TotalSessions | Total number of sessions since last system reinstallation. |
DisconnectedSessions | Total number of sessions that have been disconnected using the AAA Session MIB feature's Disconnect object since last system reinstallation. |
The Cisco Call Tracker feature.
The AAA Session MIB feature uses the functionality described in the12.1(3)T Call Tracker Plus ISDN and AAA Enhancements for the Cisco AS5300 and Cisco AS5800 feature module.
Standards
MIBs
For descriptions of supported MIBs and how to use MIBs, see the Cisco MIB web site on CCO at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.
RFCs
Set the global configuration command aaa session-mib to disconnect.
|
Note In order to disconnect users via SNMP, the global configuration mode command aaa session-mib must be set to disconnect. If not, the network management station can poll the table, but cannot perform set operations and cannot disconnect users. |
For more information on this command, refer to the section "Command Reference".
Users can verify SNMP queried values using the following existing CLI commands:
version 12.1 no service pad service timestamps debug datetime msec localtime service timestamps log datetime msec localtime no service password-encryption service internal ! hostname planetearth ! boot system tftp c5300-is-mz.121.3.throttle 10.1.1.100 no logging buffered aaa new-model aaa session-mib disconnect aaa authentication ppp default group radius aaa authorization network default group radius aaa accounting network default stop-only group radius enable password $lameduck$ ! username peabody password xyz 12345
This section documents new or modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.1 command reference publications.
To enable the disconnect function of the AAA Session MIB feature (making it possible to disconnect users via SNMP), use the aaa session-mib global configuration mode command and enter the keyword disconnect. To disable this function, use the no form of this command.
aaa session-mib disconnect
Syntax Description
disconnect Enables the AAA session MIB disconnect function.
Defaults
The default value is no aaa session-mib disconnect.
Command Modes
Global configuration.
Command History
12.1(3)T This command was introduced.
Release
Modification
Usage Guidelines
If this command is not enabled by being set to disconnect, the network management station can only poll the table, but cannot perform set operations and cannot disconnect users.
Examples
The following example shows how to use this command to enable the AAA Session MIB feature for disconnection of users using SNMP:
Router(config)# aaa session-mib disconnect
Related Commands
None.
For this feature, there are no new or modified debug commands. All other commands used with this feature are documented in the Cisco IOS Release 12.1 command reference publications.
AAA—Authentication, authorization, and accounting.
MIB—Management Information Base.
NAS—Network access server.
SNMP—Simple Network Management Protocol.
Posted: Tue Sep 19 17:46:48 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.