-- Network Working Group D. Nelson
-- Request for Comments: 4668 Enterasys Networks
-- Obsoletes: 2618 August 2006
-- Category: Standards Track-- RADIUS Authentication Client MIB for IPv6RADIUS-AUTH-CLIENT-MIB DEFINITIONS::=BEGINIMPORTSMODULE-IDENTITY,OBJECT-TYPE,OBJECT-IDENTITY,Counter32,Integer32,Gauge32,
IpAddress,TimeTicks, mib-2 FROM SNMPv2-SMI
SnmpAdminStringFROM SNMP-FRAMEWORK-MIB
InetAddressType,InetAddress,InetPortNumberFROM INET-ADDRESS-MIB
MODULE-COMPLIANCE,OBJECT-GROUPFROM SNMPv2-CONF;radiusAuthClientMIB MODULE-IDENTITYLAST-UPDATED"200608210000Z"-- 21 August 2006ORGANIZATION"IETF RADIUS Extensions Working Group."CONTACT-INFO" Bernard Aboba
Microsoft
One Microsoft Way
Redmond, WA 98052
US
Phone: +1 425 936 6605
EMail: bernarda@microsoft.com"DESCRIPTION"The MIB module for entities implementing the client
side of the Remote Authentication Dial-In User Service
(RADIUS) authentication protocol. Copyright (C) The
Internet Society (2006). This version of this MIB
module is part of RFC 4668; see the RFC itself for
full legal notices."REVISION"200608210000Z"-- 21 August 2006DESCRIPTION"Revised version as published in RFC 4668. This
version obsoletes that of RFC 2618 by deprecating
the MIB table containing IPv4-only address formats
and defining a new table to add support for version
neutral IP address formats. The remaining MIB objects
from RFC 2618 are carried forward into this version."REVISION"199906110000Z"-- 11 Jun 1999
DESCRIPTION"Initial version as published in RFC 2618."::={ radiusAuthentication 2}radiusMIB OBJECT-IDENTITYSTATUScurrentDESCRIPTION"The OID assigned to RADIUS MIB work by the IANA."::={ mib-2 67}radiusAuthentication OBJECTIDENTIFIER::={radiusMIB 1}radiusAuthClientMIBObjects OBJECTIDENTIFIER::={ radiusAuthClientMIB 1}radiusAuthClient OBJECTIDENTIFIER::={ radiusAuthClientMIBObjects 1}
radiusAuthClientInvalidServerAddresses OBJECT-TYPESYNTAXCounter32UNITS"packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of RADIUS Access-Response packets
received from unknown addresses."::={ radiusAuthClient 1}radiusAuthClientIdentifier OBJECT-TYPESYNTAXSnmpAdminStringMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The NAS-Identifier of the RADIUS authentication client.
This is not necessarily the same as sysName in MIB II."REFERENCE"RFC 2865 section 5.32"::={ radiusAuthClient 2}
radiusAuthServerTable OBJECT-TYPESYNTAXSEQUENCEOF RadiusAuthServerEntry
MAX-ACCESSnot-accessibleSTATUSdeprecatedDESCRIPTION"The (conceptual) table listing the RADIUS authentication
servers with which the client shares a secret."::={ radiusAuthClient 3}radiusAuthServerEntry OBJECT-TYPESYNTAX RadiusAuthServerEntry
MAX-ACCESSnot-accessibleSTATUSdeprecatedDESCRIPTION"An entry (conceptual row) representing a RADIUS
authentication server with which the client shares
a secret."
INDEX{ radiusAuthServerIndex }::={ radiusAuthServerTable 1}
RadiusAuthServerEntry ::=SEQUENCE{
radiusAuthServerIndex Integer32,
radiusAuthServerAddress IpAddress,
radiusAuthClientServerPortNumber Integer32,
radiusAuthClientRoundTripTime TimeTicks,
radiusAuthClientAccessRequests Counter32,
radiusAuthClientAccessRetransmissions Counter32,
radiusAuthClientAccessAccepts Counter32,
radiusAuthClientAccessRejects Counter32,
radiusAuthClientAccessChallenges Counter32,
radiusAuthClientMalformedAccessResponses Counter32,
radiusAuthClientBadAuthenticators Counter32,
radiusAuthClientPendingRequests Gauge32,
radiusAuthClientTimeouts Counter32,
radiusAuthClientUnknownTypes Counter32,
radiusAuthClientPacketsDropped Counter32}radiusAuthServerIndex OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSnot-accessibleSTATUSdeprecatedDESCRIPTION"A number uniquely identifying each RADIUS
Authentication server with which this client
communicates."::={ radiusAuthServerEntry 1}radiusAuthServerAddress OBJECT-TYPESYNTAXIpAddressMAX-ACCESSread-onlySTATUSdeprecatedDESCRIPTION"The IP address of the RADIUS authentication server
referred to in this table entry."::={ radiusAuthServerEntry 2}radiusAuthClientServerPortNumber OBJECT-TYPESYNTAXInteger32(0..65535)MAX-ACCESSread-onlySTATUSdeprecatedDESCRIPTION
"The UDP port the client is using to send requests to
this server."REFERENCE"RFC 2865 section 3"::={ radiusAuthServerEntry 3}radiusAuthClientRoundTripTime OBJECT-TYPESYNTAXTimeTicksMAX-ACCESSread-onlySTATUSdeprecatedDESCRIPTION"The time interval (in hundredths of a second) between
the most recent Access-Reply/Access-Challenge and the
Access-Request that matched it from this RADIUS
authentication server."::={ radiusAuthServerEntry 4}-- Request/Response statistics---- TotalIncomingPackets = Accepts + Rejects + Challenges +-- UnknownTypes--
-- TotalIncomingPackets - MalformedResponses --- BadAuthenticators - UnknownTypes - PacketsDropped =-- Successfully received---- AccessRequests + PendingRequests + ClientTimeouts =-- Successfully received----radiusAuthClientAccessRequests OBJECT-TYPESYNTAXCounter32UNITS"packets"MAX-ACCESSread-onlySTATUSdeprecatedDESCRIPTION"The number of RADIUS Access-Request packets sent
to this server. This does not include retransmissions."REFERENCE"RFC 2865 section 4.1"::={ radiusAuthServerEntry 5}radiusAuthClientAccessRetransmissions OBJECT-TYPE
SYNTAXCounter32UNITS"packets"MAX-ACCESSread-onlySTATUSdeprecatedDESCRIPTION"The number of RADIUS Access-Request packets
retransmitted to this RADIUS authentication server."REFERENCE"RFC 2865 sections 2.5, 4.1"::={ radiusAuthServerEntry 6}radiusAuthClientAccessAccepts OBJECT-TYPESYNTAXCounter32UNITS"packets"MAX-ACCESSread-onlySTATUSdeprecatedDESCRIPTION"The number of RADIUS Access-Accept packets
(valid or invalid) received from this server."REFERENCE"RFC 2865 section 4.2"
::={ radiusAuthServerEntry 7}radiusAuthClientAccessRejects OBJECT-TYPESYNTAXCounter32UNITS"packets"MAX-ACCESSread-onlySTATUSdeprecatedDESCRIPTION"The number of RADIUS Access-Reject packets
(valid or invalid) received from this server."REFERENCE"RFC 2865 section 4.3"::={ radiusAuthServerEntry 8}radiusAuthClientAccessChallenges OBJECT-TYPESYNTAXCounter32UNITS"packets"MAX-ACCESSread-onlySTATUSdeprecated
DESCRIPTION"The number of RADIUS Access-Challenge packets
(valid or invalid) received from this server."REFERENCE"RFC 2865 section 4.4"::={ radiusAuthServerEntry 9}-- "Access-Response" includes an Access-Accept, Access-Challenge-- or Access-RejectradiusAuthClientMalformedAccessResponses OBJECT-TYPESYNTAXCounter32UNITS"packets"MAX-ACCESSread-onlySTATUSdeprecatedDESCRIPTION"The number of malformed RADIUS Access-Response
packets received from this server.
Malformed packets include packets with
an invalid length. Bad authenticators or
Message Authenticator attributes or unknown types
are not included as malformed access responses."::={ radiusAuthServerEntry 10}radiusAuthClientBadAuthenticators OBJECT-TYPESYNTAXCounter32UNITS"packets"MAX-ACCESSread-onlySTATUSdeprecatedDESCRIPTION"The number of RADIUS Access-Response packets
containing invalid authenticators or Message
Authenticator attributes received from this server."REFERENCE"RFC 2865 section 3, RFC 2869 section 5.14"::={ radiusAuthServerEntry 11}radiusAuthClientPendingRequests OBJECT-TYPESYNTAXGauge32MAX-ACCESSread-only
STATUSdeprecatedDESCRIPTION"The number of RADIUS Access-Request packets
destined for this server that have not yet timed out
or received a response. This variable is incremented
when an Access-Request is sent and decremented due to
receipt of an Access-Accept, Access-Reject,
Access-Challenge, timeout, or retransmission."REFERENCE"RFC 2865 section 2"::={ radiusAuthServerEntry 12}radiusAuthClientTimeouts OBJECT-TYPESYNTAXCounter32UNITS"timeouts"MAX-ACCESSread-onlySTATUSdeprecatedDESCRIPTION"The number of authentication timeouts to this server.
After a timeout, the client may retry to the same
server, send to a different server, or
give up. A retry to the same server is counted as a
retransmit as well as a timeout. A send to a different
server is counted as a Request as well as a timeout."REFERENCE"RFC 2865 section 2, RFC 2869 section 2.3.2"::={ radiusAuthServerEntry 13}radiusAuthClientUnknownTypes OBJECT-TYPESYNTAXCounter32UNITS"packets"MAX-ACCESSread-onlySTATUSdeprecatedDESCRIPTION"The number of RADIUS packets of unknown type that
were received from this server on the authentication
port."::={ radiusAuthServerEntry 14}radiusAuthClientPacketsDropped OBJECT-TYPE
SYNTAXCounter32UNITS"packets"MAX-ACCESSread-onlySTATUSdeprecatedDESCRIPTION"The number of RADIUS packets that were
received from this server on the authentication port
and dropped for some other reason."::={ radiusAuthServerEntry 15}-- New MIB Objects in this revisionradiusAuthServerExtTable OBJECT-TYPESYNTAXSEQUENCEOF RadiusAuthServerExtEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The (conceptual) table listing the RADIUS authentication
servers with which the client shares a secret."
::={ radiusAuthClient 4}radiusAuthServerExtEntry OBJECT-TYPESYNTAX RadiusAuthServerExtEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"An entry (conceptual row) representing a RADIUS
authentication server with which the client shares
a secret."INDEX{ radiusAuthServerExtIndex }::={ radiusAuthServerExtTable 1}
RadiusAuthServerExtEntry ::=SEQUENCE{
radiusAuthServerExtIndex Integer32,
radiusAuthServerInetAddressType InetAddressType,
radiusAuthServerInetAddress InetAddress,
radiusAuthClientServerInetPortNumber InetPortNumber,
radiusAuthClientExtRoundTripTime TimeTicks,
radiusAuthClientExtAccessRequests Counter32,
radiusAuthClientExtAccessRetransmissions Counter32,
radiusAuthClientExtAccessAccepts Counter32,
radiusAuthClientExtAccessRejects Counter32,
radiusAuthClientExtAccessChallenges Counter32,
radiusAuthClientExtMalformedAccessResponses Counter32,
radiusAuthClientExtBadAuthenticators Counter32,
radiusAuthClientExtPendingRequests Gauge32,
radiusAuthClientExtTimeouts Counter32,
radiusAuthClientExtUnknownTypes Counter32,
radiusAuthClientExtPacketsDropped Counter32,
radiusAuthClientCounterDiscontinuity TimeTicks}radiusAuthServerExtIndex OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"A number uniquely identifying each RADIUS
Authentication server with which this client
communicates."::={ radiusAuthServerExtEntry 1}radiusAuthServerInetAddressType OBJECT-TYPESYNTAXInetAddressTypeMAX-ACCESSread-only
STATUScurrentDESCRIPTION"The type of address format used for the
radiusAuthServerInetAddress object."::={ radiusAuthServerExtEntry 2}radiusAuthServerInetAddress OBJECT-TYPESYNTAXInetAddressMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The IP address of the RADIUS authentication
server referred to in this table entry, using
the version-neutral IP address format."::={ radiusAuthServerExtEntry 3}radiusAuthClientServerInetPortNumber OBJECT-TYPESYNTAXInetPortNumber(1..65535)
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The UDP port the client is using to send requests
to this server. The value of zero (0) is invalid."REFERENCE"RFC 2865 section 3"::={ radiusAuthServerExtEntry 4}radiusAuthClientExtRoundTripTime OBJECT-TYPESYNTAXTimeTicksMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The time interval (in hundredths of a second) between
the most recent Access-Reply/Access-Challenge and the
Access-Request that matched it from this RADIUS
authentication server."REFERENCE"RFC 2865 section 2"
::={ radiusAuthServerExtEntry 5}-- Request/Response statistics---- TotalIncomingPackets = Accepts + Rejects + Challenges +-- UnknownTypes---- TotalIncomingPackets - MalformedResponses --- BadAuthenticators - UnknownTypes - PacketsDropped =-- Successfully received---- AccessRequests + PendingRequests + ClientTimeouts =-- Successfully received----radiusAuthClientExtAccessRequests OBJECT-TYPESYNTAXCounter32UNITS"packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of RADIUS Access-Request packets sent
to this server. This does not include retransmissions.
This counter may experience a discontinuity when the
RADIUS Client module within the managed entity is
reinitialized, as indicated by the current value of
radiusAuthClientCounterDiscontinuity."REFERENCE"RFC 2865 section 4.1"::={ radiusAuthServerExtEntry 6}radiusAuthClientExtAccessRetransmissions OBJECT-TYPESYNTAXCounter32UNITS"packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of RADIUS Access-Request packets
retransmitted to this RADIUS authentication server.
This counter may experience a discontinuity when
the RADIUS Client module within the managed entity
is reinitialized, as indicated by the current value
of radiusAuthClientCounterDiscontinuity."REFERENCE"RFC 2865 sections 2.5, 4.1"::={ radiusAuthServerExtEntry 7}radiusAuthClientExtAccessAccepts OBJECT-TYPESYNTAXCounter32UNITS"packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of RADIUS Access-Accept packets
(valid or invalid) received from this server.
This counter may experience a discontinuity when
the RADIUS Client module within the managed entity
is reinitialized, as indicated by the current value
of radiusAuthClientCounterDiscontinuity."REFERENCE"RFC 2865 section 4.2"::={ radiusAuthServerExtEntry 8}
radiusAuthClientExtAccessRejects OBJECT-TYPESYNTAXCounter32UNITS"packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of RADIUS Access-Reject packets
(valid or invalid) received from this server.
This counter may experience a discontinuity when
the RADIUS Client module within the managed
entity is reinitialized, as indicated by the
current value of
radiusAuthClientCounterDiscontinuity."REFERENCE"RFC 2865 section 4.3"::={ radiusAuthServerExtEntry 9}radiusAuthClientExtAccessChallenges OBJECT-TYPESYNTAXCounter32
UNITS"packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of RADIUS Access-Challenge packets
(valid or invalid) received from this server.
This counter may experience a discontinuity when
the RADIUS Client module within the managed
entity is reinitialized, as indicated by the
current value of
radiusAuthClientCounterDiscontinuity."REFERENCE"RFC 2865 section 4.4"::={ radiusAuthServerExtEntry 10}-- "Access-Response" includes an Access-Accept, Access-Challenge,-- or Access-RejectradiusAuthClientExtMalformedAccessResponses OBJECT-TYPESYNTAXCounter32UNITS"packets"
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of malformed RADIUS Access-Response
packets received from this server.
Malformed packets include packets with
an invalid length. Bad authenticators or
Message Authenticator attributes or unknown types
are not included as malformed access responses.
This counter may experience a discontinuity when
the RADIUS Client module within the managed entity
is reinitialized, as indicated by the current value
of radiusAuthClientCounterDiscontinuity."REFERENCE"RFC 2865 sections 3, 4"::={ radiusAuthServerExtEntry 11}radiusAuthClientExtBadAuthenticators OBJECT-TYPESYNTAXCounter32UNITS"packets"MAX-ACCESSread-only
STATUScurrentDESCRIPTION"The number of RADIUS Access-Response packets
containing invalid authenticators or Message
Authenticator attributes received from this server.
This counter may experience a discontinuity when
the RADIUS Client module within the managed entity
is reinitialized, as indicated by the current value
of radiusAuthClientCounterDiscontinuity."REFERENCE"RFC 2865 section 3"::={ radiusAuthServerExtEntry 12}radiusAuthClientExtPendingRequests OBJECT-TYPESYNTAXGauge32UNITS"packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of RADIUS Access-Request packets
destined for this server that have not yet timed out
or received a response. This variable is incremented
when an Access-Request is sent and decremented due to
receipt of an Access-Accept, Access-Reject,
Access-Challenge, timeout, or retransmission."REFERENCE"RFC 2865 section 2"::={ radiusAuthServerExtEntry 13}radiusAuthClientExtTimeouts OBJECT-TYPESYNTAXCounter32UNITS"timeouts"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of authentication timeouts to this server.
After a timeout, the client may retry to the same
server, send to a different server, or
give up. A retry to the same server is counted as a
retransmit as well as a timeout. A send to a different
server is counted as a Request as well as a timeout.
This counter may experience a discontinuity when the
RADIUS Client module within the managed entity is
reinitialized, as indicated by the current value of
radiusAuthClientCounterDiscontinuity."REFERENCE"RFC 2865 sections 2.5, 4.1"::={ radiusAuthServerExtEntry 14}radiusAuthClientExtUnknownTypes OBJECT-TYPESYNTAXCounter32UNITS"packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of RADIUS packets of unknown type that
were received from this server on the authentication
port. This counter may experience a discontinuity
when the RADIUS Client module within the managed
entity is reinitialized, as indicated by the current
value of radiusAuthClientCounterDiscontinuity."REFERENCE"RFC 2865 section 4"::={ radiusAuthServerExtEntry 15}radiusAuthClientExtPacketsDropped OBJECT-TYPESYNTAXCounter32UNITS"packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of RADIUS packets that were
received from this server on the authentication port
and dropped for some other reason. This counter may
experience a discontinuity when the RADIUS Client
module within the managed entity is reinitialized,
as indicated by the current value of
radiusAuthClientCounterDiscontinuity."::={ radiusAuthServerExtEntry 16}
radiusAuthClientCounterDiscontinuity OBJECT-TYPESYNTAXTimeTicksUNITS"centiseconds"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of centiseconds since the last discontinuity
in the RADIUS Client counters. A discontinuity may
be the result of a reinitialization of the RADIUS
Client module within the managed entity."::={ radiusAuthServerExtEntry 17}-- conformance informationradiusAuthClientMIBConformance OBJECTIDENTIFIER::={ radiusAuthClientMIB 2}radiusAuthClientMIBCompliances OBJECTIDENTIFIER
::={ radiusAuthClientMIBConformance 1}radiusAuthClientMIBGroups OBJECTIDENTIFIER::={ radiusAuthClientMIBConformance 2}-- compliance statementsradiusAuthClientMIBCompliance MODULE-COMPLIANCESTATUSdeprecatedDESCRIPTION"The compliance statement for authentication clients
implementing the RADIUS Authentication Client MIB.
Implementation of this module is for IPv4-only
entities, or for backwards compatibility use with
entities that support both IPv4 and IPv6."MODULE-- this moduleMANDATORY-GROUPS{ radiusAuthClientMIBGroup }::={ radiusAuthClientMIBCompliances 1}
radiusAuthClientExtMIBCompliance MODULE-COMPLIANCESTATUScurrentDESCRIPTION"The compliance statement for authentication
clients implementing the RADIUS Authentication
Client IPv6 Extensions MIB. Implementation of
this module is for entities that support IPv6,
or support IPv4 and IPv6."MODULE-- this moduleMANDATORY-GROUPS{ radiusAuthClientExtMIBGroup }OBJECT radiusAuthServerInetAddressType
SYNTAXInetAddressType{ ipv4(1), ipv6(2)}DESCRIPTION"An implementation is only required to support
IPv4 and globally unique IPv6 addresses."OBJECT radiusAuthServerInetAddress
SYNTAXInetAddress(SIZE(4|16))DESCRIPTION"An implementation is only required to support
IPv4 and globally unique IPv6 addresses."::={ radiusAuthClientMIBCompliances 2}-- units of conformanceradiusAuthClientMIBGroup OBJECT-GROUPOBJECTS{ radiusAuthClientIdentifier,
radiusAuthClientInvalidServerAddresses,
radiusAuthServerAddress,
radiusAuthClientServerPortNumber,
radiusAuthClientRoundTripTime,
radiusAuthClientAccessRequests,
radiusAuthClientAccessRetransmissions,
radiusAuthClientAccessAccepts,
radiusAuthClientAccessRejects,
radiusAuthClientAccessChallenges,
radiusAuthClientMalformedAccessResponses,
radiusAuthClientBadAuthenticators,
radiusAuthClientPendingRequests,
radiusAuthClientTimeouts,
radiusAuthClientUnknownTypes,
radiusAuthClientPacketsDropped
}STATUSdeprecatedDESCRIPTION"The basic collection of objects providing management of
RADIUS Authentication Clients."::={ radiusAuthClientMIBGroups 1}radiusAuthClientExtMIBGroup OBJECT-GROUPOBJECTS{ radiusAuthClientIdentifier,
radiusAuthClientInvalidServerAddresses,
radiusAuthServerInetAddressType,
radiusAuthServerInetAddress,
radiusAuthClientServerInetPortNumber,
radiusAuthClientExtRoundTripTime,
radiusAuthClientExtAccessRequests,
radiusAuthClientExtAccessRetransmissions,
radiusAuthClientExtAccessAccepts,
radiusAuthClientExtAccessRejects,
radiusAuthClientExtAccessChallenges,
radiusAuthClientExtMalformedAccessResponses,
radiusAuthClientExtBadAuthenticators,
radiusAuthClientExtPendingRequests,
radiusAuthClientExtTimeouts,
radiusAuthClientExtUnknownTypes,
radiusAuthClientExtPacketsDropped,
radiusAuthClientCounterDiscontinuity
}STATUScurrentDESCRIPTION"The collection of extended objects providing
management of RADIUS Authentication Clients
using version-neutral IP address format."::={ radiusAuthClientMIBGroups 2}END