This repository has been archived by the owner. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 39
/
Copy pathENTERASYS-RADIUS-ACCT-CLIENT-EXT-MIB
450 lines (386 loc) · 17.1 KB
/
ENTERASYS-RADIUS-ACCT-CLIENT-EXT-MIB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
ENTERASYS-RADIUS-ACCT-CLIENT-EXT-MIB DEFINITIONS ::= BEGIN
--
-- Part Number: <TBD>
--
--
-- This module provides authoritative definitions for Enterasys
-- Network's RADIUS Accounting Client MIB.
--
-- This module will be extended, as needed.
-- Enterasys Networks reserves the right to make changes in this
-- specification and other information contained in this document
-- without prior notice. The reader should consult Enterasys Networks
-- to determine whether any such changes have been made.
--
-- In no event shall Enterasys Networks be liable for any incidental,
-- indirect, special, or consequential damages whatsoever (including
-- but not limited to lost profits) arising out of or related to this
-- document or the information contained in it, even if Enterasys
-- Networks has been advised of, known, or should have known, the
-- possibility of such damages.
--
-- Enterasys Networks grants vendors, end-users, and other interested
-- parties a non-exclusive license to use this Specification in
-- connection with the management of Enterasys Networks products.
-- Copyright July, 2002-2004 Enterasys Networks, Inc.
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE FROM SNMPv2-SMI
Integer32 FROM SNMPv2-SMI
MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF
TruthValue, RowStatus FROM SNMPv2-TC
InetAddressType, InetAddress FROM INET-ADDRESS-MIB
etsysModules FROM ENTERASYS-MIB-NAMES;
etsysRadiusAcctClientMIB MODULE-IDENTITY
LAST-UPDATED "200411121523Z" -- Fri Nov 12 15:23 GMT 2004
ORGANIZATION "Enterasys Networks"
CONTACT-INFO
"Postal: Enterasys Networks
50 Minuteman Rd.
Andover, MA 01810-1008
USA
Phone: +1 978 684 1000
E-mail: [email protected]
WWW: http://www.enterasys.com"
DESCRIPTION
"This MIB module defines a portion of the SNMP enterprise
MIBs under Enterasys Networks' enterprise OID pertaining to
the client side of the Remote Access Dialin User Service
(RADIUS) Accounting protocol (RFC2866).
This MIB provides read-write access to configuration objects
not provided in the standard RADIUS Accounting Client
MIB (RFC2620). However, the write capability must only
be supported for SNMPv3, or other SNMP versions with
adequately strong security.
Security concerns include Object ID verification, source
address verification and timeliness verification."
REVISION "200411121523Z" -- Fri Nov 12 15:23 GMT 2004
DESCRIPTION
"Removed the UNITS clause from the
etsysRadiusAcctClientServerRetries object."
REVISION "200409091437Z" -- Thu Sep 9 14:37 GMT 2004
DESCRIPTION
"Added UNITS clauses to a number of objects that are expressed
in seconds, and DEFVAL clauses for the
etsysRadiusAcctClientUpdateInterval and
etsysRadiusAcctClientIntervalMinimum objects."
REVISION "200408301555Z" -- Mon Aug 30 15:55 GMT 2004
DESCRIPTION
"In the columnar objects in etsysRadiusAcctClientServerTable,
changed the MAX-ACCESS clauses of the read-write objects to
read-create, added DEFVAL clauses to a number of the objects,
and modified the DESCRIPTION clause for the RowStatus object
to resolve a conflict between the syntax and the description.
Deprecated the etsysRadiusAcctClientServerClearTime object.
Changed a number of objects with SYNTAX clauses of INTEGER
to Integer32."
REVISION "200408251503Z" -- Wed Aug 25 15:03 GMT 2004
DESCRIPTION
"Changed etsysRadiusClientMIBCompliance to
etsysRadiusAcctClientMIBCompliance due to
a conflict with the etsysRadiusAcctClientMIB."
REVISION "200209131930Z" -- Fri Sep 13 19:30 GMT 2002
DESCRIPTION
"The Initial version of this MIB module."
::= { etsysModules 27 }
-- ------------------------------------
-- MIB Objects
-- ------------------------------------
etsysRadiusAcctClientMIBObjects
OBJECT IDENTIFIER ::= { etsysRadiusAcctClientMIB 1 }
etsysRadiusAcctClientEnable OBJECT-TYPE
SYNTAX INTEGER {
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates whether or not RADIUS Accounting
is enabled or disabled. This parameter value is maintained
across system reboots."
DEFVAL { disable }
::= { etsysRadiusAcctClientMIBObjects 1 }
etsysRadiusAcctClientUpdateInterval OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This indicates how many seconds elapse between accounting
interim updates. This parameter value is maintained across
system reboots. A value of zero means no Interim Updates.
If the value is less than etsysRadiusAcctClientIntervalMinimum,
the etsysRadiusAcctClientIntervalMinimum value will be used
for the update interval time. If RADIUS Accounting is not
enabled, this object is ignored. Note that Accounting
Interim Updates are not issued by the RADIUS Accounting
Client, unless so requested by the RADIUS Server in an Access
Accept packet."
DEFVAL { 1800 }
::= { etsysRadiusAcctClientMIBObjects 2 }
etsysRadiusAcctClientIntervalMinimum OBJECT-TYPE
SYNTAX Integer32 (60..2147483647)
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This indicates the minimum value in seconds between
accounting interim updates supported by the managed
entity. This parameter value is maintained across
system reboots. If RADIUS Accounting is not enabled,
this object is ignored."
DEFVAL { 600 }
::= { etsysRadiusAcctClientMIBObjects 3 }
etsysRadiusAcctClientServerTable OBJECT-TYPE
SYNTAX SEQUENCE OF EtsysRadiusAcctClientServerEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The (conceptual) table listing the RADIUS Accounting
servers."
::= { etsysRadiusAcctClientMIBObjects 4 }
etsysRadiusAcctClientServerEntry OBJECT-TYPE
SYNTAX EtsysRadiusAcctClientServerEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (conceptual row) representing a RADIUS
Accounting server with which the client shares
a secret. If RADIUS Accounting is not enabled, this
table is ignored.
All created conceptual rows are non-volatile and as such
must be maintained upon restart of the agent."
INDEX { etsysRadiusAcctClientServerIndex }
::= { etsysRadiusAcctClientServerTable 1 }
EtsysRadiusAcctClientServerEntry ::=
SEQUENCE {
etsysRadiusAcctClientServerIndex Integer32,
etsysRadiusAcctClientServerAddressType InetAddressType,
etsysRadiusAcctClientServerAddress InetAddress,
etsysRadiusAcctClientServerPortNumber Integer32,
etsysRadiusAcctClientServerSecret OCTET STRING,
etsysRadiusAcctClientServerSecretEntered TruthValue,
etsysRadiusAcctClientServerRetryTimeout Integer32,
etsysRadiusAcctClientServerRetries Integer32,
etsysRadiusAcctClientServerClearTime Integer32,
etsysRadiusAcctClientServerStatus RowStatus
}
etsysRadiusAcctClientServerIndex OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A number uniquely identifying each conceptual row
in the etsysRadiusAcctClientServerTable.
In the event of an agent restart, the same value
of etsysRadiusAcctClientServerIndex must be used to
identify each conceptual row in
etsysRadiusAcctClientServerTable as was used prior
to the restart."
::= { etsysRadiusAcctClientServerEntry 1 }
etsysRadiusAcctClientServerAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The type of Internet address by which the
RADIUS Accounting server is reachable."
DEFVAL { ipv4 }
::= { etsysRadiusAcctClientServerEntry 2 }
etsysRadiusAcctClientServerAddress OBJECT-TYPE
SYNTAX InetAddress (SIZE(1..64))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The Internet address for the RADIUS Accounting
server. Note that implementations must limit
themselves to a single entry in this table per
reachable server.
The etsysRadiusAcctClientServerAddress may not be
empty due to the SIZE restriction. Also the size
of a DNS name is limited to 64 characters.
This parameter value is maintained across system
reboots."
::= { etsysRadiusAcctClientServerEntry 3 }
etsysRadiusAcctClientServerPortNumber OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The UDP port number (1-65535) the client is using
to send requests to this server. The officially
assigned port number for RADIUS Accounting is 1813.
This parameter value is maintained across system
reboots."
DEFVAL { 1813 }
::= { etsysRadiusAcctClientServerEntry 4 }
etsysRadiusAcctClientServerSecret OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..255))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is the secret shared between the RADIUS
Accounting server and RADIUS client. This
parameter value is maintained across system reboots.
While the 'official' MAX-ACCESS for this object is
read-create, all security-conscious implementations
will 'lie' on a read, and return a null-string, or
something else that is fairly innocuous. The
ability to read back passwords and secret
encryption keys is generally a Bad Thing (tm)."
::= { etsysRadiusAcctClientServerEntry 5 }
etsysRadiusAcctClientServerSecretEntered OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This indicates the existence of a shared secret."
::= { etsysRadiusAcctClientServerEntry 6 }
etsysRadiusAcctClientServerRetryTimeout OBJECT-TYPE
SYNTAX Integer32 (2..10)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The number of seconds to wait for a RADIUS Accounting
Server to respond to a request. This parameter value
is maintained across system reboots."
DEFVAL { 5 }
::= { etsysRadiusAcctClientServerEntry 7 }
etsysRadiusAcctClientServerRetries OBJECT-TYPE
SYNTAX Integer32 (0..20)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The number of times to resend an accounting packet
if a RADIUS Accounting Server does not respond to a
request. This parameter value is maintained across
system reboots."
DEFVAL { 2 }
::= { etsysRadiusAcctClientServerEntry 8 }
etsysRadiusAcctClientServerClearTime OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS read-create
STATUS deprecated
DESCRIPTION
"On a read, this value indicates the number of seconds
since the counters, as defined in the IETF standard
RADIUS Accounting Client MIB (RFC2618), were cleared.
On a write, the client counters will be cleared and
the clear time will be set to zero."
::= { etsysRadiusAcctClientServerEntry 9 }
etsysRadiusAcctClientServerStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Lets users create and delete RADIUS Accounting
server entries on systems that support this
capability.
Rules
1. When creating a RADIUS Accounting Client, it
is up to the management station to determine a
suitable etsysRadiusAcctClientServerIndex.
To facilitate interoperability, agents should not
put any restrictions on the
etsysRadiusAcctClientServerIndex beyond the
obvious ones that it be valid and unused.
2. Before a new row can become 'active', values
must be supplied for the columnar objects
etsysRadiusAcctClientClientServerAddress,
and etsysRadiusAcctClientServerSecret.
3. The value of etsysRadiusAcctClientServerStatus
must be set to 'notInService' in order to modify
a writable object in the same conceptual row.
4. etsysRadiusAcctClientServer entries whose
status is 'notReady' or 'notInService' will
not be used for Accounting."
::= { etsysRadiusAcctClientServerEntry 10 }
-- ------------------------------------
-- Conformance information
-- ------------------------------------
etsysRadiusAcctClientMIBConformance
OBJECT IDENTIFIER ::= { etsysRadiusAcctClientMIB 2 }
etsysRadiusAcctClientMIBCompliances
OBJECT IDENTIFIER ::= { etsysRadiusAcctClientMIBConformance 1 }
etsysRadiusAcctClientMIBGroups
OBJECT IDENTIFIER ::= { etsysRadiusAcctClientMIBConformance 2 }
-- ------------------------------------
-- Units of conformance
-- ------------------------------------
etsysRadiusAcctClientMIBGroup OBJECT-GROUP
OBJECTS { etsysRadiusAcctClientEnable,
etsysRadiusAcctClientUpdateInterval,
etsysRadiusAcctClientIntervalMinimum,
etsysRadiusAcctClientServerAddressType,
etsysRadiusAcctClientServerAddress,
etsysRadiusAcctClientServerPortNumber,
etsysRadiusAcctClientServerSecret,
etsysRadiusAcctClientServerSecretEntered,
etsysRadiusAcctClientServerRetryTimeout,
etsysRadiusAcctClientServerRetries,
etsysRadiusAcctClientServerClearTime,
etsysRadiusAcctClientServerStatus
}
STATUS deprecated
DESCRIPTION
"The basic collection of objects providing a proprietary
extension to the standard RADIUS Client MIB.
This MIB provides read-write access to configuration
objects not provided in the standard RADIUS Accounting Client
MIB (RFC2618). However, the write capability must only
be supported for SNMPv3, or other SNMP versions with
adequately strong security."
::= { etsysRadiusAcctClientMIBGroups 1 }
etsysRadiusAcctClientMIBGroupV2 OBJECT-GROUP
OBJECTS { etsysRadiusAcctClientEnable,
etsysRadiusAcctClientUpdateInterval,
etsysRadiusAcctClientIntervalMinimum,
etsysRadiusAcctClientServerAddressType,
etsysRadiusAcctClientServerAddress,
etsysRadiusAcctClientServerPortNumber,
etsysRadiusAcctClientServerSecret,
etsysRadiusAcctClientServerSecretEntered,
etsysRadiusAcctClientServerRetryTimeout,
etsysRadiusAcctClientServerRetries,
etsysRadiusAcctClientServerStatus
}
STATUS current
DESCRIPTION
"The basic collection of objects providing a proprietary
extension to the standard RADIUS Client MIB.
etsysRadiusAcctClientServerClearTime was deprecated in
this group."
::= { etsysRadiusAcctClientMIBGroups 2 }
-- ------------------------------------
-- Compliance statements
-- ------------------------------------
-- The following object name conflicts with one in the
-- etsysRadiusAuthClientMIB
--
-- etsysRadiusClientMIBCompliance MODULE-COMPLIANCE
-- STATUS current
-- DESCRIPTION
-- "The compliance statement for Accounting clients
-- implementing the RADIUS Accounting Client MIB."
-- MODULE - this module
-- MANDATORY-GROUPS { etsysRadiusAcctClientMIBGroup }
--
-- ::= { etsysRadiusAcctClientMIBCompliances 1 }
etsysRadiusAcctClientMIBCompliance MODULE-COMPLIANCE
STATUS deprecated
DESCRIPTION
"The compliance statement for Accounting clients
implementing the RADIUS Accounting Client MIB."
MODULE -- this module
MANDATORY-GROUPS { etsysRadiusAcctClientMIBGroup }
::= { etsysRadiusAcctClientMIBCompliances 2 }
etsysRadiusAcctClientMIBComplianceV2 MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for Accounting clients
implementing the RADIUS Accounting Client MIB."
MODULE -- this module
MANDATORY-GROUPS { etsysRadiusAcctClientMIBGroupV2 }
::= { etsysRadiusAcctClientMIBCompliances 3 }
END