--- 1/draft-ietf-radext-dynauth-server-mib-03.txt 2006-03-22 22:12:15.000000000 +0100 +++ 2/draft-ietf-radext-dynauth-server-mib-04.txt 2006-03-22 22:12:15.000000000 +0100 @@ -1,20 +1,20 @@ Network Working Group S. De Cnodder Internet-Draft Alcatel -Expires: July 7, 2006 N. Jonnala +Expires: September 14, 2006 N. Jonnala M. Chiba Cisco Systems, Inc. - January 3, 2006 + March 13, 2006 Dynamic Authorization Server MIB - draft-ietf-radext-dynauth-server-mib-03.txt + draft-ietf-radext-dynauth-server-mib-04.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that @@ -25,21 +25,21 @@ and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. - This Internet-Draft will expire on July 7, 2006. + This Internet-Draft will expire on September 14, 2006. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it describes the Remote Authentication Dial In User @@ -48,28 +48,28 @@ defined in RFC 3576. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Requirements notation . . . . . . . . . . . . . . . . . . 3 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 2. The Internet-Standard Management Framework . . . . . . . . . . 4 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 4. RADIUS Dynamic Authorization Server MIB Definitions . . . . . 7 - 5. Security Considerations . . . . . . . . . . . . . . . . . . . 20 - 6. IANA considerations . . . . . . . . . . . . . . . . . . . . . 21 - 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 22 - 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 23 - 8.1. Normative References . . . . . . . . . . . . . . . . . . . 23 - 8.2. Informative References . . . . . . . . . . . . . . . . . . 23 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 25 - Intellectual Property and Copyright Statements . . . . . . . . . . 26 + 5. Security Considerations . . . . . . . . . . . . . . . . . . . 21 + 6. IANA considerations . . . . . . . . . . . . . . . . . . . . . 22 + 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 23 + 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 24 + 8.1. Normative References . . . . . . . . . . . . . . . . . . . 24 + 8.2. Informative References . . . . . . . . . . . . . . . . . . 24 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 26 + Intellectual Property and Copyright Statements . . . . . . . . . . 27 1. Introduction This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. It is becoming increasingly important to support Dynamic Authorization extensions on the network access server (NAS) devices to handle the Disconnect and Change-of-Authorization (CoA) messages as described in [RFC3576]. As a result, the effective management of RADIUS Dynamic Authorization entities is of considerable importance. @@ -191,21 +191,21 @@ IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Counter32, Integer32, mib-2 FROM SNMPv2-SMI -- [RFC2578] SnmpAdminString FROM SNMP-FRAMEWORK-MIB -- [RFC3411] InetAddressType, InetAddress FROM INET-ADDRESS-MIB -- [RFC4001] MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF; -- [RFC2580] radiusDynAuthServerMIB MODULE-IDENTITY - LAST-UPDATED "200601030000Z" -- 3 January 2006 + LAST-UPDATED "200603100000Z" -- 10 March 2006 ORGANIZATION "IETF RADEXT Working Group" CONTACT-INFO " Stefaan De Cnodder Alcatel Francis Wellesplein 1 B-2018 Antwerp Belgium Phone: +32 3 240 85 15 EMail: stefaan.de_cnodder@alcatel.be @@ -224,77 +224,78 @@ 170 West Tasman Dr. San Jose CA, 95134 Phone: +1 408 525 7198 EMail: mchiba@cisco.com " DESCRIPTION "The MIB module for entities implementing the server side of the Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS) protocol. - Copyright (C) The Internet Society (2005). Initial + Copyright (C) The Internet Society (2006). Initial version as published in RFC yyyy; - for full legal notices see the RFC itself. Supplementary - information may be available on - http://www.ietf.org/copyrights/ianamib.html." + for full legal notices see the RFC its" -- RFC Ed.: replace yyyy with actual RFC number & remove this note - REVISION "200601030000Z" -- 3 January 2006 + REVISION "200603100000Z" -- 10 March 2006 DESCRIPTION "Initial version as published in RFC yyyy." -- RFC Ed.: replace yyyy with actual RFC number & remove this note ::= { mib-2 xxx } -- The value xxx to be assigned by IANA. radiusDynAuthServerMIBObjects OBJECT IDENTIFIER ::= { radiusDynAuthServerMIB 1 } - radiusDynAuthServer OBJECT IDENTIFIER ::= + radiusDynAuthServerScalars OBJECT IDENTIFIER ::= { radiusDynAuthServerMIBObjects 1 } radiusDynAuthServerDisconInvalidClientAddresses OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of Disconnect-Request packets received from - unknown addresses." - ::= { radiusDynAuthServer 1 } + unknown addresses. This counter wraps from the maximum + value to zero and is reset upon system + (re)initialization." + ::= { radiusDynAuthServerScalars 1 } radiusDynAuthServerCoAInvalidClientAddresses OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of CoA-Request packets received from unknown - addresses." - ::= { radiusDynAuthServer 2 } + addresses. This counter wraps from the maximum value to + zero and is reset upon system (re)initialization." + ::= { radiusDynAuthServerScalars 2 } radiusDynAuthServerIdentifier OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The NAS-Identifier of the RADIUS Dynamic Authorization Server. This is not necessarily the same as sysName in MIB II." REFERENCE "RFC 2865, Section 5.32, NAS-Identifier." - ::= { radiusDynAuthServer 3 } + ::= { radiusDynAuthServerScalars 3 } radiusDynAuthClientTable OBJECT-TYPE SYNTAX SEQUENCE OF RadiusDynAuthClientEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The (conceptual) table listing the RADIUS Dynamic Authorization Clients with which the server shares a secret." - ::= { radiusDynAuthServer 4 } + ::= { radiusDynAuthServerMIBObjects 2 } radiusDynAuthClientEntry OBJECT-TYPE SYNTAX RadiusDynAuthClientEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) representing one Dynamic Authorization Client with which the server shares a secret." INDEX { radiusDynAuthClientIndex } @@ -362,343 +363,384 @@ radiusDynAuthServDisconRequests OBJECT-TYPE SYNTAX Counter32 UNITS "requests" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of RADIUS Disconnect-Requests received from this Dynamic Authorization Client. This also includes the RADIUS Disconnect-Requests that have a - Service-Type attribute with value 'Authorize Only'." + Service-Type attribute with value 'Authorize Only'. + This counter wraps from the maximum value to zero and + is reset upon system (re)initialization." REFERENCE "RFC 3576, Section 2.1, Disconnect Messages (DM)." ::= { radiusDynAuthClientEntry 4 } + radiusDynAuthServDisconAuthOnlyRequests OBJECT-TYPE SYNTAX Counter32 UNITS "requests" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of RADIUS Disconnect-Requests that include a Service-Type attribute with value 'Authorize Only' - received from this Dynamic Authorization Client." + received from this Dynamic Authorization Client. This + counter wraps from the maximum value to zero and is + reset upon system (re)initialization." REFERENCE "RFC 3576, Section 2.1, Disconnect Messages (DM)." ::= { radiusDynAuthClientEntry 5 } radiusDynAuthServDupDisconRequests OBJECT-TYPE SYNTAX Counter32 UNITS "requests" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of duplicate RADIUS Disconnect-Request packets received from this Dynamic Authorization - Client." + Client. This counter wraps from the maximum value to + zero and is reset upon system (re)initialization." REFERENCE "RFC 3576, Section 2.1, Disconnect Messages (DM)." ::= { radiusDynAuthClientEntry 6 } radiusDynAuthServDisconAcks OBJECT-TYPE SYNTAX Counter32 UNITS "replies" MAX-ACCESS read-only STATUS current DESCRIPTION - "The number of RADIUS Disconnect-ACK packets - sent to this Dynamic Authorization Client" + "The number of RADIUS Disconnect-ACK packets sent to + this Dynamic Authorization Client. This counter wraps + from the maximum value to zero and is reset upon system + (re)initialization." REFERENCE "RFC 3576, Section 2.1, Disconnect Messages (DM)." ::= { radiusDynAuthClientEntry 7 } radiusDynAuthServDisconNaks OBJECT-TYPE SYNTAX Counter32 UNITS "replies" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of RADIUS Disconnect-NAK packets sent to this Dynamic Authorization Client. This includes the RADIUS Disconnect-NAK packets sent with a Service-Type attribute with value 'Authorize Only' and the RADIUS Disconnect-NAK packets sent - because no session context was found." + because no session context was found. This counter + wraps from the maximum value to zero and is reset + upon system (re)initialization." REFERENCE "RFC 3576, Section 2.1, Disconnect Messages (DM)." ::= { radiusDynAuthClientEntry 8 } radiusDynAuthServDisconNakAuthOnlyRequests OBJECT-TYPE SYNTAX Counter32 UNITS "replies" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of RADIUS Disconnect-NAK packets that include a Service-Type attribute with value 'Authorize Only' sent to this Dynamic Authorization - Client." + Client. This counter wraps from the maximum value to + zero and is reset upon system (re)initialization." REFERENCE "RFC 3576, Section 2.1, Disconnect Messages (DM)." ::= { radiusDynAuthClientEntry 9 } radiusDynAuthServDisconNakSessNoContext OBJECT-TYPE SYNTAX Counter32 UNITS "replies" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of RADIUS Disconnect-NAK packets sent to this Dynamic Authorization Client - because no session context was found." + because no session context was found. This counter + wraps from the maximum value to zero and is reset + upon system (re)initialization." REFERENCE "RFC 3576, Section 2.1, Disconnect Messages (DM)." ::= { radiusDynAuthClientEntry 10 } radiusDynAuthServDisconUserSessRemoved OBJECT-TYPE SYNTAX Counter32 UNITS "sessions" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of user sessions removed for the Disconnect-Requests received from this Dynamic Authorization Client. Depending on site specific policies, a single Disconnect request can remove multiple user sessions. In the case that this Dynamic Authorization Server has no knowledge of the number of user sessions that are affected by a single request, for each such Disconnect-Request, it will count as a single - affected user session only." + affected user session only. This counter wraps from + the maximum value to zero and is reset upon system + (re)initialization." REFERENCE "RFC 3576, Section 2.1, Disconnect Messages (DM)." ::= { radiusDynAuthClientEntry 11 } radiusDynAuthServMalformedDisconRequests OBJECT-TYPE SYNTAX Counter32 UNITS "requests" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of malformed RADIUS Disconnect-Request packets received from this Dynamic Authorization Client. Bad authenticators and unknown types are not - included as malformed Disconnect-Requests." + included as malformed Disconnect-Requests. This counter + wraps from the maximum value to zero and is reset upon + system (re)initialization." REFERENCE "RFC 3576, Section 2.1, Disconnect Messages (DM), and Section 2.3, Packet Format." ::= { radiusDynAuthClientEntry 12 } radiusDynAuthServDisconBadAuthenticators OBJECT-TYPE SYNTAX Counter32 UNITS "requests" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of RADIUS Disconnect-Request packets which contained invalid Authenticator field - received from this Dynamic Authorization Client." + received from this Dynamic Authorization Client. This + counter wraps from the maximum value to zero and is + reset upon system (re)initialization." REFERENCE "RFC 3576, Section 2.1, Disconnect Messages (DM), and Section 2.3, Packet Format." ::= { radiusDynAuthClientEntry 13 } radiusDynAuthServDisconPacketsDropped OBJECT-TYPE SYNTAX Counter32 UNITS "requests" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of incoming Disconnect-Requests from this Dynamic Authorization Client silently discarded by the server application for some reason other than malformed, bad authenticators or unknown - types." + types. This counter wraps from the maximum value to + zero and is reset upon system (re)initialization." REFERENCE "RFC 3576, Section 2.1, Disconnect Messages (DM), and Section 2.3, Packet Format." ::= { radiusDynAuthClientEntry 14 } radiusDynAuthServCoARequests OBJECT-TYPE SYNTAX Counter32 UNITS "requests" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of RADIUS CoA-requests received from this Dynamic Authorization Client. This also includes the CoA requests that have a Service-Type attribute - with value 'Authorize Only'." + with value 'Authorize Only'. This counter wraps from + the maximum value to zero and is reset upon system + (re)initialization." REFERENCE "RFC 3576, Section 2.2, Change-of-Authorization Messages (CoA)." ::= { radiusDynAuthClientEntry 15 } radiusDynAuthServCoAAuthOnlyRequests OBJECT-TYPE SYNTAX Counter32 UNITS "requests" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of RADIUS CoA-requests that include a Service-Type attribute with value 'Authorize Only' - received from this Dynamic Authorization Client." + received from this Dynamic Authorization Client. This + counter wraps from the maximum value to zero and is + reset upon system (re)initialization." REFERENCE "RFC 3576, Section 2.2, Change-of-Authorization Messages (CoA)." ::= { radiusDynAuthClientEntry 16 } radiusDynAuthServDupCoARequests OBJECT-TYPE SYNTAX Counter32 UNITS "requests" MAX-ACCESS read-only STATUS current DESCRIPTION - "The number of duplicate RADIUS CoA-Request - packets received from this Dynamic Authorization - Client." + "The number of duplicate RADIUS CoA-Request packets + received from this Dynamic Authorization Client. This + counter wraps from the maximum value to zero and is + reset upon system (re)initialization." REFERENCE "RFC 3576, Section 2.2, Change-of-Authorization Messages (CoA)." ::= { radiusDynAuthClientEntry 17 } radiusDynAuthServCoAAcks OBJECT-TYPE SYNTAX Counter32 UNITS "replies" MAX-ACCESS read-only STATUS current DESCRIPTION - "The number of RADIUS CoA-ACK packets - sent to this Dynamic Authorization Client." + "The number of RADIUS CoA-ACK packets sent to this + Dynamic Authorization Client. This counter wraps from + the maximum value to zero and is reset upon system + (re)initialization." REFERENCE "RFC 3576, Section 2.2, Change-of-Authorization Messages (CoA)." ::= { radiusDynAuthClientEntry 18 } radiusDynAuthServCoANaks OBJECT-TYPE SYNTAX Counter32 UNITS "replies" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of RADIUS CoA-NAK packets sent to this Dynamic Authorization Client. This includes the RADIUS CoA-NAK packets sent with a Service-Type attribute with value 'Authorize Only' and the RADIUS CoA-NAK packets sent because no session context was - found." + found. This counter wraps from the maximum value to + zero and is reset upon system (re)initialization." REFERENCE "RFC 3576, Section 2.2, Change-of-Authorization Messages (CoA)." ::= { radiusDynAuthClientEntry 19 } radiusDynAuthServCoANakAuthOnlyRequests OBJECT-TYPE SYNTAX Counter32 UNITS "replies" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of RADIUS CoA-NAK packets that include a Service-Type attribute with value 'Authorize Only' - sent to this Dynamic Authorization Client." + sent to this Dynamic Authorization Client. This counter + wraps from the maximum value to zero and is reset upon + system (re)initialization." REFERENCE "RFC 3576, Section 2.2, Change-of-Authorization Messages (CoA)." ::= { radiusDynAuthClientEntry 20 } radiusDynAuthServCoANakSessNoContext OBJECT-TYPE SYNTAX Counter32 UNITS "replies" MAX-ACCESS read-only STATUS current DESCRIPTION - "The number of RADIUS CoA-NAK packets - sent to this Dynamic Authorization Client - because no session context was found." + "The number of RADIUS CoA-NAK packets sent to this + Dynamic Authorization Client because no session context + was found. This counter wraps from the maximum value to + zero and is reset upon system (re)initialization." REFERENCE "RFC 3576, Section 2.2, Change-of-Authorization Messages (CoA)." ::= { radiusDynAuthClientEntry 21 } radiusDynAuthServCoAUserSessChanged OBJECT-TYPE SYNTAX Counter32 UNITS "sessions" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of user sessions authorization changed for the CoA-Requests received from this Dynamic Authorization Client. Depending on site specific policies, a single CoA request can change multiple user sessions' authorization. In the case this Dynamic Authorization Server has no knowledge of the number of user sessions that are affected by a single request, for each such CoA-Request, it will - count as a single affected user session only." + count as a single affected user session only. This + counter wraps from the maximum value to zero and is + reset upon system (re)initialization." REFERENCE "RFC 3576, Section 2.2, Change-of-Authorization Messages (CoA)." ::= { radiusDynAuthClientEntry 22 } radiusDynAuthServMalformedCoARequests OBJECT-TYPE SYNTAX Counter32 UNITS "requests" MAX-ACCESS read-only STATUS current DESCRIPTION - "The number of malformed RADIUS CoA-Request - packets received from this Dynamic Authorization - Client. Bad authenticators and unknown types are not - included as malformed CoA-Requests." + "The number of malformed RADIUS CoA-Request packets + received from this Dynamic Authorization Client. Bad + authenticators and unknown types are not included as + malformed CoA-Requests. This counter wraps from the + maximum value to zero and is reset upon system + (re)initialization." REFERENCE "RFC 3576, Section 2.2, Change-of-Authorization Messages (CoA), and Section 2.3, Packet Format." ::= { radiusDynAuthClientEntry 23 } radiusDynAuthServCoABadAuthenticators OBJECT-TYPE SYNTAX Counter32 UNITS "requests" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of RADIUS CoA-Request packets which contained invalid Authenticator field received - from this Dynamic Authorization Client." + from this Dynamic Authorization Client. This counter + wraps from the maximum value to zero and is reset + upon system (re)initialization." REFERENCE "RFC 3576, Section 2.2, Change-of-Authorization Messages (CoA), and Section 2.3, Packet Format." ::= { radiusDynAuthClientEntry 24 } radiusDynAuthServCoAPacketsDropped OBJECT-TYPE SYNTAX Counter32 UNITS "requests" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of incoming CoA packets from this Dynamic Authorization Client silently discarded by the server application for some reason other than - malformed, bad authenticators or unknown types." + malformed, bad authenticators or unknown types. This + counter wraps from the maximum value to zero and is + reset upon system (re)initialization." REFERENCE "RFC 3576, Section 2.2, Change-of-Authorization Messages (CoA), and Section 2.3, Packet Format." ::= { radiusDynAuthClientEntry 25 } radiusDynAuthServUnknownTypes OBJECT-TYPE SYNTAX Counter32 UNITS "requests" MAX-ACCESS read-only STATUS current DESCRIPTION - "The number of incoming packets of unknown types - which were received on the Dynamic Authorization port." + "The number of incoming packets of unknown types which + were received on the Dynamic Authorization port. This + counter wraps from the maximum value to zero and is + reset upon system (re)initialization." REFERENCE "RFC 3576, Section 2.3, Packet Format." ::= { radiusDynAuthClientEntry 26 } -- conformance information radiusDynAuthServerMIBConformance OBJECT IDENTIFIER ::= { radiusDynAuthServerMIB 2 } radiusDynAuthServerMIBCompliances OBJECT IDENTIFIER ::= { radiusDynAuthServerMIBConformance 1 }