--- 1/draft-ietf-radext-dynauth-server-mib-05.txt 2006-06-23 01:14:20.000000000 +0200 +++ 2/draft-ietf-radext-dynauth-server-mib-06.txt 2006-06-23 01:14:20.000000000 +0200 @@ -1,20 +1,20 @@ Network Working Group S. De Cnodder Internet-Draft Alcatel -Expires: September 30, 2006 N. Jonnala +Expires: December 17, 2006 N. Jonnala M. Chiba Cisco Systems, Inc. - March 29, 2006 + June 15, 2006 Dynamic Authorization Server MIB - draft-ietf-radext-dynauth-server-mib-05.txt + draft-ietf-radext-dynauth-server-mib-06.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that @@ -25,21 +25,21 @@ and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. - This Internet-Draft will expire on September 30, 2006. + This Internet-Draft will expire on December 17, 2006. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it describes the Remote Authentication Dial In User @@ -71,21 +71,21 @@ It is becoming increasingly important to support Dynamic Authorization extensions on the network access server (NAS) devices to handle the Disconnect and Change-of-Authorization (CoA) messages as described in [RFC3576]. As a result, the effective management of RADIUS Dynamic Authorization entities is of considerable importance. This RADIUS Dynamic Authorization Server (DAS) MIB complements the managed objects used for managing RADIUS authentication and accounting clients as described in [RFC2618bis] and [RFC2620bis], respectively. - -- RFC Ed.: references [DYNSERV], [RFC2618bis], [RFC2619bis], + -- RFC Ed.: references [DYNCLNT], [RFC2618bis], [RFC2619bis], -- [RFC2620bis], and [RFC2621bis] should be replaced by -- references to the corresponding RFC. 1.1. Requirements notation The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 1.2. Terminology @@ -172,21 +172,21 @@ | Server |--------------------->| Client | User 3----| (DAS) | Disconnect-Ack | (DAC) | | | Disconnect-NAK | | +---------------+ CoA-Ack/CoA-NAK +---------------+ Figure 1: Mapping of clients and servers. This MIB module for the Dynamic Authorization Server contains the following: - 1. Four scalar objects, and + 1. Three scalar objects, and 2. One Dynamic Authorization Client Table. This table contains one row for each DAC with which the DAS shares a secret. 4. RADIUS Dynamic Authorization Server MIB Definitions RADIUS-DYNAUTH-SERVER-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, @@ -274,30 +274,20 @@ MAX-ACCESS read-only STATUS current DESCRIPTION "The NAS-Identifier of the RADIUS Dynamic Authorization Server. This is not necessarily the same as sysName in MIB II." REFERENCE "RFC 2865, Section 5.32, NAS-Identifier." ::= { radiusDynAuthServerScalars 3 } - radiusDynAuthServerCounterDiscontinuity OBJECT-TYPE - SYNTAX TimeTicks - UNITS "hundredths of a second" - MAX-ACCESS read-only - STATUS current - DESCRIPTION - "The time (in hundredths of a second) since the - DAS module was last re-initialized." - ::= { radiusDynAuthServerScalars 4 } - radiusDynAuthClientTable OBJECT-TYPE SYNTAX SEQUENCE OF RadiusDynAuthClientEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The (conceptual) table listing the RADIUS Dynamic Authorization Clients with which the server shares a secret." ::= { radiusDynAuthServerMIBObjects 2 } @@ -331,21 +321,22 @@ radiusDynAuthServCoAAuthOnlyRequests Counter32, radiusDynAuthServDupCoARequests Counter32, radiusDynAuthServCoAAcks Counter32, radiusDynAuthServCoANaks Counter32, radiusDynAuthServCoANakAuthOnlyRequests Counter32, radiusDynAuthServCoANakSessNoContext Counter32, radiusDynAuthServCoAUserSessChanged Counter32, radiusDynAuthServMalformedCoARequests Counter32, radiusDynAuthServCoABadAuthenticators Counter32, radiusDynAuthServCoAPacketsDropped Counter32, - radiusDynAuthServUnknownTypes Counter32 + radiusDynAuthServUnknownTypes Counter32, + radiusDynAuthServerCounterDiscontinuity TimeTicks } radiusDynAuthClientIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "A number uniquely identifying each RADIUS Dynamic Authorization Client with which this Dynamic Authorization Server communicates. This number is @@ -766,20 +758,32 @@ DESCRIPTION "The number of incoming packets of unknown types which were received on the Dynamic Authorization port. This counter may experience a discontinuity when the DAS module (re)starts as indicated by the value of radiusDynAuthServerCounterDiscontinuity." REFERENCE "RFC 3576, Section 2.3, Packet Format." ::= { radiusDynAuthClientEntry 26 } + radiusDynAuthServerCounterDiscontinuity OBJECT-TYPE + SYNTAX TimeTicks + UNITS "hundredths of a second" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The time (in hundredths of a second) since the + last counter discontinuity. A discontinuity may + be the result of a reinitialization of the DAS + module within the managed entity." + ::= { radiusDynAuthClientEntry 27 } + -- conformance information radiusDynAuthServerMIBConformance OBJECT IDENTIFIER ::= { radiusDynAuthServerMIB 2 } radiusDynAuthServerMIBCompliances OBJECT IDENTIFIER ::= { radiusDynAuthServerMIBConformance 1 } radiusDynAuthServerMIBGroups OBJECT IDENTIFIER ::= { radiusDynAuthServerMIBConformance 2 } -- compliance statements @@ -820,40 +824,40 @@ proxy)." ::= { radiusDynAuthServerMIBCompliances 1 } -- units of conformance radiusDynAuthServerMIBGroup OBJECT-GROUP OBJECTS { radiusDynAuthServerDisconInvalidClientAddresses, radiusDynAuthServerCoAInvalidClientAddresses, radiusDynAuthServerIdentifier, - radiusDynAuthServerCounterDiscontinuity, radiusDynAuthClientAddressType, radiusDynAuthClientAddress, radiusDynAuthServDisconRequests, radiusDynAuthServDupDisconRequests, radiusDynAuthServDisconAcks, radiusDynAuthServDisconNaks, radiusDynAuthServDisconUserSessRemoved, radiusDynAuthServMalformedDisconRequests, radiusDynAuthServDisconBadAuthenticators, radiusDynAuthServDisconPacketsDropped, radiusDynAuthServCoARequests, radiusDynAuthServDupCoARequests, radiusDynAuthServCoAAcks, radiusDynAuthServCoANaks, radiusDynAuthServCoAUserSessChanged, radiusDynAuthServMalformedCoARequests, radiusDynAuthServCoABadAuthenticators, radiusDynAuthServCoAPacketsDropped, - radiusDynAuthServUnknownTypes + radiusDynAuthServUnknownTypes, + radiusDynAuthServerCounterDiscontinuity } STATUS current DESCRIPTION "The collection of objects providing management of a RADIUS Dynamic Authorization Server." ::= { radiusDynAuthServerMIBGroups 1 } radiusDynAuthServerAuthOnlyGroup OBJECT-GROUP OBJECTS { radiusDynAuthServDisconAuthOnlyRequests, radiusDynAuthServDisconNakAuthOnlyRequests,