draft-ietf-radext-rfc2618bis-00.txt   draft-ietf-radext-rfc2618bis-01.txt 
Network Working Group D. Nelson Network Working Group D. Nelson
Internet-Draft Enterasys Networks Internet-Draft Enterasys Networks
Updates: RFC 2618 (if approved) August 30, 2005 Obsoletes: RFC 2618 (if approved) October 18, 2005
Expires: March 3, 2006 Expires: April 21, 2006
RADIUS Auth Client MIB (IPv6) RADIUS Auth Client MIB (IPv6)
draft-ietf-radext-rfc2618bis-00.txt draft-ietf-radext-rfc2618bis-01.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 34 skipping to change at page 1, line 34
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on March 3, 2006. This Internet-Draft will expire on April 21, 2006.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2005). Copyright (C) The Internet Society (2005).
Abstract Abstract
This memo updates RFC 2618 by deprecating the MIB table containing This memo obsoletes RFC 2618 by deprecating the MIB table containing
IPv4-only address formats and defining a new table to add support for IPv4-only address formats and defining a new table to add support for
version neutral IP address formats. version neutral IP address formats. The remaining MIB objects from
RFC 2618 are carried forward into this document.
Table of Contents Table of Contents
1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. The Internet-Standard Management Framework . . . . . . . . . . 3 3. The Internet-Standard Management Framework . . . . . . . . . . 3
4. Scope of Changes . . . . . . . . . . . . . . . . . . . . . . . 3 4. Scope of Changes . . . . . . . . . . . . . . . . . . . . . . . 3
5. Structure of the MIB Module . . . . . . . . . . . . . . . . . 4 5. Structure of the MIB Module . . . . . . . . . . . . . . . . . 4
6. Deprecated Objects . . . . . . . . . . . . . . . . . . . . . . 4 6. Deprecated Objects . . . . . . . . . . . . . . . . . . . . . . 4
7. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4 7. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 5
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17
9. Security Considerations . . . . . . . . . . . . . . . . . . . 17 9. Security Considerations . . . . . . . . . . . . . . . . . . . 17
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18
10.1. Normative References . . . . . . . . . . . . . . . . . . 18 10.1. Normative References . . . . . . . . . . . . . . . . . . 18
10.2. Informative References . . . . . . . . . . . . . . . . . 19 10.2. Informative References . . . . . . . . . . . . . . . . . 19
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 19 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 19
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 20 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 20
Intellectual Property and Copyright Statements . . . . . . . . . . 21 Intellectual Property and Copyright Statements . . . . . . . . . . 21
1. Terminology 1. Terminology
skipping to change at page 3, line 38 skipping to change at page 3, line 38
the Management Information Base or MIB. MIB objects are generally the Management Information Base or MIB. MIB objects are generally
accessed through the Simple Network Management Protocol (SNMP). accessed through the Simple Network Management Protocol (SNMP).
Objects in the MIB are defined using the mechanisms defined in the Objects in the MIB are defined using the mechanisms defined in the
Structure of Management Information (SMI). This memo specifies a MIB Structure of Management Information (SMI). This memo specifies a MIB
module that is compliant to the SMIv2, which is described in STD 58, module that is compliant to the SMIv2, which is described in STD 58,
RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580
[RFC2580]. [RFC2580].
4. Scope of Changes 4. Scope of Changes
This document updates RFC 2618 [RFC2618], RADIUS Authentication This document obsoletes RFC 2618 [RFC2618], RADIUS Authentication
Client MIB, by deprecating the radiusAuthServerTable table and adding Client MIB, by deprecating the radiusAuthServerTable table and adding
a new table, radiusAuthServerExtTable, containing a new table, radiusAuthServerExtTable, containing
radiusAuthServerInetAddressType, radiusAuthServerInetAddress, and radiusAuthServerInetAddressType, radiusAuthServerInetAddress, and
radiusAuthClientServerInetPortNumber. The purpose of these added MIB radiusAuthClientServerInetPortNumber. The purpose of these added MIB
objects is to support version neutral IP addressing formats. The objects is to support version neutral IP addressing formats. The
existing table containing radiusAuthServerAddress and existing table containing radiusAuthServerAddress and
radiusAuthClientServerPortNumber is deprecated. radiusAuthClientServerPortNumber is deprecated. The remaining MIB
objects are carried forward from RFC 2618 into this document.
RFC 4001 [RFC4001], which defines the SMI Textual Conventions for RFC 4001 [RFC4001], which defines the SMI Textual Conventions for
IPv6 addresses, contains the following recommendation. IPv6 addresses, contains the following recommendation.
'In particular, when revising a MIB module that contains IPv4 'In particular, when revising a MIB module that contains IPv4
specific tables, it is suggested to define new tables using the specific tables, it is suggested to define new tables using the
textual conventions defined in this memo [RFC 4001] that support all textual conventions defined in this memo [RFC 4001] that support all
versions of IP. The status of the new tables SHOULD be "current", versions of IP. The status of the new tables SHOULD be "current",
whereas the status of the old IP version specific tables SHOULD be whereas the status of the old IP version specific tables SHOULD be
changed to "deprecated". The other approach, of having multiple changed to "deprecated". The other approach, of having multiple
similar tables for different IP versions, is strongly discouraged.' similar tables for different IP versions, is strongly discouraged.'
5. Structure of the MIB Module 5. Structure of the MIB Module
The structure of the MIB Module defined in this memo corresponds to The RADIUS authentication protocol, described in RFC 2865 [RFC2865],
the structure of the MIB Module defined in RADIUS Authentication distinguishes between the client function and the server function.
Client MIB, RFC 2618 [RFC2618]. This MIB module contains two scalars In RADIUS authentication, clients send Access-Requests, and servers
as well as a single table, the RADIUS Authentication Server Table, reply with Access-Accepts, Access-Rejects, and Access-Challenges.
which contains one row for each RADIUS authentication server with Typically NAS devices implement the client function, and thus would
which the client shares a secret. be expected to implement the RADIUS authentication client MIB, while
RADIUS authentication servers implement the server function, and thus
would be expected to implement the RADIUS authentication server MIB.
However, it is possible for a RADIUS authentication entity to perform
both client and server functions. For example, a RADIUS proxy may
act as a server to one or more RADIUS authentication clients, while
simultaneously acting as an authentication client to one or more
authentication servers. In such situations, it is expected that
RADIUS entities combining client and server functionality will
support both the client and server MIBs.
This MIB module contains two scalars as well as a single table, the
RADIUS Authentication Server Table, which contains one row for each
RADIUS authentication server with which the client shares a secret.
Each entry in the RADIUS Authentication Server Table includes sixteen Each entry in the RADIUS Authentication Server Table includes sixteen
columns presenting a view of the activity of the RADIUS columns presenting a view of the activity of the RADIUS
authentication client. authentication client.
6. Deprecated Objects 6. Deprecated Objects
The deprecated table in this MIB is carried forward from RFC 2618 The deprecated table in this MIB is carried forward from RFC 2618
[RFC2618]. There are two conditions under which it MAY be desirable [RFC2618]. There are two conditions under which it MAY be desirable
for managed entities to continue to support the deprecated table: for managed entities to continue to support the deprecated table:
skipping to change at page 5, line 14 skipping to change at page 5, line 27
IMPORTS IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY,
Counter32, Integer32, Gauge32, Counter32, Integer32, Gauge32,
IpAddress, TimeTicks, mib-2 FROM SNMPv2-SMI IpAddress, TimeTicks, mib-2 FROM SNMPv2-SMI
SnmpAdminString FROM SNMP-FRAMEWORK-MIB SnmpAdminString FROM SNMP-FRAMEWORK-MIB
InetAddressType, InetAddress, InetAddressType, InetAddress,
InetPortNumber FROM INET-ADDRESS-MIB InetPortNumber FROM INET-ADDRESS-MIB
MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF; MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF;
radiusAuthClientMIB MODULE-IDENTITY radiusAuthClientMIB MODULE-IDENTITY
LAST-UPDATED "200508300000Z" -- 30 Aug 2005 LAST-UPDATED "200510170000Z" -- 17 Oct 2005
ORGANIZATION "IETF RADIUS Extensions Working Group." ORGANIZATION "IETF RADIUS Extensions Working Group."
CONTACT-INFO CONTACT-INFO
" Bernard Aboba " Bernard Aboba
Microsoft Microsoft
One Microsoft Way One Microsoft Way
Redmond, WA 98052 Redmond, WA 98052
US US
Phone: +1 425 936 6605 Phone: +1 425 936 6605
EMail: bernarda@microsoft.com" EMail: bernarda@microsoft.com"
DESCRIPTION DESCRIPTION
"The MIB module for entities implementing the client "The MIB module for entities implementing the client
side of the Remote Authentication Dial-In User Service side of the Remote Authentication Dial-In User Service
(RADIUS) authentication protocol." (RADIUS) authentication protocol."
REVISION "200510170000Z" -- 17 Oct 2005
DESCRIPTION "Revised version as published in RFC xxxx. This
version obsoletes that of RFC 2618 by deprecating the MIB
table containing IPv4-only address formats and defining a
new table to add support for version neutral IP address
formats. The remaining MIB objects from RFC 2618 are carried
forward into this version."
REVISION "9906110000Z" -- 11 Jun 1999 REVISION "9906110000Z" -- 11 Jun 1999
DESCRIPTION "Initial version as published in RFC 2618" DESCRIPTION "Initial version as published in RFC 2618"
REVISION "200508300000Z" -- 30 Aug 2005
DESCRIPTION "Revised version as published in RFC xxxx"
-- RFC Editor: replace xxxx with actual RFC number at the time of -- RFC Editor: replace xxxx with actual RFC number at the time of
-- publication, and remove this note. -- publication, and remove this note.
::= { radiusAuthentication 2 } ::= { radiusAuthentication 2 }
radiusMIB OBJECT-IDENTITY radiusMIB OBJECT-IDENTITY
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The OID assigned to RADIUS MIB work by the IANA." "The OID assigned to RADIUS MIB work by the IANA."
::= { mib-2 67 } ::= { mib-2 67 }
radiusAuthClientExtMIB OBJECT-IDENTITY
STATUS current
DESCRIPTION
"The OID assigned to RADIUS Extensions MIB work by
the IANA."
::= { mib-2 TBA }
-- RFC Editor: replace TBA with IANA assigned OID value, and
-- remove this note.
radiusAuthentication OBJECT IDENTIFIER ::= {radiusMIB 1} radiusAuthentication OBJECT IDENTIFIER ::= {radiusMIB 1}
radiusAuthClientMIBObjects OBJECT IDENTIFIER radiusAuthClientMIBObjects OBJECT IDENTIFIER
::= { radiusAuthClientMIB 1 } ::= { radiusAuthClientMIB 1 }
radiusAuthClient OBJECT IDENTIFIER radiusAuthClient OBJECT IDENTIFIER
::= { radiusAuthClientMIBObjects 1 } ::= { radiusAuthClientMIBObjects 1 }
radiusAuthClientInvalidServerAddresses OBJECT-TYPE radiusAuthClientInvalidServerAddresses OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
skipping to change at page 10, line 48 skipping to change at page 11, line 9
radiusAuthClientPacketsDropped OBJECT-TYPE radiusAuthClientPacketsDropped OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"The number of RADIUS packets of which were "The number of RADIUS packets of which were
received from this server on the authentication port received from this server on the authentication port
and dropped for some other reason." and dropped for some other reason."
::= { radiusAuthServerEntry 15 } ::= { radiusAuthServerEntry 15 }
-- Extended MIB Objects -- New MIB Objects in this revision
radiusAuthClientExtMIBNotifications OBJECT IDENTIFIER
::= { radiusAuthClientExtMIB 0 }
radiusAuthClientExtMIBObjects OBJECT IDENTIFIER
::= { radiusAuthClientExtMIB 1 }
radiusAuthClientExtMIBConformance OBJECT IDENTIFIER
::= { radiusAuthClientExtMIB 2 }
radiusAuthServerExtTable OBJECT-TYPE radiusAuthServerExtTable OBJECT-TYPE
SYNTAX SEQUENCE OF RadiusAuthServerExtEntry SYNTAX SEQUENCE OF RadiusAuthServerExtEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The (conceptual) table listing the RADIUS authentication "The (conceptual) table listing the RADIUS authentication
servers with which the client shares a secret." servers with which the client shares a secret."
::= { radiusAuthClientExtMIBObjects 1 } ::= { radiusAuthClient 4 }
radiusAuthServerExtEntry OBJECT-TYPE radiusAuthServerExtEntry OBJECT-TYPE
SYNTAX RadiusAuthServerExtEntry SYNTAX RadiusAuthServerExtEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An entry (conceptual row) representing a RADIUS "An entry (conceptual row) representing a RADIUS
authentication server with which the client shares authentication server with which the client shares
a secret." a secret."
INDEX { radiusAuthServerExtIndex } INDEX { radiusAuthServerExtIndex }
skipping to change at page 12, line 29 skipping to change at page 12, line 29
radiusAuthServerInetAddress object." radiusAuthServerInetAddress object."
::= { radiusAuthServerExtEntry 2 } ::= { radiusAuthServerExtEntry 2 }
radiusAuthServerInetAddress OBJECT-TYPE radiusAuthServerInetAddress OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetAddress
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The IP address of the RADIUS authentication "The IP address of the RADIUS authentication
server referred to in this table entry, using server referred to in this table entry, using
the IPv6 adddess format." the version neutral IP adddess format."
::= { radiusAuthServerExtEntry 3 } ::= { radiusAuthServerExtEntry 3 }
radiusAuthClientServerInetPortNumber OBJECT-TYPE radiusAuthClientServerInetPortNumber OBJECT-TYPE
SYNTAX InetPortNumber SYNTAX InetPortNumber
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The UDP port the client is using to send requests "The UDP port the client is using to send requests
to this server." to this server."
::= { radiusAuthServerExtEntry 4 } ::= { radiusAuthServerExtEntry 4 }
skipping to change at page 15, line 50 skipping to change at page 15, line 50
radiusAuthClientMIBConformance OBJECT IDENTIFIER radiusAuthClientMIBConformance OBJECT IDENTIFIER
::= { radiusAuthClientMIB 2 } ::= { radiusAuthClientMIB 2 }
radiusAuthClientMIBCompliances OBJECT IDENTIFIER radiusAuthClientMIBCompliances OBJECT IDENTIFIER
::= { radiusAuthClientMIBConformance 1 } ::= { radiusAuthClientMIBConformance 1 }
radiusAuthClientMIBGroups OBJECT IDENTIFIER radiusAuthClientMIBGroups OBJECT IDENTIFIER
::= { radiusAuthClientMIBConformance 2 } ::= { radiusAuthClientMIBConformance 2 }
radiusAuthClientExtMIBCompliances OBJECT IDENTIFIER
::= { radiusAuthClientExtMIBConformance 1 }
radiusAuthClientExtMIBGroups OBJECT IDENTIFIER
::= { radiusAuthClientExtMIBConformance 2 }
-- compliance statements -- compliance statements
radiusAuthClientMIBCompliance MODULE-COMPLIANCE radiusAuthClientMIBCompliance MODULE-COMPLIANCE
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"The compliance statement for authentication clients "The compliance statement for authentication clients
implementing the RADIUS Authentication Client MIB." implementing the RADIUS Authentication Client MIB."
MODULE -- this module MODULE -- this module
MANDATORY-GROUPS { radiusAuthClientMIBGroup } MANDATORY-GROUPS { radiusAuthClientMIBGroup }
::= { radiusAuthClientMIBCompliances 1 } ::= { radiusAuthClientMIBCompliances 1 }
skipping to change at page 16, line 28 skipping to change at page 16, line 23
radiusAuthClientExtMIBCompliance MODULE-COMPLIANCE radiusAuthClientExtMIBCompliance MODULE-COMPLIANCE
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The compliance statement for authentication "The compliance statement for authentication
clients implementing the RADIUS Authentication clients implementing the RADIUS Authentication
Client IPv6 Extensions MIB." Client IPv6 Extensions MIB."
MODULE -- this module MODULE -- this module
MANDATORY-GROUPS { radiusAuthClientExtMIBGroup } MANDATORY-GROUPS { radiusAuthClientExtMIBGroup }
::= { radiusAuthClientExtMIBCompliances 1 } ::= { radiusAuthClientMIBCompliances 2 }
-- units of conformance -- units of conformance
radiusAuthClientMIBGroup OBJECT-GROUP radiusAuthClientMIBGroup OBJECT-GROUP
OBJECTS { radiusAuthClientIdentifier, OBJECTS { radiusAuthClientIdentifier,
radiusAuthClientInvalidServerAddresses, radiusAuthClientInvalidServerAddresses,
radiusAuthServerAddress, radiusAuthServerAddress,
radiusAuthClientServerPortNumber, radiusAuthClientServerPortNumber,
radiusAuthClientRoundTripTime, radiusAuthClientRoundTripTime,
radiusAuthClientAccessRequests, radiusAuthClientAccessRequests,
skipping to change at page 17, line 33 skipping to change at page 17, line 28
radiusAuthClientExtPendingRequests, radiusAuthClientExtPendingRequests,
radiusAuthClientExtTimeouts, radiusAuthClientExtTimeouts,
radiusAuthClientExtUnknownTypes, radiusAuthClientExtUnknownTypes,
radiusAuthClientExtPacketsDropped radiusAuthClientExtPacketsDropped
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The collection of extended objects providing "The collection of extended objects providing
management of RADIUS Authentication Clients management of RADIUS Authentication Clients
using version neutral IP address format." using version neutral IP address format."
::= { radiusAuthClientExtMIBGroups 1 } ::= { radiusAuthClientMIBGroups 2 }
END END
8. IANA Considerations 8. IANA Considerations
This document requires IANA assignment of a number in the MIB-2 OID This document requires no new IANA assignments.
number space.
9. Security Considerations 9. Security Considerations
There are no management objects defined in this MIB that have a MAX- There are no management objects defined in this MIB that have a MAX-
ACCESS clause of read-write and/or read-create. So, if this MIB is ACCESS clause of read-write and/or read-create. So, if this MIB is
implemented correctly, then there is no risk that an intruder can implemented correctly, then there is no risk that an intruder can
alter or create any management objects of this MIB via direct SNMP alter or create any management objects of this MIB via direct SNMP
SET operations. SET operations.
There are a number of managed objects in this MIB that may contain There are a number of managed objects in this MIB that may contain
 End of changes. 22 change blocks. 
50 lines changed or deleted 44 lines changed or added

This html diff was produced by rfcdiff 1.27, available from http://www.levkowetz.com/ietf/tools/rfcdiff/