idnits 2.17.1 draft-nelson-rfc2621bis-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 15. -- Found old boilerplate from RFC 3978, Section 5.5 on line 923. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 900. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 907. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 913. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == The 'Updates: ' line in the draft header should list only the _numbers_ of the RFCs which will be updated by this document (if approved); it should not include the word 'RFC' in the list. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 472 has weird spacing: '...invalid authe...' == Line 633 has weird spacing: '...invalid authe...' (Using the creation date from RFC2621, updated by this document, for RFC5378 checks: 1997-08-26) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (July 17, 2005) is 6858 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC 4001' is mentioned on line 109, but not defined == Unused Reference: 'RFC3418' is defined on line 859, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2574 (Obsoleted by RFC 3414) ** Obsolete normative reference: RFC 2575 (Obsoleted by RFC 3415) ** Downref: Normative reference to an Informational RFC: RFC 3410 -- Obsolete informational reference (is this intentional?): RFC 2621 (Obsoleted by RFC 4671) Summary: 6 errors (**), 0 flaws (~~), 7 warnings (==), 8 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group D. Nelson 3 Internet-Draft Enterasys Networks 4 Updates: RFC 2621 (if approved) July 17, 2005 5 Expires: January 18, 2006 7 RADIUS Acct Server MIB (IPv6) 8 draft-nelson-rfc2621bis-01.txt 10 Status of this Memo 12 By submitting this Internet-Draft, each author represents that any 13 applicable patent or other IPR claims of which he or she is aware 14 have been or will be disclosed, and any of which he or she becomes 15 aware will be disclosed, in accordance with Section 6 of BCP 79. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF), its areas, and its working groups. Note that 19 other groups may also distribute working documents as Internet- 20 Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 The list of current Internet-Drafts can be accessed at 28 http://www.ietf.org/ietf/1id-abstracts.txt. 30 The list of Internet-Draft Shadow Directories can be accessed at 31 http://www.ietf.org/shadow.html. 33 This Internet-Draft will expire on January 18, 2006. 35 Copyright Notice 37 Copyright (C) The Internet Society (2005). 39 Abstract 41 This memo updates RFC 2621 by deprecating the MIB table containing 42 IPv4-only address formats and defining a new table to add support for 43 version neutral IP address formats. 45 Table of Contents 47 1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 48 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 49 3. The Internet-Standard Management Framework . . . . . . . . . 3 50 4. Scope of Changes . . . . . . . . . . . . . . . . . . . . . . 3 51 5. Structure of the MIB Module . . . . . . . . . . . . . . . . 4 52 6. Deprecated Objects . . . . . . . . . . . . . . . . . . . . . 4 53 7. Definitions . . . . . . . . . . . . . . . . . . . . . . . . 4 54 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . 18 55 9. Security Considerations . . . . . . . . . . . . . . . . . . 18 56 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 57 10.1 Normative References . . . . . . . . . . . . . . . . . . 19 58 10.2 Informative References . . . . . . . . . . . . . . . . . 19 59 Author's Address . . . . . . . . . . . . . . . . . . . . . . 20 60 A. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 20 61 Intellectual Property and Copyright Statements . . . . . . . 21 63 1. Terminology 65 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 66 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 67 document are to be interpreted as described in RFC 2119 [RFC2119]. 69 This document uses terminology from RFC 2866 [RFC2866]. 71 2. Introduction 73 This memo defines a portion of the Management Information Base (MIB) 74 for use with network management protocols in the Internet community. 75 The objects defined within this memo relate to the Remote 76 Authentication Dial-In User Service (RADIUS) Accounting Server as 77 defined in RFC 2866 [RFC2866]. 79 3. The Internet-Standard Management Framework 81 For a detailed overview of the documents that describe the current 82 Internet-Standard Management Framework, please refer to section 7 of 83 RFC 3410 [RFC3410]. 85 Managed objects are accessed via a virtual information store, termed 86 the Management Information Base or MIB. MIB objects are generally 87 accessed through the Simple Network Management Protocol (SNMP). 88 Objects in the MIB are defined using the mechanisms defined in the 89 Structure of Management Information (SMI). This memo specifies a MIB 90 module that is compliant to the SMIv2, which is described in STD 58, 91 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 92 [RFC2580]. 94 4. Scope of Changes 96 This document updates RFC 2621 [RFC2621], RADIUS Accounting Server 97 MIB, by deprecating the radiusAccClientTable table and adding a new 98 table, radiusAccClientExtTable, containing 99 radiusAccClientInetAddressType and radiusAccClientInetAddress. The 100 purpose of these added MIB objects is to support version neutral IP 101 addressing formats. The existing table containing 102 radiusAccClientAddress is deprecated. 104 RFC 4001 [RFC4001], which defines the SMI Textual Conventions for 105 version neutral IP addresses, contains the following recommendation. 107 'In particular, when revising a MIB module that contains IPv4 108 specific tables, it is suggested to define new tables using the 109 textual conventions defined in this memo [RFC 4001] that support all 110 versions of IP. The status of the new tables SHOULD be "current", 111 whereas the status of the old IP version specific tables SHOULD be 112 changed to "deprecated". The other approach, of having multiple 113 similar tables for different IP versions, is strongly discouraged.' 115 5. Structure of the MIB Module 117 The structure of the MIB Module defined in this memo corresponds to 118 the structure of the MIB Module defined in RADIUS Accounting Server 119 MIB, RFC 2621 [RFC2621]. This MIB module contains thirteen scalars 120 as well as a single table, the RADIUS Accounting Client Table, which 121 contains one row for each RADIUS accounting client with which the 122 server shares a secret. 124 Each entry in the RADIUS Accounting Client Table includes twelve 125 columns presenting a view of the activity of the RADIUS accounting 126 server. 128 6. Deprecated Objects 130 The deprecated table in this MIB is carried forward from RFC 2621 131 [RFC2621]. There are two conditions under which it MAY be desirable 132 for managed entities to continue to support the deprecated table: 134 1. The managed entity only supports IPv4 address formats. 135 2. The managed entity supports both IPv4 and IPv6 address formats, 136 and the deprecated table is supported for backwards compatibility 137 with older management stations. This option SHOULD only be used 138 when the IP addresses in the new table are in IPv4 format and can 139 accurately be represented in both the new table and the 140 deprecated table. 142 Managed entities SHOULD NOT instantiate the deprecated table 143 containing IPv4-only address objects when the RADIUS server address 144 represented in the table row is not an IPv4 address. Managed 145 entities SHOULD NOT return inaccurate values of IP address or SNMP 146 object access errors for IPv4-only address objects in otherwise 147 populated tables. 149 7. Definitions 151 4. Definitions 153 RADIUS-ACCT-SERVER-MIB DEFINITIONS ::= BEGIN 155 IMPORTS 156 MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, 157 Counter32, Integer32, 158 IpAddress, TimeTicks, mib-2 FROM SNMPv2-SMI 159 SnmpAdminString FROM SNMP-FRAMEWORK-MIB 160 InetAddressType, InetAddress, 161 InetPortNumber FROM INET-ADDRESS-MIB 162 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF; 164 radiusAccServMIB MODULE-IDENTITY 165 LAST-UPDATED "200507150000Z" -- 15 Jul 2005 166 ORGANIZATION "IETF RADIUS Working Group." 167 CONTACT-INFO 168 " Bernard Aboba 169 Microsoft 170 One Microsoft Way 171 Redmond, WA 98052 172 US 173 Phone: +1 425 936 6605 174 EMail: bernarda@microsoft.com" 175 DESCRIPTION 176 "The MIB module for entities implementing the server 177 side of the Remote Authentication Dial-In User 178 Service (RADIUS) accounting protocol." 179 REVISION "9906110000Z" -- 11 Jun 1999 180 DESCRIPTION "Initial version as published in RFC 2621" 181 REVISION "200507150000Z" -- 15 Jul 2005 182 DESCRIPTION "Revised version as published in RFC xxxx." 184 -- RFC Editor: replace xxxx with actual RFC number at the time of 185 -- publication, and remove this note. 187 ::= { radiusAccounting 1 } 189 radiusMIB OBJECT-IDENTITY 190 STATUS current 191 DESCRIPTION 192 "The OID assigned to RADIUS MIB work by the IANA." 193 ::= { mib-2 67 } 195 radiusAccServExtMIB OBJECT-IDENTITY 196 STATUS current 197 DESCRIPTION 198 "The OID assigned to RADIUS MIB Extension 199 work by the IANA." 200 ::= { mib-2 TBA } 202 -- RFC Editor: replace TBA with IANA assigned OID value, and 203 -- remove this note. 205 radiusAccounting OBJECT IDENTIFIER ::= {radiusMIB 2} 206 radiusAccServMIBObjects OBJECT IDENTIFIER 207 ::= { radiusAccServMIB 1 } 209 radiusAccServExtMIBObjects OBJECT IDENTIFIER 210 ::= { radiusAccServExtMIB 1 } 212 radiusAccServ OBJECT IDENTIFIER 213 ::= { radiusAccServMIBObjects 1 } 215 radiusAccServExt OBJECT IDENTIFIER 216 ::= { radiusAccServExtMIBObjects 1 } 218 radiusAccServIdent OBJECT-TYPE 219 SYNTAX SnmpAdminString 220 MAX-ACCESS read-only 221 STATUS current 222 DESCRIPTION 223 "The implementation identification string for the 224 RADIUS accounting server software in use on the 225 system, for example; `FNS-2.1'" 226 ::= {radiusAccServ 1} 228 radiusAccServUpTime OBJECT-TYPE 229 SYNTAX TimeTicks 230 MAX-ACCESS read-only 231 STATUS current 232 DESCRIPTION 233 "If the server has a persistent state (e.g., a 234 process), this value will be the time elapsed (in 235 hundredths of a second) since the server process was 236 started. For software without persistent state, this 237 value will be zero." 238 ::= {radiusAccServ 2} 240 radiusAccServResetTime OBJECT-TYPE 241 SYNTAX TimeTicks 242 MAX-ACCESS read-only 243 STATUS current 244 DESCRIPTION 245 "If the server has a persistent state (e.g., a process) 246 and supports a `reset' operation (e.g., can be told to 247 re-read configuration files), this value will be the 248 time elapsed (in hundredths of a second) since the 249 server was `reset.' For software that does not 250 have persistence or does not support a `reset' 251 operation, this value will be zero." 252 ::= {radiusAccServ 3} 254 radiusAccServConfigReset OBJECT-TYPE 255 SYNTAX INTEGER { other(1), 256 reset(2), 257 initializing(3), 258 running(4)} 259 MAX-ACCESS read-write 260 STATUS current 261 DESCRIPTION 262 "Status/action object to reinitialize any persistent 263 server state. When set to reset(2), any persistent 264 server state (such as a process) is reinitialized as 265 if the server had just been started. This value will 266 never be returned by a read operation. When read, 267 one of the following values will be returned: 268 other(1) - server in some unknown state; 269 initializing(3) - server (re)initializing; 270 running(4) - server currently running." 271 ::= {radiusAccServ 4} 273 radiusAccServTotalRequests OBJECT-TYPE 274 SYNTAX Counter32 275 MAX-ACCESS read-only 276 STATUS current 277 DESCRIPTION 278 "The number of packets received on the 279 accounting port." 280 ::= { radiusAccServ 5 } 282 radiusAccServTotalInvalidRequests OBJECT-TYPE 283 SYNTAX Counter32 284 MAX-ACCESS read-only 285 STATUS current 286 DESCRIPTION 287 "The number of RADIUS Accounting-Request packets 288 received from unknown addresses." 289 ::= { radiusAccServ 6 } 291 radiusAccServTotalDupRequests OBJECT-TYPE 292 SYNTAX Counter32 293 MAX-ACCESS read-only 294 STATUS current 295 DESCRIPTION 296 "The number of duplicate RADIUS Accounting-Request 297 packets received." 298 ::= { radiusAccServ 7 } 300 radiusAccServTotalResponses OBJECT-TYPE 301 SYNTAX Counter32 302 MAX-ACCESS read-only 303 STATUS current 304 DESCRIPTION 305 "The number of RADIUS Accounting-Response packets 306 sent." 307 ::= { radiusAccServ 8 } 309 radiusAccServTotalMalformedRequests OBJECT-TYPE 310 SYNTAX Counter32 311 MAX-ACCESS read-only 312 STATUS current 313 DESCRIPTION 314 "The number of malformed RADIUS Accounting-Request 315 packets received. Bad authenticators or unknown 316 types are not included as malformed Access-Requests." 317 ::= { radiusAccServ 9 } 319 radiusAccServTotalBadAuthenticators OBJECT-TYPE 320 SYNTAX Counter32 321 MAX-ACCESS read-only 322 STATUS current 323 DESCRIPTION 324 "The number of RADIUS Accounting-Request packets 325 which contained invalid Signature attributes." 326 ::= { radiusAccServ 10 } 328 radiusAccServTotalPacketsDropped OBJECT-TYPE 329 SYNTAX Counter32 330 MAX-ACCESS read-only 331 STATUS current 332 DESCRIPTION 333 "The number of incoming packets silently discarded 334 for a reason other than malformed, bad authenticators, 335 or unknown types." 336 ::= { radiusAccServ 11 } 338 radiusAccServTotalNoRecords OBJECT-TYPE 339 SYNTAX Counter32 340 MAX-ACCESS read-only 341 STATUS current 342 DESCRIPTION 343 "The number of RADIUS Accounting-Request packets 344 which were received and responded to but not 345 recorded." 346 ::= { radiusAccServ 12 } 348 radiusAccServTotalUnknownTypes OBJECT-TYPE 349 SYNTAX Counter32 350 MAX-ACCESS read-only 351 STATUS current 352 DESCRIPTION 353 "The number of RADIUS packets of unknowntype which 354 were received." 355 ::= { radiusAccServ 13 } 357 radiusAccClientTable OBJECT-TYPE 358 SYNTAX SEQUENCE OF RadiusAccClientEntry 359 MAX-ACCESS not-accessible 360 STATUS deprecated 361 DESCRIPTION 362 "The (conceptual) table listing the RADIUS accounting 363 clients with which the server shares a secret." 364 ::= { radiusAccServ 14 } 366 radiusAccClientEntry OBJECT-TYPE 367 SYNTAX RadiusAccClientEntry 368 MAX-ACCESS not-accessible 369 STATUS deprecated 370 DESCRIPTION 371 "An entry (conceptual row) representing a RADIUS 372 accounting client with which the server shares a 373 secret." 374 INDEX { radiusAccClientIndex } 375 ::= { radiusAccClientTable 1 } 377 RadiusAccClientEntry ::= SEQUENCE { 378 radiusAccClientIndex Integer32, 379 radiusAccClientAddress IpAddress, 380 radiusAccClientID SnmpAdminString, 381 radiusAccServPacketsDropped Counter32, 382 radiusAccServRequests Counter32, 383 radiusAccServDupRequests Counter32, 384 radiusAccServResponses Counter32, 385 radiusAccServBadAuthenticators Counter32, 386 radiusAccServMalformedRequests Counter32, 387 radiusAccServNoRecords Counter32, 388 radiusAccServUnknownTypes Counter32 389 } 391 radiusAccClientIndex OBJECT-TYPE 392 SYNTAX Integer32 (1..2147483647) 393 MAX-ACCESS not-accessible 394 STATUS deprecated 395 DESCRIPTION 396 "A number uniquely identifying each RADIUS accounting 397 client with which this server communicates." 399 ::= { radiusAccClientEntry 1 } 401 radiusAccClientAddress OBJECT-TYPE 402 SYNTAX IpAddress 403 MAX-ACCESS read-only 404 STATUS deprecated 405 DESCRIPTION 406 "The NAS-IP-Address of the RADIUS accounting client 407 referred to in this table entry." 408 ::= { radiusAccClientEntry 2 } 410 radiusAccClientID OBJECT-TYPE 411 SYNTAX SnmpAdminString 412 MAX-ACCESS read-only 413 STATUS deprecated 414 DESCRIPTION 415 "The NAS-Identifier of the RADIUS accounting client 416 referred to in this table entry. This is not 417 necessarily the same as sysName in MIB II." 418 ::= { radiusAccClientEntry 3 } 420 -- Server Counters 421 -- 422 -- Requests - DupRequests - BadAuthenticators - MalformedRequests - 423 -- UnknownTypes - PacketsDropped - Responses = Pending 424 -- 425 -- Requests - DupRequests - BadAuthenticators - MalformedRequests - 426 -- UnknownTypes - PacketsDropped - NoRecords = entries logged 428 radiusAccServPacketsDropped OBJECT-TYPE 429 SYNTAX Counter32 430 MAX-ACCESS read-only 431 STATUS deprecated 432 DESCRIPTION 433 "The number of incoming packets received 434 from this client and silently discarded 435 for a reason other than malformed, bad 436 authenticators, or unknown types." 437 ::= { radiusAccClientEntry 4 } 439 radiusAccServRequests OBJECT-TYPE 440 SYNTAX Counter32 441 MAX-ACCESS read-only 442 STATUS deprecated 443 DESCRIPTION 444 "The number of packets received from this 445 client on the accounting port." 446 ::= { radiusAccClientEntry 5 } 448 radiusAccServDupRequests OBJECT-TYPE 449 SYNTAX Counter32 450 MAX-ACCESS read-only 451 STATUS deprecated 452 DESCRIPTION 453 "The number of duplicate RADIUS Accounting-Request 454 packets received from this client." 455 ::= { radiusAccClientEntry 6 } 457 radiusAccServResponses OBJECT-TYPE 458 SYNTAX Counter32 459 MAX-ACCESS read-only 460 STATUS deprecated 461 DESCRIPTION 462 "The number of RADIUS Accounting-Response packets 463 sent to this client." 464 ::= { radiusAccClientEntry 7 } 466 radiusAccServBadAuthenticators OBJECT-TYPE 467 SYNTAX Counter32 468 MAX-ACCESS read-only 469 STATUS deprecated 470 DESCRIPTION 471 "The number of RADIUS Accounting-Request packets 472 which contained invalid authenticators received 473 from this client." 474 ::= { radiusAccClientEntry 8 } 476 radiusAccServMalformedRequests OBJECT-TYPE 477 SYNTAX Counter32 478 MAX-ACCESS read-only 479 STATUS deprecated 480 DESCRIPTION 481 "The number of malformed RADIUS Accounting-Request 482 packets which were received from this client. 483 Bad authenticators and unknown types 484 are not included as malformed Accounting-Requests." 485 ::= { radiusAccClientEntry 9 } 487 radiusAccServNoRecords OBJECT-TYPE 488 SYNTAX Counter32 489 MAX-ACCESS read-only 490 STATUS deprecated 491 DESCRIPTION 492 "The number of RADIUS Accounting-Request packets 493 which were received and responded to but not 494 recorded." 495 ::= { radiusAccClientEntry 10 } 497 radiusAccServUnknownTypes OBJECT-TYPE 498 SYNTAX Counter32 499 MAX-ACCESS read-only 500 STATUS deprecated 501 DESCRIPTION 502 "The number of RADIUS packets of unknown type which 503 were received from this client." 504 ::= { radiusAccClientEntry 11 } 506 -- Extended MIB Objects 508 radiusAccClientExtTable OBJECT-TYPE 509 SYNTAX SEQUENCE OF RadiusAccClientExtEntry 510 MAX-ACCESS not-accessible 511 STATUS current 512 DESCRIPTION 513 "The (conceptual) table listing the RADIUS accounting 514 clients with which the server shares a secret." 515 ::= { radiusAccServExt 1 } 517 radiusAccClientExtEntry OBJECT-TYPE 518 SYNTAX RadiusAccClientExtEntry 519 MAX-ACCESS not-accessible 520 STATUS current 521 DESCRIPTION 522 "An entry (conceptual row) representing a RADIUS 523 accounting client with which the server shares a 524 secret." 525 INDEX { radiusAccClientExtIndex } 526 ::= { radiusAccClientExtTable 1 } 528 RadiusAccClientExtEntry ::= SEQUENCE { 529 radiusAccClientExtIndex Integer32, 530 radiusAccClientInetAddressType InetAddressType, 531 radiusAccClientInetAddress InetAddress, 532 radiusAccClientExtID SnmpAdminString, 533 radiusAccServExtPacketsDropped Counter32, 534 radiusAccServExtRequests Counter32, 535 radiusAccServExtDupRequests Counter32, 536 radiusAccServExtResponses Counter32, 537 radiusAccServExtBadAuthenticators Counter32, 538 radiusAccServExtMalformedRequests Counter32, 539 radiusAccServExtNoRecords Counter32, 540 radiusAccServExtUnknownTypes Counter32 541 } 543 radiusAccClientExtIndex OBJECT-TYPE 544 SYNTAX Integer32 (1..2147483647) 545 MAX-ACCESS not-accessible 546 STATUS current 547 DESCRIPTION 548 "A number uniquely identifying each RADIUS accounting 549 client with which this server communicates." 550 ::= { radiusAccClientExtEntry 1 } 552 radiusAccClientInetAddressType OBJECT-TYPE 553 SYNTAX InetAddressType 554 MAX-ACCESS read-only 555 STATUS current 556 DESCRIPTION 557 "The type of address format used for the 558 radiusAccClientInetAddress object." 559 ::= { radiusAccClientExtEntry 2 } 561 radiusAccClientInetAddress OBJECT-TYPE 562 SYNTAX InetAddress 563 MAX-ACCESS read-only 564 STATUS current 565 DESCRIPTION 566 "The IP address of the RADIUS accounting 567 client referred to in this table entry, using 568 the IPv6 adddess format." 569 ::= { radiusAccClientExtEntry 3 } 571 radiusAccClientExtID OBJECT-TYPE 572 SYNTAX SnmpAdminString 573 MAX-ACCESS read-only 574 STATUS current 575 DESCRIPTION 576 "The NAS-Identifier of the RADIUS accounting client 577 referred to in this table entry. This is not 578 necessarily the same as sysName in MIB II." 579 ::= { radiusAccClientExtEntry 4 } 581 -- Server Counters 582 -- 583 -- Requests - DupRequests - BadAuthenticators - MalformedRequests - 584 -- UnknownTypes - PacketsDropped - Responses = Pending 585 -- 586 -- Requests - DupRequests - BadAuthenticators - MalformedRequests - 587 -- UnknownTypes - PacketsDropped - NoRecords = entries logged 589 radiusAccServExtPacketsDropped OBJECT-TYPE 590 SYNTAX Counter32 591 MAX-ACCESS read-only 592 STATUS current 593 DESCRIPTION 594 "The number of incoming packets received 595 from this client and silently discarded 596 for a reason other than malformed, bad 597 authenticators, or unknown types." 598 ::= { radiusAccClientExtEntry 5 } 600 radiusAccServExtRequests OBJECT-TYPE 601 SYNTAX Counter32 602 MAX-ACCESS read-only 603 STATUS current 604 DESCRIPTION 605 "The number of packets received from this 606 client on the accounting port." 607 ::= { radiusAccClientExtEntry 6 } 609 radiusAccServExtDupRequests OBJECT-TYPE 610 SYNTAX Counter32 611 MAX-ACCESS read-only 612 STATUS current 613 DESCRIPTION 614 "The number of duplicate RADIUS Accounting-Request 615 packets received from this client." 616 ::= { radiusAccClientExtEntry 7 } 618 radiusAccServExtResponses OBJECT-TYPE 619 SYNTAX Counter32 620 MAX-ACCESS read-only 621 STATUS current 622 DESCRIPTION 623 "The number of RADIUS Accounting-Response packets 624 sent to this client." 625 ::= { radiusAccClientExtEntry 8 } 627 radiusAccServExtBadAuthenticators OBJECT-TYPE 628 SYNTAX Counter32 629 MAX-ACCESS read-only 630 STATUS current 631 DESCRIPTION 632 "The number of RADIUS Accounting-Request packets 633 which contained invalid authenticators received 634 from this client." 635 ::= { radiusAccClientExtEntry 9 } 637 radiusAccServExtMalformedRequests OBJECT-TYPE 638 SYNTAX Counter32 639 MAX-ACCESS read-only 640 STATUS current 641 DESCRIPTION 642 "The number of malformed RADIUS Accounting-Request 643 packets which were received from this client. 644 Bad authenticators and unknown types 645 are not included as malformed Accounting-Requests." 646 ::= { radiusAccClientExtEntry 10 } 648 radiusAccServExtNoRecords OBJECT-TYPE 649 SYNTAX Counter32 650 MAX-ACCESS read-only 651 STATUS current 652 DESCRIPTION 653 "The number of RADIUS Accounting-Request packets 654 which were received and responded to but not 655 recorded." 656 ::= { radiusAccClientExtEntry 11 } 658 radiusAccServExtUnknownTypes OBJECT-TYPE 659 SYNTAX Counter32 660 MAX-ACCESS read-only 661 STATUS current 662 DESCRIPTION 663 "The number of RADIUS packets of unknown type which 664 were received from this client." 665 ::= { radiusAccClientExtEntry 12 } 667 -- conformance information 669 radiusAccServMIBConformance OBJECT IDENTIFIER 670 ::= { radiusAccServMIB 2 } 672 radiusAccServMIBCompliances OBJECT IDENTIFIER 673 ::= { radiusAccServMIBConformance 1 } 675 radiusAccServMIBGroups OBJECT IDENTIFIER 676 ::= { radiusAccServMIBConformance 2 } 678 radiusAccServExtMIBConformance OBJECT IDENTIFIER 679 ::= { radiusAccServExtMIB 2 } 681 radiusAccServExtMIBCompliances OBJECT IDENTIFIER 682 ::= { radiusAccServExtMIBConformance 1 } 684 radiusAccServExtMIBGroups OBJECT IDENTIFIER 685 ::= { radiusAccServExtMIBConformance 2 } 687 -- compliance statements 689 radiusAccServMIBCompliance MODULE-COMPLIANCE 690 STATUS deprecated 691 DESCRIPTION 692 "The compliance statement for accounting servers 693 implementing the RADIUS Accounting Server MIB." 694 MODULE -- this module 695 MANDATORY-GROUPS { radiusAccServMIBGroup } 697 OBJECT radiusAccServConfigReset 698 WRITE-SYNTAX INTEGER { reset(2) } 699 DESCRIPTION "The only SETable value is 'reset' (2)." 701 ::= { radiusAccServMIBCompliances 1 } 703 radiusAccServExtMIBCompliance MODULE-COMPLIANCE 704 STATUS current 705 DESCRIPTION 706 "The compliance statement for accounting servers 707 implementing the RADIUS Accounting Server MIB." 708 MODULE -- this module 709 MANDATORY-GROUPS { radiusAccServExtMIBGroup } 711 OBJECT radiusAccServConfigReset 712 WRITE-SYNTAX INTEGER { reset(2) } 713 DESCRIPTION "The only SETable value is 'reset' (2)." 715 ::= { radiusAccServExtMIBCompliances 1 } 717 -- units of conformance 719 radiusAccServMIBGroup OBJECT-GROUP 720 OBJECTS {radiusAccServIdent, 721 radiusAccServUpTime, 722 radiusAccServResetTime, 723 radiusAccServConfigReset, 724 radiusAccServTotalRequests, 725 radiusAccServTotalInvalidRequests, 726 radiusAccServTotalDupRequests, 727 radiusAccServTotalResponses, 728 radiusAccServTotalMalformedRequests, 729 radiusAccServTotalBadAuthenticators, 730 radiusAccServTotalPacketsDropped, 731 radiusAccServTotalNoRecords, 732 radiusAccServTotalUnknownTypes, 733 radiusAccClientAddress, 734 radiusAccClientID, 735 radiusAccServPacketsDropped, 736 radiusAccServRequests, 737 radiusAccServDupRequests, 738 radiusAccServResponses, 739 radiusAccServBadAuthenticators, 740 radiusAccServMalformedRequests, 741 radiusAccServNoRecords, 742 radiusAccServUnknownTypes 743 } 744 STATUS deprecated 745 DESCRIPTION 746 "The collection of objects providing management of 747 a RADIUS Accounting Server." 748 ::= { radiusAccServMIBGroups 1 } 750 radiusAccServExtMIBGroup OBJECT-GROUP 751 OBJECTS {radiusAccServIdent, 752 radiusAccServUpTime, 753 radiusAccServResetTime, 754 radiusAccServConfigReset, 755 radiusAccServTotalRequests, 756 radiusAccServTotalInvalidRequests, 757 radiusAccServTotalDupRequests, 758 radiusAccServTotalResponses, 759 radiusAccServTotalMalformedRequests, 760 radiusAccServTotalBadAuthenticators, 761 radiusAccServTotalPacketsDropped, 762 radiusAccServTotalNoRecords, 763 radiusAccServTotalUnknownTypes, 764 radiusAccClientInetAddressType, 765 radiusAccClientInetAddress, 766 radiusAccClientExtID, 767 radiusAccServExtPacketsDropped, 768 radiusAccServExtRequests, 769 radiusAccServExtDupRequests, 770 radiusAccServExtResponses, 771 radiusAccServExtBadAuthenticators, 772 radiusAccServExtMalformedRequests, 773 radiusAccServExtNoRecords, 774 radiusAccServExtUnknownTypes 775 } 776 STATUS current 777 DESCRIPTION 778 "The collection of objects providing management of 779 a RADIUS Accounting Server." 780 ::= { radiusAccServExtMIBGroups 1 } 782 END 784 8. IANA Considerations 786 This document requires IANA assignment of a number in the MIB-2 OID 787 number space. 789 9. Security Considerations 791 There are no management objects defined in this MIB that have a MAX- 792 ACCESS clause of read-write and/or read-create. So, if this MIB is 793 implemented correctly, then there is no risk that an intruder can 794 alter or create any management objects of this MIB via direct SNMP 795 SET operations. 797 There are a number of managed objects in this MIB that may contain 798 sensitive information. These are: 800 radiusAccClientIPAddress This can be used to determine the address of 801 the RADIUS accounting client with which the server is 802 communicating. This information could be useful in mounting an 803 attack on the accounting client. 804 radiusAccClientInetAddress This can be used to determine the address 805 of the RADIUS accounting client with which the server is 806 communicating. This information could be useful in mounting an 807 attack on the accounting client. 809 It is thus important to control even GET access to these objects and 810 possibly to even encrypt the values of these object when sending them 811 over the network via SNMP. Not all versions of SNMP provide features 812 for such a secure environment. 814 SNMP versions prior to SNMPv3 do not provide a secure environment. 815 Even if the network itself is secure (for example by using IPSec), 816 there is no control as to who on the secure network is allowed to 817 access and GET/SET (read/change/create/delete) the objects in this 818 MIB. 820 It is recommended that the implementers consider the security 821 features as provided by the SNMPv3 framework. Specifically, the use 822 of the User-based Security Model [RFC2574] and the View-based Access 823 Control Model [RFC2575] is recommended. Using these security 824 features, customer/users can give access to the objects only to those 825 principals (users) that have legitimate rights to GET or SET (change/ 826 create/delete) them. 828 10. References 830 10.1 Normative References 832 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 833 Requirement Levels", BCP 14, RFC 2119, March 1997. 835 [RFC2574] Blumenthal, U. and B. Wijnen, "User-based Security Model 836 (USM) for version 3 of the Simple Network Management 837 Protocol (SNMPv3)", RFC 2574, April 1999. 839 [RFC2575] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based 840 Access Control Model (VACM) for the Simple Network 841 Management Protocol (SNMP)", RFC 2575, April 1999. 843 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 844 Schoenwaelder, Ed., "Structure of Management Information 845 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 847 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 848 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 849 STD 58, RFC 2579, April 1999. 851 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 852 "Conformance Statements for SMIv2", STD 58, RFC 2580, 853 April 1999. 855 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 856 "Introduction and Applicability Statements for Internet- 857 Standard Management Framework", RFC 3410, December 2002. 859 [RFC3418] Presuhn, R., "Management Information Base (MIB) for the 860 Simple Network Management Protocol (SNMP)", STD 62, 861 RFC 3418, December 2002. 863 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 864 Schoenwaelder, "Textual Conventions for Internet Network 865 Addresses", RFC 4001, February 2005. 867 10.2 Informative References 869 [RFC2621] Zorn, G. and B. Aboba, "RADIUS Accounting Server MIB", 870 RFC 2621, June 1999. 872 [RFC2866] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000. 874 Author's Address 876 David B. Nelson 877 Enterasys Networks 878 50 Minuteman Road 879 Andover, MA 01810 880 USA 882 Email: dnelson@enterasys.com 884 Appendix A. Acknowledgments 886 The Authors of the original MIB are Bernard Aboba and Glen Zorn. 888 Many thanks to all reviewers, especially to Dave Harrington, Dan 889 Romascanu, C.M. Heard, Bruno Pape and Greg Weber. 891 Intellectual Property Statement 893 The IETF takes no position regarding the validity or scope of any 894 Intellectual Property Rights or other rights that might be claimed to 895 pertain to the implementation or use of the technology described in 896 this document or the extent to which any license under such rights 897 might or might not be available; nor does it represent that it has 898 made any independent effort to identify any such rights. Information 899 on the procedures with respect to rights in RFC documents can be 900 found in BCP 78 and BCP 79. 902 Copies of IPR disclosures made to the IETF Secretariat and any 903 assurances of licenses to be made available, or the result of an 904 attempt made to obtain a general license or permission for the use of 905 such proprietary rights by implementers or users of this 906 specification can be obtained from the IETF on-line IPR repository at 907 http://www.ietf.org/ipr. 909 The IETF invites any interested party to bring to its attention any 910 copyrights, patents or patent applications, or other proprietary 911 rights that may cover technology that may be required to implement 912 this standard. Please address the information to the IETF at 913 ietf-ipr@ietf.org. 915 Disclaimer of Validity 917 This document and the information contained herein are provided on an 918 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 919 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 920 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 921 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 922 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 923 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 925 Copyright Statement 927 Copyright (C) The Internet Society (2005). This document is subject 928 to the rights, licenses and restrictions contained in BCP 78, and 929 except as set forth therein, the authors retain all their rights. 931 Acknowledgment 933 Funding for the RFC Editor function is currently provided by the 934 Internet Society.