< draft-ietf-radext-dynauth-server-mib-05.txt   draft-ietf-radext-dynauth-server-mib-06.txt >
Network Working Group S. De Cnodder Network Working Group S. De Cnodder
Internet-Draft Alcatel Internet-Draft Alcatel
Expires: September 30, 2006 N. Jonnala Expires: December 17, 2006 N. Jonnala
M. Chiba M. Chiba
Cisco Systems, Inc. Cisco Systems, Inc.
March 29, 2006 June 15, 2006
Dynamic Authorization Server MIB Dynamic Authorization Server MIB
draft-ietf-radext-dynauth-server-mib-05.txt draft-ietf-radext-dynauth-server-mib-06.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 36 skipping to change at page 1, line 36
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on September 30, 2006. This Internet-Draft will expire on December 17, 2006.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2006). Copyright (C) The Internet Society (2006).
Abstract Abstract
This memo defines a portion of the Management Information Base (MIB) This memo defines a portion of the Management Information Base (MIB)
for use with network management protocols in the Internet community. for use with network management protocols in the Internet community.
In particular, it describes the Remote Authentication Dial In User In particular, it describes the Remote Authentication Dial In User
skipping to change at page 3, line 19 skipping to change at page 3, line 19
It is becoming increasingly important to support Dynamic It is becoming increasingly important to support Dynamic
Authorization extensions on the network access server (NAS) devices Authorization extensions on the network access server (NAS) devices
to handle the Disconnect and Change-of-Authorization (CoA) messages to handle the Disconnect and Change-of-Authorization (CoA) messages
as described in [RFC3576]. As a result, the effective management of as described in [RFC3576]. As a result, the effective management of
RADIUS Dynamic Authorization entities is of considerable importance. RADIUS Dynamic Authorization entities is of considerable importance.
This RADIUS Dynamic Authorization Server (DAS) MIB complements the This RADIUS Dynamic Authorization Server (DAS) MIB complements the
managed objects used for managing RADIUS authentication and managed objects used for managing RADIUS authentication and
accounting clients as described in [RFC2618bis] and [RFC2620bis], accounting clients as described in [RFC2618bis] and [RFC2620bis],
respectively. respectively.
-- RFC Ed.: references [DYNSERV], [RFC2618bis], [RFC2619bis], -- RFC Ed.: references [DYNCLNT], [RFC2618bis], [RFC2619bis],
-- [RFC2620bis], and [RFC2621bis] should be replaced by -- [RFC2620bis], and [RFC2621bis] should be replaced by
-- references to the corresponding RFC. -- references to the corresponding RFC.
1.1. Requirements notation 1.1. Requirements notation
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
1.2. Terminology 1.2. Terminology
skipping to change at page 6, line 19 skipping to change at page 6, line 19
| Server |--------------------->| Client | | Server |--------------------->| Client |
User 3----| (DAS) | Disconnect-Ack | (DAC) | User 3----| (DAS) | Disconnect-Ack | (DAC) |
| | Disconnect-NAK | | | | Disconnect-NAK | |
+---------------+ CoA-Ack/CoA-NAK +---------------+ +---------------+ CoA-Ack/CoA-NAK +---------------+
Figure 1: Mapping of clients and servers. Figure 1: Mapping of clients and servers.
This MIB module for the Dynamic Authorization Server contains the This MIB module for the Dynamic Authorization Server contains the
following: following:
1. Four scalar objects, and 1. Three scalar objects, and
2. One Dynamic Authorization Client Table. This table contains one 2. One Dynamic Authorization Client Table. This table contains one
row for each DAC with which the DAS shares a secret. row for each DAC with which the DAS shares a secret.
4. RADIUS Dynamic Authorization Server MIB Definitions 4. RADIUS Dynamic Authorization Server MIB Definitions
RADIUS-DYNAUTH-SERVER-MIB DEFINITIONS ::= BEGIN RADIUS-DYNAUTH-SERVER-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, MODULE-IDENTITY, OBJECT-TYPE,
Counter32, Integer32, mib-2, Counter32, Integer32, mib-2,
TimeTicks FROM SNMPv2-SMI -- [RFC2578] TimeTicks FROM SNMPv2-SMI -- [RFC2578]
SnmpAdminString FROM SNMP-FRAMEWORK-MIB -- [RFC3411] SnmpAdminString FROM SNMP-FRAMEWORK-MIB -- [RFC3411]
InetAddressType, InetAddressType,
InetAddress FROM INET-ADDRESS-MIB -- [RFC4001] InetAddress FROM INET-ADDRESS-MIB -- [RFC4001]
MODULE-COMPLIANCE, MODULE-COMPLIANCE,
OBJECT-GROUP FROM SNMPv2-CONF; -- [RFC2580] OBJECT-GROUP FROM SNMPv2-CONF; -- [RFC2580]
radiusDynAuthServerMIB MODULE-IDENTITY radiusDynAuthServerMIB MODULE-IDENTITY
LAST-UPDATED "200603220000Z" -- 22 March 2006 LAST-UPDATED "200606060000Z" -- 6 June 2006
ORGANIZATION "IETF RADEXT Working Group" ORGANIZATION "IETF RADEXT Working Group"
CONTACT-INFO CONTACT-INFO
" Stefaan De Cnodder " Stefaan De Cnodder
Alcatel Alcatel
Francis Wellesplein 1 Francis Wellesplein 1
B-2018 Antwerp B-2018 Antwerp
Belgium Belgium
Phone: +32 3 240 85 15 Phone: +32 3 240 85 15
EMail: stefaan.de_cnodder@alcatel.be EMail: stefaan.de_cnodder@alcatel.be
skipping to change at page 8, line 10 skipping to change at page 8, line 10
DESCRIPTION DESCRIPTION
"The MIB module for entities implementing the server "The MIB module for entities implementing the server
side of the Dynamic Authorization Extensions to Remote side of the Dynamic Authorization Extensions to Remote
Authentication Dial In User Service (RADIUS) protocol. Authentication Dial In User Service (RADIUS) protocol.
Copyright (C) The Internet Society (2006). Initial Copyright (C) The Internet Society (2006). Initial
version as published in RFC yyyy; version as published in RFC yyyy;
for full legal notices see the RFC itself." for full legal notices see the RFC itself."
-- RFC Ed.: replace yyyy with actual RFC number & remove this note -- RFC Ed.: replace yyyy with actual RFC number & remove this note
REVISION "200603220000Z" -- 22 March 2006 REVISION "200606060000Z" -- 6 June 2006
DESCRIPTION "Initial version as published in RFC yyyy." DESCRIPTION "Initial version as published in RFC yyyy."
-- RFC Ed.: replace yyyy with actual RFC number & remove this note -- RFC Ed.: replace yyyy with actual RFC number & remove this note
::= { mib-2 xxx } ::= { mib-2 xxx }
-- The value xxx to be assigned by IANA. -- The value xxx to be assigned by IANA.
radiusDynAuthServerMIBObjects OBJECT IDENTIFIER ::= radiusDynAuthServerMIBObjects OBJECT IDENTIFIER ::=
{ radiusDynAuthServerMIB 1 } { radiusDynAuthServerMIB 1 }
radiusDynAuthServerScalars OBJECT IDENTIFIER ::= radiusDynAuthServerScalars OBJECT IDENTIFIER ::=
{ radiusDynAuthServerMIBObjects 1 } { radiusDynAuthServerMIBObjects 1 }
skipping to change at page 9, line 9 skipping to change at page 9, line 9
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The NAS-Identifier of the RADIUS Dynamic Authorization "The NAS-Identifier of the RADIUS Dynamic Authorization
Server. This is not necessarily the same as sysName in Server. This is not necessarily the same as sysName in
MIB II." MIB II."
REFERENCE REFERENCE
"RFC 2865, Section 5.32, NAS-Identifier." "RFC 2865, Section 5.32, NAS-Identifier."
::= { radiusDynAuthServerScalars 3 } ::= { radiusDynAuthServerScalars 3 }
radiusDynAuthServerCounterDiscontinuity OBJECT-TYPE
SYNTAX TimeTicks
UNITS "hundredths of a second"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The time (in hundredths of a second) since the
DAS module was last re-initialized."
::= { radiusDynAuthServerScalars 4 }
radiusDynAuthClientTable OBJECT-TYPE radiusDynAuthClientTable OBJECT-TYPE
SYNTAX SEQUENCE OF RadiusDynAuthClientEntry SYNTAX SEQUENCE OF RadiusDynAuthClientEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The (conceptual) table listing the RADIUS Dynamic "The (conceptual) table listing the RADIUS Dynamic
Authorization Clients with which the server shares a Authorization Clients with which the server shares a
secret." secret."
::= { radiusDynAuthServerMIBObjects 2 } ::= { radiusDynAuthServerMIBObjects 2 }
skipping to change at page 10, line 17 skipping to change at page 10, line 7
radiusDynAuthServCoAAuthOnlyRequests Counter32, radiusDynAuthServCoAAuthOnlyRequests Counter32,
radiusDynAuthServDupCoARequests Counter32, radiusDynAuthServDupCoARequests Counter32,
radiusDynAuthServCoAAcks Counter32, radiusDynAuthServCoAAcks Counter32,
radiusDynAuthServCoANaks Counter32, radiusDynAuthServCoANaks Counter32,
radiusDynAuthServCoANakAuthOnlyRequests Counter32, radiusDynAuthServCoANakAuthOnlyRequests Counter32,
radiusDynAuthServCoANakSessNoContext Counter32, radiusDynAuthServCoANakSessNoContext Counter32,
radiusDynAuthServCoAUserSessChanged Counter32, radiusDynAuthServCoAUserSessChanged Counter32,
radiusDynAuthServMalformedCoARequests Counter32, radiusDynAuthServMalformedCoARequests Counter32,
radiusDynAuthServCoABadAuthenticators Counter32, radiusDynAuthServCoABadAuthenticators Counter32,
radiusDynAuthServCoAPacketsDropped Counter32, radiusDynAuthServCoAPacketsDropped Counter32,
radiusDynAuthServUnknownTypes Counter32 radiusDynAuthServUnknownTypes Counter32,
radiusDynAuthServerCounterDiscontinuity TimeTicks
} }
radiusDynAuthClientIndex OBJECT-TYPE radiusDynAuthClientIndex OBJECT-TYPE
SYNTAX Integer32 (1..2147483647) SYNTAX Integer32 (1..2147483647)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A number uniquely identifying each RADIUS Dynamic "A number uniquely identifying each RADIUS Dynamic
Authorization Client with which this Dynamic Authorization Client with which this Dynamic
Authorization Server communicates. This number is Authorization Server communicates. This number is
skipping to change at page 19, line 23 skipping to change at page 19, line 14
DESCRIPTION DESCRIPTION
"The number of incoming packets of unknown types which "The number of incoming packets of unknown types which
were received on the Dynamic Authorization port. This were received on the Dynamic Authorization port. This
counter may experience a discontinuity when the DAS counter may experience a discontinuity when the DAS
module (re)starts as indicated by the value of module (re)starts as indicated by the value of
radiusDynAuthServerCounterDiscontinuity." radiusDynAuthServerCounterDiscontinuity."
REFERENCE REFERENCE
"RFC 3576, Section 2.3, Packet Format." "RFC 3576, Section 2.3, Packet Format."
::= { radiusDynAuthClientEntry 26 } ::= { radiusDynAuthClientEntry 26 }
radiusDynAuthServerCounterDiscontinuity OBJECT-TYPE
SYNTAX TimeTicks
UNITS "hundredths of a second"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The time (in hundredths of a second) since the
last counter discontinuity. A discontinuity may
be the result of a reinitialization of the DAS
module within the managed entity."
::= { radiusDynAuthClientEntry 27 }
-- conformance information -- conformance information
radiusDynAuthServerMIBConformance radiusDynAuthServerMIBConformance
OBJECT IDENTIFIER ::= { radiusDynAuthServerMIB 2 } OBJECT IDENTIFIER ::= { radiusDynAuthServerMIB 2 }
radiusDynAuthServerMIBCompliances radiusDynAuthServerMIBCompliances
OBJECT IDENTIFIER ::= { radiusDynAuthServerMIBConformance 1 } OBJECT IDENTIFIER ::= { radiusDynAuthServerMIBConformance 1 }
radiusDynAuthServerMIBGroups radiusDynAuthServerMIBGroups
OBJECT IDENTIFIER ::= { radiusDynAuthServerMIBConformance 2 } OBJECT IDENTIFIER ::= { radiusDynAuthServerMIBConformance 2 }
-- compliance statements -- compliance statements
skipping to change at page 20, line 29 skipping to change at page 20, line 33
proxy)." proxy)."
::= { radiusDynAuthServerMIBCompliances 1 } ::= { radiusDynAuthServerMIBCompliances 1 }
-- units of conformance -- units of conformance
radiusDynAuthServerMIBGroup OBJECT-GROUP radiusDynAuthServerMIBGroup OBJECT-GROUP
OBJECTS { radiusDynAuthServerDisconInvalidClientAddresses, OBJECTS { radiusDynAuthServerDisconInvalidClientAddresses,
radiusDynAuthServerCoAInvalidClientAddresses, radiusDynAuthServerCoAInvalidClientAddresses,
radiusDynAuthServerIdentifier, radiusDynAuthServerIdentifier,
radiusDynAuthServerCounterDiscontinuity,
radiusDynAuthClientAddressType, radiusDynAuthClientAddressType,
radiusDynAuthClientAddress, radiusDynAuthClientAddress,
radiusDynAuthServDisconRequests, radiusDynAuthServDisconRequests,
radiusDynAuthServDupDisconRequests, radiusDynAuthServDupDisconRequests,
radiusDynAuthServDisconAcks, radiusDynAuthServDisconAcks,
radiusDynAuthServDisconNaks, radiusDynAuthServDisconNaks,
radiusDynAuthServDisconUserSessRemoved, radiusDynAuthServDisconUserSessRemoved,
radiusDynAuthServMalformedDisconRequests, radiusDynAuthServMalformedDisconRequests,
radiusDynAuthServDisconBadAuthenticators, radiusDynAuthServDisconBadAuthenticators,
radiusDynAuthServDisconPacketsDropped, radiusDynAuthServDisconPacketsDropped,
radiusDynAuthServCoARequests, radiusDynAuthServCoARequests,
radiusDynAuthServDupCoARequests, radiusDynAuthServDupCoARequests,
radiusDynAuthServCoAAcks, radiusDynAuthServCoAAcks,
radiusDynAuthServCoANaks, radiusDynAuthServCoANaks,
radiusDynAuthServCoAUserSessChanged, radiusDynAuthServCoAUserSessChanged,
radiusDynAuthServMalformedCoARequests, radiusDynAuthServMalformedCoARequests,
radiusDynAuthServCoABadAuthenticators, radiusDynAuthServCoABadAuthenticators,
radiusDynAuthServCoAPacketsDropped, radiusDynAuthServCoAPacketsDropped,
radiusDynAuthServUnknownTypes radiusDynAuthServUnknownTypes,
radiusDynAuthServerCounterDiscontinuity
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The collection of objects providing management of "The collection of objects providing management of
a RADIUS Dynamic Authorization Server." a RADIUS Dynamic Authorization Server."
::= { radiusDynAuthServerMIBGroups 1 } ::= { radiusDynAuthServerMIBGroups 1 }
radiusDynAuthServerAuthOnlyGroup OBJECT-GROUP radiusDynAuthServerAuthOnlyGroup OBJECT-GROUP
OBJECTS { radiusDynAuthServDisconAuthOnlyRequests, OBJECTS { radiusDynAuthServDisconAuthOnlyRequests,
radiusDynAuthServDisconNakAuthOnlyRequests, radiusDynAuthServDisconNakAuthOnlyRequests,
 End of changes. 13 change blocks. 
21 lines changed or deleted 24 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/