idnits 2.17.1 draft-ietf-dhc-server-mib-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? == The page length should not exceed 58 lines per page, but there was 36 longer pages, the longest (page 2) being 65 lines == It seems as if not all pages are separated by form feeds - found 0 form feeds but 37 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 328 instances of too long lines in the document, the longest one being 5 characters in excess of 72. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 96: '...ftware. Servers MAY also provide addi...' RFC 2119 keyword, line 255: '... The first case MAY occur when a serv...' RFC 2119 keyword, line 256: '...own good" state, and a manager MUST be...' RFC 2119 keyword, line 263: '...start, a manager MUST discard data fro...' RFC 2119 keyword, line 266: '... The third case SHOULD arise only if ...' (25 more instances...) Miscellaneous warnings: ---------------------------------------------------------------------------- -- The exact meaning of the all-uppercase expression 'MAY NOT' is not defined in RFC 2119. If it is intended as a requirements expression, it should be rewritten using one of the combinations defined in RFC 2119; otherwise it should not be all-uppercase. == The expression 'MAY NOT', while looking like RFC 2119 requirements text, is not defined in RFC 2119, and should not be used. Consider using 'MUST NOT' instead (if that is what you mean). Found 'MAY NOT' in this paragraph: The third case SHOULD arise only if agents take periodic snapshots at different intervals than responding to a GET request. While the counts reported in the first GET response following the outage were accurate at some time, they MAY NOT be completely current. If this occurs, the manager MAY have to accept that data has been lost, perhaps discarding accumulated data, and continue. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 2004) is 7375 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC2287' is mentioned on line 97, but not defined == Missing Reference: 'RFC2119' is mentioned on line 102, but not defined == Unused Reference: 'RFC2131' is defined on line 1602, but no explicit reference was found in the text == Unused Reference: 'RFC2132' is defined on line 1605, but no explicit reference was found in the text == Unused Reference: 'RFC3203' is defined on line 1621, but no explicit reference was found in the text Summary: 4 errors (**), 0 flaws (~~), 8 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group Barr Hibbs 3 INTERNET-DRAFT (no affiliation) 4 Category: Standards Track Glenn Waters 5 Nortel Networks 6 February 2004 8 Dynamic Host Configuration Protocol for IPv4 (DHCPv4) Server MIB 10 11 Saved Friday, February 06, 2004, 4:33:38 PM 13 Status of this Memo 15 This document is an Internet-Draft and is in full conformance with 16 all provisions of Section 10 of RFC2026. 18 Internet-Drafts are working documents of the Internet Engineering 19 Task Force (IETF), its areas, and its working groups. Note that 20 other groups may also distribute working documents as Internet- 21 Drafts. 23 Internet-Drafts are draft documents valid for a maximum of six months 24 and may be updated, replaced, or made obsolete by other documents at 25 any time. It is inappropriate to use Internet-Drafts as reference 26 material or to cite them other than as "work in progress." 28 The list of current Internet-Drafts can be accessed at 29 http://www.ietf.org/1id-abstracts.html. 31 The list of Internet-Draft Shadow Directories can be accessed at 32 http://www.ietf.org/shadow.html. 34 Copyright Notice 36 Copyright (C), 2003, The Internet Society. All Rights Reserved. 38 Abstract 40 This memo defines an experimental portion of the Management 41 Information Base (MIB) for use with network management protocols in 42 the Internet Community. In particular, it defines objects used for 43 the management of Dynamic Host Configuration Protocol for IPv4 44 (DHCPv4) and Bootstrap Protocol (BOOTP) servers. 46 Table of Contents 48 1. Introduction...................................................2 49 2. The Internet-Standard Management Framework.....................3 50 3. Overview.......................................................3 51 3.1. Relationship to Other MIBs.................................4 52 3.1.1. DHCP MIB Extensions....................................4 53 3.1.2. Host System MIB Extensions.............................4 54 3.1.3. DHCP Client MIB Extensions.............................4 55 3.1.4. DHCP Relay Agent MIB Extensions........................5 56 3.1.5. DHCPv6 MIB Extensions..................................5 57 3.2. Textual Conventions Introduced in this MIB.................5 58 3.2.1. Dhcpv4PhysicalAddress..................................5 59 3.3. BOOTP and DHCP Counter Groups..............................5 60 3.3.1. Discontinuities........................................6 61 3.3.2. Counter Rollover.......................................7 62 3.4. Server Configuration Group.................................7 63 4. Definitions....................................................9 64 5. Intellectual Property.........................................33 65 6. Acknowledgements..............................................33 66 7. IANA Considerations...........................................33 67 8. Security Considerations.......................................34 68 9. References....................................................35 69 9.1. Normative References......................................35 70 9.2. Informative References....................................35 71 10. Editors' Addresses...........................................36 72 11. Full Copyright Statement.....................................36 74 1. Introduction 76 This memo is a product of the DHCP Working Group and defines a 77 portion of the Management Information Base (MIB) for use with 78 network management protocols in the Internet community. In 79 particular, it describes a set of extensions that DHCPv4 and 80 Bootstrap Protocol (BOOTP) servers implement. Many implementations 81 support both DHCPv4 and BOOTP within a single server and hence this 82 memo describes the MIB for both DHCPv4 and BOOTP servers. 84 This memo does not cover DHCPv4/BOOTP client nor relay agent MIB 85 extensions: these are possibly the subjects of future investigation 86 [see discussion in section 3.1.] Also excluded from this MIB 87 extension in the interest of simplicity are DHCP Dynamic DNS 88 Updating, Failover, Authentication, and Load Balancing: these 89 functions and features could be subjects of future MIB extensions. 90 Provision is also made for Standards-Track additions to the DHCP 91 Message Type (option 61.) 92 This memo is based on the Internet-standard Network Management 93 Framework as defined by documents [RFC2578, RFC2579, RFC2580]. 95 Objects defined in this MIB allow access to and control of DHCP 96 Server Software. Servers MAY also provide additional management 97 capabilities using the Applications MIB [RFC2287]. 99 The key words "MUST," "MUST NOT," "REQUIRED," "SHALL," "SHALL NOT," 100 "SHOULD," "SHOULD NOT," "RECOMMENDED," "MAY," and "OPTIONAL" in 101 this document are to be interpreted as described in [RFC2119]. 103 2. The Internet-Standard Management Framework 105 For a detailed overview of the documents that describe the current 106 Internet-Standard Management Framework, please refer to section 7 of 107 RFC 3410 [RFC3410], Managed objects are accessed via a virtual 108 information store, termed the Management Information Base or MIB. 109 MIB objects are generally accessed through the Simple Network 110 Management Protocol (SNMP). Objects in the MIB are defined using 111 the mechanisms defined in the Structure of Management Information 112 (SMI). This memo specifies a MIB module that is compliant to the 113 SMIv2, which is described in STD 58, [RFC2578], STD 58, [RFC2579] 114 and STD 58, [RFC2580]. 116 3. Overview 118 In the tradition of the Simple Network Management Protocol (SNMP), 119 the minimum number of objects possible is defined in this MIB, while 120 still providing as rich a set of management information as possible. 121 An object is left out of this MIB when it can be derived from other 122 objects that are provided. Further to the tradition of the SNMP, 123 computationally intense operations are left to the domain of the 124 management station. Thus, this MIB provides a set of objects from 125 which other management information can be derived. 127 Provision for future extensions to cover DHCPv4 clients and relay 128 agents, and DHCPv6 extensions are implied by the top-level structure 129 illustrated in section 3.1.1. 131 The examples provided in sections 3.3 through 3.5 are not meant to 132 be comprehensive but are illustrative of the potential uses of the 133 objects defined by this MIB. 135 3.1. Relationship to Other MIBs 137 3.1.1. DHCP MIB Extensions 139 The DHCP MIB extensions will be the "dhcp" branch of the standard 140 MIB-2 tree, as illustrated by the following diagram: 142 +-------+ 143 | MIB-2 | 144 +---+---+ 145 | 146 | 147 +---+---+ 148 | dhcp | 149 +---+---+ 150 | 151 | 152 +--------------+---------------+----------------+ 153 | | | | 154 +-----+-----+ +-----+----+ +-------+-------+ +-----+-----+ 155 | dhcp-v4 | | dhcp-v4 | | dhcp-v4 | |dhcp-v6 MIB| 156 |Server MIB | |Client MIB| |Relay Agent MIB| |Extensions | 157 |(this memo)| | (future) | | (future work) | | (future) | 158 +-----------+ +----------+ +---------------+ +-----------+ 160 The DHCP MIBs share a common branching point but will be 161 independently defined by individual memos. 163 3.1.2. Host System MIB Extensions 165 The Host System MIB [RFC1123] provides for information, command, and 166 control of the host computer system on which a DHCP server resides. 167 The DHCP Server MIB specifically does not include any objects that 168 may be accessible using the Host System MIB. 170 3.1.3. DHCP Client MIB Extensions 172 Development of this set of MIB extensions is a natural path given 173 the increasing interest in desktop and client system management. It 174 will share a common branch point in the MIB tree with the other DHCP 175 MIB Extensions, and may use many of the same textual conventions. 177 3.1.4. DHCP Relay Agent MIB Extensions 179 If this set of MIB extensions is ever developed, it will share a 180 common branch point in the MIB tree with the other DHCP MIB 181 Extensions, and will use many of the same textual conventions. 183 3.1.5. DHCPv6 MIB Extensions 185 If this set of MIB extensions is ever developed, it will share a 186 common branch point in the MIB tree with the other DHCP MIB 187 Extensions, and will likely use very different textual conventions 188 as the protocol differs significantly from DHCPv4. 190 3.2. Textual Conventions Introduced in this MIB 192 One conceptual data type has been introduced in this document. No 193 changes to the SMI or SNMP are necessary to support this convention. 195 3.2.1. Dhcpv4PhysicalAddress 197 This data type contains the type of hardware address represented by 198 MacAddress, as defined for ARP messages, the length in octets of 199 MacAddress, and the actual layer 1 hardware address. 201 3.3. BOOTP and DHCP Counter Groups 203 This section describes some of the management information that can 204 be derived from the objects provided in the counter groups. 206 In this context, a "valid" packet is one which has an identifiable 207 message type and has passed all format and validation checks that 208 the DHCP server implements. Not all servers validate received 209 packets in the same way, so there will be differences in the counts 210 reported by different servers. It is appropriate to simply accept 211 the server's notion of what constitutes a valid packet. 213 The total number of valid DHCP packets received by the server is 214 computed as: 216 (dhcpv4CountDiscovers + dhcpv4CountRequests + 217 dhcpv4CountReleases + dhcpv4CountDeclines + dhcpv4CountInforms 218 + dhcpv4CountLeaseQueries) 220 The total number of valid packets (BOOTP and DHCP) received is 221 computed as: 223 (total number of valid DHCP packets) + bootpCountRequests) 225 The total number of packets received is computed as: 227 (total number of valid packets) + bootpCountInvalids + 228 dhcpv4CountInvalids 230 Similar to the received computations, the total number of DHCP 231 packets sent by the server is computed as: 233 dhcpv4CountOffers + dhcpv4CountAcks + dhcpv4CountNaks 235 The number of packets (BOOTP and DHCP) sent by the server is 236 computed as: 238 (total number of DHCP packets sent) + (bootpCountReplies) 240 3.3.1. Discontinuities 242 Hosts for DHCP servers, and the DHCP servers themselves, are 243 generally quite reliable but occasionally counter values may be 244 discontinuous between successive GETs. There are several cases of 245 interest: 247 o Server fails and is restarted, resetting all counters to zero. 249 o Server fails and is restarted, with counters in an unknown 250 state. 252 o Server fails and is restarted, with counters restored to some 253 previously checkpointed value. 255 The first case MAY occur when a server and agent are incapable of 256 restarting to a "last known good" state, and a manager MUST be 257 capable of recognizing this case. There is little a manager can do 258 other than recognize a reset to zero has occurred and continue from 259 the point of restart. 261 The second case is currently the Best Current Practice for SNMP 262 managers. Because of the uncertain state of counters following a 263 server restart, a manager MUST discard data from the outage interval 264 and restart its calculations. 266 The third case SHOULD arise only if agents take periodic snapshots 267 at different intervals than responding to a GET request. While the 268 counts reported in the first GET response following the outage were 269 accurate at some time, they MAY NOT be completely current. If this 270 occurs, the manager MAY have to accept that data has been lost, 271 perhaps discarding accumulated data, and continue. 273 3.3.2. Counter Rollover 275 Counter objects increment at different rates. It can be expected 276 that some counter will reach its maximum value and rollover to zero 277 while others are nowhere near their maximum value. When a counter's 278 value at time t2 is less than its value at time t1, the manager 279 SHOULD initially assume that a discontinuity has occurred and 280 perform appropriate data validation to determine if the value has 281 rolled over. If a single rollover has occurred, the value used in 282 calculation SHOULD be: 284 [(maximum value of counter) - (value at time t1)] + (value at 285 time t2) + 1 287 Managers SHOULD be alert to the possibility of a counter rolling 288 over more than once during the sampling interval. If this is 289 likely to occur (due to very short leases, very large numbers of 290 clients, network topology, and the presence of unreliable clients 291 or intermediate network equipment) a manager SHOULD carefully 292 examine each detected counter rollover to determine if the data 293 can be used or should be discarded. 295 3.4. Server Configuration Group 297 The server configuration group contains objects that describe the 298 client host configuration information that is held in the server to 299 be offered to requesting clients. Some of the configuration 300 information is static (e.g., a statically configured IPv4 address) 301 and some of the configuration is dynamic (e.g., an assigned DHCP 302 lease). The intent of the server configuration group is to be able 303 to read the server's configuration. 305 The configuration information defines a minimal set of information 306 that most servers should be able to provide. Each row of the 307 dhcpv4ServerSubnetTable lists the subnet address, the subnet mask, 308 and the shared network name that is equivalent to the subnet. 309 Equivalence is defined as more than one subnet being present on the 310 same network segment as some other subnet. 312 The dhcpv4ServerRangeTable lists the start and end IPv4 addresses of 313 the ranges and the subnet of which the range is a member. The 314 dhcpv4ServerRangeInUse object indicates the amount of the range that 315 is currently in use, either through dynamic allocation or being 316 reserved. The range size can be computed as: 318 dhcpv4ServerRangeStartAddress - dhcpv4ServerRangeEndAddress + 319 1 321 The dhcpv4ServerClientTable provides information about the static 322 and dynamic addresses that the server contains in its configuration. 323 Addresses can be: 325 o Static, in which case they are predefined though the server's 326 configuration. Static addresses may or may not have been 327 previously served by the server; 329 o Dynamic, in which case the server has served the addresses and 330 it is currently in active use by a host; 332 o Expired, in which case the server had previously assigned the 333 address, but the lease time has expired and is retained by the 334 server for possible future use by the same client; 336 o Configuration-reserved, in which case the address is not 337 available for the server to allocate to a client. A 338 configuration-reserved address is one that has been reserved by 339 the administrator. An example of a configuration-reserved 340 address is an address that is assigned to a client, not through 341 DHCP (e.g., statically assigned), and the address is within a 342 DHCP range; and 344 o Server-reserved, in which case the server has taken the address 345 out of use. Examples of server-reserved addresses are those 346 that have been declined (i.e., through a DHCPDECLINE) by a 347 client or those that have responded to an ICMP echo before they 348 were assigned. 350 The protocol used to allocate the address can be determined from the 351 "dhcpv4ServerClientServedProtocol" object. This object indicates 352 whether the address has never been served, or whether BOOTP or DHCP 353 was used to allocate the address. 355 4. Definitions 357 DHCP-SERVER-MIB DEFINITIONS ::= BEGIN 359 IMPORTS 360 Counter64, Gauge32, Unsigned32, MODULE-IDENTITY, OBJECT-TYPE, 361 OBJECT-IDENTITY, NOTIFICATION-TYPE, mib-2 362 FROM SNMPv2-SMI 364 TEXTUAL-CONVENTION, DateAndTime FROM SNMPv2-TC 366 SnmpAdminString FROM SNMP-FRAMEWORK-MIB 368 InetAddressIPv4, InetAddressPrefixLength 369 FROM INET-ADDRESS-MIB 371 MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP 372 FROM SNMPv2-CONF; 374 dhcp MODULE-IDENTITY 375 LAST-UPDATED "200402061633Z" 376 ORGANIZATION 377 "IETF DHC Working Group 378 General Discussion: dhcwg@ietf.org 379 Subscribe: http://www1.ietf.org/mailman/listinfo/dhcwg 380 Archive: http://www1.ietf.org/mailman/listinfo/dhcwg 381 Chair: Ralph Droms, rdroms@cisco.com" 382 CONTACT-INFO 383 " Richard Barr Hibbs 384 Postal: 952 Sanchez Street 385 San Francisco, California 94114-3362 386 USA 387 Tel: +1-(415)-648-3920 388 Fax: +1-(415)-648-9017 389 E-mail: rbhibbs@pacbell.net 391 Glenn Waters 392 Postal: Nortel Networks, Inc. 393 310-875 Carling Avenue 394 Ottawa, Ontario K1S 5P1 395 Canada 396 Tel: +1-(613)-798-4925 397 E-mail: gww@NortelNetworks.com" 398 DESCRIPTION 399 "The MIB module for entities implementing the server side of 400 the Bootstrap Protocol (BOOTP) and the Dynamic Host 401 Configuration protocol (DHCP) for Internet Protocol version 402 4(IPv4). This MIB does not include support for Dynamic DNS 403 (DDNS) updating nor for the DHCP Failover Protocol. 405 Copyright (C) The Internet Society (2003). This version of 406 this MIB module is part of RFC xxxx; see the RFC itself for 407 full legal notices." 408 -- RFC Editor assigns xxxx and removes this comment 410 REVISION "200402061633Z" -- 6 February 2004 411 DESCRIPTION "Initial Version, published as RFC xxxx." 412 -- RFC Editor assigns xxxx and removes this comment 413 ::= { mib-2 9999 } -- IANA will make official assignment 415 -- Textual conventions defined by this memo 417 Dhcpv4PhysicalAddress ::= TEXTUAL-CONVENTION 418 DISPLAY-HINT "1d,1d,1x:1x:1x:1x:1x:1x" 419 STATUS current 420 DESCRIPTION 421 "A DHCP-specific encoding of the physical address type and 422 physical address, intended to mirror the representation of 423 physical addresses in DHCP messages. The first octet of this 424 object contains the hardware type from the 'htype' field of 425 the DHCP message, the second octet of this object contains the 426 hardware length from the 'hlen' field, and the remaining 427 octets contain the hardware address from the 'chaddr' field." 428 REFERENCE "RFC 2131" 429 SYNTAX OCTET STRING (SIZE(18)) 431 -- declare top-level MIB objects 433 dhcpv4Server OBJECT-IDENTITY 434 STATUS current 435 DESCRIPTION 436 "DHCPv4 Server MIB objects are defined in this branch." 437 ::= { dhcp 1 } 439 dhcpv4ServerObjects OBJECT-IDENTITY 440 STATUS current 441 DESCRIPTION 442 "DHCP Server MIB server identification objects are all defined 443 in this branch." 444 ::= { dhcpv4Server 1 } 446 dhcpv4ServerSystem OBJECT-IDENTITY 447 STATUS current 448 DESCRIPTION 449 "Group of objects that are related to the overall system." 451 ::= { dhcpv4ServerObjects 1 } 453 bootpCounters OBJECT-IDENTITY 454 STATUS current 455 DESCRIPTION 456 "Group of objects that count various BOOTP events." 457 ::= { dhcpv4ServerObjects 2 } 459 dhcpv4Counters OBJECT-IDENTITY 460 STATUS current 461 DESCRIPTION 462 "Group of objects that count various DHCPv4 events." 463 ::= { dhcpv4ServerObjects 3 } 465 dhcpv4ServerConfiguration OBJECT-IDENTITY 466 STATUS current 467 DESCRIPTION 468 "Objects that contain pre-configured and dynamic configuration 469 information." 470 ::= { dhcpv4ServerObjects 6 } 472 dhcpv4ServerNotifyObjects OBJECT-IDENTITY 473 STATUS current 474 DESCRIPTION 475 "Objects that are used only in notifications." 476 ::= { dhcpv4ServerObjects 7 } 478 -- dhcpv4ServerSystemObjects Group 480 dhcpv4ServerSystemDescr OBJECT-TYPE 481 SYNTAX SnmpAdminString (SIZE(0..255)) 482 MAX-ACCESS read-only 483 STATUS current 484 DESCRIPTION 485 "A textual description of the server. This value SHOULD 486 include the full name and version identification of the 487 server." 488 ::= { dhcpv4ServerSystem 1 } 490 dhcpv4ServerSystemObjectID OBJECT-TYPE 491 SYNTAX OBJECT IDENTIFIER 492 MAX-ACCESS read-only 493 STATUS current 494 DESCRIPTION 495 "The vendor's authoritative identification of the network 496 management subsystem contained in this entity. This value is 497 allocated within the SMI enterprise subtree (1.3.6.1.4.1) and 498 provides an easy and unambiguous means for determining what 499 kind of server is being managed. For example, if vendor Ohso 500 Soft, Inc. is assigned the subtree 1.3.6.1.4.1.4242, it might 501 assign the identifier 1.3.6.1.4.1.4242.1.1 to its Ursa DHCP 502 Server." 503 ::= { dhcpv4ServerSystem 2 } 505 -- bootpCounterObjects Group 507 bootpCountRequests OBJECT-TYPE 508 SYNTAX Counter64 509 MAX-ACCESS read-only 510 STATUS current 511 DESCRIPTION 512 "The number of packets received that contain a Message Type of 513 1 (BOOTREQUEST) in the first octet and do not contain option 514 number 53 (DHCP Message Type) in the options." 515 REFERENCE 516 "RFC-2131." 517 ::= { bootpCounters 1 } 519 bootpCountInvalids OBJECT-TYPE 520 SYNTAX Counter64 521 MAX-ACCESS read-only 522 STATUS current 523 DESCRIPTION 524 "The number of packets received that do not contain a Message 525 Type of 1 (BOOTREQUEST) in the first octet or are not valid 526 BOOTP packets (e.g., too short, invalid field in packet 527 header)." 528 ::= { bootpCounters 2 } 530 bootpCountReplies OBJECT-TYPE 531 SYNTAX Counter64 532 MAX-ACCESS read-only 533 STATUS current 534 DESCRIPTION 535 "The number of packets sent that contain a Message Type of 2 536 (BOOTREPLY) in the first octet and do not contain option 537 number 53 (DHCP Message Type) in the options." 538 REFERENCE 539 "RFC-2131." 540 ::= { bootpCounters 3 } 542 bootpCountDroppedUnknownClients OBJECT-TYPE 543 SYNTAX Counter64 544 MAX-ACCESS read-only 545 STATUS current 546 DESCRIPTION 547 "The number of BOOTP packets dropped due to the server not 548 recognizing or not providing service to the hardware address 549 received in the incoming packet." 550 ::= { bootpCounters 4 } 552 bootpCountDroppedNotServingSubnet OBJECT-TYPE 553 SYNTAX Counter64 554 MAX-ACCESS read-only 555 STATUS current 556 DESCRIPTION 557 "The number of BOOTP packets dropped due to the server not 558 being configured or not otherwise able to serve addresses on 559 the subnet from which this message was received." 560 ::= { bootpCounters 5 } 562 -- DHCP Counters Group 564 dhcpv4CountDiscovers OBJECT-TYPE 565 SYNTAX Counter64 566 MAX-ACCESS read-only 567 STATUS current 568 DESCRIPTION 569 "The number of DHCPDISCOVER (option 53 with value 1) packets 570 received." 571 REFERENCE 572 "RFC2131; RFC2132, section 9.6." 573 ::= { dhcpv4Counters 1 } 575 dhcpv4CountOffers OBJECT-TYPE 576 SYNTAX Counter64 577 MAX-ACCESS read-only 578 STATUS current 579 DESCRIPTION 580 "The number of DHCPOFFER (option 53 with value 2) packets 581 sent." 582 REFERENCE 583 "RFC2131; RFC2132, section 9.6." 584 ::= { dhcpv4Counters 2 } 586 dhcpv4CountRequests OBJECT-TYPE 587 SYNTAX Counter64 588 MAX-ACCESS read-only 589 STATUS current 590 DESCRIPTION 591 "The number of DHCPREQUEST (option 53 with value 3) packets 592 received." 593 REFERENCE 594 "RFC2131; RFC2132, section 9.6." 595 ::= { dhcpv4Counters 3} 597 dhcpv4CountDeclines OBJECT-TYPE 598 SYNTAX Counter64 599 MAX-ACCESS read-only 600 STATUS current 601 DESCRIPTION 602 "The number of DHCPDECLINE (option 53 with value 4) packets 603 received." 604 REFERENCE 605 "RFC2131; RFC2132, section 9.6." 606 ::= { dhcpv4Counters 4 } 608 dhcpv4CountAcks OBJECT-TYPE 609 SYNTAX Counter64 610 MAX-ACCESS read-only 611 STATUS current 612 DESCRIPTION 613 "The number of DHCPACK (option 53 with value 5) packets sent." 614 REFERENCE 615 "RFC2131; RFC2132, section 9.6." 616 ::= { dhcpv4Counters 5 } 618 dhcpv4CountNaks OBJECT-TYPE 619 SYNTAX Counter64 620 MAX-ACCESS read-only 621 STATUS current 622 DESCRIPTION 623 "The number of DHCPNACK (option 53 with value 6) packets 624 sent." 625 REFERENCE 626 "RFC2131; RFC2132, section 9.6." 627 ::= { dhcpv4Counters 6 } 629 dhcpv4CountReleases OBJECT-TYPE 630 SYNTAX Counter64 631 MAX-ACCESS read-only 632 STATUS current 633 DESCRIPTION 634 "The number of DHCPRELEASE (option 53 with value 7) packets 635 received." 636 REFERENCE 637 "RFC2131; RFC2132, section 9.6." 638 ::= { dhcpv4Counters 7 } 640 dhcpv4CountInforms OBJECT-TYPE 641 SYNTAX Counter64 642 MAX-ACCESS read-only 643 STATUS current 644 DESCRIPTION 645 "The number of DHCPINFORM (option 53 with value 8) packets 646 received." 647 REFERENCE 648 "RFC2131; RFC2132, section 9.6." 649 ::= { dhcpv4Counters 8 } 651 dhcpv4CountForcedRenews OBJECT-TYPE 652 SYNTAX Counter64 653 MAX-ACCESS read-only 654 STATUS current 655 DESCRIPTION 656 "The number of DHCPFORCERENEW (option 53 with value 9) packets 657 sent." 658 REFERENCE 659 " RFC 3203, DHCP reconfigure extension." 660 ::= { dhcpv4Counters 9 } 662 dhcpv4CountInvalids OBJECT-TYPE 663 SYNTAX Counter64 664 MAX-ACCESS read-only 665 STATUS current 666 DESCRIPTION 667 "The number of DHCP packets received whose DHCP message type 668 (i.e., option number 53) is not understood or handled by the 669 server." 670 ::= { dhcpv4Counters 10 } 672 dhcpv4CountDroppedUnknownClient OBJECT-TYPE 673 SYNTAX Counter64 674 MAX-ACCESS read-only 675 STATUS current 676 DESCRIPTION 677 "The number of DHCP packets dropped due to the server not 678 recognizing or not providing service to the client-id and/or 679 hardware address received in the incoming packet." 680 ::= { dhcpv4Counters 11 } 682 dhcpv4CountDroppedNotServingSubnet OBJECT-TYPE 683 SYNTAX Counter64 684 MAX-ACCESS read-only 685 STATUS current 686 DESCRIPTION 687 "The number of DHCP packets dropped due to the server not 688 being configured or not otherwise able to serve addresses on 689 the subnet from which this message was received." 690 ::= { dhcpv4Counters 12 } 692 -- DHCP Server Configuration 693 -- dhcpv4ServerSharedNetObjects Group 695 dhcpv4ServerSharedNetTable OBJECT-TYPE 696 SYNTAX SEQUENCE OF Dhcpv4ServerSharedNetEntry 697 MAX-ACCESS not-accessible 698 STATUS current 699 DESCRIPTION 700 "A list of shared networks that are configured in the server. 701 A shared network is the logical aggregation of one or more 702 subnets that share a common network segment (e.g., multi- 703 tapped coaxial cable, wiring hub, or switch). This table is 704 present ONLY for those servers that organize the ranges of 705 addresses available for assignment where a higher-level 706 grouping (i.e., the 'shared' network) exists above ranges and 707 subnets." 708 ::= { dhcpv4ServerConfiguration 1 } 710 dhcpv4ServerSharedNetEntry OBJECT-TYPE 711 SYNTAX Dhcpv4ServerSharedNetEntry 712 MAX-ACCESS not-accessible 713 STATUS current 714 DESCRIPTION 715 "A logical row in the dhcpv4ServerSharedNetTable." 716 INDEX { 717 dhcpv4ServerSharedNetName 718 } 719 ::= { dhcpv4ServerSharedNetTable 1} 721 Dhcpv4ServerSharedNetEntry ::= SEQUENCE { 722 dhcpv4ServerSharedNetName SnmpAdminString, 723 dhcpv4ServerSharedNetFreeAddrLowThreshold Unsigned32, 724 dhcpv4ServerSharedNetFreeAddrHighThreshold Unsigned32, 725 dhcpv4ServerSharedNetFreeAddresses Unsigned32, 726 dhcpv4ServerSharedNetReservedAddresses Unsigned32, 727 dhcpv4ServerSharedNetTotalAddresses Unsigned32 728 } 730 dhcpv4ServerSharedNetName OBJECT-TYPE 731 SYNTAX SnmpAdminString (SIZE(1..100)) 732 MAX-ACCESS not-accessible 733 STATUS current 734 DESCRIPTION 735 "The name of the shared network, which uniquely identifies an 736 entry in the dhcpv4ServerSharedNetTable." 737 ::= { dhcpv4ServerSharedNetEntry 1 } 739 dhcpv4ServerSharedNetFreeAddrLowThreshold OBJECT-TYPE 740 SYNTAX Unsigned32 741 MAX-ACCESS accessible-for-notify 742 STATUS current 743 DESCRIPTION 744 "The low threshold for available free addresses in this shared 745 network. If the value for available free addresses in this 746 shared network becomes equal to or less than this value, a 747 dhcpv4ServerFreeAddressLow event is generated for this shared 748 network. No more dhcpv4ServerFreeAddressLow events will be 749 generated for this subnet during this execution of the DHCP 750 server until the value for available free addresses has 751 exceeded the value of 752 dhcpv4ServerSharedNetFreeAddrHighThreshold." 753 ::= { dhcpv4ServerSharedNetEntry 2 } 755 dhcpv4ServerSharedNetFreeAddrHighThreshold OBJECT-TYPE 756 SYNTAX Unsigned32 757 MAX-ACCESS accessible-for-notify 758 STATUS current 759 DESCRIPTION 760 "The high threshold for available free addresses in this 761 shared network. If a dhcpv4ServerFreeAddressLow event was 762 generated for this subnet, and the value for available free 763 addresses has exceeded the value of 764 dhcpv4ServerSubnetFreeAddrHighThreshold, then a 765 dhcpv4ServerFreeAddressHigh event will be generated. No more 766 dhcpv4ServerFreeAddressHigh events will be generated for this 767 subnet during this execution of the DHCP server until the 768 value for available free addresses becomes equal to or less 769 than the value of dhcpv4ServerSubnetFreeAddrLowThreshold." 770 ::= { dhcpv4ServerSharedNetEntry 3 } 772 dhcpv4ServerSharedNetFreeAddresses OBJECT-TYPE 773 SYNTAX Unsigned32 774 MAX-ACCESS accessible-for-notify 775 STATUS current 776 DESCRIPTION 777 "The number of IPv4 addresses which are available within this 778 shared network. If the server does not count free addresses 779 by shared network segment, this value will be zero." 780 ::= { dhcpv4ServerSharedNetEntry 4 } 782 dhcpv4ServerSharedNetReservedAddresses OBJECT-TYPE 783 SYNTAX Unsigned32 784 MAX-ACCESS accessible-for-notify 785 STATUS current 786 DESCRIPTION 787 "The number of IPv4 addresses which are reserved (not 788 available for assignment) within this shared network. If the 789 server does not count reserved addresses by shared network 790 segment, this value will be zero." 791 ::= { dhcpv4ServerSharedNetEntry 5 } 793 dhcpv4ServerSharedNetTotalAddresses OBJECT-TYPE 794 SYNTAX Unsigned32 795 MAX-ACCESS accessible-for-notify 796 STATUS current 797 DESCRIPTION 798 "The number of IPv4 addresses which are available within this 799 shared network. If the server does not count total addresses 800 by shared network segment, this value will be zero." 801 ::= { dhcpv4ServerSharedNetEntry 6 } 803 -- dhcpv4ServerSubnetObjects Group 805 dhcpv4ServerSubnetTable OBJECT-TYPE 806 SYNTAX SEQUENCE OF Dhcpv4ServerSubnetEntry 807 MAX-ACCESS not-accessible 808 STATUS current 809 DESCRIPTION 810 "A list of subnets that are configured in this server." 811 ::= { dhcpv4ServerConfiguration 2 } 813 dhcpv4ServerSubnetEntry OBJECT-TYPE 814 SYNTAX Dhcpv4ServerSubnetEntry 815 MAX-ACCESS not-accessible 816 STATUS current 817 DESCRIPTION 818 "A logical row in the dhcpv4ServerSubnetTable." 819 INDEX { 820 dhcpv4ServerSubnetAddress 821 } 822 ::= { dhcpv4ServerSubnetTable 1 } 824 Dhcpv4ServerSubnetEntry ::= SEQUENCE { 825 dhcpv4ServerSubnetAddress InetAddressIPv4, 826 dhcpv4ServerSubnetMask 827 InetAddressPrefixLength, 828 dhcpv4ServerSubnetSharedNetworkName SnmpAdminString, 829 dhcpv4ServerSubnetFreeAddrLowThreshold Unsigned32, 830 dhcpv4ServerSubnetFreeAddrHighThreshold Unsigned32, 831 dhcpv4ServerSubnetFreeAddresses Unsigned32 832 } 834 dhcpv4ServerSubnetAddress OBJECT-TYPE 835 SYNTAX InetAddressIPv4 836 MAX-ACCESS not-accessible 837 STATUS current 838 DESCRIPTION 839 "The IPv4 address of the subnet entry in the 840 dhcpv4ServerSubnetTable." 841 ::= { dhcpv4ServerSubnetEntry 1 } 843 dhcpv4ServerSubnetMask OBJECT-TYPE 844 SYNTAX InetAddressPrefixLength 845 MAX-ACCESS read-only 846 STATUS current 847 DESCRIPTION 848 "The subnet mask of the subnet. This MUST be the same as the 849 value of DHCP option 1 offered to clients on this subnet." 850 ::= { dhcpv4ServerSubnetEntry 2 } 852 dhcpv4ServerSubnetSharedNetworkName OBJECT-TYPE 853 SYNTAX SnmpAdminString (SIZE(1..100)) 854 MAX-ACCESS read-only 855 STATUS current 856 DESCRIPTION 857 "The shared subnet name (used as an index into the server 858 shared subnet table) to which this subnet belongs. This value 859 will be null for servers that do not organize or describe 860 networks in this manner." 861 ::= { dhcpv4ServerSubnetEntry 3 } 863 dhcpv4ServerSubnetFreeAddrLowThreshold OBJECT-TYPE 864 SYNTAX Unsigned32 865 MAX-ACCESS accessible-for-notify 866 STATUS current 867 DESCRIPTION 868 "The low threshold for available free addresses in this 869 subnet. If the value for available free addresses in this 870 subnet becomes equal to or less than this value, a 871 dhcpv4ServerSubnetFreeAddrLowThreshold event will be generated 872 for this shared network. No more 873 dhcpv4ServerSubnetFreeAddrLowThreshold events will be 874 generated for this subnet during this execution of the DHCP 875 server until the value for available free addresses has 876 exceeded the value of 877 dhcpv4ServerSubnetFreeAddrHighThreshold." 878 ::= { dhcpv4ServerSubnetEntry 4 } 880 dhcpv4ServerSubnetFreeAddrHighThreshold OBJECT-TYPE 881 SYNTAX Unsigned32 882 MAX-ACCESS accessible-for-notify 883 STATUS current 884 DESCRIPTION 885 "The high threshold for available free addresses in this 886 subnet. If a dhcpv4ServerSubnetFreeAddrLowThreshold event has 887 been generated for this subnet, and the value for available 888 free addresses has exceeded the value of 889 dhcpv4ServerSubnetFreeAddrHighThreshold, then a 890 dhcpv4ServerFreeAddressHigh event will be generated. No more 891 dhcpv4ServerFreeAddressHigh events will be generated for this 892 subnet during this execution of the DHCP server until the 893 value for available free addresses becomes equal to or less 894 than the value of dhcpv4ServerSubnetFreeAddrLowThreshold." 895 ::= { dhcpv4ServerSubnetEntry 5 } 897 dhcpv4ServerSubnetFreeAddresses OBJECT-TYPE 898 SYNTAX Unsigned32 899 MAX-ACCESS accessible-for-notify 900 STATUS current 901 DESCRIPTION 902 "The number of free IPv4 addresses which are available in this 903 subnet." 904 ::= { dhcpv4ServerSubnetEntry 6 } 906 -- dhcpv4ServerRangeObjects Group 908 dhcpv4ServerRangeTable OBJECT-TYPE 909 SYNTAX SEQUENCE OF Dhcpv4ServerRangeEntry 910 MAX-ACCESS not-accessible 911 STATUS current 912 DESCRIPTION 913 "A list of ranges that are configured on this server." 914 ::= { dhcpv4ServerConfiguration 3 } 916 dhcpv4ServerRangeEntry OBJECT-TYPE 917 SYNTAX Dhcpv4ServerRangeEntry 918 MAX-ACCESS not-accessible 919 STATUS current 920 DESCRIPTION 921 "A logical row in the dhcpv4ServerRangeTable." 922 INDEX { 923 dhcpv4ServerRangeStartAddress, 924 dhcpv4ServerRangeEndAddress 925 } 926 ::= { dhcpv4ServerRangeTable 1 } 928 Dhcpv4ServerRangeEntry ::= SEQUENCE { 929 dhcpv4ServerRangeStartAddress InetAddressIPv4, 930 dhcpv4ServerRangeEndAddress InetAddressIPv4, 931 dhcpv4ServerRangeSubnetMask InetAddressPrefixLength, 932 dhcpv4ServerRangeInUse Gauge32, 933 dhcpv4ServerRangeOutstandingOffers Gauge32 934 } 936 dhcpv4ServerRangeStartAddress OBJECT-TYPE 937 SYNTAX InetAddressIPv4 938 MAX-ACCESS not-accessible 939 STATUS current 940 DESCRIPTION 941 "The IPv4 address of the first address in the range. The 942 value of dhcpv4ServerRangeStartAddress MUST be less than or 943 equal to the value of dhcpv4ServerRangeEndAddress." 944 ::= { dhcpv4ServerRangeEntry 1 } 946 dhcpv4ServerRangeEndAddress OBJECT-TYPE 947 SYNTAX InetAddressIPv4 948 MAX-ACCESS not-accessible 949 STATUS current 950 DESCRIPTION 951 "The IPv4 address of the last address in the range. The value 952 of dhcpv4ServerRangeEndAddress MUST be greater than or equal 953 to the value of dhcpv4ServerRangeStartAddress." 954 ::= { dhcpv4ServerRangeEntry 2 } 956 dhcpv4ServerRangeSubnetMask OBJECT-TYPE 957 SYNTAX InetAddressPrefixLength 958 MAX-ACCESS read-only 959 STATUS current 960 DESCRIPTION 961 "The subnet address mask for this range." 962 ::= { dhcpv4ServerRangeEntry 3 } 964 dhcpv4ServerRangeInUse OBJECT-TYPE 965 SYNTAX Gauge32 966 MAX-ACCESS read-only 967 STATUS current 968 DESCRIPTION 969 "The number of addresses in this range that are currently in 970 use. This number includes those addresses whose lease has not 971 expired and addresses which have been reserved (either by the 972 server or through configuration)." 973 ::= { dhcpv4ServerRangeEntry 4 } 975 dhcpv4ServerRangeOutstandingOffers OBJECT-TYPE 976 SYNTAX Gauge32 977 MAX-ACCESS read-only 978 STATUS current 979 DESCRIPTION 980 "The number of outstanding DHCPOFFER messages for this range 981 is reported with this value. An offer is outstanding if the 982 server has sent a DHCPOFFER message to a client, but has not 983 yet received a DHCPREQUEST message from the client nor has the 984 server-specific timeout (limiting the time in which a client 985 can respond to the offer message) for the offer message 986 expired." 987 ::= { dhcpv4ServerRangeEntry 5 } 989 -- dhcpv4ServerClientObjects Group 990 dhcpv4ServerClientTable OBJECT-TYPE 991 SYNTAX SEQUENCE OF Dhcpv4ServerClientEntry 992 MAX-ACCESS not-accessible 993 STATUS current 994 DESCRIPTION 995 "An optional list of addresses that are known by this server. 996 The list MUST contain addresses that have not expired. The 997 list MUST NOT contain addresses that have never been assigned 998 by the server UNLESS the lease is pre-configured in the server 999 (e.g., a static lease for a host). Expired leases MAY appear 1000 during the time they are 'remembered' by the server for 1001 subsequent assignment to the same host." 1002 ::= { dhcpv4ServerConfiguration 4 } 1004 dhcpv4ServerClientEntry OBJECT-TYPE 1005 SYNTAX Dhcpv4ServerClientEntry 1006 MAX-ACCESS not-accessible 1007 STATUS current 1008 DESCRIPTION 1009 "A logical row in the dhcpv4ServerClientTable." 1010 INDEX { 1011 dhcpv4ServerClient 1012 } 1013 ::= { dhcpv4ServerClientTable 1 } 1015 Dhcpv4ServerClientEntry ::= SEQUENCE { 1016 dhcpv4ServerClient InetAddressIPv4, 1017 dhcpv4ServerClientSubnetMask InetAddressPrefixLength, 1018 dhcpv4ServerClientRange InetAddressIPv4, 1019 dhcpv4ServerClientLeaseType INTEGER, 1020 dhcpv4ServerClientTimeRemaining Unsigned32, 1021 dhcpv4ServerClientAllowedProtocol INTEGER, 1022 dhcpv4ServerClientServedProtocol INTEGER, 1023 dhcpv4ServerClientPhysicalAddress Dhcpv4PhysicalAddress, 1024 dhcpv4ServerClientClientId OCTET STRING, 1025 dhcpv4ServerClientHostName SnmpAdminString, 1026 dhcpv4ServerClientDomainName SnmpAdminString 1027 } 1029 dhcpv4ServerClient OBJECT-TYPE 1030 SYNTAX InetAddressIPv4 1031 MAX-ACCESS not-accessible 1032 STATUS current 1033 DESCRIPTION 1034 "The IPv4 address of this entry in the 1035 dhcpv4ServerClientTable." 1036 ::= { dhcpv4ServerClientEntry 1 } 1038 dhcpv4ServerClientSubnetMask OBJECT-TYPE 1039 SYNTAX InetAddressPrefixLength 1040 MAX-ACCESS read-only 1041 STATUS current 1042 DESCRIPTION 1043 "The subnet mask (DHCP option 1) provided to the client 1044 offered this address. The subnet, resulting from logically 1045 ANDing the subnet mask with the entry's IPv4 address, MUST be 1046 configured on this server and appear as a row in the 1047 dhcpSubnetTable." 1048 ::= { dhcpv4ServerClientEntry 2 } 1050 dhcpv4ServerClientRange OBJECT-TYPE 1051 SYNTAX InetAddressIPv4 1052 MAX-ACCESS read-only 1053 STATUS current 1054 DESCRIPTION 1055 "The starting IPv4 address (dhcpv4ServerRangeStartAddress 1056 object) of the range to which this address belongs. If the 1057 address does not fall into one of the configured ranges (e.g., 1058 a statically configured address on a subnet) the range MAY be 1059 0.0.0.0." 1060 ::= { dhcpv4ServerClientEntry 3 } 1062 dhcpv4ServerClientLeaseType OBJECT-TYPE 1063 SYNTAX INTEGER { 1064 static(1), 1065 dynamic(2), 1066 expired(3), 1067 configurationReserved(4), 1068 serverReserved(5) 1069 } 1070 MAX-ACCESS read-only 1071 STATUS current 1072 DESCRIPTION 1073 "The type of this address. Types are: 1074 (1) Static addresses defined by the server configuration. 1075 (2) Dynamic addresses defined by the server configuration 1076 AND actually assigned by the server. 1077 (3) Expired dynamic addresses, previously assigned by the 1078 server, and 'remembered' for subsequent assignment to 1079 the same host. 1080 (4) Addresses reserved (i.e., not assignable) by the server 1081 configuration. 1082 (5) Addresses previously assigned by the server, but 1083 temporarily or permanently removed from assignable state 1084 for some reason, e.g., the server received an ICMP 1085 ECHOREPLY for the IPv4 address or a DHCPDECLINE message 1086 has been received for the IPv4 address." 1087 ::= { dhcpv4ServerClientEntry 4 } 1089 dhcpv4ServerClientTimeRemaining OBJECT-TYPE 1090 SYNTAX Unsigned32 1091 MAX-ACCESS read-only 1092 STATUS current 1093 DESCRIPTION 1094 "The number of seconds until the lease expires. A value of 1095 4294967295 (i.e., 0xFFFFFFFF) SHOULD be used for leases that 1096 have a lease time which is 'infinite' and for BOOTP leases." 1097 ::= { dhcpv4ServerClientEntry 5 } 1099 dhcpv4ServerClientAllowedProtocol OBJECT-TYPE 1100 SYNTAX INTEGER { 1101 none(1), 1102 bootp(2), 1103 dhcp(3), 1104 bootpOrDhcp(4) 1105 } 1106 MAX-ACCESS read-only 1107 STATUS current 1108 DESCRIPTION 1109 "The type of protocol that is allowed to be used to serve this 1110 address. A type of none (1) indicates that the address is not 1111 available to be served (e.g., a reserved address). Type (2) 1112 is reserved for BOOTP only devices, while type (3) is reserved 1113 for DHCP only devices. A type of bootp-or-dhcp (4) can be 1114 offered to any type of client." 1115 ::= { dhcpv4ServerClientEntry 6 } 1117 dhcpv4ServerClientServedProtocol OBJECT-TYPE 1118 SYNTAX INTEGER { 1119 none(1), 1120 bootp(2), 1121 dhcp(3) 1122 } 1123 MAX-ACCESS read-only 1124 STATUS current 1125 DESCRIPTION 1126 "The type of protocol that was used when this address was 1127 assigned. This object will have the value of none (1) if the 1128 address has not been served." 1129 ::= { dhcpv4ServerClientEntry 7 } 1131 dhcpv4ServerClientPhysicalAddress OBJECT-TYPE 1132 SYNTAX Dhcpv4PhysicalAddress 1133 MAX-ACCESS read-only 1134 STATUS current 1135 DESCRIPTION 1136 "The hardware type and hardware address of the client that has 1137 been assigned this lease. The first octet of this object 1138 contains the hardware type from the 'htype' field of the BOOTP 1139 packet and the remaining octets contain the hardware address 1140 from the 'chaddr' field of the BOOTP packet. This object MAY 1141 be empty if the address has not been previously served." 1142 ::= { dhcpv4ServerClientEntry 8 } 1144 dhcpv4ServerClientClientId OBJECT-TYPE 1145 SYNTAX OCTET STRING (SIZE(0..255)) 1146 MAX-ACCESS read-only 1147 STATUS current 1148 DESCRIPTION 1149 "The client-id of the client that has been assigned this 1150 lease. The client-id is the value specified in option 61 1151 (client-id option) when the lease was assigned. This object 1152 MAY be empty if the lease has not been previously assigned or 1153 if the client-id option was not specified when the address was 1154 assigned." 1155 ::= { dhcpv4ServerClientEntry 9 } 1157 dhcpv4ServerClientHostName OBJECT-TYPE 1158 SYNTAX SnmpAdminString (SIZE(1..255)) 1159 MAX-ACCESS read-only 1160 STATUS current 1161 DESCRIPTION 1162 "The host name (DHCP option 12) the client is configured to 1163 use, or if no host name was configured then the host name that 1164 the client supplied when requesting an address. While this 1165 object has a maximum size of 255 octets, a Fully-Qualified 1166 Domain Name (FQDN) consisting of a Host Name part and a Domain 1167 Name part is currently limited to 255 octets. Therefore, the 1168 sum of the string lengths for this object and the 1169 dhcpv4ServerClientDomainName MUST be, in practice, less than 1170 256 octets." 1171 ::= { dhcpv4ServerClientEntry 10 } 1173 dhcpv4ServerClientDomainName OBJECT-TYPE 1174 SYNTAX SnmpAdminString (SIZE(1..255)) 1175 MAX-ACCESS read-only 1176 STATUS current 1177 DESCRIPTION 1178 "The domain name (DHCP option 15) assigned to the client. 1179 While this object has a maximum size of 255 octets, a Fully- 1180 Qualified Domain Name (FQDN) consisting of a Host Name part 1181 and a Domain Name part is currently limited to 255 octets, 1182 less the separator ('.') character. Therefore, the sum of the 1183 string lengths for this object and the 1184 dhcpv4ServerClientHostName MUST be, in practice, less than 256 1185 octets." 1186 ::= { dhcpv4ServerClientEntry 11 } 1188 -- dhcpv4ServerNotifyObjects Group 1190 dhcpv4ServerNotifyDuplicateIpAddr OBJECT-TYPE 1191 SYNTAX InetAddressIPv4 1192 MAX-ACCESS accessible-for-notify 1193 STATUS current 1194 DESCRIPTION 1195 "The IPv4 address found to be a duplicate. Duplicates are 1196 detected by servers, which issue an ICMP ECHOREQUEST prior to 1197 offering an IPv4 address lease, or by a client issuing a 1198 gratuitous ARP message and reported through a DHCPDECLINE 1199 message." 1200 ::= { dhcpv4ServerNotifyObjects 1 } 1202 dhcpv4ServerNotifyDuplicateMac OBJECT-TYPE 1203 SYNTAX Dhcpv4PhysicalAddress 1204 MAX-ACCESS accessible-for-notify 1205 STATUS current 1206 DESCRIPTION 1207 "The offending MAC address which caused a duplicate IPv4 1208 address to be detected, if captured by the server, else 00-00- 1209 00-00-00-00." 1210 ::= { dhcpv4ServerNotifyObjects 2 } 1212 dhcpv4ServerNotifyClientOrServerDetected OBJECT-TYPE 1213 SYNTAX INTEGER { 1214 client(1), 1215 server(2) 1216 } 1217 MAX-ACCESS accessible-for-notify 1218 STATUS current 1219 DESCRIPTION 1220 "Duplicate IPv4 addresses can be detected either by a server, 1221 using an ICMP ECHO message, or by a client using ARP. This 1222 object is set by the server to (1) if the client used 1223 DHCPDECLINE to mark the offered address as in-use, or to (2) 1224 if the server discovered the address in use by some client 1225 before offering it." 1226 ::= { dhcpv4ServerNotifyObjects 3 } 1228 dhcpv4ServerNotifyServerStart OBJECT-TYPE 1229 SYNTAX DateAndTime 1230 MAX-ACCESS accessible-for-notify 1231 STATUS current 1232 DESCRIPTION 1233 "The date and time when the server began operation." 1234 ::= { dhcpv4ServerNotifyObjects 4 } 1236 dhcpv4ServerNotifyServerStop OBJECT-TYPE 1237 SYNTAX DateAndTime 1238 MAX-ACCESS accessible-for-notify 1239 STATUS current 1240 DESCRIPTION 1241 "The date and time when the server ceased operation." 1242 ::= { dhcpv4ServerNotifyObjects 5 } 1244 -- Notifications 1246 dhcpv4ServerNotificationPrefix OBJECT IDENTIFIER 1247 ::= { dhcpv4Server 2 } 1249 dhcpv4ServerNotifications OBJECT IDENTIFIER 1250 ::= { dhcpv4ServerNotificationPrefix 0 } 1252 dhcpv4ServerFreeAddressLow NOTIFICATION-TYPE 1253 OBJECTS { 1254 dhcpv4ServerSharedNetFreeAddrLowThreshold, 1255 dhcpv4ServerSharedNetFreeAddresses 1256 } 1257 STATUS current 1258 DESCRIPTION 1259 "This notification signifies that the number of available IPv4 1260 addresses for a particular shared network has fallen below the 1261 value of dhcpv4ServerSharedNetFreeAddrLowThreshold for that 1262 shared network." 1263 ::= { dhcpv4ServerNotifications 1 } 1265 dhcpv4ServerFreeAddressHigh NOTIFICATION-TYPE 1266 OBJECTS { 1267 dhcpv4ServerSharedNetFreeAddrHighThreshold, 1268 dhcpv4ServerSharedNetFreeAddresses 1269 } 1270 STATUS current 1271 DESCRIPTION 1272 "This notification signifies that the number of available IPv4 1273 addresses for a particular shared network has risen above the 1274 value of dhcpv4ServerSharedNetFreeAddrHighThreshold for that 1275 shared network." 1276 ::= { dhcpv4ServerNotifications 2 } 1278 dhcpv4ServerStartTime NOTIFICATION-TYPE 1279 OBJECTS { dhcpv4ServerNotifyServerStart } 1280 STATUS current 1281 DESCRIPTION 1282 "This notification signifies that the server of the specified 1283 type has started on the host from which this notification has 1284 been sent." 1285 ::= { dhcpv4ServerNotifications 3 } 1286 dhcpv4ServerStopTime NOTIFICATION-TYPE 1287 OBJECTS { dhcpv4ServerNotifyServerStop } 1288 STATUS current 1289 DESCRIPTION 1290 "This notification signifies that the server of the specified 1291 type has stopped normally on the host from which this 1292 notification has been sent." 1293 ::= { dhcpv4ServerNotifications 4 } 1295 dhcpv4ServerDuplicateAddress NOTIFICATION-TYPE 1296 OBJECTS { 1297 dhcpv4ServerNotifyDuplicateIpAddr, 1298 dhcpv4ServerNotifyDuplicateMac, 1299 dhcpv4ServerNotifyClientOrServerDetected 1300 } 1301 STATUS current 1302 DESCRIPTION 1303 "This notification signifies that a duplicate IPv4 address has 1304 been detected. The DHCP server can detect this condition 1305 through the ping-before-offer mechanism. Alternatively, the 1306 client may have sent a DHCPDECLINE back to the server; this is 1307 assumed to be the result of the client detecting that the 1308 address was in use. In either case, the DHCP server marks the 1309 IPv4 address as unavailable for leasing to clients. The 1310 dhcpv4ServerNotifyClientOrServerDetected object indicates 1311 whether the client or server detected this condition." 1312 ::= { dhcpv4ServerNotifications 5 } 1314 -- Conformance 1316 dhcpv4ServerConformance OBJECT-IDENTITY 1317 STATUS current 1318 DESCRIPTION 1319 "DHCP server conformance objects are all defined in this 1320 branch." 1321 ::= { dhcpv4Server 3 } 1323 dhcpv4ServerCompliances OBJECT IDENTIFIER 1324 ::= { dhcpv4ServerConformance 1 } 1326 dhcpv4ServerGroups OBJECT IDENTIFIER 1327 ::= { dhcpv4ServerConformance 2 } 1329 -- Compliance groups 1331 dhcpv4ServerCompliance MODULE-COMPLIANCE 1332 STATUS current 1333 DESCRIPTION 1334 "This group describes the requirements for conformance to the 1335 DHCP Server MIB. A DHCPv4 server implementation is only 1336 REQUIRED to support IPv4 addresses. In particular, this 1337 comment applies to the following objects with MAX-ACCESS not- 1338 accessible: 1339 dhcpv4ServerSubnet 1340 dhcpv4ServerRangeStart 1341 dhcpv4ServerRangeEnd 1342 dhcpv4ServerClient." 1343 MODULE -- this module 1344 MANDATORY-GROUPS { 1345 dhcpv4ServerSystemObjects, 1346 bootpCounterObjects, 1347 dhcpv4CounterObjects, 1348 dhcpv4ServerSharedNetObjects, 1349 dhcpv4ServerSubnetObjects, 1350 dhcpv4ServerRangeObjects, 1351 dhcpv4ServerClientObjects, 1352 dhcpv4ServerNotifyObjectsGroup, 1353 dhcpv4ServerNotificationsGroup 1354 } 1355 ::= { dhcpv4ServerCompliances 1 } 1357 -- Object groups 1359 dhcpv4ServerSystemObjects OBJECT-GROUP 1360 OBJECTS { 1361 dhcpv4ServerSystemDescr, 1362 dhcpv4ServerSystemObjectID 1363 } 1364 STATUS current 1365 DESCRIPTION 1366 "Objects belonging to the dhcpv4ServerSystemObjects group." 1367 ::= { dhcpv4ServerGroups 1 } 1369 bootpCounterObjects OBJECT-GROUP 1370 OBJECTS { 1371 bootpCountRequests, 1372 bootpCountInvalids, 1373 bootpCountReplies, 1374 bootpCountDroppedUnknownClients, 1375 bootpCountDroppedNotServingSubnet 1376 } 1377 STATUS current 1378 DESCRIPTION 1379 "Objects belonging to the bootpBounterObjects group." 1380 ::= { dhcpv4ServerGroups 2 } 1381 dhcpv4CounterObjects OBJECT-GROUP 1382 OBJECTS { 1383 dhcpv4CountDiscovers, 1384 dhcpv4CountOffers, 1385 dhcpv4CountRequests, 1386 dhcpv4CountDeclines, 1387 dhcpv4CountAcks, 1388 dhcpv4CountNaks, 1389 dhcpv4CountReleases, 1390 dhcpv4CountInforms, 1391 dhcpv4CountForcedRenews, 1392 dhcpv4CountInvalids, 1393 dhcpv4CountDroppedUnknownClient, 1394 dhcpv4CountDroppedNotServingSubnet 1395 } 1396 STATUS current 1397 DESCRIPTION 1398 "Objects belonging to the dhcpv4CounterObjects group." 1399 ::= { dhcpv4ServerGroups 3 } 1401 dhcpv4ServerSharedNetObjects OBJECT-GROUP 1402 OBJECTS { 1403 dhcpv4ServerSharedNetFreeAddrLowThreshold, 1404 dhcpv4ServerSharedNetFreeAddrHighThreshold, 1405 dhcpv4ServerSharedNetFreeAddresses, 1406 dhcpv4ServerSharedNetReservedAddresses, 1407 dhcpv4ServerSharedNetTotalAddresses 1408 } 1409 STATUS current 1410 DESCRIPTION 1411 "Objects belonging to the dhcpv4ServerSharedNetObjects group." 1412 ::= { dhcpv4ServerGroups 4 } 1414 dhcpv4ServerSubnetObjects OBJECT-GROUP 1415 OBJECTS { 1416 dhcpv4ServerSubnetMask, 1417 dhcpv4ServerSubnetSharedNetworkName, 1418 dhcpv4ServerSubnetFreeAddrLowThreshold, 1419 dhcpv4ServerSubnetFreeAddrHighThreshold, 1420 dhcpv4ServerSubnetFreeAddresses 1421 } 1422 STATUS current 1423 DESCRIPTION 1424 "Objects belonging to the dhcpv4ServerSubnetObjects group." 1425 ::= { dhcpv4ServerGroups 5 } 1427 dhcpv4ServerRangeObjects OBJECT-GROUP 1428 OBJECTS { 1429 dhcpv4ServerRangeSubnetMask, 1430 dhcpv4ServerRangeInUse, 1431 dhcpv4ServerRangeOutstandingOffers 1432 } 1433 STATUS current 1434 DESCRIPTION 1435 "Objects belonging to the dhcpv4ServerRangeObjects group." 1436 ::= { dhcpv4ServerGroups 6 } 1438 dhcpv4ServerClientObjects OBJECT-GROUP 1439 OBJECTS { 1440 dhcpv4ServerClientSubnetMask, 1441 dhcpv4ServerClientRange, 1442 dhcpv4ServerClientLeaseType, 1443 dhcpv4ServerClientTimeRemaining, 1444 dhcpv4ServerClientAllowedProtocol, 1445 dhcpv4ServerClientServedProtocol, 1446 dhcpv4ServerClientPhysicalAddress, 1447 dhcpv4ServerClientClientId, 1448 dhcpv4ServerClientHostName, 1449 dhcpv4ServerClientDomainName 1450 } 1451 STATUS current 1452 DESCRIPTION 1453 "Objects belonging to the dhcpv4ServerClientObjects group." 1454 ::= { dhcpv4ServerGroups 7 } 1456 dhcpv4ServerNotifyObjectsGroup OBJECT-GROUP 1457 OBJECTS { 1458 dhcpv4ServerNotifyDuplicateIpAddr, 1459 dhcpv4ServerNotifyDuplicateMac, 1460 dhcpv4ServerNotifyClientOrServerDetected, 1461 dhcpv4ServerNotifyServerStart, 1462 dhcpv4ServerNotifyServerStop 1463 } 1464 STATUS current 1465 DESCRIPTION 1466 "Objects belonging to the dhcpv4ServerNotifyObjects group." 1467 ::= { dhcpv4ServerGroups 8 } 1469 dhcpv4ServerNotificationsGroup NOTIFICATION-GROUP 1470 NOTIFICATIONS { 1471 dhcpv4ServerFreeAddressLow, 1472 dhcpv4ServerFreeAddressHigh, 1473 dhcpv4ServerStartTime, 1474 dhcpv4ServerStopTime, 1475 dhcpv4ServerDuplicateAddress 1476 } 1477 STATUS current 1478 DESCRIPTION 1479 "Notifications belonging to the dhcpv4ServerNotifications 1480 group." 1482 ::= { dhcpv4ServerGroups 9 } 1484 END 1486 5. Intellectual Property 1488 The IETF takes no position regarding the validity or scope of any 1489 intellectual property or other rights that might be claimed to 1490 pertain to the implementation or use of the technology described in 1491 this document or the extent to which any license under such rights 1492 might or might not be available; neither does it represent that it 1493 has made any effort to identify any such rights. Information on the 1494 IETF's procedures with respect to rights in standards-track and 1495 standards-related documentation can be found in BCP-11. 1497 Copies of claims of rights made available for publication and any 1498 assurances of licenses to be made available, or the result of an 1499 attempt made to obtain a general license or permission for the use 1500 of such proprietary rights by implementers or users of this 1501 specification can be obtained from the IETF Secretariat. 1503 The IETF invites any interested party to bring to its attention any 1504 copyrights, patents or patent applications, or other proprietary 1505 rights that may cover technology that may be required to practice 1506 this standard. Please address the information to the IETF Executive 1507 Director. 1509 6. Acknowledgements 1511 This document is the result of work undertaken by the DHCP working 1512 group. The editors would like to particularly acknowledge the 1513 development team from Carnegie-Mellon University whose work creating 1514 a private MIB for their DHCP server inspired the development of this 1515 proposal. In particular, many thanks to Ryan Troll who provided a 1516 great deal of useful feedback during the initial development of this 1517 MIB, and to Rich Woundy for his excellent suggestions that helped 1518 bring the work to closure. 1520 7. IANA Considerations 1522 IANA MUST fill in the value of the RFC number when it is assigned to 1523 this memo. It is represented as "xxxx" in the DESCRIPTION section 1524 of MODULE-IDENTITY. 1526 One specific value for a MIB object requires completion before this 1527 memo can advance to RFC status. It is: 1529 o OID value for "dhcp" -- see MODULE-IDENTITY 1531 8. Security Considerations 1533 There are no management objects defined in this MIB that have a MAX- 1534 ACCESS clause of read-write or read-create. Such objects may be 1535 considered sensitive or vulnerable in some environments. The 1536 support for SET operations in a non-secure environment without 1537 proper protection can have a negative effect on network operations. 1538 Therefore, if this MIB is implemented correctly, there is no risk 1539 that an intruder can alter or create any management objects of this 1540 MIB via direct SNMP SET operations. 1542 Some of the readable objects in this MIB module (i.e., objects with 1543 a MAX-ACCESS other than not-accessible) may be considered sensitive 1544 or vulnerable in some network environments. It is thus important to 1545 control even GET and/or NOTIFY access to these objects and possibly 1546 to even encrypt the values of these objects when sending them over 1547 the network via SNMP. These are the tables and objects and their 1548 sensitivity/vulnerability: 1550 o dhcpv4ServerRangeTable 1552 o dhcpv4ServerClientTable 1554 These two objects, in conjunction, provide an observer with a 1555 current view of the available and assigned addresses allocated by 1556 this server. Such knowledge can be used to manually configure a 1557 host computer with a valid IPv4 address for the network managed by 1558 the DHCP server. This could be part of either a Theft of Service 1559 scheme or a Denial of Service attack wherein rogue (pseudo-)hosts 1560 simply claim and defend IPv4 addresses either to subvert accounting 1561 for their use or to disrupt the network for legitimate hosts. 1563 It is thus important to control even GET access to these objects and 1564 possibly to even encrypt the values of these objects when sending 1565 them over the network via SNMP. Not all versions of SNMP provide 1566 features for such a secure environment. 1568 SNMP versions prior to SNMPv3 did not include adequate security. 1569 Even if the network itself is secure (for example by using IPSec), 1570 even then, there is no control as to who on the secure network is 1571 allowed to access and GET/SET (read/change/create/delete) the 1572 objects in this MIB. 1574 It is RECOMMENDED that the implementers consider the security 1575 features as provided by the SNMPv3 framework (see [RFC3410], section 1576 8), including full support for the SNMPv3 cryptographic mechanisms 1577 (for authentication and privacy). 1579 Further, deployment of SNMP versions prior to SNMPv3 is NOT 1580 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 1581 enable cryptographic security. It is then a customer/operator 1582 responsibility to ensure that the SNMP entity giving access to an 1583 instance of this MIB module is properly configured to give access to 1584 the objects only to those principals (users) that have legitimate 1585 rights to indeed GET or SET (change/create/delete) them. 1587 Denial of Service attacks on a DHCP server are conceivable by 1588 flooding the SNMP (sub-)agent with requests, tying up host system 1589 and server resources processing SNMP messages. The authors know of 1590 no way to wholly prevent such attacks, but have attempted to 1591 construct relatively simple tables to minimize the work required to 1592 respond to messages. 1594 9. References 1596 One normative reference is currently an Internet-Draft, nearly ready 1597 for Working Group Last Call. This reference MUST be updated when 1598 the draft advances to RFC status. 1600 9.1. Normative References 1602 [RFC2131] Droms, R., "Dynamic Host Configuration Protocol," RFC 2131, 1603 March 1997. 1605 [RFC2132] Alexander, S. and Droms, R., "DHCP Options and BOOTP Vendor 1606 Extensions," RFC 2132, March 1997. 1608 [RFC2578] Case, J., McCloghrie, K., Perkins, D., Rose, M., 1609 Schoenwaelder, J., and S. Waldbusser, "Structure of Management 1610 Information for Version 2 of the Simple Network Management 1611 Protocol (SNMPv2)," RFC 2578, April 1999. 1613 [RFC2579] Case, J., McCloghrie, K., Rose, M., Schoenwaelder, J., and 1614 S. Waldbusser, "Textual Conventions for Version 2 of the Simple 1615 Network Management Protocol (SNMPv2)," RFC 2579, April 1999. 1617 [RFC2580] Case, J., McCloghrie, K., Rose, M., Schoenwaelder, J., and 1618 S. Waldbusser, "Conformance Statements for Version 2 of the Simple 1619 Network Management Protocol (SNMPv2)," RFC 2580, April 1999. 1621 [RFC3203], Yves T'Joens and Christian Hublet, Peter De Schrijver, 1622 "The DHCP Reconfigure Extension," July 2001 1624 9.2. Informative References 1626 [RFC1123] R. Braden, "Requirements for Internet Hosts -- Application 1627 and Support," RFC 1123, October 1989. 1629 [RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart, 1630 "Introduction and Applicability Statements for Internet-Standard 1631 Management Framework", RFC 3410, December 2002. 1633 10. Editors' Addresses 1635 Richard Barr Hibbs 1636 952 Sanchez Street 1637 San Francisco, California 94114-3362 1638 USA 1640 Phone: +1-(415)-648-3920 1641 Fax: +1-(415)-648-9017 1642 Email: rbhibbs@pacbell.net 1644 Glenn Waters 1645 Nortel Networks 1646 310-875 Carling Avenue, 1647 Ottawa, Ontario K1S 5P1 1648 Canada 1650 Phone: +1-(613)-798-4925 1651 Email: gww@NortelNetworks.com 1653 11. Full Copyright Statement 1655 Copyright (C), 2004, The Internet Society. All Rights Reserved. 1657 This document and translations of it may be copied and furnished to 1658 others, and derivative works that comment on or otherwise explain it 1659 or assist in its implementation may be prepared, copied, published 1660 and distributed, in whole or in part, without restriction of any 1661 kind, provided that the above copyright notice and this paragraph 1662 are included on all such copies and derivative works. However, this 1663 document itself may not be modified in any way, such as by removing 1664 the copyright notice or references to the Internet Society or other 1665 Internet organizations, except as needed for the purpose of 1666 developing Internet standards in which case the procedures for 1667 copyrights defined in the Internet Standards process must be 1668 followed, or as required to translate it into languages other than 1669 English. 1671 The limited permissions granted above are perpetual and will not be 1672 revoked by the Internet Society or its successors or assigns. 1674 This document and the information contained herein is provided on an 1675 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 1676 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 1677 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 1678 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 1679 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 1681 Acknowledgement 1683 Funding for the RFC Editor function is currently provided by the 1684 Internet Society.