idnits 2.17.1 draft-ietf-radius-acc-clientmib-01.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-25) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == The page length should not exceed 58 lines per page, but there was 9 longer pages, the longest (page 2) being 66 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 96 instances of too long lines in the document, the longest one being 9 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 12 has weird spacing: '...), its areas...' == Line 13 has weird spacing: '... its worki...' == Line 17 has weird spacing: '... and may ...' == Line 18 has weird spacing: '...afts as refer...' == Line 21 has weird spacing: '... To learn...' == (32 more instances...) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (12 February 1998) is 9569 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Unused Reference: '1' is defined on line 393, but no explicit reference was found in the text == Unused Reference: '3' is defined on line 400, but no explicit reference was found in the text == Unused Reference: '4' is defined on line 403, but no explicit reference was found in the text == Unused Reference: '5' is defined on line 408, but no explicit reference was found in the text == Unused Reference: '6' is defined on line 413, but no explicit reference was found in the text == Unused Reference: '7' is defined on line 419, but no explicit reference was found in the text == Unused Reference: '8' is defined on line 424, but no explicit reference was found in the text == Unused Reference: '9' is defined on line 430, but no explicit reference was found in the text == Unused Reference: '10' is defined on line 435, but no explicit reference was found in the text == Unused Reference: '11' is defined on line 440, but no explicit reference was found in the text == Unused Reference: '12' is defined on line 446, but no explicit reference was found in the text == Unused Reference: '13' is defined on line 452, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2138 (ref. '1') (Obsoleted by RFC 2865) ** Obsolete normative reference: RFC 2139 (ref. '2') (Obsoleted by RFC 2866) == Outdated reference: A later version (-06) exists of draft-ietf-radius-ext-00 ** Obsolete normative reference: RFC 1902 (ref. '6') (Obsoleted by RFC 2578) ** Obsolete normative reference: RFC 1903 (ref. '7') (Obsoleted by RFC 2579) ** Obsolete normative reference: RFC 1904 (ref. '8') (Obsoleted by RFC 2580) ** Obsolete normative reference: RFC 1905 (ref. '9') (Obsoleted by RFC 3416) ** Obsolete normative reference: RFC 1906 (ref. '10') (Obsoleted by RFC 3417) ** Obsolete normative reference: RFC 1907 (ref. '11') (Obsoleted by RFC 3418) ** Obsolete normative reference: RFC 1908 (ref. '12') (Obsoleted by RFC 2576) Summary: 19 errors (**), 0 flaws (~~), 20 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 RADIUS Working Group Bernard Aboba 2 INTERNET-DRAFT Microsoft 3 Category: Informational Glen Zorn 4 Microsoft 5 12 February 1998 7 RADIUS Accounting Client MIB 9 1. Status of this Memo 11 This document is an Internet-Draft. Internet-Drafts are working docu- 12 ments of the Internet Engineering Task Force (IETF), its areas, and 13 its working groups. Note that other groups may also distribute work- 14 ing documents as Internet-Drafts. 16 Internet-Drafts are draft documents valid for a maximum of six months 17 and may be updated, replaced, or obsoleted by other documents at any 18 time. It is inappropriate to use Internet-Drafts as reference mate- 19 rial or to cite them other than as ``work in progress.'' 21 To learn the current status of any Internet-Draft, please check the 22 ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow 23 Directories on ds.internic.net (US East Coast), nic.nordu.net 24 (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim). 26 The distribution of this memo is unlimited. It is filed as , and expires August 1, 1998. Please 28 send comments to the authors. 30 2. Abstract 32 This memo defines a set of extensions which instrument RADIUS account- 33 ing client functions. These extensions represent a portion of the Man- 34 agement Information Base (MIB) for use with network management proto- 35 cols in the Internet community. Using these extensions IP-based man- 36 agement stations can manage RADIUS accounting clients. 38 3. Introduction 40 This memo defines a portion of the Management Information Base (MIB) 41 for use with network management protocols in the Internet community. 42 In particular, it describes managed objects used for managing RADIUS 43 accounting clients. 45 Today a wide range of network devices, including routers and NASes, 46 act as RADIUS accounting clients in order to provide accounting ser- 47 vices. As a result, the effective management of RADIUS accounting 48 clients is of considerable importance. 50 4. The SNMPv2 Network Management Framework 52 The SNMPv2 Network Management Framework consists of four major compo- 53 nents. They are: 55 o RFC 1902 which defines the SMI, the mechanisms used for 56 describing and naming objects for the purpose of management. 58 o RFC 1905 which defines the protocol used for network access to 59 managed objects. 61 o RFC 1907 defines the core set of managed objects for the 62 Internet suite of protocols. 64 o RFC 1909 which defines the administrative aspects of the 65 framework. 67 The Framework permits new objects to be defined for the purpose of 68 experimentation and evaluation. 70 4.1. Object Definitions 72 Managed objects are accessed via a virtual information store, termed 73 the Management Information Base or MIB. Objects in the MIB are 74 defined using the subset of Abstract Syntax Notation One (ASN.1) 75 defined in the SMI. In particular, each object object type is named by 76 an OBJECT IDENTIFIER, an administratively assigned name. The object 77 type together with an object instance serves to uniquely identify a 78 specific instantiation of the object. For human convenience, we often 79 use a textual string, termed the descriptor, to refer to the object 80 type. 82 5. Overview 84 The RADIUS accounting protocol, described in [2], distinguishes 85 between the client function and the server function. In RADIUS 86 accounting, clients send Accounting-Requests, and servers reply with 87 Accounting-Responses. Typically NAS devices implement the client func- 88 tion, and thus would be expected to implement the RADIUS accounting 89 client MIB, while RADIUS accounting servers implement the server func- 90 tion, and thus would be expected to implement the RADIUS accounting 91 server MIB. 93 However, it is possible for a RADIUS accounting entity to perform both 94 client and server functions. For example, a RADIUS proxy may act as a 95 server to one or more RADIUS accounting clients, while simultaneously 96 acting as an accounting client to one or more accounting servers. In 97 such situations, it is expected that RADIUS entities combining client 98 and server functionality will support both the client and server MIBs. 100 5.1. Selected objects 101 This MIB module contains two scalars as well as a single table: 103 (1) the RADIUS Accounting Server Table contains one row for each 104 RADIUS server that the client shares a secret with. 106 Each entry in the RADIUS Accounting Server Table includes eleven 107 entries presenting a view of the activity of the RADIUS client. 109 6. Definitions 111 RADIUS-ACC-CLIENT-MIB DEFINITIONS ::= BEGIN 113 IMPORTS 114 MODULE-IDENTITY, OBJECT-TYPE, 115 OBJECT-IDENTITY, experimental, 116 Counter32, Integer32, Gauge32, 117 IpAddress, TimeTicks FROM SNMPv2-SMI 118 DisplayString FROM SNMPv2-TC 119 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF; 121 radiusAccClientMIB MODULE-IDENTITY 122 LAST-UPDATED "9802121659Z" 123 ORGANIZATION "IETF RADIUS Working Group." 124 CONTACT-INFO 125 " Bernard Aboba 126 Microsoft 127 One Microsoft Way 128 Redmond, WA 98052 129 US 131 Phone: +1 425 936 6605 132 EMail: bernarda@microsoft.com" 133 DESCRIPTION 134 "The MIB module for entities implementing the client side of 135 the Remote Access Dialin User Service (RADIUS) accounting 136 protocol." 137 ::= { radiusAccounting 2 } 139 radius OBJECT-IDENTITY 140 STATUS current 141 DESCRIPTION 142 "The OID assigned to RADIUS MIB work by the IANA." 143 ::= { experimental 79 } 145 radiusAccounting OBJECT IDENTIFIER ::= {radius 2} 147 radiusAccClientMIBObjects OBJECT IDENTIFIER ::= { radiusAccClientMIB 1 } 149 radiusAccClient OBJECT IDENTIFIER ::= { radiusAccClientMIBObjects 1 } 151 radiusAccClientInvalidServerAddresses OBJECT-TYPE 152 SYNTAX Counter32 153 MAX-ACCESS read-only 154 STATUS current 155 DESCRIPTION 156 "The total number of RADIUS Accounting-Response packets 157 received from unknown addresses since client start-up." 158 ::= { radiusAccClient 1 } 160 radiusAccClientIdentifier OBJECT-TYPE 161 SYNTAX DisplayString 162 MAX-ACCESS read-only 163 STATUS current 164 DESCRIPTION 165 "The NAS-Identifier of the RADIUS accounting client. This 166 is not necessarily the same as sysName in MIB II." 167 ::= { radiusAccClient 2 } 169 radiusAccServerTable OBJECT-TYPE 170 SYNTAX SEQUENCE OF RadiusAccServerEntry 171 MAX-ACCESS not-accessible 172 STATUS current 173 DESCRIPTION 174 "The (conceptual) table listing the RADIUS accounting 175 servers with which the client shares a secret." 176 ::= { radiusAccClient 3 } 178 radiusAccServerEntry OBJECT-TYPE 179 SYNTAX RadiusAccServerEntry 180 MAX-ACCESS not-accessible 181 STATUS current 182 DESCRIPTION 183 "An entry (conceptual row) representing a RADIUS 184 accounting server with which the client shares a secret." 185 INDEX { radiusAccServerIndex } 186 ::= { radiusAccServerTable 1 } 188 RadiusAccServerEntry ::= SEQUENCE { 189 radiusAccServerIndex Integer32, 190 radiusAccServerAddress IpAddress, 191 radiusAccClientServerPortNumber Integer32, 192 radiusAccClientRoundTripTime TimeTicks, 193 radiusAccClientRequests Counter32, 194 radiusAccClientRetransmissions Counter32, 195 radiusAccClientResponses Counter32, 196 radiusAccClientMalformedResponses Counter32, 197 radiusAccClientBadAuthenticators Counter32, 198 radiusAccClientPendingRequests Gauge32, 199 radiusAccClientTimeouts Counter32, 200 radiusAccClientUnknownType Counter32 201 } 203 radiusAccServerIndex OBJECT-TYPE 204 SYNTAX Integer32 (0..MAX) 205 MAX-ACCESS not-accessible 206 STATUS current 207 DESCRIPTION 208 "A number uniquely identifying each RADIUS 209 Accounting server with which this client 210 communicates." 211 ::= { radiusAccServerEntry 1 } 213 radiusAccServerAddress OBJECT-TYPE 214 SYNTAX IpAddress 215 MAX-ACCESS read-only 216 STATUS current 217 DESCRIPTION 218 "The IP address of the RADIUS accounting server 219 referred to in this table entry." 220 ::= { radiusAccServerEntry 2 } 222 radiusAccClientServerPortNumber OBJECT-TYPE 223 SYNTAX Integer32 224 MAX-ACCESS read-only 225 STATUS current 226 DESCRIPTION 227 "The UDP port the client is using to send requests to 228 this server." 229 ::= { radiusAccServerEntry 3 } 231 radiusAccClientRoundTripTime OBJECT-TYPE 232 SYNTAX TimeTicks 233 MAX-ACCESS read-only 234 STATUS current 235 DESCRIPTION 236 "The time interval between the most recent 237 Accounting-Response and the Accounting-Request that 238 matched it from this RADIUS accounting server." 239 ::= { radiusAccServerEntry 4 } 241 -- Request/Response statistics 242 -- Ignoring Unknown Types, then 243 -- AccountingRequests + Retransmissions = AccountingResponses+ 244 -- PendingRequests + Timeouts 246 radiusAccClientRequests OBJECT-TYPE 247 SYNTAX Counter32 248 MAX-ACCESS read-only 249 STATUS current 250 DESCRIPTION 251 "The total number of RADIUS Accounting-Request packets 252 sent since client start-up. This does not include 253 retransmissions." 254 ::= { radiusAccServerEntry 5 } 256 radiusAccClientRetransmissions OBJECT-TYPE 257 SYNTAX Counter32 258 MAX-ACCESS read-only 259 STATUS current 260 DESCRIPTION 261 "The total number of RADIUS Accounting-Request packets 262 retransmitted to this RADIUS accounting server since 263 client start-up. Retransmissions include retries where 264 the Identifier and Acct-Delay have been updated, as 265 well as those in which they remain the same." 266 ::= { radiusAccServerEntry 6 } 268 radiusAccClientResponses OBJECT-TYPE 269 SYNTAX Counter32 270 MAX-ACCESS read-only 271 STATUS current 272 DESCRIPTION 273 "The total number of RADIUS Accounting-Response 274 packets received from this server since client start-up." 275 ::= { radiusAccServerEntry 7 } 277 radiusAccClientMalformedResponses OBJECT-TYPE 278 SYNTAX Counter32 279 MAX-ACCESS read-only 280 STATUS current 281 DESCRIPTION 282 "The total number of malformed RADIUS Accounting-Response 283 packets received from this server since client start-up. 284 Malformed packets include packets with an 285 invalid length. Bad authenticators are not included as 286 malformed accounting responses." 287 ::= { radiusAccServerEntry 8 } 289 radiusAccClientBadAuthenticators OBJECT-TYPE 290 SYNTAX Counter32 291 MAX-ACCESS read-only 292 STATUS current 293 DESCRIPTION 294 "The total number of RADIUS Accounting-Response 295 packets which contained invalid authenticators 296 received from this server since client start-up." 297 ::= { radiusAccServerEntry 9 } 299 radiusAccClientPendingRequests OBJECT-TYPE 300 SYNTAX Gauge32 301 MAX-ACCESS read-only 302 STATUS current 303 DESCRIPTION 304 "The total number of RADIUS Accounting-Request packets 305 sent to this server that have not yet timed out or 306 received a response. This variable is incremented when an 307 Accounting-Request is sent and decremented due to 308 receipt of an Accounting-Response, a timeout or 309 a retransmission." 310 ::= { radiusAccServerEntry 10 } 312 radiusAccClientTimeouts OBJECT-TYPE 313 SYNTAX Counter32 314 MAX-ACCESS read-only 315 STATUS current 316 DESCRIPTION 317 "The total number of accounting timeouts to this server 318 since client startup. After a timeout the client may 319 retry to the same server, send to a different server, or 320 give up. A retry to the same server is counted as a 321 retransmit as well as a timeout. A send to a different 322 server is counted as an Accounting-Request as well as a timeout." 323 ::= { radiusAccServerEntry 11 } 325 radiusAccClientUnknownType OBJECT-TYPE 326 SYNTAX Counter32 327 MAX-ACCESS read-only 328 STATUS current 329 DESCRIPTION 330 "The total number of RADIUS packets of unknown type which 331 were received from this server on the accounting port 332 since client start-up." 333 ::= { radiusAccServerEntry 12 } 335 -- conformance information 337 radiusAccClientMIBConformance 338 OBJECT IDENTIFIER ::= { radiusAccClientMIB 2 } 339 radiusAccClientMIBCompliances 340 OBJECT IDENTIFIER ::= { radiusAccClientMIBConformance 1 } 341 radiusAccClientMIBGroups 342 OBJECT IDENTIFIER ::= { radiusAccClientMIBConformance 2 } 344 -- compliance statements 346 radiusAccClientMIBCompliance MODULE-COMPLIANCE 347 STATUS current 348 DESCRIPTION 349 "The compliance statement for accounting clients 350 implementing the RADIUS Accounting Client MIB." 351 MODULE -- this module 352 MANDATORY-GROUPS { radiusAccClientMIBGroup } 354 ::= { radiusAccClientMIBCompliances 1 } 356 -- units of conformance 358 radiusAccClientMIBGroup OBJECT-GROUP 359 OBJECTS { radiusAccClientIdentifier, 360 radiusAccClientInvalidServerAddresses, 361 radiusAccServerAddress, 362 radiusAccClientServerPortNumber, 363 radiusAccClientRoundTripTime, 364 radiusAccClientRequests, 365 radiusAccClientRetransmissions, 366 radiusAccClientResponses, 367 radiusAccClientMalformedResponses, 368 radiusAccClientBadAuthenticators, 369 radiusAccClientPendingRequests, 370 radiusAccClientTimeouts, 371 radiusAccClientUnknownType 372 } 373 STATUS current 374 DESCRIPTION 375 "The basic collection of objects providing management of 376 RADIUS Accounting Clients." 377 ::= { radiusAccClientMIBGroups 1 } 379 END 381 7. Security considerations 383 All MIB variables described in this document are read-only. 385 8. Acknowledgments 387 Thanks to Narendra Gidwani of Microsoft, Allan C. Rubens of MERIT, 388 Carl Rigney of Livingston and Peter Heitman of American Internet Cor- 389 poration for useful discussions of this problem space. 391 9. References 393 [1] C. Rigney, A. Rubens, W. Simpson, S. Willens. "Remote Authenti- 394 cation Dial In User Service (RADIUS)." RFC 2138, Livingston, Merit, 395 Daydreamer, April, 1997. 397 [2] C. Rigney. "RADIUS Accounting." RFC 2139, Livingston, April, 398 1997. 400 [3] C. Rigney, W. Willats. "RADIUS Extensions." draft-ietf-radius- 401 ext-00.txt, Livingston, January, 1997. 403 [4] "Information processing systems - Open Systems Interconnection - 404 Specification of Abstract Syntax Notation One (ASN.1)", International 405 Organization for Standardization, International Standard 8824, Decem- 406 ber 1987. 408 [5] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Introduc- 409 tion to Community-based SNMPv2", RFC 1901, SNMP Research, Inc., Cisco 410 Systems, Dover Beach Consulting, Inc., International Network Services, 411 January, 1996. 413 [6] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Structure 414 of Management Information for Version 2 of the Simple Network Manage- 415 ment Protocol (SNMPv2)", RFC 1902, SNMP Research, Inc., Cisco Systems, 416 Dover Beach Consulting, Inc., International Network Services, January, 417 1996. 419 [7] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Textual 420 Conventions for version 2 of the the Simple Network Management Proto- 421 col (SNMPv2)", RFC 1903, SNMP Research, Inc., Cisco Systems, Dover 422 Beach Consulting, Inc., International Network Services, January, 1996. 424 [8] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Confor- 425 mance Statements for version 2 of the the Simple Network Management 426 Protocol (SNMPv2)", RFC 1904, SNMP Research, Inc., Cisco Systems, 427 Dover Beach Consulting, Inc., International Network Services, January, 428 1996. 430 [9] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol 431 Operations for Version 2 of the Simple Network Management Protocol 432 (SNMPv2)", RFC 1905, SNMP Research, Inc., Cisco Systems, Dover Beach 433 Consulting, Inc., International Network Services, January, 1996. 435 [10] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport 436 Mappings for Version 2 of the Simple Network Management Protocol 437 (SNMPv2)", RFC 1906, SNMP Research, Inc., Cisco Systems, Dover Beach 438 Consulting, Inc., International Network Services, January, 1996. 440 [11] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Manage- 441 ment Information Base for Version 2 of the Simple Network Management 442 Protocol (SNMPv2)", RFC 1907, SNMP Research, Inc., Cisco Systems, 443 Dover Beach Consulting, Inc., International Network Services, January, 444 1996. 446 [12] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Coexis- 447 tence between Version 1 and Version 2 of the Internet-standard Network 448 Management Framework", RFC 1908, SNMP Research, Inc., Cisco Systems, 449 Dover Beach Consulting, Inc., International Network Services, January, 450 1996. 452 [13] McCloghrie, K., "An Administrative Infrastructure for SNMPv2", 453 RFC 1909, Cisco Systems, February, 1996. 455 10. Authors' Addresses 457 Bernard Aboba 458 Microsoft Corporation 459 One Microsoft Way 460 Redmond, WA 98052 462 Phone: 425-936-6605 463 EMail: bernarda@microsoft.com 465 Glen Zorn 466 Microsoft Corporation 467 One Microsoft Way 468 Redmond, WA 98052 470 Phone: 425-703-1559 471 EMail: glennz@microsoft.com