ENTERASYS-RADIUS-DYNAMIC-AUTHOR-SERVER-EXT-MIB DEFINITIONS ::= BEGIN -- -- Part Number: -- -- -- This module provides authoritative definitions for Extreme -- Network's RADIUS Dynamic Authorization Server MIB. -- -- This module will be extended, as needed. -- Extreme Networks reserves the right to make changes in this -- specification and other information contained in this document -- without prior notice. The reader should consult Extreme Networks -- to determine whether any such changes have been made. -- -- In no event shall Extreme Networks be liable for any incidental, -- indirect, special, or consequential damages whatsoever (including -- but not limited to lost profits) arising out of or related to this -- document or the information contained in it, even if Extreme -- Networks has been advised of, known, or should have known, the -- possibility of such damages. -- -- Extreme Networks grants vendors, end-users, and other interested -- parties a non-exclusive license to use this Specification in -- connection with the management of Extreme Networks products. -- Copyright April, 2016 Extreme Networks, Inc. IMPORTS MODULE-IDENTITY, OBJECT-TYPE FROM SNMPv2-SMI Integer32 FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF TruthValue, RowStatus FROM SNMPv2-TC InetAddressType, InetAddress FROM INET-ADDRESS-MIB etsysModules FROM ENTERASYS-MIB-NAMES; etsysRadiusDynAuthorServerMIB MODULE-IDENTITY LAST-UPDATED "201605181406Z" -- Wed May 18 14:06 UTC 2016 ORGANIZATION "Extreme Networks" CONTACT-INFO "Postal: Extreme Networks, Inc. 145 Rio Robles San Jose, CA 95134 USA Phone: +1 408 579-2800 E-mail: support@extremenetworks.com WWW: http://www.extremenetworks.com" DESCRIPTION "This MIB module defines a portion of the SNMP enterprise MIBs under Enterasys Networks' enterprise OID pertaining to the server side of the Remote Access Dialin User Service (RADIUS) Dynamic Authorization protocol (RFC5176). This MIB provides read-write access to configuration objects not provided in the standard RADIUS Dynamic Authorization MIB (RFC4673). However, the write capability must only be supported for SNMPv3, or other SNMP versions with adequately strong security. Security concerns include Object ID verification, source address verification and timeliness verification." REVISION "201605181406Z" -- Wed May 18 14:06 UTC 2016 DESCRIPTION "Addition of server client IP addresses and server virtual router configuration. Updated the CONTACT-INFO clause." REVISION "201112191324Z" -- Mon Dec 19 13:24 UTC 2011 DESCRIPTION "The initial version of this MIB module." ::= { etsysModules 80 } -- ------------------------------------ -- MIB Objects -- ------------------------------------ etsysRadiusDynAuthorServerMIBObjects OBJECT IDENTIFIER ::= { etsysRadiusDynAuthorServerMIB 1 } etsysRadiusDynAuthorServerEnable OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates whether or not RADIUS Dynamic Authorization is enabled or disabled. This parameter value MUST be maintained across system reboots." DEFVAL { disable } ::= { etsysRadiusDynAuthorServerMIBObjects 1 } etsysRadiusDynAuthorServerClientTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysRadiusDynAuthorServerClientEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The (conceptual) table listing the RADIUS Accounting servers." ::= { etsysRadiusDynAuthorServerMIBObjects 2 } etsysRadiusDynAuthorServerClientEntry OBJECT-TYPE SYNTAX EtsysRadiusDynAuthorServerClientEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) representing a RADIUS dynamic authorization server with which the server shares a secret. If RADIUS dynamic authorization is not enabled, this table is ignored. All created conceptual rows are non-volatile and as such MUST be maintained upon restart of the agent." INDEX { etsysRadiusDynAuthorServerClientIndex } ::= { etsysRadiusDynAuthorServerClientTable 1 } EtsysRadiusDynAuthorServerClientEntry ::= SEQUENCE { etsysRadiusDynAuthorServerClientIndex Integer32, etsysRadiusDynAuthorServerClientAddressType InetAddressType, etsysRadiusDynAuthorServerClientAddress InetAddress, etsysRadiusDynAuthorServerClientSecret OCTET STRING, etsysRadiusDynAuthorServerClientSecretEntered TruthValue, etsysRadiusDynAuthorServerClientStatus RowStatus, etsysRadiusDynAuthorClientServerClientAddressType InetAddressType, etsysRadiusDynAuthorClientServerClientAddress InetAddress, etsysRadiusDynAuthorClientServerClientVirtualRouterName OCTET STRING } etsysRadiusDynAuthorServerClientIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "A number uniquely identifying each conceptual row in the etsysRadiusDynAuthorServerClientTable. In the event of an agent restart, the same value of etsysRadiusDynAuthorServerClientIndex MUST be used to identify each conceptual row in etsysRadiusDynAuthorServerClientTable as was used prior to the restart." ::= { etsysRadiusDynAuthorServerClientEntry 1 } etsysRadiusDynAuthorServerClientAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of Internet address by which the RADIUS Dynamic Authorization Client is reachable." DEFVAL { ipv4 } ::= { etsysRadiusDynAuthorServerClientEntry 2 } etsysRadiusDynAuthorServerClientAddress OBJECT-TYPE SYNTAX InetAddress (SIZE(1..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "The Internet address for the RADIUS Dynamic Authorization Client. Note that implementations MUST limit themselves to a single entry in this table per reachable server. The etsysRadiusDynAuthorServerClientAddress may not be empty due to the SIZE restriction. Also the size of a DNS name is limited to 64 characters. This parameter value is maintained across system reboots." ::= { etsysRadiusDynAuthorServerClientEntry 3 } etsysRadiusDynAuthorServerClientSecret OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "This object is the secret shared between the RADIUS Dynamic Authorization client and RADIUS server. This parameter value is maintained across system reboots. While the 'official' MAX-ACCESS for this object is read-create, all implementations MUST return an empty string on a read." DEFVAL { ''H } -- the empty string ::= { etsysRadiusDynAuthorServerClientEntry 4 } etsysRadiusDynAuthorServerClientSecretEntered OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "true(1) - Indicates that etsysRadiusDynAuthorServerClientSecret was last set with some value other than the empty string. false(2) - Indicates that etsysRadiusDynAuthorServerClientSecret has never been set, or was last set to the empty string." ::= { etsysRadiusDynAuthorServerClientEntry 5 } etsysRadiusDynAuthorServerClientStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Lets users create and delete RADIUS Dynamic Authorization client entries on systems that support this capability. Rules 1. When creating a RADIUS Dynamic Authorization Client, it is up to the management station to determine a suitable etsysRadiusDynAuthorServerClientIndex. To facilitate interoperability, agents SHOULD not put any restrictions on the etsysRadiusDynAuthorServerClientIndex beyond the obvious ones that it be valid and unused. 2. Before a new row can become 'active', values must be supplied for the columnar objects etsysRadiusDynAuthorServerClientAddress, etsysRadiusDynAuthorServerClientSecret, etsysRadiusDynAuthorServerClientAddress, and etsysRadiusDynAuthorClientServerClientVirtualRouterName. 3. The value of etsysRadiusDynAuthorServerClientStatus must be set to 'notInService' in order to modify a writable object in the same conceptual row. 4. etsysRadiusDynAuthorServerClient entries whose status is 'notReady' or 'notInService' will not be used for Dynamic Authorization." ::= { etsysRadiusDynAuthorServerClientEntry 6 } etsysRadiusDynAuthorClientServerClientAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies how etsysRadiusDynAuthorServerClientAddressType is encoded. Support for all possible enumerations defined by InetAddressType is NOT REQUIRED." DEFVAL { ipv4 } ::= { etsysRadiusDynAuthorServerClientEntry 7 } etsysRadiusDynAuthorClientServerClientAddress OBJECT-TYPE SYNTAX InetAddress (SIZE(1..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "The encoded unicast IP address of a local system interface. RADIUS Dynamic Authorization responses will be sent from this address." ::= { etsysRadiusDynAuthorServerClientEntry 8 } etsysRadiusDynAuthorClientServerClientVirtualRouterName OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The name of the local system virtual router that traffic sent to this RADIUS Dynamic Authorization server should be associated with. Writing this object with a zero length string clears the virtual router name for this server." ::= { etsysRadiusDynAuthorServerClientEntry 9 } -- ------------------------------------ -- Conformance information -- ------------------------------------ etsysRadiusDynAuthorServerMIBConformance OBJECT IDENTIFIER ::= { etsysRadiusDynAuthorServerMIB 2 } etsysRadiusDynAuthorServerMIBCompliances OBJECT IDENTIFIER ::= { etsysRadiusDynAuthorServerMIBConformance 1 } etsysRadiusDynAuthorServerMIBGroups OBJECT IDENTIFIER ::= { etsysRadiusDynAuthorServerMIBConformance 2 } -- ------------------------------------ -- Units of conformance -- ------------------------------------ etsysRadiusDynAuthorServerMIBGroup OBJECT-GROUP OBJECTS { etsysRadiusDynAuthorServerEnable, etsysRadiusDynAuthorServerClientAddressType, etsysRadiusDynAuthorServerClientAddress, etsysRadiusDynAuthorServerClientSecret, etsysRadiusDynAuthorServerClientSecretEntered, etsysRadiusDynAuthorServerClientStatus } STATUS deprecated DESCRIPTION "The basic collection of objects providing a proprietary extension to the standard RADIUS Dynamic Authorization MIB. This MIB provides read-write access to configuration objects not provided in the standard RADIUS Dynamic Authorization MIB (RFC4763). However, the write capability must only be supported for SNMPv3, or other SNMP versions with adequately strong security." ::= { etsysRadiusDynAuthorServerMIBGroups 1 } etsysRadiusDynAuthorServerMIBGroup2 OBJECT-GROUP OBJECTS { etsysRadiusDynAuthorServerEnable, etsysRadiusDynAuthorServerClientAddressType, etsysRadiusDynAuthorServerClientAddress, etsysRadiusDynAuthorServerClientSecret, etsysRadiusDynAuthorServerClientSecretEntered, etsysRadiusDynAuthorServerClientStatus, etsysRadiusDynAuthorClientServerClientAddressType, etsysRadiusDynAuthorClientServerClientAddress, etsysRadiusDynAuthorClientServerClientVirtualRouterName } STATUS current DESCRIPTION "The basic collection of objects providing a proprietary extension to the standard RADIUS Dynamic Authorization MIB. This MIB provides read-write access to configuration objects not provided in the standard RADIUS Dynamic Authorization MIB (RFC4763). However, the write capability must only be supported for SNMPv3, or other SNMP versions with adequately strong security." ::= { etsysRadiusDynAuthorServerMIBGroups 2 } -- ------------------------------------ -- Compliance statements -- ------------------------------------ etsysRadiusDynAuthorServerMIBCompliance MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "The compliance statement for Dynamic Authorization servers implementing the RADIUS Dynamic Authorization ServerMIB." MODULE -- this module MANDATORY-GROUPS { etsysRadiusDynAuthorServerMIBGroup } ::= { etsysRadiusDynAuthorServerMIBCompliances 1 } etsysRadiusDynAuthorServerMIBCompliance2 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for Dynamic Authorization servers implementing the RADIUS Dynamic Authorization ServerMIB." MODULE -- this module MANDATORY-GROUPS { etsysRadiusDynAuthorServerMIBGroup2 } ::= { etsysRadiusDynAuthorServerMIBCompliances 2 } END