-- ***************************************************************** -- RBN-RADIUS-MIB Redback RADIUS MIB -- -- Copyright (c) 2003-2005 RedBack Networks, Inc. -- All rights reserved. -- -- ***************************************************************** RBN-RADIUS-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Counter32, NOTIFICATION-TYPE FROM SNMPv2-SMI TEXTUAL-CONVENTION, TimeStamp, TruthValue FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF SnmpAdminString FROM SNMP-FRAMEWORK-MIB radiusAuthServerEntry, radiusAuthServerAddress, radiusAuthClientServerPortNumber FROM RADIUS-AUTH-CLIENT-MIB radiusAccServerEntry, radiusAccServerAddress, radiusAccClientServerPortNumber FROM RADIUS-ACC-CLIENT-MIB rbnMgmt FROM RBN-SMI; rbnRadiusMib MODULE-IDENTITY LAST-UPDATED "200503291700Z" -- Mar 29, 2005 ORGANIZATION "RedBack Networks, Inc." CONTACT-INFO " RedBack Networks, Inc. Postal: 300 Holger Way San Jose, CA 95134-1362 USA Phone: +1 408 750-5000 Fax: +1 408 750-5599 E-mail: mib-info@redback.com" DESCRIPTION "This Redback MIB supplements the standard Remote Access Dialin User Service (RADIUS) MIBs, namely: RADIUS-AUTH-CLIENT-MIB (RFC 2618) RADIUS-ACC-CLIENT-MIB (RFC 2620) This module defines additional objects and notifications for managing the RADIUS authentication and accounting servers in use by the Redback system. All mib objects defined in this module are viewed within the context identified in the SNMP protocol (i.e. the community string in v1/v2c or the contextName in v3)." REVISION "200503291700Z" -- Mar 29, 2005 DESCRIPTION "Added new objects: rbnRadiusAuthStripDomain rbnRadiusAcctStripDomain Added new groups: rbnRadiusAuthGroup2 rbnRadiusAcctGroup2 Added new compliance: rbnRadiusCompliance2." REVISION "200312160000Z" -- Dec 16, 2003 DESCRIPTION "Initial verison." ::= { rbnMgmt 32 } rbnRadiusMIBNotifications OBJECT IDENTIFIER ::= { rbnRadiusMib 0 } rbnRadiusMIBObjects OBJECT IDENTIFIER ::= { rbnRadiusMib 1 } rbnRadiusMIBConformance OBJECT IDENTIFIER ::= { rbnRadiusMib 2 } rbnRadiusAuthObjects OBJECT IDENTIFIER ::= { rbnRadiusMIBObjects 1 } rbnRadiusAcctObjects OBJECT IDENTIFIER ::= { rbnRadiusMIBObjects 2 } rbnRadiusNotifyObjects OBJECT IDENTIFIER ::= { rbnRadiusMIBObjects 3 } -- -- Textual Conventions -- RbnRadiusServerState ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The current state of a RADIUS server. When a server is initially configured its state is 'unknown'. When requests are sent to this server it will transition to either 'up' or 'down', depending on whether the server replies to the requests. It will then transition between 'up' and 'down' accordingly. It will never transition back to 'unknown'." SYNTAX INTEGER { unknown(1), -- state on initial creation up(2), -- server is responding down(3) -- server is not responding } RbnRadiusServerReason ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "When a RADIUS transitions to a new state, this identifies the reason for the transition. Note that there are two types of timeouts: packet-level and server-level. The packet-level timeout is managed via rbnRadiusAuthPktTimeout and rbnRadiusAcctPktTimeout. The server-level timeout is managed via rbnRadiusAuthSrvTimeout and rbnRadiusAcctSrvTimeout. All requests will timeout if no response is received within the packet-level timeout window. If there is no configured server-level timeout the server will be transitioned to 'down' immediately. Otherwise the server will transition to 'down' only if no replies have been received from the server within the server-level timeout window." SYNTAX INTEGER { -- the following are only valid for a transition to 'up' responding(1), -- server is responding -- the following are only valid for a transition to 'down' packetTimeout(2), -- the server is not responding and a -- packet-level timeout has occurred serverTimeout(3), -- the server is not responding and a -- server-level timeout has occurred portDown(4) -- the physical port used to access the server -- has been shutdown } -- -- RADIUS authorization objects -- -- these objects supplement the RADIUS-AUTH-CLIENT-MIB (RFC 2618) -- rbnRadiusAuthPktTimeout OBJECT-TYPE SYNTAX Unsigned32 (1..2147483647) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum amount of time to wait for a response from a RADIUS authorization server before assuming the packet was lost." ::= { rbnRadiusAuthObjects 1 } rbnRadiusAuthSrvTimeout OBJECT-TYPE SYNTAX Unsigned32 (0..2147483647) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum amount of time to wait for any response from a RADIUS authorization server before assuming the server is unreachable. A value of '0' indicates that there is no timeout value. In this case a server is considered to be unreachable when no response is received within the rbnRadiusAuthPktTimeout window." ::= { rbnRadiusAuthObjects 2 } rbnRadiusAuthDeadtime OBJECT-TYPE SYNTAX Unsigned32 (0..65535) UNITS "minutes" MAX-ACCESS read-write STATUS current DESCRIPTION "After a RADIUS authorization server has been transitioned to 'down' it will be assumed to be unreachable for this interval. After that point the system may start sending requests to the server again. A value of '0' indicates the system may start sending requests to the server immediately." ::= { rbnRadiusAuthObjects 3 } rbnRadiusAuthTries OBJECT-TYPE SYNTAX Unsigned32 (1..2147483647) UNITS "tries" MAX-ACCESS read-write STATUS current DESCRIPTION "The number of times the system will attempt to transmit an authorization request to a RADIUS server. If multiple RADIUS authorization servers have been configured retransmissions will cycle through the other servers before being retransmitted to the server that originally failed to respond." ::= { rbnRadiusAuthObjects 4 } rbnRadiusAuthStripDomain OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "If this object is false, the entire username, including the domain name is sent to the RADIUS server. If true, the domain portion of a structured username is stripped before relaying a request to a RADIUS server." ::= { rbnRadiusAuthObjects 6 } rbnRadiusAuthSrvTable OBJECT-TYPE SYNTAX SEQUENCE OF RbnRadiusAuthSrvEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table augments the radiusAuthServerTable. All entries that exist in that table will have a corresponding entry in this table." ::= { rbnRadiusAuthObjects 5 } rbnRadiusAuthSrvEntry OBJECT-TYPE SYNTAX RbnRadiusAuthSrvEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A Redback proprietary extension to the radiusAuthServerEntry." AUGMENTS { radiusAuthServerEntry } ::= { rbnRadiusAuthSrvTable 1 } RbnRadiusAuthSrvEntry ::= SEQUENCE { rbnRadiusAuthSrvState RbnRadiusServerState, rbnRadiusAuthSrvLastChange TimeStamp, rbnRadiusAuthSrvCounterResetTime TimeStamp, rbnRadiusAuthSrvSendErrors Counter32 } rbnRadiusAuthSrvState OBJECT-TYPE SYNTAX RbnRadiusServerState MAX-ACCESS read-only STATUS current DESCRIPTION "The current state of the RADIUS server." ::= { rbnRadiusAuthSrvEntry 1 } rbnRadiusAuthSrvLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime when this server last changed state. If rbnRadiusAuthSrvState is 'unknown' this is effectively the value of sysUpTime when this server was initially configured." ::= { rbnRadiusAuthSrvEntry 2 } rbnRadiusAuthSrvCounterResetTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime on the most recent occasion when any of the counters for this RADIUS server experienced a discontinuity. Note: this includes counters in this table as well as those in radiusAuthServerTable." ::= { rbnRadiusAuthSrvEntry 3 } rbnRadiusAuthSrvSendErrors OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets destined to this RADIUS server which could not be transmitted due to an error. Discontinuities in the value of this counter are indicated by the value of rbnRadiusAuthSrvCounterResetTime." ::= { rbnRadiusAuthSrvEntry 4 } -- -- RADIUS accounting objects -- -- these objects supplement the RADIUS-ACCT-CLIENT-MIB (RFC 2620) -- rbnRadiusAcctPktTimeout OBJECT-TYPE SYNTAX Unsigned32 (1..2147483647) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum amount of time to wait for a response from a RADIUS accounting server before assuming the packet was lost. Note: if the system is using a RADIUS server for both authorization and accounting, this object's value will be ignored for that server. Instead the rbnRadiusAuthPktTimeout value will be used for all requests going to that server." ::= { rbnRadiusAcctObjects 1 } rbnRadiusAcctSrvTimeout OBJECT-TYPE SYNTAX Unsigned32 (0..2147483647) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum amount of time to wait for any response from a RADIUS accounting server before assuming the server is unreachable. A value of '0' indicates that there is no timeout value. In this case a server is considered to be unreachable when no response is received within the rbnRadiusAcctPktTimeout window. Note: if the system is using a RADIUS server for both authorization and accounting, this object's value will be ignored for that server. Instead the rbnRadiusAuthSrvTimeout value will be used for that server." ::= { rbnRadiusAcctObjects 2 } rbnRadiusAcctDeadtime OBJECT-TYPE SYNTAX Unsigned32 (0..65535) UNITS "minutes" MAX-ACCESS read-write STATUS current DESCRIPTION "After a RADIUS accounting server has been transitioned to 'down' it will be assumed to be unreachable for this interval. After that point the system may start sending accounting records to the server again. A value of '0' indicates the system may start sending records to the server immediately. Note: if the system is using a RADIUS server for both authorization and accounting, this object's value will be ignored for that server. Instead the rbnRadiusAuthDeadtime value will be used for that server." ::= { rbnRadiusAcctObjects 3 } rbnRadiusAcctTries OBJECT-TYPE SYNTAX Unsigned32 (1..2147483647) UNITS "retries" MAX-ACCESS read-write STATUS current DESCRIPTION "The number of times the system will attempt to transmit an accounting record to a RADIUS server. If multiple RADIUS accounting servers have been configured retransmissions will cycle through the other servers before being retransmitted to the server that originally failed to respond. Note: if the system is using a RADIUS server for both authorization and accounting, this object's value will be ignored for that server. Instead the rbnRadiusAuthTries value will be used for that server." ::= { rbnRadiusAcctObjects 4 } rbnRadiusAcctStripDomain OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "If this object is false, the entire username, including the domain name is sent to the RADIUS server. If true, the domain portion of a structured username is stripped before relaying a request to a RADIUS server." ::= { rbnRadiusAcctObjects 6 } rbnRadiusAcctSrvTable OBJECT-TYPE SYNTAX SEQUENCE OF RbnRadiusAcctSrvEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table augments the radiusAccServerTable. All entries that exist in that table will have a corresponding entry in this table." ::= { rbnRadiusAcctObjects 5 } rbnRadiusAcctSrvEntry OBJECT-TYPE SYNTAX RbnRadiusAcctSrvEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A Redback proprietary extension to the radiusAccServerEntry." AUGMENTS { radiusAccServerEntry } ::= { rbnRadiusAcctSrvTable 1 } RbnRadiusAcctSrvEntry ::= SEQUENCE { rbnRadiusAcctSrvState RbnRadiusServerState, rbnRadiusAcctSrvLastChange TimeStamp, rbnRadiusAcctSrvCounterResetTime TimeStamp, rbnRadiusAcctSrvSendErrors Counter32 } rbnRadiusAcctSrvState OBJECT-TYPE SYNTAX RbnRadiusServerState MAX-ACCESS read-only STATUS current DESCRIPTION "The current state of the RADIUS server." ::= { rbnRadiusAcctSrvEntry 1 } rbnRadiusAcctSrvLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime when this server last changed state. If rbnRadiusAcctSrvState is 'unknown' this is effectively the value of sysUpTime when this server was initially configured." ::= { rbnRadiusAcctSrvEntry 2 } rbnRadiusAcctSrvCounterResetTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime on the most recent occasion when any of the counters for this RADIUS server experienced a discontinuity. Note: this includes counters in this table as well as those in radiusAccServerTable." ::= { rbnRadiusAcctSrvEntry 3 } rbnRadiusAcctSrvSendErrors OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets destined to this RADIUS server which could not be transmitted due to an error. Discontinuities in the value of this counter are indicated by the value of rbnRadiusAcctSrvCounterResetTime." ::= { rbnRadiusAcctSrvEntry 4 } -- -- RADIUS notification objects -- -- these objects will only appear in notifications -- rbnRadiusClientPort OBJECT-TYPE SYNTAX Unsigned32 (1024..65535) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "A system may be configured to use a range of source TCP/IP ports when sending requests to a RADIUS server. When a server transitions to 'up' or 'down' and a state-change notification is generated, an instance of this object is included to indicate which source port was being used when the server changed state." ::= { rbnRadiusNotifyObjects 1 } rbnRadiusContext OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..63)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The name of the context in which this server is configured." ::= { rbnRadiusNotifyObjects 2 } rbnRadiusReason OBJECT-TYPE SYNTAX RbnRadiusServerReason MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The reason for the server's last state change." ::= { rbnRadiusNotifyObjects 3 } rbnRadiusUsername OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (0..128)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The name of the user the system was trying to authenticate or send accouting information for when the RADIUS server transitioned to 'down'. Note: the 'username' is only valid when transitioning due to a packet-level timeout. When transitioning due to any other reason the value for this object will be a zero-length string." ::= { rbnRadiusNotifyObjects 4 } -- -- RADIUS notifications -- rbnRadiusAuthStateChange NOTIFICATION-TYPE OBJECTS { rbnRadiusAuthSrvState, radiusAuthServerAddress, radiusAuthClientServerPortNumber, rbnRadiusClientPort, rbnRadiusContext, rbnRadiusReason, rbnRadiusUsername } STATUS current DESCRIPTION "This notification signifies that a RADIUS authorization server has transitioned to 'up' or 'down'. Note: if rbnRadiusAuthSrvState's value is 'down' and rbnRadiusReason's value is 'packetTimeout', then rbnRadiusUsername's value will be a username. For all other cases, rbnRadiusUsername's value will be a zero-length string." ::= { rbnRadiusMIBNotifications 1 } rbnRadiusAcctStateChange NOTIFICATION-TYPE OBJECTS { rbnRadiusAcctSrvState, radiusAccServerAddress, radiusAccClientServerPortNumber, rbnRadiusClientPort, rbnRadiusContext, rbnRadiusReason, rbnRadiusUsername } STATUS current DESCRIPTION "This notification signifies that a RADIUS accounting server has transitioned to 'up' or 'down'. Note: if rbnRadiusAcctSrvState's value is 'down' and rbnRadiusReason's value is 'packetTimeout', then rbnRadiusUsername's value will be a username. For all other cases, rbnRadiusUsername's value will be a zero-length string." ::= { rbnRadiusMIBNotifications 2 } -- -- compliance statements -- rbnRadiusCompliances OBJECT IDENTIFIER ::= { rbnRadiusMIBConformance 1 } rbnRadiusGroups OBJECT IDENTIFIER ::= { rbnRadiusMIBConformance 2 } rbnRadiusCompliance2 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities which implement the Redback RADIUS MIB." MODULE -- this module MANDATORY-GROUPS { rbnRadiusAuthGroup2, rbnRadiusAcctGroup2, rbnRadiusNotifyGroup, rbnRadiusAuthNotifyGroup, rbnRadiusAcctNotifyGroup } ::= { rbnRadiusCompliances 2 } rbnRadiusAuthGroup2 OBJECT-GROUP OBJECTS { rbnRadiusAuthPktTimeout, rbnRadiusAuthSrvTimeout, rbnRadiusAuthDeadtime, rbnRadiusAuthTries, rbnRadiusAuthSrvState, rbnRadiusAuthSrvLastChange, rbnRadiusAuthSrvCounterResetTime, rbnRadiusAuthSrvSendErrors, rbnRadiusAuthStripDomain } STATUS current DESCRIPTION "The collection of objects used to manage RADIUS authentication servers." ::= { rbnRadiusGroups 6 } rbnRadiusAcctGroup2 OBJECT-GROUP OBJECTS { rbnRadiusAcctPktTimeout, rbnRadiusAcctSrvTimeout, rbnRadiusAcctDeadtime, rbnRadiusAcctTries, rbnRadiusAcctSrvState, rbnRadiusAcctSrvLastChange, rbnRadiusAcctSrvCounterResetTime, rbnRadiusAcctSrvSendErrors, rbnRadiusAcctStripDomain } STATUS current DESCRIPTION "The collection of objects used to manage RADIUS accounting servers." ::= { rbnRadiusGroups 7 } rbnRadiusNotifyGroup OBJECT-GROUP OBJECTS { rbnRadiusClientPort, rbnRadiusContext, rbnRadiusReason, rbnRadiusUsername } STATUS current DESCRIPTION "The collection of objects used only in notifications." ::= { rbnRadiusGroups 3 } rbnRadiusAuthNotifyGroup NOTIFICATION-GROUP NOTIFICATIONS { rbnRadiusAuthStateChange } STATUS current DESCRIPTION "Notification for tracking the status of RADIUS authentication servers." ::= { rbnRadiusGroups 4 } rbnRadiusAcctNotifyGroup NOTIFICATION-GROUP NOTIFICATIONS { rbnRadiusAcctStateChange } STATUS current DESCRIPTION "Notification for tracking the status of RADIUS accounting servers." ::= { rbnRadiusGroups 5 } -- -- Deprecated Compliances and Groups -- rbnRadiusCompliance MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "The compliance statement for SNMP entities which implement the Redback RADIUS MIB." MODULE -- this module MANDATORY-GROUPS { rbnRadiusAuthGroup, rbnRadiusAcctGroup, rbnRadiusNotifyGroup, rbnRadiusAuthNotifyGroup, rbnRadiusAcctNotifyGroup } ::= { rbnRadiusCompliances 1 } rbnRadiusAuthGroup OBJECT-GROUP OBJECTS { rbnRadiusAuthPktTimeout, rbnRadiusAuthSrvTimeout, rbnRadiusAuthDeadtime, rbnRadiusAuthTries, rbnRadiusAuthSrvState, rbnRadiusAuthSrvLastChange, rbnRadiusAuthSrvCounterResetTime, rbnRadiusAuthSrvSendErrors } STATUS deprecated DESCRIPTION "The collection of objects used to manage RADIUS authentication servers." ::= { rbnRadiusGroups 1 } rbnRadiusAcctGroup OBJECT-GROUP OBJECTS { rbnRadiusAcctPktTimeout, rbnRadiusAcctSrvTimeout, rbnRadiusAcctDeadtime, rbnRadiusAcctTries, rbnRadiusAcctSrvState, rbnRadiusAcctSrvLastChange, rbnRadiusAcctSrvCounterResetTime, rbnRadiusAcctSrvSendErrors } STATUS deprecated DESCRIPTION "The collection of objects used to manage RADIUS accounting servers." ::= { rbnRadiusGroups 2 } END