375 lines
14 KiB
Plaintext
375 lines
14 KiB
Plaintext
ENTERASYS-RADIUS-DYNAMIC-AUTHOR-SERVER-EXT-MIB DEFINITIONS ::= BEGIN
|
|
|
|
--
|
|
-- Part Number:
|
|
--
|
|
--
|
|
|
|
-- This module provides authoritative definitions for Extreme
|
|
-- Network's RADIUS Dynamic Authorization Server MIB.
|
|
|
|
--
|
|
-- This module will be extended, as needed.
|
|
|
|
-- Extreme Networks reserves the right to make changes in this
|
|
-- specification and other information contained in this document
|
|
-- without prior notice. The reader should consult Extreme Networks
|
|
-- to determine whether any such changes have been made.
|
|
--
|
|
-- In no event shall Extreme Networks be liable for any incidental,
|
|
-- indirect, special, or consequential damages whatsoever (including
|
|
-- but not limited to lost profits) arising out of or related to this
|
|
-- document or the information contained in it, even if Extreme
|
|
-- Networks has been advised of, known, or should have known, the
|
|
-- possibility of such damages.
|
|
--
|
|
-- Extreme Networks grants vendors, end-users, and other interested
|
|
-- parties a non-exclusive license to use this Specification in
|
|
-- connection with the management of Extreme Networks products.
|
|
|
|
-- Copyright April, 2016 Extreme Networks, Inc.
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE FROM SNMPv2-SMI
|
|
Integer32 FROM SNMPv2-SMI
|
|
MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF
|
|
TruthValue, RowStatus FROM SNMPv2-TC
|
|
InetAddressType, InetAddress FROM INET-ADDRESS-MIB
|
|
etsysModules FROM ENTERASYS-MIB-NAMES;
|
|
|
|
etsysRadiusDynAuthorServerMIB MODULE-IDENTITY
|
|
LAST-UPDATED "201605181406Z" -- Wed May 18 14:06 UTC 2016
|
|
ORGANIZATION "Extreme Networks"
|
|
CONTACT-INFO
|
|
"Postal: Extreme Networks, Inc.
|
|
145 Rio Robles
|
|
San Jose, CA 95134 USA
|
|
|
|
Phone: +1 408 579-2800
|
|
E-mail: support@extremenetworks.com
|
|
WWW: http://www.extremenetworks.com"
|
|
|
|
DESCRIPTION
|
|
"This MIB module defines a portion of the SNMP enterprise
|
|
MIBs under Enterasys Networks' enterprise OID pertaining to
|
|
the server side of the Remote Access Dialin User Service
|
|
(RADIUS) Dynamic Authorization protocol (RFC5176).
|
|
|
|
This MIB provides read-write access to configuration objects
|
|
not provided in the standard RADIUS Dynamic Authorization
|
|
MIB (RFC4673). However, the write capability must only
|
|
be supported for SNMPv3, or other SNMP versions with
|
|
adequately strong security.
|
|
|
|
Security concerns include Object ID verification, source
|
|
address verification and timeliness verification."
|
|
|
|
REVISION "201605181406Z" -- Wed May 18 14:06 UTC 2016
|
|
DESCRIPTION
|
|
"Addition of server client IP addresses and server
|
|
virtual router configuration.
|
|
|
|
Updated the CONTACT-INFO clause."
|
|
|
|
REVISION "201112191324Z" -- Mon Dec 19 13:24 UTC 2011
|
|
DESCRIPTION
|
|
"The initial version of this MIB module."
|
|
|
|
::= { etsysModules 80 }
|
|
|
|
|
|
-- ------------------------------------
|
|
-- MIB Objects
|
|
-- ------------------------------------
|
|
|
|
etsysRadiusDynAuthorServerMIBObjects
|
|
OBJECT IDENTIFIER ::= { etsysRadiusDynAuthorServerMIB 1 }
|
|
|
|
etsysRadiusDynAuthorServerEnable OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether or not RADIUS Dynamic Authorization
|
|
is enabled or disabled. This parameter value MUST be maintained
|
|
across system reboots."
|
|
DEFVAL { disable }
|
|
::= { etsysRadiusDynAuthorServerMIBObjects 1 }
|
|
|
|
etsysRadiusDynAuthorServerClientTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EtsysRadiusDynAuthorServerClientEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The (conceptual) table listing the RADIUS Accounting
|
|
servers."
|
|
::= { etsysRadiusDynAuthorServerMIBObjects 2 }
|
|
|
|
etsysRadiusDynAuthorServerClientEntry OBJECT-TYPE
|
|
SYNTAX EtsysRadiusDynAuthorServerClientEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry (conceptual row) representing a RADIUS
|
|
dynamic authorization server with which the server shares
|
|
a secret. If RADIUS dynamic authorization is not enabled, this
|
|
table is ignored.
|
|
|
|
All created conceptual rows are non-volatile and as such
|
|
MUST be maintained upon restart of the agent."
|
|
INDEX { etsysRadiusDynAuthorServerClientIndex }
|
|
::= { etsysRadiusDynAuthorServerClientTable 1 }
|
|
|
|
EtsysRadiusDynAuthorServerClientEntry ::=
|
|
SEQUENCE {
|
|
etsysRadiusDynAuthorServerClientIndex
|
|
Integer32,
|
|
etsysRadiusDynAuthorServerClientAddressType
|
|
InetAddressType,
|
|
etsysRadiusDynAuthorServerClientAddress
|
|
InetAddress,
|
|
etsysRadiusDynAuthorServerClientSecret
|
|
OCTET STRING,
|
|
etsysRadiusDynAuthorServerClientSecretEntered
|
|
TruthValue,
|
|
etsysRadiusDynAuthorServerClientStatus
|
|
RowStatus,
|
|
etsysRadiusDynAuthorClientServerClientAddressType
|
|
InetAddressType,
|
|
etsysRadiusDynAuthorClientServerClientAddress
|
|
InetAddress,
|
|
etsysRadiusDynAuthorClientServerClientVirtualRouterName
|
|
OCTET STRING
|
|
}
|
|
|
|
etsysRadiusDynAuthorServerClientIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A number uniquely identifying each conceptual row
|
|
in the etsysRadiusDynAuthorServerClientTable.
|
|
|
|
In the event of an agent restart, the same value
|
|
of etsysRadiusDynAuthorServerClientIndex MUST be used to
|
|
identify each conceptual row in
|
|
etsysRadiusDynAuthorServerClientTable as was used prior
|
|
to the restart."
|
|
::= { etsysRadiusDynAuthorServerClientEntry 1 }
|
|
|
|
etsysRadiusDynAuthorServerClientAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of Internet address by which the
|
|
RADIUS Dynamic Authorization Client is reachable."
|
|
DEFVAL { ipv4 }
|
|
::= { etsysRadiusDynAuthorServerClientEntry 2 }
|
|
|
|
etsysRadiusDynAuthorServerClientAddress OBJECT-TYPE
|
|
SYNTAX InetAddress (SIZE(1..64))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Internet address for the RADIUS Dynamic Authorization
|
|
Client. Note that implementations MUST limit
|
|
themselves to a single entry in this table per
|
|
reachable server.
|
|
|
|
The etsysRadiusDynAuthorServerClientAddress may not be
|
|
empty due to the SIZE restriction. Also the size
|
|
of a DNS name is limited to 64 characters.
|
|
|
|
This parameter value is maintained across system
|
|
reboots."
|
|
::= { etsysRadiusDynAuthorServerClientEntry 3 }
|
|
|
|
etsysRadiusDynAuthorServerClientSecret OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is the secret shared between the RADIUS
|
|
Dynamic Authorization client and RADIUS server. This
|
|
parameter value is maintained across system reboots.
|
|
While the 'official' MAX-ACCESS for this object is
|
|
read-create, all implementations MUST return an
|
|
empty string on a read."
|
|
DEFVAL { ''H } -- the empty string
|
|
::= { etsysRadiusDynAuthorServerClientEntry 4 }
|
|
|
|
etsysRadiusDynAuthorServerClientSecretEntered OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"true(1) - Indicates that etsysRadiusDynAuthorServerClientSecret
|
|
was last set with some value other than the empty
|
|
string.
|
|
|
|
false(2) - Indicates that etsysRadiusDynAuthorServerClientSecret
|
|
has never been set, or was last set to the empty
|
|
string."
|
|
::= { etsysRadiusDynAuthorServerClientEntry 5 }
|
|
|
|
etsysRadiusDynAuthorServerClientStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Lets users create and delete RADIUS Dynamic Authorization
|
|
client entries on systems that support this capability.
|
|
|
|
Rules
|
|
|
|
1. When creating a RADIUS Dynamic Authorization Client,
|
|
it is up to the management station to determine a
|
|
suitable etsysRadiusDynAuthorServerClientIndex.
|
|
To facilitate interoperability, agents SHOULD not
|
|
put any restrictions on the
|
|
etsysRadiusDynAuthorServerClientIndex beyond the
|
|
obvious ones that it be valid and unused.
|
|
|
|
2. Before a new row can become 'active', values
|
|
must be supplied for the columnar objects
|
|
etsysRadiusDynAuthorServerClientAddress,
|
|
etsysRadiusDynAuthorServerClientSecret,
|
|
etsysRadiusDynAuthorServerClientAddress, and
|
|
etsysRadiusDynAuthorClientServerClientVirtualRouterName.
|
|
|
|
3. The value of etsysRadiusDynAuthorServerClientStatus
|
|
must be set to 'notInService' in order to modify
|
|
a writable object in the same conceptual row.
|
|
|
|
4. etsysRadiusDynAuthorServerClient entries whose
|
|
status is 'notReady' or 'notInService' will
|
|
not be used for Dynamic Authorization."
|
|
::= { etsysRadiusDynAuthorServerClientEntry 6 }
|
|
|
|
etsysRadiusDynAuthorClientServerClientAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies how etsysRadiusDynAuthorServerClientAddressType
|
|
is encoded. Support for all possible enumerations defined by
|
|
InetAddressType is NOT REQUIRED."
|
|
DEFVAL { ipv4 }
|
|
::= { etsysRadiusDynAuthorServerClientEntry 7 }
|
|
|
|
etsysRadiusDynAuthorClientServerClientAddress OBJECT-TYPE
|
|
SYNTAX InetAddress (SIZE(1..64))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The encoded unicast IP address of a local system interface.
|
|
RADIUS Dynamic Authorization responses will be sent from
|
|
this address."
|
|
::= { etsysRadiusDynAuthorServerClientEntry 8 }
|
|
|
|
etsysRadiusDynAuthorClientServerClientVirtualRouterName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the local system virtual router that traffic
|
|
sent to this RADIUS Dynamic Authorization
|
|
server should be associated with.
|
|
|
|
Writing this object with a zero length string clears the
|
|
virtual router name for this server."
|
|
::= { etsysRadiusDynAuthorServerClientEntry 9 }
|
|
|
|
-- ------------------------------------
|
|
-- Conformance information
|
|
-- ------------------------------------
|
|
|
|
etsysRadiusDynAuthorServerMIBConformance
|
|
OBJECT IDENTIFIER ::= { etsysRadiusDynAuthorServerMIB 2 }
|
|
|
|
etsysRadiusDynAuthorServerMIBCompliances
|
|
OBJECT IDENTIFIER ::= { etsysRadiusDynAuthorServerMIBConformance 1 }
|
|
|
|
etsysRadiusDynAuthorServerMIBGroups
|
|
OBJECT IDENTIFIER ::= { etsysRadiusDynAuthorServerMIBConformance 2 }
|
|
|
|
|
|
-- ------------------------------------
|
|
-- Units of conformance
|
|
-- ------------------------------------
|
|
|
|
etsysRadiusDynAuthorServerMIBGroup OBJECT-GROUP
|
|
OBJECTS { etsysRadiusDynAuthorServerEnable,
|
|
etsysRadiusDynAuthorServerClientAddressType,
|
|
etsysRadiusDynAuthorServerClientAddress,
|
|
etsysRadiusDynAuthorServerClientSecret,
|
|
etsysRadiusDynAuthorServerClientSecretEntered,
|
|
etsysRadiusDynAuthorServerClientStatus
|
|
}
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The basic collection of objects providing a proprietary
|
|
extension to the standard RADIUS Dynamic Authorization MIB.
|
|
|
|
This MIB provides read-write access to configuration
|
|
objects not provided in the standard RADIUS Dynamic Authorization
|
|
MIB (RFC4763). However, the write capability must only
|
|
be supported for SNMPv3, or other SNMP versions with
|
|
adequately strong security."
|
|
::= { etsysRadiusDynAuthorServerMIBGroups 1 }
|
|
|
|
etsysRadiusDynAuthorServerMIBGroup2 OBJECT-GROUP
|
|
OBJECTS { etsysRadiusDynAuthorServerEnable,
|
|
etsysRadiusDynAuthorServerClientAddressType,
|
|
etsysRadiusDynAuthorServerClientAddress,
|
|
etsysRadiusDynAuthorServerClientSecret,
|
|
etsysRadiusDynAuthorServerClientSecretEntered,
|
|
etsysRadiusDynAuthorServerClientStatus,
|
|
etsysRadiusDynAuthorClientServerClientAddressType,
|
|
etsysRadiusDynAuthorClientServerClientAddress,
|
|
etsysRadiusDynAuthorClientServerClientVirtualRouterName
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The basic collection of objects providing a proprietary
|
|
extension to the standard RADIUS Dynamic Authorization MIB.
|
|
|
|
This MIB provides read-write access to configuration
|
|
objects not provided in the standard RADIUS Dynamic Authorization
|
|
MIB (RFC4763). However, the write capability must only
|
|
be supported for SNMPv3, or other SNMP versions with
|
|
adequately strong security."
|
|
::= { etsysRadiusDynAuthorServerMIBGroups 2 }
|
|
|
|
-- ------------------------------------
|
|
-- Compliance statements
|
|
-- ------------------------------------
|
|
|
|
etsysRadiusDynAuthorServerMIBCompliance MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for Dynamic Authorization
|
|
servers implementing the RADIUS Dynamic Authorization
|
|
ServerMIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS { etsysRadiusDynAuthorServerMIBGroup }
|
|
|
|
::= { etsysRadiusDynAuthorServerMIBCompliances 1 }
|
|
|
|
etsysRadiusDynAuthorServerMIBCompliance2 MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for Dynamic Authorization
|
|
servers implementing the RADIUS Dynamic Authorization
|
|
ServerMIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS { etsysRadiusDynAuthorServerMIBGroup2 }
|
|
|
|
::= { etsysRadiusDynAuthorServerMIBCompliances 2 }
|
|
|
|
END
|