845 lines
32 KiB
Plaintext
845 lines
32 KiB
Plaintext
ENTERASYS-RADIUS-SNOOPING-MIB DEFINITIONS ::= BEGIN
|
|
|
|
-- enterasys-radius-snooping-mib.txt
|
|
--
|
|
-- Part Number:
|
|
--
|
|
--
|
|
|
|
-- This module provides authoritative definitions for Enterasys
|
|
-- Networks' RADIUS Snooping functionality.
|
|
|
|
--
|
|
-- This module will be extended, as needed.
|
|
|
|
-- Enterasys Networks reserves the right to make changes in this
|
|
-- specification and other information contained in this document
|
|
-- without prior notice. The reader should consult Enterasys Networks
|
|
-- to determine whether any such changes have been made.
|
|
--
|
|
-- In no event shall Enterasys Networks be liable for any incidental,
|
|
-- indirect, special, or consequential damages whatsoever (including
|
|
-- but not limited to lost profits) arising out of or related to this
|
|
-- document or the information contained in it, even if Enterasys
|
|
-- Networks has been advised of, known, or should have known, the
|
|
-- possibility of such damages.
|
|
--
|
|
-- Enterasys Networks grants vendors, end-users, and other interested
|
|
-- parties a non-exclusive license to use this Specification in
|
|
-- connection with the management of Enterasys Networks products.
|
|
|
|
-- Copyright July 2012 Enterasys Networks, Inc.
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Integer32, Counter32
|
|
FROM SNMPv2-SMI
|
|
MODULE-COMPLIANCE, OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
EnabledStatus
|
|
FROM P-BRIDGE-MIB
|
|
MacAddress, TruthValue, RowStatus
|
|
FROM SNMPv2-TC
|
|
InterfaceIndex
|
|
FROM IF-MIB
|
|
InetAddressType, InetAddress
|
|
FROM INET-ADDRESS-MIB
|
|
etsysModules
|
|
FROM ENTERASYS-MIB-NAMES;
|
|
|
|
etsysRadiusSnoopingMIB MODULE-IDENTITY
|
|
LAST-UPDATED "201207161313Z" -- Mon Jul 16 13:13 UTC 2012
|
|
ORGANIZATION "Enterasys Networks, Inc"
|
|
CONTACT-INFO
|
|
"Postal: Enterasys Networks
|
|
50 Minuteman Rd.
|
|
Andover, MA 01810-1008
|
|
USA
|
|
Phone: +1 978 684 1000
|
|
E-mail: support@enterasys.com
|
|
WWW: http://www.enterasys.com"
|
|
|
|
DESCRIPTION
|
|
"This MIB module defines a portion of the SNMP MIB under
|
|
the Enterasys Networks enterprise OID pertaining to
|
|
configuration of RADIUS Snooping on a device."
|
|
|
|
REVISION "201207161313Z" -- Mon Jul 16 13:13 UTC 2012
|
|
DESCRIPTION "Add missing IMPORTS. Relocate Compliance and
|
|
Conformance statements."
|
|
|
|
REVISION "200911041913Z" -- Wed Nov 4 19:13 UTC 2009
|
|
DESCRIPTION "Added the following objects:
|
|
etsysRadiusSnoopingFlowUnsupportedReqPackets
|
|
etsysRadiusSnoopingFlowUnsupportedRspPackets"
|
|
|
|
REVISION "200802051651Z" -- Tue Feb 5 16:51 UTC 2008
|
|
DESCRIPTION "The initial version of this MIB module."
|
|
|
|
::= { etsysModules 62 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- MIB Objects
|
|
-- -------------------------------------------------------------
|
|
etsysRadiusSnoopingObjectBase
|
|
OBJECT IDENTIFIER ::= { etsysRadiusSnoopingMIB 2 }
|
|
|
|
etsysRadiusSnoopingObjects
|
|
OBJECT IDENTIFIER ::= { etsysRadiusSnoopingObjectBase 1 }
|
|
|
|
etsysRadiusSnoopingSystem
|
|
OBJECT IDENTIFIER ::= { etsysRadiusSnoopingObjects 1 }
|
|
|
|
etsysRadiusSnoopingPort
|
|
OBJECT IDENTIFIER ::= { etsysRadiusSnoopingObjects 2 }
|
|
|
|
etsysRadiusSnoopingSession
|
|
OBJECT IDENTIFIER ::= { etsysRadiusSnoopingObjects 3 }
|
|
|
|
etsysRadiusSnoopingFlow
|
|
OBJECT IDENTIFIER ::= { etsysRadiusSnoopingObjects 4 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- etsysRadiusSnoopingSystem Group
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysRadiusSnoopingSystemEnable OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When enabled(1), all objects in this MIB are fully active.
|
|
When disabled(2), this object overrides all other object
|
|
settings in this MIB without affecting their values. Maintaining
|
|
the value of this object across agent reboots is REQUIRED."
|
|
DEFVAL { disabled }
|
|
::= { etsysRadiusSnoopingSystem 1 }
|
|
|
|
etsysRadiusSnoopingSystemTimeout OBJECT-TYPE
|
|
SYNTAX Integer32 (1..60)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of seconds to wait for a RADIUS Server to respond to
|
|
a RADIUS Snooping detected RADIUS request. Maintaining the value
|
|
of this object across agent reboots is REQUIRED."
|
|
DEFVAL { 20 }
|
|
::= { etsysRadiusSnoopingSystem 2 }
|
|
|
|
etsysRadiusSnoopingSystemConfiguredFlows OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current number of configured flows in the
|
|
etsysRadiusSnoopFlowTable"
|
|
::= { etsysRadiusSnoopingSystem 3 }
|
|
|
|
etsysRadiusSnoopingSystemActiveSessions OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current number of active sessions in the
|
|
etsysRadiusSnoopFlowTable"
|
|
::= { etsysRadiusSnoopingSystem 4 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- etsysRadiusSnoopingPort Group
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysRadiusSnoopingPortTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EtsysRadiusSnoopingPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing configuration objects for each RADIUS
|
|
snooping port. The configuration for
|
|
each port in this table must be non-volatile."
|
|
::= { etsysRadiusSnoopingPort 1 }
|
|
|
|
etsysRadiusSnoopingPortEntry OBJECT-TYPE
|
|
SYNTAX EtsysRadiusSnoopingPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each conceptual row provides control over all of the
|
|
initial values used by each RADIUS Snooping session on
|
|
this port. Subsequent changes to rows in this table,
|
|
except where noted, have no effect on existing sessions
|
|
authenticated by RADIUS Snooping on this port."
|
|
INDEX { etsysRadiusSnoopingPortIndex }
|
|
::= { etsysRadiusSnoopingPortTable 1 }
|
|
|
|
EtsysRadiusSnoopingPortEntry ::=
|
|
SEQUENCE {
|
|
etsysRadiusSnoopingPortIndex InterfaceIndex,
|
|
etsysRadiusSnoopingPortEnable EnabledStatus,
|
|
etsysRadiusSnoopingPortTimeout Integer32,
|
|
etsysRadiusSnoopingPortInitialize TruthValue,
|
|
etsysRadiusSnoopingPortDrop EnabledStatus,
|
|
etsysRadiusSnoopingPortAuthenticationsAllocated Unsigned32,
|
|
etsysRadiusSnoopingPortAuthenticationsAllowed Unsigned32
|
|
}
|
|
|
|
etsysRadiusSnoopingPortIndex OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the InterfaceIndex associated with this row."
|
|
::= { etsysRadiusSnoopingPortEntry 1 }
|
|
|
|
etsysRadiusSnoopingPortEnable OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When set to enabled(1), a platform dependent triggering
|
|
mechanism initiates the detection of RADIUS traffic
|
|
sent by edge devices. These RADIUS requests in conjuntion
|
|
with their respective responses allow for RADIUS Snooping
|
|
to process these sessions.
|
|
|
|
When disabled(2), RADIUS Snooping detection is disabled
|
|
and all currently authenticated sessions or those in
|
|
the process of authentication on this port are terminated.
|
|
|
|
Maintaining the value of this object across agent reboots
|
|
is REQUIRED."
|
|
DEFVAL { disabled }
|
|
::= { etsysRadiusSnoopingPortEntry 2 }
|
|
|
|
etsysRadiusSnoopingPortTimeout OBJECT-TYPE
|
|
SYNTAX Integer32 (0..60)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of seconds to wait for a RADIUS Server to respond to
|
|
a RADIUS Snooping detected RADIUS request. If the value
|
|
of this variable is 0 then the system setting in
|
|
etsysRadiusSnoopingSystemTimeout will be used. Maintaining the value
|
|
of this object across agent reboots is REQUIRED."
|
|
DEFVAL { 20 }
|
|
::= { etsysRadiusSnoopingPortEntry 3 }
|
|
|
|
etsysRadiusSnoopingPortInitialize OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When set to true(1), the RADIUS Snooping logic on this
|
|
port is initialized, forcibly ending all RADIUS Snooping
|
|
sessions currently in existence on this port. A set with
|
|
the value false(2) has no affect and a read always returns
|
|
false."
|
|
::= { etsysRadiusSnoopingPortEntry 4 }
|
|
|
|
etsysRadiusSnoopingPortDrop OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When set to enabled(1), a platform dependent triggering
|
|
mechanism initiates the potential dropping of RADIUS traffic
|
|
under specific error conditions to maintain session consistency
|
|
accross network devices.
|
|
|
|
When disabled(2), RADIUS Snooping will not drop RADIUS traffic.
|
|
|
|
Maintaining the value of this object across agent reboots
|
|
is REQUIRED."
|
|
DEFVAL { enabled }
|
|
::= { etsysRadiusSnoopingPortEntry 5 }
|
|
|
|
etsysRadiusSnoopingPortAuthenticationsAllocated OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of RADIUS Snooping authentications permitted on
|
|
this port on this module. This value must be non-zero and be less
|
|
than or equal to the value of
|
|
etsysRadiusSnoopingAuthenticationsAllowed. Setting this object to a
|
|
value less than the current number of authenticated RADIUS Snooping
|
|
sessions on this port prevents further authentications, but has no
|
|
affect on the current sessions. Maintaining the value of this object
|
|
across agent reboots is REQUIRED"
|
|
::= { etsysRadiusSnoopingPortEntry 6 }
|
|
|
|
etsysRadiusSnoopingPortAuthenticationsAllowed OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of concurrent RADIUS Snooping authentications
|
|
supported on this port on this module. The default value of this
|
|
object is platform and resource dependent."
|
|
::= { etsysRadiusSnoopingPortEntry 7 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- etsysRadiusSnoopingSession Group
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysRadiusSnoopingSessionTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EtsysRadiusSnoopingSessionEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing configuration objects for each RADIUS
|
|
Snooping session authenticated on a port. Each row in this table
|
|
is created dynamically when a RADIUS Snooping session authenticates
|
|
on a port."
|
|
::= { etsysRadiusSnoopingSession 1 }
|
|
|
|
etsysRadiusSnoopingSessionEntry OBJECT-TYPE
|
|
SYNTAX EtsysRadiusSnoopingSessionEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each conceptual row inherits it's initial information
|
|
from the row in the etsysRadiusSnoopingPortConfigTable
|
|
corresponding to the correct port. Each row represents an
|
|
authenticated RADIUS Snooping session."
|
|
INDEX { etsysRadiusSnoopingSessionMACAddress }
|
|
::= { etsysRadiusSnoopingSessionTable 1 }
|
|
|
|
EtsysRadiusSnoopingSessionEntry::=
|
|
SEQUENCE {
|
|
etsysRadiusSnoopingSessionMACAddress MacAddress,
|
|
etsysRadiusSnoopingSessionInitialize TruthValue,
|
|
etsysRadiusSnoopingSessionPort InterfaceIndex,
|
|
etsysRadiusSnoopingSessionRadiusClientAddressType InetAddressType,
|
|
etsysRadiusSnoopingSessionRadiusClientAddress InetAddress,
|
|
etsysRadiusSnoopingSessionRadiusServerAddressType InetAddressType,
|
|
etsysRadiusSnoopingSessionRadiusServerAddress InetAddress,
|
|
etsysRadiusSnoopingSessionDuration Unsigned32
|
|
}
|
|
|
|
etsysRadiusSnoopingSessionMACAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the MAC address that was authenticated on this port."
|
|
::= { etsysRadiusSnoopingSessionEntry 1 }
|
|
|
|
etsysRadiusSnoopingSessionInitialize OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When set to true(1), this RADIUS Snooping session
|
|
terminates causing the corresponding row in this table
|
|
and in the etsysRadiusSnoopingSessionTable to be removed.
|
|
|
|
Setting this object to false(2) has no effect on the system.
|
|
Reads of this object always return false(2)."
|
|
::= { etsysRadiusSnoopingSessionEntry 2 }
|
|
|
|
etsysRadiusSnoopingSessionPort OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the InterfaceIndex associated with this rows
|
|
RADIUS Snooping authenticated session."
|
|
::= { etsysRadiusSnoopingSessionEntry 3 }
|
|
|
|
etsysRadiusSnoopingSessionRadiusClientAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of data returned by
|
|
etsysRadiusSnoopingMACRadiusClientAddress."
|
|
::= { etsysRadiusSnoopingSessionEntry 5 }
|
|
|
|
etsysRadiusSnoopingSessionRadiusClientAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The network address of the RADIUS Client that sent the RADIUS Access
|
|
Request that started the RADIUS Snooping authentication that led
|
|
to this RADIUS Snooping session entry."
|
|
::= { etsysRadiusSnoopingSessionEntry 6 }
|
|
|
|
etsysRadiusSnoopingSessionRadiusServerAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of data returned by
|
|
etsysRadiusSnoopingMACRadiusServerAddress."
|
|
::= { etsysRadiusSnoopingSessionEntry 7 }
|
|
|
|
etsysRadiusSnoopingSessionRadiusServerAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The network address of the RADIUS Server that sent the RADIUS Access
|
|
Accept that successfully completed the RADIUS Snooping authentication
|
|
that led to this RADIUS Snooping session entry."
|
|
::= { etsysRadiusSnoopingSessionEntry 8 }
|
|
|
|
etsysRadiusSnoopingSessionDuration OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value, in seconds, which have elapsed since the start
|
|
of this session."
|
|
::= { etsysRadiusSnoopingSessionEntry 9 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- etsysRadiusSnoopingFlow Group
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysRadiusSnoopingFlowTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EtsysRadiusSnoopingFlowEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing configuration objects for each RADIUS
|
|
snooping flow. The configuration for
|
|
each flow in this table must be non-volatile."
|
|
::= { etsysRadiusSnoopingFlow 1 }
|
|
|
|
etsysRadiusSnoopingFlowEntry OBJECT-TYPE
|
|
SYNTAX EtsysRadiusSnoopingFlowEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each conceptual row provides control over all of the
|
|
values used by each RADIUS Snooping flow."
|
|
INDEX { etsysRadiusSnoopingFlowIndex }
|
|
::= { etsysRadiusSnoopingFlowTable 1 }
|
|
|
|
EtsysRadiusSnoopingFlowEntry::=
|
|
SEQUENCE {
|
|
etsysRadiusSnoopingFlowIndex Integer32,
|
|
etsysRadiusSnoopingFlowClientAddressType InetAddressType,
|
|
etsysRadiusSnoopingFlowClientAddress InetAddress,
|
|
etsysRadiusSnoopingFlowServerAddressType InetAddressType,
|
|
etsysRadiusSnoopingFlowServerAddress InetAddress,
|
|
etsysRadiusSnoopingFlowServerPortNumber Integer32,
|
|
etsysRadiusSnoopingFlowSecret OCTET STRING,
|
|
etsysRadiusSnoopingFlowRowStatus RowStatus,
|
|
etsysRadiusSnoopingFlowSecretEntered TruthValue,
|
|
etsysRadiusSnoopingFlowCurrentSessions Counter32,
|
|
etsysRadiusSnoopingFlowPendingAuthentications Counter32,
|
|
etsysRadiusSnoopingFlowTotalSessions Counter32,
|
|
etsysRadiusSnoopingFlowAccessRequests Counter32,
|
|
etsysRadiusSnoopingFlowAccessAccepts Counter32,
|
|
etsysRadiusSnoopingFlowAccessRejects Counter32,
|
|
etsysRadiusSnoopingFlowInvalidRequests Counter32,
|
|
etsysRadiusSnoopingFlowInvalidResponses Counter32,
|
|
etsysRadiusSnoopingFlowTotalDroppedPackets Counter32,
|
|
etsysRadiusSnoopingFlowUnsupportedReqPackets Counter32,
|
|
etsysRadiusSnoopingFlowUnsupportedRspPackets Counter32
|
|
}
|
|
|
|
etsysRadiusSnoopingFlowIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..4095)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A number uniquely identifying each conceptual row in the
|
|
etsysRadiusSnoopingFlowTable. This value also indicates the
|
|
search priority of the flows. Incoming RADIUS traffic
|
|
matching multiple entries will be processed according to the
|
|
entry with the lowest index.
|
|
|
|
Maintaining the value of etsysRadiusSnoopingFlowIndex for all
|
|
active(1) entries across agent reboots is REQUIRED."
|
|
::= { etsysRadiusSnoopingFlowEntry 1 }
|
|
|
|
etsysRadiusSnoopingFlowClientAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies how etsysRadiusSnoopingFlowClientAddress
|
|
is encoded. Support for all possible enumerations defined by
|
|
InetAddressType is NOT REQUIRED."
|
|
DEFVAL { ipv4 }
|
|
::= { etsysRadiusSnoopingFlowEntry 2 }
|
|
|
|
etsysRadiusSnoopingFlowClientAddress OBJECT-TYPE
|
|
SYNTAX InetAddress (SIZE(1..64))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The encoded unicast IP address of a RADIUS client.
|
|
RADIUS Snooping may process RADIUS requests from this
|
|
address.
|
|
|
|
Maintaining the value of etsysRadiusSnoopingFlowClientAddress for all
|
|
active(1) entries across agent reboots is REQUIRED."
|
|
::= { etsysRadiusSnoopingFlowEntry 3 }
|
|
|
|
etsysRadiusSnoopingFlowServerAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies how etsysRadiusSnoopingFlowServerAddress
|
|
is encoded. Support for all possible enumerations defined by
|
|
InetAddressType is NOT REQUIRED."
|
|
DEFVAL { ipv4 }
|
|
::= { etsysRadiusSnoopingFlowEntry 4 }
|
|
|
|
etsysRadiusSnoopingFlowServerAddress OBJECT-TYPE
|
|
SYNTAX InetAddress (SIZE(1..64))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The encoded unicast IP address of a RADIUS server.
|
|
RADIUS Snooping may process RADIUS responses from this
|
|
address.
|
|
|
|
Maintaining the value of etsysRadiusSnoopingFlowServerAddress for all
|
|
active(1) entries across agent reboots is REQUIRED."
|
|
::= { etsysRadiusSnoopingFlowEntry 5 }
|
|
|
|
etsysRadiusSnoopingFlowServerPortNumber OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The destination UDP port number (0-65535) the client will use
|
|
to send RADIUS requests to the server and the source UDP
|
|
port number (0-65535) the server will use to send RADIUS responses
|
|
to the client.
|
|
|
|
Maintaining the value of etsysRadiusSnoopingFlowServerPortNumber
|
|
for all active(1) entries across agent reboots is REQUIRED."
|
|
DEFVAL { 1812 }
|
|
::= { etsysRadiusSnoopingFlowEntry 6 }
|
|
|
|
etsysRadiusSnoopingFlowSecret OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is the secret shared between the RADIUS
|
|
authentication server and the RADIUS client.
|
|
|
|
On a read operation this object MUST return a zero length
|
|
string.
|
|
|
|
Writing this object with a zero length string clears the
|
|
secret.
|
|
|
|
Maintaining the value of etsysRadiusSnoopingFlowSecret for all
|
|
active(1) entries across agent reboots is REQUIRED."
|
|
::= { etsysRadiusSnoopingFlowEntry 7 }
|
|
|
|
etsysRadiusSnoopingFlowRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of this row as defined by the RowStatus textual
|
|
convention."
|
|
|
|
REFERENCE
|
|
"RFC2579 (Textual Conventions for SMIv2)"
|
|
::={ etsysRadiusSnoopingFlowEntry 8 }
|
|
|
|
etsysRadiusSnoopingFlowSecretEntered OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"true(1) - Indicates that etsysRadiusSnoopingFlowSecret was
|
|
last set with some value other than the empty string.
|
|
|
|
false(2) - Indicates that etsysRadiusSnoopingFlowSecret has
|
|
never been set, or was last set to the empty string."
|
|
::= { etsysRadiusSnoopingFlowEntry 9 }
|
|
|
|
etsysRadiusSnoopingFlowCurrentSessions OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of current RADIUS Snooping authenticated sessions for this
|
|
RAIDIUS Snooping flow."
|
|
::= { etsysRadiusSnoopingFlowEntry 10 }
|
|
|
|
etsysRadiusSnoopingFlowPendingAuthentications OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of pending RADIUS Snooping authentications for this RADIUS
|
|
Snooping flow. A valid RADIUS request has been seen for these
|
|
authentications, but no valid RADIUS response has been detected
|
|
as of yet."
|
|
::= { etsysRadiusSnoopingFlowEntry 11 }
|
|
|
|
etsysRadiusSnoopingFlowTotalSessions OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of successful RADIUS Snooping authentications for
|
|
this RADIUS Snoopping flow since the last system reboot."
|
|
::= { etsysRadiusSnoopingFlowEntry 12 }
|
|
|
|
etsysRadiusSnoopingFlowAccessRequests OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of valid RADIUS Access Requests sent by the
|
|
client to the server in this RADIUS Snooping flow since the last
|
|
system reboot."
|
|
::= { etsysRadiusSnoopingFlowEntry 13 }
|
|
|
|
etsysRadiusSnoopingFlowAccessAccepts OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of valid RADIUS Access Accepts sent by the
|
|
server to the client in this RADIUS Snooping flow since
|
|
the last system reboot."
|
|
::= { etsysRadiusSnoopingFlowEntry 14 }
|
|
|
|
etsysRadiusSnoopingFlowAccessRejects OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of valid RADIUS Access Rejects sent by the
|
|
server to the client in this RADIUS Snooping flow since
|
|
the last system reboot."
|
|
::= { etsysRadiusSnoopingFlowEntry 15 }
|
|
|
|
etsysRadiusSnoopingFlowInvalidRequests OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of invalid RADIUS requests sent by the
|
|
client in this RADIUS Snooping flow since
|
|
the last system reboot. This may occur due to an invalid
|
|
RADIUS packet format or the lack of a Calling-Station-Id RADIUS
|
|
attribute."
|
|
::= { etsysRadiusSnoopingFlowEntry 16 }
|
|
|
|
etsysRadiusSnoopingFlowInvalidResponses OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of invalid RADIUS responses sent by the
|
|
server in this RADIUS Snooping flow since
|
|
the last system reboot. This may occur due to an invalid
|
|
RADIUS packet format or a RADIUS packet validation failure if
|
|
validation is enabled."
|
|
::= { etsysRadiusSnoopingFlowEntry 17 }
|
|
|
|
etsysRadiusSnoopingFlowTotalDroppedPackets OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of dropped RADIUS Snooping packets. This may
|
|
occur due resource limitations or RADIUS frame format in
|
|
conjunction with port packet drop configuration."
|
|
::= { etsysRadiusSnoopingFlowEntry 18 }
|
|
|
|
etsysRadiusSnoopingFlowUnsupportedReqPackets OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of unsupported RADIUS request packets that are
|
|
received by the RADIUS Snooping component but not supported.
|
|
Specifically, Accounting Requests are counted. These packets are
|
|
never dropped."
|
|
::= { etsysRadiusSnoopingFlowEntry 19 }
|
|
|
|
etsysRadiusSnoopingFlowUnsupportedRspPackets OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of unsupported RADIUS response packets that are
|
|
received by the RADIUS Snooping component but not supported.
|
|
Specifically, Accounting Responses and Challenge Responses are
|
|
counted. These packets are never dropped."
|
|
::= { etsysRadiusSnoopingFlowEntry 20 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Conformance Information
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysRadiusSnoopingConformance
|
|
OBJECT IDENTIFIER ::= { etsysRadiusSnoopingMIB 2 2 }
|
|
|
|
etsysRadiusSnoopingGroups
|
|
OBJECT IDENTIFIER ::= { etsysRadiusSnoopingConformance 1 }
|
|
|
|
etsysRadiusSnoopingCompliances
|
|
OBJECT IDENTIFIER ::= { etsysRadiusSnoopingConformance 2 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Units of conformance
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysRadiusSnoopingSystemGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysRadiusSnoopingSystemEnable,
|
|
etsysRadiusSnoopingSystemTimeout,
|
|
etsysRadiusSnoopingSystemConfiguredFlows,
|
|
etsysRadiusSnoopingSystemActiveSessions
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Global object controlling this feature.
|
|
Global objects that affect how the credentials are
|
|
presented to the authentication server."
|
|
::= { etsysRadiusSnoopingGroups 1 }
|
|
|
|
etsysRadiusSnoopingPortGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysRadiusSnoopingPortEnable,
|
|
etsysRadiusSnoopingPortTimeout,
|
|
etsysRadiusSnoopingPortInitialize,
|
|
etsysRadiusSnoopingPortDrop,
|
|
etsysRadiusSnoopingPortAuthenticationsAllocated,
|
|
etsysRadiusSnoopingPortAuthenticationsAllowed
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Objects describing the RADIUS Snooping
|
|
variables for each port."
|
|
::= { etsysRadiusSnoopingGroups 2 }
|
|
|
|
etsysRadiusSnoopingSessionGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysRadiusSnoopingSessionInitialize,
|
|
etsysRadiusSnoopingSessionPort,
|
|
etsysRadiusSnoopingSessionRadiusClientAddressType,
|
|
etsysRadiusSnoopingSessionRadiusClientAddress,
|
|
etsysRadiusSnoopingSessionRadiusServerAddressType,
|
|
etsysRadiusSnoopingSessionRadiusServerAddress,
|
|
etsysRadiusSnoopingSessionDuration
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Objects associated with an individual RADIUS Snooping
|
|
authentication."
|
|
::= { etsysRadiusSnoopingGroups 3 }
|
|
|
|
etsysRadiusSnoopingFlowGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysRadiusSnoopingFlowClientAddressType,
|
|
etsysRadiusSnoopingFlowClientAddress,
|
|
etsysRadiusSnoopingFlowServerAddressType,
|
|
etsysRadiusSnoopingFlowServerAddress,
|
|
etsysRadiusSnoopingFlowServerPortNumber,
|
|
etsysRadiusSnoopingFlowSecret,
|
|
etsysRadiusSnoopingFlowRowStatus,
|
|
etsysRadiusSnoopingFlowSecretEntered,
|
|
etsysRadiusSnoopingFlowCurrentSessions,
|
|
etsysRadiusSnoopingFlowPendingAuthentications,
|
|
etsysRadiusSnoopingFlowTotalSessions,
|
|
etsysRadiusSnoopingFlowAccessRequests,
|
|
etsysRadiusSnoopingFlowAccessAccepts,
|
|
etsysRadiusSnoopingFlowAccessRejects,
|
|
etsysRadiusSnoopingFlowInvalidRequests,
|
|
etsysRadiusSnoopingFlowInvalidResponses,
|
|
etsysRadiusSnoopingFlowTotalDroppedPackets
|
|
}
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"Objects associated with an individual RADIUS Snooping
|
|
authentication."
|
|
::= { etsysRadiusSnoopingGroups 4 }
|
|
|
|
etsysRadiusSnoopingFlowGroup2 OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysRadiusSnoopingFlowClientAddressType,
|
|
etsysRadiusSnoopingFlowClientAddress,
|
|
etsysRadiusSnoopingFlowServerAddressType,
|
|
etsysRadiusSnoopingFlowServerAddress,
|
|
etsysRadiusSnoopingFlowServerPortNumber,
|
|
etsysRadiusSnoopingFlowSecret,
|
|
etsysRadiusSnoopingFlowRowStatus,
|
|
etsysRadiusSnoopingFlowSecretEntered,
|
|
etsysRadiusSnoopingFlowCurrentSessions,
|
|
etsysRadiusSnoopingFlowPendingAuthentications,
|
|
etsysRadiusSnoopingFlowTotalSessions,
|
|
etsysRadiusSnoopingFlowAccessRequests,
|
|
etsysRadiusSnoopingFlowAccessAccepts,
|
|
etsysRadiusSnoopingFlowAccessRejects,
|
|
etsysRadiusSnoopingFlowInvalidRequests,
|
|
etsysRadiusSnoopingFlowInvalidResponses,
|
|
etsysRadiusSnoopingFlowTotalDroppedPackets,
|
|
etsysRadiusSnoopingFlowUnsupportedReqPackets,
|
|
etsysRadiusSnoopingFlowUnsupportedRspPackets
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Objects associated with an individual RADIUS Snooping
|
|
authentication."
|
|
::= { etsysRadiusSnoopingGroups 5 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Compliance statements
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysRadiusSnoopingCompliance MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for devices that support RADIUS Snooping."
|
|
|
|
MODULE
|
|
MANDATORY-GROUPS {
|
|
etsysRadiusSnoopingSystemGroup,
|
|
etsysRadiusSnoopingPortGroup,
|
|
etsysRadiusSnoopingSessionGroup,
|
|
etsysRadiusSnoopingFlowGroup
|
|
}
|
|
|
|
OBJECT etsysRadiusSnoopingSystemEnable
|
|
SYNTAX EnabledStatus
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required. If read-only is selected,
|
|
then the default value must be enabled(1)."
|
|
|
|
::= { etsysRadiusSnoopingCompliances 1 }
|
|
|
|
etsysRadiusSnoopingCompliance2 MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for devices that support RADIUS Snooping."
|
|
|
|
MODULE
|
|
MANDATORY-GROUPS {
|
|
etsysRadiusSnoopingSystemGroup,
|
|
etsysRadiusSnoopingPortGroup,
|
|
etsysRadiusSnoopingSessionGroup,
|
|
etsysRadiusSnoopingFlowGroup2
|
|
}
|
|
|
|
OBJECT etsysRadiusSnoopingSystemEnable
|
|
SYNTAX EnabledStatus
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required. If read-only is selected,
|
|
then the default value must be enabled(1)."
|
|
|
|
::= { etsysRadiusSnoopingCompliances 2 }
|
|
|
|
END
|