1 RADIUS-AUTH-CLIENT-MIB DEFINITIONS ::= BEGIN
4 MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY,
5 Counter32, Integer32, Gauge32,
6 IpAddress, TimeTicks, mib-2 FROM SNMPv2-SMI
7 SnmpAdminString FROM SNMP-FRAMEWORK-MIB
8 InetAddressType, InetAddress,
9 InetPortNumber FROM INET-ADDRESS-MIB
10 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF;
13 radiusAuthClientMIB MODULE-IDENTITY
14 LAST-UPDATED "200608210000Z" -- 21 August 2006
15 ORGANIZATION "IETF RADIUS Extensions Working Group."
25 Phone: +1 425 936 6605
26 EMail: bernarda@microsoft.com"
28 "The MIB module for entities implementing the client
29 side of the Remote Authentication Dial-In User Service
30 (RADIUS) authentication protocol. Copyright (C) The
31 Internet Society (2006). This version of this MIB
32 module is part of RFC 4668; see the RFC itself for
34 REVISION "200608210000Z" -- 21 August 2006
36 "Revised version as published in RFC 4668. This
37 version obsoletes that of RFC 2618 by deprecating
38 the MIB table containing IPv4-only address formats
39 and defining a new table to add support for version
40 neutral IP address formats. The remaining MIB objects
41 from RFC 2618 are carried forward into this version."
42 REVISION "199906110000Z" -- 11 Jun 1999
43 DESCRIPTION "Initial version as published in RFC 2618."
44 ::= { radiusAuthentication 2 }
46 radiusMIB OBJECT-IDENTITY
49 "The OID assigned to RADIUS MIB work by the IANA."
52 radiusAuthentication OBJECT IDENTIFIER ::= {radiusMIB 1}
54 radiusAuthClientMIBObjects OBJECT IDENTIFIER
55 ::= { radiusAuthClientMIB 1 }
57 radiusAuthClient OBJECT IDENTIFIER
58 ::= { radiusAuthClientMIBObjects 1 }
60 radiusAuthClientInvalidServerAddresses OBJECT-TYPE
66 "The number of RADIUS Access-Response packets
67 received from unknown addresses."
68 ::= { radiusAuthClient 1 }
70 radiusAuthClientIdentifier OBJECT-TYPE
71 SYNTAX SnmpAdminString
78 "The NAS-Identifier of the RADIUS authentication client.
79 This is not necessarily the same as sysName in MIB II."
80 REFERENCE "RFC 2865 section 5.32"
81 ::= { radiusAuthClient 2 }
83 radiusAuthServerTable OBJECT-TYPE
84 SYNTAX SEQUENCE OF RadiusAuthServerEntry
85 MAX-ACCESS not-accessible
88 "The (conceptual) table listing the RADIUS authentication
89 servers with which the client shares a secret."
90 ::= { radiusAuthClient 3 }
92 radiusAuthServerEntry OBJECT-TYPE
93 SYNTAX RadiusAuthServerEntry
94 MAX-ACCESS not-accessible
97 "An entry (conceptual row) representing a RADIUS
98 authentication server with which the client shares
100 INDEX { radiusAuthServerIndex }
101 ::= { radiusAuthServerTable 1 }
103 RadiusAuthServerEntry ::= SEQUENCE {
104 radiusAuthServerIndex Integer32,
105 radiusAuthServerAddress IpAddress,
106 radiusAuthClientServerPortNumber Integer32,
107 radiusAuthClientRoundTripTime TimeTicks,
108 radiusAuthClientAccessRequests Counter32,
109 radiusAuthClientAccessRetransmissions Counter32,
110 radiusAuthClientAccessAccepts Counter32,
111 radiusAuthClientAccessRejects Counter32,
112 radiusAuthClientAccessChallenges Counter32,
113 radiusAuthClientMalformedAccessResponses Counter32,
114 radiusAuthClientBadAuthenticators Counter32,
115 radiusAuthClientPendingRequests Gauge32,
116 radiusAuthClientTimeouts Counter32,
117 radiusAuthClientUnknownTypes Counter32,
118 radiusAuthClientPacketsDropped Counter32
121 radiusAuthServerIndex OBJECT-TYPE
122 SYNTAX Integer32 (1..2147483647)
126 MAX-ACCESS not-accessible
129 "A number uniquely identifying each RADIUS
130 Authentication server with which this client
132 ::= { radiusAuthServerEntry 1 }
134 radiusAuthServerAddress OBJECT-TYPE
139 "The IP address of the RADIUS authentication server
140 referred to in this table entry."
141 ::= { radiusAuthServerEntry 2 }
143 radiusAuthClientServerPortNumber OBJECT-TYPE
144 SYNTAX Integer32 (0..65535)
148 "The UDP port the client is using to send requests to
150 REFERENCE "RFC 2865 section 3"
151 ::= { radiusAuthServerEntry 3 }
153 radiusAuthClientRoundTripTime OBJECT-TYPE
158 "The time interval (in hundredths of a second) between
159 the most recent Access-Reply/Access-Challenge and the
160 Access-Request that matched it from this RADIUS
161 authentication server."
162 ::= { radiusAuthServerEntry 4 }
164 -- Request/Response statistics
166 -- TotalIncomingPackets = Accepts + Rejects + Challenges +
169 -- TotalIncomingPackets - MalformedResponses -
170 -- BadAuthenticators - UnknownTypes - PacketsDropped =
171 -- Successfully received
173 -- AccessRequests + PendingRequests + ClientTimeouts =
177 -- Successfully received
181 radiusAuthClientAccessRequests OBJECT-TYPE
187 "The number of RADIUS Access-Request packets sent
188 to this server. This does not include retransmissions."
189 REFERENCE "RFC 2865 section 4.1"
190 ::= { radiusAuthServerEntry 5 }
192 radiusAuthClientAccessRetransmissions OBJECT-TYPE
198 "The number of RADIUS Access-Request packets
199 retransmitted to this RADIUS authentication server."
200 REFERENCE "RFC 2865 sections 2.5, 4.1"
201 ::= { radiusAuthServerEntry 6 }
203 radiusAuthClientAccessAccepts OBJECT-TYPE
209 "The number of RADIUS Access-Accept packets
210 (valid or invalid) received from this server."
211 REFERENCE "RFC 2865 section 4.2"
212 ::= { radiusAuthServerEntry 7 }
214 radiusAuthClientAccessRejects OBJECT-TYPE
220 "The number of RADIUS Access-Reject packets
221 (valid or invalid) received from this server."
222 REFERENCE "RFC 2865 section 4.3"
223 ::= { radiusAuthServerEntry 8 }
228 radiusAuthClientAccessChallenges OBJECT-TYPE
234 "The number of RADIUS Access-Challenge packets
235 (valid or invalid) received from this server."
236 REFERENCE "RFC 2865 section 4.4"
237 ::= { radiusAuthServerEntry 9 }
239 -- "Access-Response" includes an Access-Accept, Access-Challenge
242 radiusAuthClientMalformedAccessResponses OBJECT-TYPE
248 "The number of malformed RADIUS Access-Response
249 packets received from this server.
250 Malformed packets include packets with
251 an invalid length. Bad authenticators or
252 Message Authenticator attributes or unknown types
253 are not included as malformed access responses."
254 ::= { radiusAuthServerEntry 10 }
256 radiusAuthClientBadAuthenticators OBJECT-TYPE
262 "The number of RADIUS Access-Response packets
263 containing invalid authenticators or Message
264 Authenticator attributes received from this server."
265 REFERENCE "RFC 2865 section 3, RFC 2869 section 5.14"
266 ::= { radiusAuthServerEntry 11 }
268 radiusAuthClientPendingRequests OBJECT-TYPE
273 "The number of RADIUS Access-Request packets
274 destined for this server that have not yet timed out
275 or received a response. This variable is incremented
279 when an Access-Request is sent and decremented due to
280 receipt of an Access-Accept, Access-Reject,
281 Access-Challenge, timeout, or retransmission."
282 REFERENCE "RFC 2865 section 2"
283 ::= { radiusAuthServerEntry 12 }
285 radiusAuthClientTimeouts OBJECT-TYPE
291 "The number of authentication timeouts to this server.
292 After a timeout, the client may retry to the same
293 server, send to a different server, or
294 give up. A retry to the same server is counted as a
295 retransmit as well as a timeout. A send to a different
296 server is counted as a Request as well as a timeout."
297 REFERENCE "RFC 2865 section 2, RFC 2869 section 2.3.2"
298 ::= { radiusAuthServerEntry 13 }
300 radiusAuthClientUnknownTypes OBJECT-TYPE
306 "The number of RADIUS packets of unknown type that
307 were received from this server on the authentication
309 ::= { radiusAuthServerEntry 14 }
311 radiusAuthClientPacketsDropped OBJECT-TYPE
317 "The number of RADIUS packets that were
318 received from this server on the authentication port
319 and dropped for some other reason."
320 ::= { radiusAuthServerEntry 15 }
323 -- New MIB Objects in this revision
325 radiusAuthServerExtTable OBJECT-TYPE
326 SYNTAX SEQUENCE OF RadiusAuthServerExtEntry
330 MAX-ACCESS not-accessible
333 "The (conceptual) table listing the RADIUS authentication
334 servers with which the client shares a secret."
335 ::= { radiusAuthClient 4 }
337 radiusAuthServerExtEntry OBJECT-TYPE
338 SYNTAX RadiusAuthServerExtEntry
339 MAX-ACCESS not-accessible
342 "An entry (conceptual row) representing a RADIUS
343 authentication server with which the client shares
345 INDEX { radiusAuthServerExtIndex }
346 ::= { radiusAuthServerExtTable 1 }
348 RadiusAuthServerExtEntry ::= SEQUENCE {
349 radiusAuthServerExtIndex Integer32,
350 radiusAuthServerInetAddressType InetAddressType,
351 radiusAuthServerInetAddress InetAddress,
352 radiusAuthClientServerInetPortNumber InetPortNumber,
353 radiusAuthClientExtRoundTripTime TimeTicks,
354 radiusAuthClientExtAccessRequests Counter32,
355 radiusAuthClientExtAccessRetransmissions Counter32,
356 radiusAuthClientExtAccessAccepts Counter32,
357 radiusAuthClientExtAccessRejects Counter32,
358 radiusAuthClientExtAccessChallenges Counter32,
359 radiusAuthClientExtMalformedAccessResponses Counter32,
360 radiusAuthClientExtBadAuthenticators Counter32,
361 radiusAuthClientExtPendingRequests Gauge32,
362 radiusAuthClientExtTimeouts Counter32,
363 radiusAuthClientExtUnknownTypes Counter32,
364 radiusAuthClientExtPacketsDropped Counter32,
365 radiusAuthClientCounterDiscontinuity TimeTicks
368 radiusAuthServerExtIndex OBJECT-TYPE
369 SYNTAX Integer32 (1..2147483647)
370 MAX-ACCESS not-accessible
373 "A number uniquely identifying each RADIUS
374 Authentication server with which this client
376 ::= { radiusAuthServerExtEntry 1 }
381 radiusAuthServerInetAddressType OBJECT-TYPE
382 SYNTAX InetAddressType
386 "The type of address format used for the
387 radiusAuthServerInetAddress object."
388 ::= { radiusAuthServerExtEntry 2 }
390 radiusAuthServerInetAddress OBJECT-TYPE
395 "The IP address of the RADIUS authentication
396 server referred to in this table entry, using
397 the version-neutral IP address format."
398 ::= { radiusAuthServerExtEntry 3 }
400 radiusAuthClientServerInetPortNumber OBJECT-TYPE
401 SYNTAX InetPortNumber ( 1..65535 )
405 "The UDP port the client is using to send requests
406 to this server. The value of zero (0) is invalid."
407 REFERENCE "RFC 2865 section 3"
408 ::= { radiusAuthServerExtEntry 4 }
410 radiusAuthClientExtRoundTripTime OBJECT-TYPE
415 "The time interval (in hundredths of a second) between
416 the most recent Access-Reply/Access-Challenge and the
417 Access-Request that matched it from this RADIUS
418 authentication server."
419 REFERENCE "RFC 2865 section 2"
420 ::= { radiusAuthServerExtEntry 5 }
422 -- Request/Response statistics
424 -- TotalIncomingPackets = Accepts + Rejects + Challenges +
427 -- TotalIncomingPackets - MalformedResponses -
428 -- BadAuthenticators - UnknownTypes - PacketsDropped =
432 -- Successfully received
434 -- AccessRequests + PendingRequests + ClientTimeouts =
435 -- Successfully received
439 radiusAuthClientExtAccessRequests OBJECT-TYPE
445 "The number of RADIUS Access-Request packets sent
446 to this server. This does not include retransmissions.
447 This counter may experience a discontinuity when the
448 RADIUS Client module within the managed entity is
449 reinitialized, as indicated by the current value of
450 radiusAuthClientCounterDiscontinuity."
451 REFERENCE "RFC 2865 section 4.1"
452 ::= { radiusAuthServerExtEntry 6 }
454 radiusAuthClientExtAccessRetransmissions OBJECT-TYPE
460 "The number of RADIUS Access-Request packets
461 retransmitted to this RADIUS authentication server.
462 This counter may experience a discontinuity when
463 the RADIUS Client module within the managed entity
464 is reinitialized, as indicated by the current value
465 of radiusAuthClientCounterDiscontinuity."
466 REFERENCE "RFC 2865 sections 2.5, 4.1"
467 ::= { radiusAuthServerExtEntry 7 }
469 radiusAuthClientExtAccessAccepts OBJECT-TYPE
475 "The number of RADIUS Access-Accept packets
476 (valid or invalid) received from this server.
477 This counter may experience a discontinuity when
478 the RADIUS Client module within the managed entity
479 is reinitialized, as indicated by the current value
483 of radiusAuthClientCounterDiscontinuity."
484 REFERENCE "RFC 2865 section 4.2"
485 ::= { radiusAuthServerExtEntry 8 }
487 radiusAuthClientExtAccessRejects OBJECT-TYPE
493 "The number of RADIUS Access-Reject packets
494 (valid or invalid) received from this server.
495 This counter may experience a discontinuity when
496 the RADIUS Client module within the managed
497 entity is reinitialized, as indicated by the
499 radiusAuthClientCounterDiscontinuity."
500 REFERENCE "RFC 2865 section 4.3"
501 ::= { radiusAuthServerExtEntry 9 }
503 radiusAuthClientExtAccessChallenges OBJECT-TYPE
509 "The number of RADIUS Access-Challenge packets
510 (valid or invalid) received from this server.
511 This counter may experience a discontinuity when
512 the RADIUS Client module within the managed
513 entity is reinitialized, as indicated by the
515 radiusAuthClientCounterDiscontinuity."
516 REFERENCE "RFC 2865 section 4.4"
517 ::= { radiusAuthServerExtEntry 10 }
519 -- "Access-Response" includes an Access-Accept, Access-Challenge,
522 radiusAuthClientExtMalformedAccessResponses OBJECT-TYPE
528 "The number of malformed RADIUS Access-Response
529 packets received from this server.
530 Malformed packets include packets with
534 an invalid length. Bad authenticators or
535 Message Authenticator attributes or unknown types
536 are not included as malformed access responses.
537 This counter may experience a discontinuity when
538 the RADIUS Client module within the managed entity
539 is reinitialized, as indicated by the current value
540 of radiusAuthClientCounterDiscontinuity."
541 REFERENCE "RFC 2865 sections 3, 4"
542 ::= { radiusAuthServerExtEntry 11 }
544 radiusAuthClientExtBadAuthenticators OBJECT-TYPE
550 "The number of RADIUS Access-Response packets
551 containing invalid authenticators or Message
552 Authenticator attributes received from this server.
553 This counter may experience a discontinuity when
554 the RADIUS Client module within the managed entity
555 is reinitialized, as indicated by the current value
556 of radiusAuthClientCounterDiscontinuity."
557 REFERENCE "RFC 2865 section 3"
558 ::= { radiusAuthServerExtEntry 12 }
560 radiusAuthClientExtPendingRequests OBJECT-TYPE
566 "The number of RADIUS Access-Request packets
567 destined for this server that have not yet timed out
568 or received a response. This variable is incremented
569 when an Access-Request is sent and decremented due to
570 receipt of an Access-Accept, Access-Reject,
571 Access-Challenge, timeout, or retransmission."
572 REFERENCE "RFC 2865 section 2"
573 ::= { radiusAuthServerExtEntry 13 }
575 radiusAuthClientExtTimeouts OBJECT-TYPE
581 "The number of authentication timeouts to this server.
585 After a timeout, the client may retry to the same
586 server, send to a different server, or
587 give up. A retry to the same server is counted as a
588 retransmit as well as a timeout. A send to a different
589 server is counted as a Request as well as a timeout.
590 This counter may experience a discontinuity when the
591 RADIUS Client module within the managed entity is
592 reinitialized, as indicated by the current value of
593 radiusAuthClientCounterDiscontinuity."
594 REFERENCE "RFC 2865 sections 2.5, 4.1"
595 ::= { radiusAuthServerExtEntry 14 }
597 radiusAuthClientExtUnknownTypes OBJECT-TYPE
603 "The number of RADIUS packets of unknown type that
604 were received from this server on the authentication
605 port. This counter may experience a discontinuity
606 when the RADIUS Client module within the managed
607 entity is reinitialized, as indicated by the current
608 value of radiusAuthClientCounterDiscontinuity."
609 REFERENCE "RFC 2865 section 4"
610 ::= { radiusAuthServerExtEntry 15 }
612 radiusAuthClientExtPacketsDropped OBJECT-TYPE
618 "The number of RADIUS packets that were
619 received from this server on the authentication port
620 and dropped for some other reason. This counter may
621 experience a discontinuity when the RADIUS Client
622 module within the managed entity is reinitialized,
623 as indicated by the current value of
624 radiusAuthClientCounterDiscontinuity."
625 ::= { radiusAuthServerExtEntry 16 }
627 radiusAuthClientCounterDiscontinuity OBJECT-TYPE
636 "The number of centiseconds since the last discontinuity
637 in the RADIUS Client counters. A discontinuity may
638 be the result of a reinitialization of the RADIUS
639 Client module within the managed entity."
640 ::= { radiusAuthServerExtEntry 17 }
643 -- conformance information
645 radiusAuthClientMIBConformance OBJECT IDENTIFIER
646 ::= { radiusAuthClientMIB 2 }
648 radiusAuthClientMIBCompliances OBJECT IDENTIFIER
649 ::= { radiusAuthClientMIBConformance 1 }
651 radiusAuthClientMIBGroups OBJECT IDENTIFIER
652 ::= { radiusAuthClientMIBConformance 2 }
655 -- compliance statements
657 radiusAuthClientMIBCompliance MODULE-COMPLIANCE
660 "The compliance statement for authentication clients
661 implementing the RADIUS Authentication Client MIB.
662 Implementation of this module is for IPv4-only
663 entities, or for backwards compatibility use with
664 entities that support both IPv4 and IPv6."
665 MODULE -- this module
666 MANDATORY-GROUPS { radiusAuthClientMIBGroup }
668 ::= { radiusAuthClientMIBCompliances 1 }
670 radiusAuthClientExtMIBCompliance MODULE-COMPLIANCE
673 "The compliance statement for authentication
674 clients implementing the RADIUS Authentication
675 Client IPv6 Extensions MIB. Implementation of
676 this module is for entities that support IPv6,
677 or support IPv4 and IPv6."
678 MODULE -- this module
679 MANDATORY-GROUPS { radiusAuthClientExtMIBGroup }
681 OBJECT radiusAuthServerInetAddressType
682 SYNTAX InetAddressType { ipv4(1), ipv6(2) }
687 "An implementation is only required to support
688 IPv4 and globally unique IPv6 addresses."
690 OBJECT radiusAuthServerInetAddress
691 SYNTAX InetAddress ( SIZE (4|16) )
693 "An implementation is only required to support
694 IPv4 and globally unique IPv6 addresses."
695 ::= { radiusAuthClientMIBCompliances 2 }
698 -- units of conformance
700 radiusAuthClientMIBGroup OBJECT-GROUP
701 OBJECTS { radiusAuthClientIdentifier,
702 radiusAuthClientInvalidServerAddresses,
703 radiusAuthServerAddress,
704 radiusAuthClientServerPortNumber,
705 radiusAuthClientRoundTripTime,
706 radiusAuthClientAccessRequests,
707 radiusAuthClientAccessRetransmissions,
708 radiusAuthClientAccessAccepts,
709 radiusAuthClientAccessRejects,
710 radiusAuthClientAccessChallenges,
711 radiusAuthClientMalformedAccessResponses,
712 radiusAuthClientBadAuthenticators,
713 radiusAuthClientPendingRequests,
714 radiusAuthClientTimeouts,
715 radiusAuthClientUnknownTypes,
716 radiusAuthClientPacketsDropped
720 "The basic collection of objects providing management of
721 RADIUS Authentication Clients."
722 ::= { radiusAuthClientMIBGroups 1 }
725 radiusAuthClientExtMIBGroup OBJECT-GROUP
726 OBJECTS { radiusAuthClientIdentifier,
727 radiusAuthClientInvalidServerAddresses,
728 radiusAuthServerInetAddressType,
729 radiusAuthServerInetAddress,
730 radiusAuthClientServerInetPortNumber,
731 radiusAuthClientExtRoundTripTime,
732 radiusAuthClientExtAccessRequests,
733 radiusAuthClientExtAccessRetransmissions,
734 radiusAuthClientExtAccessAccepts,
738 radiusAuthClientExtAccessRejects,
739 radiusAuthClientExtAccessChallenges,
740 radiusAuthClientExtMalformedAccessResponses,
741 radiusAuthClientExtBadAuthenticators,
742 radiusAuthClientExtPendingRequests,
743 radiusAuthClientExtTimeouts,
744 radiusAuthClientExtUnknownTypes,
745 radiusAuthClientExtPacketsDropped,
746 radiusAuthClientCounterDiscontinuity
750 "The collection of extended objects providing
751 management of RADIUS Authentication Clients
752 using version-neutral IP address format."
753 ::= { radiusAuthClientMIBGroups 2 }