1 ACCESSBIND-PIB PIB-DEFINITIONS ::= BEGIN
4 Unsigned32, Integer32, MODULE-IDENTITY,
5 MODULE-COMPLIANCE, OBJECT-TYPE, OBJECT-GROUP, pib
9 RoleCombination, PrcIdentifier
10 FROM FRAMEWORK-ROLE-PIB
11 InetAddress, InetAddressType
13 TruthValue, PhysAddress
16 accessBindPib MODULE-IDENTITY
17 SUBJECT-CATEGORIES { all }
18 LAST-UPDATED "200107101600Z"
19 ORGANIZATION "IETF RAP WG"
27 E-mail: wweiss@ellacoya.com
30 "A PIB module containing the set of classes to bind
31 authorization and authentication to COPS
34 ::= { pib xxx } -- xxx to be assigned by IANA
38 -- The branch OIDs in the AccessBind PIB
41 capabilityClasses OBJECT IDENTIFIER ::= { accessBindPib 1 }
42 sessionClasses OBJECT IDENTIFIER ::= { accessBindPib 2 }
43 accessorClasses OBJECT IDENTIFIER ::= { accessBindPib 3 }
44 contextClasses OBJECT IDENTIFIER ::= { accessBindPib 4 }
45 authClasses OBJECT IDENTIFIER ::= { accessBindPib 5 }
52 sessionTable OBJECT-TYPE
53 SYNTAX SEQUENCE OF SessionEntry
54 PIB-ACCESS install-notify
57 "An instance of this class is created by the PEP and sent
58 to the PDP. The PDP will fill in the sessionStatus field
59 and send the instance back when sending a decision."
61 ::= { sessionClasses 1 }
63 sessionEntry OBJECT-TYPE
67 "An instance of the sessionTable PRC."
69 PIB-INDEX { sessionId }
72 ::= { sessionTable 1 }
74 SessionEntry ::= SEQUENCE {
77 sessionStatus INTEGER,
78 sessionRealm OCTET STRING,
79 sessionUsername OCTET STRING,
81 sessionBinding ReferenceId,
82 sessionAccessor ReferenceId
89 "An index to uniquely identify an instance of this
92 ::= { sessionEntry 1 }
95 sessionStatus OBJECT-TYPE
103 "This attribute is set by the PDP. Set to true(1) if the
104 PDP has authorized the session, else set to false(2)."
106 ::= { sessionEntry 2 }
108 sessionRealm OBJECT-TYPE
112 "Realm name in which the client is requesting
113 access (sometimes referred to as a domain name."
115 ::= { sessionEntry 3 }
117 sessionUsername OBJECT-TYPE
121 "Unique user name to identify the client requesting
124 ::= { sessionEntry 4 }
126 sessionDataPath OBJECT-TYPE
131 "This attribute references the first functional data path
132 element to process data flow for this session. It is
133 first assigned by the PEP with the
134 accessorElementDefaultSessionDataPath in the
135 accessorElement and may optionally be reassigned by the
138 ::= { sessionEntry 5 }
141 sessionBinding OBJECT-TYPE
143 PIB-REFERENCES { sessionEntry }
146 "This attribute allows a PEP to indicate to the PDP that
147 this session was generated downstream on the data path
148 from a session for which an PEP has previously generated
149 an authorization request. This allows the PDP to
150 reference additional knowledge acquired from the previous
151 session such as the credentials or interface data. "
153 ::= { sessionEntry 6 }
156 sessionAccessor OBJECT-TYPE
158 PIB-REFERENCES { accessorEntry }
161 "This attribute references the instance of the previously
162 provisioned Accessor that resulted in this PEP Access
165 ::= { sessionEntry 7 }
172 accessorTable OBJECT-TYPE
173 SYNTAX SEQUENCE OF AccessorEntry
177 "The AccessorTable identifies when the PEP should send an
178 access or authentication request to the PDP. As a
179 result of this request, a new session may be started.
180 Hence, the AccessorTable can be said to create or remove
181 SessionTable entries. "
184 ::= { accessorClasses 1 }
186 accessorEntry OBJECT-TYPE
190 " An instance of this class defines the circumstances for
191 generating an access request, and provides the means for
192 specifying the contents of the PEP Access Request."
193 PIB-INDEX { accessorId }
194 UNIQUENESS { accessorRequestAuth,
196 accessorAuthProtocol,
198 accessorDefaultDataPath
201 ::= { accessorTable 1}
203 AccessorEntry::= SEQUENCE {
204 accessorId InstanceId,
205 accessorRequestAuth TruthValue,
206 accessorAccElmRef ReferenceId,
207 accessorAuthProtocol TagReferenceId,
208 accessorAuthContext TagReferenceId,
209 accessorDefaultDataPath Prid
212 accessorId OBJECT-TYPE
216 " An arbitrary integer index that uniquely identifies
217 an instance of the accessorTable class."
219 ::= { accessorEntry 1}
221 accessorRequestAuth OBJECT-TYPE
225 "Indicates whether or not authentication is required for
226 this session. TRUE indicates that authorization is
229 ::= { accessorEntry 2}
231 accessorAccElmRef OBJECT-TYPE
233 PIB-REFERENCES { accessorElementEntry }
236 "A reference to an AccessorElementTable instance which
238 determines the scope (criteria for generating a new
239 request) and interim forwarding behavior."
241 ::= { accessorEntry 3}
243 accessorAuthProtocol OBJECT-TYPE
244 SYNTAX TagReferenceId
245 PIB-TAG { accessorAuthProtocolGroup }
248 "Identifies a list of accessorAuthProtocolTable entries
249 associated with this accessor instance."
251 ::= { accessorEntry 4}
253 accessorAuthContext OBJECT-TYPE
254 SYNTAX TagReferenceId
255 PIB-TAG { contextDataGroup }
258 "Identifies a list of ContextDataTable entries
259 associated with this accessor instance."
261 ::= { accessorEntry 5}
263 accessorDefaultDataPath OBJECT-TYPE
267 "The data path for æout of scopeÆ traffic."
269 ::= { accessorEntry 6}
272 -- AccessorElement Table
275 accessorElementTable OBJECT-TYPE
276 SYNTAX SEQUENCE OF AccessorElementEntry
280 "This table defines the criteria to be used to generate
281 an access request. It also defines the interim forwarding
282 behavior pending a decision from the server."
283 ::= { accessorClasses 2 }
285 accessorElementEntry OBJECT-TYPE
286 SYNTAX AccessorElementEntry
289 "An instance of this class defines request trigger
290 criteria and interim forwarding behavior for packets."
292 PIB-INDEX { accessorElementId }
293 UNIQUENESS { accessorElementScope }
295 ::= { accessorElementTable 1}
297 AccessorElementEntry::= SEQUENCE {
298 accessorElementId InstanceId,
299 accessorElementScope TagReferenceId,
300 accessorElementInterimFwdBehavior INTEGER,
301 accessorElementDefaultSessionDataPath Prid
304 accessorElementId OBJECT-TYPE
308 "An arbitrary integer index that uniquely identifies an
309 instance of the accessorElementTable class."
311 ::= { accessorElementEntry 1}
313 accessorElementScope OBJECT-TYPE
314 SYNTAX TagReferenceId
315 PIB-TAG { accessorSessionScopeGroup }
318 "Identifies a list of AccessorSessionScopeTable instances
319 associated with an instance of this class. This list
320 defines the criteria for partitioning various portions of
321 traffic into distinct sessions."
323 ::= { accessorElementEntry 2}
325 accessorElementInterimFwdBehavior OBJECT-TYPE
333 "The forwarding behavior to use while awaiting a PDP
334 Access Response message."
336 ::= { accessorElementEntry 3}
338 accessorElementDefaultSessionDataPath OBJECT-TYPE
342 "The default data path for each session while waiting for
344 PDP Access Response message."
347 ::= { accessorElementEntry 4}
350 -- AccessorSessionScope Table
353 accessorSessionScopeTable OBJECT-TYPE
354 SYNTAX SEQUENCE OF AccessorSessionScopeEntry
358 "This class defines the criteria to be used for
359 partitioning various portions of traffic into distinct
362 ::= { accessorClasses 3 }
364 accessorSessionScopeEntry OBJECT-TYPE
365 SYNTAX AccessorSessionScopeEntry
368 "An instance of this class defines an individual criterion
369 to be used towards generating an access request."
370 PIB-INDEX { accessorSessionScopeId }
371 UNIQUENESS { accessorSessionScopeGroup,
372 accessorSessionScopeScopeRef
375 ::= { accessorSessionScopeTable 1}
377 AccessorSessionScopeEntry::= SEQUENCE {
378 accessorSessionScopeId InstanceId,
379 accessorSessionScopeGroup TagId,
380 accessorSessionScopeFilter Prid,
381 accessorSessionScopePrecedence INTEGER
384 accessorSessionScopeId OBJECT-TYPE
388 "An arbitrary integer index that uniquely identifies an
389 instance of the accessorSessionScopeTable class."
391 ::= { accessorSessionScopeEntry 1}
393 accessorSessionScopeGroup OBJECT-TYPE
397 "Represents the binding between the accessorElementTable
398 and the accessorSessionScope entries. A group of
400 accessorSessionScope entries constitutes the criteria for
401 partitioning various portions of traffic into distinct
404 ::= { accessorSessionScopeEntry 2}
406 accessorSessionScopeFilter OBJECT-TYPE
410 "Pointer to a filter to be used as the criteria."
411 ::= { accessorSessionScopeEntry 3}
413 accessorSessionScopePrecedence OBJECT-TYPE
417 "Represents the precedence of this criterion with respect
418 to other criteria within the same group. When the
419 precedence is unique, the instance represents an
420 alternative criteria (an ORing function). When the
421 precedence for two or more instances of the
422 accessorSessionScope class is the same, the attributes
423 within all the instances are treated collectively as a
424 single filter criteria."
426 ::= { accessorSessionScopeEntry 4}
430 -- AccessorAuthProtocol Table
436 accessorAuthProtocolTable OBJECT-TYPE
437 SYNTAX SEQUENCE OF AccessorAuthProtocolEntry
441 "This class lists the authentication protocols that can
442 be used for an access request originating from a
443 particular instance of the accessorTable."
445 ::= { accessorClasses 4 }
447 accessorAuthProtocolEntry OBJECT-TYPE
448 SYNTAX AccessorAuthProtocolEntry
451 "An instance of this class describes an authentication
452 protocol that may be used for an access request. Instances
454 of this class that share the same TagId value collectively
455 constitute a list of authentication protocols that may be
456 used for a given access request"
457 PIB-INDEX { accessorAuthProtocolId }
458 UNIQUENESS { accessorAuthProtocolGroup,
459 accessorAuthProtocolAuthMechanism
462 ::= { accessorAuthProtocolTable 1}
464 AccessorAuthProtocolEntry::= SEQUENCE {
465 accessorAuthProtocolId InstanceId,
466 accessorAuthProtocolGroup TagId,
467 accessorAuthProtocolAuthMechanism INTEGER
470 accessorAuthProtocolId OBJECT-TYPE
474 "An arbitrary integer index that uniquely identifies an
475 instance of the ContextDataTable class."
477 ::= { accessorAuthProtocolEntry 1}
479 accessorAuthProtocolGroup OBJECT-TYPE
483 "Represents a binding between an accessorTable instance
484 and a list of accessorAuthProtocolTable instances."
486 ::= { accessorAuthProtocolEntry 2}
488 accessorAuthProtocolAuthMechanism OBJECT-TYPE
497 "The authentication protocol that may be used for an
499 ::= { accessorAuthProtocolEntry 3}
509 contextDataTable OBJECT-TYPE
510 SYNTAX SEQUENCE OF ContextDataEntry
514 "This class points to the context information to be
515 included with an access request."
517 ::= { contextClasses 1 }
519 contextDataEntry OBJECT-TYPE
520 SYNTAX ContextDataEntry
523 "An instance of this class contains the type description
524 (COPS-PR OID) of the class which needs to be filled in by
525 the PEP and included with a PEP access request."
526 PIB-INDEX { contextDataId }
529 ::= { contextDataTable 1}
531 ContextDataEntry::= SEQUENCE {
532 contextDataId InstanceId,
533 contextDataGroup TagId,
534 contextDataSessionRef ReferenceId,
535 contextDataIfElement PrcIdentifier,
536 contextDataEncapsulation INTEGER
539 contextDataId OBJECT-TYPE
543 "An arbitrary integer index that uniquely identifies an
544 instance of the contextDataTable class."
546 ::= { contextDataEntry 1}
548 contextDataGroup OBJECT-TYPE
552 "Defines the grouping of contextData instances
553 that are applicable to a given Accessor. This attribute
554 MUST NOT be specified when the instance is used in
555 Session-specific contextData Request message."
557 ::= { contextDataEntry 2}
559 contextDataSessionRef OBJECT-TYPE
562 PIB-REFERENCES { sessionEntry }
565 "This attribute is used to specify the Session for which
566 the ContextData is being requested with a Session-
567 specific ContextData Request. This attribute MUST NOT be
568 specified when the instance of the ContextData class is
569 used in an Accessor Provisioning Decision message."
571 ::= { contextDataEntry 3}
573 contextDataIfElement OBJECT-TYPE
577 "The OID of a class whose instance is to be included with
578 the PEP access request or Session-specific ContextData
581 ::= { contextDataEntry 4}
583 contextDataEncapsulation OBJECT-TYPE
587 "This attribute allows one to distinguish between inner
588 and outer headers when there are multiple encapsulated
589 headers of the same type in a packet.
593 positive number ænÆ means the ænÆth header starting
595 negative number ænÆ means the ænÆth header starting from
598 ::= { contextDataEntry 5}
603 -- Layer 3 Header Data PRC
606 ctxtL3HdrTable OBJECT-TYPE
607 SYNTAX SEQUENCE OF ctxtL3HdrEntry
611 "An instance of this class is created by the PEP and sent
612 to the PDP to provide the PDP with information it
613 requested in the ContextData PRC. The PDP uses
614 this PRC to make Authentication/Provisioning decisions."
617 ::= { contextClasses 2 }
619 ctxtL3HdrEntry OBJECT-TYPE
620 SYNTAX CtxtL3HdrEntry
623 "An instance of the ctxtL3HdrTable PRC."
625 PIB-INDEX { ctxtL3HdrId }
628 ::= { ctxtL3HdrTable 1 }
630 CtxtL3HdrEntry::= SEQUENCE {
631 ctxtL3HdrId InstanceId,
632 ctxtL3HdrSrcAddrType InetAddressType,
633 ctxtL3HdrSrcAddr InetAddress,
634 ctxtL3HdrDstAddrType InetAddressType,
635 ctxtL3HdrDstAddr InetAddress,
636 ctxtL3HdrProtocol Unsigned32,
637 ctxtL3HdrSrcPort Unsigned32,
638 ctxtL3HdrDstPort Unsigned32,
639 ctxtL3HdrDscp Unsigned32,
640 ctxtL3HdrEcn TruthValue,
641 ctxtL3HdrIpOpt TruthValue,
642 ctxtL3HdrEncap Integer32
645 ctxtL3HdrId OBJECT-TYPE
649 "An index to uniquely identify an instance of this
652 ::= { ctxtL3HdrEntry 1 }
654 ctxtL3HdrSrcAddrType OBJECT-TYPE
655 SYNTAX InetAddressType
658 "The address type enumeration value [INETADDR] to specify
659 the type of the packet's source L3 address)."
661 ::= { ctxtL3HdrEntry 2 }
663 ctxtL3HdrSrcAddr OBJECT-TYPE
667 " The packet's source L3 address."
670 ::= { ctxtL3HdrEntry 3 }
672 ctxtL3HdrDstAddrType OBJECT-TYPE
673 SYNTAX InetAddressType
676 "The address type enumeration value [INETADDR] to specify
677 the type of the packet's destination L3 address."
679 ::= { ctxtL3HdrEntry 4 }
682 ctxtL3HdrDstAddr OBJECT-TYPE
686 "The packet's destination L3 address."
688 ::= { ctxtL3HdrEntry 5 }
691 ctxtL3HdrProtocol OBJECT-TYPE
695 "The packet's protocol field."
697 ::= { ctxtL3HdrEntry 6 }
699 ctxtL3HdrSrcPort OBJECT-TYPE
703 "This attribute binds an existing upstream session to
704 this session instance."
706 ::= { ctxtL3HdrEntry 7 }
708 ctxtL3HdrDstPort OBJECT-TYPE
712 "This attribute binds an existing upstream session to
713 this session instance."
715 ::= { ctxtL3HdrEntry 8 }
717 ctxtL3HdrDscp OBJECT-TYPE
724 ::= { ctxtL3HdrEntry 9 }
726 ctxtL3HdrEcn OBJECT-TYPE
730 "PEP sets this attribute to true(1) if ECN capable."
732 ::= { ctxtL3HdrEntry 10 }
734 ctxtL3HdrIpOpt OBJECT-TYPE
738 "IP Options field in the packet."
740 ::= { ctxtL3HdrEntry 11 }
742 ctxtL3HdrEncap OBJECT-TYPE
746 "This attribute specifies which encapsulated header is
747 being described. The sign on this value will be the same
748 as the value specified in the ContextData
749 instance that requested this header. If the original
750 ContextData instance specified a
751 ContextDataEncapsulation value of zero (meaning
752 return all headers), then all instances of this attribute
753 MUST be expressed as positive numbers.
757 positive number ænÆ means the ænÆth header starting
759 negative number ænÆ means the ænÆth header starting from
762 ::= { ctxtL3HdrEntry 12 }
766 -- 802.1 Header Data PRC
769 ctxt802HdrTable OBJECT-TYPE
770 SYNTAX SEQUENCE OF Ctxt802HdrEntry
774 "An instance of this class is created by the PEP and sent
775 to the PDP to provide the PDP with information it
776 requested in the ContextData PRC. The PDP uses
778 this PRC to make Authorization/Provisioning decisions."
780 ::= { contextClasses 3 }
782 ctxt802HdrEntry OBJECT-TYPE
783 SYNTAX Ctxt802HdrEntry
786 "An instance of the ctxt802HdrTable PRC."
788 PIB-INDEX { ctxt802HdrId }
791 ::= { ctxt802HdrTable 1 }
793 Ctxt802HdrEntry::= SEQUENCE {
794 ctxt802HdrId InstanceId,
795 ctxt802HdrSrcAddr PhysAddress,
796 ctxt802HdrDstAddr PhysAddress,
797 ctxt802HdrProtocol Unsigned32,
798 ctxt802HdrPriority BITS,
799 ctxt802HdrVlan Unsigned32,
800 ctxt802HdrEncap Integer32
803 ctxt802HdrId OBJECT-TYPE
807 "An index to uniquely identify an instance of this
810 ::= { ctxt802HdrEntry 1 }
813 ctxt802HdrSrcAddr OBJECT-TYPE
817 " The packet's source MAC address."
819 ::= { ctxt802HdrEntry 2 }
821 ctxt802HdrDstAddr OBJECT-TYPE
825 "The packet's destination MAC address."
827 ::= { ctxt802HdrEntry 3 }
830 ctxt802HdrProtocol OBJECT-TYPE
832 SYNTAX Unsigned32 (0..'ffff'h)
835 "The L2 packet's protocol field."
837 ::= { ctxt802HdrEntry 4 }
840 ctxt802HdrPriority OBJECT-TYPE
841 SYNTAX Unsigned32 (0..7)
844 "The L2 packet's priority field. This attribute is only
845 valid for packets using the 802.1q header extension."
847 ::= { ctxt802HdrEntry 5 }
849 ctxt802HdrVlan OBJECT-TYPE
850 SYNTAX Unsigned32 (1..4094)
853 "The L2 packet's VLAN field. This attribute is only valid
854 for packets using the 802.1q header extension."
856 ::= { ctxt802HdrEntry 6 }
858 ctxt802HdrEncap OBJECT-TYPE
862 "This attribute specifies which encapsulated header is
863 being described. The sign on this value will be the same
864 as the value specified in the ContextData
865 instance that requested this header. If the original
866 ContextData instance specified an
867 ContextDataEncapsulation value of zero (meaning
868 return all headers), then all instances of this attribute
869 MUST be expressed as positive numbers.
872 positive number ænÆ means the ænÆth header starting
874 negative number ænÆ means the ænÆth header starting from
877 ::= { ctxt802HdrEntry 7 }
881 -- CtxtDialupInterface Table
884 ctxtDialupInterfaceTable OBJECT-TYPE
886 SYNTAX SEQUENCE OF CtxtDialupInterfaceEntry
892 ::= { contextClasses 4 }
894 ctxtDialupInterfaceEntry OBJECT-TYPE
895 SYNTAX CtxtDialupInterfaceEntry
898 "Entry oid of the ctxtDialupInterfaceTable PRC."
900 PIB-INDEX { ctxtDialupInterfaceId }
903 ::= { ctxtDialupInterfaceTable 1 }
905 CtxtDialupInterfaceEntry::= SEQUENCE {
906 ctxtDialupInterfaceId InstanceId,
907 ctxtDialupInterfaceNASPort Integer32,
908 ctxtDialupInterfaceNASPortId OCTET STRING,
909 ctxtDialupInterfaceNASPortType INTEGER,
910 ctxtDialupInterfaceCalledStationId OCTET STRING,
911 ctxtDialupInterfaceCallingStationId OCTET STRING,
912 ctxtDialupInterfaceConnectInfo OCTET STRING
915 ctxtDialupInterfaceId OBJECT-TYPE
919 "An index to uniquely identify an instance of this
922 ::= { ctxtDialupInterfaceEntry 1 }
925 ctxtDialupInterfaceNASPort OBJECT-TYPE
929 "This Attribute indicates the physical port number of the
930 NAS which is authenticating the user. It is only used in
931 Access-Request packets. Note that this is using 'port'
932 in its sense of a physical connection on the NAS, not in
933 the sense of a TCP or UDP port number."
935 ::= { ctxtDialupInterfaceEntry 2 }
938 ctxtDialupInterfaceNASPortId OBJECT-TYPE
943 "This Attribute contains a text string which identifies
944 the port of the NAS which is authenticating the user. It
945 is only used in Access-Request and Accounting-Request
946 packets. Note that this is using 'port' in its sense of
947 a physical connection on the NAS, not in the sense of a
948 TCP or UDP port number. "
950 ::= { ctxtDialupInterfaceEntry 2 }
952 ctxtDialupInterfaceNASPortType OBJECT-TYPE
961 radHdlcClearChannel(7),
972 radWirelessOther(18),
973 radWirelessIEEE80211(19)
977 "This Attribute indicates the type of the physical port
978 of the NAS which is authenticating the user. It can be
979 used instead of or in addition to the radNasPort (5)
980 attribute. It is only used in Access-Request packets.
981 Either radNasPort (5) or radNasPortType or both SHOULD be
982 present in an Access-Request packet, if the NAS
983 differentiates among its ports.
985 A value of 'radAsync(0)' indicates Async.
987 A value of 'radSync(1)' indicates Sync.
989 A value of 'radIsdnSync(2)' indicates ISDN Sync.
991 A value of 'radIsdnAsyncV120(3)' indicates ISDN
995 A value of 'radIsdnAsyncV110(4)' indicates ISDN
998 A value of 'radVirtual(5)' indicates Virtual.
999 Virtual refers to a connection to the NAS via some
1000 transport protocol, instead of through a physical
1001 port. For example, if a user telnetted into a NAS to
1002 authenticate himself as an Outbound-User, the
1003 Access-Request might include radNasPortType =
1004 Virtual as a hint to the RADIUS server that the user
1005 was not on a physical port.
1007 A value of 'radPIAFS(6)' indicates PIAFS. PIAFS is a
1008 form of wireless ISDN commonly used in Japan, and
1009 stands for PHS (Personal Handyphone System) Internet
1010 Access Forum Standard (PIAFS).
1012 A value of 'radHdlcClearChannel(7)' indicates HDLC
1015 A value of 'radX25(8)' indicates X.25.
1017 A value of 'radX75(9)' indicates X.75.
1019 A value of 'radG3Fax(10)' indicates G.3 Fax.
1021 A value of 'radSDSL(11)' indicates SDSL û Symmetric
1024 A value of 'radAdslCAP(12)' indicates ADSL-CAP -
1025 Asymmetric DSL, Carrierless Amplitude Phase
1028 A value of 'radAdslDMT(13)' indicates ADSL-DMT -
1029 Asymmetric DSL, Discrete Multi-Tone.
1031 A value of 'radIdsl(14)' indicates IDSL û ISDN
1032 Digital Subscriber Line.
1034 A value of 'radEthernet(15)' indicates Ethernet.
1036 A value of 'radXdsl(16)' indicates xDSL - Digital
1037 Subscriber Line of unknown type.
1039 A value of 'radCable(17)' indicates Cable.
1041 A value of 'radWirelessOther(18)' indicates Wireless
1044 A value of 'radWirelessIEEE80211(19)' indicates
1045 Wireless - IEEE 802.11."
1046 ::= { ctxtDialupInterfaceEntry 2 }
1049 ctxtDialupInterfaceCalledStationId OBJECT-TYPE
1053 "This Attribute allows the NAS to send in the Access-
1054 Request packet the phone number that the user called,
1055 using Dialed Number Identification (DNIS) or similar
1056 technology. Note that this may be different from the
1057 phone number the call comes in on. It is only used in
1058 Access-Request packets. "
1059 ::= { ctxtDialupInterfaceEntry 2 }
1061 ctxtDialupInterfaceConnectInfo OBJECT-TYPE
1065 "This Attribute allows the NAS to send in the Access-
1066 Request packet the phone number that the call came from,
1067 using Automatic Number Identification (ANI) or similar
1068 technology. It is only used in Access-Request packets."
1069 ::= { ctxtDialupInterfaceEntry 2 }
1075 --- CtxtDialupInterfaceFramedProtocol Table
1078 ctxtDialupIfFramedProtocolTable OBJECT-TYPE
1079 SYNTAX SEQUENCE OF CtxtDialupIfFramedProtocolEntry
1085 ::= { contextClasses 5 }
1087 ctxtDialupIfFramedProtocolEntry OBJECT-TYPE
1088 SYNTAX CtxtDialupIfFramedProtocolEntry
1091 "Entry oid of the ctxtDialupIfFramedProtocolTable PRC."
1093 PIB-INDEX { ctxtDialupIfFramedProtocolId }
1096 ::= { ctxtDialupIfFramedProtocolTable 1 }
1098 CtxtDialupInterfaceEntry::= SEQUENCE {
1099 ctxtDialupIfFramedProtocolId InstanceId,
1100 ctxtDialupIfFramedProtocolProt INTEGER,
1102 ctxtDialupIfFramedProtocolMTU Integer32,
1103 ctxtDialupIfFramedProtocolCompression INTEGER,
1104 ctxtDialupIfFramedProtocolPortLimit Unsigned32,
1105 ctxtDialupIfFramedProtocolIpAddress IpAddress,
1106 ctxtDialupIfFramedProtocolIpNetmask IpAddress
1109 ctxtDialupIfFramedProtocolId OBJECT-TYPE
1113 "An index to uniquely identify an instance of this
1114 provisioning class."
1116 ::= { ctxtDialupIfFramedProtocolEntry 1 }
1119 ctxtDialupIfFramedProtocolProt OBJECT-TYPE
1126 radX75Synchronous(6)
1130 "This Attribute indicates the framing to be used for
1131 framed access. It MAY be used in both Access-Request and
1132 Access-Accept packets.
1134 A value of 'radPPP(1)' represents PPP.
1136 A value of 'radSLIP(2)' represents SLIP.
1138 A value of 'radARAP(3)' represents AppleTalk Remote
1139 Access Protocol (ARAP).
1141 A value of 'radGandalf(4)' represents Gandalf
1142 proprietary SingleLink/MultiLink protocol.
1144 A value of 'radXylogics(5)' represents Xylogics
1145 proprietary IPX/SLIP.
1147 A value of 'radX75Synchronous(6)' represents X.75
1150 ::= { ctxtDialupIfFramedProtocolEntry 2 }
1153 ctxtDialupIfFramedProtocolMTU OBJECT-TYPE
1158 "This Attribute indicates the Maximum Transmission Unit
1159 to be configured for the user, when it is not negotiated
1160 by some other means (such as PPP). It MAY be used in
1161 Access-Accept packets. It MAY be used in an Access-
1162 Request packet as a hint by the NAS to the server that it
1163 would prefer that value, but the server is not required
1166 ::= { ctxtDialupIfFramedProtocolEntry 3 }
1168 ctxtDialupIfFramedProtocolCompression OBJECT-TYPE
1177 "This Attribute indicates a compression protocol to be
1178 used for the link. It MAY be used in Access-Accept
1179 packets. It MAY be used in an Access-Request packet as a
1180 hint to the server that the NAS would prefer to use that
1181 compression, but the server is not required to honor the
1184 More than one compression protocol Attribute MAY be sent.
1185 It is the responsibility of the NAS to apply the proper
1186 compression protocol to appropriate link traffic.
1188 A value of 'radNone(0)' indicates None.
1190 A value of 'radVJ(1)' indicates VJ TCP/IP header
1193 A value of 'radIPXheader(2)' indicates IPX header
1196 A value of 'radStacLZS(3)' indicates Stac-LZS
1199 ::= { ctxtDialupIfFramedProtocolEntry 4 }
1202 ctxtDialupIfFramedProtocolPortLimit OBJECT-TYPE
1206 "This Attribute sets the maximum number of ports to be
1207 provided to the user by the NAS. This Attribute MAY be
1208 sent by the server to the client in an Access-Accept
1210 packet. It is intended for use in conjunction with
1211 Multilink PPP [10] or similar uses. It MAY also be sent
1212 by the NAS to the server as a hint that that many ports
1213 are desired for use, but the server is not required to
1216 ::= { ctxtDialupIfFramedProtocolEntry 5 }
1218 ctxtDialupIfFramedProtocolIpAddress OBJECT-TYPE
1222 "This Attribute indicates the address to be configured
1223 for the user. It MAY be used in Access-Accept packets.
1224 It MAY be used in an Access-Request packet as a hint by
1225 the NAS to the server that it would prefer that address,
1226 but the server is not required to honor the hint."
1228 ::= { ctxtDialupIfFramedProtocolEntry 6 }
1231 ctxtDialupIfFramedProtocolIpNetmask OBJECT-TYPE
1235 "This Attribute indicates the IP netmask to be configured
1236 for the user when the user is a router to a network. It
1237 MAY be used in Access-Accept packets. It MAY be used in
1238 an Access-Request packet as a hint by the NAS to the
1239 server that it would prefer that netmask, but the server
1240 is not required to honor the hint."
1242 ::= { ctxtDialupIfFramedProtocolEntry 7 }
1248 --- CtxtDialupIfLoginService Table
1251 ctxtDialupIfLoginServiceTable OBJECT-TYPE
1252 SYNTAX SEQUENCE OF CtxtDialupIfLoginServiceEntry
1258 ::= { contextClasses 6 }
1260 ctxtDialupIfLoginServiceEntry OBJECT-TYPE
1261 SYNTAX CtxtDialupIfLoginServiceEntry
1265 "Entry oid of the ctxtDialupIfLoginServiceTable PRC."
1267 PIB-INDEX { ctxtDialupIfLoginServiceId }
1270 ::= { ctxtDialupIfLoginServiceTable 1 }
1274 CtxtDialupIfLoginServiceEntry::= SEQUENCE {
1275 ctxtDialupIfLoginServiceId InstanceId,
1276 ctxtDialupIfLoginIpHost IpAddress
1279 ctxtDialupIfLoginServiceId OBJECT-TYPE
1283 "An index to uniquely identify an instance of this
1284 provisioning class."
1286 ::= { ctxtDialupIfLoginServiceEntry 1 }
1289 ctxtDialupIfLoginIpHost OBJECT-TYPE
1295 ::= { ctxtDialupIfLoginServiceEntry 2 }
1300 --- CtxtDialupIfLoginLat Table (Extends CtxtDialupIfLoginService)
1303 ctxtDialupIfLoginLatTable OBJECT-TYPE
1304 SYNTAX SEQUENCE OF CtxtDialupIfLoginLatEntry
1310 ::= { contextClasses 7 }
1312 ctxtDialupIfLoginLatEntry OBJECT-TYPE
1313 SYNTAX CtxtDialupIfLoginLatEntry
1316 "Entry oid of the ctxtDialupIfLoginLatTable PRC."
1319 EXTENDS { ctxtDialupIfLoginServiceEntry }
1322 ::= { ctxtDialupIfLoginLatTable 1 }
1325 CtxtDialupIfLoginLatEntry::= SEQUENCE {
1326 ctxtDialupIfLoginLatService OCTET STRING,
1327 ctxtDialupIfLoginLatNode OCTET STRING,
1328 ctxtDialupIfLoginLatGroup OCTET STRING,
1329 ctxtDialupIfLoginLatPort OCTET STRING
1333 ctxtDialupIfLoginLatService OBJECT-TYPE
1339 ::= { ctxtDialupIfLoginLatEntry 1 }
1341 ctxtDialupIfLoginLatNode OBJECT-TYPE
1347 ::= { ctxtDialupIfLoginLatEntry 2 }
1349 ctxtDialupIfLoginLatGroup OBJECT-TYPE
1355 ::= { ctxtDialupIfLoginLatEntry 3 }
1357 ctxtDialupIfLoginLatPort OBJECT-TYPE
1363 ::= { ctxtDialupIfLoginLatEntry 4 }
1367 -- Authentication Extension Tables
1372 -- AuthExtensions Base Table
1375 authExtTable OBJECT-TYPE
1376 SYNTAX SEQUENCE OF AuthExtEntry
1377 PIB-ACCESS install-notify
1380 "This is an abstract PRC. This PRC can be extended by
1381 authentication PRCs that contain attributes specific to
1382 that authentication protocol. An instance of the extended
1383 class is created by the PEP and sent to the PDP. The PDP
1384 may send information back to the PEP or may uses the
1385 information to authenticate the PEP's access request. This
1386 PRC itself should not be instantiated.
1388 This is a ætransientÆ class. Its instances are temporary
1389 and are deleted by the PEP after a certain time/event.
1390 Thus it must not be referred to by the server."
1392 ::= { authClasses 1 }
1394 authExtEntry OBJECT-TYPE
1398 "Entry oid for the AuthExtTable PRC."
1400 PIB-INDEX { authExtId }
1403 ::= { authExtTable 1 }
1405 AuthExtEntry ::= SEQUENCE {
1406 authExtId InstanceId,
1407 authExtSession ReferenceId
1410 authExtId OBJECT-TYPE
1414 "An index to uniquely identify an instance of the
1415 entended provisioning class."
1417 ::= { authExtEntry 1 }
1419 authExtSession OBJECT-TYPE
1421 PIB-REFERENCES { sessionEntry }
1424 "This attribute is set by the PEP to reference the
1426 session for which authentication is being requested."
1428 ::= { authExtEntry 2 }
1436 -- AuthChapExt Table
1439 authChapExtTable OBJECT-TYPE
1440 SYNTAX SEQUENCE OF AuthChapExtEntry
1444 "This is a concrete PRC used to contain CHAP
1445 authentication fields. This PRC extends the base PRC
1448 ::= { authClasses 2 }
1450 authChapExtEntry OBJECT-TYPE
1451 SYNTAX AuthChapExtEntry
1454 "Entry oid for the AuthChapExtTable PRC. InstanceId's for
1455 this extended PRC are assigned by the base PRC [SPPI]."
1457 EXTENDS { authExtEntry }
1460 ::= { authChapExtTable 1 }
1462 AuthChapExtEntry::= SEQUENCE {
1463 authChapExtId Unsigned32,
1464 authChapExtChal OCTET STRING,
1465 authChapExtResp OCTET STRING
1468 authChapExtId OBJECT-TYPE
1474 ::= { authChapExtEntry 1 }
1476 authChapExtChal OBJECT-TYPE
1481 "CHAP Challenge octet string. The challenge is generated
1484 ::= { authChapExtEntry 2 }
1486 authChapExtResp OBJECT-TYPE
1490 "CHAP Challenge Response octet string. The challenge
1491 response is sent to the PDP along with the challenge."
1493 ::= { authChapExtEntry 3 }
1500 authPapExtTable OBJECT-TYPE
1501 SYNTAX SEQUENCE OF AuthPapExtEntry
1505 "This is a concrete PRC used to contain PAP
1506 authentication fields. This PRC extends the base PRC
1509 ::= { authClasses 3 }
1511 authPapExtEntry OBJECT-TYPE
1512 SYNTAX AuthPapExtEntry
1515 "Entry oid for the AuthPapExtTable PRC. InstanceId's for
1516 this extended PRC are assigned by the base PRC [SPPI]."
1518 EXTENDS { authExtEntry }
1521 ::= { authPapExtTable 1 }
1523 AuthPapExtEntry::= SEQUENCE {
1524 authPapExtPwd OCTET STRING
1527 authPapExtPwd OBJECT-TYPE
1531 "PAP password octet string."
1534 ::= { authPapExtEntry 1 }
1538 -- AuthEapReqExt Table
1541 authEapReqExtTable OBJECT-TYPE
1542 SYNTAX SEQUENCE OF AuthEapReqExtEntry
1546 "This is a concrete PRC used to contain EAP
1547 authentication fields. This PRC extends the base PRC
1548 authExtEntry. The PEP uses this PRC to send EAP messages
1551 ::= { authClasses 4 }
1553 authEapReqExtEntry OBJECT-TYPE
1554 SYNTAX AuthEapReqExtEntry
1557 "Entry oid for the authEapReqExtTable PRC. InstanceId's
1558 for this extended PRC are assigned by the base PRC
1561 EXTENDS { authExtEntry }
1564 ::= { authEapReqExtTable 1 }
1566 AuthEapReqExtEntry::= SEQUENCE {
1567 authEapReqExtSpecific OCTET STRING
1570 authEapReqExtSpecific OBJECT-TYPE
1574 "Opaque EAP Request octet string."
1576 ::= { authEapReqExtEntry 1 }
1580 -- AuthEapRespExt Table
1583 authEapRespExtTable OBJECT-TYPE
1584 SYNTAX SEQUENCE OF AuthEapRespExtEntry
1589 "This is a concrete PRC used to contain EAP
1590 authentication fields. This PRC extends the base PRC
1591 authExtEntry. The PDP responds using this PRC for EAP
1594 ::= { authClasses 5 }
1596 authEapRespExtEntry OBJECT-TYPE
1597 SYNTAX AuthEapRespExtEntry
1600 "Entry oid for the authEapRespExtTable PRC. InstanceId's
1601 for this extended PRC are assigned by the base PRC
1604 EXTENDS { authExtEntry }
1607 ::= { authEapRespExtTable 1 }
1609 AuthEapRespExtEntry::= SEQUENCE {
1610 authEapRespExtSpecific OCTET STRING
1613 authEapRespExtSpecific OBJECT-TYPE
1617 "Opaque EAP Response octet string."
1619 ::= { authEapRespExtEntry 1 }
1623 -- conformance section tbd