1 RADIUS-AUTH-CLIENT-MIB DEFINITIONS ::= BEGIN
4 MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY,
5 Counter32, Integer32, Gauge32,
6 IpAddress, TimeTicks, mib-2 FROM SNMPv2-SMI
7 SnmpAdminString FROM SNMP-FRAMEWORK-MIB
8 InetAddressType, InetAddress,
9 InetPortNumber FROM INET-ADDRESS-MIB
10 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF;
13 radiusAuthClientMIB MODULE-IDENTITY
14 LAST-UPDATED "200608210000Z" -- 21 August 2006
15 ORGANIZATION "IETF RADIUS Extensions Working Group."
22 Phone: +1 425 936 6605
23 EMail: bernarda@microsoft.com"
25 "The MIB module for entities implementing the client
26 side of the Remote Authentication Dial-In User Service
27 (RADIUS) authentication protocol. Copyright (C) The
28 Internet Society (2006). This version of this MIB
29 module is part of RFC 4668; see the RFC itself for
31 REVISION "200608210000Z" -- 21 August 2006
33 "Revised version as published in RFC 4668. This
34 version obsoletes that of RFC 2618 by deprecating
35 the MIB table containing IPv4-only address formats
36 and defining a new table to add support for version
37 neutral IP address formats. The remaining MIB objects
38 from RFC 2618 are carried forward into this version."
39 REVISION "199906110000Z" -- 11 Jun 1999
40 DESCRIPTION "Initial version as published in RFC 2618."
41 ::= { radiusAuthentication 2 }
43 radiusMIB OBJECT-IDENTITY
46 "The OID assigned to RADIUS MIB work by the IANA."
49 radiusAuthentication OBJECT IDENTIFIER ::= {radiusMIB 1}
51 radiusAuthClientMIBObjects OBJECT IDENTIFIER
52 ::= { radiusAuthClientMIB 1 }
54 radiusAuthClient OBJECT IDENTIFIER
55 ::= { radiusAuthClientMIBObjects 1 }
57 radiusAuthClientInvalidServerAddresses OBJECT-TYPE
63 "The number of RADIUS Access-Response packets
64 received from unknown addresses."
65 ::= { radiusAuthClient 1 }
67 radiusAuthClientIdentifier OBJECT-TYPE
68 SYNTAX SnmpAdminString
72 "The NAS-Identifier of the RADIUS authentication client.
73 This is not necessarily the same as sysName in MIB II."
74 REFERENCE "RFC 2865 section 5.32"
75 ::= { radiusAuthClient 2 }
77 radiusAuthServerTable OBJECT-TYPE
78 SYNTAX SEQUENCE OF RadiusAuthServerEntry
79 MAX-ACCESS not-accessible
82 "The (conceptual) table listing the RADIUS authentication
83 servers with which the client shares a secret."
84 ::= { radiusAuthClient 3 }
86 radiusAuthServerEntry OBJECT-TYPE
87 SYNTAX RadiusAuthServerEntry
88 MAX-ACCESS not-accessible
91 "An entry (conceptual row) representing a RADIUS
92 authentication server with which the client shares
94 INDEX { radiusAuthServerIndex }
95 ::= { radiusAuthServerTable 1 }
97 RadiusAuthServerEntry ::= SEQUENCE {
98 radiusAuthServerIndex Integer32,
99 radiusAuthServerAddress IpAddress,
100 radiusAuthClientServerPortNumber Integer32,
101 radiusAuthClientRoundTripTime TimeTicks,
102 radiusAuthClientAccessRequests Counter32,
103 radiusAuthClientAccessRetransmissions Counter32,
104 radiusAuthClientAccessAccepts Counter32,
105 radiusAuthClientAccessRejects Counter32,
106 radiusAuthClientAccessChallenges Counter32,
107 radiusAuthClientMalformedAccessResponses Counter32,
108 radiusAuthClientBadAuthenticators Counter32,
109 radiusAuthClientPendingRequests Gauge32,
110 radiusAuthClientTimeouts Counter32,
111 radiusAuthClientUnknownTypes Counter32,
112 radiusAuthClientPacketsDropped Counter32
115 radiusAuthServerIndex OBJECT-TYPE
116 SYNTAX Integer32 (1..2147483647)
117 MAX-ACCESS not-accessible
120 "A number uniquely identifying each RADIUS
121 Authentication server with which this client
123 ::= { radiusAuthServerEntry 1 }
125 radiusAuthServerAddress OBJECT-TYPE
130 "The IP address of the RADIUS authentication server
131 referred to in this table entry."
132 ::= { radiusAuthServerEntry 2 }
134 radiusAuthClientServerPortNumber OBJECT-TYPE
135 SYNTAX Integer32 (0..65535)
139 "The UDP port the client is using to send requests to
141 REFERENCE "RFC 2865 section 3"
142 ::= { radiusAuthServerEntry 3 }
144 radiusAuthClientRoundTripTime OBJECT-TYPE
149 "The time interval (in hundredths of a second) between
150 the most recent Access-Reply/Access-Challenge and the
151 Access-Request that matched it from this RADIUS
152 authentication server."
153 ::= { radiusAuthServerEntry 4 }
155 -- Request/Response statistics
157 -- TotalIncomingPackets = Accepts + Rejects + Challenges +
160 -- TotalIncomingPackets - MalformedResponses -
161 -- BadAuthenticators - UnknownTypes - PacketsDropped =
162 -- Successfully received
164 -- AccessRequests + PendingRequests + ClientTimeouts =
165 -- Successfully received
169 radiusAuthClientAccessRequests OBJECT-TYPE
175 "The number of RADIUS Access-Request packets sent
176 to this server. This does not include retransmissions."
177 REFERENCE "RFC 2865 section 4.1"
178 ::= { radiusAuthServerEntry 5 }
180 radiusAuthClientAccessRetransmissions OBJECT-TYPE
186 "The number of RADIUS Access-Request packets
187 retransmitted to this RADIUS authentication server."
188 REFERENCE "RFC 2865 sections 2.5, 4.1"
189 ::= { radiusAuthServerEntry 6 }
191 radiusAuthClientAccessAccepts OBJECT-TYPE
197 "The number of RADIUS Access-Accept packets
198 (valid or invalid) received from this server."
199 REFERENCE "RFC 2865 section 4.2"
200 ::= { radiusAuthServerEntry 7 }
202 radiusAuthClientAccessRejects OBJECT-TYPE
208 "The number of RADIUS Access-Reject packets
209 (valid or invalid) received from this server."
210 REFERENCE "RFC 2865 section 4.3"
211 ::= { radiusAuthServerEntry 8 }
212 radiusAuthClientAccessChallenges OBJECT-TYPE
218 "The number of RADIUS Access-Challenge packets
219 (valid or invalid) received from this server."
220 REFERENCE "RFC 2865 section 4.4"
221 ::= { radiusAuthServerEntry 9 }
223 -- "Access-Response" includes an Access-Accept, Access-Challenge
226 radiusAuthClientMalformedAccessResponses OBJECT-TYPE
232 "The number of malformed RADIUS Access-Response
233 packets received from this server.
234 Malformed packets include packets with
235 an invalid length. Bad authenticators or
236 Message Authenticator attributes or unknown types
237 are not included as malformed access responses."
238 ::= { radiusAuthServerEntry 10 }
240 radiusAuthClientBadAuthenticators OBJECT-TYPE
246 "The number of RADIUS Access-Response packets
247 containing invalid authenticators or Message
248 Authenticator attributes received from this server."
249 REFERENCE "RFC 2865 section 3, RFC 2869 section 5.14"
250 ::= { radiusAuthServerEntry 11 }
252 radiusAuthClientPendingRequests OBJECT-TYPE
257 "The number of RADIUS Access-Request packets
258 destined for this server that have not yet timed out
259 or received a response. This variable is incremented
260 when an Access-Request is sent and decremented due to
261 receipt of an Access-Accept, Access-Reject,
262 Access-Challenge, timeout, or retransmission."
263 REFERENCE "RFC 2865 section 2"
264 ::= { radiusAuthServerEntry 12 }
266 radiusAuthClientTimeouts OBJECT-TYPE
272 "The number of authentication timeouts to this server.
273 After a timeout, the client may retry to the same
274 server, send to a different server, or
275 give up. A retry to the same server is counted as a
276 retransmit as well as a timeout. A send to a different
277 server is counted as a Request as well as a timeout."
278 REFERENCE "RFC 2865 section 2, RFC 2869 section 2.3.2"
279 ::= { radiusAuthServerEntry 13 }
281 radiusAuthClientUnknownTypes OBJECT-TYPE
287 "The number of RADIUS packets of unknown type that
288 were received from this server on the authentication
290 ::= { radiusAuthServerEntry 14 }
292 radiusAuthClientPacketsDropped OBJECT-TYPE
298 "The number of RADIUS packets that were
299 received from this server on the authentication port
300 and dropped for some other reason."
301 ::= { radiusAuthServerEntry 15 }
304 -- New MIB Objects in this revision
306 radiusAuthServerExtTable OBJECT-TYPE
307 SYNTAX SEQUENCE OF RadiusAuthServerExtEntry
308 MAX-ACCESS not-accessible
311 "The (conceptual) table listing the RADIUS authentication
312 servers with which the client shares a secret."
313 ::= { radiusAuthClient 4 }
315 radiusAuthServerExtEntry OBJECT-TYPE
316 SYNTAX RadiusAuthServerExtEntry
317 MAX-ACCESS not-accessible
320 "An entry (conceptual row) representing a RADIUS
321 authentication server with which the client shares
323 INDEX { radiusAuthServerExtIndex }
324 ::= { radiusAuthServerExtTable 1 }
326 RadiusAuthServerExtEntry ::= SEQUENCE {
327 radiusAuthServerExtIndex Integer32,
328 radiusAuthServerInetAddressType InetAddressType,
329 radiusAuthServerInetAddress InetAddress,
330 radiusAuthClientServerInetPortNumber InetPortNumber,
331 radiusAuthClientExtRoundTripTime TimeTicks,
332 radiusAuthClientExtAccessRequests Counter32,
333 radiusAuthClientExtAccessRetransmissions Counter32,
334 radiusAuthClientExtAccessAccepts Counter32,
335 radiusAuthClientExtAccessRejects Counter32,
336 radiusAuthClientExtAccessChallenges Counter32,
337 radiusAuthClientExtMalformedAccessResponses Counter32,
338 radiusAuthClientExtBadAuthenticators Counter32,
339 radiusAuthClientExtPendingRequests Gauge32,
340 radiusAuthClientExtTimeouts Counter32,
341 radiusAuthClientExtUnknownTypes Counter32,
342 radiusAuthClientExtPacketsDropped Counter32,
343 radiusAuthClientCounterDiscontinuity TimeTicks
346 radiusAuthServerExtIndex OBJECT-TYPE
347 SYNTAX Integer32 (1..2147483647)
348 MAX-ACCESS not-accessible
351 "A number uniquely identifying each RADIUS
352 Authentication server with which this client
354 ::= { radiusAuthServerExtEntry 1 }
355 radiusAuthServerInetAddressType OBJECT-TYPE
356 SYNTAX InetAddressType
360 "The type of address format used for the
361 radiusAuthServerInetAddress object."
362 ::= { radiusAuthServerExtEntry 2 }
364 radiusAuthServerInetAddress OBJECT-TYPE
369 "The IP address of the RADIUS authentication
370 server referred to in this table entry, using
371 the version-neutral IP address format."
372 ::= { radiusAuthServerExtEntry 3 }
374 radiusAuthClientServerInetPortNumber OBJECT-TYPE
375 SYNTAX InetPortNumber ( 1..65535 )
379 "The UDP port the client is using to send requests
380 to this server. The value of zero (0) is invalid."
381 REFERENCE "RFC 2865 section 3"
382 ::= { radiusAuthServerExtEntry 4 }
384 radiusAuthClientExtRoundTripTime OBJECT-TYPE
389 "The time interval (in hundredths of a second) between
390 the most recent Access-Reply/Access-Challenge and the
391 Access-Request that matched it from this RADIUS
392 authentication server."
393 REFERENCE "RFC 2865 section 2"
394 ::= { radiusAuthServerExtEntry 5 }
396 -- Request/Response statistics
398 -- TotalIncomingPackets = Accepts + Rejects + Challenges +
401 -- TotalIncomingPackets - MalformedResponses -
402 -- BadAuthenticators - UnknownTypes - PacketsDropped =
403 -- Successfully received
405 -- AccessRequests + PendingRequests + ClientTimeouts =
406 -- Successfully received
410 radiusAuthClientExtAccessRequests OBJECT-TYPE
416 "The number of RADIUS Access-Request packets sent
417 to this server. This does not include retransmissions.
418 This counter may experience a discontinuity when the
419 RADIUS Client module within the managed entity is
420 reinitialized, as indicated by the current value of
421 radiusAuthClientCounterDiscontinuity."
422 REFERENCE "RFC 2865 section 4.1"
423 ::= { radiusAuthServerExtEntry 6 }
425 radiusAuthClientExtAccessRetransmissions OBJECT-TYPE
431 "The number of RADIUS Access-Request packets
432 retransmitted to this RADIUS authentication server.
433 This counter may experience a discontinuity when
434 the RADIUS Client module within the managed entity
435 is reinitialized, as indicated by the current value
436 of radiusAuthClientCounterDiscontinuity."
437 REFERENCE "RFC 2865 sections 2.5, 4.1"
438 ::= { radiusAuthServerExtEntry 7 }
440 radiusAuthClientExtAccessAccepts OBJECT-TYPE
446 "The number of RADIUS Access-Accept packets
447 (valid or invalid) received from this server.
448 This counter may experience a discontinuity when
449 the RADIUS Client module within the managed entity
450 is reinitialized, as indicated by the current value
451 of radiusAuthClientCounterDiscontinuity."
452 REFERENCE "RFC 2865 section 4.2"
453 ::= { radiusAuthServerExtEntry 8 }
455 radiusAuthClientExtAccessRejects OBJECT-TYPE
461 "The number of RADIUS Access-Reject packets
462 (valid or invalid) received from this server.
463 This counter may experience a discontinuity when
464 the RADIUS Client module within the managed
465 entity is reinitialized, as indicated by the
467 radiusAuthClientCounterDiscontinuity."
468 REFERENCE "RFC 2865 section 4.3"
469 ::= { radiusAuthServerExtEntry 9 }
471 radiusAuthClientExtAccessChallenges OBJECT-TYPE
477 "The number of RADIUS Access-Challenge packets
478 (valid or invalid) received from this server.
479 This counter may experience a discontinuity when
480 the RADIUS Client module within the managed
481 entity is reinitialized, as indicated by the
483 radiusAuthClientCounterDiscontinuity."
484 REFERENCE "RFC 2865 section 4.4"
485 ::= { radiusAuthServerExtEntry 10 }
487 -- "Access-Response" includes an Access-Accept, Access-Challenge,
490 radiusAuthClientExtMalformedAccessResponses OBJECT-TYPE
496 "The number of malformed RADIUS Access-Response
497 packets received from this server.
498 Malformed packets include packets with
499 an invalid length. Bad authenticators or
500 Message Authenticator attributes or unknown types
501 are not included as malformed access responses.
502 This counter may experience a discontinuity when
503 the RADIUS Client module within the managed entity
504 is reinitialized, as indicated by the current value
505 of radiusAuthClientCounterDiscontinuity."
506 REFERENCE "RFC 2865 sections 3, 4"
507 ::= { radiusAuthServerExtEntry 11 }
509 radiusAuthClientExtBadAuthenticators OBJECT-TYPE
515 "The number of RADIUS Access-Response packets
516 containing invalid authenticators or Message
517 Authenticator attributes received from this server.
518 This counter may experience a discontinuity when
519 the RADIUS Client module within the managed entity
520 is reinitialized, as indicated by the current value
521 of radiusAuthClientCounterDiscontinuity."
522 REFERENCE "RFC 2865 section 3"
523 ::= { radiusAuthServerExtEntry 12 }
525 radiusAuthClientExtPendingRequests OBJECT-TYPE
531 "The number of RADIUS Access-Request packets
532 destined for this server that have not yet timed out
533 or received a response. This variable is incremented
534 when an Access-Request is sent and decremented due to
535 receipt of an Access-Accept, Access-Reject,
536 Access-Challenge, timeout, or retransmission."
537 REFERENCE "RFC 2865 section 2"
538 ::= { radiusAuthServerExtEntry 13 }
540 radiusAuthClientExtTimeouts OBJECT-TYPE
546 "The number of authentication timeouts to this server.
547 After a timeout, the client may retry to the same
548 server, send to a different server, or
549 give up. A retry to the same server is counted as a
550 retransmit as well as a timeout. A send to a different
551 server is counted as a Request as well as a timeout.
552 This counter may experience a discontinuity when the
553 RADIUS Client module within the managed entity is
554 reinitialized, as indicated by the current value of
555 radiusAuthClientCounterDiscontinuity."
556 REFERENCE "RFC 2865 sections 2.5, 4.1"
557 ::= { radiusAuthServerExtEntry 14 }
559 radiusAuthClientExtUnknownTypes OBJECT-TYPE
565 "The number of RADIUS packets of unknown type that
566 were received from this server on the authentication
567 port. This counter may experience a discontinuity
568 when the RADIUS Client module within the managed
569 entity is reinitialized, as indicated by the current
570 value of radiusAuthClientCounterDiscontinuity."
571 REFERENCE "RFC 2865 section 4"
572 ::= { radiusAuthServerExtEntry 15 }
574 radiusAuthClientExtPacketsDropped OBJECT-TYPE
580 "The number of RADIUS packets that were
581 received from this server on the authentication port
582 and dropped for some other reason. This counter may
583 experience a discontinuity when the RADIUS Client
584 module within the managed entity is reinitialized,
585 as indicated by the current value of
586 radiusAuthClientCounterDiscontinuity."
587 ::= { radiusAuthServerExtEntry 16 }
589 radiusAuthClientCounterDiscontinuity OBJECT-TYPE
595 "The number of centiseconds since the last discontinuity
596 in the RADIUS Client counters. A discontinuity may
597 be the result of a reinitialization of the RADIUS
598 Client module within the managed entity."
599 ::= { radiusAuthServerExtEntry 17 }
602 -- conformance information
604 radiusAuthClientMIBConformance OBJECT IDENTIFIER
605 ::= { radiusAuthClientMIB 2 }
607 radiusAuthClientMIBCompliances OBJECT IDENTIFIER
608 ::= { radiusAuthClientMIBConformance 1 }
610 radiusAuthClientMIBGroups OBJECT IDENTIFIER
611 ::= { radiusAuthClientMIBConformance 2 }
614 -- compliance statements
616 radiusAuthClientMIBCompliance MODULE-COMPLIANCE
619 "The compliance statement for authentication clients
620 implementing the RADIUS Authentication Client MIB.
621 Implementation of this module is for IPv4-only
622 entities, or for backwards compatibility use with
623 entities that support both IPv4 and IPv6."
624 MODULE -- this module
625 MANDATORY-GROUPS { radiusAuthClientMIBGroup }
627 ::= { radiusAuthClientMIBCompliances 1 }
629 radiusAuthClientExtMIBCompliance MODULE-COMPLIANCE
632 "The compliance statement for authentication
633 clients implementing the RADIUS Authentication
634 Client IPv6 Extensions MIB. Implementation of
635 this module is for entities that support IPv6,
636 or support IPv4 and IPv6."
637 MODULE -- this module
638 MANDATORY-GROUPS { radiusAuthClientExtMIBGroup }
640 OBJECT radiusAuthServerInetAddressType
641 SYNTAX InetAddressType { ipv4(1), ipv6(2) }
643 "An implementation is only required to support
644 IPv4 and globally unique IPv6 addresses."
646 OBJECT radiusAuthServerInetAddress
647 SYNTAX InetAddress ( SIZE (4|16) )
649 "An implementation is only required to support
650 IPv4 and globally unique IPv6 addresses."
651 ::= { radiusAuthClientMIBCompliances 2 }
654 -- units of conformance
656 radiusAuthClientMIBGroup OBJECT-GROUP
657 OBJECTS { radiusAuthClientIdentifier,
658 radiusAuthClientInvalidServerAddresses,
659 radiusAuthServerAddress,
660 radiusAuthClientServerPortNumber,
661 radiusAuthClientRoundTripTime,
662 radiusAuthClientAccessRequests,
663 radiusAuthClientAccessRetransmissions,
664 radiusAuthClientAccessAccepts,
665 radiusAuthClientAccessRejects,
666 radiusAuthClientAccessChallenges,
667 radiusAuthClientMalformedAccessResponses,
668 radiusAuthClientBadAuthenticators,
669 radiusAuthClientPendingRequests,
670 radiusAuthClientTimeouts,
671 radiusAuthClientUnknownTypes,
672 radiusAuthClientPacketsDropped
676 "The basic collection of objects providing management of
677 RADIUS Authentication Clients."
678 ::= { radiusAuthClientMIBGroups 1 }
681 radiusAuthClientExtMIBGroup OBJECT-GROUP
682 OBJECTS { radiusAuthClientIdentifier,
683 radiusAuthClientInvalidServerAddresses,
684 radiusAuthServerInetAddressType,
685 radiusAuthServerInetAddress,
686 radiusAuthClientServerInetPortNumber,
687 radiusAuthClientExtRoundTripTime,
688 radiusAuthClientExtAccessRequests,
689 radiusAuthClientExtAccessRetransmissions,
690 radiusAuthClientExtAccessAccepts,
691 radiusAuthClientExtAccessRejects,
692 radiusAuthClientExtAccessChallenges,
693 radiusAuthClientExtMalformedAccessResponses,
694 radiusAuthClientExtBadAuthenticators,
695 radiusAuthClientExtPendingRequests,
696 radiusAuthClientExtTimeouts,
697 radiusAuthClientExtUnknownTypes,
698 radiusAuthClientExtPacketsDropped,
699 radiusAuthClientCounterDiscontinuity
703 "The collection of extended objects providing
704 management of RADIUS Authentication Clients
705 using version-neutral IP address format."
706 ::= { radiusAuthClientMIBGroups 2 }