Network Working Group D. Nelson
Request for Comments: 4669 Enterasys Networks
Obsoletes: 2619 August 2006
Category: Standards Track
Network Working Group D. Nelson
Request for Comments: 4669 Enterasys Networks
Obsoletes: 2619 August 2006
Category: Standards Track
RADIUS Authentication Server MIB for IPv6
IPv6的RADIUS身份验证服务器MIB
Status of This Memo
关于下段备忘
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2006).
版权所有(C)互联网协会(2006年)。
Abstract
摘要
This memo defines a set of extensions that instrument RADIUS authentication server functions. These extensions represent a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. Using these extensions, IP-based management stations can manage RADIUS authentication servers.
此备忘录定义了一组用于instrument RADIUS身份验证服务器功能的扩展。这些扩展代表管理信息库(MIB)的一部分,用于Internet社区中的网络管理协议。使用这些扩展,基于IP的管理站可以管理RADIUS身份验证服务器。
This memo obsoletes RFC 2619 by deprecating the MIB table containing IPv4-only address formats and defining a new table to add support for version-neutral IP address formats. The remaining MIB objects from RFC 2619 are carried forward into this document. This memo also adds UNITS and REFERENCE clauses to selected objects.
此备忘录通过弃用包含仅IPv4地址格式的MIB表并定义新表以添加对版本无关IP地址格式的支持,淘汰了RFC 2619。RFC 2619中剩余的MIB对象将转入本文档。此备忘录还向选定对象添加单位和引用子句。
Table of Contents
目录
1. Introduction ....................................................3
2. Terminology .....................................................3
3. The Internet-Standard Management Framework ......................3
4. Scope of Changes ................................................3
5. Structure of the MIB Module .....................................4
6. Deprecated Objects ..............................................5
7. Definitions .....................................................5
8. Security Considerations ........................................21
9. References .....................................................23
9.1. Normative References ......................................23
9.2. Informative References ....................................23
Appendix A. Acknowledgements ......................................24
1. Introduction ....................................................3
2. Terminology .....................................................3
3. The Internet-Standard Management Framework ......................3
4. Scope of Changes ................................................3
5. Structure of the MIB Module .....................................4
6. Deprecated Objects ..............................................5
7. Definitions .....................................................5
8. Security Considerations ........................................21
9. References .....................................................23
9.1. Normative References ......................................23
9.2. Informative References ....................................23
Appendix A. Acknowledgements ......................................24
This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. The objects defined within this memo relate to the Remote Authentication Dial-In User Service (RADIUS) Authentication Server as defined in RFC 2865 [RFC2865].
此备忘录定义了管理信息库(MIB)的一部分,用于Internet社区中的网络管理协议。此备忘录中定义的对象与RFC 2865[RFC2865]中定义的远程身份验证拨入用户服务(RADIUS)身份验证服务器有关。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[RFC2119]中所述进行解释。
This document uses terminology from RFC 2865 [RFC2865].
本文件使用RFC 2865[RFC2865]中的术语。
This document uses the word "malformed" with respect to RADIUS packets, particularly in the context of counters of "malformed packets". While RFC 2865 does not provide an explicit definition of "malformed", malformed generally means that the implementation has determined the packet does not match the format defined in RFC 2865. Some implementations may determine that packets are malformed when the Vendor Specific Attribute (VSA) format does not follow the RFC 2865 recommendations for VSAs. Those implementations are used in deployments today, and thus set the de facto definition of "malformed".
本文档对RADIUS数据包使用“格式错误”一词,尤其是在“格式错误数据包”的计数器上下文中。虽然RFC 2865没有提供“格式错误”的明确定义,但格式错误通常意味着实现已确定数据包与RFC 2865中定义的格式不匹配。当供应商特定属性(VSA)格式不符合RFC 2865对VSA的建议时,一些实现可能会确定数据包的格式不正确。这些实现在今天的部署中使用,因此设置了“畸形”的事实定义。
For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410].
有关描述当前互联网标准管理框架的文件的详细概述,请参阅RFC 3410[RFC3410]第7节。
Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580].
托管对象通过虚拟信息存储(称为管理信息库或MIB)进行访问。MIB对象通常通过简单网络管理协议(SNMP)进行访问。MIB中的对象是使用管理信息结构(SMI)中定义的机制定义的。本备忘录规定了符合SMIv2的MIB模块,如STD 58、RFC 2578[RFC2578]、STD 58、RFC 2579[RFC2579]和STD 58、RFC 2580[RFC2580]所述。
This document obsoletes RFC 2619 [RFC2619], RADIUS Authentication Server MIB, by deprecating the radiusAuthClientTable table and adding a new table, radiusAuthClientExtTable, containing radiusAuthClientInetAddressType and radiusAuthClientInetAddress. The
本文档通过弃用radiusAuthClientTable表并添加包含RadiusAuthClientNetAddressType和RadiusAuthClientNetAddress的新表radiusAuthClientExtTable,淘汰了RADIUS身份验证服务器MIB RFC 2619[RFC2619]。这个
purpose of these added MIB objects is to support version-neutral IP addressing formats. The existing table containing radiusAuthClientAddress is deprecated. The remaining MIB objects from RFC 2619 are carried forward into this document. This memo also adds UNITS and REFERENCE clauses to selected objects.
这些添加的MIB对象的目的是支持版本无关的IP寻址格式。不推荐使用包含radiusAuthClientAddress的现有表。RFC 2619中剩余的MIB对象将转入本文档。此备忘录还向选定对象添加单位和引用子句。
RFC 4001 [RFC4001], which defines the SMI Textual Conventions for version-neutral IP addresses, contains the following recommendation.
RFC 4001[RFC4001]定义了版本无关IP地址的SMI文本约定,其中包含以下建议。
'In particular, when revising a MIB module that contains IPv4 specific tables, it is suggested to define new tables using the textual conventions defined in this memo [RFC4001] that support all versions of IP. The status of the new tables SHOULD be "current", whereas the status of the old IP version specific tables SHOULD be changed to "deprecated". The other approach, of having multiple similar tables for different IP versions, is strongly discouraged.'
'特别是,当修改包含IPv4特定表的MIB模块时,建议使用本备忘录[RFC4001]中定义的支持所有IP版本的文本约定定义新表。新表的状态应为“当前”,而旧IP版本特定表的状态应更改为“已弃用”。另一种方法是为不同的IP版本提供多个类似的表,这是强烈反对的。”
The RADIUS authentication protocol, described in RFC 2865 [RFC2865], distinguishes between the client function and the server function. In RADIUS authentication, clients send Access-Requests, and servers reply with Access-Accepts, Access-Rejects, and Access-Challenges. Typically, NAS devices implement the client function, and thus would be expected to implement the RADIUS authentication client MIB, while RADIUS authentication servers implement the server function, and thus would be expected to implement the RADIUS authentication server MIB.
RFC 2865[RFC2865]中描述的RADIUS认证协议区分了客户端功能和服务器功能。在RADIUS身份验证中,客户端发送访问请求,服务器回复访问接受、访问拒绝和访问挑战。通常,NAS设备实现客户端功能,因此预期将实现RADIUS身份验证客户端MIB,而RADIUS身份验证服务器实现服务器功能,因此预期将实现RADIUS身份验证服务器MIB。
However, it is possible for a RADIUS authentication entity to perform both client and server functions. For example, a RADIUS proxy may act as a server to one or more RADIUS authentication clients, while simultaneously acting as an authentication client to one or more authentication servers. In such situations, it is expected that RADIUS entities combining client and server functionality will support both the client and server MIBs. The server MIB is defined in this document, and the client MIB is defined in [RFC4668].
但是,RADIUS身份验证实体可以同时执行客户端和服务器功能。例如,RADIUS代理可以充当一个或多个RADIUS身份验证客户端的服务器,同时充当一个或多个身份验证服务器的身份验证客户端。在这种情况下,结合客户端和服务器功能的RADIUS实体预计将同时支持客户端和服务器MIB。服务器MIB在本文档中定义,客户端MIB在[RFC4668]中定义。
This MIB module contains fourteen scalars as well as a single table, the RADIUS Authentication Client Table, which contains one row for each RADIUS authentication client with which the server shares a secret. Each entry in the RADIUS Authentication Client Table includes thirteen columns presenting a view of the activity of the RADIUS authentication server.
此MIB模块包含十四个标量以及一个表,即RADIUS身份验证客户端表,该表包含服务器共享机密的每个RADIUS身份验证客户端的一行。RADIUS身份验证客户端表中的每个条目包括十三列,显示RADIUS身份验证服务器活动的视图。
This MIB imports from [RFC2578], [RFC2580], [RFC3411], and [RFC4001].
此MIB从[RFC2578]、[RFC2580]、[RFC3411]和[RFC4001]导入。
The deprecated table in this MIB is carried forward from RFC 2619 [RFC2619]. There are two conditions under which it MAY be desirable for managed entities to continue to support the deprecated table:
此MIB中不推荐使用的表由RFC 2619[RFC2619]结转。在两种情况下,托管实体可能需要继续支持不推荐使用的表:
1. The managed entity only supports IPv4 address formats.
1. 托管实体仅支持IPv4地址格式。
2. The managed entity supports both IPv4 and IPv6 address formats, and the deprecated table is supported for backwards compatibility with older management stations. This option SHOULD only be used when the IP addresses in the new table are in IPv4 format and can accurately be represented in both the new table and the deprecated table.
2. 受管实体支持IPv4和IPv6地址格式,不推荐使用的表支持与旧的管理站向后兼容。仅当新表中的IP地址为IPv4格式并且可以在新表和弃用表中准确表示时,才应使用此选项。
Managed entities SHOULD NOT instantiate row entries in the deprecated table, containing IPv4-only address objects, when the RADIUS client address represented in such a table row is not an IPv4 address. Managed entities SHOULD NOT return inaccurate values of IP address or SNMP object access errors for IPv4-only address objects in otherwise populated tables. When row entries exist in both the deprecated IPv4-only table and the new IP-version-neutral table that describe the same RADIUS client, the row indexes SHOULD be the same for the corresponding rows in each table, to facilitate correlation of these related rows by management applications.
当不推荐使用的表行中表示的RADIUS客户端地址不是IPv4地址时,托管实体不应实例化该表中的行条目,该表仅包含IPv4地址对象。对于以其他方式填充的表中仅IPv4地址对象,托管实体不应返回不准确的IP地址值或SNMP对象访问错误。当描述同一RADIUS客户端的已弃用的仅IPv4表和新的IP版本中性表中都存在行条目时,每个表中相应行的行索引应相同,以便于管理应用程序关联这些相关行。
RADIUS-AUTH-SERVER-MIB DEFINITIONS ::= BEGIN
RADIUS-AUTH-SERVER-MIB DEFINITIONS ::= BEGIN
IMPORTS MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, Counter32, Integer32, IpAddress, TimeTicks, mib-2 FROM SNMPv2-SMI SnmpAdminString FROM SNMP-FRAMEWORK-MIB InetAddressType, InetAddress FROM INET-ADDRESS-MIB MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF;
从SNMPv2 SMI导入模块标识、对象类型、对象标识、计数器32、整数32、IpAddress、时间标记、mib-2从SNMP-FRAMEWORK-mib InetAddressType导入SNMPAdministring,从INET-ADDRESS-mib MODULE-COMPLIANCE导入InetAddress,从SNMPv2 CONF导入对象组;
radiusAuthServMIB MODULE-IDENTITY LAST-UPDATED "200608210000Z" -- 21 August 2006 ORGANIZATION "IETF RADIUS Extensions Working Group." CONTACT-INFO " Bernard Aboba Microsoft One Microsoft Way Redmond, WA 98052 US Phone: +1 425 936 6605
radiusAuthServMIB模块标识最后更新“2006082100Z”-2006年8月21日组织“IETF RADIUS扩展工作组”。联系方式“Bernard Aboba Microsoft One Microsoft Way Redmond,WA 98052美国电话:+1 425 936 6605
EMail: bernarda@microsoft.com"
DESCRIPTION
"The MIB module for entities implementing the server
side of the Remote Authentication Dial-In User
Service (RADIUS) authentication protocol. Copyright
(C) The Internet Society (2006). This version of this
MIB module is part of RFC 4669; see the RFC itself for
full legal notices."
REVISION "200608210000Z" -- 21 August 2006
DESCRIPTION
"Revised version as published in RFC 4669. This
version obsoletes that of RFC 2619 by deprecating the
MIB table containing IPv4-only address formats and
defining a new table to add support for version-neutral
IP address formats. The remaining MIB objects from RFC
2619 are carried forward into this version."
REVISION "199906110000Z" -- 11 Jun 1999
DESCRIPTION "Initial version as published in RFC 2619."
::= { radiusAuthentication 1 }
EMail: bernarda@microsoft.com"
DESCRIPTION
"The MIB module for entities implementing the server
side of the Remote Authentication Dial-In User
Service (RADIUS) authentication protocol. Copyright
(C) The Internet Society (2006). This version of this
MIB module is part of RFC 4669; see the RFC itself for
full legal notices."
REVISION "200608210000Z" -- 21 August 2006
DESCRIPTION
"Revised version as published in RFC 4669. This
version obsoletes that of RFC 2619 by deprecating the
MIB table containing IPv4-only address formats and
defining a new table to add support for version-neutral
IP address formats. The remaining MIB objects from RFC
2619 are carried forward into this version."
REVISION "199906110000Z" -- 11 Jun 1999
DESCRIPTION "Initial version as published in RFC 2619."
::= { radiusAuthentication 1 }
radiusMIB OBJECT-IDENTITY
STATUS current
DESCRIPTION
"The OID assigned to RADIUS MIB work by the IANA."
::= { mib-2 67 }
radiusMIB OBJECT-IDENTITY
STATUS current
DESCRIPTION
"The OID assigned to RADIUS MIB work by the IANA."
::= { mib-2 67 }
radiusAuthentication OBJECT IDENTIFIER ::= {radiusMIB 1}
radiusAuthentication OBJECT IDENTIFIER ::= {radiusMIB 1}
radiusAuthServMIBObjects OBJECT IDENTIFIER
::= { radiusAuthServMIB 1 }
radiusAuthServMIBObjects OBJECT IDENTIFIER
::= { radiusAuthServMIB 1 }
radiusAuthServ OBJECT IDENTIFIER
::= { radiusAuthServMIBObjects 1 }
radiusAuthServ OBJECT IDENTIFIER
::= { radiusAuthServMIBObjects 1 }
radiusAuthServIdent OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The implementation identification string for the
RADIUS authentication server software in use on the
system, for example, 'FNS-2.1'."
::= {radiusAuthServ 1}
radiusAuthServIdent OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The implementation identification string for the
RADIUS authentication server software in use on the
system, for example, 'FNS-2.1'."
::= {radiusAuthServ 1}
radiusAuthServUpTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current
radiusAuthServUpTime对象类型语法TimeTicks MAX-ACCESS只读状态当前
DESCRIPTION
"If the server has a persistent state (e.g., a
process), this value will be the time elapsed (in
hundredths of a second) since the server process
was started. For software without persistent state,
this value will be zero."
::= {radiusAuthServ 2}
DESCRIPTION
"If the server has a persistent state (e.g., a
process), this value will be the time elapsed (in
hundredths of a second) since the server process
was started. For software without persistent state,
this value will be zero."
::= {radiusAuthServ 2}
radiusAuthServResetTime OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"If the server has a persistent state (e.g., a process)
and supports a 'reset' operation (e.g., can be told to
re-read configuration files), this value will be the
time elapsed (in hundredths of a second) since the
server was 'reset.' For software that does not
have persistence or does not support a 'reset'
operation, this value will be zero."
::= {radiusAuthServ 3}
radiusAuthServResetTime OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"If the server has a persistent state (e.g., a process)
and supports a 'reset' operation (e.g., can be told to
re-read configuration files), this value will be the
time elapsed (in hundredths of a second) since the
server was 'reset.' For software that does not
have persistence or does not support a 'reset'
operation, this value will be zero."
::= {radiusAuthServ 3}
radiusAuthServConfigReset OBJECT-TYPE
SYNTAX INTEGER { other(1),
reset(2),
initializing(3),
running(4)}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Status/action object to reinitialize any persistent
server state. When set to reset(2), any persistent
server state (such as a process) is reinitialized as
if the server had just been started. This value will
never be returned by a read operation. When read,
one of the following values will be returned:
other(1) - server in some unknown state;
initializing(3) - server (re)initializing;
running(4) - server currently running."
::= {radiusAuthServ 4}
radiusAuthServConfigReset OBJECT-TYPE
SYNTAX INTEGER { other(1),
reset(2),
initializing(3),
running(4)}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Status/action object to reinitialize any persistent
server state. When set to reset(2), any persistent
server state (such as a process) is reinitialized as
if the server had just been started. This value will
never be returned by a read operation. When read,
one of the following values will be returned:
other(1) - server in some unknown state;
initializing(3) - server (re)initializing;
running(4) - server currently running."
::= {radiusAuthServ 4}
radiusAuthServTotalAccessRequests OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets received on the
radiusAuthServTotalAccessRequests OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets received on thetranslate error, please retry
authentication port."
REFERENCE "RFC 2865 section 4.1"
::= { radiusAuthServ 5}
authentication port."
REFERENCE "RFC 2865 section 4.1"
::= { radiusAuthServ 5}
radiusAuthServTotalInvalidRequests OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Access-Request packets
received from unknown addresses."
REFERENCE "RFC 2865 section 4.1"
::= { radiusAuthServ 6 }
radiusAuthServTotalInvalidRequests OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Access-Request packets
received from unknown addresses."
REFERENCE "RFC 2865 section 4.1"
::= { radiusAuthServ 6 }
radiusAuthServTotalDupAccessRequests OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of duplicate RADIUS Access-Request
packets received."
REFERENCE "RFC 2865 section 4.1"
::= { radiusAuthServ 7 }
radiusAuthServTotalDupAccessRequests OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of duplicate RADIUS Access-Request
packets received."
REFERENCE "RFC 2865 section 4.1"
::= { radiusAuthServ 7 }
radiusAuthServTotalAccessAccepts OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Access-Accept packets sent."
REFERENCE "RFC 2865 section 4.2"
::= { radiusAuthServ 8 }
radiusAuthServTotalAccessAccepts OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Access-Accept packets sent."
REFERENCE "RFC 2865 section 4.2"
::= { radiusAuthServ 8 }
radiusAuthServTotalAccessRejects OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Access-Reject packets sent."
REFERENCE "RFC 2865 section 4.3"
::= { radiusAuthServ 9 }
radiusAuthServTotalAccessRejects OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Access-Reject packets sent."
REFERENCE "RFC 2865 section 4.3"
::= { radiusAuthServ 9 }
radiusAuthServTotalAccessChallenges OBJECT-TYPE SYNTAX Counter32
radiusAuthServTotalAccessChallenges对象类型语法计数器32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Access-Challenge packets sent."
REFERENCE "RFC 2865 section 4.4"
::= { radiusAuthServ 10 }
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Access-Challenge packets sent."
REFERENCE "RFC 2865 section 4.4"
::= { radiusAuthServ 10 }
radiusAuthServTotalMalformedAccessRequests OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of malformed RADIUS Access-Request
packets received. Bad authenticators
and unknown types are not included as
malformed Access-Requests."
REFERENCE "RFC 2865 section 4.1"
::= { radiusAuthServ 11 }
radiusAuthServTotalMalformedAccessRequests OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of malformed RADIUS Access-Request
packets received. Bad authenticators
and unknown types are not included as
malformed Access-Requests."
REFERENCE "RFC 2865 section 4.1"
::= { radiusAuthServ 11 }
radiusAuthServTotalBadAuthenticators OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Authentication-Request packets
that contained invalid Message Authenticator
attributes received."
REFERENCE "RFC 2865 section 3"
::= { radiusAuthServ 12 }
radiusAuthServTotalBadAuthenticators OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Authentication-Request packets
that contained invalid Message Authenticator
attributes received."
REFERENCE "RFC 2865 section 3"
::= { radiusAuthServ 12 }
radiusAuthServTotalPacketsDropped OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of incoming packets
silently discarded for some reason other
than malformed, bad authenticators or
unknown types."
REFERENCE "RFC 2865 section 3"
::= { radiusAuthServ 13 }
radiusAuthServTotalPacketsDropped OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of incoming packets
silently discarded for some reason other
than malformed, bad authenticators or
unknown types."
REFERENCE "RFC 2865 section 3"
::= { radiusAuthServ 13 }
radiusAuthServTotalUnknownTypes OBJECT-TYPE SYNTAX Counter32
radiusAuthServTotalUnknownTypes对象类型语法计数器32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS packets of unknown type that
were received."
REFERENCE "RFC 2865 section 4"
::= { radiusAuthServ 14 }
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS packets of unknown type that
were received."
REFERENCE "RFC 2865 section 4"
::= { radiusAuthServ 14 }
radiusAuthClientTable OBJECT-TYPE
SYNTAX SEQUENCE OF RadiusAuthClientEntry
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"The (conceptual) table listing the RADIUS
authentication clients with which the server shares
a secret."
::= { radiusAuthServ 15 }
radiusAuthClientTable OBJECT-TYPE
SYNTAX SEQUENCE OF RadiusAuthClientEntry
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"The (conceptual) table listing the RADIUS
authentication clients with which the server shares
a secret."
::= { radiusAuthServ 15 }
radiusAuthClientEntry OBJECT-TYPE
SYNTAX RadiusAuthClientEntry
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"An entry (conceptual row) representing a RADIUS
authentication client with which the server shares a
secret."
INDEX { radiusAuthClientIndex }
::= { radiusAuthClientTable 1 }
radiusAuthClientEntry OBJECT-TYPE
SYNTAX RadiusAuthClientEntry
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"An entry (conceptual row) representing a RADIUS
authentication client with which the server shares a
secret."
INDEX { radiusAuthClientIndex }
::= { radiusAuthClientTable 1 }
RadiusAuthClientEntry ::= SEQUENCE {
radiusAuthClientIndex Integer32,
radiusAuthClientAddress IpAddress,
radiusAuthClientID SnmpAdminString,
radiusAuthServAccessRequests Counter32,
radiusAuthServDupAccessRequests Counter32,
radiusAuthServAccessAccepts Counter32,
radiusAuthServAccessRejects Counter32,
radiusAuthServAccessChallenges Counter32,
radiusAuthServMalformedAccessRequests Counter32,
radiusAuthServBadAuthenticators Counter32,
radiusAuthServPacketsDropped Counter32,
radiusAuthServUnknownTypes Counter32
}
RadiusAuthClientEntry ::= SEQUENCE {
radiusAuthClientIndex Integer32,
radiusAuthClientAddress IpAddress,
radiusAuthClientID SnmpAdminString,
radiusAuthServAccessRequests Counter32,
radiusAuthServDupAccessRequests Counter32,
radiusAuthServAccessAccepts Counter32,
radiusAuthServAccessRejects Counter32,
radiusAuthServAccessChallenges Counter32,
radiusAuthServMalformedAccessRequests Counter32,
radiusAuthServBadAuthenticators Counter32,
radiusAuthServPacketsDropped Counter32,
radiusAuthServUnknownTypes Counter32
}
radiusAuthClientIndex OBJECT-TYPE
radiusAuthClientIndex对象类型
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"A number uniquely identifying each RADIUS
authentication client with which this server
communicates."
::= { radiusAuthClientEntry 1 }
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"A number uniquely identifying each RADIUS
authentication client with which this server
communicates."
::= { radiusAuthClientEntry 1 }
radiusAuthClientAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The NAS-IP-Address of the RADIUS authentication client
referred to in this table entry."
REFERENCE "RFC 2865 section 2"
::= { radiusAuthClientEntry 2 }
radiusAuthClientAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The NAS-IP-Address of the RADIUS authentication client
referred to in this table entry."
REFERENCE "RFC 2865 section 2"
::= { radiusAuthClientEntry 2 }
radiusAuthClientID OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The NAS-Identifier of the RADIUS authentication client
referred to in this table entry. This is not
necessarily the same as sysName in MIB II."
REFERENCE "RFC 2865 section 5.32"
::= { radiusAuthClientEntry 3 }
radiusAuthClientID OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The NAS-Identifier of the RADIUS authentication client
referred to in this table entry. This is not
necessarily the same as sysName in MIB II."
REFERENCE "RFC 2865 section 5.32"
::= { radiusAuthClientEntry 3 }
-- Server Counters
--服务器计数器
--
-- Responses = AccessAccepts + AccessRejects + AccessChallenges
--
-- Requests - DupRequests - BadAuthenticators - MalformedRequests -
-- UnknownTypes - PacketsDropped - Responses = Pending
--
-- Requests - DupRequests - BadAuthenticators - MalformedRequests -
-- UnknownTypes - PacketsDropped = entries logged
--
-- Responses = AccessAccepts + AccessRejects + AccessChallenges
--
-- Requests - DupRequests - BadAuthenticators - MalformedRequests -
-- UnknownTypes - PacketsDropped - Responses = Pending
--
-- Requests - DupRequests - BadAuthenticators - MalformedRequests -
-- UnknownTypes - PacketsDropped = entries logged
radiusAuthServAccessRequests OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS deprecated DESCRIPTION "The number of packets received on the authentication
radiusAuthServAccessRequests对象类型语法计数器32个单位“数据包”MAX-ACCESS只读状态不推荐的描述“身份验证时接收的数据包数”
port from this client."
REFERENCE "RFC 2865 section 4.1"
::= { radiusAuthClientEntry 4 }
port from this client."
REFERENCE "RFC 2865 section 4.1"
::= { radiusAuthClientEntry 4 }
radiusAuthServDupAccessRequests OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of duplicate RADIUS Access-Request
packets received from this client."
REFERENCE "RFC 2865 section 4.1"
::= { radiusAuthClientEntry 5 }
radiusAuthServDupAccessRequests OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of duplicate RADIUS Access-Request
packets received from this client."
REFERENCE "RFC 2865 section 4.1"
::= { radiusAuthClientEntry 5 }
radiusAuthServAccessAccepts OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of RADIUS Access-Accept packets
sent to this client."
REFERENCE "RFC 2865 section 4.2"
::= { radiusAuthClientEntry 6 }
radiusAuthServAccessAccepts OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of RADIUS Access-Accept packets
sent to this client."
REFERENCE "RFC 2865 section 4.2"
::= { radiusAuthClientEntry 6 }
radiusAuthServAccessRejects OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of RADIUS Access-Reject packets
sent to this client."
REFERENCE "RFC 2865 section 4.3"
::= { radiusAuthClientEntry 7 }
radiusAuthServAccessRejects OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of RADIUS Access-Reject packets
sent to this client."
REFERENCE "RFC 2865 section 4.3"
::= { radiusAuthClientEntry 7 }
radiusAuthServAccessChallenges OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of RADIUS Access-Challenge packets
sent to this client."
REFERENCE "RFC 2865 section 4.4"
::= { radiusAuthClientEntry 8 }
radiusAuthServAccessChallenges OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of RADIUS Access-Challenge packets
sent to this client."
REFERENCE "RFC 2865 section 4.4"
::= { radiusAuthClientEntry 8 }
radiusAuthServMalformedAccessRequests OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of malformed RADIUS Access-Request
packets received from this client.
Bad authenticators and unknown types are not included
as malformed Access-Requests."
REFERENCE "RFC 2865 section 3"
::= { radiusAuthClientEntry 9 }
radiusAuthServMalformedAccessRequests OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of malformed RADIUS Access-Request
packets received from this client.
Bad authenticators and unknown types are not included
as malformed Access-Requests."
REFERENCE "RFC 2865 section 3"
::= { radiusAuthClientEntry 9 }
radiusAuthServBadAuthenticators OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of RADIUS Authentication-Request packets
that contained invalid Message Authenticator
attributes received from this client."
REFERENCE "RFC 2865 section 3"
::= { radiusAuthClientEntry 10 }
radiusAuthServBadAuthenticators OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of RADIUS Authentication-Request packets
that contained invalid Message Authenticator
attributes received from this client."
REFERENCE "RFC 2865 section 3"
::= { radiusAuthClientEntry 10 }
radiusAuthServPacketsDropped OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of incoming packets from this
client silently discarded for some reason other
than malformed, bad authenticators or
unknown types."
REFERENCE "RFC 2865 section 3"
::= { radiusAuthClientEntry 11 }
radiusAuthServPacketsDropped OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of incoming packets from this
client silently discarded for some reason other
than malformed, bad authenticators or
unknown types."
REFERENCE "RFC 2865 section 3"
::= { radiusAuthClientEntry 11 }
radiusAuthServUnknownTypes OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of RADIUS packets of unknown type that
were received from this client."
REFERENCE "RFC 2865 section 4"
::= { radiusAuthClientEntry 12 }
radiusAuthServUnknownTypes OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of RADIUS packets of unknown type that
were received from this client."
REFERENCE "RFC 2865 section 4"
::= { radiusAuthClientEntry 12 }
-- New MIB objects added in this revision
--此修订版中添加的新MIB对象
radiusAuthClientExtTable OBJECT-TYPE
SYNTAX SEQUENCE OF RadiusAuthClientExtEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The (conceptual) table listing the RADIUS
authentication clients with which the server shares
a secret."
::= { radiusAuthServ 16 }
radiusAuthClientExtTable OBJECT-TYPE
SYNTAX SEQUENCE OF RadiusAuthClientExtEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The (conceptual) table listing the RADIUS
authentication clients with which the server shares
a secret."
::= { radiusAuthServ 16 }
radiusAuthClientExtEntry OBJECT-TYPE
SYNTAX RadiusAuthClientExtEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (conceptual row) representing a RADIUS
authentication client with which the server shares a
secret."
INDEX { radiusAuthClientExtIndex }
::= { radiusAuthClientExtTable 1 }
radiusAuthClientExtEntry OBJECT-TYPE
SYNTAX RadiusAuthClientExtEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (conceptual row) representing a RADIUS
authentication client with which the server shares a
secret."
INDEX { radiusAuthClientExtIndex }
::= { radiusAuthClientExtTable 1 }
RadiusAuthClientExtEntry ::= SEQUENCE {
radiusAuthClientExtIndex Integer32,
radiusAuthClientInetAddressType InetAddressType,
radiusAuthClientInetAddress InetAddress,
radiusAuthClientExtID SnmpAdminString,
radiusAuthServExtAccessRequests Counter32,
radiusAuthServExtDupAccessRequests Counter32,
radiusAuthServExtAccessAccepts Counter32,
radiusAuthServExtAccessRejects Counter32,
radiusAuthServExtAccessChallenges Counter32,
radiusAuthServExtMalformedAccessRequests Counter32,
radiusAuthServExtBadAuthenticators Counter32,
radiusAuthServExtPacketsDropped Counter32,
radiusAuthServExtUnknownTypes Counter32,
radiusAuthServCounterDiscontinuity TimeTicks
}
RadiusAuthClientExtEntry ::= SEQUENCE {
radiusAuthClientExtIndex Integer32,
radiusAuthClientInetAddressType InetAddressType,
radiusAuthClientInetAddress InetAddress,
radiusAuthClientExtID SnmpAdminString,
radiusAuthServExtAccessRequests Counter32,
radiusAuthServExtDupAccessRequests Counter32,
radiusAuthServExtAccessAccepts Counter32,
radiusAuthServExtAccessRejects Counter32,
radiusAuthServExtAccessChallenges Counter32,
radiusAuthServExtMalformedAccessRequests Counter32,
radiusAuthServExtBadAuthenticators Counter32,
radiusAuthServExtPacketsDropped Counter32,
radiusAuthServExtUnknownTypes Counter32,
radiusAuthServCounterDiscontinuity TimeTicks
}
radiusAuthClientExtIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "A number uniquely identifying each RADIUS authentication client with which this server communicates."
radiusAuthClientExtIndex对象类型语法整数32(1..2147483647)MAX-ACCESS不可访问状态当前描述“唯一标识此服务器与之通信的每个RADIUS身份验证客户端的数字。”
::= { radiusAuthClientExtEntry 1 }
::= { radiusAuthClientExtEntry 1 }
radiusAuthClientInetAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of address format used for the
radiusAuthClientInetAddress object."
::= { radiusAuthClientExtEntry 2 }
radiusAuthClientInetAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of address format used for the
radiusAuthClientInetAddress object."
::= { radiusAuthClientExtEntry 2 }
radiusAuthClientInetAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IP address of the RADIUS authentication
client referred to in this table entry, using
the version-neutral IP address format."
::= { radiusAuthClientExtEntry 3 }
radiusAuthClientInetAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IP address of the RADIUS authentication
client referred to in this table entry, using
the version-neutral IP address format."
::= { radiusAuthClientExtEntry 3 }
radiusAuthClientExtID OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The NAS-Identifier of the RADIUS authentication client
referred to in this table entry. This is not
necessarily the same as sysName in MIB II."
REFERENCE "RFC 2865 section 5.32"
::= { radiusAuthClientExtEntry 4 }
radiusAuthClientExtID OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The NAS-Identifier of the RADIUS authentication client
referred to in this table entry. This is not
necessarily the same as sysName in MIB II."
REFERENCE "RFC 2865 section 5.32"
::= { radiusAuthClientExtEntry 4 }
-- Server Counters
--服务器计数器
--
-- Responses = AccessAccepts + AccessRejects + AccessChallenges
--
-- Requests - DupRequests - BadAuthenticators - MalformedRequests -
-- UnknownTypes - PacketsDropped - Responses = Pending
--
-- Requests - DupRequests - BadAuthenticators - MalformedRequests -
-- UnknownTypes - PacketsDropped = entries logged
--
-- Responses = AccessAccepts + AccessRejects + AccessChallenges
--
-- Requests - DupRequests - BadAuthenticators - MalformedRequests -
-- UnknownTypes - PacketsDropped - Responses = Pending
--
-- Requests - DupRequests - BadAuthenticators - MalformedRequests -
-- UnknownTypes - PacketsDropped = entries logged
radiusAuthServExtAccessRequests OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only
radiusAuthServExtAccessRequests对象类型语法计数器32个单元“数据包”最大访问只读
STATUS current
DESCRIPTION
"The number of packets received on the authentication
port from this client. This counter may experience a
discontinuity when the RADIUS Server module within the
managed entity is reinitialized, as indicated by the
current value of radiusAuthServCounterDiscontinuity."
REFERENCE "RFC 2865 section 4.1"
::= { radiusAuthClientExtEntry 5 }
STATUS current
DESCRIPTION
"The number of packets received on the authentication
port from this client. This counter may experience a
discontinuity when the RADIUS Server module within the
managed entity is reinitialized, as indicated by the
current value of radiusAuthServCounterDiscontinuity."
REFERENCE "RFC 2865 section 4.1"
::= { radiusAuthClientExtEntry 5 }
radiusAuthServExtDupAccessRequests OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of duplicate RADIUS Access-Request
packets received from this client. This counter may
experience a discontinuity when the RADIUS Server
module within the managed entity is reinitialized, as
indicated by the current value of
radiusAuthServCounterDiscontinuity."
REFERENCE "RFC 2865 section 4.1"
::= { radiusAuthClientExtEntry 6 }
radiusAuthServExtDupAccessRequests OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of duplicate RADIUS Access-Request
packets received from this client. This counter may
experience a discontinuity when the RADIUS Server
module within the managed entity is reinitialized, as
indicated by the current value of
radiusAuthServCounterDiscontinuity."
REFERENCE "RFC 2865 section 4.1"
::= { radiusAuthClientExtEntry 6 }
radiusAuthServExtAccessAccepts OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Access-Accept packets
sent to this client. This counter may experience a
discontinuity when the RADIUS Server module within the
managed entity is reinitialized, as indicated by the
current value of radiusAuthServCounterDiscontinuity."
REFERENCE "RFC 2865 section 4.2"
::= { radiusAuthClientExtEntry 7 }
radiusAuthServExtAccessAccepts OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Access-Accept packets
sent to this client. This counter may experience a
discontinuity when the RADIUS Server module within the
managed entity is reinitialized, as indicated by the
current value of radiusAuthServCounterDiscontinuity."
REFERENCE "RFC 2865 section 4.2"
::= { radiusAuthClientExtEntry 7 }
radiusAuthServExtAccessRejects OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of RADIUS Access-Reject packets sent to this client. This counter may experience a discontinuity when the RADIUS Server module within the
radiusAuthServExtAccessRejects对象类型语法计数器32个单位“数据包”MAX-ACCESS只读状态当前描述“发送到此客户端的RADIUS访问拒绝数据包的数量。当
managed entity is reinitialized, as indicated by the
current value of radiusAuthServCounterDiscontinuity."
REFERENCE "RFC 2865 section 4.3"
::= { radiusAuthClientExtEntry 8 }
managed entity is reinitialized, as indicated by the
current value of radiusAuthServCounterDiscontinuity."
REFERENCE "RFC 2865 section 4.3"
::= { radiusAuthClientExtEntry 8 }
radiusAuthServExtAccessChallenges OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Access-Challenge packets
sent to this client. This counter may experience a
discontinuity when the RADIUS Server module within the
managed entity is reinitialized, as indicated by the
current value of radiusAuthServCounterDiscontinuity."
REFERENCE "RFC 2865 section 4.4"
::= { radiusAuthClientExtEntry 9 }
radiusAuthServExtAccessChallenges OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Access-Challenge packets
sent to this client. This counter may experience a
discontinuity when the RADIUS Server module within the
managed entity is reinitialized, as indicated by the
current value of radiusAuthServCounterDiscontinuity."
REFERENCE "RFC 2865 section 4.4"
::= { radiusAuthClientExtEntry 9 }
radiusAuthServExtMalformedAccessRequests OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of malformed RADIUS Access-Request
packets received from this client. Bad authenticators
and unknown types are not included as malformed
Access-Requests. This counter may experience a
discontinuity when the RADIUS Server module within the
managed entity is reinitialized, as indicated by the
current value of radiusAuthServCounterDiscontinuity."
REFERENCE "RFC 2865 sections 3, 4.1"
::= { radiusAuthClientExtEntry 10 }
radiusAuthServExtMalformedAccessRequests OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of malformed RADIUS Access-Request
packets received from this client. Bad authenticators
and unknown types are not included as malformed
Access-Requests. This counter may experience a
discontinuity when the RADIUS Server module within the
managed entity is reinitialized, as indicated by the
current value of radiusAuthServCounterDiscontinuity."
REFERENCE "RFC 2865 sections 3, 4.1"
::= { radiusAuthClientExtEntry 10 }
radiusAuthServExtBadAuthenticators OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of RADIUS Authentication-Request packets that contained invalid Message Authenticator attributes received from this client. This counter may experience a discontinuity when the RADIUS Server module within the managed entity is reinitialized, as indicated by the current value of radiusAuthServCounterDiscontinuity."
radiusAuthServExtBadAuthenticators对象类型语法计数器32个单元“数据包”最大访问只读状态当前说明“从此客户端接收到的包含无效消息验证器属性的RADIUS身份验证请求数据包数。当托管实体内的RADIUS服务器模块重新初始化时,此计数器可能会出现中断,如RADIUSUTHSERVCounterIntercontinuction的当前值所示。”
REFERENCE "RFC 2865 section 3"
::= { radiusAuthClientExtEntry 11 }
REFERENCE "RFC 2865 section 3"
::= { radiusAuthClientExtEntry 11 }
radiusAuthServExtPacketsDropped OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of incoming packets from this client
silently discarded for some reason other than
malformed, bad authenticators or unknown types.
This counter may experience a discontinuity when the
RADIUS Server module within the managed entity is
reinitialized, as indicated by the current value of
radiusAuthServCounterDiscontinuity."
REFERENCE "RFC 2865 section 3"
::= { radiusAuthClientExtEntry 12 }
radiusAuthServExtPacketsDropped OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of incoming packets from this client
silently discarded for some reason other than
malformed, bad authenticators or unknown types.
This counter may experience a discontinuity when the
RADIUS Server module within the managed entity is
reinitialized, as indicated by the current value of
radiusAuthServCounterDiscontinuity."
REFERENCE "RFC 2865 section 3"
::= { radiusAuthClientExtEntry 12 }
radiusAuthServExtUnknownTypes OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS packets of unknown type that
were received from this client. This counter may
experience a discontinuity when the RADIUS Server
module within the managed entity is reinitialized, as
indicated by the current value of
radiusAuthServCounterDiscontinuity."
REFERENCE "RFC 2865 section 4"
::= { radiusAuthClientExtEntry 13 }
radiusAuthServExtUnknownTypes OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS packets of unknown type that
were received from this client. This counter may
experience a discontinuity when the RADIUS Server
module within the managed entity is reinitialized, as
indicated by the current value of
radiusAuthServCounterDiscontinuity."
REFERENCE "RFC 2865 section 4"
::= { radiusAuthClientExtEntry 13 }
radiusAuthServCounterDiscontinuity OBJECT-TYPE
SYNTAX TimeTicks
UNITS "centiseconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of centiseconds since the last
discontinuity in the RADIUS Server counters.
A discontinuity may be the result of a
reinitialization of the RADIUS Server module
within the managed entity."
::= { radiusAuthClientExtEntry 14 }
radiusAuthServCounterDiscontinuity OBJECT-TYPE
SYNTAX TimeTicks
UNITS "centiseconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of centiseconds since the last
discontinuity in the RADIUS Server counters.
A discontinuity may be the result of a
reinitialization of the RADIUS Server module
within the managed entity."
::= { radiusAuthClientExtEntry 14 }
-- conformance information
--一致性信息
radiusAuthServMIBConformance OBJECT IDENTIFIER
::= { radiusAuthServMIB 2 }
radiusAuthServMIBConformance OBJECT IDENTIFIER
::= { radiusAuthServMIB 2 }
radiusAuthServMIBCompliances OBJECT IDENTIFIER
::= { radiusAuthServMIBConformance 1 }
radiusAuthServMIBCompliances OBJECT IDENTIFIER
::= { radiusAuthServMIBConformance 1 }
radiusAuthServMIBGroups OBJECT IDENTIFIER
::= { radiusAuthServMIBConformance 2 }
radiusAuthServMIBGroups OBJECT IDENTIFIER
::= { radiusAuthServMIBConformance 2 }
-- compliance statements
--合规声明
radiusAuthServMIBCompliance MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "The compliance statement for authentication servers implementing the RADIUS Authentication Server MIB. Implementation of this module is for IPv4-only entities, or for backwards compatibility use with entities that support both IPv4 and IPv6." MODULE -- this module MANDATORY-GROUPS { radiusAuthServMIBGroup }
RadiusAuthServMib COMPLIANCE MODULE-COMPLIANCE STATUS不推荐使用描述“用于实现RADIUS身份验证服务器MIB的身份验证服务器的符合性声明。此模块的实现仅适用于IPv4实体,或用于与同时支持IPv4和IPv6的实体的向后兼容性使用。”MODULE——此模块为强制组{radiusAuthServMIBGroup}
OBJECT radiusAuthServConfigReset WRITE-SYNTAX INTEGER { reset(2) } DESCRIPTION "The only SETable value is 'reset' (2)."
OBJECT radiusAuthServConfigReset写入语法整数{reset(2)}说明“唯一可设置的值是'reset'(2)。”
::= { radiusAuthServMIBCompliances 1 }
::= { radiusAuthServMIBCompliances 1 }
radiusAuthServMIBExtCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for authentication servers implementing the RADIUS Authentication Server IPv6 Extensions MIB. Implementation of this module is for entities that support IPv6, or support IPv4 and IPv6." MODULE -- this module MANDATORY-GROUPS { radiusAuthServExtMIBGroup }
radiusAuthServMIBExtCompliance MODULE-COMPLIANCE STATUS当前描述“用于实现RADIUS身份验证服务器IPv6扩展MIB的身份验证服务器的符合性声明。此模块的实现适用于支持IPv6或支持IPv4和IPv6的实体。”模块--此模块为必填组{radiusAuthServExtMIBGroup}
OBJECT radiusAuthServConfigReset WRITE-SYNTAX INTEGER { reset(2) } DESCRIPTION "The only SETable value is 'reset' (2)."
OBJECT radiusAuthServConfigReset写入语法整数{reset(2)}说明“唯一可设置的值是'reset'(2)。”
OBJECT radiusAuthClientInetAddressType
对象RadiusAuthClientNetAddressType
SYNTAX InetAddressType { ipv4(1), ipv6(2) } DESCRIPTION "An implementation is only required to support IPv4 and globally unique IPv6 addresses."
语法InetAddressType{ipv4(1),ipv6(2)}说明“只需要一个实现来支持ipv4和全局唯一的ipv6地址。”
OBJECT radiusAuthClientInetAddress SYNTAX InetAddress ( SIZE (4|16) ) DESCRIPTION "An implementation is only required to support IPv4 and globally unique IPv6 addresses."
OBJECT radiusAuthClientInetAddress语法InetAddress(大小(4 | 16))说明“仅支持IPv4和全局唯一IPv6地址时才需要实现。”
::= { radiusAuthServMIBCompliances 2 }
::= { radiusAuthServMIBCompliances 2 }
-- units of conformance
--一致性单位
radiusAuthServMIBGroup OBJECT-GROUP
OBJECTS {radiusAuthServIdent,
radiusAuthServUpTime,
radiusAuthServResetTime,
radiusAuthServConfigReset,
radiusAuthServTotalAccessRequests,
radiusAuthServTotalInvalidRequests,
radiusAuthServTotalDupAccessRequests,
radiusAuthServTotalAccessAccepts,
radiusAuthServTotalAccessRejects,
radiusAuthServTotalAccessChallenges,
radiusAuthServTotalMalformedAccessRequests,
radiusAuthServTotalBadAuthenticators,
radiusAuthServTotalPacketsDropped,
radiusAuthServTotalUnknownTypes,
radiusAuthClientAddress,
radiusAuthClientID,
radiusAuthServAccessRequests,
radiusAuthServDupAccessRequests,
radiusAuthServAccessAccepts,
radiusAuthServAccessRejects,
radiusAuthServAccessChallenges,
radiusAuthServMalformedAccessRequests,
radiusAuthServBadAuthenticators,
radiusAuthServPacketsDropped,
radiusAuthServUnknownTypes
}
STATUS deprecated
DESCRIPTION
"The collection of objects providing management of
a RADIUS Authentication Server."
::= { radiusAuthServMIBGroups 1 }
radiusAuthServMIBGroup OBJECT-GROUP
OBJECTS {radiusAuthServIdent,
radiusAuthServUpTime,
radiusAuthServResetTime,
radiusAuthServConfigReset,
radiusAuthServTotalAccessRequests,
radiusAuthServTotalInvalidRequests,
radiusAuthServTotalDupAccessRequests,
radiusAuthServTotalAccessAccepts,
radiusAuthServTotalAccessRejects,
radiusAuthServTotalAccessChallenges,
radiusAuthServTotalMalformedAccessRequests,
radiusAuthServTotalBadAuthenticators,
radiusAuthServTotalPacketsDropped,
radiusAuthServTotalUnknownTypes,
radiusAuthClientAddress,
radiusAuthClientID,
radiusAuthServAccessRequests,
radiusAuthServDupAccessRequests,
radiusAuthServAccessAccepts,
radiusAuthServAccessRejects,
radiusAuthServAccessChallenges,
radiusAuthServMalformedAccessRequests,
radiusAuthServBadAuthenticators,
radiusAuthServPacketsDropped,
radiusAuthServUnknownTypes
}
STATUS deprecated
DESCRIPTION
"The collection of objects providing management of
a RADIUS Authentication Server."
::= { radiusAuthServMIBGroups 1 }
radiusAuthServExtMIBGroup OBJECT-GROUP
OBJECTS {radiusAuthServIdent,
radiusAuthServUpTime,
radiusAuthServResetTime,
radiusAuthServConfigReset,
radiusAuthServTotalAccessRequests,
radiusAuthServTotalInvalidRequests,
radiusAuthServTotalDupAccessRequests,
radiusAuthServTotalAccessAccepts,
radiusAuthServTotalAccessRejects,
radiusAuthServTotalAccessChallenges,
radiusAuthServTotalMalformedAccessRequests,
radiusAuthServTotalBadAuthenticators,
radiusAuthServTotalPacketsDropped,
radiusAuthServTotalUnknownTypes,
radiusAuthClientInetAddressType,
radiusAuthClientInetAddress,
radiusAuthClientExtID,
radiusAuthServExtAccessRequests,
radiusAuthServExtDupAccessRequests,
radiusAuthServExtAccessAccepts,
radiusAuthServExtAccessRejects,
radiusAuthServExtAccessChallenges,
radiusAuthServExtMalformedAccessRequests,
radiusAuthServExtBadAuthenticators,
radiusAuthServExtPacketsDropped,
radiusAuthServExtUnknownTypes,
radiusAuthServCounterDiscontinuity
}
STATUS current
DESCRIPTION
"The collection of objects providing management of
a RADIUS Authentication Server."
::= { radiusAuthServMIBGroups 2 }
radiusAuthServExtMIBGroup OBJECT-GROUP
OBJECTS {radiusAuthServIdent,
radiusAuthServUpTime,
radiusAuthServResetTime,
radiusAuthServConfigReset,
radiusAuthServTotalAccessRequests,
radiusAuthServTotalInvalidRequests,
radiusAuthServTotalDupAccessRequests,
radiusAuthServTotalAccessAccepts,
radiusAuthServTotalAccessRejects,
radiusAuthServTotalAccessChallenges,
radiusAuthServTotalMalformedAccessRequests,
radiusAuthServTotalBadAuthenticators,
radiusAuthServTotalPacketsDropped,
radiusAuthServTotalUnknownTypes,
radiusAuthClientInetAddressType,
radiusAuthClientInetAddress,
radiusAuthClientExtID,
radiusAuthServExtAccessRequests,
radiusAuthServExtDupAccessRequests,
radiusAuthServExtAccessAccepts,
radiusAuthServExtAccessRejects,
radiusAuthServExtAccessChallenges,
radiusAuthServExtMalformedAccessRequests,
radiusAuthServExtBadAuthenticators,
radiusAuthServExtPacketsDropped,
radiusAuthServExtUnknownTypes,
radiusAuthServCounterDiscontinuity
}
STATUS current
DESCRIPTION
"The collection of objects providing management of
a RADIUS Authentication Server."
::= { radiusAuthServMIBGroups 2 }
END
终止
There are a number of management objects defined in this MIB that have a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These are:
此MIB中定义了许多管理对象,它们的MAX-ACCESS子句为read-write和/或read-create。在某些网络环境中,此类对象可能被视为敏感或易受攻击。在没有适当保护的非安全环境中支持SET操作可能会对网络操作产生负面影响。这些是:
radiusAuthServConfigReset This object can be used to reinitialize the persistent state of any server. When set to reset(2), any persistent server state (such as a process) is reinitialized as if the server had just been started. Depending on the server implementation details, this action may or may not interrupt the processing of pending request in the server. Abuse of this object may lead to a Denial of Service attack on the server.
radiusAuthServConfigReset此对象可用于重新初始化任何服务器的持久状态。当设置为reset(2)时,将重新初始化任何持久服务器状态(如进程),就像服务器刚刚启动一样。根据服务器实现的详细信息,此操作可能会也可能不会中断服务器中挂起请求的处理。滥用此对象可能会导致服务器上发生拒绝服务攻击。
There are a number of managed objects in this MIB that may contain sensitive information. These are:
此MIB中有许多托管对象可能包含敏感信息。这些是:
radiusAuthClientIPAddress This can be used to determine the address of the RADIUS authentication client with which the server is communicating. This information could be useful in mounting an attack on the authentication client.
radiusAuthClientIPAddress此选项可用于确定服务器与之通信的RADIUS身份验证客户端的地址。此信息有助于在身份验证客户端上发起攻击。
radiusAuthClientInetAddress This can be used to determine the address of the RADIUS authentication client with which the server is communicating. This information could be useful in mounting an attack on the authentication client.
RadiusAuthClientNetAddress可用于确定服务器与之通信的RADIUS身份验证客户端的地址。此信息有助于在身份验证客户端上发起攻击。
It is thus important to control even GET access to these objects and possibly to even encrypt the values of these object when sending them over the network via SNMP. Not all versions of SNMP provide features for such a secure environment.
因此,在通过SNMP通过网络发送这些对象时,控制甚至访问这些对象,甚至可能加密这些对象的值,这一点非常重要。并非所有版本的SNMP都为这种安全环境提供功能。
SNMP versions prior to SNMPv3 do not provide a secure environment. Even if the network itself is secure (for example by using IPsec), there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB.
SNMPv3之前的SNMP版本不提供安全环境。即使网络本身是安全的(例如通过使用IPsec),也无法控制安全网络上的谁可以访问和获取/设置(读取/更改/创建/删除)此MIB中的对象。
It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy).
建议实施者考虑SNMPv3框架所提供的安全特性(参见[RCFC310],第8节),包括对SNMPv3加密机制的完全支持(用于身份验证和隐私)。
Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them.
此外,不建议部署SNMPv3之前的SNMP版本。相反,建议部署SNMPv3并启用加密安全性。然后,客户/运营商应负责确保授予访问此MIB模块实例权限的SNMP实体已正确配置为仅授予那些拥有确实获取或设置(更改/创建/删除)对象的合法权限的主体(用户)访问对象。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.
[RFC2578]McCloghrie,K.,Ed.,Perkins,D.,Ed.,和J.Schoenwaeld,Ed.“管理信息的结构版本2(SMIv2)”,STD 58,RFC 2578,1999年4月。
[RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999.
[RFC2579]McCloghrie,K.,Ed.,Perkins,D.,Ed.,和J.Schoenwaeld,Ed.“SMIv2的文本约定”,STD 58,RFC 2579,1999年4月。
[RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999.
[RFC2580]McCloghrie,K.,Perkins,D.,和J.Schoenwaeld,“SMIv2的一致性声明”,STD 58,RFC 25801999年4月。
[RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000.
[RFC2865]Rigney,C.,Willens,S.,Rubens,A.,和W.Simpson,“远程认证拨入用户服务(RADIUS)”,RFC 28652000年6月。
[RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, December 2002.
[RFC3411]Harrington,D.,Presohn,R.,和B.Wijnen,“描述简单网络管理协议(SNMP)管理框架的体系结构”,STD 62,RFC 3411,2002年12月。
[RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. Schoenwaelder, "Textual Conventions for Internet Network Addresses", RFC 4001, February 2005.
[RFC4001]Daniele,M.,Haberman,B.,Routhier,S.,和J.Schoenwaeld,“互联网网络地址的文本约定”,RFC 4001,2005年2月。
[RFC2619] Zorn, G. and B. Aboba, "RADIUS Authentication Server MIB", RFC 2619, June 1999.
[RFC2619]Zorn,G.和B.Aboba,“RADIUS认证服务器MIB”,RFC 261999年6月。
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet-Standard Management Framework", RFC 3410, December 2002.
[RFC3410]Case,J.,Mundy,R.,Partain,D.,和B.Stewart,“互联网标准管理框架的介绍和适用性声明”,RFC 34102002年12月。
[RFC4668] Nelson, D., "RADIUS Authentication Client MIB for IPv6", RFC 4668, August 2006.
[RFC4668]Nelson,D.,“IPv6的RADIUS身份验证客户端MIB”,RFC 4668,2006年8月。
The authors of the original MIB are Bernard Aboba and Glen Zorn.
原始MIB的作者是Bernard Aboba和Glen Zorn。
Many thanks to all reviewers, especially to David Harrington, Dan Romascanu, C.M. Heard, Bruno Pape, Greg Weber, and Bert Wijnen.
非常感谢所有评论家,特别是大卫·哈灵顿、丹·罗马斯坎努、C.M.赫德、布鲁诺·帕普、格雷格·韦伯和伯特·维恩。
Author's Address
作者地址
David B. Nelson Enterasys Networks 50 Minuteman Road Andover, MA 01810 USA
David B.Nelson Enterasys Networks美国马萨诸塞州安多弗市Minuteman路50号01810
EMail: dnelson@enterasys.com
EMail: dnelson@enterasys.com
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2006).
版权所有(C)互联网协会(2006年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA).
RFC编辑器功能的资金由IETF行政支持活动(IASA)提供。