Network Working Group D. Nelson
Request for Comments: 4668 Enterasys Networks
Obsoletes: 2618 August 2006
Category: Standards Track
Network Working Group D. Nelson
Request for Comments: 4668 Enterasys Networks
Obsoletes: 2618 August 2006
Category: Standards Track
RADIUS Authentication Client MIB for IPv6
用于IPv6的RADIUS身份验证客户端MIB
Status of This Memo
关于下段备忘
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2006).
版权所有(C)互联网协会(2006年)。
Abstract
摘要
This memo defines a set of extensions that instrument RADIUS authentication client functions. These extensions represent a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. Using these extensions, IP-based management stations can manage RADIUS authentication clients.
此备忘录定义了一组扩展,用于检测RADIUS身份验证客户端的功能。这些扩展代表管理信息库(MIB)的一部分,用于Internet社区中的网络管理协议。使用这些扩展,基于IP的管理站可以管理RADIUS身份验证客户端。
This memo obsoletes RFC 2618 by deprecating the MIB table containing IPv4-only address formats and defining a new table to add support for version-neutral IP address formats. The remaining MIB objects from RFC 2618 are carried forward into this document. The memo also adds UNITS and REFERENCE clauses to selected objects.
此备忘录通过弃用包含仅IPv4地址格式的MIB表,并定义一个新表来添加对版本无关IP地址格式的支持,从而淘汰了RFC 2618。RFC 2618中的其余MIB对象将转入本文档。该备忘录还向选定对象添加单位和引用子句。
Table of Contents
目录
1. Introduction ....................................................3
2. Terminology .....................................................3
3. The Internet-Standard Management Framework ......................3
4. Scope of Changes ................................................3
5. Structure of the MIB Module .....................................4
6. Deprecated Objects ..............................................5
7. Definitions .....................................................5
8. Security Considerations ........................................20
9. References .....................................................22
9.1. Normative References ......................................22
9.2. Informative References ....................................22
Appendix A. Acknowledgements ......................................23
1. Introduction ....................................................3
2. Terminology .....................................................3
3. The Internet-Standard Management Framework ......................3
4. Scope of Changes ................................................3
5. Structure of the MIB Module .....................................4
6. Deprecated Objects ..............................................5
7. Definitions .....................................................5
8. Security Considerations ........................................20
9. References .....................................................22
9.1. Normative References ......................................22
9.2. Informative References ....................................22
Appendix A. Acknowledgements ......................................23
This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. The objects defined within this memo relate to the Remote Authentication Dial-In User Service (RADIUS) Authentication Client as defined in RFC 2865 [RFC2865].
此备忘录定义了管理信息库(MIB)的一部分,用于Internet社区中的网络管理协议。本备忘录中定义的对象与RFC 2865[RFC2865]中定义的远程身份验证拨入用户服务(RADIUS)身份验证客户端相关。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[RFC2119]中所述进行解释。
This document uses terminology from RFC 2865 [RFC2865].
本文件使用RFC 2865[RFC2865]中的术语。
This document uses the word "malformed" with respect to RADIUS packets, particularly in the context of counters of "malformed packets". While RFC 2865 does not provide an explicit definition of "malformed", malformed generally means that the implementation has determined the packet does not match the format defined in RFC 2865. Some implementations may determine that packets are malformed when the Vendor Specific Attribute (VSA) format does not follow the RFC 2865 recommendations for VSAs. Those implementations are used in deployments today, and thus set the de facto definition of "malformed".
本文档对RADIUS数据包使用“格式错误”一词,尤其是在“格式错误数据包”的计数器上下文中。虽然RFC 2865没有提供“格式错误”的明确定义,但格式错误通常意味着实现已确定数据包与RFC 2865中定义的格式不匹配。当供应商特定属性(VSA)格式不符合RFC 2865对VSA的建议时,一些实现可能会确定数据包的格式不正确。这些实现在今天的部署中使用,因此设置了“畸形”的事实定义。
For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410].
有关描述当前互联网标准管理框架的文件的详细概述,请参阅RFC 3410[RFC3410]第7节。
Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580].
托管对象通过虚拟信息存储(称为管理信息库或MIB)进行访问。MIB对象通常通过简单网络管理协议(SNMP)进行访问。MIB中的对象是使用管理信息结构(SMI)中定义的机制定义的。本备忘录规定了符合SMIv2的MIB模块,如STD 58、RFC 2578[RFC2578]、STD 58、RFC 2579[RFC2579]和STD 58、RFC 2580[RFC2580]所述。
This document obsoletes RFC 2618 [RFC2618], RADIUS Authentication Client MIB, by deprecating the radiusAuthServerTable table and adding a new table, radiusAuthServerExtTable, containing radiusAuthServerInetAddressType, radiusAuthServerInetAddress, and
本文档通过弃用radiusAuthServerTable表并添加一个新表radiusAuthServerExtTable(包含radiusAuthServerInetAddressType、radiusAuthServerInetAddress和radiusAuthServerInetAddress),淘汰了RFC 2618[RFC2618]、RADIUS身份验证客户端MIB
radiusAuthClientServerInetPortNumber. The purpose of these added MIB objects is to support version-neutral IP addressing formats. The existing table containing radiusAuthServerAddress and radiusAuthClientServerPortNumber is deprecated. The remaining MIB objects are carried forward from RFC 2618 into this document. This memo also adds UNITS and REFERENCE clauses to selected objects.
radiusAuthClientServerInetPortNumber。这些添加的MIB对象的目的是支持版本无关的IP寻址格式。不推荐使用包含radiusAuthServerAddress和radiusAuthClientServerPortNumber的现有表。剩余的MIB对象从RFC 2618转入本文档。此备忘录还向选定对象添加单位和引用子句。
RFC 4001 [RFC4001], which defines the SMI Textual Conventions for IPv6 addresses, contains the following recommendation.
RFC 4001[RFC4001]定义了IPv6地址的SMI文本约定,其中包含以下建议。
'In particular, when revising a MIB module that contains IPv4 specific tables, it is suggested to define new tables using the textual conventions defined in this memo [RFC4001] that support all versions of IP. The status of the new tables SHOULD be "current", whereas the status of the old IP version specific tables SHOULD be changed to "deprecated". The other approach, of having multiple similar tables for different IP versions, is strongly discouraged.'
'特别是,当修改包含IPv4特定表的MIB模块时,建议使用本备忘录[RFC4001]中定义的支持所有IP版本的文本约定定义新表。新表的状态应为“当前”,而旧IP版本特定表的状态应更改为“已弃用”。另一种方法是为不同的IP版本提供多个类似的表,这是强烈反对的。”
The RADIUS authentication protocol, described in RFC 2865 [RFC2865], distinguishes between the client function and the server function. In RADIUS authentication, clients send Access-Requests, and servers reply with Access-Accepts, Access-Rejects, and Access-Challenges. Typically, Network Access Server (NAS) devices implement the client function, and thus would be expected to implement the RADIUS authentication client MIB, while RADIUS authentication servers implement the server function, and thus would be expected to implement the RADIUS authentication server MIB.
RFC 2865[RFC2865]中描述的RADIUS认证协议区分了客户端功能和服务器功能。在RADIUS身份验证中,客户端发送访问请求,服务器回复访问接受、访问拒绝和访问挑战。通常,网络访问服务器(NAS)设备实现客户端功能,因此预期将实现RADIUS身份验证客户端MIB,而RADIUS身份验证服务器实现服务器功能,因此预期将实现RADIUS身份验证服务器MIB。
However, it is possible for a RADIUS authentication entity to perform both client and server functions. For example, a RADIUS proxy may act as a server to one or more RADIUS authentication clients, while simultaneously acting as an authentication client to one or more authentication servers. In such situations, it is expected that RADIUS entities combining client and server functionality will support both the client and server MIBs. The client MIB is defined in this document, and the server MIB is defined in [RFC4669].
但是,RADIUS身份验证实体可以同时执行客户端和服务器功能。例如,RADIUS代理可以充当一个或多个RADIUS身份验证客户端的服务器,同时充当一个或多个身份验证服务器的身份验证客户端。在这种情况下,结合客户端和服务器功能的RADIUS实体预计将同时支持客户端和服务器MIB。客户机MIB在本文档中定义,服务器MIB在[RFC4669]中定义。
This MIB module contains two scalars as well as a single table, the RADIUS Authentication Server Table, which contains one row for each RADIUS authentication server with which the client shares a secret. Each entry in the RADIUS Authentication Server Table includes sixteen columns presenting a view of the activity of the RADIUS authentication client.
此MIB模块包含两个标量以及一个表RADIUS Authentication Server表,该表为每个RADIUS Authentication Server(客户端与之共享一个秘密)包含一行。RADIUS Authentication Server表中的每个条目包括16列,显示RADIUS Authentication client活动的视图。
This MIB imports from [RFC2578], [RFC2580], [RFC3411], and [RFC4001].
此MIB从[RFC2578]、[RFC2580]、[RFC3411]和[RFC4001]导入。
The deprecated table in this MIB is carried forward from RFC 2618 [RFC2618]. There are two conditions under which it MAY be desirable for managed entities to continue to support the deprecated table:
此MIB中不推荐使用的表由RFC 2618[RFC2618]结转。在两种情况下,托管实体可能需要继续支持不推荐使用的表:
1. The managed entity only supports IPv4 address formats.
1. 托管实体仅支持IPv4地址格式。
2. The managed entity supports both IPv4 and IPv6 address formats, and the deprecated table is supported for backwards compatibility with older management stations. This option SHOULD only be used when the IP addresses in the new table are in IPv4 format and can accurately be represented in both the new table and the deprecated table.
2. 受管实体支持IPv4和IPv6地址格式,不推荐使用的表支持与旧的管理站向后兼容。仅当新表中的IP地址为IPv4格式并且可以在新表和弃用表中准确表示时,才应使用此选项。
Managed entities SHOULD NOT instantiate row entries in the deprecated table, containing IPv4-only address objects, when the RADIUS server address represented in such a table row is not an IPv4 address. Managed entities SHOULD NOT return inaccurate values of IP address or SNMP object access errors for IPv4-only address objects in otherwise populated tables. When row entries exist in both the deprecated IPv4-only table and the new IP-version-neutral table that describe the same RADIUS server, the row indexes SHOULD be the same for the corresponding rows in each table, to facilitate correlation of these related rows by management applications.
当不推荐使用的表行中表示的RADIUS服务器地址不是IPv4地址时,托管实体不应实例化该表中包含仅IPv4地址对象的行条目。对于以其他方式填充的表中仅IPv4地址对象,托管实体不应返回不准确的IP地址值或SNMP对象访问错误。当描述同一RADIUS服务器的已弃用的仅IPv4表和新的IP版本中立表中都存在行条目时,每个表中相应行的行索引应相同,以便于管理应用程序关联这些相关行。
RADIUS-AUTH-CLIENT-MIB DEFINITIONS ::= BEGIN
RADIUS-AUTH-CLIENT-MIB DEFINITIONS ::= BEGIN
IMPORTS MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, Counter32, Integer32, Gauge32, IpAddress, TimeTicks, mib-2 FROM SNMPv2-SMI SnmpAdminString FROM SNMP-FRAMEWORK-MIB InetAddressType, InetAddress, InetPortNumber FROM INET-ADDRESS-MIB MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF;
从SNMPv2 SMI导入模块标识、对象类型、对象标识、计数器32、整数32、仪表32、IP地址、时间刻度、mib-2,从SNMP-FRAMEWORK-mib InetAddressType导入SNMPAdministring,从INET-ADDRESS-mib MODULE-COMPLIANCE导入InetAddress、InetPortNumber,从SNMPv2 CONF导入对象组;
radiusAuthClientMIB MODULE-IDENTITY LAST-UPDATED "200608210000Z" -- 21 August 2006 ORGANIZATION "IETF RADIUS Extensions Working Group." CONTACT-INFO " Bernard Aboba Microsoft One Microsoft Way Redmond, WA 98052
radiusAuthClientMIB模块标识最后一次更新“2006082100Z”-2006年8月21日组织“IETF RADIUS扩展工作组”。联系方式“Bernard Aboba Microsoft One Microsoft Way Redmond,WA 98052
US
Phone: +1 425 936 6605
EMail: bernarda@microsoft.com"
DESCRIPTION
"The MIB module for entities implementing the client
side of the Remote Authentication Dial-In User Service
(RADIUS) authentication protocol. Copyright (C) The
Internet Society (2006). This version of this MIB
module is part of RFC 4668; see the RFC itself for
full legal notices."
REVISION "200608210000Z" -- 21 August 2006
DESCRIPTION
"Revised version as published in RFC 4668. This
version obsoletes that of RFC 2618 by deprecating
the MIB table containing IPv4-only address formats
and defining a new table to add support for version
neutral IP address formats. The remaining MIB objects
from RFC 2618 are carried forward into this version."
REVISION "199906110000Z" -- 11 Jun 1999
DESCRIPTION "Initial version as published in RFC 2618."
::= { radiusAuthentication 2 }
US
Phone: +1 425 936 6605
EMail: bernarda@microsoft.com"
DESCRIPTION
"The MIB module for entities implementing the client
side of the Remote Authentication Dial-In User Service
(RADIUS) authentication protocol. Copyright (C) The
Internet Society (2006). This version of this MIB
module is part of RFC 4668; see the RFC itself for
full legal notices."
REVISION "200608210000Z" -- 21 August 2006
DESCRIPTION
"Revised version as published in RFC 4668. This
version obsoletes that of RFC 2618 by deprecating
the MIB table containing IPv4-only address formats
and defining a new table to add support for version
neutral IP address formats. The remaining MIB objects
from RFC 2618 are carried forward into this version."
REVISION "199906110000Z" -- 11 Jun 1999
DESCRIPTION "Initial version as published in RFC 2618."
::= { radiusAuthentication 2 }
radiusMIB OBJECT-IDENTITY
STATUS current
DESCRIPTION
"The OID assigned to RADIUS MIB work by the IANA."
::= { mib-2 67 }
radiusMIB OBJECT-IDENTITY
STATUS current
DESCRIPTION
"The OID assigned to RADIUS MIB work by the IANA."
::= { mib-2 67 }
radiusAuthentication OBJECT IDENTIFIER ::= {radiusMIB 1}
radiusAuthentication OBJECT IDENTIFIER ::= {radiusMIB 1}
radiusAuthClientMIBObjects OBJECT IDENTIFIER
::= { radiusAuthClientMIB 1 }
radiusAuthClientMIBObjects OBJECT IDENTIFIER
::= { radiusAuthClientMIB 1 }
radiusAuthClient OBJECT IDENTIFIER
::= { radiusAuthClientMIBObjects 1 }
radiusAuthClient OBJECT IDENTIFIER
::= { radiusAuthClientMIBObjects 1 }
radiusAuthClientInvalidServerAddresses OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Access-Response packets
received from unknown addresses."
::= { radiusAuthClient 1 }
radiusAuthClientInvalidServerAddresses OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Access-Response packets
received from unknown addresses."
::= { radiusAuthClient 1 }
radiusAuthClientIdentifier OBJECT-TYPE SYNTAX SnmpAdminString
radiusAuthClientIdentifier对象类型语法SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The NAS-Identifier of the RADIUS authentication client.
This is not necessarily the same as sysName in MIB II."
REFERENCE "RFC 2865 section 5.32"
::= { radiusAuthClient 2 }
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The NAS-Identifier of the RADIUS authentication client.
This is not necessarily the same as sysName in MIB II."
REFERENCE "RFC 2865 section 5.32"
::= { radiusAuthClient 2 }
radiusAuthServerTable OBJECT-TYPE
SYNTAX SEQUENCE OF RadiusAuthServerEntry
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"The (conceptual) table listing the RADIUS authentication
servers with which the client shares a secret."
::= { radiusAuthClient 3 }
radiusAuthServerTable OBJECT-TYPE
SYNTAX SEQUENCE OF RadiusAuthServerEntry
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"The (conceptual) table listing the RADIUS authentication
servers with which the client shares a secret."
::= { radiusAuthClient 3 }
radiusAuthServerEntry OBJECT-TYPE
SYNTAX RadiusAuthServerEntry
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"An entry (conceptual row) representing a RADIUS
authentication server with which the client shares
a secret."
INDEX { radiusAuthServerIndex }
::= { radiusAuthServerTable 1 }
radiusAuthServerEntry OBJECT-TYPE
SYNTAX RadiusAuthServerEntry
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"An entry (conceptual row) representing a RADIUS
authentication server with which the client shares
a secret."
INDEX { radiusAuthServerIndex }
::= { radiusAuthServerTable 1 }
RadiusAuthServerEntry ::= SEQUENCE {
radiusAuthServerIndex Integer32,
radiusAuthServerAddress IpAddress,
radiusAuthClientServerPortNumber Integer32,
radiusAuthClientRoundTripTime TimeTicks,
radiusAuthClientAccessRequests Counter32,
radiusAuthClientAccessRetransmissions Counter32,
radiusAuthClientAccessAccepts Counter32,
radiusAuthClientAccessRejects Counter32,
radiusAuthClientAccessChallenges Counter32,
radiusAuthClientMalformedAccessResponses Counter32,
radiusAuthClientBadAuthenticators Counter32,
radiusAuthClientPendingRequests Gauge32,
radiusAuthClientTimeouts Counter32,
radiusAuthClientUnknownTypes Counter32,
radiusAuthClientPacketsDropped Counter32
}
RadiusAuthServerEntry ::= SEQUENCE {
radiusAuthServerIndex Integer32,
radiusAuthServerAddress IpAddress,
radiusAuthClientServerPortNumber Integer32,
radiusAuthClientRoundTripTime TimeTicks,
radiusAuthClientAccessRequests Counter32,
radiusAuthClientAccessRetransmissions Counter32,
radiusAuthClientAccessAccepts Counter32,
radiusAuthClientAccessRejects Counter32,
radiusAuthClientAccessChallenges Counter32,
radiusAuthClientMalformedAccessResponses Counter32,
radiusAuthClientBadAuthenticators Counter32,
radiusAuthClientPendingRequests Gauge32,
radiusAuthClientTimeouts Counter32,
radiusAuthClientUnknownTypes Counter32,
radiusAuthClientPacketsDropped Counter32
}
radiusAuthServerIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647)
radiusAuthServerIndex对象类型语法整数32(1..2147483647)
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"A number uniquely identifying each RADIUS
Authentication server with which this client
communicates."
::= { radiusAuthServerEntry 1 }
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"A number uniquely identifying each RADIUS
Authentication server with which this client
communicates."
::= { radiusAuthServerEntry 1 }
radiusAuthServerAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The IP address of the RADIUS authentication server
referred to in this table entry."
::= { radiusAuthServerEntry 2 }
radiusAuthServerAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The IP address of the RADIUS authentication server
referred to in this table entry."
::= { radiusAuthServerEntry 2 }
radiusAuthClientServerPortNumber OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The UDP port the client is using to send requests to
this server."
REFERENCE "RFC 2865 section 3"
::= { radiusAuthServerEntry 3 }
radiusAuthClientServerPortNumber OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The UDP port the client is using to send requests to
this server."
REFERENCE "RFC 2865 section 3"
::= { radiusAuthServerEntry 3 }
radiusAuthClientRoundTripTime OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The time interval (in hundredths of a second) between
the most recent Access-Reply/Access-Challenge and the
Access-Request that matched it from this RADIUS
authentication server."
::= { radiusAuthServerEntry 4 }
radiusAuthClientRoundTripTime OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The time interval (in hundredths of a second) between
the most recent Access-Reply/Access-Challenge and the
Access-Request that matched it from this RADIUS
authentication server."
::= { radiusAuthServerEntry 4 }
-- Request/Response statistics
--
-- TotalIncomingPackets = Accepts + Rejects + Challenges +
-- UnknownTypes
--
-- TotalIncomingPackets - MalformedResponses -
-- BadAuthenticators - UnknownTypes - PacketsDropped =
-- Successfully received
--
-- AccessRequests + PendingRequests + ClientTimeouts =
-- Request/Response statistics
--
-- TotalIncomingPackets = Accepts + Rejects + Challenges +
-- UnknownTypes
--
-- TotalIncomingPackets - MalformedResponses -
-- BadAuthenticators - UnknownTypes - PacketsDropped =
-- Successfully received
--
-- AccessRequests + PendingRequests + ClientTimeouts =
-- Successfully received -- --
--已成功接收----
radiusAuthClientAccessRequests OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of RADIUS Access-Request packets sent
to this server. This does not include retransmissions."
REFERENCE "RFC 2865 section 4.1"
::= { radiusAuthServerEntry 5 }
radiusAuthClientAccessRequests OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of RADIUS Access-Request packets sent
to this server. This does not include retransmissions."
REFERENCE "RFC 2865 section 4.1"
::= { radiusAuthServerEntry 5 }
radiusAuthClientAccessRetransmissions OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of RADIUS Access-Request packets
retransmitted to this RADIUS authentication server."
REFERENCE "RFC 2865 sections 2.5, 4.1"
::= { radiusAuthServerEntry 6 }
radiusAuthClientAccessRetransmissions OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of RADIUS Access-Request packets
retransmitted to this RADIUS authentication server."
REFERENCE "RFC 2865 sections 2.5, 4.1"
::= { radiusAuthServerEntry 6 }
radiusAuthClientAccessAccepts OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of RADIUS Access-Accept packets
(valid or invalid) received from this server."
REFERENCE "RFC 2865 section 4.2"
::= { radiusAuthServerEntry 7 }
radiusAuthClientAccessAccepts OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of RADIUS Access-Accept packets
(valid or invalid) received from this server."
REFERENCE "RFC 2865 section 4.2"
::= { radiusAuthServerEntry 7 }
radiusAuthClientAccessRejects OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of RADIUS Access-Reject packets
(valid or invalid) received from this server."
REFERENCE "RFC 2865 section 4.3"
::= { radiusAuthServerEntry 8 }
radiusAuthClientAccessRejects OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of RADIUS Access-Reject packets
(valid or invalid) received from this server."
REFERENCE "RFC 2865 section 4.3"
::= { radiusAuthServerEntry 8 }
radiusAuthClientAccessChallenges OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of RADIUS Access-Challenge packets
(valid or invalid) received from this server."
REFERENCE "RFC 2865 section 4.4"
::= { radiusAuthServerEntry 9 }
radiusAuthClientAccessChallenges OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of RADIUS Access-Challenge packets
(valid or invalid) received from this server."
REFERENCE "RFC 2865 section 4.4"
::= { radiusAuthServerEntry 9 }
-- "Access-Response" includes an Access-Accept, Access-Challenge
-- or Access-Reject
-- "Access-Response" includes an Access-Accept, Access-Challenge
-- or Access-Reject
radiusAuthClientMalformedAccessResponses OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of malformed RADIUS Access-Response
packets received from this server.
Malformed packets include packets with
an invalid length. Bad authenticators or
Message Authenticator attributes or unknown types
are not included as malformed access responses."
::= { radiusAuthServerEntry 10 }
radiusAuthClientMalformedAccessResponses OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of malformed RADIUS Access-Response
packets received from this server.
Malformed packets include packets with
an invalid length. Bad authenticators or
Message Authenticator attributes or unknown types
are not included as malformed access responses."
::= { radiusAuthServerEntry 10 }
radiusAuthClientBadAuthenticators OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of RADIUS Access-Response packets
containing invalid authenticators or Message
Authenticator attributes received from this server."
REFERENCE "RFC 2865 section 3, RFC 2869 section 5.14"
::= { radiusAuthServerEntry 11 }
radiusAuthClientBadAuthenticators OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of RADIUS Access-Response packets
containing invalid authenticators or Message
Authenticator attributes received from this server."
REFERENCE "RFC 2865 section 3, RFC 2869 section 5.14"
::= { radiusAuthServerEntry 11 }
radiusAuthClientPendingRequests OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS deprecated DESCRIPTION "The number of RADIUS Access-Request packets destined for this server that have not yet timed out or received a response. This variable is incremented
radiusAuthClientPendingRequests对象类型语法量表32 MAX-ACCESS只读状态不推荐使用说明“发送到此服务器但尚未超时或未收到响应的RADIUS访问请求数据包数。此变量递增
when an Access-Request is sent and decremented due to
receipt of an Access-Accept, Access-Reject,
Access-Challenge, timeout, or retransmission."
REFERENCE "RFC 2865 section 2"
::= { radiusAuthServerEntry 12 }
when an Access-Request is sent and decremented due to
receipt of an Access-Accept, Access-Reject,
Access-Challenge, timeout, or retransmission."
REFERENCE "RFC 2865 section 2"
::= { radiusAuthServerEntry 12 }
radiusAuthClientTimeouts OBJECT-TYPE
SYNTAX Counter32
UNITS "timeouts"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of authentication timeouts to this server.
After a timeout, the client may retry to the same
server, send to a different server, or
give up. A retry to the same server is counted as a
retransmit as well as a timeout. A send to a different
server is counted as a Request as well as a timeout."
REFERENCE "RFC 2865 section 2, RFC 2869 section 2.3.2"
::= { radiusAuthServerEntry 13 }
radiusAuthClientTimeouts OBJECT-TYPE
SYNTAX Counter32
UNITS "timeouts"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of authentication timeouts to this server.
After a timeout, the client may retry to the same
server, send to a different server, or
give up. A retry to the same server is counted as a
retransmit as well as a timeout. A send to a different
server is counted as a Request as well as a timeout."
REFERENCE "RFC 2865 section 2, RFC 2869 section 2.3.2"
::= { radiusAuthServerEntry 13 }
radiusAuthClientUnknownTypes OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of RADIUS packets of unknown type that
were received from this server on the authentication
port."
::= { radiusAuthServerEntry 14 }
radiusAuthClientUnknownTypes OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of RADIUS packets of unknown type that
were received from this server on the authentication
port."
::= { radiusAuthServerEntry 14 }
radiusAuthClientPacketsDropped OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of RADIUS packets that were
received from this server on the authentication port
and dropped for some other reason."
::= { radiusAuthServerEntry 15 }
radiusAuthClientPacketsDropped OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of RADIUS packets that were
received from this server on the authentication port
and dropped for some other reason."
::= { radiusAuthServerEntry 15 }
-- New MIB Objects in this revision
--此修订版中的新MIB对象
radiusAuthServerExtTable OBJECT-TYPE SYNTAX SEQUENCE OF RadiusAuthServerExtEntry
RadiusAuthServerExtEntry的radiusAuthServerExtTable对象类型语法序列
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The (conceptual) table listing the RADIUS authentication
servers with which the client shares a secret."
::= { radiusAuthClient 4 }
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The (conceptual) table listing the RADIUS authentication
servers with which the client shares a secret."
::= { radiusAuthClient 4 }
radiusAuthServerExtEntry OBJECT-TYPE
SYNTAX RadiusAuthServerExtEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (conceptual row) representing a RADIUS
authentication server with which the client shares
a secret."
INDEX { radiusAuthServerExtIndex }
::= { radiusAuthServerExtTable 1 }
radiusAuthServerExtEntry OBJECT-TYPE
SYNTAX RadiusAuthServerExtEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (conceptual row) representing a RADIUS
authentication server with which the client shares
a secret."
INDEX { radiusAuthServerExtIndex }
::= { radiusAuthServerExtTable 1 }
RadiusAuthServerExtEntry ::= SEQUENCE {
radiusAuthServerExtIndex Integer32,
radiusAuthServerInetAddressType InetAddressType,
radiusAuthServerInetAddress InetAddress,
radiusAuthClientServerInetPortNumber InetPortNumber,
radiusAuthClientExtRoundTripTime TimeTicks,
radiusAuthClientExtAccessRequests Counter32,
radiusAuthClientExtAccessRetransmissions Counter32,
radiusAuthClientExtAccessAccepts Counter32,
radiusAuthClientExtAccessRejects Counter32,
radiusAuthClientExtAccessChallenges Counter32,
radiusAuthClientExtMalformedAccessResponses Counter32,
radiusAuthClientExtBadAuthenticators Counter32,
radiusAuthClientExtPendingRequests Gauge32,
radiusAuthClientExtTimeouts Counter32,
radiusAuthClientExtUnknownTypes Counter32,
radiusAuthClientExtPacketsDropped Counter32,
radiusAuthClientCounterDiscontinuity TimeTicks
}
RadiusAuthServerExtEntry ::= SEQUENCE {
radiusAuthServerExtIndex Integer32,
radiusAuthServerInetAddressType InetAddressType,
radiusAuthServerInetAddress InetAddress,
radiusAuthClientServerInetPortNumber InetPortNumber,
radiusAuthClientExtRoundTripTime TimeTicks,
radiusAuthClientExtAccessRequests Counter32,
radiusAuthClientExtAccessRetransmissions Counter32,
radiusAuthClientExtAccessAccepts Counter32,
radiusAuthClientExtAccessRejects Counter32,
radiusAuthClientExtAccessChallenges Counter32,
radiusAuthClientExtMalformedAccessResponses Counter32,
radiusAuthClientExtBadAuthenticators Counter32,
radiusAuthClientExtPendingRequests Gauge32,
radiusAuthClientExtTimeouts Counter32,
radiusAuthClientExtUnknownTypes Counter32,
radiusAuthClientExtPacketsDropped Counter32,
radiusAuthClientCounterDiscontinuity TimeTicks
}
radiusAuthServerExtIndex OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A number uniquely identifying each RADIUS
Authentication server with which this client
communicates."
::= { radiusAuthServerExtEntry 1 }
radiusAuthServerExtIndex OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A number uniquely identifying each RADIUS
Authentication server with which this client
communicates."
::= { radiusAuthServerExtEntry 1 }
radiusAuthServerInetAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of address format used for the
radiusAuthServerInetAddress object."
::= { radiusAuthServerExtEntry 2 }
radiusAuthServerInetAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of address format used for the
radiusAuthServerInetAddress object."
::= { radiusAuthServerExtEntry 2 }
radiusAuthServerInetAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IP address of the RADIUS authentication
server referred to in this table entry, using
the version-neutral IP address format."
::= { radiusAuthServerExtEntry 3 }
radiusAuthServerInetAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IP address of the RADIUS authentication
server referred to in this table entry, using
the version-neutral IP address format."
::= { radiusAuthServerExtEntry 3 }
radiusAuthClientServerInetPortNumber OBJECT-TYPE
SYNTAX InetPortNumber ( 1..65535 )
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The UDP port the client is using to send requests
to this server. The value of zero (0) is invalid."
REFERENCE "RFC 2865 section 3"
::= { radiusAuthServerExtEntry 4 }
radiusAuthClientServerInetPortNumber OBJECT-TYPE
SYNTAX InetPortNumber ( 1..65535 )
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The UDP port the client is using to send requests
to this server. The value of zero (0) is invalid."
REFERENCE "RFC 2865 section 3"
::= { radiusAuthServerExtEntry 4 }
radiusAuthClientExtRoundTripTime OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The time interval (in hundredths of a second) between
the most recent Access-Reply/Access-Challenge and the
Access-Request that matched it from this RADIUS
authentication server."
REFERENCE "RFC 2865 section 2"
::= { radiusAuthServerExtEntry 5 }
radiusAuthClientExtRoundTripTime OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The time interval (in hundredths of a second) between
the most recent Access-Reply/Access-Challenge and the
Access-Request that matched it from this RADIUS
authentication server."
REFERENCE "RFC 2865 section 2"
::= { radiusAuthServerExtEntry 5 }
-- Request/Response statistics
--
-- TotalIncomingPackets = Accepts + Rejects + Challenges +
-- UnknownTypes
--
-- TotalIncomingPackets - MalformedResponses -
-- BadAuthenticators - UnknownTypes - PacketsDropped =
-- Request/Response statistics
--
-- TotalIncomingPackets = Accepts + Rejects + Challenges +
-- UnknownTypes
--
-- TotalIncomingPackets - MalformedResponses -
-- BadAuthenticators - UnknownTypes - PacketsDropped =
-- Successfully received
--
-- AccessRequests + PendingRequests + ClientTimeouts =
-- Successfully received
--
--
-- Successfully received
--
-- AccessRequests + PendingRequests + ClientTimeouts =
-- Successfully received
--
--
radiusAuthClientExtAccessRequests OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Access-Request packets sent
to this server. This does not include retransmissions.
This counter may experience a discontinuity when the
RADIUS Client module within the managed entity is
reinitialized, as indicated by the current value of
radiusAuthClientCounterDiscontinuity."
REFERENCE "RFC 2865 section 4.1"
::= { radiusAuthServerExtEntry 6 }
radiusAuthClientExtAccessRequests OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Access-Request packets sent
to this server. This does not include retransmissions.
This counter may experience a discontinuity when the
RADIUS Client module within the managed entity is
reinitialized, as indicated by the current value of
radiusAuthClientCounterDiscontinuity."
REFERENCE "RFC 2865 section 4.1"
::= { radiusAuthServerExtEntry 6 }
radiusAuthClientExtAccessRetransmissions OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Access-Request packets
retransmitted to this RADIUS authentication server.
This counter may experience a discontinuity when
the RADIUS Client module within the managed entity
is reinitialized, as indicated by the current value
of radiusAuthClientCounterDiscontinuity."
REFERENCE "RFC 2865 sections 2.5, 4.1"
::= { radiusAuthServerExtEntry 7 }
radiusAuthClientExtAccessRetransmissions OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Access-Request packets
retransmitted to this RADIUS authentication server.
This counter may experience a discontinuity when
the RADIUS Client module within the managed entity
is reinitialized, as indicated by the current value
of radiusAuthClientCounterDiscontinuity."
REFERENCE "RFC 2865 sections 2.5, 4.1"
::= { radiusAuthServerExtEntry 7 }
radiusAuthClientExtAccessAccepts OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of RADIUS Access-Accept packets (valid or invalid) received from this server. This counter may experience a discontinuity when the RADIUS Client module within the managed entity is reinitialized, as indicated by the current value
radiusAuthClientExtAccessAccepts对象类型语法计数器32个单位“数据包”最大访问只读状态当前描述“RADIUS访问接受数据包的数量(有效或无效)从该服务器接收。如当前值所示,当托管实体中的RADIUS客户端模块重新初始化时,此计数器可能会出现中断
of radiusAuthClientCounterDiscontinuity."
REFERENCE "RFC 2865 section 4.2"
::= { radiusAuthServerExtEntry 8 }
of radiusAuthClientCounterDiscontinuity."
REFERENCE "RFC 2865 section 4.2"
::= { radiusAuthServerExtEntry 8 }
radiusAuthClientExtAccessRejects OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Access-Reject packets
(valid or invalid) received from this server.
This counter may experience a discontinuity when
the RADIUS Client module within the managed
entity is reinitialized, as indicated by the
current value of
radiusAuthClientCounterDiscontinuity."
REFERENCE "RFC 2865 section 4.3"
::= { radiusAuthServerExtEntry 9 }
radiusAuthClientExtAccessRejects OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Access-Reject packets
(valid or invalid) received from this server.
This counter may experience a discontinuity when
the RADIUS Client module within the managed
entity is reinitialized, as indicated by the
current value of
radiusAuthClientCounterDiscontinuity."
REFERENCE "RFC 2865 section 4.3"
::= { radiusAuthServerExtEntry 9 }
radiusAuthClientExtAccessChallenges OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Access-Challenge packets
(valid or invalid) received from this server.
This counter may experience a discontinuity when
the RADIUS Client module within the managed
entity is reinitialized, as indicated by the
current value of
radiusAuthClientCounterDiscontinuity."
REFERENCE "RFC 2865 section 4.4"
::= { radiusAuthServerExtEntry 10 }
radiusAuthClientExtAccessChallenges OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Access-Challenge packets
(valid or invalid) received from this server.
This counter may experience a discontinuity when
the RADIUS Client module within the managed
entity is reinitialized, as indicated by the
current value of
radiusAuthClientCounterDiscontinuity."
REFERENCE "RFC 2865 section 4.4"
::= { radiusAuthServerExtEntry 10 }
-- "Access-Response" includes an Access-Accept, Access-Challenge,
-- or Access-Reject
-- "Access-Response" includes an Access-Accept, Access-Challenge,
-- or Access-Reject
radiusAuthClientExtMalformedAccessResponses OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of malformed RADIUS Access-Response packets received from this server. Malformed packets include packets with
radiusAuthClientExtMalformedAccessResponses对象类型语法计数器32个单位“数据包”MAX-ACCESS只读状态当前描述“从此服务器接收的格式错误的RADIUS访问响应数据包的数量。格式错误的数据包包括
an invalid length. Bad authenticators or
Message Authenticator attributes or unknown types
are not included as malformed access responses.
This counter may experience a discontinuity when
the RADIUS Client module within the managed entity
is reinitialized, as indicated by the current value
of radiusAuthClientCounterDiscontinuity."
REFERENCE "RFC 2865 sections 3, 4"
::= { radiusAuthServerExtEntry 11 }
an invalid length. Bad authenticators or
Message Authenticator attributes or unknown types
are not included as malformed access responses.
This counter may experience a discontinuity when
the RADIUS Client module within the managed entity
is reinitialized, as indicated by the current value
of radiusAuthClientCounterDiscontinuity."
REFERENCE "RFC 2865 sections 3, 4"
::= { radiusAuthServerExtEntry 11 }
radiusAuthClientExtBadAuthenticators OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Access-Response packets
containing invalid authenticators or Message
Authenticator attributes received from this server.
This counter may experience a discontinuity when
the RADIUS Client module within the managed entity
is reinitialized, as indicated by the current value
of radiusAuthClientCounterDiscontinuity."
REFERENCE "RFC 2865 section 3"
::= { radiusAuthServerExtEntry 12 }
radiusAuthClientExtBadAuthenticators OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Access-Response packets
containing invalid authenticators or Message
Authenticator attributes received from this server.
This counter may experience a discontinuity when
the RADIUS Client module within the managed entity
is reinitialized, as indicated by the current value
of radiusAuthClientCounterDiscontinuity."
REFERENCE "RFC 2865 section 3"
::= { radiusAuthServerExtEntry 12 }
radiusAuthClientExtPendingRequests OBJECT-TYPE
SYNTAX Gauge32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Access-Request packets
destined for this server that have not yet timed out
or received a response. This variable is incremented
when an Access-Request is sent and decremented due to
receipt of an Access-Accept, Access-Reject,
Access-Challenge, timeout, or retransmission."
REFERENCE "RFC 2865 section 2"
::= { radiusAuthServerExtEntry 13 }
radiusAuthClientExtPendingRequests OBJECT-TYPE
SYNTAX Gauge32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS Access-Request packets
destined for this server that have not yet timed out
or received a response. This variable is incremented
when an Access-Request is sent and decremented due to
receipt of an Access-Accept, Access-Reject,
Access-Challenge, timeout, or retransmission."
REFERENCE "RFC 2865 section 2"
::= { radiusAuthServerExtEntry 13 }
radiusAuthClientExtTimeouts OBJECT-TYPE SYNTAX Counter32 UNITS "timeouts" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of authentication timeouts to this server.
radiusAuthClientExtTimeouts对象类型语法计数器32个单位“超时”最大访问只读状态当前描述“此服务器的身份验证超时数”。
After a timeout, the client may retry to the same
server, send to a different server, or
give up. A retry to the same server is counted as a
retransmit as well as a timeout. A send to a different
server is counted as a Request as well as a timeout.
This counter may experience a discontinuity when the
RADIUS Client module within the managed entity is
reinitialized, as indicated by the current value of
radiusAuthClientCounterDiscontinuity."
REFERENCE "RFC 2865 sections 2.5, 4.1"
::= { radiusAuthServerExtEntry 14 }
After a timeout, the client may retry to the same
server, send to a different server, or
give up. A retry to the same server is counted as a
retransmit as well as a timeout. A send to a different
server is counted as a Request as well as a timeout.
This counter may experience a discontinuity when the
RADIUS Client module within the managed entity is
reinitialized, as indicated by the current value of
radiusAuthClientCounterDiscontinuity."
REFERENCE "RFC 2865 sections 2.5, 4.1"
::= { radiusAuthServerExtEntry 14 }
radiusAuthClientExtUnknownTypes OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS packets of unknown type that
were received from this server on the authentication
port. This counter may experience a discontinuity
when the RADIUS Client module within the managed
entity is reinitialized, as indicated by the current
value of radiusAuthClientCounterDiscontinuity."
REFERENCE "RFC 2865 section 4"
::= { radiusAuthServerExtEntry 15 }
radiusAuthClientExtUnknownTypes OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS packets of unknown type that
were received from this server on the authentication
port. This counter may experience a discontinuity
when the RADIUS Client module within the managed
entity is reinitialized, as indicated by the current
value of radiusAuthClientCounterDiscontinuity."
REFERENCE "RFC 2865 section 4"
::= { radiusAuthServerExtEntry 15 }
radiusAuthClientExtPacketsDropped OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS packets that were
received from this server on the authentication port
and dropped for some other reason. This counter may
experience a discontinuity when the RADIUS Client
module within the managed entity is reinitialized,
as indicated by the current value of
radiusAuthClientCounterDiscontinuity."
::= { radiusAuthServerExtEntry 16 }
radiusAuthClientExtPacketsDropped OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of RADIUS packets that were
received from this server on the authentication port
and dropped for some other reason. This counter may
experience a discontinuity when the RADIUS Client
module within the managed entity is reinitialized,
as indicated by the current value of
radiusAuthClientCounterDiscontinuity."
::= { radiusAuthServerExtEntry 16 }
radiusAuthClientCounterDiscontinuity OBJECT-TYPE SYNTAX TimeTicks UNITS "centiseconds" MAX-ACCESS read-only STATUS current DESCRIPTION
RadiusAuthClientCounterInterruption对象类型语法时间刻度单位“厘米秒”最大访问只读状态当前说明
"The number of centiseconds since the last discontinuity
in the RADIUS Client counters. A discontinuity may
be the result of a reinitialization of the RADIUS
Client module within the managed entity."
::= { radiusAuthServerExtEntry 17 }
"The number of centiseconds since the last discontinuity
in the RADIUS Client counters. A discontinuity may
be the result of a reinitialization of the RADIUS
Client module within the managed entity."
::= { radiusAuthServerExtEntry 17 }
-- conformance information
--一致性信息
radiusAuthClientMIBConformance OBJECT IDENTIFIER
::= { radiusAuthClientMIB 2 }
radiusAuthClientMIBConformance OBJECT IDENTIFIER
::= { radiusAuthClientMIB 2 }
radiusAuthClientMIBCompliances OBJECT IDENTIFIER
::= { radiusAuthClientMIBConformance 1 }
radiusAuthClientMIBCompliances OBJECT IDENTIFIER
::= { radiusAuthClientMIBConformance 1 }
radiusAuthClientMIBGroups OBJECT IDENTIFIER
::= { radiusAuthClientMIBConformance 2 }
radiusAuthClientMIBGroups OBJECT IDENTIFIER
::= { radiusAuthClientMIBConformance 2 }
-- compliance statements
--合规声明
radiusAuthClientMIBCompliance MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "The compliance statement for authentication clients implementing the RADIUS Authentication Client MIB. Implementation of this module is for IPv4-only entities, or for backwards compatibility use with entities that support both IPv4 and IPv6." MODULE -- this module MANDATORY-GROUPS { radiusAuthClientMIBGroup }
RADIUSAuthclientMIB COMPLIANCE MODULE-COMPLIANCE STATUS不推荐使用描述“用于实现RADIUS身份验证客户端MIB的身份验证客户端的符合性声明。此模块的实现仅适用于IPv4实体,或用于同时支持IPv4和IPv6的实体的向后兼容性使用。”MODULE--此模块是必需的-GROUPS{radiusAuthClientMIBGroup}
::= { radiusAuthClientMIBCompliances 1 }
::= { radiusAuthClientMIBCompliances 1 }
radiusAuthClientExtMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for authentication clients implementing the RADIUS Authentication Client IPv6 Extensions MIB. Implementation of this module is for entities that support IPv6, or support IPv4 and IPv6." MODULE -- this module MANDATORY-GROUPS { radiusAuthClientExtMIBGroup }
RadiusAuthClientExtMib COMPLIANCE MODULE-COMPLIANCE STATUS当前描述“用于实现RADIUS身份验证客户端IPv6扩展MIB的身份验证客户端的符合性声明。此模块的实现适用于支持IPv6或支持IPv4和IPv6的实体。”模块--此模块是必需的-组{radiusAuthClientExtMIBGroup}
OBJECT radiusAuthServerInetAddressType SYNTAX InetAddressType { ipv4(1), ipv6(2) } DESCRIPTION
对象radiusAuthServerInetAddressType语法InetAddressType{ipv4(1),ipv6(2)}说明
"An implementation is only required to support IPv4 and globally unique IPv6 addresses."
“仅支持IPv4和全局唯一IPv6地址时才需要实现。”
OBJECT radiusAuthServerInetAddress
SYNTAX InetAddress ( SIZE (4|16) )
DESCRIPTION
"An implementation is only required to support
IPv4 and globally unique IPv6 addresses."
::= { radiusAuthClientMIBCompliances 2 }
OBJECT radiusAuthServerInetAddress
SYNTAX InetAddress ( SIZE (4|16) )
DESCRIPTION
"An implementation is only required to support
IPv4 and globally unique IPv6 addresses."
::= { radiusAuthClientMIBCompliances 2 }
-- units of conformance
--一致性单位
radiusAuthClientMIBGroup OBJECT-GROUP
OBJECTS { radiusAuthClientIdentifier,
radiusAuthClientInvalidServerAddresses,
radiusAuthServerAddress,
radiusAuthClientServerPortNumber,
radiusAuthClientRoundTripTime,
radiusAuthClientAccessRequests,
radiusAuthClientAccessRetransmissions,
radiusAuthClientAccessAccepts,
radiusAuthClientAccessRejects,
radiusAuthClientAccessChallenges,
radiusAuthClientMalformedAccessResponses,
radiusAuthClientBadAuthenticators,
radiusAuthClientPendingRequests,
radiusAuthClientTimeouts,
radiusAuthClientUnknownTypes,
radiusAuthClientPacketsDropped
}
STATUS deprecated
DESCRIPTION
"The basic collection of objects providing management of
RADIUS Authentication Clients."
::= { radiusAuthClientMIBGroups 1 }
radiusAuthClientMIBGroup OBJECT-GROUP
OBJECTS { radiusAuthClientIdentifier,
radiusAuthClientInvalidServerAddresses,
radiusAuthServerAddress,
radiusAuthClientServerPortNumber,
radiusAuthClientRoundTripTime,
radiusAuthClientAccessRequests,
radiusAuthClientAccessRetransmissions,
radiusAuthClientAccessAccepts,
radiusAuthClientAccessRejects,
radiusAuthClientAccessChallenges,
radiusAuthClientMalformedAccessResponses,
radiusAuthClientBadAuthenticators,
radiusAuthClientPendingRequests,
radiusAuthClientTimeouts,
radiusAuthClientUnknownTypes,
radiusAuthClientPacketsDropped
}
STATUS deprecated
DESCRIPTION
"The basic collection of objects providing management of
RADIUS Authentication Clients."
::= { radiusAuthClientMIBGroups 1 }
radiusAuthClientExtMIBGroup OBJECT-GROUP OBJECTS { radiusAuthClientIdentifier, radiusAuthClientInvalidServerAddresses, radiusAuthServerInetAddressType, radiusAuthServerInetAddress, radiusAuthClientServerInetPortNumber, radiusAuthClientExtRoundTripTime, radiusAuthClientExtAccessRequests, radiusAuthClientExtAccessRetransmissions, radiusAuthClientExtAccessAccepts,
radiusAuthClientExtMIBGroup对象组对象{radiusAuthClientIdentifier、radiusAuthClientInvalidServerAddresses、radiusAuthServerInetAddressType、radiusAuthServerInetAddress、radiusAuthClientServerInetPortNumber、RadiusAuthClientExtrundTripTime、radiusAuthClientExtAccessRequests、radiusAuthClientExtAccessRetransmissions、RadiusAuthClientExtAccessAccessAccepts、,
radiusAuthClientExtAccessRejects,
radiusAuthClientExtAccessChallenges,
radiusAuthClientExtMalformedAccessResponses,
radiusAuthClientExtBadAuthenticators,
radiusAuthClientExtPendingRequests,
radiusAuthClientExtTimeouts,
radiusAuthClientExtUnknownTypes,
radiusAuthClientExtPacketsDropped,
radiusAuthClientCounterDiscontinuity
}
STATUS current
DESCRIPTION
"The collection of extended objects providing
management of RADIUS Authentication Clients
using version-neutral IP address format."
::= { radiusAuthClientMIBGroups 2 }
radiusAuthClientExtAccessRejects,
radiusAuthClientExtAccessChallenges,
radiusAuthClientExtMalformedAccessResponses,
radiusAuthClientExtBadAuthenticators,
radiusAuthClientExtPendingRequests,
radiusAuthClientExtTimeouts,
radiusAuthClientExtUnknownTypes,
radiusAuthClientExtPacketsDropped,
radiusAuthClientCounterDiscontinuity
}
STATUS current
DESCRIPTION
"The collection of extended objects providing
management of RADIUS Authentication Clients
using version-neutral IP address format."
::= { radiusAuthClientMIBGroups 2 }
END
终止
There are no management objects defined in this MIB that have a MAX-ACCESS clause of read-write and/or read-create. So, if this MIB is implemented correctly, then there is no risk that an intruder can alter or create any management objects of this MIB via direct SNMP SET operations.
此MIB中未定义具有读写和/或读创建MAX-ACCESS子句的管理对象。因此,如果此MIB正确实现,则入侵者不会通过直接的SNMP集操作更改或创建此MIB的任何管理对象。
Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. These are the tables and objects and their sensitivity/vulnerability:
在某些网络环境中,此MIB模块中的某些可读对象(即具有MAX-ACCESS而非not ACCESS的对象)可能被视为敏感或易受攻击。因此,在通过SNMP通过网络发送这些对象时,控制甚至获取和/或通知对这些对象的访问,甚至可能加密这些对象的值,这一点非常重要。以下是表和对象及其敏感度/漏洞:
radiusAuthServerIPAddress This can be used to determine the address of the RADIUS authentication server with which the client is communicating. This information could be useful in mounting an attack on the authentication server.
radiusAuthServerIPAddress可用于确定客户端与之通信的RADIUS身份验证服务器的地址。此信息有助于在身份验证服务器上发起攻击。
radiusAuthClientServerPortNumber This can be used to determine the port number on which the RADIUS authentication client is sending. This information could be useful in impersonating the client in order to send data to the authentication server.
radiusAuthClientServerPortNumber可用于确定RADIUS身份验证客户端正在发送的端口号。此信息在模拟客户端以便将数据发送到身份验证服务器时非常有用。
radiusAuthServerInetAddress This can be used to determine the address of the RADIUS authentication server with which the client is communicating. This information could be useful in mounting an attack on the authentication server.
radiusAuthServerInetAddress可用于确定客户端与之通信的RADIUS身份验证服务器的地址。此信息有助于在身份验证服务器上发起攻击。
radiusAuthClientServerInetPortNumber This can be used to determine the port number on which the RADIUS authentication client is sending. This information could be useful in impersonating the client in order to send data to the authentication server.
radiusAuthClientServerInetPortNumber可用于确定RADIUS身份验证客户端正在发送的端口号。此信息在模拟客户端以便将数据发送到身份验证服务器时非常有用。
SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPsec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module.
SNMPv3之前的SNMP版本未包含足够的安全性。即使网络本身是安全的(例如通过使用IPsec),即使如此,也无法控制安全网络上的谁可以访问和获取/设置(读取/更改/创建/删除)此MIB模块中的对象。
It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy).
建议实施者考虑SNMPv3框架所提供的安全特性(参见[RCFC310],第8节),包括对SNMPv3加密机制的完全支持(用于身份验证和隐私)。
Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them.
此外,不建议部署SNMPv3之前的SNMP版本。相反,建议部署SNMPv3并启用加密安全性。然后,客户/运营商应负责确保授予访问此MIB模块实例权限的SNMP实体已正确配置为仅授予那些拥有确实获取或设置(更改/创建/删除)对象的合法权限的主体(用户)访问对象。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.
[RFC2578]McCloghrie,K.,Ed.,Perkins,D.,Ed.,和J.Schoenwaeld,Ed.“管理信息的结构版本2(SMIv2)”,STD 58,RFC 2578,1999年4月。
[RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999.
[RFC2579]McCloghrie,K.,Ed.,Perkins,D.,Ed.,和J.Schoenwaeld,Ed.“SMIv2的文本约定”,STD 58,RFC 2579,1999年4月。
[RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999.
[RFC2580]McCloghrie,K.,Perkins,D.,和J.Schoenwaeld,“SMIv2的一致性声明”,STD 58,RFC 25801999年4月。
[RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000.
[RFC2865]Rigney,C.,Willens,S.,Rubens,A.,和W.Simpson,“远程认证拨入用户服务(RADIUS)”,RFC 28652000年6月。
[RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, December 2002.
[RFC3411]Harrington,D.,Presohn,R.,和B.Wijnen,“描述简单网络管理协议(SNMP)管理框架的体系结构”,STD 62,RFC 3411,2002年12月。
[RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. Schoenwaelder, "Textual Conventions for Internet Network Addresses", RFC 4001, February 2005.
[RFC4001]Daniele,M.,Haberman,B.,Routhier,S.,和J.Schoenwaeld,“互联网网络地址的文本约定”,RFC 4001,2005年2月。
[RFC2618] Aboba, B. and G. Zorn, "RADIUS Authentication Client MIB", RFC 2618, June 1999.
[RFC2618]Aboba,B.和G.Zorn,“RADIUS认证客户端MIB”,RFC 26181999年6月。
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet-Standard Management Framework", RFC 3410, December 2002.
[RFC3410]Case,J.,Mundy,R.,Partain,D.,和B.Stewart,“互联网标准管理框架的介绍和适用性声明”,RFC 34102002年12月。
[RFC4669] Nelson, D., "RADIUS Authentication Server MIB for IPv6", RFC 4669, August 2006.
[RFC4669]Nelson,D.,“IPv6的RADIUS认证服务器MIB”,RFC 4669,2006年8月。
The authors of the original MIB are Bernard Aboba and Glen Zorn.
原始MIB的作者是Bernard Aboba和Glen Zorn。
Many thanks to all reviewers, especially to Dave Harrington, Dan Romascanu, C.M. Heard, Bruno Pape, Greg Weber, and Bert Wijnen.
非常感谢所有评论家,特别是戴夫·哈林顿、丹·罗马斯坎努、C.M.赫德、布鲁诺·帕普、格雷格·韦伯和伯特·维恩。
Author's Address
作者地址
David B. Nelson Enterasys Networks 50 Minuteman Road Andover, MA 01810 USA
David B.Nelson Enterasys Networks美国马萨诸塞州安多弗市Minuteman路50号01810
EMail: dnelson@enterasys.com
EMail: dnelson@enterasys.com
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2006).
版权所有(C)互联网协会(2006年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA).
RFC编辑器功能的资金由IETF行政支持活动(IASA)提供。