ENTERASYS-RADIUS-AUTH-CLIENT-ENCRYPT-MIB

File: ENTERASYS-RADIUS-AUTH-CLIENT-ENCRYPT-MIB.mib (25139 bytes)

Imported modules

SNMPv2-SMI SNMPv2-CONF SNMPv2-TC
ENTERASYS-MIB-NAMES

Imported symbols

MODULE-IDENTITY OBJECT-TYPE MODULE-COMPLIANCE
OBJECT-GROUP TEXTUAL-CONVENTION RowStatus
etsysModules

Defined Types

RadiusEncryptedString  
TEXTUAL-CONVENTION    
  current STRING Size(0..255)

EtsysRadiusAuthServerEncryptEntry  
SEQUENCE    
  etsysRadiusAuthServerIndexEncrypt INTEGER
  etsysRadiusAuthClientServerAddressEncrypt RadiusEncryptedString
  etsysRadiusAuthClientServerPortNumberEncrypt RadiusEncryptedString
  etsysRadiusAuthClientServerSecretEncrypt RadiusEncryptedString
  etsysRadiusAuthClientServerSecretEnteredEncrypt RadiusEncryptedString
  etsysRadiusAuthClientServerClearTimeEncrypt RadiusEncryptedString
  etsysRadiusAuthClientServerStatusEncrypt RowStatus

Defined Values

etsysRadiusAuthClientEncryptMIB 1.3.6.1.4.1.5624.1.2.5
The Enterasys Networks Proprietary MIB module for entities implementing the client side of the Remote Access Dialin User Service (RADIUS) authentication protocol (RFC2865). N O T I C E Use of this MIB in any product requires the approval of the Office of the CTO, Enterasys Networks, Inc. Permission to use this MIB will not be granted for products in which SNMPv3 is now, or will soon be, implemented. Permission to use this MIB in products that are never scheduled to implement SNMPv3 will be granted on a case-by-case basis, depending on what other suitable, secure means of RADIUS client configuration are available in the product. ------------------ The standard RADIUS Authentication Client MIB (RFC2618) does not have any writable objects, and is missing key objects needed for configuration. Use of this MIB requires encryption/decryption for security during transmission, using SNMPv1. Therefore, there are two separate processes needed to use this MIB. 1) The standard processes for SNMP gets and sets. 2) The encoding/encryption or decryption/decoding of objects. The encryption/decryption algorithm, as presented herein, is taken from the RADIUS protocol, and is the method specified for encryption of Tunnel-Password Attributes in RFC 2868. For a detailed discussion of the encoding/decoding and encryption/decryption of applicable objects, refer to the definition of RadiusEncryptionString defined in the Textual Conventions section of this MIB. Note that the encryption/decryption method makes use of an agreed-upon Secret and an Authenticator which are shared between the RADIUS Client SNMP interface and the management entity implementing the MIB. The reason that the shared secret and authenticator are algorithmically derived in the RADIUS Client / SNMP Agent and in the SNMP Management Station is to permit plug-'n-play remote installation, configuration and management of the device. An object is included to allow remote management of the Authenticator portion of the encryption key. It is suggested that this value be changed by the network administrator after initial configuration of the system. On receipt, the process is reversed to yield the plain-text String.
MODULE-IDENTITY    

etsysRadiusAuthClientEncryptMIBObjects 1.3.6.1.4.1.5624.1.2.5.1
OBJECT IDENTIFIER    

etsysRadiusAuthClientRetryTimeoutEncrypt 1.3.6.1.4.1.5624.1.2.5.1.1
The number of seconds to wait for a RADIUS Server to respond to a request. This parameter value is maintained across system reboots. This object's true data type is 1, Integer32.
OBJECT-TYPE    
  RadiusEncryptedString  

etsysRadiusAuthClientRetriesEncrypt 1.3.6.1.4.1.5624.1.2.5.1.2
The number of times to resend an authentication packet if a RADIUS Server does not respond to a request. This parameter value is maintained across system reboots. This object's true data type is 1, Integer32.
OBJECT-TYPE    
  RadiusEncryptedString  

etsysRadiusAuthClientEnableEncrypt 1.3.6.1.4.1.5624.1.2.5.1.3
This indicates whether or not the RADIUS Client is or is to be, enabled or disabled. This parameter value is maintained across system reboots. This object's true data type is Integer32(1), and it follows an enumeration textual convention (enable(1), disable(2)).
OBJECT-TYPE    
  RadiusEncryptedString  

etsysRadiusAuthClientAuthTypeEncrypt 1.3.6.1.4.1.5624.1.2.5.1.4
This indicates which method is being used for authentication. The authentication type is an Integer32 object that maps to the following enumeration constants: mac(1) - indicates MAC address authentication eapol(2) - indicates EAPOL authentication This list of enumeration constants is subject to change. This parameter value is maintained across system reboots.
OBJECT-TYPE    
  RadiusEncryptedString  

etsysRadiusAuthClientManageAuthKeyEncrypt 1.3.6.1.4.1.5624.1.2.5.1.5
The Authenticator used, in part, to form the key to encrypt/decrypt the objects of type RadiusEncryptedString. This object's true data type is OCTET STRING. This parameter value is maintained across system reboots.
OBJECT-TYPE    
  RadiusEncryptedString  

etsysRadiusAuthServerEncryptTable 1.3.6.1.4.1.5624.1.2.5.1.6
The (conceptual) table listing the RADIUS authentication servers with which the client shares a secret.
OBJECT-TYPE    
  SEQUENCE OF  
    EtsysRadiusAuthServerEncryptEntry

etsysRadiusAuthServerEncryptEntry 1.3.6.1.4.1.5624.1.2.5.1.6.1
An entry (conceptual row) representing a RADIUS authentication server with which the client shares a secret. All created conceptual rows are non-volatile and as such must be maintained upon restart of the agent.
OBJECT-TYPE    
  EtsysRadiusAuthServerEncryptEntry  

etsysRadiusAuthServerIndexEncrypt 1.3.6.1.4.1.5624.1.2.5.1.6.1.1
A number uniquely identifying each conceptual row in the etsysRadiusAuthServerEncryptTable. In the event of an agent restart, the same value of etsysRadiusAuthServerIndexEncrypt must be used to identify each conceptual row in etsysRadiusAuthServerTableEncrypt as prior to the restart.
OBJECT-TYPE    
  INTEGER 1..2147483647  

etsysRadiusAuthClientServerAddressEncrypt 1.3.6.1.4.1.5624.1.2.5.1.6.1.2
The dotted-decimal IPv4 address of RADIUS authentication server. This parameter value is maintained across system reboots. This object's true data type is 2, OCTET STRING.
OBJECT-TYPE    
  RadiusEncryptedString  

etsysRadiusAuthClientServerPortNumberEncrypt 1.3.6.1.4.1.5624.1.2.5.1.6.1.3
The UDP port number (0-65535) the client is using to send requests to this server. This parameter value is maintained across system reboots. This object's true data type is 1, Integer32.
OBJECT-TYPE    
  RadiusEncryptedString  

etsysRadiusAuthClientServerSecretEncrypt 1.3.6.1.4.1.5624.1.2.5.1.6.1.4
This object is the secret shared between the RADIUS authentication server and RADIUS client. This parameter value is maintained across system reboots. This object's true data type is 2, OCTET STRING.
OBJECT-TYPE    
  RadiusEncryptedString  

etsysRadiusAuthClientServerSecretEnteredEncrypt 1.3.6.1.4.1.5624.1.2.5.1.6.1.5
This object indicates the existence of a shared secret. This object's true data type is 1, Integer32.
OBJECT-TYPE    
  RadiusEncryptedString  

etsysRadiusAuthClientServerClearTimeEncrypt 1.3.6.1.4.1.5624.1.2.5.1.6.1.6
This value indicates the date and time since server counters were last cleared. On a write, the server counters will be cleared and the clear time will be set to the current time if the decoded object is zero. This object's true data type is 1, Integer32.
OBJECT-TYPE    
  RadiusEncryptedString  

etsysRadiusAuthClientServerStatusEncrypt 1.3.6.1.4.1.5624.1.2.5.1.6.1.7
Lets users create and delete RADIUS authentication server entries on systems that support this capability. Rules 1. When creating a RADIUS Authentication Client, it is up to the management station to determine a suitable etsysRadiusAuthServerIndexEncrypt. To facilitate interoperability, agents should not put any restrictions on the etsysRadiusAuthServerIndexEncrypt beyond the obvious ones that it be valid and unused. 2. Before a new row can become 'active', values must be supplied for the columnar objects etsysRadiusAuthClientServerAddressEncrypt, etsysRadiusAuthClientServerPortNumberEncrypt and etsysRadiusAuthClientServerSecretEncrypt. 3. The value of etsysRadiusAuthClientServerStatusEncrypt must be set to 'notInService' in order to modify a writable object in the same conceptual row. 4. etsysRadiusAuthClientServer entries whose status is 'notReady' or 'notInService' will not be used for authentication.
OBJECT-TYPE    
  RowStatus  

etsysRadiusAuthClientEncryptMIBConformance 1.3.6.1.4.1.5624.1.2.5.2
OBJECT IDENTIFIER    

etsysRadiusAuthClientEncryptMIBCompliances 1.3.6.1.4.1.5624.1.2.5.2.1
OBJECT IDENTIFIER    

etsysRadiusAuthClientEncryptMIBGroups 1.3.6.1.4.1.5624.1.2.5.2.2
OBJECT IDENTIFIER    

etsysRadiusAuthClientEncryptMIBGroup 1.3.6.1.4.1.5624.1.2.5.2.2.1
The basic collection of objects providing a proprietary extension to the standard RADIUS Client MIB. This proprietary MIB allows secure SETs to key RADIUS Clients objects, via SNMPv1.
OBJECT-GROUP    

etsysRadiusClientEncryptMIBCompliance 1.3.6.1.4.1.5624.1.2.5.2.1.1
The compliance statement for authentication clients implementing the RADIUS Authentication Client MIB.
MODULE-COMPLIANCE