ENTERASYS-RADIUS-AUTH-CLIENT-MIB

The following tables, groups, and variables are supported in this MIB.

Table/Group Supported Variables Comments
Branches of the Enterasys RADIUS Auth Client MIB etsysRadiusAuthClientMIBObjects
RADIUS Auth Client Scalars etsysRadiusAuthClientRetryTimeout The number of seconds to wait for a RADIUS Server to respond to a request. Maintaining the value of this object across agent reboots is REQUIRED.
etsysRadiusAuthClientRetries The number of times to resend an authentication packet if a RADIUS Server does not respond to a request. Maintaining the value of this object across agent reboots is REQUIRED.
etsysRadiusAuthClientEnable Controls and indicates the operational state of the RADIUS client functionality. Maintaining the value of this object across agent reboots is REQUIRED.
etsysRadiusAuthClientAuthType

This indicates which method is being used for authentication.

mac(1) - indicates MAC address authentication

eapol(2) - indicates EAPOL authentication

This list of enumeration constants is subject to change. This parameter value is maintained across system reboots.

RADIUS Auth Client Server Table etsysRadiusAuthServerTable A list of RADIUS servers that this client may attempt to use.
etsysRadiusAuthServerEntry A RADIUS server that this client may attempt to use.
etsysRadiusAuthServerIndex

A number uniquely identifying each conceptual row in the etsysRadiusAuthServerTable.

etsysRadiusAuthServerIndices with range between 2147483642 and 2147483647 indicate the highest priority servers stored for backwards compatibility. After consideration of these special indice values this value indicates the relative priority of the servers.

Relative priority of the servers is used when using the standard authentication retransmission algorithm. Maintaining the value of etsysRadiusAuthServerIndex for all active(1) entries across agent reboots is REQUIRED.

etsysRadiusAuthClientServerAddressType This object specifies how etsysRadiusAuthClientServerAddress is encoded. Support for all possible enumerations defined by InetAddressType is NOT REQUIRED.
etsysRadiusAuthClientServerAddress The encoded unicast IP address or hostname of a RADIUS server. RADIUS requests will be sent to this address. If this address is a DNS hostname, then that hostname SHOULD be resolved into an IP address each time an authentication session is initialized.
etsysRadiusAuthClientServerPortNumber The UDP port number (0-65535) the client will use to send RADIUS requests to this server.
etsysRadiusAuthClientServerSecret

This object is the secret shared between the RADIUS authentication server and the RADIUS client.

On a read operation this object MUST return a zero length string.

Writing this object with a zero length string clears the secret.

etsysRadiusAuthClientServerSecretEntered

true(1) - Indicates that etsysRadiusAuthClientServerSecret was last set with some value other than the empty string.

false(2) - Indicates that etsysRadiusAuthClientServerSecret has never been set, or was last set to the empty string."

etsysRadiusAuthClientServerClearTime

The number of seconds elapsed since the counters were last cleared.

Writing the value zero will cause the servers counters to be cleared and the clear time will be set to zero. Writing any value other than zero will have no effect.

etsysRadiusAuthClientServerStatus

The row status of this conceptual row in the table.

active - The server is available for performing RADIUS operations. Other writable leaves in this row MUST NOT be modified while the row is in the active state.

notInService - The entry is fully configured but is not available for performing RADIUS operations. Conceptual rows with this status MAY be deleted at the discretion of the agent, at which time it will be treated as if destroy(6) was SET to this object.

notReady - The entry exists in the agent, but is missing information necessary in order to be available for use by the managed device (i.e., one or more required columns in the conceptual row have not been instantiated);

createAndGo - Not possible. createAndWait - Creates a new instance of a conceptual row, but does not make it available for use by the managed device.

destroy - This will remove the conceptual row from the table and make it unavailable for RADIUS client operations. This MUST also cause any persistent data related to this row to be removed from the system. Maintaining active(1) entries across agent reboots is REQUIRED.

etsysRadiusAuthClientServerRealmType

This object allows a server to be restricted to providing authentication services to certain classes of access methods.

any(1) - the server will be available to authenticate users originating from either the mgmtAccess or networkAccess realms.

mgmtAccess(2) - the server will only be available for authenticating users that have requested management access via the console, telnet, SSH, HTTP, etc.

networkAccess(3) - the server will only be available for authenticating users that are attempting to gain access to the network via 802.1X, Port Web Authentication, MAC Authentication, etc.

nms(4) - the server will only be available for authenticating users that are attempting to gain access to the network via network virtualization or virtual machine tracking using a network management system. This realm type is only allowed for backwards compatibility and is not included when any is specified.

Non-default values for this object should be used when there is a desire to have one set of servers used for authenticating management access requests and a different set used for authenticating network access requests. When this object has the value of any(1) then the associated server will be in each of the mgmtAccess and networkAccess sets. The precedence order defined by the relative value of the etsysRadiusAuthServerIndex will be maintained within each set of servers."

etsysRadiusAuthClientServerTimeout The number of seconds to wait for a RADIUS Server to respond to a request. A value of -1 indicates that the server timeout specified by etsysRadiusAuthClientRetryTimeout should be used for this server. Maintaining the value of this object across agent reboots is REQUIRED.
etsysRadiusAuthClientServerRetries The number of times to resend an authentication packet if a RADIUS Server does not respond to a request. A value of -1 indicates that the server retries specified by etsysRadiusAuthClientRetries should be used for this server. Maintaining the value of this object across agent reboots is REQUIRED.
etsysRadiusAuthClientServerStickyMaxSessions

The maximum number of sessions associated with this server when using the sticky round robin authentication retransmission algorithm. This value is not used when other retransmission algorithms are being utilized.

Sessions that are successfully authenticated with this server are considered associated. Maintaining the value of this object across agent reboots is REQUIRED.

etsysRadiusAuthClientServerStickyCurSessions

The current number of sessions associated with this server when using the sticky round robin authentication retransmission algorithm. This value is not used when other retransmission algorithms are being utilized.

Sessions that are successfully authenticated with this server are considered associated.

etsysRadiusAuthClientServerClientAddressType This object specifies how etsysRadiusAuthClientServerClientAddress is encoded. Support for all possible enumerations defined by InetAddressType is NOT REQUIRED.
etsysRadiusAuthClientServerClientAddress The encoded unicast IP address of a local system interface. RADIUS requests will be sent from this address.
etsysRadiusAuthClientServerClientVirtualRouterName

The name of the local system virtual router that traffic sent to this RADIUS server should be associated with.

Writing this object with a zero length string clears the virtual router name for this server.

Additional RADIUS Auth Client Scalars etsysRadiusAuthClientAttrMgmtPassword

This value indicates which method is being used to send management access passwords to the RADIUS server.

standard(1) - Use the User-Password attribute at defined in RFC2865

mschapv2(2) - Use the MS-CHAP2-Response attribute as defined in RFC2548

This parameter value is maintained across system reboots.

etsysRadiusAuthClientRetransmissionAlgorithm

This indicates which method is being used for the authentication retransmission algorithm.

standard(1) - this is the legacy Enterasys authentication retransmission algorithm. It is a combination of back off where the highest priority server is always used first for every authentication transaction and round robin where if the highest priority server is unable to respond within the configured timeout period the software immediately moves to the next highest priority server in the list.

roundRobin(2) - Each new authentication transaction uses the next highest priority server from the server that was initially used for the transaction prior. After the lowest priority server in the list is used the next transaction will use the highest priority server.

stickyRoundRobin(3) - Each new authentication transaction uses the next highest priority server as in roundRobin except when that session is either currently associated with a server already or has been associated with a server in the past. etsysRadiusAuthClientServerStickyMaxSessions and etsysRadiusAuthClientServerStickyCurSessions values are used to determine when previously associated sessions need to be associated with less used servers.

This list of enumeration constants is subject to change. This parameter value is maintained across system reboots.

etsysRadiusAuthClientMgmtRetryTimeout The number of seconds to wait for a RADIUS Server to respond to a request when processing management sessions. Maintaining the value of this object across agent reboots is REQUIRED. A value of -1 indicates that the value in etsysRadiusAuthClientRetryTimeout should be used.
etsysRadiusAuthClientNetworkRetryTimeout The number of seconds to wait for a RADIUS Server to respond to a request when procesing network sessions. Maintaining the value of this object across agent reboots is REQUIRED. A value of -1 indicates that the value in etsysRadiusAuthClientRetryTimeout should be used.
etsysRadiusAuthClientNmsRetryTimeout The number of seconds to wait for a RADIUS Server to respond to a request when procesing NMS sessions. Maintaining the value of this object across agent reboots is REQUIRED. A value of -1 indicates that the value in etsysRadiusAuthClientRetryTimeout should be used.
etsysRadiusAuthClientMgmtEnable Controls and indicates the operational state of the RADIUS client functionality for management sessions. Maintaining the value of this object across agent reboots is REQUIRED. The unset value (0) indicates that the value in etsysRadiusAuthClientEnable should be used.
etsysRadiusAuthClientNetworkEnable Controls and indicates the operational state of the RADIUS client functionality for network sessions. Maintaining the value of this object across agent reboots is REQUIRED. The unset value (0) indicates that the value in etsysRadiusAuthClientEnable should be used.