ACC SHELL
| Path : /usr/share/pibs/ |
|
|
| Current File : //usr/share/pibs/ACCESSBIND-PIB-orig |
ACCESSBIND-PIB PIB-DEFINITIONS ::= BEGIN
IMPORTS
Unsigned32, Integer32, MODULE-IDENTITY,
MODULE-COMPLIANCE, OBJECT-TYPE, OBJECT-GROUP, pib
FROM COPS-PR-SPPI
InstanceId, Prid
FROM COPS-PR-SPPI-TC
RoleCombination, PrcIdentifier
FROM FRAMEWORK-ROLE-PIB
InetAddress, InetAddressType
FROM INET-ADDRESS-MIB
TruthValue, PhysAddress
FROM SNMPv2-TC;
accessBindPib MODULE-IDENTITY
SUBJECT-CATEGORIES { all }
LAST-UPDATED "200107101600Z"
ORGANIZATION "IETF RAP WG"
CONTACT-INFO "
Walter Weiss
Ellacoya Networks
7 Henry Clay Drive
Merrimack, NH 03054
Phone: 603-879-7364
E-mail: wweiss@ellacoya.com
"
DESCRIPTION
"A PIB module containing the set of classes to bind
authorization and authentication to COPS
Provisioning "
::= { pib xxx } -- xxx to be assigned by IANA
--
-- The branch OIDs in the AccessBind PIB
--
capabilityClasses OBJECT IDENTIFIER ::= { accessBindPib 1 }
sessionClasses OBJECT IDENTIFIER ::= { accessBindPib 2 }
accessorClasses OBJECT IDENTIFIER ::= { accessBindPib 3 }
contextClasses OBJECT IDENTIFIER ::= { accessBindPib 4 }
authClasses OBJECT IDENTIFIER ::= { accessBindPib 5 }
--
-- Session Table
--
sessionTable OBJECT-TYPE
SYNTAX SEQUENCE OF SessionEntry
PIB-ACCESS install-notify
STATUS current
DESCRIPTION
"An instance of this class is created by the PEP and sent
to the PDP. The PDP will fill in the sessionStatus field
and send the instance back when sending a decision."
::= { sessionClasses 1 }
sessionEntry OBJECT-TYPE
SYNTAX SessionEntry
STATUS current
DESCRIPTION
"An instance of the sessionTable PRC."
PIB-INDEX { sessionId }
UNIQUENESS { }
::= { sessionTable 1 }
SessionEntry ::= SEQUENCE {
sessionId InstanceId,
sessionStatus INTEGER,
sessionRealm OCTET STRING,
sessionUsername OCTET STRING,
sessionDataPath Prid,
sessionBinding ReferenceId,
sessionAccessor ReferenceId
}
sessionId OBJECT-TYPE
SYNTAX InstanceId
STATUS current
DESCRIPTION
"An index to uniquely identify an instance of this
provisioning class."
::= { sessionEntry 1 }
sessionStatus OBJECT-TYPE
SYNTAX INTEGER {
Pending(0),
Enabled(1),
Disabled(2)
}
STATUS current
DESCRIPTION
"This attribute is set by the PDP. Set to true(1) if the
PDP has authorized the session, else set to false(2)."
::= { sessionEntry 2 }
sessionRealm OBJECT-TYPE
SYNTAX OCTET STRING
STATUS current
DESCRIPTION
"Realm name in which the client is requesting
access (sometimes referred to as a domain name."
::= { sessionEntry 3 }
sessionUsername OBJECT-TYPE
SYNTAX OCTET STRING
STATUS current
DESCRIPTION
"Unique user name to identify the client requesting
access."
::= { sessionEntry 4 }
sessionDataPath OBJECT-TYPE
SYNTAX Prid
STATUS current
DESCRIPTION
"This attribute references the first functional data path
element to process data flow for this session. It is
first assigned by the PEP with the
accessorElementDefaultSessionDataPath in the
accessorElement and may optionally be reassigned by the
PDP."
::= { sessionEntry 5 }
sessionBinding OBJECT-TYPE
SYNTAX ReferenceId
PIB-REFERENCES { sessionEntry }
STATUS current
DESCRIPTION
"This attribute allows a PEP to indicate to the PDP that
this session was generated downstream on the data path
from a session for which an PEP has previously generated
an authorization request. This allows the PDP to
reference additional knowledge acquired from the previous
session such as the credentials or interface data. "
::= { sessionEntry 6 }
sessionAccessor OBJECT-TYPE
SYNTAX ReferenceId
PIB-REFERENCES { accessorEntry }
STATUS current
DESCRIPTION
"This attribute references the instance of the previously
provisioned Accessor that resulted in this PEP Access
Request."
::= { sessionEntry 7 }
--
-- Accessor Table
--
accessorTable OBJECT-TYPE
SYNTAX SEQUENCE OF AccessorEntry
PIB-ACCESS install
STATUS current
DESCRIPTION
"The AccessorTable identifies when the PEP should send an
access or authentication request to the PDP. As a
result of this request, a new session may be started.
Hence, the AccessorTable can be said to create or remove
SessionTable entries. "
::= { accessorClasses 1 }
accessorEntry OBJECT-TYPE
SYNTAX AccessorEntry
STATUS current
DESCRIPTION
" An instance of this class defines the circumstances for
generating an access request, and provides the means for
specifying the contents of the PEP Access Request."
PIB-INDEX { accessorId }
UNIQUENESS { accessorRequestAuth,
accessorAccElmRef,
accessorAuthProtocol,
accessorAuthContext,
accessorDefaultDataPath
}
::= { accessorTable 1}
AccessorEntry::= SEQUENCE {
accessorId InstanceId,
accessorRequestAuth TruthValue,
accessorAccElmRef ReferenceId,
accessorAuthProtocol TagReferenceId,
accessorAuthContext TagReferenceId,
accessorDefaultDataPath Prid
}
accessorId OBJECT-TYPE
SYNTAX InstanceId
STATUS current
DESCRIPTION
" An arbitrary integer index that uniquely identifies
an instance of the accessorTable class."
::= { accessorEntry 1}
accessorRequestAuth OBJECT-TYPE
SYNTAX TruthValue
STATUS current
DESCRIPTION
"Indicates whether or not authentication is required for
this session. TRUE indicates that authorization is
required."
::= { accessorEntry 2}
accessorAccElmRef OBJECT-TYPE
SYNTAX ReferenceId
PIB-REFERENCES { accessorElementEntry }
STATUS current
DESCRIPTION
"A reference to an AccessorElementTable instance which
determines the scope (criteria for generating a new
request) and interim forwarding behavior."
::= { accessorEntry 3}
accessorAuthProtocol OBJECT-TYPE
SYNTAX TagReferenceId
PIB-TAG { accessorAuthProtocolGroup }
STATUS current
DESCRIPTION
"Identifies a list of accessorAuthProtocolTable entries
associated with this accessor instance."
::= { accessorEntry 4}
accessorAuthContext OBJECT-TYPE
SYNTAX TagReferenceId
PIB-TAG { contextDataGroup }
STATUS current
DESCRIPTION
"Identifies a list of ContextDataTable entries
associated with this accessor instance."
::= { accessorEntry 5}
accessorDefaultDataPath OBJECT-TYPE
SYNTAX Prid
STATUS current
DESCRIPTION
"The data path for æout of scopeÆ traffic."
::= { accessorEntry 6}
--
-- AccessorElement Table
--
accessorElementTable OBJECT-TYPE
SYNTAX SEQUENCE OF AccessorElementEntry
PIB-ACCESS install
STATUS current
DESCRIPTION
"This table defines the criteria to be used to generate
an access request. It also defines the interim forwarding
behavior pending a decision from the server."
::= { accessorClasses 2 }
accessorElementEntry OBJECT-TYPE
SYNTAX AccessorElementEntry
STATUS current
DESCRIPTION
"An instance of this class defines request trigger
criteria and interim forwarding behavior for packets."
PIB-INDEX { accessorElementId }
UNIQUENESS { accessorElementScope }
::= { accessorElementTable 1}
AccessorElementEntry::= SEQUENCE {
accessorElementId InstanceId,
accessorElementScope TagReferenceId,
accessorElementInterimFwdBehavior INTEGER,
accessorElementDefaultSessionDataPath Prid
}
accessorElementId OBJECT-TYPE
SYNTAX InstanceId
STATUS current
DESCRIPTION
"An arbitrary integer index that uniquely identifies an
instance of the accessorElementTable class."
::= { accessorElementEntry 1}
accessorElementScope OBJECT-TYPE
SYNTAX TagReferenceId
PIB-TAG { accessorSessionScopeGroup }
STATUS current
DESCRIPTION
"Identifies a list of AccessorSessionScopeTable instances
associated with an instance of this class. This list
defines the criteria for partitioning various portions of
traffic into distinct sessions."
::= { accessorElementEntry 2}
accessorElementInterimFwdBehavior OBJECT-TYPE
SYNTAX INTEGER {
DROP (0),
FORWARD (1),
QUEUE (2)
}
STATUS current
DESCRIPTION
"The forwarding behavior to use while awaiting a PDP
Access Response message."
::= { accessorElementEntry 3}
accessorElementDefaultSessionDataPath OBJECT-TYPE
SYNTAX Prid
STATUS current
DESCRIPTION
"The default data path for each session while waiting for
a
PDP Access Response message."
::= { accessorElementEntry 4}
--
-- AccessorSessionScope Table
--
accessorSessionScopeTable OBJECT-TYPE
SYNTAX SEQUENCE OF AccessorSessionScopeEntry
PIB-ACCESS install
STATUS current
DESCRIPTION
"This class defines the criteria to be used for
partitioning various portions of traffic into distinct
sessions."
::= { accessorClasses 3 }
accessorSessionScopeEntry OBJECT-TYPE
SYNTAX AccessorSessionScopeEntry
STATUS current
DESCRIPTION
"An instance of this class defines an individual criterion
to be used towards generating an access request."
PIB-INDEX { accessorSessionScopeId }
UNIQUENESS { accessorSessionScopeGroup,
accessorSessionScopeScopeRef
}
::= { accessorSessionScopeTable 1}
AccessorSessionScopeEntry::= SEQUENCE {
accessorSessionScopeId InstanceId,
accessorSessionScopeGroup TagId,
accessorSessionScopeFilter Prid,
accessorSessionScopePrecedence INTEGER
}
accessorSessionScopeId OBJECT-TYPE
SYNTAX InstanceId
STATUS current
DESCRIPTION
"An arbitrary integer index that uniquely identifies an
instance of the accessorSessionScopeTable class."
::= { accessorSessionScopeEntry 1}
accessorSessionScopeGroup OBJECT-TYPE
SYNTAX TagId
STATUS current
DESCRIPTION
"Represents the binding between the accessorElementTable
and the accessorSessionScope entries. A group of
accessorSessionScope entries constitutes the criteria for
partitioning various portions of traffic into distinct
sessions."
::= { accessorSessionScopeEntry 2}
accessorSessionScopeFilter OBJECT-TYPE
SYNTAX Prid
STATUS current
DESCRIPTION
"Pointer to a filter to be used as the criteria."
::= { accessorSessionScopeEntry 3}
accessorSessionScopePrecedence OBJECT-TYPE
SYNTAX INTEGER
STATUS current
DESCRIPTION
"Represents the precedence of this criterion with respect
to other criteria within the same group. When the
precedence is unique, the instance represents an
alternative criteria (an ORing function). When the
precedence for two or more instances of the
accessorSessionScope class is the same, the attributes
within all the instances are treated collectively as a
single filter criteria."
::= { accessorSessionScopeEntry 4}
--
-- AccessorAuthProtocol Table
--
accessorAuthProtocolTable OBJECT-TYPE
SYNTAX SEQUENCE OF AccessorAuthProtocolEntry
PIB-ACCESS install
STATUS current
DESCRIPTION
"This class lists the authentication protocols that can
be used for an access request originating from a
particular instance of the accessorTable."
::= { accessorClasses 4 }
accessorAuthProtocolEntry OBJECT-TYPE
SYNTAX AccessorAuthProtocolEntry
STATUS current
DESCRIPTION
"An instance of this class describes an authentication
protocol that may be used for an access request. Instances
of this class that share the same TagId value collectively
constitute a list of authentication protocols that may be
used for a given access request"
PIB-INDEX { accessorAuthProtocolId }
UNIQUENESS { accessorAuthProtocolGroup,
accessorAuthProtocolAuthMechanism
}
::= { accessorAuthProtocolTable 1}
AccessorAuthProtocolEntry::= SEQUENCE {
accessorAuthProtocolId InstanceId,
accessorAuthProtocolGroup TagId,
accessorAuthProtocolAuthMechanism INTEGER
}
accessorAuthProtocolId OBJECT-TYPE
SYNTAX InstanceId
STATUS current
DESCRIPTION
"An arbitrary integer index that uniquely identifies an
instance of the ContextDataTable class."
::= { accessorAuthProtocolEntry 1}
accessorAuthProtocolGroup OBJECT-TYPE
SYNTAX TagId
STATUS current
DESCRIPTION
"Represents a binding between an accessorTable instance
and a list of accessorAuthProtocolTable instances."
::= { accessorAuthProtocolEntry 2}
accessorAuthProtocolAuthMechanism OBJECT-TYPE
SYNTAX INTEGER {
PAP (0),
CHAP (1),
EAP-MD5(2),
EAP-TLS(3)
}
STATUS current
DESCRIPTION
"The authentication protocol that may be used for an
access request."
::= { accessorAuthProtocolEntry 3}
--
-- ContextData Table
--
contextDataTable OBJECT-TYPE
SYNTAX SEQUENCE OF ContextDataEntry
PIB-ACCESS install
STATUS current
DESCRIPTION
"This class points to the context information to be
included with an access request."
::= { contextClasses 1 }
contextDataEntry OBJECT-TYPE
SYNTAX ContextDataEntry
STATUS current
DESCRIPTION
"An instance of this class contains the type description
(COPS-PR OID) of the class which needs to be filled in by
the PEP and included with a PEP access request."
PIB-INDEX { contextDataId }
UNIQUENESS { }
::= { contextDataTable 1}
ContextDataEntry::= SEQUENCE {
contextDataId InstanceId,
contextDataGroup TagId,
contextDataSessionRef ReferenceId,
contextDataIfElement PrcIdentifier,
contextDataEncapsulation INTEGER
}
contextDataId OBJECT-TYPE
SYNTAX InstanceId
STATUS current
DESCRIPTION
"An arbitrary integer index that uniquely identifies an
instance of the contextDataTable class."
::= { contextDataEntry 1}
contextDataGroup OBJECT-TYPE
SYNTAX TagId
STATUS current
DESCRIPTION
"Defines the grouping of contextData instances
that are applicable to a given Accessor. This attribute
MUST NOT be specified when the instance is used in
Session-specific contextData Request message."
::= { contextDataEntry 2}
contextDataSessionRef OBJECT-TYPE
SYNTAX ReferenceId
PIB-REFERENCES { sessionEntry }
STATUS current
DESCRIPTION
"This attribute is used to specify the Session for which
the ContextData is being requested with a Session-
specific ContextData Request. This attribute MUST NOT be
specified when the instance of the ContextData class is
used in an Accessor Provisioning Decision message."
::= { contextDataEntry 3}
contextDataIfElement OBJECT-TYPE
SYNTAX PrcIdentifier
STATUS current
DESCRIPTION
"The OID of a class whose instance is to be included with
the PEP access request or Session-specific ContextData
Response."
::= { contextDataEntry 4}
contextDataEncapsulation OBJECT-TYPE
SYNTAX INTEGER
STATUS current
DESCRIPTION
"This attribute allows one to distinguish between inner
and outer headers when there are multiple encapsulated
headers of the same type in a packet.
A value of:
0 means all headers,
positive number ænÆ means the ænÆth header starting
from the outermost,
negative number ænÆ means the ænÆth header starting from
the innermost."
::= { contextDataEntry 5}
--
-- Layer 3 Header Data PRC
--
ctxtL3HdrTable OBJECT-TYPE
SYNTAX SEQUENCE OF ctxtL3HdrEntry
PIB-ACCESS notify
STATUS current
DESCRIPTION
"An instance of this class is created by the PEP and sent
to the PDP to provide the PDP with information it
requested in the ContextData PRC. The PDP uses
this PRC to make Authentication/Provisioning decisions."
::= { contextClasses 2 }
ctxtL3HdrEntry OBJECT-TYPE
SYNTAX CtxtL3HdrEntry
STATUS current
DESCRIPTION
"An instance of the ctxtL3HdrTable PRC."
PIB-INDEX { ctxtL3HdrId }
UNIQUENESS { }
::= { ctxtL3HdrTable 1 }
CtxtL3HdrEntry::= SEQUENCE {
ctxtL3HdrId InstanceId,
ctxtL3HdrSrcAddrType InetAddressType,
ctxtL3HdrSrcAddr InetAddress,
ctxtL3HdrDstAddrType InetAddressType,
ctxtL3HdrDstAddr InetAddress,
ctxtL3HdrProtocol Unsigned32,
ctxtL3HdrSrcPort Unsigned32,
ctxtL3HdrDstPort Unsigned32,
ctxtL3HdrDscp Unsigned32,
ctxtL3HdrEcn TruthValue,
ctxtL3HdrIpOpt TruthValue,
ctxtL3HdrEncap Integer32
}
ctxtL3HdrId OBJECT-TYPE
SYNTAX InstanceId
STATUS current
DESCRIPTION
"An index to uniquely identify an instance of this
provisioning class."
::= { ctxtL3HdrEntry 1 }
ctxtL3HdrSrcAddrType OBJECT-TYPE
SYNTAX InetAddressType
STATUS current
DESCRIPTION
"The address type enumeration value [INETADDR] to specify
the type of the packet's source L3 address)."
::= { ctxtL3HdrEntry 2 }
ctxtL3HdrSrcAddr OBJECT-TYPE
SYNTAX InetAddress
STATUS current
DESCRIPTION
" The packet's source L3 address."
::= { ctxtL3HdrEntry 3 }
ctxtL3HdrDstAddrType OBJECT-TYPE
SYNTAX InetAddressType
STATUS current
DESCRIPTION
"The address type enumeration value [INETADDR] to specify
the type of the packet's destination L3 address."
::= { ctxtL3HdrEntry 4 }
ctxtL3HdrDstAddr OBJECT-TYPE
SYNTAX InetAddress
STATUS current
DESCRIPTION
"The packet's destination L3 address."
::= { ctxtL3HdrEntry 5 }
ctxtL3HdrProtocol OBJECT-TYPE
SYNTAX Unsigned32
STATUS current
DESCRIPTION
"The packet's protocol field."
::= { ctxtL3HdrEntry 6 }
ctxtL3HdrSrcPort OBJECT-TYPE
SYNTAX Unsigned32
STATUS current
DESCRIPTION
"This attribute binds an existing upstream session to
this session instance."
::= { ctxtL3HdrEntry 7 }
ctxtL3HdrDstPort OBJECT-TYPE
SYNTAX Unsigned32
STATUS current
DESCRIPTION
"This attribute binds an existing upstream session to
this session instance."
::= { ctxtL3HdrEntry 8 }
ctxtL3HdrDscp OBJECT-TYPE
SYNTAX Unsigned32
STATUS current
DESCRIPTION
"."
::= { ctxtL3HdrEntry 9 }
ctxtL3HdrEcn OBJECT-TYPE
SYNTAX TruthValue
STATUS current
DESCRIPTION
"PEP sets this attribute to true(1) if ECN capable."
::= { ctxtL3HdrEntry 10 }
ctxtL3HdrIpOpt OBJECT-TYPE
SYNTAX OCTET STRING
STATUS current
DESCRIPTION
"IP Options field in the packet."
::= { ctxtL3HdrEntry 11 }
ctxtL3HdrEncap OBJECT-TYPE
SYNTAX Integer32
STATUS current
DESCRIPTION
"This attribute specifies which encapsulated header is
being described. The sign on this value will be the same
as the value specified in the ContextData
instance that requested this header. If the original
ContextData instance specified a
ContextDataEncapsulation value of zero (meaning
return all headers), then all instances of this attribute
MUST be expressed as positive numbers.
A value of:
positive number ænÆ means the ænÆth header starting
from the outermost,
negative number ænÆ means the ænÆth header starting from
the innermost."
::= { ctxtL3HdrEntry 12 }
--
-- 802.1 Header Data PRC
--
ctxt802HdrTable OBJECT-TYPE
SYNTAX SEQUENCE OF Ctxt802HdrEntry
PIB-ACCESS notify
STATUS current
DESCRIPTION
"An instance of this class is created by the PEP and sent
to the PDP to provide the PDP with information it
requested in the ContextData PRC. The PDP uses
this PRC to make Authorization/Provisioning decisions."
::= { contextClasses 3 }
ctxt802HdrEntry OBJECT-TYPE
SYNTAX Ctxt802HdrEntry
STATUS current
DESCRIPTION
"An instance of the ctxt802HdrTable PRC."
PIB-INDEX { ctxt802HdrId }
UNIQUENESS { }
::= { ctxt802HdrTable 1 }
Ctxt802HdrEntry::= SEQUENCE {
ctxt802HdrId InstanceId,
ctxt802HdrSrcAddr PhysAddress,
ctxt802HdrDstAddr PhysAddress,
ctxt802HdrProtocol Unsigned32,
ctxt802HdrPriority BITS,
ctxt802HdrVlan Unsigned32,
ctxt802HdrEncap Integer32
}
ctxt802HdrId OBJECT-TYPE
SYNTAX InstanceId
STATUS current
DESCRIPTION
"An index to uniquely identify an instance of this
provisioning class."
::= { ctxt802HdrEntry 1 }
ctxt802HdrSrcAddr OBJECT-TYPE
SYNTAX PhysAddress
STATUS current
DESCRIPTION
" The packet's source MAC address."
::= { ctxt802HdrEntry 2 }
ctxt802HdrDstAddr OBJECT-TYPE
SYNTAX PhysAddress
STATUS current
DESCRIPTION
"The packet's destination MAC address."
::= { ctxt802HdrEntry 3 }
ctxt802HdrProtocol OBJECT-TYPE
SYNTAX Unsigned32 (0..'ffff'h)
STATUS current
DESCRIPTION
"The L2 packet's protocol field."
::= { ctxt802HdrEntry 4 }
ctxt802HdrPriority OBJECT-TYPE
SYNTAX Unsigned32 (0..7)
STATUS current
DESCRIPTION
"The L2 packet's priority field. This attribute is only
valid for packets using the 802.1q header extension."
::= { ctxt802HdrEntry 5 }
ctxt802HdrVlan OBJECT-TYPE
SYNTAX Unsigned32 (1..4094)
STATUS current
DESCRIPTION
"The L2 packet's VLAN field. This attribute is only valid
for packets using the 802.1q header extension."
::= { ctxt802HdrEntry 6 }
ctxt802HdrEncap OBJECT-TYPE
SYNTAX Integer32
STATUS current
DESCRIPTION
"This attribute specifies which encapsulated header is
being described. The sign on this value will be the same
as the value specified in the ContextData
instance that requested this header. If the original
ContextData instance specified an
ContextDataEncapsulation value of zero (meaning
return all headers), then all instances of this attribute
MUST be expressed as positive numbers.
A value of:
positive number ænÆ means the ænÆth header starting
from the outermost,
negative number ænÆ means the ænÆth header starting from
the innermost."
::= { ctxt802HdrEntry 7 }
--
-- CtxtDialupInterface Table
--
ctxtDialupInterfaceTable OBJECT-TYPE
SYNTAX SEQUENCE OF CtxtDialupInterfaceEntry
PIB-ACCESS notify
STATUS current
DESCRIPTION
"."
::= { contextClasses 4 }
ctxtDialupInterfaceEntry OBJECT-TYPE
SYNTAX CtxtDialupInterfaceEntry
STATUS current
DESCRIPTION
"Entry oid of the ctxtDialupInterfaceTable PRC."
PIB-INDEX { ctxtDialupInterfaceId }
UNIQUENESS { }
::= { ctxtDialupInterfaceTable 1 }
CtxtDialupInterfaceEntry::= SEQUENCE {
ctxtDialupInterfaceId InstanceId,
ctxtDialupInterfaceNASPort Integer32,
ctxtDialupInterfaceNASPortId OCTET STRING,
ctxtDialupInterfaceNASPortType INTEGER,
ctxtDialupInterfaceCalledStationId OCTET STRING,
ctxtDialupInterfaceCallingStationId OCTET STRING,
ctxtDialupInterfaceConnectInfo OCTET STRING
}
ctxtDialupInterfaceId OBJECT-TYPE
SYNTAX InstanceId
STATUS current
DESCRIPTION
"An index to uniquely identify an instance of this
provisioning class."
::= { ctxtDialupInterfaceEntry 1 }
ctxtDialupInterfaceNASPort OBJECT-TYPE
SYNTAX Integer32
STATUS current
DESCRIPTION
"This Attribute indicates the physical port number of the
NAS which is authenticating the user. It is only used in
Access-Request packets. Note that this is using 'port'
in its sense of a physical connection on the NAS, not in
the sense of a TCP or UDP port number."
::= { ctxtDialupInterfaceEntry 2 }
ctxtDialupInterfaceNASPortId OBJECT-TYPE
SYNTAX OCTET STRING
STATUS current
DESCRIPTION
"This Attribute contains a text string which identifies
the port of the NAS which is authenticating the user. It
is only used in Access-Request and Accounting-Request
packets. Note that this is using 'port' in its sense of
a physical connection on the NAS, not in the sense of a
TCP or UDP port number. "
::= { ctxtDialupInterfaceEntry 2 }
ctxtDialupInterfaceNASPortType OBJECT-TYPE
SYNTAX INTEGER {
radAsync(0),
radSync(1),
radIsdnSync(2),
radIsdnAsyncV120(3),
radIsdnAsyncV110(4),
radVirtual(5),
radPIAFS(6),
radHdlcClearChannel(7),
radX25(8),
radX75(9),
radG3Fax(10),
radSDSL(11),
radAdslCAP(12),
radAdslDMT(13),
radIdsl(14),
radEthernet(15),
radXdsl(16),
radCable(17),
radWirelessOther(18),
radWirelessIEEE80211(19)
}
STATUS current
DESCRIPTION
"This Attribute indicates the type of the physical port
of the NAS which is authenticating the user. It can be
used instead of or in addition to the radNasPort (5)
attribute. It is only used in Access-Request packets.
Either radNasPort (5) or radNasPortType or both SHOULD be
present in an Access-Request packet, if the NAS
differentiates among its ports.
A value of 'radAsync(0)' indicates Async.
A value of 'radSync(1)' indicates Sync.
A value of 'radIsdnSync(2)' indicates ISDN Sync.
A value of 'radIsdnAsyncV120(3)' indicates ISDN
Async V.120.
A value of 'radIsdnAsyncV110(4)' indicates ISDN
Async V.110.
A value of 'radVirtual(5)' indicates Virtual.
Virtual refers to a connection to the NAS via some
transport protocol, instead of through a physical
port. For example, if a user telnetted into a NAS to
authenticate himself as an Outbound-User, the
Access-Request might include radNasPortType =
Virtual as a hint to the RADIUS server that the user
was not on a physical port.
A value of 'radPIAFS(6)' indicates PIAFS. PIAFS is a
form of wireless ISDN commonly used in Japan, and
stands for PHS (Personal Handyphone System) Internet
Access Forum Standard (PIAFS).
A value of 'radHdlcClearChannel(7)' indicates HDLC
Clear Channel.
A value of 'radX25(8)' indicates X.25.
A value of 'radX75(9)' indicates X.75.
A value of 'radG3Fax(10)' indicates G.3 Fax.
A value of 'radSDSL(11)' indicates SDSL û Symmetric
DSL.
A value of 'radAdslCAP(12)' indicates ADSL-CAP -
Asymmetric DSL, Carrierless Amplitude Phase
Modulation.
A value of 'radAdslDMT(13)' indicates ADSL-DMT -
Asymmetric DSL, Discrete Multi-Tone.
A value of 'radIdsl(14)' indicates IDSL û ISDN
Digital Subscriber Line.
A value of 'radEthernet(15)' indicates Ethernet.
A value of 'radXdsl(16)' indicates xDSL - Digital
Subscriber Line of unknown type.
A value of 'radCable(17)' indicates Cable.
A value of 'radWirelessOther(18)' indicates Wireless
- Other.
A value of 'radWirelessIEEE80211(19)' indicates
Wireless - IEEE 802.11."
::= { ctxtDialupInterfaceEntry 2 }
ctxtDialupInterfaceCalledStationId OBJECT-TYPE
SYNTAX OCTET STRING
STATUS current
DESCRIPTION
"This Attribute allows the NAS to send in the Access-
Request packet the phone number that the user called,
using Dialed Number Identification (DNIS) or similar
technology. Note that this may be different from the
phone number the call comes in on. It is only used in
Access-Request packets. "
::= { ctxtDialupInterfaceEntry 2 }
ctxtDialupInterfaceConnectInfo OBJECT-TYPE
SYNTAX OCTET STRING
STATUS current
DESCRIPTION
"This Attribute allows the NAS to send in the Access-
Request packet the phone number that the call came from,
using Automatic Number Identification (ANI) or similar
technology. It is only used in Access-Request packets."
::= { ctxtDialupInterfaceEntry 2 }
---
--- CtxtDialupInterfaceFramedProtocol Table
---
ctxtDialupIfFramedProtocolTable OBJECT-TYPE
SYNTAX SEQUENCE OF CtxtDialupIfFramedProtocolEntry
PIB-ACCESS notify
STATUS current
DESCRIPTION
"."
::= { contextClasses 5 }
ctxtDialupIfFramedProtocolEntry OBJECT-TYPE
SYNTAX CtxtDialupIfFramedProtocolEntry
STATUS current
DESCRIPTION
"Entry oid of the ctxtDialupIfFramedProtocolTable PRC."
PIB-INDEX { ctxtDialupIfFramedProtocolId }
UNIQUENESS { }
::= { ctxtDialupIfFramedProtocolTable 1 }
CtxtDialupInterfaceEntry::= SEQUENCE {
ctxtDialupIfFramedProtocolId InstanceId,
ctxtDialupIfFramedProtocolProt INTEGER,
ctxtDialupIfFramedProtocolMTU Integer32,
ctxtDialupIfFramedProtocolCompression INTEGER,
ctxtDialupIfFramedProtocolPortLimit Unsigned32,
ctxtDialupIfFramedProtocolIpAddress IpAddress,
ctxtDialupIfFramedProtocolIpNetmask IpAddress
}
ctxtDialupIfFramedProtocolId OBJECT-TYPE
SYNTAX InstanceId
STATUS current
DESCRIPTION
"An index to uniquely identify an instance of this
provisioning class."
::= { ctxtDialupIfFramedProtocolEntry 1 }
ctxtDialupIfFramedProtocolProt OBJECT-TYPE
SYNTAX INTEGER {
radPPP(1),
radSLIP(2),
radARAP(3),
radGandalf(4),
radXylogics(5),
radX75Synchronous(6)
}
STATUS current
DESCRIPTION
"This Attribute indicates the framing to be used for
framed access. It MAY be used in both Access-Request and
Access-Accept packets.
A value of 'radPPP(1)' represents PPP.
A value of 'radSLIP(2)' represents SLIP.
A value of 'radARAP(3)' represents AppleTalk Remote
Access Protocol (ARAP).
A value of 'radGandalf(4)' represents Gandalf
proprietary SingleLink/MultiLink protocol.
A value of 'radXylogics(5)' represents Xylogics
proprietary IPX/SLIP.
A value of 'radX75Synchronous(6)' represents X.75
Synchronous."
::= { ctxtDialupIfFramedProtocolEntry 2 }
ctxtDialupIfFramedProtocolMTU OBJECT-TYPE
SYNTAX Integer32
STATUS current
DESCRIPTION
"This Attribute indicates the Maximum Transmission Unit
to be configured for the user, when it is not negotiated
by some other means (such as PPP). It MAY be used in
Access-Accept packets. It MAY be used in an Access-
Request packet as a hint by the NAS to the server that it
would prefer that value, but the server is not required
to honor the hint."
::= { ctxtDialupIfFramedProtocolEntry 3 }
ctxtDialupIfFramedProtocolCompression OBJECT-TYPE
SYNTAX INTEGER {
radNone(0),
radVJ(1),
radIPXheader(2),
radStacLZS(3)
}
STATUS current
DESCRIPTION
"This Attribute indicates a compression protocol to be
used for the link. It MAY be used in Access-Accept
packets. It MAY be used in an Access-Request packet as a
hint to the server that the NAS would prefer to use that
compression, but the server is not required to honor the
hint.
More than one compression protocol Attribute MAY be sent.
It is the responsibility of the NAS to apply the proper
compression protocol to appropriate link traffic.
A value of 'radNone(0)' indicates None.
A value of 'radVJ(1)' indicates VJ TCP/IP header
compression.
A value of 'radIPXheader(2)' indicates IPX header
compression.
A value of 'radStacLZS(3)' indicates Stac-LZS
compression."
::= { ctxtDialupIfFramedProtocolEntry 4 }
ctxtDialupIfFramedProtocolPortLimit OBJECT-TYPE
SYNTAX Integer32
STATUS current
DESCRIPTION
"This Attribute sets the maximum number of ports to be
provided to the user by the NAS. This Attribute MAY be
sent by the server to the client in an Access-Accept
packet. It is intended for use in conjunction with
Multilink PPP [10] or similar uses. It MAY also be sent
by the NAS to the server as a hint that that many ports
are desired for use, but the server is not required to
honor the hint."
::= { ctxtDialupIfFramedProtocolEntry 5 }
ctxtDialupIfFramedProtocolIpAddress OBJECT-TYPE
SYNTAX IpAddress
STATUS current
DESCRIPTION
"This Attribute indicates the address to be configured
for the user. It MAY be used in Access-Accept packets.
It MAY be used in an Access-Request packet as a hint by
the NAS to the server that it would prefer that address,
but the server is not required to honor the hint."
::= { ctxtDialupIfFramedProtocolEntry 6 }
ctxtDialupIfFramedProtocolIpNetmask OBJECT-TYPE
SYNTAX IpAddress
STATUS current
DESCRIPTION
"This Attribute indicates the IP netmask to be configured
for the user when the user is a router to a network. It
MAY be used in Access-Accept packets. It MAY be used in
an Access-Request packet as a hint by the NAS to the
server that it would prefer that netmask, but the server
is not required to honor the hint."
::= { ctxtDialupIfFramedProtocolEntry 7 }
---
--- CtxtDialupIfLoginService Table
---
ctxtDialupIfLoginServiceTable OBJECT-TYPE
SYNTAX SEQUENCE OF CtxtDialupIfLoginServiceEntry
PIB-ACCESS notify
STATUS current
DESCRIPTION
"Base class."
::= { contextClasses 6 }
ctxtDialupIfLoginServiceEntry OBJECT-TYPE
SYNTAX CtxtDialupIfLoginServiceEntry
STATUS current
DESCRIPTION
"Entry oid of the ctxtDialupIfLoginServiceTable PRC."
PIB-INDEX { ctxtDialupIfLoginServiceId }
UNIQUENESS { }
::= { ctxtDialupIfLoginServiceTable 1 }
CtxtDialupIfLoginServiceEntry::= SEQUENCE {
ctxtDialupIfLoginServiceId InstanceId,
ctxtDialupIfLoginIpHost IpAddress
}
ctxtDialupIfLoginServiceId OBJECT-TYPE
SYNTAX InstanceId
STATUS current
DESCRIPTION
"An index to uniquely identify an instance of this
provisioning class."
::= { ctxtDialupIfLoginServiceEntry 1 }
ctxtDialupIfLoginIpHost OBJECT-TYPE
SYNTAX IpAddress
STATUS current
DESCRIPTION
"."
::= { ctxtDialupIfLoginServiceEntry 2 }
---
--- CtxtDialupIfLoginLat Table (Extends CtxtDialupIfLoginService)
---
ctxtDialupIfLoginLatTable OBJECT-TYPE
SYNTAX SEQUENCE OF CtxtDialupIfLoginLatEntry
PIB-ACCESS notify
STATUS current
DESCRIPTION
"Extended class."
::= { contextClasses 7 }
ctxtDialupIfLoginLatEntry OBJECT-TYPE
SYNTAX CtxtDialupIfLoginLatEntry
STATUS current
DESCRIPTION
"Entry oid of the ctxtDialupIfLoginLatTable PRC."
EXTENDS { ctxtDialupIfLoginServiceEntry }
UNIQUENESS { }
::= { ctxtDialupIfLoginLatTable 1 }
CtxtDialupIfLoginLatEntry::= SEQUENCE {
ctxtDialupIfLoginLatService OCTET STRING,
ctxtDialupIfLoginLatNode OCTET STRING,
ctxtDialupIfLoginLatGroup OCTET STRING,
ctxtDialupIfLoginLatPort OCTET STRING
}
ctxtDialupIfLoginLatService OBJECT-TYPE
SYNTAX OCTET STRING
STATUS current
DESCRIPTION
"."
::= { ctxtDialupIfLoginLatEntry 1 }
ctxtDialupIfLoginLatNode OBJECT-TYPE
SYNTAX OCTET STRING
STATUS current
DESCRIPTION
"."
::= { ctxtDialupIfLoginLatEntry 2 }
ctxtDialupIfLoginLatGroup OBJECT-TYPE
SYNTAX OCTET STRING
STATUS current
DESCRIPTION
"."
::= { ctxtDialupIfLoginLatEntry 3 }
ctxtDialupIfLoginLatPort OBJECT-TYPE
SYNTAX OCTET STRING
STATUS current
DESCRIPTION
"."
::= { ctxtDialupIfLoginLatEntry 4 }
--
-- Authentication Extension Tables
--
--
-- AuthExtensions Base Table
--
authExtTable OBJECT-TYPE
SYNTAX SEQUENCE OF AuthExtEntry
PIB-ACCESS install-notify
STATUS current
DESCRIPTION
"This is an abstract PRC. This PRC can be extended by
authentication PRCs that contain attributes specific to
that authentication protocol. An instance of the extended
class is created by the PEP and sent to the PDP. The PDP
may send information back to the PEP or may uses the
information to authenticate the PEP's access request. This
PRC itself should not be instantiated.
This is a ætransientÆ class. Its instances are temporary
and are deleted by the PEP after a certain time/event.
Thus it must not be referred to by the server."
::= { authClasses 1 }
authExtEntry OBJECT-TYPE
SYNTAX AuthExtEntry
STATUS current
DESCRIPTION
"Entry oid for the AuthExtTable PRC."
PIB-INDEX { authExtId }
UNIQUENESS { }
::= { authExtTable 1 }
AuthExtEntry ::= SEQUENCE {
authExtId InstanceId,
authExtSession ReferenceId
}
authExtId OBJECT-TYPE
SYNTAX InstanceId
STATUS current
DESCRIPTION
"An index to uniquely identify an instance of the
entended provisioning class."
::= { authExtEntry 1 }
authExtSession OBJECT-TYPE
SYNTAX ReferenceId
PIB-REFERENCES { sessionEntry }
STATUS current
DESCRIPTION
"This attribute is set by the PEP to reference the
session for which authentication is being requested."
::= { authExtEntry 2 }
--
-- AuthChapExt Table
--
authChapExtTable OBJECT-TYPE
SYNTAX SEQUENCE OF AuthChapExtEntry
PIB-ACCESS notify
STATUS current
DESCRIPTION
"This is a concrete PRC used to contain CHAP
authentication fields. This PRC extends the base PRC
authExtEntry."
::= { authClasses 2 }
authChapExtEntry OBJECT-TYPE
SYNTAX AuthChapExtEntry
STATUS current
DESCRIPTION
"Entry oid for the AuthChapExtTable PRC. InstanceId's for
this extended PRC are assigned by the base PRC [SPPI]."
EXTENDS { authExtEntry }
UNIQUENESS { }
::= { authChapExtTable 1 }
AuthChapExtEntry::= SEQUENCE {
authChapExtId Unsigned32,
authChapExtChal OCTET STRING,
authChapExtResp OCTET STRING
}
authChapExtId OBJECT-TYPE
SYNTAX Unsigned32
STATUS current
DESCRIPTION
"CHAP Id field."
::= { authChapExtEntry 1 }
authChapExtChal OBJECT-TYPE
SYNTAX OCTET STRING
STATUS current
DESCRIPTION
"CHAP Challenge octet string. The challenge is generated
by the PEP."
::= { authChapExtEntry 2 }
authChapExtResp OBJECT-TYPE
SYNTAX OCTET STRING
STATUS current
DESCRIPTION
"CHAP Challenge Response octet string. The challenge
response is sent to the PDP along with the challenge."
::= { authChapExtEntry 3 }
--
-- AuthPapExt Table
--
authPapExtTable OBJECT-TYPE
SYNTAX SEQUENCE OF AuthPapExtEntry
PIB-ACCESS notify
STATUS current
DESCRIPTION
"This is a concrete PRC used to contain PAP
authentication fields. This PRC extends the base PRC
authExtEntry."
::= { authClasses 3 }
authPapExtEntry OBJECT-TYPE
SYNTAX AuthPapExtEntry
STATUS current
DESCRIPTION
"Entry oid for the AuthPapExtTable PRC. InstanceId's for
this extended PRC are assigned by the base PRC [SPPI]."
EXTENDS { authExtEntry }
UNIQUENESS { }
::= { authPapExtTable 1 }
AuthPapExtEntry::= SEQUENCE {
authPapExtPwd OCTET STRING
}
authPapExtPwd OBJECT-TYPE
SYNTAX OCTET STRING
STATUS current
DESCRIPTION
"PAP password octet string."
::= { authPapExtEntry 1 }
--
-- AuthEapReqExt Table
--
authEapReqExtTable OBJECT-TYPE
SYNTAX SEQUENCE OF AuthEapReqExtEntry
PIB-ACCESS notify
STATUS current
DESCRIPTION
"This is a concrete PRC used to contain EAP
authentication fields. This PRC extends the base PRC
authExtEntry. The PEP uses this PRC to send EAP messages
to the PDP."
::= { authClasses 4 }
authEapReqExtEntry OBJECT-TYPE
SYNTAX AuthEapReqExtEntry
STATUS current
DESCRIPTION
"Entry oid for the authEapReqExtTable PRC. InstanceId's
for this extended PRC are assigned by the base PRC
[SPPI]."
EXTENDS { authExtEntry }
UNIQUENESS { }
::= { authEapReqExtTable 1 }
AuthEapReqExtEntry::= SEQUENCE {
authEapReqExtSpecific OCTET STRING
}
authEapReqExtSpecific OBJECT-TYPE
SYNTAX OCTET STRING
STATUS current
DESCRIPTION
"Opaque EAP Request octet string."
::= { authEapReqExtEntry 1 }
--
-- AuthEapRespExt Table
--
authEapRespExtTable OBJECT-TYPE
SYNTAX SEQUENCE OF AuthEapRespExtEntry
PIB-ACCESS install
STATUS current
DESCRIPTION
"This is a concrete PRC used to contain EAP
authentication fields. This PRC extends the base PRC
authExtEntry. The PDP responds using this PRC for EAP
exchanges."
::= { authClasses 5 }
authEapRespExtEntry OBJECT-TYPE
SYNTAX AuthEapRespExtEntry
STATUS current
DESCRIPTION
"Entry oid for the authEapRespExtTable PRC. InstanceId's
for this extended PRC are assigned by the base PRC
[SPPI]."
EXTENDS { authExtEntry }
UNIQUENESS { }
::= { authEapRespExtTable 1 }
AuthEapRespExtEntry::= SEQUENCE {
authEapRespExtSpecific OCTET STRING
}
authEapRespExtSpecific OBJECT-TYPE
SYNTAX OCTET STRING
STATUS current
DESCRIPTION
"Opaque EAP Response octet string."
::= { authEapRespExtEntry 1 }
--
-- conformance section tbd
--
END
ACC SHELL 2018