Network Working Group                                          D. Nelson
Internet-Draft                                        Enterasys Networks
Updates: RFC 2621 (if approved)                         February 8, 2005
Expires: August 12, 2005


                  RADIUS Accounting Server MIB (IPv6)
                     draft-nelson-rfc2621bis-00.txt

Status of this Memo

   This document is an Internet-Draft and is subject to all provisions
   of Section 3 of RFC 3667.  By submitting this Internet-Draft, each
   author represents that any applicable patent or other IPR claims of
   which he or she is aware have been or will be disclosed, and any of
   which he or she become aware will be disclosed, in accordance with
   RFC 3668.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as
   Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on August 12, 2005.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This memo updates RFC 2621 by extending the MIB defined in RFC 2621
   to add support for IPv6 address formats.







Nelson                   Expires August 12, 2005                [Page 1]


Internet-Draft     RADIUS Accounting Server MIB (IPv6)     February 2005


Table of Contents

   1.   Terminology  . . . . . . . . . . . . . . . . . . . . . . . . . 3
   2.   Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
   3.   The Internet-Standard Management Framework . . . . . . . . . . 3
   4.   Scope of Changes . . . . . . . . . . . . . . . . . . . . . . . 3
   5.   Struture of the MIB Module . . . . . . . . . . . . . . . . . . 3
   6.   Deprecated Objects . . . . . . . . . . . . . . . . . . . . . . 4
   7.   Definitions  . . . . . . . . . . . . . . . . . . . . . . . . . 4
   8.   IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 6
   9.   Security Considerations  . . . . . . . . . . . . . . . . . . . 7
   10.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
     10.1   Normative References . . . . . . . . . . . . . . . . . . . 7
     10.2   Informative References . . . . . . . . . . . . . . . . . . 8
        Author's Address . . . . . . . . . . . . . . . . . . . . . . . 8
   A.   Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 8
        Intellectual Property and Copyright Statements . . . . . . . . 9


































Nelson                   Expires August 12, 2005                [Page 2]


Internet-Draft     RADIUS Accounting Server MIB (IPv6)     February 2005


1.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

   This document uses terminology from RFC 2621 [RFC2621] and RFC 2866
   [RFC2866].

2.  Introduction

   This memo defines a portion of the Management Information Base (MIB)
   for use with network management protocols in the Internet community.
   The objects defined within this memo relate to the RADIUS Accounting
   Server as defined in RFC 2866 [RFC2866].

3.  The Internet-Standard Management Framework

   For a detailed overview of the documents that describe the current
   Internet-Standard Management Framework, please refer to section 7 of
   RFC 3410 [RFC3410].

   Managed objects are accessed via a virtual information store, termed
   the Management Information Base or MIB.  MIB objects are generally
   accessed through the Simple Network Management Protocol (SNMP).
   Objects in the MIB are defined using the mechanisms defined in the
   Structure of Management Information (SMI).  This memo specifies a MIB
   module that is compliant to the SMIv2, which is described in STD 58,
   RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580
   [RFC2580].

4.  Scope of Changes

   This document updates RFC 2621 [RFC2621], RADIUS Accounting Server
   MIB, by augmenting the conceptual table rows for
   radiusAccClientEntry, adding new columns called
   radiusAccClientInetAddressType and radiusAccClientInetAddress.  The
   purpose of these added MIB objects is to support IPv6 addressing
   formats.  The existing table column radiusAccClientAddress is
   deprecated but may continue to be used in IPv4-only deployments.

5.  Struture of the MIB Module

   The structure of the MIB Module defined in this memo extends the
   structure of the MIB Module defined in RADIUS Accounting Server MIB,
   RFC 2621 [RFC2621] using the SMI AUGMENTS syntax, but does not alter
   that structure, except to deprecate the corresponding IPv4-only
   address format objects.



Nelson                   Expires August 12, 2005                [Page 3]


Internet-Draft     RADIUS Accounting Server MIB (IPv6)     February 2005


6.  Deprecated Objects

   The following objects, defined in RADIUS Accounting Server MIB, RFC
   2621 [RFC2621] are deprecated:

      radiusAccSClientAddress

7.  Definitions

     RADIUS-ACC-SERVER-MIB-IPV6 DEFINITIONS ::= BEGIN

   IMPORTS
          MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY,
          mib-2 FROM SNMPv2-SMI
          InetAddressType, InetAddress, InetPortNumber
          FROM INET-ADDRESS-MIB
          MODULE-COMPLIANCE, OBJECT-GROUP  FROM SNMPv2-CONF
          radiusAccClientEntry FROM RADIUS-ACC-SERVER-MIB;

   radiusAccServerExtMIB MODULE-IDENTITY
          LAST-UPDATED "200502072051Z"  -- Mon Feb  7 20:51 GMT 2005
          ORGANIZATION "IETF RADIUS Extensions Working Group."
          CONTACT-INFO
                 " David B. Nelson
                   Enterasys Networks
                   50 Minutemann Road
                   Andover, MA 01810
                   US

                   Phone: +1 978 684 1000
                   EMail: dnelson@eterasys.com"
          DESCRIPTION
                "An extension to the MIB module for entities
                 implementing the server side of the Remote Access
                 Dialin User Service (RADIUS) accounting protocol,
                 using IPv6 addressing formats. Updates RFC 2621."
          REVISION "200502072051Z"  -- Mon Feb  7 20:51 GMT 2005
          DESCRIPTION "Initial version, published as RFC xxxx."

   -- RFC Editor: replace xxx with actual RFC number at the time of
   -- publication, and remove this note.

          ::= { mib-2 TBA }

   -- RFC Editor: replace TBA with IANA assigned OID value, and
   -- remove this note.

   radiusAccServerExtMIBNotifications  OBJECT IDENTIFIER



Nelson                   Expires August 12, 2005                [Page 4]


Internet-Draft     RADIUS Accounting Server MIB (IPv6)     February 2005


               ::= { radiusAccServerExtMIB 0 }

   radiusAccServerExtMIBObjects        OBJECT IDENTIFIER
               ::= { radiusAccServerExtMIB 1 }

   radiusAccServerExtMIBConformance    OBJECT IDENTIFIER
               ::= { radiusAccServerExtMIB 2 }

   -- MIB objects

   radiusAccClientExtTable OBJECT-TYPE
         SYNTAX      SEQUENCE OF RadiusAccClientExtEntry
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION
              "The (conceptual) table listing the RADIUS
               accounting clients with which the server
               shares a secret."
         ::= { radiusAccServerExtMIBObjects 1 }

   radiusAccClientExtEntry OBJECT-TYPE
         SYNTAX     RadiusAccClientExtEntry
         MAX-ACCESS not-accessible
         STATUS     current
         DESCRIPTION
               "An entry (conceptual row) representing a RADIUS
                accounting client with which the server shares
                a secret."
         AUGMENTS      { radiusAccClientEntry }
         ::= { radiusAccClientExtTable 1 }

   RadiusAccClientExtEntry ::= SEQUENCE {
         radiusAccClientInetAddressType      InetAddressType,
         radiusAccClientInetAddress          InetAddress
   }

   radiusAccClientInetAddressType OBJECT-TYPE
         SYNTAX     InetAddressType
         MAX-ACCESS read-only
         STATUS     current
         DESCRIPTION
               "The type of address format used for the
                radiusAccClientInetAddress object."
         ::= { radiusAccClientExtEntry 1 }

   radiusAccClientInetAddress OBJECT-TYPE
         SYNTAX     InetAddress
         MAX-ACCESS read-only



Nelson                   Expires August 12, 2005                [Page 5]


Internet-Draft     RADIUS Accounting Server MIB (IPv6)     February 2005


         STATUS     current
         DESCRIPTION
               "The IP address of the RADIUS accounting
                client referred to in this table entry, using
                the IPv6 adddess format."
         ::= { radiusAccClientExtEntry 2 }

   -- conformance information

   radiusAccServerExtMIBCompliances OBJECT IDENTIFIER
         ::= { radiusAccServerExtMIBConformance 1 }

   radiusAccServerExtMIBGroups      OBJECT IDENTIFIER
         ::= { radiusAccServerExtMIBConformance 2 }

   -- compliance statements

   radiusAccServerExtMIBCompliance MODULE-COMPLIANCE
        STATUS  current
        DESCRIPTION
              "The compliance statement for accounting
               servers implementing the RADIUS Accounting
               Server IPv6 Extensions MIB."
        MODULE  -- this module
               MANDATORY-GROUPS { radiusAccServerExtMIBGroup }

        ::= { radiusAccServerExtMIBCompliances 1 }

   -- units of conformance

   radiusAccServerExtMIBGroup OBJECT-GROUP
        OBJECTS { radiusAccClientInetAddressType,
                  radiusAccClientInetAddress
               }
        STATUS  current
        DESCRIPTION
              "The collection of extended objects providing
               management of RADIUS Accounting Servers
               using IPv6 address format."
        ::= { radiusAccServerExtMIBGroups 1 }

   END


8.  IANA Considerations

   This document requires IANA assignment of a number in the MIB-2 OID
   number space.



Nelson                   Expires August 12, 2005                [Page 6]


Internet-Draft     RADIUS Accounting Server MIB (IPv6)     February 2005


9.  Security Considerations

   There are no management objects defined in this MIB that have a MAX-
   ACCESS clause of read-write and/or read-create.  So, if this MIB is
   implemented correctly, then there is no risk that an intruder can
   alter or create any management objects of this MIB via direct SNMP
   SET operations.

   There are a number of managed objects in this MIB that may contain
   sensitive information.  These are:

   radiusAccClientInetAddress This can be used to determine the address
      of the RADIUS accounting client with which the server is
      communicating.  This information could be useful in mounting an
      attack on the accounting client.

   It is thus important to control even GET access to these objects and
   possibly to even encrypt the values of these object when sending them
   over the network via SNMP.  Not all versions of SNMP provide features
   for such a secure environment.

   SNMP versions prior to SNMPv3 do not provide a secure environment.
   Even if the network itself is secure (for example by using IPSec),
   there is no control as to who on the secure network is allowed to
   access and GET/SET (read/change/create/delete) the objects in this
   MIB.

   It is recommended that the implementers consider the security
   features as provided by the SNMPv3 framework.  Specifically, the use
   of the User-based Security Model [RFC2574] and the View-based Access
   Control Model [RFC2575] is recommended.  Using these security
   features, customer/users can give access to the objects only to those
   principals (users) that have legitimate rights to GET or SET
   (change/create/delete) them.

10.  References

10.1  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2574]  Blumenthal, U. and B. Wijnen, "User-based Security Model
              (USM) for version 3 of the Simple Network Management
              Protocol (SNMPv3)", April 1999.

   [RFC2575]  Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based
              Access Control Model (VACM) for the Simple Network



Nelson                   Expires August 12, 2005                [Page 7]


Internet-Draft     RADIUS Accounting Server MIB (IPv6)     February 2005


              Management Protocol (SNMP)", April 1999.

   [RFC2578]  McCloghrie, K., Perkins, D. and J. Schoenwaelder,
              "Structure of Management Information Version 2 (SMIv2)",
              STD 58, RFC 2578, April 1999.

   [RFC2579]  McCloghrie, K., Perkins, D. and J. Schoenwaelder, "Textual
              Conventions for SMIv2", STD 58, RFC 2579, April 1999.

   [RFC2580]  McCloghrie, K., Perkins, D. and J. Schoenwaelder,
              "Conformance Statements for SMIv2", STD 58, RFC 2580,
              April 1999.

   [RFC3418]  Presuhn, R., "Management Information Base (MIB) for the
              Simple Network Management Protocol (SNMP)", STD 62,
              RFC 3418, December 2002.

10.2  Informative References

   [RFC2621]  Zorn, G. and B. Aboba, "RADIUS Accounting Server MIB",
              RFC 2621, June 1999.

   [RFC2866]  Rigney, C., "RADIUS Accounting", RFC 2866, June 2000.

   [RFC3410]  Case, J., Mundy, R., Partain, D. and B. Stewart,
              "Introduction and Applicability Statements for
              Internet-Standard Management Framework", RFC 3410,
              December 2002.


Author's Address

   David B. Nelson
   Enterasys Networks
   50 Minuteman Road
   Andover, MA  01810
   USA

   Email: dnelson@enterasys.com

Appendix A.  Acknowledgments

   The Authors of the original MIB [RFC2621] are Bernard Aboba and Glen
   Zorn.

   Many thanks to all reviewers, especially to David Harrington and
   Bruno Pape.




Nelson                   Expires August 12, 2005                [Page 8]


Internet-Draft     RADIUS Accounting Server MIB (IPv6)     February 2005


Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.


Disclaimer of Validity

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


Copyright Statement

   Copyright (C) The Internet Society (2005).  This document is subject
   to the rights, licenses and restrictions contained in BCP 78, and
   except as set forth therein, the authors retain all their rights.


Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.




Nelson                   Expires August 12, 2005                [Page 9]