| TOC |
|
By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work in progress.”
The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 26, 2009.
This document defines the Management Information Base (MIB) module which defines a minimum set of objects that can be used to manage an implementation of the PANA Base Protocol [RFC5191] (Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., and A. Yegin, “Protocol for Carrying Authentication for Network Access (PANA),” May 2008.).
1.
The Internet-Standard Management Framework
2.
Conventions
3.
Overview
4.
PANA Base Protocol MIB Definitions
5.
Security Considerations
6.
IANA Considerations
7.
Contributors
8.
References
8.1.
Normative References
8.2.
Informative References
| TOC |
For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410] (Case, J., Mundy, R., Partain, D., and B. Stewart, “Introduction and Applicability Statements for Internet-Standard Management Framework,” December 2002.).
Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578] (McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., “Structure of Management Information Version 2 (SMIv2),” April 1999.), STD 58, RFC 2579 [RFC2579] (McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., “Textual Conventions for SMIv2,” April 1999.) and STD 58, RFC 2580 [RFC2580] (McCloghrie, K., Perkins, D., and J. Schoenwaelder, “Conformance Statements for SMIv2,” April 1999.).
| TOC |
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119] (Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels,” March 1997.).
| TOC |
The PANA Base Protocol [RFC5191] (Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., and A. Yegin, “Protocol for Carrying Authentication for Network Access (PANA),” May 2008.) is structured for network access authentication where authenticating peers are typically in a many-to-one relationship; multiple end-users (PaC) and an authentication server (PAA). Therefore the PANA protocols operating parameters naturally segments to parameters that are common to both PaC and PAA and parameters specific only to either PaC and PAA.
The MIB objects described in this document follows the same pattern. As of this writing, there are not explicit dependecies between this document and other MIB modules.
| TOC |
PANA-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE,
Unsigned32 FROM SNMPv2-SMI, Counter32 FROM SNMPv2-SMI
MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF
InetAddressType, InetAddress FROM INET-ADDRESS-MIB;
panaMIB MODULE-IDENTITY
LAST-UPDATED "200810220000Z"
ORGANIZATION "IETF PANA Working Group."
CONTACT-INFO
"Victor Fajardo
Toshiba America Research Inc.
1322 Crossman Avenue
One Telcordia Drive, Piscataway, NJ 08854
USA
Phone: +1 (908) 421-1845
Email: vfajardo@tari.toshiba.com"
REVISION "200810221502Z"
DESCRIPTION
"The MIB module to for the PANA base protocol, RFC5191."
::= { mib-2 YY }
-- RFC Ed.: Replace YY with suitable number from IANA if this goes
-- into standards track
-- Major sections of this MIB.
-- The PANA base protocol MIB can be sub-divided into three(3)
-- types of Objects: Objects common to all PANA entities, Objects
-- specific to the PaC and Objects specific to the PAA
panaBaseProtoMIB OBJECT ::=
{ panaMIB 1 }
panaEntityObject OBJECT IDENTIFIER ::=
{ panaBaseProtoMIB 1 }
panaEntityTraps OBJECT IDENTIFIER ::=
{ panaBaseProtoMIB 2 }
panaPaCObject OBJECT IDENTIFIER ::=
{ panaBaseProtoMIB 3 }
panaPaaObject OBJECT IDENTIFIER ::=
{ panaBaseProtoMIB 4 }
panaRetransmissionParam OBJECT IDENTIFIER ::=
{ panaEntityObject 1 }
panaInitialRetryTimeout OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Base value of the re-transmission timeout
in seconds for the initial retransmission."
DEFVAL { 5 }
::= { panaRetransmissionParam 1 }
panaMaxRetryCount OBJECT-TYPE
SYNTAX Unsigned32 (0..4294967295)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Maximum retransmission count. Specifies an
upper bound on the number of times a sender
may retransmit a message."
DEFVAL { 3 }
::= { panaRetransmissionParam 2 }
panaMaxRetryTime OBJECT-TYPE
SYNTAX Unsigned32 (0..4294967295)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Maximum retransmission time in seconds. Specifies an
an upper bound on the value of retry timeout. It has
a value of 0 there is no upper limit on the value
of retry timeout."
DEFVAL { 10 }
::= { panaRetransmissionParam 3 }
panaMaxDuration OBJECT-TYPE
SYNTAX Unsigned32 (0..4294967295)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Maximum retransmission duration in seconds. Specifies
an upper bound on the length of time a sender may
retransmit a message."
DEFVAL { 120 }
::= { panaRetransmissionParam 4 }
panaSessionLifetime OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the lifetime of the PANA session in seconds.
This indicates how long till a re-authentication or
disconnection occurs after a user successfully
authenticates. This should be set to a minimum value
that is greater than panaReAuthentionAllowance when
re-authentication is enabled."
DEFVAL { 360 }
::= { panaEntityObject 2 }
panaPingInterval OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates whether the interval between a PANA ping
request. A value of 0 will disable sending of ping
request otherwise a ping request message will be
sent at this interval after successful authentication."
DEFVAL { 5 }
::= { panaEntityObject 3 }
panaReAuthenticate OBJECT-TYPE
SYNTAX Unsigned32 (0..1)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates whether a PANA entity will attempt to
re-authenticate with its peer just prior to the
session lifetime expiring. A value of 1 indicates
that re-authentication will be attempted otherwise
re-authentication will not be attempted."
DEFVAL { 1 }
::= { panaEntityObject 4 }
panaReAuthentionAllowance OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates how many seconds before the session lifetime
expires will a PANA entity start authentication. This
value is meaningful only when panaReAuthenticate is
set to 1."
DEFVAL { 5 }
::= { panaEntityObject 5 }
panaPaaAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The type of internet address stored
in panaPaaIpAddress."
::= { panaPaCObject 1 }
panaPaaIpAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The IP-Address of the PAA, which is of the
type specified in panaPaaAddressType."
::= { panaPaCObject 2 }
panaPacEapResponseTimeout OBJECT-TYPE
SYNTAX Unsigned32 (1..255)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Number of seconds the EAP layer is allowed to send
an EAP response before an EAP timeout event occurs."
DEFVAL { 3 }
::= { panaPaCObject 3 }
panaPacEapPiggyback OBJECT-TYPE
SYNTAX Unsigned32 (0..1)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Controls wether EAP payload will be sent
in the PANA-Auth-Answer message during auth phase.
A value of 1 will allow for EAP payload to be sent
in the answer message while a value of 0 will
prevent it."
DEFVAL { 1 }
::= { panaPaCObject 4 }
panaPacEapPiggyback OBJECT-TYPE
SYNTAX Unsigned32 (0..1)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Controls wether EAP payload will be sent
in the PANA-Auth-Answer message during auth phase.
A value of 1 will allow for EAP payload to be sent
in the answer message while a value of 0 will
prevent it."
DEFVAL { 1 }
::= { panaPaCObject 4 }
panaPaaAnnounceLifetime OBJECT-TYPE
SYNTAX Unsigned32 (0..1)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates whether the PAA will carry the
session lifetime AVP in the PANA-Bind-Rquest
message. A value of 1 will allow for the session
lifetime to be send in the PANA-Bind-Request
while a value of 0 will prevent it."
DEFVAL { 1 }
::= { panaPaaObject 2 }
panaPaaIpReconfiguration OBJECT-TYPE
SYNTAX Unsigned32 (0..1)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates whether the PAA will set the IP
reconfiguration flag in the PAR to let the
PaC know that it should re-configure its
IP address after successful authentication.
A value of 1 will set the re-configure bit
(i-bit) in the PANA-Bind-Answer while a
value of 0 will un-set it."
DEFVAL { 1 }
::= { panaPaaObject 3 }
panaPaaAuthAttempts OBJECT-TYPE
SYNTAX Counter32 (0..4294967295)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the total number of authentication
attempts made on this PAA regardless of success
or failure. Note that this is separate
re-authentication attempts."
::= { panaPaaObject 4 }
panaPaaSuccessfulAuth OBJECT-TYPE
SYNTAX Counter32 (0..4294967295)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the total number of successful
authentication that this PAA has processed."
::= { panaPaaObject 5 }
panaPaaReAuthAttempts OBJECT-TYPE
SYNTAX Counter32 (0..4294967295)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the total number of re-authentication
attempts made on this PAA regardless of success
or failure. Note that this is separate authentication
attempts."
::= { panaPaaObject 6 }
panaPaaSuccessfulReAuth OBJECT-TYPE
SYNTAX Counter32 (0..4294967295)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the total number of successful
re-authentication that this PAA has processed."
::= { panaPaaObject 7 }
END
| TOC |
TBD
| TOC |
IANA is requested to assign an OID under mib-2.
| TOC |
TBD
| TOC |
| TOC |
| [RFC5191] | Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., and A. Yegin, “Protocol for Carrying Authentication for Network Access (PANA),” RFC 5191, May 2008 (TXT). |
| [RFC2119] | Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels,” BCP 14, RFC 2119, March 1997 (TXT, HTML, XML). |
| [RFC2578] | McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., “Structure of Management Information Version 2 (SMIv2),” STD 58, RFC 2578, April 1999 (TXT). |
| [RFC2579] | McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., “Textual Conventions for SMIv2,” STD 58, RFC 2579, April 1999 (TXT). |
| [RFC2580] | McCloghrie, K., Perkins, D., and J. Schoenwaelder, “Conformance Statements for SMIv2,” STD 58, RFC 2580, April 1999 (TXT). |
| TOC |
| [RFC3410] | Case, J., Mundy, R., Partain, D., and B. Stewart, “Introduction and Applicability Statements for Internet-Standard Management Framework,” RFC 3410, December 2002 (TXT). |
| TOC |
| Victor Fajardo (editor) | |
| Toshiba America Research, Inc. | |
| 1 Telcordia Drive | |
| Piscataway, NJ 08854 | |
| USA | |
| Phone: | +1 732 699 5368 |
| EMail: | vfajardo@tari.toshiba.com |
| TOC |
Copyright © The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
This document and the information contained herein are provided on an “AS IS” basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.