TOC |
|
By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work in progress.”
The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 26, 2009.
This document defines the Management Information Base (MIB) module which defines a minimum set of objects that can be used to manage an implementation of the PANA Base Protocol [RFC5191] (Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., and A. Yegin, “Protocol for Carrying Authentication for Network Access (PANA),” May 2008.).
1.
The Internet-Standard Management Framework
2.
Conventions
3.
Overview
4.
PANA Base Protocol MIB Definitions
5.
Security Considerations
6.
IANA Considerations
7.
Contributors
8.
References
8.1.
Normative References
8.2.
Informative References
TOC |
For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410] (Case, J., Mundy, R., Partain, D., and B. Stewart, “Introduction and Applicability Statements for Internet-Standard Management Framework,” December 2002.).
Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578] (McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., “Structure of Management Information Version 2 (SMIv2),” April 1999.), STD 58, RFC 2579 [RFC2579] (McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., “Textual Conventions for SMIv2,” April 1999.) and STD 58, RFC 2580 [RFC2580] (McCloghrie, K., Perkins, D., and J. Schoenwaelder, “Conformance Statements for SMIv2,” April 1999.).
TOC |
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119] (Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels,” March 1997.).
TOC |
The PANA Base Protocol [RFC5191] (Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., and A. Yegin, “Protocol for Carrying Authentication for Network Access (PANA),” May 2008.) is structured for network access authentication where authenticating peers are typically in a many-to-one relationship; multiple end-users (PaC) and an authentication server (PAA). Therefore the PANA protocols operating parameters naturally segments to parameters that are common to both PaC and PAA and parameters specific only to either PaC and PAA.
The MIB objects described in this document follows the same pattern. As of this writing, there are not explicit dependecies between this document and other MIB modules.
TOC |
PANA-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32 FROM SNMPv2-SMI, Counter32 FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF InetAddressType, InetAddress FROM INET-ADDRESS-MIB; panaMIB MODULE-IDENTITY LAST-UPDATED "200810220000Z" ORGANIZATION "IETF PANA Working Group." CONTACT-INFO "Victor Fajardo Toshiba America Research Inc. 1322 Crossman Avenue One Telcordia Drive, Piscataway, NJ 08854 USA Phone: +1 (908) 421-1845 Email: vfajardo@tari.toshiba.com" REVISION "200810221502Z" DESCRIPTION "The MIB module to for the PANA base protocol, RFC5191." ::= { mib-2 YY } -- RFC Ed.: Replace YY with suitable number from IANA if this goes -- into standards track -- Major sections of this MIB. -- The PANA base protocol MIB can be sub-divided into three(3) -- types of Objects: Objects common to all PANA entities, Objects -- specific to the PaC and Objects specific to the PAA panaBaseProtoMIB OBJECT ::= { panaMIB 1 } panaEntityObject OBJECT IDENTIFIER ::= { panaBaseProtoMIB 1 } panaEntityTraps OBJECT IDENTIFIER ::= { panaBaseProtoMIB 2 } panaPaCObject OBJECT IDENTIFIER ::= { panaBaseProtoMIB 3 } panaPaaObject OBJECT IDENTIFIER ::= { panaBaseProtoMIB 4 } panaRetransmissionParam OBJECT IDENTIFIER ::= { panaEntityObject 1 } panaInitialRetryTimeout OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS read-write STATUS current DESCRIPTION "Base value of the re-transmission timeout in seconds for the initial retransmission." DEFVAL { 5 } ::= { panaRetransmissionParam 1 } panaMaxRetryCount OBJECT-TYPE SYNTAX Unsigned32 (0..4294967295) MAX-ACCESS read-write STATUS current DESCRIPTION "Maximum retransmission count. Specifies an upper bound on the number of times a sender may retransmit a message." DEFVAL { 3 } ::= { panaRetransmissionParam 2 } panaMaxRetryTime OBJECT-TYPE SYNTAX Unsigned32 (0..4294967295) MAX-ACCESS read-write STATUS current DESCRIPTION "Maximum retransmission time in seconds. Specifies an an upper bound on the value of retry timeout. It has a value of 0 there is no upper limit on the value of retry timeout." DEFVAL { 10 } ::= { panaRetransmissionParam 3 } panaMaxDuration OBJECT-TYPE SYNTAX Unsigned32 (0..4294967295) MAX-ACCESS read-write STATUS current DESCRIPTION "Maximum retransmission duration in seconds. Specifies an upper bound on the length of time a sender may retransmit a message." DEFVAL { 120 } ::= { panaRetransmissionParam 4 } panaSessionLifetime OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the lifetime of the PANA session in seconds. This indicates how long till a re-authentication or disconnection occurs after a user successfully authenticates. This should be set to a minimum value that is greater than panaReAuthentionAllowance when re-authentication is enabled." DEFVAL { 360 } ::= { panaEntityObject 2 } panaPingInterval OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether the interval between a PANA ping request. A value of 0 will disable sending of ping request otherwise a ping request message will be sent at this interval after successful authentication." DEFVAL { 5 } ::= { panaEntityObject 3 } panaReAuthenticate OBJECT-TYPE SYNTAX Unsigned32 (0..1) MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether a PANA entity will attempt to re-authenticate with its peer just prior to the session lifetime expiring. A value of 1 indicates that re-authentication will be attempted otherwise re-authentication will not be attempted." DEFVAL { 1 } ::= { panaEntityObject 4 } panaReAuthentionAllowance OBJECT-TYPE SYNTAX Unsigned32 (0..255) MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates how many seconds before the session lifetime expires will a PANA entity start authentication. This value is meaningful only when panaReAuthenticate is set to 1." DEFVAL { 5 } ::= { panaEntityObject 5 } panaPaaAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-write STATUS current DESCRIPTION "The type of internet address stored in panaPaaIpAddress." ::= { panaPaCObject 1 } panaPaaIpAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The IP-Address of the PAA, which is of the type specified in panaPaaAddressType." ::= { panaPaCObject 2 } panaPacEapResponseTimeout OBJECT-TYPE SYNTAX Unsigned32 (1..255) MAX-ACCESS read-write STATUS current DESCRIPTION "Number of seconds the EAP layer is allowed to send an EAP response before an EAP timeout event occurs." DEFVAL { 3 } ::= { panaPaCObject 3 } panaPacEapPiggyback OBJECT-TYPE SYNTAX Unsigned32 (0..1) MAX-ACCESS read-write STATUS current DESCRIPTION "Controls wether EAP payload will be sent in the PANA-Auth-Answer message during auth phase. A value of 1 will allow for EAP payload to be sent in the answer message while a value of 0 will prevent it." DEFVAL { 1 } ::= { panaPaCObject 4 } panaPacEapPiggyback OBJECT-TYPE SYNTAX Unsigned32 (0..1) MAX-ACCESS read-write STATUS current DESCRIPTION "Controls wether EAP payload will be sent in the PANA-Auth-Answer message during auth phase. A value of 1 will allow for EAP payload to be sent in the answer message while a value of 0 will prevent it." DEFVAL { 1 } ::= { panaPaCObject 4 } panaPaaAnnounceLifetime OBJECT-TYPE SYNTAX Unsigned32 (0..1) MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether the PAA will carry the session lifetime AVP in the PANA-Bind-Rquest message. A value of 1 will allow for the session lifetime to be send in the PANA-Bind-Request while a value of 0 will prevent it." DEFVAL { 1 } ::= { panaPaaObject 2 } panaPaaIpReconfiguration OBJECT-TYPE SYNTAX Unsigned32 (0..1) MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether the PAA will set the IP reconfiguration flag in the PAR to let the PaC know that it should re-configure its IP address after successful authentication. A value of 1 will set the re-configure bit (i-bit) in the PANA-Bind-Answer while a value of 0 will un-set it." DEFVAL { 1 } ::= { panaPaaObject 3 } panaPaaAuthAttempts OBJECT-TYPE SYNTAX Counter32 (0..4294967295) MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the total number of authentication attempts made on this PAA regardless of success or failure. Note that this is separate re-authentication attempts." ::= { panaPaaObject 4 } panaPaaSuccessfulAuth OBJECT-TYPE SYNTAX Counter32 (0..4294967295) MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the total number of successful authentication that this PAA has processed." ::= { panaPaaObject 5 } panaPaaReAuthAttempts OBJECT-TYPE SYNTAX Counter32 (0..4294967295) MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the total number of re-authentication attempts made on this PAA regardless of success or failure. Note that this is separate authentication attempts." ::= { panaPaaObject 6 } panaPaaSuccessfulReAuth OBJECT-TYPE SYNTAX Counter32 (0..4294967295) MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the total number of successful re-authentication that this PAA has processed." ::= { panaPaaObject 7 } END
TOC |
TBD
TOC |
IANA is requested to assign an OID under mib-2.
TOC |
TBD
TOC |
TOC |
[RFC5191] | Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., and A. Yegin, “Protocol for Carrying Authentication for Network Access (PANA),” RFC 5191, May 2008 (TXT). |
[RFC2119] | Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels,” BCP 14, RFC 2119, March 1997 (TXT, HTML, XML). |
[RFC2578] | McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., “Structure of Management Information Version 2 (SMIv2),” STD 58, RFC 2578, April 1999 (TXT). |
[RFC2579] | McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., “Textual Conventions for SMIv2,” STD 58, RFC 2579, April 1999 (TXT). |
[RFC2580] | McCloghrie, K., Perkins, D., and J. Schoenwaelder, “Conformance Statements for SMIv2,” STD 58, RFC 2580, April 1999 (TXT). |
TOC |
[RFC3410] | Case, J., Mundy, R., Partain, D., and B. Stewart, “Introduction and Applicability Statements for Internet-Standard Management Framework,” RFC 3410, December 2002 (TXT). |
TOC |
Victor Fajardo (editor) | |
Toshiba America Research, Inc. | |
1 Telcordia Drive | |
Piscataway, NJ 08854 | |
USA | |
Phone: | +1 732 699 5368 |
EMail: | vfajardo@tari.toshiba.com |
TOC |
Copyright © The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
This document and the information contained herein are provided on an “AS IS” basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.