The Enterasys Networks Proprietary MIB module for entities 
implementing the client side of the Remote Access Dialin 
User Service (RADIUS) authentication protocol (RFC2865).

                     N O T I C E

Use of this MIB in any product requires the approval
of the Office of the CTO, Enterasys Networks, Inc.  
Permission to use this MIB will not be granted for 
products in which SNMPv3 is now, or will soon be,
implemented.  Permission to use this MIB in products
that are never scheduled to implement SNMPv3 will be 
granted on a case-by-case basis, depending on what 
other suitable, secure means of RADIUS client 
configuration are available in the product.


The standard RADIUS Authentication Client MIB (RFC2618)
does not have any writable objects, and is missing key 
objects needed for configuration.

Use of this MIB requires encryption/decryption for security
during transmission, using SNMPv1.  Therefore, there are two 
separate processes needed to use this MIB.  

1)  The standard processes for SNMP gets and sets.
2)  The encoding/encryption or decryption/decoding of objects.

The encryption/decryption algorithm, as presented herein, is
taken from the RADIUS protocol, and is the method specified
for encryption of Tunnel-Password Attributes in RFC 2868.

For a detailed discussion of the encoding/decoding and 
encryption/decryption of applicable objects, refer to the 
definition of RadiusEncryptionString defined in the Textual 
Conventions section of this MIB.

Note that the encryption/decryption method makes use of an 
agreed-upon Secret and an Authenticator which are shared between
the RADIUS Client SNMP interface and the management entity
implementing the MIB.

The reason that the shared secret and authenticator are 
algorithmically derived in the RADIUS Client / SNMP Agent
and in the SNMP Management Station is to permit plug-'n-play
remote installation, configuration and management of the device.

An object is included to allow remote management of the 
Authenticator portion of the encryption key.  It is suggested 
that this value be changed by the network administrator after
initial configuration of the system.

On receipt, the process is reversed to yield the plain-text 

Imported Objects

etsysRadiusAuthClientEncryptMIBObjects .
etsysRadiusAuthClientRetryTimeoutEncrypt obsolete.
etsysRadiusAuthClientRetriesEncrypt obsolete.
etsysRadiusAuthClientEnableEncrypt obsolete.
etsysRadiusAuthClientAuthTypeEncrypt obsolete.
etsysRadiusAuthClientManageAuthKeyEncrypt obsolete.
etsysRadiusAuthServerEncryptTable obsolete.
etsysRadiusAuthServerEncryptEntry obsolete.
etsysRadiusAuthServerIndexEncrypt obsolete.
etsysRadiusAuthClientServerAddressEncrypt obsolete.
etsysRadiusAuthClientServerPortNumberEncrypt obsolete.
etsysRadiusAuthClientServerSecretEncrypt obsolete.
etsysRadiusAuthClientServerSecretEnteredEncrypt obsolete.
etsysRadiusAuthClientServerClearTimeEncrypt obsolete.
etsysRadiusAuthClientServerStatusEncrypt obsolete.
etsysRadiusAuthClientEncryptMIBConformance .
etsysRadiusAuthClientEncryptMIBCompliances .
etsysRadiusAuthClientEncryptMIBGroups .