The Enterasys Networks Proprietary MIB module for entities
implementing the client side of the Remote Access Dialin
User Service (RADIUS) authentication protocol (RFC2865).
N O T I C E
Use of this MIB in any product requires the approval
of the Office of the CTO, Enterasys Networks, Inc.
Permission to use this MIB will not be granted for
products in which SNMPv3 is now, or will soon be,
implemented. Permission to use this MIB in products
that are never scheduled to implement SNMPv3 will be
granted on a case-by-case basis, depending on what
other suitable, secure means of RADIUS client
configuration are available in the product.
The standard RADIUS Authentication Client MIB (RFC2618)
does not have any writable objects, and is missing key
objects needed for configuration.
Use of this MIB requires encryption/decryption for security
during transmission, using SNMPv1. Therefore, there are two
separate processes needed to use this MIB.
1) The standard processes for SNMP gets and sets.
2) The encoding/encryption or decryption/decoding of objects.
The encryption/decryption algorithm, as presented herein, is
taken from the RADIUS protocol, and is the method specified
for encryption of Tunnel-Password Attributes in RFC 2868.
For a detailed discussion of the encoding/decoding and
encryption/decryption of applicable objects, refer to the
definition of RadiusEncryptionString defined in the Textual
Conventions section of this MIB.
Note that the encryption/decryption method makes use of an
agreed-upon Secret and an Authenticator which are shared between
the RADIUS Client SNMP interface and the management entity
implementing the MIB.
The reason that the shared secret and authenticator are
algorithmically derived in the RADIUS Client / SNMP Agent
and in the SNMP Management Station is to permit plug-'n-play
remote installation, configuration and management of the device.
An object is included to allow remote management of the
Authenticator portion of the encryption key. It is suggested
that this value be changed by the network administrator after
initial configuration of the system.
On receipt, the process is reversed to yield the plain-text