-- Copyright (C) 2015 Aricent. All Rights Reserved. -- $Id: fspnac.mib,v 1.20 2015/06/11 10:03:20 siva Exp $ -- PNAC Proprietary MIB Definition -- This document explains the proprietary MIB implemented -- for PNAC product. -- This proprietary MIB definition, supplements the standard IEEE802.1X -- MIB and also provides management of certain proprietary features of -- PNAC. -- This MIB contains tables used to configure the ports of host running -- PNAC, for its MAC based authentication operation. Such an -- authenticaion method permits the authenticated operation of hosts in -- shared media LANs. -- The proprietary MIB definitions follows: ARICENT-PNAC-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Counter32, Unsigned32, enterprises, Integer32, TimeTicks, Counter64, NOTIFICATION-TYPE FROM SNMPv2-SMI RowStatus, TruthValue, MacAddress, TEXTUAL-CONVENTION, DisplayString FROM SNMPv2-TC SnmpAdminString FROM SNMP-FRAMEWORK-MIB PortList FROM Q-BRIDGE-MIB dot1xAuthOperControlledDirections, PaeControlledPortStatus FROM IEEE8021-PAE-MIB InterfaceIndex FROM IF-MIB; fspnac MODULE-IDENTITY LAST-UPDATED "201209050000Z" ORGANIZATION "ARICENT COMMUNICATIONS SOFTWARE" CONTACT-INFO "support@aricent.com" DESCRIPTION "The proprietary MIB module for PNAC." REVISION "201209050000Z" DESCRIPTION "The proprietary MIB module for PNAC." ::= { enterprises futuresoftware (2076) 64 } -- ---------------------------------------------------------- -- -- Textual Conventions -- ---------------------------------------------------------- -- AuthenticMethod ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The authentication method is using Remote Authentication Server or Local Authentication Server." SYNTAX INTEGER { remoteServer(1), localServer(2) } RemoteAuthServerType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This indicates which remote server is to provide the authentication. Currently supported servers are RADIUS Server and Terminal Access Controller Access-Control System Plus (TACACS+) Server." SYNTAX INTEGER { radiusServer(1), tacacsplusServer(2) } PermissionType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The permission values." SYNTAX INTEGER { allow(1), deny(2) } -- ------------------------------------------------------------ -- groups in the MIB -- ------------------------------------------------------------ fsPnacPaeSystem OBJECT IDENTIFIER ::= { fspnac 1 } fsPnacPaeAuthenticator OBJECT IDENTIFIER ::= { fspnac 2 } fsPnacAuthServer OBJECT IDENTIFIER ::= { fspnac 3 } fsPnacTrapObjects OBJECT IDENTIFIER ::= { fspnac 4 } fsPnacNotifications OBJECT IDENTIFIER ::= { fspnac 5 } fsDPnac OBJECT IDENTIFIER ::= { fspnac 6 } -- ------------------------------------------------------------------ -- ------------------------------------------------------------------ -- Distributed PNAC Group -- ------------------------------------------------------------------ fsDPnacSystemStatus OBJECT-TYPE SYNTAX INTEGER { centralized (1), distributed (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object sets the mode for dot1x. PNAC is enabled, when the mode is set as centralized and DPNAC is enabled when the mode is set as distributed." DEFVAL { 1 } ::= { fsDPnac 1} fsDPnacPeriodicSyncTime OBJECT-TYPE SYNTAX Unsigned32 (0..300) MAX-ACCESS read-write STATUS current DESCRIPTION "This object configures the D-PNAC periodic sync timer. This periodic sync timer is used to configure the transmission interval of D-PNAC periodic-sync PDUs. The configured value of this timer is applicable only from the next start/re-start of the timer. In master node, this timer expiry is used to identify the slave down and remove the slave node information. This runs individually in each D-PNAC node. If this object is configured with a value of '0', then no periodic-sync messages will be sent from that D-PNAC node. The periodic sync timer has a period from 0 to 300 seconds, configurable in units of seconds." DEFVAL { 60 } ::= { fsDPnac 2 } fsDPnacMaxKeepAliveCount OBJECT-TYPE SYNTAX Integer32 (1..5) MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to provide keep alive mechanism when D-PNAC status is enabled. This is maintained by Master Node. The keep alive count of all remote D-PNAC nodes will be incremented every time when the periodic-sync timer expires and this resets to zero for a particular D-PNAC node only on receiving periodic-sync/ event-update message from that particular remote D-PNAC node. if keep alive count of any of the remote D-PNAC node reaches the maximum keep alive count, then that remote D-PNAC node will be declared as operationally down/dead." DEFVAL { 3 } ::= { fsDPnac 3 } -- D-Pnac Slot Table fsDPnacStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF FsDPnacStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object is a table of statistics information for each slot supported by the DPNAC. An entry appears in this table for each slot of this system." ::= { fsDPnac 4 } fsDPnacStatsEntry OBJECT-TYPE SYNTAX FsDPnacStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object is a table to get the statistics information about event update like DPNAC Tx/Rx and periodic DPNAC Tx/Rx based on slot." INDEX { fsDPnacSlotNumber } ::= { fsDPnacStatsTable 1 } FsDPnacStatsEntry ::= SEQUENCE { fsDPnacSlotNumber Integer32, fsDPnacEventUpdateFramesRx Counter32, fsDPnacEventUpdateFramesTx Counter32, fsDPnacPeriodicFramesTx Counter32, fsDPnacPeriodicFramesRx Counter32 } fsDPnacSlotNumber OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies the slot number of the chassis for which the configuration entry applies." ::= { fsDPnacStatsEntry 1 } fsDPnacEventUpdateFramesRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the number of Event-update D-PNAC frames received by the master node." ::= { fsDPnacStatsEntry 2 } fsDPnacEventUpdateFramesTx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the number of Event-update D-PNAC frames transmitted from the slave node." ::= { fsDPnacStatsEntry 3 } fsDPnacPeriodicFramesTx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the number of periodic D-PNAC frames transmitted from the slave node." ::= { fsDPnacStatsEntry 4 } fsDPnacPeriodicFramesRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the number of periodic D-PNAC frames received by the master node." ::= { fsDPnacStatsEntry 5 } fsDPnacSlotPortTable OBJECT-TYPE SYNTAX SEQUENCE OF FsDPnacSlotPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object is a table which is used to access the port information stored in master node for every slave slot including master slot." ::= { fsDPnac 5 } fsDPnacSlotPortEntry OBJECT-TYPE SYNTAX FsDPnacSlotPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies an entry which holds the information about the port authentication status and controlled direction of a port belonging to the slot." INDEX { fsDPnacSlotNumber , fsDPnacPortIndex} ::= { fsDPnacSlotPortTable 1 } FsDPnacSlotPortEntry ::= SEQUENCE { fsDPnacPortIndex InterfaceIndex, fsDPnacPortAuthStatus INTEGER, fsDPnacPortControlledDirection INTEGER } fsDPnacPortIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object is used to get the ifIndex of each port belonging to the slot." ::= { fsDPnacSlotPortEntry 1 } fsDPnacPortAuthStatus OBJECT-TYPE SYNTAX PaeControlledPortStatus MAX-ACCESS read-only STATUS current DESCRIPTION "This object displays the authentication status of each port belonging to the slot." ::= { fsDPnacSlotPortEntry 2 } fsDPnacPortControlledDirection OBJECT-TYPE SYNTAX INTEGER { both(0), in(1) } MAX-ACCESS read-only STATUS current DESCRIPTION "The object specifies the port controlled directions parameters for the port belonging to the slot." ::= { fsDPnacSlotPortEntry 3 } -- ------------------------------------------------------------------ -- The Pae System Group -- ------------------------------------------------------------------ fsPnacSystemControl OBJECT-TYPE SYNTAX INTEGER { start (1), shutdown (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Starts or shutdowns PNAC module in the system. When set as 'start', resources required by PNAC module are allocated & PNAC module starts running. When shutdown, all resources used by PNAC module will be released to the system." ::= { fsPnacPaeSystem 1 } fsPnacTraceOption OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to enable trace statements in Network Access Control Module. A four byte integer is used for enabling the level of tracing. Each bit in the four byte integer represents a particular level of trace. The mapping between the bit positions & the level of trace is as follows: 0 - Init and Shutdown Traces 1 - Management Traces 2 - Data Path Traces 3 - Control Plane Traces 4 - Packet Dump Traces 5 - Traces related to All Resources except Buffers 6 - All Failure Traces 7 - Buffer Traces The remaining bits are unused. Combinations of levels are also allowed. For example, if the bits 0 and 1 are set, then the trace statements related to Init-Shutdown and management will be printed. The user has to enter the corresponding integer value for the bits set. For example, if bits 0 and 1 are set, then user has to give the value 3." DEFVAL { 0 } ::= { fsPnacPaeSystem 2 } fsPnacAuthenticServer OBJECT-TYPE SYNTAX AuthenticMethod MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure for the choice of local or remote authentication server to be used by the authenticator for its authentication services." ::= { fsPnacPaeSystem 3 } fsPnacNasId OBJECT-TYPE SYNTAX DisplayString(SIZE(0..16)) MAX-ACCESS read-write STATUS deprecated DESCRIPTION "Currently this object is not used. This object is the Network Access Server Identifier to be presented before the remote authentication server." ::= { fsPnacPaeSystem 4 } -- Pae Port Table extensions fsPnacPaePortTable OBJECT-TYPE SYNTAX SEQUENCE OF FsPnacPaePortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of system level information for each port supported by the PNAC. An entry appears in this table for each port of this system. This table is an extension of dot1xPaePortTable of IEEE 802.1x MIB." ::= { fsPnacPaeSystem 5 } fsPnacPaePortEntry OBJECT-TYPE SYNTAX FsPnacPaePortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Configuration as port based or MAC based authentication and supplicant count on a port. Index to this table is same as that of the dot1xPaePortTable, which is the InterfaceIndex." INDEX { fsPnacPaePortNumber } ::= { fsPnacPaePortTable 1 } FsPnacPaePortEntry ::= SEQUENCE { fsPnacPaePortNumber InterfaceIndex, fsPnacPaePortAuthMode INTEGER, fsPnacPaePortSupplicantCount Counter32, fsPnacPaePortUserName DisplayString, fsPnacPaePortPassword DisplayString, fsPnacPaePortStatus INTEGER, fsPnacPaePortStatisticsClear TruthValue, fsPnacPaePortAuthStatus INTEGER, fsPnacPaeAuthReAuthMax Unsigned32 } fsPnacPaePortNumber OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "The port number associated with this port." ::= { fsPnacPaePortEntry 1 } fsPnacPaePortAuthMode OBJECT-TYPE SYNTAX INTEGER { portBased(1), macBased(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Configuration of the port, for Port Based Authentication or MAC Based Authentication." ::= { fsPnacPaePortEntry 2 } fsPnacPaePortSupplicantCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of supplicants connected in the port." ::= { fsPnacPaePortEntry 3 } fsPnacPaePortUserName OBJECT-TYPE SYNTAX DisplayString (SIZE(4..63)) MAX-ACCESS read-write STATUS current DESCRIPTION "User name to be used in this port, while operating as a supplicant." ::= { fsPnacPaePortEntry 4 } fsPnacPaePortPassword OBJECT-TYPE SYNTAX DisplayString (SIZE(4..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "User password to be used in this port, while operating as a supplicant." ::= { fsPnacPaePortEntry 5 } fsPnacPaePortStatus OBJECT-TYPE SYNTAX PaeControlledPortStatus MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the combined port status." ::= { fsPnacPaePortEntry 6 } fsPnacPaePortStatisticsClear OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the status if the entries in port authenticator statistics are to be cleared. If set to true, entries in port authenticator statistics are cleared, and if set to false, the entries are not cleared." DEFVAL { false } ::= { fsPnacPaePortEntry 7} fsPnacPaePortAuthStatus OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-write STATUS deprecated DESCRIPTION "Currently this object is not used. This object indicates if PNAC is enabled/disabled on the port" DEFVAL { enabled } ::= { fsPnacPaePortEntry 8 } fsPnacPaeAuthReAuthMax OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "The value of the reAuthMax constant currently in use by the Authenticator state machine." DEFVAL { 2 } ::= { fsPnacPaePortEntry 9 } -- ------------------------------------------------------------------ -- The Pae System Group again -- ------------------------------------------------------------------ fsPnacModuleOperStatus OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This read only objects gives actual status of the PNAC module (operational status of module). When module is enabled, PNAC protocol starts functioning. When the module is disabled, all the dynamically allocated memory will be freed and PNAC protocol stops functioning." ::= { fsPnacPaeSystem 6 } fsPnacRemoteAuthServerType OBJECT-TYPE SYNTAX RemoteAuthServerType MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used by the authenticator for its authentication services, to configure the choice of RADIUS or TACACS+ remote authentication servers when the authentication method is through a remote server, that is, this object can be configured only if fsPnacAuthenticServer is set to remote server." DEFVAL { 1 } ::= { fsPnacPaeSystem 7 } -- ------------------------------------------------------------------ -- The Pae Authenticator Group -- ------------------------------------------------------------------ -- Authenticator Session Table fsPnacAuthSessionTable OBJECT-TYPE SYNTAX SEQUENCE OF FsPnacAuthSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains authentication session information associated with each supplicant while authenticator operates in MAC based authentication mode." ::= { fsPnacPaeAuthenticator 1 } fsPnacAuthSessionEntry OBJECT-TYPE SYNTAX FsPnacAuthSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "supplicant's MAC address and session ID, states of authenticator state machine and backend state machine for the session." INDEX { fsPnacAuthSessionSuppAddress } ::= { fsPnacAuthSessionTable 1 } FsPnacAuthSessionEntry ::= SEQUENCE { fsPnacAuthSessionSuppAddress MacAddress, fsPnacAuthSessionIdentifier Integer32, fsPnacAuthSessionAuthPaeState INTEGER, fsPnacAuthSessionBackendAuthState INTEGER, fsPnacAuthSessionPortStatus INTEGER, fsPnacAuthSessionPortNumber InterfaceIndex, fsPnacAuthSessionInitialize TruthValue, fsPnacAuthSessionReauthenticate TruthValue } fsPnacAuthSessionSuppAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "MAC address of the supplicant for this session." ::= { fsPnacAuthSessionEntry 1 } fsPnacAuthSessionIdentifier OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Session identifier of the supplicant for this session." ::= { fsPnacAuthSessionEntry 2 } fsPnacAuthSessionAuthPaeState OBJECT-TYPE SYNTAX INTEGER { initialize(1), disconnected(2), connecting(3), authenticating(4), authenticated(5), aborting(6), held(7), forceAuth(8), forceUnauth(9) } MAX-ACCESS read-only STATUS current DESCRIPTION "Authenticator state machine's state for this session." ::= { fsPnacAuthSessionEntry 3 } fsPnacAuthSessionBackendAuthState OBJECT-TYPE SYNTAX INTEGER { request(1), response(2), success(3), fail(4), timeout(5), idle(6), initialize(7) } MAX-ACCESS read-only STATUS current DESCRIPTION "Backend state machine's state for this session." ::= { fsPnacAuthSessionEntry 4 } fsPnacAuthSessionPortStatus OBJECT-TYPE SYNTAX PaeControlledPortStatus MAX-ACCESS read-only STATUS current DESCRIPTION "The current value of the controlled port status parameter for this session." ::= { fsPnacAuthSessionEntry 5 } fsPnacAuthSessionPortNumber OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS read-only STATUS current DESCRIPTION "The port in which this session is proceeding." ::= { fsPnacAuthSessionEntry 6 } fsPnacAuthSessionInitialize OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS deprecated DESCRIPTION "Currently this object is not used. The initialization control for this supplicant MAC address. Setting this attribute TRUE causes the supplicant session with this MAC address, to be initialized. The attribute value reverts to FALSE once initialization has completed." ::= { fsPnacAuthSessionEntry 7 } fsPnacAuthSessionReauthenticate OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS deprecated DESCRIPTION "Currently this object is not used. The reauthentication control for this supplicant MAC address. Setting this attribute TRUE causes the authenticator PAE state machine for this MAC address to reauthenticate the supplicant. Setting this attribute FALSE has no effect. This attribute always returns FALSE when it is read." ::= { fsPnacAuthSessionEntry 8 } -- Authenticator Session Statistics Table fsPnacAuthSessionStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF FsPnacAuthSessionStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the session statistics for the authenticator PAE associated with each supplicant, while authenticator operates in MAC based authentication mode." ::= { fsPnacPaeAuthenticator 2 } fsPnacAuthSessionStatsEntry OBJECT-TYPE SYNTAX FsPnacAuthSessionStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The session statistics information for an authenticator PAE. This shows the current values being collected for each session that is still in progress, or the final values for the last valid session on each port where there is no session currently active." INDEX { fsPnacAuthSessionSuppAddress } ::= { fsPnacAuthSessionStatsTable 1 } FsPnacAuthSessionStatsEntry ::= SEQUENCE { fsPnacAuthSessionOctetsRx Counter64, fsPnacAuthSessionOctetsTx Counter64, fsPnacAuthSessionFramesRx Counter32, fsPnacAuthSessionFramesTx Counter32, fsPnacAuthSessionId SnmpAdminString, fsPnacAuthSessionAuthenticMethod INTEGER, fsPnacAuthSessionTime TimeTicks, fsPnacAuthSessionTerminateCause INTEGER, fsPnacAuthSessionUserName SnmpAdminString, fsPnacAuthSessionStatisticsClear TruthValue } fsPnacAuthSessionOctetsRx OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts number of session octets received." ::= { fsPnacAuthSessionStatsEntry 1 } fsPnacAuthSessionOctetsTx OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts number of session octets transmitted." ::= { fsPnacAuthSessionStatsEntry 2 } fsPnacAuthSessionFramesRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts number of session frames received." ::= { fsPnacAuthSessionStatsEntry 3 } fsPnacAuthSessionFramesTx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts number of session frames transmitted." ::= { fsPnacAuthSessionStatsEntry 4 } fsPnacAuthSessionId OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "A unique session identifier, in the form of a printable ASCII string of at least three characters." ::= { fsPnacAuthSessionStatsEntry 5 } fsPnacAuthSessionAuthenticMethod OBJECT-TYPE SYNTAX INTEGER { remoteAuthServer(1), localAuthServer(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Authentication method used to establish the session." ::= { fsPnacAuthSessionStatsEntry 6 } fsPnacAuthSessionTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Duration of the session in seconds." ::= { fsPnacAuthSessionStatsEntry 7 } fsPnacAuthSessionTerminateCause OBJECT-TYPE SYNTAX INTEGER { supplicantLogoff(1), portFailure(2), supplicantRestart(3), reauthFailed(4), authControlForceUnauth(5), portReInit(6), portAdminDisabled(7), notTerminatedYet(999) } MAX-ACCESS read-only STATUS current DESCRIPTION "Reason for the session termination." ::= { fsPnacAuthSessionStatsEntry 8 } fsPnacAuthSessionUserName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "User name representing the identity of the supplicant PAE." ::= { fsPnacAuthSessionStatsEntry 9 } fsPnacAuthSessionStatisticsClear OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specify the statusif the entries in authenticator session statistics are to be cleared. If set to true, the entries in authenticator session statistics are cleared, and if set to false, the entries are not cleared." DEFVAL { false } ::= { fsPnacAuthSessionStatsEntry 10 } -- ------------------------------------------------------------------ -- The Authentication Server Group -- ------------------------------------------------------------------ -- PNAC Local Authentication Server User Configuration Table fsPnacASUserConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF FsPnacASUserConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains authentication related user configuration information maintained by PNAC local authentication server." ::= { fsPnacAuthServer 1 } fsPnacASUserConfigEntry OBJECT-TYPE SYNTAX FsPnacASUserConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains User name, Password, Authentication protocol used, Authenticated session timeout and Access ports list of the user seeking authentication." INDEX { fsPnacASUserConfigUserName } ::= { fsPnacASUserConfigTable 1 } FsPnacASUserConfigEntry ::= SEQUENCE { fsPnacASUserConfigUserName OCTET STRING, fsPnacASUserConfigPassword DisplayString, fsPnacASUserConfigAuthProtocol Unsigned32, fsPnacASUserConfigAuthTimeout Unsigned32, fsPnacASUserConfigPortList PortList, fsPnacASUserConfigPermission PermissionType, fsPnacASUserConfigRowStatus RowStatus } fsPnacASUserConfigUserName OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..115)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Identity of the user seeking authentication. A string of not more than 20 printable characters." ::= { fsPnacASUserConfigEntry 1 } fsPnacASUserConfigPassword OBJECT-TYPE SYNTAX DisplayString (SIZE(1..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "The secret password of the user. A string of not more than 20 printable characters. When read, this always returns a String of length zero." ::= { fsPnacASUserConfigEntry 2 } fsPnacASUserConfigAuthProtocol OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The authentication protocol supported for the user." ::= { fsPnacASUserConfigEntry 3 } fsPnacASUserConfigAuthTimeout OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "The time in seconds after which the authentication offered to the user ceases. Maximum value of the object can be 7200 seconds. When the object value is 0, the ReAuthPeriod of the authenticator port is used by authenticator." ::= { fsPnacASUserConfigEntry 4 } fsPnacASUserConfigPortList OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-write STATUS current DESCRIPTION "The complete set of ports of authenticator to which the user is allowed or denied access, on the basis of setting of 'fsPnacASUserConfigPermission' object." ::= { fsPnacASUserConfigEntry 5 } fsPnacASUserConfigPermission OBJECT-TYPE SYNTAX PermissionType MAX-ACCESS read-write STATUS current DESCRIPTION "For the set of ports indicated by 'fsPnacASUserConfigPortList' object, the user is allowed access when this object is set 'allow' and is denied access when this object is set 'deny'." ::= { fsPnacASUserConfigEntry 6 } fsPnacASUserConfigRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The row status of this entry." ::= { fsPnacASUserConfigEntry 7 } -- ------------------------------------------------------------------ -- Trap objects Group -- ------------------------------------------------------------------ -- PNAC MAC session trap object table fsPnacTrapAuthSessionTable OBJECT-TYPE SYNTAX SEQUENCE OF FsPnacTrapAuthSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains auth session status information to be sent in trap notifications." ::= { fsPnacTrapObjects 1 } fsPnacTrapAuthSessionEntry OBJECT-TYPE SYNTAX FsPnacTrapAuthSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The session statistics information for an authenticator PAE. This shows the current values being collected for each session that is still in progress, or the final values for the last valid session on each port where there is no session currently active." AUGMENTS { fsPnacAuthSessionEntry } ::= { fsPnacTrapAuthSessionTable 1 } FsPnacTrapAuthSessionEntry ::= SEQUENCE { fsPnacTrapAuthSessionStatus INTEGER } fsPnacTrapAuthSessionStatus OBJECT-TYPE SYNTAX INTEGER { createFailed(1), deleteFailed(2), entryPresent(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "Status of the MAC Auth session." ::= { fsPnacTrapAuthSessionEntry 1 } -- ------------------------------------------------- -- Notifications fsPnacHwFailureTrap OBJECT IDENTIFIER ::= { fsPnacNotifications 0 } fsPnacPortBasedHwFailureTrap NOTIFICATION-TYPE OBJECTS { fsPnacPaePortStatus, dot1xAuthOperControlledDirections } STATUS current DESCRIPTION "This notification is generated whenever a hardware operation for port based authentication is failed. The information that are returned are 1. Port Authorization Status, 2. Port Oper Control Direction." ::= { fsPnacHwFailureTrap 1 } fsPnacMacBasedHwFailureTrap NOTIFICATION-TYPE OBJECTS { fsPnacAuthSessionPortNumber, fsPnacAuthSessionPortStatus, fsPnacTrapAuthSessionStatus } STATUS current DESCRIPTION "This notification is generated whenever a hardware operation for port based authentication is failed. The information that are returned are 1. Port Number, 2. MAC Authorization Status, 3. MAC entry status." ::= { fsPnacHwFailureTrap 2 } END