-- ----------------------------------------------------------------------------- -- MIB NAME : Security Common mib -- FILE NAME: Auth.mib -- DATE : 2011/10/20 -- VERSION : 2.18 -- PURPOSE : To construct the MIB structure of security functions management -- for proprietary enterprise -- ----------------------------------------------------------------------------- -- MODIFICTION HISTORY: -- ----------------------------------------------------------------------------- -- Version, Date, Author -- Description: -- [New Object] -- [Modification] -- Notes: (Requested by who and which project) -- -- Version 2.18, 2011/10/20, Shawn -- [Modification] -- 1. Add value list "macJwac(7)" in swCompoundAuthPortMethod. -- For support MAC+JWAC compound authentication method. -- Request by Shawn for project DGS3120 -- -- Version 2.17, 2011/09/30, Shawn -- [New Object] -- Add "swRadiusVrfName" in "swRadiusCtrl" to support VRF function. -- -- Version 2.16, 2011/09/29, Shone -- [Modification] -- 1. Modify description in swAuthSessionTime and swDot1xAuthSessionTime. -- Request by Shone for project DES32XX. -- -- Version 2.15, 2010/08/13, Shawn Chen -- [New Object] -- Add swAuthMACFormatCase, swAuthMACFormatDelimiter -- and swAuthMACFormatDelimiterNumber to support the configurable MAC address format. -- Request by Shawn Chen for project DES35XX. -- -- Version 2.14, 2010/07/13, Tina He -- [New Object] -- Add swDot1xAuthStateTable, swDot1xAuthStatsTable, swDot1xAuthDiagTable, -- and swDot1xAuthSessionStatsTable to support 802.1X per VLAN authentication. -- Request by Tina He for project DES35XX. -- -- Version 2.13, 2009/08/20, Shawn -- [Modification] -- 1. Rename swAuthorizationNetwork to swAuthorizationAttributes. -- For support different attributes assignment. -- 2. Delete value list "vlanbased(3)" in swCompoundAuthPortAuthMode. -- 3. Modify description in swCompoundAuthPortAuthVLANs. -- For support per VLAN authentication in host based mode. -- Request by Shawn for project DES35XX. -- -- Version 2.12, 2009/07/22, Shawn -- [New Object] -- 1. Add swCompoundAuthPortAuthVLANs in swCompoundAuthPortTable. -- For support VLAN based mode. -- 2. Add swAuthServerFailoverState in swCompoundAuthMgmt. -- For support fail over enhancement function. -- [Modification] -- 1. Change "Multiple Authentication" to "Compound Authentication". -- 2. Add value list "vlanbased(3)" in swCompoundAuthPortAuthMode. -- For support VLAN based mode. -- 3. Align the MIB file. -- Request by Shawn for project DES35XX -- -- Version 2.11, 2009/06/17, cherry --[New Object] -- 1. Add swMacBasedPaeTable for MAC base pae. -- 2. Add swAuthenticatorPAEState, swAuthBKdAuthState to swAuthStateEntry for -- display the Authenticator PAE state and the back Authentication state. -- 3. According IEEE 802.1X, Rename "swAuthState" to "swAuthAuthControlledStatus". -- Modify value lists "authenticated(2)" to "authenticated(2)", "blocked(3)" -- to "unauthorized(3)". -- Request by cherry for project DGS32XX. -- -- Version 2.10, 2009/05/18, Shawn -- [Modification] -- 1. Add value list "macImpb(6)" in swMultiAuthPortMethod. -- 2. Change value list terminology to "Impb" from "Imp" in swMultiAuthPortMethod. -- Request by Shawn for project DES35XX -- -- Version 2.09, 2009/01/21, steven --[New Object] -- 1. Add swAuthStateTable --[Modification] -- 1. Modify swMacAuthStateTable status to obsolete. -- For the new function design of auth state(port-base and mac-base display together). -- Request by steven for project DGS34XX, DES35XX -- -- Version 2.08, 2008/12/17, Shawn --[New Object] -- 1. Add swAuthorizationNetwork, -- System authorization for network --[Modification] -- 1. Modify value list in swMultiAuthPortMethod and swMultiAuthPortAuthMode, -- the beginning index should be 1. -- 2. Add impb_wac to swMultiAuthPortMethod, -- WAC support Multiple Authentication. -- 3. Modify swGuestVlanId access state into read-only. -- Request by Shawn for project DGS34XX, DGS32XX, DES35XX -- -- Version 2.07, 2008/11/14, Lina --[New Object] -- 1. add swAuthFailOver -- Request by Lina for project DES35XXR2 -- -- Version 2.06, 2008/08/08, Shawn --[New Object] -- 1. add swMultiAuthMgmt -- for Multiple Authentication CLI command. -- Request by Shawn for project DGS3200 -- -- Version 2.05, 2008/05/30, Klevin --[New Object] -- 1. add swPaeAuthSysFwdPdu,swPaeAuthSysMaxUser and swPaeAuthConfigTable -- for new 802.1x CLI command. -- Request by Kelvin for project DGS3700 -- -- Version 2.04, 2008/03/06, Bonnie --[New Object] -- 1. add node swAuthorizationState -- Request by Bonnie for project DHS3628R2.1 -- -- Version 2.03, 2007/11/1, Kelvin --[Modification] -- 1. change status of swRadiusServerIpAddr from current to obsolete. --[New Object] -- 1. add node swRadiusServerAddrType and swRadiusServerAddr in -- swRadiusServerTable. -- Request by Kelvin for project DGS3200 -- -- Version 2.02, 2007/06/21, Nic --[New Object] -- 1. add node swRadiusServerTimeout and swRadiusServerRetransmit in -- swRadiusServerTable. -- Request by Nic for project DES30XXR4.1 -- -- Version 2.01, 2007/05/10, Jenny --[New Object] -- 1. add swMacBasedPaePortTable table for MAC-based initialization control -- or reauthentication control. -- Request by Jenny for project DES3400 -- -- Version 2.00, 2007/03/27, Yedda -- This is the first formal version for universal MIB definition. -- ----------------------------------------------------------------------------- AUTH-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Integer32, Unsigned32, Counter32, Counter64, TimeTicks FROM SNMPv2-SMI TruthValue, RowStatus, MacAddress FROM SNMPv2-TC SnmpAdminString FROM SNMP-FRAMEWORK-MIB IpAddress FROM RFC1155-SMI DisplayString FROM RFC1213-MIB InterfaceIndex FROM IF-MIB PaeControlledPortStatus, dot1xPaePortNumber FROM IEEE8021-PAE-MIB dlink-common-mgmt FROM DLINK-ID-REC-MIB InetAddressType, InetAddress FROM INET-ADDRESS-MIB; swAuthCtrl MODULE-IDENTITY LAST-UPDATED "201110200000Z" ORGANIZATION "D-Link Corp." CONTACT-INFO "http://support.dlink.com" DESCRIPTION "The Structure of Common Management Information for the security functions of the devices." ::= { dlink-common-mgmt 3 } -- ------------------------------------------------------------- -- Textual Conventions -- ------------------------------------------------------------- PortList ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Each octet within this value specifies a set of eight ports, with the first octet specifying ports 1 through 8, the second octet specifying ports 9 through 16, etc. Within each octet, the most significant bit represents the lowest numbered port, and the least significant bit represents the highest numbered port. Thus, each port of the bridge is represented by a single bit within the value of this object. If that bit has a value of '1' then that port is included in the set of ports; the port is not included if its bit has a value of '0'." SYNTAX OCTET STRING VlanId ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A 12-bit VLAN ID used in the VLAN Tag header." SYNTAX INTEGER (1..4094) -- ------------------------------------------------------------- -- groups in the Auth MIB -- ------------------------------------------------------------- swAuthenCtrl OBJECT IDENTIFIER ::= { swAuthCtrl 1 } swRadiusCtrl OBJECT IDENTIFIER ::= { swAuthCtrl 2 } swRadiusAuthInfo OBJECT IDENTIFIER ::= { swAuthCtrl 3 } swRadiusAccountingCtrl OBJECT IDENTIFIER ::= { swAuthCtrl 4 } swRadiusAccountingInfo OBJECT IDENTIFIER ::= { swAuthCtrl 5 } swMacAuthBaseStatsInfo OBJECT IDENTIFIER ::= { swAuthCtrl 6 } swRadiusCommand OBJECT IDENTIFIER ::= { swAuthCtrl 7 } swAuthenticatedPortInfo OBJECT IDENTIFIER ::= { swAuthCtrl 8 } swMacBasedPaePortInfo OBJECT IDENTIFIER ::= { swAuthCtrl 9 } swPaeAuthenticator OBJECT IDENTIFIER ::= { swAuthCtrl 10 } swCompoundAuthMgmt OBJECT IDENTIFIER ::= { swAuthCtrl 11 } -- ----------------------------------------------------------------------------- -- swAuthenCtrl -- ----------------------------------------------------------------------------- authProtocol OBJECT-TYPE SYNTAX INTEGER { authProtocolNone(1), authProtocolLocal(2), authProtocolRadius(3), authProtocolRadiusEap(4), authProtocolRadiusChap(5), authProtocolTacacs(6) } MAX-ACCESS read-write STATUS current DESCRIPTION "The authentication method used to authenticate users." DEFVAL { authProtocolRadiusEap } ::= { swAuthenCtrl 1 } swAuthMode OBJECT-TYPE SYNTAX INTEGER { portBase(1), macBase(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the authentication mode of the device." ::= { swAuthenCtrl 2 } swAuthorizationState OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the authorization status." ::= { swAuthenCtrl 3 } swAuthFailOver OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the fail over status." ::= { swAuthenCtrl 4} -- ----------------------------------------------------------------------------- -- swRadiusConfig -- ----------------------------------------------------------------------------- swRadiusDeadTime OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the number of minutes when a RADIUS server that is not responding to authentication requests, is considered unavailable and will no longer accept further requests for RADIUS authentication." DEFVAL { 1 } ::= { swRadiusCtrl 1} swRadiusTimeout OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the number of seconds the NAS will wait for a reply to a RADIUS request before retransmitting the request." DEFVAL { 10 } ::= { swRadiusCtrl 2 } swRadiusRetransmitAttempts OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the number of times the NAS transmits each RADIUS request to the server before giving up." DEFVAL { 2 } ::= { swRadiusCtrl 3 } swRadiusServerTable OBJECT-TYPE SYNTAX SEQUENCE OF RadiusServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " The RADIUS server table " ::= { swRadiusCtrl 4 } swRadiusServerEntry OBJECT-TYPE SYNTAX RadiusServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " The entries of the RADIUS server table" INDEX { swRadiusServerIndex } ::= { swRadiusServerTable 1 } RadiusServerEntry ::= SEQUENCE { swRadiusServerIndex INTEGER, swRadiusServerIpAddr IpAddress, swRadiusServerKey OCTET STRING, swRadiusAuthPortNumber Unsigned32, swRadiusAcctPortNumber Unsigned32, swRadiusServerStatus RowStatus, swRadiusServerTimeout Unsigned32, swRadiusServerRetransmit Unsigned32, swRadiusServerAddrType InetAddressType, swRadiusServerAddr InetAddress } swRadiusServerIndex OBJECT-TYPE SYNTAX INTEGER { swRadiusServerIndex-first(1), swRadiusServerIndex-second(2), swRadiusServerIndex-third(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "The index of the RADIUS server" ::= { swRadiusServerEntry 1 } swRadiusServerIpAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The IP address of the RADIUS server" ::= { swRadiusServerEntry 2 } swRadiusServerKey OBJECT-TYPE SYNTAX OCTET STRING( SIZE(1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The key of the RADIUS server" ::= { swRadiusServerEntry 3 } swRadiusAuthPortNumber OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The UDP destination port number used for authentication requests to this server." DEFVAL { 1812 } ::= { swRadiusServerEntry 4 } swRadiusAcctPortNumber OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The UDP destination port number used for accounting requests to this server" DEFVAL { 1813 } ::= { swRadiusServerEntry 5 } swRadiusServerStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-only STATUS current DESCRIPTION "The status of the RADIUS server" ::= { swRadiusServerEntry 6 } swRadiusServerTimeout OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the number of seconds the NAS will wait for a reply to a RADIUS request before retransmitting the request." DEFVAL { 5 } ::= { swRadiusServerEntry 7 } swRadiusServerRetransmit OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the number of times the NAS transmits RADIUS requests to the server before giving up." DEFVAL { 2 } ::= { swRadiusServerEntry 8 } swRadiusServerAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of RADIUS Server address as specified by object 'swRadiusServerAddr'." DEFVAL { ipv4 } ::= { swRadiusServerEntry 9 } swRadiusServerAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The address of the RADIUS Server." ::= { swRadiusServerEntry 10 } swRadiusVrfName OBJECT-TYPE SYNTAX DisplayString(SIZE(0..12)) MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to add or remove the VRF for 802.1X RADIUS" ::= { swRadiusCtrl 5 } -- ----------------------------------------------------------------------------- -- swRadiusAuth -- ----------------------------------------------------------------------------- swRadiusAuthClientIdentifier OBJECT-TYPE SYNTAX OCTET STRING(SIZE (0..40)) MAX-ACCESS read-only STATUS obsolete DESCRIPTION "NAS Identifier. It was made obsolete by RFC 2618 and RFC 2620." ::= { swRadiusAuthInfo 1 } swRadiusAuthClientInvalidServerAddresses OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS obsolete DESCRIPTION "Statistics infomation - The number of RADIUS Access-Response packets received from unknown addresses. It was made obsolete by RFC 2618 and RFC 2620." ::= { swRadiusAuthInfo 2 } swRadiusAuthServerTable OBJECT-TYPE SYNTAX SEQUENCE OF RadiusAuthServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The authenticate table for the RADIUS server." ::= { swRadiusAuthInfo 3 } swRadiusAuthServerEntry OBJECT-TYPE SYNTAX RadiusAuthServerEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "A list of RADIUS authentication servers. It was made obsolete by RFC 2618 and RFC 2620." INDEX { swRadiusAuthServerIndex } ::= { swRadiusAuthServerTable 1 } RadiusAuthServerEntry ::= SEQUENCE { swRadiusAuthServerIndex Integer32, swRadiusAuthServerAddress IpAddress, swRadiusAuthClientServerPortNumber Unsigned32, swRadiusAuthClientRoundTripTime Counter32, swRadiusAuthClientAccessRequests Counter32, swRadiusAuthClientAccessRetransmissions Counter32, swRadiusAuthClientAccessAccepts Counter32, swRadiusAuthClientAccessRejects Counter32, swRadiusAuthClientAccessChallenges Counter32, swRadiusAuthClientMalformedAccessResponses Counter32, swRadiusAuthClientBadAuthenticators Counter32, swRadiusAuthClientPendingRequests Counter32, swRadiusAuthClientTimeouts Counter32, swRadiusAuthClientUnknownTypes Counter32, swRadiusAuthClientPacketsDropped Counter32 } swRadiusAuthServerIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The RADIUS Server Index. It was made obsolete by RFC 2618 and RFC 2620." ::= { swRadiusAuthServerEntry 1 } swRadiusAuthServerAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The RADIUS authentication server address. It was made obsolete by RFC 2618 and RFC 2620." ::= { swRadiusAuthServerEntry 2 } swRadiusAuthClientServerPortNumber OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The UDP socket port numbers. It was made obsolete by RFC 2618 and RFC 2620." DEFVAL { 1812 } ::= { swRadiusAuthServerEntry 3 } swRadiusAuthClientRoundTripTime OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The round trip time counter from the RADIUS Authentication Client. It was made obsolete by RFC 2618 and RFC 2620." ::= { swRadiusAuthServerEntry 4 } swRadiusAuthClientAccessRequests OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS obsolete DESCRIPTION " The number of access requests from a RADIUS Authentication Client. It was made obsolete by RFC 2618 and RFC 2620." ::= { swRadiusAuthServerEntry 5 } swRadiusAuthClientAccessRetransmissions OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS obsolete DESCRIPTION " The number of retransmissions sent from the RADIUS Authentication Client. It was made obsolete by RFC 2618 and RFC 2620." ::= { swRadiusAuthServerEntry 6 } swRadiusAuthClientAccessAccepts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The number of authentication access attempts from the RADIUS Authentication Client. It was made obsolete by RFC 2618 and RFC 2620." ::= { swRadiusAuthServerEntry 7 } swRadiusAuthClientAccessRejects OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The counter stating the Client Access Authentication rejections. It was made obsolete by RFC 2618 and RFC 2620." ::= { swRadiusAuthServerEntry 8 } swRadiusAuthClientAccessChallenges OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The counter stating the number of Access challenges from RADIUS authentication attempts. It was made obsolete by RFC 2618 and RFC 2620." ::= { swRadiusAuthServerEntry 9 } swRadiusAuthClientMalformedAccessResponses OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The counter for malformed access responses from RADIUS Authentication Clients. It was made obsolete by RFC 2618 and RFC 2620." ::= { swRadiusAuthServerEntry 10 } swRadiusAuthClientBadAuthenticators OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The counter of bad authenticators from the RADIUS Authentication Client. It was made obsolete by RFC 2618 and RFC 2620." ::= { swRadiusAuthServerEntry 11 } swRadiusAuthClientPendingRequests OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The counter of pending requests from the RADIUS Authentication Client. It was made obsolete by RFC 2618 and RFC 2620." ::= { swRadiusAuthServerEntry 12 } swRadiusAuthClientTimeouts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The counter of timeouts from a RADIUS Authentication Client. It was made obsolete by RFC 2618 and RFC 2620." ::= { swRadiusAuthServerEntry 13 } swRadiusAuthClientUnknownTypes OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The counter for unknown types from a RADIUS Authentication Client. It was made obsolete by RFC 2618 and RFC 2620." ::= { swRadiusAuthServerEntry 14 } swRadiusAuthClientPacketsDropped OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The counter of dropped packets from a RADIUS Authentication Client. It was made obsolete by RFC 2618 and RFC 2620. " ::= { swRadiusAuthServerEntry 15 } -- ----------------------------------------------------------------------------- -- accountingConfig -- ----------------------------------------------------------------------------- swRadiusAcctUpdateInterval OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "Time interval after which this RADIUS record should be updated and sent to an accounting server." ::= { swRadiusAccountingCtrl 1 } swRadiusAcctSuppressNullUserName OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether or not accounting records will be generated for users with null names." ::= { swRadiusAccountingCtrl 2 } swRadiusAcctServiceTable OBJECT-TYPE SYNTAX SEQUENCE OF AcctServiceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "RADIUS accounting Table" ::= { swRadiusAccountingCtrl 3 } swRadiusAcctServiceEntry OBJECT-TYPE SYNTAX AcctServiceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The list of accounting services." INDEX { swRadiusAcctServiceIndex } ::= { swRadiusAcctServiceTable 1 } AcctServiceEntry ::= SEQUENCE { swRadiusAcctServiceIndex INTEGER, swRadiusAcctServiceMethod INTEGER, swRadiusAcctServiceMode INTEGER } swRadiusAcctServiceIndex OBJECT-TYPE SYNTAX INTEGER { acctServiceIndex-network(1), acctServiceIndex-exec(2), acctServiceIndex-system(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "The Accounting table index" ::= { swRadiusAcctServiceEntry 1} swRadiusAcctServiceMethod OBJECT-TYPE SYNTAX INTEGER { swRadiusAcctServiceMethodNone(1), swRadiusAcctServiceMethodRadius(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The accounting service method" DEFVAL { 2 } ::= { swRadiusAcctServiceEntry 2 } swRadiusAcctServiceMode OBJECT-TYPE SYNTAX INTEGER { radiusAcctServiceModeNone(1), radiusAcctServiceModeStartStop(2), radiusAcctServiceModeStopOnly(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "The accounting service mode" DEFVAL { 2 } ::= { swRadiusAcctServiceEntry 3 } -- ----------------------------------------------------------------------------- -- swRadiusAccounting is support in rfc2620.mib , remove from this mib file -- ----------------------------------------------------------------------------- -- ----------------------------------------------------------------------------- -- The Mac-base Authenticator State Table -- ----------------------------------------------------------------------------- swMacAuthStateTable OBJECT-TYPE SYNTAX SEQUENCE OF SwMacAuthStateEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "A table that contains the status objects for the Authenticator PAE associated with each virtual port (MAC address). An entry appears in this table for each virtual port that may authenticate access to itself." ::= { swMacAuthBaseStatsInfo 1 } swMacAuthStateEntry OBJECT-TYPE SYNTAX SwMacAuthStateEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "The information for an Authenticator PAE." INDEX {swPaeMacAddr ,swPaePortNumber} ::= { swMacAuthStateTable 1 } SwMacAuthStateEntry ::= SEQUENCE { swPaeMacAddr MacAddress, swPaePortNumber InterfaceIndex, swAuthPaeState INTEGER, swAuthBackendAuthState INTEGER, swAuthAuthControlledPortStatus PaeControlledPortStatus } swPaeMacAddr OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "The address associated with this MAC address." ::= { swMacAuthStateEntry 1 } swPaePortNumber OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "The PAE Port number associated with this Port." ::= { swMacAuthStateEntry 2 } swAuthPaeState OBJECT-TYPE SYNTAX INTEGER { initialize(1), disconnected(2), connecting(3), authenticating(4), authenticated(5), aborting(6), held(7), forceAuth(8), forceUnauth(9) } MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The current value of the Authenticator PAE state machine." ::= { swMacAuthStateEntry 3 } swAuthBackendAuthState OBJECT-TYPE SYNTAX INTEGER { request(1), response(2), success(3), fail(4), timeout(5), idle(6), initialize(7) } MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The current state of the Backend Authentication state machine." ::= { swMacAuthStateEntry 4 } swAuthAuthControlledPortStatus OBJECT-TYPE SYNTAX PaeControlledPortStatus MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The current value of the controlled Port status parameter for the Port." ::= { swMacAuthStateEntry 5 } -- ----------------------------------------------------------------------------- -- The Authenticator Statistics Table -- ----------------------------------------------------------------------------- swMacAuthStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF SwMacAuthStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains the statistics objects for the Authenticator PAE associated with each MAC address. An entry appears in this table for each MAC address that may authenticate access to itself." ::= { swMacAuthBaseStatsInfo 2 } swMacAuthStatsEntry OBJECT-TYPE SYNTAX SwMacAuthStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The statistics information for an Authenticator PAE." INDEX { swPaeMacAddr ,swPaePortNumber} ::= { swMacAuthStatsTable 1 } SwMacAuthStatsEntry ::= SEQUENCE { swAuthEapolFramesRx Counter32, swAuthEapolFramesTx Counter32, swAuthEapolStartFramesRx Counter32, swAuthEapolLogoffFramesRx Counter32, swAuthEapolRespIdFramesRx Counter32, swAuthEapolRespFramesRx Counter32, swAuthEapolReqIdFramesTx Counter32, swAuthEapolReqFramesTx Counter32, swAuthInvalidEapolFramesRx Counter32, swAuthEapLengthErrorFramesRx Counter32, swAuthLastEapolFrameVersion Unsigned32, swAuthLastEapolFrameSource MacAddress } swAuthEapolFramesRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of valid EAPOL frames of any type that have been received by this Authenticator." REFERENCE "9.4.2, EAPOL frames received" ::= { swMacAuthStatsEntry 1 } swAuthEapolFramesTx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of EAPOL frames of any type that have been transmitted by this Authenticator." REFERENCE "9.4.2, EAPOL frames transmitted" ::= { swMacAuthStatsEntry 2 } swAuthEapolStartFramesRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of EAPOL Start frames that have been received by this Authenticator." REFERENCE "9.4.2, EAPOL Start frames received" ::= { swMacAuthStatsEntry 3 } swAuthEapolLogoffFramesRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of EAPOL logoff frames that have been received by this Authenticator." REFERENCE "9.4.2, EAPOL Logoff frames received" ::= { swMacAuthStatsEntry 4 } swAuthEapolRespIdFramesRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of EAP Resp/Id frames that have been received by this Authenticator." REFERENCE "9.4.2, EAPOL Resp/Id frames received" ::= { swMacAuthStatsEntry 5 } swAuthEapolRespFramesRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of valid EAP Response frames, other than Resp/Id frames, that have been received by this Authenticator." REFERENCE "9.4.2, EAPOL Response frames received" ::= { swMacAuthStatsEntry 6 } swAuthEapolReqIdFramesTx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of EAP Req/Id frames that have been transmitted by this Authenticator." REFERENCE "9.4.2, EAPOL Req/Id frames transmitted" ::= { swMacAuthStatsEntry 7 } swAuthEapolReqFramesTx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of EAP Request frames, other than Rq/Id frames, that have been transmitted by this Authenticator." REFERENCE "9.4.2, EAPOL Request frames transmitted" ::= { swMacAuthStatsEntry 8 } swAuthInvalidEapolFramesRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of EAPOL frames that have been received by this Authenticator for which the frame type is not recognized." REFERENCE "9.4.2, Invalid EAPOL frames received" ::= { swMacAuthStatsEntry 9 } swAuthEapLengthErrorFramesRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of EAPOL frames that have been received by this Authenticator for which the Packet Body Length field is invalid." REFERENCE "9.4.2, EAP length error frames received" ::= { swMacAuthStatsEntry 10 } swAuthLastEapolFrameVersion OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The protocol version number carried in the most recently received EAPOL frame." REFERENCE "9.4.2, Last EAPOL frame version" ::= { swMacAuthStatsEntry 11 } swAuthLastEapolFrameSource OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The source MAC address carried in the most recently received EAPOL frame." REFERENCE "9.4.2, Last EAPOL frame source" ::= { swMacAuthStatsEntry 12 } -- ----------------------------------------------------------------------------- -- The Authenticator Diagnostics Table -- ----------------------------------------------------------------------------- swMacAuthDiagTable OBJECT-TYPE SYNTAX SEQUENCE OF SwMacAuthDiagEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains the diagnostics objects for the Authenticator PAE associated with each MAC address. An entry appears in this table for each MAC address that may authenticate access to itself." ::= { swMacAuthBaseStatsInfo 3 } swMacAuthDiagEntry OBJECT-TYPE SYNTAX SwMacAuthDiagEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The diagnostics information for an Authenticator PAE." INDEX { swPaeMacAddr ,swPaePortNumber } ::= { swMacAuthDiagTable 1 } SwMacAuthDiagEntry ::= SEQUENCE { swAuthEntersConnecting Counter32, swAuthEapLogoffsWhileConnecting Counter32, swAuthEntersAuthenticating Counter32, swAuthAuthSuccessWhileAuthenticating Counter32, swAuthAuthTimeoutsWhileAuthenticating Counter32, swAuthAuthFailWhileAuthenticating Counter32, swAuthAuthReauthsWhileAuthenticating Counter32, swAuthAuthEapStartsWhileAuthenticating Counter32, swAuthAuthEapLogoffWhileAuthenticating Counter32, swAuthAuthReauthsWhileAuthenticated Counter32, swAuthAuthEapStartsWhileAuthenticated Counter32, swAuthAuthEapLogoffWhileAuthenticated Counter32, swAuthBackendResponses Counter32, swAuthBackendAccessChallenges Counter32, swAuthBackendOtherRequestsToSupplicant Counter32, swAuthBackendNonNakResponsesFromSupplicant Counter32, swAuthBackendAuthSuccesses Counter32, swAuthBackendAuthFails Counter32 } swAuthEntersConnecting OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine transitions to a CONNECTING state from any other state." REFERENCE "9.4.2, 8.5.4.2.1" ::= { swMacAuthDiagEntry 1 } swAuthEapLogoffsWhileConnecting OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine transitions from CONNECTING to DISCONNECTED as a result of receiving an EAPOL-Logoff message." REFERENCE "9.4.2, 8.5.4.2.2" ::= { swMacAuthDiagEntry 2 } swAuthEntersAuthenticating OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine transitions from CONNECTING to AUTHENTICATING, as a result of an EAP-Response/Identity message being received from the Supplicant." REFERENCE "9.4.2, 8.5.4.2.3" ::= { swMacAuthDiagEntry 3 } swAuthAuthSuccessWhileAuthenticating OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine transitions from AUTHENTICATING to AUTHENTICATED, as a result of the Backend Authentication state machine, indicating successful authentication of the Supplicant (authSuccess = TRUE)." REFERENCE "9.4.2, 8.5.4.2.4" ::= { swMacAuthDiagEntry 4 } swAuthAuthTimeoutsWhileAuthenticating OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine transitions from AUTHENTICATING to ABORTING, as a result of the Backend Authentication state machine indicating authentication timeout (authTimeout = TRUE)." REFERENCE "9.4.2, 8.5.4.2.5" ::= { swMacAuthDiagEntry 5 } swAuthAuthFailWhileAuthenticating OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine transitions from AUTHENTICATING to HELD, as a result of the Backend Authentication state machine indicating authentication failure (authFail = TRUE)." REFERENCE "9.4.2, 8.5.4.2.6" ::= { swMacAuthDiagEntry 6 } swAuthAuthReauthsWhileAuthenticating OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine transitions from AUTHENTICATING to ABORTING, as a result of a reauthentication request (reAuthenticate = TRUE)." REFERENCE "9.4.2, 8.5.4.2.7" ::= { swMacAuthDiagEntry 7 } swAuthAuthEapStartsWhileAuthenticating OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine transitions from AUTHENTICATING to ABORTING, as a result of an EAPOL-Start message being received from the Supplicant." REFERENCE "9.4.2, 8.5.4.2.8" ::= { swMacAuthDiagEntry 8 } swAuthAuthEapLogoffWhileAuthenticating OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine transitions from AUTHENTICATING to ABORTING, as a result of an EAPOL-Logoff message being received from the Supplicant." REFERENCE "9.4.2, 8.5.4.2.9" ::= { swMacAuthDiagEntry 9 } swAuthAuthReauthsWhileAuthenticated OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine transitions from AUTHENTICATED to CONNECTING, as a result of a reauthentication request (reAuthenticate = TRUE)." REFERENCE "9.4.2, 8.5.4.2.10" ::= { swMacAuthDiagEntry 10 } swAuthAuthEapStartsWhileAuthenticated OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine transitions from AUTHENTICATED to CONNECTING, as a result of an EAPOL-Start message received from the Supplicant." REFERENCE "9.4.2, 8.5.4.2.11" ::= { swMacAuthDiagEntry 11 } swAuthAuthEapLogoffWhileAuthenticated OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine transitions from AUTHENTICATED to DISCONNECTED, as a result of an EAPOL-Logoff message received from the Supplicant." REFERENCE "9.4.2, 8.5.4.2.12" ::= { swMacAuthDiagEntry 12 } swAuthBackendResponses OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine sends an initial Access-Request packet to the Authentication server (i.e., executes sendRespToServer on entry to the RESPONSE state). Indicates that the Authenticator attempted communication with the Authentication Server." REFERENCE "9.4.2, 8.5.6.2.1" ::= { swMacAuthDiagEntry 13 } swAuthBackendAccessChallenges OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine receives an initial Access-Challenge packet from the Authentication server (i.e., aReq becomes TRUE, causing exit from the RESPONSE state). Indicates that the Authentication Server has communication with the Authenticator." REFERENCE "9.4.2, 8.5.6.2.2" ::= { swMacAuthDiagEntry 14 } swAuthBackendOtherRequestsToSupplicant OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine sends an EAP-Request packet (other than an Identity, Notification, Failure or Success message) to the Supplicant (i.e., executes txReq on entry to the REQUEST state). Indicates that the Authenticator chose an EAP-method." REFERENCE "9.4.2, 8.5.6.2.3" ::= { swMacAuthDiagEntry 15 } swAuthBackendNonNakResponsesFromSupplicant OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine receives a response from the Supplicant to an initial EAP-Request, and the response is something other than EAP-NAK (i.e., rxResp becomes TRUE, causing the state machine to transition from REQUEST to RESPONSE, and the response is not an EAP-NAK). Indicates that the Supplicant can respond to the Authenticator's chosen EAP-method." REFERENCE "9.4.2, 8.5.6.2.4" ::= { swMacAuthDiagEntry 16 } swAuthBackendAuthSuccesses OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine receives an EAP-Success message from the Authentication Server (i.e., a Success becomes TRUE, causing a transition from RESPONSE to SUCCESS). Indicates that the Supplicant has successfully authenticated to the Authentication Server." REFERENCE "9.4.2, 8.5.6.2.5" ::= { swMacAuthDiagEntry 17 } swAuthBackendAuthFails OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine receives an EAP-Failure message from the Authentication Server (i.e., a Fail becomes TRUE, causing a transition from RESPONSE to FAIL). Indicates that the Supplicant has not authenticated to the Authentication Server." REFERENCE "9.4.2, 8.5.6.2.6" ::= { swMacAuthDiagEntry 18 } -- ----------------------------------------------------------------------------- -- The Authenticator Session Statistics Table -- ----------------------------------------------------------------------------- swMacAuthSessionStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF SwMacAuthSessionStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains the session statistics objects for the Authenticator PAE associated with each MAC address. An entry appears in this table for each MAC address that may authenticate access to itself." ::= { swMacAuthBaseStatsInfo 4 } swMacAuthSessionStatsEntry OBJECT-TYPE SYNTAX SwMacAuthSessionStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The session statistics information for an Authenticator PAE. This shows the current values being collected for each session that is still in progress, or the final values for the last valid session on each MAC address where there is no session currently active." INDEX { swPaeMacAddr ,swPaePortNumber } ::= { swMacAuthSessionStatsTable 1 } SwMacAuthSessionStatsEntry ::= SEQUENCE { swAuthSessionOctetsRx Counter64, swAuthSessionOctetsTx Counter64, swAuthSessionFramesRx Counter32, swAuthSessionFramesTx Counter32, swAuthSessionId SnmpAdminString, swAuthSessionAuthenticMethod INTEGER, swAuthSessionTime TimeTicks, swAuthSessionTerminateCause INTEGER, swAuthSessionUserName SnmpAdminString } swAuthSessionOctetsRx OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of octets received in user data frames from this MAC address during the session." REFERENCE "9.4.4, Session Octets Received" ::= { swMacAuthSessionStatsEntry 1 } swAuthSessionOctetsTx OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of octets transmitted in user data frames to this MAC address during the session." ::= { swMacAuthSessionStatsEntry 2 } swAuthSessionFramesRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of user data frames received from this MAC address during the session." ::= { swMacAuthSessionStatsEntry 3 } swAuthSessionFramesTx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of user data frames transmitted to this MAC address during the session." REFERENCE "9.4.4, Session Frames Transmitted" ::= { swMacAuthSessionStatsEntry 4 } swAuthSessionId OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "A unique identifier for the session, in the form of a printable ASCII string of at least three characters." REFERENCE "9.4.4, Session Identifier" ::= { swMacAuthSessionStatsEntry 5 } swAuthSessionAuthenticMethod OBJECT-TYPE SYNTAX INTEGER { remoteAuthServer(1), localAuthServer(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The authentication method used to establish the session." REFERENCE "9.4.4, Session Authentication Method" ::= { swMacAuthSessionStatsEntry 6 } swAuthSessionTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "The duration of the session in units of hundredth of a second." REFERENCE "9.4.4, Session Time" ::= { swMacAuthSessionStatsEntry 7 } swAuthSessionTerminateCause OBJECT-TYPE SYNTAX INTEGER { supplicantLogoff(1), portFailure(2), supplicantRestart(3), reauthFailed(4), authControlForceUnauth(5), portReInit(6), portAdminDisabled(7), notTerminatedYet(999) } MAX-ACCESS read-only STATUS current DESCRIPTION "The reason for the session termination." REFERENCE "9.4.4, Session Terminate Cause" ::= { swMacAuthSessionStatsEntry 8 } swAuthSessionUserName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The User-Name representing the identity of the Supplicant PAE." REFERENCE "9.4.4, Session User Name" ::= { swMacAuthSessionStatsEntry 9 } -- ----------------------------------------------------------------------------- -- The Dot1x Authenticator State Table -- ----------------------------------------------------------------------------- swDot1xAuthStateTable OBJECT-TYPE SYNTAX SEQUENCE OF SwDot1xAuthStateEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains the status objects for the Authenticator PAE associated with each host. An entry appears in this table for each host that may authenticate access to itself." ::= { swMacAuthBaseStatsInfo 5 } swDot1xAuthStateEntry OBJECT-TYPE SYNTAX SwDot1xAuthStateEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The information for an Authenticator PAE." INDEX {swDot1xAuthPortNumber ,swDot1xAuthVID ,swDot1xAuthMACAddress} ::= { swDot1xAuthStateTable 1 } SwDot1xAuthStateEntry ::= SEQUENCE { swDot1xAuthPortNumber InterfaceIndex, swDot1xAuthVID INTEGER, swDot1xAuthMACAddress MacAddress, swDot1xAuthenticatorPAEState INTEGER, swDot1xAuthBackendAuthState INTEGER, swDot1xAuthAuthControlledStatus INTEGER, swDot1xAuthAssignVID INTEGER, swDot1xAuthAssignPriority INTEGER } swDot1xAuthPortNumber OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Port number associated with this host." ::= { swDot1xAuthStateEntry 1 } swDot1xAuthVID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Original VID associated with this host." ::= { swDot1xAuthStateEntry 2 } swDot1xAuthMACAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The MAC address associated with this host." ::= { swDot1xAuthStateEntry 3 } swDot1xAuthenticatorPAEState OBJECT-TYPE SYNTAX INTEGER { initialize(1), disconnected(2), connecting(3), authenticating(4), authenticated(5), aborting(6), held(7), forceAuth(8), forceUnauth(9) } MAX-ACCESS read-only STATUS current DESCRIPTION "The current value of the Authenticator PAE state machine." ::= { swDot1xAuthStateEntry 4 } swDot1xAuthBackendAuthState OBJECT-TYPE SYNTAX INTEGER { request(1), response(2), success(3), fail(4), timeout(5), idle(6), initialize(7) } MAX-ACCESS read-only STATUS current DESCRIPTION "The current state of the Backend Authentication state machine." ::= { swDot1xAuthStateEntry 5 } swDot1xAuthAuthControlledStatus OBJECT-TYPE SYNTAX INTEGER { authenticating(1), authorized(2), unauthorized(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "The authenticate state of the host." ::= { swDot1xAuthStateEntry 6} swDot1xAuthAssignVID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The VID assigned by the RADIUS server." ::= { swDot1xAuthStateEntry 7 } swDot1xAuthAssignPriority OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The priority assigned by the RADIUS server." ::= { swDot1xAuthStateEntry 8 } -- ----------------------------------------------------------------------------- -- The Dot1x Authenticator Statistics Table -- ----------------------------------------------------------------------------- swDot1xAuthStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF SwDot1xAuthStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains the statistics objects for the Authenticator PAE associated with each host. An entry appears in this table for each host that may authenticate access to itself." ::= { swMacAuthBaseStatsInfo 6 } swDot1xAuthStatsEntry OBJECT-TYPE SYNTAX SwDot1xAuthStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The statistics information for an Authenticator PAE." INDEX {swDot1xAuthPortNumber ,swDot1xAuthVID ,swDot1xAuthMACAddress} ::= { swDot1xAuthStatsTable 1 } SwDot1xAuthStatsEntry ::= SEQUENCE { swDot1xAuthEapolFramesRx Counter32, swDot1xAuthEapolFramesTx Counter32, swDot1xAuthEapolStartFramesRx Counter32, swDot1xAuthEapolLogoffFramesRx Counter32, swDot1xAuthEapolRespIdFramesRx Counter32, swDot1xAuthEapolRespFramesRx Counter32, swDot1xAuthEapolReqIdFramesTx Counter32, swDot1xAuthEapolReqFramesTx Counter32, swDot1xAuthInvalidEapolFramesRx Counter32, swDot1xAuthEapLengthErrorFramesRx Counter32, swDot1xAuthLastEapolFrameVersion Unsigned32, swDot1xAuthLastEapolFrameSource MacAddress } swDot1xAuthEapolFramesRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of valid EAPOL frames of any type that have been received by this Authenticator." REFERENCE "9.4.2, EAPOL frames received" ::= { swDot1xAuthStatsEntry 1 } swDot1xAuthEapolFramesTx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of EAPOL frames of any type that have been transmitted by this Authenticator." REFERENCE "9.4.2, EAPOL frames transmitted" ::= { swDot1xAuthStatsEntry 2 } swDot1xAuthEapolStartFramesRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of EAPOL Start frames that have been received by this Authenticator." REFERENCE "9.4.2, EAPOL Start frames received" ::= { swDot1xAuthStatsEntry 3 } swDot1xAuthEapolLogoffFramesRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of EAPOL Logoff frames that have been received by this Authenticator." REFERENCE "9.4.2, EAPOL Logoff frames received" ::= { swDot1xAuthStatsEntry 4 } swDot1xAuthEapolRespIdFramesRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of EAP Resp/Id frames that have been received by this Authenticator." REFERENCE "9.4.2, EAPOL Resp/Id frames received" ::= { swDot1xAuthStatsEntry 5 } swDot1xAuthEapolRespFramesRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of valid EAP Response frames (other than Resp/Id frames) that have been received by this Authenticator." REFERENCE "9.4.2, EAPOL Response frames received" ::= { swDot1xAuthStatsEntry 6 } swDot1xAuthEapolReqIdFramesTx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of EAP Req/Id frames that have been transmitted by this Authenticator." REFERENCE "9.4.2, EAPOL Req/Id frames transmitted" ::= { swDot1xAuthStatsEntry 7 } swDot1xAuthEapolReqFramesTx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of EAP Request frames (other than Rq/Id frames) that have been transmitted by this Authenticator." REFERENCE "9.4.2, EAPOL Request frames transmitted" ::= { swDot1xAuthStatsEntry 8 } swDot1xAuthInvalidEapolFramesRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of EAPOL frames that have been received by this Authenticator for which the frame type is not recognized." REFERENCE "9.4.2, Invalid EAPOL frames received" ::= { swDot1xAuthStatsEntry 9 } swDot1xAuthEapLengthErrorFramesRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of EAPOL frames that have been received by this Authenticator for which the Packet Body Length field is invalid." REFERENCE "9.4.2, EAP length error frames received" ::= { swDot1xAuthStatsEntry 10 } swDot1xAuthLastEapolFrameVersion OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The protocol version number carried in the most recently received EAPOL frame." REFERENCE "9.4.2, Last EAPOL frame version" ::= { swDot1xAuthStatsEntry 11 } swDot1xAuthLastEapolFrameSource OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The source MAC address carried in the most recently received EAPOL frame." REFERENCE "9.4.2, Last EAPOL frame source" ::= { swDot1xAuthStatsEntry 12 } -- ----------------------------------------------------------------------------- -- The Dot1x Authenticator Diagnostics Table -- ----------------------------------------------------------------------------- swDot1xAuthDiagTable OBJECT-TYPE SYNTAX SEQUENCE OF SwDot1xAuthDiagEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains the diagnostics objects for the Authenticator PAE associated with each host. An entry appears in this table for each MAC address that may authenticate access to itself." ::= { swMacAuthBaseStatsInfo 7 } swDot1xAuthDiagEntry OBJECT-TYPE SYNTAX SwDot1xAuthDiagEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The diagnostics information for an Authenticator PAE." INDEX {swDot1xAuthPortNumber ,swDot1xAuthVID ,swDot1xAuthMACAddress} ::= { swDot1xAuthDiagTable 1 } SwDot1xAuthDiagEntry ::= SEQUENCE { swDot1xAuthEntersConnecting Counter32, swDot1xAuthEapLogoffsWhileConnecting Counter32, swDot1xAuthEntersAuthenticating Counter32, swDot1xAuthAuthSuccessWhileAuthenticating Counter32, swDot1xAuthAuthTimeoutsWhileAuthenticating Counter32, swDot1xAuthAuthFailWhileAuthenticating Counter32, swDot1xAuthAuthReauthsWhileAuthenticating Counter32, swDot1xAuthAuthEapStartsWhileAuthenticating Counter32, swDot1xAuthAuthEapLogoffWhileAuthenticating Counter32, swDot1xAuthAuthReauthsWhileAuthenticated Counter32, swDot1xAuthAuthEapStartsWhileAuthenticated Counter32, swDot1xAuthAuthEapLogoffWhileAuthenticated Counter32, swDot1xAuthBackendResponses Counter32, swDot1xAuthBackendAccessChallenges Counter32, swDot1xAuthBackendOtherRequestsToSupplicant Counter32, swDot1xAuthBackendNonNakResponsesFromSupplicant Counter32, swDot1xAuthBackendAuthSuccesses Counter32, swDot1xAuthBackendAuthFails Counter32 } swDot1xAuthEntersConnecting OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine transitions to a CONNECTING state from any other state." REFERENCE "9.4.2, 8.5.4.2.1" ::= { swDot1xAuthDiagEntry 1 } swDot1xAuthEapLogoffsWhileConnecting OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine transitions from CONNECTING to DISCONNECTED as a result of receiving an EAPOL-Logoff message." REFERENCE "9.4.2, 8.5.4.2.2" ::= { swDot1xAuthDiagEntry 2 } swDot1xAuthEntersAuthenticating OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine transitions from CONNECTING to AUTHENTICATING, as a result of an EAP-Response/Identity message being received from the Supplicant." REFERENCE "9.4.2, 8.5.4.2.3" ::= { swDot1xAuthDiagEntry 3 } swDot1xAuthAuthSuccessWhileAuthenticating OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine transitions from AUTHENTICATING to AUTHENTICATED, as a result of the Backend Authentication state machine, indicating successful authentication of the Supplicant (authSuccess = TRUE)." REFERENCE "9.4.2, 8.5.4.2.4" ::= { swDot1xAuthDiagEntry 4 } swDot1xAuthAuthTimeoutsWhileAuthenticating OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine transitions from AUTHENTICATING to ABORTING, as a result of the Backend Authentication state machine indicating an authentication timeout (authTimeout = TRUE)." REFERENCE "9.4.2, 8.5.4.2.5" ::= { swDot1xAuthDiagEntry 5 } swDot1xAuthAuthFailWhileAuthenticating OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine transitions from AUTHENTICATING to HELD, as a result of the Backend Authentication state machine indicating an authentication failure (authFail = TRUE)." REFERENCE "9.4.2, 8.5.4.2.6" ::= { swDot1xAuthDiagEntry 6 } swDot1xAuthAuthReauthsWhileAuthenticating OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine transitions from AUTHENTICATING to ABORTING, as a result of a reauthentication request (reAuthenticate = TRUE)." REFERENCE "9.4.2, 8.5.4.2.7" ::= { swDot1xAuthDiagEntry 7 } swDot1xAuthAuthEapStartsWhileAuthenticating OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine transitions from AUTHENTICATING to ABORTING, as a result of an EAPOL-Start message being received from the Supplicant." REFERENCE "9.4.2, 8.5.4.2.8" ::= { swDot1xAuthDiagEntry 8 } swDot1xAuthAuthEapLogoffWhileAuthenticating OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine transitions from AUTHENTICATING to ABORTING, as a result of an EAPOL-Logoff message being received from the Supplicant." REFERENCE "9.4.2, 8.5.4.2.9" ::= { swDot1xAuthDiagEntry 9 } swDot1xAuthAuthReauthsWhileAuthenticated OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine transitions from AUTHENTICATED to CONNECTING, as a result of a reauthentication request (reAuthenticate = TRUE)." REFERENCE "9.4.2, 8.5.4.2.10" ::= { swDot1xAuthDiagEntry 10 } swDot1xAuthAuthEapStartsWhileAuthenticated OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine transitions from AUTHENTICATED to CONNECTING, as a result of an EAPOL-Start message being received from the Supplicant." REFERENCE "9.4.2, 8.5.4.2.11" ::= { swDot1xAuthDiagEntry 11 } swDot1xAuthAuthEapLogoffWhileAuthenticated OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine transitions from AUTHENTICATED to DISCONNECTED, as a result of an EAPOL-Logoff message being received from the Supplicant." REFERENCE "9.4.2, 8.5.4.2.12" ::= { swDot1xAuthDiagEntry 12 } swDot1xAuthBackendResponses OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine sends an initial Access-Request packet to the Authentication server (i.e., executes sendRespToServer on entry to the RESPONSE state). Indicates that the Authenticator attempted communication with the Authentication Server." REFERENCE "9.4.2, 8.5.6.2.1" ::= { swDot1xAuthDiagEntry 13 } swDot1xAuthBackendAccessChallenges OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine receives an initial Access-Challenge packet from the Authentication server (i.e., aReq becomes TRUE, causing exit from the RESPONSE state). Indicates that the Authentication Server has communication with the Authenticator." REFERENCE "9.4.2, 8.5.6.2.2" ::= { swDot1xAuthDiagEntry 14 } swDot1xAuthBackendOtherRequestsToSupplicant OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine sends an EAP-Request packet (other than an Identity, Notification, Failure or Success message) to the Supplicant (i.e., executes txReq on entry to the REQUEST state). Indicates that the Authenticator chose an EAP-method." REFERENCE "9.4.2, 8.5.6.2.3" ::= { swDot1xAuthDiagEntry 15 } swDot1xAuthBackendNonNakResponsesFromSupplicant OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine receives a response from the Supplicant to an initial EAP-Request, and the response is something other than EAP-NAK (i.e., rxResp becomes TRUE, causing the state machine to transition from REQUEST to RESPONSE, and the response is not an EAP-NAK). Indicates that the Supplicant can respond to the Authenticator's chosen EAP-method." REFERENCE "9.4.2, 8.5.6.2.4" ::= { swDot1xAuthDiagEntry 16 } swDot1xAuthBackendAuthSuccesses OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine receives an EAP-Success message from the Authentication Server (i.e., a Success becomes TRUE, causing a transition from RESPONSE to SUCCESS). Indicates that the Supplicant has successfully authenticated to the Authentication Server." REFERENCE "9.4.2, 8.5.6.2.5" ::= { swDot1xAuthDiagEntry 17 } swDot1xAuthBackendAuthFails OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times that the state machine receives an EAP-Failure message from the Authentication Server (i.e., a Fail becomes TRUE, causing a transition from RESPONSE to FAIL). Indicates that the Supplicant has not authenticated to the Authentication Server." REFERENCE "9.4.2, 8.5.6.2.6" ::= { swDot1xAuthDiagEntry 18 } -- ----------------------------------------------------------------------------- -- The Dot1x Authenticator Session Statistics Table -- ----------------------------------------------------------------------------- swDot1xAuthSessionStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF SwDot1xAuthSessionStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains the session statistics objects for the Authenticator PAE associated with each host. An entry appears in this table for each host that may authenticate access to itself." ::= { swMacAuthBaseStatsInfo 8 } swDot1xAuthSessionStatsEntry OBJECT-TYPE SYNTAX SwDot1xAuthSessionStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The session statistics information for an Authenticator PAE. This shows the current values being collected for each session that is still in progress, or the final values for the last valid session on each host where there is no session currently active." INDEX {swDot1xAuthPortNumber ,swDot1xAuthVID ,swDot1xAuthMACAddress} ::= { swDot1xAuthSessionStatsTable 1 } SwDot1xAuthSessionStatsEntry ::= SEQUENCE { swDot1xAuthSessionOctetsRx Counter64, swDot1xAuthSessionOctetsTx Counter64, swDot1xAuthSessionFramesRx Counter32, swDot1xAuthSessionFramesTx Counter32, swDot1xAuthSessionId SnmpAdminString, swDot1xAuthSessionAuthenticMethod INTEGER, swDot1xAuthSessionTime TimeTicks, swDot1xAuthSessionTerminateCause INTEGER, swDot1xAuthSessionUserName SnmpAdminString } swDot1xAuthSessionOctetsRx OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of octets received in user data frames from this host during the session." REFERENCE "9.4.4, Session Octets Received" ::= { swDot1xAuthSessionStatsEntry 1 } swDot1xAuthSessionOctetsTx OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of octets transmitted in user data frames to this host during the session." ::= { swDot1xAuthSessionStatsEntry 2 } swDot1xAuthSessionFramesRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of user data frames received from this host during the session." ::= { swDot1xAuthSessionStatsEntry 3 } swDot1xAuthSessionFramesTx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of user data frames transmitted to this host during the session." REFERENCE "9.4.4, Session Frames Transmitted" ::= { swDot1xAuthSessionStatsEntry 4 } swDot1xAuthSessionId OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "A unique identifier for the session, in the form of a printable ASCII string of at least three characters." REFERENCE "9.4.4, Session Identifier" ::= { swDot1xAuthSessionStatsEntry 5 } swDot1xAuthSessionAuthenticMethod OBJECT-TYPE SYNTAX INTEGER { remoteAuthServer(1), localAuthServer(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The authentication method used to establish the session." REFERENCE "9.4.4, Session Authentication Method" ::= { swDot1xAuthSessionStatsEntry 6 } swDot1xAuthSessionTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "The duration of the session in units of hundredth of a second." REFERENCE "9.4.4, Session Time" ::= { swDot1xAuthSessionStatsEntry 7 } swDot1xAuthSessionTerminateCause OBJECT-TYPE SYNTAX INTEGER { supplicantLogoff(1), portFailure(2), supplicantRestart(3), reauthFailed(4), authControlForceUnauth(5), portReInit(6), portAdminDisabled(7), notTerminatedYet(999) } MAX-ACCESS read-only STATUS current DESCRIPTION "The reason for the session termination." REFERENCE "9.4.4, Session Terminate Cause" ::= { swDot1xAuthSessionStatsEntry 8 } swDot1xAuthSessionUserName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The User-Name representing the identity of the Supplicant PAE." REFERENCE "9.4.4, Session User Name" ::= { swDot1xAuthSessionStatsEntry 9 } -- ----------------------------------------------------------------------------- -- The swRadiusCommand -- ----------------------------------------------------------------------------- swRadiusForceDownPortNumber OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "The port number on which the RADIUS server is forced to terminate the network service." ::= { swRadiusCommand 1} swRadiusForceDownMacAddr OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The user's MAC address on which the RADIUS server is forced to terminate the network service." ::= { swRadiusCommand 2 } -- ----------------------------------------------------------------------------- -- The Authenticator Port Table -- ----------------------------------------------------------------------------- swAuthenticatedPortCtrlTable OBJECT-TYPE SYNTAX SEQUENCE OF SwAuthenticatedPortCtrlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table used to configure the port's 802.1x capability." ::= { swAuthenticatedPortInfo 1 } swAuthenticatedPortCtrlEntry OBJECT-TYPE SYNTAX SwAuthenticatedPortCtrlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Port number and authenticator control for a Port." INDEX { swAuthenticatedPortNumber } ::= { swAuthenticatedPortCtrlTable 1 } SwAuthenticatedPortCtrlEntry ::= SEQUENCE { swAuthenticatedPortNumber INTEGER, swAuthenticatedPortCapabilities INTEGER } swAuthenticatedPortNumber OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Authenticated Port number associated with this Port." ::= { swAuthenticatedPortCtrlEntry 1 } swAuthenticatedPortCapabilities OBJECT-TYPE SYNTAX INTEGER { none(1), authenticator(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates the PAE functionality that this Port supports and that it may be managed through this MIB." ::= { swAuthenticatedPortCtrlEntry 2 } -- ----------------------------------------------------------------------------- -- The Mac Based Pae Port Table -- ----------------------------------------------------------------------------- swMacBasedPaePortTable OBJECT-TYPE SYNTAX SEQUENCE OF SwMacBasedPaePortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of system level information for each port supported by the MAC-based Port Access Entity. An entry appears in this table for each port of this system." ::= { swMacBasedPaePortInfo 1 } swMacBasedPaePortEntry OBJECT-TYPE SYNTAX SwMacBasedPaePortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The port number, protocol version and initialization control for a Port by MAC based mode." INDEX { swMacBasedPaePortNumber } ::= { swMacBasedPaePortTable 1 } SwMacBasedPaePortEntry ::= SEQUENCE { swMacBasedPaePortNumber InterfaceIndex, swMacBasedPaeMacAddress MacAddress, swMacBasedPaePortInitializeOrReauthStatus INTEGER } swMacBasedPaePortNumber OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "The port number associated with this Port." ::= { swMacBasedPaePortEntry 1 } swMacBasedPaeMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the MAC address used to initialize the 802.1X authentication state machine of some or all ports or used to reauthenticate the device connected to the port." ::= { swMacBasedPaePortEntry 2 } swMacBasedPaePortInitializeOrReauthStatus OBJECT-TYPE SYNTAX INTEGER { other(1), initialize(2), reauthenticate(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This is used to execute MAC-Based Port initialization or reauthentication, so it is necessary to set swMacBasedPaeMacAddress before this action can be initialized. Choosing 'initialize' causes the port to be initialized in MAC-based mode. Choosing 'reauthenticate' causes the port to be reauthenticated in MAC-based mode. The attribute value reverts to 'other' once the initialization or reauthentication has been done." ::= { swMacBasedPaePortEntry 3 } -- ----------------------------------------------------------------------------- swMacBasedPaeTable OBJECT-TYPE SYNTAX SEQUENCE OF SwMacBasedPaeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table used to reauthenticate or initialize a host." ::= { swMacBasedPaePortInfo 2 } swMacBasedPaeEntry OBJECT-TYPE SYNTAX SwMacBasedPaeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The port number, MAC address and initialization or reauthentication control for a host by MAC based mode." INDEX { swMacBasedPaePort, swMacBasedPaeMac } ::= { swMacBasedPaeTable 1 } SwMacBasedPaeEntry ::= SEQUENCE { swMacBasedPaePort InterfaceIndex, swMacBasedPaeMac MacAddress, swMacBasedPaeInitOrReauthStatus INTEGER } swMacBasedPaePort OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "The port number associated with this Port." ::= { swMacBasedPaeEntry 1 } swMacBasedPaeMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Specifies the MAC address used to initialize the 802.1X authentication state machine of the host or used to reauthenticate the host on the port." ::= { swMacBasedPaeEntry 2 } swMacBasedPaeInitOrReauthStatus OBJECT-TYPE SYNTAX INTEGER { other(1), initialize(2), reauthenticate(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This is used to execute MAC-based Port initialization or reauthentication. Choosing 'initialize' causes the host to be initialized in MAC-based mode. Choosing 'reauthenticate' causes the host to be reauthenticated in MAC-based mode. The attribute value reverts to 'other' once the initialization or reauthentication has been done." ::= { swMacBasedPaeEntry 3 } -- ----------------------------------------------------------------------------- -- swPaeAuthenticator -- ----------------------------------------------------------------------------- swPaeAuthSysFwdPdu OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the global setting to control the forwarding of the EAPOL PDU." ::= { swPaeAuthenticator 1 } swPaeAuthSysMaxUser OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the global limitation on the maximum number of users that can be learned via 802.1X authentication. The maximum entry range is (0..N), the value N means the maximum number. It is determined by the project itself. Value 0 means no-limit." ::= { swPaeAuthenticator 2 } swPaeAuthConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF SwPaeAuthConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains the configuration objects for the Authenticator PAE associated with each port. An entry appears in this table for each port that may authenticate access to itself." ::= { swPaeAuthenticator 3 } -- ----------------------------------------------------------------------------- -- The Authenticator State Table -- ----------------------------------------------------------------------------- swAuthStateTable OBJECT-TYPE SYNTAX SEQUENCE OF SwAuthStateEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains the status objects for the Authenticator PAE associated with each host. An entry appears in this table for each host that may authenticate access to itself." ::= { swPaeAuthenticator 4 } swAuthStateEntry OBJECT-TYPE SYNTAX SwAuthStateEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The information for an Authenticator PAE." INDEX {swAuthPortNumber ,swAuthMacAddress} ::= { swAuthStateTable 1 } SwAuthStateEntry ::= SEQUENCE { swAuthPortNumber InterfaceIndex, swAuthMacAddress MacAddress, swAuthAuthControlledStatus INTEGER, swAuthAssignVid INTEGER, swAuthAssignPriority INTEGER, swAuthenticatorPAEState INTEGER, swAuthBKdAuthState INTEGER } swAuthPortNumber OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "The PAE Port number associated with this Port." ::= { swAuthStateEntry 1 } swAuthMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The address associated with this MAC address." ::= { swAuthStateEntry 2 } swAuthAuthControlledStatus OBJECT-TYPE SYNTAX INTEGER { authenticating(1), authorized(2), unauthorized(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "The authenticate state of the host." ::= { swAuthStateEntry 3} swAuthAssignVid OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The VID assigned by the RADIUS server." ::= { swAuthStateEntry 4 } swAuthAssignPriority OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The priority assigned by the RADIUS server." ::= { swAuthStateEntry 5 } swAuthenticatorPAEState OBJECT-TYPE SYNTAX INTEGER { initialize(1), disconnected(2), connecting(3), authenticating(4), authenticated(5), aborting(6), held(7), forceAuth(8), forceUnauth(9) } MAX-ACCESS read-only STATUS current DESCRIPTION "The current value of the Authenticator PAE state machine." ::= { swAuthStateEntry 6 } swAuthBKdAuthState OBJECT-TYPE SYNTAX INTEGER { request(1), response(2), success(3), fail(4), timeout(5), idle(6), initialize(7) } MAX-ACCESS read-only STATUS current DESCRIPTION "The current state of the Backend Authentication state machine." ::= { swAuthStateEntry 7 } -- ----------------------------------------------------------------------------- -- The Authenticator Config Entry -- ----------------------------------------------------------------------------- swPaeAuthConfigEntry OBJECT-TYPE SYNTAX SwPaeAuthConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The configuration information for an Authenticator PAE." INDEX { dot1xPaePortNumber } ::= { swPaeAuthConfigTable 1 } SwPaeAuthConfigEntry ::= SEQUENCE { swPaeAuthFwdPdu INTEGER, swPaeAuthMaxUser INTEGER } swPaeAuthFwdPdu OBJECT-TYPE SYNTAX INTEGER{ enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the per port setting to control the forwarding of EAPOL PDU." ::= { swPaeAuthConfigEntry 1 } swPaeAuthMaxUser OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the limitation on the maximum number of users by port. The max entry range is (0..N), the value N means the max number. It is determined by project itself. Value 0 means no-limit." ::= { swPaeAuthConfigEntry 2 } -- ----------------------------------------------------------------------------- -- swCompoundAuthMgmt OBJECT IDENTIFIER ::= { swAuthCtrl 11 } -- ----------------------------------------------------------------------------- -- ------------------------------------------------------------- -- The Compound authentication configure -- ------------------------------------------------------------- swCompoundAuthPortTable OBJECT-TYPE SYNTAX SEQUENCE OF SwCompoundAuthPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains compound authentication information for each port." ::= { swCompoundAuthMgmt 1 } swCompoundAuthPortEntry OBJECT-TYPE SYNTAX SwCompoundAuthPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The compound authentication configuration information for a port." INDEX { swCompoundAuthPortIndex } ::= { swCompoundAuthPortTable 1 } SwCompoundAuthPortEntry ::= SEQUENCE { swCompoundAuthPortIndex INTEGER, swCompoundAuthPortAuthMode INTEGER, swCompoundAuthPortMethod INTEGER, swCompoundAuthPortAuthVLANs DisplayString } swCompoundAuthPortIndex OBJECT-TYPE SYNTAX INTEGER(1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The compound authentication port number associated with this port." ::= { swCompoundAuthPortEntry 1 } swCompoundAuthPortAuthMode OBJECT-TYPE SYNTAX INTEGER{ hostbased(1), portbased(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object sets the authorization mode. Port-based: If one of the attached hosts passes the authentication, all the hosts on the same port will be granted access to the network. If the user fails the authorization, this port will keep trying the next authentication. Host-based: Every user can be authenticated individually. The client can start authentication on specific authentication VLAN(s)." DEFVAL {portbased} ::= { swCompoundAuthPortEntry 2 } swCompoundAuthPortMethod OBJECT-TYPE SYNTAX INTEGER { none(1), any(2), dot1xImpb(3), impbJwac(4), impbWac(5), macImpb(6), macJwac(7) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object sets the method for compound authentication settings. None: The system level setting of individual authentication still takes effect. Thus suppose that the compound authentication method of a port is set to any but MAC-AC is disabled, JWAC and 802.1x enabled, then the user must pass either the JWAC or 802.1x method. The following is the relation of the compound authentication method and the configuration of the individual authentication method. (1) If compound authentication methods is not set to none: The port's authentication method will depend on the compound authentication method. An individual authentication method's setting is ignored. (2) If compound authentication methods is set to none: This port is in single-auth mode. The port's authentication method will depend on the individual authentication method's setting. Any: If any one of the authentication methods (802.1x, MAC-AC, WAC and JWAC) passes, then pass. dot1xImpb: Dot1x will be verified first, and then IMPB will be verified. Both authentication methods need to be passed to make the authentication successful. impbJwac: IMPB will be verified first, and then JWAC will be verified. Both authentication methods need to be passed to make the authentication successful. impbWac: IMPB will be verified first, and then WAC will be verified. Both authentication methods need to be passed to make the authentication successful. macImpb: MAC-AC will be verified first, and then IMPB will be verified. Both authentication methods need to be passed to make the authentication successful. macJwac: MAC-AC will be verified first. If client passed MAC authentication, JWAC will be verified. Both authentication methods need to be passed to make the authentication successful." DEFVAL {none} ::= { swCompoundAuthPortEntry 3 } swCompoundAuthPortAuthVLANs OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "This object sets the Authentication VLAN(s). If the authentication VLAN is not specified, It means to not care which VLAN the client comes from, the client will be authenticated if the client's MAC (not care the VLAN) is not authenticated. After the client is authenticated, the client will not be reauthenticated when received from other VLANs. When the port's authorization mode is changed to port based, previously authentication VLAN(s) on this port will be cleared. Note: For the compound VLAN specification, the value should be separated by ',' or '-'. Such as: 1,4,7 or 1,4,7-9 ." ::= { swCompoundAuthPortEntry 4 } -- ------------------------------------------------------------- -- The Guest VLAN Database -- ------------------------------------------------------------- swGuestVlanTable OBJECT-TYPE SYNTAX SEQUENCE OF SwGuestVlanEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing configuration information for guest VLANs configured into the device by local or network management. All entries are permanent and will be restored after the device reset." ::= { swCompoundAuthMgmt 2 } swGuestVlanEntry OBJECT-TYPE SYNTAX SwGuestVlanEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information for a guest VLAN configured into the device by local or network management." INDEX { swGuestVlanId } ::= { swGuestVlanTable 1 } SwGuestVlanEntry ::= SEQUENCE { swGuestVlanId VlanId, swGuestVlanPorts PortList, swGuestVlanRowStatus RowStatus } swGuestVlanId OBJECT-TYPE SYNTAX VlanId MAX-ACCESS read-only STATUS current DESCRIPTION "The VLAN ID referring to this guest VLAN." ::= { swGuestVlanEntry 1 } swGuestVlanPorts OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-write STATUS current DESCRIPTION "The set of ports which are permanently assigned to the guest VLAN member for this guest VLAN by management. Note: For on-going projects which need to support old-style commands as well, the rules for guest VLAN setting are: (1) Compound authentication mode is not none: You need to specify the guest VLAN by this command or individual authentication method's guest VLAN setting will be ignored. (2) Compound authentication mode is none: This port is in single authentication mode. Individual authentications use their guest VLAN settings configured by their individual guest VLAN commands. The setting of config guest_vlan will be ignored" ::= { swGuestVlanEntry 2 } swGuestVlanRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swGuestVlanEntry 3 } -- ------------------------------------------------------------- -- System Authorization Attributes -- ------------------------------------------------------------- swAuthorizationAttributes OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the authorization status. When the authorization for attributes is enabled, whether the authorized attributes (for example VLAN, 802.1p default priority, and ACL) assigned by the RADIUS server or local database will be accepted or not will depend on the individual module setting. " ::= { swCompoundAuthMgmt 3 } -- ------------------------------------------------------------- -- Authentication Server Failover -- ------------------------------------------------------------- swAuthServerFailoverState OBJECT-TYPE SYNTAX INTEGER { block(1), local(2), permit(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the authentication server failover state. block: Block the client. local: Use the local DB to authenticate the client. permit: The client is always regarded as authenticated." DEFVAL {block} ::= { swCompoundAuthMgmt 4 } -- ------------------------------------------------------------- -- Authentication MAC format -- ------------------------------------------------------------- swAuthMACFormatCase OBJECT-TYPE SYNTAX INTEGER { uppercase(1), lowercase(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the case format of the authentication MAC address for RADIUS authentication. uppercase: Using uppercase format, the formatted is: AA-BB-CC-DD-EE-FF. lowercase: Using lowercase format, the formatted is: aa-bb-cc-dd-ee-ff." DEFVAL {uppercase} ::= { swCompoundAuthMgmt 5 } swAuthMACFormatDelimiter OBJECT-TYPE SYNTAX INTEGER { none(1), hyphen(2), colon(3), dot(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the delimiter format of authentication MAC address for RADIUS authentication. none: Not using any delimiter, the format is: AABBCCDDEEFF hyphen: Using '-' as delimiter, the format is: AA-BB-CC-DD-EE-FF colon: Using ':' as delimiter, the format is: AA:BB:CC:DD:EE:FF dot: Using '.' as delimiter, the format is: AA.BB.CC.DD.EE.FF" DEFVAL {none} ::= { swCompoundAuthMgmt 6 } swAuthMACFormatDelimiterNumber OBJECT-TYPE SYNTAX INTEGER { delimiter-number-1(1), delimiter-number-2(2), delimiter-number-5(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the delimiter number of authentication MAC address for RADIUS authentication. delimiter-number-1: single delimiter, the format is: AABBCC.DDEEFF delimiter-number-2: double delimiter, the format is: AABB.CCDD.EEFF delimiter-number-5: multiple delimiter, the format is: AA.BB.CC.DD.EE.FF Note: while swAuthMACFormatDelimiter is none(1), the delimiter number will not take effect." ::= { swCompoundAuthMgmt 7 } END