-- Copyright (C) 2008-2014 Super Micro Computer Inc. All Rights Reserved -- $Id: fspnac.mib,v 1.15 2012/09/07 09:52:05 siva Exp $ -- PNAC Proprietary MIB Definition -- This document explains the proprietary MIB implemented -- for PNAC product. -- This proprietary MIB definition, supplements the standard IEEE802.1X -- MIB and also provides management of certain proprietary features of -- PNAC. -- This MIB contains tables used to configure the ports of host running -- PNAC, for its MAC based Authentication operation. Such a -- Authenticaion method permits the authenticated operation of hosts in -- shared media LANs. -- The proprietary MIB definitions follows: SUPERMICRO-PNAC-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Counter32, Unsigned32, enterprises, Integer32, TimeTicks, Counter64, NOTIFICATION-TYPE FROM SNMPv2-SMI RowStatus, TruthValue, MacAddress, TEXTUAL-CONVENTION, DisplayString FROM SNMPv2-TC SnmpAdminString FROM SNMP-FRAMEWORK-MIB PortList FROM Q-BRIDGE-MIB dot1xAuthOperControlledDirections, PaeControlledPortStatus FROM IEEE8021-PAE-MIB InterfaceIndex FROM IF-MIB; fspnac MODULE-IDENTITY LAST-UPDATED "201209050000Z" ORGANIZATION "Super Micro Computer Inc." CONTACT-INFO "support@Supermicro.com" DESCRIPTION " The proprietary MIB module for PNAC. " REVISION "201209050000Z" DESCRIPTION " The proprietary MIB module for PNAC. " ::= { enterprises supermicro-computer-inc(10876) super-switch(101) basic(1) 64 } -- ---------------------------------------------------------- -- -- Textual Conventions -- ---------------------------------------------------------- -- AuthenticMethod ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The Authentication method is using Remote Authentication Server or Local Authentication Server." SYNTAX INTEGER { remoteServer(1), localServer(2) } RemoteAuthServerType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This indicates which Remote Server is to provide the authentication. Currently supported servers are RADIUS Server and Terminal Access Controller Access-Control System Plus (TACACS+) Server." SYNTAX INTEGER { radiusServer(1), tacacsplusServer(2) } PermissionType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The permission values." SYNTAX INTEGER { allow(1), deny(2) } -- ------------------------------------------------------------ -- groups in the MIB -- ------------------------------------------------------------ fsPnacPaeSystem OBJECT IDENTIFIER ::= { fspnac 1 } fsPnacPaeAuthenticator OBJECT IDENTIFIER ::= { fspnac 2 } fsPnacAuthServer OBJECT IDENTIFIER ::= { fspnac 3 } fsPnacTrapObjects OBJECT IDENTIFIER ::= { fspnac 4 } fsPnacNotifications OBJECT IDENTIFIER ::= { fspnac 5 } -- ------------------------------------------------------------------ -- ------------------------------------------------------------------ -- The Pae System Group -- ------------------------------------------------------------------ fsPnacSystemControl OBJECT-TYPE SYNTAX INTEGER { start (1), shutdown (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Starts or shutdowns PNAC Module in the system. When set as 'start',resources required by PNAC module are allocated & PNAC module starts running. When shutdown, all resources used by PNAC module will be released to the system." ::= { fsPnacPaeSystem 1 } fsPnacTraceOption OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to enable Trace Statements in Network Access Control Module. A FOUR BYTE integer is used for enabling the level of tracing. Each BIT in the four byte integer, represents a particular level of Trace. The maping between the bit positions & the level of trace is as follows: 0 - Init and Shutdown Traces 1 - Management Traces 2 - Data Path Traces 3 - Control Plane Traces 4 - Packet Dump Traces 5 - Traces related to All Resources except Buffers 6 - All Failure Traces 7 - Buffer Traces The remaining bits are unused. Combination of levels are also allowed. For example if the bits 0 and 1 are set, then the Trace statements related to Init-Shutdown and management will be printed. The user has to enter the corresponding INTEGER VALUE for the bits set. For example if bits 0 and 1 are set then user has to give the value 3." DEFVAL { 0 } ::= { fsPnacPaeSystem 2 } fsPnacAuthenticServer OBJECT-TYPE SYNTAX AuthenticMethod MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure for the choice of local or remote Authentication Server to be used by the Authenticator for its authentication services." ::= { fsPnacPaeSystem 3 } fsPnacNasId OBJECT-TYPE SYNTAX DisplayString(SIZE(0..16)) MAX-ACCESS read-write STATUS current DESCRIPTION "This object is the Network Access Server Identifier to be presented before the remote Authentication Server." ::= { fsPnacPaeSystem 4 } -- Pae Port Table extensions fsPnacPaePortTable OBJECT-TYPE SYNTAX SEQUENCE OF FsPnacPaePortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of system level information for each port supported by the PNAC. An entry appears in this table for each port of this system. This table is an extension of dot1xPaePortTable of IEEE 802.1x MIB." ::= { fsPnacPaeSystem 5 } fsPnacPaePortEntry OBJECT-TYPE SYNTAX FsPnacPaePortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Configuration as port based or MAC based authentication and Supplicant count on a port. Index to this table is same as that of the dot1xPaePortTable, which is the InterfaceIndex." INDEX { fsPnacPaePortNumber } ::= { fsPnacPaePortTable 1 } FsPnacPaePortEntry ::= SEQUENCE { fsPnacPaePortNumber InterfaceIndex, fsPnacPaePortAuthMode INTEGER, fsPnacPaePortSupplicantCount Counter32, fsPnacPaePortUserName DisplayString, fsPnacPaePortPassword DisplayString, fsPnacPaePortStatus INTEGER } fsPnacPaePortNumber OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "The port number associated with this port." ::= { fsPnacPaePortEntry 1 } fsPnacPaePortAuthMode OBJECT-TYPE SYNTAX INTEGER { portBased(1), macBased(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Configuration of the port, for Port Based Authentication or MAC Based Authentication." ::= { fsPnacPaePortEntry 2 } fsPnacPaePortSupplicantCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of Supplicants connected in the port." ::= { fsPnacPaePortEntry 3 } fsPnacPaePortUserName OBJECT-TYPE SYNTAX DisplayString (SIZE(4..63)) MAX-ACCESS read-write STATUS current DESCRIPTION "User name to be used in this port, while operating as a Supplicant." ::= { fsPnacPaePortEntry 4 } fsPnacPaePortPassword OBJECT-TYPE SYNTAX DisplayString (SIZE(4..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "User password to be used in this port, while operating as a Supplicant." ::= { fsPnacPaePortEntry 5 } fsPnacPaePortStatus OBJECT-TYPE SYNTAX PaeControlledPortStatus MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the combined Port status." ::= { fsPnacPaePortEntry 6 } -- ------------------------------------------------------------------ -- The Pae System Group again -- ------------------------------------------------------------------ fsPnacModuleOperStatus OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This read only objects gives actual status of the PNAC Module (Operational status of module). When Module is enabled PNAC protocol starts functioning. When the module is disabled all the dynamically allocated memory will be freed and PNAC protocol stops functioning." ::= { fsPnacPaeSystem 6 } fsPnacRemoteAuthServerType OBJECT-TYPE SYNTAX RemoteAuthServerType MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used by the Authenticator for its authentication services, to configure the choice of RADIUS or TACACS+ remote authentication servers when the authentication method is through a remote server, that is, this object can be configured only if fsPnacAuthenticServer is set to remoteServer." DEFVAL { 1 } ::= { fsPnacPaeSystem 7 } -- ------------------------------------------------------------------ -- The Pae Authenticator Group -- ------------------------------------------------------------------ -- Authenticator Session Table fsPnacAuthSessionTable OBJECT-TYPE SYNTAX SEQUENCE OF FsPnacAuthSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains authentication session information associated with each Supplicant while Authenticator operates in MAC based authentication mode." ::= { fsPnacPaeAuthenticator 1 } fsPnacAuthSessionEntry OBJECT-TYPE SYNTAX FsPnacAuthSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Supplicant's MAC address and session ID, states of Authenticator state machine and Backend state machine for the session." INDEX { fsPnacAuthSessionSuppAddress } ::= { fsPnacAuthSessionTable 1 } FsPnacAuthSessionEntry ::= SEQUENCE { fsPnacAuthSessionSuppAddress MacAddress, fsPnacAuthSessionIdentifier Integer32, fsPnacAuthSessionAuthPaeState INTEGER, fsPnacAuthSessionBackendAuthState INTEGER, fsPnacAuthSessionPortStatus INTEGER, fsPnacAuthSessionPortNumber InterfaceIndex, fsPnacAuthSessionInitialize TruthValue, fsPnacAuthSessionReauthenticate TruthValue } fsPnacAuthSessionSuppAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "MAC address of the supplicant for this session." ::= { fsPnacAuthSessionEntry 1 } fsPnacAuthSessionIdentifier OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Session identifier of the supplicant for this session." ::= { fsPnacAuthSessionEntry 2 } fsPnacAuthSessionAuthPaeState OBJECT-TYPE SYNTAX INTEGER { initialize(1), disconnected(2), connecting(3), authenticating(4), authenticated(5), aborting(6), held(7), forceAuth(8), forceUnauth(9) } MAX-ACCESS read-only STATUS current DESCRIPTION "Authenticator state machine's state for this session." ::= { fsPnacAuthSessionEntry 3 } fsPnacAuthSessionBackendAuthState OBJECT-TYPE SYNTAX INTEGER { request(1), response(2), success(3), fail(4), timeout(5), idle(6), initialize(7) } MAX-ACCESS read-only STATUS current DESCRIPTION "Backend state machine's state for this session." ::= { fsPnacAuthSessionEntry 4 } fsPnacAuthSessionPortStatus OBJECT-TYPE SYNTAX PaeControlledPortStatus MAX-ACCESS read-only STATUS current DESCRIPTION "The current value of the controlled Port status parameter for this session." ::= { fsPnacAuthSessionEntry 5 } fsPnacAuthSessionPortNumber OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS read-only STATUS current DESCRIPTION "The Port in which this session is proceeding." ::= { fsPnacAuthSessionEntry 6 } fsPnacAuthSessionInitialize OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The initialization control for this Supplicant MAC address. Setting this attribute TRUE causes the Supplicant session with this MAC address, to be initialized. The attribute value reverts to FALSE once initialization has completed." ::= { fsPnacAuthSessionEntry 7 } fsPnacAuthSessionReauthenticate OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The reauthentication control for this Supplicant MAC address. Setting this attribute TRUE causes the Authenticator PAE state machine for this MAC address to reauthenticate the Supplicant. Setting this attribute FALSE has no effect. This attribute always returns FALSE when it is read." ::= { fsPnacAuthSessionEntry 8 } -- Authenticator Session Statistics Table fsPnacAuthSessionStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF FsPnacAuthSessionStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the session statistics for the Authenticator PAE associated with each Supplicant,while Authenticator operates in MAC based authentication mode." ::= { fsPnacPaeAuthenticator 2 } fsPnacAuthSessionStatsEntry OBJECT-TYPE SYNTAX FsPnacAuthSessionStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The session statistics information for an Authenticator PAE. This shows the current values being collected for each session that is still in progress, or the final values for the last valid session on each port where there is no session currently active." INDEX { fsPnacAuthSessionSuppAddress } ::= { fsPnacAuthSessionStatsTable 1 } FsPnacAuthSessionStatsEntry ::= SEQUENCE { fsPnacAuthSessionOctetsRx Counter64, fsPnacAuthSessionOctetsTx Counter64, fsPnacAuthSessionFramesRx Counter32, fsPnacAuthSessionFramesTx Counter32, fsPnacAuthSessionId SnmpAdminString, fsPnacAuthSessionAuthenticMethod INTEGER, fsPnacAuthSessionTime TimeTicks, fsPnacAuthSessionTerminateCause INTEGER, fsPnacAuthSessionUserName SnmpAdminString } fsPnacAuthSessionOctetsRx OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts number of session octets received." ::= { fsPnacAuthSessionStatsEntry 1 } fsPnacAuthSessionOctetsTx OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts number of session octets transmitted." ::= { fsPnacAuthSessionStatsEntry 2 } fsPnacAuthSessionFramesRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts number of session frames received." ::= { fsPnacAuthSessionStatsEntry 3 } fsPnacAuthSessionFramesTx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts number of session frames transmitted." ::= { fsPnacAuthSessionStatsEntry 4 } fsPnacAuthSessionId OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "A unique Session identifier, in the form of a printable ASCII string of at least three characters." ::= { fsPnacAuthSessionStatsEntry 5 } fsPnacAuthSessionAuthenticMethod OBJECT-TYPE SYNTAX INTEGER { remoteAuthServer(1), localAuthServer(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Authentication method used to establish the session." ::= { fsPnacAuthSessionStatsEntry 6 } fsPnacAuthSessionTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Duration of the session in seconds." ::= { fsPnacAuthSessionStatsEntry 7 } fsPnacAuthSessionTerminateCause OBJECT-TYPE SYNTAX INTEGER { supplicantLogoff(1), portFailure(2), supplicantRestart(3), reauthFailed(4), authControlForceUnauth(5), portReInit(6), portAdminDisabled(7), notTerminatedYet(999) } MAX-ACCESS read-only STATUS current DESCRIPTION "Reason for the session termination." ::= { fsPnacAuthSessionStatsEntry 8 } fsPnacAuthSessionUserName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "User name representing the identity of the Supplicant PAE." ::= { fsPnacAuthSessionStatsEntry 9 } -- ------------------------------------------------------------------ -- The Authentication Server Group -- ------------------------------------------------------------------ -- PNAC Local Authentication Server User Configuration Table fsPnacASUserConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF FsPnacASUserConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains authentication related User configuration information maintained by PNAC local Authentication Server." ::= { fsPnacAuthServer 1 } fsPnacASUserConfigEntry OBJECT-TYPE SYNTAX FsPnacASUserConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains User name, Password, Authentication protocol used, Authenticated session timeout and Access ports list of the User seeking authentication." INDEX { fsPnacASUserConfigUserName } ::= { fsPnacASUserConfigTable 1 } FsPnacASUserConfigEntry ::= SEQUENCE { fsPnacASUserConfigUserName OCTET STRING, fsPnacASUserConfigPassword DisplayString, fsPnacASUserConfigAuthProtocol Unsigned32, fsPnacASUserConfigAuthTimeout Unsigned32, fsPnacASUserConfigPortList PortList, fsPnacASUserConfigPermission PermissionType, fsPnacASUserConfigRowStatus RowStatus } fsPnacASUserConfigUserName OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..115)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Identity of the User seeking authentication. A string of not more than 20 printable characters." ::= { fsPnacASUserConfigEntry 1 } fsPnacASUserConfigPassword OBJECT-TYPE SYNTAX DisplayString (SIZE(1..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "The secret Password of the User. A string of not more than 20 printable characters. When read, this always returns a String of length zero." ::= { fsPnacASUserConfigEntry 2 } fsPnacASUserConfigAuthProtocol OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The Authentication protocol supported for the User." ::= { fsPnacASUserConfigEntry 3 } fsPnacASUserConfigAuthTimeout OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "The time in seconds after which the Authentication offerred to the User ceases. Maximum value of the object can be 7200 seconds. When the object value is 0, the ReAuthPeriod of the Authenticator port is used by Authenticator." ::= { fsPnacASUserConfigEntry 4 } fsPnacASUserConfigPortList OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-write STATUS current DESCRIPTION "The complete set of ports of Authenticator to which the User is allowed or denied access, on the basis of setting of 'fsPnacASUserConfigPermission' object." ::= { fsPnacASUserConfigEntry 5 } fsPnacASUserConfigPermission OBJECT-TYPE SYNTAX PermissionType MAX-ACCESS read-write STATUS current DESCRIPTION "For the set of ports indicated by 'fsPnacASUserConfigPortList' object, the User is allowed access when this object is set 'allow' and is denied access when this object is set 'deny'." ::= { fsPnacASUserConfigEntry 6 } fsPnacASUserConfigRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The Row status of this entry." ::= { fsPnacASUserConfigEntry 7 } -- ------------------------------------------------------------------ -- Trap objects Group -- ------------------------------------------------------------------ -- PNAC MAC session trap object table fsPnacTrapAuthSessionTable OBJECT-TYPE SYNTAX SEQUENCE OF FsPnacTrapAuthSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains auth session status information to be sent in trap notifications." ::= { fsPnacTrapObjects 1 } fsPnacTrapAuthSessionEntry OBJECT-TYPE SYNTAX FsPnacTrapAuthSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The session statistics information for an Authenticator PAE. This shows the current values being collected for each session that is still in progress, or the final values for the last valid session on each port where there is no session currently active." AUGMENTS { fsPnacAuthSessionEntry } ::= { fsPnacTrapAuthSessionTable 1 } FsPnacTrapAuthSessionEntry ::= SEQUENCE { fsPnacTrapAuthSessionStatus INTEGER } fsPnacTrapAuthSessionStatus OBJECT-TYPE SYNTAX INTEGER { createFailed(1), deleteFailed(2), entryPresent(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "Status of the MAC Auth session." ::= { fsPnacTrapAuthSessionEntry 1 } -- ------------------------------------------------- -- Notifications fsPnacHwFailureTrap OBJECT IDENTIFIER ::= { fsPnacNotifications 0 } fsPnacPortBasedHwFailureTrap NOTIFICATION-TYPE OBJECTS { fsPnacPaePortStatus, dot1xAuthOperControlledDirections } STATUS current DESCRIPTION "This notification is generated whenever a Hardware Operation for based authentication is failed. The information that are returned are 1. Port Authorization Status, 2. Port Oper Control Direction." ::= { fsPnacHwFailureTrap 1 } fsPnacMacBasedHwFailureTrap NOTIFICATION-TYPE OBJECTS { fsPnacAuthSessionPortNumber, fsPnacAuthSessionPortStatus, fsPnacTrapAuthSessionStatus } STATUS current DESCRIPTION "This notification is generated whenever a Hardware Operation for Port based authentication is failed. The information that are returned are 1. Port Number, 2. MAC Authorization Status, 3. MAC entry status" ::= { fsPnacHwFailureTrap 2 } END