1068 lines
39 KiB
Plaintext
1068 lines
39 KiB
Plaintext
-- Copyright (C) 2015 Aricent. All Rights Reserved.
|
|
|
|
-- $Id: fspnac.mib,v 1.20 2015/06/11 10:03:20 siva Exp $
|
|
|
|
-- PNAC Proprietary MIB Definition
|
|
|
|
-- This document explains the proprietary MIB implemented
|
|
-- for PNAC product.
|
|
|
|
-- This proprietary MIB definition, supplements the standard IEEE802.1X
|
|
-- MIB and also provides management of certain proprietary features of
|
|
-- PNAC.
|
|
|
|
-- This MIB contains tables used to configure the ports of host running
|
|
-- PNAC, for its MAC based authentication operation. Such an
|
|
-- authenticaion method permits the authenticated operation of hosts in
|
|
-- shared media LANs.
|
|
|
|
-- The proprietary MIB definitions follows:
|
|
|
|
|
|
ARICENT-PNAC-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE, Counter32, Unsigned32,
|
|
enterprises, Integer32, TimeTicks, Counter64,
|
|
NOTIFICATION-TYPE FROM SNMPv2-SMI
|
|
RowStatus, TruthValue, MacAddress,
|
|
TEXTUAL-CONVENTION, DisplayString FROM SNMPv2-TC
|
|
SnmpAdminString FROM SNMP-FRAMEWORK-MIB
|
|
PortList FROM Q-BRIDGE-MIB
|
|
dot1xAuthOperControlledDirections, PaeControlledPortStatus FROM IEEE8021-PAE-MIB
|
|
InterfaceIndex FROM IF-MIB;
|
|
|
|
fspnac MODULE-IDENTITY
|
|
LAST-UPDATED "201209050000Z"
|
|
ORGANIZATION "ARICENT COMMUNICATIONS SOFTWARE"
|
|
CONTACT-INFO "support@aricent.com"
|
|
DESCRIPTION
|
|
"The proprietary MIB module for PNAC."
|
|
REVISION "201209050000Z"
|
|
DESCRIPTION
|
|
"The proprietary MIB module for PNAC."
|
|
::= { enterprises futuresoftware (2076) 64 }
|
|
|
|
-- ---------------------------------------------------------- --
|
|
-- Textual Conventions
|
|
-- ---------------------------------------------------------- --
|
|
|
|
|
|
AuthenticMethod ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The authentication method is using Remote Authentication
|
|
Server or Local Authentication Server."
|
|
SYNTAX INTEGER {
|
|
remoteServer(1),
|
|
localServer(2)
|
|
}
|
|
|
|
RemoteAuthServerType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This indicates which remote server is to provide the
|
|
authentication. Currently supported servers are RADIUS
|
|
Server and Terminal Access Controller Access-Control
|
|
System Plus (TACACS+) Server."
|
|
SYNTAX INTEGER {
|
|
radiusServer(1),
|
|
tacacsplusServer(2)
|
|
}
|
|
|
|
PermissionType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The permission values."
|
|
SYNTAX INTEGER {
|
|
allow(1),
|
|
deny(2)
|
|
}
|
|
|
|
-- ------------------------------------------------------------
|
|
-- groups in the MIB
|
|
-- ------------------------------------------------------------
|
|
|
|
fsPnacPaeSystem OBJECT IDENTIFIER ::= { fspnac 1 }
|
|
fsPnacPaeAuthenticator OBJECT IDENTIFIER ::= { fspnac 2 }
|
|
fsPnacAuthServer OBJECT IDENTIFIER ::= { fspnac 3 }
|
|
fsPnacTrapObjects OBJECT IDENTIFIER ::= { fspnac 4 }
|
|
fsPnacNotifications OBJECT IDENTIFIER ::= { fspnac 5 }
|
|
fsDPnac OBJECT IDENTIFIER ::= { fspnac 6 }
|
|
|
|
-- ------------------------------------------------------------------
|
|
|
|
-- ------------------------------------------------------------------
|
|
-- Distributed PNAC Group
|
|
-- ------------------------------------------------------------------
|
|
fsDPnacSystemStatus OBJECT-TYPE
|
|
SYNTAX INTEGER { centralized (1), distributed (2) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object sets the mode for dot1x. PNAC is enabled,
|
|
when the mode is set as centralized and DPNAC is
|
|
enabled when the mode is set as distributed."
|
|
DEFVAL { 1 }
|
|
::= { fsDPnac 1}
|
|
|
|
fsDPnacPeriodicSyncTime OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..300)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object configures the D-PNAC periodic sync timer.
|
|
This periodic sync timer is used to configure the transmission
|
|
interval of D-PNAC periodic-sync PDUs. The configured value of
|
|
this timer is applicable only from the next start/re-start of
|
|
the timer. In master node, this timer expiry is used to identify
|
|
the slave down and remove the slave node information.
|
|
This runs individually in each D-PNAC node.
|
|
|
|
If this object is configured with a value of '0', then no
|
|
periodic-sync messages will be sent from that D-PNAC node.
|
|
|
|
The periodic sync timer has a period from 0 to 300 seconds,
|
|
configurable in units of seconds."
|
|
DEFVAL { 60 }
|
|
::= { fsDPnac 2 }
|
|
|
|
fsDPnacMaxKeepAliveCount
|
|
OBJECT-TYPE
|
|
SYNTAX Integer32 (1..5)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to provide keep alive mechanism when D-PNAC
|
|
status is enabled. This is maintained by Master Node.
|
|
The keep alive count of all remote D-PNAC nodes will be incremented
|
|
every time when the periodic-sync timer expires and this resets to
|
|
zero for a particular D-PNAC node only on receiving periodic-sync/
|
|
event-update message from that particular remote D-PNAC node.
|
|
if keep alive count of any of the remote D-PNAC node reaches
|
|
the maximum keep alive count, then that remote D-PNAC node will be
|
|
declared as operationally down/dead."
|
|
DEFVAL { 3 }
|
|
::= { fsDPnac 3 }
|
|
|
|
-- D-Pnac Slot Table
|
|
|
|
fsDPnacStatsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FsDPnacStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is a table of statistics information
|
|
for each slot supported by the DPNAC. An entry
|
|
appears in this table for each slot of this system."
|
|
::= { fsDPnac 4 }
|
|
|
|
fsDPnacStatsEntry OBJECT-TYPE
|
|
SYNTAX FsDPnacStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is a table to get the statistics information
|
|
about event update like DPNAC Tx/Rx and
|
|
periodic DPNAC Tx/Rx based on slot."
|
|
INDEX { fsDPnacSlotNumber }
|
|
::= { fsDPnacStatsTable 1 }
|
|
|
|
|
|
FsDPnacStatsEntry ::=
|
|
SEQUENCE {
|
|
fsDPnacSlotNumber
|
|
Integer32,
|
|
fsDPnacEventUpdateFramesRx
|
|
Counter32,
|
|
fsDPnacEventUpdateFramesTx
|
|
Counter32,
|
|
fsDPnacPeriodicFramesTx
|
|
Counter32,
|
|
fsDPnacPeriodicFramesRx
|
|
Counter32
|
|
}
|
|
|
|
fsDPnacSlotNumber OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the slot number of the chassis for which the
|
|
configuration entry applies."
|
|
::= { fsDPnacStatsEntry 1 }
|
|
|
|
fsDPnacEventUpdateFramesRx OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the number of Event-update
|
|
D-PNAC frames received by the master node."
|
|
::= { fsDPnacStatsEntry 2 }
|
|
|
|
fsDPnacEventUpdateFramesTx OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the number of Event-update D-PNAC frames
|
|
transmitted from the slave node."
|
|
::= { fsDPnacStatsEntry 3 }
|
|
|
|
fsDPnacPeriodicFramesTx OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the number of periodic D-PNAC frames
|
|
transmitted from the slave node."
|
|
::= { fsDPnacStatsEntry 4 }
|
|
|
|
fsDPnacPeriodicFramesRx OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the number of periodic D-PNAC frames
|
|
received by the master node."
|
|
::= { fsDPnacStatsEntry 5 }
|
|
|
|
|
|
fsDPnacSlotPortTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FsDPnacSlotPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is a table which is used to access the port information
|
|
stored in master node for every slave slot including master slot."
|
|
::= { fsDPnac 5 }
|
|
|
|
fsDPnacSlotPortEntry OBJECT-TYPE
|
|
SYNTAX FsDPnacSlotPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies an entry which holds the information
|
|
about the port authentication status and controlled direction
|
|
of a port belonging to the slot."
|
|
INDEX { fsDPnacSlotNumber , fsDPnacPortIndex}
|
|
::= { fsDPnacSlotPortTable 1 }
|
|
|
|
FsDPnacSlotPortEntry ::=
|
|
SEQUENCE {
|
|
fsDPnacPortIndex InterfaceIndex,
|
|
fsDPnacPortAuthStatus INTEGER,
|
|
fsDPnacPortControlledDirection INTEGER
|
|
}
|
|
|
|
fsDPnacPortIndex OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to get the ifIndex of each port
|
|
belonging to the slot."
|
|
::= { fsDPnacSlotPortEntry 1 }
|
|
|
|
fsDPnacPortAuthStatus OBJECT-TYPE
|
|
SYNTAX PaeControlledPortStatus
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object displays the authentication status
|
|
of each port belonging to the slot."
|
|
::= { fsDPnacSlotPortEntry 2 }
|
|
|
|
fsDPnacPortControlledDirection OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
both(0),
|
|
in(1)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object specifies the port controlled
|
|
directions parameters for the port belonging to the slot."
|
|
::= { fsDPnacSlotPortEntry 3 }
|
|
|
|
-- ------------------------------------------------------------------
|
|
-- The Pae System Group
|
|
-- ------------------------------------------------------------------
|
|
|
|
fsPnacSystemControl OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
start (1),
|
|
shutdown (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Starts or shutdowns PNAC module in the system.
|
|
|
|
When set as 'start', resources required by PNAC
|
|
module are allocated & PNAC module starts running.
|
|
|
|
When shutdown, all resources used by PNAC module
|
|
will be released to the system."
|
|
::= { fsPnacPaeSystem 1 }
|
|
|
|
fsPnacTraceOption OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to enable trace statements in
|
|
Network Access Control Module.
|
|
|
|
A four byte integer is used for enabling the level of tracing.
|
|
Each bit in the four byte integer represents a particular
|
|
level of trace.
|
|
|
|
The mapping between the bit positions & the level of trace is
|
|
as follows:
|
|
0 - Init and Shutdown Traces
|
|
1 - Management Traces
|
|
2 - Data Path Traces
|
|
3 - Control Plane Traces
|
|
4 - Packet Dump Traces
|
|
5 - Traces related to All Resources except Buffers
|
|
6 - All Failure Traces
|
|
7 - Buffer Traces
|
|
|
|
The remaining bits are unused. Combinations of levels are
|
|
also allowed.
|
|
|
|
For example, if the bits 0 and 1 are set, then the trace
|
|
statements related to Init-Shutdown and management
|
|
will be printed.
|
|
|
|
The user has to enter the corresponding integer value for the
|
|
bits set. For example, if bits 0 and 1 are set, then user has to
|
|
give the value 3."
|
|
DEFVAL { 0 }
|
|
::= { fsPnacPaeSystem 2 }
|
|
|
|
fsPnacAuthenticServer OBJECT-TYPE
|
|
SYNTAX AuthenticMethod
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to configure for the choice of
|
|
local or remote authentication server to be used by
|
|
the authenticator for its authentication services."
|
|
::= { fsPnacPaeSystem 3 }
|
|
|
|
fsPnacNasId OBJECT-TYPE
|
|
SYNTAX DisplayString(SIZE(0..16))
|
|
MAX-ACCESS read-write
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"Currently this object is not used.
|
|
|
|
This object is the Network Access Server Identifier
|
|
to be presented before the remote authentication
|
|
server."
|
|
::= { fsPnacPaeSystem 4 }
|
|
|
|
|
|
-- Pae Port Table extensions
|
|
|
|
|
|
fsPnacPaePortTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FsPnacPaePortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of system level information for each port
|
|
supported by the PNAC. An entry appears in this
|
|
table for each port of this system. This table is an
|
|
extension of dot1xPaePortTable of IEEE 802.1x MIB."
|
|
::= { fsPnacPaeSystem 5 }
|
|
|
|
|
|
fsPnacPaePortEntry OBJECT-TYPE
|
|
SYNTAX FsPnacPaePortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Configuration as port based or MAC based authentication
|
|
and supplicant count on a port. Index to this table is
|
|
same as that of the dot1xPaePortTable, which is the
|
|
InterfaceIndex."
|
|
INDEX { fsPnacPaePortNumber }
|
|
::= { fsPnacPaePortTable 1 }
|
|
|
|
|
|
FsPnacPaePortEntry ::=
|
|
SEQUENCE {
|
|
fsPnacPaePortNumber
|
|
InterfaceIndex,
|
|
fsPnacPaePortAuthMode
|
|
INTEGER,
|
|
fsPnacPaePortSupplicantCount
|
|
Counter32,
|
|
fsPnacPaePortUserName
|
|
DisplayString,
|
|
fsPnacPaePortPassword
|
|
DisplayString,
|
|
fsPnacPaePortStatus
|
|
INTEGER,
|
|
fsPnacPaePortStatisticsClear
|
|
TruthValue,
|
|
fsPnacPaePortAuthStatus
|
|
INTEGER,
|
|
fsPnacPaeAuthReAuthMax
|
|
Unsigned32
|
|
}
|
|
|
|
|
|
fsPnacPaePortNumber OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The port number associated with this port."
|
|
::= { fsPnacPaePortEntry 1 }
|
|
|
|
|
|
fsPnacPaePortAuthMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
portBased(1),
|
|
macBased(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Configuration of the port, for Port Based
|
|
Authentication or MAC Based Authentication."
|
|
::= { fsPnacPaePortEntry 2 }
|
|
|
|
|
|
fsPnacPaePortSupplicantCount OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of supplicants connected in the port."
|
|
::= { fsPnacPaePortEntry 3 }
|
|
|
|
|
|
fsPnacPaePortUserName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(4..63))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"User name to be used in this port, while operating
|
|
as a supplicant."
|
|
::= { fsPnacPaePortEntry 4 }
|
|
|
|
|
|
fsPnacPaePortPassword OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(4..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"User password to be used in this port, while
|
|
operating as a supplicant."
|
|
::= { fsPnacPaePortEntry 5 }
|
|
|
|
fsPnacPaePortStatus OBJECT-TYPE
|
|
SYNTAX PaeControlledPortStatus
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the combined port status."
|
|
::= { fsPnacPaePortEntry 6 }
|
|
|
|
fsPnacPaePortStatisticsClear OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the status if the entries in port authenticator statistics
|
|
are to be cleared. If set to true, entries in port
|
|
authenticator statistics are cleared,
|
|
and if set to false, the entries are not cleared."
|
|
DEFVAL { false }
|
|
::= { fsPnacPaePortEntry 7}
|
|
|
|
fsPnacPaePortAuthStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"Currently this object is not used.
|
|
|
|
This object indicates if PNAC is enabled/disabled on the port"
|
|
DEFVAL { enabled }
|
|
::= { fsPnacPaePortEntry 8 }
|
|
|
|
fsPnacPaeAuthReAuthMax OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the reAuthMax constant currently in use by
|
|
the Authenticator state machine."
|
|
DEFVAL { 2 }
|
|
::= { fsPnacPaePortEntry 9 }
|
|
|
|
|
|
|
|
-- ------------------------------------------------------------------
|
|
-- The Pae System Group again
|
|
-- ------------------------------------------------------------------
|
|
fsPnacModuleOperStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This read only objects gives actual status of the PNAC module
|
|
(operational status of module). When module is enabled,
|
|
PNAC protocol starts functioning. When the module is disabled,
|
|
all the dynamically allocated memory will be freed and PNAC
|
|
protocol stops functioning."
|
|
::= { fsPnacPaeSystem 6 }
|
|
|
|
fsPnacRemoteAuthServerType OBJECT-TYPE
|
|
SYNTAX RemoteAuthServerType
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used by the authenticator for its
|
|
authentication services, to configure the choice of
|
|
RADIUS or TACACS+ remote authentication servers when
|
|
the authentication method is through a remote server,
|
|
that is, this object can be configured only if
|
|
fsPnacAuthenticServer is set to remote server."
|
|
DEFVAL { 1 }
|
|
::= { fsPnacPaeSystem 7 }
|
|
-- ------------------------------------------------------------------
|
|
-- The Pae Authenticator Group
|
|
-- ------------------------------------------------------------------
|
|
|
|
-- Authenticator Session Table
|
|
|
|
fsPnacAuthSessionTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FsPnacAuthSessionEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains authentication session information
|
|
associated with each supplicant while authenticator
|
|
operates in MAC based authentication mode."
|
|
::= { fsPnacPaeAuthenticator 1 }
|
|
|
|
|
|
fsPnacAuthSessionEntry OBJECT-TYPE
|
|
SYNTAX FsPnacAuthSessionEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"supplicant's MAC address and session ID, states of
|
|
authenticator state machine and backend state machine
|
|
for the session."
|
|
INDEX { fsPnacAuthSessionSuppAddress }
|
|
::= { fsPnacAuthSessionTable 1 }
|
|
|
|
|
|
FsPnacAuthSessionEntry ::=
|
|
SEQUENCE {
|
|
fsPnacAuthSessionSuppAddress
|
|
MacAddress,
|
|
fsPnacAuthSessionIdentifier
|
|
Integer32,
|
|
fsPnacAuthSessionAuthPaeState
|
|
INTEGER,
|
|
fsPnacAuthSessionBackendAuthState
|
|
INTEGER,
|
|
fsPnacAuthSessionPortStatus
|
|
INTEGER,
|
|
fsPnacAuthSessionPortNumber
|
|
InterfaceIndex,
|
|
fsPnacAuthSessionInitialize
|
|
TruthValue,
|
|
fsPnacAuthSessionReauthenticate
|
|
TruthValue
|
|
}
|
|
|
|
fsPnacAuthSessionSuppAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"MAC address of the supplicant for this session."
|
|
::= { fsPnacAuthSessionEntry 1 }
|
|
|
|
|
|
fsPnacAuthSessionIdentifier OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Session identifier of the supplicant for this
|
|
session."
|
|
::= { fsPnacAuthSessionEntry 2 }
|
|
|
|
|
|
fsPnacAuthSessionAuthPaeState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
initialize(1),
|
|
disconnected(2),
|
|
connecting(3),
|
|
authenticating(4),
|
|
authenticated(5),
|
|
aborting(6),
|
|
held(7),
|
|
forceAuth(8),
|
|
forceUnauth(9)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Authenticator state machine's state for this
|
|
session."
|
|
::= { fsPnacAuthSessionEntry 3 }
|
|
|
|
|
|
fsPnacAuthSessionBackendAuthState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
request(1),
|
|
response(2),
|
|
success(3),
|
|
fail(4),
|
|
timeout(5),
|
|
idle(6),
|
|
initialize(7)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Backend state machine's state for this session."
|
|
::= { fsPnacAuthSessionEntry 4 }
|
|
|
|
|
|
fsPnacAuthSessionPortStatus OBJECT-TYPE
|
|
SYNTAX PaeControlledPortStatus
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current value of the controlled port status
|
|
parameter for this session."
|
|
::= { fsPnacAuthSessionEntry 5 }
|
|
|
|
|
|
fsPnacAuthSessionPortNumber OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The port in which this session is proceeding."
|
|
::= { fsPnacAuthSessionEntry 6 }
|
|
|
|
|
|
fsPnacAuthSessionInitialize OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"Currently this object is not used.
|
|
|
|
The initialization control for this supplicant MAC
|
|
address. Setting this attribute TRUE causes the
|
|
supplicant session with this MAC address, to be
|
|
initialized. The attribute value reverts to FALSE
|
|
once initialization has completed."
|
|
::= { fsPnacAuthSessionEntry 7 }
|
|
|
|
|
|
fsPnacAuthSessionReauthenticate OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"Currently this object is not used.
|
|
|
|
The reauthentication control for this supplicant MAC
|
|
address. Setting this attribute TRUE causes the
|
|
authenticator PAE state machine for this MAC address
|
|
to reauthenticate the supplicant. Setting this
|
|
attribute FALSE has no effect.
|
|
This attribute always returns FALSE when it is read."
|
|
::= { fsPnacAuthSessionEntry 8 }
|
|
|
|
|
|
|
|
-- Authenticator Session Statistics Table
|
|
|
|
fsPnacAuthSessionStatsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FsPnacAuthSessionStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains the session statistics
|
|
for the authenticator PAE associated with each
|
|
supplicant, while authenticator operates in MAC
|
|
based authentication mode."
|
|
::= { fsPnacPaeAuthenticator 2 }
|
|
|
|
|
|
fsPnacAuthSessionStatsEntry OBJECT-TYPE
|
|
SYNTAX FsPnacAuthSessionStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The session statistics information for an
|
|
authenticator PAE. This shows the current values being
|
|
collected for each session that is still in progress,
|
|
or the final values for the last valid session on each
|
|
port where there is no session currently active."
|
|
INDEX { fsPnacAuthSessionSuppAddress }
|
|
::= { fsPnacAuthSessionStatsTable 1 }
|
|
|
|
|
|
FsPnacAuthSessionStatsEntry ::=
|
|
SEQUENCE {
|
|
fsPnacAuthSessionOctetsRx
|
|
Counter64,
|
|
fsPnacAuthSessionOctetsTx
|
|
Counter64,
|
|
fsPnacAuthSessionFramesRx
|
|
Counter32,
|
|
fsPnacAuthSessionFramesTx
|
|
Counter32,
|
|
fsPnacAuthSessionId
|
|
SnmpAdminString,
|
|
fsPnacAuthSessionAuthenticMethod
|
|
INTEGER,
|
|
fsPnacAuthSessionTime
|
|
TimeTicks,
|
|
fsPnacAuthSessionTerminateCause
|
|
INTEGER,
|
|
fsPnacAuthSessionUserName
|
|
SnmpAdminString,
|
|
fsPnacAuthSessionStatisticsClear
|
|
TruthValue
|
|
}
|
|
|
|
|
|
fsPnacAuthSessionOctetsRx OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Counts number of session octets received."
|
|
::= { fsPnacAuthSessionStatsEntry 1 }
|
|
|
|
|
|
fsPnacAuthSessionOctetsTx OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Counts number of session octets transmitted."
|
|
::= { fsPnacAuthSessionStatsEntry 2 }
|
|
|
|
|
|
fsPnacAuthSessionFramesRx OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Counts number of session frames received."
|
|
::= { fsPnacAuthSessionStatsEntry 3 }
|
|
|
|
|
|
fsPnacAuthSessionFramesTx OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Counts number of session frames transmitted."
|
|
::= { fsPnacAuthSessionStatsEntry 4 }
|
|
|
|
|
|
fsPnacAuthSessionId OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A unique session identifier, in the form of a
|
|
printable ASCII string of at least three characters."
|
|
::= { fsPnacAuthSessionStatsEntry 5 }
|
|
|
|
|
|
fsPnacAuthSessionAuthenticMethod OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
remoteAuthServer(1),
|
|
localAuthServer(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Authentication method used to establish the
|
|
session."
|
|
::= { fsPnacAuthSessionStatsEntry 6 }
|
|
|
|
|
|
fsPnacAuthSessionTime OBJECT-TYPE
|
|
SYNTAX TimeTicks
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Duration of the session in seconds."
|
|
::= { fsPnacAuthSessionStatsEntry 7 }
|
|
|
|
|
|
fsPnacAuthSessionTerminateCause OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
supplicantLogoff(1),
|
|
portFailure(2),
|
|
supplicantRestart(3),
|
|
reauthFailed(4),
|
|
authControlForceUnauth(5),
|
|
portReInit(6),
|
|
portAdminDisabled(7),
|
|
notTerminatedYet(999)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reason for the session termination."
|
|
::= { fsPnacAuthSessionStatsEntry 8 }
|
|
|
|
|
|
fsPnacAuthSessionUserName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"User name representing the identity of the
|
|
supplicant PAE."
|
|
::= { fsPnacAuthSessionStatsEntry 9 }
|
|
|
|
fsPnacAuthSessionStatisticsClear OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specify the statusif the entries in authenticator session
|
|
statistics are to be cleared. If set to true, the entries
|
|
in authenticator session statistics are cleared,
|
|
and if set to false, the entries are not cleared."
|
|
DEFVAL { false }
|
|
::= { fsPnacAuthSessionStatsEntry 10 }
|
|
|
|
-- ------------------------------------------------------------------
|
|
-- The Authentication Server Group
|
|
-- ------------------------------------------------------------------
|
|
|
|
-- PNAC Local Authentication Server User Configuration Table
|
|
|
|
fsPnacASUserConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FsPnacASUserConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains authentication related user
|
|
configuration information maintained by PNAC
|
|
local authentication server."
|
|
::= { fsPnacAuthServer 1 }
|
|
|
|
|
|
fsPnacASUserConfigEntry OBJECT-TYPE
|
|
SYNTAX FsPnacASUserConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry contains User name, Password, Authentication
|
|
protocol used, Authenticated session timeout and Access
|
|
ports list of the user seeking authentication."
|
|
INDEX { fsPnacASUserConfigUserName }
|
|
::= { fsPnacASUserConfigTable 1 }
|
|
|
|
|
|
FsPnacASUserConfigEntry ::=
|
|
SEQUENCE {
|
|
fsPnacASUserConfigUserName
|
|
OCTET STRING,
|
|
fsPnacASUserConfigPassword
|
|
DisplayString,
|
|
fsPnacASUserConfigAuthProtocol
|
|
Unsigned32,
|
|
fsPnacASUserConfigAuthTimeout
|
|
Unsigned32,
|
|
fsPnacASUserConfigPortList
|
|
PortList,
|
|
fsPnacASUserConfigPermission
|
|
PermissionType,
|
|
fsPnacASUserConfigRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
|
|
fsPnacASUserConfigUserName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..115))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Identity of the user seeking authentication. A string
|
|
of not more than 20 printable characters."
|
|
::= { fsPnacASUserConfigEntry 1 }
|
|
|
|
|
|
fsPnacASUserConfigPassword OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(1..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The secret password of the user. A string of not
|
|
more than 20 printable characters.
|
|
|
|
When read, this always returns a String
|
|
of length zero."
|
|
::= { fsPnacASUserConfigEntry 2 }
|
|
|
|
|
|
fsPnacASUserConfigAuthProtocol OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The authentication protocol supported for the user."
|
|
::= { fsPnacASUserConfigEntry 3 }
|
|
|
|
|
|
fsPnacASUserConfigAuthTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time in seconds after which the authentication
|
|
offered to the user ceases. Maximum value of the
|
|
object can be 7200 seconds. When the object value
|
|
is 0, the ReAuthPeriod of the authenticator port is
|
|
used by authenticator."
|
|
::= { fsPnacASUserConfigEntry 4 }
|
|
|
|
|
|
fsPnacASUserConfigPortList OBJECT-TYPE
|
|
SYNTAX PortList
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The complete set of ports of authenticator to
|
|
which the user is allowed or denied access, on the
|
|
basis of setting of 'fsPnacASUserConfigPermission'
|
|
object."
|
|
::= { fsPnacASUserConfigEntry 5 }
|
|
|
|
|
|
fsPnacASUserConfigPermission OBJECT-TYPE
|
|
SYNTAX PermissionType
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"For the set of ports indicated by
|
|
'fsPnacASUserConfigPortList' object, the user is
|
|
allowed access when this object is set 'allow' and
|
|
is denied access when this object is set 'deny'."
|
|
::= { fsPnacASUserConfigEntry 6 }
|
|
|
|
|
|
fsPnacASUserConfigRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status of this entry."
|
|
::= { fsPnacASUserConfigEntry 7 }
|
|
|
|
-- ------------------------------------------------------------------
|
|
-- Trap objects Group
|
|
-- ------------------------------------------------------------------
|
|
|
|
-- PNAC MAC session trap object table
|
|
|
|
fsPnacTrapAuthSessionTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FsPnacTrapAuthSessionEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains auth session status information
|
|
to be sent in trap notifications."
|
|
::= { fsPnacTrapObjects 1 }
|
|
|
|
fsPnacTrapAuthSessionEntry OBJECT-TYPE
|
|
SYNTAX FsPnacTrapAuthSessionEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The session statistics information for an
|
|
authenticator PAE. This shows the current values being
|
|
collected for each session that is still in progress,
|
|
or the final values for the last valid session on each
|
|
port where there is no session currently active."
|
|
AUGMENTS { fsPnacAuthSessionEntry }
|
|
::= { fsPnacTrapAuthSessionTable 1 }
|
|
|
|
FsPnacTrapAuthSessionEntry ::=
|
|
SEQUENCE {
|
|
fsPnacTrapAuthSessionStatus
|
|
INTEGER
|
|
}
|
|
|
|
fsPnacTrapAuthSessionStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
createFailed(1),
|
|
deleteFailed(2),
|
|
entryPresent(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Status of the MAC Auth session."
|
|
::= { fsPnacTrapAuthSessionEntry 1 }
|
|
|
|
|
|
-- -------------------------------------------------
|
|
|
|
-- Notifications
|
|
|
|
fsPnacHwFailureTrap OBJECT IDENTIFIER ::= { fsPnacNotifications 0 }
|
|
|
|
fsPnacPortBasedHwFailureTrap NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
fsPnacPaePortStatus,
|
|
dot1xAuthOperControlledDirections
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is generated whenever a hardware operation for port
|
|
based authentication is failed. The information that are returned
|
|
are 1. Port Authorization Status, 2. Port Oper Control Direction."
|
|
::= { fsPnacHwFailureTrap 1 }
|
|
|
|
fsPnacMacBasedHwFailureTrap NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
fsPnacAuthSessionPortNumber,
|
|
fsPnacAuthSessionPortStatus,
|
|
fsPnacTrapAuthSessionStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is generated whenever a hardware operation for
|
|
port based authentication is failed. The information that are
|
|
returned are 1. Port Number, 2. MAC Authorization Status,
|
|
3. MAC entry status."
|
|
::= { fsPnacHwFailureTrap 2 }
|
|
|
|
END
|