1130 lines
37 KiB
Plaintext
1130 lines
37 KiB
Plaintext
-- *****************************************************************
|
|
-- MY-AAA-MIB.mib: My AAA MIB file
|
|
--
|
|
-- $Copyright$
|
|
--
|
|
-- *****************************************************************
|
|
--
|
|
|
|
DES7200-AAA-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
NOTIFICATION-TYPE,
|
|
Integer32,
|
|
Counter32,
|
|
Unsigned32,
|
|
IpAddress
|
|
FROM SNMPv2-SMI
|
|
InetAddressType,
|
|
InetAddress
|
|
FROM INET-ADDRESS-MIB
|
|
Counter
|
|
FROM RFC1155-SMI
|
|
VlanId
|
|
FROM Q-BRIDGE-MIB
|
|
TruthValue,
|
|
DisplayString,
|
|
RowStatus,
|
|
MacAddress
|
|
FROM SNMPv2-TC
|
|
MODULE-COMPLIANCE,
|
|
OBJECT-GROUP,
|
|
NOTIFICATION-GROUP
|
|
FROM SNMPv2-CONF
|
|
ConfigStatus,
|
|
IfIndex
|
|
FROM DES7200-TC
|
|
EnabledStatus
|
|
FROM P-BRIDGE-MIB
|
|
myMgmt
|
|
FROM DES7200-SMI;
|
|
|
|
myAAAMIB MODULE-IDENTITY
|
|
LAST-UPDATED "200203200000Z"
|
|
ORGANIZATION "D-Link Crop."
|
|
CONTACT-INFO
|
|
"
|
|
http://support.dlink.com"
|
|
DESCRIPTION
|
|
"This module defines my AAA(802.1x) mibs."
|
|
REVISION "200203200000Z"
|
|
DESCRIPTION
|
|
"Initial version of this MIB module."
|
|
::= { myMgmt 19}
|
|
|
|
myAAAMIBObjects OBJECT IDENTIFIER ::= { myAAAMIB 1 }
|
|
|
|
myDot1xAuthObjects OBJECT IDENTIFIER ::= { myAAAMIBObjects 1 }
|
|
myAAAServerObjects OBJECT IDENTIFIER ::= { myAAAMIBObjects 2 }
|
|
myAuthUserObjects OBJECT IDENTIFIER ::= { myAAAMIBObjects 3 }
|
|
myAuthModeObjects OBJECT IDENTIFIER ::= { myAAAMIBObjects 4 }
|
|
myClientProbeObjects OBJECT IDENTIFIER ::= { myAAAMIBObjects 5 }
|
|
|
|
--
|
|
-- myDot1xAuth Groupfor 802.1x global settings.
|
|
--
|
|
myDot1xAuthStatus OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The enable(1)/disable(2) control used by the
|
|
802.1x global settings."
|
|
DEFVAL { disabled }
|
|
::= { myDot1xAuthObjects 1 }
|
|
|
|
myDot1xAuthObjectsQuietPeriod OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value, in seconds, of the quietPeriod constant
|
|
currently in use by the Authenticator PAE state
|
|
machine."
|
|
DEFVAL { 60 }
|
|
::= { myDot1xAuthObjects 2 }
|
|
|
|
myDot1xAuthObjectsTxPeriod OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value, in seconds, of the txPeriod constant
|
|
currently in use by the Authenticator PAE state
|
|
machine."
|
|
DEFVAL { 30 }
|
|
::= { myDot1xAuthObjects 3 }
|
|
|
|
myDot1xAuthObjectsSuppTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value, in seconds, of the suppTimeout constant
|
|
currently in use by the Backend Authentication state
|
|
machine."
|
|
DEFVAL { 30 }
|
|
::= { myDot1xAuthObjects 4 }
|
|
|
|
myDot1xAuthObjectsServerTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value, in seconds, of the serverTimeout constant
|
|
currently in use by the Backend Authentication state
|
|
machine."
|
|
DEFVAL { 30 }
|
|
::= { myDot1xAuthObjects 5 }
|
|
|
|
myDot1xAuthObjectsMaxReq OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the maxReq constant currently in use by
|
|
the Backend Authentication state machine."
|
|
DEFVAL { 2 }
|
|
::= { myDot1xAuthObjects 6 }
|
|
|
|
myDot1xAuthObjectsReAuthPeriod OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value, in seconds, of the reAuthPeriod constant
|
|
currently in use by the Reauthentication Timer state
|
|
machine."
|
|
DEFVAL { 3600 }
|
|
::= { myDot1xAuthObjects 7 }
|
|
|
|
myDot1xAuthObjectsMaxReauth OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the reAuthMax constant currently in use by
|
|
the Authenticator PAE state machine."
|
|
DEFVAL { 2 }
|
|
::= { myDot1xAuthObjects 8 }
|
|
|
|
myDot1xAuthObjectsReAuthEnable OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The enable(1)/disable(2) control used by the Reauthentication
|
|
Timer state machine."
|
|
DEFVAL { 2 }
|
|
::= { myDot1xAuthObjects 9 }
|
|
|
|
myDot1xAuthObjectsConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF MyDot1xAuthConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table that contains the configuration objects for the
|
|
Authenticator PAE associated with each MAC address.
|
|
An entry appears in this table for each MAC address that
|
|
may authenticate access to itself."
|
|
::= { myDot1xAuthObjects 10 }
|
|
|
|
myDot1xAuthObjectsConfigEntry OBJECT-TYPE
|
|
SYNTAX MyDot1xAuthConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The configuration information for an Authenticator
|
|
PAE."
|
|
INDEX { myDot1xAuthObjectsConfigFdbId,myDot1xAuthObjectsConfigAddr }
|
|
::= { myDot1xAuthObjectsConfigTable 1 }
|
|
|
|
MyDot1xAuthConfigEntry ::=
|
|
SEQUENCE {
|
|
myDot1xAuthObjectsConfigFdbId
|
|
Unsigned32,
|
|
myDot1xAuthObjectsConfigAddr
|
|
MacAddress,
|
|
myDot1xAuthObjectsPaeState
|
|
INTEGER,
|
|
myDot1xAuthObjectsBackendAuthState
|
|
INTEGER,
|
|
myDot1xAuthObjectsAuthControlledPortStatus
|
|
INTEGER,
|
|
myDot1xAuthObjectsKeyTxEnabled
|
|
TruthValue,
|
|
myDot1xAuthObjectsIfIndex
|
|
IfIndex
|
|
}
|
|
myDot1xAuthObjectsConfigFdbId OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The VID of vlan which the address blongs to."
|
|
::= { myDot1xAuthObjectsConfigEntry 1 }
|
|
|
|
myDot1xAuthObjectsConfigAddr OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The MAC address associated with this configurations."
|
|
::= { myDot1xAuthObjectsConfigEntry 2 }
|
|
|
|
myDot1xAuthObjectsPaeState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
initialize(1),
|
|
disconnected(2),
|
|
connecting(3),
|
|
authenticating(4),
|
|
authenticated(5),
|
|
aborting(6),
|
|
held(7),
|
|
forceAuth(8),
|
|
forceUnauth(9)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current value of the Authenticator PAE state
|
|
machine."
|
|
::= { myDot1xAuthObjectsConfigEntry 3 }
|
|
|
|
myDot1xAuthObjectsBackendAuthState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
request(1),
|
|
response(2),
|
|
success(3),
|
|
fail(4),
|
|
timeout(5),
|
|
idle(6),
|
|
initialize(7)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current state of the Backend Authentication
|
|
state machine."
|
|
::= { myDot1xAuthObjectsConfigEntry 4 }
|
|
|
|
myDot1xAuthObjectsAuthControlledPortStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
authorized(1),
|
|
unauthorized(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current value of the controlled Port
|
|
status parameter for the Port."
|
|
::= { myDot1xAuthObjectsConfigEntry 5 }
|
|
|
|
myDot1xAuthObjectsKeyTxEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the keyTransmissionEnabled constant
|
|
currently in use by the Authenticator PAE state
|
|
machine."
|
|
::= { myDot1xAuthObjectsConfigEntry 6 }
|
|
|
|
myDot1xAuthObjectsIfIndex OBJECT-TYPE
|
|
SYNTAX IfIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The interface index associated with this configurations"
|
|
::= { myDot1xAuthObjectsConfigEntry 7 }
|
|
|
|
|
|
myDot1xAuthObjectsStatsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF MyDot1xAuthStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table that contains the statistics objects for the
|
|
Authenticator PAE associated with each MAC address.
|
|
An entry appears in this table for each MAC address
|
|
that may authenticate access to itself."
|
|
::= { myDot1xAuthObjects 11 }
|
|
|
|
myDot1xAuthStatsEntry OBJECT-TYPE
|
|
SYNTAX MyDot1xAuthStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The statistics information for an Authenticator PAE."
|
|
INDEX { myDot1xAuthObjectsStatsFdbId,myDot1xAuthObjectsStatsAddr }
|
|
::= { myDot1xAuthObjectsStatsTable 1 }
|
|
|
|
MyDot1xAuthStatsEntry ::=
|
|
SEQUENCE {
|
|
myDot1xAuthObjectsStatsFdbId
|
|
Unsigned32,
|
|
myDot1xAuthObjectsStatsAddr
|
|
MacAddress,
|
|
myDot1xAuthObjectsEapolFramesRx
|
|
Counter32,
|
|
myDot1xAuthObjectsEapolFramesTx
|
|
Counter32,
|
|
myDot1xAuthObjectsEapolMyFramesRx
|
|
Counter32,
|
|
myDot1xAuthObjectsEapolLogoffFramesRx
|
|
Counter32,
|
|
myDot1xAuthObjectsEapolRespIdFramesRx
|
|
Counter32,
|
|
myDot1xAuthObjectsEapolRespFramesRx
|
|
Counter32,
|
|
myDot1xAuthObjectsEapolReqIdFramesTx
|
|
Counter32,
|
|
myDot1xAuthObjectsEapolReqFramesTx
|
|
Counter32,
|
|
myDot1xAuthObjectsInvalidEapolFramesRx
|
|
Counter32,
|
|
myDot1xAuthObjectsEapLengthErrorFramesRx
|
|
Counter32,
|
|
myDot1xAuthObjectsLastEapolFrameVersion
|
|
Unsigned32,
|
|
myDot1xAuthObjectsLastEapolFrameSource
|
|
MacAddress
|
|
}
|
|
myDot1xAuthObjectsStatsFdbId OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The VID of vlan which the address blongs to."
|
|
::= { myDot1xAuthStatsEntry 1 }
|
|
|
|
myDot1xAuthObjectsStatsAddr OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The MAC address associated with this states."
|
|
::= { myDot1xAuthStatsEntry 2 }
|
|
|
|
myDot1xAuthObjectsEapolFramesRx OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of valid EAPOL frames of any type
|
|
that have been received by this Authenticator."
|
|
::= { myDot1xAuthStatsEntry 3 }
|
|
|
|
myDot1xAuthObjectsEapolFramesTx OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of EAPOL frames of any type
|
|
that have been transmitted by this Authenticator."
|
|
::= { myDot1xAuthStatsEntry 4 }
|
|
|
|
myDot1xAuthObjectsEapolMyFramesRx OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of EAPOL My frames that have
|
|
been received by this Authenticator."
|
|
::= { myDot1xAuthStatsEntry 5 }
|
|
|
|
myDot1xAuthObjectsEapolLogoffFramesRx OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of EAPOL Logoff frames that have
|
|
been received by this Authenticator."
|
|
::= { myDot1xAuthStatsEntry 6 }
|
|
|
|
myDot1xAuthObjectsEapolRespIdFramesRx OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of EAP Resp/Id frames that have
|
|
been received by this Authenticator."
|
|
::= { myDot1xAuthStatsEntry 7 }
|
|
|
|
myDot1xAuthObjectsEapolRespFramesRx OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of valid EAP Response frames
|
|
(other than Resp/Id frames) that have been
|
|
received by this Authenticator."
|
|
::= { myDot1xAuthStatsEntry 8 }
|
|
|
|
myDot1xAuthObjectsEapolReqIdFramesTx OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of EAP Req/Id frames that have been
|
|
transmitted by this Authenticator."
|
|
::= { myDot1xAuthStatsEntry 9 }
|
|
|
|
myDot1xAuthObjectsEapolReqFramesTx OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of EAP Request frames
|
|
(other than Rq/Id frames) that have been
|
|
transmitted by this Authenticator."
|
|
::= { myDot1xAuthStatsEntry 10 }
|
|
|
|
myDot1xAuthObjectsInvalidEapolFramesRx OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of EAPOL frames that have been
|
|
received by this Authenticator in which the
|
|
frame type is not recognized."
|
|
::= { myDot1xAuthStatsEntry 11 }
|
|
|
|
myDot1xAuthObjectsEapLengthErrorFramesRx OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of EAPOL frames that have been received
|
|
by this Authenticator in which the Packet Body
|
|
Length field is invalid."
|
|
::= { myDot1xAuthStatsEntry 12 }
|
|
|
|
myDot1xAuthObjectsLastEapolFrameVersion OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The protocol version number carried in the
|
|
most recently received EAPOL frame."
|
|
::= { myDot1xAuthStatsEntry 13 }
|
|
|
|
myDot1xAuthObjectsLastEapolFrameSource OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The source MAC address carried in the
|
|
most recently received EAPOL frame."
|
|
::= { myDot1xAuthStatsEntry 14 }
|
|
|
|
myDot1xCurrentUserNumber OBJECT-TYPE
|
|
SYNTAX Counter
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Numbers of users who attached to the system ,regardless of their state."
|
|
::= { myDot1xAuthObjects 12 }
|
|
|
|
myDot1xCurrentAuthenticatedUserNumber OBJECT-TYPE
|
|
SYNTAX Counter
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Numbers of user who attached to the system and their current state is
|
|
authorized"
|
|
::= { myDot1xAuthObjects 13 }
|
|
|
|
myDot1xAccountStatus OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The enable(1)/disable(2) control used by the
|
|
accounting function."
|
|
DEFVAL { 2 }
|
|
::= { myDot1xAuthObjects 14 }
|
|
|
|
myAuthIfTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF MyAuthIfEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table of the authenticated status of interface."
|
|
::= { myDot1xAuthObjects 15 }
|
|
|
|
myAuthIfEntry OBJECT-TYPE
|
|
SYNTAX MyAuthIfEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The entry of MAC address which can be authenticated."
|
|
INDEX { myAuthIf}
|
|
::= { myAuthIfTable 1 }
|
|
|
|
MyAuthIfEntry ::=
|
|
SEQUENCE {
|
|
myAuthIf
|
|
IfIndex,
|
|
myAuthIfStatus
|
|
EnabledStatus
|
|
}
|
|
myAuthIf OBJECT-TYPE
|
|
SYNTAX IfIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The port number of the port/trunk to which frames received from a
|
|
specific port/trunk and destined for a specific MAC address."
|
|
::= { myAuthIfEntry 1 }
|
|
|
|
myAuthIfStatus OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The authentication status of a port, can be opened by setting its
|
|
value to Enabled(1), or closed by setting its value to Disabled(2)."
|
|
DEFVAL { 2 }
|
|
::= { myAuthIfEntry 2 }
|
|
|
|
myAuthenticationMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
eap-md5(1),
|
|
chap(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Mode used for authentication"
|
|
::= { myDot1xAuthObjects 16 }
|
|
|
|
myDot1xAccountUpdateStatus OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Account Update Status"
|
|
::= { myDot1xAuthObjects 17 }
|
|
|
|
myDot1xAcctInterimInterval OBJECT-TYPE
|
|
SYNTAX Unsigned32 (60..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Account Interim Interval"
|
|
::= { myDot1xAuthObjects 18 }
|
|
|
|
myDot1xEapolTagEnabled OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Eapol Tag Enabled"
|
|
::= { myDot1xAuthObjects 19 }
|
|
|
|
myDot1xIfUserMaxTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF MyDot1xIfUserMaxEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table of the max dot1x user number on authenticated interface."
|
|
::= { myDot1xAuthObjects 20 }
|
|
|
|
myDot1xIfUserMaxEntry OBJECT-TYPE
|
|
SYNTAX MyDot1xIfUserMaxEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The entry of max dot1x user number on authenticated interface."
|
|
INDEX { myDot1xIfUserMaxIndex}
|
|
::= { myDot1xIfUserMaxTable 1 }
|
|
|
|
MyDot1xIfUserMaxEntry ::=
|
|
SEQUENCE {
|
|
myDot1xIfUserMaxIndex
|
|
IfIndex,
|
|
myDot1xIfUserMaxNum
|
|
Unsigned32
|
|
}
|
|
myDot1xIfUserMaxIndex OBJECT-TYPE
|
|
SYNTAX IfIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The interface index which dot1x authentication is enabled."
|
|
::= { myDot1xIfUserMaxEntry 1 }
|
|
|
|
myDot1xIfUserMaxNum OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..4000)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The max dot1x user num on the interface, this is valid only
|
|
when dot1x authentication is enable on that interface.
|
|
Number 0 indicates no user number limits enabled on the interface."
|
|
::= { myDot1xIfUserMaxEntry 2 }
|
|
|
|
|
|
|
|
--
|
|
-- myAAAServer Group.
|
|
--
|
|
|
|
-- ::= { myAAAServerObjects 1 } this OID is obsolete
|
|
|
|
myAAAServerAuthPort OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"UDP port used for authentication in the global
|
|
configuration.
|
|
For RADIUS only, default value is 1812."
|
|
DEFVAL { 1812 }
|
|
::= { myAAAServerObjects 2 }
|
|
|
|
myAAAServerAcctPort OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"UDP port used for accounting service in the global
|
|
configuration.
|
|
For RADIUS only, default value is 1813."
|
|
DEFVAL { 1813 }
|
|
::= { myAAAServerObjects 3 }
|
|
|
|
myAAAServerRadiusKeyStr OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The server key to be used with all RADIUS server.
|
|
Retrieving the value of this object via SNMP will
|
|
return an empty string for security reasons."
|
|
DEFVAL { "" }
|
|
::= { myAAAServerObjects 4 }
|
|
|
|
-- ::= { myAAAServerObjects 5 } this OID is obsolete
|
|
|
|
-- ::= { myAAAServerObjects 6 } this OID is obsolete
|
|
|
|
-- ::= { myAAAServerObjects 7 } this OID is obsolete
|
|
|
|
myAAAServerTacplusKeyStr OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The server key to be used with all TACACS+ server.
|
|
Retrieving the value of this object via SNMP will return
|
|
an empty string for security reasons."
|
|
DEFVAL { "" }
|
|
::= { myAAAServerObjects 8 }
|
|
|
|
--
|
|
-- myAAAServerConfigTable
|
|
--
|
|
myAAAServerConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF MyAAAServerConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table shows current configurations for each
|
|
AAA server, allows existing servers to be removed
|
|
and new ones to be created."
|
|
::= { myAAAServerObjects 9 }
|
|
|
|
myAAAServerConfigEntry OBJECT-TYPE
|
|
SYNTAX MyAAAServerConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table of AAA server configuration identified by its
|
|
protocol and its index."
|
|
INDEX { myAAAServerConfigProtocol,
|
|
myAAAServerConfigIndex }
|
|
::= { myAAAServerConfigTable 1}
|
|
|
|
MyAAAServerConfigEntry ::=
|
|
SEQUENCE {
|
|
myAAAServerConfigProtocol INTEGER,
|
|
myAAAServerConfigIndex Unsigned32,
|
|
myAAAServerConfigAddressType InetAddressType,
|
|
myAAAServerConfigAddress InetAddress,
|
|
myAAAServerConfigAuthPort INTEGER,
|
|
myAAAServerConfigAcctPort INTEGER,
|
|
myAAAServerConfigKeyStr DisplayString,
|
|
myAAAServerConfigRowStatus RowStatus
|
|
}
|
|
|
|
myAAAServerConfigProtocol OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
radius(1), -- RADIUS
|
|
tacplus(2) -- TACACS+
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The variable denotes the protocol used by the managed
|
|
device with the AAA server corresponding to this entry
|
|
in the table."
|
|
::= { myAAAServerConfigEntry 1 }
|
|
|
|
myAAAServerConfigIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..4294967295)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A number uniquely identifying each server.
|
|
If the myAAAServerConfigIndex value for row creation is
|
|
already in use by an existing entry, snmp set to the
|
|
myAAAServerConfigIndex value will fail.
|
|
Upon reload, casIndex values may be changed."
|
|
::= { myAAAServerConfigEntry 2 }
|
|
|
|
myAAAServerConfigAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of address format used for the
|
|
myAAAServerConfigAddress object."
|
|
::= { myAAAServerConfigEntry 3 }
|
|
|
|
myAAAServerConfigAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address of the server."
|
|
::= { myAAAServerConfigEntry 4 }
|
|
|
|
myAAAServerConfigAuthPort OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"UDP/TCP port used for authentication in the server.
|
|
For RADIUS, default value is 1812.
|
|
For TACACS+, default value is 49."
|
|
::= { myAAAServerConfigEntry 5 }
|
|
|
|
myAAAServerConfigAcctPort OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"UDP/TCP port used for accounting service in the server.
|
|
For RADIUS, default value is 1813.
|
|
For TACACS+, the value of myAAAServerConfigAcctPort is
|
|
ignored, myAAAServerConfigAuthPort will be used instead."
|
|
::= { myAAAServerConfigEntry 6 }
|
|
|
|
myAAAServerConfigKeyStr OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The server key to be used with this server.
|
|
Retrieving the value of this object via SNMP will return an
|
|
empty string for security reasons."
|
|
DEFVAL { "" }
|
|
::= { myAAAServerConfigEntry 7 }
|
|
|
|
myAAAServerConfigRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of this table entry. Once the entry status is
|
|
set to active, the associated entry cannot be modified except
|
|
destroyed by setting this object to destroy(6)."
|
|
::= { myAAAServerConfigEntry 8 }
|
|
|
|
--
|
|
-- myAuthAddress Group.
|
|
--
|
|
myAuthAddrTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF MyAuthAddrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table of MAC address which can be authenticated."
|
|
::= { myAuthUserObjects 1 }
|
|
|
|
myAuthAddrEntry OBJECT-TYPE
|
|
SYNTAX MyAuthAddrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The entry of MAC address which can be authenticated."
|
|
INDEX { myAuthPort,myAuthMacAddress}
|
|
::= { myAuthAddrTable 1 }
|
|
|
|
MyAuthAddrEntry ::=
|
|
SEQUENCE {
|
|
myAuthPort
|
|
IfIndex,
|
|
myAuthMacAddress
|
|
MacAddress,
|
|
myAuthAddrStatus
|
|
INTEGER
|
|
}
|
|
myAuthPort OBJECT-TYPE
|
|
SYNTAX IfIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The port number of the port/trunk to which frames received from a
|
|
specific port/trunk and destined for a specific MAC address."
|
|
::= { myAuthAddrEntry 1 }
|
|
|
|
myAuthMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The MAC address which can be authenticated."
|
|
::= { myAuthAddrEntry 2 }
|
|
|
|
myAuthAddrStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
valid(1),
|
|
invalid(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"valid(1) - this entry is currently in use .
|
|
invalid(2) - writing this value to the object
|
|
removes the corresponding entry."
|
|
::= { myAuthAddrEntry 3 }
|
|
|
|
|
|
--
|
|
-- my authentication user information
|
|
--
|
|
myAuthUserTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF MyAuthUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table of authentication User Info."
|
|
::= { myAuthUserObjects 2 }
|
|
|
|
myAuthUserEntry OBJECT-TYPE
|
|
SYNTAX MyAuthUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The entry of authentication User Info table."
|
|
INDEX { myAuthUserFdbId,myAuthUserMacAddress}
|
|
::= { myAuthUserTable 1 }
|
|
|
|
MyAuthUserEntry ::=
|
|
SEQUENCE {
|
|
myAuthUserFdbId Unsigned32,
|
|
myAuthUserMacAddress MacAddress,
|
|
myAuthUserName DisplayString,
|
|
myAuthUserSessionId DisplayString,
|
|
myAuthUserIpAddr IpAddress,
|
|
myAuthUserPort INTEGER,
|
|
myAuthUserStatus ConfigStatus
|
|
}
|
|
|
|
myAuthUserFdbId OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The VID of vlan which the address blongs to."
|
|
::= { myAuthUserEntry 1 }
|
|
|
|
myAuthUserMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
" The MAC Address of authentication User ."
|
|
::= { myAuthUserEntry 2 }
|
|
|
|
myAuthUserName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Name of authentication User."
|
|
::= { myAuthUserEntry 3 }
|
|
|
|
myAuthUserSessionId OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
" The Session Id of authentication User ."
|
|
::= { myAuthUserEntry 4 }
|
|
|
|
myAuthUserIpAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
" The IP Address of authentication User ."
|
|
::= { myAuthUserEntry 5 }
|
|
|
|
myAuthUserPort OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
" The interface of authentication User ."
|
|
::= { myAuthUserEntry 6 }
|
|
|
|
myAuthUserStatus OBJECT-TYPE
|
|
SYNTAX ConfigStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Setting this object to 'invalid' will close a authenticated user,
|
|
set its value to valid will cause no action of agent,
|
|
when query always return value valid."
|
|
::= { myAuthUserEntry 7 }
|
|
|
|
|
|
--
|
|
-- my vpn authentication user information
|
|
--
|
|
myAuthUserForVPNDel OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..255))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"VPN user's name. Setting this object will delete a authenticated user and this user is unauthenticated.
|
|
The set string is the username.
|
|
|
|
Reading this object always return null string."
|
|
::= { myAuthUserObjects 3 }
|
|
|
|
|
|
-- authorization mode objects
|
|
|
|
myIpAuthorizationMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
disable(1),
|
|
dhcpServer(2),
|
|
radiusServer(3),
|
|
supplicant(4)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"disable(1) - don't limit ip address of user
|
|
dhcpServer(2) - limit ip address of user, only ip address assigned by the dhcp
|
|
server is legit.
|
|
radiusServer(3) - limit ip address of user, only ip address assigned by the radius
|
|
server is legit.
|
|
supplicant(4) - mac+ip+port indicates different users (get the IP adress through supplicant)"
|
|
::= { myAuthModeObjects 1 }
|
|
---
|
|
---Client probe
|
|
---
|
|
myClientProbeEnabledStatus OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of client probe function."
|
|
::= { myClientProbeObjects 1 }
|
|
|
|
myClientProbeHelloInterval OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The interval that client send hello packets."
|
|
::= { myClientProbeObjects 2 }
|
|
|
|
myClientProbeAliveInteval OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When switch does not receive any legal hello packets from client
|
|
in this interval,it will send RADIUS-Account-Stop to RADIUS server
|
|
to stop this connection.The value of the objects must be more than
|
|
myClientProbeHelloInterval"
|
|
::= { myClientProbeObjects 3 }
|
|
|
|
myAAAMIBConformance OBJECT IDENTIFIER ::= { myAAAMIB 2 }
|
|
myAAAMIBCompliances OBJECT IDENTIFIER ::= { myAAAMIBConformance 1 }
|
|
myAAAMIBGroups OBJECT IDENTIFIER ::= { myAAAMIBConformance 2 }
|
|
|
|
|
|
-- compliance statements
|
|
|
|
myAAAMIBCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for entities which implement
|
|
the My AAA MIB"
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
myDot1xAuthMIBGroup,
|
|
myAAAServerMIBGroup,
|
|
myAuthAddrMIBGroup,
|
|
myAuthModeMIBGroup
|
|
}
|
|
GROUP myClientProbeGroup
|
|
DESCRIPTION
|
|
"This group is mandatory only for those system which support client
|
|
probe function."
|
|
|
|
::= { myAAAMIBCompliances 1 }
|
|
|
|
-- units of conformance
|
|
|
|
myDot1xAuthMIBGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
myDot1xAuthStatus,
|
|
myDot1xAuthObjectsQuietPeriod,
|
|
myDot1xAuthObjectsTxPeriod,
|
|
myDot1xAuthObjectsSuppTimeout,
|
|
myDot1xAuthObjectsServerTimeout,
|
|
myDot1xAuthObjectsMaxReq,
|
|
myDot1xAuthObjectsReAuthPeriod,
|
|
myDot1xAuthObjectsReAuthEnable,
|
|
myDot1xAuthObjectsConfigFdbId,
|
|
myDot1xAuthObjectsConfigAddr,
|
|
myDot1xAuthObjectsPaeState,
|
|
myDot1xAuthObjectsBackendAuthState,
|
|
myDot1xAuthObjectsAuthControlledPortStatus,
|
|
myDot1xAuthObjectsKeyTxEnabled,
|
|
myDot1xAuthObjectsIfIndex,
|
|
myDot1xAuthObjectsStatsFdbId,
|
|
myDot1xAuthObjectsStatsAddr,
|
|
myDot1xAuthObjectsEapolFramesRx,
|
|
myDot1xAuthObjectsEapolFramesTx,
|
|
myDot1xAuthObjectsEapolMyFramesRx,
|
|
myDot1xAuthObjectsEapolLogoffFramesRx,
|
|
myDot1xAuthObjectsEapolRespIdFramesRx,
|
|
myDot1xAuthObjectsEapolRespFramesRx,
|
|
myDot1xAuthObjectsEapolReqIdFramesTx,
|
|
myDot1xAuthObjectsEapolReqFramesTx,
|
|
myDot1xAuthObjectsInvalidEapolFramesRx,
|
|
myDot1xAuthObjectsEapLengthErrorFramesRx,
|
|
myDot1xAuthObjectsLastEapolFrameVersion,
|
|
myDot1xAuthObjectsLastEapolFrameSource,
|
|
myDot1xCurrentUserNumber,
|
|
myDot1xCurrentAuthenticatedUserNumber,
|
|
myDot1xAuthObjectsMaxReauth,
|
|
myAuthIf,
|
|
myAuthIfStatus,
|
|
myAuthenticationMode
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing dot1x authentication managment."
|
|
::= { myAAAMIBGroups 1 }
|
|
|
|
|
|
myAAAServerMIBGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
myAAAServerAuthPort,
|
|
myAAAServerAcctPort,
|
|
myAAAServerRadiusKeyStr,
|
|
myAAAServerTacplusKeyStr,
|
|
myAAAServerConfigAddressType,
|
|
myAAAServerConfigAddress,
|
|
myAAAServerConfigAuthPort,
|
|
myAAAServerConfigAcctPort,
|
|
myAAAServerConfigKeyStr,
|
|
myAAAServerConfigRowStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing AAA server managment."
|
|
::= { myAAAMIBGroups 2 }
|
|
|
|
myAuthAddrMIBGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
myAuthMacAddress,
|
|
myAuthPort,
|
|
myAuthAddrStatus,
|
|
myAuthUserFdbId,
|
|
myAuthUserMacAddress,
|
|
myAuthUserName,
|
|
myAuthUserSessionId,
|
|
myAuthUserIpAddr,
|
|
myAuthUserPort,
|
|
myAuthUserStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing address permitted authentication managment."
|
|
::= { myAAAMIBGroups 3 }
|
|
|
|
myAuthModeMIBGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
myIpAuthorizationMode
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing authentication mode managment."
|
|
::= { myAAAMIBGroups 4 }
|
|
|
|
myClientProbeGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
myClientProbeEnabledStatus,
|
|
myClientProbeHelloInterval,
|
|
myClientProbeAliveInteval
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing client probe management."
|
|
::= { myAAAMIBGroups 5 }
|
|
END
|