1016 lines
38 KiB
Plaintext
1016 lines
38 KiB
Plaintext
ENTERASYS-MAC-AUTHENTICATION-MIB DEFINITIONS ::= BEGIN
|
|
|
|
-- enterasys-mac-authentication-mib.txt
|
|
--
|
|
-- Part Number:
|
|
--
|
|
--
|
|
|
|
-- This module provides authoritative definitions for Extreme
|
|
-- Networks' MAC-Authentication.
|
|
|
|
--
|
|
-- This module will be extended, as needed.
|
|
|
|
-- Extreme Networks reserves the right to make changes in this
|
|
-- specification and other information contained in this document
|
|
-- without prior notice. The reader should consult Extreme Networks
|
|
-- to determine whether any such changes have been made.
|
|
--
|
|
-- In no event shall Extreme Networks be liable for any incidental,
|
|
-- indirect, special, or consequential damages whatsoever (including
|
|
-- but not limited to lost profits) arising out of or related to this
|
|
-- document or the information contained in it, even if Extreme
|
|
-- Networks has been advised of, known, or should have known, the
|
|
-- possibility of such damages.
|
|
--
|
|
-- Extreme Networks grants vendors, end-users, and other interested
|
|
-- parties a non-exclusive license to use this Specification in
|
|
-- connection with the management of Extreme Networks products.
|
|
|
|
-- Copyright December, 2014 Extreme Networks, Inc.
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE, Unsigned32
|
|
FROM SNMPv2-SMI
|
|
MacAddress, TruthValue, RowStatus
|
|
FROM SNMPv2-TC
|
|
MODULE-COMPLIANCE, OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
SnmpAdminString
|
|
FROM SNMP-FRAMEWORK-MIB
|
|
InterfaceIndex
|
|
FROM IF-MIB
|
|
EnabledStatus
|
|
FROM P-BRIDGE-MIB
|
|
PortList
|
|
FROM Q-BRIDGE-MIB
|
|
etsysModules
|
|
FROM ENTERASYS-MIB-NAMES;
|
|
|
|
etsysMACAuthenticationMIB MODULE-IDENTITY
|
|
LAST-UPDATED "201706071035Z" -- Wed June 07 10:35 UTC 2017
|
|
|
|
ORGANIZATION "Extreme Networks, Inc"
|
|
CONTACT-INFO
|
|
"Postal: Extreme Networks, Inc.
|
|
6480 Via Del Oro
|
|
San Jose, CA 95119 USA
|
|
|
|
Phone: +1 408 579-2800
|
|
E-mail: support@extremenetworks.com
|
|
WWW: http://www.extremenetworks.com"
|
|
|
|
DESCRIPTION
|
|
"This MIB module defines a portion of the SNMP enterprise
|
|
MIBs under Enterasys Networks' enterprise OID pertaining to
|
|
MAC-Authentication.
|
|
|
|
This MIB was designed to be used for authentication using
|
|
source MAC addresses received in traffic on ports under
|
|
control of MAC-authentication.
|
|
|
|
The security afforded by this approach is neither the primary
|
|
concern nor intent of this MIB. Rather, this MIB provides
|
|
a convenient method of associating policy with MAC
|
|
addresses and applying that policy when the MAC address
|
|
appears on a pre-approved port in the network.
|
|
|
|
The term MAC-Authentication is used because an authentication
|
|
backend mechanism is used to allow the MAC onto the network,
|
|
as well as provide authorization information to the switch."
|
|
|
|
REVISION "201706071035Z" -- Wed June 07 10:35 UTC 2017
|
|
DESCRIPTION "Added colon to etsysMACAuthenticationSystemUserNameFormat."
|
|
|
|
REVISION "201412191051Z" -- Fri Dec 19 9:30 UTC 2014
|
|
DESCRIPTION "Added MAC List configuration."
|
|
|
|
REVISION "201412051051Z" -- Fri Dec 05 10:50 UTC 2014
|
|
DESCRIPTION "Added macList mode to etsysMACAuthenticationMode."
|
|
|
|
REVISION "201412031200Z" -- Wed Dec 03 13:51 UTC 2014
|
|
DESCRIPTION "Added etsysMACAuthenticationSystemUserNameFormat."
|
|
|
|
REVISION "201305171510Z" -- Fri May 17 15:10 UTC 2013
|
|
DESCRIPTION "Added account enable and disable."
|
|
|
|
REVISION "201301311334Z" -- Thu Jan 31 13:34 UTC 2013
|
|
DESCRIPTION "Added the etsysMACAuthenticationMode object."
|
|
|
|
REVISION "200207181812Z" -- Thu Jul 18 18:12 GMT 2002
|
|
DESCRIPTION "The initial version of this MIB module"
|
|
|
|
::= { etsysModules 25 }
|
|
|
|
etsysMACAuthenticationObjects
|
|
OBJECT IDENTIFIER ::= { etsysMACAuthenticationMIB 1 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Textual Conventions
|
|
-- -------------------------------------------------------------
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Branches of the Extreme MAC Authentication MIB
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysMACAuthenticationSystem
|
|
OBJECT IDENTIFIER ::= { etsysMACAuthenticationObjects 1 }
|
|
|
|
etsysMACAuthenticationPortConfig
|
|
OBJECT IDENTIFIER ::= { etsysMACAuthenticationObjects 2 }
|
|
|
|
etsysMACAuthenticationMACConfig
|
|
OBJECT IDENTIFIER ::= { etsysMACAuthenticationObjects 3 }
|
|
|
|
etsysMACAuthenticationMACSession
|
|
OBJECT IDENTIFIER ::= { etsysMACAuthenticationObjects 4 }
|
|
|
|
etsysMACAuthenticationMACListConfig
|
|
OBJECT IDENTIFIER ::= { etsysMACAuthenticationObjects 5 }
|
|
|
|
|
|
-- -------------------------------------------------------------
|
|
-- etsysMACAuthenticationSystemGroup
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysMACAuthenticationSystemEnable OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When enabled(1), all objects in this MIB are fully active.
|
|
When disabled(2), this object overrides all other object
|
|
settings in this MIB without affecting their values."
|
|
DEFVAL { disabled }
|
|
::= { etsysMACAuthenticationSystem 1 }
|
|
|
|
etsysMACAuthenticationMACUserPassword OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-write
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"*** This object is deprecated in favor of ***
|
|
*** the functionality provided by the ***
|
|
*** etsysMACAuthenticationMACListConfig group ***
|
|
|
|
This is the string to be used as a password credential
|
|
when authenticating a MAC address when
|
|
etsysMACAuthenticationMode is set to password(1)."
|
|
DEFVAL { "NOPASSWORD" }
|
|
::= { etsysMACAuthenticationSystem 2 }
|
|
|
|
etsysMACAuthenticationPortUserNameSignificantBits OBJECT-TYPE
|
|
SYNTAX INTEGER (1..48)
|
|
MAX-ACCESS read-write
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"*** This object is deprecated in favor of ***
|
|
*** the functionality provided by the ***
|
|
*** etsysMACAuthenticationMACListConfig group ***
|
|
|
|
This object represents the number of significant bits in the
|
|
MAC addresses to be used starting with the left-most bit of
|
|
the vendor portion of the MAC address. The significant portion
|
|
of the MAC address is sent as a user-name credential when the
|
|
primary attempt to authenticate the full MAC address fails.
|
|
Any other failure to authenticate the full address, (i.e.
|
|
authentication server timeout) causes the the next attempt to
|
|
start once again with a full MAC authentication."
|
|
DEFVAL { 48 }
|
|
::= { etsysMACAuthenticationSystem 3 }
|
|
|
|
etsysMACAuthenticationMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
password(1),
|
|
radiusUsername(2),
|
|
macList(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object selects the credentials to use when authenticating
|
|
a MAC address.
|
|
|
|
password(1) - Attempt to authenticate a user with the
|
|
password credential provided by
|
|
etsysMACAuthenticationMACUserPassword.
|
|
|
|
radiusUsername(2) - Attempt to authenticate a user with a password
|
|
credential that is the same as the radius
|
|
username credential.
|
|
|
|
macList(3) - Attempt to authenticate a user with credentials
|
|
provided by mac-list configuration."
|
|
DEFVAL { macList }
|
|
::= { etsysMACAuthenticationSystem 4 }
|
|
|
|
etsysMACAuthenticationSystemAccountEnable OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When enabled(1), RADIUS accounting start, interim and
|
|
stop frames are sent to the configured RADIUS server(s).
|
|
|
|
When disabled(2), accounting packets are not sent to
|
|
the RADIUS server."
|
|
DEFVAL { enabled }
|
|
::= { etsysMACAuthenticationSystem 5 }
|
|
|
|
etsysMACAuthenticationSystemUserNameFormat OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
hyphen(1),
|
|
none(2),
|
|
colon(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When hyphen(1), the user-name credential is the
|
|
MAC address formatted as 'xx-xx-xx-xx-xx-xx'.
|
|
|
|
When set to none(2), the user-name credential is the
|
|
MAC address formatted as 'xxxxxxxxxxxx'.
|
|
|
|
When colon(3), the user-name credential is the
|
|
MAC address formatted as 'xx:xx:xx:xx:xx:xx'."
|
|
DEFVAL { none }
|
|
::= { etsysMACAuthenticationSystem 6 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- etsysMACAuthenticationPortConfigGroup
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysMACAuthenticationPortConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EtsysMACAuthenticationPortConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing configuration objects for each MAC
|
|
authentication port. The configuration for
|
|
each port in this table must be non-volatile."
|
|
::= { etsysMACAuthenticationPortConfig 1 }
|
|
|
|
etsysMACAuthenticationPortConfigEntry OBJECT-TYPE
|
|
SYNTAX EtsysMACAuthenticationPortConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each conceptual row provides control over all of the
|
|
initial values used by each authenticated MAC on
|
|
this port. Subsequent changes to rows in this table,
|
|
except where noted, have no effect on existing MACs
|
|
authenticated on this port."
|
|
INDEX { etsysMACAuthenticationPort }
|
|
::= { etsysMACAuthenticationPortConfigTable 1 }
|
|
|
|
EtsysMACAuthenticationPortConfigEntry ::=
|
|
SEQUENCE {
|
|
etsysMACAuthenticationPort InterfaceIndex,
|
|
etsysMACAuthenticationPortInitialize TruthValue,
|
|
etsysMACAuthenticationPortReauthenticate TruthValue,
|
|
etsysMACAuthenticationPortEnable EnabledStatus,
|
|
etsysMACAuthenticationPortQuietPeriod Unsigned32,
|
|
etsysMACAuthenticationPortReauthPeriod Unsigned32,
|
|
etsysMACAuthenticationPortReauthEnabled EnabledStatus,
|
|
etsysMACAuthenticationAuthenticationsAllowed Unsigned32,
|
|
etsysMACAuthenticationAuthenticationsAllocated Unsigned32,
|
|
etsysMACAuthenticationLastFailedAuthCause SnmpAdminString
|
|
}
|
|
|
|
etsysMACAuthenticationPort OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the InterfaceIndex associated with this row."
|
|
::= { etsysMACAuthenticationPortConfigEntry 1 }
|
|
|
|
etsysMACAuthenticationPortInitialize OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When set to true(1), the MAC authentication logic on this
|
|
port is initialized, forcibly ending all MAC authentication
|
|
sessions currently in existence on this port. A set with
|
|
the value false(2) has no affect and a read always returns
|
|
false."
|
|
::= { etsysMACAuthenticationPortConfigEntry 2 }
|
|
|
|
etsysMACAuthenticationPortReauthenticate OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When set to true(1), the MAC authentication entity on
|
|
this port is required to immediately verify all currently
|
|
authenticated MACs on this port. This requires that each
|
|
MAC address be authenticated with the authentication server
|
|
through the local authentication client or some other
|
|
authentication mechanism. Each supplicant remains
|
|
authenticated pending the outcome."
|
|
::= { etsysMACAuthenticationPortConfigEntry 3 }
|
|
|
|
etsysMACAuthenticationPortEnable OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When set to enabled(1), a platform dependent triggering
|
|
mechanism initiates an authentication exchange using a
|
|
MAC address for authentication credentials.
|
|
When disabled(2), authentication attempts are disabled
|
|
and all currently authenticated MAC sessions or those in
|
|
the process of authentication on this port are terminated."
|
|
DEFVAL { disabled }
|
|
::= { etsysMACAuthenticationPortConfigEntry 4 }
|
|
|
|
etsysMACAuthenticationPortQuietPeriod OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value, in seconds, following a failed authentication
|
|
before another may be attempted on this port. This object
|
|
allows network management to provide hysteresis for failed
|
|
authentication requests from the same port."
|
|
DEFVAL { 30 }
|
|
::= { etsysMACAuthenticationPortConfigEntry 5 }
|
|
|
|
etsysMACAuthenticationPortReauthPeriod OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value, in seconds, between attempts to re-authenticate
|
|
any current MAC authenticated on this port."
|
|
DEFVAL { 3600 }
|
|
::= { etsysMACAuthenticationPortConfigEntry 6 }
|
|
|
|
etsysMACAuthenticationPortReauthEnabled OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If enabled(1), then every etsysMACAuthenticationReauthPeriod
|
|
the switch attempts to validate all currently authenticated
|
|
MACs on this port. When set to disabled(2) all current
|
|
re-authentications in progress are allowed to complete and
|
|
the requisite actions are taken. When set to disabled(2), no
|
|
further re-authentications are attempted."
|
|
DEFVAL { disabled }
|
|
::= { etsysMACAuthenticationPortConfigEntry 7 }
|
|
|
|
etsysMACAuthenticationAuthenticationsAllowed OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of concurrent authentications supported
|
|
on this port on this module. The default value of this
|
|
object is platform and resource dependent."
|
|
::= { etsysMACAuthenticationPortConfigEntry 8 }
|
|
|
|
etsysMACAuthenticationAuthenticationsAllocated OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of MAC authentications permitted on this
|
|
port on this module. This value must be non-zero and be less
|
|
than or equal to the value of
|
|
etsysMACAuthenticationAuthenticationsAllowed. Setting this
|
|
object to a value less than the current number of authenticated
|
|
MACs on this port prevents further authentications, but has no
|
|
affect on the current sessions."
|
|
::= { etsysMACAuthenticationPortConfigEntry 9 }
|
|
|
|
etsysMACAuthenticationLastFailedAuthCause OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The string will be formatted with
|
|
'XX-XX-XX-XX-XX-XX: TIME&DATE: Textual failure reason';
|
|
where XX-XX-XX-XX-XX-XX is the MAC address and TIME&DATE
|
|
is the time (hh/mm/ss) and date (mm/dd/yyyy) of the failure.
|
|
It is also only best effort; as there could be multiple
|
|
failures per port and the agent may query this at any random
|
|
time."
|
|
::= { etsysMACAuthenticationPortConfigEntry 10 }
|
|
|
|
|
|
-- -------------------------------------------------------------
|
|
-- etsysMACAuthenticationMACConfigGroup
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysMACAuthenticationMACConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EtsysMACAuthenticationMACConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing configuration objects for each MAC
|
|
authenticated on a port. Each row in this table
|
|
is created dynamically when a MAC authenticates
|
|
on a port."
|
|
::= { etsysMACAuthenticationMACConfig 1 }
|
|
|
|
etsysMACAuthenticationMACConfigEntry OBJECT-TYPE
|
|
SYNTAX EtsysMACAuthenticationMACConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each conceptual row inherits it's initial information
|
|
from the row in the etsysMACAuthenticationPortConfigTable
|
|
corresponding to the correct port. Each row represents an
|
|
authenticated MAC."
|
|
INDEX { etsysMACAuthenticationMACAddress }
|
|
::= { etsysMACAuthenticationMACConfigTable 1 }
|
|
|
|
EtsysMACAuthenticationMACConfigEntry::=
|
|
SEQUENCE {
|
|
etsysMACAuthenticationMACAddress MacAddress,
|
|
etsysMACAuthenticationSupplicantPort InterfaceIndex,
|
|
etsysMACAuthenticationMACInitialize TruthValue,
|
|
etsysMACAuthenticationMACReauthenticate TruthValue,
|
|
etsysMACAuthenticationMACReauthPeriod Unsigned32,
|
|
etsysMACAuthenticationMACReauthEnabled EnabledStatus
|
|
}
|
|
|
|
etsysMACAuthenticationMACAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the MAC address that was authenticated on this port."
|
|
::= { etsysMACAuthenticationMACConfigEntry 1 }
|
|
|
|
etsysMACAuthenticationSupplicantPort OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the InterfaceIndex associated with this rows
|
|
authenticated MAC."
|
|
::= { etsysMACAuthenticationMACConfigEntry 2 }
|
|
|
|
etsysMACAuthenticationMACInitialize OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When set to true(1), this MAC session terminates causing the
|
|
corresponding row in this table and in the
|
|
etsysMACAuthenticationSessionTable to be removed.
|
|
|
|
Setting this object to false(2) has no effect on the system.
|
|
Reads of this object always return false(2)."
|
|
::= { etsysMACAuthenticationMACConfigEntry 3 }
|
|
|
|
etsysMACAuthenticationMACReauthenticate OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When set to true(1), this MAC authentication session on this
|
|
port is required to immediately verify it's credentials.
|
|
This requires that each MAC address be authenticated with the
|
|
authentication server through the local authentication client
|
|
or some other authentication mechanism.
|
|
|
|
Setting this object to false(2) has no effect on the system.
|
|
Reads of this object always return false(2)."
|
|
::= { etsysMACAuthenticationMACConfigEntry 4 }
|
|
|
|
etsysMACAuthenticationMACReauthPeriod OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value, in seconds, between attempts to re-authenticate
|
|
the MAC associated with this row."
|
|
::= { etsysMACAuthenticationMACConfigEntry 5 }
|
|
|
|
etsysMACAuthenticationMACReauthEnabled OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If enabled(1), then every etsysMACAuthenticationReauthPeriod
|
|
the switch attempts to validate all currently authenticated
|
|
MACs on this port. If disabled(2), reauthentication is
|
|
not attempted."
|
|
::= { etsysMACAuthenticationMACConfigEntry 6 }
|
|
|
|
|
|
-- -------------------------------------------------------------
|
|
-- etsysMACAuthenticationSessionGroup
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysMACAuthenticationSessionTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EtsysMACAuthenticationSessionEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing configuration objects for each MAC
|
|
authentication on a port. The successful completion of
|
|
an authentication causes the creation of a new row in
|
|
this table. When a MAC becomes unauthenticated because
|
|
of a link-down, a management change, or system
|
|
re-initialization, then the corresponding row is removed
|
|
from this table."
|
|
::= { etsysMACAuthenticationMACSession 1 }
|
|
|
|
etsysMACAuthenticationSessionEntry OBJECT-TYPE
|
|
SYNTAX EtsysMACAuthenticationSessionEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each conceptual row inherits it's initial information
|
|
from the row in the etsysMACAuthenticationPortConfigTable
|
|
corresponding to the correct port. Each row represents an
|
|
authenticated MAC."
|
|
INDEX { etsysMACAuthenticationMACAddress }
|
|
::= { etsysMACAuthenticationSessionTable 1 }
|
|
|
|
EtsysMACAuthenticationSessionEntry::=
|
|
SEQUENCE {
|
|
etsysMACAuthenticationSessionPort InterfaceIndex,
|
|
etsysMACAuthenticationDuration Unsigned32
|
|
}
|
|
|
|
etsysMACAuthenticationSessionPort OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the InterfaceIndex associated with the authenticated
|
|
MACs session."
|
|
::= { etsysMACAuthenticationSessionEntry 1 }
|
|
|
|
etsysMACAuthenticationDuration OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value, in seconds, which have elapsed since the start
|
|
of this session."
|
|
::= { etsysMACAuthenticationSessionEntry 2 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- etsysMACAuthenticationMACListConfig
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysMACAuthenticationMaxMACListEntries OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Maximum number of entries allowed in the
|
|
etsysMACAuthenticationMACListTable."
|
|
::= { etsysMACAuthenticationMACListConfig 1 }
|
|
|
|
etsysMACAuthenticationCurrentMACListEntries OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current number of entries in the
|
|
etsysMACAuthenticationMACListTable."
|
|
::= { etsysMACAuthenticationMACListConfig 2 }
|
|
|
|
etsysMACAuthenticationMACListTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EtsysMACAuthenticationMACListEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table provides configuration objects for the
|
|
MAC List functionality.
|
|
|
|
When an unauthenticated MAC address is received a
|
|
longest prefix search is performed. If more than
|
|
one match is made -- the one with the longest
|
|
mask length -- is called the longest prefix match.
|
|
|
|
Authentication is blocked when no match is found,
|
|
or the matching entry's etsysMACAuthenticationMACListPorts
|
|
value is not the empty string and the ingress port is not
|
|
set in the list.
|
|
|
|
To create a default entry that matches any MAC address,
|
|
configure a row with a MAC address of all FFs and a
|
|
mask length of 48.
|
|
|
|
The user-name credential will be the portion
|
|
of the MAC address specified by
|
|
etsysMACAuthenticationMACListMaskLen.
|
|
|
|
If the etsysMACAuthenticationMACListPassword is set,
|
|
it will be used as the password credential for authentication.
|
|
Otherwise, the user-name credential will be used as the
|
|
password credential."
|
|
::= { etsysMACAuthenticationMACListConfig 3 }
|
|
|
|
etsysMACAuthenticationMACListEntry OBJECT-TYPE
|
|
SYNTAX EtsysMACAuthenticationMACListEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each row represents an entry in the MAC List."
|
|
INDEX { etsysMACAuthenticationMACListAddress,
|
|
etsysMACAuthenticationMACListMaskLen }
|
|
::= { etsysMACAuthenticationMACListTable 1 }
|
|
|
|
EtsysMACAuthenticationMACListEntry::=
|
|
SEQUENCE {
|
|
etsysMACAuthenticationMACListAddress MacAddress,
|
|
etsysMACAuthenticationMACListMaskLen Unsigned32,
|
|
etsysMACAuthenticationMACListPassword SnmpAdminString,
|
|
etsysMACAuthenticationMACListPasswordValid TruthValue,
|
|
etsysMACAuthenticationMACListPorts PortList,
|
|
etsysMACAuthenticationMACListRowStatus RowStatus
|
|
}
|
|
|
|
etsysMACAuthenticationMACListAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The MAC address to match."
|
|
::= { etsysMACAuthenticationMACListEntry 1 }
|
|
|
|
etsysMACAuthenticationMACListMaskLen OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..48)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the number of significant bits in the
|
|
MAC address to match starting with the left-most bit of
|
|
the vendor portion of the MAC address. The significant portion
|
|
of the MAC address is sent as a user-name credential."
|
|
::= { etsysMACAuthenticationMACListEntry 2 }
|
|
|
|
etsysMACAuthenticationMACListPassword OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(0..48))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The password to use to authenticate the MAC address.
|
|
On a read this object will always return an empty string."
|
|
DEFVAL { "" }
|
|
::= { etsysMACAuthenticationMACListEntry 3 }
|
|
|
|
etsysMACAuthenticationMACListPasswordValid OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"true(1) - indicates that etsysMACAuthenticationMACListPassword
|
|
was last set with some value other than the empty string.
|
|
|
|
false(2) - indicates that etsysMACAuthenticationMACListPassword
|
|
has never been set, or was last set to the empty string.
|
|
In this case, the password used to authenticate will be the same
|
|
as the user-name credential."
|
|
::= { etsysMACAuthenticationMACListEntry 4 }
|
|
|
|
etsysMACAuthenticationMACListPorts OBJECT-TYPE
|
|
SYNTAX PortList
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The set of ports to allow authentication on. If this object is
|
|
the empty string then authentication is allowed on all ports."
|
|
DEFVAL { ''H } -- the empty string
|
|
::= { etsysMACAuthenticationMACListEntry 5 }
|
|
|
|
etsysMACAuthenticationMACListRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of this row.
|
|
|
|
active(1) -- Indicates that this entry is available
|
|
for use by the managed device.
|
|
|
|
createAndGo(4) -- A new entry will be created in this table
|
|
and the new entry will transition to the
|
|
active state.
|
|
|
|
destroy(6) -- Deletes this row. "
|
|
::= { etsysMACAuthenticationMACListEntry 6 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Conformance Information
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysMACAuthenticationConformance
|
|
OBJECT IDENTIFIER ::= { etsysMACAuthenticationMIB 2 }
|
|
|
|
etsysMACAuthenticationGroups
|
|
OBJECT IDENTIFIER ::= { etsysMACAuthenticationConformance 1 }
|
|
|
|
etsysMACAuthenticationCompliances
|
|
OBJECT IDENTIFIER ::= { etsysMACAuthenticationConformance 2 }
|
|
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Units of conformance
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysMACAuthenticationSystemGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysMACAuthenticationSystemEnable,
|
|
etsysMACAuthenticationMACUserPassword,
|
|
etsysMACAuthenticationPortUserNameSignificantBits
|
|
}
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"Global object controlling this feature.
|
|
Global objects that affect how the credentials are
|
|
presented to the authentication server."
|
|
::= { etsysMACAuthenticationGroups 1 }
|
|
|
|
etsysMACAuthenticationPortConfigGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysMACAuthenticationPortInitialize,
|
|
etsysMACAuthenticationPortReauthenticate,
|
|
etsysMACAuthenticationPortEnable,
|
|
etsysMACAuthenticationPortQuietPeriod,
|
|
etsysMACAuthenticationPortReauthPeriod,
|
|
etsysMACAuthenticationPortReauthEnabled,
|
|
etsysMACAuthenticationAuthenticationsAllowed,
|
|
etsysMACAuthenticationAuthenticationsAllocated,
|
|
etsysMACAuthenticationLastFailedAuthCause
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Objects describing the MAC Authentication
|
|
configuration for each port."
|
|
::= { etsysMACAuthenticationGroups 2 }
|
|
|
|
etsysMACAuthenticationMACConfigGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysMACAuthenticationSupplicantPort,
|
|
etsysMACAuthenticationMACInitialize,
|
|
etsysMACAuthenticationMACReauthenticate,
|
|
etsysMACAuthenticationMACReauthPeriod,
|
|
etsysMACAuthenticationMACReauthEnabled
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Objects associated with an individual MACs
|
|
authentication configuration."
|
|
::= { etsysMACAuthenticationGroups 3 }
|
|
|
|
etsysMACAuthenticationMACSessionGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysMACAuthenticationSessionPort,
|
|
etsysMACAuthenticationDuration
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Objects associated with a MAC Session"
|
|
::= { etsysMACAuthenticationGroups 4 }
|
|
|
|
etsysMACAuthenticationSystemGroup2 OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysMACAuthenticationSystemEnable,
|
|
etsysMACAuthenticationMACUserPassword,
|
|
etsysMACAuthenticationPortUserNameSignificantBits,
|
|
etsysMACAuthenticationMode,
|
|
etsysMACAuthenticationSystemAccountEnable
|
|
}
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"Global object controlling this feature.
|
|
Global objects that affect how the credentials are
|
|
presented to the authentication server."
|
|
::= { etsysMACAuthenticationGroups 5 }
|
|
|
|
etsysMACAuthenticationSystemGroup3 OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysMACAuthenticationSystemEnable,
|
|
etsysMACAuthenticationMACUserPassword,
|
|
etsysMACAuthenticationPortUserNameSignificantBits,
|
|
etsysMACAuthenticationMode,
|
|
etsysMACAuthenticationSystemAccountEnable,
|
|
etsysMACAuthenticationSystemUserNameFormat
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Global object controlling this feature.
|
|
Global objects that affect how the credentials are
|
|
presented to the authentication server."
|
|
::= { etsysMACAuthenticationGroups 6 }
|
|
|
|
etsysMACAuthenticationMACListGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysMACAuthenticationMaxMACListEntries,
|
|
etsysMACAuthenticationCurrentMACListEntries,
|
|
etsysMACAuthenticationMACListPassword,
|
|
etsysMACAuthenticationMACListPasswordValid,
|
|
etsysMACAuthenticationMACListPorts,
|
|
etsysMACAuthenticationMACListRowStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Objects associated with MAC-List configuration."
|
|
::= { etsysMACAuthenticationGroups 7 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Compliance statements
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysMACAuthenticationCompliance MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for devices that support MAC-Authentication."
|
|
|
|
MODULE
|
|
MANDATORY-GROUPS {
|
|
etsysMACAuthenticationSystemGroup,
|
|
etsysMACAuthenticationPortConfigGroup,
|
|
etsysMACAuthenticationMACConfigGroup
|
|
}
|
|
|
|
GROUP etsysMACAuthenticationMACSessionGroup
|
|
DESCRIPTION
|
|
"Implementation of the etsysMACAuthenticationMACSessionGroup
|
|
is optional for all agents. If the agent impelments session
|
|
functionality, then this table should be supported."
|
|
|
|
OBJECT etsysMACAuthenticationSystemEnable
|
|
SYNTAX EnabledStatus
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required. If read-only is selected,
|
|
then the default value must be enabled(1)."
|
|
|
|
OBJECT etsysMACAuthenticationPortUserNameSignificantBits
|
|
SYNTAX INTEGER(1..48)
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required. If read-only is selected,
|
|
then the default value must be 48. If this object is read-write,
|
|
then the agent performs a two stage authentication where the
|
|
it attempts to authenticate the masked MAC address if the
|
|
full MAC address fails to authenticate."
|
|
::= { etsysMACAuthenticationCompliances 1 }
|
|
|
|
etsysMACAuthenticationCompliance2 MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for devices that support
|
|
MAC-Authentication."
|
|
|
|
MODULE
|
|
MANDATORY-GROUPS {
|
|
etsysMACAuthenticationSystemGroup2,
|
|
etsysMACAuthenticationPortConfigGroup,
|
|
etsysMACAuthenticationMACConfigGroup
|
|
}
|
|
|
|
GROUP etsysMACAuthenticationMACSessionGroup
|
|
DESCRIPTION
|
|
"Implementation of the etsysMACAuthenticationMACSessionGroup
|
|
is optional for all agents. If the agent impelments session
|
|
functionality, then this table should be supported."
|
|
|
|
OBJECT etsysMACAuthenticationSystemEnable
|
|
SYNTAX EnabledStatus
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required. If read-only is selected,
|
|
then the default value must be enabled(1)."
|
|
|
|
OBJECT etsysMACAuthenticationPortUserNameSignificantBits
|
|
SYNTAX INTEGER(1..48)
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required. If read-only is selected,
|
|
then the default value must be 48. If this object is read-write,
|
|
then the agent performs a two stage authentication where the
|
|
it attempts to authenticate the masked MAC address if the
|
|
full MAC address fails to authenticate."
|
|
::= { etsysMACAuthenticationCompliances 2 }
|
|
|
|
etsysMACAuthenticationCompliance3 MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for devices that support
|
|
MAC-Authentication."
|
|
|
|
MODULE
|
|
MANDATORY-GROUPS {
|
|
etsysMACAuthenticationSystemGroup3,
|
|
etsysMACAuthenticationPortConfigGroup,
|
|
etsysMACAuthenticationMACConfigGroup
|
|
}
|
|
|
|
GROUP etsysMACAuthenticationMACSessionGroup
|
|
DESCRIPTION
|
|
"Implementation of the etsysMACAuthenticationMACSessionGroup
|
|
is optional for all agents. If the agent impelments session
|
|
functionality, then this table should be supported."
|
|
|
|
OBJECT etsysMACAuthenticationSystemEnable
|
|
SYNTAX EnabledStatus
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required. If read-only is selected,
|
|
then the default value must be enabled(1)."
|
|
|
|
OBJECT etsysMACAuthenticationPortUserNameSignificantBits
|
|
SYNTAX INTEGER(1..48)
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required. If read-only is selected,
|
|
then the default value must be 48. If this object is read-write,
|
|
then the agent performs a two stage authentication where the
|
|
it attempts to authenticate the masked MAC address if the
|
|
full MAC address fails to authenticate."
|
|
|
|
OBJECT etsysMACAuthenticationSystemUserNameFormat
|
|
SYNTAX INTEGER {
|
|
hyphen(1),
|
|
none(2)
|
|
}
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
::= { etsysMACAuthenticationCompliances 3 }
|
|
|
|
etsysMACAuthenticationCompliance4 MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for devices that support
|
|
MAC-Authentication."
|
|
|
|
MODULE
|
|
MANDATORY-GROUPS {
|
|
etsysMACAuthenticationSystemGroup3,
|
|
etsysMACAuthenticationPortConfigGroup,
|
|
etsysMACAuthenticationMACConfigGroup
|
|
}
|
|
|
|
GROUP etsysMACAuthenticationMACSessionGroup
|
|
DESCRIPTION
|
|
"Implementation of the etsysMACAuthenticationMACSessionGroup
|
|
is optional for all agents. If the agent implements session
|
|
functionality, then this table should be supported.
|
|
|
|
Implementation of the etysMACAuthenticationMACListGroup is
|
|
optional for all agents. If the agent implements MAC-List
|
|
functionality, then this table should be supported."
|
|
|
|
OBJECT etsysMACAuthenticationSystemEnable
|
|
SYNTAX EnabledStatus
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required. If read-only is selected,
|
|
then the default value must be enabled(1)."
|
|
|
|
OBJECT etsysMACAuthenticationPortUserNameSignificantBits
|
|
SYNTAX INTEGER(1..48)
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required. If read-only is selected,
|
|
then the default value must be 48. If this object is read-write,
|
|
then the agent performs a two stage authentication where the
|
|
it attempts to authenticate the masked MAC address if the
|
|
full MAC address fails to authenticate."
|
|
|
|
OBJECT etsysMACAuthenticationSystemUserNameFormat
|
|
SYNTAX INTEGER {
|
|
hyphen(1),
|
|
none(2)
|
|
}
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT etsysMACAuthenticationMode
|
|
SYNTAX INTEGER {
|
|
password(1),
|
|
radiusUsername(2),
|
|
macList(3)
|
|
}
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT etsysMACAuthenticationMACListRowStatus
|
|
WRITE-SYNTAX RowStatus { active(1), createAndGo(4), destroy(6) }
|
|
DESCRIPTION
|
|
"The states createAndWait, notInService and notReady are not
|
|
supported for writing."
|
|
|
|
::= { etsysMACAuthenticationCompliances 4 }
|
|
|
|
END
|