1058 lines
29 KiB
Plaintext
1058 lines
29 KiB
Plaintext
G6-PACC-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE, Integer32, Unsigned32, Counter32, enterprises,NOTIFICATION-TYPE
|
|
FROM SNMPv2-SMI
|
|
DisplayString, MacAddress
|
|
FROM SNMPv2-TC
|
|
g6 FROM MICROSENS-G6-MIB
|
|
;
|
|
|
|
protocol MODULE-IDENTITY --Category
|
|
LAST-UPDATED "201802121619Z"
|
|
ORGANIZATION "MICROSENS GmbH & Co. KG"
|
|
CONTACT-INFO
|
|
"Kueferstrasse 16
|
|
D-59067 Hamm
|
|
Germany
|
|
support@microsens.de
|
|
http://www.microsens.de"
|
|
DESCRIPTION
|
|
"Microsens private MIB for Generation 6 Ethernet Switches"
|
|
|
|
REVISION "201802121619Z"
|
|
DESCRIPTION
|
|
"File creation"
|
|
::= { g6 2 }
|
|
|
|
pacc OBJECT IDENTIFIER ::= { protocol 46 }
|
|
|
|
|
|
|
|
-- *************************** CONFIGURATION SECTION ********************************
|
|
|
|
|
|
paccEnablePortAccessControl OBJECT-TYPE -- enable_port_access_control
|
|
SYNTAX INTEGER { disabled(0), enabled(1) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Generally enables the port access control function."
|
|
::= { pacc 1 }
|
|
|
|
|
|
paccReauthenticationPeriod OBJECT-TYPE -- reauthentication_period
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"EAP reauthentication period in seconds. To disable reauthentication set value to 0."
|
|
::= { pacc 2 }
|
|
|
|
|
|
paccNasIdentifier OBJECT-TYPE -- nas_identifier
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Optional NAS-Identifier string for RADIUS messages."
|
|
::= { pacc 3 }
|
|
|
|
|
|
paccMacSeparatorChar OBJECT-TYPE -- mac_separator_char
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Defines the character which separates the bytes of a MAC address."
|
|
::= { pacc 4 }
|
|
|
|
|
|
paccMacSpelling OBJECT-TYPE -- mac_spelling
|
|
SYNTAX INTEGER
|
|
{
|
|
lowerCase (0),
|
|
upperCase (1)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Defines in which case the MAC is defined."
|
|
::= { pacc 5 }
|
|
|
|
|
|
paccMacPasswordSource OBJECT-TYPE -- mac_password_source
|
|
SYNTAX INTEGER
|
|
{
|
|
useMac (0),
|
|
usePassword (1)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Defines if MAC or Password is used for authentication."
|
|
::= { pacc 6 }
|
|
|
|
|
|
paccMacPasswordString OBJECT-TYPE -- mac_password_string
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"User defined password string."
|
|
::= { pacc 7 }
|
|
|
|
|
|
paccPrimaryAuthServerName OBJECT-TYPE -- primary_auth_server_name
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Symbolic name of the RADIUS server used for authentication."
|
|
::= { pacc 8 }
|
|
|
|
|
|
paccPrimaryAcctServerName OBJECT-TYPE -- primary_acct_server_name
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Symbolic name of the RADIUS server used for accounting."
|
|
::= { pacc 9 }
|
|
|
|
|
|
paccFallbackAuthServerName OBJECT-TYPE -- fallback_auth_server_name
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Symbolic name of the RADIUS server used for authentication if the primary server is down. Leave empty when no fallback is required."
|
|
::= { pacc 10 }
|
|
|
|
|
|
paccFallbackAcctServerName OBJECT-TYPE -- fallback_acct_server_name
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Symbolic name of the RADIUS server used for accounting if the primary server is down. Leave empty when no fallback is required."
|
|
::= { pacc 11 }
|
|
|
|
|
|
paccServerDownTimeout OBJECT-TYPE -- server_down_timeout
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Retry interval in seconds for trying to return to the primary RADIUS server."
|
|
::= { pacc 12 }
|
|
|
|
|
|
paccFilterAuthorizedMac OBJECT-TYPE -- filter_authorized_mac
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Filter user_status table to show only entries for specified MAC. Supply MAC address as parameter. Enter only the first 3 value pairs of the MAC to search for vendor MACs. Syntax example: mac.filter_mac = 01:22:3A."
|
|
::= { pacc 13 }
|
|
|
|
|
|
paccFilterAuthorizedPort OBJECT-TYPE -- filter_authorized_port
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Filter user_status table to show only entries associated with a given port range. The shorthand port format like 1 for 1/1 may be used. Syntax examples: mac.filter_port = 1/1,2/5 or mac.filter_port = 1-3,5. "
|
|
::= { pacc 14 }
|
|
|
|
|
|
paccFilterAuthorizedUser OBJECT-TYPE -- filter_authorized_user
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Filter user_status table to show only entries for the given user name. Wildcards *name* automatically apply so that only a part of the expected name needs to be supplied."
|
|
::= { pacc 15 }
|
|
|
|
|
|
-- ******************* Begin of portConfigTable *************************
|
|
|
|
portConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF PortConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
::= { pacc 16 }
|
|
|
|
portConfigEntry OBJECT-TYPE
|
|
SYNTAX PortConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
INDEX { portConfigPortIndex }
|
|
::= { portConfigTable 1 }
|
|
|
|
|
|
PortConfigEntry ::= SEQUENCE {
|
|
portConfigPortIndex INTEGER,
|
|
portConfigAuthorizeMode INTEGER ,
|
|
portConfigAuthorizePriority INTEGER ,
|
|
portConfigUnauthorizedMode INTEGER ,
|
|
portConfigAuthFailRetryTimer Unsigned32,
|
|
portConfigMacTimeout INTEGER ,
|
|
portConfigLimitedNumberOfMacs Integer32 ,
|
|
portConfigDropUnknownUnicasts INTEGER ,
|
|
portConfigDropEgressBroadcasts INTEGER ,
|
|
portConfigLearnMacNow DisplayString,
|
|
portConfigReauthenticate DisplayString,
|
|
portConfigUnauthorizeMac DisplayString
|
|
}
|
|
|
|
portConfigPortIndex OBJECT-TYPE
|
|
SYNTAX INTEGER (0..24)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Automatically generated"
|
|
::= { portConfigEntry 1 }
|
|
|
|
portConfigAuthorizeMode OBJECT-TYPE -- authorize_mode
|
|
SYNTAX INTEGER
|
|
{
|
|
alwaysAuthorized (0),
|
|
viaMacTable (1),
|
|
macViaRadius (2),
|
|
ms8021xViaRadius (3),
|
|
macOr8021xViaRadius (4),
|
|
forceUnauthorized (5),
|
|
macEventOnly (6),
|
|
edge8021xViaRadius (7)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Defines method for authorization of user on port."
|
|
::= { portConfigEntry 2 }
|
|
|
|
portConfigAuthorizePriority OBJECT-TYPE -- authorize_priority
|
|
SYNTAX INTEGER
|
|
{
|
|
prefer8021x (0),
|
|
preferMac (1)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When two methods provide positive authorization, then this parameter decides which method is used."
|
|
::= { portConfigEntry 3 }
|
|
|
|
portConfigUnauthorizedMode OBJECT-TYPE -- unauthorized_mode
|
|
SYNTAX INTEGER
|
|
{
|
|
blocked (0),
|
|
useUnauthorizedVlan (1),
|
|
incomingBlocked (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Defines how unauthorized ports are treated."
|
|
::= { portConfigEntry 4 }
|
|
|
|
portConfigAuthFailRetryTimer OBJECT-TYPE -- auth_fail_retry_timer
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When authentication has failed, the authentication is restarted after the defined time in seconds. This is useful for unattended devices using MAC authentication or when access rights are centrally changed on the RADIUS server and the end unit cannot be reauthenticated manually. The default value of 0 disables the automatic retry."
|
|
::= { portConfigEntry 5 }
|
|
|
|
portConfigMacTimeout OBJECT-TYPE -- mac_timeout
|
|
SYNTAX INTEGER
|
|
{
|
|
none (0),
|
|
slow (1),
|
|
fast (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Defines how long authorized MACs remain authorized after inactivity of the MAC."
|
|
::= { portConfigEntry 6 }
|
|
|
|
portConfigLimitedNumberOfMacs OBJECT-TYPE -- limited_number_of_macs
|
|
SYNTAX Integer32 (0..255)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Limit the number of permitted MACs on the port. Set to 0 for normal unlimited operation. This feature is independend of the authorized_mac function."
|
|
::= { portConfigEntry 7 }
|
|
|
|
portConfigDropUnknownUnicasts OBJECT-TYPE -- drop_unknown_unicasts
|
|
SYNTAX INTEGER { disabled(0), enabled(1) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When set only unicast frames with learned or known MAC address will be send out of this port."
|
|
::= { portConfigEntry 8 }
|
|
|
|
portConfigDropEgressBroadcasts OBJECT-TYPE -- drop_egress_broadcasts
|
|
SYNTAX INTEGER { disabled(0), enabled(1) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When set no broadcast frames with egress this port."
|
|
::= { portConfigEntry 9 }
|
|
|
|
portConfigLearnMacNow OBJECT-TYPE -- learn_mac_now
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Learn the next incoming MAC(s) of this port and enter them into the mac_table. Syntax: learn_mac_now = 3 will learn the next 3 MAC addresses. Use pacc.port_status.number_of_learned_macs to verify progress. Type learn_mac_now = 0 to cancel further learning."
|
|
::= { portConfigEntry 10 }
|
|
|
|
portConfigReauthenticate OBJECT-TYPE -- reauthenticate
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This action forces re-authentication of the port using the configured method. No parameter required."
|
|
::= { portConfigEntry 11 }
|
|
|
|
portConfigUnauthorizeMac OBJECT-TYPE -- unauthorize_mac
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This action will unauthorize a specific MAC. When no MAC is specified, the entire port is unauthorized."
|
|
::= { portConfigEntry 12 }
|
|
|
|
|
|
-- ********************* End of portConfigTable ***********************
|
|
|
|
|
|
-- ******************* Begin of authorizedMacsTable *************************
|
|
|
|
authorizedMacsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF AuthorizedMacsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table defines statically permitted MACs that do not require the device to perform any further authorization process."
|
|
::= { pacc 17 }
|
|
|
|
authorizedMacsEntry OBJECT-TYPE
|
|
SYNTAX AuthorizedMacsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
INDEX { authorizedMacsIndex }
|
|
::= { authorizedMacsTable 1 }
|
|
|
|
|
|
AuthorizedMacsEntry ::= SEQUENCE {
|
|
authorizedMacsIndex INTEGER,
|
|
authorizedMacsName DisplayString,
|
|
authorizedMacsMacAddress MacAddress,
|
|
authorizedMacsPermittedPorts INTEGER,
|
|
authorizedMacsTreatAsVendorMac INTEGER
|
|
}
|
|
|
|
authorizedMacsIndex OBJECT-TYPE
|
|
SYNTAX INTEGER (0..127)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Automatically generated"
|
|
::= { authorizedMacsEntry 1 }
|
|
|
|
authorizedMacsName OBJECT-TYPE -- name
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Unique name to reference this entry and to remember whose MAC address is entered."
|
|
::= { authorizedMacsEntry 2 }
|
|
|
|
authorizedMacsMacAddress OBJECT-TYPE -- mac_address
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"MAC address of authorized user for port."
|
|
::= { authorizedMacsEntry 3 }
|
|
|
|
authorizedMacsPermittedPorts OBJECT-TYPE -- permitted_ports
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Mask which defines at which port(s) this MAC is permitted. A value of 0 disables this entry. Syntax: slot/port, slot/port or use hex value for quick setup. Example: = 0xf (ports 1-4)"
|
|
::= { authorizedMacsEntry 4 }
|
|
|
|
authorizedMacsTreatAsVendorMac OBJECT-TYPE -- treat_as_vendor_mac
|
|
SYNTAX INTEGER { disabled(0), enabled(1) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When set, the MAC is treated as vendor MAC. All MACs from this vendor are permitted then."
|
|
::= { authorizedMacsEntry 5 }
|
|
|
|
|
|
-- ********************* End of authorizedMacsTable ***********************
|
|
|
|
|
|
-- ******************* Begin of supplicantTable *************************
|
|
|
|
supplicantTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SupplicantEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The 802.1x supplicant permits automatic login when a port is activated."
|
|
::= { pacc 18 }
|
|
|
|
supplicantEntry OBJECT-TYPE
|
|
SYNTAX SupplicantEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
INDEX { supplicantIndex }
|
|
::= { supplicantTable 1 }
|
|
|
|
|
|
SupplicantEntry ::= SEQUENCE {
|
|
supplicantIndex INTEGER,
|
|
supplicantEnableSupplicant INTEGER ,
|
|
supplicantPort Integer32 ,
|
|
supplicantActionOnLinkDown INTEGER ,
|
|
supplicantIdentity DisplayString,
|
|
supplicantAnonymousIdentity DisplayString,
|
|
supplicantAuthenticationProtocol DisplayString,
|
|
supplicantEnterPassword DisplayString,
|
|
supplicantEncryptedAuthPassword DisplayString,
|
|
supplicantReauthenticate DisplayString
|
|
}
|
|
|
|
supplicantIndex OBJECT-TYPE
|
|
SYNTAX INTEGER (0)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Automatically generated"
|
|
::= { supplicantEntry 1 }
|
|
|
|
supplicantEnableSupplicant OBJECT-TYPE -- enable_supplicant
|
|
SYNTAX INTEGER { disabled(0), enabled(1) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Generally enables the 802.1x supplicant function."
|
|
::= { supplicantEntry 2 }
|
|
|
|
supplicantPort OBJECT-TYPE -- port
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Port through which the authorizing authority is reached. Usually this is the link port."
|
|
::= { supplicantEntry 3 }
|
|
|
|
supplicantActionOnLinkDown OBJECT-TYPE -- action_on_link_down
|
|
SYNTAX INTEGER
|
|
{
|
|
none (0),
|
|
deauthenticate (1)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When the supplicant link goes down, the local authenticated user ports can be deauthenticated as well."
|
|
::= { supplicantEntry 4 }
|
|
|
|
supplicantIdentity OBJECT-TYPE -- identity
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Inner identity for tunneled EAP methods (e.g. EAP-TTLS)"
|
|
::= { supplicantEntry 5 }
|
|
|
|
supplicantAnonymousIdentity OBJECT-TYPE -- anonymous_identity
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Identity string for EAP-MD5. Also used as the unencrypted anonymous outer identity with EAP types that support different tunneled identity, e.g. EAP-TTLS."
|
|
::= { supplicantEntry 6 }
|
|
|
|
supplicantAuthenticationProtocol OBJECT-TYPE -- authentication_protocol
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Space-separated list of accepted EAP methods. If not set, all listed methods are allowed. MD5 = insecure and does not generate keying material to be used as a Phase 2 method withPEAP or TTLS. PEAP = with tunneled EAP authentication. TTLS = with tunneled EAP or PAP/CHAP/MSCHAP/MSCHAPV2 authentication. TLS = client and server certificate."
|
|
::= { supplicantEntry 7 }
|
|
|
|
supplicantEnterPassword OBJECT-TYPE -- enter_password
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Set a new authentication password which replaces the previous one. Note: trailing spaces or multiple spaces in the password are automatically removed."
|
|
::= { supplicantEntry 8 }
|
|
|
|
supplicantEncryptedAuthPassword OBJECT-TYPE -- encrypted_auth_password
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The encrypted EAP password. Can be set with enter_password action."
|
|
::= { supplicantEntry 9 }
|
|
|
|
supplicantReauthenticate OBJECT-TYPE -- reauthenticate
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Restarts the authentication process for testing and display the results."
|
|
::= { supplicantEntry 10 }
|
|
|
|
|
|
-- ********************* End of supplicantTable ***********************
|
|
|
|
|
|
|
|
-- ****************************** STATUS SECTION ********************************
|
|
|
|
|
|
-- ******************* Begin of portStatusTable *************************
|
|
|
|
portStatusTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF PortStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table indicates the current port autentication state and contains the data for the last user or MAC that tried to authorize on a given port. To see all users in a multiuser environment refer to user_status table."
|
|
::= { pacc 100 }
|
|
|
|
portStatusEntry OBJECT-TYPE
|
|
SYNTAX PortStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
INDEX { portStatusPortIndex }
|
|
::= { portStatusTable 1 }
|
|
|
|
|
|
PortStatusEntry ::= SEQUENCE {
|
|
portStatusPortIndex INTEGER,
|
|
portStatusAuthorizationState INTEGER ,
|
|
portStatusAuthorizationMode INTEGER ,
|
|
portStatusLastStateChange DisplayString,
|
|
portStatusNumberOfMacsToLearn Integer32 ,
|
|
portStatusNumberOfLearnedMacs Integer32
|
|
}
|
|
|
|
portStatusPortIndex OBJECT-TYPE
|
|
SYNTAX INTEGER (0..24)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Automatically generated"
|
|
::= { portStatusEntry 1 }
|
|
|
|
portStatusAuthorizationState OBJECT-TYPE -- authorization_state
|
|
SYNTAX INTEGER
|
|
{
|
|
undefined (0),
|
|
disabled (1),
|
|
unauthorized (2),
|
|
processing (3),
|
|
authorized (4),
|
|
rejected (5)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the port access control state."
|
|
::= { portStatusEntry 2 }
|
|
|
|
portStatusAuthorizationMode OBJECT-TYPE -- authorization_mode
|
|
SYNTAX INTEGER
|
|
{
|
|
none (0),
|
|
viaMacTable (1),
|
|
macViaRadius (2),
|
|
ms8021xViaRadius (3),
|
|
viaMacEventOnly (6),
|
|
edge8021xViaRadius (7)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Last authorization method applied on this port."
|
|
::= { portStatusEntry 3 }
|
|
|
|
portStatusLastStateChange OBJECT-TYPE -- last_state_change
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the last time the authorization state of this port was modified."
|
|
::= { portStatusEntry 4 }
|
|
|
|
portStatusNumberOfMacsToLearn OBJECT-TYPE -- number_of_macs_to_learn
|
|
SYNTAX Integer32 (0..255)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates how many MAC addresses will be learned. This is a result of the learn_macs_now action command."
|
|
::= { portStatusEntry 5 }
|
|
|
|
portStatusNumberOfLearnedMacs OBJECT-TYPE -- number_of_learned_macs
|
|
SYNTAX Integer32 (0..255)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This value indicates how many MAC addresses have actually been learned since the learn_macs_now command had been issued."
|
|
::= { portStatusEntry 6 }
|
|
|
|
|
|
-- ********************* End of portStatusTable ***********************
|
|
|
|
|
|
-- ******************* Begin of portMacStatusTable *************************
|
|
|
|
portMacStatusTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF PortMacStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table indicates the current port autentication state and contains the data for the last user or MAC that tried to authorize on a given port. To see all users in a multiuser environment refer to user_status table."
|
|
::= { pacc 101 }
|
|
|
|
portMacStatusEntry OBJECT-TYPE
|
|
SYNTAX PortMacStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
INDEX { portMacStatusPortIndex }
|
|
::= { portMacStatusTable 1 }
|
|
|
|
|
|
PortMacStatusEntry ::= SEQUENCE {
|
|
portMacStatusPortIndex INTEGER,
|
|
portMacStatusAuthorizationState INTEGER ,
|
|
portMacStatusUserMac MacAddress,
|
|
portMacStatusUserName DisplayString,
|
|
portMacStatusVlanAlias DisplayString,
|
|
portMacStatusVlanId Integer32 ,
|
|
portMacStatusIdleTimeout Integer32 ,
|
|
portMacStatusSessionTimeout Integer32 ,
|
|
portMacStatusFilterId DisplayString,
|
|
portMacStatusLastStateChange DisplayString
|
|
}
|
|
|
|
portMacStatusPortIndex OBJECT-TYPE
|
|
SYNTAX INTEGER (0..24)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Automatically generated"
|
|
::= { portMacStatusEntry 1 }
|
|
|
|
portMacStatusAuthorizationState OBJECT-TYPE -- authorization_state
|
|
SYNTAX INTEGER
|
|
{
|
|
undefined (0),
|
|
disabled (1),
|
|
unauthorized (2),
|
|
processing (3),
|
|
authorized (4),
|
|
rejected (5)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the port access control state."
|
|
::= { portMacStatusEntry 2 }
|
|
|
|
portMacStatusUserMac OBJECT-TYPE -- user_mac
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Last MAC that attempted authorization."
|
|
::= { portMacStatusEntry 3 }
|
|
|
|
portMacStatusUserName OBJECT-TYPE -- user_name
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Last user that attempted authorization unless MAC authentication was used in which case this field is blank."
|
|
::= { portMacStatusEntry 4 }
|
|
|
|
portMacStatusVlanAlias OBJECT-TYPE -- vlan_alias
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Last dynamically through radius assigned VLAN alias."
|
|
::= { portMacStatusEntry 5 }
|
|
|
|
portMacStatusVlanId OBJECT-TYPE -- vlan_id
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Last dynamically through radius assigned VLAN."
|
|
::= { portMacStatusEntry 6 }
|
|
|
|
portMacStatusIdleTimeout OBJECT-TYPE -- idle_timeout
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This value reflects the idle timeout setting as received via RADIUS. It sets the maximum number of seconds before an idle session is terminated."
|
|
::= { portMacStatusEntry 7 }
|
|
|
|
portMacStatusSessionTimeout OBJECT-TYPE -- session_timeout
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This value reflects the session timeout setting as received via RADIUS. It sets the maximum number of seconds of service to be provided to the user before the session is terminated."
|
|
::= { portMacStatusEntry 8 }
|
|
|
|
portMacStatusFilterId OBJECT-TYPE -- filter_id
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If the RADIUS attribute filter-id is used its value is reflected here."
|
|
::= { portMacStatusEntry 9 }
|
|
|
|
portMacStatusLastStateChange OBJECT-TYPE -- last_state_change
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the last time the authorization state of this port was modified."
|
|
::= { portMacStatusEntry 10 }
|
|
|
|
|
|
-- ********************* End of portMacStatusTable ***********************
|
|
|
|
|
|
-- ******************* Begin of port8021xStatusTable *************************
|
|
|
|
port8021xStatusTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Port8021xStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table indicates the current port autentication state and contains the data for the last user or MAC that tried to authorize on a given port. To see all users in a multiuser environment refer to user_status table."
|
|
::= { pacc 102 }
|
|
|
|
port8021xStatusEntry OBJECT-TYPE
|
|
SYNTAX Port8021xStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
INDEX { port8021xStatusPortIndex }
|
|
::= { port8021xStatusTable 1 }
|
|
|
|
|
|
Port8021xStatusEntry ::= SEQUENCE {
|
|
port8021xStatusPortIndex INTEGER,
|
|
port8021xStatusAuthorizationState INTEGER ,
|
|
port8021xStatusUserMac MacAddress,
|
|
port8021xStatusUserName DisplayString,
|
|
port8021xStatusVlanAlias DisplayString,
|
|
port8021xStatusVlanId Integer32 ,
|
|
port8021xStatusIdleTimeout Integer32 ,
|
|
port8021xStatusSessionTimeout Integer32 ,
|
|
port8021xStatusFilterId DisplayString,
|
|
port8021xStatusLastStateChange DisplayString
|
|
}
|
|
|
|
port8021xStatusPortIndex OBJECT-TYPE
|
|
SYNTAX INTEGER (0..24)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Automatically generated"
|
|
::= { port8021xStatusEntry 1 }
|
|
|
|
port8021xStatusAuthorizationState OBJECT-TYPE -- authorization_state
|
|
SYNTAX INTEGER
|
|
{
|
|
undefined (0),
|
|
disabled (1),
|
|
unauthorized (2),
|
|
processing (3),
|
|
authorized (4),
|
|
rejected (5)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the port access control state."
|
|
::= { port8021xStatusEntry 2 }
|
|
|
|
port8021xStatusUserMac OBJECT-TYPE -- user_mac
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Last MAC that attempted authorization."
|
|
::= { port8021xStatusEntry 3 }
|
|
|
|
port8021xStatusUserName OBJECT-TYPE -- user_name
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Last user that attempted authorization unless MAC authentication was used in which case this field is blank."
|
|
::= { port8021xStatusEntry 4 }
|
|
|
|
port8021xStatusVlanAlias OBJECT-TYPE -- vlan_alias
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Last dynamically through radius assigned VLAN alias."
|
|
::= { port8021xStatusEntry 5 }
|
|
|
|
port8021xStatusVlanId OBJECT-TYPE -- vlan_id
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Last dynamically through radius assigned VLAN."
|
|
::= { port8021xStatusEntry 6 }
|
|
|
|
port8021xStatusIdleTimeout OBJECT-TYPE -- idle_timeout
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This value reflects the idle timeout setting as received via RADIUS. It sets the maximum number of seconds before an idle session is terminated."
|
|
::= { port8021xStatusEntry 7 }
|
|
|
|
port8021xStatusSessionTimeout OBJECT-TYPE -- session_timeout
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This value reflects the session timeout setting as received via RADIUS. It sets the maximum number of seconds of service to be provided to the user before the session is terminated."
|
|
::= { port8021xStatusEntry 8 }
|
|
|
|
port8021xStatusFilterId OBJECT-TYPE -- filter_id
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If the RADIUS attribute filter-id is used its value is reflected here."
|
|
::= { port8021xStatusEntry 9 }
|
|
|
|
port8021xStatusLastStateChange OBJECT-TYPE -- last_state_change
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the last time the authorization state of this port was modified."
|
|
::= { port8021xStatusEntry 10 }
|
|
|
|
|
|
-- ********************* End of port8021xStatusTable ***********************
|
|
|
|
|
|
-- ******************* Begin of userStatusTable *************************
|
|
|
|
userStatusTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF UserStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table lists all users authorized or rejected via some form of port access control. Use filter actions for easier viewing."
|
|
::= { pacc 103 }
|
|
|
|
userStatusEntry OBJECT-TYPE
|
|
SYNTAX UserStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
INDEX { userStatusIndex }
|
|
::= { userStatusTable 1 }
|
|
|
|
|
|
UserStatusEntry ::= SEQUENCE {
|
|
userStatusIndex INTEGER,
|
|
userStatusEntryState INTEGER ,
|
|
userStatusAuthorizationState INTEGER ,
|
|
userStatusAuthorizationMode INTEGER ,
|
|
userStatusPort Integer32 ,
|
|
userStatusUserMac MacAddress,
|
|
userStatusUserName DisplayString,
|
|
userStatusVlanAlias DisplayString,
|
|
userStatusVlanId Integer32 ,
|
|
userStatusIdleTimeout Integer32 ,
|
|
userStatusSessionTimeout Integer32 ,
|
|
userStatusFilterId DisplayString,
|
|
userStatusLoginTimeStamp DisplayString,
|
|
userStatusLoginEpoch Unsigned32
|
|
}
|
|
|
|
userStatusIndex OBJECT-TYPE
|
|
SYNTAX INTEGER (0..249)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Automatically generated"
|
|
::= { userStatusEntry 1 }
|
|
|
|
userStatusEntryState OBJECT-TYPE -- entry_state
|
|
SYNTAX INTEGER
|
|
{
|
|
unused (0),
|
|
inactive (1),
|
|
active (2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates if this record displays a currently active login or a history entry of a previous authentication which is invalidated by now."
|
|
::= { userStatusEntry 2 }
|
|
|
|
userStatusAuthorizationState OBJECT-TYPE -- authorization_state
|
|
SYNTAX INTEGER
|
|
{
|
|
undefined (0),
|
|
disabled (1),
|
|
unauthorized (2),
|
|
processing (3),
|
|
authorized (4),
|
|
rejected (5)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the port access control state resulting from this authorization attempt ."
|
|
::= { userStatusEntry 3 }
|
|
|
|
userStatusAuthorizationMode OBJECT-TYPE -- authorization_mode
|
|
SYNTAX INTEGER
|
|
{
|
|
none (0),
|
|
viaMacTable (1),
|
|
macViaRadius (2),
|
|
ms8021xViaRadius (3),
|
|
viaMacEventOnly (6),
|
|
edge8021xViaRadius (7)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Authorization method used for this authorization attempt."
|
|
::= { userStatusEntry 4 }
|
|
|
|
userStatusPort OBJECT-TYPE -- port
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the port at which this MAC is connected."
|
|
::= { userStatusEntry 5 }
|
|
|
|
userStatusUserMac OBJECT-TYPE -- user_mac
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"MAC used for this authorization attempt."
|
|
::= { userStatusEntry 6 }
|
|
|
|
userStatusUserName OBJECT-TYPE -- user_name
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"User that attempted authorization unless MAC authentication was used in which case this field is blank."
|
|
::= { userStatusEntry 7 }
|
|
|
|
userStatusVlanAlias OBJECT-TYPE -- vlan_alias
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Dynamically through radius assigned VLAN alias."
|
|
::= { userStatusEntry 8 }
|
|
|
|
userStatusVlanId OBJECT-TYPE -- vlan_id
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Dynamically through radius assigned VLAN."
|
|
::= { userStatusEntry 9 }
|
|
|
|
userStatusIdleTimeout OBJECT-TYPE -- idle_timeout
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This value reflects the idle timeout setting as received via RADIUS. It sets the maximum number of seconds before an idle session is terminated."
|
|
::= { userStatusEntry 10 }
|
|
|
|
userStatusSessionTimeout OBJECT-TYPE -- session_timeout
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This value reflects the session timeout setting as received via RADIUS. It sets the maximum number of seconds of service to be provided to the user before the session is terminated."
|
|
::= { userStatusEntry 11 }
|
|
|
|
userStatusFilterId OBJECT-TYPE -- filter_id
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If the RADIUS attribute filter-id is used its value is reflected here."
|
|
::= { userStatusEntry 12 }
|
|
|
|
userStatusLoginTimeStamp OBJECT-TYPE -- login_time_stamp
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the time when this record was created."
|
|
::= { userStatusEntry 13 }
|
|
|
|
userStatusLoginEpoch OBJECT-TYPE -- login_epoch
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the time when this record was created. in Linux time since the epoch format."
|
|
::= { userStatusEntry 14 }
|
|
|
|
|
|
-- ********************* End of userStatusTable ***********************
|
|
|
|
|
|
|
|
END
|
|
|