1ENTERASYS-MAC-AUTHENTICATION-MIB DEFINITIONS ::= BEGIN
2
3--  enterasys-mac-authentication-mib.txt
4--
5--  Part Number:
6--
7--
8
9--  This module provides authoritative definitions for Extreme
10--  Networks' MAC-Authentication.
11
12--
13--  This module will be extended, as needed.
14
15--  Extreme Networks reserves the right to make changes in this
16--  specification and other information contained in this document
17--  without prior notice.  The reader should consult Extreme Networks
18--  to determine whether any such changes have been made.
19--
20--  In no event shall Extreme Networks be liable for any incidental,
21--  indirect, special, or consequential damages whatsoever (including
22--  but not limited to lost profits) arising out of or related to this
23--  document or the information contained in it, even if Extreme
24--  Networks has been advised of, known, or should have known, the
25--  possibility of such damages.
26--
27--  Extreme Networks grants vendors, end-users, and other interested
28--  parties a non-exclusive license to use this Specification in
29--  connection with the management of Extreme Networks products.
30
31--  Copyright December, 2014 Extreme Networks, Inc.
32
33IMPORTS
34    MODULE-IDENTITY, OBJECT-TYPE, Unsigned32
35        FROM SNMPv2-SMI
36    MacAddress, TruthValue, RowStatus
37        FROM SNMPv2-TC
38    MODULE-COMPLIANCE, OBJECT-GROUP
39        FROM SNMPv2-CONF
40    SnmpAdminString
41        FROM SNMP-FRAMEWORK-MIB
42    InterfaceIndex
43        FROM IF-MIB
44    EnabledStatus
45        FROM P-BRIDGE-MIB
46    PortList
47        FROM Q-BRIDGE-MIB
48    etsysModules
49        FROM ENTERASYS-MIB-NAMES;
50
51etsysMACAuthenticationMIB MODULE-IDENTITY
52    LAST-UPDATED "201706071035Z"  --  Wed June 07 10:35 UTC 2017
53
54    ORGANIZATION "Extreme Networks, Inc"
55    CONTACT-INFO
56        "Postal:  Extreme Networks, Inc.
57                  6480 Via Del Oro
58                  San Jose, CA 95119 USA
59
60         Phone:   +1 408 579-2800
61         E-mail:  support@extremenetworks.com
62         WWW:     http://www.extremenetworks.com"
63
64    DESCRIPTION
65        "This MIB module defines a portion of the SNMP enterprise
66         MIBs under Enterasys Networks' enterprise OID pertaining to
67         MAC-Authentication.
68
69         This MIB was designed to be used for authentication using
70         source MAC addresses received in traffic on ports under
71         control of MAC-authentication.
72
73         The security afforded by this approach is neither the primary
74         concern nor intent of this MIB.  Rather, this MIB provides
75         a convenient method of associating policy with MAC
76         addresses and applying that policy when the MAC address
77         appears on a pre-approved port in the network.
78
79         The term MAC-Authentication is used because an authentication
80         backend mechanism is used to allow the MAC onto the network,
81         as well as provide authorization information to the switch."
82
83    REVISION    "201706071035Z"  --  Wed June 07 10:35 UTC 2017
84    DESCRIPTION "Added colon to etsysMACAuthenticationSystemUserNameFormat."
85
86    REVISION    "201412191051Z"  --  Fri Dec 19 9:30 UTC 2014
87    DESCRIPTION "Added MAC List configuration."
88
89    REVISION    "201412051051Z"  --  Fri Dec 05 10:50 UTC 2014
90    DESCRIPTION "Added macList mode to etsysMACAuthenticationMode."
91
92    REVISION    "201412031200Z"  --  Wed Dec 03 13:51 UTC 2014
93    DESCRIPTION "Added etsysMACAuthenticationSystemUserNameFormat."
94
95    REVISION    "201305171510Z"  -- Fri May 17 15:10 UTC 2013
96    DESCRIPTION "Added account enable and disable."
97
98    REVISION    "201301311334Z"  -- Thu Jan 31 13:34 UTC 2013
99    DESCRIPTION "Added the etsysMACAuthenticationMode object."
100
101    REVISION    "200207181812Z"  -- Thu Jul 18 18:12 GMT 2002
102    DESCRIPTION "The initial version of this MIB module"
103
104    ::= { etsysModules 25 }
105
106etsysMACAuthenticationObjects
107        OBJECT IDENTIFIER ::= { etsysMACAuthenticationMIB 1 }
108
109-- -------------------------------------------------------------
110-- Textual Conventions
111-- -------------------------------------------------------------
112
113-- -------------------------------------------------------------
114-- Branches of the Extreme MAC Authentication MIB
115-- -------------------------------------------------------------
116
117etsysMACAuthenticationSystem
118        OBJECT IDENTIFIER ::= { etsysMACAuthenticationObjects 1 }
119
120etsysMACAuthenticationPortConfig
121        OBJECT IDENTIFIER ::= { etsysMACAuthenticationObjects 2 }
122
123etsysMACAuthenticationMACConfig
124        OBJECT IDENTIFIER ::= { etsysMACAuthenticationObjects 3 }
125
126etsysMACAuthenticationMACSession
127        OBJECT IDENTIFIER ::= { etsysMACAuthenticationObjects 4 }
128
129etsysMACAuthenticationMACListConfig
130        OBJECT IDENTIFIER ::= { etsysMACAuthenticationObjects 5 }
131
132
133-- -------------------------------------------------------------
134-- etsysMACAuthenticationSystemGroup
135-- -------------------------------------------------------------
136
137etsysMACAuthenticationSystemEnable OBJECT-TYPE
138    SYNTAX      EnabledStatus
139    MAX-ACCESS  read-write
140    STATUS      current
141    DESCRIPTION
142        "When enabled(1), all objects in this MIB are fully active.
143         When disabled(2), this object overrides all other object
144         settings in this MIB without affecting their values."
145    DEFVAL { disabled }
146    ::= { etsysMACAuthenticationSystem 1 }
147
148etsysMACAuthenticationMACUserPassword OBJECT-TYPE
149    SYNTAX      SnmpAdminString
150    MAX-ACCESS  read-write
151    STATUS      deprecated
152    DESCRIPTION
153        "*** This object is deprecated in favor of     ***
154         *** the functionality provided by the         ***
155         *** etsysMACAuthenticationMACListConfig group ***
156
157         This is the string to be used as a password credential
158         when authenticating a MAC address when
159         etsysMACAuthenticationMode is set to password(1)."
160    DEFVAL { "NOPASSWORD" }
161    ::= { etsysMACAuthenticationSystem 2 }
162
163etsysMACAuthenticationPortUserNameSignificantBits OBJECT-TYPE
164    SYNTAX      INTEGER (1..48)
165    MAX-ACCESS  read-write
166    STATUS      deprecated
167    DESCRIPTION
168        "*** This object is deprecated in favor of     ***
169         *** the functionality provided by the         ***
170         *** etsysMACAuthenticationMACListConfig group ***
171
172         This object represents the number of significant bits in the
173         MAC addresses to be used starting with the left-most bit of
174         the vendor portion of the MAC address. The significant portion
175         of the MAC address is sent as a user-name credential when the
176         primary attempt to authenticate the full MAC address fails.
177         Any other failure to authenticate the full address, (i.e.
178         authentication server timeout) causes the the next attempt to
179         start once again with a full MAC authentication."
180    DEFVAL { 48 }
181    ::= { etsysMACAuthenticationSystem 3 }
182
183etsysMACAuthenticationMode OBJECT-TYPE
184    SYNTAX      INTEGER {
185                  password(1),
186                  radiusUsername(2),
187                  macList(3)
188                }
189    MAX-ACCESS  read-write
190    STATUS      current
191    DESCRIPTION
192        "This object selects the credentials to use when authenticating
193         a MAC address.
194
195         password(1)       - Attempt to authenticate a user with the
196                           password credential provided by
197                           etsysMACAuthenticationMACUserPassword.
198
199         radiusUsername(2) - Attempt to authenticate a user with a password
200                           credential that is the same as the radius
201                           username credential.
202
203         macList(3)        - Attempt to authenticate a user with credentials
204                           provided by mac-list configuration."
205    DEFVAL { macList }
206    ::= { etsysMACAuthenticationSystem 4 }
207
208etsysMACAuthenticationSystemAccountEnable OBJECT-TYPE
209    SYNTAX      EnabledStatus
210    MAX-ACCESS  read-write
211    STATUS      current
212    DESCRIPTION
213        "When enabled(1), RADIUS accounting start, interim and
214         stop frames are sent to the configured RADIUS server(s).
215
216         When disabled(2), accounting packets are not sent to
217         the RADIUS server."
218    DEFVAL { enabled }
219    ::= { etsysMACAuthenticationSystem 5 }
220
221etsysMACAuthenticationSystemUserNameFormat OBJECT-TYPE
222    SYNTAX      INTEGER {
223                  hyphen(1),
224                  none(2),
225                  colon(3)
226                }
227    MAX-ACCESS  read-write
228    STATUS      current
229    DESCRIPTION
230         "When hyphen(1), the user-name credential is the
231         MAC address formatted as 'xx-xx-xx-xx-xx-xx'.
232
233         When set to none(2), the user-name credential is the
234         MAC address formatted as 'xxxxxxxxxxxx'.
235
236         When colon(3), the user-name credential is the
237         MAC address formatted as 'xx:xx:xx:xx:xx:xx'."
238    DEFVAL { none }
239    ::= { etsysMACAuthenticationSystem 6 }
240
241-- -------------------------------------------------------------
242-- etsysMACAuthenticationPortConfigGroup
243-- -------------------------------------------------------------
244
245etsysMACAuthenticationPortConfigTable OBJECT-TYPE
246    SYNTAX      SEQUENCE OF EtsysMACAuthenticationPortConfigEntry
247    MAX-ACCESS  not-accessible
248    STATUS      current
249    DESCRIPTION
250        "A table containing configuration objects for each MAC
251         authentication port. The configuration for
252         each port in this table must be non-volatile."
253    ::= { etsysMACAuthenticationPortConfig 1 }
254
255etsysMACAuthenticationPortConfigEntry OBJECT-TYPE
256    SYNTAX      EtsysMACAuthenticationPortConfigEntry
257    MAX-ACCESS  not-accessible
258    STATUS      current
259    DESCRIPTION
260        "Each conceptual row provides control over all of the
261         initial values used by each authenticated MAC on
262         this port. Subsequent changes to rows in this table,
263         except where noted, have no effect on existing MACs
264         authenticated on this port."
265    INDEX { etsysMACAuthenticationPort }
266    ::= { etsysMACAuthenticationPortConfigTable 1 }
267
268EtsysMACAuthenticationPortConfigEntry ::=
269    SEQUENCE {
270        etsysMACAuthenticationPort                      InterfaceIndex,
271        etsysMACAuthenticationPortInitialize            TruthValue,
272        etsysMACAuthenticationPortReauthenticate        TruthValue,
273        etsysMACAuthenticationPortEnable                EnabledStatus,
274        etsysMACAuthenticationPortQuietPeriod           Unsigned32,
275        etsysMACAuthenticationPortReauthPeriod          Unsigned32,
276        etsysMACAuthenticationPortReauthEnabled         EnabledStatus,
277        etsysMACAuthenticationAuthenticationsAllowed    Unsigned32,
278        etsysMACAuthenticationAuthenticationsAllocated  Unsigned32,
279        etsysMACAuthenticationLastFailedAuthCause       SnmpAdminString
280    }
281
282etsysMACAuthenticationPort OBJECT-TYPE
283    SYNTAX      InterfaceIndex
284    MAX-ACCESS  not-accessible
285    STATUS      current
286    DESCRIPTION
287        "This is the InterfaceIndex associated with this row."
288    ::= { etsysMACAuthenticationPortConfigEntry 1 }
289
290etsysMACAuthenticationPortInitialize OBJECT-TYPE
291    SYNTAX      TruthValue
292    MAX-ACCESS  read-write
293    STATUS      current
294    DESCRIPTION
295        "When set to true(1), the MAC authentication logic on this
296         port is initialized, forcibly ending all MAC authentication
297         sessions currently in existence on this port.  A set with
298         the value false(2) has no affect and a read always returns
299         false."
300    ::= { etsysMACAuthenticationPortConfigEntry 2 }
301
302etsysMACAuthenticationPortReauthenticate OBJECT-TYPE
303    SYNTAX      TruthValue
304    MAX-ACCESS  read-write
305    STATUS      current
306    DESCRIPTION
307        "When set to true(1), the MAC authentication entity on
308         this port is required to immediately verify all currently
309         authenticated MACs on this port. This requires that each
310         MAC address be authenticated with the authentication server
311         through the local authentication client or some other
312         authentication mechanism. Each supplicant remains
313         authenticated pending the outcome."
314    ::= { etsysMACAuthenticationPortConfigEntry 3 }
315
316etsysMACAuthenticationPortEnable OBJECT-TYPE
317    SYNTAX      EnabledStatus
318    MAX-ACCESS  read-write
319    STATUS      current
320    DESCRIPTION
321        "When set to enabled(1), a platform dependent triggering
322         mechanism initiates an authentication exchange using a
323         MAC address for authentication credentials.
324         When disabled(2), authentication attempts are disabled
325         and all currently authenticated MAC sessions or those in
326         the process of authentication on this port are terminated."
327    DEFVAL { disabled }
328    ::= { etsysMACAuthenticationPortConfigEntry 4 }
329
330etsysMACAuthenticationPortQuietPeriod OBJECT-TYPE
331    SYNTAX      Unsigned32
332    MAX-ACCESS  read-write
333    STATUS      current
334    DESCRIPTION
335        "The value, in seconds, following a failed authentication
336         before another may be attempted on this port. This object
337         allows network management to provide hysteresis for failed
338         authentication requests from the same port."
339    DEFVAL { 30 }
340    ::= { etsysMACAuthenticationPortConfigEntry 5 }
341
342etsysMACAuthenticationPortReauthPeriod OBJECT-TYPE
343    SYNTAX      Unsigned32
344    MAX-ACCESS  read-write
345    STATUS      current
346    DESCRIPTION
347        "The value, in seconds, between attempts to re-authenticate
348         any current MAC authenticated on this port."
349    DEFVAL { 3600 }
350    ::= { etsysMACAuthenticationPortConfigEntry 6 }
351
352etsysMACAuthenticationPortReauthEnabled OBJECT-TYPE
353    SYNTAX      EnabledStatus
354    MAX-ACCESS  read-write
355    STATUS      current
356    DESCRIPTION
357        "If enabled(1), then every etsysMACAuthenticationReauthPeriod
358         the switch attempts to validate all currently authenticated
359         MACs on this port. When set to disabled(2) all current
360         re-authentications in progress are allowed to complete and
361         the requisite actions are taken. When set to disabled(2), no
362         further re-authentications are attempted."
363    DEFVAL { disabled }
364    ::= { etsysMACAuthenticationPortConfigEntry 7 }
365
366etsysMACAuthenticationAuthenticationsAllowed OBJECT-TYPE
367    SYNTAX      Unsigned32
368    MAX-ACCESS  read-only
369    STATUS      current
370    DESCRIPTION
371        "The maximum number of concurrent authentications supported
372         on this port on this module. The default value of this
373         object is platform and resource dependent."
374    ::= { etsysMACAuthenticationPortConfigEntry 8 }
375
376etsysMACAuthenticationAuthenticationsAllocated OBJECT-TYPE
377    SYNTAX      Unsigned32
378    MAX-ACCESS  read-write
379    STATUS      current
380    DESCRIPTION
381        "The maximum number of MAC authentications permitted on this
382         port on this module. This value must be non-zero and be less
383         than or equal to the value of
384         etsysMACAuthenticationAuthenticationsAllowed.  Setting this
385         object to a value less than the current number of authenticated
386         MACs on this port prevents further authentications, but has no
387         affect on the current sessions."
388    ::= { etsysMACAuthenticationPortConfigEntry 9 }
389
390etsysMACAuthenticationLastFailedAuthCause OBJECT-TYPE
391    SYNTAX      SnmpAdminString
392    MAX-ACCESS  read-only
393    STATUS      current
394    DESCRIPTION
395       "The string will be formatted with
396       'XX-XX-XX-XX-XX-XX: TIME&DATE: Textual failure reason';
397        where XX-XX-XX-XX-XX-XX is the MAC address and TIME&DATE
398        is the time (hh/mm/ss) and date (mm/dd/yyyy) of the failure.
399        It is also only best effort; as there could be multiple
400        failures per port and the agent may query this at any random
401        time."
402    ::= { etsysMACAuthenticationPortConfigEntry 10 }
403
404
405-- -------------------------------------------------------------
406-- etsysMACAuthenticationMACConfigGroup
407-- -------------------------------------------------------------
408
409etsysMACAuthenticationMACConfigTable OBJECT-TYPE
410    SYNTAX      SEQUENCE OF EtsysMACAuthenticationMACConfigEntry
411    MAX-ACCESS  not-accessible
412    STATUS      current
413    DESCRIPTION
414        "A table containing configuration objects for each MAC
415         authenticated on a port. Each row in this table
416         is created dynamically when a MAC authenticates
417         on a port."
418    ::= { etsysMACAuthenticationMACConfig 1 }
419
420etsysMACAuthenticationMACConfigEntry OBJECT-TYPE
421    SYNTAX      EtsysMACAuthenticationMACConfigEntry
422    MAX-ACCESS  not-accessible
423    STATUS      current
424    DESCRIPTION
425        "Each conceptual row inherits it's initial information
426         from the row in the etsysMACAuthenticationPortConfigTable
427         corresponding to the correct port. Each row represents an
428         authenticated MAC."
429    INDEX { etsysMACAuthenticationMACAddress }
430    ::= { etsysMACAuthenticationMACConfigTable 1 }
431
432EtsysMACAuthenticationMACConfigEntry::=
433    SEQUENCE {
434        etsysMACAuthenticationMACAddress                MacAddress,
435        etsysMACAuthenticationSupplicantPort            InterfaceIndex,
436        etsysMACAuthenticationMACInitialize             TruthValue,
437        etsysMACAuthenticationMACReauthenticate         TruthValue,
438        etsysMACAuthenticationMACReauthPeriod           Unsigned32,
439        etsysMACAuthenticationMACReauthEnabled          EnabledStatus
440    }
441
442etsysMACAuthenticationMACAddress OBJECT-TYPE
443    SYNTAX      MacAddress
444    MAX-ACCESS  not-accessible
445    STATUS      current
446    DESCRIPTION
447        "This is the MAC address that was authenticated on this port."
448    ::= { etsysMACAuthenticationMACConfigEntry 1 }
449
450etsysMACAuthenticationSupplicantPort OBJECT-TYPE
451    SYNTAX      InterfaceIndex
452    MAX-ACCESS  read-only
453    STATUS      current
454    DESCRIPTION
455        "This is the InterfaceIndex associated with this rows
456         authenticated MAC."
457    ::= { etsysMACAuthenticationMACConfigEntry 2 }
458
459etsysMACAuthenticationMACInitialize OBJECT-TYPE
460    SYNTAX      TruthValue
461    MAX-ACCESS  read-write
462    STATUS      current
463    DESCRIPTION
464        "When set to true(1), this MAC session terminates causing the
465        corresponding row in this table and in the
466        etsysMACAuthenticationSessionTable to be removed.
467
468        Setting this object to false(2) has no effect on the system.
469        Reads of this object always return false(2)."
470    ::= { etsysMACAuthenticationMACConfigEntry 3 }
471
472etsysMACAuthenticationMACReauthenticate OBJECT-TYPE
473    SYNTAX      TruthValue
474    MAX-ACCESS  read-write
475    STATUS      current
476    DESCRIPTION
477        "When set to true(1), this MAC authentication session on this
478         port is required to immediately verify it's credentials.
479         This requires that each MAC address be authenticated with the
480         authentication server through the local authentication client
481         or some other authentication mechanism.
482
483         Setting this object to false(2) has no effect on the system.
484         Reads of this object always return false(2)."
485    ::= { etsysMACAuthenticationMACConfigEntry 4 }
486
487etsysMACAuthenticationMACReauthPeriod OBJECT-TYPE
488    SYNTAX      Unsigned32
489    MAX-ACCESS  read-only
490    STATUS      current
491    DESCRIPTION
492        "The value, in seconds, between attempts to re-authenticate
493         the MAC associated with this row."
494    ::= { etsysMACAuthenticationMACConfigEntry 5 }
495
496etsysMACAuthenticationMACReauthEnabled OBJECT-TYPE
497    SYNTAX      EnabledStatus
498    MAX-ACCESS  read-only
499    STATUS      current
500    DESCRIPTION
501        "If enabled(1), then every etsysMACAuthenticationReauthPeriod
502         the switch attempts to validate all currently authenticated
503         MACs on this port. If disabled(2), reauthentication is
504         not attempted."
505    ::= { etsysMACAuthenticationMACConfigEntry 6 }
506
507
508-- -------------------------------------------------------------
509-- etsysMACAuthenticationSessionGroup
510-- -------------------------------------------------------------
511
512etsysMACAuthenticationSessionTable OBJECT-TYPE
513    SYNTAX      SEQUENCE OF EtsysMACAuthenticationSessionEntry
514    MAX-ACCESS  not-accessible
515    STATUS      current
516    DESCRIPTION
517        "A table containing configuration objects for each MAC
518         authentication on a port. The successful completion of
519         an authentication causes the creation of a new row in
520         this table. When a MAC becomes unauthenticated because
521         of a link-down, a management change, or system
522         re-initialization, then the corresponding row is removed
523         from this table."
524    ::= { etsysMACAuthenticationMACSession 1 }
525
526etsysMACAuthenticationSessionEntry OBJECT-TYPE
527    SYNTAX      EtsysMACAuthenticationSessionEntry
528    MAX-ACCESS  not-accessible
529    STATUS      current
530    DESCRIPTION
531        "Each conceptual row inherits it's initial information
532         from the row in the etsysMACAuthenticationPortConfigTable
533         corresponding to the correct port. Each row represents an
534         authenticated MAC."
535    INDEX { etsysMACAuthenticationMACAddress }
536    ::= { etsysMACAuthenticationSessionTable 1 }
537
538EtsysMACAuthenticationSessionEntry::=
539    SEQUENCE {
540        etsysMACAuthenticationSessionPort               InterfaceIndex,
541        etsysMACAuthenticationDuration                  Unsigned32
542    }
543
544etsysMACAuthenticationSessionPort OBJECT-TYPE
545    SYNTAX      InterfaceIndex
546    MAX-ACCESS  read-only
547    STATUS      current
548    DESCRIPTION
549        "This is the InterfaceIndex associated with the authenticated
550         MACs session."
551    ::= { etsysMACAuthenticationSessionEntry 1 }
552
553etsysMACAuthenticationDuration OBJECT-TYPE
554    SYNTAX      Unsigned32
555    MAX-ACCESS  read-only
556    STATUS      current
557    DESCRIPTION
558        "The value, in seconds, which have elapsed since the start
559         of this session."
560    ::= { etsysMACAuthenticationSessionEntry 2 }
561
562-- -------------------------------------------------------------
563-- etsysMACAuthenticationMACListConfig
564-- -------------------------------------------------------------
565
566etsysMACAuthenticationMaxMACListEntries OBJECT-TYPE
567    SYNTAX      Unsigned32
568    MAX-ACCESS  read-only
569    STATUS      current
570    DESCRIPTION
571        "Maximum number of entries allowed in the
572         etsysMACAuthenticationMACListTable."
573    ::= { etsysMACAuthenticationMACListConfig 1 }
574
575etsysMACAuthenticationCurrentMACListEntries OBJECT-TYPE
576    SYNTAX      Unsigned32
577    MAX-ACCESS  read-only
578    STATUS      current
579    DESCRIPTION
580        "The current number of entries in the
581         etsysMACAuthenticationMACListTable."
582    ::= { etsysMACAuthenticationMACListConfig 2 }
583
584etsysMACAuthenticationMACListTable OBJECT-TYPE
585    SYNTAX      SEQUENCE OF EtsysMACAuthenticationMACListEntry
586    MAX-ACCESS  not-accessible
587    STATUS      current
588    DESCRIPTION
589        "This table provides configuration objects for the
590         MAC List functionality.
591
592         When an unauthenticated MAC address is received a
593         longest prefix search is performed. If more than
594         one match is made -- the one with the longest
595         mask length -- is called the longest prefix match.
596
597         Authentication is blocked when no match is found,
598         or the matching entry's etsysMACAuthenticationMACListPorts
599         value is not the empty string and the ingress port is not
600         set in the list.
601
602         To create a default entry that matches any MAC address,
603         configure a row with a MAC address of all FFs and a
604         mask length of 48.
605
606         The user-name credential will be the portion
607         of the MAC address specified by
608         etsysMACAuthenticationMACListMaskLen.
609
610         If the etsysMACAuthenticationMACListPassword is set,
611         it will be used as the password credential for authentication.
612         Otherwise, the user-name credential will be used as the
613         password credential."
614    ::= { etsysMACAuthenticationMACListConfig 3 }
615
616etsysMACAuthenticationMACListEntry OBJECT-TYPE
617    SYNTAX      EtsysMACAuthenticationMACListEntry
618    MAX-ACCESS  not-accessible
619    STATUS      current
620    DESCRIPTION
621        "Each row represents an entry in the MAC List."
622    INDEX { etsysMACAuthenticationMACListAddress,
623            etsysMACAuthenticationMACListMaskLen }
624    ::= { etsysMACAuthenticationMACListTable 1 }
625
626EtsysMACAuthenticationMACListEntry::=
627    SEQUENCE {
628        etsysMACAuthenticationMACListAddress       MacAddress,
629        etsysMACAuthenticationMACListMaskLen       Unsigned32,
630        etsysMACAuthenticationMACListPassword      SnmpAdminString,
631        etsysMACAuthenticationMACListPasswordValid TruthValue,
632        etsysMACAuthenticationMACListPorts         PortList,
633        etsysMACAuthenticationMACListRowStatus     RowStatus
634    }
635
636etsysMACAuthenticationMACListAddress OBJECT-TYPE
637    SYNTAX      MacAddress
638    MAX-ACCESS  not-accessible
639    STATUS      current
640    DESCRIPTION
641        "The MAC address to match."
642    ::= { etsysMACAuthenticationMACListEntry 1 }
643
644etsysMACAuthenticationMACListMaskLen OBJECT-TYPE
645    SYNTAX      Unsigned32 (1..48)
646    MAX-ACCESS  not-accessible
647    STATUS      current
648    DESCRIPTION
649        "This object represents the number of significant bits in the
650         MAC address to match starting with the left-most bit of
651         the vendor portion of the MAC address. The significant portion
652         of the MAC address is sent as a user-name credential."
653    ::= { etsysMACAuthenticationMACListEntry 2 }
654
655etsysMACAuthenticationMACListPassword OBJECT-TYPE
656    SYNTAX      SnmpAdminString (SIZE(0..48))
657    MAX-ACCESS  read-write
658    STATUS      current
659    DESCRIPTION
660        "The password to use to authenticate the MAC address.
661         On a read this object will always return an empty string."
662    DEFVAL { "" }
663    ::= { etsysMACAuthenticationMACListEntry 3 }
664
665etsysMACAuthenticationMACListPasswordValid OBJECT-TYPE
666    SYNTAX      TruthValue
667    MAX-ACCESS  read-only
668    STATUS      current
669    DESCRIPTION
670        "true(1)  - indicates that etsysMACAuthenticationMACListPassword
671         was last set with some value other than the empty string.
672
673         false(2) - indicates that etsysMACAuthenticationMACListPassword
674         has never been set, or was last set to the empty string.
675         In this case, the password used to authenticate will be the same
676         as the user-name credential."
677    ::= { etsysMACAuthenticationMACListEntry 4 }
678
679etsysMACAuthenticationMACListPorts OBJECT-TYPE
680    SYNTAX      PortList
681    MAX-ACCESS  read-write
682    STATUS      current
683    DESCRIPTION
684        "The set of ports to allow authentication on. If this object is
685         the empty string then authentication is allowed on all ports."
686    DEFVAL { ''H }    -- the empty string
687    ::= { etsysMACAuthenticationMACListEntry 5 }
688
689etsysMACAuthenticationMACListRowStatus OBJECT-TYPE
690    SYNTAX      RowStatus
691    MAX-ACCESS  read-write
692    STATUS      current
693    DESCRIPTION
694        "The status of this row.
695
696         active(1)        -- Indicates that this entry is available
697                             for use by the managed device.
698
699         createAndGo(4)   -- A new entry will be created in this table
700                             and the new entry will transition to the
701                             active state.
702
703         destroy(6)       -- Deletes this row. "
704    ::= { etsysMACAuthenticationMACListEntry 6 }
705
706-- -------------------------------------------------------------
707-- Conformance Information
708-- -------------------------------------------------------------
709
710etsysMACAuthenticationConformance
711        OBJECT IDENTIFIER ::= { etsysMACAuthenticationMIB 2 }
712
713etsysMACAuthenticationGroups
714        OBJECT IDENTIFIER ::= { etsysMACAuthenticationConformance 1 }
715
716etsysMACAuthenticationCompliances
717        OBJECT IDENTIFIER ::= { etsysMACAuthenticationConformance 2 }
718
719
720-- -------------------------------------------------------------
721-- Units of conformance
722-- -------------------------------------------------------------
723
724etsysMACAuthenticationSystemGroup OBJECT-GROUP
725    OBJECTS {
726        etsysMACAuthenticationSystemEnable,
727        etsysMACAuthenticationMACUserPassword,
728        etsysMACAuthenticationPortUserNameSignificantBits
729    }
730    STATUS      deprecated
731    DESCRIPTION
732        "Global object controlling this feature.
733         Global objects that affect how the credentials are
734         presented to the authentication server."
735    ::= { etsysMACAuthenticationGroups 1 }
736
737etsysMACAuthenticationPortConfigGroup OBJECT-GROUP
738    OBJECTS {
739        etsysMACAuthenticationPortInitialize,
740        etsysMACAuthenticationPortReauthenticate,
741        etsysMACAuthenticationPortEnable,
742        etsysMACAuthenticationPortQuietPeriod,
743        etsysMACAuthenticationPortReauthPeriod,
744        etsysMACAuthenticationPortReauthEnabled,
745        etsysMACAuthenticationAuthenticationsAllowed,
746        etsysMACAuthenticationAuthenticationsAllocated,
747        etsysMACAuthenticationLastFailedAuthCause
748    }
749    STATUS      current
750    DESCRIPTION
751        "Objects describing the MAC Authentication
752         configuration for each port."
753    ::= { etsysMACAuthenticationGroups 2 }
754
755etsysMACAuthenticationMACConfigGroup OBJECT-GROUP
756    OBJECTS {
757        etsysMACAuthenticationSupplicantPort,
758        etsysMACAuthenticationMACInitialize,
759        etsysMACAuthenticationMACReauthenticate,
760        etsysMACAuthenticationMACReauthPeriod,
761        etsysMACAuthenticationMACReauthEnabled
762    }
763    STATUS      current
764    DESCRIPTION
765        "Objects associated with an individual MACs
766         authentication configuration."
767    ::= { etsysMACAuthenticationGroups 3 }
768
769etsysMACAuthenticationMACSessionGroup OBJECT-GROUP
770    OBJECTS {
771        etsysMACAuthenticationSessionPort,
772        etsysMACAuthenticationDuration
773    }
774    STATUS      current
775    DESCRIPTION
776        "Objects associated with a MAC Session"
777    ::= { etsysMACAuthenticationGroups 4 }
778
779etsysMACAuthenticationSystemGroup2 OBJECT-GROUP
780    OBJECTS {
781        etsysMACAuthenticationSystemEnable,
782        etsysMACAuthenticationMACUserPassword,
783        etsysMACAuthenticationPortUserNameSignificantBits,
784        etsysMACAuthenticationMode,
785        etsysMACAuthenticationSystemAccountEnable
786    }
787    STATUS      deprecated
788    DESCRIPTION
789        "Global object controlling this feature.
790         Global objects that affect how the credentials are
791         presented to the authentication server."
792    ::= { etsysMACAuthenticationGroups 5 }
793
794etsysMACAuthenticationSystemGroup3 OBJECT-GROUP
795    OBJECTS {
796        etsysMACAuthenticationSystemEnable,
797        etsysMACAuthenticationMACUserPassword,
798        etsysMACAuthenticationPortUserNameSignificantBits,
799        etsysMACAuthenticationMode,
800        etsysMACAuthenticationSystemAccountEnable,
801        etsysMACAuthenticationSystemUserNameFormat
802    }
803    STATUS      current
804    DESCRIPTION
805        "Global object controlling this feature.
806         Global objects that affect how the credentials are
807         presented to the authentication server."
808    ::= { etsysMACAuthenticationGroups 6 }
809
810etsysMACAuthenticationMACListGroup OBJECT-GROUP
811    OBJECTS {
812        etsysMACAuthenticationMaxMACListEntries,
813        etsysMACAuthenticationCurrentMACListEntries,
814        etsysMACAuthenticationMACListPassword,
815        etsysMACAuthenticationMACListPasswordValid,
816        etsysMACAuthenticationMACListPorts,
817        etsysMACAuthenticationMACListRowStatus
818    }
819    STATUS      current
820    DESCRIPTION
821        "Objects associated with MAC-List configuration."
822    ::= { etsysMACAuthenticationGroups 7 }
823
824-- -------------------------------------------------------------
825-- Compliance statements
826-- -------------------------------------------------------------
827
828etsysMACAuthenticationCompliance MODULE-COMPLIANCE
829    STATUS      deprecated
830    DESCRIPTION
831        "The compliance statement for devices that support MAC-Authentication."
832
833    MODULE
834        MANDATORY-GROUPS {
835            etsysMACAuthenticationSystemGroup,
836            etsysMACAuthenticationPortConfigGroup,
837            etsysMACAuthenticationMACConfigGroup
838            }
839
840        GROUP etsysMACAuthenticationMACSessionGroup
841        DESCRIPTION
842            "Implementation of the etsysMACAuthenticationMACSessionGroup
843             is optional for all agents.  If the agent impelments session
844             functionality, then this table should be supported."
845
846       OBJECT      etsysMACAuthenticationSystemEnable
847       SYNTAX      EnabledStatus
848       MIN-ACCESS  read-only
849       DESCRIPTION
850           "Write access is not required. If read-only is selected,
851            then the default value must be enabled(1)."
852
853       OBJECT      etsysMACAuthenticationPortUserNameSignificantBits
854       SYNTAX      INTEGER(1..48)
855       MIN-ACCESS  read-only
856       DESCRIPTION
857           "Write access is not required. If read-only is selected,
858            then the default value must be 48. If this object is read-write,
859            then the agent performs a two stage authentication where the
860            it attempts to authenticate the masked MAC address if the
861            full MAC address fails to authenticate."
862    ::= { etsysMACAuthenticationCompliances 1 }
863
864etsysMACAuthenticationCompliance2 MODULE-COMPLIANCE
865    STATUS      deprecated
866    DESCRIPTION
867        "The compliance statement for devices that support
868         MAC-Authentication."
869
870    MODULE
871        MANDATORY-GROUPS {
872            etsysMACAuthenticationSystemGroup2,
873            etsysMACAuthenticationPortConfigGroup,
874            etsysMACAuthenticationMACConfigGroup
875            }
876
877        GROUP etsysMACAuthenticationMACSessionGroup
878        DESCRIPTION
879            "Implementation of the etsysMACAuthenticationMACSessionGroup
880             is optional for all agents.  If the agent impelments session
881             functionality, then this table should be supported."
882
883       OBJECT      etsysMACAuthenticationSystemEnable
884       SYNTAX      EnabledStatus
885       MIN-ACCESS  read-only
886       DESCRIPTION
887           "Write access is not required. If read-only is selected,
888            then the default value must be enabled(1)."
889
890       OBJECT      etsysMACAuthenticationPortUserNameSignificantBits
891       SYNTAX      INTEGER(1..48)
892       MIN-ACCESS  read-only
893       DESCRIPTION
894           "Write access is not required. If read-only is selected,
895            then the default value must be 48. If this object is read-write,
896            then the agent performs a two stage authentication where the
897            it attempts to authenticate the masked MAC address if the
898            full MAC address fails to authenticate."
899    ::= { etsysMACAuthenticationCompliances 2 }
900
901etsysMACAuthenticationCompliance3 MODULE-COMPLIANCE
902    STATUS      deprecated
903    DESCRIPTION
904        "The compliance statement for devices that support
905         MAC-Authentication."
906
907    MODULE
908        MANDATORY-GROUPS {
909            etsysMACAuthenticationSystemGroup3,
910            etsysMACAuthenticationPortConfigGroup,
911            etsysMACAuthenticationMACConfigGroup
912            }
913
914        GROUP etsysMACAuthenticationMACSessionGroup
915        DESCRIPTION
916            "Implementation of the etsysMACAuthenticationMACSessionGroup
917             is optional for all agents.  If the agent impelments session
918             functionality, then this table should be supported."
919
920       OBJECT      etsysMACAuthenticationSystemEnable
921       SYNTAX      EnabledStatus
922       MIN-ACCESS  read-only
923       DESCRIPTION
924           "Write access is not required. If read-only is selected,
925            then the default value must be enabled(1)."
926
927       OBJECT      etsysMACAuthenticationPortUserNameSignificantBits
928       SYNTAX      INTEGER(1..48)
929       MIN-ACCESS  read-only
930       DESCRIPTION
931           "Write access is not required. If read-only is selected,
932            then the default value must be 48. If this object is read-write,
933            then the agent performs a two stage authentication where the
934            it attempts to authenticate the masked MAC address if the
935            full MAC address fails to authenticate."
936
937       OBJECT      etsysMACAuthenticationSystemUserNameFormat
938       SYNTAX      INTEGER {
939                     hyphen(1),
940                     none(2)
941                   }
942       MIN-ACCESS  read-only
943       DESCRIPTION
944           "Write access is not required."
945
946       ::= { etsysMACAuthenticationCompliances 3 }
947
948etsysMACAuthenticationCompliance4 MODULE-COMPLIANCE
949    STATUS      current
950    DESCRIPTION
951        "The compliance statement for devices that support
952         MAC-Authentication."
953
954    MODULE
955        MANDATORY-GROUPS {
956            etsysMACAuthenticationSystemGroup3,
957            etsysMACAuthenticationPortConfigGroup,
958            etsysMACAuthenticationMACConfigGroup
959            }
960
961        GROUP etsysMACAuthenticationMACSessionGroup
962        DESCRIPTION
963            "Implementation of the etsysMACAuthenticationMACSessionGroup
964             is optional for all agents.  If the agent implements session
965             functionality, then this table should be supported.
966
967             Implementation of the etysMACAuthenticationMACListGroup is
968             optional for all agents. If the agent implements MAC-List
969             functionality, then this table should be supported."
970
971       OBJECT      etsysMACAuthenticationSystemEnable
972       SYNTAX      EnabledStatus
973       MIN-ACCESS  read-only
974       DESCRIPTION
975           "Write access is not required. If read-only is selected,
976            then the default value must be enabled(1)."
977
978       OBJECT      etsysMACAuthenticationPortUserNameSignificantBits
979       SYNTAX      INTEGER(1..48)
980       MIN-ACCESS  read-only
981       DESCRIPTION
982           "Write access is not required. If read-only is selected,
983            then the default value must be 48. If this object is read-write,
984            then the agent performs a two stage authentication where the
985            it attempts to authenticate the masked MAC address if the
986            full MAC address fails to authenticate."
987
988       OBJECT      etsysMACAuthenticationSystemUserNameFormat
989       SYNTAX      INTEGER {
990                     hyphen(1),
991                     none(2)
992                   }
993       MIN-ACCESS  read-only
994       DESCRIPTION
995           "Write access is not required."
996
997       OBJECT     etsysMACAuthenticationMode
998       SYNTAX     INTEGER {
999		    password(1),
1000	    	    radiusUsername(2),
1001		    macList(3)
1002      	          }
1003       MIN-ACCESS read-only
1004       DESCRIPTION
1005           "Write access is not required."
1006
1007	OBJECT etsysMACAuthenticationMACListRowStatus
1008	WRITE-SYNTAX RowStatus { active(1), createAndGo(4), destroy(6) }
1009	DESCRIPTION
1010 	    "The states createAndWait, notInService and notReady are not
1011	     supported for writing."
1012
1013       ::= { etsysMACAuthenticationCompliances 4 }
1014
1015END
1016