1ENTERASYS-MAC-AUTHENTICATION-MIB DEFINITIONS ::= BEGIN 2 3-- enterasys-mac-authentication-mib.txt 4-- 5-- Part Number: 6-- 7-- 8 9-- This module provides authoritative definitions for Extreme 10-- Networks' MAC-Authentication. 11 12-- 13-- This module will be extended, as needed. 14 15-- Extreme Networks reserves the right to make changes in this 16-- specification and other information contained in this document 17-- without prior notice. The reader should consult Extreme Networks 18-- to determine whether any such changes have been made. 19-- 20-- In no event shall Extreme Networks be liable for any incidental, 21-- indirect, special, or consequential damages whatsoever (including 22-- but not limited to lost profits) arising out of or related to this 23-- document or the information contained in it, even if Extreme 24-- Networks has been advised of, known, or should have known, the 25-- possibility of such damages. 26-- 27-- Extreme Networks grants vendors, end-users, and other interested 28-- parties a non-exclusive license to use this Specification in 29-- connection with the management of Extreme Networks products. 30 31-- Copyright December, 2014 Extreme Networks, Inc. 32 33IMPORTS 34 MODULE-IDENTITY, OBJECT-TYPE, Unsigned32 35 FROM SNMPv2-SMI 36 MacAddress, TruthValue, RowStatus 37 FROM SNMPv2-TC 38 MODULE-COMPLIANCE, OBJECT-GROUP 39 FROM SNMPv2-CONF 40 SnmpAdminString 41 FROM SNMP-FRAMEWORK-MIB 42 InterfaceIndex 43 FROM IF-MIB 44 EnabledStatus 45 FROM P-BRIDGE-MIB 46 PortList 47 FROM Q-BRIDGE-MIB 48 etsysModules 49 FROM ENTERASYS-MIB-NAMES; 50 51etsysMACAuthenticationMIB MODULE-IDENTITY 52 LAST-UPDATED "201706071035Z" -- Wed June 07 10:35 UTC 2017 53 54 ORGANIZATION "Extreme Networks, Inc" 55 CONTACT-INFO 56 "Postal: Extreme Networks, Inc. 57 6480 Via Del Oro 58 San Jose, CA 95119 USA 59 60 Phone: +1 408 579-2800 61 E-mail: support@extremenetworks.com 62 WWW: http://www.extremenetworks.com" 63 64 DESCRIPTION 65 "This MIB module defines a portion of the SNMP enterprise 66 MIBs under Enterasys Networks' enterprise OID pertaining to 67 MAC-Authentication. 68 69 This MIB was designed to be used for authentication using 70 source MAC addresses received in traffic on ports under 71 control of MAC-authentication. 72 73 The security afforded by this approach is neither the primary 74 concern nor intent of this MIB. Rather, this MIB provides 75 a convenient method of associating policy with MAC 76 addresses and applying that policy when the MAC address 77 appears on a pre-approved port in the network. 78 79 The term MAC-Authentication is used because an authentication 80 backend mechanism is used to allow the MAC onto the network, 81 as well as provide authorization information to the switch." 82 83 REVISION "201706071035Z" -- Wed June 07 10:35 UTC 2017 84 DESCRIPTION "Added colon to etsysMACAuthenticationSystemUserNameFormat." 85 86 REVISION "201412191051Z" -- Fri Dec 19 9:30 UTC 2014 87 DESCRIPTION "Added MAC List configuration." 88 89 REVISION "201412051051Z" -- Fri Dec 05 10:50 UTC 2014 90 DESCRIPTION "Added macList mode to etsysMACAuthenticationMode." 91 92 REVISION "201412031200Z" -- Wed Dec 03 13:51 UTC 2014 93 DESCRIPTION "Added etsysMACAuthenticationSystemUserNameFormat." 94 95 REVISION "201305171510Z" -- Fri May 17 15:10 UTC 2013 96 DESCRIPTION "Added account enable and disable." 97 98 REVISION "201301311334Z" -- Thu Jan 31 13:34 UTC 2013 99 DESCRIPTION "Added the etsysMACAuthenticationMode object." 100 101 REVISION "200207181812Z" -- Thu Jul 18 18:12 GMT 2002 102 DESCRIPTION "The initial version of this MIB module" 103 104 ::= { etsysModules 25 } 105 106etsysMACAuthenticationObjects 107 OBJECT IDENTIFIER ::= { etsysMACAuthenticationMIB 1 } 108 109-- ------------------------------------------------------------- 110-- Textual Conventions 111-- ------------------------------------------------------------- 112 113-- ------------------------------------------------------------- 114-- Branches of the Extreme MAC Authentication MIB 115-- ------------------------------------------------------------- 116 117etsysMACAuthenticationSystem 118 OBJECT IDENTIFIER ::= { etsysMACAuthenticationObjects 1 } 119 120etsysMACAuthenticationPortConfig 121 OBJECT IDENTIFIER ::= { etsysMACAuthenticationObjects 2 } 122 123etsysMACAuthenticationMACConfig 124 OBJECT IDENTIFIER ::= { etsysMACAuthenticationObjects 3 } 125 126etsysMACAuthenticationMACSession 127 OBJECT IDENTIFIER ::= { etsysMACAuthenticationObjects 4 } 128 129etsysMACAuthenticationMACListConfig 130 OBJECT IDENTIFIER ::= { etsysMACAuthenticationObjects 5 } 131 132 133-- ------------------------------------------------------------- 134-- etsysMACAuthenticationSystemGroup 135-- ------------------------------------------------------------- 136 137etsysMACAuthenticationSystemEnable OBJECT-TYPE 138 SYNTAX EnabledStatus 139 MAX-ACCESS read-write 140 STATUS current 141 DESCRIPTION 142 "When enabled(1), all objects in this MIB are fully active. 143 When disabled(2), this object overrides all other object 144 settings in this MIB without affecting their values." 145 DEFVAL { disabled } 146 ::= { etsysMACAuthenticationSystem 1 } 147 148etsysMACAuthenticationMACUserPassword OBJECT-TYPE 149 SYNTAX SnmpAdminString 150 MAX-ACCESS read-write 151 STATUS deprecated 152 DESCRIPTION 153 "*** This object is deprecated in favor of *** 154 *** the functionality provided by the *** 155 *** etsysMACAuthenticationMACListConfig group *** 156 157 This is the string to be used as a password credential 158 when authenticating a MAC address when 159 etsysMACAuthenticationMode is set to password(1)." 160 DEFVAL { "NOPASSWORD" } 161 ::= { etsysMACAuthenticationSystem 2 } 162 163etsysMACAuthenticationPortUserNameSignificantBits OBJECT-TYPE 164 SYNTAX INTEGER (1..48) 165 MAX-ACCESS read-write 166 STATUS deprecated 167 DESCRIPTION 168 "*** This object is deprecated in favor of *** 169 *** the functionality provided by the *** 170 *** etsysMACAuthenticationMACListConfig group *** 171 172 This object represents the number of significant bits in the 173 MAC addresses to be used starting with the left-most bit of 174 the vendor portion of the MAC address. The significant portion 175 of the MAC address is sent as a user-name credential when the 176 primary attempt to authenticate the full MAC address fails. 177 Any other failure to authenticate the full address, (i.e. 178 authentication server timeout) causes the the next attempt to 179 start once again with a full MAC authentication." 180 DEFVAL { 48 } 181 ::= { etsysMACAuthenticationSystem 3 } 182 183etsysMACAuthenticationMode OBJECT-TYPE 184 SYNTAX INTEGER { 185 password(1), 186 radiusUsername(2), 187 macList(3) 188 } 189 MAX-ACCESS read-write 190 STATUS current 191 DESCRIPTION 192 "This object selects the credentials to use when authenticating 193 a MAC address. 194 195 password(1) - Attempt to authenticate a user with the 196 password credential provided by 197 etsysMACAuthenticationMACUserPassword. 198 199 radiusUsername(2) - Attempt to authenticate a user with a password 200 credential that is the same as the radius 201 username credential. 202 203 macList(3) - Attempt to authenticate a user with credentials 204 provided by mac-list configuration." 205 DEFVAL { macList } 206 ::= { etsysMACAuthenticationSystem 4 } 207 208etsysMACAuthenticationSystemAccountEnable OBJECT-TYPE 209 SYNTAX EnabledStatus 210 MAX-ACCESS read-write 211 STATUS current 212 DESCRIPTION 213 "When enabled(1), RADIUS accounting start, interim and 214 stop frames are sent to the configured RADIUS server(s). 215 216 When disabled(2), accounting packets are not sent to 217 the RADIUS server." 218 DEFVAL { enabled } 219 ::= { etsysMACAuthenticationSystem 5 } 220 221etsysMACAuthenticationSystemUserNameFormat OBJECT-TYPE 222 SYNTAX INTEGER { 223 hyphen(1), 224 none(2), 225 colon(3) 226 } 227 MAX-ACCESS read-write 228 STATUS current 229 DESCRIPTION 230 "When hyphen(1), the user-name credential is the 231 MAC address formatted as 'xx-xx-xx-xx-xx-xx'. 232 233 When set to none(2), the user-name credential is the 234 MAC address formatted as 'xxxxxxxxxxxx'. 235 236 When colon(3), the user-name credential is the 237 MAC address formatted as 'xx:xx:xx:xx:xx:xx'." 238 DEFVAL { none } 239 ::= { etsysMACAuthenticationSystem 6 } 240 241-- ------------------------------------------------------------- 242-- etsysMACAuthenticationPortConfigGroup 243-- ------------------------------------------------------------- 244 245etsysMACAuthenticationPortConfigTable OBJECT-TYPE 246 SYNTAX SEQUENCE OF EtsysMACAuthenticationPortConfigEntry 247 MAX-ACCESS not-accessible 248 STATUS current 249 DESCRIPTION 250 "A table containing configuration objects for each MAC 251 authentication port. The configuration for 252 each port in this table must be non-volatile." 253 ::= { etsysMACAuthenticationPortConfig 1 } 254 255etsysMACAuthenticationPortConfigEntry OBJECT-TYPE 256 SYNTAX EtsysMACAuthenticationPortConfigEntry 257 MAX-ACCESS not-accessible 258 STATUS current 259 DESCRIPTION 260 "Each conceptual row provides control over all of the 261 initial values used by each authenticated MAC on 262 this port. Subsequent changes to rows in this table, 263 except where noted, have no effect on existing MACs 264 authenticated on this port." 265 INDEX { etsysMACAuthenticationPort } 266 ::= { etsysMACAuthenticationPortConfigTable 1 } 267 268EtsysMACAuthenticationPortConfigEntry ::= 269 SEQUENCE { 270 etsysMACAuthenticationPort InterfaceIndex, 271 etsysMACAuthenticationPortInitialize TruthValue, 272 etsysMACAuthenticationPortReauthenticate TruthValue, 273 etsysMACAuthenticationPortEnable EnabledStatus, 274 etsysMACAuthenticationPortQuietPeriod Unsigned32, 275 etsysMACAuthenticationPortReauthPeriod Unsigned32, 276 etsysMACAuthenticationPortReauthEnabled EnabledStatus, 277 etsysMACAuthenticationAuthenticationsAllowed Unsigned32, 278 etsysMACAuthenticationAuthenticationsAllocated Unsigned32, 279 etsysMACAuthenticationLastFailedAuthCause SnmpAdminString 280 } 281 282etsysMACAuthenticationPort OBJECT-TYPE 283 SYNTAX InterfaceIndex 284 MAX-ACCESS not-accessible 285 STATUS current 286 DESCRIPTION 287 "This is the InterfaceIndex associated with this row." 288 ::= { etsysMACAuthenticationPortConfigEntry 1 } 289 290etsysMACAuthenticationPortInitialize OBJECT-TYPE 291 SYNTAX TruthValue 292 MAX-ACCESS read-write 293 STATUS current 294 DESCRIPTION 295 "When set to true(1), the MAC authentication logic on this 296 port is initialized, forcibly ending all MAC authentication 297 sessions currently in existence on this port. A set with 298 the value false(2) has no affect and a read always returns 299 false." 300 ::= { etsysMACAuthenticationPortConfigEntry 2 } 301 302etsysMACAuthenticationPortReauthenticate OBJECT-TYPE 303 SYNTAX TruthValue 304 MAX-ACCESS read-write 305 STATUS current 306 DESCRIPTION 307 "When set to true(1), the MAC authentication entity on 308 this port is required to immediately verify all currently 309 authenticated MACs on this port. This requires that each 310 MAC address be authenticated with the authentication server 311 through the local authentication client or some other 312 authentication mechanism. Each supplicant remains 313 authenticated pending the outcome." 314 ::= { etsysMACAuthenticationPortConfigEntry 3 } 315 316etsysMACAuthenticationPortEnable OBJECT-TYPE 317 SYNTAX EnabledStatus 318 MAX-ACCESS read-write 319 STATUS current 320 DESCRIPTION 321 "When set to enabled(1), a platform dependent triggering 322 mechanism initiates an authentication exchange using a 323 MAC address for authentication credentials. 324 When disabled(2), authentication attempts are disabled 325 and all currently authenticated MAC sessions or those in 326 the process of authentication on this port are terminated." 327 DEFVAL { disabled } 328 ::= { etsysMACAuthenticationPortConfigEntry 4 } 329 330etsysMACAuthenticationPortQuietPeriod OBJECT-TYPE 331 SYNTAX Unsigned32 332 MAX-ACCESS read-write 333 STATUS current 334 DESCRIPTION 335 "The value, in seconds, following a failed authentication 336 before another may be attempted on this port. This object 337 allows network management to provide hysteresis for failed 338 authentication requests from the same port." 339 DEFVAL { 30 } 340 ::= { etsysMACAuthenticationPortConfigEntry 5 } 341 342etsysMACAuthenticationPortReauthPeriod OBJECT-TYPE 343 SYNTAX Unsigned32 344 MAX-ACCESS read-write 345 STATUS current 346 DESCRIPTION 347 "The value, in seconds, between attempts to re-authenticate 348 any current MAC authenticated on this port." 349 DEFVAL { 3600 } 350 ::= { etsysMACAuthenticationPortConfigEntry 6 } 351 352etsysMACAuthenticationPortReauthEnabled OBJECT-TYPE 353 SYNTAX EnabledStatus 354 MAX-ACCESS read-write 355 STATUS current 356 DESCRIPTION 357 "If enabled(1), then every etsysMACAuthenticationReauthPeriod 358 the switch attempts to validate all currently authenticated 359 MACs on this port. When set to disabled(2) all current 360 re-authentications in progress are allowed to complete and 361 the requisite actions are taken. When set to disabled(2), no 362 further re-authentications are attempted." 363 DEFVAL { disabled } 364 ::= { etsysMACAuthenticationPortConfigEntry 7 } 365 366etsysMACAuthenticationAuthenticationsAllowed OBJECT-TYPE 367 SYNTAX Unsigned32 368 MAX-ACCESS read-only 369 STATUS current 370 DESCRIPTION 371 "The maximum number of concurrent authentications supported 372 on this port on this module. The default value of this 373 object is platform and resource dependent." 374 ::= { etsysMACAuthenticationPortConfigEntry 8 } 375 376etsysMACAuthenticationAuthenticationsAllocated OBJECT-TYPE 377 SYNTAX Unsigned32 378 MAX-ACCESS read-write 379 STATUS current 380 DESCRIPTION 381 "The maximum number of MAC authentications permitted on this 382 port on this module. This value must be non-zero and be less 383 than or equal to the value of 384 etsysMACAuthenticationAuthenticationsAllowed. Setting this 385 object to a value less than the current number of authenticated 386 MACs on this port prevents further authentications, but has no 387 affect on the current sessions." 388 ::= { etsysMACAuthenticationPortConfigEntry 9 } 389 390etsysMACAuthenticationLastFailedAuthCause OBJECT-TYPE 391 SYNTAX SnmpAdminString 392 MAX-ACCESS read-only 393 STATUS current 394 DESCRIPTION 395 "The string will be formatted with 396 'XX-XX-XX-XX-XX-XX: TIME&DATE: Textual failure reason'; 397 where XX-XX-XX-XX-XX-XX is the MAC address and TIME&DATE 398 is the time (hh/mm/ss) and date (mm/dd/yyyy) of the failure. 399 It is also only best effort; as there could be multiple 400 failures per port and the agent may query this at any random 401 time." 402 ::= { etsysMACAuthenticationPortConfigEntry 10 } 403 404 405-- ------------------------------------------------------------- 406-- etsysMACAuthenticationMACConfigGroup 407-- ------------------------------------------------------------- 408 409etsysMACAuthenticationMACConfigTable OBJECT-TYPE 410 SYNTAX SEQUENCE OF EtsysMACAuthenticationMACConfigEntry 411 MAX-ACCESS not-accessible 412 STATUS current 413 DESCRIPTION 414 "A table containing configuration objects for each MAC 415 authenticated on a port. Each row in this table 416 is created dynamically when a MAC authenticates 417 on a port." 418 ::= { etsysMACAuthenticationMACConfig 1 } 419 420etsysMACAuthenticationMACConfigEntry OBJECT-TYPE 421 SYNTAX EtsysMACAuthenticationMACConfigEntry 422 MAX-ACCESS not-accessible 423 STATUS current 424 DESCRIPTION 425 "Each conceptual row inherits it's initial information 426 from the row in the etsysMACAuthenticationPortConfigTable 427 corresponding to the correct port. Each row represents an 428 authenticated MAC." 429 INDEX { etsysMACAuthenticationMACAddress } 430 ::= { etsysMACAuthenticationMACConfigTable 1 } 431 432EtsysMACAuthenticationMACConfigEntry::= 433 SEQUENCE { 434 etsysMACAuthenticationMACAddress MacAddress, 435 etsysMACAuthenticationSupplicantPort InterfaceIndex, 436 etsysMACAuthenticationMACInitialize TruthValue, 437 etsysMACAuthenticationMACReauthenticate TruthValue, 438 etsysMACAuthenticationMACReauthPeriod Unsigned32, 439 etsysMACAuthenticationMACReauthEnabled EnabledStatus 440 } 441 442etsysMACAuthenticationMACAddress OBJECT-TYPE 443 SYNTAX MacAddress 444 MAX-ACCESS not-accessible 445 STATUS current 446 DESCRIPTION 447 "This is the MAC address that was authenticated on this port." 448 ::= { etsysMACAuthenticationMACConfigEntry 1 } 449 450etsysMACAuthenticationSupplicantPort OBJECT-TYPE 451 SYNTAX InterfaceIndex 452 MAX-ACCESS read-only 453 STATUS current 454 DESCRIPTION 455 "This is the InterfaceIndex associated with this rows 456 authenticated MAC." 457 ::= { etsysMACAuthenticationMACConfigEntry 2 } 458 459etsysMACAuthenticationMACInitialize OBJECT-TYPE 460 SYNTAX TruthValue 461 MAX-ACCESS read-write 462 STATUS current 463 DESCRIPTION 464 "When set to true(1), this MAC session terminates causing the 465 corresponding row in this table and in the 466 etsysMACAuthenticationSessionTable to be removed. 467 468 Setting this object to false(2) has no effect on the system. 469 Reads of this object always return false(2)." 470 ::= { etsysMACAuthenticationMACConfigEntry 3 } 471 472etsysMACAuthenticationMACReauthenticate OBJECT-TYPE 473 SYNTAX TruthValue 474 MAX-ACCESS read-write 475 STATUS current 476 DESCRIPTION 477 "When set to true(1), this MAC authentication session on this 478 port is required to immediately verify it's credentials. 479 This requires that each MAC address be authenticated with the 480 authentication server through the local authentication client 481 or some other authentication mechanism. 482 483 Setting this object to false(2) has no effect on the system. 484 Reads of this object always return false(2)." 485 ::= { etsysMACAuthenticationMACConfigEntry 4 } 486 487etsysMACAuthenticationMACReauthPeriod OBJECT-TYPE 488 SYNTAX Unsigned32 489 MAX-ACCESS read-only 490 STATUS current 491 DESCRIPTION 492 "The value, in seconds, between attempts to re-authenticate 493 the MAC associated with this row." 494 ::= { etsysMACAuthenticationMACConfigEntry 5 } 495 496etsysMACAuthenticationMACReauthEnabled OBJECT-TYPE 497 SYNTAX EnabledStatus 498 MAX-ACCESS read-only 499 STATUS current 500 DESCRIPTION 501 "If enabled(1), then every etsysMACAuthenticationReauthPeriod 502 the switch attempts to validate all currently authenticated 503 MACs on this port. If disabled(2), reauthentication is 504 not attempted." 505 ::= { etsysMACAuthenticationMACConfigEntry 6 } 506 507 508-- ------------------------------------------------------------- 509-- etsysMACAuthenticationSessionGroup 510-- ------------------------------------------------------------- 511 512etsysMACAuthenticationSessionTable OBJECT-TYPE 513 SYNTAX SEQUENCE OF EtsysMACAuthenticationSessionEntry 514 MAX-ACCESS not-accessible 515 STATUS current 516 DESCRIPTION 517 "A table containing configuration objects for each MAC 518 authentication on a port. The successful completion of 519 an authentication causes the creation of a new row in 520 this table. When a MAC becomes unauthenticated because 521 of a link-down, a management change, or system 522 re-initialization, then the corresponding row is removed 523 from this table." 524 ::= { etsysMACAuthenticationMACSession 1 } 525 526etsysMACAuthenticationSessionEntry OBJECT-TYPE 527 SYNTAX EtsysMACAuthenticationSessionEntry 528 MAX-ACCESS not-accessible 529 STATUS current 530 DESCRIPTION 531 "Each conceptual row inherits it's initial information 532 from the row in the etsysMACAuthenticationPortConfigTable 533 corresponding to the correct port. Each row represents an 534 authenticated MAC." 535 INDEX { etsysMACAuthenticationMACAddress } 536 ::= { etsysMACAuthenticationSessionTable 1 } 537 538EtsysMACAuthenticationSessionEntry::= 539 SEQUENCE { 540 etsysMACAuthenticationSessionPort InterfaceIndex, 541 etsysMACAuthenticationDuration Unsigned32 542 } 543 544etsysMACAuthenticationSessionPort OBJECT-TYPE 545 SYNTAX InterfaceIndex 546 MAX-ACCESS read-only 547 STATUS current 548 DESCRIPTION 549 "This is the InterfaceIndex associated with the authenticated 550 MACs session." 551 ::= { etsysMACAuthenticationSessionEntry 1 } 552 553etsysMACAuthenticationDuration OBJECT-TYPE 554 SYNTAX Unsigned32 555 MAX-ACCESS read-only 556 STATUS current 557 DESCRIPTION 558 "The value, in seconds, which have elapsed since the start 559 of this session." 560 ::= { etsysMACAuthenticationSessionEntry 2 } 561 562-- ------------------------------------------------------------- 563-- etsysMACAuthenticationMACListConfig 564-- ------------------------------------------------------------- 565 566etsysMACAuthenticationMaxMACListEntries OBJECT-TYPE 567 SYNTAX Unsigned32 568 MAX-ACCESS read-only 569 STATUS current 570 DESCRIPTION 571 "Maximum number of entries allowed in the 572 etsysMACAuthenticationMACListTable." 573 ::= { etsysMACAuthenticationMACListConfig 1 } 574 575etsysMACAuthenticationCurrentMACListEntries OBJECT-TYPE 576 SYNTAX Unsigned32 577 MAX-ACCESS read-only 578 STATUS current 579 DESCRIPTION 580 "The current number of entries in the 581 etsysMACAuthenticationMACListTable." 582 ::= { etsysMACAuthenticationMACListConfig 2 } 583 584etsysMACAuthenticationMACListTable OBJECT-TYPE 585 SYNTAX SEQUENCE OF EtsysMACAuthenticationMACListEntry 586 MAX-ACCESS not-accessible 587 STATUS current 588 DESCRIPTION 589 "This table provides configuration objects for the 590 MAC List functionality. 591 592 When an unauthenticated MAC address is received a 593 longest prefix search is performed. If more than 594 one match is made -- the one with the longest 595 mask length -- is called the longest prefix match. 596 597 Authentication is blocked when no match is found, 598 or the matching entry's etsysMACAuthenticationMACListPorts 599 value is not the empty string and the ingress port is not 600 set in the list. 601 602 To create a default entry that matches any MAC address, 603 configure a row with a MAC address of all FFs and a 604 mask length of 48. 605 606 The user-name credential will be the portion 607 of the MAC address specified by 608 etsysMACAuthenticationMACListMaskLen. 609 610 If the etsysMACAuthenticationMACListPassword is set, 611 it will be used as the password credential for authentication. 612 Otherwise, the user-name credential will be used as the 613 password credential." 614 ::= { etsysMACAuthenticationMACListConfig 3 } 615 616etsysMACAuthenticationMACListEntry OBJECT-TYPE 617 SYNTAX EtsysMACAuthenticationMACListEntry 618 MAX-ACCESS not-accessible 619 STATUS current 620 DESCRIPTION 621 "Each row represents an entry in the MAC List." 622 INDEX { etsysMACAuthenticationMACListAddress, 623 etsysMACAuthenticationMACListMaskLen } 624 ::= { etsysMACAuthenticationMACListTable 1 } 625 626EtsysMACAuthenticationMACListEntry::= 627 SEQUENCE { 628 etsysMACAuthenticationMACListAddress MacAddress, 629 etsysMACAuthenticationMACListMaskLen Unsigned32, 630 etsysMACAuthenticationMACListPassword SnmpAdminString, 631 etsysMACAuthenticationMACListPasswordValid TruthValue, 632 etsysMACAuthenticationMACListPorts PortList, 633 etsysMACAuthenticationMACListRowStatus RowStatus 634 } 635 636etsysMACAuthenticationMACListAddress OBJECT-TYPE 637 SYNTAX MacAddress 638 MAX-ACCESS not-accessible 639 STATUS current 640 DESCRIPTION 641 "The MAC address to match." 642 ::= { etsysMACAuthenticationMACListEntry 1 } 643 644etsysMACAuthenticationMACListMaskLen OBJECT-TYPE 645 SYNTAX Unsigned32 (1..48) 646 MAX-ACCESS not-accessible 647 STATUS current 648 DESCRIPTION 649 "This object represents the number of significant bits in the 650 MAC address to match starting with the left-most bit of 651 the vendor portion of the MAC address. The significant portion 652 of the MAC address is sent as a user-name credential." 653 ::= { etsysMACAuthenticationMACListEntry 2 } 654 655etsysMACAuthenticationMACListPassword OBJECT-TYPE 656 SYNTAX SnmpAdminString (SIZE(0..48)) 657 MAX-ACCESS read-write 658 STATUS current 659 DESCRIPTION 660 "The password to use to authenticate the MAC address. 661 On a read this object will always return an empty string." 662 DEFVAL { "" } 663 ::= { etsysMACAuthenticationMACListEntry 3 } 664 665etsysMACAuthenticationMACListPasswordValid OBJECT-TYPE 666 SYNTAX TruthValue 667 MAX-ACCESS read-only 668 STATUS current 669 DESCRIPTION 670 "true(1) - indicates that etsysMACAuthenticationMACListPassword 671 was last set with some value other than the empty string. 672 673 false(2) - indicates that etsysMACAuthenticationMACListPassword 674 has never been set, or was last set to the empty string. 675 In this case, the password used to authenticate will be the same 676 as the user-name credential." 677 ::= { etsysMACAuthenticationMACListEntry 4 } 678 679etsysMACAuthenticationMACListPorts OBJECT-TYPE 680 SYNTAX PortList 681 MAX-ACCESS read-write 682 STATUS current 683 DESCRIPTION 684 "The set of ports to allow authentication on. If this object is 685 the empty string then authentication is allowed on all ports." 686 DEFVAL { ''H } -- the empty string 687 ::= { etsysMACAuthenticationMACListEntry 5 } 688 689etsysMACAuthenticationMACListRowStatus OBJECT-TYPE 690 SYNTAX RowStatus 691 MAX-ACCESS read-write 692 STATUS current 693 DESCRIPTION 694 "The status of this row. 695 696 active(1) -- Indicates that this entry is available 697 for use by the managed device. 698 699 createAndGo(4) -- A new entry will be created in this table 700 and the new entry will transition to the 701 active state. 702 703 destroy(6) -- Deletes this row. " 704 ::= { etsysMACAuthenticationMACListEntry 6 } 705 706-- ------------------------------------------------------------- 707-- Conformance Information 708-- ------------------------------------------------------------- 709 710etsysMACAuthenticationConformance 711 OBJECT IDENTIFIER ::= { etsysMACAuthenticationMIB 2 } 712 713etsysMACAuthenticationGroups 714 OBJECT IDENTIFIER ::= { etsysMACAuthenticationConformance 1 } 715 716etsysMACAuthenticationCompliances 717 OBJECT IDENTIFIER ::= { etsysMACAuthenticationConformance 2 } 718 719 720-- ------------------------------------------------------------- 721-- Units of conformance 722-- ------------------------------------------------------------- 723 724etsysMACAuthenticationSystemGroup OBJECT-GROUP 725 OBJECTS { 726 etsysMACAuthenticationSystemEnable, 727 etsysMACAuthenticationMACUserPassword, 728 etsysMACAuthenticationPortUserNameSignificantBits 729 } 730 STATUS deprecated 731 DESCRIPTION 732 "Global object controlling this feature. 733 Global objects that affect how the credentials are 734 presented to the authentication server." 735 ::= { etsysMACAuthenticationGroups 1 } 736 737etsysMACAuthenticationPortConfigGroup OBJECT-GROUP 738 OBJECTS { 739 etsysMACAuthenticationPortInitialize, 740 etsysMACAuthenticationPortReauthenticate, 741 etsysMACAuthenticationPortEnable, 742 etsysMACAuthenticationPortQuietPeriod, 743 etsysMACAuthenticationPortReauthPeriod, 744 etsysMACAuthenticationPortReauthEnabled, 745 etsysMACAuthenticationAuthenticationsAllowed, 746 etsysMACAuthenticationAuthenticationsAllocated, 747 etsysMACAuthenticationLastFailedAuthCause 748 } 749 STATUS current 750 DESCRIPTION 751 "Objects describing the MAC Authentication 752 configuration for each port." 753 ::= { etsysMACAuthenticationGroups 2 } 754 755etsysMACAuthenticationMACConfigGroup OBJECT-GROUP 756 OBJECTS { 757 etsysMACAuthenticationSupplicantPort, 758 etsysMACAuthenticationMACInitialize, 759 etsysMACAuthenticationMACReauthenticate, 760 etsysMACAuthenticationMACReauthPeriod, 761 etsysMACAuthenticationMACReauthEnabled 762 } 763 STATUS current 764 DESCRIPTION 765 "Objects associated with an individual MACs 766 authentication configuration." 767 ::= { etsysMACAuthenticationGroups 3 } 768 769etsysMACAuthenticationMACSessionGroup OBJECT-GROUP 770 OBJECTS { 771 etsysMACAuthenticationSessionPort, 772 etsysMACAuthenticationDuration 773 } 774 STATUS current 775 DESCRIPTION 776 "Objects associated with a MAC Session" 777 ::= { etsysMACAuthenticationGroups 4 } 778 779etsysMACAuthenticationSystemGroup2 OBJECT-GROUP 780 OBJECTS { 781 etsysMACAuthenticationSystemEnable, 782 etsysMACAuthenticationMACUserPassword, 783 etsysMACAuthenticationPortUserNameSignificantBits, 784 etsysMACAuthenticationMode, 785 etsysMACAuthenticationSystemAccountEnable 786 } 787 STATUS deprecated 788 DESCRIPTION 789 "Global object controlling this feature. 790 Global objects that affect how the credentials are 791 presented to the authentication server." 792 ::= { etsysMACAuthenticationGroups 5 } 793 794etsysMACAuthenticationSystemGroup3 OBJECT-GROUP 795 OBJECTS { 796 etsysMACAuthenticationSystemEnable, 797 etsysMACAuthenticationMACUserPassword, 798 etsysMACAuthenticationPortUserNameSignificantBits, 799 etsysMACAuthenticationMode, 800 etsysMACAuthenticationSystemAccountEnable, 801 etsysMACAuthenticationSystemUserNameFormat 802 } 803 STATUS current 804 DESCRIPTION 805 "Global object controlling this feature. 806 Global objects that affect how the credentials are 807 presented to the authentication server." 808 ::= { etsysMACAuthenticationGroups 6 } 809 810etsysMACAuthenticationMACListGroup OBJECT-GROUP 811 OBJECTS { 812 etsysMACAuthenticationMaxMACListEntries, 813 etsysMACAuthenticationCurrentMACListEntries, 814 etsysMACAuthenticationMACListPassword, 815 etsysMACAuthenticationMACListPasswordValid, 816 etsysMACAuthenticationMACListPorts, 817 etsysMACAuthenticationMACListRowStatus 818 } 819 STATUS current 820 DESCRIPTION 821 "Objects associated with MAC-List configuration." 822 ::= { etsysMACAuthenticationGroups 7 } 823 824-- ------------------------------------------------------------- 825-- Compliance statements 826-- ------------------------------------------------------------- 827 828etsysMACAuthenticationCompliance MODULE-COMPLIANCE 829 STATUS deprecated 830 DESCRIPTION 831 "The compliance statement for devices that support MAC-Authentication." 832 833 MODULE 834 MANDATORY-GROUPS { 835 etsysMACAuthenticationSystemGroup, 836 etsysMACAuthenticationPortConfigGroup, 837 etsysMACAuthenticationMACConfigGroup 838 } 839 840 GROUP etsysMACAuthenticationMACSessionGroup 841 DESCRIPTION 842 "Implementation of the etsysMACAuthenticationMACSessionGroup 843 is optional for all agents. If the agent impelments session 844 functionality, then this table should be supported." 845 846 OBJECT etsysMACAuthenticationSystemEnable 847 SYNTAX EnabledStatus 848 MIN-ACCESS read-only 849 DESCRIPTION 850 "Write access is not required. If read-only is selected, 851 then the default value must be enabled(1)." 852 853 OBJECT etsysMACAuthenticationPortUserNameSignificantBits 854 SYNTAX INTEGER(1..48) 855 MIN-ACCESS read-only 856 DESCRIPTION 857 "Write access is not required. If read-only is selected, 858 then the default value must be 48. If this object is read-write, 859 then the agent performs a two stage authentication where the 860 it attempts to authenticate the masked MAC address if the 861 full MAC address fails to authenticate." 862 ::= { etsysMACAuthenticationCompliances 1 } 863 864etsysMACAuthenticationCompliance2 MODULE-COMPLIANCE 865 STATUS deprecated 866 DESCRIPTION 867 "The compliance statement for devices that support 868 MAC-Authentication." 869 870 MODULE 871 MANDATORY-GROUPS { 872 etsysMACAuthenticationSystemGroup2, 873 etsysMACAuthenticationPortConfigGroup, 874 etsysMACAuthenticationMACConfigGroup 875 } 876 877 GROUP etsysMACAuthenticationMACSessionGroup 878 DESCRIPTION 879 "Implementation of the etsysMACAuthenticationMACSessionGroup 880 is optional for all agents. If the agent impelments session 881 functionality, then this table should be supported." 882 883 OBJECT etsysMACAuthenticationSystemEnable 884 SYNTAX EnabledStatus 885 MIN-ACCESS read-only 886 DESCRIPTION 887 "Write access is not required. If read-only is selected, 888 then the default value must be enabled(1)." 889 890 OBJECT etsysMACAuthenticationPortUserNameSignificantBits 891 SYNTAX INTEGER(1..48) 892 MIN-ACCESS read-only 893 DESCRIPTION 894 "Write access is not required. If read-only is selected, 895 then the default value must be 48. If this object is read-write, 896 then the agent performs a two stage authentication where the 897 it attempts to authenticate the masked MAC address if the 898 full MAC address fails to authenticate." 899 ::= { etsysMACAuthenticationCompliances 2 } 900 901etsysMACAuthenticationCompliance3 MODULE-COMPLIANCE 902 STATUS deprecated 903 DESCRIPTION 904 "The compliance statement for devices that support 905 MAC-Authentication." 906 907 MODULE 908 MANDATORY-GROUPS { 909 etsysMACAuthenticationSystemGroup3, 910 etsysMACAuthenticationPortConfigGroup, 911 etsysMACAuthenticationMACConfigGroup 912 } 913 914 GROUP etsysMACAuthenticationMACSessionGroup 915 DESCRIPTION 916 "Implementation of the etsysMACAuthenticationMACSessionGroup 917 is optional for all agents. If the agent impelments session 918 functionality, then this table should be supported." 919 920 OBJECT etsysMACAuthenticationSystemEnable 921 SYNTAX EnabledStatus 922 MIN-ACCESS read-only 923 DESCRIPTION 924 "Write access is not required. If read-only is selected, 925 then the default value must be enabled(1)." 926 927 OBJECT etsysMACAuthenticationPortUserNameSignificantBits 928 SYNTAX INTEGER(1..48) 929 MIN-ACCESS read-only 930 DESCRIPTION 931 "Write access is not required. If read-only is selected, 932 then the default value must be 48. If this object is read-write, 933 then the agent performs a two stage authentication where the 934 it attempts to authenticate the masked MAC address if the 935 full MAC address fails to authenticate." 936 937 OBJECT etsysMACAuthenticationSystemUserNameFormat 938 SYNTAX INTEGER { 939 hyphen(1), 940 none(2) 941 } 942 MIN-ACCESS read-only 943 DESCRIPTION 944 "Write access is not required." 945 946 ::= { etsysMACAuthenticationCompliances 3 } 947 948etsysMACAuthenticationCompliance4 MODULE-COMPLIANCE 949 STATUS current 950 DESCRIPTION 951 "The compliance statement for devices that support 952 MAC-Authentication." 953 954 MODULE 955 MANDATORY-GROUPS { 956 etsysMACAuthenticationSystemGroup3, 957 etsysMACAuthenticationPortConfigGroup, 958 etsysMACAuthenticationMACConfigGroup 959 } 960 961 GROUP etsysMACAuthenticationMACSessionGroup 962 DESCRIPTION 963 "Implementation of the etsysMACAuthenticationMACSessionGroup 964 is optional for all agents. If the agent implements session 965 functionality, then this table should be supported. 966 967 Implementation of the etysMACAuthenticationMACListGroup is 968 optional for all agents. If the agent implements MAC-List 969 functionality, then this table should be supported." 970 971 OBJECT etsysMACAuthenticationSystemEnable 972 SYNTAX EnabledStatus 973 MIN-ACCESS read-only 974 DESCRIPTION 975 "Write access is not required. If read-only is selected, 976 then the default value must be enabled(1)." 977 978 OBJECT etsysMACAuthenticationPortUserNameSignificantBits 979 SYNTAX INTEGER(1..48) 980 MIN-ACCESS read-only 981 DESCRIPTION 982 "Write access is not required. If read-only is selected, 983 then the default value must be 48. If this object is read-write, 984 then the agent performs a two stage authentication where the 985 it attempts to authenticate the masked MAC address if the 986 full MAC address fails to authenticate." 987 988 OBJECT etsysMACAuthenticationSystemUserNameFormat 989 SYNTAX INTEGER { 990 hyphen(1), 991 none(2) 992 } 993 MIN-ACCESS read-only 994 DESCRIPTION 995 "Write access is not required." 996 997 OBJECT etsysMACAuthenticationMode 998 SYNTAX INTEGER { 999 password(1), 1000 radiusUsername(2), 1001 macList(3) 1002 } 1003 MIN-ACCESS read-only 1004 DESCRIPTION 1005 "Write access is not required." 1006 1007 OBJECT etsysMACAuthenticationMACListRowStatus 1008 WRITE-SYNTAX RowStatus { active(1), createAndGo(4), destroy(6) } 1009 DESCRIPTION 1010 "The states createAndWait, notInService and notReady are not 1011 supported for writing." 1012 1013 ::= { etsysMACAuthenticationCompliances 4 } 1014 1015END 1016