1-- ********************************************************************* 2-- 3-- IEEE8021X-PAE-MIB : MIB for IEEE 802.1X (802.1X-2010 + 802.1Xbx) 4-- 5-- ********************************************************************* 6 7IEEE8021X-PAE-MIB DEFINITIONS ::= BEGIN 8 9IMPORTS 10 MODULE-IDENTITY, 11 OBJECT-TYPE, 12 Gauge32, 13 Counter32, 14 Counter64, 15 Unsigned32, 16 Integer32 17 FROM SNMPv2-SMI 18 MacAddress, 19 TEXTUAL-CONVENTION, 20 TruthValue, 21 RowPointer, 22 TimeStamp, 23 TimeInterval, 24 RowStatus 25 FROM SNMPv2-TC 26 MODULE-COMPLIANCE, 27 OBJECT-GROUP 28 FROM SNMPv2-CONF 29 SnmpAdminString 30 FROM SNMP-FRAMEWORK-MIB 31 InterfaceIndex 32 FROM IF-MIB 33 SecySCI 34 FROM IEEE8021-SECY-MIB; 35 36ieee8021XPaeMIB MODULE-IDENTITY 37 LAST-UPDATED "201404101619Z" 38 ORGANIZATION "IEEE 802.1 Working Group" 39 CONTACT-INFO 40 " WG-URL: http://grouper.ieee.org/groups/802/1/index.html 41 WG-EMail: stds-802-1@ieee.org 42 Contact: Mick Seaman 43 Postal: C/O IEEE 802.1 Working Group 44 IEEE Standards Association 45 445 Hoes Lane 46 P.O. Box 1331 47 Piscataway 48 NJ 08855-1331 49 USA 50 E-mail: STDS-802-1-L@LISTSERV.IEEE.ORG" 51 DESCRIPTION 52 "The MIB module for managing the Port Access Entity (PAE) 53 functions of IEEE 802.1X (Revision of 802.1X-2004). 54 The PAE functions managed are summarized in Figure 12-3 of 55 IEEE 802.1X and include EAPOL PACP support for authentication 56 (EAP Supplicant and/or Authenticator), MACsec Key Agreement 57 (MKA), EAPOL, and transmission and reception of network 58 announcements. 59 60 The following acronyms and definitions are used in this MIB. 61 62 AN : Association Number, a number that is concatenated with a 63 MACsec Secure Channel Identifier to identify a Secure 64 Association (SA). 65 66 Announcer : EAPOL-Announcement transmission functionality. 67 68 Authenticator : An entity that facilitates authentication of 69 other entities attached to the same LAN. 70 71 CA : secure Connectivity Association: A security relationship, 72 established and maintained by key agreement protocols, that 73 comprises a fully connected subset of the service access 74 points in stations attached to a single LAN that are to be 75 supported by MACsec. 76 77 CAK : secure Connectivity Association Key, a secret key 78 possessed by members of a given CA. 79 80 CKN : secure Connectivity Association Key Name (CKN), a text 81 that identifies a CAK. 82 83 Common Port : An instance of the MAC Internal Sublayer Service 84 used by the SecY or PAC to provide transmission and 85 reception of frames for both the Controlled and 86 Uncontrolled Ports. 87 88 Controlled Port : The access point used to provide the secure 89 MAC Service to a client of a PAC or SecY. 90 91 CP state machine : Controlled Port state machine is capable of 92 controlling a SecY or a PAC. The CP supports 93 interoperability with unauthenticated systems that are not 94 port-based network access control capable, or that lack 95 MKA. When the access controlled port is supported by a 96 SecY, the CP is capable of controlling the SecY so as to 97 provide unsecured connectivity to systems that implement a 98 PAC. 99 100 EAP : Extensible Authentication Protocol, RFC3748. 101 102 EAPOL : EAP over LANs. 103 104 KaY : Key Agreement Entity, a PAE entity responsible for MKA. 105 106 Key Server : Elected by MKA, to transport a succession of SAKs, 107 for use by MACsec, to the other member(s) of a CA. 108 109 KMD : Key Management Domain, a string identifying systems that 110 share cached CAKs. 111 112 Listener : The role is to receive the network announcement 113 parameters in the authentication process. 114 115 Logon Process : The Logon Process is responsible for the 116 managing the use of authentication credentials, for 117 initiating use of the PAE's Supplicant and or Authenticator 118 functionality, for deriving CAK, CKN tuples from PAE 119 results, for maintaining PSKs (Pre-Sharing Keys), and for 120 managing MKA instances. In the absence of successful 121 authentication, key agreement, or support for MAC Security, 122 the Logon Process determines whether the CP state machine 123 should provide unauthenticated connectivity or 124 authenticated but unsecured connectivity. 125 126 MKA : MACsec Key Agreement protocol allows PAEs, each 127 associated with a port that is an authenticated member of a 128 secure connectivity association (CA) or a potential CA, to 129 discover other PAEs attached to the same LAN, to confirm 130 mutual possession of a CAK and hence to prove a past mutual 131 authentication, to agree the secret keys (SAKs) used by 132 MACsec for symmetric shared key cryptography, and to ensure 133 that the data protected by MACsec has not been delayed. 134 135 MKPDU : MACsec Key Agreement Protocol Data Unit. 136 137 MPDU : MAC Protocol Data Unit. 138 139 NID : Network Identity, a UTF-8 string identifying an network 140 or network service. 141 142 PAE : Port Access Entity, the protocol entity associated with a 143 Port. It can support the protocol functionality 144 associated with the Authenticator, the Supplicant, or 145 both. 146 147 PAC : Port Access Controller, a protocol-less shim that 148 provides control over frame transmission and reception by 149 clients attached to its Controlled Port, and uses the MAC 150 Service provided by a Common Port. The access control 151 decision is made by the PAE, typically taking into 152 account the success or failure of mutual authentication 153 and authorization of the PAE's peer(s), and is 154 communicated by the PAE using the LMI to set the PAC's 155 Controlled Port enabled/disable. Two different interfaces 156 'Controlled Port' and 'Uncontrolled Port', are associated 157 with a PAC, and that for each instance of a PAC, two 158 ifTable rows (one for each interface) run on top of an 159 ifTable row representing the 'Common Port' interface, 160 such as a row with ifType = 'ethernetCsmacd(6)'. 161 162 For example : 163 ----------------------------------------------------------- 164 | | | 165 | Controlled Port | Uncontrolled Port | 166 | Interface | Interface | 167 | (ifEntry = j) | (ifEntry = k) | 168 | (ifType = | (ifType = | 169 | macSecControlledIF(231)) | macSecUncontrolledIF(232))| 170 | | | 171 |---------------------------------------------------------| 172 | | 173 | Physical Interface | 174 | (ifEntry = i) | 175 | (ifType = ethernetCsmacd(6)) | 176 |_________________________________________________________| 177 i, j, k are ifIndex to indicate 178 an interface stack in the ifTable. 179 Figure : PAC Interface Stack 180 181 The 'Controlled Port' is the service point to provide one 182 instance of the secure MAC service in a PAC. The 183 'Uncontrolled Port' is the service point to provide one 184 instance of the insecure MAC service in a PAC. 185 186 PACP : Port Access Controller Protocol. 187 188 Port Identifier : A 16-bit number that is unique within the 189 scope of the address of the port. 190 191 Real Port : Indicates the PAE is for a real port. A port that 192 is not created on demand by the mechanisms specified in 193 this standard, but that can transmit and receive frames for 194 one or more virtual ports. 195 196 SC : Secure Channel, a security relationship used to provide 197 security guarantees for frames transmitted from one member 198 of a CA to the others. An SC is supported by a sequence of 199 SAs thus allowing the periodic use of fresh keys without 200 terminating the relationship. 201 202 SA : Secure Association, a security relationship that provides 203 security guarantees for frames transmitted from one member 204 of a CA to the others. Each SA is supported by a single 205 secret key, or a single set of keys where the cryptographic 206 operations used to protect one frame require more than one 207 key. 208 209 SAK : Secure Association key, the secret key used by an SA. 210 211 SCI : Secure Channel Identifier, a globally unique identifier 212 for a secure channel, comprising a globally unique MAC 213 Address and a Port Identifier, unique within the system 214 allocated that address. 215 216 secured connectivity : Data transfer between two or 'Controlled 217 Ports' that is protected by MACsec. 218 219 SecY : MAC Security Entity, the entity that operates the MAC 220 Security protocol within a system. 221 222 Supplicant : An entity at one end of a point-to-point LAN 223 segment that seeks to be authenticated by an Authenticator 224 attached to the other end of that link. 225 226 Suspension: Temporary suspension of MKA operation to facilitate 227 in-service control plane software upgrades without 228 disrupting existing secure connectivity. 229 230 Uncontrolled Port : The access point used to provide the 231 insecure MAC Service to a client of a SecY or PAC. 232 233 Virtual Port : Indicates the PAE is for a virtual port. A MAC 234 Service or Internal Sublayer service access point that is 235 created on demand. Virtual ports can be used to provide 236 separate secure connectivity associations over the same 237 LAN." 238 REVISION "201404101619Z" 239 DESCRIPTION 240 "Update published as part of IEEE 802.1Xbx (Amendment to 241 IEEE 802.1X-2010)" 242 REVISION "200910011650Z" 243 DESCRIPTION 244 "Initial version of this MIB module. Published as part of 245 IEEE P802.1X (Revision of IEEE Standard 802.1X-2009)" 246 ::= { iso(1) iso-identified-organization(3) ieee(111) 247 standards-association-numbered-series-standards(2) 248 lan-man-stds(802) ieee802dot1(1) ieee802dot1mibs(1) 15 } 249 250-- ------------------------------------------------------------------ -- 251-- Textual Conventions 252-- ------------------------------------------------------------------ -- 253 254Ieee8021XPaeCKN ::= TEXTUAL-CONVENTION 255 STATUS current 256 DESCRIPTION 257 "This textual convention indicates the CAK name to identify 258 the Connectivity Association Key (CAK) which is the root key 259 in the MACsec Key Agreement key hierarchy. All potential 260 members of the CA use the same CKN." 261 262 REFERENCE "IEEE 802.1X Clause 5.4, Clause 9.3.1, Clause 6.2" 263 SYNTAX OCTET STRING (SIZE (1..16)) 264 265Ieee8021XPaeCKNOrNull ::= TEXTUAL-CONVENTION 266 STATUS current 267 DESCRIPTION 268 "This textual convention indicates the CAK name to identify 269 the Connectivity Association Key (CAK) which is the root key 270 in the MACsec Key Agreement key hierarchy. All potential 271 members of the CA use the same CKN. 272 273 If this is a zero length value, then the NULL string means 274 CKN information is applicable." 275 276 REFERENCE "IEEE 802.1X Clause 5.4, Clause 9.3.1, Clause 6.2" 277 SYNTAX OCTET STRING (SIZE (0..16)) 278 279Ieee8021XPaeKMD ::= TEXTUAL-CONVENTION 280 STATUS current 281 DESCRIPTION 282 "This textual convention indicates a Key Management Domain 283 (KMD). 284 285 KMD is a string of UTF-8 characters that names the transmitting 286 authenticator's key management domain." 287 288 REFERENCE "IEEE 802.1X Clause 12.6" 289 SYNTAX OCTET STRING (SIZE (0..253)) 290 291Ieee8021XPaeNID ::= TEXTUAL-CONVENTION 292 STATUS current 293 DESCRIPTION 294 "This textual convention indicates a Network Identifier (NID). 295 296 Each network is identified by a NID, a UTF-8 string used by 297 network attached systems to select a network profile." 298 299 REFERENCE "IEEE 802.1X Clause 12.6, Clause 10.1" 300 SYNTAX OCTET STRING (SIZE (1..100)) 301 302Ieee8021XPaeNIDOrNull ::= TEXTUAL-CONVENTION 303 STATUS current 304 DESCRIPTION 305 "This textual convention indicates a Network Identifier (NID). 306 307 Each network is identified by a NID, a UTF-8 string used by 308 network attached systems to select a network profile. 309 310 If this is a zero length value, then the NULL string for 311 NID information is applicable." 312 313 REFERENCE "IEEE 802.1X Clause 12.6, Clause 10.1" 314 SYNTAX OCTET STRING (SIZE (0..100)) 315 316Ieee8021XMkaKeyServerPriority ::= TEXTUAL-CONVENTION 317 STATUS current 318 DESCRIPTION 319 "This textual convention indicates a Key Server priority 320 information. 321 322 Each MKA participant encodes a Key Server Priority, an 8-bit 323 integer, in each MKPDU. Each participant selects the live 324 participant advertising the highest priority as its Key Server 325 provided that participant has not selected another as its Key 326 Server or is unwilling to act as the Key Server. If a Key 327 Server cannot be selected SAKs are not distributed. In the 328 event of a tie for highest priority Key Server, the member with 329 the highest priority SCI is chosen. For consistency with other 330 uses of the SCI's MAC Address component as a priority, 331 numerically lower values of the Key Server Priority and SCI are 332 accorded the highest priority. The Table 9-2 contains 333 recommendations for the use of priority values for various 334 system roles. Participants that will never act as a Key Server 335 should advertise priority 0xFF." 336 337 REFERENCE "IEEE 802.1X Clause 9.5, Table 9-2" 338 SYNTAX OCTET STRING (SIZE (1)) 339 340Ieee8021XMkaMI ::= TEXTUAL-CONVENTION 341 STATUS current 342 DESCRIPTION 343 "This textual convention indicates a Member Identifier (MI). 344 345 The MI is a 96-bit random value chosen when the MKA Instance 346 begins, used with a 32-bit MN to protect against replay attacks 347 and to record liveliness in the Live Peer List or potential 348 liveliness in the Potential Peer List. If the MN wraps, a new 349 random MI value is chosen and the MN begins again at 1." 350 351 REFERENCE "IEEE 802.1X Clause 9.4.2" 352 SYNTAX OCTET STRING (SIZE (12)) 353 354Ieee8021XMkaMN ::= TEXTUAL-CONVENTION 355 DISPLAY-HINT "d" 356 STATUS current 357 DESCRIPTION 358 "This textual convention indicates a Member Number (MN). 359 360 The MN is a 32-bit value which begins at 1 and increases for 361 each MKPDU transmitted. It is used with the MI to protect 362 against replay attacks and to record liveliness in the Live 363 Peers List or potential liveliness in the Potential Peer List. 364 If the MN wraps, a new random MI value is chosen and the MN 365 begins again at a value of 1." 366 367 REFERENCE "IEEE 802.1X Clause 9.4.2" 368 SYNTAX Unsigned32 (1..2147483648) 369 370Ieee8021XMkaKN ::= TEXTUAL-CONVENTION 371 DISPLAY-HINT "d" 372 STATUS current 373 DESCRIPTION 374 "This textual convention indicates a Key Number (KN) used in 375 MKA. 376 377 The MN is a 32-bit integer assigned by that Key Server 378 (sequentially, beginning with 1)." 379 380 REFERENCE "IEEE 802.1X Clause 9.8" 381 SYNTAX Unsigned32 (1..2147483648) 382 383Ieee8021XPaeNIDCapabilites ::= TEXTUAL-CONVENTION 384 STATUS current 385 DESCRIPTION 386 "This textual convention indicates the combinations of 387 authentication and protection capabilities supported for a 388 NID. Any set of these combinations can be supported." 389 390 REFERENCE "IEEE 802.1X Clause 10.1, Table 11-8" 391 SYNTAX BITS { 392 eap(0), 393 eapMka(1), 394 eapMkaMacSec(2), 395 mka(3), 396 mkaMacSec(4), 397 higherLayer(5), -- WebAuth 398 higherLayerFallback(6), -- WebAuth 399 vendorSpecific(7) 400 } 401 402Ieee8021XPaeNIDAccessStatus ::= TEXTUAL-CONVENTION 403 STATUS current 404 DESCRIPTION 405 "This textual convention indicates the transmitter's 406 Controlled Port operational status and current level of 407 access resulting from authentication and the consequent 408 authorization controls applied by that port's clients. 409 410 'noAccess' : Other than to authentication services, and to 411 services announced as available in the absence of 412 authentication (unauthenticated). 413 414 'remedialAccess' : The access granted is severely limited, 415 possibly to remedial services. 416 417 'restrictedAccess' : The Controlled Port is operational, but 418 restrictions have been applied by the network that can 419 limit access to some resources. 420 421 'expectedAccess' : The Controlled Port is operational, and 422 access provided is as expected for successful 423 authentication and authorization for the NID." 424 425 REFERENCE "IEEE 802.1X Clause 10.1, Table 11-8" 426 SYNTAX INTEGER { 427 noAccess(0), 428 remedialAccess(1), 429 restrictedAccess(2), 430 expectedAccess(3) 431 } 432 433Ieee8021XPaeNIDUnauthenticatedStatus ::= TEXTUAL-CONVENTION 434 STATUS current 435 DESCRIPTION 436 "This textual convention indicates the access capabilities of 437 the port's clients without authentication. 438 439 'noAccess' : Other than to authentication services (see 440 Ieee8021XPaeNIDCapabilites information. 441 442 'fallbackAccess' : Limited access can be provided after 443 authentication failure. 444 445 'limitedAccess' : Immediate limited access is available 446 without authentication. 447 448 'openAccess' : Immediate access is available without 449 authentication." 450 451 REFERENCE "IEEE 802.1X Clause 10.1, Table 11-8" 452 SYNTAX INTEGER { 453 noAccess(0), 454 fallbackAccess(1), 455 limitedAccess(2), 456 openAccess(3) 457 } 458 459-- ------------------------------------------------------------------ -- 460-- Groups in the IEEE 802.1X MIB 461-- ------------------------------------------------------------------ -- 462 463ieee8021XPaeMIBNotifications OBJECT IDENTIFIER 464 ::= { ieee8021XPaeMIB 0 } 465 466ieee8021XPaeMIBObjects OBJECT IDENTIFIER 467 ::= { ieee8021XPaeMIB 1 } 468 469ieee8021XPaeMIBConformance OBJECT IDENTIFIER 470 ::= { ieee8021XPaeMIB 2 } 471 472-- ------------------------------------------------------------------ -- 473-- Management Objects in the IEEE 802.1X MIB 474-- ------------------------------------------------------------------ -- 475 476ieee8021XPaeSystem OBJECT IDENTIFIER 477 ::= { ieee8021XPaeMIBObjects 1 } 478 479ieee8021XPaeLogon OBJECT IDENTIFIER 480 ::= { ieee8021XPaeMIBObjects 2 } 481 482ieee8021XPaeAuthenticator OBJECT IDENTIFIER 483 ::= { ieee8021XPaeMIBObjects 3 } 484 485ieee8021XPaeSupplicant OBJECT IDENTIFIER 486 ::= { ieee8021XPaeMIBObjects 4 } 487 488ieee8021XPaeEapol OBJECT IDENTIFIER 489 ::= { ieee8021XPaeMIBObjects 5 } 490 491ieee8021XPaeKaY OBJECT IDENTIFIER 492 ::= { ieee8021XPaeMIBObjects 6 } 493 494ieee8021XPaeNetworkIdentifier OBJECT IDENTIFIER 495 ::= { ieee8021XPaeMIBObjects 7 } 496 497 498-- ------------------------------------------------------------------ -- 499-- The 802.1X PAE System Group 500-- ------------------------------------------------------------------ -- 501-- 502-- ------------------------------------------------------------------ -- 503-- The 802.1X PAE System Objects 504-- ------------------------------------------------------------------ -- 505 506ieee8021XPaeSysAccessControl OBJECT-TYPE 507 SYNTAX TruthValue 508 MAX-ACCESS read-write 509 STATUS current 510 DESCRIPTION 511 "This object enables or disables port-based network access 512 control for all the system's ports. Setting this control 513 object to 'false' causes the following actions : 514 . Deletes any virtual ports previously instantiated. 515 . Terminates authentication exchanges and MKA instances' 516 operation. 517 . Each real port PAE behaves as if no virtual ports 518 created. 519 . All the PAEs' Supplicant, Authenticator, and KaY are 520 disabled. 521 . Logon Process(es) behave as if the object 522 ieee8021XNidUnauthAllowed was 'immediate'. 523 . Announcements can be transmitted, both periodically and 524 in response to announcement requests (conveyed by 525 EAPOL-Starts or EAPOL-Announcement-Reqs) but are sent 526 with a single NULL NID. 527 . Objects announcementAccessStatus and announceAccessStatus 528 have the 'noAccess' value, announcementAccessRequested is 529 'false', object announcementUnauthAccess has the 530 'openAccess' value. 531 532 The control variable settings for each real port PAE in the 533 ieee8021XPaePortTable are unaffected, and will be used once the 534 object is set to 'true'. 535 536 This configured value for this object shall be stored in 537 persistent memory and remain unchanged across a 538 re-initialization of the management system of the entity." 539 REFERENCE 540 "IEEE 802.1X Clause 12.9.1, Figure 12-3 PAE 541 System.systemAccessControl" 542 ::= { ieee8021XPaeSystem 1 } 543 544ieee8021XPaeSysAnnouncements OBJECT-TYPE 545 SYNTAX TruthValue 546 MAX-ACCESS read-write 547 STATUS current 548 DESCRIPTION 549 "Setting this control object to 'false' causes each PAE in this 550 system to behave as if the PAE's Announcement functionality is 551 disabled. The independent controls for each PAE apply if 552 this object is 'true'. 553 554 This configured value for this object shall be stored in 555 persistent memory and remain unchanged across a 556 re-initialization of the management system of the entity." 557 REFERENCE 558 "IEEE 802.1X Clause 12.9.1, Figure 12-3 PAE 559 System.systemAnnouncements" 560 ::= { ieee8021XPaeSystem 2 } 561 562ieee8021XPaeSysEapolVersion OBJECT-TYPE 563 SYNTAX Unsigned32 564 MAX-ACCESS read-only 565 STATUS current 566 DESCRIPTION 567 "The EAPOL protocol version for this system." 568 REFERENCE 569 "IEEE 802.1X Clause 12.9.1, Clause 11.3, Figure 12-3 PAE 570 System.eapolProtocolVersion" 571 ::= { ieee8021XPaeSystem 3 } 572 573ieee8021XPaeSysMkaVersion OBJECT-TYPE 574 SYNTAX Unsigned32 575 MAX-ACCESS read-only 576 STATUS current 577 DESCRIPTION 578 "The MKA protocol version for this system." 579 REFERENCE "IEEE 802.1X Clause 12.9.1" 580 ::= { ieee8021XPaeSystem 4 } 581-- ------------------------------------------------------------------ -- 582-- The 802.1X PAE Port Table 583-- ------------------------------------------------------------------ -- 584 585ieee8021XPaePortTable OBJECT-TYPE 586 SYNTAX SEQUENCE OF Ieee8021XPaePortEntry 587 MAX-ACCESS not-accessible 588 STATUS current 589 DESCRIPTION 590 "A table of system level information for each port supported by 591 the Port Access Entity. An entry appears in this table for 592 each port of this system. 593 594 For the writeable objects in this table, the configured value 595 shall be stored in persistent memory and remain unchanged 596 across a re-initialization of the management system of the 597 entity." 598 REFERENCE "802.1X Clause 12.9.2, Figure 12-3 PAE" 599 ::= { ieee8021XPaeSystem 5 } 600 601ieee8021XPaePortEntry OBJECT-TYPE 602 SYNTAX Ieee8021XPaePortEntry 603 MAX-ACCESS not-accessible 604 STATUS current 605 DESCRIPTION 606 "The Port number, protocol version, and 607 initialization control for a Port. 608 609 If the PAE has been dynamically instantiated to support an 610 existing or potential virtual port, the Uncontrolled Port 611 interface and Controlled Port interface are allocated by the 612 real port's PAE." 613 INDEX { ieee8021XPaePortNumber } 614 ::= { ieee8021XPaePortTable 1 } 615 616Ieee8021XPaePortEntry ::= SEQUENCE { 617 ieee8021XPaePortNumber InterfaceIndex, 618 ieee8021XPaePortType INTEGER, 619 ieee8021XPaeControlledPortNumber InterfaceIndex, 620 ieee8021XPaeUncontrolledPortNumber InterfaceIndex, 621 ieee8021XPaeCommonPortNumber InterfaceIndex, 622 ieee8021XPaePortInitialize TruthValue, 623 ieee8021XPaePortCapabilities BITS, 624 ieee8021XPaePortVirtualPortsEnable TruthValue, 625 ieee8021XPaePortMaxVirtualPorts Unsigned32, 626 ieee8021XPaePortCurrentVirtualPorts Gauge32, 627 ieee8021XPaePortVirtualPortStart TruthValue, 628 ieee8021XPaePortVirtualPortPeerMAC MacAddress, 629 ieee8021XPaePortLogonEnable TruthValue, 630 ieee8021XPaePortAuthenticatorEnable TruthValue, 631 ieee8021XPaePortSupplicantEnable TruthValue, 632 ieee8021XPaePortKayMkaEnable TruthValue, 633 ieee8021XPaePortAnnouncerEnable TruthValue, 634 ieee8021XPaePortListenerEnable TruthValue 635} 636 637ieee8021XPaePortNumber OBJECT-TYPE 638 SYNTAX InterfaceIndex 639 MAX-ACCESS not-accessible 640 STATUS current 641 DESCRIPTION 642 "An interface index indicates the port number associated with 643 this port. Each PAE is uniquely identified by a port number. 644 The port number used is unique amongst all port numbers for 645 the system, and directly or indirectly identifies the 646 Uncontrolled Port that supports the PAE. 647 648 If the PAE indicates a real port, ieee8021XPaePortType object 649 in the same row is 'realPort', the port number shall be the 650 same as the ieee8021XPaeCommonPortNumber object in the same row 651 for the associated PAC or SecY. 652 653 If the PAE indicates a virtual port, ieee8021XPaePortType 654 object in the same row is 'virtualPort', this port number 655 should be the same as the uncontrolledPortNumber object in the 656 same row for the associated PAC or SecY." 657 REFERENCE "802.1X Clause 12.9.2, Figure 12-3" 658 ::= { ieee8021XPaePortEntry 1 } 659 660ieee8021XPaePortType OBJECT-TYPE 661 SYNTAX INTEGER { 662 realPort(1), 663 virtualPort(2) 664 } 665 MAX-ACCESS read-only 666 STATUS current 667 DESCRIPTION 668 "The port type of the PAE. 669 670 realPort(1) : indicates the PAE is for a real port. 671 672 virtualPort(2) : indicates the PAE is for a virtual port." 673 REFERENCE "802.1X Clause 12.9.2, Figure 12-3" 674 ::= { ieee8021XPaePortEntry 2 } 675 676ieee8021XPaeControlledPortNumber OBJECT-TYPE 677 SYNTAX InterfaceIndex 678 MAX-ACCESS read-only 679 STATUS current 680 DESCRIPTION 681 "An interface index indicates the port number associated with 682 PAC or SecY's Controlled Port." 683 REFERENCE "802.1X Clause 12.9.2, Figure 12-3" 684 ::= { ieee8021XPaePortEntry 3 } 685 686ieee8021XPaeUncontrolledPortNumber OBJECT-TYPE 687 SYNTAX InterfaceIndex 688 MAX-ACCESS read-only 689 STATUS current 690 DESCRIPTION 691 "An interface index indicates the port number associated with 692 PAC or SecY's Uncontrolled Port. If the PAE supports a 693 real port, this port number can be the same as the 694 ieee8021XPaeCommonPortNumber object in the same row, otherwise 695 it shall not be the same." 696 REFERENCE "802.1X Clause 12.9.2, Figure 12-3" 697 ::= { ieee8021XPaePortEntry 4 } 698 699ieee8021XPaeCommonPortNumber OBJECT-TYPE 700 SYNTAX InterfaceIndex 701 MAX-ACCESS read-only 702 STATUS current 703 DESCRIPTION 704 "An interface index indicates the port number associated with 705 PAC or SecY's 'Common Port'. All the virtual ports created 706 for a given real port share the same 'Common Port' and 707 ieee8021XPaeCommonPortNumber in the same row." 708 REFERENCE "802.1X Clause 12.9.2, Figure 12-3" 709 ::= { ieee8021XPaePortEntry 5 } 710 711ieee8021XPaePortInitialize OBJECT-TYPE 712 SYNTAX TruthValue 713 MAX-ACCESS read-write 714 STATUS current 715 DESCRIPTION 716 "The initialization control for this Port. Setting this object 717 'true' causes the Port to be reinitialized, terminating (and 718 potentially restarting) authentication exchanges and MKA 719 operation. 720 721 If the port is a real port, any virtual ports previously 722 instantiated are deleted. Virtual ports can be reinstantiated 723 through normal protocol operation. 724 725 The object value reverts to 'false' once initialization 726 has completed." 727 REFERENCE "802.1X Clause 12.9.3, Figure 12-3" 728 ::= { ieee8021XPaePortEntry 6 } 729 730ieee8021XPaePortCapabilities OBJECT-TYPE 731 SYNTAX BITS { 732 suppImplemented(0), 733 authImplemented(1), 734 mkaImplemented(2), 735 macsecImplemented(3), 736 announcementsImplemented(4), 737 listenerImplemented(5), 738 virtualPortsImplemented(6) 739 } 740 MAX-ACCESS read-only 741 STATUS current 742 DESCRIPTION 743 "The capabilities of this PAE port. 744 745 'suppImplemented' : A PACP EAP supplicant functions are 746 implemented in this PAE if this bit is on. 747 748 'authImplemented' : A PACP EAP authenticator functions are 749 implemented in this PAE if this bit is on. 750 751 'mkaImplemented' : The KaY MKA functions are implemented 752 in this PAE if this bit is on. 753 754 'macsecImplemented' : The MACsec functions in the 755 Controlled Port are implemented in this PAE if this 756 bit is on. 757 758 'announcementsImplemented' : The EAPOL announcement can be 759 sent in this PAE if this bit is on. 760 761 'listenerImplemented' : This PAE can receive EAPOL announcement 762 if this bit is on. 763 764 'virtualPortsImplemented' : Virtual Port functions are 765 implemented in this PAE if this bit is on." 766 REFERENCE "802.1X Clause 12.9.2, Figure 12-3" 767 ::= { ieee8021XPaePortEntry 7 } 768 769ieee8021XPaePortVirtualPortsEnable OBJECT-TYPE 770 SYNTAX TruthValue 771 MAX-ACCESS read-write 772 STATUS current 773 DESCRIPTION 774 "Enable or disable to Virtual Ports function for this Real Port 775 PAE, the object ieee8021XPaePortType in the same row has the 776 value 'realPort'. If this PAE is not a Real Port, this object 777 should be read only and returns 'false'. 778 779 This object will be read only and returns 'false' if the value 780 of the object ieee8021XPaePortCapabilities in the same row has 781 the bit 'virtualPortsImplemented' off." 782 REFERENCE "802.1X Clause 12.8.1, Figure 12-3" 783 ::= { ieee8021XPaePortEntry 8 } 784 785ieee8021XPaePortMaxVirtualPorts OBJECT-TYPE 786 SYNTAX Unsigned32 787 MAX-ACCESS read-only 788 STATUS current 789 DESCRIPTION 790 "The maximum number of virtual ports can be supported in this 791 port." 792 REFERENCE "802.1X Clause 12.9.2, Figure 12-3" 793 ::= { ieee8021XPaePortEntry 9 } 794 795ieee8021XPaePortCurrentVirtualPorts OBJECT-TYPE 796 SYNTAX Gauge32 797 MAX-ACCESS read-only 798 STATUS current 799 DESCRIPTION 800 "The current number of virtual ports is running in this port." 801 REFERENCE "802.1X Clause 12.9.2, Figure 12-3" 802 ::= { ieee8021XPaePortEntry 10 } 803 804ieee8021XPaePortVirtualPortStart OBJECT-TYPE 805 SYNTAX TruthValue 806 MAX-ACCESS read-only 807 STATUS current 808 DESCRIPTION 809 "This object will be 'true' if the virtual port is created by 810 receipt of an EAPOL-Start packet." 811 REFERENCE "802.1X Clause 12.7, Figure 12-3" 812 ::= { ieee8021XPaePortEntry 11 } 813 814ieee8021XPaePortVirtualPortPeerMAC OBJECT-TYPE 815 SYNTAX MacAddress 816 MAX-ACCESS read-only 817 STATUS current 818 DESCRIPTION 819 "The source MAC address of the received EAPOL-Start if 820 ieee8021XPaePortVirtualPortStart is set 'true'. 821 822 If ieee8021XPaePortVirtualPortStart is not 'true' in the same 823 row, the value of this object should be 00-00-00-00-00-00." 824 REFERENCE "802.1X Clause 12.7, Figure 12-3" 825 ::= { ieee8021XPaePortEntry 12 } 826 827ieee8021XPaePortLogonEnable OBJECT-TYPE 828 SYNTAX TruthValue 829 MAX-ACCESS read-write 830 STATUS current 831 DESCRIPTION 832 "Enable or disable to transmit network announcement 833 information." 834 REFERENCE "802.1X Clause 12.5, Figure 12-3" 835 ::= { ieee8021XPaePortEntry 13 } 836 837ieee8021XPaePortAuthenticatorEnable OBJECT-TYPE 838 SYNTAX TruthValue 839 MAX-ACCESS read-only 840 STATUS current 841 DESCRIPTION 842 "Enable or disable to the Authenticator function in this PAE. 843 844 This object will be read only and returns 'false' if the value 845 of the object ieee8021XPaePortCapabilities in the same row has 846 the bit 'authImplemented' Off." 847 REFERENCE "802.1X Clause 8.4, Figure 12-3" 848 ::= { ieee8021XPaePortEntry 14 } 849 850ieee8021XPaePortSupplicantEnable OBJECT-TYPE 851 SYNTAX TruthValue 852 MAX-ACCESS read-only 853 STATUS current 854 DESCRIPTION 855 "Enable or disable to the Supplicant function in this PAE. 856 857 This object will be read only and returns 'false' if the value 858 of the object ieee8021XPaePortCapabilities in the same row has 859 the bit 'suppImplemented' off." 860 REFERENCE "802.1X Clause 8.4, Figure 12-3" 861 ::= { ieee8021XPaePortEntry 15 } 862 863ieee8021XPaePortKayMkaEnable OBJECT-TYPE 864 SYNTAX TruthValue 865 MAX-ACCESS read-write 866 STATUS current 867 DESCRIPTION 868 "Enable or disable the MKA protocol function in this PAE. 869 870 This object will be read only and returns 'false' if the value 871 of the object ieee8021XPaePortCapabilities in the same row has 872 the bit 'mkaImplemented' off." 873 REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" 874 ::= { ieee8021XPaePortEntry 16 } 875 876ieee8021XPaePortAnnouncerEnable OBJECT-TYPE 877 SYNTAX TruthValue 878 MAX-ACCESS read-write 879 STATUS current 880 DESCRIPTION 881 "Enable or disable the network Announcer function in this PAE. 882 883 This object will be read only and returns 'false' if the value 884 of the object ieee8021XPaePortCapabilities in the same row has 885 the bit 'announcementsImplemented' off." 886 REFERENCE "802.1X Clause 10.4, Figure 12-3" 887 ::= { ieee8021XPaePortEntry 17 } 888 889ieee8021XPaePortListenerEnable OBJECT-TYPE 890 SYNTAX TruthValue 891 MAX-ACCESS read-write 892 STATUS current 893 DESCRIPTION 894 "Enable or disable the network Listener function in this PAE. 895 896 This object will be read only and returns 'false' if the value 897 of the object ieee8021XPaePortCapabilities in the same row has 898 the bit 'listenerImplemented' off." 899 REFERENCE "802.1X Clause 10.4, Figure 12-3" 900 ::= { ieee8021XPaePortEntry 18 } 901 902 903-- ------------------------------------------------------------------ -- 904-- The 802.1X PAC Port Table 905-- ------------------------------------------------------------------ -- 906 907ieee8021XPacPortTable OBJECT-TYPE 908 SYNTAX SEQUENCE OF Ieee8021XPacPortEntry 909 MAX-ACCESS not-accessible 910 STATUS current 911 DESCRIPTION 912 "A table of system level information for each interface 913 supported by PAC. 914 915 This table will be instantiated if the value of the object 916 ieee8021XPaePortCapabilities in the corresponding entry of the 917 ieee8021XPaePortTable has the bit 'macsecImplemented' off. 918 919 For the writeable objects in this table, the configured value 920 shall be stored in persistent memory and remain unchanged 921 across a re-initialization of the management system of the 922 entity." 923 REFERENCE "IEEE 802.1X Clause 6.4, Clause 14" 924 ::= { ieee8021XPaeSystem 6 } 925 926ieee8021XPacPortEntry OBJECT-TYPE 927 SYNTAX Ieee8021XPacPortEntry 928 MAX-ACCESS not-accessible 929 STATUS current 930 DESCRIPTION 931 "An entry containing PAC management information applicable to 932 a particular interface." 933 INDEX { ieee8021XPacPortControlledPortNumber } 934 ::= { ieee8021XPacPortTable 1 } 935 936Ieee8021XPacPortEntry ::= SEQUENCE { 937 ieee8021XPacPortControlledPortNumber InterfaceIndex, 938 ieee8021XPacPortAdminPt2PtMAC INTEGER, 939 ieee8021XPacPortOperPt2PtMAC TruthValue 940} 941 942ieee8021XPacPortControlledPortNumber OBJECT-TYPE 943 SYNTAX InterfaceIndex 944 MAX-ACCESS not-accessible 945 STATUS current 946 DESCRIPTION 947 "The index to identify the 'Controlled Port' interface for a PAC." 948 REFERENCE "IEEE 802.1X Clause 6.4" 949 ::= { ieee8021XPacPortEntry 1 } 950 951ieee8021XPacPortAdminPt2PtMAC OBJECT-TYPE 952 SYNTAX INTEGER { 953 forceTrue(1), 954 forceFalse(2), 955 auto(3) 956 } 957 MAX-ACCESS read-write 958 STATUS current 959 DESCRIPTION 960 "An object to control the service connectivity to at most one 961 other system. The ieee8021XPacPortOperPt2PtMAC indicates 962 operational status of the service connectivity for this PAC. 963 964 'forceTrue' : allows only one service connection to the 965 other system. 966 967 'forceFalse' : no restriction on the number of service 968 connections to the other systems. 969 970 'auto' : means the service connectivity is determined by the 971 service providing entity." 972 REFERENCE "IEEE 802.1X Clause 6.4" 973 DEFVAL { auto } 974 ::= { ieee8021XPacPortEntry 2 } 975 976ieee8021XPacPortOperPt2PtMAC OBJECT-TYPE 977 SYNTAX TruthValue 978 MAX-ACCESS read-only 979 STATUS current 980 DESCRIPTION 981 "An object to reflect the current service connectivity status. 982 983 'true' : means the service connectivity of this PAC 984 Controlled Port provides at most one other system. 985 986 'false' : means the service connectivity of this PAC could 987 provide more than one other system." 988 REFERENCE "IEEE 802.1X Clause 6.4" 989 ::= { ieee8021XPacPortEntry 3 } 990 991 992-- ------------------------------------------------------------------ -- 993-- The 802.1X PAE Logon Process Group 994-- ------------------------------------------------------------------ -- 995-- 996-- ------------------------------------------------------------------ -- 997-- The 802.1X PAE Logon Process Table 998-- ------------------------------------------------------------------ -- 999 1000ieee8021XPaePortLogonTable OBJECT-TYPE 1001 SYNTAX SEQUENCE OF Ieee8021XPaePortLogonEntry 1002 MAX-ACCESS not-accessible 1003 STATUS current 1004 DESCRIPTION 1005 "A table of system level information for each port to support 1006 the Logon Process(es) status information. 1007 1008 This table will be instantiated if the object 1009 ieee8021XPaePortLogonEnable in the corresponding entry of the 1010 ieee8021XPaePortTable is 'true'." 1011 REFERENCE "802.1X Clause 12.5, Figure 12-3" 1012 ::= { ieee8021XPaeLogon 1 } 1013 1014ieee8021XPaePortLogonEntry OBJECT-TYPE 1015 SYNTAX Ieee8021XPaePortLogonEntry 1016 MAX-ACCESS not-accessible 1017 STATUS current 1018 DESCRIPTION 1019 "An entry contains Logon Process status information for the 1020 PAE." 1021 INDEX { ieee8021XPaePortNumber } 1022 ::= { ieee8021XPaePortLogonTable 1 } 1023 1024Ieee8021XPaePortLogonEntry ::= SEQUENCE { 1025 ieee8021XPaePortLogonConnectStatus INTEGER, 1026 ieee8021XPaePortPortValid TruthValue 1027} 1028 1029ieee8021XPaePortLogonConnectStatus OBJECT-TYPE 1030 SYNTAX INTEGER { 1031 pending(1), 1032 unauthenticated(2), 1033 authenticated(3), 1034 secure(4) 1035 } 1036 MAX-ACCESS read-only 1037 STATUS current 1038 DESCRIPTION 1039 "The Logon Process sets this variable to one of the following 1040 values, to indicate to the CP state machine if, and how, 1041 connectivity is to be provided through the Controlled Port : 1042 1043 'pending' : Prevent connectivity by disabling the 1044 Controlled Port of this PAE. 1045 1046 'unauthenticated' : Provide unsecured connectivity, enabling 1047 the Controlled Port of this PAE. 1048 1049 'authenticated' : Provide unsecured connectivity but with 1050 authentication, enabling Controlled Port of this PAE. 1051 1052 'secure' : Provide secure connectivity, using SAKs provided by 1053 the KaY (when available) and enabling Controlled Port when 1054 those keys are installed and in use." 1055 REFERENCE "802.1X Clause 12.3, Figure 12-3" 1056 ::= { ieee8021XPaePortLogonEntry 1 } 1057 1058ieee8021XPaePortPortValid OBJECT-TYPE 1059 SYNTAX TruthValue 1060 MAX-ACCESS read-only 1061 STATUS current 1062 DESCRIPTION 1063 "This object will be set 'true' if Controlled Port communication 1064 is secured as specified by the MACsec." 1065 REFERENCE "802.1X Clause 12.3, Figure 12-3" 1066 ::= { ieee8021XPaePortLogonEntry 2 } 1067 1068 1069-- ------------------------------------------------------------------ -- 1070-- The 802.1X PAE Session Table 1071-- ------------------------------------------------------------------ -- 1072 1073ieee8021XPaePortSessionTable OBJECT-TYPE 1074 SYNTAX SEQUENCE OF Ieee8021XPaePortSessionEntry 1075 MAX-ACCESS not-accessible 1076 STATUS current 1077 DESCRIPTION 1078 "A table of system level information for each port to support 1079 Logon Process(es) session information. This table maintains 1080 session statistics for its associated Controlled Port, 1081 suitable for communication to a RADIUS or other AAA server at 1082 the end of a session for accounting purpose. 1083 1084 This table will be instantiated if the object 1085 ieee8021XPaePortLogonEnable in the corresponding entry of the 1086 ieee8021XPaePortTable is 'true'." 1087 REFERENCE "802.1X Clause 12.5.1, Figure 12-3" 1088 ::= { ieee8021XPaeLogon 2 } 1089 1090ieee8021XPaePortSessionEntry OBJECT-TYPE 1091 SYNTAX Ieee8021XPaePortSessionEntry 1092 MAX-ACCESS not-accessible 1093 STATUS current 1094 DESCRIPTION 1095 "An entry contains Logon Process session information for the 1096 PAE. A session, an entry, begins when the operation of 1097 Controlled Port becomes 'true' and ends when it becomes 1098 'false'. 1099 1100 The counts of frames and octets can be derived from those 1101 maintained to support from Interface MIB counters for the 1102 SecY's or the PAC's Controlled Port, but differs in that the 1103 counts are zeroed when the session begins." 1104 INDEX { ieee8021XPaeSessionControlledPortNumber } 1105 ::= { ieee8021XPaePortSessionTable 1 } 1106 1107Ieee8021XPaePortSessionEntry ::= SEQUENCE { 1108 ieee8021XPaeSessionControlledPortNumber InterfaceIndex, 1109 ieee8021XPaePortSessionOctetsRx Counter64, 1110 ieee8021XPaePortSessionOctetsTx Counter64, 1111 ieee8021XPaePortSessionPktsRx Counter64, 1112 ieee8021XPaePortSessionPktsTx Counter64, 1113 ieee8021XPaePortSessionId SnmpAdminString, 1114 ieee8021XPaePortSessionStartTime TimeStamp, 1115 ieee8021XPaePortSessionIntervalTime TimeInterval, 1116 ieee8021XPaePortSessionTerminate INTEGER, 1117 ieee8021XPaePortSessionUserName SnmpAdminString 1118} 1119 1120ieee8021XPaeSessionControlledPortNumber OBJECT-TYPE 1121 SYNTAX InterfaceIndex 1122 MAX-ACCESS not-accessible 1123 STATUS current 1124 DESCRIPTION 1125 "The index to identify the 'Controlled Port' interface's session 1126 information for a PAE." 1127 REFERENCE "802.1X Clause 12.5.1, Figure 12-3" 1128 ::= { ieee8021XPaePortSessionEntry 1 } 1129 1130ieee8021XPaePortSessionOctetsRx OBJECT-TYPE 1131 SYNTAX Counter64 1132 UNITS "Octets" 1133 MAX-ACCESS read-only 1134 STATUS current 1135 DESCRIPTION 1136 "The number of octets received in this session of this PAE. 1137 1138 Discontinuities in the value of this counter can occur at 1139 re-initialization of the management system, and at 1140 other times as indicated by the value of 1141 ieee8021XPaePortSessionStartTime." 1142 REFERENCE "802.1X Clause 12.5.1, Figure 12-3" 1143 ::= { ieee8021XPaePortSessionEntry 2 } 1144 1145ieee8021XPaePortSessionOctetsTx OBJECT-TYPE 1146 SYNTAX Counter64 1147 UNITS "Octets" 1148 MAX-ACCESS read-only 1149 STATUS current 1150 DESCRIPTION 1151 "The number of octets transmitted in this session of this PAE. 1152 1153 Discontinuities in the value of this counter can occur at 1154 re-initialization of the management system, and at 1155 other times as indicated by the value of 1156 ieee8021XPaePortSessionStartTime." 1157 REFERENCE "802.1X Clause 12.5.1, Figure 12-3" 1158 ::= { ieee8021XPaePortSessionEntry 3 } 1159 1160ieee8021XPaePortSessionPktsRx OBJECT-TYPE 1161 SYNTAX Counter64 1162 UNITS "Packets" 1163 MAX-ACCESS read-only 1164 STATUS current 1165 DESCRIPTION 1166 "The number of packets received in this session of this PAE. 1167 1168 Discontinuities in the value of this counter can occur at 1169 re-initialization of the management system, and at 1170 other times as indicated by the value of 1171 ieee8021XPaePortSessionStartTime." 1172 REFERENCE "802.1X Clause 12.5.1, Figure 12-3" 1173 ::= { ieee8021XPaePortSessionEntry 4 } 1174 1175ieee8021XPaePortSessionPktsTx OBJECT-TYPE 1176 SYNTAX Counter64 1177 UNITS "Packets" 1178 MAX-ACCESS read-only 1179 STATUS current 1180 DESCRIPTION 1181 "The number of packets transmitted in this session of this PAE. 1182 1183 Discontinuities in the value of this counter can occur at 1184 re-initialization of the management system, and at 1185 other times as indicated by the value of 1186 ieee8021XPaePortSessionStartTime." 1187 REFERENCE "802.1X Clause 12.5.1, Figure 12-3" 1188 ::= { ieee8021XPaePortSessionEntry 5 } 1189 1190ieee8021XPaePortSessionId OBJECT-TYPE 1191 SYNTAX SnmpAdminString (SIZE (3..253)) 1192 MAX-ACCESS read-only 1193 STATUS current 1194 DESCRIPTION 1195 "The session identifier for this session of the PAE. A UTF-8 1196 string, uniquely identifying the session within the context of 1197 the PAE's system." 1198 REFERENCE "802.1X Clause 12.5.1, Figure 12-3" 1199 ::= { ieee8021XPaePortSessionEntry 6 } 1200 1201ieee8021XPaePortSessionStartTime OBJECT-TYPE 1202 SYNTAX TimeStamp 1203 MAX-ACCESS read-only 1204 STATUS current 1205 DESCRIPTION 1206 "The starting time of this session." 1207 REFERENCE "802.1X Clause 12.5.1, Figure 12-3" 1208 ::= { ieee8021XPaePortSessionEntry 7 } 1209 1210ieee8021XPaePortSessionIntervalTime OBJECT-TYPE 1211 SYNTAX TimeInterval 1212 MAX-ACCESS read-only 1213 STATUS current 1214 DESCRIPTION 1215 "The duration time of the session has been last." 1216 REFERENCE "802.1X Clause 12.5.1, Figure 12-3" 1217 ::= { ieee8021XPaePortSessionEntry 8 } 1218 1219ieee8021XPaePortSessionTerminate OBJECT-TYPE 1220 SYNTAX INTEGER { 1221 macOperFailed(1), 1222 sysAccessDisableOrPortInit(2), 1223 receiveEapolLogOff(3), 1224 eapReauthFailure(4), 1225 mkaFailure(5), 1226 newSessionBegin(6), 1227 notTerminateYet(7) 1228 } 1229 MAX-ACCESS read-only 1230 STATUS current 1231 DESCRIPTION 1232 "The reason for the session termination, one of the following : 1233 1234 'macOperFailed' : 'Common Port' for this PAE is not 1235 operational. 1236 1237 'sysAccessDisableOrPortInit' : The ieee8021XPaeSysAccessControl 1238 object is set to 'false' or initialization process of this 1239 PAE is invoked. 1240 1241 'receiveEapolLogOff' : The PAE has received EAPOL-Logoff 1242 frame. 1243 1244 'eapReauthFailure' : EAP reauthentication has failed. 1245 1246 'mkaFailure' : MKA failure or other MKA termination. 1247 1248 'newSessionBegin' : New session beginning. 1249 1250 'notTerminateYet' : Not Terminated Yet." 1251 REFERENCE "802.1X Clause 12.5.1, Figure 12-3" 1252 ::= { ieee8021XPaePortSessionEntry 9 } 1253 1254ieee8021XPaePortSessionUserName OBJECT-TYPE 1255 SYNTAX SnmpAdminString (SIZE (0..253)) 1256 MAX-ACCESS read-only 1257 STATUS current 1258 DESCRIPTION 1259 "The session user name for this session in the PAE. A UTF-8 1260 string, representing the identity of the peer Supplicant. 1261 1262 If no such information, zero length string will return." 1263 REFERENCE "802.1X Clause 12.5.1, Figure 12-3" 1264 ::= { ieee8021XPaePortSessionEntry 10 } 1265 1266 1267-- ------------------------------------------------------------------ -- 1268-- The 802.1X PAE Logon Process NID Table 1269-- ------------------------------------------------------------------ -- 1270 1271ieee8021XLogonNIDTable OBJECT-TYPE 1272 SYNTAX SEQUENCE OF Ieee8021XLogonNIDEntry 1273 MAX-ACCESS not-accessible 1274 STATUS current 1275 DESCRIPTION 1276 "The Logon Process may use Network Identities (NIDs) to manage 1277 its use of authentication credentials, cached CAKs, and 1278 announcements. This table provides the NID information for 1279 Logon Process. 1280 1281 For the writeable objects in this table, the configured value 1282 shall be stored in persistent memory and remain unchanged 1283 across a re-initialization of the management system of the 1284 entity." 1285 REFERENCE "802.1X Clause 12.5, Figure 12-3" 1286 ::= { ieee8021XPaeLogon 3 } 1287 1288ieee8021XLogonNIDEntry OBJECT-TYPE 1289 SYNTAX Ieee8021XLogonNIDEntry 1290 MAX-ACCESS not-accessible 1291 STATUS current 1292 DESCRIPTION 1293 "An entry provides the NID information for a Logon Process." 1294 INDEX { ieee8021XPaePortNumber } 1295 ::= { ieee8021XLogonNIDTable 1 } 1296 1297Ieee8021XLogonNIDEntry ::= SEQUENCE { 1298 ieee8021XLogonNIDConnectedNID Ieee8021XPaeNID, 1299 ieee8021XLogonNIDRequestedNID Ieee8021XPaeNIDOrNull, 1300 ieee8021XLogonNIDSelectedNID Ieee8021XPaeNIDOrNull 1301} 1302 1303ieee8021XLogonNIDConnectedNID OBJECT-TYPE 1304 SYNTAX Ieee8021XPaeNID 1305 MAX-ACCESS read-only 1306 STATUS current 1307 DESCRIPTION 1308 "The NID associated with the current connectivity (possibly 1309 unauthenticated) provided by the operation of the CP state 1310 machine. 1311 1312 This object can differ from both the ieee8021XLogonNIDSelectedNID and 1313 the ieee8021XLogonNIDRequestedNID objects in the same row if 1314 authenticated connectivity (either secure or unsecured) has 1315 already been established, and EAP authentication and MKA 1316 operation for both of the latter have not met the necessary 1317 conditions (as specified by the control variables unauthAllowed 1318 and unsecureAllowed)." 1319 REFERENCE "802.1X Clause 12.5, Figure 12-3" 1320 ::= { ieee8021XLogonNIDEntry 1 } 1321 1322ieee8021XLogonNIDRequestedNID OBJECT-TYPE 1323 SYNTAX Ieee8021XPaeNIDOrNull 1324 MAX-ACCESS read-only 1325 STATUS current 1326 DESCRIPTION 1327 "The NID marked as access requested in announcements, as 1328 determined from EAPOL-Start frames. The default of this object 1329 is as the configured value of object ieee8021XLogonNIDSelectedNID. 1330 1331 This object information provides context for the PAE's EAP 1332 Authenticator. If no EAPOL-Start frame has been received since 1333 the PAE's 'Common Port' became operational, or the last 1334 EAPOL-Start frame received for the port did not contain a 1335 requested NID, the object will take on the value of the object 1336 ieee8021XLogonNIDSelectedNID in the same row." 1337 REFERENCE "802.1X Clause 12.5, Figure 12-3" 1338 ::= { ieee8021XLogonNIDEntry 2 } 1339 1340ieee8021XLogonNIDSelectedNID OBJECT-TYPE 1341 SYNTAX Ieee8021XPaeNIDOrNull 1342 MAX-ACCESS read-write 1343 STATUS current 1344 DESCRIPTION 1345 "The NID currently configured for use by an access 'Controlled 1346 Port' when transmitting EAPOL-Start frames. The default of 1347 this object is empty string. 1348 1349 This object may be either explicitly configured by management 1350 or determined by the PAE using NID selection algorithms. If no 1351 authentication is in progress, and the current connectivity is 1352 terminated and then starts again, ieee8021XLogonNIDConnectedNID will 1353 take on the value of ieee8021XLogonNIDRequestedNID (though a PAE 1354 NID's election algorithm, if used, can subsequently select 1355 another NID)." 1356 REFERENCE "802.1X Clause 12.5, Figure 12-3" 1357 DEFVAL { "" } 1358 ::= { ieee8021XLogonNIDEntry 3 } 1359 1360 1361-- ------------------------------------------------------------------ -- 1362-- The PAE Authenticator Group 1363-- ------------------------------------------------------------------ -- 1364-- 1365-- ------------------------------------------------------------------ -- 1366-- The 802.1X PAE Authenticator Table 1367-- ------------------------------------------------------------------ -- 1368 1369ieee8021XAuthenticatorTable OBJECT-TYPE 1370 SYNTAX SEQUENCE OF Ieee8021XAuthenticatorEntry 1371 MAX-ACCESS not-accessible 1372 STATUS current 1373 DESCRIPTION 1374 "A table that contains the configuration objects for the 1375 Authenticator PAE associated with each port. This table will 1376 be instantiated if the object ieee8021XPaePortAuthenticatorEnable in 1377 the corresponding entry of the ieee8021XPaePortTable is 'true'. 1378 1379 For the writeable objects in this table, the configured value 1380 shall be stored in persistent memory and remain unchanged 1381 across a re-initialization of the management system of the 1382 entity." 1383 REFERENCE "802.1X Clause 8, Figure 12-3" 1384 ::= { ieee8021XPaeAuthenticator 1 } 1385 1386ieee8021XAuthenticatorEntry OBJECT-TYPE 1387 SYNTAX Ieee8021XAuthenticatorEntry 1388 MAX-ACCESS not-accessible 1389 STATUS current 1390 DESCRIPTION 1391 "An entry that contains the Authenticator configuration objects 1392 for the PAE." 1393 INDEX { ieee8021XPaePortNumber } 1394 ::= { ieee8021XAuthenticatorTable 1 } 1395 1396Ieee8021XAuthenticatorEntry ::= SEQUENCE { 1397 ieee8021XAuthPaeAuthenticate TruthValue, 1398 ieee8021XAuthPaeAuthenticated TruthValue, 1399 ieee8021XAuthPaeFailed TruthValue, 1400 ieee8021XAuthPaeReAuthEnabled TruthValue, 1401 ieee8021XAuthPaeQuietPeriod Unsigned32, 1402 ieee8021XAuthPaeReauthPeriod Unsigned32, 1403 ieee8021XAuthPaeRetryMax Unsigned32, 1404 ieee8021XAuthPaeRetryCount Gauge32 1405} 1406 1407ieee8021XAuthPaeAuthenticate OBJECT-TYPE 1408 SYNTAX TruthValue 1409 MAX-ACCESS read-only 1410 STATUS current 1411 DESCRIPTION 1412 "This object will be set 'true' by the PAE authenticator to 1413 request authentication, and if this object is 'true', 1414 reauthentication is allowed. 1415 1416 This object will be 'false' while the PAE authenticator revokes 1417 authentication." 1418 REFERENCE "IEEE 802.1X Clause 8, Figure 12-3" 1419 ::= { ieee8021XAuthenticatorEntry 1 } 1420 1421ieee8021XAuthPaeAuthenticated OBJECT-TYPE 1422 SYNTAX TruthValue 1423 MAX-ACCESS read-only 1424 STATUS current 1425 DESCRIPTION 1426 "This object will be set 'true' by PACP if the PAE authenticator 1427 currently authenticated, and 'false' if the authentication 1428 fails or is revoked." 1429 REFERENCE "IEEE 802.1X Clause 8, Figure 12-3" 1430 ::= { ieee8021XAuthenticatorEntry 2 } 1431 1432ieee8021XAuthPaeFailed OBJECT-TYPE 1433 SYNTAX TruthValue 1434 MAX-ACCESS read-only 1435 STATUS current 1436 DESCRIPTION 1437 "This object will be set 'true' by PACP if the authentication 1438 has failed or has been terminated. The cause could be a 1439 failure returned by EAP, either immediately or following a 1440 reauthentication, an excessive number of attempts to 1441 authenticate (either immediately or upon reauthentication), or 1442 the authenticator deasserting authenticate, the object 1443 authPaeAuthenticate in the same row is 'false'. The PACP 1444 will set the object authPaeAuthenticated false as well as 1445 setting the object 'true'." 1446 REFERENCE "IEEE 802.1X Clause 8, Figure 12-3" 1447 ::= { ieee8021XAuthenticatorEntry 3 } 1448 1449ieee8021XAuthPaeReAuthEnabled OBJECT-TYPE 1450 SYNTAX TruthValue 1451 MAX-ACCESS read-write 1452 STATUS current 1453 DESCRIPTION 1454 "This object is set 'true' if PACP should initiate 1455 reauthentication periodically, 'false' otherwise . Reading 1456 this object always returns 'false'." 1457 REFERENCE "IEEE 802.1X Clause 8.9, Figure 12-3" 1458 ::= { ieee8021XAuthenticatorEntry 4 } 1459 1460ieee8021XAuthPaeQuietPeriod OBJECT-TYPE 1461 SYNTAX Unsigned32 (0..65535) 1462 UNITS "seconds" 1463 MAX-ACCESS read-write 1464 STATUS current 1465 DESCRIPTION 1466 "This object indicates a waiting period after a failed 1467 authentication attempt, before another attempt is permitted." 1468 REFERENCE "IEEE 802.1X Clause 8.6, Figure 12-3" 1469 DEFVAL { 60 } 1470 ::= { ieee8021XAuthenticatorEntry 5 } 1471 1472ieee8021XAuthPaeReauthPeriod OBJECT-TYPE 1473 SYNTAX Unsigned32 (0..65535) 1474 UNITS "seconds" 1475 MAX-ACCESS read-write 1476 STATUS current 1477 DESCRIPTION 1478 "This object indicates the time period of the reauthentication 1479 to the supplicant." 1480 REFERENCE "IEEE 802.1X Clause 8.6, Figure 12-3" 1481 DEFVAL { 3600 } 1482 ::= { ieee8021XAuthenticatorEntry 6 } 1483 1484ieee8021XAuthPaeRetryMax OBJECT-TYPE 1485 SYNTAX Unsigned32 1486 UNITS "times" 1487 MAX-ACCESS read-write 1488 STATUS current 1489 DESCRIPTION 1490 "The maximum number of authentication attempts before failure is 1491 reported to the Logon Process, and the authPaeQuietPeriod 1492 timer imposed before further attempts are permitted." 1493 REFERENCE "IEEE 802.1X Clause 8.9, Figure 12-3" 1494 DEFVAL { 2 } 1495 ::= { ieee8021XAuthenticatorEntry 7 } 1496 1497ieee8021XAuthPaeRetryCount OBJECT-TYPE 1498 SYNTAX Gauge32 1499 UNITS "times" 1500 MAX-ACCESS read-only 1501 STATUS current 1502 DESCRIPTION 1503 "The count of the number of authentication attempts." 1504 REFERENCE "IEEE 802.1X Clause 8.9" 1505 ::= { ieee8021XAuthenticatorEntry 8 } 1506 1507 1508-- ------------------------------------------------------------------ -- 1509-- The 802.1X PAE Supplicant Group 1510-- ------------------------------------------------------------------ -- 1511-- 1512-- ------------------------------------------------------------------ -- 1513-- The 802.1X PAE Supplicant Table 1514-- ------------------------------------------------------------------ -- 1515 1516ieee8021XSupplicantTable OBJECT-TYPE 1517 SYNTAX SEQUENCE OF Ieee8021XSupplicantEntry 1518 MAX-ACCESS not-accessible 1519 STATUS current 1520 DESCRIPTION 1521 "A table that contains the configuration objects for the 1522 Supplicant PAE associated with each port. 1523 1524 For the writeable objects in this table, the configured value 1525 shall be stored in persistent memory and remain unchanged 1526 across a re-initialization of the management system of the 1527 entity." 1528 REFERENCE "802.1X Clause 8, Figure 8-6, Figure 12-3" 1529 ::= { ieee8021XPaeSupplicant 1 } 1530 1531ieee8021XSupplicantEntry OBJECT-TYPE 1532 SYNTAX Ieee8021XSupplicantEntry 1533 MAX-ACCESS not-accessible 1534 STATUS current 1535 DESCRIPTION 1536 "The configuration information for an Supplicant PAE." 1537 INDEX { ieee8021XPaePortNumber } 1538 ::= { ieee8021XSupplicantTable 1 } 1539 1540Ieee8021XSupplicantEntry ::= SEQUENCE { 1541 ieee8021XSuppPaeAuthenticate TruthValue, 1542 ieee8021XSuppPaeAuthenticated TruthValue, 1543 ieee8021XSuppPaeFailed TruthValue, 1544 ieee8021XSuppPaeHelloPeriod Unsigned32, 1545 ieee8021XSuppPaeRetryMax Unsigned32, 1546 ieee8021XSuppPaeRetryCount Gauge32 1547} 1548 1549ieee8021XSuppPaeAuthenticate OBJECT-TYPE 1550 SYNTAX TruthValue 1551 MAX-ACCESS read-only 1552 STATUS current 1553 DESCRIPTION 1554 "This object will be set 'true' by the PAE supplicant to request 1555 authentication, and if this object is 'true', reauthentication 1556 is allowed. 1557 1558 This object will be 'false' while the PAE supplicant revokes 1559 authentication." 1560 REFERENCE "IEEE 802.1X Clause 8.4, Figure 8-6, Figure 12-3" 1561 ::= { ieee8021XSupplicantEntry 1 } 1562 1563ieee8021XSuppPaeAuthenticated OBJECT-TYPE 1564 SYNTAX TruthValue 1565 MAX-ACCESS read-only 1566 STATUS current 1567 DESCRIPTION 1568 "This object will be set 'true' by PACP if the PAE supplicant 1569 currently authenticated, and 'false' if the authentication 1570 fails or is revoked." 1571 REFERENCE "IEEE 802.1X Clause 8.4, Figure 8-6, Figure 12-3" 1572 ::= { ieee8021XSupplicantEntry 2 } 1573 1574ieee8021XSuppPaeFailed OBJECT-TYPE 1575 SYNTAX TruthValue 1576 MAX-ACCESS read-only 1577 STATUS current 1578 DESCRIPTION 1579 "This object will be set 'true' by PACP if the authentication 1580 has failed or has been terminated. The cause could be a 1581 failure returned by EAP, either immediately or following a 1582 reauthentication, an excessive number of attempts to 1583 authenticate (either immediately or upon reauthentication), or 1584 the supplicant deasserting authenticate, the object 1585 ieee8021XSuppPaeAuthenticate in the same row is 'false'. The PACP 1586 will set the object ieee8021XSuppPaeAuthenticated false as well as 1587 setting the object 'true'." 1588 REFERENCE "IEEE 802.1X Clause 8.4, Figure 8-6, Figure 12-3" 1589 ::= { ieee8021XSupplicantEntry 3 } 1590 1591ieee8021XSuppPaeHelloPeriod OBJECT-TYPE 1592 SYNTAX Unsigned32 (0..65535) 1593 UNITS "seconds" 1594 MAX-ACCESS read-write 1595 STATUS current 1596 DESCRIPTION 1597 "This object indicated a waiting time period after a failed 1598 authentication attempt, before another attempt is permitted." 1599 REFERENCE "IEEE 802.1X Clause 8.6, Figure 8-6, Figure 12-3" 1600 DEFVAL { 60 } 1601 ::= { ieee8021XSupplicantEntry 4 } 1602 1603ieee8021XSuppPaeRetryMax OBJECT-TYPE 1604 SYNTAX Unsigned32 1605 UNITS "times" 1606 MAX-ACCESS read-write 1607 STATUS current 1608 DESCRIPTION 1609 "The maximum number of authentication attempts before failure is 1610 reported to the Logon Process, and the ieee8021XSuppPaeHelloPeriod 1611 timer imposed before further attempts are permitted." 1612 REFERENCE "IEEE 802.1X Clause 8.7, Figure 8-6, Figure 12-3" 1613 DEFVAL { 2 } 1614 ::= { ieee8021XSupplicantEntry 5 } 1615 1616ieee8021XSuppPaeRetryCount OBJECT-TYPE 1617 SYNTAX Gauge32 1618 UNITS "times" 1619 MAX-ACCESS read-only 1620 STATUS current 1621 DESCRIPTION 1622 "The count of the number of authentication attempts." 1623 REFERENCE "IEEE 802.1X Clause 8.7, Figure 8-6, Figure 12-3" 1624 ::= { ieee8021XSupplicantEntry 6 } 1625 1626 1627-- ------------------------------------------------------------------ -- 1628-- The 802.1X PAE EAPOL Statistics Table 1629-- ------------------------------------------------------------------ -- 1630 1631ieee8021XEapolStatsTable OBJECT-TYPE 1632 SYNTAX SEQUENCE OF Ieee8021XEapolStatsEntry 1633 MAX-ACCESS not-accessible 1634 STATUS current 1635 DESCRIPTION 1636 "A table in system level contains the EAPOL statistics and 1637 diagnostics information supported by PAE." 1638 REFERENCE "802.1X Clause 12.8, Figure 12-3" 1639 ::= { ieee8021XPaeEapol 1 } 1640 1641ieee8021XEapolStatsEntry OBJECT-TYPE 1642 SYNTAX Ieee8021XEapolStatsEntry 1643 MAX-ACCESS not-accessible 1644 STATUS current 1645 DESCRIPTION 1646 "An entry contains the EAPOL statistics and diagnostics 1647 information for a PAE." 1648 INDEX { ieee8021XPaePortNumber } 1649 ::= { ieee8021XEapolStatsTable 1 } 1650 1651Ieee8021XEapolStatsEntry ::= SEQUENCE { 1652 ieee8021XEapolInvalidFramesRx Counter32, 1653 ieee8021XEapolEapLengthErrorFramesRx Counter32, 1654 ieee8021XEapolAnnouncementFramesRx Counter32, 1655 ieee8021XEapolAnnouncementReqFramesRx Counter32, 1656 ieee8021XEapolPortUnavailableFramesRx Counter32, 1657 ieee8021XEapolStartFramesRx Counter32, 1658 ieee8021XEapolEapFramesRx Counter32, 1659 ieee8021XEapolLogoffFramesRx Counter32, 1660 ieee8021XEapolMkNoCknFramesRx Counter32, 1661 ieee8021XEapolMkInvalidFramesRx Counter32, 1662 ieee8021XEapolLastRxFrameVersion Unsigned32, 1663 ieee8021XEapolLastRxFrameSource MacAddress, 1664 ieee8021XEapolSuppEapFramesTx Counter32, 1665 ieee8021XEapolLogoffFramesTx Counter32, 1666 ieee8021XEapolAnnouncementFramesTx Counter32, 1667 ieee8021XEapolAnnouncementReqFramesTx Counter32, 1668 ieee8021XEapolStartFramesTx Counter32, 1669 ieee8021XEapolAuthEapFramesTx Counter32, 1670 ieee8021XEapolMkaFramesTx Counter32 1671} 1672 1673ieee8021XEapolInvalidFramesRx OBJECT-TYPE 1674 SYNTAX Counter32 1675 UNITS "Packets" 1676 MAX-ACCESS read-only 1677 STATUS current 1678 DESCRIPTION 1679 "The number of invalid EAPOL frames of any type that have been 1680 received by this PAE." 1681 REFERENCE "802.1X Clause 12.8.1, Figure 12-3" 1682 ::= { ieee8021XEapolStatsEntry 1 } 1683 1684ieee8021XEapolEapLengthErrorFramesRx OBJECT-TYPE 1685 SYNTAX Counter32 1686 UNITS "Packets" 1687 MAX-ACCESS read-only 1688 STATUS current 1689 DESCRIPTION 1690 "The number of EAPOL frames that the Packet Body Length does not 1691 match a Packet Body that is contained within the octets of the 1692 received EAPOL MPDU in this PAE." 1693 REFERENCE "802.1X Clause 12.8.1, Figure 12-3" 1694 ::= { ieee8021XEapolStatsEntry 2 } 1695 1696ieee8021XEapolAnnouncementFramesRx OBJECT-TYPE 1697 SYNTAX Counter32 1698 UNITS "Packets" 1699 MAX-ACCESS read-only 1700 STATUS current 1701 DESCRIPTION 1702 "The number of EAPOL-Announcement frames that have been received 1703 by this PAE." 1704 REFERENCE "802.1X Clause 12.8.1, Figure 12-3" 1705 ::= { ieee8021XEapolStatsEntry 3 } 1706 1707ieee8021XEapolAnnouncementReqFramesRx OBJECT-TYPE 1708 SYNTAX Counter32 1709 UNITS "Packets" 1710 MAX-ACCESS read-only 1711 STATUS current 1712 DESCRIPTION 1713 "The number of EAPOL-Announcement-Req frames that have been 1714 received by this PAE." 1715 REFERENCE "802.1X Clause 12.8.1, Figure 12-3" 1716 ::= { ieee8021XEapolStatsEntry 4 } 1717 1718ieee8021XEapolPortUnavailableFramesRx OBJECT-TYPE 1719 SYNTAX Counter32 1720 UNITS "Packets" 1721 MAX-ACCESS read-only 1722 STATUS current 1723 DESCRIPTION 1724 "The number of EAPOL frames that are discarded because their 1725 processing would require the creation of a virtual port, for 1726 which there are inadequate or constrained resources, or an 1727 existing virtual port and no such port currently exists. If 1728 virtual port is not supported, this object should be always 0." 1729 REFERENCE "802.1X Clause 12.8.1, Figure 12-3" 1730 ::= { ieee8021XEapolStatsEntry 5 } 1731 1732ieee8021XEapolStartFramesRx OBJECT-TYPE 1733 SYNTAX Counter32 1734 UNITS "Packets" 1735 MAX-ACCESS read-only 1736 STATUS current 1737 DESCRIPTION 1738 "The number of EAPOL-Start frames that have been received by 1739 this PAE." 1740 REFERENCE "802.1X Clause 12.8.1, Figure 12-3" 1741 ::= { ieee8021XEapolStatsEntry 6 } 1742 1743ieee8021XEapolEapFramesRx OBJECT-TYPE 1744 SYNTAX Counter32 1745 UNITS "Packets" 1746 MAX-ACCESS read-only 1747 STATUS current 1748 DESCRIPTION 1749 "The number of EAPOL-EAP frames that have been received by 1750 this PAE." 1751 REFERENCE "802.1X Clause 12.8.1, Figure 12-3" 1752 ::= { ieee8021XEapolStatsEntry 7 } 1753 1754ieee8021XEapolLogoffFramesRx OBJECT-TYPE 1755 SYNTAX Counter32 1756 UNITS "Packets" 1757 MAX-ACCESS read-only 1758 STATUS current 1759 DESCRIPTION 1760 "The number of EAPOL-Logoff frames that have been received by 1761 this PAE." 1762 REFERENCE "802.1X Clause 12.8.1, Figure 12-3" 1763 ::= { ieee8021XEapolStatsEntry 8 } 1764 1765ieee8021XEapolMkNoCknFramesRx OBJECT-TYPE 1766 SYNTAX Counter32 1767 UNITS "Packets" 1768 MAX-ACCESS read-only 1769 STATUS current 1770 DESCRIPTION 1771 "The number of MKPDUs received with MKA not enabled or CKN not 1772 recognized in this PAE." 1773 REFERENCE "802.1X Clause 12.8.1, Figure 12-3" 1774 ::= { ieee8021XEapolStatsEntry 9 } 1775 1776ieee8021XEapolMkInvalidFramesRx OBJECT-TYPE 1777 SYNTAX Counter32 1778 UNITS "Packets" 1779 MAX-ACCESS read-only 1780 STATUS current 1781 DESCRIPTION 1782 "The number of MKPDUs failing in message authentication on 1783 receipt process in this PAE." 1784 REFERENCE "802.1X Clause 12.8.1, Figure 12-3" 1785 ::= { ieee8021XEapolStatsEntry 10 } 1786 1787ieee8021XEapolLastRxFrameVersion OBJECT-TYPE 1788 SYNTAX Unsigned32 1789 MAX-ACCESS read-only 1790 STATUS current 1791 DESCRIPTION 1792 "The version of last received EAPOL frame by this PAE." 1793 REFERENCE "802.1X Clause 12.8.2, Figure 12-3" 1794 ::= { ieee8021XEapolStatsEntry 11 } 1795 1796ieee8021XEapolLastRxFrameSource OBJECT-TYPE 1797 SYNTAX MacAddress 1798 MAX-ACCESS read-only 1799 STATUS current 1800 DESCRIPTION 1801 "The source MAC address of last received EAPOL frame by this 1802 PAE." 1803 REFERENCE "802.1X Clause 12.8.2, Figure 12-3" 1804 ::= { ieee8021XEapolStatsEntry 12 } 1805 1806ieee8021XEapolSuppEapFramesTx OBJECT-TYPE 1807 SYNTAX Counter32 1808 UNITS "Packets" 1809 MAX-ACCESS read-only 1810 STATUS current 1811 DESCRIPTION 1812 "The number of EAPOL-EAP frames that have been transmitted by 1813 the supplicant of this PAE." 1814 REFERENCE "802.1X Clause 12.8.3, Figure 12-3" 1815 ::= { ieee8021XEapolStatsEntry 13 } 1816 1817ieee8021XEapolLogoffFramesTx OBJECT-TYPE 1818 SYNTAX Counter32 1819 UNITS "Packets" 1820 MAX-ACCESS read-only 1821 STATUS current 1822 DESCRIPTION 1823 "The number of EAPOL-Logoff frames that have been transmitted by 1824 this PAE." 1825 REFERENCE "802.1X Clause 12.8.3, Figure 12-3" 1826 ::= { ieee8021XEapolStatsEntry 14 } 1827 1828ieee8021XEapolAnnouncementFramesTx OBJECT-TYPE 1829 SYNTAX Counter32 1830 UNITS "Packets" 1831 MAX-ACCESS read-only 1832 STATUS current 1833 DESCRIPTION 1834 "The number of EAPOL-Announcement frames that have been 1835 transmitted by this PAE." 1836 REFERENCE "802.1X Clause 12.8.3, Figure 12-3" 1837 ::= { ieee8021XEapolStatsEntry 15 } 1838 1839ieee8021XEapolAnnouncementReqFramesTx OBJECT-TYPE 1840 SYNTAX Counter32 1841 UNITS "Packets" 1842 MAX-ACCESS read-only 1843 STATUS current 1844 DESCRIPTION 1845 "The number of EAPOL-Announcement-Req frames that have been 1846 transmitted by this PAE." 1847 REFERENCE "802.1X Clause 12.8.3, Figure 12-3" 1848 ::= { ieee8021XEapolStatsEntry 16 } 1849 1850ieee8021XEapolStartFramesTx OBJECT-TYPE 1851 SYNTAX Counter32 1852 UNITS "Packets" 1853 MAX-ACCESS read-only 1854 STATUS current 1855 DESCRIPTION 1856 "The number of EAPOL-Start frames that have been received by 1857 this PAE." 1858 REFERENCE "802.1X Clause 12.8.3, Figure 12-3" 1859 ::= { ieee8021XEapolStatsEntry 17 } 1860 1861ieee8021XEapolAuthEapFramesTx OBJECT-TYPE 1862 SYNTAX Counter32 1863 UNITS "Packets" 1864 MAX-ACCESS read-only 1865 STATUS current 1866 DESCRIPTION 1867 "The number of EAPOL-EAP frames that have been transmitted by 1868 the authenticator of this PAE." 1869 REFERENCE "802.1X Clause 12.8.3, Figure 12-3" 1870 ::= { ieee8021XEapolStatsEntry 18 } 1871 1872ieee8021XEapolMkaFramesTx OBJECT-TYPE 1873 SYNTAX Counter32 1874 UNITS "Packets" 1875 MAX-ACCESS read-only 1876 STATUS current 1877 DESCRIPTION 1878 "The number of EAPOL-MKA frames with no CKN information that 1879 have been transmitted by this PAE." 1880 REFERENCE "802.1X Clause 12.8.3, Figure 12-3" 1881 ::= { ieee8021XEapolStatsEntry 19 } 1882 1883 1884-- ------------------------------------------------------------------ -- 1885-- The 802.1X PAE KaY Group 1886-- ------------------------------------------------------------------ -- 1887-- 1888-- ------------------------------------------------------------------ -- 1889-- The 802.1X PAE KaY Table 1890-- ------------------------------------------------------------------ -- 1891 1892ieee8021XKayMkaTable OBJECT-TYPE 1893 SYNTAX SEQUENCE OF Ieee8021XKayMkaEntry 1894 MAX-ACCESS not-accessible 1895 STATUS current 1896 DESCRIPTION 1897 "A table of system level information for each interface 1898 supported by the KaY (Key Agreement Entity). This table will 1899 be instantiated if the object ieee8021XPaePortKayMkaEnable in 1900 the corresponding entry of the ieee8021XPaePortTable is 'true'. 1901 1902 The following terms are used to identify roles within the MKA 1903 protocol or protocol scenarios and the MIB description : 1904 1905 participant : An instance of MKA, transmitting and receiving 1906 frames protected by keys derived from a single CAK, and 1907 operating with positive intent, obeying the protocol. 1908 1909 member: A participant that possesses the CAK that can be used 1910 to prove liveness and to obtain membership in the CA under 1911 discussion. 1912 1913 actor: The participant under discussion, usually in the KaY 1914 being described. 1915 1916 partners: Participants or members attached to the same LAN as 1917 the actor, excluding the actor. 1918 1919 principal actor: The actor controlling the PAC or SecY 1920 associated with the KaY. 1921 1922 Each participant selects the live participant advertising the 1923 highest priority as its key server provided that participant 1924 has not selected another as its key server or is unwilling to 1925 act as the key server. If a key server cannot be selected SAKs 1926 are not distributed. In the event of a tie for highest 1927 priority key server, the member with the highest priority SCI 1928 is chosen. For consistency with other uses of the SCI's MAC 1929 Address component as a priority, numerically lower values of 1930 the key server priority and SCI are accorded the highest 1931 priority. 1932 1933 For the writeable objects in this table, the configured value 1934 shall be stored in persistent memory and remain unchanged 1935 across a re-initialization of the management system of the 1936 entity." 1937 REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" 1938 ::= { ieee8021XPaeKaY 1 } 1939 1940ieee8021XKayMkaEntry OBJECT-TYPE 1941 SYNTAX Ieee8021XKayMkaEntry 1942 MAX-ACCESS not-accessible 1943 STATUS current 1944 DESCRIPTION 1945 "An entry containing KaY MKA management information applicable 1946 to a particular interface." 1947 INDEX { ieee8021XPaePortNumber } 1948 ::= { ieee8021XKayMkaTable 1 } 1949 1950Ieee8021XKayMkaEntry ::= SEQUENCE { 1951 ieee8021XKayMkaActive 1952 TruthValue, 1953 ieee8021XKayMkaAuthenticated 1954 TruthValue, 1955 ieee8021XKayMkaSecured 1956 TruthValue, 1957 ieee8021XKayMkaFailed 1958 TruthValue, 1959 ieee8021XKayMkaActorSCI 1960 SecySCI, 1961 ieee8021XKayMkaActorsPriority 1962 Ieee8021XMkaKeyServerPriority, 1963 ieee8021XKayMkaKeyServerPriority 1964 Ieee8021XMkaKeyServerPriority, 1965 ieee8021XKayMkaKeyServerSCI 1966 SecySCI, 1967 ieee8021XKayAllowedJoinGroup 1968 TruthValue, 1969 ieee8021XKayAllowedFormGroup 1970 TruthValue, 1971 ieee8021XKayCreateNewGroup 1972 TruthValue, 1973 ieee8021XKayMacSecCapability 1974 INTEGER, 1975 ieee8021XKayMacSecDesired 1976 TruthValue, 1977 ieee8021XKayMacSecProtect 1978 TruthValue, 1979 ieee8021XKayMacSecReplayProtect 1980 TruthValue, 1981 ieee8021XKayMacSecValidate 1982 TruthValue, 1983 ieee8021XKayMacSecConfidentialityOffset 1984 Integer32, 1985 ieee8021XKayMkaTxKN 1986 Ieee8021XMkaKN, 1987 ieee8021XKayMkaTxAN 1988 RowPointer, 1989 ieee8021XKayMkaRxKN 1990 Ieee8021XMkaKN, 1991 ieee8021XKayMkaRxAN 1992 RowPointer, 1993 ieee8021XKayMkaSuspendFor 1994 INTEGER, 1995 ieee8021XKayMkaSuspendOnRequest 1996 TruthValue, 1997 ieee8021XKayMkaSuspendedWhile 1998 INTEGER 1999} 2000 2001ieee8021XKayMkaActive OBJECT-TYPE 2002 SYNTAX TruthValue 2003 MAX-ACCESS read-only 2004 STATUS current 2005 DESCRIPTION 2006 "This object will be 'true' if there is at least one MKA active 2007 actor, transmitting MKPDUs" 2008 REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" 2009 ::= { ieee8021XKayMkaEntry 1 } 2010 2011ieee8021XKayMkaAuthenticated OBJECT-TYPE 2012 SYNTAX TruthValue 2013 MAX-ACCESS read-only 2014 STATUS current 2015 DESCRIPTION 2016 "This object will be 'true' if the principal actor, 2017 i.e. the actor controlling the PAC or SecY associated with 2018 the KaY, has determined that Controlled Port communication 2019 communication should proceed without MACsec." 2020 REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" 2021 ::= { ieee8021XKayMkaEntry 2 } 2022 2023ieee8021XKayMkaSecured OBJECT-TYPE 2024 SYNTAX TruthValue 2025 MAX-ACCESS read-only 2026 STATUS current 2027 DESCRIPTION 2028 "This object will be 'true' if the principal actor has 2029 determined that communication should use MACsec." 2030 REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" 2031 ::= { ieee8021XKayMkaEntry 3 } 2032 2033ieee8021XKayMkaFailed OBJECT-TYPE 2034 SYNTAX TruthValue 2035 MAX-ACCESS read-only 2036 STATUS current 2037 DESCRIPTION 2038 "This object will be 'true' if the object 2039 ieee8021XKayMkaSecured in 2040 the same row is 'false' and MKA Life Time has elapsed since an 2041 MKA participant was last created." 2042 REFERENCE "IEEE 802.1X Clause 9.16, Table 9-3, Figure 12-3" 2043 ::= { ieee8021XKayMkaEntry 4 } 2044 2045ieee8021XKayMkaActorSCI OBJECT-TYPE 2046 SYNTAX SecySCI 2047 MAX-ACCESS read-only 2048 STATUS current 2049 DESCRIPTION 2050 "The SCI assigned by the system to the port, applies to all the 2051 port's MKA actors." 2052 REFERENCE 2053 "IEEE 802.1X Clause 9.16, Figure 12-3 2054 IEEE 802.1AE Clause 7.1.2, 10.7.1" 2055 ::= { ieee8021XKayMkaEntry 5 } 2056 2057ieee8021XKayMkaActorsPriority OBJECT-TYPE 2058 SYNTAX Ieee8021XMkaKeyServerPriority 2059 MAX-ACCESS read-write 2060 STATUS current 2061 DESCRIPTION 2062 "The Key Server priority for all the port's MKA actors. Each 2063 participant encodes a key server priority, an 8-bit integer, in 2064 each MKPDU." 2065 REFERENCE "IEEE 802.1X Clause 9.16, Table 9-2, Figure 12-3" 2066 ::= { ieee8021XKayMkaEntry 6 } 2067 2068ieee8021XKayMkaKeyServerPriority OBJECT-TYPE 2069 SYNTAX Ieee8021XMkaKeyServerPriority 2070 MAX-ACCESS read-only 2071 STATUS current 2072 DESCRIPTION 2073 "The priority of the elected Key Server through MKA in the CA." 2074 REFERENCE "IEEE 802.1X Clause 9.16, Table 9-2, Figure 12-3" 2075 ::= { ieee8021XKayMkaEntry 7 } 2076 2077ieee8021XKayMkaKeyServerSCI OBJECT-TYPE 2078 SYNTAX SecySCI 2079 MAX-ACCESS read-only 2080 STATUS current 2081 DESCRIPTION 2082 "The SCI for key server for the MKA principal actor. The length 2083 of this object is 0 if there is no principal actor, or that 2084 actor has no live peers. This object matches the 2085 ieee8021XKayMkaActorSCI object in the same row if the actor is 2086 the key server." 2087 REFERENCE 2088 "IEEE 802.1X Clause 9.16, Figure 12-3 2089 IEEE 802.1AE Clause 7.1.2, 10.7.1" 2090 ::= { ieee8021XKayMkaEntry 8 } 2091 2092ieee8021XKayAllowedJoinGroup OBJECT-TYPE 2093 SYNTAX TruthValue 2094 MAX-ACCESS read-only 2095 STATUS current 2096 DESCRIPTION 2097 "This object will be 'true' if the KaY will accept Group CAKs 2098 distributed by MKA protocol." 2099 REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" 2100 ::= { ieee8021XKayMkaEntry 9 } 2101 2102ieee8021XKayAllowedFormGroup OBJECT-TYPE 2103 SYNTAX TruthValue 2104 MAX-ACCESS read-only 2105 STATUS current 2106 DESCRIPTION 2107 "This object will be 'true' if the KaY will attempt to use 2108 point-to-point CAKs to distribute a group CAK, if it is the 2109 Key Server for the MKA instances for all the point-to-point CAKs." 2110 REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" 2111 ::= { ieee8021XKayMkaEntry 10 } 2112 2113ieee8021XKayCreateNewGroup OBJECT-TYPE 2114 SYNTAX TruthValue 2115 MAX-ACCESS read-write 2116 STATUS current 2117 DESCRIPTION 2118 "This object is set 'true' if a new Group CAK is to be 2119 distributed if the KaY is the Key Server for the MKA instances 2120 for all the point-to-point CAKs. This object will be set 'false' 2121 by the KaY when distribution is complete." 2122 REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" 2123 ::= { ieee8021XKayMkaEntry 11 } 2124 2125ieee8021XKayMacSecCapability OBJECT-TYPE 2126 SYNTAX INTEGER { 2127 noMACsec(0), 2128 macSecCapability1(1), 2129 macSecCapability2(2), 2130 macSecCapability3(3) 2131 } 2132 MAX-ACCESS read-only 2133 STATUS current 2134 DESCRIPTION 2135 "This object indicates whether MACsec is implemented, and if so 2136 whether the implementation provides integrity protection only, 2137 integrity and integrity with confidentiality, or integrity and 2138 integrity with confidentiality with a selectable confidentiality offset 2139 of 0, 30, or 50 octets (see IEEE Std 802.1AE). 2140 2141 'noMACsec' : the MACsec is not implemented. 2142 2143 'macSecCapability1' : capable in 'integrity protection without 2144 confidentiality'. 2145 2146 'macSecCapability2' : capable in 'integrity protection without 2147 confidentiality' and integrity protection and confidentiali 2148 with a confidentiality offset 0',. 2149 2150 'macSecCapability3' : capable in 'integrity protection without 2151 confidentiality' and integrity protection and confidentiali 2152 with a confidentiality offset 0, 30 or 50'." 2153 REFERENCE 2154 "IEEE 802.1X Clause 9.6.1, Clause 9.16, Figure 12-3, Table 11-6" 2155 ::= { ieee8021XKayMkaEntry 12 } 2156 2157ieee8021XKayMacSecDesired OBJECT-TYPE 2158 SYNTAX TruthValue 2159 MAX-ACCESS read-write 2160 STATUS current 2161 DESCRIPTION 2162 "This object will be set 'true' if the MKA participants desire 2163 the use of MACsec to protect frames with this KaY." 2164 REFERENCE 2165 "IEEE 802.1X Clause 9.6.1, Clause 9.16, Figure 12-3" 2166 ::= { ieee8021XKayMkaEntry 13 } 2167 2168ieee8021XKayMacSecProtect OBJECT-TYPE 2169 SYNTAX TruthValue 2170 MAX-ACCESS read-only 2171 STATUS current 2172 DESCRIPTION 2173 "The status of the MACsec protection function for this KaY. 2174 2175 'true' : then the status of the MACsec protection function will 2176 be as object secyIfProtectFramesEnable object configured 2177 in the IEEE8021-SECY-MIB. 2178 'false' : then the MACsec protection function is disabled by 2179 this KaY." 2180 REFERENCE 2181 "IEEE 802.1X Clause 9.6.1, Clause 9.16, Figure 12-2, 2182 Figure 12-3, IEEE 802.1AE IEEE8021-SECY-MIB" 2183 ::= { ieee8021XKayMkaEntry 14 } 2184 2185ieee8021XKayMacSecReplayProtect OBJECT-TYPE 2186 SYNTAX TruthValue 2187 MAX-ACCESS read-only 2188 STATUS current 2189 DESCRIPTION 2190 "The status of the MACsec replay protection function for this 2191 KaY. 2192 2193 'true' : then the status of the MACsec replay protection 2194 function will be as secyIfReplayProtectEnable object 2195 configured in the IEEE8021-SECY-MIB. 2196 'false' : then the MACsec replay protection function is 2197 disabled by this KaY." 2198 REFERENCE 2199 "IEEE 802.1X Clause 9.6.1, Clause 9.16, Figure 12-2, 2200 Figure 12-3" 2201 ::= { ieee8021XKayMkaEntry 15 } 2202 2203ieee8021XKayMacSecValidate OBJECT-TYPE 2204 SYNTAX TruthValue 2205 MAX-ACCESS read-only 2206 STATUS current 2207 DESCRIPTION 2208 "The status of the MACsec validation function for this KaY. 2209 2210 'true' : then the status of the MACsec validation function 2211 will be as secyIfValidateFrames object configured in the 2212 IEEE8021-SECY-MIB. 2213 'false' : then the MACsec validation function is enabled but 2214 only for checking without filtering out invalid frames by 2215 the SecY." 2216 REFERENCE 2217 "IEEE 802.1X Clause 9.6.1, Clause 9.16, Figure 12-2, 2218 Figure 12-3" 2219 ::= { ieee8021XKayMkaEntry 16 } 2220 2221ieee8021XKayMacSecConfidentialityOffset OBJECT-TYPE 2222 SYNTAX Integer32 (0 | 30 | 50) 2223 UNITS "bytes" 2224 MAX-ACCESS read-write 2225 STATUS current 2226 DESCRIPTION 2227 "The confidentiality protection offset options for the selected 2228 cipher suite in the MACsec. If the cipher suite does not have 2229 this capability, the configured value of the object will not 2230 apply to the cipher suite." 2231 REFERENCE 2232 "IEEE 802.1X Clause 9.7.1, Clause 9.16, Figure 12-3" 2233 ::= { ieee8021XKayMkaEntry 17 } 2234 2235ieee8021XKayMkaTxKN OBJECT-TYPE 2236 SYNTAX Ieee8021XMkaKN 2237 MAX-ACCESS read-only 2238 STATUS current 2239 DESCRIPTION 2240 "The key number assigned by the key server to the SAK currently 2241 being used for transmission. This object will be 0 if MACsec 2242 is not being used or the key number is not available yet." 2243 REFERENCE "IEEE 802.1X Clause 9.8, Clause 9.16, Figure 12-3" 2244 ::= { ieee8021XKayMkaEntry 18 } 2245 2246ieee8021XKayMkaTxAN OBJECT-TYPE 2247 SYNTAX RowPointer 2248 MAX-ACCESS read-only 2249 STATUS current 2250 DESCRIPTION 2251 "The AN assigned by the key server for use with the key number 2252 for transmission. 2253 2254 This row pointer will point to an entry in the secyTxSATable 2255 which the secyTxSCEncodingSA object also points to in the 2256 IEEE8021-SECY-MIB. 2257 2258 If MACsec is not in use or the AN is not identified yet, the 2259 value of this object shall be set to the OBJECT IDENTIFIER 2260 { 0 0 }." 2261 REFERENCE 2262 "IEEE 802.1X Clause 9.9, Clause 9.16, Figure 12-3, 2263 IEEE8021-SECY-MIB" 2264 ::= { ieee8021XKayMkaEntry 19 } 2265 2266ieee8021XKayMkaRxKN OBJECT-TYPE 2267 SYNTAX Ieee8021XMkaKN 2268 MAX-ACCESS read-only 2269 STATUS current 2270 DESCRIPTION 2271 "The key number assigned by the key server to the oldest SAK 2272 currently being used for reception. It is the same as the key 2273 number for transmission if a single SAK is currently in use. 2274 This object will be 0 if MACsec is not being used or the key 2275 number is not available yet." 2276 REFERENCE "IEEE 802.1X Clause 9.8, Clause 9.16, Figure 12-3" 2277 ::= { ieee8021XKayMkaEntry 20 } 2278 2279ieee8021XKayMkaRxAN OBJECT-TYPE 2280 SYNTAX RowPointer 2281 MAX-ACCESS read-only 2282 STATUS current 2283 DESCRIPTION 2284 "The AN assigned by the key server for use with the key number 2285 for reception. It is the same as AN for transmission if a 2286 single SAK is currently in use. 2287 2288 This row pointer will point to an entry in the secyRxSATable 2289 which the secyRxSCCurrentSA object also points to in the 2290 IEEE8021-SECY-MIB. 2291 2292 If MACsec is not in use or the AN is not identified yet, the 2293 value of this object shall be set to the OBJECT IDENTIFIER 2294 { 0 0 }." 2295 REFERENCE 2296 "IEEE 802.1X Clause 9.6.1, Clause 9.16, Figure 12-3, 2297 IEEE8021-SECY-MIB" 2298 ::= { ieee8021XKayMkaEntry 21 } 2299 2300ieee8021XKayMkaSuspendFor OBJECT-TYPE 2301 SYNTAX INTEGER (1..120) 2302 MAX-ACCESS read-write 2303 STATUS current 2304 DESCRIPTION 2305 "Set by management to a non-zero number of seconds between 1 2306 and MKA Suspension Limit to initiate a suspension (9.18) of 2307 that duration (if the KaY's principal actor is the Key 2308 Server) or to request a suspension (otherwise)" 2309 REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" 2310 ::= { ieee8021XKayMkaEntry 22 } 2311 2312ieee8021XKayMkaSuspendOnRequest OBJECT-TYPE 2313 SYNTAX TruthValue 2314 MAX-ACCESS read-write 2315 STATUS current 2316 DESCRIPTION 2317 "The status of the suspendOnRequest function for this KaY. 2318 'true' : then the KaY's principal actor will initiate a 2319 suspension if it is the Key Server and another participant 2320 has requested a suspension by transmitting a non-zero value 2321 of its suspendFor parameter 2322 'false' : then the KaY will not initiate a suspension on 2323 request from another participant." 2324 REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" 2325 ::= { ieee8021XKayMkaEntry 23 } 2326 2327ieee8021XKayMkaSuspendedWhile OBJECT-TYPE 2328 SYNTAX INTEGER (1..126) 2329 MAX-ACCESS read-write 2330 STATUS current 2331 DESCRIPTION 2332 "Read by management to determine if a suspension is in 2333 progress and to discover the remaining duration of that 2334 suspension. May be set directly to coordinate in-service 2335 upgrades." 2336 REFERENCE "IEEE 802.1X Clause 5.11.4, Clause 9.16, Clause 9.18.5, 2337 Clause 9.18.6, Figure 12-3" 2338 ::= { ieee8021XKayMkaEntry 24 } 2339 2340-- ------------------------------------------------------------------ -- 2341-- The 802.1X PAE KaY MKA Participants Table 2342-- ------------------------------------------------------------------ -- 2343 2344ieee8021XKayMkaParticipantTable OBJECT-TYPE 2345 SYNTAX SEQUENCE OF Ieee8021XKayMkaParticipantEntry 2346 MAX-ACCESS not-accessible 2347 STATUS current 2348 DESCRIPTION 2349 "A table for each MKA participant supported by the KaY MKA 2350 entity. 2351 2352 For the writeable objects in this table, the configured value 2353 shall be stored in persistent memory and remain unchanged 2354 across a re-initialization of the management system of the 2355 entity." 2356 REFERENCE "IEEE 802.1X Clause 9.14, Clause 9.16, Figure 12-3" 2357 ::= { ieee8021XPaeKaY 2 } 2358 2359ieee8021XKayMkaParticipantEntry OBJECT-TYPE 2360 SYNTAX Ieee8021XKayMkaParticipantEntry 2361 MAX-ACCESS not-accessible 2362 STATUS current 2363 DESCRIPTION 2364 "An entry containing KaY MKA management information applicable 2365 to a MKA participant." 2366 INDEX { ieee8021XPaePortNumber, ieee8021XKayMkaPartCKN } 2367 ::= { ieee8021XKayMkaParticipantTable 1 } 2368 2369Ieee8021XKayMkaParticipantEntry ::= SEQUENCE { 2370 ieee8021XKayMkaPartCKN Ieee8021XPaeCKN, 2371 ieee8021XKayMkaPartKMD Ieee8021XPaeKMD, 2372 ieee8021XKayMkaPartNID Ieee8021XPaeNID, 2373 ieee8021XKayMkaPartCached TruthValue, 2374 ieee8021XKayMkaPartActive TruthValue, 2375 ieee8021XKayMkaPartRetain TruthValue, 2376 ieee8021XKayMkaPartActivateControl INTEGER, 2377 ieee8021XKayMkaPartPrincipal TruthValue, 2378 ieee8021XKayMkaPartDistCKN Ieee8021XPaeCKNOrNull, 2379 ieee8021XKayMkaPartRowStatus RowStatus 2380} 2381 2382ieee8021XKayMkaPartCKN OBJECT-TYPE 2383 SYNTAX Ieee8021XPaeCKN 2384 MAX-ACCESS not-accessible 2385 STATUS current 2386 DESCRIPTION 2387 "The CKN information for this MKA participant." 2388 REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" 2389 ::= { ieee8021XKayMkaParticipantEntry 1 } 2390 2391ieee8021XKayMkaPartKMD OBJECT-TYPE 2392 SYNTAX Ieee8021XPaeKMD 2393 MAX-ACCESS read-create 2394 STATUS current 2395 DESCRIPTION 2396 "The KMD information for this MKA participant." 2397 REFERENCE "IEEE 802.1X Clause 9.16, Clause 12.6, Figure 12-3" 2398 ::= { ieee8021XKayMkaParticipantEntry 2 } 2399 2400ieee8021XKayMkaPartNID OBJECT-TYPE 2401 SYNTAX Ieee8021XPaeNID 2402 MAX-ACCESS read-create 2403 STATUS current 2404 DESCRIPTION 2405 "The NID information for this MKA participant." 2406 REFERENCE "IEEE 802.1X Clause 9.16, Clause 12.6, Figure 12-3" 2407 ::= { ieee8021XKayMkaParticipantEntry 3 } 2408 2409ieee8021XKayMkaPartCached OBJECT-TYPE 2410 SYNTAX TruthValue 2411 MAX-ACCESS read-create 2412 STATUS current 2413 DESCRIPTION 2414 "This object is set 'true' by the KaY if the participant's 2415 parameters are cached. If this object is 'true', this object 2416 can be set 'false' cleared by management to remove the 2417 participant's parameters from the cache." 2418 REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" 2419 ::= { ieee8021XKayMkaParticipantEntry 4 } 2420 2421ieee8021XKayMkaPartActive OBJECT-TYPE 2422 SYNTAX TruthValue 2423 MAX-ACCESS read-only 2424 STATUS current 2425 DESCRIPTION 2426 "This object is set 'true' if the participant is active, i.e. is 2427 currently transmitting periodic MKPDUs." 2428 REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" 2429 DEFVAL { false } 2430 ::= { ieee8021XKayMkaParticipantEntry 5 } 2431 2432ieee8021XKayMkaPartRetain OBJECT-TYPE 2433 SYNTAX TruthValue 2434 MAX-ACCESS read-create 2435 STATUS current 2436 DESCRIPTION 2437 "This object is set 'true' to retain the participant in the 2438 cache, even if the KaY would normally remove it (due to lack 2439 of use for example)" 2440 REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" 2441 ::= { ieee8021XKayMkaParticipantEntry 6 } 2442 2443ieee8021XKayMkaPartActivateControl OBJECT-TYPE 2444 SYNTAX INTEGER { 2445 default(1), 2446 disabled(2), 2447 onOperUp(3), 2448 always(4) 2449 } 2450 MAX-ACCESS read-create 2451 STATUS current 2452 DESCRIPTION 2453 "This object is for controlling the participant's behavior when 2454 the participant is activated. 2455 2456 'default' : the participant is from cached entries created by 2457 the KaY as part of normal operation, without explicit 2458 management, and is activated according to the 2459 implementation dependent policies of the KaY. 2460 2461 'disabled' : the participant allows the cache information to 2462 be retained, but disabled for indefinite period. 2463 2464 'onOperUp' : causing the participant to be activated when the 2465 PAE's 'Uncontrolled Port' becomes operational and when the 2466 PAE resumes following suspension. 2467 2468 'always' : causing the participant to remain active all the 2469 time, even in the continued absence of partners. 2470 2471 If the object changed to disabled(1) or onOperUp(3), the 2472 participant ceases operation immediately and receipt of MKPDUs 2473 with a matching CKN during a subsequent period of twice MKA 2474 lifetime will not cause the participant to become active once 2475 more." 2476 REFERENCE "IEEE 802.1X Clause 9.14, Clause 9.16, Figure 12-3" 2477 ::= { ieee8021XKayMkaParticipantEntry 7 } 2478 2479ieee8021XKayMkaPartPrincipal OBJECT-TYPE 2480 SYNTAX TruthValue 2481 MAX-ACCESS read-only 2482 STATUS current 2483 DESCRIPTION 2484 "This object is set 'true' if the participant is currently the 2485 principal actor." 2486 REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" 2487 DEFVAL { false } 2488 ::= { ieee8021XKayMkaParticipantEntry 8 } 2489 2490ieee8021XKayMkaPartDistCKN OBJECT-TYPE 2491 SYNTAX Ieee8021XPaeCKNOrNull 2492 MAX-ACCESS read-only 2493 STATUS current 2494 DESCRIPTION 2495 "The CKN for the last CAK distributed either by the actor or one 2496 of its partners. Empty string for this object will be provided if 2497 this participant has not been used to distribute a CAK or the 2498 participant is not active, i.e. the object 2499 ieee8021XKayMkaPartActive in the same row is 'false'." 2500 REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" 2501 DEFVAL { "" } 2502 ::= { ieee8021XKayMkaParticipantEntry 9 } 2503 2504ieee8021XKayMkaPartRowStatus OBJECT-TYPE 2505 SYNTAX RowStatus 2506 MAX-ACCESS read-create 2507 STATUS current 2508 DESCRIPTION 2509 "The object to create the parameters for the supported 2510 participant information in the system. 2511 2512 If the participant information is from downloaded policies, 2513 this object is 'active'." 2514 REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" 2515 ::= { ieee8021XKayMkaParticipantEntry 10 } 2516 2517-- ------------------------------------------------------------------ -- 2518-- The 802.1X PAE MKA Peer List Table 2519-- ------------------------------------------------------------------ -- 2520 2521ieee8021XKayMkaPeerListTable OBJECT-TYPE 2522 SYNTAX SEQUENCE OF Ieee8021XKayMkaPeerListEntry 2523 MAX-ACCESS not-accessible 2524 STATUS current 2525 DESCRIPTION 2526 "A table containing the lists of Live Peers and Potential Peers, 2527 for all MKA instances for which the KaY is active." 2528 REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" 2529 ::= { ieee8021XPaeKaY 3 } 2530 2531ieee8021XKayMkaPeerListEntry OBJECT-TYPE 2532 SYNTAX Ieee8021XKayMkaPeerListEntry 2533 MAX-ACCESS not-accessible 2534 STATUS current 2535 DESCRIPTION 2536 "A table entry for one of the peers for one of the MKA 2537 instances for which this KaY is an active participant." 2538 INDEX { ieee8021XPaePortNumber, ieee8021XKayMkaPartCKN, 2539 ieee8021XKayMkaPeerListMI } 2540 ::= { ieee8021XKayMkaPeerListTable 1 } 2541 2542Ieee8021XKayMkaPeerListEntry ::= SEQUENCE { 2543 ieee8021XKayMkaPeerListMI Ieee8021XMkaMI, 2544 ieee8021XKayMkaPeerListMN Ieee8021XMkaMN, 2545 ieee8021XKayMkaPeerListType INTEGER, 2546 ieee8021XKayMkaPeerListSCI SecySCI 2547} 2548 2549ieee8021XKayMkaPeerListMI OBJECT-TYPE 2550 SYNTAX Ieee8021XMkaMI 2551 MAX-ACCESS not-accessible 2552 STATUS current 2553 DESCRIPTION 2554 "The peer entry's MI information in the peer list of this active 2555 participant in MKA protocol." 2556 REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" 2557 ::= { ieee8021XKayMkaPeerListEntry 1 } 2558 2559ieee8021XKayMkaPeerListMN OBJECT-TYPE 2560 SYNTAX Ieee8021XMkaMN 2561 MAX-ACCESS read-only 2562 STATUS current 2563 DESCRIPTION 2564 "The peer entry's latest MN information in the peer list of this 2565 active participant in MKA protocol." 2566 REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" 2567 ::= { ieee8021XKayMkaPeerListEntry 2 } 2568 2569ieee8021XKayMkaPeerListType OBJECT-TYPE 2570 SYNTAX INTEGER { 2571 livePeerList(1), 2572 potentialPeerList(2) 2573 } 2574 MAX-ACCESS read-only 2575 STATUS current 2576 DESCRIPTION 2577 "The peer entry's type in the peer list of this active 2578 participant in MKA protocol. 2579 2580 'livePeerList' : the peer entry is in the Live Peer List. 2581 2582 'potentialPeerList' : the peer entry is in the Potential 2583 Peer List." 2584 REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" 2585 ::= { ieee8021XKayMkaPeerListEntry 3 } 2586 2587ieee8021XKayMkaPeerListSCI OBJECT-TYPE 2588 SYNTAX SecySCI 2589 MAX-ACCESS read-only 2590 STATUS current 2591 DESCRIPTION 2592 "The SCI information of the peer entry in the peer list of this 2593 active participant in MKA protocol." 2594 REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3" 2595 ::= { ieee8021XKayMkaPeerListEntry 4 } 2596 2597-- ------------------------------------------------------------------ -- 2598-- The 802.1X PAE NID Group 2599-- ------------------------------------------------------------------ -- 2600-- 2601-- ------------------------------------------------------------------ -- 2602-- The 802.1X PAE NID Configuration Table 2603-- ------------------------------------------------------------------ -- 2604 2605ieee8021XNidConfigTable OBJECT-TYPE 2606 SYNTAX SEQUENCE OF Ieee8021XNidConfigEntry 2607 MAX-ACCESS not-accessible 2608 STATUS current 2609 DESCRIPTION 2610 "A table that contains the configuration objects for the network 2611 announcement information for the Logon Process. 2612 2613 The detail operation of the Logon Process can vary depending on 2614 the port-based network access control applications, and on the 2615 capabilities supported by that implementation including, for 2616 example, network discovery and roaming. This table specifies 2617 control variables that facilitate behaviors that are 2618 potentially useful in a range of applications. Implementations 2619 may use and augment the variables specified, or may use 2620 variables specific to the implementation. 2621 2622 For the writeable objects in this table, the configured value 2623 shall be stored in persistent memory and remain unchanged 2624 across a re-initialization of the management system of the 2625 entity." 2626 REFERENCE "802.1X Clause 8, Figure 8-6, Figure 12-3" 2627 ::= { ieee8021XPaeNetworkIdentifier 1 } 2628 2629ieee8021XNidConfigEntry OBJECT-TYPE 2630 SYNTAX Ieee8021XNidConfigEntry 2631 MAX-ACCESS not-accessible 2632 STATUS current 2633 DESCRIPTION 2634 "An entry contains network announcement parameters for a NID." 2635 INDEX { IMPLIED ieee8021XNidNID } 2636 ::= { ieee8021XNidConfigTable 1 } 2637 2638Ieee8021XNidConfigEntry ::= SEQUENCE { 2639 ieee8021XNidNID Ieee8021XPaeNID, 2640 ieee8021XNidUseEap INTEGER, 2641 ieee8021XNidUnauthAllowed INTEGER, 2642 ieee8021XNidUnsecuredAllowed INTEGER, 2643 ieee8021XNidUnauthenticatedAccess Ieee8021XPaeNIDUnauthenticatedStatus, 2644 ieee8021XNidAccessCapabilities Ieee8021XPaeNIDCapabilites, 2645 ieee8021XNidKMD Ieee8021XPaeKMD, 2646 ieee8021XNidRowStatus RowStatus 2647} 2648 2649ieee8021XNidNID OBJECT-TYPE 2650 SYNTAX Ieee8021XPaeNID 2651 MAX-ACCESS not-accessible 2652 STATUS current 2653 DESCRIPTION 2654 "The network identifier to identify NID configuration in the 2655 PAE." 2656 REFERENCE "802.1X Clause 12.5, Figure 12-3" 2657 ::= { ieee8021XNidConfigEntry 1 } 2658 2659ieee8021XNidUseEap OBJECT-TYPE 2660 SYNTAX INTEGER { 2661 never(1), 2662 immediate(2), 2663 mkaFail(3) 2664 } 2665 MAX-ACCESS read-create 2666 STATUS current 2667 DESCRIPTION 2668 "Determines when the Logon Process will initiate EAP, if the 2669 Supplicant and or Authenticator are enabled, and takes one of 2670 the following values: 2671 2672 'never' : Never. 2673 2674 'immediate' : Immediately, concurrently with the use of MKA 2675 with any cached CAK(s). 2676 2677 'mkaFail' : Not until MKA has failed, if a prior CAK has been 2678 cached." 2679 REFERENCE "802.1X Clause 12.5, Figure 12-3" 2680 ::= { ieee8021XNidConfigEntry 2 } 2681 2682ieee8021XNidUnauthAllowed OBJECT-TYPE 2683 SYNTAX INTEGER { 2684 never(1), 2685 immediate(2), 2686 authFail(3) 2687 } 2688 MAX-ACCESS read-create 2689 STATUS current 2690 DESCRIPTION 2691 "Determines when the Logon Process will tell the CP state 2692 machine to provide unauthenticated connectivity, and takes one 2693 of the following values: 2694 2695 'never' : Never. 2696 2697 'immediate' : Immediately, independently of any current or 2698 future attempts to authenticate using the PAE or MKA. 2699 2700 'authFail' : Not until an attempt has been made to 2701 authenticate using EAP, unless neither the Supplicant nor 2702 the Authenticator is enabled, and MKA has attempted to use 2703 any cached CAK (unless the KaY is not enabled)." 2704 REFERENCE "802.1X Clause 12.5, Figure 12-3" 2705 ::= { ieee8021XNidConfigEntry 3 } 2706 2707ieee8021XNidUnsecuredAllowed OBJECT-TYPE 2708 SYNTAX INTEGER { 2709 never(1), 2710 immediate(2), 2711 mkaFail(3), 2712 mkaServer(4) 2713 } 2714 MAX-ACCESS read-create 2715 STATUS current 2716 DESCRIPTION 2717 "Determines when the Logon Process will tell the CP state 2718 machine to provide authenticated but unsecured connectivity, 2719 takes one of the following values: 2720 2721 'never' : Never. 2722 2723 'immediate' : Immediately, to provide connectivity 2724 concurrently with the use of MKA with any CAK acquired 2725 through EAP. 2726 2727 'mkaFail' : Not until MKA has failed, or is not enabled. 2728 2729 'mkaServer' : Only if directed by the MKA server." 2730 REFERENCE "802.1X Clause 12.5, Figure 12-3" 2731 ::= { ieee8021XNidConfigEntry 4 } 2732 2733ieee8021XNidUnauthenticatedAccess OBJECT-TYPE 2734 SYNTAX Ieee8021XPaeNIDUnauthenticatedStatus 2735 MAX-ACCESS read-create 2736 STATUS current 2737 DESCRIPTION 2738 "The configured access capability of the port's clients without 2739 authentication in this NID." 2740 REFERENCE "802.1X Clause 12.5, Clause 10.1, Figure 12-3" 2741 ::= { ieee8021XNidConfigEntry 5 } 2742 2743ieee8021XNidAccessCapabilities OBJECT-TYPE 2744 SYNTAX Ieee8021XPaeNIDCapabilites 2745 MAX-ACCESS read-create 2746 STATUS current 2747 DESCRIPTION 2748 "The authentication and protection capabilities supported for 2749 the NID." 2750 REFERENCE "802.1X Clause 12.5, Clause 10.1, Figure 12-3" 2751 ::= { ieee8021XNidConfigEntry 6 } 2752 2753ieee8021XNidKMD OBJECT-TYPE 2754 SYNTAX Ieee8021XPaeKMD 2755 MAX-ACCESS read-create 2756 STATUS current 2757 DESCRIPTION 2758 "The configured KMD information for this NID." 2759 REFERENCE "802.1X Clause 10.4, Figure 12-3" 2760 ::= { ieee8021XNidConfigEntry 7 } 2761 2762ieee8021XNidRowStatus OBJECT-TYPE 2763 SYNTAX RowStatus 2764 MAX-ACCESS read-create 2765 STATUS current 2766 DESCRIPTION 2767 "The object to create the parameters for the supported Network 2768 Announcement information in the system. 2769 2770 If the Network Announcement information of the entry is from 2771 downloaded policies, this object is 'active'." 2772 REFERENCE "802.1X Clause 10.4, Figure 12-3" 2773 ::= { ieee8021XNidConfigEntry 8 } 2774 2775 2776-- ------------------------------------------------------------------ -- 2777-- The 802.1X PAE Announce Information Table 2778-- ------------------------------------------------------------------ -- 2779 2780ieee8021XAnnounceTable OBJECT-TYPE 2781 SYNTAX SEQUENCE OF Ieee8021XAnnounceEntry 2782 MAX-ACCESS not-accessible 2783 STATUS current 2784 DESCRIPTION 2785 "A table contains the status information that the Announcers 2786 announce in the network announcement of the PAE system. 2787 2788 This table will be instantiated if the object 2789 ieee8021XPaePortAnnouncerEnable in the corresponding entry of 2790 the ieee8021XPaePortTable is 'true'." 2791 REFERENCE "802.1X Clause 8, Figure 8-6, Figure 12-3" 2792 ::= { ieee8021XPaeNetworkIdentifier 2 } 2793 2794ieee8021XAnnounceEntry OBJECT-TYPE 2795 SYNTAX Ieee8021XAnnounceEntry 2796 MAX-ACCESS not-accessible 2797 STATUS current 2798 DESCRIPTION 2799 "An entry contains an Announcer's status information." 2800 INDEX { ieee8021XPaePortNumber, 2801 IMPLIED ieee8021XAnnounceNID } 2802 ::= { ieee8021XAnnounceTable 1 } 2803 2804Ieee8021XAnnounceEntry ::= SEQUENCE { 2805 ieee8021XAnnounceNID Ieee8021XPaeNID, 2806 ieee8021XAnnounceAccessStatus Ieee8021XPaeNIDAccessStatus 2807} 2808 2809ieee8021XAnnounceNID OBJECT-TYPE 2810 SYNTAX Ieee8021XPaeNID 2811 MAX-ACCESS not-accessible 2812 STATUS current 2813 DESCRIPTION 2814 "The NID information to identify a transmitting network 2815 announcement for the PAE." 2816 REFERENCE "802.1X Clause 10.4, Clause 12.5, Figure 12-3" 2817 ::= { ieee8021XAnnounceEntry 1 } 2818 2819ieee8021XAnnounceAccessStatus OBJECT-TYPE 2820 SYNTAX Ieee8021XPaeNIDAccessStatus 2821 MAX-ACCESS read-only 2822 STATUS current 2823 DESCRIPTION 2824 "The object information reflects connectivity as a result of 2825 authentication attempts of this NID for this Announcer." 2826 REFERENCE 2827 "802.1X Clause 10.4, Clause 10.1, Clause 12.5, Figure 12-3" 2828 ::= { ieee8021XAnnounceEntry 2 } 2829 2830 2831-- ------------------------------------------------------------------ -- 2832-- The 802.1X PAE Announcement Information Table 2833-- ------------------------------------------------------------------ -- 2834 2835ieee8021XAnnouncementTable OBJECT-TYPE 2836 SYNTAX SEQUENCE OF Ieee8021XAnnouncementEntry 2837 MAX-ACCESS not-accessible 2838 STATUS current 2839 DESCRIPTION 2840 "A table contains the status information that the Listeners 2841 receive in the network announcement of the PAE system. 2842 2843 This table will be instantiated if the object 2844 ieee8021XPaePortListenerEnable in the corresponding entry of the 2845 ieee8021XPaePortTable is 'true'." 2846 REFERENCE "802.1X Clause 10.4, Figure 12-3" 2847 ::= { ieee8021XPaeNetworkIdentifier 3 } 2848 2849ieee8021XAnnouncementEntry OBJECT-TYPE 2850 SYNTAX Ieee8021XAnnouncementEntry 2851 MAX-ACCESS not-accessible 2852 STATUS current 2853 DESCRIPTION 2854 "An entry contains a Listener's status information." 2855 INDEX { ieee8021XPaePortNumber, 2856 IMPLIED ieee8021XAnnouncementNID } 2857 ::= { ieee8021XAnnouncementTable 1 } 2858 2859Ieee8021XAnnouncementEntry ::= SEQUENCE { 2860 ieee8021XAnnouncementNID Ieee8021XPaeNID, 2861 ieee8021XAnnouncementKMD Ieee8021XPaeKMD, 2862 ieee8021XAnnouncementSpecific TruthValue, 2863 ieee8021XAnnouncementAccessStatus Ieee8021XPaeNIDAccessStatus, 2864 ieee8021XAnnouncementAccessRequested TruthValue, 2865 ieee8021XAnnouncementUnauthAccess Ieee8021XPaeNIDUnauthenticatedStatus, 2866 ieee8021XAnnouncementCapabilities Ieee8021XPaeNIDCapabilites 2867} 2868 2869ieee8021XAnnouncementNID OBJECT-TYPE 2870 SYNTAX Ieee8021XPaeNID 2871 MAX-ACCESS not-accessible 2872 STATUS current 2873 DESCRIPTION 2874 "The NID information to identify a received network announcement 2875 for the PAE." 2876 REFERENCE "802.1X Clause 10.4, Figure 12-3" 2877 ::= { ieee8021XAnnouncementEntry 1 } 2878 2879ieee8021XAnnouncementKMD OBJECT-TYPE 2880 SYNTAX Ieee8021XPaeKMD 2881 MAX-ACCESS read-only 2882 STATUS current 2883 DESCRIPTION 2884 "The KMD information for this received network announcement of 2885 the PAE." 2886 REFERENCE "802.1X Clause 10.4, Figure 12-3" 2887 ::= { ieee8021XAnnouncementEntry 2 } 2888 2889ieee8021XAnnouncementSpecific OBJECT-TYPE 2890 SYNTAX TruthValue 2891 MAX-ACCESS read-only 2892 STATUS current 2893 DESCRIPTION 2894 "This object indicates the received announcement information was 2895 specific to the receiving PAE, not generic for all systems attached 2896 to the LAN." 2897 REFERENCE "802.1X Clause 10.1, 10.4, Figure 12-3" 2898 ::= { ieee8021XAnnouncementEntry 3 } 2899 2900ieee8021XAnnouncementAccessStatus OBJECT-TYPE 2901 SYNTAX Ieee8021XPaeNIDAccessStatus 2902 MAX-ACCESS read-only 2903 STATUS current 2904 DESCRIPTION 2905 "The object information reflects connectivity as a result of 2906 authentication attempts for this received network announcement 2907 of the PAE." 2908 REFERENCE "802.1X Clause 10.4, Clause 10.1, Figure 12-3" 2909 ::= { ieee8021XAnnouncementEntry 4 } 2910 2911ieee8021XAnnouncementAccessRequested OBJECT-TYPE 2912 SYNTAX TruthValue 2913 MAX-ACCESS read-only 2914 STATUS current 2915 DESCRIPTION 2916 "The authenticated access has been requested for this particular 2917 NID or not." 2918 REFERENCE "802.1X Clause 10.4, Clause 10.1, Figure 12-3" 2919 ::= { ieee8021XAnnouncementEntry 5 } 2920 2921ieee8021XAnnouncementUnauthAccess OBJECT-TYPE 2922 SYNTAX Ieee8021XPaeNIDUnauthenticatedStatus 2923 MAX-ACCESS read-only 2924 STATUS current 2925 DESCRIPTION 2926 "The access capability of the port's clients without 2927 authentication in this received network announcement of the 2928 PAE. 2929 2930 'openAccess', 'limitedAccess' should not be returned if the 2931 object ieee8021XNidUnauthAllowed is 'immediate'." 2932 REFERENCE 2933 "802.1X Clause 10.1, Clause 12.5, Figure 12-3" 2934 ::= { ieee8021XAnnouncementEntry 6 } 2935 2936ieee8021XAnnouncementCapabilities OBJECT-TYPE 2937 SYNTAX Ieee8021XPaeNIDCapabilites 2938 MAX-ACCESS read-only 2939 STATUS current 2940 DESCRIPTION 2941 "The announcement capabilities of this received network 2942 announcement for this PAE." 2943 REFERENCE "802.1X Clause 10.1, Clause 12.5, Figure 12-3" 2944 ::= { ieee8021XAnnouncementEntry 7 } 2945 2946-- ------------------------------------------------------------------ -- 2947-- The 802.1X PAE Announcement Cipher Suite Information Table 2948-- ------------------------------------------------------------------ -- 2949 2950ieee8021XAnnouncementCipherSuitesTable OBJECT-TYPE 2951 SYNTAX SEQUENCE OF Ieee8021XAnnouncementCipherSuitesEntry 2952 MAX-ACCESS not-accessible 2953 STATUS current 2954 DESCRIPTION 2955 "A table contains the Cipher Suites information that the Listeners 2956 receive in the network announcement of the PAE system. 2957 2958 This table will be instantiated if the object 2959 ieee8021XPaePortListenerEnable in the corresponding entry of the 2960 ieee8021XPaePortTable is 'true'." 2961 REFERENCE "802.1X Clause 10.4, Clause 11.13.3, Figure 11-21, Figure 12-3" 2962 ::= { ieee8021XPaeNetworkIdentifier 4 } 2963 2964ieee8021XAnnouncementCipherSuitesEntry OBJECT-TYPE 2965 SYNTAX Ieee8021XAnnouncementCipherSuitesEntry 2966 MAX-ACCESS not-accessible 2967 STATUS current 2968 DESCRIPTION 2969 "An entry contains the Cipher Suite information which a Listener has 2970 reveived from network announcement." 2971 INDEX { ieee8021XPaePortNumber, 2972 ieee8021XAnnouncementNID, 2973 ieee8021XAnnouncementCipherSuite } 2974 ::= { ieee8021XAnnouncementCipherSuitesTable 1 } 2975 2976Ieee8021XAnnouncementCipherSuitesEntry ::= SEQUENCE { 2977 ieee8021XAnnouncementCipherSuite OCTET STRING, 2978 ieee8021XAnnouncementCipherCapability Unsigned32 2979} 2980 2981ieee8021XAnnouncementCipherSuite OBJECT-TYPE 2982 SYNTAX OCTET STRING (SIZE (8)) 2983 MAX-ACCESS not-accessible 2984 STATUS current 2985 DESCRIPTION 2986 "The identifier for the announced cipher suite. This is a 2987 global unique 64-bit (EUI-64) identifier to identify a cipher 2988 suite." 2989 REFERENCE 2990 "802.1X Clause 10.4, Figure 12-3, 802.1AE-2006 Clause 14" 2991 ::= { ieee8021XAnnouncementCipherSuitesEntry 1 } 2992 2993ieee8021XAnnouncementCipherCapability OBJECT-TYPE 2994 SYNTAX Unsigned32 (0..65535) 2995 MAX-ACCESS read-only 2996 STATUS current 2997 DESCRIPTION 2998 "The capability of a Cipher Suite received from the network 2999 announcement by the Listener. 3000 3001 A 2 octets Cipher Suite dependent implementation capability field 3002 precedes each Cipher Suite reference number. If the Cipher Suite, 3003 ieee8021XAnnouncementCipherSuite, identifies the Default Cipher 3004 Suite (specified in IEEE Std 802.1AE), the two least significant 3005 bits of the implementation capability field encode the MACsec 3006 Capability parameter specified in Table 11-7 and the fourteen more 3007 significant bits are as 0 and ignored on receipt." 3008 REFERENCE 3009 "802.1X Clause 11.13.3, Figure 11-21" 3010 ::= { ieee8021XAnnouncementCipherSuitesEntry 2 } 3011 3012-- ------------------------------------------------------------------ -- 3013-- 802.1X Conformance 3014-- ------------------------------------------------------------------ -- 3015 3016ieee8021XPaeCompliances OBJECT IDENTIFIER 3017 ::= { ieee8021XPaeMIBConformance 1 } 3018 3019ieee8021XPaeGroups OBJECT IDENTIFIER 3020 ::= { ieee8021XPaeMIBConformance 2 } 3021 3022 3023-- ------------------------------------------------------------------ -- 3024-- 802.1X Compliance Statements 3025-- ------------------------------------------------------------------ -- 3026 3027ieee8021XPaeCompliance MODULE-COMPLIANCE 3028 STATUS current 3029 DESCRIPTION 3030 "The compliance statement for device support of 3031 Port Access Control." 3032 MODULE -- this module 3033 MANDATORY-GROUPS { 3034 ieee8021XPaeSystemGroup, 3035 ieee8021XPaeLogonGroup, 3036 ieee8021XPaeEapolStatsGroup 3037 } 3038 3039 GROUP ieee8021XPacGroup 3040 DESCRIPTION 3041 "This group is mandatory for systems that does not support 3042 the MACsec functions of the PAE." 3043 3044 GROUP ieee8021XPaeAuthConfigGroup 3045 DESCRIPTION 3046 "This group is mandatory for systems that support the 3047 Authenticator functions of the PAE." 3048 3049 GROUP ieee8021XPaeSuppConfigGroup 3050 DESCRIPTION 3051 "This group is mandatory for systems that support the 3052 Supplicant functions of the PAE." 3053 3054 GROUP ieee8021XPaeKaYMkaGroup 3055 DESCRIPTION 3056 "This group is mandatory for systems that support the KaY 3057 MKA functions of the PAE." 3058 3059 GROUP ieee8021XPaeNetworkIdentifierGroup 3060 DESCRIPTION 3061 "This group is mandatory for systems that support the 3062 network announcement functions of the PAE." 3063 3064 GROUP ieee8021XPaeAnnouncerGroup 3065 DESCRIPTION 3066 "This group is mandatory for systems that support the 3067 network announcement and the Announcer functions of the 3068 PAE." 3069 3070 GROUP ieee8021XPaeListenerGroup 3071 DESCRIPTION 3072 "This group is mandatory for systems that support 3073 the network announcement and the Listener functions of the 3074 PAE." 3075 3076 OBJECT ieee8021XKayMacSecConfidentialityOffset 3077 MIN-ACCESS read-only 3078 DESCRIPTION 3079 "read-write access is not required. This may be read-only." 3080 3081 OBJECT ieee8021XNidUseEap 3082 MIN-ACCESS read-only 3083 DESCRIPTION 3084 "read-create access is not required. This may be 3085 read-only." 3086 3087 OBJECT ieee8021XNidUnauthAllowed 3088 MIN-ACCESS read-only 3089 DESCRIPTION 3090 "read-create access is not required. This may be 3091 read-only." 3092 3093 OBJECT ieee8021XNidUnsecuredAllowed 3094 MIN-ACCESS read-only 3095 DESCRIPTION 3096 "read-create access is not required. This may be 3097 read-only." 3098 3099 OBJECT ieee8021XNidUnauthenticatedAccess 3100 MIN-ACCESS read-only 3101 DESCRIPTION 3102 "read-create access is not required. This may be 3103 read-only." 3104 3105 OBJECT ieee8021XNidAccessCapabilities 3106 MIN-ACCESS read-only 3107 DESCRIPTION 3108 "read-create access is not required. This may be 3109 read-only." 3110 3111 OBJECT ieee8021XNidKMD 3112 MIN-ACCESS read-only 3113 DESCRIPTION 3114 "read-create access is not required. This may be 3115 read-only." 3116 3117 OBJECT ieee8021XNidRowStatus 3118 MIN-ACCESS read-only 3119 DESCRIPTION 3120 "read-create access is not required. This may be 3121 read-only." 3122 ::= { ieee8021XPaeCompliances 1 } 3123 3124 ieee8021XPaeV2Compliance MODULE-COMPLIANCE 3125 STATUS current 3126 DESCRIPTION 3127 "The compliance statement for device support of 3128 Port Access Control as specified in 802.1X-2010 3129 amended by 802.1Xbx." 3130 MODULE -- this module 3131 MANDATORY-GROUPS { 3132 ieee8021XPaeSystemGroup, 3133 ieee8021XPaeLogonGroup, 3134 ieee8021XPaeEapolStatsGroup 3135 } 3136 3137 GROUP ieee8021XPacGroup 3138 DESCRIPTION 3139 "This group is mandatory for systems that does not support 3140 the MACsec functions of the PAE." 3141 3142 GROUP ieee8021XPaeAuthConfigGroup 3143 DESCRIPTION 3144 "This group is mandatory for systems that support the 3145 Authenticator functions of the PAE." 3146 3147 GROUP ieee8021XPaeSuppConfigGroup 3148 DESCRIPTION 3149 "This group is mandatory for systems that support the 3150 Supplicant functions of the PAE." 3151 3152 GROUP ieee8021XPaeKaYMkaGroup 3153 DESCRIPTION 3154 "This group is mandatory for systems that support the KaY 3155 MKA functions of the PAE." 3156 3157 GROUP ieee8021XPaeNetworkIdentifierGroup 3158 DESCRIPTION 3159 "This group is mandatory for systems that support the 3160 network announcement functions of the PAE." 3161 3162 GROUP ieee8021XPaeAnnouncerGroup 3163 DESCRIPTION 3164 "This group is mandatory for systems that support the 3165 network announcement and the Announcer functions of the 3166 PAE." 3167 3168 GROUP ieee8021XPaeListenerGroup 3169 DESCRIPTION 3170 "This group is mandatory for systems that support 3171 the network announcement and the Listener functions of the 3172 PAE." 3173 3174 GROUP ieee8021XPaeKaYIsupgradeGroup 3175 DESCRIPTION 3176 "This group is mandatory for systems that support KaY MKA 3177 in-service upgrades." 3178 3179 OBJECT ieee8021XKayMacSecConfidentialityOffset 3180 MIN-ACCESS read-only 3181 DESCRIPTION 3182 "read-write access is not required. This may be read-only." 3183 3184 OBJECT ieee8021XNidUseEap 3185 MIN-ACCESS read-only 3186 DESCRIPTION 3187 "read-create access is not required. This may be 3188 read-only." 3189 3190 OBJECT ieee8021XNidUnauthAllowed 3191 MIN-ACCESS read-only 3192 DESCRIPTION 3193 "read-create access is not required. This may be 3194 read-only." 3195 3196 OBJECT ieee8021XNidUnsecuredAllowed 3197 MIN-ACCESS read-only 3198 DESCRIPTION 3199 "read-create access is not required. This may be 3200 read-only." 3201 3202 OBJECT ieee8021XNidUnauthenticatedAccess 3203 MIN-ACCESS read-only 3204 DESCRIPTION 3205 "read-create access is not required. This may be 3206 read-only." 3207 3208 OBJECT ieee8021XNidAccessCapabilities 3209 MIN-ACCESS read-only 3210 DESCRIPTION 3211 "read-create access is not required. This may be 3212 read-only." 3213 3214 OBJECT ieee8021XNidKMD 3215 MIN-ACCESS read-only 3216 DESCRIPTION 3217 "read-create access is not required. This may be 3218 read-only." 3219 3220 OBJECT ieee8021XNidRowStatus 3221 MIN-ACCESS read-only 3222 DESCRIPTION 3223 "read-create access is not required. This may be 3224 read-only." 3225 ::= { ieee8021XPaeCompliances 2 } 3226 3227 3228ieee8021XPaeSystemGroup OBJECT-GROUP 3229 OBJECTS { 3230 ieee8021XPaeSysAccessControl, 3231 ieee8021XPaeSysAnnouncements, 3232 ieee8021XPaeSysEapolVersion, 3233 ieee8021XPaeSysMkaVersion, 3234 ieee8021XPaePortType, 3235 ieee8021XPaeControlledPortNumber, 3236 ieee8021XPaeUncontrolledPortNumber, 3237 ieee8021XPaeCommonPortNumber, 3238 ieee8021XPaePortInitialize, 3239 ieee8021XPaePortCapabilities, 3240 ieee8021XPaePortVirtualPortsEnable, 3241 ieee8021XPaePortMaxVirtualPorts, 3242 ieee8021XPaePortCurrentVirtualPorts, 3243 ieee8021XPaePortVirtualPortStart, 3244 ieee8021XPaePortVirtualPortPeerMAC, 3245 ieee8021XPaePortLogonEnable, 3246 ieee8021XPaePortAuthenticatorEnable, 3247 ieee8021XPaePortSupplicantEnable, 3248 ieee8021XPaePortKayMkaEnable, 3249 ieee8021XPaePortAnnouncerEnable, 3250 ieee8021XPaePortListenerEnable 3251 } 3252 STATUS current 3253 DESCRIPTION 3254 "A collection of objects providing system information for a PAE 3255 system and a PAE port status and control information." 3256 ::= { ieee8021XPaeGroups 1 } 3257 3258ieee8021XPacGroup OBJECT-GROUP 3259 OBJECTS { 3260 ieee8021XPacPortAdminPt2PtMAC, 3261 ieee8021XPacPortOperPt2PtMAC 3262 } 3263 STATUS current 3264 DESCRIPTION 3265 "A collection of objects providing information of a PAC in the 3266 system." 3267 ::= { ieee8021XPaeGroups 2 } 3268 3269ieee8021XPaeLogonGroup OBJECT-GROUP 3270 OBJECTS { 3271 ieee8021XPaePortLogonConnectStatus, 3272 ieee8021XPaePortPortValid, 3273 ieee8021XPaePortSessionOctetsRx, 3274 ieee8021XPaePortSessionOctetsTx, 3275 ieee8021XPaePortSessionPktsRx, 3276 ieee8021XPaePortSessionPktsTx, 3277 ieee8021XPaePortSessionId, 3278 ieee8021XPaePortSessionStartTime, 3279 ieee8021XPaePortSessionIntervalTime, 3280 ieee8021XPaePortSessionTerminate, 3281 ieee8021XPaePortSessionUserName 3282 } 3283 STATUS current 3284 DESCRIPTION 3285 "A collection of objects providing information of a Logon 3286 Process in the system." 3287 ::= { ieee8021XPaeGroups 3 } 3288 3289ieee8021XPaeAuthConfigGroup OBJECT-GROUP 3290 OBJECTS { 3291 ieee8021XAuthPaeAuthenticate, 3292 ieee8021XAuthPaeAuthenticated, 3293 ieee8021XAuthPaeFailed, 3294 ieee8021XAuthPaeReAuthEnabled, 3295 ieee8021XAuthPaeQuietPeriod, 3296 ieee8021XAuthPaeReauthPeriod, 3297 ieee8021XAuthPaeRetryMax, 3298 ieee8021XAuthPaeRetryCount 3299 } 3300 STATUS current 3301 DESCRIPTION 3302 "A collection of objects providing configuration information of 3303 an Authenticator in the system." 3304 ::= { ieee8021XPaeGroups 4 } 3305 3306ieee8021XPaeSuppConfigGroup OBJECT-GROUP 3307 OBJECTS { 3308 ieee8021XSuppPaeAuthenticate, 3309 ieee8021XSuppPaeAuthenticated, 3310 ieee8021XSuppPaeFailed, 3311 ieee8021XSuppPaeHelloPeriod, 3312 ieee8021XSuppPaeRetryMax, 3313 ieee8021XSuppPaeRetryCount 3314 } 3315 STATUS current 3316 DESCRIPTION 3317 "A collection of objects providing configuration information of 3318 a Supplicant in the system." 3319 ::= { ieee8021XPaeGroups 5 } 3320 3321ieee8021XPaeEapolStatsGroup OBJECT-GROUP 3322 OBJECTS { 3323 ieee8021XEapolInvalidFramesRx, 3324 ieee8021XEapolEapLengthErrorFramesRx, 3325 ieee8021XEapolAnnouncementFramesRx, 3326 ieee8021XEapolAnnouncementReqFramesRx, 3327 ieee8021XEapolPortUnavailableFramesRx, 3328 ieee8021XEapolStartFramesRx, 3329 ieee8021XEapolEapFramesRx, 3330 ieee8021XEapolLogoffFramesRx, 3331 ieee8021XEapolMkNoCknFramesRx, 3332 ieee8021XEapolMkInvalidFramesRx, 3333 ieee8021XEapolLastRxFrameVersion, 3334 ieee8021XEapolLastRxFrameSource, 3335 ieee8021XEapolSuppEapFramesTx, 3336 ieee8021XEapolLogoffFramesTx, 3337 ieee8021XEapolAnnouncementFramesTx, 3338 ieee8021XEapolAnnouncementReqFramesTx, 3339 ieee8021XEapolStartFramesTx, 3340 ieee8021XEapolAuthEapFramesTx, 3341 ieee8021XEapolMkaFramesTx 3342 } 3343 STATUS current 3344 DESCRIPTION 3345 "A collection of objects providing counters and diagnostic 3346 information for the EAPOL in the system." 3347 ::= { ieee8021XPaeGroups 6 } 3348 3349ieee8021XPaeKaYMkaGroup OBJECT-GROUP 3350 OBJECTS { 3351 ieee8021XKayMkaActive, 3352 ieee8021XKayMkaAuthenticated, 3353 ieee8021XKayMkaSecured, 3354 ieee8021XKayMkaFailed, 3355 ieee8021XKayMkaActorSCI, 3356 ieee8021XKayMkaActorsPriority, 3357 ieee8021XKayMkaKeyServerPriority, 3358 ieee8021XKayMkaKeyServerSCI, 3359 ieee8021XKayAllowedJoinGroup, 3360 ieee8021XKayAllowedFormGroup, 3361 ieee8021XKayCreateNewGroup, 3362 ieee8021XKayMacSecCapability, 3363 ieee8021XKayMacSecDesired, 3364 ieee8021XKayMacSecProtect, 3365 ieee8021XKayMacSecReplayProtect, 3366 ieee8021XKayMacSecValidate, 3367 ieee8021XKayMacSecConfidentialityOffset, 3368 ieee8021XKayMkaTxKN, 3369 ieee8021XKayMkaTxAN, 3370 ieee8021XKayMkaRxKN, 3371 ieee8021XKayMkaRxAN, 3372 ieee8021XKayMkaPartKMD, 3373 ieee8021XKayMkaPartNID, 3374 ieee8021XKayMkaPartCached, 3375 ieee8021XKayMkaPartActive, 3376 ieee8021XKayMkaPartRetain, 3377 ieee8021XKayMkaPartActivateControl, 3378 ieee8021XKayMkaPartPrincipal, 3379 ieee8021XKayMkaPartDistCKN, 3380 ieee8021XKayMkaPartRowStatus, 3381 ieee8021XKayMkaPeerListMN, 3382 ieee8021XKayMkaPeerListType, 3383 ieee8021XKayMkaPeerListSCI 3384 } 3385 STATUS current 3386 DESCRIPTION 3387 "A collection of objects providing monitoring and controlling 3388 information of a KaY MKA in the system." 3389 ::= { ieee8021XPaeGroups 7 } 3390 3391ieee8021XPaeNetworkIdentifierGroup OBJECT-GROUP 3392 OBJECTS { 3393 ieee8021XLogonNIDConnectedNID, 3394 ieee8021XLogonNIDRequestedNID, 3395 ieee8021XLogonNIDSelectedNID, 3396 ieee8021XNidUseEap, 3397 ieee8021XNidUnauthAllowed, 3398 ieee8021XNidUnsecuredAllowed, 3399 ieee8021XNidUnauthenticatedAccess, 3400 ieee8021XNidAccessCapabilities, 3401 ieee8021XNidKMD, 3402 ieee8021XNidRowStatus 3403 } 3404 STATUS current 3405 DESCRIPTION 3406 "A collection of objects providing monitoring and controlling 3407 information of an NID in the system." 3408 ::= { ieee8021XPaeGroups 8 } 3409 3410ieee8021XPaeAnnouncerGroup OBJECT-GROUP 3411 OBJECTS { ieee8021XAnnounceAccessStatus } 3412 STATUS current 3413 DESCRIPTION 3414 "A collection of objects providing status information for 3415 an Announcer in the system." 3416 ::= { ieee8021XPaeGroups 9 } 3417 3418ieee8021XPaeListenerGroup OBJECT-GROUP 3419 OBJECTS { 3420 ieee8021XAnnouncementKMD, 3421 ieee8021XAnnouncementSpecific, 3422 ieee8021XAnnouncementAccessStatus, 3423 ieee8021XAnnouncementAccessRequested, 3424 ieee8021XAnnouncementUnauthAccess, 3425 ieee8021XAnnouncementCapabilities, 3426 ieee8021XAnnouncementCipherCapability 3427 } 3428 STATUS current 3429 DESCRIPTION 3430 "A collection of objects providing status information for 3431 a Listener in the system." 3432 ::= { ieee8021XPaeGroups 10 } 3433 3434ieee8021XPaeKaYIsupgradeGroup OBJECT-GROUP 3435 OBJECTS { 3436 ieee8021XKayMkaSuspendFor, 3437 ieee8021XKayMkaSuspendOnRequest, 3438 ieee8021XKayMkaSuspendedWhile 3439 } 3440 STATUS current 3441 DESCRIPTION 3442 "A collection of objects providing monitoring and control 3443 for MKA support of in-service upgrades." 3444 ::= { ieee8021XPaeGroups 11 } 3445 3446END 3447 3448