#-MIBFILE: cisco-pae.mib CISCO-PAE-MIB DEFINITIONS ::= BEGIN DisplayString ::= OCTET STRING (SIZE(0..255)) PhysAddress ::= OCTET STRING MacAddress ::= OCTET STRING (SIZE(6)) TruthValue ::= INTEGER { true(1), false(2) } TestAndIncr ::= INTEGER (0..2147483647) AutonomousType ::= OBJECT IDENTIFIER InstancePointer ::= OBJECT IDENTIFIER VariablePointer ::= OBJECT IDENTIFIER RowPointer ::= OBJECT IDENTIFIER RowStatus ::= INTEGER { active(1), notInService(2), notReady(3), createAndGo(4), createAndWait(5), destroy(6) } TimeStamp ::= TimeTicks TimeInterval ::= INTEGER (0..2147483647) DateAndTime ::= OCTET STRING (SIZE(8|11)) StorageType ::= INTEGER { other(1), volatile(2), nonVolatile(3), permanent(4), readOnly(5) } TDomain ::= OBJECT IDENTIFIER TAddress ::= OCTET STRING (SIZE(1..255)) SnmpEngineID ::= OCTET STRING (SIZE(5..32)) SnmpSecurityModel ::= INTEGER (0..2147483647) SnmpMessageProcessingModel ::= INTEGER (0..2147483647) SnmpSecurityLevel ::= INTEGER { noAuthNoPriv(1), authNoPriv(2), authPriv(3) } SnmpAdminString ::= OCTET STRING (SIZE(0..255)) InetAddressType ::= INTEGER { unknown(0), ipv4(1), ipv6(2), ipv4z(3), ipv6z(4), dns(16) } InetAddress ::= OCTET STRING (SIZE(0..255)) InetAddressIPv4 ::= OCTET STRING (SIZE(4)) InetAddressIPv6 ::= OCTET STRING (SIZE(16)) InetAddressIPv4z ::= OCTET STRING (SIZE(8)) InetAddressIPv6z ::= OCTET STRING (SIZE(20)) InetAddressDNS ::= OCTET STRING (SIZE(1..255)) InetAddressPrefixLength ::= OCTET STRING InetPortNumber ::= OCTET STRING InetAutonomousSystemNumber ::= OCTET STRING InetScopeType ::= INTEGER { interfaceLocal(1), linkLocal(2), subnetLocal(3), adminLocal(4), siteLocal(5), organizationLocal(8), global(14) } InetZoneIndex ::= OCTET STRING InetVersion ::= INTEGER { unknown(0), ipv4(1), ipv6(2) } PaeControlledDirections ::= INTEGER { both(0), in(1) } PaeControlledPortStatus ::= INTEGER { authorized(1), unauthorized(2) } PaeControlledPortControl ::= INTEGER { forceUnauthorized(1), auto(2), forceAuthorized(3) } std OBJECT IDENTIFIER ::= { iso 0 } iso8802 OBJECT IDENTIFIER ::= { std 8802 } ieee802dot1 OBJECT IDENTIFIER ::= { iso8802 1 } ieee802dot1mibs OBJECT IDENTIFIER ::= { ieee802dot1 1 } ieee8021paeMIB OBJECT IDENTIFIER ::= { ieee802dot1mibs 1 } paeMIBObjects OBJECT IDENTIFIER ::= { ieee8021paeMIB 1 } dot1xPaeSystem OBJECT IDENTIFIER ::= { paeMIBObjects 1 } dot1xPaePortTable OBJECT IDENTIFIER ::= { dot1xPaeSystem 2 } dot1xPaePortEntry OBJECT IDENTIFIER ::= { dot1xPaePortTable 1 } iso8802 OBJECT IDENTIFIER ::= { std 8802 } dot1xPaePortNumber OBJECT IDENTIFIER ::= { dot1xPaePortEntry 1 } dot1xPaeAuthenticator OBJECT IDENTIFIER ::= { paeMIBObjects 2 } dot1xAuthConfigTable OBJECT IDENTIFIER ::= { dot1xPaeAuthenticator 1 } dot1xAuthConfigEntry OBJECT IDENTIFIER ::= { dot1xAuthConfigTable 1 } dot1xAuthPaeState OBJECT IDENTIFIER ::= { dot1xAuthConfigEntry 1 } OwnerString ::= OCTET STRING (SIZE(0..255)) InterfaceIndex ::= INTEGER (1..2147483647) InterfaceIndexOrZero ::= INTEGER (0..2147483647) VlanIndex ::= INTEGER (0..4095) ManagementDomainIndex ::= INTEGER (1..255) VlanType ::= INTEGER { ethernet(1), fddi(2), tokenRing(3), fddiNet(4), trNet(5), deprecated(6) } VlanTypeExt ::= OCTET STRING { vtpmanageable(0), internal(1), reserved(2), rspan(3), dynamicGvrp(4) } CiscoNetworkProtocol ::= INTEGER { ip(1), decnet(2), pup(3), chaos(4), xns(5), x121(6), appletalk(7), clns(8), lat(9), vines(10), cons(11), apollo(12), stun(13), novell(14), qllc(15), snapshot(16), atmIlmi(17), bstun(18), x25pvc(19), ipv6(20), cdm(21), nbf(22), bpxIgx(23), clnsPfx(24), http(25), unknown(65535) } CiscoNetworkAddress ::= OCTET STRING Unsigned64 ::= OCTET STRING SAPType ::= INTEGER (0..254) CountryCode ::= OCTET STRING (SIZE(0|2)) CountryCodeITU ::= OCTET STRING EntPhysicalIndexOrZero ::= INTEGER (0..2147483647) CiscoRowOperStatus ::= INTEGER { active(1), activeDependencies(2), inactiveDependency(3), missingDependency(4) } CiscoPort ::= INTEGER (0..65535) CiscoIpProtocol ::= INTEGER (0..255) CiscoLocationClass ::= INTEGER { chassis(1), shelf(2), slot(3), subSlot(4), port(5), subPort(6), channel(7), subChannel(8) } CiscoLocationSpecifier ::= OCTET STRING (SIZE(0..255)) CiscoInetAddressMask ::= OCTET STRING CiscoAbsZeroBasedCounter32 ::= Gauge CiscoSnapShotAbsCounter32 ::= OCTET STRING CiscoAlarmSeverity ::= INTEGER { cleared(1), indeterminate(2), critical(3), major(4), minor(5), warning(6), info(7) } PerfHighIntervalCount ::= OCTET STRING ConfigIterator ::= OCTET STRING BulkConfigResult ::= OCTET STRING (SIZE(0..255)) ListIndex ::= INTEGER (1..2147483647) ListIndexOrZero ::= INTEGER (0..2147483647) TimeIntervalSec ::= OCTET STRING TimeIntervalMin ::= OCTET STRING CiscoMilliSeconds ::= OCTET STRING MicroSeconds ::= OCTET STRING CiscoPortList ::= OCTET STRING (SIZE(0..256)) CiscoPortListRange ::= INTEGER { oneto2k(1), twoKto4K(2), fourKto6K(3), sixKto8K(4), eightKto10K(5), tenKto12K(6), twelveKto14K(7), fourteenKto16K(8) } IfOperStatusReason ::= INTEGER { other(1), none(2), hwFailure(3), loopbackDiagFailure(4), errorDisabled(5), swFailure(6), linkFailure(7), offline(8), nonParticipating(9), initializing(10), vsanInactive(11), adminDown(12), channelAdminDown(13), channelOperSuspended(14), channelConfigurationInProgress(15), rcfInProgress(16), elpFailureIsolation(17), escFailureIsolation(18), domainOverlapIsolation(19), domainAddrAssignFailureIsolation(20), domainOtherSideEportIsolation(21), domainInvalidRcfReceived(22), domainManagerDisabled(23), zoneMergeFailureIsolation(24), vsanMismatchIsolation(25), parentDown(26), srcPortNotBound(27), interfaceRemoved(28), fcotNotPresent(29), fcotVendorNotSupported(30), incompatibleAdminMode(31), incompatibleAdminSpeed(32), suspendedByMode(33), suspendedBySpeed(34), suspendedByWWN(35), domainMaxReTxFailure(36), eppFailure(37), portVsanMismatchIsolation(38), loopbackIsolation(39), upgradeInProgress(40), incompatibleAdminRxBbCredit(41), incompatibleAdminRxBufferSize(42), portChannelMembersDown(43), zoneRemoteNoRespIsolation(44), firstPortUpAsEport(45), firstPortNotUp(46), peerFCIPPortClosedConnection(47), peerFCIPPortResetConnection(48), fcipPortMaxReTx(49), fcipPortKeepAliveTimerExpire(50), fcipPortPersistTimerExpire(51), fcipPortSrcLinkDown(52), fcipPortSrcAdminDown(53), fcipPortAdminCfgChange(54), fcipSrcPortRemoved(55), fcipSrcModuleNotOnline(56), invalidConfig(57), portBindFailure(58), portFabricBindFailure(59), noCommonVsanIsolation(60), ficonVsanDown(61), invalidAttachment(62), portBlocked(63), incomAdminRxBbCreditPerBuf(64), tooManyInvalidFlogis(65), deniedDueToPortBinding(66), elpFailureRevMismatch(67), elpFailureClassFParamErr(68), elpFailureClassNParamErr(69), elpFailureUnknownFlowCtlCode(70), elpFailureInvalidFlowCtlParam(71), elpFailureInvalidPortName(72), elpFailureInvalidSwitchName(73), elpFailureRatovEdtovMismatch(74), elpFailureLoopbackDetected(75), elpFailureInvalidTxBbCredit(76), elpFailureInvalidPayloadSize(77), bundleMisCfg(78), bitErrRuntimeThreshExceeded(79), linkFailLinkReset(80), linkFailPortInitFail(81), linkFailPortUnusable(82), linkFailLossOfSignal(83), linkFailLossOfSync(84), linkFailNosRcvd(85), linkFailOlsRcvd(86), linkFailDebounceTimeout(87), linkFailLrRcvd(88), linkFailCreditLoss(89), linkFailRxQOverflow(90), linkFailTooManyInterrupts(91), linkFailLipRcvdBb(92), linkFailBbCreditLoss(93), linkFailOpenPrimSignalTimeout(94), linkFailOpenPrimSignalReturned(95), linkFailLipF8Rcvd(96), linkFailLineCardPortShutdown(97), fcspAuthenfailure(98), fcotChecksumError(99), ohmsExtLoopbackTest(100), invalidFabricBindExchange(101), tovMismatch(102), ficonNotEnabled(103), ficonNoPortNumber(104), ficonBeingEnabled(105), ePortProhibited(106), portGracefulShutdown(107), trunkNotFullyActive(108), fabricBindingSwitchWwnNotFound(109), fabricBindingDomainInvalid(110), fabricBindingDbMismatch(111), fabricBindingNoRspFromPeer(112), dpvmVsanSuspended(113), dpvmVsanNotFound(114), trackedPortDown(115), ecSuspendedOnLoop(116), isolateBundleMisCfg(117), noPeerBundleSupport(118), portBringupIsolation(119), domainNotAllowedIsolated(120), virtualIvrDomainOverlapIsolation(121), outOfService(122), portAuthFailed(123), bundleStandby(124), portConnectorTypeErr(125), errorDisabledReInitLmtReached(126), ficonDupPortNum(127), localRcf(128), twoSwitchesWithSameWWN(129), invalidOtherSidePrincEFPReqRecd(130), domainOther(131) } EntLogicalIndexOrZero ::= INTEGER (0..2147483647) CiscoURLString ::= OCTET STRING (SIZE(1..255)) CiscoHTTPResponseStatusCode ::= OCTET STRING CvE164Address ::= OCTET STRING (SIZE(1..128)) CnnEouPostureToken ::= INTEGER { unknown(1), healthy(2), checkup(3), quarantine(4), infected(5) } CnnEouState ::= INTEGER { initialize(1), hello(2), clientless(3), eapRequest(4), response(5), authenticated(6), fail(7), abort(8) } CnnEouAuthType ::= INTEGER { clientless(1), eap(2), static(3) } CnnEouDeviceType ::= INTEGER { ciscoIpPhone(1) } cisco OBJECT IDENTIFIER ::= { enterprises 9 } ciscoMgmt OBJECT IDENTIFIER ::= { cisco 9 } ReAuthPeriodSource ::= INTEGER { local(1), server(2), auto(3) } ciscoPaeMIB OBJECT IDENTIFIER ::= { ciscoMgmt 220 } cpaeMIBNotification OBJECT IDENTIFIER ::= { ciscoPaeMIB 0 } cpaeMIBObject OBJECT IDENTIFIER ::= { ciscoPaeMIB 1 } cpaeMIBConformance OBJECT IDENTIFIER ::= { ciscoPaeMIB 2 } cpaePortTable OBJECT-TYPE SYNTAX SEQUENCE OF CpaePortEntry ACCESS read-only STATUS mandatory DESCRIPTION "A table of system level information for each port supported by the Port Access Entity. An entry appears in this table for each PAE port of this system. This table contains additional objects for the dot1xPaePortTable." ::= { cpaeMIBObject 1 } cpaePortEntry OBJECT-TYPE SYNTAX CpaePortEntry ACCESS read-only STATUS mandatory DESCRIPTION "An entry containing additional management information applicable to a particular PAE port." ::= { cpaePortTable 1 } cpaePortEntry ::= SEQUENCE { cpaeMultipleHost TruthValue, cpaePortMode INTEGER, cpaeGuestVlanNumber VlanIndex, cpaeInGuestVlan TruthValue, cpaeShutdownTimeoutEnabled TruthValue, cpaePortAuthFailVlan VlanIndex, cpaePortOperVlan VlanIndex, cpaePortOperVlanType INTEGER } cpaeMultipleHost OBJECT-TYPE SYNTAX TruthValue ACCESS read-only STATUS optional DESCRIPTION "Specifies whether the port allows multiple-host connection or not." ::= { cpaePortEntry 1 } cpaePortMode OBJECT-TYPE SYNTAX INTEGER { singleHost(1), multiHost(2), multiAuth(3) } ACCESS read-only STATUS mandatory DESCRIPTION "Specifies the current mode of dot1x operation on the port. singleHost(1): port allows one host to connect and authenticate. multiHost(2) : port allows multiple hosts to connect. Once a host is authenticated, all remaining hosts are also authorized. multiAuth(3) : port allows multiple hosts to connect and each host is authenticated. If the port security feature is enabled on the interface, the configuration of the port security (such as the number of the hosts allowed, the security violation action, etc) will apply to the interface." ::= { cpaePortEntry 2 } cpaeGuestVlanNumber OBJECT-TYPE SYNTAX VlanIndex ACCESS read-only STATUS mandatory DESCRIPTION "Specifies the Guest Vlan of the interface. An interface with cpaePortMode value of 'singleHost' will be moved to its Guest Vlan if the supplicant on the interface is not capable of IEEE-802.1x authentication. A value of zero for this object indicates no Guest Vlan configured for the interface." ::= { cpaePortEntry 3 } cpaeInGuestVlan OBJECT-TYPE SYNTAX TruthValue ACCESS read-only STATUS optional DESCRIPTION "Indicates whether the interface is in its Guest Vlan or not. The object is deprecated in favor of newly added object cpaePortOperVlanType." ::= { cpaePortEntry 4 } cpaeShutdownTimeoutEnabled OBJECT-TYPE SYNTAX TruthValue ACCESS read-only STATUS mandatory DESCRIPTION "Specifies whether shutdown timeout feature is enabled on the interface." ::= { cpaePortEntry 5 } cpaePortAuthFailVlan OBJECT-TYPE SYNTAX VlanIndex ACCESS read-only STATUS mandatory DESCRIPTION "Specifies the Auth-Fail (Authentication Fail) Vlan of the port. A port with cpaePortMode value of 'singleHost' will be moved to its Auth-Fail Vlan if the supplicant supports IEEE-802.1x authentication but is unsuccessfully authenticated. A value of zero for this object indicates no Auth-Fail Vlan configured for the port." ::= { cpaePortEntry 6 } cpaePortOperVlan OBJECT-TYPE SYNTAX VlanIndex ACCESS read-only STATUS mandatory DESCRIPTION "The VlanIndex of the Vlan which is assigned to this port via IEEE-802.1x and related methods of authentication supported by the system. A value of zero for this object indicates that no Vlan is assigned to this port via IEEE-802.1x authentication." ::= { cpaePortEntry 7 } cpaePortOperVlanType OBJECT-TYPE SYNTAX INTEGER { other(1), none(2), guest(3), authFail(4) } ACCESS read-only STATUS mandatory DESCRIPTION "The type of the Vlan which is assigned to this port via IEEE-802.1x and related methods of authentication supported by the system. A value of 'other' for this object indicates type of Vlan assigned to this port; via IEEE-802.1x authentication; is other than the ones specified by listed enumerations for this object. A value of 'none' for this object indicates that there is no Vlan assigned to this port via IEEE-802.1x authentication. For such a case, corresponding value of cpaePortOperVlan object will be zero. A value of 'guest' for this object indicates that Vlan assigned to this port; via IEEE-802.1x authentication; is of type Guest Vlan and specified by the object cpaeGuestVlanNumber for this entry. A value of 'authFail' for this object indicates that Vlan assigned to this port; via IEEE-802.1x authentication; is of type Auth-Fail Vlan and specified by the object cpaeAuthFailVlanNumber for this entry." ::= { cpaePortEntry 8 } cpaeGuestVlanId OBJECT-TYPE SYNTAX VlanIndex ACCESS read-only STATUS optional DESCRIPTION "Specifies the Guest Vlan of the system. An interface with cpaePortMode value of 'singleHost' will be moved to Guest Vlan if the supplicant on the interface is not IEEE-802.1x capable. A value of zero indicates no Guest Vlan configured in the system. If the platform supports per-port guest Vlan ID configuration, this object is not instantiated." ::= { cpaeMIBObject 2 } cpaeShutdownTimeout OBJECT-TYPE SYNTAX INTEGER (0..65535) ACCESS read-only STATUS mandatory DESCRIPTION "Specifies the shutdown timeout interval to enable the interface automatically in case it is shutdown due to security violation. If the value of this object is 0, the interfaces shutdown due to the security violation will not be enabled automatically. The value of this object is applicable to the interface only when cpaeShutdownTimeoutEnabled is 'true', and port security feature is disabled on the interface." ::= { cpaeMIBObject 3 } cpaeRadiusAccountingEnabled OBJECT-TYPE SYNTAX TruthValue ACCESS read-only STATUS mandatory DESCRIPTION "Specifies if RADIUS accounting is enabled for 802.1x on this devices." ::= { cpaeMIBObject 4 } cpaeUserGroupTable OBJECT-TYPE SYNTAX SEQUENCE OF CpaeUserGroupEntry ACCESS read-only STATUS mandatory DESCRIPTION "A table of Group Manager and authenticated users information on the device." ::= { cpaeMIBObject 5 } cpaeUserGroupEntry OBJECT-TYPE SYNTAX CpaeUserGroupEntry ACCESS read-only STATUS mandatory DESCRIPTION "Information about an 802.1x authenticated user on the devices." INDEX { cpaeUserGroupName , cpaeUserGroupUserIndex } ::= { cpaeUserGroupTable 1 } cpaeUserGroupEntry ::= SEQUENCE { cpaeUserGroupName SnmpAdminString, cpaeUserGroupUserIndex Unsigned32, cpaeUserGroupUserName SnmpAdminString, cpaeUserGroupUserAddrType InetAddressType, cpaeUserGroupUserAddr InetAddress, cpaeUserGroupUserInterface InterfaceIndex, cpaeUserGroupUserVlan VlanIndex } cpaeUserGroupName OBJECT-TYPE SYNTAX SnmpAdminString ACCESS read-only STATUS mandatory DESCRIPTION "Specifies the name of the group that the user belongs to." ::= { cpaeUserGroupEntry 1 } cpaeUserGroupUserIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The index of an user within a group." ::= { cpaeUserGroupEntry 2 } cpaeUserGroupUserName OBJECT-TYPE SYNTAX SnmpAdminString ACCESS read-only STATUS mandatory DESCRIPTION "Specifies the name of the user authenticated on a port of the device." ::= { cpaeUserGroupEntry 3 } cpaeUserGroupUserAddrType OBJECT-TYPE SYNTAX InetAddressType ACCESS read-only STATUS mandatory DESCRIPTION "Specifies the type of address used to determine the address of the user." ::= { cpaeUserGroupEntry 4 } cpaeUserGroupUserAddr OBJECT-TYPE SYNTAX InetAddress ACCESS read-only STATUS mandatory DESCRIPTION "Specifies the address of the host that the user logging from." ::= { cpaeUserGroupEntry 5 } cpaeUserGroupUserInterface OBJECT-TYPE SYNTAX InterfaceIndex ACCESS read-only STATUS mandatory DESCRIPTION "Specifies the interface index that the user is authenticated on." ::= { cpaeUserGroupEntry 6 } cpaeUserGroupUserVlan OBJECT-TYPE SYNTAX VlanIndex ACCESS read-only STATUS mandatory DESCRIPTION "Specifies the vlan that the user belongs to." ::= { cpaeUserGroupEntry 7 } cpaeAuthFailUserTable OBJECT-TYPE SYNTAX SEQUENCE OF CpaeAuthFailUserEntry ACCESS read-only STATUS mandatory DESCRIPTION "A table to list user information for each port on the system supported by the Port Access Entity and assigned to Auth-Fail Vlan." ::= { cpaeMIBObject 6 } cpaeAuthFailUserEntry OBJECT-TYPE SYNTAX CpaeAuthFailUserEntry ACCESS read-only STATUS mandatory DESCRIPTION "An entry appears in this table for each PAE port on the system which is assigned to Vlan of type 'authFail' via via IEEE-802.1x authentication." INDEX { dot1xPaePortNumber } ::= { cpaeAuthFailUserTable 1 } cpaeAuthFailUserEntry ::= SEQUENCE { cpaeAuthFailUserName SnmpAdminString } cpaeAuthFailUserName OBJECT-TYPE SYNTAX SnmpAdminString ACCESS read-only STATUS mandatory DESCRIPTION "Indicates the name of the user who failed IEEE-802.1x authentication and hence now assigned to Auth-Fail Vlan. The Auth-Fail Vlan to which the user belongs is determined by the value of object cpaePortAuthFailVlan for this port." ::= { cpaeAuthFailUserEntry 1 } cpaeNotificationControl OBJECT IDENTIFIER ::= { cpaeMIBObject 7 } cpaeNoGuestVlanNotifEnable OBJECT-TYPE SYNTAX TruthValue ACCESS read-only STATUS mandatory DESCRIPTION "This variable indicates whether the system produces the cpaeNoGuestVlanNotif. A 'false' value will prevent cpaeNoGuestVlanNotif from being generated by this system." ::= { cpaeNotificationControl 1 } cpaeNoAuthFailVlanNotifEnable OBJECT-TYPE SYNTAX TruthValue ACCESS read-only STATUS mandatory DESCRIPTION "This variable indicates whether the system produces the cpaeNoAuthFailVlanNotif. A 'false' value will prevent cpaeNoAuthFailVlanNotif from being generated by this system." ::= { cpaeNotificationControl 2 } cpaeMacAuthBypass OBJECT IDENTIFIER ::= { cpaeMIBObject 8 } cpaeMacAuthBypassReAuthTimeout OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Specifies the waiting time before reauthentication is triggered on all MAC Auth-bypass authenticated ports." ::= { cpaeMacAuthBypass 1 } cpaeMacAuthBypassReAuthEnabled OBJECT-TYPE SYNTAX TruthValue ACCESS read-only STATUS mandatory DESCRIPTION "The reauthentication control for all MAC Auth-bypass ports. Setting this object to 'true' causes every MAC Auth-Bypass authenticated port to reauthenticate the device connecting to the port, after every period of time specified by the object cpaeMacAuthBypassReAuthTimeout. Setting this object to 'false' will disable the MAC Auth-Bypass global reauthentication." ::= { cpaeMacAuthBypass 2 } cpaeMacAuthBypassViolation OBJECT-TYPE SYNTAX INTEGER { restrict(1), shutdown(2) } ACCESS read-only STATUS mandatory DESCRIPTION "Specifies the action upon reception of a security violation event. restrict(1): Packets from MAC address of the device causing security violation will be dropped. shutdown(2): The port that causes security violation will be shutdown." ::= { cpaeMacAuthBypass 3 } cpaeMacAuthBypassShutdownTimeout OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Specifies time before a port is auto-enabled after being shutdown due to a MAC Auth-bypass security violation." ::= { cpaeMacAuthBypass 4 } cpaeMacAuthBypassAuthFailTimeout OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Specifies the time a MAC Auth-bypass unauthenticated port waits before trying the authentication process again." ::= { cpaeMacAuthBypass 5 } cpaeMacAuthBypassPortTable OBJECT-TYPE SYNTAX SEQUENCE OF CpaeMacAuthBypassPortEntry ACCESS read-only STATUS mandatory DESCRIPTION "A table of MAC Authentication Bypass (MAC Auth-Bypass) configuration and information for ports in the device." ::= { cpaeMacAuthBypass 6 } cpaeMacAuthBypassPortEntry OBJECT-TYPE SYNTAX CpaeMacAuthBypassPortEntry ACCESS read-only STATUS mandatory DESCRIPTION "An entry containing management information for MAC Auth-Bypass feature on a port." INDEX { dot1xPaePortNumber } ::= { cpaeMacAuthBypassPortTable 1 } cpaeMacAuthBypassPortEntry ::= SEQUENCE { cpaeMacAuthBypassPortEnabled TruthValue, cpaeMacAuthBypassPortInitialize TruthValue, cpaeMacAuthBypassPortReAuth TruthValue, cpaeMacAuthBypassPortMacAddress MacAddress, cpaeMacAuthBypassPortAuthState INTEGER } cpaeMacAuthBypassPortEnabled OBJECT-TYPE SYNTAX TruthValue ACCESS read-only STATUS mandatory DESCRIPTION "Specifies whether MAC Auth-Bypass is enabled on the port." ::= { cpaeMacAuthBypassPortEntry 1 } cpaeMacAuthBypassPortInitialize OBJECT-TYPE SYNTAX TruthValue ACCESS read-only STATUS mandatory DESCRIPTION "The initialization control for this port. Setting this object to 'true' causes the MAC Auth-bypass state machine to be initialized on the port. Setting this object to 'false' has no effect. This object always returns 'false' when it is read." ::= { cpaeMacAuthBypassPortEntry 2 } cpaeMacAuthBypassPortReAuth OBJECT-TYPE SYNTAX TruthValue ACCESS read-only STATUS mandatory DESCRIPTION "The reauthentication control for this port. Setting this object to 'true' causes the MAC address of the device connecting to the port to be reauthenticated. Setting this object to 'false' has no effect. This object always returns 'false' when it is read." ::= { cpaeMacAuthBypassPortEntry 3 } cpaeMacAuthBypassPortMacAddress OBJECT-TYPE SYNTAX MacAddress ACCESS read-only STATUS mandatory DESCRIPTION "Indicates the MAC address of the device connecting to the port." ::= { cpaeMacAuthBypassPortEntry 4 } cpaeMacAuthBypassPortAuthState OBJECT-TYPE SYNTAX INTEGER { other(1), waiting(2), authenticating(3), authenticated(4), fail(5), finished(6) } ACCESS read-only STATUS mandatory DESCRIPTION "Indicates the current state of the MAC Auth-Bypass state machine. other(1) : An unknown state. waiting(2) : Waiting to receive the MAC address that needs to be authenticated. authenticating(3): In authentication process. authenticated(4) : MAC address of the device connecting to the port is authenticated. fail(5) : MAC Auth-bypass authentication failed. Port waits for a period of time before moving to the 'waiting' state, if there is no other authentication features available in the system. finished(6) : MAC Auth-bypass authentication failed. Port is authenticated by another authentication feature." ::= { cpaeMacAuthBypassPortEntry 5 } cpaeMacAuthBypassAcctEnable OBJECT-TYPE SYNTAX TruthValue ACCESS read-only STATUS mandatory DESCRIPTION "Specifies if accounting is enabled for Mac Authentication Bypass feature on this device." ::= { cpaeMacAuthBypass 7 } cpaeWebAuth OBJECT IDENTIFIER ::= { cpaeMIBObject 9 } cpaeWebAuthEnabled OBJECT-TYPE SYNTAX TruthValue ACCESS read-only STATUS mandatory DESCRIPTION "Specifies whether Web Proxy Authentication is enabled in the system." ::= { cpaeWebAuth 1 } cpaeWebAuthSessionPeriod OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Specifies the Web Proxy Authentication session period for the system. Session period is the time after which an Web Proxy Authenticated session is terminated." ::= { cpaeWebAuth 2 } cpaeWebAuthLoginPage OBJECT-TYPE SYNTAX CiscoURLString ACCESS read-only STATUS mandatory DESCRIPTION "Specifies the customized login page for Web Proxy Authentication, in the format of an URL. A customized login page is required to support the same input fields as the default login page for users to input credentials. If this object contains a zero length string, the default login page will be used." ::= { cpaeWebAuth 3 } cpaeWebAuthLoginFailedPage OBJECT-TYPE SYNTAX CiscoURLString ACCESS read-only STATUS mandatory DESCRIPTION "Specifies the customized login-failed page for Web Proxy Authentication, in the format of an URL. Login-failed page is sent back to the client upon an authentication failure. A login-failed page requires to have all the input fields of the login page, in addition to the authentication failure information. If this object contains a zero length string, the default login-failed page will be used." ::= { cpaeWebAuth 4 } cpaeWebAuthQuietPeriod OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Specifies the time a Web Proxy Authentication state machine will be held in 'blackListed' state after maximum authentication attempts." ::= { cpaeWebAuth 5 } cpaeWebAuthMaxRetries OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Specifies the maximum number of unsuccessful login attempts a user is allowed to make." ::= { cpaeWebAuth 6 } cpaeWebAuthPortTable OBJECT-TYPE SYNTAX SEQUENCE OF CpaeWebAuthPortEntry ACCESS read-only STATUS mandatory DESCRIPTION "A table of Web Proxy Authentication configuration and information for the feature capable ports in the device." ::= { cpaeWebAuth 7 } cpaeWebAuthPortEntry OBJECT-TYPE SYNTAX CpaeWebAuthPortEntry ACCESS read-only STATUS mandatory DESCRIPTION "An entry containing management information for Web Proxy Authentication feature on a port." INDEX { dot1xPaePortNumber } ::= { cpaeWebAuthPortTable 1 } cpaeWebAuthPortEntry ::= SEQUENCE { cpaeWebAuthPortEnabled TruthValue, cpaeWebAuthPortInitialize TruthValue } cpaeWebAuthPortEnabled OBJECT-TYPE SYNTAX TruthValue ACCESS read-only STATUS mandatory DESCRIPTION "Specifies whether Web Proxy Authentication is enabled on the port." ::= { cpaeWebAuthPortEntry 1 } cpaeWebAuthPortInitialize OBJECT-TYPE SYNTAX TruthValue ACCESS read-only STATUS mandatory DESCRIPTION "The initialization control for this port. Setting this object to 'true' causes Web Proxy Authentication state machine to be initialized for all the hosts connecting to the port. Setting this object to 'false' has no effect. This object always returns 'false' when it is read." ::= { cpaeWebAuthPortEntry 2 } cpaeWebAuthHostTable OBJECT-TYPE SYNTAX SEQUENCE OF CpaeWebAuthHostEntry ACCESS read-only STATUS mandatory DESCRIPTION "A table of Web Proxy Authentication information for hosts currently managed by the feature. An entry is added to the table when a host is detected and Web Proxy Authentication state machine is initiated for the host." ::= { cpaeWebAuth 8 } cpaeWebAuthHostEntry OBJECT-TYPE SYNTAX CpaeWebAuthHostEntry ACCESS read-only STATUS mandatory DESCRIPTION "An entry containing management information for Web Proxy Authentication feature on a host." INDEX { dot1xPaePortNumber , cpaeWebAuthHostAddrType, cpaeWebAuthHostAddress } ::= { cpaeWebAuthHostTable 1 } cpaeWebAuthHostEntry ::= SEQUENCE { cpaeWebAuthHostAddrType InetAddressType, cpaeWebAuthHostAddress InetAddress, cpaeWebAuthAaaSessionPeriod Unsigned32, cpaeWebAuthHostSessionTimeLeft Unsigned32, cpaeWebAuthHostState INTEGER, cpaeWebAuthHostInitialize TruthValue } cpaeWebAuthHostAddrType OBJECT-TYPE SYNTAX InetAddressType ACCESS read-only STATUS mandatory DESCRIPTION "Indicates the Internet address type for the host." ::= { cpaeWebAuthHostEntry 1 } cpaeWebAuthHostAddress OBJECT-TYPE SYNTAX InetAddress ACCESS read-only STATUS mandatory DESCRIPTION "Indicates the Internet address for the host. The type of this address is determined by the value of cpaeWebAuthHostAddrType." ::= { cpaeWebAuthHostEntry 2 } cpaeWebAuthAaaSessionPeriod OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Indicates the session period for a Web Proxy Authenticated session on this host, supplied by the AAA server. If value of this object is none zero, it will take precedence over the period specified by cpaeWebAuthPortSessionPeriod." ::= { cpaeWebAuthHostEntry 3 } cpaeWebAuthHostSessionTimeLeft OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Indicates the leftover time of the current Web Proxy Authenticated session for this host." ::= { cpaeWebAuthHostEntry 4 } cpaeWebAuthHostState OBJECT-TYPE SYNTAX INTEGER { initialize(1), connecting(2), authenticating(3), authenticated(4), authFailed(5), parseError(6), sessionTimeout(7), blackListed(8) } ACCESS read-only STATUS mandatory DESCRIPTION "Indicates the current state of the Web Proxy Authentication state machine. initialize : Initial state of the Web Proxy Authentication state machine. connecting : Login page is sent to the client, waiting for response from the client. authenticating: Credentials are extracted from client's response and authenticating with the AAA server. authenticated : Web Proxy Authentication succeeded. Session timer is started, policies are applied, and success page is sent back to client. authFailed : Web Proxy Authentication failed. Login page is resent with authentication failured information embedded, if retry count has not exceeded the maximum number of retry attempts. Otherwise, move to 'blackListed' state. parseError : Failed to extract user's credentials from the client's response. sessionTimeout: Session timer expired, user's policies are removed, state machine will moves to 'intialize' state after that. blackListed : Web Proxy Authentication retry count has exceeded the maximum number of retry attempts. Only setting the state machine to 'initialize' will take it out of this state." ::= { cpaeWebAuthHostEntry 5 } cpaeWebAuthHostInitialize OBJECT-TYPE SYNTAX TruthValue ACCESS read-only STATUS mandatory DESCRIPTION "The initialization control for this host. Setting this object to 'true' causes Web Proxy Authentication state machine to be initialized for the host. Setting this object to 'false' has no effect. This object always returns 'false' when it is read." ::= { cpaeWebAuthHostEntry 6 } cpaeAuthConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF CpaeAuthConfigEntry ACCESS read-only STATUS mandatory DESCRIPTION "A table containing the configuration objects for the Authenticator PAE associated with each port. An entry appears in this table for each PAE port that may authenticate access to itself. This table contain additional objects for the dot1xAuthConfigTable." ::= { cpaeMIBObject 10 } cpaeAuthConfigEntry OBJECT-TYPE SYNTAX CpaeAuthConfigEntry ACCESS read-only STATUS mandatory DESCRIPTION "An entry containing additional management information applicable to a particular Authenticator PAE." ::= { cpaeAuthConfigTable 1 } cpaeAuthConfigEntry ::= SEQUENCE { cpaeAuthReAuthPeriodSrcAdmin ReAuthPeriodSource, cpaeAuthReAuthPeriodSrcOper ReAuthPeriodSource, cpaeAuthReAuthPeriodOper Unsigned32, cpaeAuthTimeToNextReAuth Unsigned32, cpaeAuthReAuthAction INTEGER, cpaeAuthReAuthMax Unsigned32, cpaeAuthIabEnabled TruthValue } cpaeAuthReAuthPeriodSrcAdmin OBJECT-TYPE SYNTAX INTEGER { local(1), server(2), auto(3) } ACCESS read-only STATUS mandatory DESCRIPTION "Specifies the source of the reAuthPeriod constant to be used by the Reauthentication Timer state machine." ::= { cpaeAuthConfigEntry 1 } cpaeAuthReAuthPeriodSrcOper OBJECT-TYPE SYNTAX INTEGER { local(1), server(2), auto(3) } ACCESS read-only STATUS mandatory DESCRIPTION "Indicates the source of the reAuthPeriod constant currently in use by the Reauthentication Timer state machine." ::= { cpaeAuthConfigEntry 2 } cpaeAuthReAuthPeriodOper OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Indicates the operational reauthentication period for this port." ::= { cpaeAuthConfigEntry 3 } cpaeAuthTimeToNextReAuth OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Indicates the leftover time of the current session for this port." ::= { cpaeAuthConfigEntry 4 } cpaeAuthReAuthAction OBJECT-TYPE SYNTAX INTEGER { terminate(1), reAuth(2), noReAuth(3) } ACCESS read-only STATUS mandatory DESCRIPTION "Indicates the reauthentication action for this port. terminate: Session will be terminated, with the corresponding Authenticator PAE state machine transits to 'disconnected'. reAuth : The port will be reauthenticated. noReAuth : The port will not be reauthenticated." ::= { cpaeAuthConfigEntry 5 } cpaeAuthReAuthMax OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The value of the reAuthMax constant currently in use by the Authenticator PAE state machine." ::= { cpaeAuthConfigEntry 6 } cpaeAuthIabEnabled OBJECT-TYPE SYNTAX TruthValue ACCESS read-only STATUS mandatory DESCRIPTION "Specifies whether the PAE port is declared as Inaccessible Authentication Bypass (IAB). IAB ports will be granted network access via the administrative configured VLAN if it failed to connect to the Authentication server. The only way to bring an IAB port back to the Backend Authentication state machine is through setting dot1xPaePortInitialize in the corresponding entry in dot1xPaePortTable to 'true'. 802.1x reauthentication will be temporary disabled on an authenticated IAB port if the connection to the Authentication server is broken, and enable again when the connection is resumed." ::= { cpaeAuthConfigEntry 7 } cpaeHostInfoTable OBJECT-TYPE SYNTAX SEQUENCE OF CpaeHostInfoEntry ACCESS read-only STATUS mandatory DESCRIPTION "A table containing 802.1x authentication information for hosts connecting to PAE ports in the system." ::= { cpaeMIBObject 11 } cpaeHostInfoEntry OBJECT-TYPE SYNTAX CpaeHostInfoEntry ACCESS read-only STATUS mandatory DESCRIPTION "An entry appears in the table for each 802.1x capable host connecting to an PAE port, providing its authentication information." INDEX { dot1xPaePortNumber , cpaeHostInfoHostIndex } ::= { cpaeHostInfoTable 1 } cpaeHostInfoEntry ::= SEQUENCE { cpaeHostInfoHostIndex Unsigned32, cpaeHostInfoMacAddress MacAddress, cpaeHostInfoPostureToken CnnEouPostureToken } cpaeHostInfoHostIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "An arbitrary index assigned by the agent to identify the host." ::= { cpaeHostInfoEntry 1 } cpaeHostInfoMacAddress OBJECT-TYPE SYNTAX MacAddress ACCESS read-only STATUS mandatory DESCRIPTION "Indicates the Mac Address of the host." ::= { cpaeHostInfoEntry 2 } cpaeHostInfoPostureToken OBJECT-TYPE SYNTAX CnnEouPostureToken ACCESS read-only STATUS mandatory DESCRIPTION "Indicates the posture token assigned to the host." ::= { cpaeHostInfoEntry 3 } cpaeMIBCompliances OBJECT IDENTIFIER ::= { cpaeMIBConformance 1 } cpaeMIBGroups OBJECT IDENTIFIER ::= { cpaeMIBConformance 2 } cpaeMultipleHostGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 1 } cpaePortEntryGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 2 } cpaeGuestVlanGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 3 } cpaeGuestVlanGroup2 OBJECT IDENTIFIER ::= { cpaeMIBGroups 4 } cpaeShutdownTimeoutGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 5 } cpaeRadiusConfigGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 6 } cpaeUserGroupGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 7 } cpaeGuestVlanGroup3 OBJECT IDENTIFIER ::= { cpaeMIBGroups 8 } cpaePortOperVlanGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 9 } cpaePortAuthFailVlanGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 10 } cpaeNoGuestVlanNotifEnableGrp OBJECT IDENTIFIER ::= { cpaeMIBGroups 11 } cpaeNoAuthFailVlanNotifEnableGrp OBJECT IDENTIFIER ::= { cpaeMIBGroups 12 } cpaeNoGuestVlanNotifGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 13 } cpaeNoAuthFailVlanNotifGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 14 } cpaeMacAuthBypassGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 15 } cpaeWebAuthGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 16 } cpaeAuthConfigGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 17 } cpaeHostInfoGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 18 } cpaeNoGuestVlanNotif TRAP-TYPE ENTERPRISE ciscoPaeMIB VARIABLES { dot1xAuthPaeState } DESCRIPTION "A cpaeNoGuestVlanNotif is sent if a non-802.1x supplicant is detected on a PAE port for which the value of corresponding instance of dot1xAuthAuthControlledPortControl is 'auto' and the value of corresponding instance of cpaeGuestVlanNumber is zero." ::= 1 cpaeNoAuthFailVlanNotif TRAP-TYPE ENTERPRISE ciscoPaeMIB VARIABLES { dot1xAuthPaeState } DESCRIPTION "A cpaeNoAuthFailVlanNotif is sent if a 802.1x supplicant fails to authenticate on a PAE port for which the value of corresponding instance of dot1xAuthAuthControlledPortControl is 'auto' and the value of corresponding instance of cpaePortAuthFailVlan is zero." ::= 2 END