mirror of
https://github.com/hsnodgrass/snmp_mib_archive.git
synced 2025-04-18 16:32:45 +00:00
1540 lines
56 KiB
Plaintext
Executable File
1540 lines
56 KiB
Plaintext
Executable File
-- *****************************************************************
|
|
-- CISCO-PAE-MIB: CISCO private MIB for IEEE 802.1x
|
|
--
|
|
-- September 2001, Binh P Le
|
|
--
|
|
-- Copyright (c) 2001, 2002, 2003, 2004, 2005 by cisco Systems, Inc.
|
|
-- All rights reserved.
|
|
-- *****************************************************************
|
|
|
|
CISCO-PAE-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
OBJECT-TYPE,
|
|
MODULE-IDENTITY,
|
|
NOTIFICATION-TYPE,
|
|
Unsigned32
|
|
FROM SNMPv2-SMI
|
|
TruthValue, MacAddress,
|
|
TEXTUAL-CONVENTION
|
|
FROM SNMPv2-TC
|
|
OBJECT-GROUP,
|
|
MODULE-COMPLIANCE,
|
|
NOTIFICATION-GROUP
|
|
FROM SNMPv2-CONF
|
|
SnmpAdminString
|
|
FROM SNMP-FRAMEWORK-MIB
|
|
InetAddress,
|
|
InetAddressType
|
|
FROM INET-ADDRESS-MIB
|
|
dot1xPaePortEntry,
|
|
dot1xPaePortNumber,
|
|
dot1xAuthPaeState,
|
|
dot1xAuthConfigEntry
|
|
FROM IEEE8021-PAE-MIB
|
|
InterfaceIndex
|
|
FROM IF-MIB
|
|
VlanIndex
|
|
FROM CISCO-VTP-MIB
|
|
CiscoURLString
|
|
FROM CISCO-TC
|
|
CnnEouPostureToken
|
|
FROM CISCO-NAC-NAD-MIB
|
|
ciscoMgmt
|
|
FROM CISCO-SMI;
|
|
|
|
ciscoPaeMIB MODULE-IDENTITY
|
|
LAST-UPDATED "200509220000Z"
|
|
ORGANIZATION "Cisco System, Inc."
|
|
CONTACT-INFO
|
|
" Cisco Systems
|
|
Customer Service
|
|
|
|
Postal: 170 W Tasman Drive
|
|
San Jose, CA 95134
|
|
USA
|
|
|
|
Tel: +1 800 553-NETS
|
|
|
|
E-mail: cs-lan-switch-snmp@cisco.com"
|
|
DESCRIPTION
|
|
"Cisco Port Access Entity (PAE) module for managing
|
|
IEEE Std 802.1x.
|
|
|
|
This MIB provides Port Access Entity information
|
|
that are either excluded by IEEE8021-PAE-MIB or
|
|
specific to Cisco products."
|
|
|
|
REVISION "200509220000Z"
|
|
DESCRIPTION
|
|
"Added cpaeGuestVlanGroup3, cpaePortAuthFailVlanGroup,
|
|
cpaePortOperVlanGroup, cpaeNoGuestVlanNotifEnableGrp,
|
|
cpaeNoAuthFailVlanNotifEnableGrp,
|
|
cpaeNoGuestVlanNotifGroup,
|
|
cpaeNoAuthFailVlanNotifGroup, cpaeMacAuthBypassGroup,
|
|
cpaeWebAuthGroup, cpaeAuthConfigGroup and
|
|
cpaeHostInfoGroup.
|
|
|
|
Deprecated cpaeInGuestVlan, cpaeGuestVlanGroup2."
|
|
|
|
REVISION "200404230000Z"
|
|
DESCRIPTION
|
|
"Modified the DESCRIPTION clauses of cpaeGuestVlanNumber
|
|
and cpaeGuestVlanId."
|
|
|
|
REVISION "200404010000Z"
|
|
DESCRIPTION
|
|
"Added cpaeUserGroupGroup and cpaeRadiusConfigGroup."
|
|
|
|
REVISION "200304080000Z"
|
|
DESCRIPTION
|
|
"Added cpaeGuestVlanGroup2 and cpaeShutdownTimeoutGroup.
|
|
Deprecated cpaeGuestVlanGroup."
|
|
|
|
REVISION "200210160000Z"
|
|
DESCRIPTION
|
|
"Added cpaePortEntryGroup and cpaeGuestVlanGroup.
|
|
Deprecated cpaeMultipleHostGroup."
|
|
|
|
REVISION "200105241016Z"
|
|
DESCRIPTION
|
|
"Initial version of this MIB module."
|
|
|
|
::= { ciscoMgmt 220 }
|
|
|
|
cpaeMIBNotification OBJECT IDENTIFIER ::= { ciscoPaeMIB 0 }
|
|
cpaeMIBObject OBJECT IDENTIFIER ::= { ciscoPaeMIB 1 }
|
|
cpaeMIBConformance OBJECT IDENTIFIER ::= { ciscoPaeMIB 2 }
|
|
|
|
|
|
--- Textual Conventions
|
|
|
|
ReAuthPeriodSource ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source of the reAuthPeriod constant, used by the
|
|
802.1x Reauthentication Timer state machine.
|
|
|
|
local : local configured reauthentication period
|
|
specified by the object dot1xAuthReAuthPeriod
|
|
will be used.
|
|
|
|
server: the reauthentication period will be received
|
|
from the Authentication server.
|
|
|
|
auto : source of reauthentication period will be
|
|
decided by the system."
|
|
SYNTAX INTEGER {
|
|
local(1),
|
|
server(2),
|
|
auto(3)
|
|
}
|
|
|
|
|
|
cpaePortTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaePortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of system level information for each port
|
|
supported by the Port Access Entity. An entry
|
|
appears in this table for each PAE port of this system.
|
|
This table contains additional objects for the
|
|
dot1xPaePortTable."
|
|
REFERENCE
|
|
"IEEE 802.1x Subclause 9.6.1"
|
|
::= { cpaeMIBObject 1 }
|
|
|
|
cpaePortEntry OBJECT-TYPE
|
|
SYNTAX CpaePortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing additional management information
|
|
applicable to a particular PAE port."
|
|
AUGMENTS { dot1xPaePortEntry }
|
|
::= { cpaePortTable 1 }
|
|
|
|
CpaePortEntry ::= SEQUENCE {
|
|
cpaeMultipleHost TruthValue,
|
|
cpaePortMode INTEGER,
|
|
cpaeGuestVlanNumber VlanIndex,
|
|
cpaeInGuestVlan TruthValue,
|
|
cpaeShutdownTimeoutEnabled TruthValue,
|
|
cpaePortAuthFailVlan VlanIndex,
|
|
cpaePortOperVlan VlanIndex,
|
|
cpaePortOperVlanType INTEGER
|
|
}
|
|
|
|
cpaeMultipleHost OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"Specifies whether the port allows multiple-host
|
|
connection or not."
|
|
::= { cpaePortEntry 1 }
|
|
|
|
cpaePortMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
singleHost(1),
|
|
multiHost(2),
|
|
multiAuth(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the current mode of dot1x operation on
|
|
the port.
|
|
singleHost(1): port allows one host to connect
|
|
and authenticate.
|
|
multiHost(2) : port allows multiple hosts to
|
|
connect. Once a host is
|
|
authenticated, all remaining hosts
|
|
are also authorized.
|
|
multiAuth(3) : port allows multiple hosts to
|
|
connect and each host is
|
|
authenticated.
|
|
|
|
If the port security feature is enabled on the
|
|
interface, the configuration of the port security
|
|
(such as the number of the hosts allowed, the security
|
|
violation action, etc) will apply to the interface."
|
|
::= { cpaePortEntry 2 }
|
|
|
|
cpaeGuestVlanNumber OBJECT-TYPE
|
|
SYNTAX VlanIndex
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the Guest Vlan of the interface.
|
|
An interface with cpaePortMode value of 'singleHost'
|
|
will be moved to its Guest Vlan if the supplicant on
|
|
the interface is not capable of IEEE-802.1x
|
|
authentication.
|
|
|
|
A value of zero for this object indicates no Guest
|
|
Vlan configured for the interface."
|
|
::= { cpaePortEntry 3 }
|
|
|
|
cpaeInGuestVlan OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"Indicates whether the interface is in its Guest Vlan
|
|
or not.
|
|
|
|
The object is deprecated in favor of newly added
|
|
object cpaePortOperVlanType."
|
|
::= { cpaePortEntry 4 }
|
|
|
|
cpaeShutdownTimeoutEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies whether shutdown timeout feature is enabled
|
|
on the interface."
|
|
::= { cpaePortEntry 5 }
|
|
|
|
cpaePortAuthFailVlan OBJECT-TYPE
|
|
SYNTAX VlanIndex
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the Auth-Fail (Authentication Fail) Vlan of
|
|
the port. A port with cpaePortMode value of
|
|
'singleHost' will be moved to its Auth-Fail Vlan if
|
|
the supplicant supports IEEE-802.1x authentication
|
|
but is unsuccessfully authenticated.
|
|
|
|
A value of zero for this object indicates no Auth-Fail
|
|
Vlan configured for the port."
|
|
::= { cpaePortEntry 6 }
|
|
|
|
cpaePortOperVlan OBJECT-TYPE
|
|
SYNTAX VlanIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The VlanIndex of the Vlan which is assigned to this
|
|
port via IEEE-802.1x and related methods of
|
|
authentication supported by the system.
|
|
|
|
A value of zero for this object indicates that no
|
|
Vlan is assigned to this port via IEEE-802.1x
|
|
authentication."
|
|
::= { cpaePortEntry 7 }
|
|
|
|
cpaePortOperVlanType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
none(2),
|
|
guest(3),
|
|
authFail(4)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of the Vlan which is assigned to this port
|
|
via IEEE-802.1x and related methods of authentication
|
|
supported by the system.
|
|
|
|
A value of 'other' for this object indicates type of
|
|
Vlan assigned to this port; via IEEE-802.1x
|
|
authentication; is other than the ones specified by
|
|
listed enumerations for this object.
|
|
|
|
A value of 'none' for this object indicates that there
|
|
is no Vlan assigned to this port via IEEE-802.1x
|
|
authentication. For such a case, corresponding value
|
|
of cpaePortOperVlan object will be zero.
|
|
|
|
A value of 'guest' for this object indicates that Vlan
|
|
assigned to this port; via IEEE-802.1x authentication;
|
|
is of type Guest Vlan and specified by the object
|
|
cpaeGuestVlanNumber for this entry.
|
|
|
|
A value of 'authFail' for this object indicates that
|
|
Vlan assigned to this port; via IEEE-802.1x
|
|
authentication; is of type Auth-Fail Vlan and
|
|
specified by the object cpaeAuthFailVlanNumber for
|
|
this entry."
|
|
::= { cpaePortEntry 8 }
|
|
|
|
|
|
cpaeGuestVlanId OBJECT-TYPE
|
|
SYNTAX VlanIndex
|
|
MAX-ACCESS read-write
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"Specifies the Guest Vlan of the system.
|
|
An interface with cpaePortMode value of 'singleHost'
|
|
will be moved to Guest Vlan if the supplicant on the
|
|
interface is not IEEE-802.1x capable.
|
|
|
|
A value of zero indicates no Guest Vlan configured in
|
|
the system.
|
|
|
|
If the platform supports per-port guest Vlan ID
|
|
configuration, this object is not instantiated."
|
|
::= { cpaeMIBObject 2 }
|
|
|
|
cpaeShutdownTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..65535)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the shutdown timeout interval to enable the
|
|
interface automatically in case it is shutdown due to
|
|
security violation.
|
|
|
|
If the value of this object is 0, the interfaces
|
|
shutdown due to the security violation will not be
|
|
enabled automatically.
|
|
|
|
The value of this object is applicable to the
|
|
interface only when cpaeShutdownTimeoutEnabled is
|
|
'true', and port security feature is disabled on the
|
|
interface."
|
|
::= { cpaeMIBObject 3 }
|
|
|
|
cpaeRadiusAccountingEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if RADIUS accounting is enabled for 802.1x
|
|
on this devices."
|
|
::= { cpaeMIBObject 4 }
|
|
|
|
cpaeUserGroupTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaeUserGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of Group Manager and authenticated users
|
|
information on the device."
|
|
::= { cpaeMIBObject 5 }
|
|
|
|
cpaeUserGroupEntry OBJECT-TYPE
|
|
SYNTAX CpaeUserGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Information about an 802.1x authenticated user on the
|
|
devices."
|
|
INDEX { cpaeUserGroupName, cpaeUserGroupUserIndex }
|
|
::= { cpaeUserGroupTable 1 }
|
|
|
|
CpaeUserGroupEntry ::= SEQUENCE {
|
|
cpaeUserGroupName SnmpAdminString,
|
|
cpaeUserGroupUserIndex Unsigned32,
|
|
cpaeUserGroupUserName SnmpAdminString,
|
|
cpaeUserGroupUserAddrType InetAddressType,
|
|
cpaeUserGroupUserAddr InetAddress,
|
|
cpaeUserGroupUserInterface InterfaceIndex,
|
|
cpaeUserGroupUserVlan VlanIndex
|
|
}
|
|
|
|
cpaeUserGroupName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (1..100))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the name of the group that the user
|
|
belongs to."
|
|
::= { cpaeUserGroupEntry 1 }
|
|
|
|
cpaeUserGroupUserIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of an user within a group."
|
|
::= { cpaeUserGroupEntry 2 }
|
|
|
|
cpaeUserGroupUserName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the name of the user authenticated on a
|
|
port of the device."
|
|
::= { cpaeUserGroupEntry 3 }
|
|
|
|
cpaeUserGroupUserAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the type of address used to determine
|
|
the address of the user."
|
|
::= { cpaeUserGroupEntry 4 }
|
|
|
|
cpaeUserGroupUserAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the address of the host that the user
|
|
logging from."
|
|
::= { cpaeUserGroupEntry 5 }
|
|
|
|
cpaeUserGroupUserInterface OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the interface index that the user is
|
|
authenticated on."
|
|
::= { cpaeUserGroupEntry 6 }
|
|
|
|
cpaeUserGroupUserVlan OBJECT-TYPE
|
|
SYNTAX VlanIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the vlan that the user belongs to."
|
|
::= { cpaeUserGroupEntry 7 }
|
|
|
|
cpaeAuthFailUserTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaeAuthFailUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table to list user information for each port on
|
|
the system supported by the Port Access Entity and
|
|
assigned to Auth-Fail Vlan."
|
|
::= { cpaeMIBObject 6 }
|
|
|
|
cpaeAuthFailUserEntry OBJECT-TYPE
|
|
SYNTAX CpaeAuthFailUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry appears in this table for each PAE port on
|
|
the system which is assigned to Vlan of type
|
|
'authFail' via via IEEE-802.1x authentication."
|
|
INDEX { dot1xPaePortNumber }
|
|
::= { cpaeAuthFailUserTable 1 }
|
|
|
|
CpaeAuthFailUserEntry ::= SEQUENCE {
|
|
cpaeAuthFailUserName SnmpAdminString
|
|
}
|
|
|
|
cpaeAuthFailUserName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the name of the user who failed IEEE-802.1x
|
|
authentication and hence now assigned to Auth-Fail
|
|
Vlan.
|
|
|
|
The Auth-Fail Vlan to which the user belongs is
|
|
determined by the value of object cpaePortAuthFailVlan
|
|
for this port."
|
|
::= { cpaeAuthFailUserEntry 1 }
|
|
|
|
-- Notifications Control
|
|
|
|
cpaeNotificationControl OBJECT IDENTIFIER ::= { cpaeMIBObject 7 }
|
|
|
|
cpaeNoGuestVlanNotifEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This variable indicates whether the system produces
|
|
the cpaeNoGuestVlanNotif.
|
|
|
|
A 'false' value will prevent cpaeNoGuestVlanNotif from
|
|
being generated by this system."
|
|
::= { cpaeNotificationControl 1 }
|
|
|
|
cpaeNoAuthFailVlanNotifEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This variable indicates whether the system produces
|
|
the cpaeNoAuthFailVlanNotif.
|
|
|
|
A 'false' value will prevent cpaeNoAuthFailVlanNotif
|
|
from being generated by this system."
|
|
::= { cpaeNotificationControl 2 }
|
|
|
|
-- MAC Authentication Bypass feature
|
|
|
|
cpaeMacAuthBypass OBJECT IDENTIFIER ::= { cpaeMIBObject 8 }
|
|
|
|
cpaeMacAuthBypassReAuthTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the waiting time before reauthentication is
|
|
triggered on all MAC Auth-bypass authenticated ports."
|
|
::= { cpaeMacAuthBypass 1 }
|
|
|
|
cpaeMacAuthBypassReAuthEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The reauthentication control for all MAC Auth-bypass
|
|
ports. Setting this object to 'true' causes every MAC
|
|
Auth-Bypass authenticated port to reauthenticate the
|
|
device connecting to the port, after every period of
|
|
time specified by the object
|
|
cpaeMacAuthBypassReAuthTimeout. Setting this object
|
|
to 'false' will disable the MAC Auth-Bypass global
|
|
reauthentication."
|
|
::= { cpaeMacAuthBypass 2 }
|
|
|
|
cpaeMacAuthBypassViolation OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
restrict(1),
|
|
shutdown(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the action upon reception of a security
|
|
violation event.
|
|
|
|
restrict(1): Packets from MAC address of the
|
|
device causing security violation
|
|
will be dropped.
|
|
|
|
shutdown(2): The port that causes security
|
|
violation will be shutdown."
|
|
::= { cpaeMacAuthBypass 3 }
|
|
|
|
cpaeMacAuthBypassShutdownTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies time before a port is auto-enabled after
|
|
being shutdown due to a MAC Auth-bypass security
|
|
violation."
|
|
::= { cpaeMacAuthBypass 4 }
|
|
|
|
cpaeMacAuthBypassAuthFailTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the time a MAC Auth-bypass unauthenticated
|
|
port waits before trying the authentication process
|
|
again."
|
|
::= { cpaeMacAuthBypass 5 }
|
|
|
|
cpaeMacAuthBypassPortTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaeMacAuthBypassPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of MAC Authentication Bypass (MAC
|
|
Auth-Bypass) configuration and information for
|
|
ports in the device."
|
|
::= { cpaeMacAuthBypass 6 }
|
|
|
|
cpaeMacAuthBypassPortEntry OBJECT-TYPE
|
|
SYNTAX CpaeMacAuthBypassPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing management information for
|
|
MAC Auth-Bypass feature on a port."
|
|
INDEX { dot1xPaePortNumber }
|
|
::= { cpaeMacAuthBypassPortTable 1 }
|
|
|
|
CpaeMacAuthBypassPortEntry ::= SEQUENCE {
|
|
cpaeMacAuthBypassPortEnabled TruthValue,
|
|
cpaeMacAuthBypassPortInitialize TruthValue,
|
|
cpaeMacAuthBypassPortReAuth TruthValue,
|
|
cpaeMacAuthBypassPortMacAddress MacAddress,
|
|
cpaeMacAuthBypassPortAuthState INTEGER
|
|
}
|
|
|
|
cpaeMacAuthBypassPortEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies whether MAC Auth-Bypass is enabled
|
|
on the port."
|
|
::= { cpaeMacAuthBypassPortEntry 1 }
|
|
|
|
cpaeMacAuthBypassPortInitialize OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The initialization control for this port. Setting
|
|
this object to 'true' causes the MAC Auth-bypass
|
|
state machine to be initialized on the port. Setting
|
|
this object to 'false' has no effect.
|
|
|
|
This object always returns 'false' when it is read."
|
|
::= { cpaeMacAuthBypassPortEntry 2 }
|
|
|
|
cpaeMacAuthBypassPortReAuth OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The reauthentication control for this port. Setting
|
|
this object to 'true' causes the MAC address of the
|
|
device connecting to the port to be reauthenticated.
|
|
Setting this object to 'false' has no effect.
|
|
|
|
This object always returns 'false' when it is read."
|
|
::= { cpaeMacAuthBypassPortEntry 3 }
|
|
|
|
cpaeMacAuthBypassPortMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the MAC address of the device connecting
|
|
to the port."
|
|
::= { cpaeMacAuthBypassPortEntry 4 }
|
|
|
|
cpaeMacAuthBypassPortAuthState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
waiting(2),
|
|
authenticating(3),
|
|
authenticated(4),
|
|
fail(5),
|
|
finished(6)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the current state of the MAC Auth-Bypass
|
|
state machine.
|
|
|
|
other(1) : An unknown state.
|
|
|
|
waiting(2) : Waiting to receive the MAC address
|
|
that needs to be authenticated.
|
|
|
|
authenticating(3): In authentication process.
|
|
|
|
authenticated(4) : MAC address of the device connecting
|
|
to the port is authenticated.
|
|
|
|
fail(5) : MAC Auth-bypass authentication
|
|
failed. Port waits for a period of
|
|
time before moving to the 'waiting'
|
|
state, if there is no other
|
|
authentication features available
|
|
in the system.
|
|
|
|
finished(6) : MAC Auth-bypass authentication
|
|
failed. Port is authenticated by
|
|
another authentication feature."
|
|
::= { cpaeMacAuthBypassPortEntry 5 }
|
|
|
|
cpaeMacAuthBypassAcctEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if accounting is enabled for Mac
|
|
Authentication Bypass feature on this device."
|
|
::= { cpaeMacAuthBypass 7 }
|
|
|
|
-- Web Based Proxy Authentication feature
|
|
|
|
cpaeWebAuth OBJECT IDENTIFIER ::= { cpaeMIBObject 9 }
|
|
|
|
cpaeWebAuthEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies whether Web Proxy Authentication is enabled
|
|
in the system."
|
|
::= { cpaeWebAuth 1 }
|
|
|
|
cpaeWebAuthSessionPeriod OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the Web Proxy Authentication session period
|
|
for the system. Session period is the time after which
|
|
an Web Proxy Authenticated session is terminated."
|
|
::= { cpaeWebAuth 2 }
|
|
|
|
cpaeWebAuthLoginPage OBJECT-TYPE
|
|
SYNTAX CiscoURLString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the customized login page for Web Proxy
|
|
Authentication, in the format of an URL.
|
|
|
|
A customized login page is required to support the same
|
|
input fields as the default login page for users to
|
|
input credentials.
|
|
|
|
If this object contains a zero length string, the
|
|
default login page will be used."
|
|
::= { cpaeWebAuth 3 }
|
|
|
|
cpaeWebAuthLoginFailedPage OBJECT-TYPE
|
|
SYNTAX CiscoURLString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the customized login-failed page for Web
|
|
Proxy Authentication, in the format of an URL.
|
|
|
|
Login-failed page is sent back to the client upon an
|
|
authentication failure. A login-failed page requires to
|
|
have all the input fields of the login page, in
|
|
addition to the authentication failure information.
|
|
|
|
If this object contains a zero length string, the
|
|
default login-failed page will be used."
|
|
::= { cpaeWebAuth 4 }
|
|
|
|
cpaeWebAuthQuietPeriod OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the time a Web Proxy Authentication state
|
|
machine will be held in 'blackListed' state after
|
|
maximum authentication attempts."
|
|
::= { cpaeWebAuth 5 }
|
|
|
|
cpaeWebAuthMaxRetries OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the maximum number of unsuccessful login
|
|
attempts a user is allowed to make."
|
|
::= { cpaeWebAuth 6 }
|
|
|
|
cpaeWebAuthPortTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaeWebAuthPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of Web Proxy Authentication configuration and
|
|
information for the feature capable ports in the
|
|
device."
|
|
::= { cpaeWebAuth 7 }
|
|
|
|
cpaeWebAuthPortEntry OBJECT-TYPE
|
|
SYNTAX CpaeWebAuthPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing management information for Web
|
|
Proxy Authentication feature on a port."
|
|
INDEX { dot1xPaePortNumber }
|
|
::= { cpaeWebAuthPortTable 1 }
|
|
|
|
CpaeWebAuthPortEntry ::= SEQUENCE {
|
|
cpaeWebAuthPortEnabled TruthValue,
|
|
cpaeWebAuthPortInitialize TruthValue
|
|
}
|
|
|
|
cpaeWebAuthPortEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies whether Web Proxy Authentication is
|
|
enabled on the port."
|
|
::= { cpaeWebAuthPortEntry 1 }
|
|
|
|
cpaeWebAuthPortInitialize OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The initialization control for this port. Setting this
|
|
object to 'true' causes Web Proxy Authentication state
|
|
machine to be initialized for all the hosts connecting
|
|
to the port. Setting this object to 'false' has no
|
|
effect.
|
|
|
|
This object always returns 'false' when it is read."
|
|
::= { cpaeWebAuthPortEntry 2 }
|
|
|
|
cpaeWebAuthHostTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaeWebAuthHostEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of Web Proxy Authentication information for
|
|
hosts currently managed by the feature. An entry is
|
|
added to the table when a host is detected and Web
|
|
Proxy Authentication state machine is initiated for
|
|
the host."
|
|
::= { cpaeWebAuth 8 }
|
|
|
|
cpaeWebAuthHostEntry OBJECT-TYPE
|
|
SYNTAX CpaeWebAuthHostEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing management information for Web
|
|
Proxy Authentication feature on a host."
|
|
INDEX { dot1xPaePortNumber,
|
|
cpaeWebAuthHostAddrType, cpaeWebAuthHostAddress }
|
|
::= { cpaeWebAuthHostTable 1 }
|
|
|
|
CpaeWebAuthHostEntry ::= SEQUENCE {
|
|
cpaeWebAuthHostAddrType InetAddressType,
|
|
cpaeWebAuthHostAddress InetAddress,
|
|
cpaeWebAuthAaaSessionPeriod Unsigned32,
|
|
cpaeWebAuthHostSessionTimeLeft Unsigned32,
|
|
cpaeWebAuthHostState INTEGER,
|
|
cpaeWebAuthHostInitialize TruthValue
|
|
}
|
|
|
|
cpaeWebAuthHostAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the Internet address type for the host."
|
|
::= { cpaeWebAuthHostEntry 1 }
|
|
|
|
cpaeWebAuthHostAddress OBJECT-TYPE
|
|
SYNTAX InetAddress (SIZE (0..64))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the Internet address for the host. The type
|
|
of this address is determined by the value of
|
|
cpaeWebAuthHostAddrType."
|
|
::= { cpaeWebAuthHostEntry 2 }
|
|
|
|
cpaeWebAuthAaaSessionPeriod OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the session period for a Web Proxy
|
|
Authenticated session on this host, supplied by the
|
|
AAA server. If value of this object is none zero,
|
|
it will take precedence over the period specified
|
|
by cpaeWebAuthPortSessionPeriod."
|
|
::= { cpaeWebAuthHostEntry 3 }
|
|
|
|
cpaeWebAuthHostSessionTimeLeft OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the leftover time of the current Web Proxy
|
|
Authenticated session for this host."
|
|
::= { cpaeWebAuthHostEntry 4 }
|
|
|
|
cpaeWebAuthHostState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
initialize(1),
|
|
connecting(2),
|
|
authenticating(3),
|
|
authenticated(4),
|
|
authFailed(5),
|
|
parseError(6),
|
|
sessionTimeout(7),
|
|
blackListed(8)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the current state of the Web Proxy
|
|
Authentication state machine.
|
|
|
|
initialize : Initial state of the Web Proxy
|
|
Authentication state machine.
|
|
|
|
connecting : Login page is sent to the client,
|
|
waiting for response from the client.
|
|
|
|
authenticating: Credentials are extracted from client's
|
|
response and authenticating with the
|
|
AAA server.
|
|
|
|
authenticated : Web Proxy Authentication succeeded.
|
|
Session timer is started, policies are
|
|
applied, and success page is sent back
|
|
to client.
|
|
|
|
authFailed : Web Proxy Authentication failed. Login
|
|
page is resent with authentication
|
|
failured information embedded, if retry
|
|
count has not exceeded the maximum
|
|
number of retry attempts. Otherwise,
|
|
move to 'blackListed' state.
|
|
|
|
parseError : Failed to extract user's credentials
|
|
from the client's response.
|
|
|
|
sessionTimeout: Session timer expired, user's policies
|
|
are removed, state machine will moves
|
|
to 'intialize' state after that.
|
|
|
|
blackListed : Web Proxy Authentication retry count
|
|
has exceeded the maximum number of
|
|
retry attempts. Only setting the state
|
|
machine to 'initialize' will take it
|
|
out of this state."
|
|
::= { cpaeWebAuthHostEntry 5 }
|
|
|
|
cpaeWebAuthHostInitialize OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The initialization control for this host. Setting this
|
|
object to 'true' causes Web Proxy Authentication state
|
|
machine to be initialized for the host. Setting this
|
|
object to 'false' has no effect.
|
|
|
|
This object always returns 'false' when it is read."
|
|
::= { cpaeWebAuthHostEntry 6 }
|
|
|
|
|
|
-- LAN Port 802.1x
|
|
cpaeAuthConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaeAuthConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing the configuration objects for the
|
|
Authenticator PAE associated with each port. An entry
|
|
appears in this table for each PAE port that may
|
|
authenticate access to itself. This table contain
|
|
additional objects for the dot1xAuthConfigTable."
|
|
::= { cpaeMIBObject 10 }
|
|
|
|
cpaeAuthConfigEntry OBJECT-TYPE
|
|
SYNTAX CpaeAuthConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing additional management information
|
|
applicable to a particular Authenticator PAE."
|
|
AUGMENTS { dot1xAuthConfigEntry }
|
|
::= { cpaeAuthConfigTable 1 }
|
|
|
|
CpaeAuthConfigEntry ::= SEQUENCE {
|
|
cpaeAuthReAuthPeriodSrcAdmin ReAuthPeriodSource,
|
|
cpaeAuthReAuthPeriodSrcOper ReAuthPeriodSource,
|
|
cpaeAuthReAuthPeriodOper Unsigned32,
|
|
cpaeAuthTimeToNextReAuth Unsigned32,
|
|
cpaeAuthReAuthAction INTEGER,
|
|
cpaeAuthReAuthMax Unsigned32,
|
|
cpaeAuthIabEnabled TruthValue
|
|
}
|
|
|
|
|
|
cpaeAuthReAuthPeriodSrcAdmin OBJECT-TYPE
|
|
SYNTAX ReAuthPeriodSource
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the source of the reAuthPeriod constant to
|
|
be used by the Reauthentication Timer state machine."
|
|
::= { cpaeAuthConfigEntry 1 }
|
|
|
|
cpaeAuthReAuthPeriodSrcOper OBJECT-TYPE
|
|
SYNTAX ReAuthPeriodSource
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the source of the reAuthPeriod constant
|
|
currently in use by the Reauthentication Timer state
|
|
machine."
|
|
::= { cpaeAuthConfigEntry 2 }
|
|
|
|
cpaeAuthReAuthPeriodOper OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the operational reauthentication period
|
|
for this port."
|
|
::= { cpaeAuthConfigEntry 3 }
|
|
|
|
cpaeAuthTimeToNextReAuth OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the leftover time of the current session
|
|
for this port."
|
|
::= { cpaeAuthConfigEntry 4 }
|
|
|
|
cpaeAuthReAuthAction OBJECT-TYPE
|
|
SYNTAX INTEGER { terminate(1), reAuth(2), noReAuth(3) }
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the reauthentication action for this port.
|
|
|
|
terminate: Session will be terminated, with the
|
|
corresponding Authenticator PAE state
|
|
machine transits to 'disconnected'.
|
|
|
|
reAuth : The port will be reauthenticated.
|
|
|
|
noReAuth : The port will not be reauthenticated."
|
|
::= { cpaeAuthConfigEntry 5 }
|
|
|
|
cpaeAuthReAuthMax OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the reAuthMax constant currently in use
|
|
by the Authenticator PAE state machine."
|
|
REFERENCE
|
|
"8.5.4.1.2, reAuthMax"
|
|
::= { cpaeAuthConfigEntry 6 }
|
|
|
|
cpaeAuthIabEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies whether the PAE port is declared as
|
|
Inaccessible Authentication Bypass (IAB). IAB ports
|
|
will be granted network access via the administrative
|
|
configured VLAN if it failed to connect to the
|
|
Authentication server. The only way to bring an IAB
|
|
port back to the Backend Authentication state machine
|
|
is through setting dot1xPaePortInitialize in the
|
|
corresponding entry in dot1xPaePortTable to 'true'.
|
|
|
|
802.1x reauthentication will be temporary disabled on
|
|
an authenticated IAB port if the connection to
|
|
the Authentication server is broken, and enable again
|
|
when the connection is resumed."
|
|
::= { cpaeAuthConfigEntry 7 }
|
|
|
|
|
|
cpaeHostInfoTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaeHostInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing 802.1x authentication information
|
|
for hosts connecting to PAE ports in the system."
|
|
::= { cpaeMIBObject 11 }
|
|
|
|
cpaeHostInfoEntry OBJECT-TYPE
|
|
SYNTAX CpaeHostInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry appears in the table for each 802.1x capable
|
|
host connecting to an PAE port, providing its
|
|
authentication information."
|
|
INDEX { dot1xPaePortNumber, cpaeHostInfoHostIndex }
|
|
::= { cpaeHostInfoTable 1 }
|
|
|
|
CpaeHostInfoEntry ::= SEQUENCE {
|
|
cpaeHostInfoHostIndex Unsigned32,
|
|
cpaeHostInfoMacAddress MacAddress,
|
|
cpaeHostInfoPostureToken CnnEouPostureToken
|
|
}
|
|
|
|
cpaeHostInfoHostIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An arbitrary index assigned by the agent to identify
|
|
the host."
|
|
::= { cpaeHostInfoEntry 1 }
|
|
|
|
cpaeHostInfoMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the Mac Address of the host."
|
|
::= { cpaeHostInfoEntry 2 }
|
|
|
|
cpaeHostInfoPostureToken OBJECT-TYPE
|
|
SYNTAX CnnEouPostureToken
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the posture token assigned to the host."
|
|
::= { cpaeHostInfoEntry 3 }
|
|
|
|
-- Notifications
|
|
|
|
cpaeNoGuestVlanNotif NOTIFICATION-TYPE
|
|
OBJECTS { dot1xAuthPaeState }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A cpaeNoGuestVlanNotif is sent if a non-802.1x
|
|
supplicant is detected on a PAE port for which the
|
|
value of corresponding instance of
|
|
dot1xAuthAuthControlledPortControl is 'auto' and the
|
|
value of corresponding instance of cpaeGuestVlanNumber
|
|
is zero."
|
|
::= { cpaeMIBNotification 1 }
|
|
|
|
cpaeNoAuthFailVlanNotif NOTIFICATION-TYPE
|
|
OBJECTS { dot1xAuthPaeState }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A cpaeNoAuthFailVlanNotif is sent if a 802.1x
|
|
supplicant fails to authenticate on a PAE port for
|
|
which the value of corresponding instance of
|
|
dot1xAuthAuthControlledPortControl is 'auto' and the
|
|
value of corresponding instance of cpaePortAuthFailVlan
|
|
is zero."
|
|
::= { cpaeMIBNotification 2 }
|
|
|
|
|
|
-- Conformance
|
|
|
|
cpaeMIBCompliances OBJECT IDENTIFIER ::= { cpaeMIBConformance 1 }
|
|
cpaeMIBGroups OBJECT IDENTIFIER ::= { cpaeMIBConformance 2 }
|
|
|
|
cpaeCompliance MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for devices that implement
|
|
the CISCO-PAE-MIB."
|
|
MODULE
|
|
MANDATORY-GROUPS { cpaeMultipleHostGroup }
|
|
::= { cpaeMIBCompliances 1 }
|
|
|
|
cpaeCompliance2 MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for devices that implement
|
|
the CISCO-PAE-MIB."
|
|
MODULE
|
|
MANDATORY-GROUPS { cpaePortEntryGroup }
|
|
|
|
GROUP cpaeGuestVlanGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports Guest Vlan feature."
|
|
::= { cpaeMIBCompliances 2 }
|
|
|
|
cpaeCompliance3 MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for devices that implement
|
|
the CISCO-PAE-MIB."
|
|
MODULE
|
|
MANDATORY-GROUPS { cpaePortEntryGroup }
|
|
|
|
GROUP cpaeGuestVlanGroup2
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports per-interface Guest Vlan feature."
|
|
|
|
GROUP cpaeShutdownTimeoutGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support Shutdown Timeout feature."
|
|
::= { cpaeMIBCompliances 3 }
|
|
|
|
cpaeCompliance4 MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for devices that implement
|
|
the CISCO-PAE-MIB."
|
|
MODULE
|
|
MANDATORY-GROUPS { cpaePortEntryGroup }
|
|
|
|
GROUP cpaeGuestVlanGroup2
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports per-interface Guest Vlan feature."
|
|
|
|
GROUP cpaeShutdownTimeoutGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support Shutdown Timeout feature."
|
|
|
|
GROUP cpaeRadiusConfigGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support RADIUS configuration for 802.1x feature."
|
|
|
|
GROUP cpaeUserGroupGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support Group Manager for 802.1x feature."
|
|
::= { cpaeMIBCompliances 4 }
|
|
|
|
cpaeCompliance5 MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for devices that implement
|
|
the CISCO-PAE-MIB."
|
|
MODULE
|
|
MANDATORY-GROUPS { cpaePortEntryGroup }
|
|
|
|
GROUP cpaeGuestVlanGroup3
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports per-interface Guest Vlan feature."
|
|
|
|
GROUP cpaeShutdownTimeoutGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support Shutdown Timeout feature."
|
|
|
|
GROUP cpaeRadiusConfigGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support RADIUS configuration for 802.1x feature."
|
|
|
|
GROUP cpaeUserGroupGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support Group Manager for 802.1x feature."
|
|
|
|
GROUP cpaePortOperVlanGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaePortAuthFailVlanGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support Auth-Fail Vlan configuration for
|
|
802.1x feature."
|
|
|
|
GROUP cpaeNoGuestVlanNotifEnableGrp
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports per-interface Guest Vlan feature."
|
|
|
|
GROUP cpaeNoAuthFailVlanNotifEnableGrp
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports Auth-Fail Vlan configuration for
|
|
802.1x feature."
|
|
|
|
GROUP cpaeNoGuestVlanNotifGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeNoAuthFailVlanNotifGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeMacAuthBypassGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support MAC Authentication Bypass feature."
|
|
|
|
GROUP cpaeWebAuthGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support Web Proxy Authentication feature."
|
|
|
|
GROUP cpaeAuthConfigGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support remote reauthentication timer."
|
|
|
|
GROUP cpaeHostInfoGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
::= { cpaeMIBCompliances 5 }
|
|
|
|
|
|
-- Units of Conformance
|
|
|
|
cpaeMultipleHostGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeMultipleHost
|
|
}
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"A collection of objects that provide the multiple
|
|
host configuration information for a PAE port.
|
|
These are additional to the IEEE Std 802.1x PAE MIB."
|
|
::= { cpaeMIBGroups 1 }
|
|
|
|
cpaePortEntryGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaePortMode
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides the port-mode
|
|
configuration for a PAE port."
|
|
::= { cpaeMIBGroups 2 }
|
|
|
|
cpaeGuestVlanGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeGuestVlanId
|
|
}
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"A collection of objects that provides the Guest Vlan
|
|
configuration information for the system."
|
|
::= { cpaeMIBGroups 3 }
|
|
|
|
cpaeGuestVlanGroup2 OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeGuestVlanNumber,
|
|
cpaeInGuestVlan
|
|
}
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"A collection of objects that provides the per-interface
|
|
Guest Vlan configuration information for the system."
|
|
::= { cpaeMIBGroups 4 }
|
|
|
|
cpaeShutdownTimeoutGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeShutdownTimeout,
|
|
cpaeShutdownTimeoutEnabled
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides the dot1x
|
|
shutdown timeout configuration information for
|
|
the system."
|
|
::= { cpaeMIBGroups 5 }
|
|
|
|
cpaeRadiusConfigGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeRadiusAccountingEnabled
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides the RADIUS
|
|
configuration information for the system."
|
|
::= { cpaeMIBGroups 6 }
|
|
|
|
cpaeUserGroupGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeUserGroupUserName,
|
|
cpaeUserGroupUserAddrType,
|
|
cpaeUserGroupUserAddr,
|
|
cpaeUserGroupUserInterface,
|
|
cpaeUserGroupUserVlan
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides the group manager
|
|
information of authenticated users in the system."
|
|
::= { cpaeMIBGroups 7 }
|
|
|
|
cpaeGuestVlanGroup3 OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeGuestVlanNumber
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides the per-interface
|
|
Guest Vlan configuration information for the system."
|
|
::= { cpaeMIBGroups 8 }
|
|
|
|
cpaePortOperVlanGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaePortOperVlan,
|
|
cpaePortOperVlanType
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides the
|
|
information about Operational Vlan for each PAE port."
|
|
::= { cpaeMIBGroups 9 }
|
|
|
|
cpaePortAuthFailVlanGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaePortAuthFailVlan,
|
|
cpaeAuthFailUserName
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides the
|
|
Auth-Fail (Authentication Fail) Vlan configuration
|
|
and Auth-Fail user information for the system."
|
|
::= { cpaeMIBGroups 10 }
|
|
|
|
cpaeNoGuestVlanNotifEnableGrp OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeNoGuestVlanNotifEnable
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides control over
|
|
Guest Vlan related notification(s)."
|
|
::= { cpaeMIBGroups 11 }
|
|
|
|
cpaeNoAuthFailVlanNotifEnableGrp OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeNoAuthFailVlanNotifEnable
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides control over
|
|
Auth-Fail related notification(s)."
|
|
::= { cpaeMIBGroups 12 }
|
|
|
|
cpaeNoGuestVlanNotifGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
cpaeNoGuestVlanNotif
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of notification(s) providing the
|
|
information for unconfigured Guest Vlan."
|
|
::= { cpaeMIBGroups 13 }
|
|
|
|
cpaeNoAuthFailVlanNotifGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
cpaeNoAuthFailVlanNotif
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of notifications providing the
|
|
information for unconfigured Auth-Fail Vlan."
|
|
::= { cpaeMIBGroups 14 }
|
|
|
|
cpaeMacAuthBypassGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeMacAuthBypassReAuthTimeout,
|
|
cpaeMacAuthBypassReAuthEnabled,
|
|
cpaeMacAuthBypassViolation,
|
|
cpaeMacAuthBypassShutdownTimeout,
|
|
cpaeMacAuthBypassAuthFailTimeout,
|
|
cpaeMacAuthBypassPortEnabled,
|
|
cpaeMacAuthBypassPortInitialize,
|
|
cpaeMacAuthBypassPortReAuth,
|
|
cpaeMacAuthBypassPortMacAddress,
|
|
cpaeMacAuthBypassPortAuthState,
|
|
cpaeMacAuthBypassAcctEnable
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides the
|
|
MAC Auth-Bypass configuration and information
|
|
for the system."
|
|
::= { cpaeMIBGroups 15 }
|
|
|
|
cpaeWebAuthGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeWebAuthEnabled,
|
|
cpaeWebAuthSessionPeriod,
|
|
cpaeWebAuthLoginPage,
|
|
cpaeWebAuthLoginFailedPage,
|
|
cpaeWebAuthQuietPeriod,
|
|
cpaeWebAuthMaxRetries,
|
|
cpaeWebAuthPortEnabled,
|
|
cpaeWebAuthPortInitialize,
|
|
cpaeWebAuthAaaSessionPeriod,
|
|
cpaeWebAuthHostSessionTimeLeft,
|
|
cpaeWebAuthHostState,
|
|
cpaeWebAuthHostInitialize
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides the
|
|
Web Proxy Authentication configuration and
|
|
information for the system."
|
|
::= { cpaeMIBGroups 16 }
|
|
|
|
cpaeAuthConfigGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeAuthReAuthPeriodSrcAdmin,
|
|
cpaeAuthReAuthPeriodSrcOper,
|
|
cpaeAuthReAuthPeriodOper,
|
|
cpaeAuthTimeToNextReAuth,
|
|
cpaeAuthReAuthAction,
|
|
cpaeAuthReAuthMax,
|
|
cpaeAuthIabEnabled
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides additional
|
|
configuration information about an Authenticator PAE."
|
|
::= { cpaeMIBGroups 17 }
|
|
|
|
cpaeHostInfoGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeHostInfoMacAddress,
|
|
cpaeHostInfoPostureToken
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides information
|
|
about an host connecting to a PAE port."
|
|
::= { cpaeMIBGroups 18 }
|
|
END
|