mirror of
https://github.com/hsnodgrass/snmp_mib_archive.git
synced 2025-04-17 16:03:04 +00:00
869 lines
30 KiB
Plaintext
869 lines
30 KiB
Plaintext
|
|
BAY-STACK-EAPOL-EXTENSION-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
OBJECT-TYPE, MODULE-IDENTITY, Integer32, TimeTicks
|
|
FROM SNMPv2-SMI
|
|
TruthValue, MacAddress, RowStatus
|
|
FROM SNMPv2-TC
|
|
InterfaceIndex
|
|
FROM IF-MIB
|
|
bayStackMibs
|
|
FROM SYNOPTICS-ROOT-MIB
|
|
SnmpAdminString
|
|
FROM SNMP-FRAMEWORK-MIB;
|
|
|
|
bayStackEapExtMib MODULE-IDENTITY
|
|
LAST-UPDATED "200611010000Z"
|
|
ORGANIZATION "Nortel Networks"
|
|
CONTACT-INFO "Nortel Networks"
|
|
DESCRIPTION
|
|
"BayStack EAPOL Extension MIB
|
|
|
|
Copyright 2003-2004 Nortel Networks, Inc.
|
|
All rights reserved.
|
|
This Bay Networks SNMP Management Information Base Specification
|
|
(Specification) embodies Bay Networks' confidential and
|
|
proprietary intellectual property. Bay Networks retains all
|
|
title and ownership in the Specification, including any
|
|
revisions.
|
|
|
|
This Specification is supplied 'AS IS,' and Bay Networks makes
|
|
no warranty, either express or implied, as to the use,
|
|
operation, condition, or performance of the Specification."
|
|
|
|
REVISION "200611010000Z" -- 01 Nov 2006
|
|
DESCRIPTION "v010 Added support for various additional EAP features:
|
|
- allowing IP phones based on DHCP
|
|
- allowing use of radius assigned VLAN in
|
|
multihost-eap mode
|
|
- use of unicast packets for Eap-ReqId packets
|
|
- fail or not-fail EAP users on radius timeout
|
|
(default is to fail)"
|
|
|
|
REVISION "200605240000Z" -- 24 May 2006
|
|
DESCRIPTION "v009: Added non-eap ubp support, filter-on-mac ubp support,
|
|
configurable non-eap radius password attribute format
|
|
support, re-auth of individual MAC addrs support."
|
|
|
|
REVISION "200506270000Z" -- 27 June 2005
|
|
DESCRIPTION "v008: Added MHSA support. Added new non-eap auth reasons."
|
|
|
|
REVISION "200503100000Z" -- 10 March 2005
|
|
DESCRIPTION "v007: Cleaned up some DESCRIPTION clauses.
|
|
Added bseeMultiHostNonEapStatusTable."
|
|
|
|
REVISION "200502170000Z" -- 17 February 2005
|
|
DESCRIPTION "v006: Added objects:
|
|
bseeMultiHostAllowNonEapClient
|
|
bseeMultiHostRadiusAuthNonEapClient
|
|
bseePortConfigMultiHostRadiusAuthNonEapClient
|
|
deprecated bseePortConfigMultiHostNonEapMacSource."
|
|
|
|
REVISION "200411110000Z" -- 11 November 2004
|
|
DESCRIPTION "v005: Added bseeMultiHostNonEapMacTable."
|
|
|
|
REVISION "200408310000Z" -- 20 July 2004
|
|
DESCRIPTION "v004: Changes to have separate enable/disable flag for
|
|
guest vlan and remediation vlan. Added objects:
|
|
bseeGuestVlanEnabled
|
|
bseeRemediationVlanEnabled
|
|
bseePortConfigGuestVlanEnabled"
|
|
|
|
REVISION "200407200000Z" -- 20 July 2004
|
|
DESCRIPTION "v003: Added enhancements for guest vlan, remediation vlan,
|
|
and multihost support."
|
|
|
|
REVISION "200309180000Z" -- 18 Sept 2003
|
|
DESCRIPTION "v001: Initial version."
|
|
|
|
::= { bayStackMibs 3 }
|
|
|
|
bseeObjects OBJECT IDENTIFIER ::= { bayStackEapExtMib 1 }
|
|
bseeNotifications OBJECT IDENTIFIER ::= { bayStackEapExtMib 2 }
|
|
bseeNotifications0 OBJECT IDENTIFIER ::= { bseeNotifications 0 }
|
|
|
|
|
|
bseeUserBasedPoliciesEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether EAPOL User-based policies
|
|
are enabled or disabled."
|
|
::= { bseeObjects 1 }
|
|
|
|
bseeGuestVlanId OBJECT-TYPE
|
|
SYNTAX Integer32 (1..4094)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the ID of the global default guest VLAN. This
|
|
VLAN is used for ports which do not have a configured guest VLAN.
|
|
Access to the guest VLAN is allowed for MAC addresses before EAP
|
|
authentication has been performed. However, if the value of
|
|
bseeGuestVlanEnabled is false(2), then access to the guest VLAN
|
|
is not allowed for ports that do not have a configured guest VLAN."
|
|
::= { bseeObjects 2 }
|
|
|
|
bseeRemediationVlanId OBJECT-TYPE
|
|
SYNTAX Integer32 (1..4094)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the ID of the remediation VLAN. If EAP
|
|
authentication fails for a port, MAC addresses on that port are
|
|
restricted to access only the remediation VLAN. However, if the
|
|
value of bseeRemediationVlanEnabled is false(2), then access is
|
|
not allowed at all for a port when EAP authentication fails."
|
|
::= { bseeObjects 3 }
|
|
|
|
bseeMaximumEapClientMacs OBJECT-TYPE
|
|
SYNTAX Integer32 (1..800)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the global maximum number of EAP authenticated
|
|
MAC addresses allowed."
|
|
::= { bseeObjects 4 }
|
|
|
|
bseeMaximumNonEapClientMacs OBJECT-TYPE
|
|
SYNTAX Integer32 (1..800)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the global maximum number of non-EAP
|
|
authenticated MAC addresses allowed."
|
|
::= { bseeObjects 5 }
|
|
|
|
bseeGuestVlanEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether access to the global default guest
|
|
VLAN is allowed."
|
|
::= { bseeObjects 6 }
|
|
|
|
bseeRemediationVlanEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether access to the remediation VLAN
|
|
is allowed."
|
|
::= { bseeObjects 7 }
|
|
|
|
bseeMultiHostAllowNonEapClient OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object controls whether non-EAP clients (MAC addresses) are
|
|
allowed. This is the system-wide setting. The associated per-port
|
|
setting (bseePortConfigMultiHostAllowNonEapClient) must also be true
|
|
for non-EAP clients to be allowed on a particular port."
|
|
DEFVAL { false }
|
|
::= { bseeObjects 8 }
|
|
|
|
bseeMultiHostRadiusAuthNonEapClient OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object controls whether non-EAP clients (MAC addresses) may
|
|
be authenticated using RADIUS. This is the system-wide setting. The
|
|
associated per-port setting (bseePortConfigMultiHostRadiusAuthNonEapClient)
|
|
must also be true for non-EAP clients to be authenticated using
|
|
RADIUS on a particular port."
|
|
DEFVAL { false }
|
|
::= { bseeObjects 9 }
|
|
|
|
bseeMultiHostSingleAuthEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object controls whether non-EAP clients (MAC addresses) may
|
|
be automatically authenticated on a port after an EAP client has
|
|
been authenticated (known as MHSA). This is the system-wide setting.
|
|
The associated per-port setting must also be true for non-EAP clients
|
|
to be authenticated in this way."
|
|
DEFVAL { false }
|
|
::= { bseeObjects 10 }
|
|
|
|
bseeUserBasedPoliciesFilterOnMac OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether the EAPOL User-based policy filters
|
|
that are installed on ports will be dynamically modified to include
|
|
the MAC address for which the filters are installed."
|
|
::= { bseeObjects 11 }
|
|
|
|
bseeMultiHostNonEapUserBasedPoliciesEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether non-EAPOL User-based policies
|
|
are enabled or disabled."
|
|
::= { bseeObjects 12 }
|
|
|
|
bseeMultiHostNonEapUserBasedPoliciesFilterOnMac OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether the non-EAPOL User-based policy filters
|
|
that are installed on ports will be dynamically modified to include
|
|
the MAC address for which the filters are installed."
|
|
::= { bseeObjects 13 }
|
|
|
|
bseeMultihostNonEapRadiusPasswordAttributeFormat OBJECT-TYPE
|
|
SYNTAX BITS {
|
|
ipAddr(0),
|
|
macAddr(1),
|
|
portNumber(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object controls the format of the RADIUS password attribute
|
|
that is included in requests to the RADIUS server for authenticating
|
|
non-EAP clients (MAC addresses).
|
|
|
|
If the ipAddr(0) bit is set, the password attribute will contain
|
|
the switch's IP address encoded as a string of four 3-digit 0-padded
|
|
integers. For example, the encoding for the IP address 47.80.225.1
|
|
would be '047080225001'.
|
|
|
|
If the macAddr(1) bit is set, the password attribute will contain
|
|
the MAC address to be authenticated as a string of six 2-digit hex
|
|
numbers. For example, the MAC address 00:08:01:0a:33:34 would be
|
|
encoded as '0008010a3334'.
|
|
|
|
If the portNumber(2) bit is set, the password attribute will contain
|
|
the port number on which the MAC address was seen, encoded as a string
|
|
of two 2-digit 0-padded integers. The first integer is the unit/slot
|
|
number, and the second number is the port number on that unit/slot.
|
|
For a standalone stackable unit, the unit/slot number will be 0. For
|
|
example, the encoding for unit/port 1/23 would be '0123', and the
|
|
encoding for port 7 on a standalone stackable unit would be '0007'.
|
|
|
|
The fields in the password attribute will appear in the order of the
|
|
bits defined in this object, i.e., IP addr, followed by MAC addr,
|
|
followed by port number. Fields are separated by a '.' character.
|
|
The separators are present regardless of whether a field is present.
|
|
So, for example, if all three fields are present, the password
|
|
attribute might contain:
|
|
047080225001.0008010a3334.0123
|
|
If none of the three fields are present, the password attribute will
|
|
be '..'."
|
|
::= { bseeObjects 14 }
|
|
|
|
bseeMultiHostAllowNonEapPhones OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether IP phones will be allowed access
|
|
based on DHCP."
|
|
DEFVAL { false }
|
|
::= { bseeObjects 15 }
|
|
|
|
bseeMultiHostAllowRadiusAssignedVlan OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether to allow the use of RADIUS-assigned
|
|
VLANs in multihost-eap mode."
|
|
DEFVAL { false }
|
|
::= { bseeObjects 16 }
|
|
|
|
bseeMultiHostEapPacketMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
multicast(1),
|
|
unicast(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether to use unicast or multicast packets
|
|
for Eap-ReqId packets. Normally, multicast packets are used."
|
|
DEFVAL { multicast }
|
|
::= { bseeObjects 17 }
|
|
|
|
bseeMultiHostEapRadiusTimeoutMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
fail(1),
|
|
doNotFail(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether or not to fail authentication of EAP
|
|
users on a RADIUS timeout."
|
|
DEFVAL { fail }
|
|
::= { bseeObjects 18 }
|
|
|
|
--
|
|
-- EAP Multi-Host Configuration Table
|
|
--
|
|
|
|
bseePortConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF BseePortConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table is used to control the EAP multihost configuration
|
|
for each port in the system."
|
|
::= { bayStackEapExtMib 3 }
|
|
|
|
bseePortConfigEntry OBJECT-TYPE
|
|
SYNTAX BseePortConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The EAP multihost configuration for a port."
|
|
INDEX { bseePortConfigPortNumber }
|
|
::= { bseePortConfigTable 1 }
|
|
|
|
BseePortConfigEntry ::=
|
|
SEQUENCE {
|
|
bseePortConfigPortNumber InterfaceIndex,
|
|
bseePortConfigGuestVlanId Integer32,
|
|
bseePortConfigMultiHostEnabled TruthValue,
|
|
bseePortConfigMultiHostEapMaxNumMacs Integer32,
|
|
bseePortConfigMultiHostAllowNonEapClient TruthValue,
|
|
bseePortConfigMultiHostNonEapMacSource INTEGER,
|
|
bseePortConfigMultiHostNonEapMaxNumMacs Integer32,
|
|
bseePortConfigGuestVlanEnabled TruthValue,
|
|
bseePortConfigMultiHostRadiusAuthNonEapClient TruthValue,
|
|
bseePortConfigMultiHostSingleAuthEnabled TruthValue,
|
|
bseePortConfigMultiHostAllowNonEapPhones TruthValue,
|
|
bseePortConfigMultiHostAllowRadiusAssignedVlan TruthValue,
|
|
bseePortConfigMultiHostEapPacketMode INTEGER,
|
|
bseePortConfigMultiHostEapRadiusTimeoutMode INTEGER
|
|
}
|
|
|
|
bseePortConfigPortNumber OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Port number associated with this Port."
|
|
::= { bseePortConfigEntry 1 }
|
|
|
|
bseePortConfigGuestVlanId OBJECT-TYPE
|
|
SYNTAX Integer32 (0..4094)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the ID of the guest VLAN for this port.
|
|
Access to the guest VLAN is allowed for MAC addresses before EAP
|
|
authentication has been performed.
|
|
|
|
If the value of this object is 0, then the global guest VLAN ID
|
|
is used for this port, as specified in bseeGuestVlanId.
|
|
|
|
However, if the value of the associated instance of
|
|
bseePortConfigGuestVlanEnabled is false(2), then access to the
|
|
guest VLAN is not allowed for the port, regardless of the value
|
|
of bseePortConfigGuestVlanId."
|
|
DEFVAL { 0 }
|
|
::= { bseePortConfigEntry 2 }
|
|
|
|
bseePortConfigMultiHostEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object controls whether EAP multihost is enabled for a port."
|
|
DEFVAL { false }
|
|
::= { bseePortConfigEntry 3 }
|
|
|
|
bseePortConfigMultiHostEapMaxNumMacs OBJECT-TYPE
|
|
SYNTAX Integer32 (0..100)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the maximum number of EAP-authentication
|
|
MAC addresses allowed on this port. A value of 0 indicates that
|
|
there is no port-specific limit."
|
|
DEFVAL { 1 }
|
|
::= { bseePortConfigEntry 4 }
|
|
|
|
bseePortConfigMultiHostAllowNonEapClient OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object controls whether non-EAP clients (MAC addresses) are
|
|
allowed on the port."
|
|
DEFVAL { false }
|
|
::= { bseePortConfigEntry 5 }
|
|
|
|
bseePortConfigMultiHostNonEapMacSource OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
autoLearn(1),
|
|
userConfig(2),
|
|
radius(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"This object controls the source for finding allowed non-EAP MAC
|
|
addresses."
|
|
DEFVAL { userConfig }
|
|
::= { bseePortConfigEntry 6 }
|
|
|
|
bseePortConfigMultiHostNonEapMaxNumMacs OBJECT-TYPE
|
|
SYNTAX Integer32 (1..100)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the maximum number of non-EAP authenticated
|
|
MAC addresses allowed on this port."
|
|
DEFVAL { 1 }
|
|
::= { bseePortConfigEntry 7 }
|
|
|
|
bseePortConfigGuestVlanEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object controls whether access to the guest VLAN is allowed
|
|
for a port."
|
|
DEFVAL { false }
|
|
::= { bseePortConfigEntry 8 }
|
|
|
|
bseePortConfigMultiHostRadiusAuthNonEapClient OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object controls whether non-EAP clients (MAC addresses) may
|
|
authenticated using RADIUS on the port."
|
|
DEFVAL { false }
|
|
::= { bseePortConfigEntry 9 }
|
|
|
|
bseePortConfigMultiHostSingleAuthEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object controls whether non-EAP clients (MAC addresses) may
|
|
be automatically authenticated on the port after an EAP client has
|
|
been authenticated (known as MHSA)."
|
|
DEFVAL { false }
|
|
::= { bseePortConfigEntry 10 }
|
|
|
|
bseePortConfigMultiHostAllowNonEapPhones OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether IP phones will be allowed access
|
|
based on DHCP."
|
|
DEFVAL { false }
|
|
::= { bseePortConfigEntry 11 }
|
|
|
|
bseePortConfigMultiHostAllowRadiusAssignedVlan OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether to allow the use of RADIUS-assigned
|
|
VLANs in multihost-eap mode."
|
|
DEFVAL { false }
|
|
::= { bseePortConfigEntry 12 }
|
|
|
|
bseePortConfigMultiHostEapPacketMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
multicast(1),
|
|
unicast(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether to use unicast or multicast packets
|
|
for Eap-ReqId packets. Normally, multicast packets are used."
|
|
DEFVAL { multicast }
|
|
::= { bseePortConfigEntry 13 }
|
|
|
|
bseePortConfigMultiHostEapRadiusTimeoutMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
fail(1),
|
|
doNotFail(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether or not to fail authentication of EAP
|
|
users on a RADIUS timeout."
|
|
DEFVAL { fail }
|
|
::= { bseePortConfigEntry 14 }
|
|
|
|
--
|
|
-- EAP Multi-Host Status Table
|
|
--
|
|
|
|
bseeMultiHostStatusTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF BseeMultiHostStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table provides the EAP authentication status per-MAC address
|
|
per-port."
|
|
::= { bayStackEapExtMib 4 }
|
|
|
|
bseeMultiHostStatusEntry OBJECT-TYPE
|
|
SYNTAX BseeMultiHostStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of EAP authentication of clients for a port."
|
|
INDEX { bseeMultiHostStatusPortNumber, bseeMultiHostStatusClientMACAddr }
|
|
::= { bseeMultiHostStatusTable 1 }
|
|
|
|
BseeMultiHostStatusEntry ::=
|
|
SEQUENCE {
|
|
bseeMultiHostStatusPortNumber InterfaceIndex,
|
|
bseeMultiHostStatusClientMACAddr MacAddress,
|
|
bseeMultiHostStatusPaeState INTEGER,
|
|
bseeMultiHostStatusBackendAuthState INTEGER,
|
|
bseeMultiHostStatusReauthenticate INTEGER
|
|
}
|
|
|
|
bseeMultiHostStatusPortNumber OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Port number associated with this client."
|
|
::= { bseeMultiHostStatusEntry 1 }
|
|
|
|
bseeMultiHostStatusClientMACAddr OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The MAC address of the client."
|
|
::= { bseeMultiHostStatusEntry 2 }
|
|
|
|
bseeMultiHostStatusPaeState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
initialize(1),
|
|
disconnected(2),
|
|
connecting(3),
|
|
authenticating(4),
|
|
authenticated(5),
|
|
aborting(6),
|
|
held(7),
|
|
forceAuth(8),
|
|
forceUnauth(9)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current value of the Authenticator PAE state machine."
|
|
::= { bseeMultiHostStatusEntry 3 }
|
|
|
|
bseeMultiHostStatusBackendAuthState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
request(1),
|
|
response(2),
|
|
success(3),
|
|
fail(4),
|
|
timeout(5),
|
|
idle(6),
|
|
initialize(7)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current state of the Backend Authentication state machine."
|
|
::= { bseeMultiHostStatusEntry 4 }
|
|
|
|
bseeMultiHostStatusReauthenticate OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
reauthenticate(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Setting this object to reauthenticate(2) will force the client to
|
|
be reauthenticated. When retrieved, the value of this object is
|
|
always other(1)."
|
|
::= { bseeMultiHostStatusEntry 5 }
|
|
|
|
|
|
--
|
|
-- EAP Multi-Host Session Statistics Table
|
|
--
|
|
|
|
bseeMultiHostSessionStatsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF BseeMultiHostSessionStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table that contains the session statistics objects for the
|
|
Authenticator PAE associated with each EAP client on each Port.
|
|
An entry appears in this table for each client MAC address on each
|
|
port that may authenticate access to itself."
|
|
::= { bayStackEapExtMib 5 }
|
|
|
|
bseeMultiHostSessionStatsEntry OBJECT-TYPE
|
|
SYNTAX BseeMultiHostSessionStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The session statistics information for an Authenticator
|
|
PAE. This shows the current values being collected for
|
|
each session that is still in progress, or the final
|
|
values for the last valid session for each client where
|
|
there is no session currently active. This is similar to
|
|
the dot1xAuthSessionStatsTable, except that it provides
|
|
information per-port-per-MAC, rather than just per-port."
|
|
INDEX { bseeMultiHostSessionStatsPortNumber,
|
|
bseeMultiHostSessionStatsClientMACAddr }
|
|
::= { bseeMultiHostSessionStatsTable 1 }
|
|
|
|
BseeMultiHostSessionStatsEntry ::=
|
|
SEQUENCE {
|
|
bseeMultiHostSessionStatsPortNumber InterfaceIndex,
|
|
bseeMultiHostSessionStatsClientMACAddr MacAddress,
|
|
bseeMultiHostSessionId SnmpAdminString,
|
|
bseeMultiHostSessionAuthenticMethod INTEGER,
|
|
bseeMultiHostSessionTime TimeTicks,
|
|
bseeMultiHostSessionTerminateCause INTEGER,
|
|
bseeMultiHostSessionUserName SnmpAdminString
|
|
}
|
|
|
|
bseeMultiHostSessionStatsPortNumber OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Port number associated with this client."
|
|
::= { bseeMultiHostSessionStatsEntry 1 }
|
|
|
|
bseeMultiHostSessionStatsClientMACAddr OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The MAC address of this client."
|
|
::= { bseeMultiHostSessionStatsEntry 2 }
|
|
|
|
bseeMultiHostSessionId OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A unique identifier for the session, in the
|
|
form of a printable ASCII string of at least
|
|
three characters."
|
|
::= { bseeMultiHostSessionStatsEntry 3 }
|
|
|
|
bseeMultiHostSessionAuthenticMethod OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
remoteAuthServer(1),
|
|
localAuthServer(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The authentication method used to establish the session."
|
|
::= { bseeMultiHostSessionStatsEntry 4 }
|
|
|
|
bseeMultiHostSessionTime OBJECT-TYPE
|
|
SYNTAX TimeTicks
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The duration of the session in seconds."
|
|
::= { bseeMultiHostSessionStatsEntry 5 }
|
|
|
|
bseeMultiHostSessionTerminateCause OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
supplicantLogoff(1),
|
|
portFailure(2),
|
|
supplicantRestart(3),
|
|
reauthFailed(4),
|
|
authControlForceUnauth(5),
|
|
portReInit(6),
|
|
portAdminDisabled(7),
|
|
notTerminatedYet(999)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The reason for the session termination."
|
|
::= { bseeMultiHostSessionStatsEntry 6 }
|
|
|
|
bseeMultiHostSessionUserName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The User-Name representing the identity of the Supplicant PAE."
|
|
::= { bseeMultiHostSessionStatsEntry 7 }
|
|
|
|
|
|
--
|
|
-- EAP Multi-Host Allowed Non-EAP MAC Address Table
|
|
--
|
|
|
|
bseeMultiHostNonEapMacTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF BseeMultiHostNonEapMacEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table that contains the non-EAP MAC addresses that are
|
|
allowed access to EAP-enabled interfaces."
|
|
::= { bayStackEapExtMib 6 }
|
|
|
|
bseeMultiHostNonEapMacEntry OBJECT-TYPE
|
|
SYNTAX BseeMultiHostNonEapMacEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An allowed non-EAP MAC address."
|
|
INDEX { bseeMultiHostNonEapMacPortNumber,
|
|
bseeMultiHostNonEapMacClientMACAddr }
|
|
::= { bseeMultiHostNonEapMacTable 1 }
|
|
|
|
BseeMultiHostNonEapMacEntry ::=
|
|
SEQUENCE {
|
|
bseeMultiHostNonEapMacPortNumber InterfaceIndex,
|
|
bseeMultiHostNonEapMacClientMACAddr MacAddress,
|
|
bseeMultiHostNonEapMacRowStatus RowStatus
|
|
}
|
|
|
|
bseeMultiHostNonEapMacPortNumber OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Port number on which the MAC address is allowed."
|
|
::= { bseeMultiHostNonEapMacEntry 1 }
|
|
|
|
bseeMultiHostNonEapMacClientMACAddr OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The MAC address allowed on the port."
|
|
::= { bseeMultiHostNonEapMacEntry 2 }
|
|
|
|
bseeMultiHostNonEapMacRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is used to control creation/deletion of entries
|
|
in this table."
|
|
::= { bseeMultiHostNonEapMacEntry 3 }
|
|
|
|
|
|
--
|
|
-- EAP Multi-Host Non-EAP Status Table
|
|
--
|
|
|
|
bseeMultiHostNonEapStatusTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF BseeMultiHostNonEapStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table provides the authentication status of non-EAP
|
|
clients per-MAC address per-port."
|
|
::= { bayStackEapExtMib 7 }
|
|
|
|
bseeMultiHostNonEapStatusEntry OBJECT-TYPE
|
|
SYNTAX BseeMultiHostNonEapStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of authentication of a non-EAP client for a port."
|
|
INDEX { bseeMultiHostNonEapStatusPortNumber,
|
|
bseeMultiHostNonEapStatusClientMACAddr }
|
|
::= { bseeMultiHostNonEapStatusTable 1 }
|
|
|
|
BseeMultiHostNonEapStatusEntry ::=
|
|
SEQUENCE {
|
|
bseeMultiHostNonEapStatusPortNumber InterfaceIndex,
|
|
bseeMultiHostNonEapStatusClientMACAddr MacAddress,
|
|
bseeMultiHostNonEapStatusState INTEGER,
|
|
bseeMultiHostNonEapStatusReauthenticate INTEGER
|
|
}
|
|
|
|
bseeMultiHostNonEapStatusPortNumber OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Port number associated with this client."
|
|
::= { bseeMultiHostNonEapStatusEntry 1 }
|
|
|
|
bseeMultiHostNonEapStatusClientMACAddr OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The MAC address of the client."
|
|
::= { bseeMultiHostNonEapStatusEntry 2 }
|
|
|
|
bseeMultiHostNonEapStatusState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
rejected(1),
|
|
locallyAuthenticated(2),
|
|
radiusPending(3),
|
|
radiusAuthenticated(4),
|
|
adacAuthenticated(5),
|
|
mhsaAuthenticated(6)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The authentication status. Values are:
|
|
|
|
rejected(1) - the MAC address could not be authenticated
|
|
on this port
|
|
|
|
locallyAuthenticated(2) - the MAC address was authenticated
|
|
using the local table of allowed clients
|
|
|
|
radiusPending(3) - the MAC address is awaiting
|
|
authentication by a RADIUS server
|
|
|
|
radiusAuthenticated(4) - the MAC address was authenticated
|
|
by a RADIUS server
|
|
|
|
adacAuthenticated(5) - the MAC address was authenticated using
|
|
ADAC configuration tables
|
|
|
|
mhsaAuthenticated(6) - the MAC address was auto-authenticated
|
|
on a port following a successful authentication
|
|
of an EAP client"
|
|
::= { bseeMultiHostNonEapStatusEntry 3 }
|
|
|
|
bseeMultiHostNonEapStatusReauthenticate OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
reauthenticate(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Setting this object to reauthenticate(2) will force the MAC address
|
|
to be reauthenticated. When retrieved, the value of this object is
|
|
always other(1)."
|
|
::= { bseeMultiHostNonEapStatusEntry 4 }
|
|
|
|
END
|