mirror of
https://github.com/hsnodgrass/snmp_mib_archive.git
synced 2025-04-17 16:03:04 +00:00
4047 lines
134 KiB
Plaintext
4047 lines
134 KiB
Plaintext
-- *****************************************************************
|
|
-- CISCO-PAE-MIB: CISCO private MIB for IEEE 802.1x
|
|
--
|
|
-- September 2001, Binh P Le
|
|
--
|
|
-- Copyright (c) 2001-2009 by cisco Systems Inc.
|
|
-- All rights reserved.
|
|
-- ****************************************************************
|
|
|
|
CISCO-PAE-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
OBJECT-TYPE,
|
|
MODULE-IDENTITY,
|
|
NOTIFICATION-TYPE,
|
|
Unsigned32
|
|
FROM SNMPv2-SMI
|
|
OBJECT-GROUP,
|
|
MODULE-COMPLIANCE,
|
|
NOTIFICATION-GROUP
|
|
FROM SNMPv2-CONF
|
|
TruthValue,
|
|
MacAddress,
|
|
RowStatus,
|
|
TEXTUAL-CONVENTION
|
|
FROM SNMPv2-TC
|
|
SnmpAdminString
|
|
FROM SNMP-FRAMEWORK-MIB
|
|
InetAddress,
|
|
InetAddressType
|
|
FROM INET-ADDRESS-MIB
|
|
dot1xPaePortEntry,
|
|
dot1xPaePortNumber,
|
|
dot1xAuthPaeState,
|
|
dot1xAuthConfigEntry,
|
|
PaeControlledPortStatus
|
|
FROM IEEE8021-PAE-MIB
|
|
InterfaceIndex
|
|
FROM IF-MIB
|
|
VlanIndex
|
|
FROM CISCO-VTP-MIB
|
|
CiscoURLString
|
|
FROM CISCO-TC
|
|
CnnEouPostureToken,
|
|
CnnEouPostureTokenString
|
|
FROM CISCO-NAC-TC-MIB
|
|
CpgPolicyNameOrEmpty
|
|
FROM CISCO-POLICY-GROUP-MIB
|
|
ciscoMgmt
|
|
FROM CISCO-SMI;
|
|
|
|
|
|
ciscoPaeMIB MODULE-IDENTITY
|
|
LAST-UPDATED "200912100000Z"
|
|
ORGANIZATION "Cisco System, Inc."
|
|
CONTACT-INFO
|
|
"Cisco Systems
|
|
Customer Service
|
|
|
|
Postal: 170 W Tasman Drive
|
|
San Jose, CA 95134
|
|
USA
|
|
|
|
Tel: +1 800 553-NETS
|
|
|
|
E-mail: cs-ibns@cisco.com,
|
|
cs-lan-switch-snmp@cisco.com"
|
|
DESCRIPTION
|
|
"Cisco Port Access Entity (PAE) module for managing
|
|
IEEE Std 802.1x.
|
|
|
|
This MIB provides Port Access Entity information
|
|
that are either excluded by IEEE8021-PAE-MIB or
|
|
specific to Cisco products."
|
|
REVISION "200912100000Z"
|
|
DESCRIPTION
|
|
"Added cpaeSuppPortProfileGroup,
|
|
and cpaeSuppHostInfoGroup."
|
|
REVISION "200807070000Z"
|
|
DESCRIPTION
|
|
"Added TEXTUAL-CONVENTION CpaeAuthState.
|
|
Added enumerated value other(4) to cpaePortMode.
|
|
|
|
Added cpaeHostSessionIdGroup,
|
|
cpaeGuestVlanNotifEnableGroup,
|
|
cpaeGuestVlanNotifGroup,
|
|
cpaeAuthFailVlanNotifEnableGrp,
|
|
cpaeAuthFailVlanNotifGroup,
|
|
cpaeHostAuthInfoGroup,
|
|
cpaePortCapabilitiesConfigGroup,
|
|
cpaeDot1xSuppToGuestVlanGroup.
|
|
|
|
Deprecated cpaePortAuthFailVlanGroup, replaced by
|
|
cpaePortAuthFailVlanConfigGroup and
|
|
cpaePortAuthFailUserInfoGroup.
|
|
|
|
Deprecated cpaeCompliance8, replaced by cpaeCompliance9."
|
|
REVISION "200804090000Z"
|
|
DESCRIPTION
|
|
"Added cpaeMabAuditInfoGroup,
|
|
cpaeHostUrlRedirectGroup,
|
|
cpaeMabPortIpDevTrackConfGroup,
|
|
cpaePortIpDevTrackConfGroup,
|
|
cpaeWebAuthIpDevTrackingGroup,
|
|
cpaeWebAuthUnAuthTimeoutGroup,
|
|
cpaeGlobalAuthFailVlanGroup,
|
|
cpaeGlobalSecViolationGroup,
|
|
cpaeCriticalEapolConfigGroup.
|
|
|
|
Deprecated cpaeMacAuthBypassGroup and replace
|
|
it by cpaeMacAuthBypassPortEnableGroup, and
|
|
cpaeMacAuthBypassGroup4;
|
|
|
|
Deprecated cpaeAuthConfigGroup and replace it by
|
|
cpaeAuthIabConfigGroup, cpaeAuthConfigGroup3 and
|
|
cpaeAuthConfigGroup4.
|
|
|
|
Modified cpaeMacAuthBypassPortAuthState to add 'ipAwaiting'
|
|
and 'policyConfig' enum values."
|
|
REVISION "200704250000Z"
|
|
DESCRIPTION
|
|
"Added cpaeMacAuthBypassGroup3,
|
|
and cpaeHostPostureTokenGroup."
|
|
REVISION "200704160000Z"
|
|
DESCRIPTION
|
|
"Add cpaeHostInfoGroup3."
|
|
REVISION "200701270000Z"
|
|
DESCRIPTION
|
|
"Added 'aaaFail' state to
|
|
cpaeMacAuthBypassPortAuthState and
|
|
cpaeWebAuthHostState.
|
|
|
|
Added cpaePortAuthFailVlanGroup2,
|
|
cpaeWebAuthAaaFailGroup,
|
|
cpaeMacAuthBypassGroup2,
|
|
cpaePortEapolTestGroup,
|
|
cpaeHostInfoGroup2,
|
|
cpaeAuthConfigGroup2,
|
|
cpaeCriticalRecoveryDelayGroup,
|
|
cpaeMacAuthBypassCriticalGroup, and
|
|
cpaeWebAuthCriticalGroup.
|
|
|
|
Obsoleted cpaeHostInfoPostureToken object."
|
|
REVISION "200509220000Z"
|
|
DESCRIPTION
|
|
"Added cpaeGuestVlanGroup3, cpaePortAuthFailVlanGroup,
|
|
cpaePortOperVlanGroup, cpaeNoGuestVlanNotifEnableGrp,
|
|
cpaeNoAuthFailVlanNotifEnableGrp,
|
|
cpaeNoGuestVlanNotifGroup,
|
|
cpaeNoAuthFailVlanNotifGroup, cpaeMacAuthBypassGroup,
|
|
cpaeWebAuthGroup, cpaeAuthConfigGroup and
|
|
cpaeHostInfoGroup.
|
|
|
|
Deprecated cpaeInGuestVlan, cpaeGuestVlanGroup2."
|
|
REVISION "200404230000Z"
|
|
DESCRIPTION
|
|
"Modified the DESCRIPTION clauses of cpaeGuestVlanNumber
|
|
and cpaeGuestVlanId."
|
|
REVISION "200404010000Z"
|
|
DESCRIPTION
|
|
"Added cpaeUserGroupGroup and cpaeRadiusConfigGroup."
|
|
REVISION "200304080000Z"
|
|
DESCRIPTION
|
|
"Added cpaeGuestVlanGroup2 and cpaeShutdownTimeoutGroup.
|
|
Deprecated cpaeGuestVlanGroup."
|
|
REVISION "200210160000Z"
|
|
DESCRIPTION
|
|
"Added cpaePortEntryGroup and cpaeGuestVlanGroup.
|
|
Deprecated cpaeMultipleHostGroup."
|
|
REVISION "200105241016Z"
|
|
DESCRIPTION
|
|
"Initial version of this MIB module."
|
|
::= { ciscoMgmt 220 }
|
|
|
|
|
|
cpaeMIBNotification OBJECT IDENTIFIER
|
|
::= { ciscoPaeMIB 0 }
|
|
|
|
cpaeMIBObject OBJECT IDENTIFIER
|
|
::= { ciscoPaeMIB 1 }
|
|
|
|
cpaeMIBConformance OBJECT IDENTIFIER
|
|
::= { ciscoPaeMIB 2 }
|
|
|
|
|
|
-- - Textual Conventions
|
|
|
|
ReAuthPeriodSource ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source of the reAuthPeriod constant, used by the
|
|
802.1x Reauthentication Timer state machine.
|
|
|
|
local : local configured reauthentication period
|
|
specified by the object dot1xAuthReAuthPeriod
|
|
will be used.
|
|
|
|
server: the reauthentication period will be received
|
|
from the Authentication server.
|
|
|
|
auto : source of reauthentication period will be
|
|
decided by the system."
|
|
SYNTAX INTEGER {
|
|
local(1),
|
|
server(2),
|
|
auto(3)
|
|
}
|
|
|
|
CpaeAuthState ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Authenticator PAE state machine value.
|
|
|
|
other :None of the following states.
|
|
|
|
initialize :The PAE state machine is being initialized.
|
|
|
|
disconnected :An explicit logoff request is received from
|
|
the Supplicant, or the number of permissible
|
|
reauthentication attempts has been exceeded.
|
|
|
|
connecting :Attempting to establish a communication
|
|
with a Supplicant.
|
|
|
|
authenticating:A Supplicant is being authenticated.
|
|
|
|
authenticated :The Authenticator has successfully
|
|
authenticated the Supplicant.
|
|
|
|
aborting :The authentication process is
|
|
prematurely aborted due to receipt of
|
|
a reauthentication request, or an
|
|
EAPOL-Start frame, or an EAPOL-Logoff
|
|
frame, or an authTimeout.
|
|
|
|
held :The state machine ignores and discards all
|
|
EAPOL packets, so as to discourage brute
|
|
force attacks. This state is entered from
|
|
the 'authenticating' state following an
|
|
authentication failure. At the expiration
|
|
of the quietWhile timer, the state machine
|
|
transitions to the 'connecting' state.
|
|
|
|
forceAuth :The port is set to Authorized, and a canned
|
|
EAP Success packet is sent to the Supplicant.
|
|
|
|
forceUnauth :The port is set to Unauthorized, and a
|
|
canned EAP Failure packet is sent to the
|
|
Supplicant. If EAP-Start messages
|
|
are received from the Supplicant, the
|
|
state is re-entered and further EAP Failure
|
|
messages are sent.
|
|
|
|
guestVlan :The port has been moved to a configured
|
|
Guest VLAN.
|
|
|
|
authFailVlan :The port has been moved to a configured
|
|
Authentication Failed VLAN.
|
|
|
|
criticalAuth :The port has been authorized by Critical
|
|
Authentication because RADIUS server is
|
|
not reachable, or does not response.
|
|
|
|
ipAwaiting :The port is waiting for an IP address from
|
|
DHCP server.
|
|
|
|
policyConfig :This state is entered from 'ipAwaiting'
|
|
state if an IP address is received and
|
|
the corresponding policies are being
|
|
installed.
|
|
|
|
authFinished :The port is set to Authorized by MAC
|
|
Authentication Bypass feature.
|
|
|
|
restart :The PAE state machine has been restarted.
|
|
|
|
authFallback :Fallback mechanism is applied to the
|
|
authentication process.
|
|
|
|
authCResult :Authentication completed and the validity
|
|
of the authorization features is checked.
|
|
|
|
authZSuccess :Authorization policies based on the
|
|
authentication result are applied. If the
|
|
policies are applied successfully then the
|
|
port is authorized otherwise unauthorized."
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
initialize(2),
|
|
disconnected(3),
|
|
connecting(4),
|
|
authenticating(5),
|
|
authenticated(6),
|
|
aborting(7),
|
|
held(8),
|
|
forceAuth(9),
|
|
forceUnauth(10),
|
|
guestVlan(11),
|
|
authFailVlan(12),
|
|
criticalAuth(13),
|
|
ipAwaiting(14),
|
|
policyConfig(15),
|
|
authFinished(16),
|
|
restart(17),
|
|
authFallback(18),
|
|
authCResult(19),
|
|
authZSuccess(20)
|
|
}
|
|
|
|
cpaePortTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaePortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of system level information for each port
|
|
supported by the Port Access Entity. An entry
|
|
appears in this table for each PAE port of this system.
|
|
This table contains additional objects for the
|
|
dot1xPaePortTable."
|
|
REFERENCE
|
|
"802.1X-2001 9.6.1,
|
|
802.1X-2004 9.6.1"
|
|
::= { cpaeMIBObject 1 }
|
|
|
|
cpaePortEntry OBJECT-TYPE
|
|
SYNTAX CpaePortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing additional management information
|
|
applicable to a particular PAE port."
|
|
AUGMENTS { dot1xPaePortEntry }
|
|
|
|
::= { cpaePortTable 1 }
|
|
|
|
CpaePortEntry ::= SEQUENCE {
|
|
cpaeMultipleHost TruthValue,
|
|
cpaePortMode INTEGER,
|
|
cpaeGuestVlanNumber VlanIndex,
|
|
cpaeInGuestVlan TruthValue,
|
|
cpaeShutdownTimeoutEnabled TruthValue,
|
|
cpaePortAuthFailVlan VlanIndex,
|
|
cpaePortOperVlan VlanIndex,
|
|
cpaePortOperVlanType INTEGER,
|
|
cpaeAuthFailVlanMaxAttempts Unsigned32,
|
|
cpaePortCapabilitiesEnabled BITS
|
|
}
|
|
|
|
cpaeMultipleHost OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"Specifies whether the port allows multiple-host
|
|
connection or not."
|
|
::= { cpaePortEntry 1 }
|
|
|
|
cpaePortMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
singleHost(1),
|
|
multiHost(2),
|
|
multiAuth(3),
|
|
other(4)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the current mode of dot1x operation on
|
|
the port.
|
|
singleHost(1): port allows one host to connect
|
|
and authenticate.
|
|
multiHost(2) : port allows multiple hosts to
|
|
connect. Once a host is
|
|
authenticated, all remaining hosts
|
|
are also authorized.
|
|
multiAuth(3) : port allows multiple hosts to
|
|
connect and each host is
|
|
authenticated.
|
|
|
|
other(4) : none of the above. This is a
|
|
read-only value which can not
|
|
be used in set operation.
|
|
|
|
If the port security feature is enabled on the
|
|
interface, the configuration of the port security
|
|
(such as the number of the hosts allowed, the security
|
|
violation action, etc) will apply to the interface."
|
|
::= { cpaePortEntry 2 }
|
|
|
|
cpaeGuestVlanNumber OBJECT-TYPE
|
|
SYNTAX VlanIndex
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the Guest Vlan of the interface.
|
|
An interface with cpaePortMode value of 'singleHost'
|
|
will be moved to its Guest Vlan if the supplicant on
|
|
the interface is not capable of IEEE-802.1x
|
|
authentication.
|
|
|
|
A value of zero for this object indicates no Guest
|
|
Vlan configured for the interface."
|
|
::= { cpaePortEntry 3 }
|
|
|
|
cpaeInGuestVlan OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"Indicates whether the interface is in its Guest Vlan
|
|
or not.
|
|
|
|
The object is deprecated in favor of newly added
|
|
object cpaePortOperVlanType."
|
|
::= { cpaePortEntry 4 }
|
|
|
|
cpaeShutdownTimeoutEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies whether shutdown timeout feature is enabled
|
|
on the interface."
|
|
::= { cpaePortEntry 5 }
|
|
|
|
cpaePortAuthFailVlan OBJECT-TYPE
|
|
SYNTAX VlanIndex
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the Auth-Fail (Authentication Fail) Vlan of
|
|
the port. A port is moved to Auth-Fail Vlan if the
|
|
supplicant which support IEEE-802.1x authentication is
|
|
unsuccessfully authenticated.
|
|
|
|
A value of zero for this object indicates no Auth-Fail
|
|
Vlan configured for the port."
|
|
::= { cpaePortEntry 6 }
|
|
|
|
cpaePortOperVlan OBJECT-TYPE
|
|
SYNTAX VlanIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The VlanIndex of the Vlan which is assigned to this
|
|
port via IEEE-802.1x and related methods of
|
|
authentication supported by the system.
|
|
|
|
A value of zero for this object indicates that no
|
|
Vlan is assigned to this port via IEEE-802.1x
|
|
authentication."
|
|
::= { cpaePortEntry 7 }
|
|
|
|
cpaePortOperVlanType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
none(2),
|
|
guest(3),
|
|
authFail(4)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of the Vlan which is assigned to this port
|
|
via IEEE-802.1x and related methods of authentication
|
|
supported by the system.
|
|
|
|
A value of 'other' for this object indicates type of
|
|
Vlan assigned to this port; via IEEE-802.1x
|
|
authentication; is other than the ones specified by
|
|
listed enumerations for this object.
|
|
|
|
A value of 'none' for this object indicates that there
|
|
is no Vlan assigned to this port via IEEE-802.1x
|
|
authentication. For such a case, corresponding value
|
|
of cpaePortOperVlan object will be zero.
|
|
|
|
A value of 'guest' for this object indicates that Vlan
|
|
assigned to this port; via IEEE-802.1x authentication;
|
|
is of type Guest Vlan and specified by the object
|
|
cpaeGuestVlanNumber for this entry.
|
|
|
|
A value of 'authFail' for this object indicates that
|
|
Vlan assigned to this port; via IEEE-802.1x
|
|
authentication; is of type Auth-Fail Vlan and
|
|
specified by the object cpaePortAuthFailVlan for
|
|
this entry."
|
|
::= { cpaePortEntry 8 }
|
|
|
|
cpaeAuthFailVlanMaxAttempts OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the maximum number of authentication attempts
|
|
should be made before the port is moved into the
|
|
Auth-Fail Vlan."
|
|
::= { cpaePortEntry 9 }
|
|
|
|
cpaePortCapabilitiesEnabled OBJECT-TYPE
|
|
SYNTAX BITS {
|
|
authenticator(0),
|
|
supplicant(1)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the type of PAE functionality of the port
|
|
which are enabled.
|
|
|
|
authenticator: PAE Authenticator functions are enabled.
|
|
|
|
supplicant : PAE Supplicant functions are enabled.
|
|
|
|
Only those supported PAE functions which are listed
|
|
in the corresponding instance of dot1xPaePortCapabilities
|
|
can be enabled."
|
|
REFERENCE
|
|
"802.1X-2001 9.6.1, PAE Capabilities,
|
|
802.1X-2004 9.6.1, PAE Capabilities"
|
|
::= { cpaePortEntry 10 }
|
|
|
|
|
|
|
|
cpaeGuestVlanId OBJECT-TYPE
|
|
SYNTAX VlanIndex
|
|
MAX-ACCESS read-write
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"Specifies the Guest Vlan of the system.
|
|
An interface with cpaePortMode value of 'singleHost'
|
|
will be moved to Guest Vlan if the supplicant on the
|
|
interface is not IEEE-802.1x capable.
|
|
|
|
A value of zero indicates no Guest Vlan configured in
|
|
the system.
|
|
|
|
If the platform supports per-port guest Vlan ID
|
|
configuration, this object is not instantiated."
|
|
::= { cpaeMIBObject 2 }
|
|
|
|
cpaeShutdownTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..65535)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the shutdown timeout interval to enable the
|
|
interface automatically in case it is shutdown due to
|
|
security violation.
|
|
|
|
If the value of this object is 0, the interfaces
|
|
shutdown due to the security violation will not be
|
|
enabled automatically.
|
|
|
|
The value of this object is applicable to the
|
|
interface only when cpaeShutdownTimeoutEnabled is
|
|
'true', and port security feature is disabled on the
|
|
interface."
|
|
::= { cpaeMIBObject 3 }
|
|
|
|
cpaeRadiusAccountingEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if RADIUS accounting is enabled for 802.1x
|
|
on this devices."
|
|
::= { cpaeMIBObject 4 }
|
|
|
|
cpaeUserGroupTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaeUserGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of Group Manager and authenticated users
|
|
information on the device."
|
|
::= { cpaeMIBObject 5 }
|
|
|
|
cpaeUserGroupEntry OBJECT-TYPE
|
|
SYNTAX CpaeUserGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Information about an 802.1x authenticated user on the
|
|
devices."
|
|
INDEX {
|
|
cpaeUserGroupName,
|
|
cpaeUserGroupUserIndex
|
|
}
|
|
::= { cpaeUserGroupTable 1 }
|
|
|
|
CpaeUserGroupEntry ::= SEQUENCE {
|
|
cpaeUserGroupName SnmpAdminString,
|
|
cpaeUserGroupUserIndex Unsigned32,
|
|
cpaeUserGroupUserName SnmpAdminString,
|
|
cpaeUserGroupUserAddrType InetAddressType,
|
|
cpaeUserGroupUserAddr InetAddress,
|
|
cpaeUserGroupUserInterface InterfaceIndex,
|
|
cpaeUserGroupUserVlan VlanIndex
|
|
}
|
|
|
|
cpaeUserGroupName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (1..100))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the name of the group that the user
|
|
belongs to."
|
|
::= { cpaeUserGroupEntry 1 }
|
|
|
|
cpaeUserGroupUserIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of an user within a group."
|
|
::= { cpaeUserGroupEntry 2 }
|
|
|
|
cpaeUserGroupUserName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the name of the user authenticated on a
|
|
port of the device."
|
|
::= { cpaeUserGroupEntry 3 }
|
|
|
|
cpaeUserGroupUserAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the type of address used to determine
|
|
the address of the user."
|
|
::= { cpaeUserGroupEntry 4 }
|
|
|
|
cpaeUserGroupUserAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the address of the host that the user
|
|
logging from."
|
|
::= { cpaeUserGroupEntry 5 }
|
|
|
|
cpaeUserGroupUserInterface OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the interface index that the user is
|
|
authenticated on."
|
|
::= { cpaeUserGroupEntry 6 }
|
|
|
|
cpaeUserGroupUserVlan OBJECT-TYPE
|
|
SYNTAX VlanIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the vlan that the user belongs to."
|
|
::= { cpaeUserGroupEntry 7 }
|
|
|
|
|
|
|
|
cpaeAuthFailUserTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaeAuthFailUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table to list user information for each port on
|
|
the system supported by the Port Access Entity and
|
|
assigned to Auth-Fail Vlan."
|
|
::= { cpaeMIBObject 6 }
|
|
|
|
cpaeAuthFailUserEntry OBJECT-TYPE
|
|
SYNTAX CpaeAuthFailUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry appears in this table for each PAE port on
|
|
the system which is assigned to Vlan of type
|
|
'authFail' via IEEE-802.1x authentication."
|
|
INDEX { dot1xPaePortNumber }
|
|
::= { cpaeAuthFailUserTable 1 }
|
|
|
|
CpaeAuthFailUserEntry ::= SEQUENCE {
|
|
cpaeAuthFailUserName SnmpAdminString
|
|
}
|
|
|
|
cpaeAuthFailUserName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the name of the user who failed IEEE-802.1x
|
|
authentication and hence now assigned to Auth-Fail
|
|
Vlan.
|
|
|
|
The Auth-Fail Vlan to which the user belongs is
|
|
determined by the value of object cpaePortAuthFailVlan
|
|
for this port."
|
|
::= { cpaeAuthFailUserEntry 1 }
|
|
|
|
|
|
-- Notifications Control
|
|
|
|
cpaeNotificationControl OBJECT IDENTIFIER
|
|
::= { cpaeMIBObject 7 }
|
|
|
|
|
|
cpaeNoGuestVlanNotifEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether the system produces
|
|
the cpaeNoGuestVlanNotif.
|
|
|
|
A 'false' value will prevent cpaeNoGuestVlanNotif from
|
|
being generated by this system."
|
|
::= { cpaeNotificationControl 1 }
|
|
|
|
cpaeNoAuthFailVlanNotifEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether the system produces
|
|
the cpaeNoAuthFailVlanNotif.
|
|
|
|
A 'false' value will prevent cpaeNoAuthFailVlanNotif
|
|
from being generated by this system."
|
|
::= { cpaeNotificationControl 2 }
|
|
|
|
cpaeGuestVlanNotifEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether the system produces
|
|
the cpaeGuestVlanNotif.
|
|
|
|
A 'false' value will prevent cpaeGuestVlanNotif from
|
|
being generated by this system."
|
|
::= { cpaeNotificationControl 3 }
|
|
|
|
cpaeAuthFailVlanNotifEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether the system produces
|
|
the cpaeAuthFailVlanNotif.
|
|
|
|
A 'false' value will prevent cpaeAuthFailVlanNotif from
|
|
being generated by this system."
|
|
::= { cpaeNotificationControl 4 }
|
|
-- MAC Authentication Bypass feature
|
|
|
|
cpaeMacAuthBypass OBJECT IDENTIFIER
|
|
::= { cpaeMIBObject 8 }
|
|
|
|
|
|
cpaeMacAuthBypassReAuthTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the waiting time before reauthentication is
|
|
triggered on all MAC Auth-bypass authenticated ports."
|
|
::= { cpaeMacAuthBypass 1 }
|
|
|
|
cpaeMacAuthBypassReAuthEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The reauthentication control for all MAC Auth-bypass
|
|
ports. Setting this object to 'true' causes every MAC
|
|
Auth-Bypass authenticated port to reauthenticate the
|
|
device connecting to the port, after every period of
|
|
time specified by the object
|
|
cpaeMacAuthBypassReAuthTimeout. Setting this object
|
|
to 'false' will disable the MAC Auth-Bypass global
|
|
reauthentication."
|
|
::= { cpaeMacAuthBypass 2 }
|
|
|
|
cpaeMacAuthBypassViolation OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
restrict(1),
|
|
shutdown(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the action upon reception of a security
|
|
violation event.
|
|
|
|
restrict(1): Packets from MAC address of the
|
|
device causing security violation
|
|
will be dropped.
|
|
|
|
shutdown(2): The port that causes security
|
|
violation will be shutdown."
|
|
::= { cpaeMacAuthBypass 3 }
|
|
|
|
cpaeMacAuthBypassShutdownTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies time before a port is auto-enabled after
|
|
being shutdown due to a MAC Auth-bypass security
|
|
violation."
|
|
::= { cpaeMacAuthBypass 4 }
|
|
|
|
cpaeMacAuthBypassAuthFailTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the time a MAC Auth-bypass unauthenticated
|
|
port waits before trying the authentication process
|
|
again."
|
|
::= { cpaeMacAuthBypass 5 }
|
|
|
|
cpaeMacAuthBypassPortTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaeMacAuthBypassPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of MAC Authentication Bypass (MAC
|
|
Auth-Bypass) configuration and information for
|
|
ports in the device."
|
|
::= { cpaeMacAuthBypass 6 }
|
|
|
|
cpaeMacAuthBypassPortEntry OBJECT-TYPE
|
|
SYNTAX CpaeMacAuthBypassPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing management information for
|
|
MAC Auth-Bypass feature on a port."
|
|
INDEX { dot1xPaePortNumber }
|
|
::= { cpaeMacAuthBypassPortTable 1 }
|
|
|
|
CpaeMacAuthBypassPortEntry ::= SEQUENCE {
|
|
cpaeMacAuthBypassPortEnabled TruthValue,
|
|
cpaeMacAuthBypassPortInitialize TruthValue,
|
|
cpaeMacAuthBypassPortReAuth TruthValue,
|
|
cpaeMacAuthBypassPortMacAddress MacAddress,
|
|
cpaeMacAuthBypassPortAuthState INTEGER,
|
|
cpaeMacAuthBypassPortTermAction INTEGER,
|
|
cpaeMacAuthBypassSessionTimeLeft Unsigned32,
|
|
cpaeMacAuthBypassPortAuthMethod INTEGER,
|
|
cpaeMacAuthBypassPortSessionId SnmpAdminString,
|
|
cpaeMacAuthBypassPortUrlRedirect SnmpAdminString,
|
|
cpaeMacAuthBypassPortPostureTok CnnEouPostureTokenString
|
|
}
|
|
|
|
cpaeMacAuthBypassPortEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies whether MAC Auth-Bypass is enabled
|
|
on the port."
|
|
::= { cpaeMacAuthBypassPortEntry 1 }
|
|
|
|
cpaeMacAuthBypassPortInitialize OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The initialization control for this port. Setting
|
|
this object to 'true' causes the MAC Auth-bypass
|
|
state machine to be initialized on the port. Setting
|
|
this object to 'false' has no effect.
|
|
|
|
This object always returns 'false' when it is read."
|
|
::= { cpaeMacAuthBypassPortEntry 2 }
|
|
|
|
cpaeMacAuthBypassPortReAuth OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The reauthentication control for this port. Setting
|
|
this object to 'true' causes the MAC address of the
|
|
device connecting to the port to be reauthenticated.
|
|
Setting this object to 'false' has no effect.
|
|
|
|
This object always returns 'false' when it is read."
|
|
::= { cpaeMacAuthBypassPortEntry 3 }
|
|
|
|
cpaeMacAuthBypassPortMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the MAC address of the device connecting
|
|
to the port."
|
|
::= { cpaeMacAuthBypassPortEntry 4 }
|
|
|
|
cpaeMacAuthBypassPortAuthState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
waiting(2),
|
|
authenticating(3),
|
|
authenticated(4),
|
|
fail(5),
|
|
finished(6),
|
|
aaaFail(7),
|
|
ipAwaiting(8),
|
|
policyConfig(9)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the current state of the MAC Auth-Bypass
|
|
state machine.
|
|
|
|
other(1) : An unknown state.
|
|
|
|
waiting(2) : Waiting to receive the MAC address
|
|
that needs to be authenticated.
|
|
|
|
authenticating(3): In authentication process.
|
|
|
|
authenticated(4) : MAC address of the device connecting
|
|
to the port is authenticated.
|
|
|
|
fail(5) : MAC Auth-bypass authentication
|
|
failed. Port waits for a period of
|
|
time before moving to the 'waiting'
|
|
state, if there is no other
|
|
authentication features available
|
|
in the system.
|
|
|
|
finished(6) : MAC Auth-bypass authentication
|
|
failed. Port is authenticated by
|
|
another authentication feature.
|
|
|
|
aaaFail(7) : AAA server is not reachable after
|
|
sending the authentication request
|
|
or after the expiration of
|
|
re-authentication timeout, with IAB
|
|
(Inaccessible Authentication Bypass)
|
|
enabled on the port.
|
|
|
|
ipAwaiting(8) : Corresponding QoS/Security ACLs and other
|
|
Vendor Specific Attributes are being
|
|
configured on the port, after which IP
|
|
address will be obtained via DHCP snooping
|
|
or ARP inspection.
|
|
|
|
policyConfig(9) : Policy Groups or downloaded ACLs are being
|
|
configured on the port."
|
|
::= { cpaeMacAuthBypassPortEntry 5 }
|
|
|
|
cpaeMacAuthBypassPortTermAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
init(2),
|
|
reauth(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the termination action received from RADIUS
|
|
server that will be applied on the port when the
|
|
current session timeout expired.
|
|
|
|
other : none of the following.
|
|
init : current session will be terminated and a new
|
|
authentication process will be initiated.
|
|
reauth: reauthentication will be applied without
|
|
terminating the current session."
|
|
::= { cpaeMacAuthBypassPortEntry 6 }
|
|
|
|
cpaeMacAuthBypassSessionTimeLeft OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the leftover time of the current MAC
|
|
Auth-Bypass session on this port."
|
|
::= { cpaeMacAuthBypassPortEntry 7 }
|
|
|
|
cpaeMacAuthBypassPortAuthMethod OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
radius(1),
|
|
eap(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the authentication method used by
|
|
MAC Authentication Bypass.
|
|
|
|
radius(1) : communication with authentication server
|
|
is performed via RADIUS messages.
|
|
|
|
eap(2) : communication with authentication server
|
|
is performed via EAP messages."
|
|
::= { cpaeMacAuthBypassPortEntry 8 }
|
|
|
|
cpaeMacAuthBypassPortSessionId OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the session ID of the MAC Auth-Bypass
|
|
Audit session on the port. A zero length string will be
|
|
returned for this object if value of the corresponding instance
|
|
of cpaeMacAuthBypassPortEnabled is 'false'."
|
|
::= { cpaeMacAuthBypassPortEntry 9 }
|
|
|
|
cpaeMacAuthBypassPortUrlRedirect OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the URL of an Audit server, provided by AAA
|
|
server, to which a MAC auth-Bypass host will be
|
|
redirected to when an Audit session starts off. A
|
|
zero-length string indicates that the audit process will
|
|
be performed via port scan instead, or value of the
|
|
corresponding instance of cpaeMacAuthBypassPortEnabled is
|
|
'false'."
|
|
::= { cpaeMacAuthBypassPortEntry 10 }
|
|
|
|
cpaeMacAuthBypassPortPostureTok OBJECT-TYPE
|
|
SYNTAX CnnEouPostureTokenString (SIZE (0..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the Posture Token assigned to the MAC
|
|
Auth-Bypass host connected to this port. A zero length string
|
|
will be returned for this object if value of the corresponding
|
|
instance of cpaeMacAuthBypassPortEnabled is 'false'."
|
|
::= { cpaeMacAuthBypassPortEntry 11 }
|
|
|
|
|
|
|
|
cpaeMacAuthBypassAcctEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if accounting is enabled for Mac
|
|
Authentication Bypass feature on this device."
|
|
::= { cpaeMacAuthBypass 7 }
|
|
|
|
cpaeMabCriticalRecoveryDelay OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "milli-seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the critical recovery delay
|
|
time for Mac Authentication Bypass in the system. A
|
|
value of zero indicates that critical recovery delay
|
|
for MAC Authentication Bypass is disabled."
|
|
::= { cpaeMacAuthBypass 8 }
|
|
|
|
cpaeMabPortIpDevTrackConfTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaeMabPortIpDevTrackConfEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of IP Device Tracking configuration for MAC
|
|
Auth-Bypass interfaces in the system."
|
|
::= { cpaeMacAuthBypass 9 }
|
|
|
|
cpaeMabPortIpDevTrackConfEntry OBJECT-TYPE
|
|
SYNTAX CpaeMabPortIpDevTrackConfEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry of MAC Auth-Bypass configuration for IP Device
|
|
Tracking on an MAC Auth-Bypass capable interface."
|
|
INDEX { dot1xPaePortNumber }
|
|
::= { cpaeMabPortIpDevTrackConfTable 1 }
|
|
|
|
CpaeMabPortIpDevTrackConfEntry ::= SEQUENCE {
|
|
cpaeMabPortIpDevTrackEnabled TruthValue
|
|
}
|
|
|
|
cpaeMabPortIpDevTrackEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies whether IP Device Tracking is enabled or not on this
|
|
port for the corresponding MAC Auth-bypass authenticated host."
|
|
::= { cpaeMabPortIpDevTrackConfEntry 1 }
|
|
|
|
|
|
-- Web Based Proxy Authentication feature
|
|
|
|
cpaeWebAuth OBJECT IDENTIFIER
|
|
::= { cpaeMIBObject 9 }
|
|
|
|
|
|
cpaeWebAuthEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies whether Web Proxy Authentication is enabled
|
|
in the system."
|
|
::= { cpaeWebAuth 1 }
|
|
|
|
cpaeWebAuthSessionPeriod OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the Web Proxy Authentication session period
|
|
for the system. Session period is the time after which
|
|
an Web Proxy Authenticated session is terminated."
|
|
::= { cpaeWebAuth 2 }
|
|
|
|
cpaeWebAuthLoginPage OBJECT-TYPE
|
|
SYNTAX CiscoURLString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the customized login page for Web Proxy
|
|
Authentication, in the format of an URL.
|
|
|
|
A customized login page is required to support the same
|
|
input fields as the default login page for users to
|
|
input credentials.
|
|
|
|
If this object contains a zero length string, the
|
|
default login page will be used."
|
|
::= { cpaeWebAuth 3 }
|
|
|
|
cpaeWebAuthLoginFailedPage OBJECT-TYPE
|
|
SYNTAX CiscoURLString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the customized login-failed page for Web
|
|
Proxy Authentication, in the format of an URL.
|
|
|
|
Login-failed page is sent back to the client upon an
|
|
authentication failure. A login-failed page requires to
|
|
have all the input fields of the login page, in
|
|
addition to the authentication failure information.
|
|
|
|
If this object contains a zero length string, the
|
|
default login-failed page will be used."
|
|
::= { cpaeWebAuth 4 }
|
|
|
|
cpaeWebAuthQuietPeriod OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the time a Web Proxy Authentication state
|
|
machine will be held in 'blackListed' state after
|
|
maximum authentication attempts."
|
|
::= { cpaeWebAuth 5 }
|
|
|
|
cpaeWebAuthMaxRetries OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the maximum number of unsuccessful login
|
|
attempts a user is allowed to make."
|
|
::= { cpaeWebAuth 6 }
|
|
|
|
cpaeWebAuthPortTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaeWebAuthPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of Web Proxy Authentication configuration and
|
|
information for the feature capable ports in the
|
|
device."
|
|
::= { cpaeWebAuth 7 }
|
|
|
|
cpaeWebAuthPortEntry OBJECT-TYPE
|
|
SYNTAX CpaeWebAuthPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing management information for Web
|
|
Proxy Authentication feature on a port."
|
|
INDEX { dot1xPaePortNumber }
|
|
::= { cpaeWebAuthPortTable 1 }
|
|
|
|
CpaeWebAuthPortEntry ::= SEQUENCE {
|
|
cpaeWebAuthPortEnabled TruthValue,
|
|
cpaeWebAuthPortInitialize TruthValue,
|
|
cpaeWebAuthPortAaaFailPolicy CpgPolicyNameOrEmpty,
|
|
cpaeWebAuthPortIpDevTrackEnabled TruthValue
|
|
}
|
|
|
|
cpaeWebAuthPortEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies whether Web Proxy Authentication is
|
|
enabled on the port."
|
|
::= { cpaeWebAuthPortEntry 1 }
|
|
|
|
cpaeWebAuthPortInitialize OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The initialization control for this port. Setting this
|
|
object to 'true' causes Web Proxy Authentication state
|
|
machine to be initialized for all the hosts connecting
|
|
to the port. Setting this object to 'false' has no
|
|
effect.
|
|
|
|
This object always returns 'false' when it is read."
|
|
::= { cpaeWebAuthPortEntry 2 }
|
|
|
|
cpaeWebAuthPortAaaFailPolicy OBJECT-TYPE
|
|
SYNTAX CpgPolicyNameOrEmpty
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the policy name to be applied on the port
|
|
when the corresponding cpaeWebAuthHostState is
|
|
'aaaFail'. The specified policy name must either be
|
|
an existing entry in cpgPolicyTable defined in
|
|
CISCO-POLICY-GROUP-MIB, or an empty string which
|
|
indicates that there will be no policy name
|
|
applied on the port when the corresponding
|
|
cpaeWebAuthHostState is 'aaaFail'."
|
|
::= { cpaeWebAuthPortEntry 3 }
|
|
|
|
cpaeWebAuthPortIpDevTrackEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies whether IP Device Tracking is enabled or not on this
|
|
port for the corresponding Web Proxy authenticated host."
|
|
::= { cpaeWebAuthPortEntry 4 }
|
|
|
|
|
|
|
|
cpaeWebAuthHostTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaeWebAuthHostEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of Web Proxy Authentication information for
|
|
hosts currently managed by the feature. An entry is
|
|
added to the table when a host is detected and Web
|
|
Proxy Authentication state machine is initiated for
|
|
the host."
|
|
::= { cpaeWebAuth 8 }
|
|
|
|
cpaeWebAuthHostEntry OBJECT-TYPE
|
|
SYNTAX CpaeWebAuthHostEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing management information for Web
|
|
Proxy Authentication feature on a host."
|
|
INDEX {
|
|
dot1xPaePortNumber,
|
|
cpaeWebAuthHostAddrType,
|
|
cpaeWebAuthHostAddress
|
|
}
|
|
::= { cpaeWebAuthHostTable 1 }
|
|
|
|
CpaeWebAuthHostEntry ::= SEQUENCE {
|
|
cpaeWebAuthHostAddrType InetAddressType,
|
|
cpaeWebAuthHostAddress InetAddress,
|
|
cpaeWebAuthAaaSessionPeriod Unsigned32,
|
|
cpaeWebAuthHostSessionTimeLeft Unsigned32,
|
|
cpaeWebAuthHostState INTEGER,
|
|
cpaeWebAuthHostInitialize TruthValue
|
|
}
|
|
|
|
cpaeWebAuthHostAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the Internet address type for the host."
|
|
::= { cpaeWebAuthHostEntry 1 }
|
|
|
|
cpaeWebAuthHostAddress OBJECT-TYPE
|
|
SYNTAX InetAddress (SIZE (0..64))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the Internet address for the host. The type
|
|
of this address is determined by the value of
|
|
cpaeWebAuthHostAddrType."
|
|
::= { cpaeWebAuthHostEntry 2 }
|
|
|
|
cpaeWebAuthAaaSessionPeriod OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the session period for a Web Proxy
|
|
Authenticated session on this host, supplied by the
|
|
AAA server. If value of this object is none zero,
|
|
it will take precedence over the period specified
|
|
by cpaeWebAuthPortSessionPeriod."
|
|
::= { cpaeWebAuthHostEntry 3 }
|
|
|
|
cpaeWebAuthHostSessionTimeLeft OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the leftover time of the current Web Proxy
|
|
Authenticated session for this host."
|
|
::= { cpaeWebAuthHostEntry 4 }
|
|
|
|
cpaeWebAuthHostState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
initialize(1),
|
|
connecting(2),
|
|
authenticating(3),
|
|
authenticated(4),
|
|
authFailed(5),
|
|
parseError(6),
|
|
sessionTimeout(7),
|
|
blackListed(8),
|
|
aaaFail(9)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the current state of the Web Proxy
|
|
Authentication state machine.
|
|
|
|
initialize : Initial state of the Web Proxy
|
|
Authentication state machine.
|
|
|
|
connecting : Login page is sent to the client,
|
|
waiting for response from the client.
|
|
|
|
authenticating: Credentials are extracted from client's
|
|
response and authenticating with the
|
|
AAA server.
|
|
|
|
authenticated : Web Proxy Authentication succeeded.
|
|
Session timer is started, policies are
|
|
applied, and success page is sent back
|
|
to client.
|
|
|
|
authFailed : Web Proxy Authentication failed. Login
|
|
page is resent with authentication
|
|
failure information embedded, if retry
|
|
count has not exceeded the maximum
|
|
number of retry attempts. Otherwise,
|
|
move to 'blackListed' state.
|
|
|
|
parseError : Failed to extract user's credentials
|
|
from the client's response.
|
|
|
|
sessionTimeout: Session timer expired, user's policies
|
|
are removed, state machine will moves
|
|
to 'initialize' state after that.
|
|
|
|
blackListed : Web Proxy Authentication retry count
|
|
has exceeded the maximum number of
|
|
retry attempts. Only setting the state
|
|
machine to 'initialize' will take it
|
|
out of this state.
|
|
|
|
aaaFail : AAA server is not reachable after
|
|
sending the authentication request, or
|
|
after host has been in 'blackListed'
|
|
state for the period of time specified
|
|
by cpaeWebAuthQuietPeriod, with IAB
|
|
(Inaccessible Authentication Bypass)
|
|
enabled on the corresponding port
|
|
connected to the host."
|
|
::= { cpaeWebAuthHostEntry 5 }
|
|
|
|
cpaeWebAuthHostInitialize OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The initialization control for this host. Setting this
|
|
object to 'true' causes Web Proxy Authentication state
|
|
machine to be initialized for the host. Setting this
|
|
object to 'false' has no effect.
|
|
|
|
This object always returns 'false' when it is read."
|
|
::= { cpaeWebAuthHostEntry 6 }
|
|
|
|
|
|
|
|
cpaeWebAuthCriticalRecoveryDelay OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "milli-seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the critical recovery delay
|
|
time for Web Proxy Authentication in the system. A value
|
|
of zero indicates that critical recovery delay for Web
|
|
Proxy Authentication is disabled."
|
|
::= { cpaeWebAuth 9 }
|
|
|
|
cpaeWebAuthUnAuthStateTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..4294967295)
|
|
UNITS "minutes"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The authentication timeout period for Web Proxy
|
|
Authentication. Once a host enters 'initialize' state as
|
|
indicated by its corresponding cpaeWebAuthHostState,
|
|
such host will be removed if it can not be authenticated
|
|
within the timeout period."
|
|
::= { cpaeWebAuth 10 }
|
|
-- LAN Port 802.1x
|
|
|
|
cpaeAuthConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaeAuthConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing the configuration objects for the
|
|
Authenticator PAE associated with each port. An entry
|
|
appears in this table for each PAE port that may
|
|
authenticate access to itself. This table contain
|
|
additional objects for the dot1xAuthConfigTable."
|
|
::= { cpaeMIBObject 10 }
|
|
|
|
cpaeAuthConfigEntry OBJECT-TYPE
|
|
SYNTAX CpaeAuthConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing additional management information
|
|
applicable to a particular Authenticator PAE."
|
|
AUGMENTS { dot1xAuthConfigEntry }
|
|
|
|
::= { cpaeAuthConfigTable 1 }
|
|
|
|
CpaeAuthConfigEntry ::= SEQUENCE {
|
|
cpaeAuthReAuthPeriodSrcAdmin ReAuthPeriodSource,
|
|
cpaeAuthReAuthPeriodSrcOper ReAuthPeriodSource,
|
|
cpaeAuthReAuthPeriodOper Unsigned32,
|
|
cpaeAuthTimeToNextReAuth Unsigned32,
|
|
cpaeAuthReAuthAction INTEGER,
|
|
cpaeAuthReAuthMax Unsigned32,
|
|
cpaeAuthIabEnabled TruthValue,
|
|
cpaeAuthPaeState CpaeAuthState
|
|
}
|
|
|
|
cpaeAuthReAuthPeriodSrcAdmin OBJECT-TYPE
|
|
SYNTAX ReAuthPeriodSource
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the source of the reAuthPeriod constant to
|
|
be used by the Reauthentication Timer state machine."
|
|
::= { cpaeAuthConfigEntry 1 }
|
|
|
|
cpaeAuthReAuthPeriodSrcOper OBJECT-TYPE
|
|
SYNTAX ReAuthPeriodSource
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the source of the reAuthPeriod constant
|
|
currently in use by the Reauthentication Timer state
|
|
machine."
|
|
::= { cpaeAuthConfigEntry 2 }
|
|
|
|
cpaeAuthReAuthPeriodOper OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the operational reauthentication period
|
|
for this port."
|
|
::= { cpaeAuthConfigEntry 3 }
|
|
|
|
cpaeAuthTimeToNextReAuth OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the leftover time of the current session
|
|
for this port."
|
|
::= { cpaeAuthConfigEntry 4 }
|
|
|
|
cpaeAuthReAuthAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
terminate(1),
|
|
reAuth(2),
|
|
noReAuth(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the reauthentication action for this port.
|
|
|
|
terminate: Session will be terminated, with the
|
|
corresponding Authenticator PAE state
|
|
machine transits to 'disconnected'.
|
|
|
|
reAuth : The port will be reauthenticated.
|
|
|
|
noReAuth : The port will not be reauthenticated."
|
|
::= { cpaeAuthConfigEntry 5 }
|
|
|
|
cpaeAuthReAuthMax OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the number of reauthentication
|
|
attempts that are permitted before the port becomes
|
|
unauthorized.
|
|
|
|
The value of this object is used as the reAuthMax
|
|
constant by the Authenticator PAE state machine."
|
|
REFERENCE "IEEE Std 802.1X-2004, 8.2.4.1.2, reAuthMax"
|
|
::= { cpaeAuthConfigEntry 6 }
|
|
|
|
cpaeAuthIabEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies whether the PAE port is declared as
|
|
Inaccessible Authentication Bypass (IAB). IAB ports
|
|
will be granted network access via the administrative
|
|
configured VLAN if it failed to connect to the
|
|
Authentication server. The only way to bring an IAB
|
|
port back to the Backend Authentication state machine
|
|
is through setting dot1xPaePortInitialize in the
|
|
corresponding entry in dot1xPaePortTable to 'true'.
|
|
|
|
802.1x reauthentication will be temporary disabled on
|
|
an authenticated IAB port if the connection to
|
|
the Authentication server is broken, and enable again
|
|
when the connection is resumed."
|
|
::= { cpaeAuthConfigEntry 7 }
|
|
|
|
cpaeAuthPaeState OBJECT-TYPE
|
|
SYNTAX CpaeAuthState
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the current value of the Authenticator PAE
|
|
state machine on the port."
|
|
::= { cpaeAuthConfigEntry 8 }
|
|
|
|
|
|
|
|
cpaeHostInfoTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaeHostInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing 802.1x authentication information
|
|
for hosts connecting to PAE ports in the system."
|
|
::= { cpaeMIBObject 11 }
|
|
|
|
cpaeHostInfoEntry OBJECT-TYPE
|
|
SYNTAX CpaeHostInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry appears in the table for each 802.1x capable
|
|
host connecting to an PAE port, providing its
|
|
authentication information."
|
|
INDEX {
|
|
dot1xPaePortNumber,
|
|
cpaeHostInfoHostIndex
|
|
}
|
|
::= { cpaeHostInfoTable 1 }
|
|
|
|
CpaeHostInfoEntry ::= SEQUENCE {
|
|
cpaeHostInfoHostIndex Unsigned32,
|
|
cpaeHostInfoMacAddress MacAddress,
|
|
cpaeHostInfoPostureToken CnnEouPostureToken,
|
|
cpaeHostInfoUserName SnmpAdminString,
|
|
cpaeHostInfoAddrType InetAddressType,
|
|
cpaeHostInfoAddr InetAddress,
|
|
cpaeHostPostureTokenStr CnnEouPostureTokenString,
|
|
cpaeHostUrlRedirection SnmpAdminString,
|
|
cpaeHostAuthPaeState CpaeAuthState,
|
|
cpaeHostBackendState INTEGER,
|
|
cpaeHostSessionId OCTET STRING
|
|
}
|
|
|
|
cpaeHostInfoHostIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An arbitrary index assigned by the agent to identify
|
|
the host."
|
|
::= { cpaeHostInfoEntry 1 }
|
|
|
|
cpaeHostInfoMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the Mac Address of the host."
|
|
::= { cpaeHostInfoEntry 2 }
|
|
|
|
cpaeHostInfoPostureToken OBJECT-TYPE
|
|
SYNTAX CnnEouPostureToken
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"Indicates the posture token assigned to the host.
|
|
This object has been obsoleted and replaced by
|
|
cpaeHostPostureTokenStr."
|
|
::= { cpaeHostInfoEntry 3 }
|
|
|
|
cpaeHostInfoUserName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the name of the authenticated user on
|
|
the host."
|
|
::= { cpaeHostInfoEntry 4 }
|
|
|
|
cpaeHostInfoAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the type of Internet address of the host."
|
|
::= { cpaeHostInfoEntry 5 }
|
|
|
|
cpaeHostInfoAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the Internet address of the host. The type
|
|
of this address is determined by the value of
|
|
cpaeHostInfoAddrType object."
|
|
::= { cpaeHostInfoEntry 6 }
|
|
|
|
cpaeHostPostureTokenStr OBJECT-TYPE
|
|
SYNTAX CnnEouPostureTokenString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the posture token assigned to the host."
|
|
::= { cpaeHostInfoEntry 7 }
|
|
|
|
cpaeHostUrlRedirection OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the URL-redirection assigned for this host
|
|
by AAA server."
|
|
::= { cpaeHostInfoEntry 8 }
|
|
|
|
cpaeHostAuthPaeState OBJECT-TYPE
|
|
SYNTAX CpaeAuthState
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the current value of the Authenticator PAE
|
|
state machine for the host."
|
|
REFERENCE
|
|
"802.1X-2001 9.4.1, Authenticator PAE state,
|
|
802.1X-2004 9.4.1, Authenticator PAE state"
|
|
::= { cpaeHostInfoEntry 9 }
|
|
|
|
cpaeHostBackendState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
request(1),
|
|
response(2),
|
|
success(3),
|
|
fail(4),
|
|
timeout(5),
|
|
idle(6),
|
|
initialize(7),
|
|
ignore(8)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the current state of the Backend Authentication
|
|
state machine of the host."
|
|
REFERENCE
|
|
"802.1X-2001 9.4.1, Backend Authentication state,
|
|
802.1X-2004 9.4.1, Backend Authentication state."
|
|
::= { cpaeHostInfoEntry 10 }
|
|
|
|
cpaeHostSessionId OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..64))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A unique identifier of the 802.1x session."
|
|
::= { cpaeHostInfoEntry 11 }
|
|
|
|
cpaePortEapolTestLimits OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the maximum number of entries allowed in
|
|
cpaePortEapolTestTable."
|
|
::= { cpaeMIBObject 12 }
|
|
|
|
cpaePortEapolTestTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaePortEapolTestEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table for testing EAPOL (Extensible Authentication
|
|
Protocol Over LAN) capable information of hosts
|
|
connecting to PAE ports in the device."
|
|
::= { cpaeMIBObject 13 }
|
|
|
|
cpaePortEapolTestEntry OBJECT-TYPE
|
|
SYNTAX CpaePortEapolTestEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing EAPOL capable information for
|
|
hosts connecting to a PAE port."
|
|
INDEX { dot1xPaePortNumber }
|
|
::= { cpaePortEapolTestTable 1 }
|
|
|
|
CpaePortEapolTestEntry ::= SEQUENCE {
|
|
cpaePortEapolTestResult INTEGER,
|
|
cpaePortEapolTestStatus RowStatus
|
|
}
|
|
|
|
cpaePortEapolTestResult OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
inProgress(1),
|
|
notCapable(2),
|
|
capable(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the test result of whether there is
|
|
EAPOL supporting host connecting to the port.
|
|
|
|
inProgress: the test is in progress.
|
|
notCapable: there is no EAPOL supporting host
|
|
connecting to the port.
|
|
capable : there is EAPOL supporting host connecting
|
|
to the port."
|
|
::= { cpaePortEapolTestEntry 1 }
|
|
|
|
cpaePortEapolTestStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to manage the creation,
|
|
and deletion of rows in the table.
|
|
|
|
An entry can be created by setting the instance
|
|
value of this object to 'createAndGo', and deleted
|
|
by setting the instance value of this object to
|
|
'destroy'."
|
|
::= { cpaePortEapolTestEntry 2 }
|
|
|
|
|
|
-- 802.1x Critical Authentication
|
|
-- This feature allows network access for critical machines,
|
|
-- when 802.1x is not able to reach the configured RADIUS server(s).
|
|
|
|
cpaeCriticalConfig OBJECT IDENTIFIER
|
|
::= { cpaeMIBObject 14 }
|
|
|
|
|
|
cpaeCriticalEapolEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if the device will send an EAPOL-Success
|
|
message on successful Critical Authentication for a
|
|
supplicant."
|
|
::= { cpaeCriticalConfig 1 }
|
|
|
|
cpaeCriticalRecoveryDelay OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "milli-seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the critical recovery delay time
|
|
for 802.1x in the system. A value of zero indicates
|
|
that Critical Authentication recovery delay for
|
|
802.1x is disabled."
|
|
::= { cpaeCriticalConfig 2 }
|
|
|
|
cpaePortIpDevTrackConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaePortIpDevTrackConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of IP Device Tracking configuration for PAE
|
|
ports in the system."
|
|
::= { cpaeMIBObject 15 }
|
|
|
|
cpaePortIpDevTrackConfigEntry OBJECT-TYPE
|
|
SYNTAX CpaePortIpDevTrackConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry of IP Device Tracking configuration on a
|
|
PAE port."
|
|
INDEX { dot1xPaePortNumber }
|
|
::= { cpaePortIpDevTrackConfigTable 1 }
|
|
|
|
CpaePortIpDevTrackConfigEntry ::= SEQUENCE {
|
|
cpaePortIpDevTrackEnabled TruthValue
|
|
}
|
|
|
|
cpaePortIpDevTrackEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if IP Device Tracking is enabled on this port
|
|
for the corresponding 802.1x authenticated host."
|
|
::= { cpaePortIpDevTrackConfigEntry 1 }
|
|
|
|
|
|
|
|
cpaeGlobalAuthFailMaxAttempts OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..4294967295)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A global configuration to specify the maximum number
|
|
of authentication attempts that should be made before a port
|
|
is moved into its Auth-Fail VLAN."
|
|
::= { cpaeMIBObject 16 }
|
|
|
|
cpaeGlobalSecViolationAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
restrict(1),
|
|
shutdown(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A global configuration to specify the action that will be
|
|
applied to a PAE port upon reception of a security violation
|
|
event.
|
|
|
|
restrict: Packets from MAC address of the device
|
|
causing security violation will be dropped.
|
|
|
|
shutdown: The port that causes security violation
|
|
will be shutdown."
|
|
::= { cpaeMIBObject 17 }
|
|
|
|
cpaeDot1xSuppToGuestVlanAllowed OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies whether ports associated with 802.1x supplicants are
|
|
allowed to move to Guest Vlan when they stop responding to EAPOL
|
|
inquiries."
|
|
::= { cpaeMIBObject 18 }
|
|
-- Supplicant support
|
|
|
|
cpaeSupplicantObjects OBJECT IDENTIFIER
|
|
::= { cpaeMIBObject 19 }
|
|
|
|
cpaeSuppPortTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaeSuppPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of objects providing information and configuration
|
|
for the Supplicant PAE associated with each port. This
|
|
table provides additional objects for the dot1xSuppConfigTable."
|
|
::= { cpaeSupplicantObjects 1 }
|
|
|
|
cpaeSuppPortEntry OBJECT-TYPE
|
|
SYNTAX CpaeSuppPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing supplicant configuration information for a
|
|
particular PAE port."
|
|
INDEX { dot1xPaePortNumber }
|
|
::= { cpaeSuppPortTable 1 }
|
|
|
|
CpaeSuppPortEntry ::= SEQUENCE {
|
|
cpaeSuppPortCredentialProfileName SnmpAdminString,
|
|
cpaeSuppPortEapProfileName SnmpAdminString
|
|
}
|
|
|
|
cpaeSuppPortCredentialProfileName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the credentials profile of the Supplicant PAE.
|
|
A zero length string for this object indicates that the
|
|
Supplicant PAE does not have credential profile."
|
|
::= { cpaeSuppPortEntry 1 }
|
|
|
|
cpaeSuppPortEapProfileName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the EAP profile of the Supplicant PAE. A zero
|
|
length string for this object indicates that the
|
|
Supplicant PAE does not have EAP profile."
|
|
::= { cpaeSuppPortEntry 2 }
|
|
|
|
cpaeSuppHostInfoTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaeSuppHostInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of dot1x supplicants in the system."
|
|
::= { cpaeSupplicantObjects 2 }
|
|
|
|
cpaeSuppHostInfoEntry OBJECT-TYPE
|
|
SYNTAX CpaeSuppHostInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing dot1x supplicant information for a
|
|
supplicant on a particular PAE port in the system."
|
|
INDEX {
|
|
dot1xPaePortNumber,
|
|
cpaeSuppHostInfoSuppIndex
|
|
}
|
|
::= { cpaeSuppHostInfoTable 1 }
|
|
|
|
CpaeSuppHostInfoEntry ::= SEQUENCE {
|
|
cpaeSuppHostInfoSuppIndex Unsigned32,
|
|
cpaeSuppHostAuthMacAddress MacAddress,
|
|
cpaeSuppHostPaeState INTEGER,
|
|
cpaeSuppHostBackendState INTEGER,
|
|
cpaeSuppHostStatus PaeControlledPortStatus
|
|
}
|
|
|
|
cpaeSuppHostInfoSuppIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An arbitrary index assigned by the agent to identify the
|
|
supplicant."
|
|
::= { cpaeSuppHostInfoEntry 1 }
|
|
|
|
cpaeSuppHostAuthMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the MAC address of the authenticator, which
|
|
authenticates the supplicant."
|
|
::= { cpaeSuppHostInfoEntry 2 }
|
|
|
|
cpaeSuppHostPaeState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
disconnected(1),
|
|
logoff(2),
|
|
connecting(3),
|
|
authenticating(4),
|
|
authenticated(5),
|
|
acquired(6),
|
|
held(7),
|
|
restart(8),
|
|
sForceAuth(9),
|
|
sForceUnauth(10)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the current state of the Supplicant PAE State
|
|
machine."
|
|
REFERENCE "802.1X-2004 9.5.1, Supplicant PAE State"
|
|
::= { cpaeSuppHostInfoEntry 3 }
|
|
|
|
cpaeSuppHostBackendState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
initialize(1),
|
|
idle(2),
|
|
request(3),
|
|
response(4),
|
|
receive(5),
|
|
fail(6),
|
|
success(7),
|
|
timeout(8)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the current state of the Supplicant Backend state
|
|
machine."
|
|
REFERENCE "802.1X-2004 9.5.1, Backend Supplicant state"
|
|
::= { cpaeSuppHostInfoEntry 4 }
|
|
|
|
cpaeSuppHostStatus OBJECT-TYPE
|
|
SYNTAX PaeControlledPortStatus
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the status of the supplicant."
|
|
REFERENCE "802.1X-2004 9.5.1, SuppControlledPortStatus"
|
|
::= { cpaeSuppHostInfoEntry 5 }
|
|
|
|
-- Notifications
|
|
|
|
cpaeNoGuestVlanNotif NOTIFICATION-TYPE
|
|
OBJECTS { dot1xAuthPaeState }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A cpaeNoGuestVlanNotif is sent if a non-802.1x
|
|
supplicant is detected on a PAE port for which the
|
|
value of corresponding instance of
|
|
dot1xAuthAuthControlledPortControl is 'auto' and the
|
|
value of corresponding instance of cpaeGuestVlanNumber
|
|
is zero."
|
|
::= { cpaeMIBNotification 1 }
|
|
|
|
cpaeNoAuthFailVlanNotif NOTIFICATION-TYPE
|
|
OBJECTS { dot1xAuthPaeState }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A cpaeNoAuthFailVlanNotif is sent if a 802.1x
|
|
supplicant fails to authenticate on a PAE port for
|
|
which the value of corresponding instance of
|
|
dot1xAuthAuthControlledPortControl is 'auto' and the
|
|
value of corresponding instance of cpaePortAuthFailVlan
|
|
is zero."
|
|
::= { cpaeMIBNotification 2 }
|
|
|
|
cpaeGuestVlanNotif NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
cpaeGuestVlanNumber,
|
|
dot1xAuthPaeState
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A cpaeGuestVlanNotif is sent if value of the instance
|
|
of cpaeGuestVlanNotifEnable is set to 'true', and a PAE
|
|
port is being moved to the VLAN specified by value of
|
|
the corresponding instance of cpaeGuestVlanNumber."
|
|
::= { cpaeMIBNotification 3 }
|
|
|
|
cpaeAuthFailVlanNotif NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
cpaePortAuthFailVlan,
|
|
dot1xAuthPaeState
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A cpaeAuthFailVlanNotif is sent if value of the instance
|
|
of cpaeAuthFailVlanNotifEnable is set to 'true', and a PAE
|
|
port is being moved to the VLAN specified by value of
|
|
the corresponding instance of cpaePortAuthFailVlan."
|
|
::= { cpaeMIBNotification 4 }
|
|
-- Conformance
|
|
|
|
cpaeMIBCompliances OBJECT IDENTIFIER
|
|
::= { cpaeMIBConformance 1 }
|
|
|
|
cpaeMIBGroups OBJECT IDENTIFIER
|
|
::= { cpaeMIBConformance 2 }
|
|
|
|
|
|
cpaeCompliance MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for devices that implement
|
|
the CISCO-PAE-MIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS { cpaeMultipleHostGroup }
|
|
::= { cpaeMIBCompliances 1 }
|
|
|
|
cpaeCompliance2 MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for devices that implement
|
|
the CISCO-PAE-MIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS { cpaePortEntryGroup }
|
|
|
|
GROUP cpaeGuestVlanGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports Guest Vlan feature."
|
|
::= { cpaeMIBCompliances 2 }
|
|
|
|
cpaeCompliance3 MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for devices that implement
|
|
the CISCO-PAE-MIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS { cpaePortEntryGroup }
|
|
|
|
GROUP cpaeGuestVlanGroup2
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports per-interface Guest Vlan feature."
|
|
|
|
GROUP cpaeShutdownTimeoutGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support Shutdown Timeout feature."
|
|
::= { cpaeMIBCompliances 3 }
|
|
|
|
cpaeCompliance4 MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for devices that implement
|
|
the CISCO-PAE-MIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS { cpaePortEntryGroup }
|
|
|
|
GROUP cpaeGuestVlanGroup2
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports per-interface Guest Vlan feature."
|
|
|
|
GROUP cpaeShutdownTimeoutGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support Shutdown Timeout feature."
|
|
|
|
GROUP cpaeRadiusConfigGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support RADIUS configuration for 802.1x feature."
|
|
|
|
GROUP cpaeUserGroupGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support Group Manager for 802.1x feature."
|
|
::= { cpaeMIBCompliances 4 }
|
|
|
|
cpaeCompliance5 MODULE-COMPLIANCE
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"The compliance statement for devices that implement
|
|
the CISCO-PAE-MIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS { cpaePortEntryGroup }
|
|
|
|
GROUP cpaeGuestVlanGroup3
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports per-interface Guest Vlan feature."
|
|
|
|
GROUP cpaeShutdownTimeoutGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support Shutdown Timeout feature."
|
|
|
|
GROUP cpaeRadiusConfigGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support RADIUS configuration for 802.1x feature."
|
|
|
|
GROUP cpaeUserGroupGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support Group Manager for 802.1x feature."
|
|
|
|
GROUP cpaePortOperVlanGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaePortAuthFailVlanGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support Auth-Fail Vlan configuration for
|
|
802.1x feature."
|
|
|
|
GROUP cpaeNoGuestVlanNotifEnableGrp
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports per-interface Guest Vlan feature."
|
|
|
|
GROUP cpaeNoAuthFailVlanNotifEnableGrp
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports Auth-Fail Vlan configuration for
|
|
802.1x feature."
|
|
|
|
GROUP cpaeNoGuestVlanNotifGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeNoAuthFailVlanNotifGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeMacAuthBypassGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support MAC Authentication Bypass feature."
|
|
|
|
GROUP cpaeWebAuthGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support Web Proxy Authentication feature."
|
|
|
|
GROUP cpaeAuthConfigGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support remote reauthentication timer."
|
|
|
|
GROUP cpaeHostInfoGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
::= { cpaeMIBCompliances 5 }
|
|
|
|
cpaeCompliance6 MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for devices that implement
|
|
the CISCO-PAE-MIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS { cpaePortEntryGroup }
|
|
|
|
GROUP cpaeGuestVlanGroup3
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports per-interface Guest Vlan feature."
|
|
|
|
GROUP cpaeShutdownTimeoutGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support Shutdown Timeout feature."
|
|
|
|
GROUP cpaeRadiusConfigGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support RADIUS configuration for 802.1x feature."
|
|
|
|
GROUP cpaeUserGroupGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support Group Manager for 802.1x feature."
|
|
|
|
GROUP cpaePortOperVlanGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaePortAuthFailVlanGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support Auth-Fail Vlan configuration for
|
|
802.1x feature."
|
|
|
|
GROUP cpaeNoGuestVlanNotifEnableGrp
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports per-interface Guest Vlan feature."
|
|
|
|
GROUP cpaeNoAuthFailVlanNotifEnableGrp
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports Auth-Fail Vlan configuration for
|
|
802.1x feature."
|
|
|
|
GROUP cpaeNoGuestVlanNotifGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeNoAuthFailVlanNotifGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeMacAuthBypassGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support MAC Authentication Bypass feature."
|
|
|
|
GROUP cpaeMacAuthBypassGroup2
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides additional information of
|
|
MAC Authentication Bypass feature."
|
|
|
|
GROUP cpaeWebAuthGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support Web Proxy Authentication feature."
|
|
|
|
GROUP cpaeWebAuthAaaFailGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support Inaccessible Authentication Bypass
|
|
for Web Proxy Authentication feature."
|
|
|
|
GROUP cpaeHostInfoGroup2
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaePortEapolTestGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaePortAuthFailVlanGroup2
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides configuration for maximum authentication
|
|
attempts for Auth-Fail Vlan feature."
|
|
|
|
GROUP cpaeAuthConfigGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support remote reauthentication timer,
|
|
re-authentication action, maximum re-authentication
|
|
attempts and critical configuration for PAE ports."
|
|
|
|
GROUP cpaeAuthConfigGroup2
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides additional states in the PAE state
|
|
machines."
|
|
|
|
GROUP cpaeCriticalRecoveryDelayGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides recovery delay configuration for 802.1x
|
|
Critical Authentication."
|
|
|
|
GROUP cpaeMacAuthBypassCriticalGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support critical recovery delay configuration for
|
|
MAC Authentication Bypass."
|
|
|
|
GROUP cpaeWebAuthCriticalGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support critical recovery delay configuration for
|
|
Web Proxy Authentication."
|
|
|
|
OBJECT cpaePortEapolTestStatus
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
DESCRIPTION
|
|
"Only 'active', 'createAndGo' and 'destroy' are
|
|
needed to be supported."
|
|
::= { cpaeMIBCompliances 6 }
|
|
|
|
cpaeCompliance7 MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for devices that implement
|
|
the CISCO-PAE-MIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS { cpaePortEntryGroup }
|
|
|
|
GROUP cpaeGuestVlanGroup3
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports per-interface Guest Vlan feature."
|
|
|
|
GROUP cpaeShutdownTimeoutGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support Shutdown Timeout feature."
|
|
|
|
GROUP cpaeRadiusConfigGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support RADIUS configuration for 802.1x feature."
|
|
|
|
GROUP cpaeUserGroupGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support Group Manager for 802.1x feature."
|
|
|
|
GROUP cpaePortOperVlanGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaePortAuthFailVlanGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support Auth-Fail Vlan configuration for
|
|
802.1x feature."
|
|
|
|
GROUP cpaeNoGuestVlanNotifEnableGrp
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports per-interface Guest Vlan feature."
|
|
|
|
GROUP cpaeNoAuthFailVlanNotifEnableGrp
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports Auth-Fail Vlan configuration for
|
|
802.1x feature."
|
|
|
|
GROUP cpaeNoGuestVlanNotifGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeNoAuthFailVlanNotifGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeMacAuthBypassGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support MAC Authentication Bypass feature."
|
|
|
|
GROUP cpaeMacAuthBypassGroup2
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides additional information of
|
|
MAC Authentication Bypass feature."
|
|
|
|
GROUP cpaeMacAuthBypassGroup3
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides configuration for authentication
|
|
method for MAC Authentication Bypass feature."
|
|
|
|
GROUP cpaeWebAuthGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support Web Proxy Authentication feature."
|
|
|
|
GROUP cpaeWebAuthAaaFailGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support Inaccessible Authentication Bypass
|
|
for Web Proxy Authentication feature."
|
|
|
|
GROUP cpaeHostInfoGroup2
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeHostInfoGroup3
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaePortEapolTestGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaePortAuthFailVlanGroup2
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides configuration for maximum authentication
|
|
attempts for Auth-Fail Vlan feature."
|
|
|
|
GROUP cpaeAuthConfigGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support remote reauthentication timer,
|
|
re-authentication action, maximum re-authentication
|
|
attempts and critical configuration for PAE ports."
|
|
|
|
GROUP cpaeAuthConfigGroup2
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides additional states in the PAE state
|
|
machines."
|
|
|
|
GROUP cpaeCriticalRecoveryDelayGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides recovery delay configuration for 802.1x
|
|
Critical Authentication."
|
|
|
|
GROUP cpaeMacAuthBypassCriticalGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support critical recovery delay configuration for
|
|
MAC Authentication Bypass."
|
|
|
|
GROUP cpaeWebAuthCriticalGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support critical recovery delay configuration for
|
|
Web Proxy Authentication."
|
|
|
|
GROUP cpaeHostPostureTokenGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides information about Posture Token of
|
|
host(s) connecting to a PAE port."
|
|
|
|
OBJECT cpaePortEapolTestStatus
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
DESCRIPTION
|
|
"Only 'active', 'createAndGo' and 'destroy' are
|
|
needed to be supported."
|
|
::= { cpaeMIBCompliances 7 }
|
|
|
|
cpaeCompliance8 MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for devices that implement
|
|
the CISCO-PAE-MIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS { cpaePortEntryGroup }
|
|
|
|
GROUP cpaeGuestVlanGroup3
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports per-interface Guest Vlan feature."
|
|
|
|
GROUP cpaeShutdownTimeoutGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeRadiusConfigGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeUserGroupGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaePortOperVlanGroup
|
|
DESCRIPTION
|
|
"This group is mandatory for the devices which assign
|
|
interfaces to specific VLANs based on 802.1x authentication."
|
|
|
|
GROUP cpaePortAuthFailVlanGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeNoGuestVlanNotifEnableGrp
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports per-interface Guest Vlan feature."
|
|
|
|
GROUP cpaeNoAuthFailVlanNotifEnableGrp
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports Auth-Fail Vlan configuration for
|
|
802.1x feature."
|
|
|
|
GROUP cpaeNoGuestVlanNotifGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports per-interface Guest Vlan feature."
|
|
|
|
GROUP cpaeNoAuthFailVlanNotifGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports Auth-Fail Vlan configuration for
|
|
802.1x feature."
|
|
|
|
GROUP cpaeMacAuthBypassGroup2
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeMacAuthBypassGroup3
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeWebAuthGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeWebAuthAaaFailGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeHostInfoGroup2
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeHostInfoGroup3
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaePortEapolTestGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaePortAuthFailVlanGroup2
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides configuration for maximum authentication
|
|
attempts for Auth-Fail Vlan feature."
|
|
|
|
GROUP cpaeAuthConfigGroup2
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeCriticalRecoveryDelayGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeMacAuthBypassCriticalGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeWebAuthCriticalGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeHostPostureTokenGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeMabAuditInfoGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeMabPortIpDevTrackConfGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaePortIpDevTrackConfGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeHostUrlRedirectGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeWebAuthIpDevTrackingGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeWebAuthUnAuthTimeoutGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeGlobalAuthFailVlanGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeGlobalSecViolationGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeCriticalEapolConfigGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides EAPOL configuration for 802.1x
|
|
Critical Authentication."
|
|
|
|
GROUP cpaeMacAuthBypassPortEnableGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeMacAuthBypassGroup4
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeAuthIabConfigGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeAuthConfigGroup3
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides configuration and information related
|
|
to re-authentication of 802.1x ports in the system."
|
|
|
|
GROUP cpaeAuthConfigGroup4
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
OBJECT cpaePortEapolTestStatus
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
DESCRIPTION
|
|
"Only 'active', 'createAndGo' and 'destroy' are
|
|
needed to be supported."
|
|
::= { cpaeMIBCompliances 8 }
|
|
|
|
cpaeCompliance9 MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for devices that implement
|
|
the CISCO-PAE-MIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS { cpaePortEntryGroup }
|
|
|
|
GROUP cpaeGuestVlanGroup3
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports per-interface Guest Vlan feature."
|
|
|
|
GROUP cpaeShutdownTimeoutGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeRadiusConfigGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeUserGroupGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaePortOperVlanGroup
|
|
DESCRIPTION
|
|
"This group is mandatory for the devices which assign
|
|
interfaces to specific VLANs based on 802.1x authentication."
|
|
|
|
GROUP cpaePortAuthFailVlanGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeNoGuestVlanNotifEnableGrp
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports per-interface Guest Vlan feature."
|
|
|
|
GROUP cpaeNoAuthFailVlanNotifEnableGrp
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports Auth-Fail Vlan configuration for
|
|
802.1x feature."
|
|
|
|
GROUP cpaeNoGuestVlanNotifGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports per-interface Guest Vlan feature."
|
|
|
|
GROUP cpaeNoAuthFailVlanNotifGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports Auth-Fail Vlan configuration for
|
|
802.1x feature."
|
|
|
|
GROUP cpaeMacAuthBypassGroup2
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeMacAuthBypassGroup3
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeWebAuthGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeWebAuthAaaFailGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeHostInfoGroup2
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeHostInfoGroup3
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaePortEapolTestGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaePortAuthFailVlanGroup2
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides configuration for maximum authentication
|
|
attempts for Auth-Fail Vlan feature."
|
|
|
|
GROUP cpaeAuthConfigGroup2
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeCriticalRecoveryDelayGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeMacAuthBypassCriticalGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeWebAuthCriticalGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeHostPostureTokenGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeMabAuditInfoGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeMabPortIpDevTrackConfGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaePortIpDevTrackConfGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeHostUrlRedirectGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeWebAuthIpDevTrackingGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeWebAuthUnAuthTimeoutGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeGlobalAuthFailVlanGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeGlobalSecViolationGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeCriticalEapolConfigGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides EAPOL configuration for 802.1x
|
|
Critical Authentication."
|
|
|
|
GROUP cpaeMacAuthBypassPortEnableGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeMacAuthBypassGroup4
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeAuthIabConfigGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeAuthConfigGroup3
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides configuration and information related
|
|
to re-authentication of 802.1x ports in the system."
|
|
|
|
GROUP cpaeAuthConfigGroup4
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeHostSessionIdGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeHostAuthInfoGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaePortCapabilitiesConfigGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeDot1xSuppToGuestVlanGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeGuestVlanNotifEnableGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeGuestVlanNotifGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeAuthFailVlanNotifEnableGrp
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaeAuthFailVlanNotifGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
GROUP cpaePortAuthFailVlanConfigGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
supports Auth-Fail Vlan configuration for 802.1x feature."
|
|
|
|
GROUP cpaePortAuthFailUserInfoGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is optional."
|
|
|
|
OBJECT cpaePortEapolTestStatus
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
DESCRIPTION
|
|
"Only 'active', 'createAndGo' and 'destroy' are
|
|
needed to be supported."
|
|
::= { cpaeMIBCompliances 9 }
|
|
|
|
cpaeCompliance10 MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for devices that implement
|
|
the CISCO-PAE-MIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS { cpaePortEntryGroup }
|
|
|
|
GROUP cpaeGuestVlanGroup3
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports per-interface Guest Vlan feature."
|
|
|
|
GROUP cpaeShutdownTimeoutGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support Shutdown Timeout for 802.1x."
|
|
|
|
GROUP cpaeRadiusConfigGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support RADIUS accounting configuration for 802.1x."
|
|
|
|
GROUP cpaeUserGroupGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which support Group Manager for 802.1x."
|
|
|
|
GROUP cpaePortOperVlanGroup
|
|
DESCRIPTION
|
|
"This group is mandatory for the devices which assign
|
|
interfaces to specific VLANs based on 802.1x authentication."
|
|
|
|
GROUP cpaeNoGuestVlanNotifEnableGrp
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports per-interface Guest Vlan feature."
|
|
|
|
GROUP cpaeNoAuthFailVlanNotifEnableGrp
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports Auth-Fail Vlan configuration for
|
|
802.1x feature."
|
|
|
|
GROUP cpaeNoGuestVlanNotifGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports per-interface Guest Vlan feature."
|
|
|
|
GROUP cpaeNoAuthFailVlanNotifGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which supports Auth-Fail Vlan configuration for
|
|
802.1x feature."
|
|
|
|
GROUP cpaeMacAuthBypassGroup2
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides information about termination action and
|
|
session time left for Mac Authentication Bypass via
|
|
802.1x feature."
|
|
|
|
GROUP cpaeMacAuthBypassGroup3
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides configuration of authentication method
|
|
for Mac Authentication Bypass via 802.1x feature."
|
|
|
|
GROUP cpaeWebAuthGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides configuration for Web Proxy Authentication
|
|
via 802.1x feature."
|
|
|
|
GROUP cpaeWebAuthAaaFailGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides configuration of Inaccessible Authentication
|
|
Bypass for Web Proxy Authentication via 802.1x feature."
|
|
|
|
GROUP cpaeHostInfoGroup2
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides MAC address information of hosts connecting
|
|
to PAE ports in the system."
|
|
|
|
GROUP cpaeHostInfoGroup3
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides user and IP address information for 802.1x
|
|
authenticated host in the system."
|
|
|
|
GROUP cpaePortEapolTestGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides EAPOL capable information of hosts connecting
|
|
to PAE ports in the system."
|
|
|
|
GROUP cpaePortAuthFailVlanGroup2
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides configuration for maximum authentication
|
|
attempts for Auth-Fail Vlan feature."
|
|
|
|
GROUP cpaeAuthConfigGroup2
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides additional states in the PAE state machine."
|
|
|
|
GROUP cpaeCriticalRecoveryDelayGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides recovery delay configuration for 802.1x
|
|
Critical Authentication in the system."
|
|
|
|
GROUP cpaeMacAuthBypassCriticalGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides control over critical configuration for Mac
|
|
Authentication Bypass via 802.1x feature."
|
|
|
|
GROUP cpaeWebAuthCriticalGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides control over critical configuration for Web
|
|
Proxy Authentication via 802.1x feature."
|
|
|
|
GROUP cpaeHostPostureTokenGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides information about Posture Token of hosts
|
|
connecting to PAE ports."
|
|
|
|
GROUP cpaeMabAuditInfoGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides information about MAC Auth-Bypass Audit
|
|
sessions via 802.1x feature."
|
|
|
|
GROUP cpaeMabPortIpDevTrackConfGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides configuration and information about MAC
|
|
Auth-Bypass IP Device Tracking via 802.1x feature."
|
|
|
|
GROUP cpaePortIpDevTrackConfGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides configuration and information about
|
|
802.1x IP Device Tracking feature."
|
|
|
|
GROUP cpaeHostUrlRedirectGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides information about URL-redirection of 802.1x
|
|
authenticated hosts."
|
|
|
|
GROUP cpaeWebAuthIpDevTrackingGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides configuration and information about Web
|
|
Proxy Authentication IP Device Tracking via 802.1x feature."
|
|
|
|
GROUP cpaeWebAuthUnAuthTimeoutGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides configuration and information about Init State
|
|
Timeout of Web Proxy Authentication via 802.1x feature."
|
|
|
|
GROUP cpaeGlobalAuthFailVlanGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides global configuration and information about
|
|
maximum authentication attempts for Auth-Fail Vlan feature
|
|
in the system."
|
|
|
|
GROUP cpaeGlobalSecViolationGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides global configuration and information about
|
|
security violation action on PAE ports in the system."
|
|
|
|
GROUP cpaeCriticalEapolConfigGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides EAPOL configuration for 802.1x
|
|
Critical Authentication."
|
|
|
|
GROUP cpaeMacAuthBypassPortEnableGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides configuration to enable or disable MAC
|
|
Auth-Bypass on capable ports via 802.1x feature."
|
|
|
|
GROUP cpaeMacAuthBypassGroup4
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides configuration and information of MAC
|
|
Auth-Bypass parameters via 802.1x feature."
|
|
|
|
GROUP cpaeAuthIabConfigGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides configuration to enable or disable IAB
|
|
feature on capable ports in the system."
|
|
|
|
GROUP cpaeAuthConfigGroup3
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides configuration and information related
|
|
to re-authentication of 802.1x ports in the system."
|
|
|
|
GROUP cpaeAuthConfigGroup4
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides configuration of maximum reauthentication
|
|
attempts of 802.1x ports in the system."
|
|
|
|
GROUP cpaeHostSessionIdGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides session identification information for 802.1x
|
|
hosts in the system."
|
|
|
|
GROUP cpaeHostAuthInfoGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides information about state machines and
|
|
authentication information for 802.1x authenticated hosts in
|
|
the system."
|
|
|
|
GROUP cpaePortCapabilitiesConfigGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides configuration and information about PAE
|
|
functionalities of ports in the systems."
|
|
|
|
GROUP cpaeDot1xSuppToGuestVlanGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides configuration that allows moving ports with
|
|
802.1x supplicants to Guest Vlan."
|
|
|
|
GROUP cpaeGuestVlanNotifEnableGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides control over Guest Vlan related notification(s)."
|
|
|
|
GROUP cpaeGuestVlanNotifGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides Guest-Vlan notification."
|
|
|
|
GROUP cpaeAuthFailVlanNotifEnableGrp
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides control over Auth-Fail Vlan related
|
|
notification(s)."
|
|
|
|
GROUP cpaeAuthFailVlanNotifGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides Auth-Fail Vlan notification."
|
|
|
|
GROUP cpaePortAuthFailVlanConfigGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
supports Auth-Fail Vlan configuration for 802.1x feature."
|
|
|
|
GROUP cpaePortAuthFailUserInfoGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software
|
|
which provides the Auth-Fail user information in the system."
|
|
|
|
GROUP cpaeSuppPortProfileGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
supports PAE supplicant credential and EAP profiles feature."
|
|
|
|
GROUP cpaeSuppHostInfoGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
supports per-host supplicant feature."
|
|
|
|
OBJECT cpaePortMode
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeGuestVlanNumber
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeShutdownTimeoutEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaePortAuthFailVlan
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeAuthFailVlanMaxAttempts
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaePortCapabilitiesEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeShutdownTimeout
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeRadiusAccountingEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeNoGuestVlanNotifEnable
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeNoAuthFailVlanNotifEnable
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeGuestVlanNotifEnable
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeAuthFailVlanNotifEnable
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeMacAuthBypassReAuthTimeout
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeMacAuthBypassReAuthEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeMacAuthBypassViolation
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeMacAuthBypassShutdownTimeout
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeMacAuthBypassAuthFailTimeout
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeMacAuthBypassPortEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeMacAuthBypassPortInitialize
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeMacAuthBypassPortReAuth
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeMacAuthBypassPortAuthMethod
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeMacAuthBypassAcctEnable
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeMabCriticalRecoveryDelay
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeMabPortIpDevTrackEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeWebAuthEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeWebAuthSessionPeriod
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeWebAuthLoginPage
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeWebAuthLoginFailedPage
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeWebAuthQuietPeriod
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeWebAuthMaxRetries
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeWebAuthPortEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeWebAuthPortInitialize
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeWebAuthPortAaaFailPolicy
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeWebAuthPortIpDevTrackEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeWebAuthHostInitialize
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeWebAuthCriticalRecoveryDelay
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeWebAuthUnAuthStateTimeout
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeAuthReAuthPeriodSrcAdmin
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeAuthReAuthMax
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeAuthIabEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeCriticalEapolEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeCriticalRecoveryDelay
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaePortIpDevTrackEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeGlobalAuthFailMaxAttempts
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeGlobalSecViolationAction
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeDot1xSuppToGuestVlanAllowed
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeSuppPortCredentialProfileName
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaeSuppPortEapProfileName
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cpaePortEapolTestStatus
|
|
SYNTAX INTEGER {
|
|
active(1)
|
|
}
|
|
WRITE-SYNTAX INTEGER {
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required.
|
|
|
|
Support for createAndWait and notInService is not required."
|
|
::= { cpaeMIBCompliances 10 }
|
|
|
|
-- Units of Conformance
|
|
|
|
cpaeMultipleHostGroup OBJECT-GROUP
|
|
OBJECTS { cpaeMultipleHost }
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"A collection of objects that provide the multiple
|
|
host configuration information for a PAE port.
|
|
These are additional to the IEEE Std 802.1x PAE MIB."
|
|
::= { cpaeMIBGroups 1 }
|
|
|
|
cpaePortEntryGroup OBJECT-GROUP
|
|
OBJECTS { cpaePortMode }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides the port-mode
|
|
configuration for a PAE port."
|
|
::= { cpaeMIBGroups 2 }
|
|
|
|
cpaeGuestVlanGroup OBJECT-GROUP
|
|
OBJECTS { cpaeGuestVlanId }
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"A collection of objects that provides the Guest Vlan
|
|
configuration information for the system."
|
|
::= { cpaeMIBGroups 3 }
|
|
|
|
cpaeGuestVlanGroup2 OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeGuestVlanNumber,
|
|
cpaeInGuestVlan
|
|
}
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"A collection of objects that provides the per-interface
|
|
Guest Vlan configuration information for the system."
|
|
::= { cpaeMIBGroups 4 }
|
|
|
|
cpaeShutdownTimeoutGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeShutdownTimeout,
|
|
cpaeShutdownTimeoutEnabled
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides the dot1x
|
|
shutdown timeout configuration information for
|
|
the system."
|
|
::= { cpaeMIBGroups 5 }
|
|
|
|
cpaeRadiusConfigGroup OBJECT-GROUP
|
|
OBJECTS { cpaeRadiusAccountingEnabled }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides the RADIUS
|
|
configuration information for the system."
|
|
::= { cpaeMIBGroups 6 }
|
|
|
|
cpaeUserGroupGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeUserGroupUserName,
|
|
cpaeUserGroupUserAddrType,
|
|
cpaeUserGroupUserAddr,
|
|
cpaeUserGroupUserInterface,
|
|
cpaeUserGroupUserVlan
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides the group manager
|
|
information of authenticated users in the system."
|
|
::= { cpaeMIBGroups 7 }
|
|
|
|
cpaeGuestVlanGroup3 OBJECT-GROUP
|
|
OBJECTS { cpaeGuestVlanNumber }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides the per-interface
|
|
Guest Vlan configuration information for the system."
|
|
::= { cpaeMIBGroups 8 }
|
|
|
|
cpaePortOperVlanGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaePortOperVlan,
|
|
cpaePortOperVlanType
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides the
|
|
information about Operational Vlan for each PAE port."
|
|
::= { cpaeMIBGroups 9 }
|
|
|
|
cpaePortAuthFailVlanGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaePortAuthFailVlan,
|
|
cpaeAuthFailUserName
|
|
}
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides the
|
|
Auth-Fail (Authentication Fail) Vlan configuration
|
|
and Auth-Fail user information for the system."
|
|
::= { cpaeMIBGroups 10 }
|
|
|
|
cpaeNoGuestVlanNotifEnableGrp OBJECT-GROUP
|
|
OBJECTS { cpaeNoGuestVlanNotifEnable }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides control over
|
|
Guest Vlan related notification(s)."
|
|
::= { cpaeMIBGroups 11 }
|
|
|
|
cpaeNoAuthFailVlanNotifEnableGrp OBJECT-GROUP
|
|
OBJECTS { cpaeNoAuthFailVlanNotifEnable }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides control over
|
|
Auth-Fail related notification(s)."
|
|
::= { cpaeMIBGroups 12 }
|
|
|
|
cpaeNoGuestVlanNotifGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS { cpaeNoGuestVlanNotif }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of notification(s) providing the
|
|
information for unconfigured Guest Vlan."
|
|
::= { cpaeMIBGroups 13 }
|
|
|
|
cpaeNoAuthFailVlanNotifGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS { cpaeNoAuthFailVlanNotif }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of notifications providing the
|
|
information for unconfigured Auth-Fail Vlan."
|
|
::= { cpaeMIBGroups 14 }
|
|
|
|
cpaeMacAuthBypassGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeMacAuthBypassReAuthTimeout,
|
|
cpaeMacAuthBypassReAuthEnabled,
|
|
cpaeMacAuthBypassViolation,
|
|
cpaeMacAuthBypassShutdownTimeout,
|
|
cpaeMacAuthBypassAuthFailTimeout,
|
|
cpaeMacAuthBypassPortEnabled,
|
|
cpaeMacAuthBypassPortInitialize,
|
|
cpaeMacAuthBypassPortReAuth,
|
|
cpaeMacAuthBypassPortMacAddress,
|
|
cpaeMacAuthBypassPortAuthState,
|
|
cpaeMacAuthBypassAcctEnable
|
|
}
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides the
|
|
MAC Auth-Bypass configuration and information
|
|
for the system."
|
|
::= { cpaeMIBGroups 15 }
|
|
|
|
cpaeWebAuthGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeWebAuthEnabled,
|
|
cpaeWebAuthSessionPeriod,
|
|
cpaeWebAuthLoginPage,
|
|
cpaeWebAuthLoginFailedPage,
|
|
cpaeWebAuthQuietPeriod,
|
|
cpaeWebAuthMaxRetries,
|
|
cpaeWebAuthPortEnabled,
|
|
cpaeWebAuthPortInitialize,
|
|
cpaeWebAuthAaaSessionPeriod,
|
|
cpaeWebAuthHostSessionTimeLeft,
|
|
cpaeWebAuthHostState,
|
|
cpaeWebAuthHostInitialize
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides the
|
|
Web Proxy Authentication configuration and
|
|
information for the system."
|
|
::= { cpaeMIBGroups 16 }
|
|
|
|
cpaeAuthConfigGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeAuthReAuthPeriodSrcAdmin,
|
|
cpaeAuthReAuthPeriodSrcOper,
|
|
cpaeAuthReAuthPeriodOper,
|
|
cpaeAuthTimeToNextReAuth,
|
|
cpaeAuthReAuthAction,
|
|
cpaeAuthReAuthMax,
|
|
cpaeAuthIabEnabled
|
|
}
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides additional
|
|
configuration information about an Authenticator PAE."
|
|
::= { cpaeMIBGroups 17 }
|
|
|
|
cpaeHostInfoGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeHostInfoMacAddress,
|
|
cpaeHostInfoPostureToken
|
|
}
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides information
|
|
about an host connecting to a PAE port."
|
|
::= { cpaeMIBGroups 18 }
|
|
|
|
cpaeWebAuthAaaFailGroup OBJECT-GROUP
|
|
OBJECTS { cpaeWebAuthPortAaaFailPolicy }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides Inaccessible
|
|
Authentication Bypass configuration and information
|
|
for Web Proxy Authentication in the system."
|
|
::= { cpaeMIBGroups 19 }
|
|
|
|
cpaeMacAuthBypassGroup2 OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeMacAuthBypassPortTermAction,
|
|
cpaeMacAuthBypassSessionTimeLeft
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides additional
|
|
information of MAC Auth-bypass feature in the system."
|
|
::= { cpaeMIBGroups 20 }
|
|
|
|
cpaePortEapolTestGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaePortEapolTestLimits,
|
|
cpaePortEapolTestResult,
|
|
cpaePortEapolTestStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides information
|
|
about if connecting hosts are EAPOL capable."
|
|
::= { cpaeMIBGroups 21 }
|
|
|
|
cpaeHostInfoGroup2 OBJECT-GROUP
|
|
OBJECTS { cpaeHostInfoMacAddress }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides information
|
|
about an host connecting to a PAE port."
|
|
::= { cpaeMIBGroups 22 }
|
|
|
|
cpaeMacAuthBypassGroup3 OBJECT-GROUP
|
|
OBJECTS { cpaeMacAuthBypassPortAuthMethod }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides configuration
|
|
for authentication method for MAC Auth-bypass feature
|
|
in the system."
|
|
::= { cpaeMIBGroups 23 }
|
|
|
|
cpaePortAuthFailVlanGroup2 OBJECT-GROUP
|
|
OBJECTS { cpaeAuthFailVlanMaxAttempts }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides configuration
|
|
for maximum authentication attempts for Auth-Fail Vlan
|
|
feature in the system."
|
|
::= { cpaeMIBGroups 24 }
|
|
|
|
cpaeAuthConfigGroup2 OBJECT-GROUP
|
|
OBJECTS { cpaeAuthPaeState }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides additional
|
|
states in the PAE state machine."
|
|
::= { cpaeMIBGroups 25 }
|
|
|
|
cpaeCriticalRecoveryDelayGroup OBJECT-GROUP
|
|
OBJECTS { cpaeCriticalRecoveryDelay }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides recovery delay
|
|
configuration for 802.1x Critical Authentication
|
|
in the system."
|
|
::= { cpaeMIBGroups 26 }
|
|
|
|
cpaeAuthConfigGroup3 OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeAuthReAuthPeriodSrcAdmin,
|
|
cpaeAuthReAuthPeriodSrcOper,
|
|
cpaeAuthReAuthPeriodOper,
|
|
cpaeAuthTimeToNextReAuth,
|
|
cpaeAuthReAuthAction
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides configuration
|
|
and information related to re-authentication of 802.1x
|
|
ports in the system."
|
|
::= { cpaeMIBGroups 27 }
|
|
|
|
cpaeAuthConfigGroup4 OBJECT-GROUP
|
|
OBJECTS { cpaeAuthReAuthMax }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides configuration
|
|
of maximum reauthentication attempts of 802.1x
|
|
ports in the system."
|
|
::= { cpaeMIBGroups 28 }
|
|
|
|
cpaeAuthIabConfigGroup OBJECT-GROUP
|
|
OBJECTS { cpaeAuthIabEnabled }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) to enable/disable IAB feature
|
|
on capable interface for the system."
|
|
::= { cpaeMIBGroups 29 }
|
|
|
|
cpaeGlobalAuthFailVlanGroup OBJECT-GROUP
|
|
OBJECTS { cpaeGlobalAuthFailMaxAttempts }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides global configuration
|
|
and information about maximum authentication attempts for
|
|
Auth-Fail Vlan feature in the system."
|
|
::= { cpaeMIBGroups 30 }
|
|
|
|
cpaeMacAuthBypassCriticalGroup OBJECT-GROUP
|
|
OBJECTS { cpaeMabCriticalRecoveryDelay }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides control over
|
|
critical configuration for Mac Authentication Bypass."
|
|
::= { cpaeMIBGroups 31 }
|
|
|
|
cpaeWebAuthCriticalGroup OBJECT-GROUP
|
|
OBJECTS { cpaeWebAuthCriticalRecoveryDelay }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides control over
|
|
critical configuration for Web Proxy Authentication."
|
|
::= { cpaeMIBGroups 32 }
|
|
|
|
cpaeCriticalEapolConfigGroup OBJECT-GROUP
|
|
OBJECTS { cpaeCriticalEapolEnabled }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides EAPOL
|
|
configuration for 802.1x Critical Authentication
|
|
in the system."
|
|
::= { cpaeMIBGroups 33 }
|
|
|
|
cpaeHostPostureTokenGroup OBJECT-GROUP
|
|
OBJECTS { cpaeHostPostureTokenStr }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides information
|
|
about Posture Token of an host connecting to a PAE port."
|
|
::= { cpaeMIBGroups 34 }
|
|
|
|
cpaeMabAuditInfoGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeMacAuthBypassPortSessionId,
|
|
cpaeMacAuthBypassPortUrlRedirect,
|
|
cpaeMacAuthBypassPortPostureTok
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides information about
|
|
MAC Auth-Bypass Audit sessions."
|
|
::= { cpaeMIBGroups 35 }
|
|
|
|
cpaeMabPortIpDevTrackConfGroup OBJECT-GROUP
|
|
OBJECTS { cpaeMabPortIpDevTrackEnabled }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides configuration and
|
|
information about MAC Auth-Bypass IP Device Tracking
|
|
feature."
|
|
::= { cpaeMIBGroups 36 }
|
|
|
|
cpaePortIpDevTrackConfGroup OBJECT-GROUP
|
|
OBJECTS { cpaePortIpDevTrackEnabled }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides configuration and
|
|
information about 802.1x IP Device Tracking feature."
|
|
::= { cpaeMIBGroups 37 }
|
|
|
|
cpaeHostUrlRedirectGroup OBJECT-GROUP
|
|
OBJECTS { cpaeHostUrlRedirection }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides information about
|
|
URL-redirection of 802.1x authenticated hosts."
|
|
::= { cpaeMIBGroups 38 }
|
|
|
|
cpaeWebAuthIpDevTrackingGroup OBJECT-GROUP
|
|
OBJECTS { cpaeWebAuthPortIpDevTrackEnabled }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides configuration and
|
|
information about Web Proxy Authentication IP Device
|
|
Tracking feature."
|
|
::= { cpaeMIBGroups 39 }
|
|
|
|
cpaeWebAuthUnAuthTimeoutGroup OBJECT-GROUP
|
|
OBJECTS { cpaeWebAuthUnAuthStateTimeout }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides configuration and
|
|
information about Init State Timeout of Web Proxy
|
|
Authentication."
|
|
::= { cpaeMIBGroups 40 }
|
|
|
|
cpaeHostInfoGroup3 OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeHostInfoUserName,
|
|
cpaeHostInfoAddrType,
|
|
cpaeHostInfoAddr
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides user and the
|
|
address information for 802.1x authenticated host."
|
|
::= { cpaeMIBGroups 41 }
|
|
|
|
cpaeGlobalSecViolationGroup OBJECT-GROUP
|
|
OBJECTS { cpaeGlobalSecViolationAction }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides global configuration
|
|
and information about security violation action on PAE ports
|
|
in the system."
|
|
::= { cpaeMIBGroups 42 }
|
|
|
|
cpaeMacAuthBypassPortEnableGroup OBJECT-GROUP
|
|
OBJECTS { cpaeMacAuthBypassPortEnabled }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) to enable/disable Mac Auth-Bypass
|
|
on capable interfaces for the system."
|
|
::= { cpaeMIBGroups 43 }
|
|
|
|
cpaeMacAuthBypassGroup4 OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeMacAuthBypassReAuthEnabled,
|
|
cpaeMacAuthBypassReAuthTimeout,
|
|
cpaeMacAuthBypassViolation,
|
|
cpaeMacAuthBypassShutdownTimeout,
|
|
cpaeMacAuthBypassAuthFailTimeout,
|
|
cpaeMacAuthBypassPortInitialize,
|
|
cpaeMacAuthBypassPortReAuth,
|
|
cpaeMacAuthBypassPortMacAddress,
|
|
cpaeMacAuthBypassPortAuthState,
|
|
cpaeMacAuthBypassAcctEnable
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides the
|
|
MAC Auth-Bypass configuration and information
|
|
for the system."
|
|
::= { cpaeMIBGroups 44 }
|
|
|
|
cpaeHostSessionIdGroup OBJECT-GROUP
|
|
OBJECTS { cpaeHostSessionId }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides session
|
|
identification information for 802.1x hosts in the system."
|
|
::= { cpaeMIBGroups 45 }
|
|
|
|
cpaeHostAuthInfoGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeHostAuthPaeState,
|
|
cpaeHostBackendState
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides state machines and
|
|
authentication information for 802.1x authenticated hosts
|
|
in the system."
|
|
::= { cpaeMIBGroups 46 }
|
|
|
|
cpaePortCapabilitiesConfigGroup OBJECT-GROUP
|
|
OBJECTS { cpaePortCapabilitiesEnabled }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides configuration and
|
|
information about PAE functionalities of ports in the systems."
|
|
::= { cpaeMIBGroups 47 }
|
|
|
|
cpaeDot1xSuppToGuestVlanGroup OBJECT-GROUP
|
|
OBJECTS { cpaeDot1xSuppToGuestVlanAllowed }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides configuration that
|
|
allows moving ports with 802.1x supplicants to Guest Vlan."
|
|
::= { cpaeMIBGroups 48 }
|
|
|
|
cpaeGuestVlanNotifEnableGroup OBJECT-GROUP
|
|
OBJECTS { cpaeGuestVlanNotifEnable }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides control over
|
|
Guest Vlan related notification(s)."
|
|
::= { cpaeMIBGroups 49 }
|
|
|
|
cpaeGuestVlanNotifGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS { cpaeGuestVlanNotif }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of notifications providing information
|
|
for Guest Vlan."
|
|
::= { cpaeMIBGroups 50 }
|
|
|
|
cpaeAuthFailVlanNotifEnableGrp OBJECT-GROUP
|
|
OBJECTS { cpaeAuthFailVlanNotifEnable }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides control over
|
|
Auth-Fail Vlan related notification(s)."
|
|
::= { cpaeMIBGroups 51 }
|
|
|
|
cpaeAuthFailVlanNotifGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS { cpaeAuthFailVlanNotif }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of notifications providing information
|
|
for Auth-Fail Vlan."
|
|
::= { cpaeMIBGroups 52 }
|
|
|
|
cpaePortAuthFailVlanConfigGroup OBJECT-GROUP
|
|
OBJECTS { cpaePortAuthFailVlan }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides the Auth-Fail
|
|
(Authentication Fail) Vlan configuration for the system."
|
|
::= { cpaeMIBGroups 53 }
|
|
|
|
cpaePortAuthFailUserInfoGroup OBJECT-GROUP
|
|
OBJECTS { cpaeAuthFailUserName }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides the Auth-Fail user
|
|
information for the system."
|
|
::= { cpaeMIBGroups 54 }
|
|
|
|
cpaeSuppPortProfileGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeSuppPortCredentialProfileName,
|
|
cpaeSuppPortEapProfileName
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides Credential and
|
|
EAP profiles configuration for a Supplicant PAE."
|
|
::= { cpaeMIBGroups 55 }
|
|
|
|
cpaeSuppHostInfoGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cpaeSuppHostAuthMacAddress,
|
|
cpaeSuppHostPaeState,
|
|
cpaeSuppHostBackendState,
|
|
cpaeSuppHostStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) that provides information about
|
|
supplicants in the system."
|
|
::= { cpaeMIBGroups 56 }
|
|
|
|
END
|
|
|