mirror of
https://github.com/hsnodgrass/snmp_mib_archive.git
synced 2025-04-17 16:03:04 +00:00
1608 lines
39 KiB
INI
Executable File
1608 lines
39 KiB
INI
Executable File
#-MIBFILE: cisco-pae.mib
|
|
|
|
CISCO-PAE-MIB DEFINITIONS ::= BEGIN
|
|
|
|
|
|
DisplayString ::=
|
|
OCTET STRING (SIZE(0..255))
|
|
|
|
PhysAddress ::=
|
|
OCTET STRING
|
|
|
|
MacAddress ::=
|
|
OCTET STRING (SIZE(6))
|
|
|
|
TruthValue ::=
|
|
INTEGER {
|
|
true(1),
|
|
false(2)
|
|
}
|
|
|
|
TestAndIncr ::=
|
|
INTEGER (0..2147483647)
|
|
|
|
AutonomousType ::=
|
|
OBJECT IDENTIFIER
|
|
|
|
InstancePointer ::=
|
|
OBJECT IDENTIFIER
|
|
|
|
VariablePointer ::=
|
|
OBJECT IDENTIFIER
|
|
|
|
RowPointer ::=
|
|
OBJECT IDENTIFIER
|
|
|
|
RowStatus ::=
|
|
INTEGER {
|
|
active(1),
|
|
notInService(2),
|
|
notReady(3),
|
|
createAndGo(4),
|
|
createAndWait(5),
|
|
destroy(6)
|
|
}
|
|
|
|
TimeStamp ::=
|
|
TimeTicks
|
|
|
|
TimeInterval ::=
|
|
INTEGER (0..2147483647)
|
|
|
|
DateAndTime ::=
|
|
OCTET STRING (SIZE(8|11))
|
|
|
|
StorageType ::=
|
|
INTEGER {
|
|
other(1),
|
|
volatile(2),
|
|
nonVolatile(3),
|
|
permanent(4),
|
|
readOnly(5)
|
|
}
|
|
|
|
TDomain ::=
|
|
OBJECT IDENTIFIER
|
|
|
|
TAddress ::=
|
|
OCTET STRING (SIZE(1..255))
|
|
|
|
SnmpEngineID ::=
|
|
OCTET STRING (SIZE(5..32))
|
|
|
|
SnmpSecurityModel ::=
|
|
INTEGER (0..2147483647)
|
|
|
|
SnmpMessageProcessingModel ::=
|
|
INTEGER (0..2147483647)
|
|
|
|
SnmpSecurityLevel ::=
|
|
INTEGER {
|
|
noAuthNoPriv(1),
|
|
authNoPriv(2),
|
|
authPriv(3)
|
|
}
|
|
|
|
SnmpAdminString ::=
|
|
OCTET STRING (SIZE(0..255))
|
|
|
|
InetAddressType ::=
|
|
INTEGER {
|
|
unknown(0),
|
|
ipv4(1),
|
|
ipv6(2),
|
|
ipv4z(3),
|
|
ipv6z(4),
|
|
dns(16)
|
|
}
|
|
|
|
InetAddress ::=
|
|
OCTET STRING (SIZE(0..255))
|
|
|
|
InetAddressIPv4 ::=
|
|
OCTET STRING (SIZE(4))
|
|
|
|
InetAddressIPv6 ::=
|
|
OCTET STRING (SIZE(16))
|
|
|
|
InetAddressIPv4z ::=
|
|
OCTET STRING (SIZE(8))
|
|
|
|
InetAddressIPv6z ::=
|
|
OCTET STRING (SIZE(20))
|
|
|
|
InetAddressDNS ::=
|
|
OCTET STRING (SIZE(1..255))
|
|
|
|
InetAddressPrefixLength ::=
|
|
OCTET STRING
|
|
|
|
InetPortNumber ::=
|
|
OCTET STRING
|
|
|
|
InetAutonomousSystemNumber ::=
|
|
OCTET STRING
|
|
|
|
InetScopeType ::=
|
|
INTEGER {
|
|
interfaceLocal(1),
|
|
linkLocal(2),
|
|
subnetLocal(3),
|
|
adminLocal(4),
|
|
siteLocal(5),
|
|
organizationLocal(8),
|
|
global(14)
|
|
}
|
|
|
|
InetZoneIndex ::=
|
|
OCTET STRING
|
|
|
|
InetVersion ::=
|
|
INTEGER {
|
|
unknown(0),
|
|
ipv4(1),
|
|
ipv6(2)
|
|
}
|
|
|
|
PaeControlledDirections ::=
|
|
INTEGER {
|
|
both(0),
|
|
in(1)
|
|
}
|
|
|
|
PaeControlledPortStatus ::=
|
|
INTEGER {
|
|
authorized(1),
|
|
unauthorized(2)
|
|
}
|
|
|
|
PaeControlledPortControl ::=
|
|
INTEGER {
|
|
forceUnauthorized(1),
|
|
auto(2),
|
|
forceAuthorized(3)
|
|
}
|
|
|
|
std OBJECT IDENTIFIER ::= { iso 0 }
|
|
iso8802 OBJECT IDENTIFIER ::= { std 8802 }
|
|
ieee802dot1 OBJECT IDENTIFIER ::= { iso8802 1 }
|
|
ieee802dot1mibs OBJECT IDENTIFIER ::= { ieee802dot1 1 }
|
|
ieee8021paeMIB OBJECT IDENTIFIER ::= { ieee802dot1mibs 1 }
|
|
paeMIBObjects OBJECT IDENTIFIER ::= { ieee8021paeMIB 1 }
|
|
dot1xPaeSystem OBJECT IDENTIFIER ::= { paeMIBObjects 1 }
|
|
dot1xPaePortTable OBJECT IDENTIFIER ::= { dot1xPaeSystem 2 }
|
|
dot1xPaePortEntry OBJECT IDENTIFIER ::= { dot1xPaePortTable 1 }
|
|
iso8802 OBJECT IDENTIFIER ::= { std 8802 }
|
|
dot1xPaePortNumber OBJECT IDENTIFIER ::= { dot1xPaePortEntry 1 }
|
|
dot1xPaeAuthenticator OBJECT IDENTIFIER ::= { paeMIBObjects 2 }
|
|
dot1xAuthConfigTable OBJECT IDENTIFIER ::= { dot1xPaeAuthenticator 1 }
|
|
dot1xAuthConfigEntry OBJECT IDENTIFIER ::= { dot1xAuthConfigTable 1 }
|
|
dot1xAuthPaeState OBJECT IDENTIFIER ::= { dot1xAuthConfigEntry 1 }
|
|
OwnerString ::=
|
|
OCTET STRING (SIZE(0..255))
|
|
|
|
InterfaceIndex ::=
|
|
INTEGER (1..2147483647)
|
|
|
|
InterfaceIndexOrZero ::=
|
|
INTEGER (0..2147483647)
|
|
|
|
VlanIndex ::=
|
|
INTEGER (0..4095)
|
|
|
|
ManagementDomainIndex ::=
|
|
INTEGER (1..255)
|
|
|
|
VlanType ::=
|
|
INTEGER {
|
|
ethernet(1),
|
|
fddi(2),
|
|
tokenRing(3),
|
|
fddiNet(4),
|
|
trNet(5),
|
|
deprecated(6)
|
|
}
|
|
|
|
VlanTypeExt ::=
|
|
OCTET STRING {
|
|
vtpmanageable(0),
|
|
internal(1),
|
|
reserved(2),
|
|
rspan(3),
|
|
dynamicGvrp(4)
|
|
}
|
|
|
|
CiscoNetworkProtocol ::=
|
|
INTEGER {
|
|
ip(1),
|
|
decnet(2),
|
|
pup(3),
|
|
chaos(4),
|
|
xns(5),
|
|
x121(6),
|
|
appletalk(7),
|
|
clns(8),
|
|
lat(9),
|
|
vines(10),
|
|
cons(11),
|
|
apollo(12),
|
|
stun(13),
|
|
novell(14),
|
|
qllc(15),
|
|
snapshot(16),
|
|
atmIlmi(17),
|
|
bstun(18),
|
|
x25pvc(19),
|
|
ipv6(20),
|
|
cdm(21),
|
|
nbf(22),
|
|
bpxIgx(23),
|
|
clnsPfx(24),
|
|
http(25),
|
|
unknown(65535)
|
|
}
|
|
|
|
CiscoNetworkAddress ::=
|
|
OCTET STRING
|
|
|
|
Unsigned64 ::=
|
|
OCTET STRING
|
|
|
|
SAPType ::=
|
|
INTEGER (0..254)
|
|
|
|
CountryCode ::=
|
|
OCTET STRING (SIZE(0|2))
|
|
|
|
CountryCodeITU ::=
|
|
OCTET STRING
|
|
|
|
EntPhysicalIndexOrZero ::=
|
|
INTEGER (0..2147483647)
|
|
|
|
CiscoRowOperStatus ::=
|
|
INTEGER {
|
|
active(1),
|
|
activeDependencies(2),
|
|
inactiveDependency(3),
|
|
missingDependency(4)
|
|
}
|
|
|
|
CiscoPort ::=
|
|
INTEGER (0..65535)
|
|
|
|
CiscoIpProtocol ::=
|
|
INTEGER (0..255)
|
|
|
|
CiscoLocationClass ::=
|
|
INTEGER {
|
|
chassis(1),
|
|
shelf(2),
|
|
slot(3),
|
|
subSlot(4),
|
|
port(5),
|
|
subPort(6),
|
|
channel(7),
|
|
subChannel(8)
|
|
}
|
|
|
|
CiscoLocationSpecifier ::=
|
|
OCTET STRING (SIZE(0..255))
|
|
|
|
CiscoInetAddressMask ::=
|
|
OCTET STRING
|
|
|
|
CiscoAbsZeroBasedCounter32 ::=
|
|
Gauge
|
|
|
|
CiscoSnapShotAbsCounter32 ::=
|
|
OCTET STRING
|
|
|
|
CiscoAlarmSeverity ::=
|
|
INTEGER {
|
|
cleared(1),
|
|
indeterminate(2),
|
|
critical(3),
|
|
major(4),
|
|
minor(5),
|
|
warning(6),
|
|
info(7)
|
|
}
|
|
|
|
PerfHighIntervalCount ::=
|
|
OCTET STRING
|
|
|
|
ConfigIterator ::=
|
|
OCTET STRING
|
|
|
|
BulkConfigResult ::=
|
|
OCTET STRING (SIZE(0..255))
|
|
|
|
ListIndex ::=
|
|
INTEGER (1..2147483647)
|
|
|
|
ListIndexOrZero ::=
|
|
INTEGER (0..2147483647)
|
|
|
|
TimeIntervalSec ::=
|
|
OCTET STRING
|
|
|
|
TimeIntervalMin ::=
|
|
OCTET STRING
|
|
|
|
CiscoMilliSeconds ::=
|
|
OCTET STRING
|
|
|
|
MicroSeconds ::=
|
|
OCTET STRING
|
|
|
|
CiscoPortList ::=
|
|
OCTET STRING (SIZE(0..256))
|
|
|
|
CiscoPortListRange ::=
|
|
INTEGER {
|
|
oneto2k(1),
|
|
twoKto4K(2),
|
|
fourKto6K(3),
|
|
sixKto8K(4),
|
|
eightKto10K(5),
|
|
tenKto12K(6),
|
|
twelveKto14K(7),
|
|
fourteenKto16K(8)
|
|
}
|
|
|
|
IfOperStatusReason ::=
|
|
INTEGER {
|
|
other(1),
|
|
none(2),
|
|
hwFailure(3),
|
|
loopbackDiagFailure(4),
|
|
errorDisabled(5),
|
|
swFailure(6),
|
|
linkFailure(7),
|
|
offline(8),
|
|
nonParticipating(9),
|
|
initializing(10),
|
|
vsanInactive(11),
|
|
adminDown(12),
|
|
channelAdminDown(13),
|
|
channelOperSuspended(14),
|
|
channelConfigurationInProgress(15),
|
|
rcfInProgress(16),
|
|
elpFailureIsolation(17),
|
|
escFailureIsolation(18),
|
|
domainOverlapIsolation(19),
|
|
domainAddrAssignFailureIsolation(20),
|
|
domainOtherSideEportIsolation(21),
|
|
domainInvalidRcfReceived(22),
|
|
domainManagerDisabled(23),
|
|
zoneMergeFailureIsolation(24),
|
|
vsanMismatchIsolation(25),
|
|
parentDown(26),
|
|
srcPortNotBound(27),
|
|
interfaceRemoved(28),
|
|
fcotNotPresent(29),
|
|
fcotVendorNotSupported(30),
|
|
incompatibleAdminMode(31),
|
|
incompatibleAdminSpeed(32),
|
|
suspendedByMode(33),
|
|
suspendedBySpeed(34),
|
|
suspendedByWWN(35),
|
|
domainMaxReTxFailure(36),
|
|
eppFailure(37),
|
|
portVsanMismatchIsolation(38),
|
|
loopbackIsolation(39),
|
|
upgradeInProgress(40),
|
|
incompatibleAdminRxBbCredit(41),
|
|
incompatibleAdminRxBufferSize(42),
|
|
portChannelMembersDown(43),
|
|
zoneRemoteNoRespIsolation(44),
|
|
firstPortUpAsEport(45),
|
|
firstPortNotUp(46),
|
|
peerFCIPPortClosedConnection(47),
|
|
peerFCIPPortResetConnection(48),
|
|
fcipPortMaxReTx(49),
|
|
fcipPortKeepAliveTimerExpire(50),
|
|
fcipPortPersistTimerExpire(51),
|
|
fcipPortSrcLinkDown(52),
|
|
fcipPortSrcAdminDown(53),
|
|
fcipPortAdminCfgChange(54),
|
|
fcipSrcPortRemoved(55),
|
|
fcipSrcModuleNotOnline(56),
|
|
invalidConfig(57),
|
|
portBindFailure(58),
|
|
portFabricBindFailure(59),
|
|
noCommonVsanIsolation(60),
|
|
ficonVsanDown(61),
|
|
invalidAttachment(62),
|
|
portBlocked(63),
|
|
incomAdminRxBbCreditPerBuf(64),
|
|
tooManyInvalidFlogis(65),
|
|
deniedDueToPortBinding(66),
|
|
elpFailureRevMismatch(67),
|
|
elpFailureClassFParamErr(68),
|
|
elpFailureClassNParamErr(69),
|
|
elpFailureUnknownFlowCtlCode(70),
|
|
elpFailureInvalidFlowCtlParam(71),
|
|
elpFailureInvalidPortName(72),
|
|
elpFailureInvalidSwitchName(73),
|
|
elpFailureRatovEdtovMismatch(74),
|
|
elpFailureLoopbackDetected(75),
|
|
elpFailureInvalidTxBbCredit(76),
|
|
elpFailureInvalidPayloadSize(77),
|
|
bundleMisCfg(78),
|
|
bitErrRuntimeThreshExceeded(79),
|
|
linkFailLinkReset(80),
|
|
linkFailPortInitFail(81),
|
|
linkFailPortUnusable(82),
|
|
linkFailLossOfSignal(83),
|
|
linkFailLossOfSync(84),
|
|
linkFailNosRcvd(85),
|
|
linkFailOlsRcvd(86),
|
|
linkFailDebounceTimeout(87),
|
|
linkFailLrRcvd(88),
|
|
linkFailCreditLoss(89),
|
|
linkFailRxQOverflow(90),
|
|
linkFailTooManyInterrupts(91),
|
|
linkFailLipRcvdBb(92),
|
|
linkFailBbCreditLoss(93),
|
|
linkFailOpenPrimSignalTimeout(94),
|
|
linkFailOpenPrimSignalReturned(95),
|
|
linkFailLipF8Rcvd(96),
|
|
linkFailLineCardPortShutdown(97),
|
|
fcspAuthenfailure(98),
|
|
fcotChecksumError(99),
|
|
ohmsExtLoopbackTest(100),
|
|
invalidFabricBindExchange(101),
|
|
tovMismatch(102),
|
|
ficonNotEnabled(103),
|
|
ficonNoPortNumber(104),
|
|
ficonBeingEnabled(105),
|
|
ePortProhibited(106),
|
|
portGracefulShutdown(107),
|
|
trunkNotFullyActive(108),
|
|
fabricBindingSwitchWwnNotFound(109),
|
|
fabricBindingDomainInvalid(110),
|
|
fabricBindingDbMismatch(111),
|
|
fabricBindingNoRspFromPeer(112),
|
|
dpvmVsanSuspended(113),
|
|
dpvmVsanNotFound(114),
|
|
trackedPortDown(115),
|
|
ecSuspendedOnLoop(116),
|
|
isolateBundleMisCfg(117),
|
|
noPeerBundleSupport(118),
|
|
portBringupIsolation(119),
|
|
domainNotAllowedIsolated(120),
|
|
virtualIvrDomainOverlapIsolation(121),
|
|
outOfService(122),
|
|
portAuthFailed(123),
|
|
bundleStandby(124),
|
|
portConnectorTypeErr(125),
|
|
errorDisabledReInitLmtReached(126),
|
|
ficonDupPortNum(127),
|
|
localRcf(128),
|
|
twoSwitchesWithSameWWN(129),
|
|
invalidOtherSidePrincEFPReqRecd(130),
|
|
domainOther(131)
|
|
}
|
|
|
|
EntLogicalIndexOrZero ::=
|
|
INTEGER (0..2147483647)
|
|
|
|
CiscoURLString ::=
|
|
OCTET STRING (SIZE(1..255))
|
|
|
|
CiscoHTTPResponseStatusCode ::=
|
|
OCTET STRING
|
|
|
|
CvE164Address ::=
|
|
OCTET STRING (SIZE(1..128))
|
|
|
|
CnnEouPostureToken ::=
|
|
INTEGER {
|
|
unknown(1),
|
|
healthy(2),
|
|
checkup(3),
|
|
quarantine(4),
|
|
infected(5)
|
|
}
|
|
|
|
CnnEouState ::=
|
|
INTEGER {
|
|
initialize(1),
|
|
hello(2),
|
|
clientless(3),
|
|
eapRequest(4),
|
|
response(5),
|
|
authenticated(6),
|
|
fail(7),
|
|
abort(8)
|
|
}
|
|
|
|
CnnEouAuthType ::=
|
|
INTEGER {
|
|
clientless(1),
|
|
eap(2),
|
|
static(3)
|
|
}
|
|
|
|
CnnEouDeviceType ::=
|
|
INTEGER {
|
|
ciscoIpPhone(1)
|
|
}
|
|
|
|
cisco OBJECT IDENTIFIER ::= { enterprises 9 }
|
|
ciscoMgmt OBJECT IDENTIFIER ::= { cisco 9 }
|
|
ReAuthPeriodSource ::=
|
|
INTEGER {
|
|
local(1),
|
|
server(2),
|
|
auto(3)
|
|
}
|
|
|
|
ciscoPaeMIB OBJECT IDENTIFIER ::= { ciscoMgmt 220 }
|
|
|
|
cpaeMIBNotification OBJECT IDENTIFIER ::= { ciscoPaeMIB 0 }
|
|
|
|
cpaeMIBObject OBJECT IDENTIFIER ::= { ciscoPaeMIB 1 }
|
|
|
|
cpaeMIBConformance OBJECT IDENTIFIER ::= { ciscoPaeMIB 2 }
|
|
|
|
cpaePortTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaePortEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "A table of system level information for each port
|
|
supported by the Port Access Entity. An entry
|
|
appears in this table for each PAE port of this system.
|
|
This table contains additional objects for the
|
|
dot1xPaePortTable."
|
|
::= { cpaeMIBObject 1 }
|
|
|
|
|
|
cpaePortEntry OBJECT-TYPE
|
|
SYNTAX CpaePortEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "An entry containing additional management information
|
|
applicable to a particular PAE port."
|
|
::= { cpaePortTable 1 }
|
|
|
|
cpaePortEntry ::=
|
|
SEQUENCE {
|
|
cpaeMultipleHost TruthValue,
|
|
cpaePortMode INTEGER,
|
|
cpaeGuestVlanNumber VlanIndex,
|
|
cpaeInGuestVlan TruthValue,
|
|
cpaeShutdownTimeoutEnabled TruthValue,
|
|
cpaePortAuthFailVlan VlanIndex,
|
|
cpaePortOperVlan VlanIndex,
|
|
cpaePortOperVlanType INTEGER
|
|
}
|
|
|
|
cpaeMultipleHost OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS optional
|
|
DESCRIPTION "Specifies whether the port allows multiple-host
|
|
connection or not."
|
|
::= { cpaePortEntry 1 }
|
|
|
|
|
|
cpaePortMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
singleHost(1),
|
|
multiHost(2),
|
|
multiAuth(3)
|
|
}
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Specifies the current mode of dot1x operation on
|
|
the port.
|
|
singleHost(1): port allows one host to connect
|
|
and authenticate.
|
|
multiHost(2) : port allows multiple hosts to
|
|
connect. Once a host is
|
|
authenticated, all remaining hosts
|
|
are also authorized.
|
|
multiAuth(3) : port allows multiple hosts to
|
|
connect and each host is
|
|
authenticated.
|
|
|
|
If the port security feature is enabled on the
|
|
interface, the configuration of the port security
|
|
(such as the number of the hosts allowed, the security
|
|
violation action, etc) will apply to the interface."
|
|
::= { cpaePortEntry 2 }
|
|
|
|
|
|
cpaeGuestVlanNumber OBJECT-TYPE
|
|
SYNTAX VlanIndex
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Specifies the Guest Vlan of the interface.
|
|
An interface with cpaePortMode value of 'singleHost'
|
|
will be moved to its Guest Vlan if the supplicant on
|
|
the interface is not capable of IEEE-802.1x
|
|
authentication.
|
|
|
|
A value of zero for this object indicates no Guest
|
|
Vlan configured for the interface."
|
|
::= { cpaePortEntry 3 }
|
|
|
|
|
|
cpaeInGuestVlan OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS optional
|
|
DESCRIPTION "Indicates whether the interface is in its Guest Vlan
|
|
or not.
|
|
|
|
The object is deprecated in favor of newly added
|
|
object cpaePortOperVlanType."
|
|
::= { cpaePortEntry 4 }
|
|
|
|
|
|
cpaeShutdownTimeoutEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Specifies whether shutdown timeout feature is enabled
|
|
on the interface."
|
|
::= { cpaePortEntry 5 }
|
|
|
|
|
|
cpaePortAuthFailVlan OBJECT-TYPE
|
|
SYNTAX VlanIndex
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Specifies the Auth-Fail (Authentication Fail) Vlan of
|
|
the port. A port with cpaePortMode value of
|
|
'singleHost' will be moved to its Auth-Fail Vlan if
|
|
the supplicant supports IEEE-802.1x authentication
|
|
but is unsuccessfully authenticated.
|
|
|
|
A value of zero for this object indicates no Auth-Fail
|
|
Vlan configured for the port."
|
|
::= { cpaePortEntry 6 }
|
|
|
|
|
|
cpaePortOperVlan OBJECT-TYPE
|
|
SYNTAX VlanIndex
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The VlanIndex of the Vlan which is assigned to this
|
|
port via IEEE-802.1x and related methods of
|
|
authentication supported by the system.
|
|
|
|
A value of zero for this object indicates that no
|
|
Vlan is assigned to this port via IEEE-802.1x
|
|
authentication."
|
|
::= { cpaePortEntry 7 }
|
|
|
|
|
|
cpaePortOperVlanType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
none(2),
|
|
guest(3),
|
|
authFail(4)
|
|
}
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The type of the Vlan which is assigned to this port
|
|
via IEEE-802.1x and related methods of authentication
|
|
supported by the system.
|
|
|
|
A value of 'other' for this object indicates type of
|
|
Vlan assigned to this port; via IEEE-802.1x
|
|
authentication; is other than the ones specified by
|
|
listed enumerations for this object.
|
|
|
|
A value of 'none' for this object indicates that there
|
|
is no Vlan assigned to this port via IEEE-802.1x
|
|
authentication. For such a case, corresponding value
|
|
of cpaePortOperVlan object will be zero.
|
|
|
|
A value of 'guest' for this object indicates that Vlan
|
|
assigned to this port; via IEEE-802.1x authentication;
|
|
is of type Guest Vlan and specified by the object
|
|
cpaeGuestVlanNumber for this entry.
|
|
|
|
A value of 'authFail' for this object indicates that
|
|
Vlan assigned to this port; via IEEE-802.1x
|
|
authentication; is of type Auth-Fail Vlan and
|
|
specified by the object cpaeAuthFailVlanNumber for
|
|
this entry."
|
|
::= { cpaePortEntry 8 }
|
|
|
|
|
|
cpaeGuestVlanId OBJECT-TYPE
|
|
SYNTAX VlanIndex
|
|
ACCESS read-only
|
|
STATUS optional
|
|
DESCRIPTION "Specifies the Guest Vlan of the system.
|
|
An interface with cpaePortMode value of 'singleHost'
|
|
will be moved to Guest Vlan if the supplicant on the
|
|
interface is not IEEE-802.1x capable.
|
|
|
|
A value of zero indicates no Guest Vlan configured in
|
|
the system.
|
|
|
|
If the platform supports per-port guest Vlan ID
|
|
configuration, this object is not instantiated."
|
|
::= { cpaeMIBObject 2 }
|
|
|
|
|
|
cpaeShutdownTimeout OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Specifies the shutdown timeout interval to enable the
|
|
interface automatically in case it is shutdown due to
|
|
security violation.
|
|
|
|
If the value of this object is 0, the interfaces
|
|
shutdown due to the security violation will not be
|
|
enabled automatically.
|
|
|
|
The value of this object is applicable to the
|
|
interface only when cpaeShutdownTimeoutEnabled is
|
|
'true', and port security feature is disabled on the
|
|
interface."
|
|
::= { cpaeMIBObject 3 }
|
|
|
|
|
|
cpaeRadiusAccountingEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Specifies if RADIUS accounting is enabled for 802.1x
|
|
on this devices."
|
|
::= { cpaeMIBObject 4 }
|
|
|
|
|
|
cpaeUserGroupTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaeUserGroupEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "A table of Group Manager and authenticated users
|
|
information on the device."
|
|
::= { cpaeMIBObject 5 }
|
|
|
|
|
|
cpaeUserGroupEntry OBJECT-TYPE
|
|
SYNTAX CpaeUserGroupEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Information about an 802.1x authenticated user on the
|
|
devices."
|
|
INDEX { cpaeUserGroupName , cpaeUserGroupUserIndex }
|
|
|
|
::= { cpaeUserGroupTable 1 }
|
|
|
|
cpaeUserGroupEntry ::=
|
|
SEQUENCE {
|
|
cpaeUserGroupName SnmpAdminString,
|
|
cpaeUserGroupUserIndex Unsigned32,
|
|
cpaeUserGroupUserName SnmpAdminString,
|
|
cpaeUserGroupUserAddrType InetAddressType,
|
|
cpaeUserGroupUserAddr InetAddress,
|
|
cpaeUserGroupUserInterface InterfaceIndex,
|
|
cpaeUserGroupUserVlan VlanIndex
|
|
}
|
|
|
|
cpaeUserGroupName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Specifies the name of the group that the user
|
|
belongs to."
|
|
::= { cpaeUserGroupEntry 1 }
|
|
|
|
|
|
cpaeUserGroupUserIndex OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The index of an user within a group."
|
|
::= { cpaeUserGroupEntry 2 }
|
|
|
|
|
|
cpaeUserGroupUserName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Specifies the name of the user authenticated on a
|
|
port of the device."
|
|
::= { cpaeUserGroupEntry 3 }
|
|
|
|
|
|
cpaeUserGroupUserAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Specifies the type of address used to determine
|
|
the address of the user."
|
|
::= { cpaeUserGroupEntry 4 }
|
|
|
|
|
|
cpaeUserGroupUserAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Specifies the address of the host that the user
|
|
logging from."
|
|
::= { cpaeUserGroupEntry 5 }
|
|
|
|
|
|
cpaeUserGroupUserInterface OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Specifies the interface index that the user is
|
|
authenticated on."
|
|
::= { cpaeUserGroupEntry 6 }
|
|
|
|
|
|
cpaeUserGroupUserVlan OBJECT-TYPE
|
|
SYNTAX VlanIndex
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Specifies the vlan that the user belongs to."
|
|
::= { cpaeUserGroupEntry 7 }
|
|
|
|
|
|
cpaeAuthFailUserTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaeAuthFailUserEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "A table to list user information for each port on
|
|
the system supported by the Port Access Entity and
|
|
assigned to Auth-Fail Vlan."
|
|
::= { cpaeMIBObject 6 }
|
|
|
|
|
|
cpaeAuthFailUserEntry OBJECT-TYPE
|
|
SYNTAX CpaeAuthFailUserEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "An entry appears in this table for each PAE port on
|
|
the system which is assigned to Vlan of type
|
|
'authFail' via via IEEE-802.1x authentication."
|
|
INDEX { dot1xPaePortNumber }
|
|
|
|
::= { cpaeAuthFailUserTable 1 }
|
|
|
|
cpaeAuthFailUserEntry ::=
|
|
SEQUENCE {
|
|
cpaeAuthFailUserName SnmpAdminString
|
|
}
|
|
|
|
cpaeAuthFailUserName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Indicates the name of the user who failed IEEE-802.1x
|
|
authentication and hence now assigned to Auth-Fail
|
|
Vlan.
|
|
|
|
The Auth-Fail Vlan to which the user belongs is
|
|
determined by the value of object cpaePortAuthFailVlan
|
|
for this port."
|
|
::= { cpaeAuthFailUserEntry 1 }
|
|
|
|
|
|
cpaeNotificationControl OBJECT IDENTIFIER ::= { cpaeMIBObject 7 }
|
|
|
|
cpaeNoGuestVlanNotifEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "This variable indicates whether the system produces
|
|
the cpaeNoGuestVlanNotif.
|
|
|
|
A 'false' value will prevent cpaeNoGuestVlanNotif from
|
|
being generated by this system."
|
|
::= { cpaeNotificationControl 1 }
|
|
|
|
|
|
cpaeNoAuthFailVlanNotifEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "This variable indicates whether the system produces
|
|
the cpaeNoAuthFailVlanNotif.
|
|
|
|
A 'false' value will prevent cpaeNoAuthFailVlanNotif
|
|
from being generated by this system."
|
|
::= { cpaeNotificationControl 2 }
|
|
|
|
|
|
cpaeMacAuthBypass OBJECT IDENTIFIER ::= { cpaeMIBObject 8 }
|
|
|
|
cpaeMacAuthBypassReAuthTimeout OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Specifies the waiting time before reauthentication is
|
|
triggered on all MAC Auth-bypass authenticated ports."
|
|
::= { cpaeMacAuthBypass 1 }
|
|
|
|
|
|
cpaeMacAuthBypassReAuthEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The reauthentication control for all MAC Auth-bypass
|
|
ports. Setting this object to 'true' causes every MAC
|
|
Auth-Bypass authenticated port to reauthenticate the
|
|
device connecting to the port, after every period of
|
|
time specified by the object
|
|
cpaeMacAuthBypassReAuthTimeout. Setting this object
|
|
to 'false' will disable the MAC Auth-Bypass global
|
|
reauthentication."
|
|
::= { cpaeMacAuthBypass 2 }
|
|
|
|
|
|
cpaeMacAuthBypassViolation OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
restrict(1),
|
|
shutdown(2)
|
|
}
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Specifies the action upon reception of a security
|
|
violation event.
|
|
|
|
restrict(1): Packets from MAC address of the
|
|
device causing security violation
|
|
will be dropped.
|
|
|
|
shutdown(2): The port that causes security
|
|
violation will be shutdown."
|
|
::= { cpaeMacAuthBypass 3 }
|
|
|
|
|
|
cpaeMacAuthBypassShutdownTimeout OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Specifies time before a port is auto-enabled after
|
|
being shutdown due to a MAC Auth-bypass security
|
|
violation."
|
|
::= { cpaeMacAuthBypass 4 }
|
|
|
|
|
|
cpaeMacAuthBypassAuthFailTimeout OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Specifies the time a MAC Auth-bypass unauthenticated
|
|
port waits before trying the authentication process
|
|
again."
|
|
::= { cpaeMacAuthBypass 5 }
|
|
|
|
|
|
cpaeMacAuthBypassPortTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaeMacAuthBypassPortEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "A table of MAC Authentication Bypass (MAC
|
|
Auth-Bypass) configuration and information for
|
|
ports in the device."
|
|
::= { cpaeMacAuthBypass 6 }
|
|
|
|
|
|
cpaeMacAuthBypassPortEntry OBJECT-TYPE
|
|
SYNTAX CpaeMacAuthBypassPortEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "An entry containing management information for
|
|
MAC Auth-Bypass feature on a port."
|
|
INDEX { dot1xPaePortNumber }
|
|
|
|
::= { cpaeMacAuthBypassPortTable 1 }
|
|
|
|
cpaeMacAuthBypassPortEntry ::=
|
|
SEQUENCE {
|
|
cpaeMacAuthBypassPortEnabled TruthValue,
|
|
cpaeMacAuthBypassPortInitialize TruthValue,
|
|
cpaeMacAuthBypassPortReAuth TruthValue,
|
|
cpaeMacAuthBypassPortMacAddress MacAddress,
|
|
cpaeMacAuthBypassPortAuthState INTEGER
|
|
}
|
|
|
|
cpaeMacAuthBypassPortEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Specifies whether MAC Auth-Bypass is enabled
|
|
on the port."
|
|
::= { cpaeMacAuthBypassPortEntry 1 }
|
|
|
|
|
|
cpaeMacAuthBypassPortInitialize OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The initialization control for this port. Setting
|
|
this object to 'true' causes the MAC Auth-bypass
|
|
state machine to be initialized on the port. Setting
|
|
this object to 'false' has no effect.
|
|
|
|
This object always returns 'false' when it is read."
|
|
::= { cpaeMacAuthBypassPortEntry 2 }
|
|
|
|
|
|
cpaeMacAuthBypassPortReAuth OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The reauthentication control for this port. Setting
|
|
this object to 'true' causes the MAC address of the
|
|
device connecting to the port to be reauthenticated.
|
|
Setting this object to 'false' has no effect.
|
|
|
|
This object always returns 'false' when it is read."
|
|
::= { cpaeMacAuthBypassPortEntry 3 }
|
|
|
|
|
|
cpaeMacAuthBypassPortMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Indicates the MAC address of the device connecting
|
|
to the port."
|
|
::= { cpaeMacAuthBypassPortEntry 4 }
|
|
|
|
|
|
cpaeMacAuthBypassPortAuthState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
waiting(2),
|
|
authenticating(3),
|
|
authenticated(4),
|
|
fail(5),
|
|
finished(6)
|
|
}
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Indicates the current state of the MAC Auth-Bypass
|
|
state machine.
|
|
|
|
other(1) : An unknown state.
|
|
|
|
waiting(2) : Waiting to receive the MAC address
|
|
that needs to be authenticated.
|
|
|
|
authenticating(3): In authentication process.
|
|
|
|
authenticated(4) : MAC address of the device connecting
|
|
to the port is authenticated.
|
|
|
|
fail(5) : MAC Auth-bypass authentication
|
|
failed. Port waits for a period of
|
|
time before moving to the 'waiting'
|
|
state, if there is no other
|
|
authentication features available
|
|
in the system.
|
|
|
|
finished(6) : MAC Auth-bypass authentication
|
|
failed. Port is authenticated by
|
|
another authentication feature."
|
|
::= { cpaeMacAuthBypassPortEntry 5 }
|
|
|
|
|
|
cpaeMacAuthBypassAcctEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Specifies if accounting is enabled for Mac
|
|
Authentication Bypass feature on this device."
|
|
::= { cpaeMacAuthBypass 7 }
|
|
|
|
|
|
cpaeWebAuth OBJECT IDENTIFIER ::= { cpaeMIBObject 9 }
|
|
|
|
cpaeWebAuthEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Specifies whether Web Proxy Authentication is enabled
|
|
in the system."
|
|
::= { cpaeWebAuth 1 }
|
|
|
|
|
|
cpaeWebAuthSessionPeriod OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Specifies the Web Proxy Authentication session period
|
|
for the system. Session period is the time after which
|
|
an Web Proxy Authenticated session is terminated."
|
|
::= { cpaeWebAuth 2 }
|
|
|
|
|
|
cpaeWebAuthLoginPage OBJECT-TYPE
|
|
SYNTAX CiscoURLString
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Specifies the customized login page for Web Proxy
|
|
Authentication, in the format of an URL.
|
|
|
|
A customized login page is required to support the same
|
|
input fields as the default login page for users to
|
|
input credentials.
|
|
|
|
If this object contains a zero length string, the
|
|
default login page will be used."
|
|
::= { cpaeWebAuth 3 }
|
|
|
|
|
|
cpaeWebAuthLoginFailedPage OBJECT-TYPE
|
|
SYNTAX CiscoURLString
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Specifies the customized login-failed page for Web
|
|
Proxy Authentication, in the format of an URL.
|
|
|
|
Login-failed page is sent back to the client upon an
|
|
authentication failure. A login-failed page requires to
|
|
have all the input fields of the login page, in
|
|
addition to the authentication failure information.
|
|
|
|
If this object contains a zero length string, the
|
|
default login-failed page will be used."
|
|
::= { cpaeWebAuth 4 }
|
|
|
|
|
|
cpaeWebAuthQuietPeriod OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Specifies the time a Web Proxy Authentication state
|
|
machine will be held in 'blackListed' state after
|
|
maximum authentication attempts."
|
|
::= { cpaeWebAuth 5 }
|
|
|
|
|
|
cpaeWebAuthMaxRetries OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Specifies the maximum number of unsuccessful login
|
|
attempts a user is allowed to make."
|
|
::= { cpaeWebAuth 6 }
|
|
|
|
|
|
cpaeWebAuthPortTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaeWebAuthPortEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "A table of Web Proxy Authentication configuration and
|
|
information for the feature capable ports in the
|
|
device."
|
|
::= { cpaeWebAuth 7 }
|
|
|
|
|
|
cpaeWebAuthPortEntry OBJECT-TYPE
|
|
SYNTAX CpaeWebAuthPortEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "An entry containing management information for Web
|
|
Proxy Authentication feature on a port."
|
|
INDEX { dot1xPaePortNumber }
|
|
|
|
::= { cpaeWebAuthPortTable 1 }
|
|
|
|
cpaeWebAuthPortEntry ::=
|
|
SEQUENCE {
|
|
cpaeWebAuthPortEnabled TruthValue,
|
|
cpaeWebAuthPortInitialize TruthValue
|
|
}
|
|
|
|
cpaeWebAuthPortEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Specifies whether Web Proxy Authentication is
|
|
enabled on the port."
|
|
::= { cpaeWebAuthPortEntry 1 }
|
|
|
|
|
|
cpaeWebAuthPortInitialize OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The initialization control for this port. Setting this
|
|
object to 'true' causes Web Proxy Authentication state
|
|
machine to be initialized for all the hosts connecting
|
|
to the port. Setting this object to 'false' has no
|
|
effect.
|
|
|
|
This object always returns 'false' when it is read."
|
|
::= { cpaeWebAuthPortEntry 2 }
|
|
|
|
|
|
cpaeWebAuthHostTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaeWebAuthHostEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "A table of Web Proxy Authentication information for
|
|
hosts currently managed by the feature. An entry is
|
|
added to the table when a host is detected and Web
|
|
Proxy Authentication state machine is initiated for
|
|
the host."
|
|
::= { cpaeWebAuth 8 }
|
|
|
|
|
|
cpaeWebAuthHostEntry OBJECT-TYPE
|
|
SYNTAX CpaeWebAuthHostEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "An entry containing management information for Web
|
|
Proxy Authentication feature on a host."
|
|
INDEX { dot1xPaePortNumber , cpaeWebAuthHostAddrType, cpaeWebAuthHostAddress }
|
|
|
|
::= { cpaeWebAuthHostTable 1 }
|
|
|
|
cpaeWebAuthHostEntry ::=
|
|
SEQUENCE {
|
|
cpaeWebAuthHostAddrType InetAddressType,
|
|
cpaeWebAuthHostAddress InetAddress,
|
|
cpaeWebAuthAaaSessionPeriod Unsigned32,
|
|
cpaeWebAuthHostSessionTimeLeft Unsigned32,
|
|
cpaeWebAuthHostState INTEGER,
|
|
cpaeWebAuthHostInitialize TruthValue
|
|
}
|
|
|
|
cpaeWebAuthHostAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Indicates the Internet address type for the host."
|
|
::= { cpaeWebAuthHostEntry 1 }
|
|
|
|
|
|
cpaeWebAuthHostAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Indicates the Internet address for the host. The type
|
|
of this address is determined by the value of
|
|
cpaeWebAuthHostAddrType."
|
|
::= { cpaeWebAuthHostEntry 2 }
|
|
|
|
|
|
cpaeWebAuthAaaSessionPeriod OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Indicates the session period for a Web Proxy
|
|
Authenticated session on this host, supplied by the
|
|
AAA server. If value of this object is none zero,
|
|
it will take precedence over the period specified
|
|
by cpaeWebAuthPortSessionPeriod."
|
|
::= { cpaeWebAuthHostEntry 3 }
|
|
|
|
|
|
cpaeWebAuthHostSessionTimeLeft OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Indicates the leftover time of the current Web Proxy
|
|
Authenticated session for this host."
|
|
::= { cpaeWebAuthHostEntry 4 }
|
|
|
|
|
|
cpaeWebAuthHostState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
initialize(1),
|
|
connecting(2),
|
|
authenticating(3),
|
|
authenticated(4),
|
|
authFailed(5),
|
|
parseError(6),
|
|
sessionTimeout(7),
|
|
blackListed(8)
|
|
}
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Indicates the current state of the Web Proxy
|
|
Authentication state machine.
|
|
|
|
initialize : Initial state of the Web Proxy
|
|
Authentication state machine.
|
|
|
|
connecting : Login page is sent to the client,
|
|
waiting for response from the client.
|
|
|
|
authenticating: Credentials are extracted from client's
|
|
response and authenticating with the
|
|
AAA server.
|
|
|
|
authenticated : Web Proxy Authentication succeeded.
|
|
Session timer is started, policies are
|
|
applied, and success page is sent back
|
|
to client.
|
|
|
|
authFailed : Web Proxy Authentication failed. Login
|
|
page is resent with authentication
|
|
failured information embedded, if retry
|
|
count has not exceeded the maximum
|
|
number of retry attempts. Otherwise,
|
|
move to 'blackListed' state.
|
|
|
|
parseError : Failed to extract user's credentials
|
|
from the client's response.
|
|
|
|
sessionTimeout: Session timer expired, user's policies
|
|
are removed, state machine will moves
|
|
to 'intialize' state after that.
|
|
|
|
blackListed : Web Proxy Authentication retry count
|
|
has exceeded the maximum number of
|
|
retry attempts. Only setting the state
|
|
machine to 'initialize' will take it
|
|
out of this state."
|
|
::= { cpaeWebAuthHostEntry 5 }
|
|
|
|
|
|
cpaeWebAuthHostInitialize OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The initialization control for this host. Setting this
|
|
object to 'true' causes Web Proxy Authentication state
|
|
machine to be initialized for the host. Setting this
|
|
object to 'false' has no effect.
|
|
|
|
This object always returns 'false' when it is read."
|
|
::= { cpaeWebAuthHostEntry 6 }
|
|
|
|
|
|
cpaeAuthConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaeAuthConfigEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "A table containing the configuration objects for the
|
|
Authenticator PAE associated with each port. An entry
|
|
appears in this table for each PAE port that may
|
|
authenticate access to itself. This table contain
|
|
additional objects for the dot1xAuthConfigTable."
|
|
::= { cpaeMIBObject 10 }
|
|
|
|
|
|
cpaeAuthConfigEntry OBJECT-TYPE
|
|
SYNTAX CpaeAuthConfigEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "An entry containing additional management information
|
|
applicable to a particular Authenticator PAE."
|
|
::= { cpaeAuthConfigTable 1 }
|
|
|
|
cpaeAuthConfigEntry ::=
|
|
SEQUENCE {
|
|
cpaeAuthReAuthPeriodSrcAdmin ReAuthPeriodSource,
|
|
cpaeAuthReAuthPeriodSrcOper ReAuthPeriodSource,
|
|
cpaeAuthReAuthPeriodOper Unsigned32,
|
|
cpaeAuthTimeToNextReAuth Unsigned32,
|
|
cpaeAuthReAuthAction INTEGER,
|
|
cpaeAuthReAuthMax Unsigned32,
|
|
cpaeAuthIabEnabled TruthValue
|
|
}
|
|
|
|
cpaeAuthReAuthPeriodSrcAdmin OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
local(1),
|
|
server(2),
|
|
auto(3)
|
|
}
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Specifies the source of the reAuthPeriod constant to
|
|
be used by the Reauthentication Timer state machine."
|
|
::= { cpaeAuthConfigEntry 1 }
|
|
|
|
|
|
cpaeAuthReAuthPeriodSrcOper OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
local(1),
|
|
server(2),
|
|
auto(3)
|
|
}
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Indicates the source of the reAuthPeriod constant
|
|
currently in use by the Reauthentication Timer state
|
|
machine."
|
|
::= { cpaeAuthConfigEntry 2 }
|
|
|
|
|
|
cpaeAuthReAuthPeriodOper OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Indicates the operational reauthentication period
|
|
for this port."
|
|
::= { cpaeAuthConfigEntry 3 }
|
|
|
|
|
|
cpaeAuthTimeToNextReAuth OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Indicates the leftover time of the current session
|
|
for this port."
|
|
::= { cpaeAuthConfigEntry 4 }
|
|
|
|
|
|
cpaeAuthReAuthAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
terminate(1),
|
|
reAuth(2),
|
|
noReAuth(3)
|
|
}
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Indicates the reauthentication action for this port.
|
|
|
|
terminate: Session will be terminated, with the
|
|
corresponding Authenticator PAE state
|
|
machine transits to 'disconnected'.
|
|
|
|
reAuth : The port will be reauthenticated.
|
|
|
|
noReAuth : The port will not be reauthenticated."
|
|
::= { cpaeAuthConfigEntry 5 }
|
|
|
|
|
|
cpaeAuthReAuthMax OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The value of the reAuthMax constant currently in use
|
|
by the Authenticator PAE state machine."
|
|
::= { cpaeAuthConfigEntry 6 }
|
|
|
|
|
|
cpaeAuthIabEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Specifies whether the PAE port is declared as
|
|
Inaccessible Authentication Bypass (IAB). IAB ports
|
|
will be granted network access via the administrative
|
|
configured VLAN if it failed to connect to the
|
|
Authentication server. The only way to bring an IAB
|
|
port back to the Backend Authentication state machine
|
|
is through setting dot1xPaePortInitialize in the
|
|
corresponding entry in dot1xPaePortTable to 'true'.
|
|
|
|
802.1x reauthentication will be temporary disabled on
|
|
an authenticated IAB port if the connection to
|
|
the Authentication server is broken, and enable again
|
|
when the connection is resumed."
|
|
::= { cpaeAuthConfigEntry 7 }
|
|
|
|
|
|
cpaeHostInfoTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpaeHostInfoEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "A table containing 802.1x authentication information
|
|
for hosts connecting to PAE ports in the system."
|
|
::= { cpaeMIBObject 11 }
|
|
|
|
|
|
cpaeHostInfoEntry OBJECT-TYPE
|
|
SYNTAX CpaeHostInfoEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "An entry appears in the table for each 802.1x capable
|
|
host connecting to an PAE port, providing its
|
|
authentication information."
|
|
INDEX { dot1xPaePortNumber , cpaeHostInfoHostIndex }
|
|
|
|
::= { cpaeHostInfoTable 1 }
|
|
|
|
cpaeHostInfoEntry ::=
|
|
SEQUENCE {
|
|
cpaeHostInfoHostIndex Unsigned32,
|
|
cpaeHostInfoMacAddress MacAddress,
|
|
cpaeHostInfoPostureToken CnnEouPostureToken
|
|
}
|
|
|
|
cpaeHostInfoHostIndex OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "An arbitrary index assigned by the agent to identify
|
|
the host."
|
|
::= { cpaeHostInfoEntry 1 }
|
|
|
|
|
|
cpaeHostInfoMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Indicates the Mac Address of the host."
|
|
::= { cpaeHostInfoEntry 2 }
|
|
|
|
|
|
cpaeHostInfoPostureToken OBJECT-TYPE
|
|
SYNTAX CnnEouPostureToken
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Indicates the posture token assigned to the host."
|
|
::= { cpaeHostInfoEntry 3 }
|
|
|
|
|
|
cpaeMIBCompliances OBJECT IDENTIFIER ::= { cpaeMIBConformance 1 }
|
|
|
|
cpaeMIBGroups OBJECT IDENTIFIER ::= { cpaeMIBConformance 2 }
|
|
|
|
cpaeMultipleHostGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 1 }
|
|
|
|
cpaePortEntryGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 2 }
|
|
|
|
cpaeGuestVlanGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 3 }
|
|
|
|
cpaeGuestVlanGroup2 OBJECT IDENTIFIER ::= { cpaeMIBGroups 4 }
|
|
|
|
cpaeShutdownTimeoutGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 5 }
|
|
|
|
cpaeRadiusConfigGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 6 }
|
|
|
|
cpaeUserGroupGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 7 }
|
|
|
|
cpaeGuestVlanGroup3 OBJECT IDENTIFIER ::= { cpaeMIBGroups 8 }
|
|
|
|
cpaePortOperVlanGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 9 }
|
|
|
|
cpaePortAuthFailVlanGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 10 }
|
|
|
|
cpaeNoGuestVlanNotifEnableGrp OBJECT IDENTIFIER ::= { cpaeMIBGroups 11 }
|
|
|
|
cpaeNoAuthFailVlanNotifEnableGrp OBJECT IDENTIFIER ::= { cpaeMIBGroups 12 }
|
|
|
|
cpaeNoGuestVlanNotifGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 13 }
|
|
|
|
cpaeNoAuthFailVlanNotifGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 14 }
|
|
|
|
cpaeMacAuthBypassGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 15 }
|
|
|
|
cpaeWebAuthGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 16 }
|
|
|
|
cpaeAuthConfigGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 17 }
|
|
|
|
cpaeHostInfoGroup OBJECT IDENTIFIER ::= { cpaeMIBGroups 18 }
|
|
|
|
cpaeNoGuestVlanNotif TRAP-TYPE
|
|
ENTERPRISE ciscoPaeMIB
|
|
VARIABLES { dot1xAuthPaeState }
|
|
DESCRIPTION "A cpaeNoGuestVlanNotif is sent if a non-802.1x
|
|
supplicant is detected on a PAE port for which the
|
|
value of corresponding instance of
|
|
dot1xAuthAuthControlledPortControl is 'auto' and the
|
|
value of corresponding instance of cpaeGuestVlanNumber
|
|
is zero."
|
|
::= 1
|
|
|
|
|
|
cpaeNoAuthFailVlanNotif TRAP-TYPE
|
|
ENTERPRISE ciscoPaeMIB
|
|
VARIABLES { dot1xAuthPaeState }
|
|
DESCRIPTION "A cpaeNoAuthFailVlanNotif is sent if a 802.1x
|
|
supplicant fails to authenticate on a PAE port for
|
|
which the value of corresponding instance of
|
|
dot1xAuthAuthControlledPortControl is 'auto' and the
|
|
value of corresponding instance of cpaePortAuthFailVlan
|
|
is zero."
|
|
::= 2
|
|
|
|
|
|
END
|
|
|