ENTERASYS-8021X-REKEYING-MIB

File: ENTERASYS-8021X-REKEYING-MIB.mib (11461 bytes)

Imported modules

SNMPv2-SMI SNMPv2-TC SNMPv2-CONF
IEEE8021-PAE-MIB ENTERASYS-MIB-NAMES

Imported symbols

MODULE-IDENTITY OBJECT-TYPE Unsigned32
TruthValue MODULE-COMPLIANCE OBJECT-GROUP
dot1xPaePortNumber etsysModules

Defined Types

EtsysDot1xRekeyConfigEntry  
SEQUENCE    
  etsysDot1xRekeyEnabled TruthValue
  etsysDot1xRekeyPeriod Unsigned32
  etsysDot1xRekeyLength INTEGER
  etsysDot1xRekeyAsymmetric TruthValue
  etsysDot1xRekeyPairwise TruthValue

Defined Values

etsys8021xRekeyingMIB 1.3.6.1.4.1.5624.1.2.17
This MIB module defines a portion of the SNMP enterprise MIBs under Enterasys Networks' enterprise OID pertaining to IEEE 802.1x authentication. This MIB is designed to supplement and be used in connection with the standard IEEE 802.1x MIB. It provides configuration controls for Enterasys Networks' rapid rekeying feature -- a feature that enhances wireless LAN security by changing the network's radio keys on a regular basis.
MODULE-IDENTITY    

etsysDot1xRekeyingObjects 1.3.6.1.4.1.5624.1.2.17.1
OBJECT IDENTIFIER    

etsysDot1xRekeyBaseBranch 1.3.6.1.4.1.5624.1.2.17.1.1
OBJECT IDENTIFIER    

etsysDot1xRekeyConfigTable 1.3.6.1.4.1.5624.1.2.17.1.1.1
A table that contains encryption-key-related configuration objects for ports on which Authenticator PAEs can run.
OBJECT-TYPE    
  SEQUENCE OF  
    EtsysDot1xRekeyConfigEntry

etsysDot1xRekeyConfigEntry 1.3.6.1.4.1.5624.1.2.17.1.1.1.1
Each conceptual row holds encryption key configuration information for the Authenticator PAEs associated with one port.
OBJECT-TYPE    
  EtsysDot1xRekeyConfigEntry  

etsysDot1xRekeyEnabled 1.3.6.1.4.1.5624.1.2.17.1.1.1.1.1
Determines how an access point selects radio encryption keys. If the selected port/Authenticator PAE does not support the EAPOL-Key feature (e.g., because radio keys are not applicable to Ethernet ports), this object's value will be FALSE and attempts to write TRUE will fail. Normally, if radio keys are present, the manager enters them into the access point through some manual process. The manager or the users may also need to configure the keys into each laptop (access points can distribute the keys automatically to 802.1x EAP-TLS clients). However laptops get keys, the keys remain static until somebody goes to the trouble of changing them. If the keys stay unchanged for long periods, this can make it easier for a determined attacker to launch a cryptographic attack. When rapid rekeying is enabled, an access point ignores its manually-set keys. It generates pseudo-random keys on a periodic basis, using IEEE 802.1x key distribution to deliver the keys to new and current clients. Do not enable rapid rekeying unless ALL of your clients support IEEE 802.1x and an authentication method (e.g., EAP-TLS) that supports key distribution. Before enabling rapid rekeying, make sure that you have set 'dot1xAuthKeyTxEnabled' to TRUE. Changing the keys without telling any of the clients about the changes is not a very useful mode of operation.
OBJECT-TYPE    
  TruthValue  

etsysDot1xRekeyPeriod 1.3.6.1.4.1.5624.1.2.17.1.1.1.1.2
When rapid rekeying (periodic changing of radio keys) is enabled, the value of this object determines the period, in seconds, between key changes.
OBJECT-TYPE    
  Unsigned32  

etsysDot1xRekeyLength 1.3.6.1.4.1.5624.1.2.17.1.1.1.1.3
Determines the number of bits/bytes used in the encryption keys. Currently supports either 128-bit (16-octet) encryption keys or 40-bit (5-octet) encryption keys.
OBJECT-TYPE    
  INTEGER keylen40(1), keylen128(2)  

etsysDot1xRekeyAsymmetric 1.3.6.1.4.1.5624.1.2.17.1.1.1.1.4
Determines the association between the supplicant and authenticator transmit keys. If true(1), the authenticator and supplicant will use different encryption keys in order to transmit data. If false(2), the authenticator and supplicant will use a single key pattern to encrypt the transmitted data.
OBJECT-TYPE    
  TruthValue  

etsysDot1xRekeyPairwise 1.3.6.1.4.1.5624.1.2.17.1.1.1.1.5
Determines whether Rapid Rekeying tumbles Pairwise keys (when it is enabled, and the radio card supports them). If true(1), it indicates that the access point should tumble both Pairwise and Group keys. If false(2), it indicates that the access point should tumble only Group keys.
OBJECT-TYPE    
  TruthValue  

etsysDot1xRekeyingConformance 1.3.6.1.4.1.5624.1.2.17.2
OBJECT IDENTIFIER    

etsysDot1xRekeyingGroups 1.3.6.1.4.1.5624.1.2.17.2.1
OBJECT IDENTIFIER    

etsysDot1xRekeyingCompliances 1.3.6.1.4.1.5624.1.2.17.2.2
OBJECT IDENTIFIER    

etsysDot1xRekeyingBaseGroup 1.3.6.1.4.1.5624.1.2.17.2.1.1
A collection of objects providing rekeying configuration information about a port on which Authenticator PAEs can run.
OBJECT-GROUP    

etsysDot1xRekeyingPairwiseGroup 1.3.6.1.4.1.5624.1.2.17.2.1.2
A collection of objects providing rekeying configuration information related to Pairwise keys.
OBJECT-GROUP    

etsysDot1xRekeyingCompliance 1.3.6.1.4.1.5624.1.2.17.2.2.1
Write access is not required.
MODULE-COMPLIANCE