ENTERASYS-MAC-AUTHENTICATION-MIB

File: ENTERASYS-MAC-AUTHENTICATION-MIB.mib (23209 bytes)

Imported modules

SNMPv2-SMI SNMPv2-TC SNMPv2-CONF
SNMP-FRAMEWORK-MIB IF-MIB P-BRIDGE-MIB
ENTERASYS-MIB-NAMES

Imported symbols

MODULE-IDENTITY OBJECT-TYPE Unsigned32
MacAddress TruthValue MODULE-COMPLIANCE
OBJECT-GROUP SnmpAdminString InterfaceIndex
EnabledStatus etsysModules

Defined Types

EtsysMACAuthenticationPortConfigEntry  
SEQUENCE    
  etsysMACAuthenticationPort InterfaceIndex
  etsysMACAuthenticationPortInitialize TruthValue
  etsysMACAuthenticationPortReauthenticate TruthValue
  etsysMACAuthenticationPortEnable EnabledStatus
  etsysMACAuthenticationPortQuietPeriod Unsigned32
  etsysMACAuthenticationPortReauthPeriod Unsigned32
  etsysMACAuthenticationPortReauthEnabled EnabledStatus
  etsysMACAuthenticationAuthenticationsAllowed Unsigned32
  etsysMACAuthenticationAuthenticationsAllocated Unsigned32
  etsysMACAuthenticationLastFailedAuthCause SnmpAdminString

EtsysMACAuthenticationMACConfigEntry  
SEQUENCE    
  etsysMACAuthenticationMACAddress MacAddress
  etsysMACAuthenticationSupplicantPort InterfaceIndex
  etsysMACAuthenticationMACInitialize TruthValue
  etsysMACAuthenticationMACReauthenticate TruthValue
  etsysMACAuthenticationMACReauthPeriod Unsigned32
  etsysMACAuthenticationMACReauthEnabled EnabledStatus

EtsysMACAuthenticationSessionEntry  
SEQUENCE    
  etsysMACAuthenticationSessionPort InterfaceIndex
  etsysMACAuthenticationDuration Unsigned32

Defined Values

etsysMACAuthenticationMIB 1.3.6.1.4.1.5624.1.2.25
This MIB module defines a portion of the SNMP enterprise MIBs under Enterasys Networks' enterprise OID pertaining to MAC-Authentication. This MIB was designed to be used for authentication using source MAC addresses received in traffic on ports under control of MAC-authentication. The security afforded by this approach is neither the primary concern nor intent of this MIB. Rather, this MIB provides a convenient method of associating policy with MAC addresses and applying that policy when the MAC address appears on a pre-approved port in the network. The term MAC-Authentication is used because an authentication backend mechanism is used to allow the MAC onto the network, as well as provide authorization information to the switch.
MODULE-IDENTITY    

etsysMACAuthenticationObjects 1.3.6.1.4.1.5624.1.2.25.1
OBJECT IDENTIFIER    

etsysMACAuthenticationSystem 1.3.6.1.4.1.5624.1.2.25.1.1
OBJECT IDENTIFIER    

etsysMACAuthenticationPortConfig 1.3.6.1.4.1.5624.1.2.25.1.2
OBJECT IDENTIFIER    

etsysMACAuthenticationMACConfig 1.3.6.1.4.1.5624.1.2.25.1.3
OBJECT IDENTIFIER    

etsysMACAuthenticationMACSession 1.3.6.1.4.1.5624.1.2.25.1.4
OBJECT IDENTIFIER    

etsysMACAuthenticationSystemEnable 1.3.6.1.4.1.5624.1.2.25.1.1.1
When enabled(1), all objects in this MIB are fully active. When disabled(2), this object overrides all other object settings in this MIB without affecting their values.
OBJECT-TYPE    
  EnabledStatus  

etsysMACAuthenticationMACUserPassword 1.3.6.1.4.1.5624.1.2.25.1.1.2
This is the string to be used as a password credential when authenticating a MAC address.
OBJECT-TYPE    
  SnmpAdminString  

etsysMACAuthenticationPortUserNameSignificantBits 1.3.6.1.4.1.5624.1.2.25.1.1.3
This object represents the number of significant bits in the MAC addresses to be used starting with the left-most bit of the vendor portion of the MAC address. The significant portion of the MAC address is sent as a user-name credential when the primary attempt to authenticate the full MAC address fails. Any other failure to authenticate the full address, (i.e. authentication server timeout) causes the the next attempt to start once again with a full MAC authentication.
OBJECT-TYPE    
  INTEGER 1..48  

etsysMACAuthenticationPortConfigTable 1.3.6.1.4.1.5624.1.2.25.1.2.1
A table containing configuration objects for each MAC authentication port. The configuration for each port in this table must be non-volatile.
OBJECT-TYPE    
  SEQUENCE OF  
    EtsysMACAuthenticationPortConfigEntry

etsysMACAuthenticationPortConfigEntry 1.3.6.1.4.1.5624.1.2.25.1.2.1.1
Each conceptual row provides control over all of the initial values used by each authenticated MAC on this port. Subsequent changes to rows in this table, except where noted, have no effect on existing MACs authenticated on this port.
OBJECT-TYPE    
  EtsysMACAuthenticationPortConfigEntry  

etsysMACAuthenticationPort 1.3.6.1.4.1.5624.1.2.25.1.2.1.1.1
This is the InterfaceIndex associated with this row.
OBJECT-TYPE    
  InterfaceIndex  

etsysMACAuthenticationPortInitialize 1.3.6.1.4.1.5624.1.2.25.1.2.1.1.2
When set to true(1), the MAC authentication logic on this port is initialized, forcibly ending all MAC authentication sessions currently in existence on this port. A set with the value false(2) has no affect and a read always returns false.
OBJECT-TYPE    
  TruthValue  

etsysMACAuthenticationPortReauthenticate 1.3.6.1.4.1.5624.1.2.25.1.2.1.1.3
When set to true(1), the MAC authentication entity on this port is required to immediately verify all currently authenticated MACs on this port. This requires that each MAC address be authenticated with the authentication server through the local authentication client or some other authentication mechanism. Each supplicant remains authenticated pending the outcome.
OBJECT-TYPE    
  TruthValue  

etsysMACAuthenticationPortEnable 1.3.6.1.4.1.5624.1.2.25.1.2.1.1.4
When set to enabled(1), a platform dependent triggering mechanism initiates an authentication exchange using a MAC address for authentication credentials. When disabled(2), authentication attempts are disabled and all currently authenticated MAC sessions or those in the process of authentication on this port are terminated.
OBJECT-TYPE    
  EnabledStatus  

etsysMACAuthenticationPortQuietPeriod 1.3.6.1.4.1.5624.1.2.25.1.2.1.1.5
The value, in seconds, following a failed authentication before another may be attempted on this port. This object allows network management to provide hysteresis for failed authentication requests from the same port.
OBJECT-TYPE    
  Unsigned32  

etsysMACAuthenticationPortReauthPeriod 1.3.6.1.4.1.5624.1.2.25.1.2.1.1.6
The value, in seconds, between attempts to re-authenticate any current MAC authenticated on this port.
OBJECT-TYPE    
  Unsigned32  

etsysMACAuthenticationPortReauthEnabled 1.3.6.1.4.1.5624.1.2.25.1.2.1.1.7
If enabled(1), then every etsysMACAuthenticationReauthPeriod the switch attempts to validate all currently authenticated MACs on this port. When set to disabled(2) all current re-authentications in progress are allowed to complete and the requisite actions are taken. When set to disabled(2), no further re-authentications are attempted.
OBJECT-TYPE    
  EnabledStatus  

etsysMACAuthenticationAuthenticationsAllowed 1.3.6.1.4.1.5624.1.2.25.1.2.1.1.8
The maximum number of concurrent authentications supported on this port on this module. The default value of this object is platform and resource dependent.
OBJECT-TYPE    
  Unsigned32  

etsysMACAuthenticationAuthenticationsAllocated 1.3.6.1.4.1.5624.1.2.25.1.2.1.1.9
The maximum number of MAC authentications permitted on this port on this module. This value must be non-zero and be less than or equal to the value of etsysMACAuthenticationAuthenticationsAllowed. Setting this object to a value less than the current number of authenticated MACs on this port prevents further authentications, but has no affect on the current sessions.
OBJECT-TYPE    
  Unsigned32  

etsysMACAuthenticationLastFailedAuthCause 1.3.6.1.4.1.5624.1.2.25.1.2.1.1.10
The string will be formatted with 'XX-XX-XX-XX-XX-XX: TIME&DATE: Textual failure reason'; where XX-XX-XX-XX-XX-XX is the MAC address and TIME&DATE is the time (hh/mm/ss) and date (mm/dd/yyyy) of the failure. It is also only best effort; as there could be multiple failures per port and the agent may query this at any random time.
OBJECT-TYPE    
  SnmpAdminString  

etsysMACAuthenticationMACConfigTable 1.3.6.1.4.1.5624.1.2.25.1.3.1
A table containing configuration objects for each MAC authenticated on a port. Each row in this table is created dynamically when a MAC authenticates on a port.
OBJECT-TYPE    
  SEQUENCE OF  
    EtsysMACAuthenticationMACConfigEntry

etsysMACAuthenticationMACConfigEntry 1.3.6.1.4.1.5624.1.2.25.1.3.1.1
Each conceptual row inherits it's initial information from the row in the etsysMACAuthenticationPortConfigTable corresponding to the correct port. Each row represents an authenticated MAC.
OBJECT-TYPE    
  EtsysMACAuthenticationMACConfigEntry  

etsysMACAuthenticationMACAddress 1.3.6.1.4.1.5624.1.2.25.1.3.1.1.1
This is the MAC address that was authenticated on this port.
OBJECT-TYPE    
  MacAddress  

etsysMACAuthenticationSupplicantPort 1.3.6.1.4.1.5624.1.2.25.1.3.1.1.2
This is the InterfaceIndex associated with this rows authenticated MAC.
OBJECT-TYPE    
  InterfaceIndex  

etsysMACAuthenticationMACInitialize 1.3.6.1.4.1.5624.1.2.25.1.3.1.1.3
When set to true(1), this MAC session terminates causing the corresponding row in this table and in the etsysMACAuthenticationSessionTable to be removed. Setting this object to false(2) has no effect on the system. Reads of this object always return false(2).
OBJECT-TYPE    
  TruthValue  

etsysMACAuthenticationMACReauthenticate 1.3.6.1.4.1.5624.1.2.25.1.3.1.1.4
When set to true(1), this MAC authentication session on this port is required to immediately verify it's credentials. This requires that each MAC address be authenticated with the authentication server through the local authentication client or some other authentication mechanism. Setting this object to false(2) has no effect on the system. Reads of this object always return false(2).
OBJECT-TYPE    
  TruthValue  

etsysMACAuthenticationMACReauthPeriod 1.3.6.1.4.1.5624.1.2.25.1.3.1.1.5
The value, in seconds, between attempts to re-authenticate the MAC associated with this row.
OBJECT-TYPE    
  Unsigned32  

etsysMACAuthenticationMACReauthEnabled 1.3.6.1.4.1.5624.1.2.25.1.3.1.1.6
If enabled(1), then every etsysMACAuthenticationReauthPeriod the switch attempts to validate all currently authenticated MACs on this port. If disabled(2), reauthentication is not attempted.
OBJECT-TYPE    
  EnabledStatus  

etsysMACAuthenticationSessionTable 1.3.6.1.4.1.5624.1.2.25.1.4.1
A table containing configuration objects for each MAC authentication on a port. The successful completion of an authentication causes the creation of a new row in this table. When a MAC becomes unauthenticated because of a link-down, a management change, or system re-initialization, then the corresponding row is removed from this table.
OBJECT-TYPE    
  SEQUENCE OF  
    EtsysMACAuthenticationSessionEntry

etsysMACAuthenticationSessionEntry 1.3.6.1.4.1.5624.1.2.25.1.4.1.1
Each conceptual row inherits it's initial information from the row in the etsysMACAuthenticationPortConfigTable corresponding to the correct port. Each row represents an authenticated MAC.
OBJECT-TYPE    
  EtsysMACAuthenticationSessionEntry  

etsysMACAuthenticationSessionPort 1.3.6.1.4.1.5624.1.2.25.1.4.1.1.1
This is the InterfaceIndex associated with the authenticated MACs session.
OBJECT-TYPE    
  InterfaceIndex  

etsysMACAuthenticationDuration 1.3.6.1.4.1.5624.1.2.25.1.4.1.1.2
The value, in seconds, which have elapsed since the start of this session.
OBJECT-TYPE    
  Unsigned32  

etsysMACAuthenticationConformance 1.3.6.1.4.1.5624.1.2.25.2
OBJECT IDENTIFIER    

etsysMACAuthenticationGroups 1.3.6.1.4.1.5624.1.2.25.2.1
OBJECT IDENTIFIER    

etsysMACAuthenticationCompliances 1.3.6.1.4.1.5624.1.2.25.2.2
OBJECT IDENTIFIER    

etsysMACAuthenticationSystemGroup 1.3.6.1.4.1.5624.1.2.25.2.1.1
Global object controlling this feature. Global objects that affect how the credentials are presented to the authentication server.
OBJECT-GROUP    

etsysMACAuthenticationPortConfigGroup 1.3.6.1.4.1.5624.1.2.25.2.1.2
Objects describing the MAC Authentication configuration for each port.
OBJECT-GROUP    

etsysMACAuthenticationMACConfigGroup 1.3.6.1.4.1.5624.1.2.25.2.1.3
Objects associated with an individual MACs authentication configuration.
OBJECT-GROUP    

etsysMACAuthenticationMACSessionGroup 1.3.6.1.4.1.5624.1.2.25.2.1.4
Objects associated with a MAC Session
OBJECT-GROUP    

etsysMACAuthenticationCompliance 1.3.6.1.4.1.5624.1.2.25.2.2.1
Write access is not required. If read-only is selected, then the default value must be 48. If this object is read-write, then the agent performs a two stage authentication where the it attempts to authenticate the masked MAC address if the full MAC address fails to authenticate.
MODULE-COMPLIANCE    
  etsysMACAuthenticationSystemEnable EnabledStatus
  etsysMACAuthenticationPortUserNameSignificantBits INTEGER 1..48