IEEE8021X-PAE-MIB

File: IEEE8021X-PAE-MIB.mib (128587 bytes)

Imported modules

SNMPv2-SMI SNMPv2-TC SNMPv2-CONF
SNMP-FRAMEWORK-MIB IF-MIB IEEE8021-SECY-MIB

Imported symbols

MODULE-IDENTITY OBJECT-TYPE Gauge32
Counter32 Counter64 Unsigned32
Integer32 MacAddress TEXTUAL-CONVENTION
TruthValue RowPointer TimeStamp
TimeInterval RowStatus MODULE-COMPLIANCE
OBJECT-GROUP SnmpAdminString InterfaceIndex
SecySCI

Defined Types

Ieee8021XPaeCKN  
TEXTUAL-CONVENTION    
  current STRING Size(1..16)

Ieee8021XPaeCKNOrNull  
TEXTUAL-CONVENTION    
  current STRING Size(0..16)

Ieee8021XPaeKMD  
TEXTUAL-CONVENTION    
  current STRING Size(0..253)

Ieee8021XPaeNID  
TEXTUAL-CONVENTION    
  current STRING Size(1..100)

Ieee8021XPaeNIDOrNull  
TEXTUAL-CONVENTION    
  current STRING Size(0..100)

Ieee8021XMkaKeyServerPriority  
TEXTUAL-CONVENTION    
  current STRING Size(1)

Ieee8021XMkaMI  
TEXTUAL-CONVENTION    
  current STRING Size(12)

Ieee8021XMkaMN  
TEXTUAL-CONVENTION    
  current Unsigned32 1..2147483648

Ieee8021XMkaKN  
TEXTUAL-CONVENTION    
  current Unsigned32 1..2147483648

Ieee8021XPaeNIDCapabilites  
TEXTUAL-CONVENTION    
  current BITS eap(0), eapMka(1), eapMkaMacSec(2), mka(3), mkaMacSec(4), higherLayer(5), higherLayerFallback(6), vendorSpecific(7)

Ieee8021XPaeNIDAccessStatus  
TEXTUAL-CONVENTION    
  current INTEGER noAccess(0), remedialAccess(1), restrictedAccess(2), expectedAccess(3)

Ieee8021XPaeNIDUnauthenticatedStatus  
TEXTUAL-CONVENTION    
  current INTEGER noAccess(0), fallbackAccess(1), limitedAccess(2), openAccess(3)

Ieee8021XPaePortEntry  
SEQUENCE    
  ieee8021XPaePortNumber InterfaceIndex
  ieee8021XPaePortType INTEGER
  ieee8021XPaeControlledPortNumber InterfaceIndex
  ieee8021XPaeUncontrolledPortNumber InterfaceIndex
  ieee8021XPaeCommonPortNumber InterfaceIndex
  ieee8021XPaePortInitialize TruthValue
  ieee8021XPaePortCapabilities BITS
  ieee8021XPaePortVirtualPortsEnable TruthValue
  ieee8021XPaePortMaxVirtualPorts Unsigned32
  ieee8021XPaePortCurrentVirtualPorts Gauge32
  ieee8021XPaePortVirtualPortStart TruthValue
  ieee8021XPaePortVirtualPortPeerMAC MacAddress
  ieee8021XPaePortLogonEnable TruthValue
  ieee8021XPaePortAuthenticatorEnable TruthValue
  ieee8021XPaePortSupplicantEnable TruthValue
  ieee8021XPaePortKayMkaEnable TruthValue
  ieee8021XPaePortAnnouncerEnable TruthValue
  ieee8021XPaePortListenerEnable TruthValue

Ieee8021XPacPortEntry  
SEQUENCE    
  ieee8021XPacPortControlledPortNumber InterfaceIndex
  ieee8021XPacPortAdminPt2PtMAC INTEGER
  ieee8021XPacPortOperPt2PtMAC TruthValue

Ieee8021XPaePortLogonEntry  
SEQUENCE    
  ieee8021XPaePortLogonConnectStatus INTEGER
  ieee8021XPaePortPortValid TruthValue

Ieee8021XPaePortSessionEntry  
SEQUENCE    
  ieee8021XPaeSessionControlledPortNumber InterfaceIndex
  ieee8021XPaePortSessionOctetsRx Counter64
  ieee8021XPaePortSessionOctetsTx Counter64
  ieee8021XPaePortSessionPktsRx Counter64
  ieee8021XPaePortSessionPktsTx Counter64
  ieee8021XPaePortSessionId SnmpAdminString
  ieee8021XPaePortSessionStartTime TimeStamp
  ieee8021XPaePortSessionIntervalTime TimeInterval
  ieee8021XPaePortSessionTerminate INTEGER
  ieee8021XPaePortSessionUserName SnmpAdminString

Ieee8021XLogonNIDEntry  
SEQUENCE    
  ieee8021XLogonNIDConnectedNID Ieee8021XPaeNID
  ieee8021XLogonNIDRequestedNID Ieee8021XPaeNIDOrNull
  ieee8021XLogonNIDSelectedNID Ieee8021XPaeNIDOrNull

Ieee8021XAuthenticatorEntry  
SEQUENCE    
  ieee8021XAuthPaeAuthenticate TruthValue
  ieee8021XAuthPaeAuthenticated TruthValue
  ieee8021XAuthPaeFailed TruthValue
  ieee8021XAuthPaeReAuthEnabled TruthValue
  ieee8021XAuthPaeQuietPeriod Unsigned32
  ieee8021XAuthPaeReauthPeriod Unsigned32
  ieee8021XAuthPaeRetryMax Unsigned32
  ieee8021XAuthPaeRetryCount Gauge32

Ieee8021XSupplicantEntry  
SEQUENCE    
  ieee8021XSuppPaeAuthenticate TruthValue
  ieee8021XSuppPaeAuthenticated TruthValue
  ieee8021XSuppPaeFailed TruthValue
  ieee8021XSuppPaeHelloPeriod Unsigned32
  ieee8021XSuppPaeRetryMax Unsigned32
  ieee8021XSuppPaeRetryCount Gauge32

Ieee8021XEapolStatsEntry  
SEQUENCE    
  ieee8021XEapolInvalidFramesRx Counter32
  ieee8021XEapolEapLengthErrorFramesRx Counter32
  ieee8021XEapolAnnouncementFramesRx Counter32
  ieee8021XEapolAnnouncementReqFramesRx Counter32
  ieee8021XEapolPortUnavailableFramesRx Counter32
  ieee8021XEapolStartFramesRx Counter32
  ieee8021XEapolEapFramesRx Counter32
  ieee8021XEapolLogoffFramesRx Counter32
  ieee8021XEapolMkNoCknFramesRx Counter32
  ieee8021XEapolMkInvalidFramesRx Counter32
  ieee8021XEapolLastRxFrameVersion Unsigned32
  ieee8021XEapolLastRxFrameSource MacAddress
  ieee8021XEapolSuppEapFramesTx Counter32
  ieee8021XEapolLogoffFramesTx Counter32
  ieee8021XEapolAnnouncementFramesTx Counter32
  ieee8021XEapolAnnouncementReqFramesTx Counter32
  ieee8021XEapolStartFramesTx Counter32
  ieee8021XEapolAuthEapFramesTx Counter32
  ieee8021XEapolMkaFramesTx Counter32

Ieee8021XKayMkaEntry  
SEQUENCE    
  ieee8021XKayMkaActive TruthValue
  ieee8021XKayMkaAuthenticated TruthValue
  ieee8021XKayMkaSecured TruthValue
  ieee8021XKayMkaFailed TruthValue
  ieee8021XKayMkaActorSCI SecySCI
  ieee8021XKayMkaActorsPriority Ieee8021XMkaKeyServerPriority
  ieee8021XKayMkaKeyServerPriority Ieee8021XMkaKeyServerPriority
  ieee8021XKayMkaKeyServerSCI SecySCI
  ieee8021XKayAllowedJoinGroup TruthValue
  ieee8021XKayAllowedFormGroup TruthValue
  ieee8021XKayCreateNewGroup TruthValue
  ieee8021XKayMacSecCapability INTEGER
  ieee8021XKayMacSecDesired TruthValue
  ieee8021XKayMacSecProtect TruthValue
  ieee8021XKayMacSecReplayProtect TruthValue
  ieee8021XKayMacSecValidate TruthValue
  ieee8021XKayMacSecConfidentialityOffset Integer32
  ieee8021XKayMkaTxKN Ieee8021XMkaKN
  ieee8021XKayMkaTxAN RowPointer
  ieee8021XKayMkaRxKN Ieee8021XMkaKN
  ieee8021XKayMkaRxAN RowPointer

Ieee8021XKayMkaParticipantEntry  
SEQUENCE    
  ieee8021XKayMkaPartCKN Ieee8021XPaeCKN
  ieee8021XKayMkaPartKMD Ieee8021XPaeKMD
  ieee8021XKayMkaPartNID Ieee8021XPaeNID
  ieee8021XKayMkaPartCached TruthValue
  ieee8021XKayMkaPartActive TruthValue
  ieee8021XKayMkaPartRetain TruthValue
  ieee8021XKayMkaPartActivateControl INTEGER
  ieee8021XKayMkaPartPrincipal TruthValue
  ieee8021XKayMkaPartDistCKN Ieee8021XPaeCKNOrNull
  ieee8021XKayMkaPartRowStatus RowStatus

Ieee8021XKayMkaPeerListEntry  
SEQUENCE    
  ieee8021XKayMkaPeerListMI Ieee8021XMkaMI
  ieee8021XKayMkaPeerListMN Ieee8021XMkaMN
  ieee8021XKayMkaPeerListType INTEGER
  ieee8021XKayMkaPeerListSCI SecySCI

Ieee8021XNidConfigEntry  
SEQUENCE    
  ieee8021XNidNID Ieee8021XPaeNID
  ieee8021XNidUseEap INTEGER
  ieee8021XNidUnauthAllowed INTEGER
  ieee8021XNidUnsecuredAllowed INTEGER
  ieee8021XNidUnauthenticatedAccess Ieee8021XPaeNIDUnauthenticatedStatus
  ieee8021XNidAccessCapabilities Ieee8021XPaeNIDCapabilites
  ieee8021XNidKMD Ieee8021XPaeKMD
  ieee8021XNidRowStatus RowStatus

Ieee8021XAnnounceEntry  
SEQUENCE    
  ieee8021XAnnounceNID Ieee8021XPaeNID
  ieee8021XAnnounceAccessStatus Ieee8021XPaeNIDAccessStatus

Ieee8021XAnnouncementEntry  
SEQUENCE    
  ieee8021XAnnouncementNID Ieee8021XPaeNID
  ieee8021XAnnouncementKMD Ieee8021XPaeKMD
  ieee8021XAnnouncementSpecific TruthValue
  ieee8021XAnnouncementAccessStatus Ieee8021XPaeNIDAccessStatus
  ieee8021XAnnouncementAccessRequested TruthValue
  ieee8021XAnnouncementUnauthAccess Ieee8021XPaeNIDUnauthenticatedStatus
  ieee8021XAnnouncementCapabilities Ieee8021XPaeNIDCapabilites

Ieee8021XAnnouncementCipherSuitesEntry  
SEQUENCE    
  ieee8021XAnnouncementCipherSuite STRING
  ieee8021XAnnouncementCipherCapability Unsigned32

Defined Values

ieee8021XPaeMIB 1.3.111.2.802.1.1.15
The MIB module for managing the Port Access Entity (PAE) functions of IEEE 802.1X (Revision of 802.1X-2004). The PAE functions managed are summarized in Figure 12-3 of IEEE 802.1X and include EAPOL PACP support for authentication (EAP Supplicant and/or Authenticator), MACsec Key Agreement (MKA), EAPOL, and transmission and reception of network announcements. The following acronyms and definitions are used in this MIB. AN : Association Number, a number that is concatenated with a MACsec Secure Channel Identifier to identify a Secure Association (SA). Announcer : EAPOL-Announcement transmission functionality. Authenticator : An entity that facilitates authentication of other entities attached to the same LAN. CA : secure Connectivity Association: A security relationship, established and maintained by key agreement protocols, that comprises a fully connected subset of the service access points in stations attached to a single LAN that are to be supported by MACsec. CAK : secure Connectivity Association Key, a secret key possessed by members of a given CA. CKN : secure Connectivity Association Key Name (CKN), a text that identifies a CAK. Common Port : An instance of the MAC Internal Sublayer Service used by the SecY or PAC to provide transmission and reception of frames for both the Controlled and Uncontrolled Ports. Controlled Port : The access point used to provide the secure MAC Service to a client of a PAC or SecY. CP state machine : Controlled Port state machine is capable of controlling a SecY or a PAC. The CP supports interoperability with unauthenticated systems that are not port-based network access control capable, or that lack MKA. When the access controlled port is supported by a SecY, the CP is capable of controlling the SecY so as to provide unsecured connectivity to systems that implement a PAC. EAP : Extensible Authentication Protocol, RFC3748. EAPOL : EAP over LANs. KaY : Key Agreement Entity, a PAE entity responsible for MKA. Key Server : Elected by MKA, to transport a succession of SAKs, for use by MACsec, to the other member(s) of a CA. KMD : Key Management Domain, a string identifying systems that share cached CAKs. Listener : The role is to receive the network announcement parameters in the authentication process. Logon Process : The Logon Process is responsible for the managing the use of authentication credentials, for initiating use of the PAE's Supplicant and or Authenticator functionality, for deriving CAK, CKN tuples from PAE results, for maintaining PSKs (Pre-Sharing Keys), and for managing MKA instances. In the absence of successful authentication, key agreement, or support for MAC Security, the Logon Process determines whether the CP state machine should provide unauthenticated connectivity or authenticated but unsecured connectivity. MKA : MACsec Key Agreement protocol allows PAEs, each associated with a port that is an authenticated member of a secure connectivity association (CA) or a potential CA, to discover other PAEs attached to the same LAN, to confirm mutual possession of a CAK and hence to prove a past mutual authentication, to agree the secret keys (SAKs) used by MACsec for symmetric shared key cryptography, and to ensure that the data protected by MACsec has not been delayed. MKPDU : MACsec Key Agreement Protocol Data Unit. MPDU : MAC Protocol Data Unit. NID : Network Identity, a UTF-8 string identifying an network or network service. PAE : Port Access Entity, the protocol entity associated with a Port. It can support the protocol functionality associated with the Authenticator, the Supplicant, or both. PAC : Port Access Controller, a protocol-less shim that provides control over frame transmission and reception by clients attached to its Controlled Port, and uses the MAC Service provided by a Common Port. The access control decision is made by the PAE, typically taking into account the success or failure of mutual authentication and authorization of the PAE's peer(s), and is communicated by the PAE using the LMI to set the PAC's Controlled Port enabled/disable. Two different interfaces 'Controlled Port' and 'Uncontrolled Port', are associated with a PAC, and that for each instance of a PAC, two ifTable rows (one for each interface) run on top of an ifTable row representing the 'Common Port' interface, such as a row with ifType = 'ethernetCsmacd(6)'. For example : ----------------------------------------------------------- | | | | Controlled Port | Uncontrolled Port | | Interface | Interface | | (ifEntry = j) | (ifEntry = k) | | (ifType = | (ifType = | | macSecControlledIF(231)) | macSecUncontrolledIF(232))| | | | |---------------------------------------------------------| | | | Physical Interface | | (ifEntry = i) | | (ifType = ethernetCsmacd(6)) | |_________________________________________________________| i, j, k are ifIndex to indicate an interface stack in the ifTable. Figure : PAC Interface Stack The 'Controlled Port' is the service point to provide one instance of the secure MAC service in a PAC. The 'Uncontrolled Port' is the service point to provide one instance of the insecure MAC service in a PAC. PACP : Port Access Controller Protocol. Port Identifier : A 16-bit number that is unique within the scope of the address of the port. Real Port : Indicates the PAE is for a real port. A port that is not created on demand by the mechanisms specified in this standard, but that can transmit and receive frames for one or more virtual ports. SC : Secure Channel, a security relationship used to provide security guarantees for frames transmitted from one member of a CA to the others. An SC is supported by a sequence of SAs thus allowing the periodic use of fresh keys without terminating the relationship. SA : Secure Association, a security relationship that provides security guarantees for frames transmitted from one member of a CA to the others. Each SA is supported by a single secret key, or a single set of keys where the cryptographic operations used to protect one frame require more than one key. SAK : Secure Association key, the secret key used by an SA. SCI : Secure Channel Identifier, a globally unique identifier for a secure channel, comprising a globally unique MAC Address and a Port Identifier, unique within the system allocated that address. secured connectivity : Data transfer between two or 'Controlled Ports' that is protected by MACsec. SecY : MAC Security Entity, the entity that operates the MAC Security protocol within a system. Supplicant : An entity at one end of a point-to-point LAN segment that seeks to be authenticated by an Authenticator attached to the other end of that link. Uncontrolled Port : The access point used to provide the insecure MAC Service to a client of a SecY or PAC. Virtual Port : Indicates the PAE is for a virtual port. A MAC Service or Internal Sublayer service access point that is created on demand. Virtual ports can be used to provide separate secure connectivity associations over the same LAN.
MODULE-IDENTITY    

ieee8021XPaeMIBNotifications 1.3.111.2.802.1.1.15.0
OBJECT IDENTIFIER    

ieee8021XPaeMIBObjects 1.3.111.2.802.1.1.15.1
OBJECT IDENTIFIER    

ieee8021XPaeMIBConformance 1.3.111.2.802.1.1.15.2
OBJECT IDENTIFIER    

ieee8021XPaeSystem 1.3.111.2.802.1.1.15.1.1
OBJECT IDENTIFIER    

ieee8021XPaeLogon 1.3.111.2.802.1.1.15.1.2
OBJECT IDENTIFIER    

ieee8021XPaeAuthenticator 1.3.111.2.802.1.1.15.1.3
OBJECT IDENTIFIER    

ieee8021XPaeSupplicant 1.3.111.2.802.1.1.15.1.4
OBJECT IDENTIFIER    

ieee8021XPaeEapol 1.3.111.2.802.1.1.15.1.5
OBJECT IDENTIFIER    

ieee8021XPaeKaY 1.3.111.2.802.1.1.15.1.6
OBJECT IDENTIFIER    

ieee8021XPaeNetworkIdentifier 1.3.111.2.802.1.1.15.1.7
OBJECT IDENTIFIER    

ieee8021XPaeSysAccessControl 1.3.111.2.802.1.1.15.1.1.1
This object enables or disables port-based network access control for all the system's ports. Setting this control object to 'false' causes the following actions : . Deletes any virtual ports previously instantiated. . Terminates authentication exchanges and MKA instances' operation. . Each real port PAE behaves as if no virtual ports created. . All the PAEs' Supplicant, Authenticator, and KaY are disabled. . Logon Process(es) behave as if the object ieee8021XNidUnauthAllowed was 'immediate'. . Announcements can be transmitted, both periodically and in response to announcement requests (conveyed by EAPOL-Starts or EAPOL-Announcement-Reqs) but are sent with a single NULL NID. . Objects announcementAccessStatus and announceAccessStatus have the 'noAccess' value, announcementAccessRequested is 'false', object announcementUnauthAccess has the 'openAccess' value. The control variable settings for each real port PAE in the ieee8021XPaePortTable are unaffected, and will be used once the object is set to 'true'. This configured value for this object shall be stored in persistent memory and remain unchanged across a re-initialization of the management system of the entity.
OBJECT-TYPE    
  TruthValue  

ieee8021XPaeSysAnnouncements 1.3.111.2.802.1.1.15.1.1.2
Setting this control object to 'false' causes each PAE in this system to behave as if the PAE's Announcement functionality is disabled. The independent controls for each PAE apply if this object is 'true'. This configured value for this object shall be stored in persistent memory and remain unchanged across a re-initialization of the management system of the entity.
OBJECT-TYPE    
  TruthValue  

ieee8021XPaeSysEapolVersion 1.3.111.2.802.1.1.15.1.1.3
The EAPOL protocol version for this system.
OBJECT-TYPE    
  Unsigned32  

ieee8021XPaeSysMkaVersion 1.3.111.2.802.1.1.15.1.1.4
The MKA protocol version for this system.
OBJECT-TYPE    
  Unsigned32  

ieee8021XPaePortTable 1.3.111.2.802.1.1.15.1.1.5
A table of system level information for each port supported by the Port Access Entity. An entry appears in this table for each port of this system. For the writeable objects in this table, the configured value shall be stored in persistent memory and remain unchanged across a re-initialization of the management system of the entity.
OBJECT-TYPE    
  SEQUENCE OF  
    Ieee8021XPaePortEntry

ieee8021XPaePortEntry 1.3.111.2.802.1.1.15.1.1.5.1
The Port number, protocol version, and initialization control for a Port. If the PAE has been dynamically instantiated to support an existing or potential virtual port, the Uncontrolled Port interface and Controlled Port interface are allocated by the real port's PAE.
OBJECT-TYPE    
  Ieee8021XPaePortEntry  

ieee8021XPaePortNumber 1.3.111.2.802.1.1.15.1.1.5.1.1
An interface index indicates the port number associated with this port. Each PAE is uniquely identified by a port number. The port number used is unique amongst all port numbers for the system, and directly or indirectly identifies the Uncontrolled Port that supports the PAE. If the PAE indicates a real port, ieee8021XPaePortType object in the same row is 'realPort', the port number shall be the same as the ieee8021XPaeCommonPortNumber object in the same row for the associated PAC or SecY. If the PAE indicates a virtual port, ieee8021XPaePortType object in the same row is 'virtualPort', this port number should be the same as the uncontrolledPortNumber object in the same row for the associated PAC or SecY.
OBJECT-TYPE    
  InterfaceIndex  

ieee8021XPaePortType 1.3.111.2.802.1.1.15.1.1.5.1.2
The port type of the PAE. realPort(1) : indicates the PAE is for a real port. virtualPort(2) : indicates the PAE is for a virtual port.
OBJECT-TYPE    
  INTEGER realPort(1), virtualPort(2)  

ieee8021XPaeControlledPortNumber 1.3.111.2.802.1.1.15.1.1.5.1.3
An interface index indicates the port number associated with PAC or SecY's Controlled Port.
OBJECT-TYPE    
  InterfaceIndex  

ieee8021XPaeUncontrolledPortNumber 1.3.111.2.802.1.1.15.1.1.5.1.4
An interface index indicates the port number associated with PAC or SecY's Uncontrolled Port. If the PAE supports a real port, this port number can be the same as the ieee8021XPaeCommonPortNumber object in the same row, otherwise it shall not be the same.
OBJECT-TYPE    
  InterfaceIndex  

ieee8021XPaeCommonPortNumber 1.3.111.2.802.1.1.15.1.1.5.1.5
An interface index indicates the port number associated with PAC or SecY's 'Common Port'. All the virtual ports created for a given real port share the same 'Common Port' and ieee8021XPaeCommonPortNumber in the same row.
OBJECT-TYPE    
  InterfaceIndex  

ieee8021XPaePortInitialize 1.3.111.2.802.1.1.15.1.1.5.1.6
The initialization control for this Port. Setting this object 'true' causes the Port to be reinitialized, terminating (and potentially restarting) authentication exchanges and MKA operation. If the port is a real port, any virtual ports previously instantiated are deleted. Virtual ports can be reinstantiated through normal protocol operation. The object value reverts to 'false' once initialization has completed.
OBJECT-TYPE    
  TruthValue  

ieee8021XPaePortCapabilities 1.3.111.2.802.1.1.15.1.1.5.1.7
The capabilities of this PAE port. 'suppImplemented' : A PACP EAP supplicant functions are implemented in this PAE if this bit is on. 'authImplemented' : A PACP EAP authenticator functions are implemented in this PAE if this bit is on. 'mkaImplemented' : The KaY MKA functions are implemented in this PAE if this bit is on. 'macsecImplemented' : The MACsec functions in the Controlled Port are implemented in this PAE if this bit is on. 'announcementsImplemented' : The EAPOL announcement can be sent in this PAE if this bit is on. 'listenerImplemented' : This PAE can receive EAPOL announcement if this bit is on. 'virtualPortsImplemented' : Virtual Port functions are implemented in this PAE if this bit is on.
OBJECT-TYPE    
  BITS suppImplemented(0), authImplemented(1), mkaImplemented(2), macsecImplemented(3), announcementsImplemented(4), listenerImplemented(5), virtualPortsImplemented(6)  

ieee8021XPaePortVirtualPortsEnable 1.3.111.2.802.1.1.15.1.1.5.1.8
Enable or disable to Virtual Ports function for this Real Port PAE, the object ieee8021XPaePortType in the same row has the value 'realPort'. If this PAE is not a Real Port, this object should be read only and returns 'false'. This object will be read only and returns 'false' if the value of the object ieee8021XPaePortCapabilities in the same row has the bit 'virtualPortsImplemented' off.
OBJECT-TYPE    
  TruthValue  

ieee8021XPaePortMaxVirtualPorts 1.3.111.2.802.1.1.15.1.1.5.1.9
The maximum number of virtual ports can be supported in this port.
OBJECT-TYPE    
  Unsigned32  

ieee8021XPaePortCurrentVirtualPorts 1.3.111.2.802.1.1.15.1.1.5.1.10
The current number of virtual ports is running in this port.
OBJECT-TYPE    
  Gauge32  

ieee8021XPaePortVirtualPortStart 1.3.111.2.802.1.1.15.1.1.5.1.11
This object will be 'true' if the virtual port is created by receipt of an EAPOL-Start packet.
OBJECT-TYPE    
  TruthValue  

ieee8021XPaePortVirtualPortPeerMAC 1.3.111.2.802.1.1.15.1.1.5.1.12
The source MAC address of the received EAPOL-Start if ieee8021XPaePortVirtualPortStart is set 'true'. If ieee8021XPaePortVirtualPortStart is not 'true' in the same row, the value of this object should be 00-00-00-00-00-00.
OBJECT-TYPE    
  MacAddress  

ieee8021XPaePortLogonEnable 1.3.111.2.802.1.1.15.1.1.5.1.13
Enable or disable to transmit network announcement information.
OBJECT-TYPE    
  TruthValue  

ieee8021XPaePortAuthenticatorEnable 1.3.111.2.802.1.1.15.1.1.5.1.14
Enable or disable to the Authenticator function in this PAE. This object will be read only and returns 'false' if the value of the object ieee8021XPaePortCapabilities in the same row has the bit 'authImplemented' Off.
OBJECT-TYPE    
  TruthValue  

ieee8021XPaePortSupplicantEnable 1.3.111.2.802.1.1.15.1.1.5.1.15
Enable or disable to the Supplicant function in this PAE. This object will be read only and returns 'false' if the value of the object ieee8021XPaePortCapabilities in the same row has the bit 'suppImplemented' off.
OBJECT-TYPE    
  TruthValue  

ieee8021XPaePortKayMkaEnable 1.3.111.2.802.1.1.15.1.1.5.1.16
Enable or disable the MKA protocol function in this PAE. This object will be read only and returns 'false' if the value of the object ieee8021XPaePortCapabilities in the same row has the bit 'mkaImplemented' off.
OBJECT-TYPE    
  TruthValue  

ieee8021XPaePortAnnouncerEnable 1.3.111.2.802.1.1.15.1.1.5.1.17
Enable or disable the network Announcer function in this PAE. This object will be read only and returns 'false' if the value of the object ieee8021XPaePortCapabilities in the same row has the bit 'announcementsImplemented' off.
OBJECT-TYPE    
  TruthValue  

ieee8021XPaePortListenerEnable 1.3.111.2.802.1.1.15.1.1.5.1.18
Enable or disable the network Listener function in this PAE. This object will be read only and returns 'false' if the value of the object ieee8021XPaePortCapabilities in the same row has the bit 'listenerImplemented' off.
OBJECT-TYPE    
  TruthValue  

ieee8021XPacPortTable 1.3.111.2.802.1.1.15.1.1.6
A table of system level information for each interface supported by PAC. This table will be instantiated if the value of the object ieee8021XPaePortCapabilities in the corresponding entry of the ieee8021XPaePortTable has the bit 'macsecImplemented' off. For the writeable objects in this table, the configured value shall be stored in persistent memory and remain unchanged across a re-initialization of the management system of the entity.
OBJECT-TYPE    
  SEQUENCE OF  
    Ieee8021XPacPortEntry

ieee8021XPacPortEntry 1.3.111.2.802.1.1.15.1.1.6.1
An entry containing PAC management information applicable to a particular interface.
OBJECT-TYPE    
  Ieee8021XPacPortEntry  

ieee8021XPacPortControlledPortNumber 1.3.111.2.802.1.1.15.1.1.6.1.1
The index to identify the 'Controlled Port' interface for a PAC.
OBJECT-TYPE    
  InterfaceIndex  

ieee8021XPacPortAdminPt2PtMAC 1.3.111.2.802.1.1.15.1.1.6.1.2
An object to control the service connectivity to at most one other system. The ieee8021XPacPortOperPt2PtMAC indicates operational status of the service connectivity for this PAC. 'forceTrue' : allows only one service connection to the other system. 'forceFalse' : no restriction on the number of service connections to the other systems. 'auto' : means the service connectivity is determined by the service providing entity.
OBJECT-TYPE    
  INTEGER forceTrue(1), forceFalse(2), auto(3)  

ieee8021XPacPortOperPt2PtMAC 1.3.111.2.802.1.1.15.1.1.6.1.3
An object to reflect the current service connectivity status. 'true' : means the service connectivity of this PAC Controlled Port provides at most one other system. 'false' : means the service connectivity of this PAC could provide more than one other system.
OBJECT-TYPE    
  TruthValue  

ieee8021XPaePortLogonTable 1.3.111.2.802.1.1.15.1.2.1
A table of system level information for each port to support the Logon Process(es) status information. This table will be instantiated if the object ieee8021XPaePortLogonEnable in the corresponding entry of the ieee8021XPaePortTable is 'true'.
OBJECT-TYPE    
  SEQUENCE OF  
    Ieee8021XPaePortLogonEntry

ieee8021XPaePortLogonEntry 1.3.111.2.802.1.1.15.1.2.1.1
An entry contains Logon Process status information for the PAE.
OBJECT-TYPE    
  Ieee8021XPaePortLogonEntry  

ieee8021XPaePortLogonConnectStatus 1.3.111.2.802.1.1.15.1.2.1.1.1
The Logon Process sets this variable to one of the following values, to indicate to the CP state machine if, and how, connectivity is to be provided through the Controlled Port : 'pending' : Prevent connectivity by disabling the Controlled Port of this PAE. 'unauthenticated' : Provide unsecured connectivity, enabling the Controlled Port of this PAE. 'authenticated' : Provide unsecured connectivity but with authentication, enabling Controlled Port of this PAE. 'secure' : Provide secure connectivity, using SAKs provided by the KaY (when available) and enabling Controlled Port when those keys are installed and in use.
OBJECT-TYPE    
  INTEGER pending(1), unauthenticated(2), authenticated(3), secure(4)  

ieee8021XPaePortPortValid 1.3.111.2.802.1.1.15.1.2.1.1.2
This object will be set 'true' if Controlled Port communication is secured as specified by the MACsec.
OBJECT-TYPE    
  TruthValue  

ieee8021XPaePortSessionTable 1.3.111.2.802.1.1.15.1.2.2
A table of system level information for each port to support Logon Process(es) session information. This table maintains session statistics for its associated Controlled Port, suitable for communication to a RADIUS or other AAA server at the end of a session for accounting purpose. This table will be instantiated if the object ieee8021XPaePortLogonEnable in the corresponding entry of the ieee8021XPaePortTable is 'true'.
OBJECT-TYPE    
  SEQUENCE OF  
    Ieee8021XPaePortSessionEntry

ieee8021XPaePortSessionEntry 1.3.111.2.802.1.1.15.1.2.2.1
An entry contains Logon Process session information for the PAE. A session, an entry, begins when the operation of Controlled Port becomes 'true' and ends when it becomes 'false'. The counts of frames and octets can be derived from those maintained to support from Interface MIB counters for the SecY's or the PAC's Controlled Port, but differs in that the counts are zeroed when the session begins.
OBJECT-TYPE    
  Ieee8021XPaePortSessionEntry  

ieee8021XPaeSessionControlledPortNumber 1.3.111.2.802.1.1.15.1.2.2.1.1
The index to identify the 'Controlled Port' interface's session information for a PAE.
OBJECT-TYPE    
  InterfaceIndex  

ieee8021XPaePortSessionOctetsRx 1.3.111.2.802.1.1.15.1.2.2.1.2
The number of octets received in this session of this PAE. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ieee8021XPaePortSessionStartTime.
OBJECT-TYPE    
  Counter64  

ieee8021XPaePortSessionOctetsTx 1.3.111.2.802.1.1.15.1.2.2.1.3
The number of octets transmitted in this session of this PAE. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ieee8021XPaePortSessionStartTime.
OBJECT-TYPE    
  Counter64  

ieee8021XPaePortSessionPktsRx 1.3.111.2.802.1.1.15.1.2.2.1.4
The number of packets received in this session of this PAE. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ieee8021XPaePortSessionStartTime.
OBJECT-TYPE    
  Counter64  

ieee8021XPaePortSessionPktsTx 1.3.111.2.802.1.1.15.1.2.2.1.5
The number of packets transmitted in this session of this PAE. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ieee8021XPaePortSessionStartTime.
OBJECT-TYPE    
  Counter64  

ieee8021XPaePortSessionId 1.3.111.2.802.1.1.15.1.2.2.1.6
The session identifier for this session of the PAE. A UTF-8 string, uniquely identifying the session within the context of the PAE's system.
OBJECT-TYPE    
  SnmpAdminString Size(3..253)  

ieee8021XPaePortSessionStartTime 1.3.111.2.802.1.1.15.1.2.2.1.7
The starting time of this session.
OBJECT-TYPE    
  TimeStamp  

ieee8021XPaePortSessionIntervalTime 1.3.111.2.802.1.1.15.1.2.2.1.8
The duration time of the session has been last.
OBJECT-TYPE    
  TimeInterval  

ieee8021XPaePortSessionTerminate 1.3.111.2.802.1.1.15.1.2.2.1.9
The reason for the session termination, one of the following : 'macOperFailed' : 'Common Port' for this PAE is not operational. 'sysAccessDisableOrPortInit' : The ieee8021XPaeSysAccessControl object is set to 'false' or initialization process of this PAE is invoked. 'receiveEapolLogOff' : The PAE has received EAPOL-Logoff frame. 'eapReauthFailure' : EAP reauthentication has failed. 'mkaFailure' : MKA failure or other MKA termination. 'newSessionBegin' : New session beginning. 'notTerminateYet' : Not Terminated Yet.
OBJECT-TYPE    
  INTEGER macOperFailed(1), sysAccessDisableOrPortInit(2), receiveEapolLogOff(3), eapReauthFailure(4), mkaFailure(5), newSessionBegin(6), notTerminateYet(7)  

ieee8021XPaePortSessionUserName 1.3.111.2.802.1.1.15.1.2.2.1.10
The session user name for this session in the PAE. A UTF-8 string, representing the identity of the peer Supplicant. If no such information, zero length string will return.
OBJECT-TYPE    
  SnmpAdminString Size(0..253)  

ieee8021XLogonNIDTable 1.3.111.2.802.1.1.15.1.2.3
The Logon Process may use Network Identities (NIDs) to manage its use of authentication credentials, cached CAKs, and announcements. This table provides the NID information for Logon Process. For the writeable objects in this table, the configured value shall be stored in persistent memory and remain unchanged across a re-initialization of the management system of the entity.
OBJECT-TYPE    
  SEQUENCE OF  
    Ieee8021XLogonNIDEntry

ieee8021XLogonNIDEntry 1.3.111.2.802.1.1.15.1.2.3.1
An entry provides the NID information for a Logon Process.
OBJECT-TYPE    
  Ieee8021XLogonNIDEntry  

ieee8021XLogonNIDConnectedNID 1.3.111.2.802.1.1.15.1.2.3.1.1
The NID associated with the current connectivity (possibly unauthenticated) provided by the operation of the CP state machine. This object can differ from both the ieee8021XLogonNIDSelectedNID and the ieee8021XLogonNIDRequestedNID objects in the same row if authenticated connectivity (either secure or unsecured) has already been established, and EAP authentication and MKA operation for both of the latter have not met the necessary conditions (as specified by the control variables unauthAllowed and unsecureAllowed).
OBJECT-TYPE    
  Ieee8021XPaeNID  

ieee8021XLogonNIDRequestedNID 1.3.111.2.802.1.1.15.1.2.3.1.2
The NID marked as access requested in announcements, as determined from EAPOL-Start frames. The default of this object is as the configured value of object ieee8021XLogonNIDSelectedNID. This object information provides context for the PAE's EAP Authenticator. If no EAPOL-Start frame has been received since the PAE's 'Common Port' became operational, or the last EAPOL-Start frame received for the port did not contain a requested NID, the object will take on the value of the object ieee8021XLogonNIDSelectedNID in the same row.
OBJECT-TYPE    
  Ieee8021XPaeNIDOrNull  

ieee8021XLogonNIDSelectedNID 1.3.111.2.802.1.1.15.1.2.3.1.3
The NID currently configured for use by an access 'Controlled Port' when transmitting EAPOL-Start frames. The default of this object is empty string. This object may be either explicitly configured by management or determined by the PAE using NID selection algorithms. If no authentication is in progress, and the current connectivity is terminated and then starts again, ieee8021XLogonNIDConnectedNID will take on the value of ieee8021XLogonNIDRequestedNID (though a PAE NID's election algorithm, if used, can subsequently select another NID).
OBJECT-TYPE    
  Ieee8021XPaeNIDOrNull  

ieee8021XAuthenticatorTable 1.3.111.2.802.1.1.15.1.3.1
A table that contains the configuration objects for the Authenticator PAE associated with each port. This table will be instantiated if the object ieee8021XPaePortAuthenticatorEnable in the corresponding entry of the ieee8021XPaePortTable is 'true'. For the writeable objects in this table, the configured value shall be stored in persistent memory and remain unchanged across a re-initialization of the management system of the entity.
OBJECT-TYPE    
  SEQUENCE OF  
    Ieee8021XAuthenticatorEntry

ieee8021XAuthenticatorEntry 1.3.111.2.802.1.1.15.1.3.1.1
An entry that contains the Authenticator configuration objects for the PAE.
OBJECT-TYPE    
  Ieee8021XAuthenticatorEntry  

ieee8021XAuthPaeAuthenticate 1.3.111.2.802.1.1.15.1.3.1.1.1
This object will be set 'true' by the PAE authenticator to request authentication, and if this object is 'true', reauthentication is allowed. This object will be 'false' while the PAE authenticator revokes authentication.
OBJECT-TYPE    
  TruthValue  

ieee8021XAuthPaeAuthenticated 1.3.111.2.802.1.1.15.1.3.1.1.2
This object will be set 'true' by PACP if the PAE authenticator currently authenticated, and 'false' if the authentication fails or is revoked.
OBJECT-TYPE    
  TruthValue  

ieee8021XAuthPaeFailed 1.3.111.2.802.1.1.15.1.3.1.1.3
This object will be set 'true' by PACP if the authentication has failed or has been terminated. The cause could be a failure returned by EAP, either immediately or following a reauthentication, an excessive number of attempts to authenticate (either immediately or upon reauthentication), or the authenticator deasserting authenticate, the object authPaeAuthenticate in the same row is 'false'. The PACP will set the object authPaeAuthenticated false as well as setting the object 'true'.
OBJECT-TYPE    
  TruthValue  

ieee8021XAuthPaeReAuthEnabled 1.3.111.2.802.1.1.15.1.3.1.1.4
This object is set 'true' if PACP should initiate reauthentication periodically, 'false' otherwise . Reading this object always returns 'false'.
OBJECT-TYPE    
  TruthValue  

ieee8021XAuthPaeQuietPeriod 1.3.111.2.802.1.1.15.1.3.1.1.5
This object indicates a waiting period after a failed authentication attempt, before another attempt is permitted.
OBJECT-TYPE    
  Unsigned32 0..65535  

ieee8021XAuthPaeReauthPeriod 1.3.111.2.802.1.1.15.1.3.1.1.6
This object indicates the time period of the reauthentication to the supplicant.
OBJECT-TYPE    
  Unsigned32 0..65535  

ieee8021XAuthPaeRetryMax 1.3.111.2.802.1.1.15.1.3.1.1.7
The maximum number of authentication attempts before failure is reported to the Logon Process, and the authPaeQuietPeriod timer imposed before further attempts are permitted.
OBJECT-TYPE    
  Unsigned32  

ieee8021XAuthPaeRetryCount 1.3.111.2.802.1.1.15.1.3.1.1.8
The count of the number of authentication attempts.
OBJECT-TYPE    
  Gauge32  

ieee8021XSupplicantTable 1.3.111.2.802.1.1.15.1.4.1
A table that contains the configuration objects for the Supplicant PAE associated with each port. For the writeable objects in this table, the configured value shall be stored in persistent memory and remain unchanged across a re-initialization of the management system of the entity.
OBJECT-TYPE    
  SEQUENCE OF  
    Ieee8021XSupplicantEntry

ieee8021XSupplicantEntry 1.3.111.2.802.1.1.15.1.4.1.1
The configuration information for an Supplicant PAE.
OBJECT-TYPE    
  Ieee8021XSupplicantEntry  

ieee8021XSuppPaeAuthenticate 1.3.111.2.802.1.1.15.1.4.1.1.1
This object will be set 'true' by the PAE supplicant to request authentication, and if this object is 'true', reauthentication is allowed. This object will be 'false' while the PAE supplicant revokes authentication.
OBJECT-TYPE    
  TruthValue  

ieee8021XSuppPaeAuthenticated 1.3.111.2.802.1.1.15.1.4.1.1.2
This object will be set 'true' by PACP if the PAE supplicant currently authenticated, and 'false' if the authentication fails or is revoked.
OBJECT-TYPE    
  TruthValue  

ieee8021XSuppPaeFailed 1.3.111.2.802.1.1.15.1.4.1.1.3
This object will be set 'true' by PACP if the authentication has failed or has been terminated. The cause could be a failure returned by EAP, either immediately or following a reauthentication, an excessive number of attempts to authenticate (either immediately or upon reauthentication), or the supplicant deasserting authenticate, the object ieee8021XSuppPaeAuthenticate in the same row is 'false'. The PACP will set the object ieee8021XSuppPaeAuthenticated false as well as setting the object 'true'.
OBJECT-TYPE    
  TruthValue  

ieee8021XSuppPaeHelloPeriod 1.3.111.2.802.1.1.15.1.4.1.1.4
This object indicated a waiting time period after a failed authentication attempt, before another attempt is permitted.
OBJECT-TYPE    
  Unsigned32 0..65535  

ieee8021XSuppPaeRetryMax 1.3.111.2.802.1.1.15.1.4.1.1.5
The maximum number of authentication attempts before failure is reported to the Logon Process, and the ieee8021XSuppPaeHelloPeriod timer imposed before further attempts are permitted.
OBJECT-TYPE    
  Unsigned32  

ieee8021XSuppPaeRetryCount 1.3.111.2.802.1.1.15.1.4.1.1.6
The count of the number of authentication attempts.
OBJECT-TYPE    
  Gauge32  

ieee8021XEapolStatsTable 1.3.111.2.802.1.1.15.1.5.1
A table in system level contains the EAPOL statistics and diagnostics information supported by PAE.
OBJECT-TYPE    
  SEQUENCE OF  
    Ieee8021XEapolStatsEntry

ieee8021XEapolStatsEntry 1.3.111.2.802.1.1.15.1.5.1.1
An entry contains the EAPOL statistics and diagnostics information for a PAE.
OBJECT-TYPE    
  Ieee8021XEapolStatsEntry  

ieee8021XEapolInvalidFramesRx 1.3.111.2.802.1.1.15.1.5.1.1.1
The number of invalid EAPOL frames of any type that have been received by this PAE.
OBJECT-TYPE    
  Counter32  

ieee8021XEapolEapLengthErrorFramesRx 1.3.111.2.802.1.1.15.1.5.1.1.2
The number of EAPOL frames that the Packet Body Length does not match a Packet Body that is contained within the octets of the received EAPOL MPDU in this PAE.
OBJECT-TYPE    
  Counter32  

ieee8021XEapolAnnouncementFramesRx 1.3.111.2.802.1.1.15.1.5.1.1.3
The number of EAPOL-Announcement frames that have been received by this PAE.
OBJECT-TYPE    
  Counter32  

ieee8021XEapolAnnouncementReqFramesRx 1.3.111.2.802.1.1.15.1.5.1.1.4
The number of EAPOL-Announcement-Req frames that have been received by this PAE.
OBJECT-TYPE    
  Counter32  

ieee8021XEapolPortUnavailableFramesRx 1.3.111.2.802.1.1.15.1.5.1.1.5
The number of EAPOL frames that are discarded because their processing would require the creation of a virtual port, for which there are inadequate or constrained resources, or an existing virtual port and no such port currently exists. If virtual port is not supported, this object should be always 0.
OBJECT-TYPE    
  Counter32  

ieee8021XEapolStartFramesRx 1.3.111.2.802.1.1.15.1.5.1.1.6
The number of EAPOL-Start frames that have been received by this PAE.
OBJECT-TYPE    
  Counter32  

ieee8021XEapolEapFramesRx 1.3.111.2.802.1.1.15.1.5.1.1.7
The number of EAPOL-EAP frames that have been received by this PAE.
OBJECT-TYPE    
  Counter32  

ieee8021XEapolLogoffFramesRx 1.3.111.2.802.1.1.15.1.5.1.1.8
The number of EAPOL-Logoff frames that have been received by this PAE.
OBJECT-TYPE    
  Counter32  

ieee8021XEapolMkNoCknFramesRx 1.3.111.2.802.1.1.15.1.5.1.1.9
The number of MKPDUs received with MKA not enabled or CKN not recognized in this PAE.
OBJECT-TYPE    
  Counter32  

ieee8021XEapolMkInvalidFramesRx 1.3.111.2.802.1.1.15.1.5.1.1.10
The number of MKPDUs failing in message authentication on receipt process in this PAE.
OBJECT-TYPE    
  Counter32  

ieee8021XEapolLastRxFrameVersion 1.3.111.2.802.1.1.15.1.5.1.1.11
The version of last received EAPOL frame by this PAE.
OBJECT-TYPE    
  Unsigned32  

ieee8021XEapolLastRxFrameSource 1.3.111.2.802.1.1.15.1.5.1.1.12
The source MAC address of last received EAPOL frame by this PAE.
OBJECT-TYPE    
  MacAddress  

ieee8021XEapolSuppEapFramesTx 1.3.111.2.802.1.1.15.1.5.1.1.13
The number of EAPOL-EAP frames that have been transmitted by the supplicant of this PAE.
OBJECT-TYPE    
  Counter32  

ieee8021XEapolLogoffFramesTx 1.3.111.2.802.1.1.15.1.5.1.1.14
The number of EAPOL-Logoff frames that have been transmitted by this PAE.
OBJECT-TYPE    
  Counter32  

ieee8021XEapolAnnouncementFramesTx 1.3.111.2.802.1.1.15.1.5.1.1.15
The number of EAPOL-Announcement frames that have been transmitted by this PAE.
OBJECT-TYPE    
  Counter32  

ieee8021XEapolAnnouncementReqFramesTx 1.3.111.2.802.1.1.15.1.5.1.1.16
The number of EAPOL-Announcement-Req frames that have been transmitted by this PAE.
OBJECT-TYPE    
  Counter32  

ieee8021XEapolStartFramesTx 1.3.111.2.802.1.1.15.1.5.1.1.17
The number of EAPOL-Start frames that have been received by this PAE.
OBJECT-TYPE    
  Counter32  

ieee8021XEapolAuthEapFramesTx 1.3.111.2.802.1.1.15.1.5.1.1.18
The number of EAPOL-EAP frames that have been transmitted by the authenticator of this PAE.
OBJECT-TYPE    
  Counter32  

ieee8021XEapolMkaFramesTx 1.3.111.2.802.1.1.15.1.5.1.1.19
The number of EAPOL-MKA frames with no CKN information that have been transmitted by this PAE.
OBJECT-TYPE    
  Counter32  

ieee8021XKayMkaTable 1.3.111.2.802.1.1.15.1.6.1
A table of system level information for each interface supported by the KaY (Key Agreement Entity). This table will be instantiated if the object ieee8021XPaePortKayMkaEnable in the corresponding entry of the ieee8021XPaePortTable is 'true'. The following terms are used to identify roles within the MKA protocol or protocol scenarios and the MIB description : participant : An instance of MKA, transmitting and receiving frames protected by keys derived from a single CAK, and operating with positive intent, obeying the protocol. member: A participant that possesses the CAK that can be used to prove liveness and to obtain membership in the CA under discussion. actor: The participant under discussion, usually in the KaY being described. partners: Participants or members attached to the same LAN as the actor, excluding the actor. principal actor: The actor participating in the MKA instance that has elected the highest priority key server. Each participant selects the live participant advertising the highest priority as its key server provided that participant has not selected another as its key server or is unwilling to act as the key server. If a key server cannot be selected SAKs are not distributed. In the event of a tie for highest priority key server, the member with the highest priority SCI is chosen. For consistency with other uses of the SCI's MAC Address component as a priority, numerically lower values of the key server priority and SCI are accorded the highest priority. For the writeable objects in this table, the configured value shall be stored in persistent memory and remain unchanged across a re-initialization of the management system of the entity.
OBJECT-TYPE    
  SEQUENCE OF  
    Ieee8021XKayMkaEntry

ieee8021XKayMkaEntry 1.3.111.2.802.1.1.15.1.6.1.1
An entry containing KaY MKA management information applicable to a particular interface.
OBJECT-TYPE    
  Ieee8021XKayMkaEntry  

ieee8021XKayMkaActive 1.3.111.2.802.1.1.15.1.6.1.1.1
This object will be 'true' if there is at least one MKA active actor, transmitting MKPDUs
OBJECT-TYPE    
  TruthValue  

ieee8021XKayMkaAuthenticated 1.3.111.2.802.1.1.15.1.6.1.1.2
This object will be 'true' if the principal actor, i.e. the participant that has the highest priority key server and one or more live peers, has determined that Controlled Port communication should proceed without MACsec.
OBJECT-TYPE    
  TruthValue  

ieee8021XKayMkaSecured 1.3.111.2.802.1.1.15.1.6.1.1.3
This object will be 'true' if the principal actor has determined that communication should use MACsec.
OBJECT-TYPE    
  TruthValue  

ieee8021XKayMkaFailed 1.3.111.2.802.1.1.15.1.6.1.1.4
This object will be 'true' if the object ieee8021XKayMkaSecured in the same row is 'false' and MKA Life Time has elapsed since an MKA participant was last created.
OBJECT-TYPE    
  TruthValue  

ieee8021XKayMkaActorSCI 1.3.111.2.802.1.1.15.1.6.1.1.5
The SCI assigned by the system to the port, applies to all the port's MKA actors.
OBJECT-TYPE    
  SecySCI  

ieee8021XKayMkaActorsPriority 1.3.111.2.802.1.1.15.1.6.1.1.6
The Key Server priority for all the port's MKA actors. Each participant encodes a key server priority, an 8-bit integer, in each MKPDU.
OBJECT-TYPE    
  Ieee8021XMkaKeyServerPriority  

ieee8021XKayMkaKeyServerPriority 1.3.111.2.802.1.1.15.1.6.1.1.7
The priority of the elected Key Server through MKA in the CA.
OBJECT-TYPE    
  Ieee8021XMkaKeyServerPriority  

ieee8021XKayMkaKeyServerSCI 1.3.111.2.802.1.1.15.1.6.1.1.8
The SCI for key server for the MKA principal actor. The length of this object is 0 if there is no principal actor, or that actor has no live peers. This object matches the ieee8021XKayMkaActorSCI object in the same row if the actor is the key server.
OBJECT-TYPE    
  SecySCI  

ieee8021XKayAllowedJoinGroup 1.3.111.2.802.1.1.15.1.6.1.1.9
This object will be 'true' if the KaY will accept Group CAKs distributed by MKA protocol.
OBJECT-TYPE    
  TruthValue  

ieee8021XKayAllowedFormGroup 1.3.111.2.802.1.1.15.1.6.1.1.10
This object will be 'true' if the KaY will attempt to use point-to-point CAs to distribute a group CAK, if its MKA principal actor is the key server for all the point-to-point CAs.
OBJECT-TYPE    
  TruthValue  

ieee8021XKayCreateNewGroup 1.3.111.2.802.1.1.15.1.6.1.1.11
This object is set 'true' if a new group CAK is to be distributed and the MKA principal actor is the key server for all point-to-point CAs. This object will be set 'false' by the KaY when distribution is complete.
OBJECT-TYPE    
  TruthValue  

ieee8021XKayMacSecCapability 1.3.111.2.802.1.1.15.1.6.1.1.12
This object indicates whether MACsec is implemented, and if so whether the implementation provides integrity protection only, integrity and integrity with confidentiality, or integrity and integrity with confidentiality with a selectable confidentiality offset of 0, 30, or 50 octets (see IEEE Std 802.1AE). 'noMACsec' : the MACsec is not implemented. 'macSecCapability1' : capable in 'integrity protection without confidentiality'. 'macSecCapability2' : capable in 'integrity protection without confidentiality' and integrity protection and confidentiali with a confidentiality offset 0',. 'macSecCapability3' : capable in 'integrity protection without confidentiality' and integrity protection and confidentiali with a confidentiality offset 0, 30 or 50'.
OBJECT-TYPE    
  INTEGER noMACsec(0), macSecCapability1(1), macSecCapability2(2), macSecCapability3(3)  

ieee8021XKayMacSecDesired 1.3.111.2.802.1.1.15.1.6.1.1.13
This object will be set 'true' if the MKA participants desire the use of MACsec to protect frames with this KaY.
OBJECT-TYPE    
  TruthValue  

ieee8021XKayMacSecProtect 1.3.111.2.802.1.1.15.1.6.1.1.14
The status of the MACsec protection function for this KaY. 'true' : then the status of the MACsec protection function will be as object secyIfProtectFramesEnable object configured in the IEEE8021-SECY-MIB. 'false' : then the MACsec protection function is disabled by this KaY.
OBJECT-TYPE    
  TruthValue  

ieee8021XKayMacSecReplayProtect 1.3.111.2.802.1.1.15.1.6.1.1.15
The status of the MACsec replay protection function for this KaY. 'true' : then the status of the MACsec replay protection function will be as secyIfReplayProtectEnable object configured in the IEEE8021-SECY-MIB. 'false' : then the MACsec replay protection function is disabled by this KaY.
OBJECT-TYPE    
  TruthValue  

ieee8021XKayMacSecValidate 1.3.111.2.802.1.1.15.1.6.1.1.16
The status of the MACsec validation function for this KaY. 'true' : then the status of the MACsec validation function will be as secyIfValidateFrames object configured in the IEEE8021-SECY-MIB. 'false' : then the MACsec validation function is enabled but only for checking without filtering out invalid frames by the SecY.
OBJECT-TYPE    
  TruthValue  

ieee8021XKayMacSecConfidentialityOffset 1.3.111.2.802.1.1.15.1.6.1.1.17
The confidentiality protection offset options for the selected cipher suite in the MACsec. If the cipher suite does not have this capability, the configured value of the object will not apply to the cipher suite.
OBJECT-TYPE    
  Integer32 0 | 30 | 50  

ieee8021XKayMkaTxKN 1.3.111.2.802.1.1.15.1.6.1.1.18
The key number assigned by the key server to the SAK currently being used for transmission. This object will be 0 if MACsec is not being used or the key number is not available yet.
OBJECT-TYPE    
  Ieee8021XMkaKN  

ieee8021XKayMkaTxAN 1.3.111.2.802.1.1.15.1.6.1.1.19
The AN assigned by the key server for use with the key number for transmission. This row pointer will point to an entry in the secyTxSATable which the secyTxSCEncodingSA object also points to in the IEEE8021-SECY-MIB. If MACsec is not in use or the AN is not identified yet, the value of this object shall be set to the OBJECT IDENTIFIER { 0 0 }.
OBJECT-TYPE    
  RowPointer  

ieee8021XKayMkaRxKN 1.3.111.2.802.1.1.15.1.6.1.1.20
The key number assigned by the key server to the oldest SAK currently being used for reception. It is the same as the key number for transmission if a single SAK is currently in use. This object will be 0 if MACsec is not being used or the key number is not available yet.
OBJECT-TYPE    
  Ieee8021XMkaKN  

ieee8021XKayMkaRxAN 1.3.111.2.802.1.1.15.1.6.1.1.21
The AN assigned by the key server for use with the key number for reception. It is the same as AN for transmission if a single SAK is currently in use. This row pointer will point to an entry in the secyRxSATable which the secyRxSCCurrentSA object also points to in the IEEE8021-SECY-MIB. If MACsec is not in use or the AN is not identified yet, the value of this object shall be set to the OBJECT IDENTIFIER { 0 0 }.
OBJECT-TYPE    
  RowPointer  

ieee8021XKayMkaParticipantTable 1.3.111.2.802.1.1.15.1.6.2
A table for each MKA participant supported by the KaY MKA entity. For the writeable objects in this table, the configured value shall be stored in persistent memory and remain unchanged across a re-initialization of the management system of the entity.
OBJECT-TYPE    
  SEQUENCE OF  
    Ieee8021XKayMkaParticipantEntry

ieee8021XKayMkaParticipantEntry 1.3.111.2.802.1.1.15.1.6.2.1
An entry containing KaY MKA management information applicable to a MKA participant.
OBJECT-TYPE    
  Ieee8021XKayMkaParticipantEntry  

ieee8021XKayMkaPartCKN 1.3.111.2.802.1.1.15.1.6.2.1.1
The CKN information for this MKA participant.
OBJECT-TYPE    
  Ieee8021XPaeCKN  

ieee8021XKayMkaPartKMD 1.3.111.2.802.1.1.15.1.6.2.1.2
The KMD information for this MKA participant.
OBJECT-TYPE    
  Ieee8021XPaeKMD  

ieee8021XKayMkaPartNID 1.3.111.2.802.1.1.15.1.6.2.1.3
The NID information for this MKA participant.
OBJECT-TYPE    
  Ieee8021XPaeNID  

ieee8021XKayMkaPartCached 1.3.111.2.802.1.1.15.1.6.2.1.4
This object is set 'true' by the KaY if the participant's parameters are cached. If this object is 'true', this object can be set 'false' cleared by management to remove the participant's parameters from the cache.
OBJECT-TYPE    
  TruthValue  

ieee8021XKayMkaPartActive 1.3.111.2.802.1.1.15.1.6.2.1.5
This object is set 'true' if the participant is active, i.e. is currently transmitting periodic MKPDUs.
OBJECT-TYPE    
  TruthValue  

ieee8021XKayMkaPartRetain 1.3.111.2.802.1.1.15.1.6.2.1.6
This object is set 'true' to retain the participant in the cache, even if the KaY would normally remove it (due to lack of use for example)
OBJECT-TYPE    
  TruthValue  

ieee8021XKayMkaPartActivateControl 1.3.111.2.802.1.1.15.1.6.2.1.7
This object is for controlling the participant's behavior when the participant is activated. 'default' : the participant is from cached entries created by the KaY as part of normal operation, without explicit management, and is activated according to the implementation dependent policies of the KaY. 'disabled' : the participant allows the cache information to be retained, but disabled for indefinite period. 'onOperUp' : causing the participant to be activated when the PAE's part is activated, and therefore when the SecY or PAC's 'Common Port' becomes operational. 'always' : causing the participant to remain active all the time, even in the continued absence of partners. If the object changed to disabled(1) or onOperUp(3), the participant ceases operation immediately and receipt of MKPDUs with a matching CKN during a subsequent period of twice MKA lifetime will not cause the participant to become active once more.
OBJECT-TYPE    
  INTEGER default(1), disabled(2), onOperUp(3), always(4)  

ieee8021XKayMkaPartPrincipal 1.3.111.2.802.1.1.15.1.6.2.1.8
This object is set 'true' if the participant is currently the principal actor.
OBJECT-TYPE    
  TruthValue  

ieee8021XKayMkaPartDistCKN 1.3.111.2.802.1.1.15.1.6.2.1.9
The CKN for the last CAK distributed either by the actor or one of its partners. Empty string for this object will be provided if this participant has not been used to distribute a CAK or the participant is not active, i.e. the object ieee8021XKayMkaPartActive in the same row is 'false'.
OBJECT-TYPE    
  Ieee8021XPaeCKNOrNull  

ieee8021XKayMkaPartRowStatus 1.3.111.2.802.1.1.15.1.6.2.1.10
The object to create the parameters for the supported participant information in the system. If the participant information is from downloaded policies, this object is 'active'.
OBJECT-TYPE    
  RowStatus  

ieee8021XKayMkaPeerListTable 1.3.111.2.802.1.1.15.1.6.3
A table containing the lists of Live Peers and Potential Peers, for all MKA instances for which the KaY is active.
OBJECT-TYPE    
  SEQUENCE OF  
    Ieee8021XKayMkaPeerListEntry

ieee8021XKayMkaPeerListEntry 1.3.111.2.802.1.1.15.1.6.3.1
A table entry for one of the peers for one of the MKA instances for which this KaY is an active participant.
OBJECT-TYPE    
  Ieee8021XKayMkaPeerListEntry  

ieee8021XKayMkaPeerListMI 1.3.111.2.802.1.1.15.1.6.3.1.1
The peer entry's MI information in the peer list of this active participant in MKA protocol.
OBJECT-TYPE    
  Ieee8021XMkaMI  

ieee8021XKayMkaPeerListMN 1.3.111.2.802.1.1.15.1.6.3.1.2
The peer entry's latest MN information in the peer list of this active participant in MKA protocol.
OBJECT-TYPE    
  Ieee8021XMkaMN  

ieee8021XKayMkaPeerListType 1.3.111.2.802.1.1.15.1.6.3.1.3
The peer entry's type in the peer list of this active participant in MKA protocol. 'livePeerList' : the peer entry is in the Live Peer List. 'potentialPeerList' : the peer entry is in the Potential Peer List.
OBJECT-TYPE    
  INTEGER livePeerList(1), potentialPeerList(2)  

ieee8021XKayMkaPeerListSCI 1.3.111.2.802.1.1.15.1.6.3.1.4
The SCI information of the peer entry in the peer list of this active participant in MKA protocol.
OBJECT-TYPE    
  SecySCI  

ieee8021XNidConfigTable 1.3.111.2.802.1.1.15.1.7.1
A table that contains the configuration objects for the network announcement information for the Logon Process. The detail operation of the Logon Process can vary depending on the port-based network access control applications, and on the capabilities supported by that implementation including, for example, network discovery and roaming. This table specifies control variables that facilitate behaviors that are potentially useful in a range of applications. Implementations may use and augment the variables specified, or may use variables specific to the implementation. For the writeable objects in this table, the configured value shall be stored in persistent memory and remain unchanged across a re-initialization of the management system of the entity.
OBJECT-TYPE    
  SEQUENCE OF  
    Ieee8021XNidConfigEntry

ieee8021XNidConfigEntry 1.3.111.2.802.1.1.15.1.7.1.1
An entry contains network announcement parameters for a NID.
OBJECT-TYPE    
  Ieee8021XNidConfigEntry  

ieee8021XNidNID 1.3.111.2.802.1.1.15.1.7.1.1.1
The network identifier to identify NID configuration in the PAE.
OBJECT-TYPE    
  Ieee8021XPaeNID  

ieee8021XNidUseEap 1.3.111.2.802.1.1.15.1.7.1.1.2
Determines when the Logon Process will initiate EAP, if the Supplicant and or Authenticator are enabled, and takes one of the following values: 'never' : Never. 'immediate' : Immediately, concurrently with the use of MKA with any cached CAK(s). 'mkaFail' : Not until MKA has failed, if a prior CAK has been cached.
OBJECT-TYPE    
  INTEGER never(1), immediate(2), mkaFail(3)  

ieee8021XNidUnauthAllowed 1.3.111.2.802.1.1.15.1.7.1.1.3
Determines when the Logon Process will tell the CP state machine to provide unauthenticated connectivity, and takes one of the following values: 'never' : Never. 'immediate' : Immediately, independently of any current or future attempts to authenticate using the PAE or MKA. 'authFail' : Not until an attempt has been made to authenticate using EAP, unless neither the Supplicant nor the Authenticator is enabled, and MKA has attempted to use any cached CAK (unless the KaY is not enabled).
OBJECT-TYPE    
  INTEGER never(1), immediate(2), authFail(3)  

ieee8021XNidUnsecuredAllowed 1.3.111.2.802.1.1.15.1.7.1.1.4
Determines when the Logon Process will tell the CP state machine to provide authenticated but unsecured connectivity, takes one of the following values: 'never' : Never. 'immediate' : Immediately, to provide connectivity concurrently with the use of MKA with any CAK acquired through EAP. 'mkaFail' : Not until MKA has failed, or is not enabled. 'mkaServer' : Only if directed by the MKA server.
OBJECT-TYPE    
  INTEGER never(1), immediate(2), mkaFail(3), mkaServer(4)  

ieee8021XNidUnauthenticatedAccess 1.3.111.2.802.1.1.15.1.7.1.1.5
The configured access capability of the port's clients without authentication in this NID.
OBJECT-TYPE    
  Ieee8021XPaeNIDUnauthenticatedStatus  

ieee8021XNidAccessCapabilities 1.3.111.2.802.1.1.15.1.7.1.1.6
The authentication and protection capabilities supported for the NID.
OBJECT-TYPE    
  Ieee8021XPaeNIDCapabilites  

ieee8021XNidKMD 1.3.111.2.802.1.1.15.1.7.1.1.7
The configured KMD information for this NID.
OBJECT-TYPE    
  Ieee8021XPaeKMD  

ieee8021XNidRowStatus 1.3.111.2.802.1.1.15.1.7.1.1.8
The object to create the parameters for the supported Network Announcement information in the system. If the Network Announcement information of the entry is from downloaded policies, this object is 'active'.
OBJECT-TYPE    
  RowStatus  

ieee8021XAnnounceTable 1.3.111.2.802.1.1.15.1.7.2
A table contains the status information that the Announcers announce in the network announcement of the PAE system. This table will be instantiated if the object ieee8021XPaePortAnnouncerEnable in the corresponding entry of the ieee8021XPaePortTable is 'true'.
OBJECT-TYPE    
  SEQUENCE OF  
    Ieee8021XAnnounceEntry

ieee8021XAnnounceEntry 1.3.111.2.802.1.1.15.1.7.2.1
An entry contains an Announcer's status information.
OBJECT-TYPE    
  Ieee8021XAnnounceEntry  

ieee8021XAnnounceNID 1.3.111.2.802.1.1.15.1.7.2.1.1
The NID information to identify a transmitting network announcement for the PAE.
OBJECT-TYPE    
  Ieee8021XPaeNID  

ieee8021XAnnounceAccessStatus 1.3.111.2.802.1.1.15.1.7.2.1.2
The object information reflects connectivity as a result of authentication attempts of this NID for this Announcer.
OBJECT-TYPE    
  Ieee8021XPaeNIDAccessStatus  

ieee8021XAnnouncementTable 1.3.111.2.802.1.1.15.1.7.3
A table contains the status information that the Listeners receive in the network announcement of the PAE system. This table will be instantiated if the object ieee8021XPaePortListenerEnable in the corresponding entry of the ieee8021XPaePortTable is 'true'.
OBJECT-TYPE    
  SEQUENCE OF  
    Ieee8021XAnnouncementEntry

ieee8021XAnnouncementEntry 1.3.111.2.802.1.1.15.1.7.3.1
An entry contains a Listener's status information.
OBJECT-TYPE    
  Ieee8021XAnnouncementEntry  

ieee8021XAnnouncementNID 1.3.111.2.802.1.1.15.1.7.3.1.1
The NID information to identify a received network announcement for the PAE.
OBJECT-TYPE    
  Ieee8021XPaeNID  

ieee8021XAnnouncementKMD 1.3.111.2.802.1.1.15.1.7.3.1.2
The KMD information for this received network announcement of the PAE.
OBJECT-TYPE    
  Ieee8021XPaeKMD  

ieee8021XAnnouncementSpecific 1.3.111.2.802.1.1.15.1.7.3.1.3
This object indicates the received announcement information was specific to the receiving PAE, not generic for all systems attached to the LAN.
OBJECT-TYPE    
  TruthValue  

ieee8021XAnnouncementAccessStatus 1.3.111.2.802.1.1.15.1.7.3.1.4
The object information reflects connectivity as a result of authentication attempts for this received network announcement of the PAE.
OBJECT-TYPE    
  Ieee8021XPaeNIDAccessStatus  

ieee8021XAnnouncementAccessRequested 1.3.111.2.802.1.1.15.1.7.3.1.5
The authenticated access has been requested for this particular NID or not.
OBJECT-TYPE    
  TruthValue  

ieee8021XAnnouncementUnauthAccess 1.3.111.2.802.1.1.15.1.7.3.1.6
The access capability of the port's clients without authentication in this received network announcement of the PAE. 'openAccess', 'limitedAccess' should not be returned if the object ieee8021XNidUnauthAllowed is 'immediate'.
OBJECT-TYPE    
  Ieee8021XPaeNIDUnauthenticatedStatus  

ieee8021XAnnouncementCapabilities 1.3.111.2.802.1.1.15.1.7.3.1.7
The announcement capabilities of this received network announcement for this PAE.
OBJECT-TYPE    
  Ieee8021XPaeNIDCapabilites  

ieee8021XAnnouncementCipherSuitesTable 1.3.111.2.802.1.1.15.1.7.4
A table contains the Cipher Suites information that the Listeners receive in the network announcement of the PAE system. This table will be instantiated if the object ieee8021XPaePortListenerEnable in the corresponding entry of the ieee8021XPaePortTable is 'true'.
OBJECT-TYPE    
  SEQUENCE OF  
    Ieee8021XAnnouncementCipherSuitesEntry

ieee8021XAnnouncementCipherSuitesEntry 1.3.111.2.802.1.1.15.1.7.4.1
An entry contains the Cipher Suite information which a Listener has reveived from network announcement.
OBJECT-TYPE    
  Ieee8021XAnnouncementCipherSuitesEntry  

ieee8021XAnnouncementCipherSuite 1.3.111.2.802.1.1.15.1.7.4.1.1
The identifier for the announced cipher suite. This is a global unique 64-bit (EUI-64) identifier to identify a cipher suite.
OBJECT-TYPE    
  STRING Size(8)  

ieee8021XAnnouncementCipherCapability 1.3.111.2.802.1.1.15.1.7.4.1.2
The capability of a Cipher Suite received from the network announcement by the Listener. A 2 octets Cipher Suite dependent implementation capability field precedes each Cipher Suite reference number. If the Cipher Suite, ieee8021XAnnouncementCipherSuite, identifies the Default Cipher Suite (specified in IEEE Std 802.1AE), the two least significant bits of the implementation capability field encode the MACsec Capability parameter specified in Table 11-7 and the fourteen more significant bits are as 0 and ignored on receipt.
OBJECT-TYPE    
  Unsigned32 0..65535  

ieee8021XPaeCompliances 1.3.111.2.802.1.1.15.2.1
OBJECT IDENTIFIER    

ieee8021XPaeGroups 1.3.111.2.802.1.1.15.2.2
OBJECT IDENTIFIER    

ieee8021XPaeCompliance 1.3.111.2.802.1.1.15.2.1.1
read-create access is not required. This may be read-only.
MODULE-COMPLIANCE    

ieee8021XPaeSystemGroup 1.3.111.2.802.1.1.15.2.2.1
A collection of objects providing system information for a PAE system and a PAE port status and control information.
OBJECT-GROUP    

ieee8021XPacGroup 1.3.111.2.802.1.1.15.2.2.2
A collection of objects providing information of a PAC in the system.
OBJECT-GROUP    

ieee8021XPaeLogonGroup 1.3.111.2.802.1.1.15.2.2.3
A collection of objects providing information of a Logon Process in the system.
OBJECT-GROUP    

ieee8021XPaeAuthConfigGroup 1.3.111.2.802.1.1.15.2.2.4
A collection of objects providing configuration information of an Authenticator in the system.
OBJECT-GROUP    

ieee8021XPaeSuppConfigGroup 1.3.111.2.802.1.1.15.2.2.5
A collection of objects providing configuration information of a Supplicant in the system.
OBJECT-GROUP    

ieee8021XPaeEapolStatsGroup 1.3.111.2.802.1.1.15.2.2.6
A collection of objects providing counters and diagnostic information for the EAPOL in the system.
OBJECT-GROUP    

ieee8021XPaeKaYMkaGroup 1.3.111.2.802.1.1.15.2.2.7
A collection of objects providing monitoring and controlling information of a KaY MKA in the system.
OBJECT-GROUP    

ieee8021XPaeNetworkIdentifierGroup 1.3.111.2.802.1.1.15.2.2.8
A collection of objects providing monitoring and controlling information of an NID in the system.
OBJECT-GROUP    

ieee8021XPaeAnnouncerGroup 1.3.111.2.802.1.1.15.2.2.9
A collection of objects providing status information for an Announcer in the system.
OBJECT-GROUP    

ieee8021XPaeListenerGroup 1.3.111.2.802.1.1.15.2.2.10
A collection of objects providing status information for a Listener in the system.
OBJECT-GROUP