A3COM-HUAWEI-PORT-SECURITY-MIB
File:
A3COM-HUAWEI-PORT-SECURITY-MIB.mib (37552 bytes)
Imported modules
Imported symbols
Defined Types
H3cSecurePortEntry |
|
SEQUENCE |
|
|
|
|
h3cSecurePortMode |
INTEGER |
|
|
h3cSecureNeedToKnowMode |
INTEGER |
|
|
h3cSecureIntrusionAction |
INTEGER |
|
|
h3cSecureNumberAddresses |
Integer32 |
|
|
h3cSecureNumberAddressesStored |
Integer32 |
|
|
h3cSecureMaximumAddresses |
Integer32 |
|
H3cSecureAddressEntry |
|
SEQUENCE |
|
|
|
|
h3cSecureAddrMAC |
MacAddress |
|
|
h3cSecureAddrVlanID |
Integer32 |
|
|
h3cSecureAddrMACStatus |
INTEGER |
|
|
h3cSecureAddrRowStatus |
RowStatus |
|
H3cSecureOUIEntry |
|
SEQUENCE |
|
|
|
|
h3cSecureOUIIndex |
INTEGER |
|
|
h3cSecureOUI |
OCTET STRING |
|
|
h3cSecureOUIRowStatus |
RowStatus |
|
H3cSecureBindingEntry |
|
SEQUENCE |
|
|
|
|
h3cSecureBindingIndex |
Integer32 |
|
|
h3cSecureBindingPort |
Integer32 |
|
|
h3cSecureBindingAddrMAC |
MacAddress |
|
|
h3cSecureBindingAddrIp |
IpAddress |
|
|
h3cSecureBindingRowStatus |
RowStatus |
|
H3cSecureAssignEntry |
|
SEQUENCE |
|
|
|
|
h3cSecureAssignEnable |
TruthValue |
|
|
h3cSecureVlanAssignment |
OCTET STRING |
|
Defined Values
h3cPortSecurityMIB |
1.3.6.1.4.1.43.45.1.10.2.26.1 |
The MIB module is used for managing port security. |
MODULE-IDENTITY |
|
|
|
h3cSecurePortSecurityControl |
1.3.6.1.4.1.43.45.1.10.2.26.1.1.1 |
This attribute controls the system wide operation of network
access control. The configured port security options only become
operational when this attribute is set to enabled. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
enabled(1), disabled(2) |
|
h3cSecurePortVlanMembershipList |
1.3.6.1.4.1.43.45.1.10.2.26.1.1.2 |
This is a dummy MIB object referenced by the h3csecureLogon and
h3csecureLogoff traps. This object contains a comma separated list of
the VLAN identifiers (0-4095) assigned to a port. A tagged VLAN has a
'T' suffix after the VLAN number and an untagged VLAN may have an
optional 'U' suffix. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
DisplayString |
Size(0..255) |
|
h3cSecureRalmDefaultSessionTime |
1.3.6.1.4.1.43.45.1.10.2.26.1.1.4.1 |
Specifies the default session lifetime in seconds before
a forwarding MAC address is re-authenticated.
The default time is 1800 seconds. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
1..1000000 |
|
h3cSecureRalmHoldoffTime |
1.3.6.1.4.1.43.45.1.10.2.26.1.1.4.2 |
Specifies the time in seconds before
a blocked (denied) MAC address can be re-authenticated.
The default time is 60 seconds. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
1..1000000 |
|
h3cSecureRalmReauthenticate |
1.3.6.1.4.1.43.45.1.10.2.26.1.1.4.3 |
Writing a MAC address to this object causes an
immediate RALM re-authentication of this address (can be on
any port). If the MAC address not currently known to RALM,
it silently ignores the write. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
MacAddress |
|
|
h3cSecureRalmAuthMode |
1.3.6.1.4.1.43.45.1.10.2.26.1.1.4.4 |
This controls how MAC addresses are authenticated.
papUsernameAsMacAddress(1)
Authentication uses the RADIUS server by
sending a PAP request with Username and
Password both equal to the MAC address being
authenticated. This is the default.
papUsernameFixed(2)
Authentication uses the RADIUS server by
sending a PAP request with Username and
Password coming from the h3cSecureRalmAuthUsername and
h3cSecureRalmAuthPassword MIB objects. In this mode
the RADIUS server would normally take into account
the request's calling-station-id attribute, which is
the MAC address of the host being authenticated. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
papUsernameAsMacAddress(1), papUsernameFixed(2) |
|
h3cSecureRalmAuthUsername |
1.3.6.1.4.1.43.45.1.10.2.26.1.1.4.5 |
This is the username used for authentication requests
where h3cSecureRalmAuthMode is papUsernameFixed.
Default shall be 'mac'. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
DisplayString |
Size(1..80) |
|
h3cSecureRalmAuthPassword |
1.3.6.1.4.1.43.45.1.10.2.26.1.1.4.6 |
This is the password used for authentication requests
where h3cSecureRalmAuthMode is papUsernameFixed.
Default shall be a null string. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
DisplayString |
Size(0..63) |
|
h3cSecureRalmAuthDomain |
1.3.6.1.4.1.43.45.1.10.2.26.1.1.4.7 |
MAC-authentication users may be configured in a specific domain,
which excludes 802.1x and other authentication users. This
specifies the domain of all MAC-authentication users. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
DisplayString |
Size(1..24) |
|
h3cSecureRalmAuthOfflineTime |
1.3.6.1.4.1.43.45.1.10.2.26.1.1.4.8 |
Switch isn't informed when online user is offline,
so switch should be able to detect offline and inform radius
server to stop accounting when there is no traffic of the user.
This attribute configures the timer interval of offline-detect.
The default time is 300 seconds. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
1..65535 |
|
h3cSecureRalmAuthServerTimeoutTime |
1.3.6.1.4.1.43.45.1.10.2.26.1.1.4.9 |
When switch sends request packets (include connecting
request and offline request, etc) to radius server and
there is no response, switch will terminate the authentication
process. This attribute configures the timer interval of
server-timeout. The default time is 100 seconds. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
1..65535 |
|
h3cSecureMacControl |
1.3.6.1.4.1.43.45.1.10.2.26.1.1.4.10 |
This attribute controls the system wide operation of
mac-authentication. The system-wide mac-authentication options
become non-operational when this attribute is set to disabled.
This is required for h3cSecurePortSecurityControl to be enabled. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
enabled(1), disabled(2) |
|
h3cSecurePortTable |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.1 |
This table defines the security status of each secure port.
Each port can have a number of authorised MAC addresses, and these are
stored in the h3cSecureAddressTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
H3cSecurePortEntry |
|
h3cSecurePortEntry |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.1.1 |
There is a row in this table for each secure port, and
allows repeater ports to be configured for security on a per port basis.
It is indexed using the object ifIndex in RFC1213-MIB. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
H3cSecurePortEntry |
|
|
h3cSecurePortMode |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.1.1.1 |
Determines the learning and security modes of the port.
See h3cSecureNeedToKnowMode and h3cSecureIntrusionAction to
configure Need To Know and Intrusion Action on each port.
(When in a learning mode, h3cSecureNumberAddresses determines the maximum
number of addresses that can be learned on the port. This is set
by the user.)
noRestrictions(1) All of the security features are disabled.
continuousLearning(2) Addresses are learned continually. If more
addresses are learned than are permitted on the
port, then one of the older entries will be aged
out. Need To Know and Intrusion Action depends on
h3cSecureNeedToKnowMode and h3cSecureIntrusionAction
respectively.
autoLearn(3) All addresses for this port are deleted, and then
addresses are learned up to the number permitted.
h3cSecurePortMode is then set to secure. Need To
Know and Intrusion Action depends on
h3cSecureNeedToKnowMode and h3cSecureIntrusionAction
respectively.
secure(4) Learning is disabled. Need To Know and Intrusion
Action depends on h3cSecureNeedToKnowMode and
h3cSecureIntrusionAction respectively.
userLogin(5) Access to the port is denied until the port client is
authorised (by 802.1X or other authentication mechanism).
Once authorised, traffic will be accepted from any MAC
address. The Need To Know and Intrusion Action are ignored.
userLoginSecure(6) Access to the port is denied until the port client
is authorised (by 802.1X or other authentication mechanism).
When the client is authorised, the MAC address is added to the
Secure Address Table.
The h3cSecureMaximumAddresses is set to one automatically when
this mode is entered. Any existing MAC addresses in the Secure
Address Table are deleted. Need To Know and Intrusion Action
depends on h3cSecureNeedToKnowMode and h3cSecureIntrusionAction
respectively. Learning is disabled.
userLoginWithOUI(7) This mode is similar to the userLoginSecure mode
except that a second MAC address may be placed in the Secure
Address Table. This second address is authorised based on the
MAC address OUI value.
If a new device with an authorised OUI value is discovered,
the previous entry is deleted. Traffic from the
OUI authorised device will be accepted even if the user has
not been authenticated. Need To Know and Intrusion Action
depends on h3cSecureNeedToKnowMode and h3cSecureIntrusionAction
respectively.
macAddressWithRadius(8) This selects the RADIUS Authenticated Login using
MAC-address (RALM) security mode on the port. This feature controls
network access of a host based on authenticating its MAC
address. Once authorised, the host is allowed access to the
network. If unauthorised, the port can be configured to deny
access to this MAC address or to allow some access depending
upon the port VLAN and QoS configuration.
Where access is allowed, the MAC address is added to the Secure
Address Table.
macAddressOrUserLoginSecure(9) This selects both the macAddressWithRadius and
userLoginSecure modes together such that either or both are allowed to
authorised access. Where both authorised access, userLoginSecure takes
precedence.
macAddressElseUserLoginSecure(10) This selects both the macAddressWithRadius and
userLoginSecure modes together such that the MAC address is first
authenticated and only if this fails does the userLoginSecure then attempt
user authentication.
userLoginSecureExt(11) Access to the port is denied until the port client
is authorised (by 802.1X or other authentication mechanism).
When the client is authorised, the MAC address is added to the
Secure Address Table.
The h3cSecureNumberAddresses is restricted by the value of h3cSecureMaximumAddresses
automatically when this mode is entered.
Any existing MAC addresses in the Secure Address Table are deleted.
Need To Know and Intrusion Action depends on h3cSecureNeedToKnowMode
and h3cSecureIntrusionAction respectively. Learning is disabled.
macAddressOrUserLoginSecureExt(12) This selects both the macAddressWithRadius and
userLoginSecureExt modes together such that either or both are allowed to
authorised access. Where both authorised access, userLoginSecure takes
precedence.
macAddressElseUserLoginSecureExt(13) This selects both the macAddressWithRadius and
userLoginSecureExt modes together such that the MAC address is first
authenticated and only if this fails does the userLoginSecure then attempt
user authentication.
macAddressAndUserLoginSecure(14) This selects both the macAddressWithRadius and
userLoginSecure modes together such that the MAC address is first
authenticated and only if this succeeds does the userLoginSecure then attempt
user authentication.
macAddressAndUserLoginSecureExt(15) This selects both the macAddressWithRadius and
userLoginSecureExt modes together such that the MAC address is first
authenticated and only if this succeeds does the userLoginSecure then attempt
user authentication.
|
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
noRestrictions(1), continuousLearning(2), autoLearn(3), secure(4), userLogin(5), userLoginSecure(6), userLoginWithOUI(7), macAddressWithRadius(8), macAddressOrUserLoginSecure(9), macAddressElseUserLoginSecure(10), userLoginSecureExt(11), macAddressOrUserLoginSecureExt(12), macAddressElseUserLoginSecureExt(13), macAddressAndUserLoginSecure(14), macAddressAndUserLoginSecureExt(15) |
|
h3cSecureNeedToKnowMode |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.1.1.2 |
Attribute to determine which frames are to be forwarded to
this port intact.
1 - Need To Know is not available.
2 - All frames.
3 - Frames addressed to the authorised devices only.
4 - Frames addressed to the authorised devices, plus all broadcast
frames.
5 - Frames addressed to the authorised devices, plus all broadcast
and multicast frames.
6 - As 3 and cannot be changed.
7 - As 4 and cannot be changed.
8 - As 5 and cannot be changed.
If this object returns 1,6,7 or 8, it means that the Need To Know
configuration cannot be changed, and any attempt to write to this object
will cause an error. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
notAvailable(1), disabled(2), needToKnowOnly(3), needToKnowWithBroadcastsAllowed(4), needToKnowWithMulticastsAllowed(5), permanentNeedToKnowOnly(6), permanentNeedToKnowWithBroadcastsAllowed(7), permanentNeedToKnowWithMulticastsAllowed(8) |
|
h3cSecureIntrusionAction |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.1.1.3 |
Attribute to determine the action if an unauthorised device
transmits on this port. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
notAvailable(1), noAction(2), disablePort(3), disablePortTemporarily(4), allowDefaultAccess(5), blockMacAddress(6) |
|
h3cSecureNumberAddresses |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.1.1.4 |
The maximum number of addresses that the port can learn or
store. Reducing this number may cause some addresses to be deleted.
This value is set by the user and cannot be automatically changed by the
agent. The maximum number will not include and limit the number of
static mac addresses that configured by manager.
The following relationship must be preserved.
h3cSecureNumberAddressesStored <= h3cSecureNumberAddresses <=
h3cSecureMaximumAddresses
|
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
h3cSecureNumberAddressesStored |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.1.1.5 |
The number of addresses that are currently in the
AddressTable for this port. If this object has the same value as
h3cSecureNumberAddresses, then no more addresses can be authorised on this
port. The number will not include and limit the number of
static mac addresses that configured by manager.
Those objects are bound by the relationship:
h3cSecureNumberAddressesStored <= h3cSecureNumberAddresses <=
h3cSecureMaximumAddresses
|
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
h3cSecureMaximumAddresses |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.1.1.6 |
This indicates the maximum value that h3cSecureNumberAddresses
can be set to. It is dependent on the resources available so may change,
eg. if resources are shared between ports, then this value can both
increase and decrease. This object must be read before setting
h3cSecureNumberAddresses.
Those objects are bound by the relationship:
h3cSecureNumberAddressesStored <= h3cSecureNumberAddresses <=
h3cSecureMaximumAddresses
|
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
h3cSecureAddressTable |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.2 |
This table stores the MAC addresses assigned to each
port. This table can be written to by the agent as well as the
management station. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
H3cSecureAddressEntry |
|
h3cSecureAddressEntry |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.2.1 |
This table allows multiple addresses to be assigned to each
secure port. It is indexed using the objects ifIndex,
h3cSecureAddrMAC and h3cSecureVlanID. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
H3cSecureAddressEntry |
|
|
h3cSecureAddrMAC |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.2.1.1 |
The MAC address of a station assigned to this port.
This is the second index into the h3cSecureAddressTable. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
MacAddress |
|
|
h3cSecureAddrVlanID |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.2.1.2 |
The Vlan ID associate with the port and the MAC address.
This is the third index into the h3cSecureAddressTable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
h3cSecureAddrMACStatus |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.2.1.3 |
The state of the mac address assigned to this port.
addressBlackhole (1) the mac address is a blackhole address,
Each packet whose source address is equal to this address will be
dropped by the agent.
addressUserConfig (2) the mac address configed by user with this state
are preserved across power cycles and resets.
addressDot1xAuth (3) the mac address is authorized by 802.1x authenticator,
User can not configure this mac address. This value is used for GET
and GETNEXT operation.
addressRALM (4) the mac address is authorized by RALM authenticator,
User can not configure this mac address. This value is used for GET
and GETNEXT operation.
|
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
addressBlackhole(1), addressUserConfig(2), addressDot1xAuth(3), addressRALM(4) |
|
h3cSecureAddrRowStatus |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.2.1.4 |
This manages the creation and deletion or rows, and shows
the current status of the indexed MAC address. This object has the
following values.
active(1) The indexed MAC address is authorised on this port.
notInService(2) Not Supported.
notReady(3) Not Supported.
createAndGo(4) Assign a new MAC address to the port and authorise
immediately.
createAndWait(5) Not Supported.
destroy(6) Delete this entry.
When creating a new entry, index a new row and use createAndGo(4).
When reading this object, only active(1) will be
returned.
|
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
h3cSecureOUITable |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.3 |
This table stores the OUI values for OUI based
authentication. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
H3cSecureOUIEntry |
|
h3cSecureOUIEntry |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.3.1 |
This is a row in the h3cSecureOUITable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
H3cSecureOUIEntry |
|
|
h3cSecureOUIIndex |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.3.1.1 |
The index number. This is the first index into the
h3cSecureOUITable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
INTEGER |
1..1024 |
|
h3cSecureOUI |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.3.1.2 |
The OUI value for an authorised device. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(3) |
|
h3cSecureOUIRowStatus |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.3.1.3 |
This manages the creation and deletion of rows, and shows
the current status of the entry.
active(1) The indexed OUI value is authorised.
notInService(2) Not Supported.
notReady(3) Not Supported.
createAndGo(4) Assign a new OUI to the unit and authorise
immediately.
createAndWait(5) Not Supported.
destroy(6) Delete this entry.
When creating a new entry, index a new row and use createAndGo(4) .
When reading this object, only active(1) will be returned.
|
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
h3cSecureBindingTable |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.4 |
This table stores the elements of binding rules include the
MAC addresses, the IP address and the port. Only the frame exactly
matching the binding rules can be forwarded. This table can be
written to by the agent as well as the management station. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
H3cSecureBindingEntry |
|
h3cSecureBindingEntry |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.4.1 |
This table allows multiple binding rules. It is indexed using the object
h3cSecureBindingIndex. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
H3cSecureBindingEntry |
|
|
h3cSecureBindingIndex |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.4.1.1 |
The index number. This is the first index into the
h3cSecureBindingTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
h3cSecureBindingPort |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.4.1.2 |
The port number of the port bound with the IP address
and the MAC address. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
h3cSecureBindingAddrMAC |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.4.1.3 |
The MAC address bound with the port and the IP address. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
MacAddress |
|
|
h3cSecureBindingAddrIp |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.4.1.4 |
The IP address bound with the port and the MAC address. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
IpAddress |
|
|
h3cSecureBindingRowStatus |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.4.1.5 |
This manages the creation and deletion or rows, and shows
status of the entry. This object has the following values.
active(1) The indexed MAC address is authorised on this port.
notInService(2) Not Supported.
notReady(3) Not Supported.
createAndGo(4) Assign a new MAC address to the port and authorise
immediately.
createAndWait(5) Not Supported.
destroy(6) Delete this entry.
When creating a new entry, index a new row and use createAndGo(4).
When reading this object, only active(1) will be
returned.
|
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
h3cSecureAssignTable |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.5 |
Table of port assignment management information about authorised user. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
H3cSecureAssignEntry |
|
h3cSecureAssignEntry |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.5.1 |
An entry (conceptual row) representing information about port assignment
about authorised user. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
H3cSecureAssignEntry |
|
|
h3cSecureAssignEnable |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.5.1.1 |
The user-based port configuration control. Setting this attribute
TRUE causes the port to be configured with any configuration
parameters supplied by the authentication server. Setting this
attribute to FALSE causes any configuration parameters supplied
by the authentication server to be ignored. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
h3cSecureVlanAssignment |
1.3.6.1.4.1.43.45.1.10.2.26.1.2.5.1.2 |
The VLAN membership assigned to the port for the authorised user.
This contains the actual value received from the authentication
server. This object will contain a null value if there is no user
authorised to access the port or if the authorised user was not
assigned a VLAN membership. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..255) |
|
h3cSecureAddressLearned |
1.3.6.1.4.1.43.45.1.10.2.26.1.3.1 |
This trap is sent when a new station has been learned. The
port on which the address was received is the first object,
and the MAC address of the learned station is in the second object. |
Status: current |
Access: read-only |
NOTIFICATION-TYPE |
|
|
|
h3cSecureViolation |
1.3.6.1.4.1.43.45.1.10.2.26.1.3.2 |
This trap is sent whenever a security violation has occurred.
The port on which the violation occured is the first object,
and the MAC address of the offending station is in the second object.
ifAdminStatus indicates if the port has been disabled because of the violation.
The implementation may not send violation traps from the same port
at intervals of less than 5 seconds. |
Status: current |
Access: read-only |
NOTIFICATION-TYPE |
|
|
|
h3cSecureLoginFailure |
1.3.6.1.4.1.43.45.1.10.2.26.1.3.3 |
This trap is sent whenever a user network access
authentication has failed. The port on which the violation occured is
the first object, and the MAC address of the offending station is in
the second object. The dot1xAuthSessionUserName is the identity supplied
during the user authentication. |
Status: current |
Access: read-only |
NOTIFICATION-TYPE |
|
|
|
h3cSecureLogon |
1.3.6.1.4.1.43.45.1.10.2.26.1.3.4 |
This trap is sent when a new session is started for
an authorised port user. The port on which the violation occured is
the first object, and the MAC address of the offending station is in
the second object.
The dot1xAuthSessionUserName is the identity supplied during the user
authentication. The dot1xAuthSessionAuthenticMethod indicates how the
user was authorised. The h3cSecurePortVlanMembershipList object
identifies the VLAN membership assigned to the port on session
activation. |
Status: current |
Access: read-only |
NOTIFICATION-TYPE |
|
|
|
h3cSecureLogoff |
1.3.6.1.4.1.43.45.1.10.2.26.1.3.5 |
This trap is sent when a user session is terminated.
The port on which the violation occured is the first object,
and the MAC address of the offending station is in the second object.
The dot1xAuthSessionUserName is the identity supplied during the user
authentication. The dot1xAuthSessionTerminateCause indicates the
reason why the session was terminated.
The h3cSecurePortVlanMembershipList object identifies the VLAN
membership assigned to the port on session termination. |
Status: current |
Access: read-only |
NOTIFICATION-TYPE |
|
|
|
h3cSecureRalmLoginFailure |
1.3.6.1.4.1.43.45.1.10.2.26.1.3.6 |
This trap is sent whenever a user network access
authentication has failed. The port on which the violation
occured is the first object, and the MAC address of the
offending station is in the second object. The authentication mode
indicates how the user was authorised. The h3cSecureRalmAuthUsername
is the identity supplied during the user authentication. |
Status: current |
Access: read-only |
NOTIFICATION-TYPE |
|
|
|
h3cSecureRalmLogon |
1.3.6.1.4.1.43.45.1.10.2.26.1.3.7 |
This trap is sent when a new session is started for
an authorised port user. The port on which the violation
occured is the first object, and the MAC address of
the offending station is in the second object. The authentication mode
indicates how the user was authorised. The h3cSecureRalmAuthUsername is
the identity supplied during the user authentication. The
h3cSecurePortVlanMembershipList object identifies the VLAN
membership assigned to the port on session activation. |
Status: current |
Access: read-only |
NOTIFICATION-TYPE |
|
|
|
h3cSecureRalmLogoff |
1.3.6.1.4.1.43.45.1.10.2.26.1.3.8 |
This trap is sent when a new session is started for
an authorised port user. The port on which the violation
occured is the first object, and the MAC address of the
offending station is in the second object. The authentication mode
indicates how the user was authorised. The h3cSecureRalmAuthUsername is
the identity supplied during the user authentication. The
h3cSecurePortVlanMembershipList object identifies the VLAN
membership assigned to the port on session activation. |
Status: current |
Access: read-only |
NOTIFICATION-TYPE |
|
|
|