ENTERASYS-8021X-REKEYING-MIB
File:
ENTERASYS-8021X-REKEYING-MIB.mib (11461 bytes)
Imported modules
Imported symbols
Defined Types
EtsysDot1xRekeyConfigEntry |
|
SEQUENCE |
|
|
|
|
etsysDot1xRekeyEnabled |
TruthValue |
|
|
etsysDot1xRekeyPeriod |
Unsigned32 |
|
|
etsysDot1xRekeyLength |
INTEGER |
|
|
etsysDot1xRekeyAsymmetric |
TruthValue |
|
|
etsysDot1xRekeyPairwise |
TruthValue |
|
Defined Values
etsys8021xRekeyingMIB |
1.3.6.1.4.1.5624.1.2.17 |
This MIB module defines a portion of the SNMP enterprise
MIBs under Enterasys Networks' enterprise OID pertaining to
IEEE 802.1x authentication.
This MIB is designed to supplement and be used in connection
with the standard IEEE 802.1x MIB.
It provides configuration controls for Enterasys Networks'
rapid rekeying feature -- a feature that enhances wireless
LAN security by changing the network's radio keys on a
regular basis. |
MODULE-IDENTITY |
|
|
|
etsysDot1xRekeyConfigTable |
1.3.6.1.4.1.5624.1.2.17.1.1.1 |
A table that contains encryption-key-related configuration
objects for ports on which Authenticator PAEs can run. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
EtsysDot1xRekeyConfigEntry |
|
etsysDot1xRekeyConfigEntry |
1.3.6.1.4.1.5624.1.2.17.1.1.1.1 |
Each conceptual row holds encryption key configuration
information for the Authenticator PAEs associated with one
port. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
EtsysDot1xRekeyConfigEntry |
|
|
etsysDot1xRekeyEnabled |
1.3.6.1.4.1.5624.1.2.17.1.1.1.1.1 |
Determines how an access point selects radio encryption
keys.
If the selected port/Authenticator PAE does not support
the EAPOL-Key feature (e.g., because radio keys are not
applicable to Ethernet ports), this object's value will
be FALSE and attempts to write TRUE will fail.
Normally, if radio keys are present, the manager enters
them into the access point through some manual process.
The manager or the users may also need to configure the
keys into each laptop (access points can distribute the
keys automatically to 802.1x EAP-TLS clients). However
laptops get keys, the keys remain static until somebody
goes to the trouble of changing them. If the keys stay
unchanged for long periods, this can make it easier for
a determined attacker to launch a cryptographic attack.
When rapid rekeying is enabled, an access point ignores
its manually-set keys. It generates pseudo-random keys
on a periodic basis, using IEEE 802.1x key distribution
to deliver the keys to new and current clients.
Do not enable rapid rekeying unless ALL of your clients
support IEEE 802.1x and an authentication method (e.g.,
EAP-TLS) that supports key distribution.
Before enabling rapid rekeying, make sure that you have
set 'dot1xAuthKeyTxEnabled' to TRUE. Changing the keys
without telling any of the clients about the changes is
not a very useful mode of operation. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
etsysDot1xRekeyPeriod |
1.3.6.1.4.1.5624.1.2.17.1.1.1.1.2 |
When rapid rekeying (periodic changing of radio keys) is
enabled, the value of this object determines the period,
in seconds, between key changes. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
etsysDot1xRekeyLength |
1.3.6.1.4.1.5624.1.2.17.1.1.1.1.3 |
Determines the number of bits/bytes used in the
encryption keys. Currently supports either 128-bit
(16-octet) encryption keys or 40-bit (5-octet)
encryption keys. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
keylen40(1), keylen128(2) |
|
etsysDot1xRekeyAsymmetric |
1.3.6.1.4.1.5624.1.2.17.1.1.1.1.4 |
Determines the association between the supplicant and
authenticator transmit keys.
If true(1), the authenticator and supplicant will use
different encryption keys in order to transmit data.
If false(2), the authenticator and supplicant will use
a single key pattern to encrypt the transmitted data. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
etsysDot1xRekeyPairwise |
1.3.6.1.4.1.5624.1.2.17.1.1.1.1.5 |
Determines whether Rapid Rekeying tumbles Pairwise keys
(when it is enabled, and the radio card supports them).
If true(1), it indicates that the access point should
tumble both Pairwise and Group keys.
If false(2), it indicates that the access point should
tumble only Group keys. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
etsysDot1xRekeyingBaseGroup |
1.3.6.1.4.1.5624.1.2.17.2.1.1 |
A collection of objects providing rekeying configuration
information about a port on which Authenticator PAEs can
run. |
Status: current |
Access: read-write |
OBJECT-GROUP |
|
|
|
etsysDot1xRekeyingPairwiseGroup |
1.3.6.1.4.1.5624.1.2.17.2.1.2 |
A collection of objects providing rekeying configuration
information related to Pairwise keys. |
Status: current |
Access: read-write |
OBJECT-GROUP |
|
|
|
etsysDot1xRekeyingCompliance |
1.3.6.1.4.1.5624.1.2.17.2.2.1 |
The compliance statement for devices that support the
Enterasys IEEE 802.1x extensions MIB. |
Status: current |
Access: read-only |
MODULE-COMPLIANCE |
|
|
|