idnits 2.17.1 draft-ietf-bridge-8021x-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 175 has weird spacing: '...lishing of th...' == Line 217 has weird spacing: '...icating dot1x...' == Line 239 has weird spacing: '...tistics dot...' == Line 271 has weird spacing: '...eceived dot...' == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (May 2004) is 7284 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC2571' is mentioned on line 94, but not defined ** Obsolete undefined reference: RFC 2571 (Obsoleted by RFC 3411) == Missing Reference: 'RFC1155' is mentioned on line 100, but not defined == Missing Reference: 'RFC1215' is mentioned on line 101, but not defined == Unused Reference: 'IEEESTD8021' is defined on line 2057, but no explicit reference was found in the text == Unused Reference: 'RFC2863' is defined on line 2074, but no explicit reference was found in the text == Unused Reference: 'RFC3411' is defined on line 2077, but no explicit reference was found in the text == Unused Reference: 'RFC3635' is defined on line 2086, but no explicit reference was found in the text == Unused Reference: 'RFC2119' is defined on line 2115, but no explicit reference was found in the text -- Possible downref: Non-RFC (?) normative reference: ref. 'IEEESTD8021' ** Downref: Normative reference to an Informational RFC: RFC 3410 -- Possible downref: Non-RFC (?) normative reference: ref. '8021XAUTH' -- Possible downref: Non-RFC (?) normative reference: ref. '8021XSUPP' -- Obsolete informational reference (is this intentional?): RFC 1905 (Obsoleted by RFC 3416) -- Obsolete informational reference (is this intentional?): RFC 1906 (Obsoleted by RFC 3417) -- Obsolete informational reference (is this intentional?): RFC 2570 (Obsoleted by RFC 3410) -- Obsolete informational reference (is this intentional?): RFC 2572 (Obsoleted by RFC 3412) -- Obsolete informational reference (is this intentional?): RFC 2574 (Obsoleted by RFC 3414) -- Obsolete informational reference (is this intentional?): RFC 2573 (Obsoleted by RFC 3413) -- Obsolete informational reference (is this intentional?): RFC 2575 (Obsoleted by RFC 3415) Summary: 5 errors (**), 0 flaws (~~), 15 warnings (==), 12 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Bridge Working Group K.C. Norseth 2 INTERNET-DRAFT L-3 Communications 3 November 2003 4 Expires May 2004 6 Definitions for Port Access Control (IEEE 802.1X) MIB 7 draft-ietf-bridge-8021x-03.txt 9 Status of this Memo 11 This document is an Internet-Draft and is subject to all provisions 12 of Section 10 of RFC2026, except that the right to produce derivative 13 works is not granted, other than to extract the MIB module in Section 14 4 as-is for separate use. 16 Internet-Drafts are working documents of the Internet Engineering 17 Task Force (IETF), its areas, and its working groups. Note that 18 other groups may also distribute working documents as Internet- 19 Drafts. 21 Internet-Drafts are draft documents valid for a maximum of six months 22 and may be updated, replaced, or obsoleted by other documents at any 23 time. It is inappropriate to use Internet- Drafts as reference 24 material or to cite them other than as "work in progress." 26 The list of current Internet-Drafts can be accessed at 27 http://www.ietf.org/1id-abstracts.html 29 The list of Internet-Draft Shadow Directories can be accessed at 30 http://www.ietf.org/shadow.html 32 Copyright Notice 34 Copyright (C) The Internet Society (2003). All Rights Reserved. 36 IESG Note 38 This document is not the product of an IETF Working Group. The IETF 39 currently has no effort underway to standardize the Port Access 40 Control (IEEE 802.1X) MIB 42 Abstract 44 This document defines a portion of the Management Information Base 45 (MIB) for use with network management protocols in TCP/IP-based 46 internets. In particular, it defines objects for managing the 47 operation of Port Access Control, based on the specification 48 contained in Clause 8 and Clause 9 of the IEEE 802.1X standard. This 49 clause includes a MIB module that is SNMPv2 SMI compliant. 51 This standard defines a mechanism for Port-based network access 52 control that makes use of the physical access characteristics of 53 IEEE 802 LAN infrastructures in order to provide a means of 54 authenticating and authorizing devices attached to a LAN port that 55 has point-to-point connection characteristics, and of preventing 56 access to that port in cases in which the authentication and 57 authorization process fails. 59 This standard is part of a family of standards for local and 60 metropolitan area networks. 62 This draft is written within the IEEE 802.1X working group and is 63 being presented to the IETF for informational purposes. 65 Table of Contents 67 1. Introduction ............................................... 2 68 2. Overview .................................................. 3 69 2.1. Scope ................................................... 4 70 3. Structure of MIB ........................................... 4 71 3.1 Relationship to the managed objects defined in IEEE 802.1X . 4 72 3.2 The PAE System Group ..................................... 6 73 3.3 The PAE Authenticator Group ............................... 6 74 3.4 The PAE Supplicant Group .................................. 6 75 3.5 Relationship to other MIBs ................................ 6 76 3.6 Relationship to the Interfaces MIB ........................ 6 77 4 Definitions for the 802.1X-MIB ............................. 7 78 5. Intellectual Property .................................... 38 79 6. Acknowledgements ......................................... 38 80 7. Normative References ...................................... 39 81 8. Informative References ................................... 39 82 9. Security Considerations .................................. 40 83 10. Author's Address ......................................... 41 84 11. Change Log ............................................... 41 85 12. Full Copyright Statement .................................. 41 87 1. Introduction 89 The SNMP Management Framework 91 The SNMP Management Framework presently consists of five major 92 components: 94 o An overall architecture, described in RFC 2571 [RFC2571]. 96 o Mechanisms for describing and naming objects and events for the 97 purpose of management. The first version of this Structure of 98 Management Information (SMI) is called SMIv1 and described in 100 STD 16, RFC 1155 [RFC1155], STD 16, RFC 1212 [RFC1212] and RFC 101 1215 [RFC1215]. The second version, called SMIv2, is described 102 in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and 103 STD 58, RFC 2580 [RFC2580]. 105 o Message protocols for transferring management information. The 106 first version of the SNMP message protocol is called SNMPv1 and 107 described in STD 15, RFC 1157 [RFC1157]. A second version of 108 the SNMP message protocol, which is not an Internet standards 109 track protocol, is called SNMPv2c and described in RFC 1901 110 [RFC1901] and RFC 1906 [RFC1906]. The third version of the 111 message protocol is called SNMPv3 and described in RFC 1906 112 [RFC1906], RFC 2572 [RFC2572] and RFC 2574 [RFC2574]. 114 o Protocol operations for accessing management information. The 115 first set of protocol operations and associated PDU formats is 116 described in STD 15, RFC 1157 [RFC1157]. A second set of 117 protocol operations and associated PDU formats is described in 118 RFC 1905 [RFC1905]. 120 o A set of fundamental applications described in RFC 2573 121 [RFC2573] and the view-based access control mechanism described 122 in RFC 2575 [RFC2575]. 124 A more detailed introduction to the current SNMP Management Framework 125 can be found in RFC 2570 [RFC2570]. 127 Managed objects are accessed via a virtual information store, termed 128 the Management Information Base or MIB. Objects in the MIB are 129 defined using the mechanisms defined in the SMI. 131 This memo specifies a MIB module that is compliant to the SMIv2. A 132 MIB conforming to the SMIv1 can be produced through the appropriate 133 translations. The resulting translated MIB must be semantically 134 equivalent, except where objects or events are omitted because no 135 translation is possible (use of Counter64). Some machine readable 136 information in SMIv2 will be converted into textual descriptions in 137 SMIv1 during the translation process. However, this loss of machine 138 readable information is not considered to change the semantics of the 139 MIB. 141 2. Overview 143 Local Area Networks (or LANs; see 3.4 in IEEE Std 802.1D, 1998 144 Edition) are often deployed in environments that permit unauthorized 145 devices to be physically attached to the LAN infrastructure, or 146 permit unauthorized users to attempt to access the LAN through 147 equipment already attached. Examples of such environments include 148 corporate LANs that provide LAN connectivity in areas of a building 149 that are accessible to the general public, and LANs that are deployed 150 by one organization in order to offer connectivity services to other 151 organizations (for example, as may occur in a business park or a 152 serviced office building). In such environments, it is desirable to 153 restrict access to the services offered by the LAN to those users and 154 devices that are permitted to make use of those services. 156 Port-based network access control makes use of the physical access 157 characteristics of IEEE 802 LAN infrastructures in order to provide a 158 means of authenticating and authorizing devices attached to a LAN 159 port that has point-to-point connection characteristics, and of 160 preventing access to that port in cases in which the authentication 161 and authorization process fails. A port in this context is a single 162 point of attachment to the LAN infrastructure. Examples of ports in 163 which the use of authentication can be desirable Include the Ports of 164 MAC Bridges (as specified in IEEE 802.1D), the ports used to attach 165 servers or routers to the LAN infrastructure, and associations 166 between stations and access points in IEEE 802.11 Wireless LANs. 168 2.1. Scope 170 The purpose of this document is to specify how the management 171 operations are made available to a remote manager using the protocol 172 and architectural description provided by the Simple Network 173 Management Protocol (SNMP). 175 This MIB is the republishing of the IEEE Definitions for Port 176 Access Control MIB (802.1X) defined in the 802.1X specification 177 document. 179 3. Structure of MIB 181 A single MIB module is defined in this clause. Objects in the MIB 182 are arranged into groups. Each group is organized as a set of related 183 objects. The overall structure and assignment of objects to their 184 groups is shown in the following subclauses. IEEE Std 802.1X-2001 185 LOCAL AND METROPOLITAN AREA NETWORKS 10.4.1 Relationship to the 186 managed objects defined in IEEE 802.1X Clause 9. The following table 187 contains cross-references between the objects defined in IEEE 802.1X 188 Clause 9 and the MIB objects defined in this clause. 190 3.1 Relationship to the managed objects defined in IEEE 802.1X 192 Note: The relationship sections (9.4.3 Authenticator Diagnostics, 193 9.4.4 Authenticator Session Statistics, etc.) defined related to 194 sections in the 801.1X document specification, not this document. 196 Definition in IEEE 802.1X Clause 9 MIB object(s) 197 --------------------------------- ------------------------------- 199 EAPOL Logoff frames received dot1xAuthEapolLogoffFramesRx 200 EAP Resp/Id frames received dot1xAuthEapolRespIdFramesRx 201 EAP Response frames received dot1xAuthEapolRespFramesRx 202 EAP Req/Id frames transmitted dot1xAuthEapolReqIdFramesTx 203 EAP Request frames transmitted dot1xAuthEapolReqFramesTx 204 Invalid EAPOL frames received dot1xAuthInvalidEapolFramesRx 205 EAP length error frames received dot1xAuthEapLengthErrorFramesRx 206 Last EAPOL frame version dot1xAuthLastEapolFrameVersion 207 Last EAPOL frame source dot1xAuthLastEapolFrameSource 209 9.4.3 Authenticator Diagnostics dot1xAuthDiagTable 210 authEntersConnecting dot1xAuthEntersConnecting 211 authEapLogoffsWhileConnecting dot1xAuthEapLogoffsWhileConnecting 212 authEntersAutheniticating dot1xAuthEntersAuthenticating 213 authAuthSuccessWhileAuthenticating 214 dot1xAuthAuthSuccessWhileAuthenticating 215 authAuthTimeoutsWhileAuthenticating 216 dot1xAuthAuthTimeoutsWhileAuthenticating 217 authAuthFailWhileAuthenticating dot1xAuthAuthFailWhileAuthenticating 218 authAuthReauthsWhileAuthenticating 219 dot1xAuthAuthReauthsWhileAuthenticating 220 authAuthEapStartsWhileAuthenticating 221 dot1xAuthAuthEapStartsWhileAuthenticating 222 authAuthLogoffWhileAuthenticating 223 dot1xAuthAuthEapLogoffWhileAuthenticating 224 authAuthReauthsWhileAuthenticated 225 dot1xAuthAuthReauthsWhileAuthenticated 226 authAuthEapStartsWhileAuthenticated 227 dot1xAuthAuthEapStartsWhileAuthenticated 228 authAuthLogoffWhileAuthenticated 229 dot1xAuthAuthEapLogoffWhileAuthenticated 230 backendResponses dot1xAuthBackendResponses 231 backendAccessChallenges dot1xAuthBackendAccessChallenges 232 backendOtherRequestsToSupplicant 233 dot1xAuthBackendOtherRequestsToSupplicant 234 backendNonNakResponsesFromSupplicant 235 dot1xAuthBackendNonNakResponsesFromSupplicant 236 backendAuthSuccesses dot1xAuthBackendAuthSuccesses 237 backendAuthFails dot1xAuthBackendAuthFails 239 9.4.4 Authenticator Session Statistics dot1xAuthSessionStatsTable 240 Port number dot1xPaePortNumber (table index) 241 Session Octets Received dot1xAuthSessionOctetsRx 243 Session Octets Transmitted dot1xAuthSessionOctetsTx 244 Session Frames Received dot1xAuthSessionFramesRx 245 Session Frames Transmitted dot1xAuthSessionFramesTx 246 Session Identifier dot1xAuthSessionId 247 Session Authentication Method dot1xAuthSessionAuthenticMethod 248 Session Time dot1xAuthSessionTime 249 Session Terminate Cause dot1xAuthSessionTerminateCause 250 Session User Name dot1xAuthSessionUserName 252 9.5.1 Supplicant Configuration dot1xSuppConfigTable 253 Port number dot1xPaePortNumber (table index) 254 Supplicant PAE State dot1xSuppPaeState 255 heldPeriod dot1xSuppHeldPeriod 256 authPeriod dot1xSuppAuthPeriod 257 startPeriod dot1xSuppStartPeriod 258 maxStart dot1xSuppMaxStart 260 9.5.2 Supplicant Statistics dot1xSuppStatsTable 261 Port number dot1xPaePortNumber (table index) 262 EAPOL frames received dot1xSuppEapolFramesRx 263 EAPOL frames transmitted dot1xSuppEapolFramesTx 264 EAPOL Start frames transmitted dot1xSuppEapolStartFramesTx 265 EAPOL Logoff frames transmitted dot1xSuppEapolLogoffFramesTx 266 EAP Resp/Id frames transmitted dot1xSuppEapolRespIdFramesTx 267 EAP Response frames transmitted dot1xSuppEapolRespFramesTx 268 EAP Req/Id frames received dot1xSuppEapolReqIdFramesRx 269 EAP Request frames received dot1xSuppEapolReqFramesRx 270 Invalid EAPOL frames received dot1xSuppInvalidEapolFramesRx 271 EAP length error frames received dot1xSuppEapLengthErrorFramesRx 272 Last EAPOL frame version dot1xSuppLastEapolFrameVersion 273 Last EAPOL frame source dot1xSuppLastEapolFrameSource 275 3.2 The PAE System Group 277 This group of objects provides management functionality that is not 278 specific to the operation of either of the two PAE roles (Supplicant 279 and Authenticator). A means of enabling and disabling the operation 280 of Port Access Control for the entire system is provided, plus a 281 per-Port indication of the protocol version supported and the PAE 282 roles supported by the port. As it is not mandatory for all Ports of 283 a System to support PAE functionality, there may be Port entries 284 that indicate Ports that support neither Supplicant nor 285 Authenticator functionality. 287 3.3 The PAE Authenticator Group 289 This group of objects provides, for each Port of an Authenticator 290 [8021XAUTH], the functionality necessary to allow configuration of 291 the operation of the Authenticator PAE, recording and retrieving 292 statistical information relating to the operation of the 293 Authenticator PAE, and recording and retrieving information relating 294 to a session (i.e., the period of time between consecutive 295 authentications on the Port). 297 3.4 The PAE Supplicant Group 299 This group of objects provides, for each Port of a Supplicant 300 [8021XSUPP], the functionality necessary to allow configuration of 301 the operation of the Supplicant PAE, and recording and retrieving 302 statistical information relating to the operation of the 303 Authenticator PAE. 305 3.5 Relationship to other MIBs 307 It is assumed that a system implementing this MIB will also implement 308 (at least) the system group defined in MIB-II defined in IETF RFC 309 1213 and the interfaces group defined in IETF RFC 2863. 311 3.6 Relationship to the Interfaces MIB 313 IETF RFC 2863, the Interface MIB Evolution, requires that any MIB 314 that is an adjunct of the Interface MIB clarify specific areas within 315 the Interface MIB. These areas were intentionally left vague in IETF 316 RFC 2863 to avoid overconstraining the MIB, thereby precluding 317 management of certain media types. 319 Section 3.3 of IETF RFC 2863 enumerates several areas that a 320 media-specific MIB must clarify. Each of these areas is addressed in 321 a following subsection. The implementor is referred to IETF RFC 2863 322 in order to understand the general intent of these areas. 324 In IETF RFC 2863, the interfaces group is defined as being 325 mandatory for all systems and contains information on an entity's 326 interfaces, where each interface is thought of as being attached to 327 a subnetwork. 329 (Note that this term is not to be confused with subnet, which refers 330 to an addressing partitioning scheme used in the Internet suite of 331 protocols.) The term segment is sometimes used to refer to such a 332 subnetwork. 334 Where Port numbers are used in this standard to identify Ports of a 335 System, these numbers are equal to the ifIndex value for the 336 interface for the corresponding Port. 338 4 Definitions for the 802.1X-MIB 340 In the MIB definition below, should any discrepancy between the 341 DESCRIPTION text and the corresponding definition in IEEE 802.1X 342 Clause 9 occur, the definition in IEEE 802.1X Clause 9 shall take 343 precedence. 345 The MIB module below was originally published on-line as: 347 http://www.ieee802.org/1/files/public/MIBs/802-1x-2001-mib.txt 349 The text that follows includes certain corrections relative to the 350 original version that were necessary in order to get the module to 351 compile. These changes were: 353 - Replaced all non-ascii double quotes and apostrophes by the 354 equivalent ASCII characters; 356 - In the MODULE-IDENTITY value assignment changed 357 "iso(1)" to "iso"; 359 - Added dot1xPaePortReauthenticate and 360 dot1xAuthSessionUserName to 361 the appropriate conformance groups. 363 IEEE8021-PAE-MIB DEFINITIONS ::= BEGIN 365 -- ---------------------------------------------------------- -- 366 -- IEEE 802.1X MIB 367 -- ---------------------------------------------------------- -- 369 IMPORTS 370 MODULE-IDENTITY, OBJECT-TYPE, Counter32, Counter64, 371 Unsigned32, TimeTicks 372 FROM SNMPv2-SMI 373 MacAddress, TEXTUAL-CONVENTION, TruthValue 374 FROM SNMPv2-TC 375 MODULE-COMPLIANCE, OBJECT-GROUP 376 FROM SNMPv2-CONF 377 SnmpAdminString 378 FROM SNMP-FRAMEWORK-MIB 379 InterfaceIndex 380 FROM IF-MIB 381 ; 383 ieee8021paeMIB MODULE-IDENTITY 384 LAST-UPDATED "200309050000Z" 385 ORGANIZATION "IEEE 802.1 Working Group" 386 CONTACT-INFO 387 "http://grouper.ieee.org/groups/802/1/index.html" 389 DESCRIPTION 390 "The Port Access Entity module for managing IEEE 391 802.1X." 393 REVISION "200309050000Z" 394 DESCRIPTION "The IETF published version as in RFC xxxx. 396 The IETF Bridge-mib WG made the following changes: 397 - Replaced all non-ascii double quotes and 398 apostrophes by the equivalent ASCII characters; 399 - In the MODULE-IDENTITY value assignment changed 400 'iso(1)' to 'iso'; 401 - Added dot1xPaePortReauthenticate and 402 dot1xAuthSessionUserName to the appropriate 403 conformance groups. 404 " 405 REVISION "200101160000Z" -- Jan 16th, 2001 406 DESCRIPTION "The initial and authoritative version as published at: 407 http://www.ieee802.org/1/files/public/MIBs/802-1x-2001-mib.txt 408 " 410 ::= { iso std(0) iso8802(8802) ieee802dot1(1) 411 ieee802dot1mibs(1) 1 } 413 paeMIBObjects OBJECT IDENTIFIER ::= { ieee8021paeMIB 1 } 415 -- ---------------------------------------------------------- -- 416 -- Textual Conventions 417 -- ---------------------------------------------------------- -- 419 PaeControlledDirections ::= TEXTUAL-CONVENTION 420 STATUS current 421 DESCRIPTION 422 "The control mode values for the Authenticator PAE." 423 SYNTAX INTEGER { 424 both(0), 425 in(1) 426 } 428 PaeControlledPortStatus ::= TEXTUAL-CONVENTION 429 STATUS current 430 DESCRIPTION 431 "The status values of the Authenticator PAE controlled 432 Port." 433 SYNTAX INTEGER { 434 authorized(1), 435 unauthorized(2) 436 } 438 PaeControlledPortControl ::= TEXTUAL-CONVENTION 439 STATUS current 440 DESCRIPTION 441 "The control values of the Authenticator PAE controlled 442 Port." 443 SYNTAX INTEGER { 444 forceUnauthorized(1), 445 auto(2), 446 forceAuthorized(3) 447 } 449 -- ---------------------------------------------------------- -- 451 -- ---------------------------------------------------------- -- 452 -- groups in the PAE MIB 453 -- ---------------------------------------------------------- -- 455 dot1xPaeSystem OBJECT IDENTIFIER ::= { paeMIBObjects 1 } 456 dot1xPaeAuthenticator OBJECT IDENTIFIER ::= { paeMIBObjects 2 } 457 dot1xPaeSupplicant OBJECT IDENTIFIER ::= { paeMIBObjects 3 } 459 -- ---------------------------------------------------------- -- 461 -- ---------------------------------------------------------- -- 462 -- The PAE System Group 463 -- ---------------------------------------------------------- -- 465 dot1xPaeSystemAuthControl OBJECT-TYPE 466 SYNTAX INTEGER { enabled(1), disabled(2) } 467 MAX-ACCESS read-write 468 STATUS current 469 DESCRIPTION 470 "The administrative enable/disable state for 471 Port Access Control in a System." 472 REFERENCE 473 "9.6.1, SystemAuthControl" 474 ::= { dot1xPaeSystem 1 } 476 -- ---------------------------------------------------------- -- 477 -- The PAE Port Table 478 -- ---------------------------------------------------------- -- 479 dot1xPaePortTable OBJECT-TYPE 480 SYNTAX SEQUENCE OF Dot1xPaePortEntry 481 MAX-ACCESS not-accessible 482 STATUS current 483 DESCRIPTION 484 "A table of system level information for each port 485 supported by the Port Access Entity. An entry appears 486 in this table for each port of this system." 487 REFERENCE 488 "9.6.1" 489 ::= { dot1xPaeSystem 2 } 491 dot1xPaePortEntry OBJECT-TYPE 492 SYNTAX Dot1xPaePortEntry 493 MAX-ACCESS not-accessible 494 STATUS current 495 DESCRIPTION 496 "The Port number, protocol version, and 497 initialization control for a Port." 498 INDEX { dot1xPaePortNumber } 499 ::= { dot1xPaePortTable 1 } 501 Dot1xPaePortEntry ::= 502 SEQUENCE { 503 dot1xPaePortNumber 504 InterfaceIndex, 505 dot1xPaePortProtocolVersion 506 Unsigned32, 507 dot1xPaePortCapabilities 508 BITS, 509 dot1xPaePortInitialize 510 TruthValue, 511 dot1xPaePortReauthenticate 512 TruthValue 513 } 515 dot1xPaePortNumber OBJECT-TYPE 516 SYNTAX InterfaceIndex 517 MAX-ACCESS not-accessible 518 STATUS current 519 DESCRIPTION 520 "The Port number associated with this Port." 521 REFERENCE 522 "9.6.1, Port number" 523 ::= { dot1xPaePortEntry 1 } 525 dot1xPaePortProtocolVersion OBJECT-TYPE 526 SYNTAX Unsigned32 527 MAX-ACCESS read-only 528 STATUS current 529 DESCRIPTION 530 "The protocol version associated with this Port." 531 REFERENCE 532 "9.6.1, Protocol version" 533 ::= { dot1xPaePortEntry 2 } 535 dot1xPaePortCapabilities OBJECT-TYPE 536 SYNTAX BITS { 537 dot1xPaePortAuthCapable(0), 538 -- Authenticator functions are supported 539 dot1xPaePortSuppCapable(1) 540 -- Supplicant functions are supported 541 } 542 MAX-ACCESS read-only 543 STATUS current 544 DESCRIPTION 545 "Indicates the PAE functionality that this Port 546 supports and that may be managed through this MIB." 547 REFERENCE 548 "9.6.1, PAE Capabilities" 549 ::= { dot1xPaePortEntry 3 } 551 dot1xPaePortInitialize OBJECT-TYPE 552 SYNTAX TruthValue 553 MAX-ACCESS read-write 554 STATUS current 555 DESCRIPTION 556 "The initialization control for this Port. Setting this 557 attribute TRUE causes the Port to be initialized. 558 The attribute value reverts to FALSE once initialization 559 has completed." 560 REFERENCE 561 "9.6.1.2, Initialize Port" 562 ::= { dot1xPaePortEntry 4 } 564 dot1xPaePortReauthenticate OBJECT-TYPE 565 SYNTAX TruthValue 566 MAX-ACCESS read-write 567 STATUS current 568 DESCRIPTION 569 "The reauthentication control for this port. Setting 570 this attribute TRUE causes the Authenticator PAE state 571 machine for the Port to reauthenticate the Supplicant. 572 Setting this attribute FALSE has no effect. 573 This attribute always returns FALSE when it is read." 574 REFERENCE 575 "9.4.1.3 Reauthenticate" 576 ::= { dot1xPaePortEntry 5 } 578 -- ---------------------------------------------------------- -- 579 -- The PAE Authenticator Group 580 -- ---------------------------------------------------------- -- 582 -- ---------------------------------------------------------- -- 583 -- The Authenticator Configuration Table 584 -- ---------------------------------------------------------- -- 585 dot1xAuthConfigTable OBJECT-TYPE 586 SYNTAX SEQUENCE OF Dot1xAuthConfigEntry 587 MAX-ACCESS not-accessible 588 STATUS current 589 DESCRIPTION 590 "A table that contains the configuration objects for the 591 Authenticator PAE associated with each port. 592 An entry appears in this table for each port that may 593 authenticate access to itself." 594 REFERENCE 595 "9.4.1 Authenticator Configuration" 596 ::= { dot1xPaeAuthenticator 1 } 598 dot1xAuthConfigEntry OBJECT-TYPE 599 SYNTAX Dot1xAuthConfigEntry 600 MAX-ACCESS not-accessible 601 STATUS current 602 DESCRIPTION 603 "The configuration information for an Authenticator 604 PAE." 605 INDEX { dot1xPaePortNumber } 606 ::= { dot1xAuthConfigTable 1 } 608 Dot1xAuthConfigEntry ::= 609 SEQUENCE { 610 dot1xAuthPaeState 611 INTEGER, 612 dot1xAuthBackendAuthState 613 INTEGER, 614 dot1xAuthAdminControlledDirections 615 PaeControlledDirections, 616 dot1xAuthOperControlledDirections 617 PaeControlledDirections, 618 dot1xAuthAuthControlledPortStatus 619 PaeControlledPortStatus, 620 dot1xAuthAuthControlledPortControl 621 PaeControlledPortControl, 622 dot1xAuthQuietPeriod 623 Unsigned32, 624 dot1xAuthTxPeriod 625 Unsigned32, 626 dot1xAuthSuppTimeout 627 Unsigned32, 628 dot1xAuthServerTimeout 629 Unsigned32, 630 dot1xAuthMaxReq 631 Unsigned32, 632 dot1xAuthReAuthPeriod 633 Unsigned32, 634 dot1xAuthReAuthEnabled 635 TruthValue, 636 dot1xAuthKeyTxEnabled 637 TruthValue 638 } 640 dot1xAuthPaeState OBJECT-TYPE 641 SYNTAX INTEGER { 642 initialize(1), 643 disconnected(2), 644 connecting(3), 645 authenticating(4), 646 authenticated(5), 647 aborting(6), 648 held(7), 649 forceAuth(8), 650 forceUnauth(9) 651 } 652 MAX-ACCESS read-only 653 STATUS current 654 DESCRIPTION 655 "The current value of the Authenticator PAE state 656 machine." 657 REFERENCE 658 "9.4.1, Authenticator PAE state" 659 ::= { dot1xAuthConfigEntry 1 } 661 dot1xAuthBackendAuthState OBJECT-TYPE 662 SYNTAX INTEGER { 663 request(1), 664 response(2), 665 success(3), 666 fail(4), 667 timeout(5), 668 idle(6), 669 initialize(7) 670 } 671 MAX-ACCESS read-only 672 STATUS current 673 DESCRIPTION 674 "The current state of the Backend Authentication 675 state machine." 676 REFERENCE 677 "9.4.1, Backend Authentication state" 678 ::= { dot1xAuthConfigEntry 2 } 680 dot1xAuthAdminControlledDirections OBJECT-TYPE 681 SYNTAX PaeControlledDirections 682 MAX-ACCESS read-write 683 STATUS current 684 DESCRIPTION 685 "The current value of the administrative controlled 686 directions parameter for the Port." 687 REFERENCE 688 "9.4.1, Admin Control Mode" 689 ::= { dot1xAuthConfigEntry 3 } 691 dot1xAuthOperControlledDirections OBJECT-TYPE 692 SYNTAX PaeControlledDirections 693 MAX-ACCESS read-only 694 STATUS current 695 DESCRIPTION 696 "The current value of the operational controlled 697 directions parameter for the Port." 698 REFERENCE 699 "9.4.1, Oper Control Mode" 700 ::= { dot1xAuthConfigEntry 4 } 702 dot1xAuthAuthControlledPortStatus OBJECT-TYPE 703 SYNTAX PaeControlledPortStatus 704 MAX-ACCESS read-only 705 STATUS current 706 DESCRIPTION 707 "The current value of the controlled Port 708 status parameter for the Port." 709 REFERENCE 710 "9.4.1, AuthControlledPortStatus" 711 ::= { dot1xAuthConfigEntry 5 } 713 dot1xAuthAuthControlledPortControl OBJECT-TYPE 714 SYNTAX PaeControlledPortControl 715 MAX-ACCESS read-write 716 STATUS current 717 DESCRIPTION 718 "The current value of the controlled Port 719 control parameter for the Port." 720 REFERENCE 721 "9.4.1, AuthControlledPortControl" 722 ::= { dot1xAuthConfigEntry 6 } 724 dot1xAuthQuietPeriod OBJECT-TYPE 725 SYNTAX Unsigned32 726 MAX-ACCESS read-write 727 STATUS current 728 DESCRIPTION 729 "The value, in seconds, of the quietPeriod constant 730 currently in use by the Authenticator PAE state 731 machine." 732 REFERENCE 733 "9.4.1, quietPeriod" 734 DEFVAL { 60 } 735 ::= { dot1xAuthConfigEntry 7 } 737 dot1xAuthTxPeriod OBJECT-TYPE 738 SYNTAX Unsigned32 739 MAX-ACCESS read-write 740 STATUS current 741 DESCRIPTION 742 "The value, in seconds, of the txPeriod constant 743 currently in use by the Authenticator PAE state 744 machine." 745 REFERENCE 746 "9.4.1, txPeriod" 748 DEFVAL { 30 } 749 ::= { dot1xAuthConfigEntry 8 } 751 dot1xAuthSuppTimeout OBJECT-TYPE 752 SYNTAX Unsigned32 753 MAX-ACCESS read-write 754 STATUS current 755 DESCRIPTION 756 "The value, in seconds, of the suppTimeout constant 757 currently in use by the Backend Authentication state 758 machine." 759 REFERENCE 760 "9.4.1, suppTimeout" 761 DEFVAL { 30 } 762 ::= { dot1xAuthConfigEntry 9 } 764 dot1xAuthServerTimeout OBJECT-TYPE 765 SYNTAX Unsigned32 766 MAX-ACCESS read-write 767 STATUS current 768 DESCRIPTION 769 "The value, in seconds, of the serverTimeout constant 770 currently in use by the Backend Authentication state 771 machine." 772 REFERENCE 773 "9.4.1, serverTimeout" 774 DEFVAL { 30 } 775 ::= { dot1xAuthConfigEntry 10 } 777 dot1xAuthMaxReq OBJECT-TYPE 778 SYNTAX Unsigned32 779 MAX-ACCESS read-write 780 STATUS current 781 DESCRIPTION 782 "The value of the maxReq constant currently in use by 783 the Backend Authentication state machine." 784 REFERENCE 785 "9.4.1, maxReq" 786 DEFVAL { 2 } 787 ::= { dot1xAuthConfigEntry 11 } 789 dot1xAuthReAuthPeriod OBJECT-TYPE 790 SYNTAX Unsigned32 791 MAX-ACCESS read-write 792 STATUS current 793 DESCRIPTION 794 "The value, in seconds, of the reAuthPeriod constant 795 currently in use by the Reauthentication Timer state 796 machine." 797 REFERENCE 798 "9.4.1, reAuthPeriod" 799 DEFVAL { 3600 } 800 ::= { dot1xAuthConfigEntry 12 } 802 dot1xAuthReAuthEnabled OBJECT-TYPE 803 SYNTAX TruthValue 804 MAX-ACCESS read-write 805 STATUS current 806 DESCRIPTION 807 "The enable/disable control used by the Reauthentication 808 Timer state machine (8.5.5.1)." 809 REFERENCE 810 "9.4.1, reAuthEnabled" 811 DEFVAL { false } 812 ::= { dot1xAuthConfigEntry 13 } 814 dot1xAuthKeyTxEnabled OBJECT-TYPE 815 SYNTAX TruthValue 816 MAX-ACCESS read-write 817 STATUS current 818 DESCRIPTION 819 "The value of the keyTransmissionEnabled constant 820 currently in use by the Authenticator PAE state 821 machine." 822 REFERENCE 823 "9.4.1, keyTransmissionEnabled" 824 ::= { dot1xAuthConfigEntry 14 } 826 -- ---------------------------------------------------------- -- 827 -- The Authenticator Statistics Table 828 -- ---------------------------------------------------------- -- 830 dot1xAuthStatsTable OBJECT-TYPE 831 SYNTAX SEQUENCE OF Dot1xAuthStatsEntry 832 MAX-ACCESS not-accessible 833 STATUS current 834 DESCRIPTION 835 "A table that contains the statistics objects for the 836 Authenticator PAE associated with each Port. 837 An entry appears in this table for each port that may 838 authenticate access to itself." 839 REFERENCE 840 "9.4.2 Authenticator Statistics" 841 ::= { dot1xPaeAuthenticator 2 } 843 dot1xAuthStatsEntry OBJECT-TYPE 844 SYNTAX Dot1xAuthStatsEntry 845 MAX-ACCESS not-accessible 846 STATUS current 847 DESCRIPTION 848 "The statistics information for an Authenticator PAE." 849 INDEX { dot1xPaePortNumber } 850 ::= { dot1xAuthStatsTable 1 } 852 Dot1xAuthStatsEntry ::= 853 SEQUENCE { 854 dot1xAuthEapolFramesRx 855 Counter32, 857 dot1xAuthEapolFramesTx 858 Counter32, 859 dot1xAuthEapolStartFramesRx 860 Counter32, 861 dot1xAuthEapolLogoffFramesRx 862 Counter32, 863 dot1xAuthEapolRespIdFramesRx 864 Counter32, 865 dot1xAuthEapolRespFramesRx 866 Counter32, 867 dot1xAuthEapolReqIdFramesTx 868 Counter32, 869 dot1xAuthEapolReqFramesTx 870 Counter32, 871 dot1xAuthInvalidEapolFramesRx 872 Counter32, 873 dot1xAuthEapLengthErrorFramesRx 874 Counter32, 875 dot1xAuthLastEapolFrameVersion 876 Unsigned32, 877 dot1xAuthLastEapolFrameSource 878 MacAddress 879 } 881 dot1xAuthEapolFramesRx OBJECT-TYPE 882 SYNTAX Counter32 883 MAX-ACCESS read-only 884 STATUS current 885 DESCRIPTION 886 "The number of valid EAPOL frames of any type 887 that have been received by this Authenticator." 888 REFERENCE 889 "9.4.2, EAPOL frames received" 890 ::= { dot1xAuthStatsEntry 1 } 892 dot1xAuthEapolFramesTx OBJECT-TYPE 893 SYNTAX Counter32 894 MAX-ACCESS read-only 895 STATUS current 896 DESCRIPTION 897 "The number of EAPOL frames of any type 898 that have been transmitted by this Authenticator." 899 REFERENCE 900 "9.4.2, EAPOL frames transmitted" 901 ::= { dot1xAuthStatsEntry 2 } 903 dot1xAuthEapolStartFramesRx OBJECT-TYPE 904 SYNTAX Counter32 905 MAX-ACCESS read-only 906 STATUS current 907 DESCRIPTION 908 "The number of EAPOL Start frames that have 909 been received by this Authenticator." 910 REFERENCE 911 "9.4.2, EAPOL Start frames received" 912 ::= { dot1xAuthStatsEntry 3 } 914 dot1xAuthEapolLogoffFramesRx OBJECT-TYPE 915 SYNTAX Counter32 916 MAX-ACCESS read-only 917 STATUS current 918 DESCRIPTION 919 "The number of EAPOL Logoff frames that have 920 been received by this Authenticator." 921 REFERENCE 922 "9.4.2, EAPOL Logoff frames received" 923 ::= { dot1xAuthStatsEntry 4 } 925 dot1xAuthEapolRespIdFramesRx OBJECT-TYPE 926 SYNTAX Counter32 927 MAX-ACCESS read-only 928 STATUS current 929 DESCRIPTION 930 "The number of EAP Resp/Id frames that have 931 been received by this Authenticator." 932 REFERENCE 933 "9.4.2, EAPOL Resp/Id frames received" 934 ::= { dot1xAuthStatsEntry 5 } 936 dot1xAuthEapolRespFramesRx OBJECT-TYPE 937 SYNTAX Counter32 938 MAX-ACCESS read-only 939 STATUS current 940 DESCRIPTION 941 "The number of valid EAP Response frames 942 (other than Resp/Id frames) that have been 943 received by this Authenticator." 944 REFERENCE 945 "9.4.2, EAPOL Response frames received" 946 ::= { dot1xAuthStatsEntry 6 } 948 dot1xAuthEapolReqIdFramesTx OBJECT-TYPE 949 SYNTAX Counter32 950 MAX-ACCESS read-only 951 STATUS current 952 DESCRIPTION 953 "The number of EAP Req/Id frames that have been 954 transmitted by this Authenticator." 955 REFERENCE 956 "9.4.2, EAPOL Req/Id frames transmitted" 957 ::= { dot1xAuthStatsEntry 7 } 959 dot1xAuthEapolReqFramesTx OBJECT-TYPE 960 SYNTAX Counter32 961 MAX-ACCESS read-only 962 STATUS current 963 DESCRIPTION 964 "The number of EAP Request frames 965 (other than Rq/Id frames) that have been 966 transmitted by this Authenticator." 967 REFERENCE 968 "9.4.2, EAPOL Request frames transmitted" 969 ::= { dot1xAuthStatsEntry 8 } 971 dot1xAuthInvalidEapolFramesRx OBJECT-TYPE 972 SYNTAX Counter32 973 MAX-ACCESS read-only 974 STATUS current 975 DESCRIPTION 976 "The number of EAPOL frames that have been 977 received by this Authenticator in which the 978 frame type is not recognized." 979 REFERENCE 980 "9.4.2, Invalid EAPOL frames received" 981 ::= { dot1xAuthStatsEntry 9 } 983 dot1xAuthEapLengthErrorFramesRx OBJECT-TYPE 984 SYNTAX Counter32 985 MAX-ACCESS read-only 986 STATUS current 987 DESCRIPTION 988 "The number of EAPOL frames that have been received 989 by this Authenticator in which the Packet Body 990 Length field is invalid." 991 REFERENCE 992 "9.4.2, EAP length error frames received" 993 ::= { dot1xAuthStatsEntry 10 } 995 dot1xAuthLastEapolFrameVersion OBJECT-TYPE 996 SYNTAX Unsigned32 997 MAX-ACCESS read-only 998 STATUS current 999 DESCRIPTION 1000 "The protocol version number carried in the 1001 most recently received EAPOL frame." 1002 REFERENCE 1003 "9.4.2, Last EAPOL frame version" 1004 ::= { dot1xAuthStatsEntry 11 } 1006 dot1xAuthLastEapolFrameSource OBJECT-TYPE 1007 SYNTAX MacAddress 1008 MAX-ACCESS read-only 1009 STATUS current 1010 DESCRIPTION 1011 "The source MAC address carried in the 1012 most recently received EAPOL frame." 1013 REFERENCE 1014 "9.4.2, Last EAPOL frame source" 1015 ::= { dot1xAuthStatsEntry 12 } 1017 -- ---------------------------------------------------------- -- 1018 -- The Authenticator Diagnostics Table 1019 -- ---------------------------------------------------------- -- 1021 dot1xAuthDiagTable OBJECT-TYPE 1022 SYNTAX SEQUENCE OF Dot1xAuthDiagEntry 1023 MAX-ACCESS not-accessible 1024 STATUS current 1025 DESCRIPTION 1026 "A table that contains the diagnostics objects for the 1027 Authenticator PAE associated with each Port. 1028 An entry appears in this table for each port that may 1029 authenticate access to itself." 1030 REFERENCE 1031 "9.4.3 Authenticator Diagnostics" 1032 ::= { dot1xPaeAuthenticator 3 } 1034 dot1xAuthDiagEntry OBJECT-TYPE 1035 SYNTAX Dot1xAuthDiagEntry 1036 MAX-ACCESS not-accessible 1037 STATUS current 1038 DESCRIPTION 1039 "The diagnostics information for an Authenticator PAE." 1040 INDEX { dot1xPaePortNumber } 1041 ::= { dot1xAuthDiagTable 1 } 1043 Dot1xAuthDiagEntry ::= 1044 SEQUENCE { 1045 dot1xAuthEntersConnecting 1046 Counter32, 1047 dot1xAuthEapLogoffsWhileConnecting 1048 Counter32, 1049 dot1xAuthEntersAuthenticating 1050 Counter32, 1051 dot1xAuthAuthSuccessWhileAuthenticating 1052 Counter32, 1053 dot1xAuthAuthTimeoutsWhileAuthenticating 1054 Counter32, 1055 dot1xAuthAuthFailWhileAuthenticating 1056 Counter32, 1057 dot1xAuthAuthReauthsWhileAuthenticating 1058 Counter32, 1059 dot1xAuthAuthEapStartsWhileAuthenticating 1060 Counter32, 1061 dot1xAuthAuthEapLogoffWhileAuthenticating 1062 Counter32, 1063 dot1xAuthAuthReauthsWhileAuthenticated 1064 Counter32, 1065 dot1xAuthAuthEapStartsWhileAuthenticated 1066 Counter32, 1067 dot1xAuthAuthEapLogoffWhileAuthenticated 1068 Counter32, 1069 dot1xAuthBackendResponses 1070 Counter32, 1071 dot1xAuthBackendAccessChallenges 1072 Counter32, 1074 dot1xAuthBackendOtherRequestsToSupplicant 1075 Counter32, 1076 dot1xAuthBackendNonNakResponsesFromSupplicant 1077 Counter32, 1078 dot1xAuthBackendAuthSuccesses 1079 Counter32, 1080 dot1xAuthBackendAuthFails 1081 Counter32 1082 } 1084 dot1xAuthEntersConnecting OBJECT-TYPE 1085 SYNTAX Counter32 1086 MAX-ACCESS read-only 1087 STATUS current 1088 DESCRIPTION 1089 "Counts the number of times that the state machine 1090 transitions to the CONNECTING state from any other 1091 state." 1092 REFERENCE 1093 "9.4.2, 8.5.4.2.1" 1094 ::= { dot1xAuthDiagEntry 1 } 1096 dot1xAuthEapLogoffsWhileConnecting OBJECT-TYPE 1097 SYNTAX Counter32 1098 MAX-ACCESS read-only 1099 STATUS current 1100 DESCRIPTION 1101 "Counts the number of times that the state machine 1102 transitions from CONNECTING to DISCONNECTED as a result 1103 of receiving an EAPOL-Logoff message." 1104 REFERENCE 1105 "9.4.2, 8.5.4.2.2" 1106 ::= { dot1xAuthDiagEntry 2 } 1108 dot1xAuthEntersAuthenticating OBJECT-TYPE 1109 SYNTAX Counter32 1110 MAX-ACCESS read-only 1111 STATUS current 1112 DESCRIPTION 1113 "Counts the number of times that the state machine 1114 transitions from CONNECTING to AUTHENTICATING, as a 1115 result of an EAP-Response/Identity message being 1116 received from the Supplicant." 1117 REFERENCE 1118 "9.4.2, 8.5.4.2.3" 1119 ::= { dot1xAuthDiagEntry 3 } 1121 dot1xAuthAuthSuccessWhileAuthenticating OBJECT-TYPE 1122 SYNTAX Counter32 1123 MAX-ACCESS read-only 1124 STATUS current 1125 DESCRIPTION 1126 "Counts the number of times that the state machine 1127 transitions from AUTHENTICATING to AUTHENTICATED, as a 1128 result of the Backend Authentication state machine 1129 indicating successful authentication of the Supplicant 1130 (authSuccess = TRUE)." 1131 REFERENCE 1132 "9.4.2, 8.5.4.2.4" 1133 ::= { dot1xAuthDiagEntry 4 } 1135 dot1xAuthAuthTimeoutsWhileAuthenticating OBJECT-TYPE 1136 SYNTAX Counter32 1137 MAX-ACCESS read-only 1138 STATUS current 1139 DESCRIPTION 1140 "Counts the number of times that the state machine 1141 transitions from AUTHENTICATING to ABORTING, as a result 1142 of the Backend Authentication state machine indicating 1143 authentication timeout (authTimeout = TRUE)." 1144 REFERENCE 1145 "9.4.2, 8.5.4.2.5" 1146 ::= { dot1xAuthDiagEntry 5 } 1148 dot1xAuthAuthFailWhileAuthenticating OBJECT-TYPE 1149 SYNTAX Counter32 1150 MAX-ACCESS read-only 1151 STATUS current 1152 DESCRIPTION 1153 "Counts the number of times that the state machine 1154 transitions from AUTHENTICATING to HELD, as a result 1155 of the Backend Authentication state machine indicating 1156 authentication failure (authFail = TRUE)." 1157 REFERENCE 1158 "9.4.2, 8.5.4.2.6" 1159 ::= { dot1xAuthDiagEntry 6 } 1161 dot1xAuthAuthReauthsWhileAuthenticating OBJECT-TYPE 1162 SYNTAX Counter32 1163 MAX-ACCESS read-only 1164 STATUS current 1165 DESCRIPTION 1166 "Counts the number of times that the state machine 1167 transitions from AUTHENTICATING to ABORTING, as a result 1168 of a reauthentication request (reAuthenticate = TRUE)." 1169 REFERENCE 1170 "9.4.2, 8.5.4.2.7" 1171 ::= { dot1xAuthDiagEntry 7 } 1173 dot1xAuthAuthEapStartsWhileAuthenticating OBJECT-TYPE 1174 SYNTAX Counter32 1175 MAX-ACCESS read-only 1176 STATUS current 1177 DESCRIPTION 1178 "Counts the number of times that the state machine 1179 transitions from AUTHENTICATING to ABORTING, as a result 1180 of an EAPOL-Start message being received 1181 from the Supplicant." 1183 REFERENCE 1184 "9.4.2, 8.5.4.2.8" 1185 ::= { dot1xAuthDiagEntry 8 } 1187 dot1xAuthAuthEapLogoffWhileAuthenticating OBJECT-TYPE 1188 SYNTAX Counter32 1189 MAX-ACCESS read-only 1190 STATUS current 1191 DESCRIPTION 1192 "Counts the number of times that the state machine 1193 transitions from AUTHENTICATING to ABORTING, as a result 1194 of an EAPOL-Logoff message being received 1195 from the Supplicant." 1196 REFERENCE 1197 "9.4.2, 8.5.4.2.9" 1198 ::= { dot1xAuthDiagEntry 9 } 1200 dot1xAuthAuthReauthsWhileAuthenticated OBJECT-TYPE 1201 SYNTAX Counter32 1202 MAX-ACCESS read-only 1203 STATUS current 1204 DESCRIPTION 1205 "Counts the number of times that the state machine 1206 transitions from AUTHENTICATED to CONNECTING, as a 1207 result of a reauthentication request 1208 (reAuthenticate = TRUE)." 1209 REFERENCE 1210 "9.4.2, 8.5.4.2.10" 1211 ::= { dot1xAuthDiagEntry 10 } 1213 dot1xAuthAuthEapStartsWhileAuthenticated OBJECT-TYPE 1214 SYNTAX Counter32 1215 MAX-ACCESS read-only 1216 STATUS current 1217 DESCRIPTION 1218 "Counts the number of times that the state machine 1219 transitions from AUTHENTICATED to CONNECTING, as a 1220 result of an EAPOL-Start message being received from the 1221 Supplicant." 1222 REFERENCE 1223 "9.4.2, 8.5.4.2.11" 1224 ::= { dot1xAuthDiagEntry 11 } 1226 dot1xAuthAuthEapLogoffWhileAuthenticated OBJECT-TYPE 1227 SYNTAX Counter32 1228 MAX-ACCESS read-only 1229 STATUS current 1230 DESCRIPTION 1231 "Counts the number of times that the state machine 1232 transitions from AUTHENTICATED to DISCONNECTED, as a 1233 result of an EAPOL-Logoff message being received from 1234 the Supplicant." 1235 REFERENCE 1236 "9.4.2, 8.5.4.2.12" 1238 ::= { dot1xAuthDiagEntry 12 } 1240 dot1xAuthBackendResponses OBJECT-TYPE 1241 SYNTAX Counter32 1242 MAX-ACCESS read-only 1243 STATUS current 1244 DESCRIPTION 1245 "Counts the number of times that the state machine sends 1246 an initial Access-Request packet to the Authentication 1247 server (i.e., executes sendRespToServer on entry to the 1248 RESPONSE state). Indicates that the Authenticator 1249 attempted communication with the Authentication Server." 1250 REFERENCE 1251 "9.4.2, 8.5.6.2.1" 1252 ::= { dot1xAuthDiagEntry 13 } 1254 dot1xAuthBackendAccessChallenges OBJECT-TYPE 1255 SYNTAX Counter32 1256 MAX-ACCESS read-only 1257 STATUS current 1258 DESCRIPTION 1259 "Counts the number of times that the state machine 1260 receives an initial Access-Challenge packet from the 1261 Authentication server (i.e., aReq becomes TRUE, 1262 causing exit from the RESPONSE state). Indicates that 1263 the Authentication Server has communication with 1264 the Authenticator." 1265 REFERENCE 1266 "9.4.2, 8.5.6.2.2" 1267 ::= { dot1xAuthDiagEntry 14 } 1269 dot1xAuthBackendOtherRequestsToSupplicant OBJECT-TYPE 1270 SYNTAX Counter32 1271 MAX-ACCESS read-only 1272 STATUS current 1273 DESCRIPTION 1274 "Counts the number of times that the state machine 1275 sends an EAP-Request packet (other than an Identity, 1276 Notification, Failure or Success message) to the 1277 Supplicant (i.e., executes txReq on entry to the 1278 REQUEST state). Indicates that the Authenticator chose 1279 an EAP-method." 1280 REFERENCE 1281 "9.4.2, 8.5.6.2.3" 1282 ::= { dot1xAuthDiagEntry 15 } 1284 dot1xAuthBackendNonNakResponsesFromSupplicant OBJECT-TYPE 1285 SYNTAX Counter32 1286 MAX-ACCESS read-only 1287 STATUS current 1288 DESCRIPTION 1289 "Counts the number of times that the state machine 1290 receives a response from the Supplicant to an initial 1291 EAP-Request, and the response is something other than 1292 EAP-NAK (i.e., rxResp becomes TRUE, causing the state 1293 machine to transition from REQUEST to RESPONSE, 1294 and the response is not an EAP-NAK). Indicates that 1295 the Supplicant can respond to the Authenticator's 1296 chosen EAP-method." 1297 REFERENCE 1298 "9.4.2, 8.5.6.2.4" 1299 ::= { dot1xAuthDiagEntry 16 } 1301 dot1xAuthBackendAuthSuccesses OBJECT-TYPE 1302 SYNTAX Counter32 1303 MAX-ACCESS read-only 1304 STATUS current 1305 DESCRIPTION 1306 "Counts the number of times that the state machine 1307 receives an EAP-Success message from the Authentication 1308 Server (i.e., aSuccess becomes TRUE, causing a 1309 transition from RESPONSE to SUCCESS). Indicates that 1310 the Supplicant has successfully authenticated to 1311 the Authentication Server." 1312 REFERENCE 1313 "9.4.2, 8.5.6.2.5" 1314 ::= { dot1xAuthDiagEntry 17 } 1316 dot1xAuthBackendAuthFails OBJECT-TYPE 1317 SYNTAX Counter32 1318 MAX-ACCESS read-only 1319 STATUS current 1320 DESCRIPTION 1321 "Counts the number of times that the state machine 1322 receives an EAP-Failure message from the Authentication 1323 Server (i.e., aFail becomes TRUE, causing a transition 1324 from RESPONSE to FAIL). Indicates that the Supplicant 1325 has not authenticated to the Authentication Server." 1326 REFERENCE 1327 "9.4.2, 8.5.6.2.6" 1328 ::= { dot1xAuthDiagEntry 18 } 1330 -- ---------------------------------------------------------- -- 1331 -- The Authenticator Session Statistics Table 1332 -- ---------------------------------------------------------- -- 1334 dot1xAuthSessionStatsTable OBJECT-TYPE 1335 SYNTAX SEQUENCE OF Dot1xAuthSessionStatsEntry 1336 MAX-ACCESS not-accessible 1337 STATUS current 1338 DESCRIPTION 1339 "A table that contains the session statistics objects 1340 for the Authenticator PAE associated with each Port. 1341 An entry appears in this table for each port that may 1342 authenticate access to itself." 1343 REFERENCE 1344 "9.4.4" 1345 ::= { dot1xPaeAuthenticator 4 } 1347 dot1xAuthSessionStatsEntry OBJECT-TYPE 1348 SYNTAX Dot1xAuthSessionStatsEntry 1349 MAX-ACCESS not-accessible 1350 STATUS current 1351 DESCRIPTION 1352 "The session statistics information for an Authenticator 1353 PAE. This shows the current values being collected for 1354 each session that is still in progress, or the final 1355 values for the last valid session on each port where 1356 there is no session currently active." 1357 INDEX { dot1xPaePortNumber } 1358 ::= { dot1xAuthSessionStatsTable 1 } 1360 Dot1xAuthSessionStatsEntry ::= 1361 SEQUENCE { 1362 dot1xAuthSessionOctetsRx 1363 Counter64, 1364 dot1xAuthSessionOctetsTx 1365 Counter64, 1366 dot1xAuthSessionFramesRx 1367 Counter32, 1368 dot1xAuthSessionFramesTx 1369 Counter32, 1370 dot1xAuthSessionId 1371 SnmpAdminString, 1372 dot1xAuthSessionAuthenticMethod 1373 INTEGER, 1374 dot1xAuthSessionTime 1375 TimeTicks, 1376 dot1xAuthSessionTerminateCause 1377 INTEGER, 1378 dot1xAuthSessionUserName 1379 SnmpAdminString 1380 } 1382 dot1xAuthSessionOctetsRx OBJECT-TYPE 1383 SYNTAX Counter64 1384 MAX-ACCESS read-only 1385 STATUS current 1386 DESCRIPTION 1387 "The number of octets received in user data 1388 frames on this Port during the session." 1389 REFERENCE 1390 "9.4.4, Session Octets Received" 1391 ::= { dot1xAuthSessionStatsEntry 1 } 1393 dot1xAuthSessionOctetsTx OBJECT-TYPE 1394 SYNTAX Counter64 1395 MAX-ACCESS read-only 1396 STATUS current 1397 DESCRIPTION 1398 "The number of octets transmitted in user data 1399 frames on this Port during the session." 1401 REFERENCE 1402 "9.4.4, Session Octets Transmitted" 1403 ::= { dot1xAuthSessionStatsEntry 2 } 1405 dot1xAuthSessionFramesRx OBJECT-TYPE 1406 SYNTAX Counter32 1407 MAX-ACCESS read-only 1408 STATUS current 1409 DESCRIPTION 1410 "The number of user data frames received 1411 on this Port during the session." 1412 REFERENCE 1413 "9.4.4, Session Frames Received" 1414 ::= { dot1xAuthSessionStatsEntry 3 } 1416 dot1xAuthSessionFramesTx OBJECT-TYPE 1417 SYNTAX Counter32 1418 MAX-ACCESS read-only 1419 STATUS current 1420 DESCRIPTION 1421 "The number of user data frames transmitted 1422 on this Port during the session." 1423 REFERENCE 1424 "9.4.4, Session Frames Transmitted" 1425 ::= { dot1xAuthSessionStatsEntry 4 } 1427 dot1xAuthSessionId OBJECT-TYPE 1428 SYNTAX SnmpAdminString 1429 MAX-ACCESS read-only 1430 STATUS current 1431 DESCRIPTION 1432 "A unique identifier for the session, in the 1433 form of a printable ASCII string of at least 1434 three characters." 1435 REFERENCE 1436 "9.4.4, Session Identifier" 1437 ::= { dot1xAuthSessionStatsEntry 5 } 1439 dot1xAuthSessionAuthenticMethod OBJECT-TYPE 1440 SYNTAX INTEGER { 1441 remoteAuthServer(1), 1442 localAuthServer(2) 1443 } 1444 MAX-ACCESS read-only 1445 STATUS current 1446 DESCRIPTION 1447 "The authentication method used to establish the 1448 session." 1449 REFERENCE 1450 "9.4.4, Session Authentication Method" 1451 ::= { dot1xAuthSessionStatsEntry 6 } 1453 dot1xAuthSessionTime OBJECT-TYPE 1454 SYNTAX TimeTicks 1455 MAX-ACCESS read-only 1456 STATUS current 1457 DESCRIPTION 1458 "The duration of the session in seconds." 1459 REFERENCE 1460 "9.4.4, Session Time" 1461 ::= { dot1xAuthSessionStatsEntry 7 } 1463 dot1xAuthSessionTerminateCause OBJECT-TYPE 1464 SYNTAX INTEGER { 1465 supplicantLogoff(1), 1466 portFailure(2), 1467 supplicantRestart(3), 1468 reauthFailed(4), 1469 authControlForceUnauth(5), 1470 portReInit(6), 1471 portAdminDisabled(7), 1472 notTerminatedYet(999) 1473 } 1474 MAX-ACCESS read-only 1475 STATUS current 1476 DESCRIPTION 1477 "The reason for the session termination." 1478 REFERENCE 1479 "9.4.4, Session Terminate Cause" 1480 ::= { dot1xAuthSessionStatsEntry 8 } 1482 dot1xAuthSessionUserName OBJECT-TYPE 1483 SYNTAX SnmpAdminString 1484 MAX-ACCESS read-only 1485 STATUS current 1486 DESCRIPTION 1487 "The User-Name representing the identity of the 1488 Supplicant PAE." 1489 REFERENCE 1490 "9.4.4, Session User Name" 1491 ::= { dot1xAuthSessionStatsEntry 9 } 1493 -- ---------------------------------------------------------- -- 1494 -- The PAE Supplicant Group 1495 -- ---------------------------------------------------------- -- 1497 -- ---------------------------------------------------------- -- 1498 -- The Supplicant Configuration Table 1499 -- ---------------------------------------------------------- -- 1501 dot1xSuppConfigTable OBJECT-TYPE 1502 SYNTAX SEQUENCE OF Dot1xSuppConfigEntry 1503 MAX-ACCESS not-accessible 1504 STATUS current 1505 DESCRIPTION 1506 "A table that contains the configuration objects for the 1507 Supplicant PAE associated with each port. 1509 An entry appears in this table for each port that may 1510 authenticate itself when challenged by a remote system." 1511 REFERENCE 1512 "9.5.1" 1513 ::= { dot1xPaeSupplicant 1 } 1515 dot1xSuppConfigEntry OBJECT-TYPE 1516 SYNTAX Dot1xSuppConfigEntry 1517 MAX-ACCESS not-accessible 1518 STATUS current 1519 DESCRIPTION 1520 "The configuration information for a Supplicant PAE." 1521 INDEX { dot1xPaePortNumber } 1522 ::= { dot1xSuppConfigTable 1 } 1524 Dot1xSuppConfigEntry ::= 1525 SEQUENCE { 1526 dot1xSuppPaeState 1527 INTEGER, 1528 dot1xSuppHeldPeriod 1529 Unsigned32, 1530 dot1xSuppAuthPeriod 1531 Unsigned32, 1532 dot1xSuppStartPeriod 1533 Unsigned32, 1534 dot1xSuppMaxStart 1535 Unsigned32 1536 } 1538 dot1xSuppPaeState OBJECT-TYPE 1539 SYNTAX INTEGER { 1540 disconnected(1), 1541 logoff(2), 1542 connecting(3), 1543 authenticating(4), 1544 authenticated(5), 1545 acquired(6), 1546 held(7) 1547 } 1548 MAX-ACCESS read-only 1549 STATUS current 1550 DESCRIPTION 1551 "The current state of the Supplicant PAE state 1552 machine (8.5.8)." 1553 REFERENCE 1554 "9.5.1, Supplicant PAE State" 1555 ::= { dot1xSuppConfigEntry 1 } 1557 dot1xSuppHeldPeriod OBJECT-TYPE 1558 SYNTAX Unsigned32 1559 MAX-ACCESS read-write 1560 STATUS current 1561 DESCRIPTION 1562 "The value, in seconds, of the heldPeriod 1563 constant currently in use by the Supplicant 1564 PAE state machine (8.5.8.1.2)." 1565 REFERENCE 1566 "9.5.1, heldPeriod" 1567 DEFVAL { 60 } 1568 ::= { dot1xSuppConfigEntry 2 } 1570 dot1xSuppAuthPeriod OBJECT-TYPE 1571 SYNTAX Unsigned32 1572 MAX-ACCESS read-write 1573 STATUS current 1574 DESCRIPTION 1575 "The value, in seconds, of the authPeriod 1576 constant currently in use by the Supplicant 1577 PAE state machine (8.5.8.1.2)." 1578 REFERENCE 1579 "9.5.1, authPeriod" 1580 DEFVAL { 30 } 1581 ::= { dot1xSuppConfigEntry 3 } 1583 dot1xSuppStartPeriod OBJECT-TYPE 1584 SYNTAX Unsigned32 1585 MAX-ACCESS read-write 1586 STATUS current 1587 DESCRIPTION 1588 "The value, in seconds, of the startPeriod 1589 constant currently in use by the Supplicant 1590 PAE state machine (8.5.8.1.2)." 1591 REFERENCE 1592 "9.5.1, startPeriod" 1593 DEFVAL { 30 } 1594 ::= { dot1xSuppConfigEntry 4 } 1596 dot1xSuppMaxStart OBJECT-TYPE 1597 SYNTAX Unsigned32 1598 MAX-ACCESS read-write 1599 STATUS current 1600 DESCRIPTION 1601 "The value of the maxStart constant currently in use by 1602 the Supplicant PAE state machine (8.5.8.1.2)." 1603 REFERENCE 1604 "9.5.1, maxStart" 1605 DEFVAL { 3} 1606 ::= { dot1xSuppConfigEntry 5 } 1608 -- ---------------------------------------------------------- -- 1609 -- The Supplicant Statistics Table 1610 -- ---------------------------------------------------------- -- 1612 dot1xSuppStatsTable OBJECT-TYPE 1613 SYNTAX SEQUENCE OF Dot1xSuppStatsEntry 1614 MAX-ACCESS not-accessible 1615 STATUS current 1616 DESCRIPTION 1617 "A table that contains the statistics objects for the 1618 Supplicant PAE associated with each port. 1619 An entry appears in this table for each port that may 1620 authenticate itself when challenged by a remote system." 1621 REFERENCE 1622 "9.5.2" 1623 ::= { dot1xPaeSupplicant 2 } 1625 dot1xSuppStatsEntry OBJECT-TYPE 1626 SYNTAX Dot1xSuppStatsEntry 1627 MAX-ACCESS not-accessible 1628 STATUS current 1629 DESCRIPTION 1630 "The statistics information for a Supplicant PAE." 1631 INDEX { dot1xPaePortNumber } 1632 ::= { dot1xSuppStatsTable 1 } 1634 Dot1xSuppStatsEntry ::= 1635 SEQUENCE { 1636 dot1xSuppEapolFramesRx 1637 Counter32, 1638 dot1xSuppEapolFramesTx 1639 Counter32, 1640 dot1xSuppEapolStartFramesTx 1641 Counter32, 1642 dot1xSuppEapolLogoffFramesTx 1643 Counter32, 1644 dot1xSuppEapolRespIdFramesTx 1645 Counter32, 1646 dot1xSuppEapolRespFramesTx 1647 Counter32, 1648 dot1xSuppEapolReqIdFramesRx 1649 Counter32, 1650 dot1xSuppEapolReqFramesRx 1651 Counter32, 1652 dot1xSuppInvalidEapolFramesRx 1653 Counter32, 1654 dot1xSuppEapLengthErrorFramesRx 1655 Counter32, 1656 dot1xSuppLastEapolFrameVersion 1657 Unsigned32, 1658 dot1xSuppLastEapolFrameSource 1659 MacAddress 1660 } 1662 dot1xSuppEapolFramesRx OBJECT-TYPE 1663 SYNTAX Counter32 1664 MAX-ACCESS read-only 1665 STATUS current 1666 DESCRIPTION 1667 "The number of EAPOL frames of any type 1668 that have been received by this Supplicant." 1669 REFERENCE 1670 "9.5.2, EAPOL frames received" 1672 ::= { dot1xSuppStatsEntry 1 } 1674 dot1xSuppEapolFramesTx OBJECT-TYPE 1675 SYNTAX Counter32 1676 MAX-ACCESS read-only 1677 STATUS current 1678 DESCRIPTION 1679 "The number of EAPOL frames of any type 1680 that have been transmitted by this Supplicant." 1681 REFERENCE 1682 "9.5.2, EAPOL frames transmitted" 1683 ::= { dot1xSuppStatsEntry 2 } 1685 dot1xSuppEapolStartFramesTx OBJECT-TYPE 1686 SYNTAX Counter32 1687 MAX-ACCESS read-only 1688 STATUS current 1689 DESCRIPTION 1690 "The number of EAPOL Start frames 1691 that have been transmitted by this Supplicant." 1692 REFERENCE 1693 "9.5.2, EAPOL Start frames transmitted" 1694 ::= { dot1xSuppStatsEntry 3 } 1696 dot1xSuppEapolLogoffFramesTx OBJECT-TYPE 1697 SYNTAX Counter32 1698 MAX-ACCESS read-only 1699 STATUS current 1700 DESCRIPTION 1701 "The number of EAPOL Logoff frames 1702 that have been transmitted by this Supplicant." 1703 REFERENCE 1704 "9.5.2, EAPOL Logoff frames transmitted" 1705 ::= { dot1xSuppStatsEntry 4 } 1707 dot1xSuppEapolRespIdFramesTx OBJECT-TYPE 1708 SYNTAX Counter32 1709 MAX-ACCESS read-only 1710 STATUS current 1711 DESCRIPTION 1712 "The number of EAP Resp/Id frames 1713 that have been transmitted by this Supplicant." 1714 REFERENCE 1715 "9.5.2, EAP Resp/Id frames transmitted" 1716 ::= { dot1xSuppStatsEntry 5 } 1718 dot1xSuppEapolRespFramesTx OBJECT-TYPE 1719 SYNTAX Counter32 1720 MAX-ACCESS read-only 1721 STATUS current 1722 DESCRIPTION 1723 "The number of valid EAP Response frames 1724 (other than Resp/Id frames) 1725 that have been transmitted by this Supplicant." 1727 REFERENCE 1728 "9.5.2, EAP Resp frames transmitted" 1729 ::= { dot1xSuppStatsEntry 6 } 1731 dot1xSuppEapolReqIdFramesRx OBJECT-TYPE 1732 SYNTAX Counter32 1733 MAX-ACCESS read-only 1734 STATUS current 1735 DESCRIPTION 1736 "The number of EAP Req/Id frames 1737 that have been received by this Supplicant." 1738 REFERENCE 1739 "9.5.2, EAP Req/Id frames received" 1740 ::= { dot1xSuppStatsEntry 7 } 1742 dot1xSuppEapolReqFramesRx OBJECT-TYPE 1743 SYNTAX Counter32 1744 MAX-ACCESS read-only 1745 STATUS current 1746 DESCRIPTION 1747 "The number of EAP Request frames (other than Rq/Id 1748 frames) that have been received by this Supplicant." 1749 REFERENCE 1750 "9.5.2, EAP Req frames received" 1751 ::= { dot1xSuppStatsEntry 8 } 1753 dot1xSuppInvalidEapolFramesRx OBJECT-TYPE 1754 SYNTAX Counter32 1755 MAX-ACCESS read-only 1756 STATUS current 1757 DESCRIPTION 1758 "The number of EAPOL frames that have been 1759 received by this Supplicant in which the 1760 frame type is not recognized." 1761 REFERENCE 1762 "9.5.2, Invalid EAPOL frames received" 1763 ::= { dot1xSuppStatsEntry 9 } 1765 dot1xSuppEapLengthErrorFramesRx OBJECT-TYPE 1766 SYNTAX Counter32 1767 MAX-ACCESS read-only 1768 STATUS current 1769 DESCRIPTION 1770 "The number of EAPOL frames that have been 1771 received by this Supplicant in which the Packet 1772 Body Length field (7.5.5) is invalid." 1773 REFERENCE 1774 "9.5.2, EAP length error frames received" 1775 ::= { dot1xSuppStatsEntry 10 } 1777 dot1xSuppLastEapolFrameVersion OBJECT-TYPE 1778 SYNTAX Unsigned32 1779 MAX-ACCESS read-only 1780 STATUS current 1781 DESCRIPTION 1782 "The protocol version number carried in the 1783 most recently received EAPOL frame." 1784 REFERENCE 1785 "9.5.2, Last EAPOL frame version" 1786 ::= { dot1xSuppStatsEntry 11 } 1788 dot1xSuppLastEapolFrameSource OBJECT-TYPE 1789 SYNTAX MacAddress 1790 MAX-ACCESS read-only 1791 STATUS current 1792 DESCRIPTION 1793 "The source MAC address carried in the 1794 most recently received EAPOL frame." 1795 REFERENCE 1796 "9.5.2, Last EAPOL frame source" 1797 ::= { dot1xSuppStatsEntry 12 } 1799 -- ---------------------------------------------------------- -- 1800 -- IEEE 802.1X MIB - Conformance Information 1801 -- ---------------------------------------------------------- -- 1803 dot1xPaeConformance OBJECT IDENTIFIER ::= { ieee8021paeMIB 2 } 1805 dot1xPaeGroups OBJECT IDENTIFIER ::= { dot1xPaeConformance 1 } 1807 dot1xPaeCompliances OBJECT IDENTIFIER 1808 ::= { dot1xPaeConformance 2 } 1810 -- ---------------------------------------------------------- -- 1811 -- units of conformance 1812 -- ---------------------------------------------------------- -- 1814 dot1xPaeSystemGroup OBJECT-GROUP 1815 OBJECTS { 1816 dot1xPaeSystemAuthControl, 1817 dot1xPaePortProtocolVersion, 1818 dot1xPaePortCapabilities, 1819 dot1xPaePortInitialize, 1820 dot1xPaePortReauthenticate 1821 } 1822 STATUS current 1823 DESCRIPTION 1824 "A collection of objects providing system information 1825 about, and control over, a PAE." 1826 ::= { dot1xPaeGroups 1 } 1828 dot1xPaeAuthConfigGroup OBJECT-GROUP 1829 OBJECTS { 1830 dot1xAuthPaeState, 1831 dot1xAuthBackendAuthState, 1832 dot1xAuthAdminControlledDirections, 1833 dot1xAuthOperControlledDirections, 1834 dot1xAuthAuthControlledPortStatus, 1835 dot1xAuthAuthControlledPortControl, 1836 dot1xAuthQuietPeriod, 1837 dot1xAuthTxPeriod, 1838 dot1xAuthSuppTimeout, 1839 dot1xAuthServerTimeout, 1840 dot1xAuthMaxReq, 1841 dot1xAuthReAuthPeriod, 1842 dot1xAuthReAuthEnabled, 1843 dot1xAuthKeyTxEnabled 1844 } 1845 STATUS current 1846 DESCRIPTION 1847 "A collection of objects providing configuration 1848 information about an Authenticator PAE." 1849 ::= { dot1xPaeGroups 2 } 1851 dot1xPaeAuthStatsGroup OBJECT-GROUP 1852 OBJECTS { 1853 dot1xAuthEapolFramesRx, 1854 dot1xAuthEapolFramesTx, 1855 dot1xAuthEapolStartFramesRx, 1856 dot1xAuthEapolLogoffFramesRx, 1857 dot1xAuthEapolRespIdFramesRx, 1858 dot1xAuthEapolRespFramesRx, 1859 dot1xAuthEapolReqIdFramesTx, 1860 dot1xAuthEapolReqFramesTx, 1861 dot1xAuthInvalidEapolFramesRx, 1862 dot1xAuthEapLengthErrorFramesRx, 1863 dot1xAuthLastEapolFrameVersion, 1864 dot1xAuthLastEapolFrameSource 1865 } 1866 STATUS current 1867 DESCRIPTION 1868 "A collection of objects providing statistics about an 1869 Authenticator PAE." 1870 ::= { dot1xPaeGroups 3 } 1872 dot1xPaeAuthDiagGroup OBJECT-GROUP 1873 OBJECTS { 1874 dot1xAuthEntersConnecting, 1875 dot1xAuthEapLogoffsWhileConnecting, 1876 dot1xAuthEntersAuthenticating, 1877 dot1xAuthAuthSuccessWhileAuthenticating, 1878 dot1xAuthAuthTimeoutsWhileAuthenticating, 1879 dot1xAuthAuthFailWhileAuthenticating, 1880 dot1xAuthAuthReauthsWhileAuthenticating, 1881 dot1xAuthAuthEapStartsWhileAuthenticating, 1882 dot1xAuthAuthEapLogoffWhileAuthenticating, 1883 dot1xAuthAuthReauthsWhileAuthenticated, 1884 dot1xAuthAuthEapStartsWhileAuthenticated, 1885 dot1xAuthAuthEapLogoffWhileAuthenticated, 1886 dot1xAuthBackendResponses, 1887 dot1xAuthBackendAccessChallenges, 1888 dot1xAuthBackendOtherRequestsToSupplicant, 1889 dot1xAuthBackendNonNakResponsesFromSupplicant, 1890 dot1xAuthBackendAuthSuccesses, 1891 dot1xAuthBackendAuthFails 1892 } 1893 STATUS current 1894 DESCRIPTION 1895 "A collection of objects providing diagnostic statistics 1896 about an Authenticator PAE." 1897 ::= { dot1xPaeGroups 4 } 1899 dot1xPaeAuthSessionStatsGroup OBJECT-GROUP 1900 OBJECTS { 1901 dot1xAuthSessionOctetsRx, 1902 dot1xAuthSessionOctetsTx, 1903 dot1xAuthSessionFramesRx, 1904 dot1xAuthSessionFramesTx, 1905 dot1xAuthSessionId, 1906 dot1xAuthSessionAuthenticMethod, 1907 dot1xAuthSessionTime, 1908 dot1xAuthSessionTerminateCause, 1909 dot1xAuthSessionUserName 1910 } 1911 STATUS current 1912 DESCRIPTION 1913 "A collection of objects providing statistics about the 1914 current, or last session for an Authenticator PAE." 1915 ::= { dot1xPaeGroups 5 } 1917 dot1xPaeSuppConfigGroup OBJECT-GROUP 1918 OBJECTS { 1919 dot1xSuppPaeState, 1920 dot1xSuppHeldPeriod, 1921 dot1xSuppAuthPeriod, 1922 dot1xSuppStartPeriod, 1923 dot1xSuppMaxStart 1924 } 1925 STATUS current 1926 DESCRIPTION 1927 "A collection of objects providing configuration 1928 information about a Supplicant PAE." 1929 ::= { dot1xPaeGroups 6 } 1931 dot1xPaeSuppStatsGroup OBJECT-GROUP 1932 OBJECTS { 1933 dot1xSuppEapolFramesRx, 1934 dot1xSuppEapolFramesTx, 1935 dot1xSuppEapolStartFramesTx, 1936 dot1xSuppEapolLogoffFramesTx, 1937 dot1xSuppEapolRespIdFramesTx, 1938 dot1xSuppEapolRespFramesTx, 1939 dot1xSuppEapolReqIdFramesRx, 1940 dot1xSuppEapolReqFramesRx, 1941 dot1xSuppInvalidEapolFramesRx, 1942 dot1xSuppEapLengthErrorFramesRx, 1943 dot1xSuppLastEapolFrameVersion, 1944 dot1xSuppLastEapolFrameSource 1945 } 1946 STATUS current 1947 DESCRIPTION 1948 "A collection of objects providing statistics about a 1949 Supplicant PAE." 1950 ::= { dot1xPaeGroups 7 } 1952 -- ---------------------------------------------------------- -- 1953 -- compliance statements 1954 -- ---------------------------------------------------------- -- 1956 dot1xPaeCompliance MODULE-COMPLIANCE 1957 STATUS current 1958 DESCRIPTION 1959 "The compliance statement for device support of 1960 Port Access Control." 1962 MODULE 1963 MANDATORY-GROUPS { 1964 dot1xPaeSystemGroup 1965 } 1967 GROUP dot1xPaeAuthConfigGroup 1968 DESCRIPTION 1969 "This group is mandatory for systems that support 1970 the Authenticator functions of the PAE." 1972 OBJECT dot1xAuthAdminControlledDirections 1973 SYNTAX INTEGER { 1974 both(0) 1975 } 1976 MIN-ACCESS read-only 1977 DESCRIPTION 1978 "Support for in(1) is optional." 1980 OBJECT dot1xAuthOperControlledDirections 1981 SYNTAX INTEGER { 1982 both(0) 1983 } 1984 DESCRIPTION 1985 "Support for in(1) is optional." 1987 OBJECT dot1xAuthKeyTxEnabled 1988 MIN-ACCESS read-only 1989 DESCRIPTION 1990 "An Authenticator PAE that does not support 1991 EAPOL-Key frames may implement this object as 1992 read-only, returning a value of FALSE." 1994 GROUP dot1xPaeAuthStatsGroup 1995 DESCRIPTION 1996 "This group is mandatory for systems that support 1997 the Authenticator functions of the PAE." 1999 GROUP dot1xPaeAuthDiagGroup 2000 DESCRIPTION 2001 "This group is optional for systems that support 2002 the Authenticator functions of the PAE." 2004 GROUP dot1xPaeAuthSessionStatsGroup 2005 DESCRIPTION 2006 "This group is optional for systems that support 2007 the Authenticator functions of the PAE." 2009 GROUP dot1xPaeSuppConfigGroup 2010 DESCRIPTION 2011 "This group is mandatory for systems that support 2012 the Supplicant functions of the PAE." 2014 GROUP dot1xPaeSuppStatsGroup 2015 DESCRIPTION 2016 "This group is mandatory for systems that support 2017 the Supplicant functions of the PAE." 2019 ::= { dot1xPaeCompliances 1 } 2021 END 2023 5. Intellectual Property 2025 The IETF takes no position regarding the validity or scope of any 2026 intellectual property or other rights that might be claimed to 2027 pertain to the implementation or use of the technology described in 2028 this document or the extent to which any license under such rights 2029 might or might not be available; neither does it represent that it 2030 has made any effort to identify any such rights. Information on the 2031 IETF's procedures with respect to rights in standards-track and 2032 standards-related documentation can be found in BCP-11. Copies of 2033 claims of rights made available for publication and any assurances of 2034 licenses to be made available, or the result of an attempt made to 2035 obtain a general license or permission for the use of such 2036 proprietary rights by implementors or users of this specification can 2037 be obtained from the IETF Secretariat. 2039 The IETF invites any interested party to bring to its attention any 2040 copyrights, patents or patent applications, or other proprietary 2041 rights which may cover technology that may be required to practice 2042 this standard. Please address the information to the IETF Executive 2043 Director. 2045 6. Acknowledgements 2047 This document was reproduced by the IETF Bridge MIB Working Group 2048 from the IEEE Std 802.1X-2001 IEEE Standard for Local and 2049 metropolitan area networks Port-Based Network Access Control. 2051 A Special thanks to Les Bell for his help in getting this document 2052 ready for publication and providing his insight, and Mike Heard for 2053 helping with security and copyright issues. 2055 7. Normative References 2057 [IEEESTD8021] IEEE, IEEE Std 802.1, 2001 "Edition: IEEE Standard for 2058 Local and metropolitan area networks Port-Based Network 2059 Access Control" 2061 [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 2062 Rose, M. and S. Waldbusser, "Structure of Management 2063 Information Version 2 (SMIv2)", STD 58, RFC 2578, 2064 May 1999. 2066 [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 2067 Rose, M. and S. Waldbusser, "Textual Conventions for SMIv2", 2068 STD 58, RFC 2579, May 1999. 2070 [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 2071 Rose, M. and S. Waldbusser, "Conformance Statements for 2072 SMIv2", STD 58, RFC 2580, May 1999. 2074 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB 2075 using SMIv2", RFC 2863, June 2000. 2077 [RFC3411] Harrington, D., Presuhn, R. and B. Wijnen, "An 2078 Architecture for describing Simple Network Management 2079 Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, 2080 December 2002. 2082 [RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart, 2083 "Introduction and Applicability Statements for Internet- 2084 Standard Management Framework", RFC 3410, December 2002. 2086 [RFC3635] Flick, J., "Definitions of Managed Objects for the 2087 Ethernet-like Interface Types", RFC 3635, September 2003. 2089 [8021XAUTH] IEEE, 802.1x - Port Based Network Access Control, 2090 definition of Authenticator, clause 3.1.1 2092 [8021XSUPP] IEEE, 802.1x - Port Based Network Access Control, 2093 definition of Supplicant, clause 3.1.5 2095 8. Informative References 2097 [RFC1157] Case, J., Fedor, M., Schoffstall, M. and J. Davin, "Simple 2098 Network Management Protocol", STD 15, RFC 1157, May 1990. 2100 [RFC1212] Rose, M. and K. McCloghrie, "Concise MIB Definitions", 2101 STD 16, RFC 1212, March 1991. 2103 [RFC1901] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, 2104 "Introduction to Community-based SNMPv2", RFC 1901, January 2105 1996. 2107 [RFC1905] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, 2108 "Protocol Operations for Version 2 of the Simple Network 2109 Management Protocol (SNMPv2)", RFC 1905, January 1996. 2111 [RFC1906] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, 2112 "Transport Mappings for Version 2 of the Simple Network 2113 Management Protocol (SNMPv2)", RFC 1906, January 1996. 2115 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 2116 Requirements Levels", BCP 14, RFC 2119, March 1997. 2118 [RFC2570] Case, J., Mundy, R., Partain, D. and B. Stewart, 2119 "Introduction to Version 3 of the Internet-Standard Network 2120 Management Framework", RFC 2570, May 1999. 2122 [RFC2572] Case, J., Harrington D., Presuhn R. and B. Wijnen, "Message 2123 Processing and Dispatching for the Simple Network Management 2124 Protocol (SNMP)", RFC 2572, May 1999. 2126 [RFC2574] Blumenthal, U. and B. Wijnen, "User-based Security Model 2127 (USM) for version 3 of the Simple Network Management Protocol 2128 (SNMPv3)", RFC 2574, May 1999. 2130 [RFC2573] Levi, D., Meyer, P. and B. Stewart, "SNMPv3 Applications", 2131 RFC 2573, May 1999. 2133 [RFC2575] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access 2134 Control Model (VACM) for the Simple Network Management 2135 Protocol (SNMP)", RFC 2575, May 1999. 2137 9. Security Considerations 2139 There are a number of management objects defined in this MIB module 2140 with a MAX-ACCESS clause of read-write. If maliciously set these 2141 objects can affect the operation of the port authentication 2142 functions, including allowing access to unathorized users or denying 2143 access to authorized users. Hence the support for SET operations in 2144 without proper access control may have a negative effect on network 2145 operations. The sensitive read-write objects in this MIB module are: 2146 dot1xPaeSystemAuthControl, dot1xPaePortInitialize, 2147 dot1xPaePortReauthenticate, dot1xAuthAdminControlledDirections, 2148 dot1xAuthAuthControlledPortControl, dot1xAuthQuietPeriod, 2149 dot1xAuthTxPeriod, dot1xAuthSuppTimeout, dot1xAuthServerTimeout, 2150 dot1xAuthMaxReq, dot1xAuthReAuthPeriod, dot1xAuthReAuthEnabled, 2151 dot1xAuthKeyTxEnabled, dot1xSuppHeldPeriod, dot1xSuppAuthPeriod, 2152 dot1xSuppStartPeriod, and dot1xSuppMaxStart. 2154 The readable object in this MIB module (i.e., the managed objects 2155 that have a MAX-ACCESS clause of anything other than not-accessible) 2156 contain information that may be used to compromise the access and 2157 security of network users. It is therefore important to control 2158 GET and/or NOTIFY access to these objects and possibly even to 2159 encrypt their values when sending them over the network via SNMP. 2161 SNMP versions prior to SNMPv3 did not include adequate security. 2162 Even if the network itself is secure (for example by using IPSec), 2163 even then, there is no control as to who on the secure network is 2164 allowed to access and GET/SET (read/change/create/delete) the objects 2165 in this MIB module. 2167 It is RECOMMENDED that implementers consider the security features as 2168 provided by the SNMPv3 framework (see [RFC3410], section 8), 2169 including full support for the SNMPv3 cryptographic mechanisms (for 2170 authentication and privacy). 2172 Further, deployment of SNMP versions prior to SNMPv3 is NOT 2173 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 2174 enable cryptographic security. It is then a customer/operator 2175 responsibility to ensure that the SNMP entity giving access to an 2176 instance of this MIB module is properly configured to give access to 2177 the objects only to those principals (users) that have legitimate 2178 rights to indeed GET or SET (change/create/delete) them. 2180 10. Author's Address 2182 K.C. Norseth 2183 L-3 Communications 2184 640 N. 2200 West. 2185 Salt Lake City, Utah 84116-0850 2186 Email: kenyon.c.norseth@L-3com.com 2187 kcn@norseth.com 2189 11. Change Log 2191 The following changes were made to 2192 to produce : 2194 1) Redefined the overview to more reflect the IEEE 802.1x document. 2195 1) Clarification of the security section 2196 2) Splitting references into Normative and Informative 2197 3) Changing draft to reflect IETF document standards. 2199 12. Full Copyright Statement 2201 Copyright (C) The Internet Society (2003). All Rights Reserved. 2203 This document and translations of it may be copied and furnished to 2204 others provided that the above copyright notice and this paragraph 2205 are included on all such copies. However, this document itself may 2206 not be modified in any way, such as by removing the copyright notice 2207 or references to the Internet Society or other Internet 2208 organizations, except as required to translate it into languages 2209 other than English, and derivative works of it may not be created, 2210 other than to extract the MIB module in Section 4 as-is for separate 2211 use. 2213 The limited permissions granted above are perpetual and will not be 2214 revoked by the Internet Society or its successors or assigns. 2216 This document and the information contained herein is provided on an 2217 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 2218 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 2219 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 2220 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 2221 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.