mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
librenms-librenms/mibs/ENTERASYS-8021X-REKEYING-MIB

309 lines
11 KiB
Plaintext
Raw Normal View History

more mibs (thanks netdot people for collecting these, we will trust you that they are not broken) git-svn-id: http://www.observium.org/svn/observer/trunk@1402 61d68cd4-352d-0410-923a-c4978735b2b8
2010-07-18 05:05:04 +00:00
ENTERASYS-8021X-REKEYING-MIB DEFINITIONS ::= BEGIN
-- enterasys-8021x-rekeying-mib.txt
--
-- Part Number: <TBD>
--
--
-- This module provides authoritative definitions for Enterasys
-- Networks' IEEE 802.1x rapid rekeying MIB.
--
-- This module will be extended, as needed.
-- Enterasys Networks reserves the right to make changes in this
-- specification and other information contained in this document
-- without prior notice. The reader should consult Enterasys Networks
-- to determine whether any such changes have been made.
--
-- In no event shall Enterasys Networks be liable for any incidental,
-- indirect, special, or consequential damages whatsoever (including
-- but not limited to lost profits) arising out of or related to this
-- document or the information contained in it, even if Enterasys
-- Networks has been advised of, known, or should have known, the
-- possibility of such damages.
--
-- Enterasys Networks grants vendors, end-users, and other interested
-- parties a non-exclusive license to use this Specification in
-- connection with the management of Enterasys Networks products.
-- Copyright February, 2002 Enterasys Networks, Inc.
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, Unsigned32
FROM SNMPv2-SMI
TruthValue
FROM SNMPv2-TC
MODULE-COMPLIANCE, OBJECT-GROUP
FROM SNMPv2-CONF
dot1xPaePortNumber
FROM IEEE8021-PAE-MIB
etsysModules
FROM ENTERASYS-MIB-NAMES;
etsys8021xRekeyingMIB MODULE-IDENTITY
LAST-UPDATED "200407141507Z" -- Wed Jul 14 15:07 GMT 2004
ORGANIZATION "Enterasys Networks, Inc"
CONTACT-INFO
"Postal: Enterasys Networks
50 Minuteman Rd.
Andover, MA 01810-1008
USA
Phone: +1 978 684 1000
E-mail: support@enterasys.com
WWW: http://www.enterasys.com"
DESCRIPTION
"This MIB module defines a portion of the SNMP enterprise
MIBs under Enterasys Networks' enterprise OID pertaining to
IEEE 802.1x authentication.
This MIB is designed to supplement and be used in connection
with the standard IEEE 802.1x MIB.
It provides configuration controls for Enterasys Networks'
rapid rekeying feature -- a feature that enhances wireless
LAN security by changing the network's radio keys on a
regular basis."
REVISION "200407141507Z" -- Wed Jul 14 15:07 GMT 2004
DESCRIPTION
"Added the etsysDot1xRekeyPairwise leaf."
REVISION "200203072006Z" -- Thu Mar 7 20:06 GMT 2002
DESCRIPTION
"The initial version of this MIB module."
::= { etsysModules 17 }
etsysDot1xRekeyingObjects
OBJECT IDENTIFIER ::= { etsys8021xRekeyingMIB 1 }
-- ---------------------------------------------------------- --
-- Textual Conventions
-- ---------------------------------------------------------- --
-- ---------------------------------------------------------- --
-- Branches of the Enterasys IEEE 802.1x Rapid Rekeying MIB
-- ---------------------------------------------------------- --
etsysDot1xRekeyBaseBranch
OBJECT IDENTIFIER ::= { etsysDot1xRekeyingObjects 1 }
-- ---------------------------------------------------------- --
-- The Rapid Rekeying Configuration Table
-- ---------------------------------------------------------- --
etsysDot1xRekeyConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF EtsysDot1xRekeyConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table that contains encryption-key-related configuration
objects for ports on which Authenticator PAEs can run."
::= { etsysDot1xRekeyBaseBranch 1 }
etsysDot1xRekeyConfigEntry OBJECT-TYPE
SYNTAX EtsysDot1xRekeyConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each conceptual row holds encryption key configuration
information for the Authenticator PAEs associated with one
port."
INDEX { dot1xPaePortNumber }
::= { etsysDot1xRekeyConfigTable 1 }
EtsysDot1xRekeyConfigEntry ::=
SEQUENCE {
etsysDot1xRekeyEnabled TruthValue,
etsysDot1xRekeyPeriod Unsigned32,
etsysDot1xRekeyLength INTEGER,
etsysDot1xRekeyAsymmetric TruthValue,
etsysDot1xRekeyPairwise TruthValue
}
etsysDot1xRekeyEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Determines how an access point selects radio encryption
keys.
If the selected port/Authenticator PAE does not support
the EAPOL-Key feature (e.g., because radio keys are not
applicable to Ethernet ports), this object's value will
be FALSE and attempts to write TRUE will fail.
Normally, if radio keys are present, the manager enters
them into the access point through some manual process.
The manager or the users may also need to configure the
keys into each laptop (access points can distribute the
keys automatically to 802.1x EAP-TLS clients). However
laptops get keys, the keys remain static until somebody
goes to the trouble of changing them. If the keys stay
unchanged for long periods, this can make it easier for
a determined attacker to launch a cryptographic attack.
When rapid rekeying is enabled, an access point ignores
its manually-set keys. It generates pseudo-random keys
on a periodic basis, using IEEE 802.1x key distribution
to deliver the keys to new and current clients.
Do not enable rapid rekeying unless ALL of your clients
support IEEE 802.1x and an authentication method (e.g.,
EAP-TLS) that supports key distribution.
Before enabling rapid rekeying, make sure that you have
set 'dot1xAuthKeyTxEnabled' to TRUE. Changing the keys
without telling any of the clients about the changes is
not a very useful mode of operation."
DEFVAL { false }
::= { etsysDot1xRekeyConfigEntry 1 }
etsysDot1xRekeyPeriod OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"When rapid rekeying (periodic changing of radio keys) is
enabled, the value of this object determines the period,
in seconds, between key changes."
DEFVAL { 1800 }
::= { etsysDot1xRekeyConfigEntry 2 }
etsysDot1xRekeyLength OBJECT-TYPE
SYNTAX INTEGER { keylen40 (1), keylen128 (2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Determines the number of bits/bytes used in the
encryption keys. Currently supports either 128-bit
(16-octet) encryption keys or 40-bit (5-octet)
encryption keys."
DEFVAL { keylen128 }
::= { etsysDot1xRekeyConfigEntry 3 }
etsysDot1xRekeyAsymmetric OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Determines the association between the supplicant and
authenticator transmit keys.
If true(1), the authenticator and supplicant will use
different encryption keys in order to transmit data.
If false(2), the authenticator and supplicant will use
a single key pattern to encrypt the transmitted data."
DEFVAL { true }
::= { etsysDot1xRekeyConfigEntry 4 }
etsysDot1xRekeyPairwise OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Determines whether Rapid Rekeying tumbles Pairwise keys
(when it is enabled, and the radio card supports them).
If true(1), it indicates that the access point should
tumble both Pairwise and Group keys.
If false(2), it indicates that the access point should
tumble only Group keys."
DEFVAL { true }
::= { etsysDot1xRekeyConfigEntry 5 }
-- ---------------------------------------------------------- --
-- Enterasys 802.1X Rekeying MIB - Conformance Information
-- ---------------------------------------------------------- --
etsysDot1xRekeyingConformance
OBJECT IDENTIFIER ::= { etsys8021xRekeyingMIB 2 }
etsysDot1xRekeyingGroups
OBJECT IDENTIFIER ::= { etsysDot1xRekeyingConformance 1 }
etsysDot1xRekeyingCompliances
OBJECT IDENTIFIER ::= { etsysDot1xRekeyingConformance 2 }
-- ---------------------------------------------------------- --
-- Units of conformance
-- ---------------------------------------------------------- --
etsysDot1xRekeyingBaseGroup OBJECT-GROUP
OBJECTS {
etsysDot1xRekeyPeriod,
etsysDot1xRekeyEnabled,
etsysDot1xRekeyLength,
etsysDot1xRekeyAsymmetric
}
STATUS current
DESCRIPTION
"A collection of objects providing rekeying configuration
information about a port on which Authenticator PAEs can
run."
::= { etsysDot1xRekeyingGroups 1 }
etsysDot1xRekeyingPairwiseGroup OBJECT-GROUP
OBJECTS {
etsysDot1xRekeyPairwise
}
STATUS current
DESCRIPTION
"A collection of objects providing rekeying configuration
information related to Pairwise keys."
::= { etsysDot1xRekeyingGroups 2 }
-- ---------------------------------------------------------- --
-- Compliance statements
-- ---------------------------------------------------------- --
etsysDot1xRekeyingCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for devices that support the
Enterasys IEEE 802.1x extensions MIB."
MODULE
MANDATORY-GROUPS { etsysDot1xRekeyingBaseGroup }
GROUP etsysDot1xRekeyingPairwiseGroup
DESCRIPTION "For devices that support pairwise rekeying."
OBJECT etsysDot1xRekeyEnabled
MIN-ACCESS read-only
DESCRIPTION "Write access is not required."
OBJECT etsysDot1xRekeyPeriod
MIN-ACCESS read-only
DESCRIPTION "Write access is not required."
OBJECT etsysDot1xRekeyLength
MIN-ACCESS read-only
DESCRIPTION "Write access is not required. Depending upon
product capabilities (and export restrictions,
if applicable), some systems may not implement
all key lengths."
OBJECT etsysDot1xRekeyAsymmetric
MIN-ACCESS read-only
DESCRIPTION "Write access is not required."
OBJECT etsysDot1xRekeyPairwise
MIN-ACCESS read-only
DESCRIPTION "Write access is not required."
::= { etsysDot1xRekeyingCompliances 1 }
END
Reference in New Issue Copy Permalink