mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
c3afca79a3f4c17b8cd6e8ca8e2eb76b95e1b581
librenms-librenms/mibs/ENTERASYS-ENCR-8021X-CONFIG-MIB

802 lines
31 KiB
Plaintext
Raw Normal View History

more mibs (thanks netdot people for collecting these, we will trust you that they are not broken) git-svn-id: http://www.observium.org/svn/observer/trunk@1402 61d68cd4-352d-0410-923a-c4978735b2b8
2010-07-18 05:05:04 +00:00
ENTERASYS-ENCR-8021X-CONFIG-MIB DEFINITIONS ::= BEGIN
-- enterasys-encr-8021x-config-mib.txt
--
-- Part Number: <TBD>
--
--
-- This module provides authoritative definitions for Enterasys
-- Networks' encrypted IEEE 802.1x configuration MIB.
--
-- This module will be extended, as needed.
-- Enterasys Networks reserves the right to make changes in this
-- specification and other information contained in this document
-- without prior notice. The reader should consult Enterasys Networks
-- to determine whether any such changes have been made.
--
-- In no event shall Enterasys Networks be liable for any incidental,
-- indirect, special, or consequential damages whatsoever (including
-- but not limited to lost profits) arising out of or related to this
-- document or the information contained in it, even if Enterasys
-- Networks has been advised of, known, or should have known, the
-- possibility of such damages.
--
-- Enterasys Networks grants vendors, end-users, and other interested
-- parties a non-exclusive license to use this Specification in
-- connection with the management of Enterasys Networks products.
-- Copyright March, 2002 Enterasys Networks, Inc.
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE
FROM SNMPv2-SMI
MODULE-COMPLIANCE, OBJECT-GROUP
FROM SNMPv2-CONF
-- TruthValue
-- FROM SNMPv2-TC
-- PaeControlledDirections,
-- PaeControlledPortStatus, PaeControlledPortControl
-- FROM IEEE8021-PAE-MIB
dot1xPaePortNumber
FROM IEEE8021-PAE-MIB
etsysDot1xAuthStationAddress
FROM ENTERASYS-8021X-EXTENSIONS-MIB
etsysModules
FROM ENTERASYS-MIB-NAMES;
etsysEncr8021xConfigMIB MODULE-IDENTITY
LAST-UPDATED "200203142045Z" -- Thu Mar 14 20:45 GMT 2002
ORGANIZATION "Enterasys Networks, Inc"
CONTACT-INFO
"Postal: Enterasys Networks
35 Industrial Way, P.O. Box 5005
Rochester, NH 03867-0505
Phone: +1 603 332 9400
E-mail: support@enterasys.com
WWW: http://www.enterasys.com"
-- This is the overall description of this MIB module
DESCRIPTION
"The Enterasys Networks MIB module for configuring IEEE
802.1x implementations on SNMPv1-only platforms.
This MIB includes encrypted variants of selected objects
from the IEEE 802.1x MIB and the Enterasys 802.1x
Extensions MIB.
------------------
N O T I C E
Use of this MIB in any product requires the approval
of the Office of the CTO, Enterasys Networks, Inc.
Permission to use this MIB will not be granted for
products in which SNMPv3 is now, or will soon be,
implemented. Permission to use this MIB in products
that are never scheduled to implement SNMPv3 will be
granted on a case-by-case basis, depending on what
other suitable, secure means of configuration are
available in the product.
------------------
The following is a discussion of the encoding/decoding and
encryption/decryption methods that must be used to extract
data from an encrypted OCTET STRING. (These methods are the
same as for the Enterasys Networks encrypted RADIUS Client
MIB.)
The encryption/decryption methods make use of an agreed-upon
Secret and an Authenticator shared between the SNMP network
management system and the entity that implements the MIB.
The encryption/decryption algorithm, as presented herein, is
taken from the RADIUS protocol, and is the method specified
for encryption of Tunnel-Password Attributes in RFC 2868.
To permit plug-and-play remote installation, configuration,
and management of the device, the device will algorithmically
derive the initial shared secret and the initial authenticator.
For security reasons, the network manager should change the
authenticator portion of the management encryption key after
initial configuration. The methods available for doing this
are implementation-specific and subject to change.
All read-write and write-only access objects except the table
index are encoded into fields in an OCTET STRING.
Octet String
Before encryption, a 'native' object must be encoded into
a formatted Octet String. After decryption, the Octet String
must be decoded to obtain the 'native' object.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Salt |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| String ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
The data type of the non-encrypted 'native' data:
1 = Integer32
2 = OCTET STRING
Length
The length in octets of the native object sub-field of
the Octet String, exclusive of any optional padding.
Note that the Integrity Check sub-fields (CRC, OID-tail,
Time Stamp, Source IP Address) are not included in this
length value, but since the IC sub-fields are always
present and are of fixed length, there is no impediment
to proper packet parsing.
Salt
The Salt field is two octets in length and is used to
ensure the uniqueness of the encryption key used to
encrypt each object.
The most significant bit (leftmost) of the Salt field
MUST be set (1). The contents of each Salt field in a
given SNMP packet must be unique.
String
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| CRC (4 bytes) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OID-tail (4 bytes) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time Stamp (4 bytes) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source IP Address (4 bytes) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Object/Padding ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The plain-text String field consists of six logical
sub-fields: the CRC, OID-tail, Time Stamp, Source IP
address and native Object sub-fields (all of which are
required), and the optional Padding sub-field. The
String field MUST be treated as a counted-string of
undistinguished octets, and not as a standard
C/UNIX-style null-terminated, printable ASCII string.
CRC Sub-field
The CRC sub-field contains a 32-bit CRC (CRC-32)
calculated over the following concatentated sub-fields
of the String: the OID-tail, Time Stamp, Source IP
Address and unpadded native Object fields. The CRC
sub-field acts as an integrity check on the decrypted
data.
OID-tail Sub-field
The OID-tail sub-field contains the least significant
four octets of the Object ID of the varbind. This
field is included as an integrity check on the OID of
the varbind.
Time Stamp Sub-field
The Time Stamp sub-field contains a 32-bit unsigned
integer value representing the time the encrypted
message was assembled. This field acts as an
integrity check by facilitating the disposal of stale
or replayed messages. The time window of acceptance is
implementation dependant, and may be the subject of
local (i.e. managed entity) policy configuration. The
Time Stamp is relative time, in units of seconds,
referenced to the sysUpTime object of the managed
entity.
Source IP Address Sub-field
The Source IP Address sub-field contains an unsigned
32-bit representation of the IPv4 address of the
source of the encrypted message. This is an added
check to allow verification of the source of the
varbind.
The CRC, OID-tail, Time Stamp, and Source IP Address
sub-fields are collectively hereinafter refered to as
the Integrity Check (IC) sub-fields.
Object/Padding Sub-field
Object
The Object sub-field contains the actual or native
object data followed by padding, if necessary.
Padding
If the combined length (in octets) of the
non-encrypted CRC, OID-tail, Time Stamp, Source IP
Address, and native Object sub-fields is not an even
multiple of 16, then the Padding sub-field MUST be
present. If it is present, the length of the
Padding sub-field is variable, between 1 and 15
octets. The value of the pad octets SHOULD be zero.
Encrypting/Decrypting the String Field
The entire String field MUST be encrypted as follows,
prior to transmission:
Construct a plain-text version of the String field by
concatenating the CRC, OID-tail, Time Stamp, Source IP
address, and native Object sub-fields. If necessary,
pad the resulting string until its length (in octets)
is an even multiple of 16. It is recommended that zero
octets (0x00) be used for padding. Call this plain-text
P.
Shared Secret
The shared secret is formed from the MAC
(hardware) address of the primary management
interface of the managed device (containing the
RADIUS Client). The MAC address is represented
as up-cased, dashed-ASCII, e.g. 08-00-2B-11-22-33.
Authenticator
The 128-bit authenticator is a pre-defined
constant. The default value of the authenticator
is an Enterasys Networks trade secret. This value
is settable and the user is advised to change it
from the default value after initial configuration
of the system. Contact the MIB author for
additional information on the default value.
Call the shared secret S, the [pseudo-random] 128-bit
Authenticator R, and the contents of the Salt field A.
Break P into 16 octet chunks p(1), p(2)...p(i),
where i = len(P)/16. Call the cipher-text blocks
c(1), c(2)...c(i) and the final cipher-text C.
Intermediate values b(1), b(2)...c(i) are required.
Encryption is performed in the following manner ('+'
indicates concatenation):
b(1) = MD5(S + R + A) c(1) = p(1) xor b(1) C = c(1)
b(2) = MD5(S + c(1)) c(2) = p(2) xor b(2) C = C + c(2)
. .
. .
. .
b(i) = MD5(S + c(i-1)) c(i) = p(i) xor b(i) C = C + c(i)
The resulting encrypted String field will contain
c(1)+c(2)+...+c(i).
On receipt, the process is reversed to yield the
plain-text String."
REVISION "200203142045Z" -- Thu Mar 14 20:45 GMT 2002
DESCRIPTION
"The initial version of this MIB module."
::= { etsysModules 19 }
etsysEncrDot1xConfigObjects
OBJECT IDENTIFIER ::= { etsysEncr8021xConfigMIB 1 }
-- ----------------------------------------------------------------- --
-- Textual Conventions
-- ----------------------------------------------------------------- --
-- ----------------------------------------------------------------- --
-- Branches of the Enterasys Encrypted IEEE 802.1x Configuration MIB
-- ----------------------------------------------------------------- --
-- Encrypted configuration objects for Authenticator PAEs.
etsysEncrDot1xAuthConfigBranch
OBJECT IDENTIFIER ::= { etsysEncrDot1xConfigObjects 1 }
-- ----------------------------------------------------------------- --
-- The Encrypted Configuration Table for Port-Based PAEs
-- ----------------------------------------------------------------- --
etsysEncrDot1xAuthPortConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF EtsysEncrDot1xAuthPortConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table that contains encrypted configuration objects for
ports that support Authenticator PAEs."
::= { etsysEncrDot1xAuthConfigBranch 1 }
etsysEncrDot1xAuthPortConfigEntry OBJECT-TYPE
SYNTAX EtsysEncrDot1xAuthPortConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each conceptual row holds configuration information for
the Authenticator PAE(s) associated with one port."
INDEX { dot1xPaePortNumber }
::= { etsysEncrDot1xAuthPortConfigTable 1 }
EtsysEncrDot1xAuthPortConfigEntry ::=
SEQUENCE {
etsysEncrDot1xAuthAdminControlledDirections
OCTET STRING, -- encrypted enumeration
etsysEncrDot1xAuthControlledPortControl
OCTET STRING, -- encrypted enumeration
etsysEncrDot1xAuthQuietPeriod
OCTET STRING, -- encrypted INTEGER
etsysEncrDot1xAuthTxPeriod
OCTET STRING, -- encrypted INTEGER
etsysEncrDot1xAuthSuppTimeout
OCTET STRING, -- encrypted INTEGER
etsysEncrDot1xAuthServerTimeout
OCTET STRING, -- encrypted INTEGER
etsysEncrDot1xAuthMaxReq
OCTET STRING, -- encrypted INTEGER
etsysEncrDot1xAuthReAuthPeriod
OCTET STRING, -- encrypted INTEGER
etsysEncrDot1xAuthReAuthEnabled
OCTET STRING, -- encrypted TruthValue
etsysEncrDot1xAuthKeyTxEnabled
OCTET STRING -- encrypted TruthValue
}
etsysEncrDot1xAuthAdminControlledDirections OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted enumeration
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An encrypted octet string containing
The current value of the administrative controlled
directions parameter for the Port.
SYNTAX PaeControlledDirections
The data type is 1, Integer32."
REFERENCE
"IEEE P802.1x Section 9.4.1, Admin Control Mode"
::= { etsysEncrDot1xAuthPortConfigEntry 1 }
etsysEncrDot1xAuthControlledPortControl OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted enumeration
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An encrypted octet string containing
The current value of the controlled Port
control parameter for the Port.
SYNTAX INTEGER {
forceUnauthorized(1),
auto(2),
forceAuthorized(3)
}
The data type is 1, Integer32."
REFERENCE
"IEEE P802.1x Section 9.6.4.1, AuthControlledPortControl"
::= { etsysEncrDot1xAuthPortConfigEntry 2 }
etsysEncrDot1xAuthQuietPeriod OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An encrypted octet string containing
The value, in seconds, of the quietPeriod constant
currently in use by the Authenticator PAE state
machine.
Alternately, the default value (for ports that use
station-based access control, and that therefore may
support many virtual PAEs).
The data type is 1, Integer32."
REFERENCE
"IEEE P802.1x Section 9.6.4.1, quietPeriod"
-- DEFVAL { encrypt(60) }
::= { etsysEncrDot1xAuthPortConfigEntry 3 }
etsysEncrDot1xAuthTxPeriod OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An encrypted octet string containing
The value, in seconds, of the txPeriod constant
currently in use by the Authenticator PAE state
machine.
Alternately, the default value (for ports that use
station-based access control, and that therefore may
support many virtual PAEs).
The data type is 1, Integer32."
REFERENCE
"IEEE P802.1x Section 9.6.4.1, txPeriod"
-- DEFVAL { encrypt(30) }
::= { etsysEncrDot1xAuthPortConfigEntry 4 }
etsysEncrDot1xAuthSuppTimeout OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An encrypted octet string containing
The value, in seconds, of the suppTimeout constant
currently in use by the Backend Authentication state
machine.
Alternately, the default value (for ports that use
station-based access control, and that therefore may
support many virtual PAEs).
The data type is 1, Integer32."
REFERENCE
"IEEE P802.1x Section 9.6.4.1, suppTimeout"
-- DEFVAL { encrypt(30) }
::= { etsysEncrDot1xAuthPortConfigEntry 5 }
etsysEncrDot1xAuthServerTimeout OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An encrypted octet string containing
The value, in seconds, of the serverTimeout constant
currently in use by the Backend Authentication state
machine.
Alternately, the default value (for ports that use
station-based access control, and that therefore may
support many virtual PAEs).
The data type is 1, Integer32."
REFERENCE
"IEEE P802.1x Section 9.6.4.1, serverTimeout"
-- DEFVAL { encrypt(30) }
::= { etsysEncrDot1xAuthPortConfigEntry 6 }
etsysEncrDot1xAuthMaxReq OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An encrypted octet string containing
The value of the maxReq constant currently in use by
the Backend Authentication state machine.
Alternately, the default value (for ports that use
station-based access control, and that therefore may
support many virtual PAEs).
The data type is 1, Integer32."
REFERENCE
"IEEE P802.1x Section 9.6.4.1, maxReq"
-- DEFVAL { encrypt(2) }
::= { etsysEncrDot1xAuthPortConfigEntry 7 }
etsysEncrDot1xAuthReAuthPeriod OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An encrypted octet string containing
The value, in seconds, of the reAuthPeriod constant
currently in use by the Reauthentication Timer state
machine.
Alternately, the default value (for ports that use
station-based access control, and that therefore may
support many virtual PAEs).
The data type is 1, Integer32."
REFERENCE
"IEEE P802.1x Section 9.6.4.1, reAuthPeriod"
-- DEFVAL { encrypt(60) }
::= { etsysEncrDot1xAuthPortConfigEntry 8 }
etsysEncrDot1xAuthReAuthEnabled OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An encrypted octet string containing
The enable/disable control used by the Reauthentication
Timer state machine (8.5.5.1).
Alternately, the default value (for ports that use
station-based access control, and that therefore may
support many virtual PAEs).
SYNTAX INTEGER { true(1), false(2) }
The data type is 1, Integer32."
REFERENCE
"IEEE P802.1x Section 9.6.4.1, reAuthEnabled"
-- DEFVAL { encrypt(false) }
::= { etsysEncrDot1xAuthPortConfigEntry 9 }
etsysEncrDot1xAuthKeyTxEnabled OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An encrypted octet string containing
The value of the keyTransmissionEnabled constant
currently in use by the Authenticator PAE state
machine.
Alternately, the default value (for ports that use
station-based access control, and that therefore may
support many virtual PAEs).
SYNTAX INTEGER { true(1), false(2) }
The data type is 1, Integer32."
REFERENCE
"IEEE P802.1x Section 9.6.4.1, keyTransmissionEnabled"
-- DEFVAL { encrypt(false) }
::= { etsysEncrDot1xAuthPortConfigEntry 10 }
-- ----------------------------------------------------------------- --
-- The Encrypted Initialization Table for Port-Based PAEs
-- ----------------------------------------------------------------- --
etsysEncrDot1xAuthPortInitTable OBJECT-TYPE
SYNTAX SEQUENCE OF EtsysEncrDot1xAuthPortInitEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table that contains encrypted initialization objects for
port-based Authenticator PAEs."
::= { etsysEncrDot1xAuthConfigBranch 2 }
etsysEncrDot1xAuthPortInitEntry OBJECT-TYPE
SYNTAX EtsysEncrDot1xAuthPortInitEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each conceptual row holds initialization objects for one
port-based Authenticator PAE."
INDEX { dot1xPaePortNumber }
::= { etsysEncrDot1xAuthPortInitTable 1 }
EtsysEncrDot1xAuthPortInitEntry ::=
SEQUENCE {
etsysEncrDot1xAuthInitialize
OCTET STRING, -- encrypted TruthValue
etsysEncrDot1xAuthReauthenticate
OCTET STRING -- encrypted TruthValue
}
etsysEncrDot1xAuthInitialize OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An encrypted octet string containing
The initialization control for this Port. Setting this
attribute to TRUE causes the Port to be initialized.
The attribute value reverts to FALSE once initialization
has been completed.
Setting this attribute to TRUE for a Port that uses
station-based access control causes all of the virtual
PAEs associated with the Port to be initialized.
SYNTAX INTEGER { true(1), false(2) }
The data type is 1, Integer32."
REFERENCE
"IEEE P802.1x Section 9.6.1.2, Initialize Port"
::= { etsysEncrDot1xAuthPortInitEntry 1 }
etsysEncrDot1xAuthReauthenticate OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An encrypted octet string containing
The reauthentication control for this Port. Setting this
attribute to TRUE causes the Authenticator PAE state
machine for the Port to reauthenticate the Supplicant.
Setting this attribute to FALSE has no effect.
This attribute always returns FALSE when it is read.
Setting this attribute to TRUE for a Port that uses
station-based access control causes all of the virtual
PAEs associated with the Port to reauthenticate their
Supplicants.
SYNTAX INTEGER { true(1), false(2) }
The data type is 1, Integer32."
REFERENCE
"IEEE P802.1x Section 9.6.4.1.3 Reauthenticate"
::= { etsysEncrDot1xAuthPortInitEntry 2 }
-- ----------------------------------------------------------------- --
-- The Encrypted Initialization Table for Station-Based PAEs
-- ----------------------------------------------------------------- --
etsysEncrDot1xAuthStationInitTable OBJECT-TYPE
SYNTAX SEQUENCE OF EtsysEncrDot1xAuthStationInitEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table that contains encrypted configuration objects for
station-based Authenticator PAEs."
::= { etsysEncrDot1xAuthConfigBranch 3 }
etsysEncrDot1xAuthStationInitEntry OBJECT-TYPE
SYNTAX EtsysEncrDot1xAuthStationInitEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Configuration objects for one station-based Authenticator
PAE."
INDEX { etsysDot1xAuthStationAddress }
::= { etsysEncrDot1xAuthStationInitTable 1 }
EtsysEncrDot1xAuthStationInitEntry ::=
SEQUENCE {
etsysEncrDot1xAuthStationInitialize
OCTET STRING, -- encrypted TruthValue
etsysEncrDot1xAuthStationReauthenticate
OCTET STRING -- encrypted TruthValue
}
etsysEncrDot1xAuthStationInitialize OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An encrypted octet string containing
The initialization control for this Authenticator PAE.
Setting this attribute to TRUE causes the PAE to be
initialized. The attribute value reverts to FALSE
once initialization has completed.
SYNTAX INTEGER { true(1), false(2) }
The data type is 1, Integer32."
REFERENCE "IEEE P802.1x Section 9.6.1.2, Initialize Port"
::= { etsysEncrDot1xAuthStationInitEntry 1 }
etsysEncrDot1xAuthStationReauthenticate OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An encrypted octet string containing
The reauthentication control for this Authenticator
PAE. Setting this attribute to TRUE causes the
Authenticator PAE state machine to reauthenticate the
Supplicant. Setting this attribute FALSE has no
effect. This attribute always returns FALSE when it
is read.
SYNTAX INTEGER { true(1), false(2) }
The data type is 1, Integer32."
REFERENCE "IEEE P802.1x Section 9.4.1.3 Reauthenticate"
::= { etsysEncrDot1xAuthStationInitEntry 2 }
-- ---------------------------------------------------------- --
-- Enterasys 802.1X Configuration MIB - Conformance Information
-- ---------------------------------------------------------- --
etsysEncrDot1xConfigConformance
OBJECT IDENTIFIER ::= { etsysEncr8021xConfigMIB 2 }
etsysEncrDot1xConfigGroups
OBJECT IDENTIFIER ::= { etsysEncrDot1xConfigConformance 1 }
etsysEncrDot1xConfigCompliances
OBJECT IDENTIFIER ::= { etsysEncrDot1xConfigConformance 2 }
-- ---------------------------------------------------------- --
-- Units of conformance
-- ---------------------------------------------------------- --
etsysEncrDot1xAuthConfigGroup OBJECT-GROUP
OBJECTS {
etsysEncrDot1xAuthAdminControlledDirections,
etsysEncrDot1xAuthControlledPortControl,
etsysEncrDot1xAuthQuietPeriod,
etsysEncrDot1xAuthTxPeriod,
etsysEncrDot1xAuthSuppTimeout,
etsysEncrDot1xAuthServerTimeout,
etsysEncrDot1xAuthMaxReq,
etsysEncrDot1xAuthReAuthPeriod,
etsysEncrDot1xAuthReAuthEnabled,
etsysEncrDot1xAuthKeyTxEnabled
}
STATUS current
DESCRIPTION
"A collection of objects for configuring IEEE 802.1x
authentication at the port level. Objects belonging
to this group typically have durable values."
::= { etsysEncrDot1xConfigGroups 1 }
etsysEncrDot1xAuthInitGroup OBJECT-GROUP
OBJECTS {
etsysEncrDot1xAuthInitialize,
etsysEncrDot1xAuthReauthenticate,
etsysEncrDot1xAuthStationInitialize,
etsysEncrDot1xAuthStationReauthenticate
}
STATUS current
DESCRIPTION
"A collection of objects for making Authenticator PAEs
initialize and reauthenticate Supplicants. Writes
to objects in this group trigger actions, rather than
changes to durable configuration values."
::= { etsysEncrDot1xConfigGroups 2 }
-- ---------------------------------------------------------- --
-- Compliance statements
-- ---------------------------------------------------------- --
etsysEncrDot1xConfigCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for devices that support the
Enterasys encrypted IEEE 802.1x configuration MIB."
MODULE
MANDATORY-GROUPS { etsysEncrDot1xAuthConfigGroup }
OBJECT etsysEncrDot1xAuthAdminControlledDirections
MIN-ACCESS read-only
DESCRIPTION "Support for encrypt(in(1)) is optional."
OBJECT etsysEncrDot1xAuthKeyTxEnabled
MIN-ACCESS read-only
DESCRIPTION "An Authenticator PAE that does not support
EAPOL-Key frames may implement this object as
read-only, returning a value of encrypt(FALSE)."
GROUP etsysEncrDot1xAuthInitGroup
DESCRIPTION "This group is optional."
::= { etsysEncrDot1xConfigCompliances 1 }
END
Reference in New Issue Copy Permalink