453 lines
20 KiB
Plaintext
453 lines
20 KiB
Plaintext
|
-- Dot1x Advanced Features MIB overview:
|
||
|
-- Dot1x Advanced Features MIB falls under fastPath MIB node of the private subtree.
|
||
|
|
||
|
FASTPATH-DOT1X-ADVANCED-FEATURES-MIB DEFINITIONS ::= BEGIN
|
||
|
|
||
|
-- Broadcom Corporation FastPath Dot1x Advanced Features MIB
|
||
|
-- Copyright Broadcom Corporation (2003-2007) All rights reserved.
|
||
|
|
||
|
-- This SNMP Management Information Specification
|
||
|
-- embodies Broadcom Corporation's confidential and proprietary
|
||
|
-- intellectual property. Broadcom Corporation retains all title
|
||
|
-- and ownership in the Specification including any revisions.
|
||
|
|
||
|
-- This Specification is supplied "AS IS", Broadcom Corporation
|
||
|
-- makes no warranty, either expressed or implied,
|
||
|
-- as to the use, operation, condition, or performance of the
|
||
|
-- Specification.
|
||
|
|
||
|
|
||
|
IMPORTS
|
||
|
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
|
||
|
Unsigned32 FROM SNMPv2-SMI
|
||
|
dot1xPaePortNumber FROM IEEE8021-PAE-MIB
|
||
|
TEXTUAL-CONVENTION,
|
||
|
RowStatus,MacAddress FROM SNMPv2-TC
|
||
|
DisplayString FROM RFC1213-MIB
|
||
|
fastPath FROM BROADCOM-REF-MIB;
|
||
|
|
||
|
|
||
|
fastPathdot1xAdvanced MODULE-IDENTITY
|
||
|
LAST-UPDATED "200705230000Z" -- 23 May 2007 12:00:00 GMT
|
||
|
ORGANIZATION "Broadcom Corporation"
|
||
|
CONTACT-INFO
|
||
|
" Customer Support
|
||
|
Postal: Broadcom Corporation
|
||
|
100, Perimeter Park Drive
|
||
|
Morrisville, NC 27560
|
||
|
Tel: +1 919 865 2700"
|
||
|
|
||
|
DESCRIPTION
|
||
|
"The Broadcom Private MIB for FastPath Dot1x Advanced Features "
|
||
|
|
||
|
-- Revision history.
|
||
|
REVISION
|
||
|
"200705230000Z" -- 23 May 2007 12:00:00 GMT
|
||
|
DESCRIPTION
|
||
|
"Broadcom branding related changes."
|
||
|
|
||
|
::= { fastPath 36 }
|
||
|
|
||
|
|
||
|
Dot1xPortControlMode ::= TEXTUAL-CONVENTION
|
||
|
STATUS current
|
||
|
DESCRIPTION
|
||
|
"The control values of the Authenticator PAE controlled
|
||
|
Port."
|
||
|
SYNTAX INTEGER {
|
||
|
forceUnauthorized(1),
|
||
|
auto(2),
|
||
|
forceAuthorized(3),
|
||
|
macBased(4)
|
||
|
}
|
||
|
|
||
|
Dot1xSessionTerminationAction ::= TEXTUAL-CONVENTION
|
||
|
STATUS current
|
||
|
DESCRIPTION
|
||
|
"The action to be taken on session termination ."
|
||
|
SYNTAX INTEGER {
|
||
|
default(1),
|
||
|
reauthenticate(2)
|
||
|
}
|
||
|
|
||
|
agentDot1xEnhancementConfigGroup OBJECT IDENTIFIER ::= { fastPathdot1xAdvanced 1 }
|
||
|
|
||
|
agentDot1xRadiusVlanAssignment OBJECT-TYPE
|
||
|
SYNTAX INTEGER {
|
||
|
enable(1),
|
||
|
disable(2)
|
||
|
}
|
||
|
MAX-ACCESS read-write
|
||
|
STATUS current
|
||
|
DESCRIPTION
|
||
|
"Enable/Disable dot1x Vlan Assignment Support on the switch."
|
||
|
DEFVAL { disable }
|
||
|
::= { agentDot1xEnhancementConfigGroup 1 }
|
||
|
|
||
|
|
||
|
--**************************************************************************************
|
||
|
-- agentDot1xPortConfigGroup -> Contains MIB objects configuring/displaying Dot1x Port details
|
||
|
-- and associated Functionality
|
||
|
--
|
||
|
--**************************************************************************************
|
||
|
|
||
|
agentDot1xPortConfigGroup OBJECT IDENTIFIER ::= { fastPathdot1xAdvanced 2 }
|
||
|
|
||
|
--------------------------------------------------------------
|
||
|
-- The Dot1x Enhanced Port Table
|
||
|
--------------------------------------------------------------
|
||
|
|
||
|
agentDot1xPortConfigTable OBJECT-TYPE
|
||
|
SYNTAX SEQUENCE OF AgentDot1xPortConfigEntry
|
||
|
MAX-ACCESS not-accessible
|
||
|
STATUS current
|
||
|
DESCRIPTION "A table for dot1x enhanced Port details and associated functionality."
|
||
|
::= { agentDot1xPortConfigGroup 1 }
|
||
|
|
||
|
agentDot1xPortConfigEntry OBJECT-TYPE
|
||
|
SYNTAX AgentDot1xPortConfigEntry
|
||
|
MAX-ACCESS not-accessible
|
||
|
STATUS current
|
||
|
DESCRIPTION "Represents entry for port config table."
|
||
|
INDEX { dot1xPaePortNumber}
|
||
|
::= {agentDot1xPortConfigTable 1 }
|
||
|
|
||
|
AgentDot1xPortConfigEntry ::= SEQUENCE {
|
||
|
agentDot1xPortControlMode
|
||
|
Dot1xPortControlMode,
|
||
|
agentDot1xGuestVlanId
|
||
|
Unsigned32,
|
||
|
agentDot1xGuestVlanPeriod
|
||
|
Unsigned32,
|
||
|
agentDot1xUnauthenticatedVlan
|
||
|
Unsigned32,
|
||
|
agentDot1xMaxUsers
|
||
|
Unsigned32,
|
||
|
agentDot1xPortVlanAssigned
|
||
|
Unsigned32,
|
||
|
agentDot1xPortVlanAssignedReason
|
||
|
INTEGER,
|
||
|
agentDot1xPortSessionTimeout
|
||
|
Unsigned32,
|
||
|
agentDot1xPortTerminationAction
|
||
|
Dot1xSessionTerminationAction,
|
||
|
agentDot1xPortMABenabled
|
||
|
INTEGER,
|
||
|
agentDot1xPortMABenabledOperational
|
||
|
INTEGER
|
||
|
|
||
|
}
|
||
|
|
||
|
agentDot1xPortControlMode OBJECT-TYPE
|
||
|
SYNTAX Dot1xPortControlMode
|
||
|
MAX-ACCESS read-write
|
||
|
STATUS current
|
||
|
DESCRIPTION
|
||
|
"Dot1x port control mode of this port.The Port control mode .
|
||
|
The port control mode for this interface can take the following values ,
|
||
|
force-unauthorized - the port is in unauthorized mode,
|
||
|
auto-Port based mode. If a client authenticates suscessfully, then the interface is authorized .
|
||
|
Otherwise, the port is in unauthorized mode.
|
||
|
If more than one clients are attached to the port , then only one client needs to authenticate to allow other clients access.
|
||
|
force-authorized - The port is placed in authorized mode
|
||
|
macBased - If more than one client is attached to the port, then each client needs to authenticate separately.
|
||
|
This object depcreates dot1xAuthAuthControlledPortControl object in IEEE8021-PAE-MIB"
|
||
|
DEFVAL {auto}
|
||
|
::= { agentDot1xPortConfigEntry 1}
|
||
|
|
||
|
agentDot1xGuestVlanId OBJECT-TYPE
|
||
|
SYNTAX Unsigned32
|
||
|
MAX-ACCESS read-write
|
||
|
STATUS current
|
||
|
DESCRIPTION
|
||
|
"Specifies the Guest Vlan of the port. A port will
|
||
|
be moved to its Guest Vlan if no client sucessfully
|
||
|
authenticates on that port for the Guest Vlan Period.
|
||
|
A value of zero indicates no Guest Vlan is configured for the interface."
|
||
|
DEFVAL {0}
|
||
|
::= { agentDot1xPortConfigEntry 2}
|
||
|
|
||
|
agentDot1xGuestVlanPeriod OBJECT-TYPE
|
||
|
SYNTAX Unsigned32 (0..65535)
|
||
|
MAX-ACCESS read-write
|
||
|
STATUS current
|
||
|
DESCRIPTION
|
||
|
"The value, in seconds, of the guestVlanPeriod constant
|
||
|
currently in use for Guest Vlan Assignment for the
|
||
|
port ."
|
||
|
DEFVAL { 90 }
|
||
|
::= { agentDot1xPortConfigEntry 3 }
|
||
|
|
||
|
|
||
|
agentDot1xUnauthenticatedVlan OBJECT-TYPE
|
||
|
SYNTAX Unsigned32
|
||
|
MAX-ACCESS read-write
|
||
|
STATUS current
|
||
|
DESCRIPTION
|
||
|
"Specifies the Unauthenticated Vlan of the port. A port will
|
||
|
be moved to its unauthenticated Vlan if the client authenticates unsucessfully
|
||
|
on that port .
|
||
|
A value of zero indicates no Unauthenticated Vlan is configured for the port. "
|
||
|
DEFVAL {0}
|
||
|
::= { agentDot1xPortConfigEntry 4}
|
||
|
|
||
|
agentDot1xMaxUsers OBJECT-TYPE
|
||
|
SYNTAX Unsigned32
|
||
|
MAX-ACCESS read-write
|
||
|
STATUS current
|
||
|
DESCRIPTION
|
||
|
" Specifies the maximum users or clients that can authenticate on this port when the port control mode is macBased. "
|
||
|
::= { agentDot1xPortConfigEntry 5}
|
||
|
|
||
|
agentDot1xPortVlanAssigned OBJECT-TYPE
|
||
|
SYNTAX Unsigned32
|
||
|
MAX-ACCESS read-only
|
||
|
STATUS current
|
||
|
DESCRIPTION
|
||
|
" Specifies the vlan the port is assigned to by Dot1x .
|
||
|
Only relevant if the port control mode of the port is auto. "
|
||
|
DEFVAL {0}
|
||
|
::= { agentDot1xPortConfigEntry 6}
|
||
|
|
||
|
agentDot1xPortVlanAssignedReason OBJECT-TYPE
|
||
|
SYNTAX INTEGER {
|
||
|
default(1),
|
||
|
radius(2),
|
||
|
unauthenticatedVlan(3),
|
||
|
guestVlan(4),
|
||
|
notAssigned(5)
|
||
|
}
|
||
|
MAX-ACCESS read-only
|
||
|
STATUS current
|
||
|
DESCRIPTION
|
||
|
" Reason the port is assigned to the vlan specified by agentDot1xPortVlanAssigned .
|
||
|
Only relevant if the port control mode of the port is auto. "
|
||
|
DEFVAL {5}
|
||
|
::= { agentDot1xPortConfigEntry 7}
|
||
|
|
||
|
agentDot1xPortSessionTimeout OBJECT-TYPE
|
||
|
SYNTAX Unsigned32
|
||
|
MAX-ACCESS read-only
|
||
|
STATUS current
|
||
|
DESCRIPTION
|
||
|
" Specifies the session timeout value assigned by the Radius server for this port .
|
||
|
Only relevant if the port control mode of the port is auto. "
|
||
|
::= { agentDot1xPortConfigEntry 8}
|
||
|
|
||
|
agentDot1xPortTerminationAction OBJECT-TYPE
|
||
|
SYNTAX Dot1xSessionTerminationAction
|
||
|
MAX-ACCESS read-only
|
||
|
STATUS current
|
||
|
DESCRIPTION
|
||
|
" Specifies the session termination action assigned by the Radius Server .This is the action taken when the session times out .
|
||
|
Only relevant if the port control mode of the port is auto. "
|
||
|
DEFVAL {1}
|
||
|
::= { agentDot1xPortConfigEntry 9}
|
||
|
|
||
|
agentDot1xPortMABenabled OBJECT-TYPE
|
||
|
SYNTAX INTEGER {
|
||
|
enable(1),
|
||
|
disable(2)
|
||
|
}
|
||
|
MAX-ACCESS read-write
|
||
|
STATUS current
|
||
|
DESCRIPTION
|
||
|
" Specifies if Mac-based bypass authentication is configured for the port. "
|
||
|
DEFVAL {2}
|
||
|
::= { agentDot1xPortConfigEntry 10}
|
||
|
|
||
|
agentDot1xPortMABenabledOperational OBJECT-TYPE
|
||
|
SYNTAX INTEGER {
|
||
|
enable(1),
|
||
|
disable(2)
|
||
|
}
|
||
|
MAX-ACCESS read-only
|
||
|
STATUS current
|
||
|
DESCRIPTION
|
||
|
" Displays the operational value of the Mac-based authentication bypass mode (MAB) on the port. "
|
||
|
DEFVAL {2}
|
||
|
::= { agentDot1xPortConfigEntry 11}
|
||
|
|
||
|
--**************************************************************************************
|
||
|
-- agentDot1xClientConfigGroup -> Contains MIB objects displaying Dot1x Client details and
|
||
|
-- associated Functionality
|
||
|
--
|
||
|
--**************************************************************************************
|
||
|
|
||
|
agentDot1xClientConfigGroup OBJECT IDENTIFIER ::= { fastPathdot1xAdvanced 3 }
|
||
|
|
||
|
agentDot1xClientConfigTable OBJECT-TYPE
|
||
|
SYNTAX SEQUENCE OF AgentDot1xClientConfigEntry
|
||
|
MAX-ACCESS not-accessible
|
||
|
STATUS current
|
||
|
DESCRIPTION "A table for dot1x Client details and associated functionality."
|
||
|
::= { agentDot1xClientConfigGroup 1 }
|
||
|
|
||
|
agentDot1xClientConfigEntry OBJECT-TYPE
|
||
|
SYNTAX AgentDot1xClientConfigEntry
|
||
|
MAX-ACCESS not-accessible
|
||
|
STATUS current
|
||
|
DESCRIPTION "Represents entry for port config table."
|
||
|
INDEX { agentDot1xClientMacAddress}
|
||
|
::= {agentDot1xClientConfigTable 1 }
|
||
|
|
||
|
AgentDot1xClientConfigEntry ::= SEQUENCE {
|
||
|
agentDot1xClientMacAddress
|
||
|
MacAddress,
|
||
|
agentDot1xLogicalPort
|
||
|
Unsigned32,
|
||
|
agentDot1xInterface
|
||
|
Unsigned32,
|
||
|
agentDot1xClientAuthPAEstate
|
||
|
INTEGER,
|
||
|
agentDot1xClientBackendState
|
||
|
INTEGER,
|
||
|
agentDot1xClientUserName
|
||
|
DisplayString,
|
||
|
agentDot1xClientSessionTime
|
||
|
Unsigned32,
|
||
|
agentDot1xClientFilterID
|
||
|
DisplayString,
|
||
|
agentDot1xClientVlanAssigned
|
||
|
Unsigned32,
|
||
|
agentDot1xClientVlanAssignedReason
|
||
|
INTEGER,
|
||
|
agentDot1xClientSessionTimeout
|
||
|
Unsigned32,
|
||
|
agentDot1xClientTerminationAction
|
||
|
Dot1xSessionTerminationAction
|
||
|
}
|
||
|
|
||
|
agentDot1xClientMacAddress OBJECT-TYPE
|
||
|
SYNTAX MacAddress
|
||
|
MAX-ACCESS read-only
|
||
|
STATUS current
|
||
|
DESCRIPTION
|
||
|
"Specifies the client MAC address of the client. "
|
||
|
::= { agentDot1xClientConfigEntry 1}
|
||
|
|
||
|
agentDot1xLogicalPort OBJECT-TYPE
|
||
|
SYNTAX Unsigned32
|
||
|
MAX-ACCESS read-only
|
||
|
STATUS current
|
||
|
DESCRIPTION
|
||
|
"Specifies the client MAC address of the client . "
|
||
|
::= { agentDot1xClientConfigEntry 2}
|
||
|
|
||
|
agentDot1xInterface OBJECT-TYPE
|
||
|
SYNTAX Unsigned32
|
||
|
MAX-ACCESS read-only
|
||
|
STATUS current
|
||
|
DESCRIPTION
|
||
|
"Specifies the physical interface to which the client is attached . "
|
||
|
::= { agentDot1xClientConfigEntry 3}
|
||
|
|
||
|
agentDot1xClientAuthPAEstate OBJECT-TYPE
|
||
|
SYNTAX INTEGER {
|
||
|
initialize(1),
|
||
|
disconnected(2),
|
||
|
connecting(3),
|
||
|
authenticating(4),
|
||
|
authenticated(5),
|
||
|
aborting(6),
|
||
|
held(7),
|
||
|
forceAuth(8),
|
||
|
forceUnauth(9)
|
||
|
}
|
||
|
MAX-ACCESS read-only
|
||
|
STATUS current
|
||
|
DESCRIPTION
|
||
|
"The current value of the Authenticator PAE state
|
||
|
machine for the client."
|
||
|
::={ agentDot1xClientConfigEntry 4}
|
||
|
|
||
|
agentDot1xClientBackendState OBJECT-TYPE
|
||
|
SYNTAX INTEGER {
|
||
|
request(1),
|
||
|
response(2),
|
||
|
success(3),
|
||
|
fail(4),
|
||
|
timeout(5),
|
||
|
idle(6),
|
||
|
initialize(7)
|
||
|
}
|
||
|
MAX-ACCESS read-only
|
||
|
STATUS current
|
||
|
DESCRIPTION
|
||
|
"The current state of the Backend Authentication
|
||
|
state machine."
|
||
|
::={ agentDot1xClientConfigEntry 5}
|
||
|
|
||
|
agentDot1xClientUserName OBJECT-TYPE
|
||
|
SYNTAX DisplayString
|
||
|
MAX-ACCESS read-only
|
||
|
STATUS current
|
||
|
DESCRIPTION
|
||
|
"Specifies the username with which the client is authenticated to the Radius server .
|
||
|
This value is only valid when the client is in authenticated state. "
|
||
|
::= { agentDot1xClientConfigEntry 6}
|
||
|
|
||
|
agentDot1xClientSessionTime OBJECT-TYPE
|
||
|
SYNTAX Unsigned32
|
||
|
MAX-ACCESS read-only
|
||
|
STATUS current
|
||
|
DESCRIPTION
|
||
|
"Specifies the time elapsed in seconds since the client was authenticated in this session.
|
||
|
This value is only valid when the client is in authenticated state. "
|
||
|
::= { agentDot1xClientConfigEntry 7}
|
||
|
|
||
|
agentDot1xClientFilterID OBJECT-TYPE
|
||
|
SYNTAX DisplayString
|
||
|
MAX-ACCESS read-only
|
||
|
STATUS current
|
||
|
DESCRIPTION
|
||
|
"Specifies the Filter ID or Diffserv Policy name to be applied to the session .
|
||
|
This vlaue is populated only if it has been assigned by the RADIUS server.
|
||
|
This value is only valid when the client is in authenticated state."
|
||
|
::= { agentDot1xClientConfigEntry 8}
|
||
|
|
||
|
agentDot1xClientVlanAssigned OBJECT-TYPE
|
||
|
SYNTAX Unsigned32
|
||
|
MAX-ACCESS read-only
|
||
|
STATUS current
|
||
|
DESCRIPTION
|
||
|
"Specifies the vlan the client is associated with by Dot1x .
|
||
|
This value is only valid when the client is in authenticated state."
|
||
|
::= { agentDot1xClientConfigEntry 9}
|
||
|
|
||
|
agentDot1xClientVlanAssignedReason OBJECT-TYPE
|
||
|
SYNTAX INTEGER {
|
||
|
default(1),
|
||
|
radius(2),
|
||
|
unauthenticatedVlan(3),
|
||
|
invalid(4)
|
||
|
}
|
||
|
MAX-ACCESS read-only
|
||
|
STATUS current
|
||
|
DESCRIPTION
|
||
|
" Reason the client is associated to the vlan specified by agentDot1xClientVlanAssigned .
|
||
|
This value is only valid when the client is in authenticated state."
|
||
|
::= { agentDot1xClientConfigEntry 10}
|
||
|
|
||
|
agentDot1xClientSessionTimeout OBJECT-TYPE
|
||
|
SYNTAX Unsigned32
|
||
|
MAX-ACCESS read-only
|
||
|
STATUS current
|
||
|
DESCRIPTION
|
||
|
"Specifies the session time remaining for the client if assigned by the Radius server .
|
||
|
A value of 0 indicates that no session timeout was assigned by the RADIUS server.
|
||
|
This value is only valid when the client is in authenticated state. "
|
||
|
::= { agentDot1xClientConfigEntry 11}
|
||
|
|
||
|
agentDot1xClientTerminationAction OBJECT-TYPE
|
||
|
SYNTAX Dot1xSessionTerminationAction
|
||
|
MAX-ACCESS read-only
|
||
|
STATUS current
|
||
|
DESCRIPTION
|
||
|
"Specifies the session termination action assigned by the Radius Server .
|
||
|
This is the action taken when the session times out .
|
||
|
This value is only valid when the client is in authenticated state. "
|
||
|
::= { agentDot1xClientConfigEntry 12}
|
||
|
END
|
||
|
|