-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathBAY-STACK-EAPOL-EXTENSION-MIB
868 lines (764 loc) · 29.7 KB
/
BAY-STACK-EAPOL-EXTENSION-MIB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
BAY-STACK-EAPOL-EXTENSION-MIB DEFINITIONS ::= BEGIN
IMPORTS
OBJECT-TYPE, MODULE-IDENTITY, Integer32, TimeTicks
FROM SNMPv2-SMI
TruthValue, MacAddress, RowStatus
FROM SNMPv2-TC
InterfaceIndex
FROM IF-MIB
bayStackMibs
FROM SYNOPTICS-ROOT-MIB
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB;
bayStackEapExtMib MODULE-IDENTITY
LAST-UPDATED "200611010000Z"
ORGANIZATION "Nortel Networks"
CONTACT-INFO "Nortel Networks"
DESCRIPTION
"BayStack EAPOL Extension MIB
Copyright 2003-2004 Nortel Networks, Inc.
All rights reserved.
This Bay Networks SNMP Management Information Base Specification
(Specification) embodies Bay Networks' confidential and
proprietary intellectual property. Bay Networks retains all
title and ownership in the Specification, including any
revisions.
This Specification is supplied 'AS IS,' and Bay Networks makes
no warranty, either express or implied, as to the use,
operation, condition, or performance of the Specification."
REVISION "200611010000Z" -- 01 Nov 2006
DESCRIPTION "v010 Added support for various additional EAP features:
- allowing IP phones based on DHCP
- allowing use of radius assigned VLAN in
multihost-eap mode
- use of unicast packets for Eap-ReqId packets
- fail or not-fail EAP users on radius timeout
(default is to fail)"
REVISION "200605240000Z" -- 24 May 2006
DESCRIPTION "v009: Added non-eap ubp support, filter-on-mac ubp support,
configurable non-eap radius password attribute format
support, re-auth of individual MAC addrs support."
REVISION "200506270000Z" -- 27 June 2005
DESCRIPTION "v008: Added MHSA support. Added new non-eap auth reasons."
REVISION "200503100000Z" -- 10 March 2005
DESCRIPTION "v007: Cleaned up some DESCRIPTION clauses.
Added bseeMultiHostNonEapStatusTable."
REVISION "200502170000Z" -- 17 February 2005
DESCRIPTION "v006: Added objects:
bseeMultiHostAllowNonEapClient
bseeMultiHostRadiusAuthNonEapClient
bseePortConfigMultiHostRadiusAuthNonEapClient
deprecated bseePortConfigMultiHostNonEapMacSource."
REVISION "200411110000Z" -- 11 November 2004
DESCRIPTION "v005: Added bseeMultiHostNonEapMacTable."
REVISION "200408310000Z" -- 20 July 2004
DESCRIPTION "v004: Changes to have separate enable/disable flag for
guest vlan and remediation vlan. Added objects:
bseeGuestVlanEnabled
bseeRemediationVlanEnabled
bseePortConfigGuestVlanEnabled"
REVISION "200407200000Z" -- 20 July 2004
DESCRIPTION "v003: Added enhancements for guest vlan, remediation vlan,
and multihost support."
REVISION "200309180000Z" -- 18 Sept 2003
DESCRIPTION "v001: Initial version."
::= { bayStackMibs 3 }
bseeObjects OBJECT IDENTIFIER ::= { bayStackEapExtMib 1 }
bseeNotifications OBJECT IDENTIFIER ::= { bayStackEapExtMib 2 }
bseeNotifications0 OBJECT IDENTIFIER ::= { bseeNotifications 0 }
bseeUserBasedPoliciesEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates whether EAPOL User-based policies
are enabled or disabled."
::= { bseeObjects 1 }
bseeGuestVlanId OBJECT-TYPE
SYNTAX Integer32 (1..4094)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the ID of the global default guest VLAN. This
VLAN is used for ports which do not have a configured guest VLAN.
Access to the guest VLAN is allowed for MAC addresses before EAP
authentication has been performed. However, if the value of
bseeGuestVlanEnabled is false(2), then access to the guest VLAN
is not allowed for ports that do not have a configured guest VLAN."
::= { bseeObjects 2 }
bseeRemediationVlanId OBJECT-TYPE
SYNTAX Integer32 (1..4094)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the ID of the remediation VLAN. If EAP
authentication fails for a port, MAC addresses on that port are
restricted to access only the remediation VLAN. However, if the
value of bseeRemediationVlanEnabled is false(2), then access is
not allowed at all for a port when EAP authentication fails."
::= { bseeObjects 3 }
bseeMaximumEapClientMacs OBJECT-TYPE
SYNTAX Integer32 (1..800)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the global maximum number of EAP authenticated
MAC addresses allowed."
::= { bseeObjects 4 }
bseeMaximumNonEapClientMacs OBJECT-TYPE
SYNTAX Integer32 (1..800)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the global maximum number of non-EAP
authenticated MAC addresses allowed."
::= { bseeObjects 5 }
bseeGuestVlanEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies whether access to the global default guest
VLAN is allowed."
::= { bseeObjects 6 }
bseeRemediationVlanEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies whether access to the remediation VLAN
is allowed."
::= { bseeObjects 7 }
bseeMultiHostAllowNonEapClient OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object controls whether non-EAP clients (MAC addresses) are
allowed. This is the system-wide setting. The associated per-port
setting (bseePortConfigMultiHostAllowNonEapClient) must also be true
for non-EAP clients to be allowed on a particular port."
DEFVAL { false }
::= { bseeObjects 8 }
bseeMultiHostRadiusAuthNonEapClient OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object controls whether non-EAP clients (MAC addresses) may
be authenticated using RADIUS. This is the system-wide setting. The
associated per-port setting (bseePortConfigMultiHostRadiusAuthNonEapClient)
must also be true for non-EAP clients to be authenticated using
RADIUS on a particular port."
DEFVAL { false }
::= { bseeObjects 9 }
bseeMultiHostSingleAuthEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object controls whether non-EAP clients (MAC addresses) may
be automatically authenticated on a port after an EAP client has
been authenticated (known as MHSA). This is the system-wide setting.
The associated per-port setting must also be true for non-EAP clients
to be authenticated in this way."
DEFVAL { false }
::= { bseeObjects 10 }
bseeUserBasedPoliciesFilterOnMac OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates whether the EAPOL User-based policy filters
that are installed on ports will be dynamically modified to include
the MAC address for which the filters are installed."
::= { bseeObjects 11 }
bseeMultiHostNonEapUserBasedPoliciesEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates whether non-EAPOL User-based policies
are enabled or disabled."
::= { bseeObjects 12 }
bseeMultiHostNonEapUserBasedPoliciesFilterOnMac OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates whether the non-EAPOL User-based policy filters
that are installed on ports will be dynamically modified to include
the MAC address for which the filters are installed."
::= { bseeObjects 13 }
bseeMultihostNonEapRadiusPasswordAttributeFormat OBJECT-TYPE
SYNTAX BITS {
ipAddr(0),
macAddr(1),
portNumber(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object controls the format of the RADIUS password attribute
that is included in requests to the RADIUS server for authenticating
non-EAP clients (MAC addresses).
If the ipAddr(0) bit is set, the password attribute will contain
the switch's IP address encoded as a string of four 3-digit 0-padded
integers. For example, the encoding for the IP address 47.80.225.1
would be '047080225001'.
If the macAddr(1) bit is set, the password attribute will contain
the MAC address to be authenticated as a string of six 2-digit hex
numbers. For example, the MAC address 00:08:01:0a:33:34 would be
encoded as '0008010a3334'.
If the portNumber(2) bit is set, the password attribute will contain
the port number on which the MAC address was seen, encoded as a string
of two 2-digit 0-padded integers. The first integer is the unit/slot
number, and the second number is the port number on that unit/slot.
For a standalone stackable unit, the unit/slot number will be 0. For
example, the encoding for unit/port 1/23 would be '0123', and the
encoding for port 7 on a standalone stackable unit would be '0007'.
The fields in the password attribute will appear in the order of the
bits defined in this object, i.e., IP addr, followed by MAC addr,
followed by port number. Fields are separated by a '.' character.
The separators are present regardless of whether a field is present.
So, for example, if all three fields are present, the password
attribute might contain:
047080225001.0008010a3334.0123
If none of the three fields are present, the password attribute will
be '..'."
::= { bseeObjects 14 }
bseeMultiHostAllowNonEapPhones OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates whether IP phones will be allowed access
based on DHCP."
DEFVAL { false }
::= { bseeObjects 15 }
bseeMultiHostAllowRadiusAssignedVlan OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates whether to allow the use of RADIUS-assigned
VLANs in multihost-eap mode."
DEFVAL { false }
::= { bseeObjects 16 }
bseeMultiHostEapPacketMode OBJECT-TYPE
SYNTAX INTEGER {
multicast(1),
unicast(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates whether to use unicast or multicast packets
for Eap-ReqId packets. Normally, multicast packets are used."
DEFVAL { multicast }
::= { bseeObjects 17 }
bseeMultiHostEapRadiusTimeoutMode OBJECT-TYPE
SYNTAX INTEGER {
fail(1),
doNotFail(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates whether or not to fail authentication of EAP
users on a RADIUS timeout."
DEFVAL { fail }
::= { bseeObjects 18 }
--
-- EAP Multi-Host Configuration Table
--
bseePortConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF BseePortConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is used to control the EAP multihost configuration
for each port in the system."
::= { bayStackEapExtMib 3 }
bseePortConfigEntry OBJECT-TYPE
SYNTAX BseePortConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The EAP multihost configuration for a port."
INDEX { bseePortConfigPortNumber }
::= { bseePortConfigTable 1 }
BseePortConfigEntry ::=
SEQUENCE {
bseePortConfigPortNumber InterfaceIndex,
bseePortConfigGuestVlanId Integer32,
bseePortConfigMultiHostEnabled TruthValue,
bseePortConfigMultiHostEapMaxNumMacs Integer32,
bseePortConfigMultiHostAllowNonEapClient TruthValue,
bseePortConfigMultiHostNonEapMacSource INTEGER,
bseePortConfigMultiHostNonEapMaxNumMacs Integer32,
bseePortConfigGuestVlanEnabled TruthValue,
bseePortConfigMultiHostRadiusAuthNonEapClient TruthValue,
bseePortConfigMultiHostSingleAuthEnabled TruthValue,
bseePortConfigMultiHostAllowNonEapPhones TruthValue,
bseePortConfigMultiHostAllowRadiusAssignedVlan TruthValue,
bseePortConfigMultiHostEapPacketMode INTEGER,
bseePortConfigMultiHostEapRadiusTimeoutMode INTEGER
}
bseePortConfigPortNumber OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The Port number associated with this Port."
::= { bseePortConfigEntry 1 }
bseePortConfigGuestVlanId OBJECT-TYPE
SYNTAX Integer32 (0..4094)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the ID of the guest VLAN for this port.
Access to the guest VLAN is allowed for MAC addresses before EAP
authentication has been performed.
If the value of this object is 0, then the global guest VLAN ID
is used for this port, as specified in bseeGuestVlanId.
However, if the value of the associated instance of
bseePortConfigGuestVlanEnabled is false(2), then access to the
guest VLAN is not allowed for the port, regardless of the value
of bseePortConfigGuestVlanId."
DEFVAL { 0 }
::= { bseePortConfigEntry 2 }
bseePortConfigMultiHostEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object controls whether EAP multihost is enabled for a port."
DEFVAL { false }
::= { bseePortConfigEntry 3 }
bseePortConfigMultiHostEapMaxNumMacs OBJECT-TYPE
SYNTAX Integer32 (0..100)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the maximum number of EAP-authentication
MAC addresses allowed on this port. A value of 0 indicates that
there is no port-specific limit."
DEFVAL { 1 }
::= { bseePortConfigEntry 4 }
bseePortConfigMultiHostAllowNonEapClient OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object controls whether non-EAP clients (MAC addresses) are
allowed on the port."
DEFVAL { false }
::= { bseePortConfigEntry 5 }
bseePortConfigMultiHostNonEapMacSource OBJECT-TYPE
SYNTAX INTEGER {
autoLearn(1),
userConfig(2),
radius(3)
}
MAX-ACCESS read-write
STATUS deprecated
DESCRIPTION
"This object controls the source for finding allowed non-EAP MAC
addresses."
DEFVAL { userConfig }
::= { bseePortConfigEntry 6 }
bseePortConfigMultiHostNonEapMaxNumMacs OBJECT-TYPE
SYNTAX Integer32 (1..100)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the maximum number of non-EAP authenticated
MAC addresses allowed on this port."
DEFVAL { 1 }
::= { bseePortConfigEntry 7 }
bseePortConfigGuestVlanEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object controls whether access to the guest VLAN is allowed
for a port."
DEFVAL { false }
::= { bseePortConfigEntry 8 }
bseePortConfigMultiHostRadiusAuthNonEapClient OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object controls whether non-EAP clients (MAC addresses) may
authenticated using RADIUS on the port."
DEFVAL { false }
::= { bseePortConfigEntry 9 }
bseePortConfigMultiHostSingleAuthEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object controls whether non-EAP clients (MAC addresses) may
be automatically authenticated on the port after an EAP client has
been authenticated (known as MHSA)."
DEFVAL { false }
::= { bseePortConfigEntry 10 }
bseePortConfigMultiHostAllowNonEapPhones OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates whether IP phones will be allowed access
based on DHCP."
DEFVAL { false }
::= { bseePortConfigEntry 11 }
bseePortConfigMultiHostAllowRadiusAssignedVlan OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates whether to allow the use of RADIUS-assigned
VLANs in multihost-eap mode."
DEFVAL { false }
::= { bseePortConfigEntry 12 }
bseePortConfigMultiHostEapPacketMode OBJECT-TYPE
SYNTAX INTEGER {
multicast(1),
unicast(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates whether to use unicast or multicast packets
for Eap-ReqId packets. Normally, multicast packets are used."
DEFVAL { multicast }
::= { bseePortConfigEntry 13 }
bseePortConfigMultiHostEapRadiusTimeoutMode OBJECT-TYPE
SYNTAX INTEGER {
fail(1),
doNotFail(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates whether or not to fail authentication of EAP
users on a RADIUS timeout."
DEFVAL { fail }
::= { bseePortConfigEntry 14 }
--
-- EAP Multi-Host Status Table
--
bseeMultiHostStatusTable OBJECT-TYPE
SYNTAX SEQUENCE OF BseeMultiHostStatusEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table provides the EAP authentication status per-MAC address
per-port."
::= { bayStackEapExtMib 4 }
bseeMultiHostStatusEntry OBJECT-TYPE
SYNTAX BseeMultiHostStatusEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The status of EAP authentication of clients for a port."
INDEX { bseeMultiHostStatusPortNumber, bseeMultiHostStatusClientMACAddr }
::= { bseeMultiHostStatusTable 1 }
BseeMultiHostStatusEntry ::=
SEQUENCE {
bseeMultiHostStatusPortNumber InterfaceIndex,
bseeMultiHostStatusClientMACAddr MacAddress,
bseeMultiHostStatusPaeState INTEGER,
bseeMultiHostStatusBackendAuthState INTEGER,
bseeMultiHostStatusReauthenticate INTEGER
}
bseeMultiHostStatusPortNumber OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The Port number associated with this client."
::= { bseeMultiHostStatusEntry 1 }
bseeMultiHostStatusClientMACAddr OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The MAC address of the client."
::= { bseeMultiHostStatusEntry 2 }
bseeMultiHostStatusPaeState OBJECT-TYPE
SYNTAX INTEGER {
initialize(1),
disconnected(2),
connecting(3),
authenticating(4),
authenticated(5),
aborting(6),
held(7),
forceAuth(8),
forceUnauth(9)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current value of the Authenticator PAE state machine."
::= { bseeMultiHostStatusEntry 3 }
bseeMultiHostStatusBackendAuthState OBJECT-TYPE
SYNTAX INTEGER {
request(1),
response(2),
success(3),
fail(4),
timeout(5),
idle(6),
initialize(7)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current state of the Backend Authentication state machine."
::= { bseeMultiHostStatusEntry 4 }
bseeMultiHostStatusReauthenticate OBJECT-TYPE
SYNTAX INTEGER {
other(1),
reauthenticate(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Setting this object to reauthenticate(2) will force the client to
be reauthenticated. When retrieved, the value of this object is
always other(1)."
::= { bseeMultiHostStatusEntry 5 }
--
-- EAP Multi-Host Session Statistics Table
--
bseeMultiHostSessionStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF BseeMultiHostSessionStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table that contains the session statistics objects for the
Authenticator PAE associated with each EAP client on each Port.
An entry appears in this table for each client MAC address on each
port that may authenticate access to itself."
::= { bayStackEapExtMib 5 }
bseeMultiHostSessionStatsEntry OBJECT-TYPE
SYNTAX BseeMultiHostSessionStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The session statistics information for an Authenticator
PAE. This shows the current values being collected for
each session that is still in progress, or the final
values for the last valid session for each client where
there is no session currently active. This is similar to
the dot1xAuthSessionStatsTable, except that it provides
information per-port-per-MAC, rather than just per-port."
INDEX { bseeMultiHostSessionStatsPortNumber,
bseeMultiHostSessionStatsClientMACAddr }
::= { bseeMultiHostSessionStatsTable 1 }
BseeMultiHostSessionStatsEntry ::=
SEQUENCE {
bseeMultiHostSessionStatsPortNumber InterfaceIndex,
bseeMultiHostSessionStatsClientMACAddr MacAddress,
bseeMultiHostSessionId SnmpAdminString,
bseeMultiHostSessionAuthenticMethod INTEGER,
bseeMultiHostSessionTime TimeTicks,
bseeMultiHostSessionTerminateCause INTEGER,
bseeMultiHostSessionUserName SnmpAdminString
}
bseeMultiHostSessionStatsPortNumber OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The Port number associated with this client."
::= { bseeMultiHostSessionStatsEntry 1 }
bseeMultiHostSessionStatsClientMACAddr OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The MAC address of this client."
::= { bseeMultiHostSessionStatsEntry 2 }
bseeMultiHostSessionId OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A unique identifier for the session, in the
form of a printable ASCII string of at least
three characters."
::= { bseeMultiHostSessionStatsEntry 3 }
bseeMultiHostSessionAuthenticMethod OBJECT-TYPE
SYNTAX INTEGER {
remoteAuthServer(1),
localAuthServer(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The authentication method used to establish the session."
::= { bseeMultiHostSessionStatsEntry 4 }
bseeMultiHostSessionTime OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The duration of the session in seconds."
::= { bseeMultiHostSessionStatsEntry 5 }
bseeMultiHostSessionTerminateCause OBJECT-TYPE
SYNTAX INTEGER {
supplicantLogoff(1),
portFailure(2),
supplicantRestart(3),
reauthFailed(4),
authControlForceUnauth(5),
portReInit(6),
portAdminDisabled(7),
notTerminatedYet(999)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The reason for the session termination."
::= { bseeMultiHostSessionStatsEntry 6 }
bseeMultiHostSessionUserName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The User-Name representing the identity of the Supplicant PAE."
::= { bseeMultiHostSessionStatsEntry 7 }
--
-- EAP Multi-Host Allowed Non-EAP MAC Address Table
--
bseeMultiHostNonEapMacTable OBJECT-TYPE
SYNTAX SEQUENCE OF BseeMultiHostNonEapMacEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table that contains the non-EAP MAC addresses that are
allowed access to EAP-enabled interfaces."
::= { bayStackEapExtMib 6 }
bseeMultiHostNonEapMacEntry OBJECT-TYPE
SYNTAX BseeMultiHostNonEapMacEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An allowed non-EAP MAC address."
INDEX { bseeMultiHostNonEapMacPortNumber,
bseeMultiHostNonEapMacClientMACAddr }
::= { bseeMultiHostNonEapMacTable 1 }
BseeMultiHostNonEapMacEntry ::=
SEQUENCE {
bseeMultiHostNonEapMacPortNumber InterfaceIndex,
bseeMultiHostNonEapMacClientMACAddr MacAddress,
bseeMultiHostNonEapMacRowStatus RowStatus
}
bseeMultiHostNonEapMacPortNumber OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The Port number on which the MAC address is allowed."
::= { bseeMultiHostNonEapMacEntry 1 }
bseeMultiHostNonEapMacClientMACAddr OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The MAC address allowed on the port."
::= { bseeMultiHostNonEapMacEntry 2 }
bseeMultiHostNonEapMacRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This is used to control creation/deletion of entries
in this table."
::= { bseeMultiHostNonEapMacEntry 3 }
--
-- EAP Multi-Host Non-EAP Status Table
--
bseeMultiHostNonEapStatusTable OBJECT-TYPE
SYNTAX SEQUENCE OF BseeMultiHostNonEapStatusEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table provides the authentication status of non-EAP
clients per-MAC address per-port."
::= { bayStackEapExtMib 7 }
bseeMultiHostNonEapStatusEntry OBJECT-TYPE
SYNTAX BseeMultiHostNonEapStatusEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The status of authentication of a non-EAP client for a port."
INDEX { bseeMultiHostNonEapStatusPortNumber,
bseeMultiHostNonEapStatusClientMACAddr }
::= { bseeMultiHostNonEapStatusTable 1 }
BseeMultiHostNonEapStatusEntry ::=
SEQUENCE {
bseeMultiHostNonEapStatusPortNumber InterfaceIndex,
bseeMultiHostNonEapStatusClientMACAddr MacAddress,
bseeMultiHostNonEapStatusState INTEGER,
bseeMultiHostNonEapStatusReauthenticate INTEGER
}
bseeMultiHostNonEapStatusPortNumber OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The Port number associated with this client."
::= { bseeMultiHostNonEapStatusEntry 1 }
bseeMultiHostNonEapStatusClientMACAddr OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The MAC address of the client."
::= { bseeMultiHostNonEapStatusEntry 2 }
bseeMultiHostNonEapStatusState OBJECT-TYPE
SYNTAX INTEGER {
rejected(1),
locallyAuthenticated(2),
radiusPending(3),
radiusAuthenticated(4),
adacAuthenticated(5),
mhsaAuthenticated(6)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The authentication status. Values are:
rejected(1) - the MAC address could not be authenticated
on this port
locallyAuthenticated(2) - the MAC address was authenticated
using the local table of allowed clients
radiusPending(3) - the MAC address is awaiting
authentication by a RADIUS server
radiusAuthenticated(4) - the MAC address was authenticated
by a RADIUS server
adacAuthenticated(5) - the MAC address was authenticated using
ADAC configuration tables
mhsaAuthenticated(6) - the MAC address was auto-authenticated
on a port following a successful authentication
of an EAP client"
::= { bseeMultiHostNonEapStatusEntry 3 }
bseeMultiHostNonEapStatusReauthenticate OBJECT-TYPE
SYNTAX INTEGER {
other(1),
reauthenticate(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Setting this object to reauthenticate(2) will force the MAC address
to be reauthenticated. When retrieved, the value of this object is
always other(1)."
::= { bseeMultiHostNonEapStatusEntry 4 }
END