CISCO-PAE-MIB DEFINITIONS ::= BEGIN
IMPORTS
OBJECT-TYPE,
MODULE-IDENTITY, Unsigned32
FROM SNMPv2-SMI
TruthValue
FROM SNMPv2-TC
MODULE-COMPLIANCE,
OBJECT-GROUP
FROM SNMPv2-CONF
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB
InetAddressType, InetAddress
FROM INET-ADDRESS-MIB
dot1xPaePortEntry
FROM IEEE8021-PAE-MIB
InterfaceIndex
FROM IF-MIB
VlanIndex
FROM CISCO-VTP-MIB
ciscoMgmt
FROM CISCO-SMI;
ciscoPaeMIB MODULE-IDENTITY
LAST-UPDATED "200404230000Z"
ORGANIZATION "Cisco System, Inc."
CONTACT-INFO
" Cisco Systems
Customer Service
Postal: 170 W Tasman Drive
San Jose, CA 95134
USA
Tel: +1 800 553-NETS
E-mail: cs-wbu@cisco.com, cs-lan-switch-snmp@cisco.com"
DESCRIPTION
"Cisco Port Access Entity (PAE) module for managing
IEEE Std 802.1x.
This MIB provides Port Access Entity information that are
either excluded by IEEE Std 802.1x (IEEE8021-PAE-MIB) or
specific to Cisco products."
REVISION "200404230000Z"
DESCRIPTION
"Modified the DESCRIPTION clauses of cpaeGuestVlanNumber
and cpaeGuestVlanId."
REVISION "200404010000Z"
DESCRIPTION
"Added support of
cpaeUserGroupTable,
cpaeRadiusAccountingEnabled."
REVISION "200304080000Z"
DESCRIPTION
"Add cpaeGuestVlanNumber and cpaeInGuestVlan for per-interface
Guest Vlan feature;
Add cpaeShutdownTimeout and cpaeShutdownTimeoutEnabled for
shutdown timeout feature.
Deprecate cpaeGuestVlanId."
REVISION "200210160000Z"
DESCRIPTION
"Add SNMP support for the Multiple Authentication and
and Guest Vlan features.
The objects cpaeMultipleHost has been deprecated, and
cpaePortMode has been added to cpaePortTable to support
for Multiple Authentication feature. The object
cpaeGuestVlanId has been added to support for Guest Vlan
feature."
REVISION "200105241016Z"
DESCRIPTION
"Initial version of this MIB module."
::= {ciscoMgmt 220}
cpaeMIBNotification OBJECT IDENTIFIER ::= {ciscoPaeMIB 0}
cpaeMIBObject OBJECT IDENTIFIER ::= {ciscoPaeMIB 1}
cpaePortTable OBJECT-TYPE
SYNTAX SEQUENCE OF CpaePortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table of system level information for each port
supported by the Port Access Entity. An entry
appears in this table for each PAE port of this system.
This table contains additional objects for the
dot1xPaePortTable."
REFERENCE
"IEEE 802.1x Subclause 9.6.1"
::= {cpaeMIBObject 1}
cpaePortEntry OBJECT-TYPE
SYNTAX CpaePortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry containing additional management information
applicable to a particular PAE port."
AUGMENTS {dot1xPaePortEntry}
::= {cpaePortTable 1}
CpaePortEntry ::= SEQUENCE {
cpaeMultipleHost TruthValue,
cpaePortMode INTEGER,
cpaeGuestVlanNumber VlanIndex,
cpaeInGuestVlan TruthValue,
cpaeShutdownTimeoutEnabled TruthValue
}
cpaeMultipleHost OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS deprecated
DESCRIPTION
"Specifies whether the port allows multiple-host connection
or not."
::= {cpaePortEntry 1}
cpaePortMode OBJECT-TYPE
SYNTAX INTEGER {
singleHost(1),
multiHost(2),
multiAuth(3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the current mode of dot1x operation on the port.
- singleHost(1): port allows one host to connect and
authenticate.
- multiHost(2) : port allows multiple hosts to connect.
Once a host is authenticated, all remaining hosts
are also authorized.
- multiAuth(3) : port allows multiple hosts to connect
and each host is authenticated.
If the port security feature is enabled on the interface, the
configuration of the port security (such as the number of the
hosts allowed, the security violation action, etc)will apply
to the interface."
::= {cpaePortEntry 2}
cpaeGuestVlanNumber OBJECT-TYPE
SYNTAX VlanIndex
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the Guest Vlan of the interface. An interface will
be moved to its Guest Vlan if its access is unsucessfully
authenticated. A value of zero indicates no Guest Vlan
configured for the interface."
::= {cpaePortEntry 3}
cpaeInGuestVlan OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates whether the interface is in its Guest Vlan or
not."
::= {cpaePortEntry 4}
cpaeShutdownTimeoutEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies whether shutdown timeout feature is enabled on the
interface."
::= {cpaePortEntry 5}
cpaeGuestVlanId OBJECT-TYPE
SYNTAX VlanIndex
MAX-ACCESS read-write
STATUS deprecated
DESCRIPTION
"Specifies the Guest Vlan of the system. An interface will
be moved to Guest Vlan if its access is unsuccessfully
authenticated. A value of zero indicates no Guest Vlan
configured in the system.
If the platform supports per-port guest Vlan ID configuration,
this object is not instantiated."
::= {cpaeMIBObject 2}
cpaeShutdownTimeout OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the shutdown timeout interval to enable the interface
automatically in case it is shutdown due to security violation.
If the value of this object is 0, the interfaces shutdown due
to the security violation will not be enabled automatically.
The value of this object is applicable to the interface only
when cpaeShutdownTimeoutEnabled is 'true', and port security
feature is disabled on the interface."
::= {cpaeMIBObject 3}
cpaeRadiusAccountingEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies if RADIUS accounting is enabled for 802.1x on
this devices."
::= { cpaeMIBObject 4 }
cpaeUserGroupTable OBJECT-TYPE
SYNTAX SEQUENCE OF CpaeUserGroupEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table of Group Manager and authenticated users information
on the device."
::= { cpaeMIBObject 5 }
cpaeUserGroupEntry OBJECT-TYPE
SYNTAX CpaeUserGroupEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about an 802.1x authenticated user on the
devices."
INDEX { cpaeUserGroupName, cpaeUserGroupUserIndex }
::= { cpaeUserGroupTable 1 }
CpaeUserGroupEntry ::= SEQUENCE {
cpaeUserGroupName SnmpAdminString,
cpaeUserGroupUserIndex Unsigned32,
cpaeUserGroupUserName SnmpAdminString,
cpaeUserGroupUserAddrType InetAddressType,
cpaeUserGroupUserAddr InetAddress,
cpaeUserGroupUserInterface InterfaceIndex,
cpaeUserGroupUserVlan VlanIndex
}
cpaeUserGroupName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Specifies the name of the group that the user belongs to."
::= { cpaeUserGroupEntry 1 }
cpaeUserGroupUserIndex OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of an user within a group."
::= { cpaeUserGroupEntry 2 }
cpaeUserGroupUserName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the name of the user authenticated on a port of
the device."
::= { cpaeUserGroupEntry 3 }
cpaeUserGroupUserAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the type of address used to determine the address
of the user."
::= { cpaeUserGroupEntry 4 }
cpaeUserGroupUserAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the address of the host that the user logging
from."
::= { cpaeUserGroupEntry 5 }
cpaeUserGroupUserInterface OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the interface index that the user is authenticated
on."
::= { cpaeUserGroupEntry 6 }
cpaeUserGroupUserVlan OBJECT-TYPE
SYNTAX VlanIndex
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the vlan that the user belongs to."
::= { cpaeUserGroupEntry 7 }
cpaeMIBConformance OBJECT IDENTIFIER ::= {ciscoPaeMIB 2}
cpaeMIBCompliances OBJECT IDENTIFIER ::= {cpaeMIBConformance 1}
cpaeMIBGroups OBJECT IDENTIFIER ::= {cpaeMIBConformance 2}
cpaeCompliance MODULE-COMPLIANCE
STATUS deprecated
DESCRIPTION
"The compliance statement."
MODULE
MANDATORY-GROUPS {
cpaeMultipleHostGroup
}
::= {cpaeMIBCompliances 1}
cpaeCompliance2 MODULE-COMPLIANCE
STATUS deprecated
DESCRIPTION
"The compliance statement for devices that implement
the CISCO-PAE-MIB."
MODULE
MANDATORY-GROUPS {
cpaePortEntryGroup
}
GROUP cpaeGuestVlanGroup
DESCRIPTION
"This group is mandatory in devices running software
which supports Guest Vlan feature."
::= {cpaeMIBCompliances 2}
cpaeCompliance3 MODULE-COMPLIANCE
STATUS deprecated
DESCRIPTION
"The compliance statement for devices that implement
the CISCO-PAE-MIB."
MODULE
MANDATORY-GROUPS {
cpaePortEntryGroup
}
GROUP cpaeGuestVlanGroup2
DESCRIPTION
"This group is mandatory in devices running software
which supports per-interface Guest Vlan feature."
GROUP cpaeShutdownTimeoutGroup
DESCRIPTION
"This group is mandatory in devices running software
which support Shutdown Timeout feature."
::= { cpaeMIBCompliances 3 }
cpaeCompliance4 MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for devices that implement
the CISCO-PAE-MIB."
MODULE
MANDATORY-GROUPS {
cpaePortEntryGroup
}
GROUP cpaeGuestVlanGroup2
DESCRIPTION
"This group is mandatory in devices running software
which supports per-interface Guest Vlan feature."
GROUP cpaeShutdownTimeoutGroup
DESCRIPTION
"This group is mandatory in devices running software
which support Shutdown Timeout feature."
GROUP cpaeRadiusConfigGroup
DESCRIPTION
"This group is mandatory in devices running software
which support RADIUS configuration for 802.1x feature."
GROUP cpaeUserGroupGroup
DESCRIPTION
"This group is mandatory in devices running software
which support Group Manager for 802.1x feature."
::= { cpaeMIBCompliances 4 }
cpaeMultipleHostGroup OBJECT-GROUP
OBJECTS {
cpaeMultipleHost
}
STATUS deprecated
DESCRIPTION
"A collection of objects that provide the multiple
host configuration information for a PAE port.
These are additional to the IEEE Std 802.1x PAE MIB."
::= {cpaeMIBGroups 1}
cpaePortEntryGroup OBJECT-GROUP
OBJECTS {
cpaePortMode
}
STATUS current
DESCRIPTION
"A collection of objects that provides the port-mode
configuration for a PAE port."
::= {cpaeMIBGroups 2}
cpaeGuestVlanGroup OBJECT-GROUP
OBJECTS {
cpaeGuestVlanId
}
STATUS deprecated
DESCRIPTION
"A collection of objects that provides the Guest Vlan
configuration information for the system."
::= {cpaeMIBGroups 3}
cpaeGuestVlanGroup2 OBJECT-GROUP
OBJECTS {
cpaeGuestVlanNumber,
cpaeInGuestVlan
}
STATUS current
DESCRIPTION
"A collection of objects that provides the per-interface
Guest Vlan configuration information for the system."
::= {cpaeMIBGroups 4}
cpaeShutdownTimeoutGroup OBJECT-GROUP
OBJECTS {
cpaeShutdownTimeout,
cpaeShutdownTimeoutEnabled
}
STATUS current
DESCRIPTION
"A collection of objects that provides the dot1x shutdown
timeout configuration information for the system."
::= {cpaeMIBGroups 5}
cpaeRadiusConfigGroup OBJECT-GROUP
OBJECTS {
cpaeRadiusAccountingEnabled
}
STATUS current
DESCRIPTION
"A collection of objects that provides the RADIUS
configuration information for the system."
::= { cpaeMIBGroups 6 }
cpaeUserGroupGroup OBJECT-GROUP
OBJECTS {
cpaeUserGroupUserName,
cpaeUserGroupUserAddrType,
cpaeUserGroupUserAddr,
cpaeUserGroupUserInterface,
cpaeUserGroupUserVlan
}
STATUS current
DESCRIPTION
"A collection of objects that provides the group manager
information of authenticated users in the system."
::= { cpaeMIBGroups 7 }
END