ENTERASYS-MULTI-AUTH-MIB
The following tables, groups, and variables are supported in this MIB.
Table/Group | Supported Variables | Comments |
---|---|---|
Multiple Authentication System Group | etsysMultiAuthSystemSupportedTypes | This object specifies that authentication types that the device supports. A bit will be set for each corresponding type that is supported. |
etsysMultiAuthSystemMaxNumUsers | The maximum number of users the can be actively authenticated or have authentications in progress at one time in the system. | |
etsysMultiAuthSystemCurrentNumUsers | The current number of users the are actively authenticated, have authentications in progress, or the device is keeping authentication termination information for in the system. | |
etsysMultiAuthSystemMode | The value strictIeee8021x(1) will cause the device to authenticate in strict adherence to IEEE Std. 802.1X-2001. In this mode no other authentication mechanisms will be active. While in this mode, changes may be made to other objects in the MIB, but they will have no effect on the operation of the device until such time as the system mode is changed to etsysMultiAuth(2). A set of this object to a value of etsysMultiAuth(2) will cause the device to authenticate using multiple authenticators simultaneously. | |
etsysMultiAuthSystemDefaultPrecedence | The precedence that authentication results will be applied to network traffic by default. This object will have a size equal to the number of enumerations specified by the EtsysMultiAuthTypes textual convention. | |
etsysMultiAuthSystemAdminPrecedence |
This object allows one to modify the default precedence by which authentication results will be applied to network traffic. Sets to this object are not required to specify all of the types that the device supports. If less types are specified than are supported, then all types that were not specified will be given an operational precedence based on that type's default precedence relative to the last type specified. For example, if the default precedence is '030102'H and the object is set to '02'H then operational precedence would be '020301'H. A set to this object of a zero length octet string will clear the administrative precedence. In this case the operational precedence would be equal to the default precedence. |
|
etsysMultiAuthSystemOperPrecedence | This object returns the operational precedence of authentication types as they will be applied to network traffic. The value returned by this object is the calculated result of the etsysMultiAuthSystemDefaultPrecedence and etsysMultiAuthSystemAdminPrecedence objects. This object will have a size equal to the number of enumerations specified by the EtsysMultiAuthTypes textual convention. | |
etsysMultiAuthTypePropertiesTable | A table of properties per authentication type. | |
etsysMultiAuthTypePropertiesEntry | An entry containing per authentication type properties. | |
etsysMultiAuthType | The authentication type the entry properties pertain to. | |
etsysMultiAuthSessionTimeout | The maximum number of seconds an authenticated session may last before termination of the session. A value of zero indicates that no session timeout will be applied. This value MAY be superseded by a session timeout value provided by the authenticating server. For example, if a session is authenticated by a RADIUS server, that server may encode a Session-Timeout Attribute in its authentication response. The operational timeout value of a given authenticated session is specified by the etsysMultiAuthSessionSessionTimeout object. | |
etsysMultiAuthIdleTimeout | The maximum number of consecutive seconds an authenticated session may be idle before termination of the session. A value of zero indicates that no idle timeout will be applied. This value MAY be superseded by a idle timeout value provided by the authenticating server. For example, if a session is authenticated by a RADIUS server, that server may encode a Idle-Timeout Attribute in its authentication response. The operational idle timeout value of a given authenticated session is specified by the etsysMultiAuthSessionIdleTimeout object. | |
etsysMultiAuthCurrentNumUsers | The current number of users the are actively authenticated or have authentications in progress for this authentication type in the system. | |
etsysMultiAuthSystemMaxNumUsersReachedTrapEnable | This object allows for the enabling or disabling the transmission of the etsysMultiAuthSystemMaxNumUsersReached NOTIFICATION. | |
etsysMultiAuthSessionsUniquePerPort |
When this object is set to true(1) each multi-auth session MAY be unique to the port it was created on. The operational status of this variable can be found using etsysMultiAuthSessionsUniquePerPortOperStatus. |
|
etsysMultiAuthSessionsUniquePerPortOperStatus | If this object has a value of true(1) each multi-auth session will be unique to the port it was created on. If this object has a value of false(2) each multi-auth session may exist on multiple ports. | |
etsysMultiAuthSystemReAuthenticationTimeoutAction |
When this object is set to terminate(1) re-authenticating multiauth sessions will be terminated if the re-authentication RADIUS transaction results in a complete timeout. When this object is set to none(2) re-authentication multiauth sessions will be left as they were prior to the re-authentication attempt if the re-authentication RADIUS transaction results in a complete timeout. A complete timeout occurs when all RADIUS retries to all appropriate RADIUS servers have been exhausted. |
|
Multiple Authentication Port Group | etsysMultiAuthPortTable | A table of per port information and configuration for user authentication. |
-etsysMultiAuthPortEntry | An entry containing per port authentication data. Only interfaces that are able to authenticate users are represented in this table. | |
etsysMultiAuthPortMode |
This object specifies the authorization mode to use for packets received on this interface. A value of forceUnauthorized(1) indicates that the interface is always unauthenticated. A value of forceAuthorized(2) indicates that users on this port will always be considered to be authenticated. A value of authOptional(3) indicates that authentication is optional on this interface. Packets received from unauthenticated users on the interface will be processed using the static configuration of the interface. Users may promote the policy applied to their traffic by actively authenticating on this interface. A value of authRequired(4) indicates that all packets received on the interface will be dropped until authentication succeeds. Some authentication types, such as PWA, will not be fully functional in this mode of operation. |
|
etsysMultiAuthPortMaxNumUsers | The maximum number of users that can be actively authenticated or have authentications in progress at one time on this interface. | |
etsysMultiAuthPortNumUsersAllowed | The user configured number of users that can be actively authenticated or have authentications in progress at one time on this interface. This object has a default value equal to the value of etsysMultiAuthPortMaxNumUsers for this interface. If the value set to this object is less than its current value, it will have the same effect as setting the etsysMultiAuthPortClearUsers object to a value of true(1). | |
etsysMultiAuthPortCurrentNumUsers | The current number of users that are actively authenticated or have authentications in progress at one time on this interface. By definition this value can not exceed the value specified by etsysMultiAuthPortMaxNumUsers for the same interface. | |
etsysMultiAuthPortClearUsers |
Setting this object to a value of true(1) will cause all users that are currently authenticated or that have authentications in progress on this interface to become unauthenticated. This will cause any such entries with matching ifIndex values in the etsysMultiAuthSessionStationTable tables to change their authorization status to authTerminated(5) Setting this object to a value of false(2) has no effect. This object will always return a value of false(2). |
|
etsysMultiAuthPortTrapEnable |
This object allows for the enabling or disabling of each trap on a per interface basis. Setting a given bit to a value of 1 allows traps of that type to be sent for events on that interface. Setting a given bit to a value of 0 disallows traps of that type to be sent for events on that interface. The individual bits correlate to specific traps as follows: BIT NOTIFICATION ---------------------------------------------------------------- authSuccessTrap(0) etsysMultiAuthSuccess authFailedTrap(1) etsysMultiAuthFailed authTerminatedTrap(2) etsysMultiAuthTerminated maxNumUsersReachedTrap(3) etsysMultiAuthMaxNumUsersReached |
|
etsysMultiAuthPortTypeTable | A table of per port, per authentication type information. | |
etsysMultiAuthPortTypeEntry | An entry containing per port, per authentication type data. Only interfaces that are able to authenticate users are represented in this table. | |
etsysMultiAuthPortTypeCurrentNumUsers | The current number of users the are actively authenticated or have authentications in progress for this authentication type on the specified port. | |
Multiple Authentication Station GroupMultiple Authentication Session Group | etsysMultiAuthStationTable | A table of station configuration on specific interfaces. |
etsysMultiAuthStationEntry | An entry containing authentication information on a per station, per port basis. Only interfaces that are able to authenticate users are represented in this table. | |
etsysMultiAuthStationAddrType | The type of station represented by etsysMultiAuthStationAddr. | |
etsysMultiAuthStationAddr | The station address for the authenticated user. | |
etsysMultiAuthStationClearUsers |
Setting this object to a value of true(1) will cause any users with the specified station address that are currently authenticated or that have authentications in progress to become unauthenticated. This will cause any entries with matching etsysMultiAuthStationAddr values in the etsysMultiAuthSessionStationTable tables to change their authorization status to authTerminated(5). Setting this object to a value of false(2) has no effect. This object will always return a value of false(2). |
|
etsysMultiAuthSessionStationTable |