ENTERASYS-MULTI-AUTH-MIB

The following tables, groups, and variables are supported in this MIB.

Table/Group Supported Variables Comments
Multiple Authentication System Group etsysMultiAuthSystemSupportedTypes This object specifies that authentication types that the device supports. A bit will be set for each corresponding type that is supported.
etsysMultiAuthSystemMaxNumUsers The maximum number of users the can be actively authenticated or have authentications in progress at one time in the system.
etsysMultiAuthSystemCurrentNumUsers The current number of users the are actively authenticated, have authentications in progress, or the device is keeping authentication termination information for in the system.
etsysMultiAuthSystemMode The value strictIeee8021x(1) will cause the device to authenticate in strict adherence to IEEE Std. 802.1X-2001. In this mode no other authentication mechanisms will be active. While in this mode, changes may be made to other objects in the MIB, but they will have no effect on the operation of the device until such time as the system mode is changed to etsysMultiAuth(2). A set of this object to a value of etsysMultiAuth(2) will cause the device to authenticate using multiple authenticators simultaneously.
etsysMultiAuthSystemDefaultPrecedence The precedence that authentication results will be applied to network traffic by default. This object will have a size equal to the number of enumerations specified by the EtsysMultiAuthTypes textual convention.
etsysMultiAuthSystemAdminPrecedence

This object allows one to modify the default precedence by which authentication results will be applied to network traffic. Sets to this object are not required to specify all of the types that the device supports. If less types are specified than are supported, then all types that were not specified will be given an operational precedence based on that type's default precedence relative to the last type specified. For example, if the default precedence is '030102'H and the object is set to '02'H then operational precedence would be '020301'H.

A set to this object of a zero length octet string will clear the administrative precedence. In this case the operational precedence would be equal to the default precedence.

etsysMultiAuthSystemOperPrecedence This object returns the operational precedence of authentication types as they will be applied to network traffic. The value returned by this object is the calculated result of the etsysMultiAuthSystemDefaultPrecedence and etsysMultiAuthSystemAdminPrecedence objects. This object will have a size equal to the number of enumerations specified by the EtsysMultiAuthTypes textual convention.
etsysMultiAuthTypePropertiesTable A table of properties per authentication type.
etsysMultiAuthTypePropertiesEntry An entry containing per authentication type properties.
etsysMultiAuthType The authentication type the entry properties pertain to.
etsysMultiAuthSessionTimeout The maximum number of seconds an authenticated session may last before termination of the session. A value of zero indicates that no session timeout will be applied. This value MAY be superseded by a session timeout value provided by the authenticating server. For example, if a session is authenticated by a RADIUS server, that server may encode a Session-Timeout Attribute in its authentication response. The operational timeout value of a given authenticated session is specified by the etsysMultiAuthSessionSessionTimeout object.
etsysMultiAuthIdleTimeout The maximum number of consecutive seconds an authenticated session may be idle before termination of the session. A value of zero indicates that no idle timeout will be applied. This value MAY be superseded by a idle timeout value provided by the authenticating server. For example, if a session is authenticated by a RADIUS server, that server may encode a Idle-Timeout Attribute in its authentication response. The operational idle timeout value of a given authenticated session is specified by the etsysMultiAuthSessionIdleTimeout object.
etsysMultiAuthCurrentNumUsers The current number of users the are actively authenticated or have authentications in progress for this authentication type in the system.
etsysMultiAuthSystemMaxNumUsersReachedTrapEnable This object allows for the enabling or disabling the transmission of the etsysMultiAuthSystemMaxNumUsersReached NOTIFICATION.
etsysMultiAuthSessionsUniquePerPort

When this object is set to true(1) each multi-auth session MAY be unique to the port it was created on.

The operational status of this variable can be found using etsysMultiAuthSessionsUniquePerPortOperStatus.

etsysMultiAuthSessionsUniquePerPortOperStatus If this object has a value of true(1) each multi-auth session will be unique to the port it was created on. If this object has a value of false(2) each multi-auth session may exist on multiple ports.
etsysMultiAuthSystemReAuthenticationTimeoutAction

When this object is set to terminate(1) re-authenticating multiauth sessions will be terminated if the re-authentication RADIUS transaction results in a complete timeout.

When this object is set to none(2) re-authentication multiauth sessions will be left as they were prior to the re-authentication attempt if the re-authentication RADIUS transaction results in a complete timeout.

A complete timeout occurs when all RADIUS retries to all appropriate RADIUS servers have been exhausted.

Multiple Authentication Port Group etsysMultiAuthPortTable A table of per port information and configuration for user authentication.
-etsysMultiAuthPortEntry An entry containing per port authentication data. Only interfaces that are able to authenticate users are represented in this table.
etsysMultiAuthPortMode

This object specifies the authorization mode to use for packets received on this interface.

A value of forceUnauthorized(1) indicates that the interface is always unauthenticated.

A value of forceAuthorized(2) indicates that users on this port will always be considered to be authenticated.

A value of authOptional(3) indicates that authentication is optional on this interface. Packets received from unauthenticated users on the interface will be processed using the static configuration of the interface. Users may promote the policy applied to their traffic by actively authenticating on this interface.

A value of authRequired(4) indicates that all packets received on the interface will be dropped until authentication succeeds. Some authentication types, such as PWA, will not be fully functional in this mode of operation.

etsysMultiAuthPortMaxNumUsers The maximum number of users that can be actively authenticated or have authentications in progress at one time on this interface.
etsysMultiAuthPortNumUsersAllowed The user configured number of users that can be actively authenticated or have authentications in progress at one time on this interface. This object has a default value equal to the value of etsysMultiAuthPortMaxNumUsers for this interface. If the value set to this object is less than its current value, it will have the same effect as setting the etsysMultiAuthPortClearUsers object to a value of true(1).
etsysMultiAuthPortCurrentNumUsers The current number of users that are actively authenticated or have authentications in progress at one time on this interface. By definition this value can not exceed the value specified by etsysMultiAuthPortMaxNumUsers for the same interface.
etsysMultiAuthPortClearUsers

Setting this object to a value of true(1) will cause all users that are currently authenticated or that have authentications in progress on this interface to become unauthenticated. This will cause any such entries with matching ifIndex values in the etsysMultiAuthSessionStationTable tables to change their authorization status to authTerminated(5)

Setting this object to a value of false(2) has no effect. This object will always return a value of false(2).

etsysMultiAuthPortTrapEnable

This object allows for the enabling or disabling of each trap on a per interface basis. Setting a given bit to a value of 1 allows traps of that type to be sent for events on that interface. Setting a given bit to a value of 0 disallows traps of that type to be sent for events on that interface. The individual bits correlate to specific traps as follows:

BIT NOTIFICATION ---------------------------------------------------------------- authSuccessTrap(0) etsysMultiAuthSuccess authFailedTrap(1) etsysMultiAuthFailed authTerminatedTrap(2) etsysMultiAuthTerminated maxNumUsersReachedTrap(3) etsysMultiAuthMaxNumUsersReached

etsysMultiAuthPortTypeTable A table of per port, per authentication type information.
etsysMultiAuthPortTypeEntry An entry containing per port, per authentication type data. Only interfaces that are able to authenticate users are represented in this table.
etsysMultiAuthPortTypeCurrentNumUsers The current number of users the are actively authenticated or have authentications in progress for this authentication type on the specified port.
Multiple Authentication Station GroupMultiple Authentication Session Group etsysMultiAuthStationTable A table of station configuration on specific interfaces.
etsysMultiAuthStationEntry An entry containing authentication information on a per station, per port basis. Only interfaces that are able to authenticate users are represented in this table.
etsysMultiAuthStationAddrType The type of station represented by etsysMultiAuthStationAddr.
etsysMultiAuthStationAddr The station address for the authenticated user.
etsysMultiAuthStationClearUsers

Setting this object to a value of true(1) will cause any users with the specified station address that are currently authenticated or that have authentications in progress to become unauthenticated. This will cause any entries with matching etsysMultiAuthStationAddr values in the etsysMultiAuthSessionStationTable tables to change their authorization status to authTerminated(5).

Setting this object to a value of false(2) has no effect. This object will always return a value of false(2).

etsysMultiAuthSessionStationTable