ENTERASYS-MAC-AUTHENTICATION-MIB

The following tables, groups, and variables are supported in this MIB.

Table/Group Supported Variables Comments
etsysMACAuthenticationSystemGroup etsysMACAuthenticationSystemEnable When enabled(1), all objects in this MIB are fully active. When disabled(2), this object overrides all other object settings in this MIB without affecting their values.
etsysMACAuthenticationMACUserPassword This is the string to be used as a password credential when authenticating a MAC address when etsysMACAuthenticationMode is set to sharedSecret(1).
etsysMACAuthenticationPortUserNameSignificantBits This object represents the number of significant bits in the MAC addresses to be used starting with the left-most bit of the vendor portion of the MAC address. The significant portion of the MAC address is sent as a user-name credential when the primary attempt to authenticate the full MAC address fails. Any other failure to authenticate the full address, (i.e. authentication server timeout) causes the the next attempt to start once again with a full MAC authentication."
etsysMACAuthenticationMode

This object is used to determine the type of password credential to use when authenticating a MAC address.

password(1) - Attempt to authenticate a user with the password credential provided by etsysMACAuthenticationMACUserPassword.

radiusUsername(2) - Attempt to authenticate a user with a password credential that is the same as their radius username credential.

etsysMACAuthenticationSystemAccountEnable

When enabled(1), RADIUS accounting start, interim and stop frames are sent to the configured RADIUS server(s).

When disabled(2), accounting packets are not sent to the RADIUS server.

etsysMACAuthenticationSystemUserNameCase

"When LOWER(1), the user-name credential is the MAC address formatted as xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx or xxxxxxxxxxxx. When set to UPPER(2), the user-name credential is the MAC address formatted as XX:XX:XX:XX:XX:XX or XX-XX-XX-XX-XX-XX or XXXXXXXXXXXX." DEFVAL { upper } ::= { etsysMACAuthenticationSystem 7 } etsysMACAuthenticationSystemGroup4 OBJECT-GROUP

MAX-ACCESS read-write.

etsysMACAuthenticationPortConfigGroup etsysMACAuthenticationPortConfigTable A table containing configuration objects for each MAC authentication port. The configuration for each port in this table must be non-volatile.
etsysMACAuthenticationPortConfigEntry Each conceptual row provides control over all of the initial values used by each authenticated MAC on this port. Subsequent changes to rows in this table, except where noted, have no effect on existing MACs authenticated on this port.
etsysMACAuthenticationPort This is the InterfaceIndex associated with this row.
etsysMACAuthenticationPortInitialize When set to true(1), the MAC authentication logic on this port is initialized, forcibly ending all MAC authentication sessions currently in existence on this port. A set with the value false(2) has no affect and a read always returns false.
etsysMACAuthenticationPortReauthenticate When set to true(1), the MAC authentication entity on this port is required to immediately verify all currently authenticated MACs on this port. This requires that each MAC address be authenticated with the authentication server through the local authentication client or some other authentication mechanism. Each supplicant remains authenticated pending the outcome.
etsysMACAuthenticationPortEnable When set to enabled(1), a platform dependent triggering mechanism initiates an authentication exchange using a MAC address for authentication credentials. When disabled(2), authentication attempts are disabled and all currently authenticated MAC sessions or those in the process of authentication on this port are terminated.
etsysMACAuthenticationPortQuietPeriod Unsupported object.
etsysMACAuthenticationPortReauthPeriod The value, in seconds, between attempts to re-authenticate any current MAC authenticated on this port.
etsysMACAuthenticationPortReauthEnabled If enabled(1), then every etsysMACAuthenticationReauthPeriod the switch attempts to validate all currently authenticated MACs on this port. When set to disabled(2) all current re-authentications in progress are allowed to complete and the requisite actions are taken. When set to disabled(2), no further re-authentications are attempted.
etsysMACAuthenticationAuthenticationsAllowed The maximum number of concurrent authentications supported on this port on this module. The default value of this object is platform and resource dependent.
etsysMACAuthenticationAuthenticationsAllocated The maximum number of MAC authentications permitted on this port on this module. This value must be non-zero and be less than or equal to the value of etsysMACAuthenticationAuthenticationsAllowed. Setting this object to a value less than the current number of authenticated MACs on this port prevents further authentications, but has no affect on the current sessions.
etsysMACAuthenticationLastFailedAuthCause The string will be formatted with 'XX-XX-XX-XX-XX-XX: TIME&DATE: Textual failure reason'; where XX-XX-XX-XX-XX-XX is the MAC address and TIME&DATE is the time (hh/mm/ss) and date (mm/dd/yyyy) of the failure. It is also only best effort; as there could be multiple failures per port and the agent may query this at any random time.
etsysMACAuthenticationMACConfigGroup etsysMACAuthenticationMACConfigTable A table containing configuration objects for each MAC authenticated on a port. Each row in this table is created dynamically when a MAC authenticates on a port.
etsysMACAuthenticationMACConfigEntry Each conceptual row inherits it's initial information from the row in the etsysMACAuthenticationPortConfigTable corresponding to the correct port. Each row represents an authenticated MAC.
etsysMACAuthenticationMACAddress This is the MAC address that was authenticated on this port.
etsysMACAuthenticationSupplicantPort This is the InterfaceIndex associated with this rows authenticated MAC.
etsysMACAuthenticationMACInitialize

When set to true(1), this MAC session terminates causing the corresponding row in this table and in the etsysMACAuthenticationSessionTable to be removed.

Setting this object to false(2) has no effect on the system. Reads of this object always return false(2).

etsysMACAuthenticationMACReauthenticate

When set to true(1), this MAC authentication session on this port is required to immediately verify it's credentials. This requires that each MAC address be authenticated with the authentication server through the local authentication client or some other authentication mechanism.

Setting this object to false(2) has no effect on the system. Reads of this object always return false(2).

etsysMACAuthenticationMACReauthPeriod The value, in seconds, between attempts to re-authenticate the MAC associated with this row.
etsysMACAuthenticationMACReauthEnabled If enabled(1), then every etsysMACAuthenticationReauthPeriod the switch attempts to validate all currently authenticated MACs on this port. If disabled(2), reauthentication is not attempted.
etsysMACAuthenticationSessionGroup etsysMACAuthenticationSessionTable A table containing configuration objects for each MAC authentication on a port. The successful completion of an authentication causes the creation of a new row in this table. When a MAC becomes unauthenticated because of a link-down, a management change, or system re-initialization, then the corresponding row is removed from this table.
etsysMACAuthenticationSessionEntry Each conceptual row inherits it's initial information from the row in the etsysMACAuthenticationPortConfigTable corresponding to the correct port. Each row represents an authenticated MAC.
etsysMACAuthenticationSessionPort This is the InterfaceIndex associated with the authenticated MACs session.
etsysMACAuthenticationDuration The value, in seconds, which have elapsed since the start of this session.