BAY-STACK-EAPOL-EXTENSION-MIB: View SNMP OID List / Download MIB

BayStack EAPOL Extension MIB Copyright 2003-2010 Avaya All rights reserved. This Avaya SNMP Management Information Base Specification (Specification) embodies Avaya's confidential and proprietary intellectual property. Avaya retains all title and ownership in the Specification, including any revisions. This Specification is supplied 'AS IS,' and Avaya makes no warranty, either express or implied, as to the use, operation, condition, or performance of the Specification.

This object indicates whether EAPOL User-based policies are enabled or disabled.

This object specifies the ID of the global default guest VLAN. This VLAN is used for ports which do not have a configured guest VLAN. Access to the guest VLAN is allowed for MAC addresses before EAP authentication has been performed. However, if the value of bseeGuestVlanEnabled is false(2), then access to the guest VLAN is not allowed for ports that do not have a configured guest VLAN.

This object specifies the ID of the remediation VLAN. If EAP authentication fails for a port, MAC addresses on that port are restricted to access only the remediation VLAN. However, if the value of bseeRemediationVlanEnabled is false(2), then access is not allowed at all for a port when EAP authentication fails.

This object specifies the global maximum number of EAP authenticated MAC addresses allowed.

This object specifies the global maximum number of non-EAP authenticated MAC addresses allowed.

This object specifies whether access to the global default guest VLAN is allowed.

This object specifies whether access to the remediation VLAN is allowed.

This object controls whether non-EAP clients (MAC addresses) are allowed. This is the system-wide setting. The associated per-port setting (bseePortConfigMultiHostAllowNonEapClient) must also be true for non-EAP clients to be allowed on a particular port.

This object controls whether non-EAP clients (MAC addresses) may be authenticated using RADIUS. This is the system-wide setting. The associated per-port setting (bseePortConfigMultiHostRadiusAuthNonEapClient) must also be true for non-EAP clients to be authenticated using RADIUS on a particular port.

This object controls whether non-EAP clients (MAC addresses) may be automatically authenticated on a port after an EAP client has been authenticated (known as MHSA). This is the system-wide setting. The associated per-port setting must also be true for non-EAP clients to be authenticated in this way.

This object indicates whether the EAPOL User-based policy filters that are installed on ports will be dynamically modified to include the MAC address for which the filters are installed.

This object indicates whether non-EAPOL User-based policies are enabled or disabled.

This object indicates whether the non-EAPOL User-based policy filters that are installed on ports will be dynamically modified to include the MAC address for which the filters are installed.

This object controls the format of the RADIUS password attribute that is included in requests to the RADIUS server for authenticating non-EAP clients (MAC addresses). If the ipAddr(0) bit is set, the password attribute will contain the switch's IP address encoded as a string of four 3-digit 0-padded integers. For example, the encoding for the IP address 47.80.225.1 would be '047080225001'. If the macAddr(1) bit is set, the password attribute will contain the MAC address to be authenticated as a string of six 2-digit hex numbers. For example, the MAC address 00:08:01:0a:33:34 would be encoded as '0008010a3334'. If the portNumber(2) bit is set, the password attribute will contain the port number on which the MAC address was seen, encoded as a string of two 2-digit 0-padded integers. The first integer is the unit/slot number, and the second number is the port number on that unit/slot. For a standalone stackable unit, the unit/slot number will be 0. For example, the encoding for unit/port 1/23 would be '0123', and the encoding for port 7 on a standalone stackable unit would be '0007'. If the key(3) bit is set, the password attribute will contain a custom configured string of up to 32 characters in length. If padding(4) bit is set, the password will contain dots even if fields in the password are blank. For instance, IP and Key will be represented as IP...Key. If the bit is not set, there will be dots only to separate fields. IP and Key will be IP.Key, while IP, Mac, Port or Key alone will be as they are, with no dots. The fields in the password attribute will appear in the order of the bits defined in this object, i.e., IP addr, followed by MAC addr, followed by port number, and finally by the key. Fields are separated by a '.' character. The separators are present regardless of whether a field is present if padding is used. So, for example, if all four fields are present, the password attribute might contain: 047080225001.0008010a3334.0123.ERS4000isGreat If none of the three fields are present, the password attribute will be '...' with padding used, or '' with no padding. Bits: 'padding': 4, 'portNumber': 2, 'macAddr': 1, 'ipAddr': 0, 'key': 3.

This object indicates whether IP phones will be allowed access based on DHCP.

This object indicates whether to allow the use of RADIUS-assigned VLANs in multihost-eap mode.

This object indicates whether to use unicast or multicast packets for Eap-ReqId packets. Normally, multicast packets are used. Enumeration: 'unicast': 2, 'multicast': 1.

This object indicates whether or not to fail authentication of EAP users on a RADIUS timeout. Enumeration: 'fail': 1, 'doNotFail': 2.

This object indicates whether to allow the use of RADIUS-assigned VLANs in multihost-eap mode for non-EAP clients.

This object controls whether processing of EAP protocol packets is enabled.

Controls whether to use most recent RADIUS-assigned VLAN.

This object specifies the ID of the global fail-over Vlan.

This object specifies whether to use the fail-over Vlan.

This object specifies whether to use the multi-VLAN functionality with MHMA mode.

This object specifies whether to use 'NEAP re-authentication' feature

This object specifies whether to block authentication of clients which have an associated RADIUS assigned VLAN with an invalid value or different from first client authenticated on the same port

This object specifies whether to send or not dummy RADIUS requests for NEAP users authenticated as ADAC NEAP

This object specifies whether EAP enabled ports can be involved in port mirroring

This object specifies whether the authentication of Non-EAP phones using ADAC is allowed.

This object specifies whether to use the fail-over Vlan continuity mode.

This command specifies a custom string to be put in the password used to authenticate Non-EAP clients via RADIUS server.

This object specifies whether to use the Fail Open VLAN Disable EAP Mode.

The oper state of EAP when ports are in Fail Open VLAN Disable EAP Mode. Enumeration: 'disabled': 2, 'enabled': 1.

This object specifies whether to default all global EAP settings.

This object specifies the port list on which is applied the configuration.

This object specifies the action that is going to be made on the indicated port. At retrieval, the value is always none(1). Enumeration: 'apply': 2, 'none': 1.

This object specifies the action result on the indicated port Enumeration: 'failed': 3, 'inProgress': 2, 'passed': 1.

This table is used to control the EAP multihost configuration for each port in the system.

The EAP multihost configuration for a port.

The Port number associated with this Port.

This object specifies the ID of the guest VLAN for this port. Access to the guest VLAN is allowed for MAC addresses before EAP authentication has been performed. If the value of this object is 0, then the global guest VLAN ID is used for this port, as specified in bseeGuestVlanId. However, if the value of the associated instance of bseePortConfigGuestVlanEnabled is false(2), then access to the guest VLAN is not allowed for the port, regardless of the value of bseePortConfigGuestVlanId.

This object controls whether EAP multihost is enabled for a port.

This object specifies the maximum number of EAP-authentication MAC addresses allowed on this port. A value of 0 indicates that there is no port-specific limit.

This object controls whether non-EAP clients (MAC addresses) are allowed on the port.

This object controls the source for finding allowed non-EAP MAC addresses. Enumeration: 'autoLearn': 1, 'userConfig': 2, 'radius': 3.

This object specifies the maximum number of non-EAP authenticated MAC addresses allowed on this port.

This object controls whether access to the guest VLAN is allowed for a port.

This object controls whether non-EAP clients (MAC addresses) may authenticated using RADIUS on the port.

This object controls whether non-EAP clients (MAC addresses) may be automatically authenticated on the port after an EAP client has been authenticated (known as MHSA).

This object indicates whether IP phones will be allowed access based on DHCP.

This object indicates whether to allow the use of RADIUS-assigned VLANs in multihost-eap mode.

This object indicates whether to use unicast or multicast packets for Eap-ReqId packets. Normally, multicast packets are used. Enumeration: 'unicast': 2, 'multicast': 1.

This object indicates whether or not to fail authentication of EAP users on a RADIUS timeout. Enumeration: 'fail': 1, 'doNotFail': 2.

This object indicates whether to allow the use of RADIUS-assigned VLANs in multihost-eap mode for non-EAP clients.

This object indicates whether to process any RADIUS requests-server packets that are received on this port.

This object controls whether EAP protocol packets are processed on this port.

Controls whether to use most recent RADIUS-assigned VLAN.

Setting this object will clear NEAP authenticated clients from the authentication list. If the value is set to 00:00:00:00:00:00, all clients will be cleared from this port. Otherwise, only a specific client will be cleared.

Controls whether to block authentication of clients which have an associated RADIUS assigned VLAN with an invalid value or different from first client authenticated on the same port.

This object specifies whether the authentication of Non-EAP phones using ADAC is allowed on this port.

This object specifies whether to default all EAP settings on this port.

This object specifies the maximum number of EAP and NEAP clients allowed on this port.

This object specifies if we limit the number of non-eap clients on a port authenticated in MHSA.

This object specifies the ID of the fail-open VLAN for this port in the following format: -1 : Port PVID is used as Fail Open VLAN 0 : the global fail-open VLAN ID is used for this port, as specified in bseeMultiHostFailOpenVlanId. 1-4094 : range of values used for fail-open VLAN ID on this port However, if the value of the associated instance of bseePortConfigFailOpenVlanEnabled is false(2), then access to the fail-open VLAN is not allowed for the port, regardless of the value of bseePortConfigFailOpenVlanId.

This object controls whether fail-open is enabled for a port.

This object represents the UBP filter name of the fail-open policy

This table provides the EAP authentication status per-MAC address per-port.

The status of EAP authentication of clients for a port.

The Port number associated with this client.

The MAC address of the client.

The current value of the Authenticator PAE state machine. Enumeration: 'aborting': 6, 'authenticated': 5, 'disconnected': 2, 'forceAuth': 8, 'forceUnauth': 9, 'held': 7, 'connecting': 3, 'initialize': 1, 'authenticating': 4.

The current state of the Backend Authentication state machine. Enumeration: 'success': 3, 'request': 1, 'initialize': 7, 'idle': 6, 'timeout': 5, 'fail': 4, 'response': 2.

Setting this object to reauthenticate(2) will force the client to be reauthenticated. When retrieved, the value of this object is always other(1). Enumeration: 'other': 1, 'reauthenticate': 2.

The Vlan ID associated with this client for MultiVlan capabilities. If MultiVlan is not enabled for this client, the value of this object will be 4095.

The Vlan priority value associated with this client for MultiVlan capabilities. If MultiVlan is not enabled for this client, the value of this object will be 8.

The EAP vlan:isid bindings. Vlan is represented on 2 bytes. Isid is represented on 4 bytes. The output OctetString would be a continuous hexadecimal representation of VLAN followed by corresponding ISID. Example: Length(bytes): |--2--|--4--|--2--|--4--|--2--|--4--|---2--|---4--| OctetString: VLAN0 ISID0 VLAN1 ISID1 ... ... VLAN15 ISID15 . There are no spaces between VLANx and ISIDx.

A table that contains the session statistics objects for the Authenticator PAE associated with each EAP client on each Port. An entry appears in this table for each client MAC address on each port that may authenticate access to itself.

The session statistics information for an Authenticator PAE. This shows the current values being collected for each session that is still in progress, or the final values for the last valid session for each client where there is no session currently active. This is similar to the dot1xAuthSessionStatsTable, except that it provides information per-port-per-MAC, rather than just per-port.

The Port number associated with this client.

The MAC address of this client.

A unique identifier for the session, in the form of a printable ASCII string of at least three characters.

The authentication method used to establish the session. Enumeration: 'localAuthServer': 2, 'remoteAuthServer': 1.

The duration of the session in seconds.

The reason for the session termination. Enumeration: 'supplicantRestart': 3, 'notTerminatedYet': 999, 'portAdminDisabled': 7, 'portReInit': 6, 'supplicantLogoff': 1, 'portFailure': 2, 'reauthFailed': 4, 'authControlForceUnauth': 5.

The User-Name representing the identity of the Supplicant PAE.

A table that contains the non-EAP MAC addresses that are allowed access to EAP-enabled interfaces.

An allowed non-EAP MAC address.

The Port number on which the MAC address is allowed.

The MAC address allowed on the port.

This is used to control creation/deletion of entries in this table.

This table provides the authentication status of non-EAP clients per-MAC address per-port.

The status of authentication of a non-EAP client for a port.

The Port number associated with this client.

The MAC address of the client.

The authentication status. Values are: rejected(1) - the MAC address could not be authenticated on this port locallyAuthenticated(2) - the MAC address was authenticated using the local table of allowed clients radiusPending(3) - the MAC address is awaiting authentication by a RADIUS server radiusAuthenticated(4) - the MAC address was authenticated by a RADIUS server adacAuthenticated(5) - the MAC address was authenticated using ADAC configuration tables mhsaAuthenticated(6) - the MAC address was auto-authenticated on a port following a successful authentication of an EAP client lldpAuthenticated(7) - the MAC address was authenticated using the LLDP mechanism Enumeration: 'adacAuthenticated': 5, 'lldpAuthenticated': 7, 'locallyAuthenticated': 2, 'radiusAuthenticated': 4, 'rejected': 1, 'mhsaAuthenticated': 6, 'radiusPending': 3.

Setting this object to reauthenticate(2) will force the MAC address to be reauthenticated. When retrieved, the value of this object is always other(1). Enumeration: 'other': 1, 'reauthenticate': 2.

The Vlan ID associated with this client for MultiVlan capabilities. If MultiVlan is not enabled for this client, the value of this object will be 4095.

The Vlan priority value associated with this client for MultiVlan capabilities. If MultiVlan is not enabled for this client, the value of this object will be 8.

The NEAP vlan:isid bindings. Vlan is represented on 2 bytes. Isid is represented on 4 bytes. The output OctetString would be a continuous hexadecimal representation of VLAN followed by corresponding ISID. Example: Length(bytes): |--2--|--4--|--2--|--4--|--2--|--4--|---2--|---4--| OctetString: VLAN0 ISID0 VLAN1 ISID1 ... ... VLAN15 ISID15 . There are no spaces between VLANx and ISIDx.

Indicates whether supplicant functionality is enabled or disabled. A value of true(1) means enabled.

A table that contains the user name and password for the Supplicant PAE associated with each port. An entry appears in this table for each port that may authenticate itself when challenged by a remote system.

The configuration information for a Supplicant PAE.

A unique value for each interface. Its value ranges between 1 and the value of ifNumber. The value for each interface must remain constant at least from one re-initialization of the entity's network management system to the next re- initialization.

The user name currently in use by the Supplicant PAE state machine.

The password currently in use by the Supplicant PAE state machine.

Input the user state to logoff. Enumeration: 'active': 2, 'inactive': 1, 'logoff': 3.

A table that contains EAP VoIP Vlan settings.

The configuration information for an EAP VoIP Vlan.

A unique identifier for each entry.

This object specifies the Vlan ID of the VoIP Vlan.

This object specifies whether to use this VoIP Vlan.

This table provides the list of DHCP authenticated IP phones per-MAC address per-port.

The DHCP authenticated IP phone for a port.

The port number associated with the DHCP authenticated IP phone.

The MAC address of the DHCP authenticated IP phone.

The user name currently in use by the DHCP authenticated IP phone.