ENTERASYS-ENCR-8021X-CONFIG-MIB DEFINITIONS ::= BEGIN -- enterasys-encr-8021x-config-mib.txt -- -- Part Number: -- -- -- This module provides authoritative definitions for Enterasys -- Networks' encrypted IEEE 802.1x configuration MIB. -- -- This module will be extended, as needed. -- Enterasys Networks reserves the right to make changes in this -- specification and other information contained in this document -- without prior notice. The reader should consult Enterasys Networks -- to determine whether any such changes have been made. -- -- In no event shall Enterasys Networks be liable for any incidental, -- indirect, special, or consequential damages whatsoever (including -- but not limited to lost profits) arising out of or related to this -- document or the information contained in it, even if Enterasys -- Networks has been advised of, known, or should have known, the -- possibility of such damages. -- -- Enterasys Networks grants vendors, end-users, and other interested -- parties a non-exclusive license to use this Specification in -- connection with the management of Enterasys Networks products. -- Copyright March, 2002 Enterasys Networks, Inc. IMPORTS MODULE-IDENTITY, OBJECT-TYPE FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF -- TruthValue -- FROM SNMPv2-TC -- PaeControlledDirections, -- PaeControlledPortStatus, PaeControlledPortControl -- FROM IEEE8021-PAE-MIB dot1xPaePortNumber FROM IEEE8021-PAE-MIB etsysDot1xAuthStationAddress FROM ENTERASYS-8021X-EXTENSIONS-MIB etsysModules FROM ENTERASYS-MIB-NAMES; etsysEncr8021xConfigMIB MODULE-IDENTITY LAST-UPDATED "200203142045Z" -- Thu Mar 14 20:45 GMT 2002 ORGANIZATION "Enterasys Networks, Inc" CONTACT-INFO "Postal: Enterasys Networks 35 Industrial Way, P.O. Box 5005 Rochester, NH 03867-0505 Phone: +1 603 332 9400 E-mail: support@enterasys.com WWW: http://www.enterasys.com" -- This is the overall description of this MIB module DESCRIPTION "The Enterasys Networks MIB module for configuring IEEE 802.1x implementations on SNMPv1-only platforms. This MIB includes encrypted variants of selected objects from the IEEE 802.1x MIB and the Enterasys 802.1x Extensions MIB. ------------------ N O T I C E Use of this MIB in any product requires the approval of the Office of the CTO, Enterasys Networks, Inc. Permission to use this MIB will not be granted for products in which SNMPv3 is now, or will soon be, implemented. Permission to use this MIB in products that are never scheduled to implement SNMPv3 will be granted on a case-by-case basis, depending on what other suitable, secure means of configuration are available in the product. ------------------ The following is a discussion of the encoding/decoding and encryption/decryption methods that must be used to extract data from an encrypted OCTET STRING. (These methods are the same as for the Enterasys Networks encrypted RADIUS Client MIB.) The encryption/decryption methods make use of an agreed-upon Secret and an Authenticator shared between the SNMP network management system and the entity that implements the MIB. The encryption/decryption algorithm, as presented herein, is taken from the RADIUS protocol, and is the method specified for encryption of Tunnel-Password Attributes in RFC 2868. To permit plug-and-play remote installation, configuration, and management of the device, the device will algorithmically derive the initial shared secret and the initial authenticator. For security reasons, the network manager should change the authenticator portion of the management encryption key after initial configuration. The methods available for doing this are implementation-specific and subject to change. All read-write and write-only access objects except the table index are encoded into fields in an OCTET STRING. Octet String Before encryption, a 'native' object must be encoded into a formatted Octet String. After decryption, the Octet String must be decoded to obtain the 'native' object. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Salt | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | String ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type The data type of the non-encrypted 'native' data: 1 = Integer32 2 = OCTET STRING Length The length in octets of the native object sub-field of the Octet String, exclusive of any optional padding. Note that the Integrity Check sub-fields (CRC, OID-tail, Time Stamp, Source IP Address) are not included in this length value, but since the IC sub-fields are always present and are of fixed length, there is no impediment to proper packet parsing. Salt The Salt field is two octets in length and is used to ensure the uniqueness of the encryption key used to encrypt each object. The most significant bit (leftmost) of the Salt field MUST be set (1). The contents of each Salt field in a given SNMP packet must be unique. String 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | CRC (4 bytes) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | OID-tail (4 bytes) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time Stamp (4 bytes) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source IP Address (4 bytes) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Object/Padding ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The plain-text String field consists of six logical sub-fields: the CRC, OID-tail, Time Stamp, Source IP address and native Object sub-fields (all of which are required), and the optional Padding sub-field. The String field MUST be treated as a counted-string of undistinguished octets, and not as a standard C/UNIX-style null-terminated, printable ASCII string. CRC Sub-field The CRC sub-field contains a 32-bit CRC (CRC-32) calculated over the following concatentated sub-fields of the String: the OID-tail, Time Stamp, Source IP Address and unpadded native Object fields. The CRC sub-field acts as an integrity check on the decrypted data. OID-tail Sub-field The OID-tail sub-field contains the least significant four octets of the Object ID of the varbind. This field is included as an integrity check on the OID of the varbind. Time Stamp Sub-field The Time Stamp sub-field contains a 32-bit unsigned integer value representing the time the encrypted message was assembled. This field acts as an integrity check by facilitating the disposal of stale or replayed messages. The time window of acceptance is implementation dependant, and may be the subject of local (i.e. managed entity) policy configuration. The Time Stamp is relative time, in units of seconds, referenced to the sysUpTime object of the managed entity. Source IP Address Sub-field The Source IP Address sub-field contains an unsigned 32-bit representation of the IPv4 address of the source of the encrypted message. This is an added check to allow verification of the source of the varbind. The CRC, OID-tail, Time Stamp, and Source IP Address sub-fields are collectively hereinafter refered to as the Integrity Check (IC) sub-fields. Object/Padding Sub-field Object The Object sub-field contains the actual or native object data followed by padding, if necessary. Padding If the combined length (in octets) of the non-encrypted CRC, OID-tail, Time Stamp, Source IP Address, and native Object sub-fields is not an even multiple of 16, then the Padding sub-field MUST be present. If it is present, the length of the Padding sub-field is variable, between 1 and 15 octets. The value of the pad octets SHOULD be zero. Encrypting/Decrypting the String Field The entire String field MUST be encrypted as follows, prior to transmission: Construct a plain-text version of the String field by concatenating the CRC, OID-tail, Time Stamp, Source IP address, and native Object sub-fields. If necessary, pad the resulting string until its length (in octets) is an even multiple of 16. It is recommended that zero octets (0x00) be used for padding. Call this plain-text P. Shared Secret The shared secret is formed from the MAC (hardware) address of the primary management interface of the managed device (containing the RADIUS Client). The MAC address is represented as up-cased, dashed-ASCII, e.g. 08-00-2B-11-22-33. Authenticator The 128-bit authenticator is a pre-defined constant. The default value of the authenticator is an Enterasys Networks trade secret. This value is settable and the user is advised to change it from the default value after initial configuration of the system. Contact the MIB author for additional information on the default value. Call the shared secret S, the [pseudo-random] 128-bit Authenticator R, and the contents of the Salt field A. Break P into 16 octet chunks p(1), p(2)...p(i), where i = len(P)/16. Call the cipher-text blocks c(1), c(2)...c(i) and the final cipher-text C. Intermediate values b(1), b(2)...c(i) are required. Encryption is performed in the following manner ('+' indicates concatenation): b(1) = MD5(S + R + A) c(1) = p(1) xor b(1) C = c(1) b(2) = MD5(S + c(1)) c(2) = p(2) xor b(2) C = C + c(2) . . . . . . b(i) = MD5(S + c(i-1)) c(i) = p(i) xor b(i) C = C + c(i) The resulting encrypted String field will contain c(1)+c(2)+...+c(i). On receipt, the process is reversed to yield the plain-text String." REVISION "200203142045Z" -- Thu Mar 14 20:45 GMT 2002 DESCRIPTION "The initial version of this MIB module." ::= { etsysModules 19 } etsysEncrDot1xConfigObjects OBJECT IDENTIFIER ::= { etsysEncr8021xConfigMIB 1 } -- ----------------------------------------------------------------- -- -- Textual Conventions -- ----------------------------------------------------------------- -- -- ----------------------------------------------------------------- -- -- Branches of the Enterasys Encrypted IEEE 802.1x Configuration MIB -- ----------------------------------------------------------------- -- -- Encrypted configuration objects for Authenticator PAEs. etsysEncrDot1xAuthConfigBranch OBJECT IDENTIFIER ::= { etsysEncrDot1xConfigObjects 1 } -- ----------------------------------------------------------------- -- -- The Encrypted Configuration Table for Port-Based PAEs -- ----------------------------------------------------------------- -- etsysEncrDot1xAuthPortConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysEncrDot1xAuthPortConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains encrypted configuration objects for ports that support Authenticator PAEs." ::= { etsysEncrDot1xAuthConfigBranch 1 } etsysEncrDot1xAuthPortConfigEntry OBJECT-TYPE SYNTAX EtsysEncrDot1xAuthPortConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each conceptual row holds configuration information for the Authenticator PAE(s) associated with one port." INDEX { dot1xPaePortNumber } ::= { etsysEncrDot1xAuthPortConfigTable 1 } EtsysEncrDot1xAuthPortConfigEntry ::= SEQUENCE { etsysEncrDot1xAuthAdminControlledDirections OCTET STRING, -- encrypted enumeration etsysEncrDot1xAuthControlledPortControl OCTET STRING, -- encrypted enumeration etsysEncrDot1xAuthQuietPeriod OCTET STRING, -- encrypted INTEGER etsysEncrDot1xAuthTxPeriod OCTET STRING, -- encrypted INTEGER etsysEncrDot1xAuthSuppTimeout OCTET STRING, -- encrypted INTEGER etsysEncrDot1xAuthServerTimeout OCTET STRING, -- encrypted INTEGER etsysEncrDot1xAuthMaxReq OCTET STRING, -- encrypted INTEGER etsysEncrDot1xAuthReAuthPeriod OCTET STRING, -- encrypted INTEGER etsysEncrDot1xAuthReAuthEnabled OCTET STRING, -- encrypted TruthValue etsysEncrDot1xAuthKeyTxEnabled OCTET STRING -- encrypted TruthValue } etsysEncrDot1xAuthAdminControlledDirections OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted enumeration MAX-ACCESS read-write STATUS current DESCRIPTION "An encrypted octet string containing The current value of the administrative controlled directions parameter for the Port. SYNTAX PaeControlledDirections The data type is 1, Integer32." REFERENCE "IEEE P802.1x Section 9.4.1, Admin Control Mode" ::= { etsysEncrDot1xAuthPortConfigEntry 1 } etsysEncrDot1xAuthControlledPortControl OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted enumeration MAX-ACCESS read-write STATUS current DESCRIPTION "An encrypted octet string containing The current value of the controlled Port control parameter for the Port. SYNTAX INTEGER { forceUnauthorized(1), auto(2), forceAuthorized(3) } The data type is 1, Integer32." REFERENCE "IEEE P802.1x Section 9.6.4.1, AuthControlledPortControl" ::= { etsysEncrDot1xAuthPortConfigEntry 2 } etsysEncrDot1xAuthQuietPeriod OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "An encrypted octet string containing The value, in seconds, of the quietPeriod constant currently in use by the Authenticator PAE state machine. Alternately, the default value (for ports that use station-based access control, and that therefore may support many virtual PAEs). The data type is 1, Integer32." REFERENCE "IEEE P802.1x Section 9.6.4.1, quietPeriod" -- DEFVAL { encrypt(60) } ::= { etsysEncrDot1xAuthPortConfigEntry 3 } etsysEncrDot1xAuthTxPeriod OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "An encrypted octet string containing The value, in seconds, of the txPeriod constant currently in use by the Authenticator PAE state machine. Alternately, the default value (for ports that use station-based access control, and that therefore may support many virtual PAEs). The data type is 1, Integer32." REFERENCE "IEEE P802.1x Section 9.6.4.1, txPeriod" -- DEFVAL { encrypt(30) } ::= { etsysEncrDot1xAuthPortConfigEntry 4 } etsysEncrDot1xAuthSuppTimeout OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "An encrypted octet string containing The value, in seconds, of the suppTimeout constant currently in use by the Backend Authentication state machine. Alternately, the default value (for ports that use station-based access control, and that therefore may support many virtual PAEs). The data type is 1, Integer32." REFERENCE "IEEE P802.1x Section 9.6.4.1, suppTimeout" -- DEFVAL { encrypt(30) } ::= { etsysEncrDot1xAuthPortConfigEntry 5 } etsysEncrDot1xAuthServerTimeout OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "An encrypted octet string containing The value, in seconds, of the serverTimeout constant currently in use by the Backend Authentication state machine. Alternately, the default value (for ports that use station-based access control, and that therefore may support many virtual PAEs). The data type is 1, Integer32." REFERENCE "IEEE P802.1x Section 9.6.4.1, serverTimeout" -- DEFVAL { encrypt(30) } ::= { etsysEncrDot1xAuthPortConfigEntry 6 } etsysEncrDot1xAuthMaxReq OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "An encrypted octet string containing The value of the maxReq constant currently in use by the Backend Authentication state machine. Alternately, the default value (for ports that use station-based access control, and that therefore may support many virtual PAEs). The data type is 1, Integer32." REFERENCE "IEEE P802.1x Section 9.6.4.1, maxReq" -- DEFVAL { encrypt(2) } ::= { etsysEncrDot1xAuthPortConfigEntry 7 } etsysEncrDot1xAuthReAuthPeriod OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "An encrypted octet string containing The value, in seconds, of the reAuthPeriod constant currently in use by the Reauthentication Timer state machine. Alternately, the default value (for ports that use station-based access control, and that therefore may support many virtual PAEs). The data type is 1, Integer32." REFERENCE "IEEE P802.1x Section 9.6.4.1, reAuthPeriod" -- DEFVAL { encrypt(60) } ::= { etsysEncrDot1xAuthPortConfigEntry 8 } etsysEncrDot1xAuthReAuthEnabled OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "An encrypted octet string containing The enable/disable control used by the Reauthentication Timer state machine (8.5.5.1). Alternately, the default value (for ports that use station-based access control, and that therefore may support many virtual PAEs). SYNTAX INTEGER { true(1), false(2) } The data type is 1, Integer32." REFERENCE "IEEE P802.1x Section 9.6.4.1, reAuthEnabled" -- DEFVAL { encrypt(false) } ::= { etsysEncrDot1xAuthPortConfigEntry 9 } etsysEncrDot1xAuthKeyTxEnabled OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "An encrypted octet string containing The value of the keyTransmissionEnabled constant currently in use by the Authenticator PAE state machine. Alternately, the default value (for ports that use station-based access control, and that therefore may support many virtual PAEs). SYNTAX INTEGER { true(1), false(2) } The data type is 1, Integer32." REFERENCE "IEEE P802.1x Section 9.6.4.1, keyTransmissionEnabled" -- DEFVAL { encrypt(false) } ::= { etsysEncrDot1xAuthPortConfigEntry 10 } -- ----------------------------------------------------------------- -- -- The Encrypted Initialization Table for Port-Based PAEs -- ----------------------------------------------------------------- -- etsysEncrDot1xAuthPortInitTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysEncrDot1xAuthPortInitEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains encrypted initialization objects for port-based Authenticator PAEs." ::= { etsysEncrDot1xAuthConfigBranch 2 } etsysEncrDot1xAuthPortInitEntry OBJECT-TYPE SYNTAX EtsysEncrDot1xAuthPortInitEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each conceptual row holds initialization objects for one port-based Authenticator PAE." INDEX { dot1xPaePortNumber } ::= { etsysEncrDot1xAuthPortInitTable 1 } EtsysEncrDot1xAuthPortInitEntry ::= SEQUENCE { etsysEncrDot1xAuthInitialize OCTET STRING, -- encrypted TruthValue etsysEncrDot1xAuthReauthenticate OCTET STRING -- encrypted TruthValue } etsysEncrDot1xAuthInitialize OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "An encrypted octet string containing The initialization control for this Port. Setting this attribute to TRUE causes the Port to be initialized. The attribute value reverts to FALSE once initialization has been completed. Setting this attribute to TRUE for a Port that uses station-based access control causes all of the virtual PAEs associated with the Port to be initialized. SYNTAX INTEGER { true(1), false(2) } The data type is 1, Integer32." REFERENCE "IEEE P802.1x Section 9.6.1.2, Initialize Port" ::= { etsysEncrDot1xAuthPortInitEntry 1 } etsysEncrDot1xAuthReauthenticate OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "An encrypted octet string containing The reauthentication control for this Port. Setting this attribute to TRUE causes the Authenticator PAE state machine for the Port to reauthenticate the Supplicant. Setting this attribute to FALSE has no effect. This attribute always returns FALSE when it is read. Setting this attribute to TRUE for a Port that uses station-based access control causes all of the virtual PAEs associated with the Port to reauthenticate their Supplicants. SYNTAX INTEGER { true(1), false(2) } The data type is 1, Integer32." REFERENCE "IEEE P802.1x Section 9.6.4.1.3 Reauthenticate" ::= { etsysEncrDot1xAuthPortInitEntry 2 } -- ----------------------------------------------------------------- -- -- The Encrypted Initialization Table for Station-Based PAEs -- ----------------------------------------------------------------- -- etsysEncrDot1xAuthStationInitTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysEncrDot1xAuthStationInitEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains encrypted configuration objects for station-based Authenticator PAEs." ::= { etsysEncrDot1xAuthConfigBranch 3 } etsysEncrDot1xAuthStationInitEntry OBJECT-TYPE SYNTAX EtsysEncrDot1xAuthStationInitEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Configuration objects for one station-based Authenticator PAE." INDEX { etsysDot1xAuthStationAddress } ::= { etsysEncrDot1xAuthStationInitTable 1 } EtsysEncrDot1xAuthStationInitEntry ::= SEQUENCE { etsysEncrDot1xAuthStationInitialize OCTET STRING, -- encrypted TruthValue etsysEncrDot1xAuthStationReauthenticate OCTET STRING -- encrypted TruthValue } etsysEncrDot1xAuthStationInitialize OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "An encrypted octet string containing The initialization control for this Authenticator PAE. Setting this attribute to TRUE causes the PAE to be initialized. The attribute value reverts to FALSE once initialization has completed. SYNTAX INTEGER { true(1), false(2) } The data type is 1, Integer32." REFERENCE "IEEE P802.1x Section 9.6.1.2, Initialize Port" ::= { etsysEncrDot1xAuthStationInitEntry 1 } etsysEncrDot1xAuthStationReauthenticate OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..255)) -- encrypted TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "An encrypted octet string containing The reauthentication control for this Authenticator PAE. Setting this attribute to TRUE causes the Authenticator PAE state machine to reauthenticate the Supplicant. Setting this attribute FALSE has no effect. This attribute always returns FALSE when it is read. SYNTAX INTEGER { true(1), false(2) } The data type is 1, Integer32." REFERENCE "IEEE P802.1x Section 9.4.1.3 Reauthenticate" ::= { etsysEncrDot1xAuthStationInitEntry 2 } -- ---------------------------------------------------------- -- -- Enterasys 802.1X Configuration MIB - Conformance Information -- ---------------------------------------------------------- -- etsysEncrDot1xConfigConformance OBJECT IDENTIFIER ::= { etsysEncr8021xConfigMIB 2 } etsysEncrDot1xConfigGroups OBJECT IDENTIFIER ::= { etsysEncrDot1xConfigConformance 1 } etsysEncrDot1xConfigCompliances OBJECT IDENTIFIER ::= { etsysEncrDot1xConfigConformance 2 } -- ---------------------------------------------------------- -- -- Units of conformance -- ---------------------------------------------------------- -- etsysEncrDot1xAuthConfigGroup OBJECT-GROUP OBJECTS { etsysEncrDot1xAuthAdminControlledDirections, etsysEncrDot1xAuthControlledPortControl, etsysEncrDot1xAuthQuietPeriod, etsysEncrDot1xAuthTxPeriod, etsysEncrDot1xAuthSuppTimeout, etsysEncrDot1xAuthServerTimeout, etsysEncrDot1xAuthMaxReq, etsysEncrDot1xAuthReAuthPeriod, etsysEncrDot1xAuthReAuthEnabled, etsysEncrDot1xAuthKeyTxEnabled } STATUS current DESCRIPTION "A collection of objects for configuring IEEE 802.1x authentication at the port level. Objects belonging to this group typically have durable values." ::= { etsysEncrDot1xConfigGroups 1 } etsysEncrDot1xAuthInitGroup OBJECT-GROUP OBJECTS { etsysEncrDot1xAuthInitialize, etsysEncrDot1xAuthReauthenticate, etsysEncrDot1xAuthStationInitialize, etsysEncrDot1xAuthStationReauthenticate } STATUS current DESCRIPTION "A collection of objects for making Authenticator PAEs initialize and reauthenticate Supplicants. Writes to objects in this group trigger actions, rather than changes to durable configuration values." ::= { etsysEncrDot1xConfigGroups 2 } -- ---------------------------------------------------------- -- -- Compliance statements -- ---------------------------------------------------------- -- etsysEncrDot1xConfigCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for devices that support the Enterasys encrypted IEEE 802.1x configuration MIB." MODULE MANDATORY-GROUPS { etsysEncrDot1xAuthConfigGroup } OBJECT etsysEncrDot1xAuthAdminControlledDirections MIN-ACCESS read-only DESCRIPTION "Support for encrypt(in(1)) is optional." OBJECT etsysEncrDot1xAuthKeyTxEnabled MIN-ACCESS read-only DESCRIPTION "An Authenticator PAE that does not support EAPOL-Key frames may implement this object as read-only, returning a value of encrypt(FALSE)." GROUP etsysEncrDot1xAuthInitGroup DESCRIPTION "This group is optional." ::= { etsysEncrDot1xConfigCompliances 1 } END