-- *********************************************************************
-- CISCO-MAC-AUTH-BYPASS-MIB.my: MAC Authentication Bypass MIB
--
-- August 2007, Binh Le
--
-- Copyright (c) 2007-2008 by Cisco Systems Inc.
--
-- All rights reserved.
--
-- *******************************************************************CISCO-MAC-AUTH-BYPASS-MIB DEFINITIONS::=BEGINIMPORTSMODULE-IDENTITY,OBJECT-TYPEFROM SNMPv2-SMI
MODULE-COMPLIANCE,OBJECT-GROUPFROM SNMPv2-CONF
MacAddress,TruthValueFROM SNMPv2-TC
ifIndex
FROM IF-MIB
ciscoMgmt
FROM CISCO-SMI;ciscoMabMIB MODULE-IDENTITYLAST-UPDATED"200804180000Z"ORGANIZATION"Cisco Systems Inc."
CONTACT-INFO"Cisco Systems
Customer Service
Postal: 170 W Tasman Drive
San Jose, CA 95134
USA
Tel: +1 800 553 -NETS
E-mail: cs-ibns@cisco.com,
cs-lan-switch-snmp@cisco.com"DESCRIPTION"MIB module for monitoring and configuring MAC
Authentication Bypass (MAB) feature in the system.
MAC Auth Bypass feature provides controlled access
to devices based on their MAC addresses.
MAB allows non-dot1x compliant end devices controlled
access to network and also provides a replacement
technology for VLAN Management Policy Server (VMPS)
environments.
MAB is also an intergal part of the Network Access
Control (NAC) program which enables network access for
the clients and subsequently carry out a posture
assessment of these clients.
MAC Authentication Bypass feature provides a mechanism
that uses the MAC address of the connecting device to
grant or deny network access for it."REVISION"200804180000Z"DESCRIPTION"Initial version of this MIB module."::={ ciscoMgmt 654}cmabNotification OBJECTIDENTIFIER::={ ciscoMabMIB 0}cmabMIBObjects OBJECTIDENTIFIER::={ ciscoMabMIB 1}cmabMIBConformance OBJECTIDENTIFIER::={ ciscoMabMIB 2}cmabInterfaceConfig OBJECTIDENTIFIER
::={ cmabMIBObjects 1}cmabSession OBJECTIDENTIFIER::={ cmabMIBObjects 2}cmabIfConfigTable OBJECT-TYPESYNTAXSEQUENCEOF CmabIfConfigEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"A list of interfaces which supports MAC Authentication
Bypass."::={ cmabInterfaceConfig 1}cmabIfConfigEntry OBJECT-TYPESYNTAX CmabIfConfigEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Entry containing Mac Authentication Bypass configuration for
a particular interface."INDEX{ ifIndex }::={ cmabIfConfigTable 1}
CmabIfConfigEntry ::=SEQUENCE{
cmabIfAuthEnabled TruthValue,
cmabIfAuthMethod INTEGER}cmabIfAuthEnabled OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"Specifies if MAC Authentication Bypass feature is enabled on
the interface."::={ cmabIfConfigEntry 1}cmabIfAuthMethod OBJECT-TYPESYNTAXINTEGER{radius(1),eap(2)}MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"Specifies the authentication method used by
MAC Authentication Bypass.
radius(1) : communication with authentication server
is performed via RADIUS messages.
eap(2) : communication with authentication server
is performed via EAP messages."::={ cmabIfConfigEntry 2}cmabClientInfoTable OBJECT-TYPESYNTAXSEQUENCEOF CmabClientInfoEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"A list of active MAC Authentication Bypass clients
in the system.
An entry exists for each MAC Authentication Bypass
session in the system.
An entry is deleted if the MAC Authentication Bypass
session is removed from the system."::={ cmabSession 1}cmabClientInfoEntry OBJECT-TYPESYNTAX CmabClientInfoEntry
MAX-ACCESSnot-accessible
STATUScurrentDESCRIPTION"Entry containing management information of MAC
Authentication Bypass for a particular session."INDEX{
ifIndex,IMPLIED cmabClientSessionId
}::={ cmabClientInfoTable 1}
CmabClientInfoEntry ::=SEQUENCE{
cmabClientSessionId OCTETSTRING,
cmabClientMacAddress MacAddress,
cmabClientMabState INTEGER,
cmabClientAuthStatus INTEGER}cmabClientSessionId OBJECT-TYPESYNTAXOCTETSTRING(SIZE(1..64))MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"A unique identifier of the MAC Authentication Bypass session."::={ cmabClientInfoEntry 1}cmabClientMacAddress OBJECT-TYPESYNTAXMacAddressMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The MAC address of the MAB client."::={ cmabClientInfoEntry 2}cmabClientMabState OBJECT-TYPESYNTAXINTEGER{other(1),initialize(2),acquiring(3),authorizing(4),terminate(5)}MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"Indicates the session state of the MAB state machine
for the MAB client.
other : None of the below.
initialize : Initializing the authentication session.
acquiring : Acquiring client's MAC address for the
authentication process.
authorizing: Authorization is in progress.
terminate : Authorization is completed."::={ cmabClientInfoEntry 3}cmabClientAuthStatus OBJECT-TYPESYNTAXINTEGER{authorized(1),unauthorized(2)}MAX-ACCESSread-only
STATUScurrentDESCRIPTION"This object indicates whether the MAB client is authorized.
authorized : the session is authorized.
unauthorized: the session is not authorized."::={ cmabClientInfoEntry 4}-- ConformancecmabMIBCompliances OBJECTIDENTIFIER::={ cmabMIBConformance 1}cmabCompliance MODULE-COMPLIANCESTATUScurrentDESCRIPTION"The compliance statement for entities which implement
CISCO-MAB-MIB."MODULE-- this moduleMANDATORY-GROUPS{
cmabIfConfigGroup,
cmabClientInfoGroup
}OBJECT cmabIfAuthEnabled
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required."OBJECT cmabIfAuthMethod
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required."::={ cmabMIBCompliances 1}-- Units of ConformancecmabMIBGroups OBJECTIDENTIFIER::={ cmabMIBConformance 2}cmabIfConfigGroup OBJECT-GROUP
OBJECTS{
cmabIfAuthEnabled,
cmabIfAuthMethod
}STATUScurrentDESCRIPTION"A collection of objects that provides per interface
configuration of MAC Authentication Bypass feature."::={ cmabMIBGroups 1}cmabClientInfoGroup OBJECT-GROUPOBJECTS{
cmabClientMacAddress,
cmabClientMabState,
cmabClientAuthStatus
}STATUScurrentDESCRIPTION"A collection of objects that provides information of
MAC Authentication Bypass sessions in the devices."::={ cmabMIBGroups 2}END