You are here:

MonitorTools.com > Technical documentation > SNMP > MIB > Cisco > CISCO-PAE-MIB
ActiveXperts Network Monitor 2019##AdminFavorites

CISCO-PAE-MIB by vendor Cisco

CISCO-PAE-MIB file content

The SNMP protocol is used to for conveying information and commands between agents and managing entities. SNMP uses the User Datagram Protocol (UDP) as the transport protocol for passing data between managers and agents. The reasons for using UDP for SNMP are, firstly it has low overheads in comparison to TCP, which uses a 3-way hand shake for connection. Secondly, in congested networks, SNMP over TCP is a bad idea because TCP in order to maintain reliability will flood the network with retransmissions.

Management information (MIB) is represented as a collection of managed objects. These objects together form a virtual information base called MIB. An agent may implement many MIBs, but all agents must implement a particular MIB called MIB-II [16]. This standard defines variables for things such as interface statistics (interface speeds, MTU, octets sent, octets received, etc.) as well as various other things pertaining to the system itself (system location, system contact, etc.). The main goal of MIB-II is to provide general TCP/IP management information.

Use ActiveXperts Network Monitor 2019 to import vendor-specific MIB files, inclusing CISCO-PAE-MIB.


Vendor: Cisco
Mib: CISCO-PAE-MIB  [download]  [view objects]
Tool: ActiveXperts Network Monitor 2019 [download]    (ships with advanced SNMP/MIB tools)
-- *****************************************************************
-- CISCO-PAE-MIB: CISCO private MIB for IEEE 801.1x
--
-- September 2001, Binh P Le
--
-- Copyright (c) 2001, 2002, 2003, 2004 by cisco Systems, Inc.
-- All rights reserved.
-- *****************************************************************
CISCO-PAE-MIB DEFINITIONS ::= BEGIN

IMPORTS 
    OBJECT-TYPE,
    MODULE-IDENTITY, Unsigned32
        FROM SNMPv2-SMI

    TruthValue
        FROM SNMPv2-TC

    MODULE-COMPLIANCE,
    OBJECT-GROUP
        FROM SNMPv2-CONF

    SnmpAdminString
        FROM SNMP-FRAMEWORK-MIB

    InetAddressType, InetAddress
        FROM INET-ADDRESS-MIB

    dot1xPaePortEntry
        FROM IEEE8021-PAE-MIB

    InterfaceIndex
        FROM IF-MIB

    VlanIndex 
        FROM CISCO-VTP-MIB

    ciscoMgmt
        FROM CISCO-SMI;
    
ciscoPaeMIB MODULE-IDENTITY
    LAST-UPDATED "200404230000Z" 
    ORGANIZATION "Cisco System, Inc."
    CONTACT-INFO 
            "         Cisco Systems
                      Customer Service

              Postal: 170 W Tasman Drive
                      San Jose, CA  95134
                      USA

                 Tel: +1 800 553-NETS

        E-mail: cs-wbu@cisco.com,  cs-lan-switch-snmp@cisco.com"
    DESCRIPTION 
        "Cisco Port Access Entity (PAE) module for managing 
        IEEE Std 802.1x.

        This MIB provides Port Access Entity information that are 
        either excluded by IEEE Std 802.1x (IEEE8021-PAE-MIB) or
        specific to Cisco products."

    REVISION    "200404230000Z"
    DESCRIPTION
        "Modified the DESCRIPTION clauses of cpaeGuestVlanNumber
         and cpaeGuestVlanId."
                   
    REVISION    "200404010000Z"
    DESCRIPTION
        "Added support of 
                  cpaeUserGroupTable,
                  cpaeRadiusAccountingEnabled."

    REVISION    "200304080000Z"
    DESCRIPTION
        "Add cpaeGuestVlanNumber and cpaeInGuestVlan for per-interface
         Guest Vlan feature;
         Add cpaeShutdownTimeout and cpaeShutdownTimeoutEnabled for 
         shutdown timeout feature.
         Deprecate cpaeGuestVlanId."

    REVISION    "200210160000Z"
    DESCRIPTION
        "Add SNMP support for the Multiple Authentication and
         and Guest Vlan features.
         
         The objects cpaeMultipleHost has been deprecated, and 
         cpaePortMode has been added to cpaePortTable to support
         for Multiple Authentication feature. The object 
         cpaeGuestVlanId has been added to support for Guest Vlan
         feature."


    REVISION    "200105241016Z"
    DESCRIPTION
        "Initial version of this MIB module."

    ::= {ciscoMgmt 220}

cpaeMIBNotification OBJECT IDENTIFIER ::= {ciscoPaeMIB 0}
cpaeMIBObject OBJECT IDENTIFIER ::= {ciscoPaeMIB 1}

cpaePortTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF CpaePortEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A table of system level information for each port
        supported by the Port Access Entity.  An entry 
        appears in this table for each PAE port of this system.
        This table contains additional objects for the
        dot1xPaePortTable."
    REFERENCE
        "IEEE 802.1x Subclause 9.6.1"
    ::= {cpaeMIBObject 1}

cpaePortEntry OBJECT-TYPE
    SYNTAX        CpaePortEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION    
        "An entry containing additional management information
        applicable to a particular PAE port."
    AUGMENTS    {dot1xPaePortEntry}
    ::= {cpaePortTable 1}


CpaePortEntry ::= SEQUENCE {
    cpaeMultipleHost          TruthValue,
    cpaePortMode              INTEGER,
    cpaeGuestVlanNumber       VlanIndex,
    cpaeInGuestVlan           TruthValue,
    cpaeShutdownTimeoutEnabled  TruthValue
}

cpaeMultipleHost OBJECT-TYPE
    SYNTAX        TruthValue
    MAX-ACCESS    read-write
    STATUS        deprecated
    DESCRIPTION
        "Specifies whether the port allows multiple-host connection
        or not."
    ::= {cpaePortEntry 1}

cpaePortMode OBJECT-TYPE
    SYNTAX        INTEGER {
                     singleHost(1),
                     multiHost(2),
                     multiAuth(3)
                  }
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "Specifies the current mode of dot1x operation on the port.
            - singleHost(1): port allows one host to connect and
                 authenticate.
            - multiHost(2) : port allows multiple hosts to connect.
                 Once a host is authenticated, all remaining hosts
                 are also authorized.
            - multiAuth(3) : port allows multiple hosts to connect
                 and each host is authenticated.

         If the port security feature is enabled on the interface, the
         configuration of the port security (such as the number of the 
         hosts allowed, the security violation action, etc)will apply 
         to the interface."
    ::= {cpaePortEntry 2}

cpaeGuestVlanNumber OBJECT-TYPE
    SYNTAX       VlanIndex
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
        "Specifies the Guest Vlan of the interface. An interface will 
         be moved to its Guest Vlan if its access is unsucessfully
         authenticated. A value of zero indicates no Guest Vlan
         configured for the interface."
    ::= {cpaePortEntry 3}


cpaeInGuestVlan OBJECT-TYPE
    SYNTAX       TruthValue
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "Indicates whether the interface is in its Guest Vlan or
         not."
    ::= {cpaePortEntry 4}

cpaeShutdownTimeoutEnabled OBJECT-TYPE
    SYNTAX       TruthValue
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
        "Specifies whether shutdown timeout feature is enabled on the
         interface."
    ::= {cpaePortEntry 5}

cpaeGuestVlanId OBJECT-TYPE
    SYNTAX       VlanIndex
    MAX-ACCESS   read-write
    STATUS       deprecated
    DESCRIPTION
        "Specifies the Guest Vlan of the system. An interface will 
         be moved to Guest Vlan if its access is unsuccessfully
         authenticated. A value of zero indicates no Guest Vlan
         configured in the system.

         If the platform supports per-port guest Vlan ID configuration,
         this object is not instantiated."
    ::= {cpaeMIBObject 2}

cpaeShutdownTimeout OBJECT-TYPE
    SYNTAX       Unsigned32 (0..65535)
    UNITS        "seconds"
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
        "Specifies the shutdown timeout interval to enable the interface
         automatically in case it is shutdown due to security violation.

         If the value of this object is 0, the interfaces shutdown due
         to the security violation will not be enabled automatically. 

         The value of this object is applicable to the interface only
         when cpaeShutdownTimeoutEnabled is 'true', and port security 
         feature is disabled on the interface." 
    ::= {cpaeMIBObject 3}

cpaeRadiusAccountingEnabled OBJECT-TYPE
    SYNTAX        TruthValue
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "Specifies if RADIUS accounting is enabled for 802.1x on
         this devices."
    ::= { cpaeMIBObject 4 }

cpaeUserGroupTable OBJECT-TYPE
    SYNTAX         SEQUENCE OF CpaeUserGroupEntry
    MAX-ACCESS     not-accessible
    STATUS         current
    DESCRIPTION
        "A table of Group Manager and authenticated users information
         on the device."
    ::= { cpaeMIBObject 5 }

cpaeUserGroupEntry OBJECT-TYPE
    SYNTAX         CpaeUserGroupEntry
    MAX-ACCESS     not-accessible
    STATUS         current
    DESCRIPTION
        "Information about an 802.1x authenticated user on the
         devices."
    INDEX { cpaeUserGroupName, cpaeUserGroupUserIndex }
    ::= { cpaeUserGroupTable 1 }

CpaeUserGroupEntry ::= SEQUENCE {
    cpaeUserGroupName           SnmpAdminString,
    cpaeUserGroupUserIndex      Unsigned32,
    cpaeUserGroupUserName       SnmpAdminString,
    cpaeUserGroupUserAddrType   InetAddressType,
    cpaeUserGroupUserAddr       InetAddress,
    cpaeUserGroupUserInterface  InterfaceIndex,
    cpaeUserGroupUserVlan       VlanIndex
}

cpaeUserGroupName OBJECT-TYPE
    SYNTAX        SnmpAdminString
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "Specifies the name of the group that the user belongs to."
    ::= { cpaeUserGroupEntry 1 }

cpaeUserGroupUserIndex OBJECT-TYPE
    SYNTAX        Unsigned32
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "The index of an user within a group."
    ::= { cpaeUserGroupEntry 2 }

cpaeUserGroupUserName OBJECT-TYPE
    SYNTAX        SnmpAdminString
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "Specifies the name of the user authenticated on a port of
         the device."
    ::= { cpaeUserGroupEntry 3 }

cpaeUserGroupUserAddrType OBJECT-TYPE
    SYNTAX        InetAddressType
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "Specifies the type of address used to determine the address
         of the user."
    ::= { cpaeUserGroupEntry 4 }

cpaeUserGroupUserAddr OBJECT-TYPE
    SYNTAX        InetAddress
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "Specifies the address of the host that the user logging 
         from."
    ::= { cpaeUserGroupEntry 5 }

cpaeUserGroupUserInterface OBJECT-TYPE
    SYNTAX        InterfaceIndex
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "Specifies the interface index that the user is authenticated
         on."
    ::= { cpaeUserGroupEntry 6 }

cpaeUserGroupUserVlan OBJECT-TYPE
    SYNTAX        VlanIndex
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "Specifies the vlan that the user belongs to."
    ::= { cpaeUserGroupEntry 7 }


------------------------------------------
-- Conformance Information
------------------------------------------
cpaeMIBConformance OBJECT IDENTIFIER ::= {ciscoPaeMIB 2}
cpaeMIBCompliances OBJECT IDENTIFIER ::= {cpaeMIBConformance 1}
cpaeMIBGroups OBJECT IDENTIFIER ::= {cpaeMIBConformance 2}

-- Conformance 

cpaeCompliance MODULE-COMPLIANCE
    STATUS     deprecated
    DESCRIPTION
        "The compliance statement."
    MODULE
        MANDATORY-GROUPS {
            cpaeMultipleHostGroup
        }
    ::= {cpaeMIBCompliances 1}

cpaeCompliance2 MODULE-COMPLIANCE
    STATUS     deprecated
    DESCRIPTION
        "The compliance statement for devices that implement
         the CISCO-PAE-MIB."
    MODULE
        MANDATORY-GROUPS {
            cpaePortEntryGroup
        }

    GROUP    cpaeGuestVlanGroup
    DESCRIPTION
        "This group is mandatory in devices running software
         which supports Guest Vlan feature."

    ::= {cpaeMIBCompliances 2}

cpaeCompliance3 MODULE-COMPLIANCE
    STATUS    deprecated
    DESCRIPTION
        "The compliance statement for devices that implement
         the CISCO-PAE-MIB."
    MODULE
        MANDATORY-GROUPS {
            cpaePortEntryGroup
        }

    GROUP    cpaeGuestVlanGroup2
    DESCRIPTION
        "This group is mandatory in devices running software
         which supports per-interface Guest Vlan feature."

    GROUP    cpaeShutdownTimeoutGroup
    DESCRIPTION
        "This group is mandatory in devices running software
         which support Shutdown Timeout feature."

    ::= { cpaeMIBCompliances 3 }

cpaeCompliance4 MODULE-COMPLIANCE
    STATUS    current
    DESCRIPTION
        "The compliance statement for devices that implement
         the CISCO-PAE-MIB."
    MODULE
        MANDATORY-GROUPS {
            cpaePortEntryGroup
        }

    GROUP    cpaeGuestVlanGroup2
    DESCRIPTION
        "This group is mandatory in devices running software
         which supports per-interface Guest Vlan feature."

    GROUP    cpaeShutdownTimeoutGroup
    DESCRIPTION
        "This group is mandatory in devices running software
         which support Shutdown Timeout feature."

    GROUP    cpaeRadiusConfigGroup
    DESCRIPTION
        "This group is mandatory in devices running software
         which support RADIUS configuration for 802.1x feature."

    GROUP    cpaeUserGroupGroup
    DESCRIPTION
        "This group is mandatory in devices running software
         which support Group Manager for 802.1x feature."

    ::= { cpaeMIBCompliances 4 }
-- Units of Conformance

cpaeMultipleHostGroup    OBJECT-GROUP
    OBJECTS {
        cpaeMultipleHost
    }
    STATUS    deprecated
    DESCRIPTION    
        "A collection of objects that provide the multiple 
        host configuration information for a PAE port.  
        These are additional to the IEEE Std 802.1x PAE MIB."
    ::= {cpaeMIBGroups 1}

cpaePortEntryGroup OBJECT-GROUP
    OBJECTS {
        cpaePortMode
    }
    STATUS    current
    DESCRIPTION
        "A collection of objects that provides the port-mode
         configuration for a PAE port."
    ::= {cpaeMIBGroups 2}

cpaeGuestVlanGroup       OBJECT-GROUP
    OBJECTS {
        cpaeGuestVlanId
    }
    STATUS    deprecated
    DESCRIPTION
        "A collection of objects that provides the Guest Vlan
         configuration information for the system."
    ::= {cpaeMIBGroups 3}

cpaeGuestVlanGroup2       OBJECT-GROUP
    OBJECTS {
        cpaeGuestVlanNumber,
        cpaeInGuestVlan
    }
    STATUS    current
    DESCRIPTION
        "A collection of objects that provides the per-interface
         Guest Vlan configuration information for the system."
    ::= {cpaeMIBGroups 4}

cpaeShutdownTimeoutGroup    OBJECT-GROUP
    OBJECTS {
        cpaeShutdownTimeout,
        cpaeShutdownTimeoutEnabled 
    }
    STATUS    current
    DESCRIPTION
        "A collection of objects that provides the dot1x shutdown
         timeout configuration information for the system."
    ::= {cpaeMIBGroups 5}

cpaeRadiusConfigGroup OBJECT-GROUP
    OBJECTS {
         cpaeRadiusAccountingEnabled
    }
    STATUS    current
    DESCRIPTION
        "A collection of objects that provides the RADIUS
         configuration information for the system."
    ::= { cpaeMIBGroups 6 }

cpaeUserGroupGroup OBJECT-GROUP
    OBJECTS {
        cpaeUserGroupUserName,
        cpaeUserGroupUserAddrType,
        cpaeUserGroupUserAddr,
        cpaeUserGroupUserInterface,
        cpaeUserGroupUserVlan
    }
    STATUS    current
    DESCRIPTION
        "A collection of objects that provides the group manager
         information of authenticated users in the system."
    ::= { cpaeMIBGroups 7 }
END