You are here: > Technical documentation > SNMP > MIB > Enterasys Networks > ENTERASYS-8021X-REKEYING-MIB
ActiveXperts Network Monitor 2019##AdminFavorites

ENTERASYS-8021X-REKEYING-MIB by vendor Enterasys Networks


The SNMP protocol is used to for conveying information and commands between agents and managing entities. SNMP uses the User Datagram Protocol (UDP) as the transport protocol for passing data between managers and agents. The reasons for using UDP for SNMP are, firstly it has low overheads in comparison to TCP, which uses a 3-way hand shake for connection. Secondly, in congested networks, SNMP over TCP is a bad idea because TCP in order to maintain reliability will flood the network with retransmissions.

Management information (MIB) is represented as a collection of managed objects. These objects together form a virtual information base called MIB. An agent may implement many MIBs, but all agents must implement a particular MIB called MIB-II [16]. This standard defines variables for things such as interface statistics (interface speeds, MTU, octets sent, octets received, etc.) as well as various other things pertaining to the system itself (system location, system contact, etc.). The main goal of MIB-II is to provide general TCP/IP management information.

Use ActiveXperts Network Monitor 2019 to import vendor-specific MIB files, inclusing ENTERASYS-8021X-REKEYING-MIB.

Vendor: Enterasys Networks
Mib: ENTERASYS-8021X-REKEYING-MIB  [download]  [view objects]
Tool: ActiveXperts Network Monitor 2019 [download]    (ships with advanced SNMP/MIB tools)

--  enterasys-8021x-rekeying-mib.txt
--  Part Number: <TBD>

--  This module provides authoritative definitions for Enterasys 
--  Networks' IEEE 802.1x rapid rekeying MIB.

--  This module will be extended, as needed.

--  Enterasys Networks reserves the right to make changes in this
--  specification and other information contained in this document
--  without prior notice.  The reader should consult Enterasys Networks
--  to determine whether any such changes have been made.
--  In no event shall Enterasys Networks be liable for any incidental,
--  indirect, special, or consequential damages whatsoever (including
--  but not limited to lost profits) arising out of or related to this
--  document or the information contained in it, even if Enterasys
--  Networks has been advised of, known, or should have known, the
--  possibility of such damages.
--  Enterasys Networks grants vendors, end-users, and other interested
--  parties a non-exclusive license to use this Specification in 
--  connection with the management of Enterasys Networks products.

--  Copyright February, 2002 Enterasys Networks, Inc.

        FROM SNMPv2-SMI
        FROM SNMPv2-TC
        FROM SNMPv2-CONF
        FROM IEEE8021-PAE-MIB

etsys8021xRekeyingMIB MODULE-IDENTITY
    LAST-UPDATED "200203072006Z"  -- Thu Mar  7 20:06 GMT 2002
    ORGANIZATION "Enterasys Networks, Inc"
        "Postal: Enterasys Networks
                 35 Industrial Way, P.O. Box 5005
                 Rochester, NH 03867-0505

         Phone:  +1 603 332 9400

        "This MIB module defines a portion of the SNMP enterprise
         MIBs under Enterasys Networks' enterprise OID pertaining to 
         IEEE 802.1x authentication.

         This MIB is designed to supplement and be used in connection
         with the standard IEEE 802.1x MIB.

         It provides configuration controls for Enterasys Networks'
         rapid rekeying feature -- a feature that enhances wireless
         LAN security by changing the network's radio keys on a
         regular basis."

    REVISION "200203072006Z"  -- Thu Mar  7 20:06 GMT 2002
        "The initial version of this MIB module."

    ::= { etsysModules 17 }

        OBJECT IDENTIFIER ::= { etsys8021xRekeyingMIB 1 }

-- ---------------------------------------------------------- --
-- Textual Conventions
-- ---------------------------------------------------------- --

-- ---------------------------------------------------------- --
-- Branches of the Enterasys IEEE 802.1x Rapid Rekeying MIB
-- ---------------------------------------------------------- --

        OBJECT IDENTIFIER ::= { etsysDot1xRekeyingObjects 1 }

-- ---------------------------------------------------------- --
-- The Rapid Rekeying Configuration Table
-- ---------------------------------------------------------- --

etsysDot1xRekeyConfigTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF EtsysDot1xRekeyConfigEntry
    MAX-ACCESS    not-accessible
    STATUS        current
        "A table that contains encryption-key-related configuration
         objects for ports on which Authenticator PAEs can run."
    ::= { etsysDot1xRekeyBaseBranch 1 }

etsysDot1xRekeyConfigEntry OBJECT-TYPE
    SYNTAX        EtsysDot1xRekeyConfigEntry
    MAX-ACCESS    not-accessible
    STATUS        current
        "Each conceptual row holds encryption key configuration
         information for the Authenticator PAEs associated with one
    INDEX { dot1xPaePortNumber }
    ::= { etsysDot1xRekeyConfigTable 1 }

EtsysDot1xRekeyConfigEntry ::=
               etsysDot1xRekeyEnabled           TruthValue,
               etsysDot1xRekeyPeriod            Unsigned32,
               etsysDot1xRekeyLength            INTEGER,
               etsysDot1xRekeyAsymmetric        TruthValue

etsysDot1xRekeyEnabled OBJECT-TYPE
    SYNTAX        TruthValue
    MAX-ACCESS    read-write
    STATUS        current
            "Determines how an access point selects radio encryption

             If the selected port/Authenticator PAE does not support
             the EAPOL-Key feature (e.g., because radio keys are not
             applicable to Ethernet ports), this object's value will
             be FALSE and attempts to write TRUE will fail.

             Normally, if radio keys are present, the manager enters
             them into the access point through some manual process.
             The manager or the users may also need to configure the
             keys into each laptop (access points can distribute the
             keys automatically to 802.1x EAP-TLS clients).  However
             laptops get keys, the keys remain static until somebody
             goes to the trouble of changing them.  If the keys stay
             unchanged for long periods, this can make it easier for
             a determined attacker to launch a cryptographic attack.

             When rapid rekeying is enabled, an access point ignores
             its manually-set keys.  It generates pseudo-random keys
             on a periodic basis, using IEEE 802.1x key distribution
             to deliver the keys to new and current clients.

             Do not enable rapid rekeying unless ALL of your clients
             support IEEE 802.1x and an authentication method (e.g.,
             EAP-TLS) that supports key distribution.

             Before enabling rapid rekeying, make sure that you have
             set 'dot1xAuthKeyTxEnabled' to TRUE.  Changing the keys
             without telling any of the clients about the changes is
             not a very useful mode of operation."
    DEFVAL { false }
    ::= { etsysDot1xRekeyConfigEntry 1 }

etsysDot1xRekeyPeriod OBJECT-TYPE
    SYNTAX        Unsigned32
    MAX-ACCESS    read-write
    STATUS        current
               "When rapid rekeying (periodic changing of radio keys) is
                enabled, the value of this object determines the period,
                in seconds, between key changes."
    DEFVAL { 1800 }
    ::= { etsysDot1xRekeyConfigEntry 2 }

etsysDot1xRekeyLength OBJECT-TYPE
    SYNTAX INTEGER {  keylen40 (1),   keylen128 (2) }
    MAX-ACCESS    read-write
    STATUS        current
                "Determines the number of bits/bytes used in the
                 encryption keys.  Currently supports either 128-bit
                 (16-octet) encryption keys or 40-bit (5-octet)
                 encryption keys."
    DEFVAL { keylen128 }
    ::= { etsysDot1xRekeyConfigEntry 3 }

etsysDot1xRekeyAsymmetric OBJECT-TYPE
    SYNTAX        TruthValue
    MAX-ACCESS    read-write
    STATUS        current
                "Determines the association between the supplicant and
                 authenticator transmit keys.

                 If true(1), the authenticator and supplicant will use
                 different encryption keys in order to transmit data.

                 If false(2), the authenticator and supplicant will use
                 a single key pattern to encrypt the transmitted data."
    DEFVAL { true }
    ::= { etsysDot1xRekeyConfigEntry 4 }

-- ---------------------------------------------------------- --
-- Enterasys 802.1X Rekeying MIB - Conformance Information
-- ---------------------------------------------------------- --

    OBJECT IDENTIFIER ::= { etsys8021xRekeyingMIB 2 }

    OBJECT IDENTIFIER ::= { etsysDot1xRekeyingConformance 1 }

    OBJECT IDENTIFIER ::= { etsysDot1xRekeyingConformance 2 }

-- ---------------------------------------------------------- --
-- Units of conformance
-- ---------------------------------------------------------- --

etsysDot1xRekeyingBaseGroup OBJECT-GROUP
    STATUS current
            "A collection of objects providing rekeying configuration
             information about a port on which Authenticator PAEs can
    ::= { etsysDot1xRekeyingGroups 1 }

-- ---------------------------------------------------------- --
-- Compliance statements
-- ---------------------------------------------------------- --

etsysDot1xRekeyingCompliance MODULE-COMPLIANCE
    STATUS current
            "The compliance statement for devices that support the
             Enterasys IEEE 802.1x extensions MIB."


    MANDATORY-GROUPS { etsysDot1xRekeyingBaseGroup }

    OBJECT         etsysDot1xRekeyEnabled
    MIN-ACCESS     read-only
    DESCRIPTION    "Write access is not required."

    OBJECT         etsysDot1xRekeyPeriod
    MIN-ACCESS     read-only
    DESCRIPTION    "Write access is not required."

    OBJECT         etsysDot1xRekeyLength
    MIN-ACCESS     read-only
    DESCRIPTION    "Write access is not required.  Depending upon
                   product capabilities (and export restrictions,
                   if applicable), some systems may not implement
                   all key lengths."

    OBJECT         etsysDot1xRekeyAsymmetric
    MIN-ACCESS     read-only
    DESCRIPTION    "Write access is not required."

::= { etsysDot1xRekeyingCompliances 1 }