Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.1-02/xxxr0 Submission July 10, 2002 David Nelson, Enterasys NetworksSlide 1 Extensions to 802.1X MIB Problem statement Recommended solution.

Similar presentations


Presentation on theme: "Doc.: IEEE 802.1-02/xxxr0 Submission July 10, 2002 David Nelson, Enterasys NetworksSlide 1 Extensions to 802.1X MIB Problem statement Recommended solution."— Presentation transcript:

1 doc.: IEEE 802.1-02/xxxr0 Submission July 10, 2002 David Nelson, Enterasys NetworksSlide 1 Extensions to 802.1X MIB Problem statement Recommended solution MIB text included in a separate submission document Call to action

2 doc.: IEEE 802.1-02/xxxr0 Submission July 10, 2002 David Nelson, Enterasys NetworksSlide 2 Extensions to 802.1X MIB The tables having bearing on the supplicant are indexed by dot1XPaePortNumber which is an InterfaceIndex value This is practical for 802.3 wired switches but less so for 802.11 access points Typically ifNumber is static or pseudo-static To keep track of the virtual PAE ports in an 802.11 WLAN, it is desirable to have tables indexed by station address

3 doc.: IEEE 802.1-02/xxxr0 Submission July 10, 2002 David Nelson, Enterasys NetworksSlide 3 Extensions to 802.1X MIB Create a extensions MIB with separate tables for station based (i.e. virtual port based) information Index these tables by station address (i.e. MAC address) New conditionally mandatory groups to include: –dot1xAuthStationGroup –dot1xAuthConfigGroup –dot1xAuthStatsGroup –dot1xAuthDiagGroup –dot1xAuthSessionStatsGroup

4 doc.: IEEE 802.1-02/xxxr0 Submission July 10, 2002 David Nelson, Enterasys NetworksSlide 4 Extensions to 802.1X MIB dot1xAuthStationGroup OBJECT-GROUP OBJECTS { edot1xAuthStationPaePort, dot1xAuthStationPaeState, dot1xAuthStationBackendAuthState, dot1xAuthStationUserName } STATUS current DESCRIPTION "A collection of objects providing basic status information about Authenticator PAEs running on ports that use station- based access control." ::= { dot1xGroups 1 }

5 doc.: IEEE 802.1-02/xxxr0 Submission July 10, 2002 David Nelson, Enterasys NetworksSlide 5 Extensions to 802.1X MIB dot1xAuthConfigGroup OBJECT-GROUP OBJECTS { dot1xAuthInitialize, Note: objects in red have MAX-ACCESS of read-write. dot1xAuthReauthenticate, dot1xAuthAdminControlledDirections, dot1xAuthOperControlledDirections, dot1xAuthAuthControlledPortStatus, dot1xAuthAuthControlledPortControl, dot1xAuthQuietPeriod, dot1xAuthTxPeriod, dot1xAuthSuppTimeout, dot1xAuthServerTimeout, dot1xAuthMaxReq, dot1xAuthReAuthPeriod, dot1xAuthReAuthEnabled, dot1xAuthKeyTxEnabled } STATUS current DESCRIPTION "A collection of objects providing configuration information about Authenticator PAEs running on ports that use station- based access control." ::= { dot1xGroups 2 }

6 doc.: IEEE 802.1-02/xxxr0 Submission July 10, 2002 David Nelson, Enterasys NetworksSlide 6 Extensions to 802.1X MIB dot1xAuthStatsGroup OBJECT-GROUP OBJECTS { dot1xAuthEapolFramesRx, dot1xAuthEapolFramesTx, dot1xAuthEapolStartFramesRx, dot1xAuthEapolLogoffFramesRx, dot1xAuthEapolRespIdFramesRx, dot1xAuthEapolRespFramesRx, dot1xAuthEapolReqIdFramesTx, dot1xAuthEapolReqFramesTx, dot1xAuthInvalidEapolFramesRx, dot1xAuthEapLengthErrorFramesRx, dot1xAuthLastEapolFrameVersion, dot1xAuthLastEapolFrameSource } STATUS current DESCRIPTION "A collection of objects providing statistics about Authenticator PAEs running on ports that use station- based access control." ::= { dot1xGroups 3 }

7 doc.: IEEE 802.1-02/xxxr0 Submission July 10, 2002 David Nelson, Enterasys NetworksSlide 7 Extensions to 802.1X MIB dot1xAuthDiagGroup OBJECT-GROUP OBJECTS { dot1xAuthEntersConnecting, dot1xAuthEapLogoffsWhileConnecting, dot1xAuthEntersAuthenticating, dot1xAuthAuthSuccessWhileAuthenticating, dot1xAuthAuthTimeoutsWhileAuthenticating, dot1xAuthAuthFailWhileAuthenticating, dot1xAuthAuthReauthsWhileAuthenticating, dot1xAuthAuthEapStartsWhileAuthenticating, dot1xAuthAuthEapLogoffWhileAuthenticating, dot1xAuthAuthReauthsWhileAuthenticated, dot1xAuthAuthEapStartsWhileAuthenticated, dot1xAuthAuthEapLogoffWhileAuthenticated, dot1xAuthBackendResponses, dot1xAuthBackendAccessChallenges, dot1xAuthBackendOtherRequestsToSupplicant, dot1xAuthBackendNonNakResponsesFromSupplicant, dot1xAuthBackendAuthSuccesses, dot1xAuthBackendAuthFails } STATUS current DESCRIPTION "A collection of objects providing diagnostic statistics about Authenticator PAEs running on ports that use station- based access control." ::= { dot1xGroups 4 }

8 doc.: IEEE 802.1-02/xxxr0 Submission July 10, 2002 David Nelson, Enterasys NetworksSlide 8 Extensions to 802.1X MIB dot1xAuthSessionStatsGroup OBJECT-GROUP OBJECTS { dot1xAuthSessionOctetsRx, dot1xAuthSessionOctetsTx, dot1xAuthSessionFramesRx, dot1xAuthSessionFramesTx, dot1xAuthSessionId, dot1xAuthSessionAuthenticMethod, dot1xAuthSessionTime, dot1xAuthSessionTerminateCause } STATUS current DESCRIPTION "A collection of objects providing statistics about the current or last sessions for Authenticator PAEs running on ports that use station-based access control." ::= { dot1xGroups 5 }

9 doc.: IEEE 802.1-02/xxxr0 Submission July 10, 2002 David Nelson, Enterasys NetworksSlide 9 Extensions to 802.1X MIB Call to action Is this an architecturally acceptable approach? Can this MIB Extension be considered for inclusion in the next draft of 802.1aa?


Download ppt "Doc.: IEEE 802.1-02/xxxr0 Submission July 10, 2002 David Nelson, Enterasys NetworksSlide 1 Extensions to 802.1X MIB Problem statement Recommended solution."

Similar presentations


Ads by Google