draft-ietf-bridge-8021x-01.txt   draft-ietf-bridge-8021x-02.txt 
Bridge Working Group K.C. Norseth Bridge Working Group K.C. Norseth
INTERNET-DRAFT L-3 Communications INTERNET-DRAFT L-3 Communications
July 2003
Expires August 2003 Expires August 2003
Definitions for Port Access Control (IEEE 802.1X) MIB Definitions for Port Access Control (IEEE 802.1X) MIB
draft-ietf-bridge-8021x-01.txt draft-ietf-bridge-8021x-02.txt
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is subject to all provisions
all provisions of Section 10 of RFC2026. of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as other groups may also distribute working documents as Internet-
Internet-Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved. Copyright (C) The Internet Society (2003). All Rights Reserved.
IESG Note IESG Note
This document is not the product of an IETF Working Group. The IETF This document is not the product of an IETF Working Group. The IETF
currently has no effort underway to standardize the Port Access currently has no effort underway to standardize the Port Access
Control (IEEE 802.1X) MIB Control (IEEE 802.1X) MIB
skipping to change at page 2, line 14 skipping to change at page 2, line 15
authorization process fails. authorization process fails.
This standard is part of a family of standards for local and This standard is part of a family of standards for local and
metropolitan area networks. metropolitan area networks.
This draft is written within the IEEE 802.1X working group and is This draft is written within the IEEE 802.1X working group and is
being presented to the IETF for informational purposes. being presented to the IETF for informational purposes.
Table of Contents Table of Contents
1. Introduction 2 1. Introduction ............................................. 2
2. Overview 3 2. Overview ................................................. 3
2.1. Scope 4 2.1. Scope .................................................... 4
3. Structure of MIB 4 3. Structure of MIB ......................................... 4
3.1 Relationship to the managed objects defined in IEEE 802.1X 4 3.1 Relationship to the managed objects defined in IEEE 802.1X 4
3.2 The PAE System Group 6 3.2 The PAE System Group ..................................... 6
3.3 The PAE Authenticator Group 6 3.3 The PAE Authenticator Group .............................. 6
3.4 The PAE Supplicant Group 6 3.4 The PAE Supplicant Group ................................. 6
3.5 Relationship to other MIBs 6 3.5 Relationship to other MIBs ............................... 6
3.6 Relationship to the Interfaces MIB 6 3.6 Relationship to the Interfaces MIB ....................... 6
4 Definitions for the 802.1X-MIB 7 4 Definitions for the 802.1X-MIB ........................... 7
5. Intellectual Property 37 5. Intellectual Property .................................... 38
6. Acknowledgements 38 6. Acknowledgements ......................................... 38
7. References 38 7. Normative References ..................................... 38
7.1 Normative References 38 8. Informative References ................................... 39
7.2 Informative References 39 9. Security Considerations .................................. 40
8. Security Considerations 40 10. Author's Address ......................................... 41
9. Author's Address 40 11. Change Log ............................................... 41
A. Change Log 40 12. Full Copyright Statement ................................. 41
B. Full Copyright Statement 41
1. Introduction 1. Introduction
The SNMP Management Framework The SNMP Management Framework
The SNMP Management Framework presently consists of five major The SNMP Management Framework presently consists of five major
components: components:
o An overall architecture, described in RFC 2571 [RFC2571]. o An overall architecture, described in RFC 2571 [RFC2571].
skipping to change at page 7, line 56 skipping to change at page 8, line 5
FROM SNMP-FRAMEWORK-MIB FROM SNMP-FRAMEWORK-MIB
InterfaceIndex InterfaceIndex
FROM IF-MIB FROM IF-MIB
; ;
ieee8021paeMIB MODULE-IDENTITY ieee8021paeMIB MODULE-IDENTITY
LAST-UPDATED "200101160000Z" LAST-UPDATED "200101160000Z"
ORGANIZATION "IEEE 802.1 Working Group" ORGANIZATION "IEEE 802.1 Working Group"
CONTACT-INFO CONTACT-INFO
"http://grouper.ieee.org/groups/802/1/index.html" "http://grouper.ieee.org/groups/802/1/index.html"
ORGANIZATION "IETF Bridge MIB Working Group"
CONTACT-INFO
"Email: Bridge-mib@ietf.org"
K.C. Norseth
L-3 Communications
Tel: +1 801-594-2809
Email: kenyon.c.norseth@L-3com.com
Postal: 640 N. 2200 West.
Salt Lake City, Utah 84116-0850
Send comments to <bridge-mib@ietf.org>
DESCRIPTION DESCRIPTION
"The Port Access Entity module for managing IEEE "The Port Access Entity module for managing IEEE
802.1X." 802.1X."
"Copyright (C) The Internet Society (2003). This version of
this MIB module is part of RFC xxxx; see the RFC itself for
full legal notices."
-- ::= { iso(1) std(0) iso8802(8802) ieee802dot1(1) -- ::= { iso(1) std(0) iso8802(8802) ieee802dot1(1)
-- ieee802dot1mibs(1) 1 } -- ieee802dot1mibs(1) 1 }
::= { iso std(0) iso8802(8802) ieee802dot1(1) ieee802dot1mibs(1) 1 } ::= { iso std(0) iso8802(8802) ieee802dot1(1) ieee802dot1mibs(1) 1 }
paeMIBObjects OBJECT IDENTIFIER ::= { ieee8021paeMIB 1 } paeMIBObjects OBJECT IDENTIFIER ::= { ieee8021paeMIB 1 }
-- ---------------------------------------------------------- -- -- ---------------------------------------------------------- --
-- Textual Conventions -- Textual Conventions
-- ---------------------------------------------------------- -- -- ---------------------------------------------------------- --
skipping to change at page 38, line 28 skipping to change at page 38, line 47
6. Acknowledgements 6. Acknowledgements
This document was reproduced by the IETF Bridge MIB Working Group This document was reproduced by the IETF Bridge MIB Working Group
from the IEEE Std 802.1X-2001 IEEE Standard for Local and from the IEEE Std 802.1X-2001 IEEE Standard for Local and
metropolitan area networks Port-Based Network Access Control. metropolitan area networks Port-Based Network Access Control.
A Special thanks to Les Bell for his help in getting this document A Special thanks to Les Bell for his help in getting this document
ready for publication and providing his insight ready for publication and providing his insight
7. References 7. Normative References
7.1 Normative References
[IEEESTD8021] IEEE, IEEE Std 802.1, 2001 "Edition: IEEE Standard for [IEEESTD8021] IEEE, IEEE Std 802.1, 2001 "Edition: IEEE Standard for
Local and metropolitan area networks Port-Based Network Local and metropolitan area networks Port-Based Network
Access Control" Access Control"
[RFC2571] Harrington, D., Presuhn, R. and B. Wijnen, "An Architecture [RFC2571] Harrington, D., Presuhn, R. and B. Wijnen, "An Architecture
for Describing SNMP Management Frameworks", RFC 2571, for Describing SNMP Management Frameworks", RFC 2571,
May 1999. May 1999.
[RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
skipping to change at page 39, line 6 skipping to change at page 39, line 25
[RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M. and S. Waldbusser, "Conformance Statements for Rose, M. and S. Waldbusser, "Conformance Statements for
SMIv2", STD 58, RFC 2580, April 1999. SMIv2", STD 58, RFC 2580, April 1999.
[8021XAUTH] IEEE, 802.1x - Port Based Network Access Control, [8021XAUTH] IEEE, 802.1x - Port Based Network Access Control,
definition of Authenticator, clause 3.1.1 definition of Authenticator, clause 3.1.1
[8021XSUPP] IEEE, 802.1x - Port Based Network Access Control, [8021XSUPP] IEEE, 802.1x - Port Based Network Access Control,
definition of Supplicant, clause 3.1.5 definition of Supplicant, clause 3.1.5
7.2 Informative References 8. Informative References
[RFC1157] Case, J., Fedor, M., Schoffstall, M. and J. Davin, "Simple [RFC1157] Case, J., Fedor, M., Schoffstall, M. and J. Davin, "Simple
Network Management Protocol", STD 15, RFC 1157, May 1990. Network Management Protocol", STD 15, RFC 1157, May 1990.
[RFC1212] Rose, M. and K. McCloghrie, "Concise MIB Definitions", [RFC1212] Rose, M. and K. McCloghrie, "Concise MIB Definitions",
STD 16, RFC 1212, March 1991. STD 16, RFC 1212, March 1991.
[RFC1213] McCloghrie, K. and M. Rose, Editors, "Management Information [RFC1213] McCloghrie, K. and M. Rose, Editors, "Management Information
Base for Network Management of TCP/IP-based internets: Base for Network Management of TCP/IP-based internets:
MIB-II", STD 17, RFC 1213, March 1991. MIB-II", STD 17, RFC 1213, March 1991.
skipping to change at page 40, line 17 skipping to change at page 40, line 38
[RFC2573] Levi, D., Meyer, P. and B. Stewart, "SNMPv3 Applications", [RFC2573] Levi, D., Meyer, P. and B. Stewart, "SNMPv3 Applications",
RFC 2573, May 1999. RFC 2573, May 1999.
[RFC2575] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access [RFC2575] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access
Control Model (VACM) for the Simple Network Management Control Model (VACM) for the Simple Network Management
Protocol (SNMP)", RFC 2575, May 1999. Protocol (SNMP)", RFC 2575, May 1999.
[RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB
using SMIv2", RFC 2863, June 2000. using SMIv2", RFC 2863, June 2000.
8. Security Considerations 9. Security Considerations
The Port Access Entity defined in this MIB is integral to the The Port Access Entity defined in this MIB is integral to the
security of the network accessed through the Authenticator. The security of the network accessed through the Authenticator. The
managed objects in this MIB that have a MAX-ACCESS clause of managed objects in this MIB that have a MAX-ACCESS clause of
read-write or read-create must be considered sensitive in a secure read-write or read-create must be considered sensitive in a secure
environment. The support of SET operations in a non-secure environment. The support of SET operations in a non-secure
environment without proper protection can have a negative effect on environment without proper protection can have a negative effect on
the security of access to the network, for both the Authenticator and the security of access to the network, for both the Authenticator and
the Supplicant. The managed objects in this MIB that have a the Supplicant. The managed objects in this MIB that have a
MAX-ACCESS clause of anything other than not-accessible may allow MAX-ACCESS clause of anything other than not-accessible may allow
skipping to change at page 40, line 48 skipping to change at page 41, line 15
It is recommended that the implementors consider the security It is recommended that the implementors consider the security
features as provided by the SNMPv3 framework. Specifically, the use features as provided by the SNMPv3 framework. Specifically, the use
of the User-based Security Model, IETF RFC 2574, and the View-based of the User-based Security Model, IETF RFC 2574, and the View-based
Access Control Model, IETF RFC 2575, is recommended. It then becomes Access Control Model, IETF RFC 2575, is recommended. It then becomes
a user responsibility to ensure that the SNMP entity giving access to a user responsibility to ensure that the SNMP entity giving access to
an instance of this MIB is properly configured to give access only to an instance of this MIB is properly configured to give access only to
those principals (users) that have legitimate rights to access those principals (users) that have legitimate rights to access
change / create / delete) them, as appropriate. change / create / delete) them, as appropriate.
9. Author's Address 10. Author's Address
K.C. Norseth K.C. Norseth
L-3 Communications L-3 Communications
640 N. 2200 West. 640 N. 2200 West.
Salt Lake City, Utah 84116-0850 Salt Lake City, Utah 84116-0850
Email: kenyon.c.norseth@L-3com.com Email: kenyon.c.norseth@L-3com.com
kcn@norseth.com kcn@norseth.com
A. Change Log 11. Change Log
The following changes were made to <draft-ietf-bridge-8021x-00.txt> The following changes were made to <draft-ietf-bridge-8021x-00.txt>
to produce <draft-ietf-bridge-8021x-01.txt>: to produce <draft-ietf-bridge-8021x-02.txt>:
1) Redefined the overview to more reflect the IEEE 802.1x document. 1) Redefined the overview to more reflect the IEEE 802.1x document.
1) Clarification of the security section 1) Clarification of the security section
2) Splitting references into Normative and Informative 2) Splitting references into Normative and Informative
3) Changing draft to reflect IETF document standards.
B. Full Copyright Statement 12. Full Copyright Statement
Copyright (C) The Internet Society (2001). All Rights Reserved. Copyright (C) The Internet Society (2003). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than followed, or as required to translate it into languages other than
English. English.
The limited permissions granted above are perpetual and will not be The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns. revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an This document and the information contained herein is provided on an
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/