-- *********************************************************************
--   
-- IEEE8021X-PAE-MIB : MIB for IEEE 802.1X (802.1X-2010 + 802.1Xbx)
--   
-- *********************************************************************

IEEE8021X-PAE-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY,
    OBJECT-TYPE,
    Gauge32,
    Counter32,
    Counter64,
    Unsigned32,
    Integer32
        FROM SNMPv2-SMI
    MacAddress,
    TEXTUAL-CONVENTION,
    TruthValue,
    RowPointer,
    TimeStamp,
    TimeInterval,
    RowStatus
        FROM SNMPv2-TC
    MODULE-COMPLIANCE,
    OBJECT-GROUP
        FROM SNMPv2-CONF
    SnmpAdminString
        FROM SNMP-FRAMEWORK-MIB
    InterfaceIndex
        FROM IF-MIB
    SecySCI
        FROM IEEE8021-SECY-MIB;

ieee8021XPaeMIB MODULE-IDENTITY
    LAST-UPDATED    "201404101619Z"
    ORGANIZATION    "IEEE 802.1 Working Group"
    CONTACT-INFO
      " WG-URL: http://grouper.ieee.org/groups/802/1/index.html
        WG-EMail: stds-802-1@ieee.org
        Contact: Mick Seaman
        Postal: C/O IEEE 802.1 Working Group
                IEEE Standards Association
                445 Hoes Lane
                P.O. Box 1331
                Piscataway
                NJ 08855-1331
                USA
                E-mail: STDS-802-1-L@LISTSERV.IEEE.ORG"
    DESCRIPTION
        "The MIB module for managing the Port Access Entity (PAE)
        functions of IEEE 802.1X (Revision of 802.1X-2004).
        The PAE functions managed are summarized in Figure 12-3 of
        IEEE 802.1X and include EAPOL PACP support for authentication
        (EAP Supplicant and/or Authenticator), MACsec Key Agreement
        (MKA), EAPOL, and transmission and reception of network
        announcements.

        The following acronyms and definitions are used in this MIB.

        AN : Association Number, a number that is concatenated with a
            MACsec Secure Channel Identifier to identify a Secure
            Association (SA).

        Announcer : EAPOL-Announcement transmission functionality.

        Authenticator : An entity that facilitates authentication of
            other entities attached to the same LAN.

        CA : secure Connectivity Association: A security relationship,
            established and maintained by key agreement protocols, that
            comprises a fully connected subset of the service access
            points in stations attached to a single LAN that are to be
            supported by MACsec.

        CAK : secure Connectivity Association Key, a secret key
            possessed by members of a given CA.

        CKN : secure Connectivity Association Key Name (CKN), a text
            that identifies a CAK.

        Common Port : An instance of the MAC Internal Sublayer Service
            used by the SecY or PAC to provide transmission and
            reception of frames for both the Controlled and
            Uncontrolled Ports.

        Controlled Port : The access point used to provide the secure
            MAC Service to a client of a PAC or SecY.

        CP state machine : Controlled Port state machine is capable of
            controlling a SecY or a PAC.  The CP supports
            interoperability with unauthenticated systems that are not
            port-based network access control capable, or that lack 
            MKA.  When the access controlled port is supported by a
            SecY, the CP is capable of controlling the SecY so as to
            provide unsecured connectivity to systems that implement a
            PAC.

        EAP : Extensible Authentication Protocol, RFC3748.

        EAPOL : EAP over LANs.

        KaY : Key Agreement Entity, a PAE entity responsible for MKA.

        Key Server : Elected by MKA, to transport a succession of SAKs,
            for use by MACsec, to the other member(s) of a CA.

        KMD : Key Management Domain, a string identifying systems that
             share cached CAKs.

        Listener : The role is to receive the network announcement
            parameters in the authentication process.

        Logon Process : The Logon Process is responsible for the
            managing the use of authentication credentials, for
            initiating use of the PAE's Supplicant and or Authenticator
            functionality, for deriving CAK, CKN tuples from PAE
            results, for maintaining PSKs (Pre-Sharing Keys), and for
            managing MKA instances.  In the absence of successful
            authentication, key agreement, or support for MAC Security,
            the Logon Process determines whether the CP state machine
            should provide unauthenticated connectivity or
            authenticated but unsecured connectivity.

        MKA : MACsec Key Agreement protocol allows PAEs, each
            associated with a port that is an authenticated member of a
            secure connectivity association (CA) or a potential CA, to
            discover other PAEs attached to the same LAN, to confirm
            mutual possession of a CAK and hence to prove a past mutual
            authentication, to agree the secret keys (SAKs) used by
            MACsec for symmetric shared key cryptography, and to ensure
            that the data protected by MACsec has not been delayed.

        MKPDU : MACsec Key Agreement Protocol Data Unit.

        MPDU : MAC Protocol Data Unit.

        NID : Network Identity, a UTF-8 string identifying an network
             or network service.

        PAE : Port Access Entity, the protocol entity associated with a
             Port.  It can support the protocol functionality
             associated with the Authenticator, the Supplicant, or
             both.

        PAC : Port Access Controller, a protocol-less shim that
             provides control over frame transmission and reception by
             clients attached to its Controlled Port, and uses the MAC
             Service provided by a Common Port.  The access control
             decision is made by the PAE, typically taking into
             account the success or failure of mutual authentication
             and authorization of the PAE's peer(s), and is
             communicated by the PAE using the LMI to set the PAC's
             Controlled Port enabled/disable.  Two different interfaces
             'Controlled Port' and 'Uncontrolled Port', are associated
             with a PAC, and that for each instance of a PAC, two
             ifTable rows (one for each interface) run on top of an
             ifTable row representing the 'Common Port' interface,
             such as a row with ifType = 'ethernetCsmacd(6)'.

             For example :
            -----------------------------------------------------------
            |                            |                            |
            |   Controlled Port          |   Uncontrolled Port        |
            |      Interface             |      Interface             |
            |    (ifEntry = j)           |     (ifEntry = k)          |
            | (ifType =                  | (ifType =                  |
            |  macSecControlledIF(231))  |  macSecUncontrolledIF(232))|
            |                            |                            |
            |---------------------------------------------------------|
            |                                                         |
            |                    Physical Interface                   |
            |                      (ifEntry = i)                      |
            |                (ifType = ethernetCsmacd(6))             |
            |_________________________________________________________|
                        i, j, k are ifIndex to indicate
                       an interface stack in the ifTable.
                        Figure : PAC Interface Stack

             The 'Controlled Port' is the service point to provide one
             instance of the secure MAC service in a PAC.  The
             'Uncontrolled Port' is the service point to provide one
             instance of the insecure MAC service in a PAC.

        PACP : Port Access Controller Protocol.

        Port Identifier : A 16-bit number that is unique within the
            scope of the address of the port.

        Real Port : Indicates the PAE is for a real port.  A port that
            is not created on demand by the mechanisms specified in
            this standard, but that can transmit and receive frames for
            one or more virtual ports.

        SC : Secure Channel, a security relationship used to provide
            security guarantees for frames transmitted from one member
            of a CA to the others.  An SC is supported by a sequence of
            SAs thus allowing the periodic use of fresh keys without
            terminating the relationship.

        SA : Secure Association, a security relationship that provides
            security guarantees for frames transmitted from one member
            of a CA to the others. Each SA is supported by a single
            secret key, or a single set of keys where the cryptographic
            operations used to protect one frame require more than one
            key. 

        SAK : Secure Association key, the secret key used by an SA.

        SCI : Secure Channel Identifier, a globally unique identifier
            for a secure channel, comprising a globally unique MAC
            Address and a Port Identifier, unique within the system
            allocated that address.

        secured connectivity : Data transfer between two or 'Controlled
            Ports' that is protected by MACsec.

        SecY : MAC Security Entity, the entity that operates the MAC
            Security protocol within a system.

        Supplicant : An entity at one end of a point-to-point LAN
            segment that seeks to be authenticated by an Authenticator
            attached to the other end of that link.
            
        Suspension: Temporary suspension of MKA operation to facilitate
            in-service control plane software upgrades without
            disrupting existing secure connectivity.

        Uncontrolled Port : The access point used to provide the
            insecure MAC Service to a client of a SecY or PAC.

        Virtual Port : Indicates the PAE is for a virtual port.  A MAC
            Service or Internal Sublayer service access point that is
            created on demand.  Virtual ports can be used to provide
            separate secure connectivity associations over the same
            LAN."
    REVISION        "201404101619Z"
    DESCRIPTION
        "Update published as part of IEEE 802.1Xbx (Amendment to
        IEEE 802.1X-2010)"
    REVISION        "200910011650Z"
    DESCRIPTION
        "Initial version of this MIB module.  Published as part of
        IEEE P802.1X (Revision of IEEE Standard 802.1X-2009)"
    ::= { iso(1) iso-identified-organization(3) ieee(111)
          standards-association-numbered-series-standards(2)
          lan-man-stds(802) ieee802dot1(1) ieee802dot1mibs(1) 15 }

-- ------------------------------------------------------------------ --
-- Textual Conventions
-- ------------------------------------------------------------------ --

Ieee8021XPaeCKN ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
        "This textual convention indicates the CAK name to identify
        the Connectivity Association Key (CAK) which is the root key
        in the MACsec Key Agreement key hierarchy.  All potential
        members of the CA use the same CKN."

    REFERENCE       "IEEE 802.1X Clause 5.4, Clause 9.3.1, Clause 6.2"
    SYNTAX          OCTET STRING (SIZE (1..16))

Ieee8021XPaeCKNOrNull ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
        "This textual convention indicates the CAK name to identify
        the Connectivity Association Key (CAK) which is the root key
        in the MACsec Key Agreement key hierarchy.  All potential
        members of the CA use the same CKN.

        If this is a zero length value, then the NULL string means
        CKN information is applicable." 

    REFERENCE       "IEEE 802.1X Clause 5.4, Clause 9.3.1, Clause 6.2"
    SYNTAX          OCTET STRING (SIZE (0..16))

Ieee8021XPaeKMD ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
        "This textual convention indicates a Key Management Domain
        (KMD).

        KMD is a string of UTF-8 characters that names the transmitting
        authenticator's key management domain."

    REFERENCE       "IEEE 802.1X Clause 12.6"
    SYNTAX          OCTET STRING (SIZE (0..253))

Ieee8021XPaeNID ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
        "This textual convention indicates a Network Identifier (NID).

        Each network is identified by a NID, a UTF-8 string used by
        network attached systems to select a network profile."

    REFERENCE       "IEEE 802.1X Clause 12.6, Clause 10.1"
    SYNTAX          OCTET STRING (SIZE (1..100))

Ieee8021XPaeNIDOrNull ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
        "This textual convention indicates a Network Identifier (NID).

        Each network is identified by a NID, a UTF-8 string used by
        network attached systems to select a network profile.

        If this is a zero length value, then the NULL string for
        NID information is applicable." 

    REFERENCE       "IEEE 802.1X Clause 12.6, Clause 10.1"
    SYNTAX          OCTET STRING (SIZE (0..100))

Ieee8021XMkaKeyServerPriority ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
        "This textual convention indicates a Key Server priority
        information.

        Each MKA participant encodes a Key Server Priority, an 8-bit
        integer, in each MKPDU.  Each participant selects the live
        participant advertising the highest priority as its Key Server
        provided that participant has not selected another as its Key
        Server or is unwilling to act as the Key Server.  If a Key
        Server cannot be selected SAKs are not distributed.  In the
        event of a tie for highest priority Key Server, the member with
        the highest priority SCI is chosen.  For consistency with other
        uses of the SCI's MAC Address component as a priority,
        numerically lower values of the Key Server Priority and SCI are
        accorded the highest priority.  The Table 9-2 contains
        recommendations for the use of priority values for various
        system roles. Participants that will never act as a Key Server
        should advertise priority 0xFF."

    REFERENCE       "IEEE 802.1X Clause 9.5, Table 9-2"
    SYNTAX          OCTET STRING (SIZE (1))

Ieee8021XMkaMI ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
        "This textual convention indicates a Member Identifier (MI).

        The MI is a 96-bit random value chosen when the MKA Instance
        begins, used with a 32-bit MN to protect against replay attacks
        and to record liveliness in the Live Peer List or potential
        liveliness in the Potential Peer List. If the MN wraps, a new
        random MI value is chosen and the MN begins again at 1."

    REFERENCE       "IEEE 802.1X Clause 9.4.2"
    SYNTAX          OCTET STRING (SIZE (12))

Ieee8021XMkaMN ::= TEXTUAL-CONVENTION
    DISPLAY-HINT    "d"
    STATUS          current
    DESCRIPTION
        "This textual convention indicates a Member Number (MN).

        The MN is a 32-bit value which begins at 1 and increases for
        each MKPDU transmitted.  It is used with the MI to protect
        against replay attacks and to record liveliness in the Live
        Peers List or potential liveliness in the Potential Peer List.
        If the MN wraps, a new random MI value is chosen and the MN
        begins again at a value of 1."

    REFERENCE       "IEEE 802.1X Clause 9.4.2"
    SYNTAX          Unsigned32 (1..2147483648)

Ieee8021XMkaKN ::= TEXTUAL-CONVENTION
    DISPLAY-HINT    "d"
    STATUS          current
    DESCRIPTION
        "This textual convention indicates a Key Number (KN) used in
        MKA.

        The MN is a 32-bit integer assigned by that Key Server
        (sequentially, beginning with 1)."

    REFERENCE       "IEEE 802.1X Clause 9.8"
    SYNTAX          Unsigned32 (1..2147483648)

Ieee8021XPaeNIDCapabilites ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
        "This textual convention indicates the combinations of
        authentication and protection capabilities supported for a
        NID. Any set of these combinations can be supported."

    REFERENCE       "IEEE 802.1X Clause 10.1, Table 11-8"
    SYNTAX          BITS {
                        eap(0),
                        eapMka(1),
                        eapMkaMacSec(2),
                        mka(3),
                        mkaMacSec(4),
                        higherLayer(5), -- WebAuth
                        higherLayerFallback(6), -- WebAuth
                        vendorSpecific(7)
                    }

Ieee8021XPaeNIDAccessStatus ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
        "This textual convention indicates the transmitter's
        Controlled Port operational status and current level of
        access resulting from authentication and the consequent
        authorization controls applied by that port's clients.

        'noAccess' : Other than to authentication services, and to
            services announced as available in the absence of
            authentication (unauthenticated).

        'remedialAccess' : The access granted is severely limited,
            possibly to remedial services.

        'restrictedAccess' : The Controlled Port is operational, but
            restrictions have been applied by the network that can
            limit access to some resources.

        'expectedAccess' : The Controlled Port is operational, and
            access provided is as expected for successful
            authentication and authorization for the NID."

    REFERENCE       "IEEE 802.1X Clause 10.1, Table 11-8"
    SYNTAX          INTEGER  {
                        noAccess(0),
                        remedialAccess(1),
                        restrictedAccess(2),
                        expectedAccess(3)
                    }

Ieee8021XPaeNIDUnauthenticatedStatus ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
        "This textual convention indicates the access capabilities of
        the port's clients without authentication.

        'noAccess' : Other than to authentication services (see
            Ieee8021XPaeNIDCapabilites information.

        'fallbackAccess' : Limited access can be provided after
            authentication failure.

        'limitedAccess' : Immediate limited access is available
            without authentication.

        'openAccess' : Immediate access is available without
            authentication."

    REFERENCE       "IEEE 802.1X Clause 10.1, Table 11-8"
    SYNTAX          INTEGER  {
                        noAccess(0),
                        fallbackAccess(1),
                        limitedAccess(2),
                        openAccess(3)
                    }

-- ------------------------------------------------------------------ --
-- Groups in the IEEE 802.1X MIB
-- ------------------------------------------------------------------ --

ieee8021XPaeMIBNotifications  OBJECT IDENTIFIER
    ::= { ieee8021XPaeMIB 0 }

ieee8021XPaeMIBObjects  OBJECT IDENTIFIER
    ::= { ieee8021XPaeMIB 1 }

ieee8021XPaeMIBConformance  OBJECT IDENTIFIER
    ::= { ieee8021XPaeMIB 2 }

-- ------------------------------------------------------------------ --
-- Management Objects in the IEEE 802.1X MIB
-- ------------------------------------------------------------------ --

ieee8021XPaeSystem  OBJECT IDENTIFIER
    ::= { ieee8021XPaeMIBObjects 1 }

ieee8021XPaeLogon  OBJECT IDENTIFIER
    ::= { ieee8021XPaeMIBObjects 2 }

ieee8021XPaeAuthenticator  OBJECT IDENTIFIER
    ::= { ieee8021XPaeMIBObjects 3 }

ieee8021XPaeSupplicant  OBJECT IDENTIFIER
    ::= { ieee8021XPaeMIBObjects 4 }

ieee8021XPaeEapol  OBJECT IDENTIFIER
    ::= { ieee8021XPaeMIBObjects 5 }

ieee8021XPaeKaY  OBJECT IDENTIFIER
    ::= { ieee8021XPaeMIBObjects 6 }

ieee8021XPaeNetworkIdentifier  OBJECT IDENTIFIER
    ::= { ieee8021XPaeMIBObjects 7 }


-- ------------------------------------------------------------------ --
-- The 802.1X PAE System Group
-- ------------------------------------------------------------------ --
--   
-- ------------------------------------------------------------------ --
-- The 802.1X PAE System Objects
-- ------------------------------------------------------------------ --

ieee8021XPaeSysAccessControl OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object enables or disables port-based network access
        control for all the system's ports.  Setting this control
        object to 'false' causes the following actions :
            . Deletes any virtual ports previously instantiated.
            . Terminates authentication exchanges and MKA instances'
              operation.
            . Each real port PAE behaves as if no virtual ports
              created.
            . All the PAEs' Supplicant, Authenticator, and KaY are
              disabled.
            . Logon Process(es) behave as if the object
              ieee8021XNidUnauthAllowed was 'immediate'.
            . Announcements can be transmitted, both periodically and
              in response to announcement requests (conveyed by
              EAPOL-Starts or EAPOL-Announcement-Reqs) but are sent
              with a single NULL NID.
            . Objects announcementAccessStatus and announceAccessStatus
              have the 'noAccess' value, announcementAccessRequested is
              'false', object announcementUnauthAccess has the
              'openAccess' value.

        The control variable settings for each real port PAE in the
        ieee8021XPaePortTable are unaffected, and will be used once the
        object is set to 'true'.

        This configured value for this object shall be stored in
        persistent memory and remain unchanged across a
        re-initialization of the management system of the entity."
    REFERENCE
        "IEEE 802.1X Clause 12.9.1, Figure 12-3 PAE
            System.systemAccessControl" 
    ::= { ieee8021XPaeSystem 1 }

ieee8021XPaeSysAnnouncements OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "Setting this control object to 'false' causes each PAE in this
        system to behave as if the PAE's Announcement functionality is 
        disabled.  The independent controls for each PAE apply if
        this object is 'true'.

        This configured value for this object shall be stored in
        persistent memory and remain unchanged across a
        re-initialization of the management system of the entity."
    REFERENCE
        "IEEE 802.1X Clause 12.9.1, Figure 12-3 PAE
             System.systemAnnouncements" 
    ::= { ieee8021XPaeSystem 2 }

ieee8021XPaeSysEapolVersion OBJECT-TYPE
    SYNTAX          Unsigned32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The EAPOL protocol version for this system."
    REFERENCE
        "IEEE 802.1X Clause 12.9.1, Clause 11.3, Figure 12-3 PAE
             System.eapolProtocolVersion" 
    ::= { ieee8021XPaeSystem 3 }

ieee8021XPaeSysMkaVersion OBJECT-TYPE
    SYNTAX          Unsigned32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The MKA protocol version for this system."
    REFERENCE       "IEEE 802.1X Clause 12.9.1" 
    ::= { ieee8021XPaeSystem 4 }
-- ------------------------------------------------------------------ --
-- The 802.1X PAE Port Table
-- ------------------------------------------------------------------ --

ieee8021XPaePortTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF Ieee8021XPaePortEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A table of system level information for each port supported by
        the Port Access Entity.  An entry appears in this table for
        each port of this system.

        For the writeable objects in this table, the configured value
        shall be stored in persistent memory and remain unchanged
        across a re-initialization of the management system of the
        entity."
    REFERENCE       "802.1X Clause 12.9.2, Figure 12-3 PAE"
    ::= { ieee8021XPaeSystem 5 }

ieee8021XPaePortEntry OBJECT-TYPE
    SYNTAX          Ieee8021XPaePortEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "The Port number, protocol version, and
        initialization control for a Port.

         If the PAE has been dynamically instantiated to support an
         existing or potential virtual port, the Uncontrolled Port
         interface and Controlled Port interface are allocated by the
         real port's PAE."
    INDEX           { ieee8021XPaePortNumber } 
    ::= { ieee8021XPaePortTable 1 }

Ieee8021XPaePortEntry ::= SEQUENCE {
        ieee8021XPaePortNumber              InterfaceIndex,
        ieee8021XPaePortType                INTEGER,
        ieee8021XPaeControlledPortNumber    InterfaceIndex,
        ieee8021XPaeUncontrolledPortNumber  InterfaceIndex,
        ieee8021XPaeCommonPortNumber        InterfaceIndex,
        ieee8021XPaePortInitialize          TruthValue,
        ieee8021XPaePortCapabilities        BITS,
        ieee8021XPaePortVirtualPortsEnable  TruthValue,
        ieee8021XPaePortMaxVirtualPorts     Unsigned32,
        ieee8021XPaePortCurrentVirtualPorts Gauge32,
        ieee8021XPaePortVirtualPortStart    TruthValue,
        ieee8021XPaePortVirtualPortPeerMAC  MacAddress,
        ieee8021XPaePortLogonEnable         TruthValue,
        ieee8021XPaePortAuthenticatorEnable TruthValue,
        ieee8021XPaePortSupplicantEnable    TruthValue,
        ieee8021XPaePortKayMkaEnable        TruthValue,
        ieee8021XPaePortAnnouncerEnable     TruthValue,
        ieee8021XPaePortListenerEnable      TruthValue
}

ieee8021XPaePortNumber OBJECT-TYPE
    SYNTAX          InterfaceIndex
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An interface index indicates the port number associated with
        this port.  Each PAE is uniquely identified by a port number.
        The port number used is unique amongst all port numbers for
        the system, and directly or indirectly identifies the
        Uncontrolled Port that supports the PAE.

        If the PAE indicates a real port, ieee8021XPaePortType object
        in the same row is 'realPort', the port number shall be the
        same as the ieee8021XPaeCommonPortNumber object in the same row
        for the associated PAC or SecY.

        If the PAE indicates a virtual port, ieee8021XPaePortType
        object in the same row is 'virtualPort', this port number
        should be the same as the uncontrolledPortNumber object in the
        same row for the associated PAC or SecY."
    REFERENCE       "802.1X Clause 12.9.2, Figure 12-3" 
    ::= { ieee8021XPaePortEntry 1 }

ieee8021XPaePortType OBJECT-TYPE
    SYNTAX          INTEGER  {
                        realPort(1),
                        virtualPort(2)
                    }
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The port type of the PAE.

        realPort(1) : indicates the PAE is for a real port.

        virtualPort(2) : indicates the PAE is for a virtual port."
    REFERENCE       "802.1X Clause 12.9.2, Figure 12-3" 
    ::= { ieee8021XPaePortEntry 2 }

ieee8021XPaeControlledPortNumber OBJECT-TYPE
    SYNTAX          InterfaceIndex
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "An interface index indicates the port number associated with
        PAC or SecY's Controlled Port."
    REFERENCE       "802.1X Clause 12.9.2, Figure 12-3" 
    ::= { ieee8021XPaePortEntry 3 }

ieee8021XPaeUncontrolledPortNumber OBJECT-TYPE
    SYNTAX          InterfaceIndex
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "An interface index indicates the port number associated with
        PAC or SecY's Uncontrolled Port.  If the PAE supports a
        real port, this port number can be the same as the
        ieee8021XPaeCommonPortNumber object in the same row, otherwise
        it shall not be the same."
    REFERENCE       "802.1X Clause 12.9.2, Figure 12-3" 
    ::= { ieee8021XPaePortEntry 4 }

ieee8021XPaeCommonPortNumber OBJECT-TYPE
    SYNTAX          InterfaceIndex
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "An interface index indicates the port number associated with
        PAC or SecY's 'Common Port'.  All the virtual ports created
        for a given real port share the same 'Common Port' and
        ieee8021XPaeCommonPortNumber in the same row."
    REFERENCE       "802.1X Clause 12.9.2, Figure 12-3" 
    ::= { ieee8021XPaePortEntry 5 }

ieee8021XPaePortInitialize OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "The initialization control for this Port. Setting this object
        'true' causes the Port to be reinitialized, terminating (and
        potentially restarting) authentication exchanges and MKA
        operation.

        If the port is a real port, any virtual ports previously
        instantiated are deleted.  Virtual ports can be reinstantiated
        through normal protocol operation.

        The object value reverts to 'false' once initialization
        has completed."
    REFERENCE       "802.1X Clause 12.9.3, Figure 12-3" 
    ::= { ieee8021XPaePortEntry 6 }

ieee8021XPaePortCapabilities OBJECT-TYPE
    SYNTAX          BITS {
                        suppImplemented(0),
                        authImplemented(1),
                        mkaImplemented(2),
                        macsecImplemented(3),
                        announcementsImplemented(4),
                        listenerImplemented(5),
                        virtualPortsImplemented(6)
                    }
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The capabilities of this PAE port.

        'suppImplemented' : A PACP EAP supplicant functions are
            implemented in this PAE if this bit is on.

        'authImplemented' : A PACP EAP authenticator functions are
            implemented in this PAE if this bit is on.

        'mkaImplemented' : The KaY MKA functions are implemented
            in this PAE if this bit is on.

        'macsecImplemented' : The MACsec functions in the
            Controlled Port are implemented in this PAE if this
            bit is on.

        'announcementsImplemented' : The EAPOL announcement can be
            sent in this PAE if this bit is on.

        'listenerImplemented' : This PAE can receive EAPOL announcement
            if this bit is on.

        'virtualPortsImplemented' : Virtual Port functions are
            implemented in this PAE if this bit is on."
    REFERENCE       "802.1X Clause 12.9.2, Figure 12-3" 
    ::= { ieee8021XPaePortEntry 7 }

ieee8021XPaePortVirtualPortsEnable OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "Enable or disable to Virtual Ports function for this Real Port
        PAE, the object ieee8021XPaePortType in the same row has the
        value 'realPort'.  If this PAE is not a Real Port, this object
        should be read only and returns 'false'.

        This object will be read only and returns 'false' if the value
        of the object ieee8021XPaePortCapabilities in the same row has
        the bit 'virtualPortsImplemented' off."
    REFERENCE       "802.1X Clause 12.8.1, Figure 12-3" 
    ::= { ieee8021XPaePortEntry 8 }

ieee8021XPaePortMaxVirtualPorts OBJECT-TYPE
    SYNTAX          Unsigned32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The maximum number of virtual ports can be supported in this
        port."
    REFERENCE       "802.1X Clause 12.9.2, Figure 12-3" 
    ::= { ieee8021XPaePortEntry 9 }

ieee8021XPaePortCurrentVirtualPorts OBJECT-TYPE
    SYNTAX          Gauge32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The current number of virtual ports is running in this port."
    REFERENCE       "802.1X Clause 12.9.2, Figure 12-3" 
    ::= { ieee8021XPaePortEntry 10 }

ieee8021XPaePortVirtualPortStart OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object will be 'true' if the virtual port is created by
        receipt of an EAPOL-Start packet."
    REFERENCE       "802.1X Clause 12.7, Figure 12-3" 
    ::= { ieee8021XPaePortEntry 11 }

ieee8021XPaePortVirtualPortPeerMAC OBJECT-TYPE
    SYNTAX          MacAddress
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The source MAC address of the received EAPOL-Start if
        ieee8021XPaePortVirtualPortStart is set 'true'.

        If ieee8021XPaePortVirtualPortStart is not 'true' in the same
        row, the value of this object should be 00-00-00-00-00-00."
    REFERENCE       "802.1X Clause 12.7, Figure 12-3" 
    ::= { ieee8021XPaePortEntry 12 }

ieee8021XPaePortLogonEnable OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "Enable or disable to transmit network announcement
        information."
    REFERENCE       "802.1X Clause 12.5, Figure 12-3" 
    ::= { ieee8021XPaePortEntry 13 }

ieee8021XPaePortAuthenticatorEnable OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "Enable or disable to the Authenticator function in this PAE.

        This object will be read only and returns 'false' if the value
        of the object ieee8021XPaePortCapabilities in the same row has
        the bit 'authImplemented' Off."
    REFERENCE       "802.1X Clause 8.4, Figure 12-3" 
    ::= { ieee8021XPaePortEntry 14 }

ieee8021XPaePortSupplicantEnable OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "Enable or disable to the Supplicant function in this PAE.

        This object will be read only and returns 'false' if the value
        of the object ieee8021XPaePortCapabilities in the same row has
        the bit 'suppImplemented' off."
    REFERENCE       "802.1X Clause 8.4, Figure 12-3" 
    ::= { ieee8021XPaePortEntry 15 }

ieee8021XPaePortKayMkaEnable OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "Enable or disable the MKA protocol function in this PAE.

        This object will be read only and returns 'false' if the value
        of the object ieee8021XPaePortCapabilities in the same row has
        the bit 'mkaImplemented' off."
    REFERENCE       "IEEE 802.1X Clause 9.16, Figure 12-3" 
    ::= { ieee8021XPaePortEntry 16 }

ieee8021XPaePortAnnouncerEnable OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "Enable or disable the network Announcer function in this PAE.

        This object will be read only and returns 'false' if the value
        of the object ieee8021XPaePortCapabilities in the same row has
        the bit 'announcementsImplemented' off."
    REFERENCE       "802.1X Clause 10.4, Figure 12-3" 
    ::= { ieee8021XPaePortEntry 17 }

ieee8021XPaePortListenerEnable OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "Enable or disable the network Listener function in this PAE.

        This object will be read only and returns 'false' if the value
        of the object ieee8021XPaePortCapabilities in the same row has
        the bit 'listenerImplemented' off."
    REFERENCE       "802.1X Clause 10.4, Figure 12-3" 
    ::= { ieee8021XPaePortEntry 18 }
 

-- ------------------------------------------------------------------ --
-- The 802.1X PAC Port Table
-- ------------------------------------------------------------------ --

ieee8021XPacPortTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF Ieee8021XPacPortEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A table of system level information for each interface
        supported by PAC.

        This table will be instantiated if the value of the object
        ieee8021XPaePortCapabilities in the corresponding entry of the
        ieee8021XPaePortTable has the bit 'macsecImplemented' off.

        For the writeable objects in this table, the configured value
        shall be stored in persistent memory and remain unchanged
        across a re-initialization of the management system of the
        entity."
    REFERENCE       "IEEE 802.1X Clause 6.4, Clause 14"
    ::= { ieee8021XPaeSystem 6 }

ieee8021XPacPortEntry OBJECT-TYPE
    SYNTAX          Ieee8021XPacPortEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry containing PAC management information applicable to
        a particular interface."
    INDEX           { ieee8021XPacPortControlledPortNumber } 
    ::= { ieee8021XPacPortTable 1 }

Ieee8021XPacPortEntry ::= SEQUENCE {
        ieee8021XPacPortControlledPortNumber    InterfaceIndex,
        ieee8021XPacPortAdminPt2PtMAC           INTEGER,
        ieee8021XPacPortOperPt2PtMAC            TruthValue
}

ieee8021XPacPortControlledPortNumber OBJECT-TYPE
    SYNTAX          InterfaceIndex
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "The index to identify the 'Controlled Port' interface for a PAC."
    REFERENCE       "IEEE 802.1X Clause 6.4"
    ::= { ieee8021XPacPortEntry 1 }

ieee8021XPacPortAdminPt2PtMAC OBJECT-TYPE
    SYNTAX          INTEGER  {
                        forceTrue(1),
                        forceFalse(2),
                        auto(3)
                    }
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "An object to control the service connectivity to at most one
        other system.  The ieee8021XPacPortOperPt2PtMAC indicates
        operational status of the service connectivity for this PAC.

        'forceTrue' : allows only one service connection to the
                       other system.

        'forceFalse' : no restriction on the number of service
                        connections to the other systems.

        'auto' : means the service connectivity is determined by the
                  service providing entity."
    REFERENCE       "IEEE 802.1X Clause 6.4"
    DEFVAL          { auto } 
    ::= { ieee8021XPacPortEntry 2 }

ieee8021XPacPortOperPt2PtMAC OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "An object to reflect the current service connectivity status.

        'true' : means the service connectivity of this PAC
             Controlled Port provides at most one other system.

        'false' : means the service connectivity of this PAC could
             provide more than one other system."
    REFERENCE       "IEEE 802.1X Clause 6.4" 
    ::= { ieee8021XPacPortEntry 3 }
 

-- ------------------------------------------------------------------ --
-- The 802.1X PAE Logon Process Group
-- ------------------------------------------------------------------ --
--   
-- ------------------------------------------------------------------ --
-- The 802.1X PAE Logon Process Table
-- ------------------------------------------------------------------ --

ieee8021XPaePortLogonTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF Ieee8021XPaePortLogonEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A table of system level information for each port to support
        the Logon Process(es) status information.

        This table will be instantiated if the object
        ieee8021XPaePortLogonEnable in the corresponding entry of the
        ieee8021XPaePortTable is 'true'."
    REFERENCE       "802.1X Clause 12.5, Figure 12-3"
    ::= { ieee8021XPaeLogon 1 }

ieee8021XPaePortLogonEntry OBJECT-TYPE
    SYNTAX          Ieee8021XPaePortLogonEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry contains Logon Process status information for the
        PAE."
    INDEX           { ieee8021XPaePortNumber } 
    ::= { ieee8021XPaePortLogonTable 1 }

Ieee8021XPaePortLogonEntry ::= SEQUENCE {
        ieee8021XPaePortLogonConnectStatus INTEGER,
        ieee8021XPaePortPortValid          TruthValue
}

ieee8021XPaePortLogonConnectStatus OBJECT-TYPE
    SYNTAX          INTEGER  {
                        pending(1),
                        unauthenticated(2),
                        authenticated(3),
                        secure(4)
                    }
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The Logon Process sets this variable to one of the following
        values, to indicate to the CP state machine if, and how,
        connectivity is to be provided through the Controlled Port :

        'pending' : Prevent connectivity by disabling the
            Controlled Port of this PAE.

        'unauthenticated' : Provide unsecured connectivity, enabling
            the Controlled Port of this PAE.

        'authenticated' : Provide unsecured connectivity but with
            authentication, enabling Controlled Port of this PAE.

        'secure' : Provide secure connectivity, using SAKs provided by
            the KaY (when available) and enabling Controlled Port when
            those keys are installed and in use."
    REFERENCE       "802.1X Clause 12.3, Figure 12-3" 
    ::= { ieee8021XPaePortLogonEntry 1 }

ieee8021XPaePortPortValid OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object will be set 'true' if Controlled Port communication
        is secured as specified by the MACsec."
    REFERENCE       "802.1X Clause 12.3, Figure 12-3" 
    ::= { ieee8021XPaePortLogonEntry 2 }
 

-- ------------------------------------------------------------------ --
-- The 802.1X PAE Session Table
-- ------------------------------------------------------------------ --

ieee8021XPaePortSessionTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF Ieee8021XPaePortSessionEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A table of system level information for each port to support
        Logon Process(es) session information.  This table maintains
        session statistics for its associated Controlled Port,
        suitable for communication to a RADIUS or other AAA server at
        the end of a session for accounting purpose.

        This table will be instantiated if the object
        ieee8021XPaePortLogonEnable in the corresponding entry of the
        ieee8021XPaePortTable is 'true'."
    REFERENCE       "802.1X Clause 12.5.1, Figure 12-3"
    ::= { ieee8021XPaeLogon 2 }

ieee8021XPaePortSessionEntry OBJECT-TYPE
    SYNTAX          Ieee8021XPaePortSessionEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry contains Logon Process session information for the
        PAE.  A session, an entry, begins when the operation of
        Controlled Port becomes 'true' and ends when it becomes
        'false'.

        The counts of frames and octets can be derived from those
        maintained to support from Interface MIB counters for the
        SecY's or the PAC's Controlled Port, but differs in that the
        counts are zeroed when the session begins."
    INDEX           { ieee8021XPaeSessionControlledPortNumber } 
    ::= { ieee8021XPaePortSessionTable 1 }

Ieee8021XPaePortSessionEntry ::= SEQUENCE {
        ieee8021XPaeSessionControlledPortNumber   InterfaceIndex,
        ieee8021XPaePortSessionOctetsRx           Counter64,
        ieee8021XPaePortSessionOctetsTx           Counter64,
        ieee8021XPaePortSessionPktsRx             Counter64,
        ieee8021XPaePortSessionPktsTx             Counter64,
        ieee8021XPaePortSessionId                 SnmpAdminString,
        ieee8021XPaePortSessionStartTime          TimeStamp,
        ieee8021XPaePortSessionIntervalTime       TimeInterval,
        ieee8021XPaePortSessionTerminate          INTEGER,
        ieee8021XPaePortSessionUserName           SnmpAdminString
}

ieee8021XPaeSessionControlledPortNumber OBJECT-TYPE
    SYNTAX          InterfaceIndex
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "The index to identify the 'Controlled Port' interface's session
        information for a PAE."
    REFERENCE       "802.1X Clause 12.5.1, Figure 12-3" 
    ::= { ieee8021XPaePortSessionEntry 1 }

ieee8021XPaePortSessionOctetsRx OBJECT-TYPE
    SYNTAX          Counter64
    UNITS           "Octets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of octets received in this session of this PAE.

        Discontinuities in the value of this counter can occur at
        re-initialization of the management system, and at
        other times as indicated by the value of
        ieee8021XPaePortSessionStartTime."
    REFERENCE       "802.1X Clause 12.5.1, Figure 12-3" 
    ::= { ieee8021XPaePortSessionEntry 2 }

ieee8021XPaePortSessionOctetsTx OBJECT-TYPE
    SYNTAX          Counter64
    UNITS           "Octets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of octets transmitted in this session of this PAE.

        Discontinuities in the value of this counter can occur at
        re-initialization of the management system, and at
        other times as indicated by the value of
        ieee8021XPaePortSessionStartTime."
    REFERENCE       "802.1X Clause 12.5.1, Figure 12-3" 
    ::= { ieee8021XPaePortSessionEntry 3 }

ieee8021XPaePortSessionPktsRx OBJECT-TYPE
    SYNTAX          Counter64
    UNITS           "Packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of packets received in this session of this PAE.

        Discontinuities in the value of this counter can occur at
        re-initialization of the management system, and at
        other times as indicated by the value of
        ieee8021XPaePortSessionStartTime."
    REFERENCE       "802.1X Clause 12.5.1, Figure 12-3" 
    ::= { ieee8021XPaePortSessionEntry 4 }

ieee8021XPaePortSessionPktsTx OBJECT-TYPE
    SYNTAX          Counter64
    UNITS           "Packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of packets transmitted in this session of this PAE.

        Discontinuities in the value of this counter can occur at
        re-initialization of the management system, and at
        other times as indicated by the value of
        ieee8021XPaePortSessionStartTime."
    REFERENCE       "802.1X Clause 12.5.1, Figure 12-3" 
    ::= { ieee8021XPaePortSessionEntry 5 }

ieee8021XPaePortSessionId OBJECT-TYPE
    SYNTAX          SnmpAdminString (SIZE  (3..253))
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The session identifier for this session of the PAE.  A UTF-8
        string, uniquely identifying the session within the context of
        the PAE's system."
    REFERENCE       "802.1X Clause 12.5.1, Figure 12-3" 
    ::= { ieee8021XPaePortSessionEntry 6 }

ieee8021XPaePortSessionStartTime OBJECT-TYPE
    SYNTAX          TimeStamp
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The starting time of this session."
    REFERENCE       "802.1X Clause 12.5.1, Figure 12-3" 
    ::= { ieee8021XPaePortSessionEntry 7 }

ieee8021XPaePortSessionIntervalTime OBJECT-TYPE
    SYNTAX          TimeInterval
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The duration time of the session has been last."
    REFERENCE       "802.1X Clause 12.5.1, Figure 12-3" 
    ::= { ieee8021XPaePortSessionEntry 8 }

ieee8021XPaePortSessionTerminate OBJECT-TYPE
    SYNTAX          INTEGER  {
                        macOperFailed(1),
                        sysAccessDisableOrPortInit(2),
                        receiveEapolLogOff(3),
                        eapReauthFailure(4),
                        mkaFailure(5),
                        newSessionBegin(6),
                        notTerminateYet(7)
                    }
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The reason for the session termination, one of the following :

        'macOperFailed' : 'Common Port' for this PAE is not
            operational.

        'sysAccessDisableOrPortInit' : The ieee8021XPaeSysAccessControl
            object is set to 'false' or initialization process of this
            PAE is invoked.

        'receiveEapolLogOff' : The PAE has received EAPOL-Logoff
            frame.

        'eapReauthFailure' : EAP reauthentication has failed.

        'mkaFailure' : MKA failure or other MKA termination.

        'newSessionBegin' : New session beginning.

        'notTerminateYet' : Not Terminated Yet."
    REFERENCE       "802.1X Clause 12.5.1, Figure 12-3" 
    ::= { ieee8021XPaePortSessionEntry 9 }

ieee8021XPaePortSessionUserName OBJECT-TYPE
    SYNTAX          SnmpAdminString (SIZE  (0..253))
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The session user name for this session in the PAE.  A UTF-8
        string, representing the identity of the peer Supplicant.

        If no such information, zero length string will return."
    REFERENCE       "802.1X Clause 12.5.1, Figure 12-3" 
    ::= { ieee8021XPaePortSessionEntry 10 }
 

-- ------------------------------------------------------------------ --
-- The 802.1X PAE Logon Process NID Table
-- ------------------------------------------------------------------ --

ieee8021XLogonNIDTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF Ieee8021XLogonNIDEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "The Logon Process may use Network Identities (NIDs) to manage
        its use of authentication credentials, cached CAKs, and
        announcements.  This table provides the NID information for
        Logon Process.

        For the writeable objects in this table, the configured value
        shall be stored in persistent memory and remain unchanged
        across a re-initialization of the management system of the
        entity."
    REFERENCE       "802.1X Clause 12.5, Figure 12-3"
    ::= { ieee8021XPaeLogon 3 }

ieee8021XLogonNIDEntry OBJECT-TYPE
    SYNTAX          Ieee8021XLogonNIDEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry provides the NID information for a Logon Process."
    INDEX           { ieee8021XPaePortNumber } 
    ::= { ieee8021XLogonNIDTable 1 }

Ieee8021XLogonNIDEntry ::= SEQUENCE {
        ieee8021XLogonNIDConnectedNID Ieee8021XPaeNID,
        ieee8021XLogonNIDRequestedNID Ieee8021XPaeNIDOrNull,
        ieee8021XLogonNIDSelectedNID  Ieee8021XPaeNIDOrNull
}

ieee8021XLogonNIDConnectedNID OBJECT-TYPE
    SYNTAX          Ieee8021XPaeNID
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The NID associated with the current connectivity (possibly
        unauthenticated) provided by the operation of the CP state
        machine.

        This object can differ from both the ieee8021XLogonNIDSelectedNID and
        the ieee8021XLogonNIDRequestedNID objects in the same row if
        authenticated connectivity (either secure or unsecured) has
        already been established, and EAP authentication and MKA
        operation for both of the latter have not met the necessary
        conditions (as specified by the control variables unauthAllowed
        and unsecureAllowed)."
    REFERENCE       "802.1X Clause 12.5, Figure 12-3" 
    ::= { ieee8021XLogonNIDEntry 1 }

ieee8021XLogonNIDRequestedNID OBJECT-TYPE
    SYNTAX          Ieee8021XPaeNIDOrNull
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The NID marked as access requested in announcements, as
        determined from EAPOL-Start frames.  The default of this object
        is as the configured value of object ieee8021XLogonNIDSelectedNID.

        This object information provides context for the PAE's EAP
        Authenticator.  If no EAPOL-Start frame has been received since
        the PAE's 'Common Port' became operational, or the last
        EAPOL-Start frame received for the port did not contain a
        requested NID, the object will take on the value of the object
        ieee8021XLogonNIDSelectedNID in the same row."
    REFERENCE       "802.1X Clause 12.5, Figure 12-3" 
    ::= { ieee8021XLogonNIDEntry 2 }

ieee8021XLogonNIDSelectedNID OBJECT-TYPE
    SYNTAX          Ieee8021XPaeNIDOrNull
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "The NID currently configured for use by an access 'Controlled
        Port' when transmitting EAPOL-Start frames.  The default of
        this object is empty string.

        This object may be either explicitly configured by management
        or determined by the PAE using NID selection algorithms.  If no
        authentication is in progress, and the current connectivity is
        terminated and then starts again, ieee8021XLogonNIDConnectedNID will
        take on the value of ieee8021XLogonNIDRequestedNID (though a PAE
        NID's election algorithm, if used, can subsequently select
        another NID)."
    REFERENCE       "802.1X Clause 12.5, Figure 12-3"
    DEFVAL          { "" } 
    ::= { ieee8021XLogonNIDEntry 3 }
 

-- ------------------------------------------------------------------ --
-- The PAE Authenticator Group
-- ------------------------------------------------------------------ --
--   
-- ------------------------------------------------------------------ --
-- The 802.1X PAE Authenticator Table
-- ------------------------------------------------------------------ --

ieee8021XAuthenticatorTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF Ieee8021XAuthenticatorEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A table that contains the configuration objects for the
        Authenticator PAE associated with each port.  This table will
        be instantiated if the object ieee8021XPaePortAuthenticatorEnable in
        the corresponding entry of the ieee8021XPaePortTable is 'true'.

        For the writeable objects in this table, the configured value
        shall be stored in persistent memory and remain unchanged
        across a re-initialization of the management system of the
        entity."
    REFERENCE       "802.1X Clause 8, Figure 12-3"
    ::= { ieee8021XPaeAuthenticator 1 }

ieee8021XAuthenticatorEntry OBJECT-TYPE
    SYNTAX          Ieee8021XAuthenticatorEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry that contains the Authenticator configuration objects
        for the PAE."
    INDEX           { ieee8021XPaePortNumber } 
    ::= { ieee8021XAuthenticatorTable 1 }

Ieee8021XAuthenticatorEntry ::= SEQUENCE {
        ieee8021XAuthPaeAuthenticate  TruthValue,
        ieee8021XAuthPaeAuthenticated TruthValue,
        ieee8021XAuthPaeFailed        TruthValue,
        ieee8021XAuthPaeReAuthEnabled TruthValue,
        ieee8021XAuthPaeQuietPeriod   Unsigned32,
        ieee8021XAuthPaeReauthPeriod  Unsigned32,
        ieee8021XAuthPaeRetryMax      Unsigned32,
        ieee8021XAuthPaeRetryCount    Gauge32
}

ieee8021XAuthPaeAuthenticate OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object will be set 'true' by the PAE authenticator to
        request authentication, and if this object is 'true',
        reauthentication is allowed.

        This object will be 'false' while the PAE authenticator revokes
        authentication."
    REFERENCE       "IEEE 802.1X Clause 8, Figure 12-3" 
    ::= { ieee8021XAuthenticatorEntry 1 }

ieee8021XAuthPaeAuthenticated OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object will be set 'true' by PACP if the PAE authenticator
        currently authenticated, and 'false' if the authentication
        fails or is revoked."
    REFERENCE       "IEEE 802.1X Clause 8, Figure 12-3" 
    ::= { ieee8021XAuthenticatorEntry 2 }

ieee8021XAuthPaeFailed OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object will be set 'true' by PACP if the authentication
        has failed or has been terminated.  The cause could be a
        failure returned by EAP, either immediately or following a
        reauthentication, an excessive number of attempts to
        authenticate (either immediately or upon reauthentication), or
        the authenticator deasserting authenticate, the object
        authPaeAuthenticate in the same row is 'false'.  The PACP
        will set the object authPaeAuthenticated false as well as
        setting the object 'true'."
    REFERENCE       "IEEE 802.1X Clause 8, Figure 12-3" 
    ::= { ieee8021XAuthenticatorEntry 3 }

ieee8021XAuthPaeReAuthEnabled OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object is set 'true' if PACP should initiate
        reauthentication periodically, 'false' otherwise .  Reading
        this object always returns 'false'."
    REFERENCE       "IEEE 802.1X Clause 8.9, Figure 12-3" 
    ::= { ieee8021XAuthenticatorEntry 4 }

ieee8021XAuthPaeQuietPeriod OBJECT-TYPE
    SYNTAX          Unsigned32 (0..65535)
    UNITS           "seconds"
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object indicates a waiting period after a failed
        authentication attempt, before another attempt is permitted."
    REFERENCE       "IEEE 802.1X Clause 8.6, Figure 12-3"
    DEFVAL          { 60 } 
    ::= { ieee8021XAuthenticatorEntry 5 }

ieee8021XAuthPaeReauthPeriod OBJECT-TYPE
    SYNTAX          Unsigned32 (0..65535)
    UNITS           "seconds"
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object indicates the time period of the reauthentication
        to the supplicant."
    REFERENCE       "IEEE 802.1X Clause 8.6, Figure 12-3"
    DEFVAL          { 3600 } 
    ::= { ieee8021XAuthenticatorEntry 6 }

ieee8021XAuthPaeRetryMax OBJECT-TYPE
    SYNTAX          Unsigned32
    UNITS           "times"
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "The maximum number of authentication attempts before failure is
        reported to the Logon Process, and the authPaeQuietPeriod 
        timer imposed before further attempts are permitted."
    REFERENCE       "IEEE 802.1X Clause 8.9, Figure 12-3"
    DEFVAL          { 2 } 
    ::= { ieee8021XAuthenticatorEntry 7 }

ieee8021XAuthPaeRetryCount OBJECT-TYPE
    SYNTAX          Gauge32
    UNITS           "times"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The count of the number of authentication attempts."
    REFERENCE       "IEEE 802.1X Clause 8.9" 
    ::= { ieee8021XAuthenticatorEntry 8 }
 

-- ------------------------------------------------------------------ --
-- The 802.1X PAE Supplicant Group
-- ------------------------------------------------------------------ --
--   
-- ------------------------------------------------------------------ --
-- The 802.1X PAE Supplicant Table
-- ------------------------------------------------------------------ --

ieee8021XSupplicantTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF Ieee8021XSupplicantEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A table that contains the configuration objects for the
        Supplicant PAE associated with each port.

        For the writeable objects in this table, the configured value
        shall be stored in persistent memory and remain unchanged
        across a re-initialization of the management system of the
        entity."
    REFERENCE       "802.1X Clause 8, Figure 8-6, Figure 12-3"
    ::= { ieee8021XPaeSupplicant 1 }

ieee8021XSupplicantEntry OBJECT-TYPE
    SYNTAX          Ieee8021XSupplicantEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "The configuration information for an Supplicant PAE."
    INDEX           { ieee8021XPaePortNumber } 
    ::= { ieee8021XSupplicantTable 1 }

Ieee8021XSupplicantEntry ::= SEQUENCE {
        ieee8021XSuppPaeAuthenticate  TruthValue,
        ieee8021XSuppPaeAuthenticated TruthValue,
        ieee8021XSuppPaeFailed        TruthValue,
        ieee8021XSuppPaeHelloPeriod   Unsigned32,
        ieee8021XSuppPaeRetryMax      Unsigned32,
        ieee8021XSuppPaeRetryCount    Gauge32
}

ieee8021XSuppPaeAuthenticate OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object will be set 'true' by the PAE supplicant to request
        authentication, and if this object is 'true', reauthentication
        is allowed.

        This object will be 'false' while the PAE supplicant revokes
        authentication."
    REFERENCE       "IEEE 802.1X Clause 8.4, Figure 8-6, Figure 12-3" 
    ::= { ieee8021XSupplicantEntry 1 }

ieee8021XSuppPaeAuthenticated OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object will be set 'true' by PACP if the PAE supplicant
        currently authenticated, and 'false' if the authentication
        fails or is revoked."
    REFERENCE       "IEEE 802.1X Clause 8.4, Figure 8-6, Figure 12-3" 
    ::= { ieee8021XSupplicantEntry 2 }

ieee8021XSuppPaeFailed OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object will be set 'true' by PACP if the authentication
        has failed or has been terminated.  The cause could be a
        failure returned by EAP, either immediately or following a
        reauthentication, an excessive number of attempts to
        authenticate (either immediately or upon reauthentication), or
        the supplicant deasserting authenticate, the object
        ieee8021XSuppPaeAuthenticate in the same row is 'false'.  The PACP
        will set the object ieee8021XSuppPaeAuthenticated false as well as
        setting the object 'true'."
    REFERENCE       "IEEE 802.1X Clause 8.4, Figure 8-6, Figure 12-3" 
    ::= { ieee8021XSupplicantEntry 3 }

ieee8021XSuppPaeHelloPeriod OBJECT-TYPE
    SYNTAX          Unsigned32 (0..65535)
    UNITS           "seconds"
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object indicated a waiting time period after a failed
        authentication attempt, before another attempt is permitted."
    REFERENCE       "IEEE 802.1X Clause 8.6, Figure 8-6, Figure 12-3"
    DEFVAL          { 60 } 
    ::= { ieee8021XSupplicantEntry 4 }

ieee8021XSuppPaeRetryMax OBJECT-TYPE
    SYNTAX          Unsigned32
    UNITS           "times"
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "The maximum number of authentication attempts before failure is
        reported to the Logon Process, and the ieee8021XSuppPaeHelloPeriod
        timer imposed before further attempts are permitted."
    REFERENCE       "IEEE 802.1X Clause 8.7, Figure 8-6, Figure 12-3"
    DEFVAL          { 2 } 
    ::= { ieee8021XSupplicantEntry 5 }

ieee8021XSuppPaeRetryCount OBJECT-TYPE
    SYNTAX          Gauge32
    UNITS           "times"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The count of the number of authentication attempts."
    REFERENCE       "IEEE 802.1X Clause 8.7, Figure 8-6, Figure 12-3" 
    ::= { ieee8021XSupplicantEntry 6 }
 

-- ------------------------------------------------------------------ --
-- The 802.1X PAE EAPOL Statistics Table
-- ------------------------------------------------------------------ --

ieee8021XEapolStatsTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF Ieee8021XEapolStatsEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A table in system level contains the EAPOL statistics and
        diagnostics information supported by PAE."
    REFERENCE       "802.1X Clause 12.8, Figure 12-3"
    ::= { ieee8021XPaeEapol 1 }

ieee8021XEapolStatsEntry OBJECT-TYPE
    SYNTAX          Ieee8021XEapolStatsEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry contains the EAPOL statistics and diagnostics
        information for a PAE."
    INDEX           { ieee8021XPaePortNumber } 
    ::= { ieee8021XEapolStatsTable 1 }

Ieee8021XEapolStatsEntry ::= SEQUENCE {
        ieee8021XEapolInvalidFramesRx         Counter32,
        ieee8021XEapolEapLengthErrorFramesRx  Counter32,
        ieee8021XEapolAnnouncementFramesRx    Counter32,
        ieee8021XEapolAnnouncementReqFramesRx Counter32,
        ieee8021XEapolPortUnavailableFramesRx Counter32,
        ieee8021XEapolStartFramesRx           Counter32,
        ieee8021XEapolEapFramesRx             Counter32,
        ieee8021XEapolLogoffFramesRx          Counter32,
        ieee8021XEapolMkNoCknFramesRx         Counter32,
        ieee8021XEapolMkInvalidFramesRx       Counter32,
        ieee8021XEapolLastRxFrameVersion      Unsigned32,
        ieee8021XEapolLastRxFrameSource       MacAddress,
        ieee8021XEapolSuppEapFramesTx         Counter32,
        ieee8021XEapolLogoffFramesTx          Counter32,
        ieee8021XEapolAnnouncementFramesTx    Counter32,
        ieee8021XEapolAnnouncementReqFramesTx Counter32,
        ieee8021XEapolStartFramesTx           Counter32,
        ieee8021XEapolAuthEapFramesTx         Counter32,
        ieee8021XEapolMkaFramesTx             Counter32
}

ieee8021XEapolInvalidFramesRx OBJECT-TYPE
    SYNTAX          Counter32
    UNITS           "Packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of invalid EAPOL frames of any type that have been
        received by this PAE."
    REFERENCE       "802.1X Clause 12.8.1, Figure 12-3" 
    ::= { ieee8021XEapolStatsEntry 1 }

ieee8021XEapolEapLengthErrorFramesRx OBJECT-TYPE
    SYNTAX          Counter32
    UNITS           "Packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of EAPOL frames that the Packet Body Length does not
        match a Packet Body that is contained within the octets of the
        received EAPOL MPDU in this PAE."
    REFERENCE       "802.1X Clause 12.8.1, Figure 12-3" 
    ::= { ieee8021XEapolStatsEntry 2 }

ieee8021XEapolAnnouncementFramesRx OBJECT-TYPE
    SYNTAX          Counter32
    UNITS           "Packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of EAPOL-Announcement frames that have been received
        by this PAE."
    REFERENCE       "802.1X Clause 12.8.1, Figure 12-3" 
    ::= { ieee8021XEapolStatsEntry 3 }

ieee8021XEapolAnnouncementReqFramesRx OBJECT-TYPE
    SYNTAX          Counter32
    UNITS           "Packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of EAPOL-Announcement-Req frames that have been
        received by this PAE."
    REFERENCE       "802.1X Clause 12.8.1, Figure 12-3" 
    ::= { ieee8021XEapolStatsEntry 4 }

ieee8021XEapolPortUnavailableFramesRx OBJECT-TYPE
    SYNTAX          Counter32
    UNITS           "Packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of EAPOL frames that are discarded because their
        processing would require the creation of a virtual port, for
        which there are inadequate or constrained resources, or an
        existing virtual port and no such port currently exists.  If
        virtual port is not supported, this object should be always 0."
    REFERENCE       "802.1X Clause 12.8.1, Figure 12-3" 
    ::= { ieee8021XEapolStatsEntry 5 }

ieee8021XEapolStartFramesRx OBJECT-TYPE
    SYNTAX          Counter32
    UNITS           "Packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of EAPOL-Start frames that have been received by
        this PAE."
    REFERENCE       "802.1X Clause 12.8.1, Figure 12-3" 
    ::= { ieee8021XEapolStatsEntry 6 }

ieee8021XEapolEapFramesRx OBJECT-TYPE
    SYNTAX          Counter32
    UNITS           "Packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of EAPOL-EAP frames that have been received by
        this PAE."
    REFERENCE       "802.1X Clause 12.8.1, Figure 12-3" 
    ::= { ieee8021XEapolStatsEntry 7 }

ieee8021XEapolLogoffFramesRx OBJECT-TYPE
    SYNTAX          Counter32
    UNITS           "Packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of EAPOL-Logoff frames that have been received by
        this PAE."
    REFERENCE       "802.1X Clause 12.8.1, Figure 12-3" 
    ::= { ieee8021XEapolStatsEntry 8 }

ieee8021XEapolMkNoCknFramesRx OBJECT-TYPE
    SYNTAX          Counter32
    UNITS           "Packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of MKPDUs received with MKA not enabled or CKN not
        recognized in this PAE."
    REFERENCE       "802.1X Clause 12.8.1, Figure 12-3" 
    ::= { ieee8021XEapolStatsEntry 9 }

ieee8021XEapolMkInvalidFramesRx OBJECT-TYPE
    SYNTAX          Counter32
    UNITS           "Packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of MKPDUs failing in message authentication on
        receipt process in this PAE."
    REFERENCE       "802.1X Clause 12.8.1, Figure 12-3" 
    ::= { ieee8021XEapolStatsEntry 10 }

ieee8021XEapolLastRxFrameVersion OBJECT-TYPE
    SYNTAX          Unsigned32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The version of last received EAPOL frame by this PAE."
    REFERENCE       "802.1X Clause 12.8.2, Figure 12-3" 
    ::= { ieee8021XEapolStatsEntry 11 }

ieee8021XEapolLastRxFrameSource OBJECT-TYPE
    SYNTAX          MacAddress
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The source MAC address of last received EAPOL frame by this
        PAE."
    REFERENCE       "802.1X Clause 12.8.2, Figure 12-3" 
    ::= { ieee8021XEapolStatsEntry 12 }

ieee8021XEapolSuppEapFramesTx OBJECT-TYPE
    SYNTAX          Counter32
    UNITS           "Packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of EAPOL-EAP frames that have been transmitted by
        the supplicant of this PAE."
    REFERENCE       "802.1X Clause 12.8.3, Figure 12-3" 
    ::= { ieee8021XEapolStatsEntry 13 }

ieee8021XEapolLogoffFramesTx OBJECT-TYPE
    SYNTAX          Counter32
    UNITS           "Packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of EAPOL-Logoff frames that have been transmitted by
        this PAE."
    REFERENCE       "802.1X Clause 12.8.3, Figure 12-3" 
    ::= { ieee8021XEapolStatsEntry 14 }

ieee8021XEapolAnnouncementFramesTx OBJECT-TYPE
    SYNTAX          Counter32
    UNITS           "Packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of EAPOL-Announcement frames that have been
        transmitted by this PAE."
    REFERENCE       "802.1X Clause 12.8.3, Figure 12-3" 
    ::= { ieee8021XEapolStatsEntry 15 }

ieee8021XEapolAnnouncementReqFramesTx OBJECT-TYPE
    SYNTAX          Counter32
    UNITS           "Packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of EAPOL-Announcement-Req frames that have been
        transmitted by this PAE."
    REFERENCE       "802.1X Clause 12.8.3, Figure 12-3" 
    ::= { ieee8021XEapolStatsEntry 16 }

ieee8021XEapolStartFramesTx OBJECT-TYPE
    SYNTAX          Counter32
    UNITS           "Packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of EAPOL-Start frames that have been received by
        this PAE."
    REFERENCE       "802.1X Clause 12.8.3, Figure 12-3" 
    ::= { ieee8021XEapolStatsEntry 17 }

ieee8021XEapolAuthEapFramesTx OBJECT-TYPE
    SYNTAX          Counter32
    UNITS           "Packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of EAPOL-EAP frames that have been transmitted by
        the authenticator of this PAE."
    REFERENCE       "802.1X Clause 12.8.3, Figure 12-3" 
    ::= { ieee8021XEapolStatsEntry 18 }

ieee8021XEapolMkaFramesTx OBJECT-TYPE
    SYNTAX          Counter32
    UNITS           "Packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The number of EAPOL-MKA frames with no CKN information that
        have been transmitted by this PAE."
    REFERENCE       "802.1X Clause 12.8.3, Figure 12-3" 
    ::= { ieee8021XEapolStatsEntry 19 }
 

-- ------------------------------------------------------------------ --
-- The 802.1X PAE KaY Group
-- ------------------------------------------------------------------ --
--   
-- ------------------------------------------------------------------ --
-- The 802.1X PAE KaY Table
-- ------------------------------------------------------------------ --

ieee8021XKayMkaTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF Ieee8021XKayMkaEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A table of system level information for each interface
        supported by the KaY (Key Agreement Entity).  This table will
        be instantiated if the object ieee8021XPaePortKayMkaEnable in
        the corresponding entry of the ieee8021XPaePortTable is 'true'.

        The following terms are used to identify roles within the MKA
        protocol or protocol scenarios and the MIB description :

        participant : An instance of MKA, transmitting and receiving
            frames protected by keys derived from a single CAK, and
            operating with positive intent, obeying the protocol.

        member: A participant that possesses the CAK that can be used
            to prove liveness and to obtain membership in the CA under
            discussion.

        actor: The participant under discussion, usually in the KaY
            being described.

        partners: Participants or members attached to the same LAN as
            the actor, excluding the actor.

        principal actor: The actor controlling the PAC or SecY
            associated with the KaY.

        Each participant selects the live participant advertising the
        highest priority as its key server provided that participant
        has not selected another as its key server or is unwilling to
        act as the key server.  If a key server cannot be selected SAKs
        are not distributed.  In the event of a tie for highest
        priority key server, the member with the highest priority SCI
        is chosen.  For consistency with other uses of the SCI's MAC
        Address component as a priority, numerically lower values of
        the key server priority and SCI are accorded the highest
        priority.

        For the writeable objects in this table, the configured value
        shall be stored in persistent memory and remain unchanged
        across a re-initialization of the management system of the
        entity."
    REFERENCE       "IEEE 802.1X Clause 9.16, Figure 12-3"
    ::= { ieee8021XPaeKaY 1 }

ieee8021XKayMkaEntry OBJECT-TYPE
    SYNTAX          Ieee8021XKayMkaEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry containing KaY MKA management information applicable
        to a particular interface."
    INDEX           { ieee8021XPaePortNumber } 
    ::= { ieee8021XKayMkaTable 1 }

Ieee8021XKayMkaEntry ::= SEQUENCE {
        ieee8021XKayMkaActive
            TruthValue,
        ieee8021XKayMkaAuthenticated
            TruthValue,
        ieee8021XKayMkaSecured
            TruthValue,
        ieee8021XKayMkaFailed
            TruthValue,
        ieee8021XKayMkaActorSCI
            SecySCI,
        ieee8021XKayMkaActorsPriority
            Ieee8021XMkaKeyServerPriority,
        ieee8021XKayMkaKeyServerPriority
            Ieee8021XMkaKeyServerPriority,
        ieee8021XKayMkaKeyServerSCI
            SecySCI,
        ieee8021XKayAllowedJoinGroup
            TruthValue,
        ieee8021XKayAllowedFormGroup
            TruthValue,
        ieee8021XKayCreateNewGroup
            TruthValue,
        ieee8021XKayMacSecCapability
            INTEGER,
        ieee8021XKayMacSecDesired
            TruthValue,
        ieee8021XKayMacSecProtect
            TruthValue,
        ieee8021XKayMacSecReplayProtect
            TruthValue,
        ieee8021XKayMacSecValidate
            TruthValue,
        ieee8021XKayMacSecConfidentialityOffset
            Integer32,
        ieee8021XKayMkaTxKN
            Ieee8021XMkaKN,
        ieee8021XKayMkaTxAN
            RowPointer,
        ieee8021XKayMkaRxKN
            Ieee8021XMkaKN,
        ieee8021XKayMkaRxAN
            RowPointer,
        ieee8021XKayMkaSuspendFor
            INTEGER,
        ieee8021XKayMkaSuspendOnRequest
            TruthValue,
        ieee8021XKayMkaSuspendedWhile
            INTEGER
}

ieee8021XKayMkaActive OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object will be 'true' if there is at least one MKA active
        actor, transmitting MKPDUs"
    REFERENCE       "IEEE 802.1X Clause 9.16, Figure 12-3" 
    ::= { ieee8021XKayMkaEntry 1 }

ieee8021XKayMkaAuthenticated OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object will be 'true' if the principal actor,
        i.e. the actor controlling the PAC or SecY associated with
        the KaY, has determined that Controlled Port communication
        communication should proceed without MACsec."
    REFERENCE       "IEEE 802.1X Clause 9.16, Figure 12-3" 
    ::= { ieee8021XKayMkaEntry 2 }

ieee8021XKayMkaSecured OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object will be 'true' if the principal actor has
        determined that communication should use MACsec."
    REFERENCE       "IEEE 802.1X Clause 9.16, Figure 12-3" 
    ::= { ieee8021XKayMkaEntry 3 }

ieee8021XKayMkaFailed OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object will be 'true' if the object
        ieee8021XKayMkaSecured in
        the same row is 'false' and MKA Life Time has elapsed since an
        MKA participant was last created."
    REFERENCE       "IEEE 802.1X Clause 9.16, Table 9-3, Figure 12-3" 
    ::= { ieee8021XKayMkaEntry 4 }

ieee8021XKayMkaActorSCI OBJECT-TYPE
    SYNTAX          SecySCI
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The SCI assigned by the system to the port, applies to all the
        port's MKA actors."
    REFERENCE
        "IEEE 802.1X Clause 9.16, Figure 12-3
         IEEE 802.1AE Clause 7.1.2, 10.7.1" 
    ::= { ieee8021XKayMkaEntry 5 }

ieee8021XKayMkaActorsPriority OBJECT-TYPE
    SYNTAX          Ieee8021XMkaKeyServerPriority
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "The Key Server priority for all the port's MKA actors.  Each
        participant encodes a key server priority, an 8-bit integer, in
        each MKPDU."
    REFERENCE       "IEEE 802.1X Clause 9.16, Table 9-2, Figure 12-3" 
    ::= { ieee8021XKayMkaEntry 6 }

ieee8021XKayMkaKeyServerPriority OBJECT-TYPE
    SYNTAX          Ieee8021XMkaKeyServerPriority
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The priority of the elected Key Server through MKA in the CA."
    REFERENCE       "IEEE 802.1X Clause 9.16, Table 9-2, Figure 12-3" 
    ::= { ieee8021XKayMkaEntry 7 }

ieee8021XKayMkaKeyServerSCI OBJECT-TYPE
    SYNTAX          SecySCI
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The SCI for key server for the MKA principal actor.  The length
        of this object is 0 if there is no principal actor, or that
        actor has no live peers.  This object matches the
        ieee8021XKayMkaActorSCI object in the same row if the actor is
        the key server."
    REFERENCE
        "IEEE 802.1X Clause 9.16, Figure 12-3
         IEEE 802.1AE Clause 7.1.2, 10.7.1" 
    ::= { ieee8021XKayMkaEntry 8 }

ieee8021XKayAllowedJoinGroup OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object will be 'true' if the KaY will accept Group CAKs
        distributed by MKA protocol."
    REFERENCE       "IEEE 802.1X Clause 9.16, Figure 12-3" 
    ::= { ieee8021XKayMkaEntry 9 }

ieee8021XKayAllowedFormGroup OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object will be 'true' if the KaY will attempt to use
        point-to-point CAKs to distribute a group CAK, if it is the
        Key Server for the MKA instances for all the point-to-point CAKs."
    REFERENCE       "IEEE 802.1X Clause 9.16, Figure 12-3" 
    ::= { ieee8021XKayMkaEntry 10 }

ieee8021XKayCreateNewGroup OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object is set 'true' if a new Group CAK is to be
        distributed if the KaY is the Key Server for the MKA instances
        for all the point-to-point CAKs.  This object will be set 'false'
        by the KaY when distribution is complete."
    REFERENCE       "IEEE 802.1X Clause 9.16, Figure 12-3" 
    ::= { ieee8021XKayMkaEntry 11 }

ieee8021XKayMacSecCapability OBJECT-TYPE
    SYNTAX          INTEGER {
                        noMACsec(0),
                        macSecCapability1(1),
                        macSecCapability2(2),
                        macSecCapability3(3)
                    }
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates whether MACsec is implemented, and if so
        whether the implementation provides integrity protection only,
        integrity and integrity with confidentiality, or integrity and
        integrity with confidentiality with a selectable confidentiality offset
        of 0, 30, or 50 octets (see IEEE Std 802.1AE).

        'noMACsec' : the MACsec is not implemented.

        'macSecCapability1' :  capable in 'integrity protection without
             confidentiality'.

        'macSecCapability2' :  capable in 'integrity protection without
             confidentiality' and integrity protection and confidentiali
              with a confidentiality offset 0',.

        'macSecCapability3' :  capable in 'integrity protection without
             confidentiality' and integrity protection and confidentiali
              with a confidentiality offset 0, 30 or 50'."
    REFERENCE
        "IEEE 802.1X Clause 9.6.1, Clause 9.16, Figure 12-3, Table 11-6"
    ::= { ieee8021XKayMkaEntry 12 }

ieee8021XKayMacSecDesired OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object will be set 'true' if the MKA participants desire
        the use of MACsec to protect frames with this KaY."
    REFERENCE
        "IEEE 802.1X Clause 9.6.1, Clause 9.16, Figure 12-3" 
    ::= { ieee8021XKayMkaEntry 13 }

ieee8021XKayMacSecProtect OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The status of the MACsec protection function for this KaY.

        'true' : then the status of the MACsec protection function will
            be as object secyIfProtectFramesEnable object configured
            in the IEEE8021-SECY-MIB.
        'false' : then the MACsec protection function is disabled by
            this KaY."
    REFERENCE
        "IEEE 802.1X Clause 9.6.1, Clause 9.16, Figure 12-2,
         Figure 12-3, IEEE 802.1AE IEEE8021-SECY-MIB" 
    ::= { ieee8021XKayMkaEntry 14 }

ieee8021XKayMacSecReplayProtect OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The status of the MACsec replay protection function for this
        KaY.

        'true' : then the status of the MACsec replay protection
            function will be as secyIfReplayProtectEnable object
            configured in the IEEE8021-SECY-MIB.
        'false' : then the MACsec replay protection function is
            disabled by this KaY."
    REFERENCE
        "IEEE 802.1X Clause 9.6.1, Clause 9.16, Figure 12-2,
         Figure 12-3" 
    ::= { ieee8021XKayMkaEntry 15 }

ieee8021XKayMacSecValidate OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The status of the MACsec validation function for this KaY.

        'true' : then the status of the MACsec validation function
            will be as secyIfValidateFrames object configured in the
            IEEE8021-SECY-MIB.
        'false' : then the MACsec validation function is enabled but
            only for checking without filtering out invalid frames by
            the SecY."
    REFERENCE
        "IEEE 802.1X Clause 9.6.1, Clause 9.16, Figure 12-2,
         Figure 12-3" 
    ::= { ieee8021XKayMkaEntry 16 }

ieee8021XKayMacSecConfidentialityOffset OBJECT-TYPE
    SYNTAX          Integer32 (0 | 30 | 50)
    UNITS           "bytes"
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "The confidentiality protection offset options for the selected
        cipher suite in the MACsec.  If the cipher suite does not have
        this capability, the configured value of the object will not
        apply to the cipher suite."
    REFERENCE
        "IEEE 802.1X Clause 9.7.1, Clause 9.16, Figure 12-3" 
    ::= { ieee8021XKayMkaEntry 17 }

ieee8021XKayMkaTxKN OBJECT-TYPE
    SYNTAX          Ieee8021XMkaKN
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The key number assigned by the key server to the SAK currently
        being used for transmission.  This object will be 0 if MACsec
        is not being used or the key number is not available yet."
    REFERENCE       "IEEE 802.1X Clause 9.8, Clause 9.16, Figure 12-3" 
    ::= { ieee8021XKayMkaEntry 18 }

ieee8021XKayMkaTxAN OBJECT-TYPE
    SYNTAX          RowPointer
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The AN assigned by the key server for use with the key number
        for transmission.

        This row pointer will point to an entry in the secyTxSATable
        which the secyTxSCEncodingSA object also points to in the
        IEEE8021-SECY-MIB.

        If MACsec is not in use or the AN is not identified yet, the
        value of this object shall be set to the OBJECT IDENTIFIER
        { 0 0 }."
    REFERENCE
        "IEEE 802.1X Clause 9.9, Clause 9.16, Figure 12-3,
         IEEE8021-SECY-MIB" 
    ::= { ieee8021XKayMkaEntry 19 }

ieee8021XKayMkaRxKN OBJECT-TYPE
    SYNTAX          Ieee8021XMkaKN
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The key number assigned by the key server to the oldest SAK
        currently being used for reception.  It is the same as the key
        number for transmission if a single SAK is currently in use.
        This object will be 0 if MACsec is not being used or the key
        number is not available yet."
    REFERENCE       "IEEE 802.1X Clause 9.8, Clause 9.16, Figure 12-3" 
    ::= { ieee8021XKayMkaEntry 20 }

ieee8021XKayMkaRxAN OBJECT-TYPE
    SYNTAX          RowPointer
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The AN assigned by the key server for use with the key number
        for reception.  It is the same as AN for transmission if a
        single SAK is currently in use.

        This row pointer will point to an entry in the secyRxSATable
        which the secyRxSCCurrentSA object also points to in the
        IEEE8021-SECY-MIB.

        If MACsec is not in use or the AN is not identified yet, the
        value of this object shall be set to the OBJECT IDENTIFIER
        { 0 0 }."
    REFERENCE
        "IEEE 802.1X Clause 9.6.1, Clause 9.16, Figure 12-3,
         IEEE8021-SECY-MIB" 
    ::= { ieee8021XKayMkaEntry 21 }

ieee8021XKayMkaSuspendFor OBJECT-TYPE
    SYNTAX INTEGER (1..120)
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION
        "Set by management to a non-zero number of seconds between 1
        and MKA Suspension Limit to initiate a suspension (9.18) of
        that duration (if the KaY's principal actor is the Key
        Server) or to request a suspension (otherwise)"
    REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3"
    ::= { ieee8021XKayMkaEntry 22 }

ieee8021XKayMkaSuspendOnRequest OBJECT-TYPE
    SYNTAX TruthValue
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION
        "The status of the suspendOnRequest function for this KaY.
        'true' : then the KaY's principal actor will initiate a
        suspension if it is the Key Server and another participant
        has requested a suspension by transmitting a non-zero value
        of its suspendFor parameter
        'false' : then the KaY will not initiate a suspension on
        request from another participant."
    REFERENCE "IEEE 802.1X Clause 9.16, Figure 12-3"
    ::= { ieee8021XKayMkaEntry 23 }

ieee8021XKayMkaSuspendedWhile OBJECT-TYPE
    SYNTAX INTEGER (1..126)
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION
        "Read by management to determine if a suspension is in
        progress and to discover the remaining duration of that
        suspension. May be set directly to coordinate in-service
        upgrades."
    REFERENCE "IEEE 802.1X Clause 5.11.4, Clause 9.16, Clause 9.18.5,
               Clause 9.18.6, Figure 12-3"
    ::= { ieee8021XKayMkaEntry 24 }

-- ------------------------------------------------------------------ --
-- The 802.1X PAE KaY MKA Participants Table
-- ------------------------------------------------------------------ --

ieee8021XKayMkaParticipantTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF Ieee8021XKayMkaParticipantEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A table for each MKA participant supported by the KaY MKA
        entity.

        For the writeable objects in this table, the configured value
        shall be stored in persistent memory and remain unchanged
        across a re-initialization of the management system of the
        entity."
    REFERENCE       "IEEE 802.1X Clause 9.14, Clause 9.16, Figure 12-3"
    ::= { ieee8021XPaeKaY 2 }

ieee8021XKayMkaParticipantEntry OBJECT-TYPE
    SYNTAX          Ieee8021XKayMkaParticipantEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry containing KaY MKA management information applicable
        to a MKA participant."
    INDEX           { ieee8021XPaePortNumber, ieee8021XKayMkaPartCKN } 
    ::= { ieee8021XKayMkaParticipantTable 1 }

Ieee8021XKayMkaParticipantEntry ::= SEQUENCE {
        ieee8021XKayMkaPartCKN             Ieee8021XPaeCKN,
        ieee8021XKayMkaPartKMD             Ieee8021XPaeKMD,
        ieee8021XKayMkaPartNID             Ieee8021XPaeNID,
        ieee8021XKayMkaPartCached          TruthValue,
        ieee8021XKayMkaPartActive          TruthValue,
        ieee8021XKayMkaPartRetain          TruthValue,
        ieee8021XKayMkaPartActivateControl INTEGER,
        ieee8021XKayMkaPartPrincipal       TruthValue,
        ieee8021XKayMkaPartDistCKN         Ieee8021XPaeCKNOrNull,
        ieee8021XKayMkaPartRowStatus       RowStatus
}

ieee8021XKayMkaPartCKN OBJECT-TYPE
    SYNTAX          Ieee8021XPaeCKN
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "The CKN information for this MKA participant."
    REFERENCE       "IEEE 802.1X Clause 9.16, Figure 12-3" 
    ::= { ieee8021XKayMkaParticipantEntry 1 }

ieee8021XKayMkaPartKMD OBJECT-TYPE
    SYNTAX          Ieee8021XPaeKMD
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The KMD information for this MKA participant."
    REFERENCE       "IEEE 802.1X Clause 9.16, Clause 12.6, Figure 12-3" 
    ::= { ieee8021XKayMkaParticipantEntry 2 }

ieee8021XKayMkaPartNID OBJECT-TYPE
    SYNTAX          Ieee8021XPaeNID
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The NID information for this MKA participant."
    REFERENCE       "IEEE 802.1X Clause 9.16, Clause 12.6, Figure 12-3" 
    ::= { ieee8021XKayMkaParticipantEntry 3 }

ieee8021XKayMkaPartCached OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "This object is set 'true' by the KaY if the participant's
        parameters are cached.  If this object is 'true', this object
        can be set 'false' cleared by management to remove the
        participant's parameters from the cache."
    REFERENCE       "IEEE 802.1X Clause 9.16, Figure 12-3" 
    ::= { ieee8021XKayMkaParticipantEntry 4 }

ieee8021XKayMkaPartActive OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object is set 'true' if the participant is active, i.e. is
        currently transmitting periodic MKPDUs."
    REFERENCE       "IEEE 802.1X Clause 9.16, Figure 12-3" 
    DEFVAL { false }
    ::= { ieee8021XKayMkaParticipantEntry 5 }

ieee8021XKayMkaPartRetain OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "This object is set 'true' to retain the participant in the
        cache, even if the KaY would normally remove it (due to lack
        of use for example)"
    REFERENCE       "IEEE 802.1X Clause 9.16, Figure 12-3" 
    ::= { ieee8021XKayMkaParticipantEntry 6 }

ieee8021XKayMkaPartActivateControl OBJECT-TYPE
    SYNTAX          INTEGER  {
                        default(1),
                        disabled(2),
                        onOperUp(3),
                        always(4)
                    }
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "This object is for controlling the participant's behavior when
        the participant is activated.
        
        'default' : the participant is from cached entries created by
            the KaY as part of normal operation, without explicit
            management, and is activated according to the
            implementation dependent policies of the KaY.

        'disabled' : the participant allows the cache information to
            be retained, but disabled for indefinite period.

        'onOperUp' : causing the participant to be activated when the
            PAE's 'Uncontrolled Port' becomes operational and when the
            PAE resumes following suspension.

        'always' : causing the participant to remain active all the
            time, even in the continued absence of partners.

        If the object changed to disabled(1) or onOperUp(3), the
        participant ceases operation immediately and receipt of MKPDUs
        with a matching CKN during a subsequent period of twice MKA
        lifetime will not cause the participant to become active once
        more."
    REFERENCE       "IEEE 802.1X Clause 9.14, Clause 9.16, Figure 12-3"
    ::= { ieee8021XKayMkaParticipantEntry 7 }

ieee8021XKayMkaPartPrincipal OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object is set 'true' if the participant is currently the
        principal actor."
    REFERENCE       "IEEE 802.1X Clause 9.16, Figure 12-3" 
    DEFVAL { false }
    ::= { ieee8021XKayMkaParticipantEntry 8 }

ieee8021XKayMkaPartDistCKN OBJECT-TYPE
    SYNTAX          Ieee8021XPaeCKNOrNull
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The CKN for the last CAK distributed either by the actor or one
        of its partners.  Empty string for this object will be provided if
        this participant has not been used to distribute a CAK or the
        participant is not active, i.e. the object
        ieee8021XKayMkaPartActive in the same row is 'false'."
    REFERENCE       "IEEE 802.1X Clause 9.16, Figure 12-3" 
    DEFVAL { "" }
    ::= { ieee8021XKayMkaParticipantEntry 9 }
 
ieee8021XKayMkaPartRowStatus OBJECT-TYPE
    SYNTAX          RowStatus
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The object to create the parameters for the supported
        participant information in the system.

        If the participant information is from downloaded policies,
        this object is 'active'."
    REFERENCE       "IEEE 802.1X Clause 9.16, Figure 12-3"
    ::= { ieee8021XKayMkaParticipantEntry 10 }

-- ------------------------------------------------------------------ --
-- The 802.1X PAE MKA Peer List Table
-- ------------------------------------------------------------------ --

ieee8021XKayMkaPeerListTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF Ieee8021XKayMkaPeerListEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A table containing the lists of Live Peers and Potential Peers,
        for all MKA instances for which the KaY is active."
    REFERENCE       "IEEE 802.1X Clause 9.16, Figure 12-3"
    ::= { ieee8021XPaeKaY 3 }

ieee8021XKayMkaPeerListEntry OBJECT-TYPE
    SYNTAX          Ieee8021XKayMkaPeerListEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A table entry for one of the peers for one of the MKA
        instances for which this KaY is an active participant."
    INDEX           { ieee8021XPaePortNumber, ieee8021XKayMkaPartCKN,
                      ieee8021XKayMkaPeerListMI } 
    ::= { ieee8021XKayMkaPeerListTable 1 }

Ieee8021XKayMkaPeerListEntry ::= SEQUENCE {
        ieee8021XKayMkaPeerListMI   Ieee8021XMkaMI,
        ieee8021XKayMkaPeerListMN   Ieee8021XMkaMN,
        ieee8021XKayMkaPeerListType INTEGER,
        ieee8021XKayMkaPeerListSCI  SecySCI
}

ieee8021XKayMkaPeerListMI OBJECT-TYPE
    SYNTAX          Ieee8021XMkaMI
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "The peer entry's MI information in the peer list of this active
        participant in MKA protocol."
    REFERENCE       "IEEE 802.1X Clause 9.16, Figure 12-3" 
    ::= { ieee8021XKayMkaPeerListEntry 1 }

ieee8021XKayMkaPeerListMN OBJECT-TYPE
    SYNTAX          Ieee8021XMkaMN
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The peer entry's latest MN information in the peer list of this
        active participant in MKA protocol."
    REFERENCE       "IEEE 802.1X Clause 9.16, Figure 12-3" 
    ::= { ieee8021XKayMkaPeerListEntry 2 }

ieee8021XKayMkaPeerListType OBJECT-TYPE
    SYNTAX          INTEGER  {
                        livePeerList(1),
                        potentialPeerList(2)
                    }
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The peer entry's type in the peer list of this active
        participant in MKA protocol.

        'livePeerList' : the peer entry is in the Live Peer List.

        'potentialPeerList' : the peer entry is in the Potential
            Peer List."
    REFERENCE       "IEEE 802.1X Clause 9.16, Figure 12-3" 
    ::= { ieee8021XKayMkaPeerListEntry 3 }

ieee8021XKayMkaPeerListSCI OBJECT-TYPE
    SYNTAX          SecySCI
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The SCI information of the peer entry in the peer list of this
        active participant in MKA protocol."
    REFERENCE       "IEEE 802.1X Clause 9.16, Figure 12-3" 
    ::= { ieee8021XKayMkaPeerListEntry 4 }

-- ------------------------------------------------------------------ --
-- The 802.1X PAE NID Group
-- ------------------------------------------------------------------ --
--   
-- ------------------------------------------------------------------ --
-- The 802.1X PAE NID Configuration Table
-- ------------------------------------------------------------------ --

ieee8021XNidConfigTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF Ieee8021XNidConfigEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A table that contains the configuration objects for the network
        announcement information for the Logon Process.

        The detail operation of the Logon Process can vary depending on
        the port-based network access control applications, and on the
        capabilities supported by that implementation including, for
        example, network discovery and roaming.  This table specifies
        control variables that facilitate behaviors that are
        potentially useful in a range of applications.  Implementations
        may use and augment the variables specified, or may use
        variables specific to the implementation.

        For the writeable objects in this table, the configured value
        shall be stored in persistent memory and remain unchanged
        across a re-initialization of the management system of the
        entity."
    REFERENCE       "802.1X Clause 8, Figure 8-6, Figure 12-3"
    ::= { ieee8021XPaeNetworkIdentifier 1 }

ieee8021XNidConfigEntry OBJECT-TYPE
    SYNTAX          Ieee8021XNidConfigEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry contains network announcement parameters for a NID."
    INDEX           { IMPLIED ieee8021XNidNID } 
    ::= { ieee8021XNidConfigTable 1 }

Ieee8021XNidConfigEntry ::= SEQUENCE {
        ieee8021XNidNID                   Ieee8021XPaeNID,
        ieee8021XNidUseEap                INTEGER,
        ieee8021XNidUnauthAllowed         INTEGER,
        ieee8021XNidUnsecuredAllowed      INTEGER,
        ieee8021XNidUnauthenticatedAccess Ieee8021XPaeNIDUnauthenticatedStatus,
        ieee8021XNidAccessCapabilities    Ieee8021XPaeNIDCapabilites,
        ieee8021XNidKMD                   Ieee8021XPaeKMD,
        ieee8021XNidRowStatus             RowStatus
}

ieee8021XNidNID OBJECT-TYPE
    SYNTAX          Ieee8021XPaeNID
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "The network identifier to identify NID configuration in the
        PAE."
    REFERENCE       "802.1X Clause 12.5, Figure 12-3" 
    ::= { ieee8021XNidConfigEntry 1 }

ieee8021XNidUseEap OBJECT-TYPE
    SYNTAX          INTEGER  {
                        never(1),
                        immediate(2),
                        mkaFail(3)
                    }
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "Determines when the Logon Process will initiate EAP, if the
        Supplicant and or Authenticator are enabled, and takes one of
        the following values:

        'never' : Never.

        'immediate' : Immediately, concurrently with the use of MKA
            with any cached CAK(s).

        'mkaFail' : Not until MKA has failed, if a prior CAK has been
            cached."
    REFERENCE       "802.1X Clause 12.5, Figure 12-3" 
    ::= { ieee8021XNidConfigEntry 2 }

ieee8021XNidUnauthAllowed OBJECT-TYPE
    SYNTAX          INTEGER  {
                        never(1),
                        immediate(2),
                        authFail(3)
                    }
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "Determines when the Logon Process will tell the CP state
        machine to provide unauthenticated connectivity, and takes one
        of the following values:

        'never' : Never.

        'immediate' : Immediately, independently of any current or
            future attempts to authenticate using the PAE or MKA.

        'authFail' : Not until an attempt has been made to
            authenticate using EAP, unless neither the Supplicant nor
            the Authenticator is enabled, and MKA has attempted to use
            any cached CAK (unless the KaY is not enabled)."
    REFERENCE       "802.1X Clause 12.5, Figure 12-3" 
    ::= { ieee8021XNidConfigEntry 3 }

ieee8021XNidUnsecuredAllowed OBJECT-TYPE
    SYNTAX          INTEGER  {
                        never(1),
                        immediate(2),
                        mkaFail(3),
                        mkaServer(4)
                    }
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "Determines when the Logon Process will tell the CP state
        machine to provide authenticated but unsecured connectivity,
        takes one of the following values:

        'never' : Never.

        'immediate' : Immediately, to provide connectivity
            concurrently with the use of MKA with any CAK acquired
            through EAP.

        'mkaFail' : Not until MKA has failed, or is not enabled.

        'mkaServer' : Only if directed by the MKA server."
    REFERENCE       "802.1X Clause 12.5, Figure 12-3" 
    ::= { ieee8021XNidConfigEntry 4 }

ieee8021XNidUnauthenticatedAccess OBJECT-TYPE
    SYNTAX          Ieee8021XPaeNIDUnauthenticatedStatus
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The configured access capability of the port's clients without
        authentication in this NID."
    REFERENCE       "802.1X Clause 12.5, Clause 10.1, Figure 12-3" 
    ::= { ieee8021XNidConfigEntry 5 }

ieee8021XNidAccessCapabilities OBJECT-TYPE
    SYNTAX          Ieee8021XPaeNIDCapabilites
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The authentication and protection capabilities supported for
        the NID."
    REFERENCE       "802.1X Clause 12.5, Clause 10.1, Figure 12-3" 
    ::= { ieee8021XNidConfigEntry 6 }

ieee8021XNidKMD OBJECT-TYPE
    SYNTAX          Ieee8021XPaeKMD
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The configured KMD information for this NID."
    REFERENCE       "802.1X Clause 10.4, Figure 12-3" 
    ::= { ieee8021XNidConfigEntry 7 }

ieee8021XNidRowStatus OBJECT-TYPE
    SYNTAX          RowStatus
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The object to create the parameters for the supported Network
        Announcement information in the system.

        If the Network Announcement information of the entry is from
        downloaded policies, this object is 'active'."
    REFERENCE       "802.1X Clause 10.4, Figure 12-3" 
    ::= { ieee8021XNidConfigEntry 8 }
 

-- ------------------------------------------------------------------ --
-- The 802.1X PAE Announce Information Table
-- ------------------------------------------------------------------ --

ieee8021XAnnounceTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF Ieee8021XAnnounceEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A table contains the status information that the Announcers
        announce in the network announcement of the PAE system.

        This table will be instantiated if the object
        ieee8021XPaePortAnnouncerEnable in the corresponding entry of
        the ieee8021XPaePortTable is 'true'."
    REFERENCE       "802.1X Clause 8, Figure 8-6, Figure 12-3"
    ::= { ieee8021XPaeNetworkIdentifier 2 }

ieee8021XAnnounceEntry OBJECT-TYPE
    SYNTAX          Ieee8021XAnnounceEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry contains an Announcer's status information."
    INDEX           { ieee8021XPaePortNumber,
                      IMPLIED ieee8021XAnnounceNID } 
    ::= { ieee8021XAnnounceTable 1 }

Ieee8021XAnnounceEntry ::= SEQUENCE {
        ieee8021XAnnounceNID          Ieee8021XPaeNID,
        ieee8021XAnnounceAccessStatus Ieee8021XPaeNIDAccessStatus
}

ieee8021XAnnounceNID OBJECT-TYPE
    SYNTAX          Ieee8021XPaeNID
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "The NID information to identify a transmitting network
        announcement for the PAE."
    REFERENCE       "802.1X Clause 10.4, Clause 12.5, Figure 12-3" 
    ::= { ieee8021XAnnounceEntry 1 }

ieee8021XAnnounceAccessStatus OBJECT-TYPE
    SYNTAX          Ieee8021XPaeNIDAccessStatus
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The object information reflects connectivity as a result of
        authentication attempts of this NID for this Announcer."
    REFERENCE
        "802.1X Clause 10.4, Clause 10.1, Clause 12.5, Figure 12-3" 
    ::= { ieee8021XAnnounceEntry 2 }
 

-- ------------------------------------------------------------------ --
-- The 802.1X PAE Announcement Information Table
-- ------------------------------------------------------------------ --

ieee8021XAnnouncementTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF Ieee8021XAnnouncementEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A table contains the status information that the Listeners
        receive in the network announcement of the PAE system.

        This table will be instantiated if the object
        ieee8021XPaePortListenerEnable in the corresponding entry of the
        ieee8021XPaePortTable is 'true'."
    REFERENCE       "802.1X Clause 10.4, Figure 12-3"
    ::= { ieee8021XPaeNetworkIdentifier 3 }

ieee8021XAnnouncementEntry OBJECT-TYPE
    SYNTAX          Ieee8021XAnnouncementEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry contains a Listener's status information."
    INDEX           { ieee8021XPaePortNumber,
                      IMPLIED ieee8021XAnnouncementNID } 
    ::= { ieee8021XAnnouncementTable 1 }

Ieee8021XAnnouncementEntry ::= SEQUENCE {
        ieee8021XAnnouncementNID             Ieee8021XPaeNID,
        ieee8021XAnnouncementKMD             Ieee8021XPaeKMD,
        ieee8021XAnnouncementSpecific        TruthValue,
        ieee8021XAnnouncementAccessStatus    Ieee8021XPaeNIDAccessStatus,
        ieee8021XAnnouncementAccessRequested TruthValue,
        ieee8021XAnnouncementUnauthAccess    Ieee8021XPaeNIDUnauthenticatedStatus,
        ieee8021XAnnouncementCapabilities    Ieee8021XPaeNIDCapabilites
}

ieee8021XAnnouncementNID OBJECT-TYPE
    SYNTAX          Ieee8021XPaeNID
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "The NID information to identify a received network announcement
        for the PAE."
    REFERENCE       "802.1X Clause 10.4, Figure 12-3" 
    ::= { ieee8021XAnnouncementEntry 1 }

ieee8021XAnnouncementKMD OBJECT-TYPE
    SYNTAX          Ieee8021XPaeKMD
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The KMD information for this received network announcement of
        the PAE."
    REFERENCE       "802.1X Clause 10.4, Figure 12-3" 
    ::= { ieee8021XAnnouncementEntry 2 }

ieee8021XAnnouncementSpecific OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the received announcement information was
        specific to the receiving PAE, not generic for all systems attached
        to the LAN." 
    REFERENCE       "802.1X Clause 10.1, 10.4, Figure 12-3" 
    ::= { ieee8021XAnnouncementEntry 3 }

ieee8021XAnnouncementAccessStatus OBJECT-TYPE
    SYNTAX          Ieee8021XPaeNIDAccessStatus
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The object information reflects connectivity as a result of
        authentication attempts for this received network announcement
        of the PAE."
    REFERENCE       "802.1X Clause 10.4, Clause 10.1, Figure 12-3" 
    ::= { ieee8021XAnnouncementEntry 4 }

ieee8021XAnnouncementAccessRequested OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The authenticated access has been requested for this particular
        NID or not."
    REFERENCE       "802.1X Clause 10.4, Clause 10.1, Figure 12-3" 
    ::= { ieee8021XAnnouncementEntry 5 }

ieee8021XAnnouncementUnauthAccess OBJECT-TYPE
    SYNTAX          Ieee8021XPaeNIDUnauthenticatedStatus
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The access capability of the port's clients without
        authentication in this received network announcement of the
        PAE.

        'openAccess', 'limitedAccess' should not be returned if the
        object ieee8021XNidUnauthAllowed is 'immediate'."
    REFERENCE
        "802.1X Clause 10.1, Clause 12.5, Figure 12-3" 
    ::= { ieee8021XAnnouncementEntry 6 }

ieee8021XAnnouncementCapabilities OBJECT-TYPE
    SYNTAX          Ieee8021XPaeNIDCapabilites
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The announcement capabilities of this received network
        announcement for this PAE."
    REFERENCE       "802.1X Clause 10.1, Clause 12.5, Figure 12-3" 
    ::= { ieee8021XAnnouncementEntry 7 }

-- ------------------------------------------------------------------ --
-- The 802.1X PAE Announcement Cipher Suite Information Table
-- ------------------------------------------------------------------ --
 
ieee8021XAnnouncementCipherSuitesTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF Ieee8021XAnnouncementCipherSuitesEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A table contains the Cipher Suites information that the Listeners
        receive in the network announcement of the PAE system.

        This table will be instantiated if the object
        ieee8021XPaePortListenerEnable in the corresponding entry of the
        ieee8021XPaePortTable is 'true'."
    REFERENCE       "802.1X Clause 10.4, Clause 11.13.3, Figure 11-21, Figure 12-3"
    ::= { ieee8021XPaeNetworkIdentifier 4 }

ieee8021XAnnouncementCipherSuitesEntry OBJECT-TYPE
    SYNTAX          Ieee8021XAnnouncementCipherSuitesEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry contains the Cipher Suite information which a Listener has
        reveived from network announcement."
    INDEX           { ieee8021XPaePortNumber,
                      ieee8021XAnnouncementNID,
                      ieee8021XAnnouncementCipherSuite }
    ::= { ieee8021XAnnouncementCipherSuitesTable 1 }

Ieee8021XAnnouncementCipherSuitesEntry ::= SEQUENCE {
        ieee8021XAnnouncementCipherSuite         OCTET STRING,
        ieee8021XAnnouncementCipherCapability    Unsigned32
}

ieee8021XAnnouncementCipherSuite OBJECT-TYPE
    SYNTAX          OCTET STRING (SIZE (8))
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "The identifier for the announced cipher suite.  This is a
        global unique 64-bit (EUI-64) identifier to identify a cipher
        suite."
    REFERENCE
        "802.1X Clause 10.4, Figure 12-3, 802.1AE-2006 Clause 14"
    ::= { ieee8021XAnnouncementCipherSuitesEntry 1 }

ieee8021XAnnouncementCipherCapability OBJECT-TYPE
    SYNTAX          Unsigned32 (0..65535)
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The capability of a Cipher Suite received from the network
        announcement by the Listener.

        A 2 octets Cipher Suite dependent implementation capability field
        precedes each Cipher Suite reference number. If the Cipher Suite,
        ieee8021XAnnouncementCipherSuite, identifies the Default Cipher
        Suite (specified in IEEE Std 802.1AE), the two least significant
        bits of the implementation capability field encode the MACsec
        Capability parameter specified in Table 11-7 and the fourteen more
        significant bits are as 0 and ignored on receipt."
    REFERENCE
        "802.1X Clause 11.13.3, Figure 11-21"
    ::= { ieee8021XAnnouncementCipherSuitesEntry 2 }

-- ------------------------------------------------------------------ --
-- 802.1X Conformance
-- ------------------------------------------------------------------ --

ieee8021XPaeCompliances  OBJECT IDENTIFIER
    ::= { ieee8021XPaeMIBConformance 1 }

ieee8021XPaeGroups  OBJECT IDENTIFIER
    ::= { ieee8021XPaeMIBConformance 2 }


-- ------------------------------------------------------------------ --
-- 802.1X Compliance Statements
-- ------------------------------------------------------------------ --

ieee8021XPaeCompliance MODULE-COMPLIANCE
    STATUS          current
    DESCRIPTION
        "The compliance statement for device support of
        Port Access Control."
    MODULE          -- this module
    MANDATORY-GROUPS {
                        ieee8021XPaeSystemGroup,
                        ieee8021XPaeLogonGroup,
                        ieee8021XPaeEapolStatsGroup
                    }

    GROUP           ieee8021XPacGroup
    DESCRIPTION
        "This group is mandatory for systems that does not support
        the MACsec functions of the PAE."

    GROUP           ieee8021XPaeAuthConfigGroup
    DESCRIPTION
        "This group is mandatory for systems that support the
        Authenticator functions of the PAE."

    GROUP           ieee8021XPaeSuppConfigGroup
    DESCRIPTION
        "This group is mandatory for systems that support the
        Supplicant functions of the PAE."

    GROUP           ieee8021XPaeKaYMkaGroup
    DESCRIPTION
        "This group is mandatory for systems that support the KaY
        MKA functions of the PAE."

    GROUP           ieee8021XPaeNetworkIdentifierGroup
    DESCRIPTION
        "This group is mandatory for systems that support the
        network announcement functions of the PAE."

    GROUP           ieee8021XPaeAnnouncerGroup
    DESCRIPTION
        "This group is mandatory for systems that support the
        network announcement and the Announcer functions of the
        PAE."

    GROUP           ieee8021XPaeListenerGroup
    DESCRIPTION
        "This group is mandatory for systems that support
        the network announcement and the Listener functions of the
        PAE."

    OBJECT          ieee8021XKayMacSecConfidentialityOffset
    MIN-ACCESS      read-only
    DESCRIPTION
        "read-write access is not required.  This may be read-only."

    OBJECT          ieee8021XNidUseEap
    MIN-ACCESS      read-only
    DESCRIPTION
        "read-create access is not required.  This may be
        read-only."

    OBJECT          ieee8021XNidUnauthAllowed
    MIN-ACCESS      read-only
    DESCRIPTION
        "read-create access is not required.  This may be
        read-only."

    OBJECT          ieee8021XNidUnsecuredAllowed
    MIN-ACCESS      read-only
    DESCRIPTION
        "read-create access is not required.  This may be
        read-only."

    OBJECT          ieee8021XNidUnauthenticatedAccess
    MIN-ACCESS      read-only
    DESCRIPTION
        "read-create access is not required.  This may be
        read-only."

    OBJECT          ieee8021XNidAccessCapabilities
    MIN-ACCESS      read-only
    DESCRIPTION
        "read-create access is not required.  This may be
        read-only."

    OBJECT          ieee8021XNidKMD
    MIN-ACCESS      read-only
    DESCRIPTION
        "read-create access is not required.  This may be
        read-only."

    OBJECT          ieee8021XNidRowStatus
    MIN-ACCESS      read-only
    DESCRIPTION
        "read-create access is not required.  This may be
        read-only."
    ::= { ieee8021XPaeCompliances 1 }
    
    ieee8021XPaeV2Compliance MODULE-COMPLIANCE
    STATUS          current
    DESCRIPTION
        "The compliance statement for device support of
        Port Access Control as specified in 802.1X-2010
        amended by 802.1Xbx."
    MODULE          -- this module
    MANDATORY-GROUPS {
                        ieee8021XPaeSystemGroup,
                        ieee8021XPaeLogonGroup,
                        ieee8021XPaeEapolStatsGroup
                    }

    GROUP           ieee8021XPacGroup
    DESCRIPTION
        "This group is mandatory for systems that does not support
        the MACsec functions of the PAE."

    GROUP           ieee8021XPaeAuthConfigGroup
    DESCRIPTION
        "This group is mandatory for systems that support the
        Authenticator functions of the PAE."

    GROUP           ieee8021XPaeSuppConfigGroup
    DESCRIPTION
        "This group is mandatory for systems that support the
        Supplicant functions of the PAE."

    GROUP           ieee8021XPaeKaYMkaGroup
    DESCRIPTION
        "This group is mandatory for systems that support the KaY
        MKA functions of the PAE."

    GROUP           ieee8021XPaeNetworkIdentifierGroup
    DESCRIPTION
        "This group is mandatory for systems that support the
        network announcement functions of the PAE."

    GROUP           ieee8021XPaeAnnouncerGroup
    DESCRIPTION
        "This group is mandatory for systems that support the
        network announcement and the Announcer functions of the
        PAE."

    GROUP           ieee8021XPaeListenerGroup
    DESCRIPTION
        "This group is mandatory for systems that support
        the network announcement and the Listener functions of the
        PAE."

    GROUP           ieee8021XPaeKaYIsupgradeGroup
    DESCRIPTION
        "This group is mandatory for systems that support KaY MKA
        in-service upgrades."

    OBJECT          ieee8021XKayMacSecConfidentialityOffset
    MIN-ACCESS      read-only
    DESCRIPTION
        "read-write access is not required.  This may be read-only."

    OBJECT          ieee8021XNidUseEap
    MIN-ACCESS      read-only
    DESCRIPTION
        "read-create access is not required.  This may be
        read-only."

    OBJECT          ieee8021XNidUnauthAllowed
    MIN-ACCESS      read-only
    DESCRIPTION
        "read-create access is not required.  This may be
        read-only."

    OBJECT          ieee8021XNidUnsecuredAllowed
    MIN-ACCESS      read-only
    DESCRIPTION
        "read-create access is not required.  This may be
        read-only."

    OBJECT          ieee8021XNidUnauthenticatedAccess
    MIN-ACCESS      read-only
    DESCRIPTION
        "read-create access is not required.  This may be
        read-only."

    OBJECT          ieee8021XNidAccessCapabilities
    MIN-ACCESS      read-only
    DESCRIPTION
        "read-create access is not required.  This may be
        read-only."

    OBJECT          ieee8021XNidKMD
    MIN-ACCESS      read-only
    DESCRIPTION
        "read-create access is not required.  This may be
        read-only."

    OBJECT          ieee8021XNidRowStatus
    MIN-ACCESS      read-only
    DESCRIPTION
        "read-create access is not required.  This may be
        read-only."
    ::= { ieee8021XPaeCompliances 2 }


ieee8021XPaeSystemGroup OBJECT-GROUP
    OBJECTS         {
                        ieee8021XPaeSysAccessControl,
                        ieee8021XPaeSysAnnouncements,
                        ieee8021XPaeSysEapolVersion,
                        ieee8021XPaeSysMkaVersion,
                        ieee8021XPaePortType,
                        ieee8021XPaeControlledPortNumber,
                        ieee8021XPaeUncontrolledPortNumber,
                        ieee8021XPaeCommonPortNumber,
                        ieee8021XPaePortInitialize,
                        ieee8021XPaePortCapabilities,
                        ieee8021XPaePortVirtualPortsEnable,
                        ieee8021XPaePortMaxVirtualPorts,
                        ieee8021XPaePortCurrentVirtualPorts,
                        ieee8021XPaePortVirtualPortStart,
                        ieee8021XPaePortVirtualPortPeerMAC,
                        ieee8021XPaePortLogonEnable,
                        ieee8021XPaePortAuthenticatorEnable,
                        ieee8021XPaePortSupplicantEnable,
                        ieee8021XPaePortKayMkaEnable,
                        ieee8021XPaePortAnnouncerEnable,
                        ieee8021XPaePortListenerEnable
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects providing system information for a PAE
        system and a PAE port status and control information."
    ::= { ieee8021XPaeGroups 1 }

ieee8021XPacGroup OBJECT-GROUP
    OBJECTS         {
                        ieee8021XPacPortAdminPt2PtMAC,
                        ieee8021XPacPortOperPt2PtMAC
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects providing information of a PAC in the
        system."
    ::= { ieee8021XPaeGroups 2 }

ieee8021XPaeLogonGroup OBJECT-GROUP
    OBJECTS         {
                        ieee8021XPaePortLogonConnectStatus,
                        ieee8021XPaePortPortValid,
                        ieee8021XPaePortSessionOctetsRx,
                        ieee8021XPaePortSessionOctetsTx,
                        ieee8021XPaePortSessionPktsRx,
                        ieee8021XPaePortSessionPktsTx,
                        ieee8021XPaePortSessionId,
                        ieee8021XPaePortSessionStartTime,
                        ieee8021XPaePortSessionIntervalTime,
                        ieee8021XPaePortSessionTerminate,
                        ieee8021XPaePortSessionUserName
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects providing information of a Logon
        Process in the system."
    ::= { ieee8021XPaeGroups 3 }

ieee8021XPaeAuthConfigGroup OBJECT-GROUP
    OBJECTS         {
                        ieee8021XAuthPaeAuthenticate,
                        ieee8021XAuthPaeAuthenticated,
                        ieee8021XAuthPaeFailed,
                        ieee8021XAuthPaeReAuthEnabled,
                        ieee8021XAuthPaeQuietPeriod,
                        ieee8021XAuthPaeReauthPeriod,
                        ieee8021XAuthPaeRetryMax,
                        ieee8021XAuthPaeRetryCount
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects providing configuration information of
        an Authenticator in the system."
    ::= { ieee8021XPaeGroups 4 }

ieee8021XPaeSuppConfigGroup OBJECT-GROUP
    OBJECTS         {
                        ieee8021XSuppPaeAuthenticate,
                        ieee8021XSuppPaeAuthenticated,
                        ieee8021XSuppPaeFailed,
                        ieee8021XSuppPaeHelloPeriod,
                        ieee8021XSuppPaeRetryMax,
                        ieee8021XSuppPaeRetryCount
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects providing configuration information of
        a Supplicant in the system."
    ::= { ieee8021XPaeGroups 5 }

ieee8021XPaeEapolStatsGroup OBJECT-GROUP
    OBJECTS         {
                        ieee8021XEapolInvalidFramesRx,
                        ieee8021XEapolEapLengthErrorFramesRx,
                        ieee8021XEapolAnnouncementFramesRx,
                        ieee8021XEapolAnnouncementReqFramesRx,
                        ieee8021XEapolPortUnavailableFramesRx,
                        ieee8021XEapolStartFramesRx,
                        ieee8021XEapolEapFramesRx,
                        ieee8021XEapolLogoffFramesRx,
                        ieee8021XEapolMkNoCknFramesRx,
                        ieee8021XEapolMkInvalidFramesRx,
                        ieee8021XEapolLastRxFrameVersion,
                        ieee8021XEapolLastRxFrameSource,
                        ieee8021XEapolSuppEapFramesTx,
                        ieee8021XEapolLogoffFramesTx,
                        ieee8021XEapolAnnouncementFramesTx,
                        ieee8021XEapolAnnouncementReqFramesTx,
                        ieee8021XEapolStartFramesTx,
                        ieee8021XEapolAuthEapFramesTx,
                        ieee8021XEapolMkaFramesTx
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects providing counters and diagnostic
        information for the EAPOL in the system."
    ::= { ieee8021XPaeGroups 6 }

ieee8021XPaeKaYMkaGroup OBJECT-GROUP
    OBJECTS         {
                        ieee8021XKayMkaActive,
                        ieee8021XKayMkaAuthenticated,
                        ieee8021XKayMkaSecured,
                        ieee8021XKayMkaFailed,
                        ieee8021XKayMkaActorSCI,
                        ieee8021XKayMkaActorsPriority,
                        ieee8021XKayMkaKeyServerPriority,
                        ieee8021XKayMkaKeyServerSCI,
                        ieee8021XKayAllowedJoinGroup,
                        ieee8021XKayAllowedFormGroup,
                        ieee8021XKayCreateNewGroup,
                        ieee8021XKayMacSecCapability,
                        ieee8021XKayMacSecDesired,
                        ieee8021XKayMacSecProtect,
                        ieee8021XKayMacSecReplayProtect,
                        ieee8021XKayMacSecValidate,
                        ieee8021XKayMacSecConfidentialityOffset,
                        ieee8021XKayMkaTxKN,
                        ieee8021XKayMkaTxAN,
                        ieee8021XKayMkaRxKN,
                        ieee8021XKayMkaRxAN,
                        ieee8021XKayMkaPartKMD,
                        ieee8021XKayMkaPartNID,
                        ieee8021XKayMkaPartCached,
                        ieee8021XKayMkaPartActive,
                        ieee8021XKayMkaPartRetain,
                        ieee8021XKayMkaPartActivateControl,
                        ieee8021XKayMkaPartPrincipal,
                        ieee8021XKayMkaPartDistCKN,
                        ieee8021XKayMkaPartRowStatus,
                        ieee8021XKayMkaPeerListMN,
                        ieee8021XKayMkaPeerListType,
                        ieee8021XKayMkaPeerListSCI
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects providing monitoring and controlling
        information of a KaY MKA in the system."
    ::= { ieee8021XPaeGroups 7 }

ieee8021XPaeNetworkIdentifierGroup OBJECT-GROUP
    OBJECTS         {
                        ieee8021XLogonNIDConnectedNID,
                        ieee8021XLogonNIDRequestedNID,
                        ieee8021XLogonNIDSelectedNID,
                        ieee8021XNidUseEap,
                        ieee8021XNidUnauthAllowed,
                        ieee8021XNidUnsecuredAllowed,
                        ieee8021XNidUnauthenticatedAccess,
                        ieee8021XNidAccessCapabilities,
                        ieee8021XNidKMD,
                        ieee8021XNidRowStatus
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects providing monitoring and controlling
        information of an NID in the system."
    ::= { ieee8021XPaeGroups 8 }

ieee8021XPaeAnnouncerGroup OBJECT-GROUP
    OBJECTS         { ieee8021XAnnounceAccessStatus }
    STATUS          current
    DESCRIPTION
        "A collection of objects providing status information for
        an Announcer in the system."
    ::= { ieee8021XPaeGroups 9 }

ieee8021XPaeListenerGroup OBJECT-GROUP
    OBJECTS         {
                        ieee8021XAnnouncementKMD,
                        ieee8021XAnnouncementSpecific,
                        ieee8021XAnnouncementAccessStatus,
                        ieee8021XAnnouncementAccessRequested,
                        ieee8021XAnnouncementUnauthAccess,
                        ieee8021XAnnouncementCapabilities,
                        ieee8021XAnnouncementCipherCapability
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects providing status information for
        a Listener in the system."
    ::= { ieee8021XPaeGroups 10 }

ieee8021XPaeKaYIsupgradeGroup OBJECT-GROUP
    OBJECTS         {
                        ieee8021XKayMkaSuspendFor,
                        ieee8021XKayMkaSuspendOnRequest,
                        ieee8021XKayMkaSuspendedWhile
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects providing monitoring and control
        for MKA support of in-service upgrades."
    ::= { ieee8021XPaeGroups 11 }
    
END

