The MIB module for managing the Port Access Entity (PAE)
        functions of IEEE 802.1X (Revision of 802.1X-2004).
        The PAE functions managed are summarized in Figure 12-3 of
        IEEE 802.1X and include EAPOL PACP support for authentication
        (EAP Supplicant and/or Authenticator), MACsec Key Agreement
        (MKA), EAPOL, and transmission and reception of network
        The following acronyms and definitions are used in this MIB.
        AN : Association Number, a number that is concatenated with a
            MACsec Secure Channel Identifier to identify a Secure
            Association (SA).
        Announcer : EAPOL-Announcement transmission functionality.
        Authenticator : An entity that facilitates authentication of
            other entities attached to the same LAN.
        CA : secure Connectivity Association: A security relationship,
            established and maintained by key agreement protocols, that
            comprises a fully connected subset of the service access
            points in stations attached to a single LAN that are to be
            supported by MACsec.
        CAK : secure Connectivity Association Key, a secret key
            possessed by members of a given CA.
        CKN : secure Connectivity Association Key Name (CKN), a text
            that identifies a CAK.
        Common Port : An instance of the MAC Internal Sublayer Service
            used by the SecY or PAC to provide transmission and
            reception of frames for both the Controlled and
            Uncontrolled Ports.
        Controlled Port : The access point used to provide the secure
            MAC Service to a client of a PAC or SecY.
        CP state machine : Controlled Port state machine is capable of
            controlling a SecY or a PAC.  The CP supports
            interoperability with unauthenticated systems that are not
            port-based network access control capable, or that lack 
            MKA.  When the access controlled port is supported by a
            SecY, the CP is capable of controlling the SecY so as to
            provide unsecured connectivity to systems that implement a
        EAP : Extensible Authentication Protocol, RFC3748.
        EAPOL : EAP over LANs.
        KaY : Key Agreement Entity, a PAE entity responsible for MKA.
        Key Server : Elected by MKA, to transport a succession of SAKs,
            for use by MACsec, to the other member(s) of a CA.
        KMD : Key Management Domain, a string identifying systems that
             share cached CAKs.
        Listener : The role is to receive the network announcement
            parameters in the authentication process.
        Logon Process : The Logon Process is responsible for the
            managing the use of authentication credentials, for
            initiating use of the PAE's Supplicant and or Authenticator
            functionality, for deriving CAK, CKN tuples from PAE
            results, for maintaining PSKs (Pre-Sharing Keys), and for
            managing MKA instances.  In the absence of successful
            authentication, key agreement, or support for MAC Security,
            the Logon Process determines whether the CP state machine
            should provide unauthenticated connectivity or
            authenticated but unsecured connectivity.
        MKA : MACsec Key Agreement protocol allows PAEs, each
            associated with a port that is an authenticated member of a
            secure connectivity association (CA) or a potential CA, to
            discover other PAEs attached to the same LAN, to confirm
            mutual possession of a CAK and hence to prove a past mutual
            authentication, to agree the secret keys (SAKs) used by
            MACsec for symmetric shared key cryptography, and to ensure
            that the data protected by MACsec has not been delayed.
        MKPDU : MACsec Key Agreement Protocol Data Unit.
        MPDU : MAC Protocol Data Unit.
        NID : Network Identity, a UTF-8 string identifying an network
             or network service.
        PAE : Port Access Entity, the protocol entity associated with a
             Port.  It can support the protocol functionality
             associated with the Authenticator, the Supplicant, or
        PAC : Port Access Controller, a protocol-less shim that
             provides control over frame transmission and reception by
             clients attached to its Controlled Port, and uses the MAC
             Service provided by a Common Port.  The access control
             decision is made by the PAE, typically taking into
             account the success or failure of mutual authentication
             and authorization of the PAE's peer(s), and is
             communicated by the PAE using the LMI to set the PAC's
             Controlled Port enabled/disable.  Two different interfaces
             'Controlled Port' and 'Uncontrolled Port', are associated
             with a PAC, and that for each instance of a PAC, two
             ifTable rows (one for each interface) run on top of an
             ifTable row representing the 'Common Port' interface,
             such as a row with ifType = 'ethernetCsmacd(6)'.
             For example :
            |                            |                            |
            |   Controlled Port          |   Uncontrolled Port        |
            |      Interface             |      Interface             |
            |    (ifEntry = j)           |     (ifEntry = k)          |
            | (ifType =                  | (ifType =                  |
            |  macSecControlledIF(231))  |  macSecUncontrolledIF(232))|
            |                            |                            |
            |                                                         |
            |                    Physical Interface                   |
            |                      (ifEntry = i)                      |
            |                (ifType = ethernetCsmacd(6))             |
                        i, j, k are ifIndex to indicate
                       an interface stack in the ifTable.
                        Figure : PAC Interface Stack
             The 'Controlled Port' is the service point to provide one
             instance of the secure MAC service in a PAC.  The
             'Uncontrolled Port' is the service point to provide one
             instance of the insecure MAC service in a PAC.
        PACP : Port Access Controller Protocol.
        Port Identifier : A 16-bit number that is unique within the
            scope of the address of the port.
        Real Port : Indicates the PAE is for a real port.  A port that
            is not created on demand by the mechanisms specified in
            this standard, but that can transmit and receive frames for
            one or more virtual ports.
        SC : Secure Channel, a security relationship used to provide
            security guarantees for frames transmitted from one member
            of a CA to the others.  An SC is supported by a sequence of
            SAs thus allowing the periodic use of fresh keys without
            terminating the relationship.
        SA : Secure Association, a security relationship that provides
            security guarantees for frames transmitted from one member
            of a CA to the others. Each SA is supported by a single
            secret key, or a single set of keys where the cryptographic
            operations used to protect one frame require more than one
        SAK : Secure Association key, the secret key used by an SA.
        SCI : Secure Channel Identifier, a globally unique identifier
            for a secure channel, comprising a globally unique MAC
            Address and a Port Identifier, unique within the system
            allocated that address.
        secured connectivity : Data transfer between two or 'Controlled
            Ports' that is protected by MACsec.
        SecY : MAC Security Entity, the entity that operates the MAC
            Security protocol within a system.
        Supplicant : An entity at one end of a point-to-point LAN
            segment that seeks to be authenticated by an Authenticator
            attached to the other end of that link.
        Suspension: Temporary suspension of MKA operation to facilitate
            in-service control plane software upgrades without
            disrupting existing secure connectivity.
        Uncontrolled Port : The access point used to provide the
            insecure MAC Service to a client of a SecY or PAC.
        Virtual Port : Indicates the PAE is for a virtual port.  A MAC
            Service or Internal Sublayer service access point that is
            created on demand.  Virtual ports can be used to provide
            separate secure connectivity associations over the same

Imported Objects

MODULE-IDENTITY, OBJECT-TYPE, Gauge32, Counter32, Counter64, Unsigned32, Integer32SNMPv2-SMI
MacAddress, TEXTUAL-CONVENTION, TruthValue, RowPointer, TimeStamp, TimeInterval, RowStatusSNMPv2-TC
ieee8021XPaeMIB .
ieee8021XPaeMIBNotifications .
ieee8021XPaeMIBObjects .
ieee8021XPaeSystem .
ieee8021XPaeSysAccessControl .
ieee8021XPaeSysAnnouncements .
ieee8021XPaeSysEapolVersion .
ieee8021XPaeSysMkaVersion .
ieee8021XPaePortTable .
ieee8021XPaePortEntry .
ieee8021XPaePortNumber .
ieee8021XPaePortCurrentVirtualPorts .
ieee8021XPaePortVirtualPortStart .
ieee8021XPaePortVirtualPortPeerMAC .
ieee8021XPaePortLogonEnable .
ieee8021XPaePortAuthenticatorEnable .
ieee8021XPaePortSupplicantEnable .
ieee8021XPaePortKayMkaEnable .
ieee8021XPaePortAnnouncerEnable .
ieee8021XPaePortListenerEnable .
ieee8021XPaePortType .
ieee8021XPaeControlledPortNumber .
ieee8021XPaeUncontrolledPortNumber .
ieee8021XPaeCommonPortNumber .
ieee8021XPaePortInitialize .
ieee8021XPaePortCapabilities .
ieee8021XPaePortVirtualPortsEnable .
ieee8021XPaePortMaxVirtualPorts .
ieee8021XPacPortTable .
ieee8021XPacPortEntry .
ieee8021XPacPortControlledPortNumber .
ieee8021XPacPortAdminPt2PtMAC .
ieee8021XPacPortOperPt2PtMAC .
ieee8021XPaeLogon .
ieee8021XPaePortLogonTable .
ieee8021XPaePortLogonEntry .
ieee8021XPaePortLogonConnectStatus .
ieee8021XPaePortPortValid .
ieee8021XPaePortSessionTable .
ieee8021XPaePortSessionEntry .
ieee8021XPaeSessionControlledPortNumber .
ieee8021XPaePortSessionUserName .
ieee8021XPaePortSessionOctetsRx .
ieee8021XPaePortSessionOctetsTx .
ieee8021XPaePortSessionPktsRx .
ieee8021XPaePortSessionPktsTx .
ieee8021XPaePortSessionId .
ieee8021XPaePortSessionStartTime .
ieee8021XPaePortSessionIntervalTime .
ieee8021XPaePortSessionTerminate .
ieee8021XLogonNIDTable .
ieee8021XLogonNIDEntry .
ieee8021XLogonNIDConnectedNID .
ieee8021XLogonNIDRequestedNID .
ieee8021XLogonNIDSelectedNID .
ieee8021XPaeAuthenticator .
ieee8021XAuthenticatorTable .
ieee8021XAuthenticatorEntry .
ieee8021XAuthPaeAuthenticate .
ieee8021XAuthPaeAuthenticated .
ieee8021XAuthPaeFailed .
ieee8021XAuthPaeReAuthEnabled .
ieee8021XAuthPaeQuietPeriod .
ieee8021XAuthPaeReauthPeriod .
ieee8021XAuthPaeRetryMax .
ieee8021XAuthPaeRetryCount .
ieee8021XPaeSupplicant .
ieee8021XSupplicantTable .
ieee8021XSupplicantEntry .
ieee8021XSuppPaeAuthenticate .
ieee8021XSuppPaeAuthenticated .
ieee8021XSuppPaeFailed .
ieee8021XSuppPaeHelloPeriod .
ieee8021XSuppPaeRetryMax .
ieee8021XSuppPaeRetryCount .
ieee8021XPaeEapol .
ieee8021XEapolStatsTable .
ieee8021XEapolStatsEntry .
ieee8021XEapolInvalidFramesRx .
ieee8021XEapolMkInvalidFramesRx .
ieee8021XEapolLastRxFrameVersion .
ieee8021XEapolLastRxFrameSource .
ieee8021XEapolSuppEapFramesTx .
ieee8021XEapolLogoffFramesTx .
ieee8021XEapolAnnouncementFramesTx .
ieee8021XEapolAnnouncementReqFramesTx .
ieee8021XEapolStartFramesTx .
ieee8021XEapolAuthEapFramesTx .
ieee8021XEapolMkaFramesTx .
ieee8021XEapolEapLengthErrorFramesRx .
ieee8021XEapolAnnouncementFramesRx .
ieee8021XEapolAnnouncementReqFramesRx .
ieee8021XEapolPortUnavailableFramesRx .
ieee8021XEapolStartFramesRx .
ieee8021XEapolEapFramesRx .
ieee8021XEapolLogoffFramesRx .
ieee8021XEapolMkNoCknFramesRx .
ieee8021XPaeKaY .
ieee8021XKayMkaTable .
ieee8021XKayMkaEntry .
ieee8021XKayMkaActive .
ieee8021XKayAllowedFormGroup .
ieee8021XKayCreateNewGroup .
ieee8021XKayMacSecCapability .
ieee8021XKayMacSecDesired .
ieee8021XKayMacSecProtect .
ieee8021XKayMacSecReplayProtect .
ieee8021XKayMacSecValidate .
ieee8021XKayMacSecConfidentialityOffset .
ieee8021XKayMkaTxKN .
ieee8021XKayMkaTxAN .
ieee8021XKayMkaAuthenticated .
ieee8021XKayMkaRxKN .
ieee8021XKayMkaRxAN .
ieee8021XKayMkaSuspendFor .
ieee8021XKayMkaSuspendOnRequest .
ieee8021XKayMkaSuspendedWhile .
ieee8021XKayMkaSecured .
ieee8021XKayMkaFailed .
ieee8021XKayMkaActorSCI .
ieee8021XKayMkaActorsPriority .
ieee8021XKayMkaKeyServerPriority .
ieee8021XKayMkaKeyServerSCI .
ieee8021XKayAllowedJoinGroup .
ieee8021XKayMkaParticipantTable .
ieee8021XKayMkaParticipantEntry .
ieee8021XKayMkaPartCKN .
ieee8021XKayMkaPartRowStatus .
ieee8021XKayMkaPartKMD .
ieee8021XKayMkaPartNID .
ieee8021XKayMkaPartCached .
ieee8021XKayMkaPartActive .
ieee8021XKayMkaPartRetain .
ieee8021XKayMkaPartActivateControl .
ieee8021XKayMkaPartPrincipal .
ieee8021XKayMkaPartDistCKN .
ieee8021XKayMkaPeerListTable .
ieee8021XKayMkaPeerListEntry .
ieee8021XKayMkaPeerListMI .
ieee8021XKayMkaPeerListMN .
ieee8021XKayMkaPeerListType .
ieee8021XKayMkaPeerListSCI .
ieee8021XPaeNetworkIdentifier .
ieee8021XNidConfigTable .
ieee8021XNidConfigEntry .
ieee8021XNidNID .
ieee8021XNidUseEap .
ieee8021XNidUnauthAllowed .
ieee8021XNidUnsecuredAllowed .
ieee8021XNidUnauthenticatedAccess .
ieee8021XNidAccessCapabilities .
ieee8021XNidKMD .
ieee8021XNidRowStatus .
ieee8021XAnnounceTable .
ieee8021XAnnounceEntry .
ieee8021XAnnounceNID .
ieee8021XAnnounceAccessStatus .
ieee8021XAnnouncementTable .
ieee8021XAnnouncementEntry .
ieee8021XAnnouncementNID .
ieee8021XAnnouncementKMD .
ieee8021XAnnouncementSpecific .
ieee8021XAnnouncementAccessStatus .
ieee8021XAnnouncementAccessRequested .
ieee8021XAnnouncementUnauthAccess .
ieee8021XAnnouncementCapabilities .
ieee8021XAnnouncementCipherSuitesTable .
ieee8021XAnnouncementCipherSuitesEntry .
ieee8021XAnnouncementCipherSuite .
ieee8021XAnnouncementCipherCapability .
ieee8021XPaeMIBConformance .
ieee8021XPaeCompliances .
ieee8021XPaeGroups .