etsysDot1xRekeyEnabled – ENTERASYS-8021X-REKEYING-MIB

Object

column r/w SNMPv2-TCTruthValue

Determines how an access point selects radio encryption
keys.
              
If the selected port/Authenticator PAE does not support
the EAPOL-Key feature (e.g., because radio keys are not
applicable to Ethernet ports), this object's value will
be FALSE and attempts to write TRUE will fail.
              
Normally, if radio keys are present, the manager enters
them into the access point through some manual process.
The manager or the users may also need to configure the
keys into each laptop (access points can distribute the
keys automatically to 802.1x EAP-TLS clients).  However
laptops get keys, the keys remain static until somebody
goes to the trouble of changing them.  If the keys stay
unchanged for long periods, this can make it easier for
a determined attacker to launch a cryptographic attack.
              
When rapid rekeying is enabled, an access point ignores
its manually-set keys.  It generates pseudo-random keys
on a periodic basis, using IEEE 802.1x key distribution
to deliver the keys to new and current clients.
              
Do not enable rapid rekeying unless ALL of your clients
support IEEE 802.1x and an authentication method (e.g.,
EAP-TLS) that supports key distribution.
              
Before enabling rapid rekeying, make sure that you have
set 'dot1xAuthKeyTxEnabled' to TRUE.  Changing the keys
without telling any of the clients about the changes is
not a very useful mode of operation.

Context

MIB: ENTERASYS-8021X-REKEYING-MIB
OID: .1.3.6.1.4.1.5624.1.2.17.1.1.1.1.1
Type: column
Access: readwrite
Status: current
Parent: etsysDot1xRekeyConfigEntry
Table: etsysDot1xRekeyConfigTable
Siblings: 4

Syntax

SNMPv2-TCTruthValue

Source: SNMPv2-TCTruthValue
Base type: Enumeration

Values & Constraints

Type Values

`1`	true
`2`	false

Related Objects

Sibling Objects

Object	Type	Syntax	OID
etsysDot1xRekeyPeriod When rapid rekeying (periodic changing of radio keys) is enabled, the value of this object determines the period, in seconds, between key changes.	column	SNMPv2-SMIUnsigned32	`.1.3.6.1.4.1.5624.1.2.17.1.1.1.1.2`
etsysDot1xRekeyLength Determines the number of bits/bytes used in the encryption keys. Currently supports either 128-bit (16-octet) encryption keys or 40-bit (5-octet) encryption keys.	column	Enumeration	`.1.3.6.1.4.1.5624.1.2.17.1.1.1.1.3`
etsysDot1xRekeyAsymmetric Determines the association between the supplicant and authenticator transmit keys. If true(1), the authenticator and supplicant will use different encryption keys i…	column	SNMPv2-TCTruthValue	`.1.3.6.1.4.1.5624.1.2.17.1.1.1.1.4`
etsysDot1xRekeyPairwise Determines whether Rapid Rekeying tumbles Pairwise keys (when it is enabled, and the radio card supports them). If true(1), it indicates that the access point shoul…	column	SNMPv2-TCTruthValue	`.1.3.6.1.4.1.5624.1.2.17.1.1.1.1.5`