PowerDsine Inc.
D. Romascanu
Avaya
December 2003
Power Ethernet MIB
Status of this Memo
-
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
-
Copyright © The Internet Society (2003). All Rights Reserved.
Abstract
-
This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. This document proposes an extension to the Ethernet-like Interfaces MIB with a set of objects for managing Power Sourcing Equipment (PSE).
Table of Contents
-
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. The Internet-Standard Management Framework . . . . . . . . . . 2 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 4. MIB Structure. . . . . . . . . . . . . . . . . . . . . . . . . 3 5. Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . 3 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 16 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 16 7.1. Normative References . . . . . . . . . . . . . . . . . . 16 7.2. Informative References . . . . . . . . . . . . . . . . . 17 8. Intellectual Property Statement. . . . . . . . . . . . . . . . 17 9. Security Considerations. . . . . . . . . . . . . . . . . . . . 18 10. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 19 11. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 20
1. Introduction
-
This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it defines a set of MIB objects to manage Power Ethernet [IEEE-802.3af] Power Sourcing Equipment (PSE).
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
2. The Internet-Standard Management Framework
-
For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410].
Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580].
3. Overview
-
The emergence of IP telephony as an application that allows voice applications to be run over the same infrastructure as data applications has led to the emergence of Ethernet IP phones, which have similar functions and characteristics as traditional phones. Powering the phone with the same cable used for signal transfer is one of the functions that are being taken as granted. The IEEE 802.3 Working Group has initiated standardization on this subject, currently known as the IEEE 802.3af work [IEEE-802.3af].
The IEEE 802.3af WG did not define a full management interface, but only the hardware registers that will allow for management interfaces to be built for a powered Ethernet device. The MIB module defined in this document extends the Ethernet-like Interfaces MIB [RFC3635] with the management objects required for the management of the powered Ethernet devices and ports.
The following abbreviations are defined in [IEEE-802.3af] and will be used with the same significance in this document:
PSE - Power Sourcing Equipment;
PD - Powered Device
4. MIB Structure
-
These MIB objects are categorized into three MIB groups.
The pethPsePortTable defines the objects used for configuring and describing the status of ports on a PSE device. Examples of PSE devices are Ethernet switches that support power Ethernet and mid- span boxes.
The pethMainPseObjects MIB group defines the management objects for a managed main power source in a PSE device. Ethernet switches are one example of boxes that would support these objects.
The pethNotificationControlTable includes objects that control the transmission of notifications from the agent to a management application.
5. Definitions
POWER-ETHERNET-MIB DEFINITIONS ::= BEGIN
IMPORTS
-
MODULE-IDENTITY, mib-2, OBJECT-TYPE, Integer32, Gauge32, Counter32, NOTIFICATION-TYPE FROM SNMPv2-SMI TruthValue FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF
-
-
SnmpAdminString
-
FROM SNMP-FRAMEWORK-MIB; powerEthernetMIB MODULE-IDENTITY
-
LAST-UPDATED "200311240000Z" -- November 24, 2003
ORGANIZATION "IETF Ethernet Interfaces and Hub MIB
Working Group"
-
-
-
CONTACT-INFO
"
-
WG Charter: http://www.ietf.org/html.charters/hubmib-charter.html
-
-
Mailing lists:
-
General Discussion: hubmib@ietf.org To Subscribe: hubmib-requests@ietf.org In Body: subscribe your_email_address
-
-
Chair: Dan Romascanu
-
Avaya Tel: +972-3-645-8414 Email: dromasca@avaya.com Editor: Avi Berger PowerDsine Inc. Tel: 972-9-7755100 Ext 307 Fax: 972-9-7755120 E-mail: avib@PowerDsine.com "
-
DESCRIPTION
-
-
"The MIB module for managing Power Source Equipment
(PSE) working according to the IEEE 802.af Powered Ethernet (DTE Power via MDI) standard.
The following terms are used throughout this MIB module. For complete formal definitions, the IEEE 802.3 standards should be consulted wherever possible:
Group - A recommended, but optional, entity defined by the IEEE 802.3 management standard, in order to support a modular numbering scheme. The classical example allows an implementor to represent field-replaceable units as groups of ports, with the port numbering matching the modular hardware implementation.
Port - This entity identifies the port within the group for which this entry contains information. The numbering scheme for ports is implementation specific.
Copyright © The Internet Society (2003). This version of this MIB module is part of RFC 3621; See the RFC itself for full legal notices."
-
-
REVISION "200311240000Z" -- November 24, 2003 DESCRIPTION "Initial version, published as RFC 3621." ::= { mib-2 105 } pethNotifications OBJECT IDENTIFIER ::= { powerEthernetMIB 0 } pethObjects OBJECT IDENTIFIER ::= { powerEthernetMIB 1 } pethConformance OBJECT IDENTIFIER ::= { powerEthernetMIB 2 }
-- PSE Objects
-
pethPsePortTable OBJECT-TYPE
SYNTAX SEQUENCE OF PethPsePortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of objects that display and control the power characteristics of power Ethernet ports on a Power Source Entity (PSE) device. This group will be implemented in managed power Ethernet switches and mid-span devices. Values of all read-write objects in this table are persistent at restart/reboot." ::= { pethObjects 1 }
pethPsePortEntry OBJECT-TYPE
SYNTAX PethPsePortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A set of objects that display and control the power characteristics of a power Ethernet PSE port." INDEX { pethPsePortGroupIndex , pethPsePortIndex } ::= { pethPsePortTable 1 }
PethPsePortEntry ::= SEQUENCE {
pethPsePortGroupIndex Integer32, pethPsePortIndex Integer32, pethPsePortAdminEnable TruthValue, pethPsePortPowerPairsControlAbility TruthValue, pethPsePortPowerPairs INTEGER, pethPsePortDetectionStatus INTEGER, pethPsePortPowerPriority INTEGER, pethPsePortMPSAbsentCounter Counter32, pethPsePortType SnmpAdminString, pethPsePortPowerClassifications INTEGER, pethPsePortInvalidSignatureCounter Counter32, pethPsePortPowerDeniedCounter Counter32, pethPsePortOverLoadCounter Counter32, pethPsePortShortCounter Counter32 }
-
pethPsePortGroupIndex OBJECT-TYPE
SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This variable uniquely identifies the group containing the port to which a power Ethernet PSE is connected. Group means box in the stack, module in a rack and the value 1 MUST be used for non-modular devices. Furthermore, the same value MUST be used in this variable, pethMainPseGroupIndex, and pethNotificationControlGroupIndex to refer to a given box in a stack or module in the rack." ::= { pethPsePortEntry 1 }
-
pethPsePortIndex OBJECT-TYPE
SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This variable uniquely identifies the power Ethernet PSE port within group pethPsePortGroupIndex to which the power Ethernet PSE entry is connected." ::= { pethPsePortEntry 2 } pethPsePortAdminEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "true (1) An interface which can provide the PSE functions. false(2) The interface will act as it would if it had no PSE function." REFERENCE "IEEE Std 802.3af Section 30.9.1.1.2 aPSEAdminState" ::= { pethPsePortEntry 3 } pethPsePortPowerPairsControlAbility OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Describes the capability of controlling the power pairs functionality to switch pins for sourcing power. The value true indicate that the device has the capability to control the power pairs. When false the PSE Pinout Alternative used cannot be controlled through the PethPsePortAdminEnable attribute." REFERENCE "IEEE Std 802.3af Section 30.9.1.1.3 aPSEPowerPairsControlAbility" ::= { pethPsePortEntry 4 } pethPsePortPowerPairs OBJECT-TYPE SYNTAX INTEGER { signal(1), spare(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Describes or controls the pairs in use. If the value of pethPsePortPowerPairsControl is true, this object is writable. A value of signal(1) means that the signal pairs only are in use. A value of spare(2) means that the spare pairs only are in use." REFERENCE "IEEE Std 802.3af Section 30.9.1.1.4 aPSEPowerPairs" ::= { pethPsePortEntry 5 } pethPsePortDetectionStatus OBJECT-TYPE SYNTAX INTEGER { disabled(1), searching(2), deliveringPower(3), fault(4), test(5), otherFault(6) } MAX-ACCESS read-only STATUS current DESCRIPTION "Describes the operational status of the port PD detection. A value of disabled(1)- indicates that the PSE State diagram is in the state DISABLED. A value of deliveringPower(3) - indicates that the PSE State diagram is in the state POWER_ON for a duration greater than tlim max (see IEEE Std 802.3af Table 33-5 tlim). A value of fault(4) - indicates that the PSE State diagram is in the state TEST_ERROR. A value of test(5) - indicates that the PSE State diagram is in the state TEST_MODE. A value of otherFault(6) - indicates that the PSE State diagram is in the state IDLE due to the variable error_conditions. A value of searching(2)- indicates the PSE State diagram is in a state other than those listed above." REFERENCE "IEEE Std 802.3af Section 30.9.1.1.5 aPSEPowerDetectionStatus" ::= { pethPsePortEntry 6 } pethPsePortPowerPriority OBJECT-TYPE SYNTAX INTEGER { critical(1), high(2), low(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object controls the priority of the port from the point of view of a power management algorithm. The priority that is set by this variable could be used by a control mechanism that prevents over current situations by disconnecting first ports with lower power priority. Ports that connect devices critical to the operation of the network - like the E911 telephones ports - should be set to higher priority." ::= { pethPsePortEntry 7 }
pethPsePortMPSAbsentCounter OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION-
-
"This counter is incremented when the PSE state diagram
-
transitions directly from the state POWER_ON to the
-
state IDLE due to tmpdo_timer_done being asserted." REFERENCE "IEEE Std 802.3af Section 30.9.1.1.11 aPSEMPSAbsentCounter" ::= { pethPsePortEntry 8 }
pethPsePortType OBJECT-TYPE
SYNTAX SnmpAdminString MAX-ACCESS read-write STATUS current DESCRIPTION "A manager will set the value of this variable to indicate the type of powered device that is connected to the port. The default value supplied by the agent if no value has ever been set should be a zero-length octet string." ::= { pethPsePortEntry 9 } pethPsePortPowerClassifications OBJECT-TYPE SYNTAX INTEGER { class0(1), class1(2), class2(3), class3(4), class4(5) } MAX-ACCESS read-only STATUS current DESCRIPTION "Classification is a way to tag different terminals on the Power over LAN network according to their power consumption. Devices such as IP telephones, WLAN access points and others, will be classified according to their power requirements.
-
The meaning of the classification labels is defined in the IEEE specification.
This variable is valid only while a PD is being powered, that is, while the attribute pethPsePortDetectionStatus is reporting the enumeration deliveringPower." REFERENCE "IEEE Std 802.3af Section 30.9.1.1.6 aPSEPowerClassification" ::= { pethPsePortEntry 10 }
pethPsePortInvalidSignatureCounter OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS currentDESCRIPTION "This counter is incremented when the PSE state diagram enters the state SIGNATURE_INVALID." REFERENCE "IEEE Std 802.3af Section 30.9.1.1.7 aPSEInvalidSignatureCounter" ::= { pethPsePortEntry 11 }
pethPsePortPowerDeniedCounter OBJECT-TYPE
SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This counter is incremented when the PSE state diagram enters the state POWER_DENIED." REFERENCE "IEEE Std 802.3af Section 30.9.1.1.8 aPSEPowerDeniedCounter" ::= { pethPsePortEntry 12 }
pethPsePortOverLoadCounter OBJECT-TYPE
SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This counter is incremented when the PSE state diagram enters the state ERROR_DELAY_OVER." REFERENCE "IEEE Std 802.3af Section 30.9.1.1.9 aPSEOverLoadCounter" ::= { pethPsePortEntry 13 }
pethPsePortShortCounter OBJECT-TYPE
SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This counter is incremented when the PSE state diagram enters the state ERROR_DELAY_SHORT." REFERENCE "IEEE Std 802.3af Section 30.9.1.1.10 aPSEShortCounter" ::= { pethPsePortEntry 14 }
-- Main PSE Objects
pethMainPseObjects OBJECT IDENTIFIER ::= { pethObjects 3 }
pethMainPseTable OBJECT-TYPE
-
SYNTAX SEQUENCE OF PethMainPseEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of objects that display and control attributes of the main power source in a PSE device. Ethernet switches are one example of boxes that would support these objects. Values of all read-write objects in this table are persistent at restart/reboot." ::= { pethMainPseObjects 1 }
pethMainPseEntry OBJECT-TYPE
SYNTAX PethMainPseEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A set of objects that display and control the Main power of a PSE. " INDEX { pethMainPseGroupIndex } ::= { pethMainPseTable 1 } PethMainPseEntry ::= SEQUENCE { pethMainPseGroupIndex Integer32, pethMainPsePower Gauge32 , pethMainPseOperStatus INTEGER, pethMainPseConsumptionPower Gauge32, pethMainPseUsageThreshold Integer32 } pethMainPseGroupIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This variable uniquely identifies the group to which power Ethernet PSE is connected. Group means (box in the stack, module in a rack) and the value 1 MUST be used for non-modular devices. Furthermore, the same value MUST be used in this variable, pethPsePortGroupIndex, and pethNotificationControlGroupIndex to refer to a given box in a stack or module in a rack." ::= { pethMainPseEntry 1 }
-
pethMainPsePower OBJECT-TYPE
SYNTAX Gauge32 (1..65535) UNITS "Watts" MAX-ACCESS read-only STATUS current DESCRIPTION "The nominal power of the PSE expressed in Watts." ::= { pethMainPseEntry 2 }
-
pethMainPseOperStatus OBJECT-TYPE
SYNTAX INTEGER { on(1), off(2), faulty(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "The operational status of the main PSE." ::= { pethMainPseEntry 3 }
-
pethMainPseConsumptionPower OBJECT-TYPE
SYNTAX Gauge32 UNITS "Watts" MAX-ACCESS read-only STATUS current DESCRIPTION "Measured usage power expressed in Watts." ::= { pethMainPseEntry 4 }
-
pethMainPseUsageThreshold OBJECT-TYPE
SYNTAX Integer32 (1..99) UNITS "%" MAX-ACCESS read-write STATUS current DESCRIPTION "The usage threshold expressed in percents for comparing the measured power and initiating an alarm if the threshold is exceeded." ::= { pethMainPseEntry 5 }
-- Notification Control Objects
pethNotificationControl OBJECT IDENTIFIER ::= { pethObjects 4 }
pethNotificationControlTable OBJECT-TYPE
-
SYNTAX SEQUENCE OF PethNotificationControlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of objects that display and control the Notification on a PSE device. Values of all read-write objects in this table are persistent at restart/reboot." ::= { pethNotificationControl 1 }
pethNotificationControlEntry OBJECT-TYPE
SYNTAX PethNotificationControlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A set of objects that control the Notification events." INDEX { pethNotificationControlGroupIndex } ::= { pethNotificationControlTable 1 } PethNotificationControlEntry ::= SEQUENCE { pethNotificationControlGroupIndex Integer32, pethNotificationControlEnable TruthValue } pethNotificationControlGroupIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This variable uniquely identifies the group. Group means box in the stack, module in a rack and the value 1 MUST be used for non-modular devices. Furthermore, the same value MUST be used in this variable, pethPsePortGroupIndex, and pethMainPseGroupIndex to refer to a given box in a stack or module in a rack. " ::= { pethNotificationControlEntry 1 } pethNotificationControlEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object controls, on a per-group basis, whether or not notifications from the agent are enabled. The value true(1) means that notifications are enabled; the value false(2) means that they are not." ::= { pethNotificationControlEntry 2 } -- -- Notifications Section -- --
-
-
pethPsePortOnOffNotification NOTIFICATION-TYPE
OBJECTS { pethPsePortDetectionStatus } STATUS current DESCRIPTION " This Notification indicates if Pse Port is delivering or not power to the PD. This Notification SHOULD be sent on every status change except in the searching mode. At least 500 msec must elapse between notifications being emitted by the same object instance." ::= { pethNotifications 1 }
-
pethMainPowerUsageOnNotification NOTIFICATION-TYPE
OBJECTS { pethMainPseConsumptionPower } STATUS current DESCRIPTION " This Notification indicate PSE Threshold usage indication is on, the usage power is above the threshold. At least 500 msec must elapse between notifications being emitted by the same object instance." ::= { pethNotifications 2 }
-
pethMainPowerUsageOffNotification NOTIFICATION-TYPE
-
OBJECTS { pethMainPseConsumptionPower } STATUS current DESCRIPTION " This Notification indicates PSE Threshold usage indication off, the usage power is below the threshold. At least 500 msec must elapse between notifications being emitted by the same object instance." ::= { pethNotifications 3 } -- -- Conformance Section -- pethCompliances OBJECT IDENTIFIER ::= { pethConformance 1 } pethGroups OBJECT IDENTIFIER ::= { pethConformance 2 }
pethCompliance MODULE-COMPLIANCE
-
STATUS current DESCRIPTION "Describes the requirements for conformance to the Power Ethernet MIB." MODULE -- this module MANDATORY-GROUPS { pethPsePortGroup, pethPsePortNotificationGroup, pethNotificationControlGroup } GROUP pethMainPseGroup DESCRIPTION "The pethMainPseGroup is mandatory for PSE systems that implement a main power supply." GROUP pethMainPowerNotificationGroup DESCRIPTION "The pethMainPowerNotificationGroup is mandatory for PSE systems that implement a main power supply." ::= { pethCompliances 1 }
pethPsePortGroup OBJECT-GROUP
-
OBJECTS { pethPsePortAdminEnable, pethPsePortPowerPairsControlAbility, pethPsePortPowerPairs, pethPsePortDetectionStatus, pethPsePortPowerPriority, pethPsePortMPSAbsentCounter, pethPsePortInvalidSignatureCounter, pethPsePortPowerDeniedCounter, pethPsePortOverLoadCounter, pethPsePortShortCounter, pethPsePortType, pethPsePortPowerClassifications } STATUS current DESCRIPTION "PSE Port objects." ::= { pethGroups 1 }
pethMainPseGroup OBJECT-GROUP
-
OBJECTS { pethMainPsePower, pethMainPseOperStatus, pethMainPseConsumptionPower, pethMainPseUsageThreshold } STATUS current DESCRIPTION "Main PSE Objects. " ::= { pethGroups 2 }
pethNotificationControlGroup OBJECT-GROUP
-
OBJECTS { pethNotificationControlEnable } STATUS current DESCRIPTION "Notification Control Objects. " ::= { pethGroups 3 }
pethPsePortNotificationGroup NOTIFICATION-GROUP
-
NOTIFICATIONS { pethPsePortOnOffNotification} STATUS current DESCRIPTION "Pse Port Notifications." ::= { pethGroups 4 }
pethMainPowerNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS { pethMainPowerUsageOnNotification, pethMainPowerUsageOffNotification} STATUS current DESCRIPTION "Main PSE Notifications." ::= { pethGroups 5 }
END
6. Acknowledgements
-
This document is the product of the Ethernet Interfaces and Hub MIB WG. The authors would like to recognize the special contributions of C.M. Heard and David Law.
7. References
7.1. Normative References
-
[RFC2026] Bradner, S., "The Internet Standards Process - Revision 3", BCP 9, RFC 2026, October 1996. [RFC2578] McCloghrie, K., Perkins, D. and J. Schoenwaelder, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2579] McCloghrie, K., Perkins, D. and J. Schoenwaelder, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D. and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3635] Flick, J., "Definitions of Managed Objects for the Ethernet-like Interface Types", RFC 3635, September 2003. [RFC3411] Harrington, D., Presuhn, R. and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, December 2002. [IEEE-802.3af] IEEE 802.3 Working Group, "IEEE Std 802.3af-2003 - Data Terminal Equipment (DTE) Power via Media Dependent Interface (MDI)", July 2003.
7.2. Informative References
-
[RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart, "Introduction and Applicability Statements for Internet-Standard Management Framework", RFC 3410, December 2002.
8. Intellectual Property Statement
-
The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director.
9. Security Considerations
-
There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations.
Setting the following object to incorrect values can result in improper operation of the PSE, including the possibility that the PD does not receive power from the PSE port:
-
pethPsePortAdminEnable
pethPsePortPowerPairs
pethPsePortPowerPriority
pethPsePortType
Setting the following objects to incorrect values can result in an excessive number of traps being sent to network management stations:
-
pethMainPseUsageThreshold
pethNotificationControlEnable
Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. These are:
-
pethPsePortPowerPairsControlAbility
pethPsePortPowerPriority
pethPsePortPowerClassifications
It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt their values when sending them over the network via SNMP.
SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module.
It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy).
Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them.
-
10. Authors' Addresses
-
Avi Berger PowerDsine Inc. 1, Hanagar St., P.O. Box 7220 Hod Hasharon 45421, Israel Phone: +972-9-7755100 Ext 307 Fax: +972-9-7755120 EMail: avib@PowerDsine.com
Dan Romascanu
Avaya
Atidim Technology Park, Bldg. #3
Tel Aviv, 61131
IsraelPhone: +972-3-645-8414 EMail: dromasca@avaya.com
11. Full Copyright Statement
-
Copyright © The Internet Society (2003). All Rights Reserved.
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assignees.
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
-
Funding for the RFC Editor function is currently provided by the Internet Society.