RFC3621
Network Working Group A. Berger Request for Comments: 3621 PowerDsine Inc. Category: Standards Track D. Romascanu
Avaya
December 2003
Power Ethernet MIB
Status of this Memo
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract
This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. This document proposes an extension to the Ethernet-like Interfaces MIB with a set of objects for managing Power Sourcing Equipment (PSE).
Contents
Introduction
This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it defines a set of MIB objects to manage Power Ethernet [IEEE-802.3af] Power Sourcing Equipment (PSE).
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC2119.
The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 RFC3410.
Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 RFC2578, STD 58, RFC 2579 RFC2579 and STD 58, RFC 2580 RFC2580.
Overview
The emergence of IP telephony as an application that allows voice applications to be run over the same infrastructure as data applications has led to the emergence of Ethernet IP phones, which have similar functions and characteristics as traditional phones. Powering the phone with the same cable used for signal transfer is one of the functions that are being taken as granted. The IEEE 802.3 Working Group has initiated standardization on this subject, currently known as the IEEE 802.3af work [IEEE-802.3af].
The IEEE 802.3af WG did not define a full management interface, but only the hardware registers that will allow for management interfaces to be built for a powered Ethernet device. The MIB module defined in this document extends the Ethernet-like Interfaces MIB RFC3635 with the management objects required for the management of the powered Ethernet devices and ports.
The following abbreviations are defined in [IEEE-802.3af] and will be used with the same significance in this document:
PSE - Power Sourcing Equipment;
PD - Powered Device
MIB Structure
These MIB objects are categorized into three MIB groups.
The pethPsePortTable defines the objects used for configuring and describing the status of ports on a PSE device. Examples of PSE devices are Ethernet switches that support power Ethernet and mid- span boxes.
The pethMainPseObjects MIB group defines the management objects for a managed main power source in a PSE device. Ethernet switches are one example of boxes that would support these objects.
The pethNotificationControlTable includes objects that control the transmission of notifications from the agent to a management application.
Definitions
POWER-ETHERNET-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, mib-2, OBJECT-TYPE, Integer32,
Gauge32, Counter32, NOTIFICATION-TYPE
FROM SNMPv2-SMI
TruthValue
FROM SNMPv2-TC
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
FROM SNMPv2-CONF
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB;
powerEthernetMIB MODULE-IDENTITY
LAST-UPDATED "200311240000Z" -- November 24, 2003
ORGANIZATION "IETF Ethernet Interfaces and Hub MIB
Working Group"
CONTACT-INFO
"
WG Charter:
http://www.ietf.org/html.charters/hubmib-charter.html
Mailing lists:
General Discussion: [email protected]
To Subscribe: [email protected]
In Body: subscribe your_email_address
Chair: Dan Romascanu
Avaya
Tel: +972-3-645-8414
Email: [email protected]
Editor: Avi Berger
PowerDsine Inc.
Tel: 972-9-7755100 Ext 307
Fax: 972-9-7755120
E-mail: [email protected]
"
DESCRIPTION
"The MIB module for managing Power Source Equipment
(PSE) working according to the IEEE 802.af Powered
Ethernet (DTE Power via MDI) standard.
The following terms are used throughout this
MIB module. For complete formal definitions,
the IEEE 802.3 standards should be consulted
wherever possible:
Group - A recommended, but optional, entity
defined by the IEEE 802.3 management standard,
in order to support a modular numbering scheme.
The classical example allows an implementor to
represent field-replaceable units as groups of
ports, with the port numbering matching the
modular hardware implementation.
Port - This entity identifies the port within the group
for which this entry contains information. The numbering
scheme for ports is implementation specific.
Copyright (c) The Internet Society (2003). This version
of this MIB module is part of RFC 3621; See the RFC
itself for full legal notices."
REVISION "200311240000Z" -- November 24, 2003 DESCRIPTION "Initial version, published as RFC 3621." ::= { mib-2 105 }
pethNotifications OBJECT IDENTIFIER ::= { powerEthernetMIB 0 } pethObjects OBJECT IDENTIFIER ::= { powerEthernetMIB 1 } pethConformance OBJECT IDENTIFIER ::= { powerEthernetMIB 2 }
-- PSE Objects
pethPsePortTable OBJECT-TYPE
SYNTAX SEQUENCE OF PethPsePortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table of objects that display and control the power
characteristics of power Ethernet ports on a Power Source
Entity (PSE) device. This group will be implemented in
managed power Ethernet switches and mid-span devices.
Values of all read-write objects in this table are
persistent at restart/reboot."
::= { pethObjects 1 }
pethPsePortEntry OBJECT-TYPE
SYNTAX PethPsePortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A set of objects that display and control the power
characteristics of a power Ethernet PSE port."
INDEX { pethPsePortGroupIndex , pethPsePortIndex }
::= { pethPsePortTable 1 }
PethPsePortEntry ::= SEQUENCE {
pethPsePortGroupIndex
Integer32,
pethPsePortIndex
Integer32,
pethPsePortAdminEnable
TruthValue,
pethPsePortPowerPairsControlAbility
TruthValue,
pethPsePortPowerPairs
INTEGER,
pethPsePortDetectionStatus
INTEGER,
pethPsePortPowerPriority
INTEGER,
pethPsePortMPSAbsentCounter
Counter32,
pethPsePortType
SnmpAdminString,
pethPsePortPowerClassifications
INTEGER,
pethPsePortInvalidSignatureCounter
Counter32,
pethPsePortPowerDeniedCounter
Counter32,
pethPsePortOverLoadCounter
Counter32,
pethPsePortShortCounter
Counter32
}
pethPsePortGroupIndex OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This variable uniquely identifies the group
containing the port to which a power Ethernet PSE is
connected. Group means box in the stack, module in a
rack and the value 1 MUST be used for non-modular devices.
Furthermore, the same value MUST be used in this variable,
pethMainPseGroupIndex, and pethNotificationControlGroupIndex
to refer to a given box in a stack or module in the rack."
::= { pethPsePortEntry 1 }
pethPsePortIndex OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This variable uniquely identifies the power Ethernet PSE
port within group pethPsePortGroupIndex to which the
power Ethernet PSE entry is connected."
::= { pethPsePortEntry 2 }
pethPsePortAdminEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"true (1) An interface which can provide the PSE functions.
false(2) The interface will act as it would if it had no PSE
function."
REFERENCE
"IEEE Std 802.3af Section 30.9.1.1.2 aPSEAdminState"
::= { pethPsePortEntry 3 }
pethPsePortPowerPairsControlAbility OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Describes the capability of controlling the power pairs
functionality to switch pins for sourcing power.
The value true indicate that the device has the capability
to control the power pairs. When false the PSE Pinout
Alternative used cannot be controlled through the
PethPsePortAdminEnable attribute."
REFERENCE
"IEEE Std 802.3af Section 30.9.1.1.3
aPSEPowerPairsControlAbility"
::= { pethPsePortEntry 4 }
pethPsePortPowerPairs OBJECT-TYPE
SYNTAX INTEGER {
signal(1),
spare(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Describes or controls the pairs in use. If the value of
pethPsePortPowerPairsControl is true, this object is
writable.
A value of signal(1) means that the signal pairs
only are in use.
A value of spare(2) means that the spare pairs
only are in use."
REFERENCE
"IEEE Std 802.3af Section 30.9.1.1.4 aPSEPowerPairs"
::= { pethPsePortEntry 5 }
pethPsePortDetectionStatus OBJECT-TYPE
SYNTAX INTEGER {
disabled(1),
searching(2),
deliveringPower(3),
fault(4),
test(5),
otherFault(6)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Describes the operational status of the port PD detection.
A value of disabled(1)- indicates that the PSE State diagram
is in the state DISABLED.
A value of deliveringPower(3) - indicates that the PSE State
diagram is in the state POWER_ON for a duration greater than
tlim max (see IEEE Std 802.3af Table 33-5 tlim).
A value of fault(4) - indicates that the PSE State diagram is
in the state TEST_ERROR.
A value of test(5) - indicates that the PSE State diagram is
in the state TEST_MODE.
A value of otherFault(6) - indicates that the PSE State
diagram is in the state IDLE due to the variable
error_conditions.
A value of searching(2)- indicates the PSE State diagram is
in a state other than those listed above."
REFERENCE
"IEEE Std 802.3af Section 30.9.1.1.5
aPSEPowerDetectionStatus"
::= { pethPsePortEntry 6 }
pethPsePortPowerPriority OBJECT-TYPE
SYNTAX INTEGER {
critical(1),
high(2),
low(3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object controls the priority of the port from the point
of view of a power management algorithm. The priority that
is set by this variable could be used by a control mechanism
that prevents over current situations by disconnecting first
ports with lower power priority. Ports that connect devices
critical to the operation of the network - like the E911
telephones ports - should be set to higher priority."
::= { pethPsePortEntry 7 }
pethPsePortMPSAbsentCounter OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This counter is incremented when the PSE state diagram
transitions directly from the state POWER_ON to the
state IDLE due to tmpdo_timer_done being asserted."
REFERENCE
"IEEE Std 802.3af Section 30.9.1.1.11
aPSEMPSAbsentCounter"
::= { pethPsePortEntry 8 }
pethPsePortType OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A manager will set the value of this variable to indicate
the type of powered device that is connected to the port.
The default value supplied by the agent if no value has
ever been set should be a zero-length octet string."
::= { pethPsePortEntry 9 }
pethPsePortPowerClassifications OBJECT-TYPE
SYNTAX INTEGER {
class0(1),
class1(2),
class2(3),
class3(4),
class4(5)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Classification is a way to tag different terminals on the
Power over LAN network according to their power consumption.
Devices such as IP telephones, WLAN access points and others,
will be classified according to their power requirements.
The meaning of the classification labels is defined in the
IEEE specification.
This variable is valid only while a PD is being powered,
that is, while the attribute pethPsePortDetectionStatus
is reporting the enumeration deliveringPower."
REFERENCE
"IEEE Std 802.3af Section 30.9.1.1.6
aPSEPowerClassification"
- = { pethPsePortEntry 10 }
pethPsePortInvalidSignatureCounter OBJECT-TYPE
SYNTAX Counter32 MAX-ACCESS read-only STATUS current
DESCRIPTION
"This counter is incremented when the PSE state diagram
enters the state SIGNATURE_INVALID."
REFERENCE
"IEEE Std 802.3af Section 30.9.1.1.7
aPSEInvalidSignatureCounter"
::= { pethPsePortEntry 11 }
pethPsePortPowerDeniedCounter OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This counter is incremented when the PSE state diagram
enters the state POWER_DENIED."
REFERENCE
"IEEE Std 802.3af Section 30.9.1.1.8
aPSEPowerDeniedCounter"
::= { pethPsePortEntry 12 }
pethPsePortOverLoadCounter OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This counter is incremented when the PSE state diagram
enters the state ERROR_DELAY_OVER."
REFERENCE
"IEEE Std 802.3af Section 30.9.1.1.9
aPSEOverLoadCounter"
::= { pethPsePortEntry 13 }
pethPsePortShortCounter OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This counter is incremented when the PSE state diagram
enters the state ERROR_DELAY_SHORT."
REFERENCE
"IEEE Std 802.3af Section 30.9.1.1.10
aPSEShortCounter"
::= { pethPsePortEntry 14 }
-- Main PSE Objects
pethMainPseObjects OBJECT IDENTIFIER ::= { pethObjects 3 }
pethMainPseTable OBJECT-TYPE
SYNTAX SEQUENCE OF PethMainPseEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table of objects that display and control attributes
of the main power source in a PSE device. Ethernet
switches are one example of boxes that would support
these objects.
Values of all read-write objects in this table are
persistent at restart/reboot."
::= { pethMainPseObjects 1 }
pethMainPseEntry OBJECT-TYPE
SYNTAX PethMainPseEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A set of objects that display and control the Main
power of a PSE. "
INDEX { pethMainPseGroupIndex }
::= { pethMainPseTable 1 }
PethMainPseEntry ::= SEQUENCE {
pethMainPseGroupIndex
Integer32,
pethMainPsePower
Gauge32 ,
pethMainPseOperStatus
INTEGER,
pethMainPseConsumptionPower
Gauge32,
pethMainPseUsageThreshold
Integer32
}
pethMainPseGroupIndex OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This variable uniquely identifies the group to which
power Ethernet PSE is connected. Group means (box in
the stack, module in a rack) and the value 1 MUST be
used for non-modular devices. Furthermore, the same
value MUST be used in this variable, pethPsePortGroupIndex,
and pethNotificationControlGroupIndex to refer to a
given box in a stack or module in a rack."
::= { pethMainPseEntry 1 }
pethMainPsePower OBJECT-TYPE
SYNTAX Gauge32 (1..65535)
UNITS "Watts"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The nominal power of the PSE expressed in Watts."
::= { pethMainPseEntry 2 }
pethMainPseOperStatus OBJECT-TYPE
SYNTAX INTEGER {
on(1),
off(2),
faulty(3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The operational status of the main PSE."
::= { pethMainPseEntry 3 }
pethMainPseConsumptionPower OBJECT-TYPE
SYNTAX Gauge32
UNITS "Watts"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Measured usage power expressed in Watts."
::= { pethMainPseEntry 4 }
pethMainPseUsageThreshold OBJECT-TYPE
SYNTAX Integer32 (1..99)
UNITS "%"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The usage threshold expressed in percents for
comparing the measured power and initiating
an alarm if the threshold is exceeded."
::= { pethMainPseEntry 5 }
-- Notification Control Objects
pethNotificationControl OBJECT IDENTIFIER ::= { pethObjects 4 }
pethNotificationControlTable OBJECT-TYPE
SYNTAX SEQUENCE OF PethNotificationControlEntry MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table of objects that display and control the
Notification on a PSE device.
Values of all read-write objects in this table are
persistent at restart/reboot."
::= { pethNotificationControl 1 }
pethNotificationControlEntry OBJECT-TYPE
SYNTAX PethNotificationControlEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A set of objects that control the Notification events."
INDEX { pethNotificationControlGroupIndex }
::= { pethNotificationControlTable 1 }
PethNotificationControlEntry ::= SEQUENCE {
pethNotificationControlGroupIndex
Integer32,
pethNotificationControlEnable
TruthValue
}
pethNotificationControlGroupIndex OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This variable uniquely identifies the group. Group
means box in the stack, module in a rack and the value
1 MUST be used for non-modular devices. Furthermore,
the same value MUST be used in this variable,
pethPsePortGroupIndex, and
pethMainPseGroupIndex to refer to a given box in a
stack or module in a rack. "
::= { pethNotificationControlEntry 1 }
pethNotificationControlEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object controls, on a per-group basis, whether
or not notifications from the agent are enabled. The
value true(1) means that notifications are enabled; the
value false(2) means that they are not."
::= { pethNotificationControlEntry 2 }
-- -- Notifications Section -- --
pethPsePortOnOffNotification NOTIFICATION-TYPE
OBJECTS { pethPsePortDetectionStatus }
STATUS current
DESCRIPTION
" This Notification indicates if Pse Port is delivering or
not power to the PD. This Notification SHOULD be sent on
every status change except in the searching mode.
At least 500 msec must elapse between notifications
being emitted by the same object instance."
::= { pethNotifications 1 }
pethMainPowerUsageOnNotification NOTIFICATION-TYPE
OBJECTS { pethMainPseConsumptionPower }
STATUS current
DESCRIPTION
" This Notification indicate PSE Threshold usage
indication is on, the usage power is above the
threshold. At least 500 msec must elapse between
notifications being emitted by the same object
instance."
::= { pethNotifications 2 }
pethMainPowerUsageOffNotification NOTIFICATION-TYPE
OBJECTS { pethMainPseConsumptionPower }
STATUS current
DESCRIPTION
" This Notification indicates PSE Threshold usage indication
off, the usage power is below the threshold.
At least 500 msec must elapse between notifications being
emitted by the same object instance."
::= { pethNotifications 3 }
-- -- Conformance Section -- pethCompliances OBJECT IDENTIFIER ::= { pethConformance 1 } pethGroups OBJECT IDENTIFIER ::= { pethConformance 2 }
pethCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Describes the requirements for conformance to the
Power Ethernet MIB."
MODULE -- this module
MANDATORY-GROUPS { pethPsePortGroup,
pethPsePortNotificationGroup,
pethNotificationControlGroup
}
GROUP pethMainPseGroup
DESCRIPTION
"The pethMainPseGroup is mandatory for PSE systems
that implement a main power supply."
GROUP pethMainPowerNotificationGroup
DESCRIPTION
"The pethMainPowerNotificationGroup is mandatory for
PSE systems that implement a main power supply."
::= { pethCompliances 1 }
pethPsePortGroup OBJECT-GROUP
OBJECTS {
pethPsePortAdminEnable,
pethPsePortPowerPairsControlAbility,
pethPsePortPowerPairs,
pethPsePortDetectionStatus,
pethPsePortPowerPriority,
pethPsePortMPSAbsentCounter,
pethPsePortInvalidSignatureCounter,
pethPsePortPowerDeniedCounter,
pethPsePortOverLoadCounter,
pethPsePortShortCounter,
pethPsePortType,
pethPsePortPowerClassifications
}
STATUS current
DESCRIPTION
"PSE Port objects."
::= { pethGroups 1 }
pethMainPseGroup OBJECT-GROUP
OBJECTS {
pethMainPsePower,
pethMainPseOperStatus,
pethMainPseConsumptionPower,
pethMainPseUsageThreshold
}
STATUS current
DESCRIPTION
"Main PSE Objects. "
::= { pethGroups 2 }
pethNotificationControlGroup OBJECT-GROUP
OBJECTS {
pethNotificationControlEnable
}
STATUS current
DESCRIPTION
"Notification Control Objects. "
::= { pethGroups 3 }
pethPsePortNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS { pethPsePortOnOffNotification}
STATUS current
DESCRIPTION "Pse Port Notifications."
::= { pethGroups 4 }
pethMainPowerNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS { pethMainPowerUsageOnNotification,
pethMainPowerUsageOffNotification}
STATUS current
DESCRIPTION "Main PSE Notifications."
::= { pethGroups 5 }
END
Acknowledgements
This document is the product of the Ethernet Interfaces and Hub MIB WG. The authors would like to recognize the special contributions of C.M. Heard and David Law.
References
Normative References
RFC2026 Bradner, S., "The Internet Standards Process -
Revision 3", BCP 9, RFC 2026, October 1996.
RFC2578 McCloghrie, K., Perkins, D. and J. Schoenwaelder,
"Structure of Management Information Version 2
(SMIv2)", STD 58, RFC 2578, April 1999.
RFC2579 McCloghrie, K., Perkins, D. and J. Schoenwaelder,
"Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999.
RFC2580 McCloghrie, K., Perkins, D. and J. Schoenwaelder,
"Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999.
RFC2119 Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
RFC3635 Flick, J., "Definitions of Managed Objects for the
Ethernet-like Interface Types", RFC 3635, September 2003.
RFC3411 Harrington, D., Presuhn, R. and B. Wijnen, "An
Architecture for Describing Simple Network Management
Protocol (SNMP) Management Frameworks", STD 62, RFC
3411, December 2002.
[IEEE-802.3af] IEEE 802.3 Working Group, "IEEE Std 802.3af-2003 -
Data Terminal Equipment (DTE) Power via Media
Dependent Interface (MDI)", July 2003.
Informative References
RFC3410 Case, J., Mundy, R., Partain, D. and B. Stewart,
"Introduction and Applicability Statements for
Internet-Standard Management Framework", RFC 3410,
December 2002.
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director.
Security Considerations
There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations.
Setting the following object to incorrect values can result in improper operation of the PSE, including the possibility that the PD does not receive power from the PSE port:
pethPsePortAdminEnable pethPsePortPowerPairs pethPsePortPowerPriority pethPsePortType
Setting the following objects to incorrect values can result in an excessive number of traps being sent to network management stations:
pethMainPseUsageThreshold pethNotificationControlEnable
Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. These are:
pethPsePortPowerPairsControlAbility pethPsePortPowerPriority pethPsePortPowerClassifications
It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt their values when sending them over the network via SNMP.
SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module.
It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see RFC3410, section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy).
Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them.
10. Authors' Addresses
Avi Berger PowerDsine Inc. 1, Hanagar St., P.O. Box 7220 Hod Hasharon 45421, Israel
Phone: +972-9-7755100 Ext 307 Fax: +972-9-7755120 EMail: [email protected]
Dan Romascanu Avaya Atidim Technology Park, Bldg. #3 Tel Aviv, 61131 Israel
Phone: +972-3-645-8414 EMail: [email protected]
11. Full Copyright Statement
Copyright (C) The Internet Society (2003). All Rights Reserved.
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assignees.
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the Internet Society.
