SUMMARY: NESTED | FIELD | | METHOD
DETAIL: FIELD | METHOD

Class IPS_IEEE8021xSettings

CIM_ManagedElement
   extended by CIM_SettingData
      extended by CIM_IEEE8021xSettings
         extended by IPS_IEEE8021xSettings


class IPS_IEEE8021xSettings
 extends CIM_IEEE8021xSettings


General 
Information:


Qualifiers:
-------------
Version=8.0.0









  
  

    Supported Fields 
      Summary

  

     uint8[32] 
      
    PSK 
A pre-shared key used 
      for pre-shared key EAP types such as EAP-PSK, EAP-SIM, and EAP-AKA.

  

     string 
      
    PACPassword 
      
Optional password to extract the PAC (Protected Access 
      Credential) information from the PAC data.

  

     uint8[32] 
      
    ProtectedAccessCredential 
      
A credential used by the supplicant and AAA server to establish 
      a mutually authenticated encrypted tunnel for confidential user 
      authentication.

  

     string 
      
    Domain 
The domain (also 
      known as realm) within which Username is unique.

  

     string 
      
    Password 
A password 
      associated with the user identified by Username within Domain.

  

     string 
      
    Username 
Identifies 
      the user requesting access to the network.

  

     uint16 
      
    ServerCertificateNameComparison 
      
The comparison algorithm that shall be used by the server to 
      validate the subject name field of the certificate presented by the AAA 
      server against the value of the ServerCertificateName property.

  

     string 
      
    ServerCertificateName 
The 
      name that shall be compared against the subject name field in the 
      certificate provided by the AAA server . . .

  

     string 
      
    RoamingIdentity 
      
A string presented to the authentication server in 802.1x 
      protocol exchange . . .

  

     uint16 
      
    AuthenticationProtocol 
      
AuthenticationProtocol shall indicate the desired EAP 
      (Extensible Authentication Protocol) type. * EAP-TLS (0): shall indicate 
      that the desired EAP type is the Transport Layer Security EAP type 
      specified in RFC 2716 . . .

  

     string 
      
    InstanceID Key  
Within the scope of the instantiating Namespace, 
      InstanceID opaquely and uniquely identifies an instance of this class . . 
      .

  

     string 
      
    ElementName 
The 
      user-friendly name for this instance of SettingData . . .

  

     uint32 
      
    PxeTimeout 
Timeout 
      in seconds, in which the Intel(R) AMT will hold an authenticated 802.1X 
      session . . .

  

     boolean 
      
    AvailableInS0 
      
Indicates the activity setting of the 802.1X module in S0 state 
      . . .

  

     uint32 
      
    Enabled 
Indicates 
      whether the 802.1x profile is enabled.




  
  

    Methods Summary

  

     uint32
    SetCertificates(REF 
      ServerCertificateIssuer, REF ClientCertificate) 
Set the 
      certificates associated with the 8021X profile.

  

     
    Put(Instance) 
Changes 
      properties of the selected instance

  

     
    Get(Instance) 
Gets the 
      representation of the instance

  

     
    Pull(EnumerationContext, 
      MaxElements) 
Pulls instances of this class, following an 
      Enumerate operation

  

     
    Enumerate() 
      
Enumerates the instances of this class

  

     
    Release(EnumerationContext) 
      
Releases an enumeration context




  
  

    Field 
Detail


PSK 
public uint8[32] PSK



  
General Information:
A pre-shared key used for pre-shared key 
  EAP types such as EAP-PSK, EAP-SIM, and 
  EAP-AKA.

Qualifiers:
-------------
OctetString
MappingStrings={RFC4764.IETF, 
  RFC4186.IETF, RFC4187.IETF}


  

  





PACPassword 
public string PACPassword



  
General Information:
Optional password to extract the PAC 
  (Protected Access Credential) information from the PAC 
  data.

Qualifiers:
-------------
MappingStrings={RFC4851.IETF}
MaxLen=256


  

  





ProtectedAccessCredential 
public uint8[32] ProtectedAccessCredential



  
General Information:
A credential used by the supplicant and AAA 
  server to establish a mutually authenticated encrypted tunnel for confidential 
  user authentication.

Product Specific Usage:
Additional 
  Notes: 
1) This field is relevant for EAP-FAST only. It is not required if 
  the server is configured for "PAC provisioning". 
  


Qualifiers:
-------------
OctetString
MappingStrings={RFC4851.IETF}


  

  





Domain 
public string Domain



  
General Information:
The domain (also known as realm) within 
  which Username is unique.

Product Specific Usage:
The Domain 
  string shouldn't contain the suffix, so the user name (Domain\user) will be 
  correct. 
If the Domain string contains a suffix (e.g. Domain = intel.com), 
  the user trying to authenticate will be of the form intel.com\user (instead of 
  intel\user) and thus authentication will 
  fail.

Qualifiers:
-------------
MappingStrings={draft-ietf-pppext-eap-ttls.IETF, 
  draft-kamath-pppext-peapv0.IETF, draft-josefsson-pppext-eap-tls-eap, 
  RFC4851.IETF, RFC3748.IETF, RFC4764.IETF, RFC4186.IETF, 
  RFC4187.IETF}
MaxLen=256


  

  





Password 
public string Password



  
General Information:
A password associated with the user 
  identified by Username within 
  Domain.

Qualifiers:
-------------
MappingStrings={draft-ietf-pppext-eap-ttls.IETF, 
  draft-kamath-pppext-peapv0.IETF, draft-josefsson-pppext-eap-tls-eap, 
  RFC4851.IETF, RFC3748.IETF}
MaxLen=256


  

  





Username 
public string Username



  
General Information:
Identifies the user requesting access to 
  the 
  network.

Qualifiers:
-------------
MappingStrings={RFC2716.IETF, 
  draft-ietf-pppext-eap-ttls.IETF, draft-kamath-pppext-peapv0.IETF, 
  draft-josefsson-pppext-eap-tls-eap, RFC4851.IETF, RFC3748.IETF, RFC4764.IETF, 
  RFC4186.IETF, RFC4187.IETF}
MaxLen=256


  

  





ServerCertificateNameComparison 
public uint16 ServerCertificateNameComparison



  
General Information:
The comparison algorithm that shall be used 
  by the server to validate the subject name field of the certificate presented 
  by the AAA server against the value of the ServerCertificateName 
  property.

Product Specific Usage:
This field is mandatory if 
  ServerCertificateName is 
  defined.

Qualifiers:
-------------
ValueMap={1, 2, 3, 
  ..}
Values={Other, FullName, DomainSuffix, DMTF 
  Reserved}
ModelCorrespondence={CIM_IEEE8021xSettings.ServerCertificateName}


  

  





ServerCertificateName 
public string ServerCertificateName



  
General Information:
The name that shall be compared against the 
  subject name field in the certificate provided by the AAA server. Shall 
  contain either the fully qualified domain name of the AAA server, in which 
  case ServerCertificateNameComparison shall contain "FullName", or the domain 
  suffix of the AAA server, in which case ServerCertificateNameComparison shall 
  contain "DomainSuffix".

Product Specific Usage:
This field is 
  optional. If not defined, the name is not checked. The authenticity of the 
  certificate is always 
  verified.

Qualifiers:
-------------
ModelCorrespondence={CIM_IEEE8021xSettings.ServerCertificateNameComparison}
MaxLen=256


  

  





RoamingIdentity 
public string RoamingIdentity



  
General Information:
A string presented to the authentication 
  server in 802.1x protocol exchange. The AAA server determines the format of 
  this string. Formats supported by AAA servers include: 
  <domain>\<username>, 
  <username>@<domain>.

Product Specific Usage:
This 
  string, if defined, is sent in response to 802.1x "request identity" as clear 
  text. If empty, the username is 
  sent.

Qualifiers:
-------------
MaxLen=256


  

  





AuthenticationProtocol 
public uint16 AuthenticationProtocol



  
General Information:
AuthenticationProtocol shall indicate the 
  desired EAP (Extensible Authentication Protocol) type.
* EAP-TLS (0): shall 
  indicate that the desired EAP type is the Transport Layer Security EAP type 
  specified in RFC 2716. If AuthenticationProtocol contains 0, Username should 
  not be null, ServerCertificateName and ServerCertificateNameComparison may be 
  null or not null, and RoamingIdentity, Password, Domain, 
  ProtectedAccessCredential, PACPassword, and PSK should be null.
* 
  EAP-TTLS/MSCHAPv2 (1): shall indicate that the desired EAP type is the 
  Tunneled TLS Authentication Protocol EAP type specified in 
  draft-ietf-pppext-eap-ttls, with Microsoft PPP CHAP Extensions, Version 2 
  (MSCHAPv2) as the inner authentication method. If AuthenticationProtocol 
  contains 1, Username and Password should not be null, RoamingIdentity, 
  ServerCertificateName, ServerCertificateNameComparison, and Domain may be null 
  or not null, and ProtectedAccessCredential, PACPassword, and PSK should be 
  null.
* PEAPv0/EAP-MSCHAPv2 (2): shall indicate that the desired EAP type 
  is the Protected Extensible Authentication Protocol (PEAP) Version 0 EAP type 
  specified in draft-kamath-pppext-peapv0, with Microsoft PPP CHAP Extensions, 
  Version 2 (MSCHAPv2) as the inner authentication method. If 
  AuthenticationProtocol contains2, Username and Password should not be null, 
  RoamingIdentity, ServerCertificateName, ServerCertificateNameComparison, and 
  Domain may be null or not null, and ProtectedAccessCredential, PACPassword, 
  and PSK should be null.
* PEAPv1/EAP-GTC (3): shall indicate that the 
  desired EAP type is the Protected Extensible Authentication Protocol (PEAP) 
  Version 1 EAP type specified in draft-josefsson-pppext-eap-tls-eap, with 
  Generic Token Card (GTC) as the inner authentication method. If 
  AuthenticationProtocol contains 3, Username and Password should not be null, 
  RoamingIdentity, ServerCertificateName, ServerCertificateNameComparison, and 
  Domain may be null or not null, and ProtectedAccessCredential, PACPassword, 
  and PSK should be null.
* EAP-FAST/MSCHAPv2 (4): shall indicate that the 
  desired EAP type is the Flexible Authentication Extensible Authentication 
  Protocol EAP type specified in IETF RFC 4851, with Microsoft PPP CHAP 
  Extensions, Version 2 (MSCHAPv2) as the inner authentication method. If 
  AuthenticationProtocol contains 4, Username and Password should not be null, 
  RoamingIdentity, ServerCertificateName, ServerCertificateNameComparison, 
  Domain, ProtectedAccessCredential, and PACPassword may be null or not null, 
  and PSK should be null.
* EAP-FAST/GTC (5): shall indicate that the desired 
  EAP type is the Flexible Authentication Extensible Authentication Protocol EAP 
  type specified in IETF RFC 4851, with Generic Token Card (GTC) as the inner 
  authentication method. If AuthenticationProtocol contains 5, Username and 
  Password should not be null, RoamingIdentity, ServerCertificateName, 
  ServerCertificateNameComparison, Domain, ProtectedAccessCredential, and 
  PACPassword may be null or not null, and PSK should be null.
* EAP-MD5 (6): 
  shall indicate that the desired EAP type is the EAP MD5 authentication method, 
  specified in RFC 3748. If AuthenticationProtocol contains 6, Username and 
  Password should not be null, Domain may be null or not null, and 
  RoamingIdentity, ServerCertificateName, ServerCertificateNameComparison, 
  ProtectedAccessCredential, PACPassword, and PSK should be null.
* EAP-PSK 
  (7): shall indicate that the desired EAP type is the EAP-PSK (Pre-Shared Key) 
  EAP type specified in RFC 4764. If AuthenticationProtocol contains 7, Username 
  and PSK should not be null, Domain and RoamingIdentity may be null or not 
  null, and Password, ServerCertificateName, ServerCertificateNameComparison, 
  ProtectedAccessCredential, and PACPassword should be null.
* EAP-SIM (8): 
  shall indicate that the desired EAP type is the Extensible Authentication 
  Protocol Method for Global System for Mobile Communications (GSM) Subscriber 
  Identity Modules (EAP-SIM), specified in RFC 4186. If AuthenticationProtocol 
  contains 8, Username and PSK should not be null, Domain and RoamingIdentity 
  may be null or not null, and Password, ServerCertificateName, 
  ServerCertificateNameComparison, ProtectedAccessCredential, and PACPassword 
  should be null.
* EAP-AKA (9): shall indicate that the desired EAP type is 
  the EAP Method for 3rd Generation Authentication and Key Agreement (EAP-AKA), 
  specified in RFC 4187. If AuthenticationProtocol contains 9, Username and PSK 
  should not be null, Domain and RoamingIdentity may be null or not null, and 
  Password, ServerCertificateName, ServerCertificateNameComparison, 
  ProtectedAccessCredential, and PACPassword should be null.
* EAP-FAST/TLS 
  (10): shall indicate that the desired EAP type is the Flexible Authentication 
  EAP type specified in IETF RFC 4851, with TLS as the inner authentication 
  method. If AuthenticationProtocol contains 10, Username and Password should 
  not be null, RoamingIdentity, ServerCertificateName, 
  ServerCertificateNameComparison, Domain, ProtectedAccessCredential, and 
  PACPassword may be null or not null, and PSK should be null.

Product 
  Specific Usage:
Note: Actual values of AuthenticationProtocol follow 
  legacy interface: 
ValueMap = [0, 1, 2, 3, 4, 5, 6] 
Values = [TLS, 
  TTLS_MSCHAPv2, PEAP_MSCHAPv2, EAP_GTC, EAPFAST_MSCHAPv2, EAPFAST_GTC, 
  EAPFAST_TLS] 


Qualifiers:
-------------
ValueMap={0, 
  1, 2, 3, 4, 5, 6, 7, 8, 9, 10, ..}
Values={EAP-TLS, EAP-TTLS/MSCHAPv2, 
  PEAPv0/EAP-MSCHAPv2, PEAPv1/EAP-GTC, EAP-FAST/MSCHAPv2, EAP-FAST/GTC, EAP-MD5, 
  EAP-PSK, EAP-SIM, EAP-AKA, EAP-FAST/TLS, DMTF 
  Reserved}
MappingStrings={RFC4017.IETF, RFC2716.IETF, 
  draft-ietf-pppext-eap-ttls.IETF, draft-kamath-pppext-peapv0.IETF, 
  draft-josefsson-pppext-eap-tls-eap, RFC4851.IETF, RFC3748.IETF, RFC4764.IETF, 
  RFC4186.IETF, RFC4187.IETF}


  

  





InstanceID Key 
public string InstanceID



  
General Information:
Within the scope of the instantiating 
  Namespace, InstanceID opaquely and uniquely identifies an instance of this 
  class. To ensure uniqueness within the NameSpace, the value of InstanceID 
  should be constructed using the following "preferred" algorithm: 
  
<OrgID>:<LocalID> 
Where <OrgID> and <LocalID> 
  are separated by a colon (:), and where <OrgID> must include a 
  copyrighted, trademarked, or otherwise unique name that is owned by the 
  business entity that is creating or defining the InstanceID or that is a 
  registered ID assigned to the business entity by a recognized global 
  authority. (This requirement is similar to the <Schema Name>_<Class 
  Name> structure of Schema class names.) In addition, to ensure uniqueness, 
  <OrgID> must not contain a colon (:). When using this algorithm, the 
  first colon to appear in InstanceID must appear between <OrgID> and 
  <LocalID>. 
<LocalID> is chosen by the business entity and 
  should not be reused to identify different underlying (real-world) elements. 
  If the above "preferred" algorithm is not used, the defining entity must 
  assure that the resulting InstanceID is not reused across any InstanceIDs 
  produced by this or other providers for the NameSpace of this instance. 
  
For DMTF-defined instances, the "preferred" algorithm must be used with 
  the <OrgID> set to 
  CIM.

Qualifiers:
-------------
Key
Override=InstanceID
MaxLen=40


  

  





ElementName 
public string ElementName



  
General Information:
The user-friendly name for this instance of 
  SettingData. In addition, the user-friendly name can be used as an index 
  property for a search or query. (Note: The name does not have to be unique 
  within a 
  namespace.)

Qualifiers:
-------------
Required
Override=ElementName
MaxLen=40


  

  





PxeTimeout 
public uint32 PxeTimeout



  
General Information:
Timeout in seconds, in which the Intel(R) 
  AMT will hold an authenticated 802.1X session. During the defined period, 
  Intel(R) AMT manages the 802.1X negotiation while a PXE boot takes place. 
  After the timeout, control of the negotiation passes to the host. 
The 
  maximum value is 86400 seconds (one day).
A value of 0 disables the 
  feature. 
If this optional value is omitted, Intel(R) AMT sets a default 
  value of 120 seconds.

  

  





AvailableInS0 
public boolean AvailableInS0



  
General Information:
Indicates the activity setting of the 
  802.1X module in S0 state. The default value for this property is 
  'true'.

Product Specific Usage:
Functionality: when FALSE, 
  AMT is not accessible (over 802.1x enabled port) in case the host is in S0 but 
  fails to authenticate to the server. 
When TRUE, AMT handles the 
  authentication in this case (but the host still can't be accessed until it 
  authenticates successfully). 
If 802.1X is not configured, this API may 
  still succeed as the setting may be stored for future use. 
The default 
  factory setting is TRUE. 


  

  





Enabled 
public uint32 Enabled



  
General Information:
Indicates whether the 802.1x profile is 
  enabled.

Qualifiers:
-------------
Required
ValueMap={0..1, 
  2, 3, 4..5, 6, 7..}
Values={Reserved, Enabled, Disabled, Reserved1, Enabled 
  Without Certificates, Reserved2}


  

  






  
  

    Method 
Detail


SetCertificates
public uint32 SetCertificates([IN]REF AMT_PublicKeyCertificate ServerCertificateIssuer, [IN]REF AMT_PublicKeyCertificate ClientCertificate)



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_ADMINISTRATION_REALM

General Information:
Set 
  the certificates associated with the 8021X 
  profile.

Qualifiers:
-------------
ValueMap={0, 1, 
  2..}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, 
  Reserved}


Parameters:
--------------

  

    
ServerCertificateIssuer 
    
General Information:
The trusted root CA that should be used 
    while verifying the server 
    certificate.

Qualifiers:
-------------
IN


    
ClientCertificate 
    
General Information:
The client certificate that should be 
    used by the 
    profile.

Qualifiers:
-------------
IN







Put
public  Put([IN]IPS_IEEE8021xSettings Instance)



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_ADMINISTRATION_REALM

General 
  Information:
Changes properties of the selected 
  instance

Product Specific Usage:
The following properties 
  must be included in any representation of IPS_IEEE8021xSettings: 
  

InstanceID 
ElementName 






Get
public  Get([OUT]IPS_IEEE8021xSettings Instance)



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_ADMINISTRATION_REALM, 
  ADMIN_SECURITY_GENERAL_INFO_REALM

General Information:
Gets 
  the representation of the instance





Pull
public  Pull([IN]String EnumerationContext, [IN]String MaxElements)



  
Permission Information:
All users permitted to use method, only 
  instances to whom the user has permissions will be returned

General 
  Information:
Pulls instances of this class, following an Enumerate 
  operation





Enumerate
public  Enumerate()



  
Permission Information:
All users permitted to use 
  method

General Information:
Enumerates the instances of this 
  class





Release
public  Release([IN]String EnumerationContext)



  
Permission Information:
All users permitted to use 
  method

General Information:
Releases an enumeration 
  context






  
  

    SUMMARY: NESTED | FIELD | METHOD
  

  

    DETAIL: FIELD | METHOD



  
  

    
      
Copyright © 2006-2022, Intel 
      Corporation. All rights 
reserved.