AD | Application | AWS | Azure | Cloud | Database | Enterprise | Environmental | Event Log | File System | IoT | IT Service | Network/System | Infra | Performance | Protocol | SaaS | Security | Service Level | Storage | Linux | VMware | VoIP | Web | Wireless | SNMP

Crumbtrail

MonitorTools.com » Technical documentation » SNMP » MIB » Enterasys Networks » ENTERASYS-POLICY-PROFILE-MIB

ENTERASYS-POLICY-PROFILE-MIB device MIB details by Enterasys Networks

ENTERASYS-POLICY-PROFILE-MIB file content

The SNMP protocol is used to for conveying information and commands between agents and managing entities. SNMP uses the User Datagram Protocol (UDP) as the transport protocol for passing data between managers and agents. The reasons for using UDP for SNMP are, firstly it has low overheads in comparison to TCP, which uses a 3-way hand shake for connection. Secondly, in congested networks, SNMP over TCP is a bad idea because TCP in order to maintain reliability will flood the network with retransmissions.

Management information (MIB) is represented as a collection of managed objects. These objects together form a virtual information base called MIB. An agent may implement many MIBs, but all agents must implement a particular MIB called MIB-II [16]. This standard defines variables for things such as interface statistics (interface speeds, MTU, octets sent, octets received, etc.) as well as various other things pertaining to the system itself (system location, system contact, etc.). The main goal of MIB-II is to provide general TCP/IP management information.

Use ActiveXperts Network Monitor 2024 to import vendor-specific MIB files, inclusing ENTERASYS-POLICY-PROFILE-MIB.


Vendor: Enterasys Networks
Mib: ENTERASYS-POLICY-PROFILE-MIB  [download]  [view objects]
Tool: ActiveXperts Network Monitor 2024 [download]    (ships with advanced SNMP/MIB tools)
ENTERASYS-POLICY-PROFILE-MIB DEFINITIONS ::= BEGIN

--  enterasys-policy-profile-mib.txt
--
--  Part Number:
--
--

--  This module provides authoritative definitions for Enterasys
--  Networks' user policy profile functionality.

--
--  This module will be extended, as needed.

--  Enterasys Networks reserves the right to make changes in this
--  specification and other information contained in this document
--  without prior notice.  The reader should consult Enterasys Networks
--  to determine whether any such changes have been made.
--
--  In no event shall Enterasys Networks be liable for any incidental,
--  indirect, special, or consequential damages whatsoever (including
--  but not limited to lost profits) arising out of or related to this
--  document or the information contained in it, even if Enterasys
--  Networks has been advised of, known, or should have known, the
--  possibility of such damages.
--
--  Enterasys Networks grants vendors, end-users, and other interested
--  parties a non-exclusive license to use this Specification in
--  connection with the management of Enterasys Networks products.

--  Copyright 2001-2004 Enterasys Networks, Inc.


IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, Integer32, TimeTicks, Unsigned32,
        Gauge32, Counter32
        FROM SNMPv2-SMI
    RowStatus, RowPointer, TEXTUAL-CONVENTION, TruthValue, StorageType
        FROM SNMPv2-TC
    MODULE-COMPLIANCE, OBJECT-GROUP
        FROM SNMPv2-CONF
    SnmpAdminString
        FROM SNMP-FRAMEWORK-MIB
    dot1dBasePort
        FROM BRIDGE-MIB
    PortList
        FROM Q-BRIDGE-MIB
    EnabledStatus
        FROM P-BRIDGE-MIB
    StationAddressType, StationAddress
        FROM ENTERASYS-UPN-TC-MIB
    etsysModules
        FROM ENTERASYS-MIB-NAMES;

etsysPolicyProfileMIB  MODULE-IDENTITY
    LAST-UPDATED "200404022035Z"  -- Fri Apr  2 20:35 GMT 2004
    ORGANIZATION "Enterasys Networks, Inc"
    CONTACT-INFO
        "Postal:  Enterasys Networks
                  50 Minuteman Rd.
                  Andover, MA 01810-1008
                  USA
         Phone:   +1 978 684 1000
         E-mail:  support@enterasys.com
         WWW:     http://www.enterasys.com"

    DESCRIPTION
        "This MIB module defines a portion of the SNMP enterprise 
         MIBs under the Enterasys enterprise OID pertaining to the 
         mapping of per user policy profiles for Enterasys network
         edge devices or access products."

    REVISION "200404022035Z"  -- Fri Apr  2 20:35 GMT 2004
    DESCRIPTION
        "Added the etsysPolicyRuleOperPid leaf to
         etsysPolicyRuleTable."

    REVISION "200403251803Z"  -- Thu Mar 25 18:03 GMT 2004
    DESCRIPTION
        "Added capabilities objects, status for profile assignment
         override, dynamic profile summary list, and notification
         configuration for dynamic rules."

    REVISION "200402032200Z"  -- Tue Feb  3 22:00 GMT 2004
    DESCRIPTION
        "Replaced StationIdentifierType with StationAddressType 
         and StationIdentifier with StationAddress to match new
         revision of ENTERASYS-UPN-TC-MIB." 
    
    REVISION "200402031533Z"  -- Tue Feb  3 15:33 GMT 2004
    DESCRIPTION
        "Replaced StationIdentifierTypeTC with StationIdentifierType
         and moved it to the ENTERASYS-UPN-TC-MIB, and replaced
         InetAddress with StationIdentifier from the same MIB module."

    REVISION "200401192143Z"  -- Mon Jan 19 21:43 GMT 2004
    DESCRIPTION
        "Added PolicyClassificationRuleType TEXTUAL-CONVENTION.
         Added the etsysPolicyProfileOverwriteTCI and
         etsysPolicyProfileRulePrecedence leaves to the 
         EtsysPolicyProfileEntry.  Added the etsysPolicyRules
         group for accounting of policy usage.  Additionally,
         the range syntax of several objects has been clarified.
         The etsysPolicyClassificationGroup and the 
         etsysPortPolicyProfileTable have been deprecated, 
         as they have been replaced by the etsysPolicyRulesGroup."

    REVISION "200311041716Z"  -- Tue Nov  4 17:16 GMT 2003
    DESCRIPTION
        "Added etsysPolicyMap object group in support of RFC 3580 and 
         Enterasys Technical Standard TS-07."

    REVISION "200302062259Z"  -- Thu Feb  6 22:59 GMT 2003
    DESCRIPTION
        "Added etsysDevicePolicyProfileDefault to provide managed
         entities, that cannot support complete policies on a per
         port basis, a global policy to augment what policies they
         can provide on a per port basis.
         Added etsysPolicyCapabilities to provide management agents
         a straight forward method to ascertain the capabilities of
         the managed entity."

    REVISION "200209171453Z"  -- Tue Sep 17 14:53 GMT 2002
    DESCRIPTION
        "Added Port ID information in the Station table, for
         ease of cross reference."

    REVISION "200207191337Z"  -- Fri Jul 19 13:37 GMT 2002
    DESCRIPTION
        "This version incorporates enhancements to support Station
         based policy provisioning, as well as other UPN related
         enhancements." 

    REVISION "200106112000Z"  --  Mon Jun 11 20:00 GMT 2001
    DESCRIPTION
        "This version modified the MODULE-IDENTITY statement to
         resolve an issue importing this MIB into some older MIB Tools.

         In the SEQUENCE for the etsysPortPolicyProfileTable the first
         object was incorrectly defined as etsysPortPolicyProfileIndex,
         this was corrected to read etsysPortPolicyProfileIndexType.

         Several misspelled words were corrected.

         Finally, the INDEX for the etsysPortPolicyProfileSummaryTable
         was corrected to index the table by policy index as well as 
         the type of port for each entry in the table."

    REVISION "200101090000Z"
    DESCRIPTION
        "The initial version of this MIB module."
    ::= { etsysModules 6 }


-- -------------------------------------------------------------
-- Textual Conventions
-- -------------------------------------------------------------

PolicyProfileIDTC  ::=  TEXTUAL-CONVENTION
    STATUS  current
    DESCRIPTION
        "This textual convention maps out to the possible 
         policyProfileIndex values.  It also allows for a value of 
         zero.  A value of zero (0) indicates that the given port 
         should not follow any policy profile."
    SYNTAX  Integer32 (0|1..65535)

PortPolicyProfileIndexTypeTC  ::=  TEXTUAL-CONVENTION
    STATUS  current
    DESCRIPTION
        "This textual convention maps out to the possible port types
         which can be used to populate the etsysPortPolicyProfileTable,
         and of port IDs used in the etsysStationPolicyProfileTable."
    SYNTAX  INTEGER {
                      ifIndex(1),
                      dot1dBasePort(2)
                    }

VlanList ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "Each octet within this value specifies a set of eight
        VIDs, with the first octet specifying VID 1 through
        8, the second octet specifying VID 9 through 16, etc.
        Within each octet, the most significant bit represents
        the lowest numbered VID, and the least significant bit
        represents the highest numbered VID.  Thus, each VID
        is represented by a single bit within the
        value of this object.  If that bit has a value of '1'
        then that VID is included in the set of VIDs; the VID
        is not included if its bit has a value of '0'.

        This OCTET STRING will always be 512 Octets in length
        to accommodate all possible VIDs between (1..4094). The
        default value of this object is a string of all zeros."
    SYNTAX      OCTET STRING (SIZE(512))
    
PolicyClassificationRuleType  ::=  TEXTUAL-CONVENTION
    STATUS  current
    DESCRIPTION
       "Enumerates the possible types of classification rules which
        may be referenced in the <CLASSIFICATION_TABLE_NAME>.  Each
        type as an implied length (in bytes) associated with it. 
        Octet-strings defined as representing one of these types will
        be represented in Network-Byte-Order (Big Endian) if the native
        representation is other than octets.

        macSource(1)            The source MAC address in an Ethernet frame.
                                Length is 6 bytes.

        macDestination(2)       The destination MAC address in an Ethernet 
                                frame.  Length is 6 bytes.
                                
        ipxSource(3)            The source address in an IPX header. Length
                                is 4 bytes (Network prefix).
                                
        ipxDestination(4)       The destination address in an IPX header. 
                                Length is 4 bytes (Network prefix).
                                
        ipxSourcePort(5)        The source IPX port(socket) in an IPX 
                                header. Length is 2 bytes.
                                
        ipxDestinationPort(6)   The destination IPX port(socket) in an IPX 
                                header. Length is 2 bytes.
                                
        ipxCos(7)               The CoS(HopCount) field in an IPX header. 
                                Length is 1 byte.
                                
        ipxType(8)              The protocol type in an IPX header. Length
                                is 1 byte.
                                
        ip6Source(9)            The source address in an IPv6 header, 
                                postfixed with the source port (for 
                                TCP/UDP frames). Length is 18 bytes.
                                
        ip6Destination(10)      The destination address in an IPv6 header, 
                                postfixed with the destination port (for 
                                TCP/UDP frames). Length is 18 bytes.

        ip6FlowLabel(11)        The flow label field (traffic class and flow
                                identifier) in an IPv6 header. Length is 4 
                                bytes.
                                
        ip4Source(12)           The source address in an IPv4 header, 
                                postfixed with the source port (for TCP/UDP
                                frames). Length is 6 bytes.
                                
        ip4Destination(13)      The destination address in an IPv4 header, 
                                postfixed with the destination port (for 
                                TCP/UDP frames). Length is 6 bytes.
                                
        ipFragment(14)          Truth value derived from the FLAGS and 
                                FRAGMENTATION_OFFSET fields of an IP
                                header.  If the MORE bit of the flags field
                                is set, or the FRAGMENTATION_OFFSET is
                                non-zero, the frame is fragmented.
                                Length is 0 bytes (there is no data, only
                                presence).
                                
        udpSourcePort(15)       The source UDP port(socket) in an UDP 
                                header. Length is 2 bytes.
                                
        udpDestinationPort(16)  The destination UDP port(socket) in an UDP 
                                header. Length is 2 bytes.
                                
        tcpSourcePort(17)       The source TCP port(socket) in an TCP 
                                header. Length is 2 bytes.
                                
        tcpDestinationPort(18)  The destination TCP port(socket) in an TCP 
                                header. Length is 2 bytes.
                                
        icmpTypeCode(19)        The Type and Code fields from an ICMP frame.
                                These are encoded in 2 bytes, network-byte-
                                order, Type in the first (left-most) byte,
                                Code in the second byte.

        ipTtl(20)               The TTL(HopCount) field in an IP header. 
                                Length is 1 byte.

        ipTos(21)               The ToS(DSCP) field in an IP header. Length
                                is 1 byte.
                                
        ipType(22)              The protocol type in an IP header. Length
                                is 1 byte.
                                
        etherType(25)           The type field in an Ethernet II frame.
                                Length is 2 bytes.
                                
        llcDsapSsap(26)         The DSAP/SSAP/CTRL field in an LLC 
                                encapsulated frame, includes SNAP 
                                encapsulated frames and the associated 
                                Ethernet II type field.  Length is 5 bytes.

        vlanId(27)              The 12 bit Virtual LAN ID field present 
                                in an 802.1D Tagged frame.
                                Length is 2 bytes, the field is represented
                                in the FIRST (left-most, big-endian)12 bits 
                                of the 16 bit field.  A vlanId of 1 would be
                                encoded as 00-10, a vlanId of 4094 would be
                                encoded as FF-E0, and a vlanId of 100 would be
                                encoded as 06-40.

        ieee8021dTci(28)        The entire 16 bit TCI field present 
                                in an 802.1D Tagged frame (include both
                                VLAN ID and Priority bits.
                                Length is 2 bytes.

        bridgePort(31)          The dot1dBridgePort on which the frame was
                                received.  Length is 2 bytes."
                                
    SYNTAX  INTEGER {
                    macSource(1),
                    macDestination(2),
                    ipxSource(3),
                    ipxDestination(4),
                    ipxSourcePort(5),
                    ipxDestinationPort(6),
                    ipxCos(7),
                    ipxType(8),
                    ip6Source(9),
                    ip6Destination(10),
                    ip6FlowLabel(11),
                    ip4Source(12),
                    ip4Destination(13),
                    ipFragment(14),
                    udpSourcePort(15),
                    udpDestinationPort(16),
                    tcpSourcePort(17),
                    tcpDestinationPort(18),
                    icmpTypeCode(19),
                    ipTtl(20),
                    ipTos(21),
                    ipType(22),
                    etherType(25),
                    llcDsapSsap(26),
                    vlanId(27),
                    ieee8021dTci(28),
                    bridgePort(31)
                    }


PolicyRulesSupported  ::=  TEXTUAL-CONVENTION
    STATUS  current
    DESCRIPTION
       "Enumerates the possible types of classification rules which
        may be supported.

        macSource(1)            The source MAC address in an Ethernet frame.
        macDestination(2)       The destination MAC address in an Ethernet 
                                frame.
        ipxSource(3)            The source address in an IPX header.
        ipxDestination(4)       The destination address in an IPX header. 
        ipxSourcePort(5)        The source IPX port(socket) in an IPX 
                                header.
        ipxDestinationPort(6)   The destination IPX port(socket) in an IPX 
                                header.
        ipxCos(7)               The CoS(HopCount) field in an IPX header. 
        ipxType(8)              The protocol type in an IPX header.
        ip6Source(9)            The source address in an IPv6 header, 
                                postfixed with the source port (for 
                                TCP/UDP frames).
        ip6Destination(10)      The destination address in an IPv6 header, 
                                postfixed with the destination port (for 
                                TCP/UDP frames).
        ip6FlowLabel(11)        The flow label field (traffic class and flow
                                identifier) in an IPv6 header.
        ip4Source(12)           The source address in an IPv4 header, 
                                postfixed with the source port (for TCP/UDP
                                frames).
        ip4Destination(13)      The destination address in an IPv4 header, 
                                postfixed with the destination port (for 
                                TCP/UDP frames).
        ipFragment(14)          Truth value derived from the FLAGS and 
                                FRAGMENTATION_OFFSET fields of an IP
                                header.  If the MORE bit of the flags field
                                is set, or the FRAGMENTATION_OFFSET is
                                non-zero, the frame is fragmented.
        udpSourcePort(15)       The source UDP port(socket) in an UDP 
                                header.
        udpDestinationPort(16)  The destination UDP port(socket) in an UDP 
                                header.
        tcpSourcePort(17)       The source TCP port(socket) in an TCP 
                                header.
        tcpDestinationPort(18)  The destination TCP port(socket) in an TCP 
                                header.
        icmpTypeCode(19)        The Type and Code fields from an ICMP frame.
        ipTtl(20)               The TTL(HopCount) field in an IP header. 
        ipTos(21)               The ToS(DSCP) field in an IP header.
        ipType(22)              The protocol type in an IP header.
        etherType(25)           The type field in an Ethernet II frame.
        llcDsapSsap(26)         The DSAP/SSAP/CTRL field in an LLC 
                                encapsulated frame, includes SNAP 
                                encapsulated frames and the associated 
                                Ethernet II type field.
        vlanId(27)              The 12 bit Virtual LAN ID field present 
                                in an 802.1D Tagged frame.
        ieee8021dTci(28)        The entire 16 bit TCI field present 
                                in an 802.1D Tagged frame (include both
                                VLAN ID and Priority bits.
        bridgePort(31)          The dot1dBridgePort on which the frame was
                                received."
                                
    SYNTAX  BITS {
                    macSource(1),
                    macDestination(2),
                    ipxSource(3),
                    ipxDestination(4),
                    ipxSourcePort(5),
                    ipxDestinationPort(6),
                    ipxCos(7),
                    ipxType(8),
                    ip6Source(9),
                    ip6Destination(10),
                    ip6FlowLabel(11),
                    ip4Source(12),
                    ip4Destination(13),
                    ipFragment(14),
                    udpSourcePort(15),
                    udpDestinationPort(16),
                    tcpSourcePort(17),
                    tcpDestinationPort(18),
                    icmpTypeCode(19),
                    ipTtl(20),
                    ipTos(21),
                    ipType(22),
                    etherType(25),
                    llcDsapSsap(26),
                    vlanId(27),
                    ieee8021dTci(28),
                    bridgePort(31)
                    }
-- -------------------------------------------------------------
-- MIB groupings 
-- -------------------------------------------------------------

etsysPolicyProfile          OBJECT IDENTIFIER 
                      ::= { etsysPolicyProfileMIB 1 }

etsysPolicyClassification   OBJECT IDENTIFIER 
                      ::= { etsysPolicyProfileMIB 2 }

etsysPortPolicyProfile      OBJECT IDENTIFIER 
                      ::= { etsysPolicyProfileMIB 3 }
   
etsysPolicyVlanEgress       OBJECT IDENTIFIER
                      ::= { etsysPolicyProfileMIB 4 }

etsysStationPolicyProfile   OBJECT IDENTIFIER
                      ::= { etsysPolicyProfileMIB 5 } 
                      
etsysInvalidPolicyPolicy    OBJECT IDENTIFIER
                      ::= { etsysPolicyProfileMIB 6 }

etsysDevicePolicyProfile    OBJECT IDENTIFIER
                      ::= { etsysPolicyProfileMIB 8 }

etsysPolicyCapability       OBJECT IDENTIFIER
                      ::= { etsysPolicyProfileMIB 9 }

etsysPolicyMap              OBJECT IDENTIFIER
                      ::= { etsysPolicyProfileMIB 10 }

etsysPolicyRules            OBJECT IDENTIFIER
                      ::= { etsysPolicyProfileMIB 11 }


-- -------------------------------------------------------------
-- etsysPolicyProfile group       
-- -------------------------------------------------------------

etsysPolicyProfileMaxEntries OBJECT-TYPE
    SYNTAX      Integer32 (1..65535) 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The maximum number of entries allowed in the
         etsysPolicyProfileTable."
    ::= { etsysPolicyProfile 1 }

etsysPolicyProfileNumEntries OBJECT-TYPE
    SYNTAX      Gauge32 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The current number of entries in the 
         etsysPolicyProfileTable."
    ::= { etsysPolicyProfile 2 }

etsysPolicyProfileLastChange OBJECT-TYPE
    SYNTAX      TimeTicks 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The sysUpTime at which the etsysPolicyProfileTable was last
         modified."
    ::= { etsysPolicyProfile 3 }

etsysPolicyProfileTableNextAvailableIndex OBJECT-TYPE
    SYNTAX      Integer32 (1..65535)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This object indicates the numerically lowest available 
         index within this entity, which may be used for the value 
         of etsysPolicyProfileIndex in the creation of a new entry 
         in the etsysPolicyProfileTable.

         An index is considered available if the index value falls
         within the range of 1 to 65535 and is not being used to 
         index an existing entry in the etsysPolicyProfileTable
         contained within this entity.

         This value should only be considered a guideline for 
         management creation of etsysPolicyProfileEntries, there is 
         no requirement on management to create entries based upon
         this index value."
    ::= { etsysPolicyProfile 4 }

etsysPolicyProfileTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EtsysPolicyProfileEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table containing policy profiles.  A policy is a group
         of classification rules which may be applied on a per
         user basis, to ports or to stations."
    ::= { etsysPolicyProfile 5 }

etsysPolicyProfileEntry OBJECT-TYPE
    SYNTAX      EtsysPolicyProfileEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Conceptually defines a particular entry within the 
         etsysPolicyProfileTable. Entries within this table MUST be
         considered non-volatile and MUST be maintained across 
         entity resets."
    INDEX  { etsysPolicyProfileIndex }
    ::= { etsysPolicyProfileTable 1 }

EtsysPolicyProfileEntry ::=
    SEQUENCE {
        etsysPolicyProfileIndex   
             Integer32,
        etsysPolicyProfileName
             SnmpAdminString,
        etsysPolicyProfileRowStatus      
             RowStatus,
        etsysPolicyProfilePortVidStatus 
             EnabledStatus,
        etsysPolicyProfilePortVid
             Unsigned32,
        etsysPolicyProfilePriorityStatus
             EnabledStatus,
        etsysPolicyProfilePriority 
             Integer32,
        etsysPolicyProfileEgressVlans
             VlanList,
        etsysPolicyProfileForbiddenVlans
             VlanList,
        etsysPolicyProfileUntaggedVlans
             VlanList,
        etsysPolicyProfileOverwriteTCI
             EnabledStatus,
        etsysPolicyProfileRulePrecedence
             OCTET STRING
    }

etsysPolicyProfileIndex OBJECT-TYPE
    SYNTAX      Integer32 (1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A unique arbitrary identifier for this Policy.

         Since a policy will be applied to a user regardless of his 
         or her location in the network fabric policy names SHOULD
         be unique within the entire network fabric.  Policy IDs 
         and policy names MUST be unique within the scope of a single
         managed entity."
    ::= { etsysPolicyProfileEntry 1 }

etsysPolicyProfileName OBJECT-TYPE
    SYNTAX      SnmpAdminString (SIZE(1..64))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Administratively assigned textual description of this 
         Policy.

         This object MUST NOT be modifiable while this entry's
         RowStatus is active(1)."
    ::= { etsysPolicyProfileEntry 2 }

etsysPolicyProfileRowStatus OBJECT-TYPE
    SYNTAX      RowStatus 
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object allows for the dynamic creation and deletion
         of entries within the etsysPolicyProfileTable as well as
         the activation and deactivation of these entries.

         When this object's value is active(1) the corresponding 
         row's etsysPolicyProfilePortVid, etsysPolicyProfilePriority,
         and all entries within the etsysPolicyClassificationTable
         indexed by this row's etsysPolicyProfileIndex are available
         to be applied to network access ports or stations on the
         managed entity.  
         
         All ports corresponding to rows within the 
         etsysPortPolicyProfileTable whose etsysPortPolicyProfileOperID
         is equal to the etsysPolicyProfileIndex, shall have the 
         corresponding policy applied.  Likewise, all stations 
         corresponding to rows within the etsysStationPolicyProfileTable  
         whose etsysStationPolicyProfileOperID is equal to the
         etsysPolicyProfileIndex, shall have the corresponding policy
         applied.   

         The value of etsysPortPolicyProfileOperID for each such row
         in the etsysPortPolicyProfileTable will be equal to the
         etsysPortPolicyProfileAdminID, unless the authorization
         information from a source such as a RADIUS server indicates
         to the contrary.

         Refer to the specific objects within this MIB as well as
         well as  RFC2674, the CTRON-PRIORITY-CLASSIFY-MIB, the 
         CTRON-VLAN-CLASSIFY-MIB, and the CTRON-RATE-POLICING-MIB 
         for a complete explanation of the application and behavior
         of these objects.

         When this object's value is set to notInService(2) this
         policy will not be applied to any rows within the 
         etsysPortPolicyProfileTable.

         To allow policy profiles to be applied for security 
         implementations, setting this object's value from active(1)
         to notInService(2) or destroy(6) SHALL fail if one or more 
         instances of etsysPortPolicyProfileOperID or
         etsysStationPolicyProfileOperID currently reference
         this entry's associated policy due to a set by an underlying 
         security protocol such as RADIUS.

         For network functionality and clarity, setting this object 
         to destroy(6) SHALL fail if one or more instances of 
         etsysPortPolicyProfileOperID or etsysStationPolicyProfileOperID
         currently references this entry's etsysPolicyProfileIndex.

         Refer to the RowStatus convention for further details on 
         the behavior of this object."
    REFERENCE
        "RFC2579 (Textual Conventions for SMIv2)"
    ::= { etsysPolicyProfileEntry 3 }

etsysPolicyProfilePortVidStatus OBJECT-TYPE
    SYNTAX      EnabledStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object defines whether a PVID override should 
         be applied to ports which have this profile active.

         enabled(1) means that any port with this policy active 
         will have this row's etsysPolicyProfilePortVid applied to 
         untagged frames or priority-tagged frames received on this 
         port.

         disabled(2) means that etsysPolicyProfilePortVid will not
         be applied.  When this object is set to disabled(2) the 
         value of etsysPolicyProfilePortVid has no meaning."
    DEFVAL { disabled }
    ::= { etsysPolicyProfileEntry 4 }

etsysPolicyProfilePortVid OBJECT-TYPE
    SYNTAX      Unsigned32 (0|1..4094|4095) 
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object defines the PVID of this profile.

         If a port has an active policy and the policy's 
         etsysPolicyProfilePortVidStatus is set to enabled(1), the 
         etsysPolicyProfilePortVid will be applied to all untagged 
         frames arriving on the port that do not match any of the 
         policy classification rules. 

         Note that the 802.1Q PVID will still exist from a
         management view but will NEVER be applied to traffic 
         arriving on a port that has an active policy and enabled 
         etsysPolicyProfilePortVid defined, since policy is applied
         to traffic arriving on the port prior to the assignment of
         a VLAN using the 802.1Q PVID.

         The behavior of an enabled etsysPolicyProfilePortVid on 
         any associated port SHALL be identical to the behavior of 
         the dot1qPvid upon that port.
         
         Note that two special, otherwise illegal, values of the
         etsysPolicyProfilePortVid are used in defining the default
         forwarding actions, to be used in conjunction with policy
         classification rules, and do not result in packet tagging:
         
             0      Indicates that the default forwarding action 
                    is to drop all packets that do not match an 
                    explicit rule.
                    
             4095   Indicates that the default forwarding action
                    is to forward any packets not matching any
                    explicit rules."
    REFERENCE
        "RFC2674 (Q-BRIDGE-MIB) - dot1qPortVlanTable"
    DEFVAL { 1 }
    ::= { etsysPolicyProfileEntry 5 }

etsysPolicyProfilePriorityStatus OBJECT-TYPE
    SYNTAX      EnabledStatus 
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object defines whether a priority override 
         should be applied to ports which have this profile 
         active.

         enabled(1) means that any port with this policy active 
         will have etsysPolicyProfilePriority applied to this
         port. 

         disabled(2) means that etsysPolicyProfilePriority will 
         not be applied.  When this object is set to disabled(2) 
         the value of etsysPolicyProfilePriority has no meaning."
    DEFVAL { disabled }
    ::= { etsysPolicyProfileEntry 6 }

etsysPolicyProfilePriority OBJECT-TYPE
    SYNTAX      Integer32 (0..7)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object defines the default ingress priority of this 
         profile.

         If a port has an active policy and the policy's 
         etsysPolicyProfilePriorityStatus is set to enabled(1), the 
         etsysPolicyProfilePriority will be applied to all packets 
         arriving on the port that do not match any of the policy 
         classification rules. 

         Note that dot1dPortDefaultUserPriority will still exist 
         from a management view but will NEVER be applied to traffic 
         arriving on a port that has an active policy and enabled 
         etsysPolicyProfilePriority defined, since policy is applied
         to traffic arriving on the port prior to the assignment of
         a priority using dot1dPortDefaultUserPriority.

         The behavior of an enabled etsysPolicyProfilePriority on 
         any associated port SHALL be identical to the behavior of 
         the dot1dPortDefaultUserPriority upon that port."
    REFERENCE
        "RFC2674 (P-BRIDGE-MIB) - dot1dPortPriorityTable"
    DEFVAL { 0 }
    ::= { etsysPolicyProfileEntry 7 }

etsysPolicyProfileEgressVlans OBJECT-TYPE
    SYNTAX      VlanList
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The set of VLANs which are assigned by this policy to
         egress on ports for which this policy is active. Changes
         to a bit in this object affect the per-port per-VLAN
         Registrar control for Registration Fixed for the relevant
         GVRP state machine on each port for which this policy is
         active.  A VLAN may not be added in this set if it is 
         already a member of the set of VLANs in
         etsysPolicyProfileForbiddenVlans.  This object is 
         superseded on a per-port per-VLAN basis by any 'set' bits
         in dot1qVlanStaticEgressPorts and 
         dot1qVlanForbiddenEgressPorts. The default value of this 
         object is a string of zeros."
    ::= { etsysPolicyProfileEntry 8 }

etsysPolicyProfileForbiddenVlans OBJECT-TYPE
    SYNTAX      VlanList
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The set of VLANs which are prohibited by this policy to
         egress on ports for which this policy is active. Changes
         to this object that cause a port to be included or 
         excluded affect the per-port per-VLAN Registrar control
         for Registration Forbidden for the relevant GVRP state 
         machine on each port for which this policy is active. A
         VLAN may not be added in this set if it is already a 
         member of the set of VLANs in etsysPolicyProfileEgressVlans.
         This object is superseded on a per-port per-VLAN basis by 
         any 'set' bits in the dot1qVlanStaticEgressPorts and
         dot1qVlanForbiddenEgressPorts.  The default value of this
         object is a string of zeros."
    ::= { etsysPolicyProfileEntry 9 }

etsysPolicyProfileUntaggedVlans OBJECT-TYPE
    SYNTAX      VlanList
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The set of VLANs which should transmit egress packets as
         untagged on ports for which this policy is active. This 
         object is superseded on a per-port per-VLAN basis by any
         'set' bits in dot1qVlanStaticUntaggedPorts."
    ::= { etsysPolicyProfileEntry 10 }

etsysPolicyProfileOverwriteTCI OBJECT-TYPE
    SYNTAX      EnabledStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "If set, the information contained within the TCI field of
         inbound, tagged packets will not be used by the device after the
         ingress classification stage of packet relay.  The net effect
         will be that the TCI information may be used to classify the 
         packet, but will be overwritten (and ignored) by subsequent 
         stages of packet relay."
    DEFVAL { disabled }
    ::= { etsysPolicyProfileEntry 11 }

etsysPolicyProfileRulePrecedence OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE(0..255))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Each octet will contain a single value representing the rule 
         type to be matched against, defined by the 
         PolicyClassificationRuleType textual convention.  When read, 
         will return the currently operating rule matching precedence, 
         ordered from first consulted (in the first octet) to last 
         consulted (in the last octet). A set of a  single octet of 
         0x00 will result in a reversion to the default precedence 
         ordering.  A set of any other values will result in the 
         specified rule types being matched in the order specified,
         followed by the remaining rules, in default precedence order."
    ::= { etsysPolicyProfileEntry 12 }


-- -------------------------------------------------------------
-- etsysPolicyClassification group        
-- -------------------------------------------------------------

etsysPolicyClassificationMaxEntries OBJECT-TYPE
    SYNTAX      Integer32 (1..65535) 
    MAX-ACCESS  read-only
    STATUS      deprecated
    DESCRIPTION
        "The maximum number of entries allowed in the
         etsysPolicyClassificationTable."
    ::= { etsysPolicyClassification 1 }

etsysPolicyClassificationNumEntries OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      deprecated
    DESCRIPTION
        "The current number of entries in the 
          etsysPolicyClassificationTable."
    ::= { etsysPolicyClassification 2 }

etsysPolicyClassificationLastChange OBJECT-TYPE
    SYNTAX      TimeTicks 
    MAX-ACCESS  read-only
    STATUS      deprecated
    DESCRIPTION
        "The sysUpTime at which the etsysPolicyClassificationTable
          was last modified."
    ::= { etsysPolicyClassification 3 }

etsysPolicyClassificationTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EtsysPolicyClassificationEntry
    MAX-ACCESS  not-accessible
    STATUS      deprecated
    DESCRIPTION
        "A table containing reference OIDs to entries within the 
         classification tables.

         These classification tables include but may not be limited 
         to:

                  ctPriClassifyTable
                  ctVlanClassifyTable 
                  ctRatePolicyingConfigTable

         This table is used to map a list of classification rules to
         an instance of the etsysPolicyProfileTable."
    REFERENCE
        "CTRON-PRIORITY-CLASSIFY-MIB, 
         CTRON-VLAN-CLASSIFY-MIB, 
         CTRON-RATE-POLICING-MIB"
    ::= { etsysPolicyClassification 4 }

etsysPolicyClassificationEntry OBJECT-TYPE
    SYNTAX      EtsysPolicyClassificationEntry
    MAX-ACCESS  not-accessible
    STATUS      deprecated
    DESCRIPTION
        "Describes a particular entry within the
         etsysPolicyClassificationTable.  Entries within this table
         MUST be considered non-volatile and MUST be maintained
         across entity resets."
    INDEX    { etsysPolicyProfileIndex, 
               etsysPolicyClassificationIndex }
    ::= { etsysPolicyClassificationTable 1 }

EtsysPolicyClassificationEntry ::=
    SEQUENCE {
        etsysPolicyClassificationIndex
             Integer32,
        etsysPolicyClassificationOID
             RowPointer,
        etsysPolicyClassificationRowStatus
             RowStatus,
        etsysPolicyClassificationIngressList
             PortList
    }

etsysPolicyClassificationIndex OBJECT-TYPE
    SYNTAX      Integer32 (1..65535)
    MAX-ACCESS  not-accessible
    STATUS      deprecated
    DESCRIPTION
        "Administratively assigned unique value, greater than zero.

         Each etsysPolicyClassificationIndex instance MUST be unique 
         within the scope of its associated etsysPolicyProfileIndex."
    ::= { etsysPolicyClassificationEntry 1 }

etsysPolicyClassificationOID OBJECT-TYPE
    SYNTAX      RowPointer
    MAX-ACCESS  read-create
    STATUS      deprecated
    DESCRIPTION
        "This object follows the RowPointer textual convention and 
         is an OID reference to a classification rule.

         This object MUST NOT be modifiable while this entry's
         etsysPolicyClassificationStatus object has a value of 
         active(1)."
    ::= { etsysPolicyClassificationEntry 2 }

etsysPolicyClassificationRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      deprecated
    DESCRIPTION
        "The status of this row.

         When set to active(1) this entry's classification rule, as 
         referenced by etsysPolicyClassificationOID, becomes one of 
         its associated policy's set of rules.

         When this entry's associated policy, as defined by 
         etsysPolicyProfileIndex, is active and assigned to a port
         through the etsysPortPolicyProfileTable or to a station
         through the etsysStationPolicyProfileTabbe, this 
         classification rule will be applied to the port or station.
         The exact behavior of this application depends upon the 
         classification rule.

         When this object is set to notInService(2) or notReady(3)
         this entry is not considered one of its associated policy's
         set of rules and this classification rule will not be 
         applied.

         An entry MAY NOT be set to active(1) unless this row's 
         etsysPolicyClassificationOID is set to a valid 
         classification rule."
    ::= { etsysPolicyClassificationEntry 3 }

etsysPolicyClassificationIngressList OBJECT-TYPE
    SYNTAX      PortList
    MAX-ACCESS  read-only
    STATUS      deprecated
    DESCRIPTION
        "The ports on which an active policy profile has defined
         this classification rule applies."
    ::= { etsysPolicyClassificationEntry 4 }


-- -------------------------------------------------------------
-- etsysPortPolicyProfile group 
-- -------------------------------------------------------------

etsysPortPolicyProfileLastChange OBJECT-TYPE

    SYNTAX      TimeTicks
    MAX-ACCESS  read-only
    STATUS      deprecated
    DESCRIPTION
        "sysUpTime at which the etsysPortPolicyProfileTable
         was last modified."
    ::= { etsysPortPolicyProfile 1 }

etsysPortPolicyProfileTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EtsysPortPolicyProfileEntry
    MAX-ACCESS  not-accessible
    STATUS      deprecated

    DESCRIPTION
        "This table allows for a one to one mapping between a 
         dot1dBasePort or an ifIndex and a Policy Profile."
    ::= { etsysPortPolicyProfile 2 }

etsysPortPolicyProfileEntry OBJECT-TYPE
    SYNTAX      EtsysPortPolicyProfileEntry
    MAX-ACCESS  not-accessible
    STATUS      deprecated
    DESCRIPTION
        "Describes a particular entry within the
         etsysPortPolicyProfileTable.  Entries within this 
         table MUST be considered non-volatile and MUST be maintained
         across entity resets."
    INDEX  { etsysPortPolicyProfileIndexType,
             etsysPortPolicyProfileIndex }
    ::= { etsysPortPolicyProfileTable 1 }

EtsysPortPolicyProfileEntry ::=
    SEQUENCE {
        etsysPortPolicyProfileIndexType
             PortPolicyProfileIndexTypeTC,
        etsysPortPolicyProfileIndex
             Integer32,
        etsysPortPolicyProfileAdminID
             PolicyProfileIDTC,
        etsysPortPolicyProfileOperID
             PolicyProfileIDTC
    }

etsysPortPolicyProfileIndexType OBJECT-TYPE
    SYNTAX      PortPolicyProfileIndexTypeTC 
    MAX-ACCESS  not-accessible
    STATUS      deprecated
    DESCRIPTION
        "This object defines the specific type of port this entry 
         represents." 
    ::= { etsysPortPolicyProfileEntry 1 }

etsysPortPolicyProfileIndex OBJECT-TYPE
    SYNTAX      Integer32 (1..2147483647)
    MAX-ACCESS  not-accessible
    STATUS      deprecated
    DESCRIPTION
        "An index value which represents a unique port of the type
         defined by this entry's etsysPortPolicyProfileIndexType."
    ::= { etsysPortPolicyProfileEntry 2 }

etsysPortPolicyProfileAdminID OBJECT-TYPE
    SYNTAX      PolicyProfileIDTC
    MAX-ACCESS  read-write
    STATUS      deprecated
    DESCRIPTION
        "This object represents the desired Policy Profile for this 
         dot1dBasePort or this ifIndex.

         Setting this object to any value besides zero (0) should, 
         if possible, immediately place this entry's dot1dBasePort 
         or ifIndex into the given Policy Profile.

         This object and etsysPortPolicyProfileOperID may not be the
         same if this object is set to a Policy (i.e. an instance of
         the etsysPolicyProfileTable) which is not in an active state
         or if the etsysPortPolicyProfileOperID has been set by an 
         underlying security protocol such as RADIUS."
    DEFVAL { 0 }
    ::= { etsysPortPolicyProfileEntry 3 }

etsysPortPolicyProfileOperID OBJECT-TYPE
    SYNTAX      PolicyProfileIDTC
    MAX-ACCESS  read-only
    STATUS      deprecated
    DESCRIPTION
        "This object is the current policy which is being applied to
         this entry's dot1dBasePort. A value of zero(0) indicates 
         there is no policy being applied to this dot1dBasePort or 
         this ifIndex.

         If the value of this object has been set by an underlying 
         security protocol such as RADIUS, sets to this entry's
         etsysPortPolicyProfileAdminID MUST NOT change the value 
         of this object until such time as the security protocol
         releases this object by setting it to a value of zero (0)."
    ::= { etsysPortPolicyProfileEntry 4 }

etsysPortPolicyProfileSummaryTable OBJECT-TYPE
    SYNTAX   SEQUENCE OF EtsysPortPolicyProfileSummaryEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This table provides aggregate port information on a per 
         policy, per port type basis."
    ::= { etsysPortPolicyProfile 3 }

etsysPortPolicyProfileSummaryEntry OBJECT-TYPE
    SYNTAX      EtsysPortPolicyProfileSummaryEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "Conceptually defines a particular entry within the 
          etsysPortPolicyProfileSummaryTable." 
    INDEX  { etsysPolicyProfileIndex,
             etsysPortPolicyProfileSummaryIndexType }
    ::= { etsysPortPolicyProfileSummaryTable 1 }

EtsysPortPolicyProfileSummaryEntry ::=
    SEQUENCE {
        etsysPortPolicyProfileSummaryIndexType
             PortPolicyProfileIndexTypeTC,
        etsysPortPolicyProfileSummaryAdminID
             PortList,
        etsysPortPolicyProfileSummaryOperID
             PortList,
        etsysPortPolicyProfileSummaryDynamicID
             PortList
    }

   etsysPortPolicyProfileSummaryIndexType OBJECT-TYPE
    SYNTAX      PortPolicyProfileIndexTypeTC 
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This object defines the specific type of port this entry 
         represents." 
    ::= { etsysPortPolicyProfileSummaryEntry 1 }

   etsysPortPolicyProfileSummaryAdminID OBJECT-TYPE
    SYNTAX      PortList
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "An aggregate list of all Ports currently supporting 
         rules which assign this profileIndex through
         administrative means.  Rules of this type have a 
         valid etsysPolicyRuleResult2 action and a
         profileIndex of 0."
    ::= { etsysPortPolicyProfileSummaryEntry 2 }

   etsysPortPolicyProfileSummaryOperID OBJECT-TYPE
    SYNTAX      PortList
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "An aggregate list of all Ports currently supporting 
         rules which assign this profileIndex through either
         an administrative or dynamic means.  The profileId 
         which will be assigned operationally, as frames are
         handled are too be reported here."
    ::= { etsysPortPolicyProfileSummaryEntry 3 }

   etsysPortPolicyProfileSummaryDynamicID OBJECT-TYPE
    SYNTAX      PortList
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "An aggregate list of all Ports currently supporting 
         rules which assign this profileIndex through a 
         dynamic means.  For example the profileIndex returned
         via a successful 802.1X supplicant authentication."
    ::= { etsysPortPolicyProfileSummaryEntry 4 }

-- -------------------------------------------------------------
-- etsysStationPolicyProfile group 
-- -------------------------------------------------------------

etsysStationPolicyProfileMaxEntries OBJECT-TYPE
    SYNTAX      Integer32 (1..65535) 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The maximum number of entries allowed in the
         etsysStationPolicyProfileTable.  If this number is
         exceeded, based on stations connecting to the edge
         device, the oldest entries will be deleted."
    ::= { etsysStationPolicyProfile 1 }

etsysStationPolicyProfileNumEntries OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The current number of entries in the 
          etsysStationPolicyProfileTable."
    ::= { etsysStationPolicyProfile 2 }

etsysStationPolicyProfileLastChange OBJECT-TYPE
    SYNTAX      TimeTicks
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "sysUpTime at which the etsysStationPolicyProfileTable
         was last modified."
    ::= { etsysStationPolicyProfile 3 }

etsysStationPolicyProfileTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EtsysStationPolicyProfileEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This table allows for a one to one mapping between a 
         station's identifying address and a Policy Profile."
    ::= { etsysStationPolicyProfile 4 }

etsysStationPolicyProfileEntry OBJECT-TYPE
    SYNTAX      EtsysStationPolicyProfileEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Describes a particular entry within the
         etsysStationPolicyProfileTable.  Entries within this 
         table MUST be considered non-volatile and MUST be 
         maintained across entity resets."
    INDEX  { etsysStationPolicyProfileIndex }
    ::= { etsysStationPolicyProfileTable 1 }

EtsysStationPolicyProfileEntry ::=
    SEQUENCE {
        etsysStationPolicyProfileIndex
             Integer32,
        etsysStationIdentifierType
             StationAddressType,
        etsysStationIdentifier
             StationAddress,     
        etsysStationPolicyProfileOperID
             PolicyProfileIDTC,      
        etsysStationPolicyProfilePortType
             PortPolicyProfileIndexTypeTC,
        etsysStationPolicyProfilePortID
             Integer32
       }
       
etsysStationPolicyProfileIndex OBJECT-TYPE
    SYNTAX      Integer32 (1..2147483647)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An index value which represents a unique station entry."
    ::= { etsysStationPolicyProfileEntry 2 }

etsysStationIdentifierType OBJECT-TYPE
    SYNTAX      StationAddressType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
       "Indicates the type of station identifying address contained 
       in etsysStationIdentifier."
    ::= { etsysStationPolicyProfileEntry 3 }   

etsysStationIdentifier OBJECT-TYPE
    SYNTAX      StationAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "A value which represents a unique MAC Address, IP Address,
        or other identifying address for a station, or other logical 
        and authenticatable sub-entity within a station, connected 
        to a port."
    ::= { etsysStationPolicyProfileEntry 4 }
  
etsysStationPolicyProfileOperID OBJECT-TYPE
    SYNTAX      PolicyProfileIDTC
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This object is the current policy which is being applied to
         this entry's MAC Address. A value of zero(0) indicates 
         there is no policy being applied to this MAC Address.

         The value of this object reflects either the setting from an
         underlying AAA service such as RADIUS, or the default setting
         based on the etsysPortPolicyProfileAdminID for the port on
         which the station is connected.
         
         This object and the corresponding etsysPortPolicyProfileAdminID
         will not be the same if this object has been set by an 
         underlying security protocol such as RADIUS."
    ::= { etsysStationPolicyProfileEntry 5 }

etsysStationPolicyProfilePortType OBJECT-TYPE
    SYNTAX      PortPolicyProfileIndexTypeTC 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "A textual convention that defines the specific type of port
         designator the corresponding entry represents." 
    ::= { etsysStationPolicyProfileEntry 6 }

etsysStationPolicyProfilePortID OBJECT-TYPE
    SYNTAX      Integer32 (1..2147483647)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "A value which represents the physical port, of the type
         defined by this entry's etsysStationPolicyProfilePortType,
         on which the associated station entity is connected.  This
         object is for convenience in cross referencing stations to
         ports."
    ::= { etsysStationPolicyProfileEntry 7 }
    

-- ---------------------------------------------------------- --
-- etsysInvalidPolicyPolicy group 
-- ---------------------------------------------------------- --

etsysInvalidPolicyAction OBJECT-TYPE
    SYNTAX        INTEGER  { 
                            applyDefaultPolicy(1),
                            dropPackets(2)
                           }
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "Specifies the action that the edge device should take if asked
         to apply an invalid or unknown policy.

             applyDefaultPolicy(1) - Apply the default policy for
             the port.

             dropPackets(2) - Block traffic.

         Although dropPackets(2) is the most secure option, it may
         not always be desirable."
    DEFVAL { applyDefaultPolicy }
    ::= { etsysInvalidPolicyPolicy 1 }

etsysInvalidPolicyCount OBJECT-TYPE
    SYNTAX        Counter32
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "Increments to indicate the number of times the switch has
         detected an invalid/unknown policy."
    ::= { etsysInvalidPolicyPolicy 2 }


-- ---------------------------------------------------------- --
-- etsysDevicePolicyProfile group 
-- ---------------------------------------------------------- --

etsysDevicePolicyProfileDefault OBJECT-TYPE
     SYNTAX     Integer32 (0|1..65535)
     MAX-ACCESS read-write
     STATUS     current
     DESCRIPTION
         "If this value is non-zero, the value indicates
          the etsysPolicyProfileEntry (and its associated 
          etsysPolicyClassificationTable entries) which
          should be used by the device if the device is
          incapable of using the profile (or specific parts
          of the profile) explicitly applied to an inbound
          frame.  A value of zero indicates that no default
          profile is currently active."
     DEFVAL { 0 }
     ::= { etsysDevicePolicyProfile 1 }


-- ---------------------------------------------------------- --
-- etsysPolicyCapability group 
-- ---------------------------------------------------------- --

etsysPolicyCapabilities OBJECT-TYPE
    SYNTAX      BITS  {
        supportsVLANForwarding(0),
                       -- VLAN forwarding is supported on all 
                       -- rule types supported by the device.      

        supportsPriority(1),
                       -- classification rules are supported for 802.1p 
                       -- priorities.
        supportsPermit(2),
                       -- permit capability is supported on all 
                       -- rule types supported by the device
                       -- without having to specify a VLAN.       

        supportsDeny(3),
                       -- deny capability is supported on all rule
                       -- types supported by the device without
                       -- having to specify a VLAN.       

        supportsDeviceLevelPolicy(4),
                       -- a single device level policy is supported
                       -- to supplement any components of the per port
                       -- policy that cannot be applied by the device.
                       -- etsysDevicePolicyProfileDefault is used to
                       -- indicate the supplemental policy.  This
                       -- capability should only exist on devices that
                       -- cannot apply complete per port policies.

        supportsPrecedenceReordering(5),
                       -- supports the ability to change the evaluation
                       -- order of the respective classification rule
                       -- types.

        supportsTciOverwrite(6),
                       -- supports the ability to overwrite the TCI 
                       -- information found in inbound, tagged frames.

        supportsRulesTable(7),
                       -- supports the etsysPolicyRulesTable.

        supportsRuleUseAccounting(8),
                       -- supports the ability to track classification
                       -- rule use (and the etsysPolicyRuleUsageList).  

        supportsRuleUseNotification(9),
                       -- supports the ability to send audit information
                       -- the first time a rule is used to classify a
                       -- frame.

        supportsCoSTable(10),
                       -- supports the <MIB_NAME> as an action (in the 
                       -- stead of simple 802.1D Priority.

        supportsLongestPrefixRules(11),
                       -- Some (or all) of the classification table
                       -- rules support Longest Prefix matching.

        supportsPortDisableAction(12)
                       -- Supports the ability to disable a port based
                       -- on a rule in the etsysPolicyRulesTable.

   }
   MAX-ACCESS  read-only
   STATUS      current
   DESCRIPTION
       "A list of capabilities related to policies.
        A set bit, with the value 1, indicates support for the
        described functionality.  A clear bit, with the value
        0, indicates the described functionality is not supported."
   ::= { etsysPolicyCapability 1 }

etsysPolicyDynaPIDRuleCapabilities OBJECT-TYPE
   SYNTAX      PolicyRulesSupported 
   MAX-ACCESS  read-only
   STATUS      current
   DESCRIPTION
       "A list of rule types which are supported by this device for
        the purpose of dynamically assigning a profile to the 
        network traffic described by the bit.
        A set bit, with the value 1, indicates support for the
        described functionality.  A clear bit, with the value
        0, indicates the described functionality is not supported."
   ::= { etsysPolicyCapability 2 }

etsysPolicyAdminPIDRuleCapabilities OBJECT-TYPE
   SYNTAX      PolicyRulesSupported 
   MAX-ACCESS  read-only
   STATUS      current
   DESCRIPTION
       "A list of rule types which are supported by this device for
        the purpose of administratively assigning a profile to the 
        network traffic described by the bit.
        A set bit, with the value 1, indicates support for the
        described functionality.  A clear bit, with the value
        0, indicates the described functionality is not supported."
   ::= { etsysPolicyCapability 3 }

etsysPolicyVlanRuleCapabilities OBJECT-TYPE
   SYNTAX      PolicyRulesSupported 
   MAX-ACCESS  read-only
   STATUS      current
   DESCRIPTION
       "A list of rule types which are supported by this device for
        the purpose of assigning a VlanId to the network traffic
        described by the bit.
        A set bit, with the value 1, indicates support for the
        described functionality.  A clear bit, with the value
        0, indicates the described functionality is not supported."
   ::= { etsysPolicyCapability 4 }

etsysPolicyCosRuleCapabilities OBJECT-TYPE
   SYNTAX      PolicyRulesSupported 
   MAX-ACCESS  read-only
   STATUS      current
   DESCRIPTION
       "A list of rule types which are supported by this device for
        the purpose of assigning a CoS to the network traffic
        described by the bit.
        A set bit, with the value 1, indicates support for the
        described functionality.  A clear bit, with the value
        0, indicates the described functionality is not supported."
   ::= { etsysPolicyCapability 5 }

etsysPolicyDropRuleCapabilities OBJECT-TYPE
   SYNTAX      PolicyRulesSupported 
   MAX-ACCESS  read-only
   STATUS      current
   DESCRIPTION
       "A list of rule types which are supported by this device for
        the purpose of discarding the network traffic described by 
        the bit.
        A set bit, with the value 1, indicates support for the
        described functionality.  A clear bit, with the value
        0, indicates the described functionality is not supported."
   ::= { etsysPolicyCapability 6 }

etsysPolicyForwardRuleCapabilities OBJECT-TYPE
   SYNTAX      PolicyRulesSupported 
   MAX-ACCESS  read-only
   STATUS      current
   DESCRIPTION
       "A list of rule types which are supported by this device for
        the purpose of forwarding the network traffic described by 
        the bit.
        A set bit, with the value 1, indicates support for the
        described functionality.  A clear bit, with the value
        0, indicates the described functionality is not supported."
   ::= { etsysPolicyCapability 7 }

etsysPolicySyslogRuleCapabilities OBJECT-TYPE
   SYNTAX      PolicyRulesSupported 
   MAX-ACCESS  read-only
   STATUS      current
   DESCRIPTION
       "A list of rule types which are supported by this device for
        the purpose of issuing syslog messages when the rule is used
        to identify the network traffic described by the bit.
        A set bit, with the value 1, indicates support for the
        described functionality.  A clear bit, with the value
        0, indicates the described functionality is not supported."
   ::= { etsysPolicyCapability 8 }

etsysPolicyTrapRuleCapabilities OBJECT-TYPE
   SYNTAX      PolicyRulesSupported 
   MAX-ACCESS  read-only
   STATUS      current
   DESCRIPTION
       "A list of rule types which are supported by this device for
        the purpose of issuing an SNMP notify (trap) messages when the 
        rule is used to identify the network traffic described by the bit.
        A set bit, with the value 1, indicates support for the
        described functionality.  A clear bit, with the value
        0, indicates the described functionality is not supported."
   ::= { etsysPolicyCapability 9 }

etsysPolicyDisablePortRuleCapabilities OBJECT-TYPE
   SYNTAX      PolicyRulesSupported 
   MAX-ACCESS  read-only
   STATUS      current
   DESCRIPTION
       "A list of rule types which are supported by this device for
        the purpose of disabling the ingress port identified when the 
        rule matches the network traffic described by the bit.
        A set bit, with the value 1, indicates support for the
        described functionality.  A clear bit, with the value
        0, indicates the described functionality is not supported."
   ::= { etsysPolicyCapability 10 }

-- -------------------------------------------------------------
-- etsysPolicyMap group 
-- -------------------------------------------------------------

etsysPolicyMapMaxEntries OBJECT-TYPE
    SYNTAX      Integer32 (1..65535) 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The maximum number of entries allowed in the
         etsysPolicyMapTable."
    ::= { etsysPolicyMap 1 }

etsysPolicyMapNumEntries OBJECT-TYPE
    SYNTAX      Gauge32 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The current number of entries in the 
         etsysPolicyMapTable."
    ::= { etsysPolicyMap 2 }

etsysPolicyMapLastChange OBJECT-TYPE
    SYNTAX      TimeTicks 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of sysUpTime when the etsysPolicyMapTable was last
         modified."
    ::= { etsysPolicyMap 3 }

etsysPolicyMapPvidOverRide OBJECT-TYPE
    SYNTAX      TruthValue 
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object defines whether the PVID specified in a RADIUS
         Tunnel-Private-Group-ID attribute for an Authenticated user
         shall override any statically configured PVID which may be
         provisioned as the default station-based policy may be applied.

         true(1) means that any port or station authorized with the
         RADIUS Tunnel-Private-Group-ID as PVID, will use the RADIUS-
         provisioned PVID value, when no matching entry for said PVID
         is found in the etsysPolicyMapTable.

         false(2) means that the RADIUS-provisioned PVID value will be
         applied only when no statically configured default PVID of the
         corresponding physical port exists and no matching entry for
         said PVID is found in the etsysPolicyMapTable.  This mode
         provides backward compatibility with pre RFC 3580 UPN
         implementations."
    DEFVAL { true }
    ::= { etsysPolicyMap 4 }

etsysPolicyMapUnknownPvidPolicy OBJECT-TYPE
     SYNTAX      INTEGER { 
                           denyAccess(1),
                           applyDefaultPolicy(2),
                           applyPvid(3)
                 }
     MAX-ACCESS  read-write
     STATUS      current
     DESCRIPTION
         "Describes the selected behavior of the managed entity if
          the PVID specified in a RADIUS Tunnel-Private-Group-ID 
          attribute is not found in the etsysPolicyMapTable."
     DEFVAL { applyPvid }
     ::= { etsysPolicyMap 5 }

etsysPolicyMapTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EtsysPolicyMapEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table containing VLAN ID to policy mappings. A policy is
         a group of classification rules which may be applied on a 
         per user basis, to ports or to stations."
    ::= { etsysPolicyMap 6 }

etsysPolicyMapEntry OBJECT-TYPE
    SYNTAX      EtsysPolicyMapEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Conceptually defines a particular entry within the 
         etsysPolicyMapTable. Entries within this table MUST be
         considered non-volatile and MUST be maintained across 
         entity resets."
    INDEX  { etsysPolicyMapIndex }
    ::= { etsysPolicyMapTable 1 }

EtsysPolicyMapEntry ::=
    SEQUENCE {
        etsysPolicyMapIndex   
             Integer32,
        etsysPolicyMapRowStatus      
             RowStatus,
         etsysPolicyMapStartVid
             Unsigned32,
        etsysPolicyMapEndVid
             Unsigned32,
        etsysPolicyMapPolicyIndex
             Integer32     
              }

etsysPolicyMapIndex OBJECT-TYPE
    SYNTAX      Integer32 (1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A unique arbitrary identifier for this mapping entry."
    ::= { etsysPolicyMapEntry 1 }

etsysPolicyMapRowStatus OBJECT-TYPE
    SYNTAX      RowStatus 
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object allows for the dynamic creation and deletion
         of entries within the etsysPolicyMapTable as well as
         the activation and deactivation of these entries."
    REFERENCE
        "RFC2579 (Textual Conventions for SMIv2)"
    ::= { etsysPolicyMapEntry 2 }

etsysPolicyMapStartVid OBJECT-TYPE
    SYNTAX      Unsigned32 (0..65535) 
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object defines the PVID of this profile or the
         starting PVID of a PVID range.  This value is typically
         determined by authorization information, such as the PVID
         value from the Tunnel-Private-Group-ID RADIUS attribute.
         
         This value, together with the ending value of the range,
         in any, is typically used as the look-up key for a PVID
         to Policy Index mapping operation."
    REFERENCE
        "IEEE 802.1X RADIUS Usage Guidelines (RFC 3580)"
    DEFVAL { 1 }
    ::= { etsysPolicyMapEntry 3 }

 etsysPolicyMapEndVid OBJECT-TYPE
    SYNTAX      Unsigned32 (0..65535) 
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object defines the ending PVID of a PVID range.
         If the value of this object is identical to the value of 
         etsysPolicyMapStartVid within the same conceptual table
         row, then the entry corresponds to a single PVID value."
    REFERENCE
        "IEEE 802.1X RADIUS Usage Guidelines (RFC 3580)"
    DEFVAL { 1 }
    ::= { etsysPolicyMapEntry 4 }

   etsysPolicyMapPolicyIndex OBJECT-TYPE
    SYNTAX      Integer32 (0..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The index of a Policy as defined in the 
         etsysPolicyProfileTable.  A value of 0 indicates that the
         mapping defined by this row entry is the NULL mapping, and
         that the PVID is to be applied as a traditional PVID.
         
         A non-zero value of this object indicates that the PVID
         provisioned (e.g. from the Tunnel-Private-Group-ID RADIUS 
         attribute) should be mapped to a Policy as defined in the
         etsysPolicyProfileTable, and that policy applied as if 
         the Policy name had been provisioned instead (e.g, in the
         Filter-ID RADIUS attribute), providing, of course, that 
         the etsysPolicyProfileRowStatus value of the table row so 
         indexed is active (1)."

    REFERENCE
         "IEEE 802.1X RADIUS Usage Guidelines (RFC 3580)"
    DEFVAL { 0 }
    ::= { etsysPolicyMapEntry 5 }


-- -------------------------------------------------------------
-- etsysPolicyRules group        
-- -------------------------------------------------------------

etsysPolicyRulesMaxEntries OBJECT-TYPE
    SYNTAX      Integer32 (1..65535) 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The maximum number of entries allowed in the
         etsysPolicyRulesTable."
    ::= { etsysPolicyRules 1 }

etsysPolicyRulesNumEntries OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The current number of entries in the 
          etsysPolicyRulesTable."
    ::= { etsysPolicyRules 2 }

etsysPolicyRulesLastChange OBJECT-TYPE
    SYNTAX      TimeTicks 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The sysUpTime at which the etsysPolicyRulesTable
          was last modified."
    ::= { etsysPolicyRules 3 }

etsysPolicyRulesAccountingEnable OBJECT-TYPE
    SYNTAX      EnabledStatus 
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Controls the collection of rule usage statistics.  If 
         disabled, no usage statistics are gathered and no auditing
         messages will be sent.  When enabled, rule will gather 
         usage statistics, and auditing messages will be sent, if 
         enabled for a given rule."
    DEFVAL { disabled }
    ::= { etsysPolicyRules 4 }

etsysPolicyRulesPortDisabledList OBJECT-TYPE
    SYNTAX      PortList
    MAX-ACCESS  read-write 
    STATUS      current
    DESCRIPTION
        "A portlist containing bits representing the dot1dBridgePorts 
         which have been disabled via the mechanism described in the
         etsysPolicyRuleDisablePort leaf.  A set bit indicates a 
         disabled port.

         Ports may be enabled by performing a set with the 
         corresponding bit cleared.  Bits which are set will
         be ignored during the set operation."
    ::= { etsysPolicyRules 5 }


-- -------------------------------------------------------------
-- etsysPolicyRuleTable
-- -------------------------------------------------------------

etsysPolicyRuleTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EtsysPolicyRuleEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table containing rules bound to individual policies.  A
         Rule is comprised of three components, a unique description
         of the network traffic, an associated list of actions, and
         an associated list of accounting and auditing controls and 
         information.

         The unique description of the network traffic, defined by a
         PolicyClassificationRuleType together with a length, 
         matching data and a relevant bits field, port type,
         and port number (port number zero is reserved to mean any
         port), and scoped by a etsysPolicyProfileIndex, is used 
         as the table index."
    ::= { etsysPolicyRules 6 }

etsysPolicyRuleEntry OBJECT-TYPE
    SYNTAX      EtsysPolicyRuleEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Describes a particular entry within the
         etsysPolicyRuleTable.  Entries within this table
         MUST be considered non-volatile and MUST be maintained
         across entity resets."
    INDEX    { etsysPolicyRuleProfileIndex, 
               etsysPolicyRuleType,
               etsysPolicyRuleData,
               etsysPolicyRulePrefixBits,
               etsysPolicyRulePortType,
               etsysPolicyRulePort}
    ::= { etsysPolicyRuleTable 1 }

EtsysPolicyRuleEntry ::=
    SEQUENCE {
        etsysPolicyRuleProfileIndex
             Integer32,
        etsysPolicyRuleType
             PolicyClassificationRuleType,
        etsysPolicyRuleData
             OCTET STRING,
        etsysPolicyRulePrefixBits
             Integer32,
        etsysPolicyRulePortType
             PortPolicyProfileIndexTypeTC,
        etsysPolicyRulePort
             Integer32,
        etsysPolicyRuleRowStatus
             RowStatus,
        etsysPolicyRuleStorageType
             StorageType,
        etsysPolicyRuleUsageList
             PortList,
        etsysPolicyRuleResult1
             Integer32,
        etsysPolicyRuleResult2
             Integer32,
        etsysPolicyRuleAuditSyslogEnable
             EnabledStatus,
        etsysPolicyRuleAuditTrapEnable
             EnabledStatus,
        etsysPolicyRuleDisablePort
             EnabledStatus,
        etsysPolicyRuleOperPid
             Integer32
    }

etsysPolicyRuleProfileIndex OBJECT-TYPE
    SYNTAX      Integer32 (0|1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The etsysPolicyProfileIndex for which the rule is defined.

         A value of zero(0) has special meaning in that it scopes
         rules which are used to determine the Policy Profile to
         which the frame belongs.  See the etsysPolicyRuleResult1
         and etsysPolicyRuleResult2 descriptions for specifics of
         how the results of a rule hit differ when the
         etsysPolicyRuleProfileIndex is zero."
    ::= { etsysPolicyRuleEntry 1 }

etsysPolicyRuleType OBJECT-TYPE
    SYNTAX      PolicyClassificationRuleType 
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The type of network traffic reference by the 
         etsysPolicyRuleData."
    ::= { etsysPolicyRuleEntry 2 }

etsysPolicyRuleData OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE(0..64))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The data pattern to match against, as defined by the 
         etsysPolicyRuleType, encoded in network-byte order."
    ::= { etsysPolicyRuleEntry 3 }

etsysPolicyRulePrefixBits OBJECT-TYPE
    SYNTAX      Integer32(0|1..2048)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The relevant number of bits defined by the 
         etsysPolicyRuleData, to be used when matching against a 
         frame, relevant bits are specified in longest-prefix-first
         style (left to right).  A value of zero carries the special
         meaning of all bits are relevant."
    ::= { etsysPolicyRuleEntry 4 }

etsysPolicyRulePortType   OBJECT-TYPE
    SYNTAX      PortPolicyProfileIndexTypeTC
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The port number on which the rule will be applied.  Zero(0)
         is a special case, indicating that the rule should be applied
         to all ports."
    ::= { etsysPolicyRuleEntry 5 }

etsysPolicyRulePort   OBJECT-TYPE
    SYNTAX      Integer32(0|1..2147483647)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The port number on which the rule will be applied.  Zero(0)
         is a special case, indicating that the rule should be applied
         to all ports."
    ::= { etsysPolicyRuleEntry 6 }

etsysPolicyRuleRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The status of this row.

         When set to active(1) this entry's classification rule, as 
         referenced by etsysPolicyRulesOID, becomes one of 
         its associated policy's set of rules.

         When this entry's associated policy, as defined by 
         etsysPolicyRuleProfileIndex, is active and assigned to a port
         through the etsysPortPolicyProfileTable or to a station
         through the etsysStationPolicyProfileTabbe, this 
         classification rule will be applied to the port or station.
         The exact behavior of this application depends upon the 
         classification rule.

         When this object is set to notInService(2) or notReady(3)
         this entry is not considered one of its associated policy's
         set of rules and this classification rule will not be 
         applied."
    ::= { etsysPolicyRuleEntry 7 }

etsysPolicyRuleStorageType OBJECT-TYPE
    SYNTAX      StorageType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The storage type of this row.

         When set to volatile(1) this entry's classification rule, as 
         referenced by etsysPolicyRulesOID, will be removed (if
         present) from non-volatile storage.  Rows created dynamically
         by the device will typically report this as their default
         storage type.

         When set to nonVolatile(1) this entry's classification rule, as 
         referenced by etsysPolicyRulesOID, will be added to non-volatile 
         storage.  This is the default value for rows created as the result
         of external management.

         Values of other(0), permanent(4), and readOnly(5) may not be set,
         although they may be returned for rows created by the device."
    DEFVAL { nonVolatile }
    ::= { etsysPolicyRuleEntry 8 }

etsysPolicyRuleUsageList OBJECT-TYPE
    SYNTAX      PortList
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When read, a set bit indicates that this rule was used to
         classify traffic on the corresponding port.  When set, the 
         native PortList will be bit-wise AND'ed with the set PortList,
         allowing the agent to clear the usage indication."
    ::= { etsysPolicyRuleEntry 9 }

etsysPolicyRuleResult1 OBJECT-TYPE
    SYNTAX      Integer32(-1|0|1..4094|4095)
    MAX-ACCESS  read-create 
    STATUS      current
    DESCRIPTION
        "If the etsysPolicyRuleProfileIndex is 0 then this field is
         read-only and defines the profile ID which will assigned 
         to frames matching this rule.  This is the dynamically assigned 
         value and may differ from the administratively configured 
         value.

         If the etsysPolicyRuleProfileIndex is not 0 then this field is
         read-create and defines the VLAN ID with which to mark a frame 
         matching this PolicyRule.

         Note that three special, otherwise illegal, values of the
         etsysPolicyRuleVlan are used in defining the forwarding action.
         
             -1     Indicates that no VLAN or forwarding behavior 
                    modification is desired. A rule will not be matched
                    against for the purpose of determining a marking
                    VID if this value is set.
         
             0      Indicates that the default forwarding action 
                    is to drop the packets matching this rule.
                    
             4095   Indicates that the default forwarding action
                    is to forward any packets matching this rule."
    DEFVAL { -1 }
    ::= { etsysPolicyRuleEntry 10 }

etsysPolicyRuleResult2 OBJECT-TYPE
    SYNTAX      Integer32(-1|0..4095)
    MAX-ACCESS  read-create 
    STATUS      current
    DESCRIPTION
        "If the etsysPolicyRuleProfileIndex is 0 then this field is
         read-create and defines the profile ID which the managing
         entity desires assigned to frames matching this rule.  This
         is the administrative value and may differ from the 
         dynamically assigned active value.

         If the etsysPolicyRuleProfileIndex is not 0 then this field is
         The CoS with which to mark a frame matching this 
         PolicyRule.

         Note that one special, otherwise illegal, values of the
         etsysPolicyRuleCoS are used in defining the forwarding 
         action.
         
             -1     Indicates that no CoS or forwarding behavior 
                    modification is desired. A rule will not be 
                    matched against for the purpose of determining 
                    a CoS if this value is set."
         
    DEFVAL { -1 }
    ::= { etsysPolicyRuleEntry 11 }

etsysPolicyRuleAuditSyslogEnable OBJECT-TYPE
    SYNTAX      EnabledStatus
    MAX-ACCESS  read-create 
    STATUS      current
    DESCRIPTION
        "Controls the sending of a syslog message when a bit in the
         etsysPolicyRuleUsageList transitions from 0 to 1."
    DEFVAL { disabled }
    ::= { etsysPolicyRuleEntry 12 }

etsysPolicyRuleAuditTrapEnable OBJECT-TYPE
    SYNTAX      EnabledStatus
    MAX-ACCESS  read-create 
    STATUS      current
    DESCRIPTION
        "Controls the sending of an SNMP NOTIFICATION when a bit in the
         etsysPolicyRuleUsageList transitions from 0 to 1."
    DEFVAL { disabled }
    ::= { etsysPolicyRuleEntry 13 }

etsysPolicyRuleDisablePort OBJECT-TYPE
    SYNTAX      EnabledStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Controls the disabling of a port (ifOperStatus of the
         corresponding ifIndex will be down) when a bit in the 
         etsysPolicyRuleUsageList transitions from 0 to 1.  When set to
         enabled, the corresponding ifIndex will be disabled upon the 
         transition."
    DEFVAL { disabled }
    ::= { etsysPolicyRuleEntry 14 }

etsysPolicyRuleOperPid OBJECT-TYPE
    SYNTAX      Integer32(-1|0..4095)
    MAX-ACCESS  read-only 
    STATUS      current
    DESCRIPTION
        "If the etsysPolicyRuleProfileIndex is 0 then this field 
         contains the currently applied profile ID for frames
         matching this rule.  This may be either the administratively
         applied value or the dynamically applied value.

         If the etsysPolicyRuleProfileIndex is not 0, then this
         object does not exist and will not be returned.

         Note that one special, otherwise illegal, values of the
         etsysPolicyRuleCoS are used in defining the forwarding 
         action.
         
             -1     Indicates that no profile ID is being applied
                    by this rule."
    DEFVAL { -1 }
    ::= { etsysPolicyRuleEntry 15 }

-- -------------------------------------------------------------
-- etsysPolicyRulePortTable
-- -------------------------------------------------------------

etsysPolicyRulePortTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EtsysPolicyRulePortEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The purpose of this table is to provide an agent the
         ability to easily determine which rules have been used
         on a given bridge port.  A row will only be present when
         the rule which the instancing describes has been used.
         The agent may remove a row (and clear the used status)
         by setting the etsysPolicyRulePortHit leaf to False.
         PolicyClassificationRuleType together with a length, 
         matching data and a relevant bits field, port type,
         and port number (port number zero is reserved to mean any
         port), scoped by a etsysPolicyRuleProfileIndex, and preceded by 
         a dot1dBasePort is used as the table index."
    ::= { etsysPolicyRules 7 }

etsysPolicyRulePortEntry OBJECT-TYPE
    SYNTAX      EtsysPolicyRulePortEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "."
    INDEX    { dot1dBasePort,
               etsysPolicyRuleProfileIndex, 
               etsysPolicyRuleType,
               etsysPolicyRuleData,
               etsysPolicyRulePrefixBits,
               etsysPolicyRulePortType,
               etsysPolicyRulePort }
    ::= { etsysPolicyRulePortTable 1 }

EtsysPolicyRulePortEntry ::=
    SEQUENCE {
        etsysPolicyRulePortHit     TruthValue
    }

etsysPolicyRulePortHit OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Every row will report a value of True, indicating that the
         Rule described by the instancing was used on the given
         port.  An agent may be set this leaf to False to clear 
         remove the row and clear the Rule Use bit for the 
         specified Rule, on the given bridgePort."
    ::= { etsysPolicyRulePortEntry 1 }

etsysPolicyRuleDynamicProfileAssignmentOverride OBJECT-TYPE
    SYNTAX      TruthValue 
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "If true, administratively assigned profile assignment
         rules override dynamically assigned profiles assignments
         for a given rule.  If false, the dynamically assigned 
         value (typically created by a successful authentication
         attempt) overrides the administratively configured value.
         The agent may optionally implement this leaf as read-only."
    DEFVAL { false }
    ::= { etsysPolicyRules 8 }

etsysPolicyRuleDefaultDynamicSyslogStatus OBJECT-TYPE
    SYNTAX      EnabledStatus 
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "If enabled(1), rules dynamically created will set 
         etsysPolicyRuleAuditSyslogEnable to enabled.  If
         disabled(2) a dynamically created rule will have
         etsysPolicyRuleAuditSyslogEnable set to disabled.
         The agent may optionally implement this leaf as read-only."
    DEFVAL { disabled }
    ::= { etsysPolicyRules 9 }

etsysPolicyRuleDefaultDynamicTrapStatus OBJECT-TYPE
    SYNTAX      EnabledStatus 
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "If enabled(1), rules dynamically created will set 
         etsysPolicyRuleAuditTrapEnable to enabled.  If
         disabled(2) a dynamically created rule will have
         etsysPolicyRuleAuditTrapEnable set to disabled.
         The agent may optionally implement this leaf as read-only."
    DEFVAL { disabled }
    ::= { etsysPolicyRules 10 }

-- -------------------------------------------------------------
-- Conformance Information
-- -------------------------------------------------------------

etsysPolicyProfileConformance OBJECT IDENTIFIER 
                          ::= { etsysPolicyProfileMIB 7 }

etsysPolicyProfileGroups OBJECT IDENTIFIER 
                          ::= { etsysPolicyProfileConformance 1 }

etsysPolicyProfileCompliances OBJECT IDENTIFIER 
                          ::= { etsysPolicyProfileConformance 2 }


-- -------------------------------------------------------------
-- Units of Conformance
-- -------------------------------------------------------------

etsysPolicyProfileGroup OBJECT-GROUP
    OBJECTS {
                etsysPolicyProfileMaxEntries,
                etsysPolicyProfileNumEntries,
                etsysPolicyProfileLastChange,
                etsysPolicyProfileTableNextAvailableIndex,
                etsysPolicyProfileName,
                etsysPolicyProfileRowStatus,
                etsysPolicyProfilePortVidStatus,
                etsysPolicyProfilePortVid,
                etsysPolicyProfilePriorityStatus,
                etsysPolicyProfilePriority,
                etsysPolicyProfileEgressVlans,
                etsysPolicyProfileForbiddenVlans,
                etsysPolicyProfileUntaggedVlans,
                etsysPolicyProfileOverwriteTCI,
                etsysPolicyProfileRulePrecedence
            }
    STATUS  current
    DESCRIPTION
        "A collection of objects providing Policy Profile Creation."
    ::= { etsysPolicyProfileGroups 1 }

etsysPolicyClassificationGroup OBJECT-GROUP
    OBJECTS {
                etsysPolicyClassificationMaxEntries,
                etsysPolicyClassificationNumEntries,
                etsysPolicyClassificationLastChange,
                etsysPolicyClassificationOID,
                etsysPolicyClassificationRowStatus,
                etsysPolicyClassificationIngressList
            }

    STATUS  deprecated
    DESCRIPTION
        "A collection of objects providing a mapping between a set 
         of Classification Rules and a Policy Profile."
    ::= { etsysPolicyProfileGroups 2 }

etsysPortPolicyProfileGroup OBJECT-GROUP
    OBJECTS {
                etsysPortPolicyProfileLastChange,
                etsysPortPolicyProfileAdminID,
                etsysPortPolicyProfileOperID,
                etsysPortPolicyProfileSummaryAdminID,
                etsysPortPolicyProfileSummaryOperID
            }
    STATUS  deprecated
    DESCRIPTION
        "A collection of objects providing a mapping from a 
         specific port to a Policy Profile instance.  Only 
         the read-only portions of this group are now current.
         They are listed under etsysPortPolicyProfileGroup2."
    ::= { etsysPolicyProfileGroups 3 }

etsysStationPolicyProfileGroup OBJECT-GROUP
    OBJECTS {
                etsysStationPolicyProfileMaxEntries,
                etsysStationPolicyProfileNumEntries,
                etsysStationPolicyProfileLastChange,
                etsysStationIdentifierType,
                etsysStationIdentifier,
                etsysStationPolicyProfileOperID,
                etsysStationPolicyProfilePortType,
                etsysStationPolicyProfilePortID
            }
    STATUS  current
    DESCRIPTION
        "A collection of objects providing a mapping from a 
         specific station to a Policy Profile instance."
    ::= { etsysPolicyProfileGroups 5 }

 etsysInvalidPolicyPolicyGroup OBJECT-GROUP
    OBJECTS {
                etsysInvalidPolicyAction,
                etsysInvalidPolicyCount
            }
    STATUS  current
    DESCRIPTION
        "A collection of objects that help to define a mapping
         from logical authorization services outcomes to access
         control and policy actions."
    ::= { etsysPolicyProfileGroups 6 }

etsysDevicePolicyProfileGroup OBJECT-GROUP
    OBJECTS {
                etsysDevicePolicyProfileDefault
            }
    STATUS  current
    DESCRIPTION
        "An object that provides a device level supplemental policy
         for entities that are not able to apply portions of the
         profile definition uniquely on individual ports."
    ::= { etsysPolicyProfileGroups 7 }

etsysPolicyCapabilitiesGroup OBJECT-GROUP
    OBJECTS {
                etsysPolicyCapabilities,
                etsysPolicyVlanRuleCapabilities,
                etsysPolicyCosRuleCapabilities,
                etsysPolicyDropRuleCapabilities,
                etsysPolicyForwardRuleCapabilities,
                etsysPolicyDynaPIDRuleCapabilities ,
                etsysPolicyAdminPIDRuleCapabilities,
                etsysPolicySyslogRuleCapabilities,
                etsysPolicyTrapRuleCapabilities,
                etsysPolicyDisablePortRuleCapabilities 
            }
    STATUS  current
    DESCRIPTION
        "An object that indicates the capabilities of the managed
         entity with respect to Policy Profiles."
    ::= { etsysPolicyProfileGroups 8 }

etsysPolicyMapGroup  OBJECT-GROUP
    OBJECTS {
                 etsysPolicyMapMaxEntries,
                 etsysPolicyMapNumEntries,
                 etsysPolicyMapLastChange,
                 etsysPolicyMapPvidOverRide,
                 etsysPolicyMapUnknownPvidPolicy,
                 etsysPolicyMapRowStatus,
                 etsysPolicyMapStartVid,
                 etsysPolicyMapEndVid,
                 etsysPolicyMapPolicyIndex
            }
    STATUS  current
    DESCRIPTION
        "An object group that provides support for mapping between RFC
         3580 style VLAN-policy and Enterasys UPN-policy based on named
         roles."
    ::= { etsysPolicyProfileGroups 9 }

etsysPolicyRulesGroup OBJECT-GROUP
    OBJECTS {
                etsysPolicyRulesMaxEntries,
                etsysPolicyRulesNumEntries,
                etsysPolicyRulesLastChange,
                etsysPolicyRulesAccountingEnable,
                etsysPolicyRulesPortDisabledList,
                etsysPolicyRuleRowStatus,
                etsysPolicyRuleStorageType,
                etsysPolicyRuleUsageList,
                etsysPolicyRuleResult1,
                etsysPolicyRuleResult2,
                etsysPolicyRuleAuditSyslogEnable,
                etsysPolicyRuleAuditTrapEnable,
                etsysPolicyRuleDisablePort,
                etsysPolicyRuleOperPid,
                etsysPolicyRulePortHit,
                etsysPolicyRuleDynamicProfileAssignmentOverride, 
                etsysPolicyRuleDefaultDynamicSyslogStatus,
                etsysPolicyRuleDefaultDynamicTrapStatus
            }
    STATUS  current
    DESCRIPTION
        "An object that indicates the capabilities of the managed
         entity with respect to Policy Profiles."
    ::= { etsysPolicyProfileGroups 10 }

etsysPortPolicyProfileGroup2 OBJECT-GROUP
    OBJECTS {
                etsysPortPolicyProfileSummaryAdminID,
                etsysPortPolicyProfileSummaryOperID,
                etsysPortPolicyProfileSummaryDynamicID
            }
    STATUS  current
    DESCRIPTION
        "A collection of objects providing a mapping from a 
         specific port to a Policy Profile instance."
    ::= { etsysPolicyProfileGroups 11 }


-- -------------------------------------------------------------
-- compliance statements
-- -------------------------------------------------------------

etsysPolicyProfileCompliance MODULE-COMPLIANCE
    STATUS  deprecated
    DESCRIPTION
        "The compliance statement for devices that support Policy 
         Profiles.

         This compliance statement was deprecated to add
         mandatory support for the etsysPolicyCapabilitiesGroup
         and conditionally mandatory support for the
         etsysDevicePolicyProfileGroup."
    MODULE -- this module
    MANDATORY-GROUPS { etsysPolicyProfileGroup, 
                       etsysPortPolicyProfileGroup }

    GROUP etsysPolicyClassificationGroup
    DESCRIPTION
        "The etsysPolicyClassification group is mandatory only
         for agents which support advanced packet classification."  
         
    GROUP etsysStationPolicyProfileGroup
    DESCRIPTION
        "The etsysStationPolicyProfileGroup is mandatory only
         for agents which support station-based policy application."
         
    GROUP etsysInvalidPolicyPolicyGroup
    DESCRIPTION  
         "The etsysInvalidPolicyPolicyGroup is mandatory only 
         for agents which support provisioning of policy based on 
         AAA services such as RADIUS."

    ::= { etsysPolicyProfileCompliances 1 }


etsysPolicyProfileCompliance2 MODULE-COMPLIANCE
    STATUS  deprecated
    DESCRIPTION
        "The compliance statement for devices that support Policy 
         Profiles.

         This compliance state was deprecated to remove the
         conditional support of the etsysPolicyClassificationGroup,
         and  add support for the etsysPolicyMapGroup and the 
         etsysPolicyRulesGroup."
    MODULE -- this module
    MANDATORY-GROUPS { etsysPolicyProfileGroup, 
                       etsysPortPolicyProfileGroup,
                       etsysPolicyCapabilitiesGroup }

    GROUP etsysPolicyClassificationGroup
    DESCRIPTION
        "The etsysPolicyClassification group is mandatory only
         for agents which support advanced packet classification."  
         
    GROUP etsysStationPolicyProfileGroup
    DESCRIPTION
        "The etsysStationPolicyProfileGroup is mandatory only
         for agents which support station-based policy application."
         
    GROUP etsysInvalidPolicyPolicyGroup
    DESCRIPTION  
        "The etsysInvalidPolicyPolicyGroup is mandatory only 
         for agents which support provisioning of policy based on 
         AAA services such as RADIUS."

    GROUP etsysDevicePolicyProfileGroup
    DESCRIPTION  
        "The etsysDevicePolicyProfileGroup is mandatory for agents
         that cannot support complete policies on a per port basis."

    GROUP etsysPolicyMapGroup
    DESCRIPTION
         "The etsysPolicyMapGroup is mandatory for agents that
          support RFC 3580 compliance."
    ::= { etsysPolicyProfileCompliances 2 }

etsysPolicyProfileCompliance3 MODULE-COMPLIANCE
    STATUS  current
    DESCRIPTION
        "The compliance statement for devices that support Policy 
         Profiles."
    MODULE -- this module
    MANDATORY-GROUPS { etsysPolicyProfileGroup, 
                       etsysPortPolicyProfileGroup2,
                       etsysPolicyCapabilitiesGroup }

    GROUP etsysStationPolicyProfileGroup
    DESCRIPTION
        "The etsysStationPolicyProfileGroup is mandatory only
         for agents which support station-based policy application."
         
    GROUP etsysInvalidPolicyPolicyGroup
    DESCRIPTION  
        "The etsysInvalidPolicyPolicyGroup is mandatory only 
         for agents which support provisioning of policy based on 
         AAA services such as RADIUS."

    GROUP etsysDevicePolicyProfileGroup
    DESCRIPTION  
        "The etsysDevicePolicyProfileGroup is mandatory for agents
         that cannot support complete policies on a per port basis."

    GROUP etsysPolicyMapGroup
    DESCRIPTION
         "The etsysPolicyMapGroup is mandatory for agents that
          support RFC 3580 compliance."

    GROUP etsysPolicyRulesGroup
    DESCRIPTION
         "The etsysPolicyRulesGroup is mandatory for agents that
          support Policy rule accounting and usage reporting."
    ::= { etsysPolicyProfileCompliances 3 }
END