AD | Application | AWS | Azure | Cloud | Database | Enterprise | Environmental | Event Log | File System | IoT | IT Service | Network/System | Infra | Performance | Protocol | SaaS | Security | Service Level | Storage | Linux | VMware | VoIP | Web | Wireless | SNMP

Crumbtrail

MonitorTools.com » Technical documentation » SNMP » MIB » Enterasys Networks » ENTERASYS-PWA-MIB

ENTERASYS-PWA-MIB device MIB details by Enterasys Networks

ENTERASYS-PWA-MIB file content

The SNMP protocol is used to for conveying information and commands between agents and managing entities. SNMP uses the User Datagram Protocol (UDP) as the transport protocol for passing data between managers and agents. The reasons for using UDP for SNMP are, firstly it has low overheads in comparison to TCP, which uses a 3-way hand shake for connection. Secondly, in congested networks, SNMP over TCP is a bad idea because TCP in order to maintain reliability will flood the network with retransmissions.

Management information (MIB) is represented as a collection of managed objects. These objects together form a virtual information base called MIB. An agent may implement many MIBs, but all agents must implement a particular MIB called MIB-II [16]. This standard defines variables for things such as interface statistics (interface speeds, MTU, octets sent, octets received, etc.) as well as various other things pertaining to the system itself (system location, system contact, etc.). The main goal of MIB-II is to provide general TCP/IP management information.

Use ActiveXperts Network Monitor 2024 to import vendor-specific MIB files, inclusing ENTERASYS-PWA-MIB.


Vendor: Enterasys Networks
Mib: ENTERASYS-PWA-MIB  [download]  [view objects]
Tool: ActiveXperts Network Monitor 2024 [download]    (ships with advanced SNMP/MIB tools)
ENTERASYS-PWA-MIB DEFINITIONS ::= BEGIN

--  enterasys-pwa-mib.txt
--
--  Part Number:
--
--

--  This module provides authoritative definitions for Enterasys 
--  Networks' Port Web Authentication MIB.

--
--  This module will be extended, as needed.

--  Enterasys Networks reserves the right to make changes in
--  specification and other information contained in this document
--  without prior notice.  The reader should consult Enterasys Networks
--  to determine whether any such changes have been made.
--
--  In no event shall Enterasys Networks be liable for any incidental,
--  indirect, special, or consequential damages whatsoever (including
--  but not limited to lost profits) arising out of or related to this
--  document or the information contained in it, even if Enterasys
--  Networks has been advised of, known, or should have known, the
--  possibility of such damages.
--
--  Enterasys Networks grants vendors, end-users, and other interested
--  parties a non-exclusive license to use this Specification in 
--  connection with the management of Enterasys Networks products.

--  Copyright February, 2001-2003 Enterasys Networks, Inc.

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, Counter32, Counter64, Integer32,
    IpAddress
        FROM SNMPv2-SMI
    TruthValue, TimeStamp, TimeInterval, MacAddress, DisplayString
        FROM SNMPv2-TC
    MODULE-COMPLIANCE, OBJECT-GROUP
        FROM SNMPv2-CONF
    SnmpAdminString
        FROM SNMP-FRAMEWORK-MIB
    ZeroBasedCounter32
        FROM RMON2-MIB
    InterfaceIndex
        FROM IF-MIB
    EnabledStatus 
        FROM P-BRIDGE-MIB
    InetAddressType, InetAddress
        FROM INET-ADDRESS-MIB
    etsysModules
        FROM ENTERASYS-MIB-NAMES;

etsysPwaMIB MODULE-IDENTITY 
    LAST-UPDATED "200311051656Z"  -- Wed Nov  5 16:56 GMT 2003
    ORGANIZATION "Enterasys Networks, Inc"
    CONTACT-INFO
        "Postal:  Enterasys Networks
                  50 Minuteman Rd.
                  Andover, MA 01810-1008
                  USA
         Phone:   +1 978 684 1000
         E-mail:  support@enterasys.com
         WWW:     http://www.enterasys.com"

    DESCRIPTION 
        "This MIB module provides the ability to configure the 
         Port Web Authentication (PWA) component in a switch.
         PWA provides a way of authenticating a user on a 
         switch port before allowing the user general access
         to the network. Only the essential protocols and
         services required by the authentication process
         are allowed on the segment between the end-station
         and the switch port. All other traffic will be
         discarded.  When a user is in the unauthenticated
         state, any traffic generated by the end-station
         will not go beyond the switch port that they are 
         connected to.

         The PWA/login process from the user standpoint is
         simple. The user makes a request via their favorite
         web browser for the 'secureharbour' web page. Depending 
         upon the authenticated state of the port, a login page
         is provided so that the user can enter their username
         and password, or a logout page is presented to the user.
         When they submit their login page, the switch will then 
         authenticate them via a preconfigured radius server. 
         If the login is successful, then the port that the
         end-station is connected to will be turned on and
         full network access will be granted according to the 
         users port configuration on the switch.

         This MIB module also provides status about the PWA
         component and statistics about all current users who
         are logged into the switch."

    REVISION     "200311051656Z"  -- Wed Nov  5 16:56 GMT 2003
    DESCRIPTION
        "Added the etsysPwaSystemEnhancedModeRefreshTime object."

    REVISION     "200308041122Z"  -- Mon Aug  4 11:22 GMT 2003
    DESCRIPTION
        "Added objects to support Guest Networking."

    REVISION     "200305141932Z"  -- Wed May 14 19:32 GMT 2003
    DESCRIPTION
        "Added the etsysPwaLogoDisplayStatus object."

    REVISION     "200212132156Z"  -- Fri Dec 13 21:56 GMT 2002
    DESCRIPTION
        "Added the etsysPwaSystemAuthEnhancedMode object.
         Updated the CONTACT-INFO clause."

    REVISION     "200205152044Z"  -- Wed May 15 20:44 GMT 2002
    DESCRIPTION 
        "Changed the syntax of etsysPwaAuthQuietPeriod and
         etsysPwaAuthMaxReq to Integer32.  Corrected the
         conformance section to reflect the changes that were
         made yesterday."

    REVISION     "200205142130Z"  -- Tue May 14 21:30 GMT 2002
    DESCRIPTION 
        "Changed the syntax of etsysPwaSystemAuthIPAddress
         from InetAddress to IpAddress, to match existing and
         shipping implementations, and deprecated it as well.
         Deprecated etsysPwaSystemAuthIPAddressType.
         Added the etsysPwaSystemAuthInetAddressType and
         etsysPwaSystemAuthInetAddress objects to replace the
         deprecated functionality.  Updated the CONTACT-INFO."

    REVISION     "200203212149Z"  -- Thu Mar 21 21:49 GMT 2002
    DESCRIPTION 
        "Changed the definition of etsysPwaSystemAuthHostName
         from OCTET-STRING to DisplayString."

    REVISION     "200106071600Z"
    DESCRIPTION 
        "The initial version of this MIB module"
    ::= { etsysModules 8 } 


-- -------------------------------------------------------------
-- MIB Objects
-- -------------------------------------------------------------

etsysPwaSystem              OBJECT IDENTIFIER ::= { etsysPwaMIB 1 }
etsysPwaPortConfiguration   OBJECT IDENTIFIER ::= { etsysPwaMIB 2 }
etsysPwaPortStatus          OBJECT IDENTIFIER ::= { etsysPwaMIB 3 }
etsysPwaSession             OBJECT IDENTIFIER ::= { etsysPwaMIB 4 }


-- -------------------------------------------------------------
-- The PWA System Group
-- -------------------------------------------------------------

etsysPwaSystemAuthControl OBJECT-TYPE
    SYNTAX      EnabledStatus
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The administrative enable/disable state for Port Web 
         Authentication Control in a System. Enabling this object
         turns on the PWA system."
    REFERENCE "Port Web Authentication Architectural Specification"
    DEFVAL { disabled }
    ::= { etsysPwaSystem 1 }

etsysPwaSystemAuthHostName OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..32))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This is the hostname part the Uniform Resource Locator
         (URL). This object is a DNS/WINS name and is considered
         to be bound to the etsysPwaSystemAuthIPAddress. 
         This object must not contain the protocol portion of the URL 
         nor any directory or filenames. Changing this objects value
         changes the default name of the http server located at the
         local switch. An administrator can change this objects value
         to whatever name is appropriate for their network."
    DEFVAL { "secureharbour" }
    ::= { etsysPwaSystem 2 }

etsysPwaSystemAuthBanner OBJECT-TYPE
    SYNTAX      SnmpAdminString
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The banner that will be displayed on the web login page 
         of the Port Web Authentication Control in a System. This
         banner is a courtesy introduction to the network, which
         the user sees on the login page."
    DEFVAL { "Enterasys Networks Incorporated
              P.O. Box 5005
              Rochester, NH 03866-5005 USA
              603 337-9400" }
    ::= { etsysPwaSystem 3 }

etsysPwaSystemPwaNameServicesEnable OBJECT-TYPE
    SYNTAX      EnabledStatus
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The enable state of the name services application. 
         Enabling this object turns on the Domain Name Service
         (DNS) and the Windows Internet Naming Services (WINS)
         clients. These clients will resolve only requests for
         the etsysPwaSystemAuthHostName. Disabling this object
         would require users in the network to know and use the
         etsysPwaSystemAuthIPAddress of this system."
    DEFVAL { disabled }
    ::= { etsysPwaSystem 4 }

etsysPwaSystemAuthIPAddressType OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-write
    STATUS      deprecated
    DESCRIPTION
        "This object has been deprecated.  Refer to
         etsysPwaSystemAuthIPAddress for the reason.
         The textual convention for InetAddressType
         states that this object must be registered
         immediately before the InetAddress that it
         defines. etsysPwaSystemAuthInetAddressType
         MUST be used for all future implementations
         of this MIB."
    ::= { etsysPwaSystem 5 }

etsysPwaSystemAuthIPAddress OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-write
    STATUS      deprecated
    DESCRIPTION
        "This object has been deprecated due to an incorrect
         initial implementation of this MIB.  This object was
         originally an InetAddress but some versions of the E7
         firmware implemented it as an IpAddress.  The syntax
         of this object was changed to allow management of the
         existing products.  The etsysPwaSystemAuthInetAddress
         object MUST be used for all future implementations of
         this MIB."
    ::= { etsysPwaSystem 6 }

etsysPwaSystemAuthProtocol OBJECT-TYPE
    SYNTAX      INTEGER { chap(1), pap(2) }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The authentication protocol used for this switch module.
         When set to a chap(1), the authentication scheme used will 
         be the 'PPP Challenge Handshake Authentication Protocol 
         (CHAP)', when set to a pap(2), the scheme will be 
         'Password Authentication Protocol (PAP)'.
         
         When using the CHAP protocol, the username and password 
         utilize the CHAP protocol method of encryption to encrypt
         the users password in the http transmission of the submitted
         form on the segment between the end-station and the
         switch port.

         The PAP protocol is less secure than CHAP and does not
         provide any encryption on the segment between the 
         end-station the switch port. The username and password
         go over this segment in the http transmission of the 
         submitted form in plain text format."
    DEFVAL { pap }
    ::= { etsysPwaSystem 7 }

etsysPwaSystemAuthDomain OBJECT-TYPE
    SYNTAX      SnmpAdminString
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The domain name for which this module resides in."
    ::= { etsysPwaSystem 8 }

etsysPwaSystemAuthInetAddressType OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "A value that represents a type of 
         etsysPwaSystemAuthInetAddress.

         unknown(0)  An unknown address type. This value MUST
                     be used if the value of the corresponding
                     InetAddress object is a zero-length string.
                     It may also be used to indicate an IP address
                     which is not in one of the formats defined
                     below.

         ipv4(1)     An IPv4 address as defined by the
                     InetAddressIPv4 textual convention.

         ipv6(2)     An IPv6 address as defined by the
                     InetAddressIPv6 textual convention."
    ::= { etsysPwaSystem 9 }

etsysPwaSystemAuthInetAddress OBJECT-TYPE
    SYNTAX      InetAddress
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The IP address bound to the etsysPwaSystemAuthHostName.
         The format of this object is defined in the
         etsysPwaSystemAuthInetAddressType object. This address
         MUST be supplied for authentication to work. This is a
         globally unique address and must be the same value
         configured into every authenticating switch in the domain.
         Each switch terminates any IP traffic destined to this
         etsysPwaSystemAuthInetAddress. If the port is in either 
         promiscousAuto(4) or auto(2) mode, described in the 
         etsysPwaControlledPortControl object, then the local 
         switch in question responds to http requests with a login 
         page. If the port is in any other mode, then all traffic 
         destined for etsysPwaSystemAuthInetAddress is discarded.
         Please note that neither the etsysPwaSystemAuthHostName 
         object nor this object refer to any specific machine
         in the network. These objects are always relative to the
         connection between an end station and a switch. Traffic
         destined for this IP is never seen over interswitch links."
    ::= { etsysPwaSystem 10 }

etsysPwaSystemAuthEnhancedMode OBJECT-TYPE
    SYNTAX      EnabledStatus
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The enable state of the PWA enhanced mode. When this
         feature is enabled users on unauthenticated ports will
         be presented the login page on their initial web access.
         The etsysPwaControlledPortControl object MUST be set to
         auto(2) for this feature to function correctly.
         If etsysPwaControlledPortControl is not set to auto(2),
         or if this feature is disabled, users must enter the
         value of etsysPwaSystemAuthHostName in order to get the
         login page."
     DEFVAL { disabled }
    ::= { etsysPwaSystem 11 }

etsysPwaLogoDisplayStatus OBJECT-TYPE
    SYNTAX      EnabledStatus
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When this object is set to enabled, the secureharbour
         logo will be displayed on the PWA login web pages.
         When it is set to disabled, the logo will not be displayed."
    DEFVAL { enabled }
    ::= { etsysPwaSystem 12 }

etsysPwaSystemGuestUsername OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..32))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The username that the Guest Networking feature will use to
         authenticate users that do not override this value in the
         login page."
    DEFVAL { "guest" }
    ::= { etsysPwaSystem 13 }

etsysPwaSystemGuestPassword OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..32))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The password that the Guest Networking feature will use to
         authenticate users that do not override the guest username.
         On a read this object will always return an empty string."
    DEFVAL { "" }
    ::= { etsysPwaSystem 14 }

etsysPwaSystemGuestPasswordValid OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "true(1)  - indicates that etsysPwaGuestPassword was last set
         with some value other than the empty string.

         false(2) - indicates that etsysPwaGuestPassword has never
         been set, or was last set to the empty string."
   DEFVAL { false }
    ::= { etsysPwaSystem 15 }


etsysPwaSystemGuestNetworkingStatus OBJECT-TYPE
    SYNTAX      INTEGER { disabled(1),
                          authNone(2),
                          authRadius(3) }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Guest Networking is a feature that allows a user to get default
         policy access to the network without having to know a username
         or password. When this feature is not disabled(1), the username
         on the login page will be populated with the value from the
         object etsysPwaGuestUsername and the password will be mask out
         with asterisks. The password in the login page should never be
         populated with the value from etsysPwaGuestPassword. When Guest
         Networking is enabled, and a user submits a request for
         authentication, and the username is the same as the value from
         etsysPwaGuestUsername, PWA will use the value from
         etsysPwaGuestPassword as the password for authentication.

         When this object is set to disabled(1), Guest Networking will
         be unavailable. 

         When set to authNone(2) Guest Networking will be enabled and
         it will not authenticate the guest user using any authentication
         method. Once the user submits the login page with the username
         that matches the value from etsysPwaGuestUsername, the default
         policy of that port will become the active policy.

         When set to authRadius(3) Guest Networking will be enabled and
         it will authenticate the guest user using RADIUS authentication
         Upon a successful authentication from RADIUS, this port will
         apply the policy returned from RADIUS to that port."
    DEFVAL { disabled }
    ::= { etsysPwaSystem 16 }

 etsysPwaSystemEnhancedModeRefreshTime OBJECT-TYPE
    SYNTAX      Integer32  (0..120)
    UNITS       "seconds"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This is the value that is displayed on the PWA login success
         page as the redirect time. 
         
         If a user, using PWA enhanced mode, enters a URL of
         'http://enterasys.com' prior to being presented with the PWA
         login page and then successfully authenticates into the network
         they would be presented with a login success page that displays
         'Welcome to the Network. Completing network connections.
         You will be redirected to http://enterasys.com in
         approximately 30 seconds'. 

         An end-station that is utilizing the Dynamic Host Configuration
         Protocol (DHCP) as a means of obtaining an IP address will take
         some time to transition from the temporary IP address issued by
         PWA, as part of the authentication process, to the official IP
         address issued by the network.  

         etsysPwaSystemEnhancedModeRefreshTime provides a configurable
         time period for the end-stations on a given switch to complete
         the process of obtaining their official IP addresses and to
         begin using them.  The default value of 30 seconds has been
         shown to be adequate in most environments.  In some networks
         this time period may need to be longer, and in other networks
         it could be shorter.

         In networks that only use static IP addresses a time period on
         the order of 5 to 10 seconds may be sufficient.  A period of
         less than 5 seconds is not recommended as there is a slight
         delay after a successful login before the switch transitions
         the port to forwarding."
    DEFVAL { 30 }
    ::= { etsysPwaSystem 17 }

-- -------------------------------------------------------------
-- The PWA Port Configuration Table
-- -------------------------------------------------------------

etsysPwaPortConfigurationTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EtsysPwaPortConfigurationEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table of configuration objects for each port that are
         supported by the Port Web Authentication Entity. An entry
         appears in this table for each port in this system. All 
         objects/instances in this table are stored persistent
         memory."
    ::= { etsysPwaPortConfiguration 1 }

etsysPwaPortConfigurationEntry OBJECT-TYPE
    SYNTAX      EtsysPwaPortConfigurationEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The ifIndex number, maximum number of requests, quiet 
         period between failed attempts, and initialization control 
         for a Port. This table holds the objects for configuring 
         the PWA system."
    INDEX { etsysPwaPortNumber }
    ::= { etsysPwaPortConfigurationTable 1 }

EtsysPwaPortConfigurationEntry ::=
    SEQUENCE {
        etsysPwaPortNumber
             InterfaceIndex,
        etsysPwaInitializePort
             TruthValue,
        etsysPwaAuthQuietPeriod
             Integer32,
        etsysPwaAuthMaxReq
             Integer32,
        etsysPwaControlledPortControl
             INTEGER
    }

etsysPwaPortNumber OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The ifIndex number associated with this port."
    ::= { etsysPwaPortConfigurationEntry 1 }

 etsysPwaInitializePort OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The initialization control for this ifIndex. This object
         can be used to unauthenticate a user on a port or to return
         the port to its initial default state due to some unknown
         condition. Setting this attribute to true(1) causes the
         Port to be initialized. The attribute value reverts to
         false(2) once initialization has completed. Initializing a
         port returns the etsysPwaAuthPwaState to disconnected(1)
         and if the etsysPwaControlledPortControl setting is either
         promiscousAuto(4) or auto(2), and the etsysPwaAuthPwaState
         was authenticated(3), then the current session is terminated,
         and the user is forced off the network."
    ::= { etsysPwaPortConfigurationEntry 2 }

etsysPwaAuthQuietPeriod OBJECT-TYPE
    SYNTAX      Integer32 (0..2147483647)
    UNITS       "seconds"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value, in seconds, of the quietPeriod constant 
         currently in use by the Port Web Authenticator state
         machine. After the user attempts unsuccessfully to login 
         a number of times equal to the etsysPwaAuthMaxReq constant,
         then the ifIndex is locked for a time period equal to the 
         value of this MIB entry.

         In the initial released version of this MIB this object
         was an Unsigned32.  The initial implementation on the E7
         returned an Integer32.  The syntax of this object was
         changed to reflect the existing product in the field.
         All future implementations of this object should return
         an Integer32."
    DEFVAL { 60 }
    ::= { etsysPwaPortConfigurationEntry 3 }

etsysPwaAuthMaxReq OBJECT-TYPE
    SYNTAX      Integer32 (0..2147483647)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of the maxReq constant currently in use by the 
         Port Web Authenticator state machine. This represents the 
         maximum number of failed retry attempts before preventing 
         any further attempts for a time period equal to the value
         of etsysPwaAuthQuietPeriod.

         In the initial released version of this MIB this object
         was an Unsigned32.  The initial implementation on the E7
         returned an Integer32.  The syntax of this object was
         changed to reflect the existing product in the field.
         All future implementations of this object should return
         an Integer32."
    DEFVAL { 2 }
    ::= { etsysPwaPortConfigurationEntry 4 }

etsysPwaControlledPortControl OBJECT-TYPE
    SYNTAX INTEGER {
                       forceUnauthorized(1),
                       auto(2),
                       forceAuthorized(3),
                       promiscousAuto(4)
                    }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The authentication method of the ifIndex. 
         A value of forceUnauthorized(1) indicates that the 
         port is always unauthenticated. When set to this value
         the ifindex is essentially disabled.
 
         A value of auto(2) indicates that the ifindex will
         authenticate users using PWA process. In this mode  
         the switch will provide all the services the 
         end-station will need to complete the login. These 
         services include a Dynamic Host Configuration Protocol 
         (DHCP) server, a Windows Internet Naming Server (WINS), 
         and a Domain Name Service (DNS) Server.
 
         A value of forceAuthorized(3) indicates the port is always 
         authorized. When set to this value, the ifindex will
         always be authenticated. 
 
         When set to promiscousAuto(4) the services that are 
         required to complete the network login are not provided
         by the switch. These services must be provided on a 
         back-end network that the end-station can communicate
         with. These services might be specific to the particular
         Operating System of the end-station and could also include
         the same services as provided in auto mode."
    DEFVAL { forceAuthorized }
    ::= { etsysPwaPortConfigurationEntry 5 }


-- -------------------------------------------------------------
-- The PWA Port Status Table
-- -------------------------------------------------------------

etsysPwaAuthStatusTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EtsysPwaAuthStatusEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table that contains the status objects for the Port 
         Web Authenticator associated with each ifIndex. An
         entry appears in this table for each ifIndex that may
         authenticate access to itself. All objects/instances
         in this table are stored in persistent memory."
    ::= { etsysPwaPortStatus 1 }

etsysPwaAuthStatusEntry OBJECT-TYPE
    SYNTAX      EtsysPwaAuthStatusEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The status information for an Authenticator PWA."
    INDEX { etsysPwaPortNumber }
    ::= { etsysPwaAuthStatusTable 1 }

EtsysPwaAuthStatusEntry ::=
    SEQUENCE {
        etsysPwaAuthPwaState
             INTEGER,
        etsysPwaMaxFailedAttempts
             ZeroBasedCounter32,
        etsysPwaFailedAttemptsSinceLogon
             ZeroBasedCounter32,
        etsysPwaLastLogonResult
             SnmpAdminString
    }

etsysPwaAuthPwaState OBJECT-TYPE
    SYNTAX  INTEGER {
                      disconnected(1),
                      authenticating(2),
                      authenticated(3),
                      held(4)
                    }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The current value of the Port Web Authenticator state
         machine. When set to disconnected(1) no user is logged in.
         When set to authenticating(2), it indicates that a login is
         in process and has not yet completed. A value of 
         authenticated(3) indicates a user has successfully logged
         in. When the value is held(4) it indicates that the port is
         locked down because the number of failed login attempts is
         greater than etsysPwaAuthMaxReq.The port will be locked until
         the etsysPwaAuthQuietPeriod has expired."
    ::= { etsysPwaAuthStatusEntry 1 }

etsysPwaMaxFailedAttempts OBJECT-TYPE
    SYNTAX      ZeroBasedCounter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The total number of failed logon attempts on this ifIndex."
    ::= { etsysPwaAuthStatusEntry 2 }

etsysPwaFailedAttemptsSinceLogon OBJECT-TYPE
    SYNTAX      ZeroBasedCounter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The total number of failed logon attempts since the last
         successful logon on this ifIndex."
    ::= { etsysPwaAuthStatusEntry 3 }

etsysPwaLastLogonResult OBJECT-TYPE
    SYNTAX      SnmpAdminString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This ASCII string provides an unstructured way for the web 
         based auth agent to communicate detailed error and status
         indications to a network administrator."
    ::= { etsysPwaAuthStatusEntry 4 }


-- -------------------------------------------------------------
-- The Authenticator Session Statistics Table
-- -------------------------------------------------------------

etsysPwaAuthSessionStatsTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EtsysPwaAuthSessionStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table that contains the session statistics objects for 
         the Authenticator PWA associated with each ifIndex.  An 
         entry appears in this table for each ifIndex that may 
         authenticate access to itself. Session entries are 
         collected for each ifIndex. All objects/instances in this
         table are stored in non-persistent memory.  The instancing
         in this table and the etsysPwaAuthSessionStatsHCTable are
         dependent upon the switch port configuration and will always
         be identical in any given switch."
    ::= { etsysPwaSession 1 }

etsysPwaAuthSessionStatsEntry OBJECT-TYPE
    SYNTAX      EtsysPwaAuthSessionStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The session statistics information for an Authenticator
         PWA. This shows the current values being collected for
         each session that is still in progress, or the final 
         values for the last valid session on each ifIndex where 
         there is no session currently active."
    INDEX { etsysPwaPortNumber, etsysPwaAuthSessionID }
    ::= { etsysPwaAuthSessionStatsTable 1 }

EtsysPwaAuthSessionStatsEntry ::=
    SEQUENCE {
        etsysPwaAuthSessionID 
             Integer32,
        etsysPwaAuthSessionOctetsRx
             Counter32,
        etsysPwaAuthSessionOctetsRxOverflow
             Counter32,
        etsysPwaAuthSessionOctetsTx
             Counter32,
        etsysPwaAuthSessionOctetsTxOverflow
             Counter32,
        etsysPwaAuthSessionFramesRx
             Counter32,
        etsysPwaAuthSessionFramesTx
             Counter32,
        etsysPwaAuthSessionStartTime
             TimeStamp,
        etsysPwaAuthSessionDuration
             TimeInterval,
        etsysPwaAuthSessionTerminateCause
             INTEGER,
        etsysPwaAuthSessionMacAddress
             MacAddress,
        etsysPwaAuthSessionIPAddressType
             InetAddressType,
        etsysPwaAuthSessionIPAddress
             InetAddress,
        etsysPwaAuthSessionUserName
             SnmpAdminString
    }

etsysPwaAuthSessionID OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "A unique ID that identifies the session on this ifindex."
    ::= { etsysPwaAuthSessionStatsEntry 1 }

etsysPwaAuthSessionOctetsRx OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The number of octets received in user data frames on this
         ifIndex during the session."
    ::= { etsysPwaAuthSessionStatsEntry 2 }

etsysPwaAuthSessionOctetsRxOverflow OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The number of times the associated 
         etsysPwaAuthSessionOctetsRx counter has overflowed."
    ::= { etsysPwaAuthSessionStatsEntry 3 }

etsysPwaAuthSessionOctetsTx OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The number of octets transmitted in user data frames on 
         this ifIndex during the session."
     ::= { etsysPwaAuthSessionStatsEntry 4 }

etsysPwaAuthSessionOctetsTxOverflow OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The number of times the associated 
         etsysPwaAuthSessionOctetsTx counter has overflowed."
      ::= { etsysPwaAuthSessionStatsEntry 5 }

etsysPwaAuthSessionFramesRx OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The number of user data frames received on this ifIndex 
         during the session."
    ::= { etsysPwaAuthSessionStatsEntry 6 }

etsysPwaAuthSessionFramesTx OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The number of user data frames transmitted on this ifIndex
         during the session."
    ::= { etsysPwaAuthSessionStatsEntry 7 }

etsysPwaAuthSessionStartTime OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The start time of the session in hundredths of seconds
         since reset."
    ::= { etsysPwaAuthSessionStatsEntry 8 }

etsysPwaAuthSessionDuration OBJECT-TYPE
    SYNTAX      TimeInterval
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The duration of the session in hundredths of seconds."
    ::= { etsysPwaAuthSessionStatsEntry 9 }

etsysPwaAuthSessionTerminateCause OBJECT-TYPE
    SYNTAX     INTEGER {
                         linkDown(1),
                         logoff(2),
                         authControlForceUnauth(3),
                         portReInit(4),
                         portDisabled(5),
                         notTerminatedYet(999)
                       }
    MAX-ACCESS read-only
    STATUS      current
    DESCRIPTION
        "The reason for the session termination. When set to
         linkDown(1), the ifindex has no link. When set to 
         logoff(2), a user has successfully logged off the
         network on this ifindex. When set to 
         authControlForceUnauth(3) an administrator has
         terminated the user session on this ifindex by setting
         etsysPwaControlledPortControl to forceUnauthorized(1).
         When set to portReInit(4) the ifindex has been 
         re-initialized by setting the object etsysPwaInitializePort.
         When set to portDisabled(5) the ifindex has been disabled.
         When set notTerminatedYet(999) the ifindex has an active
         session."
    ::= { etsysPwaAuthSessionStatsEntry 10 }

etsysPwaAuthSessionMacAddress OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The mac address of the remote user of this session entry
         stored for this ifIndex."
    ::= { etsysPwaAuthSessionStatsEntry 11 }
 
etsysPwaAuthSessionIPAddressType OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "A value that represents a type of 
         etsysPwaAuthSessionIPAddress.

         unknown(0)  An unknown address type. This value MUST
                     be used if the value of the corresponding
                     InetAddress object is a zero-length string.
                     It may also be used to indicate an IP address
                     which is not in one of the formats defined
                     below.

         ipv4(1)     An IPv4 address as defined by the
                    InetAddressIPv4 textual convention.

         ipv6(2)     An IPv6 address as defined by the
                     InetAddressIPv6 textual convention."
    ::= { etsysPwaAuthSessionStatsEntry 12 }

etsysPwaAuthSessionIPAddress OBJECT-TYPE
    SYNTAX      InetAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The ip address of the remote user of this session entry
         stored for this ifIndex. The format of this object is 
         defined in the etsysPwaAuthSessionIPAddressType object."
    ::= { etsysPwaAuthSessionStatsEntry 13 }

etsysPwaAuthSessionUserName  OBJECT-TYPE
    SYNTAX      SnmpAdminString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The username that logged on to this ifIndex."
    ::= { etsysPwaAuthSessionStatsEntry 14 }


-- -------------------------------------------------------------
-- The Authenticator Session Statistics HC Table
-- -------------------------------------------------------------

etsysPwaAuthSessionStatsHCTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EtsysPwaAuthSessionStatsHCEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table that contains the session statistics objects for 
         the Authenticator PWA associated with each ifIndex.  An entry
         appears in this table for each ifIndex that may authenticate
         access to itself. Session entries are collected for each
         ifIndex up to the maximum allowed. When the maximum number of
         allowed sessions has been reached, the oldest session 
         entries will be replaced with newer ones as necessary. All
         objects/instances in this table are stored in non-persistent
         memory."
    ::= { etsysPwaSession 2 }

etsysPwaAuthSessionStatsHCEntry OBJECT-TYPE
    SYNTAX      EtsysPwaAuthSessionStatsHCEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The session statistics information for an Authenticator
         PWA. This shows the current values being collected for
         each session that is still in progress, or the final 
         values for the last valid session on each ifIndex where there
         is no session currently active."
    INDEX { etsysPwaPortNumber, etsysPwaAuthSessionHCID }
    ::= { etsysPwaAuthSessionStatsHCTable 1 }

EtsysPwaAuthSessionStatsHCEntry ::=
    SEQUENCE {
        etsysPwaAuthSessionHCID 
             Integer32,
        etsysPwaAuthSessionOctetsRxHc
             Counter64,
        etsysPwaAuthSessionOctetsTxHc
             Counter64
    }

etsysPwaAuthSessionHCID OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "A unique ID that identifies the session on this ifindex."
    ::= { etsysPwaAuthSessionStatsHCEntry 1 }

etsysPwaAuthSessionOctetsRxHc OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The number of octets received in user data frames on this
         ifIndex during the session."
    ::= { etsysPwaAuthSessionStatsHCEntry 2 }

etsysPwaAuthSessionOctetsTxHc OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The number of octets transmitted in user data frames on 
         this ifIndex during the session."
     ::= { etsysPwaAuthSessionStatsHCEntry 3 }


-- -------------------------------------------------------------
-- Conformance Information
-- -------------------------------------------------------------

etsysPwaMIBGroups       OBJECT IDENTIFIER ::= { etsysPwaMIB 5 }
etsysPwaMIBCompliances  OBJECT IDENTIFIER ::= { etsysPwaMIB 6 }


-- -------------------------------------------------------------
-- Units of Conformance
-- -------------------------------------------------------------

etsysPwaSystemGroup OBJECT-GROUP
    OBJECTS {
                etsysPwaSystemAuthControl,
                etsysPwaSystemAuthHostName,
                etsysPwaSystemAuthBanner,
                etsysPwaSystemPwaNameServicesEnable,
                etsysPwaSystemAuthIPAddressType,
                etsysPwaSystemAuthIPAddress,
                etsysPwaSystemAuthProtocol, 
                etsysPwaSystemAuthDomain
            }
    STATUS  deprecated
    DESCRIPTION
        "This section has been deprecated.  See
         etsysPwaSystemGroupI."
    ::= { etsysPwaMIBGroups 1 }

etsysPwaPortConfigurationGroup OBJECT-GROUP
    OBJECTS {
                etsysPwaInitializePort,
                etsysPwaAuthQuietPeriod,
                etsysPwaAuthMaxReq,
                etsysPwaControlledPortControl
            }
    STATUS  current
    DESCRIPTION
        "This section is for ifIndex based configuration of the 
         PWA system."
    ::= { etsysPwaMIBGroups 2 }

etsysPwaPortStatusGroup OBJECT-GROUP
    OBJECTS {
                etsysPwaAuthPwaState,
                etsysPwaMaxFailedAttempts,
                etsysPwaFailedAttemptsSinceLogon,
                etsysPwaLastLogonResult
            }
    STATUS  current
    DESCRIPTION
        "The status of all login information on a per ifIndex 
         basis can be obtained here."
    ::= { etsysPwaMIBGroups 3 }

etsysPwaSessionGroup OBJECT-GROUP
    OBJECTS {
                etsysPwaAuthSessionID,
                etsysPwaAuthSessionOctetsRx,
                etsysPwaAuthSessionOctetsRxOverflow,
                etsysPwaAuthSessionOctetsTx,
                etsysPwaAuthSessionOctetsTxOverflow,
                etsysPwaAuthSessionFramesRx,
                etsysPwaAuthSessionFramesTx,
                etsysPwaAuthSessionStartTime,
                etsysPwaAuthSessionDuration,
                etsysPwaAuthSessionTerminateCause,
                etsysPwaAuthSessionMacAddress,
                etsysPwaAuthSessionIPAddressType,
                etsysPwaAuthSessionIPAddress,
                etsysPwaAuthSessionUserName
            }
    STATUS  current
    DESCRIPTION
        "This section contains statistics associated with each
         ifIndex/login."
    ::= { etsysPwaMIBGroups 4 }

    etsysPwaSessionHCGroup OBJECT-GROUP
    OBJECTS {
                etsysPwaAuthSessionHCID,
                etsysPwaAuthSessionOctetsRxHc,
                etsysPwaAuthSessionOctetsTxHc
            }
    STATUS  current
    DESCRIPTION
        "This section contains statistics associated with each
         ifIndex/login."
    ::= { etsysPwaMIBGroups 5 }

etsysPwaSystemGroupI OBJECT-GROUP
    OBJECTS {
                etsysPwaSystemAuthControl,
                etsysPwaSystemAuthHostName,
                etsysPwaSystemAuthBanner,
                etsysPwaSystemPwaNameServicesEnable,
                etsysPwaSystemAuthProtocol, 
                etsysPwaSystemAuthDomain,
                etsysPwaSystemAuthInetAddressType,
                etsysPwaSystemAuthInetAddress,
                etsysPwaLogoDisplayStatus,
                etsysPwaSystemGuestUsername,
                etsysPwaSystemGuestPassword,
                etsysPwaSystemGuestPasswordValid,
                etsysPwaSystemGuestNetworkingStatus,
                etsysPwaSystemEnhancedModeRefreshTime
            }
    STATUS  current
    DESCRIPTION
        "This section is for the basic configuration parameters
         used by the PWA system."
    ::= { etsysPwaMIBGroups 6 }

etsysPwaSystemAuthEnhancedGroup OBJECT-GROUP
    OBJECTS {
                etsysPwaSystemAuthEnhancedMode
            }
    STATUS  current
    DESCRIPTION
        "This section is for the configuration of the PWA enhanced
         mode of operation."
    ::= { etsysPwaMIBGroups 7 }


-- -------------------------------------------------------------
-- Compliance Statements
-- -------------------------------------------------------------
   
etsysPwaMIBCompliance MODULE-COMPLIANCE
    STATUS  deprecated
    DESCRIPTION
        "Deprecated, see etsysPwaMIBComplianceI."
    MODULE -- this module
    MANDATORY-GROUPS { etsysPwaSystemGroup,
                       etsysPwaPortConfigurationGroup,
                       etsysPwaPortStatusGroup,
                       etsysPwaSessionGroup
                     }

    OBJECT etsysPwaAuthSessionIPAddressType
    DESCRIPTION
        "See etsysPwaMIBComplianceI."
    ::= { etsysPwaMIBCompliances 1 }

etsysPwaMIBComplianceI MODULE-COMPLIANCE
    STATUS  current
    DESCRIPTION
        "The compliance statement for hosts using
         Port Web Authentication."
    MODULE -- this module
    MANDATORY-GROUPS { etsysPwaSystemGroupI,
                       etsysPwaPortConfigurationGroup,
                       etsysPwaPortStatusGroup,
                       etsysPwaSessionGroup
                     }
   

    OBJECT  etsysPwaAuthSessionIPAddressType
    DESCRIPTION
        "The implementation may support only IPv4. If
         a domain name is used, a WINS/DNS client is 
         required in the switch that is capable of 
         resolving the name. When a domain name is used, 
         this object will supercede the value set in
         etsysPwaSystemAuthHostName and render that value
         as unused."

    GROUP   etsysPwaSystemAuthEnhancedGroup
    DESCRIPTION
        "Support for this group is mandatory for entities
         supporting the PWA enhanced mode of operation."

    ::= { etsysPwaMIBCompliances 2 }

END