1025 lines
37 KiB
Plaintext
1025 lines
37 KiB
Plaintext
--**MOD+***********************************************************************
|
|
--* Module: hpicfLma.mib
|
|
--*
|
|
--* Copyright (C) 2016 Hewlett Packard Enterprise Development Company LP
|
|
--* All Right Reserved.
|
|
--*
|
|
--* The contents of this software are proprietary and confidential
|
|
--* to the Hewlett Packard Enterprise Development Company LP. No part of this
|
|
--* program may be photocopied, reproduced, or translated into another
|
|
--* programming language without prior written consent of the
|
|
--* Hewlett Packard Enterprise Development Company LP.
|
|
--*
|
|
--*Purpose: This file contains MIB definition of HP-ICF-LMA-MIB
|
|
--*
|
|
--**MOD-**************************************************************************
|
|
|
|
HP-ICF-LMA-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
hpSwitch
|
|
FROM HP-ICF-OID
|
|
InterfaceIndex
|
|
FROM IF-MIB
|
|
VidList
|
|
FROM HP-ICF-TC
|
|
OBJECT-GROUP, MODULE-COMPLIANCE
|
|
FROM SNMPv2-CONF
|
|
Integer32, Unsigned32, OBJECT-TYPE, Counter32, MODULE-IDENTITY
|
|
FROM SNMPv2-SMI
|
|
TruthValue, MacAddress, RowStatus, DisplayString
|
|
FROM SNMPv2-TC
|
|
HpAutzUserRoleName
|
|
FROM HP-AUTZ-MIB;
|
|
|
|
hpicfLmaMIB MODULE-IDENTITY
|
|
|
|
LAST-UPDATED "201810300000Z"
|
|
ORGANIZATION "HP Networking"
|
|
CONTACT-INFO
|
|
"Hewlett-Packard Enterprise Company
|
|
8000 Foothills Blvd.
|
|
Roseville, CA 95747"
|
|
DESCRIPTION
|
|
"This MIB module describes objects for managing
|
|
the Local MAC Authentication feature of devices
|
|
in the HP Integrated Communication Facility
|
|
product line."
|
|
REVISION "201810300000Z" -- October 30, 2018
|
|
DESCRIPTION
|
|
"Added hpicfLmaUnauthVidLLDPNwkPolicy."
|
|
REVISION "201706280710Z" -- June 28, 2017 at 00:00 GMT
|
|
DESCRIPTION
|
|
"Added mac-pinning related MIB Object."
|
|
|
|
REVISION "201602120710Z" -- February 12, 2016 at 07:10 GMT
|
|
DESCRIPTION
|
|
"Added user role support."
|
|
|
|
REVISION "201304100900Z" -- April 10, 2013 at 09:00 GMT
|
|
DESCRIPTION
|
|
"Initial version of Local MAC Authentication MIB module."
|
|
|
|
::= { hpSwitch 97 }
|
|
|
|
--
|
|
-- Node definitions
|
|
--
|
|
|
|
-- Top-level structure of MIB
|
|
-- 1.3.6.1.4.1.11.2.14.11.5.1.93
|
|
|
|
-- 1.3.6.1.4.1.11.2.14.11.5.1.93.0
|
|
hpicfLmaNotifications OBJECT IDENTIFIER ::= { hpicfLmaMIB 0}
|
|
hpicfLmaObjects OBJECT IDENTIFIER ::= { hpicfLmaMIB 1}
|
|
hpicfLmaConformance OBJECT IDENTIFIER ::= { hpicfLmaMIB 2}
|
|
|
|
hpicfLmaConfigObjects OBJECT IDENTIFIER ::= { hpicfLmaObjects 1}
|
|
hpicfLmaStatsObjects OBJECT IDENTIFIER ::= { hpicfLmaObjects 2}
|
|
|
|
hpicfLmaScalarObjects OBJECT IDENTIFIER ::= { hpicfLmaConfigObjects 1}
|
|
|
|
hpicfLmaMacGrpTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpicfLmaMacGrpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table is to create MAC group, which is
|
|
a collection Of MAC address/MAC OUI/MAC mask.
|
|
There can be a maximum of 256 MAC groups."
|
|
::= { hpicfLmaConfigObjects 2}
|
|
|
|
hpicfLmaMacGrpEntry OBJECT-TYPE
|
|
SYNTAX HpicfLmaMacGrpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table is to create MAC group, which is
|
|
a collection Of MAC address/MAC OUI/MAC mask.
|
|
There can be a maximum of 256 MAC groups."
|
|
INDEX { hpicfLmaMacGrpName }
|
|
::= { hpicfLmaMacGrpTable 1 }
|
|
|
|
HpicfLmaMacGrpEntry ::= SEQUENCE {
|
|
hpicfLmaMacGrpName
|
|
DisplayString,
|
|
hpicfLmaMacGrpRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
hpicfLmaMacGrpName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Name of the MAC group. A name can have maximum 32
|
|
characters."
|
|
::= { hpicfLmaMacGrpEntry 1 }
|
|
|
|
hpicfLmaMacGrpRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Status of this row, by which new entries may be created
|
|
or existing entries deleted from this table."
|
|
::= { hpicfLmaMacGrpEntry 2}
|
|
|
|
--This table associates MAC-clients with MAC-Group.Each MAC group can
|
|
--have set of MAC-clients.attributes (such as tagged vlan/untagged
|
|
--vlan/CoS) can be applied on these MAC groups for LMA.
|
|
|
|
|
|
hpicfLmaMacTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpicfLmaMacEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table stores MAC address/MAC OUI/MAC mask bound to
|
|
a MAC group.A MAC group can be associated to a maximum of
|
|
120 entries, Each entry is equivalent to one record in
|
|
hpicfLmaMacTable and there can be a maximum of 256
|
|
records."
|
|
::= { hpicfLmaConfigObjects 3}
|
|
|
|
hpicfLmaMacEntry OBJECT-TYPE
|
|
SYNTAX HpicfLmaMacEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table stores MAC address/MAC OUI/MAC mask bound to
|
|
a MAC group.A MAC group can be associated to a maximum of
|
|
120 entries, Each entry is equivalent to one record in
|
|
hpicfLmaMacTable and there can be a maximum of 256
|
|
records."
|
|
INDEX { hpicfLmaMacGrpName, hpicfLmaMacType, hpicfLmaMacValue }
|
|
::= { hpicfLmaMacTable 1 }
|
|
|
|
HpicfLmaMacEntry ::= SEQUENCE {
|
|
hpicfLmaMacType
|
|
INTEGER,
|
|
hpicfLmaMacValue
|
|
OCTET STRING,
|
|
hpicfLmaMacRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
hpicfLmaMacType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
macAddress(1),
|
|
macMask (2),
|
|
macOui(3)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether the type of MAC Address is:
|
|
|
|
macAddress(1)
|
|
Fully qualified MAC address.
|
|
|
|
macMask(2)
|
|
MAC address prefiX. Only 32 & 40 bits are allowed.
|
|
|
|
macOUI(3)
|
|
24 bit organizationally unique identifier."
|
|
|
|
::= { hpicfLmaMacEntry 1 }
|
|
|
|
hpicfLmaMacValue OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(3..6))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is to specify the value for the hpicfLmaMacType,
|
|
value should be in conjunction with MAC Type."
|
|
::= { hpicfLmaMacEntry 2}
|
|
|
|
hpicfLmaMacRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Status of this row, by which new entries may be created
|
|
or existing entries deleted from this table."
|
|
::= { hpicfLmaMacEntry 3 }
|
|
|
|
-- LMA Profile Table : To Create LMA Profile which can be associated
|
|
-- to MAC Clients.
|
|
-- Profile can have set of attributes such as untagged vlanid, list
|
|
-- of tagged vlans CoS value.maximum allowed tagged vlan in a profile
|
|
-- is 50. Profiles are not applied when hpSwitchAutzUserRoleEnabled
|
|
-- is true.
|
|
|
|
hpicfLmaProfileTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpicfLmaProfileEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is to create the profile which can be associated to
|
|
a MAC group/MAC address/MAC OUI/MAC mask. A profile
|
|
is a collection of attributes. Profiles are not applied
|
|
when hpSwitchAutzUserRoleEnabled is true."
|
|
::= { hpicfLmaConfigObjects 4}
|
|
|
|
hpicfLmaProfileEntry OBJECT-TYPE
|
|
SYNTAX HpicfLmaProfileEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is to create the profile which can be associated
|
|
to a MAC group/MAC address/MAC OUI/MAC mask.A profile
|
|
is a collection of attributes."
|
|
INDEX { hpicfLmaProfileName }
|
|
::= { hpicfLmaProfileTable 1 }
|
|
|
|
HpicfLmaProfileEntry ::= SEQUENCE {
|
|
hpicfLmaProfileName
|
|
DisplayString,
|
|
hpicfLmaProfileUntaggedVid
|
|
Integer32,
|
|
hpicfLmaProfileTaggedVids
|
|
VidList,
|
|
hpicfLmaProfileCoS
|
|
Integer32,
|
|
hpicfLmaProfileIsAssociated
|
|
TruthValue,
|
|
hpicfLmaProfileRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
hpicfLmaProfileName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object contains the name of Local MAC
|
|
Authentication profile."
|
|
::= { hpicfLmaProfileEntry 1 }
|
|
|
|
hpicfLmaProfileUntaggedVid OBJECT-TYPE
|
|
SYNTAX Integer32 (0..4094)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Untagged VLAN ID.A value of 0 implies that untagged VLAN
|
|
ID is not configured for this profile.Only one untagged
|
|
VLAN ID can be associated with the profile."
|
|
DEFVAL { 0 }
|
|
::= { hpicfLmaProfileEntry 2 }
|
|
|
|
hpicfLmaProfileTaggedVids OBJECT-TYPE
|
|
SYNTAX VidList
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Tagged VLANs.A maximum of 50 tagged VLANs can be
|
|
can be associated with the profile."
|
|
|
|
::= { hpicfLmaProfileEntry 3 }
|
|
|
|
hpicfLmaProfileCoS OBJECT-TYPE
|
|
SYNTAX Integer32 (-1..7)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"CoS value to be associated with this profile.A value of
|
|
-1 indicates that CoS is not configured for this
|
|
profile."
|
|
::= { hpicfLmaProfileEntry 4 }
|
|
|
|
hpicfLmaProfileIsAssociated OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is to check whether any MAC is associated
|
|
to this profile.A value of TRUE indicates that it is
|
|
associated to MAC entry and FALSE indicates that it is
|
|
not associated to any of the MAC entry."
|
|
::= { hpicfLmaProfileEntry 5 }
|
|
|
|
hpicfLmaProfileRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Status of this row, by which new entries may be created
|
|
or existing entries deleted from this table."
|
|
::= { hpicfLmaProfileEntry 6}
|
|
|
|
hpicfLmaAssociationTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpicfLmaAssociationEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is association table between profile and MAC
|
|
entries. This table is not used when
|
|
hpSwitchAutzUserRoleEnabled is true."
|
|
::= { hpicfLmaConfigObjects 5}
|
|
|
|
hpicfLmaAssociationEntry OBJECT-TYPE
|
|
SYNTAX HpicfLmaAssociationEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is association table between the profile and MAC
|
|
entries."
|
|
INDEX { hpicfLmaProfileName, hpicfLmaAssociationMacType,
|
|
hpicfLmaAssociationMacValue }
|
|
::= { hpicfLmaAssociationTable 1 }
|
|
|
|
HpicfLmaAssociationEntry ::= SEQUENCE {
|
|
hpicfLmaAssociationMacType
|
|
INTEGER,
|
|
hpicfLmaAssociationMacValue
|
|
OCTET STRING,
|
|
hpicfLmaAssociationRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
hpicfLmaAssociationMacType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
macGrp(0),
|
|
macAddress(1),
|
|
macMask (2),
|
|
macOui(3)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether the type of MAC address is:
|
|
macGrp(0)
|
|
MAC group which contains a group of MAC
|
|
Entry.
|
|
macAddress(1)
|
|
Fully qualified MAC address.
|
|
macMask(2)
|
|
MAC address prefix. Only 32 & 40 bits are
|
|
allowed.
|
|
macOUI(3)
|
|
24 bit organizationally unique identifier."
|
|
::= { hpicfLmaAssociationEntry 2 }
|
|
|
|
hpicfLmaAssociationMacValue OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE (1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the MAC value. This value should
|
|
be in conjunction with hpicfLmaAssociationMacType."
|
|
::= { hpicfLmaAssociationEntry 4}
|
|
|
|
hpicfLmaAssociationRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Status of this row, by which new entries may be created
|
|
or existing entries deleted from this table."
|
|
::= { hpicfLmaAssociationEntry 5 }
|
|
|
|
-- hpicfLmaConfigTable
|
|
-- This table is to configure Local Mac Authentication attributes with eaach port.
|
|
|
|
hpicfLmaConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpicfLmaConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table that contains the configuration objects for
|
|
Local MAC based Authentication associated with each port.
|
|
An entry appears in this table for each port that may
|
|
authenticate access to itself."
|
|
::= { hpicfLmaConfigObjects 6 }
|
|
|
|
|
|
hpicfLmaConfigEntry OBJECT-TYPE
|
|
SYNTAX HpicfLmaConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table that contains the configuration objects for
|
|
Local MAC based Authentication associated with each port.
|
|
An entry appears in this table for each port that may
|
|
authenticate access to itself."
|
|
INDEX { hpicfLmaPortNumber }
|
|
::= { hpicfLmaConfigTable 1 }
|
|
|
|
|
|
HpicfLmaConfigEntry ::=
|
|
SEQUENCE {
|
|
hpicfLmaPortNumber
|
|
InterfaceIndex,
|
|
hpicfLmaClientLimit
|
|
Integer32,
|
|
hpicfLmaQuietPeriod
|
|
Integer32,
|
|
hpicfLmaLogoffPeriod
|
|
Integer32,
|
|
hpicfLmaAuthVid
|
|
Integer32,
|
|
hpicfLmaUnauthVid
|
|
Integer32,
|
|
hpicfLmaUnAuthPeriod
|
|
Integer32,
|
|
hpicfLmaReauthenticate
|
|
TruthValue,
|
|
hpicfLmaMacPin
|
|
TruthValue,
|
|
hpicfLmaUnauthVidLLDPNwkPolicy
|
|
TruthValue
|
|
}
|
|
|
|
hpicfLmaPortNumber OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The port number associated with this switch port."
|
|
::= { hpicfLmaConfigEntry 1 }
|
|
|
|
|
|
hpicfLmaClientLimit OBJECT-TYPE
|
|
SYNTAX Integer32 (1..256)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of authenticated clients to allow on
|
|
the port."
|
|
DEFVAL { 1 }
|
|
::= { hpicfLmaConfigEntry 2 }
|
|
|
|
hpicfLmaQuietPeriod OBJECT-TYPE
|
|
SYNTAX Integer32 (1..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the time, in seconds, that the switch should
|
|
refrain from re-attempting an authentication request for
|
|
a client whose credentials were rejected."
|
|
DEFVAL { 60 }
|
|
::= { hpicfLmaConfigEntry 4 }
|
|
|
|
hpicfLmaLogoffPeriod OBJECT-TYPE
|
|
SYNTAX Integer32 (1..999999999)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the period, in seconds, at which an
|
|
authenticated client will be considered unauthenticated
|
|
due to lack of activity (i.e. traffic originating
|
|
from client)."
|
|
DEFVAL { 300 }
|
|
::= { hpicfLmaConfigEntry 5 }
|
|
|
|
hpicfLmaAuthVid OBJECT-TYPE
|
|
SYNTAX Integer32 (0..4094)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the port VID (PVID) that should be used for
|
|
an authenticated client. When hpSwitchAutzUserRoleEnabled
|
|
is true, this value may be superseded by the value of
|
|
hpSwitchAutzUserRoleVlanId or hpSwitchAutzUserRoleVlanName
|
|
from the client's assigned role. "
|
|
::= { hpicfLmaConfigEntry 7 }
|
|
|
|
hpicfLmaUnauthVid OBJECT-TYPE
|
|
SYNTAX Integer32 (0..4094)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the port VID (PVID) that should be used for
|
|
an unauthenticated client. When hpSwitchAutzUserRoleEnabled
|
|
is true, this value may be superseded by the value of
|
|
hpSwitchAutzUserRoleVlanId or hpSwitchAutzUserRoleVlanName
|
|
from the role identified by hpSwitchAutzUserRoleInitialRoleName."
|
|
::= { hpicfLmaConfigEntry 8 }
|
|
|
|
hpicfLmaUnAuthPeriod OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the period, in seconds, at which a client will be
|
|
placed into guest vlan, or assigned the role identified by
|
|
hpSwitchAutzUserRoleInitialRoleName when
|
|
hpSwitchAutzUserRoleEnabled is true, if it fails authentication."
|
|
DEFVAL { 0 }
|
|
::= { hpicfLmaConfigEntry 9 }
|
|
|
|
hpicfLmaReauthenticate OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The reauthentication control for this port. Setting this
|
|
attribute TRUE forces all authenticated clients to
|
|
re-authenticate themselves. Setting this attribute FALSE
|
|
has no effect. This attribute always returns FALSE
|
|
when read."
|
|
::= { hpicfLmaConfigEntry 10 }
|
|
|
|
hpicfLmaMacPin OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enables MAC-Pinning on this port. Setting this
|
|
attribute TRUE pins the authenticated MAC
|
|
addresses to the Mac address table.
|
|
Authenticated clients will not be
|
|
de-authenticated even when clients are inactive
|
|
throughout the logoff period."
|
|
DEFVAL { 2 }
|
|
::= { hpicfLmaConfigEntry 11 }
|
|
|
|
hpicfLmaUnauthVidLLDPNwkPolicy OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Setting this attribute TRUE(1) will suppress
|
|
the transmission of LLDP Network Policy TLV
|
|
from port when an unauthorized client is placed
|
|
in unauth VLAN during Local MAC authentication."
|
|
DEFVAL { false }
|
|
::= { hpicfLmaConfigEntry 12 }
|
|
|
|
-- hpicfLmaUserRoleAssociationTable : A table of associations between user
|
|
-- role and MAC entries.
|
|
|
|
hpicfLmaUserRoleAssociationTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpicfLmaUserRoleAssociationEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of associations between user role and MAC entries."
|
|
::= { hpicfLmaConfigObjects 7 }
|
|
|
|
hpicfLmaUserRoleAssociationEntry OBJECT-TYPE
|
|
SYNTAX HpicfLmaUserRoleAssociationEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The association table entry."
|
|
INDEX { hpicfLmaUserRoleAssociationName, hpicfLmaUserRoleAssociationMacType,
|
|
hpicfLmaUserRoleAssociationMacValue }
|
|
::= { hpicfLmaUserRoleAssociationTable 1 }
|
|
|
|
HpicfLmaUserRoleAssociationEntry ::= SEQUENCE {
|
|
hpicfLmaUserRoleAssociationName
|
|
HpAutzUserRoleName,
|
|
hpicfLmaUserRoleAssociationMacType
|
|
INTEGER,
|
|
hpicfLmaUserRoleAssociationMacValue
|
|
OCTET STRING,
|
|
hpicfLmaUserRoleAssociationRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
hpicfLmaUserRoleAssociationName OBJECT-TYPE
|
|
SYNTAX HpAutzUserRoleName
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "The name of this user role."
|
|
::= { hpicfLmaUserRoleAssociationEntry 1 }
|
|
|
|
hpicfLmaUserRoleAssociationMacType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
macGrp(0),
|
|
macAddress(1),
|
|
macMask (2),
|
|
macOui(3)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether the type of MAC address is:
|
|
macGrp(0)
|
|
MAC group which contains a group of MAC
|
|
Entry.
|
|
macAddress(1)
|
|
Fully qualified MAC address.
|
|
macMask(2)
|
|
MAC address prefix. Only 32 & 40 bits are
|
|
allowed.
|
|
macOUI(3)
|
|
24 bit organizationally unique identifier."
|
|
::= { hpicfLmaUserRoleAssociationEntry 2 }
|
|
|
|
hpicfLmaUserRoleAssociationMacValue OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE (1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the MAC value. This value should
|
|
be used in conjunction with the
|
|
hpicfLmaUserRoleAssociationMacType."
|
|
::= { hpicfLmaUserRoleAssociationEntry 3 }
|
|
|
|
hpicfLmaUserRoleAssociationRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Status of this row, by which new entries may be created
|
|
or existing entries deleted from this table."
|
|
::= { hpicfLmaUserRoleAssociationEntry 4 }
|
|
|
|
|
|
-- hpicfLmaAssocActiveTable : Display Active MAC clients associated
|
|
-- with Profiles.
|
|
|
|
hpicfLmaAssocActiveTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpicfLmaAssocActiveEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is an association table to display all the MAC clients
|
|
that are active for a given profile."
|
|
|
|
::= { hpicfLmaStatsObjects 2 }
|
|
|
|
hpicfLmaAssocActiveEntry OBJECT-TYPE
|
|
SYNTAX HpicfLmaAssocActiveEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is an association table to display all the MAC
|
|
clients that are active for a given profile."
|
|
INDEX { hpicfLmaAssocActiveProfileName,
|
|
hpicfLmaAssocActiveMacAddress }
|
|
::= { hpicfLmaAssocActiveTable 1 }
|
|
|
|
HpicfLmaAssocActiveEntry ::= SEQUENCE {
|
|
hpicfLmaAssocActiveProfileName
|
|
DisplayString,
|
|
hpicfLmaAssocActiveMacAddress
|
|
MacAddress
|
|
}
|
|
|
|
hpicfLmaAssocActiveProfileName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object contains the name of Local MAC
|
|
authentication profile."
|
|
::= { hpicfLmaAssocActiveEntry 1 }
|
|
|
|
hpicfLmaAssocActiveMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the MAC address of the client."
|
|
::= { hpicfLmaAssocActiveEntry 2 }
|
|
|
|
|
|
-- LMA client Session Statistics Table
|
|
|
|
|
|
hpicfLmaSessionStatsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpicfLmaSessionStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table that contains session statistic objects
|
|
for each client (i.e. user) attempting to
|
|
authenticate to a port with MAC authentication
|
|
enabled. An entry appears in this table for each
|
|
port in the switch."
|
|
::= { hpicfLmaStatsObjects 1 }
|
|
|
|
hpicfLmaSessionStatsEntry OBJECT-TYPE
|
|
SYNTAX HpicfLmaSessionStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The session statistics information for a port with
|
|
MAC based authentication enabled. This shows
|
|
the current values being collected for active sessions."
|
|
INDEX { hpicfLmaPortNumber, hpicfLmaSessionMacAddr }
|
|
::= { hpicfLmaSessionStatsTable 1 }
|
|
|
|
HpicfLmaSessionStatsEntry ::=
|
|
SEQUENCE {
|
|
hpicfLmaSessionMacAddr
|
|
MacAddress,
|
|
hpicfLmaSessionState
|
|
INTEGER,
|
|
hpicfLmaSessionStateTime
|
|
Unsigned32,
|
|
hpicfLmaSessionAuthVid
|
|
Integer32,
|
|
hpicfLmaSessionUnauthVid
|
|
Integer32,
|
|
hpicfLmaSessionUsrNumberCnt
|
|
Counter32,
|
|
hpicfLmaSessionUserRole
|
|
HpAutzUserRoleName
|
|
}
|
|
|
|
hpicfLmaSessionMacAddr OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the MAC address of the client."
|
|
::= { hpicfLmaSessionStatsEntry 1 }
|
|
|
|
|
|
hpicfLmaSessionState OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
authenticated(1),
|
|
unauthenticated(2),
|
|
authenticating(3),
|
|
authReqRejectNoVlan(4),
|
|
authReqRejectUnauthVlan(5),
|
|
authReqTimeoutNoVlan(6),
|
|
authReqTimeoutUnauthVlan(7),
|
|
initialRole(8),
|
|
initialRoleFailed(9)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the state of the client as follows:
|
|
'authenticated' - authenticated client
|
|
'unauthenticated' - unauthenticated client,
|
|
waiting for credentials
|
|
'authenticating' - credentials have been sent
|
|
for verification, waiting for
|
|
response
|
|
'authReqRejectNoVlan' - credentials invalid; client
|
|
does not have access to
|
|
unauthenticated VLAN
|
|
'authReqRejectUnauthVlan' - credentials invalid; client
|
|
does have access to
|
|
unauthenticated VLAN
|
|
'authReqTimeoutNoVlan' - credentials could not be
|
|
verified; client is still
|
|
unauthenticated and does
|
|
not have access to
|
|
unauthenticated VLAN
|
|
'authReqTimeoutUnauthVlan' - credentials could not be
|
|
verified; client is still
|
|
unauthenticated, but has
|
|
access to unauthenticated
|
|
VLAN
|
|
'initialRole' - client is assigned the initial role
|
|
'initialRoleFailed' - initial role could not be applied; client
|
|
does not have access to the network"
|
|
::= { hpicfLmaSessionStatsEntry 2 }
|
|
|
|
|
|
hpicfLmaSessionStateTime OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The duration, in seconds, a client has spent in the
|
|
state specified by hpicfLmaSessionState."
|
|
::= { hpicfLmaSessionStatsEntry 3 }
|
|
|
|
|
|
hpicfLmaSessionAuthVid OBJECT-TYPE
|
|
SYNTAX Integer32 (0..4094)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the PVID that the authenticated
|
|
client is utilizing. If the client is unauthenticated,
|
|
this object has no meaning."
|
|
::= { hpicfLmaSessionStatsEntry 4 }
|
|
|
|
|
|
hpicfLmaSessionUnauthVid OBJECT-TYPE
|
|
SYNTAX Integer32 (0..4094)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the PVID that the unauthenticated
|
|
client is utilizing. If the client is authenticated,
|
|
this object has no meaning."
|
|
::= { hpicfLmaSessionStatsEntry 5 }
|
|
|
|
|
|
hpicfLmaSessionUsrNumberCnt OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the number of authenticated clients
|
|
currently present on this port. This does not include the
|
|
clients that are under the process of authentication."
|
|
DEFVAL { 0 }
|
|
::= { hpicfLmaSessionStatsEntry 6 }
|
|
|
|
hpicfLmaSessionUserRole OBJECT-TYPE
|
|
SYNTAX HpAutzUserRoleName
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When hpSwitchAutzUserRoleEnabled is true, specifies the user
|
|
role of the client."
|
|
::= { hpicfLmaSessionStatsEntry 7 }
|
|
|
|
-- ------------------------------------------------------------
|
|
-- Conformance
|
|
-- ------------------------------------------------------------
|
|
|
|
hpicfLmaCompliances OBJECT IDENTIFIER ::= { hpicfLmaConformance 1 }
|
|
hpicfLmaGroups OBJECT IDENTIFIER ::= { hpicfLmaConformance 2 }
|
|
|
|
-- Compliance Statements
|
|
|
|
hpicfLmaCompliance1 MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION "The compliance statement"
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
hpicfLmaMacGroup,
|
|
hpicfLmaConfigGroup,
|
|
hpicfLmaSessionStatsGroup
|
|
}
|
|
::= { hpicfLmaCompliances 1 }
|
|
|
|
hpicfLmaCompliance2 MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION "The compliance statement"
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
hpicfLmaMacGroup1,
|
|
hpicfLmaConfigGroup1,
|
|
hpicfLmaSessionStatsGroup1
|
|
}
|
|
::= { hpicfLmaCompliances 2 }
|
|
|
|
hpicfLmaCompliance3 MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION "The compliance statement"
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
hpicfLmaMacGroup1,
|
|
hpicfLmaConfigGroup2,
|
|
hpicfLmaSessionStatsGroup1
|
|
}
|
|
::= { hpicfLmaCompliances 3 }
|
|
|
|
hpicfLmaCompliance4 MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION "The compliance statement"
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
hpicfLmaMacGroup1,
|
|
hpicfLmaConfigGroup3,
|
|
hpicfLmaSessionStatsGroup1
|
|
}
|
|
::= { hpicfLmaCompliances 4 }
|
|
|
|
-- units of conformance
|
|
|
|
hpicfLmaMacGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
hpicfLmaMacGrpRowStatus,
|
|
hpicfLmaMacRowStatus,
|
|
hpicfLmaProfileUntaggedVid,
|
|
hpicfLmaProfileTaggedVids,
|
|
hpicfLmaProfileCoS,
|
|
hpicfLmaProfileIsAssociated,
|
|
hpicfLmaProfileRowStatus,
|
|
hpicfLmaAssociationRowStatus
|
|
}
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"These objects are used for managing Local MAC
|
|
Authentication configuration parameters."
|
|
::= { hpicfLmaGroups 1 }
|
|
|
|
|
|
hpicfLmaConfigGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
hpicfLmaClientLimit,
|
|
hpicfLmaQuietPeriod,
|
|
hpicfLmaLogoffPeriod,
|
|
hpicfLmaAuthVid,
|
|
hpicfLmaUnauthVid,
|
|
hpicfLmaUnAuthPeriod,
|
|
hpicfLmaReauthenticate
|
|
}
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"A collection of objects providing configuration
|
|
objects for Local MAC authentication associated with
|
|
each port."
|
|
::= { hpicfLmaGroups 2 }
|
|
|
|
hpicfLmaSessionStatsGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
hpicfLmaAssocActiveMacAddress,
|
|
hpicfLmaSessionState,
|
|
hpicfLmaSessionStateTime,
|
|
hpicfLmaSessionAuthVid,
|
|
hpicfLmaSessionUnauthVid,
|
|
hpicfLmaSessionUsrNumberCnt
|
|
}
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"A collection of objects providing statistics about
|
|
current sessions for Local MAC authentication."
|
|
::= { hpicfLmaGroups 3 }
|
|
|
|
hpicfLmaMacGroup1 OBJECT-GROUP
|
|
OBJECTS {
|
|
hpicfLmaMacGrpRowStatus,
|
|
hpicfLmaMacRowStatus,
|
|
hpicfLmaProfileUntaggedVid,
|
|
hpicfLmaProfileTaggedVids,
|
|
hpicfLmaProfileCoS,
|
|
hpicfLmaProfileIsAssociated,
|
|
hpicfLmaProfileRowStatus,
|
|
hpicfLmaAssociationRowStatus,
|
|
hpicfLmaUserRoleAssociationRowStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"These objects are used for managing Local MAC
|
|
Authentication configuration parameters."
|
|
::= { hpicfLmaGroups 4 }
|
|
|
|
hpicfLmaConfigGroup1 OBJECT-GROUP
|
|
OBJECTS {
|
|
hpicfLmaClientLimit,
|
|
hpicfLmaQuietPeriod,
|
|
hpicfLmaLogoffPeriod,
|
|
hpicfLmaAuthVid,
|
|
hpicfLmaUnauthVid,
|
|
hpicfLmaUnAuthPeriod,
|
|
hpicfLmaReauthenticate
|
|
}
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"A collection of objects providing configuration
|
|
objects for Local MAC authentication associated with
|
|
each port."
|
|
::= { hpicfLmaGroups 5 }
|
|
|
|
hpicfLmaSessionStatsGroup1 OBJECT-GROUP
|
|
OBJECTS {
|
|
hpicfLmaAssocActiveMacAddress,
|
|
hpicfLmaSessionState,
|
|
hpicfLmaSessionStateTime,
|
|
hpicfLmaSessionAuthVid,
|
|
hpicfLmaSessionUnauthVid,
|
|
hpicfLmaSessionUsrNumberCnt,
|
|
hpicfLmaSessionUserRole
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing statistics about
|
|
current sessions for Local MAC authentication."
|
|
::= { hpicfLmaGroups 6 }
|
|
|
|
hpicfLmaConfigGroup2 OBJECT-GROUP
|
|
OBJECTS {
|
|
hpicfLmaClientLimit,
|
|
hpicfLmaQuietPeriod,
|
|
hpicfLmaLogoffPeriod,
|
|
hpicfLmaAuthVid,
|
|
hpicfLmaUnauthVid,
|
|
hpicfLmaUnAuthPeriod,
|
|
hpicfLmaReauthenticate,
|
|
hpicfLmaMacPin
|
|
}
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"A collection of objects providing configuration
|
|
objects for Local MAC authentication associated with
|
|
each port."
|
|
::= { hpicfLmaGroups 7 }
|
|
|
|
hpicfLmaConfigGroup3 OBJECT-GROUP
|
|
OBJECTS {
|
|
hpicfLmaClientLimit,
|
|
hpicfLmaQuietPeriod,
|
|
hpicfLmaLogoffPeriod,
|
|
hpicfLmaAuthVid,
|
|
hpicfLmaUnauthVid,
|
|
hpicfLmaUnAuthPeriod,
|
|
hpicfLmaReauthenticate,
|
|
hpicfLmaMacPin,
|
|
hpicfLmaUnauthVidLLDPNwkPolicy
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing configuration
|
|
objects for Local MAC authentication associated with
|
|
each port."
|
|
::= { hpicfLmaGroups 8 }
|
|
END
|
|
|