ENTERASYS-PWA-MIB DEFINITIONS ::= BEGIN -- enterasys-pwa-mib.txt -- -- Part Number: -- -- -- This module provides authoritative definitions for Enterasys -- Networks' Port Web Authentication MIB. -- -- This module will be extended, as needed. -- Enterasys Networks reserves the right to make changes in -- specification and other information contained in this document -- without prior notice. The reader should consult Enterasys Networks -- to determine whether any such changes have been made. -- -- In no event shall Enterasys Networks be liable for any incidental, -- indirect, special, or consequential damages whatsoever (including -- but not limited to lost profits) arising out of or related to this -- document or the information contained in it, even if Enterasys -- Networks has been advised of, known, or should have known, the -- possibility of such damages. -- -- Enterasys Networks grants vendors, end-users, and other interested -- parties a non-exclusive license to use this Specification in -- connection with the management of Enterasys Networks products. -- Copyright February, 2001-2003 Enterasys Networks, Inc. IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Counter32, Counter64, Integer32, IpAddress FROM SNMPv2-SMI TruthValue, TimeStamp, TimeInterval, MacAddress, DisplayString FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF SnmpAdminString FROM SNMP-FRAMEWORK-MIB ZeroBasedCounter32 FROM RMON2-MIB InterfaceIndex FROM IF-MIB EnabledStatus FROM P-BRIDGE-MIB InetAddressType, InetAddress FROM INET-ADDRESS-MIB etsysModules FROM ENTERASYS-MIB-NAMES; etsysPwaMIB MODULE-IDENTITY LAST-UPDATED "200311051656Z" -- Wed Nov 5 16:56 GMT 2003 ORGANIZATION "Enterasys Networks, Inc" CONTACT-INFO "Postal: Enterasys Networks 50 Minuteman Rd. Andover, MA 01810-1008 USA Phone: +1 978 684 1000 E-mail: support@enterasys.com WWW: http://www.enterasys.com" DESCRIPTION "This MIB module provides the ability to configure the Port Web Authentication (PWA) component in a switch. PWA provides a way of authenticating a user on a switch port before allowing the user general access to the network. Only the essential protocols and services required by the authentication process are allowed on the segment between the end-station and the switch port. All other traffic will be discarded. When a user is in the unauthenticated state, any traffic generated by the end-station will not go beyond the switch port that they are connected to. The PWA/login process from the user standpoint is simple. The user makes a request via their favorite web browser for the 'secureharbour' web page. Depending upon the authenticated state of the port, a login page is provided so that the user can enter their username and password, or a logout page is presented to the user. When they submit their login page, the switch will then authenticate them via a preconfigured radius server. If the login is successful, then the port that the end-station is connected to will be turned on and full network access will be granted according to the users port configuration on the switch. This MIB module also provides status about the PWA component and statistics about all current users who are logged into the switch." REVISION "200311051656Z" -- Wed Nov 5 16:56 GMT 2003 DESCRIPTION "Added the etsysPwaSystemEnhancedModeRefreshTime object." REVISION "200308041122Z" -- Mon Aug 4 11:22 GMT 2003 DESCRIPTION "Added objects to support Guest Networking." REVISION "200305141932Z" -- Wed May 14 19:32 GMT 2003 DESCRIPTION "Added the etsysPwaLogoDisplayStatus object." REVISION "200212132156Z" -- Fri Dec 13 21:56 GMT 2002 DESCRIPTION "Added the etsysPwaSystemAuthEnhancedMode object. Updated the CONTACT-INFO clause." REVISION "200205152044Z" -- Wed May 15 20:44 GMT 2002 DESCRIPTION "Changed the syntax of etsysPwaAuthQuietPeriod and etsysPwaAuthMaxReq to Integer32. Corrected the conformance section to reflect the changes that were made yesterday." REVISION "200205142130Z" -- Tue May 14 21:30 GMT 2002 DESCRIPTION "Changed the syntax of etsysPwaSystemAuthIPAddress from InetAddress to IpAddress, to match existing and shipping implementations, and deprecated it as well. Deprecated etsysPwaSystemAuthIPAddressType. Added the etsysPwaSystemAuthInetAddressType and etsysPwaSystemAuthInetAddress objects to replace the deprecated functionality. Updated the CONTACT-INFO." REVISION "200203212149Z" -- Thu Mar 21 21:49 GMT 2002 DESCRIPTION "Changed the definition of etsysPwaSystemAuthHostName from OCTET-STRING to DisplayString." REVISION "200106071600Z" DESCRIPTION "The initial version of this MIB module" ::= { etsysModules 8 } -- ------------------------------------------------------------- -- MIB Objects -- ------------------------------------------------------------- etsysPwaSystem OBJECT IDENTIFIER ::= { etsysPwaMIB 1 } etsysPwaPortConfiguration OBJECT IDENTIFIER ::= { etsysPwaMIB 2 } etsysPwaPortStatus OBJECT IDENTIFIER ::= { etsysPwaMIB 3 } etsysPwaSession OBJECT IDENTIFIER ::= { etsysPwaMIB 4 } -- ------------------------------------------------------------- -- The PWA System Group -- ------------------------------------------------------------- etsysPwaSystemAuthControl OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The administrative enable/disable state for Port Web Authentication Control in a System. Enabling this object turns on the PWA system." REFERENCE "Port Web Authentication Architectural Specification" DEFVAL { disabled } ::= { etsysPwaSystem 1 } etsysPwaSystemAuthHostName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..32)) MAX-ACCESS read-write STATUS current DESCRIPTION "This is the hostname part the Uniform Resource Locator (URL). This object is a DNS/WINS name and is considered to be bound to the etsysPwaSystemAuthIPAddress. This object must not contain the protocol portion of the URL nor any directory or filenames. Changing this objects value changes the default name of the http server located at the local switch. An administrator can change this objects value to whatever name is appropriate for their network." DEFVAL { "secureharbour" } ::= { etsysPwaSystem 2 } etsysPwaSystemAuthBanner OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-write STATUS current DESCRIPTION "The banner that will be displayed on the web login page of the Port Web Authentication Control in a System. This banner is a courtesy introduction to the network, which the user sees on the login page." DEFVAL { "Enterasys Networks Incorporated P.O. Box 5005 Rochester, NH 03866-5005 USA 603 337-9400" } ::= { etsysPwaSystem 3 } etsysPwaSystemPwaNameServicesEnable OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The enable state of the name services application. Enabling this object turns on the Domain Name Service (DNS) and the Windows Internet Naming Services (WINS) clients. These clients will resolve only requests for the etsysPwaSystemAuthHostName. Disabling this object would require users in the network to know and use the etsysPwaSystemAuthIPAddress of this system." DEFVAL { disabled } ::= { etsysPwaSystem 4 } etsysPwaSystemAuthIPAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-write STATUS deprecated DESCRIPTION "This object has been deprecated. Refer to etsysPwaSystemAuthIPAddress for the reason. The textual convention for InetAddressType states that this object must be registered immediately before the InetAddress that it defines. etsysPwaSystemAuthInetAddressType MUST be used for all future implementations of this MIB." ::= { etsysPwaSystem 5 } etsysPwaSystemAuthIPAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS deprecated DESCRIPTION "This object has been deprecated due to an incorrect initial implementation of this MIB. This object was originally an InetAddress but some versions of the E7 firmware implemented it as an IpAddress. The syntax of this object was changed to allow management of the existing products. The etsysPwaSystemAuthInetAddress object MUST be used for all future implementations of this MIB." ::= { etsysPwaSystem 6 } etsysPwaSystemAuthProtocol OBJECT-TYPE SYNTAX INTEGER { chap(1), pap(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The authentication protocol used for this switch module. When set to a chap(1), the authentication scheme used will be the 'PPP Challenge Handshake Authentication Protocol (CHAP)', when set to a pap(2), the scheme will be 'Password Authentication Protocol (PAP)'. When using the CHAP protocol, the username and password utilize the CHAP protocol method of encryption to encrypt the users password in the http transmission of the submitted form on the segment between the end-station and the switch port. The PAP protocol is less secure than CHAP and does not provide any encryption on the segment between the end-station the switch port. The username and password go over this segment in the http transmission of the submitted form in plain text format." DEFVAL { pap } ::= { etsysPwaSystem 7 } etsysPwaSystemAuthDomain OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-write STATUS current DESCRIPTION "The domain name for which this module resides in." ::= { etsysPwaSystem 8 } etsysPwaSystemAuthInetAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-write STATUS current DESCRIPTION "A value that represents a type of etsysPwaSystemAuthInetAddress. unknown(0) An unknown address type. This value MUST be used if the value of the corresponding InetAddress object is a zero-length string. It may also be used to indicate an IP address which is not in one of the formats defined below. ipv4(1) An IPv4 address as defined by the InetAddressIPv4 textual convention. ipv6(2) An IPv6 address as defined by the InetAddressIPv6 textual convention." ::= { etsysPwaSystem 9 } etsysPwaSystemAuthInetAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The IP address bound to the etsysPwaSystemAuthHostName. The format of this object is defined in the etsysPwaSystemAuthInetAddressType object. This address MUST be supplied for authentication to work. This is a globally unique address and must be the same value configured into every authenticating switch in the domain. Each switch terminates any IP traffic destined to this etsysPwaSystemAuthInetAddress. If the port is in either promiscousAuto(4) or auto(2) mode, described in the etsysPwaControlledPortControl object, then the local switch in question responds to http requests with a login page. If the port is in any other mode, then all traffic destined for etsysPwaSystemAuthInetAddress is discarded. Please note that neither the etsysPwaSystemAuthHostName object nor this object refer to any specific machine in the network. These objects are always relative to the connection between an end station and a switch. Traffic destined for this IP is never seen over interswitch links." ::= { etsysPwaSystem 10 } etsysPwaSystemAuthEnhancedMode OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The enable state of the PWA enhanced mode. When this feature is enabled users on unauthenticated ports will be presented the login page on their initial web access. The etsysPwaControlledPortControl object MUST be set to auto(2) for this feature to function correctly. If etsysPwaControlledPortControl is not set to auto(2), or if this feature is disabled, users must enter the value of etsysPwaSystemAuthHostName in order to get the login page." DEFVAL { disabled } ::= { etsysPwaSystem 11 } etsysPwaLogoDisplayStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "When this object is set to enabled, the secureharbour logo will be displayed on the PWA login web pages. When it is set to disabled, the logo will not be displayed." DEFVAL { enabled } ::= { etsysPwaSystem 12 } etsysPwaSystemGuestUsername OBJECT-TYPE SYNTAX DisplayString (SIZE (0..32)) MAX-ACCESS read-write STATUS current DESCRIPTION "The username that the Guest Networking feature will use to authenticate users that do not override this value in the login page." DEFVAL { "guest" } ::= { etsysPwaSystem 13 } etsysPwaSystemGuestPassword OBJECT-TYPE SYNTAX DisplayString (SIZE (0..32)) MAX-ACCESS read-write STATUS current DESCRIPTION "The password that the Guest Networking feature will use to authenticate users that do not override the guest username. On a read this object will always return an empty string." DEFVAL { "" } ::= { etsysPwaSystem 14 } etsysPwaSystemGuestPasswordValid OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "true(1) - indicates that etsysPwaGuestPassword was last set with some value other than the empty string. false(2) - indicates that etsysPwaGuestPassword has never been set, or was last set to the empty string." DEFVAL { false } ::= { etsysPwaSystem 15 } etsysPwaSystemGuestNetworkingStatus OBJECT-TYPE SYNTAX INTEGER { disabled(1), authNone(2), authRadius(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Guest Networking is a feature that allows a user to get default policy access to the network without having to know a username or password. When this feature is not disabled(1), the username on the login page will be populated with the value from the object etsysPwaGuestUsername and the password will be mask out with asterisks. The password in the login page should never be populated with the value from etsysPwaGuestPassword. When Guest Networking is enabled, and a user submits a request for authentication, and the username is the same as the value from etsysPwaGuestUsername, PWA will use the value from etsysPwaGuestPassword as the password for authentication. When this object is set to disabled(1), Guest Networking will be unavailable. When set to authNone(2) Guest Networking will be enabled and it will not authenticate the guest user using any authentication method. Once the user submits the login page with the username that matches the value from etsysPwaGuestUsername, the default policy of that port will become the active policy. When set to authRadius(3) Guest Networking will be enabled and it will authenticate the guest user using RADIUS authentication Upon a successful authentication from RADIUS, this port will apply the policy returned from RADIUS to that port." DEFVAL { disabled } ::= { etsysPwaSystem 16 } etsysPwaSystemEnhancedModeRefreshTime OBJECT-TYPE SYNTAX Integer32 (0..120) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "This is the value that is displayed on the PWA login success page as the redirect time. If a user, using PWA enhanced mode, enters a URL of 'http://enterasys.com' prior to being presented with the PWA login page and then successfully authenticates into the network they would be presented with a login success page that displays 'Welcome to the Network. Completing network connections. You will be redirected to http://enterasys.com in approximately 30 seconds'. An end-station that is utilizing the Dynamic Host Configuration Protocol (DHCP) as a means of obtaining an IP address will take some time to transition from the temporary IP address issued by PWA, as part of the authentication process, to the official IP address issued by the network. etsysPwaSystemEnhancedModeRefreshTime provides a configurable time period for the end-stations on a given switch to complete the process of obtaining their official IP addresses and to begin using them. The default value of 30 seconds has been shown to be adequate in most environments. In some networks this time period may need to be longer, and in other networks it could be shorter. In networks that only use static IP addresses a time period on the order of 5 to 10 seconds may be sufficient. A period of less than 5 seconds is not recommended as there is a slight delay after a successful login before the switch transitions the port to forwarding." DEFVAL { 30 } ::= { etsysPwaSystem 17 } -- ------------------------------------------------------------- -- The PWA Port Configuration Table -- ------------------------------------------------------------- etsysPwaPortConfigurationTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysPwaPortConfigurationEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of configuration objects for each port that are supported by the Port Web Authentication Entity. An entry appears in this table for each port in this system. All objects/instances in this table are stored persistent memory." ::= { etsysPwaPortConfiguration 1 } etsysPwaPortConfigurationEntry OBJECT-TYPE SYNTAX EtsysPwaPortConfigurationEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The ifIndex number, maximum number of requests, quiet period between failed attempts, and initialization control for a Port. This table holds the objects for configuring the PWA system." INDEX { etsysPwaPortNumber } ::= { etsysPwaPortConfigurationTable 1 } EtsysPwaPortConfigurationEntry ::= SEQUENCE { etsysPwaPortNumber InterfaceIndex, etsysPwaInitializePort TruthValue, etsysPwaAuthQuietPeriod Integer32, etsysPwaAuthMaxReq Integer32, etsysPwaControlledPortControl INTEGER } etsysPwaPortNumber OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "The ifIndex number associated with this port." ::= { etsysPwaPortConfigurationEntry 1 } etsysPwaInitializePort OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The initialization control for this ifIndex. This object can be used to unauthenticate a user on a port or to return the port to its initial default state due to some unknown condition. Setting this attribute to true(1) causes the Port to be initialized. The attribute value reverts to false(2) once initialization has completed. Initializing a port returns the etsysPwaAuthPwaState to disconnected(1) and if the etsysPwaControlledPortControl setting is either promiscousAuto(4) or auto(2), and the etsysPwaAuthPwaState was authenticated(3), then the current session is terminated, and the user is forced off the network." ::= { etsysPwaPortConfigurationEntry 2 } etsysPwaAuthQuietPeriod OBJECT-TYPE SYNTAX Integer32 (0..2147483647) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "The value, in seconds, of the quietPeriod constant currently in use by the Port Web Authenticator state machine. After the user attempts unsuccessfully to login a number of times equal to the etsysPwaAuthMaxReq constant, then the ifIndex is locked for a time period equal to the value of this MIB entry. In the initial released version of this MIB this object was an Unsigned32. The initial implementation on the E7 returned an Integer32. The syntax of this object was changed to reflect the existing product in the field. All future implementations of this object should return an Integer32." DEFVAL { 60 } ::= { etsysPwaPortConfigurationEntry 3 } etsysPwaAuthMaxReq OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of the maxReq constant currently in use by the Port Web Authenticator state machine. This represents the maximum number of failed retry attempts before preventing any further attempts for a time period equal to the value of etsysPwaAuthQuietPeriod. In the initial released version of this MIB this object was an Unsigned32. The initial implementation on the E7 returned an Integer32. The syntax of this object was changed to reflect the existing product in the field. All future implementations of this object should return an Integer32." DEFVAL { 2 } ::= { etsysPwaPortConfigurationEntry 4 } etsysPwaControlledPortControl OBJECT-TYPE SYNTAX INTEGER { forceUnauthorized(1), auto(2), forceAuthorized(3), promiscousAuto(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "The authentication method of the ifIndex. A value of forceUnauthorized(1) indicates that the port is always unauthenticated. When set to this value the ifindex is essentially disabled. A value of auto(2) indicates that the ifindex will authenticate users using PWA process. In this mode the switch will provide all the services the end-station will need to complete the login. These services include a Dynamic Host Configuration Protocol (DHCP) server, a Windows Internet Naming Server (WINS), and a Domain Name Service (DNS) Server. A value of forceAuthorized(3) indicates the port is always authorized. When set to this value, the ifindex will always be authenticated. When set to promiscousAuto(4) the services that are required to complete the network login are not provided by the switch. These services must be provided on a back-end network that the end-station can communicate with. These services might be specific to the particular Operating System of the end-station and could also include the same services as provided in auto mode." DEFVAL { forceAuthorized } ::= { etsysPwaPortConfigurationEntry 5 } -- ------------------------------------------------------------- -- The PWA Port Status Table -- ------------------------------------------------------------- etsysPwaAuthStatusTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysPwaAuthStatusEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains the status objects for the Port Web Authenticator associated with each ifIndex. An entry appears in this table for each ifIndex that may authenticate access to itself. All objects/instances in this table are stored in persistent memory." ::= { etsysPwaPortStatus 1 } etsysPwaAuthStatusEntry OBJECT-TYPE SYNTAX EtsysPwaAuthStatusEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The status information for an Authenticator PWA." INDEX { etsysPwaPortNumber } ::= { etsysPwaAuthStatusTable 1 } EtsysPwaAuthStatusEntry ::= SEQUENCE { etsysPwaAuthPwaState INTEGER, etsysPwaMaxFailedAttempts ZeroBasedCounter32, etsysPwaFailedAttemptsSinceLogon ZeroBasedCounter32, etsysPwaLastLogonResult SnmpAdminString } etsysPwaAuthPwaState OBJECT-TYPE SYNTAX INTEGER { disconnected(1), authenticating(2), authenticated(3), held(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "The current value of the Port Web Authenticator state machine. When set to disconnected(1) no user is logged in. When set to authenticating(2), it indicates that a login is in process and has not yet completed. A value of authenticated(3) indicates a user has successfully logged in. When the value is held(4) it indicates that the port is locked down because the number of failed login attempts is greater than etsysPwaAuthMaxReq.The port will be locked until the etsysPwaAuthQuietPeriod has expired." ::= { etsysPwaAuthStatusEntry 1 } etsysPwaMaxFailedAttempts OBJECT-TYPE SYNTAX ZeroBasedCounter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of failed logon attempts on this ifIndex." ::= { etsysPwaAuthStatusEntry 2 } etsysPwaFailedAttemptsSinceLogon OBJECT-TYPE SYNTAX ZeroBasedCounter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of failed logon attempts since the last successful logon on this ifIndex." ::= { etsysPwaAuthStatusEntry 3 } etsysPwaLastLogonResult OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "This ASCII string provides an unstructured way for the web based auth agent to communicate detailed error and status indications to a network administrator." ::= { etsysPwaAuthStatusEntry 4 } -- ------------------------------------------------------------- -- The Authenticator Session Statistics Table -- ------------------------------------------------------------- etsysPwaAuthSessionStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysPwaAuthSessionStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains the session statistics objects for the Authenticator PWA associated with each ifIndex. An entry appears in this table for each ifIndex that may authenticate access to itself. Session entries are collected for each ifIndex. All objects/instances in this table are stored in non-persistent memory. The instancing in this table and the etsysPwaAuthSessionStatsHCTable are dependent upon the switch port configuration and will always be identical in any given switch." ::= { etsysPwaSession 1 } etsysPwaAuthSessionStatsEntry OBJECT-TYPE SYNTAX EtsysPwaAuthSessionStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The session statistics information for an Authenticator PWA. This shows the current values being collected for each session that is still in progress, or the final values for the last valid session on each ifIndex where there is no session currently active." INDEX { etsysPwaPortNumber, etsysPwaAuthSessionID } ::= { etsysPwaAuthSessionStatsTable 1 } EtsysPwaAuthSessionStatsEntry ::= SEQUENCE { etsysPwaAuthSessionID Integer32, etsysPwaAuthSessionOctetsRx Counter32, etsysPwaAuthSessionOctetsRxOverflow Counter32, etsysPwaAuthSessionOctetsTx Counter32, etsysPwaAuthSessionOctetsTxOverflow Counter32, etsysPwaAuthSessionFramesRx Counter32, etsysPwaAuthSessionFramesTx Counter32, etsysPwaAuthSessionStartTime TimeStamp, etsysPwaAuthSessionDuration TimeInterval, etsysPwaAuthSessionTerminateCause INTEGER, etsysPwaAuthSessionMacAddress MacAddress, etsysPwaAuthSessionIPAddressType InetAddressType, etsysPwaAuthSessionIPAddress InetAddress, etsysPwaAuthSessionUserName SnmpAdminString } etsysPwaAuthSessionID OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "A unique ID that identifies the session on this ifindex." ::= { etsysPwaAuthSessionStatsEntry 1 } etsysPwaAuthSessionOctetsRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of octets received in user data frames on this ifIndex during the session." ::= { etsysPwaAuthSessionStatsEntry 2 } etsysPwaAuthSessionOctetsRxOverflow OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times the associated etsysPwaAuthSessionOctetsRx counter has overflowed." ::= { etsysPwaAuthSessionStatsEntry 3 } etsysPwaAuthSessionOctetsTx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of octets transmitted in user data frames on this ifIndex during the session." ::= { etsysPwaAuthSessionStatsEntry 4 } etsysPwaAuthSessionOctetsTxOverflow OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times the associated etsysPwaAuthSessionOctetsTx counter has overflowed." ::= { etsysPwaAuthSessionStatsEntry 5 } etsysPwaAuthSessionFramesRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of user data frames received on this ifIndex during the session." ::= { etsysPwaAuthSessionStatsEntry 6 } etsysPwaAuthSessionFramesTx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of user data frames transmitted on this ifIndex during the session." ::= { etsysPwaAuthSessionStatsEntry 7 } etsysPwaAuthSessionStartTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The start time of the session in hundredths of seconds since reset." ::= { etsysPwaAuthSessionStatsEntry 8 } etsysPwaAuthSessionDuration OBJECT-TYPE SYNTAX TimeInterval MAX-ACCESS read-only STATUS current DESCRIPTION "The duration of the session in hundredths of seconds." ::= { etsysPwaAuthSessionStatsEntry 9 } etsysPwaAuthSessionTerminateCause OBJECT-TYPE SYNTAX INTEGER { linkDown(1), logoff(2), authControlForceUnauth(3), portReInit(4), portDisabled(5), notTerminatedYet(999) } MAX-ACCESS read-only STATUS current DESCRIPTION "The reason for the session termination. When set to linkDown(1), the ifindex has no link. When set to logoff(2), a user has successfully logged off the network on this ifindex. When set to authControlForceUnauth(3) an administrator has terminated the user session on this ifindex by setting etsysPwaControlledPortControl to forceUnauthorized(1). When set to portReInit(4) the ifindex has been re-initialized by setting the object etsysPwaInitializePort. When set to portDisabled(5) the ifindex has been disabled. When set notTerminatedYet(999) the ifindex has an active session." ::= { etsysPwaAuthSessionStatsEntry 10 } etsysPwaAuthSessionMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The mac address of the remote user of this session entry stored for this ifIndex." ::= { etsysPwaAuthSessionStatsEntry 11 } etsysPwaAuthSessionIPAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "A value that represents a type of etsysPwaAuthSessionIPAddress. unknown(0) An unknown address type. This value MUST be used if the value of the corresponding InetAddress object is a zero-length string. It may also be used to indicate an IP address which is not in one of the formats defined below. ipv4(1) An IPv4 address as defined by the InetAddressIPv4 textual convention. ipv6(2) An IPv6 address as defined by the InetAddressIPv6 textual convention." ::= { etsysPwaAuthSessionStatsEntry 12 } etsysPwaAuthSessionIPAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The ip address of the remote user of this session entry stored for this ifIndex. The format of this object is defined in the etsysPwaAuthSessionIPAddressType object." ::= { etsysPwaAuthSessionStatsEntry 13 } etsysPwaAuthSessionUserName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The username that logged on to this ifIndex." ::= { etsysPwaAuthSessionStatsEntry 14 } -- ------------------------------------------------------------- -- The Authenticator Session Statistics HC Table -- ------------------------------------------------------------- etsysPwaAuthSessionStatsHCTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysPwaAuthSessionStatsHCEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains the session statistics objects for the Authenticator PWA associated with each ifIndex. An entry appears in this table for each ifIndex that may authenticate access to itself. Session entries are collected for each ifIndex up to the maximum allowed. When the maximum number of allowed sessions has been reached, the oldest session entries will be replaced with newer ones as necessary. All objects/instances in this table are stored in non-persistent memory." ::= { etsysPwaSession 2 } etsysPwaAuthSessionStatsHCEntry OBJECT-TYPE SYNTAX EtsysPwaAuthSessionStatsHCEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The session statistics information for an Authenticator PWA. This shows the current values being collected for each session that is still in progress, or the final values for the last valid session on each ifIndex where there is no session currently active." INDEX { etsysPwaPortNumber, etsysPwaAuthSessionHCID } ::= { etsysPwaAuthSessionStatsHCTable 1 } EtsysPwaAuthSessionStatsHCEntry ::= SEQUENCE { etsysPwaAuthSessionHCID Integer32, etsysPwaAuthSessionOctetsRxHc Counter64, etsysPwaAuthSessionOctetsTxHc Counter64 } etsysPwaAuthSessionHCID OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "A unique ID that identifies the session on this ifindex." ::= { etsysPwaAuthSessionStatsHCEntry 1 } etsysPwaAuthSessionOctetsRxHc OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of octets received in user data frames on this ifIndex during the session." ::= { etsysPwaAuthSessionStatsHCEntry 2 } etsysPwaAuthSessionOctetsTxHc OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of octets transmitted in user data frames on this ifIndex during the session." ::= { etsysPwaAuthSessionStatsHCEntry 3 } -- ------------------------------------------------------------- -- Conformance Information -- ------------------------------------------------------------- etsysPwaMIBGroups OBJECT IDENTIFIER ::= { etsysPwaMIB 5 } etsysPwaMIBCompliances OBJECT IDENTIFIER ::= { etsysPwaMIB 6 } -- ------------------------------------------------------------- -- Units of Conformance -- ------------------------------------------------------------- etsysPwaSystemGroup OBJECT-GROUP OBJECTS { etsysPwaSystemAuthControl, etsysPwaSystemAuthHostName, etsysPwaSystemAuthBanner, etsysPwaSystemPwaNameServicesEnable, etsysPwaSystemAuthIPAddressType, etsysPwaSystemAuthIPAddress, etsysPwaSystemAuthProtocol, etsysPwaSystemAuthDomain } STATUS deprecated DESCRIPTION "This section has been deprecated. See etsysPwaSystemGroupI." ::= { etsysPwaMIBGroups 1 } etsysPwaPortConfigurationGroup OBJECT-GROUP OBJECTS { etsysPwaInitializePort, etsysPwaAuthQuietPeriod, etsysPwaAuthMaxReq, etsysPwaControlledPortControl } STATUS current DESCRIPTION "This section is for ifIndex based configuration of the PWA system." ::= { etsysPwaMIBGroups 2 } etsysPwaPortStatusGroup OBJECT-GROUP OBJECTS { etsysPwaAuthPwaState, etsysPwaMaxFailedAttempts, etsysPwaFailedAttemptsSinceLogon, etsysPwaLastLogonResult } STATUS current DESCRIPTION "The status of all login information on a per ifIndex basis can be obtained here." ::= { etsysPwaMIBGroups 3 } etsysPwaSessionGroup OBJECT-GROUP OBJECTS { etsysPwaAuthSessionID, etsysPwaAuthSessionOctetsRx, etsysPwaAuthSessionOctetsRxOverflow, etsysPwaAuthSessionOctetsTx, etsysPwaAuthSessionOctetsTxOverflow, etsysPwaAuthSessionFramesRx, etsysPwaAuthSessionFramesTx, etsysPwaAuthSessionStartTime, etsysPwaAuthSessionDuration, etsysPwaAuthSessionTerminateCause, etsysPwaAuthSessionMacAddress, etsysPwaAuthSessionIPAddressType, etsysPwaAuthSessionIPAddress, etsysPwaAuthSessionUserName } STATUS current DESCRIPTION "This section contains statistics associated with each ifIndex/login." ::= { etsysPwaMIBGroups 4 } etsysPwaSessionHCGroup OBJECT-GROUP OBJECTS { etsysPwaAuthSessionHCID, etsysPwaAuthSessionOctetsRxHc, etsysPwaAuthSessionOctetsTxHc } STATUS current DESCRIPTION "This section contains statistics associated with each ifIndex/login." ::= { etsysPwaMIBGroups 5 } etsysPwaSystemGroupI OBJECT-GROUP OBJECTS { etsysPwaSystemAuthControl, etsysPwaSystemAuthHostName, etsysPwaSystemAuthBanner, etsysPwaSystemPwaNameServicesEnable, etsysPwaSystemAuthProtocol, etsysPwaSystemAuthDomain, etsysPwaSystemAuthInetAddressType, etsysPwaSystemAuthInetAddress, etsysPwaLogoDisplayStatus, etsysPwaSystemGuestUsername, etsysPwaSystemGuestPassword, etsysPwaSystemGuestPasswordValid, etsysPwaSystemGuestNetworkingStatus, etsysPwaSystemEnhancedModeRefreshTime } STATUS current DESCRIPTION "This section is for the basic configuration parameters used by the PWA system." ::= { etsysPwaMIBGroups 6 } etsysPwaSystemAuthEnhancedGroup OBJECT-GROUP OBJECTS { etsysPwaSystemAuthEnhancedMode } STATUS current DESCRIPTION "This section is for the configuration of the PWA enhanced mode of operation." ::= { etsysPwaMIBGroups 7 } -- ------------------------------------------------------------- -- Compliance Statements -- ------------------------------------------------------------- etsysPwaMIBCompliance MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "Deprecated, see etsysPwaMIBComplianceI." MODULE -- this module MANDATORY-GROUPS { etsysPwaSystemGroup, etsysPwaPortConfigurationGroup, etsysPwaPortStatusGroup, etsysPwaSessionGroup } OBJECT etsysPwaAuthSessionIPAddressType DESCRIPTION "See etsysPwaMIBComplianceI." ::= { etsysPwaMIBCompliances 1 } etsysPwaMIBComplianceI MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for hosts using Port Web Authentication." MODULE -- this module MANDATORY-GROUPS { etsysPwaSystemGroupI, etsysPwaPortConfigurationGroup, etsysPwaPortStatusGroup, etsysPwaSessionGroup } OBJECT etsysPwaAuthSessionIPAddressType DESCRIPTION "The implementation may support only IPv4. If a domain name is used, a WINS/DNS client is required in the switch that is capable of resolving the name. When a domain name is used, this object will supercede the value set in etsysPwaSystemAuthHostName and render that value as unused." GROUP etsysPwaSystemAuthEnhancedGroup DESCRIPTION "Support for this group is mandatory for entities supporting the PWA enhanced mode of operation." ::= { etsysPwaMIBCompliances 2 } END