HP-ICF-LMA-MIB DEFINITIONS ::= BEGIN IMPORTS hpSwitch FROM HP-ICF-OID InterfaceIndex FROM IF-MIB VidList FROM HP-ICF-TC OBJECT-GROUP, MODULE-COMPLIANCE FROM SNMPv2-CONF Integer32, Unsigned32, OBJECT-TYPE, Counter32, MODULE-IDENTITY FROM SNMPv2-SMI TruthValue, MacAddress, RowStatus, DisplayString FROM SNMPv2-TC; hpicfLmaMIB MODULE-IDENTITY LAST-UPDATED "201304100900Z" ORGANIZATION "HP Networking" CONTACT-INFO "Hewlett-Packard Company 8000 Foothills Blvd. Roseville, CA 95747" DESCRIPTION "This MIB module describes objects for managing the Local MAC Authentication feature of devices in the HP Integrated Communication Facility product line." REVISION "201304100900Z" -- April 10, 2013 at 09:00 GMT DESCRIPTION "Initial version of Local MAC Authentication MIB module." ::= { hpSwitch 97 } -- -- Node definitions -- -- Top-level structure of MIB -- 1.3.6.1.4.1.11.2.14.11.5.1.93 -- 1.3.6.1.4.1.11.2.14.11.5.1.93.0 hpicfLmaNotifications OBJECT IDENTIFIER ::= { hpicfLmaMIB 0} hpicfLmaObjects OBJECT IDENTIFIER ::= { hpicfLmaMIB 1} hpicfLmaConformance OBJECT IDENTIFIER ::= { hpicfLmaMIB 2} hpicfLmaConfigObjects OBJECT IDENTIFIER ::= { hpicfLmaObjects 1} hpicfLmaStatsObjects OBJECT IDENTIFIER ::= { hpicfLmaObjects 2} hpicfLmaScalarObjects OBJECT IDENTIFIER ::= { hpicfLmaConfigObjects 1} hpicfLmaMacGrpTable OBJECT-TYPE SYNTAX SEQUENCE OF HpicfLmaMacGrpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table is to create MAC group, which is a collection Of MAC address/MAC OUI/MAC mask. There can be a maximum of 256 MAC groups." ::= { hpicfLmaConfigObjects 2} hpicfLmaMacGrpEntry OBJECT-TYPE SYNTAX HpicfLmaMacGrpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table is to create MAC group, which is a collection Of MAC address/MAC OUI/MAC mask. There can be a maximum of 256 MAC groups." INDEX { hpicfLmaMacGrpName } ::= { hpicfLmaMacGrpTable 1 } HpicfLmaMacGrpEntry ::= SEQUENCE { hpicfLmaMacGrpName DisplayString, hpicfLmaMacGrpRowStatus RowStatus } hpicfLmaMacGrpName OBJECT-TYPE SYNTAX DisplayString (SIZE (1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Name of the MAC group. A name can have maximum 32 characters." ::= { hpicfLmaMacGrpEntry 1 } hpicfLmaMacGrpRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Status of this row, by which new entries may be created or existing entries deleted from this table." ::= { hpicfLmaMacGrpEntry 2} --This table associates MAC-clients with MAC-Group.Each MAC group can --have set of MAC-clients.attributes (such as tagged vlan/untagged --vlan/CoS) can be applied on these MAC groups for LMA. hpicfLmaMacTable OBJECT-TYPE SYNTAX SEQUENCE OF HpicfLmaMacEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table stores MAC address/MAC OUI/MAC mask bound to a MAC group.A MAC group can be associated to a maximum of 120 entries, Each entry is equivalent to one record in hpicfLmaMacTable and there can be a maximum of 256 records." ::= { hpicfLmaConfigObjects 3} hpicfLmaMacEntry OBJECT-TYPE SYNTAX HpicfLmaMacEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table stores MAC address/MAC OUI/MAC mask bound to a MAC group.A MAC group can be associated to a maximum of 120 entries, Each entry is equivalent to one record in hpicfLmaMacTable and there can be a maximum of 256 records." INDEX { hpicfLmaMacGrpName, hpicfLmaMacType, hpicfLmaMacValue } ::= { hpicfLmaMacTable 1 } HpicfLmaMacEntry ::= SEQUENCE { hpicfLmaMacType INTEGER, hpicfLmaMacValue OCTET STRING, hpicfLmaMacRowStatus RowStatus } hpicfLmaMacType OBJECT-TYPE SYNTAX INTEGER { macAddress(1), macMask (2), macOui(3) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies whether the type of MAC Address is: macAddress(1) Fully qualified MAC address. macMask(2) MAC address prefiX. Only 32 & 40 bits are allowed. macOUI(3) 24 bit organizationally unique identifier." ::= { hpicfLmaMacEntry 1 } hpicfLmaMacValue OBJECT-TYPE SYNTAX OCTET STRING (SIZE(3..6)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This is to specify the value for the hpicfLmaMacType, value should be in conjunction with MAC Type." ::= { hpicfLmaMacEntry 2} hpicfLmaMacRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Status of this row, by which new entries may be created or existing entries deleted from this table." ::= { hpicfLmaMacEntry 3 } -- LMA Profile Table : To Create LMA Profile which can be associated -- to MAC Clients. -- Profile can have set of attributes such as untagged vlanid, list -- of tagged vlans CoS value.maximum allowed tagged vlan in a profile -- is 50. hpicfLmaProfileTable OBJECT-TYPE SYNTAX SEQUENCE OF HpicfLmaProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This is to create the profile which can be associated to a MAC group/MAC address/MAC OUI/MAC mask.A profile is a collection of attributes." ::= { hpicfLmaConfigObjects 4} hpicfLmaProfileEntry OBJECT-TYPE SYNTAX HpicfLmaProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This is to create the profile which can be associated to a MAC group/MAC address/MAC OUI/MAC mask.A profile is a collection of attributes." INDEX { hpicfLmaProfileName } ::= { hpicfLmaProfileTable 1 } HpicfLmaProfileEntry ::= SEQUENCE { hpicfLmaProfileName DisplayString, hpicfLmaProfileUntaggedVid Integer32, hpicfLmaProfileTaggedVids VidList, hpicfLmaProfileCoS Integer32, hpicfLmaProfileIsAssociated TruthValue, hpicfLmaProfileRowStatus RowStatus } hpicfLmaProfileName OBJECT-TYPE SYNTAX DisplayString (SIZE (1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object contains the name of Local MAC Authentication profile." ::= { hpicfLmaProfileEntry 1 } hpicfLmaProfileUntaggedVid OBJECT-TYPE SYNTAX Integer32 (0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "Untagged VLAN ID.A value of 0 implies that untagged VLAN ID is not configured for this profile.Only one untagged VLAN ID can be associated with the profile." DEFVAL { 0 } ::= { hpicfLmaProfileEntry 2 } hpicfLmaProfileTaggedVids OBJECT-TYPE SYNTAX VidList MAX-ACCESS read-create STATUS current DESCRIPTION "Tagged VLANs.A maximum of 50 tagged VLANs can be can be associated with the profile." ::= { hpicfLmaProfileEntry 3 } hpicfLmaProfileCoS OBJECT-TYPE SYNTAX Integer32 (-1..7) MAX-ACCESS read-create STATUS current DESCRIPTION "CoS value to be associated with this profile.A value of -1 indicates that CoS is not configured for this profile." ::= { hpicfLmaProfileEntry 4 } hpicfLmaProfileIsAssociated OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object is to check whether any MAC is associated to this profile.A value of TRUE indicates that it is associated to MAC entry and FALSE indicates that it is not associated to any of the MAC entry." ::= { hpicfLmaProfileEntry 5 } hpicfLmaProfileRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Status of this row, by which new entries may be created or existing entries deleted from this table." ::= { hpicfLmaProfileEntry 6} hpicfLmaAssociationTable OBJECT-TYPE SYNTAX SEQUENCE OF HpicfLmaAssociationEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This is association table between profile and MAC entries." ::= { hpicfLmaConfigObjects 5} hpicfLmaAssociationEntry OBJECT-TYPE SYNTAX HpicfLmaAssociationEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This is association table between the profile and MAC entries." INDEX { hpicfLmaProfileName, hpicfLmaAssociationMacType, hpicfLmaAssociationMacValue } ::= { hpicfLmaAssociationTable 1 } HpicfLmaAssociationEntry ::= SEQUENCE { hpicfLmaAssociationMacType INTEGER, hpicfLmaAssociationMacValue OCTET STRING, hpicfLmaAssociationRowStatus RowStatus } hpicfLmaAssociationMacType OBJECT-TYPE SYNTAX INTEGER { macGrp(0), macAddress(1), macMask (2), macOui(3) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies whether the type of MAC address is: macGrp(0) MAC group which contains a group of MAC Entry. macAddress(1) Fully qualified MAC address. macMask(2) MAC address prefix. Only 32 & 40 bits are allowed. macOUI(3) 24 bit organizationally unique identifier." ::= { hpicfLmaAssociationEntry 2 } hpicfLmaAssociationMacValue OBJECT-TYPE SYNTAX OCTET STRING(SIZE (1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies the MAC value. This value should be in conjunction with hpicfLmaAssociationMacType." ::= { hpicfLmaAssociationEntry 4} hpicfLmaAssociationRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Status of this row, by which new entries may be created or existing entries deleted from this table." ::= { hpicfLmaAssociationEntry 5 } -- hpicfLmaConfigTable -- This table is to configure Local Mac Authentication attributes with eaach port. hpicfLmaConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF HpicfLmaConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains the configuration objects for Local MAC based Authentication associated with each port. An entry appears in this table for each port that may authenticate access to itself." ::= { hpicfLmaConfigObjects 6 } hpicfLmaConfigEntry OBJECT-TYPE SYNTAX HpicfLmaConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains the configuration objects for Local MAC based Authentication associated with each port. An entry appears in this table for each port that may authenticate access to itself." INDEX { hpicfLmaPortNumber } ::= { hpicfLmaConfigTable 1 } HpicfLmaConfigEntry ::= SEQUENCE { hpicfLmaPortNumber InterfaceIndex, hpicfLmaClientLimit Integer32, hpicfLmaQuietPeriod Integer32, hpicfLmaLogoffPeriod Integer32, hpicfLmaAuthVid Integer32, hpicfLmaUnauthVid Integer32, hpicfLmaUnAuthPeriod Integer32, hpicfLmaReauthenticate TruthValue } hpicfLmaPortNumber OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "The port number associated with this switch port." ::= { hpicfLmaConfigEntry 1 } hpicfLmaClientLimit OBJECT-TYPE SYNTAX Integer32 (1..256) MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum number of authenticated clients to allow on the port." DEFVAL { 1 } ::= { hpicfLmaConfigEntry 2 } hpicfLmaQuietPeriod OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the time, in seconds, that the switch should refrain from re-attempting an authentication request for a client whose credentials were rejected." DEFVAL { 60 } ::= { hpicfLmaConfigEntry 4 } hpicfLmaLogoffPeriod OBJECT-TYPE SYNTAX Integer32 (1..999999999) MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the period, in seconds, at which an authenticated client will be considered unauthenticated due to lack of activity (i.e. traffic originating from client)." DEFVAL { 300 } ::= { hpicfLmaConfigEntry 5 } hpicfLmaAuthVid OBJECT-TYPE SYNTAX Integer32 (0..4094) MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the port VID (PVID) that should be used for an authenticated client." ::= { hpicfLmaConfigEntry 7 } hpicfLmaUnauthVid OBJECT-TYPE SYNTAX Integer32 (0..4094) MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the port VID (PVID) that should be used for an unauthenticated client." ::= { hpicfLmaConfigEntry 8 } hpicfLmaUnAuthPeriod OBJECT-TYPE SYNTAX Integer32 (0..65535) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the period, in seconds, at which a client will be placed into guest vlan if it fails authentication." DEFVAL { 0 } ::= { hpicfLmaConfigEntry 9 } hpicfLmaReauthenticate OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The reauthentication control for this port. Setting this attribute TRUE forces all authenticated clients to re-authenticate themselves. Setting this attribute FALSE has no effect. This attribute always returns FALSE when read." ::= { hpicfLmaConfigEntry 10 } -- hpicfLmaAssocActiveTable : Display Active MAC clients associated -- with Profiles. hpicfLmaAssocActiveTable OBJECT-TYPE SYNTAX SEQUENCE OF HpicfLmaAssocActiveEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This is an association table to display all the MAC clients which are active for a given profile." ::= { hpicfLmaStatsObjects 2 } hpicfLmaAssocActiveEntry OBJECT-TYPE SYNTAX HpicfLmaAssocActiveEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This is an association table to display all the MAC clients which are active for a given profile." INDEX { hpicfLmaAssocActiveProfileName, hpicfLmaAssocActiveMacAddress } ::= { hpicfLmaAssocActiveTable 1 } HpicfLmaAssocActiveEntry ::= SEQUENCE { hpicfLmaAssocActiveProfileName DisplayString, hpicfLmaAssocActiveMacAddress MacAddress } hpicfLmaAssocActiveProfileName OBJECT-TYPE SYNTAX DisplayString (SIZE (1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object contains the name of Local MAC authentication profile." ::= { hpicfLmaAssocActiveEntry 1 } hpicfLmaAssocActiveMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the MAC address of the client." ::= { hpicfLmaAssocActiveEntry 2 } -- LMA client Session Statistics Table hpicfLmaSessionStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF HpicfLmaSessionStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains session statistic objects for each client (i.e. user) attempting to authenticate to a port with MAC authentication enabled. An entry appears in this table for each port in the switch." ::= { hpicfLmaStatsObjects 1 } hpicfLmaSessionStatsEntry OBJECT-TYPE SYNTAX HpicfLmaSessionStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The session statistics information for a port with MAC based authentication enabled. This shows the current values being collected for active sessions." INDEX { hpicfLmaPortNumber, hpicfLmaSessionMacAddr } ::= { hpicfLmaSessionStatsTable 1 } HpicfLmaSessionStatsEntry ::= SEQUENCE { hpicfLmaSessionMacAddr MacAddress, hpicfLmaSessionState INTEGER, hpicfLmaSessionStateTime Unsigned32, hpicfLmaSessionAuthVid Integer32, hpicfLmaSessionUnauthVid Integer32, hpicfLmaSessionUsrNumberCnt Counter32 } hpicfLmaSessionMacAddr OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies the MAC address of the client." ::= { hpicfLmaSessionStatsEntry 1 } hpicfLmaSessionState OBJECT-TYPE SYNTAX INTEGER { authenticated(1), unauthenticated(2), authenticating(3), authReqRejectNoVlan(4), authReqRejectUnauthVlan(5), authReqTimeoutNoVlan(6), authReqTimeoutUnauthVlan(7) } MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the state of the client as follows: 'authenticated' - authenticated client 'unauthenticated' - unauthenticated client, waiting for credentials 'authenticating' - credentials have been sent for verification, waiting for response 'authReqRejectNoVlan' - credentials invalid; client does not have access to unauthenticated VLAN 'authReqRejectUnauthVlan - credentials invalid; client does have access to unauthenticated VLAN 'authReqTimeoutNoVlan' - credentials could not be verified; client is still unauthenticated and does not have access to unauthenticated VLAN 'authReqTimeoutUnauthVlan' - credentials could not be verified; client is still unauthenticated, but has access to unauthenticated VLAN" ::= { hpicfLmaSessionStatsEntry 2 } hpicfLmaSessionStateTime OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The duration, in seconds, a client has spent in the state specified by hpicfLmaSessionState." ::= { hpicfLmaSessionStatsEntry 3 } hpicfLmaSessionAuthVid OBJECT-TYPE SYNTAX Integer32 (0..4094) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the PVID that the authenticated client is utilizing. If the client is unauthenticated, this object has no meaning." ::= { hpicfLmaSessionStatsEntry 4 } hpicfLmaSessionUnauthVid OBJECT-TYPE SYNTAX Integer32 (0..4094) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the PVID that the unauthenticated client is utilizing. If the client is authenticated, this object has no meaning." ::= { hpicfLmaSessionStatsEntry 5 } hpicfLmaSessionUsrNumberCnt OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the number of authenticated clients currently present on this port. This does not include the clients that are under the process of authentication." DEFVAL { 0 } ::= { hpicfLmaSessionStatsEntry 6 } -- ------------------------------------------------------------ -- Conformance -- ------------------------------------------------------------ hpicfLmaCompliances OBJECT IDENTIFIER ::= { hpicfLmaConformance 1 } hpicfLmaGroups OBJECT IDENTIFIER ::= { hpicfLmaConformance 2 } -- Compliance Statements hpicfLmaCompliance1 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement" MODULE -- this module MANDATORY-GROUPS { hpicfLmaMacGroup, hpicfLmaConfigGroup, hpicfLmaSessionStatsGroup } ::= { hpicfLmaCompliances 1 } -- units of conformance hpicfLmaMacGroup OBJECT-GROUP OBJECTS { hpicfLmaMacGrpRowStatus, hpicfLmaMacRowStatus, hpicfLmaProfileUntaggedVid, hpicfLmaProfileTaggedVids, hpicfLmaProfileCoS, hpicfLmaProfileIsAssociated, hpicfLmaProfileRowStatus, hpicfLmaAssociationRowStatus } STATUS current DESCRIPTION "These objects are used for managing Local MAC Authentication configuration parameters." ::= { hpicfLmaGroups 1 } hpicfLmaConfigGroup OBJECT-GROUP OBJECTS { hpicfLmaClientLimit, hpicfLmaQuietPeriod, hpicfLmaLogoffPeriod, hpicfLmaAuthVid, hpicfLmaUnauthVid, hpicfLmaUnAuthPeriod, hpicfLmaReauthenticate } STATUS current DESCRIPTION "A collection of objects providing configuration objects for Local MAC authentication associated with each port." ::= { hpicfLmaGroups 2 } -- LMA Stats Group hpicfLmaSessionStatsGroup OBJECT-GROUP OBJECTS { hpicfLmaAssocActiveMacAddress, hpicfLmaSessionState, hpicfLmaSessionStateTime, hpicfLmaSessionAuthVid, hpicfLmaSessionUnauthVid, hpicfLmaSessionUsrNumberCnt } STATUS current DESCRIPTION "A collection of objects providing statistics about current sessions for Local MAC authentication." ::= { hpicfLmaGroups 3 } END