ENTERASYS-VLAN-AUTHORIZATION-MIB DEFINITIONS ::= BEGIN -- enterasys-vlan-authorization-mib.txt -- -- Part Number: -- -- -- This module provides authoritative definitions for Enterasys -- Networks' VLAN Authorization MIB. -- -- This module will be extended, as needed. -- Enterasys Networks reserves the right to make changes in this -- specification and other information contained in this document -- without prior notice. The reader should consult Enterasys Networks -- to determine whether any such changes have been made. -- -- In no event shall Enterasys Networks be liable for any incidental, -- indirect, special, or consequential damages whatsoever (including -- but not limited to lost profits) arising out of or related to this -- document or the information contained in it, even if Enterasys -- Networks has been advised of, known, or should have known, the -- possibility of such damages. -- -- Enterasys Networks grants vendors, end-users, and other interested -- parties a non-exclusive license to use this Specification in -- connection with the management of Enterasys Networks products. -- Copyright June, 2004 Enterasys Networks, Inc. IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Integer32 FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF TEXTUAL-CONVENTION FROM SNMPv2-TC dot1dBasePortEntry FROM BRIDGE-MIB EnabledStatus FROM P-BRIDGE-MIB etsysModules FROM ENTERASYS-MIB-NAMES; etsysVlanAuthorizationMIB MODULE-IDENTITY LAST-UPDATED "200406021922Z" -- Wed Jun 2 19:22 GMT 2004 ORGANIZATION "Enterasys Networks, Inc" CONTACT-INFO "Postal: Enterasys Networks, Inc. 50 Minuteman Rd. Andover, MA 01810-1008 USA Phone: +1 978 684 1000 E-mail: support@enterasys.com WWW: http://www.enterasys.com" DESCRIPTION "This MIB module defines a portion of the SNMP MIB under Enterasys Networks' enterprise OID pertaining to proprietary extensions to the IETF Q-BRIDGE-MIB, as specified in RFC2674, pertaining to VLAN authorization, as specified in RFC3580. Specifically, the enabling and disabling of support for the VLAN Tunnel-Type attribute returned from a RADIUS authentication, and how that attribute is applied to the port which initiated the authentication." REVISION "200406021922Z" -- Wed Jun 2 19:22 GMT 2004 DESCRIPTION "The initial version of this MIB module" ::= { etsysModules 48 } -- ---------------------------------------------------------- -- -- Textual Conventions -- ---------------------------------------------------------- -- VlanAuthEgressStatus ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The possible egress configurations which may be applied in response to a successful authentication. none(1) No egress manipulation will be made. tagged(2) The authenticating port will be added to the current egress for the VLAN-ID returned. untagged(3) The authenticating port will be added to the current untagged egress for the VLAN-ID returned. dynamic(4) The authenticating port will use information returned in the authentication response to modify the current egress lists." SYNTAX INTEGER { none(1), tagged(2), untagged(3), dynamic(4) } -- ---------------------------------------------------------- -- -- MIB Objects -- ---------------------------------------------------------- -- etsysVlanAuthorizationObjects OBJECT IDENTIFIER ::= { etsysVlanAuthorizationMIB 1 } etsysVlanAuthorizationSystem OBJECT IDENTIFIER ::= { etsysVlanAuthorizationObjects 1 } etsysVlanAuthorizationPorts OBJECT IDENTIFIER ::= { etsysVlanAuthorizationObjects 2 } -- ---------------------------------------------------------- -- -- Extensions to the VLAN Port Configuration Table -- ---------------------------------------------------------- -- etsysVlanAuthorizationEnable OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The enable/disable state for the VLAN authorization feature. When disabled, no modifications to the VLAN attributes related to packet switching should be enforced." DEFVAL { disabled } ::= { etsysVlanAuthorizationSystem 1 } -- ---------------------------------------------------------- -- -- Extensions to the VLAN Port Configuration Table -- ---------------------------------------------------------- -- etsysVlanAuthorizationTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysVlanAuthorizationEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Extensions to the table that contains information about every port that is associated with this transparent bridge." ::= { etsysVlanAuthorizationPorts 1 } etsysVlanAuthorizationEntry OBJECT-TYPE SYNTAX EtsysVlanAuthorizationEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of extensions that support the management of proprietary features for each port of a transparent bridge. This is indexed by dot1dBasePort." AUGMENTS { dot1dBasePortEntry } ::= { etsysVlanAuthorizationTable 1 } EtsysVlanAuthorizationEntry ::= SEQUENCE { etsysVlanAuthorizationStatus EnabledStatus, etsysVlanAuthorizationAdminEgress VlanAuthEgressStatus, etsysVlanAuthorizationOperEgress VlanAuthEgressStatus, etsysVlanAuthorizationVlanID Integer32 } etsysVlanAuthorizationStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The enabled/disabled status for the application of VLAN authorization on this port, if disabled, the information returned in the VLAN-Tunnel-Type from the authentication will not be applied to the port (although it should be represented in this table). If enabled, those results will be applied to the port." DEFVAL { enabled } ::= { etsysVlanAuthorizationEntry 1 } etsysVlanAuthorizationAdminEgress OBJECT-TYPE SYNTAX VlanAuthEgressStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Controls the modification of the current vlan egress list (of the vlan returned in the VLAN-Tunnel-Type, and reported by etsysVlanAuthorizationVlanID) upon successful authentication in the following manner: none(1) No egress manipulation will be made. tagged(2) The authenticating port will be added to the current egress for the VLAN-ID returned. untagged(3) The authenticating port will be added to the current untagged egress for the VLAN-ID returned. dynamic(4) The authenticating port will use information returned in the authentication response to modify the current egress lists. This value is supported only if the device supports a mechanism through which the egress status may be returned through the RADIUS response. Should etsysVlanAuthorizationEnable become disabled, etsysVlanAuthorizationStatus become disabled for a port, or should etsysVlanAuthorizationVlanID become 0 or 4095, all effect on the port egress MUST be removed." DEFVAL { untagged } ::= { etsysVlanAuthorizationEntry 2 } etsysVlanAuthorizationOperEgress OBJECT-TYPE SYNTAX VlanAuthEgressStatus MAX-ACCESS read-only STATUS current DESCRIPTION "Reports the current state of modification to the current vlan egress list (of the vlan returned in the VLAN-Tunnel-Type) upon successful authentication, if etsysVlanAuthorizationStatus is enabled, in the following manner: none(1) No egress manipulation will be made. tagged(2) The authenticating port will be added to the current egress for the VLAN-ID returned. untagged(3) The authenticating port will be added to the current untagged egress for the VLAN-ID returned. The purpose of this leaf is to report, specifically when etsysVlanAuthorizationAdminEgress has been set to dynamic(4), the currently enforced egress modification. If the port is unauthenticated, or no VLAN-ID has been applied, this leaf should return none(1)." DEFVAL { none } ::= { etsysVlanAuthorizationEntry 3 } etsysVlanAuthorizationVlanID OBJECT-TYPE SYNTAX Integer32 (0 | 1..4094 | 4095) MAX-ACCESS read-only STATUS current DESCRIPTION "The 12 bit VLAN identifier for a given port, used to override the PVID of the given port, obtained as a result of an authentication. A value of zero indicates that there is no authenticated VLAN ID for the given port. Should a port become unauthenticated this value MUST be returned to zero. A value of 4095 indicates that a the port has been authenticated, but that the VLAN returned could not be applied to the port (possibly because of resource constraints or misconfiguration). In this instance, the original PVID should still be applied. Should the feature become disabled or the session terminate, all effect on the Port VLAN ID MUST be removed." DEFVAL { 0 } ::= { etsysVlanAuthorizationEntry 4 } -- ------------------------------------------------------------- -- Conformance Information -- ------------------------------------------------------------- etsysVlanAuthorizationConformance OBJECT IDENTIFIER ::= { etsysVlanAuthorizationMIB 2 } etsysVlanAuthorizationGroups OBJECT IDENTIFIER ::= { etsysVlanAuthorizationConformance 1 } etsysVlanAuthorizationCompliances OBJECT IDENTIFIER ::= { etsysVlanAuthorizationConformance 2 } -- ------------------------------------------------------------- -- Units of conformance -- ------------------------------------------------------------- etsysVlanAuthorizationGroup OBJECT-GROUP OBJECTS { etsysVlanAuthorizationEnable, etsysVlanAuthorizationStatus, etsysVlanAuthorizationAdminEgress, etsysVlanAuthorizationOperEgress, etsysVlanAuthorizationVlanID } STATUS current DESCRIPTION "A collection of objects relating to VLAN Authorization." ::= { etsysVlanAuthorizationGroups 1 } -- ------------------------------------------------------------- -- Compliance statements -- ------------------------------------------------------------- etsysVlanAuthorizationCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for devices that support the Enterasys VLAN Authorization MIB." MODULE MANDATORY-GROUPS { etsysVlanAuthorizationGroup } ::= { etsysVlanAuthorizationCompliances 1 } END