-- This file is corresponding to Release 9.1.10.101 from 2014/08/11 00:00:00


---------------------------------------------------------------------------
-- (C)opyright 2008-2014 bintec elmeg GmbH
-- $RCSfile: mib-hacc,v $
-- $Revision: 1.20 $
-- $Date: 2014-05-21 14:11:30 $
---------------------------------------------------------------------------

BINTEC-HACC-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
    Integer32, Unsigned32, Counter32, Counter64, IpAddress, TimeTicks,
    mib-2, enterprises
        FROM SNMPv2-SMI

    DisplayString, TimeStamp, PhysAddress, RowStatus
        FROM SNMPv2-TC

    biboip, Date, BitValue, HexValue
        FROM BINTEC-MIB

    MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
        FROM SNMPv2-CONF;

---------------------------------------------------------------------------

hacc MODULE-IDENTITY
    LAST-UPDATED "201405210000Z"
    ORGANIZATION "bintec elmeg GmbH"
    CONTACT-INFO
            "EMail:   info@bintec-elmeg.com
             Web:     www.bintec-elmeg.com"
    DESCRIPTION
            "The MIB module for managing host access authentication."
    REVISION     "201212040000Z"
    DESCRIPTION
            ""
    ::= { biboip 62 }

---------------------------------------------------------------------------
--  ipHostAccessTable
---------------------------------------------------------------------------

    ipHostAccessTable OBJECT-TYPE
        SYNTAX      SEQUENCE OF IpHostAccessEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "The (conceptual) table listing the interfaces on host
             access authentication is enabled."
    ::= { hacc 1 }

    ipHostAccessEntry OBJECT-TYPE
        SYNTAX      IpHostAccessEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "An entry (conceptual row) representing an interface on
             which host access authentication is enabled."
        INDEX       { ipHostAccessIfIndex }

    ::= { ipHostAccessTable 1 }

    IpHostAccessEntry ::=
        SEQUENCE {
            ipHostAccessStatus                 RowStatus,
            ipHostAccessIfIndex                INTEGER,
            ipHostAccessDefaultPassword        DisplayString,
            ipHostAccessWalledNetwork          IpAddress,
            ipHostAccessWalledNetmask          IpAddress,
            ipHostAccessWalledURL              DisplayString,
            ipHostAccessTermsURL               DisplayString,
            ipHostAccessUserDomain             DisplayString,
            ipHostAccessReAuthenticatePeriod   Unsigned32,
            ipHostAccessDefaultSessionTimeout  Unsigned32,
            ipHostAccessDefaultMaxTransfer     Counter64,
            ipHostAccessDefaultIdleTimeout     Unsigned32,
            ipHostAccessDefaultAcctInterval    Unsigned32,
            ipHostAccessSessionTimeReporting   INTEGER,
            ipHostAccessWalledStatus           INTEGER,
            ipHostAccessDefaultLanguage        DisplayString,
            ipHostAccessIndex                  INTEGER,
            ipHostAccessLoginViaWalledGarden   INTEGER,
            ipHostAccessPopupStatus            INTEGER,
            ipHostAccessPostLoginURL           DisplayString,
            ipHostAccessReAuthenticateTries    INTEGER
        }

    ipHostAccessStatus OBJECT-TYPE
        SYNTAX      RowStatus
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The status of this entry."
        DEFVAL      { createAndGo }
    ::= { ipHostAccessEntry 1 }

    ipHostAccessIfIndex OBJECT-TYPE
        SYNTAX      INTEGER
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The corresponding interface for which host access authentication
             should be applied."
    ::= { ipHostAccessEntry 2 }

    ipHostAccessDefaultPassword OBJECT-TYPE
        SYNTAX      DisplayString
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The default password used for authentication.
             If defined, only a valid vouchure ID is 
             needed for authentication."
        DEFVAL      { "" }
    ::= { ipHostAccessEntry 3 }

    ipHostAccessWalledNetwork OBJECT-TYPE
        SYNTAX      IpAddress
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "This object specifies together with ipHostAccessWalledNetmask
             the network where hosts can communicate without authorization.
             Further walled-garden-entries can be specified by domain-name
             via table ipWalledGardenDomainCfgTable.
             The whole walled-garden-feature can be deactivated via field
             ipHostAccessWalledStatus."
    ::= { ipHostAccessEntry 4 }

    ipHostAccessWalledNetmask OBJECT-TYPE
        SYNTAX      IpAddress
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The netmask which corresponds to ipHostAccessWalledNetwork.
             The whole walled-garden-feature can be deactivated via field
             ipHostAccessWalledStatus."
    ::= { ipHostAccessEntry 5 }

    ipHostAccessWalledURL OBJECT-TYPE
        SYNTAX      DisplayString
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "If not empty, meaning depends on value of field
             ipHostAccessLoginViaWalledGarden:
             - false: Two frames are used. During login, left frame shows
                 internal login-page, and right frame shows specified
                 walled-garden-page, e.g. 'http://www.thecompany.com/'.
                 After successful login, if ipHostAccessPostLoginURL is empty,
                 right frame is kept. Otherwise, right frame is replaced by
                 related external post-login-page.
             - true: Single frame is used. URL specifies external login-page
                 to be used instead of internal one. External server must make
                 sure that client sends its account-data to Hotspot-gateway
                 for access-control afterwards. After successful login,
                 if ipHostAccessPostLoginURL is empty, frame is replaced by
                 internal status-page. Otherwise, frame is replaced by related
                 external post-login-page.
             This field can be deactivated via empty string or via field
             ipHostAccessWalledStatus. In this case, the following
             default-scenario applies: Single frame and internal login-page
               is used. After successful login, if ipHostAccessPostLoginURL is
               empty, frame is replaced by internal status-page. Otherwise,
               is replaced by related external post-login-page."
        DEFVAL      { "" }
    ::= { ipHostAccessEntry 6 }

    ipHostAccessTermsURL OBJECT-TYPE
        SYNTAX      DisplayString
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The URL of the Terms & Conditions link shown in the internal
             login-page, e.g. 'http://www.thecompany.com/'.
             This field can be deactivated via empty string or via field
             ipHostAccessWalledStatus or indirectly (together with internal
             login-page) via field ipHostAccessLoginViaWalledGarden."
        DEFVAL      { "" }
    ::= { ipHostAccessEntry 7 }

    ipHostAccessUserDomain OBJECT-TYPE
        SYNTAX      DisplayString
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The domain name which automatically will be appended
             to the username during authentication."
        DEFVAL      { "" }
    ::= { ipHostAccessEntry 8 }

    ipHostAccessReAuthenticatePeriod OBJECT-TYPE
        SYNTAX      Unsigned32
        UNITS       "s"
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The re-authentication-period in seconds.
             A value of 0 is interpreted as NO re-authentications."
        DEFVAL      { 300 }
    ::= { ipHostAccessEntry 9 }

    ipHostAccessDefaultSessionTimeout OBJECT-TYPE
        SYNTAX      Unsigned32
        UNITS       "s"
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The default session-timeout-period in seconds that is used if the
             Radius-server does not specify it. In deviation from RFC 2865,
             section 5.27, a value of 0 is interpreted as NO session-timeout."
        DEFVAL      { 0 }
    ::= { ipHostAccessEntry 10 }

    ipHostAccessDefaultMaxTransfer OBJECT-TYPE
        SYNTAX      Counter64
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The default maximum number of received plus sent bytes if the
             Radius-server does not specify it. 0 means NO limit. Radius
             standard does not specify any attribute for this maximum."
        DEFVAL      { 0 }
    ::= { ipHostAccessEntry 11 }

    ipHostAccessDefaultIdleTimeout OBJECT-TYPE
        SYNTAX      Unsigned32
        UNITS       "s"
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The default idle-timeout-period in seconds that is used if the
             Radius-server does not specify it. In deviation from RFC 2865,
             section 5.28, a value of 0 is interpreted as NO idle-timeout."
        DEFVAL      { 600 }
    ::= { ipHostAccessEntry 12 }

    ipHostAccessDefaultAcctInterval OBJECT-TYPE
        SYNTAX      Unsigned32
        UNITS       "s"
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The default accounting-interim-interval in seconds that is used
             if the Radius-server does not specify it. In deviation from
             RFC 2869, section 5.16, a value of 0 means NO interim-updates."
        DEFVAL      { 60 }
    ::= { ipHostAccessEntry 13 }

    ipHostAccessSessionTimeReporting OBJECT-TYPE
        SYNTAX      INTEGER { with-idle-time(1), without-idle-time(2) }
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "Toggles calculation of session-time (RFC 2866, section 5.7).
             For with-idle-time(1), the session-start is subtracted from the
             current time. For without-idle-time(2), it is subtracted from
             time of the latest sent/received accounting-relevant data."
        DEFVAL      { with-idle-time }
    ::= { ipHostAccessEntry 14 }

    ipHostAccessWalledStatus OBJECT-TYPE
        SYNTAX      INTEGER { enabled(1), disabled(2) }
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "Toggles activation of walled-garden-feature and of dependent
             fields ipHostAccessWalledNetwork, ipHostAccessWalledNetmask,
             ipHostAccessWalledURL, ipHostAccessTermsURL,
             ipHostAccessLoginViaWalledGarden, and of dependent table
             ipWalledGardenDomainCfgTable."
        DEFVAL      { enabled }
    ::= { ipHostAccessEntry 15 }

    ipHostAccessDefaultLanguage OBJECT-TYPE
        SYNTAX      DisplayString (SIZE(3))
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "Default-language used for Web-interface."
        DEFVAL      { "eng" }
    ::= { ipHostAccessEntry 16 }
    
    ipHostAccessIndex OBJECT-TYPE
        SYNTAX      INTEGER
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The unique index of this entry."
    ::= { ipHostAccessEntry 17 }

    ipHostAccessLoginViaWalledGarden OBJECT-TYPE
        SYNTAX      INTEGER { false(1), true(2) }
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "Toggles between internal and external/customised login-page.
             - false: Internal login-page is used.
             - true:  External login-page is used.
             More details on possible scenarios are described with field
             ipHostAccessWalledURL."
        DEFVAL      { false }
    ::= { ipHostAccessEntry 18 }

    ipHostAccessPopupStatus OBJECT-TYPE
        SYNTAX      INTEGER { enabled(1), disabled(2) }
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "Toggles whether browser is requested to open popup-window with
             status-info after successful login."
        DEFVAL      { enabled }
    ::= { ipHostAccessEntry 19 }

    ipHostAccessPostLoginURL OBJECT-TYPE
        SYNTAX      DisplayString
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The URL of the external page to be shown after successful login.
             This field can be deactivated via empty string.
             More details on possible scenarios are described with field
             ipHostAccessWalledURL."
        DEFVAL      { "" }
    ::= { ipHostAccessEntry 20 }

    ipHostAccessReAuthenticateTries OBJECT-TYPE
        SYNTAX      INTEGER (1..65535)
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "Number of subsequent re-authentication-attempts before related
             client-session is aborted when RADIUS-replies are missing.
             Sets balance between tight synchronisation with RADIUS-server
             and robustness against temporary wide-area-network-losses.
             A value of 1 means that sessions are aborted immediately after
             1st missing reply. With higher values, subsequent attempts are
             done with regular re-authentication-period. Negative replies are
             still processed immediately and not affected by this setting."
        DEFVAL      { 20 }
    ::= { ipHostAccessEntry 21 }

---------------------------------------------------------------------------
--  ipHostAccessClientTable
---------------------------------------------------------------------------

    ipHostAccessClientTable OBJECT-TYPE
        SYNTAX      SEQUENCE OF IpHostAccessClientEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "List of known clients which requested host 
             access authentication."
    ::= { hacc 2 }

    ipHostAccessClientEntry OBJECT-TYPE
        SYNTAX      IpHostAccessClientEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "An entry representing a client on a particular interface which
             has requested host access authentication."
        INDEX       { ipHostAccessClientIfIndex, ipHostAccessClientAddr }

    ::= { ipHostAccessClientTable 1 }

    IpHostAccessClientEntry ::=
        SEQUENCE {
            ipHostAccessClientIfIndex               INTEGER,
            ipHostAccessClientUser                  DisplayString,
            ipHostAccessClientPassword              DisplayString,
            ipHostAccessClientAddr                  IpAddress,
            ipHostAccessClientPhysAddr              PhysAddress,
            ipHostAccessClientLogon                 Date,
            ipHostAccessClientExpires               Date,
            ipHostAccessClientAdminStatus           INTEGER,
            ipHostAccessClientMaxTransfer           Counter64,
            ipHostAccessClientInPkts                Counter64,
            ipHostAccessClientOutPkts               Counter64,
            ipHostAccessClientInOctets              Counter64,
            ipHostAccessClientOutOctets             Counter64,
            ipHostAccessClientLastAccountedRx       Date,
            ipHostAccessClientLastAccountedTx       Date,
            ipHostAccessClientLastWGardenRx         Date,
            ipHostAccessClientLastWGardenTx         Date,
            ipHostAccessClientLastLocalRx           Date,
            ipHostAccessClientLastLocalTx           Date,
            ipHostAccessClientLastAuthenticate      Date,
            ipHostAccessClientLastAccounting        Date,
            ipHostAccessClientReportedInOctets      Counter64,
            ipHostAccessClientReportedOutOctets     Counter64,
            ipHostAccessClientReportedSessionTime   Unsigned32,
            ipHostAccessClientIdleTimeout           Unsigned32,
            ipHostAccessClientAcctInterval          Unsigned32,
            ipHostAccessClientSessionTimeReporting  INTEGER,
            ipHostAccessClientTerminateCause        Unsigned32,
            ipHostAccessClientNoReplyCounter        Unsigned32
        }

    ipHostAccessClientIfIndex OBJECT-TYPE
        SYNTAX      INTEGER
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "The interface index where the client is coming from."
    ::= { ipHostAccessClientEntry 1 }

    ipHostAccessClientUser OBJECT-TYPE
        SYNTAX      DisplayString
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "The client's user name in upper/lower-case-writing as entered by
             the user. Please note that only one entry per user is allowed.
             The internal check for double-entries is done case-insensitively
             because many people use upper/lower-cases inconsistently. This
             must be considered also by the Radius-server-operator."
    ::= { ipHostAccessClientEntry 2 }

    ipHostAccessClientPassword OBJECT-TYPE
        SYNTAX      DisplayString
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "The client password."
    ::= { ipHostAccessClientEntry 3 }

    ipHostAccessClientAddr OBJECT-TYPE
        SYNTAX      IpAddress
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "The client's IP address."
    ::= { ipHostAccessClientEntry 4 }

    ipHostAccessClientPhysAddr OBJECT-TYPE
        SYNTAX      PhysAddress
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "The client's hardware address."
    ::= { ipHostAccessClientEntry 5 }

    ipHostAccessClientLogon OBJECT-TYPE
        SYNTAX      Date
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "The time when the client has successfully authenticated.
             Valid only if ipHostAccessClientAdminStatus is NOT pending."
    ::= { ipHostAccessClientEntry 6 }

    ipHostAccessClientExpires OBJECT-TYPE
        SYNTAX      Date
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "The time when the client expires. 0 means NO expiry.
             Valid only if ipHostAccessClientAdminStatus is NOT pending."
    ::= { ipHostAccessClientEntry 7 }

    ipHostAccessClientAdminStatus OBJECT-TYPE
        SYNTAX      INTEGER { active(1), delete(2), pending(3) }
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The client-status is initialised to <pending>. After successful
             (initial) authentication, it is updated to <active>. Setting it
             to <delete> kills the related client-entry and triggers the final
             Radius-account-request. In case that a specific terminate-cause
             shall be reported, ipHostAccessClientTerminateCause must be set
             accordingly before triggering the <delete>."
        DEFVAL      { pending }
    ::= { ipHostAccessClientEntry 8 }

    ipHostAccessClientMaxTransfer OBJECT-TYPE
        SYNTAX      Counter64
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "Max. number of bytes this client can transfer. 0 means NO limit.
             Valid only if ipHostAccessClientAdminStatus is NOT pending."
    ::= { ipHostAccessClientEntry 9 }

    ipHostAccessClientInPkts OBJECT-TYPE
        SYNTAX      Counter64
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "Current number of incoming packets for this client.
             Valid only if ipHostAccessClientAdminStatus is NOT pending."
    ::= { ipHostAccessClientEntry 10 }

    ipHostAccessClientOutPkts OBJECT-TYPE
        SYNTAX      Counter64
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "Current number of outgoing packets for this client.
             Valid only if ipHostAccessClientAdminStatus is NOT pending."
    ::= { ipHostAccessClientEntry 11 }

    ipHostAccessClientInOctets OBJECT-TYPE
        SYNTAX      Counter64
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "Current number of incoming octets for this client.
             Valid only if ipHostAccessClientAdminStatus is NOT pending."
    ::= { ipHostAccessClientEntry 12 }

    ipHostAccessClientOutOctets OBJECT-TYPE
        SYNTAX      Counter64
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "Current number of outgoing octets for this client.
             Valid only if ipHostAccessClientAdminStatus is NOT pending."
    ::= { ipHostAccessClientEntry 13 }

    ipHostAccessClientLastAccountedRx OBJECT-TYPE
        SYNTAX      Date
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "Timestamp of latest in-packet: accounted-remote->client
             Valid only if ipHostAccessClientAdminStatus is NOT pending."
    ::= { ipHostAccessClientEntry 14 }

    ipHostAccessClientLastAccountedTx OBJECT-TYPE
        SYNTAX      Date
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "Timestamp of latest out-packet: client->accounted-remote
             Valid only if ipHostAccessClientAdminStatus is NOT pending."
    ::= { ipHostAccessClientEntry 15 }

    ipHostAccessClientLastWGardenRx OBJECT-TYPE
        SYNTAX      Date
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "Timestamp of latest in-packet: walled-garden->client
             Valid only if ipHostAccessClientAdminStatus is NOT pending."
    ::= { ipHostAccessClientEntry 16 }

    ipHostAccessClientLastWGardenTx OBJECT-TYPE
        SYNTAX      Date
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "Timestamp of latest out-packet: client->walled-garden
             Valid only if ipHostAccessClientAdminStatus is NOT pending."
    ::= { ipHostAccessClientEntry 17 }

    ipHostAccessClientLastLocalRx OBJECT-TYPE
        SYNTAX      Date
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "Timestamp of latest in-packet: router->client
             Valid only if ipHostAccessClientAdminStatus is NOT pending."
    ::= { ipHostAccessClientEntry 18 }

    ipHostAccessClientLastLocalTx OBJECT-TYPE
        SYNTAX      Date
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "Timestamp of latest out-packet: client->router
             Valid only if ipHostAccessClientAdminStatus is NOT pending."
    ::= { ipHostAccessClientEntry 19 }

    ipHostAccessClientLastAuthenticate OBJECT-TYPE
        SYNTAX      Date
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "Timestamp of latest access-request."
    ::= { ipHostAccessClientEntry 20 }

    ipHostAccessClientLastAccounting OBJECT-TYPE
        SYNTAX      Date
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "Timestamp of latest accounting-request.
             Valid only if ipHostAccessClientAdminStatus is NOT pending."
    ::= { ipHostAccessClientEntry 21 }

    ipHostAccessClientReportedInOctets OBJECT-TYPE
        SYNTAX      Counter64
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "Latest reported number of incoming octets for this client.
             Valid only if ipHostAccessClientAdminStatus is NOT pending."
    ::= { ipHostAccessClientEntry 22 }

    ipHostAccessClientReportedOutOctets OBJECT-TYPE
        SYNTAX      Counter64
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "Latest reported number of outgoing octets for this client.
             Valid only if ipHostAccessClientAdminStatus is NOT pending."
    ::= { ipHostAccessClientEntry 23 }

    ipHostAccessClientReportedSessionTime OBJECT-TYPE
        SYNTAX      Unsigned32
        UNITS       "s"
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "Latest reported session-time in seconds.
             Valid only if ipHostAccessClientAdminStatus is NOT pending."
    ::= { ipHostAccessClientEntry 24 }

    ipHostAccessClientIdleTimeout OBJECT-TYPE
        SYNTAX      Unsigned32
        UNITS       "s"
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "The idle-timeout-period in seconds that is used for the client
             (coming from Radius-server or from default-value).
             In deviation from RFC 2865, section 5.28, a value of 0 is
             interpreted as NO idle-timeout.
             Valid only if ipHostAccessClientAdminStatus is NOT pending."
    ::= { ipHostAccessClientEntry 25 }

    ipHostAccessClientAcctInterval OBJECT-TYPE
        SYNTAX      Unsigned32
        UNITS       "s"
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "The accounting-interim-interval in seconds that is used for the
             client (coming from Radius-server or from default-value).
             In deviation from RFC 2869, section 5.16, a value of 0 is
             interpreted as NO interim-updates.
             Valid only if ipHostAccessClientAdminStatus is NOT pending."
    ::= { ipHostAccessClientEntry 26 }

    ipHostAccessClientSessionTimeReporting OBJECT-TYPE
        SYNTAX      INTEGER { with-idle-time(1), without-idle-time(2) }
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "Copied from related ipHostAccessSessionTimeReporting entry.
             This avoids complications when this field is toggled."
        DEFVAL      { with-idle-time }
    ::= { ipHostAccessClientEntry 27 }

    ipHostAccessClientTerminateCause OBJECT-TYPE
        SYNTAX      Unsigned32
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "The accounting-terminate-cause as described in RFC 2866,
             section 5.10. See ipHostAccessClientAdminStatus for more details.
             If not set explicitly, <Lost Service> is used as default-value."
        DEFVAL      { 0 }
    ::= { ipHostAccessClientEntry 28 }

    ipHostAccessClientNoReplyCounter OBJECT-TYPE
        SYNTAX      Unsigned32
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "This counter is initialised to 0 and increased whenever
             re-authentication fails because of no reply (e.g. because WAN
             down or server too slow). It is reset whenever re-authentication
             succeeds. When the counter reaches the limit that is specified
             by ipHostAccessReAuthenticateTries, the client is removed."
        DEFVAL      { 0 }
    ::= { ipHostAccessClientEntry 29 }

---------------------------------------------------------------------------
--  ipHostAccessStat
---------------------------------------------------------------------------

    ipHostAccessStat OBJECT IDENTIFIER
    ::= { hacc 3 }

    ipHostAccessStatLoginCnt OBJECT-TYPE
        SYNTAX      INTEGER
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The number of client-login-attempts since system-start.
             Any write-access causes reset to 0."
    ::= { ipHostAccessStat 1 }

    ipHostAccessStatLoginTime OBJECT-TYPE
        SYNTAX      Date
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "Last time when ipHostAccessStatLoginCnt was set."
    ::= { ipHostAccessStat 2 }

    ipHostAccessStatCurClientsCnt OBJECT-TYPE
        SYNTAX      INTEGER
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "The current number of authenticated or pending clients.
             Further login-attempts are rejected if this value already reached
             ipHostAccessStatMaxClientsLimit."
    ::= { ipHostAccessStat 3 }

    ipHostAccessStatMaxClientsCnt OBJECT-TYPE
        SYNTAX      INTEGER
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The maximum observed value of ipHostAccessStatCurClientsCnt since
             system-start. Any write-access causes initialisation to current
             value of ipHostAccessStatCurClientsCnt."
    ::= { ipHostAccessStat 4 }

    ipHostAccessStatMaxClientsTime OBJECT-TYPE
        SYNTAX      Date
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "Last time when ipHostAccessStatMaxClientsCnt was set."
    ::= { ipHostAccessStat 5 }

    ipHostAccessStatRedirectCnt OBJECT-TYPE
        SYNTAX      INTEGER
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The number of redirects to local HTTP-server since system-start.
             Any write-access causes reset to 0."
    ::= { ipHostAccessStat 6 }

    ipHostAccessStatRedirectTime OBJECT-TYPE
        SYNTAX      Date
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "Last time when ipHostAccessStatRedirectCnt was set."
    ::= { ipHostAccessStat 7 }

    ipHostAccessStatMaxClientsLimit OBJECT-TYPE
        SYNTAX      INTEGER
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "Maximum allowed value for ipHostAccessStatCurClientsCnt.
             Any login-attempts beyond this limit are rejected."
    ::= { ipHostAccessStat 8 }
    
---------------------------------------------------------------------------
--  ipWalledGardenDomainCfgTable
---------------------------------------------------------------------------

    ipWalledGardenDomainCfgTable OBJECT-TYPE
        SYNTAX      SEQUENCE OF IpWalledGardenDomainCfgEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "Table of allowed domains for ipHostAccess"
    ::= { hacc 4 }
    
    ipWalledGardenDomainCfgEntry OBJECT-TYPE
        SYNTAX      IpWalledGardenDomainCfgEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            ""
        INDEX { ipWalledGardenDomainCfgIndex }
    ::= { ipWalledGardenDomainCfgTable 1 }

    IpWalledGardenDomainCfgEntry ::=
        SEQUENCE {
            ipWalledGardenDomainCfgIndex          INTEGER,
            ipWalledGardenDomainCfgAdminStatus    INTEGER,
            ipWalledGardenDomainCfgHaccIndex      INTEGER,
            ipWalledGardenDomainCfgName           DisplayString
        }

    ipWalledGardenDomainCfgIndex OBJECT-TYPE
        SYNTAX      INTEGER
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The unique index of this entry."
    ::= { ipWalledGardenDomainCfgEntry 1 }

    ipWalledGardenDomainCfgAdminStatus OBJECT-TYPE
        SYNTAX      INTEGER { enabled(1), disabled(2), delete(3) }
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The administrative status of this entry."
    DEFVAL { enabled }
    ::= { ipWalledGardenDomainCfgEntry 2 }

    ipWalledGardenDomainCfgHaccIndex OBJECT-TYPE
        SYNTAX      INTEGER
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The parent index in ipHostAccessTable (ipHostAccessIndex)"
    ::= { ipWalledGardenDomainCfgEntry 3 }

    ipWalledGardenDomainCfgName OBJECT-TYPE
        SYNTAX      DisplayString
        MAX-ACCESS  read-create
        STATUS      current
        DESCRIPTION
            "The domain name or IP address in dotted format."
        DEFVAL      { "" }
    ::= { ipWalledGardenDomainCfgEntry 4 }

---------------------------------------------------------------------------
--  ipWalledGardenDomainOperTable
---------------------------------------------------------------------------

    ipWalledGardenDomainOperTable OBJECT-TYPE
        SYNTAX      SEQUENCE OF IpWalledGardenDomainOperEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "Oper table of allowed domains for ipHostAccess"
    ::= { hacc 5 }

    ipWalledGardenDomainOperEntry OBJECT-TYPE
        SYNTAX      IpWalledGardenDomainOperEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            ""
        INDEX { ipWalledGardenDomainOperIndex }
    ::= { ipWalledGardenDomainOperTable 1 }

    IpWalledGardenDomainOperEntry ::=
        SEQUENCE {
            ipWalledGardenDomainOperIndex         INTEGER,
            ipWalledGardenDomainOperCfgIndex      INTEGER,
            ipWalledGardenDomainOperHaccIndex     INTEGER,
            ipWalledGardenDomainOperName          DisplayString,
            ipWalledGardenDomainOperTtl           INTEGER
        }

    ipWalledGardenDomainOperIndex OBJECT-TYPE
        SYNTAX      INTEGER
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "The unique index of this entry."
    ::= { ipWalledGardenDomainOperEntry 1 }

    ipWalledGardenDomainOperCfgIndex OBJECT-TYPE
        SYNTAX      INTEGER
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "The parent index in ipWalledGardenDomainCfgTable
             (ipWalledGardenDomainCfgIndex). This might be 0 if no relation to
             any ipWalledGardenDomainCfgTable exists."
    ::= { ipWalledGardenDomainOperEntry 2 }

    ipWalledGardenDomainOperHaccIndex OBJECT-TYPE
        SYNTAX      INTEGER
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "The parent index in ipHostAccessTable (ipHostAccessIndex)"
    ::= { ipWalledGardenDomainOperEntry 3 }

    ipWalledGardenDomainOperName OBJECT-TYPE
        SYNTAX      DisplayString
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "The domain name or IP address in dotted format."
        DEFVAL      { "" }
    ::= { ipWalledGardenDomainOperEntry 4 }
    
    ipWalledGardenDomainOperTtl OBJECT-TYPE
        SYNTAX      INTEGER
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "The time to live until next DNS query has to be initiated."
    ::= { ipWalledGardenDomainOperEntry 5 }

---------------------------------------------------------------------------
--  ipWalledGardenAddressTable
---------------------------------------------------------------------------

    ipWalledGardenAddressTable OBJECT-TYPE
        SYNTAX      SEQUENCE OF IpWalledGardenAddressEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "Table of allowed addresses for ipHostAccess"
    ::= { hacc 6 }
    
    ipWalledGardenAddressEntry OBJECT-TYPE
        SYNTAX      IpWalledGardenAddressEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "An entry representing an IP address for which
             host access authentication is enabled."
        INDEX { ipWalledGardenAddressDomainOperIndex, ipWalledGardenAddressNetwork }
    ::= { ipWalledGardenAddressTable 1 }

    IpWalledGardenAddressEntry ::=
        SEQUENCE {
            ipWalledGardenAddressDomainOperIndex   INTEGER,
            ipWalledGardenAddressNetwork           IpAddress
        }

    ipWalledGardenAddressDomainOperIndex OBJECT-TYPE
        SYNTAX      INTEGER
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "The parent index in ipWalledGardenDomainOperTable with same
             value for ipWalledGardenDomainOperIndex."
    ::= { ipWalledGardenAddressEntry 1 }

    ipWalledGardenAddressNetwork OBJECT-TYPE
        SYNTAX      IpAddress
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
            "This object specifies together with ipWalledGardenAddressNetmask
             the network where hosts can communicate without authorization."
    ::= { ipWalledGardenAddressEntry 2 }

END
