-- Dot1x Advanced Features MIB overview:
-- Dot1x Advanced Features MIB falls under fastPath MIB node of the private subtree.

FASTPATH-DOT1X-ADVANCED-FEATURES-MIB DEFINITIONS ::= BEGIN

-- Broadcom Corporation FastPath Dot1x Advanced Features MIB
-- Copyright Broadcom Corporation (2003-2007) All rights reserved.

-- This SNMP Management Information Specification
-- embodies Broadcom Corporation's confidential and proprietary
-- intellectual property.  Broadcom Corporation retains all title
-- and ownership in the Specification including any revisions.

-- This Specification is supplied "AS IS", Broadcom Corporation
-- makes no warranty, either expressed or implied,
-- as to the use, operation, condition, or performance of the
-- Specification.


IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
    Unsigned32                          FROM SNMPv2-SMI
    dot1xPaePortNumber                  FROM IEEE8021-PAE-MIB
    TEXTUAL-CONVENTION,
    RowStatus,MacAddress                FROM SNMPv2-TC
    DisplayString                       FROM RFC1213-MIB
    fastPath                            FROM BROADCOM-REF-MIB;
    

    fastPathdot1xAdvanced MODULE-IDENTITY
           LAST-UPDATED "200705230000Z" -- 23 May 2007 12:00:00 GMT
           ORGANIZATION "Broadcom Corporation"
           CONTACT-INFO
           "                      Customer Support
           Postal:                Broadcom Corporation
                                  100, Perimeter Park Drive
                                  Morrisville, NC 27560
           Tel:                   +1 919 865 2700"
           
     DESCRIPTION
          "The Broadcom Private MIB for FastPath Dot1x Advanced Features "

      -- Revision history.
     REVISION
          "200705230000Z" -- 23 May 2007 12:00:00 GMT
     DESCRIPTION
          "Broadcom branding related changes."

      ::= { fastPath 36 }

 
Dot1xPortControlMode ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "The control values of the Authenticator PAE controlled
        Port."
    SYNTAX      INTEGER {
                    forceUnauthorized(1),
                    auto(2),
                    forceAuthorized(3),
                    macBased(4)
                }

Dot1xSessionTerminationAction ::= TEXTUAL-CONVENTION
        STATUS  current
        DESCRIPTION
              "The action to be taken on session termination ."
        SYNTAX       INTEGER {
                                default(1),
                                reauthenticate(2)
                              } 
                         
agentDot1xEnhancementConfigGroup OBJECT IDENTIFIER ::= { fastPathdot1xAdvanced 1 }

    agentDot1xRadiusVlanAssignment OBJECT-TYPE
         SYNTAX      INTEGER {
                     enable(1),
                     disable(2)
                     }
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
               "Enable/Disable dot1x Vlan Assignment Support on the switch."
         DEFVAL { disable }
         ::= { agentDot1xEnhancementConfigGroup 1 }


--**************************************************************************************
-- agentDot1xPortConfigGroup -> Contains MIB objects configuring/displaying Dot1x Port details 
-- and associated Functionality
--
--**************************************************************************************

    agentDot1xPortConfigGroup OBJECT IDENTIFIER ::= { fastPathdot1xAdvanced 2 }

--------------------------------------------------------------
-- The Dot1x Enhanced Port Table
--------------------------------------------------------------

    agentDot1xPortConfigTable OBJECT-TYPE
         SYNTAX      SEQUENCE OF AgentDot1xPortConfigEntry
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION "A table for dot1x enhanced Port details and associated functionality."
         ::= { agentDot1xPortConfigGroup 1 }

    agentDot1xPortConfigEntry OBJECT-TYPE
         SYNTAX      AgentDot1xPortConfigEntry
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION "Represents entry for port config table."
         INDEX       { dot1xPaePortNumber}
         ::= {agentDot1xPortConfigTable 1 }

    AgentDot1xPortConfigEntry ::= SEQUENCE { 
        agentDot1xPortControlMode
             Dot1xPortControlMode,
        agentDot1xGuestVlanId
             Unsigned32,
        agentDot1xGuestVlanPeriod
             Unsigned32,
        agentDot1xUnauthenticatedVlan  
             Unsigned32,
        agentDot1xMaxUsers
             Unsigned32,    
        agentDot1xPortVlanAssigned
             Unsigned32,
        agentDot1xPortVlanAssignedReason
             INTEGER,
        agentDot1xPortSessionTimeout
             Unsigned32,
        agentDot1xPortTerminationAction
             Dot1xSessionTerminationAction,
        agentDot1xPortMABenabled
             INTEGER,
        agentDot1xPortMABenabledOperational
             INTEGER            
                
    }

       agentDot1xPortControlMode  OBJECT-TYPE
                SYNTAX       Dot1xPortControlMode
                MAX-ACCESS   read-write
                STATUS       current
                DESCRIPTION
                       "Dot1x port control mode of this port.The Port control mode . 
                        The port control mode for this interface can take the following values ,
                                force-unauthorized - the port is in unauthorized mode,
                                auto-Port based mode. If a client authenticates suscessfully, then the interface is authorized .
                                     Otherwise, the port is in unauthorized mode. 
                                     If more than one clients are attached to the port , then only one client needs to authenticate to allow other clients access.
                                force-authorized - The port is placed in authorized mode
                                macBased - If more than one client is attached to the port, then each client needs to authenticate separately.
                        This object depcreates dot1xAuthAuthControlledPortControl object in IEEE8021-PAE-MIB"
                DEFVAL {auto}
                ::= {  agentDot1xPortConfigEntry 1}

        agentDot1xGuestVlanId  OBJECT-TYPE
                SYNTAX      Unsigned32
                MAX-ACCESS   read-write
                STATUS       current
                DESCRIPTION
                        "Specifies the Guest Vlan of the port. A port will
                         be moved to its Guest Vlan if no client sucessfully
                         authenticates on that port for the Guest Vlan Period. 
                         A value of zero indicates no Guest Vlan is configured for the interface."
                DEFVAL {0}
                ::= { agentDot1xPortConfigEntry 2}

        agentDot1xGuestVlanPeriod OBJECT-TYPE
                SYNTAX      Unsigned32 (0..65535)
                MAX-ACCESS  read-write
                STATUS      current
                DESCRIPTION
                         "The value, in seconds, of the guestVlanPeriod constant
                         currently in use for Guest Vlan Assignment for the 
                         port ."
                DEFVAL { 90 }
                ::= { agentDot1xPortConfigEntry 3 }


        agentDot1xUnauthenticatedVlan  OBJECT-TYPE
                SYNTAX       Unsigned32 
                MAX-ACCESS   read-write
                STATUS       current
                DESCRIPTION
                        "Specifies the Unauthenticated Vlan of the port. A port will
                         be moved to its unauthenticated Vlan if the client authenticates unsucessfully
                         on that port . 
                         A value of zero indicates no Unauthenticated Vlan is configured for the port. "
                DEFVAL {0}
                ::= {  agentDot1xPortConfigEntry 4}

        agentDot1xMaxUsers OBJECT-TYPE
                SYNTAX      Unsigned32 
                MAX-ACCESS   read-write
                STATUS       current
                DESCRIPTION
                        " Specifies the maximum users or clients that can authenticate on this port when the port control mode is macBased.  "
                ::= {  agentDot1xPortConfigEntry 5}

        agentDot1xPortVlanAssigned OBJECT-TYPE
                SYNTAX       Unsigned32 
                MAX-ACCESS   read-only
                STATUS       current
                DESCRIPTION
                        " Specifies the vlan the port is assigned to by Dot1x  . 
                          Only relevant if the port control mode of the port is auto. "
                DEFVAL {0}
                ::= {  agentDot1xPortConfigEntry 6}

        agentDot1xPortVlanAssignedReason OBJECT-TYPE
                SYNTAX       INTEGER {
                              default(1),
                              radius(2),
                              unauthenticatedVlan(3),
                              guestVlan(4),
                              notAssigned(5)  
                        }  
                MAX-ACCESS   read-only
                STATUS       current
                DESCRIPTION
                        " Reason the port is assigned to the vlan specified by agentDot1xPortVlanAssigned . 
                          Only relevant if the port control mode of the port is auto. "
                DEFVAL {5}
                ::= {  agentDot1xPortConfigEntry 7}

        agentDot1xPortSessionTimeout OBJECT-TYPE
                SYNTAX       Unsigned32
                MAX-ACCESS   read-only
                STATUS       current
                DESCRIPTION
                        " Specifies the session timeout value assigned by the Radius server for this port  . 
                        Only relevant if the port control mode of the port is auto. "
                ::= {  agentDot1xPortConfigEntry 8}

        agentDot1xPortTerminationAction OBJECT-TYPE
                SYNTAX      Dot1xSessionTerminationAction 
                MAX-ACCESS   read-only
                STATUS       current
                DESCRIPTION
                        " Specifies the session termination action assigned by the Radius Server .This is the action taken when the session times out . 
                          Only relevant if the port control mode of the port is auto. "
                DEFVAL {1}
                ::= {  agentDot1xPortConfigEntry 9}

      agentDot1xPortMABenabled OBJECT-TYPE
                SYNTAX       INTEGER {
                              enable(1),
                              disable(2)                               
                        }  
                MAX-ACCESS   read-write
                STATUS       current
                DESCRIPTION
                        " Specifies if Mac-based bypass authentication is configured for the port. "
                DEFVAL {2}
                ::= {  agentDot1xPortConfigEntry 10}

        agentDot1xPortMABenabledOperational OBJECT-TYPE
                SYNTAX       INTEGER {
                              enable(1),
                              disable(2)                               
                        }  
                MAX-ACCESS   read-only
                STATUS       current
                DESCRIPTION
                        " Displays the operational value of the Mac-based authentication bypass mode (MAB) on the port. "
                DEFVAL {2}
                ::= {  agentDot1xPortConfigEntry 11}

--**************************************************************************************
-- agentDot1xClientConfigGroup -> Contains MIB objects displaying Dot1x Client details and
-- associated Functionality
--
--**************************************************************************************

        agentDot1xClientConfigGroup OBJECT IDENTIFIER ::= { fastPathdot1xAdvanced 3 }

        agentDot1xClientConfigTable OBJECT-TYPE
                SYNTAX      SEQUENCE OF AgentDot1xClientConfigEntry
                MAX-ACCESS  not-accessible
                STATUS      current
                DESCRIPTION "A table for dot1x Client details and associated functionality."
                ::= { agentDot1xClientConfigGroup 1 }

        agentDot1xClientConfigEntry OBJECT-TYPE
                SYNTAX      AgentDot1xClientConfigEntry
                MAX-ACCESS  not-accessible
                STATUS      current
                DESCRIPTION "Represents entry for port config table."
                INDEX       { agentDot1xClientMacAddress}
                ::= {agentDot1xClientConfigTable 1 }

        AgentDot1xClientConfigEntry ::= SEQUENCE { 
                agentDot1xClientMacAddress
                        MacAddress,
                agentDot1xLogicalPort
                        Unsigned32,
                agentDot1xInterface
                        Unsigned32,
                agentDot1xClientAuthPAEstate
                        INTEGER,
                agentDot1xClientBackendState
                        INTEGER,
                agentDot1xClientUserName
                        DisplayString,
                agentDot1xClientSessionTime
                        Unsigned32,
                agentDot1xClientFilterID
                        DisplayString,
                agentDot1xClientVlanAssigned
                        Unsigned32,
                agentDot1xClientVlanAssignedReason
                        INTEGER,
                agentDot1xClientSessionTimeout
                        Unsigned32,
                agentDot1xClientTerminationAction
                        Dot1xSessionTerminationAction
    }    
    
     agentDot1xClientMacAddress  OBJECT-TYPE
                SYNTAX           MacAddress
                MAX-ACCESS       read-only
                STATUS           current
                DESCRIPTION
                        "Specifies the client MAC address of the client. "
                ::= { agentDot1xClientConfigEntry 1}

      agentDot1xLogicalPort      OBJECT-TYPE
                SYNTAX           Unsigned32
                MAX-ACCESS       read-only
                STATUS           current
                DESCRIPTION
                        "Specifies the client MAC address of the client . "
                ::= { agentDot1xClientConfigEntry 2}

        agentDot1xInterface      OBJECT-TYPE
                SYNTAX           Unsigned32
                MAX-ACCESS       read-only
                STATUS           current
                DESCRIPTION
                        "Specifies the physical interface to which the client is attached . "
                ::= { agentDot1xClientConfigEntry 3}

        agentDot1xClientAuthPAEstate OBJECT-TYPE
                 SYNTAX      INTEGER {
                                 initialize(1),
                                 disconnected(2),
                                 connecting(3),
                                 authenticating(4),
                                 authenticated(5),
                                 aborting(6),
                                 held(7),
                                 forceAuth(8),
                                forceUnauth(9)
                             }
                MAX-ACCESS  read-only
                STATUS      current
                DESCRIPTION
                        "The current value of the Authenticator PAE state
                        machine for the client."
                ::={ agentDot1xClientConfigEntry 4}

        agentDot1xClientBackendState OBJECT-TYPE
                SYNTAX      INTEGER {
                                request(1),
                                response(2),
                                success(3),
                                fail(4),
                                timeout(5),
                                idle(6),
                                initialize(7)
                            }
                MAX-ACCESS  read-only
                STATUS      current
                DESCRIPTION
                        "The current state of the Backend Authentication
                        state machine."
                ::={ agentDot1xClientConfigEntry 5} 

        agentDot1xClientUserName OBJECT-TYPE
                SYNTAX           DisplayString
                MAX-ACCESS       read-only
                STATUS           current
                DESCRIPTION
                        "Specifies the username with which the client is authenticated to the Radius server .
                         This value is only valid when the client is in authenticated state.  "
                ::= { agentDot1xClientConfigEntry 6}

        agentDot1xClientSessionTime OBJECT-TYPE
                SYNTAX              Unsigned32
                MAX-ACCESS          read-only
                STATUS              current
                DESCRIPTION
                        "Specifies the time elapsed in seconds since the client was authenticated in this session.
                         This value is only valid when the client is in authenticated state. "
                ::= { agentDot1xClientConfigEntry 7}

        agentDot1xClientFilterID OBJECT-TYPE
                SYNTAX              DisplayString
                MAX-ACCESS          read-only
                STATUS              current
                DESCRIPTION
                        "Specifies the Filter ID or Diffserv Policy name to be applied to the session . 
                         This vlaue is populated only if it has been assigned by the RADIUS server.
                         This value is only valid when the client is in authenticated state."
                ::= { agentDot1xClientConfigEntry 8}

        agentDot1xClientVlanAssigned OBJECT-TYPE
                SYNTAX              Unsigned32
                MAX-ACCESS          read-only
                STATUS              current
                DESCRIPTION
                        "Specifies the vlan the client is associated with by Dot1x  .
                         This value is only valid when the client is in authenticated state."
                ::= { agentDot1xClientConfigEntry 9}

        agentDot1xClientVlanAssignedReason OBJECT-TYPE
                SYNTAX       INTEGER {
                              default(1),
                              radius(2),
                              unauthenticatedVlan(3),
                              invalid(4)
                            }  
                MAX-ACCESS   read-only
                STATUS       current
                DESCRIPTION
                        " Reason the client is associated to the vlan specified by agentDot1xClientVlanAssigned .
                          This value is only valid when the client is in authenticated state." 
                ::= {  agentDot1xClientConfigEntry 10}

        agentDot1xClientSessionTimeout OBJECT-TYPE
                SYNTAX              Unsigned32
                MAX-ACCESS          read-only
                STATUS              current
                DESCRIPTION
                        "Specifies the session time remaining for the client if  assigned by the Radius server  . 
                         A value of 0 indicates that no session timeout was assigned by the RADIUS server.
                         This value is only valid when the client is in authenticated state. "
                ::= { agentDot1xClientConfigEntry 11}

         agentDot1xClientTerminationAction OBJECT-TYPE
                SYNTAX              Dot1xSessionTerminationAction
                MAX-ACCESS          read-only
                STATUS              current
                DESCRIPTION
                        "Specifies the session termination action assigned by the Radius Server .
                        This is the action taken when the session times out .
                        This value is only valid when the client is in authenticated state. "
                ::= { agentDot1xClientConfigEntry 12} 
END

