-- *****************************************************************
-- CISCO-ADMISSION-POLICY-MIB.my
--   
-- April 2008, Edward Pham 
--   
-- Copyright (c) 2008 by cisco Systems Inc.
-- All rights reserved.
--   
-- *****************************************************************

CISCO-ADMISSION-POLICY-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY,
    OBJECT-TYPE,
    Gauge32,
    Integer32,
    Counter32
        FROM SNMPv2-SMI

    MODULE-COMPLIANCE,
    OBJECT-GROUP
        FROM SNMPv2-CONF
    
    TEXTUAL-CONVENTION,
    MacAddress
        FROM SNMPv2-TC

    InetAddressType,
    InetAddress
        FROM INET-ADDRESS-MIB

    InterfaceIndex
        FROM IF-MIB

    ciscoMgmt
        FROM CISCO-SMI;

ciscoAdmissionPolicyMIB MODULE-IDENTITY
    LAST-UPDATED    "200806110000Z"
    ORGANIZATION    "Cisco Systems, Inc."
    CONTACT-INFO
            "Cisco Systems
            Customer Service

            Postal: 170 W Tasman Drive
            San Jose, CA  95134
            USA

            Tel: +1 800 553-NETS

            E-mail: cs-snmp@cisco.com"
    DESCRIPTION
        "This MIB module defines managed objects that facilitate
        the management of policies upon host(s) admission to 
        a network. 

        The information available through this MIB includes:

        o Statistics information such as number of total and
          active sessions. 

        o Session information such as IP and MAC address of
          host, client type, and session state.

        o QoS and Security policy applied to host traffic upon 
          host admission to a network. 
        
        The following terms are used throughout this MIB:

        QoS (Quality of Service) is the method which attempts 
        to ensure that the network requirements of different 
        applications can be met by giving preferential forwarding
        treatment to some traffic.

        ACL (Access Control List) which contains filters used
        to identify traffic flows with certain characteristics.

        Downloadable ACL is a set of filters, configured on the 
        RADIUS server which are downloaded during authorization 
        phase of admission features like dot1x, authProxy, etc.

        SGT (Security Group Tag) is a unique 16 bits value assigned
        to every security group and used by network devices to
        enforce network policies. 
        
        URL: Universal Resource Locator.

        URL-Redirect ACL is used for URL redirection feature. Any 
        ingress HTTP from the host that matches the ACL content 
        is subjected to redirection to the URL address specified by 
        the URL-Redirect string.

        URL redirect string is the URL to which HTTP traffic to 
        the host would be redirected."
    REVISION        "200806110000Z"
    DESCRIPTION
        "Initial version of this MIB module."
    ::= { ciscoMgmt 653 }

--
--  Definitions of textual convention
--

CapSessionId ::= TEXTUAL-CONVENTION
    STATUS  current
    DESCRIPTION
        "An octet string describes an unique session identification." 
    SYNTAX  OCTET STRING (SIZE (1..64))

CapQosPolicy ::= TEXTUAL-CONVENTION
    DISPLAY-HINT "255a"
    STATUS  current
    DESCRIPTION
        "An octet string, preferably in human-readable form,
        describes a QoS policy." 
    SYNTAX  OCTET STRING (SIZE (0..255))

CapAclName ::= TEXTUAL-CONVENTION
    DISPLAY-HINT "255a"
    STATUS  current
    DESCRIPTION
        "An octet string, preferably in human-readable form,
        describes the name of an ACL." 
    SYNTAX  OCTET STRING (SIZE (0..255))

CapURLString ::= TEXTUAL-CONVENTION
    STATUS            current
    DESCRIPTION
        "This textual convention defines the URL string.
        The Universal Resource Locator (URL). The URL strings
        are compact string representation for a resource
        available via internet. This is the address location
        of the page to load. The string should represent a
        fully qualifying string with the format
       'protocol:/server/page'. In general the string should
        point to any value that can be saved/loaded.
        Any limitation for the URL must be defined as part of
        the description of any object which uses this syntax.
        The description of any object which uses this syntax 
        must specifically describe the meaning of zero length 
        value."
    REFERENCE
        "Uniform Resource Locators. RFC 1738."
    SYNTAX OCTET STRING (SIZE(0..255))

CapPolicyState ::= TEXTUAL-CONVENTION
    STATUS  current
    DESCRIPTION
        "This textual convention indicates the current state
        of a policy applied to host traffic.

        'notApplicable' indicates that the policy is not applicable.

        'success' indicates that the policy is applied successfully.

        'failure' indicates that the policy is failed to apply.

        'inProgress' indicates that the policy application is
         in progress.

        'ipWait' indicates that the policy is waiting for IP
         address assignment. "
    SYNTAX  INTEGER { 
                notApplicable(1),
                success(2),
                failure(3),
                inProgress(4),
                ipWait(5)
            }
--
-- Objects definition
--

ciscoAdmissionPolicyMIBNotifs  OBJECT IDENTIFIER
    ::= { ciscoAdmissionPolicyMIB 0 }

ciscoAdmissionPolicyMIBObjects  OBJECT IDENTIFIER
    ::= { ciscoAdmissionPolicyMIB 1 }

ciscoAdmissionPolicyMIBConformance  OBJECT IDENTIFIER
    ::= { ciscoAdmissionPolicyMIB 2 }

capSessions
    OBJECT IDENTIFIER ::= { ciscoAdmissionPolicyMIBObjects 1 }


--
--  capSessions
--

capTotalSessions OBJECT-TYPE
    SYNTAX        Counter32 
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "This object indicates the total numbers of sessions
         created in the device since the last system reset." 
    ::= { capSessions 1 } 

capActiveSessions OBJECT-TYPE
    SYNTAX        Gauge32 
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "This object indicates the currently active sessions
         in the device." 
    ::= { capSessions 2 } 

--
--  Session Information Table
--

capSidSessionInfoTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF CapSidSessionInfoEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "This table lists admission policy sessions based on unique
         session identifier.

         An entry is created by the agent when an admission policy 
         session has successfully registered to the system. 
 
         An entry is deleted by the agent upon de-registration of the 
         admission policy session with system."
    ::= { capSessions 3 }

capSidSessionInfoEntry OBJECT-TYPE
    SYNTAX        CapSidSessionInfoEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "Each row contains the management information of a particular
         active session based on unique session identifier." 
    INDEX { IMPLIED capSidSessionIndex }
    ::= { capSidSessionInfoTable 1 }

CapSidSessionInfoEntry ::= SEQUENCE {
    capSidSessionIndex         CapSessionId,
    capSidSessionIfIndex       InterfaceIndex,
    capSidSessionMacAddress    MacAddress,
    capSidSessionAddressType   InetAddressType,
    capSidSessionAddress       InetAddress,
    capSidSessionFeatureType   BITS
}

capSidSessionIndex    OBJECT-TYPE
    SYNTAX          CapSessionId 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object uniquely identifies a session."
    ::= { capSidSessionInfoEntry 1 }

capSidSessionIfIndex  OBJECT-TYPE
    SYNTAX          InterfaceIndex
    MAX-ACCESS      read-only 
    STATUS          current
    DESCRIPTION
        "This object indicates the ifIndex value of the interface
         on which the session is established." 
    ::= { capSidSessionInfoEntry 2 }

capSidSessionMacAddress  OBJECT-TYPE
    SYNTAX          MacAddress 
    MAX-ACCESS      read-only 
    STATUS          current
    DESCRIPTION
        "This object indicates the MAC address of the host." 
    ::= { capSidSessionInfoEntry 3 }

capSidSessionAddressType  OBJECT-TYPE
    SYNTAX          InetAddressType 
    MAX-ACCESS      read-only 
    STATUS          current
    DESCRIPTION
        "This object indicates the type of Internet address 
         assigned for the host." 
    ::= { capSidSessionInfoEntry 4 }

capSidSessionAddress  OBJECT-TYPE
    SYNTAX          InetAddress 
    MAX-ACCESS      read-only 
    STATUS          current
    DESCRIPTION
        "This object indicates the Internet address assigned for
         the host. The type of this address is determined by 
         the value of capSidSessionAddressType object." 
    ::= { capSidSessionInfoEntry 5 }

capSidSessionFeatureType  OBJECT-TYPE
    SYNTAX          BITS { 
                       dot1x(0),
                       mab(1),
                       eou(2),
                       authProxy(3)
                    } 
    MAX-ACCESS      read-only 
    STATUS          current
    DESCRIPTION
        "This object indicates the admission features associated 
         with the session.

        'dot1x' indicates that the admission feature is 
        802.1x feature.

        'mab' indicates that the admission feature is 
        Mac Authentication Bypass feature.

        'eou' indicates that the admission feature is 
        Extensible Authentication Protocol over UDP feature.

        'authProxy' indicates that the admission feature is 
        Authentication Proxy feature." 
    ::= { capSidSessionInfoEntry 6 }

--
--  Session Policy Table
--

capSidSessionPolicyTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF CapSidSessionPolicyEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "This table lists the policies that will be enforced 
        per session per admission feature. The session in this
        table should have a corresponding entry in 
        capSidSessionInfoTable." 
    ::= { capSessions 4 }

capSidSessionPolicyEntry OBJECT-TYPE
    SYNTAX        CapSidSessionPolicyEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "Each row contains the management information of a 
        particular admission feature of a session."
    INDEX { capSidSessionIndex, capSidSessionPolicyIndex }
    ::= { capSidSessionPolicyTable 1 }

CapSidSessionPolicyEntry ::= SEQUENCE {
    capSidSessionPolicyIndex        INTEGER,
    capSidIngressQosPolicy          CapQosPolicy,
    capSidIngressQosPolicyState     CapPolicyState, 
    capSidEgressQosPolicy           CapQosPolicy,
    capSidEgressQosPolicyState      CapPolicyState, 
    capSidDownloadableAclName       CapAclName,
    capSidDownloadableAclState      CapPolicyState, 
    capSidUrlRedirectAclName        CapAclName,
    capSidUrlRedirectAclState       CapPolicyState, 
    capSidRedirectUrlString         CapURLString,
    capSidRedirectUrlStringState    CapPolicyState,
    capSidSecurityGroupTag          Integer32
}

capSidSessionPolicyIndex  OBJECT-TYPE
    SYNTAX          INTEGER {
                        dot1x(1),
                        mab(2),
                        eou(3),
                        authProxy(4)
                    } 
    MAX-ACCESS      not-accessible 
    STATUS          current
    DESCRIPTION
        "This object indicates the admission feature which
        a host is subjected to in a session.
 
        'dot1x' indicates that the admission feature is 
        802.1x feature.

        'mab' indicates that the admission feature is 
        Mac Authentication Bypass feature.

        'eou' indicates that the admission feature is 
        Extensible Authentication Protocol over UDP feature.

        'authProxy' indicates that the admission feature is 
        Authentication Proxy feature."
    ::= { capSidSessionPolicyEntry 1 }

capSidIngressQosPolicy OBJECT-TYPE
    SYNTAX          CapQosPolicy 
    MAX-ACCESS      read-only 
    STATUS          current
    DESCRIPTION
        "This object indicates the name of an existing QoS 
        policy which will be applied to incoming traffic
        in this session. An empty string indicates that no such
        policy is applied."
    ::= { capSidSessionPolicyEntry 2 }

capSidIngressQosPolicyState OBJECT-TYPE
    SYNTAX          CapPolicyState 
    MAX-ACCESS      read-only 
    STATUS          current
    DESCRIPTION
        "This object indicates the current state of the 
        QoS policy which will be applied to incoming traffic
        in this session."
    ::= { capSidSessionPolicyEntry 3 }

capSidEgressQosPolicy OBJECT-TYPE
    SYNTAX          CapQosPolicy
    MAX-ACCESS      read-only 
    STATUS          current
    DESCRIPTION
        "This object indicates the name of an existing QoS 
        policy which will be applied to outgoing traffic
        in this session. An empty string indicates that no
        such policy is applied."
    ::= { capSidSessionPolicyEntry 4 }

capSidEgressQosPolicyState OBJECT-TYPE
    SYNTAX          CapPolicyState 
    MAX-ACCESS      read-only 
    STATUS          current
    DESCRIPTION
        "This object indicates the current state of the QoS 
        policy which will be applied to outgoing traffic 
        in this session."
    ::= { capSidSessionPolicyEntry 5 }

capSidDownloadableAclName OBJECT-TYPE
    SYNTAX          CapAclName 
    MAX-ACCESS      read-only 
    STATUS          current
    DESCRIPTION
        "This object indicates the name of a Downloadable
        ACL which will be applied to the host traffic. 
        An empty string indicates that no such ACL is 
        applied."
    ::= { capSidSessionPolicyEntry 6 }

capSidDownloadableAclState OBJECT-TYPE
    SYNTAX          CapPolicyState 
    MAX-ACCESS      read-only 
    STATUS          current
    DESCRIPTION
        "This object indicates the state of this session 
        downloadable ACL policy." 
    ::= { capSidSessionPolicyEntry 7 }

capSidUrlRedirectAclName   OBJECT-TYPE
    SYNTAX          CapAclName 
    MAX-ACCESS      read-only 
    STATUS          current
    DESCRIPTION
        "This object indicates the ACL name that redirected traffic
        from the host will be subjected to. An empty string indicates
        that no such ACL is applied."
    ::= { capSidSessionPolicyEntry 8 }

capSidUrlRedirectAclState OBJECT-TYPE
    SYNTAX          CapPolicyState 
    MAX-ACCESS      read-only 
    STATUS          current
    DESCRIPTION
        "This object indicates the state of this session 
        URL-Redirect ACL policy." 
    ::= { capSidSessionPolicyEntry 9 }

capSidRedirectUrlString   OBJECT-TYPE
    SYNTAX          CapURLString 
    MAX-ACCESS      read-only 
    STATUS          current
    DESCRIPTION
        "This object indicates the URL that traffic from
        the host will be redirected to. An empty string indicates
        that no such URL is applied." 
    ::= { capSidSessionPolicyEntry 10 }

capSidRedirectUrlStringState OBJECT-TYPE
    SYNTAX          CapPolicyState 
    MAX-ACCESS      read-only 
    STATUS          current
    DESCRIPTION
        "This object indicates the state of this session 
        URL-Redirect string policy." 
    ::= { capSidSessionPolicyEntry 11 }

capSidSecurityGroupTag OBJECT-TYPE
    SYNTAX          Integer32 (-1 | 0..65535) 
    MAX-ACCESS      read-only 
    STATUS          current
    DESCRIPTION
        "This object indicates the SGT value assigned to the
        host that initiated this session. Value of -1 indicates
        that there is no SGT value assigned." 
    ::= { capSidSessionPolicyEntry 12 }

--
-- Conformance
--

ciscoAdmissionPolicyMIBCompliances
    OBJECT IDENTIFIER ::= { ciscoAdmissionPolicyMIBConformance 1 }

ciscoAdmissionPolicyMIBGroups
    OBJECT IDENTIFIER ::= { ciscoAdmissionPolicyMIBConformance 2 }

ciscoAdmissionPolicyMIBCompliance MODULE-COMPLIANCE
    STATUS  current
    DESCRIPTION
        "The compliance statement for the CISCO-ADMISSION-POLICY-MIB"
    MODULE
    MANDATORY-GROUPS { 
         capSessionStatisticsGroup 
    }

    GROUP capSidSessionPolicyGroup 
    DESCRIPTION
        "This group is mandatory only for platforms which support
         policy information for a session based on unique session
         identifier." 

    GROUP capSidSessionInfoGroup 
    DESCRIPTION
        "This group is mandatory only for platforms which provide 
         session information based on unique session identifier." 

    ::= { ciscoAdmissionPolicyMIBCompliances 1 }

--
-- Units of Conformance
--

capSessionStatisticsGroup OBJECT-GROUP
    OBJECTS {
       capTotalSessions,
       capActiveSessions
    }
    STATUS current
    DESCRIPTION
        "A collection of object which provides session statistics 
         information in the device."
    ::= { ciscoAdmissionPolicyMIBGroups 1 }

capSidSessionInfoGroup OBJECT-GROUP
    OBJECTS {
       capSidSessionAddressType,
       capSidSessionAddress,
       capSidSessionIfIndex,
       capSidSessionMacAddress,
       capSidSessionFeatureType
    }
    STATUS current
    DESCRIPTION
        "A collection of objects which provides managed information 
         of a session based on unique session identifier." 
    ::= { ciscoAdmissionPolicyMIBGroups 2 }

capSidSessionPolicyGroup OBJECT-GROUP
    OBJECTS {
       capSidIngressQosPolicy,
       capSidIngressQosPolicyState,
       capSidEgressQosPolicy,
       capSidEgressQosPolicyState,
       capSidDownloadableAclName,
       capSidDownloadableAclState,
       capSidRedirectUrlString,
       capSidRedirectUrlStringState,
       capSidUrlRedirectAclName,
       capSidUrlRedirectAclState,
       capSidSecurityGroupTag 
    }
    STATUS current
    DESCRIPTION
        "A collection of objects which provides policy information
         in a session based on unique session identifier." 
    ::= { ciscoAdmissionPolicyMIBGroups 3 }

END



