-- *****************************************************************
-- RBN-BIND-MIB	Redback BIND Mib
--
-- Copyright (c) 2002-2003 RedBack Networks, Inc.
-- All rights reserved.
--
-- *****************************************************************

RBN-BIND-MIB DEFINITIONS ::= BEGIN

IMPORTS
	MODULE-IDENTITY, OBJECT-TYPE,
	Unsigned32
		FROM SNMPv2-SMI

	TEXTUAL-CONVENTION, TruthValue
		FROM SNMPv2-TC

	MODULE-COMPLIANCE, OBJECT-GROUP
		FROM SNMPv2-CONF

	SnmpAdminString
		FROM SNMP-FRAMEWORK-MIB

	RbnCircuitHandle, RbnSlot, RbnPort
		FROM RBN-TC

	rbnMgmt
		FROM RBN-SMI;

rbnBindMib MODULE-IDENTITY
	LAST-UPDATED	"200310131700Z" -- October 13, 2003
	ORGANIZATION	"Redback Networks, Inc."
	CONTACT-INFO
                "       RedBack Networks, Inc.

                Postal: 300 Holger Way
                        San Jose, CA  95134-1362
                        USA

                 Phone: +1 408 750 5000
                   Fax: +1 408 750 5599

                E-mail: mib-info@redback.com"
	DESCRIPTION
		"Defines the objects necessary to support binding
		circuits to interfaces."

	REVISION        "200310131700Z" -- October 13, 2003
        DESCRIPTION
		"Added new object rbnBindAuthDhcp.
		Added new MODULE-COMPLIANCE statement rbnBindCompliance2.
		Added new OBJECT-GROUP rbnBindConfigGroup2.

		Clarified DESCRIPTION clause for rbnBindName by adding
		multiIntfBind to the list of bind types where rbnBindName
		is applicable.

		Corrected misspelling of multiIntfBind in the
		DESCRIPTION clause of rbnBindAuthContext."

        REVISION	"200303071700Z" -- March 7, 2003
        DESCRIPTION
		"Added 'sessionBind' as one of the bind types that are
		applicable to rbnBindMaxSessions object.  Removed
		reference to non-existant platform in DESCRIPTION of
		rbnBindMaxSessions object."

        REVISION	"200211130000Z" -- November 13, 2002
        DESCRIPTION
		"Updated to import RbnSlot and RbnPort from RBN-TC."

        REVISION	"200207251700Z" -- Jul 25, 2002
        DESCRIPTION
		"Added support for the CLIPs bind type."

        REVISION	"200201071700Z" -- Jan 7, 2002
        DESCRIPTION
                "Initial version."

	::= { rbnMgmt 17 }

rbnBindMIBObjects       OBJECT IDENTIFIER ::= { rbnBindMib 1 }

rbnBindMIBConformance   OBJECT IDENTIFIER ::= { rbnBindMib 2 }

rbnBindMIBNotifications OBJECT IDENTIFIER ::= { rbnBindMib 3 }

--
-- Textual Conventions
--

RbnBindType ::= TEXTUAL-CONVENTION
	STATUS       current
	DESCRIPTION
		"The binding type.  The comment after the enumeration
		label is the equivalent CLI command that would config
		the corresponding bind type."
	SYNTAX	INTEGER {
		unbound(1),            -- state on initial creation
		authBind(2),           -- "bind authentication"
		bypassBind(3),         -- "bind bypass"
		interfaceBind(4),      -- "bind interface"
		subscriberBind(5),     -- "bind subscriber"
		l2tptunnelBind(6),     -- "bind l2tp-tunnel"
		sessionBind(7),        -- "bind session"
		dot1qBind(8),          -- "bind 802.1 Q"
		multiIntfBind(9),      -- "bind multi interface"
		multiSubBind(10),      -- "bind multi subscriber"
		multiClipsBind(11)     -- "bind multi clips"
	}

--
-- BIND Circuit Table
--

rbnBindTable OBJECT-TYPE
	SYNTAX       SEQUENCE OF RbnBindEntry
	MAX-ACCESS   not-accessible
	STATUS       current
	DESCRIPTION
		"This table contains the objects which identify and configure
		circuit bindings.

		With respect to creation and deletion of entries in this table,
		rows are created or deleted when a circuit is created or
		deleted - there is no explicit explicit creation or deletion
		of rows allowed or required."
	::= { rbnBindMIBObjects 1 }

rbnBindEntry OBJECT-TYPE
	SYNTAX       RbnBindEntry
	MAX-ACCESS   not-accessible
	STATUS       current
	DESCRIPTION
		"A conceptual row in the rbnBindTable."
	INDEX        { rbnBindCircuit }
	::= { rbnBindTable 1 }

RbnBindEntry ::=
	SEQUENCE {
		rbnBindCircuit		RbnCircuitHandle,
		rbnBindType		RbnBindType,
		rbnBindName		SnmpAdminString,
		rbnBindPassword		SnmpAdminString,
		rbnBindContext		SnmpAdminString,
		rbnBindAuthContext	SnmpAdminString,
		rbnBindServiceGrp	SnmpAdminString,
		rbnBindAcl		SnmpAdminString,
		rbnBindAuthChap		TruthValue,
		rbnBindAuthPap		TruthValue,
		rbnBindAuthWait		TruthValue,
		rbnBindAuthPapFirst	TruthValue,
		rbnBindMaxSessions	Unsigned32,
		rbnBindPvcSlot		RbnSlot,
		rbnBindPvcPort		RbnPort,
		rbnBindVpn		Unsigned32,
		rbnBindAuthDhcp		TruthValue
	}

rbnBindCircuit OBJECT-TYPE
	SYNTAX       RbnCircuitHandle
	MAX-ACCESS   not-accessible
	STATUS       current
	DESCRIPTION
		"A key identifying the circuit for which the binding applies.
		Note the implication: this key identifies an existing circuit.
		A basic tenent thus evolves: the circuit must exist before
		it can be bound.  See the definition of the RbnCircuitHandle
		TEXTUAL-CONVENTION for the definition of this key."

	::= { rbnBindEntry 1 }

rbnBindType OBJECT-TYPE
	SYNTAX       RbnBindType
	MAX-ACCESS   read-create
	STATUS       current
	DESCRIPTION
		"The type of the binding.  See the definition of the
		RbnBindType TEXTUAL-CONVENTION for the possible types.

		The bind type must be appropriate to the type of circuit
		that it is being applied to.  See the AOS Command Reference
		Manual for a complete exposition of what circuit types may be
		associated with which bindings.

		Note that when a circuit is created, an initial binding is
		established of type 'unbound'.  So there is always some
		binding in effect for a circuit; there is no concept of
		explicitly creating or deleting a binding, there is merely
		setting it's type and supplying the applicable attributes
		for the bind type.

		In other words, with respect to entries in this table,
		when a circuit is created, a row in this table is also
		created. and when a circuit is deleted, the row in this
		table is also deleted.

		If you change the bind type to a new bind type for a
		circuit, the previous binding is removed and any active
		sessions are dropped.  If an existing binding on the circuit
		is exactly the same as specified in the new binding, the
		existing binding is not removed.  When changing the bind
		type to a new bind type, all objects mandatory for the
		new bind type must be included in the set operation.

		Thus, the bind type will determine which group of objects
		in a row of the rbnBindTable that will be applicable
		for that instance of a circuit.

		For example, if the bind type is 'subscriberBind', then
		the columns in the row that are applicable will be:

                rbnBindType
                rbnBindName
                rbnBindContext
                rbnBindPassword

		In a set operation, if additional columns are specified for
		some given bind type, that is, columnar objects which are not
		applicable to the given bind type, an INCONSISTENT VALUE
		error will be returned.

		The DESCRIPTION clause for each of the rbnBindTable objects
		specifies the bind types that are applicable for that object.

		For a complete specification of the various bind types
		and the applicable columns of the rbnBindTable, please
		see AOS Command Reference manual."

	REFERENCE "Access Operating System (AOS) Command Reference Release 5.0"

	::= { rbnBindEntry 2 }

rbnBindName OBJECT-TYPE
	SYNTAX       SnmpAdminString (SIZE (1..192))
	MAX-ACCESS   read-create
	STATUS       current
	DESCRIPTION
		"A name associated with the binding. This field is only
		applicable when the value of rbnBindType is:

		bypassBind
		interfaceBind
		subscriberBind
		l2tptunnelBind
		multiIntfBind
		multiSubBind
		sessionBind

		If the value of rbnBindType is not one of these bind types,
                then rbnBindName is not instantiated for this entry.

		The value of rbnBindName is dependent on the value specified
		in rbnBindType as described below:

		Bind Type		Value of Name
		---------		-------------
		bypassBind		the name of an existing bypass to which
					the circuit is to be bound
		interfaceBind		the name of an existing interface
		subscriberBind		the name of a subscriber
		l2tptunnelBind		the tunnel to which the circuit is to
					be bound
		multiIntfBind		the name of an existing interface
		multiSubBind		the name of a subscriber
		sessionBind		the name of the peer or L2TP group
					to which the circuit is to be bound

		Don't think of rbnBindName as the name of the binding.  Rather,
		it is the name of some other attribute associated with the
		binding."

	::= { rbnBindEntry 3 }

rbnBindPassword OBJECT-TYPE
	SYNTAX       SnmpAdminString (SIZE (1..64))
	MAX-ACCESS   read-create
	STATUS       current
	DESCRIPTION
		"The AAA password. This field is only applicable when
		the value of rbnBindType is:

		subscriberBind

		If the value of rbnBindType is not this bind type,
                then rbnBindPassword is not instantiated for this entry."

	::= { rbnBindEntry 4 }

rbnBindContext OBJECT-TYPE
	SYNTAX       SnmpAdminString (SIZE (1..64))
	MAX-ACCESS   read-create
	STATUS       current
	DESCRIPTION
		"The name of the context associated with the binding.

		This field is applicable only when one of the following
		rbnBindType values is specified:

		Bind Type	Value of Context
		---------	----------------
		bypassBind	The name of the context where the bypass exists.

		interfaceBind	The name of the context in which the specified
				interface exists.

		subscriberBind	The name of the context used to locate the
				subscriber information.

		l2tptunnelBind	The name of the context in which the tunnel is
				configured.

		sessionBind	The name of the context for the peer.

		multiIntfBind	The name of the context for the interface to
				which the IP over Ethernet portion of the
				circuit is to be bound.

		multiSubBind	The name of the context for the interface to
				which the IP over Ethernet portion of the
				circuit is to be bound.

		multiClipsBind	The name of the context for the interface to
				which the IP over Ethernet portion of the
				circuit is to be bound.

		If the value of rbnBindType is not one of these bind types,
                then rbnBindContext is not instantiated for this entry."

	::= { rbnBindEntry 5 }

rbnBindAuthContext OBJECT-TYPE
	SYNTAX       SnmpAdminString (SIZE (1..64))
	MAX-ACCESS   read-create
	STATUS       current
	DESCRIPTION
		"The name of the authentication context associated with
		the binding.  It is the name of the context to which PPP
		sessions on the circuits being bound are restricted.

		Specification of this column for a given entry is optional.

		When using this optional context name, all attempts to bind
		PPP sessions to contexts other than the one specified
		will fail.

		This object is applicable only when one of the following
		rbnBindType values is specified:

		authBind
		multiIntfBind
		multiSubBind

		If the value of rbnBindType is not one of these bind types,
                then rbnBindAuthContext is not instantiated for this entry."

	::= { rbnBindEntry 6 }

rbnBindServiceGrp OBJECT-TYPE
	SYNTAX       SnmpAdminString (SIZE (1..64))
	MAX-ACCESS   read-create
	STATUS       current
	DESCRIPTION
		"The name of the service access list associated with
		the binding.  It is the name of the service access list
		that defines the services available to the PPP-encapsulated
		circuit.

		Specification of this column for a given entry is optional.

		When using this optional service access list, all attempts
		to authenticate to contexts or domains not permitted by
		the named service access list fail.

		This object is applicable only when one of the following
		rbnBindType values is specified:

		authBind
		multiIntfBind
		multiSubBind
		multiClipsBind

		If the value of rbnBindType is not one of these bind types,
                then rbnBindServiceGrp is not instantiated for this entry."

	::= { rbnBindEntry 7 }

rbnBindAcl OBJECT-TYPE
	SYNTAX       SnmpAdminString (SIZE (1..64))
	MAX-ACCESS   read-create
	STATUS       current
	DESCRIPTION
		"The name of the bridge access control list associated with
		the binding.  It is the name of the Access control list to
		be applied to the session.  The access control list must
		already have been configured in the context of the session
		peer.  This is typically used to filter packets so that
		only PPPoE traffic is allowed through an Ethernet L2TP
		tunnel.

		Specification of this column for a given entry is optional.

		This object is applicable only when one of the following
		rbnBindType values is specified:

		sessionBind

		If the value of rbnBindType is not one of these bind types,
                then rbnBindAcl is not instantiated for this entry."

	::= { rbnBindEntry 8 }

rbnBindAuthChap OBJECT-TYPE
	SYNTAX       TruthValue
	MAX-ACCESS   read-create
	STATUS       current
	DESCRIPTION
		"If 'true', specifies that the PPP authentication protocol
		to be used is Challenge Handshake Authentication Protocol.

		This object is applicable only when one of the following
		rbnBindType values is specified:

		authBind
		multiIntfBind
		multiSubBind

		If the value of rbnBindType is not one of these bind types,
                then rbnBindAuthChap is not instantiated for this entry.

		When performing a set operation on a row which involves one of
		these bind types, either rbnBindAuthChap or rbnBindAuthPap or
		both must be specified.

		If both rbnBindAuthChap and rbnBindAuthPap are true,
		then either authentication protocol may be used."

	::= { rbnBindEntry 9 }

rbnBindAuthPap OBJECT-TYPE
	SYNTAX       TruthValue
	MAX-ACCESS   read-create
	STATUS       current
	DESCRIPTION
		"If 'true', specifies that the PPP authentication protocol
		to be used is Password Authentication Protocol.

		This object is applicable only when one of the following
		rbnBindType values is specified:

		authBind
		multiIntfBind
		multiSubBind

		If the value of rbnBindType is not one of these bind types,
                then rbnBindAuthPap is not instantiated for this entry.

		When performing a set operation on a row which involves one of
		these bind types, either rbnBindAuthChap or rbnBindAuthPap or
		both must be specified.

		If both rbnBindAuthChap and rbnBindAuthPap are true,
		then either authentication protocol may be used."

	::= { rbnBindEntry 10 }

rbnBindAuthWait OBJECT-TYPE
	SYNTAX       TruthValue
	MAX-ACCESS   read-create
	STATUS       current
	DESCRIPTION
		"If 'true', specifies that the inbound CHAP authentication
		is completed first.  In other words, after the two sides
		have decided to use CHAP, the SMS waits for the inbound
		side to initiate athentication.

		If 'true', rbnBindAuthChap must also be specified.

		This object is applicable only when one of the following
		rbnBindType values is specified:

		authBind
		multiIntfBind
		multiSubBind

		If the value of rbnBindType is not one of these bind types,
                then rbnBindAuthWait is not instantiated for this entry.

		When performing a set operation on a row which involves
		this bind type, specification of this column is optional.
		If not specified, this object will not be instantiated."

	::= { rbnBindEntry 11 }

rbnBindAuthPapFirst OBJECT-TYPE
	SYNTAX       TruthValue
	MAX-ACCESS   read-create
	STATUS       current
	DESCRIPTION
		"If 'true', specifies that Password Authentication
		Protocol (PAP) shall be negotiated before Challenge
		Handshake Authentication Protocol (CHAP).  IF 'false',
		then CHAP is negotiated before PAP.

		With SNMP get operations, both rbnBindAuthChap and
		rbnBindAuthPap must be true or this object is not
		instantiated.

		With SNMP set operations, if 'true', then both
		rbnBindAuthChap and rbnBindAuthPap must also be specified
		as 'true'.

		This object is applicable only when one of the following
		rbnBindType values is specified:

		authBind
		multiIntfBind
		multiSubBind

		If the value of rbnBindType is not one of these bind types,
		then rbnBindAuthPapFirst is not instantiated for this entry.

		When performing a set operation on a row which involves one of
		these bind types, specification of this column is optional.
		If not specified, this object will not be instantiated."

	::= { rbnBindEntry 12 }

rbnBindMaxSessions OBJECT-TYPE
	SYNTAX       Unsigned32(1..65535)
	MAX-ACCESS   read-create
	STATUS       current
	DESCRIPTION
		"The maximum number of concurrent sessions allowed on the
		circuit.  Applicable only to circuits which have an
		encapsulation of type PPPoE.  If the circuit is not of
		this type, then this entry is ignored.

		Specification of this column for a given row is optional.
		If not specified, this object will not be instantiated.

		This object is applicable only when one of the following
		rbnBindType values is specified:

		authBind
		sessionBind
		multiIntfBind
		multiSubBind
		multiClipsBind

		If the value of rbnBindType is not one of these bind types,
                then rbnBindMaxSessions is not instantiated for this entry.

		The maximum number of concurrent sessions allowed on the
		circuit depends on the platform as specified in the
		table below:

		Platform	Sessions	MemSize
		--------	--------	-------
		SMS10000	65535
		SMS1800/1000	10000		64MB FE
		SMS1800/1000	8000		48MB FE
		SMS1800/1000	4000		32MB FE
		SMS1800/1000	4000		16MB FE
		SMS1800/1000	4000		8MB FE
		SMS500		2000"

	::= { rbnBindEntry 13 }

rbnBindPvcSlot OBJECT-TYPE
	SYNTAX       RbnSlot
	MAX-ACCESS   read-create
	STATUS       current
	DESCRIPTION
		"The chassis slot number associated with this binding.

		Use of the 'dot1qBind' type is for binding an ATM or
		Frame Relay PVC to an Ethernet port using the specified
		VLAN ID in rbnBindVpn.

		This object is applicable only when one of the following
		rbnBindType values is specified:

		dot1qBind

		If the value of rbnBindType is not one of these bind types,
                then rbnBindPvcSlot is not instantiated for this entry."

	::= { rbnBindEntry 14 }

rbnBindPvcPort OBJECT-TYPE
	SYNTAX       RbnPort
	MAX-ACCESS   read-create
	STATUS       current
	DESCRIPTION
		"The chassis port number associated with this binding.

		Use of the 'dot1qBind' type is for binding an ATM or
		Frame Relay PVC to an Ethernet port using the specified
		VLAN ID in rbnBindVpn.

		This object is applicable only when one of the following
		rbnBindType values is specified:

		dot1qBind

		If the value of rbnBindType is not one of these bind types,
                then rbnBindPvcPort is not instantiated for this entry."

	::= { rbnBindEntry 15 }

rbnBindVpn OBJECT-TYPE
	SYNTAX       Unsigned32(2..4094)
	MAX-ACCESS   read-create
	STATUS       current
	DESCRIPTION
		"The specific tag to which the PVC is mapped on the
		specified Ethernet port.

		Use of the 'dot1qBind' type is for binding an ATM or
		Frame Relay PVC to an Ethernet port using the specified
		VLAN ID in rbnBindVpn.

		This object is applicable only when one of the following
		rbnBindType values is specified:

		dot1qBind

		If the value of rbnBindType is not one of these bind types,
                then rbnBindVpn is not instantiated for this entry."

	::= { rbnBindEntry 16 }

rbnBindAuthDhcp OBJECT-TYPE
	SYNTAX       TruthValue
	MAX-ACCESS   read-create
	STATUS       current
	DESCRIPTION
		"If 'true', specifies an authentication mechanism where
		the DHCP server makes a request to the authentication
		subsystem upon receipt of incoming DHCP discover packets.

		This object is applicable only when one of the following
		rbnBindType values is specified:

		multiIntfBind
		multiClipsBind

		If the value of rbnBindType is not one of these bind types,
		then rbnBindAuthDhcp is not instantiated for this entry.

		When performing a set operation on a row which involves one of
		these bind types, if either rbnBindAuthChap or rbnBindAuthPap
		or both are specified, then rbnBindAuthDhcp may not be
		specified."

	::= { rbnBindEntry 17 }

--
-- compliance statements
--

rbnBindCompliances OBJECT IDENTIFIER ::= { rbnBindMIBConformance 1 }
rbnBindGroups      OBJECT IDENTIFIER ::= { rbnBindMIBConformance 2 }

rbnBindCompliance MODULE-COMPLIANCE
	STATUS       deprecated
	DESCRIPTION
		"The compliance statement for SNMP entities which implement
		 the RBN-BIND-MIB."
	MODULE      -- this module
	MANDATORY-GROUPS {
		rbnBindConfigGroup
	}
	::= { rbnBindCompliances 1}

rbnBindCompliance2 MODULE-COMPLIANCE
	STATUS       current
	DESCRIPTION
		"The compliance statement for SNMP entities which implement
		 the RBN-BIND-MIB."
	MODULE      -- this module
	MANDATORY-GROUPS {
		rbnBindConfigGroup2
	}
	::= { rbnBindCompliances 2}

--
-- groupings
--

rbnBindConfigGroup	OBJECT-GROUP
	OBJECTS {
		rbnBindType,
		rbnBindName,
		rbnBindContext,
		rbnBindPassword,
		rbnBindAuthContext,
		rbnBindServiceGrp,
		rbnBindAcl,
		rbnBindAuthChap,
		rbnBindAuthPap,
		rbnBindAuthWait,
		rbnBindAuthPapFirst,
		rbnBindMaxSessions,
		rbnBindPvcSlot,
		rbnBindPvcPort,
		rbnBindVpn
	}
	STATUS       deprecated
	DESCRIPTION
		"The collection of all objects applicable for all values of
		rbnBindType."
	::= { rbnBindGroups 1}

rbnBindConfigGroup2	OBJECT-GROUP
	OBJECTS {
		rbnBindType,
		rbnBindName,
		rbnBindContext,
		rbnBindPassword,
		rbnBindAuthContext,
		rbnBindServiceGrp,
		rbnBindAcl,
		rbnBindAuthChap,
		rbnBindAuthPap,
		rbnBindAuthWait,
		rbnBindAuthPapFirst,
		rbnBindMaxSessions,
		rbnBindPvcSlot,
		rbnBindPvcPort,
		rbnBindVpn,
		rbnBindAuthDhcp
	}
	STATUS       current
	DESCRIPTION
		"The collection of all objects applicable for all values of
		rbnBindType."
	::= { rbnBindGroups 2}

END

