--**MOD+***********************************************************************
--* Module: hpicfLma.mib
--*
--* Copyright (C) 2016 Hewlett Packard Enterprise Development Company LP
--* All Right Reserved.
--*
--* The contents of this software are proprietary and confidential
--* to the Hewlett Packard Enterprise Development Company LP.  No part of this
--* program may be photocopied, reproduced, or translated into another
--* programming language without prior written consent of the
--* Hewlett Packard Enterprise Development Company LP.
--*
--*Purpose: This file contains MIB definition of HP-ICF-LMA-MIB
--*
--**MOD-**************************************************************************

HP-ICF-LMA-MIB DEFINITIONS ::= BEGIN

    IMPORTS
        hpSwitch
            FROM HP-ICF-OID
        InterfaceIndex
            FROM IF-MIB            
        VidList
            FROM HP-ICF-TC
        OBJECT-GROUP, MODULE-COMPLIANCE
            FROM SNMPv2-CONF
        Integer32, Unsigned32, OBJECT-TYPE, Counter32, MODULE-IDENTITY
            FROM SNMPv2-SMI
        TruthValue, MacAddress, RowStatus, DisplayString
            FROM SNMPv2-TC
        HpAutzUserRoleName
            FROM HP-AUTZ-MIB;
                    
    hpicfLmaMIB MODULE-IDENTITY
    
        LAST-UPDATED "201810300000Z"
        ORGANIZATION "HP Networking"
        CONTACT-INFO 
           "Hewlett-Packard Enterprise Company
            8000 Foothills Blvd.
            Roseville, CA 95747"
        DESCRIPTION
           "This MIB module describes objects for managing
            the Local MAC Authentication feature of devices 
            in the HP Integrated Communication Facility
            product line."
	REVISION     "201810300000Z"  -- October 30, 2018
	DESCRIPTION
	   "Added hpicfLmaUnauthVidLLDPNwkPolicy."
        REVISION     "201706280710Z"     -- June 28, 2017 at 00:00 GMT
        DESCRIPTION
           "Added mac-pinning related MIB Object."

        REVISION     "201602120710Z"     -- February 12, 2016 at 07:10 GMT
        DESCRIPTION
           "Added user role support."

        REVISION     "201304100900Z"     -- April 10, 2013  at 09:00 GMT
        DESCRIPTION
           "Initial version of Local MAC Authentication MIB module."

        ::= { hpSwitch 97 }
        
--
-- Node definitions
--

-- Top-level structure of MIB       
    -- 1.3.6.1.4.1.11.2.14.11.5.1.93
    
    -- 1.3.6.1.4.1.11.2.14.11.5.1.93.0
    hpicfLmaNotifications  OBJECT IDENTIFIER ::= { hpicfLmaMIB 0}
    hpicfLmaObjects        OBJECT IDENTIFIER ::= { hpicfLmaMIB 1}
    hpicfLmaConformance    OBJECT IDENTIFIER ::= { hpicfLmaMIB 2}

    hpicfLmaConfigObjects OBJECT IDENTIFIER ::= { hpicfLmaObjects 1}
    hpicfLmaStatsObjects  OBJECT IDENTIFIER ::= { hpicfLmaObjects 2}

    hpicfLmaScalarObjects OBJECT IDENTIFIER ::= { hpicfLmaConfigObjects 1}

    hpicfLmaMacGrpTable OBJECT-TYPE
            SYNTAX          SEQUENCE OF HpicfLmaMacGrpEntry
            MAX-ACCESS      not-accessible
            STATUS          current
            DESCRIPTION
                "This table is to create MAC group, which is 
                 a collection Of MAC address/MAC OUI/MAC mask.
                 There can be a maximum of 256 MAC groups."
            ::= { hpicfLmaConfigObjects 2}

    hpicfLmaMacGrpEntry OBJECT-TYPE
            SYNTAX          HpicfLmaMacGrpEntry
            MAX-ACCESS      not-accessible
            STATUS          current
            DESCRIPTION
                "This table is to create MAC group, which is 
                 a collection Of MAC address/MAC OUI/MAC mask.
                 There can be a maximum of 256 MAC groups."
            INDEX           { hpicfLmaMacGrpName }
            ::= { hpicfLmaMacGrpTable 1 }

    HpicfLmaMacGrpEntry ::= SEQUENCE {
            hpicfLmaMacGrpName
                DisplayString,
            hpicfLmaMacGrpRowStatus
                RowStatus
    }
   
    hpicfLmaMacGrpName  OBJECT-TYPE
            SYNTAX          DisplayString (SIZE (1..32))
            MAX-ACCESS      not-accessible
            STATUS          current
            DESCRIPTION
                "Name of the MAC group. A name can have maximum 32
                 characters."
            ::= { hpicfLmaMacGrpEntry 1 }

    hpicfLmaMacGrpRowStatus OBJECT-TYPE
            SYNTAX          RowStatus
            MAX-ACCESS      read-create
            STATUS          current
            DESCRIPTION 
                "Status of this row, by which new entries may be created
                 or existing entries deleted from this table."
            ::= { hpicfLmaMacGrpEntry 2}

--This table associates MAC-clients with MAC-Group.Each MAC group can
--have set of MAC-clients.attributes (such as tagged vlan/untagged
--vlan/CoS) can be applied on these MAC groups for LMA.


    hpicfLmaMacTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF HpicfLmaMacEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "This table stores MAC address/MAC OUI/MAC mask bound to
             a MAC group.A MAC group can be associated to a maximum of
             120 entries, Each entry is equivalent to one record in
             hpicfLmaMacTable and there can be a maximum of 256 
             records."
        ::= { hpicfLmaConfigObjects 3}

    hpicfLmaMacEntry OBJECT-TYPE
        SYNTAX          HpicfLmaMacEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "This table stores MAC address/MAC OUI/MAC mask bound to
             a MAC group.A MAC group can be associated to a maximum of
             120 entries, Each entry is equivalent to one record in
             hpicfLmaMacTable and there can be a maximum of 256 
             records."
        INDEX  { hpicfLmaMacGrpName, hpicfLmaMacType, hpicfLmaMacValue }   
        ::= { hpicfLmaMacTable 1 }

    HpicfLmaMacEntry ::= SEQUENCE {
        hpicfLmaMacType
            INTEGER,
        hpicfLmaMacValue
            OCTET STRING,
        hpicfLmaMacRowStatus
            RowStatus
    }

    hpicfLmaMacType    OBJECT-TYPE
        SYNTAX     INTEGER {
                       macAddress(1),
                       macMask (2),
                       macOui(3)
                   }
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION 
            "This object specifies whether the type of MAC Address is:

                     macAddress(1) 
                         Fully qualified MAC address. 

                     macMask(2) 
                         MAC address prefiX. Only 32 & 40 bits are allowed.

                     macOUI(3)
                         24 bit organizationally unique identifier."

        ::= { hpicfLmaMacEntry 1 }

    hpicfLmaMacValue OBJECT-TYPE
        SYNTAX         OCTET STRING (SIZE(3..6))
        MAX-ACCESS     not-accessible
        STATUS         current
        DESCRIPTION    
            "This is to specify the value for the hpicfLmaMacType, 
             value should be in conjunction with MAC Type."
        ::= { hpicfLmaMacEntry 2}

    hpicfLmaMacRowStatus OBJECT-TYPE
            SYNTAX          RowStatus
            MAX-ACCESS      read-create
            STATUS          current
            DESCRIPTION     
                "Status of this row, by which new entries may be created
                 or existing entries deleted from this table."
            ::= { hpicfLmaMacEntry 3 }

-- LMA Profile Table : To Create LMA Profile which can be associated
-- to MAC Clients.
-- Profile can have set of attributes such as untagged vlanid, list 
-- of tagged vlans CoS value.maximum allowed tagged vlan in a profile
-- is 50. Profiles are not applied when hpSwitchAutzUserRoleEnabled
-- is true.

    hpicfLmaProfileTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF HpicfLmaProfileEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     
            "This is to create the profile which can be associated to
             a MAC group/MAC address/MAC OUI/MAC mask. A profile
             is a collection of attributes. Profiles are not applied
             when hpSwitchAutzUserRoleEnabled is true."
        ::= { hpicfLmaConfigObjects 4}

    hpicfLmaProfileEntry OBJECT-TYPE
        SYNTAX          HpicfLmaProfileEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     
            "This is to create the profile which can be associated
             to a MAC group/MAC address/MAC OUI/MAC mask.A profile
             is a collection of attributes."
        INDEX           { hpicfLmaProfileName }
        ::= { hpicfLmaProfileTable 1 }

    HpicfLmaProfileEntry ::= SEQUENCE {
        hpicfLmaProfileName
            DisplayString, 
        hpicfLmaProfileUntaggedVid
            Integer32,
        hpicfLmaProfileTaggedVids
            VidList,
        hpicfLmaProfileCoS
            Integer32,
        hpicfLmaProfileIsAssociated
            TruthValue,
        hpicfLmaProfileRowStatus
            RowStatus
    }

    hpicfLmaProfileName  OBJECT-TYPE
        SYNTAX          DisplayString (SIZE (1..32))
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION 
             "This object contains the name of Local MAC 
              Authentication profile."                
        ::= { hpicfLmaProfileEntry 1 }

    hpicfLmaProfileUntaggedVid  OBJECT-TYPE
        SYNTAX         Integer32 (0..4094) 
        MAX-ACCESS     read-create
        STATUS         current
        DESCRIPTION    
            "Untagged VLAN ID.A value of 0 implies that untagged VLAN
             ID is not configured for this profile.Only one untagged
             VLAN ID can be associated with the profile."
        DEFVAL         { 0 }
        ::= { hpicfLmaProfileEntry 2 }

    hpicfLmaProfileTaggedVids  OBJECT-TYPE
        SYNTAX          VidList
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION     
            "Tagged VLANs.A maximum of 50 tagged VLANs can be
             can be associated with the profile."

        ::= { hpicfLmaProfileEntry 3 }

    hpicfLmaProfileCoS  OBJECT-TYPE
        SYNTAX          Integer32 (-1..7) 
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION     
            "CoS value to be associated with this profile.A value of
             -1 indicates that CoS is not configured for this 
             profile."
        ::= { hpicfLmaProfileEntry 4 }

    hpicfLmaProfileIsAssociated  OBJECT-TYPE
        SYNTAX  TruthValue
        MAX-ACCESS     read-only
        STATUS         current
        DESCRIPTION    
            "This object is to check whether any MAC is associated
             to this profile.A value of TRUE indicates that it is
             associated to MAC entry and FALSE indicates that it is
             not associated to any of the MAC entry."
        ::= { hpicfLmaProfileEntry 5 }

    hpicfLmaProfileRowStatus OBJECT-TYPE
        SYNTAX          RowStatus
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION     
            "Status of this row, by which new entries may be created
             or existing entries deleted from this table."
        ::= { hpicfLmaProfileEntry 6}

    hpicfLmaAssociationTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF HpicfLmaAssociationEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     
            "This is association table between profile and MAC 
             entries. This table is not used when 
             hpSwitchAutzUserRoleEnabled is true."
        ::= { hpicfLmaConfigObjects 5}

    hpicfLmaAssociationEntry OBJECT-TYPE
        SYNTAX          HpicfLmaAssociationEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     
            "This is association table between the profile and MAC 
             entries."
        INDEX       { hpicfLmaProfileName, hpicfLmaAssociationMacType,
                      hpicfLmaAssociationMacValue } 
        ::= { hpicfLmaAssociationTable 1 }

    HpicfLmaAssociationEntry ::= SEQUENCE {
        hpicfLmaAssociationMacType
            INTEGER,
        hpicfLmaAssociationMacValue
            OCTET STRING,
        hpicfLmaAssociationRowStatus
            RowStatus
    }
             
    hpicfLmaAssociationMacType    OBJECT-TYPE
        SYNTAX   INTEGER {
                    macGrp(0),
                    macAddress(1),
                    macMask (2),
                    macOui(3)
            }
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION   
            "This object specifies whether the type of MAC address is:
                        macGrp(0)
                           MAC group which contains a group of MAC 
                           Entry.
                        macAddress(1) 
                           Fully qualified MAC address. 
                        macMask(2) 
                           MAC address prefix. Only 32 & 40 bits are
                           allowed.
                        macOUI(3)
                           24 bit organizationally unique identifier."
        ::= { hpicfLmaAssociationEntry 2 }

    hpicfLmaAssociationMacValue OBJECT-TYPE
        SYNTAX         OCTET STRING(SIZE (1..32))
        MAX-ACCESS     not-accessible
        STATUS         current
        DESCRIPTION    
            "This object specifies the MAC value. This value should 
             be in conjunction with hpicfLmaAssociationMacType."
        ::= { hpicfLmaAssociationEntry 4}

    hpicfLmaAssociationRowStatus OBJECT-TYPE
        SYNTAX          RowStatus
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION  
            "Status of this row, by which new entries may be created
             or existing entries deleted from this table."
        ::= { hpicfLmaAssociationEntry 5 }      
        
--  hpicfLmaConfigTable
--      This table is to configure Local Mac Authentication attributes with eaach port.
           
    hpicfLmaConfigTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF HpicfLmaConfigEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "A table that contains the configuration objects for
             Local MAC based Authentication associated with each port.
             An entry appears in this table for each port that may
             authenticate access to itself."
        ::= { hpicfLmaConfigObjects 6 }
  
  
    hpicfLmaConfigEntry OBJECT-TYPE
        SYNTAX HpicfLmaConfigEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "A table that contains the configuration objects for
             Local MAC based Authentication associated with each port.
             An entry appears in this table for each port that may
             authenticate access to itself."
        INDEX { hpicfLmaPortNumber }
    ::= { hpicfLmaConfigTable 1 }
  
  
    HpicfLmaConfigEntry ::=
        SEQUENCE {   
            hpicfLmaPortNumber
                InterfaceIndex,
            hpicfLmaClientLimit
                Integer32,
            hpicfLmaQuietPeriod
                Integer32,
            hpicfLmaLogoffPeriod
                Integer32,
            hpicfLmaAuthVid
                Integer32,
            hpicfLmaUnauthVid
                Integer32,
            hpicfLmaUnAuthPeriod
                Integer32,
            hpicfLmaReauthenticate
                TruthValue,
            hpicfLmaMacPin
                TruthValue,
	    hpicfLmaUnauthVidLLDPNwkPolicy 
                TruthValue
        }
  
    hpicfLmaPortNumber OBJECT-TYPE
        SYNTAX InterfaceIndex
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The port number associated with this switch port."
        ::= { hpicfLmaConfigEntry 1 }

      
    hpicfLmaClientLimit OBJECT-TYPE
        SYNTAX Integer32 (1..256)
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "The maximum number of authenticated clients to allow on
             the port."
        DEFVAL { 1 }
        ::= { hpicfLmaConfigEntry 2 }
  
    hpicfLmaQuietPeriod OBJECT-TYPE
        SYNTAX Integer32 (1..65535)
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Specifies the time, in seconds, that the switch should
             refrain from re-attempting an authentication request for
             a client whose credentials were rejected."
        DEFVAL { 60 }
        ::= { hpicfLmaConfigEntry 4 }
  
    hpicfLmaLogoffPeriod OBJECT-TYPE
        SYNTAX Integer32 (1..999999999)
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Specifies the period, in seconds, at which an
             authenticated client will be considered unauthenticated
             due to lack of activity (i.e. traffic originating
             from client)."
        DEFVAL { 300 }
        ::= { hpicfLmaConfigEntry 5 }
  
    hpicfLmaAuthVid OBJECT-TYPE
        SYNTAX Integer32 (0..4094)
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Specifies the port VID (PVID) that should be used for
             an authenticated client. When hpSwitchAutzUserRoleEnabled
             is true, this value may be superseded by the value of
             hpSwitchAutzUserRoleVlanId or hpSwitchAutzUserRoleVlanName
             from the client's assigned role.  "
        ::= { hpicfLmaConfigEntry 7 }
    
    hpicfLmaUnauthVid OBJECT-TYPE
        SYNTAX Integer32 (0..4094)
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Specifies the port VID (PVID) that should be used for
             an unauthenticated client. When hpSwitchAutzUserRoleEnabled
             is true, this value may be superseded by the value of
             hpSwitchAutzUserRoleVlanId or hpSwitchAutzUserRoleVlanName
             from the role identified by hpSwitchAutzUserRoleInitialRoleName."
          ::= { hpicfLmaConfigEntry 8 }
  
    hpicfLmaUnAuthPeriod OBJECT-TYPE
        SYNTAX Integer32 (0..65535)
        UNITS "seconds"
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Specifies the period, in seconds, at which a client will be
             placed into guest vlan, or assigned the role identified by 
             hpSwitchAutzUserRoleInitialRoleName when
             hpSwitchAutzUserRoleEnabled is true, if it fails authentication."
        DEFVAL { 0 }
        ::= { hpicfLmaConfigEntry 9 }
 
    hpicfLmaReauthenticate OBJECT-TYPE
        SYNTAX  TruthValue
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "The reauthentication control for this port. Setting this 
             attribute TRUE forces all authenticated clients to 
             re-authenticate themselves. Setting this attribute FALSE
             has no effect. This attribute always returns FALSE
             when read."
        ::= { hpicfLmaConfigEntry 10 } 

    hpicfLmaMacPin OBJECT-TYPE
        SYNTAX  TruthValue
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Enables MAC-Pinning on this port. Setting this
             attribute TRUE pins the authenticated MAC 
             addresses to the Mac address table. 
             Authenticated clients  will not be 
             de-authenticated even when clients are inactive 
             throughout the logoff period."
        DEFVAL { 2 }
        ::= { hpicfLmaConfigEntry 11 }

    hpicfLmaUnauthVidLLDPNwkPolicy OBJECT-TYPE
        SYNTAX       TruthValue
        MAX-ACCESS   read-write
        STATUS       current
        DESCRIPTION  "Setting this attribute TRUE(1) will suppress
                      the transmission of LLDP Network Policy TLV
                      from port when an unauthorized client is placed
                      in unauth VLAN during Local MAC authentication."
        DEFVAL { false }
        ::= { hpicfLmaConfigEntry 12 }

-- hpicfLmaUserRoleAssociationTable : A table of associations between user
-- role and MAC entries.

    hpicfLmaUserRoleAssociationTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF HpicfLmaUserRoleAssociationEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     
            "A table of associations between user role and MAC entries."
        ::= { hpicfLmaConfigObjects 7 }

    hpicfLmaUserRoleAssociationEntry OBJECT-TYPE
        SYNTAX          HpicfLmaUserRoleAssociationEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     
            "The association table entry."
        INDEX       { hpicfLmaUserRoleAssociationName, hpicfLmaUserRoleAssociationMacType,
                      hpicfLmaUserRoleAssociationMacValue } 
        ::= { hpicfLmaUserRoleAssociationTable 1 }

    HpicfLmaUserRoleAssociationEntry ::= SEQUENCE {
    	hpicfLmaUserRoleAssociationName
            HpAutzUserRoleName,
        hpicfLmaUserRoleAssociationMacType
            INTEGER,
        hpicfLmaUserRoleAssociationMacValue
            OCTET STRING,
        hpicfLmaUserRoleAssociationRowStatus
            RowStatus
    }
	
    hpicfLmaUserRoleAssociationName OBJECT-TYPE
        SYNTAX      HpAutzUserRoleName
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION "The name of this user role."
        ::= { hpicfLmaUserRoleAssociationEntry 1 }
             
    hpicfLmaUserRoleAssociationMacType    OBJECT-TYPE
        SYNTAX   INTEGER {
                    macGrp(0),
                    macAddress(1),
                    macMask (2),
                    macOui(3)
            }
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION   
            "This object specifies whether the type of MAC address is:
                        macGrp(0)
                           MAC group which contains a group of MAC 
                           Entry.
                        macAddress(1) 
                           Fully qualified MAC address. 
                        macMask(2) 
                           MAC address prefix. Only 32 & 40 bits are
                           allowed.
                        macOUI(3)
                           24 bit organizationally unique identifier."
        ::= { hpicfLmaUserRoleAssociationEntry 2 }

    hpicfLmaUserRoleAssociationMacValue OBJECT-TYPE
        SYNTAX         OCTET STRING(SIZE (1..32))
        MAX-ACCESS     not-accessible
        STATUS         current
        DESCRIPTION    
            "This object specifies the MAC value. This value should 
             be used in conjunction with the
             hpicfLmaUserRoleAssociationMacType."
        ::= { hpicfLmaUserRoleAssociationEntry 3 }

    hpicfLmaUserRoleAssociationRowStatus OBJECT-TYPE
        SYNTAX          RowStatus
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION  
            "Status of this row, by which new entries may be created
             or existing entries deleted from this table."
        ::= { hpicfLmaUserRoleAssociationEntry 4 }      


  -- hpicfLmaAssocActiveTable : Display Active MAC clients associated
  -- with Profiles.

    hpicfLmaAssocActiveTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF HpicfLmaAssocActiveEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     
            "This is an association table to display all the MAC clients
             that are active for a given profile."

        ::= { hpicfLmaStatsObjects 2 }

    hpicfLmaAssocActiveEntry OBJECT-TYPE
        SYNTAX          HpicfLmaAssocActiveEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     
            "This is an association table to display all the MAC 
             clients that are active for a given profile."
        INDEX           { hpicfLmaAssocActiveProfileName, 
                          hpicfLmaAssocActiveMacAddress }
        ::= { hpicfLmaAssocActiveTable 1 }

    HpicfLmaAssocActiveEntry ::= SEQUENCE {
            hpicfLmaAssocActiveProfileName
                DisplayString,
            hpicfLmaAssocActiveMacAddress
                MacAddress 
    }

    hpicfLmaAssocActiveProfileName  OBJECT-TYPE
        SYNTAX          DisplayString (SIZE (1..32))
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     
            "This object contains the name of Local MAC
             authentication profile."
        ::= { hpicfLmaAssocActiveEntry 1 }

    hpicfLmaAssocActiveMacAddress OBJECT-TYPE
        SYNTAX         MacAddress
        MAX-ACCESS     read-only
        STATUS         current
        DESCRIPTION    
            "This object specifies the MAC address of the client."
        ::= { hpicfLmaAssocActiveEntry 2 }

                                                 
  -- LMA client Session Statistics Table
       
  
    hpicfLmaSessionStatsTable OBJECT-TYPE
        SYNTAX SEQUENCE OF HpicfLmaSessionStatsEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "A table that contains session statistic objects
             for each client (i.e. user) attempting to
             authenticate to a port with MAC authentication
             enabled. An entry appears in this table for each
             port in the switch."
        ::= { hpicfLmaStatsObjects 1 }
     
    hpicfLmaSessionStatsEntry OBJECT-TYPE
        SYNTAX HpicfLmaSessionStatsEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The session statistics information for a port with
             MAC based authentication enabled. This shows
             the current values being collected for active sessions."
        INDEX { hpicfLmaPortNumber, hpicfLmaSessionMacAddr }
        ::= { hpicfLmaSessionStatsTable 1 }
  
    HpicfLmaSessionStatsEntry ::=
        SEQUENCE {
            hpicfLmaSessionMacAddr
                MacAddress,
            hpicfLmaSessionState
                INTEGER,
            hpicfLmaSessionStateTime
                Unsigned32,
            hpicfLmaSessionAuthVid
                Integer32,
            hpicfLmaSessionUnauthVid
                Integer32,
            hpicfLmaSessionUsrNumberCnt
                Counter32,
            hpicfLmaSessionUserRole
                HpAutzUserRoleName
        }
     
    hpicfLmaSessionMacAddr OBJECT-TYPE
        SYNTAX MacAddress
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
              "This object specifies the MAC address of the client."
        ::= { hpicfLmaSessionStatsEntry 1 }
  
      
    hpicfLmaSessionState OBJECT-TYPE
        SYNTAX INTEGER
            {
            authenticated(1),
            unauthenticated(2),
            authenticating(3),
            authReqRejectNoVlan(4),
            authReqRejectUnauthVlan(5),
            authReqTimeoutNoVlan(6),
            authReqTimeoutUnauthVlan(7),
            initialRole(8),
            initialRoleFailed(9)
            }
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "Specifies the state of the client as follows:
            'authenticated'            - authenticated client
            'unauthenticated'          - unauthenticated client,
                                         waiting for credentials
            'authenticating'           - credentials have been sent
                                         for verification, waiting for
                                         response
            'authReqRejectNoVlan'      - credentials invalid; client
                                         does not have access to
                                         unauthenticated VLAN
            'authReqRejectUnauthVlan'  - credentials invalid; client
                                         does have access to
                                         unauthenticated VLAN
            'authReqTimeoutNoVlan'     - credentials could not be
                                         verified; client is still
                                         unauthenticated and does
                                         not have access to
                                         unauthenticated VLAN
            'authReqTimeoutUnauthVlan' - credentials could not be
                                         verified; client is still
                                         unauthenticated, but has
                                         access to unauthenticated
                                         VLAN
            'initialRole'              - client is assigned the initial role
            'initialRoleFailed'        - initial role could not be applied; client
                                         does not have access to the network"
        ::= { hpicfLmaSessionStatsEntry 2 }
  
 
    hpicfLmaSessionStateTime OBJECT-TYPE
        SYNTAX Unsigned32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The duration, in seconds, a client has spent in the
            state specified by hpicfLmaSessionState."
        ::= { hpicfLmaSessionStatsEntry 3 }
  
  
    hpicfLmaSessionAuthVid OBJECT-TYPE
        SYNTAX Integer32 (0..4094)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "This object specifies the PVID that the authenticated 
             client is utilizing. If the client is unauthenticated,
             this object has no meaning."
        ::= { hpicfLmaSessionStatsEntry 4 }
  
      
    hpicfLmaSessionUnauthVid OBJECT-TYPE
        SYNTAX Integer32 (0..4094)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "This object specifies the PVID that the unauthenticated
             client is utilizing. If the client is authenticated,
             this object has no meaning." 
        ::= { hpicfLmaSessionStatsEntry 5 }
  
        
    hpicfLmaSessionUsrNumberCnt OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "This object specifies the number of authenticated clients
             currently present on this port. This does not include the
             clients that are under the process of authentication."
        DEFVAL { 0 }
        ::= { hpicfLmaSessionStatsEntry 6 }

    hpicfLmaSessionUserRole OBJECT-TYPE
        SYNTAX HpAutzUserRoleName
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "When hpSwitchAutzUserRoleEnabled is true, specifies the user
            role of the client."
        ::= { hpicfLmaSessionStatsEntry 7 }

-- ------------------------------------------------------------
-- Conformance
-- ------------------------------------------------------------

   hpicfLmaCompliances  OBJECT IDENTIFIER ::= { hpicfLmaConformance 1 }
   hpicfLmaGroups OBJECT IDENTIFIER ::= { hpicfLmaConformance 2 }
   
-- Compliance Statements

    hpicfLmaCompliance1 MODULE-COMPLIANCE
        STATUS          deprecated
        DESCRIPTION     "The compliance statement"
        MODULE          -- this module
        MANDATORY-GROUPS {
                          hpicfLmaMacGroup,
                          hpicfLmaConfigGroup,
                          hpicfLmaSessionStatsGroup
                         }
        ::= { hpicfLmaCompliances 1 }

    hpicfLmaCompliance2 MODULE-COMPLIANCE
        STATUS          deprecated 
        DESCRIPTION     "The compliance statement"
        MODULE          -- this module
        MANDATORY-GROUPS {
                          hpicfLmaMacGroup1,
                          hpicfLmaConfigGroup1,
                          hpicfLmaSessionStatsGroup1
                         }
        ::= { hpicfLmaCompliances 2 }

    hpicfLmaCompliance3 MODULE-COMPLIANCE
        STATUS          deprecated
        DESCRIPTION     "The compliance statement"
        MODULE          -- this module
        MANDATORY-GROUPS {
                          hpicfLmaMacGroup1,
                          hpicfLmaConfigGroup2,
                          hpicfLmaSessionStatsGroup1
                         }
        ::= { hpicfLmaCompliances 3 }

    hpicfLmaCompliance4 MODULE-COMPLIANCE
        STATUS          current
        DESCRIPTION     "The compliance statement"
        MODULE          -- this module
        MANDATORY-GROUPS {
                          hpicfLmaMacGroup1,
                          hpicfLmaConfigGroup3,
                          hpicfLmaSessionStatsGroup1
                         }
        ::= { hpicfLmaCompliances 4 }

-- units of conformance

    hpicfLmaMacGroup OBJECT-GROUP
        OBJECTS         {
                         hpicfLmaMacGrpRowStatus,
                         hpicfLmaMacRowStatus,
                         hpicfLmaProfileUntaggedVid,
                         hpicfLmaProfileTaggedVids,
                         hpicfLmaProfileCoS,
                         hpicfLmaProfileIsAssociated,
                         hpicfLmaProfileRowStatus,
                         hpicfLmaAssociationRowStatus
                        }
        STATUS deprecated
        DESCRIPTION
            "These objects are used for managing Local MAC
             Authentication configuration parameters."
        ::= { hpicfLmaGroups 1 }        
            
            
    hpicfLmaConfigGroup OBJECT-GROUP
        OBJECTS    {
                    hpicfLmaClientLimit,
                    hpicfLmaQuietPeriod,
                    hpicfLmaLogoffPeriod,
                    hpicfLmaAuthVid,
                    hpicfLmaUnauthVid,
                    hpicfLmaUnAuthPeriod,
                    hpicfLmaReauthenticate
                   }
       STATUS deprecated
       DESCRIPTION
           "A collection of objects providing configuration
            objects for Local MAC authentication associated with
            each port."
       ::= { hpicfLmaGroups 2 }   
       
   hpicfLmaSessionStatsGroup OBJECT-GROUP
    OBJECTS { 
             hpicfLmaAssocActiveMacAddress,
             hpicfLmaSessionState,
             hpicfLmaSessionStateTime,
             hpicfLmaSessionAuthVid,
             hpicfLmaSessionUnauthVid,
             hpicfLmaSessionUsrNumberCnt
            }
    STATUS deprecated
    DESCRIPTION
        "A collection of objects providing statistics about
         current sessions for Local MAC authentication."
    ::= { hpicfLmaGroups 3 }

    hpicfLmaMacGroup1 OBJECT-GROUP
        OBJECTS         {
                         hpicfLmaMacGrpRowStatus,
                         hpicfLmaMacRowStatus,
                         hpicfLmaProfileUntaggedVid,
                         hpicfLmaProfileTaggedVids,
                         hpicfLmaProfileCoS,
                         hpicfLmaProfileIsAssociated,
                         hpicfLmaProfileRowStatus,
                         hpicfLmaAssociationRowStatus,
                         hpicfLmaUserRoleAssociationRowStatus
                        }
        STATUS current
        DESCRIPTION
            "These objects are used for managing Local MAC
             Authentication configuration parameters."
        ::= { hpicfLmaGroups 4 }

    hpicfLmaConfigGroup1 OBJECT-GROUP
        OBJECTS    {
                    hpicfLmaClientLimit,
                    hpicfLmaQuietPeriod,
                    hpicfLmaLogoffPeriod,
                    hpicfLmaAuthVid,
                    hpicfLmaUnauthVid,
                    hpicfLmaUnAuthPeriod,
                    hpicfLmaReauthenticate
                   }
       STATUS deprecated
       DESCRIPTION
           "A collection of objects providing configuration
            objects for Local MAC authentication associated with
            each port."
    ::= { hpicfLmaGroups 5 }

   hpicfLmaSessionStatsGroup1 OBJECT-GROUP
    OBJECTS { 
             hpicfLmaAssocActiveMacAddress,
             hpicfLmaSessionState,
             hpicfLmaSessionStateTime,
             hpicfLmaSessionAuthVid,
             hpicfLmaSessionUnauthVid,
             hpicfLmaSessionUsrNumberCnt,
             hpicfLmaSessionUserRole
            }
    STATUS current
    DESCRIPTION
        "A collection of objects providing statistics about
         current sessions for Local MAC authentication."
    ::= { hpicfLmaGroups 6 }

    hpicfLmaConfigGroup2 OBJECT-GROUP
        OBJECTS    {
                    hpicfLmaClientLimit,
                    hpicfLmaQuietPeriod,
                    hpicfLmaLogoffPeriod,
                    hpicfLmaAuthVid,
                    hpicfLmaUnauthVid,
                    hpicfLmaUnAuthPeriod,
                    hpicfLmaReauthenticate,
                    hpicfLmaMacPin 
                   }
       STATUS deprecated
       DESCRIPTION
           "A collection of objects providing configuration
            objects for Local MAC authentication associated with
            each port."
    ::= { hpicfLmaGroups 7 }
    
    hpicfLmaConfigGroup3 OBJECT-GROUP
        OBJECTS    {
                    hpicfLmaClientLimit,
                    hpicfLmaQuietPeriod,
                    hpicfLmaLogoffPeriod,
                    hpicfLmaAuthVid,
                    hpicfLmaUnauthVid,
                    hpicfLmaUnAuthPeriod,
                    hpicfLmaReauthenticate,
                    hpicfLmaMacPin,
		    hpicfLmaUnauthVidLLDPNwkPolicy
                   }
       STATUS current
       DESCRIPTION
           "A collection of objects providing configuration
            objects for Local MAC authentication associated with
            each port."
    ::= { hpicfLmaGroups 8 }
END

