-- =====================================================================================
-- Copyright (C) 2011 by  HUAWEI TECHNOLOGIES. All rights reserved.
-- Description:  The MIB module defines the IEEE802.1x protocol MIB objects.
--               IEEE802.1x protocol is mainly used to control the link layer access
--               and identity verification for wireless users.
-- Reference:  
-- Version: V3.18
-- =====================================================================================

    HUAWEI-8021x-EXT-MIB DEFINITIONS ::= BEGIN

        IMPORTS 
            huaweiMgmt            
                FROM HUAWEI-MIB            
            dot1xPaePortNumber            
                FROM IEEE8021-PAE-MIB            
            Unsigned32, Integer32, OBJECT-TYPE, MODULE-IDENTITY
                FROM SNMPv2-SMI
            DisplayString, RowStatus,MacAddress            
                FROM SNMPv2-TC;  
    
        hwPae8021xExt MODULE-IDENTITY
            LAST-UPDATED "201105090000Z"
            ORGANIZATION "Huawei Technologies Co.,Ltd."
            CONTACT-INFO 
                "Huawei Industrial Base
                 Bantian, Longgang
                 Shenzhen 518129
                 People's Republic of China
                 Website: http://www.huawei.com
                 Email: support@huawei.com
                "
            DESCRIPTION 
                "The MIB module defines the IEEE802.1x protocol MIB objects.
                 IEEE802.1x protocol is mainly used to control the link layer access
                 and identity verification for wireless users."
                 
            --  Revision history
            REVISION     "201105090000Z"
            DESCRIPTION  "V3.18, modified the range of hwDot1xTemplateIndex and hwDot1xPortFramePool."
            
            REVISION     "201011200000Z"
            DESCRIPTION  "V3.17, modified the descriptions of this MIB file and leaves."
                              
            REVISION     "201007290000Z"
            DESCRIPTION  "V3.16, added hwDot1xMacConflictDetectStatus and format to the MIB 
                          file."
            
            REVISION     "201007220000Z"
            DESCRIPTION  "V3.15, modified the descriptions of this MIB file and leaves."
            
            REVISION     "201003160000Z"
            DESCRIPTION  "V3.14, modified the version of this MIB file."   
               
            REVISION     "200912281030Z"
            DESCRIPTION  "V3.11, modified datatype such as INTEGER to Integer32.
                         Moved DEFVAL into DESCRIPTION. 
                         Modified the default values of dot1xAuthSuppTimeout and hwDot1xHandshakeCount 
                         and added the descriptions of hwDot1xTemplateConfigEntry,hwDot1xPortConfigExtEntry 
                         and hwDot1xPortAuthStatsExtEntry "
            
            REVISION     "200905210000Z"
            DESCRIPTION  "V3.09, changed 'anthenrization' to 'authentication' and 'infomation' to 'information'."
                             
            REVISION     "200211290900Z"
            DESCRIPTION  "V2.00, reunification version based on the Fix-Net MIBs baseline by the MIB Standard community."                
            
            ::= { huaweiMgmt 22 }
            
        hwpaeExtMibObjects OBJECT IDENTIFIER ::= { hwPae8021xExt 1 }
        
        hwdot1xPaeSystem OBJECT IDENTIFIER ::= { hwpaeExtMibObjects 1 }
        
        hwdot1xAuthQuietPeriod OBJECT-TYPE
            SYNTAX Unsigned32
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "Silence period of the system, preventing malicious attack. By 
                 default, it is 60 seconds. DEFVAL { 60 }
                "
            REFERENCE
                " 9.4.1, quietPeriod"
            ::= { hwdot1xPaeSystem 1 }
        
        hwdot1xAuthTxPeriod OBJECT-TYPE
            SYNTAX Unsigned32
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "Interval period of sending EAP_Request/Id packet. By default,30 seconds.DEFVAL { 30 }
                "
            REFERENCE
                " 
                9.4.1, txPeriod
                "            
            ::= { hwdot1xPaeSystem 2 }
        
        hwdot1xAuthSuppTimeout OBJECT-TYPE
            SYNTAX Unsigned32
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "Interval period of waiting for the supplicant to response to EAPoL
                 packet.DEFVAL { 30 }
                "
            REFERENCE
                " 
                9.4.1, suppTimeout
                "
            ::= { hwdot1xPaeSystem 3 }
        
        hwdot1xAuthServerTimeout OBJECT-TYPE
            SYNTAX Unsigned32
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "Configure the period of waiting for the response of Server. By
                 default, it is 30 seconds.DEFVAL { 30 } 
                "
            REFERENCE
                " 
                9.4.1, serverTimeout
                "            
            ::= { hwdot1xPaeSystem 4 }
        
        hwdot1xAuthMaxReq OBJECT-TYPE
            SYNTAX Unsigned32
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "Maximum times of authentication.DEFVAL { 2 }"
            REFERENCE
                " 
                9.4.1, maxReq
                "            
            ::= { hwdot1xPaeSystem 5 }
        
        hwdot1xAuthReAuthPeriod OBJECT-TYPE
            SYNTAX Unsigned32
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "Configure the reauthentication period. By default, it is 3600
                 seconds.DEFVAL { 3600 }.
                "
            REFERENCE
                " 
                9.4.1, reAuthPeriod
                "            
            ::= { hwdot1xPaeSystem 6 }
        
        hwdot1xPaeAuthenticator OBJECT IDENTIFIER ::= { hwpaeExtMibObjects 2 }
        
        hwdot1xAuthConfigExtTable OBJECT-TYPE
            SYNTAX SEQUENCE OF Hwdot1xAuthConfigExtEntry
            MAX-ACCESS not-accessible
            STATUS current
            DESCRIPTION
                "It is an extension of the public MIB table dot1xAuthConfigTable, with certain 
                 leaves added for describing the configuration of the object of the port 
                 authenticator. The index of this table is dot1xPaePortNumber.
                "
            REFERENCE
                " 
                9.4.1 Authenticator Configuration
                "
            ::= { hwdot1xPaeAuthenticator 1 }
        
        hwdot1xAuthConfigExtEntry OBJECT-TYPE
            SYNTAX Hwdot1xAuthConfigExtEntry
            MAX-ACCESS not-accessible
            STATUS current
            DESCRIPTION
                "It is an extension of the public MIB table dot1xAuthConfigTable, with certain 
                 leaves added for describing the configuration of the object of the port 
                 authenticator. The index of this entry is dot1xPaePortNumber.
                "
            INDEX { dot1xPaePortNumber }
            ::= { hwdot1xAuthConfigExtTable 1 }
        
        Hwdot1xAuthConfigExtEntry ::=
            SEQUENCE { 
                hwdot1xpaeportAuthAdminStatus
                    INTEGER,
                hwdot1xpaeportControlledType
                    INTEGER,
                hwdot1xpaeportMaxUserNum
                    Integer32,
                hwdot1xpaeportUserNumNow
                    Integer32,
                hwdot1xpaeportClearStatistics
                    INTEGER,
                hwDot1xAuthHandshakeSwitch
                    INTEGER,
                hwDot1xAuthHandshakeCount
                    Integer32,
                hwDot1xAuthHandshakeInterval
                    Integer32, 
                hwDot1xAuthIfEAPEnd
                    INTEGER                                  
                }

        hwdot1xpaeportAuthAdminStatus OBJECT-TYPE
            SYNTAX INTEGER
                {
                enabled(1),
                disabled(2)
                }
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "Indicates he switch of port protocol, enabling or disenabling port 8021X.
                 Options:
                 1. enabled(1)  -indicates port 8021X is enabled
                 2. disabled(2) -indicates port 8021X is disabled
                "
            DEFVAL { 2 }
            ::= { hwdot1xAuthConfigExtEntry 1 }
        
        hwdot1xpaeportControlledType OBJECT-TYPE
            SYNTAX INTEGER
                {
                port(1),
                mac(2)
                }
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "Port Access Control type, base port access control or base MAC 
                 access control.
                 Options:
                 1. port(1) -base port access control
                 2. mac(2)  -base MAC access control                 
                "
            DEFVAL { 2 }
            ::= { hwdot1xAuthConfigExtEntry 2 }
        
        hwdot1xpaeportMaxUserNum OBJECT-TYPE
            SYNTAX Integer32
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "Indicates the maximum number of online users in a port.
                "
            DEFVAL { 256 }
            ::= { hwdot1xAuthConfigExtEntry 3 }    
        
        hwdot1xpaeportUserNumNow OBJECT-TYPE
            SYNTAX Integer32
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "Indicates the number of online users in a port now.
                "
            ::= { hwdot1xAuthConfigExtEntry 4 }
        
        hwdot1xpaeportClearStatistics OBJECT-TYPE
            SYNTAX INTEGER { clear(1) }
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "Indicates clear various Statistics viz. 
                 Options:
                 1. clear(1)  -indicates clearing various statistics viz
                "
            ::= { hwdot1xAuthConfigExtEntry 5 }     

        hwDot1xAuthHandshakeSwitch OBJECT-TYPE
            SYNTAX INTEGER {open(1),close(0)}
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "Indicates the status of the handshake function.
                 Options:
                 1. open(1)  -indicates the handshake function is enabled
                 2. close(0) -indicates the handshake function is disabled
                 Default: close(0)
                "
            DEFVAL { 0 }
            ::= { hwdot1xAuthConfigExtEntry 6 }       
            
        hwDot1xAuthHandshakeCount OBJECT-TYPE
            SYNTAX Integer32 (0..10)
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "Indicates the permitted handshake failures.
                 Range: 0-10
                 The value 0 is meaningless in current version.
                 Default: 3
                "
            DEFVAL { 0 }
            ::= { hwdot1xAuthConfigExtEntry 7 }
        
        hwDot1xAuthHandshakeInterval OBJECT-TYPE
            SYNTAX Integer32 (1..1800)
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "Indicates the handshake interval.
                 Unit: second
                 Range: 1-1800
                 Default: 15s
                "
            DEFVAL { 20 }
            ::= { hwdot1xAuthConfigExtEntry 8 }  
            
        hwDot1xAuthIfEAPEnd OBJECT-TYPE
            SYNTAX  INTEGER{eapEnd(1),eapRelay(2)}
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "Indicates which EAP authentication mode is adopted for port or virtual port. 
                 In the 802.1x function, the authentication packet can be processed in two modes: EAP end and EAP relay.
                 Options:
                 1. eapEnd(1)   -indicates the EAP authentication mode is eapEnd
                 2. eapRelay(2) -indicates the EAP authentication mode is eapRelay
                 Default: eapReplay(2)
                "
            DEFVAL {2}
            ::= { hwdot1xAuthConfigExtEntry 9 }
                                                                       
        hwDot1xMibObjects OBJECT IDENTIFIER ::= {  hwpaeExtMibObjects 3  } 
       
        hwDHCPTripperStatus OBJECT-TYPE 
        SYNTAX   INTEGER { enabled(1), disabled(2) }            
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "The device processes the DHCP DISCOVER and DHCP REQUEST packets only after 
             the DHCP-trigger authentication function is enabled. Otherwise, the device 
             does not process the DHCP DISCOVER or DHCP REQUEST packet. After the 
             DHCP-trigger authentication function is enabled, the device triggers the 
             authentication when receiving the DHCP DISCOVER and DHCP REQUEST packets.
             Indicates the status of the DHCP-trigger authentication function of the device.
             Options:
             1. enabled(1)  -indicates the DHCP-trigger authentication function is enabled
             2. disabled(2) -indicates the DHCP-trigger authentication function is disabled
             Default: disable(2)
            "
        
        ::= { hwDot1xMibObjects 1 }
                                          
                                        
        hwDot1xTemplateConfigTable OBJECT-TYPE
            SYNTAX SEQUENCE OF HwDot1xTemplateConfigEntry
            MAX-ACCESS not-accessible
            STATUS current
            DESCRIPTION
                "It is used to configure the profile used to control the user authentication 
                 through 802.1x. Profile 1 exists permanently, and it cannot be created or deleted. 
                 Other profiles can be created or deleted. The index of this table is hwDot1xTemplateIndex. 
                 This table supports only the profile mode. To create a profile, set hwDot1xTempRowStatus 
                 to createAndGo(4). The index is the ID of the profile to be created. To delete a profile, 
                 set hwDot1xTempRowStatus to destroy(6). The index is the ID of the profile to be deleted.
                "
            ::= { hwDot1xMibObjects 2 }
        
        hwDot1xTemplateConfigEntry OBJECT-TYPE
            SYNTAX HwDot1xTemplateConfigEntry
            MAX-ACCESS not-accessible
            STATUS current
            DESCRIPTION
                "It is used to configure the profile used to control the user authentication 
                 through 802.1x. Profile 1 exists permanently, and it cannot be created or deleted. 
                 Other profiles can be created or deleted. The index of this entry is hwDot1xTemplateIndex. 
                 This table supports only the profile mode. To create a profile, set hwDot1xTempRowStatus 
                 to createAndGo(4). The index is the ID of the profile to be created. To delete a profile, 
                 set hwDot1xTempRowStatus to destroy(6). The index is the ID of the profile to be deleted.
                "
            INDEX { hwDot1xTemplateIndex }
            ::= { hwDot1xTemplateConfigTable 1 }
        
        HwDot1xTemplateConfigEntry ::=
            SEQUENCE { 
                hwDot1xTemplateIndex
                    Integer32,                    
                hwDot1xHandshakeSwitch
                    INTEGER,
                hwDot1xHandshakeCount
                    Integer32,
                hwDot1xHandshakeInterval
                    Integer32, 
                 hwDot1xIfEAPEnd
                    INTEGER,                 
                hwDot1xTempIfUsed
                    INTEGER,        
                   hwDot1xTempRowStatus
                    RowStatus
                }

        hwDot1xTemplateIndex OBJECT-TYPE
            SYNTAX Integer32(0..256)
            MAX-ACCESS not-accessible
            STATUS current
            DESCRIPTION
                "Indicates the profile ID.
                 Range: 1-256
                "
            ::= { hwDot1xTemplateConfigEntry 1 }  
            
        hwDot1xHandshakeSwitch OBJECT-TYPE
            SYNTAX INTEGER {open(1),close(0)}
            MAX-ACCESS read-only
            STATUS current
            DESCRIPTION
                "Indicates the status of the handshake function.
                 Options:
                 1. open(1)  -indicates the handshake function is enabled
                 2. close(0) -indicates the handshake function is disabled
                 Default: close(0)
                "
            ::= { hwDot1xTemplateConfigEntry 2 }
        
        hwDot1xHandshakeCount OBJECT-TYPE
            SYNTAX Integer32 (0..10)
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "Indicates the permitted handshake failures.
                 Range: 0-10
                 Default: 0
                "
            DEFVAL { 0 }
            ::= { hwDot1xTemplateConfigEntry 3 }
        
        hwDot1xHandshakeInterval OBJECT-TYPE
            SYNTAX Integer32 (1..1800)
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "Indicates the handshake interval.
                 Unit: second
                 Range: 1-1800
                 Default: 15s
                "
            DEFVAL { 20 }
            ::= { hwDot1xTemplateConfigEntry 4 }  
            
        hwDot1xIfEAPEnd OBJECT-TYPE
            SYNTAX  INTEGER{eapEnd(1),eapRelay(2)}
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "Indicates which EAP authentication mode is adopted for the specified 802.1x profile. 
                 In the 802.1x function, the authentication packet can be processed in two modes: 
                 EAP end and EAP relay.
                 Options:
                 1. eapEnd(1)   -indicates the EAP end authentication mode. If local user authenticates on 
                                 DSLAM directly, it does not need to communicate with the remote RADIUS server.
                                 If the user is not local user, it must be authenticated on the remote RADIUS 
                                 server. 
                 2. eapRelay(2) -the user must be authenticated on the remote RADIUS server
                 Default: eapReplay(2)
                "                    
            DEFVAL {2}               
            ::= { hwDot1xTemplateConfigEntry 5 }
                                     
        hwDot1xTempIfUsed OBJECT-TYPE
            SYNTAX  INTEGER {used(1),unused(0)}
            MAX-ACCESS read-only
            STATUS current
            DESCRIPTION
                "Indicates whether the profile is used. When a profile is not used, 
                 the profile can be deleted.
                 Options:
                 1. used(1)   -indicates the profile is used
                 2. unused(0) -indicates the profile is not used
                 Default: unused(0)
                "            
            ::= {hwDot1xTemplateConfigEntry 6 }
                 
        hwDot1xTempRowStatus OBJECT-TYPE
            SYNTAX RowStatus
            MAX-ACCESS read-create
            STATUS current
            DESCRIPTION
                "Indicates the operation type of the table.
                 Options:
                 1. active(1)      -indicates query operation
                 2. createAndGo(4) -indicates creating a profile
                 3. destroy(6)     -indicates deleting a profile
                "
            ::= {hwDot1xTemplateConfigEntry 7 } 
                 
        hwDot1xPortConfigExtTable OBJECT-TYPE
            SYNTAX SEQUENCE OF HwDot1xPortConfigExtEntry
            MAX-ACCESS not-accessible
            STATUS current
            DESCRIPTION
                "It is an extension table of dot1xPaePortTable and is used for describing 
                 the authorization mode and authentication status of the port. The index 
                 of this table is dot1xPaePortNumber (defined in dot1xPaePortTable). This 
                 version supports authentication based on the port or service port; therefore, 
                 dot1xPaePortNumber indicates the ID of a port or service port. When the 
                 input value exceeds the maximum ID of the service port, dot1xPaePortNumber 
                 is treated as ifIndex. The range of the service port IDs depends on the version.
                 This table supports the creation of the port table. After the port table 
                 is created, the 802.1x authentication is bound to the port.
                 The create operation is as follows:
                 Specify the ID of the port to which the 802.1x authentication needs to be bound.
                 Set hwDot1xPortRowStatus to createAndGo(4), and issue the set operation.
                 Optionally specify hwDot1xPortMacControl. However, if the ID of the port is 
                 the ID of the service port, hwDot1xPortMacControl cannot be specified. 
                 hwDot1xPortMacControl cannot be issued independently, and it must be issued 
                 together with hwDot1xPortRowStatus during the create operation.
                "
            ::= { hwDot1xMibObjects 3 }
        
        hwDot1xPortConfigExtEntry OBJECT-TYPE
            SYNTAX HwDot1xPortConfigExtEntry
            MAX-ACCESS not-accessible
            STATUS current
            DESCRIPTION
                "It is an extension table of dot1xPaePortTable and is used for describing 
                 the authorization mode and authentication status of the port. The index 
                 of this entry is dot1xPaePortNumber (defined in dot1xPaePortTable). This 
                 version supports authentication based on the port or service port; therefore, 
                 dot1xPaePortNumber indicates the ID of a port or service port. When the 
                 input value exceeds the maximum ID of the service port, dot1xPaePortNumber 
                 is treated as ifIndex. The range of the service port IDs depends on the version.
                 This table supports the creation of the port table. After the port table 
                 is created, the 802.1x authentication is bound to the port.
                 The create operation is as follows:
                 Specify the ID of the port to which the 802.1x authentication needs to be bound.
                 Set hwDot1xPortRowStatus to createAndGo(4), and issue the set operation.
                 Optionally specify hwDot1xPortMacControl. However, if the ID of the port is 
                 the ID of the service port, hwDot1xPortMacControl cannot be specified. 
                 hwDot1xPortMacControl cannot be issued independently, and it must be issued 
                 together with hwDot1xPortRowStatus during the create operation.
                "
            INDEX { dot1xPaePortNumber }
            ::= { hwDot1xPortConfigExtTable 1 }  
            
        HwDot1xPortConfigExtEntry ::=
            SEQUENCE { 
                hwDot1xPortControlType
                    INTEGER,
                hwDot1xPortBindFlag
                    INTEGER, 
                hwDot1xPortAuthMode
                    INTEGER,
                hwDot1xPortAuthState
                    INTEGER,
                hwDot1xPortUserName
                    OCTET STRING,
                hwDot1xPortFramePool
                    DisplayString,
                hwDot1xPortRowStatus 
                    RowStatus,
                hwDot1xPortMacControl
                    INTEGER   
                }
                  
        hwDot1xPortControlType OBJECT-TYPE
            SYNTAX INTEGER{physicalPort(1),servicePort(2)}
            MAX-ACCESS read-only
            STATUS current
            DESCRIPTION
                "Indicates the control type of the port. The port can be controlled in the 
                 following two ways: physical port control and service port control.
                 Options:
                 1. physicalPort(1) -physical port control
                 2. servicePort(2)  -service port control
                "
            ::= { hwDot1xPortConfigExtEntry 1 } 
            
        hwDot1xPortBindFlag OBJECT-TYPE
            SYNTAX   INTEGER{binding(1)}
            MAX-ACCESS read-only 
            STATUS current
            DESCRIPTION
                "Indicates that the 802.1x authentication is bound to the port.
                 Options: 
                 1. binding(1) -indicates the 802.1x authentication is bound to the port
                "                                
            ::= { hwDot1xPortConfigExtEntry 2 } 
            
        hwDot1xPortAuthMode OBJECT-TYPE
            SYNTAX INTEGER{forceUnauthorized(1),auto(2),forceAuthorized(3)}
            MAX-ACCESS read-write 
            STATUS current
            DESCRIPTION
                "Indicates the control parameters of the controlled port. A port has three 
                 authorization control modes: force-authorized mode, force-unauthorized mode, 
                 and auto mode. According to different networks, different port control modes 
                 can be selected. By default, a port is in the unauthorized state, and users 
                 connected to the port cannot access network resources. If the authentication 
                 passes, the port state switches to the authorized state and users can access 
                 the network resources.
                 Options:
                 1. forceUnauthorized(1) -indicates force-authorized mode
                 2. auto(2)              -auto mode
                 3. forceAuthorized(3)   -indicates force-unauthorized mode
                 Default: auto(2)
                "              
            DEFVAL { 2 }
            ::= { hwDot1xPortConfigExtEntry 3 } 
            
        hwDot1xPortAuthState OBJECT-TYPE
            SYNTAX INTEGER {auth(1),unAuth(2)}
            MAX-ACCESS read-only 
            STATUS current
            DESCRIPTION
                "Indicates the port authentication status.
                 Options:
                 1. auth(1)   -indicates the port is authenticated
                 2. unAuth(2) -indicates the port is not authenticated
                 Default: unauth(2)
                "                          
            ::= { hwDot1xPortConfigExtEntry 4 }
            
        hwDot1xPortUserName OBJECT-TYPE
            SYNTAX      OCTET STRING(SIZE(0..64))
            MAX-ACCESS read-only 
            STATUS current
            DESCRIPTION
                "Indicates the user name bound to the port.
                "     
            ::= { hwDot1xPortConfigExtEntry 5 }
    
       hwDot1xPortFramePool OBJECT-TYPE
            SYNTAX DisplayString (SIZE(0..255))
            MAX-ACCESS read-only 
            STATUS current
            DESCRIPTION
                "Indicates the address pool of the port binding.
                "     
            ::= { hwDot1xPortConfigExtEntry 6 }
            
       hwDot1xPortRowStatus OBJECT-TYPE
            SYNTAX   RowStatus
            MAX-ACCESS read-create
            STATUS current
            DESCRIPTION
                "Indicates the operation type of the port table: binding the port to the 802.1x 
                 authentication, and unbinding the port from the 802.1x authentication.
                 Options:
                 1. active(1)      -indicates query operation
                 2. createAndGo(4) -indicates binding a port to the 802.1x authentication
                 3. destroy(6)     -indicates unbinding a port from the 802.1x authentication
                "                                
            ::= { hwDot1xPortConfigExtEntry 7}          
            
       hwDot1xPortMacControl OBJECT-TYPE
            SYNTAX INTEGER{enable(1),disable(2)}
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "Indicates whether to enable the MAC-based control function. This leaf can be 
                 issued with parameters during the create operation. This function supports 
                 port-based rather than service-port-based configuration. When hwDot1xPortMacControl 
                 is set to enable(1), only the packets whose source MAC address is the MAC address 
                 of the authorized user can reach the network side. This leaf does not support the 
                 modify operation.
                 Options:
                 1. enable(1)  -indicates the MAC-based control function is enabled
                 2. disable(2) -indicates the MAC-based control function is disabled
                 Default: disable(2)
                "
            ::= { hwDot1xPortConfigExtEntry 8} 
                    
        hwDot1xPortAuthStatsExtTable OBJECT-TYPE
            SYNTAX SEQUENCE OF HwDot1xPortAuthStatsExtEntry
            MAX-ACCESS not-accessible
            STATUS current
            DESCRIPTION
                "It is an extension of the public MIB table dot1xAuthStatsEntry, with certain leaves 
                 added for describing the packet statistics of the port. The index of this table is 
                 dot1xPaePortNumber (defined in dot1xPaePortTable). The following tables list the 
                 leaves of this table.
                 Only hwDot1xPortClearStatistics in this table supports the modify operation.
                 The modification process is as follows:
                 Specify the ID of the port to be modified. 
                 Set hwDot1xPortClearStatistics to the required value. The option is clear(1). 
                 Therefore, directly perform the set operation.
                "
            ::= { hwDot1xMibObjects 4 } 
            
        hwDot1xPortAuthStatsExtEntry OBJECT-TYPE
            SYNTAX HwDot1xPortAuthStatsExtEntry
            MAX-ACCESS not-accessible
            STATUS current
            DESCRIPTION
                "It is an extension of the public MIB table dot1xAuthStatsEntry, with certain leaves 
                 added for describing the packet statistics of the port. The index of this entry is 
                 dot1xPaePortNumber (defined in dot1xPaePortTable). The following tables list the 
                 leaves of this table.
                 Only hwDot1xPortClearStatistics in this table supports the modify operation.
                 The modification process is as follows:
                 Specify the ID of the port to be modified. 
                 Set hwDot1xPortClearStatistics to the required value. The option is clear(1). 
                 Therefore, directly perform the set operation.
                "
            INDEX { dot1xPaePortNumber }
            ::= { hwDot1xPortAuthStatsExtTable 1 } 
           
        HwDot1xPortAuthStatsExtEntry ::=
            SEQUENCE { 
                hwDot1xAuthSuccessTimes  
                    Integer32, 
                hwDot1xAuthFailureTimes
                    Integer32,        
                hwDot1xEapolFailurePacketsTx
                    Integer32,
                hwDot1xEapolSuccessPacketsTx
                    Integer32,
                hwDot1xNoSupportPacketsRx
                    Integer32,
                hwDot1xPortClearStatistics
                    INTEGER   
                }   
                              
      hwDot1xAuthSuccessTimes OBJECT-TYPE
          SYNTAX   Integer32
          MAX-ACCESS read-only
          STATUS current
          DESCRIPTION
              "Indicates the number of authentication successes.
              "                            
          ::= { hwDot1xPortAuthStatsExtEntry 1} 

        hwDot1xAuthFailureTimes OBJECT-TYPE
            SYNTAX   Integer32
            MAX-ACCESS read-only
            STATUS current
            DESCRIPTION
              "Indicates the number of authentication failures.
              "                                
            ::= { hwDot1xPortAuthStatsExtEntry 2} 
     
        hwDot1xEapolFailurePacketsTx OBJECT-TYPE
            SYNTAX   Integer32
            MAX-ACCESS read-only
            STATUS current
            DESCRIPTION
              "Indicates the number of the transmitted Eapol-Failure packets.
              "                                
            ::= { hwDot1xPortAuthStatsExtEntry 3} 
            
        hwDot1xEapolSuccessPacketsTx OBJECT-TYPE
            SYNTAX   Integer32
            MAX-ACCESS read-only
            STATUS current
            DESCRIPTION
              "Indicates the number of the transmitted Eapol-Success packets.
              "                                
            ::= { hwDot1xPortAuthStatsExtEntry 4}  
            
        hwDot1xNoSupportPacketsRx OBJECT-TYPE
            SYNTAX   Integer32
            MAX-ACCESS read-only
            STATUS current
            DESCRIPTION
                "Indicates the number of the unsupported EAPoL packets that are received.
                "                                
            ::= { hwDot1xPortAuthStatsExtEntry 5}             
               
        hwDot1xPortClearStatistics OBJECT-TYPE
            SYNTAX   INTEGER {clear(1)}
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "Clears the port statistics.
                 Options:
                 1. clear(1) -indicates clearing the port statistics
                "                                
            ::= { hwDot1xPortAuthStatsExtEntry 6}
        
        hwDot1xAutoDetect OBJECT-TYPE 
            SYNTAX   INTEGER { enabled(1), disabled(2) }            
            MAX-ACCESS  read-write
            STATUS      current
            DESCRIPTION
                "Indicates the status of the auto-detect function of the device. After the 802.1x 
                 auto-detect function is enabled, the system automatically detects the port status 
                 and requests the user authentication.
                 Options:
                 1. enabled(1)  -indicates the auto-detect function of the device is enabled
                 2. disabled(2) -indicates the auto-detect function of the device is disabled
                 Default: disable(2)
                "        
            ::= { hwDot1xMibObjects 5 }
        
        hwDot1xIntermittentBlinkingProtection OBJECT-TYPE 
            SYNTAX   INTEGER { enabled(1), disabled(2) }            
            MAX-ACCESS  read-write
            STATUS      current
            DESCRIPTION
                "Indicates the intermittent blinking protection function, which is used to reduce 
                 the duration of service interruption caused by port intermittent blinking. After 
                 the intermittent blinking protection function is enabled, the system does not force 
                 the 802.1x user to go offline when the port is down. In this case, if the handshake 
                 function is already enabled, the system detects the user by using the handshake 
                 mechanism; if the handshake function is disabled, the system waits for the duration 
                 of keepalive interval x number of handshake failures, and then forces the user to 
                 go offline if the port is still down. After the intermittent blinking protection 
                 function is enabled, the count of user online duration may be incorrect. Therefore, 
                 this function is applicable to the provisioning of services with the monthly flat 
                 rate rather than in the duration-based charging mode.
                 Indicates the status of the intermittent blinking protection function of the device.
                 Options:
                 1. enabled(1)  -indicates the intermittent blinking protection function is enabled
                 2. disabled(2) -indicates the intermittent blinking protection function is disabled
                 Default: disable(2)
                "        
            ::= { hwDot1xMibObjects 6 }

        hwDot1xGlobalMacControlStatus OBJECT-TYPE 
              SYNTAX   INTEGER { enabled(1), disabled(2) }                        
              MAX-ACCESS  read-write
              STATUS      current
              DESCRIPTION
                   "Whether the global mac control is enabled in the device.
                    Enable indicate that global mac control enable in the device;
                    Disabled indicate that global mac control disable in the device.           
                    DEFVAL      { 2 }
                    Options:
                    1. enabled(1)  -indicates the global mac control is enabled
                    2. disabled(2) -indicates the global mac control is disabled
                   "
                  ::= { hwDot1xMibObjects 7 }

        hwDot1xMacPortInfoTable OBJECT-TYPE
              SYNTAX SEQUENCE OF HwDot1xMacPortInfoEntry
              MAX-ACCESS not-accessible
              STATUS current
              DESCRIPTION
                   "This table describes the port information of 802.1x,
                    The index of this table is mac address.
                   "
              ::= { hwDot1xMibObjects 8 } 

        hwDot1xMacPortInfoEntry OBJECT-TYPE
              SYNTAX HwDot1xMacPortInfoEntry
              MAX-ACCESS not-accessible
              STATUS current
              DESCRIPTION
                   "This table describes the port information of 802.1x,
                    The index of this entry is mac address.
                   "
              INDEX { hwDot1xMacPortInfoMacAddress }
              ::= { hwDot1xMacPortInfoTable 1 }                         
                        
        HwDot1xMacPortInfoEntry ::=
        SEQUENCE {
                   hwDot1xMacPortInfoMacAddress
                   MacAddress,
                   hwDot1xMacPortInfoAuthState
                   Unsigned32, 
                   hwDot1xMacPortInfoAuthType 
                   Unsigned32 
                 }
                        
        hwDot1xMacPortInfoMacAddress OBJECT-TYPE
              SYNTAX MacAddress
              MAX-ACCESS not-accessible
              STATUS current
              DESCRIPTION
                   "Mac address.                                
                   "
              ::= { hwDot1xMacPortInfoEntry 1 }          
                        
        hwDot1xMacPortInfoAuthState OBJECT-TYPE
              SYNTAX Unsigned32
              MAX-ACCESS read-only
              STATUS current
                  DESCRIPTION
                   "Authentication state.                                
                   "
              ::= { hwDot1xMacPortInfoEntry 2 }
                         
        hwDot1xMacPortInfoAuthType OBJECT-TYPE
                 SYNTAX Unsigned32
              MAX-ACCESS read-only
              STATUS current
              DESCRIPTION
                   "Authentication Type.
                   "
              ::= { hwDot1xMacPortInfoEntry 3 }                        

        hwDot1xMacPortStatTable OBJECT-TYPE
              SYNTAX SEQUENCE OF HwDot1xMacPortStatEntry
              MAX-ACCESS not-accessible
              STATUS current
              DESCRIPTION
                   "This table describes the port statistics of 802.1x,
                    The index of this table is mac address.
                   "
              ::= { hwDot1xMibObjects 9 } 
                        
        hwDot1xMacPortStatEntry OBJECT-TYPE
              SYNTAX HwDot1xMacPortStatEntry
              MAX-ACCESS not-accessible
              STATUS current
              DESCRIPTION
                   "This table describes the port statistics of 802.1x,
                    The index of this entry is mac address.
                   "
              INDEX { hwDot1xMacPortInfoMacAddress }
              ::= { hwDot1xMacPortStatTable 1 }                         
                        
        HwDot1xMacPortStatEntry ::=
              SEQUENCE { 
                                hwDot1xMacPortStatAuthSuccessTimes  
                                                Unsigned32, 
                                hwDot1xMacPortStatAuthFailureTimes
                                                Unsigned32,        
                                hwDot1xMacPortStatEapolFailurePacketsTx
                                                Unsigned32,
                                hwDot1xMacPortStatEapolSuccessPacketsTx
                                                Unsigned32,
                                hwDot1xMacPortStatNoSupportPacketsRx
                                                Unsigned32,
                                hwDot1xMacPortStatClearStatistics
                                                INTEGER, 
                                hwDot1xMacPortStatAuthEapolFramesRx
                                                Unsigned32, 
                                hwDot1xMacPortStatAuthEapolFramesTx
                                                Unsigned32, 
                                hwDot1xMacPortStatAuthEapolStartFramesRx
                                                Unsigned32, 
                                hwDot1xMacPortStatAuthEapolLogoffFramesRx
                                                Unsigned32, 
                                hwDot1xMacPortStatAuthEapolRespIdFramesRx
                                                Unsigned32, 
                                hwDot1xMacPortStatAuthEapolRespFramesRx
                                                Unsigned32, 
                                hwDot1xMacPortStatAuthEapolReqIdFramesTx
                                                Unsigned32, 
                                hwDot1xMacPortStatAuthEapolReqFramesTx
                                                Unsigned32, 
                                hwDot1xMacPortStatAuthInvalidEapolFramesRx
                                                Unsigned32, 
                                hwDot1xMacPortStatAuthEapLengthErrorFramesRx
                                                Unsigned32, 
                                hwDot1xMacPortStatAuthLastEapolFrameVersion
                                                Unsigned32, 
                                hwDot1xMacPortStatAuthEapolKeyFramesRx
                                                Unsigned32,     
                                hwDot1xMacPortStatAuthEapolKeyFramesTx
                                                Unsigned32,  
                                hwDot1xMacPortStatAuthEapolPeapFramesRx
                                                Unsigned32,    
                                hwDot1xMacPortStatAuthEapolPeapFramesTx
                                                Unsigned32 
                                  }
                                  
        hwDot1xMacPortStatAuthSuccessTimes OBJECT-TYPE
                SYNTAX   Unsigned32
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "Authentication success times
                        "                                
                ::= { hwDot1xMacPortStatEntry 1} 

        hwDot1xMacPortStatAuthFailureTimes OBJECT-TYPE
                SYNTAX   Unsigned32
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "Authentication Failure times
                         "                                
                ::= { hwDot1xMacPortStatEntry 2} 
             
        hwDot1xMacPortStatEapolFailurePacketsTx OBJECT-TYPE
                SYNTAX   Unsigned32
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                       "The numbers of the Eapol-Failure Packets which has been send by the port
                       "                                
                ::= { hwDot1xMacPortStatEntry 3} 
                        
        hwDot1xMacPortStatEapolSuccessPacketsTx OBJECT-TYPE
                SYNTAX   Unsigned32
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "The numbers of the Eapol-Success Packets which has been send by the port
                         "                                
                ::= { hwDot1xMacPortStatEntry 4}
                        
        hwDot1xMacPortStatNoSupportPacketsRx OBJECT-TYPE
                SYNTAX   Unsigned32
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "The numbers of the Eapol packets  which  are not supported have been
                         received in this port
                        "                                
                ::= { hwDot1xMacPortStatEntry 5}                         
                       
        hwDot1xMacPortStatClearStatistics OBJECT-TYPE
                SYNTAX   INTEGER {clear(1)}
                MAX-ACCESS read-write
                STATUS current
                DESCRIPTION
                        "Clear the information of the packets statistics in this port
                         Options:
                         1. clear(1)  -indicates clearing the information of the packets statistics in this port
                        "                                
                ::= { hwDot1xMacPortStatEntry 6}        
                  
        hwDot1xMacPortStatAuthEapolFramesRx OBJECT-TYPE
                SYNTAX Unsigned32
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "The number of valid EAPOL frames of any type
                         that has been received by this Authenticator.
                        "                
                ::= { hwDot1xMacPortStatEntry 7 }
                
        hwDot1xMacPortStatAuthEapolFramesTx OBJECT-TYPE
                SYNTAX Unsigned32
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "The number of EAPOL frames of any type
                         that has been transmitted by this Authenticator.
                        "                
                ::= { hwDot1xMacPortStatEntry 8 }
                
        hwDot1xMacPortStatAuthEapolStartFramesRx OBJECT-TYPE
                SYNTAX Unsigned32
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "The number of EAPOL Start frames that have
                         been received by this Authenticator.
                        "
                ::= { hwDot1xMacPortStatEntry 9 }
                
        hwDot1xMacPortStatAuthEapolLogoffFramesRx OBJECT-TYPE
                SYNTAX Unsigned32
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                       "The number of EAPOL Logoff frames that have
                        been received by this Authenticator.
                       "
                ::= { hwDot1xMacPortStatEntry 10 }
                
        hwDot1xMacPortStatAuthEapolRespIdFramesRx OBJECT-TYPE
                SYNTAX Unsigned32
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "The number of EAP Resp/Id frames that have
                         been received by this Authenticator.
                        "
                ::= { hwDot1xMacPortStatEntry 11 }
                
        hwDot1xMacPortStatAuthEapolRespFramesRx OBJECT-TYPE
                SYNTAX Unsigned32
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "The number of valid EAP Response frames
                         (other than Resp/Id frames) that have been
                         received by this Authenticator.
                        "
                ::= { hwDot1xMacPortStatEntry 12 }
                
        hwDot1xMacPortStatAuthEapolReqIdFramesTx OBJECT-TYPE
                SYNTAX Unsigned32
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "The number of EAP Req/Id frames that have been
                         transmitted by this Authenticator.
                        "
                ::= { hwDot1xMacPortStatEntry 13 }
                
        hwDot1xMacPortStatAuthEapolReqFramesTx OBJECT-TYPE
                SYNTAX Unsigned32
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "The number of EAP Request frames
                         (other than Rq/Id frames) that have been
                         transmitted by this Authenticator.
                        "
                ::= { hwDot1xMacPortStatEntry 14 }
                
        hwDot1xMacPortStatAuthInvalidEapolFramesRx OBJECT-TYPE
                SYNTAX Unsigned32
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "The number of EAPOL frames that have been
                         received by this Authenticator in which the
                         frame type is not recognized.
                        "
                ::= { hwDot1xMacPortStatEntry 15 }
                
        hwDot1xMacPortStatAuthEapLengthErrorFramesRx OBJECT-TYPE
                SYNTAX Unsigned32
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "The number of EAPOL frames that have been received
                         by this Authenticator in which the Packet Body
                         Length field is invalid.
                        "
                
                ::= { hwDot1xMacPortStatEntry 16 }
                
        hwDot1xMacPortStatAuthLastEapolFrameVersion OBJECT-TYPE
                SYNTAX Unsigned32
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "The protocol version number carried in the
                         most recently received EAPOL frame.
                        "
                
                ::= { hwDot1xMacPortStatEntry 17 }
                
        hwDot1xMacPortStatAuthEapolKeyFramesRx OBJECT-TYPE
                SYNTAX Unsigned32
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "The number of EAPOL key frames that have been received
                         by this Authenticator.
                        "
                ::= { hwDot1xMacPortStatEntry 18 }        
                
        hwDot1xMacPortStatAuthEapolKeyFramesTx OBJECT-TYPE
                SYNTAX Unsigned32
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "The number of EAPOL key frames that have been sent
                         by this Authenticator.
                        "
                ::= { hwDot1xMacPortStatEntry 19 }                        
                
        hwDot1xMacPortStatAuthEapolPeapFramesRx OBJECT-TYPE
                SYNTAX Unsigned32
                MAX-ACCESS read-only
                STATUS current
                        DESCRIPTION
                        "The number of EAPOL peap frames that have been received
                         by this Authenticator.
                        "
                ::= { hwDot1xMacPortStatEntry 20 }                
                
        hwDot1xMacPortStatAuthEapolPeapFramesTx OBJECT-TYPE
                SYNTAX Unsigned32
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "The number of EAPOL peap frames that have been sent
                         by this Authenticator.
                        "
                ::= { hwDot1xMacPortStatEntry 21 }
                  
        hwDot1xMacConflictDetectStatus OBJECT-TYPE 
              SYNTAX   INTEGER { enabled(1), disabled(2) }                        
              MAX-ACCESS  read-write
              STATUS      current
              DESCRIPTION
                   "Indicates the status of the mac-conflict-detect function of the device. After the 
                    802.1x mac-conflict-detect function is enabled, the system detects the mac conflicts.
                    Options:
                    1. enabled(1)  -indicates the mac-conflict-detect of the device is enabled
                    2. disabled(2) -indicates the mac-conflict-detect of the device is disabled
                    Default: disable(2)
                   "
                  ::= { hwDot1xMibObjects 10 }
                  
        END

