
BAY-STACK-EAPOL-EXTENSION-MIB DEFINITIONS ::= BEGIN

IMPORTS
    OBJECT-TYPE, MODULE-IDENTITY, Integer32, TimeTicks
        FROM SNMPv2-SMI
    TruthValue, MacAddress, RowStatus
        FROM SNMPv2-TC
    InterfaceIndex
        FROM IF-MIB
    VlanId, VlanIdOrNone, VlanIdOrAny, PortList
        FROM Q-BRIDGE-MIB
    bayStackMibs
        FROM SYNOPTICS-ROOT-MIB
    SnmpAdminString
        FROM SNMP-FRAMEWORK-MIB
    LPortSet
        FROM RAPID-CITY;

bayStackEapExtMib MODULE-IDENTITY
    LAST-UPDATED    "201605170000Z"
    ORGANIZATION    "Avaya"
    CONTACT-INFO    "Avaya"
    DESCRIPTION
        "BayStack EAPOL Extension MIB

         Copyright 2003-2010 Avaya
         All rights reserved.
         This Avaya SNMP Management Information Base Specification
         (Specification) embodies Avaya's confidential and
         proprietary intellectual property. Avaya retains all
         title and ownership in the Specification, including any
         revisions.

         This Specification is supplied 'AS IS,' and Avaya makes
         no warranty, either express or implied, as to the use,
         operation, condition, or performance of the Specification."

    REVISION "201605170000Z" -- 17 May 2016
    DESCRIPTION "v041:  Added new value to bseeUnauthenticatedStatusRadiusStatus to support traking of delayed authentification MACs."
		 
    REVISION "201604040000Z" -- 04 April 2016
    DESCRIPTION "v040:  Added bseeMultiHostRadiusNonEapDelay to support delayed Non-EAP MAC authentication."

    REVISION "201603150000Z" -- 15 March 2016
    DESCRIPTION "v039:  Added bseeUnauthenticatedStatusTable to support tracking all MACs."

	REVISION "201601210000Z" -- 21 January 2016
    DESCRIPTION "v038:  Added bseePortConfigCloneSettingsAction, bseePortConfigCloneSettingsDestPortList - support for cloning EAP configuration from a source port to a port list.
	                    Added bseeMultiHostStatusPacpState in bseeMultiHostStatusTable to support new state machine needed for 802.1X/2010. "
    
    REVISION "201601110000Z" -- 11 January 2016
    DESCRIPTION "v037:  Extended the range for bseeMultiHostNonEapStatusState with the value radiusHeld(8)"

	REVISION "201509100000Z" -- 10 September 2015
    DESCRIPTION "v036:  Added bseeAutoPortConfigModeSwitchToMHMV, bseeAutoPortConfigModeSwitchToMHMVAction, bseeAutoPortConfigModeSwitchToMHMVResult"
    

    REVISION "201508050000Z" -- 05 August 2015
    DESCRIPTION "v035:  Remove bseePortConfigFailOpenVlanNoChange and cover it's functionality inside bseePortConfigFailOpenVlanId"
    
	REVISION "201507200000Z" -- 20 July 2015
    DESCRIPTION "v034:  Added bseePortConfigFailOpenVlanId
                              bseePortConfigFailOpenVlanEnabled
                              bseePortConfigFailOpenVlanNoChange 
                              bseePortConfigFailOpenVlanUBP"
							  
    REVISION "201503310000Z" -- 31 March 2015
    DESCRIPTION "v033:  Extend the range for bseeMultiHostNonEapStatusState with the value lldpAuthenticated(7)"
    
    REVISION "201412220000Z" -- 22 December 2014
    DESCRIPTION "v032:  Added bseeMultiHostStatusFaBindings & bseeMultiHostNonEapStatusFaBindings"

    REVISION "201409010000Z" -- 1 September 2014
    DESCRIPTION "v031:  Added bseePortConfigMultiHostSingleAuthNoLimit"
		 
    REVISION "201303040000Z" -- 4 March 2013
    DESCRIPTION "v030:  Added bseePortConfigMultiHostMaxMacs"

    REVISION "201302080000Z" -- 8 February 2013
    DESCRIPTION "v029:  Added bseeDefaultEapAll & bseePortConfigDefaultEapAll"

    REVISION "201301170000Z" -- 17 January 2013
    DESCRIPTION "v028:  Added bseeMultiHostFailOpenVlanDisableEapMode & bseePaeSystemOperState"

    REVISION "201211270000Z" --27 November 2012
    DESCRIPTION "v027:  Added the padding bit in bseeMultihostNonEapRadiusPasswordAttributeFormat"

    REVISION "201211050000Z" -- 5 November 2012
    DESCRIPTION "v026:  Added support for NEAP freeform password"

    REVISION "201208010000Z" -- 1 August 2012
    DESCRIPTION "v025:  Added bseeMultiHostFailOpenVlanContinuityModeEnabled"

    REVISION "201205230000Z" -- 23 May 2012
    DESCRIPTION "v024:  Added bseeMultiHostAdacNonEapEnabled, 
                              bseePortConfigMultiHostAdacNonEapEnabled."

    REVISION "201203010000Z" -- 1st of March 2012
    DESCRIPTION "v023:  Added bseeMultiHostDhcpAuthPhoneTable."         
         
    REVISION "201110060000Z" -- 06 October 2011
    DESCRIPTION "v022:  Added bseeAllowPortMirroringOnEap."

    REVISION "201107220000Z" -- 22 July 2011
    DESCRIPTION "v021:  Added bseeMultiHostAdacDummyRadiusRequests."

    REVISION "201106260000Z" -- 26 June 2011
    DESCRIPTION "v020:  Added bseeMultiHostBlockDifferentVlanAuth & bseePortConfigMultiHostBlockDifferentVlanAuth."

    REVISION "201009070000Z" -- 07 September 2010
    DESCRIPTION "v019:  Added bseePortConfigMultiHostClearNeap."

    REVISION "201001250000Z" -- 25 January 2010
    DESCRIPTION "v018:  Added bseeMultiHostStatusVid,
                              bseeMultiHostStatusPri,
                              bseeMultiHostNonEapStatusVid,
                              bseeMultiHostNonEapStatusPri."

    REVISION "201001110000Z" -- 11 January 2010
    DESCRIPTION "v017:  Added bseeMultiHostMultiVlan."

    REVISION "200811110000Z" -- 11 November 2008
    DESCRIPTION "v016:  Added support for fail-open and voip vlan."

    REVISION "200807030000Z" -- 03 July 2008
    DESCRIPTION "v015:  Added support for using most recent RADIUS-assigned
                        vlan."

    REVISION "200806300000Z" -- 30 June 2008
    DESCRIPTION "v014:  Added support for EAPOL supplicants."

    REVISION "200804140000Z" -- 14 Apr 2008
    DESCRIPTION "v013:  Added bseeMultiHostEapProtocolEnabled  and
                              bseePortConfigEapProtocolEnabled."

    REVISION "200803280000Z" -- 28 Mar 2008
    DESCRIPTION "v012:  Added bseePortConfigProcessRadiusRequestsServerPackets"

    REVISION "200711090000Z" -- 09 Nov 2007
    DESCRIPTION "v011:  Added bseeMultiHostAllowNonEapRadiusAssignedVlan and
                        bseePortConfigMultiHostAllowNonEapRadiusAssignedVlan."

    REVISION "200611010000Z" -- 01 Nov 2006
    DESCRIPTION "v010  Added support for various additional EAP features:
                           - allowing IP phones based on DHCP
                           - allowing use of radius assigned VLAN in
                             multihost-eap mode
                           - use of unicast packets for Eap-ReqId packets
                           - fail or not-fail EAP users on radius timeout
                             (default is to fail)"

    REVISION "200605240000Z" -- 24 May 2006
    DESCRIPTION "v009:  Added non-eap ubp support, filter-on-mac ubp support,
                        configurable non-eap radius password attribute format
                        support, re-auth of individual MAC addrs support."

    REVISION "200506270000Z" -- 27 June 2005
    DESCRIPTION "v008:  Added MHSA support.  Added new non-eap auth reasons."

    REVISION "200503100000Z" -- 10 March 2005
    DESCRIPTION "v007:  Cleaned up some DESCRIPTION clauses.
                        Added bseeMultiHostNonEapStatusTable."

    REVISION "200502170000Z" -- 17 February 2005
    DESCRIPTION "v006:  Added objects:
                            bseeMultiHostAllowNonEapClient 
                            bseeMultiHostRadiusAuthNonEapClient
                            bseePortConfigMultiHostRadiusAuthNonEapClient
                        deprecated bseePortConfigMultiHostNonEapMacSource."

    REVISION "200411110000Z" -- 11 November 2004
    DESCRIPTION "v005:  Added bseeMultiHostNonEapMacTable."

    REVISION "200408310000Z" -- 20 July 2004
    DESCRIPTION "v004:  Changes to have separate enable/disable flag for
                        guest vlan and remediation vlan.  Added objects:
                            bseeGuestVlanEnabled
                            bseeRemediationVlanEnabled
                            bseePortConfigGuestVlanEnabled"

    REVISION "200407200000Z" -- 20 July 2004
    DESCRIPTION "v003:  Added enhancements for guest vlan, remediation vlan,
                        and multihost support."

    REVISION "200309180000Z" -- 18 Sept 2003
    DESCRIPTION "v001:  Initial version."

    ::= { bayStackMibs 3 }

-- ===========================================================================
-- MIB Groups
-- ===========================================================================

bseeNotifications OBJECT IDENTIFIER ::= { bayStackEapExtMib 2 }
bseeNotifications0 OBJECT IDENTIFIER ::= { bseeNotifications 0 }

-- ===========================================================================
-- bseeObjects (global settings)
-- ===========================================================================

bseeObjects OBJECT IDENTIFIER ::= { bayStackEapExtMib 1 }

bseeUserBasedPoliciesEnabled OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object indicates whether EAPOL User-based policies
        are enabled or disabled."
    ::= { bseeObjects 1 }

bseeGuestVlanId OBJECT-TYPE
    SYNTAX      VlanId
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies the ID of the global default guest VLAN.  This
        VLAN is used for ports which do not have a configured guest VLAN.
        Access to the guest VLAN is allowed for MAC addresses before EAP
        authentication has been performed.  However, if the value of
        bseeGuestVlanEnabled is false(2), then access to the guest VLAN
        is not allowed for ports that do not have a configured guest VLAN."
    ::= { bseeObjects 2 }

bseeRemediationVlanId OBJECT-TYPE
    SYNTAX      VlanId
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies the ID of the remediation VLAN.  If EAP
        authentication fails for a port, MAC addresses on that port are
        restricted to access only the remediation VLAN.  However, if the
        value of bseeRemediationVlanEnabled is false(2), then access is
        not allowed at all for a port when EAP authentication fails."
    ::= { bseeObjects 3 }

bseeMaximumEapClientMacs OBJECT-TYPE
    SYNTAX      Integer32 (1..800)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies the global maximum number of EAP authenticated
        MAC addresses allowed."
    ::= { bseeObjects 4 }

bseeMaximumNonEapClientMacs OBJECT-TYPE
    SYNTAX      Integer32 (1..800)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies the global maximum number of non-EAP
        authenticated MAC addresses allowed."
    ::= { bseeObjects 5 }

bseeGuestVlanEnabled OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies whether access to the global default guest
        VLAN is allowed."
    ::= { bseeObjects 6 }

bseeRemediationVlanEnabled OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies whether access to the remediation VLAN
        is allowed."
    ::= { bseeObjects 7 }

bseeMultiHostAllowNonEapClient OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object controls whether non-EAP clients (MAC addresses) are
        allowed.  This is the system-wide setting.  The associated per-port
        setting (bseePortConfigMultiHostAllowNonEapClient) must also be true
        for non-EAP clients to be allowed on a particular port."
    DEFVAL      { false }
    ::= { bseeObjects 8 }

bseeMultiHostRadiusAuthNonEapClient OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object controls whether non-EAP clients (MAC addresses) may
        be authenticated using RADIUS.  This is the system-wide setting.  The
        associated per-port setting (bseePortConfigMultiHostRadiusAuthNonEapClient)
        must also be true for non-EAP clients to be authenticated using
        RADIUS on a particular port."
    DEFVAL      { false }
    ::= { bseeObjects 9 }

bseeMultiHostSingleAuthEnabled OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object controls whether non-EAP clients (MAC addresses) may
        be automatically authenticated on a port after an EAP client has
        been authenticated (known as MHSA).  This is the system-wide setting.
        The associated per-port setting must also be true for non-EAP clients
        to be authenticated in this way."
    DEFVAL      { false }
    ::= { bseeObjects 10 }

bseeUserBasedPoliciesFilterOnMac OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object indicates whether the EAPOL User-based policy filters
         that are installed on ports will be dynamically modified to include
         the MAC address for which the filters are installed."
    ::= { bseeObjects 11 }

bseeMultiHostNonEapUserBasedPoliciesEnabled OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object indicates whether non-EAPOL User-based policies
        are enabled or disabled."
    ::= { bseeObjects 12 }

bseeMultiHostNonEapUserBasedPoliciesFilterOnMac OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object indicates whether the non-EAPOL User-based policy filters
         that are installed on ports will be dynamically modified to include
         the MAC address for which the filters are installed."
    ::= { bseeObjects 13 }

bseeMultihostNonEapRadiusPasswordAttributeFormat OBJECT-TYPE
    SYNTAX      BITS {
                    ipAddr(0),
                    macAddr(1),
                    portNumber(2),
                    key(3),
                    padding(4)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object controls the format of the RADIUS password attribute
         that is included in requests to the RADIUS server for authenticating
         non-EAP clients (MAC addresses).

         If the ipAddr(0) bit is set, the password attribute will contain
         the switch's IP address encoded as a string of four 3-digit 0-padded
         integers.  For example, the encoding for the IP address 47.80.225.1
         would be '047080225001'.

         If the macAddr(1) bit is set, the password attribute will contain
         the MAC address to be authenticated as a string of six 2-digit hex
         numbers.  For example, the MAC address 00:08:01:0a:33:34 would be
         encoded as '0008010a3334'.

         If the portNumber(2) bit is set, the password attribute will contain
         the port number on which the MAC address was seen, encoded as a string
         of two 2-digit 0-padded integers.  The first integer is the unit/slot
         number, and the second number is the port number on that unit/slot.
         For a standalone stackable unit, the unit/slot number will be 0.  For
         example, the encoding for unit/port 1/23 would be '0123', and the
         encoding for port 7 on a standalone stackable unit would be '0007'.

         If the key(3) bit is set, the password attribute will contain a custom
         configured string of up to 32 characters in length.

         If padding(4) bit is set, the password will contain dots even if fields
         in the password are blank. For instance, IP and Key will be represented
         as IP...Key. If the bit is not set, there will be dots only to separate
         fields. IP and Key will be IP.Key, while IP, Mac, Port or Key alone will
         be as they are, with no dots.

         The fields in the password attribute will appear in the order of the
         bits defined in this object, i.e., IP addr, followed by MAC addr,
         followed by port number, and finally by the key.  Fields are separated
         by a '.' character. The separators are present regardless of whether a
         field is present if padding is used. So, for example, if all four fields
         are present, the password attribute might contain:
             047080225001.0008010a3334.0123.ERS4000isGreat
         If none of the three fields are present, the password attribute will
         be '...' with padding used, or '' with no padding."
    ::= { bseeObjects 14 }

bseeMultiHostAllowNonEapPhones OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object indicates whether IP phones will be allowed access
         based on DHCP."
    DEFVAL      { false }
    ::= { bseeObjects 15 }

bseeMultiHostAllowRadiusAssignedVlan OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object indicates whether to allow the use of RADIUS-assigned
         VLANs in multihost-eap mode."
    DEFVAL      { false }
    ::= { bseeObjects 16 }

bseeMultiHostEapPacketMode OBJECT-TYPE
    SYNTAX      INTEGER {
                    multicast(1),
                    unicast(2)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object indicates whether to use unicast or multicast packets
         for Eap-ReqId packets.  Normally, multicast packets are used."
    DEFVAL      { multicast }
    ::= { bseeObjects 17 }

bseeMultiHostEapRadiusTimeoutMode OBJECT-TYPE
    SYNTAX      INTEGER {
                    fail(1),
                    doNotFail(2)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object indicates whether or not to fail authentication of EAP
         users on a RADIUS timeout."
    DEFVAL      { fail }
    ::= { bseeObjects 18 }

bseeMultiHostAllowNonEapRadiusAssignedVlan OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object indicates whether to allow the use of RADIUS-assigned
         VLANs in multihost-eap mode for non-EAP clients."
    DEFVAL      { false }
    ::= { bseeObjects 19 }

bseeMultiHostEapProtocolEnabled OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object controls whether processing of EAP protocol packets
         is enabled."
    DEFVAL      { true }
    ::= { bseeObjects 20 }

bseeMultiHostUseMostRecentRadiusAssignedVlan OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Controls whether to use most recent RADIUS-assigned VLAN."
    DEFVAL      { false }
    ::= { bseeObjects 21 }

bseeMultiHostFailOpenVlanId OBJECT-TYPE
    SYNTAX      VlanId
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies the ID of the global fail-over Vlan."
    ::= { bseeObjects 22 }

bseeMultiHostFailOpenVlanEnabled OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies whether to use the fail-over Vlan."
    ::= { bseeObjects 23 }

bseeMultiHostMultiVlan OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies whether to use the multi-VLAN functionality
        with MHMA mode."
    ::= { bseeObjects 24 }

bseeMultiHostNeapReauthenticationEnabled OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies whether to use 'NEAP re-authentication'
        feature"
    ::= { bseeObjects 25 }

bseeMultiHostBlockDifferentVlanAuth OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies whether to block authentication of clients
	which have an associated RADIUS assigned VLAN with an invalid value
	or different from first client authenticated on the same port"
    DEFVAL      { false }
    ::= { bseeObjects 26 }

bseeMultiHostAdacDummyRadiusRequests OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies whether to send or not dummy RADIUS requests
         for NEAP users authenticated as ADAC NEAP"
    ::= { bseeObjects 27 }


bseeAllowPortMirroringOnEap OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies whether EAP enabled ports can be involved in 
         port mirroring"
    ::= { bseeObjects 28 }

bseeMultiHostAdacNonEapEnabled OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies whether the authentication of Non-EAP phones 
         using ADAC is allowed."
    ::= { bseeObjects 29 }

bseeMultiHostFailOpenVlanContinuityModeEnabled OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies whether to use the fail-over Vlan continuity mode."
    DEFVAL      { false }
    ::= { bseeObjects 30 }

bseeMultiHostNonEapRadiusPasswordFreeformKey OBJECT-TYPE
    SYNTAX       OCTET STRING (SIZE(0..32))
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
        "This command specifies a custom string to be put in the password used to
         authenticate Non-EAP clients via RADIUS server."
    ::= { bseeObjects 31 }

bseeMultiHostFailOpenVlanDisableEapMode OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies whether to use the Fail Open VLAN Disable EAP Mode."
    DEFVAL      { false }
    ::= { bseeObjects 32 }

bseePaeSystemOperState OBJECT-TYPE
    SYNTAX      INTEGER {
                    enabled(1),
                    disabled(2)
                }
    MAX-ACCESS     read-only
    STATUS         current
    DESCRIPTION
        "The oper state of EAP when ports are in Fail Open VLAN Disable EAP Mode."
    DEFVAL      { disabled }
    ::= { bseeObjects 33 }

bseeDefaultEapAll OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies whether to default all global EAP settings."
    DEFVAL      { false }
    ::= { bseeObjects 34 }
	
	
bseeAutoPortConfigModeSwitchToMHMV OBJECT-TYPE
    SYNTAX      LPortSet
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies the port list on which is applied the configuration."
    ::= { bseeObjects 35 }
	
bseeAutoPortConfigModeSwitchToMHMVAction OBJECT-TYPE
    SYNTAX      INTEGER {
                         none(1),
                         apply(2)
                        }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies the action that is going to be made on the indicated port.
         At retrieval, the value is always none(1)."
    ::= { bseeObjects 36 }
	
bseeAutoPortConfigModeSwitchToMHMVStatus OBJECT-TYPE
    SYNTAX       INTEGER {
                          passed(1),
                          inProgress(2),
                          failed(3)
                         }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This object specifies the action result on the indicated port"
    ::= { bseeObjects 37 }	

bseeMultiHostRadiusNonEapDelay OBJECT-TYPE
    SYNTAX      Integer32 (0..20)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies the delay (in seconds) before sending Radius Access Request for Non-EAP MACs."
    DEFVAL      { 0 }
    ::= { bseeObjects 38 }

-- ===========================================================================
-- EAP Multi-Host Configuration Table
-- ===========================================================================

bseePortConfigTable OBJECT-TYPE
    SYNTAX SEQUENCE OF BseePortConfigEntry
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "This table is used to control the EAP multihost configuration
        for each port in the system."
    ::= { bayStackEapExtMib 3 }

bseePortConfigEntry OBJECT-TYPE
    SYNTAX BseePortConfigEntry
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "The EAP multihost configuration for a port."
    INDEX { bseePortConfigPortNumber }
    ::= { bseePortConfigTable 1 }

BseePortConfigEntry ::=
    SEQUENCE {
        bseePortConfigPortNumber InterfaceIndex,
        bseePortConfigGuestVlanId                               VlanIdOrNone,
        bseePortConfigMultiHostEnabled                          TruthValue,
        bseePortConfigMultiHostEapMaxNumMacs                    Integer32,
        bseePortConfigMultiHostAllowNonEapClient                TruthValue,
        bseePortConfigMultiHostNonEapMacSource                  INTEGER,
        bseePortConfigMultiHostNonEapMaxNumMacs                 Integer32,
        bseePortConfigGuestVlanEnabled                          TruthValue,
        bseePortConfigMultiHostRadiusAuthNonEapClient           TruthValue,
        bseePortConfigMultiHostSingleAuthEnabled                TruthValue,
        bseePortConfigMultiHostAllowNonEapPhones                TruthValue,
        bseePortConfigMultiHostAllowRadiusAssignedVlan          TruthValue,
        bseePortConfigMultiHostEapPacketMode                    INTEGER,
        bseePortConfigMultiHostEapRadiusTimeoutMode             INTEGER,
        bseePortConfigMultiHostAllowNonEapRadiusAssignedVlan    TruthValue,
        bseePortConfigProcessRadiusRequestsServerPackets        TruthValue,
        bseePortConfigEapProtocolEnabled                        TruthValue,
        bseePortConfigMultiHostUseMostRecentRadiusAssignedVlan  TruthValue,
        bseePortConfigMultiHostClearNeap                        MacAddress,
        bseePortConfigMultiHostBlockDifferentVlanAuth           TruthValue,
        bseePortConfigMultiHostAdacNonEapEnabled                TruthValue,
        bseePortConfigDefaultEapAll                             TruthValue,
        bseePortConfigMultiHostMaxMacs                          Integer32,
        bseePortConfigMultiHostSingleAuthNoLimit                TruthValue,
        bseePortConfigFailOpenVlanId                            Integer32,
        bseePortConfigFailOpenVlanEnabled                       TruthValue,
        bseePortConfigFailOpenVlanUBP                           OCTET STRING,
        bseePortConfigCloneSettingsAction                       INTEGER,
        bseePortConfigCloneSettingsDestPortList                 PortList
    }

bseePortConfigPortNumber OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The Port number associated with this Port."
    ::= { bseePortConfigEntry 1 }

bseePortConfigGuestVlanId OBJECT-TYPE
    SYNTAX      VlanIdOrNone
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies the ID of the guest VLAN for this port.
        Access to the guest VLAN is allowed for MAC addresses before EAP
        authentication has been performed.

        If the value of this object is 0, then the global guest VLAN ID
        is used for this port, as specified in bseeGuestVlanId.

        However, if the value of the associated instance of
        bseePortConfigGuestVlanEnabled is false(2), then access to the
        guest VLAN is not allowed for the port, regardless of the value
        of bseePortConfigGuestVlanId."
    DEFVAL      { 0 }
    ::= { bseePortConfigEntry 2 }

bseePortConfigMultiHostEnabled OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object controls whether EAP multihost is enabled for a port."
    DEFVAL      { false }
    ::= { bseePortConfigEntry 3 }

bseePortConfigMultiHostEapMaxNumMacs OBJECT-TYPE
    SYNTAX      Integer32 (0..100)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies the maximum number of EAP-authentication
        MAC addresses allowed on this port.  A value of 0 indicates that
        there is no port-specific limit."
    DEFVAL      { 1 }
    ::= { bseePortConfigEntry 4 }

bseePortConfigMultiHostAllowNonEapClient OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object controls whether non-EAP clients (MAC addresses) are
        allowed on the port."
    DEFVAL      { false }
    ::= { bseePortConfigEntry 5 }

bseePortConfigMultiHostNonEapMacSource OBJECT-TYPE
    SYNTAX      INTEGER {
                    autoLearn(1),
                    userConfig(2),
                    radius(3)
                }
    MAX-ACCESS  read-write
    STATUS      deprecated
    DESCRIPTION
        "This object controls the source for finding allowed non-EAP MAC
        addresses."
    DEFVAL      { userConfig }
    ::= { bseePortConfigEntry 6 }

bseePortConfigMultiHostNonEapMaxNumMacs OBJECT-TYPE
    SYNTAX      Integer32 (1..100)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies the maximum number of non-EAP authenticated
        MAC addresses allowed on this port."
    DEFVAL      { 1 }
    ::= { bseePortConfigEntry 7 }

bseePortConfigGuestVlanEnabled OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object controls whether access to the guest VLAN is allowed
        for a port."
    DEFVAL      { false }
    ::= { bseePortConfigEntry 8 }

bseePortConfigMultiHostRadiusAuthNonEapClient OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object controls whether non-EAP clients (MAC addresses) may
        authenticated using RADIUS on the port."
    DEFVAL      { false }
    ::= { bseePortConfigEntry 9 }

bseePortConfigMultiHostSingleAuthEnabled OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object controls whether non-EAP clients (MAC addresses) may
        be automatically authenticated on the port after an EAP client has
        been authenticated (known as MHSA)."
    DEFVAL      { false }
    ::= { bseePortConfigEntry 10 }

bseePortConfigMultiHostAllowNonEapPhones OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object indicates whether IP phones will be allowed access
         based on DHCP."
    DEFVAL      { false }
    ::= { bseePortConfigEntry 11 }

bseePortConfigMultiHostAllowRadiusAssignedVlan OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object indicates whether to allow the use of RADIUS-assigned
         VLANs in multihost-eap mode."
    DEFVAL      { false }
    ::= { bseePortConfigEntry 12 }

bseePortConfigMultiHostEapPacketMode OBJECT-TYPE
    SYNTAX      INTEGER {
                    multicast(1),
                    unicast(2)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object indicates whether to use unicast or multicast packets
         for Eap-ReqId packets.  Normally, multicast packets are used."
    DEFVAL      { multicast }
    ::= { bseePortConfigEntry 13 }

bseePortConfigMultiHostEapRadiusTimeoutMode OBJECT-TYPE
    SYNTAX      INTEGER {
                    fail(1),
                    doNotFail(2)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object indicates whether or not to fail authentication of EAP
         users on a RADIUS timeout."
    DEFVAL      { fail }
    ::= { bseePortConfigEntry 14 }

bseePortConfigMultiHostAllowNonEapRadiusAssignedVlan OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object indicates whether to allow the use of RADIUS-assigned
         VLANs in multihost-eap mode for non-EAP clients."
    DEFVAL      { false }
    ::= { bseePortConfigEntry 15 }

bseePortConfigProcessRadiusRequestsServerPackets OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object indicates whether to process any RADIUS requests-server
         packets that are received on this port."
    DEFVAL      { false }
    ::= { bseePortConfigEntry 16 }

bseePortConfigEapProtocolEnabled OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object controls whether EAP protocol packets are processed
         on this port."
    DEFVAL      { true }
    ::= { bseePortConfigEntry 17 }

bseePortConfigMultiHostUseMostRecentRadiusAssignedVlan OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Controls whether to use most recent RADIUS-assigned VLAN."
    DEFVAL      { false }
    ::= { bseePortConfigEntry 18 }

bseePortConfigMultiHostClearNeap OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Setting this object will clear NEAP authenticated clients from the
         authentication list.  If the value is set to 00:00:00:00:00:00, all
         clients will be cleared from this port.  Otherwise, only a specific
         client will be cleared."
    DEFVAL      { '000000000000'h }
    ::= { bseePortConfigEntry 19 }

bseePortConfigMultiHostBlockDifferentVlanAuth OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Controls whether to block authentication of clients which have an
	associated RADIUS assigned VLAN with an invalid value or different
	from first client authenticated on the same port."
    DEFVAL      { false }
    ::= { bseePortConfigEntry 20 }

bseePortConfigMultiHostAdacNonEapEnabled  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies whether the authentication of Non-EAP phones 
         using ADAC is allowed on this port."
    DEFVAL      { false }         
    ::= { bseePortConfigEntry 21 }

bseePortConfigDefaultEapAll  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies whether to default all EAP settings on this port."
    DEFVAL      { false }         
    ::= { bseePortConfigEntry 22 }

bseePortConfigMultiHostMaxMacs OBJECT-TYPE
    SYNTAX      Integer32 (0..100)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies the maximum number of EAP and NEAP clients allowed on this port."
    DEFVAL      { 1 }
    ::= { bseePortConfigEntry 23 }

bseePortConfigMultiHostSingleAuthNoLimit OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies if we limit the number of non-eap clients on a port authenticated in MHSA."
    DEFVAL      { false }
    ::= { bseePortConfigEntry 24 }

bseePortConfigFailOpenVlanId OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies the ID of the fail-open VLAN for this port in the following format:
        -1      : Port PVID is used as Fail Open VLAN
         0      : the global fail-open VLAN ID is used for this port, as specified in bseeMultiHostFailOpenVlanId.
         1-4094 : range of values used for fail-open VLAN ID on this port
        However, if the value of the associated instance of
        bseePortConfigFailOpenVlanEnabled is false(2), then access to the
        fail-open VLAN is not allowed for the port, regardless of the value
        of bseePortConfigFailOpenVlanId."
    DEFVAL      { 0 }
    ::= { bseePortConfigEntry 25 }

bseePortConfigFailOpenVlanEnabled OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object controls whether fail-open is enabled for a port."
    DEFVAL      { false }
    ::= { bseePortConfigEntry 26 }

bseePortConfigFailOpenVlanUBP OBJECT-TYPE
    SYNTAX       OCTET STRING (SIZE(0..16))
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
        "This object represents the UBP filter name of the fail-open policy"
    ::= { bseePortConfigEntry 27 }
		
bseePortConfigCloneSettingsAction OBJECT-TYPE
    SYNTAX       INTEGER
                 {
                     none(1),
                     start(2)
                 }
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
        "This object starts the action of copying eap settings from current ifIndex to the list of ports specified in bseePortConfigCloneSettingsDestPortList.
         The default value will be returned by all read opperations.
         The write operation must contain both bseePortConfigCloneSettingsAction and bseePortConfigCloneSettingsDestPortList.
        "
    DEFVAL       { none }
    ::= { bseePortConfigEntry 28 }

bseePortConfigCloneSettingsDestPortList OBJECT-TYPE
    SYNTAX       PortList
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
        "This object represents the destination port list on which the EAP port configuration will be copied.
         The default value will be returned by all read opperations.
         The write operation must contain both bseePortConfigCloneSettingsAction and bseePortConfigCloneSettingsDestPortList.
        "
    DEFVAL       { ''H }
    ::= { bseePortConfigEntry 29 }

-- ===========================================================================
-- EAP Multi-Host Status Table
-- ===========================================================================

bseeMultiHostStatusTable OBJECT-TYPE
    SYNTAX SEQUENCE OF BseeMultiHostStatusEntry
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "This table provides the EAP authentication status per-MAC address
         per-port."
    ::= { bayStackEapExtMib 4 }

bseeMultiHostStatusEntry OBJECT-TYPE
    SYNTAX BseeMultiHostStatusEntry
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "The status of EAP authentication of clients for a port."
    INDEX { bseeMultiHostStatusPortNumber, bseeMultiHostStatusClientMACAddr }
    ::= { bseeMultiHostStatusTable 1 }

BseeMultiHostStatusEntry ::=
    SEQUENCE {
        bseeMultiHostStatusPortNumber InterfaceIndex,
        bseeMultiHostStatusClientMACAddr MacAddress,
        bseeMultiHostStatusPaeState INTEGER,
        bseeMultiHostStatusBackendAuthState INTEGER,
        bseeMultiHostStatusReauthenticate INTEGER,
        bseeMultiHostStatusVid VlanIdOrAny,
        bseeMultiHostStatusPri Integer32,
        bseeMultiHostStatusFaBindings OCTET STRING,
        bseeMultiHostStatusPacpState INTEGER
    }

bseeMultiHostStatusPortNumber OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The Port number associated with this client."
    ::= { bseeMultiHostStatusEntry 1 }

bseeMultiHostStatusClientMACAddr OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The MAC address of the client."
    ::= { bseeMultiHostStatusEntry 2 }

bseeMultiHostStatusPaeState OBJECT-TYPE
    SYNTAX      INTEGER {
                    initialize(1),
                    disconnected(2),
                    connecting(3),
                    authenticating(4),
                    authenticated(5),
                    aborting(6),
                    held(7),
                    forceAuth(8),
                    forceUnauth(9)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The current value of the Authenticator PAE state machine."
    ::= { bseeMultiHostStatusEntry 3 }

bseeMultiHostStatusBackendAuthState OBJECT-TYPE
    SYNTAX      INTEGER {
                    request(1),
                    response(2),
                    success(3),
                    fail(4),
                    timeout(5),
                    idle(6),
                    initialize(7)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The current state of the Backend Authentication state machine."
    ::= { bseeMultiHostStatusEntry 4 }

bseeMultiHostStatusReauthenticate OBJECT-TYPE
    SYNTAX      INTEGER {
                    other(1),
                    reauthenticate(2)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Setting this object to reauthenticate(2) will force the client to
         be reauthenticated.  When retrieved, the value of this object is
         always other(1)."
    ::= { bseeMultiHostStatusEntry 5 }

bseeMultiHostStatusVid OBJECT-TYPE
    SYNTAX      VlanIdOrAny
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The Vlan ID associated with this client for MultiVlan capabilities.
         If MultiVlan is not enabled for this client, the value of this object
         will be 4095."
    ::= { bseeMultiHostStatusEntry 6 }

bseeMultiHostStatusPri OBJECT-TYPE
    SYNTAX      Integer32 (0..8)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The Vlan priority value associated with this client for MultiVlan
         capabilities.  If MultiVlan is not enabled for this client, the
         value of this object will be 8."
    ::= { bseeMultiHostStatusEntry 7 }

bseeMultiHostStatusFaBindings OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE(0..96))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The EAP vlan:isid bindings. Vlan is represented on 2 bytes. Isid is
	represented on 4 bytes. The output OctetString would be a continuous
	hexadecimal representation of VLAN followed by corresponding ISID. 
	Example:
  	    Length(bytes): |--2--|--4--|--2--|--4--|--2--|--4--|---2--|---4--|
	    OctetString:    VLAN0 ISID0 VLAN1 ISID1  ...   ...  VLAN15 ISID15 .
	There are no spaces between VLANx and ISIDx."
    ::= { bseeMultiHostStatusEntry 8 }

bseeMultiHostStatusPacpState OBJECT-TYPE
    SYNTAX      INTEGER {
                    initialize(1),
                    unauthenticated(2),
                    authenticating(3),
                    authenticated(4),
                    held(5)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The current value of the Authenticator PACP state machine."
    ::= { bseeMultiHostStatusEntry 9 }

-- ===========================================================================
-- EAP Multi-Host Session Statistics Table
-- ===========================================================================

bseeMultiHostSessionStatsTable OBJECT-TYPE
    SYNTAX SEQUENCE OF BseeMultiHostSessionStatsEntry
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "A table that contains the session statistics objects for the
        Authenticator PAE associated with each EAP client on each Port.
        An entry appears in this table for each client MAC address on each
        port that may authenticate access to itself."
    ::= { bayStackEapExtMib 5 }

bseeMultiHostSessionStatsEntry OBJECT-TYPE
    SYNTAX BseeMultiHostSessionStatsEntry
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "The session statistics information for an Authenticator
        PAE. This shows the current values being collected for
        each session that is still in progress, or the final
        values for the last valid session for each client where
        there is no session currently active.  This is similar to
        the dot1xAuthSessionStatsTable, except that it provides
        information per-port-per-MAC, rather than just per-port."
    INDEX { bseeMultiHostSessionStatsPortNumber,
            bseeMultiHostSessionStatsClientMACAddr }
    ::= { bseeMultiHostSessionStatsTable 1 }

BseeMultiHostSessionStatsEntry ::=
    SEQUENCE {
        bseeMultiHostSessionStatsPortNumber InterfaceIndex,
        bseeMultiHostSessionStatsClientMACAddr MacAddress,
        bseeMultiHostSessionId SnmpAdminString,
        bseeMultiHostSessionAuthenticMethod INTEGER,
        bseeMultiHostSessionTime TimeTicks,
        bseeMultiHostSessionTerminateCause INTEGER,
        bseeMultiHostSessionUserName SnmpAdminString
    }

bseeMultiHostSessionStatsPortNumber OBJECT-TYPE
    SYNTAX InterfaceIndex
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "The Port number associated with this client."
    ::= { bseeMultiHostSessionStatsEntry 1 }

bseeMultiHostSessionStatsClientMACAddr OBJECT-TYPE
    SYNTAX MacAddress
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "The MAC address of this client."
    ::= { bseeMultiHostSessionStatsEntry 2 }

bseeMultiHostSessionId OBJECT-TYPE
    SYNTAX SnmpAdminString
    MAX-ACCESS read-only
    STATUS current
    DESCRIPTION
        "A unique identifier for the session, in the
        form of a printable ASCII string of at least
        three characters."
    ::= { bseeMultiHostSessionStatsEntry 3 }

bseeMultiHostSessionAuthenticMethod OBJECT-TYPE
    SYNTAX INTEGER {
               remoteAuthServer(1),
               localAuthServer(2)
           }
    MAX-ACCESS read-only
    STATUS current
    DESCRIPTION
        "The authentication method used to establish the session."
    ::= { bseeMultiHostSessionStatsEntry 4 }

bseeMultiHostSessionTime OBJECT-TYPE
    SYNTAX TimeTicks
    MAX-ACCESS read-only
    STATUS current
    DESCRIPTION
        "The duration of the session in seconds."
    ::= { bseeMultiHostSessionStatsEntry 5 }

bseeMultiHostSessionTerminateCause OBJECT-TYPE
    SYNTAX INTEGER {
               supplicantLogoff(1),
               portFailure(2),
               supplicantRestart(3),
               reauthFailed(4),
               authControlForceUnauth(5),
               portReInit(6),
               portAdminDisabled(7),
               notTerminatedYet(999)
           }
    MAX-ACCESS read-only
    STATUS current
    DESCRIPTION
        "The reason for the session termination."
    ::= { bseeMultiHostSessionStatsEntry 6 }

bseeMultiHostSessionUserName OBJECT-TYPE
    SYNTAX SnmpAdminString
    MAX-ACCESS read-only
    STATUS current
    DESCRIPTION
        "The User-Name representing the identity of the Supplicant PAE."
    ::= { bseeMultiHostSessionStatsEntry 7 }


-- ===========================================================================
-- EAP Multi-Host Allowed Non-EAP MAC Address Table
-- ===========================================================================

bseeMultiHostNonEapMacTable OBJECT-TYPE
    SYNTAX SEQUENCE OF BseeMultiHostNonEapMacEntry
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "A table that contains the non-EAP MAC addresses that are
         allowed access to EAP-enabled interfaces."
    ::= { bayStackEapExtMib 6 }

bseeMultiHostNonEapMacEntry OBJECT-TYPE
    SYNTAX BseeMultiHostNonEapMacEntry
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "An allowed non-EAP MAC address."
    INDEX { bseeMultiHostNonEapMacPortNumber,
            bseeMultiHostNonEapMacClientMACAddr }
    ::= { bseeMultiHostNonEapMacTable 1 }

BseeMultiHostNonEapMacEntry ::=
    SEQUENCE {
        bseeMultiHostNonEapMacPortNumber    InterfaceIndex,
        bseeMultiHostNonEapMacClientMACAddr MacAddress,
        bseeMultiHostNonEapMacRowStatus     RowStatus
    }

bseeMultiHostNonEapMacPortNumber OBJECT-TYPE
    SYNTAX InterfaceIndex
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "The Port number on which the MAC address is allowed."
    ::= { bseeMultiHostNonEapMacEntry 1 }

bseeMultiHostNonEapMacClientMACAddr OBJECT-TYPE
    SYNTAX MacAddress
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "The MAC address allowed on the port."
    ::= { bseeMultiHostNonEapMacEntry 2 }

bseeMultiHostNonEapMacRowStatus OBJECT-TYPE
    SYNTAX RowStatus
    MAX-ACCESS read-create
    STATUS current
    DESCRIPTION
        "This is used to control creation/deletion of entries
         in this table."
    ::= { bseeMultiHostNonEapMacEntry 3 }


-- ===========================================================================
-- EAP Multi-Host Non-EAP Status Table
-- ===========================================================================

bseeMultiHostNonEapStatusTable OBJECT-TYPE
    SYNTAX SEQUENCE OF BseeMultiHostNonEapStatusEntry
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "This table provides the authentication status of non-EAP
         clients per-MAC address per-port."
    ::= { bayStackEapExtMib 7 }

bseeMultiHostNonEapStatusEntry OBJECT-TYPE
    SYNTAX BseeMultiHostNonEapStatusEntry
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "The status of authentication of a non-EAP client for a port."
    INDEX { bseeMultiHostNonEapStatusPortNumber,
            bseeMultiHostNonEapStatusClientMACAddr }
    ::= { bseeMultiHostNonEapStatusTable 1 }

BseeMultiHostNonEapStatusEntry ::=
    SEQUENCE {
        bseeMultiHostNonEapStatusPortNumber InterfaceIndex,
        bseeMultiHostNonEapStatusClientMACAddr MacAddress,
        bseeMultiHostNonEapStatusState INTEGER,
        bseeMultiHostNonEapStatusReauthenticate INTEGER,
        bseeMultiHostNonEapStatusVid VlanIdOrAny,
        bseeMultiHostNonEapStatusPri Integer32,
        bseeMultiHostNonEapStatusFaBindings OCTET STRING
    }

bseeMultiHostNonEapStatusPortNumber OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The Port number associated with this client."
    ::= { bseeMultiHostNonEapStatusEntry 1 }

bseeMultiHostNonEapStatusClientMACAddr OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The MAC address of the client."
    ::= { bseeMultiHostNonEapStatusEntry 2 }

bseeMultiHostNonEapStatusState OBJECT-TYPE
    SYNTAX      INTEGER {
                    rejected(1),
                    locallyAuthenticated(2),
                    radiusPending(3),
                    radiusAuthenticated(4),
                    adacAuthenticated(5),
                    mhsaAuthenticated(6),
                    lldpAuthenticated(7),
                    radiusHeld(8)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The authentication status.  Values are:

           rejected(1) - the MAC address could not be authenticated
                         on this port

           locallyAuthenticated(2) - the MAC address was authenticated
                         using the local table of allowed clients

           radiusPending(3) -  the MAC address is awaiting
                         authentication by a RADIUS server

           radiusAuthenticated(4) - the MAC address was authenticated
                         by a RADIUS server

           adacAuthenticated(5) - the MAC address was authenticated using
                         ADAC configuration tables

           mhsaAuthenticated(6) - the MAC address was auto-authenticated
                         on a port following a successful authentication
                         of an EAP client

           lldpAuthenticated(7) - the MAC address was authenticated using
                         the LLDP mechanism
           radiusHeld(8) - the MAC address was authenticated by a RADIUS
                           server and rejected after"
		   
    ::= { bseeMultiHostNonEapStatusEntry 3 }

bseeMultiHostNonEapStatusReauthenticate OBJECT-TYPE
    SYNTAX      INTEGER {
                    other(1),
                    reauthenticate(2)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Setting this object to reauthenticate(2) will force the MAC address
         to be reauthenticated.  When retrieved, the value of this object is
         always other(1)."
    ::= { bseeMultiHostNonEapStatusEntry 4 }

bseeMultiHostNonEapStatusVid OBJECT-TYPE
    SYNTAX      VlanIdOrAny
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The Vlan ID associated with this client for MultiVlan capabilities.
         If MultiVlan is not enabled for this client, the value of this object
         will be 4095."
    ::= { bseeMultiHostNonEapStatusEntry 5 }

bseeMultiHostNonEapStatusPri OBJECT-TYPE
    SYNTAX      Integer32 (0..8)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The Vlan priority value associated with this client for MultiVlan
         capabilities.  If MultiVlan is not enabled for this client, the
         value of this object will be 8."
    ::= { bseeMultiHostNonEapStatusEntry 6 }

bseeMultiHostNonEapStatusFaBindings OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE(0..96))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The NEAP vlan:isid bindings. Vlan is represented on 2 bytes. Isid is
	represented on 4 bytes. The output OctetString would be a continuous
	hexadecimal representation of VLAN followed by corresponding ISID. 
	Example:
  	    Length(bytes): |--2--|--4--|--2--|--4--|--2--|--4--|---2--|---4--|
	    OctetString:    VLAN0 ISID0 VLAN1 ISID1  ...   ...  VLAN15 ISID15 .
	There are no spaces between VLANx and ISIDx."
    ::= { bseeMultiHostNonEapStatusEntry 7 }

-- ===========================================================================
-- bseeSupplicantObjects
-- ===========================================================================

bseeSupplicantObjects OBJECT IDENTIFIER ::= { bayStackEapExtMib 8 }

bseeSupplicantEnabled OBJECT-TYPE
    SYNTAX       TruthValue
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
        "Indicates whether supplicant functionality is enabled or disabled.
        A value of true(1) means enabled."
        ::= { bseeSupplicantObjects 1 }

-- ===========================================================================
-- bseeSupplicantUserTable
-- ===========================================================================

bseeSupplicantUserTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF BseeSupplicantUserEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table that contains the user name and password for the
        Supplicant PAE associated with each port.
        An entry appears in this table for each port that may
        authenticate itself when challenged by a remote system."
    REFERENCE
        "9.5.1"
    ::= { bayStackEapExtMib 9 }

bseeSupplicantUserEntry OBJECT-TYPE
    SYNTAX      BseeSupplicantUserEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The configuration information for a Supplicant PAE."
    INDEX { bseeSupplicantPortNumber }
    ::= { bseeSupplicantUserTable 1 }

BseeSupplicantUserEntry ::=
    SEQUENCE {
        bseeSupplicantPortNumber    InterfaceIndex,
        bseeSupplicantUserName      SnmpAdminString,
        bseeSupplicantPassword      SnmpAdminString,
        bseeSupplicantUserState     INTEGER
    }
bseeSupplicantPortNumber OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "A unique value for each interface.  Its value
            ranges between 1 and the value of ifNumber.  The
            value for each interface must remain constant at
            least from one re-initialization of the entity's
            network management system to the next re-
            initialization."
    ::= { bseeSupplicantUserEntry 1 }

bseeSupplicantUserName OBJECT-TYPE
    SYNTAX      SnmpAdminString (SIZE (0..15))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The user name currently in use by the Supplicant
        PAE state machine."
    ::= { bseeSupplicantUserEntry 2 }
    
bseeSupplicantPassword OBJECT-TYPE
    SYNTAX      SnmpAdminString (SIZE (0..15))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The password currently in use by the Supplicant
        PAE state machine."
    ::= { bseeSupplicantUserEntry 3 }

bseeSupplicantUserState OBJECT-TYPE
    SYNTAX      INTEGER {
                    inactive(1),
                    active(2),
                    logoff(3)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Input the user state to logoff."
    ::= { bseeSupplicantUserEntry 4 }

-- ===========================================================================
-- bseeMultiHostVoipVlanTable
-- ===========================================================================

bseeMultiHostVoipVlanTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF BseeMultiHostVoipVlanEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table that contains EAP VoIP Vlan settings."
    ::= { bayStackEapExtMib 10 }

bseeMultiHostVoipVlanEntry OBJECT-TYPE
    SYNTAX      BseeMultiHostVoipVlanEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The configuration information for an EAP VoIP Vlan."
    INDEX { bseeMultiHostVoipVlanIndex }
    ::= { bseeMultiHostVoipVlanTable 1 }

BseeMultiHostVoipVlanEntry ::=
    SEQUENCE {
        bseeMultiHostVoipVlanIndex   Integer32,
        bseeMultiHostVoipVlanId      VlanId,
        bseeMultiHostVoipVlanEnabled TruthValue
    }

bseeMultiHostVoipVlanIndex OBJECT-TYPE
    SYNTAX      Integer32(1..5)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "A unique identifier for each entry."
    ::= { bseeMultiHostVoipVlanEntry 1 }

bseeMultiHostVoipVlanId OBJECT-TYPE
    SYNTAX      VlanId
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies the Vlan ID of the VoIP Vlan."
    ::= { bseeMultiHostVoipVlanEntry 2 }

bseeMultiHostVoipVlanEnabled OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies whether to use this VoIP Vlan."
    ::= { bseeMultiHostVoipVlanEntry 3 }
    
-- ===========================================================================
-- EAP Multi-Host for DHCP authenticated IP phones Table
-- ===========================================================================

bseeMultiHostDhcpAuthPhoneTable OBJECT-TYPE
    SYNTAX SEQUENCE OF BseeMultiHostDhcpAuthPhoneEntry
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "This table provides the list of DHCP authenticated IP phones 
         per-MAC address per-port."
    ::= { bayStackEapExtMib 11 }

bseeMultiHostDhcpAuthPhoneEntry OBJECT-TYPE
    SYNTAX BseeMultiHostDhcpAuthPhoneEntry
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "The DHCP authenticated IP phone for a port."
    INDEX { bseeMultiHostDhcpAuthPhonePortNumber,
            bseeMultiHostDhcpAuthPhoneClientMACAddr }
    ::= { bseeMultiHostDhcpAuthPhoneTable 1 }

BseeMultiHostDhcpAuthPhoneEntry ::=
    SEQUENCE {
        bseeMultiHostDhcpAuthPhonePortNumber InterfaceIndex,
        bseeMultiHostDhcpAuthPhoneClientMACAddr MacAddress,
        bseeMultiHostDhcpAuthPhoneUserName SnmpAdminString
    }

bseeMultiHostDhcpAuthPhonePortNumber OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The port number associated with the DHCP authenticated IP phone."
    ::= { bseeMultiHostDhcpAuthPhoneEntry 1 }

bseeMultiHostDhcpAuthPhoneClientMACAddr OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The MAC address of the DHCP authenticated IP phone."
    ::= { bseeMultiHostDhcpAuthPhoneEntry 2 }

bseeMultiHostDhcpAuthPhoneUserName OBJECT-TYPE
    SYNTAX SnmpAdminString (SIZE (0..32))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The user name currently in use by the DHCP authenticated IP phone."
    ::= { bseeMultiHostDhcpAuthPhoneEntry 3 }    


-- ===========================================================================
-- Non-EAP  Unauthenticated  Status Table
-- ===========================================================================

bseeUnauthenticatedStatusTable OBJECT-TYPE
    SYNTAX SEQUENCE OF BseeMultiHostUnauthenticatedStatusEntry
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "This table provides the session status per-MAC address
         per-port for unauthenticated MACs."
    ::= { bayStackEapExtMib 12 }

bseeUnauthenticatedStatusEntry OBJECT-TYPE
    SYNTAX BseeMultiHostUnauthenticatedStatusEntry
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "The status of authentication of clients for a port."
    INDEX { bseeUnauthenticatedStatusPortNumber, bseeUnauthenticatedStatusClientMACAddr }
    ::= { bseeUnauthenticatedStatusTable 1 }

BseeMultiHostUnauthenticatedStatusEntry ::=
    SEQUENCE {
        bseeUnauthenticatedStatusPortNumber InterfaceIndex,
        bseeUnauthenticatedStatusClientMACAddr MacAddress,
        bseeUnauthenticatedStatusType INTEGER,
        bseeUnauthenticatedStatusRadiusStatus INTEGER
    }

bseeUnauthenticatedStatusPortNumber OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The Port number associated with this client."
    ::= { bseeUnauthenticatedStatusEntry 1 }

bseeUnauthenticatedStatusClientMACAddr OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The MAC address of the client."
    ::= { bseeUnauthenticatedStatusEntry 2 }
    
bseeUnauthenticatedStatusType OBJECT-TYPE
    SYNTAX      INTEGER {
                    intruders(1),
                    guest(2),
                    failOpen(3),
                    mhsa(4)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The reason for unauthentication: intruder MAC (failed authentication), MAC is in guest VLAN, MAC is in fail-open VLAN or it is stored directly after a single authentication (MHSA)."
    ::= { bseeUnauthenticatedStatusEntry 3 }

bseeUnauthenticatedStatusRadiusStatus OBJECT-TYPE
    SYNTAX      INTEGER {
                    noRequest(1),
                    pending(2),
                    timeout(3),
                    reject(4),
                    delayed(5)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Status for clients who attempted authentication by a Radius server."
    ::= { bseeUnauthenticatedStatusEntry 4 }

END
