ENTERASYS-MAC-AUTHENTICATION-MIB DEFINITIONS ::= BEGIN

--  enterasys-mac-authentication-mib.txt
--
--  Part Number:
--
--

--  This module provides authoritative definitions for Extreme
--  Networks' MAC-Authentication.

--
--  This module will be extended, as needed.

--  Extreme Networks reserves the right to make changes in this
--  specification and other information contained in this document
--  without prior notice.  The reader should consult Extreme Networks
--  to determine whether any such changes have been made.
--
--  In no event shall Extreme Networks be liable for any incidental,
--  indirect, special, or consequential damages whatsoever (including
--  but not limited to lost profits) arising out of or related to this
--  document or the information contained in it, even if Extreme
--  Networks has been advised of, known, or should have known, the
--  possibility of such damages.
--
--  Extreme Networks grants vendors, end-users, and other interested
--  parties a non-exclusive license to use this Specification in
--  connection with the management of Extreme Networks products.

--  Copyright December, 2014 Extreme Networks, Inc.

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, Unsigned32
        FROM SNMPv2-SMI
    MacAddress, TruthValue, RowStatus
        FROM SNMPv2-TC
    MODULE-COMPLIANCE, OBJECT-GROUP
        FROM SNMPv2-CONF
    SnmpAdminString
        FROM SNMP-FRAMEWORK-MIB
    InterfaceIndex
        FROM IF-MIB
    EnabledStatus
        FROM P-BRIDGE-MIB
    PortList
        FROM Q-BRIDGE-MIB
    etsysModules
        FROM ENTERASYS-MIB-NAMES;

etsysMACAuthenticationMIB MODULE-IDENTITY
    LAST-UPDATED "201501192051Z"  -- Mon Jan 19 20:51 UTC 2015

    ORGANIZATION "Extreme Networks, Inc"
    CONTACT-INFO
        "Postal:  Extreme Networks, Inc.
                  145 Rio Robles
                  San Jose, CA 95134 USA

         Phone:   +1 408 579-2800
         E-mail:  support@extremenetworks.com
         WWW:     http://www.extremenetworks.com"

    DESCRIPTION
        "This MIB module defines a portion of the SNMP enterprise
         MIBs under Enterasys Networks' enterprise OID pertaining to
         MAC-Authentication.

         This MIB was designed to be used for authentication using
         source MAC addresses received in traffic on ports under
         control of MAC-authentication.

         The security afforded by this approach is neither the primary
         concern nor intent of this MIB.  Rather, this MIB provides
         a convenient method of associating policy with MAC
         addresses and applying that policy when the MAC address
         appears on a pre-approved port in the network.

         The term MAC-Authentication is used because an authentication
         backend mechanism is used to allow the MAC onto the network,
         as well as provide authorization information to the switch."

    REVISION    "201501192051Z"  -- Mon Jan 19 20:51 UTC 2015
    DESCRIPTION "Added MAC List configuration.
                 Added macList mode to etsysMACAuthenticationMode.
                 Added etsysMACAuthenticationSystemUserNameFormat.
                 Deprecated etsysMACAuthenticationMACUserPassword and 
                 etsysMACAuthenticationPortUserNameSignificantBits."

    REVISION    "201305171510Z"  -- Fri May 17 15:10 UTC 2013
    DESCRIPTION "Added account enable and disable."

    REVISION    "201301311334Z"  -- Thu Jan 31 13:34 UTC 2013
    DESCRIPTION "Added the etsysMACAuthenticationMode object."

    REVISION    "200207181812Z"  -- Thu Jul 18 18:12 GMT 2002
    DESCRIPTION "The initial version of this MIB module"

    ::= { etsysModules 25 }

etsysMACAuthenticationObjects
        OBJECT IDENTIFIER ::= { etsysMACAuthenticationMIB 1 }

-- -------------------------------------------------------------
-- Textual Conventions
-- -------------------------------------------------------------

-- -------------------------------------------------------------
-- Branches of the Extreme MAC Authentication MIB
-- -------------------------------------------------------------

etsysMACAuthenticationSystem
        OBJECT IDENTIFIER ::= { etsysMACAuthenticationObjects 1 }

etsysMACAuthenticationPortConfig
        OBJECT IDENTIFIER ::= { etsysMACAuthenticationObjects 2 }

etsysMACAuthenticationMACConfig
        OBJECT IDENTIFIER ::= { etsysMACAuthenticationObjects 3 }

etsysMACAuthenticationMACSession
        OBJECT IDENTIFIER ::= { etsysMACAuthenticationObjects 4 }

etsysMACAuthenticationMACListConfig
        OBJECT IDENTIFIER ::= { etsysMACAuthenticationObjects 5 }


-- -------------------------------------------------------------
-- etsysMACAuthenticationSystemGroup
-- -------------------------------------------------------------

etsysMACAuthenticationSystemEnable OBJECT-TYPE
    SYNTAX      EnabledStatus
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When enabled(1), all objects in this MIB are fully active.
         When disabled(2), this object overrides all other object
         settings in this MIB without affecting their values."
    DEFVAL { disabled }
    ::= { etsysMACAuthenticationSystem 1 }

etsysMACAuthenticationMACUserPassword OBJECT-TYPE
    SYNTAX      SnmpAdminString
    MAX-ACCESS  read-write
    STATUS      deprecated
    DESCRIPTION
        "*** This object is deprecated in favor of     *** 
         *** the functionality provided by the         ***
         *** etsysMACAuthenticationMACListConfig group *** 

         This is the string to be used as a password credential
         when authenticating a MAC address when 
         etsysMACAuthenticationMode is set to password(1)."
    DEFVAL { "NOPASSWORD" }
    ::= { etsysMACAuthenticationSystem 2 }

etsysMACAuthenticationPortUserNameSignificantBits OBJECT-TYPE
    SYNTAX      INTEGER (1..48)
    MAX-ACCESS  read-write
    STATUS      deprecated
    DESCRIPTION
        "*** This object is deprecated in favor of     *** 
         *** the functionality provided by the         ***
         *** etsysMACAuthenticationMACListConfig group *** 

         This object represents the number of significant bits in the
         MAC addresses to be used starting with the left-most bit of
         the vendor portion of the MAC address. The significant portion
         of the MAC address is sent as a user-name credential when the
         primary attempt to authenticate the full MAC address fails.
         Any other failure to authenticate the full address, (i.e.
         authentication server timeout) causes the the next attempt to
         start once again with a full MAC authentication.  This value is
         only applicable when the etsysMACAuthenticationMode is set 
         to a value of password(1) or radiusUsername(2)."
    DEFVAL { 48 }
    ::= { etsysMACAuthenticationSystem 3 }

etsysMACAuthenticationMode OBJECT-TYPE
    SYNTAX      INTEGER {
                  password(1),
                  radiusUsername(2),
                  macList(3)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object selects the credentials to use when authenticating 
         a MAC address.

         password(1)       - Attempt to authenticate a user with the 
                           password credential provided by 
                           etsysMACAuthenticationMACUserPassword.

         radiusUsername(2) - Attempt to authenticate a user with a password
                           credential that is the same as the radius 
                           username credential.     

         macList(3)        - Attempt to authenticate a user with credentials 
                           provided by mac-list configuration." 
    DEFVAL { macList }
    ::= { etsysMACAuthenticationSystem 4 }

etsysMACAuthenticationSystemAccountEnable OBJECT-TYPE
    SYNTAX      EnabledStatus
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When enabled(1), RADIUS accounting start, interim and 
         stop frames are sent to the configured RADIUS server(s).
         
         When disabled(2), accounting packets are not sent to 
         the RADIUS server."
    DEFVAL { enabled }
    ::= { etsysMACAuthenticationSystem 5 }

etsysMACAuthenticationSystemUserNameFormat OBJECT-TYPE
    SYNTAX      INTEGER {
                  hyphen(1),
                  none(2)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "When hyphen(1), the user-name credential is the 
         MAC address formatted as 'xx-xx-xx-xx-xx-xx'.
         
         When set to none(2), the user-name credential is the 
         MAC address formatted as 'xxxxxxxxxxxx'."
    DEFVAL { none }
    ::= { etsysMACAuthenticationSystem 6 }

-- -------------------------------------------------------------
-- etsysMACAuthenticationPortConfigGroup
-- -------------------------------------------------------------

etsysMACAuthenticationPortConfigTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EtsysMACAuthenticationPortConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table containing configuration objects for each MAC
         authentication port. The configuration for
         each port in this table must be non-volatile."
    ::= { etsysMACAuthenticationPortConfig 1 }

etsysMACAuthenticationPortConfigEntry OBJECT-TYPE
    SYNTAX      EtsysMACAuthenticationPortConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each conceptual row provides control over all of the
         initial values used by each authenticated MAC on
         this port. Subsequent changes to rows in this table,
         except where noted, have no effect on existing MACs
         authenticated on this port."
    INDEX { etsysMACAuthenticationPort }
    ::= { etsysMACAuthenticationPortConfigTable 1 }

EtsysMACAuthenticationPortConfigEntry ::=
    SEQUENCE {
        etsysMACAuthenticationPort                      InterfaceIndex,
        etsysMACAuthenticationPortInitialize            TruthValue,
        etsysMACAuthenticationPortReauthenticate        TruthValue,
        etsysMACAuthenticationPortEnable                EnabledStatus,
        etsysMACAuthenticationPortQuietPeriod           Unsigned32,
        etsysMACAuthenticationPortReauthPeriod          Unsigned32,
        etsysMACAuthenticationPortReauthEnabled         EnabledStatus,
        etsysMACAuthenticationAuthenticationsAllowed    Unsigned32,
        etsysMACAuthenticationAuthenticationsAllocated  Unsigned32,
        etsysMACAuthenticationLastFailedAuthCause       SnmpAdminString
    }

etsysMACAuthenticationPort OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This is the InterfaceIndex associated with this row."
    ::= { etsysMACAuthenticationPortConfigEntry 1 }

etsysMACAuthenticationPortInitialize OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When set to true(1), the MAC authentication logic on this
         port is initialized, forcibly ending all MAC authentication
         sessions currently in existence on this port.  A set with
         the value false(2) has no affect and a read always returns
         false."
    ::= { etsysMACAuthenticationPortConfigEntry 2 }

etsysMACAuthenticationPortReauthenticate OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When set to true(1), the MAC authentication entity on
         this port is required to immediately verify all currently
         authenticated MACs on this port. This requires that each
         MAC address be authenticated with the authentication server
         through the local authentication client or some other
         authentication mechanism. Each supplicant remains
         authenticated pending the outcome."
    ::= { etsysMACAuthenticationPortConfigEntry 3 }

etsysMACAuthenticationPortEnable OBJECT-TYPE
    SYNTAX      EnabledStatus
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When set to enabled(1), a platform dependent triggering
         mechanism initiates an authentication exchange using a
         MAC address for authentication credentials.
         When disabled(2), authentication attempts are disabled
         and all currently authenticated MAC sessions or those in
         the process of authentication on this port are terminated."
    DEFVAL { disabled }
    ::= { etsysMACAuthenticationPortConfigEntry 4 }

etsysMACAuthenticationPortQuietPeriod OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value, in seconds, following a failed authentication
         before another may be attempted on this port. This object
         allows network management to provide hysteresis for failed
         authentication requests from the same port."
    DEFVAL { 30 }
    ::= { etsysMACAuthenticationPortConfigEntry 5 }

etsysMACAuthenticationPortReauthPeriod OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value, in seconds, between attempts to re-authenticate
         any current MAC authenticated on this port."
    DEFVAL { 3600 }
    ::= { etsysMACAuthenticationPortConfigEntry 6 }

etsysMACAuthenticationPortReauthEnabled OBJECT-TYPE
    SYNTAX      EnabledStatus
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "If enabled(1), then every etsysMACAuthenticationReauthPeriod
         the switch attempts to validate all currently authenticated
         MACs on this port. When set to disabled(2) all current
         re-authentications in progress are allowed to complete and
         the requisite actions are taken. When set to disabled(2), no
         further re-authentications are attempted."
    DEFVAL { disabled }
    ::= { etsysMACAuthenticationPortConfigEntry 7 }

etsysMACAuthenticationAuthenticationsAllowed OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The maximum number of concurrent authentications supported
         on this port on this module. The default value of this
         object is platform and resource dependent."
    ::= { etsysMACAuthenticationPortConfigEntry 8 }

etsysMACAuthenticationAuthenticationsAllocated OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The maximum number of MAC authentications permitted on this
         port on this module. This value must be non-zero and be less
         than or equal to the value of
         etsysMACAuthenticationAuthenticationsAllowed.  Setting this
         object to a value less than the current number of authenticated
         MACs on this port prevents further authentications, but has no
         affect on the current sessions."
    ::= { etsysMACAuthenticationPortConfigEntry 9 }

etsysMACAuthenticationLastFailedAuthCause OBJECT-TYPE
    SYNTAX      SnmpAdminString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
       "The string will be formatted with
       'XX-XX-XX-XX-XX-XX: TIME&DATE: Textual failure reason';
        where XX-XX-XX-XX-XX-XX is the MAC address and TIME&DATE
        is the time (hh/mm/ss) and date (mm/dd/yyyy) of the failure.
        It is also only best effort; as there could be multiple
        failures per port and the agent may query this at any random
        time."
    ::= { etsysMACAuthenticationPortConfigEntry 10 }


-- -------------------------------------------------------------
-- etsysMACAuthenticationMACConfigGroup
-- -------------------------------------------------------------

etsysMACAuthenticationMACConfigTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EtsysMACAuthenticationMACConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table containing configuration objects for each MAC
         authenticated on a port. Each row in this table
         is created dynamically when a MAC authenticates
         on a port."
    ::= { etsysMACAuthenticationMACConfig 1 }

etsysMACAuthenticationMACConfigEntry OBJECT-TYPE
    SYNTAX      EtsysMACAuthenticationMACConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each conceptual row inherits it's initial information
         from the row in the etsysMACAuthenticationPortConfigTable
         corresponding to the correct port. Each row represents an
         authenticated MAC."
    INDEX { etsysMACAuthenticationMACAddress }
    ::= { etsysMACAuthenticationMACConfigTable 1 }

EtsysMACAuthenticationMACConfigEntry::=
    SEQUENCE {
        etsysMACAuthenticationMACAddress                MacAddress,
        etsysMACAuthenticationSupplicantPort            InterfaceIndex,
        etsysMACAuthenticationMACInitialize             TruthValue,
        etsysMACAuthenticationMACReauthenticate         TruthValue,
        etsysMACAuthenticationMACReauthPeriod           Unsigned32,
        etsysMACAuthenticationMACReauthEnabled          EnabledStatus
    }

etsysMACAuthenticationMACAddress OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This is the MAC address that was authenticated on this port."
    ::= { etsysMACAuthenticationMACConfigEntry 1 }

etsysMACAuthenticationSupplicantPort OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This is the InterfaceIndex associated with this rows
         authenticated MAC."
    ::= { etsysMACAuthenticationMACConfigEntry 2 }

etsysMACAuthenticationMACInitialize OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When set to true(1), this MAC session terminates causing the
        corresponding row in this table and in the
        etsysMACAuthenticationSessionTable to be removed.

        Setting this object to false(2) has no effect on the system.
        Reads of this object always return false(2)."
    ::= { etsysMACAuthenticationMACConfigEntry 3 }

etsysMACAuthenticationMACReauthenticate OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When set to true(1), this MAC authentication session on this
         port is required to immediately verify it's credentials.
         This requires that each MAC address be authenticated with the
         authentication server through the local authentication client
         or some other authentication mechanism.

         Setting this object to false(2) has no effect on the system.
         Reads of this object always return false(2)."
    ::= { etsysMACAuthenticationMACConfigEntry 4 }

etsysMACAuthenticationMACReauthPeriod OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value, in seconds, between attempts to re-authenticate
         the MAC associated with this row."
    ::= { etsysMACAuthenticationMACConfigEntry 5 }

etsysMACAuthenticationMACReauthEnabled OBJECT-TYPE
    SYNTAX      EnabledStatus
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "If enabled(1), then every etsysMACAuthenticationReauthPeriod
         the switch attempts to validate all currently authenticated
         MACs on this port. If disabled(2), reauthentication is
         not attempted."
    ::= { etsysMACAuthenticationMACConfigEntry 6 }


-- -------------------------------------------------------------
-- etsysMACAuthenticationSessionGroup
-- -------------------------------------------------------------

etsysMACAuthenticationSessionTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EtsysMACAuthenticationSessionEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table containing configuration objects for each MAC
         authentication on a port. The successful completion of
         an authentication causes the creation of a new row in
         this table. When a MAC becomes unauthenticated because
         of a link-down, a management change, or system
         re-initialization, then the corresponding row is removed
         from this table."
    ::= { etsysMACAuthenticationMACSession 1 }

etsysMACAuthenticationSessionEntry OBJECT-TYPE
    SYNTAX      EtsysMACAuthenticationSessionEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each conceptual row inherits it's initial information
         from the row in the etsysMACAuthenticationPortConfigTable
         corresponding to the correct port. Each row represents an
         authenticated MAC."
    INDEX { etsysMACAuthenticationMACAddress }
    ::= { etsysMACAuthenticationSessionTable 1 }

EtsysMACAuthenticationSessionEntry::=
    SEQUENCE {
        etsysMACAuthenticationSessionPort               InterfaceIndex,
        etsysMACAuthenticationDuration                  Unsigned32
    }

etsysMACAuthenticationSessionPort OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This is the InterfaceIndex associated with the authenticated
         MACs session."
    ::= { etsysMACAuthenticationSessionEntry 1 }

etsysMACAuthenticationDuration OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value, in seconds, which have elapsed since the start
         of this session."
    ::= { etsysMACAuthenticationSessionEntry 2 }

-- -------------------------------------------------------------
-- etsysMACAuthenticationMACListConfig
-- -------------------------------------------------------------

etsysMACAuthenticationMaxMACListEntries OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Maximum number of entries allowed in the 
         etsysMACAuthenticationMACListTable."
    ::= { etsysMACAuthenticationMACListConfig 1 }

etsysMACAuthenticationCurrentMACListEntries OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The current number of entries in the 
         etsysMACAuthenticationMACListTable."
    ::= { etsysMACAuthenticationMACListConfig 2 }

etsysMACAuthenticationMACListTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EtsysMACAuthenticationMACListEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This table provides configuration objects for the
         MAC List functionality.

         When an unauthenticated MAC address is received a
         longest prefix search is performed. If more than  
         one match is made -- the one with the longest 
         mask length -- is called the longest prefix match. 

         Authentication is blocked when no match is found,
         or the matching entry's etsysMACAuthenticationMACListPorts 
         value is not the empty string and the ingress port is not 
         set in the list.

         To create a default entry that matches any MAC address,
         configure a row with a MAC address of all FFs. 
         
         The user-name credential will be the portion 
         of the MAC address specified by 
         etsysMACAuthenticationMACListMaskLen.

         If the etsysMACAuthenticationMACListPassword is set,
         it will be used as the password credential for authentication.
         Otherwise, the user-name credential will be used as the 
         password credential."
    ::= { etsysMACAuthenticationMACListConfig 3 }

etsysMACAuthenticationMACListEntry OBJECT-TYPE
    SYNTAX      EtsysMACAuthenticationMACListEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row represents an entry in the MAC List."
    INDEX { etsysMACAuthenticationMACListAddress, 
            etsysMACAuthenticationMACListMaskLen }
    ::= { etsysMACAuthenticationMACListTable 1 }

EtsysMACAuthenticationMACListEntry::=
    SEQUENCE {
        etsysMACAuthenticationMACListAddress       MacAddress,
        etsysMACAuthenticationMACListMaskLen       Unsigned32,
        etsysMACAuthenticationMACListPassword      SnmpAdminString,
        etsysMACAuthenticationMACListPasswordValid TruthValue, 
        etsysMACAuthenticationMACListPorts         PortList,
        etsysMACAuthenticationMACListRowStatus     RowStatus
    }

etsysMACAuthenticationMACListAddress OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The MAC address to match."
    ::= { etsysMACAuthenticationMACListEntry 1 }

etsysMACAuthenticationMACListMaskLen OBJECT-TYPE
    SYNTAX      Unsigned32 (1..48)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This object represents the number of significant bits in the
         MAC address to match starting with the left-most bit of
         the vendor portion of the MAC address. The significant portion
         of the MAC address is sent as a user-name credential." 
    ::= { etsysMACAuthenticationMACListEntry 2 }

etsysMACAuthenticationMACListPassword OBJECT-TYPE
    SYNTAX      SnmpAdminString (SIZE(0..48))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The password to use to authenticate the MAC address.
         On a read this object will always return an empty string."
    DEFVAL { "" }
    ::= { etsysMACAuthenticationMACListEntry 3 }

etsysMACAuthenticationMACListPasswordValid OBJECT-TYPE
    SYNTAX      TruthValue 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "true(1)  - indicates that etsysMACAuthenticationMACListPassword 
         was last set with some value other than the empty string.

         false(2) - indicates that etsysMACAuthenticationMACListPassword 
         has never been set, or was last set to the empty string. 
         In this case, the password used to authenticate will be the same 
         as the user-name credential."
    ::= { etsysMACAuthenticationMACListEntry 4 }

etsysMACAuthenticationMACListPorts OBJECT-TYPE
    SYNTAX      PortList
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The set of ports to allow authentication on. If this object is  
         the empty string then authentication is allowed on all ports."
    DEFVAL { ''H }    -- the empty string
    ::= { etsysMACAuthenticationMACListEntry 5 }

etsysMACAuthenticationMACListRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The status of this row.  

         active(1)        -- Indicates that this entry is available
                             for use by the managed device. 
                             
         createAndGo(4)   -- A new entry will be created in this table
                             and the new entry will transition to the 
                             active state. 

         destroy(6)       -- Deletes this row. "
    ::= { etsysMACAuthenticationMACListEntry 6 }

-- -------------------------------------------------------------
-- Conformance Information
-- -------------------------------------------------------------

etsysMACAuthenticationConformance
        OBJECT IDENTIFIER ::= { etsysMACAuthenticationMIB 2 }

etsysMACAuthenticationGroups
        OBJECT IDENTIFIER ::= { etsysMACAuthenticationConformance 1 }

etsysMACAuthenticationCompliances
        OBJECT IDENTIFIER ::= { etsysMACAuthenticationConformance 2 }


-- -------------------------------------------------------------
-- Units of conformance
-- -------------------------------------------------------------

etsysMACAuthenticationSystemGroup OBJECT-GROUP
    OBJECTS {
        etsysMACAuthenticationSystemEnable,
        etsysMACAuthenticationMACUserPassword,
        etsysMACAuthenticationPortUserNameSignificantBits
    }
    STATUS      deprecated
    DESCRIPTION
        "Global object controlling this feature.
         Global objects that affect how the credentials are
         presented to the authentication server."
    ::= { etsysMACAuthenticationGroups 1 }

etsysMACAuthenticationPortConfigGroup OBJECT-GROUP
    OBJECTS {
        etsysMACAuthenticationPortInitialize,
        etsysMACAuthenticationPortReauthenticate,
        etsysMACAuthenticationPortEnable,
        etsysMACAuthenticationPortQuietPeriod,
        etsysMACAuthenticationPortReauthPeriod,
        etsysMACAuthenticationPortReauthEnabled,
        etsysMACAuthenticationAuthenticationsAllowed,
        etsysMACAuthenticationAuthenticationsAllocated,
        etsysMACAuthenticationLastFailedAuthCause
    }
    STATUS      current
    DESCRIPTION
        "Objects describing the MAC Authentication
         configuration for each port."
    ::= { etsysMACAuthenticationGroups 2 }

etsysMACAuthenticationMACConfigGroup OBJECT-GROUP
    OBJECTS {
        etsysMACAuthenticationSupplicantPort,
        etsysMACAuthenticationMACInitialize,
        etsysMACAuthenticationMACReauthenticate,
        etsysMACAuthenticationMACReauthPeriod,
        etsysMACAuthenticationMACReauthEnabled
    }
    STATUS      current
    DESCRIPTION
        "Objects associated with an individual MACs
         authentication configuration."
    ::= { etsysMACAuthenticationGroups 3 }

etsysMACAuthenticationMACSessionGroup OBJECT-GROUP
    OBJECTS {
        etsysMACAuthenticationSessionPort,
        etsysMACAuthenticationDuration
    }
    STATUS      current
    DESCRIPTION
        "Objects associated with a MAC Session"
    ::= { etsysMACAuthenticationGroups 4 }

etsysMACAuthenticationSystemGroup2 OBJECT-GROUP
    OBJECTS {
        etsysMACAuthenticationSystemEnable,
        etsysMACAuthenticationMACUserPassword,
        etsysMACAuthenticationPortUserNameSignificantBits,
        etsysMACAuthenticationMode,
        etsysMACAuthenticationSystemAccountEnable
    }
    STATUS      deprecated
    DESCRIPTION
        "Global object controlling this feature. 
         Global objects that affect how the credentials are
         presented to the authentication server."
    ::= { etsysMACAuthenticationGroups 5 }

etsysMACAuthenticationSystemGroup3 OBJECT-GROUP
    OBJECTS {
        etsysMACAuthenticationSystemEnable,
        etsysMACAuthenticationMode,
        etsysMACAuthenticationSystemAccountEnable,
        etsysMACAuthenticationSystemUserNameFormat 
    }
    STATUS      current
    DESCRIPTION
        "Global object controlling this feature. 
         Global objects that affect how the credentials are
         presented to the authentication server."
    ::= { etsysMACAuthenticationGroups 6 }

etsysMACAuthenticationMACListGroup OBJECT-GROUP
    OBJECTS {
        etsysMACAuthenticationMaxMACListEntries,
        etsysMACAuthenticationCurrentMACListEntries,
        etsysMACAuthenticationMACListPassword,
        etsysMACAuthenticationMACListPasswordValid,
        etsysMACAuthenticationMACListPorts,
        etsysMACAuthenticationMACListRowStatus 
    }
    STATUS      current
    DESCRIPTION
        "Objects associated with MAC-List configuration."
    ::= { etsysMACAuthenticationGroups 7 }

-- -------------------------------------------------------------
-- Compliance statements
-- -------------------------------------------------------------

etsysMACAuthenticationCompliance MODULE-COMPLIANCE
    STATUS      deprecated
    DESCRIPTION
        "The compliance statement for devices that support MAC-Authentication."

    MODULE
        MANDATORY-GROUPS {
            etsysMACAuthenticationSystemGroup,
            etsysMACAuthenticationPortConfigGroup,
            etsysMACAuthenticationMACConfigGroup
            }

        GROUP etsysMACAuthenticationMACSessionGroup
        DESCRIPTION
            "Implementation of the etsysMACAuthenticationMACSessionGroup
             is optional for all agents.  If the agent impelments session
             functionality, then this table should be supported."

       OBJECT      etsysMACAuthenticationSystemEnable
       SYNTAX      EnabledStatus
       MIN-ACCESS  read-only
       DESCRIPTION
           "Write access is not required. If read-only is selected,
            then the default value must be enabled(1)."

       OBJECT      etsysMACAuthenticationPortUserNameSignificantBits
       SYNTAX      INTEGER(1..48)
       MIN-ACCESS  read-only
       DESCRIPTION
           "Write access is not required. If read-only is selected,
            then the default value must be 48. If this object is read-write,
            then the agent performs a two stage authentication where the
            it attempts to authenticate the masked MAC address if the
            full MAC address fails to authenticate."
    ::= { etsysMACAuthenticationCompliances 1 }

etsysMACAuthenticationCompliance2 MODULE-COMPLIANCE
    STATUS      deprecated
    DESCRIPTION
        "The compliance statement for devices that support
         MAC-Authentication."

    MODULE
        MANDATORY-GROUPS {
            etsysMACAuthenticationSystemGroup2,
            etsysMACAuthenticationPortConfigGroup,
            etsysMACAuthenticationMACConfigGroup
            }

        GROUP etsysMACAuthenticationMACSessionGroup
        DESCRIPTION
            "Implementation of the etsysMACAuthenticationMACSessionGroup
             is optional for all agents.  If the agent impelments session
             functionality, then this table should be supported."

       OBJECT      etsysMACAuthenticationSystemEnable
       SYNTAX      EnabledStatus
       MIN-ACCESS  read-only
       DESCRIPTION
           "Write access is not required. If read-only is selected,
            then the default value must be enabled(1)."

       OBJECT      etsysMACAuthenticationPortUserNameSignificantBits
       SYNTAX      INTEGER(1..48)
       MIN-ACCESS  read-only
       DESCRIPTION
           "Write access is not required. If read-only is selected,
            then the default value must be 48. If this object is read-write,
            then the agent performs a two stage authentication where the
            it attempts to authenticate the masked MAC address if the
            full MAC address fails to authenticate."
    ::= { etsysMACAuthenticationCompliances 2 }

etsysMACAuthenticationCompliance3 MODULE-COMPLIANCE
    STATUS      current
    DESCRIPTION
        "The compliance statement for devices that support
         MAC-Authentication."

    MODULE
        MANDATORY-GROUPS {
            etsysMACAuthenticationSystemGroup3,
            etsysMACAuthenticationPortConfigGroup,
            etsysMACAuthenticationMACConfigGroup
            }

        GROUP etsysMACAuthenticationMACSessionGroup
        DESCRIPTION
            "Implementation of the etsysMACAuthenticationMACSessionGroup
             is optional for all agents.  If the agent implements session
             functionality, then this table should be supported."

        GROUP etsysMACAuthenticationMACListGroup
        DESCRIPTION
            "Implementation of the etysMACAuthenticationMACListGroup is
             optional for all agents. If the agent implements MAC-List
             functionality, then this table should be supported."

        OBJECT      etsysMACAuthenticationSystemEnable
        SYNTAX      EnabledStatus
        MIN-ACCESS  read-only
        DESCRIPTION
            "Write access is not required. If read-only is selected,
             then the default value must be enabled(1)."

        OBJECT      etsysMACAuthenticationSystemUserNameFormat
        SYNTAX      INTEGER {
                      hyphen(1),
                      none(2)
                    }
        MIN-ACCESS  read-only
        DESCRIPTION
            "Write access is not required."
 
        OBJECT     etsysMACAuthenticationMode
        SYNTAX     INTEGER {
 		    password(1),
 	    	    radiusUsername(2),
 		    macList(3)
       	          }
        MIN-ACCESS read-only
        DESCRIPTION
            "Write access is not required."
 
 	OBJECT etsysMACAuthenticationMACListRowStatus 
 	WRITE-SYNTAX RowStatus { active(1), createAndGo(4), destroy(6) }
	DESCRIPTION
 	    "The states createAndWait, notInService and notReady are not
	     supported for writing."

       ::= { etsysMACAuthenticationCompliances 3 }

END
