ENTERASYS-RADIUS-DYNAMIC-AUTHOR-SERVER-EXT-MIB DEFINITIONS ::= BEGIN

--
--  Part Number: 
--
--

--  This module provides authoritative definitions for Extreme 
--  Network's RADIUS Dynamic Authorization Server MIB.

--
--  This module will be extended, as needed.

--  Extreme Networks reserves the right to make changes in this
--  specification and other information contained in this document
--  without prior notice.  The reader should consult Extreme Networks
--  to determine whether any such changes have been made.
--
--  In no event shall Extreme Networks be liable for any incidental,
--  indirect, special, or consequential damages whatsoever (including
--  but not limited to lost profits) arising out of or related to this
--  document or the information contained in it, even if Extreme
--  Networks has been advised of, known, or should have known, the
--  possibility of such damages.
--
--  Extreme Networks grants vendors, end-users, and other interested
--  parties a non-exclusive license to use this Specification in 
--  connection with the management of Extreme Networks products.

--  Copyright April, 2016 Extreme Networks, Inc.

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE          FROM SNMPv2-SMI
    Integer32                             FROM SNMPv2-SMI
    MODULE-COMPLIANCE, OBJECT-GROUP       FROM SNMPv2-CONF
    TruthValue, RowStatus                 FROM SNMPv2-TC
    InetAddressType, InetAddress          FROM INET-ADDRESS-MIB
    etsysModules                          FROM ENTERASYS-MIB-NAMES;

etsysRadiusDynAuthorServerMIB MODULE-IDENTITY
    LAST-UPDATED "201605181406Z"  -- Wed May 18 14:06 UTC 2016
    ORGANIZATION "Extreme Networks"
    CONTACT-INFO
        "Postal:  Extreme Networks, Inc.
                  145 Rio Robles
                  San Jose, CA 95134 USA

         Phone:   +1 408 579-2800
         E-mail:  support@extremenetworks.com
         WWW:     http://www.extremenetworks.com"

    DESCRIPTION
        "This MIB module defines a portion of the SNMP enterprise
         MIBs under Enterasys Networks' enterprise OID pertaining to 
         the server side of the Remote Access Dialin User Service 
         (RADIUS) Dynamic Authorization protocol (RFC5176).
          
         This MIB provides read-write access to configuration objects
         not provided in the standard RADIUS Dynamic Authorization 
         MIB (RFC4673).  However, the write capability must only
         be supported for SNMPv3, or other SNMP versions with 
         adequately strong security.

         Security concerns include Object ID verification, source
         address verification and timeliness verification."

    REVISION  "201605181406Z"  -- Wed May 18 14:06 UTC 2016
    DESCRIPTION 
        "Addition of server client IP addresses and server 
         virtual router configuration.

         Updated the CONTACT-INFO clause."            

    REVISION "201112191324Z"  -- Mon Dec 19 13:24 UTC 2011
    DESCRIPTION 
        "The initial version of this MIB module."

    ::= { etsysModules 80 }


-- ------------------------------------
-- MIB Objects
-- ------------------------------------

etsysRadiusDynAuthorServerMIBObjects
        OBJECT IDENTIFIER ::= { etsysRadiusDynAuthorServerMIB 1 }

etsysRadiusDynAuthorServerEnable OBJECT-TYPE
    SYNTAX         INTEGER {
        enable(1),
        disable(2)
    }
    MAX-ACCESS     read-write
    STATUS         current
    DESCRIPTION
        "This object indicates whether or not RADIUS Dynamic Authorization
         is enabled or disabled. This parameter value MUST be maintained
         across system reboots."
    DEFVAL { disable }
    ::= { etsysRadiusDynAuthorServerMIBObjects 1 }

etsysRadiusDynAuthorServerClientTable OBJECT-TYPE
    SYNTAX         SEQUENCE OF EtsysRadiusDynAuthorServerClientEntry
    MAX-ACCESS     not-accessible
    STATUS         current
    DESCRIPTION
        "The (conceptual) table listing the RADIUS Accounting 
         servers."
    ::= { etsysRadiusDynAuthorServerMIBObjects 2 }

etsysRadiusDynAuthorServerClientEntry OBJECT-TYPE
    SYNTAX         EtsysRadiusDynAuthorServerClientEntry
    MAX-ACCESS     not-accessible
    STATUS         current
    DESCRIPTION
        "An entry (conceptual row) representing a RADIUS
         dynamic authorization server with which the server shares
         a secret. If RADIUS dynamic authorization is not enabled, this 
         table is ignored.

         All created conceptual rows are non-volatile and as such
         MUST be maintained upon restart of the agent."
    INDEX      { etsysRadiusDynAuthorServerClientIndex }
    ::= { etsysRadiusDynAuthorServerClientTable 1 }

EtsysRadiusDynAuthorServerClientEntry ::=
    SEQUENCE {
        etsysRadiusDynAuthorServerClientIndex            
            Integer32,
        etsysRadiusDynAuthorServerClientAddressType      
            InetAddressType,
        etsysRadiusDynAuthorServerClientAddress          
            InetAddress,
        etsysRadiusDynAuthorServerClientSecret           
            OCTET STRING,
        etsysRadiusDynAuthorServerClientSecretEntered    
            TruthValue,
        etsysRadiusDynAuthorServerClientStatus           
            RowStatus,
        etsysRadiusDynAuthorClientServerClientAddressType       
            InetAddressType,
        etsysRadiusDynAuthorClientServerClientAddress           
            InetAddress,
        etsysRadiusDynAuthorClientServerClientVirtualRouterName 
            OCTET STRING
}

etsysRadiusDynAuthorServerClientIndex OBJECT-TYPE
    SYNTAX         Integer32 (1..2147483647)
    MAX-ACCESS     not-accessible
    STATUS         current
    DESCRIPTION
        "A number uniquely identifying each conceptual row
         in the etsysRadiusDynAuthorServerClientTable.
   
         In the event of an agent restart, the same value
         of etsysRadiusDynAuthorServerClientIndex MUST be used to 
         identify each conceptual row in 
         etsysRadiusDynAuthorServerClientTable as was used prior 
         to the restart."
    ::= { etsysRadiusDynAuthorServerClientEntry 1 }

etsysRadiusDynAuthorServerClientAddressType OBJECT-TYPE
    SYNTAX         InetAddressType
    MAX-ACCESS     read-create
    STATUS         current
    DESCRIPTION
        "The type of Internet address by which the 
         RADIUS Dynamic Authorization Client is reachable."
    DEFVAL { ipv4 }
    ::= { etsysRadiusDynAuthorServerClientEntry 2 }

etsysRadiusDynAuthorServerClientAddress OBJECT-TYPE
    SYNTAX         InetAddress (SIZE(1..64))
    MAX-ACCESS     read-create
    STATUS         current
    DESCRIPTION
        "The Internet address for the RADIUS Dynamic Authorization 
         Client.  Note that implementations MUST limit
         themselves to a single entry in this table per 
         reachable server.

         The etsysRadiusDynAuthorServerClientAddress may not be
         empty due to the SIZE restriction.  Also the size 
         of a DNS name is limited to 64 characters.

         This parameter value is maintained across system 
         reboots."
    ::= { etsysRadiusDynAuthorServerClientEntry 3 }

etsysRadiusDynAuthorServerClientSecret  OBJECT-TYPE
    SYNTAX         OCTET STRING (SIZE(0..255))
    MAX-ACCESS     read-create
    STATUS         current
    DESCRIPTION
        "This object is the secret shared between the RADIUS 
         Dynamic Authorization client and RADIUS server.  This 
         parameter value is maintained across system reboots.
         While the 'official' MAX-ACCESS for this object is
         read-create, all implementations MUST return an
         empty string on a read."
    DEFVAL { ''H }    -- the empty string
    ::= { etsysRadiusDynAuthorServerClientEntry 4 }

etsysRadiusDynAuthorServerClientSecretEntered  OBJECT-TYPE
    SYNTAX         TruthValue
    MAX-ACCESS     read-only
    STATUS         current
    DESCRIPTION
        "true(1)  - Indicates that etsysRadiusDynAuthorServerClientSecret
                    was last set with some value other than the empty 
                    string.

         false(2) - Indicates that etsysRadiusDynAuthorServerClientSecret 
                    has never been set, or was last set to the empty 
                    string."
    ::= { etsysRadiusDynAuthorServerClientEntry 5 }

etsysRadiusDynAuthorServerClientStatus OBJECT-TYPE
    SYNTAX         RowStatus
    MAX-ACCESS     read-create
    STATUS         current
    DESCRIPTION   
        "Lets users create and delete RADIUS Dynamic Authorization      
         client entries on systems that support this capability.

         Rules

            1. When creating a RADIUS Dynamic Authorization Client, 
               it is up to the management station to determine a 
               suitable etsysRadiusDynAuthorServerClientIndex.
               To facilitate interoperability, agents SHOULD not 
               put any restrictions on the 
               etsysRadiusDynAuthorServerClientIndex beyond the 
               obvious ones that it be valid and unused.

            2. Before a new row can become 'active', values
               must be supplied for the columnar objects
               etsysRadiusDynAuthorServerClientAddress,
               etsysRadiusDynAuthorServerClientSecret,
               etsysRadiusDynAuthorServerClientAddress, and
               etsysRadiusDynAuthorClientServerClientVirtualRouterName.
               
            3. The value of etsysRadiusDynAuthorServerClientStatus
               must be set to 'notInService' in order to modify
               a writable object in the same conceptual row.

            4. etsysRadiusDynAuthorServerClient entries whose 
               status is 'notReady' or 'notInService' will 
               not be used for Dynamic Authorization."
    ::= { etsysRadiusDynAuthorServerClientEntry 6 }

etsysRadiusDynAuthorClientServerClientAddressType OBJECT-TYPE
    SYNTAX         InetAddressType
    MAX-ACCESS     read-create
    STATUS         current
    DESCRIPTION
        "This object specifies how etsysRadiusDynAuthorServerClientAddressType
         is encoded.  Support for all possible enumerations defined by
         InetAddressType is NOT REQUIRED."
    DEFVAL { ipv4 }
    ::= { etsysRadiusDynAuthorServerClientEntry 7 }

etsysRadiusDynAuthorClientServerClientAddress OBJECT-TYPE
    SYNTAX         InetAddress (SIZE(1..64))
    MAX-ACCESS     read-create
    STATUS         current
    DESCRIPTION
        "The encoded unicast IP address of a local system interface.  
         RADIUS Dynamic Authorization responses will be sent from 
         this address."
    ::= { etsysRadiusDynAuthorServerClientEntry 8 }

etsysRadiusDynAuthorClientServerClientVirtualRouterName OBJECT-TYPE
    SYNTAX         OCTET STRING (SIZE(0..32))
    MAX-ACCESS     read-create
    STATUS         current
    DESCRIPTION
        "The name of the local system virtual router that traffic 
         sent to this RADIUS Dynamic Authorization 
         server should be associated with.

         Writing this object with a zero length string clears the
         virtual router name for this server."
    ::= { etsysRadiusDynAuthorServerClientEntry 9 }

-- ------------------------------------
-- Conformance information
-- ------------------------------------

etsysRadiusDynAuthorServerMIBConformance
       OBJECT IDENTIFIER ::= { etsysRadiusDynAuthorServerMIB 2 }

etsysRadiusDynAuthorServerMIBCompliances
       OBJECT IDENTIFIER ::= { etsysRadiusDynAuthorServerMIBConformance 1 }

etsysRadiusDynAuthorServerMIBGroups
       OBJECT IDENTIFIER ::= { etsysRadiusDynAuthorServerMIBConformance 2 }


-- ------------------------------------
-- Units of conformance
-- ------------------------------------

etsysRadiusDynAuthorServerMIBGroup OBJECT-GROUP
     OBJECTS { etsysRadiusDynAuthorServerEnable,
               etsysRadiusDynAuthorServerClientAddressType,
               etsysRadiusDynAuthorServerClientAddress,
               etsysRadiusDynAuthorServerClientSecret,
               etsysRadiusDynAuthorServerClientSecretEntered,
               etsysRadiusDynAuthorServerClientStatus
             }
     STATUS  deprecated
     DESCRIPTION
         "The basic collection of objects providing a proprietary
          extension to the standard RADIUS Dynamic Authorization MIB. 
  
          This MIB provides read-write access to configuration 
          objects not provided in the standard RADIUS Dynamic Authorization 
          MIB (RFC4763).  However, the write capability must only
          be supported for SNMPv3, or other SNMP versions with 
          adequately strong security."
     ::= { etsysRadiusDynAuthorServerMIBGroups 1 }

etsysRadiusDynAuthorServerMIBGroup2 OBJECT-GROUP
     OBJECTS { etsysRadiusDynAuthorServerEnable,
               etsysRadiusDynAuthorServerClientAddressType,
               etsysRadiusDynAuthorServerClientAddress,
               etsysRadiusDynAuthorServerClientSecret,
               etsysRadiusDynAuthorServerClientSecretEntered,
               etsysRadiusDynAuthorServerClientStatus,
               etsysRadiusDynAuthorClientServerClientAddressType,
               etsysRadiusDynAuthorClientServerClientAddress,
               etsysRadiusDynAuthorClientServerClientVirtualRouterName
             }
     STATUS  current
     DESCRIPTION
         "The basic collection of objects providing a proprietary
          extension to the standard RADIUS Dynamic Authorization MIB.

          This MIB provides read-write access to configuration
          objects not provided in the standard RADIUS Dynamic Authorization
          MIB (RFC4763).  However, the write capability must only
          be supported for SNMPv3, or other SNMP versions with
          adequately strong security."
     ::= { etsysRadiusDynAuthorServerMIBGroups 2 }

-- ------------------------------------
-- Compliance statements
-- ------------------------------------

etsysRadiusDynAuthorServerMIBCompliance MODULE-COMPLIANCE
     STATUS  deprecated
     DESCRIPTION
         "The compliance statement for Dynamic Authorization
          servers implementing the RADIUS Dynamic Authorization 
          ServerMIB."
     MODULE  -- this module
         MANDATORY-GROUPS { etsysRadiusDynAuthorServerMIBGroup }

     ::= { etsysRadiusDynAuthorServerMIBCompliances 1 }

etsysRadiusDynAuthorServerMIBCompliance2 MODULE-COMPLIANCE
     STATUS  current
     DESCRIPTION
         "The compliance statement for Dynamic Authorization
          servers implementing the RADIUS Dynamic Authorization 
          ServerMIB."
     MODULE  -- this module
         MANDATORY-GROUPS { etsysRadiusDynAuthorServerMIBGroup2 }

     ::= { etsysRadiusDynAuthorServerMIBCompliances 2 }

END
