-- Copyright (C) 2015 Aricent. All Rights Reserved.

-- PNAC Proprietary MIB Definition

-- This document explains the proprietary MIB implemented
-- for PNAC product.

-- This proprietary MIB definition, supplements the standard IEEE802.1X
-- MIB and also provides management of certain proprietary features of
-- PNAC.

-- This MIB contains tables used to configure the ports of host running
-- PNAC, for its MAC based authentication operation. Such an
-- authentication method permits the authenticated operation of hosts in
-- shared media LANs.

-- The proprietary MIB definitions follows:


    ARICENT-PNAC-MIB DEFINITIONS ::= BEGIN

    IMPORTS
        MODULE-IDENTITY, OBJECT-TYPE, Counter32, Unsigned32,
        enterprises, Integer32, TimeTicks, Counter64,
        NOTIFICATION-TYPE                        FROM SNMPv2-SMI
        RowStatus, TruthValue, MacAddress,
        TEXTUAL-CONVENTION, DisplayString        FROM SNMPv2-TC
        SnmpAdminString                          FROM SNMP-FRAMEWORK-MIB
        PortList                                 FROM Q-BRIDGE-MIB
        dot1xAuthOperControlledDirections, PaeControlledPortStatus FROM IEEE8021-PAE-MIB
        InterfaceIndex                           FROM IF-MIB;

    fspnac MODULE-IDENTITY
        LAST-UPDATED "202410290000Z"
        ORGANIZATION "ARICENT COMMUNICATIONS SOFTWARE"
        CONTACT-INFO "support@aricent.com"
        DESCRIPTION
            "The proprietary MIB module for PNAC."
        REVISION    "202410290000Z" -- October 29, 2024
        DESCRIPTION "Add:
                     - fsPnacPaeAuthenticationOrder
                     - fsPnacPaeAuthFailNextMethod
                     - fsPnacPaeHostMacAddress
                     - fsPnacPaeMabTimeout"
        REVISION    "202401310000Z" -- January 31, 2024
        DESCRIPTION "Add:
                     - fsPnacPaeGuestVlan
                     - fsPnacPaeAuthFailVlan
                     - fsPnacPaeAuthenticationMethod
                     - fsPnacPaeAuthorizedBy
                     - fsPnacPaeVlanPolicy
                     - fsPnacGuestVlanSupplicant
                     - fsPnacAuthFailEapol
                     - fsPnacAuthSessionAuthenticationMethod
                     - fsPnacAuthSessionAuthorizedBy
                     - fsPnacAuthSessionVlanPolicy"
        REVISION    "202209130000Z" -- September 13, 2022
        DESCRIPTION "Add fsPnacAttributePasswordOverrideType"
        REVISION    "202205270000Z" -- May 27, 2022
        DESCRIPTION "Add fsPnacASUserConfigPasswordType
                     Increased size of fsPnacASUserConfigPassword to 262"
        REVISION    "202112070000Z" -- December 7, 2021
        DESCRIPTION "Add :
            - fsPnacAttributeUsernameFormatGroupSize
            - fsPnacAttributeUsernameFormatGroupSeparator
            - fsPnacAttributeUsernameFormatCase
            - fsPnacAttributePasswordFormatGroupSize
            - fsPnacAttributePasswordFormatGroupSeparator
            - fsPnacAttributePasswordFormatCase
            - fsPnacAttributePasswordOverride"
        REVISION    "202104190000Z" -- April 19, 2021
        DESCRIPTION "Add fsPnacPaeMacAuthBypass and fsPnacAuthorizationServer"
        REVISION "201209050000Z"
        DESCRIPTION
            "The proprietary MIB module for PNAC."
    ::=  { enterprises futuresoftware (2076) 64 }

-- ---------------------------------------------------------- --
-- Textual Conventions
-- ---------------------------------------------------------- --


       AuthenticMethod ::= TEXTUAL-CONVENTION
          STATUS      current
          DESCRIPTION
             "The authentication method is using Remote Authentication
             Server or Local Authentication Server."
          SYNTAX      INTEGER {
                          remoteServer(1),
                          localServer(2)
                      }

       RemoteAuthServerType ::= TEXTUAL-CONVENTION
          STATUS      current
          DESCRIPTION
             "This indicates which remote server is to provide the
              authentication. Currently supported servers are RADIUS
              Server and Terminal Access Controller Access-Control
              System Plus (TACACS+) Server."
          SYNTAX      INTEGER {
                          radiusServer(1),
                          tacacsplusServer(2)
                      }

       PermissionType ::= TEXTUAL-CONVENTION
          STATUS      current
          DESCRIPTION
             "The permission values."
          SYNTAX       INTEGER {
                           allow(1),
                           deny(2)
                       }

-- ------------------------------------------------------------
-- groups in the MIB
-- ------------------------------------------------------------

      fsPnacPaeSystem         OBJECT IDENTIFIER ::= { fspnac 1 }
      fsPnacPaeAuthenticator  OBJECT IDENTIFIER ::= { fspnac 2 }
      fsPnacAuthServer        OBJECT IDENTIFIER ::= { fspnac 3 }
      fsPnacTrapObjects       OBJECT IDENTIFIER ::= { fspnac 4 }
      fsPnacNotifications     OBJECT IDENTIFIER ::= { fspnac 5 }
      fsDPnac                 OBJECT IDENTIFIER ::= { fspnac 6 }

-- ------------------------------------------------------------------

-- ------------------------------------------------------------------
-- Distributed PNAC  Group
-- ------------------------------------------------------------------
    fsDPnacSystemStatus OBJECT-TYPE
           SYNTAX      INTEGER { centralized (1), distributed (2) }
           MAX-ACCESS  read-write
           STATUS      current
           DESCRIPTION
               "This object sets the mode for dot1x. PNAC is enabled,
                when the mode is set as centralized and DPNAC is
                enabled when the mode is set as distributed."
        DEFVAL  { 1 }
        ::= { fsDPnac  1}

    fsDPnacPeriodicSyncTime OBJECT-TYPE
          SYNTAX      Unsigned32 (0..300)
          MAX-ACCESS read-write
          STATUS     current
          DESCRIPTION
              "This object configures the D-PNAC periodic sync timer.
               This periodic sync timer is used to configure the transmission
               interval of D-PNAC periodic-sync PDUs. The configured value of
               this timer is applicable only from the next start/re-start of
               the timer. In master node, this timer expiry is used to identify
               the slave down and remove the slave node information.
               This runs individually in each D-PNAC node.

               If this object is configured with a value of '0', then no
               periodic-sync messages will be sent from that D-PNAC node.

               The periodic sync timer has a period from 0 to 300 seconds,
               configurable in units of seconds."
          DEFVAL { 60 }
        ::= { fsDPnac 2 }

    fsDPnacMaxKeepAliveCount
        OBJECT-TYPE
          SYNTAX       Integer32 (1..5)
          MAX-ACCESS   read-write
          STATUS       current
          DESCRIPTION
               "This object is used to provide keep alive mechanism when D-PNAC
               status is enabled. This is maintained by Master Node.
               The keep alive count of all remote D-PNAC nodes will be incremented
               every time when the periodic-sync timer expires and this resets to
               zero for a particular D-PNAC node only on receiving periodic-sync/
               event-update message from that particular remote D-PNAC node.
               if keep alive count of any of the remote D-PNAC node reaches
               the maximum keep alive count, then that remote D-PNAC node will be
               declared as operationally down/dead."
          DEFVAL { 3 }
          ::= { fsDPnac 3 }

--  D-Pnac Slot Table

      fsDPnacStatsTable OBJECT-TYPE
          SYNTAX      SEQUENCE OF FsDPnacStatsEntry
          MAX-ACCESS  not-accessible
          STATUS      current
          DESCRIPTION
             "This object is a table of statistics information
              for each slot supported by the DPNAC. An entry
              appears in this table for each slot of this system."
          ::= { fsDPnac 4 }

      fsDPnacStatsEntry OBJECT-TYPE
          SYNTAX      FsDPnacStatsEntry
          MAX-ACCESS  not-accessible
          STATUS      current
          DESCRIPTION
             "This object is a table to get the statistics information
              about event update like DPNAC Tx/Rx and
			  periodic DPNAC Tx/Rx based on slot."
          INDEX { fsDPnacSlotNumber }
          ::= { fsDPnacStatsTable 1 }


      FsDPnacStatsEntry ::=
          SEQUENCE {
             fsDPnacSlotNumber
                 Integer32,
             fsDPnacEventUpdateFramesRx
                 Counter32,
             fsDPnacEventUpdateFramesTx
                 Counter32,
             fsDPnacPeriodicFramesTx
                 Counter32,
             fsDPnacPeriodicFramesRx
                 Counter32
          }

      fsDPnacSlotNumber OBJECT-TYPE
           SYNTAX      Integer32 (0..2147483647)
           MAX-ACCESS  not-accessible
           STATUS      current
           DESCRIPTION
               "This object specifies the slot number of the chassis for which the
                configuration entry applies."
           ::= { fsDPnacStatsEntry 1 }

      fsDPnacEventUpdateFramesRx OBJECT-TYPE
           SYNTAX      Counter32
           MAX-ACCESS  read-only
           STATUS      current
           DESCRIPTION
               "This object specifies the number of Event-update
                D-PNAC frames received by the master node."
           ::= { fsDPnacStatsEntry 2 }

      fsDPnacEventUpdateFramesTx OBJECT-TYPE
           SYNTAX      Counter32
           MAX-ACCESS  read-only
           STATUS      current
           DESCRIPTION
               "This object specifies the number of Event-update D-PNAC frames
                transmitted from the slave node."
           ::= { fsDPnacStatsEntry 3 }

      fsDPnacPeriodicFramesTx OBJECT-TYPE
           SYNTAX      Counter32
           MAX-ACCESS  read-only
           STATUS      current
           DESCRIPTION
               "This object specifies the number of periodic D-PNAC frames
                transmitted from the slave node."
           ::= { fsDPnacStatsEntry 4 }

      fsDPnacPeriodicFramesRx OBJECT-TYPE
           SYNTAX      Counter32
           MAX-ACCESS  read-only
           STATUS      current
           DESCRIPTION
               "This object specifies the number of periodic D-PNAC frames
                received by the master node."
           ::= { fsDPnacStatsEntry 5 }


      fsDPnacSlotPortTable OBJECT-TYPE
          SYNTAX SEQUENCE OF FsDPnacSlotPortEntry
          MAX-ACCESS         not-accessible
          STATUS             current
          DESCRIPTION
               "This object is a table which is used to access the port information
                stored in master node for every slave slot including master slot."
          ::= { fsDPnac 5 }

      fsDPnacSlotPortEntry    OBJECT-TYPE
          SYNTAX      FsDPnacSlotPortEntry
          MAX-ACCESS  not-accessible
          STATUS      current
          DESCRIPTION
               "This object specifies an entry which holds the information
                about the port authentication status and controlled direction
                of a port belonging to the slot."
          INDEX { fsDPnacSlotNumber , fsDPnacPortIndex}
          ::= { fsDPnacSlotPortTable 1 }

      FsDPnacSlotPortEntry  ::=
             SEQUENCE {
             fsDPnacPortIndex    InterfaceIndex,
             fsDPnacPortAuthStatus    INTEGER,
             fsDPnacPortControlledDirection INTEGER
          }

      fsDPnacPortIndex   OBJECT-TYPE
          SYNTAX     InterfaceIndex
          MAX-ACCESS not-accessible
          STATUS     current
          DESCRIPTION
               "This object is used to get the ifIndex of each port
               belonging to the slot."
          ::= { fsDPnacSlotPortEntry 1 }

      fsDPnacPortAuthStatus OBJECT-TYPE
         SYNTAX      PaeControlledPortStatus
         MAX-ACCESS  read-only
         STATUS      current
         DESCRIPTION
               "This object displays the authentication status
                of each port belonging to the slot."
         ::= { fsDPnacSlotPortEntry 2 }

      fsDPnacPortControlledDirection OBJECT-TYPE
            SYNTAX      INTEGER {
                          both(0),
                          in(1)
                      }
            MAX-ACCESS    read-only
            STATUS        current
            DESCRIPTION
               "The object specifies the port controlled
                directions parameters for the port belonging to the slot."
            ::= { fsDPnacSlotPortEntry 3 }

-- ------------------------------------------------------------------
-- The Pae System Group
-- ------------------------------------------------------------------

      fsPnacSystemControl OBJECT-TYPE
          SYNTAX      INTEGER {
                        start (1),
                        shutdown (2)
                     }
          MAX-ACCESS  read-write
          STATUS      current
          DESCRIPTION
               "Starts or shutdowns PNAC module in the system.

                When set as 'start', resources required by PNAC
                module are allocated & PNAC module starts running.

                When shutdown, all resources used by PNAC module
                will be released to the system."
           ::= { fsPnacPaeSystem 1 }

      fsPnacTraceOption OBJECT-TYPE
           SYNTAX      Integer32
           MAX-ACCESS  read-write
           STATUS      current
           DESCRIPTION
               "This object is used to enable trace statements in
                Network Access Control Module.

                A four byte integer is used for enabling the level of tracing.
                Each bit in the four byte integer represents a particular
                level of trace.

                The mapping between the bit positions & the level of trace is
                as follows:
                        0 - Init and Shutdown Traces
                        1 - Management Traces
                        2 - Data Path Traces
                        3 - Control Plane Traces
                        4 - Packet Dump Traces
                        5 - Traces related to All Resources except Buffers
                        6 - All Failure Traces
                        7 - Buffer Traces

                The remaining bits are unused. Combinations of levels are
                also allowed.

                For example, if the bits 0 and 1 are set, then the trace
                statements related to Init-Shutdown and management
                will be printed.

              The user has to enter the corresponding integer value for the
                bits set. For example, if bits 0 and 1 are set, then user has to
                give the value 3."
        DEFVAL  { 0 }
        ::= { fsPnacPaeSystem 2 }

      fsPnacAuthenticServer OBJECT-TYPE
          SYNTAX      AuthenticMethod
          MAX-ACCESS  read-write
          STATUS      current
          DESCRIPTION
              "This object is used to configure for the choice of
              local or remote authentication server to be used by
              the authenticator for its authentication services."
           ::= { fsPnacPaeSystem 3 }

      fsPnacNasId OBJECT-TYPE
          SYNTAX      DisplayString(SIZE(0..16))
          MAX-ACCESS  read-write
          STATUS      current
          DESCRIPTION
              "This object is the Network Access Server Identifier
              to be presented before the remote authentication
              server."
          ::= { fsPnacPaeSystem 4 }


-- Pae Port Table extensions


      fsPnacPaePortTable OBJECT-TYPE
          SYNTAX      SEQUENCE OF FsPnacPaePortEntry
          MAX-ACCESS  not-accessible
          STATUS      current
          DESCRIPTION
             "A table of system level information for each port
             supported by the PNAC. An entry appears in this
             table for each port of this system. This table is an
             extension of dot1xPaePortTable of IEEE 802.1x MIB."
          ::= { fsPnacPaeSystem 5 }


      fsPnacPaePortEntry OBJECT-TYPE
          SYNTAX      FsPnacPaePortEntry
          MAX-ACCESS  not-accessible
          STATUS      current
          DESCRIPTION
             "Configuration as port based or MAC based authentication
             and supplicant count on a port. Index to this table is
             same as that of the dot1xPaePortTable, which is the
             InterfaceIndex."
          INDEX { fsPnacPaePortNumber }
          ::= { fsPnacPaePortTable 1 }


      FsPnacPaePortEntry ::=
          SEQUENCE {
             fsPnacPaePortNumber
                 InterfaceIndex,
             fsPnacPaePortAuthMode
                 INTEGER,
             fsPnacPaePortSupplicantCount
                 Counter32,
             fsPnacPaePortUserName
                 DisplayString,
             fsPnacPaePortPassword
                 DisplayString,
             fsPnacPaePortStatus
                 INTEGER,
             fsPnacPaePortStatisticsClear
                 TruthValue,
             fsPnacPaePortAuthStatus
                 INTEGER,
             fsPnacPaeAuthReAuthMax
                Unsigned32,
             fsPnacPaeMacAuthBypass
                TruthValue,
             fsPnacPaeGuestVlan
                Integer32,
             fsPnacPaeAuthFailVlan
                Integer32,
             fsPnacPaeAuthFailMaxAttempts
                Integer32,
             fsPnacPaeAuthenticationMethod
                INTEGER,
             fsPnacPaeAuthorizedBy
                INTEGER,
             fsPnacPaeVlanPolicy
                INTEGER,
             fsPnacPaeAuthenticationOrder
                INTEGER,
             fsPnacPaeAuthFailNextMethod
                TruthValue,
             fsPnacPaeHostMacAddress
                MacAddress,
             fsPnacPaeMabTimeout
                Unsigned32
          }


      fsPnacPaePortNumber OBJECT-TYPE
           SYNTAX      InterfaceIndex
           MAX-ACCESS  not-accessible
           STATUS      current
           DESCRIPTION
               "The port number associated with this port."
           ::= { fsPnacPaePortEntry 1 }


      fsPnacPaePortAuthMode OBJECT-TYPE
           SYNTAX      INTEGER {
                           portBased(1),
                           macBased(2)
                       }
           MAX-ACCESS  read-write
           STATUS      current
           DESCRIPTION
               "Configuration of the port, for Port Based
               Authentication or MAC Based Authentication."
           ::= { fsPnacPaePortEntry 2 }


      fsPnacPaePortSupplicantCount OBJECT-TYPE
           SYNTAX      Counter32
           MAX-ACCESS  read-only
           STATUS      current
           DESCRIPTION
               "Number of supplicants connected in the port."
           ::= { fsPnacPaePortEntry 3 }


      fsPnacPaePortUserName OBJECT-TYPE
           SYNTAX      DisplayString (SIZE(4..63))
           MAX-ACCESS  read-write
           STATUS      current
           DESCRIPTION
               "User name to be used in this port, while operating
               as a supplicant."
           ::= { fsPnacPaePortEntry 4 }


      fsPnacPaePortPassword OBJECT-TYPE
           SYNTAX      DisplayString (SIZE(4..20))
           MAX-ACCESS  read-write
           STATUS      current
           DESCRIPTION
               "User password to be used in this port, while
               operating as a supplicant."
           ::= { fsPnacPaePortEntry 5 }

      fsPnacPaePortStatus OBJECT-TYPE
           SYNTAX      PaeControlledPortStatus
           MAX-ACCESS  read-only
           STATUS      current
           DESCRIPTION
               "The value of the combined port status."
           ::= { fsPnacPaePortEntry 6 }

      fsPnacPaePortStatisticsClear OBJECT-TYPE
          SYNTAX      TruthValue
          MAX-ACCESS  read-write
          STATUS      current
          DESCRIPTION
              "This object specifies the status if the entries in port authenticator statistics
               are to be cleared. If set to true, entries in port
               authenticator statistics are cleared,
               and if set to false, the entries are not cleared."
          DEFVAL { false }
           ::= { fsPnacPaePortEntry 7}

        fsPnacPaePortAuthStatus OBJECT-TYPE
          SYNTAX       INTEGER {
                             enabled(1),
                             disabled(2)
                          }
          MAX-ACCESS  read-write
          STATUS      current
          DESCRIPTION
              "This object indicates if PNAC is enabled/disabled on the port"
          DEFVAL { enabled }
          ::= { fsPnacPaePortEntry 8 }

        fsPnacPaeAuthReAuthMax OBJECT-TYPE
          SYNTAX Unsigned32
          MAX-ACCESS read-write
          STATUS current
          DESCRIPTION
             "The value of the reAuthMax constant currently in use by
             the Authenticator state machine."
          DEFVAL { 2 }
          ::= { fsPnacPaePortEntry 9 }

        fsPnacPaeMacAuthBypass OBJECT-TYPE
          SYNTAX TruthValue
          MAX-ACCESS read-write
          STATUS current
          DESCRIPTION
             "This object indicates if MAC authentication bypass is enabled/disabled on the port"
          DEFVAL { false }
          ::= { fsPnacPaePortEntry 10 }

        fsPnacPaeGuestVlan OBJECT-TYPE
          SYNTAX Integer32 (0..4094)
          MAX-ACCESS read-write
          STATUS current
          DESCRIPTION
                 "The Guest VLAN for this port. Value 0 disables Guest VLAN for this port."
          DEFVAL { 0 }
          ::= { fsPnacPaePortEntry 11 }

        fsPnacPaeAuthFailVlan OBJECT-TYPE
          SYNTAX Integer32 (0..4094)
          MAX-ACCESS read-write
          STATUS current
          DESCRIPTION
             "The Authentication-failed VLAN for this port. Value 0 disables Authentication Fail VLAN for this port."
          DEFVAL { 0 }
          ::= { fsPnacPaePortEntry 12 }

        fsPnacPaeAuthFailMaxAttempts OBJECT-TYPE
          SYNTAX Integer32 (1..3)
          MAX-ACCESS read-write
          STATUS current
          DESCRIPTION
             "The number of failed authentication attempts before authentication is aborted."
          DEFVAL { 1 }
          ::= { fsPnacPaePortEntry 13 }

    fsPnacPaeAuthenticationMethod OBJECT-TYPE
        SYNTAX INTEGER {
                    unknown(1),
                    dot1x(2),
                    macAddressBypass(3)
                }
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION "The authentication method used in the current session."
        ::= { fsPnacPaePortEntry 14 }

    fsPnacPaeAuthorizedBy OBJECT-TYPE
        SYNTAX INTEGER {
                    unknown(1),
                    authenticationServer(2),
                    localDatabase(3),
                    guestVlan(4),
                    authenticationFailureVlan(5)
                }
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION "The entity that authorized access to the network in the current session."
        ::= { fsPnacPaePortEntry 15 }

    fsPnacPaeVlanPolicy OBJECT-TYPE
        SYNTAX Integer32 (0..4094)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION "The Vlan ID this host is authorized for."
        ::= { fsPnacPaePortEntry 16 }

    fsPnacPaeAuthenticationOrder OBJECT-TYPE
        SYNTAX INTEGER {
                           dot1x(1),
                           mab(2),
                           dot1xMab(3),
                           mabDot1x(4)
                       }
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION "The allowed authentication methods for this port and their order."
        DEFVAL { dot1x }
        ::= { fsPnacPaePortEntry 17 }

    fsPnacPaeAuthFailNextMethod OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION "Use the next allowed authentication method when authentication fails.
                    When all authentication methods fail, port will be authorized in auth-fail VLAN if set."
        DEFVAL { false }
        ::= { fsPnacPaePortEntry 18 }

    fsPnacPaeHostMacAddress OBJECT-TYPE
        SYNTAX MacAddress
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION "The MAC address of the host being authenticated in the current session."
        ::= { fsPnacPaePortEntry 19 }

    fsPnacPaeMabTimeout OBJECT-TYPE
        SYNTAX Unsigned32 (1..65535)
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION "The time, in seconds, the authenticator will wait for a MAC address in the 'MAB Acquire' state."
        DEFVAL { 60 }
        ::= { fsPnacPaePortEntry 20 }


-- ------------------------------------------------------------------
-- The Pae System Group again
-- ------------------------------------------------------------------
      fsPnacModuleOperStatus OBJECT-TYPE
            SYNTAX       INTEGER {
                             enabled(1),
                             disabled(2)
                          }
            MAX-ACCESS    read-only
            STATUS        current
            DESCRIPTION
            "This read only objects gives actual status of the PNAC module
            (operational status of module). When module is enabled,
            PNAC protocol starts functioning. When the module is disabled,
            all the dynamically allocated memory will be freed and PNAC
            protocol stops functioning."
            ::= { fsPnacPaeSystem 6 }

      fsPnacRemoteAuthServerType OBJECT-TYPE
          SYNTAX      RemoteAuthServerType
          MAX-ACCESS  read-write
          STATUS      current
          DESCRIPTION
              "This object is used by the authenticator for its
              authentication services, to configure the choice of
              RADIUS or TACACS+ remote authentication servers when
              the authentication method is through a remote server,
              that is, this object can be configured only if
              fsPnacAuthenticServer is set to remote server."
        DEFVAL  { 1 }
        ::= { fsPnacPaeSystem 7 }

      fsPnacAuthorizationServer OBJECT-TYPE
          SYNTAX      INTEGER {
                          none (1),
                          radius (2)
                       }
          MAX-ACCESS  read-write
          STATUS      current
          DESCRIPTION
              "This object is used to configure for the choice of
             local or remote authorization server to be used by
             the authenticator for its authorization services."
          DEFVAL  { 1 }
          ::= { fsPnacPaeSystem 8 }

      fsPnacAttributeUsernameFormatGroupSize OBJECT-TYPE
            SYNTAX Integer32(1 | 2 | 4 | 12)
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "The size of the MAC address group used in the username attribute for MAB requests."
            DEFVAL { 12 }
            ::= { fsPnacPaeSystem 9 }

      fsPnacAttributeUsernameFormatGroupSeparator OBJECT-TYPE
            SYNTAX OCTET STRING (SIZE(1))
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "The MAC address group separator character used in the username attribute for MAB requests."
            DEFVAL { ":" }
            ::= { fsPnacPaeSystem 10 }

      fsPnacAttributeUsernameFormatCase OBJECT-TYPE
            SYNTAX INTEGER  {
                                lowercase (1),
                                uppercase (2)
                            }
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "Whether hexadecimal characters used in the username attribute for MAB requests are
                lowercase or uppercase."
            DEFVAL { lowercase }
            ::= { fsPnacPaeSystem 11 }

      fsPnacAttributePasswordFormatGroupSize OBJECT-TYPE
            SYNTAX Integer32(1 | 2 | 4 | 12)
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "The size of the MAC address group used in the password attribute for MAB requests.
                This object is ignored if the password override object is set."
            DEFVAL { 12 }
            ::= { fsPnacPaeSystem 12 }

      fsPnacAttributePasswordFormatGroupSeparator OBJECT-TYPE
            SYNTAX OCTET STRING (SIZE(1))
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "The MAC address group separator character used in the password attribute for MAB requests.
                This object is ignored if the password override object is set."
            DEFVAL { ":" }
            ::= { fsPnacPaeSystem 13 }

      fsPnacAttributePasswordFormatCase OBJECT-TYPE
            SYNTAX INTEGER  {
                                lowercase (1),
                                uppercase (2)
                            }
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "Whether hexadecimal characters used in the password attribute for MAB requests are
                lowercase or uppercase."
            DEFVAL { lowercase }
            ::= { fsPnacPaeSystem 14 }

      fsPnacAttributePasswordOverride OBJECT-TYPE
            SYNTAX OCTET STRING (SIZE(0..255))
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "This object is used to configure the value of the password attribute for MAB requests."
            DEFVAL { "" }
            ::= { fsPnacPaeSystem 15 }

      fsPnacAttributePasswordOverrideType OBJECT-TYPE
            SYNTAX INTEGER {
                               unencrypted-password (0),
                               type-7 (7)
                           }
            MAX-ACCESS  read-write
            STATUS      current
            DESCRIPTION
                "This is used to indicate how the password override must be interpreted."
            DEFVAL { unencrypted-password }
            ::= { fsPnacPaeSystem 16 }

      fsPnacGuestVlanSupplicant OBJECT-TYPE
            SYNTAX TruthValue
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION "Allow 802.1x supplicants in the guest vlan."
            DEFVAL { false }
            ::= { fsPnacPaeSystem 17 }

      fsPnacAuthFailEapol OBJECT-TYPE
            SYNTAX TruthValue
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION "Send EAPOL-Success on successful auth-fail Authorization."
            DEFVAL { false }
            ::= { fsPnacPaeSystem 18 }

-- ------------------------------------------------------------------
-- The Pae Authenticator Group
-- ------------------------------------------------------------------

-- Authenticator Session Table

      fsPnacAuthSessionTable OBJECT-TYPE
          SYNTAX      SEQUENCE OF FsPnacAuthSessionEntry
          MAX-ACCESS  not-accessible
          STATUS      current
          DESCRIPTION
             "This table contains authentication session information
             associated with each supplicant while authenticator
             operates in MAC based authentication mode."
          ::= { fsPnacPaeAuthenticator 1 }


      fsPnacAuthSessionEntry OBJECT-TYPE
          SYNTAX      FsPnacAuthSessionEntry
          MAX-ACCESS  not-accessible
          STATUS      current
          DESCRIPTION
             "supplicant's MAC address and session ID, states of
             authenticator state machine and backend state machine
             for the session."
          INDEX { fsPnacAuthSessionSuppAddress }
          ::= { fsPnacAuthSessionTable 1 }


      FsPnacAuthSessionEntry ::=
          SEQUENCE {
             fsPnacAuthSessionSuppAddress
                 MacAddress,
             fsPnacAuthSessionIdentifier
                 Integer32,
             fsPnacAuthSessionAuthPaeState
                 INTEGER,
             fsPnacAuthSessionBackendAuthState
                 INTEGER,
             fsPnacAuthSessionPortStatus
                 INTEGER,
             fsPnacAuthSessionPortNumber
                 InterfaceIndex,
             fsPnacAuthSessionInitialize
                 TruthValue,
             fsPnacAuthSessionReauthenticate
                 TruthValue,
             fsPnacAuthSessionAuthenticationMethod
                INTEGER,
             fsPnacAuthSessionAuthorizedBy
                INTEGER,
             fsPnacAuthSessionVlanPolicy
                Integer32
          }

      fsPnacAuthSessionSuppAddress OBJECT-TYPE
           SYNTAX      MacAddress
           MAX-ACCESS  not-accessible
           STATUS      current
           DESCRIPTION
               "MAC address of the supplicant for this session."
           ::= { fsPnacAuthSessionEntry 1 }


      fsPnacAuthSessionIdentifier OBJECT-TYPE
           SYNTAX      Integer32
           MAX-ACCESS  read-only
           STATUS      current
           DESCRIPTION
               "Session identifier of the supplicant for this
               session."
           ::= { fsPnacAuthSessionEntry 2 }


      fsPnacAuthSessionAuthPaeState OBJECT-TYPE
           SYNTAX      INTEGER {
                           initialize(1),
                           disconnected(2),
                           connecting(3),
                           authenticating(4),
                           authenticated(5),
                           aborting(6),
                           held(7),
                           forceAuth(8),
                           forceUnauth(9)
                       }
           MAX-ACCESS  read-only
           STATUS      current
           DESCRIPTION
               "Authenticator state machine's state for this
               session."
           ::= { fsPnacAuthSessionEntry 3 }


      fsPnacAuthSessionBackendAuthState OBJECT-TYPE
           SYNTAX      INTEGER {
                           request(1),
                           response(2),
                           success(3),
                           fail(4),
                           timeout(5),
                           idle(6),
                           initialize(7)
                       }
           MAX-ACCESS  read-only
           STATUS      current
           DESCRIPTION
               "Backend state machine's state for this session."
           ::= { fsPnacAuthSessionEntry 4 }


      fsPnacAuthSessionPortStatus OBJECT-TYPE
           SYNTAX      PaeControlledPortStatus
           MAX-ACCESS  read-only
           STATUS      current
           DESCRIPTION
               "The current value of the controlled port status
               parameter for this session."
           ::= { fsPnacAuthSessionEntry 5 }


      fsPnacAuthSessionPortNumber OBJECT-TYPE
           SYNTAX      InterfaceIndex
           MAX-ACCESS  read-only
           STATUS      current
           DESCRIPTION
               "The port in which this session is proceeding."
           ::= { fsPnacAuthSessionEntry 6 }


      fsPnacAuthSessionInitialize OBJECT-TYPE
           SYNTAX      TruthValue
           MAX-ACCESS  read-write
           STATUS      current
           DESCRIPTION
               "The initialization control for this supplicant MAC
               address. Setting this attribute TRUE causes the
               supplicant session with this MAC address, to be
               initialized. The attribute value reverts to FALSE
               once initialization has completed."
           ::= { fsPnacAuthSessionEntry 7 }


      fsPnacAuthSessionReauthenticate OBJECT-TYPE
           SYNTAX      TruthValue
           MAX-ACCESS  read-write
           STATUS      current
           DESCRIPTION
               "The reauthentication control for this supplicant MAC
               address. Setting this attribute TRUE causes the
               authenticator PAE state machine for this MAC address
               to reauthenticate the supplicant. Setting this
               attribute FALSE has no effect.
               This attribute always returns FALSE when it is read."
           ::= { fsPnacAuthSessionEntry 8 }

    fsPnacAuthSessionAuthenticationMethod OBJECT-TYPE
        SYNTAX INTEGER {
                    unknown(1),
                    dot1x(2),
                    macAddressBypass(3)
                }
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION "The authentication method used in the current session."
        ::= { fsPnacAuthSessionEntry 9 }

    fsPnacAuthSessionAuthorizedBy OBJECT-TYPE
        SYNTAX INTEGER {
                    unknown(1),
                    authenticationServer(2),
                    localDatabase(3),
                    guestVlan(4),
                    authenticationFailureVlan(5)
                }
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION "The entity that authorized access to the network in the current session."
        ::= { fsPnacAuthSessionEntry 10 }

    fsPnacAuthSessionVlanPolicy OBJECT-TYPE
        SYNTAX Integer32 (0..4094)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION "The Vlan ID this host is authorized for."
        ::= { fsPnacAuthSessionEntry 11 }



-- Authenticator Session Statistics Table

      fsPnacAuthSessionStatsTable OBJECT-TYPE
          SYNTAX      SEQUENCE OF FsPnacAuthSessionStatsEntry
          MAX-ACCESS  not-accessible
          STATUS      current
          DESCRIPTION
             "This table contains the session statistics
             for the authenticator PAE associated with each
             supplicant, while authenticator operates in  MAC
             based authentication mode."
          ::= { fsPnacPaeAuthenticator 2 }


      fsPnacAuthSessionStatsEntry OBJECT-TYPE
          SYNTAX      FsPnacAuthSessionStatsEntry
          MAX-ACCESS  not-accessible
          STATUS      current
          DESCRIPTION
             "The session statistics information for an
             authenticator PAE. This shows the current values being
             collected for each session that is still in progress,
             or the final values for the last valid session on each
             port where there is no session currently active."
          INDEX { fsPnacAuthSessionSuppAddress }
          ::= { fsPnacAuthSessionStatsTable 1 }


      FsPnacAuthSessionStatsEntry ::=
          SEQUENCE {
             fsPnacAuthSessionOctetsRx
                 Counter64,
             fsPnacAuthSessionOctetsTx
                 Counter64,
             fsPnacAuthSessionFramesRx
                 Counter32,
             fsPnacAuthSessionFramesTx
                 Counter32,
             fsPnacAuthSessionId
                 SnmpAdminString,
             fsPnacAuthSessionAuthenticMethod
                 INTEGER,
             fsPnacAuthSessionTime
                 TimeTicks,
             fsPnacAuthSessionTerminateCause
                 INTEGER,
             fsPnacAuthSessionUserName
                 SnmpAdminString,
             fsPnacAuthSessionStatisticsClear
          	    TruthValue
          }


      fsPnacAuthSessionOctetsRx OBJECT-TYPE
           SYNTAX      Counter64
           MAX-ACCESS  read-only
           STATUS      current
           DESCRIPTION
               "Counts number of session octets received."
           ::= { fsPnacAuthSessionStatsEntry 1 }


      fsPnacAuthSessionOctetsTx OBJECT-TYPE
           SYNTAX      Counter64
           MAX-ACCESS  read-only
           STATUS      current
           DESCRIPTION
               "Counts number of session octets transmitted."
           ::= { fsPnacAuthSessionStatsEntry 2 }


      fsPnacAuthSessionFramesRx OBJECT-TYPE
           SYNTAX      Counter32
           MAX-ACCESS  read-only
           STATUS      current
           DESCRIPTION
               "Counts number of session frames received."
           ::= { fsPnacAuthSessionStatsEntry 3 }


      fsPnacAuthSessionFramesTx OBJECT-TYPE
           SYNTAX      Counter32
           MAX-ACCESS  read-only
           STATUS      current
           DESCRIPTION
               "Counts number of session frames transmitted."
           ::= { fsPnacAuthSessionStatsEntry 4 }


      fsPnacAuthSessionId OBJECT-TYPE
           SYNTAX      SnmpAdminString
           MAX-ACCESS  read-only
           STATUS      current
           DESCRIPTION
               "A unique session identifier, in the form of a
               printable ASCII string of at least three characters."
           ::= { fsPnacAuthSessionStatsEntry 5 }


      fsPnacAuthSessionAuthenticMethod OBJECT-TYPE
           SYNTAX      INTEGER {
                           remoteAuthServer(1),
                           localAuthServer(2)
                       }
           MAX-ACCESS  read-only
           STATUS      current
           DESCRIPTION
               "Authentication method used to establish the
               session."
           ::= { fsPnacAuthSessionStatsEntry 6 }


      fsPnacAuthSessionTime OBJECT-TYPE
           SYNTAX      TimeTicks
           MAX-ACCESS  read-only
           STATUS      current
           DESCRIPTION
               "Duration of the session in seconds."
           ::= { fsPnacAuthSessionStatsEntry 7 }


      fsPnacAuthSessionTerminateCause OBJECT-TYPE
           SYNTAX      INTEGER {
                           supplicantLogoff(1),
                           portFailure(2),
                           supplicantRestart(3),
                           reauthFailed(4),
                           authControlForceUnauth(5),
                           portReInit(6),
                           portAdminDisabled(7),
                           notTerminatedYet(999)
                       }
           MAX-ACCESS  read-only
           STATUS      current
           DESCRIPTION
               "Reason for the session termination."
           ::= { fsPnacAuthSessionStatsEntry 8 }


      fsPnacAuthSessionUserName OBJECT-TYPE
           SYNTAX      SnmpAdminString
           MAX-ACCESS  read-only
           STATUS      current
           DESCRIPTION
               "User name representing the identity of the
               supplicant PAE."
           ::= { fsPnacAuthSessionStatsEntry 9 }

      fsPnacAuthSessionStatisticsClear OBJECT-TYPE
          SYNTAX      TruthValue
          MAX-ACCESS  read-write
          STATUS      current
          DESCRIPTION
              "This object specify the statusif the entries in authenticator session
               statistics are to be cleared. If set to true, the entries
               in authenticator session statistics are cleared,
               and if set to false, the entries are not cleared."
          DEFVAL { false }
           ::= { fsPnacAuthSessionStatsEntry 10 }

-- ------------------------------------------------------------------
-- The Authentication Server Group
-- ------------------------------------------------------------------

-- PNAC Local Authentication Server User Configuration Table

      fsPnacASUserConfigTable OBJECT-TYPE
          SYNTAX      SEQUENCE OF FsPnacASUserConfigEntry
          MAX-ACCESS  not-accessible
          STATUS      current
          DESCRIPTION
             "This table contains authentication related user
             configuration information maintained by PNAC
             local authentication server."
          ::= { fsPnacAuthServer 1 }


      fsPnacASUserConfigEntry OBJECT-TYPE
          SYNTAX      FsPnacASUserConfigEntry
          MAX-ACCESS  not-accessible
          STATUS      current
          DESCRIPTION
             "Each entry contains User name, Password, Authentication
             protocol used, Authenticated session timeout and Access
             ports list of the user seeking authentication."
          INDEX { fsPnacASUserConfigUserName }
          ::= { fsPnacASUserConfigTable 1 }


      FsPnacASUserConfigEntry ::=
          SEQUENCE {
             fsPnacASUserConfigUserName
                 OCTET STRING,
             fsPnacASUserConfigPassword
                 DisplayString,
             fsPnacASUserConfigAuthProtocol
                 Unsigned32,
             fsPnacASUserConfigAuthTimeout
                 Unsigned32,
             fsPnacASUserConfigPortList
                 PortList,
             fsPnacASUserConfigPermission
                 PermissionType,
             fsPnacASUserConfigRowStatus
                 RowStatus,
             fsPnacASUserConfigPasswordType
                 INTEGER
          }


      fsPnacASUserConfigUserName OBJECT-TYPE
           SYNTAX      OCTET STRING (SIZE(0..115))
           MAX-ACCESS  not-accessible 
           STATUS      current 
           DESCRIPTION 
               "Identity of the user seeking authentication. A string 
               of not more than 20 printable characters." 
           ::= { fsPnacASUserConfigEntry 1 } 
 
 
      fsPnacASUserConfigPassword OBJECT-TYPE 
           SYNTAX      DisplayString (SIZE(1..262))
           MAX-ACCESS  read-write 
           STATUS      current 
           DESCRIPTION 
               "The secret password of the user. A string of not 
               more than 20 printable characters.
           
               When read, this always returns a String 
               of length zero."
           ::= { fsPnacASUserConfigEntry 2 } 
 
            
      fsPnacASUserConfigAuthProtocol OBJECT-TYPE 
           SYNTAX      Unsigned32 
           MAX-ACCESS  read-only 
           STATUS      current 
           DESCRIPTION 
               "The authentication protocol supported for the user."
           ::= { fsPnacASUserConfigEntry 3 } 
 
  
      fsPnacASUserConfigAuthTimeout OBJECT-TYPE 
           SYNTAX      Unsigned32 
           MAX-ACCESS  read-write 
           STATUS      current 
           DESCRIPTION 
               "The time in seconds after which the authentication  
               offered to the user ceases. Maximum value of the 
               object can be 7200 seconds. When the object value 
               is 0, the ReAuthPeriod of the authenticator port is 
               used by authenticator." 
           ::= { fsPnacASUserConfigEntry 4 } 
 
 
      fsPnacASUserConfigPortList OBJECT-TYPE 
            SYNTAX     PortList 
            MAX-ACCESS read-write 
            STATUS     current 
            DESCRIPTION 
                "The complete set of ports of authenticator to 
                which the user is allowed or denied access, on the 
                basis of setting of 'fsPnacASUserConfigPermission'  
                object." 
            ::= { fsPnacASUserConfigEntry 5 } 
 
 
       fsPnacASUserConfigPermission OBJECT-TYPE 
            SYNTAX      PermissionType 
            MAX-ACCESS  read-write 
            STATUS      current 
            DESCRIPTION 
                "For the set of ports indicated by  
                'fsPnacASUserConfigPortList' object, the user is 
                allowed access when this object is set 'allow' and  
                is denied access when this object is set 'deny'." 
            ::= { fsPnacASUserConfigEntry 6 } 
      
 
      fsPnacASUserConfigRowStatus OBJECT-TYPE 
           SYNTAX      RowStatus 
           MAX-ACCESS  read-create 
           STATUS      current 
           DESCRIPTION 
               "The row status of this entry."
           ::= { fsPnacASUserConfigEntry 7 }


      fsPnacASUserConfigPasswordType OBJECT-TYPE
            SYNTAX      INTEGER {
                                unencrypted-password (0),
                                type-7 (7)
                            }
            MAX-ACCESS  read-write
            STATUS      current
            DESCRIPTION
                "This is used to indicate how the password must be interpreted."
            DEFVAL { unencrypted-password }
            ::= { fsPnacASUserConfigEntry 8 }
 
-- ------------------------------------------------------------------ 
-- Trap objects Group  
-- ------------------------------------------------------------------ 
 
-- PNAC MAC session trap object table 
 
      fsPnacTrapAuthSessionTable OBJECT-TYPE 
          SYNTAX      SEQUENCE OF FsPnacTrapAuthSessionEntry 
          MAX-ACCESS  not-accessible 
          STATUS      current 
          DESCRIPTION 
             "This table contains auth session status information
             to be sent in trap notifications."
          ::= { fsPnacTrapObjects 1 } 
 
      fsPnacTrapAuthSessionEntry OBJECT-TYPE 
          SYNTAX      FsPnacTrapAuthSessionEntry 
          MAX-ACCESS  not-accessible 
          STATUS      current 
          DESCRIPTION 
             "The session statistics information for an 
             authenticator PAE. This shows the current values being 
             collected for each session that is still in progress, 
             or the final values for the last valid session on each 
             port where there is no session currently active." 
          AUGMENTS { fsPnacAuthSessionEntry } 
          ::= { fsPnacTrapAuthSessionTable 1 } 
 
      FsPnacTrapAuthSessionEntry ::= 
          SEQUENCE { 
             fsPnacTrapAuthSessionStatus 
                 INTEGER
      }
  
      fsPnacTrapAuthSessionStatus OBJECT-TYPE 
           SYNTAX      INTEGER { 
                           createFailed(1), 
                           deleteFailed(2), 
                           entryPresent(3) 
                       } 
           MAX-ACCESS  read-only 
           STATUS      current 
           DESCRIPTION 
               "Status of the MAC Auth session." 
           ::= { fsPnacTrapAuthSessionEntry 1 } 
 
 
-- ------------------------------------------------- 
 
-- Notifications

    fsPnacHwFailureTrap OBJECT IDENTIFIER ::= { fsPnacNotifications 0 }

    fsPnacPortBasedHwFailureTrap NOTIFICATION-TYPE
        OBJECTS { 
                  fsPnacPaePortStatus,
                  dot1xAuthOperControlledDirections 
                }
        STATUS      current
        DESCRIPTION
             "This notification is generated whenever a hardware operation for port
              based authentication is  failed. The information that are returned 
              are 1. Port Authorization Status, 2. Port Oper Control Direction."
           ::= { fsPnacHwFailureTrap 1 }

    fsPnacMacBasedHwFailureTrap NOTIFICATION-TYPE
        OBJECTS { 
                  fsPnacAuthSessionPortNumber,
                  fsPnacAuthSessionPortStatus,
                  fsPnacTrapAuthSessionStatus
                }
        STATUS      current
        DESCRIPTION
             "This notification is generated whenever a hardware operation for
              port based authentication is failed. The information that are 
              returned are 1. Port Number, 2. MAC Authorization Status, 
              3. MAC entry status."
           ::= { fsPnacHwFailureTrap 2 }

 END
