-- ################################################################################

ENTERASYS-RADIUS-DYNAMIC-AUTHOR-SERVER-EXT-MIB DEFINITIONS ::= BEGIN

--
--  Part Number:
--
--

--  This module provides authoritative definitions for Extreme
--  Network's RADIUS Dynamic Authorization Server MIB.

--
--  This module will be extended, as needed.

--  Extreme Networks reserves the right to make changes in this
--  specification and other information contained in this document
--  without prior notice.  The reader should consult Extreme Networks
--  to determine whether any such changes have been made.
--
--  In no event shall Extreme Networks be liable for any incidental,
--  indirect, special, or consequential damages whatsoever (including
--  but not limited to lost profits) arising out of or related to this
--  document or the information contained in it, even if Extreme
--  Networks has been advised of, known, or should have known, the
--  possibility of such damages.
--
--  Extreme Networks grants vendors, end-users, and other interested
--  parties a non-exclusive license to use this Specification in
--  connection with the management of Extreme Networks products.

--  Copyright April, 2016 Extreme Networks, Inc.

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE          FROM SNMPv2-SMI
    Integer32                             FROM SNMPv2-SMI
    MODULE-COMPLIANCE, OBJECT-GROUP       FROM SNMPv2-CONF
    TruthValue, RowStatus                 FROM SNMPv2-TC
    InetAddressType, InetAddress          FROM INET-ADDRESS-MIB
    etsysModules                          FROM ENTERASYS-MIB-NAMES;

etsysRadiusDynAuthorServerMIB MODULE-IDENTITY
    LAST-UPDATED "201605181406Z"  -- Wed May 18 14:06 UTC 2016
    ORGANIZATION "Extreme Networks"
    CONTACT-INFO
        "Postal:  Extreme Networks, Inc.
                  145 Rio Robles
                  San Jose, CA 95134 USA

         Phone:   +1 408 579-2800
         E-mail:  support@extremenetworks.com
         WWW:     http://www.extremenetworks.com"

    DESCRIPTION
        "This MIB module defines a portion of the SNMP enterprise
         MIBs under Enterasys Networks' enterprise OID pertaining to
         the server side of the Remote Access Dialin User Service
         (RADIUS) Dynamic Authorization protocol (RFC5176).

         This MIB provides read-write access to configuration objects
         not provided in the standard RADIUS Dynamic Authorization
         MIB (RFC4673).  However, the write capability must only
         be supported for SNMPv3, or other SNMP versions with
         adequately strong security.

         Security concerns include Object ID verification, source
         address verification and timeliness verification."

    REVISION  "201605181406Z"  -- Wed May 18 14:06 UTC 2016
    DESCRIPTION
        "Addition of server client IP addresses and server
         virtual router configuration.

         Updated the CONTACT-INFO clause."

    REVISION "201112191324Z"  -- Mon Dec 19 13:24 UTC 2011
    DESCRIPTION
        "The initial version of this MIB module."

    ::= { etsysModules 80 }


-- ------------------------------------
-- MIB Objects
-- ------------------------------------

etsysRadiusDynAuthorServerMIBObjects
        OBJECT IDENTIFIER ::= { etsysRadiusDynAuthorServerMIB 1 }

etsysRadiusDynAuthorServerEnable OBJECT-TYPE
    SYNTAX         INTEGER {
        enable(1),
        disable(2)
    }
    MAX-ACCESS     read-write
    STATUS         current
    DESCRIPTION
        "This object indicates whether or not RADIUS Dynamic Authorization
         is enabled or disabled. This parameter value MUST be maintained
         across system reboots."
    DEFVAL { disable }
    ::= { etsysRadiusDynAuthorServerMIBObjects 1 }

etsysRadiusDynAuthorServerClientTable OBJECT-TYPE
    SYNTAX         SEQUENCE OF EtsysRadiusDynAuthorServerClientEntry
    MAX-ACCESS     not-accessible
    STATUS         current
    DESCRIPTION
        "The (conceptual) table listing the RADIUS Accounting
         servers."
    ::= { etsysRadiusDynAuthorServerMIBObjects 2 }

etsysRadiusDynAuthorServerClientEntry OBJECT-TYPE
    SYNTAX         EtsysRadiusDynAuthorServerClientEntry
    MAX-ACCESS     not-accessible
    STATUS         current
    DESCRIPTION
        "An entry (conceptual row) representing a RADIUS
         dynamic authorization server with which the server shares
         a secret. If RADIUS dynamic authorization is not enabled, this
         table is ignored.

         All created conceptual rows are non-volatile and as such
         MUST be maintained upon restart of the agent."
    INDEX      { etsysRadiusDynAuthorServerClientIndex }
    ::= { etsysRadiusDynAuthorServerClientTable 1 }

EtsysRadiusDynAuthorServerClientEntry ::=
    SEQUENCE {
        etsysRadiusDynAuthorServerClientIndex
            Integer32,
        etsysRadiusDynAuthorServerClientAddressType
            InetAddressType,
        etsysRadiusDynAuthorServerClientAddress
            InetAddress,
        etsysRadiusDynAuthorServerClientSecret
            OCTET STRING,
        etsysRadiusDynAuthorServerClientSecretEntered
            TruthValue,
        etsysRadiusDynAuthorServerClientStatus
            RowStatus,
        etsysRadiusDynAuthorClientServerClientAddressType
            InetAddressType,
        etsysRadiusDynAuthorClientServerClientAddress
            InetAddress,
        etsysRadiusDynAuthorClientServerClientVirtualRouterName
            OCTET STRING
}

etsysRadiusDynAuthorServerClientIndex OBJECT-TYPE
    SYNTAX         Integer32 (1..2147483647)
    MAX-ACCESS     not-accessible
    STATUS         current
    DESCRIPTION
        "A number uniquely identifying each conceptual row
         in the etsysRadiusDynAuthorServerClientTable.

         In the event of an agent restart, the same value
         of etsysRadiusDynAuthorServerClientIndex MUST be used to
         identify each conceptual row in
         etsysRadiusDynAuthorServerClientTable as was used prior
         to the restart."
    ::= { etsysRadiusDynAuthorServerClientEntry 1 }

etsysRadiusDynAuthorServerClientAddressType OBJECT-TYPE
    SYNTAX         InetAddressType
    MAX-ACCESS     read-create
    STATUS         current
    DESCRIPTION
        "The type of Internet address by which the
         RADIUS Dynamic Authorization Client is reachable."
    DEFVAL { ipv4 }
    ::= { etsysRadiusDynAuthorServerClientEntry 2 }

etsysRadiusDynAuthorServerClientAddress OBJECT-TYPE
    SYNTAX         InetAddress (SIZE(1..64))
    MAX-ACCESS     read-create
    STATUS         current
    DESCRIPTION
        "The Internet address for the RADIUS Dynamic Authorization
         Client.  Note that implementations MUST limit
         themselves to a single entry in this table per
         reachable server.

         The etsysRadiusDynAuthorServerClientAddress may not be
         empty due to the SIZE restriction.  Also the size
         of a DNS name is limited to 64 characters.

         This parameter value is maintained across system
         reboots."
    ::= { etsysRadiusDynAuthorServerClientEntry 3 }

etsysRadiusDynAuthorServerClientSecret  OBJECT-TYPE
    SYNTAX         OCTET STRING (SIZE(0..255))
    MAX-ACCESS     read-create
    STATUS         current
    DESCRIPTION
        "This object is the secret shared between the RADIUS
         Dynamic Authorization client and RADIUS server.  This
         parameter value is maintained across system reboots.
         While the 'official' MAX-ACCESS for this object is
         read-create, all implementations MUST return an
         empty string on a read."
    DEFVAL { ''H }    -- the empty string
    ::= { etsysRadiusDynAuthorServerClientEntry 4 }

etsysRadiusDynAuthorServerClientSecretEntered  OBJECT-TYPE
    SYNTAX         TruthValue
    MAX-ACCESS     read-only
    STATUS         current
    DESCRIPTION
        "true(1)  - Indicates that etsysRadiusDynAuthorServerClientSecret
                    was last set with some value other than the empty
                    string.

         false(2) - Indicates that etsysRadiusDynAuthorServerClientSecret
                    has never been set, or was last set to the empty
                    string."
    ::= { etsysRadiusDynAuthorServerClientEntry 5 }

etsysRadiusDynAuthorServerClientStatus OBJECT-TYPE
    SYNTAX         RowStatus
    MAX-ACCESS     read-create
    STATUS         current
    DESCRIPTION
        "Lets users create and delete RADIUS Dynamic Authorization
         client entries on systems that support this capability.

         Rules

            1. When creating a RADIUS Dynamic Authorization Client,
               it is up to the management station to determine a
               suitable etsysRadiusDynAuthorServerClientIndex.
               To facilitate interoperability, agents SHOULD not
               put any restrictions on the
               etsysRadiusDynAuthorServerClientIndex beyond the
               obvious ones that it be valid and unused.

            2. Before a new row can become 'active', values
               must be supplied for the columnar objects
               etsysRadiusDynAuthorServerClientAddress,
               etsysRadiusDynAuthorServerClientSecret,
               etsysRadiusDynAuthorServerClientAddress, and
               etsysRadiusDynAuthorClientServerClientVirtualRouterName.

            3. The value of etsysRadiusDynAuthorServerClientStatus
               must be set to 'notInService' in order to modify
               a writable object in the same conceptual row.

            4. etsysRadiusDynAuthorServerClient entries whose
               status is 'notReady' or 'notInService' will
               not be used for Dynamic Authorization."
    ::= { etsysRadiusDynAuthorServerClientEntry 6 }

etsysRadiusDynAuthorClientServerClientAddressType OBJECT-TYPE
    SYNTAX         InetAddressType
    MAX-ACCESS     read-create
    STATUS         current
    DESCRIPTION
        "This object specifies how etsysRadiusDynAuthorServerClientAddressType
         is encoded.  Support for all possible enumerations defined by
         InetAddressType is NOT REQUIRED."
    DEFVAL { ipv4 }
    ::= { etsysRadiusDynAuthorServerClientEntry 7 }

etsysRadiusDynAuthorClientServerClientAddress OBJECT-TYPE
    SYNTAX         InetAddress (SIZE(1..64))
    MAX-ACCESS     read-create
    STATUS         current
    DESCRIPTION
        "The encoded unicast IP address of a local system interface.
         RADIUS Dynamic Authorization responses will be sent from
         this address."
    ::= { etsysRadiusDynAuthorServerClientEntry 8 }

etsysRadiusDynAuthorClientServerClientVirtualRouterName OBJECT-TYPE
    SYNTAX         OCTET STRING (SIZE(0..32))
    MAX-ACCESS     read-create
    STATUS         current
    DESCRIPTION
        "The name of the local system virtual router that traffic
         sent to this RADIUS Dynamic Authorization
         server should be associated with.

         Writing this object with a zero length string clears the
         virtual router name for this server."
    ::= { etsysRadiusDynAuthorServerClientEntry 9 }

-- ------------------------------------
-- Conformance information
-- ------------------------------------

etsysRadiusDynAuthorServerMIBConformance
       OBJECT IDENTIFIER ::= { etsysRadiusDynAuthorServerMIB 2 }

etsysRadiusDynAuthorServerMIBCompliances
       OBJECT IDENTIFIER ::= { etsysRadiusDynAuthorServerMIBConformance 1 }

etsysRadiusDynAuthorServerMIBGroups
       OBJECT IDENTIFIER ::= { etsysRadiusDynAuthorServerMIBConformance 2 }


-- ------------------------------------
-- Units of conformance
-- ------------------------------------

etsysRadiusDynAuthorServerMIBGroup OBJECT-GROUP
     OBJECTS { etsysRadiusDynAuthorServerEnable,
               etsysRadiusDynAuthorServerClientAddressType,
               etsysRadiusDynAuthorServerClientAddress,
               etsysRadiusDynAuthorServerClientSecret,
               etsysRadiusDynAuthorServerClientSecretEntered,
               etsysRadiusDynAuthorServerClientStatus
             }
     STATUS  deprecated
     DESCRIPTION
         "The basic collection of objects providing a proprietary
          extension to the standard RADIUS Dynamic Authorization MIB.

          This MIB provides read-write access to configuration
          objects not provided in the standard RADIUS Dynamic Authorization
          MIB (RFC4763).  However, the write capability must only
          be supported for SNMPv3, or other SNMP versions with
          adequately strong security."
     ::= { etsysRadiusDynAuthorServerMIBGroups 1 }

etsysRadiusDynAuthorServerMIBGroup2 OBJECT-GROUP
     OBJECTS { etsysRadiusDynAuthorServerEnable,
               etsysRadiusDynAuthorServerClientAddressType,
               etsysRadiusDynAuthorServerClientAddress,
               etsysRadiusDynAuthorServerClientSecret,
               etsysRadiusDynAuthorServerClientSecretEntered,
               etsysRadiusDynAuthorServerClientStatus,
               etsysRadiusDynAuthorClientServerClientAddressType,
               etsysRadiusDynAuthorClientServerClientAddress,
               etsysRadiusDynAuthorClientServerClientVirtualRouterName
             }
     STATUS  current
     DESCRIPTION
         "The basic collection of objects providing a proprietary
          extension to the standard RADIUS Dynamic Authorization MIB.

          This MIB provides read-write access to configuration
          objects not provided in the standard RADIUS Dynamic Authorization
          MIB (RFC4763).  However, the write capability must only
          be supported for SNMPv3, or other SNMP versions with
          adequately strong security."
     ::= { etsysRadiusDynAuthorServerMIBGroups 2 }

-- ------------------------------------
-- Compliance statements
-- ------------------------------------

etsysRadiusDynAuthorServerMIBCompliance MODULE-COMPLIANCE
     STATUS  deprecated
     DESCRIPTION
         "The compliance statement for Dynamic Authorization
          servers implementing the RADIUS Dynamic Authorization
          ServerMIB."
     MODULE  -- this module
         MANDATORY-GROUPS { etsysRadiusDynAuthorServerMIBGroup }

     ::= { etsysRadiusDynAuthorServerMIBCompliances 1 }

etsysRadiusDynAuthorServerMIBCompliance2 MODULE-COMPLIANCE
     STATUS  current
     DESCRIPTION
         "The compliance statement for Dynamic Authorization
          servers implementing the RADIUS Dynamic Authorization
          ServerMIB."
     MODULE  -- this module
         MANDATORY-GROUPS { etsysRadiusDynAuthorServerMIBGroup2 }

     ::= { etsysRadiusDynAuthorServerMIBCompliances 2 }

END
