ENTERASYS-RADIUS-SNOOPING-MIB DEFINITIONS ::= BEGIN

--  enterasys-radius-snooping-mib.txt
--
--  Part Number:
--
--

--  This module provides authoritative definitions for Enterasys 
--  Networks' RADIUS Snooping functionality.

--
--  This module will be extended, as needed.

--  Enterasys Networks reserves the right to make changes in this
--  specification and other information contained in this document
--  without prior notice.  The reader should consult Enterasys Networks
--  to determine whether any such changes have been made.
--
--  In no event shall Enterasys Networks be liable for any incidental,
--  indirect, special, or consequential damages whatsoever (including
--  but not limited to lost profits) arising out of or related to this
--  document or the information contained in it, even if Enterasys
--  Networks has been advised of, known, or should have known, the
--  possibility of such damages.
--
--  Enterasys Networks grants vendors, end-users, and other interested
--  parties a non-exclusive license to use this Specification in 
--  connection with the management of Enterasys Networks products.

--  Copyright February 2008 Enterasys Networks, Inc.

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, Unsigned32
        FROM SNMPv2-SMI
    EnabledStatus
        FROM P-BRIDGE-MIB
    MacAddress, TruthValue
        FROM SNMPv2-TC
    SnmpAdminString
        FROM SNMP-FRAMEWORK-MIB
    etsysModules
        FROM ENTERASYS-MIB-NAMES;

etsysRadiusSnoopingMIB MODULE-IDENTITY
    LAST-UPDATED "200911041913Z"  -- Wed Nov  4 19:13 UTC 2009
    ORGANIZATION "Enterasys Networks, Inc"
    CONTACT-INFO
        "Postal:  Enterasys Networks
                  50 Minuteman Rd.
                  Andover, MA 01810-1008
                  USA
         Phone:   +1 978 684 1000
         E-mail:  support@enterasys.com
         WWW:     http://www.enterasys.com"

    DESCRIPTION
        "This MIB module defines a portion of the SNMP MIB under
         the Enterasys Networks enterprise OID pertaining to 
         configuration of RADIUS Snooping on a device."

    REVISION    "200911041913Z"  -- Wed Nov  4 19:13 UTC 2009
    DESCRIPTION "Added the following objects:
                 etsysRadiusSnoopingFlowUnsupportedReqPackets
                 etsysRadiusSnoopingFlowUnsupportedRspPackets"

    REVISION    "200802051651Z"  -- Tue Feb  5 16:51 UTC 2008
    DESCRIPTION "The initial version of this MIB module."

    ::= { etsysModules 62 }

-- -------------------------------------------------------------
-- MIB Objects
-- -------------------------------------------------------------

etsysRadiusSnoopingObjects
        OBJECT IDENTIFIER ::= { etsysRadiusSnoopingMIB 1 }

etsysRadiusSnoopingSystem
        OBJECT IDENTIFIER ::= { etsysRadiusSnoopingObjects 1 }

etsysRadiusSnoopingPort
        OBJECT IDENTIFIER ::= { etsysRadiusSnoopingObjects 2 }

etsysRadiusSnoopingSession
        OBJECT IDENTIFIER ::= { etsysRadiusSnoopingObjects 3 }

etsysRadiusSnoopingFlow
        OBJECT IDENTIFIER ::= { etsysRadiusSnoopingObjects 4 }

-- -------------------------------------------------------------
-- etsysRadiusSnoopingSystemGroup
-- -------------------------------------------------------------

etsysRadiusSnoopingSystemEnable OBJECT-TYPE
    SYNTAX      EnabledStatus
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When enabled(1), all objects in this MIB are fully active.
         When disabled(2), this object overrides all other object
         settings in this MIB without affecting their values.  Maintaining 
         the value of this object across agent reboots is REQUIRED."
    DEFVAL { disabled }
    ::= { etsysRadiusSnoopingSystemGroup 1 }

etsysRadiusSnoopingSystemTimeout OBJECT-TYPE
    SYNTAX         Integer32 (1..60)
    UNITS          "seconds"
    MAX-ACCESS     read-write
    STATUS         current
    DESCRIPTION
        "The number of seconds to wait for a RADIUS Server to respond to
         a RADIUS Snooping detected RADIUS request.  Maintaining the value 
         of this object across agent reboots is REQUIRED."
    DEFVAL { 20 }
    ::= { etsysRadiusSnoopingSystemGroup 2 }

etsysRadiusSnoopingSystemConfiguredFlows OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The current number of configured flows in the 
         etsysRadiusSnoopFlowTable"
    ::= { etsysRadiusSnoopingSystemGroup 3 }

etsysRadiusSnoopingSystemActiveSessions OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The current number of active sessions in the 
         etsysRadiusSnoopFlowTable"
    ::= { etsysRadiusSnoopingSystemGroup 4 }

-- -------------------------------------------------------------
-- etsysRadiusSnoopingPortGroup
-- -------------------------------------------------------------

etsysRadiusSnoopingPortTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EtsysRadiusSnoopingPortEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table containing configuration objects for each RADIUS
         snooping port. The configuration for
         each port in this table must be non-volatile."
    ::= { etsysRadiusSnoopingPortGroup 1 }

etsysRadiusSnoopingPortEntry OBJECT-TYPE
    SYNTAX      EtsysRadiusSnoopingPortEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each conceptual row provides control over all of the
         initial values used by each RADIUS Snooping session on
         this port. Subsequent changes to rows in this table,
         except where noted, have no effect on existing sessions
         authenticated by RADIUS Snooping on this port."
    INDEX { etsysRadiusSnoopingPortIndex }
    ::= { etsysRadiusSnoopingPortTable 1 }

EtsysRadiusSnoopingPortEntry ::=
SEQUENCE {
         etsysRadiusSnoopingPortIndex                    InterfaceIndex,
         etsysRadiusSnoopingPortEnable                   EnabledStatus,
         etsysRadiusSnoopingPortTimeout                  Integer32,
         etsysRadiusSnoopingPortInitialize               TruthValue,
         etsysRadiusSnoopingPortDrop                     EnabledStatus,
         etsysRadiusSnoopingPortAuthenticationsAllocated Unsigned32,
         etsysRadiusSnoopingPortAuthenticationsAllowed   Unsigned32
      }

etsysRadiusSnoopingPortIndex OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This is the InterfaceIndex associated with this row."
    ::= { etsysRadiusSnoopingPortEntry 1 }

etsysRadiusSnoopingPortEnable OBJECT-TYPE
    SYNTAX      EnabledStatus
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When set to enabled(1), a platform dependent triggering
         mechanism initiates the detection of RADIUS traffic
         sent by edge devices.  These RADIUS requests in conjuntion
         with their respective responses allow for RADIUS Snooping
         to process these sessions.
         
         When disabled(2), RADIUS Snooping detection is disabled
         and all currently authenticated sessions or those in
         the process of authentication on this port are terminated.

         Maintaining the value of this object across agent reboots 
         is REQUIRED."
    DEFVAL { disabled }
    ::= { etsysRadiusSnoopingPortEntry 2 }

etsysRadiusSnoopingPortTimeout OBJECT-TYPE
    SYNTAX         Integer32 (0..60)
    UNITS          "seconds"
    MAX-ACCESS     read-write
    STATUS         current
    DESCRIPTION
        "The number of seconds to wait for a RADIUS Server to respond to
         a RADIUS Snooping detected RADIUS request.  If the value 
         of this variable is 0 then the system setting in
         etsysRadiusSnoopingSystemTimeout will be used.  Maintaining the value 
         of this object across agent reboots is REQUIRED."
    DEFVAL { 20 }
    ::= { etsysRadiusSnoopingPortEntry 3 }

etsysRadiusSnoopingPortInitialize OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When set to true(1), the RADIUS Snooping logic on this
         port is initialized, forcibly ending all RADIUS Snooping
         sessions currently in existence on this port.  A set with
         the value false(2) has no affect and a read always returns
         false."
    ::= { etsysRadiusSnoopingPortEntry 4 }

etsysRadiusSnoopingPortDrop OBJECT-TYPE
    SYNTAX      EnabledStatus
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When set to enabled(1), a platform dependent triggering
         mechanism initiates the potential dropping of RADIUS traffic
         under specific error conditions to maintain session consistency
         accross network devices.
         
         When disabled(2), RADIUS Snooping will not drop RADIUS traffic.

         Maintaining the value of this object across agent reboots 
         is REQUIRED."
    DEFVAL { enabled }
    ::= { etsysRadiusSnoopingPortEntry 5 }

etsysRadiusSnoopingPortAuthenticationsAllocated OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The maximum number of RADIUS Snooping authentications permitted on 
         this port on this module. This value must be non-zero and be less
         than or equal to the value of 
         etsysRadiusSnoopingAuthenticationsAllowed.  Setting this object to a 
         value less than the current number of authenticated RADIUS Snooping 
         sessions on this port prevents further authentications, but has no 
         affect on the current sessions.  Maintaining the value of this object 
         across agent reboots is REQUIRED"
    ::= { etsysRadiusSnoopingPortEntry 6 }

etsysRadiusSnoopingPortAuthenticationsAllowed OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The maximum number of concurrent RADIUS Snooping authentications 
         supported on this port on this module. The default value of this
         object is platform and resource dependent."
    ::= { etsysRadiusSnoopingPortEntry 7 }

-- -------------------------------------------------------------
-- etsysRadiusSnoopingSessionGroup
-- -------------------------------------------------------------

etsysRadiusSnoopingSessionTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EtsysRadiusSnoopingSessionEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table containing configuration objects for each RADIUS
         Snooping session authenticated on a port. Each row in this table
         is created dynamically when a RADIUS Snooping session authenticates 
         on a port."
    ::= { etsysRadiusSnoopingSessionGroup 1 }

etsysRadiusSnoopingSessionEntry OBJECT-TYPE
    SYNTAX      EtsysRadiusSnoopingSessionEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each conceptual row inherits it's initial information
         from the row in the etsysRadiusSnoopingPortConfigTable
         corresponding to the correct port. Each row represents an
         authenticated RADIUS Snooping session."
    INDEX { etsysRadiusSnoopingSessionMACAddress }
    ::= { etsysRadiusSnoopingSessionTable 1 }

EtsysRadiusSnoopingSessionEntry::=
    SEQUENCE {
        etsysRadiusSnoopingSessionMACAddress               MacAddress,
        etsysRadiusSnoopingSessionInitialize               TruthValue, 
        etsysRadiusSnoopingSessionPort                     InterfaceIndex,
        etsysRadiusSnoopingSessionRadiusClientAddressType  InetAddressType, 
        etsysRadiusSnoopingSessionRadiusClientAddress      InetAddress,
        etsysRadiusSnoopingSessionRadiusServerAddressType  InetAddressType,
        etsysRadiusSnoopingSessionRadiusServerAddress      InetAddress,
        etsysRadiusSnoopingSessionDuration                 Unsigned32
    }

etsysRadiusSnoopingSessionMACAddress OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This is the MAC address that was authenticated on this port."
    ::= { etsysRadiusSnoopingSessionEntry 1 }

etsysRadiusSnoopingSessionInitialize OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "When set to true(1), this RADIUS Snooping session 
        terminates causing the corresponding row in this table 
        and in the etsysRadiusSnoopingSessionTable to be removed.

        Setting this object to false(2) has no effect on the system.
        Reads of this object always return false(2)."
    ::= { etsysRadiusSnoopingSessionEntry 2 }

etsysRadiusSnoopingSessionPort OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This is the InterfaceIndex associated with this rows
         RADIUS Snooping authenticated session."
    ::= { etsysRadiusSnoopingSessionEntry 3 }

etsysRadiusSnoopingSessionRadiusClientAddressType OBJECT-TYPE
    SYNTAX     InetAddressType
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION 
        "The type of data returned by 
         etsysRadiusSnoopingMACRadiusClientAddress." 
    ::= { etsysRadiusSnoopingSessionEntry 5 }

etsysRadiusSnoopingSessionRadiusClientAddress OBJECT-TYPE
    SYNTAX     InetAddress
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION 
        "The network address of the RADIUS Client that sent the RADIUS Access 
         Request that started the RADIUS Snooping authentication that led 
         to this RADIUS Snooping session entry." 
    ::= { etsysRadiusSnoopingSessionEntry 6 }

etsysRadiusSnoopingSessionRadiusServerAddressType OBJECT-TYPE
    SYNTAX     InetAddressType
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION 
        "The type of data returned by 
         etsysRadiusSnoopingMACRadiusServerAddress." 
    ::= { etsysRadiusSnoopingSessionEntry 7 }

etsysRadiusSnoopingSessionRadiusServerAddress OBJECT-TYPE
    SYNTAX     InetAddress
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION 
        "The network address of the RADIUS Server that sent the RADIUS Access 
         Accept that successfully completed the RADIUS Snooping authentication
         that led to this RADIUS Snooping session entry." 
    ::= { etsysRadiusSnoopingSessionEntry 8 }

etsysRadiusSnoopingSessionDuration OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value, in seconds, which have elapsed since the start
         of this session."
    ::= { etsysRadiusSnoopingSessionEntry 9 }

-- -------------------------------------------------------------
-- etsysRadiusSnoopingFlowGroup
-- -------------------------------------------------------------

etsysRadiusSnoopingFlowTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EtsysRadiusSnoopingFlowEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table containing configuration objects for each RADIUS
         snooping flow. The configuration for
         each flow in this table must be non-volatile."
    ::= { etsysRadiusSnoopingFlowGroup 1 }

etsysRadiusSnoopingFlowEntry OBJECT-TYPE
    SYNTAX      EtsysRadiusSnoopingFlowEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each conceptual row provides control over all of the
         values used by each RADIUS Snooping flow."
    INDEX { etsysRadiusSnoopingFlowIndex }
    ::= { etsysRadiusSnoopingFlowTable 1 }

EtsysRadiusSnoopingFlowEntry::=
    SEQUENCE {
        etsysRadiusSnoopingFlowIndex                  Unsigned32,
        etsysRadiusSnoopingFlowClientAddressType      InetAddressType,
        etsysRadiusSnoopingFlowClientAddress          InetAddress,
        etsysRadiusSnoopingFlowServerAddressType      InetAddressType,
        etsysRadiusSnoopingFlowServerAddress          InetAddress,
        etsysRadiusSnoopingFlowServerPortNumber       Integer32,
        etsysRadiusSnoopingFlowSecret                 OCTET STRING,
        etsysRadiusSnoopingFlowRowStatus              RowStatus,
        etsysRadiusSnoopingFlowSecretEntered          TruthValue,
        etsysRadiusSnoopingFlowCurrentSessions        Counter32,
        etsysRadiusSnoopingFlowPendingAuthentications Counter32,
        etsysRadiusSnoopingFlowTotalSessions          Counter32,
        etsysRadiusSnoopingFlowAccessRequests         Counter32,
        etsysRadiusSnoopingFlowAccessAccepts          Counter32,
        etsysRadiusSnoopingFlowAccessRejects          Counter32,
        etsysRadiusSnoopingFlowInvalidRequests        Counter32,
        etsysRadiusSnoopingFlowInvalidResponses       Counter32,
        etsysRadiusSnoopingFlowTotalDroppedPackets    Counter32,
        etsysRadiusSnoopingFlowUnsupportedReqPackets  Counter32,
        etsysRadiusSnoopingFlowUnsupportedRspPackets  Counter32          
    }

etsysRadiusSnoopingFlowIndex OBJECT-TYPE
    SYNTAX         Integer32 (1..4095)
    MAX-ACCESS     not-accessible
    STATUS         current
    DESCRIPTION
        "A number uniquely identifying each conceptual row in the
         etsysRadiusSnoopingFlowTable.  This value also indicates the
         search priority of the flows.  Incoming RADIUS traffic 
         matching multiple entries will be processed according to the
         entry with the lowest index.

         Maintaining the value of etsysRadiusSnoopingFlowIndex for all
         active(1) entries across agent reboots is REQUIRED."
    ::= { etsysRadiusSnoopingFlowEntry 1 }

etsysRadiusSnoopingFlowClientAddressType OBJECT-TYPE
    SYNTAX         InetAddressType
    MAX-ACCESS     read-write
    STATUS         current
    DESCRIPTION
        "This object specifies how etsysRadiusSnoopingFlowClientAddress
         is encoded.  Support for all possible enumerations defined by
         InetAddressType is NOT REQUIRED."
    DEFVAL { ipv4 }
    ::= { etsysRadiusSnoopingFlowEntry 2 }

etsysRadiusSnoopingFlowClientAddress OBJECT-TYPE
    SYNTAX         InetAddress (SIZE(1..64))
    MAX-ACCESS     read-write
    STATUS         current
    DESCRIPTION
        "The encoded unicast IP address of a RADIUS client.  
         RADIUS Snooping may process RADIUS requests from this 
         address.

         Maintaining the value of etsysRadiusSnoopingFlowClientAddress for all
         active(1) entries across agent reboots is REQUIRED."
    ::= { etsysRadiusSnoopingFlowEntry 3 }

etsysRadiusSnoopingFlowServerAddressType OBJECT-TYPE
    SYNTAX         InetAddressType
    MAX-ACCESS     read-write
    STATUS         current
    DESCRIPTION
        "This object specifies how etsysRadiusSnoopingFlowServerAddress
         is encoded.  Support for all possible enumerations defined by
         InetAddressType is NOT REQUIRED."
    DEFVAL { ipv4 }
    ::= { etsysRadiusSnoopingFlowEntry 4 }

etsysRadiusSnoopingFlowServerAddress OBJECT-TYPE
    SYNTAX         InetAddress (SIZE(1..64))
    MAX-ACCESS     read-write
    STATUS         current
    DESCRIPTION
        "The encoded unicast IP address of a RADIUS server.  
         RADIUS Snooping may process RADIUS responses from this 
         address.

         Maintaining the value of etsysRadiusSnoopingFlowServerAddress for all
         active(1) entries across agent reboots is REQUIRED."
    ::= { etsysRadiusSnoopingFlowEntry 5 }

etsysRadiusSnoopingFlowServerPortNumber  OBJECT-TYPE
    SYNTAX         Integer32 (0..65535)
    MAX-ACCESS     read-write
    STATUS         current
    DESCRIPTION
        "The destination UDP port number (0-65535) the client will use
         to send RADIUS requests to the server and the source UDP 
         port number (0-65535) the server will use to send RADIUS responses
         to the client.

         Maintaining the value of etsysRadiusSnoopingFlowServerPortNumber 
         for all active(1) entries across agent reboots is REQUIRED."
    DEFVAL { 1812 }
    ::= { etsysRadiusSnoopingFlowEntry 6 }

etsysRadiusSnoopingFlowSecret  OBJECT-TYPE
    SYNTAX         OCTET STRING (SIZE(0..32))
    MAX-ACCESS     read-create
    STATUS         current
    DESCRIPTION
        "This object is the secret shared between the RADIUS 
         authentication server and the RADIUS client.

         On a read operation this object MUST return a zero length
         string.

         Writing this object with a zero length string clears the
         secret.

         Maintaining the value of etsysRadiusSnoopingFlowSecret for all
         active(1) entries across agent reboots is REQUIRED."
    ::= { etsysRadiusSnoopingFlowEntry 7 }

etsysRadiusSnoopingFlowRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The status of this row as defined by the RowStatus textual
         convention."
      
    REFERENCE
        "RFC2579 (Textual Conventions for SMIv2)"
    ::={ etsysRadiusSnoopingFlowEntry 8 }

etsysRadiusSnoopingFlowSecretEntered  OBJECT-TYPE
    SYNTAX         TruthValue
    MAX-ACCESS     read-only
    STATUS         current
    DESCRIPTION
        "true(1)  - Indicates that etsysRadiusSnoopingFlowSecret was
                    last set with some value other than the empty string.

         false(2) - Indicates that etsysRadiusSnoopingFlowSecret has
                    never been set, or was last set to the empty string."
    ::= { etsysRadiusSnoopingFlowEntry 9 }

etsysRadiusSnoopingFlowCurrentSessions  OBJECT-TYPE
    SYNTAX         Counter32
    MAX-ACCESS     read-only
    STATUS         current
    DESCRIPTION
        "The number of current RADIUS Snooping authenticated sessions for this
         RAIDIUS Snooping flow."
    ::= { etsysRadiusSnoopingFlowEntry 10 }

etsysRadiusSnoopingFlowPendingAuthentications  OBJECT-TYPE
    SYNTAX         Counter32
    MAX-ACCESS     read-only
    STATUS         current
    DESCRIPTION
        "The number of pending RADIUS Snooping authentications for this RADIUS
         Snooping flow.  A valid RADIUS request has been seen for these 
         authentications, but no valid RADIUS response has been detected 
         as of yet."
    ::= { etsysRadiusSnoopingFlowEntry 11 }

etsysRadiusSnoopingFlowTotalSessions  OBJECT-TYPE
    SYNTAX         Counter32
    MAX-ACCESS     read-only
    STATUS         current
    DESCRIPTION
        "The total number of successful RADIUS Snooping authentications for 
         this RADIUS Snoopping flow since the last system reboot."
    ::= { etsysRadiusSnoopingFlowEntry 12 }

etsysRadiusSnoopingFlowAccessRequests  OBJECT-TYPE
    SYNTAX         Counter32
    MAX-ACCESS     read-only
    STATUS         current
    DESCRIPTION
        "The total number of valid RADIUS Access Requests sent by the 
         client to the server in this RADIUS Snooping flow since the last 
         system reboot."
    ::= { etsysRadiusSnoopingFlowEntry 13 }

etsysRadiusSnoopingFlowAccessAccepts  OBJECT-TYPE
    SYNTAX         Counter32
    MAX-ACCESS     read-only
    STATUS         current
    DESCRIPTION
        "The total number of valid RADIUS Access Accepts sent by the 
         server to the client in this RADIUS Snooping flow since
         the last system reboot."
    ::= { etsysRadiusSnoopingFlowEntry 14 }

etsysRadiusSnoopingFlowAccessRejects  OBJECT-TYPE
    SYNTAX         Counter32
    MAX-ACCESS     read-only
    STATUS         current
    DESCRIPTION
        "The total number of valid RADIUS Access Rejects sent by the 
         server to the client in this RADIUS Snooping flow since
         the last system reboot."
    ::= { etsysRadiusSnoopingFlowEntry 15 }

etsysRadiusSnoopingFlowInvalidRequests  OBJECT-TYPE
    SYNTAX         Counter32
    MAX-ACCESS     read-only
    STATUS         current
    DESCRIPTION
        "The total number of invalid RADIUS requests sent by the 
         client in this RADIUS Snooping flow since
         the last system reboot.  This may  occur due to an invalid
         RADIUS packet format or the lack of a Calling-Station-Id RADIUS 
         attribute."
    ::= { etsysRadiusSnoopingFlowEntry 16 }

etsysRadiusSnoopingFlowInvalidResponses  OBJECT-TYPE
    SYNTAX         Counter32
    MAX-ACCESS     read-only
    STATUS         current
    DESCRIPTION
        "The total number of invalid RADIUS responses sent by the 
         server in this RADIUS Snooping flow since
         the last system reboot.  This may  occur due to an invalid
         RADIUS packet format or a RADIUS packet validation failure if
         validation is enabled."
    ::= { etsysRadiusSnoopingFlowEntry 17 }

etsysRadiusSnoopingFlowTotalDroppedPackets  OBJECT-TYPE
    SYNTAX         Counter32
    MAX-ACCESS     read-only
    STATUS         current
    DESCRIPTION
        "The total number of dropped RADIUS Snooping packets.  This may  
         occur due resource limitations or RADIUS frame format in 
         conjunction with port packet drop configuration."
    ::= { etsysRadiusSnoopingFlowEntry 18 }

etsysRadiusSnoopingFlowUnsupportedReqPackets  OBJECT-TYPE
    SYNTAX         Counter32
    MAX-ACCESS     read-only
    STATUS         current
    DESCRIPTION
        "The total number of unsupported RADIUS request packets that are 
         received by the RADIUS Snooping component but not supported.  
         Specifically, Accounting Requests are counted.  These packets are 
         never dropped."
    ::= { etsysRadiusSnoopingFlowEntry 19 }

etsysRadiusSnoopingFlowUnsupportedRspPackets  OBJECT-TYPE
    SYNTAX         Counter32
    MAX-ACCESS     read-only
    STATUS         current
    DESCRIPTION
        "The total number of unsupported RADIUS response packets that are 
         received by the RADIUS Snooping component but not supported.  
         Specifically, Accounting Responses and Challenge Responses are
         counted.  These packets are never dropped."
    ::= { etsysRadiusSnoopingFlowEntry 20 }

-- -------------------------------------------------------------
-- Conformance Information
-- -------------------------------------------------------------

etsysRadiusSnoopingConformance
        OBJECT IDENTIFIER ::= { etsysRadiusSnoopingMIB 2 }

etsysRadiusSnoopingGroups
        OBJECT IDENTIFIER ::= { etsysRadiusSnoopingConformance 1 }

etsysRadiusSnoopingCompliances
        OBJECT IDENTIFIER ::= { etsysRadiusSnoopingConformance 2 }

-- -------------------------------------------------------------
-- Units of conformance
-- -------------------------------------------------------------

etsysRadiusSnoopingSystemGroup OBJECT-GROUP
    OBJECTS {
        etsysRadiusSnoopingSystemEnable,
        etsysRadiusSnoopingSystemTimeout,
        etsysRadiusSnoopingSystemConfiguredFlows,
        etsysRadiusSnoopingSystemActiveSessions
    }
    STATUS      current
    DESCRIPTION
        "Global object controlling this feature.
         Global objects that affect how the credentials are
         presented to the authentication server."
    ::= { etsysRadiusSnoopingGroups 1 }

etsysRadiusSnoopingPortGroup OBJECT-GROUP
    OBJECTS {
        etsysRadiusSnoopingPortIndex,
        etsysRadiusSnoopingPortEnable,
        etsysRadiusSnoopingPortTimeout,
        etsysRadiusSnoopingPortInitialize,
        etsysRadiusSnoopingPortDrop,
        etsysRadiusSnoopingPortAuthenticationsAllocated,
        etsysRadiusSnoopingPortAuthenticationsAllowed
     }
    STATUS      current
    DESCRIPTION
        "Objects describing the RADIUS Snooping
         variables for each port."
    ::= { etsysRadiusSnoopingGroups 2 }

etsysRadiusSnoopingSessionGroup OBJECT-GROUP
    OBJECTS {
        etsysRadiusSnoopingSessionMACAddress,
        etsysRadiusSnoopingSessionInitialize,
        etsysRadiusSnoopingSessionPort,
        etsysRadiusSnoopingSessionRadiusClientAddressType,
        etsysRadiusSnoopingSessionRadiusClientAddress,
        etsysRadiusSnoopingSessionRadiusServerAddressType,
        etsysRadiusSnoopingSessionRadiusServerAddress,
        etsysRadiusSnoopingSessionDuration
     }
    STATUS      current
    DESCRIPTION
        "Objects associated with an individual RADIUS Snooping
         authentication."
    ::= { etsysRadiusSnoopingGroups 3 }

 etsysRadiusSnoopingFlowGroup OBJECT-GROUP
    OBJECTS {
        etsysRadiusSnoopingFlowClientAddressType,
        etsysRadiusSnoopingFlowClientAddress,
        etsysRadiusSnoopingFlowServerAddressType,
        etsysRadiusSnoopingFlowServerAddress,
        etsysRadiusSnoopingFlowServerPortNumber,
        etsysRadiusSnoopingFlowSecret,
        etsysRadiusSnoopingFlowRowStatus,
        etsysRadiusSnoopingFlowSecretEntered,
        etsysRadiusSnoopingFlowCurrentSessions,
        etsysRadiusSnoopingFlowPendingAuthentications,
        etsysRadiusSnoopingFlowTotalSessions,
        etsysRadiusSnoopingFlowAccessRequests,
        etsysRadiusSnoopingFlowAccessAccepts,
        etsysRadiusSnoopingFlowAccessRejects,
        etsysRadiusSnoopingFlowInvalidRequests,
        etsysRadiusSnoopingFlowInvalidResponses,
        etsysRadiusSnoopingFlowTotalDroppedPackets
     }
    STATUS      deprecated
    DESCRIPTION
        "Objects associated with an individual RADIUS Snooping
         authentication."
    ::= { etsysRadiusSnoopingGroups 4 }   

etsysRadiusSnoopingFlowGroup2 OBJECT-GROUP
    OBJECTS {
        etsysRadiusSnoopingFlowClientAddressType,
        etsysRadiusSnoopingFlowClientAddress,
        etsysRadiusSnoopingFlowServerAddressType,
        etsysRadiusSnoopingFlowServerAddress,
        etsysRadiusSnoopingFlowServerPortNumber,
        etsysRadiusSnoopingFlowSecret,
        etsysRadiusSnoopingFlowRowStatus,
        etsysRadiusSnoopingFlowSecretEntered,
        etsysRadiusSnoopingFlowCurrentSessions,
        etsysRadiusSnoopingFlowPendingAuthentications,
        etsysRadiusSnoopingFlowTotalSessions,
        etsysRadiusSnoopingFlowAccessRequests,
        etsysRadiusSnoopingFlowAccessAccepts,
        etsysRadiusSnoopingFlowAccessRejects,
        etsysRadiusSnoopingFlowInvalidRequests,
        etsysRadiusSnoopingFlowInvalidResponses,
        etsysRadiusSnoopingFlowTotalDroppedPackets,
        etsysRadiusSnoopingFlowUnsupportedReqPackets,
        etsysRadiusSnoopingFlowUnsupportedRspPackets
     }
    STATUS      current
    DESCRIPTION
        "Objects associated with an individual RADIUS Snooping
         authentication."
    ::= { etsysRadiusSnoopingGroups 5 }

-- -------------------------------------------------------------
-- Compliance statements
-- -------------------------------------------------------------

etsysRadiusSnoopingCompliance MODULE-COMPLIANCE
    STATUS      deprecated
    DESCRIPTION
        "The compliance statement for devices that support RADIUS Snooping."

    MODULE
        MANDATORY-GROUPS {
            etsysRadiusSnoopingSystemGroup,
            etsysRadiusSnoopingPortGroup,
            etsysRadiusSnoopingSessionGroup,
            etsysRadiusSnoopingFlowGroup
            }

       OBJECT      etsysRadiusSnoopingSystemEnable
       SYNTAX      EnabledStatus
       MIN-ACCESS  read-only
       DESCRIPTION
           "Write access is not required. If read-only is selected,
            then the default value must be enabled(1)."

    ::= { etsysRadiusSnoopingCompliances 1 }

etsysRadiusSnoopingCompliance2 MODULE-COMPLIANCE
    STATUS      current
    DESCRIPTION
        "The compliance statement for devices that support RADIUS Snooping."

    MODULE
        MANDATORY-GROUPS {
            etsysRadiusSnoopingSystemGroup,
            etsysRadiusSnoopingPortGroup,
            etsysRadiusSnoopingSessionGroup,
            etsysRadiusSnoopingFlowGroup2
            }

       OBJECT      etsysRadiusSnoopingSystemEnable
       SYNTAX      EnabledStatus
       MIN-ACCESS  read-only
       DESCRIPTION
           "Write access is not required. If read-only is selected,
            then the default value must be enabled(1)."

    ::= { etsysRadiusSnoopingCompliances 2 }

END
