HP-ICF-USER-PROFILE-MIB DEFINITIONS ::= BEGIN IMPORTS TimeTicks, IpAddress, Integer32, Unsigned32, OBJECT-TYPE, MODULE-IDENTITY, Counter64 FROM SNMPv2-SMI OBJECT-IDENTITY FROM SNMPv2-SMI PhysAddress, DisplayString, TEXTUAL-CONVENTION, RowStatus, TruthValue, MacAddress FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF InterfaceIndex FROM IF-MIB hpSwitch, hpicfCommonSecurity, hpicfCommon FROM HP-ICF-OID VlanIndex FROM Q-BRIDGE-MIB ; hpicfUsrProfileMIB MODULE-IDENTITY LAST-UPDATED "200803171539Z" -- March 17, 2008 ORGANIZATION "Hewlett Packard Company, ProCurve Networking Business" CONTACT-INFO "Hewlett Packard Company, 8000 Foothills Blvd. Roseville, CA 95747." DESCRIPTION "This MIB module contains the definitions of Managed Objects for user access profiles." -- -- Revision History -- REVISION "200803171539Z" -- March 17, 2008 DESCRIPTION "Version 1.6 Created hpicfUsrProfileConfigNasRulesIpv6 to enable or disable IPv6 ACEs. When enabled, destinations of 'any' will be treated as both IPv4 and IPv6. When disabled all destinations will be treated as IPv4 only." REVISION "200707162110Z" -- July 16, 2007 DESCRIPTION "Version 1.5 Created hpicfUsrProfileConfigFilterListTable and hpicfUsrProfileConfigFilterRuleTable. Removed hpicfUsrProfileConfigFilterTable. These changes allow for the requirement that a filter list not be in an active state in order for filter rules to be added/removed/modified." REVISION "200706192140Z" -- June 19, 2007 DESCRIPTION "Version 1.4 Added comment to hpicfUsrProfileConfigBindEntryRowStatus. Changed hpicfUserProfileConfigListEnable to hpicfUserProfileConfigEntryRowStatus. Moved VlanIndex from section Groups in HP-ICF-USER-PROFILE-MIb up to the Import section. Added variable hpicfUsrProfileConfigEntryRowStatus to the HpicfUsrProfileConfigEntry table. Added comment to the Description clause of hpicfUsrProfileConfigPvid. Added comment to the Description clause of hpicfUsrProfileConfigTaggedEgressVlanMap1k Changed range of hpicfUsrProfileSelector from 0..16384 to 1..16384 and added comment to the variable's Description clause." REVISION "200703142335Z" -- March, 14 2007 DESCRIPTION "Version 1.3 Added to hpicfUsrProfileStatsAccessMode to hpicfUsrProfileStatsEntry." REVISION "200702062028Z" -- February, 6 2007 DESCRIPTION "Version 1.2 Added hpicfUsrProfileConfigBindEntryRowStatus to hpicfUsrProfileConfigBindTable." REVISION "200510120000Z" -- October, 12 2006 DESCRIPTION "Version 1.1" REVISION "200510050000Z" -- October, 5 2006 DESCRIPTION "Initial version." ::= { hpicfCommonSecurity 1} -- ---------------------------------------------------------- -- -- Groups in HP-ICF-USER-PROFILE-MIB -- ---------------------------------------------------------- -- hpicfUsrProfileCapability OBJECT IDENTIFIER ::= {hpicfUsrProfileMIB 0} hpicfUsrProfileConfig OBJECT IDENTIFIER ::= {hpicfUsrProfileMIB 1} hpicfUsrProfileStats OBJECT IDENTIFIER ::= {hpicfUsrProfileMIB 2} hpicfUsrProfileConformance OBJECT IDENTIFIER ::= {hpicfUsrProfileMIB 3} -- ########################################################## -- -- The User Access Profile Capability Group -- ########################################################## -- hpicfUsrProfileCapabilityByPortMap OBJECT-TYPE SYNTAX OCTET STRING (SIZE(8)) MAX-ACCESS read-only STATUS current DESCRIPTION "A string of octets containing on bit per access profile primitive as follows: bit 0 - PVID/native/untagged ingress VLAN bit 1 - Tagged Egress VLAN bit 2 - Ingress VLAN Filter bit 3 - Priority Regeneration bit 4 - Max. Ingress Bandwidth bit 5 - Max. Egress Bandwidth bit 6 - Filter List bit 7 - Hitcount Support bit 8 - through 64 - reserved When a bit is set to one, it indicates that device supports the selected access profile primitive only on a per port ('hpicfUsrProfileUserPortNumber') basis. The concequence is that the device can only enforce the same access primitive setting for all users ('hpicfUsrProfileUserMacAddr') on a given port." ::= { hpicfUsrProfileCapability 1 } hpicfUsrProfileCapabilityByUserMap OBJECT-TYPE SYNTAX OCTET STRING (SIZE(8)) MAX-ACCESS read-only STATUS current DESCRIPTION "A string of octets containing one bit per access profile primitive as follows: bit 0 - PVID/native/untagged ingress VLAN bit 1 - Tagged Egress VLAN bit 2 - Ingress VLAN Filter bit 3 - Priority Regeneration bit 4 - Max. Ingress Bandwidth bit 5 - Max. Egress Bandwidth bit 6 - Filter List bit 7 - Hitcount Support bit 8 - through 64 - reserved When a bit is set to one, it indicates that device supports the selected access profile primitive on a per 'hpicfUsrProfileUserMacAddr' basis. The consequence is that the device can enforce unique per user access profile primitives for each user on a given port ('hpicfUsrProfileUserPortNumber')." ::= { hpicfUsrProfileCapability 2 } -- ########################################################## -- -- The User Access Profile Configuration Group -- ########################################################## -- -- ---------------------------------------------------------- -- -- Configuration of filters -- ---------------------------------------------------------- -- hpicfUsrProfileConfigFilterListTable OBJECT-TYPE SYNTAX SEQUENCE OF HpicfUsrProfileConfigFilterListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains configuration objects for filter lists." ::= { hpicfUsrProfileConfig 1 } hpicfUsrProfileConfigFilterListEntry OBJECT-TYPE SYNTAX HpicfUsrProfileConfigFilterListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The configuration information for a user's filtering profile." INDEX { hpicfUsrProfileFilterListIndex } ::= { hpicfUsrProfileConfigFilterListTable 1 } HpicfUsrProfileConfigFilterListEntry ::= SEQUENCE { hpicfUsrProfileFilterListIndex Integer32, hpicfUsrProfileConfigFilterListRowStatus RowStatus, hpicfUsrProfileConfigNasRulesIpv6 INTEGER } hpicfUsrProfileFilterListIndex OBJECT-TYPE SYNTAX Integer32 (1..16384) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The identifier used to select a list of filter rules. A filter list entry must be created before a filter rule entry can be added." ::= { hpicfUsrProfileConfigFilterListEntry 1} hpicfUsrProfileConfigFilterListRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry. Must NOT be active in order to modify an hpicfUsrProfileConfigFilterRuleEntry that is indexed on this entry's hpicfUsrProfileListIndex. This object must be in the notReady or notInService states in order for an hpicfUsrProfileConfigFilterRuleEntry to be added, removed, or modified. In order to be changed to an active rowStatus, at least one rule sharing the list index must have an active hpicfUsrProfileConfigFilterRuleRowStatus." ::= { hpicfUsrProfileConfigFilterListEntry 2 } hpicfUsrProfileConfigNasRulesIpv6 OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Setting this attribute to enabled(1) enables the usage of IPv6 destinations in ACEs. When set to disabled(2) any implicit IP destinations will be translated as IPv4 only." DEFVAL { disabled } ::= { hpicfUsrProfileConfigFilterListEntry 3 } hpicfUsrProfileConfigFilterRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF HpicfUsrProfileConfigFilterRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains configuration objects for filter lists." ::= { hpicfUsrProfileConfig 2 } hpicfUsrProfileConfigFilterRuleEntry OBJECT-TYPE SYNTAX HpicfUsrProfileConfigFilterRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The configuration information for a user's filtering profile." INDEX { hpicfUsrProfileFilterRuleListIndex, hpicfUsrProfileFilterRuleIndex } ::= { hpicfUsrProfileConfigFilterRuleTable 1 } HpicfUsrProfileConfigFilterRuleEntry ::= SEQUENCE { hpicfUsrProfileFilterRuleListIndex Integer32, hpicfUsrProfileFilterRuleIndex Integer32, hpicfUsrProfileConfigFilterRule OCTET STRING, hpicfUsrProfileConfigFilterRuleRowStatus RowStatus } hpicfUsrProfileFilterRuleListIndex OBJECT-TYPE SYNTAX Integer32 (1..16384) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The identifier used to select a list of filter rules. This filter rule list index must correspond to a created but not active filter list index in order for a rule entry to be created." ::= { hpicfUsrProfileConfigFilterRuleEntry 1} hpicfUsrProfileFilterRuleIndex OBJECT-TYPE SYNTAX Integer32 (1..16384) MAX-ACCESS not-accessible STATUS current DESCRIPTION "A numeric value assigned to each rule within a list belong to the same hpicfUsrProfileFilterListIndex. Rules within a given list will be evaluated in ascending order." ::= { hpicfUsrProfileConfigFilterRuleEntry 2 } hpicfUsrProfileConfigFilterRule OBJECT-TYPE SYNTAX OCTET STRING(SIZE(0..80)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a single filter rule using the same syntax used for the hp-nas-filter-rule RADIUS attribute." ::= { hpicfUsrProfileConfigFilterRuleEntry 3 } hpicfUsrProfileConfigFilterRuleRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry. Must NOT be active in order to modify an hpicfUsrProfileConfigFilterRuleEntry. However, if an hpicfUsrProfileConfigFilterListRowStatus is set to destroy, all HpicfUsrProfileConfigFilterRuleEntry entries sharing the common hpicfUsrProfileFilterListIndex will also be destroyed regardless of the value of hpicfUsrProfileConfigFilterRuleRowStatus." ::= { hpicfUsrProfileConfigFilterRuleEntry 4 } -- ---------------------------------------------------------- -- -- Configuration of access profiles -- ---------------------------------------------------------- -- hpicfUsrProfileConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF HpicfUsrProfileConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains configuration objects for access profiles." ::= { hpicfUsrProfileConfig 3 } hpicfUsrProfileConfigEntry OBJECT-TYPE SYNTAX HpicfUsrProfileConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The configuration information for an access profile." INDEX { hpicfUsrProfileConfigIndex } ::= { hpicfUsrProfileConfigTable 1 } HpicfUsrProfileConfigEntry ::= SEQUENCE { hpicfUsrProfileConfigIndex Integer32, hpicfUsrProfileConfigPvid VlanIndex, hpicfUsrProfileConfigPvidEnable TruthValue, hpicfUsrProfileConfigTaggedEgressVlanMap1k OCTET STRING, hpicfUsrProfileConfigTaggedEgressVlanMap2k OCTET STRING, hpicfUsrProfileConfigTaggedEgressVlanMap3k OCTET STRING, hpicfUsrProfileConfigTaggedEgressVlanMap4k OCTET STRING, hpicfUsrProfileConfigTaggedEgressVlanEnable TruthValue, hpicfUsrProfileConfigIngressVlanFilterEnable TruthValue, hpicfUsrProfileConfigPriorityRegenTable OCTET STRING, hpicfUsrProfileConfigPriorityRegenTableEnable TruthValue, hpicfUsrProfileConfigMaxIngressBandwidth Unsigned32, hpicfUsrProfileConfigMaxIngressBandwidthEnable TruthValue, hpicfUsrProfileConfigMaxEgressBandwidth Unsigned32, hpicfUsrProfileConfigMaxEgressBandwidthEnable TruthValue, hpicfUsrProfileConfigFilterListIndex Integer32, hpicfUsrProfileConfigFilterListEnable TruthValue, hpicfUsrProfileConfigEntryRowStatus RowStatus } hpicfUsrProfileConfigIndex OBJECT-TYPE SYNTAX Integer32(1..16384) MAX-ACCESS not-accessible STATUS current DESCRIPTION "A unique numeric value assigned to each access profile in this table." ::= { hpicfUsrProfileConfigEntry 1} hpicfUsrProfileConfigPvid OBJECT-TYPE SYNTAX VlanIndex MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the port VID (PVID), also known, as native VLAN to be used with this access profile. To specify no pvid, set value to 4095, not 0." ::= { hpicfUsrProfileConfigEntry 2} hpicfUsrProfileConfigPvidEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Setting this attribute TRUE enables the usage of 'hpicfUsrProfilePvid' when this access profile is active." ::= { hpicfUsrProfileConfigEntry 3} hpicfUsrProfileConfigTaggedEgressVlanMap1k OBJECT-TYPE SYNTAX OCTET STRING(SIZE(0..128)) MAX-ACCESS read-create STATUS current DESCRIPTION "A string of octets containing one bit per VLAN for VLANS with 'VlanIndex' values of 0 through 1023. The first octet corresponds to VLANs with 'VlanIndex' values of 0 through 7, the second octet to VLANs 8 through 15, etc. The most significant bit of each octet corresponds to the lowest 'VlanIndex' value in that octet. Bit 0 in the 1K map is ignored/discarded. If variable hpicfUsrProfileConfigPvidEnable is TRUE, some bit other than bit 0 in the 1K map must be set. To specify an empty tagged vlan map, vlanIndex value 4095 in the 4K map must be set. Setting a bit to '1' specifies the usage the corresponding VLAN with this access profile." DEFVAL { ''H } -- the empty string: no VLANs set ::= { hpicfUsrProfileConfigEntry 4} hpicfUsrProfileConfigTaggedEgressVlanMap2k OBJECT-TYPE SYNTAX OCTET STRING(SIZE(0..128)) MAX-ACCESS read-create STATUS current DESCRIPTION "A string of octets containing one bit per VLAN for VLANS with 'VlanIndex' values of 1024 through 2047. The first octet corresponds to VLANs with 'VlanIndex' values of 1024 through 1031, the second octet to VLANs 1032 through 1039, etc. The most significant bit of each octet corresponds to the lowest 'VlanIndex' value in that octet. Setting a bit to '1' specifies the usage the corresponding VLAN with this access profile." DEFVAL { ''H } -- the empty string: no VLANs set ::= { hpicfUsrProfileConfigEntry 5} hpicfUsrProfileConfigTaggedEgressVlanMap3k OBJECT-TYPE SYNTAX OCTET STRING(SIZE(0..128)) MAX-ACCESS read-create STATUS current DESCRIPTION "A string of octets containing one bit per VLAN for VLANS with 'VlanIndex' values of 2048 through 3071. The first octet corresponds to VLANs with 'VlanIndex' values of 2048 through 3071, the second octet to VLANs 2056 through 2063, etc. The most significant bit of each octet corresponds to the lowest 'VlanIndex' value in that octet. Setting a bit to '1' specifies the usage the corresponding VLAN with this access profile." DEFVAL { ''H } -- the empty string: no VLANs set ::= { hpicfUsrProfileConfigEntry 6} hpicfUsrProfileConfigTaggedEgressVlanMap4k OBJECT-TYPE SYNTAX OCTET STRING(SIZE(0..128)) MAX-ACCESS read-create STATUS current DESCRIPTION "A string of octets containing one bit per VLAN for VLANS with 'VlanIndex' values of 3072 through 4095. The first octet corresponds to VLANs with 'VlanIndex' values of 3072 through 3079, the second octet to VLANs 3080 through 3087, etc. The most significant bit of each octet corresponds to the lowest 'VlanIndex' value in that octet. Setting a bit to '1' specifies the usage the corresponding VLAN with this access profile." DEFVAL { ''H } -- the empty string: no VLANs set ::= { hpicfUsrProfileConfigEntry 7} hpicfUsrProfileConfigTaggedEgressVlanEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Setting this attribute TRUE enables the usage of 'hpicfUsrProfileTaggedVlanMapXXX' when this access profile is being enforced." DEFVAL { false } ::= { hpicfUsrProfileConfigEntry 8} hpicfUsrProfileConfigIngressVlanFilterEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Setting this attribute TRUE causes the system to only allow ingress traffic from those VLANs on which egress traffic is permitted." DEFVAL { false } ::= { hpicfUsrProfileConfigEntry 9} hpicfUsrProfileConfigPriorityRegenTable OBJECT-TYPE SYNTAX OCTET STRING(SIZE(8)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the IEEE 802 priority regeneration table for this access profile. Syntax of octet string is same as for 'User-Priority-Table' RADIUS attribute as defined in RFC4675." DEFVAL { ''H } -- the empty string ::= { hpicfUsrProfileConfigEntry 10} hpicfUsrProfileConfigPriorityRegenTableEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Setting this attribute TRUE enables the usage of the 'hpicfUsrProfilePriorityRegenTable' when this access profile is active." ::= { hpicfUsrProfileConfigEntry 11} hpicfUsrProfileConfigMaxIngressBandwidth OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the maximum ingress bandwidth for this access profile. Bandwidth value is specified in Kbps." ::= { hpicfUsrProfileConfigEntry 12} hpicfUsrProfileConfigMaxIngressBandwidthEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Setting this attribute TRUE enables the usage of the 'hpicfUsrProfileMaxIngressBandwidth' when this access profile is active." ::= { hpicfUsrProfileConfigEntry 13} hpicfUsrProfileConfigMaxEgressBandwidth OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the maximum egress bandwidth for this access profile. Bandwidth value is specified in Kbps." ::= { hpicfUsrProfileConfigEntry 14} hpicfUsrProfileConfigMaxEgressBandwidthEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Setting this attribute TRUE enables the usage of 'hpicfUsrProfileMaxEgressBandwidth' when this access profile is active." ::= { hpicfUsrProfileConfigEntry 15} hpicfUsrProfileConfigFilterListIndex OBJECT-TYPE SYNTAX Integer32(1..16384) MAX-ACCESS read-create STATUS current DESCRIPTION "Selects the filter from 'hpicfUsrProfileConfigFilterTable' to associate with this access profile. The rowStatus of the filter must be in an active state." ::= { hpicfUsrProfileConfigEntry 16} hpicfUsrProfileConfigFilterListEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Setting this attribute TRUE enables the usage of 'hpicfUsrProfileConfigFilterListIndex' when this access profile is active." ::= { hpicfUsrProfileConfigEntry 17} hpicfUsrProfileConfigEntryRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry. Must NOT be active in order to change some other column of this config entry." ::= { hpicfUsrProfileConfigEntry 18} -- ---------------------------------------------------------- -- -- Configuration of bindings between access profiles to users -- ---------------------------------------------------------- -- hpicfUsrProfileConfigBindTable OBJECT-TYPE SYNTAX SEQUENCE OF HpicfUsrProfileConfigBindEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains configuration objects for the access profile-to-user bindings." ::= { hpicfUsrProfileConfig 4 } hpicfUsrProfileConfigBindEntry OBJECT-TYPE SYNTAX HpicfUsrProfileConfigBindEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The configuration information for a access profile-to-user binding." INDEX { hpicfUsrProfileUserPortNumber, hpicfUsrProfileUserMacAddr } ::= { hpicfUsrProfileConfigBindTable 1 } HpicfUsrProfileConfigBindEntry ::= SEQUENCE { hpicfUsrProfileUserPortNumber InterfaceIndex, hpicfUsrProfileUserMacAddr MacAddress, hpicfUsrProfileSelector Integer32, hpicfUsrProfileConfigBindEntryRowStatus RowStatus } hpicfUsrProfileUserPortNumber OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "The interface index associated with this user. On wired ProCurve products, the interface index is the physical port. On wireless products it is the instance (whether real or virtual) of an AP." ::= { hpicfUsrProfileConfigBindEntry 1} hpicfUsrProfileUserMacAddr OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The 48-bit IEEE media access control address of the user." ::= { hpicfUsrProfileConfigBindEntry 2} hpicfUsrProfileSelector OBJECT-TYPE SYNTAX Integer32(1..16384) MAX-ACCESS read-create STATUS current DESCRIPTION "Setting this attribute to a value between 1 and 16384 selects an access profile from 'hpicfUsrProfileConfigTable' to apply to the user." ::= { hpicfUsrProfileConfigBindEntry 3} hpicfUsrProfileConfigBindEntryRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry. Must NOT be active in order to change some other column of this bind entry." ::= { hpicfUsrProfileConfigBindEntry 4} -- ---------------------------------------------------------- -- -- Configuration of capability conflict resolution -- ---------------------------------------------------------- -- hpicfUsrProfileConfigConflictResolveQoS OBJECT-TYPE SYNTAX INTEGER { non-strict(0), strict(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object controls how a device behaves when QoS conflicts arise. A conflict can arise if a device only supports the QoS access primitive on a per-port basis, but device is being configured with profiles that have per-user unique setting. Applying these profiles to the same port will cause the conflict to arise because the device cannot enforce a per-user unique QoS setting. This object specifies two alternatives, as follows: 'non-strict' - Device does not signal errors when multiple access profiles are applied to a port. The device will apply the QoS settings specified in the last profile applied to the port. 'strict' - Device does signal an error when an attempt to apply an access profile to a port that already has an active access profile with a different QoS setting. Device will not activate the access profile in question after error is signaled. " DEFVAL { 0 } ::= { hpicfUsrProfileConfig 5 } hpicfUsrProfileConfigConflictResolveMaxIngressBandwidth OBJECT-TYPE SYNTAX INTEGER { non-strict(0), strict(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object controls how a device behaves when ingress BW conflicts arise. A conflict can arise if a device only supports the ingress BW access primitive on a per-port basis, but device is being configured with profiles that have per-user unique setting. Applying these profiles to the same port will cause the conflict to arise because the device cannot enforce a per-user unique ingress BW setting. This object specifies two alternatives, as follows: 'non-strict' - Device does not signal errors when multiple access profiles are applied to a port. The device will apply the ingress BW settings specified in the last profile applied to the port. 'strict' - Device does signal an error when an attempt to apply an access profile to a port that already has an active access profile with a different ingress BW setting. Device will not activate the access profile in question after error is signaled. " DEFVAL { 0 } ::= { hpicfUsrProfileConfig 6 } hpicfUsrProfileConfigConflictResolveMaxEgressBandwidth OBJECT-TYPE SYNTAX INTEGER { non-strict(0), strict(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object controls how a device behaves when egress BW conflicts arise. A conflict can arise if a device only supports the egress BW access primitive on a per-port basis, but device is being configured with profiles that have per-user unique setting. Applying these profiles to the same port will cause the conflict to arise because the device cannot enforce a per-user egress BW setting. This object specifies two alternatives, as follows: 'non-strict' - Device does not signal errors when multiple access profiles are applied to a port. The device will apply the egress BW settings specified in the last profile applied to the port. 'strict' - Device does signal an error when an attempt to apply an access profile to a port that already has an active access profile with a different egress BW setting. Device will not activate the access profile in question after error is signaled. " DEFVAL { 0 } ::= { hpicfUsrProfileConfig 7 } -- ########################################################## -- -- The User Access Profile Statistics Group -- ########################################################## -- hpicfUsrProfileLastUpdate OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "A snapshot of the module sysUpTime at the time of the last update to the access profiles in effect. A value of 0 indicates that the hpicfUsrProfileLastUpdate object is not supported by the device and a fresh copy of the hpicfUsrProfileTable will always need to be obtained by the management application." ::= { hpicfUsrProfileStats 1 } -- ---------------------------------------------------------- -- -- Filter statistics -- ---------------------------------------------------------- -- hpicfUsrProfileStatsFilterTable OBJECT-TYPE SYNTAX SEQUENCE OF HpicfUsrProfileStatsFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains statistic objects for filter lists." ::= { hpicfUsrProfileStats 2 } hpicfUsrProfileStatsFilterEntry OBJECT-TYPE SYNTAX HpicfUsrProfileStatsFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Statistic information for a user's filtering profile." INDEX { hpicfUsrProfileFilterListIndex, hpicfUsrProfileFilterRuleIndex } ::= { hpicfUsrProfileStatsFilterTable 1 } HpicfUsrProfileStatsFilterEntry ::= SEQUENCE { hpicfUsrProfileStatsFilterRule OCTET STRING, hpicfUsrProfileStatsFilterRuleHitCount Counter64, hpicfUsrProfileStatsFilterRuleHitCountEnabled TruthValue } hpicfUsrProfileStatsFilterRule OBJECT-TYPE SYNTAX OCTET STRING(SIZE(0..80)) MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies a single filter rule using the same syntax used for the hp-nas-filter-rule RADIUS attribute." ::= { hpicfUsrProfileStatsFilterEntry 1} hpicfUsrProfileStatsFilterRuleHitCount OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the number of times (hit count) the user's traffic has matched this rule." ::= { hpicfUsrProfileStatsFilterEntry 2} hpicfUsrProfileStatsFilterRuleHitCountEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "When this attribute is TRUE it signifies the 'hpicfUsrProfileStatsFilterRuleHitCount' contains a valid value. A FALSE value signifies it does not contain a valid value." ::= { hpicfUsrProfileStatsFilterEntry 3} -- ---------------------------------------------------------- -- -- Access profile statistics -- ---------------------------------------------------------- -- hpicfUsrProfileStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF HpicfUsrProfileStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table describes the access profiles currently in effect." ::= { hpicfUsrProfileStats 3 } hpicfUsrProfileStatsEntry OBJECT-TYPE SYNTAX HpicfUsrProfileStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the user access profile table." INDEX { hpicfUsrProfileUserPortNumber, hpicfUsrProfileUserMacAddr } ::= { hpicfUsrProfileStatsTable 1 } HpicfUsrProfileStatsEntry ::= SEQUENCE { hpicfUsrProfileStatsPvid VlanIndex, hpicfUsrProfileStatsTaggedEgressVlanMap1k OCTET STRING, hpicfUsrProfileStatsTaggedEgressVlanMap2k OCTET STRING, hpicfUsrProfileStatsTaggedEgressVlanMap3k OCTET STRING, hpicfUsrProfileStatsTaggedEgressVlanMap4k OCTET STRING, hpicfUsrProfileStatsIngressVlanFilterEnable TruthValue, hpicfUsrProfileStatsPriorityRegenTable OCTET STRING, hpicfUsrProfileStatsMaxIngressBandwidth Unsigned32, hpicfUsrProfileStatsMaxEgressBandwidth Unsigned32, hpicfUsrProfileStatsFilterListIndex Integer32, hpicfUsrProfileStatsAccessMode INTEGER } hpicfUsrProfileStatsPvid OBJECT-TYPE SYNTAX VlanIndex MAX-ACCESS read-only STATUS current DESCRIPTION "Active port VID (PVID) for this user." ::= { hpicfUsrProfileStatsEntry 1} hpicfUsrProfileStatsTaggedEgressVlanMap1k OBJECT-TYPE SYNTAX OCTET STRING(SIZE(0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "A string of octets containing one bit per VLAN for VLANS with 'VlanIndex' values of 0 through 1023. The first octet corresponds to VLANs with 'VlanIndex' values of 0 through 7, the second octet to VLANs 8 through 15, etc. The most significant bit of each octet corresponds to the lowest 'VlanIndex' value in that octet. When a bit is set to '1', it means the corresponding tagged VLAN as active for this user." ::= { hpicfUsrProfileStatsEntry 2} hpicfUsrProfileStatsTaggedEgressVlanMap2k OBJECT-TYPE SYNTAX OCTET STRING(SIZE(0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "A string of octets containing one bit per VLAN for VLANS with 'VlanIndex' values of 1024 through 2047. The first octet corresponds to VLANs with 'VlanIndex' values of 1024 through 1031, the second octet to VLANs 1032 through 1039, etc. The most significant bit of each octet corresponds to the lowest 'VlanIndex' value in that octet. When a bit is set to '1', it indicates the corresponding tagged VLAN as active for this user." ::= { hpicfUsrProfileStatsEntry 3} hpicfUsrProfileStatsTaggedEgressVlanMap3k OBJECT-TYPE SYNTAX OCTET STRING(SIZE(0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "A string of octets containing one bit per VLAN for VLANS with 'VlanIndex' values of 2048 through 3071. The first octet corresponds to VLANs with 'VlanIndex' values of 2048 through 2055, the second octet to VLANs 2056 through 2063, etc. The most significant bit of each octet corresponds to the lowest 'VlanIndex' value in that octet. When a bit is set to '1', it indicates the corresponding tagged VLAN as active for this user." ::= { hpicfUsrProfileStatsEntry 4} hpicfUsrProfileStatsTaggedEgressVlanMap4k OBJECT-TYPE SYNTAX OCTET STRING(SIZE(0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "A string of octets containing one bit per VLAN for VLANS with 'VlanIndex' values of 3072 through 4095. The first octet corresponds to VLANs with 'VlanIndex' values of 3072 through 3079, the second octet to VLANs 3080 through 3087, etc. The most significant bit of each octet corresponds to the lowest 'VlanIndex' value in that octet. When a bit is set to '1', it indicates the corresponding tagged VLAN as active for this user." ::= { hpicfUsrProfileStatsEntry 5} hpicfUsrProfileStatsIngressVlanFilterEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "When this attribute is TRUE causes the system is only allowing ingress traffic from those VLANs on which egress traffic is permitted." ::= { hpicfUsrProfileStatsEntry 6} hpicfUsrProfileStatsPriorityRegenTable OBJECT-TYPE SYNTAX OCTET STRING(SIZE (8)) MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the IEEE 802 priority regeneration table active for this access profile. Syntax of octet string is same as for 'User-Priority-Table' RADIUS attribute as defined in RFC4675." ::= { hpicfUsrProfileStatsEntry 7} hpicfUsrProfileStatsMaxIngressBandwidth OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the maximum ingress bandwidth for this access profile. Bandwidth value is specified in Kbps." ::= { hpicfUsrProfileStatsEntry 8} hpicfUsrProfileStatsMaxEgressBandwidth OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the maximum egress bandwidth for this access profile. Bandwidth value is specified in Kbps." ::= { hpicfUsrProfileStatsEntry 9} hpicfUsrProfileStatsFilterListIndex OBJECT-TYPE SYNTAX Integer32(0..16384) MAX-ACCESS read-only STATUS current DESCRIPTION "A value of 0 indicates that no filter rule set is active for the user. A value between 1 and 16384 selects the active filter rule set from 'hpicfUsrProfileStatsFilterTable'." ::= { hpicfUsrProfileStatsEntry 10} hpicfUsrProfileStatsAccessMode OBJECT-TYPE SYNTAX INTEGER { snmp(1), dot8021x(2), webauth(3), macauth(4), webmacauth(5) } MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates whether profile was applied via SNMP or via RADIUS. Application by SNMP has precedence over RADIUS. Where there are no attribute conflicts, profile attributes may be a combination of those applied by both SNMP and RADIUS. In such case, the variable value will still be SNMP." ::= { hpicfUsrProfileStatsEntry 11} -- ########################################################## -- -- Conformance Information -- ########################################################## -- hpicfUsrProfileGroup OBJECT IDENTIFIER ::= { hpicfUsrProfileConformance 1 } hpicfUsrProfileCompliances OBJECT IDENTIFIER ::= { hpicfUsrProfileConformance 2 } -- ---------------------------------------------------------- -- -- units of conformance -- ---------------------------------------------------------- -- hpicfUsrProfileCapabilityGroup OBJECT-GROUP OBJECTS { hpicfUsrProfileCapabilityByPortMap, hpicfUsrProfileCapabilityByUserMap } STATUS current DESCRIPTION "A collection of objects providing device capability information for user access profiles." ::= { hpicfUsrProfileGroup 1 } hpicfUsrProfileConfigGroup OBJECT-GROUP OBJECTS { hpicfUsrProfileConfigFilterListRowStatus, hpicfUsrProfileFilterRuleIndex, hpicfUsrProfileConfigFilterRule, hpicfUsrProfileConfigFilterRuleRowStatus, hpicfUsrProfileConfigIndex, hpicfUsrProfileConfigPvid, hpicfUsrProfileConfigPvidEnable, hpicfUsrProfileConfigTaggedEgressVlanMap1k, hpicfUsrProfileConfigTaggedEgressVlanMap2k, hpicfUsrProfileConfigTaggedEgressVlanMap3k, hpicfUsrProfileConfigTaggedEgressVlanMap4k, hpicfUsrProfileConfigTaggedEgressVlanEnable, hpicfUsrProfileConfigIngressVlanFilterEnable, hpicfUsrProfileConfigPriorityRegenTable, hpicfUsrProfileConfigPriorityRegenTableEnable, hpicfUsrProfileConfigMaxIngressBandwidth, hpicfUsrProfileConfigMaxIngressBandwidthEnable, hpicfUsrProfileConfigMaxEgressBandwidth, hpicfUsrProfileConfigMaxEgressBandwidthEnable, hpicfUsrProfileConfigFilterListIndex, hpicfUsrProfileConfigFilterListEnable, hpicfUsrProfileConfigEntryRowStatus, hpicfUsrProfileConfigConflictResolveQoS, hpicfUsrProfileConfigConflictResolveMaxIngressBandwidth, hpicfUsrProfileConfigConflictResolveMaxEgressBandwidth, hpicfUsrProfileConfigNasRulesIpv6 } STATUS current DESCRIPTION "A collection of objects providing configuration of user access profiles." ::= { hpicfUsrProfileGroup 2 } hpicfUsrProfileStatsGroup OBJECT-GROUP OBJECTS { hpicfUsrProfileLastUpdate, hpicfUsrProfileStatsFilterRule, hpicfUsrProfileStatsFilterRuleHitCount, hpicfUsrProfileStatsFilterRuleHitCountEnabled, hpicfUsrProfileStatsPvid, hpicfUsrProfileStatsTaggedEgressVlanMap1k, hpicfUsrProfileStatsTaggedEgressVlanMap2k, hpicfUsrProfileStatsTaggedEgressVlanMap3k, hpicfUsrProfileStatsTaggedEgressVlanMap4k, hpicfUsrProfileStatsIngressVlanFilterEnable, hpicfUsrProfileStatsPriorityRegenTable, hpicfUsrProfileStatsMaxIngressBandwidth, hpicfUsrProfileStatsMaxEgressBandwidth, hpicfUsrProfileStatsFilterListIndex, hpicfUsrProfileStatsAccessMode } STATUS current DESCRIPTION "A collection of objects providing statistics of user access profiles." ::= { hpicfUsrProfileGroup 3 } -- ---------------------------------------------------------- -- -- Compliance statements -- ---------------------------------------------------------- -- hpicfUsrProfileCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for devices support of HP-USER-PROFILE-MIB." MODULE -- This Module MANDATORY-GROUPS { hpicfUsrProfileCapabilityGroup, hpicfUsrProfileConfigGroup, hpicfUsrProfileStatsGroup } ::= { hpicfUsrProfileCompliances 1 } END