HP-USER-AUTH: View SNMP OID List / Download MIB

This MIB module contains the definitions of Managed Objects for various subsystems that perform user authentication. The subsystems under control by this MIB are: WebAuth - Web-based login authentication MacAuth - MAC address-based authentication CLI Password - CLI-based login authentication

This notification signifies that CLI password authentication has failed. Operational control of this notification is provided using hpicfUsrAuthCliNotifyEnable. Agents complying with hpicfUsrAuthCompliance6 always additionally include hpicfUsrAuthLastLoginStatus. They may include hpicfUsrAuthLastLoginNotifyAddrType and hpicfUsrAuthLastLoginNotifyAddr to identify the source of the login attempt. They may also include an instance of hpicfUsrAuthLastLoginGeneration. The hpicfUsrAuthLastLoginEntry index in this object may be used to retrieve other objects in the row that identify the target user of this login attempt. If this index is zero, then the login attempt was to an unknown username. The value of hpicfUsrAuthLastLoginGeneration supplied in the notification should be compared to the retrieved object value to ensure that the row has not changed since the notification was sent.

An hpicfUsrAuthPasswdChng notification signifies that the manager password has been changed. The value of hpicfUsrAuthCLIPasswdSet can be used to determine whether the password has been set or cleared by this action.

This notification indicates a failed Port Security (network access) authentication event.

For all ports running with web authentication enabled: Specifies the base address that should be used by the switch DHCP server for web-based authentication purposes.

For all ports running with web authentication enabled: Specifies the subnet mask to be used in conjunction with the DHCP base address when servicing DHCP requests. Allowable mask range is 255.255.240.0 (20) to 255.255.255.0 (24).

For all ports running with web authentication enabled: Specifies the DHCP lease length in seconds.

For all ports running with MAC authentication enabled: Specifies the MAC address format to use in the RADIUS access-request, as follows: 'noDelimiter' - Sends MAC address in aabbccddeeff format 'singleDash' - Sends MAC address in aabbcc-ddeeff format 'multiDash' - Sends MAC address in aa-bb-cc-dd-ee-ff format 'multiColon' - Sends MAC address in aa:bb:cc:dd:ee:ff format 'noDelimiterUppercase' - Sends MAC address in AABBCCDDEEFF format 'singleDashUppercase' - Sends MAC address in AABBCC-DDEEFF format 'multiDashUppercase' - Sends MAC address in AA-BB-CC-DD-EE-FF format 'multiColonUppercase' - Sends MAC address in AA:BB:CC:DD:EE:FF format The default value is noDelimiter(1). Enumeration: 'singleDashUppercase': 6, 'multiColonUppercase': 8, 'multiColon': 4, 'multiDash': 3, 'noDelimiter': 1, 'noDelimiterUppercase': 5, 'singleDash': 2, 'multiDashUppercase': 7.

The operational status of hpicfUsrAuthCliAuthFail notifications. The default value is 1 (Enabled). A value of 2 represents Disabled. Writing this object requires authentication, such as provided by SNMPv3. Enumeration: 'disabled': 2, 'enabled': 1.

The physical interface, network protocol, or other authentication type that is associated with this notification. Enumeration: 'sshPublicKey': 4, 'telnet': 2, 'portAccess': 6, 'other': 9, 'ssh': 3, 'serial': 1, 'webui': 5.

Indicates whether the CLI manager password is set. 1 indicates True while 2 indicates False.

The count of hpicfUsrAuthPasswdFail notifications sent by the hpicfUsrAuth entity to the SNMP entity. The actual count of notifications sent by SNMP may be lower due to rate limiting or configuration.

A count of CLI password change notifications sent from the Auth entity to the SNMP entity within the switch. This count may therefore differ from the count of notifications actually sent by the SNMP entity due to switch configuration (e.g., the value of hpicfUsrAuthNotifyEnable.)

The count of hpicfPortSecAuthFailure notifications sent by the hpicfUsrAuth entity to the SNMP entity. The actual count of notifications sent by SNMP may be lower due to rate limiting or configuration.

The MAC address supplied in the failed authentication request.

The port index of the failed authentication request.

The VLAN ID associated with the failed authentication request.

Provides operational control of hpicfPortSecAuthFailure notification. When enabled (1), the notification will be sent. When disabled (2), the notification will not be sent. Setting this object requires authentication, such as provided by SNMPv3. Enumeration: 'disabled': 2, 'enabled': 1.

Provides operational control of hpicfUsrAuthPasswdChng notification. When enabled (1), the notification will be sent. When disabled (2), the notification will not be sent. Setting this object requires authentication, such as provided by SNMPv3. Enumeration: 'disabled': 2, 'enabled': 1.

A table of the Enhanced Web Auth servers.

Addresses for an Enhanced Web Auth server.

Index into hpicfUsrAuthWMAEWAServerTable.

The type of Enhanced Web Auth Server Address.

The IP address of the Enhanced Web Auth Server. If set to 0.0.0.0 or URL not configured no Enhanced Web Auth Server will run.

The Enhanced Web Auth Server Path for the location of the Enhanced Web Auth Pages. If not configured the default path will be used.

This marks the row as active/inactive.

A table of the authentication Redirect Servers.

Attributes of an authentication Redirect Server.

Index into hpicfUsrAuthRedirectServerTable.

This object represents the authentication Redirect Server's complete URL for the location of the redirect server login or warning page. This value must begin with 'http://' or 'https://' and should include the DNS name, TCP port of the server if not 80 or SSL's 443, and the page path, if necessary.

This object indicates the status of this entry. Must NOT be active in order to modify some other column of this config entry.

If enabled, only the configured initial web page will be returned for all client requests. The enabled state would generally be used to simply display an informative warning message to failed macAuth clients. If disabled, all client/redirect-server http traffic will be permitted. Enumeration: 'disabled': 2, 'enabled': 1.

The time (in seconds) that a client will be left in the unauthorized authentication redirection state before being removed from the state tables, temporarily suspending further client/redirect-server http traffic. After state table removal, client is free to initiate authentication.

The total number of times clients fail authentication and initiate the authentication Redirect Server process since reboot. A single client can be counted multiple times.

Specifies the time in seconds, that the switch should remove the credentials. Reauthentication should take place with in small amount of time.

A table containing configuration/control variables indexed by port and client MAC.

The table entry provides the means by which a client on an authentication interface can be forced to reauthenticate.

Index of client interfaces.

Specifies the MAC address of the client.

The reauthentication control for this client on this authentication interface. Setting this attribute TRUE forces this authenticated client to reauthenticate. That is, the client is deauthenticated and must transmit traffic in order to trigger reauthentication. Setting this attribute FALSE has no effect.

This object represents the secret password value used by all MAC auth clients. The default value of password is NULL. The password if set(non NULL) will be used instead of MAC address while constructing Radius request packet. The current maximum length of password is 16.

Specifies the access denied mode that applies to the custom message embedded into the login failure page. The values: disabled (1) - the feature is disabled. custom (2) - use the string configured by administrator via CLI or SNMP. radius (3) - use the string in the 'reply-message' attribute of the received RADIUS response message. Enumeration: 'disabled': 1, 'radius': 3, 'custom': 2.

Text of the access denied message that will be embedded into the custom web auth login failure page. This message will only be used when the access denied mode is set to 'custom'. It can take up to 250 characters

This object specifies the total number of authenticated clients currently present in the switch. This does not include the clients which are under process of authentication.

The status of the failed login attempt. successful(1) is not currently used. failed(2) indicates a regular failure that did not cause user lockout. failedLockOut(3) indicates a failure that caused user lockout. lockedOut(4) indicates that the user was locked out before the attempt was made. tableFull(5) indicates lockout due to a full lockout table, likely an indication of a serious attack. Enumeration: 'successful': 1, 'unknown': 0, 'tableFull': 5, 'failedLockOut': 3, 'failed': 2, 'lockedOut': 4.

The type of IP address from which the user's most recent login attempt occurred. Unknown(0) indicates the console.

The IP address from which the user's most recent login attempt occurred.

Enable or disable LLDP data inclusion in client authentication, which, in addition to using the source MAC address of incoming packets, also uses client information in the LLDP payload to authenticate clients.

This object represents the encrypted format of password value stored in the object hpicfUsrAuthMacAuthPassword. This object may only be read or written when hpSwitchAuthenticationEncryptCredentialsMethod is set to a value other than none(0). This object should only be written with an encrypted key.

A table of system level information about Web- MAC-based authentication for each port in the switch.

The port number, operational mode and reauthentication control for each switch port.

The port number associated with this switch port.

Setting this attribute TRUE enables web-based authentication services. A value of FALSE disabled web-based authentication. This attribute cannot be set TRUE concurrently with hpicfUsrAuthMacAuthAdminStatus.

Setting this attribute TRUE enables MAC-based authentication services. A value of FALSE disabled MAC-based authentication. This attribute cannot be set TRUE concurrently with hpicfUsrAuthWebAuthAdminStatus.

The reauthentication control for this port. Setting this attribute TRUE forces all authenticated clients to reauthenticate themselves. Setting this attribute FALSE has no effect. This attribute always returns FALSE when read.

Setting this attribute TRUE enables Local MAC-based authentication services. A value of FALSE disabled MAC-based authentication. This attribute cannot be set TRUE concurrently with hpicfUsrAuthWebAuthAdminStatus.

Setting this attribute as TRUE enables lldp-bypass authentication. A value of FALSE disables lldp-bypass authentication. This attribute cannot be set to TRUE concurrently with MAC lockdown, MACsec, Trunk, Distributed Trunking and mesh port features. The lldp-bypass feature is limited only for Aruba-APs that send special LLDP TLVs.

A table that contains the configuration objects for Web-based Authentication associated with each port. An entry appears in this table for each port that may authenticate access to itself.

The configuration information for Web-based authentication.

The maximum number of authenticated clients to allow on the port.

Specifies whether client may roam across ports under web authentication control. Setting this attribute 'enabled'allows authenticated clients to roam to other ports under web authentication control (that also have this attribute set to 'enabled') without requiring a reauthentication. Setting this attribute 'disabled' disallows authenticated clients from roaming to other ports (regardless of that port's attribute value). The client has to reauthenticate, if it attempts to roam. Enumeration: 'disabled': 1, 'enabled': 2.

Specifies whether web-based authentication should use an SSL connection (i.e. https://) to switch to collect client credentials. Note: A valid certificate must be configured on switch before SSL connections are enabled. Enumeration: 'disabled': 1, 'enabled': 2.

Specifies the URL, to which an authenticated client should be redirected, after successful authentication.

Specifies the time, in seconds, that the switch should refrain from reattempting an authentication request for a client whose credentials were rejected.

Specifies the time, in seconds, that the switch should wait for an authentication reply to return before considering it as timed out.

Specifies the number of authentication requests that must time out before failing authentication.

Specifies the number of authentication requests that must fail (i.e. invalid credentials) before failing authentication.

Specifies the period, in seconds, at which an authenticated client will be considered unauthenticated for a lack of activity (i.e. traffic originating from client).

Specifies the period, in seconds, at which an authenticated client must reauthenticate. A value of 0 signifies that an authenticated client will never have to reauthenticate. When hpSwitchAutzUserRoleEnabled is true, this value will be superseded by the value of hpSwitchAutzUserRoleReauthPeriod from the client's assigned role.

Specifies the port VID (PVID) that should be used for an authenticated client. When hpSwitchAutzUserRoleEnabled is true, this value may be superseded by the value of hpSwitchAutzUserRoleVlanId or hpSwitchAutzUserRoleVlanName from the client's assigned role.

Specifies the port VID (PVID) that should be used for an unauthenticated client. When hpSwitchAutzUserRoleEnabled is true, this value may be superseded by the value of hpSwitchAutzUserRoleVlanId or hpSwitchAutzUserRoleVlanName from the role identified by hpSwitchAutzUserRoleInitialRoleName.

Specifies whether to cache client credentials or not. Setting this variable 'enabled' allows to cache authenticated clients credentials. Setting this variable 'disabled' disallows to cache authenticated clients credentials. Enumeration: 'disabled': 1, 'enabled': 2.

The value indicates the period in seconds, during which cached reauthentication is allowed on the port. If value is zero then the period of cached reauthentication is unlimited.

A table containing WebAuth configuration/control variables indexed by port and client MAC.

The table entry provides the means by which a WebAuth client on an authentication interface can be forced to reauthenticate.

Index of WebAuth client interfaces.

Specifies the MAC address of the client.

The reauthentication control for this client on this authentication interface. Setting this attribute TRUE forces this authenticated WebAuth client to reauthenticate. That is, the client is deauthenticated and must transmit traffic in order to trigger reauthentication. Setting this attribute FALSE has no effect.

A table that contains the configuration objects for Mac-based Authentication associated with each port. An entry appears in this table for each port that may authenticate access to itself.

The configuration information for Mac-based authentication.

The maximum number of authenticated clients to allow on the port.

Specifies whether client may roam across ports under web authentication control. Setting this attribute 'enabled'allows authenticated clients to roam to other ports under web authentication control (that also have this attribute set to 'enabled') without requiring a reauthentication. Setting this attribute 'disabled' disallows authenticated clients from roaming to other ports (regardless of that port's attribute value). The client has to reauthenticate, if it attempts to roam. Enumeration: 'disabled': 1, 'enabled': 2.

Specifies the time, in seconds, that the switch should refrain from reattempting an authentication request for a client whose credentials were rejected.

Specifies the time, in seconds, that the switch should wait for an authentication reply to return before considering it as timed out.

Specifies the number of authentication requests that must time out before failing authentication.

Specifies the period, in seconds, at which an authenticated client will be considered unauthenticated for a lack of activity (i.e. traffic originating from client).

Specifies the period, in seconds, at which an authenticated client must reauthenticate. A value of 0 signifies that an authenticated client will never have to reauthenticate. When hpSwitchAutzUserRoleEnabled is true, this value will be superseded by the value of hpSwitchAutzUserRoleReauthPeriod from the client's assigned role.

Specifies the port VID (PVID) that should be used for an authenticated client. When hpSwitchAutzUserRoleEnabled is true, this value may be superseded by the value of hpSwitchAutzUserRoleVlanId or hpSwitchAutzUserRoleVlanName from the client's assigned role.

Specifies the port VID (PVID) that should be used for an unauthenticated client. When hpSwitchAutzUserRoleEnabled is true, this value may be superseded by the value of hpSwitchAutzUserRoleVlanId or hpSwitchAutzUserRoleVlanName from the role identified by hpSwitchAutzUserRoleInitialRoleName.

The value indicates the period in seconds, during which cached reauthentication is allowed on the port. If value is zero then the period of cached reauthentication is unlimited.

Specifies the period, in seconds, at which an authenticated client must reauthenticate. A value of 0 signifies that an authenticated client will never have to reauthenticate.

This object provides information about the authentication mode of a specific port performing MAC authentication. In 'userBased' mode, the port performing MAC authentication will authenticate every client coming in the port; the port will change into 'portBased' mode when a client is authenticated on the port and is authorized to open its connecting switch port to all other clients (i.e., its client account on the RADIUS server is configured with VSA 'HP-Port-Auth-Mode-MA'). A port in portBased MAC authentication mode will grant access for any client coming in the port. Enumeration: 'userBased': 1, 'portBased': 2.

Enables MAC-Pinning on this port. Setting this attribute TRUE pins the authenticated MAC addresses to the Mac address table. Authenticated clients will not be de-authenticated even when clients are inactive throughout the logoff period.

Setting this attribute TRUE(1) allows access to Mac-based unauthorized clients by placing the port in unauthorized VLAN during reauthentication.

A table containing macAuth configuration/control variables indexed by port and client MAC.

The table entry provides the means by which a macAuth client on an authentication interface can be forced to reauthenticate.

Index of macAuth client interfaces.

Specifies the MAC address of the client.

The reauthentication control for this client on this authentication interface. Setting this attribute TRUE forces this authenticated macAuth client to reauthenticate. That is, the client is deauthenticated and must transmit traffic in order to trigger reauthentication. Setting this attribute FALSE has no effect.

A table that contains session statistic objects for each client (i.e. user) attempting to authenticate to a port with Web-authentication enabled. An entry appears in this table for each port in the switch.

The session statistics information for a port with Web-based authentication enabled. This shows the current values being collected for active sessions.

Specifies the MAC address of the client.

Specifies the username of the client.

Specifies the state of the client as follows: 'authenticated' - authenticated client 'unauthenticated' - unauthenticated client, waiting for credentials 'authenticating' - credentials have been sent for verification, waiting for response 'authReqRejectNoVlan' - credentials invalid; client does not have access to unauthenticated VLAN 'authReqRejectUnauthVlan' - credentials invalid; client does have access to unauthenticated VLAN 'authReqTimeoutNoVlan' - credentials could not be verified; client is still unauthenticated and does not have access to unauthenticated VLAN 'authReqTimeoutUnauthVlan' - credentials could not be verified; client is still unauthenticated, but has access to unauthenticated VLAN 'initialRole' - client is assigned the initial role 'initialRoleFailed' - initial role could not be applied; client does not have access to the network 'criticalAuth - client is authenticated on critical VLAN 'openAUth - client is authenticated on open auth VLAN Enumeration: 'authReqTimeoutUnauthVlan': 7, 'authenticated': 1, 'authReqTimeoutNoVlan': 6, 'authReqRejectNoVlan': 4, 'unauthenticated': 2, 'initialRoleFailed': 9, 'initialRole': 8, 'criticalAuth': 10, 'authReqRejectUnauthVlan': 5, 'openAuth': 11, 'authenticating': 3.

The duration, in seconds, a client has spent in the state specified by hpicfUsrAuthSessionState.

Specifies the PVID that the authenticated client is utilizing. If client is unauthenticated, this object has no meaning.

Specifies the PVID that the unauthenticated client is utilizing. If client is authenticated, this object has no meaning.

Specifies the RADIUS Server set session timeout for reauthentication of the user. When ST = 0, user gets reauthenticated at reauth-period secs, ST < 60 it is set to 60 secs and then user is reauthenticated, ST > 60 user is reauthenticated at ST secs.

When hpSwitchAutzUserRoleEnabled is true, specifies the user role of the client.

A table that contains session statistic objects for each client (i.e. user) attempting to authenticate to a port with MAC-authentication enabled. An entry appears in this table for each port in the switch.

The session statistics information for a port with Mac-based authentication enabled. This shows the current values being collected for active sessions.

Specifies the MAC address of the client.

Specifies the state of the client as follows: 'authenticated' - authenticated client 'unauthenticated' - unauthenticated client, waiting for credentials 'authenticating' - credentials have been sent for verification, waiting for response 'authReqRejectNoVlan' - credentials invalid; client does not have access to unauthenticated VLAN 'authReqRejectUnauthVlan - credentials invalid; client does have access to unauthenticated VLAN 'authReqTimeoutNoVlan' - credentials could not be verified; client is still unauthenticated and does not have access to unauthenticated VLAN 'authReqTimeoutUnauthVlan' - credentials could not be verified; client is still unauthenticated, but has access to unauthenticated VLAN 'initialRole' - client is assigned the initial role 'initialRoleFailed' - initial role could not be applied; client does not have access to the network 'criticalAuth - client is authenticated on critical VLAN 'openAUth - client is authenticated on open auth VLAN Enumeration: 'authReqTimeoutUnauthVlan': 7, 'authenticated': 1, 'authReqTimeoutNoVlan': 6, 'authReqRejectNoVlan': 4, 'unauthenticated': 2, 'initialRoleFailed': 9, 'initialRole': 8, 'criticalAuth': 10, 'authReqRejectUnauthVlan': 5, 'openAuth': 11, 'authenticating': 3.

The duration, in seconds, a client has spent in the state specified by hpicfUsrAuthSessionState.

Specifies the PVID that the authenticated client is utilizing. If client is unauthenticated, this object has no meaning.

Specifies the PVID that the unauthenticated client is utilizing. If client is authenticated, this object has no meaning.

Specifies the RADIUS Server set session timeout for reauthentication of the user. When ST = 0, user gets reauthenticated at reauth-period secs, ST < 60 it is set to 60 secs and then user is reauthenticated, ST > 60 user is reauthenticated at ST secs.

This object Specifies the number of authenticated client currently present on this port. This does not include the clients which are under process of authentication.

Specifies the username of the client.

When hpSwitchAutzUserRoleEnabled is true, specifies the user role of the client.

A collection of objects providing system information about, and control over, Web- and MAC-based authentication.

A collection of objects providing system level information about Web and MAC based authentication for each port in the switch.

A collection of objects providing configuration objects for Web-based authentication associated with each port.

A collection of objects providing configuration objects for MAC-based authentication associated with each port.

A collection of objects providing statistics about current sessions for Web-based authentication.

A collection of objects providing statistics about current sessions for MAC-based authentication.

A collection of objects providing configuration objects for Web-based authentication associated with each port.

A collection of objects providing configuration objects for MAC-based authentication associated with each port.

A collection of objects providing configuration objects for MAC-based authentication associated with each port.

A collection of objects for authentication Redirect Server.

A collection of objects for Enhanced Web Auth servers.

A collection of objects for Reauthentication settings .

A collection of objects providing RADIUS server set session timeout for MAC-based user reauthentication.

A collection of objects providing RADIUS server set session timeout for Web-based user reauthentication.

A collection of objects for viewing the most recent logins to the switch by users, and for deleting the table.

A collection of objects providing system level information about Web and MAC based authentication for each port in the switch.

A collection of objects providing configuration for the captive portal feature.

A collection of objects providing configuration for captive portal profiles.

A collection of objects providing statistics about current sessions for Web-based authentication.

A collection of objects providing statistics about current sessions for MAC-based authentication.

A collection of objects providing system level information about Web and MAC based authentication for each port in the switch.

A collection of objects providing configuration objects for MAC-based authentication associated with each port.

********* THIS COMPLIANCE IS DEPRECATED ********* The compliance statement for devices support of HP-USER-AUTH MIB.

The compliance statement for devices support of HP-USER-AUTH MIB.

The compliance statement for devices support of HP-USER-AUTH MIB.

The compliance statement for devices support of HP-USER-AUTH MIB.

The compliance statement for devices support of HP-USER-AUTH MIB.

The compliance statement for devices support of HP-USER-AUTH MIB.

The compliance statement for devices support of HP-USER-AUTH MIB.

The compliance statement for device support of HP-USER-AUTH MIB.

The compliance statement for device support of HP-USER-AUTH MIB.

The compliance statement for device support of HP-USER-AUTH MIB.

The compliance statement for device support of HP-USER-AUTH MIB.

The compliance statement for devices support of HP-USER-AUTH MIB.

The compliance statement for devices support of HP-USER-AUTH MIB.

The compliance statement for devices support of HP-USER-AUTH MIB.

The compliance statement for device support of HP-USER-AUTH MIB.

The compliance statement for devices support of HP-USER-AUTH MIB.

The compliance statement for device support of HP-USER-AUTH MIB.

A group of authorization notifications.

A group of notification data and configuration objects.

A group of notification data and configuration objects.

A group of Mac auth global configuration objects.

A group of Mac auth global configuration objects.

A group of web-auth access denied configuration objects.

Number of Mac authenticated client objects in the switch and port.

The current generation number of the rows in hpicfUsrAuthLastLoginTable. To obtain a consistent table view, first read this object, then enumerate the table (reading hpicfUsrAuthLastLoginGeneration last), discarding any rows with hpicfUsrAuthLastLoginGeneration greater than this value.

This table records, per-username, the most recent login and login attempts. A record is created by the switch upon the first successful login to a username, and updated upon each subsequent login or login attempt.

User last login table entry.

The index value which uniquely identifies a row in the user last-login table.

The user's login name.

The privilege level assigned to the user at the most recent login. Enumeration: 'operator': 1, 'superuser': 3, 'manager': 2.

The time of the user's most recent successful login.

The type of IP address from which the user's most recent successful login occurred. Unknown(0) indicates a console login.

The IP address from which the user's most recent successful login occurred.

The time of the user's most recent unsuccessful login attempt. This will be zero length if there have been no unsuccessful login attempts since the most recent successful login.

The count of the user's unsuccessful login attempts since the most recent successful login. This counter is reset to zero whenever hpicfUsrAuthLastLoginSuccTime changes.

The generation number of the objects in this row. This object should be tested after reading other objects in a row to ensure it has not changed from hpicfUsrAuthLastLoginCurrentGeneration, or from the value of hpicfUsrAuthLastLoginGeneration sent in an hpicfUsrAuthCLIAuthFail notification.

When set to true(1), all rows of the last-login table are deleted. Always reads as false(2).

Enable redirection to a captive portal server for additional client authentication. When enabled, clients will be redirected to a captive portal server for further authentication when the RADIUS response includes a redirect URL.

A shared secret used by the captive portal server to validate a redirected request. A read of this object always returns an empty string.

The encrypted form of the shared secret used by the captive portal server to validate a redirected request. This object should only be written with an encrypted password previously read from a compatible HP Networking device.

This table consists of the captive portal profiles configured on the switch. The size of this table is implementation specific.

A captive portal profile table entry.

The name of this profile. All printable ASCII characters are allowed except '.', ' ', and '~'.

The Row Status of this entry. To create a new entry, send an SNMP SET request with a RowStatus of 'createAndGo'. active - the entry is ready to use. notInService - not valid for this table. notReady - the entry is not fully configured. createAndGo - create a new entry. createAndWait - not valid for this table. delete - delete the entry. Entries of hpicfUsrAuthCaptivePortalProfileType 'predefined' cannot be deleted.

Indicates whether the corresponding profile is predefined or custom. Predefined profiles cannot be modified or deleted. Enumeration: 'predefined': 1, 'custom': 2.

The URL of the captive portal the user is redirected to for authentication. An empty value indicates the URL will be sent via the RADIUS VSA: HPE-CAPTIVE-PORTAL-URL(24)