-- -- Juniper Enterprise Specific MIB: PAE MIB Extension -- -- Copyright (c) 2007, Juniper Networks, Inc. -- All rights reserved. -- -- The contents of this document are subject to change without notice. -- JUNIPER-PAE-EXTENSION-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32 FROM SNMPv2-SMI MacAddress, TruthValue, DisplayString FROM SNMPv2-TC InterfaceIndex FROM IF-MIB dot1xPaePortNumber FROM IEEE8021-PAE-MIB jnxExPaeExtension FROM JUNIPER-EX-SMI; jnxPaeExtensionMIB MODULE-IDENTITY LAST-UPDATED "200706071000Z" ORGANIZATION "Juniper Networks, Inc." CONTACT-INFO " Juniper Technical Assistance Center Juniper Networks, Inc. 1194 N. Mathilda Avenue Sunnyvale, CA 94089 E-mail: support@juniper.net" DESCRIPTION "This is Juniper Networks' implementation of enterprise specific MIB for IEEE802.1x PAE Extension MIB. This MIB Module supports Static MAC Authetication." ::= { jnxExPaeExtension 1 } jnxPaeExtensionMIBNotification OBJECT IDENTIFIER ::= { jnxPaeExtensionMIB 0 } jnxPaeExtensionMIBObjects OBJECT IDENTIFIER ::= { jnxPaeExtensionMIB 1 } jnxAuthProfileName OBJECT-TYPE SYNTAX DisplayString(SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The Authentication Profile Name is given by this object. The access profile with this name is already defined with the radius server ip address, port and secret key." ::= { jnxPaeExtensionMIBObjects 1 } -- The Authenticator Configuration Extension Table jnxPaeAuthConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF JnxPaeAuthConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains the configuration objects for the Authenticator PAE associated with each port." ::= { jnxPaeExtensionMIBObjects 2 } jnxPaeAuthConfigEntry OBJECT-TYPE SYNTAX JnxPaeAuthConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An Entry appears in the table for each PAE Authenticator Port." INDEX { dot1xPaePortNumber } ::= { jnxPaeAuthConfigTable 1 } JnxPaeAuthConfigEntry ::= SEQUENCE { jnxPaeAuthConfigMacAuthStatus TruthValue, jnxPaeAuthConfigGuestVlan DisplayString, jnxPaeAuthConfigNumberRetries Unsigned32 } jnxPaeAuthConfigMacAuthStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies whether MAC Authentication is enabled on the specified PAE port." ::= { jnxPaeAuthConfigEntry 1 } jnxPaeAuthConfigGuestVlan OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the Vlan to which the unauthenticated client moves to. The Vlan should exist on the switch and is user cofigurable per port." ::= { jnxPaeAuthConfigEntry 2 } jnxPaeAuthConfigNumberRetries OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "This sets the number of failed authentications on an interface before invoking the quiet period, during which no one can be authenticated on that interface." ::= { jnxPaeAuthConfigEntry 3 } --Static Mac list Authetication Bypass Table jnxStaticMacAuthBypassTable OBJECT-TYPE SYNTAX SEQUENCE OF JnxStaticMacAuthBypassEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The static MAC list provides an authentication bypass mechanism for clients connected to a port. The MAC address of the clients is first checked in a local database which is a user specified static list of MAC addresses and if a match is found, the client is assumed to be successfully authenticated and the port is opened up for it. No further authentication is done for that client. The VLAN that the client should be moved to or the interfaces on which the MAC address should be allowed from can also be optionally stored in this table. This will enable devices like printers, which do not support 802.1X, to be connected on 802.1X enabled ports. If a match is not found in the static list, 802.1X or MAC authentication is initiated. This table contains the static list of MAC addresses specified by the user." ::= { jnxPaeExtensionMIBObjects 3 } jnxStaticMacAuthBypassEntry OBJECT-TYPE SYNTAX JnxStaticMacAuthBypassEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table entry specifies the MacAddress of the client and the Vlan the client is to be moved." INDEX { jnxStaticMacAddress } ::= { jnxStaticMacAuthBypassTable 1 } JnxStaticMacAuthBypassEntry ::= SEQUENCE { jnxStaticMacAddress MacAddress, jnxStaticMacVlanName DisplayString } jnxStaticMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies the MAC Address of the client connected to the particular PAE port." ::= { jnxStaticMacAuthBypassEntry 1 } jnxStaticMacVlanName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the Vlan to which the client is assigned to." ::= { jnxStaticMacAuthBypassEntry 2 } jnxStaticMacAuthBypassIfTable OBJECT-TYPE SYNTAX SEQUENCE OF JnxStaticMacAuthBypassIfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table provides the list of interfaces on which each MAC Address in the jnxStaticMacAuthBypassTable can be allowed from. If it is detected on any other interface, the authentication is not bypassed." ::={ jnxPaeExtensionMIBObjects 4 } jnxStaticMacAuthBypassIfEntry OBJECT-TYPE SYNTAX JnxStaticMacAuthBypassIfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "For each MAC Address in the jnxStaticMacAuthBypassTable an entry is present in this table.It specifies the list of interfaces from which the specified MAC Address is allowed from." INDEX { jnxStaticMacAddress, jnxStaticMacIfIndex } ::= { jnxStaticMacAuthBypassIfTable 1 } JnxStaticMacAuthBypassIfEntry ::= SEQUENCE { jnxStaticMacIfIndex InterfaceIndex } jnxStaticMacIfIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the list of interfaces from which the MAC Address is allowed from. If it is detected on any other interface, the authentication is bypassed." ::= { jnxStaticMacAuthBypassIfEntry 1 } END