--
-- Juniper Enterprise Specific MIB: PAE MIB Extension
--
-- Copyright (c) 2007, Juniper Networks, Inc.
-- All rights reserved.
--
-- The contents of this document are subject to change without notice.
--JUNIPER-PAE-EXTENSION-MIB DEFINITIONS::=BEGINIMPORTSMODULE-IDENTITY,OBJECT-TYPE,Unsigned32FROM SNMPv2-SMI
MacAddress,TruthValue,DisplayString
FROM SNMPv2-TC
InterfaceIndexFROM IF-MIB
dot1xPaePortNumber
FROM IEEE8021-PAE-MIB
jnxExPaeExtension
FROM JUNIPER-EX-SMI;jnxPaeExtensionMIB MODULE-IDENTITYLAST-UPDATED"200706071000Z"ORGANIZATION"Juniper Networks, Inc."CONTACT-INFO" Juniper Technical Assistance Center
Juniper Networks, Inc.
1194 N. Mathilda Avenue
Sunnyvale, CA 94089
E-mail: support@juniper.net"DESCRIPTION"This is Juniper Networks' implementation of enterprise
specific MIB for IEEE802.1x PAE Extension MIB. This MIB
Module supports Static MAC Authetication."::={ jnxExPaeExtension 1}jnxPaeExtensionMIBNotification OBJECTIDENTIFIER::={ jnxPaeExtensionMIB 0}jnxPaeExtensionMIBObjects OBJECTIDENTIFIER::={ jnxPaeExtensionMIB 1}jnxAuthProfileName OBJECT-TYPESYNTAXDisplayString(SIZE(0..255))
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The Authentication Profile Name is given by this object. The access
profile with this name is already defined with the radius server ip
address, port and secret key."::={ jnxPaeExtensionMIBObjects 1}-- The Authenticator Configuration Extension TablejnxPaeAuthConfigTable OBJECT-TYPESYNTAXSEQUENCEOF JnxPaeAuthConfigEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"A table that contains the configuration objects for the
Authenticator PAE associated with each port."::={ jnxPaeExtensionMIBObjects 2}jnxPaeAuthConfigEntry OBJECT-TYPESYNTAX JnxPaeAuthConfigEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"An Entry appears in the table for each PAE Authenticator
Port."INDEX{ dot1xPaePortNumber }::={ jnxPaeAuthConfigTable 1}
JnxPaeAuthConfigEntry ::=SEQUENCE{
jnxPaeAuthConfigMacAuthStatus TruthValue,
jnxPaeAuthConfigGuestVlan DisplayString,
jnxPaeAuthConfigNumberRetries Unsigned32}jnxPaeAuthConfigMacAuthStatus OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object specifies whether MAC Authentication is enabled on the
specified PAE port."::={ jnxPaeAuthConfigEntry 1}jnxPaeAuthConfigGuestVlan OBJECT-TYPESYNTAXDisplayString(SIZE(0..255))MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object specifies the Vlan to which the unauthenticated client
moves to. The Vlan should exist on the switch and is user cofigurable
per port."::={ jnxPaeAuthConfigEntry 2}jnxPaeAuthConfigNumberRetries OBJECT-TYPE
SYNTAXUnsigned32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This sets the number of failed authentications on an interface
before invoking the quiet period, during which no one can be
authenticated on that interface."::={ jnxPaeAuthConfigEntry 3}--Static Mac list Authetication Bypass TablejnxStaticMacAuthBypassTable OBJECT-TYPESYNTAXSEQUENCEOF JnxStaticMacAuthBypassEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The static MAC list provides an authentication bypass mechanism for
clients connected to a port. The MAC address of the clients is first
checked in a local database which is a user specified static list of
MAC addresses and if a match is found, the client is assumed to be
successfully authenticated and the port is opened up for it.
No further authentication is done for that client.
The VLAN that the client should be moved to or the interfaces on which
the MAC address should be allowed from can also be optionally stored
in this table. This will enable devices like printers, which do not
support 802.1X, to be connected on 802.1X enabled ports. If a match is
not found in the static list, 802.1X or MAC authentication is initiated.
This table contains the static list of MAC addresses specified by the
user."::={ jnxPaeExtensionMIBObjects 3}jnxStaticMacAuthBypassEntry OBJECT-TYPESYNTAX JnxStaticMacAuthBypassEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"A table entry specifies the MacAddress of the client
and the Vlan the client is to be moved."INDEX{ jnxStaticMacAddress }::={ jnxStaticMacAuthBypassTable 1}
JnxStaticMacAuthBypassEntry ::=SEQUENCE{
jnxStaticMacAddress MacAddress,
jnxStaticMacVlanName DisplayString}jnxStaticMacAddress OBJECT-TYPESYNTAXMacAddressMAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This object specifies the MAC Address of the client connected
to the particular PAE port."::={ jnxStaticMacAuthBypassEntry 1}jnxStaticMacVlanName OBJECT-TYPESYNTAXDisplayString(SIZE(0..255))
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object specifies the Vlan to which the client is
assigned to."::={ jnxStaticMacAuthBypassEntry 2}jnxStaticMacAuthBypassIfTable OBJECT-TYPESYNTAXSEQUENCEOF JnxStaticMacAuthBypassIfEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This table provides the list of interfaces on which each MAC
Address in the jnxStaticMacAuthBypassTable can be allowed from.
If it is detected on any other interface, the authentication
is not bypassed."::={ jnxPaeExtensionMIBObjects 4}jnxStaticMacAuthBypassIfEntry OBJECT-TYPESYNTAX JnxStaticMacAuthBypassIfEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"For each MAC Address in the jnxStaticMacAuthBypassTable an entry is
present in this table.It specifies the list of interfaces from which
the specified MAC Address is allowed from."INDEX{ jnxStaticMacAddress, jnxStaticMacIfIndex }
::={ jnxStaticMacAuthBypassIfTable 1}
JnxStaticMacAuthBypassIfEntry ::=SEQUENCE{
jnxStaticMacIfIndex InterfaceIndex}jnxStaticMacIfIndex OBJECT-TYPESYNTAXInterfaceIndexMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object specifies the list of interfaces from which the MAC Address
is allowed from. If it is detected on any other interface, the
authentication is bypassed."::={ jnxStaticMacAuthBypassIfEntry 1}END