mib-jnx-pae-extension.txt

--
-- Juniper Enterprise Specific MIB: PAE MIB Extension
--
-- Copyright (c) 2007, Juniper Networks, Inc.
-- All rights reserved.
--
-- The contents of this document are subject to change without notice.
--

JUNIPER-PAE-EXTENSION-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, Unsigned32
        FROM SNMPv2-SMI
   
    MacAddress, TruthValue, DisplayString
        FROM SNMPv2-TC
   
    InterfaceIndex  
        FROM IF-MIB
   
   
    dot1xPaePortNumber
        FROM IEEE8021-PAE-MIB

    jnxExPaeExtension
        FROM JUNIPER-EX-SMI;

jnxPaeExtensionMIB MODULE-IDENTITY
    LAST-UPDATED "200706071000Z"
    ORGANIZATION "Juniper Networks, Inc."
    CONTACT-INFO
            "        Juniper Technical Assistance Center
                     Juniper Networks, Inc.
                     1194 N. Mathilda Avenue
                     Sunnyvale, CA 94089
                     E-mail: support@juniper.net"
    DESCRIPTION
            "This is Juniper Networks' implementation of enterprise
             specific MIB for IEEE802.1x PAE Extension MIB. This MIB 
             Module supports Static MAC Authetication."
    ::= { jnxExPaeExtension 1 }

jnxPaeExtensionMIBNotification  OBJECT IDENTIFIER ::= { jnxPaeExtensionMIB 0 }
jnxPaeExtensionMIBObjects       OBJECT IDENTIFIER ::= { jnxPaeExtensionMIB 1 }

jnxAuthProfileName OBJECT-TYPE
    SYNTAX      DisplayString(SIZE(0..255))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The Authentication Profile Name is given by this object. The access 
        profile with this name is already defined with the radius server ip 
        address, port and secret key."
   ::= { jnxPaeExtensionMIBObjects 1 }

-- The Authenticator Configuration Extension Table

jnxPaeAuthConfigTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF JnxPaeAuthConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table that contains the configuration objects for the
        Authenticator PAE associated with each port."
    ::= { jnxPaeExtensionMIBObjects 2 }

jnxPaeAuthConfigEntry OBJECT-TYPE
    SYNTAX      JnxPaeAuthConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An Entry appears in the table for each PAE Authenticator 
        Port."
    INDEX { dot1xPaePortNumber }
    ::= { jnxPaeAuthConfigTable 1 }

JnxPaeAuthConfigEntry ::= 
    SEQUENCE {
        jnxPaeAuthConfigMacAuthStatus   TruthValue,
        jnxPaeAuthConfigGuestVlan       DisplayString,
        jnxPaeAuthConfigNumberRetries   Unsigned32
    }

jnxPaeAuthConfigMacAuthStatus OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current    
    DESCRIPTION
         "This object specifies whether MAC Authentication is enabled on the
         specified PAE port."
    ::= { jnxPaeAuthConfigEntry 1 }

jnxPaeAuthConfigGuestVlan OBJECT-TYPE
    SYNTAX      DisplayString (SIZE(0..255))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This object specifies the Vlan to which the unauthenticated client 
        moves to. The Vlan should exist on the switch and is user cofigurable 
        per port."
    ::= { jnxPaeAuthConfigEntry 2 }

jnxPaeAuthConfigNumberRetries OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This sets the number of failed authentications on an interface 
        before invoking the quiet period, during which no one can be 
        authenticated on that interface."
    ::= { jnxPaeAuthConfigEntry 3 }

--Static Mac list Authetication Bypass Table

jnxStaticMacAuthBypassTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF JnxStaticMacAuthBypassEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The static MAC list provides an authentication bypass mechanism for 
        clients connected to a port. The MAC address of the clients is first 
        checked in a local database which is a user specified static list of
        MAC addresses and if a match is found, the client is assumed to be 
        successfully authenticated and the port is opened up for it. 
        No further authentication is done for that client. 
        
        The VLAN that the client should be moved to or the interfaces on which
        the MAC address should be allowed from can also be optionally stored 
        in this table. This will enable devices like printers, which do not 
        support 802.1X, to be connected on 802.1X enabled ports. If a match is
        not found in the static list, 802.1X or MAC authentication is initiated.
        
        This table contains the static list of MAC addresses specified by the
        user." 
    ::= { jnxPaeExtensionMIBObjects 3 }

jnxStaticMacAuthBypassEntry OBJECT-TYPE
    SYNTAX      JnxStaticMacAuthBypassEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table entry specifies the MacAddress of the client
        and the Vlan the client is to be moved." 
    INDEX { jnxStaticMacAddress }
    ::= { jnxStaticMacAuthBypassTable 1 }

JnxStaticMacAuthBypassEntry ::= 
    SEQUENCE {
        jnxStaticMacAddress         MacAddress,
        jnxStaticMacVlanName        DisplayString
  }

jnxStaticMacAddress OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This object specifies the MAC Address of the client connected 
        to the particular PAE port."
    ::= { jnxStaticMacAuthBypassEntry 1 }

jnxStaticMacVlanName OBJECT-TYPE
    SYNTAX      DisplayString (SIZE(0..255))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This object specifies the Vlan to which the client is 
        assigned to." 
    ::= { jnxStaticMacAuthBypassEntry 2 }

jnxStaticMacAuthBypassIfTable OBJECT-TYPE 
    SYNTAX      SEQUENCE OF JnxStaticMacAuthBypassIfEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This table provides the list of interfaces on which each MAC 
        Address in the jnxStaticMacAuthBypassTable can be allowed from.
        If it is detected on any other interface, the authentication 
        is not bypassed."
    ::={ jnxPaeExtensionMIBObjects 4 }

jnxStaticMacAuthBypassIfEntry OBJECT-TYPE
    SYNTAX      JnxStaticMacAuthBypassIfEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "For each MAC Address in the  jnxStaticMacAuthBypassTable an entry is 
        present in this table.It specifies the list of interfaces from which
        the specified MAC Address is allowed from."
   INDEX { jnxStaticMacAddress, jnxStaticMacIfIndex }
   ::= { jnxStaticMacAuthBypassIfTable 1 }

JnxStaticMacAuthBypassIfEntry ::=
    SEQUENCE {
        jnxStaticMacIfIndex             InterfaceIndex
    }
   
jnxStaticMacIfIndex OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This object specifies the list of interfaces from which the MAC Address
        is allowed from. If it is detected on any other interface, the  
        authentication is bypassed."
    ::= { jnxStaticMacAuthBypassIfEntry 1 }
 
END
OID .1.3.6.1.4.1.2636.3.40.1.3.1OID .1.3.6.1.4.1.2636.3.40.1.3.1.0OID .1.3.6.1.4.1.2636.3.40.1.3.1.1OID .1.3.6.1.4.1.2636.3.40.1.3.1.1.1OID .1.3.6.1.4.1.2636.3.40.1.3.1.1.2OID .1.3.6.1.4.1.2636.3.40.1.3.1.1.2.1OID .1.3.6.1.4.1.2636.3.40.1.3.1.1.2.1.1OID .1.3.6.1.4.1.2636.3.40.1.3.1.1.2.1.2OID .1.3.6.1.4.1.2636.3.40.1.3.1.1.2.1.3OID .1.3.6.1.4.1.2636.3.40.1.3.1.1.3OID .1.3.6.1.4.1.2636.3.40.1.3.1.1.3.1OID .1.3.6.1.4.1.2636.3.40.1.3.1.1.3.1.1OID .1.3.6.1.4.1.2636.3.40.1.3.1.1.3.1.2OID .1.3.6.1.4.1.2636.3.40.1.3.1.1.4OID .1.3.6.1.4.1.2636.3.40.1.3.1.1.4.1OID .1.3.6.1.4.1.2636.3.40.1.3.1.1.4.1.1