1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
|
--
-- Juniper Enterprise Specific MIB: PAE MIB Extension
--
-- Copyright (c) 2007-2008, Juniper Networks, Inc.
-- All rights reserved.
--
-- The contents of this document are subject to change without notice.
--
JUNIPER-PAE-EXTENSION-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, Unsigned32
FROM SNMPv2-SMI
MacAddress, TruthValue, DisplayString
FROM SNMPv2-TC
InterfaceIndex
FROM IF-MIB
dot1xPaePortNumber
FROM IEEE8021-PAE-MIB
jnxExPaeExtension
FROM JUNIPER-EX-SMI;
jnxPaeExtensionMIB MODULE-IDENTITY
LAST-UPDATED "200706071000Z"
ORGANIZATION "Juniper Networks, Inc."
CONTACT-INFO
" Juniper Technical Assistance Center
Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, CA 94089
E-mail: support@juniper.net"
DESCRIPTION
"This is Juniper Networks' implementation of enterprise
specific MIB for IEEE802.1x PAE Extension MIB. This MIB
Module supports Static MAC Authetication."
::= { jnxExPaeExtension 1 }
jnxPaeExtensionMIBNotification OBJECT IDENTIFIER ::= { jnxPaeExtensionMIB 0 }
jnxPaeExtensionMIBObjects OBJECT IDENTIFIER ::= { jnxPaeExtensionMIB 1 }
jnxAuthProfileName OBJECT-TYPE
SYNTAX DisplayString(SIZE(0..255))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The Authentication Profile Name is given by this object. The access
profile with this name is already defined with the radius server ip
address, port and secret key."
::= { jnxPaeExtensionMIBObjects 1 }
-- The Authenticator Configuration Extension Table
jnxPaeAuthConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF JnxPaeAuthConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table that contains the configuration objects for the
Authenticator PAE associated with each port."
::= { jnxPaeExtensionMIBObjects 2 }
jnxPaeAuthConfigEntry OBJECT-TYPE
SYNTAX JnxPaeAuthConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An Entry appears in the table for each PAE Authenticator
Port."
INDEX { dot1xPaePortNumber }
::= { jnxPaeAuthConfigTable 1 }
JnxPaeAuthConfigEntry ::=
SEQUENCE {
jnxPaeAuthConfigMacAuthStatus TruthValue,
jnxPaeAuthConfigGuestVlan DisplayString,
jnxPaeAuthConfigNumberRetries Unsigned32,
jnxPaeAuthConfigSupplicantMode INTEGER,
jnxPaeAuthConfigMacRadius INTEGER,
jnxPaeAuthConfigMacRadiusRestrict INTEGER,
jnxPaeAuthConfigReAuthenticate TruthValue,
jnxPaeAuthConfigQuietPeriod Unsigned32,
jnxPaeAuthConfigMaxRequests Unsigned32,
jnxPaeAuthConfigClientsRejected DisplayString,
jnxPaeAuthConfigServerTimeout Unsigned32,
jnxPaeAuthConfigSuppTimeout Unsigned32,
jnxPaeAuthConfigTransmitPeriod Unsigned32
}
jnxPaeAuthConfigMacAuthStatus OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies whether MAC Authentication is enabled on the
specified PAE port."
::= { jnxPaeAuthConfigEntry 1 }
jnxPaeAuthConfigGuestVlan OBJECT-TYPE
SYNTAX DisplayString (SIZE(0..255))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the Vlan to which the unauthenticated client
moves to. The Vlan should exist on the switch and is user cofigurable
per port."
::= { jnxPaeAuthConfigEntry 2 }
jnxPaeAuthConfigNumberRetries OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This sets the number of failed authentications on an interface
before invoking the quiet period, during which no one can be
authenticated on that interface."
::= { jnxPaeAuthConfigEntry 3 }
jnxPaeAuthConfigSupplicantMode OBJECT-TYPE
SYNTAX INTEGER {
single(1),
single-secure(2),
multiple(3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the supplicant mode of MAC Authentication
enabled on the specified PAE port."
::= { jnxPaeAuthConfigEntry 4 }
jnxPaeAuthConfigMacRadius OBJECT-TYPE
SYNTAX INTEGER {
enable(1),
disable(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the Mac-Radius mode of MAC Authentication
enabled on the specified PAE port."
::= { jnxPaeAuthConfigEntry 5 }
jnxPaeAuthConfigMacRadiusRestrict OBJECT-TYPE
SYNTAX INTEGER {
enable(1),
disable(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the Mac-Radius mode of MAC Authentication
enabled on the specified PAE port."
::= { jnxPaeAuthConfigEntry 6 }
jnxPaeAuthConfigReAuthenticate OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies Re-Authentication is enabled or not on the
specified PAE port."
::= { jnxPaeAuthConfigEntry 7 }
jnxPaeAuthConfigQuietPeriod OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies Time to wait after an authentication
failure on the specified PAE port."
::= { jnxPaeAuthConfigEntry 8 }
jnxPaeAuthConfigMaxRequests OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies Number of EAPOL RequestIDs to send before
timing out on the specified PAE port."
::= { jnxPaeAuthConfigEntry 9 }
jnxPaeAuthConfigClientsRejected OBJECT-TYPE
SYNTAX DisplayString (SIZE (1..255))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies VLAN name or 802.1q tag for authentication
rejected clients on the specified PAE port."
::= { jnxPaeAuthConfigEntry 10 }
jnxPaeAuthConfigServerTimeout OBJECT-TYPE
SYNTAX Unsigned32(1..60)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies Authentication server timeout interval on the
specified PAE port."
::= { jnxPaeAuthConfigEntry 11 }
jnxPaeAuthConfigSuppTimeout OBJECT-TYPE
SYNTAX Unsigned32(1..60)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies Time to wait for a client response on the
specified PAE port."
::= { jnxPaeAuthConfigEntry 12 }
jnxPaeAuthConfigTransmitPeriod OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies Interval before retransmitting initial
EAPOL PDUs on the specified PAE port."
::= { jnxPaeAuthConfigEntry 13 }
--Static Mac list Authetication Bypass Table
jnxStaticMacAuthBypassTable OBJECT-TYPE
SYNTAX SEQUENCE OF JnxStaticMacAuthBypassEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The static MAC list provides an authentication bypass mechanism for
clients connected to a port. The MAC address of the clients is first
checked in a local database which is a user specified static list of
MAC addresses and if a match is found, the client is assumed to be
successfully authenticated and the port is opened up for it.
No further authentication is done for that client.
The VLAN that the client should be moved to or the interfaces on which
the MAC address should be allowed from can also be optionally stored
in this table. This will enable devices like printers, which do not
support 802.1X, to be connected on 802.1X enabled ports. If a match is
not found in the static list, 802.1X or MAC authentication is initiated.
This table contains the static list of MAC addresses specified by the
user."
::= { jnxPaeExtensionMIBObjects 3 }
jnxStaticMacAuthBypassEntry OBJECT-TYPE
SYNTAX JnxStaticMacAuthBypassEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table entry specifies the MacAddress of the client
and the Vlan the client is to be moved."
INDEX { jnxStaticMacAddress }
::= { jnxStaticMacAuthBypassTable 1 }
JnxStaticMacAuthBypassEntry ::=
SEQUENCE {
jnxStaticMacAddress MacAddress,
jnxStaticMacVlanName DisplayString
}
jnxStaticMacAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object specifies the MAC Address of the client connected
to the particular PAE port."
::= { jnxStaticMacAuthBypassEntry 1 }
jnxStaticMacVlanName OBJECT-TYPE
SYNTAX DisplayString (SIZE(0..255))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the Vlan to which the client is
assigned to."
::= { jnxStaticMacAuthBypassEntry 2 }
jnxStaticMacAuthBypassIfTable OBJECT-TYPE
SYNTAX SEQUENCE OF JnxStaticMacAuthBypassIfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table provides the list of interfaces on which each MAC
Address in the jnxStaticMacAuthBypassTable can be allowed from.
If it is detected on any other interface, the authentication
is not bypassed."
::={ jnxPaeExtensionMIBObjects 4 }
jnxStaticMacAuthBypassIfEntry OBJECT-TYPE
SYNTAX JnxStaticMacAuthBypassIfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"For each MAC Address in the jnxStaticMacAuthBypassTable an entry is
present in this table.It specifies the list of interfaces from which
the specified MAC Address is allowed from."
INDEX { jnxStaticMacAddress, jnxStaticMacIfIndex }
::= { jnxStaticMacAuthBypassIfTable 1 }
JnxStaticMacAuthBypassIfEntry ::=
SEQUENCE {
jnxStaticMacIfIndex InterfaceIndex
}
jnxStaticMacIfIndex OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the list of interfaces from which the MAC Address
is allowed from. If it is detected on any other interface, the
authentication is bypassed."
::= { jnxStaticMacAuthBypassIfEntry 1 }
END
|
