--
-- Juniper Enterprise Specific MIB: PAE MIB Extension
--
-- Copyright (c) 2007, Juniper Networks, Inc.
-- All rights reserved.
--
-- The contents of this document are subject to change without notice.
--

JUNIPER-PAE-EXTENSION-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, Unsigned32
        FROM SNMPv2-SMI
   
    MacAddress, TruthValue, DisplayString
        FROM SNMPv2-TC
   
    InterfaceIndex  
   	FROM IF-MIB
   
   
    dot1xPaePortNumber
	FROM IEEE8021-PAE-MIB

    jnxExPaeExtension
	FROM JUNIPER-EX-SMI;

jnxPaeExtensionMIB MODULE-IDENTITY
    LAST-UPDATED "200706071000Z"
    ORGANIZATION "Juniper Networks, Inc."
    CONTACT-INFO
            "        Juniper Technical Assistance Center
                     Juniper Networks, Inc.
                     1194 N. Mathilda Avenue
                     Sunnyvale, CA 94089
                     E-mail: support@juniper.net"
    DESCRIPTION
            "This is Juniper Networks' implementation of enterprise
             specific MIB for IEEE802.1x PAE Extension MIB. This MIB 
	     Module supports Static MAC Authetication."
    ::= { jnxExPaeExtension 1 }

jnxPaeExtensionMIBNotification  OBJECT IDENTIFIER ::= { jnxPaeExtensionMIB 0 }
jnxPaeExtensionMIBObjects       OBJECT IDENTIFIER ::= { jnxPaeExtensionMIB 1 }

jnxAuthProfileName OBJECT-TYPE
    SYNTAX	DisplayString(SIZE(0..255))
    MAX-ACCESS	read-only
    STATUS	current
    DESCRIPTION
	"The Authentication Profile Name is given by this object. The access 
	profile with this name is already defined with the radius server ip 
	address, port and secret key."
   ::= { jnxPaeExtensionMIBObjects 1 }

-- The Authenticator Configuration Extension Table

jnxPaeAuthConfigTable OBJECT-TYPE
    SYNTAX 	SEQUENCE OF JnxPaeAuthConfigEntry
    MAX-ACCESS	not-accessible
    STATUS	current
    DESCRIPTION
	"A table that contains the configuration objects for the
        Authenticator PAE associated with each port."
    ::= { jnxPaeExtensionMIBObjects 2 }

jnxPaeAuthConfigEntry OBJECT-TYPE
    SYNTAX 	JnxPaeAuthConfigEntry
    MAX-ACCESS	not-accessible
    STATUS 	current
    DESCRIPTION
	"An Entry appears in the table for each PAE Authenticator 
	Port."
    INDEX { dot1xPaePortNumber }
    ::= { jnxPaeAuthConfigTable 1 }

JnxPaeAuthConfigEntry ::= 
    SEQUENCE {
	jnxPaeAuthConfigMacAuthStatus	TruthValue,
	jnxPaeAuthConfigGuestVlan	DisplayString,
	jnxPaeAuthConfigNumberRetries	Unsigned32
    }

jnxPaeAuthConfigMacAuthStatus OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current    
    DESCRIPTION
         "This object specifies whether MAC Authentication is enabled on the
         specified PAE port."
    ::= { jnxPaeAuthConfigEntry 1 }

jnxPaeAuthConfigGuestVlan OBJECT-TYPE
    SYNTAX	DisplayString (SIZE(0..255))
    MAX-ACCESS	read-only
    STATUS	current
    DESCRIPTION
	"This object specifies the Vlan to which the unauthenticated client 
	moves to. The Vlan should exist on the switch and is user cofigurable 
	per port."
    ::= { jnxPaeAuthConfigEntry 2 }

jnxPaeAuthConfigNumberRetries OBJECT-TYPE
    SYNTAX	Unsigned32
    MAX-ACCESS	read-only
    STATUS	current
    DESCRIPTION
	"This sets the number of failed authentications on an interface 
	before invoking the quiet period, during which no one can be 
	authenticated on that interface."
    ::= { jnxPaeAuthConfigEntry 3 }

--Static Mac list Authetication Bypass Table

jnxStaticMacAuthBypassTable OBJECT-TYPE
    SYNTAX	SEQUENCE OF JnxStaticMacAuthBypassEntry
    MAX-ACCESS	not-accessible
    STATUS	current
    DESCRIPTION
        "The static MAC list provides an authentication bypass mechanism for 
	clients connected to a port. The MAC address of the clients is first 
	checked in a local database which is a user specified static list of
	MAC addresses and if a match is found, the client is assumed to be 
	successfully authenticated and the port is opened up for it. 
	No further authentication is done for that client. 
	
	The VLAN that the client should be moved to or the interfaces on which
	the MAC address should be allowed from can also be optionally stored 
	in this table. This will enable devices like printers, which do not 
	support 802.1X, to be connected on 802.1X enabled ports. If a match is
	not found in the static list, 802.1X or MAC authentication is initiated.
	
	This table contains the static list of MAC addresses specified by the
	user." 
    ::= { jnxPaeExtensionMIBObjects 3 }

jnxStaticMacAuthBypassEntry OBJECT-TYPE
    SYNTAX	JnxStaticMacAuthBypassEntry
    MAX-ACCESS  not-accessible
    STATUS 	current
    DESCRIPTION
        "A table entry specifies the MacAddress of the client
	and the Vlan the client is to be moved." 
    INDEX { jnxStaticMacAddress }
    ::= { jnxStaticMacAuthBypassTable 1 }

JnxStaticMacAuthBypassEntry ::= 
    SEQUENCE {
        jnxStaticMacAddress	    MacAddress,
	jnxStaticMacVlanName        DisplayString
  }

jnxStaticMacAddress OBJECT-TYPE
    SYNTAX	MacAddress
    MAX-ACCESS	not-accessible
    STATUS	current
    DESCRIPTION
        "This object specifies the MAC Address of the client connected 
	to the particular PAE port."
    ::= { jnxStaticMacAuthBypassEntry 1 }

jnxStaticMacVlanName OBJECT-TYPE
    SYNTAX	DisplayString (SIZE(0..255))
    MAX-ACCESS	read-only
    STATUS	current
    DESCRIPTION
        "This object specifies the Vlan to which the client is 
	assigned to." 
    ::= { jnxStaticMacAuthBypassEntry 2 }

jnxStaticMacAuthBypassIfTable OBJECT-TYPE 
    SYNTAX	SEQUENCE OF JnxStaticMacAuthBypassIfEntry
    MAX-ACCESS	not-accessible
    STATUS	current
    DESCRIPTION
	"This table provides the list of interfaces on which each MAC 
	Address in the jnxStaticMacAuthBypassTable can be allowed from.
	If it is detected on any other interface, the authentication 
	is not bypassed."
    ::={ jnxPaeExtensionMIBObjects 4 }

jnxStaticMacAuthBypassIfEntry OBJECT-TYPE
    SYNTAX 	JnxStaticMacAuthBypassIfEntry
    MAX-ACCESS	not-accessible
    STATUS	current
    DESCRIPTION
        "For each MAC Address in the  jnxStaticMacAuthBypassTable an entry is 
	present in this table.It specifies the list of interfaces from which
        the specified MAC Address is allowed from."
   INDEX { jnxStaticMacAddress, jnxStaticMacIfIndex }
   ::= { jnxStaticMacAuthBypassIfTable 1 }

JnxStaticMacAuthBypassIfEntry ::=
    SEQUENCE {
	jnxStaticMacIfIndex 		InterfaceIndex
    }
   
jnxStaticMacIfIndex OBJECT-TYPE
    SYNTAX	InterfaceIndex
    MAX-ACCESS	read-only
    STATUS	current
    DESCRIPTION
	"This object specifies the list of interfaces from which the MAC Address
	is allowed from. If it is detected on any other interface, the  
	authentication is bypassed."
    ::= { jnxStaticMacAuthBypassIfEntry 1 }
 
END

