JUNIPER-SECURE-ACCESS-PORT-MIB

File: JUNIPER-SECURE-ACCESS-PORT-MIB.mib (14169 bytes)

Imported modules

SNMPv2-SMI SNMPv2-TC IF-MIB
JUNIPER-EX-SMI

Imported symbols

MODULE-IDENTITY OBJECT-TYPE Unsigned32
NOTIFICATION-TYPE Integer32 TruthValue
TEXTUAL-CONVENTION DisplayString ifIndex
jnxExSecureAccessPort

Defined Types

JnxMacLimitExceededAction  
One of the following action will be taken by the system on an interface, when the system detects the current learned number of MAC addresses in the forwarding table has exceeded the limit number of MAC address. none : No action will be taken. It means Mac limit is not enabled in the specified interface. drop : The notification will be generated when MAC limit is exceeded and also the MAC limit is enforced for the interface. The new address will not be learned in the entity and also the traffic with new address will not be flooded in the entity. The learning will be re-enabled in the interface if the number of MAC addresses falls below the limit. alarm : A notification will be generated if the Mac Limit is exceeded. shutdown : The notification will be generated as the Mac Limit is exceeded. The interface will be moved to blocked state, no traffic will be allowed in the entity. The traffic will be re-enabled in the interface if the number of MAC addresses falls below the limit.
TEXTUAL-CONVENTION    
  INTEGER none(1), drop(2), alarm(3), shutdown(4)  

JnxSecAccessPortVlanEntry  
SEQUENCE    
  jnxSecAccessVlanName DisplayString
  jnxSecAccessVlanDhcpSnoopStatus TruthValue
  jnxSecAccessVlanDAIStatus TruthValue

JnxSecAccessPortIfEntry  
SEQUENCE    
  jnxSecAccessdsIfTrustState TruthValue
  jnxSecAccessdsIfRateLimit Unsigned32
  jnxSecAccessIfMacLimit Unsigned32
  jnxSecAccessIfMacLimitExceed JnxMacLimitExceededAction
  jnxSecAccessIfIpSrcGuardStatus TruthValue
  jnxSecAccessIfMacSrcGuardStatus TruthValue

JnxStormCtlEntry  
SEQUENCE    
  jnxStormCtlIfTrafficType INTEGER
  jnxStormCtlRisingThreshold Integer32
  jnxStormCtlFallingThreshold Integer32
  jnxStormCtlAction INTEGER

Defined Values

jnxExSecureAccessPortMIB 1.3.6.1.4.1.2636.3.40.1.2.1
This is Juniper Networks' implementation of enterprise specific MIB for configuration of Secure Access Port feature. DHCP Snooping and Dynamic ARP Inspection are mechanisms to provide per interface security capabilities. This MIB Module is also used to control some layer 2 functions like MAC limiting. It also supports IP Source Guard, Mac Source Guard and Storm Control features.
MODULE-IDENTITY    

jnxSecAccessPortMIBNotifications 1.3.6.1.4.1.2636.3.40.1.2.1.0
OBJECT IDENTIFIER    

jnxSecAccessPortMIBObjects 1.3.6.1.4.1.2636.3.40.1.2.1.1
OBJECT IDENTIFIER    

jnxSecAccessPortVlanTable 1.3.6.1.4.1.2636.3.40.1.2.1.1.1
A table provides the mechanism to control DHCP Snooping and Dynamic ARP Inspection per VLAN. When a VLAN is created in a device supporting this table, a corresponding entry will be added to this table.
OBJECT-TYPE    
  SEQUENCE OF  
    JnxSecAccessPortVlanEntry

jnxSecAccessPortVlanEntry 1.3.6.1.4.1.2636.3.40.1.2.1.1.1.1
A row instance contains whether DHCP Snooping and Dynamic ARP Inspection at each existing VLAN is enabled or disabled.
OBJECT-TYPE    
  JnxSecAccessPortVlanEntry  

jnxSecAccessVlanName 1.3.6.1.4.1.2636.3.40.1.2.1.1.1.1.1
This object indicates the VLAN name on which Dhcp Snooping feature and Dynamic ARP Inspection is enabled.
OBJECT-TYPE    
  DisplayString Size(0..255)  

jnxSecAccessVlanDhcpSnoopStatus 1.3.6.1.4.1.2636.3.40.1.2.1.1.1.1.2
This object indicates whether Dhcp Snooping is enabled in this VLAN. If this object is 'true', Dhcp Snooping is enabled in the specified VLAN. If this object is 'false', Dhcp Snooping is disabled in the specified VLAN.
OBJECT-TYPE    
  TruthValue  

jnxSecAccessVlanDAIStatus 1.3.6.1.4.1.2636.3.40.1.2.1.1.1.1.3
This object indicates whether Dynamic ARP Inspection is enabled in this VLAN. If this object is 'true', Dynamic ARP Inspection is enabled. If this object is 'false', Dynamic ARP Inspection is disabled.
OBJECT-TYPE    
  TruthValue  

jnxSecAccessPortIfTable 1.3.6.1.4.1.2636.3.40.1.2.1.1.2
The table contains the trust state and rate limit of each interface for DHCP Snooping purpose. The table also contains information on MAC address limit feature for each interface capable of this feature. This table also specifies whether IP source guard and MAC source guard are enabled on each interface.
OBJECT-TYPE    
  SEQUENCE OF  
    JnxSecAccessPortIfEntry

jnxSecAccessPortIfEntry 1.3.6.1.4.1.2636.3.40.1.2.1.1.2.1
A table entry contains the trust state and rate limit of an interface, MAC address limit for that Interface. It also contains the action to be undertaken if MAC address limit is exceeded. A table entry specifies whether IP source guard and MAC source guard are enabled on the specified interface.
OBJECT-TYPE    
  JnxSecAccessPortIfEntry  

jnxSecAccessdsIfTrustState 1.3.6.1.4.1.2636.3.40.1.2.1.1.2.1.1
This object indicates whether the interface is trusted for DHCP Snooping purpose. If this object is 'true', the interface is trusted. DHCP packets coming to this interface will be forwarded without checking. If this object is 'false', the interface is not trusted. DHCP packets coming to this interface will be subjected to DHCP checks.
OBJECT-TYPE    
  TruthValue  

jnxSecAccessdsIfRateLimit 1.3.6.1.4.1.2636.3.40.1.2.1.1.2.1.2
This object indicates rate limit value for DHCP Snooping purpose. If the value of this object is 0, no rate limit is applied for DHCP traffic at this interface.
OBJECT-TYPE    
  Unsigned32  

jnxSecAccessIfMacLimit 1.3.6.1.4.1.2636.3.40.1.2.1.1.2.1.3
This object specifies the threshold limit for the number of MAC address entries on this interface. When the instance value of this object is set to 0, no threshold limit will be applied for this interfacew and the corresponding instance value of jnxIfMacLimitExceedAction of the same row has no effect.
OBJECT-TYPE    
  Unsigned32  

jnxSecAccessIfMacLimitExceed 1.3.6.1.4.1.2636.3.40.1.2.1.1.2.1.4
This object specifies the action to be taken by the system for this interface while the number of MAC addresses has exceeded the value of jnxIfMacLimit. This object value is only effective when the corresponding instance value of jnxIfMacLimit is not set to 0.
OBJECT-TYPE    
  JnxMacLimitExceededAction  

jnxSecAccessIfIpSrcGuardStatus 1.3.6.1.4.1.2636.3.40.1.2.1.1.2.1.5
This object indicates whether IP Source Guard is enabled on the specified interface. If this object is 'true', then IP Source Guard is enabled on the specified interface. If this object is 'false', then IP Source Guard is disabled on the specified interface.
OBJECT-TYPE    
  TruthValue  

jnxSecAccessIfMacSrcGuardStatus 1.3.6.1.4.1.2636.3.40.1.2.1.1.2.1.6
This object indicates whether Mac Source Guard is enabled on the specified interface. If this object is 'true', then Mac Source Guard is enabled on the specified interface. If this object is 'false', then IP Source Guard is disabled on the specified interface.
OBJECT-TYPE    
  TruthValue  

jnxStormCtlTable 1.3.6.1.4.1.2636.3.40.1.2.1.1.3
Storm control monitors each type of traffic level on an interface. If traffic level exceeds the threshold value(rising threshold), switch will drop all packets of that type until traffic level drops to the threshold level (falling threshold). If traffic rate for a particular type exceeds the rising threshold, action will be taken to shutdown or add configured filter on the port. This table describes the traffic type for each interface, the rising threshold, falling threshold and the action to be taken if the traffic exceeds the rising threshold.
OBJECT-TYPE    
  SEQUENCE OF  
    JnxStormCtlEntry

jnxStormCtlEntry 1.3.6.1.4.1.2636.3.40.1.2.1.1.3.1
An entry contains the interface index,traffic type for the interface, the rising threshold, falling threshold and the action to be taken if the traffic exceeds the rising threshold.
OBJECT-TYPE    
  JnxStormCtlEntry  

jnxStormCtlIfTrafficType 1.3.6.1.4.1.2636.3.40.1.2.1.1.3.1.1
This object specifies the traffic type on the particular interface. Value 1 specifies that it is broadcast traffic, value 2 specifies that it is multicast traffic and value 3 specifies that it is unicast traffic.
OBJECT-TYPE    
  INTEGER broadcast(1), multicast(2), unicast(3)  

jnxStormCtlRisingThreshold 1.3.6.1.4.1.2636.3.40.1.2.1.1.3.1.2
This object specifies the rising threshold value in packets per second. The storm control action is occurs when the traffic exceeds this threshold value.
OBJECT-TYPE    
  Integer32  

jnxStormCtlFallingThreshold 1.3.6.1.4.1.2636.3.40.1.2.1.1.3.1.3
This object specifies the falling threshold value in packets per second. The storm control action ceases when the traffic drops to this threshold value.
OBJECT-TYPE    
  Integer32  

jnxStormCtlAction 1.3.6.1.4.1.2636.3.40.1.2.1.1.3.1.4
This object specifies the action to be taken, when traffic exceeds rising threshold value. Value 1 specifies that the action taken is to shutdown the port. Value 2 specifies that the action taken is to apply a policy filter on the interface for the given packet type. Default is to shutdown(1) the port.
OBJECT-TYPE    
  INTEGER shutdown(1), filter(2)  

jnxSecAccessdsRateLimitCrossed 1.3.6.1.4.1.2636.3.40.1.2.1.0.1
A jnxdsRateLimitCrossed notification is generated when the number of DHCP packets from an untrusted interface exceeds jnxSecAccessdsIfRateLimit.
NOTIFICATION-TYPE    

jnxSecAccessIfMacLimitExceeded 1.3.6.1.4.1.2636.3.40.1.2.1.0.2
Notification is sent when the number of MAC addresses learnt by the interface has crossed the limit of MAC addresses(jnxSecAccessIfMacLimit) and if MAC Limit Exceeded Action(jnxSecAccessIfMacLimitExceed) is drop or alarm or shutdown.
NOTIFICATION-TYPE    

jnxStormEventNotification 1.3.6.1.4.1.2636.3.40.1.2.1.0.3
Notification is sent when the traffic in the interface exceeds rising threshold(jnxStormCtlRisingThreshold).
NOTIFICATION-TYPE