RUCKUS-AUTH-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Integer32, Counter32, Unsigned32, Counter64, NOTIFICATION-TYPE FROM SNMPv2-SMI -- [RFC2578] ifIndex, InterfaceIndex, InterfaceIndexOrZero FROM IF-MIB -- [RFC2863] DisplayString, MacAddress, TruthValue, RowStatus, TEXTUAL-CONVENTION FROM SNMPv2-TC -- [RFC2579] InetAddressType, InetAddress FROM INET-ADDRESS-MIB -- [RFC4001] EnabledStatus FROM P-BRIDGE-MIB MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF snSwitch FROM FOUNDRY-SN-SWITCH-GROUP-MIB; ruckusAuthMIB MODULE-IDENTITY LAST-UPDATED "202004170000Z" -- Apr 17, 2020 ORGANIZATION "Ruckus Wireless, Inc." CONTACT-INFO "Technical Support Center 350 West Java Drive, Sunnyvale, CA 94089, USA Support URL: https://support.ruckuswireless.com Phone: +1-855-782-5871 ROW TF Numbers: https://support.ruckuswireless.com/contact-us" DESCRIPTION "Management Information for configuration/querying of Flexible authentication which consists of 802.1X, MAC-Auth and Web-Auth. It is grouped into five MIBs - 1. Global level Auth configuration 2. Global level Dot1x configuration 3. Global level MacAuth configuration 4. Global level WebAuth configuration 5. Port level Auth configuration 6. Auth Session information 7. Auth Session Stats information 8. Dot1x Auth Session Stats information Copyright 1996-2019 Ruckus Wireless, Inc. All rights reserved. This Ruckus Wireless, Inc SNMP MIB Specification embodies Ruckus Wireless, Inc' confidential and proprietary intellectual property. Ruckus Wireless, Inc retains all title and ownership in the Specification, including any revisions. This Specification is supplied AS IS, and Ruckus Wireless, Inc makes no warranty, either express or implied, as to the use, operation, condition, or performance of the specification, and any unintended consequence it may on the user environment." REVISION "202004170000Z" DESCRIPTION "Initial Version" ::= { snSwitch 44 } ruckusAuthNotification OBJECT IDENTIFIER ::= { ruckusAuthMIB 0 } ruckusAuthObjects OBJECT IDENTIFIER ::= { ruckusAuthMIB 1 } ruckusAuthConformance OBJECT IDENTIFIER ::= { ruckusAuthMIB 2 } -- ------------------------------------------------------------- -- Textual Conventions -- ------------------------------------------------------------- VlanId ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "An ID used to represent VLAN identifier in the system for both untagged and tagged VLANs packets). When an object is not configured, this could be 0." SYNTAX INTEGER (0 | 1..4094) Dot1xAuthState ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The authenticator(PAE) state machine values as described below. other(1): Anything other than following states initialize(2): PAE state machine is being initialized disconnected(3): Explicit logoff request is received from the supplicant, or the number of permissible reauth attempts are exceeded connecting(4): Attempting to establish communication with Supplicant authenticating(5): Supplicant is being authenticated authenticated(6): The Authenticator has successfully authenticated the Supplicant. aborting(7): The authentication process is aborted for reasons like receipt of reauth request, an EAPOL-Start frame, an EAPOL-Logoff frame, or authentication timeout held(8): This state is entered from 'authenticating' state following authentication failure. When quietWhile timer expires, the state machine moves 'connecting' state. In this state, all EAPOL packets are ignored and discarded, so as to prevent brute force attacks. forceAuth(9): Port is set to Authorized state, so an EAP Success packet is sent to the Supplicant forceUnauth(10): Port is set to Unauthorized state, and an EAP Failure packet is sent to the Supplicant. When EAP-Start messages are received from the Supplicant, the state is re-entered and subsequent EAP Failure mssages are sent." SYNTAX INTEGER { other(1), initialize(2), disconnected(3), connecting(4), authenticating(5), authenticated(6), aborting(7), held(8), forceAuth(9), forceUnauth(10) } RuckusAuthMode ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Describes the authentication modes supported with Ruckus FlexAuth implementation. singleUntagged(1): multiple clients are allowed, but all must belong to one VLAN multipleUntagged(2): multiple clients are allowed and each client can belong to different VLAN singleHost(3): only one host is allowed and phones are allowed without authentication multipleHosts(4): multiple hosts are allowed, but all the hosts are authorized automatically after the first host is authenticated This mode can be set globally level and also at port level if some some ports like to have different auth-mode than globally configured mode." SYNTAX INTEGER { singleUntagged(1), multipleUntagged(2), singleHost(3), multipleHosts(4) } RuckusAuthOrder ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Describes which authentication methods to be attempted in series of methods. Subsequent methods are tried depending on the outcome of the previous method and several rules are defined which are not explined here. dot1xMauth(1): IEEE 802.1X protocol (typically used for PCs, workstations) followed by MAC-Auth method mauthDot1x(2): MAC-Auth which uses MAC address user-name (typically used for phones, fax m/cs, APs, switches) followed by DOt1x method This order of methods can be set globally and also at port level if some some ports like to have different auth-method order than globally configured." SYNTAX INTEGER { dot1xMauth(1), mauthDot1x(2) } RuckusAuthFailAction ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Describes the action to be taken, when the clients fail the authentication. blockTraffic(1): Clients are blocked access to the network restrictVlan(2): Clients are placed in the configured restrict VLAN, so they have limited access." SYNTAX INTEGER { blockTraffic(1), restrictVlan(2) } RuckusAuthTimeoutAction ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Describes the action to be taken, when the authenticator times out for various readons like server busy, network access, etc. failure(1): The action taken is specified by the ruckusAuthFailAction object success(2): Clients are allowed access to the network in the default VLAN criticalVlan(3): Clients are placed in the configured critical VLAN, so they have limited access. other(4): Authentication keeps happening in a loop." SYNTAX INTEGER { failure(1), success(2), criticalVlan(3), other(4) } RuckusAuthAging ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Describes, if denied and permitted sessions are enabled or disabled for aging. A bit field of '1' indicates enabled, otherwise disabled." SYNTAX BITS { deniedSessions(0), permittedSessions(1) } -- ------------------------------------------------------------ -- Groups in the FlexAuth MIB -- ------------------------------------------------------------ ruckusAuthConfig OBJECT IDENTIFIER ::= { ruckusAuthObjects 1 } ruckusDot1xAuthConfig OBJECT IDENTIFIER ::= { ruckusAuthObjects 2 } ruckusMacAuthConfig OBJECT IDENTIFIER ::= { ruckusAuthObjects 3 } ruckusWebAuthConfig OBJECT IDENTIFIER ::= { ruckusAuthObjects 4 } ruckusAuthPortConfig OBJECT IDENTIFIER ::= { ruckusAuthObjects 5 } ruckusAuthFilterConfig OBJECT IDENTIFIER ::= { ruckusAuthObjects 6 } ruckusAuthSessions OBJECT IDENTIFIER ::= { ruckusAuthObjects 7 } ruckusAuthStatistics OBJECT IDENTIFIER ::= { ruckusAuthObjects 8 } -- ------------------------------------------------------------ -- FlexAuth Global Configuration -- This applies to Dot1x and MAC authentication also -- ------------------------------------------------------------ ruckusAuthDefaultVlan OBJECT-TYPE SYNTAX VlanId MAX-ACCESS read-only STATUS current DESCRIPTION "This default VLAN is used to place all the FlexAuth enabled ports, so this VLAN acts as a VLAN for the clients to belong to, when authentication server doesn't assign any VLANs. A value of zero for this object indicates no default Vlan configured for this Ruckus device." ::= { ruckusAuthConfig 1 } ruckusAuthVoiceVlan OBJECT-TYPE SYNTAX VlanId MAX-ACCESS read-only STATUS current DESCRIPTION "This voice VLAN is used to advertise through LLDP/CDP on the ports, when connected devices are detected as Phones and authentication server doesn't assign any Voice VLAN. A value of zero for this object indicates no Voice Vlan configured for this Ruckus device." ::= { ruckusAuthConfig 2 } ruckusAuthCriticalVlan OBJECT-TYPE SYNTAX VlanId MAX-ACCESS read-only STATUS current DESCRIPTION "This VLAN is used to place the clients, when the authentication server times out and the timeout action is configired as 'critical', so the clients have limited access. Refer to ruckusAuthTimeoutAction object for timeout-action choices. A value of zero for this object indicates no Critical Vlan configured for this Ruckus device." ::= { ruckusAuthConfig 3 } ruckusAuthRestrictVlan OBJECT-TYPE SYNTAX VlanId MAX-ACCESS read-only STATUS current DESCRIPTION "This VLAN is used to place the clients, when the clients fail the authentication and the failure action is configured as 'restrict', so the clients have limited access. Refer to ruckusAuthFailAction object for fail-action choices. A value of zero for this object indicates no Restrict Vlan configured for this Ruckus device." ::= { ruckusAuthConfig 4 } ruckusAuthEnable OBJECT-TYPE SYNTAX BITS { dot1x(0), macAuth(1) } MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies, which authentication methods are enabled globally. Unless the method is enabled globally, the same can't be enabled at port level. A bit field of '1' indicates enabled, otherwise disabled." ::= { ruckusAuthConfig 5 } ruckusAuthMode OBJECT-TYPE SYNTAX RuckusAuthMode MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the authentication mode for all the FlexAuth enabled ports." DEFVAL { singleUntagged } ::= { ruckusAuthConfig 6 } ruckusAuthMethods OBJECT-TYPE SYNTAX RuckusAuthOrder MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies which authentication methods to be attempted in series of methods for all FlexAuth enabled ports." DEFVAL { dot1xMauth } ::= { ruckusAuthConfig 7 } ruckusAuthMaxSessions OBJECT-TYPE SYNTAX Unsigned32 (1..1024) MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the maximum number of authenticated clients allowed on a port. This doesn't include the clients allowed due to authentication failure and timeout policies." DEFVAL { 2 } ::= { ruckusAuthConfig 8 } ruckusAuthFailAction OBJECT-TYPE SYNTAX RuckusAuthFailAction MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the action to be taken, when the clients fail the authentication." DEFVAL { blockTraffic } ::= { ruckusAuthConfig 9 } ruckusAuthTimeoutAction OBJECT-TYPE SYNTAX RuckusAuthTimeoutAction MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the action to be taken, when the authentication server times out." DEFVAL { other } ::= { ruckusAuthConfig 10 } ruckusAuthReauthEnable OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-only STATUS current DESCRIPTION "The reauthentication control for all the FlexAuth enabled ports. Setting this object to 'enabled' causes every FlexAuth enabled port to reauthenticate the devices connecting to the port, after every period of time specified by the object ruckusAuthReauthPeriod. Setting this object to 'disabled' disables the reauthentication." DEFVAL { disabled } ::= { ruckusAuthConfig 11 } ruckusAuthReauthPeriod OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "How often to re-authenticates clients, when periodic re-authentication is enabled." DEFVAL { 3600 } ::= { ruckusAuthConfig 12 } ruckusAuthReauthTimeout OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "How often to re-authenticates clients, when the clients were allowed due to authentication server timeout. Value of 0 disables the re-authentication." DEFVAL { 300 } ::= { ruckusAuthConfig 13 } ruckusAuthIdleTimeout OBJECT-TYPE SYNTAX Unsigned32 (1..65535) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the time to keep the sessions in the Ruckus device, after the inactivity detection time expired in the hardware. If the clients start the traffic in this time, they need not authenticate again, otherwise they would have to authenticate, once the session gets deleted. This can be set from authentication server for each client and value of 0 is allowed to disable the aging." DEFVAL { 120 } ::= { ruckusAuthConfig 14 } ruckusAuthDeniedTimeout OBJECT-TYPE SYNTAX Unsigned32 (1..65535) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the time to keep the denied sessions in the Ruckus device for the clients which are blocked as they failed authentication. When the clients start the traffic again, they will be authenticated." DEFVAL { 70 } ::= { ruckusAuthConfig 15 } ruckusAuthAging OBJECT-TYPE SYNTAX RuckusAuthAging MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies, if denied and permitted sessions are enabled or disabled for aging. Aging is enabled by default." ::= { ruckusAuthConfig 16 } ruckusAuthDefaultV4IngressAcl OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the default User Access List (ACL) applied in the Ingress direction for the IPv4 traffic for sessins when ACLs are not dynamically assigned through RADIUS." ::= { ruckusAuthConfig 17 } ruckusAuthDefaultV4EgressAcl OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the default User Access List (ACL) applied in the Egress direction for the IPv4 traffic for sessins when ACLs are not dynamically assigned through RADIUS." ::= { ruckusAuthConfig 18 } ruckusAuthDefaultV6IngressAcl OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the default User Access List (ACL) applied in the Ingress direction for the IPv6 traffic for sessins when ACLs are not dynamically assigned through RADIUS." ::= { ruckusAuthConfig 19 } ruckusAuthDefaultV6EgressAcl OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the default User Access List (ACL) applied in the Egress direction for the IPv6 traffic for sessins when ACLs are not dynamically assigned through RADIUS." ::= { ruckusAuthConfig 20 } -- ------------------------------------------------------------ -- FlexAuth Dot1X Configuration -- This applies only to Dot1X authentication -- ------------------------------------------------------------ ruckusDot1xQuietPeriod OBJECT-TYPE SYNTAX Unsigned32 (0..4294967295) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "When the Ruckus device is unable to authenticate the Client, the amount of time the Ruckus device waits before trying again." DEFVAL { 60 } ::= { ruckusDot1xAuthConfig 1 } ruckusDot1xTxPeriod OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "When a Client does not send back an EAP(Extensible Authentication Protocol)- response/identity frame, the amount of time the Ruckus device waits before retransmitting the EAP-request/identity frame to the Client." DEFVAL { 30 } ::= { ruckusDot1xAuthConfig 2 } ruckusDot1xSuppTimeout OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "When a supplicant (Client) does not respond to an EAP-request frame, the amount of time before the Ruckus device retransmits the frame." DEFVAL { 30 } ::= { ruckusDot1xAuthConfig 3 } ruckusDot1xMaxReq OBJECT-TYPE SYNTAX Unsigned32 (1..10) MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times the Ruckus device retransmits an EAP-request/identity request frame if it does not receive an EAP-response/identity response frame from the Client." DEFVAL { 2 } ::= { ruckusDot1xAuthConfig 4 } ruckusDot1xMaxReauthReq OBJECT-TYPE SYNTAX Unsigned32 (1..10) MAX-ACCESS read-only STATUS current DESCRIPTION "The number of re-authentication attempts that are permitted before the port becomes Unauthorized." DEFVAL { 2 } ::= { ruckusDot1xAuthConfig 5 } ruckusDot1xGuestVlan OBJECT-TYPE SYNTAX VlanId MAX-ACCESS read-only STATUS current DESCRIPTION "This VLAN is used to place the clients, when the supplicant/client times out as it's not capable of IEEE-802.1X authentication protocol. A value of zero for this object indicates no Guest Vlan configured for the interface." ::= { ruckusDot1xAuthConfig 6 } ruckusDot1xMacAuthOverride OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies if the MAC-Authentication should be tried next when a client fails authentication with Dot1x authentication method. This may be required when devices are Dot1x capable, but authentication server is not configured with user profiles, instead it's configured with device profiles, so MAC-Authentication can succeed." DEFVAL { disabled } ::= { ruckusDot1xAuthConfig 7 } -- ------------------------------------------------------------ -- FlexAuth MAC-Auth Configuration -- This applies only to MAC authentication -- ------------------------------------------------------------ ruckusMacAuthPasswordFormat OBJECT-TYPE SYNTAX INTEGER { dashFormat(1), colonFormat(2), dotFormat(3), normalFormat(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the format to be used for MAC address, which is used as credential in MAC-authentication. As MAC addresses are represented in different formats, all such formats are supported as given in options above. dashFormat(1): username/password gets formatted as xx-xx-xx-xx-xx-xx colonFormat(2): username/password gets formatted as xx:xx:xx:xx:xxxx dotFormat(3): username/password gets formatted as xxxx.xxxx.xxxx normalFormat(4):username/password gets formatted as xxxxxxxxxxxx" DEFVAL { normalFormat } ::= { ruckusMacAuthConfig 1 } ruckusMacAuthPasswordOverride OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the password to be used for all MAC- authentication clients. This is normally of 0 length string, which means the client MAC address is used as the password." ::= { ruckusMacAuthConfig 2 } ruckusMacAuthDot1xOverride OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies if the Dot1x should be tried next when a client fails authentication with MAC-Authentication method. This may be required when devices are Dot1x capable, authentication order is MAC-Auth followed by Dot1x, and authentication server is not configured with device profiles, instead it's configured with user profiles, so Dot1x can succeed." DEFVAL { disabled } ::= { ruckusMacAuthConfig 3 } ruckusMacAuthDot1xEnable OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies if the Dot1x should be tried next when a client succeeds authentication with MAC-Authentication method. This may be required when devices are not Dot1x capable, authentication order is MAC-Auth followed by Dot1x, and authentication server is not configured with user profiles, instead it's configured with device profiles, so MAC-Auth can succeed." DEFVAL { enabled } ::= { ruckusMacAuthConfig 4 } -- ------------------------------------------------------------ -- FlexAuth Web-Auth Configuration -- This applies only to Web Authentication -- ------------------------------------------------------------ ruckusWebAuthTable OBJECT-TYPE SYNTAX SEQUENCE OF RuckusWebAuthEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that allows configuration of WebAuth for a specified VLAN. WebAuth is configured at the VLAN level unlike MAC-Auth and Dot1x at the port level. An entry exists in this table for each configured VLAN with WebAuth." ::= { ruckusWebAuthConfig 1 } ruckusWebAuthEntry OBJECT-TYPE SYNTAX RuckusWebAuthEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry of WebAuth configuration." INDEX { ruckusWebAuthVlan } ::= { ruckusWebAuthTable 1 } RuckusWebAuthEntry ::= SEQUENCE { ruckusWebAuthVlan VlanId, ruckusWebAuthEnable EnabledStatus, ruckusWebAuthMode INTEGER, ruckusWebAuthMethod INTEGER, ruckusWebAuthMaxHosts Unsigned32, ruckusWebAuthMaxAuthAttempts Unsigned32, ruckusWebAuthReauthTime Unsigned32, ruckusWebAuthCycleTime Unsigned32, ruckusWebAuthBlockTime Unsigned32, ruckusWebAuthMacAgeTime Unsigned32, ruckusWebAuthPasscode DisplayString, ruckusWebAuthLocalUserDb DisplayString, ruckusWebAuthSecureLogin EnabledStatus, ruckusWebAuthAccounting EnabledStatus, ruckusWebAuthCaptiveProfile DisplayString, ruckusWebAuthRedirectName DisplayString, ruckusWebAuthWebpageRemoveUserId EnabledStatus, ruckusWebAuthWebpageUsernameLabel DisplayString, ruckusWebAuthWebpagePasswordLabel DisplayString, ruckusWebAuthUpLinkPort InterfaceIndexOrZero, ruckusWebAuthWebpageTop DisplayString, ruckusWebAuthWebpageBottom DisplayString, ruckusWebAuthWebpageTitle DisplayString, ruckusWebAuthWebpageLoginButton DisplayString } ruckusWebAuthVlan OBJECT-TYPE SYNTAX VlanId MAX-ACCESS not-accessible STATUS current DESCRIPTION "Specifies the VLAN, this configuration entry applies to." ::= { ruckusWebAuthEntry 1 } ruckusWebAuthEnable OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies if Web-Auth is enabled or disabled." DEFVAL { disabled } ::= { ruckusWebAuthEntry 2 } ruckusWebAuthMode OBJECT-TYPE SYNTAX INTEGER { none(1), passcode(2), password(3), captivePortal(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the authentication mode used for authenticating the users. none - no authentication is performed passcode - passcode based authentication, where the passcode can be statitically configured or generated dynamically password - username and password based authentication, where local user database or external RADIUS server is used captivePortal- external Captive Portal is used through redirection" ::= { ruckusWebAuthEntry 3 } ruckusWebAuthMethod OBJECT-TYPE SYNTAX INTEGER { radius(1), local(2), radiusLocal(3), localRadius(4), none(5) } MAX-ACCESS read-only STATUS current DESCRIPTION "When the AuthMode is configured as password, this specifies the order for performing authentication. radius - RADIUS server for authentication local - Local user DB for authentication radiusLocal - RADIUS followed by Local User DB localRadius - Local User DB followed by RADIUS none - none of these methods." DEFVAL { radius } ::= { ruckusWebAuthEntry 4 } ruckusWebAuthMaxHosts OBJECT-TYPE SYNTAX Unsigned32 (0..8192) MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the maximum number of hosts allowed to be authenticated. Value 0 means no limit." DEFVAL { 0 } ::= { ruckusWebAuthEntry 5 } ruckusWebAuthMaxAuthAttempts OBJECT-TYPE SYNTAX Unsigned32 (0..64) MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the maximum number of attempts allowed during the auth cycle, after which the user is blocked for configured amount of time, before next authentication. The value of 0 means no limit." DEFVAL { 5 } ::= { ruckusWebAuthEntry 6 } ruckusWebAuthReauthTime OBJECT-TYPE SYNTAX Unsigned32 (0..128000) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the re-authentication time, so the authenticated users can be periodically reauthenticated after the timeout specified through this object. Value 0 means no limit" DEFVAL { 28800 } ::= { ruckusWebAuthEntry 7 } ruckusWebAuthCycleTime OBJECT-TYPE SYNTAX Unsigned32 (0..3600) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the time of the authentication since the first attempted user authentication, after which the user is not allowed to authenticate and must reload the login-page to start authentication. Value of 0 means no limit." DEFVAL { 600 } ::= { ruckusWebAuthEntry 8 } ruckusWebAuthBlockTime OBJECT-TYPE SYNTAX Unsigned32 (0..12800) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the time for blocking the user when successive attempts have failed resulting in blocking the user. Value of 0 means, the user is blocked permanently." DEFVAL { 90 } ::= { ruckusWebAuthEntry 9 } ruckusWebAuthMacAgeTime OBJECT-TYPE SYNTAX Unsigned32 (0..3600) MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the the time which together with mac-age-time of the switch is considered an inactive time of the authenticated host, after which the device is forced to reauthenticate. The value can be 0 meaning no aging, the maximum can be upto the specified reauth-time." DEFVAL { 3600 } ::= { ruckusWebAuthEntry 10 } ruckusWebAuthPasscode OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the statically configured passcode used to authenticate when passcode is used auth-method. The passcode is digits only. This can consist of upto 4 passcodes where each entry is seperated by space or tab." ::= { ruckusWebAuthEntry 11 } ruckusWebAuthLocalUserDb OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the locally configured User Database for use in authentication, when the auth-methos is password." ::= { ruckusWebAuthEntry 12 } ruckusWebAuthSecureLogin OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies if HTTPS is used for authentication or not." DEFVAL { enabled } ::= { ruckusWebAuthEntry 13 } ruckusWebAuthAccounting OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies if accounting is enbled or disabled." DEFVAL { disabled } ::= { ruckusWebAuthEntry 14 } ruckusWebAuthCaptiveProfile OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the name of the configured Captive Portal profile, which should be used for redirection, if the auth-method is configured as captivePortal." ::= { ruckusWebAuthEntry 15 } ruckusWebAuthRedirectName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the name to be used for URL when internal authentication is used dusring authentication for prompting username/password from the users, otherwise switch IP address is used. This must be valid domain name for the switch." ::= { ruckusWebAuthEntry 16 } ruckusWebAuthWebpageRemoveUserId OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies if user-id field in custom webauth login page is disabled or not, default value is disable, i.e., user-id field is displayed" DEFVAL { disabled } ::= { ruckusWebAuthEntry 17 } ruckusWebAuthWebpageUsernameLabel OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the name to be used for user-id label in webauth login page" ::= { ruckusWebAuthEntry 18 } ruckusWebAuthWebpagePasswordLabel OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the name to be used for password label in webauth login page" ::= { ruckusWebAuthEntry 19 } ruckusWebAuthUpLinkPort OBJECT-TYPE SYNTAX InterfaceIndexOrZero MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the port to be used as uplink port in network segmentation deployment" ::= { ruckusWebAuthEntry 20 } ruckusWebAuthWebpageTop OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the name to be used for Top of webauth login page" ::= { ruckusWebAuthEntry 21 } ruckusWebAuthWebpageBottom OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the name to be used for Bottom of webauth login page" ::= { ruckusWebAuthEntry 22 } ruckusWebAuthWebpageTitle OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the name to be used for Title in webauth login page" ::= { ruckusWebAuthEntry 23 } ruckusWebAuthWebpageLoginButton OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the name to be used for Login-button in webauth login page" ::= { ruckusWebAuthEntry 24 } -- ------------------------------------------------------------ -- WebAuth TrustPort Configuration -- This applies for Web authentication at VLAN level -- ------------------------------------------------------------ ruckusWebAuthTrustPortTable OBJECT-TYPE SYNTAX SEQUENCE OF RuckusWebAuthTrustPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that allows configuration of WebAuth Trust ports which are skipped from authentication in the given VLAN and are typically uplink ports. An entry exists in this table for every Trust Port defined on this VLAN." ::= { ruckusWebAuthConfig 2 } ruckusWebAuthTrustPortEntry OBJECT-TYPE SYNTAX RuckusWebAuthTrustPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in WebAuth Trust Port table." INDEX { ruckusWebAuthVlan, ruckusWebAuthTrustPort } ::= { ruckusWebAuthTrustPortTable 1 } RuckusWebAuthTrustPortEntry ::= SEQUENCE { ruckusWebAuthTrustPort InterfaceIndex } ruckusWebAuthTrustPort OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the trusted port or the up-link port, which is considered secure, so authentication is not performed on that port. This port generally provides access to the corporate or Internet or other network for resource access during authentication." ::= { ruckusWebAuthTrustPortEntry 1 } -- ------------------------------------------------------------ -- WebAuth DNS Filter Configuration -- This applies for Web authentication at VLAN level -- ------------------------------------------------------------ ruckusWebAuthDnsFilterTable OBJECT-TYPE SYNTAX SEQUENCE OF RuckusWebAuthDnsFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that allows configuration of WebAuth DNS filters which are qualified DNS servers and should be allowed access during authentication for DNS queries by clients. An entry exists in this table for every DNS filter defined on this VLAN." ::= { ruckusWebAuthConfig 3 } ruckusWebAuthDnsFilterEntry OBJECT-TYPE SYNTAX RuckusWebAuthDnsFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in WebAuth DNS-Filter table." INDEX { ruckusWebAuthVlan, ruckusWebAuthDnsFilterId } ::= { ruckusWebAuthDnsFilterTable 1 } RuckusWebAuthDnsFilterEntry ::= SEQUENCE { ruckusWebAuthDnsFilterId INTEGER, ruckusWebAuthDnsFilterType InetAddressType, ruckusWebAuthDnsFilterAddr InetAddress, ruckusWebAuthDnsFilterPrefix Unsigned32 } ruckusWebAuthDnsFilterId OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "An index into the DNS filter table." ::= { ruckusWebAuthDnsFilterEntry 1 } ruckusWebAuthDnsFilterType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The address type of the this filter entry, a V4 or V6 address." ::= { ruckusWebAuthDnsFilterEntry 2 } ruckusWebAuthDnsFilterAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The DNS server address, which is a V4 or V6 address." ::= { ruckusWebAuthDnsFilterEntry 3 } ruckusWebAuthDnsFilterPrefix OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The DNS server server prefix, which applies to V4/V6 addresses." ::= { ruckusWebAuthDnsFilterEntry 4 } -- ------------------------------------------------------------ -- WebAuth Trusted Server or White List Configuration -- This applies for Web authentication only -- ------------------------------------------------------------ ruckusWebAuthWhiteListTable OBJECT-TYPE SYNTAX SEQUENCE OF RuckusWebAuthWhiteListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that allows configuration of WebAuth Whitelist entries which are qualified external servers that should be allowed access during authentication for various needs by clients. An entry exists in this table for every Whitelist server defined on this VLAN." ::= { ruckusWebAuthConfig 4 } ruckusWebAuthWhiteListEntry OBJECT-TYPE SYNTAX RuckusWebAuthWhiteListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in WebAuth Whitelist table." INDEX { ruckusWebAuthVlan, ruckusWebAuthWhiteListId } ::= { ruckusWebAuthWhiteListTable 1 } RuckusWebAuthWhiteListEntry ::= SEQUENCE { ruckusWebAuthWhiteListId INTEGER, ruckusWebAuthWhiteListType InetAddressType, ruckusWebAuthWhiteListAddr InetAddress, ruckusWebAuthWhiteListPrefix Unsigned32 } ruckusWebAuthWhiteListId OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "An index into the White List Server table." ::= { ruckusWebAuthWhiteListEntry 1 } ruckusWebAuthWhiteListType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The address type of the this whitelist entry, a V4 or V6 or DNS name." ::= { ruckusWebAuthWhiteListEntry 2 } ruckusWebAuthWhiteListAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The whitelist server address, which is a V4 or V6 address or DNS name." ::= { ruckusWebAuthWhiteListEntry 3 } ruckusWebAuthWhiteListPrefix OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The whitelist server prefix, which applies to V4/V6 addresses." ::= { ruckusWebAuthWhiteListEntry 4 } -- ------------------------------------------------------------ -- WebAuth Auth Filter Configuration -- This applies for Web authentication at VLAN/port level -- ------------------------------------------------------------ ruckusWebAuthFilterTable OBJECT-TYPE SYNTAX SEQUENCE OF RuckusWebAuthFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that allows configuration of WebAuth auth- filters which are applied to statically authenticate the clients without the need for authentication. This comes in for help to permit/deny pre-defined clients and save time in authentication. An entry exists in this table for every auth-filter defined on this VLAN." ::= { ruckusWebAuthConfig 5 } ruckusWebAuthFilterEntry OBJECT-TYPE SYNTAX RuckusWebAuthFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in WebAuth Auth-Filter table." INDEX { ruckusWebAuthVlan, ruckusWebAuthFilterMac } ::= { ruckusWebAuthFilterTable 1 } RuckusWebAuthFilterEntry ::= SEQUENCE { ruckusWebAuthFilterMac MacAddress, ruckusWebAuthFilterPort InterfaceIndexOrZero, ruckusWebAuthFilterDuration Unsigned32, ruckusWebAuthFilterAction INTEGER } ruckusWebAuthFilterMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the MAC Address of the filter for matching the authenticating clients through static authentication." ::= { ruckusWebAuthFilterEntry 1 } ruckusWebAuthFilterPort OBJECT-TYPE SYNTAX InterfaceIndexOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the port in the VLAN, where this filter should be applied. If the port not valid, the entry applies to all ports in VLAN." ::= { ruckusWebAuthFilterEntry 2 } ruckusWebAuthFilterDuration OBJECT-TYPE SYNTAX Unsigned32 (0..12800) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the time for blocking or allowing the user when the filter results in authenticating the user (matches). Value of 0 means, the user is blocked permanently or allowed permanently." ::= { ruckusWebAuthFilterEntry 3 } ruckusWebAuthFilterAction OBJECT-TYPE SYNTAX INTEGER { permit(1), deny(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the action to be performed when this filter is applied on the authenticating client when matching occurs. permit(1) - allow the client in specified VLAN deny(2) - block the client" ::= { ruckusWebAuthFilterEntry 4 } -- ------------------------------------------------------------ -- WebAuth Captive Portal Configuration -- This applies for Web authentication only -- ------------------------------------------------------------ ruckusWebAuthCaptivePortalTable OBJECT-TYPE SYNTAX SEQUENCE OF RuckusWebAuthCaptivePortalEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that allows configuration of WebAuth Captive profiles for various external WebAuth servers. The rntry provides the server information such as the DNS name or address, port and login page where the authenticating client should be redirected to." ::= { ruckusWebAuthConfig 6 } ruckusWebAuthCaptivePortalEntry OBJECT-TYPE SYNTAX RuckusWebAuthCaptivePortalEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in WebAuth Captive Poratl table." INDEX { IMPLIED ruckusWebAuthCaptivePortalName } ::= { ruckusWebAuthCaptivePortalTable 1 } RuckusWebAuthCaptivePortalEntry ::= SEQUENCE { ruckusWebAuthCaptivePortalName DisplayString, ruckusWebAuthCaptivePortalType InetAddressType, ruckusWebAuthCaptivePortalAddr InetAddress, ruckusWebAuthCaptivePortalPort Unsigned32, ruckusWebAuthCaptivePortalLoginPage DisplayString } ruckusWebAuthCaptivePortalName OBJECT-TYPE SYNTAX DisplayString (SIZE (1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Specifies the name of the profile entry." ::= { ruckusWebAuthCaptivePortalEntry 1 } ruckusWebAuthCaptivePortalType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the Captive server type - qualified name or IP address." ::= { ruckusWebAuthCaptivePortalEntry 2 } ruckusWebAuthCaptivePortalAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the Captive server qualified name or IP address." ::= { ruckusWebAuthCaptivePortalEntry 3 } ruckusWebAuthCaptivePortalPort OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the Captive server port for HTTP/HTTPS access." DEFVAL { 443 } ::= { ruckusWebAuthCaptivePortalEntry 4 } ruckusWebAuthCaptivePortalLoginPage OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the login page of the Captive server, where the client should be redirected to." ::= { ruckusWebAuthCaptivePortalEntry 5 } -- ------------------------------------------------------------ -- FlexAuth Port Configuration -- This applies for Dot1x and MAC authentication at port level -- ------------------------------------------------------------ ruckusAuthPortTable OBJECT-TYPE SYNTAX SEQUENCE OF RuckusAuthPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that allows configuration of FlexAuth, including Dot1x and MAC-Auth for a specified port. Most objects at the port level oerride the similar configured objects at the global level. An entry exists in this table for each configured with FlexAuth." ::= { ruckusAuthPortConfig 1 } ruckusAuthPortEntry OBJECT-TYPE SYNTAX RuckusAuthPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry of FlexAuth port configuration." INDEX { ifIndex } ::= { ruckusAuthPortTable 1 } RuckusAuthPortEntry ::= SEQUENCE { ruckusAuthPortEnable BITS, ruckusAuthPortDot1xControl INTEGER, ruckusAuthPortDefaultVlan VlanId, ruckusAuthPortVoiceVlan VlanId, ruckusAuthPortCriticalVlan VlanId, ruckusAuthPortRestrictVlan VlanId, ruckusAuthPortMode RuckusAuthMode, ruckusAuthPortMethods RuckusAuthOrder, ruckusAuthPortMaxSessions Unsigned32, ruckusAuthPortFailAction RuckusAuthFailAction, ruckusAuthPortTimeoutAction RuckusAuthTimeoutAction, ruckusAuthPortReauthTimeout Unsigned32, ruckusAuthPortAging RuckusAuthAging, ruckusAuthPortAllowTagged EnabledStatus, ruckusAuthPortSourceGuard EnabledStatus, ruckusAuthPortDosAttacks EnabledStatus, ruckusAuthPortDosAttackLimit Unsigned32 } ruckusAuthPortEnable OBJECT-TYPE SYNTAX BITS { dot1x(0), macAuth(1) } MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies authentication methods that are enabled on this port. Unless the method is enabled globally, the same can't be enabled at port level. A bit field of '1' indicates enabled, otherwise disabled." ::= {ruckusAuthPortEntry 1} ruckusAuthPortDot1xControl OBJECT-TYPE SYNTAX INTEGER { forceUnauthorized(1), controlauto(2), forceAuthorized(3), other(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the Dot1x operating mode for this port, when Dot1x is enabled. force-unauthorized(1)- port's controlled port is placed unconditionally in the unauthorized state control-auto(2) - the controlled port is unauthorized until authentication takes place between client and server force-authorized(3) - the port's controlled port is placed unconditionally in the authorized state other(4) - not initialized" DEFVAL { forceAuthorized } ::= { ruckusAuthPortEntry 2 } ruckusAuthPortDefaultVlan OBJECT-TYPE SYNTAX VlanId MAX-ACCESS read-only STATUS current DESCRIPTION "This default VLAN is used to place this port, so this VLAN acts as a VLAN for the clients to belong to, when authentication server doesn't assign any VLANs. A value of zero for this object indicates no default Vlan is configured for this port on this Ruckus device, so the global default VLAN is used." ::= { ruckusAuthPortEntry 3 } ruckusAuthPortVoiceVlan OBJECT-TYPE SYNTAX VlanId MAX-ACCESS read-only STATUS current DESCRIPTION "This voice VLAN is used to advertise through LLDP/CDP on this port, when connected devices are detected as Phones and authentication server doesn't assign any Voice VLAN. A value of zero for this object indicates no Voice Vlan is configured for this port on this Ruckus device, so the global Voice VLAN is used." ::= { ruckusAuthPortEntry 4 } ruckusAuthPortCriticalVlan OBJECT-TYPE SYNTAX VlanId MAX-ACCESS read-only STATUS current DESCRIPTION "This VLAN is used to place the clients of this port, when the authentication server times out and the port auth-timeout-action is configired as 'critical', so the clients have limited access. Refer to ruckusAuthPortTimeoutAction object for timeout-action choices. A value of zero for this object indicates no Critical Vlan is configured for this port on this Ruckus device, so the global Critical VLAN is used." ::= { ruckusAuthPortEntry 5 } ruckusAuthPortRestrictVlan OBJECT-TYPE SYNTAX VlanId MAX-ACCESS read-only STATUS current DESCRIPTION "This VLAN is used to place the clients of this port, when the clients fail the authentication and the auth-failure-action is configured as 'restrict', so the clients have limited access. Refer to ruckusAuthPortFailAction object for fail-action choices. A value of zero for this object indicates no Restrict Vlan is configured for this port on this Ruckus device, so the global Restrict VLAN is used." ::= { ruckusAuthPortEntry 6 } ruckusAuthPortMode OBJECT-TYPE SYNTAX RuckusAuthMode MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the authentication mode for this port. This overrides the globally configured value." DEFVAL { singleUntagged } ::= { ruckusAuthPortEntry 7 } ruckusAuthPortMethods OBJECT-TYPE SYNTAX RuckusAuthOrder MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies authentication methods to be attempted in series of methods for this port. This overrides the globally configured value." DEFVAL { dot1xMauth } ::= { ruckusAuthPortEntry 8 } ruckusAuthPortMaxSessions OBJECT-TYPE SYNTAX Unsigned32 (1..1024) MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the maximum number of authenticated clients allowed on this port. This doesn't include the clients allowed due to authentication failure and timeout policies." DEFVAL { 2 } ::= { ruckusAuthPortEntry 9 } ruckusAuthPortFailAction OBJECT-TYPE SYNTAX RuckusAuthFailAction MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the action to be taken on this port. This overrides the globally set value." DEFVAL { blockTraffic } ::= { ruckusAuthPortEntry 10 } ruckusAuthPortTimeoutAction OBJECT-TYPE SYNTAX RuckusAuthTimeoutAction MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the action to be taken on this port, when the authentication server times out for various readons like server busy, network access, etc. This overrides the globally set value." DEFVAL { other } ::= { ruckusAuthPortEntry 11 } ruckusAuthPortReauthTimeout OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "How often to re-authenticates clients of this port, when the clients were allowed due to authentication server timeout. Value of 0 disables the re-authentication." DEFVAL { 300 } ::= { ruckusAuthPortEntry 12 } ruckusAuthPortAging OBJECT-TYPE SYNTAX RuckusAuthAging MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies, if denied and permitted sessions are enabled or disabled for aging on this port. This overrided the global value." ::= { ruckusAuthPortEntry 13 } ruckusAuthPortAllowTagged OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies, if denied and permitted sessions are enabled or disabled for aging on this port. A bit field of '1' indicates enabled, otherwise disabled." DEFVAL { disabled } ::= { ruckusAuthPortEntry 14 } ruckusAuthPortSourceGuard OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-only STATUS current DESCRIPTION "Source guard enabling ensures that the client IP address to be learned and allow the packets matching that IP address only. This is implied when user ACLs are applied on the port, so has impact only otherwise." DEFVAL { disabled } ::= { ruckusAuthPortEntry 15 } ruckusAuthPortDosAttacks OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies to prevent/allow Denial of Service attacks on this port. Constantly sending packets from different clients (MAC addresses) causes DOS, as the clients are not allowed without authentication, which may cause exhausing of system resources." DEFVAL { disabled } ::= { ruckusAuthPortEntry 16 } ruckusAuthPortDosAttackLimit OBJECT-TYPE SYNTAX Unsigned32 (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of clients to be allowed at any time without authentication, and if authentication pending clients exceed the configured limit (as specified by this object), the port gets shutdown to prevent DOS attacks." DEFVAL { 512 } ::= { ruckusAuthPortEntry 17 } -- ------------------------------------------------------------ -- FlexAuth Port Auth Filter Configuration -- This applies for Dot1x and MAC authentication at port level -- ------------------------------------------------------------ ruckusAuthFilterTable OBJECT-TYPE SYNTAX SEQUENCE OF RuckusAuthFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that allows configuration of FlexAuth auth- filters which are applied to statically authenticate the clients without the need for RADIUS server authenticator. This comes in for help to permit/deny pre-defined clients and save time in authentication. An entry exists in this table for every auth-filter bound on the port." ::= { ruckusAuthFilterConfig 1 } ruckusAuthFilterEntry OBJECT-TYPE SYNTAX RuckusAuthFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry of FlexAuth port Auth-Filter configuration." INDEX { ifIndex, ruckusAuthFilterId } ::= { ruckusAuthFilterTable 1 } RuckusAuthFilterEntry ::= SEQUENCE { ruckusAuthFilterId INTEGER, ruckusAuthFilterMac MacAddress, ruckusAuthFilterMask MacAddress, ruckusAuthFilterVlan VlanId, ruckusAuthFilterAction INTEGER } ruckusAuthFilterId OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "An index into the authe filter table." ::= { ruckusAuthFilterEntry 1 } ruckusAuthFilterMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the MAC Address of the filter for matching the authenticating clients through static authentication." ::= { ruckusAuthFilterEntry 2 } ruckusAuthFilterMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the Mask of the filter for matching the incoming clients through static authentication. The mask is applied on MAC in the filter and client MAC before the matching decision is made." ::= { ruckusAuthFilterEntry 3 } ruckusAuthFilterVlan OBJECT-TYPE SYNTAX VlanId MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the VLAN which should be used to place the authenticating client after the matching is done. This VLAN applies only when the action is permit. Denied clients are always blocked." ::= { ruckusAuthFilterEntry 4 } ruckusAuthFilterAction OBJECT-TYPE SYNTAX INTEGER { permit(1), deny(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the action to be performed when this filter is applied on the authenticating client and matching occurs. permit(1) - allow the client in specified VLAN deny(2) - block the client" ::= { ruckusAuthFilterEntry 5 } -- ------------------------------------------------------------ -- FlexAuth Sessions -- This applies for Dot1x and MAC-Auth sessions at port level -- ------------------------------------------------------------ ruckusAuthSessionTable OBJECT-TYPE SYNTAX SEQUENCE OF RuckusAuthSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table providing information about the FlexAuth sessions for each client at port level in the Ruckus device. This table contains entries for all the clients authenticated or failed on a given port. Entries get created when clients are authenticated amd cleared when they logoff or timeout." ::= { ruckusAuthSessions 1 } ruckusAuthSessionEntry OBJECT-TYPE SYNTAX RuckusAuthSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing information about the FlexAuth session of a specified client on a port" INDEX { ifIndex, ruckusAuthSessionMac } ::= { ruckusAuthSessionTable 1 } RuckusAuthSessionEntry ::= SEQUENCE { ruckusAuthSessionMac MacAddress, ruckusAuthSessionVlan VlanId, ruckusAuthSessionVlanType INTEGER, ruckusAuthSessionTaggedVlan VlanId, ruckusAuthSessionUserName DisplayString, ruckusAuthSessionDeviceType INTEGER, ruckusAuthSessionMethod INTEGER, ruckusAuthSessionMode RuckusAuthMode, ruckusAuthSessionStatus INTEGER, ruckusAuthSessionDot1xStatus Dot1xAuthState, ruckusAuthSessionAgingType INTEGER, ruckusAuthSessionAge Unsigned32, ruckusAuthSessionTimeout Unsigned32, ruckusAuthSessionIdleTimeout Unsigned32, ruckusAuthSessionTime Unsigned32, ruckusAuthSessionV4IngressAcl DisplayString, ruckusAuthSessionV4EgressAcl DisplayString, ruckusAuthSessionV6IngressAcl DisplayString, ruckusAuthSessionV6EgressAcl DisplayString, ruckusAuthSessionTxOctets Counter64, ruckusAuthSessionRxOctets Counter64, ruckusAuthSessionTxPkts Counter64, ruckusAuthSessionRxPkts Counter64, ruckusAuthSessionFailureReason DisplayString, ruckusAuthSessionFlags BITS } ruckusAuthSessionMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the MAC Address of the client (device/host) represented by this session entry" ::= { ruckusAuthSessionEntry 1 } ruckusAuthSessionVlan OBJECT-TYPE SYNTAX VlanId MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the VLAN, the client (device/host) belongs to, represented by this session entry. In case of voice-phones, this VLAN is the voice-VLAN (tagged) and in all other cases, most likely an untagged VLAN, unless it's a tagged VM client" ::= { ruckusAuthSessionEntry 2 } ruckusAuthSessionVlanType OBJECT-TYPE SYNTAX INTEGER { default(1), retrict(2), critical(3), guest(4), radius(5) } MAX-ACCESS read-only STATUS current DESCRIPTION "Decribes the type of the VLAN associated with the session. default(1) - Default VLANs as configured on Ruckus device restrict(2) - Restricted VLAN as authentication failed critical(3) - Critical VLAN as authentication timed out guest(4) - Guest VLAN as client is not Dot1x capable radius(5) - RADIUS (auth) server assigned VLAN" ::= { ruckusAuthSessionEntry 3 } ruckusAuthSessionTaggedVlan OBJECT-TYPE SYNTAX VlanId MAX-ACCESS read-only STATUS current DESCRIPTION "Tagged VLAN or Voice VLAN sent by the RADIUS server, so the port gets added to the VLAN, to prepare the device to send tagged packets in case of phones." ::= { ruckusAuthSessionEntry 4 } ruckusAuthSessionUserName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the User name associated with the client, represented by this session. In case of Dot1x sessions, it's the username used by the user to log into the network; whereas in case of MAC-Auth, it could be MAC address or user name assigned by RADIUS server in ACCESS-ACCEPT packet during authentication." ::= { ruckusAuthSessionEntry 5 } ruckusAuthSessionDeviceType OBJECT-TYPE SYNTAX INTEGER { phone(1), wlanAP(2), router(3), bridge(4), other(8) } MAX-ACCESS read-only STATUS current DESCRIPTION "Decribes the type of the client connnected and authenticated on this port." ::= { ruckusAuthSessionEntry 6 } ruckusAuthSessionMethod OBJECT-TYPE SYNTAX INTEGER { dot1x(1), macAuth(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the authentication method that is used for authenticating the client on this port represented by this session. It's possible that both authentication methods are tried, both either succeeded or failed and the resulting status is generally decided by the last method." ::= { ruckusAuthSessionEntry 7 } ruckusAuthSessionMode OBJECT-TYPE SYNTAX RuckusAuthMode MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the authentication mode applied for this client on this port." ::= { ruckusAuthSessionEntry 8 } ruckusAuthSessionStatus OBJECT-TYPE SYNTAX INTEGER { allowed(1), blocked(2), restrict(3), critical(4), guest(5), other(6) } MAX-ACCESS read-only STATUS current DESCRIPTION "The authentication state of the session which can take the following values. allowed - client authentication is successful, so the complete access is granted blocked - client failed authentication, so access is denied restrict - client failed authentication, but allowed restricted access critical - client authentication timedout, so access is limited to critical operations guest - client is not Dot1x capable, so allowed guest role access" ::= { ruckusAuthSessionEntry 9 } ruckusAuthSessionDot1xStatus OBJECT-TYPE SYNTAX Dot1xAuthState MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the state of Dot1x authentication, if the client is using Dot1x for authentication." ::= { ruckusAuthSessionEntry 10 } ruckusAuthSessionAgingType OBJECT-TYPE SYNTAX INTEGER { software(1), hardware(2), enabled(3), disabled(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the aging status of the client session which can be of the following values. software(1): Client MAC entry is cleared as the entry timedout in hardware for configured inactivity period, so it has entered software aging state hardware(2): Client MAC has detected the inactivity on the port, so entered the hardware aging state enabled(3): Aging is enabled and there is no detection of inactivity on the port for this client, so aging has not started disabled(4): Aging is disabled for this client, so any amount of inactivity period doesn't clear the session " ::= { ruckusAuthSessionEntry 11 } ruckusAuthSessionAge OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "When the aging type is either software or hardware, this object indicates the time, the session had been in that state. When the configured maximum time is reached, the aging state moves from hardware to software or session is cleared." ::= { ruckusAuthSessionEntry 12 } ruckusAuthSessionTimeout OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the maximum amount of time, the session should exit before re-authenticating or terminating the sessions depending on another RADIUS attribute 'Termination-Action'." ::= { ruckusAuthSessionEntry 13 } ruckusAuthSessionIdleTimeout OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the maximum amount of time after which the session is cleared when there is no traffic from the client. A value of 0 means, the sessions never gets terminated due to inactivity." ::= { ruckusAuthSessionEntry 14 } ruckusAuthSessionTime OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "Indcates the session UP time since the session had been up or created." ::= { ruckusAuthSessionEntry 15 } ruckusAuthSessionV4IngressAcl OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the User Access List (ACL) applied in the Ingress direction for the IPv4 traffic for this client on this port." ::= { ruckusAuthSessionEntry 16 } ruckusAuthSessionV4EgressAcl OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the User Access List (ACL) applied in the Egress direction for the IPv4 traffic for this client on this port." ::= { ruckusAuthSessionEntry 17 } ruckusAuthSessionV6IngressAcl OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the User Access List (ACL) applied in the Ingress direction for the IPv6 traffic for this client on this port." ::= { ruckusAuthSessionEntry 18 } ruckusAuthSessionV6EgressAcl OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the User Access List (ACL) applied in the Egress direction for the IPv6 traffic for this client on this port." ::= { ruckusAuthSessionEntry 19 } ruckusAuthSessionTxOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the number bytes sent for this session on the port." ::= { ruckusAuthSessionEntry 20 } ruckusAuthSessionRxOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the number bytes received for this session on the port." ::= { ruckusAuthSessionEntry 21 } ruckusAuthSessionTxPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the number bytes sent for this session on the port." ::= { ruckusAuthSessionEntry 22 } ruckusAuthSessionRxPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the number bytes received for this session on the port." ::= { ruckusAuthSessionEntry 23 } ruckusAuthSessionFailureReason OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the internal failure reason for this client, such as memory allocation, RADIUS attribute parsing, RADIUS REJECT, etc." ::= { ruckusAuthSessionEntry 24 } ruckusAuthSessionFlags OBJECT-TYPE SYNTAX BITS { staticAuthenticated(0), taggedSession(1), dot1xNonCapable(2), dot1xEnabled(3), masterMacAuth(4), v4AclApplied(5), v6AclApplied(6) } MAX-ACCESS read-only STATUS current DESCRIPTION "Desacribes various other parameters of client session, by clubbing them together in one object for simplicity. staticAuthenticated(0): Client is authenticaticated using configured auth-fileters on the port, instead of normal RADIUS server taggedSession(1): Client VLAN is tagged, which may indicate the client as Phone or tagged VM dot1xNonCapable(2): Client is not Dot1x capabale dot1xEnabled(3): Dot1x should be tried or not, when MAC-Auth succeeds depending on default value (enable), configured value or RADIUS attribute masterMacAuth(4), Indicates if this session is Master session in case of MAC-Auth session, as there would be multiple sessions for MAC-Auth, whereas there would be only one session visible v4AclApplied(5): IPv4 ACL is applied for the client v6AclApplied(6): IPv6 ACL is applied for the client " ::= { ruckusAuthSessionEntry 25 } -- ------------------------------------------------------------ -- FlexAuth Session Address Table -- This applies for Dot1x and MAC-Auth sessions at port level -- ------------------------------------------------------------ ruckusAuthSessionAddrTable OBJECT-TYPE SYNTAX SEQUENCE OF RuckusAuthSessionAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An address table providing V4/V6 information about the FlexAuth sessions for each client at port level in the Ruckus device." ::= { ruckusAuthSessions 2 } ruckusAuthSessionAddrEntry OBJECT-TYPE SYNTAX RuckusAuthSessionAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing information about the FlexAuth session address of a specified client on a port" INDEX { ifIndex, ruckusAuthSessionMac, ruckusAuthSessionAddrId } ::= { ruckusAuthSessionAddrTable 1 } RuckusAuthSessionAddrEntry ::= SEQUENCE { ruckusAuthSessionAddrId INTEGER, ruckusAuthSessionAddrType InetAddressType, ruckusAuthSessionAddr InetAddress } ruckusAuthSessionAddrId OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "An index into the White List Server table." ::= { ruckusAuthSessionAddrEntry 1 } ruckusAuthSessionAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The address type of the this address entry, a V4 or V6." ::= { ruckusAuthSessionAddrEntry 2 } ruckusAuthSessionAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The address of this session entry, which is a V4 or V6 address." ::= { ruckusAuthSessionAddrEntry 3 } -- ------------------------------------------------------------ -- FlexAuth Session Statistics -- This applies for Dot1x and MAC sessions at port level -- ------------------------------------------------------------ ruckusAuthStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF RuckusAuthStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that provides information about the summary of MAC-Auth and Dot1x sessions at port level. An entry exists in this table for every port enabled for FlexAuth." ::= { ruckusAuthStatistics 1 } ruckusAuthStatsEntry OBJECT-TYPE SYNTAX RuckusAuthStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry of port level FlexAuth session summary table." INDEX { ifIndex } ::= { ruckusAuthStatsTable 1 } RuckusAuthStatsEntry::= SEQUENCE { ruckusDot1xSessionsAttempted Counter32, ruckusDot1xSessionsAccepted Counter32, ruckusDot1xSessionsRejected Counter32, ruckusDot1xSessionsInProgress Counter32, ruckusDot1xSessionsErrored Counter32, ruckusMacAuthSessionsAttempted Counter32, ruckusMacAuthSessionsAccepted Counter32, ruckusMacAuthSessionsRejected Counter32, ruckusMacAuthSessionsInProgress Counter32, ruckusMacAuthSessionsErrored Counter32 } ruckusDot1xSessionsAttempted OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of Dot1x sessions attempted on this port, since the time the stats were cleared." ::= { ruckusAuthStatsEntry 1 } ruckusDot1xSessionsAccepted OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of Dot1x sessions accepted or permited on this port, since the time the stats were cleared." ::= { ruckusAuthStatsEntry 2 } ruckusDot1xSessionsRejected OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of Dot1x sessions failed or rejected on this port, since the time the stats were cleared." ::= { ruckusAuthStatsEntry 3 } ruckusDot1xSessionsInProgress OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of Dot1x sessions which are in progress on this port waiting for authentication to be completed, since the time the stats were cleared." ::= { ruckusAuthStatsEntry 4 } ruckusDot1xSessionsErrored OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of Dot1x sessions which are neither accepted or rejected due to conditions like timeout, resource failure, etc; on this port, since the time the stats were cleared." ::= { ruckusAuthStatsEntry 5 } ruckusMacAuthSessionsAttempted OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of MAC-Auth sessions attempted on this port, since the time the stats were cleared." ::= { ruckusAuthStatsEntry 6 } ruckusMacAuthSessionsAccepted OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of MAC-Auth sessions accepted or permited on this port, since the time the stats were cleared" ::= { ruckusAuthStatsEntry 7 } ruckusMacAuthSessionsRejected OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of MAC-Auth sessions failed or rejected on this port, since the time the stats were cleared" ::= { ruckusAuthStatsEntry 8 } ruckusMacAuthSessionsInProgress OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of MAC-Auth sessions which are in progress on this port waiting for authentication to be completed, since the time the stats were cleared" ::= { ruckusAuthStatsEntry 9 } ruckusMacAuthSessionsErrored OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of MAC-Auth sessions which are neither accepted or rejected due to conditions like timeout, resource failure, etc; on this port, since the time the stats were cleared." ::= { ruckusAuthStatsEntry 10 } -- ------------------------------------------------------------ -- Dot1x Port Statistics -- This applies for Dot1x authentication only at port level -- ------------------------------------------------------------ ruckusDot1xAuthStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF RuckusDot1xAuthStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that provides information about the Dot1x Statistics at port level. An entry exists in this table for every port enabled for Dot1x." ::= { ruckusAuthStatistics 2 } ruckusDot1xAuthStatsEntry OBJECT-TYPE SYNTAX RuckusDot1xAuthStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry of per port Dot1x statistics table." INDEX { ifIndex } ::= { ruckusDot1xAuthStatsTable 1 } RuckusDot1xAuthStatsEntry::= SEQUENCE { ruckusDot1xTxEAPFrames Counter32, ruckusDot1xTxEAPReqIdFrames Counter32, ruckusDot1xTxEAPReqFrames Counter32, ruckusDot1xRxEAPFrames Counter32, ruckusDot1xRxEAPStartFrames Counter32, ruckusDot1xRxEAPLogOffFrames Counter32, ruckusDot1xRxEAPRespIdFrames Counter32, ruckusDot1xRxEAPRespFrames Counter32, ruckusDot1xRxEAPInvalidFrames Counter32, ruckusDot1xRxLengthErrorFrames Integer32, ruckusDot1xRxEAPLastFrameVersion Unsigned32, ruckusDot1xRxEAPLastFrameSource MacAddress } ruckusDot1xTxEAPFrames OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of EAPOL frames transmitted on this port" ::= { ruckusDot1xAuthStatsEntry 1 } ruckusDot1xTxEAPReqIdFrames OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of EAP-Request/Identity frames transmitted on this port" ::= { ruckusDot1xAuthStatsEntry 2 } ruckusDot1xTxEAPReqFrames OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of transmitted EAP request frames that are not EAP-Request/identify on this port" ::= { ruckusDot1xAuthStatsEntry 3 } ruckusDot1xRxEAPFrames OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of EAPOL frames received on this port" ::= { ruckusDot1xAuthStatsEntry 4 } ruckusDot1xRxEAPStartFrames OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of EAPOL-Start frames received on this port" ::= { ruckusDot1xAuthStatsEntry 5 } ruckusDot1xRxEAPLogOffFrames OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of EAPOL-Logoff frames received on this port" ::= { ruckusDot1xAuthStatsEntry 6 } ruckusDot1xRxEAPRespIdFrames OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of EAP-Response/Identify frames received on this port" ::= { ruckusDot1xAuthStatsEntry 7 } ruckusDot1xRxEAPRespFrames OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of received EAP-Response frames other than EAP-Response/Identity on this port" ::= { ruckusDot1xAuthStatsEntry 8 } ruckusDot1xRxEAPInvalidFrames OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of invalid EAPOL frames received on this port" ::= { ruckusDot1xAuthStatsEntry 9 } ruckusDot1xRxLengthErrorFrames OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of EAPOL frames received with incorrect length on this port" ::= { ruckusDot1xAuthStatsEntry 10 } ruckusDot1xRxEAPLastFrameVersion OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The version of last EAP frame received on this port" ::= { ruckusDot1xAuthStatsEntry 11 } ruckusDot1xRxEAPLastFrameSource OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The MAC address of the source from where the last EAP frame received on this port" ::= { ruckusDot1xAuthStatsEntry 12 } -- ------------------------------------------------------------ -- FlexAuth MIB Notifications (applies for Dot1x and MAC-Auth) -- ------------------------------------------------------------ ruckusAuthPortAuthorizedNotif NOTIFICATION-TYPE OBJECTS { ifIndex, ruckusAuthSessionMac, ruckusAuthSessionVlan, ruckusAuthSessionVlanType } STATUS current DESCRIPTION "This notification is sent if a 802.1x supplicant is detected and authenticated successfully with supplicant getting assigned a VLAN." ::= { ruckusAuthNotification 1 } ruckusAuthPortUnauthorizedNotif NOTIFICATION-TYPE OBJECTS { ifIndex, ruckusAuthSessionMac } STATUS current DESCRIPTION "This notification is sent if a 802.1x supplicant had logged off or session is cleared for other reasons." ::= { ruckusAuthNotification 2 } ruckusAuthMacAuthorizedNotif NOTIFICATION-TYPE OBJECTS { ifIndex, ruckusAuthSessionMac, ruckusAuthSessionVlan, ruckusAuthSessionVlanType } STATUS current DESCRIPTION "This notification is sent if a non-802.1x client is detected and authenticated successfully with client/device getting assigned a VLAN." ::= { ruckusAuthNotification 3 } ruckusAuthMacUnauthorizedNotif NOTIFICATION-TYPE OBJECTS { ifIndex, ruckusAuthSessionMac } STATUS current DESCRIPTION "This notification is sent if a non-802.1x client had logged off or session is cleared for other reasons." ::= { ruckusAuthNotification 4 } ruckusAuthAclFailNotif NOTIFICATION-TYPE OBJECTS { ifIndex, ruckusAuthSessionMac, ruckusAuthSessionMethod } STATUS current DESCRIPTION "This notification is sent if a an ACL counldn't be applied for authenticated client, resulting the client in authentication failure." ::= { ruckusAuthNotification 5 } -- ------------------------------------------------------------ -- FlexAuth MIB Conformance (applies for Dot1x and MAC-Auth) -- ------------------------------------------------------------ ruckusAuthMIBCompliances OBJECT IDENTIFIER ::= { ruckusAuthConformance 1 } ruckusAuthMIBGroups OBJECT IDENTIFIER ::= { ruckusAuthConformance 2 } ruckusAuthCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for entities which implement RUCKUS-AUTH-MIB." MODULE -- this module MANDATORY-GROUPS { ruckusAuthConfigGroup, ruckusDot1xAuthConfigGroup, ruckusMacAuthConfigGroup, ruckusWebAuthConfigGroup, ruckusAuthPortConfigGroup, ruckusAuthFilterConfigGroup, ruckusAuthSessionsGroup } ::= { ruckusAuthMIBCompliances 1 } ------------------------ -- Units of Conformance ------------------------ ruckusAuthConfigGroup OBJECT-GROUP OBJECTS { ruckusAuthDefaultVlan, ruckusAuthVoiceVlan, ruckusAuthCriticalVlan, ruckusAuthRestrictVlan, ruckusAuthMode, ruckusAuthMethods, ruckusAuthMaxSessions, ruckusAuthFailAction, ruckusAuthTimeoutAction, ruckusAuthReauthEnable, ruckusAuthReauthPeriod, ruckusAuthReauthTimeout, ruckusAuthIdleTimeout, ruckusAuthDeniedTimeout, ruckusAuthAging, ruckusAuthEnable, ruckusAuthDefaultV4IngressAcl, ruckusAuthDefaultV4EgressAcl, ruckusAuthDefaultV6IngressAcl, ruckusAuthDefaultV6EgressAcl } STATUS current DESCRIPTION "A collection of objects that provide global configuration of FlexAuth feature, common to both MAC-Auth and Dot1x." ::= { ruckusAuthMIBGroups 1 } ruckusDot1xAuthConfigGroup OBJECT-GROUP OBJECTS { ruckusDot1xQuietPeriod, ruckusDot1xTxPeriod, ruckusDot1xSuppTimeout, ruckusDot1xMaxReq, ruckusDot1xMaxReauthReq, ruckusDot1xGuestVlan, ruckusDot1xMacAuthOverride } STATUS current DESCRIPTION "A collection of objects that provide global global configuration of Dot1x sub-feature, which applies only to Dot1x." ::= { ruckusAuthMIBGroups 2 } ruckusMacAuthConfigGroup OBJECT-GROUP OBJECTS { ruckusMacAuthPasswordFormat, ruckusMacAuthPasswordOverride, ruckusMacAuthDot1xOverride, ruckusMacAuthDot1xEnable } STATUS current DESCRIPTION "A collection of objects that provide global configuration of MAC-Auth sub-feature, which applies only to MAC-Auth." ::= { ruckusAuthMIBGroups 3 } ruckusAuthPortConfigGroup OBJECT-GROUP OBJECTS { ruckusAuthPortEnable, ruckusAuthPortDot1xControl, ruckusAuthPortDefaultVlan, ruckusAuthPortVoiceVlan, ruckusAuthPortCriticalVlan, ruckusAuthPortRestrictVlan, ruckusAuthPortMode, ruckusAuthPortMethods, ruckusAuthPortMaxSessions, ruckusAuthPortFailAction, ruckusAuthPortTimeoutAction, ruckusAuthPortReauthTimeout, ruckusAuthPortAging, ruckusAuthPortAllowTagged, ruckusAuthPortSourceGuard, ruckusAuthPortDosAttacks, ruckusAuthPortDosAttackLimit } STATUS current DESCRIPTION "A collection of objects that provide interface configuration of FlexAuth feature,common to both MAC-Auth and Dot1x." ::= { ruckusAuthMIBGroups 4 } ruckusAuthFilterConfigGroup OBJECT-GROUP OBJECTS { ruckusAuthFilterMac, ruckusAuthFilterMask, ruckusAuthFilterVlan } STATUS current DESCRIPTION "A collection of objects that provide interface auth filter configuration of FlexAuth feature, common to both MAC-Auth and Dot1x." ::= { ruckusAuthMIBGroups 5 } ruckusAuthSessionsGroup OBJECT-GROUP OBJECTS { ruckusAuthSessionVlan, ruckusAuthSessionTaggedVlan, ruckusAuthSessionUserName, ruckusAuthSessionDeviceType, ruckusAuthSessionStatus, ruckusAuthSessionDot1xStatus, ruckusAuthSessionMethod, ruckusAuthSessionMode, ruckusAuthSessionAgingType, ruckusAuthSessionAge, ruckusAuthSessionTimeout, ruckusAuthSessionIdleTimeout, ruckusAuthSessionTime, ruckusAuthSessionV4IngressAcl, ruckusAuthSessionV4EgressAcl, ruckusAuthSessionV6IngressAcl, ruckusAuthSessionV6EgressAcl, ruckusAuthSessionTxOctets, ruckusAuthSessionRxOctets, ruckusAuthSessionTxPkts, ruckusAuthSessionRxPkts, ruckusAuthSessionFailureReason, ruckusAuthSessionFlags, ruckusAuthSessionAddrType, ruckusAuthSessionAddr } STATUS current DESCRIPTION "A collection of objects that provide session information of a FlexAuth session." ::= { ruckusAuthMIBGroups 6 } ruckusAuthStatsGroup OBJECT-GROUP OBJECTS { ruckusDot1xSessionsAttempted, ruckusDot1xSessionsAccepted, ruckusDot1xSessionsRejected, ruckusDot1xSessionsInProgress, ruckusDot1xSessionsErrored, ruckusMacAuthSessionsAttempted, ruckusMacAuthSessionsAccepted, ruckusMacAuthSessionsRejected, ruckusMacAuthSessionsInProgress, ruckusMacAuthSessionsErrored } STATUS current DESCRIPTION "A collection of objects that provide session statistics of FlexAuth sessions at port level." ::= { ruckusAuthMIBGroups 7 } ruckusDot1xAuthStatsGroup OBJECT-GROUP OBJECTS { ruckusDot1xTxEAPFrames, ruckusDot1xTxEAPReqIdFrames, ruckusDot1xTxEAPReqFrames, ruckusDot1xRxEAPFrames, ruckusDot1xRxEAPStartFrames, ruckusDot1xRxEAPLogOffFrames, ruckusDot1xRxEAPRespIdFrames, ruckusDot1xRxEAPRespFrames, ruckusDot1xRxEAPInvalidFrames, ruckusDot1xRxLengthErrorFrames, ruckusDot1xRxEAPLastFrameVersion, ruckusDot1xRxEAPLastFrameSource } STATUS current DESCRIPTION "A collection of objects that provide Dot1x statistics of Dot1x sessions at port level." ::= { ruckusAuthMIBGroups 8 } ruckusWebAuthConfigGroup OBJECT-GROUP OBJECTS { ruckusWebAuthEnable, ruckusWebAuthTrustPort, ruckusWebAuthMode, ruckusWebAuthMethod, ruckusWebAuthMaxHosts, ruckusWebAuthMaxAuthAttempts, ruckusWebAuthReauthTime, ruckusWebAuthCycleTime, ruckusWebAuthBlockTime, ruckusWebAuthMacAgeTime, ruckusWebAuthPasscode, ruckusWebAuthLocalUserDb, ruckusWebAuthSecureLogin, ruckusWebAuthAccounting, ruckusWebAuthCaptiveProfile, ruckusWebAuthRedirectName, ruckusWebAuthDnsFilterType, ruckusWebAuthDnsFilterAddr, ruckusWebAuthDnsFilterPrefix, ruckusWebAuthWhiteListType, ruckusWebAuthWhiteListAddr, ruckusWebAuthWhiteListPrefix, ruckusWebAuthFilterPort, ruckusWebAuthFilterDuration, ruckusWebAuthFilterAction, ruckusWebAuthCaptivePortalType, ruckusWebAuthCaptivePortalAddr, ruckusWebAuthCaptivePortalPort, ruckusWebAuthCaptivePortalLoginPage } STATUS current DESCRIPTION "A collection of objects that provide WebAuth configuration." ::= { ruckusAuthMIBGroups 9 } END