WebApps/Observium_CE
1
0
Fork 0
Code Pull Requests Activity
Observium_CE/mibs/brocade/RUCKUS-AUTH-MIB

2749 lines
80 KiB
Plaintext
Raw Permalink Blame History

RUCKUS-AUTH-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE,
Integer32, Counter32, Unsigned32, Counter64,
NOTIFICATION-TYPE
FROM SNMPv2-SMI -- [RFC2578]
ifIndex, InterfaceIndex,
InterfaceIndexOrZero
FROM IF-MIB -- [RFC2863]
DisplayString,
MacAddress,
TruthValue,
RowStatus,
TEXTUAL-CONVENTION
FROM SNMPv2-TC -- [RFC2579]
InetAddressType, InetAddress
FROM INET-ADDRESS-MIB -- [RFC4001]
EnabledStatus
FROM P-BRIDGE-MIB
MODULE-COMPLIANCE,
OBJECT-GROUP,
NOTIFICATION-GROUP
FROM SNMPv2-CONF
snSwitch
FROM FOUNDRY-SN-SWITCH-GROUP-MIB;
ruckusAuthMIB MODULE-IDENTITY
LAST-UPDATED "202004170000Z" -- Apr 17, 2020
ORGANIZATION "Ruckus Wireless, Inc."
CONTACT-INFO
"Technical Support Center
350 West Java Drive,
Sunnyvale, CA 94089, USA
Support URL: https://support.ruckuswireless.com
Phone: +1-855-782-5871
ROW TF Numbers:
https://support.ruckuswireless.com/contact-us"
DESCRIPTION
"Management Information for configuration/querying
of Flexible authentication which consists of 802.1X,
MAC-Auth and Web-Auth.
It is grouped into five MIBs -
1. Global level Auth configuration
2. Global level Dot1x configuration
3. Global level MacAuth configuration
4. Global level WebAuth configuration
5. Port level Auth configuration
6. Auth Session information
7. Auth Session Stats information
8. Dot1x Auth Session Stats information
Copyright 1996-2019 Ruckus Wireless, Inc.
All rights reserved.
This Ruckus Wireless, Inc SNMP MIB Specification
embodies Ruckus Wireless, Inc' confidential and
proprietary intellectual property. Ruckus Wireless,
Inc retains all title and ownership in the
Specification, including any revisions.
This Specification is supplied AS IS, and Ruckus
Wireless, Inc makes no warranty, either express or
implied, as to the use, operation, condition, or
performance of the specification, and any unintended
consequence it may on the user environment."
REVISION "202004170000Z"
DESCRIPTION
"Initial Version"
::= { snSwitch 44 }
ruckusAuthNotification OBJECT IDENTIFIER ::= { ruckusAuthMIB 0 }
ruckusAuthObjects OBJECT IDENTIFIER ::= { ruckusAuthMIB 1 }
ruckusAuthConformance OBJECT IDENTIFIER ::= { ruckusAuthMIB 2 }
-- -------------------------------------------------------------
-- Textual Conventions
-- -------------------------------------------------------------
VlanId ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An ID used to represent VLAN identifier in the
system for both untagged and tagged VLANs packets).
When an object is not configured, this could be 0."
SYNTAX INTEGER (0 | 1..4094)
Dot1xAuthState ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The authenticator(PAE) state machine values as
described below.
other(1):
Anything other than following states
initialize(2):
PAE state machine is being initialized
disconnected(3):
Explicit logoff request is received from the
supplicant, or the number of permissible reauth
attempts are exceeded
connecting(4):
Attempting to establish communication with
Supplicant
authenticating(5):
Supplicant is being authenticated
authenticated(6):
The Authenticator has successfully authenticated
the Supplicant.
aborting(7):
The authentication process is aborted for
reasons like receipt of reauth request, an
EAPOL-Start frame, an EAPOL-Logoff frame, or
authentication timeout
held(8):
This state is entered from 'authenticating'
state following authentication failure. When
quietWhile timer expires, the state machine
moves 'connecting' state. In this state, all
EAPOL packets are ignored and discarded, so as
to prevent brute force attacks.
forceAuth(9):
Port is set to Authorized state, so an EAP
Success packet is sent to the Supplicant
forceUnauth(10):
Port is set to Unauthorized state, and an EAP
Failure packet is sent to the Supplicant. When
EAP-Start messages are received from the
Supplicant, the state is re-entered and
subsequent EAP Failure mssages are sent."
SYNTAX INTEGER {
other(1),
initialize(2),
disconnected(3),
connecting(4),
authenticating(5),
authenticated(6),
aborting(7),
held(8),
forceAuth(9),
forceUnauth(10)
}
RuckusAuthMode ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Describes the authentication modes supported with
Ruckus FlexAuth implementation.
singleUntagged(1):
multiple clients are allowed, but all must belong
to one VLAN
multipleUntagged(2):
multiple clients are allowed and each client can
belong to different VLAN
singleHost(3):
only one host is allowed and phones are allowed
without authentication
multipleHosts(4):
multiple hosts are allowed, but all the hosts are
authorized automatically after the first host is
authenticated
This mode can be set globally level and also at port
level if some some ports like to have different
auth-mode than globally configured mode."
SYNTAX INTEGER {
singleUntagged(1),
multipleUntagged(2),
singleHost(3),
multipleHosts(4)
}
RuckusAuthOrder ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Describes which authentication methods to be
attempted in series of methods. Subsequent methods
are tried depending on the outcome of the previous
method and several rules are defined which are not
explined here.
dot1xMauth(1):
IEEE 802.1X protocol (typically used for PCs,
workstations) followed by MAC-Auth method
mauthDot1x(2):
MAC-Auth which uses MAC address user-name
(typically used for phones, fax m/cs, APs,
switches) followed by DOt1x method
This order of methods can be set globally and also
at port level if some some ports like to have
different auth-method order than globally
configured."
SYNTAX INTEGER {
dot1xMauth(1),
mauthDot1x(2)
}
RuckusAuthFailAction ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Describes the action to be taken, when the clients
fail the authentication.
blockTraffic(1):
Clients are blocked access to the network
restrictVlan(2):
Clients are placed in the configured restrict
VLAN, so they have limited access."
SYNTAX INTEGER {
blockTraffic(1),
restrictVlan(2)
}
RuckusAuthTimeoutAction ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Describes the action to be taken, when the
authenticator times out for various readons like
server busy, network access, etc.
failure(1):
The action taken is specified by the
ruckusAuthFailAction object
success(2):
Clients are allowed access to the network
in the default VLAN
criticalVlan(3):
Clients are placed in the configured critical
VLAN, so they have limited access.
other(4):
Authentication keeps happening in a loop."
SYNTAX INTEGER {
failure(1),
success(2),
criticalVlan(3),
other(4)
}
RuckusAuthAging ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Describes, if denied and permitted sessions are
enabled or disabled for aging. A bit field of '1'
indicates enabled, otherwise disabled."
SYNTAX BITS {
deniedSessions(0),
permittedSessions(1)
}
-- ------------------------------------------------------------
-- Groups in the FlexAuth MIB
-- ------------------------------------------------------------
ruckusAuthConfig OBJECT IDENTIFIER ::= { ruckusAuthObjects 1 }
ruckusDot1xAuthConfig OBJECT IDENTIFIER ::= { ruckusAuthObjects 2 }
ruckusMacAuthConfig OBJECT IDENTIFIER ::= { ruckusAuthObjects 3 }
ruckusWebAuthConfig OBJECT IDENTIFIER ::= { ruckusAuthObjects 4 }
ruckusAuthPortConfig OBJECT IDENTIFIER ::= { ruckusAuthObjects 5 }
ruckusAuthFilterConfig OBJECT IDENTIFIER ::= { ruckusAuthObjects 6 }
ruckusAuthSessions OBJECT IDENTIFIER ::= { ruckusAuthObjects 7 }
ruckusAuthStatistics OBJECT IDENTIFIER ::= { ruckusAuthObjects 8 }
-- ------------------------------------------------------------
-- FlexAuth Global Configuration
-- This applies to Dot1x and MAC authentication also
-- ------------------------------------------------------------
ruckusAuthDefaultVlan OBJECT-TYPE
SYNTAX VlanId
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This default VLAN is used to place all the FlexAuth
enabled ports, so this VLAN acts as a VLAN for the
clients to belong to, when authentication server
doesn't assign any VLANs.
A value of zero for this object indicates no default
Vlan configured for this Ruckus device."
::= { ruckusAuthConfig 1 }
ruckusAuthVoiceVlan OBJECT-TYPE
SYNTAX VlanId
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This voice VLAN is used to advertise through
LLDP/CDP on the ports, when connected devices are
detected as Phones and authentication server doesn't
assign any Voice VLAN.
A value of zero for this object indicates no Voice
Vlan configured for this Ruckus device."
::= { ruckusAuthConfig 2 }
ruckusAuthCriticalVlan OBJECT-TYPE
SYNTAX VlanId
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This VLAN is used to place the clients, when the
authentication server times out and the timeout
action is configired as 'critical', so the clients
have limited access.
Refer to ruckusAuthTimeoutAction object for
timeout-action choices.
A value of zero for this object indicates no
Critical Vlan configured for this Ruckus device."
::= { ruckusAuthConfig 3 }
ruckusAuthRestrictVlan OBJECT-TYPE
SYNTAX VlanId
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This VLAN is used to place the clients, when the
clients fail the authentication and the failure
action is configured as 'restrict', so the clients
have limited access.
Refer to ruckusAuthFailAction object for
fail-action choices.
A value of zero for this object indicates no
Restrict Vlan configured for this Ruckus device."
::= { ruckusAuthConfig 4 }
ruckusAuthEnable OBJECT-TYPE
SYNTAX BITS {
dot1x(0),
macAuth(1)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies, which authentication methods are enabled
globally. Unless the method is enabled globally, the
same can't be enabled at port level. A bit field of
'1' indicates enabled, otherwise disabled."
::= { ruckusAuthConfig 5 }
ruckusAuthMode OBJECT-TYPE
SYNTAX RuckusAuthMode
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the authentication mode for all the
FlexAuth enabled ports."
DEFVAL { singleUntagged }
::= { ruckusAuthConfig 6 }
ruckusAuthMethods OBJECT-TYPE
SYNTAX RuckusAuthOrder
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies which authentication methods to be
attempted in series of methods for all FlexAuth
enabled ports."
DEFVAL { dot1xMauth }
::= { ruckusAuthConfig 7 }
ruckusAuthMaxSessions OBJECT-TYPE
SYNTAX Unsigned32 (1..1024)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the maximum number of authenticated
clients allowed on a port. This doesn't include the
clients allowed due to authentication failure and
timeout policies."
DEFVAL { 2 }
::= { ruckusAuthConfig 8 }
ruckusAuthFailAction OBJECT-TYPE
SYNTAX RuckusAuthFailAction
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the action to be taken, when the clients
fail the authentication."
DEFVAL { blockTraffic }
::= { ruckusAuthConfig 9 }
ruckusAuthTimeoutAction OBJECT-TYPE
SYNTAX RuckusAuthTimeoutAction
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the action to be taken, when the
authentication server times out."
DEFVAL { other }
::= { ruckusAuthConfig 10 }
ruckusAuthReauthEnable OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The reauthentication control for all the FlexAuth
enabled ports. Setting this object to 'enabled'
causes every FlexAuth enabled port to reauthenticate
the devices connecting to the port, after every
period of time specified by the object
ruckusAuthReauthPeriod. Setting this object to
'disabled' disables the reauthentication."
DEFVAL { disabled }
::= { ruckusAuthConfig 11 }
ruckusAuthReauthPeriod OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"How often to re-authenticates clients, when periodic
re-authentication is enabled."
DEFVAL { 3600 }
::= { ruckusAuthConfig 12 }
ruckusAuthReauthTimeout OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"How often to re-authenticates clients, when the
clients were allowed due to authentication server
timeout. Value of 0 disables the re-authentication."
DEFVAL { 300 }
::= { ruckusAuthConfig 13 }
ruckusAuthIdleTimeout OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the time to keep the sessions in the
Ruckus device, after the inactivity detection time
expired in the hardware. If the clients start the
traffic in this time, they need not authenticate
again, otherwise they would have to authenticate,
once the session gets deleted.
This can be set from authentication server for each
client and value of 0 is allowed to disable the
aging."
DEFVAL { 120 }
::= { ruckusAuthConfig 14 }
ruckusAuthDeniedTimeout OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the time to keep the denied sessions in
the Ruckus device for the clients which are blocked
as they failed authentication. When the clients
start the traffic again, they will be authenticated."
DEFVAL { 70 }
::= { ruckusAuthConfig 15 }
ruckusAuthAging OBJECT-TYPE
SYNTAX RuckusAuthAging
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies, if denied and permitted sessions are
enabled or disabled for aging. Aging is enabled by
default."
::= { ruckusAuthConfig 16 }
ruckusAuthDefaultV4IngressAcl OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the default User Access List (ACL) applied in the
Ingress direction for the IPv4 traffic for sessins when ACLs
are not dynamically assigned through RADIUS."
::= { ruckusAuthConfig 17 }
ruckusAuthDefaultV4EgressAcl OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the default User Access List (ACL) applied in the
Egress direction for the IPv4 traffic for sessins when ACLs
are not dynamically assigned through RADIUS."
::= { ruckusAuthConfig 18 }
ruckusAuthDefaultV6IngressAcl OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the default User Access List (ACL) applied in the
Ingress direction for the IPv6 traffic for sessins when ACLs
are not dynamically assigned through RADIUS."
::= { ruckusAuthConfig 19 }
ruckusAuthDefaultV6EgressAcl OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the default User Access List (ACL) applied in the
Egress direction for the IPv6 traffic for sessins when ACLs
are not dynamically assigned through RADIUS."
::= { ruckusAuthConfig 20 }
-- ------------------------------------------------------------
-- FlexAuth Dot1X Configuration
-- This applies only to Dot1X authentication
-- ------------------------------------------------------------
ruckusDot1xQuietPeriod OBJECT-TYPE
SYNTAX Unsigned32 (0..4294967295)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"When the Ruckus device is unable to authenticate the
Client, the amount of time the Ruckus device waits
before trying again."
DEFVAL { 60 }
::= { ruckusDot1xAuthConfig 1 }
ruckusDot1xTxPeriod OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"When a Client does not send back an EAP(Extensible
Authentication Protocol)- response/identity frame,
the amount of time the Ruckus device waits before
retransmitting the EAP-request/identity frame to the
Client."
DEFVAL { 30 }
::= { ruckusDot1xAuthConfig 2 }
ruckusDot1xSuppTimeout OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"When a supplicant (Client) does not respond to an
EAP-request frame, the amount of time before the
Ruckus device retransmits the frame."
DEFVAL { 30 }
::= { ruckusDot1xAuthConfig 3 }
ruckusDot1xMaxReq OBJECT-TYPE
SYNTAX Unsigned32 (1..10)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of times the Ruckus device retransmits an
EAP-request/identity request frame if it does not
receive an EAP-response/identity response frame from
the Client."
DEFVAL { 2 }
::= { ruckusDot1xAuthConfig 4 }
ruckusDot1xMaxReauthReq OBJECT-TYPE
SYNTAX Unsigned32 (1..10)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of re-authentication attempts that are
permitted before the port becomes Unauthorized."
DEFVAL { 2 }
::= { ruckusDot1xAuthConfig 5 }
ruckusDot1xGuestVlan OBJECT-TYPE
SYNTAX VlanId
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This VLAN is used to place the clients, when the
supplicant/client times out as it's not capable of
IEEE-802.1X authentication protocol.
A value of zero for this object indicates no Guest
Vlan configured for the interface."
::= { ruckusDot1xAuthConfig 6 }
ruckusDot1xMacAuthOverride OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies if the MAC-Authentication should be tried
next when a client fails authentication with Dot1x
authentication method.
This may be required when devices are Dot1x capable,
but authentication server is not configured with
user profiles, instead it's configured with device
profiles, so MAC-Authentication can succeed."
DEFVAL { disabled }
::= { ruckusDot1xAuthConfig 7 }
-- ------------------------------------------------------------
-- FlexAuth MAC-Auth Configuration
-- This applies only to MAC authentication
-- ------------------------------------------------------------
ruckusMacAuthPasswordFormat OBJECT-TYPE
SYNTAX INTEGER {
dashFormat(1),
colonFormat(2),
dotFormat(3),
normalFormat(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the format to be used for MAC address,
which is used as credential in MAC-authentication.
As MAC addresses are represented in different
formats, all such formats are supported as given in
options above.
dashFormat(1): username/password gets formatted as
xx-xx-xx-xx-xx-xx
colonFormat(2): username/password gets formatted as
xx:xx:xx:xx:xxxx
dotFormat(3): username/password gets formatted as
xxxx.xxxx.xxxx
normalFormat(4):username/password gets formatted as
xxxxxxxxxxxx"
DEFVAL { normalFormat }
::= { ruckusMacAuthConfig 1 }
ruckusMacAuthPasswordOverride OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the password to be used for all MAC-
authentication clients.
This is normally of 0 length string, which means the
client MAC address is used as the password."
::= { ruckusMacAuthConfig 2 }
ruckusMacAuthDot1xOverride OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies if the Dot1x should be tried next when a client
fails authentication with MAC-Authentication method.
This may be required when devices are Dot1x capable,
authentication order is MAC-Auth followed by Dot1x,
and authentication server is not configured with
device profiles, instead it's configured with user
profiles, so Dot1x can succeed."
DEFVAL { disabled }
::= { ruckusMacAuthConfig 3 }
ruckusMacAuthDot1xEnable OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies if the Dot1x should be tried next when a client
succeeds authentication with MAC-Authentication method.
This may be required when devices are not Dot1x capable,
authentication order is MAC-Auth followed by Dot1x,
and authentication server is not configured with
user profiles, instead it's configured with device
profiles, so MAC-Auth can succeed."
DEFVAL { enabled }
::= { ruckusMacAuthConfig 4 }
-- ------------------------------------------------------------
-- FlexAuth Web-Auth Configuration
-- This applies only to Web Authentication
-- ------------------------------------------------------------
ruckusWebAuthTable OBJECT-TYPE
SYNTAX SEQUENCE OF RuckusWebAuthEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table that allows configuration of WebAuth for a
specified VLAN. WebAuth is configured at the VLAN
level unlike MAC-Auth and Dot1x at the port level.
An entry exists in this table for each configured
VLAN with WebAuth."
::= { ruckusWebAuthConfig 1 }
ruckusWebAuthEntry OBJECT-TYPE
SYNTAX RuckusWebAuthEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry of WebAuth configuration."
INDEX { ruckusWebAuthVlan }
::= { ruckusWebAuthTable 1 }
RuckusWebAuthEntry ::= SEQUENCE {
ruckusWebAuthVlan VlanId,
ruckusWebAuthEnable EnabledStatus,
ruckusWebAuthMode INTEGER,
ruckusWebAuthMethod INTEGER,
ruckusWebAuthMaxHosts Unsigned32,
ruckusWebAuthMaxAuthAttempts Unsigned32,
ruckusWebAuthReauthTime Unsigned32,
ruckusWebAuthCycleTime Unsigned32,
ruckusWebAuthBlockTime Unsigned32,
ruckusWebAuthMacAgeTime Unsigned32,
ruckusWebAuthPasscode DisplayString,
ruckusWebAuthLocalUserDb DisplayString,
ruckusWebAuthSecureLogin EnabledStatus,
ruckusWebAuthAccounting EnabledStatus,
ruckusWebAuthCaptiveProfile DisplayString,
ruckusWebAuthRedirectName DisplayString,
ruckusWebAuthWebpageRemoveUserId EnabledStatus,
ruckusWebAuthWebpageUsernameLabel DisplayString,
ruckusWebAuthWebpagePasswordLabel DisplayString,
ruckusWebAuthUpLinkPort InterfaceIndexOrZero,
ruckusWebAuthWebpageTop DisplayString,
ruckusWebAuthWebpageBottom DisplayString,
ruckusWebAuthWebpageTitle DisplayString,
ruckusWebAuthWebpageLoginButton DisplayString
}
ruckusWebAuthVlan OBJECT-TYPE
SYNTAX VlanId
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Specifies the VLAN, this configuration entry applies to."
::= { ruckusWebAuthEntry 1 }
ruckusWebAuthEnable OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies if Web-Auth is enabled or disabled."
DEFVAL { disabled }
::= { ruckusWebAuthEntry 2 }
ruckusWebAuthMode OBJECT-TYPE
SYNTAX INTEGER {
none(1),
passcode(2),
password(3),
captivePortal(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the authentication mode used for authenticating
the users.
none - no authentication is performed
passcode - passcode based authentication, where the
passcode can be statitically configured or
generated dynamically
password - username and password based authentication,
where local user database or external RADIUS
server is used
captivePortal- external Captive Portal is used through
redirection"
::= { ruckusWebAuthEntry 3 }
ruckusWebAuthMethod OBJECT-TYPE
SYNTAX INTEGER {
radius(1),
local(2),
radiusLocal(3),
localRadius(4),
none(5)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"When the AuthMode is configured as password, this specifies
the order for performing authentication.
radius - RADIUS server for authentication
local - Local user DB for authentication
radiusLocal - RADIUS followed by Local User DB
localRadius - Local User DB followed by RADIUS
none - none of these methods."
DEFVAL { radius }
::= { ruckusWebAuthEntry 4 }
ruckusWebAuthMaxHosts OBJECT-TYPE
SYNTAX Unsigned32 (0..8192)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the maximum number of hosts allowed to be
authenticated. Value 0 means no limit."
DEFVAL { 0 }
::= { ruckusWebAuthEntry 5 }
ruckusWebAuthMaxAuthAttempts OBJECT-TYPE
SYNTAX Unsigned32 (0..64)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the maximum number of attempts allowed during the
auth cycle, after which the user is blocked for configured
amount of time, before next authentication. The value of 0
means no limit."
DEFVAL { 5 }
::= { ruckusWebAuthEntry 6 }
ruckusWebAuthReauthTime OBJECT-TYPE
SYNTAX Unsigned32 (0..128000)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the re-authentication time, so the authenticated
users can be periodically reauthenticated after the timeout
specified through this object. Value 0 means no limit"
DEFVAL { 28800 }
::= { ruckusWebAuthEntry 7 }
ruckusWebAuthCycleTime OBJECT-TYPE
SYNTAX Unsigned32 (0..3600)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the time of the authentication since the first
attempted user authentication, after which the user is not
allowed to authenticate and must reload the login-page to
start authentication. Value of 0 means no limit."
DEFVAL { 600 }
::= { ruckusWebAuthEntry 8 }
ruckusWebAuthBlockTime OBJECT-TYPE
SYNTAX Unsigned32 (0..12800)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the time for blocking the user when successive
attempts have failed resulting in blocking the user. Value of
0 means, the user is blocked permanently."
DEFVAL { 90 }
::= { ruckusWebAuthEntry 9 }
ruckusWebAuthMacAgeTime OBJECT-TYPE
SYNTAX Unsigned32 (0..3600)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the the time which together with mac-age-time of the
switch is considered an inactive time of the authenticated
host, after which the device is forced to reauthenticate.
The value can be 0 meaning no aging, the maximum can be upto
the specified reauth-time."
DEFVAL { 3600 }
::= { ruckusWebAuthEntry 10 }
ruckusWebAuthPasscode OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the statically configured passcode used to
authenticate when passcode is used auth-method. The passcode
is digits only.
This can consist of upto 4 passcodes where each entry is seperated
by space or tab."
::= { ruckusWebAuthEntry 11 }
ruckusWebAuthLocalUserDb OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the locally configured User Database for use
in authentication, when the auth-methos is password."
::= { ruckusWebAuthEntry 12 }
ruckusWebAuthSecureLogin OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies if HTTPS is used for authentication or not."
DEFVAL { enabled }
::= { ruckusWebAuthEntry 13 }
ruckusWebAuthAccounting OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies if accounting is enbled or disabled."
DEFVAL { disabled }
::= { ruckusWebAuthEntry 14 }
ruckusWebAuthCaptiveProfile OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the name of the configured Captive Portal profile,
which should be used for redirection, if the auth-method is
configured as captivePortal."
::= { ruckusWebAuthEntry 15 }
ruckusWebAuthRedirectName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the name to be used for URL when internal authentication
is used dusring authentication for prompting username/password
from the users, otherwise switch IP address is used. This must be
valid domain name for the switch."
::= { ruckusWebAuthEntry 16 }
ruckusWebAuthWebpageRemoveUserId OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies if user-id field in custom webauth login page is disabled or not,
default value is disable, i.e., user-id field is displayed"
DEFVAL { disabled }
::= { ruckusWebAuthEntry 17 }
ruckusWebAuthWebpageUsernameLabel OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the name to be used for user-id label in webauth login page"
::= { ruckusWebAuthEntry 18 }
ruckusWebAuthWebpagePasswordLabel OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the name to be used for password label in webauth login page"
::= { ruckusWebAuthEntry 19 }
ruckusWebAuthUpLinkPort OBJECT-TYPE
SYNTAX InterfaceIndexOrZero
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the port to be used as uplink port in network segmentation deployment"
::= { ruckusWebAuthEntry 20 }
ruckusWebAuthWebpageTop OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the name to be used for Top of webauth login page"
::= { ruckusWebAuthEntry 21 }
ruckusWebAuthWebpageBottom OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the name to be used for Bottom of webauth login page"
::= { ruckusWebAuthEntry 22 }
ruckusWebAuthWebpageTitle OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the name to be used for Title in webauth login page"
::= { ruckusWebAuthEntry 23 }
ruckusWebAuthWebpageLoginButton OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the name to be used for Login-button in webauth login page"
::= { ruckusWebAuthEntry 24 }
-- ------------------------------------------------------------
-- WebAuth TrustPort Configuration
-- This applies for Web authentication at VLAN level
-- ------------------------------------------------------------
ruckusWebAuthTrustPortTable OBJECT-TYPE
SYNTAX SEQUENCE OF RuckusWebAuthTrustPortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table that allows configuration of WebAuth Trust
ports which are skipped from authentication in the
given VLAN and are typically uplink ports.
An entry exists in this table for every Trust Port
defined on this VLAN."
::= { ruckusWebAuthConfig 2 }
ruckusWebAuthTrustPortEntry OBJECT-TYPE
SYNTAX RuckusWebAuthTrustPortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry in WebAuth Trust Port table."
INDEX { ruckusWebAuthVlan, ruckusWebAuthTrustPort }
::= { ruckusWebAuthTrustPortTable 1 }
RuckusWebAuthTrustPortEntry ::= SEQUENCE {
ruckusWebAuthTrustPort InterfaceIndex
}
ruckusWebAuthTrustPort OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the trusted port or the up-link port, which is
considered secure, so authentication is not performed
on that port.
This port generally provides access to the corporate or
Internet or other network for resource access during
authentication."
::= { ruckusWebAuthTrustPortEntry 1 }
-- ------------------------------------------------------------
-- WebAuth DNS Filter Configuration
-- This applies for Web authentication at VLAN level
-- ------------------------------------------------------------
ruckusWebAuthDnsFilterTable OBJECT-TYPE
SYNTAX SEQUENCE OF RuckusWebAuthDnsFilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table that allows configuration of WebAuth DNS
filters which are qualified DNS servers and should
be allowed access during authentication for DNS
queries by clients.
An entry exists in this table for every DNS filter
defined on this VLAN."
::= { ruckusWebAuthConfig 3 }
ruckusWebAuthDnsFilterEntry OBJECT-TYPE
SYNTAX RuckusWebAuthDnsFilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry in WebAuth DNS-Filter table."
INDEX { ruckusWebAuthVlan, ruckusWebAuthDnsFilterId }
::= { ruckusWebAuthDnsFilterTable 1 }
RuckusWebAuthDnsFilterEntry ::= SEQUENCE {
ruckusWebAuthDnsFilterId INTEGER,
ruckusWebAuthDnsFilterType InetAddressType,
ruckusWebAuthDnsFilterAddr InetAddress,
ruckusWebAuthDnsFilterPrefix Unsigned32
}
ruckusWebAuthDnsFilterId OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An index into the DNS filter table."
::= { ruckusWebAuthDnsFilterEntry 1 }
ruckusWebAuthDnsFilterType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The address type of the this filter entry, a V4 or V6 address."
::= { ruckusWebAuthDnsFilterEntry 2 }
ruckusWebAuthDnsFilterAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The DNS server address, which is a V4 or V6 address."
::= { ruckusWebAuthDnsFilterEntry 3 }
ruckusWebAuthDnsFilterPrefix OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The DNS server server prefix, which applies to V4/V6 addresses."
::= { ruckusWebAuthDnsFilterEntry 4 }
-- ------------------------------------------------------------
-- WebAuth Trusted Server or White List Configuration
-- This applies for Web authentication only
-- ------------------------------------------------------------
ruckusWebAuthWhiteListTable OBJECT-TYPE
SYNTAX SEQUENCE OF RuckusWebAuthWhiteListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table that allows configuration of WebAuth Whitelist
entries which are qualified external servers that should
be allowed access during authentication for various needs
by clients.
An entry exists in this table for every Whitelist server
defined on this VLAN."
::= { ruckusWebAuthConfig 4 }
ruckusWebAuthWhiteListEntry OBJECT-TYPE
SYNTAX RuckusWebAuthWhiteListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry in WebAuth Whitelist table."
INDEX { ruckusWebAuthVlan, ruckusWebAuthWhiteListId }
::= { ruckusWebAuthWhiteListTable 1 }
RuckusWebAuthWhiteListEntry ::= SEQUENCE {
ruckusWebAuthWhiteListId INTEGER,
ruckusWebAuthWhiteListType InetAddressType,
ruckusWebAuthWhiteListAddr InetAddress,
ruckusWebAuthWhiteListPrefix Unsigned32
}
ruckusWebAuthWhiteListId OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An index into the White List Server table."
::= { ruckusWebAuthWhiteListEntry 1 }
ruckusWebAuthWhiteListType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The address type of the this whitelist entry, a V4 or V6 or DNS name."
::= { ruckusWebAuthWhiteListEntry 2 }
ruckusWebAuthWhiteListAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The whitelist server address, which is a V4 or V6 address or DNS name."
::= { ruckusWebAuthWhiteListEntry 3 }
ruckusWebAuthWhiteListPrefix OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The whitelist server prefix, which applies to V4/V6 addresses."
::= { ruckusWebAuthWhiteListEntry 4 }
-- ------------------------------------------------------------
-- WebAuth Auth Filter Configuration
-- This applies for Web authentication at VLAN/port level
-- ------------------------------------------------------------
ruckusWebAuthFilterTable OBJECT-TYPE
SYNTAX SEQUENCE OF RuckusWebAuthFilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table that allows configuration of WebAuth auth-
filters which are applied to statically authenticate
the clients without the need for authentication.
This comes in for help to permit/deny pre-defined
clients and save time in authentication. An entry
exists in this table for every auth-filter defined
on this VLAN."
::= { ruckusWebAuthConfig 5 }
ruckusWebAuthFilterEntry OBJECT-TYPE
SYNTAX RuckusWebAuthFilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry in WebAuth Auth-Filter table."
INDEX { ruckusWebAuthVlan, ruckusWebAuthFilterMac }
::= { ruckusWebAuthFilterTable 1 }
RuckusWebAuthFilterEntry ::= SEQUENCE {
ruckusWebAuthFilterMac MacAddress,
ruckusWebAuthFilterPort InterfaceIndexOrZero,
ruckusWebAuthFilterDuration Unsigned32,
ruckusWebAuthFilterAction INTEGER
}
ruckusWebAuthFilterMac OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the MAC Address of the filter for matching
the authenticating clients through static authentication."
::= { ruckusWebAuthFilterEntry 1 }
ruckusWebAuthFilterPort OBJECT-TYPE
SYNTAX InterfaceIndexOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the port in the VLAN, where this filter should
be applied. If the port not valid, the entry applies to
all ports in VLAN."
::= { ruckusWebAuthFilterEntry 2 }
ruckusWebAuthFilterDuration OBJECT-TYPE
SYNTAX Unsigned32 (0..12800)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the time for blocking or allowing the user when
the filter results in authenticating the user (matches).
Value of 0 means, the user is blocked permanently or
allowed permanently."
::= { ruckusWebAuthFilterEntry 3 }
ruckusWebAuthFilterAction OBJECT-TYPE
SYNTAX INTEGER {
permit(1),
deny(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the action to be performed when this filter
is applied on the authenticating client when matching
occurs.
permit(1) - allow the client in specified VLAN
deny(2) - block the client"
::= { ruckusWebAuthFilterEntry 4 }
-- ------------------------------------------------------------
-- WebAuth Captive Portal Configuration
-- This applies for Web authentication only
-- ------------------------------------------------------------
ruckusWebAuthCaptivePortalTable OBJECT-TYPE
SYNTAX SEQUENCE OF RuckusWebAuthCaptivePortalEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table that allows configuration of WebAuth Captive
profiles for various external WebAuth servers.
The rntry provides the server information such as
the DNS name or address, port and login page where
the authenticating client should be redirected to."
::= { ruckusWebAuthConfig 6 }
ruckusWebAuthCaptivePortalEntry OBJECT-TYPE
SYNTAX RuckusWebAuthCaptivePortalEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry in WebAuth Captive Poratl table."
INDEX { IMPLIED ruckusWebAuthCaptivePortalName }
::= { ruckusWebAuthCaptivePortalTable 1 }
RuckusWebAuthCaptivePortalEntry ::= SEQUENCE {
ruckusWebAuthCaptivePortalName DisplayString,
ruckusWebAuthCaptivePortalType InetAddressType,
ruckusWebAuthCaptivePortalAddr InetAddress,
ruckusWebAuthCaptivePortalPort Unsigned32,
ruckusWebAuthCaptivePortalLoginPage DisplayString
}
ruckusWebAuthCaptivePortalName OBJECT-TYPE
SYNTAX DisplayString (SIZE (1..32))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Specifies the name of the profile entry."
::= { ruckusWebAuthCaptivePortalEntry 1 }
ruckusWebAuthCaptivePortalType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the Captive server type - qualified name or IP address."
::= { ruckusWebAuthCaptivePortalEntry 2 }
ruckusWebAuthCaptivePortalAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the Captive server qualified name or IP address."
::= { ruckusWebAuthCaptivePortalEntry 3 }
ruckusWebAuthCaptivePortalPort OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the Captive server port for HTTP/HTTPS access."
DEFVAL { 443 }
::= { ruckusWebAuthCaptivePortalEntry 4 }
ruckusWebAuthCaptivePortalLoginPage OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the login page of the Captive server, where the client
should be redirected to."
::= { ruckusWebAuthCaptivePortalEntry 5 }
-- ------------------------------------------------------------
-- FlexAuth Port Configuration
-- This applies for Dot1x and MAC authentication at port level
-- ------------------------------------------------------------
ruckusAuthPortTable OBJECT-TYPE
SYNTAX SEQUENCE OF RuckusAuthPortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table that allows configuration of FlexAuth,
including Dot1x and MAC-Auth for a specified port.
Most objects at the port level oerride the similar
configured objects at the global level.
An entry exists in this table for each configured
with FlexAuth."
::= { ruckusAuthPortConfig 1 }
ruckusAuthPortEntry OBJECT-TYPE
SYNTAX RuckusAuthPortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry of FlexAuth port configuration."
INDEX { ifIndex }
::= { ruckusAuthPortTable 1 }
RuckusAuthPortEntry ::= SEQUENCE {
ruckusAuthPortEnable BITS,
ruckusAuthPortDot1xControl INTEGER,
ruckusAuthPortDefaultVlan VlanId,
ruckusAuthPortVoiceVlan VlanId,
ruckusAuthPortCriticalVlan VlanId,
ruckusAuthPortRestrictVlan VlanId,
ruckusAuthPortMode RuckusAuthMode,
ruckusAuthPortMethods RuckusAuthOrder,
ruckusAuthPortMaxSessions Unsigned32,
ruckusAuthPortFailAction RuckusAuthFailAction,
ruckusAuthPortTimeoutAction RuckusAuthTimeoutAction,
ruckusAuthPortReauthTimeout Unsigned32,
ruckusAuthPortAging RuckusAuthAging,
ruckusAuthPortAllowTagged EnabledStatus,
ruckusAuthPortSourceGuard EnabledStatus,
ruckusAuthPortDosAttacks EnabledStatus,
ruckusAuthPortDosAttackLimit Unsigned32
}
ruckusAuthPortEnable OBJECT-TYPE
SYNTAX BITS {
dot1x(0),
macAuth(1)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies authentication methods that are enabled on
this port. Unless the method is enabled globally,
the same can't be enabled at port level. A bit field
of '1' indicates enabled, otherwise disabled."
::= {ruckusAuthPortEntry 1}
ruckusAuthPortDot1xControl OBJECT-TYPE
SYNTAX INTEGER {
forceUnauthorized(1),
controlauto(2),
forceAuthorized(3),
other(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the Dot1x operating mode for this port,
when Dot1x is enabled.
force-unauthorized(1)- port's controlled port is
placed unconditionally in
the unauthorized state
control-auto(2) - the controlled port is
unauthorized until
authentication takes place
between client and server
force-authorized(3) - the port's controlled port is
placed unconditionally in the
authorized state
other(4) - not initialized"
DEFVAL { forceAuthorized }
::= { ruckusAuthPortEntry 2 }
ruckusAuthPortDefaultVlan OBJECT-TYPE
SYNTAX VlanId
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This default VLAN is used to place this port, so
this VLAN acts as a VLAN for the clients to belong
to, when authentication server doesn't assign any
VLANs.
A value of zero for this object indicates no default
Vlan is configured for this port on this Ruckus
device, so the global default VLAN is used."
::= { ruckusAuthPortEntry 3 }
ruckusAuthPortVoiceVlan OBJECT-TYPE
SYNTAX VlanId
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This voice VLAN is used to advertise through
LLDP/CDP on this port, when connected devices are
detected as Phones and authentication server doesn't
assign any Voice VLAN.
A value of zero for this object indicates no Voice
Vlan is configured for this port on this Ruckus
device, so the global Voice VLAN is used."
::= { ruckusAuthPortEntry 4 }
ruckusAuthPortCriticalVlan OBJECT-TYPE
SYNTAX VlanId
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This VLAN is used to place the clients of this port,
when the authentication server times out and the
port auth-timeout-action is configired as
'critical', so the clients have limited access.
Refer to ruckusAuthPortTimeoutAction object for
timeout-action choices.
A value of zero for this object indicates no
Critical Vlan is configured for this port on this
Ruckus device, so the global Critical VLAN is used."
::= { ruckusAuthPortEntry 5 }
ruckusAuthPortRestrictVlan OBJECT-TYPE
SYNTAX VlanId
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This VLAN is used to place the clients of this port,
when the clients fail the authentication and the
auth-failure-action is configured as 'restrict', so
the clients have limited access.
Refer to ruckusAuthPortFailAction object for
fail-action choices.
A value of zero for this object indicates no
Restrict Vlan is configured for this port on this
Ruckus device, so the global Restrict VLAN is used."
::= { ruckusAuthPortEntry 6 }
ruckusAuthPortMode OBJECT-TYPE
SYNTAX RuckusAuthMode
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the authentication mode for this port.
This overrides the globally configured value."
DEFVAL { singleUntagged }
::= { ruckusAuthPortEntry 7 }
ruckusAuthPortMethods OBJECT-TYPE
SYNTAX RuckusAuthOrder
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies authentication methods to be attempted in
series of methods for this port. This overrides the
globally configured value."
DEFVAL { dot1xMauth }
::= { ruckusAuthPortEntry 8 }
ruckusAuthPortMaxSessions OBJECT-TYPE
SYNTAX Unsigned32 (1..1024)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the maximum number of authenticated
clients allowed on this port. This doesn't include
the clients allowed due to authentication failure
and timeout policies."
DEFVAL { 2 }
::= { ruckusAuthPortEntry 9 }
ruckusAuthPortFailAction OBJECT-TYPE
SYNTAX RuckusAuthFailAction
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the action to be taken on this port. This
overrides the globally set value."
DEFVAL { blockTraffic }
::= { ruckusAuthPortEntry 10 }
ruckusAuthPortTimeoutAction OBJECT-TYPE
SYNTAX RuckusAuthTimeoutAction
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the action to be taken on this port, when
the authentication server times out for various
readons like server busy, network access, etc. This
overrides the globally set value."
DEFVAL { other }
::= { ruckusAuthPortEntry 11 }
ruckusAuthPortReauthTimeout OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"How often to re-authenticates clients of this port,
when the clients were allowed due to authentication
server timeout. Value of 0 disables the
re-authentication."
DEFVAL { 300 }
::= { ruckusAuthPortEntry 12 }
ruckusAuthPortAging OBJECT-TYPE
SYNTAX RuckusAuthAging
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies, if denied and permitted sessions are
enabled or disabled for aging on this port. This
overrided the global value."
::= { ruckusAuthPortEntry 13 }
ruckusAuthPortAllowTagged OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies, if denied and permitted sessions are
enabled or disabled for aging on this port. A bit
field of '1' indicates enabled, otherwise disabled."
DEFVAL { disabled }
::= { ruckusAuthPortEntry 14 }
ruckusAuthPortSourceGuard OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Source guard enabling ensures that the client IP
address to be learned and allow the packets matching
that IP address only. This is implied when user ACLs
are applied on the port, so has impact only
otherwise."
DEFVAL { disabled }
::= { ruckusAuthPortEntry 15 }
ruckusAuthPortDosAttacks OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies to prevent/allow Denial of Service attacks
on this port. Constantly sending packets from
different clients (MAC addresses) causes DOS, as the
clients are not allowed without authentication,
which may cause exhausing of system resources."
DEFVAL { disabled }
::= { ruckusAuthPortEntry 16 }
ruckusAuthPortDosAttackLimit OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The maximum number of clients to be allowed at any
time without authentication, and if authentication
pending clients exceed the configured limit (as
specified by this object), the port gets shutdown to
prevent DOS attacks."
DEFVAL { 512 }
::= { ruckusAuthPortEntry 17 }
-- ------------------------------------------------------------
-- FlexAuth Port Auth Filter Configuration
-- This applies for Dot1x and MAC authentication at port level
-- ------------------------------------------------------------
ruckusAuthFilterTable OBJECT-TYPE
SYNTAX SEQUENCE OF RuckusAuthFilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table that allows configuration of FlexAuth auth-
filters which are applied to statically authenticate
the clients without the need for RADIUS server
authenticator.
This comes in for help to permit/deny pre-defined
clients and save time in authentication. An entry
exists in this table for every auth-filter bound
on the port."
::= { ruckusAuthFilterConfig 1 }
ruckusAuthFilterEntry OBJECT-TYPE
SYNTAX RuckusAuthFilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry of FlexAuth port Auth-Filter configuration."
INDEX { ifIndex, ruckusAuthFilterId }
::= { ruckusAuthFilterTable 1 }
RuckusAuthFilterEntry ::= SEQUENCE {
ruckusAuthFilterId INTEGER,
ruckusAuthFilterMac MacAddress,
ruckusAuthFilterMask MacAddress,
ruckusAuthFilterVlan VlanId,
ruckusAuthFilterAction INTEGER
}
ruckusAuthFilterId OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An index into the authe filter table."
::= { ruckusAuthFilterEntry 1 }
ruckusAuthFilterMac OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the MAC Address of the filter for matching
the authenticating clients through static authentication."
::= { ruckusAuthFilterEntry 2 }
ruckusAuthFilterMask OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the Mask of the filter for matching the
incoming clients through static authentication. The mask
is applied on MAC in the filter and client MAC before the
matching decision is made."
::= { ruckusAuthFilterEntry 3 }
ruckusAuthFilterVlan OBJECT-TYPE
SYNTAX VlanId
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the VLAN which should be used to place the
authenticating client after the matching is done. This
VLAN applies only when the action is permit. Denied
clients are always blocked."
::= { ruckusAuthFilterEntry 4 }
ruckusAuthFilterAction OBJECT-TYPE
SYNTAX INTEGER {
permit(1),
deny(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the action to be performed when this filter
is applied on the authenticating client and matching
occurs.
permit(1) - allow the client in specified VLAN
deny(2) - block the client"
::= { ruckusAuthFilterEntry 5 }
-- ------------------------------------------------------------
-- FlexAuth Sessions
-- This applies for Dot1x and MAC-Auth sessions at port level
-- ------------------------------------------------------------
ruckusAuthSessionTable OBJECT-TYPE
SYNTAX SEQUENCE OF RuckusAuthSessionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table providing information about the FlexAuth
sessions for each client at port level in the
Ruckus device.
This table contains entries for all the clients
authenticated or failed on a given port.
Entries get created when clients are authenticated
amd cleared when they logoff or timeout."
::= { ruckusAuthSessions 1 }
ruckusAuthSessionEntry OBJECT-TYPE
SYNTAX RuckusAuthSessionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry containing information about the FlexAuth
session of a specified client on a port"
INDEX { ifIndex, ruckusAuthSessionMac }
::= { ruckusAuthSessionTable 1 }
RuckusAuthSessionEntry ::= SEQUENCE {
ruckusAuthSessionMac MacAddress,
ruckusAuthSessionVlan VlanId,
ruckusAuthSessionVlanType INTEGER,
ruckusAuthSessionTaggedVlan VlanId,
ruckusAuthSessionUserName DisplayString,
ruckusAuthSessionDeviceType INTEGER,
ruckusAuthSessionMethod INTEGER,
ruckusAuthSessionMode RuckusAuthMode,
ruckusAuthSessionStatus INTEGER,
ruckusAuthSessionDot1xStatus Dot1xAuthState,
ruckusAuthSessionAgingType INTEGER,
ruckusAuthSessionAge Unsigned32,
ruckusAuthSessionTimeout Unsigned32,
ruckusAuthSessionIdleTimeout Unsigned32,
ruckusAuthSessionTime Unsigned32,
ruckusAuthSessionV4IngressAcl DisplayString,
ruckusAuthSessionV4EgressAcl DisplayString,
ruckusAuthSessionV6IngressAcl DisplayString,
ruckusAuthSessionV6EgressAcl DisplayString,
ruckusAuthSessionTxOctets Counter64,
ruckusAuthSessionRxOctets Counter64,
ruckusAuthSessionTxPkts Counter64,
ruckusAuthSessionRxPkts Counter64,
ruckusAuthSessionFailureReason DisplayString,
ruckusAuthSessionFlags BITS
}
ruckusAuthSessionMac OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the MAC Address of the client
(device/host) represented by this session entry"
::= { ruckusAuthSessionEntry 1 }
ruckusAuthSessionVlan OBJECT-TYPE
SYNTAX VlanId
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the VLAN, the client (device/host) belongs
to, represented by this session entry.
In case of voice-phones, this VLAN is the voice-VLAN
(tagged) and in all other cases, most likely an
untagged VLAN, unless it's a tagged VM client"
::= { ruckusAuthSessionEntry 2 }
ruckusAuthSessionVlanType OBJECT-TYPE
SYNTAX INTEGER {
default(1),
retrict(2),
critical(3),
guest(4),
radius(5)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Decribes the type of the VLAN associated with the session.
default(1) - Default VLANs as configured on Ruckus device
restrict(2) - Restricted VLAN as authentication failed
critical(3) - Critical VLAN as authentication timed out
guest(4) - Guest VLAN as client is not Dot1x capable
radius(5) - RADIUS (auth) server assigned VLAN"
::= { ruckusAuthSessionEntry 3 }
ruckusAuthSessionTaggedVlan OBJECT-TYPE
SYNTAX VlanId
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Tagged VLAN or Voice VLAN sent by the RADIUS server, so
the port gets added to the VLAN, to prepare the device
to send tagged packets in case of phones."
::= { ruckusAuthSessionEntry 4 }
ruckusAuthSessionUserName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the User name associated with the client,
represented by this session.
In case of Dot1x sessions, it's the username used by
the user to log into the network; whereas in case of
MAC-Auth, it could be MAC address or user name
assigned by RADIUS server in ACCESS-ACCEPT packet
during authentication."
::= { ruckusAuthSessionEntry 5 }
ruckusAuthSessionDeviceType OBJECT-TYPE
SYNTAX INTEGER {
phone(1),
wlanAP(2),
router(3),
bridge(4),
other(8)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Decribes the type of the client connnected and
authenticated on this port."
::= { ruckusAuthSessionEntry 6 }
ruckusAuthSessionMethod OBJECT-TYPE
SYNTAX INTEGER {
dot1x(1),
macAuth(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the authentication method that is used for
authenticating the client on this port represented
by this session.
It's possible that both authentication methods are
tried, both either succeeded or failed and the
resulting status is generally decided by the last
method."
::= { ruckusAuthSessionEntry 7 }
ruckusAuthSessionMode OBJECT-TYPE
SYNTAX RuckusAuthMode
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the authentication mode applied for this
client on this port."
::= { ruckusAuthSessionEntry 8 }
ruckusAuthSessionStatus OBJECT-TYPE
SYNTAX INTEGER {
allowed(1),
blocked(2),
restrict(3),
critical(4),
guest(5),
other(6)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The authentication state of the session which can
take the following values.
allowed - client authentication is successful, so
the complete access is granted
blocked - client failed authentication, so access
is denied
restrict - client failed authentication, but
allowed restricted access
critical - client authentication timedout, so
access is limited to critical operations
guest - client is not Dot1x capable, so allowed
guest role access"
::= { ruckusAuthSessionEntry 9 }
ruckusAuthSessionDot1xStatus OBJECT-TYPE
SYNTAX Dot1xAuthState
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the state of Dot1x authentication, if the
client is using Dot1x for authentication."
::= { ruckusAuthSessionEntry 10 }
ruckusAuthSessionAgingType OBJECT-TYPE
SYNTAX INTEGER {
software(1),
hardware(2),
enabled(3),
disabled(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the aging status of the client session
which can be of the following values.
software(1):
Client MAC entry is cleared as the entry
timedout in hardware for configured inactivity
period, so it has entered software aging state
hardware(2):
Client MAC has detected the inactivity on the
port, so entered the hardware aging state
enabled(3):
Aging is enabled and there is no detection of
inactivity on the port for this client, so aging
has not started
disabled(4):
Aging is disabled for this client, so any amount
of inactivity period doesn't clear the session
"
::= { ruckusAuthSessionEntry 11 }
ruckusAuthSessionAge OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"When the aging type is either software or hardware,
this object indicates the time, the session had been
in that state. When the configured maximum time is
reached, the aging state moves from hardware to
software or session is cleared."
::= { ruckusAuthSessionEntry 12 }
ruckusAuthSessionTimeout OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the maximum amount of time, the session
should exit before re-authenticating or terminating
the sessions depending on another RADIUS attribute
'Termination-Action'."
::= { ruckusAuthSessionEntry 13 }
ruckusAuthSessionIdleTimeout OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the maximum amount of time after which the
session is cleared when there is no traffic from the
client. A value of 0 means, the sessions never gets
terminated due to inactivity."
::= { ruckusAuthSessionEntry 14 }
ruckusAuthSessionTime OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indcates the session UP time since the session had
been up or created."
::= { ruckusAuthSessionEntry 15 }
ruckusAuthSessionV4IngressAcl OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the User Access List (ACL) applied in the
Ingress direction for the IPv4 traffic for this
client on this port."
::= { ruckusAuthSessionEntry 16 }
ruckusAuthSessionV4EgressAcl OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the User Access List (ACL) applied in the
Egress direction for the IPv4 traffic for this
client on this port."
::= { ruckusAuthSessionEntry 17 }
ruckusAuthSessionV6IngressAcl OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the User Access List (ACL) applied in the
Ingress direction for the IPv6 traffic for this
client on this port."
::= { ruckusAuthSessionEntry 18 }
ruckusAuthSessionV6EgressAcl OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the User Access List (ACL) applied in the
Egress direction for the IPv6 traffic for this
client on this port."
::= { ruckusAuthSessionEntry 19 }
ruckusAuthSessionTxOctets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the number bytes sent for this session on the port."
::= { ruckusAuthSessionEntry 20 }
ruckusAuthSessionRxOctets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the number bytes received for this session on the port."
::= { ruckusAuthSessionEntry 21 }
ruckusAuthSessionTxPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the number bytes sent for this session on the port."
::= { ruckusAuthSessionEntry 22 }
ruckusAuthSessionRxPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the number bytes received for this session on the port."
::= { ruckusAuthSessionEntry 23 }
ruckusAuthSessionFailureReason OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the internal failure reason for this
client, such as memory allocation, RADIUS attribute
parsing, RADIUS REJECT, etc."
::= { ruckusAuthSessionEntry 24 }
ruckusAuthSessionFlags OBJECT-TYPE
SYNTAX BITS {
staticAuthenticated(0),
taggedSession(1),
dot1xNonCapable(2),
dot1xEnabled(3),
masterMacAuth(4),
v4AclApplied(5),
v6AclApplied(6)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Desacribes various other parameters of client
session, by clubbing them together in one object for
simplicity.
staticAuthenticated(0):
Client is authenticaticated using configured
auth-fileters on the port, instead of normal
RADIUS server
taggedSession(1):
Client VLAN is tagged, which may indicate the
client as Phone or tagged VM
dot1xNonCapable(2):
Client is not Dot1x capabale
dot1xEnabled(3):
Dot1x should be tried or not, when MAC-Auth
succeeds depending on default value (enable),
configured value or RADIUS attribute
masterMacAuth(4),
Indicates if this session is Master session in
case of MAC-Auth session, as there would be
multiple sessions for MAC-Auth, whereas there
would be only one session visible
v4AclApplied(5):
IPv4 ACL is applied for the client
v6AclApplied(6):
IPv6 ACL is applied for the client
"
::= { ruckusAuthSessionEntry 25 }
-- ------------------------------------------------------------
-- FlexAuth Session Address Table
-- This applies for Dot1x and MAC-Auth sessions at port level
-- ------------------------------------------------------------
ruckusAuthSessionAddrTable OBJECT-TYPE
SYNTAX SEQUENCE OF RuckusAuthSessionAddrEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An address table providing V4/V6 information about
the FlexAuth sessions for each client at port level
in the Ruckus device."
::= { ruckusAuthSessions 2 }
ruckusAuthSessionAddrEntry OBJECT-TYPE
SYNTAX RuckusAuthSessionAddrEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry containing information about the FlexAuth
session address of a specified client on a port"
INDEX { ifIndex, ruckusAuthSessionMac, ruckusAuthSessionAddrId }
::= { ruckusAuthSessionAddrTable 1 }
RuckusAuthSessionAddrEntry ::= SEQUENCE {
ruckusAuthSessionAddrId INTEGER,
ruckusAuthSessionAddrType InetAddressType,
ruckusAuthSessionAddr InetAddress
}
ruckusAuthSessionAddrId OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An index into the White List Server table."
::= { ruckusAuthSessionAddrEntry 1 }
ruckusAuthSessionAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The address type of the this address entry, a V4 or V6."
::= { ruckusAuthSessionAddrEntry 2 }
ruckusAuthSessionAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The address of this session entry, which is a V4 or V6 address."
::= { ruckusAuthSessionAddrEntry 3 }
-- ------------------------------------------------------------
-- FlexAuth Session Statistics
-- This applies for Dot1x and MAC sessions at port level
-- ------------------------------------------------------------
ruckusAuthStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF RuckusAuthStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table that provides information about the summary
of MAC-Auth and Dot1x sessions at port level.
An entry exists in this table for every port enabled
for FlexAuth."
::= { ruckusAuthStatistics 1 }
ruckusAuthStatsEntry OBJECT-TYPE
SYNTAX RuckusAuthStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry of port level FlexAuth session summary
table."
INDEX { ifIndex }
::= { ruckusAuthStatsTable 1 }
RuckusAuthStatsEntry::= SEQUENCE {
ruckusDot1xSessionsAttempted Counter32,
ruckusDot1xSessionsAccepted Counter32,
ruckusDot1xSessionsRejected Counter32,
ruckusDot1xSessionsInProgress Counter32,
ruckusDot1xSessionsErrored Counter32,
ruckusMacAuthSessionsAttempted Counter32,
ruckusMacAuthSessionsAccepted Counter32,
ruckusMacAuthSessionsRejected Counter32,
ruckusMacAuthSessionsInProgress Counter32,
ruckusMacAuthSessionsErrored Counter32
}
ruckusDot1xSessionsAttempted OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of Dot1x sessions attempted on this port,
since the time the stats were cleared."
::= { ruckusAuthStatsEntry 1 }
ruckusDot1xSessionsAccepted OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of Dot1x sessions accepted or permited on
this port, since the time the stats were cleared."
::= { ruckusAuthStatsEntry 2 }
ruckusDot1xSessionsRejected OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of Dot1x sessions failed or rejected on
this port, since the time the stats were cleared."
::= { ruckusAuthStatsEntry 3 }
ruckusDot1xSessionsInProgress OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of Dot1x sessions which are in progress
on this port waiting for authentication to be
completed, since the time the stats were cleared."
::= { ruckusAuthStatsEntry 4 }
ruckusDot1xSessionsErrored OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of Dot1x sessions which are neither
accepted or rejected due to conditions like timeout,
resource failure, etc; on this port, since the time
the stats were cleared."
::= { ruckusAuthStatsEntry 5 }
ruckusMacAuthSessionsAttempted OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of MAC-Auth sessions attempted on this
port, since the time the stats were cleared."
::= { ruckusAuthStatsEntry 6 }
ruckusMacAuthSessionsAccepted OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of MAC-Auth sessions accepted or permited
on this port, since the time the stats were cleared"
::= { ruckusAuthStatsEntry 7 }
ruckusMacAuthSessionsRejected OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of MAC-Auth sessions failed or rejected
on this port, since the time the stats were cleared"
::= { ruckusAuthStatsEntry 8 }
ruckusMacAuthSessionsInProgress OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of MAC-Auth sessions which are in
progress on this port waiting for authentication to
be completed, since the time the stats were cleared"
::= { ruckusAuthStatsEntry 9 }
ruckusMacAuthSessionsErrored OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of MAC-Auth sessions which are neither
accepted or rejected due to conditions like timeout,
resource failure, etc; on this port, since the time
the stats were cleared."
::= { ruckusAuthStatsEntry 10 }
-- ------------------------------------------------------------
-- Dot1x Port Statistics
-- This applies for Dot1x authentication only at port level
-- ------------------------------------------------------------
ruckusDot1xAuthStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF RuckusDot1xAuthStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table that provides information about the Dot1x
Statistics at port level.
An entry exists in this table for every port enabled
for Dot1x."
::= { ruckusAuthStatistics 2 }
ruckusDot1xAuthStatsEntry OBJECT-TYPE
SYNTAX RuckusDot1xAuthStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry of per port Dot1x statistics table."
INDEX { ifIndex }
::= { ruckusDot1xAuthStatsTable 1 }
RuckusDot1xAuthStatsEntry::= SEQUENCE {
ruckusDot1xTxEAPFrames Counter32,
ruckusDot1xTxEAPReqIdFrames Counter32,
ruckusDot1xTxEAPReqFrames Counter32,
ruckusDot1xRxEAPFrames Counter32,
ruckusDot1xRxEAPStartFrames Counter32,
ruckusDot1xRxEAPLogOffFrames Counter32,
ruckusDot1xRxEAPRespIdFrames Counter32,
ruckusDot1xRxEAPRespFrames Counter32,
ruckusDot1xRxEAPInvalidFrames Counter32,
ruckusDot1xRxLengthErrorFrames Integer32,
ruckusDot1xRxEAPLastFrameVersion Unsigned32,
ruckusDot1xRxEAPLastFrameSource MacAddress
}
ruckusDot1xTxEAPFrames OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of EAPOL frames transmitted on this
port"
::= { ruckusDot1xAuthStatsEntry 1 }
ruckusDot1xTxEAPReqIdFrames OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of EAP-Request/Identity frames
transmitted on this port"
::= { ruckusDot1xAuthStatsEntry 2 }
ruckusDot1xTxEAPReqFrames OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of transmitted EAP request frames that
are not EAP-Request/identify on this port"
::= { ruckusDot1xAuthStatsEntry 3 }
ruckusDot1xRxEAPFrames OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of EAPOL frames received on this
port"
::= { ruckusDot1xAuthStatsEntry 4 }
ruckusDot1xRxEAPStartFrames OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of EAPOL-Start frames received on this
port"
::= { ruckusDot1xAuthStatsEntry 5 }
ruckusDot1xRxEAPLogOffFrames OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of EAPOL-Logoff frames received on this
port"
::= { ruckusDot1xAuthStatsEntry 6 }
ruckusDot1xRxEAPRespIdFrames OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of EAP-Response/Identify frames received
on this port"
::= { ruckusDot1xAuthStatsEntry 7 }
ruckusDot1xRxEAPRespFrames OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of received EAP-Response frames other
than EAP-Response/Identity on this port"
::= { ruckusDot1xAuthStatsEntry 8 }
ruckusDot1xRxEAPInvalidFrames OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of invalid EAPOL frames received on this
port"
::= { ruckusDot1xAuthStatsEntry 9 }
ruckusDot1xRxLengthErrorFrames OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of EAPOL frames received with incorrect
length on this port"
::= { ruckusDot1xAuthStatsEntry 10 }
ruckusDot1xRxEAPLastFrameVersion OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The version of last EAP frame received on this port"
::= { ruckusDot1xAuthStatsEntry 11 }
ruckusDot1xRxEAPLastFrameSource OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The MAC address of the source from where the last
EAP frame received on this port"
::= { ruckusDot1xAuthStatsEntry 12 }
-- ------------------------------------------------------------
-- FlexAuth MIB Notifications (applies for Dot1x and MAC-Auth)
-- ------------------------------------------------------------
ruckusAuthPortAuthorizedNotif NOTIFICATION-TYPE
OBJECTS {
ifIndex,
ruckusAuthSessionMac,
ruckusAuthSessionVlan,
ruckusAuthSessionVlanType
}
STATUS current
DESCRIPTION "This notification is sent if a 802.1x supplicant
is detected and authenticated successfully with
supplicant getting assigned a VLAN."
::= { ruckusAuthNotification 1 }
ruckusAuthPortUnauthorizedNotif NOTIFICATION-TYPE
OBJECTS {
ifIndex,
ruckusAuthSessionMac
}
STATUS current
DESCRIPTION "This notification is sent if a 802.1x supplicant
had logged off or session is cleared for other reasons."
::= { ruckusAuthNotification 2 }
ruckusAuthMacAuthorizedNotif NOTIFICATION-TYPE
OBJECTS {
ifIndex,
ruckusAuthSessionMac,
ruckusAuthSessionVlan,
ruckusAuthSessionVlanType
}
STATUS current
DESCRIPTION "This notification is sent if a non-802.1x client is
detected and authenticated successfully with
client/device getting assigned a VLAN."
::= { ruckusAuthNotification 3 }
ruckusAuthMacUnauthorizedNotif NOTIFICATION-TYPE
OBJECTS {
ifIndex,
ruckusAuthSessionMac
}
STATUS current
DESCRIPTION "This notification is sent if a non-802.1x client
had logged off or session is cleared for other reasons."
::= { ruckusAuthNotification 4 }
ruckusAuthAclFailNotif NOTIFICATION-TYPE
OBJECTS {
ifIndex,
ruckusAuthSessionMac,
ruckusAuthSessionMethod
}
STATUS current
DESCRIPTION "This notification is sent if a an ACL counldn't be
applied for authenticated client, resulting the client
in authentication failure."
::= { ruckusAuthNotification 5 }
-- ------------------------------------------------------------
-- FlexAuth MIB Conformance (applies for Dot1x and MAC-Auth)
-- ------------------------------------------------------------
ruckusAuthMIBCompliances OBJECT IDENTIFIER ::= { ruckusAuthConformance 1 }
ruckusAuthMIBGroups OBJECT IDENTIFIER ::= { ruckusAuthConformance 2 }
ruckusAuthCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION "The compliance statement for entities which
implement RUCKUS-AUTH-MIB."
MODULE -- this module
MANDATORY-GROUPS {
ruckusAuthConfigGroup,
ruckusDot1xAuthConfigGroup,
ruckusMacAuthConfigGroup,
ruckusWebAuthConfigGroup,
ruckusAuthPortConfigGroup,
ruckusAuthFilterConfigGroup,
ruckusAuthSessionsGroup
}
::= { ruckusAuthMIBCompliances 1 }
------------------------
-- Units of Conformance
------------------------
ruckusAuthConfigGroup OBJECT-GROUP
OBJECTS {
ruckusAuthDefaultVlan,
ruckusAuthVoiceVlan,
ruckusAuthCriticalVlan,
ruckusAuthRestrictVlan,
ruckusAuthMode,
ruckusAuthMethods,
ruckusAuthMaxSessions,
ruckusAuthFailAction,
ruckusAuthTimeoutAction,
ruckusAuthReauthEnable,
ruckusAuthReauthPeriod,
ruckusAuthReauthTimeout,
ruckusAuthIdleTimeout,
ruckusAuthDeniedTimeout,
ruckusAuthAging,
ruckusAuthEnable,
ruckusAuthDefaultV4IngressAcl,
ruckusAuthDefaultV4EgressAcl,
ruckusAuthDefaultV6IngressAcl,
ruckusAuthDefaultV6EgressAcl
}
STATUS current
DESCRIPTION "A collection of objects that provide global
configuration of FlexAuth feature, common to both
MAC-Auth and Dot1x."
::= { ruckusAuthMIBGroups 1 }
ruckusDot1xAuthConfigGroup OBJECT-GROUP
OBJECTS {
ruckusDot1xQuietPeriod,
ruckusDot1xTxPeriod,
ruckusDot1xSuppTimeout,
ruckusDot1xMaxReq,
ruckusDot1xMaxReauthReq,
ruckusDot1xGuestVlan,
ruckusDot1xMacAuthOverride
}
STATUS current
DESCRIPTION "A collection of objects that provide global
global configuration of Dot1x sub-feature,
which applies only to Dot1x."
::= { ruckusAuthMIBGroups 2 }
ruckusMacAuthConfigGroup OBJECT-GROUP
OBJECTS {
ruckusMacAuthPasswordFormat,
ruckusMacAuthPasswordOverride,
ruckusMacAuthDot1xOverride,
ruckusMacAuthDot1xEnable
}
STATUS current
DESCRIPTION "A collection of objects that provide global
configuration of MAC-Auth sub-feature, which
applies only to MAC-Auth."
::= { ruckusAuthMIBGroups 3 }
ruckusAuthPortConfigGroup OBJECT-GROUP
OBJECTS {
ruckusAuthPortEnable,
ruckusAuthPortDot1xControl,
ruckusAuthPortDefaultVlan,
ruckusAuthPortVoiceVlan,
ruckusAuthPortCriticalVlan,
ruckusAuthPortRestrictVlan,
ruckusAuthPortMode,
ruckusAuthPortMethods,
ruckusAuthPortMaxSessions,
ruckusAuthPortFailAction,
ruckusAuthPortTimeoutAction,
ruckusAuthPortReauthTimeout,
ruckusAuthPortAging,
ruckusAuthPortAllowTagged,
ruckusAuthPortSourceGuard,
ruckusAuthPortDosAttacks,
ruckusAuthPortDosAttackLimit
}
STATUS current
DESCRIPTION "A collection of objects that provide interface
configuration of FlexAuth feature,common to both
MAC-Auth and Dot1x."
::= { ruckusAuthMIBGroups 4 }
ruckusAuthFilterConfigGroup OBJECT-GROUP
OBJECTS {
ruckusAuthFilterMac,
ruckusAuthFilterMask,
ruckusAuthFilterVlan
}
STATUS current
DESCRIPTION "A collection of objects that provide interface
auth filter configuration of FlexAuth feature,
common to both MAC-Auth and Dot1x."
::= { ruckusAuthMIBGroups 5 }
ruckusAuthSessionsGroup OBJECT-GROUP
OBJECTS {
ruckusAuthSessionVlan,
ruckusAuthSessionTaggedVlan,
ruckusAuthSessionUserName,
ruckusAuthSessionDeviceType,
ruckusAuthSessionStatus,
ruckusAuthSessionDot1xStatus,
ruckusAuthSessionMethod,
ruckusAuthSessionMode,
ruckusAuthSessionAgingType,
ruckusAuthSessionAge,
ruckusAuthSessionTimeout,
ruckusAuthSessionIdleTimeout,
ruckusAuthSessionTime,
ruckusAuthSessionV4IngressAcl,
ruckusAuthSessionV4EgressAcl,
ruckusAuthSessionV6IngressAcl,
ruckusAuthSessionV6EgressAcl,
ruckusAuthSessionTxOctets,
ruckusAuthSessionRxOctets,
ruckusAuthSessionTxPkts,
ruckusAuthSessionRxPkts,
ruckusAuthSessionFailureReason,
ruckusAuthSessionFlags,
ruckusAuthSessionAddrType,
ruckusAuthSessionAddr
}
STATUS current
DESCRIPTION "A collection of objects that provide session
information of a FlexAuth session."
::= { ruckusAuthMIBGroups 6 }
ruckusAuthStatsGroup OBJECT-GROUP
OBJECTS {
ruckusDot1xSessionsAttempted,
ruckusDot1xSessionsAccepted,
ruckusDot1xSessionsRejected,
ruckusDot1xSessionsInProgress,
ruckusDot1xSessionsErrored,
ruckusMacAuthSessionsAttempted,
ruckusMacAuthSessionsAccepted,
ruckusMacAuthSessionsRejected,
ruckusMacAuthSessionsInProgress,
ruckusMacAuthSessionsErrored
}
STATUS current
DESCRIPTION "A collection of objects that provide session
statistics of FlexAuth sessions at port level."
::= { ruckusAuthMIBGroups 7 }
ruckusDot1xAuthStatsGroup OBJECT-GROUP
OBJECTS {
ruckusDot1xTxEAPFrames,
ruckusDot1xTxEAPReqIdFrames,
ruckusDot1xTxEAPReqFrames,
ruckusDot1xRxEAPFrames,
ruckusDot1xRxEAPStartFrames,
ruckusDot1xRxEAPLogOffFrames,
ruckusDot1xRxEAPRespIdFrames,
ruckusDot1xRxEAPRespFrames,
ruckusDot1xRxEAPInvalidFrames,
ruckusDot1xRxLengthErrorFrames,
ruckusDot1xRxEAPLastFrameVersion,
ruckusDot1xRxEAPLastFrameSource
}
STATUS current
DESCRIPTION "A collection of objects that provide Dot1x
statistics of Dot1x sessions at port level."
::= { ruckusAuthMIBGroups 8 }
ruckusWebAuthConfigGroup OBJECT-GROUP
OBJECTS {
ruckusWebAuthEnable,
ruckusWebAuthTrustPort,
ruckusWebAuthMode,
ruckusWebAuthMethod,
ruckusWebAuthMaxHosts,
ruckusWebAuthMaxAuthAttempts,
ruckusWebAuthReauthTime,
ruckusWebAuthCycleTime,
ruckusWebAuthBlockTime,
ruckusWebAuthMacAgeTime,
ruckusWebAuthPasscode,
ruckusWebAuthLocalUserDb,
ruckusWebAuthSecureLogin,
ruckusWebAuthAccounting,
ruckusWebAuthCaptiveProfile,
ruckusWebAuthRedirectName,
ruckusWebAuthDnsFilterType,
ruckusWebAuthDnsFilterAddr,
ruckusWebAuthDnsFilterPrefix,
ruckusWebAuthWhiteListType,
ruckusWebAuthWhiteListAddr,
ruckusWebAuthWhiteListPrefix,
ruckusWebAuthFilterPort,
ruckusWebAuthFilterDuration,
ruckusWebAuthFilterAction,
ruckusWebAuthCaptivePortalType,
ruckusWebAuthCaptivePortalAddr,
ruckusWebAuthCaptivePortalPort,
ruckusWebAuthCaptivePortalLoginPage
}
STATUS current
DESCRIPTION "A collection of objects that provide WebAuth
configuration."
::= { ruckusAuthMIBGroups 9 }
END
View Git Blame Copy Permalink