JUNIPER-SECURE-ACCESS-PORT-MIB

This is Juniper Networks' implementation of enterprise specific
MIB for configuration of Secure Access Port feature. DHCP Snooping 
and Dynamic ARP Inspection are mechanisms to provide per interface 
security capabilities. This MIB Module is also used to control 
some layer 2 functions like MAC limiting. It also supports 
IP Source Guard, Mac Source Guard and Storm Control features.

Imported Objects

ifIndex	IF-MIB
jnxExSecureAccessPort	JUNIPER-EX-SMI
MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, Integer32	SNMPv2-SMI
TruthValue, TEXTUAL-CONVENTION, DisplayString	SNMPv2-TC

Type Definitions (1)

Name	Base Type	Values/Constraints
JnxMacLimitExceededAction	Enumeration	none(1), drop(2), alarm(3), shutdown(4)

Objects

jnxExSecureAccessPortMIB		.1.3.6.1.4.1.2636.3.40.1.2.1
jnxSecAccessPortMIBNotifications		.1.3.6.1.4.1.2636.3.40.1.2.1.0
jnxSecAccessPortMIBObjects		.1.3.6.1.4.1.2636.3.40.1.2.1.1
jnxSecAccessPortVlanTable		.1.3.6.1.4.1.2636.3.40.1.2.1.1.1
jnxSecAccessPortVlanEntry	jnxSecAccessVlanName	.1.3.6.1.4.1.2636.3.40.1.2.1.1.1.1
jnxSecAccessVlanName	OctetString	.1.3.6.1.4.1.2636.3.40.1.2.1.1.1.1.1
jnxSecAccessVlanDhcpSnoopStatus	SNMPv2-TCTruthValue	.1.3.6.1.4.1.2636.3.40.1.2.1.1.1.1.2
jnxSecAccessVlanDAIStatus	SNMPv2-TCTruthValue	.1.3.6.1.4.1.2636.3.40.1.2.1.1.1.1.3
jnxSecAccessPortIfTable		.1.3.6.1.4.1.2636.3.40.1.2.1.1.2
jnxSecAccessPortIfEntry	IF-MIBifIndex	.1.3.6.1.4.1.2636.3.40.1.2.1.1.2.1
jnxSecAccessdsIfTrustState	SNMPv2-TCTruthValue	.1.3.6.1.4.1.2636.3.40.1.2.1.1.2.1.1
jnxSecAccessdsIfRateLimit	packets per second Unsigned32	.1.3.6.1.4.1.2636.3.40.1.2.1.1.2.1.2
jnxSecAccessIfMacLimit	Unsigned32	.1.3.6.1.4.1.2636.3.40.1.2.1.1.2.1.3
jnxSecAccessIfMacLimitExceed	JnxMacLimitExceededAction	.1.3.6.1.4.1.2636.3.40.1.2.1.1.2.1.4
jnxSecAccessIfIpSrcGuardStatus	SNMPv2-TCTruthValue	.1.3.6.1.4.1.2636.3.40.1.2.1.1.2.1.5
jnxSecAccessIfMacSrcGuardStatus	SNMPv2-TCTruthValue	.1.3.6.1.4.1.2636.3.40.1.2.1.1.2.1.6
jnxStormCtlTable		.1.3.6.1.4.1.2636.3.40.1.2.1.1.3
jnxStormCtlEntry	IF-MIBifIndex jnxStormCtlIfTrafficType	.1.3.6.1.4.1.2636.3.40.1.2.1.1.3.1
jnxStormCtlIfTrafficType	Enumeration	.1.3.6.1.4.1.2636.3.40.1.2.1.1.3.1.1
jnxStormCtlRisingThreshold	packets per second Integer32	.1.3.6.1.4.1.2636.3.40.1.2.1.1.3.1.2
jnxStormCtlFallingThreshold	packets per second Integer32	.1.3.6.1.4.1.2636.3.40.1.2.1.1.3.1.3
jnxStormCtlAction	Enumeration	.1.3.6.1.4.1.2636.3.40.1.2.1.1.3.1.4

Notifications/Traps

Name	OID	Description
jnxSecAccessdsRateLimitCrossed jnxSecAccessdsIfRateLimit	.1.3.6.1.4.1.2636.3.40.1.2.1.0.1	eLimitCrossed notification is generated when the number of DHCP packets from an untrusted interface exceeds jnxSecAccessdsIfRateLimit.
jnxSecAccessIfMacLimitExceeded jnxSecAccessIfMacLimit jnxSecAccessIfMacLimitExceed	.1.3.6.1.4.1.2636.3.40.1.2.1.0.2	on is sent when the number of MAC addresses learnt by the interface has crossed the limit of MAC addresses(jnxSecAccessIfMacLimit) and if MAC Limit Exceeded Action(jnxSecAccessIfMacLimitExceed) is drop or alarm or shutdown.
jnxStormEventNotification jnxStormCtlRisingThreshold	.1.3.6.1.4.1.2636.3.40.1.2.1.0.3	on is sent when the traffic in the interface exceeds rising threshold(jnxStormCtlRisingThreshold).

Name

OID

Description

jnxSecAccessdsRateLimitCrossed
jnxSecAccessdsIfRateLimit

.1.3.6.1.4.1.2636.3.40.1.2.1.0.1

eLimitCrossed notification is generated when 
the number of DHCP packets from an untrusted interface exceeds 
jnxSecAccessdsIfRateLimit.

jnxSecAccessIfMacLimitExceeded
jnxSecAccessIfMacLimit
jnxSecAccessIfMacLimitExceed

.1.3.6.1.4.1.2636.3.40.1.2.1.0.2

on is sent when the number of MAC addresses learnt by 
the interface has crossed the limit of MAC addresses(jnxSecAccessIfMacLimit) 
	and if MAC Limit Exceeded Action(jnxSecAccessIfMacLimitExceed) is 
	drop or alarm or shutdown.

jnxStormEventNotification
jnxStormCtlRisingThreshold

.1.3.6.1.4.1.2636.3.40.1.2.1.0.3

on is sent when the traffic in the interface exceeds 
rising threshold(jnxStormCtlRisingThreshold).