1-- ********************************************************************* 2-- CISCO-AUTH-FRAMEWORK-MIB.my: Authentication Framework configuration 3-- and information MIB 4-- 5-- August 2008, Binh Phu Le 6-- 7-- Copyright (c) 2008-2009, 2010, 2013 by Cisco Systems Inc. 8-- 9-- All rights reserved. 10-- 11-- ******************************************************************* 12 13CISCO-AUTH-FRAMEWORK-MIB DEFINITIONS ::= BEGIN 14 15IMPORTS 16 MODULE-IDENTITY, 17 OBJECT-TYPE, 18 NOTIFICATION-TYPE, 19 Unsigned32, 20 Integer32 21 FROM SNMPv2-SMI 22 MODULE-COMPLIANCE, 23 NOTIFICATION-GROUP, 24 OBJECT-GROUP 25 FROM SNMPv2-CONF 26 MacAddress, 27 TEXTUAL-CONVENTION, 28 TruthValue 29 FROM SNMPv2-TC 30 SnmpAdminString 31 FROM SNMP-FRAMEWORK-MIB 32 InetAddress, 33 InetAddressType 34 FROM INET-ADDRESS-MIB 35 ifIndex, 36 ifName 37 FROM IF-MIB 38 VlanIndexOrZero 39 FROM CISCO-PRIVATE-VLAN-MIB 40 CnnEouPostureTokenString 41 FROM CISCO-NAC-TC-MIB 42 ciscoMgmt 43 FROM CISCO-SMI; 44 45 46ciscoAuthFrameworkMIB MODULE-IDENTITY 47 LAST-UPDATED "201308230000Z" 48 ORGANIZATION "Cisco Systems Inc." 49 CONTACT-INFO 50 "Cisco Systems 51 Customer Service 52 Postal: 170 W Tasman Drive 53 San Jose, CA 95134 54 USA 55 Tel: +1 800 553 -NETS 56 E-mail: cs-ibns@cisco.com, 57 cs-lan-switch-snmp@cisco.com" 58 DESCRIPTION 59 "MIB module for Authentication Framework in the system. 60 61 Authentication Framework provides generic configurations 62 for authentication methods in the system and manage the 63 failover sequence of these methods in a flexible manner." 64 REVISION "201308230000Z" 65 DESCRIPTION 66 "Added notification cafAuthFailNotif. 67 Added new objects cafAuthFailNotifEnable and 68 cafAuthFailClient. 69 Added new groups cafAuthFailNotifGroup, 70 cafAuthFailNotifEnableGroup and cafAuthFailClientGroup. 71 A new compliance ciscoAuthFrameworkMIBCompliance4 is added 72 which deprecates ciscoAuthFrameworkMIBCompliance3." 73 REVISION "201011170000Z" 74 DESCRIPTION 75 "Added cafMacMoveConfigGroup and cafCoACommandConfigGroup 76 groups." 77 REVISION "201004010000Z" 78 DESCRIPTION 79 "Added value 'replace' to cafPortViolationAction." 80 REVISION "200904200000Z" 81 DESCRIPTION 82 "Added cafSessionVlanGroupNameGroup." 83 REVISION "200810240000Z" 84 DESCRIPTION 85 "Added value 'protect' to cafPortViolationAction." 86 REVISION "200808250000Z" 87 DESCRIPTION 88 "Initial version of this MIB module." 89 ::= { ciscoMgmt 656 } 90 91 92ciscoAuthFrameworkMIBNotifs OBJECT IDENTIFIER 93 ::= { ciscoAuthFrameworkMIB 0 } 94 95ciscoAuthFrameworkMIBObjects OBJECT IDENTIFIER 96 ::= { ciscoAuthFrameworkMIB 1 } 97 98ciscoAuthFrameworkMIBConform OBJECT IDENTIFIER 99 ::= { ciscoAuthFrameworkMIB 2 } 100 101ciscoAuthFrameworkSystem OBJECT IDENTIFIER 102 ::= { ciscoAuthFrameworkMIBObjects 1 } 103 104ciscoAuthFrwkAuthenticator OBJECT IDENTIFIER 105 ::= { ciscoAuthFrameworkMIBObjects 2 } 106 107ciscoAuthFrameworkEvent OBJECT IDENTIFIER 108 ::= { ciscoAuthFrameworkMIBObjects 3 } 109 110ciscoAuthFrameworkSession OBJECT IDENTIFIER 111 ::= { ciscoAuthFrameworkMIBObjects 4 } 112 113ciscoAuthFrwkNotifControl OBJECT IDENTIFIER 114 ::= { ciscoAuthFrameworkMIBObjects 5 } 115 116ciscoAuthFrwkNotifInfo OBJECT IDENTIFIER 117 ::= { ciscoAuthFrameworkMIBObjects 6 } 118 119 120-- Textual Conventions 121 122CiscoAuthControlledDirections ::= TEXTUAL-CONVENTION 123 STATUS current 124 DESCRIPTION 125 "The controlled direction values for capable ports in 126 Authentication Framework. 127 128 both: control is required to be exerted over both 129 incoming and outgoing traffic through the 130 controlled port. 131 132 in : control is required to be exerted over the 133 incoming traffic through the controlled port." 134 SYNTAX INTEGER { 135 both(0), 136 in(1) 137 } 138 139CiscoAuthControlledPortControl ::= TEXTUAL-CONVENTION 140 STATUS current 141 DESCRIPTION 142 "The authorization control values of Authentication 143 Framework on a controlled port. 144 145 forceUnauthorized: the controlled port is forced to 146 be unauthorized unconditionally. 147 148 auto : authorization of the controlled 149 port will be determined by an 150 authentication process. 151 152 forceAuthorized : The controlled port is forced to 153 be authorized unconditionally." 154 SYNTAX INTEGER { 155 forceUnauthorized(1), 156 auto(2), 157 forceAuthorized(3) 158 } 159 160CiscoAuthMethod ::= TEXTUAL-CONVENTION 161 STATUS current 162 DESCRIPTION 163 "The authentication methods and protocols supported in 164 Authentication Framework. 165 166 other : none of the below. 167 168 dot1x : 802.1x Protocol. 169 170 macAuthBypass: MAC Authentication Bypass. 171 172 webAuth : Web-Proxy Authentication. 173 174 'other' is a read only value which can not be used in 175 set operation." 176 SYNTAX INTEGER { 177 other(1), 178 dot1x(2), 179 macAuthBypass(3), 180 webAuth(4) 181 } 182 183CiscoAuthMethodList ::= TEXTUAL-CONVENTION 184 STATUS current 185 DESCRIPTION 186 "The list of authentication methods provided within 187 Authentication Framework. 188 189 Each octet represents an authentication method which 190 is defined in CiscoAuthMethod. 191 192 The DESCRIPTION clause of CiscoAuthMethodList objects 193 must fully describe the relationship between methods." 194 SYNTAX OCTET STRING 195 196CiscoAuthHostMode ::= TEXTUAL-CONVENTION 197 STATUS current 198 DESCRIPTION 199 "The authentication mode of a controlled port. 200 201 singleHost: port allows one host to connect and authenticate 202 in a single domain. 203 204 multiHost : port allows multiple hosts to connect. Once 205 a host is authenticated, all remaining hosts are 206 also authenticated in a single domain. 207 208 multiAuth : port allows multiple hosts to connect. Each host 209 is authenticated separately in a single domain. 210 211 multiDomain: port allows multiple domains to be authenticated." 212 SYNTAX INTEGER { 213 singleHost(1), 214 multiHost(2), 215 multiAuth(3), 216 multiDomain(4) 217 } 218 219-- ciscoAuthFrameworkSystem 220 221cafAaaNoRespRecoveryDelay OBJECT-TYPE 222 SYNTAX Unsigned32 223 UNITS "milliseconds" 224 MAX-ACCESS read-write 225 STATUS current 226 DESCRIPTION 227 "Specifies the AAA recovery delay for authentication methods 228 registered in Authentication Framework when AAA server becomes 229 active again after being inactive. A value of zero indicates 230 that AAA recovery delay is disabled in the system." 231 ::= { ciscoAuthFrameworkSystem 1 } 232 233cafAuthMethodRegTable OBJECT-TYPE 234 SYNTAX SEQUENCE OF CafAuthMethodRegEntry 235 MAX-ACCESS not-accessible 236 STATUS current 237 DESCRIPTION 238 "A list of authentication methods which are currrently 239 registered with Authentication Framework. 240 241 An entry is created by the agent when an authentication method 242 has successfully registered with Authentication Framework. 243 244 An entry is deleted by the agent upon de-registration of the 245 authentication method." 246 ::= { ciscoAuthFrameworkSystem 2 } 247 248cafAuthMethodRegEntry OBJECT-TYPE 249 SYNTAX CafAuthMethodRegEntry 250 MAX-ACCESS not-accessible 251 STATUS current 252 DESCRIPTION 253 "An entry containing registration information of a particular 254 authentication method with Authentication Framework." 255 INDEX { cafAuthMethod } 256 ::= { cafAuthMethodRegTable 1 } 257 258CafAuthMethodRegEntry ::= SEQUENCE { 259 cafAuthMethod CiscoAuthMethod, 260 cafAuthMethodDefaultPriority Unsigned32, 261 cafAuthMethodDefaultExecOrder Unsigned32 262} 263 264cafAuthMethod OBJECT-TYPE 265 SYNTAX CiscoAuthMethod 266 MAX-ACCESS not-accessible 267 STATUS current 268 DESCRIPTION 269 "The authentication method registered with Authentication 270 Framework." 271 ::= { cafAuthMethodRegEntry 1 } 272 273cafAuthMethodDefaultPriority OBJECT-TYPE 274 SYNTAX Unsigned32 275 MAX-ACCESS read-only 276 STATUS current 277 DESCRIPTION 278 "A unique number which indicates the default priority of a 279 authentication method. 280 281 The default priority is assigned by Authentication Framework 282 during method registration. The method with smallest value 283 has highest priority." 284 ::= { cafAuthMethodRegEntry 2 } 285 286cafAuthMethodDefaultExecOrder OBJECT-TYPE 287 SYNTAX Unsigned32 288 MAX-ACCESS read-only 289 STATUS current 290 DESCRIPTION 291 "A unique number which indicates the default execution order 292 of a authentication method. 293 294 The default execution order is assigned by Authentication 295 Framework during method registration. The method with 296 smallest value will be execute first." 297 ::= { cafAuthMethodRegEntry 3 } 298 299 300 301cafMacMoveMode OBJECT-TYPE 302 SYNTAX INTEGER { 303 deny(1), 304 permit(2) 305 } 306 MAX-ACCESS read-write 307 STATUS current 308 DESCRIPTION 309 "This object specifies the MAC Move configuration for 310 Authentication Framework. 311 312 deny : When a host is authenticated on one port, 313 that address is not allowed on another 314 authenticated manager-enabled port of the device. 315 316 permit: Authenticated hosts are allowed to move from one 317 port to another on the same device. When a host moves to 318 a new port, the authenticated session on the original 319 port is deleted, and the host is reauthenticated on the 320 new port." 321 ::= { ciscoAuthFrameworkSystem 3 } 322 323cafCoABouncePortCommandIgnoreEnabled OBJECT-TYPE 324 SYNTAX TruthValue 325 MAX-ACCESS read-write 326 STATUS current 327 DESCRIPTION 328 "This object specifies whether the device ignores the bounce 329 port command that sent from RADIUS via Change-of-Authorization 330 (CoA) packets." 331 ::= { ciscoAuthFrameworkSystem 4 } 332 333cafCoADisablePortCommandIgnoreEnabled OBJECT-TYPE 334 SYNTAX TruthValue 335 MAX-ACCESS read-write 336 STATUS current 337 DESCRIPTION 338 "This object specifies whether the device ingores the 339 disable port command that sent from RADIUS via 340 Change-of-Authorization (CoA) packets." 341 ::= { ciscoAuthFrameworkSystem 5 } 342-- ciscoAuthFrwkAuthenticator 343 344cafPortConfigTable OBJECT-TYPE 345 SYNTAX SEQUENCE OF CafPortConfigEntry 346 MAX-ACCESS not-accessible 347 STATUS current 348 DESCRIPTION 349 "A list of port entries. An entry will exist for each 350 interface which support Authentication Framework feature." 351 ::= { ciscoAuthFrwkAuthenticator 1 } 352 353cafPortConfigEntry OBJECT-TYPE 354 SYNTAX CafPortConfigEntry 355 MAX-ACCESS not-accessible 356 STATUS current 357 DESCRIPTION 358 "An entry containing management information of Authentication 359 Framework applicable to a particular port." 360 INDEX { ifIndex } 361 ::= { cafPortConfigTable 1 } 362 363CafPortConfigEntry ::= SEQUENCE { 364 cafPortControlledDirection CiscoAuthControlledDirections, 365 cafPortFallBackProfile SnmpAdminString, 366 cafPortAuthHostMode CiscoAuthHostMode, 367 cafPortPreAuthOpenAccess TruthValue, 368 cafPortAuthorizeControl CiscoAuthControlledPortControl, 369 cafPortReauthEnabled TruthValue, 370 cafPortReauthInterval Unsigned32, 371 cafPortRestartInterval Unsigned32, 372 cafPortInactivityTimeout Integer32, 373 cafPortViolationAction INTEGER 374} 375 376cafPortControlledDirection OBJECT-TYPE 377 SYNTAX CiscoAuthControlledDirections 378 MAX-ACCESS read-write 379 STATUS current 380 DESCRIPTION 381 "Specifies the controlled direction of this port." 382 ::= { cafPortConfigEntry 1 } 383 384cafPortFallBackProfile OBJECT-TYPE 385 SYNTAX SnmpAdminString 386 MAX-ACCESS read-write 387 STATUS current 388 DESCRIPTION 389 "Specifies the name of the fallback profile to be used when 390 failing over to Web Proxy Authentication. A zero length 391 string indicates that fallback mechanism to Web Proxy 392 Authentication is disabled in Authentication Framework." 393 ::= { cafPortConfigEntry 2 } 394 395cafPortAuthHostMode OBJECT-TYPE 396 SYNTAX CiscoAuthHostMode 397 MAX-ACCESS read-write 398 STATUS current 399 DESCRIPTION 400 "Specifies the authentication host mode for this port." 401 ::= { cafPortConfigEntry 3 } 402 403cafPortPreAuthOpenAccess OBJECT-TYPE 404 SYNTAX TruthValue 405 MAX-ACCESS read-write 406 STATUS current 407 DESCRIPTION 408 "Specifies if the Pre-Authentication Open Access feature 409 allows clients/devices to gain network access before 410 authentication is performed. 411 412 A value of 'true' for this object indicates that client/device 413 is able to gain network access before authentication is 414 performed." 415 ::= { cafPortConfigEntry 4 } 416 417cafPortAuthorizeControl OBJECT-TYPE 418 SYNTAX CiscoAuthControlledPortControl 419 MAX-ACCESS read-write 420 STATUS current 421 DESCRIPTION 422 "Specifies the authorization control for this port." 423 ::= { cafPortConfigEntry 5 } 424 425cafPortReauthEnabled OBJECT-TYPE 426 SYNTAX TruthValue 427 MAX-ACCESS read-write 428 STATUS current 429 DESCRIPTION 430 "Specifies if reauthentication is enabled for this port." 431 ::= { cafPortConfigEntry 6 } 432 433cafPortReauthInterval OBJECT-TYPE 434 SYNTAX Unsigned32 435 UNITS "seconds" 436 MAX-ACCESS read-write 437 STATUS current 438 DESCRIPTION 439 "Specifies the reauthentication interval, after which the port 440 will be reauthenticated if value of the corresponding instance 441 of cafPortReauthEnabled is 'true'. 442 443 A value of zero indicates that the reauthentication interval 444 is downloaded from AAA server when this port is authenticated." 445 ::= { cafPortConfigEntry 7 } 446 447cafPortRestartInterval OBJECT-TYPE 448 SYNTAX Unsigned32 449 UNITS "seconds" 450 MAX-ACCESS read-write 451 STATUS current 452 DESCRIPTION 453 "Specifies the interval after which a further authentication 454 attempt should be made to this port if it is not authorized. 455 456 A value of zero indicates that no further authentication attempt 457 will be made if this port is unauthorized." 458 ::= { cafPortConfigEntry 8 } 459 460cafPortInactivityTimeout OBJECT-TYPE 461 SYNTAX Integer32 (-1 | 0 | 1..65535) 462 UNITS "seconds" 463 MAX-ACCESS read-write 464 STATUS current 465 DESCRIPTION 466 "Specifies the period of time that a client associating with 467 this 468 port is allowed to be inactive before being terminated. 469 470 A value of zero indicates that inactivity timeout is disabled on 471 472 this port. 473 474 A value of -1 indicates that inactivity timeout is downloaded 475 from the AAA server when this port is authenticated." 476 ::= { cafPortConfigEntry 9 } 477 478cafPortViolationAction OBJECT-TYPE 479 SYNTAX INTEGER { 480 restrict(1), 481 shutdown(2), 482 protect(3), 483 replace(4) 484 } 485 MAX-ACCESS read-write 486 STATUS current 487 DESCRIPTION 488 "Specifies the action to be taken due to a security violation 489 occurs on this port. 490 491 restrict: This port will be moved to restricted state. 492 493 shutdown: This port will be shutdown from Authentication 494 Framework perspective. 495 496 protect : This port will be moved to protected state. 497 498 replace : The current authentication session on this 499 port will be terminated and replaced by a new 500 authentication session, upon the detection of 501 security violation on the current authentication 502 session on the port." 503 ::= { cafPortConfigEntry 10 } 504 505 506 507cafPortMethodTable OBJECT-TYPE 508 SYNTAX SEQUENCE OF CafPortMethodEntry 509 MAX-ACCESS not-accessible 510 STATUS current 511 DESCRIPTION 512 "The table contains a list of port entries. An entry will exist 513 for each port which supports Authentication Framework feature." 514 ::= { ciscoAuthFrwkAuthenticator 2 } 515 516cafPortMethodEntry OBJECT-TYPE 517 SYNTAX CafPortMethodEntry 518 MAX-ACCESS not-accessible 519 STATUS current 520 DESCRIPTION 521 "Entry containing configuration and information of 522 authentication methods for a particular port." 523 INDEX { ifIndex } 524 ::= { cafPortMethodTable 1 } 525 526CafPortMethodEntry ::= SEQUENCE { 527 cafPortMethodAdminExecOrder CiscoAuthMethodList, 528 cafPortMethodAdminPriority CiscoAuthMethodList, 529 cafPortMethodAvailable CiscoAuthMethodList, 530 cafPortMethodOperExecOrder CiscoAuthMethodList, 531 cafPortMethodOperPriority CiscoAuthMethodList 532} 533 534cafPortMethodAdminExecOrder OBJECT-TYPE 535 SYNTAX CiscoAuthMethodList 536 MAX-ACCESS read-write 537 STATUS current 538 DESCRIPTION 539 "This object specifies the administrative execution order of 540 authentication methods on the port. Methods are executed in 541 the order as specified in the method list. 542 543 Method which is at the beginning of the method list will be 544 executed first. Method which is at the end of method list 545 will be executed last. 546 547 A zero length string of this object indicates that no per 548 port execution order configuration has been specified on 549 this port. The actual execution order is based on the value 550 of cafAuthMethodDefaultExecOrder in cafAuthMethodRegTable." 551 ::= { cafPortMethodEntry 1 } 552 553cafPortMethodAdminPriority OBJECT-TYPE 554 SYNTAX CiscoAuthMethodList 555 MAX-ACCESS read-write 556 STATUS current 557 DESCRIPTION 558 "This object specifies the administrative priority of 559 authentication methods on the port. The priority of 560 each method is assigned based on the method list. 561 562 Method which is at the beginning of the method list has 563 highest priority. Method which is at the end of method list 564 has lowest priority. 565 566 A zero length string of this object indicates that no per 567 port method priority configuration has been specified on 568 this port. The actual execution order is based on the value 569 of cafAuthMethodDefaultExecOrder in cafAuthMethodRegTable." 570 ::= { cafPortMethodEntry 2 } 571 572cafPortMethodAvailable OBJECT-TYPE 573 SYNTAX CiscoAuthMethodList 574 MAX-ACCESS read-only 575 STATUS current 576 DESCRIPTION 577 "This object indicates the authentication methods currently 578 available on this port." 579 ::= { cafPortMethodEntry 3 } 580 581cafPortMethodOperExecOrder OBJECT-TYPE 582 SYNTAX CiscoAuthMethodList 583 MAX-ACCESS read-only 584 STATUS current 585 DESCRIPTION 586 "This object indicates the operational execution order of 587 authentication methods on this port. Methods are executed in 588 the order as specified in the method list. 589 590 Method which is at the beginning of the method list will be 591 executed first. Method which is at the end of method list 592 will be executed last." 593 ::= { cafPortMethodEntry 4 } 594 595cafPortMethodOperPriority OBJECT-TYPE 596 SYNTAX CiscoAuthMethodList 597 MAX-ACCESS read-only 598 STATUS current 599 DESCRIPTION 600 "This object indicates the operational priority of 601 authentication methods on this port. Methods have the 602 priority as specified in the method list. 603 604 Method which is at the beginning of the method list has 605 highest priority. Method which is at the end of method list 606 has lowest priority." 607 ::= { cafPortMethodEntry 5 } 608 609 610-- ciscoAuthFrameworkEvent 611 612cafAuthFailedEventPortTable OBJECT-TYPE 613 SYNTAX SEQUENCE OF CafAuthFailedEventPortEntry 614 MAX-ACCESS not-accessible 615 STATUS current 616 DESCRIPTION 617 "The table contains a list of port entries. 618 619 An entry will exist for each port which supports Authentication 620 Fail event within the Authentication Framework." 621 ::= { ciscoAuthFrameworkEvent 1 } 622 623cafAuthFailedEventPortEntry OBJECT-TYPE 624 SYNTAX CafAuthFailedEventPortEntry 625 MAX-ACCESS not-accessible 626 STATUS current 627 DESCRIPTION 628 "Entry containing management information of Authentication 629 Fail event for a particular port." 630 INDEX { ifIndex } 631 ::= { cafAuthFailedEventPortTable 1 } 632 633CafAuthFailedEventPortEntry ::= SEQUENCE { 634 cafAuthFailedMaxRetry Unsigned32, 635 cafAuthFailedNoActionEnabled TruthValue, 636 cafAuthFailedAuthorizedVlan Integer32, 637 cafAuthFailedNextMethodEnabled TruthValue 638} 639 640cafAuthFailedMaxRetry OBJECT-TYPE 641 SYNTAX Unsigned32 642 MAX-ACCESS read-write 643 STATUS current 644 DESCRIPTION 645 "This object specifies the maximum number of retry should be 646 performed before generating Authentication Fail event. 647 648 A value of zero indicates that Authentication Fail event will 649 be generated upon authentication fail without any retry." 650 ::= { cafAuthFailedEventPortEntry 1 } 651 652cafAuthFailedNoActionEnabled OBJECT-TYPE 653 SYNTAX TruthValue 654 MAX-ACCESS read-write 655 STATUS current 656 DESCRIPTION 657 "This object specifies whether no action will be performed 658 when an Authentication Fail event occurs. 659 660 Setting 'true' on this object indicates that no action will 661 be performed when Authentication Fail event occurs. 662 663 The read-only value 'false' indicates that an action will 664 be performed when an Authentication Fail event occurs." 665 ::= { cafAuthFailedEventPortEntry 2 } 666 667cafAuthFailedAuthorizedVlan OBJECT-TYPE 668 SYNTAX Integer32 (-1 | 0 | 1..2147483647) 669 MAX-ACCESS read-write 670 STATUS current 671 DESCRIPTION 672 "This object specifies the Authentication Failed VLAN number. 673 674 The read-only value of -1 indicates that this object is not 675 applicable on this port. 676 677 The read-only value of zero indicates that this port will not be 678 authorized to any VLAN when Authentication Failed event occurs. 679 680 Setting a non-zero value on this object indicates that this port 681 will be authorized to the VLAN as specified by this object 682 value, when Authentication Fail event occurs." 683 ::= { cafAuthFailedEventPortEntry 3 } 684 685cafAuthFailedNextMethodEnabled OBJECT-TYPE 686 SYNTAX TruthValue 687 MAX-ACCESS read-write 688 STATUS current 689 DESCRIPTION 690 "This object specifies whether the next authentication method 691 will be used if an Authentication Fail event is generated by the 692 current authentication method. 693 694 Setting this object to 'true' indicates that the next available 695 authentication method will be used when Authentication Fail 696 event occurs. 697 698 The read-only value 'false' indicates that the next available 699 authentication method will not be used when Authentication Fail 700 event occurs." 701 ::= { cafAuthFailedEventPortEntry 4 } 702 703 704 705cafSecurityViolationClient OBJECT-TYPE 706 SYNTAX MacAddress 707 MAX-ACCESS accessible-for-notify 708 STATUS current 709 DESCRIPTION 710 "The MAC address included in the notification currently being 711 sent, indicating the client who triggered the security violation 712 notification." 713 ::= { ciscoAuthFrwkNotifInfo 1 } 714 715cafAuthFailClient OBJECT-TYPE 716 SYNTAX MacAddress 717 MAX-ACCESS accessible-for-notify 718 STATUS current 719 DESCRIPTION 720 "The MAC address included in the cafAuthFailNotif being 721 sent, indicating the client which failed to authenticate." 722 ::= { ciscoAuthFrwkNotifInfo 2 } 723 724cafClientNoRespEventPortTable OBJECT-TYPE 725 SYNTAX SEQUENCE OF CafClientNoRespEventPortEntry 726 MAX-ACCESS not-accessible 727 STATUS current 728 DESCRIPTION 729 "The table contains a list of port entries. 730 731 An entry exists for each port which supports No Response 732 event within the Authentication Framework." 733 ::= { ciscoAuthFrameworkEvent 2 } 734 735cafClientNoRespEventPortEntry OBJECT-TYPE 736 SYNTAX CafClientNoRespEventPortEntry 737 MAX-ACCESS not-accessible 738 STATUS current 739 DESCRIPTION 740 "Entry containing management information of No Response 741 event for a particular port." 742 INDEX { ifIndex } 743 ::= { cafClientNoRespEventPortTable 1 } 744 745CafClientNoRespEventPortEntry ::= SEQUENCE { 746 cafClientNoRespNoActionEnabled TruthValue, 747 cafClientNoRespAuthorizedVlan Integer32 748} 749 750cafClientNoRespNoActionEnabled OBJECT-TYPE 751 SYNTAX TruthValue 752 MAX-ACCESS read-write 753 STATUS current 754 DESCRIPTION 755 "This object specifies whether an action is performed when No 756 Response event occurs. 757 758 Setting 'true' on this object indicates that no action will 759 be performed when No Response event occurs. 760 761 The read-only value 'false' of this object indicates that an 762 action will be performed when No Response event occurs." 763 ::= { cafClientNoRespEventPortEntry 1 } 764 765cafClientNoRespAuthorizedVlan OBJECT-TYPE 766 SYNTAX Integer32 (-1 | 0 | 1..2147483647) 767 MAX-ACCESS read-write 768 STATUS current 769 DESCRIPTION 770 "This object specifies the No Response Authorized VLAN number. 771 772 The read-only value of -1 indicates that this object is not 773 applicable on this port. 774 775 The read-only value of zero indicates that this port will not be 776 authorized to any VLAN when No Response event occurs. 777 778 Setting a non-zero value on this object indicates that this port 779 will be authorized to the VLAN as specified by this object 780 value, when No Response event occurs." 781 ::= { cafClientNoRespEventPortEntry 2 } 782 783 784 785cafServerEventPortTable OBJECT-TYPE 786 SYNTAX SEQUENCE OF CafServerEventPortEntry 787 MAX-ACCESS not-accessible 788 STATUS current 789 DESCRIPTION 790 "The table contains a list of port entries. 791 792 An entry exists for each port which supports AAA Server 793 Reachability event within the Authentication Framework." 794 ::= { ciscoAuthFrameworkEvent 3 } 795 796cafServerEventPortEntry OBJECT-TYPE 797 SYNTAX CafServerEventPortEntry 798 MAX-ACCESS not-accessible 799 STATUS current 800 DESCRIPTION 801 "Entry containing management information of AAA Server 802 Reachability event for a particular port." 803 INDEX { ifIndex } 804 ::= { cafServerEventPortTable 1 } 805 806CafServerEventPortEntry ::= SEQUENCE { 807 cafServerDeadNoActionEnabled TruthValue, 808 cafServerDeadRemainAuthorized TruthValue, 809 cafServerDeadAuthorizedVlan Integer32, 810 cafServerAliveAction INTEGER 811} 812 813cafServerDeadNoActionEnabled OBJECT-TYPE 814 SYNTAX TruthValue 815 MAX-ACCESS read-write 816 STATUS current 817 DESCRIPTION 818 "This object indicates whether an action is performed if an 819 AAA Server Reachability event occurs. 820 821 Setting 'true' on this object indicates that no action 822 will be performed when AAA Server Reachability event occurs. 823 824 The read-only value 'false' indicates that an action will 825 be performed when AAA Server Reachability event occurs." 826 ::= { cafServerEventPortEntry 1 } 827 828cafServerDeadRemainAuthorized OBJECT-TYPE 829 SYNTAX TruthValue 830 MAX-ACCESS read-write 831 STATUS current 832 DESCRIPTION 833 "This object specifies if current authorization will remain 834 unchanged for the port when AAA Server Reachability event 835 occurs. 836 837 Setting 'true' on this object indicates that current 838 authorization will remain unchanged for the port when AAA 839 Server Reachability event occurs. 840 841 The read-only value 'false' indicates that the current 842 authorization will not be retained for the port when 843 AAA Server Reachability event occurs." 844 ::= { cafServerEventPortEntry 2 } 845 846cafServerDeadAuthorizedVlan OBJECT-TYPE 847 SYNTAX Integer32 (-1 | 0 | 1..2147483647) 848 MAX-ACCESS read-write 849 STATUS current 850 DESCRIPTION 851 "This object specifies the AAA Server Reachability 852 Authorized VLAN number. 853 854 The read-only value of -1 indicates that this object is not 855 applicable on this port. 856 857 The read-only value of zero indicates that this port will not 858 be authorized to any VLAN when AAA Server Reachability event 859 occurs. 860 861 Setting a non-zero value on this object indicates that this port 862 will be authorized to the VLAN as specified by this object 863 value, when AAA Server Reachability event occurs." 864 ::= { cafServerEventPortEntry 3 } 865 866cafServerAliveAction OBJECT-TYPE 867 SYNTAX INTEGER { 868 none(1), 869 reinitialize(2) 870 } 871 MAX-ACCESS read-write 872 STATUS current 873 DESCRIPTION 874 "This object specifies the action applied to the port upon AAA 875 recovery. 876 877 none : no action will be applied. 878 reinitialize: the port will be reinitialized with the current 879 authentication method." 880 ::= { cafServerEventPortEntry 4 } 881 882 883-- ciscoAuthFrameworkSession 884 885cafSessionTable OBJECT-TYPE 886 SYNTAX SEQUENCE OF CafSessionEntry 887 MAX-ACCESS not-accessible 888 STATUS current 889 DESCRIPTION 890 "The table contains a list of authentication session. 891 892 An entry is created when an authentication session has 893 successfully created within Authentication Framework. 894 895 An entry is deleted when an authentication session has been 896 removed." 897 ::= { ciscoAuthFrameworkSession 1 } 898 899cafSessionEntry OBJECT-TYPE 900 SYNTAX CafSessionEntry 901 MAX-ACCESS not-accessible 902 STATUS current 903 DESCRIPTION 904 "Entry containing management information for a particular 905 authentication session." 906 INDEX { 907 ifIndex, 908 IMPLIED cafSessionId 909 } 910 ::= { cafSessionTable 1 } 911 912CafSessionEntry ::= SEQUENCE { 913 cafSessionId OCTET STRING, 914 cafSessionClientMacAddress MacAddress, 915 cafSessionClientAddrType InetAddressType, 916 cafSessionClientAddress InetAddress, 917 cafSessionStatus INTEGER, 918 cafSessionDomain INTEGER, 919 cafSessionAuthHostMode CiscoAuthHostMode, 920 cafSessionControlledDirection CiscoAuthControlledDirections, 921 cafSessionPostureToken CnnEouPostureTokenString, 922 cafSessionAuthUserName SnmpAdminString, 923 cafSessionClientFramedIpPool SnmpAdminString, 924 cafSessionAuthorizedBy SnmpAdminString, 925 cafSessionCriticalTimeLeft Unsigned32, 926 cafSessionAuthVlan VlanIndexOrZero, 927 cafSessionTimeout Unsigned32, 928 cafSessionTimeLeft Unsigned32, 929 cafSessionTimeoutAction INTEGER, 930 cafSessionInactivityTimeout Unsigned32, 931 cafSessionInactivityTimeLeft Unsigned32, 932 cafSessionReauth TruthValue, 933 cafSessionTerminate TruthValue, 934 cafSessionVlanGroupName SnmpAdminString 935} 936 937cafSessionId OBJECT-TYPE 938 SYNTAX OCTET STRING (SIZE (1..64)) 939 MAX-ACCESS not-accessible 940 STATUS current 941 DESCRIPTION 942 "A unique identifier of the authentication session." 943 ::= { cafSessionEntry 1 } 944 945cafSessionClientMacAddress OBJECT-TYPE 946 SYNTAX MacAddress 947 MAX-ACCESS read-only 948 STATUS current 949 DESCRIPTION 950 "Indicates the MAC address of the device associates with the 951 authentication session." 952 ::= { cafSessionEntry 2 } 953 954cafSessionClientAddrType OBJECT-TYPE 955 SYNTAX InetAddressType 956 MAX-ACCESS read-only 957 STATUS current 958 DESCRIPTION 959 "Indicates the type of Internet address of the client 960 associates with the authentication session." 961 ::= { cafSessionEntry 3 } 962 963cafSessionClientAddress OBJECT-TYPE 964 SYNTAX InetAddress 965 MAX-ACCESS read-only 966 STATUS current 967 DESCRIPTION 968 "Indicates the Internet address of the client associates with 969 the authentication session. The type of this address is 970 determined by the value of cafSessionClientAddrType object." 971 ::= { cafSessionEntry 4 } 972 973cafSessionStatus OBJECT-TYPE 974 SYNTAX INTEGER { 975 idle(1), 976 running(2), 977 noMethod(3), 978 authenticationSuccess(4), 979 authenticationFailed(5), 980 authorizationSuccess(6), 981 authorizationFailed(7) 982 } 983 MAX-ACCESS read-only 984 STATUS current 985 DESCRIPTION 986 "Indicates the current status of the authentication session. 987 988 idle : the session has been initialized and no 989 method has run yet. 990 991 running : an authentication method is running for 992 this session. 993 994 noMethod : no authentication method has provided a 995 result for this session. 996 997 authenticationSuccess: an authentication method has resulted 998 in authentication success for this session. 999 1000 authenticationFailed: an authentication method has resulted 1001 in authentication failed for this session. 1002 1003 authorizationSuccess: authorization is successful for this 1004 session. 1005 1006 authorizationFailed : authorization is failed for this 1007 session." 1008 ::= { cafSessionEntry 5 } 1009 1010cafSessionDomain OBJECT-TYPE 1011 SYNTAX INTEGER { 1012 other(1), 1013 data(2), 1014 voice(3) 1015 } 1016 MAX-ACCESS read-only 1017 STATUS current 1018 DESCRIPTION 1019 "Indicates the type of domain that the authentication session 1020 belongs to. 1021 1022 other : none of the below. 1023 1024 data : indicates the data domain. 1025 1026 voice: indicates the voice domain." 1027 ::= { cafSessionEntry 6 } 1028 1029cafSessionAuthHostMode OBJECT-TYPE 1030 SYNTAX CiscoAuthHostMode 1031 MAX-ACCESS read-only 1032 STATUS current 1033 DESCRIPTION 1034 "Indicates the authentication host mode of the port in the 1035 authentication session." 1036 ::= { cafSessionEntry 7 } 1037 1038cafSessionControlledDirection OBJECT-TYPE 1039 SYNTAX CiscoAuthControlledDirections 1040 MAX-ACCESS read-only 1041 STATUS current 1042 DESCRIPTION 1043 "Indicates the operational controlled directions parameter 1044 for this port in the authentication session." 1045 ::= { cafSessionEntry 8 } 1046 1047cafSessionPostureToken OBJECT-TYPE 1048 SYNTAX CnnEouPostureTokenString 1049 MAX-ACCESS read-only 1050 STATUS current 1051 DESCRIPTION 1052 "Indicates the posture token associates with the authentication 1053 session." 1054 ::= { cafSessionEntry 9 } 1055 1056cafSessionAuthUserName OBJECT-TYPE 1057 SYNTAX SnmpAdminString 1058 MAX-ACCESS read-only 1059 STATUS current 1060 DESCRIPTION 1061 "Indicates the name of the authenticated user for the 1062 authentication session." 1063 ::= { cafSessionEntry 10 } 1064 1065cafSessionClientFramedIpPool OBJECT-TYPE 1066 SYNTAX SnmpAdminString 1067 MAX-ACCESS read-only 1068 STATUS current 1069 DESCRIPTION 1070 "Indicates the name of the address pool from which the 1071 session's client IP address is assigned." 1072 ::= { cafSessionEntry 11 } 1073 1074cafSessionAuthorizedBy OBJECT-TYPE 1075 SYNTAX SnmpAdminString 1076 MAX-ACCESS read-only 1077 STATUS current 1078 DESCRIPTION 1079 "Indicates the name of the feature which authorizes the 1080 authentication session." 1081 ::= { cafSessionEntry 12 } 1082 1083cafSessionCriticalTimeLeft OBJECT-TYPE 1084 SYNTAX Unsigned32 1085 UNITS "seconds" 1086 MAX-ACCESS read-only 1087 STATUS current 1088 DESCRIPTION 1089 "Indicates the leftover time before the next authentication 1090 attempt for the authentication session after Server Reachability 1091 event occurred. Value zero indicates that this session is 1092 currently being authenticated or it is not applicable." 1093 ::= { cafSessionEntry 13 } 1094 1095cafSessionAuthVlan OBJECT-TYPE 1096 SYNTAX VlanIndexOrZero 1097 MAX-ACCESS read-only 1098 STATUS current 1099 DESCRIPTION 1100 "Indicates the authorized VLAN applied to the authentication 1101 session. Value zero indicates that no authorized VLAN has been 1102 applied, or it is not applicable." 1103 ::= { cafSessionEntry 14 } 1104 1105cafSessionTimeout OBJECT-TYPE 1106 SYNTAX Unsigned32 1107 UNITS "seconds" 1108 MAX-ACCESS read-only 1109 STATUS current 1110 DESCRIPTION 1111 "Indicates the session timeout used by Authentication 1112 Framework in the authentication session." 1113 ::= { cafSessionEntry 15 } 1114 1115cafSessionTimeLeft OBJECT-TYPE 1116 SYNTAX Unsigned32 1117 UNITS "seconds" 1118 MAX-ACCESS read-only 1119 STATUS current 1120 DESCRIPTION 1121 "Indicates the leftover time of the current authentication 1122 session." 1123 ::= { cafSessionEntry 16 } 1124 1125cafSessionTimeoutAction OBJECT-TYPE 1126 SYNTAX INTEGER { 1127 unknown(1), 1128 terminate(2), 1129 reauthenticate(3) 1130 } 1131 MAX-ACCESS read-only 1132 STATUS current 1133 DESCRIPTION 1134 "Indicates the timeout action on the authentication session, 1135 when value of the corresponding instance of cafSessionTimeLeft 1136 reaches zero. 1137 1138 unknown : None of the below. 1139 1140 terminate : Session will be terminated. 1141 1142 reauthenticate: Session will be reauthenticated." 1143 ::= { cafSessionEntry 17 } 1144 1145cafSessionInactivityTimeout OBJECT-TYPE 1146 SYNTAX Unsigned32 1147 UNITS "seconds" 1148 MAX-ACCESS read-only 1149 STATUS current 1150 DESCRIPTION 1151 "Indicates the inactivity timeout used by Authentication 1152 Framework in the authentication session." 1153 ::= { cafSessionEntry 18 } 1154 1155cafSessionInactivityTimeLeft OBJECT-TYPE 1156 SYNTAX Unsigned32 1157 UNITS "seconds" 1158 MAX-ACCESS read-only 1159 STATUS current 1160 DESCRIPTION 1161 "Indicates the leftover time of the inactivity timer of 1162 the authentication session." 1163 ::= { cafSessionEntry 19 } 1164 1165cafSessionReauth OBJECT-TYPE 1166 SYNTAX TruthValue 1167 MAX-ACCESS read-write 1168 STATUS current 1169 DESCRIPTION 1170 "The reauthentication control for the authentication session. 1171 Setting this object to 'true' cause the current authenticated 1172 session to reauthenticate the authenticated client. Setting 1173 this object to 'false' has no effect. 1174 1175 This object always returns 'false' when being read." 1176 ::= { cafSessionEntry 20 } 1177 1178cafSessionTerminate OBJECT-TYPE 1179 SYNTAX TruthValue 1180 MAX-ACCESS read-write 1181 STATUS current 1182 DESCRIPTION 1183 "The termination request control for the authentication session. 1184 Setting this object to 'true' terminates the current session. 1185 Setting this object to 'false' has no effect. 1186 1187 This object always returns 'false' when being read." 1188 ::= { cafSessionEntry 21 } 1189 1190cafSessionVlanGroupName OBJECT-TYPE 1191 SYNTAX SnmpAdminString 1192 MAX-ACCESS read-only 1193 STATUS current 1194 DESCRIPTION 1195 "The name of the VLAN group that has been used during VLAN 1196 assignment for this session. 1197 1198 A zero length string indicates that there is no VLAN group been 1199 used during VLAN assignment." 1200 ::= { cafSessionEntry 22 } 1201 1202 1203 1204cafSessionMethodsInfoTable OBJECT-TYPE 1205 SYNTAX SEQUENCE OF CafSessionMethodsInfoEntry 1206 MAX-ACCESS not-accessible 1207 STATUS current 1208 DESCRIPTION 1209 "The table contains a list of authentication method for every 1210 authentication session. 1211 1212 An entry exists for each authentication method that can 1213 authenticate an authentication session within 1214 Authentication Framework." 1215 ::= { ciscoAuthFrameworkSession 2 } 1216 1217cafSessionMethodsInfoEntry OBJECT-TYPE 1218 SYNTAX CafSessionMethodsInfoEntry 1219 MAX-ACCESS not-accessible 1220 STATUS current 1221 DESCRIPTION 1222 "Entry containing method information for a particular runnable 1223 authentication methods which is associated with a session for 1224 an Authentication Framework managed port." 1225 INDEX { 1226 ifIndex, 1227 cafSessionId, 1228 cafSessionMethod 1229 } 1230 ::= { cafSessionMethodsInfoTable 1 } 1231 1232CafSessionMethodsInfoEntry ::= SEQUENCE { 1233 cafSessionMethod CiscoAuthMethod, 1234 cafSessionMethodState INTEGER 1235} 1236 1237cafSessionMethod OBJECT-TYPE 1238 SYNTAX CiscoAuthMethod 1239 MAX-ACCESS not-accessible 1240 STATUS current 1241 DESCRIPTION 1242 "Indicates this authentication method." 1243 ::= { cafSessionMethodsInfoEntry 1 } 1244 1245cafSessionMethodState OBJECT-TYPE 1246 SYNTAX INTEGER { 1247 notRun(1), 1248 running(2), 1249 failedOver(3), 1250 authcSuccess(4), 1251 authcFailed(5) 1252 } 1253 MAX-ACCESS read-only 1254 STATUS current 1255 DESCRIPTION 1256 "Indicates the state of this authentication method. 1257 1258 notRun : The method has not run for this session. 1259 1260 running : The method is running for this session. 1261 1262 failedOver : The method has failed and the next method is 1263 expected to provide a result. 1264 1265 authcSuccess: The method has provided a successful 1266 authentication result for this session. 1267 1268 authcFailed : The method has provided a failed authentication 1269 result for this session." 1270 ::= { cafSessionMethodsInfoEntry 2 } 1271 1272 1273 1274-- Notifications and notification controls 1275 1276cafSecurityViolationNotifEnable OBJECT-TYPE 1277 SYNTAX TruthValue 1278 MAX-ACCESS read-write 1279 STATUS current 1280 DESCRIPTION 1281 "This variable indicates whether the system produces 1282 the cafSecurityViolationNotif. 1283 1284 A 'false' value will prevent cafSecurityViolationNotif 1285 from being generated by this system." 1286 ::= { ciscoAuthFrwkNotifControl 1 } 1287 1288cafAuthFailNotifEnable OBJECT-TYPE 1289 SYNTAX TruthValue 1290 MAX-ACCESS read-write 1291 STATUS current 1292 DESCRIPTION 1293 "This object specifies whether the system produces 1294 the cafAuthFailNotif. 1295 1296 A 'true' value will cause cafAuthFailNotif to be generated by 1297 this system when an authentication failure happens. 1298 1299 A 'false' value will prevent cafAuthFailNotif 1300 from being generated by this system." 1301 ::= { ciscoAuthFrwkNotifControl 2 } 1302 1303cafSecurityViolationNotif NOTIFICATION-TYPE 1304 OBJECTS { 1305 ifIndex, 1306 ifName, 1307 cafSecurityViolationClient 1308 } 1309 STATUS current 1310 DESCRIPTION 1311 "A cafSecurityViolationNotif is sent if a security violation 1312 is detected on a port, and the instance value of 1313 cafSecurityViolationNotifEnable is 'true'." 1314 ::= { ciscoAuthFrameworkMIBNotifs 1 } 1315 1316cafAuthFailNotif NOTIFICATION-TYPE 1317 OBJECTS { 1318 ifName, 1319 cafAuthFailClient 1320 } 1321 STATUS current 1322 DESCRIPTION 1323 "A cafAuthFailNotif is sent if an authentication failure is 1324 detected on a port, and the instance value of 1325 cafAuthFailNotifEnable is 'true'. 1326 1327 ifName contains the name of the interface where the 1328 authentication failure happened. 1329 1330 cafAuthFailClient contains the mac address of the client which 1331 failed to authenticate." 1332 ::= { ciscoAuthFrameworkMIBNotifs 2 } 1333-- Conformance 1334 1335ciscoAuthFrameworkMIBCompliances OBJECT IDENTIFIER 1336 ::= { ciscoAuthFrameworkMIBConform 1 } 1337 1338ciscoAuthFrameworkMIBGroups OBJECT IDENTIFIER 1339 ::= { ciscoAuthFrameworkMIBConform 2 } 1340 1341 1342ciscoAuthFrameworkMIBCompliance MODULE-COMPLIANCE 1343 STATUS deprecated 1344 DESCRIPTION 1345 "The compliance statement for entities which implement 1346 CISCO-AUTH-FRAMEWORK-MIB." 1347 MODULE -- this module 1348 MANDATORY-GROUPS { 1349 cafAuthMethodRegGroup, 1350 cafAuthPortConfigGroup, 1351 cafPortMethodGroup, 1352 cafSessionGroup, 1353 cafSessionMethodInfoGroup 1354 } 1355 1356 GROUP cafAaaNoRespRecoveryDelayGroup 1357 DESCRIPTION 1358 "This group is mandatory in devices running software which 1359 provide AAA recovery delay configuration for Authentication 1360 Framework." 1361 1362 GROUP cafAuthFailedEventGroup 1363 DESCRIPTION 1364 "This group is mandatory in devices running software which 1365 provide configuration for Authentication Framework on its 1366 capable ports, when Authentication Fail event occurs." 1367 1368 GROUP cafClientNoRespEventGroup 1369 DESCRIPTION 1370 "This group is mandatory in devices running software which 1371 provide configuration for Authentication Framework to authorize 1372 ports in a special VLAN when non-capable clients are 1373 detected." 1374 1375 GROUP cafServerEventGroup 1376 DESCRIPTION 1377 "This group is mandatory in devices running software which 1378 provide configuration for Authentication Framework on 1379 authenticated ports when AAA Server Reachability event occurs." 1380 1381 GROUP cafSecViolationNotifEnableGroup 1382 DESCRIPTION 1383 "This group is mandatory in devices running software which 1384 support security violation notification for Authentication 1385 Framework." 1386 1387 GROUP cafSecurityViolationNotifGroup 1388 DESCRIPTION 1389 "This group is mandatory in devices running software which 1390 support security violation notification for Authentication 1391 Framework." 1392 1393 GROUP cafSecurityViolationClientGroup 1394 DESCRIPTION 1395 "This group is mandatory in devices running software which 1396 support security violation notification for Authentication 1397 Framework." 1398 1399 OBJECT cafAaaNoRespRecoveryDelay 1400 MIN-ACCESS read-only 1401 DESCRIPTION 1402 "Write access is not required." 1403 1404 OBJECT cafPortControlledDirection 1405 MIN-ACCESS read-only 1406 DESCRIPTION 1407 "Write access is not required." 1408 1409 OBJECT cafPortFallBackProfile 1410 MIN-ACCESS read-only 1411 DESCRIPTION 1412 "Write access is not required." 1413 1414 OBJECT cafPortAuthHostMode 1415 MIN-ACCESS read-only 1416 DESCRIPTION 1417 "Write access is not required." 1418 1419 OBJECT cafPortPreAuthOpenAccess 1420 MIN-ACCESS read-only 1421 DESCRIPTION 1422 "Write access is not required." 1423 1424 OBJECT cafPortAuthorizeControl 1425 MIN-ACCESS read-only 1426 DESCRIPTION 1427 "Write access is not required." 1428 1429 OBJECT cafPortReauthEnabled 1430 MIN-ACCESS read-only 1431 DESCRIPTION 1432 "Write access is not required." 1433 1434 OBJECT cafPortReauthInterval 1435 MIN-ACCESS read-only 1436 DESCRIPTION 1437 "Write access is not required." 1438 1439 OBJECT cafPortRestartInterval 1440 MIN-ACCESS read-only 1441 DESCRIPTION 1442 "Write access is not required." 1443 1444 OBJECT cafPortInactivityTimeout 1445 MIN-ACCESS read-only 1446 DESCRIPTION 1447 "Write access is not required." 1448 1449 OBJECT cafPortViolationAction 1450 MIN-ACCESS read-only 1451 DESCRIPTION 1452 "Write access is not required." 1453 1454 OBJECT cafPortMethodAdminExecOrder 1455 MIN-ACCESS read-only 1456 DESCRIPTION 1457 "Write access is not required." 1458 1459 OBJECT cafPortMethodAdminPriority 1460 MIN-ACCESS read-only 1461 DESCRIPTION 1462 "Write access is not required." 1463 1464 OBJECT cafAuthFailedMaxRetry 1465 MIN-ACCESS read-only 1466 DESCRIPTION 1467 "Write access is not required." 1468 1469 OBJECT cafAuthFailedNoActionEnabled 1470 MIN-ACCESS read-only 1471 DESCRIPTION 1472 "Write access is not required." 1473 1474 OBJECT cafAuthFailedAuthorizedVlan 1475 MIN-ACCESS read-only 1476 DESCRIPTION 1477 "Write access is not required." 1478 1479 OBJECT cafAuthFailedNextMethodEnabled 1480 MIN-ACCESS read-only 1481 DESCRIPTION 1482 "Write access is not required." 1483 1484 OBJECT cafClientNoRespNoActionEnabled 1485 MIN-ACCESS read-only 1486 DESCRIPTION 1487 "Write access is not required." 1488 1489 OBJECT cafClientNoRespAuthorizedVlan 1490 MIN-ACCESS read-only 1491 DESCRIPTION 1492 "Write access is not required." 1493 1494 OBJECT cafServerDeadNoActionEnabled 1495 MIN-ACCESS read-only 1496 DESCRIPTION 1497 "Write access is not required." 1498 1499 OBJECT cafServerDeadRemainAuthorized 1500 MIN-ACCESS read-only 1501 DESCRIPTION 1502 "Write access is not required." 1503 1504 OBJECT cafServerDeadAuthorizedVlan 1505 MIN-ACCESS read-only 1506 DESCRIPTION 1507 "Write access is not required." 1508 1509 OBJECT cafServerAliveAction 1510 MIN-ACCESS read-only 1511 DESCRIPTION 1512 "Write access is not required." 1513 1514 OBJECT cafSessionReauth 1515 MIN-ACCESS read-only 1516 DESCRIPTION 1517 "Write access is not required." 1518 1519 OBJECT cafSessionTerminate 1520 MIN-ACCESS read-only 1521 DESCRIPTION 1522 "Write access is not required." 1523 1524 OBJECT cafSecurityViolationNotifEnable 1525 MIN-ACCESS read-only 1526 DESCRIPTION 1527 "Write access is not required." 1528 ::= { ciscoAuthFrameworkMIBCompliances 1 } 1529 1530ciscoAuthFrameworkMIBCompliance2 MODULE-COMPLIANCE 1531 STATUS deprecated 1532 DESCRIPTION 1533 "The compliance statement for entities which implement 1534 CISCO-AUTH-FRAMEWORK-MIB." 1535 MODULE -- this module 1536 MANDATORY-GROUPS { 1537 cafAuthMethodRegGroup, 1538 cafAuthPortConfigGroup, 1539 cafPortMethodGroup, 1540 cafSessionGroup, 1541 cafSessionMethodInfoGroup 1542 } 1543 1544 GROUP cafAaaNoRespRecoveryDelayGroup 1545 DESCRIPTION 1546 "This group is mandatory in devices running software which 1547 provide AAA recovery delay configuration for Authentication 1548 Framework." 1549 1550 GROUP cafAuthFailedEventGroup 1551 DESCRIPTION 1552 "This group is mandatory in devices running software which 1553 provide configuration for Authentication Framework on its 1554 capable ports, when Authentication Fail event occurs." 1555 1556 GROUP cafClientNoRespEventGroup 1557 DESCRIPTION 1558 "This group is mandatory in devices running software which 1559 provide configuration for Authentication Framework to authorize 1560 ports in a special VLAN when non-capable clients are 1561 detected." 1562 1563 GROUP cafServerEventGroup 1564 DESCRIPTION 1565 "This group is mandatory in devices running software which 1566 provide configuration for Authentication Framework on 1567 authenticated ports when AAA Server Reachability event occurs." 1568 1569 GROUP cafSecViolationNotifEnableGroup 1570 DESCRIPTION 1571 "This group is mandatory in devices running software which 1572 support security violation notification for Authentication 1573 Framework." 1574 1575 GROUP cafSecurityViolationNotifGroup 1576 DESCRIPTION 1577 "This group is mandatory in devices running software which 1578 support security violation notification for Authentication 1579 Framework." 1580 1581 GROUP cafSecurityViolationClientGroup 1582 DESCRIPTION 1583 "This group is mandatory in devices running software which 1584 support security violation notification for Authentication 1585 Framework." 1586 1587 GROUP cafSessionVlanGroupNameGroup 1588 DESCRIPTION 1589 "This group is mandatory in devices running software which 1590 provide VLAN group information for Authentication 1591 Framework." 1592 1593 OBJECT cafAaaNoRespRecoveryDelay 1594 MIN-ACCESS read-only 1595 DESCRIPTION 1596 "Write access is not required." 1597 1598 OBJECT cafPortControlledDirection 1599 MIN-ACCESS read-only 1600 DESCRIPTION 1601 "Write access is not required." 1602 1603 OBJECT cafPortFallBackProfile 1604 MIN-ACCESS read-only 1605 DESCRIPTION 1606 "Write access is not required." 1607 1608 OBJECT cafPortAuthHostMode 1609 MIN-ACCESS read-only 1610 DESCRIPTION 1611 "Write access is not required." 1612 1613 OBJECT cafPortPreAuthOpenAccess 1614 MIN-ACCESS read-only 1615 DESCRIPTION 1616 "Write access is not required." 1617 1618 OBJECT cafPortAuthorizeControl 1619 MIN-ACCESS read-only 1620 DESCRIPTION 1621 "Write access is not required." 1622 1623 OBJECT cafPortReauthEnabled 1624 MIN-ACCESS read-only 1625 DESCRIPTION 1626 "Write access is not required." 1627 1628 OBJECT cafPortReauthInterval 1629 MIN-ACCESS read-only 1630 DESCRIPTION 1631 "Write access is not required." 1632 1633 OBJECT cafPortRestartInterval 1634 MIN-ACCESS read-only 1635 DESCRIPTION 1636 "Write access is not required." 1637 1638 OBJECT cafPortInactivityTimeout 1639 MIN-ACCESS read-only 1640 DESCRIPTION 1641 "Write access is not required." 1642 1643 OBJECT cafPortViolationAction 1644 MIN-ACCESS read-only 1645 DESCRIPTION 1646 "Write access is not required." 1647 1648 OBJECT cafPortMethodAdminExecOrder 1649 MIN-ACCESS read-only 1650 DESCRIPTION 1651 "Write access is not required." 1652 1653 OBJECT cafPortMethodAdminPriority 1654 MIN-ACCESS read-only 1655 DESCRIPTION 1656 "Write access is not required." 1657 1658 OBJECT cafAuthFailedMaxRetry 1659 MIN-ACCESS read-only 1660 DESCRIPTION 1661 "Write access is not required." 1662 1663 OBJECT cafAuthFailedNoActionEnabled 1664 MIN-ACCESS read-only 1665 DESCRIPTION 1666 "Write access is not required." 1667 1668 OBJECT cafAuthFailedAuthorizedVlan 1669 MIN-ACCESS read-only 1670 DESCRIPTION 1671 "Write access is not required." 1672 1673 OBJECT cafAuthFailedNextMethodEnabled 1674 MIN-ACCESS read-only 1675 DESCRIPTION 1676 "Write access is not required." 1677 1678 OBJECT cafClientNoRespNoActionEnabled 1679 MIN-ACCESS read-only 1680 DESCRIPTION 1681 "Write access is not required." 1682 1683 OBJECT cafClientNoRespAuthorizedVlan 1684 MIN-ACCESS read-only 1685 DESCRIPTION 1686 "Write access is not required." 1687 1688 OBJECT cafServerDeadNoActionEnabled 1689 MIN-ACCESS read-only 1690 DESCRIPTION 1691 "Write access is not required." 1692 1693 OBJECT cafServerDeadRemainAuthorized 1694 MIN-ACCESS read-only 1695 DESCRIPTION 1696 "Write access is not required." 1697 1698 OBJECT cafServerDeadAuthorizedVlan 1699 MIN-ACCESS read-only 1700 DESCRIPTION 1701 "Write access is not required." 1702 1703 OBJECT cafServerAliveAction 1704 MIN-ACCESS read-only 1705 DESCRIPTION 1706 "Write access is not required." 1707 1708 OBJECT cafSessionReauth 1709 MIN-ACCESS read-only 1710 DESCRIPTION 1711 "Write access is not required." 1712 1713 OBJECT cafSessionTerminate 1714 MIN-ACCESS read-only 1715 DESCRIPTION 1716 "Write access is not required." 1717 1718 OBJECT cafSecurityViolationNotifEnable 1719 MIN-ACCESS read-only 1720 DESCRIPTION 1721 "Write access is not required." 1722 ::= { ciscoAuthFrameworkMIBCompliances 2 } 1723 1724ciscoAuthFrameworkMIBCompliance3 MODULE-COMPLIANCE 1725 STATUS deprecated 1726 DESCRIPTION 1727 "The compliance statement for entities which implement 1728 CISCO-AUTH-FRAMEWORK-MIB." 1729 MODULE -- this module 1730 MANDATORY-GROUPS { 1731 cafAuthMethodRegGroup, 1732 cafAuthPortConfigGroup, 1733 cafPortMethodGroup, 1734 cafSessionGroup, 1735 cafSessionMethodInfoGroup 1736 } 1737 1738 GROUP cafAaaNoRespRecoveryDelayGroup 1739 DESCRIPTION 1740 "This group is mandatory in devices running software which 1741 provide AAA recovery delay configuration for Authentication 1742 Framework." 1743 1744 GROUP cafAuthFailedEventGroup 1745 DESCRIPTION 1746 "This group is mandatory in devices running software which 1747 provide configuration for Authentication Framework on its 1748 capable ports, when Authentication Fail event occurs." 1749 1750 GROUP cafClientNoRespEventGroup 1751 DESCRIPTION 1752 "This group is mandatory in devices running software which 1753 provide configuration for Authentication Framework to authorize 1754 ports in a special VLAN when non-capable clients are 1755 detected." 1756 1757 GROUP cafServerEventGroup 1758 DESCRIPTION 1759 "This group is mandatory in devices running software which 1760 provide configuration for Authentication Framework on 1761 authenticated ports when AAA Server Reachability event occurs." 1762 1763 GROUP cafSecViolationNotifEnableGroup 1764 DESCRIPTION 1765 "This group is mandatory in devices running software which 1766 support security violation notification for Authentication 1767 Framework." 1768 1769 GROUP cafSecurityViolationNotifGroup 1770 DESCRIPTION 1771 "This group is mandatory in devices running software which 1772 support security violation notification for Authentication 1773 Framework." 1774 1775 GROUP cafSecurityViolationClientGroup 1776 DESCRIPTION 1777 "This group is mandatory in devices running software which 1778 support security violation notification for Authentication 1779 Framework." 1780 1781 GROUP cafSessionVlanGroupNameGroup 1782 DESCRIPTION 1783 "This group is mandatory in devices running software which 1784 provide VLAN group information for Authentication 1785 Framework." 1786 1787 GROUP cafMacMoveConfigGroup 1788 DESCRIPTION 1789 "This group is mandatory in devices running software which 1790 provide MAC move configuration for Authentication Framework." 1791 1792 GROUP cafCoACommandConfigGroup 1793 DESCRIPTION 1794 "This group is mandatory in devices running software which 1795 provide configuration for behavor for CoA commands for 1796 Authentication Framework." 1797 1798 OBJECT cafAaaNoRespRecoveryDelay 1799 MIN-ACCESS read-only 1800 DESCRIPTION 1801 "Write access is not required." 1802 1803 OBJECT cafPortControlledDirection 1804 MIN-ACCESS read-only 1805 DESCRIPTION 1806 "Write access is not required." 1807 1808 OBJECT cafPortFallBackProfile 1809 MIN-ACCESS read-only 1810 DESCRIPTION 1811 "Write access is not required." 1812 1813 OBJECT cafPortAuthHostMode 1814 MIN-ACCESS read-only 1815 DESCRIPTION 1816 "Write access is not required." 1817 1818 OBJECT cafPortPreAuthOpenAccess 1819 MIN-ACCESS read-only 1820 DESCRIPTION 1821 "Write access is not required." 1822 1823 OBJECT cafPortAuthorizeControl 1824 MIN-ACCESS read-only 1825 DESCRIPTION 1826 "Write access is not required." 1827 1828 OBJECT cafPortReauthEnabled 1829 MIN-ACCESS read-only 1830 DESCRIPTION 1831 "Write access is not required." 1832 1833 OBJECT cafPortReauthInterval 1834 MIN-ACCESS read-only 1835 DESCRIPTION 1836 "Write access is not required." 1837 1838 OBJECT cafPortRestartInterval 1839 MIN-ACCESS read-only 1840 DESCRIPTION 1841 "Write access is not required." 1842 1843 OBJECT cafPortInactivityTimeout 1844 MIN-ACCESS read-only 1845 DESCRIPTION 1846 "Write access is not required." 1847 1848 OBJECT cafPortViolationAction 1849 MIN-ACCESS read-only 1850 DESCRIPTION 1851 "Write access is not required." 1852 1853 OBJECT cafPortMethodAdminExecOrder 1854 MIN-ACCESS read-only 1855 DESCRIPTION 1856 "Write access is not required." 1857 1858 OBJECT cafPortMethodAdminPriority 1859 MIN-ACCESS read-only 1860 DESCRIPTION 1861 "Write access is not required." 1862 1863 OBJECT cafAuthFailedMaxRetry 1864 MIN-ACCESS read-only 1865 DESCRIPTION 1866 "Write access is not required." 1867 1868 OBJECT cafAuthFailedNoActionEnabled 1869 MIN-ACCESS read-only 1870 DESCRIPTION 1871 "Write access is not required." 1872 1873 OBJECT cafAuthFailedAuthorizedVlan 1874 MIN-ACCESS read-only 1875 DESCRIPTION 1876 "Write access is not required." 1877 1878 OBJECT cafAuthFailedNextMethodEnabled 1879 MIN-ACCESS read-only 1880 DESCRIPTION 1881 "Write access is not required." 1882 1883 OBJECT cafClientNoRespNoActionEnabled 1884 MIN-ACCESS read-only 1885 DESCRIPTION 1886 "Write access is not required." 1887 1888 OBJECT cafClientNoRespAuthorizedVlan 1889 MIN-ACCESS read-only 1890 DESCRIPTION 1891 "Write access is not required." 1892 1893 OBJECT cafServerDeadNoActionEnabled 1894 MIN-ACCESS read-only 1895 DESCRIPTION 1896 "Write access is not required." 1897 1898 OBJECT cafServerDeadRemainAuthorized 1899 MIN-ACCESS read-only 1900 DESCRIPTION 1901 "Write access is not required." 1902 1903 OBJECT cafServerDeadAuthorizedVlan 1904 MIN-ACCESS read-only 1905 DESCRIPTION 1906 "Write access is not required." 1907 1908 OBJECT cafServerAliveAction 1909 MIN-ACCESS read-only 1910 DESCRIPTION 1911 "Write access is not required." 1912 1913 OBJECT cafSessionReauth 1914 MIN-ACCESS read-only 1915 DESCRIPTION 1916 "Write access is not required." 1917 1918 OBJECT cafSessionTerminate 1919 MIN-ACCESS read-only 1920 DESCRIPTION 1921 "Write access is not required." 1922 1923 OBJECT cafSecurityViolationNotifEnable 1924 MIN-ACCESS read-only 1925 DESCRIPTION 1926 "Write access is not required." 1927 1928 OBJECT cafMacMoveMode 1929 MIN-ACCESS read-only 1930 DESCRIPTION 1931 "Write access is not required." 1932 1933 OBJECT cafCoABouncePortCommandIgnoreEnabled 1934 MIN-ACCESS read-only 1935 DESCRIPTION 1936 "Write access is not required." 1937 1938 OBJECT cafCoADisablePortCommandIgnoreEnabled 1939 MIN-ACCESS read-only 1940 DESCRIPTION 1941 "Write access is not required." 1942 ::= { ciscoAuthFrameworkMIBCompliances 3 } 1943 1944ciscoAuthFrameworkMIBCompliance4 MODULE-COMPLIANCE 1945 STATUS current 1946 DESCRIPTION 1947 "The compliance statement for entities which implement 1948 CISCO-AUTH-FRAMEWORK-MIB." 1949 MODULE -- this module 1950 MANDATORY-GROUPS { 1951 cafAuthMethodRegGroup, 1952 cafAuthPortConfigGroup, 1953 cafPortMethodGroup, 1954 cafSessionGroup, 1955 cafSessionMethodInfoGroup 1956 } 1957 1958 GROUP cafAaaNoRespRecoveryDelayGroup 1959 DESCRIPTION 1960 "This group is mandatory in devices running software which 1961 provide AAA recovery delay configuration for Authentication 1962 Framework." 1963 1964 GROUP cafAuthFailedEventGroup 1965 DESCRIPTION 1966 "This group is mandatory in devices running software which 1967 provide configuration for Authentication Framework on its 1968 capable ports, when Authentication Fail event occurs." 1969 1970 GROUP cafClientNoRespEventGroup 1971 DESCRIPTION 1972 "This group is mandatory in devices running software which 1973 provide configuration for Authentication Framework to authorize 1974 ports in a special VLAN when non-capable clients are 1975 detected." 1976 1977 GROUP cafServerEventGroup 1978 DESCRIPTION 1979 "This group is mandatory in devices running software which 1980 provide configuration for Authentication Framework on 1981 authenticated ports when AAA Server Reachability event occurs." 1982 1983 GROUP cafSecViolationNotifEnableGroup 1984 DESCRIPTION 1985 "This group is mandatory in devices running software which 1986 support security violation notification for Authentication 1987 Framework." 1988 1989 GROUP cafSecurityViolationNotifGroup 1990 DESCRIPTION 1991 "This group is mandatory in devices running software which 1992 support security violation notification for Authentication 1993 Framework." 1994 1995 GROUP cafSecurityViolationClientGroup 1996 DESCRIPTION 1997 "This group is mandatory in devices running software which 1998 support security violation notification for Authentication 1999 Framework." 2000 2001 GROUP cafSessionVlanGroupNameGroup 2002 DESCRIPTION 2003 "This group is mandatory in devices running software which 2004 provide VLAN group information for Authentication 2005 Framework." 2006 2007 GROUP cafMacMoveConfigGroup 2008 DESCRIPTION 2009 "This group is mandatory in devices running software which 2010 provide MAC move configuration for Authentication Framework." 2011 2012 GROUP cafCoACommandConfigGroup 2013 DESCRIPTION 2014 "This group is mandatory in devices running software which 2015 provide configuration for behavor for CoA commands for 2016 Authentication Framework." 2017 2018 GROUP cafAuthFailNotifGroup 2019 DESCRIPTION 2020 "This group is mandatory in devices running software which 2021 support authentication failure notification for Authentication 2022 Framework." 2023 2024 GROUP cafAuthFailNotifEnableGroup 2025 DESCRIPTION 2026 "This group is mandatory in devices running software which 2027 support authentication failure notification for Authentication 2028 Framework." 2029 2030 GROUP cafAuthFailClientGroup 2031 DESCRIPTION 2032 "This group is mandatory in devices running software which 2033 support authentication failure notification for Authentication 2034 Framework." 2035 2036 OBJECT cafAaaNoRespRecoveryDelay 2037 MIN-ACCESS read-only 2038 DESCRIPTION 2039 "Write access is not required." 2040 2041 OBJECT cafPortControlledDirection 2042 MIN-ACCESS read-only 2043 DESCRIPTION 2044 "Write access is not required." 2045 2046 OBJECT cafPortFallBackProfile 2047 MIN-ACCESS read-only 2048 DESCRIPTION 2049 "Write access is not required." 2050 2051 OBJECT cafPortAuthHostMode 2052 MIN-ACCESS read-only 2053 DESCRIPTION 2054 "Write access is not required." 2055 2056 OBJECT cafPortPreAuthOpenAccess 2057 MIN-ACCESS read-only 2058 DESCRIPTION 2059 "Write access is not required." 2060 2061 OBJECT cafPortAuthorizeControl 2062 MIN-ACCESS read-only 2063 DESCRIPTION 2064 "Write access is not required." 2065 2066 OBJECT cafPortReauthEnabled 2067 MIN-ACCESS read-only 2068 DESCRIPTION 2069 "Write access is not required." 2070 2071 OBJECT cafPortReauthInterval 2072 MIN-ACCESS read-only 2073 DESCRIPTION 2074 "Write access is not required." 2075 2076 OBJECT cafPortRestartInterval 2077 MIN-ACCESS read-only 2078 DESCRIPTION 2079 "Write access is not required." 2080 2081 OBJECT cafPortInactivityTimeout 2082 MIN-ACCESS read-only 2083 DESCRIPTION 2084 "Write access is not required." 2085 2086 OBJECT cafPortViolationAction 2087 MIN-ACCESS read-only 2088 DESCRIPTION 2089 "Write access is not required." 2090 2091 OBJECT cafPortMethodAdminExecOrder 2092 MIN-ACCESS read-only 2093 DESCRIPTION 2094 "Write access is not required." 2095 2096 OBJECT cafPortMethodAdminPriority 2097 MIN-ACCESS read-only 2098 DESCRIPTION 2099 "Write access is not required." 2100 2101 OBJECT cafAuthFailedMaxRetry 2102 MIN-ACCESS read-only 2103 DESCRIPTION 2104 "Write access is not required." 2105 2106 OBJECT cafAuthFailedNoActionEnabled 2107 MIN-ACCESS read-only 2108 DESCRIPTION 2109 "Write access is not required." 2110 2111 OBJECT cafAuthFailedAuthorizedVlan 2112 MIN-ACCESS read-only 2113 DESCRIPTION 2114 "Write access is not required." 2115 2116 OBJECT cafAuthFailedNextMethodEnabled 2117 MIN-ACCESS read-only 2118 DESCRIPTION 2119 "Write access is not required." 2120 2121 OBJECT cafClientNoRespNoActionEnabled 2122 MIN-ACCESS read-only 2123 DESCRIPTION 2124 "Write access is not required." 2125 2126 OBJECT cafClientNoRespAuthorizedVlan 2127 MIN-ACCESS read-only 2128 DESCRIPTION 2129 "Write access is not required." 2130 2131 OBJECT cafServerDeadNoActionEnabled 2132 MIN-ACCESS read-only 2133 DESCRIPTION 2134 "Write access is not required." 2135 2136 OBJECT cafServerDeadRemainAuthorized 2137 MIN-ACCESS read-only 2138 DESCRIPTION 2139 "Write access is not required." 2140 2141 OBJECT cafServerDeadAuthorizedVlan 2142 MIN-ACCESS read-only 2143 DESCRIPTION 2144 "Write access is not required." 2145 2146 OBJECT cafServerAliveAction 2147 MIN-ACCESS read-only 2148 DESCRIPTION 2149 "Write access is not required." 2150 2151 OBJECT cafSessionReauth 2152 MIN-ACCESS read-only 2153 DESCRIPTION 2154 "Write access is not required." 2155 2156 OBJECT cafSessionTerminate 2157 MIN-ACCESS read-only 2158 DESCRIPTION 2159 "Write access is not required." 2160 2161 OBJECT cafSecurityViolationNotifEnable 2162 MIN-ACCESS read-only 2163 DESCRIPTION 2164 "Write access is not required." 2165 2166 OBJECT cafMacMoveMode 2167 MIN-ACCESS read-only 2168 DESCRIPTION 2169 "Write access is not required." 2170 2171 OBJECT cafCoABouncePortCommandIgnoreEnabled 2172 MIN-ACCESS read-only 2173 DESCRIPTION 2174 "Write access is not required." 2175 2176 OBJECT cafCoADisablePortCommandIgnoreEnabled 2177 MIN-ACCESS read-only 2178 DESCRIPTION 2179 "Write access is not required." 2180 ::= { ciscoAuthFrameworkMIBCompliances 4 } 2181 2182-- Units of Conformance 2183 2184cafAuthMethodRegGroup OBJECT-GROUP 2185 OBJECTS { 2186 cafAuthMethodDefaultPriority, 2187 cafAuthMethodDefaultExecOrder 2188 } 2189 STATUS current 2190 DESCRIPTION 2191 "A collection of objects that provides registration 2192 information of authentication methods in Authentication 2193 Framework." 2194 ::= { ciscoAuthFrameworkMIBGroups 1 } 2195 2196cafAaaNoRespRecoveryDelayGroup OBJECT-GROUP 2197 OBJECTS { cafAaaNoRespRecoveryDelay } 2198 STATUS current 2199 DESCRIPTION 2200 "A collection of objects that provides AAA recovery delay 2201 configuration for Authentication Framework in the system." 2202 ::= { ciscoAuthFrameworkMIBGroups 2 } 2203 2204cafAuthPortConfigGroup OBJECT-GROUP 2205 OBJECTS { 2206 cafPortControlledDirection, 2207 cafPortFallBackProfile, 2208 cafPortAuthHostMode, 2209 cafPortPreAuthOpenAccess, 2210 cafPortAuthorizeControl, 2211 cafPortReauthEnabled, 2212 cafPortReauthInterval, 2213 cafPortRestartInterval, 2214 cafPortInactivityTimeout, 2215 cafPortViolationAction 2216 } 2217 STATUS current 2218 DESCRIPTION 2219 "A collection of objects that provides configuration of 2220 Authentication Framework for capable ports in the system." 2221 ::= { ciscoAuthFrameworkMIBGroups 3 } 2222 2223cafPortMethodGroup OBJECT-GROUP 2224 OBJECTS { 2225 cafPortMethodAdminExecOrder, 2226 cafPortMethodAdminPriority, 2227 cafPortMethodAvailable, 2228 cafPortMethodOperExecOrder, 2229 cafPortMethodOperPriority 2230 } 2231 STATUS current 2232 DESCRIPTION 2233 "A collection of objects that provides configuration and 2234 information of authentication methods within Authentication 2235 Framework for capable ports in the system." 2236 ::= { ciscoAuthFrameworkMIBGroups 4 } 2237 2238cafAuthFailedEventGroup OBJECT-GROUP 2239 OBJECTS { 2240 cafAuthFailedMaxRetry, 2241 cafAuthFailedNoActionEnabled, 2242 cafAuthFailedAuthorizedVlan, 2243 cafAuthFailedNextMethodEnabled 2244 } 2245 STATUS current 2246 DESCRIPTION 2247 "A collection of objects that provides configuration of 2248 Auth-Failed behaviour of Authentication Framework for 2249 ports in the system." 2250 ::= { ciscoAuthFrameworkMIBGroups 5 } 2251 2252cafClientNoRespEventGroup OBJECT-GROUP 2253 OBJECTS { 2254 cafClientNoRespNoActionEnabled, 2255 cafClientNoRespAuthorizedVlan 2256 } 2257 STATUS current 2258 DESCRIPTION 2259 "A collection of objects that provides configuration of 2260 Authentication Framework when no-responsive client is detected 2261 on a port in the system." 2262 ::= { ciscoAuthFrameworkMIBGroups 6 } 2263 2264cafServerEventGroup OBJECT-GROUP 2265 OBJECTS { 2266 cafServerDeadNoActionEnabled, 2267 cafServerDeadRemainAuthorized, 2268 cafServerDeadAuthorizedVlan, 2269 cafServerAliveAction 2270 } 2271 STATUS current 2272 DESCRIPTION 2273 "A collection of objects that provides configuration of 2274 Authentication Framework when AAA Server Reachability event 2275 occurs." 2276 ::= { ciscoAuthFrameworkMIBGroups 7 } 2277 2278cafSessionGroup OBJECT-GROUP 2279 OBJECTS { 2280 cafSessionClientMacAddress, 2281 cafSessionClientAddrType, 2282 cafSessionClientAddress, 2283 cafSessionDomain, 2284 cafSessionStatus, 2285 cafSessionAuthHostMode, 2286 cafSessionControlledDirection, 2287 cafSessionPostureToken, 2288 cafSessionAuthUserName, 2289 cafSessionClientFramedIpPool, 2290 cafSessionAuthorizedBy, 2291 cafSessionCriticalTimeLeft, 2292 cafSessionAuthVlan, 2293 cafSessionTimeout, 2294 cafSessionTimeLeft, 2295 cafSessionTimeoutAction, 2296 cafSessionInactivityTimeout, 2297 cafSessionInactivityTimeLeft, 2298 cafSessionReauth, 2299 cafSessionTerminate 2300 } 2301 STATUS current 2302 DESCRIPTION 2303 "A collection of objects that provides authentication session 2304 management information for Authentication Framework." 2305 ::= { ciscoAuthFrameworkMIBGroups 8 } 2306 2307cafSessionMethodInfoGroup OBJECT-GROUP 2308 OBJECTS { cafSessionMethodState } 2309 STATUS current 2310 DESCRIPTION 2311 "A collection of objects that provides information about 2312 authentication methods associate with Authentication Framework 2313 's authentication sessions in the system." 2314 ::= { ciscoAuthFrameworkMIBGroups 9 } 2315 2316cafSecViolationNotifEnableGroup OBJECT-GROUP 2317 OBJECTS { cafSecurityViolationNotifEnable } 2318 STATUS current 2319 DESCRIPTION 2320 "A collection of objects that provides control over 2321 security violation notification for Authentication 2322 Framework in the system." 2323 ::= { ciscoAuthFrameworkMIBGroups 10 } 2324 2325cafSecurityViolationNotifGroup NOTIFICATION-GROUP 2326 NOTIFICATIONS { cafSecurityViolationNotif } 2327 STATUS current 2328 DESCRIPTION 2329 "A collection of notification providing information 2330 about port's security violation in Authentication 2331 Framework." 2332 ::= { ciscoAuthFrameworkMIBGroups 11 } 2333 2334cafSecurityViolationClientGroup OBJECT-GROUP 2335 OBJECTS { cafSecurityViolationClient } 2336 STATUS current 2337 DESCRIPTION 2338 "A collection of objects providing MAC address of the offending 2339 client in the security violation notification." 2340 ::= { ciscoAuthFrameworkMIBGroups 12 } 2341 2342cafSessionVlanGroupNameGroup OBJECT-GROUP 2343 OBJECTS { cafSessionVlanGroupName } 2344 STATUS current 2345 DESCRIPTION 2346 "A collection of objects providing VLAN group information of 2347 authenticated session in Authentication Framework." 2348 ::= { ciscoAuthFrameworkMIBGroups 13 } 2349 2350cafMacMoveConfigGroup OBJECT-GROUP 2351 OBJECTS { cafMacMoveMode } 2352 STATUS current 2353 DESCRIPTION 2354 "A collection of objects providing MAC move cofiguration 2355 information for Authentication Framework on the device." 2356 ::= { ciscoAuthFrameworkMIBGroups 14 } 2357 2358cafCoACommandConfigGroup OBJECT-GROUP 2359 OBJECTS { 2360 cafCoABouncePortCommandIgnoreEnabled, 2361 cafCoADisablePortCommandIgnoreEnabled 2362 } 2363 STATUS current 2364 DESCRIPTION 2365 "A collection of objects providing configuration information 2366 for the device's behaviour on CoA commands." 2367 ::= { ciscoAuthFrameworkMIBGroups 15 } 2368 2369cafAuthFailNotifGroup NOTIFICATION-GROUP 2370 NOTIFICATIONS { cafAuthFailNotif } 2371 STATUS current 2372 DESCRIPTION 2373 "A collection of notification providing information 2374 about port's authentication failure in Authentication 2375 Framework." 2376 ::= { ciscoAuthFrameworkMIBGroups 16 } 2377 2378cafAuthFailNotifEnableGroup OBJECT-GROUP 2379 OBJECTS { cafAuthFailNotifEnable } 2380 STATUS current 2381 DESCRIPTION 2382 "A collection of objects that provides control over 2383 authentication failure notification for Authentication 2384 Framework in the system." 2385 ::= { ciscoAuthFrameworkMIBGroups 17 } 2386 2387cafAuthFailClientGroup OBJECT-GROUP 2388 OBJECTS { cafAuthFailClient } 2389 STATUS current 2390 DESCRIPTION 2391 "A collection of objects providing MAC address of the failed 2392 client in the authentication failure notification." 2393 ::= { ciscoAuthFrameworkMIBGroups 18 } 2394 2395END 2396 2397 2398 2399 2400 2401 2402 2403 2404 2405 2406 2407 2408 2409 2410 2411 2412 2413 2414 2415 2416 2417 2418 2419 2420 2421 2422 2423 2424 2425