-- ********************************************************************* -- CISCO-AUTH-FRAMEWORK-MIB.my: Authentication Framework configuration -- and information MIB -- -- August 2008, Binh Phu Le -- -- Copyright (c) 2008-2009, 2010, 2013 by Cisco Systems Inc. -- -- All rights reserved. -- -- ******************************************************************* CISCO-AUTH-FRAMEWORK-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Unsigned32, Integer32 FROM SNMPv2-SMI MODULE-COMPLIANCE, NOTIFICATION-GROUP, OBJECT-GROUP FROM SNMPv2-CONF MacAddress, TEXTUAL-CONVENTION, TruthValue FROM SNMPv2-TC SnmpAdminString FROM SNMP-FRAMEWORK-MIB InetAddress, InetAddressType FROM INET-ADDRESS-MIB ifIndex, ifName FROM IF-MIB VlanIndexOrZero FROM CISCO-PRIVATE-VLAN-MIB CnnEouPostureTokenString FROM CISCO-NAC-TC-MIB ciscoMgmt FROM CISCO-SMI; ciscoAuthFrameworkMIB MODULE-IDENTITY LAST-UPDATED "201308230000Z" ORGANIZATION "Cisco Systems Inc." CONTACT-INFO "Cisco Systems Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553 -NETS E-mail: cs-ibns@cisco.com, cs-lan-switch-snmp@cisco.com" DESCRIPTION "MIB module for Authentication Framework in the system. Authentication Framework provides generic configurations for authentication methods in the system and manage the failover sequence of these methods in a flexible manner." REVISION "201308230000Z" DESCRIPTION "Added notification cafAuthFailNotif. Added new objects cafAuthFailNotifEnable and cafAuthFailClient. Added new groups cafAuthFailNotifGroup, cafAuthFailNotifEnableGroup and cafAuthFailClientGroup. A new compliance ciscoAuthFrameworkMIBCompliance4 is added which deprecates ciscoAuthFrameworkMIBCompliance3." REVISION "201011170000Z" DESCRIPTION "Added cafMacMoveConfigGroup and cafCoACommandConfigGroup groups." REVISION "201004010000Z" DESCRIPTION "Added value 'replace' to cafPortViolationAction." REVISION "200904200000Z" DESCRIPTION "Added cafSessionVlanGroupNameGroup." REVISION "200810240000Z" DESCRIPTION "Added value 'protect' to cafPortViolationAction." REVISION "200808250000Z" DESCRIPTION "Initial version of this MIB module." ::= { ciscoMgmt 656 } ciscoAuthFrameworkMIBNotifs OBJECT IDENTIFIER ::= { ciscoAuthFrameworkMIB 0 } ciscoAuthFrameworkMIBObjects OBJECT IDENTIFIER ::= { ciscoAuthFrameworkMIB 1 } ciscoAuthFrameworkMIBConform OBJECT IDENTIFIER ::= { ciscoAuthFrameworkMIB 2 } ciscoAuthFrameworkSystem OBJECT IDENTIFIER ::= { ciscoAuthFrameworkMIBObjects 1 } ciscoAuthFrwkAuthenticator OBJECT IDENTIFIER ::= { ciscoAuthFrameworkMIBObjects 2 } ciscoAuthFrameworkEvent OBJECT IDENTIFIER ::= { ciscoAuthFrameworkMIBObjects 3 } ciscoAuthFrameworkSession OBJECT IDENTIFIER ::= { ciscoAuthFrameworkMIBObjects 4 } ciscoAuthFrwkNotifControl OBJECT IDENTIFIER ::= { ciscoAuthFrameworkMIBObjects 5 } ciscoAuthFrwkNotifInfo OBJECT IDENTIFIER ::= { ciscoAuthFrameworkMIBObjects 6 } -- Textual Conventions CiscoAuthControlledDirections ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The controlled direction values for capable ports in Authentication Framework. both: control is required to be exerted over both incoming and outgoing traffic through the controlled port. in : control is required to be exerted over the incoming traffic through the controlled port." SYNTAX INTEGER { both(0), in(1) } CiscoAuthControlledPortControl ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The authorization control values of Authentication Framework on a controlled port. forceUnauthorized: the controlled port is forced to be unauthorized unconditionally. auto : authorization of the controlled port will be determined by an authentication process. forceAuthorized : The controlled port is forced to be authorized unconditionally." SYNTAX INTEGER { forceUnauthorized(1), auto(2), forceAuthorized(3) } CiscoAuthMethod ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The authentication methods and protocols supported in Authentication Framework. other : none of the below. dot1x : 802.1x Protocol. macAuthBypass: MAC Authentication Bypass. webAuth : Web-Proxy Authentication. 'other' is a read only value which can not be used in set operation." SYNTAX INTEGER { other(1), dot1x(2), macAuthBypass(3), webAuth(4) } CiscoAuthMethodList ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The list of authentication methods provided within Authentication Framework. Each octet represents an authentication method which is defined in CiscoAuthMethod. The DESCRIPTION clause of CiscoAuthMethodList objects must fully describe the relationship between methods." SYNTAX OCTET STRING CiscoAuthHostMode ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The authentication mode of a controlled port. singleHost: port allows one host to connect and authenticate in a single domain. multiHost : port allows multiple hosts to connect. Once a host is authenticated, all remaining hosts are also authenticated in a single domain. multiAuth : port allows multiple hosts to connect. Each host is authenticated separately in a single domain. multiDomain: port allows multiple domains to be authenticated." SYNTAX INTEGER { singleHost(1), multiHost(2), multiAuth(3), multiDomain(4) } -- ciscoAuthFrameworkSystem cafAaaNoRespRecoveryDelay OBJECT-TYPE SYNTAX Unsigned32 UNITS "milliseconds" MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the AAA recovery delay for authentication methods registered in Authentication Framework when AAA server becomes active again after being inactive. A value of zero indicates that AAA recovery delay is disabled in the system." ::= { ciscoAuthFrameworkSystem 1 } cafAuthMethodRegTable OBJECT-TYPE SYNTAX SEQUENCE OF CafAuthMethodRegEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of authentication methods which are currrently registered with Authentication Framework. An entry is created by the agent when an authentication method has successfully registered with Authentication Framework. An entry is deleted by the agent upon de-registration of the authentication method." ::= { ciscoAuthFrameworkSystem 2 } cafAuthMethodRegEntry OBJECT-TYPE SYNTAX CafAuthMethodRegEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing registration information of a particular authentication method with Authentication Framework." INDEX { cafAuthMethod } ::= { cafAuthMethodRegTable 1 } CafAuthMethodRegEntry ::= SEQUENCE { cafAuthMethod CiscoAuthMethod, cafAuthMethodDefaultPriority Unsigned32, cafAuthMethodDefaultExecOrder Unsigned32 } cafAuthMethod OBJECT-TYPE SYNTAX CiscoAuthMethod MAX-ACCESS not-accessible STATUS current DESCRIPTION "The authentication method registered with Authentication Framework." ::= { cafAuthMethodRegEntry 1 } cafAuthMethodDefaultPriority OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "A unique number which indicates the default priority of a authentication method. The default priority is assigned by Authentication Framework during method registration. The method with smallest value has highest priority." ::= { cafAuthMethodRegEntry 2 } cafAuthMethodDefaultExecOrder OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "A unique number which indicates the default execution order of a authentication method. The default execution order is assigned by Authentication Framework during method registration. The method with smallest value will be execute first." ::= { cafAuthMethodRegEntry 3 } cafMacMoveMode OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the MAC Move configuration for Authentication Framework. deny : When a host is authenticated on one port, that address is not allowed on another authenticated manager-enabled port of the device. permit: Authenticated hosts are allowed to move from one port to another on the same device. When a host moves to a new port, the authenticated session on the original port is deleted, and the host is reauthenticated on the new port." ::= { ciscoAuthFrameworkSystem 3 } cafCoABouncePortCommandIgnoreEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies whether the device ignores the bounce port command that sent from RADIUS via Change-of-Authorization (CoA) packets." ::= { ciscoAuthFrameworkSystem 4 } cafCoADisablePortCommandIgnoreEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies whether the device ingores the disable port command that sent from RADIUS via Change-of-Authorization (CoA) packets." ::= { ciscoAuthFrameworkSystem 5 } -- ciscoAuthFrwkAuthenticator cafPortConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF CafPortConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of port entries. An entry will exist for each interface which support Authentication Framework feature." ::= { ciscoAuthFrwkAuthenticator 1 } cafPortConfigEntry OBJECT-TYPE SYNTAX CafPortConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing management information of Authentication Framework applicable to a particular port." INDEX { ifIndex } ::= { cafPortConfigTable 1 } CafPortConfigEntry ::= SEQUENCE { cafPortControlledDirection CiscoAuthControlledDirections, cafPortFallBackProfile SnmpAdminString, cafPortAuthHostMode CiscoAuthHostMode, cafPortPreAuthOpenAccess TruthValue, cafPortAuthorizeControl CiscoAuthControlledPortControl, cafPortReauthEnabled TruthValue, cafPortReauthInterval Unsigned32, cafPortRestartInterval Unsigned32, cafPortInactivityTimeout Integer32, cafPortViolationAction INTEGER } cafPortControlledDirection OBJECT-TYPE SYNTAX CiscoAuthControlledDirections MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the controlled direction of this port." ::= { cafPortConfigEntry 1 } cafPortFallBackProfile OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the name of the fallback profile to be used when failing over to Web Proxy Authentication. A zero length string indicates that fallback mechanism to Web Proxy Authentication is disabled in Authentication Framework." ::= { cafPortConfigEntry 2 } cafPortAuthHostMode OBJECT-TYPE SYNTAX CiscoAuthHostMode MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the authentication host mode for this port." ::= { cafPortConfigEntry 3 } cafPortPreAuthOpenAccess OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies if the Pre-Authentication Open Access feature allows clients/devices to gain network access before authentication is performed. A value of 'true' for this object indicates that client/device is able to gain network access before authentication is performed." ::= { cafPortConfigEntry 4 } cafPortAuthorizeControl OBJECT-TYPE SYNTAX CiscoAuthControlledPortControl MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the authorization control for this port." ::= { cafPortConfigEntry 5 } cafPortReauthEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies if reauthentication is enabled for this port." ::= { cafPortConfigEntry 6 } cafPortReauthInterval OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the reauthentication interval, after which the port will be reauthenticated if value of the corresponding instance of cafPortReauthEnabled is 'true'. A value of zero indicates that the reauthentication interval is downloaded from AAA server when this port is authenticated." ::= { cafPortConfigEntry 7 } cafPortRestartInterval OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the interval after which a further authentication attempt should be made to this port if it is not authorized. A value of zero indicates that no further authentication attempt will be made if this port is unauthorized." ::= { cafPortConfigEntry 8 } cafPortInactivityTimeout OBJECT-TYPE SYNTAX Integer32 (-1 | 0 | 1..65535) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the period of time that a client associating with this port is allowed to be inactive before being terminated. A value of zero indicates that inactivity timeout is disabled on this port. A value of -1 indicates that inactivity timeout is downloaded from the AAA server when this port is authenticated." ::= { cafPortConfigEntry 9 } cafPortViolationAction OBJECT-TYPE SYNTAX INTEGER { restrict(1), shutdown(2), protect(3), replace(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the action to be taken due to a security violation occurs on this port. restrict: This port will be moved to restricted state. shutdown: This port will be shutdown from Authentication Framework perspective. protect : This port will be moved to protected state. replace : The current authentication session on this port will be terminated and replaced by a new authentication session, upon the detection of security violation on the current authentication session on the port." ::= { cafPortConfigEntry 10 } cafPortMethodTable OBJECT-TYPE SYNTAX SEQUENCE OF CafPortMethodEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table contains a list of port entries. An entry will exist for each port which supports Authentication Framework feature." ::= { ciscoAuthFrwkAuthenticator 2 } cafPortMethodEntry OBJECT-TYPE SYNTAX CafPortMethodEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry containing configuration and information of authentication methods for a particular port." INDEX { ifIndex } ::= { cafPortMethodTable 1 } CafPortMethodEntry ::= SEQUENCE { cafPortMethodAdminExecOrder CiscoAuthMethodList, cafPortMethodAdminPriority CiscoAuthMethodList, cafPortMethodAvailable CiscoAuthMethodList, cafPortMethodOperExecOrder CiscoAuthMethodList, cafPortMethodOperPriority CiscoAuthMethodList } cafPortMethodAdminExecOrder OBJECT-TYPE SYNTAX CiscoAuthMethodList MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the administrative execution order of authentication methods on the port. Methods are executed in the order as specified in the method list. Method which is at the beginning of the method list will be executed first. Method which is at the end of method list will be executed last. A zero length string of this object indicates that no per port execution order configuration has been specified on this port. The actual execution order is based on the value of cafAuthMethodDefaultExecOrder in cafAuthMethodRegTable." ::= { cafPortMethodEntry 1 } cafPortMethodAdminPriority OBJECT-TYPE SYNTAX CiscoAuthMethodList MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the administrative priority of authentication methods on the port. The priority of each method is assigned based on the method list. Method which is at the beginning of the method list has highest priority. Method which is at the end of method list has lowest priority. A zero length string of this object indicates that no per port method priority configuration has been specified on this port. The actual execution order is based on the value of cafAuthMethodDefaultExecOrder in cafAuthMethodRegTable." ::= { cafPortMethodEntry 2 } cafPortMethodAvailable OBJECT-TYPE SYNTAX CiscoAuthMethodList MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the authentication methods currently available on this port." ::= { cafPortMethodEntry 3 } cafPortMethodOperExecOrder OBJECT-TYPE SYNTAX CiscoAuthMethodList MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the operational execution order of authentication methods on this port. Methods are executed in the order as specified in the method list. Method which is at the beginning of the method list will be executed first. Method which is at the end of method list will be executed last." ::= { cafPortMethodEntry 4 } cafPortMethodOperPriority OBJECT-TYPE SYNTAX CiscoAuthMethodList MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the operational priority of authentication methods on this port. Methods have the priority as specified in the method list. Method which is at the beginning of the method list has highest priority. Method which is at the end of method list has lowest priority." ::= { cafPortMethodEntry 5 } -- ciscoAuthFrameworkEvent cafAuthFailedEventPortTable OBJECT-TYPE SYNTAX SEQUENCE OF CafAuthFailedEventPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table contains a list of port entries. An entry will exist for each port which supports Authentication Fail event within the Authentication Framework." ::= { ciscoAuthFrameworkEvent 1 } cafAuthFailedEventPortEntry OBJECT-TYPE SYNTAX CafAuthFailedEventPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry containing management information of Authentication Fail event for a particular port." INDEX { ifIndex } ::= { cafAuthFailedEventPortTable 1 } CafAuthFailedEventPortEntry ::= SEQUENCE { cafAuthFailedMaxRetry Unsigned32, cafAuthFailedNoActionEnabled TruthValue, cafAuthFailedAuthorizedVlan Integer32, cafAuthFailedNextMethodEnabled TruthValue } cafAuthFailedMaxRetry OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the maximum number of retry should be performed before generating Authentication Fail event. A value of zero indicates that Authentication Fail event will be generated upon authentication fail without any retry." ::= { cafAuthFailedEventPortEntry 1 } cafAuthFailedNoActionEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies whether no action will be performed when an Authentication Fail event occurs. Setting 'true' on this object indicates that no action will be performed when Authentication Fail event occurs. The read-only value 'false' indicates that an action will be performed when an Authentication Fail event occurs." ::= { cafAuthFailedEventPortEntry 2 } cafAuthFailedAuthorizedVlan OBJECT-TYPE SYNTAX Integer32 (-1 | 0 | 1..2147483647) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the Authentication Failed VLAN number. The read-only value of -1 indicates that this object is not applicable on this port. The read-only value of zero indicates that this port will not be authorized to any VLAN when Authentication Failed event occurs. Setting a non-zero value on this object indicates that this port will be authorized to the VLAN as specified by this object value, when Authentication Fail event occurs." ::= { cafAuthFailedEventPortEntry 3 } cafAuthFailedNextMethodEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies whether the next authentication method will be used if an Authentication Fail event is generated by the current authentication method. Setting this object to 'true' indicates that the next available authentication method will be used when Authentication Fail event occurs. The read-only value 'false' indicates that the next available authentication method will not be used when Authentication Fail event occurs." ::= { cafAuthFailedEventPortEntry 4 } cafSecurityViolationClient OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The MAC address included in the notification currently being sent, indicating the client who triggered the security violation notification." ::= { ciscoAuthFrwkNotifInfo 1 } cafAuthFailClient OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The MAC address included in the cafAuthFailNotif being sent, indicating the client which failed to authenticate." ::= { ciscoAuthFrwkNotifInfo 2 } cafClientNoRespEventPortTable OBJECT-TYPE SYNTAX SEQUENCE OF CafClientNoRespEventPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table contains a list of port entries. An entry exists for each port which supports No Response event within the Authentication Framework." ::= { ciscoAuthFrameworkEvent 2 } cafClientNoRespEventPortEntry OBJECT-TYPE SYNTAX CafClientNoRespEventPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry containing management information of No Response event for a particular port." INDEX { ifIndex } ::= { cafClientNoRespEventPortTable 1 } CafClientNoRespEventPortEntry ::= SEQUENCE { cafClientNoRespNoActionEnabled TruthValue, cafClientNoRespAuthorizedVlan Integer32 } cafClientNoRespNoActionEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies whether an action is performed when No Response event occurs. Setting 'true' on this object indicates that no action will be performed when No Response event occurs. The read-only value 'false' of this object indicates that an action will be performed when No Response event occurs." ::= { cafClientNoRespEventPortEntry 1 } cafClientNoRespAuthorizedVlan OBJECT-TYPE SYNTAX Integer32 (-1 | 0 | 1..2147483647) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the No Response Authorized VLAN number. The read-only value of -1 indicates that this object is not applicable on this port. The read-only value of zero indicates that this port will not be authorized to any VLAN when No Response event occurs. Setting a non-zero value on this object indicates that this port will be authorized to the VLAN as specified by this object value, when No Response event occurs." ::= { cafClientNoRespEventPortEntry 2 } cafServerEventPortTable OBJECT-TYPE SYNTAX SEQUENCE OF CafServerEventPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table contains a list of port entries. An entry exists for each port which supports AAA Server Reachability event within the Authentication Framework." ::= { ciscoAuthFrameworkEvent 3 } cafServerEventPortEntry OBJECT-TYPE SYNTAX CafServerEventPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry containing management information of AAA Server Reachability event for a particular port." INDEX { ifIndex } ::= { cafServerEventPortTable 1 } CafServerEventPortEntry ::= SEQUENCE { cafServerDeadNoActionEnabled TruthValue, cafServerDeadRemainAuthorized TruthValue, cafServerDeadAuthorizedVlan Integer32, cafServerAliveAction INTEGER } cafServerDeadNoActionEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates whether an action is performed if an AAA Server Reachability event occurs. Setting 'true' on this object indicates that no action will be performed when AAA Server Reachability event occurs. The read-only value 'false' indicates that an action will be performed when AAA Server Reachability event occurs." ::= { cafServerEventPortEntry 1 } cafServerDeadRemainAuthorized OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies if current authorization will remain unchanged for the port when AAA Server Reachability event occurs. Setting 'true' on this object indicates that current authorization will remain unchanged for the port when AAA Server Reachability event occurs. The read-only value 'false' indicates that the current authorization will not be retained for the port when AAA Server Reachability event occurs." ::= { cafServerEventPortEntry 2 } cafServerDeadAuthorizedVlan OBJECT-TYPE SYNTAX Integer32 (-1 | 0 | 1..2147483647) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the AAA Server Reachability Authorized VLAN number. The read-only value of -1 indicates that this object is not applicable on this port. The read-only value of zero indicates that this port will not be authorized to any VLAN when AAA Server Reachability event occurs. Setting a non-zero value on this object indicates that this port will be authorized to the VLAN as specified by this object value, when AAA Server Reachability event occurs." ::= { cafServerEventPortEntry 3 } cafServerAliveAction OBJECT-TYPE SYNTAX INTEGER { none(1), reinitialize(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the action applied to the port upon AAA recovery. none : no action will be applied. reinitialize: the port will be reinitialized with the current authentication method." ::= { cafServerEventPortEntry 4 } -- ciscoAuthFrameworkSession cafSessionTable OBJECT-TYPE SYNTAX SEQUENCE OF CafSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table contains a list of authentication session. An entry is created when an authentication session has successfully created within Authentication Framework. An entry is deleted when an authentication session has been removed." ::= { ciscoAuthFrameworkSession 1 } cafSessionEntry OBJECT-TYPE SYNTAX CafSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry containing management information for a particular authentication session." INDEX { ifIndex, IMPLIED cafSessionId } ::= { cafSessionTable 1 } CafSessionEntry ::= SEQUENCE { cafSessionId OCTET STRING, cafSessionClientMacAddress MacAddress, cafSessionClientAddrType InetAddressType, cafSessionClientAddress InetAddress, cafSessionStatus INTEGER, cafSessionDomain INTEGER, cafSessionAuthHostMode CiscoAuthHostMode, cafSessionControlledDirection CiscoAuthControlledDirections, cafSessionPostureToken CnnEouPostureTokenString, cafSessionAuthUserName SnmpAdminString, cafSessionClientFramedIpPool SnmpAdminString, cafSessionAuthorizedBy SnmpAdminString, cafSessionCriticalTimeLeft Unsigned32, cafSessionAuthVlan VlanIndexOrZero, cafSessionTimeout Unsigned32, cafSessionTimeLeft Unsigned32, cafSessionTimeoutAction INTEGER, cafSessionInactivityTimeout Unsigned32, cafSessionInactivityTimeLeft Unsigned32, cafSessionReauth TruthValue, cafSessionTerminate TruthValue, cafSessionVlanGroupName SnmpAdminString } cafSessionId OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..64)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "A unique identifier of the authentication session." ::= { cafSessionEntry 1 } cafSessionClientMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the MAC address of the device associates with the authentication session." ::= { cafSessionEntry 2 } cafSessionClientAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the type of Internet address of the client associates with the authentication session." ::= { cafSessionEntry 3 } cafSessionClientAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the Internet address of the client associates with the authentication session. The type of this address is determined by the value of cafSessionClientAddrType object." ::= { cafSessionEntry 4 } cafSessionStatus OBJECT-TYPE SYNTAX INTEGER { idle(1), running(2), noMethod(3), authenticationSuccess(4), authenticationFailed(5), authorizationSuccess(6), authorizationFailed(7) } MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the current status of the authentication session. idle : the session has been initialized and no method has run yet. running : an authentication method is running for this session. noMethod : no authentication method has provided a result for this session. authenticationSuccess: an authentication method has resulted in authentication success for this session. authenticationFailed: an authentication method has resulted in authentication failed for this session. authorizationSuccess: authorization is successful for this session. authorizationFailed : authorization is failed for this session." ::= { cafSessionEntry 5 } cafSessionDomain OBJECT-TYPE SYNTAX INTEGER { other(1), data(2), voice(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the type of domain that the authentication session belongs to. other : none of the below. data : indicates the data domain. voice: indicates the voice domain." ::= { cafSessionEntry 6 } cafSessionAuthHostMode OBJECT-TYPE SYNTAX CiscoAuthHostMode MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the authentication host mode of the port in the authentication session." ::= { cafSessionEntry 7 } cafSessionControlledDirection OBJECT-TYPE SYNTAX CiscoAuthControlledDirections MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the operational controlled directions parameter for this port in the authentication session." ::= { cafSessionEntry 8 } cafSessionPostureToken OBJECT-TYPE SYNTAX CnnEouPostureTokenString MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the posture token associates with the authentication session." ::= { cafSessionEntry 9 } cafSessionAuthUserName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the name of the authenticated user for the authentication session." ::= { cafSessionEntry 10 } cafSessionClientFramedIpPool OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the name of the address pool from which the session's client IP address is assigned." ::= { cafSessionEntry 11 } cafSessionAuthorizedBy OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the name of the feature which authorizes the authentication session." ::= { cafSessionEntry 12 } cafSessionCriticalTimeLeft OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the leftover time before the next authentication attempt for the authentication session after Server Reachability event occurred. Value zero indicates that this session is currently being authenticated or it is not applicable." ::= { cafSessionEntry 13 } cafSessionAuthVlan OBJECT-TYPE SYNTAX VlanIndexOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the authorized VLAN applied to the authentication session. Value zero indicates that no authorized VLAN has been applied, or it is not applicable." ::= { cafSessionEntry 14 } cafSessionTimeout OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the session timeout used by Authentication Framework in the authentication session." ::= { cafSessionEntry 15 } cafSessionTimeLeft OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the leftover time of the current authentication session." ::= { cafSessionEntry 16 } cafSessionTimeoutAction OBJECT-TYPE SYNTAX INTEGER { unknown(1), terminate(2), reauthenticate(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the timeout action on the authentication session, when value of the corresponding instance of cafSessionTimeLeft reaches zero. unknown : None of the below. terminate : Session will be terminated. reauthenticate: Session will be reauthenticated." ::= { cafSessionEntry 17 } cafSessionInactivityTimeout OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the inactivity timeout used by Authentication Framework in the authentication session." ::= { cafSessionEntry 18 } cafSessionInactivityTimeLeft OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the leftover time of the inactivity timer of the authentication session." ::= { cafSessionEntry 19 } cafSessionReauth OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The reauthentication control for the authentication session. Setting this object to 'true' cause the current authenticated session to reauthenticate the authenticated client. Setting this object to 'false' has no effect. This object always returns 'false' when being read." ::= { cafSessionEntry 20 } cafSessionTerminate OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The termination request control for the authentication session. Setting this object to 'true' terminates the current session. Setting this object to 'false' has no effect. This object always returns 'false' when being read." ::= { cafSessionEntry 21 } cafSessionVlanGroupName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The name of the VLAN group that has been used during VLAN assignment for this session. A zero length string indicates that there is no VLAN group been used during VLAN assignment." ::= { cafSessionEntry 22 } cafSessionMethodsInfoTable OBJECT-TYPE SYNTAX SEQUENCE OF CafSessionMethodsInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table contains a list of authentication method for every authentication session. An entry exists for each authentication method that can authenticate an authentication session within Authentication Framework." ::= { ciscoAuthFrameworkSession 2 } cafSessionMethodsInfoEntry OBJECT-TYPE SYNTAX CafSessionMethodsInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry containing method information for a particular runnable authentication methods which is associated with a session for an Authentication Framework managed port." INDEX { ifIndex, cafSessionId, cafSessionMethod } ::= { cafSessionMethodsInfoTable 1 } CafSessionMethodsInfoEntry ::= SEQUENCE { cafSessionMethod CiscoAuthMethod, cafSessionMethodState INTEGER } cafSessionMethod OBJECT-TYPE SYNTAX CiscoAuthMethod MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indicates this authentication method." ::= { cafSessionMethodsInfoEntry 1 } cafSessionMethodState OBJECT-TYPE SYNTAX INTEGER { notRun(1), running(2), failedOver(3), authcSuccess(4), authcFailed(5) } MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the state of this authentication method. notRun : The method has not run for this session. running : The method is running for this session. failedOver : The method has failed and the next method is expected to provide a result. authcSuccess: The method has provided a successful authentication result for this session. authcFailed : The method has provided a failed authentication result for this session." ::= { cafSessionMethodsInfoEntry 2 } -- Notifications and notification controls cafSecurityViolationNotifEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This variable indicates whether the system produces the cafSecurityViolationNotif. A 'false' value will prevent cafSecurityViolationNotif from being generated by this system." ::= { ciscoAuthFrwkNotifControl 1 } cafAuthFailNotifEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies whether the system produces the cafAuthFailNotif. A 'true' value will cause cafAuthFailNotif to be generated by this system when an authentication failure happens. A 'false' value will prevent cafAuthFailNotif from being generated by this system." ::= { ciscoAuthFrwkNotifControl 2 } cafSecurityViolationNotif NOTIFICATION-TYPE OBJECTS { ifIndex, ifName, cafSecurityViolationClient } STATUS current DESCRIPTION "A cafSecurityViolationNotif is sent if a security violation is detected on a port, and the instance value of cafSecurityViolationNotifEnable is 'true'." ::= { ciscoAuthFrameworkMIBNotifs 1 } cafAuthFailNotif NOTIFICATION-TYPE OBJECTS { ifName, cafAuthFailClient } STATUS current DESCRIPTION "A cafAuthFailNotif is sent if an authentication failure is detected on a port, and the instance value of cafAuthFailNotifEnable is 'true'. ifName contains the name of the interface where the authentication failure happened. cafAuthFailClient contains the mac address of the client which failed to authenticate." ::= { ciscoAuthFrameworkMIBNotifs 2 } -- Conformance ciscoAuthFrameworkMIBCompliances OBJECT IDENTIFIER ::= { ciscoAuthFrameworkMIBConform 1 } ciscoAuthFrameworkMIBGroups OBJECT IDENTIFIER ::= { ciscoAuthFrameworkMIBConform 2 } ciscoAuthFrameworkMIBCompliance MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "The compliance statement for entities which implement CISCO-AUTH-FRAMEWORK-MIB." MODULE -- this module MANDATORY-GROUPS { cafAuthMethodRegGroup, cafAuthPortConfigGroup, cafPortMethodGroup, cafSessionGroup, cafSessionMethodInfoGroup } GROUP cafAaaNoRespRecoveryDelayGroup DESCRIPTION "This group is mandatory in devices running software which provide AAA recovery delay configuration for Authentication Framework." GROUP cafAuthFailedEventGroup DESCRIPTION "This group is mandatory in devices running software which provide configuration for Authentication Framework on its capable ports, when Authentication Fail event occurs." GROUP cafClientNoRespEventGroup DESCRIPTION "This group is mandatory in devices running software which provide configuration for Authentication Framework to authorize ports in a special VLAN when non-capable clients are detected." GROUP cafServerEventGroup DESCRIPTION "This group is mandatory in devices running software which provide configuration for Authentication Framework on authenticated ports when AAA Server Reachability event occurs." GROUP cafSecViolationNotifEnableGroup DESCRIPTION "This group is mandatory in devices running software which support security violation notification for Authentication Framework." GROUP cafSecurityViolationNotifGroup DESCRIPTION "This group is mandatory in devices running software which support security violation notification for Authentication Framework." GROUP cafSecurityViolationClientGroup DESCRIPTION "This group is mandatory in devices running software which support security violation notification for Authentication Framework." OBJECT cafAaaNoRespRecoveryDelay MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortControlledDirection MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortFallBackProfile MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortAuthHostMode MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortPreAuthOpenAccess MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortAuthorizeControl MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortReauthEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortReauthInterval MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortRestartInterval MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortInactivityTimeout MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortViolationAction MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortMethodAdminExecOrder MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortMethodAdminPriority MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafAuthFailedMaxRetry MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafAuthFailedNoActionEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafAuthFailedAuthorizedVlan MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafAuthFailedNextMethodEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafClientNoRespNoActionEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafClientNoRespAuthorizedVlan MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafServerDeadNoActionEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafServerDeadRemainAuthorized MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafServerDeadAuthorizedVlan MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafServerAliveAction MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafSessionReauth MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafSessionTerminate MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafSecurityViolationNotifEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." ::= { ciscoAuthFrameworkMIBCompliances 1 } ciscoAuthFrameworkMIBCompliance2 MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "The compliance statement for entities which implement CISCO-AUTH-FRAMEWORK-MIB." MODULE -- this module MANDATORY-GROUPS { cafAuthMethodRegGroup, cafAuthPortConfigGroup, cafPortMethodGroup, cafSessionGroup, cafSessionMethodInfoGroup } GROUP cafAaaNoRespRecoveryDelayGroup DESCRIPTION "This group is mandatory in devices running software which provide AAA recovery delay configuration for Authentication Framework." GROUP cafAuthFailedEventGroup DESCRIPTION "This group is mandatory in devices running software which provide configuration for Authentication Framework on its capable ports, when Authentication Fail event occurs." GROUP cafClientNoRespEventGroup DESCRIPTION "This group is mandatory in devices running software which provide configuration for Authentication Framework to authorize ports in a special VLAN when non-capable clients are detected." GROUP cafServerEventGroup DESCRIPTION "This group is mandatory in devices running software which provide configuration for Authentication Framework on authenticated ports when AAA Server Reachability event occurs." GROUP cafSecViolationNotifEnableGroup DESCRIPTION "This group is mandatory in devices running software which support security violation notification for Authentication Framework." GROUP cafSecurityViolationNotifGroup DESCRIPTION "This group is mandatory in devices running software which support security violation notification for Authentication Framework." GROUP cafSecurityViolationClientGroup DESCRIPTION "This group is mandatory in devices running software which support security violation notification for Authentication Framework." GROUP cafSessionVlanGroupNameGroup DESCRIPTION "This group is mandatory in devices running software which provide VLAN group information for Authentication Framework." OBJECT cafAaaNoRespRecoveryDelay MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortControlledDirection MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortFallBackProfile MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortAuthHostMode MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortPreAuthOpenAccess MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortAuthorizeControl MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortReauthEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortReauthInterval MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortRestartInterval MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortInactivityTimeout MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortViolationAction MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortMethodAdminExecOrder MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortMethodAdminPriority MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafAuthFailedMaxRetry MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafAuthFailedNoActionEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafAuthFailedAuthorizedVlan MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafAuthFailedNextMethodEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafClientNoRespNoActionEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafClientNoRespAuthorizedVlan MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafServerDeadNoActionEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafServerDeadRemainAuthorized MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafServerDeadAuthorizedVlan MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafServerAliveAction MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafSessionReauth MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafSessionTerminate MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafSecurityViolationNotifEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." ::= { ciscoAuthFrameworkMIBCompliances 2 } ciscoAuthFrameworkMIBCompliance3 MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "The compliance statement for entities which implement CISCO-AUTH-FRAMEWORK-MIB." MODULE -- this module MANDATORY-GROUPS { cafAuthMethodRegGroup, cafAuthPortConfigGroup, cafPortMethodGroup, cafSessionGroup, cafSessionMethodInfoGroup } GROUP cafAaaNoRespRecoveryDelayGroup DESCRIPTION "This group is mandatory in devices running software which provide AAA recovery delay configuration for Authentication Framework." GROUP cafAuthFailedEventGroup DESCRIPTION "This group is mandatory in devices running software which provide configuration for Authentication Framework on its capable ports, when Authentication Fail event occurs." GROUP cafClientNoRespEventGroup DESCRIPTION "This group is mandatory in devices running software which provide configuration for Authentication Framework to authorize ports in a special VLAN when non-capable clients are detected." GROUP cafServerEventGroup DESCRIPTION "This group is mandatory in devices running software which provide configuration for Authentication Framework on authenticated ports when AAA Server Reachability event occurs." GROUP cafSecViolationNotifEnableGroup DESCRIPTION "This group is mandatory in devices running software which support security violation notification for Authentication Framework." GROUP cafSecurityViolationNotifGroup DESCRIPTION "This group is mandatory in devices running software which support security violation notification for Authentication Framework." GROUP cafSecurityViolationClientGroup DESCRIPTION "This group is mandatory in devices running software which support security violation notification for Authentication Framework." GROUP cafSessionVlanGroupNameGroup DESCRIPTION "This group is mandatory in devices running software which provide VLAN group information for Authentication Framework." GROUP cafMacMoveConfigGroup DESCRIPTION "This group is mandatory in devices running software which provide MAC move configuration for Authentication Framework." GROUP cafCoACommandConfigGroup DESCRIPTION "This group is mandatory in devices running software which provide configuration for behavor for CoA commands for Authentication Framework." OBJECT cafAaaNoRespRecoveryDelay MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortControlledDirection MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortFallBackProfile MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortAuthHostMode MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortPreAuthOpenAccess MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortAuthorizeControl MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortReauthEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortReauthInterval MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortRestartInterval MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortInactivityTimeout MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortViolationAction MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortMethodAdminExecOrder MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortMethodAdminPriority MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafAuthFailedMaxRetry MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafAuthFailedNoActionEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafAuthFailedAuthorizedVlan MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafAuthFailedNextMethodEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafClientNoRespNoActionEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafClientNoRespAuthorizedVlan MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafServerDeadNoActionEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafServerDeadRemainAuthorized MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafServerDeadAuthorizedVlan MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafServerAliveAction MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafSessionReauth MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafSessionTerminate MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafSecurityViolationNotifEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafMacMoveMode MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafCoABouncePortCommandIgnoreEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafCoADisablePortCommandIgnoreEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." ::= { ciscoAuthFrameworkMIBCompliances 3 } ciscoAuthFrameworkMIBCompliance4 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for entities which implement CISCO-AUTH-FRAMEWORK-MIB." MODULE -- this module MANDATORY-GROUPS { cafAuthMethodRegGroup, cafAuthPortConfigGroup, cafPortMethodGroup, cafSessionGroup, cafSessionMethodInfoGroup } GROUP cafAaaNoRespRecoveryDelayGroup DESCRIPTION "This group is mandatory in devices running software which provide AAA recovery delay configuration for Authentication Framework." GROUP cafAuthFailedEventGroup DESCRIPTION "This group is mandatory in devices running software which provide configuration for Authentication Framework on its capable ports, when Authentication Fail event occurs." GROUP cafClientNoRespEventGroup DESCRIPTION "This group is mandatory in devices running software which provide configuration for Authentication Framework to authorize ports in a special VLAN when non-capable clients are detected." GROUP cafServerEventGroup DESCRIPTION "This group is mandatory in devices running software which provide configuration for Authentication Framework on authenticated ports when AAA Server Reachability event occurs." GROUP cafSecViolationNotifEnableGroup DESCRIPTION "This group is mandatory in devices running software which support security violation notification for Authentication Framework." GROUP cafSecurityViolationNotifGroup DESCRIPTION "This group is mandatory in devices running software which support security violation notification for Authentication Framework." GROUP cafSecurityViolationClientGroup DESCRIPTION "This group is mandatory in devices running software which support security violation notification for Authentication Framework." GROUP cafSessionVlanGroupNameGroup DESCRIPTION "This group is mandatory in devices running software which provide VLAN group information for Authentication Framework." GROUP cafMacMoveConfigGroup DESCRIPTION "This group is mandatory in devices running software which provide MAC move configuration for Authentication Framework." GROUP cafCoACommandConfigGroup DESCRIPTION "This group is mandatory in devices running software which provide configuration for behavor for CoA commands for Authentication Framework." GROUP cafAuthFailNotifGroup DESCRIPTION "This group is mandatory in devices running software which support authentication failure notification for Authentication Framework." GROUP cafAuthFailNotifEnableGroup DESCRIPTION "This group is mandatory in devices running software which support authentication failure notification for Authentication Framework." GROUP cafAuthFailClientGroup DESCRIPTION "This group is mandatory in devices running software which support authentication failure notification for Authentication Framework." OBJECT cafAaaNoRespRecoveryDelay MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortControlledDirection MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortFallBackProfile MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortAuthHostMode MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortPreAuthOpenAccess MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortAuthorizeControl MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortReauthEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortReauthInterval MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortRestartInterval MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortInactivityTimeout MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortViolationAction MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortMethodAdminExecOrder MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafPortMethodAdminPriority MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafAuthFailedMaxRetry MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafAuthFailedNoActionEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafAuthFailedAuthorizedVlan MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafAuthFailedNextMethodEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafClientNoRespNoActionEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafClientNoRespAuthorizedVlan MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafServerDeadNoActionEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafServerDeadRemainAuthorized MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafServerDeadAuthorizedVlan MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafServerAliveAction MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafSessionReauth MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafSessionTerminate MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafSecurityViolationNotifEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafMacMoveMode MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafCoABouncePortCommandIgnoreEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cafCoADisablePortCommandIgnoreEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." ::= { ciscoAuthFrameworkMIBCompliances 4 } -- Units of Conformance cafAuthMethodRegGroup OBJECT-GROUP OBJECTS { cafAuthMethodDefaultPriority, cafAuthMethodDefaultExecOrder } STATUS current DESCRIPTION "A collection of objects that provides registration information of authentication methods in Authentication Framework." ::= { ciscoAuthFrameworkMIBGroups 1 } cafAaaNoRespRecoveryDelayGroup OBJECT-GROUP OBJECTS { cafAaaNoRespRecoveryDelay } STATUS current DESCRIPTION "A collection of objects that provides AAA recovery delay configuration for Authentication Framework in the system." ::= { ciscoAuthFrameworkMIBGroups 2 } cafAuthPortConfigGroup OBJECT-GROUP OBJECTS { cafPortControlledDirection, cafPortFallBackProfile, cafPortAuthHostMode, cafPortPreAuthOpenAccess, cafPortAuthorizeControl, cafPortReauthEnabled, cafPortReauthInterval, cafPortRestartInterval, cafPortInactivityTimeout, cafPortViolationAction } STATUS current DESCRIPTION "A collection of objects that provides configuration of Authentication Framework for capable ports in the system." ::= { ciscoAuthFrameworkMIBGroups 3 } cafPortMethodGroup OBJECT-GROUP OBJECTS { cafPortMethodAdminExecOrder, cafPortMethodAdminPriority, cafPortMethodAvailable, cafPortMethodOperExecOrder, cafPortMethodOperPriority } STATUS current DESCRIPTION "A collection of objects that provides configuration and information of authentication methods within Authentication Framework for capable ports in the system." ::= { ciscoAuthFrameworkMIBGroups 4 } cafAuthFailedEventGroup OBJECT-GROUP OBJECTS { cafAuthFailedMaxRetry, cafAuthFailedNoActionEnabled, cafAuthFailedAuthorizedVlan, cafAuthFailedNextMethodEnabled } STATUS current DESCRIPTION "A collection of objects that provides configuration of Auth-Failed behaviour of Authentication Framework for ports in the system." ::= { ciscoAuthFrameworkMIBGroups 5 } cafClientNoRespEventGroup OBJECT-GROUP OBJECTS { cafClientNoRespNoActionEnabled, cafClientNoRespAuthorizedVlan } STATUS current DESCRIPTION "A collection of objects that provides configuration of Authentication Framework when no-responsive client is detected on a port in the system." ::= { ciscoAuthFrameworkMIBGroups 6 } cafServerEventGroup OBJECT-GROUP OBJECTS { cafServerDeadNoActionEnabled, cafServerDeadRemainAuthorized, cafServerDeadAuthorizedVlan, cafServerAliveAction } STATUS current DESCRIPTION "A collection of objects that provides configuration of Authentication Framework when AAA Server Reachability event occurs." ::= { ciscoAuthFrameworkMIBGroups 7 } cafSessionGroup OBJECT-GROUP OBJECTS { cafSessionClientMacAddress, cafSessionClientAddrType, cafSessionClientAddress, cafSessionDomain, cafSessionStatus, cafSessionAuthHostMode, cafSessionControlledDirection, cafSessionPostureToken, cafSessionAuthUserName, cafSessionClientFramedIpPool, cafSessionAuthorizedBy, cafSessionCriticalTimeLeft, cafSessionAuthVlan, cafSessionTimeout, cafSessionTimeLeft, cafSessionTimeoutAction, cafSessionInactivityTimeout, cafSessionInactivityTimeLeft, cafSessionReauth, cafSessionTerminate } STATUS current DESCRIPTION "A collection of objects that provides authentication session management information for Authentication Framework." ::= { ciscoAuthFrameworkMIBGroups 8 } cafSessionMethodInfoGroup OBJECT-GROUP OBJECTS { cafSessionMethodState } STATUS current DESCRIPTION "A collection of objects that provides information about authentication methods associate with Authentication Framework 's authentication sessions in the system." ::= { ciscoAuthFrameworkMIBGroups 9 } cafSecViolationNotifEnableGroup OBJECT-GROUP OBJECTS { cafSecurityViolationNotifEnable } STATUS current DESCRIPTION "A collection of objects that provides control over security violation notification for Authentication Framework in the system." ::= { ciscoAuthFrameworkMIBGroups 10 } cafSecurityViolationNotifGroup NOTIFICATION-GROUP NOTIFICATIONS { cafSecurityViolationNotif } STATUS current DESCRIPTION "A collection of notification providing information about port's security violation in Authentication Framework." ::= { ciscoAuthFrameworkMIBGroups 11 } cafSecurityViolationClientGroup OBJECT-GROUP OBJECTS { cafSecurityViolationClient } STATUS current DESCRIPTION "A collection of objects providing MAC address of the offending client in the security violation notification." ::= { ciscoAuthFrameworkMIBGroups 12 } cafSessionVlanGroupNameGroup OBJECT-GROUP OBJECTS { cafSessionVlanGroupName } STATUS current DESCRIPTION "A collection of objects providing VLAN group information of authenticated session in Authentication Framework." ::= { ciscoAuthFrameworkMIBGroups 13 } cafMacMoveConfigGroup OBJECT-GROUP OBJECTS { cafMacMoveMode } STATUS current DESCRIPTION "A collection of objects providing MAC move cofiguration information for Authentication Framework on the device." ::= { ciscoAuthFrameworkMIBGroups 14 } cafCoACommandConfigGroup OBJECT-GROUP OBJECTS { cafCoABouncePortCommandIgnoreEnabled, cafCoADisablePortCommandIgnoreEnabled } STATUS current DESCRIPTION "A collection of objects providing configuration information for the device's behaviour on CoA commands." ::= { ciscoAuthFrameworkMIBGroups 15 } cafAuthFailNotifGroup NOTIFICATION-GROUP NOTIFICATIONS { cafAuthFailNotif } STATUS current DESCRIPTION "A collection of notification providing information about port's authentication failure in Authentication Framework." ::= { ciscoAuthFrameworkMIBGroups 16 } cafAuthFailNotifEnableGroup OBJECT-GROUP OBJECTS { cafAuthFailNotifEnable } STATUS current DESCRIPTION "A collection of objects that provides control over authentication failure notification for Authentication Framework in the system." ::= { ciscoAuthFrameworkMIBGroups 17 } cafAuthFailClientGroup OBJECT-GROUP OBJECTS { cafAuthFailClient } STATUS current DESCRIPTION "A collection of objects providing MAC address of the failed client in the authentication failure notification." ::= { ciscoAuthFrameworkMIBGroups 18 } END