CISCO-AUTH-FRAMEWORK-MIB: View SNMP OID List / Download MIB

MIB module for Authentication Framework in the system. Authentication Framework provides generic configurations for authentication methods in the system and manage the failover sequence of these methods in a flexible manner.

A cafSecurityViolationNotif is sent if a security violation is detected on a port, and the instance value of cafSecurityViolationNotifEnable is 'true'.

A cafAuthFailNotif is sent if an authentication failure is detected on a port, and the instance value of cafAuthFailNotifEnable is 'true'. ifName contains the name of the interface where the authentication failure happened. cafAuthFailClient contains the mac address of the client which failed to authenticate.

Specifies the AAA recovery delay for authentication methods registered in Authentication Framework when AAA server becomes active again after being inactive. A value of zero indicates that AAA recovery delay is disabled in the system.

A list of authentication methods which are currrently registered with Authentication Framework. An entry is created by the agent when an authentication method has successfully registered with Authentication Framework. An entry is deleted by the agent upon de-registration of the authentication method.

An entry containing registration information of a particular authentication method with Authentication Framework.

The authentication method registered with Authentication Framework.

A unique number which indicates the default priority of a authentication method. The default priority is assigned by Authentication Framework during method registration. The method with smallest value has highest priority.

A unique number which indicates the default execution order of a authentication method. The default execution order is assigned by Authentication Framework during method registration. The method with smallest value will be execute first.

This object specifies the MAC Move configuration for Authentication Framework. deny : When a host is authenticated on one port, that address is not allowed on another authenticated manager-enabled port of the device. permit: Authenticated hosts are allowed to move from one port to another on the same device. When a host moves to a new port, the authenticated session on the original port is deleted, and the host is reauthenticated on the new port. Enumeration: 'deny': 1, 'permit': 2.

This object specifies whether the device ignores the bounce port command that sent from RADIUS via Change-of-Authorization (CoA) packets.

This object specifies whether the device ingores the disable port command that sent from RADIUS via Change-of-Authorization (CoA) packets.

A list of port entries. An entry will exist for each interface which support Authentication Framework feature.

An entry containing management information of Authentication Framework applicable to a particular port.

Specifies the controlled direction of this port.

Specifies the name of the fallback profile to be used when failing over to Web Proxy Authentication. A zero length string indicates that fallback mechanism to Web Proxy Authentication is disabled in Authentication Framework.

Specifies the authentication host mode for this port.

Specifies if the Pre-Authentication Open Access feature allows clients/devices to gain network access before authentication is performed. A value of 'true' for this object indicates that client/device is able to gain network access before authentication is performed.

Specifies the authorization control for this port.

Specifies if reauthentication is enabled for this port.

Specifies the reauthentication interval, after which the port will be reauthenticated if value of the corresponding instance of cafPortReauthEnabled is 'true'. A value of zero indicates that the reauthentication interval is downloaded from AAA server when this port is authenticated.

Specifies the interval after which a further authentication attempt should be made to this port if it is not authorized. A value of zero indicates that no further authentication attempt will be made if this port is unauthorized.

Specifies the period of time that a client associating with this port is allowed to be inactive before being terminated. A value of zero indicates that inactivity timeout is disabled on this port. A value of -1 indicates that inactivity timeout is downloaded from the AAA server when this port is authenticated.

Specifies the action to be taken due to a security violation occurs on this port. restrict: This port will be moved to restricted state. shutdown: This port will be shutdown from Authentication Framework perspective. protect : This port will be moved to protected state. replace : The current authentication session on this port will be terminated and replaced by a new authentication session, upon the detection of security violation on the current authentication session on the port. Enumeration: 'restrict': 1, 'protect': 3, 'shutdown': 2, 'replace': 4.

The table contains a list of port entries. An entry will exist for each port which supports Authentication Framework feature.

Entry containing configuration and information of authentication methods for a particular port.

This object specifies the administrative execution order of authentication methods on the port. Methods are executed in the order as specified in the method list. Method which is at the beginning of the method list will be executed first. Method which is at the end of method list will be executed last. A zero length string of this object indicates that no per port execution order configuration has been specified on this port. The actual execution order is based on the value of cafAuthMethodDefaultExecOrder in cafAuthMethodRegTable.

This object specifies the administrative priority of authentication methods on the port. The priority of each method is assigned based on the method list. Method which is at the beginning of the method list has highest priority. Method which is at the end of method list has lowest priority. A zero length string of this object indicates that no per port method priority configuration has been specified on this port. The actual execution order is based on the value of cafAuthMethodDefaultExecOrder in cafAuthMethodRegTable.

This object indicates the authentication methods currently available on this port.

This object indicates the operational execution order of authentication methods on this port. Methods are executed in the order as specified in the method list. Method which is at the beginning of the method list will be executed first. Method which is at the end of method list will be executed last.

This object indicates the operational priority of authentication methods on this port. Methods have the priority as specified in the method list. Method which is at the beginning of the method list has highest priority. Method which is at the end of method list has lowest priority.

The table contains a list of port entries. An entry will exist for each port which supports Authentication Fail event within the Authentication Framework.

Entry containing management information of Authentication Fail event for a particular port.

This object specifies the maximum number of retry should be performed before generating Authentication Fail event. A value of zero indicates that Authentication Fail event will be generated upon authentication fail without any retry.

This object specifies whether no action will be performed when an Authentication Fail event occurs. Setting 'true' on this object indicates that no action will be performed when Authentication Fail event occurs. The read-only value 'false' indicates that an action will be performed when an Authentication Fail event occurs.

This object specifies the Authentication Failed VLAN number. The read-only value of -1 indicates that this object is not applicable on this port. The read-only value of zero indicates that this port will not be authorized to any VLAN when Authentication Failed event occurs. Setting a non-zero value on this object indicates that this port will be authorized to the VLAN as specified by this object value, when Authentication Fail event occurs.

This object specifies whether the next authentication method will be used if an Authentication Fail event is generated by the current authentication method. Setting this object to 'true' indicates that the next available authentication method will be used when Authentication Fail event occurs. The read-only value 'false' indicates that the next available authentication method will not be used when Authentication Fail event occurs.

The table contains a list of port entries. An entry exists for each port which supports No Response event within the Authentication Framework.

Entry containing management information of No Response event for a particular port.

This object specifies whether an action is performed when No Response event occurs. Setting 'true' on this object indicates that no action will be performed when No Response event occurs. The read-only value 'false' of this object indicates that an action will be performed when No Response event occurs.

This object specifies the No Response Authorized VLAN number. The read-only value of -1 indicates that this object is not applicable on this port. The read-only value of zero indicates that this port will not be authorized to any VLAN when No Response event occurs. Setting a non-zero value on this object indicates that this port will be authorized to the VLAN as specified by this object value, when No Response event occurs.

The table contains a list of port entries. An entry exists for each port which supports AAA Server Reachability event within the Authentication Framework.

Entry containing management information of AAA Server Reachability event for a particular port.

This object indicates whether an action is performed if an AAA Server Reachability event occurs. Setting 'true' on this object indicates that no action will be performed when AAA Server Reachability event occurs. The read-only value 'false' indicates that an action will be performed when AAA Server Reachability event occurs.

This object specifies if current authorization will remain unchanged for the port when AAA Server Reachability event occurs. Setting 'true' on this object indicates that current authorization will remain unchanged for the port when AAA Server Reachability event occurs. The read-only value 'false' indicates that the current authorization will not be retained for the port when AAA Server Reachability event occurs.

This object specifies the AAA Server Reachability Authorized VLAN number. The read-only value of -1 indicates that this object is not applicable on this port. The read-only value of zero indicates that this port will not be authorized to any VLAN when AAA Server Reachability event occurs. Setting a non-zero value on this object indicates that this port will be authorized to the VLAN as specified by this object value, when AAA Server Reachability event occurs.

This object specifies the action applied to the port upon AAA recovery. none : no action will be applied. reinitialize: the port will be reinitialized with the current authentication method. Enumeration: 'reinitialize': 2, 'none': 1.

The table contains a list of authentication session. An entry is created when an authentication session has successfully created within Authentication Framework. An entry is deleted when an authentication session has been removed.

Entry containing management information for a particular authentication session.

A unique identifier of the authentication session.

Indicates the MAC address of the device associates with the authentication session.

Indicates the type of Internet address of the client associates with the authentication session.

Indicates the Internet address of the client associates with the authentication session. The type of this address is determined by the value of cafSessionClientAddrType object.

Indicates the current status of the authentication session. idle : the session has been initialized and no method has run yet. running : an authentication method is running for this session. noMethod : no authentication method has provided a result for this session. authenticationSuccess: an authentication method has resulted in authentication success for this session. authenticationFailed: an authentication method has resulted in authentication failed for this session. authorizationSuccess: authorization is successful for this session. authorizationFailed : authorization is failed for this session. Enumeration: 'authenticationSuccess': 4, 'authorizationSuccess': 6, 'authenticationFailed': 5, 'authorizationFailed': 7, 'running': 2, 'idle': 1, 'noMethod': 3.

Indicates the type of domain that the authentication session belongs to. other : none of the below. data : indicates the data domain. voice: indicates the voice domain. Enumeration: 'voice': 3, 'other': 1, 'data': 2.

Indicates the authentication host mode of the port in the authentication session.

Indicates the operational controlled directions parameter for this port in the authentication session.

Indicates the posture token associates with the authentication session.

Indicates the name of the authenticated user for the authentication session.

Indicates the name of the address pool from which the session's client IP address is assigned.

Indicates the name of the feature which authorizes the authentication session.

Indicates the leftover time before the next authentication attempt for the authentication session after Server Reachability event occurred. Value zero indicates that this session is currently being authenticated or it is not applicable.

Indicates the authorized VLAN applied to the authentication session. Value zero indicates that no authorized VLAN has been applied, or it is not applicable.

Indicates the session timeout used by Authentication Framework in the authentication session.

Indicates the leftover time of the current authentication session.

Indicates the timeout action on the authentication session, when value of the corresponding instance of cafSessionTimeLeft reaches zero. unknown : None of the below. terminate : Session will be terminated. reauthenticate: Session will be reauthenticated. Enumeration: 'unknown': 1, 'terminate': 2, 'reauthenticate': 3.

Indicates the inactivity timeout used by Authentication Framework in the authentication session.

Indicates the leftover time of the inactivity timer of the authentication session.

The reauthentication control for the authentication session. Setting this object to 'true' cause the current authenticated session to reauthenticate the authenticated client. Setting this object to 'false' has no effect. This object always returns 'false' when being read.

The termination request control for the authentication session. Setting this object to 'true' terminates the current session. Setting this object to 'false' has no effect. This object always returns 'false' when being read.

The name of the VLAN group that has been used during VLAN assignment for this session. A zero length string indicates that there is no VLAN group been used during VLAN assignment.

The table contains a list of authentication method for every authentication session. An entry exists for each authentication method that can authenticate an authentication session within Authentication Framework.

Entry containing method information for a particular runnable authentication methods which is associated with a session for an Authentication Framework managed port.

Indicates this authentication method.

Indicates the state of this authentication method. notRun : The method has not run for this session. running : The method is running for this session. failedOver : The method has failed and the next method is expected to provide a result. authcSuccess: The method has provided a successful authentication result for this session. authcFailed : The method has provided a failed authentication result for this session. Enumeration: 'running': 2, 'authcFailed': 5, 'notRun': 1, 'authcSuccess': 4, 'failedOver': 3.

This variable indicates whether the system produces the cafSecurityViolationNotif. A 'false' value will prevent cafSecurityViolationNotif from being generated by this system.

This object specifies whether the system produces the cafAuthFailNotif. A 'true' value will cause cafAuthFailNotif to be generated by this system when an authentication failure happens. A 'false' value will prevent cafAuthFailNotif from being generated by this system.

The MAC address included in the notification currently being sent, indicating the client who triggered the security violation notification.

The MAC address included in the cafAuthFailNotif being sent, indicating the client which failed to authenticate.

The compliance statement for entities which implement CISCO-AUTH-FRAMEWORK-MIB.

The compliance statement for entities which implement CISCO-AUTH-FRAMEWORK-MIB.

The compliance statement for entities which implement CISCO-AUTH-FRAMEWORK-MIB.

The compliance statement for entities which implement CISCO-AUTH-FRAMEWORK-MIB.

A collection of objects that provides registration information of authentication methods in Authentication Framework.

A collection of objects that provides AAA recovery delay configuration for Authentication Framework in the system.

A collection of objects that provides configuration of Authentication Framework for capable ports in the system.

A collection of objects that provides configuration and information of authentication methods within Authentication Framework for capable ports in the system.

A collection of objects that provides configuration of Auth-Failed behaviour of Authentication Framework for ports in the system.

A collection of objects that provides configuration of Authentication Framework when no-responsive client is detected on a port in the system.

A collection of objects that provides configuration of Authentication Framework when AAA Server Reachability event occurs.

A collection of objects that provides authentication session management information for Authentication Framework.

A collection of objects that provides information about authentication methods associate with Authentication Framework 's authentication sessions in the system.

A collection of objects that provides control over security violation notification for Authentication Framework in the system.

A collection of notification providing information about port's security violation in Authentication Framework.

A collection of objects providing MAC address of the offending client in the security violation notification.

A collection of objects providing VLAN group information of authenticated session in Authentication Framework.

A collection of objects providing MAC move cofiguration information for Authentication Framework on the device.

A collection of objects providing configuration information for the device's behaviour on CoA commands.

A collection of notification providing information about port's authentication failure in Authentication Framework.

A collection of objects that provides control over authentication failure notification for Authentication Framework in the system.

A collection of objects providing MAC address of the failed client in the authentication failure notification.