CISCO-AUTH-FRAMEWORK-MIB

File: CISCO-AUTH-FRAMEWORK-MIB.mib (82613 bytes)

Imported modules

SNMPv2-SMI SNMPv2-CONF SNMPv2-TC
SNMP-FRAMEWORK-MIB INET-ADDRESS-MIB IF-MIB
CISCO-PRIVATE-VLAN-MIB CISCO-NAC-TC-MIB CISCO-SMI

Imported symbols

MODULE-IDENTITY OBJECT-TYPE NOTIFICATION-TYPE
Unsigned32 Integer32 MODULE-COMPLIANCE
NOTIFICATION-GROUP OBJECT-GROUP MacAddress
TEXTUAL-CONVENTION TruthValue SnmpAdminString
InetAddress InetAddressType ifIndex
ifName VlanIndexOrZero CnnEouPostureTokenString
ciscoMgmt

Defined Types

CiscoAuthControlledDirections  
TEXTUAL-CONVENTION    
  current INTEGER both(0), in(1)

CiscoAuthControlledPortControl  
TEXTUAL-CONVENTION    
  current INTEGER forceUnauthorized(1), auto(2), forceAuthorized(3)

CiscoAuthMethod  
TEXTUAL-CONVENTION    
  current INTEGER other(1), dot1x(2), macAuthBypass(3), webAuth(4)

CiscoAuthMethodList  
TEXTUAL-CONVENTION    
  current STRING

CiscoAuthHostMode  
TEXTUAL-CONVENTION    
  current INTEGER singleHost(1), multiHost(2), multiAuth(3), multiDomain(4)

CafAuthMethodRegEntry  
SEQUENCE    
  cafAuthMethod CiscoAuthMethod
  cafAuthMethodDefaultPriority Unsigned32
  cafAuthMethodDefaultExecOrder Unsigned32

CafPortConfigEntry  
SEQUENCE    
  cafPortControlledDirection CiscoAuthControlledDirections
  cafPortFallBackProfile SnmpAdminString
  cafPortAuthHostMode CiscoAuthHostMode
  cafPortPreAuthOpenAccess TruthValue
  cafPortAuthorizeControl CiscoAuthControlledPortControl
  cafPortReauthEnabled TruthValue
  cafPortReauthInterval Unsigned32
  cafPortRestartInterval Unsigned32
  cafPortInactivityTimeout Integer32
  cafPortViolationAction INTEGER

CafPortMethodEntry  
SEQUENCE    
  cafPortMethodAdminExecOrder CiscoAuthMethodList
  cafPortMethodAdminPriority CiscoAuthMethodList
  cafPortMethodAvailable CiscoAuthMethodList
  cafPortMethodOperExecOrder CiscoAuthMethodList
  cafPortMethodOperPriority CiscoAuthMethodList

CafAuthFailedEventPortEntry  
SEQUENCE    
  cafAuthFailedMaxRetry Unsigned32
  cafAuthFailedNoActionEnabled TruthValue
  cafAuthFailedAuthorizedVlan Integer32
  cafAuthFailedNextMethodEnabled TruthValue

CafClientNoRespEventPortEntry  
SEQUENCE    
  cafClientNoRespNoActionEnabled TruthValue
  cafClientNoRespAuthorizedVlan Integer32

CafServerEventPortEntry  
SEQUENCE    
  cafServerDeadNoActionEnabled TruthValue
  cafServerDeadRemainAuthorized TruthValue
  cafServerDeadAuthorizedVlan Integer32
  cafServerAliveAction INTEGER

CafSessionEntry  
SEQUENCE    
  cafSessionId STRING
  cafSessionClientMacAddress MacAddress
  cafSessionClientAddrType InetAddressType
  cafSessionClientAddress InetAddress
  cafSessionStatus INTEGER
  cafSessionDomain INTEGER
  cafSessionAuthHostMode CiscoAuthHostMode
  cafSessionControlledDirection CiscoAuthControlledDirections
  cafSessionPostureToken CnnEouPostureTokenString
  cafSessionAuthUserName SnmpAdminString
  cafSessionClientFramedIpPool SnmpAdminString
  cafSessionAuthorizedBy SnmpAdminString
  cafSessionCriticalTimeLeft Unsigned32
  cafSessionAuthVlan VlanIndexOrZero
  cafSessionTimeout Unsigned32
  cafSessionTimeLeft Unsigned32
  cafSessionTimeoutAction INTEGER
  cafSessionInactivityTimeout Unsigned32
  cafSessionInactivityTimeLeft Unsigned32
  cafSessionReauth TruthValue
  cafSessionTerminate TruthValue
  cafSessionVlanGroupName SnmpAdminString

CafSessionMethodsInfoEntry  
SEQUENCE    
  cafSessionMethod CiscoAuthMethod
  cafSessionMethodState INTEGER

Defined Values

ciscoAuthFrameworkMIB 1.3.6.1.4.1.9.9.656
MIB module for Authentication Framework in the system. Authentication Framework provides generic configurations for authentication methods in the system and manage the failover sequence of these methods in a flexible manner.
MODULE-IDENTITY    

ciscoAuthFrameworkMIBNotifs 1.3.6.1.4.1.9.9.656.0
OBJECT IDENTIFIER    

ciscoAuthFrameworkMIBObjects 1.3.6.1.4.1.9.9.656.1
OBJECT IDENTIFIER    

ciscoAuthFrameworkMIBConform 1.3.6.1.4.1.9.9.656.2
OBJECT IDENTIFIER    

ciscoAuthFrameworkSystem 1.3.6.1.4.1.9.9.656.1.1
OBJECT IDENTIFIER    

ciscoAuthFrwkAuthenticator 1.3.6.1.4.1.9.9.656.1.2
OBJECT IDENTIFIER    

ciscoAuthFrameworkEvent 1.3.6.1.4.1.9.9.656.1.3
OBJECT IDENTIFIER    

ciscoAuthFrameworkSession 1.3.6.1.4.1.9.9.656.1.4
OBJECT IDENTIFIER    

ciscoAuthFrwkNotifControl 1.3.6.1.4.1.9.9.656.1.5
OBJECT IDENTIFIER    

ciscoAuthFrwkNotifInfo 1.3.6.1.4.1.9.9.656.1.6
OBJECT IDENTIFIER    

cafAaaNoRespRecoveryDelay 1.3.6.1.4.1.9.9.656.1.1.1
Specifies the AAA recovery delay for authentication methods registered in Authentication Framework when AAA server becomes active again after being inactive. A value of zero indicates that AAA recovery delay is disabled in the system.
OBJECT-TYPE    
  Unsigned32  

cafAuthMethodRegTable 1.3.6.1.4.1.9.9.656.1.1.2
A list of authentication methods which are currrently registered with Authentication Framework. An entry is created by the agent when an authentication method has successfully registered with Authentication Framework. An entry is deleted by the agent upon de-registration of the authentication method.
OBJECT-TYPE    
  SEQUENCE OF  
    CafAuthMethodRegEntry

cafAuthMethodRegEntry 1.3.6.1.4.1.9.9.656.1.1.2.1
An entry containing registration information of a particular authentication method with Authentication Framework.
OBJECT-TYPE    
  CafAuthMethodRegEntry  

cafAuthMethod 1.3.6.1.4.1.9.9.656.1.1.2.1.1
The authentication method registered with Authentication Framework.
OBJECT-TYPE    
  CiscoAuthMethod  

cafAuthMethodDefaultPriority 1.3.6.1.4.1.9.9.656.1.1.2.1.2
A unique number which indicates the default priority of a authentication method. The default priority is assigned by Authentication Framework during method registration. The method with smallest value has highest priority.
OBJECT-TYPE    
  Unsigned32  

cafAuthMethodDefaultExecOrder 1.3.6.1.4.1.9.9.656.1.1.2.1.3
A unique number which indicates the default execution order of a authentication method. The default execution order is assigned by Authentication Framework during method registration. The method with smallest value will be execute first.
OBJECT-TYPE    
  Unsigned32  

cafMacMoveMode 1.3.6.1.4.1.9.9.656.1.1.3
This object specifies the MAC Move configuration for Authentication Framework. deny : When a host is authenticated on one port, that address is not allowed on another authenticated manager-enabled port of the device. permit: Authenticated hosts are allowed to move from one port to another on the same device. When a host moves to a new port, the authenticated session on the original port is deleted, and the host is reauthenticated on the new port.
OBJECT-TYPE    
  INTEGER deny(1), permit(2)  

cafCoABouncePortCommandIgnoreEnabled 1.3.6.1.4.1.9.9.656.1.1.4
This object specifies whether the device ignores the bounce port command that sent from RADIUS via Change-of-Authorization (CoA) packets.
OBJECT-TYPE    
  TruthValue  

cafCoADisablePortCommandIgnoreEnabled 1.3.6.1.4.1.9.9.656.1.1.5
This object specifies whether the device ingores the disable port command that sent from RADIUS via Change-of-Authorization (CoA) packets.
OBJECT-TYPE    
  TruthValue  

cafPortConfigTable 1.3.6.1.4.1.9.9.656.1.2.1
A list of port entries. An entry will exist for each interface which support Authentication Framework feature.
OBJECT-TYPE    
  SEQUENCE OF  
    CafPortConfigEntry

cafPortConfigEntry 1.3.6.1.4.1.9.9.656.1.2.1.1
An entry containing management information of Authentication Framework applicable to a particular port.
OBJECT-TYPE    
  CafPortConfigEntry  

cafPortControlledDirection 1.3.6.1.4.1.9.9.656.1.2.1.1.1
Specifies the controlled direction of this port.
OBJECT-TYPE    
  CiscoAuthControlledDirections  

cafPortFallBackProfile 1.3.6.1.4.1.9.9.656.1.2.1.1.2
Specifies the name of the fallback profile to be used when failing over to Web Proxy Authentication. A zero length string indicates that fallback mechanism to Web Proxy Authentication is disabled in Authentication Framework.
OBJECT-TYPE    
  SnmpAdminString  

cafPortAuthHostMode 1.3.6.1.4.1.9.9.656.1.2.1.1.3
Specifies the authentication host mode for this port.
OBJECT-TYPE    
  CiscoAuthHostMode  

cafPortPreAuthOpenAccess 1.3.6.1.4.1.9.9.656.1.2.1.1.4
Specifies if the Pre-Authentication Open Access feature allows clients/devices to gain network access before authentication is performed. A value of 'true' for this object indicates that client/device is able to gain network access before authentication is performed.
OBJECT-TYPE    
  TruthValue  

cafPortAuthorizeControl 1.3.6.1.4.1.9.9.656.1.2.1.1.5
Specifies the authorization control for this port.
OBJECT-TYPE    
  CiscoAuthControlledPortControl  

cafPortReauthEnabled 1.3.6.1.4.1.9.9.656.1.2.1.1.6
Specifies if reauthentication is enabled for this port.
OBJECT-TYPE    
  TruthValue  

cafPortReauthInterval 1.3.6.1.4.1.9.9.656.1.2.1.1.7
Specifies the reauthentication interval, after which the port will be reauthenticated if value of the corresponding instance of cafPortReauthEnabled is 'true'. A value of zero indicates that the reauthentication interval is downloaded from AAA server when this port is authenticated.
OBJECT-TYPE    
  Unsigned32  

cafPortRestartInterval 1.3.6.1.4.1.9.9.656.1.2.1.1.8
Specifies the interval after which a further authentication attempt should be made to this port if it is not authorized. A value of zero indicates that no further authentication attempt will be made if this port is unauthorized.
OBJECT-TYPE    
  Unsigned32  

cafPortInactivityTimeout 1.3.6.1.4.1.9.9.656.1.2.1.1.9
Specifies the period of time that a client associating with this port is allowed to be inactive before being terminated. A value of zero indicates that inactivity timeout is disabled on this port. A value of -1 indicates that inactivity timeout is downloaded from the AAA server when this port is authenticated.
OBJECT-TYPE    
  Integer32 -1 | 0 | 1..65535  

cafPortViolationAction 1.3.6.1.4.1.9.9.656.1.2.1.1.10
Specifies the action to be taken due to a security violation occurs on this port. restrict: This port will be moved to restricted state. shutdown: This port will be shutdown from Authentication Framework perspective. protect : This port will be moved to protected state. replace : The current authentication session on this port will be terminated and replaced by a new authentication session, upon the detection of security violation on the current authentication session on the port.
OBJECT-TYPE    
  INTEGER restrict(1), shutdown(2), protect(3), replace(4)  

cafPortMethodTable 1.3.6.1.4.1.9.9.656.1.2.2
The table contains a list of port entries. An entry will exist for each port which supports Authentication Framework feature.
OBJECT-TYPE    
  SEQUENCE OF  
    CafPortMethodEntry

cafPortMethodEntry 1.3.6.1.4.1.9.9.656.1.2.2.1
Entry containing configuration and information of authentication methods for a particular port.
OBJECT-TYPE    
  CafPortMethodEntry  

cafPortMethodAdminExecOrder 1.3.6.1.4.1.9.9.656.1.2.2.1.1
This object specifies the administrative execution order of authentication methods on the port. Methods are executed in the order as specified in the method list. Method which is at the beginning of the method list will be executed first. Method which is at the end of method list will be executed last. A zero length string of this object indicates that no per port execution order configuration has been specified on this port. The actual execution order is based on the value of cafAuthMethodDefaultExecOrder in cafAuthMethodRegTable.
OBJECT-TYPE    
  CiscoAuthMethodList  

cafPortMethodAdminPriority 1.3.6.1.4.1.9.9.656.1.2.2.1.2
This object specifies the administrative priority of authentication methods on the port. The priority of each method is assigned based on the method list. Method which is at the beginning of the method list has highest priority. Method which is at the end of method list has lowest priority. A zero length string of this object indicates that no per port method priority configuration has been specified on this port. The actual execution order is based on the value of cafAuthMethodDefaultExecOrder in cafAuthMethodRegTable.
OBJECT-TYPE    
  CiscoAuthMethodList  

cafPortMethodAvailable 1.3.6.1.4.1.9.9.656.1.2.2.1.3
This object indicates the authentication methods currently available on this port.
OBJECT-TYPE    
  CiscoAuthMethodList  

cafPortMethodOperExecOrder 1.3.6.1.4.1.9.9.656.1.2.2.1.4
This object indicates the operational execution order of authentication methods on this port. Methods are executed in the order as specified in the method list. Method which is at the beginning of the method list will be executed first. Method which is at the end of method list will be executed last.
OBJECT-TYPE    
  CiscoAuthMethodList  

cafPortMethodOperPriority 1.3.6.1.4.1.9.9.656.1.2.2.1.5
This object indicates the operational priority of authentication methods on this port. Methods have the priority as specified in the method list. Method which is at the beginning of the method list has highest priority. Method which is at the end of method list has lowest priority.
OBJECT-TYPE    
  CiscoAuthMethodList  

cafAuthFailedEventPortTable 1.3.6.1.4.1.9.9.656.1.3.1
The table contains a list of port entries. An entry will exist for each port which supports Authentication Fail event within the Authentication Framework.
OBJECT-TYPE    
  SEQUENCE OF  
    CafAuthFailedEventPortEntry

cafAuthFailedEventPortEntry 1.3.6.1.4.1.9.9.656.1.3.1.1
Entry containing management information of Authentication Fail event for a particular port.
OBJECT-TYPE    
  CafAuthFailedEventPortEntry  

cafAuthFailedMaxRetry 1.3.6.1.4.1.9.9.656.1.3.1.1.1
This object specifies the maximum number of retry should be performed before generating Authentication Fail event. A value of zero indicates that Authentication Fail event will be generated upon authentication fail without any retry.
OBJECT-TYPE    
  Unsigned32  

cafAuthFailedNoActionEnabled 1.3.6.1.4.1.9.9.656.1.3.1.1.2
This object specifies whether no action will be performed when an Authentication Fail event occurs. Setting 'true' on this object indicates that no action will be performed when Authentication Fail event occurs. The read-only value 'false' indicates that an action will be performed when an Authentication Fail event occurs.
OBJECT-TYPE    
  TruthValue  

cafAuthFailedAuthorizedVlan 1.3.6.1.4.1.9.9.656.1.3.1.1.3
This object specifies the Authentication Failed VLAN number. The read-only value of -1 indicates that this object is not applicable on this port. The read-only value of zero indicates that this port will not be authorized to any VLAN when Authentication Failed event occurs. Setting a non-zero value on this object indicates that this port will be authorized to the VLAN as specified by this object value, when Authentication Fail event occurs.
OBJECT-TYPE    
  Integer32 -1 | 0 | 1..2147483647  

cafAuthFailedNextMethodEnabled 1.3.6.1.4.1.9.9.656.1.3.1.1.4
This object specifies whether the next authentication method will be used if an Authentication Fail event is generated by the current authentication method. Setting this object to 'true' indicates that the next available authentication method will be used when Authentication Fail event occurs. The read-only value 'false' indicates that the next available authentication method will not be used when Authentication Fail event occurs.
OBJECT-TYPE    
  TruthValue  

cafSecurityViolationClient 1.3.6.1.4.1.9.9.656.1.6.1
The MAC address included in the notification currently being sent, indicating the client who triggered the security violation notification.
OBJECT-TYPE    
  MacAddress  

cafAuthFailClient 1.3.6.1.4.1.9.9.656.1.6.2
The MAC address included in the cafAuthFailNotif being sent, indicating the client which failed to authenticate.
OBJECT-TYPE    
  MacAddress  

cafClientNoRespEventPortTable 1.3.6.1.4.1.9.9.656.1.3.2
The table contains a list of port entries. An entry exists for each port which supports No Response event within the Authentication Framework.
OBJECT-TYPE    
  SEQUENCE OF  
    CafClientNoRespEventPortEntry

cafClientNoRespEventPortEntry 1.3.6.1.4.1.9.9.656.1.3.2.1
Entry containing management information of No Response event for a particular port.
OBJECT-TYPE    
  CafClientNoRespEventPortEntry  

cafClientNoRespNoActionEnabled 1.3.6.1.4.1.9.9.656.1.3.2.1.1
This object specifies whether an action is performed when No Response event occurs. Setting 'true' on this object indicates that no action will be performed when No Response event occurs. The read-only value 'false' of this object indicates that an action will be performed when No Response event occurs.
OBJECT-TYPE    
  TruthValue  

cafClientNoRespAuthorizedVlan 1.3.6.1.4.1.9.9.656.1.3.2.1.2
This object specifies the No Response Authorized VLAN number. The read-only value of -1 indicates that this object is not applicable on this port. The read-only value of zero indicates that this port will not be authorized to any VLAN when No Response event occurs. Setting a non-zero value on this object indicates that this port will be authorized to the VLAN as specified by this object value, when No Response event occurs.
OBJECT-TYPE    
  Integer32 -1 | 0 | 1..2147483647  

cafServerEventPortTable 1.3.6.1.4.1.9.9.656.1.3.3
The table contains a list of port entries. An entry exists for each port which supports AAA Server Reachability event within the Authentication Framework.
OBJECT-TYPE    
  SEQUENCE OF  
    CafServerEventPortEntry

cafServerEventPortEntry 1.3.6.1.4.1.9.9.656.1.3.3.1
Entry containing management information of AAA Server Reachability event for a particular port.
OBJECT-TYPE    
  CafServerEventPortEntry  

cafServerDeadNoActionEnabled 1.3.6.1.4.1.9.9.656.1.3.3.1.1
This object indicates whether an action is performed if an AAA Server Reachability event occurs. Setting 'true' on this object indicates that no action will be performed when AAA Server Reachability event occurs. The read-only value 'false' indicates that an action will be performed when AAA Server Reachability event occurs.
OBJECT-TYPE    
  TruthValue  

cafServerDeadRemainAuthorized 1.3.6.1.4.1.9.9.656.1.3.3.1.2
This object specifies if current authorization will remain unchanged for the port when AAA Server Reachability event occurs. Setting 'true' on this object indicates that current authorization will remain unchanged for the port when AAA Server Reachability event occurs. The read-only value 'false' indicates that the current authorization will not be retained for the port when AAA Server Reachability event occurs.
OBJECT-TYPE    
  TruthValue  

cafServerDeadAuthorizedVlan 1.3.6.1.4.1.9.9.656.1.3.3.1.3
This object specifies the AAA Server Reachability Authorized VLAN number. The read-only value of -1 indicates that this object is not applicable on this port. The read-only value of zero indicates that this port will not be authorized to any VLAN when AAA Server Reachability event occurs. Setting a non-zero value on this object indicates that this port will be authorized to the VLAN as specified by this object value, when AAA Server Reachability event occurs.
OBJECT-TYPE    
  Integer32 -1 | 0 | 1..2147483647  

cafServerAliveAction 1.3.6.1.4.1.9.9.656.1.3.3.1.4
This object specifies the action applied to the port upon AAA recovery. none : no action will be applied. reinitialize: the port will be reinitialized with the current authentication method.
OBJECT-TYPE    
  INTEGER none(1), reinitialize(2)  

cafSessionTable 1.3.6.1.4.1.9.9.656.1.4.1
The table contains a list of authentication session. An entry is created when an authentication session has successfully created within Authentication Framework. An entry is deleted when an authentication session has been removed.
OBJECT-TYPE    
  SEQUENCE OF  
    CafSessionEntry

cafSessionEntry 1.3.6.1.4.1.9.9.656.1.4.1.1
Entry containing management information for a particular authentication session.
OBJECT-TYPE    
  CafSessionEntry  

cafSessionId 1.3.6.1.4.1.9.9.656.1.4.1.1.1
A unique identifier of the authentication session.
OBJECT-TYPE    
  STRING Size(1..64)  

cafSessionClientMacAddress 1.3.6.1.4.1.9.9.656.1.4.1.1.2
Indicates the MAC address of the device associates with the authentication session.
OBJECT-TYPE    
  MacAddress  

cafSessionClientAddrType 1.3.6.1.4.1.9.9.656.1.4.1.1.3
Indicates the type of Internet address of the client associates with the authentication session.
OBJECT-TYPE    
  InetAddressType  

cafSessionClientAddress 1.3.6.1.4.1.9.9.656.1.4.1.1.4
Indicates the Internet address of the client associates with the authentication session. The type of this address is determined by the value of cafSessionClientAddrType object.
OBJECT-TYPE    
  InetAddress  

cafSessionStatus 1.3.6.1.4.1.9.9.656.1.4.1.1.5
Indicates the current status of the authentication session. idle : the session has been initialized and no method has run yet. running : an authentication method is running for this session. noMethod : no authentication method has provided a result for this session. authenticationSuccess: an authentication method has resulted in authentication success for this session. authenticationFailed: an authentication method has resulted in authentication failed for this session. authorizationSuccess: authorization is successful for this session. authorizationFailed : authorization is failed for this session.
OBJECT-TYPE    
  INTEGER idle(1), running(2), noMethod(3), authenticationSuccess(4), authenticationFailed(5), authorizationSuccess(6), authorizationFailed(7)  

cafSessionDomain 1.3.6.1.4.1.9.9.656.1.4.1.1.6
Indicates the type of domain that the authentication session belongs to. other : none of the below. data : indicates the data domain. voice: indicates the voice domain.
OBJECT-TYPE    
  INTEGER other(1), data(2), voice(3)  

cafSessionAuthHostMode 1.3.6.1.4.1.9.9.656.1.4.1.1.7
Indicates the authentication host mode of the port in the authentication session.
OBJECT-TYPE    
  CiscoAuthHostMode  

cafSessionControlledDirection 1.3.6.1.4.1.9.9.656.1.4.1.1.8
Indicates the operational controlled directions parameter for this port in the authentication session.
OBJECT-TYPE    
  CiscoAuthControlledDirections  

cafSessionPostureToken 1.3.6.1.4.1.9.9.656.1.4.1.1.9
Indicates the posture token associates with the authentication session.
OBJECT-TYPE    
  CnnEouPostureTokenString  

cafSessionAuthUserName 1.3.6.1.4.1.9.9.656.1.4.1.1.10
Indicates the name of the authenticated user for the authentication session.
OBJECT-TYPE    
  SnmpAdminString  

cafSessionClientFramedIpPool 1.3.6.1.4.1.9.9.656.1.4.1.1.11
Indicates the name of the address pool from which the session's client IP address is assigned.
OBJECT-TYPE    
  SnmpAdminString  

cafSessionAuthorizedBy 1.3.6.1.4.1.9.9.656.1.4.1.1.12
Indicates the name of the feature which authorizes the authentication session.
OBJECT-TYPE    
  SnmpAdminString  

cafSessionCriticalTimeLeft 1.3.6.1.4.1.9.9.656.1.4.1.1.13
Indicates the leftover time before the next authentication attempt for the authentication session after Server Reachability event occurred. Value zero indicates that this session is currently being authenticated or it is not applicable.
OBJECT-TYPE    
  Unsigned32  

cafSessionAuthVlan 1.3.6.1.4.1.9.9.656.1.4.1.1.14
Indicates the authorized VLAN applied to the authentication session. Value zero indicates that no authorized VLAN has been applied, or it is not applicable.
OBJECT-TYPE    
  VlanIndexOrZero  

cafSessionTimeout 1.3.6.1.4.1.9.9.656.1.4.1.1.15
Indicates the session timeout used by Authentication Framework in the authentication session.
OBJECT-TYPE    
  Unsigned32  

cafSessionTimeLeft 1.3.6.1.4.1.9.9.656.1.4.1.1.16
Indicates the leftover time of the current authentication session.
OBJECT-TYPE    
  Unsigned32  

cafSessionTimeoutAction 1.3.6.1.4.1.9.9.656.1.4.1.1.17
Indicates the timeout action on the authentication session, when value of the corresponding instance of cafSessionTimeLeft reaches zero. unknown : None of the below. terminate : Session will be terminated. reauthenticate: Session will be reauthenticated.
OBJECT-TYPE    
  INTEGER unknown(1), terminate(2), reauthenticate(3)  

cafSessionInactivityTimeout 1.3.6.1.4.1.9.9.656.1.4.1.1.18
Indicates the inactivity timeout used by Authentication Framework in the authentication session.
OBJECT-TYPE    
  Unsigned32  

cafSessionInactivityTimeLeft 1.3.6.1.4.1.9.9.656.1.4.1.1.19
Indicates the leftover time of the inactivity timer of the authentication session.
OBJECT-TYPE    
  Unsigned32  

cafSessionReauth 1.3.6.1.4.1.9.9.656.1.4.1.1.20
The reauthentication control for the authentication session. Setting this object to 'true' cause the current authenticated session to reauthenticate the authenticated client. Setting this object to 'false' has no effect. This object always returns 'false' when being read.
OBJECT-TYPE    
  TruthValue  

cafSessionTerminate 1.3.6.1.4.1.9.9.656.1.4.1.1.21
The termination request control for the authentication session. Setting this object to 'true' terminates the current session. Setting this object to 'false' has no effect. This object always returns 'false' when being read.
OBJECT-TYPE    
  TruthValue  

cafSessionVlanGroupName 1.3.6.1.4.1.9.9.656.1.4.1.1.22
The name of the VLAN group that has been used during VLAN assignment for this session. A zero length string indicates that there is no VLAN group been used during VLAN assignment.
OBJECT-TYPE    
  SnmpAdminString  

cafSessionMethodsInfoTable 1.3.6.1.4.1.9.9.656.1.4.2
The table contains a list of authentication method for every authentication session. An entry exists for each authentication method that can authenticate an authentication session within Authentication Framework.
OBJECT-TYPE    
  SEQUENCE OF  
    CafSessionMethodsInfoEntry

cafSessionMethodsInfoEntry 1.3.6.1.4.1.9.9.656.1.4.2.1
Entry containing method information for a particular runnable authentication methods which is associated with a session for an Authentication Framework managed port.
OBJECT-TYPE    
  CafSessionMethodsInfoEntry  

cafSessionMethod 1.3.6.1.4.1.9.9.656.1.4.2.1.1
Indicates this authentication method.
OBJECT-TYPE    
  CiscoAuthMethod  

cafSessionMethodState 1.3.6.1.4.1.9.9.656.1.4.2.1.2
Indicates the state of this authentication method. notRun : The method has not run for this session. running : The method is running for this session. failedOver : The method has failed and the next method is expected to provide a result. authcSuccess: The method has provided a successful authentication result for this session. authcFailed : The method has provided a failed authentication result for this session.
OBJECT-TYPE    
  INTEGER notRun(1), running(2), failedOver(3), authcSuccess(4), authcFailed(5)  

cafSecurityViolationNotifEnable 1.3.6.1.4.1.9.9.656.1.5.1
This variable indicates whether the system produces the cafSecurityViolationNotif. A 'false' value will prevent cafSecurityViolationNotif from being generated by this system.
OBJECT-TYPE    
  TruthValue  

cafAuthFailNotifEnable 1.3.6.1.4.1.9.9.656.1.5.2
This object specifies whether the system produces the cafAuthFailNotif. A 'true' value will cause cafAuthFailNotif to be generated by this system when an authentication failure happens. A 'false' value will prevent cafAuthFailNotif from being generated by this system.
OBJECT-TYPE    
  TruthValue  

cafSecurityViolationNotif 1.3.6.1.4.1.9.9.656.0.1
A cafSecurityViolationNotif is sent if a security violation is detected on a port, and the instance value of cafSecurityViolationNotifEnable is 'true'.
NOTIFICATION-TYPE    

cafAuthFailNotif 1.3.6.1.4.1.9.9.656.0.2
A cafAuthFailNotif is sent if an authentication failure is detected on a port, and the instance value of cafAuthFailNotifEnable is 'true'. ifName contains the name of the interface where the authentication failure happened. cafAuthFailClient contains the mac address of the client which failed to authenticate.
NOTIFICATION-TYPE    

ciscoAuthFrameworkMIBCompliances 1.3.6.1.4.1.9.9.656.2.1
OBJECT IDENTIFIER    

ciscoAuthFrameworkMIBGroups 1.3.6.1.4.1.9.9.656.2.2
OBJECT IDENTIFIER    

ciscoAuthFrameworkMIBCompliance 1.3.6.1.4.1.9.9.656.2.1.1
Write access is not required.
MODULE-COMPLIANCE    

ciscoAuthFrameworkMIBCompliance2 1.3.6.1.4.1.9.9.656.2.1.2
Write access is not required.
MODULE-COMPLIANCE    

ciscoAuthFrameworkMIBCompliance3 1.3.6.1.4.1.9.9.656.2.1.3
Write access is not required.
MODULE-COMPLIANCE    

ciscoAuthFrameworkMIBCompliance4 1.3.6.1.4.1.9.9.656.2.1.4
Write access is not required.
MODULE-COMPLIANCE    

cafAuthMethodRegGroup 1.3.6.1.4.1.9.9.656.2.2.1
A collection of objects that provides registration information of authentication methods in Authentication Framework.
OBJECT-GROUP    

cafAaaNoRespRecoveryDelayGroup 1.3.6.1.4.1.9.9.656.2.2.2
A collection of objects that provides AAA recovery delay configuration for Authentication Framework in the system.
OBJECT-GROUP    

cafAuthPortConfigGroup 1.3.6.1.4.1.9.9.656.2.2.3
A collection of objects that provides configuration of Authentication Framework for capable ports in the system.
OBJECT-GROUP    

cafPortMethodGroup 1.3.6.1.4.1.9.9.656.2.2.4
A collection of objects that provides configuration and information of authentication methods within Authentication Framework for capable ports in the system.
OBJECT-GROUP    

cafAuthFailedEventGroup 1.3.6.1.4.1.9.9.656.2.2.5
A collection of objects that provides configuration of Auth-Failed behaviour of Authentication Framework for ports in the system.
OBJECT-GROUP    

cafClientNoRespEventGroup 1.3.6.1.4.1.9.9.656.2.2.6
A collection of objects that provides configuration of Authentication Framework when no-responsive client is detected on a port in the system.
OBJECT-GROUP    

cafServerEventGroup 1.3.6.1.4.1.9.9.656.2.2.7
A collection of objects that provides configuration of Authentication Framework when AAA Server Reachability event occurs.
OBJECT-GROUP    

cafSessionGroup 1.3.6.1.4.1.9.9.656.2.2.8
A collection of objects that provides authentication session management information for Authentication Framework.
OBJECT-GROUP    

cafSessionMethodInfoGroup 1.3.6.1.4.1.9.9.656.2.2.9
A collection of objects that provides information about authentication methods associate with Authentication Framework 's authentication sessions in the system.
OBJECT-GROUP    

cafSecViolationNotifEnableGroup 1.3.6.1.4.1.9.9.656.2.2.10
A collection of objects that provides control over security violation notification for Authentication Framework in the system.
OBJECT-GROUP    

cafSecurityViolationNotifGroup 1.3.6.1.4.1.9.9.656.2.2.11
A collection of notification providing information about port's security violation in Authentication Framework.
NOTIFICATION-GROUP    

cafSecurityViolationClientGroup 1.3.6.1.4.1.9.9.656.2.2.12
A collection of objects providing MAC address of the offending client in the security violation notification.
OBJECT-GROUP    

cafSessionVlanGroupNameGroup 1.3.6.1.4.1.9.9.656.2.2.13
A collection of objects providing VLAN group information of authenticated session in Authentication Framework.
OBJECT-GROUP    

cafMacMoveConfigGroup 1.3.6.1.4.1.9.9.656.2.2.14
A collection of objects providing MAC move cofiguration information for Authentication Framework on the device.
OBJECT-GROUP    

cafCoACommandConfigGroup 1.3.6.1.4.1.9.9.656.2.2.15
A collection of objects providing configuration information for the device's behaviour on CoA commands.
OBJECT-GROUP    

cafAuthFailNotifGroup 1.3.6.1.4.1.9.9.656.2.2.16
A collection of notification providing information about port's authentication failure in Authentication Framework.
NOTIFICATION-GROUP    

cafAuthFailNotifEnableGroup 1.3.6.1.4.1.9.9.656.2.2.17
A collection of objects that provides control over authentication failure notification for Authentication Framework in the system.
OBJECT-GROUP    

cafAuthFailClientGroup 1.3.6.1.4.1.9.9.656.2.2.18
A collection of objects providing MAC address of the failed client in the authentication failure notification.
OBJECT-GROUP