CISCO-AUTH-FRAMEWORK-MIB

File: CISCO-AUTH-FRAMEWORK-MIB.mib (82613 bytes)

Imported modules

SNMPv2-SMI	SNMPv2-CONF	SNMPv2-TC
SNMP-FRAMEWORK-MIB	INET-ADDRESS-MIB	IF-MIB
CISCO-PRIVATE-VLAN-MIB	CISCO-NAC-TC-MIB	CISCO-SMI

Imported symbols

MODULE-IDENTITY	OBJECT-TYPE	NOTIFICATION-TYPE
Unsigned32	Integer32	MODULE-COMPLIANCE
NOTIFICATION-GROUP	OBJECT-GROUP	MacAddress
TEXTUAL-CONVENTION	TruthValue	SnmpAdminString
InetAddress	InetAddressType	ifIndex
ifName	VlanIndexOrZero	CnnEouPostureTokenString
ciscoMgmt

Defined Types

CiscoAuthControlledDirections
The controlled direction values for capable ports in Authentication Framework. both: control is required to be exerted over both incoming and outgoing traffic through the controlled port. in : control is required to be exerted over the incoming traffic through the controlled port.
TEXTUAL-CONVENTION
	INTEGER	both(0), in(1)

CiscoAuthControlledPortControl
The authorization control values of Authentication Framework on a controlled port. forceUnauthorized: the controlled port is forced to be unauthorized unconditionally. auto : authorization of the controlled port will be determined by an authentication process. forceAuthorized : The controlled port is forced to be authorized unconditionally.
TEXTUAL-CONVENTION
	INTEGER	forceUnauthorized(1), auto(2), forceAuthorized(3)

CiscoAuthMethod
The authentication methods and protocols supported in Authentication Framework. other : none of the below. dot1x : 802.1x Protocol. macAuthBypass: MAC Authentication Bypass. webAuth : Web-Proxy Authentication. 'other' is a read only value which can not be used in set operation.
TEXTUAL-CONVENTION
	INTEGER	other(1), dot1x(2), macAuthBypass(3), webAuth(4)

CiscoAuthMethodList
The list of authentication methods provided within Authentication Framework. Each octet represents an authentication method which is defined in CiscoAuthMethod. The DESCRIPTION clause of CiscoAuthMethodList objects must fully describe the relationship between methods.
TEXTUAL-CONVENTION
	OCTET STRING

CiscoAuthHostMode
The authentication mode of a controlled port. singleHost: port allows one host to connect and authenticate in a single domain. multiHost : port allows multiple hosts to connect. Once a host is authenticated, all remaining hosts are also authenticated in a single domain. multiAuth : port allows multiple hosts to connect. Each host is authenticated separately in a single domain. multiDomain: port allows multiple domains to be authenticated.
TEXTUAL-CONVENTION
	INTEGER	singleHost(1), multiHost(2), multiAuth(3), multiDomain(4)

CafAuthMethodRegEntry
SEQUENCE
	cafAuthMethod	CiscoAuthMethod
	cafAuthMethodDefaultPriority	Unsigned32
	cafAuthMethodDefaultExecOrder	Unsigned32

CafPortConfigEntry
SEQUENCE
	cafPortControlledDirection	CiscoAuthControlledDirections
	cafPortFallBackProfile	SnmpAdminString
	cafPortAuthHostMode	CiscoAuthHostMode
	cafPortPreAuthOpenAccess	TruthValue
	cafPortAuthorizeControl	CiscoAuthControlledPortControl
	cafPortReauthEnabled	TruthValue
	cafPortReauthInterval	Unsigned32
	cafPortRestartInterval	Unsigned32
	cafPortInactivityTimeout	Integer32
	cafPortViolationAction	INTEGER

CafPortMethodEntry
SEQUENCE
	cafPortMethodAdminExecOrder	CiscoAuthMethodList
	cafPortMethodAdminPriority	CiscoAuthMethodList
	cafPortMethodAvailable	CiscoAuthMethodList
	cafPortMethodOperExecOrder	CiscoAuthMethodList
	cafPortMethodOperPriority	CiscoAuthMethodList

CafAuthFailedEventPortEntry
SEQUENCE
	cafAuthFailedMaxRetry	Unsigned32
	cafAuthFailedNoActionEnabled	TruthValue
	cafAuthFailedAuthorizedVlan	Integer32
	cafAuthFailedNextMethodEnabled	TruthValue

CafClientNoRespEventPortEntry
SEQUENCE
	cafClientNoRespNoActionEnabled	TruthValue
	cafClientNoRespAuthorizedVlan	Integer32

CafServerEventPortEntry
SEQUENCE
	cafServerDeadNoActionEnabled	TruthValue
	cafServerDeadRemainAuthorized	TruthValue
	cafServerDeadAuthorizedVlan	Integer32
	cafServerAliveAction	INTEGER

CafSessionEntry
SEQUENCE
	cafSessionId	OCTET STRING
	cafSessionClientMacAddress	MacAddress
	cafSessionClientAddrType	InetAddressType
	cafSessionClientAddress	InetAddress
	cafSessionStatus	INTEGER
	cafSessionDomain	INTEGER
	cafSessionAuthHostMode	CiscoAuthHostMode
	cafSessionControlledDirection	CiscoAuthControlledDirections
	cafSessionPostureToken	CnnEouPostureTokenString
	cafSessionAuthUserName	SnmpAdminString
	cafSessionClientFramedIpPool	SnmpAdminString
	cafSessionAuthorizedBy	SnmpAdminString
	cafSessionCriticalTimeLeft	Unsigned32
	cafSessionAuthVlan	VlanIndexOrZero
	cafSessionTimeout	Unsigned32
	cafSessionTimeLeft	Unsigned32
	cafSessionTimeoutAction	INTEGER
	cafSessionInactivityTimeout	Unsigned32
	cafSessionInactivityTimeLeft	Unsigned32
	cafSessionReauth	TruthValue
	cafSessionTerminate	TruthValue
	cafSessionVlanGroupName	SnmpAdminString

CafSessionMethodsInfoEntry
SEQUENCE
	cafSessionMethod	CiscoAuthMethod
	cafSessionMethodState	INTEGER

Defined Values

ciscoAuthFrameworkMIB		1.3.6.1.4.1.9.9.656
MIB module for Authentication Framework in the system. Authentication Framework provides generic configurations for authentication methods in the system and manage the failover sequence of these methods in a flexible manner.
MODULE-IDENTITY

ciscoAuthFrameworkMIBNotifs		1.3.6.1.4.1.9.9.656.0
OBJECT IDENTIFIER

ciscoAuthFrameworkMIBObjects		1.3.6.1.4.1.9.9.656.1
OBJECT IDENTIFIER

ciscoAuthFrameworkMIBConform		1.3.6.1.4.1.9.9.656.2
OBJECT IDENTIFIER

ciscoAuthFrameworkSystem		1.3.6.1.4.1.9.9.656.1.1
OBJECT IDENTIFIER

ciscoAuthFrwkAuthenticator		1.3.6.1.4.1.9.9.656.1.2
OBJECT IDENTIFIER

ciscoAuthFrameworkEvent		1.3.6.1.4.1.9.9.656.1.3
OBJECT IDENTIFIER

ciscoAuthFrameworkSession		1.3.6.1.4.1.9.9.656.1.4
OBJECT IDENTIFIER

ciscoAuthFrwkNotifControl		1.3.6.1.4.1.9.9.656.1.5
OBJECT IDENTIFIER

ciscoAuthFrwkNotifInfo		1.3.6.1.4.1.9.9.656.1.6
OBJECT IDENTIFIER

cafAaaNoRespRecoveryDelay		1.3.6.1.4.1.9.9.656.1.1.1
Specifies the AAA recovery delay for authentication methods registered in Authentication Framework when AAA server becomes active again after being inactive. A value of zero indicates that AAA recovery delay is disabled in the system.
Status: current	Access: read-write
OBJECT-TYPE
	Unsigned32

cafAuthMethodRegTable		1.3.6.1.4.1.9.9.656.1.1.2
A list of authentication methods which are currrently registered with Authentication Framework. An entry is created by the agent when an authentication method has successfully registered with Authentication Framework. An entry is deleted by the agent upon de-registration of the authentication method.
Status: current	Access: not-accessible
OBJECT-TYPE
	SEQUENCE OF
		CafAuthMethodRegEntry

cafAuthMethodRegEntry		1.3.6.1.4.1.9.9.656.1.1.2.1
An entry containing registration information of a particular authentication method with Authentication Framework.
Status: current	Access: not-accessible
OBJECT-TYPE
	CafAuthMethodRegEntry

cafAuthMethod		1.3.6.1.4.1.9.9.656.1.1.2.1.1
The authentication method registered with Authentication Framework.
Status: current	Access: not-accessible
OBJECT-TYPE
	CiscoAuthMethod

cafAuthMethodDefaultPriority		1.3.6.1.4.1.9.9.656.1.1.2.1.2
A unique number which indicates the default priority of a authentication method. The default priority is assigned by Authentication Framework during method registration. The method with smallest value has highest priority.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cafAuthMethodDefaultExecOrder		1.3.6.1.4.1.9.9.656.1.1.2.1.3
A unique number which indicates the default execution order of a authentication method. The default execution order is assigned by Authentication Framework during method registration. The method with smallest value will be execute first.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cafMacMoveMode		1.3.6.1.4.1.9.9.656.1.1.3
This object specifies the MAC Move configuration for Authentication Framework. deny : When a host is authenticated on one port, that address is not allowed on another authenticated manager-enabled port of the device. permit: Authenticated hosts are allowed to move from one port to another on the same device. When a host moves to a new port, the authenticated session on the original port is deleted, and the host is reauthenticated on the new port.
Status: current	Access: read-write
OBJECT-TYPE
	INTEGER	deny(1), permit(2)

cafCoABouncePortCommandIgnoreEnabled		1.3.6.1.4.1.9.9.656.1.1.4
This object specifies whether the device ignores the bounce port command that sent from RADIUS via Change-of-Authorization (CoA) packets.
Status: current	Access: read-write
OBJECT-TYPE
	TruthValue

cafCoADisablePortCommandIgnoreEnabled		1.3.6.1.4.1.9.9.656.1.1.5
This object specifies whether the device ingores the disable port command that sent from RADIUS via Change-of-Authorization (CoA) packets.
Status: current	Access: read-write
OBJECT-TYPE
	TruthValue

cafPortConfigTable		1.3.6.1.4.1.9.9.656.1.2.1
A list of port entries. An entry will exist for each interface which support Authentication Framework feature.
Status: current	Access: not-accessible
OBJECT-TYPE
	SEQUENCE OF
		CafPortConfigEntry

cafPortConfigEntry		1.3.6.1.4.1.9.9.656.1.2.1.1
An entry containing management information of Authentication Framework applicable to a particular port.
Status: current	Access: not-accessible
OBJECT-TYPE
	CafPortConfigEntry

cafPortControlledDirection		1.3.6.1.4.1.9.9.656.1.2.1.1.1
Specifies the controlled direction of this port.
Status: current	Access: read-write
OBJECT-TYPE
	CiscoAuthControlledDirections

cafPortFallBackProfile		1.3.6.1.4.1.9.9.656.1.2.1.1.2
Specifies the name of the fallback profile to be used when failing over to Web Proxy Authentication. A zero length string indicates that fallback mechanism to Web Proxy Authentication is disabled in Authentication Framework.
Status: current	Access: read-write
OBJECT-TYPE
	SnmpAdminString

cafPortAuthHostMode		1.3.6.1.4.1.9.9.656.1.2.1.1.3
Specifies the authentication host mode for this port.
Status: current	Access: read-write
OBJECT-TYPE
	CiscoAuthHostMode

cafPortPreAuthOpenAccess		1.3.6.1.4.1.9.9.656.1.2.1.1.4
Specifies if the Pre-Authentication Open Access feature allows clients/devices to gain network access before authentication is performed. A value of 'true' for this object indicates that client/device is able to gain network access before authentication is performed.
Status: current	Access: read-write
OBJECT-TYPE
	TruthValue

cafPortAuthorizeControl		1.3.6.1.4.1.9.9.656.1.2.1.1.5
Specifies the authorization control for this port.
Status: current	Access: read-write
OBJECT-TYPE
	CiscoAuthControlledPortControl

cafPortReauthEnabled		1.3.6.1.4.1.9.9.656.1.2.1.1.6
Specifies if reauthentication is enabled for this port.
Status: current	Access: read-write
OBJECT-TYPE
	TruthValue

cafPortReauthInterval		1.3.6.1.4.1.9.9.656.1.2.1.1.7
Specifies the reauthentication interval, after which the port will be reauthenticated if value of the corresponding instance of cafPortReauthEnabled is 'true'. A value of zero indicates that the reauthentication interval is downloaded from AAA server when this port is authenticated.
Status: current	Access: read-write
OBJECT-TYPE
	Unsigned32

cafPortRestartInterval		1.3.6.1.4.1.9.9.656.1.2.1.1.8
Specifies the interval after which a further authentication attempt should be made to this port if it is not authorized. A value of zero indicates that no further authentication attempt will be made if this port is unauthorized.
Status: current	Access: read-write
OBJECT-TYPE
	Unsigned32

cafPortInactivityTimeout		1.3.6.1.4.1.9.9.656.1.2.1.1.9
Specifies the period of time that a client associating with this port is allowed to be inactive before being terminated. A value of zero indicates that inactivity timeout is disabled on this port. A value of -1 indicates that inactivity timeout is downloaded from the AAA server when this port is authenticated.
Status: current	Access: read-write
OBJECT-TYPE
	Integer32	-1 \| 0 \| 1..65535

cafPortViolationAction		1.3.6.1.4.1.9.9.656.1.2.1.1.10
Specifies the action to be taken due to a security violation occurs on this port. restrict: This port will be moved to restricted state. shutdown: This port will be shutdown from Authentication Framework perspective. protect : This port will be moved to protected state. replace : The current authentication session on this port will be terminated and replaced by a new authentication session, upon the detection of security violation on the current authentication session on the port.
Status: current	Access: read-write
OBJECT-TYPE
	INTEGER	restrict(1), shutdown(2), protect(3), replace(4)

cafPortMethodTable		1.3.6.1.4.1.9.9.656.1.2.2
The table contains a list of port entries. An entry will exist for each port which supports Authentication Framework feature.
Status: current	Access: not-accessible
OBJECT-TYPE
	SEQUENCE OF
		CafPortMethodEntry

cafPortMethodEntry		1.3.6.1.4.1.9.9.656.1.2.2.1
Entry containing configuration and information of authentication methods for a particular port.
Status: current	Access: not-accessible
OBJECT-TYPE
	CafPortMethodEntry

cafPortMethodAdminExecOrder		1.3.6.1.4.1.9.9.656.1.2.2.1.1
This object specifies the administrative execution order of authentication methods on the port. Methods are executed in the order as specified in the method list. Method which is at the beginning of the method list will be executed first. Method which is at the end of method list will be executed last. A zero length string of this object indicates that no per port execution order configuration has been specified on this port. The actual execution order is based on the value of cafAuthMethodDefaultExecOrder in cafAuthMethodRegTable.
Status: current	Access: read-write
OBJECT-TYPE
	CiscoAuthMethodList

cafPortMethodAdminPriority		1.3.6.1.4.1.9.9.656.1.2.2.1.2
This object specifies the administrative priority of authentication methods on the port. The priority of each method is assigned based on the method list. Method which is at the beginning of the method list has highest priority. Method which is at the end of method list has lowest priority. A zero length string of this object indicates that no per port method priority configuration has been specified on this port. The actual execution order is based on the value of cafAuthMethodDefaultExecOrder in cafAuthMethodRegTable.
Status: current	Access: read-write
OBJECT-TYPE
	CiscoAuthMethodList

cafPortMethodAvailable		1.3.6.1.4.1.9.9.656.1.2.2.1.3
This object indicates the authentication methods currently available on this port.
Status: current	Access: read-only
OBJECT-TYPE
	CiscoAuthMethodList

cafPortMethodOperExecOrder		1.3.6.1.4.1.9.9.656.1.2.2.1.4
This object indicates the operational execution order of authentication methods on this port. Methods are executed in the order as specified in the method list. Method which is at the beginning of the method list will be executed first. Method which is at the end of method list will be executed last.
Status: current	Access: read-only
OBJECT-TYPE
	CiscoAuthMethodList

cafPortMethodOperPriority		1.3.6.1.4.1.9.9.656.1.2.2.1.5
This object indicates the operational priority of authentication methods on this port. Methods have the priority as specified in the method list. Method which is at the beginning of the method list has highest priority. Method which is at the end of method list has lowest priority.
Status: current	Access: read-only
OBJECT-TYPE
	CiscoAuthMethodList

cafAuthFailedEventPortTable		1.3.6.1.4.1.9.9.656.1.3.1
The table contains a list of port entries. An entry will exist for each port which supports Authentication Fail event within the Authentication Framework.
Status: current	Access: not-accessible
OBJECT-TYPE
	SEQUENCE OF
		CafAuthFailedEventPortEntry

cafAuthFailedEventPortEntry		1.3.6.1.4.1.9.9.656.1.3.1.1
Entry containing management information of Authentication Fail event for a particular port.
Status: current	Access: not-accessible
OBJECT-TYPE
	CafAuthFailedEventPortEntry

cafAuthFailedMaxRetry		1.3.6.1.4.1.9.9.656.1.3.1.1.1
This object specifies the maximum number of retry should be performed before generating Authentication Fail event. A value of zero indicates that Authentication Fail event will be generated upon authentication fail without any retry.
Status: current	Access: read-write
OBJECT-TYPE
	Unsigned32

cafAuthFailedNoActionEnabled		1.3.6.1.4.1.9.9.656.1.3.1.1.2
This object specifies whether no action will be performed when an Authentication Fail event occurs. Setting 'true' on this object indicates that no action will be performed when Authentication Fail event occurs. The read-only value 'false' indicates that an action will be performed when an Authentication Fail event occurs.
Status: current	Access: read-write
OBJECT-TYPE
	TruthValue

cafAuthFailedAuthorizedVlan		1.3.6.1.4.1.9.9.656.1.3.1.1.3
This object specifies the Authentication Failed VLAN number. The read-only value of -1 indicates that this object is not applicable on this port. The read-only value of zero indicates that this port will not be authorized to any VLAN when Authentication Failed event occurs. Setting a non-zero value on this object indicates that this port will be authorized to the VLAN as specified by this object value, when Authentication Fail event occurs.
Status: current	Access: read-write
OBJECT-TYPE
	Integer32	-1 \| 0 \| 1..2147483647

cafAuthFailedNextMethodEnabled		1.3.6.1.4.1.9.9.656.1.3.1.1.4
This object specifies whether the next authentication method will be used if an Authentication Fail event is generated by the current authentication method. Setting this object to 'true' indicates that the next available authentication method will be used when Authentication Fail event occurs. The read-only value 'false' indicates that the next available authentication method will not be used when Authentication Fail event occurs.
Status: current	Access: read-write
OBJECT-TYPE
	TruthValue

cafSecurityViolationClient		1.3.6.1.4.1.9.9.656.1.6.1
The MAC address included in the notification currently being sent, indicating the client who triggered the security violation notification.
Status: current	Access: accessible-for-notify
OBJECT-TYPE
	MacAddress

cafAuthFailClient		1.3.6.1.4.1.9.9.656.1.6.2
The MAC address included in the cafAuthFailNotif being sent, indicating the client which failed to authenticate.
Status: current	Access: accessible-for-notify
OBJECT-TYPE
	MacAddress

cafClientNoRespEventPortTable		1.3.6.1.4.1.9.9.656.1.3.2
The table contains a list of port entries. An entry exists for each port which supports No Response event within the Authentication Framework.
Status: current	Access: not-accessible
OBJECT-TYPE
	SEQUENCE OF
		CafClientNoRespEventPortEntry

cafClientNoRespEventPortEntry		1.3.6.1.4.1.9.9.656.1.3.2.1
Entry containing management information of No Response event for a particular port.
Status: current	Access: not-accessible
OBJECT-TYPE
	CafClientNoRespEventPortEntry

cafClientNoRespNoActionEnabled		1.3.6.1.4.1.9.9.656.1.3.2.1.1
This object specifies whether an action is performed when No Response event occurs. Setting 'true' on this object indicates that no action will be performed when No Response event occurs. The read-only value 'false' of this object indicates that an action will be performed when No Response event occurs.
Status: current	Access: read-write
OBJECT-TYPE
	TruthValue

cafClientNoRespAuthorizedVlan		1.3.6.1.4.1.9.9.656.1.3.2.1.2
This object specifies the No Response Authorized VLAN number. The read-only value of -1 indicates that this object is not applicable on this port. The read-only value of zero indicates that this port will not be authorized to any VLAN when No Response event occurs. Setting a non-zero value on this object indicates that this port will be authorized to the VLAN as specified by this object value, when No Response event occurs.
Status: current	Access: read-write
OBJECT-TYPE
	Integer32	-1 \| 0 \| 1..2147483647

cafServerEventPortTable		1.3.6.1.4.1.9.9.656.1.3.3
The table contains a list of port entries. An entry exists for each port which supports AAA Server Reachability event within the Authentication Framework.
Status: current	Access: not-accessible
OBJECT-TYPE
	SEQUENCE OF
		CafServerEventPortEntry

cafServerEventPortEntry		1.3.6.1.4.1.9.9.656.1.3.3.1
Entry containing management information of AAA Server Reachability event for a particular port.
Status: current	Access: not-accessible
OBJECT-TYPE
	CafServerEventPortEntry

cafServerDeadNoActionEnabled		1.3.6.1.4.1.9.9.656.1.3.3.1.1
This object indicates whether an action is performed if an AAA Server Reachability event occurs. Setting 'true' on this object indicates that no action will be performed when AAA Server Reachability event occurs. The read-only value 'false' indicates that an action will be performed when AAA Server Reachability event occurs.
Status: current	Access: read-write
OBJECT-TYPE
	TruthValue

cafServerDeadRemainAuthorized		1.3.6.1.4.1.9.9.656.1.3.3.1.2
This object specifies if current authorization will remain unchanged for the port when AAA Server Reachability event occurs. Setting 'true' on this object indicates that current authorization will remain unchanged for the port when AAA Server Reachability event occurs. The read-only value 'false' indicates that the current authorization will not be retained for the port when AAA Server Reachability event occurs.
Status: current	Access: read-write
OBJECT-TYPE
	TruthValue

cafServerDeadAuthorizedVlan		1.3.6.1.4.1.9.9.656.1.3.3.1.3
This object specifies the AAA Server Reachability Authorized VLAN number. The read-only value of -1 indicates that this object is not applicable on this port. The read-only value of zero indicates that this port will not be authorized to any VLAN when AAA Server Reachability event occurs. Setting a non-zero value on this object indicates that this port will be authorized to the VLAN as specified by this object value, when AAA Server Reachability event occurs.
Status: current	Access: read-write
OBJECT-TYPE
	Integer32	-1 \| 0 \| 1..2147483647

cafServerAliveAction		1.3.6.1.4.1.9.9.656.1.3.3.1.4
This object specifies the action applied to the port upon AAA recovery. none : no action will be applied. reinitialize: the port will be reinitialized with the current authentication method.
Status: current	Access: read-write
OBJECT-TYPE
	INTEGER	none(1), reinitialize(2)

cafSessionTable		1.3.6.1.4.1.9.9.656.1.4.1
The table contains a list of authentication session. An entry is created when an authentication session has successfully created within Authentication Framework. An entry is deleted when an authentication session has been removed.
Status: current	Access: not-accessible
OBJECT-TYPE
	SEQUENCE OF
		CafSessionEntry

cafSessionEntry		1.3.6.1.4.1.9.9.656.1.4.1.1
Entry containing management information for a particular authentication session.
Status: current	Access: not-accessible
OBJECT-TYPE
	CafSessionEntry

cafSessionId		1.3.6.1.4.1.9.9.656.1.4.1.1.1
A unique identifier of the authentication session.
Status: current	Access: not-accessible
OBJECT-TYPE
	OCTET STRING	Size(1..64)

cafSessionClientMacAddress		1.3.6.1.4.1.9.9.656.1.4.1.1.2
Indicates the MAC address of the device associates with the authentication session.
Status: current	Access: read-only
OBJECT-TYPE
	MacAddress

cafSessionClientAddrType		1.3.6.1.4.1.9.9.656.1.4.1.1.3
Indicates the type of Internet address of the client associates with the authentication session.
Status: current	Access: read-only
OBJECT-TYPE
	InetAddressType

cafSessionClientAddress		1.3.6.1.4.1.9.9.656.1.4.1.1.4
Indicates the Internet address of the client associates with the authentication session. The type of this address is determined by the value of cafSessionClientAddrType object.
Status: current	Access: read-only
OBJECT-TYPE
	InetAddress

cafSessionStatus		1.3.6.1.4.1.9.9.656.1.4.1.1.5
Indicates the current status of the authentication session. idle : the session has been initialized and no method has run yet. running : an authentication method is running for this session. noMethod : no authentication method has provided a result for this session. authenticationSuccess: an authentication method has resulted in authentication success for this session. authenticationFailed: an authentication method has resulted in authentication failed for this session. authorizationSuccess: authorization is successful for this session. authorizationFailed : authorization is failed for this session.
Status: current	Access: read-only
OBJECT-TYPE
	INTEGER	idle(1), running(2), noMethod(3), authenticationSuccess(4), authenticationFailed(5), authorizationSuccess(6), authorizationFailed(7)

cafSessionDomain		1.3.6.1.4.1.9.9.656.1.4.1.1.6
Indicates the type of domain that the authentication session belongs to. other : none of the below. data : indicates the data domain. voice: indicates the voice domain.
Status: current	Access: read-only
OBJECT-TYPE
	INTEGER	other(1), data(2), voice(3)

cafSessionAuthHostMode		1.3.6.1.4.1.9.9.656.1.4.1.1.7
Indicates the authentication host mode of the port in the authentication session.
Status: current	Access: read-only
OBJECT-TYPE
	CiscoAuthHostMode

cafSessionControlledDirection		1.3.6.1.4.1.9.9.656.1.4.1.1.8
Indicates the operational controlled directions parameter for this port in the authentication session.
Status: current	Access: read-only
OBJECT-TYPE
	CiscoAuthControlledDirections

cafSessionPostureToken		1.3.6.1.4.1.9.9.656.1.4.1.1.9
Indicates the posture token associates with the authentication session.
Status: current	Access: read-only
OBJECT-TYPE
	CnnEouPostureTokenString

cafSessionAuthUserName		1.3.6.1.4.1.9.9.656.1.4.1.1.10
Indicates the name of the authenticated user for the authentication session.
Status: current	Access: read-only
OBJECT-TYPE
	SnmpAdminString

cafSessionClientFramedIpPool		1.3.6.1.4.1.9.9.656.1.4.1.1.11
Indicates the name of the address pool from which the session's client IP address is assigned.
Status: current	Access: read-only
OBJECT-TYPE
	SnmpAdminString

cafSessionAuthorizedBy		1.3.6.1.4.1.9.9.656.1.4.1.1.12
Indicates the name of the feature which authorizes the authentication session.
Status: current	Access: read-only
OBJECT-TYPE
	SnmpAdminString

cafSessionCriticalTimeLeft		1.3.6.1.4.1.9.9.656.1.4.1.1.13
Indicates the leftover time before the next authentication attempt for the authentication session after Server Reachability event occurred. Value zero indicates that this session is currently being authenticated or it is not applicable.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cafSessionAuthVlan		1.3.6.1.4.1.9.9.656.1.4.1.1.14
Indicates the authorized VLAN applied to the authentication session. Value zero indicates that no authorized VLAN has been applied, or it is not applicable.
Status: current	Access: read-only
OBJECT-TYPE
	VlanIndexOrZero

cafSessionTimeout		1.3.6.1.4.1.9.9.656.1.4.1.1.15
Indicates the session timeout used by Authentication Framework in the authentication session.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cafSessionTimeLeft		1.3.6.1.4.1.9.9.656.1.4.1.1.16
Indicates the leftover time of the current authentication session.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cafSessionTimeoutAction		1.3.6.1.4.1.9.9.656.1.4.1.1.17
Indicates the timeout action on the authentication session, when value of the corresponding instance of cafSessionTimeLeft reaches zero. unknown : None of the below. terminate : Session will be terminated. reauthenticate: Session will be reauthenticated.
Status: current	Access: read-only
OBJECT-TYPE
	INTEGER	unknown(1), terminate(2), reauthenticate(3)

cafSessionInactivityTimeout		1.3.6.1.4.1.9.9.656.1.4.1.1.18
Indicates the inactivity timeout used by Authentication Framework in the authentication session.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cafSessionInactivityTimeLeft		1.3.6.1.4.1.9.9.656.1.4.1.1.19
Indicates the leftover time of the inactivity timer of the authentication session.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cafSessionReauth		1.3.6.1.4.1.9.9.656.1.4.1.1.20
The reauthentication control for the authentication session. Setting this object to 'true' cause the current authenticated session to reauthenticate the authenticated client. Setting this object to 'false' has no effect. This object always returns 'false' when being read.
Status: current	Access: read-write
OBJECT-TYPE
	TruthValue

cafSessionTerminate		1.3.6.1.4.1.9.9.656.1.4.1.1.21
The termination request control for the authentication session. Setting this object to 'true' terminates the current session. Setting this object to 'false' has no effect. This object always returns 'false' when being read.
Status: current	Access: read-write
OBJECT-TYPE
	TruthValue

cafSessionVlanGroupName		1.3.6.1.4.1.9.9.656.1.4.1.1.22
The name of the VLAN group that has been used during VLAN assignment for this session. A zero length string indicates that there is no VLAN group been used during VLAN assignment.
Status: current	Access: read-only
OBJECT-TYPE
	SnmpAdminString

cafSessionMethodsInfoTable		1.3.6.1.4.1.9.9.656.1.4.2
The table contains a list of authentication method for every authentication session. An entry exists for each authentication method that can authenticate an authentication session within Authentication Framework.
Status: current	Access: not-accessible
OBJECT-TYPE
	SEQUENCE OF
		CafSessionMethodsInfoEntry

cafSessionMethodsInfoEntry		1.3.6.1.4.1.9.9.656.1.4.2.1
Entry containing method information for a particular runnable authentication methods which is associated with a session for an Authentication Framework managed port.
Status: current	Access: not-accessible
OBJECT-TYPE
	CafSessionMethodsInfoEntry

cafSessionMethod		1.3.6.1.4.1.9.9.656.1.4.2.1.1
Indicates this authentication method.
Status: current	Access: not-accessible
OBJECT-TYPE
	CiscoAuthMethod

cafSessionMethodState		1.3.6.1.4.1.9.9.656.1.4.2.1.2
Indicates the state of this authentication method. notRun : The method has not run for this session. running : The method is running for this session. failedOver : The method has failed and the next method is expected to provide a result. authcSuccess: The method has provided a successful authentication result for this session. authcFailed : The method has provided a failed authentication result for this session.
Status: current	Access: read-only
OBJECT-TYPE
	INTEGER	notRun(1), running(2), failedOver(3), authcSuccess(4), authcFailed(5)

cafSecurityViolationNotifEnable		1.3.6.1.4.1.9.9.656.1.5.1
This variable indicates whether the system produces the cafSecurityViolationNotif. A 'false' value will prevent cafSecurityViolationNotif from being generated by this system.
Status: current	Access: read-write
OBJECT-TYPE
	TruthValue

cafAuthFailNotifEnable		1.3.6.1.4.1.9.9.656.1.5.2
This object specifies whether the system produces the cafAuthFailNotif. A 'true' value will cause cafAuthFailNotif to be generated by this system when an authentication failure happens. A 'false' value will prevent cafAuthFailNotif from being generated by this system.
Status: current	Access: read-write
OBJECT-TYPE
	TruthValue

cafSecurityViolationNotif		1.3.6.1.4.1.9.9.656.0.1
A cafSecurityViolationNotif is sent if a security violation is detected on a port, and the instance value of cafSecurityViolationNotifEnable is 'true'.
Status: current	Access: read-write
NOTIFICATION-TYPE

cafAuthFailNotif		1.3.6.1.4.1.9.9.656.0.2
A cafAuthFailNotif is sent if an authentication failure is detected on a port, and the instance value of cafAuthFailNotifEnable is 'true'. ifName contains the name of the interface where the authentication failure happened. cafAuthFailClient contains the mac address of the client which failed to authenticate.
Status: current	Access: read-write
NOTIFICATION-TYPE

ciscoAuthFrameworkMIBCompliances		1.3.6.1.4.1.9.9.656.2.1
OBJECT IDENTIFIER

ciscoAuthFrameworkMIBGroups		1.3.6.1.4.1.9.9.656.2.2
OBJECT IDENTIFIER

ciscoAuthFrameworkMIBCompliance		1.3.6.1.4.1.9.9.656.2.1.1
The compliance statement for entities which implement CISCO-AUTH-FRAMEWORK-MIB.
Status: deprecated	Access: read-only
MODULE-COMPLIANCE

ciscoAuthFrameworkMIBCompliance2		1.3.6.1.4.1.9.9.656.2.1.2
The compliance statement for entities which implement CISCO-AUTH-FRAMEWORK-MIB.
Status: deprecated	Access: read-only
MODULE-COMPLIANCE

ciscoAuthFrameworkMIBCompliance3		1.3.6.1.4.1.9.9.656.2.1.3
The compliance statement for entities which implement CISCO-AUTH-FRAMEWORK-MIB.
Status: deprecated	Access: read-only
MODULE-COMPLIANCE

ciscoAuthFrameworkMIBCompliance4		1.3.6.1.4.1.9.9.656.2.1.4
The compliance statement for entities which implement CISCO-AUTH-FRAMEWORK-MIB.
Status: current	Access: read-only
MODULE-COMPLIANCE

cafAuthMethodRegGroup		1.3.6.1.4.1.9.9.656.2.2.1
A collection of objects that provides registration information of authentication methods in Authentication Framework.
Status: current	Access: read-only
OBJECT-GROUP

cafAaaNoRespRecoveryDelayGroup		1.3.6.1.4.1.9.9.656.2.2.2
A collection of objects that provides AAA recovery delay configuration for Authentication Framework in the system.
Status: current	Access: read-only
OBJECT-GROUP

cafAuthPortConfigGroup		1.3.6.1.4.1.9.9.656.2.2.3
A collection of objects that provides configuration of Authentication Framework for capable ports in the system.
Status: current	Access: read-only
OBJECT-GROUP

cafPortMethodGroup		1.3.6.1.4.1.9.9.656.2.2.4
A collection of objects that provides configuration and information of authentication methods within Authentication Framework for capable ports in the system.
Status: current	Access: read-only
OBJECT-GROUP

cafAuthFailedEventGroup		1.3.6.1.4.1.9.9.656.2.2.5
A collection of objects that provides configuration of Auth-Failed behaviour of Authentication Framework for ports in the system.
Status: current	Access: read-only
OBJECT-GROUP

cafClientNoRespEventGroup		1.3.6.1.4.1.9.9.656.2.2.6
A collection of objects that provides configuration of Authentication Framework when no-responsive client is detected on a port in the system.
Status: current	Access: read-only
OBJECT-GROUP

cafServerEventGroup		1.3.6.1.4.1.9.9.656.2.2.7
A collection of objects that provides configuration of Authentication Framework when AAA Server Reachability event occurs.
Status: current	Access: read-only
OBJECT-GROUP

cafSessionGroup		1.3.6.1.4.1.9.9.656.2.2.8
A collection of objects that provides authentication session management information for Authentication Framework.
Status: current	Access: read-only
OBJECT-GROUP

cafSessionMethodInfoGroup		1.3.6.1.4.1.9.9.656.2.2.9
A collection of objects that provides information about authentication methods associate with Authentication Framework 's authentication sessions in the system.
Status: current	Access: read-only
OBJECT-GROUP

cafSecViolationNotifEnableGroup		1.3.6.1.4.1.9.9.656.2.2.10
A collection of objects that provides control over security violation notification for Authentication Framework in the system.
Status: current	Access: read-only
OBJECT-GROUP

cafSecurityViolationNotifGroup		1.3.6.1.4.1.9.9.656.2.2.11
A collection of notification providing information about port's security violation in Authentication Framework.
Status: current	Access: read-only
NOTIFICATION-GROUP

cafSecurityViolationClientGroup		1.3.6.1.4.1.9.9.656.2.2.12
A collection of objects providing MAC address of the offending client in the security violation notification.
Status: current	Access: read-only
OBJECT-GROUP

cafSessionVlanGroupNameGroup		1.3.6.1.4.1.9.9.656.2.2.13
A collection of objects providing VLAN group information of authenticated session in Authentication Framework.
Status: current	Access: read-only
OBJECT-GROUP

cafMacMoveConfigGroup		1.3.6.1.4.1.9.9.656.2.2.14
A collection of objects providing MAC move cofiguration information for Authentication Framework on the device.
Status: current	Access: read-only
OBJECT-GROUP

cafCoACommandConfigGroup		1.3.6.1.4.1.9.9.656.2.2.15
A collection of objects providing configuration information for the device's behaviour on CoA commands.
Status: current	Access: read-only
OBJECT-GROUP

cafAuthFailNotifGroup		1.3.6.1.4.1.9.9.656.2.2.16
A collection of notification providing information about port's authentication failure in Authentication Framework.
Status: current	Access: read-only
NOTIFICATION-GROUP

cafAuthFailNotifEnableGroup		1.3.6.1.4.1.9.9.656.2.2.17
A collection of objects that provides control over authentication failure notification for Authentication Framework in the system.
Status: current	Access: read-only
OBJECT-GROUP

cafAuthFailClientGroup		1.3.6.1.4.1.9.9.656.2.2.18
A collection of objects providing MAC address of the failed client in the authentication failure notification.
Status: current	Access: read-only
OBJECT-GROUP