CpaeAuthState |
|
The Authenticator PAE state machine value.
other :None of the following states.
initialize :The PAE state machine is being initialized.
disconnected :An explicit logoff request is received from
the Supplicant, or the number of permissible
reauthentication attempts has been exceeded.
connecting :Attempting to establish a communication
with a Supplicant.
authenticating:A Supplicant is being authenticated.
authenticated :The Authenticator has successfully
authenticated the Supplicant.
aborting :The authentication process is
prematurely aborted due to receipt of
a reauthentication request, or an
EAPOL-Start frame, or an EAPOL-Logoff
frame, or an authTimeout.
held :The state machine ignores and discards all
EAPOL packets, so as to discourage brute
force attacks. This state is entered from
the 'authenticating' state following an
authentication failure. At the expiration
of the quietWhile timer, the state machine
transitions to the 'connecting' state.
forceAuth :The port is set to Authorized, and a canned
EAP Success packet is sent to the Supplicant.
forceUnauth :The port is set to Unauthorized, and a
canned EAP Failure packet is sent to the
Supplicant. If EAP-Start messages
are received from the Supplicant, the
state is re-entered and further EAP Failure
messages are sent.
guestVlan :The port has been moved to a configured
Guest VLAN.
authFailVlan :The port has been moved to a configured
Authentication Failed VLAN.
criticalAuth :The port has been authorized by Critical
Authentication because RADIUS server is
not reachable, or does not response.
ipAwaiting :The port is waiting for an IP address from
DHCP server.
policyConfig :This state is entered from 'ipAwaiting'
state if an IP address is received and
the corresponding policies are being
installed.
authFinished :The port is set to Authorized by MAC
Authentication Bypass feature.
restart :The PAE state machine has been restarted.
authFallback :Fallback mechanism is applied to the
authentication process.
authCResult :Authentication completed and the validity
of the authorization features is checked.
authZSuccess :Authorization policies based on the
authentication result are applied. If the
policies are applied successfully then the
port is authorized otherwise unauthorized. |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
other(1), initialize(2), disconnected(3), connecting(4), authenticating(5), authenticated(6), aborting(7), held(8), forceAuth(9), forceUnauth(10), guestVlan(11), authFailVlan(12), criticalAuth(13), ipAwaiting(14), policyConfig(15), authFinished(16), restart(17), authFallback(18), authCResult(19), authZSuccess(20) |
|
CpaePortEntry |
|
SEQUENCE |
|
|
|
|
cpaeMultipleHost |
TruthValue |
|
|
cpaePortMode |
INTEGER |
|
|
cpaeGuestVlanNumber |
VlanIndex |
|
|
cpaeInGuestVlan |
TruthValue |
|
|
cpaeShutdownTimeoutEnabled |
TruthValue |
|
|
cpaePortAuthFailVlan |
VlanIndex |
|
|
cpaePortOperVlan |
VlanIndex |
|
|
cpaePortOperVlanType |
INTEGER |
|
|
cpaeAuthFailVlanMaxAttempts |
Unsigned32 |
|
|
cpaePortCapabilitiesEnabled |
BITS |
|
CpaeUserGroupEntry |
|
SEQUENCE |
|
|
|
|
cpaeUserGroupName |
SnmpAdminString |
|
|
cpaeUserGroupUserIndex |
Unsigned32 |
|
|
cpaeUserGroupUserName |
SnmpAdminString |
|
|
cpaeUserGroupUserAddrType |
InetAddressType |
|
|
cpaeUserGroupUserAddr |
InetAddress |
|
|
cpaeUserGroupUserInterface |
InterfaceIndex |
|
|
cpaeUserGroupUserVlan |
VlanIndex |
|
CpaeMacAuthBypassPortEntry |
|
SEQUENCE |
|
|
|
|
cpaeMacAuthBypassPortEnabled |
TruthValue |
|
|
cpaeMacAuthBypassPortInitialize |
TruthValue |
|
|
cpaeMacAuthBypassPortReAuth |
TruthValue |
|
|
cpaeMacAuthBypassPortMacAddress |
MacAddress |
|
|
cpaeMacAuthBypassPortAuthState |
INTEGER |
|
|
cpaeMacAuthBypassPortTermAction |
INTEGER |
|
|
cpaeMacAuthBypassSessionTimeLeft |
Unsigned32 |
|
|
cpaeMacAuthBypassPortAuthMethod |
INTEGER |
|
|
cpaeMacAuthBypassPortSessionId |
SnmpAdminString |
|
|
cpaeMacAuthBypassPortUrlRedirect |
SnmpAdminString |
|
|
cpaeMacAuthBypassPortPostureTok |
CnnEouPostureTokenString |
|
CpaeWebAuthPortEntry |
|
SEQUENCE |
|
|
|
|
cpaeWebAuthPortEnabled |
TruthValue |
|
|
cpaeWebAuthPortInitialize |
TruthValue |
|
|
cpaeWebAuthPortAaaFailPolicy |
CpgPolicyNameOrEmpty |
|
|
cpaeWebAuthPortIpDevTrackEnabled |
TruthValue |
|
CpaeWebAuthHostEntry |
|
SEQUENCE |
|
|
|
|
cpaeWebAuthHostAddrType |
InetAddressType |
|
|
cpaeWebAuthHostAddress |
InetAddress |
|
|
cpaeWebAuthAaaSessionPeriod |
Unsigned32 |
|
|
cpaeWebAuthHostSessionTimeLeft |
Unsigned32 |
|
|
cpaeWebAuthHostState |
INTEGER |
|
|
cpaeWebAuthHostInitialize |
TruthValue |
|
CpaeAuthConfigEntry |
|
SEQUENCE |
|
|
|
|
cpaeAuthReAuthPeriodSrcAdmin |
ReAuthPeriodSource |
|
|
cpaeAuthReAuthPeriodSrcOper |
ReAuthPeriodSource |
|
|
cpaeAuthReAuthPeriodOper |
Unsigned32 |
|
|
cpaeAuthTimeToNextReAuth |
Unsigned32 |
|
|
cpaeAuthReAuthAction |
INTEGER |
|
|
cpaeAuthReAuthMax |
Unsigned32 |
|
|
cpaeAuthIabEnabled |
TruthValue |
|
|
cpaeAuthPaeState |
CpaeAuthState |
|
CpaeSuppPortEntry |
|
SEQUENCE |
|
|
|
|
cpaeSuppPortCredentialProfileName |
SnmpAdminString |
|
|
cpaeSuppPortEapProfileName |
SnmpAdminString |
|
CpaeSuppHostInfoEntry |
|
SEQUENCE |
|
|
|
|
cpaeSuppHostInfoSuppIndex |
Unsigned32 |
|
|
cpaeSuppHostAuthMacAddress |
MacAddress |
|
|
cpaeSuppHostPaeState |
INTEGER |
|
|
cpaeSuppHostBackendState |
INTEGER |
|
|
cpaeSuppHostStatus |
PaeControlledPortStatus |
|
cpaePortEntry |
1.3.6.1.4.1.9.9.220.1.1.1 |
An entry containing additional management information
applicable to a particular PAE port. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CpaePortEntry |
|
|
cpaeUserGroupEntry |
1.3.6.1.4.1.9.9.220.1.5.1 |
Information about an 802.1x authenticated user on the
devices. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CpaeUserGroupEntry |
|
|
cpaeAuthFailUserEntry |
1.3.6.1.4.1.9.9.220.1.6.1 |
An entry appears in this table for each PAE port on
the system which is assigned to Vlan of type
'authFail' via IEEE-802.1x authentication. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CpaeAuthFailUserEntry |
|
|
cpaeMacAuthBypassPortEntry |
1.3.6.1.4.1.9.9.220.1.8.6.1 |
An entry containing management information for
MAC Auth-Bypass feature on a port. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CpaeMacAuthBypassPortEntry |
|
|
cpaeMacAuthBypassPortAuthState |
1.3.6.1.4.1.9.9.220.1.8.6.1.5 |
Indicates the current state of the MAC Auth-Bypass
state machine.
other(1) : An unknown state.
waiting(2) : Waiting to receive the MAC address
that needs to be authenticated.
authenticating(3): In authentication process.
authenticated(4) : MAC address of the device connecting
to the port is authenticated.
fail(5) : MAC Auth-bypass authentication
failed. Port waits for a period of
time before moving to the 'waiting'
state, if there is no other
authentication features available
in the system.
finished(6) : MAC Auth-bypass authentication
failed. Port is authenticated by
another authentication feature.
aaaFail(7) : AAA server is not reachable after
sending the authentication request
or after the expiration of
re-authentication timeout, with IAB
(Inaccessible Authentication Bypass)
enabled on the port.
ipAwaiting(8) : Corresponding QoS/Security ACLs and other
Vendor Specific Attributes are being
configured on the port, after which IP
address will be obtained via DHCP snooping
or ARP inspection.
policyConfig(9) : Policy Groups or downloaded ACLs are being
configured on the port. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
INTEGER |
other(1), waiting(2), authenticating(3), authenticated(4), fail(5), finished(6), aaaFail(7), ipAwaiting(8), policyConfig(9) |
|
cpaeMacAuthBypassPortPostureTok |
1.3.6.1.4.1.9.9.220.1.8.6.1.11 |
Indicates the Posture Token assigned to the MAC
Auth-Bypass host connected to this port. A zero length string
will be returned for this object if value of the corresponding
instance of cpaeMacAuthBypassPortEnabled is 'false'. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
CnnEouPostureTokenString |
Size(0..255) |
|
cpaeMabPortIpDevTrackConfEntry |
1.3.6.1.4.1.9.9.220.1.8.9.1 |
An entry of MAC Auth-Bypass configuration for IP Device
Tracking on an MAC Auth-Bypass capable interface. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CpaeMabPortIpDevTrackConfEntry |
|
|
cpaeWebAuthLoginPage |
1.3.6.1.4.1.9.9.220.1.9.3 |
Specifies the customized login page for Web Proxy
Authentication, in the format of an URL.
A customized login page is required to support the same
input fields as the default login page for users to
input credentials.
If this object contains a zero length string, the
default login page will be used. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
CiscoURLString |
|
|
cpaeWebAuthLoginFailedPage |
1.3.6.1.4.1.9.9.220.1.9.4 |
Specifies the customized login-failed page for Web
Proxy Authentication, in the format of an URL.
Login-failed page is sent back to the client upon an
authentication failure. A login-failed page requires to
have all the input fields of the login page, in
addition to the authentication failure information.
If this object contains a zero length string, the
default login-failed page will be used. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
CiscoURLString |
|
|
cpaeWebAuthPortEntry |
1.3.6.1.4.1.9.9.220.1.9.7.1 |
An entry containing management information for Web
Proxy Authentication feature on a port. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CpaeWebAuthPortEntry |
|
|
cpaeWebAuthHostEntry |
1.3.6.1.4.1.9.9.220.1.9.8.1 |
An entry containing management information for Web
Proxy Authentication feature on a host. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CpaeWebAuthHostEntry |
|
|
cpaeWebAuthHostState |
1.3.6.1.4.1.9.9.220.1.9.8.1.5 |
Indicates the current state of the Web Proxy
Authentication state machine.
initialize : Initial state of the Web Proxy
Authentication state machine.
connecting : Login page is sent to the client,
waiting for response from the client.
authenticating: Credentials are extracted from client's
response and authenticating with the
AAA server.
authenticated : Web Proxy Authentication succeeded.
Session timer is started, policies are
applied, and success page is sent back
to client.
authFailed : Web Proxy Authentication failed. Login
page is resent with authentication
failure information embedded, if retry
count has not exceeded the maximum
number of retry attempts. Otherwise,
move to 'blackListed' state.
parseError : Failed to extract user's credentials
from the client's response.
sessionTimeout: Session timer expired, user's policies
are removed, state machine will moves
to 'initialize' state after that.
blackListed : Web Proxy Authentication retry count
has exceeded the maximum number of
retry attempts. Only setting the state
machine to 'initialize' will take it
out of this state.
aaaFail : AAA server is not reachable after
sending the authentication request, or
after host has been in 'blackListed'
state for the period of time specified
by cpaeWebAuthQuietPeriod, with IAB
(Inaccessible Authentication Bypass)
enabled on the corresponding port
connected to the host. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
INTEGER |
initialize(1), connecting(2), authenticating(3), authenticated(4), authFailed(5), parseError(6), sessionTimeout(7), blackListed(8), aaaFail(9) |
|
cpaeAuthConfigEntry |
1.3.6.1.4.1.9.9.220.1.10.1 |
An entry containing additional management information
applicable to a particular Authenticator PAE. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CpaeAuthConfigEntry |
|
|
cpaeHostInfoEntry |
1.3.6.1.4.1.9.9.220.1.11.1 |
An entry appears in the table for each 802.1x capable
host connecting to an PAE port, providing its
authentication information. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CpaeHostInfoEntry |
|
|
cpaeHostInfoPostureToken |
1.3.6.1.4.1.9.9.220.1.11.1.3 |
Indicates the posture token assigned to the host.
This object has been obsoleted and replaced by
cpaeHostPostureTokenStr. |
Status: obsolete |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
CnnEouPostureToken |
|
|
cpaeHostPostureTokenStr |
1.3.6.1.4.1.9.9.220.1.11.1.7 |
Indicates the posture token assigned to the host. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
CnnEouPostureTokenString |
|
|
cpaePortEapolTestEntry |
1.3.6.1.4.1.9.9.220.1.13.1 |
An entry containing EAPOL capable information for
hosts connecting to a PAE port. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CpaePortEapolTestEntry |
|
|
cpaePortIpDevTrackConfigEntry |
1.3.6.1.4.1.9.9.220.1.15.1 |
An entry of IP Device Tracking configuration on a
PAE port. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CpaePortIpDevTrackConfigEntry |
|
|
cpaeSuppPortEntry |
1.3.6.1.4.1.9.9.220.1.19.1.1 |
An entry containing supplicant configuration information for a
particular PAE port. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CpaeSuppPortEntry |
|
|
cpaeSuppHostInfoEntry |
1.3.6.1.4.1.9.9.220.1.19.2.1 |
An entry containing dot1x supplicant information for a
supplicant on a particular PAE port in the system. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CpaeSuppHostInfoEntry |
|
|
cpaePortEntryGroup |
1.3.6.1.4.1.9.9.220.2.2.2 |
A collection of objects that provides the port-mode
configuration for a PAE port. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
cpaeHostPostureTokenGroup |
1.3.6.1.4.1.9.9.220.2.2.34 |
A collection of object(s) that provides information
about Posture Token of an host connecting to a PAE port. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|