mirror of
https://github.com/librenms/librenms.git
synced 2024-09-21 18:38:25 +00:00
aa25b2b47a
* RouterOS wireless sensors update (#9401)
* bug-fix and new features
Fixed incorrect OID for rate, renamed rate to TX-Rate as per update from mikrotik.
Added support for link distance
* Fixed indent issue
* Added support for using Transport name in templates (#9411)
* Added ability to sort alert schedules by status (#9257)
Signed-off-by: Rémy Jacquin <remy@remyj.fr>
* Converted Polling From Ports to New Module (cisco-nac)
* Converted Polling From Ports to New Module (cisco-nac)
* Fixed alert util (#9428)
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.
* Fixed AlertUtil - again (#9429)
* Update BEGEMOT-HAST-MIB (#9427)
FIX:
Due to a missing import and the uppercase after some SYNTAX this mib is not bein compiled correctly everywhere.
For example the one from Horizon OpenNMS fails with some errors
ERROR: Cannot find symbol UNSIGNED32, Source: BEGEMOT-HAST-MIB.txt, Row: 321, Col: 17
The proposed change prevent the errors.
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.
* Fixing Travis CI and Code Climate Issues
* Fixing Travis CI and Code Climate Issues
* Fixing Travis CI and Code Climate More Issues
* Fixing Travis CI and Code Climate More Issues
* Fixes delta calculation for bgpPeers_cbgp metrics (#9431)
The values in the $peer['c_update'][$oid] array are set only if they have
changed. If the value has not changed, then zero is substituted for real
values, which leads to incorrect calculation of delta values and records
in the database:
SELECT AcceptedPrefixes,AcceptedPrefixes_prev,AcceptedPrefixes_delta
FROM bgpPeers_cbgp
WHERE device_id=115;
| AcceptedPrefixes | AcceptedPrefixes_prev | AcceptedPrefixes_delta |
|------------------|-----------------------|------------------------|
| 21 | 21 | -21 |
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.
* Improve Junos state sensor discovery (#9426)
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [X] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.
Tested on MX and EX series, works fine.
Skip slots that are empty and pull all sensors in jnxFruTable, data from old code is preserved.
* Added alerts schedule notes into device notes (#9258)
* Add alerts schedule notes into device notes
Signed-off-by: Rémy Jacquin <remy@remyj.fr>
* Update preferences.inc.php
* Show port description and dns name in FDB table (#9370)
- Added Port Description field to FDB Table
- Added DNS Name field to FDB Table
- Fixed sorting by port in FDB Table
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.
* Update draytek.inc.php (#9432)
* Removed unnecessary model checks in HiveOS Wireless (#9409)
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.
* Added format field to Telegram Messages (#9404)
* Add format field to Telegram Messages
Added Telegram field to send formatted messages as Mardown or HTML
* Update Telegram.php
* Correct Mistypo.
* Correct mistypo
* Correct Mistypo
* Correct mistypo
* Update Transports.md
* Add Format field on Telegram Examples
* Change Telegram Format field to type select
* Add "blank" option to Format field
* Update Telegram.php
* Update Telegram.php
* Update Telegram.php
* Disable page refresh on health sensors pages, autorefresh most tables (#9386)
* Disable page refresh on health sensors pages
Refresh all bootgrid tables every 5 minutes
* Update legacy_index.php
* Update librenmsv1.blade.php
* Style cleanup in hiveos file (#9440)
Fix code style check for https://github.com/librenms/librenms/pull/9438
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.
* Ensure the checks for ASA context devices are strict (#9441)
* Show visually in webui + cli when using deprecated templates or transports (#9413)
* Show visually in webui + cli when using deprecated templates or transports
* Fixed query
* Added Bing geocode lookup support (#9434)
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.
* Added ScreenOS Syslog Hook (#9438)
* Add ScreenOS Syslog Hook
Adds Syslog Hook for ScreenOS
https://community.librenms.org/t/juniper-screenos-syslog-hook/6146
* Update Syslog.md
* Update syslog-notify-oxidized.php
* Discovery YAML. Do not implicitly append $index (#9315)
Require it explicitly. Makes it easier to understand and matches the style of other values
Questionable YAML changes (either broken before or now broken):
secureplatform: haStatCode
ptp600: receiveModulationMode
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.
* Update Syslog.md (#9443)
Fixed the screenOS output added in #9438 which was confusing mkdocs output. Refer to the docs currently https://docs.librenms.org/Extensions/Syslog/ - It's all mashed up at the bottom
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.
* Fix ping.php poller groups setting
confusion between dispatch(new PingCheck($groups)) and PingCheck::dispatch($groups)
* Replaced Other to Disabled on Metod Column
* Replaced Other to Disabled on Metod Column
* Removed Extra Character < on Authz Icon
* Removed Extra Character < on Authz Icon
* Created sql-schema (261)
* Created sql-schema (261)
* Update docs for virtual images (#9456)
* Added Traffic to the Windows OS overlib graph (#9445)
WebUI: added Traffic to the Windows OS overlib graph
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [X] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.
* Update World-Map.md to include pros/cons (#9442)
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [ ] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.
* Added allow ipv6 address localhost nginx-status docs (#9458)
Following the modification of the SNMP Nginx agent (e0dcd4a064
), linux distributions make requests in IPV6, so you must allow ::1
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.
* Fixed altering transport mapping in rules clearing all mappings (#9455)
* Change unpolled devices toast to be based on rrd step (#9391)
* Change unpolled devices toast to be based on rrd step
* Update message
Change it back to 3x
* Added resources/links and devices/hostname/links API calls for xDP (#9444)
* api: Add list_links and get_link api calls
Signed-off-by: Misha Komarovskiy <zombah@gmail.com>
* api: Add get_links api call
Signed-off-by: Misha Komarovskiy <zombah@gmail.com>
* Update detection for Allied and Radlan OS (#9454)
"1.3.6.1.4.1.207.1.4.128" is currently reporting as allied, when it should be reporting as radlan.
Refer to https://community.librenms.org/t/allied-telesis-discovery/6189/8
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.
* Updated HiveOS wireless detection (#9459)
* Added ability to record traceroutes for devices down due to ICMP (#9457)
* Added ability to record traceroutes for devices down due to ICMP
* Update Templates.md
* Updated schema
* Update dev-overview-data.inc.php
* Filter email options based on backend in Alert settings (#9461)
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.
* Update Configuration.md
* Updated detection for AKCP devices (#9460)
* Updated support for Avocent devices (#9462)
* Updated support for Avocent devices
* Add ACS8048 hardware to json
* Update avocent.inc.php
* Update avocent_8000.json
* Syslog name translation (#9463)
* Check to see if a host exists in a lookup table to translate received name to what LibreNMS knows
* Added some documentation on how this is configured
* Use \LibreNMS\Config instead of accessing $config directly
* Fix codeclimate finding: Additional blank lines after USE statement
* murrant suggested a much cleaner way of doing this!
* fix snmp engine time (#9470)
* Added more sensors for IRD (PBI Digital Decoder) (#9339)
* added over bitrate graph
* added bitrate
* added more state sensors
* Update ird.snmprec
* Update ird.json
* Update Ird.php
* Update Ird.php
* Update Ird.php
* Update ird.json
* Updated json test data
* Update ird.snmprec
* Updated json data
* fix test value
* fix num_oid
* Add new sysDescr string for AlliedWare Plus products. (#9430)
* Add new sysDescr string for AlliedWare Plus products.
Release 5.4.8-2.1 of AlliedWare Plus will change the format of the
sysDescr string. This patch updates Allied Telesis yaml files to work with
this change.
Signed-off-by: Luuk Paulussen <luuk.paulussen@alliedtelesis.co.nz>
* save-test-data.php: Use correct variable for 'os' argument.
Signed-off-by: Luuk Paulussen <luuk.paulussen@alliedtelesis.co.nz>
* Create awplus_5.4.8-2.json
* Update awplus_5.4.8-2.json
* add a tool for working with JSON apps (#9084)
* add initial work on script for working with json apps
* finish the code portion
* -h now done
* rename it to be slightly more accurate
* make hash key strings
* exit if -a is not present
* now exit after checking the file if -s or -t is given
* now properly add the applications key
* snmp_max_oid per Os support and snmpv1 multi_oid fix (#9343)
* Added snmp_max_oid config at Os level.
* Added check for snmpv1 on multi_oid requests.
* Check device_oid_limit on multi get
* Use array_chunk
* Update snmp.inc.php
* remove dump, unused variable and extra plodes
* per device settings should take priority over OS
* Update Settings.md
* don't discard the data :P
* fixing option to let user pick saved test data filename, exit if ther… (#9242)
* fixing option to let user pick saved test data filename, exit if there are many os/variant combination for a single output filename
* fixing style issues
* Update save-test-data.php
* Update save-test-data.php
* Add support for Firebrick Hardware (#9403)
* Added support for Firebrick devices
* Added support for Firebrick devices
* Update firebrick.inc.php
* Update firebrick.inc.php
* Update firebrick.svg
* Update firebrick.svg
* Added SNMP Check
* Added SVG View Box
* Display XML in config tab
* Update firebrick.svg
* Update firebrick.yaml
* Update showconfig.inc.php
* Create firebrick.json
* Check sysDescr for JunOS version. (#9247)
* Cisco: change notKnown status to unknown and not warning (#9222)
* Cisco: change notKnown status to unknown and not warning
* Update cisco.inc.php
* Improve the Logical Checking if Data Exist on DB
* Improve the Logical Checking if Data Exist on DB
* Update SQL-Schema File Name
* Update SQL-Schema File Name
* add app for getting status of TCP connections for specified services (#8090)
* add the poller for portactivity
* add the ability to get monitor ports for portactivity
* add the graphs for displaying stuff for the portactivity app
* add the portactivity app page
* update the docs for Portactivity
* remove extra line
* minor doc update for Portactivity
* add update_application line
* convert to use json_app_get
* convert curly brackets to square
* style fix
* remote error, errorString, and version after they stop being important so they are not processed
* add alert rule examples
* add the poller for portactivity
* add the ability to get monitor ports for portactivity
* add the graphs for displaying stuff for the portactivity app
* add the portactivity app page
* update the docs for Portactivity
* remove extra line
* minor doc update for Portactivity
* add update_application line
* convert to use json_app_get
* convert curly brackets to square
* style fix
* remote error, errorString, and version after they stop being important so they are not processed
* add alert rule examples
* remove dump of get_portactivity_ports function added during rebase
* update to the current json_app_get
* add portactivity snmprec
* add the portactivity test data
* whoops bad merge when rebasing... fix
* minor formatting cleanup and add a missing comma
* fix some odditities with what one of the tests is doing
* whoops... include the use for the exception
* set the response to okay
* attempt to make snmpsim array check happy again
* the json now lints
* more making metric testing happy
* one more update to make travis-ci happy
* now flattens arrays also add array_flatten
* rename array_flatten to data_flatten as pre-commit chokes on it as laravel has something similarly named
* go through and properly add all the metrics
* tested with the newest one and it works
* whoops, clean up json and remove prototype that was used when putting it together
* doh! make it happy with laravel now
* see if a minor changing in formatting for the numbers makes the polling unit test happy
* order them properly
* remove a comma
* a few more minor fixes
* Replace dbFetchRows to dbFetchRow on Some Exist Checks
* Replace dbFetchRows to dbFetchRow on Some Exist Checks
* Fix Some Code Climate Issues
* Fix Some Code Climate Issues
* Fixed More Code Climate Issues
* Fixed More Code Climate Issues
* Fix do not include template text in HTML page (#9476)
* Fixed $speed lenght in port parser when > 32 characters (#9479)
* Fix global read check for demo account (#9482)
* Improve documentation for service plugins (#9414)
* Begin adding preinstalled plugin documentation.
Also add information about how the titles of the plugins are displayed and detected.
Make page visible on the websites Table of Contents.
* Add note about plugin loading based on file name.
* Added all monitoring-plugins URLs.
* Format URLs on the service plugin docs list.
* Correct a URL on the plugins list.
* Removed leftover text from plugin list docs.
* Add pkg-nagios-plugins-contrib plugins to docs.
* Add DSA pkg-nagios-plugins-contrib plugins to docs
* Added a few missing lines of pkg-nagios-plugins-contrib text.
* Remove links plugins we dont have URL for.
Add a few more pkg-nagios-plugins-contrib ones.
* Remove list. Point to the main sources directly.
* order by sensor_descr aswell (#9478)
Sort sensors by sensor_descr
* Fix os additional information for some that were broke (#9466)
* Fix os additional information for several OS.
$poll_device is not available, use $device
* fix draytek test data
* Fixed Procera ports ifIndex and ports added by the poller (#9384)
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.
* Change group owner for php/session for CentOS 7 nginx install (#9393)
By default on CentOS 7, /var/lib/php/session is root:root.
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.
* Refactored and update Location Geocoding (#9359)
- Fix location so it is a regular database relation (this allows multiple devices to be accurately linked to one location and saves api calls)
- Parse coordinates from the location more consistently
- Add settings to webui
- ~~Used [PHP Geocoder](http://geocoder-php.org/), which has lots of backends and is well tested. (also includes reverse and geoip)~~
- Google Maps, Bing, Mapquest, and OpenStreetMap supported initially.
- Default to OpenStreetMap, which doesn't require a key. They will liberally hand out bans if you exceed 1 query per second though.
- All other Geocoding APIs require an API key. (Google requires a credit card on file, but seems to be the most accurate)
- Update all (I think) sql queries to handle the new structure
- Remove final vestiges of override_sysLocation as a device attribute
- Update existing device groups and rules in DB
- Tested all APIs with good/bad location, no/bad/good key, and no connection.
- Cannot fix advanced queries that use location
This blocks #8868
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.
* Added Aprisa support (#9435)
* Created 4RF Aprisa XE support
* Made requesed change by @laf
* cleanup
* Fix sensor index and add test data
* Added support for Waystream products (#9481)
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [X ] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.
This has been running in two production networks for > 3 months without any issues.
* Marathon detection
* support for Marathon based UPSs
* added Marathon Power logo
* testing marathon ups
* Fix for #9485 (#9486)
* Fix for #9485
* Update ajax_search.php
* Testing Maraton ups device type
* Fix issues cause by new location and other misc (#9490)
* Fix issues cause by new location and other misc
fix some queries so we return devices with null locations
remove unnecessary query of all ports on ports page lists
make locations menu available to non-admins for the legacy menu
fix a few issues with the old network-map
* fix graphs
* fix oxidized query
* added rfc1628 compat and removed discovery file
* small changes to verbiage
* Changes to display
* Fixed test on over section
* Removed Current graph. Not available from this device.
* Locations UI and editing (#9480)
* Better handling of errors
Mapquest seems to return the center of the US on error.......
* Editable locations WIP
* Change to bootgrid ajax table WIP
* Graphs working, using handlebars
update js libs
add current location button
* remove sql query, change icon
* Add the map to the device view, only when gps is expanded.
Allow edit on device page, share js code
* fix chevron rotation, improve click area
* extra warning
* fix overview layout (remove containers)
* fix style
* fix html divs, change collapse ui a bit
move css, update css/js versions
* start zoomed out on new locations
* don't double load scripts, zoom to 17
* fix php-md errors, remove unused use statement
* improve non-admin experience
* Move locations page to Laravel
More functions in Url and Html util classes
reduce code duplication
* translation buttons too
* fix whitespace
* move formatters to the frontend
* small changes
* disable traffic for locations with no devices
* change down 0 to green from gray
* missing "
* Fix paginate all
* working fix for paginate all
* allow sort by counts
* fix down sort
* a little safety
* Don't call the function twice
* btn-xs
* Added json test data
* Fix locations page search (#9501)
* Add bing layer to leaflet (#9497)
Also, polyfill for IE used by both bing and google maps
* Change locations default sort order (#9502)
* changed variable name to resolve issue with Gitlab transport
* removed else to satisfy codeclimate checks
* changed tabs to spaces
* added CISCO-NAC-TC-MIB
* added CISCO-NAC-TC-MIB
* Added changelog for 1.46 release (#9510)
* Add additional composite index to speed up display of pages where a device has a lot of syslogs. In our environment, this took page loads for some devices from over 60 seconds to nearly instant
* Forgot to add db_schema.yaml in previous commit
* Update cucs mib to fix warnings (#9517)
* Added HPE Comware temperature limit (#9518)
Changed the Temperature High threshold for a HPE Comware Switch to the values provided by snmp.
This means the actual threshold configured in the switch is used over any predefined/auto calculated thresholds by LibreNMS.
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.
* Added Comtrol device detection (#9491)
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.
* Fixed integers fields in alert rules to be string (#9496)
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.
* Focus and select location on override (#9503)
* Focus and select location on override
* Submit location on enter key
* SAF CFM wireless device support (#9450)
* Added support for SAF CFM L4 wireless device
* Added copyright statement according to LibreNMS documentation
* Added snmp test data and excluded some discover modules from os definition
* Style issue fixed
* More descriptive function
* MIB file rename
* Rename MIB file and change other files accordingly
* Added test data
* Removed debug statement
* Last checks
* Style changes
* Style changes
* Style changes
* Style changes
* Code restructure to make it more readable
* Fixed error in foreach
* Style issues
* Formatting of states within Yaml changed to make it more readable
* Omit default arguments
* Better code and modules only in CFM-M4P-MUX
* Chaged cfml4 to cfm
* Update Sensor.php
* Update Sensor.php
* Better handling of scientific numbers
* Better handling of scientific numbers
* New test data
* Correction on handling trailing zeros
* Different way of cleaning the numbers based on Tony's input
* Audiocodes initial support (#9508)
* Create audiocodes family with very basic sensors
* audiocode polling php and test files
* audiocode polling php and test files
* audiocode test files
* audiocode cleaning
* tests with selective polling disabled
* GitHub test script updates (#9507)
* GitHub test script updates
add --reject to apply so it will skip binary files since GitHub does not create diffs for them correctly
Add new directories to the removal cleanup. Remove non-existant ones.
* Cleaner way to apply skip png files explicitly.
That way patches are still atomic.
* [UI] Fix last column of table (#9506)
* [UI] Fix last column of table
* move td outside of if and remove else
* Add Device Dragonwave Harmony Enhanced (#9499)
* Add Dragonwave Harmony Enhanced MC Device
* Remove single quote from null and 10 divisor
* Update and rename HarmonyEnhancedMc.php to HarmonyEnhanced.php
* Rename harmony-enhanced-mc.yaml to harmony-enhanced.yaml
* Update and rename harmony-enhanced-mc.yaml to harmony-enhanced.yaml
* Rename harmony-enhanced-mc.inc.php to harmony-enhanced.inc.php
* Rename harmony-enhanced-mc.snmprec to harmony-enhanced.snmprec
* Update HarmonyEnhanced.php
* Update HarmonyEnhanced.php
* Update HarmonyEnhanced.php
* Update HarmonyEnhanced.php
* More Code Climate Fixes
* Create harmony-enhanced.json
* Dynamic_discovery_get_value in can_skip_sensor to use all oids in skip_values (#9495)
* Use of dynamic_discovery_get_value in can_skip_sensor in order to use all available oids in skip_values
* Use LibreNMS\Device\YamlDiscovery code instead of keeping duplicated function can_skip_sensor
* Fix Travis errors
* Device management fall back to http if https isn't available.
Adds a slight delay on management clicking, may be blocked by popup blocker...
* Updated harmony OS poller to use multi get (#9525)
* docs: fix images doc (#9527)
There is no capital I in the password...
* fix error when location is missing from the DB (#9523)
* get geolocation at first poll (#9522)
* get geolocation at first poll
based on the logic of code, we will have to wait 2 days from adding new device for lat and lng to be updated
* Update Location.php
* Update Location.php
* Fixed Typo in YamlDiscovery.php (#9530)
Hi,
As far as I understand the code, it seems that array_reduce should be array_replace in this line, isn't it ?
PipoCanaja
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [X] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.
* Fixed alert log showing only green instead of all by default (#9529)
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.
By default, when you access Alert History it was showing only OK (Green) ones instead of all. You had to hit filter to show them.
* Fixed customers page (#9521)
move customers table backend to Laravel
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.
* Added detection if this is a git based install or not. (#9379)
Not sure about the warning or text.
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.
* Change snmp-scan heading (#9492)
* Fixed plugins using d_echo (#9498)
Move d_echo to helpers.php and include in autoload
Don't remove from common.php yet to be extra safe.
* Use Eloquent for DB access
Move print-nac into nac.inc.php
Rename module to generic nac, If implemented for other OS later this can be extended but the name should be the same
Add items required for testing
* Use Eloquent for DB access
Move print-nac into nac.inc.php
Rename module to generic nac, If implemented for other OS later this can be extended but the name should be the same
Add items required for testing
* test github
* test github
* test git
* test git
* Added Network Access Control polling and store on DB
* Added Network Access Control polling and store on DB
* Added NAC tab on device page
* Added NAC tab on device page
* Added NAC tab page on device main page
* Added NAC tab page on device main page
* Fixed Auth ID data parsing
* Fixed Auth ID data parsing
* Filter Device ID on NAC Tab page
* Filter Device ID on NAC Tab page
* Converted IP Address form HEX to DEC format
* Converted IP Address form HEX to DEC format
* Formated grid on NAC print page
* Formated grid on NAC print page
* Added AuthC status
* Added AuthC status
* removed useless lines
* removed useless lines
* Fix some typos
* Fix some typos
* Fix Code Climate Issues
* Fix Code Climate Issues
* Fixed more Code Climate Issues
* Fixed more Code Climate Issues
* Fixed more Code Climate Issues
* Fixed more Code Climate Issues
* converted dbQuery() to dbUpdate()
* converted dbQuery() to dbUpdate()
* Fixed more Code Climate Issues
* Fixed more Code Climate Issues
* Removed Hex to Dec test codes
* Removed Hex to Dec test codes
* removed unused classes
* removed unused classes
* Change my own IP Hex to Dec conversion to IP::fromHexString Class
* Change my own IP Hex to Dec conversion to IP::fromHexString Class
* CLA Signature
* CLA Signature
* Merge all dbUpdate on only one call
* Merge all dbUpdate on only one call
* Replaced Table to Bootgrid
* Replaced Table to Bootgrid
* Converted Polling From Ports to New Module (cisco-nac)
* Converted Polling From Ports to New Module (cisco-nac)
* Fixing Travis CI and Code Climate Issues
* Fixing Travis CI and Code Climate Issues
* Fixing Travis CI and Code Climate More Issues
* Fixing Travis CI and Code Climate More Issues
* Replaced Other to Disabled on Metod Column
* Replaced Other to Disabled on Metod Column
* Removed Extra Character < on Authz Icon
* Removed Extra Character < on Authz Icon
* Improve the Logical Checking if Data Exist on DB
* Improve the Logical Checking if Data Exist on DB
* Replace dbFetchRows to dbFetchRow on Some Exist Checks
* Replace dbFetchRows to dbFetchRow on Some Exist Checks
* Fix Some Code Climate Issues
* Fix Some Code Climate Issues
* Fixed More Code Climate Issues
* Fixed More Code Climate Issues
* added CISCO-NAC-TC-MIB
* added CISCO-NAC-TC-MIB
* Use Eloquent for DB access
Move print-nac into nac.inc.php
Rename module to generic nac, If implemented for other OS later this can be extended but the name should be the same
Add items required for testing
* Use Eloquent for DB access
Move print-nac into nac.inc.php
Rename module to generic nac, If implemented for other OS later this can be extended but the name should be the same
Add items required for testing
* no way to set device attrib and no need...
* no way to set device attrib and no need...
* add db schema
* add db schema
* fix link in device page, links for ports
* fix link in device page, links for ports
* Use ajax for table
* Use ajax for table
* fix tests
* fix tests
* change the columns to find existing entries to port_id and PortAuthSessionDomain
* change the columns to find existing entries to port_id and PortAuthSessionDomain
* Update 274.sql
* Update 274.sql
* Reorder Columns on NAC Page to Better Presentation
* Reorder Columns on NAC Page to Better Presentation
* rename database columns and update schema
* rename database columns and update schema
* add iftype to test data, rename variable
* add iftype to test data, rename variable
* correct types...
* correct types...
* Update 274.sql
* Update 274.sql
* order capture output
* Add model observer for nicer discovery output
* Add copyright to poller module
* Handle multiAuth, multiDomain and normal modes seperatly for determining unique entries.
* Use mac_address as the unique identifier
* update index
* Improve the data variety a bit
* remove accidental schema
2425 lines
78 KiB
Plaintext
2425 lines
78 KiB
Plaintext
-- *********************************************************************
|
|
-- CISCO-AUTH-FRAMEWORK-MIB.my: Authentication Framework configuration
|
|
-- and information MIB
|
|
--
|
|
-- August 2008, Binh Phu Le
|
|
--
|
|
-- Copyright (c) 2008-2009, 2010, 2013 by Cisco Systems Inc.
|
|
--
|
|
-- All rights reserved.
|
|
--
|
|
-- *******************************************************************
|
|
|
|
CISCO-AUTH-FRAMEWORK-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
NOTIFICATION-TYPE,
|
|
Unsigned32,
|
|
Integer32
|
|
FROM SNMPv2-SMI
|
|
MODULE-COMPLIANCE,
|
|
NOTIFICATION-GROUP,
|
|
OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
MacAddress,
|
|
TEXTUAL-CONVENTION,
|
|
TruthValue
|
|
FROM SNMPv2-TC
|
|
SnmpAdminString
|
|
FROM SNMP-FRAMEWORK-MIB
|
|
InetAddress,
|
|
InetAddressType
|
|
FROM INET-ADDRESS-MIB
|
|
ifIndex,
|
|
ifName
|
|
FROM IF-MIB
|
|
VlanIndexOrZero
|
|
FROM CISCO-PRIVATE-VLAN-MIB
|
|
CnnEouPostureTokenString
|
|
FROM CISCO-NAC-TC-MIB
|
|
ciscoMgmt
|
|
FROM CISCO-SMI;
|
|
|
|
|
|
ciscoAuthFrameworkMIB MODULE-IDENTITY
|
|
LAST-UPDATED "201308230000Z"
|
|
ORGANIZATION "Cisco Systems Inc."
|
|
CONTACT-INFO
|
|
"Cisco Systems
|
|
Customer Service
|
|
Postal: 170 W Tasman Drive
|
|
San Jose, CA 95134
|
|
USA
|
|
Tel: +1 800 553 -NETS
|
|
E-mail: cs-ibns@cisco.com,
|
|
cs-lan-switch-snmp@cisco.com"
|
|
DESCRIPTION
|
|
"MIB module for Authentication Framework in the system.
|
|
|
|
Authentication Framework provides generic configurations
|
|
for authentication methods in the system and manage the
|
|
failover sequence of these methods in a flexible manner."
|
|
REVISION "201308230000Z"
|
|
DESCRIPTION
|
|
"Added notification cafAuthFailNotif.
|
|
Added new objects cafAuthFailNotifEnable and
|
|
cafAuthFailClient.
|
|
Added new groups cafAuthFailNotifGroup,
|
|
cafAuthFailNotifEnableGroup and cafAuthFailClientGroup.
|
|
A new compliance ciscoAuthFrameworkMIBCompliance4 is added
|
|
which deprecates ciscoAuthFrameworkMIBCompliance3."
|
|
REVISION "201011170000Z"
|
|
DESCRIPTION
|
|
"Added cafMacMoveConfigGroup and cafCoACommandConfigGroup
|
|
groups."
|
|
REVISION "201004010000Z"
|
|
DESCRIPTION
|
|
"Added value 'replace' to cafPortViolationAction."
|
|
REVISION "200904200000Z"
|
|
DESCRIPTION
|
|
"Added cafSessionVlanGroupNameGroup."
|
|
REVISION "200810240000Z"
|
|
DESCRIPTION
|
|
"Added value 'protect' to cafPortViolationAction."
|
|
REVISION "200808250000Z"
|
|
DESCRIPTION
|
|
"Initial version of this MIB module."
|
|
::= { ciscoMgmt 656 }
|
|
|
|
|
|
ciscoAuthFrameworkMIBNotifs OBJECT IDENTIFIER
|
|
::= { ciscoAuthFrameworkMIB 0 }
|
|
|
|
ciscoAuthFrameworkMIBObjects OBJECT IDENTIFIER
|
|
::= { ciscoAuthFrameworkMIB 1 }
|
|
|
|
ciscoAuthFrameworkMIBConform OBJECT IDENTIFIER
|
|
::= { ciscoAuthFrameworkMIB 2 }
|
|
|
|
ciscoAuthFrameworkSystem OBJECT IDENTIFIER
|
|
::= { ciscoAuthFrameworkMIBObjects 1 }
|
|
|
|
ciscoAuthFrwkAuthenticator OBJECT IDENTIFIER
|
|
::= { ciscoAuthFrameworkMIBObjects 2 }
|
|
|
|
ciscoAuthFrameworkEvent OBJECT IDENTIFIER
|
|
::= { ciscoAuthFrameworkMIBObjects 3 }
|
|
|
|
ciscoAuthFrameworkSession OBJECT IDENTIFIER
|
|
::= { ciscoAuthFrameworkMIBObjects 4 }
|
|
|
|
ciscoAuthFrwkNotifControl OBJECT IDENTIFIER
|
|
::= { ciscoAuthFrameworkMIBObjects 5 }
|
|
|
|
ciscoAuthFrwkNotifInfo OBJECT IDENTIFIER
|
|
::= { ciscoAuthFrameworkMIBObjects 6 }
|
|
|
|
|
|
-- Textual Conventions
|
|
|
|
CiscoAuthControlledDirections ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The controlled direction values for capable ports in
|
|
Authentication Framework.
|
|
|
|
both: control is required to be exerted over both
|
|
incoming and outgoing traffic through the
|
|
controlled port.
|
|
|
|
in : control is required to be exerted over the
|
|
incoming traffic through the controlled port."
|
|
SYNTAX INTEGER {
|
|
both(0),
|
|
in(1)
|
|
}
|
|
|
|
CiscoAuthControlledPortControl ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The authorization control values of Authentication
|
|
Framework on a controlled port.
|
|
|
|
forceUnauthorized: the controlled port is forced to
|
|
be unauthorized unconditionally.
|
|
|
|
auto : authorization of the controlled
|
|
port will be determined by an
|
|
authentication process.
|
|
|
|
forceAuthorized : The controlled port is forced to
|
|
be authorized unconditionally."
|
|
SYNTAX INTEGER {
|
|
forceUnauthorized(1),
|
|
auto(2),
|
|
forceAuthorized(3)
|
|
}
|
|
|
|
CiscoAuthMethod ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The authentication methods and protocols supported in
|
|
Authentication Framework.
|
|
|
|
other : none of the below.
|
|
|
|
dot1x : 802.1x Protocol.
|
|
|
|
macAuthBypass: MAC Authentication Bypass.
|
|
|
|
webAuth : Web-Proxy Authentication.
|
|
|
|
'other' is a read only value which can not be used in
|
|
set operation."
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
dot1x(2),
|
|
macAuthBypass(3),
|
|
webAuth(4)
|
|
}
|
|
|
|
CiscoAuthMethodList ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The list of authentication methods provided within
|
|
Authentication Framework.
|
|
|
|
Each octet represents an authentication method which
|
|
is defined in CiscoAuthMethod.
|
|
|
|
The DESCRIPTION clause of CiscoAuthMethodList objects
|
|
must fully describe the relationship between methods."
|
|
SYNTAX OCTET STRING
|
|
|
|
CiscoAuthHostMode ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The authentication mode of a controlled port.
|
|
|
|
singleHost: port allows one host to connect and authenticate
|
|
in a single domain.
|
|
|
|
multiHost : port allows multiple hosts to connect. Once
|
|
a host is authenticated, all remaining hosts are
|
|
also authenticated in a single domain.
|
|
|
|
multiAuth : port allows multiple hosts to connect. Each host
|
|
is authenticated separately in a single domain.
|
|
|
|
multiDomain: port allows multiple domains to be authenticated."
|
|
SYNTAX INTEGER {
|
|
singleHost(1),
|
|
multiHost(2),
|
|
multiAuth(3),
|
|
multiDomain(4)
|
|
}
|
|
|
|
-- ciscoAuthFrameworkSystem
|
|
|
|
cafAaaNoRespRecoveryDelay OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "milliseconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the AAA recovery delay for authentication methods
|
|
registered in Authentication Framework when AAA server becomes
|
|
active again after being inactive. A value of zero indicates
|
|
that AAA recovery delay is disabled in the system."
|
|
::= { ciscoAuthFrameworkSystem 1 }
|
|
|
|
cafAuthMethodRegTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CafAuthMethodRegEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of authentication methods which are currrently
|
|
registered with Authentication Framework.
|
|
|
|
An entry is created by the agent when an authentication method
|
|
has successfully registered with Authentication Framework.
|
|
|
|
An entry is deleted by the agent upon de-registration of the
|
|
authentication method."
|
|
::= { ciscoAuthFrameworkSystem 2 }
|
|
|
|
cafAuthMethodRegEntry OBJECT-TYPE
|
|
SYNTAX CafAuthMethodRegEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing registration information of a particular
|
|
authentication method with Authentication Framework."
|
|
INDEX { cafAuthMethod }
|
|
::= { cafAuthMethodRegTable 1 }
|
|
|
|
CafAuthMethodRegEntry ::= SEQUENCE {
|
|
cafAuthMethod CiscoAuthMethod,
|
|
cafAuthMethodDefaultPriority Unsigned32,
|
|
cafAuthMethodDefaultExecOrder Unsigned32
|
|
}
|
|
|
|
cafAuthMethod OBJECT-TYPE
|
|
SYNTAX CiscoAuthMethod
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The authentication method registered with Authentication
|
|
Framework."
|
|
::= { cafAuthMethodRegEntry 1 }
|
|
|
|
cafAuthMethodDefaultPriority OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A unique number which indicates the default priority of a
|
|
authentication method.
|
|
|
|
The default priority is assigned by Authentication Framework
|
|
during method registration. The method with smallest value
|
|
has highest priority."
|
|
::= { cafAuthMethodRegEntry 2 }
|
|
|
|
cafAuthMethodDefaultExecOrder OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A unique number which indicates the default execution order
|
|
of a authentication method.
|
|
|
|
The default execution order is assigned by Authentication
|
|
Framework during method registration. The method with
|
|
smallest value will be execute first."
|
|
::= { cafAuthMethodRegEntry 3 }
|
|
|
|
|
|
|
|
cafMacMoveMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
deny(1),
|
|
permit(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the MAC Move configuration for
|
|
Authentication Framework.
|
|
|
|
deny : When a host is authenticated on one port,
|
|
that address is not allowed on another
|
|
authenticated manager-enabled port of the device.
|
|
|
|
permit: Authenticated hosts are allowed to move from one
|
|
port to another on the same device. When a host moves to
|
|
a new port, the authenticated session on the original
|
|
port is deleted, and the host is reauthenticated on the
|
|
new port."
|
|
::= { ciscoAuthFrameworkSystem 3 }
|
|
|
|
cafCoABouncePortCommandIgnoreEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether the device ignores the bounce
|
|
port command that sent from RADIUS via Change-of-Authorization
|
|
(CoA) packets."
|
|
::= { ciscoAuthFrameworkSystem 4 }
|
|
|
|
cafCoADisablePortCommandIgnoreEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether the device ingores the
|
|
disable port command that sent from RADIUS via
|
|
Change-of-Authorization (CoA) packets."
|
|
::= { ciscoAuthFrameworkSystem 5 }
|
|
-- ciscoAuthFrwkAuthenticator
|
|
|
|
cafPortConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CafPortConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of port entries. An entry will exist for each
|
|
interface which support Authentication Framework feature."
|
|
::= { ciscoAuthFrwkAuthenticator 1 }
|
|
|
|
cafPortConfigEntry OBJECT-TYPE
|
|
SYNTAX CafPortConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing management information of Authentication
|
|
Framework applicable to a particular port."
|
|
INDEX { ifIndex }
|
|
::= { cafPortConfigTable 1 }
|
|
|
|
CafPortConfigEntry ::= SEQUENCE {
|
|
cafPortControlledDirection CiscoAuthControlledDirections,
|
|
cafPortFallBackProfile SnmpAdminString,
|
|
cafPortAuthHostMode CiscoAuthHostMode,
|
|
cafPortPreAuthOpenAccess TruthValue,
|
|
cafPortAuthorizeControl CiscoAuthControlledPortControl,
|
|
cafPortReauthEnabled TruthValue,
|
|
cafPortReauthInterval Unsigned32,
|
|
cafPortRestartInterval Unsigned32,
|
|
cafPortInactivityTimeout Integer32,
|
|
cafPortViolationAction INTEGER
|
|
}
|
|
|
|
cafPortControlledDirection OBJECT-TYPE
|
|
SYNTAX CiscoAuthControlledDirections
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the controlled direction of this port."
|
|
::= { cafPortConfigEntry 1 }
|
|
|
|
cafPortFallBackProfile OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the name of the fallback profile to be used when
|
|
failing over to Web Proxy Authentication. A zero length
|
|
string indicates that fallback mechanism to Web Proxy
|
|
Authentication is disabled in Authentication Framework."
|
|
::= { cafPortConfigEntry 2 }
|
|
|
|
cafPortAuthHostMode OBJECT-TYPE
|
|
SYNTAX CiscoAuthHostMode
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the authentication host mode for this port."
|
|
::= { cafPortConfigEntry 3 }
|
|
|
|
cafPortPreAuthOpenAccess OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if the Pre-Authentication Open Access feature
|
|
allows clients/devices to gain network access before
|
|
authentication is performed.
|
|
|
|
A value of 'true' for this object indicates that client/device
|
|
is able to gain network access before authentication is
|
|
performed."
|
|
::= { cafPortConfigEntry 4 }
|
|
|
|
cafPortAuthorizeControl OBJECT-TYPE
|
|
SYNTAX CiscoAuthControlledPortControl
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the authorization control for this port."
|
|
::= { cafPortConfigEntry 5 }
|
|
|
|
cafPortReauthEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if reauthentication is enabled for this port."
|
|
::= { cafPortConfigEntry 6 }
|
|
|
|
cafPortReauthInterval OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the reauthentication interval, after which the port
|
|
will be reauthenticated if value of the corresponding instance
|
|
of cafPortReauthEnabled is 'true'.
|
|
|
|
A value of zero indicates that the reauthentication interval
|
|
is downloaded from AAA server when this port is authenticated."
|
|
::= { cafPortConfigEntry 7 }
|
|
|
|
cafPortRestartInterval OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the interval after which a further authentication
|
|
attempt should be made to this port if it is not authorized.
|
|
|
|
A value of zero indicates that no further authentication attempt
|
|
will be made if this port is unauthorized."
|
|
::= { cafPortConfigEntry 8 }
|
|
|
|
cafPortInactivityTimeout OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0 | 1..65535)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the period of time that a client associating with
|
|
this
|
|
port is allowed to be inactive before being terminated.
|
|
|
|
A value of zero indicates that inactivity timeout is disabled on
|
|
|
|
this port.
|
|
|
|
A value of -1 indicates that inactivity timeout is downloaded
|
|
from the AAA server when this port is authenticated."
|
|
::= { cafPortConfigEntry 9 }
|
|
|
|
cafPortViolationAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
restrict(1),
|
|
shutdown(2),
|
|
protect(3),
|
|
replace(4)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the action to be taken due to a security violation
|
|
occurs on this port.
|
|
|
|
restrict: This port will be moved to restricted state.
|
|
|
|
shutdown: This port will be shutdown from Authentication
|
|
Framework perspective.
|
|
|
|
protect : This port will be moved to protected state.
|
|
|
|
replace : The current authentication session on this
|
|
port will be terminated and replaced by a new
|
|
authentication session, upon the detection of
|
|
security violation on the current authentication
|
|
session on the port."
|
|
::= { cafPortConfigEntry 10 }
|
|
|
|
|
|
|
|
cafPortMethodTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CafPortMethodEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table contains a list of port entries. An entry will exist
|
|
for each port which supports Authentication Framework feature."
|
|
::= { ciscoAuthFrwkAuthenticator 2 }
|
|
|
|
cafPortMethodEntry OBJECT-TYPE
|
|
SYNTAX CafPortMethodEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Entry containing configuration and information of
|
|
authentication methods for a particular port."
|
|
INDEX { ifIndex }
|
|
::= { cafPortMethodTable 1 }
|
|
|
|
CafPortMethodEntry ::= SEQUENCE {
|
|
cafPortMethodAdminExecOrder CiscoAuthMethodList,
|
|
cafPortMethodAdminPriority CiscoAuthMethodList,
|
|
cafPortMethodAvailable CiscoAuthMethodList,
|
|
cafPortMethodOperExecOrder CiscoAuthMethodList,
|
|
cafPortMethodOperPriority CiscoAuthMethodList
|
|
}
|
|
|
|
cafPortMethodAdminExecOrder OBJECT-TYPE
|
|
SYNTAX CiscoAuthMethodList
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the administrative execution order of
|
|
authentication methods on the port. Methods are executed in
|
|
the order as specified in the method list.
|
|
|
|
Method which is at the beginning of the method list will be
|
|
executed first. Method which is at the end of method list
|
|
will be executed last.
|
|
|
|
A zero length string of this object indicates that no per
|
|
port execution order configuration has been specified on
|
|
this port. The actual execution order is based on the value
|
|
of cafAuthMethodDefaultExecOrder in cafAuthMethodRegTable."
|
|
::= { cafPortMethodEntry 1 }
|
|
|
|
cafPortMethodAdminPriority OBJECT-TYPE
|
|
SYNTAX CiscoAuthMethodList
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the administrative priority of
|
|
authentication methods on the port. The priority of
|
|
each method is assigned based on the method list.
|
|
|
|
Method which is at the beginning of the method list has
|
|
highest priority. Method which is at the end of method list
|
|
has lowest priority.
|
|
|
|
A zero length string of this object indicates that no per
|
|
port method priority configuration has been specified on
|
|
this port. The actual execution order is based on the value
|
|
of cafAuthMethodDefaultExecOrder in cafAuthMethodRegTable."
|
|
::= { cafPortMethodEntry 2 }
|
|
|
|
cafPortMethodAvailable OBJECT-TYPE
|
|
SYNTAX CiscoAuthMethodList
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the authentication methods currently
|
|
available on this port."
|
|
::= { cafPortMethodEntry 3 }
|
|
|
|
cafPortMethodOperExecOrder OBJECT-TYPE
|
|
SYNTAX CiscoAuthMethodList
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the operational execution order of
|
|
authentication methods on this port. Methods are executed in
|
|
the order as specified in the method list.
|
|
|
|
Method which is at the beginning of the method list will be
|
|
executed first. Method which is at the end of method list
|
|
will be executed last."
|
|
::= { cafPortMethodEntry 4 }
|
|
|
|
cafPortMethodOperPriority OBJECT-TYPE
|
|
SYNTAX CiscoAuthMethodList
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the operational priority of
|
|
authentication methods on this port. Methods have the
|
|
priority as specified in the method list.
|
|
|
|
Method which is at the beginning of the method list has
|
|
highest priority. Method which is at the end of method list
|
|
has lowest priority."
|
|
::= { cafPortMethodEntry 5 }
|
|
|
|
|
|
-- ciscoAuthFrameworkEvent
|
|
|
|
cafAuthFailedEventPortTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CafAuthFailedEventPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table contains a list of port entries.
|
|
|
|
An entry will exist for each port which supports Authentication
|
|
Fail event within the Authentication Framework."
|
|
::= { ciscoAuthFrameworkEvent 1 }
|
|
|
|
cafAuthFailedEventPortEntry OBJECT-TYPE
|
|
SYNTAX CafAuthFailedEventPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Entry containing management information of Authentication
|
|
Fail event for a particular port."
|
|
INDEX { ifIndex }
|
|
::= { cafAuthFailedEventPortTable 1 }
|
|
|
|
CafAuthFailedEventPortEntry ::= SEQUENCE {
|
|
cafAuthFailedMaxRetry Unsigned32,
|
|
cafAuthFailedNoActionEnabled TruthValue,
|
|
cafAuthFailedAuthorizedVlan Integer32,
|
|
cafAuthFailedNextMethodEnabled TruthValue
|
|
}
|
|
|
|
cafAuthFailedMaxRetry OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the maximum number of retry should be
|
|
performed before generating Authentication Fail event.
|
|
|
|
A value of zero indicates that Authentication Fail event will
|
|
be generated upon authentication fail without any retry."
|
|
::= { cafAuthFailedEventPortEntry 1 }
|
|
|
|
cafAuthFailedNoActionEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether no action will be performed
|
|
when an Authentication Fail event occurs.
|
|
|
|
Setting 'true' on this object indicates that no action will
|
|
be performed when Authentication Fail event occurs.
|
|
|
|
The read-only value 'false' indicates that an action will
|
|
be performed when an Authentication Fail event occurs."
|
|
::= { cafAuthFailedEventPortEntry 2 }
|
|
|
|
cafAuthFailedAuthorizedVlan OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0 | 1..2147483647)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the Authentication Failed VLAN number.
|
|
|
|
The read-only value of -1 indicates that this object is not
|
|
applicable on this port.
|
|
|
|
The read-only value of zero indicates that this port will not be
|
|
authorized to any VLAN when Authentication Failed event occurs.
|
|
|
|
Setting a non-zero value on this object indicates that this port
|
|
will be authorized to the VLAN as specified by this object
|
|
value, when Authentication Fail event occurs."
|
|
::= { cafAuthFailedEventPortEntry 3 }
|
|
|
|
cafAuthFailedNextMethodEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether the next authentication method
|
|
will be used if an Authentication Fail event is generated by the
|
|
current authentication method.
|
|
|
|
Setting this object to 'true' indicates that the next available
|
|
authentication method will be used when Authentication Fail
|
|
event occurs.
|
|
|
|
The read-only value 'false' indicates that the next available
|
|
authentication method will not be used when Authentication Fail
|
|
event occurs."
|
|
::= { cafAuthFailedEventPortEntry 4 }
|
|
|
|
|
|
|
|
cafSecurityViolationClient OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The MAC address included in the notification currently being
|
|
sent, indicating the client who triggered the security violation
|
|
notification."
|
|
::= { ciscoAuthFrwkNotifInfo 1 }
|
|
|
|
cafAuthFailClient OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The MAC address included in the cafAuthFailNotif being
|
|
sent, indicating the client which failed to authenticate."
|
|
::= { ciscoAuthFrwkNotifInfo 2 }
|
|
|
|
cafClientNoRespEventPortTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CafClientNoRespEventPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table contains a list of port entries.
|
|
|
|
An entry exists for each port which supports No Response
|
|
event within the Authentication Framework."
|
|
::= { ciscoAuthFrameworkEvent 2 }
|
|
|
|
cafClientNoRespEventPortEntry OBJECT-TYPE
|
|
SYNTAX CafClientNoRespEventPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Entry containing management information of No Response
|
|
event for a particular port."
|
|
INDEX { ifIndex }
|
|
::= { cafClientNoRespEventPortTable 1 }
|
|
|
|
CafClientNoRespEventPortEntry ::= SEQUENCE {
|
|
cafClientNoRespNoActionEnabled TruthValue,
|
|
cafClientNoRespAuthorizedVlan Integer32
|
|
}
|
|
|
|
cafClientNoRespNoActionEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether an action is performed when No
|
|
Response event occurs.
|
|
|
|
Setting 'true' on this object indicates that no action will
|
|
be performed when No Response event occurs.
|
|
|
|
The read-only value 'false' of this object indicates that an
|
|
action will be performed when No Response event occurs."
|
|
::= { cafClientNoRespEventPortEntry 1 }
|
|
|
|
cafClientNoRespAuthorizedVlan OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0 | 1..2147483647)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the No Response Authorized VLAN number.
|
|
|
|
The read-only value of -1 indicates that this object is not
|
|
applicable on this port.
|
|
|
|
The read-only value of zero indicates that this port will not be
|
|
authorized to any VLAN when No Response event occurs.
|
|
|
|
Setting a non-zero value on this object indicates that this port
|
|
will be authorized to the VLAN as specified by this object
|
|
value, when No Response event occurs."
|
|
::= { cafClientNoRespEventPortEntry 2 }
|
|
|
|
|
|
|
|
cafServerEventPortTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CafServerEventPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table contains a list of port entries.
|
|
|
|
An entry exists for each port which supports AAA Server
|
|
Reachability event within the Authentication Framework."
|
|
::= { ciscoAuthFrameworkEvent 3 }
|
|
|
|
cafServerEventPortEntry OBJECT-TYPE
|
|
SYNTAX CafServerEventPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Entry containing management information of AAA Server
|
|
Reachability event for a particular port."
|
|
INDEX { ifIndex }
|
|
::= { cafServerEventPortTable 1 }
|
|
|
|
CafServerEventPortEntry ::= SEQUENCE {
|
|
cafServerDeadNoActionEnabled TruthValue,
|
|
cafServerDeadRemainAuthorized TruthValue,
|
|
cafServerDeadAuthorizedVlan Integer32,
|
|
cafServerAliveAction INTEGER
|
|
}
|
|
|
|
cafServerDeadNoActionEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether an action is performed if an
|
|
AAA Server Reachability event occurs.
|
|
|
|
Setting 'true' on this object indicates that no action
|
|
will be performed when AAA Server Reachability event occurs.
|
|
|
|
The read-only value 'false' indicates that an action will
|
|
be performed when AAA Server Reachability event occurs."
|
|
::= { cafServerEventPortEntry 1 }
|
|
|
|
cafServerDeadRemainAuthorized OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies if current authorization will remain
|
|
unchanged for the port when AAA Server Reachability event
|
|
occurs.
|
|
|
|
Setting 'true' on this object indicates that current
|
|
authorization will remain unchanged for the port when AAA
|
|
Server Reachability event occurs.
|
|
|
|
The read-only value 'false' indicates that the current
|
|
authorization will not be retained for the port when
|
|
AAA Server Reachability event occurs."
|
|
::= { cafServerEventPortEntry 2 }
|
|
|
|
cafServerDeadAuthorizedVlan OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0 | 1..2147483647)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the AAA Server Reachability
|
|
Authorized VLAN number.
|
|
|
|
The read-only value of -1 indicates that this object is not
|
|
applicable on this port.
|
|
|
|
The read-only value of zero indicates that this port will not
|
|
be authorized to any VLAN when AAA Server Reachability event
|
|
occurs.
|
|
|
|
Setting a non-zero value on this object indicates that this port
|
|
will be authorized to the VLAN as specified by this object
|
|
value, when AAA Server Reachability event occurs."
|
|
::= { cafServerEventPortEntry 3 }
|
|
|
|
cafServerAliveAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
reinitialize(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the action applied to the port upon AAA
|
|
recovery.
|
|
|
|
none : no action will be applied.
|
|
reinitialize: the port will be reinitialized with the current
|
|
authentication method."
|
|
::= { cafServerEventPortEntry 4 }
|
|
|
|
|
|
-- ciscoAuthFrameworkSession
|
|
|
|
cafSessionTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CafSessionEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table contains a list of authentication session.
|
|
|
|
An entry is created when an authentication session has
|
|
successfully created within Authentication Framework.
|
|
|
|
An entry is deleted when an authentication session has been
|
|
removed."
|
|
::= { ciscoAuthFrameworkSession 1 }
|
|
|
|
cafSessionEntry OBJECT-TYPE
|
|
SYNTAX CafSessionEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Entry containing management information for a particular
|
|
authentication session."
|
|
INDEX {
|
|
ifIndex,
|
|
IMPLIED cafSessionId
|
|
}
|
|
::= { cafSessionTable 1 }
|
|
|
|
CafSessionEntry ::= SEQUENCE {
|
|
cafSessionId OCTET STRING,
|
|
cafSessionClientMacAddress MacAddress,
|
|
cafSessionClientAddrType InetAddressType,
|
|
cafSessionClientAddress InetAddress,
|
|
cafSessionStatus INTEGER,
|
|
cafSessionDomain INTEGER,
|
|
cafSessionAuthHostMode CiscoAuthHostMode,
|
|
cafSessionControlledDirection CiscoAuthControlledDirections,
|
|
cafSessionPostureToken CnnEouPostureTokenString,
|
|
cafSessionAuthUserName SnmpAdminString,
|
|
cafSessionClientFramedIpPool SnmpAdminString,
|
|
cafSessionAuthorizedBy SnmpAdminString,
|
|
cafSessionCriticalTimeLeft Unsigned32,
|
|
cafSessionAuthVlan VlanIndexOrZero,
|
|
cafSessionTimeout Unsigned32,
|
|
cafSessionTimeLeft Unsigned32,
|
|
cafSessionTimeoutAction INTEGER,
|
|
cafSessionInactivityTimeout Unsigned32,
|
|
cafSessionInactivityTimeLeft Unsigned32,
|
|
cafSessionReauth TruthValue,
|
|
cafSessionTerminate TruthValue,
|
|
cafSessionVlanGroupName SnmpAdminString
|
|
}
|
|
|
|
cafSessionId OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..64))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A unique identifier of the authentication session."
|
|
::= { cafSessionEntry 1 }
|
|
|
|
cafSessionClientMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the MAC address of the device associates with the
|
|
authentication session."
|
|
::= { cafSessionEntry 2 }
|
|
|
|
cafSessionClientAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the type of Internet address of the client
|
|
associates with the authentication session."
|
|
::= { cafSessionEntry 3 }
|
|
|
|
cafSessionClientAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the Internet address of the client associates with
|
|
the authentication session. The type of this address is
|
|
determined by the value of cafSessionClientAddrType object."
|
|
::= { cafSessionEntry 4 }
|
|
|
|
cafSessionStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
idle(1),
|
|
running(2),
|
|
noMethod(3),
|
|
authenticationSuccess(4),
|
|
authenticationFailed(5),
|
|
authorizationSuccess(6),
|
|
authorizationFailed(7)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the current status of the authentication session.
|
|
|
|
idle : the session has been initialized and no
|
|
method has run yet.
|
|
|
|
running : an authentication method is running for
|
|
this session.
|
|
|
|
noMethod : no authentication method has provided a
|
|
result for this session.
|
|
|
|
authenticationSuccess: an authentication method has resulted
|
|
in authentication success for this session.
|
|
|
|
authenticationFailed: an authentication method has resulted
|
|
in authentication failed for this session.
|
|
|
|
authorizationSuccess: authorization is successful for this
|
|
session.
|
|
|
|
authorizationFailed : authorization is failed for this
|
|
session."
|
|
::= { cafSessionEntry 5 }
|
|
|
|
cafSessionDomain OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
data(2),
|
|
voice(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the type of domain that the authentication session
|
|
belongs to.
|
|
|
|
other : none of the below.
|
|
|
|
data : indicates the data domain.
|
|
|
|
voice: indicates the voice domain."
|
|
::= { cafSessionEntry 6 }
|
|
|
|
cafSessionAuthHostMode OBJECT-TYPE
|
|
SYNTAX CiscoAuthHostMode
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the authentication host mode of the port in the
|
|
authentication session."
|
|
::= { cafSessionEntry 7 }
|
|
|
|
cafSessionControlledDirection OBJECT-TYPE
|
|
SYNTAX CiscoAuthControlledDirections
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the operational controlled directions parameter
|
|
for this port in the authentication session."
|
|
::= { cafSessionEntry 8 }
|
|
|
|
cafSessionPostureToken OBJECT-TYPE
|
|
SYNTAX CnnEouPostureTokenString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the posture token associates with the authentication
|
|
session."
|
|
::= { cafSessionEntry 9 }
|
|
|
|
cafSessionAuthUserName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the name of the authenticated user for the
|
|
authentication session."
|
|
::= { cafSessionEntry 10 }
|
|
|
|
cafSessionClientFramedIpPool OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the name of the address pool from which the
|
|
session's client IP address is assigned."
|
|
::= { cafSessionEntry 11 }
|
|
|
|
cafSessionAuthorizedBy OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the name of the feature which authorizes the
|
|
authentication session."
|
|
::= { cafSessionEntry 12 }
|
|
|
|
cafSessionCriticalTimeLeft OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the leftover time before the next authentication
|
|
attempt for the authentication session after Server Reachability
|
|
event occurred. Value zero indicates that this session is
|
|
currently being authenticated or it is not applicable."
|
|
::= { cafSessionEntry 13 }
|
|
|
|
cafSessionAuthVlan OBJECT-TYPE
|
|
SYNTAX VlanIndexOrZero
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the authorized VLAN applied to the authentication
|
|
session. Value zero indicates that no authorized VLAN has been
|
|
applied, or it is not applicable."
|
|
::= { cafSessionEntry 14 }
|
|
|
|
cafSessionTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the session timeout used by Authentication
|
|
Framework in the authentication session."
|
|
::= { cafSessionEntry 15 }
|
|
|
|
cafSessionTimeLeft OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the leftover time of the current authentication
|
|
session."
|
|
::= { cafSessionEntry 16 }
|
|
|
|
cafSessionTimeoutAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
unknown(1),
|
|
terminate(2),
|
|
reauthenticate(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the timeout action on the authentication session,
|
|
when value of the corresponding instance of cafSessionTimeLeft
|
|
reaches zero.
|
|
|
|
unknown : None of the below.
|
|
|
|
terminate : Session will be terminated.
|
|
|
|
reauthenticate: Session will be reauthenticated."
|
|
::= { cafSessionEntry 17 }
|
|
|
|
cafSessionInactivityTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the inactivity timeout used by Authentication
|
|
Framework in the authentication session."
|
|
::= { cafSessionEntry 18 }
|
|
|
|
cafSessionInactivityTimeLeft OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the leftover time of the inactivity timer of
|
|
the authentication session."
|
|
::= { cafSessionEntry 19 }
|
|
|
|
cafSessionReauth OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The reauthentication control for the authentication session.
|
|
Setting this object to 'true' cause the current authenticated
|
|
session to reauthenticate the authenticated client. Setting
|
|
this object to 'false' has no effect.
|
|
|
|
This object always returns 'false' when being read."
|
|
::= { cafSessionEntry 20 }
|
|
|
|
cafSessionTerminate OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The termination request control for the authentication session.
|
|
Setting this object to 'true' terminates the current session.
|
|
Setting this object to 'false' has no effect.
|
|
|
|
This object always returns 'false' when being read."
|
|
::= { cafSessionEntry 21 }
|
|
|
|
cafSessionVlanGroupName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the VLAN group that has been used during VLAN
|
|
assignment for this session.
|
|
|
|
A zero length string indicates that there is no VLAN group been
|
|
used during VLAN assignment."
|
|
::= { cafSessionEntry 22 }
|
|
|
|
|
|
|
|
cafSessionMethodsInfoTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CafSessionMethodsInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table contains a list of authentication method for every
|
|
authentication session.
|
|
|
|
An entry exists for each authentication method that can
|
|
authenticate an authentication session within
|
|
Authentication Framework."
|
|
::= { ciscoAuthFrameworkSession 2 }
|
|
|
|
cafSessionMethodsInfoEntry OBJECT-TYPE
|
|
SYNTAX CafSessionMethodsInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Entry containing method information for a particular runnable
|
|
authentication methods which is associated with a session for
|
|
an Authentication Framework managed port."
|
|
INDEX {
|
|
ifIndex,
|
|
cafSessionId,
|
|
cafSessionMethod
|
|
}
|
|
::= { cafSessionMethodsInfoTable 1 }
|
|
|
|
CafSessionMethodsInfoEntry ::= SEQUENCE {
|
|
cafSessionMethod CiscoAuthMethod,
|
|
cafSessionMethodState INTEGER
|
|
}
|
|
|
|
cafSessionMethod OBJECT-TYPE
|
|
SYNTAX CiscoAuthMethod
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates this authentication method."
|
|
::= { cafSessionMethodsInfoEntry 1 }
|
|
|
|
cafSessionMethodState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
notRun(1),
|
|
running(2),
|
|
failedOver(3),
|
|
authcSuccess(4),
|
|
authcFailed(5)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the state of this authentication method.
|
|
|
|
notRun : The method has not run for this session.
|
|
|
|
running : The method is running for this session.
|
|
|
|
failedOver : The method has failed and the next method is
|
|
expected to provide a result.
|
|
|
|
authcSuccess: The method has provided a successful
|
|
authentication result for this session.
|
|
|
|
authcFailed : The method has provided a failed authentication
|
|
result for this session."
|
|
::= { cafSessionMethodsInfoEntry 2 }
|
|
|
|
|
|
|
|
-- Notifications and notification controls
|
|
|
|
cafSecurityViolationNotifEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This variable indicates whether the system produces
|
|
the cafSecurityViolationNotif.
|
|
|
|
A 'false' value will prevent cafSecurityViolationNotif
|
|
from being generated by this system."
|
|
::= { ciscoAuthFrwkNotifControl 1 }
|
|
|
|
cafAuthFailNotifEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether the system produces
|
|
the cafAuthFailNotif.
|
|
|
|
A 'true' value will cause cafAuthFailNotif to be generated by
|
|
this system when an authentication failure happens.
|
|
|
|
A 'false' value will prevent cafAuthFailNotif
|
|
from being generated by this system."
|
|
::= { ciscoAuthFrwkNotifControl 2 }
|
|
|
|
cafSecurityViolationNotif NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
ifIndex,
|
|
ifName,
|
|
cafSecurityViolationClient
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A cafSecurityViolationNotif is sent if a security violation
|
|
is detected on a port, and the instance value of
|
|
cafSecurityViolationNotifEnable is 'true'."
|
|
::= { ciscoAuthFrameworkMIBNotifs 1 }
|
|
|
|
cafAuthFailNotif NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
ifName,
|
|
cafAuthFailClient
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A cafAuthFailNotif is sent if an authentication failure is
|
|
detected on a port, and the instance value of
|
|
cafAuthFailNotifEnable is 'true'.
|
|
|
|
ifName contains the name of the interface where the
|
|
authentication failure happened.
|
|
|
|
cafAuthFailClient contains the mac address of the client which
|
|
failed to authenticate."
|
|
::= { ciscoAuthFrameworkMIBNotifs 2 }
|
|
-- Conformance
|
|
|
|
ciscoAuthFrameworkMIBCompliances OBJECT IDENTIFIER
|
|
::= { ciscoAuthFrameworkMIBConform 1 }
|
|
|
|
ciscoAuthFrameworkMIBGroups OBJECT IDENTIFIER
|
|
::= { ciscoAuthFrameworkMIBConform 2 }
|
|
|
|
|
|
ciscoAuthFrameworkMIBCompliance MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for entities which implement
|
|
CISCO-AUTH-FRAMEWORK-MIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
cafAuthMethodRegGroup,
|
|
cafAuthPortConfigGroup,
|
|
cafPortMethodGroup,
|
|
cafSessionGroup,
|
|
cafSessionMethodInfoGroup
|
|
}
|
|
|
|
GROUP cafAaaNoRespRecoveryDelayGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
provide AAA recovery delay configuration for Authentication
|
|
Framework."
|
|
|
|
GROUP cafAuthFailedEventGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
provide configuration for Authentication Framework on its
|
|
capable ports, when Authentication Fail event occurs."
|
|
|
|
GROUP cafClientNoRespEventGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
provide configuration for Authentication Framework to authorize
|
|
ports in a special VLAN when non-capable clients are
|
|
detected."
|
|
|
|
GROUP cafServerEventGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
provide configuration for Authentication Framework on
|
|
authenticated ports when AAA Server Reachability event occurs."
|
|
|
|
GROUP cafSecViolationNotifEnableGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
support security violation notification for Authentication
|
|
Framework."
|
|
|
|
GROUP cafSecurityViolationNotifGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
support security violation notification for Authentication
|
|
Framework."
|
|
|
|
GROUP cafSecurityViolationClientGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
support security violation notification for Authentication
|
|
Framework."
|
|
|
|
OBJECT cafAaaNoRespRecoveryDelay
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortControlledDirection
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortFallBackProfile
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortAuthHostMode
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortPreAuthOpenAccess
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortAuthorizeControl
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortReauthEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortReauthInterval
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortRestartInterval
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortInactivityTimeout
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortViolationAction
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortMethodAdminExecOrder
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortMethodAdminPriority
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafAuthFailedMaxRetry
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafAuthFailedNoActionEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafAuthFailedAuthorizedVlan
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafAuthFailedNextMethodEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafClientNoRespNoActionEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafClientNoRespAuthorizedVlan
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafServerDeadNoActionEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafServerDeadRemainAuthorized
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafServerDeadAuthorizedVlan
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafServerAliveAction
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafSessionReauth
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafSessionTerminate
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafSecurityViolationNotifEnable
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
::= { ciscoAuthFrameworkMIBCompliances 1 }
|
|
|
|
ciscoAuthFrameworkMIBCompliance2 MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for entities which implement
|
|
CISCO-AUTH-FRAMEWORK-MIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
cafAuthMethodRegGroup,
|
|
cafAuthPortConfigGroup,
|
|
cafPortMethodGroup,
|
|
cafSessionGroup,
|
|
cafSessionMethodInfoGroup
|
|
}
|
|
|
|
GROUP cafAaaNoRespRecoveryDelayGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
provide AAA recovery delay configuration for Authentication
|
|
Framework."
|
|
|
|
GROUP cafAuthFailedEventGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
provide configuration for Authentication Framework on its
|
|
capable ports, when Authentication Fail event occurs."
|
|
|
|
GROUP cafClientNoRespEventGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
provide configuration for Authentication Framework to authorize
|
|
ports in a special VLAN when non-capable clients are
|
|
detected."
|
|
|
|
GROUP cafServerEventGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
provide configuration for Authentication Framework on
|
|
authenticated ports when AAA Server Reachability event occurs."
|
|
|
|
GROUP cafSecViolationNotifEnableGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
support security violation notification for Authentication
|
|
Framework."
|
|
|
|
GROUP cafSecurityViolationNotifGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
support security violation notification for Authentication
|
|
Framework."
|
|
|
|
GROUP cafSecurityViolationClientGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
support security violation notification for Authentication
|
|
Framework."
|
|
|
|
GROUP cafSessionVlanGroupNameGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
provide VLAN group information for Authentication
|
|
Framework."
|
|
|
|
OBJECT cafAaaNoRespRecoveryDelay
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortControlledDirection
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortFallBackProfile
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortAuthHostMode
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortPreAuthOpenAccess
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortAuthorizeControl
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortReauthEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortReauthInterval
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortRestartInterval
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortInactivityTimeout
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortViolationAction
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortMethodAdminExecOrder
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortMethodAdminPriority
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafAuthFailedMaxRetry
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafAuthFailedNoActionEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafAuthFailedAuthorizedVlan
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafAuthFailedNextMethodEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafClientNoRespNoActionEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafClientNoRespAuthorizedVlan
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafServerDeadNoActionEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafServerDeadRemainAuthorized
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafServerDeadAuthorizedVlan
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafServerAliveAction
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafSessionReauth
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafSessionTerminate
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafSecurityViolationNotifEnable
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
::= { ciscoAuthFrameworkMIBCompliances 2 }
|
|
|
|
ciscoAuthFrameworkMIBCompliance3 MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for entities which implement
|
|
CISCO-AUTH-FRAMEWORK-MIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
cafAuthMethodRegGroup,
|
|
cafAuthPortConfigGroup,
|
|
cafPortMethodGroup,
|
|
cafSessionGroup,
|
|
cafSessionMethodInfoGroup
|
|
}
|
|
|
|
GROUP cafAaaNoRespRecoveryDelayGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
provide AAA recovery delay configuration for Authentication
|
|
Framework."
|
|
|
|
GROUP cafAuthFailedEventGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
provide configuration for Authentication Framework on its
|
|
capable ports, when Authentication Fail event occurs."
|
|
|
|
GROUP cafClientNoRespEventGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
provide configuration for Authentication Framework to authorize
|
|
ports in a special VLAN when non-capable clients are
|
|
detected."
|
|
|
|
GROUP cafServerEventGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
provide configuration for Authentication Framework on
|
|
authenticated ports when AAA Server Reachability event occurs."
|
|
|
|
GROUP cafSecViolationNotifEnableGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
support security violation notification for Authentication
|
|
Framework."
|
|
|
|
GROUP cafSecurityViolationNotifGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
support security violation notification for Authentication
|
|
Framework."
|
|
|
|
GROUP cafSecurityViolationClientGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
support security violation notification for Authentication
|
|
Framework."
|
|
|
|
GROUP cafSessionVlanGroupNameGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
provide VLAN group information for Authentication
|
|
Framework."
|
|
|
|
GROUP cafMacMoveConfigGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
provide MAC move configuration for Authentication Framework."
|
|
|
|
GROUP cafCoACommandConfigGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
provide configuration for behavor for CoA commands for
|
|
Authentication Framework."
|
|
|
|
OBJECT cafAaaNoRespRecoveryDelay
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortControlledDirection
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortFallBackProfile
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortAuthHostMode
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortPreAuthOpenAccess
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortAuthorizeControl
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortReauthEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortReauthInterval
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortRestartInterval
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortInactivityTimeout
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortViolationAction
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortMethodAdminExecOrder
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortMethodAdminPriority
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafAuthFailedMaxRetry
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafAuthFailedNoActionEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafAuthFailedAuthorizedVlan
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafAuthFailedNextMethodEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafClientNoRespNoActionEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafClientNoRespAuthorizedVlan
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafServerDeadNoActionEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafServerDeadRemainAuthorized
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafServerDeadAuthorizedVlan
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafServerAliveAction
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafSessionReauth
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafSessionTerminate
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafSecurityViolationNotifEnable
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafMacMoveMode
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafCoABouncePortCommandIgnoreEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafCoADisablePortCommandIgnoreEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
::= { ciscoAuthFrameworkMIBCompliances 3 }
|
|
|
|
ciscoAuthFrameworkMIBCompliance4 MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for entities which implement
|
|
CISCO-AUTH-FRAMEWORK-MIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
cafAuthMethodRegGroup,
|
|
cafAuthPortConfigGroup,
|
|
cafPortMethodGroup,
|
|
cafSessionGroup,
|
|
cafSessionMethodInfoGroup
|
|
}
|
|
|
|
GROUP cafAaaNoRespRecoveryDelayGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
provide AAA recovery delay configuration for Authentication
|
|
Framework."
|
|
|
|
GROUP cafAuthFailedEventGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
provide configuration for Authentication Framework on its
|
|
capable ports, when Authentication Fail event occurs."
|
|
|
|
GROUP cafClientNoRespEventGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
provide configuration for Authentication Framework to authorize
|
|
ports in a special VLAN when non-capable clients are
|
|
detected."
|
|
|
|
GROUP cafServerEventGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
provide configuration for Authentication Framework on
|
|
authenticated ports when AAA Server Reachability event occurs."
|
|
|
|
GROUP cafSecViolationNotifEnableGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
support security violation notification for Authentication
|
|
Framework."
|
|
|
|
GROUP cafSecurityViolationNotifGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
support security violation notification for Authentication
|
|
Framework."
|
|
|
|
GROUP cafSecurityViolationClientGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
support security violation notification for Authentication
|
|
Framework."
|
|
|
|
GROUP cafSessionVlanGroupNameGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
provide VLAN group information for Authentication
|
|
Framework."
|
|
|
|
GROUP cafMacMoveConfigGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
provide MAC move configuration for Authentication Framework."
|
|
|
|
GROUP cafCoACommandConfigGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
provide configuration for behavor for CoA commands for
|
|
Authentication Framework."
|
|
|
|
GROUP cafAuthFailNotifGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
support authentication failure notification for Authentication
|
|
Framework."
|
|
|
|
GROUP cafAuthFailNotifEnableGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
support authentication failure notification for Authentication
|
|
Framework."
|
|
|
|
GROUP cafAuthFailClientGroup
|
|
DESCRIPTION
|
|
"This group is mandatory in devices running software which
|
|
support authentication failure notification for Authentication
|
|
Framework."
|
|
|
|
OBJECT cafAaaNoRespRecoveryDelay
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortControlledDirection
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortFallBackProfile
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortAuthHostMode
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortPreAuthOpenAccess
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortAuthorizeControl
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortReauthEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortReauthInterval
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortRestartInterval
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortInactivityTimeout
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortViolationAction
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortMethodAdminExecOrder
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafPortMethodAdminPriority
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafAuthFailedMaxRetry
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafAuthFailedNoActionEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafAuthFailedAuthorizedVlan
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafAuthFailedNextMethodEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafClientNoRespNoActionEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafClientNoRespAuthorizedVlan
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafServerDeadNoActionEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafServerDeadRemainAuthorized
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafServerDeadAuthorizedVlan
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafServerAliveAction
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafSessionReauth
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafSessionTerminate
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafSecurityViolationNotifEnable
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafMacMoveMode
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafCoABouncePortCommandIgnoreEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT cafCoADisablePortCommandIgnoreEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
::= { ciscoAuthFrameworkMIBCompliances 4 }
|
|
|
|
-- Units of Conformance
|
|
|
|
cafAuthMethodRegGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cafAuthMethodDefaultPriority,
|
|
cafAuthMethodDefaultExecOrder
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides registration
|
|
information of authentication methods in Authentication
|
|
Framework."
|
|
::= { ciscoAuthFrameworkMIBGroups 1 }
|
|
|
|
cafAaaNoRespRecoveryDelayGroup OBJECT-GROUP
|
|
OBJECTS { cafAaaNoRespRecoveryDelay }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides AAA recovery delay
|
|
configuration for Authentication Framework in the system."
|
|
::= { ciscoAuthFrameworkMIBGroups 2 }
|
|
|
|
cafAuthPortConfigGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cafPortControlledDirection,
|
|
cafPortFallBackProfile,
|
|
cafPortAuthHostMode,
|
|
cafPortPreAuthOpenAccess,
|
|
cafPortAuthorizeControl,
|
|
cafPortReauthEnabled,
|
|
cafPortReauthInterval,
|
|
cafPortRestartInterval,
|
|
cafPortInactivityTimeout,
|
|
cafPortViolationAction
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides configuration of
|
|
Authentication Framework for capable ports in the system."
|
|
::= { ciscoAuthFrameworkMIBGroups 3 }
|
|
|
|
cafPortMethodGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cafPortMethodAdminExecOrder,
|
|
cafPortMethodAdminPriority,
|
|
cafPortMethodAvailable,
|
|
cafPortMethodOperExecOrder,
|
|
cafPortMethodOperPriority
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides configuration and
|
|
information of authentication methods within Authentication
|
|
Framework for capable ports in the system."
|
|
::= { ciscoAuthFrameworkMIBGroups 4 }
|
|
|
|
cafAuthFailedEventGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cafAuthFailedMaxRetry,
|
|
cafAuthFailedNoActionEnabled,
|
|
cafAuthFailedAuthorizedVlan,
|
|
cafAuthFailedNextMethodEnabled
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides configuration of
|
|
Auth-Failed behaviour of Authentication Framework for
|
|
ports in the system."
|
|
::= { ciscoAuthFrameworkMIBGroups 5 }
|
|
|
|
cafClientNoRespEventGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cafClientNoRespNoActionEnabled,
|
|
cafClientNoRespAuthorizedVlan
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides configuration of
|
|
Authentication Framework when no-responsive client is detected
|
|
on a port in the system."
|
|
::= { ciscoAuthFrameworkMIBGroups 6 }
|
|
|
|
cafServerEventGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cafServerDeadNoActionEnabled,
|
|
cafServerDeadRemainAuthorized,
|
|
cafServerDeadAuthorizedVlan,
|
|
cafServerAliveAction
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides configuration of
|
|
Authentication Framework when AAA Server Reachability event
|
|
occurs."
|
|
::= { ciscoAuthFrameworkMIBGroups 7 }
|
|
|
|
cafSessionGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cafSessionClientMacAddress,
|
|
cafSessionClientAddrType,
|
|
cafSessionClientAddress,
|
|
cafSessionDomain,
|
|
cafSessionStatus,
|
|
cafSessionAuthHostMode,
|
|
cafSessionControlledDirection,
|
|
cafSessionPostureToken,
|
|
cafSessionAuthUserName,
|
|
cafSessionClientFramedIpPool,
|
|
cafSessionAuthorizedBy,
|
|
cafSessionCriticalTimeLeft,
|
|
cafSessionAuthVlan,
|
|
cafSessionTimeout,
|
|
cafSessionTimeLeft,
|
|
cafSessionTimeoutAction,
|
|
cafSessionInactivityTimeout,
|
|
cafSessionInactivityTimeLeft,
|
|
cafSessionReauth,
|
|
cafSessionTerminate
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides authentication session
|
|
management information for Authentication Framework."
|
|
::= { ciscoAuthFrameworkMIBGroups 8 }
|
|
|
|
cafSessionMethodInfoGroup OBJECT-GROUP
|
|
OBJECTS { cafSessionMethodState }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides information about
|
|
authentication methods associate with Authentication Framework
|
|
's authentication sessions in the system."
|
|
::= { ciscoAuthFrameworkMIBGroups 9 }
|
|
|
|
cafSecViolationNotifEnableGroup OBJECT-GROUP
|
|
OBJECTS { cafSecurityViolationNotifEnable }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides control over
|
|
security violation notification for Authentication
|
|
Framework in the system."
|
|
::= { ciscoAuthFrameworkMIBGroups 10 }
|
|
|
|
cafSecurityViolationNotifGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS { cafSecurityViolationNotif }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of notification providing information
|
|
about port's security violation in Authentication
|
|
Framework."
|
|
::= { ciscoAuthFrameworkMIBGroups 11 }
|
|
|
|
cafSecurityViolationClientGroup OBJECT-GROUP
|
|
OBJECTS { cafSecurityViolationClient }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing MAC address of the offending
|
|
client in the security violation notification."
|
|
::= { ciscoAuthFrameworkMIBGroups 12 }
|
|
|
|
cafSessionVlanGroupNameGroup OBJECT-GROUP
|
|
OBJECTS { cafSessionVlanGroupName }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing VLAN group information of
|
|
authenticated session in Authentication Framework."
|
|
::= { ciscoAuthFrameworkMIBGroups 13 }
|
|
|
|
cafMacMoveConfigGroup OBJECT-GROUP
|
|
OBJECTS { cafMacMoveMode }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing MAC move cofiguration
|
|
information for Authentication Framework on the device."
|
|
::= { ciscoAuthFrameworkMIBGroups 14 }
|
|
|
|
cafCoACommandConfigGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cafCoABouncePortCommandIgnoreEnabled,
|
|
cafCoADisablePortCommandIgnoreEnabled
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing configuration information
|
|
for the device's behaviour on CoA commands."
|
|
::= { ciscoAuthFrameworkMIBGroups 15 }
|
|
|
|
cafAuthFailNotifGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS { cafAuthFailNotif }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of notification providing information
|
|
about port's authentication failure in Authentication
|
|
Framework."
|
|
::= { ciscoAuthFrameworkMIBGroups 16 }
|
|
|
|
cafAuthFailNotifEnableGroup OBJECT-GROUP
|
|
OBJECTS { cafAuthFailNotifEnable }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides control over
|
|
authentication failure notification for Authentication
|
|
Framework in the system."
|
|
::= { ciscoAuthFrameworkMIBGroups 17 }
|
|
|
|
cafAuthFailClientGroup OBJECT-GROUP
|
|
OBJECTS { cafAuthFailClient }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing MAC address of the failed
|
|
client in the authentication failure notification."
|
|
::= { ciscoAuthFrameworkMIBGroups 18 }
|
|
|
|
END
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|