librenms/mibs/cisco/CISCO-AUTH-FRAMEWORK-MIB
Jose Augusto Cardoso aa25b2b47a NAC Polling (Network Access Control) (#9227)
* RouterOS wireless sensors update (#9401)

* bug-fix and new features

Fixed incorrect OID for rate, renamed rate to TX-Rate as per update from mikrotik.

Added support for link distance

* Fixed indent issue

* Added support for using Transport name in templates (#9411)

* Added ability to sort alert schedules by status (#9257)

Signed-off-by: Rémy Jacquin <remy@remyj.fr>

* Converted Polling From Ports to New Module (cisco-nac)

* Converted Polling From Ports to New Module (cisco-nac)

* Fixed alert util (#9428)

DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`.  If there are schema changes, you can ask on discord how to revert.

* Fixed AlertUtil - again (#9429)

* Update BEGEMOT-HAST-MIB (#9427)

FIX: 
Due to a missing import and the uppercase after some SYNTAX this mib is not bein compiled correctly everywhere.
For example the one from Horizon OpenNMS fails with some errors 
ERROR: Cannot find symbol UNSIGNED32, Source: BEGEMOT-HAST-MIB.txt, Row: 321, Col: 17

The proposed change prevent the errors.

DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`.  If there are schema changes, you can ask on discord how to revert.

* Fixing Travis CI and Code Climate Issues

* Fixing Travis CI and Code Climate Issues

* Fixing Travis CI and Code Climate More Issues

* Fixing Travis CI and Code Climate More Issues

* Fixes delta calculation for bgpPeers_cbgp metrics (#9431)

The values in the $peer['c_update'][$oid] array are set only if they have
changed. If the value has not changed, then zero is substituted for real
values, which leads to incorrect calculation of delta values and records
in the database:

SELECT AcceptedPrefixes,AcceptedPrefixes_prev,AcceptedPrefixes_delta
FROM bgpPeers_cbgp
WHERE device_id=115;

| AcceptedPrefixes | AcceptedPrefixes_prev | AcceptedPrefixes_delta |
|------------------|-----------------------|------------------------|
|               21 |                    21 |                    -21 |

DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`.  If there are schema changes, you can ask on discord how to revert.

* Improve Junos state sensor discovery (#9426)

DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [X] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`.  If there are schema changes, you can ask on discord how to revert.

Tested on MX and EX series, works fine.
Skip slots that are empty and pull all sensors in jnxFruTable, data from old code is preserved.

* Added alerts schedule notes into device notes (#9258)

* Add alerts schedule notes into device notes

Signed-off-by: Rémy Jacquin <remy@remyj.fr>

* Update preferences.inc.php

* Show port description and dns name in FDB table (#9370)

- Added Port Description field to FDB Table
- Added DNS Name field to FDB Table
- Fixed sorting by port in FDB Table

DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`.  If there are schema changes, you can ask on discord how to revert.

* Update draytek.inc.php (#9432)

* Removed unnecessary model checks in HiveOS Wireless (#9409)

DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`.  If there are schema changes, you can ask on discord how to revert.

* Added format field to Telegram Messages (#9404)

* Add format field to Telegram Messages

Added Telegram field to send formatted messages as Mardown or HTML

* Update Telegram.php

* Correct Mistypo.

* Correct mistypo

* Correct Mistypo

* Correct mistypo

* Update Transports.md

* Add Format field on Telegram Examples

* Change Telegram Format field to type select

* Add "blank" option to Format field

* Update Telegram.php

* Update Telegram.php

* Update Telegram.php

* Disable page refresh on health sensors pages, autorefresh most tables (#9386)

* Disable page refresh on health sensors pages
Refresh all bootgrid tables every 5 minutes

* Update legacy_index.php

* Update librenmsv1.blade.php

* Style cleanup in hiveos file (#9440)

Fix code style check for https://github.com/librenms/librenms/pull/9438

DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`.  If there are schema changes, you can ask on discord how to revert.

* Ensure the checks for ASA context devices are strict (#9441)

* Show visually in webui + cli when using deprecated templates or transports (#9413)

* Show visually in webui + cli when using deprecated templates or transports

* Fixed query

* Added Bing geocode lookup support (#9434)

DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`.  If there are schema changes, you can ask on discord how to revert.

* Added ScreenOS Syslog Hook (#9438)

* Add ScreenOS Syslog Hook

Adds Syslog Hook for ScreenOS
https://community.librenms.org/t/juniper-screenos-syslog-hook/6146

* Update Syslog.md

* Update syslog-notify-oxidized.php

* Discovery YAML. Do not implicitly append $index (#9315)

Require it explicitly. Makes it easier to understand and matches the style of other values

Questionable YAML changes (either broken before or now broken):
secureplatform: haStatCode
ptp600: receiveModulationMode

DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`.  If there are schema changes, you can ask on discord how to revert.

* Update Syslog.md (#9443)

Fixed the screenOS output added in #9438 which was confusing mkdocs output. Refer to the docs currently https://docs.librenms.org/Extensions/Syslog/ - It's all mashed up at the bottom

DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`.  If there are schema changes, you can ask on discord how to revert.

* Fix ping.php poller groups setting
confusion between dispatch(new PingCheck($groups)) and PingCheck::dispatch($groups)

* Replaced Other to Disabled on Metod Column

* Replaced Other to Disabled on Metod Column

* Removed Extra Character < on Authz Icon

* Removed Extra Character < on Authz Icon

* Created sql-schema (261)

* Created sql-schema (261)

* Update docs for virtual images (#9456)

* Added Traffic to the Windows OS overlib graph (#9445)

WebUI: added Traffic to the Windows OS overlib graph

DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [X] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`.  If there are schema changes, you can ask on discord how to revert.

* Update World-Map.md to include pros/cons (#9442)

DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [ ] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`.  If there are schema changes, you can ask on discord how to revert.

* Added allow ipv6 address localhost nginx-status docs (#9458)

Following the modification of the SNMP Nginx agent (e0dcd4a064), linux distributions make requests in IPV6, so you must allow ::1 


DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`.  If there are schema changes, you can ask on discord how to revert.

* Fixed altering transport mapping in rules clearing all mappings (#9455)

* Change unpolled devices toast to be based on rrd step (#9391)

* Change unpolled devices toast to be based on rrd step

* Update message

Change it back to 3x

* Added resources/links and devices/hostname/links API calls for xDP (#9444)

* api: Add list_links and get_link api calls

Signed-off-by: Misha Komarovskiy <zombah@gmail.com>

* api: Add get_links api call

Signed-off-by: Misha Komarovskiy <zombah@gmail.com>

* Update detection for Allied and Radlan OS (#9454)

"1.3.6.1.4.1.207.1.4.128" is currently reporting as allied, when it should be reporting as radlan.

Refer to https://community.librenms.org/t/allied-telesis-discovery/6189/8

DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`.  If there are schema changes, you can ask on discord how to revert.

* Updated HiveOS wireless detection (#9459)

* Added ability to record traceroutes for devices down due to ICMP (#9457)

* Added ability to record traceroutes for devices down due to ICMP

* Update Templates.md

* Updated schema

* Update dev-overview-data.inc.php

* Filter email options based on backend in Alert settings (#9461)

DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`.  If there are schema changes, you can ask on discord how to revert.

* Update Configuration.md

* Updated detection for AKCP devices (#9460)

* Updated support for Avocent devices (#9462)

* Updated support for Avocent devices

* Add ACS8048 hardware to json

* Update avocent.inc.php

* Update avocent_8000.json

* Syslog name translation (#9463)

* Check to see if a host exists in a lookup table to translate received name to what LibreNMS knows

* Added some documentation on how this is configured

* Use \LibreNMS\Config instead of accessing $config directly

* Fix codeclimate finding: Additional blank lines after USE statement

* murrant suggested a much cleaner way of doing this!

* fix snmp engine time (#9470)

* Added more sensors for IRD (PBI Digital Decoder) (#9339)

* added over bitrate graph

* added bitrate

* added more state sensors

* Update ird.snmprec

* Update ird.json

* Update Ird.php

* Update Ird.php

* Update Ird.php

* Update ird.json

* Updated json test data

* Update ird.snmprec

* Updated json data

* fix test value

* fix num_oid

* Add new sysDescr string for AlliedWare Plus products. (#9430)

* Add new sysDescr string for AlliedWare Plus products.

Release 5.4.8-2.1 of AlliedWare Plus will change the format of the
sysDescr string. This patch updates Allied Telesis yaml files to work with
this change.

Signed-off-by: Luuk Paulussen <luuk.paulussen@alliedtelesis.co.nz>

* save-test-data.php: Use correct variable for 'os' argument.

Signed-off-by: Luuk Paulussen <luuk.paulussen@alliedtelesis.co.nz>

* Create awplus_5.4.8-2.json

* Update awplus_5.4.8-2.json

* add a tool for working with JSON apps (#9084)

* add initial work on script for working with json apps

* finish the code portion

* -h now done

* rename it to be slightly more accurate

* make hash key strings

* exit if -a is not present

* now exit after checking the file if -s or -t is given

* now properly add the applications key

* snmp_max_oid per Os support and snmpv1 multi_oid fix (#9343)

* Added snmp_max_oid config at Os level.

* Added check for snmpv1 on multi_oid requests.

* Check  device_oid_limit on multi get

* Use array_chunk

* Update snmp.inc.php

* remove dump, unused variable and extra plodes

* per device settings should take priority over OS

* Update Settings.md

* don't discard the data :P

* fixing option to let user pick saved test data filename, exit if ther… (#9242)

* fixing option to let user pick saved test data filename, exit if there are many os/variant combination for a single output filename

* fixing style issues

* Update save-test-data.php

* Update save-test-data.php

* Add support for Firebrick Hardware (#9403)

* Added support for Firebrick devices

* Added support for Firebrick devices

* Update firebrick.inc.php

* Update firebrick.inc.php

* Update firebrick.svg

* Update firebrick.svg

* Added SNMP Check

* Added SVG View Box

* Display XML in config tab

* Update firebrick.svg

* Update firebrick.yaml

* Update showconfig.inc.php

* Create firebrick.json

* Check sysDescr for JunOS version. (#9247)

* Cisco: change notKnown status to unknown and not warning (#9222)

* Cisco: change notKnown status to unknown and not warning

* Update cisco.inc.php

* Improve the Logical Checking if Data Exist on DB

* Improve the Logical Checking if Data Exist on DB

* Update SQL-Schema File Name

* Update SQL-Schema File Name

* add app for getting status of TCP connections for specified services (#8090)

* add the poller for portactivity

* add the ability to get monitor ports for portactivity

* add the graphs for displaying stuff for the portactivity app

* add the portactivity app page

* update the docs for Portactivity

* remove extra line

* minor doc update for Portactivity

* add update_application line

* convert to use json_app_get

* convert curly brackets to square

* style fix

* remote error, errorString, and version after they stop being important so they are not processed

* add alert rule examples

* add the poller for portactivity

* add the ability to get monitor ports for portactivity

* add the graphs for displaying stuff for the portactivity app

* add the portactivity app page

* update the docs for Portactivity

* remove extra line

* minor doc update for Portactivity

* add update_application line

* convert to use json_app_get

* convert curly brackets to square

* style fix

* remote error, errorString, and version after they stop being important so they are not processed

* add alert rule examples

* remove dump of get_portactivity_ports function added during rebase

* update to the current json_app_get

* add portactivity snmprec

* add the portactivity test data

* whoops bad merge when rebasing... fix

* minor formatting cleanup and add a missing comma

* fix some odditities with what one of the tests is doing

* whoops... include the use for the exception

* set the response to okay

* attempt to make snmpsim array check happy again

* the json now lints

* more making metric testing happy

* one more update to make travis-ci happy

* now flattens arrays also add array_flatten

* rename array_flatten to data_flatten as pre-commit chokes on it as laravel has something similarly named

* go through and properly add all the metrics

* tested with the newest one and it works

* whoops, clean up json and remove prototype that was used when putting it together

* doh! make it happy with laravel now

* see if a minor changing in formatting for the numbers makes the polling unit test happy

* order them properly

* remove a comma

* a few more minor fixes

* Replace dbFetchRows to dbFetchRow on Some Exist Checks

* Replace dbFetchRows to dbFetchRow on Some Exist Checks

* Fix Some Code Climate Issues

* Fix Some Code Climate Issues

* Fixed More Code Climate Issues

* Fixed More Code Climate Issues

* Fix do not include template text in HTML page (#9476)

* Fixed $speed lenght in port parser when > 32 characters (#9479)

* Fix global read check for demo account (#9482)

* Improve documentation for service plugins (#9414)

* Begin adding preinstalled plugin documentation.

Also add information about how the titles of the plugins are displayed and detected.
Make page visible on the websites Table of Contents.

* Add note about plugin loading based on file name.

* Added all monitoring-plugins URLs.

* Format URLs on the service plugin docs list.

* Correct a URL on the plugins list.

* Removed leftover text from plugin list docs.

* Add pkg-nagios-plugins-contrib plugins to docs.

* Add DSA pkg-nagios-plugins-contrib plugins to docs

* Added a few missing lines of pkg-nagios-plugins-contrib text.

* Remove links plugins we dont have URL for.

Add a few more pkg-nagios-plugins-contrib ones.

* Remove list. Point to the main sources directly.

* order by sensor_descr aswell (#9478)

Sort sensors by sensor_descr

* Fix os additional information for some that were broke (#9466)

* Fix os additional information for several OS.
$poll_device is not available, use $device

* fix draytek test data

* Fixed Procera ports ifIndex and ports added by the poller (#9384)

DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`.  If there are schema changes, you can ask on discord how to revert.

* Change group owner for php/session for CentOS 7 nginx install (#9393)

By default on CentOS 7, /var/lib/php/session is root:root.

DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`.  If there are schema changes, you can ask on discord how to revert.

* Refactored and update Location Geocoding (#9359)

- Fix location so it is a regular database relation (this allows multiple devices to be accurately linked to one location and saves api calls)
- Parse coordinates from the location more consistently
- Add settings to webui
- ~~Used [PHP Geocoder](http://geocoder-php.org/), which has lots of backends and is well tested. (also includes reverse and geoip)~~
- Google Maps, Bing, Mapquest, and OpenStreetMap supported initially.
- Default to OpenStreetMap, which doesn't require a key.  They will liberally hand out bans if you exceed 1 query per second though.
- All other Geocoding APIs require an API key. (Google requires a credit card on file, but seems to be the most accurate)
- Update all (I think) sql queries to handle the new structure
- Remove final vestiges of override_sysLocation as a device attribute
- Update existing device groups and rules in DB
- Tested all APIs with good/bad location, no/bad/good key, and no connection.
- Cannot fix advanced queries that use location

This blocks #8868

DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`.  If there are schema changes, you can ask on discord how to revert.

* Added Aprisa support (#9435)

* Created 4RF Aprisa XE support

* Made requesed change by @laf

* cleanup

* Fix sensor index and add test data

* Added support for Waystream products (#9481)

DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [X ] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`.  If there are schema changes, you can ask on discord how to revert.

This has been running in two production networks for > 3 months without any issues.

* Marathon detection

* support for Marathon based UPSs

* added Marathon Power logo

* testing marathon ups

* Fix for #9485 (#9486)

* Fix for #9485

* Update ajax_search.php

* Testing Maraton ups device type

* Fix issues cause by new location and other misc (#9490)

* Fix issues cause by new location and other misc
fix some queries so we return devices with null locations
remove unnecessary query of all ports on ports page lists
make locations menu available to non-admins for the legacy menu
fix a few issues with the old network-map

* fix graphs

* fix oxidized query

* added rfc1628 compat and removed discovery file

* small changes to verbiage

* Changes to display

* Fixed test on over section

* Removed Current graph.  Not available from this device.

* Locations UI and editing (#9480)

* Better handling of errors
Mapquest seems to return the center of the US on error.......

* Editable locations WIP

* Change to bootgrid ajax table WIP

* Graphs working, using handlebars
update js libs
add current location button

* remove sql query, change icon

* Add the map to the device view, only when gps is expanded.
Allow edit on device page, share js code

* fix chevron rotation, improve click area

* extra warning

* fix overview layout (remove containers)

* fix style

* fix html divs, change collapse ui a bit
move css, update css/js versions

* start zoomed out on new locations

* don't double load scripts, zoom to 17

* fix php-md errors, remove unused use statement

* improve non-admin experience

* Move locations page to Laravel
More functions in Url and Html util classes
reduce code duplication

* translation buttons too

* fix whitespace

* move formatters to the frontend

* small changes

* disable traffic for locations with no devices

* change down 0 to green from gray

* missing "

* Fix paginate all

* working fix for paginate all

* allow sort by counts

* fix down sort

* a little safety

* Don't call the function twice

* btn-xs

* Added json test data

* Fix locations page search (#9501)

* Add bing layer to leaflet (#9497)

Also, polyfill for IE used by both bing and google maps

* Change locations default sort order (#9502)

* changed variable name to resolve issue with Gitlab transport

* removed else to satisfy codeclimate checks

* changed tabs to spaces

* added CISCO-NAC-TC-MIB

* added CISCO-NAC-TC-MIB

* Added changelog for 1.46 release (#9510)

* Add additional composite index to speed up display of pages where a device has a lot of syslogs. In our environment, this took page loads for some devices from over 60 seconds to nearly instant

* Forgot to add db_schema.yaml in previous commit

* Update cucs mib to fix warnings (#9517)

* Added HPE Comware temperature limit (#9518)

Changed the Temperature High threshold for a HPE Comware Switch to the values provided by snmp.
This means the actual threshold configured in the switch is used over any predefined/auto calculated thresholds by LibreNMS.


DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`.  If there are schema changes, you can ask on discord how to revert.

* Added Comtrol device detection (#9491)

DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`.  If there are schema changes, you can ask on discord how to revert.

* Fixed integers fields in alert rules to be string (#9496)

DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`.  If there are schema changes, you can ask on discord how to revert.

* Focus and select location on override (#9503)

* Focus and select location on override

* Submit location on enter key

* SAF CFM wireless device support (#9450)

* Added support for SAF CFM L4 wireless device

* Added copyright statement according to LibreNMS documentation

* Added snmp test data and excluded some discover modules from os definition

* Style issue fixed

* More descriptive function

* MIB file rename

* Rename MIB file and change other files accordingly

* Added test data

* Removed debug statement

* Last checks

* Style changes

* Style changes

* Style changes

* Style changes

* Code restructure to make it more readable

* Fixed error in foreach

* Style issues

* Formatting of states within Yaml changed to make it more readable

* Omit default arguments

* Better code and modules only in CFM-M4P-MUX

* Chaged cfml4 to cfm

* Update Sensor.php

* Update Sensor.php

* Better handling of scientific numbers

* Better handling of scientific numbers

* New test data

* Correction on handling trailing zeros

* Different way of cleaning the numbers based on Tony's input

* Audiocodes initial support (#9508)

* Create audiocodes family with very basic sensors

* audiocode polling php and test files

* audiocode polling php and test files

* audiocode test files

* audiocode cleaning

* tests with selective polling disabled

* GitHub test script updates  (#9507)

* GitHub test script updates
add --reject to apply so it will skip binary files since GitHub does not create diffs for them correctly
Add new directories to the removal cleanup. Remove non-existant ones.

* Cleaner way to apply skip png files explicitly.
That way patches are still atomic.

* [UI] Fix last column of table (#9506)

* [UI] Fix last column of table

* move td outside of if and remove else

* Add Device Dragonwave Harmony Enhanced (#9499)

* Add Dragonwave Harmony Enhanced MC Device

* Remove single quote from null and 10 divisor

* Update and rename HarmonyEnhancedMc.php to HarmonyEnhanced.php

* Rename harmony-enhanced-mc.yaml to harmony-enhanced.yaml

* Update and rename harmony-enhanced-mc.yaml to harmony-enhanced.yaml

* Rename harmony-enhanced-mc.inc.php to harmony-enhanced.inc.php

* Rename harmony-enhanced-mc.snmprec to harmony-enhanced.snmprec

* Update HarmonyEnhanced.php

* Update HarmonyEnhanced.php

* Update HarmonyEnhanced.php

* Update HarmonyEnhanced.php

* More Code Climate Fixes

* Create harmony-enhanced.json

* Dynamic_discovery_get_value in can_skip_sensor to use all oids in skip_values (#9495)

* Use of dynamic_discovery_get_value in can_skip_sensor in order to use all available oids in skip_values

* Use LibreNMS\Device\YamlDiscovery code instead of keeping duplicated function can_skip_sensor

* Fix Travis errors

* Device management fall back to http if https isn't available.
Adds a slight delay on management clicking, may be blocked by popup blocker...

* Updated harmony OS poller to use multi get (#9525)

* docs: fix images doc (#9527)

There is no capital I in the password...

* fix error when location is missing from the DB (#9523)

* get geolocation at first poll (#9522)

* get geolocation at first poll

based on the logic of code, we will have to wait 2 days from adding new device for lat and lng to be updated

* Update Location.php

* Update Location.php

* Fixed Typo in YamlDiscovery.php (#9530)

Hi,

As far as I understand the code, it seems that array_reduce should be array_replace in this line, isn't it ?

PipoCanaja

DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [X] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`.  If there are schema changes, you can ask on discord how to revert.

* Fixed alert log showing only green instead of all by default (#9529)

DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`.  If there are schema changes, you can ask on discord how to revert.

By default, when you access Alert History it was showing only OK (Green) ones instead of all. You had to hit filter to show them.

* Fixed customers page (#9521)

move customers table backend to Laravel

DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`.  If there are schema changes, you can ask on discord how to revert.

* Added detection if this is a git based install or not. (#9379)

Not sure about the warning or text.

DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`.  If there are schema changes, you can ask on discord how to revert.

* Change snmp-scan heading (#9492)

* Fixed plugins using d_echo (#9498)

Move d_echo to helpers.php and include in autoload
Don't remove from common.php yet to be extra safe.

* Use Eloquent for DB access
Move print-nac into nac.inc.php
Rename module to generic nac, If implemented for other OS later this can be extended but the name should be the same
Add items required for testing

* Use Eloquent for DB access
Move print-nac into nac.inc.php
Rename module to generic nac, If implemented for other OS later this can be extended but the name should be the same
Add items required for testing

* test github

* test github

* test git

* test git

* Added Network Access Control polling and store on DB

* Added Network Access Control polling and store on DB

* Added NAC tab on device page

* Added NAC tab on device page

* Added NAC tab page on device main page

* Added NAC tab page on device main page

* Fixed Auth ID data parsing

* Fixed Auth ID data parsing

* Filter Device ID on NAC Tab page

* Filter Device ID on NAC Tab page

* Converted IP Address form HEX to DEC format

* Converted IP Address form HEX to DEC format

* Formated grid on NAC print page

* Formated grid on NAC print page

* Added AuthC status

* Added AuthC status

* removed useless lines

* removed useless lines

* Fix some typos

* Fix some typos

* Fix Code Climate Issues

* Fix Code Climate Issues

* Fixed more Code Climate Issues

* Fixed more Code Climate Issues

* Fixed more Code Climate Issues

* Fixed more Code Climate Issues

* converted dbQuery() to dbUpdate()

* converted dbQuery() to dbUpdate()

* Fixed more Code Climate Issues

* Fixed more Code Climate Issues

* Removed Hex to Dec test codes

* Removed Hex to Dec test codes

* removed unused classes

* removed unused classes

* Change my own IP Hex to Dec conversion to IP::fromHexString Class

* Change my own IP Hex to Dec conversion to IP::fromHexString Class

* CLA Signature

* CLA Signature

* Merge all dbUpdate on only one call

* Merge all dbUpdate on only one call

* Replaced Table to Bootgrid

* Replaced Table to Bootgrid

* Converted Polling From Ports to New Module (cisco-nac)

* Converted Polling From Ports to New Module (cisco-nac)

* Fixing Travis CI and Code Climate Issues

* Fixing Travis CI and Code Climate Issues

* Fixing Travis CI and Code Climate More Issues

* Fixing Travis CI and Code Climate More Issues

* Replaced Other to Disabled on Metod Column

* Replaced Other to Disabled on Metod Column

* Removed Extra Character < on Authz Icon

* Removed Extra Character < on Authz Icon

* Improve the Logical Checking if Data Exist on DB

* Improve the Logical Checking if Data Exist on DB

* Replace dbFetchRows to dbFetchRow on Some Exist Checks

* Replace dbFetchRows to dbFetchRow on Some Exist Checks

* Fix Some Code Climate Issues

* Fix Some Code Climate Issues

* Fixed More Code Climate Issues

* Fixed More Code Climate Issues

* added CISCO-NAC-TC-MIB

* added CISCO-NAC-TC-MIB

* Use Eloquent for DB access
Move print-nac into nac.inc.php
Rename module to generic nac, If implemented for other OS later this can be extended but the name should be the same
Add items required for testing

* Use Eloquent for DB access
Move print-nac into nac.inc.php
Rename module to generic nac, If implemented for other OS later this can be extended but the name should be the same
Add items required for testing

* no way to set device attrib and no need...

* no way to set device attrib and no need...

* add db schema

* add db schema

* fix link in device page, links for ports

* fix link in device page, links for ports

* Use ajax for table

* Use ajax for table

* fix tests

* fix tests

* change the columns to find existing entries to port_id and PortAuthSessionDomain

* change the columns to find existing entries to port_id and PortAuthSessionDomain

* Update 274.sql

* Update 274.sql

* Reorder Columns on NAC Page to Better Presentation

* Reorder Columns on NAC Page to Better Presentation

* rename database columns and update schema

* rename database columns and update schema

* add iftype to test data, rename variable

* add iftype to test data, rename variable

* correct types...

* correct types...

* Update 274.sql

* Update 274.sql

* order capture output

* Add model observer for nicer discovery output

* Add copyright to poller module

* Handle multiAuth, multiDomain and normal modes seperatly for determining unique entries.

* Use mac_address as the unique identifier

* update index

* Improve the data variety a bit

* remove accidental schema
2018-12-19 21:18:30 -06:00

2425 lines
78 KiB
Plaintext

-- *********************************************************************
-- CISCO-AUTH-FRAMEWORK-MIB.my: Authentication Framework configuration
-- and information MIB
--
-- August 2008, Binh Phu Le
--
-- Copyright (c) 2008-2009, 2010, 2013 by Cisco Systems Inc.
--
-- All rights reserved.
--
-- *******************************************************************
CISCO-AUTH-FRAMEWORK-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY,
OBJECT-TYPE,
NOTIFICATION-TYPE,
Unsigned32,
Integer32
FROM SNMPv2-SMI
MODULE-COMPLIANCE,
NOTIFICATION-GROUP,
OBJECT-GROUP
FROM SNMPv2-CONF
MacAddress,
TEXTUAL-CONVENTION,
TruthValue
FROM SNMPv2-TC
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB
InetAddress,
InetAddressType
FROM INET-ADDRESS-MIB
ifIndex,
ifName
FROM IF-MIB
VlanIndexOrZero
FROM CISCO-PRIVATE-VLAN-MIB
CnnEouPostureTokenString
FROM CISCO-NAC-TC-MIB
ciscoMgmt
FROM CISCO-SMI;
ciscoAuthFrameworkMIB MODULE-IDENTITY
LAST-UPDATED "201308230000Z"
ORGANIZATION "Cisco Systems Inc."
CONTACT-INFO
"Cisco Systems
Customer Service
Postal: 170 W Tasman Drive
San Jose, CA 95134
USA
Tel: +1 800 553 -NETS
E-mail: cs-ibns@cisco.com,
cs-lan-switch-snmp@cisco.com"
DESCRIPTION
"MIB module for Authentication Framework in the system.
Authentication Framework provides generic configurations
for authentication methods in the system and manage the
failover sequence of these methods in a flexible manner."
REVISION "201308230000Z"
DESCRIPTION
"Added notification cafAuthFailNotif.
Added new objects cafAuthFailNotifEnable and
cafAuthFailClient.
Added new groups cafAuthFailNotifGroup,
cafAuthFailNotifEnableGroup and cafAuthFailClientGroup.
A new compliance ciscoAuthFrameworkMIBCompliance4 is added
which deprecates ciscoAuthFrameworkMIBCompliance3."
REVISION "201011170000Z"
DESCRIPTION
"Added cafMacMoveConfigGroup and cafCoACommandConfigGroup
groups."
REVISION "201004010000Z"
DESCRIPTION
"Added value 'replace' to cafPortViolationAction."
REVISION "200904200000Z"
DESCRIPTION
"Added cafSessionVlanGroupNameGroup."
REVISION "200810240000Z"
DESCRIPTION
"Added value 'protect' to cafPortViolationAction."
REVISION "200808250000Z"
DESCRIPTION
"Initial version of this MIB module."
::= { ciscoMgmt 656 }
ciscoAuthFrameworkMIBNotifs OBJECT IDENTIFIER
::= { ciscoAuthFrameworkMIB 0 }
ciscoAuthFrameworkMIBObjects OBJECT IDENTIFIER
::= { ciscoAuthFrameworkMIB 1 }
ciscoAuthFrameworkMIBConform OBJECT IDENTIFIER
::= { ciscoAuthFrameworkMIB 2 }
ciscoAuthFrameworkSystem OBJECT IDENTIFIER
::= { ciscoAuthFrameworkMIBObjects 1 }
ciscoAuthFrwkAuthenticator OBJECT IDENTIFIER
::= { ciscoAuthFrameworkMIBObjects 2 }
ciscoAuthFrameworkEvent OBJECT IDENTIFIER
::= { ciscoAuthFrameworkMIBObjects 3 }
ciscoAuthFrameworkSession OBJECT IDENTIFIER
::= { ciscoAuthFrameworkMIBObjects 4 }
ciscoAuthFrwkNotifControl OBJECT IDENTIFIER
::= { ciscoAuthFrameworkMIBObjects 5 }
ciscoAuthFrwkNotifInfo OBJECT IDENTIFIER
::= { ciscoAuthFrameworkMIBObjects 6 }
-- Textual Conventions
CiscoAuthControlledDirections ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The controlled direction values for capable ports in
Authentication Framework.
both: control is required to be exerted over both
incoming and outgoing traffic through the
controlled port.
in : control is required to be exerted over the
incoming traffic through the controlled port."
SYNTAX INTEGER {
both(0),
in(1)
}
CiscoAuthControlledPortControl ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The authorization control values of Authentication
Framework on a controlled port.
forceUnauthorized: the controlled port is forced to
be unauthorized unconditionally.
auto : authorization of the controlled
port will be determined by an
authentication process.
forceAuthorized : The controlled port is forced to
be authorized unconditionally."
SYNTAX INTEGER {
forceUnauthorized(1),
auto(2),
forceAuthorized(3)
}
CiscoAuthMethod ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The authentication methods and protocols supported in
Authentication Framework.
other : none of the below.
dot1x : 802.1x Protocol.
macAuthBypass: MAC Authentication Bypass.
webAuth : Web-Proxy Authentication.
'other' is a read only value which can not be used in
set operation."
SYNTAX INTEGER {
other(1),
dot1x(2),
macAuthBypass(3),
webAuth(4)
}
CiscoAuthMethodList ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The list of authentication methods provided within
Authentication Framework.
Each octet represents an authentication method which
is defined in CiscoAuthMethod.
The DESCRIPTION clause of CiscoAuthMethodList objects
must fully describe the relationship between methods."
SYNTAX OCTET STRING
CiscoAuthHostMode ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The authentication mode of a controlled port.
singleHost: port allows one host to connect and authenticate
in a single domain.
multiHost : port allows multiple hosts to connect. Once
a host is authenticated, all remaining hosts are
also authenticated in a single domain.
multiAuth : port allows multiple hosts to connect. Each host
is authenticated separately in a single domain.
multiDomain: port allows multiple domains to be authenticated."
SYNTAX INTEGER {
singleHost(1),
multiHost(2),
multiAuth(3),
multiDomain(4)
}
-- ciscoAuthFrameworkSystem
cafAaaNoRespRecoveryDelay OBJECT-TYPE
SYNTAX Unsigned32
UNITS "milliseconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the AAA recovery delay for authentication methods
registered in Authentication Framework when AAA server becomes
active again after being inactive. A value of zero indicates
that AAA recovery delay is disabled in the system."
::= { ciscoAuthFrameworkSystem 1 }
cafAuthMethodRegTable OBJECT-TYPE
SYNTAX SEQUENCE OF CafAuthMethodRegEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A list of authentication methods which are currrently
registered with Authentication Framework.
An entry is created by the agent when an authentication method
has successfully registered with Authentication Framework.
An entry is deleted by the agent upon de-registration of the
authentication method."
::= { ciscoAuthFrameworkSystem 2 }
cafAuthMethodRegEntry OBJECT-TYPE
SYNTAX CafAuthMethodRegEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry containing registration information of a particular
authentication method with Authentication Framework."
INDEX { cafAuthMethod }
::= { cafAuthMethodRegTable 1 }
CafAuthMethodRegEntry ::= SEQUENCE {
cafAuthMethod CiscoAuthMethod,
cafAuthMethodDefaultPriority Unsigned32,
cafAuthMethodDefaultExecOrder Unsigned32
}
cafAuthMethod OBJECT-TYPE
SYNTAX CiscoAuthMethod
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The authentication method registered with Authentication
Framework."
::= { cafAuthMethodRegEntry 1 }
cafAuthMethodDefaultPriority OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A unique number which indicates the default priority of a
authentication method.
The default priority is assigned by Authentication Framework
during method registration. The method with smallest value
has highest priority."
::= { cafAuthMethodRegEntry 2 }
cafAuthMethodDefaultExecOrder OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A unique number which indicates the default execution order
of a authentication method.
The default execution order is assigned by Authentication
Framework during method registration. The method with
smallest value will be execute first."
::= { cafAuthMethodRegEntry 3 }
cafMacMoveMode OBJECT-TYPE
SYNTAX INTEGER {
deny(1),
permit(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the MAC Move configuration for
Authentication Framework.
deny : When a host is authenticated on one port,
that address is not allowed on another
authenticated manager-enabled port of the device.
permit: Authenticated hosts are allowed to move from one
port to another on the same device. When a host moves to
a new port, the authenticated session on the original
port is deleted, and the host is reauthenticated on the
new port."
::= { ciscoAuthFrameworkSystem 3 }
cafCoABouncePortCommandIgnoreEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies whether the device ignores the bounce
port command that sent from RADIUS via Change-of-Authorization
(CoA) packets."
::= { ciscoAuthFrameworkSystem 4 }
cafCoADisablePortCommandIgnoreEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies whether the device ingores the
disable port command that sent from RADIUS via
Change-of-Authorization (CoA) packets."
::= { ciscoAuthFrameworkSystem 5 }
-- ciscoAuthFrwkAuthenticator
cafPortConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF CafPortConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A list of port entries. An entry will exist for each
interface which support Authentication Framework feature."
::= { ciscoAuthFrwkAuthenticator 1 }
cafPortConfigEntry OBJECT-TYPE
SYNTAX CafPortConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry containing management information of Authentication
Framework applicable to a particular port."
INDEX { ifIndex }
::= { cafPortConfigTable 1 }
CafPortConfigEntry ::= SEQUENCE {
cafPortControlledDirection CiscoAuthControlledDirections,
cafPortFallBackProfile SnmpAdminString,
cafPortAuthHostMode CiscoAuthHostMode,
cafPortPreAuthOpenAccess TruthValue,
cafPortAuthorizeControl CiscoAuthControlledPortControl,
cafPortReauthEnabled TruthValue,
cafPortReauthInterval Unsigned32,
cafPortRestartInterval Unsigned32,
cafPortInactivityTimeout Integer32,
cafPortViolationAction INTEGER
}
cafPortControlledDirection OBJECT-TYPE
SYNTAX CiscoAuthControlledDirections
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the controlled direction of this port."
::= { cafPortConfigEntry 1 }
cafPortFallBackProfile OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the name of the fallback profile to be used when
failing over to Web Proxy Authentication. A zero length
string indicates that fallback mechanism to Web Proxy
Authentication is disabled in Authentication Framework."
::= { cafPortConfigEntry 2 }
cafPortAuthHostMode OBJECT-TYPE
SYNTAX CiscoAuthHostMode
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the authentication host mode for this port."
::= { cafPortConfigEntry 3 }
cafPortPreAuthOpenAccess OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies if the Pre-Authentication Open Access feature
allows clients/devices to gain network access before
authentication is performed.
A value of 'true' for this object indicates that client/device
is able to gain network access before authentication is
performed."
::= { cafPortConfigEntry 4 }
cafPortAuthorizeControl OBJECT-TYPE
SYNTAX CiscoAuthControlledPortControl
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the authorization control for this port."
::= { cafPortConfigEntry 5 }
cafPortReauthEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies if reauthentication is enabled for this port."
::= { cafPortConfigEntry 6 }
cafPortReauthInterval OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the reauthentication interval, after which the port
will be reauthenticated if value of the corresponding instance
of cafPortReauthEnabled is 'true'.
A value of zero indicates that the reauthentication interval
is downloaded from AAA server when this port is authenticated."
::= { cafPortConfigEntry 7 }
cafPortRestartInterval OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the interval after which a further authentication
attempt should be made to this port if it is not authorized.
A value of zero indicates that no further authentication attempt
will be made if this port is unauthorized."
::= { cafPortConfigEntry 8 }
cafPortInactivityTimeout OBJECT-TYPE
SYNTAX Integer32 (-1 | 0 | 1..65535)
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the period of time that a client associating with
this
port is allowed to be inactive before being terminated.
A value of zero indicates that inactivity timeout is disabled on
this port.
A value of -1 indicates that inactivity timeout is downloaded
from the AAA server when this port is authenticated."
::= { cafPortConfigEntry 9 }
cafPortViolationAction OBJECT-TYPE
SYNTAX INTEGER {
restrict(1),
shutdown(2),
protect(3),
replace(4)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the action to be taken due to a security violation
occurs on this port.
restrict: This port will be moved to restricted state.
shutdown: This port will be shutdown from Authentication
Framework perspective.
protect : This port will be moved to protected state.
replace : The current authentication session on this
port will be terminated and replaced by a new
authentication session, upon the detection of
security violation on the current authentication
session on the port."
::= { cafPortConfigEntry 10 }
cafPortMethodTable OBJECT-TYPE
SYNTAX SEQUENCE OF CafPortMethodEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table contains a list of port entries. An entry will exist
for each port which supports Authentication Framework feature."
::= { ciscoAuthFrwkAuthenticator 2 }
cafPortMethodEntry OBJECT-TYPE
SYNTAX CafPortMethodEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Entry containing configuration and information of
authentication methods for a particular port."
INDEX { ifIndex }
::= { cafPortMethodTable 1 }
CafPortMethodEntry ::= SEQUENCE {
cafPortMethodAdminExecOrder CiscoAuthMethodList,
cafPortMethodAdminPriority CiscoAuthMethodList,
cafPortMethodAvailable CiscoAuthMethodList,
cafPortMethodOperExecOrder CiscoAuthMethodList,
cafPortMethodOperPriority CiscoAuthMethodList
}
cafPortMethodAdminExecOrder OBJECT-TYPE
SYNTAX CiscoAuthMethodList
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the administrative execution order of
authentication methods on the port. Methods are executed in
the order as specified in the method list.
Method which is at the beginning of the method list will be
executed first. Method which is at the end of method list
will be executed last.
A zero length string of this object indicates that no per
port execution order configuration has been specified on
this port. The actual execution order is based on the value
of cafAuthMethodDefaultExecOrder in cafAuthMethodRegTable."
::= { cafPortMethodEntry 1 }
cafPortMethodAdminPriority OBJECT-TYPE
SYNTAX CiscoAuthMethodList
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the administrative priority of
authentication methods on the port. The priority of
each method is assigned based on the method list.
Method which is at the beginning of the method list has
highest priority. Method which is at the end of method list
has lowest priority.
A zero length string of this object indicates that no per
port method priority configuration has been specified on
this port. The actual execution order is based on the value
of cafAuthMethodDefaultExecOrder in cafAuthMethodRegTable."
::= { cafPortMethodEntry 2 }
cafPortMethodAvailable OBJECT-TYPE
SYNTAX CiscoAuthMethodList
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the authentication methods currently
available on this port."
::= { cafPortMethodEntry 3 }
cafPortMethodOperExecOrder OBJECT-TYPE
SYNTAX CiscoAuthMethodList
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the operational execution order of
authentication methods on this port. Methods are executed in
the order as specified in the method list.
Method which is at the beginning of the method list will be
executed first. Method which is at the end of method list
will be executed last."
::= { cafPortMethodEntry 4 }
cafPortMethodOperPriority OBJECT-TYPE
SYNTAX CiscoAuthMethodList
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the operational priority of
authentication methods on this port. Methods have the
priority as specified in the method list.
Method which is at the beginning of the method list has
highest priority. Method which is at the end of method list
has lowest priority."
::= { cafPortMethodEntry 5 }
-- ciscoAuthFrameworkEvent
cafAuthFailedEventPortTable OBJECT-TYPE
SYNTAX SEQUENCE OF CafAuthFailedEventPortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table contains a list of port entries.
An entry will exist for each port which supports Authentication
Fail event within the Authentication Framework."
::= { ciscoAuthFrameworkEvent 1 }
cafAuthFailedEventPortEntry OBJECT-TYPE
SYNTAX CafAuthFailedEventPortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Entry containing management information of Authentication
Fail event for a particular port."
INDEX { ifIndex }
::= { cafAuthFailedEventPortTable 1 }
CafAuthFailedEventPortEntry ::= SEQUENCE {
cafAuthFailedMaxRetry Unsigned32,
cafAuthFailedNoActionEnabled TruthValue,
cafAuthFailedAuthorizedVlan Integer32,
cafAuthFailedNextMethodEnabled TruthValue
}
cafAuthFailedMaxRetry OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the maximum number of retry should be
performed before generating Authentication Fail event.
A value of zero indicates that Authentication Fail event will
be generated upon authentication fail without any retry."
::= { cafAuthFailedEventPortEntry 1 }
cafAuthFailedNoActionEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies whether no action will be performed
when an Authentication Fail event occurs.
Setting 'true' on this object indicates that no action will
be performed when Authentication Fail event occurs.
The read-only value 'false' indicates that an action will
be performed when an Authentication Fail event occurs."
::= { cafAuthFailedEventPortEntry 2 }
cafAuthFailedAuthorizedVlan OBJECT-TYPE
SYNTAX Integer32 (-1 | 0 | 1..2147483647)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the Authentication Failed VLAN number.
The read-only value of -1 indicates that this object is not
applicable on this port.
The read-only value of zero indicates that this port will not be
authorized to any VLAN when Authentication Failed event occurs.
Setting a non-zero value on this object indicates that this port
will be authorized to the VLAN as specified by this object
value, when Authentication Fail event occurs."
::= { cafAuthFailedEventPortEntry 3 }
cafAuthFailedNextMethodEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies whether the next authentication method
will be used if an Authentication Fail event is generated by the
current authentication method.
Setting this object to 'true' indicates that the next available
authentication method will be used when Authentication Fail
event occurs.
The read-only value 'false' indicates that the next available
authentication method will not be used when Authentication Fail
event occurs."
::= { cafAuthFailedEventPortEntry 4 }
cafSecurityViolationClient OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The MAC address included in the notification currently being
sent, indicating the client who triggered the security violation
notification."
::= { ciscoAuthFrwkNotifInfo 1 }
cafAuthFailClient OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The MAC address included in the cafAuthFailNotif being
sent, indicating the client which failed to authenticate."
::= { ciscoAuthFrwkNotifInfo 2 }
cafClientNoRespEventPortTable OBJECT-TYPE
SYNTAX SEQUENCE OF CafClientNoRespEventPortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table contains a list of port entries.
An entry exists for each port which supports No Response
event within the Authentication Framework."
::= { ciscoAuthFrameworkEvent 2 }
cafClientNoRespEventPortEntry OBJECT-TYPE
SYNTAX CafClientNoRespEventPortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Entry containing management information of No Response
event for a particular port."
INDEX { ifIndex }
::= { cafClientNoRespEventPortTable 1 }
CafClientNoRespEventPortEntry ::= SEQUENCE {
cafClientNoRespNoActionEnabled TruthValue,
cafClientNoRespAuthorizedVlan Integer32
}
cafClientNoRespNoActionEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies whether an action is performed when No
Response event occurs.
Setting 'true' on this object indicates that no action will
be performed when No Response event occurs.
The read-only value 'false' of this object indicates that an
action will be performed when No Response event occurs."
::= { cafClientNoRespEventPortEntry 1 }
cafClientNoRespAuthorizedVlan OBJECT-TYPE
SYNTAX Integer32 (-1 | 0 | 1..2147483647)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the No Response Authorized VLAN number.
The read-only value of -1 indicates that this object is not
applicable on this port.
The read-only value of zero indicates that this port will not be
authorized to any VLAN when No Response event occurs.
Setting a non-zero value on this object indicates that this port
will be authorized to the VLAN as specified by this object
value, when No Response event occurs."
::= { cafClientNoRespEventPortEntry 2 }
cafServerEventPortTable OBJECT-TYPE
SYNTAX SEQUENCE OF CafServerEventPortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table contains a list of port entries.
An entry exists for each port which supports AAA Server
Reachability event within the Authentication Framework."
::= { ciscoAuthFrameworkEvent 3 }
cafServerEventPortEntry OBJECT-TYPE
SYNTAX CafServerEventPortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Entry containing management information of AAA Server
Reachability event for a particular port."
INDEX { ifIndex }
::= { cafServerEventPortTable 1 }
CafServerEventPortEntry ::= SEQUENCE {
cafServerDeadNoActionEnabled TruthValue,
cafServerDeadRemainAuthorized TruthValue,
cafServerDeadAuthorizedVlan Integer32,
cafServerAliveAction INTEGER
}
cafServerDeadNoActionEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates whether an action is performed if an
AAA Server Reachability event occurs.
Setting 'true' on this object indicates that no action
will be performed when AAA Server Reachability event occurs.
The read-only value 'false' indicates that an action will
be performed when AAA Server Reachability event occurs."
::= { cafServerEventPortEntry 1 }
cafServerDeadRemainAuthorized OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies if current authorization will remain
unchanged for the port when AAA Server Reachability event
occurs.
Setting 'true' on this object indicates that current
authorization will remain unchanged for the port when AAA
Server Reachability event occurs.
The read-only value 'false' indicates that the current
authorization will not be retained for the port when
AAA Server Reachability event occurs."
::= { cafServerEventPortEntry 2 }
cafServerDeadAuthorizedVlan OBJECT-TYPE
SYNTAX Integer32 (-1 | 0 | 1..2147483647)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the AAA Server Reachability
Authorized VLAN number.
The read-only value of -1 indicates that this object is not
applicable on this port.
The read-only value of zero indicates that this port will not
be authorized to any VLAN when AAA Server Reachability event
occurs.
Setting a non-zero value on this object indicates that this port
will be authorized to the VLAN as specified by this object
value, when AAA Server Reachability event occurs."
::= { cafServerEventPortEntry 3 }
cafServerAliveAction OBJECT-TYPE
SYNTAX INTEGER {
none(1),
reinitialize(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the action applied to the port upon AAA
recovery.
none : no action will be applied.
reinitialize: the port will be reinitialized with the current
authentication method."
::= { cafServerEventPortEntry 4 }
-- ciscoAuthFrameworkSession
cafSessionTable OBJECT-TYPE
SYNTAX SEQUENCE OF CafSessionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table contains a list of authentication session.
An entry is created when an authentication session has
successfully created within Authentication Framework.
An entry is deleted when an authentication session has been
removed."
::= { ciscoAuthFrameworkSession 1 }
cafSessionEntry OBJECT-TYPE
SYNTAX CafSessionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Entry containing management information for a particular
authentication session."
INDEX {
ifIndex,
IMPLIED cafSessionId
}
::= { cafSessionTable 1 }
CafSessionEntry ::= SEQUENCE {
cafSessionId OCTET STRING,
cafSessionClientMacAddress MacAddress,
cafSessionClientAddrType InetAddressType,
cafSessionClientAddress InetAddress,
cafSessionStatus INTEGER,
cafSessionDomain INTEGER,
cafSessionAuthHostMode CiscoAuthHostMode,
cafSessionControlledDirection CiscoAuthControlledDirections,
cafSessionPostureToken CnnEouPostureTokenString,
cafSessionAuthUserName SnmpAdminString,
cafSessionClientFramedIpPool SnmpAdminString,
cafSessionAuthorizedBy SnmpAdminString,
cafSessionCriticalTimeLeft Unsigned32,
cafSessionAuthVlan VlanIndexOrZero,
cafSessionTimeout Unsigned32,
cafSessionTimeLeft Unsigned32,
cafSessionTimeoutAction INTEGER,
cafSessionInactivityTimeout Unsigned32,
cafSessionInactivityTimeLeft Unsigned32,
cafSessionReauth TruthValue,
cafSessionTerminate TruthValue,
cafSessionVlanGroupName SnmpAdminString
}
cafSessionId OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..64))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A unique identifier of the authentication session."
::= { cafSessionEntry 1 }
cafSessionClientMacAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the MAC address of the device associates with the
authentication session."
::= { cafSessionEntry 2 }
cafSessionClientAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the type of Internet address of the client
associates with the authentication session."
::= { cafSessionEntry 3 }
cafSessionClientAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the Internet address of the client associates with
the authentication session. The type of this address is
determined by the value of cafSessionClientAddrType object."
::= { cafSessionEntry 4 }
cafSessionStatus OBJECT-TYPE
SYNTAX INTEGER {
idle(1),
running(2),
noMethod(3),
authenticationSuccess(4),
authenticationFailed(5),
authorizationSuccess(6),
authorizationFailed(7)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the current status of the authentication session.
idle : the session has been initialized and no
method has run yet.
running : an authentication method is running for
this session.
noMethod : no authentication method has provided a
result for this session.
authenticationSuccess: an authentication method has resulted
in authentication success for this session.
authenticationFailed: an authentication method has resulted
in authentication failed for this session.
authorizationSuccess: authorization is successful for this
session.
authorizationFailed : authorization is failed for this
session."
::= { cafSessionEntry 5 }
cafSessionDomain OBJECT-TYPE
SYNTAX INTEGER {
other(1),
data(2),
voice(3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the type of domain that the authentication session
belongs to.
other : none of the below.
data : indicates the data domain.
voice: indicates the voice domain."
::= { cafSessionEntry 6 }
cafSessionAuthHostMode OBJECT-TYPE
SYNTAX CiscoAuthHostMode
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the authentication host mode of the port in the
authentication session."
::= { cafSessionEntry 7 }
cafSessionControlledDirection OBJECT-TYPE
SYNTAX CiscoAuthControlledDirections
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the operational controlled directions parameter
for this port in the authentication session."
::= { cafSessionEntry 8 }
cafSessionPostureToken OBJECT-TYPE
SYNTAX CnnEouPostureTokenString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the posture token associates with the authentication
session."
::= { cafSessionEntry 9 }
cafSessionAuthUserName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the name of the authenticated user for the
authentication session."
::= { cafSessionEntry 10 }
cafSessionClientFramedIpPool OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the name of the address pool from which the
session's client IP address is assigned."
::= { cafSessionEntry 11 }
cafSessionAuthorizedBy OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the name of the feature which authorizes the
authentication session."
::= { cafSessionEntry 12 }
cafSessionCriticalTimeLeft OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the leftover time before the next authentication
attempt for the authentication session after Server Reachability
event occurred. Value zero indicates that this session is
currently being authenticated or it is not applicable."
::= { cafSessionEntry 13 }
cafSessionAuthVlan OBJECT-TYPE
SYNTAX VlanIndexOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the authorized VLAN applied to the authentication
session. Value zero indicates that no authorized VLAN has been
applied, or it is not applicable."
::= { cafSessionEntry 14 }
cafSessionTimeout OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the session timeout used by Authentication
Framework in the authentication session."
::= { cafSessionEntry 15 }
cafSessionTimeLeft OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the leftover time of the current authentication
session."
::= { cafSessionEntry 16 }
cafSessionTimeoutAction OBJECT-TYPE
SYNTAX INTEGER {
unknown(1),
terminate(2),
reauthenticate(3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the timeout action on the authentication session,
when value of the corresponding instance of cafSessionTimeLeft
reaches zero.
unknown : None of the below.
terminate : Session will be terminated.
reauthenticate: Session will be reauthenticated."
::= { cafSessionEntry 17 }
cafSessionInactivityTimeout OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the inactivity timeout used by Authentication
Framework in the authentication session."
::= { cafSessionEntry 18 }
cafSessionInactivityTimeLeft OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the leftover time of the inactivity timer of
the authentication session."
::= { cafSessionEntry 19 }
cafSessionReauth OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The reauthentication control for the authentication session.
Setting this object to 'true' cause the current authenticated
session to reauthenticate the authenticated client. Setting
this object to 'false' has no effect.
This object always returns 'false' when being read."
::= { cafSessionEntry 20 }
cafSessionTerminate OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The termination request control for the authentication session.
Setting this object to 'true' terminates the current session.
Setting this object to 'false' has no effect.
This object always returns 'false' when being read."
::= { cafSessionEntry 21 }
cafSessionVlanGroupName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The name of the VLAN group that has been used during VLAN
assignment for this session.
A zero length string indicates that there is no VLAN group been
used during VLAN assignment."
::= { cafSessionEntry 22 }
cafSessionMethodsInfoTable OBJECT-TYPE
SYNTAX SEQUENCE OF CafSessionMethodsInfoEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table contains a list of authentication method for every
authentication session.
An entry exists for each authentication method that can
authenticate an authentication session within
Authentication Framework."
::= { ciscoAuthFrameworkSession 2 }
cafSessionMethodsInfoEntry OBJECT-TYPE
SYNTAX CafSessionMethodsInfoEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Entry containing method information for a particular runnable
authentication methods which is associated with a session for
an Authentication Framework managed port."
INDEX {
ifIndex,
cafSessionId,
cafSessionMethod
}
::= { cafSessionMethodsInfoTable 1 }
CafSessionMethodsInfoEntry ::= SEQUENCE {
cafSessionMethod CiscoAuthMethod,
cafSessionMethodState INTEGER
}
cafSessionMethod OBJECT-TYPE
SYNTAX CiscoAuthMethod
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates this authentication method."
::= { cafSessionMethodsInfoEntry 1 }
cafSessionMethodState OBJECT-TYPE
SYNTAX INTEGER {
notRun(1),
running(2),
failedOver(3),
authcSuccess(4),
authcFailed(5)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the state of this authentication method.
notRun : The method has not run for this session.
running : The method is running for this session.
failedOver : The method has failed and the next method is
expected to provide a result.
authcSuccess: The method has provided a successful
authentication result for this session.
authcFailed : The method has provided a failed authentication
result for this session."
::= { cafSessionMethodsInfoEntry 2 }
-- Notifications and notification controls
cafSecurityViolationNotifEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This variable indicates whether the system produces
the cafSecurityViolationNotif.
A 'false' value will prevent cafSecurityViolationNotif
from being generated by this system."
::= { ciscoAuthFrwkNotifControl 1 }
cafAuthFailNotifEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies whether the system produces
the cafAuthFailNotif.
A 'true' value will cause cafAuthFailNotif to be generated by
this system when an authentication failure happens.
A 'false' value will prevent cafAuthFailNotif
from being generated by this system."
::= { ciscoAuthFrwkNotifControl 2 }
cafSecurityViolationNotif NOTIFICATION-TYPE
OBJECTS {
ifIndex,
ifName,
cafSecurityViolationClient
}
STATUS current
DESCRIPTION
"A cafSecurityViolationNotif is sent if a security violation
is detected on a port, and the instance value of
cafSecurityViolationNotifEnable is 'true'."
::= { ciscoAuthFrameworkMIBNotifs 1 }
cafAuthFailNotif NOTIFICATION-TYPE
OBJECTS {
ifName,
cafAuthFailClient
}
STATUS current
DESCRIPTION
"A cafAuthFailNotif is sent if an authentication failure is
detected on a port, and the instance value of
cafAuthFailNotifEnable is 'true'.
ifName contains the name of the interface where the
authentication failure happened.
cafAuthFailClient contains the mac address of the client which
failed to authenticate."
::= { ciscoAuthFrameworkMIBNotifs 2 }
-- Conformance
ciscoAuthFrameworkMIBCompliances OBJECT IDENTIFIER
::= { ciscoAuthFrameworkMIBConform 1 }
ciscoAuthFrameworkMIBGroups OBJECT IDENTIFIER
::= { ciscoAuthFrameworkMIBConform 2 }
ciscoAuthFrameworkMIBCompliance MODULE-COMPLIANCE
STATUS deprecated
DESCRIPTION
"The compliance statement for entities which implement
CISCO-AUTH-FRAMEWORK-MIB."
MODULE -- this module
MANDATORY-GROUPS {
cafAuthMethodRegGroup,
cafAuthPortConfigGroup,
cafPortMethodGroup,
cafSessionGroup,
cafSessionMethodInfoGroup
}
GROUP cafAaaNoRespRecoveryDelayGroup
DESCRIPTION
"This group is mandatory in devices running software which
provide AAA recovery delay configuration for Authentication
Framework."
GROUP cafAuthFailedEventGroup
DESCRIPTION
"This group is mandatory in devices running software which
provide configuration for Authentication Framework on its
capable ports, when Authentication Fail event occurs."
GROUP cafClientNoRespEventGroup
DESCRIPTION
"This group is mandatory in devices running software which
provide configuration for Authentication Framework to authorize
ports in a special VLAN when non-capable clients are
detected."
GROUP cafServerEventGroup
DESCRIPTION
"This group is mandatory in devices running software which
provide configuration for Authentication Framework on
authenticated ports when AAA Server Reachability event occurs."
GROUP cafSecViolationNotifEnableGroup
DESCRIPTION
"This group is mandatory in devices running software which
support security violation notification for Authentication
Framework."
GROUP cafSecurityViolationNotifGroup
DESCRIPTION
"This group is mandatory in devices running software which
support security violation notification for Authentication
Framework."
GROUP cafSecurityViolationClientGroup
DESCRIPTION
"This group is mandatory in devices running software which
support security violation notification for Authentication
Framework."
OBJECT cafAaaNoRespRecoveryDelay
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortControlledDirection
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortFallBackProfile
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortAuthHostMode
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortPreAuthOpenAccess
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortAuthorizeControl
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortReauthEnabled
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortReauthInterval
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortRestartInterval
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortInactivityTimeout
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortViolationAction
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortMethodAdminExecOrder
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortMethodAdminPriority
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafAuthFailedMaxRetry
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafAuthFailedNoActionEnabled
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafAuthFailedAuthorizedVlan
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafAuthFailedNextMethodEnabled
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafClientNoRespNoActionEnabled
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafClientNoRespAuthorizedVlan
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafServerDeadNoActionEnabled
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafServerDeadRemainAuthorized
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafServerDeadAuthorizedVlan
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafServerAliveAction
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafSessionReauth
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafSessionTerminate
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafSecurityViolationNotifEnable
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
::= { ciscoAuthFrameworkMIBCompliances 1 }
ciscoAuthFrameworkMIBCompliance2 MODULE-COMPLIANCE
STATUS deprecated
DESCRIPTION
"The compliance statement for entities which implement
CISCO-AUTH-FRAMEWORK-MIB."
MODULE -- this module
MANDATORY-GROUPS {
cafAuthMethodRegGroup,
cafAuthPortConfigGroup,
cafPortMethodGroup,
cafSessionGroup,
cafSessionMethodInfoGroup
}
GROUP cafAaaNoRespRecoveryDelayGroup
DESCRIPTION
"This group is mandatory in devices running software which
provide AAA recovery delay configuration for Authentication
Framework."
GROUP cafAuthFailedEventGroup
DESCRIPTION
"This group is mandatory in devices running software which
provide configuration for Authentication Framework on its
capable ports, when Authentication Fail event occurs."
GROUP cafClientNoRespEventGroup
DESCRIPTION
"This group is mandatory in devices running software which
provide configuration for Authentication Framework to authorize
ports in a special VLAN when non-capable clients are
detected."
GROUP cafServerEventGroup
DESCRIPTION
"This group is mandatory in devices running software which
provide configuration for Authentication Framework on
authenticated ports when AAA Server Reachability event occurs."
GROUP cafSecViolationNotifEnableGroup
DESCRIPTION
"This group is mandatory in devices running software which
support security violation notification for Authentication
Framework."
GROUP cafSecurityViolationNotifGroup
DESCRIPTION
"This group is mandatory in devices running software which
support security violation notification for Authentication
Framework."
GROUP cafSecurityViolationClientGroup
DESCRIPTION
"This group is mandatory in devices running software which
support security violation notification for Authentication
Framework."
GROUP cafSessionVlanGroupNameGroup
DESCRIPTION
"This group is mandatory in devices running software which
provide VLAN group information for Authentication
Framework."
OBJECT cafAaaNoRespRecoveryDelay
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortControlledDirection
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortFallBackProfile
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortAuthHostMode
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortPreAuthOpenAccess
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortAuthorizeControl
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortReauthEnabled
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortReauthInterval
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortRestartInterval
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortInactivityTimeout
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortViolationAction
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortMethodAdminExecOrder
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortMethodAdminPriority
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafAuthFailedMaxRetry
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafAuthFailedNoActionEnabled
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafAuthFailedAuthorizedVlan
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafAuthFailedNextMethodEnabled
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafClientNoRespNoActionEnabled
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafClientNoRespAuthorizedVlan
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafServerDeadNoActionEnabled
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafServerDeadRemainAuthorized
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafServerDeadAuthorizedVlan
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafServerAliveAction
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafSessionReauth
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafSessionTerminate
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafSecurityViolationNotifEnable
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
::= { ciscoAuthFrameworkMIBCompliances 2 }
ciscoAuthFrameworkMIBCompliance3 MODULE-COMPLIANCE
STATUS deprecated
DESCRIPTION
"The compliance statement for entities which implement
CISCO-AUTH-FRAMEWORK-MIB."
MODULE -- this module
MANDATORY-GROUPS {
cafAuthMethodRegGroup,
cafAuthPortConfigGroup,
cafPortMethodGroup,
cafSessionGroup,
cafSessionMethodInfoGroup
}
GROUP cafAaaNoRespRecoveryDelayGroup
DESCRIPTION
"This group is mandatory in devices running software which
provide AAA recovery delay configuration for Authentication
Framework."
GROUP cafAuthFailedEventGroup
DESCRIPTION
"This group is mandatory in devices running software which
provide configuration for Authentication Framework on its
capable ports, when Authentication Fail event occurs."
GROUP cafClientNoRespEventGroup
DESCRIPTION
"This group is mandatory in devices running software which
provide configuration for Authentication Framework to authorize
ports in a special VLAN when non-capable clients are
detected."
GROUP cafServerEventGroup
DESCRIPTION
"This group is mandatory in devices running software which
provide configuration for Authentication Framework on
authenticated ports when AAA Server Reachability event occurs."
GROUP cafSecViolationNotifEnableGroup
DESCRIPTION
"This group is mandatory in devices running software which
support security violation notification for Authentication
Framework."
GROUP cafSecurityViolationNotifGroup
DESCRIPTION
"This group is mandatory in devices running software which
support security violation notification for Authentication
Framework."
GROUP cafSecurityViolationClientGroup
DESCRIPTION
"This group is mandatory in devices running software which
support security violation notification for Authentication
Framework."
GROUP cafSessionVlanGroupNameGroup
DESCRIPTION
"This group is mandatory in devices running software which
provide VLAN group information for Authentication
Framework."
GROUP cafMacMoveConfigGroup
DESCRIPTION
"This group is mandatory in devices running software which
provide MAC move configuration for Authentication Framework."
GROUP cafCoACommandConfigGroup
DESCRIPTION
"This group is mandatory in devices running software which
provide configuration for behavor for CoA commands for
Authentication Framework."
OBJECT cafAaaNoRespRecoveryDelay
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortControlledDirection
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortFallBackProfile
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortAuthHostMode
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortPreAuthOpenAccess
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortAuthorizeControl
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortReauthEnabled
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortReauthInterval
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortRestartInterval
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortInactivityTimeout
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortViolationAction
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortMethodAdminExecOrder
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortMethodAdminPriority
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafAuthFailedMaxRetry
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafAuthFailedNoActionEnabled
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafAuthFailedAuthorizedVlan
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafAuthFailedNextMethodEnabled
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafClientNoRespNoActionEnabled
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafClientNoRespAuthorizedVlan
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafServerDeadNoActionEnabled
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafServerDeadRemainAuthorized
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafServerDeadAuthorizedVlan
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafServerAliveAction
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafSessionReauth
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafSessionTerminate
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafSecurityViolationNotifEnable
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafMacMoveMode
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafCoABouncePortCommandIgnoreEnabled
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafCoADisablePortCommandIgnoreEnabled
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
::= { ciscoAuthFrameworkMIBCompliances 3 }
ciscoAuthFrameworkMIBCompliance4 MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for entities which implement
CISCO-AUTH-FRAMEWORK-MIB."
MODULE -- this module
MANDATORY-GROUPS {
cafAuthMethodRegGroup,
cafAuthPortConfigGroup,
cafPortMethodGroup,
cafSessionGroup,
cafSessionMethodInfoGroup
}
GROUP cafAaaNoRespRecoveryDelayGroup
DESCRIPTION
"This group is mandatory in devices running software which
provide AAA recovery delay configuration for Authentication
Framework."
GROUP cafAuthFailedEventGroup
DESCRIPTION
"This group is mandatory in devices running software which
provide configuration for Authentication Framework on its
capable ports, when Authentication Fail event occurs."
GROUP cafClientNoRespEventGroup
DESCRIPTION
"This group is mandatory in devices running software which
provide configuration for Authentication Framework to authorize
ports in a special VLAN when non-capable clients are
detected."
GROUP cafServerEventGroup
DESCRIPTION
"This group is mandatory in devices running software which
provide configuration for Authentication Framework on
authenticated ports when AAA Server Reachability event occurs."
GROUP cafSecViolationNotifEnableGroup
DESCRIPTION
"This group is mandatory in devices running software which
support security violation notification for Authentication
Framework."
GROUP cafSecurityViolationNotifGroup
DESCRIPTION
"This group is mandatory in devices running software which
support security violation notification for Authentication
Framework."
GROUP cafSecurityViolationClientGroup
DESCRIPTION
"This group is mandatory in devices running software which
support security violation notification for Authentication
Framework."
GROUP cafSessionVlanGroupNameGroup
DESCRIPTION
"This group is mandatory in devices running software which
provide VLAN group information for Authentication
Framework."
GROUP cafMacMoveConfigGroup
DESCRIPTION
"This group is mandatory in devices running software which
provide MAC move configuration for Authentication Framework."
GROUP cafCoACommandConfigGroup
DESCRIPTION
"This group is mandatory in devices running software which
provide configuration for behavor for CoA commands for
Authentication Framework."
GROUP cafAuthFailNotifGroup
DESCRIPTION
"This group is mandatory in devices running software which
support authentication failure notification for Authentication
Framework."
GROUP cafAuthFailNotifEnableGroup
DESCRIPTION
"This group is mandatory in devices running software which
support authentication failure notification for Authentication
Framework."
GROUP cafAuthFailClientGroup
DESCRIPTION
"This group is mandatory in devices running software which
support authentication failure notification for Authentication
Framework."
OBJECT cafAaaNoRespRecoveryDelay
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortControlledDirection
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortFallBackProfile
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortAuthHostMode
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortPreAuthOpenAccess
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortAuthorizeControl
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortReauthEnabled
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortReauthInterval
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortRestartInterval
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortInactivityTimeout
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortViolationAction
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortMethodAdminExecOrder
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafPortMethodAdminPriority
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafAuthFailedMaxRetry
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafAuthFailedNoActionEnabled
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafAuthFailedAuthorizedVlan
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafAuthFailedNextMethodEnabled
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafClientNoRespNoActionEnabled
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafClientNoRespAuthorizedVlan
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafServerDeadNoActionEnabled
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafServerDeadRemainAuthorized
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafServerDeadAuthorizedVlan
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafServerAliveAction
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafSessionReauth
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafSessionTerminate
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafSecurityViolationNotifEnable
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafMacMoveMode
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafCoABouncePortCommandIgnoreEnabled
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT cafCoADisablePortCommandIgnoreEnabled
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
::= { ciscoAuthFrameworkMIBCompliances 4 }
-- Units of Conformance
cafAuthMethodRegGroup OBJECT-GROUP
OBJECTS {
cafAuthMethodDefaultPriority,
cafAuthMethodDefaultExecOrder
}
STATUS current
DESCRIPTION
"A collection of objects that provides registration
information of authentication methods in Authentication
Framework."
::= { ciscoAuthFrameworkMIBGroups 1 }
cafAaaNoRespRecoveryDelayGroup OBJECT-GROUP
OBJECTS { cafAaaNoRespRecoveryDelay }
STATUS current
DESCRIPTION
"A collection of objects that provides AAA recovery delay
configuration for Authentication Framework in the system."
::= { ciscoAuthFrameworkMIBGroups 2 }
cafAuthPortConfigGroup OBJECT-GROUP
OBJECTS {
cafPortControlledDirection,
cafPortFallBackProfile,
cafPortAuthHostMode,
cafPortPreAuthOpenAccess,
cafPortAuthorizeControl,
cafPortReauthEnabled,
cafPortReauthInterval,
cafPortRestartInterval,
cafPortInactivityTimeout,
cafPortViolationAction
}
STATUS current
DESCRIPTION
"A collection of objects that provides configuration of
Authentication Framework for capable ports in the system."
::= { ciscoAuthFrameworkMIBGroups 3 }
cafPortMethodGroup OBJECT-GROUP
OBJECTS {
cafPortMethodAdminExecOrder,
cafPortMethodAdminPriority,
cafPortMethodAvailable,
cafPortMethodOperExecOrder,
cafPortMethodOperPriority
}
STATUS current
DESCRIPTION
"A collection of objects that provides configuration and
information of authentication methods within Authentication
Framework for capable ports in the system."
::= { ciscoAuthFrameworkMIBGroups 4 }
cafAuthFailedEventGroup OBJECT-GROUP
OBJECTS {
cafAuthFailedMaxRetry,
cafAuthFailedNoActionEnabled,
cafAuthFailedAuthorizedVlan,
cafAuthFailedNextMethodEnabled
}
STATUS current
DESCRIPTION
"A collection of objects that provides configuration of
Auth-Failed behaviour of Authentication Framework for
ports in the system."
::= { ciscoAuthFrameworkMIBGroups 5 }
cafClientNoRespEventGroup OBJECT-GROUP
OBJECTS {
cafClientNoRespNoActionEnabled,
cafClientNoRespAuthorizedVlan
}
STATUS current
DESCRIPTION
"A collection of objects that provides configuration of
Authentication Framework when no-responsive client is detected
on a port in the system."
::= { ciscoAuthFrameworkMIBGroups 6 }
cafServerEventGroup OBJECT-GROUP
OBJECTS {
cafServerDeadNoActionEnabled,
cafServerDeadRemainAuthorized,
cafServerDeadAuthorizedVlan,
cafServerAliveAction
}
STATUS current
DESCRIPTION
"A collection of objects that provides configuration of
Authentication Framework when AAA Server Reachability event
occurs."
::= { ciscoAuthFrameworkMIBGroups 7 }
cafSessionGroup OBJECT-GROUP
OBJECTS {
cafSessionClientMacAddress,
cafSessionClientAddrType,
cafSessionClientAddress,
cafSessionDomain,
cafSessionStatus,
cafSessionAuthHostMode,
cafSessionControlledDirection,
cafSessionPostureToken,
cafSessionAuthUserName,
cafSessionClientFramedIpPool,
cafSessionAuthorizedBy,
cafSessionCriticalTimeLeft,
cafSessionAuthVlan,
cafSessionTimeout,
cafSessionTimeLeft,
cafSessionTimeoutAction,
cafSessionInactivityTimeout,
cafSessionInactivityTimeLeft,
cafSessionReauth,
cafSessionTerminate
}
STATUS current
DESCRIPTION
"A collection of objects that provides authentication session
management information for Authentication Framework."
::= { ciscoAuthFrameworkMIBGroups 8 }
cafSessionMethodInfoGroup OBJECT-GROUP
OBJECTS { cafSessionMethodState }
STATUS current
DESCRIPTION
"A collection of objects that provides information about
authentication methods associate with Authentication Framework
's authentication sessions in the system."
::= { ciscoAuthFrameworkMIBGroups 9 }
cafSecViolationNotifEnableGroup OBJECT-GROUP
OBJECTS { cafSecurityViolationNotifEnable }
STATUS current
DESCRIPTION
"A collection of objects that provides control over
security violation notification for Authentication
Framework in the system."
::= { ciscoAuthFrameworkMIBGroups 10 }
cafSecurityViolationNotifGroup NOTIFICATION-GROUP
NOTIFICATIONS { cafSecurityViolationNotif }
STATUS current
DESCRIPTION
"A collection of notification providing information
about port's security violation in Authentication
Framework."
::= { ciscoAuthFrameworkMIBGroups 11 }
cafSecurityViolationClientGroup OBJECT-GROUP
OBJECTS { cafSecurityViolationClient }
STATUS current
DESCRIPTION
"A collection of objects providing MAC address of the offending
client in the security violation notification."
::= { ciscoAuthFrameworkMIBGroups 12 }
cafSessionVlanGroupNameGroup OBJECT-GROUP
OBJECTS { cafSessionVlanGroupName }
STATUS current
DESCRIPTION
"A collection of objects providing VLAN group information of
authenticated session in Authentication Framework."
::= { ciscoAuthFrameworkMIBGroups 13 }
cafMacMoveConfigGroup OBJECT-GROUP
OBJECTS { cafMacMoveMode }
STATUS current
DESCRIPTION
"A collection of objects providing MAC move cofiguration
information for Authentication Framework on the device."
::= { ciscoAuthFrameworkMIBGroups 14 }
cafCoACommandConfigGroup OBJECT-GROUP
OBJECTS {
cafCoABouncePortCommandIgnoreEnabled,
cafCoADisablePortCommandIgnoreEnabled
}
STATUS current
DESCRIPTION
"A collection of objects providing configuration information
for the device's behaviour on CoA commands."
::= { ciscoAuthFrameworkMIBGroups 15 }
cafAuthFailNotifGroup NOTIFICATION-GROUP
NOTIFICATIONS { cafAuthFailNotif }
STATUS current
DESCRIPTION
"A collection of notification providing information
about port's authentication failure in Authentication
Framework."
::= { ciscoAuthFrameworkMIBGroups 16 }
cafAuthFailNotifEnableGroup OBJECT-GROUP
OBJECTS { cafAuthFailNotifEnable }
STATUS current
DESCRIPTION
"A collection of objects that provides control over
authentication failure notification for Authentication
Framework in the system."
::= { ciscoAuthFrameworkMIBGroups 17 }
cafAuthFailClientGroup OBJECT-GROUP
OBJECTS { cafAuthFailClient }
STATUS current
DESCRIPTION
"A collection of objects providing MAC address of the failed
client in the authentication failure notification."
::= { ciscoAuthFrameworkMIBGroups 18 }
END