CISCO-AUTH-FRAMEWORK-MIB.my

-- *********************************************************************
-- CISCO-AUTH-FRAMEWORK-MIB.my: Authentication Framework configuration
-- and information MIB
--   
-- April 2008, Binh Phu Le
--   
-- Copyright (c) 2008 by Cisco Systems Inc.
--   
-- All rights reserved.
--   
-- *******************************************************************

CISCO-AUTH-FRAMEWORK-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY,
    OBJECT-TYPE,
    NOTIFICATION-TYPE,
    Unsigned32,
    Integer32
        FROM SNMPv2-SMI
    MODULE-COMPLIANCE,
    NOTIFICATION-GROUP,
    OBJECT-GROUP
        FROM SNMPv2-CONF
    MacAddress,
    TEXTUAL-CONVENTION,
    TruthValue
        FROM SNMPv2-TC
    SnmpAdminString
        FROM SNMP-FRAMEWORK-MIB
    InetAddress,
    InetAddressType
        FROM INET-ADDRESS-MIB
    ifIndex,
    ifName
        FROM IF-MIB
    VlanIndexOrZero
        FROM CISCO-PRIVATE-VLAN-MIB
    CnnEouPostureTokenString
        FROM CISCO-NAC-TC-MIB
    ciscoMgmt
        FROM CISCO-SMI;


ciscoAuthFrameworkMIB MODULE-IDENTITY
    LAST-UPDATED    "200805210000Z"
    ORGANIZATION    "Cisco Systems Inc."
    CONTACT-INFO
            "Cisco Systems
            Customer Service
            Postal: 170 W Tasman Drive
            San Jose, CA  95134
            USA
            Tel: +1 800 553 -NETS
            E-mail: cs-ibns@cisco.com,
                    cs-lan-switch-snmp@cisco.com"
    DESCRIPTION
        "MIB module for Authentication Framework in the system.

        Authentication Framework provides generic configurations
        for authentication methods in the system and manage the
        failover sequence of these methods in a flexible manner."
    REVISION        "200805210000Z"
    DESCRIPTION
        "Initial version of this MIB module."
    ::= { ciscoMgmt 656 }


ciscoAuthFrameworkMIBNotifs  OBJECT IDENTIFIER
    ::= { ciscoAuthFrameworkMIB 0 }

ciscoAuthFrameworkMIBObjects  OBJECT IDENTIFIER
    ::= { ciscoAuthFrameworkMIB 1 }

ciscoAuthFrameworkMIBConform  OBJECT IDENTIFIER
    ::= { ciscoAuthFrameworkMIB 2 }

ciscoAuthFrameworkSystem  OBJECT IDENTIFIER
    ::= { ciscoAuthFrameworkMIBObjects 1 }

ciscoAuthFrwkAuthenticator  OBJECT IDENTIFIER
    ::= { ciscoAuthFrameworkMIBObjects 2 }

ciscoAuthFrameworkEvent  OBJECT IDENTIFIER
    ::= { ciscoAuthFrameworkMIBObjects 3 }

ciscoAuthFrameworkSession  OBJECT IDENTIFIER
    ::= { ciscoAuthFrameworkMIBObjects 4 }

ciscoAuthFrwkNotifControl  OBJECT IDENTIFIER
    ::= { ciscoAuthFrameworkMIBObjects 5 }

ciscoAuthFrwkNotifInfo  OBJECT IDENTIFIER
    ::= { ciscoAuthFrameworkMIBObjects 6 }


-- Textual Conventions

CiscoAuthControlledDirections ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
        "The controlled direction values for capable ports in
        Authentication Framework.

        both: control is required to be exerted over both
              incoming and outgoing traffic through the
              controlled port.

        in  : control is required to be exerted over the
              incoming traffic through the controlled port."
    SYNTAX          INTEGER  {
                        both(0),
                        in(1)
                    }

CiscoAuthControlledPortControl ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
        "The authorization control values of Authentication
        Framework on a controlled port.

        forceUnauthorized: the controlled port is forced to
                         be unauthorized unconditionally.

        auto             : authorization of the controlled
                         port will be determined by an
                         authentication process.

        forceAuthorized  : The controlled port is forced to
                         be authorized unconditionally."
    SYNTAX          INTEGER  {
                        forceUnauthorized(1),
                        auto(2),
                        forceAuthorized(3)
                    }

CiscoAuthMethod ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
        "The authentication methods and protocols supported in
        Authentication Framework.

        other        : none of the below.

        dot1x        : 802.1x Protocol.

        macAuthBypass: MAC Authentication Bypass. 

        webAuth      : Web-Proxy Authentication.

        'other' is a read only value which can not be used in
        set operation."
    SYNTAX          INTEGER  {
                        other(1),
                        dot1x(2),
                        macAuthBypass(3),
                        webAuth(4)
                    }

CiscoAuthMethodList ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
        "The list of authentication methods provided within
        Authentication Framework.

        Each octet represents an authentication method which
        is defined in CiscoAuthMethod.

        The DESCRIPTION clause of CiscoAuthMethodList objects
        must fully describe the relationship between methods."
    SYNTAX          OCTET STRING

CiscoAuthHostMode ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
        "The authentication mode of a controlled port.

        singleHost: port allows one host to connect and authenticate
                    in a single domain.

        multiHost : port allows multiple hosts to connect. Once
                  a host is authenticated, all remaining hosts are
                  also authenticated in a single domain.

        multiAuth : port allows multiple hosts to connect. Each host
                  is authenticated separately in a single domain.

        multiDomain: port allows multiple domains to be authenticated."
    SYNTAX          INTEGER  {
                        singleHost(1),
                        multiHost(2),
                        multiAuth(3),
                        multiDomain(4)
                    }

-- ciscoAuthFrameworkSystem

cafAaaNoRespRecoveryDelay OBJECT-TYPE
    SYNTAX          Unsigned32
    UNITS           "milliseconds"
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "Specifies the AAA recovery delay for authentication methods
        registered in Authentication Framework when AAA server becomes
        active again after being inactive. A value of zero indicates
        that AAA recovery delay is disabled in the system." 
    ::= { ciscoAuthFrameworkSystem 1 }

cafAuthMethodRegTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF CafAuthMethodRegEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A list of authentication methods which are currrently
        registered with Authentication Framework. 

        An entry is created by the agent when an authentication method 
        has successfully registered with Authentication Framework. 

        An entry is deleted by the agent upon de-registration of the 
        authentication method."
    ::= { ciscoAuthFrameworkSystem 2 }

cafAuthMethodRegEntry OBJECT-TYPE
    SYNTAX          CafAuthMethodRegEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry containing registration information of a particular
        authentication method with Authentication Framework."
    INDEX           { cafAuthMethod } 
    ::= { cafAuthMethodRegTable 1 }

CafAuthMethodRegEntry ::= SEQUENCE {
        cafAuthMethod                 CiscoAuthMethod,
        cafAuthMethodDefaultPriority  Unsigned32,
        cafAuthMethodDefaultExecOrder Unsigned32
}

cafAuthMethod OBJECT-TYPE
    SYNTAX          CiscoAuthMethod
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "The authentication method registered with Authentication
        Framework." 
    ::= { cafAuthMethodRegEntry 1 }

cafAuthMethodDefaultPriority OBJECT-TYPE
    SYNTAX          Unsigned32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "A unique number which indicates the default priority of a
        authentication method.

        The default priority is assigned by Authentication Framework 
        during method registration.  The method with smallest value 
        has highest priority." 
    ::= { cafAuthMethodRegEntry 2 }

cafAuthMethodDefaultExecOrder OBJECT-TYPE
    SYNTAX          Unsigned32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "A unique number which indicates the default execution order
        of a authentication method. 

        The default execution order is assigned by Authentication Framework 
        during method registration.  The method with smallest value 
        will be execute first." 
    ::= { cafAuthMethodRegEntry 3 }
 

-- ciscoAuthFrwkAuthenticator

cafPortConfigTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF CafPortConfigEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A list of port entries.  An entry will exist for each
        interface which supports which support Authentication
        Framework feature."
    ::= { ciscoAuthFrwkAuthenticator 1 }

cafPortConfigEntry OBJECT-TYPE
    SYNTAX          CafPortConfigEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry containing management information of Authentication
        Framework applicable to a particular port."
    INDEX           { ifIndex } 
    ::= { cafPortConfigTable 1 }

CafPortConfigEntry ::= SEQUENCE {
        cafPortControlledDirection CiscoAuthControlledDirections,
        cafPortFallBackProfile     SnmpAdminString,
        cafPortAuthHostMode        CiscoAuthHostMode,
        cafPortPreAuthOpenAccess   TruthValue,
        cafPortAuthorizeControl    CiscoAuthControlledPortControl,
        cafPortReauthEnabled       TruthValue,
        cafPortReauthInterval      Unsigned32,
        cafPortRestartInterval     Unsigned32,
        cafPortInactivityTimeout   Integer32,
        cafPortViolationAction     INTEGER
}

cafPortControlledDirection OBJECT-TYPE
    SYNTAX          CiscoAuthControlledDirections
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "Specifies the controlled direction of this port." 
    ::= { cafPortConfigEntry 1 }

cafPortFallBackProfile OBJECT-TYPE
    SYNTAX          SnmpAdminString
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "Specifies the name of the fallback profile to be used when
        failing over to Web Proxy Authentication.  A zero length
        string indicates that fallback mechanism to Web Proxy
        Authentication is disabled in Authentication Framework." 
    ::= { cafPortConfigEntry 2 }

cafPortAuthHostMode OBJECT-TYPE
    SYNTAX          CiscoAuthHostMode
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "Specifies the authentication host mode for this port." 
    ::= { cafPortConfigEntry 3 }

cafPortPreAuthOpenAccess OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "Specifies if the Pre-Authentication Open Access feature
        allows clients/devices to gain network access before 
        authentication is performed. 

        A value of 'true' for this object indicates that client/device 
        is able to gain network access before authentication is 
        performed." 
    ::= { cafPortConfigEntry 4 }

cafPortAuthorizeControl OBJECT-TYPE
    SYNTAX          CiscoAuthControlledPortControl
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "Specifies the authorization control for this port." 
    ::= { cafPortConfigEntry 5 }

cafPortReauthEnabled OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "Specifies if reauthentication is enabled for this port." 
    ::= { cafPortConfigEntry 6 }

cafPortReauthInterval OBJECT-TYPE
    SYNTAX          Unsigned32
    UNITS           "seconds"
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "Specifies the reauthentication interval, after which the port
        will be reauthenticated if value of the corresponding instance
        of cafPortReauthEnabled is 'true'.

        A value of zero indicates that the reauthentication interval
        is downloaded from AAA server when this port is authenticated." 
    ::= { cafPortConfigEntry 7 }

cafPortRestartInterval OBJECT-TYPE
    SYNTAX          Unsigned32
    UNITS           "seconds"
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "Specifies the interval after which a further authentication
        attempt should be made to this port if it is not authorized.

        A value of zero indicates that no further authentication attempt
        will be made if this port is unauthorized." 
    ::= { cafPortConfigEntry 8 }

cafPortInactivityTimeout OBJECT-TYPE
    SYNTAX          Integer32 (-1 | 0 | 1..65535)
    UNITS           "seconds"
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "Specifies the period of time that a client associating with this
        port is allowed to be inactive before being terminated.

        A value of zero indicates that inactivity timeout is disabled on 
        this port.

        A value of -1 indicates that inactivity timeout is downloaded
        from the AAA server when this port is authenticated." 
    ::= { cafPortConfigEntry 9 }

cafPortViolationAction OBJECT-TYPE
    SYNTAX          INTEGER  {
                        restrict(1),
                        shutdown(2)
                    }
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "Specifies the action to be taken due to a security violation
        occurs on this port.

              restrict: This port will be restricted, i.e. packets for the
                        offending host will be dropped.

              shutdown: This port will be shutdown from Authentication
                        Framework perspective." 
    ::= { cafPortConfigEntry 10 }
 


cafPortMethodTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF CafPortMethodEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "The table contains a list of port entries.  An entry will exist
        for each port which supports Authentication Framework feature."
    ::= { ciscoAuthFrwkAuthenticator 2 }

cafPortMethodEntry OBJECT-TYPE
    SYNTAX          CafPortMethodEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "Entry containing configuration and information of
        authentication methods for a particular port."
    INDEX           { ifIndex } 
    ::= { cafPortMethodTable 1 }

CafPortMethodEntry ::= SEQUENCE {
        cafPortMethodAdminExecOrder CiscoAuthMethodList,
        cafPortMethodAdminPriority  CiscoAuthMethodList,
        cafPortMethodAvailable      CiscoAuthMethodList,
        cafPortMethodOperExecOrder  CiscoAuthMethodList,
        cafPortMethodOperPriority   CiscoAuthMethodList
}

cafPortMethodAdminExecOrder OBJECT-TYPE
    SYNTAX          CiscoAuthMethodList
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies the administrative execution order of
        authentication methods on the port.  Methods are executed in
        the order as specified in the method list.

        Method which is at the beginning of the method list will be
        executed first.  Method which is at the end of method list
        will be executed last.

        A zero length string of this object indicates that no per
        port execution order configuration has been specified on
        this port. The actual execution order is based on the value
        of cafAuthMethodDefaultExecOrder in cafAuthMethodRegTable." 
    ::= { cafPortMethodEntry 1 }

cafPortMethodAdminPriority OBJECT-TYPE
    SYNTAX          CiscoAuthMethodList
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies the administrative priority of
        authentication methods on the port.  The priority of
        each method is assigned based on the method list.

        Method which is at the beginning of the method list has
        highest priority.  Method which is at the end of method list
        has lowest priority.

        A zero length string of this object indicates that no per
        port method priority configuration has been specified on
        this port.  The actual execution order is based on the value 
        of cafAuthMethodDefaultExecOrder in cafAuthMethodRegTable." 
    ::= { cafPortMethodEntry 2 }

cafPortMethodAvailable OBJECT-TYPE
    SYNTAX          CiscoAuthMethodList
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the authentication methods currently
        available on this port." 
    ::= { cafPortMethodEntry 3 }

cafPortMethodOperExecOrder OBJECT-TYPE
    SYNTAX          CiscoAuthMethodList
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the operational execution order of
        authentication methods on this port.  Methods are executed in
        the order as specified in the method list.

        Method which is at the beginning of the method list will be
        executed first.  Method which is at the end of method list
        will be executed last." 
    ::= { cafPortMethodEntry 4 }

cafPortMethodOperPriority OBJECT-TYPE
    SYNTAX          CiscoAuthMethodList
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the operational priority of
        authentication methods on this port.  Methods have the
        priority as specified in the method list.

        Method which is at the beginning of the method list has
        highest priority.  Method which is at the end of method list
        has lowest priority." 
    ::= { cafPortMethodEntry 5 }
 

-- ciscoAuthFrameworkEvent

cafAuthFailedEventPortTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF CafAuthFailedEventPortEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "The table contains a list of port entries.

        An entry will exist for each port which supports Authentication
        Fail event within the Authentication Framework."
    ::= { ciscoAuthFrameworkEvent 1 }

cafAuthFailedEventPortEntry OBJECT-TYPE
    SYNTAX          CafAuthFailedEventPortEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "Entry containing management information of Authentication
        Fail event for a particular port."
    INDEX           { ifIndex } 
    ::= { cafAuthFailedEventPortTable 1 }

CafAuthFailedEventPortEntry ::= SEQUENCE {
        cafAuthFailedMaxRetry          Unsigned32,
        cafAuthFailedNoActionEnabled   TruthValue,
        cafAuthFailedAuthorizedVlan    Integer32,
        cafAuthFailedNextMethodEnabled TruthValue
}

cafAuthFailedMaxRetry OBJECT-TYPE
    SYNTAX          Unsigned32
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies the maximum number of retry should be
        performed before generating Authentication Fail event.

        A value of zero indicates that Authentication Fail event will
        be generated upon authentication fail without any retry." 
    ::= { cafAuthFailedEventPortEntry 1 }

cafAuthFailedNoActionEnabled OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies whether no action will be performed
        when an Authentication Fail event occurs.

        Setting 'true' on this object indicates that no action will
        be performed when Authentication Fail event occurs.

        The read-only value 'false' indicates that an action will
        be performed when an Authentication Fail event occurs." 
    ::= { cafAuthFailedEventPortEntry 2 }

cafAuthFailedAuthorizedVlan OBJECT-TYPE
    SYNTAX          Integer32 (-1 | 0 | 1..2147483647)
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies the Authentication Failed VLAN number.

        The read-only value of -1 indicates that this object is not
        applicable on this port.

        The read-only value of zero indicates that this port will not be
        authorized to any VLAN when Authentication Failed event occurs.

        Setting a non-zero value on this object indicates that this port
        will be authorized to the VLAN as specified by this object
        value, when Authentication Fail event occurs." 
    ::= { cafAuthFailedEventPortEntry 3 }

cafAuthFailedNextMethodEnabled OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies whether the next authentication method
        will be used if an Authentication Fail event is generated by the
        current authentication method.

        Setting this object to 'true' indicates that the next available
        authentication method will be used when Authentication Fail 
        event occurs.

        The read-only value 'false' indicates that the next available
        authentication method will not be used when Authentication Fail
        event occurs." 
    ::= { cafAuthFailedEventPortEntry 4 }
 


cafSecurityViolationClient OBJECT-TYPE
    SYNTAX          MacAddress
    MAX-ACCESS      accessible-for-notify
    STATUS          current
    DESCRIPTION
        "The MAC address included in the notification currently being
        sent, indicating the client who triggered the security violation
        notification." 
    ::= { ciscoAuthFrwkNotifInfo 1 }

cafClientNoRespEventPortTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF CafClientNoRespEventPortEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "The table contains a list of port entries.

        An entry exists for each port which supports No Response
        event within the Authentication Framework."
    ::= { ciscoAuthFrameworkEvent 2 }

cafClientNoRespEventPortEntry OBJECT-TYPE
    SYNTAX          CafClientNoRespEventPortEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "Entry containing management information of No Response
        event for a particular port."
    INDEX           { ifIndex } 
    ::= { cafClientNoRespEventPortTable 1 }

CafClientNoRespEventPortEntry ::= SEQUENCE {
        cafClientNoRespNoActionEnabled TruthValue,
        cafClientNoRespAuthorizedVlan  Integer32
}

cafClientNoRespNoActionEnabled OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies whether an action is performed when No
        Response event occurs.

        Setting 'true' on this object indicates that no action will
        be performed when No Response event occurs.

        The read-only value 'false' of this object indicates that an
        action will be performed when No Response event occurs." 
    ::= { cafClientNoRespEventPortEntry 1 }

cafClientNoRespAuthorizedVlan OBJECT-TYPE
    SYNTAX          Integer32 (-1 | 0 | 1..2147483647)
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies the No Response Authorized VLAN number.

        The read-only value of -1 indicates that this object is not
        applicable on this port.

        The read-only value of zero indicates that this port will not be
        authorized to any VLAN when No Response event occurs.

        Setting a non-zero value on this object indicates that this port
        will be authorized to the VLAN as specified by this object
        value, when No Response event occurs." 
    ::= { cafClientNoRespEventPortEntry 2 }
 


cafServerEventPortTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF CafServerEventPortEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "The table contains a list of port entries.

        An entry exists for each port which supports AAA Server
        Reachability event within the Authentication Framework."
    ::= { ciscoAuthFrameworkEvent 3 }

cafServerEventPortEntry OBJECT-TYPE
    SYNTAX          CafServerEventPortEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "Entry containing management information of AAA Server
        Reachability event for a particular port."
    INDEX           { ifIndex } 
    ::= { cafServerEventPortTable 1 }

CafServerEventPortEntry ::= SEQUENCE {
        cafServerDeadNoActionEnabled  TruthValue,
        cafServerDeadRemainAuthorized TruthValue,
        cafServerDeadAuthorizedVlan   Integer32,
        cafServerAliveAction          INTEGER
}

cafServerDeadNoActionEnabled OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object indicates whether an action is performed if an
        AAA Server Reachability event occurs.

        Setting 'true' on this object indicates that no action
        will be performed when AAA Server Reachability event occurs.

        The read-only value 'false' indicates that an action will
        be performed when AAA Server Reachability event occurs." 
    ::= { cafServerEventPortEntry 1 }

cafServerDeadRemainAuthorized OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies if current authorization will remain
        unchanged for the port when AAA Server Reachability event
        occurs.

        Setting 'true' on this object indicates that current
        authorization will remain unchanged for the port when AAA
        Server Reachability event occurs.

        The read-only value 'false' indicates that the current
        authorization will not be retained for the port when
        AAA Server Reachability event occurs." 
    ::= { cafServerEventPortEntry 2 }

cafServerDeadAuthorizedVlan OBJECT-TYPE
    SYNTAX          Integer32 (-1 | 0 | 1..2147483647)
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies the AAA Server Reachability
        Authorized VLAN number.

        The read-only value of -1 indicates that this object is not
        applicable on this port.

        The read-only value of zero indicates that this port will not
        be authorized to any VLAN when AAA Server Reachability event
        occurs.

        Setting a non-zero value on this object indicates that this port
        will be authorized to the VLAN as specified by this object
        value, when AAA Server Reachability event occurs." 
    ::= { cafServerEventPortEntry 3 }

cafServerAliveAction OBJECT-TYPE
    SYNTAX          INTEGER  {
                        none(1),
                        reinitialize(2)
                    }
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies the action applied to the port upon AAA
        recovery.

        none        : no action will be applied.
        reinitialize: the port will be reinitialized with the current
                     authentication method." 
    ::= { cafServerEventPortEntry 4 }
 

-- ciscoAuthFrameworkSession

cafSessionTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF CafSessionEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "The table contains a list of authentication session.

        An entry is created when an authentication session has
        successfully created within Authentication Framework.

        An entry is deleted when an authentication session has been
        removed."
    ::= { ciscoAuthFrameworkSession 1 }

cafSessionEntry OBJECT-TYPE
    SYNTAX          CafSessionEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "Entry containing management information for a particular
        authentication session."
    INDEX           {
                        ifIndex,
                        IMPLIED cafSessionId
                    } 
    ::= { cafSessionTable 1 }

CafSessionEntry ::= SEQUENCE {
        cafSessionId                  OCTET STRING,
        cafSessionClientMacAddress    MacAddress,
        cafSessionClientAddrType      InetAddressType,
        cafSessionClientAddress       InetAddress,
        cafSessionStatus              INTEGER,
        cafSessionDomain              INTEGER,
        cafSessionAuthHostMode        CiscoAuthHostMode,
        cafSessionControlledDirection CiscoAuthControlledDirections,
        cafSessionPostureToken        CnnEouPostureTokenString,
        cafSessionAuthUserName        SnmpAdminString,
        cafSessionClientFramedIpPool  SnmpAdminString,
        cafSessionAuthorizedBy        SnmpAdminString,
        cafSessionCriticalTimeLeft    Unsigned32,
        cafSessionAuthVlan            VlanIndexOrZero,
        cafSessionTimeout             Unsigned32,
        cafSessionTimeLeft            Unsigned32,
        cafSessionTimeoutAction       INTEGER,
        cafSessionInactivityTimeout   Unsigned32,
        cafSessionInactivityTimeLeft  Unsigned32,
        cafSessionReauth              TruthValue,
        cafSessionTerminate           TruthValue
}

cafSessionId OBJECT-TYPE
    SYNTAX          OCTET STRING (SIZE  (1..64))
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A unique identifier of the authentication session." 
    ::= { cafSessionEntry 1 }

cafSessionClientMacAddress OBJECT-TYPE
    SYNTAX          MacAddress
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "Indicates the MAC address of the device associates with the
        authentication session." 
    ::= { cafSessionEntry 2 }

cafSessionClientAddrType OBJECT-TYPE
    SYNTAX          InetAddressType
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "Indicates the type of Internet address of the client
        associates with the authentication session." 
    ::= { cafSessionEntry 3 }

cafSessionClientAddress OBJECT-TYPE
    SYNTAX          InetAddress
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "Indicates the Internet address of the client associates with
        the authentication session. The type of this address is
        determined by the value of cafSessionClientAddrType object." 
    ::= { cafSessionEntry 4 }

cafSessionStatus OBJECT-TYPE
    SYNTAX          INTEGER  {
                        idle(1),
                        running(2),
                        noMethod(3),
                        authenticationSuccess(4),
                        authenticationFailed(5),
                        authorizationSuccess(6),
                        authorizationFailed(7)
                    }
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "Indicates the current status of the authentication session.

        idle        : the session has been initialized and no
                    method has run yet.

        running     : an authentication method is running for
                    this session.

        noMethod    : no authentication method has provided a
                    result for this session.

        authenticationSuccess: an authentication method has resulted
                    in authentication success for this session.

        authenticationFailed: an authentication method has resulted
                    in authentication failed for this session.

        authorizationSuccess: authorization is successful for this session.

        authorizationFailed : authorization is failed for this session." 
    ::= { cafSessionEntry 5 }

cafSessionDomain OBJECT-TYPE
    SYNTAX          INTEGER  {
                        other(1),
                        data(2),
                        voice(3)
                    }
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "Indicates the type of domain that the authentication session
        belongs to.

        other  : none of the below.

        data : indicates the data domain.

        voice: indicates the voice domain." 
    ::= { cafSessionEntry 6 }

cafSessionAuthHostMode OBJECT-TYPE
    SYNTAX          CiscoAuthHostMode
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "Indicates the authentication host mode of the port in the
        authentication session." 
    ::= { cafSessionEntry 7 }

cafSessionControlledDirection OBJECT-TYPE
    SYNTAX          CiscoAuthControlledDirections
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "Indicates the operational controlled directions parameter
        for this port in the authentication session." 
    ::= { cafSessionEntry 8 }

cafSessionPostureToken OBJECT-TYPE
    SYNTAX          CnnEouPostureTokenString
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "Indicates the posture token associates with the authentication
        session." 
    ::= { cafSessionEntry 9 }

cafSessionAuthUserName OBJECT-TYPE
    SYNTAX          SnmpAdminString
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "Indicates the name of the authenticated user for the
        authentication session." 
    ::= { cafSessionEntry 10 }

cafSessionClientFramedIpPool OBJECT-TYPE
    SYNTAX          SnmpAdminString
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "Indicates the name of the address pool from which the
        session's client IP address is assigned." 
    ::= { cafSessionEntry 11 }

cafSessionAuthorizedBy OBJECT-TYPE
    SYNTAX          SnmpAdminString
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "Indicates the name of the feature which authorizes the
        authentication session." 
    ::= { cafSessionEntry 12 }

cafSessionCriticalTimeLeft OBJECT-TYPE
    SYNTAX          Unsigned32
    UNITS           "seconds"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "Indicates the leftover time before the next authentication
        attempt for the authentication session after Server Reachability
        event occurred.  Value zero indicates that this session is
        currently being authenticated or it is not applicable." 
    ::= { cafSessionEntry 13 }

cafSessionAuthVlan OBJECT-TYPE
    SYNTAX          VlanIndexOrZero
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "Indicates the authorized VLAN applied to the authentication session.
        Value zero indicates that no authorized VLAN has been applied, or it
        is not applicable." 
    ::= { cafSessionEntry 14 }

cafSessionTimeout OBJECT-TYPE
    SYNTAX          Unsigned32
    UNITS           "seconds"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "Indicates the session timeout used by Authentication
        Framework in the authentication session." 
    ::= { cafSessionEntry 15 }

cafSessionTimeLeft OBJECT-TYPE
    SYNTAX          Unsigned32
    UNITS           "seconds"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "Indicates the leftover time of the current authentication
        session." 
    ::= { cafSessionEntry 16 }

cafSessionTimeoutAction OBJECT-TYPE
    SYNTAX          INTEGER  {
                        unknown(1),
                        terminate(2),
                        reauthenticate(3)
                    }
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "Indicates the timeout action on the authentication session, when
        value of the corresponding instance of cafSessionTimeLeft reaches
        zero. 

         unknown       : None of the below.

         terminate     : Session will be terminated.

         reauthenticate: Session will be reauthenticated." 
    ::= { cafSessionEntry 17 }

cafSessionInactivityTimeout OBJECT-TYPE
    SYNTAX          Unsigned32
    UNITS           "seconds"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "Indicates the inactivity timeout used by Authentication
        Framework in the authentication session." 
    ::= { cafSessionEntry 18 }

cafSessionInactivityTimeLeft OBJECT-TYPE
    SYNTAX          Unsigned32
    UNITS           "seconds"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "Indicates the leftover time of the inactivity timer of
        the authentication session." 
    ::= { cafSessionEntry 19 }

cafSessionReauth OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "The reauthentication control for the authentication session.
        Setting this object to 'true' cause the current authenticated
        session to reauthenticate the authenticated client. Setting
        this object to 'false' has no effect.

        This object always returns 'false' when being read." 
    ::= { cafSessionEntry 20 }

cafSessionTerminate OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "The termination request control for the authentication session.
        Setting this object to 'true' terminates the current session.
        Setting this object to 'false' has no effect.

        This object always returns 'false' when being read." 
    ::= { cafSessionEntry 21 }
 


cafSessionMethodsInfoTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF CafSessionMethodsInfoEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "The table contains a list of authentication method for every
        authentication session.

        An entry exists for each authentication method that can
        authenticate an authentication session within
        Authentication Framework."
    ::= { ciscoAuthFrameworkSession 2 }

cafSessionMethodsInfoEntry OBJECT-TYPE
    SYNTAX          CafSessionMethodsInfoEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "Entry containing method information for a particular runnable
        authentication methods which is associated with a session for 
        an Authentication Framework managed port."
    INDEX           {
                        ifIndex,
                        cafSessionId,
                        cafSessionMethod
                    } 
    ::= { cafSessionMethodsInfoTable 1 }

CafSessionMethodsInfoEntry ::= SEQUENCE {
        cafSessionMethod      CiscoAuthMethod,
        cafSessionMethodState INTEGER
}

cafSessionMethod OBJECT-TYPE
    SYNTAX          CiscoAuthMethod
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "Indicates this authentication method." 
    ::= { cafSessionMethodsInfoEntry 1 }

cafSessionMethodState OBJECT-TYPE
    SYNTAX          INTEGER  {
                        notRun(1),
                        running(2),
                        failedOver(3),
                        authcSuccess(4),
                        authcFailed(5)
                    }
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "Indicates the state of this authentication method.

        notRun      : The method has not run for this session.

        running     : The method is running for this session.

        failedOver  : The method has failed and the next method is
                    expected to provide a result.

        authcSuccess: The method has provided a successful
                     authentication result for this session.

        authcFailed : The method has provided a failed authentication
                     result for this session." 
    ::= { cafSessionMethodsInfoEntry 2 }
 


-- Notifications and notification controls

cafSecurityViolationNotifEnable OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This variable indicates whether the system produces
        the cafSecurityViolationNotif.

        A 'false' value will prevent cafSecurityViolationNotif 
        from being generated by this system." 
    ::= { ciscoAuthFrwkNotifControl 1 }

cafSecurityViolationNotif NOTIFICATION-TYPE
    OBJECTS         {
                        ifIndex,
                        ifName,
                        cafSecurityViolationClient
                    }
    STATUS          current
    DESCRIPTION
        "A cafSecurityViolationNotif is sent if a security violation
        is detected on a port, and the instance value of 
        cafSecurityViolationNotifEnable is 'true'."
   ::= { ciscoAuthFrameworkMIBNotifs 1 }
-- Conformance

ciscoAuthFrameworkMIBCompliances  OBJECT IDENTIFIER
    ::= { ciscoAuthFrameworkMIBConform 1 }

ciscoAuthFrameworkMIBGroups  OBJECT IDENTIFIER
    ::= { ciscoAuthFrameworkMIBConform 2 }


ciscoAuthFrameworkMIBCompliance MODULE-COMPLIANCE
    STATUS          current
    DESCRIPTION
        "The compliance statement for entities which implement
        CISCO-AUTH-FRAMEWORK-MIB."
    MODULE          -- this module
    MANDATORY-GROUPS {
                        cafAuthMethodRegGroup,
                        cafAuthPortConfigGroup,
                        cafPortMethodGroup,
                        cafSessionGroup,
                        cafSessionMethodInfoGroup
                    }

    GROUP           cafAaaNoRespRecoveryDelayGroup
    DESCRIPTION
        "This group is mandatory in devices running software which
        provide AAA recovery delay configuration for Authentication
        Framework."

    GROUP           cafAuthFailedEventGroup
    DESCRIPTION
        "This group is mandatory in devices running software which
        provide  configuration for Authentication Framework on its
        capable ports, when Authentication Fail event occurs."

    GROUP           cafClientNoRespEventGroup
    DESCRIPTION
        "This group is mandatory in devices running software which
        provide configuration for Authentication Framework to authorize
        ports in a special VLAN when non-capable clients are
        detected."

    GROUP           cafServerEventGroup
    DESCRIPTION
        "This group is mandatory in devices running software which
        provide configuration for Authentication Framework on
        authenticated ports when AAA Server Reachability event occurs."

    GROUP           cafSecViolationNotifEnableGroup
    DESCRIPTION
        "This group is mandatory in devices running software which
        support security violation notification for Authentication
        Framework."

    GROUP           cafSecurityViolationNotifGroup
    DESCRIPTION
        "This group is mandatory in devices running software which
        support security violation notification for Authentication
        Framework."

    GROUP           cafSecurityViolationClientGroup
    DESCRIPTION
        "This group is mandatory in devices running software which
        support security violation notification for Authentication
        Framework."

    OBJECT          cafAaaNoRespRecoveryDelay
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          cafPortControlledDirection
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          cafPortFallBackProfile
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          cafPortAuthHostMode
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          cafPortPreAuthOpenAccess
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          cafPortAuthorizeControl
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          cafPortReauthEnabled
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          cafPortReauthInterval
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          cafPortRestartInterval
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          cafPortInactivityTimeout
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          cafPortViolationAction
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          cafPortMethodAdminExecOrder
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          cafPortMethodAdminPriority
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          cafAuthFailedMaxRetry
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          cafAuthFailedNoActionEnabled
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          cafAuthFailedAuthorizedVlan
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          cafAuthFailedNextMethodEnabled
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          cafClientNoRespNoActionEnabled
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          cafClientNoRespAuthorizedVlan
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          cafServerDeadNoActionEnabled
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          cafServerDeadRemainAuthorized
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          cafServerDeadAuthorizedVlan
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          cafServerAliveAction
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          cafSessionReauth
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          cafSessionTerminate
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."

    OBJECT          cafSecurityViolationNotifEnable
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is not required."
    ::= { ciscoAuthFrameworkMIBCompliances 1 }

-- Units of Conformance

cafAuthMethodRegGroup OBJECT-GROUP
    OBJECTS         {
                        cafAuthMethodDefaultPriority,
                        cafAuthMethodDefaultExecOrder
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects that provides registration
        information of authentication methods in Authentication
        Framework."
    ::= { ciscoAuthFrameworkMIBGroups 1 }

cafAaaNoRespRecoveryDelayGroup OBJECT-GROUP
    OBJECTS         { cafAaaNoRespRecoveryDelay }
    STATUS          current
    DESCRIPTION
        "A collection of objects that provides AAA recovery delay
        configuration for Authentication Framework in the system."
    ::= { ciscoAuthFrameworkMIBGroups 2 }

cafAuthPortConfigGroup OBJECT-GROUP
    OBJECTS         {
                        cafPortControlledDirection,
                        cafPortFallBackProfile,
                        cafPortAuthHostMode,
                        cafPortPreAuthOpenAccess,
                        cafPortAuthorizeControl,
                        cafPortReauthEnabled,
                        cafPortReauthInterval,
                        cafPortRestartInterval,
                        cafPortInactivityTimeout,
                        cafPortViolationAction
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects that provides configuration of
        Authentication Framework for capable ports in the system."
    ::= { ciscoAuthFrameworkMIBGroups 3 }

cafPortMethodGroup OBJECT-GROUP
    OBJECTS         {
                        cafPortMethodAdminExecOrder,
                        cafPortMethodAdminPriority,
                        cafPortMethodAvailable,
                        cafPortMethodOperExecOrder,
                        cafPortMethodOperPriority
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects that provides configuration and
        information of authentication methods within Authentication
        Framework for capable ports in the system."
    ::= { ciscoAuthFrameworkMIBGroups 4 }

cafAuthFailedEventGroup OBJECT-GROUP
    OBJECTS         {
                        cafAuthFailedMaxRetry,
                        cafAuthFailedNoActionEnabled,
                        cafAuthFailedAuthorizedVlan,
                        cafAuthFailedNextMethodEnabled
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects that provides configuration of
        Auth-Failed behaviour of Authentication Framework for
        ports in the system."
    ::= { ciscoAuthFrameworkMIBGroups 5 }

cafClientNoRespEventGroup OBJECT-GROUP
    OBJECTS         {
                        cafClientNoRespNoActionEnabled,
                        cafClientNoRespAuthorizedVlan
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects that provides configuration of
        Authentication Framework when no-responsive client is detected
        on a port in the system."
    ::= { ciscoAuthFrameworkMIBGroups 6 }

cafServerEventGroup OBJECT-GROUP
    OBJECTS         {
                        cafServerDeadNoActionEnabled,
                        cafServerDeadRemainAuthorized,
                        cafServerDeadAuthorizedVlan,
                        cafServerAliveAction
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects that provides configuration of
        Authentication Framework when AAA Server Reachability event
        occurs."
    ::= { ciscoAuthFrameworkMIBGroups 7 }

cafSessionGroup OBJECT-GROUP
    OBJECTS         {
                        cafSessionClientMacAddress,
                        cafSessionClientAddrType,
                        cafSessionClientAddress,
                        cafSessionDomain,
                        cafSessionStatus,
                        cafSessionAuthHostMode,
                        cafSessionControlledDirection,
                        cafSessionPostureToken,
                        cafSessionAuthUserName,
                        cafSessionClientFramedIpPool,
                        cafSessionAuthorizedBy,
                        cafSessionCriticalTimeLeft,
                        cafSessionAuthVlan,
                        cafSessionTimeout,
                        cafSessionTimeLeft,
                        cafSessionTimeoutAction,
                        cafSessionInactivityTimeout,
                        cafSessionInactivityTimeLeft,
                        cafSessionReauth,
                        cafSessionTerminate
                    }
    STATUS          current
    DESCRIPTION
        "A collection of objects that provides authentication session
        management information for Authentication Framework."
    ::= { ciscoAuthFrameworkMIBGroups 8 }

cafSessionMethodInfoGroup OBJECT-GROUP
    OBJECTS         { cafSessionMethodState }
    STATUS          current
    DESCRIPTION
        "A collection of objects that provides information about
        authentication methods associate with Authentication Framework
        's authentication sessions in the system."
    ::= { ciscoAuthFrameworkMIBGroups 9 }

cafSecViolationNotifEnableGroup OBJECT-GROUP
    OBJECTS         { cafSecurityViolationNotifEnable }
    STATUS          current
    DESCRIPTION
        "A collection of objects that provides control over
        security violation notification for Authentication
        Framework in the system."
    ::= { ciscoAuthFrameworkMIBGroups 10 }

cafSecurityViolationNotifGroup NOTIFICATION-GROUP
   NOTIFICATIONS    { cafSecurityViolationNotif }
    STATUS          current
    DESCRIPTION
        "A collection of notification providing information
        about port's security violation in Authentication
        Framework."
    ::= { ciscoAuthFrameworkMIBGroups 11 }

cafSecurityViolationClientGroup OBJECT-GROUP
    OBJECTS         { cafSecurityViolationClient }
    STATUS          current
    DESCRIPTION
        "A collection of objects providing MAC address of the offending
        client in the security violation notification."
    ::= { ciscoAuthFrameworkMIBGroups 12 }

END
TRAP .1.3.6.1.4.1.9.9.656.0.1OID .1.3.6.1.4.1.9.9.656.1OID .1.3.6.1.4.1.9.9.656.1.1OID .1.3.6.1.4.1.9.9.656.1.1.1OID .1.3.6.1.4.1.9.9.656.1.1.2OID .1.3.6.1.4.1.9.9.656.1.1.2.1OID .1.3.6.1.4.1.9.9.656.1.1.2.1.1OID .1.3.6.1.4.1.9.9.656.1.1.2.1.2OID .1.3.6.1.4.1.9.9.656.1.1.2.1.3OID .1.3.6.1.4.1.9.9.656.1.2OID .1.3.6.1.4.1.9.9.656.1.2.1OID .1.3.6.1.4.1.9.9.656.1.2.1.1OID .1.3.6.1.4.1.9.9.656.1.2.1.1.1OID .1.3.6.1.4.1.9.9.656.1.2.1.1.2OID .1.3.6.1.4.1.9.9.656.1.2.1.1.3OID .1.3.6.1.4.1.9.9.656.1.2.1.1.4OID .1.3.6.1.4.1.9.9.656.1.2.1.1.5OID .1.3.6.1.4.1.9.9.656.1.2.1.1.6OID .1.3.6.1.4.1.9.9.656.1.2.1.1.7OID .1.3.6.1.4.1.9.9.656.1.2.1.1.8OID .1.3.6.1.4.1.9.9.656.1.2.1.1.9OID .1.3.6.1.4.1.9.9.656.1.2.1.1.10OID .1.3.6.1.4.1.9.9.656.1.2.2OID .1.3.6.1.4.1.9.9.656.1.2.2.1OID .1.3.6.1.4.1.9.9.656.1.2.2.1.1OID .1.3.6.1.4.1.9.9.656.1.2.2.1.2OID .1.3.6.1.4.1.9.9.656.1.2.2.1.3OID .1.3.6.1.4.1.9.9.656.1.2.2.1.4OID .1.3.6.1.4.1.9.9.656.1.2.2.1.5OID .1.3.6.1.4.1.9.9.656.1.3OID .1.3.6.1.4.1.9.9.656.1.3.1OID .1.3.6.1.4.1.9.9.656.1.3.1.1
OID .1.3.6.1.4.1.9.9.656.1.3.1.1.1OID .1.3.6.1.4.1.9.9.656.1.3.1.1.2OID .1.3.6.1.4.1.9.9.656.1.3.1.1.3OID .1.3.6.1.4.1.9.9.656.1.3.1.1.4OID .1.3.6.1.4.1.9.9.656.1.3.2OID .1.3.6.1.4.1.9.9.656.1.3.2.1OID .1.3.6.1.4.1.9.9.656.1.3.2.1.1OID .1.3.6.1.4.1.9.9.656.1.3.2.1.2OID .1.3.6.1.4.1.9.9.656.1.3.3OID .1.3.6.1.4.1.9.9.656.1.3.3.1OID .1.3.6.1.4.1.9.9.656.1.3.3.1.1OID .1.3.6.1.4.1.9.9.656.1.3.3.1.2OID .1.3.6.1.4.1.9.9.656.1.3.3.1.3OID .1.3.6.1.4.1.9.9.656.1.3.3.1.4OID .1.3.6.1.4.1.9.9.656.1.4OID .1.3.6.1.4.1.9.9.656.1.4.1OID .1.3.6.1.4.1.9.9.656.1.4.1.1OID .1.3.6.1.4.1.9.9.656.1.4.1.1.1OID .1.3.6.1.4.1.9.9.656.1.4.1.1.2OID .1.3.6.1.4.1.9.9.656.1.4.1.1.3OID .1.3.6.1.4.1.9.9.656.1.4.1.1.4OID .1.3.6.1.4.1.9.9.656.1.4.1.1.5OID .1.3.6.1.4.1.9.9.656.1.4.1.1.6OID .1.3.6.1.4.1.9.9.656.1.4.1.1.7OID .1.3.6.1.4.1.9.9.656.1.4.1.1.8OID .1.3.6.1.4.1.9.9.656.1.4.1.1.9OID .1.3.6.1.4.1.9.9.656.1.4.1.1.10OID .1.3.6.1.4.1.9.9.656.1.4.1.1.11OID .1.3.6.1.4.1.9.9.656.1.4.1.1.12OID .1.3.6.1.4.1.9.9.656.1.4.1.1.13OID .1.3.6.1.4.1.9.9.656.1.4.1.1.14
OID .1.3.6.1.4.1.9.9.656.1.4.1.1.15OID .1.3.6.1.4.1.9.9.656.1.4.1.1.16OID .1.3.6.1.4.1.9.9.656.1.4.1.1.17OID .1.3.6.1.4.1.9.9.656.1.4.1.1.18OID .1.3.6.1.4.1.9.9.656.1.4.1.1.19OID .1.3.6.1.4.1.9.9.656.1.4.1.1.20OID .1.3.6.1.4.1.9.9.656.1.4.1.1.21OID .1.3.6.1.4.1.9.9.656.1.4.2OID .1.3.6.1.4.1.9.9.656.1.4.2.1OID .1.3.6.1.4.1.9.9.656.1.4.2.1.1OID .1.3.6.1.4.1.9.9.656.1.4.2.1.2OID .1.3.6.1.4.1.9.9.656.1.5OID .1.3.6.1.4.1.9.9.656.1.5.1OID .1.3.6.1.4.1.9.9.656.1.6OID .1.3.6.1.4.1.9.9.656.1.6.1OID .1.3.6.1.4.1.9.9.656.2OID .1.3.6.1.4.1.9.9.656.2.1OID .1.3.6.1.4.1.9.9.656.2.1.1OID .1.3.6.1.4.1.9.9.656.2.2OID .1.3.6.1.4.1.9.9.656.2.2.1OID .1.3.6.1.4.1.9.9.656.2.2.2OID .1.3.6.1.4.1.9.9.656.2.2.3OID .1.3.6.1.4.1.9.9.656.2.2.4OID .1.3.6.1.4.1.9.9.656.2.2.5OID .1.3.6.1.4.1.9.9.656.2.2.6OID .1.3.6.1.4.1.9.9.656.2.2.7OID .1.3.6.1.4.1.9.9.656.2.2.8OID .1.3.6.1.4.1.9.9.656.2.2.9OID .1.3.6.1.4.1.9.9.656.2.2.10OID .1.3.6.1.4.1.9.9.656.2.2.11OID .1.3.6.1.4.1.9.9.656.2.2.12