OID for dot1x polling

Joris Deprouw · ‎08-29-2011

Hello,

I'm am looking for a OID to poll the status of dot1x configured ports, when the port has been disabled due to a DOT1X-5-FAIL I would like to see this when polling the switch.

So far I'm not able to

I have used the MIB's below, but I can't finds any OID giving me this information.

CISCO-AUTH-FRAMEWORK-MIB

CISCO-PAE-MIB

I have upgraded the switch to the latest IOS 12.2(58)SE2.

Does anyone has this configured? Maybe with alternative OID's?

Thanks,

Best Regards,

Joris

Tarik Admani · ‎08-31-2011

Joris,

I think this will do the trick, showing a port as authcfailed should be what you are looking for:

cafSessionMethodState OBJECT-TYPE SYNTAX INTEGER { notRun(1), running(2), failedOver(3), authcSuccess(4), authcFailed(5) } MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the state of this authentication method. notRun : The method has not run for this session. running : The method is running for this session. failedOver : The method has failed and the next method is expected to provide a result. authcSuccess: The method has provided a successful authentication result for this session. authcFailed : The method has provided a failed authentication result for this session." ::= { cafSessionMethodsInfoEntry 2 }

I found this here:

http://tools.cisco.com/ITDIT/MIBS/MainServlet?ReleaseSel=2770&PlatformSel=233&fsSel=622

The doc is here:

ftp://ftp.cisco.com/pub/mibs/v2/CISCO-AUTH-FRAMEWORK-MIB.my

Thanks,

Tarik