CISCO-NAC-NAD-MIB: View SNMP OID List / Download MIB

VENDOR: CISCO


 Home MIB: CISCO-NAC-NAD-MIB
Download as:   

Download standard MIB format if you are planning to load a MIB file into some system (OS, Zabbix, PRTG ...) or view it with a MIB browser. CSV is more suitable for analyzing and viewing OID' and other MIB objects in excel. JSON and YAML formats are usually used in programing even though some systems can use MIB in YAML format (like Logstash).
Keep in mind that standard MIB files can be successfully loaded by systems and programs only if all the required MIB's from the "Imports" section are already loaded.
The tree-like SNMP object navigator requires no explanations because it is very simple to use. And if you stumbled on this MIB from Google note that you can always go back to the home page if you need to perform another MIB or OID lookup.


Object Name OID Type Access Info
 ciscoNacNadMIB 1.3.6.1.4.1.9.9.484
This MIB module is for the configuration of a Network Access Device (NAD) on the Cisco Network Admission Control (NAC) system. EndPoint -------------- NAD ------- AAA ------ PVS (SecurApp) EAPoUDP/802.1x RADIUS HCAP (Plugin) (PA) Cisco NAC system The Cisco Network Admission Control (NAC) security solution offers a systems approach to customers for ensuring endpoint device compliancy and vulnerability checks prior to production access to the network. Cisco refers to these compliancy checks as posture validations. The intent of this systems approach is to prevent the spread of works, viruses, and rogue applications across the network. This systems approach requires integration with third party end point security applications, as well as endpoint security servers. The Network Access Device (NAD) enforces network access control privileges by controlling which endpoint devices have access to network destinations and services reachable through that NAD. Endpoint devices that do not have the PA installed, enabled, or cannot otherwise respond to the NAD posture challenges are considered non-responsive hosts. Upon recognition of an incoming endpoint device at L2 or L3, the NAD issues a challenge to the endpoint device for posture credentials. Endpoint devices with a PA will recognize the challenge and respond with the necessary posture credentials. The NAD acts as a relay agent between the endpoint device and AAA server for all messages in the posture validation exchange. Once the validation is complete, the NAD enforces the access policy profile downloaded from the AAA Server, e.g. (i) provide full access (ii) deny all access through the NAD restrict access (quarantine) or (iii) some intermediate level of network access restriction or quarantine. Between posture revalidations, the NAD may issue periodic status queries to determine that the each endpoint device using the NAD is still the same device that was first postured, and that the endpoint device's posture credentials have not changed. This mechanism is a challenge response protocol that does not involve the AAA Server nor does it require the posture plugins to resend any credentials. It is used to trigger a full posture revalidation with the AAA Server when the endpoint device's credentials have changed (e.g. to revalidate the host endpoint device after remediation), or a new host endpoint device connects with a previously authorized IP address. The NAD supports a local exception list based on IP, MAC address or device type so that certain endpoint devices can bypass the posture validation process based on system administrator configuration. Also, the NAD may be configured to query the AAA server for access policies associated with endpoint devices that do not have a Posture Agent installed, clientless host endpoint devices. Posture Validation occurs when a NAC-enabled network access device (NAC) detects an endpoint device attempting to connect or use its network resources and it issues the endpoint device a posture challenge. An endpoint device with a resident posture agent will respond to the challenge with sets of posture credentials from one or more posture plugins which can detail the state of the various hardware and software components on the endpoint device. The posture agent response is forwarded by the network access device to an AAA server which may in turn delegate parts of the decision to posture validation server. Evaluation of the credentials against posture validation policies results in an authorization decision or posture token, representing the endpoint device's relative compliance to the network compliance policy. The AAA server then sends the respective network access profile to the network access device for enforcement of the endpoint device authorization. The Cisco Technology consists of the following: Endpoint Device - Any host attempting to connect or use the resource of a network. - e.g., a personal computer, personal data digital assistant, or data server, or other network attached device. NAD - Network Access Device that enforces network access control policies through layer 2 or layer 3 challenge-responses with a network enabled Endpoint device. PC - Posture Credentials that describe the state of an application and/or operating system that is running on an endpoint device at the time a layer 2 or layer 3 challenge response is issued by a NAD. PP - Posture Plugin. A module implemented by an application or agent provider that is responsible for supplying the relevant posture credentials for the application or agent. PA - Posture Agent. Host agent software that serves as a broker on the host for aggregating credential from potentially multiple posture plugins and communicating with the network. CTA - Cisco Trust Agent. Cisco's implementation of the posture agent. EAP - Extensible Authentication Protocol. An extension to PPP. EOU - Extensible Authentication Protocol over UDP. ACS/AAA - Cisco Secure Access Control Server. The primary authorization server that is the network policy decision point and is extended to support posture validation. PVS - Posture Validation Server. UCT - Un Conditional Transition. Clientless - Client without Cisco Posture Agent. Tag - Tag is a policy specifier which is mapped to a policy template based on specific rules. The Tag allows network administrators to define enforcement policies on local device and have a RADIUS server specify the policy Template to be enforced.
         ciscoNacNadMIBNotifs 1.3.6.1.4.1.9.9.484.0
         ciscoNacNadMIBObjects 1.3.6.1.4.1.9.9.484.1
             cnnEouGlobalObjects 1.3.6.1.4.1.9.9.484.1.1
                 cnnEouVersion 1.3.6.1.4.1.9.9.484.1.1.1 unsigned32 read-only
The version of EOU in use on the local system. Value zero indicates the version can not be determined.
                 cnnEouEnabled 1.3.6.1.4.1.9.9.484.1.1.2 truthvalue read-write
Indicates whether the posture validation via EOU is globally enabled or disabled in the device.
                 cnnEouAllowClientless 1.3.6.1.4.1.9.9.484.1.1.3 truthvalue read-write
Indicates whether to allow authentication of clientless hosts (system that does not run Cisco Trust Agent).
                 cnnEouAllowIpStationId 1.3.6.1.4.1.9.9.484.1.1.4 truthvalue read-write
It indicates whether to send the host IP address in the calling station ID field of RADIUS request.
                 cnnEouLoggingEnabled 1.3.6.1.4.1.9.9.484.1.1.5 truthvalue read-write
To enable or disable EOU system logging events. Set to 'true' to enable syslog message at an informational level (syslog level 6).
                 cnnEouMaxRetry 1.3.6.1.4.1.9.9.484.1.1.6 integer32 read-write
The number of maximum retry attempts for EOU.
                 cnnEouPort 1.3.6.1.4.1.9.9.484.1.1.7 inetportnumber read-write
The UDP port for EOU. The port cannot conflict with other UDP application.
                 cnnEouRateLimit 1.3.6.1.4.1.9.9.484.1.1.8 unsigned32 read-write
The number of clients that can be simultaneously validated. Set the rate limit to 0 (zero), rate limiting will be turned off. If the rate limit is set to 100 and there are 101 clients, validation will not occur until one drop off.
                 cnnEouTimeoutAAA 1.3.6.1.4.1.9.9.484.1.1.9 unsigned32 read-write
Timeout period used by NAD with AAA (Authentication, Authorization and Accounting.
                 cnnEouTimeoutHoldPeriod 1.3.6.1.4.1.9.9.484.1.1.10 unsigned32 read-write
Length of time that can elapse before the client sessions are purged from the system due to client inactivity.
                 cnnEouTimeoutRetransmit 1.3.6.1.4.1.9.9.484.1.1.11 unsigned32 read-write
The timeout period for the EOU message retransmitted.
                 cnnEouTimeoutRevalidation 1.3.6.1.4.1.9.9.484.1.1.12 unsigned32 read-write
The timeout period for the revalidation. Setting this object to 0 will globally disable periodic revalidation on this device.
                 cnnEouTimeoutStatusQuery 1.3.6.1.4.1.9.9.484.1.1.13 unsigned32 read-write
The timeout period for the status query after revalidation.
                 cnnEouCriticalRecoveryDelay 1.3.6.1.4.1.9.9.484.1.1.14 unsigned32 read-write
This object specifies the EOU critical recovery delay time for the device. A value of zero indicates that critical recovery delay feature is disabled.
                 cnnEouRevalidationEnabled 1.3.6.1.4.1.9.9.484.1.1.15 truthvalue read-write
Indicates whether the EOU revalidation is globally enabled or disabled in the device.
             cnnEouAuthorizeLists 1.3.6.1.4.1.9.9.484.1.2
                 cnnEouAuthIpTable 1.3.6.1.4.1.9.9.484.1.2.1 no-access
A list of statically authorized IP devices in the system.
                     cnnEouAuthIpEntry 1.3.6.1.4.1.9.9.484.1.2.1.1 no-access
An entry containing the associated policy information of the statically authorized IP device. An entry can be created, or deleted by using cnnEouAuthIpRowStatus. Each statically authorized IP device is associated with a policy. By creating, deleting or modifying an entry in this table, users can add, delete or modify a policy for a particular statically authorized IP device. In order to add the statically authorized IP device into exception-list and associate with the specific policy, user has to create an entry for the device.
                         cnnEouAuthIpAddrType 1.3.6.1.4.1.9.9.484.1.2.1.1.1 inetaddresstype no-access
The type of Internet address by which the statically authorized IP device is reachable.
                         cnnEouAuthIpAddr 1.3.6.1.4.1.9.9.484.1.2.1.1.2 inetaddress no-access
The Internet address for the statically authorized IP device. The type of this address is determined by the value of the cnnEouAuthIpAddrType object.
                         cnnEouAuthIpAddrMask 1.3.6.1.4.1.9.9.484.1.2.1.1.3 inetaddressprefixlength read-only
Using 'inverse mask' to support IP wildcards. The mask used with the source IP address will specify what traffic is exempted from EAP validation. e.g. cnnEouAuthIpAddr: 10.0.0.0 cnnEouAuthIpAddrMask: 0.255.255.255 This exempts any IP in the subnet at 10.x.x.x from posture validation. cnnEouAuthIpAddr: 10.1.2.1 cnnEouAuthIpAddrMask: 0.0.0.0 This exempts host IP 10.1.2.1 from posture validation. cnnEouAuthIpAddr: 10.0.0.0 cnnEouAuthIpAddrMask: 255.255.255.255 Mask value of 255.255.255.255 will exempt ALL hosts from posture validation.
                         cnnEouAuthIpPolicy 1.3.6.1.4.1.9.9.484.1.2.1.1.4 snmpadminstring read-only
The policy associate with the statically authorized IP device. The policy needs to be present in the policy-database before an statically authorized IP device can be associated to it.
                         cnnEouAuthIpStorageType 1.3.6.1.4.1.9.9.484.1.2.1.1.5 storagetype read-only
The storage type for this conceptual row.
                         cnnEouAuthIpRowStatus 1.3.6.1.4.1.9.9.484.1.2.1.1.6 rowstatus read-only
The status of this conceptual row. To create an entry, users set the value of this object to 'createAndGo'. The transition from 'active' to 'notInService' may not be supported. A row may be deleted by setting the RowStatus to 'destroy'. Once a row becomes active, values within the row cannot be modified, except by deleting and re-creating the row.
                 cnnEouAuthMacTable 1.3.6.1.4.1.9.9.484.1.2.2 no-access
A list of static authorized devices identified by MAC address.
                     cnnEouAuthMacEntry 1.3.6.1.4.1.9.9.484.1.2.2.1 no-access
An entry containing the associated policy information of the statically authorized device identified by MAC address. The entry is created, and deleted by using cnnEouAuthMacRowStatus.
                         cnnEouAuthMacAddr 1.3.6.1.4.1.9.9.484.1.2.2.1.1 macaddress no-access
The MAC address of the static authorized device.
                         cnnEouAuthMacAddrMask 1.3.6.1.4.1.9.9.484.1.2.2.1.2 macaddress read-only
Using 'inverse mask' support MAC wildcards. The mask used with the source MAC address will specify what traffic is exempted from EAP validation. e.g. cnnEouAuthMacAddr: 00:0d:bc:ef:eb:bd cnnEouAuthMacAddrMask: 00:00:ff:ff:ff:ff This exempts any MAC in the range 00:0d:00:00:00:00 from posture validation. cnnEouAuthMacAddr: 00:0d:bc:ef:eb:bd cnnEouAuthMacAddrMask: 00:00:00:00:00:00 This exempts specific MAC 00:0d:bc:ef:eb:bd from posture validation. cnnEouAuthMacAddr: 00:0d:bc:ef:eb:bd cnnEouAuthMacAddrMask: ff:ff:ff:ff:ff:ff This exempts all MAC address from posture validation.
                         cnnEouAuthMacPolicy 1.3.6.1.4.1.9.9.484.1.2.2.1.3 snmpadminstring read-only
The policy associate with the statically authorized device identified by MAC address. The policy needs to be present in the policy-database before an device can be associated to it.
                         cnnEouAuthMacStorageType 1.3.6.1.4.1.9.9.484.1.2.2.1.4 storagetype read-only
The storage type for this conceptual row.
                         cnnEouAuthMacRowStatus 1.3.6.1.4.1.9.9.484.1.2.2.1.5 rowstatus read-only
The status of this conceptual row. To create an entry, users set the value of this object to 'createAndGo'. The transition from 'active' to 'notInService' may not be supported. A row may be deleted by setting the RowStatus to 'destroy'. Once a row becomes active, values within the row cannot be modified, except by deleting and re-creating the row.
                 cnnEouAuthDeviceTypeTable 1.3.6.1.4.1.9.9.484.1.2.3 no-access
A list of static authorized devices indexed by device type.
                     cnnEouAuthDeviceTypeEntry 1.3.6.1.4.1.9.9.484.1.2.3.1 no-access
An entry containing the information of the static authorized device indexed by device type.
                         cnnEouAuthDeviceType 1.3.6.1.4.1.9.9.484.1.2.3.1.1 cnneoudevicetype no-access
The static authorize device type.
                         cnnEouAuthDeviceTypeStorageType 1.3.6.1.4.1.9.9.484.1.2.3.1.2 storagetype read-only
The storage type for this conceptual row.
                         cnnEouAuthDeviceTypeRowStatus 1.3.6.1.4.1.9.9.484.1.2.3.1.3 rowstatus read-only
This object is used to create or delete an entry in the cnnEouAuthDeviceTypeTable. A row may be created using the 'CreateAndGo' option. A row may be deleted by setting the RowStatus to 'destroy'. Once a row becomes active, values within the row cannot be modified, except by deleting and re-creating the row.
             cnnEouIfMIBObjects 1.3.6.1.4.1.9.9.484.1.3
                 cnnEouIfConfigTable 1.3.6.1.4.1.9.9.484.1.3.1 no-access
A list of EOU configurations for the EOU capable interfaces.
                     cnnEouIfConfigEntry 1.3.6.1.4.1.9.9.484.1.3.1.1 no-access
An entry containing the EOU configuration information for a particular EOU capable interface.
                         cnnEouIfAdminStatus 1.3.6.1.4.1.9.9.484.1.3.1.1.1 integer read-write
Setting this object to 'auto' means the Posture Validation via EOU ability at this interface would be enabled if a end point device is found. If the value of this object is 'disabled' then the interface will act as it would if it had no posture validation via EOU ability. Setting this object to 'bypass' allows the host connected to this interface this interface to bypass the Posture Validation and directly download the host network access policy from AAA server. Enumeration: 'disabled': 2, 'auto': 1, 'bypass': 3.
                         cnnEouIfMaxRetry 1.3.6.1.4.1.9.9.484.1.3.1.1.2 integer32 read-write
The maximum number of retry by EOU for this interface.
                         cnnEouIfValidateAction 1.3.6.1.4.1.9.9.484.1.3.1.1.3 integer read-write
An EOU validate action to the devices associated with the interface. This object always has the value 'none' when read. none(1) no operation is performed. initialize(2) Manually initiates reauthentication of all the endpoint devices associated with the interface. revalidate(3) Revalidate EOU posture credentials of the devices associated with a specify interface. noRevalidate(4) Disable the revalidation of all the device associated with the interface. Enumeration: 'initialize': 2, 'none': 1, 'noRevalidate': 4, 'revalidate': 3.
                         cnnEouIfTimeoutGlobalConfig 1.3.6.1.4.1.9.9.484.1.3.1.1.4 bits read-write
This object indicates whether the timeout configurations on this interface are based on the corresponding global timeout configurations or not. aaa(0) If this bit is set, the value of cnnEouIfTimeoutAAA is based on the value of cnnEouTimeoutAAA. holdPeriod(1) If this bit is set, the value of cnnEouIfTimeoutHoldPeriod is based on the value of cnnEouTimeoutHoldPeriod. retransmit(2) If this bit is set, the value of cnnEouIfTimeoutRetransmit is based on the value of cnnEouTimeoutRetransmit. revalidation(3) If this bit is set, the value of cnnEouIfTimeoutRevalidation is based on the value of cnnEouTimeoutRevalidation. statusQuery(4) If this bit is set, the value of cnnEouIfTimeoutStatusQuery is based on the value of cnnEouTimeoutStatusQuery. maxRetry(5) If this bit is set, the value of cnnEouIfMaxRetry is based on the value of cnnEouMaxRetry. clientless(6) If this bit is set, the value of cnnEouIfAllowClientless is based on the value of cnnEouAllowClientless. ipStationId(7) If this bit is set, the value of cnnEouIfAllowIpStationId is based on the value of cnnEouAllowIpStationId. If a bit is not set, the value of the corresponding object in the same conceptual row is not based on its corresponding global object. If users configure object which is covered by cnnEouIfTimeoutGlobalConfig in the same conceptual row while the corresponding bit is set, the corresponding bit will be unset in order to reflect that such configuration is not from its corresponding global object. Bits: 'aaa': 0, 'retransmit': 2, 'revalidation': 3, 'clientless': 6, 'statusQuery': 4, 'maxRetry': 5, 'ipStationId': 7, 'holdPeriod': 1.
                         cnnEouIfTimeoutAAA 1.3.6.1.4.1.9.9.484.1.3.1.1.5 unsigned32 read-write
The timeout period used by EOU for the AAA server connection on this interface.
                         cnnEouIfTimeoutHoldPeriod 1.3.6.1.4.1.9.9.484.1.3.1.1.6 unsigned32 read-write
The hold period of this interface. The hold period is the length of the time that can elapse before the client session entries are purged from the system due to client inactivity.
                         cnnEouIfTimeoutRetransmit 1.3.6.1.4.1.9.9.484.1.3.1.1.7 unsigned32 read-write
The timeout period for the EOU message retransmitted at this interface.
                         cnnEouIfTimeoutRevalidation 1.3.6.1.4.1.9.9.484.1.3.1.1.8 unsigned32 read-write
The timeout period for the revalidation at this interface. Setting this object to 0 will disable periodic revalidation on this device.
                         cnnEouIfTimeoutStatusQuery 1.3.6.1.4.1.9.9.484.1.3.1.1.9 unsigned32 read-write
The timeout period for the status query after revalidation at this interface.
                         cnnEouIfAaaFailPolicy 1.3.6.1.4.1.9.9.484.1.3.1.1.10 cpgpolicynameorempty read-write
Specified the name of the policy template to be applied when cnnEouHostResultState is 'aaaFail'. The specified policy name must exist in cpgPolicyTable if it is not empty string.
                         cnnEouIfAllowClientless 1.3.6.1.4.1.9.9.484.1.3.1.1.11 truthvalue read-write
This object specifies whether to allow authentication of clientless hosts (system that does not run Cisco Trust Agent) on the interface.
                         cnnEouIfAllowIpStationId 1.3.6.1.4.1.9.9.484.1.3.1.1.12 truthvalue read-write
This object specifies whether to send the host IP address in the calling station ID field of RADIUS request for hosts on the interface.
             cnnEouHostMIBObjects 1.3.6.1.4.1.9.9.484.1.4
                 cnnEouHostValidateAction 1.3.6.1.4.1.9.9.484.1.4.1 integer read-write
An EOU validate action to the devices. Initialize: When a device is initialized, all previous state information about that host is deleted and the admission control process for that host will start with no state. Revalidate: When a host is revalidated, state information about that host is retained so that the host still has its' normal access during the revalidation process. This object always has the value 'none' when read. none(1) - no operation is performed. initializeAll(2) - to manually initiates reauthentication of all endpoint devices on the system. initializeAuthClientless(3) - to manually initiates reauthentication of all clientless endpoint devices. initializeAuthEap(4) - to manually initiates reauthentication of all the endpoint devices authorized by Extensive Authentication Protocol. initializeAuthStatic(5) - to manually initiates reauthentication of all the statically authorized endpoint devices. initializeIp(6) - to manually initiates reauthentication of a specific IP device. The value in cnnEouHostValidateIpAddrType and cnnEouHostValidateIpAddr are used by this operation. initializeMac(7) - to manually initiates reauthentication of the endpoint device identified by MAC address. The value in cnnEouHostValidateMacAddr is used by this operation. initializePostureToken(8) - to manually initiates reauthentication of the endpoint device(s) with a specify posture token assigned. The value in cnnEouHostValidatePostureToken is used by this operation. This enumerated integer is deprecated and replaced by initializePostureTokenStr. revalidateAll(9) - to revalidate EOU posture credentials of all devices on the system. revalidateAuthClientless(10) - to revalidate EOU posture credentials of all clientless devices on the system. revalidateAuthEap(11) - to revalidate EOU posture credentials of the devices authorized by EAP on the system. revalidateAuthStatic(12) - to revalidate EOU posture credentials of all statically authorized devices on the system. revalidateIp(13) - to revalidates EOU posture credentials of a specific IP device. The value in cnnEouHostValidateIpAddrType and cnnEouHostValidateIpAddr are used by this operation. revalidateMac(14) - to revalidates EOU posture credentials of a specific device identified by MAC address. The value in cnnEouHostValidateMacAddr is used by this operation. revalidatePostureToken(15) - to enable revalidates EOU posture credentials of the devices with the specific posture token assigned. The value in cnnEouHostValidatePostureToken is used by this operation. This enumerated integer is deprecated and replaced by revalidatePostureTokenStr. noRevalidateAll(16) - to disable revalidation of all devices on the system. noRevalidateAuthClientless(17) - to disable the revalidation of all clientless devices on the system. noRevalidateAuthEap(18) - to disable the revalidation of all devices authorized by EAP on the system. noRevalidateAuthStatic(19) - to disable the revalidation of all statically authorized devices on the system. noRevalidateIp(20) - to disable the revalidation of the specific IP device. The value in cnnEouHostValidateIpAddrType and cnnEouHostValidateIpAddr are used by this operation. noRevalidateMac(21) - to disable the revalidation of the specific device identified by MAC address. The value in cnnEouHostValidateMacAddr is used by this operation. noRevalidatePostureToken(22) - to disable the revalidation of all device with the specific posture token assigned. The value in cnnEouHostValidatePostureToken is used by this operation. This enumerated integer is deprecated and replaced by noRevalidatePostureTokenStr. initializePostureTokenStr(23) - to manually initiates reauthentication of the endpoint device(s) with a specify posture token assigned. The value in cnnEouHostValidatePostureTokenStr is used by this operation. revalidatePostureTokenStr(24) - to enable revalidates EOU posture credentials of the devices with the specific posture token assigned. The value in cnnEouHostValidatePostureTokenStr is used by this operation. noRevalidatePostureTokenStr(25) - to disable the revalidation of all device with the specific posture token assigned. The value in cnnEouHostValidatePostureTokenStr is used by this operation. Enumeration: 'initializeIp': 6, 'initializeAuthStatic': 5, 'noRevalidateAll': 16, 'noRevalidateAuthEap': 18, 'revalidateAuthClientless': 10, 'revalidateAll': 9, 'revalidatePostureTokenStr': 24, 'revalidatePostureToken': 15, 'initializeAll': 2, 'noRevalidatePostureTokenStr': 25, 'noRevalidateIp': 20, 'noRevalidatePostureToken': 22, 'noRevalidateAuthClientless': 17, 'revalidateAuthStatic': 12, 'initializePostureTokenStr': 23, 'initializeAuthClientless': 3, 'revalidateMac': 14, 'revalidateIp': 13, 'noRevalidateAuthStatic': 19, 'initializeMac': 7, 'none': 1, 'noRevalidateMac': 21, 'revalidateAuthEap': 11, 'initializeAuthEap': 4, 'initializePostureToken': 8.
                 cnnEouHostValidateIpAddrType 1.3.6.1.4.1.9.9.484.1.4.2 inetaddresstype read-write
The type of Internet address for a detected host.
                 cnnEouHostValidateIpAddr 1.3.6.1.4.1.9.9.484.1.4.3 inetaddress read-write
The Internet address for a detected host. The type of this address is determined by the value of the cnnEouHostValidateIpAddrType.
                 cnnEouHostValidateMacAddr 1.3.6.1.4.1.9.9.484.1.4.4 macaddress read-write
The Mac address for a detected host.
                 cnnEouHostValidatePostureToken 1.3.6.1.4.1.9.9.484.1.4.5 cnneouposturetoken read-write
Type of posture token for a detected host. This object is deprecated and replaced by cnnEouHostValidatePostureTokenStr.
                 cnnEouHostMaxQueries 1.3.6.1.4.1.9.9.484.1.4.6 unsigned32 read-only
Maximum number of query entries allowed to be outstanding at any time, in the cnnEouHostQueryTable.
                 cnnEouHostQueryTable 1.3.6.1.4.1.9.9.484.1.4.7 no-access
A control table used to query the client host by specifying retrieval criteria for the EOU information. Each row instance in the table represents a query with its parameters. The resulting data for each instance of a query in this table is returned in the cnnHostQueryResultTable. The maximum number of entries (rows) in this table cannot exceed the value of cnnEouHostMaxQueries object.
                     cnnEouHostQueryEntry 1.3.6.1.4.1.9.9.484.1.4.7.1 no-access
A conceptual row of the cnnEouHostQueryTable used to setup retrieval criteria to search for the EOU hosts on the system. The actual search is started by setting the value of cnnEouHostQueryStatus to 'active'. Once a row becomes active, values within the row cannot be modified, except by deleting and re-creating the row.
                         cnnEouHostQueryIndex 1.3.6.1.4.1.9.9.484.1.4.7.1.1 unsigned32 no-access
An arbitrary integer in the range of 1 to cnnEouHostMaxQueries to identify this control query.
                         cnnEouHostQueryMask 1.3.6.1.4.1.9.9.484.1.4.7.1.2 integer read-only
Setting each value causes the appropriate action: authenClientless(1) - causes the creation of row(s) in the cnnHostQueryResultTable corresponding to the current EOU information for the clientless host(s) on the system. authenEap(2) - causes the creation of row(s) in the cnnHostQueryResultTable corresponding to the current EOU information for the hosts authorized by EAP on the system. authenStatic(3) - causes the creation of row(s) in the cnnHostQueryResultTable corresponding to the current EOU information for the statically authorized hosts on the system. interface(4) - causes the creation of row(s) in the cnnHostQueryResultTable corresponding to the current EOU information for the endpoint devices connected to the interface specified in cnnEouHostQueryInterface. ip(5) - causes the creation of row(s) in the cnnHostQueryResultTable corresponding to the current EOU information for the IP hosts specified in cnnEouHostQueryIpAddrType and cnnEouHostQueryIpAddr. mac(6) - causes the creation of row(s) in the cnnHostQueryResultTable corresponding to the current EOU information for the hosts matching the mac address specified in cnnEouHostQueryMacAddr. postureToken(7) - causes the creation of row(s) in the cnnHostQueryResultTable corresponding to the current EOU information for the hosts assigned posture token specified in cnnEouHostQueryPostureToken. This enumerated integer is deprecated and replaced by postureTokenString. all(8) - returns all rows corresponding to all the detected hosts in the system. postureTokenString(9) - causes the creation of row(s) in the cnnHostQueryResultTable corresponding to the current EOU information for the hosts assigned posture token string specified in cnnEouHostQueryPostureTokenStr. Enumeration: 'authenEap': 2, 'postureToken': 7, 'ip': 5, 'all': 8, 'mac': 6, 'authenClientless': 1, 'interface': 4, 'postureTokenString': 9, 'authenStatic': 3.
                         cnnEouHostQueryInterface 1.3.6.1.4.1.9.9.484.1.4.7.1.3 interfaceindexorzero read-only
An index value that uniquely identifies an interface where the end point device is connected. The interface identified by a particular value of this index is the same interface as identified by the same value of ifIndex.
                         cnnEouHostQueryIpAddrType 1.3.6.1.4.1.9.9.484.1.4.7.1.4 inetaddresstype read-only
The internet address type for the queried host.
                         cnnEouHostQueryIpAddr 1.3.6.1.4.1.9.9.484.1.4.7.1.5 inetaddress read-only
The Internet address for the queried host. The type of this address is determined by the value of the cnnEouHostQueryIpAddrType. If the 'ip' option of cnnEouHostQueryMask is selected, an appropriate IP address type is assigned to cnnEouHostQueryIpAddrType, and an appropriate IP address is assigned to cnnEouHostQueryIpAddr then only the IP host with the specified address will be containing in the result table.
                         cnnEouHostQueryMacAddr 1.3.6.1.4.1.9.9.484.1.4.7.1.6 macaddress read-only
The Mac address for the queried host. If the 'mac' option of cnnEouHostQueryMask is selected, an appropriate MAC address is assigned to this object then only the host with the specified MAC address will be containing in the result table.
                         cnnEouHostQueryPostureToken 1.3.6.1.4.1.9.9.484.1.4.7.1.7 cnneouposturetoken read-only
The assigned posture token for the queried host. If the 'postureToken' option of cnnEouHostQueryMask is selected, an appropriate posture token is assigned to this object then only the host with the specified posture token will be containing in the result table. This object is deprecated and replaced by cnnEouHostQueryPostureTokenStr.
                         cnnEouHostQuerySkipNHosts 1.3.6.1.4.1.9.9.484.1.4.7.1.8 unsigned32 read-only
The number of searched detected hosts to be skipped before storing any host in cnnEouHostResultTable. This object can be used along with cnnEouHostQueryTotalHosts object to skip previously found hosts by setting the variable equal to the number of the associated rows in cnnEouHostResultTable, and only query the remaining hosts in the table. Note that due to the dynamical nature of the EOU, the queried hosts may be missed or repeated by setting this object.
                         cnnEouHostQueryMaxResultRows 1.3.6.1.4.1.9.9.484.1.4.7.1.9 unsigned32 read-only
This is the maximum number of rows in the cnnEouHostResultTable, resulting from this query. A value of zero (0) indicates no limit rows in cnnEouHostResultTable, resulting from this query.
                         cnnEouHostQueryTotalHosts 1.3.6.1.4.1.9.9.484.1.4.7.1.10 integer32 read-only
Indicating the total number of the hosts matching the query criterion. -1 - Either the query has not been started or the agent is still processing this query instance. It is the default value when the row is instantiated. 0..2147483647 - The search has ended and this is the number of host matching the query criterion.
                         cnnEouHostQueryRows 1.3.6.1.4.1.9.9.484.1.4.7.1.11 integer32 read-only
Indicating the status of the query by following values: -1 - Either the query has not been started or the agent is still processing this query instance. It is the default value when the row is instantiated. 0..2147483647 - The search has ended and this is the number of rows in the cnnEouHostResultTable, resulting from this query.
                         cnnEouHostQueryCreateTime 1.3.6.1.4.1.9.9.484.1.4.7.1.12 timestamp read-only
Time when this query was last set to active.
                         cnnEouHostQueryStatus 1.3.6.1.4.1.9.9.484.1.4.7.1.13 rowstatus read-only
The status object used to manage rows in this table. When set to 'createAndGo', the query is initiated. The completion of the query is indicated by the value of cnnEouHostQueryRows as soon as it becomes greater than or equal to 0. Once a row becomes active, values within the row cannot be modified, except by deleting and re-creating it.
                         cnnEouHostQueryPostureTokenStr 1.3.6.1.4.1.9.9.484.1.4.7.1.14 cnneouposturetokenstring read-only
The assigned posture token string for the queried host. If the 'postureTokenString' option of cnnEouHostQueryMask is selected, an appropriate posture token string is assigned to this object then only the host with the specified posture token string will be containing in the result table.
                 cnnEouHostResultTable 1.3.6.1.4.1.9.9.484.1.4.8 no-access
A table containing current detected host information corresponding to all the completed queries set up in the cnnEouHostQueryTable, that were detected in the device. The query result will not become available until the current search completes.
                     cnnEouHostResultEntry 1.3.6.1.4.1.9.9.484.1.4.8.1 no-access
A conceptual row of cnnEouHostResultTable, containing posture validation information of an detected host that matches the search criteria set in the corresponding row of cnnEouHostQueryTable.
                         cnnEouHostResultIndex 1.3.6.1.4.1.9.9.484.1.4.8.1.1 unsigned32 no-access
A number which uniquely identifies a result entry matching a particular query.
                         cnnEouHostResultAssocIf 1.3.6.1.4.1.9.9.484.1.4.8.1.2 interfaceindex read-only
An index value that uniquely identifies an interface where the end point device is currently connected. The interface identified by a particular value of this index is the same interface as identified by the same value of ifIndex.
                         cnnEouHostResultIpAddrType 1.3.6.1.4.1.9.9.484.1.4.8.1.3 inetaddresstype read-only
The type of Internet address by which the detected host is reachable.
                         cnnEouHostResultIpAddr 1.3.6.1.4.1.9.9.484.1.4.8.1.4 inetaddress read-only
The internet address for the detected host. The type of this address is determined by the value of the cnnEouHostResultIpAddrType object.
                         cnnEouHostResultMacAddr 1.3.6.1.4.1.9.9.484.1.4.8.1.5 macaddress read-only
Indicates The MAC address of the detected host.
                         cnnEouHostResultAuthType 1.3.6.1.4.1.9.9.484.1.4.8.1.6 cnneouauthtype read-only
This object indicates the authentication type used in the posture validation process for this detected host.
                         cnnEouHostResultPostureToken 1.3.6.1.4.1.9.9.484.1.4.8.1.7 cnneouposturetoken read-only
Indicates the posture token of the detected host. During the posture validation process, the host will be placed into a particular category and have a token assigned to it. This assignment will depend on the state of the software that is resident on the host. The host will have specific right to access network based on the token assigned. This object is deprecated and replaced by cnnEouHostResultPostureTokenStr
                         cnnEouHostResultAge 1.3.6.1.4.1.9.9.484.1.4.8.1.8 unsigned32 read-only
Indicates the length of time, in minutes, that host has been connected.
                         cnnEouHostResultUrlRedir 1.3.6.1.4.1.9.9.484.1.4.8.1.9 ciscourlstring read-only
This object specifies the URL(Web page) where the latest Anti-Virus file can be downloaded or upgraded, if the detected host fails the credential validation then it may require remediation.
                         cnnEouHostResultAclName 1.3.6.1.4.1.9.9.484.1.4.8.1.10 snmpadminstring read-only
The mapped ACL to this detected host. A character string for an ACL (Access Control List) name. Valid characters are a-z, A-Z, 0-9, ,'#', '-', '_' and '.'. Some devices may require that an ACL name contains at least one non-numeric character. ACL name is case sensitive.
                         cnnEouHostResultStatusQryPeriod 1.3.6.1.4.1.9.9.484.1.4.8.1.11 unsigned32 read-only
The timeout period, in seconds, for the status query after revalidation at this interface.
                         cnnEouHostResultRevalidatePeriod 1.3.6.1.4.1.9.9.484.1.4.8.1.12 unsigned32 read-only
The timeout period, in second, for the revalidation at this interface.
                         cnnEouHostResultState 1.3.6.1.4.1.9.9.484.1.4.8.1.13 cnneoustate read-only
Indicates the current EOU state of this detected host.
                         cnnEouHostResultPostureTokenStr 1.3.6.1.4.1.9.9.484.1.4.8.1.14 cnneouposturetokenstring read-only
Indicates the posture token string of the detected host. During the posture validation process, the host will be placed into a particular category and have a token assigned to it. This assignment will depend on the state of the software that is resident on the host. The host will have specific right to access network based on the token assigned.
                         cnnEouHostResultUrlRedirectAcl 1.3.6.1.4.1.9.9.484.1.4.8.1.15 snmpadminstring read-only
Indicates the name of the access control list(ACL) for URL redirection. Any ingress HTTP from the host that matches this ACL will be subjected to redirection to the URL (Web page) specified in cnnEouHostResultUrlRedir.
                         cnnEouHostResultTagName 1.3.6.1.4.1.9.9.484.1.4.8.1.16 snmpadminstring read-only
Indicates the tag which is received as a policy response from the ACS server for the detected host.
                         cnnEouHostResultAuditSessionId 1.3.6.1.4.1.9.9.484.1.4.8.1.17 snmpadminstring read-only
This object uniquely identifies a host session. Session ID is included in access requests to AAA server and in Web requests to Audit server.
                         cnnEouHostResultAaaFailPolicy 1.3.6.1.4.1.9.9.484.1.4.8.1.18 snmpadminstring read-only
This object indicates the name of policy template to be applied when EouHostResultState is 'aaaFail'.
                 cnnEouHostValidatePostureTokenStr 1.3.6.1.4.1.9.9.484.1.4.9 cnneouposturetokenstring read-write
Posture token string for a detected host.
             cnnIpDeviceTrackingObjects 1.3.6.1.4.1.9.9.484.1.5
                 cnnIpDeviceTrackingEnabled 1.3.6.1.4.1.9.9.484.1.5.1 truthvalue read-write
Specifies whether the IP device tracking feature is globally enabled or disabled on this device.
                 cnnIpDeviceTrackingProbeCount 1.3.6.1.4.1.9.9.484.1.5.2 unsigned32 read-write
Specifies the number of times that this device sends the ARP probe to an IP device before removing the IP device from the IP device tracking table.
                 cnnIpDeviceTrackingProbeInterval 1.3.6.1.4.1.9.9.484.1.5.3 unsigned32 read-write
Specifies the number of the seconds that this device waits before resending the ARP probe.
                 cnnEouIfIpDevTrackConfigTable 1.3.6.1.4.1.9.9.484.1.5.4 no-access
A table of IP Device Tracking configuration for EOU interfaces in the system.
                     cnnEouIfIpDevTrackConfigEntry 1.3.6.1.4.1.9.9.484.1.5.4.1 no-access
A set of EOU IP Device Tracking configuration information on an EOU interface.
                         cnnEouIfIpDevTrackEnabled 1.3.6.1.4.1.9.9.484.1.5.4.1.1 truthvalue read-write
Specifies if IP Device Tracking feature is enabled on this interface.
         ciscoNacNadMIBConformance 1.3.6.1.4.1.9.9.484.2
             ciscoNacNadMIBCompliances 1.3.6.1.4.1.9.9.484.2.1
                 ciscoNacNadMIBCompliance 1.3.6.1.4.1.9.9.484.2.1.1
The compliance statement for the CISCO-NAC-NAD-MIB. OBJECT cnnEouAuthIpAddrType SYNTAX InetAddressType { ipv4(1) } DESCRIPTION An implementation is only required to support IPv4 addresses.
                 ciscoNacNadMIBCompliance2 1.3.6.1.4.1.9.9.484.2.1.2
The compliance statement for the CISCO-NAC-NAD-MIB. OBJECT cnnEouAuthIpAddrType SYNTAX InetAddressType { ipv4(1) } DESCRIPTION An implementation is only required to support IPv4 addresses.
                 ciscoNacNadMIBCompliance3 1.3.6.1.4.1.9.9.484.2.1.3
The compliance statement for the CISCO-NAC-NAD-MIB. OBJECT cnnEouAuthIpAddrType SYNTAX InetAddressType { ipv4(1) } DESCRIPTION An implementation is only required to support IPv4 addresses.
                 ciscoNacNadMIBCompliance4 1.3.6.1.4.1.9.9.484.2.1.4
The compliance statement for the CISCO-NAC-NAD-MIB. OBJECT cnnEouAuthIpAddrType SYNTAX InetAddressType { ipv4(1) } DESCRIPTION An implementation is only required to support IPv4 addresses.
             ciscoNacNadMIBGroups 1.3.6.1.4.1.9.9.484.2.2
                 ciscoNacNadEouGlobalGroup 1.3.6.1.4.1.9.9.484.2.2.1
A collection of objects providing the global configuration on the NAD.
                 ciscoNacNadEouAuthIpGroup 1.3.6.1.4.1.9.9.484.2.2.2
A collection of objects providing the configuration for the static authorization IP device with policy associated.
                 ciscoNacNadEouAuthMacGroup 1.3.6.1.4.1.9.9.484.2.2.3
A collection of objects providing the configuration for the static authorization MAC device with policy associated.
                 ciscoNacNadEouAuthDeviceTypeGrp 1.3.6.1.4.1.9.9.484.2.2.4
A collection of objects providing the configuration for the static authorization device identified by device type.
                 ciscoNacNadEouIfConfigGroup 1.3.6.1.4.1.9.9.484.2.2.5
A collection of objects providing the interface configuration on the NAD.
                 ciscoNacNadEouHostGroup 1.3.6.1.4.1.9.9.484.2.2.6
A collection of objects providing the host configuration on the NAD.
                 ciscoNacNadEouIfTimeoutGroup 1.3.6.1.4.1.9.9.484.2.2.7
A collection of objects providing the timeout configuration on the interface.
                 ciscoNacNadEouIfMaxRetryGroup 1.3.6.1.4.1.9.9.484.2.2.8
A collection of objects providing the max-retry configuration on the interface.
                 ciscoNacNadEouRateLimitGroup 1.3.6.1.4.1.9.9.484.2.2.9
A collection of objects providing the rate limit configuration.
                 ciscoNacNadEouIfAdminGroup 1.3.6.1.4.1.9.9.484.2.2.10
A collection of objects providing the administrative configuration on the interfaces.
                 ciscoNacNadEouHostAgeGroup 1.3.6.1.4.1.9.9.484.2.2.11
A collection of objects providing the age information on the interface.
                 ciscoNacNadEouHostUrlRedir 1.3.6.1.4.1.9.9.484.2.2.12
A collection of objects providing the redirect URL information on the interface.
                 ciscoNacNadEouHostAclGroup 1.3.6.1.4.1.9.9.484.2.2.13
A collection of objects providing the ACL(Access Control List) information on the interface.
                 ciscoNacNadEouIfAaaFailPolicyGrp 1.3.6.1.4.1.9.9.484.2.2.14
A collection of objects providing the AAA failed policy for the interface.
                 ciscoNacNadEouHostGrp 1.3.6.1.4.1.9.9.484.2.2.15
A collection of objects providing the host configuration on the NAD.
                 cnnIpDeviceTrackingConfigGrp 1.3.6.1.4.1.9.9.484.2.2.16
A collection of objects providing IP device tracking for the device.
                 cnnEouCriticalRecoveryDelayGrp 1.3.6.1.4.1.9.9.484.2.2.17
A collection of objects providing critical recovery delay for the device.
                 cnnEouIfIpDevTrackConfigGrp 1.3.6.1.4.1.9.9.484.2.2.18
A collection of objects providing EOU IP device tracking per interface in the device.
                 ciscoNacNadRevalidateConfigGrp 1.3.6.1.4.1.9.9.484.2.2.19
A collection of objects providing the globally configuration for the system.
                 ciscoNacNadEouHostGroup1 1.3.6.1.4.1.9.9.484.2.2.20
A collection of objects providing the host extension configuration on the NAD.
                 ciscoNacNadEouIfExtGroup 1.3.6.1.4.1.9.9.484.2.2.21
A collection of objects providing the interface extension configuration on the NAD.