#-MIBFILE: cisco-nac-nad.mib CISCO-NAC-NAD-MIB DEFINITIONS ::= BEGIN DisplayString ::= OCTET STRING (SIZE(0..255)) PhysAddress ::= OCTET STRING MacAddress ::= OCTET STRING (SIZE(6)) TruthValue ::= INTEGER { true(1), false(2) } TestAndIncr ::= INTEGER (0..2147483647) AutonomousType ::= OBJECT IDENTIFIER InstancePointer ::= OBJECT IDENTIFIER VariablePointer ::= OBJECT IDENTIFIER RowPointer ::= OBJECT IDENTIFIER RowStatus ::= INTEGER { active(1), notInService(2), notReady(3), createAndGo(4), createAndWait(5), destroy(6) } TimeStamp ::= TimeTicks TimeInterval ::= INTEGER (0..2147483647) DateAndTime ::= OCTET STRING (SIZE(8|11)) StorageType ::= INTEGER { other(1), volatile(2), nonVolatile(3), permanent(4), readOnly(5) } TDomain ::= OBJECT IDENTIFIER TAddress ::= OCTET STRING (SIZE(1..255)) OwnerString ::= OCTET STRING (SIZE(0..255)) InterfaceIndex ::= INTEGER (1..2147483647) InterfaceIndexOrZero ::= INTEGER (0..2147483647) mib-2 OBJECT IDENTIFIER ::= { mgmt 1 } interfaces OBJECT IDENTIFIER ::= { mib-2 2 } ifTable OBJECT IDENTIFIER ::= { interfaces 2 } ifEntry OBJECT IDENTIFIER ::= { ifTable 1 } ifIndex OBJECT IDENTIFIER ::= { ifEntry 1 } interfaces OBJECT IDENTIFIER ::= { mib-2 2 } InetAddressType ::= INTEGER { unknown(0), ipv4(1), ipv6(2), ipv4z(3), ipv6z(4), dns(16) } InetAddress ::= OCTET STRING (SIZE(0..255)) InetAddressIPv4 ::= OCTET STRING (SIZE(4)) InetAddressIPv6 ::= OCTET STRING (SIZE(16)) InetAddressIPv4z ::= OCTET STRING (SIZE(8)) InetAddressIPv6z ::= OCTET STRING (SIZE(20)) InetAddressDNS ::= OCTET STRING (SIZE(1..255)) InetAddressPrefixLength ::= OCTET STRING InetPortNumber ::= OCTET STRING InetAutonomousSystemNumber ::= OCTET STRING InetScopeType ::= INTEGER { interfaceLocal(1), linkLocal(2), subnetLocal(3), adminLocal(4), siteLocal(5), organizationLocal(8), global(14) } InetZoneIndex ::= OCTET STRING InetVersion ::= INTEGER { unknown(0), ipv4(1), ipv6(2) } SnmpEngineID ::= OCTET STRING (SIZE(5..32)) SnmpSecurityModel ::= INTEGER (0..2147483647) SnmpMessageProcessingModel ::= INTEGER (0..2147483647) SnmpSecurityLevel ::= INTEGER { noAuthNoPriv(1), authNoPriv(2), authPriv(3) } SnmpAdminString ::= OCTET STRING (SIZE(0..255)) CiscoNetworkProtocol ::= INTEGER { ip(1), decnet(2), pup(3), chaos(4), xns(5), x121(6), appletalk(7), clns(8), lat(9), vines(10), cons(11), apollo(12), stun(13), novell(14), qllc(15), snapshot(16), atmIlmi(17), bstun(18), x25pvc(19), ipv6(20), cdm(21), nbf(22), bpxIgx(23), clnsPfx(24), http(25), unknown(65535) } CiscoNetworkAddress ::= OCTET STRING Unsigned64 ::= OCTET STRING SAPType ::= INTEGER (0..254) CountryCode ::= OCTET STRING (SIZE(0|2)) CountryCodeITU ::= OCTET STRING EntPhysicalIndexOrZero ::= INTEGER (0..2147483647) CiscoRowOperStatus ::= INTEGER { active(1), activeDependencies(2), inactiveDependency(3), missingDependency(4) } CiscoPort ::= INTEGER (0..65535) CiscoIpProtocol ::= INTEGER (0..255) CiscoLocationClass ::= INTEGER { chassis(1), shelf(2), slot(3), subSlot(4), port(5), subPort(6), channel(7), subChannel(8) } CiscoLocationSpecifier ::= OCTET STRING (SIZE(0..255)) CiscoInetAddressMask ::= OCTET STRING CiscoAbsZeroBasedCounter32 ::= Gauge CiscoSnapShotAbsCounter32 ::= OCTET STRING CiscoAlarmSeverity ::= INTEGER { cleared(1), indeterminate(2), critical(3), major(4), minor(5), warning(6), info(7) } PerfHighIntervalCount ::= OCTET STRING ConfigIterator ::= OCTET STRING BulkConfigResult ::= OCTET STRING (SIZE(0..255)) ListIndex ::= INTEGER (1..2147483647) ListIndexOrZero ::= INTEGER (0..2147483647) TimeIntervalSec ::= OCTET STRING TimeIntervalMin ::= OCTET STRING CiscoMilliSeconds ::= OCTET STRING MicroSeconds ::= OCTET STRING CiscoPortList ::= OCTET STRING (SIZE(0..256)) CiscoPortListRange ::= INTEGER { oneto2k(1), twoKto4K(2), fourKto6K(3), sixKto8K(4), eightKto10K(5), tenKto12K(6), twelveKto14K(7), fourteenKto16K(8) } IfOperStatusReason ::= INTEGER { other(1), none(2), hwFailure(3), loopbackDiagFailure(4), errorDisabled(5), swFailure(6), linkFailure(7), offline(8), nonParticipating(9), initializing(10), vsanInactive(11), adminDown(12), channelAdminDown(13), channelOperSuspended(14), channelConfigurationInProgress(15), rcfInProgress(16), elpFailureIsolation(17), escFailureIsolation(18), domainOverlapIsolation(19), domainAddrAssignFailureIsolation(20), domainOtherSideEportIsolation(21), domainInvalidRcfReceived(22), domainManagerDisabled(23), zoneMergeFailureIsolation(24), vsanMismatchIsolation(25), parentDown(26), srcPortNotBound(27), interfaceRemoved(28), fcotNotPresent(29), fcotVendorNotSupported(30), incompatibleAdminMode(31), incompatibleAdminSpeed(32), suspendedByMode(33), suspendedBySpeed(34), suspendedByWWN(35), domainMaxReTxFailure(36), eppFailure(37), portVsanMismatchIsolation(38), loopbackIsolation(39), upgradeInProgress(40), incompatibleAdminRxBbCredit(41), incompatibleAdminRxBufferSize(42), portChannelMembersDown(43), zoneRemoteNoRespIsolation(44), firstPortUpAsEport(45), firstPortNotUp(46), peerFCIPPortClosedConnection(47), peerFCIPPortResetConnection(48), fcipPortMaxReTx(49), fcipPortKeepAliveTimerExpire(50), fcipPortPersistTimerExpire(51), fcipPortSrcLinkDown(52), fcipPortSrcAdminDown(53), fcipPortAdminCfgChange(54), fcipSrcPortRemoved(55), fcipSrcModuleNotOnline(56), invalidConfig(57), portBindFailure(58), portFabricBindFailure(59), noCommonVsanIsolation(60), ficonVsanDown(61), invalidAttachment(62), portBlocked(63), incomAdminRxBbCreditPerBuf(64), tooManyInvalidFlogis(65), deniedDueToPortBinding(66), elpFailureRevMismatch(67), elpFailureClassFParamErr(68), elpFailureClassNParamErr(69), elpFailureUnknownFlowCtlCode(70), elpFailureInvalidFlowCtlParam(71), elpFailureInvalidPortName(72), elpFailureInvalidSwitchName(73), elpFailureRatovEdtovMismatch(74), elpFailureLoopbackDetected(75), elpFailureInvalidTxBbCredit(76), elpFailureInvalidPayloadSize(77), bundleMisCfg(78), bitErrRuntimeThreshExceeded(79), linkFailLinkReset(80), linkFailPortInitFail(81), linkFailPortUnusable(82), linkFailLossOfSignal(83), linkFailLossOfSync(84), linkFailNosRcvd(85), linkFailOlsRcvd(86), linkFailDebounceTimeout(87), linkFailLrRcvd(88), linkFailCreditLoss(89), linkFailRxQOverflow(90), linkFailTooManyInterrupts(91), linkFailLipRcvdBb(92), linkFailBbCreditLoss(93), linkFailOpenPrimSignalTimeout(94), linkFailOpenPrimSignalReturned(95), linkFailLipF8Rcvd(96), linkFailLineCardPortShutdown(97), fcspAuthenfailure(98), fcotChecksumError(99), ohmsExtLoopbackTest(100), invalidFabricBindExchange(101), tovMismatch(102), ficonNotEnabled(103), ficonNoPortNumber(104), ficonBeingEnabled(105), ePortProhibited(106), portGracefulShutdown(107), trunkNotFullyActive(108), fabricBindingSwitchWwnNotFound(109), fabricBindingDomainInvalid(110), fabricBindingDbMismatch(111), fabricBindingNoRspFromPeer(112), dpvmVsanSuspended(113), dpvmVsanNotFound(114), trackedPortDown(115), ecSuspendedOnLoop(116), isolateBundleMisCfg(117), noPeerBundleSupport(118), portBringupIsolation(119), domainNotAllowedIsolated(120), virtualIvrDomainOverlapIsolation(121), outOfService(122), portAuthFailed(123), bundleStandby(124), portConnectorTypeErr(125), errorDisabledReInitLmtReached(126), ficonDupPortNum(127), localRcf(128), twoSwitchesWithSameWWN(129), invalidOtherSidePrincEFPReqRecd(130), domainOther(131) } EntLogicalIndexOrZero ::= INTEGER (0..2147483647) CiscoURLString ::= OCTET STRING (SIZE(1..255)) CiscoHTTPResponseStatusCode ::= OCTET STRING CvE164Address ::= OCTET STRING (SIZE(1..128)) cisco OBJECT IDENTIFIER ::= { enterprises 9 } ciscoMgmt OBJECT IDENTIFIER ::= { cisco 9 } CnnEouPostureToken ::= INTEGER { unknown(1), healthy(2), checkup(3), quarantine(4), infected(5) } CnnEouState ::= INTEGER { initialize(1), hello(2), clientless(3), eapRequest(4), response(5), authenticated(6), fail(7), abort(8) } CnnEouAuthType ::= INTEGER { clientless(1), eap(2), static(3) } CnnEouDeviceType ::= INTEGER { ciscoIpPhone(1) } ciscoNacNadMIB OBJECT IDENTIFIER ::= { ciscoMgmt 484 } ciscoNacNadMIBNotifs OBJECT IDENTIFIER ::= { ciscoNacNadMIB 0 } ciscoNacNadMIBObjects OBJECT IDENTIFIER ::= { ciscoNacNadMIB 1 } ciscoNacNadMIBConformance OBJECT IDENTIFIER ::= { ciscoNacNadMIB 2 } cnnEouGlobalObjects OBJECT IDENTIFIER ::= { ciscoNacNadMIBObjects 1 } cnnEouAuthorizeLists OBJECT IDENTIFIER ::= { ciscoNacNadMIBObjects 2 } cnnEouIfMIBObjects OBJECT IDENTIFIER ::= { ciscoNacNadMIBObjects 3 } cnnEouHostMIBObjects OBJECT IDENTIFIER ::= { ciscoNacNadMIBObjects 4 } cnnEouVersion OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The version of EOU in use on the local system. Value zero indicates the version can not be determined." ::= { cnnEouGlobalObjects 1 } cnnEouEnabled OBJECT-TYPE SYNTAX TruthValue ACCESS read-only STATUS mandatory DESCRIPTION "Indicates whether the posture validation via EOU is globally enabled or disabled in the device." ::= { cnnEouGlobalObjects 2 } cnnEouAllowClientless OBJECT-TYPE SYNTAX TruthValue ACCESS read-only STATUS mandatory DESCRIPTION "Indicates whether to allow authentication of clientless hosts (system that does not run Cisco Trust Agent)." ::= { cnnEouGlobalObjects 3 } cnnEouAllowIpStationId OBJECT-TYPE SYNTAX TruthValue ACCESS read-only STATUS mandatory DESCRIPTION "It indicates whether to send the host IP address in the calling station ID field of Radius request." ::= { cnnEouGlobalObjects 4 } cnnEouLoggingEnabled OBJECT-TYPE SYNTAX TruthValue ACCESS read-only STATUS mandatory DESCRIPTION "To enable or disable EOU system logging events. Set to 'true' to enable syslog message at an informational level (syslog level 6)." ::= { cnnEouGlobalObjects 5 } cnnEouMaxRetry OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The number of maximum retry attempts for EOU." ::= { cnnEouGlobalObjects 6 } cnnEouPort OBJECT-TYPE SYNTAX InetPortNumber ACCESS read-only STATUS mandatory DESCRIPTION "The UDP port for EOU. The port cannot conflict with other UDP application. " ::= { cnnEouGlobalObjects 7 } cnnEouRateLimit OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The number of clients that can be simultaneously validated. Set the rate limit to 0 (zero), rate limiting will be turned off. If the rate limit is set to 100 and there are 101 clients, validation will not occur until one drop off." ::= { cnnEouGlobalObjects 8 } cnnEouTimeoutAAA OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Timeout period used by NAD with AAA (Authentication, Authorization and Accounting." ::= { cnnEouGlobalObjects 9 } cnnEouTimeoutHoldPeriod OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Length of time that can elapse before the client sessions are purged from the system due to client inactivity." ::= { cnnEouGlobalObjects 10 } cnnEouTimeoutRetransmit OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The timeout period for the EOU message retransmitted." ::= { cnnEouGlobalObjects 11 } cnnEouTimeoutRevalidation OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The timeout period for the revalidation. Setting this object to 0 will globally disable periodic revalidation on this device." ::= { cnnEouGlobalObjects 12 } cnnEouTimeoutStatusQuery OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The timeout period for the status query after revalidation." ::= { cnnEouGlobalObjects 13 } cnnEouAuthIpTable OBJECT-TYPE SYNTAX SEQUENCE OF CnnEouAuthIpEntry ACCESS read-only STATUS mandatory DESCRIPTION "A list of statically authorized IP devices in the system." ::= { cnnEouAuthorizeLists 1 } cnnEouAuthIpEntry OBJECT-TYPE SYNTAX CnnEouAuthIpEntry ACCESS read-only STATUS mandatory DESCRIPTION "An entry containing the associated policy information of the statically authorized IP device. An entry can be created, or deleted by using cnnEouAuthIpRowStatus. Each statically authorized IP device is associated with a policy. By creating, deleting or modifying an entry in this table, users can add, delete or modify a policy for a particular statically authorized IP device. In order to add the statically authorized IP device into exception-list and associate with the specific policy, user has to create an entry for the device." INDEX { cnnEouAuthIpAddrType , cnnEouAuthIpAddr } ::= { cnnEouAuthIpTable 1 } cnnEouAuthIpEntry ::= SEQUENCE { cnnEouAuthIpAddrType InetAddressType, cnnEouAuthIpAddr InetAddress, cnnEouAuthIpAddrMask InetAddressPrefixLength, cnnEouAuthIpPolicy SnmpAdminString, cnnEouAuthIpStorageType StorageType, cnnEouAuthIpRowStatus RowStatus } cnnEouAuthIpAddrType OBJECT-TYPE SYNTAX InetAddressType ACCESS read-only STATUS mandatory DESCRIPTION "The type of Internet address by which the statically authorized IP device is reachable." ::= { cnnEouAuthIpEntry 1 } cnnEouAuthIpAddr OBJECT-TYPE SYNTAX InetAddress ACCESS read-only STATUS mandatory DESCRIPTION "The Internet address for the statically authorized IP device. The type of this address is determined by the value of the cnnEouAuthIpAddrType object." ::= { cnnEouAuthIpEntry 2 } cnnEouAuthIpAddrMask OBJECT-TYPE SYNTAX InetAddressPrefixLength ACCESS read-only STATUS mandatory DESCRIPTION "Using 'inverse mask' to support IP wildcards. The mask used with the source IP address will specify what traffic is exempted from EAP validation. e.g. cnnEouAuthIpAddr: 10.0.0.0 cnnEouAuthIpAddrMask: 0.255.255.255 This exempts any IP in the subnet at 10.x.x.x from posture validation. cnnEouAuthIpAddr: 10.1.2.1 cnnEouAuthIpAddrMask: 0.0.0.0 This exempts host IP 10.1.2.1 from posture validation. cnnEouAuthIpAddr: 10.0.0.0 cnnEouAuthIpAddrMask: 255.255.255.255 Mask value of 255.255.255.255 will exempt ALL hosts from posture validation." ::= { cnnEouAuthIpEntry 3 } cnnEouAuthIpPolicy OBJECT-TYPE SYNTAX SnmpAdminString ACCESS read-only STATUS mandatory DESCRIPTION "The policy associate with the statically authorized IP device. The policy needs to be present in the policy-database before an statically authorized IP device can be associated to it." ::= { cnnEouAuthIpEntry 4 } cnnEouAuthIpStorageType OBJECT-TYPE SYNTAX StorageType ACCESS read-only STATUS mandatory DESCRIPTION "The storage type for this conceptual row." ::= { cnnEouAuthIpEntry 5 } cnnEouAuthIpRowStatus OBJECT-TYPE SYNTAX RowStatus ACCESS read-only STATUS mandatory DESCRIPTION "The status of this conceptual row. To create an entry, users set the value of this object to 'createAndGo'. The transition from 'active' to 'notInService' may not be supported. A row may be deleted by setting the RowStatus to 'destroy'. Once a row becomes active, values within the row cannot be modified, except by deleting and re-creating the row." ::= { cnnEouAuthIpEntry 6 } cnnEouAuthMacTable OBJECT-TYPE SYNTAX SEQUENCE OF CnnEouAuthMacEntry ACCESS read-only STATUS mandatory DESCRIPTION "A list of static authorized devices identified by MAC address." ::= { cnnEouAuthorizeLists 2 } cnnEouAuthMacEntry OBJECT-TYPE SYNTAX CnnEouAuthMacEntry ACCESS read-only STATUS mandatory DESCRIPTION "An entry containing the associated policy information of the statically authorized device identified by MAC address. The entry is created, and deleted by using cnnEouAuthMacRowStatus." INDEX { cnnEouAuthMacAddr } ::= { cnnEouAuthMacTable 1 } cnnEouAuthMacEntry ::= SEQUENCE { cnnEouAuthMacAddr MacAddress, cnnEouAuthMacAddrMask MacAddress, cnnEouAuthMacPolicy SnmpAdminString, cnnEouAuthMacStorageType StorageType, cnnEouAuthMacRowStatus RowStatus } cnnEouAuthMacAddr OBJECT-TYPE SYNTAX MacAddress ACCESS read-only STATUS mandatory DESCRIPTION "The MAC address of the static authorized device." ::= { cnnEouAuthMacEntry 1 } cnnEouAuthMacAddrMask OBJECT-TYPE SYNTAX MacAddress ACCESS read-only STATUS mandatory DESCRIPTION "Using 'inverse mask' support MAC wildcards. The mask used with the source MAC address will specify what traffic is exempted from EAP validation. e.g. cnnEouAuthMacAddr: 00:0d:bc:ef:eb:bd cnnEouAuthMacAddrMask: 00:00:ff:ff:ff:ff This exempts any MAC in the range 00:0d:00:00:00:00 from posture validation. cnnEouAuthMacAddr: 00:0d:bc:ef:eb:bd cnnEouAuthMacAddrMask: 00:00:00:00:00:00 This exempts specific MAC 00:0d:bc:ef:eb:bd from posture validation. cnnEouAuthMacAddr: 00:0d:bc:ef:eb:bd cnnEouAuthMacAddrMask: ff:ff:ff:ff:ff:ff This exempts all MAC address from posture validation." ::= { cnnEouAuthMacEntry 2 } cnnEouAuthMacPolicy OBJECT-TYPE SYNTAX SnmpAdminString ACCESS read-only STATUS mandatory DESCRIPTION "The policy associate with the statically authorized device identified by MAC address. The policy needs to be present in the policy-database before an device can be associated to it." ::= { cnnEouAuthMacEntry 3 } cnnEouAuthMacStorageType OBJECT-TYPE SYNTAX StorageType ACCESS read-only STATUS mandatory DESCRIPTION "The storage type for this conceptual row." ::= { cnnEouAuthMacEntry 4 } cnnEouAuthMacRowStatus OBJECT-TYPE SYNTAX RowStatus ACCESS read-only STATUS mandatory DESCRIPTION "The status of this conceptual row. To create an entry, users set the value of this object to 'createAndGo'. The transition from 'active' to 'notInService' may not be supported. A row may be deleted by setting the RowStatus to 'destroy'. Once a row becomes active, values within the row cannot be modified, except by deleting and re-creating the row." ::= { cnnEouAuthMacEntry 5 } cnnEouAuthDeviceTypeTable OBJECT-TYPE SYNTAX SEQUENCE OF CnnEouAuthDeviceTypeEntry ACCESS read-only STATUS mandatory DESCRIPTION "A list of static authorized devices indexed by device type." ::= { cnnEouAuthorizeLists 3 } cnnEouAuthDeviceTypeEntry OBJECT-TYPE SYNTAX CnnEouAuthDeviceTypeEntry ACCESS read-only STATUS mandatory DESCRIPTION "An entry containing the information of the static authorized device indexed by device type." INDEX { cnnEouAuthDeviceType } ::= { cnnEouAuthDeviceTypeTable 1 } cnnEouAuthDeviceTypeEntry ::= SEQUENCE { cnnEouAuthDeviceType CnnEouDeviceType, cnnEouAuthDeviceTypeStorageType StorageType, cnnEouAuthDeviceTypeRowStatus RowStatus } cnnEouAuthDeviceType OBJECT-TYPE SYNTAX INTEGER { ciscoIpPhone(1) } ACCESS read-only STATUS mandatory DESCRIPTION "The static authorize device type." ::= { cnnEouAuthDeviceTypeEntry 1 } cnnEouAuthDeviceTypeStorageType OBJECT-TYPE SYNTAX StorageType ACCESS read-only STATUS mandatory DESCRIPTION "The storage type for this conceptual row." ::= { cnnEouAuthDeviceTypeEntry 2 } cnnEouAuthDeviceTypeRowStatus OBJECT-TYPE SYNTAX RowStatus ACCESS read-only STATUS mandatory DESCRIPTION "This object is used to create or delete an entry in the cnnEouAuthDeviceTypeTable. A row may be created using the 'CreateAndGo' option. A row may be deleted by setting the RowStatus to 'destroy'. Once a row becomes active, values within the row cannot be modified, except by deleting and re-creating the row." ::= { cnnEouAuthDeviceTypeEntry 3 } cnnEouIfConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF CnnEouIfConfigEntry ACCESS read-only STATUS mandatory DESCRIPTION "A list of EOU configurations for the EOU capable interfaces." ::= { cnnEouIfMIBObjects 1 } cnnEouIfConfigEntry OBJECT-TYPE SYNTAX CnnEouIfConfigEntry ACCESS read-only STATUS mandatory DESCRIPTION "An entry containing the EOU configuration information for a particular EOU capable interface." INDEX { ifIndex } ::= { cnnEouIfConfigTable 1 } cnnEouIfConfigEntry ::= SEQUENCE { cnnEouIfAdminStatus INTEGER, cnnEouIfMaxRetry Integer32, cnnEouIfValidateAction INTEGER, cnnEouIfTimeoutGlobalConfig BITS, cnnEouIfTimeoutAAA Unsigned32, cnnEouIfTimeoutHoldPeriod Unsigned32, cnnEouIfTimeoutRetransmit Unsigned32, cnnEouIfTimeoutRevalidation Unsigned32, cnnEouIfTimeoutStatusQuery Unsigned32 } cnnEouIfAdminStatus OBJECT-TYPE SYNTAX INTEGER { auto(1), disabled(2), bypass(3) } ACCESS read-only STATUS mandatory DESCRIPTION "Setting this object to 'auto' means the Posture Validation via EOU ability at this interface would be enabled if a end point device is found. If the value of this object is 'disabled' then the interface will act as it would if it had no posture validation via EOU ability. Setting this object to 'bypass' allows the host connected to this interface this interface to bypass the Posture Validation and directly download the host network access policy from AAA server. " ::= { cnnEouIfConfigEntry 1 } cnnEouIfMaxRetry OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The maximum number of retry by EOU for this interface." ::= { cnnEouIfConfigEntry 2 } cnnEouIfValidateAction OBJECT-TYPE SYNTAX INTEGER { none(1), initialize(2), revalidate(3), noRevalidate(4) } ACCESS read-only STATUS mandatory DESCRIPTION "An EOU validate action to the devices associated with the interface. This object always has the value 'none' when read. none(1) no operation is performed. initialize(2) Manually initiates reauthentication of all the endpoint devices associated with the interface. revalidate(3) Revalidate EOU posture credentials of the devices associated with a specify interface. noRevalidate(4) Disable the revalidation of all the device associated with the interface." ::= { cnnEouIfConfigEntry 3 } cnnEouIfTimeoutGlobalConfig OBJECT-TYPE SYNTAX OCTET STRING { aaa(0), holdPeriod(1), retransmit(2), revalidation(3), statusQuery(4) } ACCESS read-only STATUS mandatory DESCRIPTION "This object indicates whether the timeout configurations on this interface are based on the corresponding global timeout configurations or not. aaa(0) If this bit is set, the value of cnnEouIfTimeoutAAA is based on the value of cnnEouTimeoutAAA. holdPeriod(1) If this bit is set, the value of cnnEouIfTimeoutHoldPeriod is based on the value of cnnEouTimeoutHoldPeriod. retransmit(2) If this bit is set, the value of cnnEouIfTimeoutRetransmit is based on the value of cnnEouTimeoutRetransmit. revalidation(3) If this bit is set, the value of cnnEouIfTimeoutRevalidation is based on the value of cnnEouTimeoutRevalidation. statusQuery(4) If this bit is set, the value of cnnEouIfTimeoutStatusQuery is based on the value of cnnEouTimeoutStatusQuery. If a bit is not set, the value of the corresponding object in the same conceptual row is not based on its corresponding global object. If users configure object which is covered by cnnEouIfTimeoutGlobalConfig in the same conceptual row while the corresponding bit is set, the corresponding bit will be unset in order to reflect that such configuration is not from its corresponding global object." ::= { cnnEouIfConfigEntry 4 } cnnEouIfTimeoutAAA OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The timeout period used by EOU for the AAA server connection on this interface." ::= { cnnEouIfConfigEntry 5 } cnnEouIfTimeoutHoldPeriod OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The hold period of this interface. The hold period is the length of the time that can elapse before the client session entries are purged from the system due to client inactivity." ::= { cnnEouIfConfigEntry 6 } cnnEouIfTimeoutRetransmit OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The timeout period for the EOU message retransmitted at this interface." ::= { cnnEouIfConfigEntry 7 } cnnEouIfTimeoutRevalidation OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The timeout period for the revalidation at this interface. Setting this object to 0 will disable periodic revalidation on this device." ::= { cnnEouIfConfigEntry 8 } cnnEouIfTimeoutStatusQuery OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The timeout period for the status query after revalidation at this interface." ::= { cnnEouIfConfigEntry 9 } cnnEouHostValidateAction OBJECT-TYPE SYNTAX INTEGER { none(1), initializeAll(2), initializeAuthClientless(3), initializeAuthEap(4), initializeAuthStatic(5), initializeIp(6), initializeMac(7), initializePostureToken(8), revalidateAll(9), revalidateAuthClientless(10), revalidateAuthEap(11), revalidateAuthStatic(12), revalidateIp(13), revalidateMac(14), revalidatePostureToken(15), noRevalidateAll(16), noRevalidateAuthClientless(17), noRevalidateAuthEap(18), noRevalidateAuthStatic(19), noRevalidateIp(20), noRevalidateMac(21), noRevalidatePostureToken(22) } ACCESS read-only STATUS mandatory DESCRIPTION "An EOU validate action to the devices. Initialize: When a device is initialized, all previous state information about that host is deleted and the admission control process for that host will start with no state. Revalidate: When a host is revalidated, state information about that host is retained so that the host still has its' normal access during the revalidation process. This object always has the value 'none' when read. none(1) no operation is performed. initializeAll(2) to manually initiates reauthentication of all endpoint devices on the system. initializeAuthClientless(3) to manually initiates reauthentication of all clientless endpoint devices. initializeAuthEap(4) to manually initiates reauthentication of all the endpoint devices authorized by Extensive Authentication Protocol. initializeAuthStatic(5) to manually initiates reauthentication of all the statically authorized endpoint devices. initializeIp(6) to manually initiates reauthentication of a specific IP device. The value in cnnEouHostValidateIpAddrType and cnnEouHostValidateIpAddr are used by this operation. initializeMac(7) to manually initiates reauthentication of the endpoint device identified by MAC address. The value in cnnEouHostValidateMacAddr is used by this operation. initializePostureToken(8) to manually initiates reauthentication of the endpoint device(s) with a specify posture token assigned. The value in cnnEouHostValidatePostureToken is used by this operation. revalidateAll(9) to revalidate EOU posture credentials of all devices on the system. revalidateAuthClientless(10) to revalidate EOU posture credentials of all clientless devices on the system. revalidateAuthEap(11) to revalidate EOU posture credentials of the devices authorized by EAP on the system. revalidateAuthStatic(12) to revalidate EOU posture credentials of all statically authorized devices on the system. revalidateIp(13) to revalidates EOU posture credentials of a specific IP device. The value in cnnEouHostValidateIpAddrType and cnnEouHostValidateIpAddr are used by this operation. revalidateMac(14) to revalidates EOU posture credentials of a specific device identified by MAC address. The value in cnnEouHostValidateMacAddr is used by this operation. revalidatePostureToken(15) to enable revalidates EOU posture credentials of the devices with the specific posture token assigned. The value in cnnEouHostValidatePostureToken is used by this operation. noRevalidateAll(16) to disable revalidation of all devices on the system. noRevalidateAuthClientless(17) to disable the revalidation of all clientless devices on the system. noRevalidateAuthEap(18) to disable the revalidation of all devices authorized by EAP on the system. noRevalidateAuthStatic(19) to disable the revalidation of all statically authorized devices on the system. noRevalidateIp(20) to disable the revalidation of the specific IP device. The value in cnnEouHostValidateIpAddrType and cnnEouHostValidateIpAddr are used by this operation. noRevalidateMac(21) to disable the revalidation of the specific device identified by MAC address. The value in cnnEouHostValidateMacAddr is used by this operation. noRevalidatePostureToken(22) to disable the revalidation of all device with the specific posture token assigned. The value in cnnEouHostValidatePostureToken is used by this operation." ::= { cnnEouHostMIBObjects 1 } cnnEouHostValidateIpAddrType OBJECT-TYPE SYNTAX InetAddressType ACCESS read-only STATUS mandatory DESCRIPTION "The type of Internet address for a detected host." ::= { cnnEouHostMIBObjects 2 } cnnEouHostValidateIpAddr OBJECT-TYPE SYNTAX InetAddress ACCESS read-only STATUS mandatory DESCRIPTION "The Internet address for a detected host. The type of this address is determined by the value of the cnnEouHostValidateIpAddrType." ::= { cnnEouHostMIBObjects 3 } cnnEouHostVailidateMacAddr OBJECT-TYPE SYNTAX MacAddress ACCESS read-only STATUS mandatory DESCRIPTION "The Mac address for a detected host." ::= { cnnEouHostMIBObjects 4 } cnnEouHostValidatePostureToken OBJECT-TYPE SYNTAX INTEGER { unknown(1), healthy(2), checkup(3), quarantine(4), infected(5) } ACCESS read-only STATUS mandatory DESCRIPTION "Type of posture token for a detected host." ::= { cnnEouHostMIBObjects 5 } cnnEouHostMaxQueries OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Maximum number of query entries allowed to be outstanding at any time, in the cnnEouHostQueryTable." ::= { cnnEouHostMIBObjects 6 } cnnEouHostQueryTable OBJECT-TYPE SYNTAX SEQUENCE OF CnnEouHostQueryEntry ACCESS read-only STATUS mandatory DESCRIPTION "A control table used to query the client host by specifying retrieval criteria for the EOU information. Each row instance in the table represents a query with its parameters. The resulting data for each instance of a query in this table is returned in the cnnHostQueryResultTable. The maximum number of entries (rows) in this table cannot exceed the value of cnnEouHostMaxQueries object." ::= { cnnEouHostMIBObjects 7 } cnnEouHostQueryEntry OBJECT-TYPE SYNTAX CnnEouHostQueryEntry ACCESS read-only STATUS mandatory DESCRIPTION "A conceptual row of the cnnEouHostQueryTable used to setup retrieval criteria to search for the EOU hosts on the system. The actual search is started by setting the value of cnnEouHostQueryStatus to 'active'. Once a row becomes active, values within the row cannot be modified, except by deleting and re-creating the row." INDEX { cnnEouHostQueryIndex } ::= { cnnEouHostQueryTable 1 } cnnEouHostQueryEntry ::= SEQUENCE { cnnEouHostQueryIndex Unsigned32, cnnEouHostQueryMask INTEGER, cnnEouHostQueryInterface InterfaceIndexOrZero, cnnEouHostQueryIpAddrType InetAddressType, cnnEouHostQueryIpAddr InetAddress, cnnEouHostQueryMacAddr MacAddress, cnnEouHostQueryPostureToken CnnEouPostureToken, cnnEouHostQuerySkipNHosts Unsigned32, cnnEouHostQueryMaxResultRows Unsigned32, cnnEouHostQueryTotalHosts Integer32, cnnEouHostQueryRows Integer32, cnnEouHostQueryCreateTime TimeStamp, cnnEouHostQueryStatus RowStatus } cnnEouHostQueryIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "An arbitrary integer in the range of 1 to cnnEouHostMaxQueries to identify this control query." ::= { cnnEouHostQueryEntry 1 } cnnEouHostQueryMask OBJECT-TYPE SYNTAX INTEGER { authenClientless(1), authenEap(2), authenStatic(3), interface(4), ip(5), mac(6), postureToken(7), all(8) } ACCESS read-only STATUS mandatory DESCRIPTION "Setting each value causes the appropriate action: 'authenClientless' causes the creation of row(s) in the cnnHostQueryResultTable corresponding to the current EOU information for the clientless host(s) on the system. 'authenEap' causes the creation of row(s) in the cnnHostQueryResultTable corresponding to the current EOU information for the hosts authorized by EAP on the system. 'authenStatic' causes the creation of row(s) in the cnnHostQueryResultTable corresponding to the current EOU information for the statically authorized hosts on the system. 'interface' causes the creation of row(s) in the cnnHostQueryResultTable corresponding to the current EOU information for the endpoint devices connected to the interface specified in cnnEouHostQueryInterface. 'ip' causes the creation of row(s) in the cnnHostQueryResultTable corresponding to the current EOU information for the IP hosts specified in cnnEouHostQueryIpAddrType and cnnEouHostQueryIpAddr. 'mac' causes the creation of row(s) in the cnnHostQueryResultTable corresponding to the current EOU information for the hosts matching the mac address specified in cnnEouHostQueryMacAddr. 'postureToken' causes the creation of row(s) in the cnnHostQueryResultTable corresponding to the current EOU information for the hosts assigned posture token specified in cnnEouHostQueryPostureToken. 'all' returns all rows corresponding to all the detected hosts in the system." ::= { cnnEouHostQueryEntry 2 } cnnEouHostQueryInterface OBJECT-TYPE SYNTAX InterfaceIndexOrZero ACCESS read-only STATUS mandatory DESCRIPTION "An index value that uniquely identifies an interface where the end point device is connected. The interface identified by a particular value of this index is the same interface as identified by the same value of ifIndex." ::= { cnnEouHostQueryEntry 3 } cnnEouHostQueryIpAddrType OBJECT-TYPE SYNTAX InetAddressType ACCESS read-only STATUS mandatory DESCRIPTION "The internet address type for the queried host." ::= { cnnEouHostQueryEntry 4 } cnnEouHostQueryIpAddr OBJECT-TYPE SYNTAX InetAddress ACCESS read-only STATUS mandatory DESCRIPTION "The Internet address for the queried host. The type of this address is determined by the value of the cnnEouHostQueryIpAddrType. If the 'ip' option of cnnEouHostQueryMask is selected, an appropriate IP address type is assigned to cnnEouHostQueryIpAddrType, and an appropriate IP address is assigned to cnnEouHostQueryIpAddr then only the IP host with the specified address will be containing in the result table." ::= { cnnEouHostQueryEntry 5 } cnnEouHostQueryMacAddr OBJECT-TYPE SYNTAX MacAddress ACCESS read-only STATUS mandatory DESCRIPTION "The Mac address for the queried host. If the 'mac' option of cnnEouHostQueryMask is selected, an appropriate MAC address is assigned to this object then only the host with the specified MAC address will be containing in the result table." ::= { cnnEouHostQueryEntry 6 } cnnEouHostQueryPostureToken OBJECT-TYPE SYNTAX INTEGER { unknown(1), healthy(2), checkup(3), quarantine(4), infected(5) } ACCESS read-only STATUS mandatory DESCRIPTION "The assigned posture token for the queried host. If the 'postureToken' option of cnnEouHostQueryMask is selected, an appropriate posture token is assigned to this object then only the host with the specified posture token will be containing in the result table." ::= { cnnEouHostQueryEntry 7 } cnnEouHostQuerySkipNHosts OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The number of searched detected hosts to be skipped before storing any host in cnnEouHostResultTable. This object can be used along with cnnEouHostQueryTotalHosts object to skip previously found hosts by setting the variable equal to the number of the associated rows in cnnEouHostResultTable, and only query the remaining hosts in the table. Note that due to the dynamical nature of the EOU, the queried hosts may be missed or repeated by setting this object." ::= { cnnEouHostQueryEntry 8 } cnnEouHostQueryMaxResultRows OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "This is the maximum number of rows in the cnnEouHostResultTable, resulting from this query. A value of zero (0) indicates no limit rows in cnnEouHostResultTable, resulting from this query." ::= { cnnEouHostQueryEntry 9 } cnnEouHostQueryTotalHosts OBJECT-TYPE SYNTAX INTEGER (-1..2147483647) ACCESS read-only STATUS mandatory DESCRIPTION "Indicating the total number of the hosts matching the query criterion. -1 - Either the query has not been started or the agent is still processing this query instance. It is the default value when the row is instantiated. 0..2147483647 - The search has ended and this is the number of host matching the query criterion." ::= { cnnEouHostQueryEntry 10 } cnnEouHostQueryRows OBJECT-TYPE SYNTAX INTEGER (-1..2147483647) ACCESS read-only STATUS mandatory DESCRIPTION "Indicating the status of the query by following values: -1 - Either the query has not been started or the agent is still processing this query instance. It is the default value when the row is instantiated. 0..2147483647 - The search has ended and this is the number of rows in the cnnEouHostResultTable, resulting from this query." ::= { cnnEouHostQueryEntry 11 } cnnEouHostQueryCreateTime OBJECT-TYPE SYNTAX TimeStamp ACCESS read-only STATUS mandatory DESCRIPTION "Time when this query was last set to active." ::= { cnnEouHostQueryEntry 12 } cnnEouHostQueryStatus OBJECT-TYPE SYNTAX RowStatus ACCESS read-only STATUS mandatory DESCRIPTION "The status object used to manage rows in this table. When set to 'createAndGo', the query is initiated. The completion of the query is indicated by the value of cnnEouHostQueryRows as soon as it becomes greater than or equal to 0. Once a row becomes active, values within the row cannot be modified, except by deleting and re-creating it." ::= { cnnEouHostQueryEntry 13 } cnnEouHostResultTable OBJECT-TYPE SYNTAX SEQUENCE OF CnnEouHostResultEntry ACCESS read-only STATUS mandatory DESCRIPTION "A table containing current detected host information corresponding to all the completed queries set up in the cnnEouHostQueryTable, that were detected in the device. The query result will not become available until the current search completes." ::= { cnnEouHostMIBObjects 8 } cnnEouHostResultEntry OBJECT-TYPE SYNTAX CnnEouHostResultEntry ACCESS read-only STATUS mandatory DESCRIPTION "A conceptual row of cnnEouHostResultTable, containing posture validation information of an detected host that matches the search criteria set in the corresponding row of cnnEouHostQueryTable." INDEX { cnnEouHostQueryIndex , cnnEouHostResultIndex } ::= { cnnEouHostResultTable 1 } cnnEouHostResultEntry ::= SEQUENCE { cnnEouHostResultIndex Unsigned32, cnnEouHostResultAssocIf InterfaceIndex, cnnEouHostResultIpAddrType InetAddressType, cnnEouHostResultIpAddr InetAddress, cnnEouHostResultMacAddr MacAddress, cnnEouHostResultAuthType CnnEouAuthType, cnnEouHostResultPostureToken CnnEouPostureToken, cnnEouHostResultAge Unsigned32, cnnEouHostResultUrlRedir CiscoURLString, cnnEouHostResultAclName SnmpAdminString, cnnEouHostResultStatusQryPeriod Unsigned32, cnnEouHostResultRevalidatePeriod Unsigned32, cnnEouHostResultState CnnEouState } cnnEouHostResultIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "A number which uniquely identifies a result entry matching a particular query." ::= { cnnEouHostResultEntry 1 } cnnEouHostResultAssocIf OBJECT-TYPE SYNTAX InterfaceIndex ACCESS read-only STATUS mandatory DESCRIPTION "An index value that uniquely identifies an interface where the end point device is currently connected. The interface identified by a particular value of this index is the same interface as identified by the same value of ifIndex." ::= { cnnEouHostResultEntry 2 } cnnEouHostResultIpAddrType OBJECT-TYPE SYNTAX InetAddressType ACCESS read-only STATUS mandatory DESCRIPTION "The type of Internet address by which the detected host is reachable." ::= { cnnEouHostResultEntry 3 } cnnEouHostResultIpAddr OBJECT-TYPE SYNTAX InetAddress ACCESS read-only STATUS mandatory DESCRIPTION "The internet address for the detected host. The type of this address is determined by the value of the cnnEouHostResultIpAddrType object." ::= { cnnEouHostResultEntry 4 } cnnEouHostResultMacAddr OBJECT-TYPE SYNTAX MacAddress ACCESS read-only STATUS mandatory DESCRIPTION "Indicates The MAC address of the detected host." ::= { cnnEouHostResultEntry 5 } cnnEouHostResultAuthType OBJECT-TYPE SYNTAX INTEGER { clientless(1), eap(2), static(3) } ACCESS read-only STATUS mandatory DESCRIPTION "This object indicates the authentication type used in the posture validation process for this detected host." ::= { cnnEouHostResultEntry 6 } cnnEouHostResultPostureToken OBJECT-TYPE SYNTAX INTEGER { unknown(1), healthy(2), checkup(3), quarantine(4), infected(5) } ACCESS read-only STATUS mandatory DESCRIPTION "Indicates the posture token of the detected host. During the posture validation process, the host will be placed into a particular category and have a token assigned to it. This assignment will depend on the state of the software that is resident on the host. The host will have specific right to access network based on the token assigned." ::= { cnnEouHostResultEntry 7 } cnnEouHostResultAge OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Indicates the length of time, in minutes, that host has been connected." ::= { cnnEouHostResultEntry 8 } cnnEouHostResultUrlRedir OBJECT-TYPE SYNTAX CiscoURLString ACCESS read-only STATUS mandatory DESCRIPTION "This object specifies the URL(Web page) where the latest Anti-Virus file can be downloaded or upgraded, if the detected host fails the credential validation then it may require remediation." ::= { cnnEouHostResultEntry 9 } cnnEouHostResultAclName OBJECT-TYPE SYNTAX SnmpAdminString ACCESS read-only STATUS mandatory DESCRIPTION "The mapped ACL to this detected host. A character string for an ACL (Access Control List) name. Valid characters are a-z, A-Z, 0-9, ,'#', '-', '_' and '.'. Some devices may require that an ACL name contains at least one non-numeric character. ACL name is case sensitive." ::= { cnnEouHostResultEntry 10 } cnnEouHostResultStatusQryPeriod OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The timeout period, in seconds, for the status query after revalidation at this interface." ::= { cnnEouHostResultEntry 11 } cnnEouHostResultRevalidatePeriod OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The timeout period, in second, for the revalidation at this interface." ::= { cnnEouHostResultEntry 12 } cnnEouHostResultState OBJECT-TYPE SYNTAX INTEGER { initialize(1), hello(2), clientless(3), eapRequest(4), response(5), authenticated(6), fail(7), abort(8) } ACCESS read-only STATUS mandatory DESCRIPTION "Indicates the current EOU state of this detected host." ::= { cnnEouHostResultEntry 13 } ciscoNacNadMIBCompliances OBJECT IDENTIFIER ::= { ciscoNacNadMIBConformance 1 } ciscoNacNadMIBGroups OBJECT IDENTIFIER ::= { ciscoNacNadMIBConformance 2 } ciscoNacNadEouGlobalGroup OBJECT IDENTIFIER ::= { ciscoNacNadMIBGroups 1 } ciscoNacNadEouAuthIpGroup OBJECT IDENTIFIER ::= { ciscoNacNadMIBGroups 2 } ciscoNacNadEouAuthMacGroup OBJECT IDENTIFIER ::= { ciscoNacNadMIBGroups 3 } ciscoNacNadEouAuthDeviceTypeGrp OBJECT IDENTIFIER ::= { ciscoNacNadMIBGroups 4 } ciscoNacNadEouIfConfigGroup OBJECT IDENTIFIER ::= { ciscoNacNadMIBGroups 5 } ciscoNacNadEouHostGroup OBJECT IDENTIFIER ::= { ciscoNacNadMIBGroups 6 } ciscoNacNadEouIfTimeoutGroup OBJECT IDENTIFIER ::= { ciscoNacNadMIBGroups 7 } ciscoNacNadEouIfMaxRetryGroup OBJECT IDENTIFIER ::= { ciscoNacNadMIBGroups 8 } ciscoNacNadEouRateLimitGroup OBJECT IDENTIFIER ::= { ciscoNacNadMIBGroups 9 } ciscoNacNadEouIfAdminGroup OBJECT IDENTIFIER ::= { ciscoNacNadMIBGroups 10 } ciscoNacNadEouHostAgeGroup OBJECT IDENTIFIER ::= { ciscoNacNadMIBGroups 11 } ciscoNacNadEouHostUrlRedir OBJECT IDENTIFIER ::= { ciscoNacNadMIBGroups 12 } ciscoNacNadEouHostAclGroup OBJECT IDENTIFIER ::= { ciscoNacNadMIBGroups 13 } END