mirror of
https://github.com/hsnodgrass/snmp_mib_archive.git
synced 2025-04-18 00:13:02 +00:00
1752 lines
45 KiB
INI
Executable File
1752 lines
45 KiB
INI
Executable File
#-MIBFILE: cisco-nac-nad.mib
|
|
|
|
CISCO-NAC-NAD-MIB DEFINITIONS ::= BEGIN
|
|
|
|
|
|
DisplayString ::=
|
|
OCTET STRING (SIZE(0..255))
|
|
|
|
PhysAddress ::=
|
|
OCTET STRING
|
|
|
|
MacAddress ::=
|
|
OCTET STRING (SIZE(6))
|
|
|
|
TruthValue ::=
|
|
INTEGER {
|
|
true(1),
|
|
false(2)
|
|
}
|
|
|
|
TestAndIncr ::=
|
|
INTEGER (0..2147483647)
|
|
|
|
AutonomousType ::=
|
|
OBJECT IDENTIFIER
|
|
|
|
InstancePointer ::=
|
|
OBJECT IDENTIFIER
|
|
|
|
VariablePointer ::=
|
|
OBJECT IDENTIFIER
|
|
|
|
RowPointer ::=
|
|
OBJECT IDENTIFIER
|
|
|
|
RowStatus ::=
|
|
INTEGER {
|
|
active(1),
|
|
notInService(2),
|
|
notReady(3),
|
|
createAndGo(4),
|
|
createAndWait(5),
|
|
destroy(6)
|
|
}
|
|
|
|
TimeStamp ::=
|
|
TimeTicks
|
|
|
|
TimeInterval ::=
|
|
INTEGER (0..2147483647)
|
|
|
|
DateAndTime ::=
|
|
OCTET STRING (SIZE(8|11))
|
|
|
|
StorageType ::=
|
|
INTEGER {
|
|
other(1),
|
|
volatile(2),
|
|
nonVolatile(3),
|
|
permanent(4),
|
|
readOnly(5)
|
|
}
|
|
|
|
TDomain ::=
|
|
OBJECT IDENTIFIER
|
|
|
|
TAddress ::=
|
|
OCTET STRING (SIZE(1..255))
|
|
|
|
OwnerString ::=
|
|
OCTET STRING (SIZE(0..255))
|
|
|
|
InterfaceIndex ::=
|
|
INTEGER (1..2147483647)
|
|
|
|
InterfaceIndexOrZero ::=
|
|
INTEGER (0..2147483647)
|
|
|
|
mib-2 OBJECT IDENTIFIER ::= { mgmt 1 }
|
|
interfaces OBJECT IDENTIFIER ::= { mib-2 2 }
|
|
ifTable OBJECT IDENTIFIER ::= { interfaces 2 }
|
|
ifEntry OBJECT IDENTIFIER ::= { ifTable 1 }
|
|
ifIndex OBJECT IDENTIFIER ::= { ifEntry 1 }
|
|
interfaces OBJECT IDENTIFIER ::= { mib-2 2 }
|
|
InetAddressType ::=
|
|
INTEGER {
|
|
unknown(0),
|
|
ipv4(1),
|
|
ipv6(2),
|
|
ipv4z(3),
|
|
ipv6z(4),
|
|
dns(16)
|
|
}
|
|
|
|
InetAddress ::=
|
|
OCTET STRING (SIZE(0..255))
|
|
|
|
InetAddressIPv4 ::=
|
|
OCTET STRING (SIZE(4))
|
|
|
|
InetAddressIPv6 ::=
|
|
OCTET STRING (SIZE(16))
|
|
|
|
InetAddressIPv4z ::=
|
|
OCTET STRING (SIZE(8))
|
|
|
|
InetAddressIPv6z ::=
|
|
OCTET STRING (SIZE(20))
|
|
|
|
InetAddressDNS ::=
|
|
OCTET STRING (SIZE(1..255))
|
|
|
|
InetAddressPrefixLength ::=
|
|
OCTET STRING
|
|
|
|
InetPortNumber ::=
|
|
OCTET STRING
|
|
|
|
InetAutonomousSystemNumber ::=
|
|
OCTET STRING
|
|
|
|
InetScopeType ::=
|
|
INTEGER {
|
|
interfaceLocal(1),
|
|
linkLocal(2),
|
|
subnetLocal(3),
|
|
adminLocal(4),
|
|
siteLocal(5),
|
|
organizationLocal(8),
|
|
global(14)
|
|
}
|
|
|
|
InetZoneIndex ::=
|
|
OCTET STRING
|
|
|
|
InetVersion ::=
|
|
INTEGER {
|
|
unknown(0),
|
|
ipv4(1),
|
|
ipv6(2)
|
|
}
|
|
|
|
SnmpEngineID ::=
|
|
OCTET STRING (SIZE(5..32))
|
|
|
|
SnmpSecurityModel ::=
|
|
INTEGER (0..2147483647)
|
|
|
|
SnmpMessageProcessingModel ::=
|
|
INTEGER (0..2147483647)
|
|
|
|
SnmpSecurityLevel ::=
|
|
INTEGER {
|
|
noAuthNoPriv(1),
|
|
authNoPriv(2),
|
|
authPriv(3)
|
|
}
|
|
|
|
SnmpAdminString ::=
|
|
OCTET STRING (SIZE(0..255))
|
|
|
|
CiscoNetworkProtocol ::=
|
|
INTEGER {
|
|
ip(1),
|
|
decnet(2),
|
|
pup(3),
|
|
chaos(4),
|
|
xns(5),
|
|
x121(6),
|
|
appletalk(7),
|
|
clns(8),
|
|
lat(9),
|
|
vines(10),
|
|
cons(11),
|
|
apollo(12),
|
|
stun(13),
|
|
novell(14),
|
|
qllc(15),
|
|
snapshot(16),
|
|
atmIlmi(17),
|
|
bstun(18),
|
|
x25pvc(19),
|
|
ipv6(20),
|
|
cdm(21),
|
|
nbf(22),
|
|
bpxIgx(23),
|
|
clnsPfx(24),
|
|
http(25),
|
|
unknown(65535)
|
|
}
|
|
|
|
CiscoNetworkAddress ::=
|
|
OCTET STRING
|
|
|
|
Unsigned64 ::=
|
|
OCTET STRING
|
|
|
|
SAPType ::=
|
|
INTEGER (0..254)
|
|
|
|
CountryCode ::=
|
|
OCTET STRING (SIZE(0|2))
|
|
|
|
CountryCodeITU ::=
|
|
OCTET STRING
|
|
|
|
EntPhysicalIndexOrZero ::=
|
|
INTEGER (0..2147483647)
|
|
|
|
CiscoRowOperStatus ::=
|
|
INTEGER {
|
|
active(1),
|
|
activeDependencies(2),
|
|
inactiveDependency(3),
|
|
missingDependency(4)
|
|
}
|
|
|
|
CiscoPort ::=
|
|
INTEGER (0..65535)
|
|
|
|
CiscoIpProtocol ::=
|
|
INTEGER (0..255)
|
|
|
|
CiscoLocationClass ::=
|
|
INTEGER {
|
|
chassis(1),
|
|
shelf(2),
|
|
slot(3),
|
|
subSlot(4),
|
|
port(5),
|
|
subPort(6),
|
|
channel(7),
|
|
subChannel(8)
|
|
}
|
|
|
|
CiscoLocationSpecifier ::=
|
|
OCTET STRING (SIZE(0..255))
|
|
|
|
CiscoInetAddressMask ::=
|
|
OCTET STRING
|
|
|
|
CiscoAbsZeroBasedCounter32 ::=
|
|
Gauge
|
|
|
|
CiscoSnapShotAbsCounter32 ::=
|
|
OCTET STRING
|
|
|
|
CiscoAlarmSeverity ::=
|
|
INTEGER {
|
|
cleared(1),
|
|
indeterminate(2),
|
|
critical(3),
|
|
major(4),
|
|
minor(5),
|
|
warning(6),
|
|
info(7)
|
|
}
|
|
|
|
PerfHighIntervalCount ::=
|
|
OCTET STRING
|
|
|
|
ConfigIterator ::=
|
|
OCTET STRING
|
|
|
|
BulkConfigResult ::=
|
|
OCTET STRING (SIZE(0..255))
|
|
|
|
ListIndex ::=
|
|
INTEGER (1..2147483647)
|
|
|
|
ListIndexOrZero ::=
|
|
INTEGER (0..2147483647)
|
|
|
|
TimeIntervalSec ::=
|
|
OCTET STRING
|
|
|
|
TimeIntervalMin ::=
|
|
OCTET STRING
|
|
|
|
CiscoMilliSeconds ::=
|
|
OCTET STRING
|
|
|
|
MicroSeconds ::=
|
|
OCTET STRING
|
|
|
|
CiscoPortList ::=
|
|
OCTET STRING (SIZE(0..256))
|
|
|
|
CiscoPortListRange ::=
|
|
INTEGER {
|
|
oneto2k(1),
|
|
twoKto4K(2),
|
|
fourKto6K(3),
|
|
sixKto8K(4),
|
|
eightKto10K(5),
|
|
tenKto12K(6),
|
|
twelveKto14K(7),
|
|
fourteenKto16K(8)
|
|
}
|
|
|
|
IfOperStatusReason ::=
|
|
INTEGER {
|
|
other(1),
|
|
none(2),
|
|
hwFailure(3),
|
|
loopbackDiagFailure(4),
|
|
errorDisabled(5),
|
|
swFailure(6),
|
|
linkFailure(7),
|
|
offline(8),
|
|
nonParticipating(9),
|
|
initializing(10),
|
|
vsanInactive(11),
|
|
adminDown(12),
|
|
channelAdminDown(13),
|
|
channelOperSuspended(14),
|
|
channelConfigurationInProgress(15),
|
|
rcfInProgress(16),
|
|
elpFailureIsolation(17),
|
|
escFailureIsolation(18),
|
|
domainOverlapIsolation(19),
|
|
domainAddrAssignFailureIsolation(20),
|
|
domainOtherSideEportIsolation(21),
|
|
domainInvalidRcfReceived(22),
|
|
domainManagerDisabled(23),
|
|
zoneMergeFailureIsolation(24),
|
|
vsanMismatchIsolation(25),
|
|
parentDown(26),
|
|
srcPortNotBound(27),
|
|
interfaceRemoved(28),
|
|
fcotNotPresent(29),
|
|
fcotVendorNotSupported(30),
|
|
incompatibleAdminMode(31),
|
|
incompatibleAdminSpeed(32),
|
|
suspendedByMode(33),
|
|
suspendedBySpeed(34),
|
|
suspendedByWWN(35),
|
|
domainMaxReTxFailure(36),
|
|
eppFailure(37),
|
|
portVsanMismatchIsolation(38),
|
|
loopbackIsolation(39),
|
|
upgradeInProgress(40),
|
|
incompatibleAdminRxBbCredit(41),
|
|
incompatibleAdminRxBufferSize(42),
|
|
portChannelMembersDown(43),
|
|
zoneRemoteNoRespIsolation(44),
|
|
firstPortUpAsEport(45),
|
|
firstPortNotUp(46),
|
|
peerFCIPPortClosedConnection(47),
|
|
peerFCIPPortResetConnection(48),
|
|
fcipPortMaxReTx(49),
|
|
fcipPortKeepAliveTimerExpire(50),
|
|
fcipPortPersistTimerExpire(51),
|
|
fcipPortSrcLinkDown(52),
|
|
fcipPortSrcAdminDown(53),
|
|
fcipPortAdminCfgChange(54),
|
|
fcipSrcPortRemoved(55),
|
|
fcipSrcModuleNotOnline(56),
|
|
invalidConfig(57),
|
|
portBindFailure(58),
|
|
portFabricBindFailure(59),
|
|
noCommonVsanIsolation(60),
|
|
ficonVsanDown(61),
|
|
invalidAttachment(62),
|
|
portBlocked(63),
|
|
incomAdminRxBbCreditPerBuf(64),
|
|
tooManyInvalidFlogis(65),
|
|
deniedDueToPortBinding(66),
|
|
elpFailureRevMismatch(67),
|
|
elpFailureClassFParamErr(68),
|
|
elpFailureClassNParamErr(69),
|
|
elpFailureUnknownFlowCtlCode(70),
|
|
elpFailureInvalidFlowCtlParam(71),
|
|
elpFailureInvalidPortName(72),
|
|
elpFailureInvalidSwitchName(73),
|
|
elpFailureRatovEdtovMismatch(74),
|
|
elpFailureLoopbackDetected(75),
|
|
elpFailureInvalidTxBbCredit(76),
|
|
elpFailureInvalidPayloadSize(77),
|
|
bundleMisCfg(78),
|
|
bitErrRuntimeThreshExceeded(79),
|
|
linkFailLinkReset(80),
|
|
linkFailPortInitFail(81),
|
|
linkFailPortUnusable(82),
|
|
linkFailLossOfSignal(83),
|
|
linkFailLossOfSync(84),
|
|
linkFailNosRcvd(85),
|
|
linkFailOlsRcvd(86),
|
|
linkFailDebounceTimeout(87),
|
|
linkFailLrRcvd(88),
|
|
linkFailCreditLoss(89),
|
|
linkFailRxQOverflow(90),
|
|
linkFailTooManyInterrupts(91),
|
|
linkFailLipRcvdBb(92),
|
|
linkFailBbCreditLoss(93),
|
|
linkFailOpenPrimSignalTimeout(94),
|
|
linkFailOpenPrimSignalReturned(95),
|
|
linkFailLipF8Rcvd(96),
|
|
linkFailLineCardPortShutdown(97),
|
|
fcspAuthenfailure(98),
|
|
fcotChecksumError(99),
|
|
ohmsExtLoopbackTest(100),
|
|
invalidFabricBindExchange(101),
|
|
tovMismatch(102),
|
|
ficonNotEnabled(103),
|
|
ficonNoPortNumber(104),
|
|
ficonBeingEnabled(105),
|
|
ePortProhibited(106),
|
|
portGracefulShutdown(107),
|
|
trunkNotFullyActive(108),
|
|
fabricBindingSwitchWwnNotFound(109),
|
|
fabricBindingDomainInvalid(110),
|
|
fabricBindingDbMismatch(111),
|
|
fabricBindingNoRspFromPeer(112),
|
|
dpvmVsanSuspended(113),
|
|
dpvmVsanNotFound(114),
|
|
trackedPortDown(115),
|
|
ecSuspendedOnLoop(116),
|
|
isolateBundleMisCfg(117),
|
|
noPeerBundleSupport(118),
|
|
portBringupIsolation(119),
|
|
domainNotAllowedIsolated(120),
|
|
virtualIvrDomainOverlapIsolation(121),
|
|
outOfService(122),
|
|
portAuthFailed(123),
|
|
bundleStandby(124),
|
|
portConnectorTypeErr(125),
|
|
errorDisabledReInitLmtReached(126),
|
|
ficonDupPortNum(127),
|
|
localRcf(128),
|
|
twoSwitchesWithSameWWN(129),
|
|
invalidOtherSidePrincEFPReqRecd(130),
|
|
domainOther(131)
|
|
}
|
|
|
|
EntLogicalIndexOrZero ::=
|
|
INTEGER (0..2147483647)
|
|
|
|
CiscoURLString ::=
|
|
OCTET STRING (SIZE(1..255))
|
|
|
|
CiscoHTTPResponseStatusCode ::=
|
|
OCTET STRING
|
|
|
|
CvE164Address ::=
|
|
OCTET STRING (SIZE(1..128))
|
|
|
|
cisco OBJECT IDENTIFIER ::= { enterprises 9 }
|
|
ciscoMgmt OBJECT IDENTIFIER ::= { cisco 9 }
|
|
CnnEouPostureToken ::=
|
|
INTEGER {
|
|
unknown(1),
|
|
healthy(2),
|
|
checkup(3),
|
|
quarantine(4),
|
|
infected(5)
|
|
}
|
|
|
|
CnnEouState ::=
|
|
INTEGER {
|
|
initialize(1),
|
|
hello(2),
|
|
clientless(3),
|
|
eapRequest(4),
|
|
response(5),
|
|
authenticated(6),
|
|
fail(7),
|
|
abort(8)
|
|
}
|
|
|
|
CnnEouAuthType ::=
|
|
INTEGER {
|
|
clientless(1),
|
|
eap(2),
|
|
static(3)
|
|
}
|
|
|
|
CnnEouDeviceType ::=
|
|
INTEGER {
|
|
ciscoIpPhone(1)
|
|
}
|
|
|
|
ciscoNacNadMIB OBJECT IDENTIFIER ::= { ciscoMgmt 484 }
|
|
|
|
ciscoNacNadMIBNotifs OBJECT IDENTIFIER ::= { ciscoNacNadMIB 0 }
|
|
|
|
ciscoNacNadMIBObjects OBJECT IDENTIFIER ::= { ciscoNacNadMIB 1 }
|
|
|
|
ciscoNacNadMIBConformance OBJECT IDENTIFIER ::= { ciscoNacNadMIB 2 }
|
|
|
|
cnnEouGlobalObjects OBJECT IDENTIFIER ::= { ciscoNacNadMIBObjects 1 }
|
|
|
|
cnnEouAuthorizeLists OBJECT IDENTIFIER ::= { ciscoNacNadMIBObjects 2 }
|
|
|
|
cnnEouIfMIBObjects OBJECT IDENTIFIER ::= { ciscoNacNadMIBObjects 3 }
|
|
|
|
cnnEouHostMIBObjects OBJECT IDENTIFIER ::= { ciscoNacNadMIBObjects 4 }
|
|
|
|
cnnEouVersion OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The version of EOU in use on the local system.
|
|
Value zero indicates the version can not be determined."
|
|
::= { cnnEouGlobalObjects 1 }
|
|
|
|
|
|
cnnEouEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Indicates whether the posture validation via EOU is globally
|
|
enabled or disabled in the device."
|
|
::= { cnnEouGlobalObjects 2 }
|
|
|
|
|
|
cnnEouAllowClientless OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Indicates whether to allow authentication of clientless
|
|
hosts (system that does not run Cisco Trust Agent)."
|
|
::= { cnnEouGlobalObjects 3 }
|
|
|
|
|
|
cnnEouAllowIpStationId OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "It indicates whether to send the host IP address in the
|
|
calling station ID field of Radius request."
|
|
::= { cnnEouGlobalObjects 4 }
|
|
|
|
|
|
cnnEouLoggingEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "To enable or disable EOU system logging events.
|
|
|
|
Set to 'true' to enable syslog message at an informational level
|
|
(syslog level 6)."
|
|
::= { cnnEouGlobalObjects 5 }
|
|
|
|
|
|
cnnEouMaxRetry OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The number of maximum retry attempts for EOU."
|
|
::= { cnnEouGlobalObjects 6 }
|
|
|
|
|
|
cnnEouPort OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The UDP port for EOU. The port cannot conflict with
|
|
other UDP application. "
|
|
::= { cnnEouGlobalObjects 7 }
|
|
|
|
|
|
cnnEouRateLimit OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The number of clients that can be simultaneously
|
|
validated.
|
|
|
|
Set the rate limit to 0 (zero), rate limiting will be
|
|
turned off.
|
|
|
|
If the rate limit is set to 100 and there are 101 clients,
|
|
validation will not occur until one drop off."
|
|
::= { cnnEouGlobalObjects 8 }
|
|
|
|
|
|
cnnEouTimeoutAAA OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Timeout period used by NAD with AAA (Authentication,
|
|
Authorization and Accounting."
|
|
::= { cnnEouGlobalObjects 9 }
|
|
|
|
|
|
cnnEouTimeoutHoldPeriod OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Length of time that can elapse before the client sessions
|
|
are purged from the system due to client inactivity."
|
|
::= { cnnEouGlobalObjects 10 }
|
|
|
|
|
|
cnnEouTimeoutRetransmit OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The timeout period for the EOU message retransmitted."
|
|
::= { cnnEouGlobalObjects 11 }
|
|
|
|
|
|
cnnEouTimeoutRevalidation OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The timeout period for the revalidation. Setting this object
|
|
to 0 will globally disable periodic revalidation on this
|
|
device."
|
|
::= { cnnEouGlobalObjects 12 }
|
|
|
|
|
|
cnnEouTimeoutStatusQuery OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The timeout period for the status query after revalidation."
|
|
::= { cnnEouGlobalObjects 13 }
|
|
|
|
|
|
cnnEouAuthIpTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CnnEouAuthIpEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "A list of statically authorized IP devices in the system."
|
|
::= { cnnEouAuthorizeLists 1 }
|
|
|
|
|
|
cnnEouAuthIpEntry OBJECT-TYPE
|
|
SYNTAX CnnEouAuthIpEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "An entry containing the associated policy information of
|
|
the statically authorized IP device. An entry can be created,
|
|
or deleted by using cnnEouAuthIpRowStatus.
|
|
|
|
Each statically authorized IP device is associated with a
|
|
policy. By creating, deleting or modifying an entry in this
|
|
table, users can add, delete or modify a policy for a particular
|
|
statically authorized IP device.
|
|
|
|
In order to add the statically authorized IP device into
|
|
exception-list and associate with the specific policy, user has
|
|
to create an entry for the device."
|
|
INDEX { cnnEouAuthIpAddrType , cnnEouAuthIpAddr }
|
|
|
|
::= { cnnEouAuthIpTable 1 }
|
|
|
|
cnnEouAuthIpEntry ::=
|
|
SEQUENCE {
|
|
cnnEouAuthIpAddrType InetAddressType,
|
|
cnnEouAuthIpAddr InetAddress,
|
|
cnnEouAuthIpAddrMask InetAddressPrefixLength,
|
|
cnnEouAuthIpPolicy SnmpAdminString,
|
|
cnnEouAuthIpStorageType StorageType,
|
|
cnnEouAuthIpRowStatus RowStatus
|
|
}
|
|
|
|
cnnEouAuthIpAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The type of Internet address by which the statically
|
|
authorized IP device is reachable."
|
|
::= { cnnEouAuthIpEntry 1 }
|
|
|
|
|
|
cnnEouAuthIpAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The Internet address for the statically authorized IP device.
|
|
The type of this address is determined by the value of the
|
|
cnnEouAuthIpAddrType object."
|
|
::= { cnnEouAuthIpEntry 2 }
|
|
|
|
|
|
cnnEouAuthIpAddrMask OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Using 'inverse mask' to support IP wildcards. The mask used
|
|
with the source IP address will specify what traffic is exempted
|
|
from EAP validation.
|
|
|
|
e.g. cnnEouAuthIpAddr: 10.0.0.0
|
|
cnnEouAuthIpAddrMask: 0.255.255.255
|
|
This exempts any IP in the subnet at 10.x.x.x from posture
|
|
validation.
|
|
|
|
cnnEouAuthIpAddr: 10.1.2.1
|
|
cnnEouAuthIpAddrMask: 0.0.0.0
|
|
This exempts host IP 10.1.2.1 from posture validation.
|
|
|
|
cnnEouAuthIpAddr: 10.0.0.0
|
|
cnnEouAuthIpAddrMask: 255.255.255.255
|
|
Mask value of 255.255.255.255 will exempt ALL hosts from
|
|
posture validation."
|
|
::= { cnnEouAuthIpEntry 3 }
|
|
|
|
|
|
cnnEouAuthIpPolicy OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The policy associate with the statically authorized IP
|
|
device. The policy needs to be present in the policy-database
|
|
before an statically authorized IP device can be associated
|
|
to it."
|
|
::= { cnnEouAuthIpEntry 4 }
|
|
|
|
|
|
cnnEouAuthIpStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The storage type for this conceptual row."
|
|
::= { cnnEouAuthIpEntry 5 }
|
|
|
|
|
|
cnnEouAuthIpRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The status of this conceptual row.
|
|
|
|
To create an entry, users set the value of this object to
|
|
'createAndGo'.
|
|
|
|
The transition from 'active' to 'notInService' may not be
|
|
supported.
|
|
|
|
A row may be deleted by setting the RowStatus to 'destroy'.
|
|
|
|
Once a row becomes active, values within the row cannot be
|
|
modified, except by deleting and re-creating the row."
|
|
::= { cnnEouAuthIpEntry 6 }
|
|
|
|
|
|
cnnEouAuthMacTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CnnEouAuthMacEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "A list of static authorized devices identified by MAC address."
|
|
::= { cnnEouAuthorizeLists 2 }
|
|
|
|
|
|
cnnEouAuthMacEntry OBJECT-TYPE
|
|
SYNTAX CnnEouAuthMacEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "An entry containing the associated policy information of
|
|
the statically authorized device identified by MAC address.
|
|
The entry is created, and deleted by using
|
|
cnnEouAuthMacRowStatus."
|
|
INDEX { cnnEouAuthMacAddr }
|
|
|
|
::= { cnnEouAuthMacTable 1 }
|
|
|
|
cnnEouAuthMacEntry ::=
|
|
SEQUENCE {
|
|
cnnEouAuthMacAddr MacAddress,
|
|
cnnEouAuthMacAddrMask MacAddress,
|
|
cnnEouAuthMacPolicy SnmpAdminString,
|
|
cnnEouAuthMacStorageType StorageType,
|
|
cnnEouAuthMacRowStatus RowStatus
|
|
}
|
|
|
|
cnnEouAuthMacAddr OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The MAC address of the static authorized device."
|
|
::= { cnnEouAuthMacEntry 1 }
|
|
|
|
|
|
cnnEouAuthMacAddrMask OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Using 'inverse mask' support MAC wildcards. The mask used
|
|
with the source MAC address will specify what traffic is
|
|
exempted from EAP validation.
|
|
e.g. cnnEouAuthMacAddr: 00:0d:bc:ef:eb:bd
|
|
cnnEouAuthMacAddrMask: 00:00:ff:ff:ff:ff
|
|
This exempts any MAC in the range 00:0d:00:00:00:00 from
|
|
posture validation.
|
|
|
|
cnnEouAuthMacAddr: 00:0d:bc:ef:eb:bd
|
|
cnnEouAuthMacAddrMask: 00:00:00:00:00:00
|
|
This exempts specific MAC 00:0d:bc:ef:eb:bd from posture
|
|
validation.
|
|
|
|
cnnEouAuthMacAddr: 00:0d:bc:ef:eb:bd
|
|
cnnEouAuthMacAddrMask: ff:ff:ff:ff:ff:ff
|
|
This exempts all MAC address from posture validation."
|
|
::= { cnnEouAuthMacEntry 2 }
|
|
|
|
|
|
cnnEouAuthMacPolicy OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The policy associate with the statically authorized device
|
|
identified by MAC address. The policy needs to be present
|
|
in the policy-database before an device can be associated to
|
|
it."
|
|
::= { cnnEouAuthMacEntry 3 }
|
|
|
|
|
|
cnnEouAuthMacStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The storage type for this conceptual row."
|
|
::= { cnnEouAuthMacEntry 4 }
|
|
|
|
|
|
cnnEouAuthMacRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The status of this conceptual row.
|
|
|
|
To create an entry, users set the value of this object to
|
|
'createAndGo'.
|
|
|
|
The transition from 'active' to 'notInService' may not be
|
|
supported.
|
|
|
|
A row may be deleted by setting the RowStatus to 'destroy'.
|
|
|
|
Once a row becomes active, values within the row cannot be
|
|
modified, except by deleting and re-creating the row."
|
|
::= { cnnEouAuthMacEntry 5 }
|
|
|
|
|
|
cnnEouAuthDeviceTypeTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CnnEouAuthDeviceTypeEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "A list of static authorized devices indexed by device type."
|
|
::= { cnnEouAuthorizeLists 3 }
|
|
|
|
|
|
cnnEouAuthDeviceTypeEntry OBJECT-TYPE
|
|
SYNTAX CnnEouAuthDeviceTypeEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "An entry containing the information of the static authorized
|
|
device indexed by device type."
|
|
INDEX { cnnEouAuthDeviceType }
|
|
|
|
::= { cnnEouAuthDeviceTypeTable 1 }
|
|
|
|
cnnEouAuthDeviceTypeEntry ::=
|
|
SEQUENCE {
|
|
cnnEouAuthDeviceType CnnEouDeviceType,
|
|
cnnEouAuthDeviceTypeStorageType StorageType,
|
|
cnnEouAuthDeviceTypeRowStatus RowStatus
|
|
}
|
|
|
|
cnnEouAuthDeviceType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
ciscoIpPhone(1)
|
|
}
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The static authorize device type."
|
|
::= { cnnEouAuthDeviceTypeEntry 1 }
|
|
|
|
|
|
cnnEouAuthDeviceTypeStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The storage type for this conceptual row."
|
|
::= { cnnEouAuthDeviceTypeEntry 2 }
|
|
|
|
|
|
cnnEouAuthDeviceTypeRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "This object is used to create or delete an entry in the
|
|
cnnEouAuthDeviceTypeTable.
|
|
|
|
A row may be created using the 'CreateAndGo' option.
|
|
|
|
A row may be deleted by setting the RowStatus to 'destroy'.
|
|
|
|
Once a row becomes active, values within the row cannot be
|
|
modified, except by deleting and re-creating the row."
|
|
::= { cnnEouAuthDeviceTypeEntry 3 }
|
|
|
|
|
|
cnnEouIfConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CnnEouIfConfigEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "A list of EOU configurations for the EOU capable interfaces."
|
|
::= { cnnEouIfMIBObjects 1 }
|
|
|
|
|
|
cnnEouIfConfigEntry OBJECT-TYPE
|
|
SYNTAX CnnEouIfConfigEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "An entry containing the EOU configuration information for a
|
|
particular EOU capable interface."
|
|
INDEX { ifIndex }
|
|
|
|
::= { cnnEouIfConfigTable 1 }
|
|
|
|
cnnEouIfConfigEntry ::=
|
|
SEQUENCE {
|
|
cnnEouIfAdminStatus INTEGER,
|
|
cnnEouIfMaxRetry Integer32,
|
|
cnnEouIfValidateAction INTEGER,
|
|
cnnEouIfTimeoutGlobalConfig BITS,
|
|
cnnEouIfTimeoutAAA Unsigned32,
|
|
cnnEouIfTimeoutHoldPeriod Unsigned32,
|
|
cnnEouIfTimeoutRetransmit Unsigned32,
|
|
cnnEouIfTimeoutRevalidation Unsigned32,
|
|
cnnEouIfTimeoutStatusQuery Unsigned32
|
|
}
|
|
|
|
cnnEouIfAdminStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
auto(1),
|
|
disabled(2),
|
|
bypass(3)
|
|
}
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Setting this object to 'auto' means the Posture Validation via
|
|
EOU ability at this interface would be enabled if a end point
|
|
device is found.
|
|
|
|
If the value of this object is 'disabled' then the interface
|
|
will act as it would if it had no posture validation via EOU
|
|
ability.
|
|
|
|
Setting this object to 'bypass' allows the host connected
|
|
to this interface this interface to bypass the Posture
|
|
Validation and directly download the host network access policy
|
|
from AAA server. "
|
|
::= { cnnEouIfConfigEntry 1 }
|
|
|
|
|
|
cnnEouIfMaxRetry OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The maximum number of retry by EOU for this interface."
|
|
::= { cnnEouIfConfigEntry 2 }
|
|
|
|
|
|
cnnEouIfValidateAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
initialize(2),
|
|
revalidate(3),
|
|
noRevalidate(4)
|
|
}
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "An EOU validate action to the devices associated with the
|
|
interface.
|
|
|
|
This object always has the value 'none' when read.
|
|
|
|
none(1) no operation is performed.
|
|
|
|
initialize(2) Manually initiates reauthentication of all
|
|
the endpoint devices associated with the
|
|
interface.
|
|
|
|
revalidate(3) Revalidate EOU posture credentials of the
|
|
devices associated with a specify interface.
|
|
|
|
noRevalidate(4) Disable the revalidation of all the device
|
|
associated with the interface."
|
|
::= { cnnEouIfConfigEntry 3 }
|
|
|
|
|
|
cnnEouIfTimeoutGlobalConfig OBJECT-TYPE
|
|
SYNTAX OCTET STRING {
|
|
aaa(0),
|
|
holdPeriod(1),
|
|
retransmit(2),
|
|
revalidation(3),
|
|
statusQuery(4)
|
|
}
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "This object indicates whether the timeout configurations on
|
|
this interface are based on the corresponding global
|
|
timeout configurations or not.
|
|
|
|
aaa(0) If this bit is set, the value of
|
|
cnnEouIfTimeoutAAA is based on the
|
|
value of cnnEouTimeoutAAA.
|
|
|
|
holdPeriod(1) If this bit is set, the value of
|
|
cnnEouIfTimeoutHoldPeriod is based on the
|
|
value of cnnEouTimeoutHoldPeriod.
|
|
|
|
retransmit(2) If this bit is set, the value of
|
|
cnnEouIfTimeoutRetransmit is based on the
|
|
value of cnnEouTimeoutRetransmit.
|
|
|
|
revalidation(3) If this bit is set, the value of
|
|
cnnEouIfTimeoutRevalidation is based on the
|
|
value of cnnEouTimeoutRevalidation.
|
|
|
|
statusQuery(4) If this bit is set, the value of
|
|
cnnEouIfTimeoutStatusQuery is based on the
|
|
value of cnnEouTimeoutStatusQuery.
|
|
|
|
If a bit is not set, the value of the corresponding object
|
|
in the same conceptual row is not based on its corresponding
|
|
global object.
|
|
|
|
If users configure object which is covered by
|
|
cnnEouIfTimeoutGlobalConfig in the same conceptual row
|
|
while the corresponding bit is set, the corresponding bit will
|
|
be unset in order to reflect that such configuration is not
|
|
from its corresponding global object."
|
|
::= { cnnEouIfConfigEntry 4 }
|
|
|
|
|
|
cnnEouIfTimeoutAAA OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The timeout period used by EOU for the AAA server
|
|
connection on this interface."
|
|
::= { cnnEouIfConfigEntry 5 }
|
|
|
|
|
|
cnnEouIfTimeoutHoldPeriod OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The hold period of this interface. The hold period
|
|
is the length of the time that can elapse before the client
|
|
session entries are purged from the system due to client
|
|
inactivity."
|
|
::= { cnnEouIfConfigEntry 6 }
|
|
|
|
|
|
cnnEouIfTimeoutRetransmit OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The timeout period for the EOU message retransmitted at this
|
|
interface."
|
|
::= { cnnEouIfConfigEntry 7 }
|
|
|
|
|
|
cnnEouIfTimeoutRevalidation OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The timeout period for the revalidation at this interface.
|
|
Setting this object to 0 will disable periodic revalidation on
|
|
this device."
|
|
::= { cnnEouIfConfigEntry 8 }
|
|
|
|
|
|
cnnEouIfTimeoutStatusQuery OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The timeout period for the status query after revalidation at
|
|
this interface."
|
|
::= { cnnEouIfConfigEntry 9 }
|
|
|
|
|
|
cnnEouHostValidateAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
initializeAll(2),
|
|
initializeAuthClientless(3),
|
|
initializeAuthEap(4),
|
|
initializeAuthStatic(5),
|
|
initializeIp(6),
|
|
initializeMac(7),
|
|
initializePostureToken(8),
|
|
revalidateAll(9),
|
|
revalidateAuthClientless(10),
|
|
revalidateAuthEap(11),
|
|
revalidateAuthStatic(12),
|
|
revalidateIp(13),
|
|
revalidateMac(14),
|
|
revalidatePostureToken(15),
|
|
noRevalidateAll(16),
|
|
noRevalidateAuthClientless(17),
|
|
noRevalidateAuthEap(18),
|
|
noRevalidateAuthStatic(19),
|
|
noRevalidateIp(20),
|
|
noRevalidateMac(21),
|
|
noRevalidatePostureToken(22)
|
|
}
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "An EOU validate action to the devices.
|
|
|
|
Initialize: When a device is initialized, all previous state
|
|
information about that host is deleted and the admission
|
|
control process for that host will start with no state.
|
|
|
|
Revalidate: When a host is revalidated, state information about
|
|
that host is retained so that the host still has its' normal
|
|
access during the revalidation process.
|
|
|
|
This object always has the value 'none' when read.
|
|
|
|
none(1)
|
|
no operation is performed.
|
|
|
|
initializeAll(2)
|
|
to manually initiates reauthentication of all endpoint
|
|
devices on the system.
|
|
|
|
initializeAuthClientless(3)
|
|
to manually initiates reauthentication of all
|
|
clientless endpoint devices.
|
|
|
|
initializeAuthEap(4)
|
|
to manually initiates reauthentication of all the
|
|
endpoint devices authorized by Extensive Authentication
|
|
Protocol.
|
|
|
|
initializeAuthStatic(5)
|
|
to manually initiates reauthentication of all the
|
|
statically authorized endpoint devices.
|
|
|
|
initializeIp(6)
|
|
to manually initiates reauthentication of a specific
|
|
IP device. The value in cnnEouHostValidateIpAddrType and
|
|
cnnEouHostValidateIpAddr are used by this operation.
|
|
|
|
initializeMac(7)
|
|
to manually initiates reauthentication of the endpoint
|
|
device identified by MAC address. The value in
|
|
cnnEouHostValidateMacAddr is used by this operation.
|
|
|
|
initializePostureToken(8)
|
|
to manually initiates reauthentication of the endpoint
|
|
device(s) with a specify posture token assigned.
|
|
The value in cnnEouHostValidatePostureToken is used
|
|
by this operation.
|
|
|
|
revalidateAll(9)
|
|
to revalidate EOU posture credentials of all devices
|
|
on the system.
|
|
|
|
revalidateAuthClientless(10)
|
|
to revalidate EOU posture credentials of all clientless
|
|
devices on the system.
|
|
|
|
revalidateAuthEap(11)
|
|
to revalidate EOU posture credentials of the devices
|
|
authorized by EAP on the system.
|
|
|
|
revalidateAuthStatic(12)
|
|
to revalidate EOU posture credentials of all statically
|
|
authorized devices on the system.
|
|
|
|
revalidateIp(13)
|
|
to revalidates EOU posture credentials of a specific
|
|
IP device. The value in cnnEouHostValidateIpAddrType and
|
|
cnnEouHostValidateIpAddr are used by this operation.
|
|
|
|
revalidateMac(14)
|
|
to revalidates EOU posture credentials of a specific
|
|
device identified by MAC address. The value in
|
|
cnnEouHostValidateMacAddr is used by this operation.
|
|
|
|
revalidatePostureToken(15)
|
|
to enable revalidates EOU posture credentials of the
|
|
devices with the specific posture token assigned.
|
|
The value in cnnEouHostValidatePostureToken is used
|
|
by this operation.
|
|
|
|
noRevalidateAll(16)
|
|
to disable revalidation of all devices on the system.
|
|
|
|
noRevalidateAuthClientless(17)
|
|
to disable the revalidation of all clientless devices
|
|
on the system.
|
|
|
|
noRevalidateAuthEap(18)
|
|
to disable the revalidation of all devices authorized
|
|
by EAP on the system.
|
|
|
|
noRevalidateAuthStatic(19)
|
|
to disable the revalidation of all statically authorized
|
|
devices on the system.
|
|
|
|
noRevalidateIp(20)
|
|
to disable the revalidation of the specific IP device.
|
|
The value in cnnEouHostValidateIpAddrType and
|
|
cnnEouHostValidateIpAddr are used by this operation.
|
|
|
|
noRevalidateMac(21)
|
|
to disable the revalidation of the specific device
|
|
identified by MAC address. The value in
|
|
cnnEouHostValidateMacAddr is used by this operation.
|
|
|
|
noRevalidatePostureToken(22)
|
|
to disable the revalidation of all device with the
|
|
specific posture token assigned. The value in
|
|
cnnEouHostValidatePostureToken is used by this operation."
|
|
::= { cnnEouHostMIBObjects 1 }
|
|
|
|
|
|
cnnEouHostValidateIpAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The type of Internet address for a detected host."
|
|
::= { cnnEouHostMIBObjects 2 }
|
|
|
|
|
|
cnnEouHostValidateIpAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The Internet address for a detected host. The type of this
|
|
address is determined by the value of the
|
|
cnnEouHostValidateIpAddrType."
|
|
::= { cnnEouHostMIBObjects 3 }
|
|
|
|
|
|
cnnEouHostVailidateMacAddr OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The Mac address for a detected host."
|
|
::= { cnnEouHostMIBObjects 4 }
|
|
|
|
|
|
cnnEouHostValidatePostureToken OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
unknown(1),
|
|
healthy(2),
|
|
checkup(3),
|
|
quarantine(4),
|
|
infected(5)
|
|
}
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Type of posture token for a detected host."
|
|
::= { cnnEouHostMIBObjects 5 }
|
|
|
|
|
|
cnnEouHostMaxQueries OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Maximum number of query entries allowed to be outstanding
|
|
at any time, in the cnnEouHostQueryTable."
|
|
::= { cnnEouHostMIBObjects 6 }
|
|
|
|
|
|
cnnEouHostQueryTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CnnEouHostQueryEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "A control table used to query the client host by
|
|
specifying retrieval criteria for the EOU information.
|
|
Each row instance in the table represents a query with
|
|
its parameters. The resulting data for each instance of
|
|
a query in this table is returned in the
|
|
cnnHostQueryResultTable.
|
|
|
|
The maximum number of entries (rows) in this table cannot
|
|
exceed the value of cnnEouHostMaxQueries object."
|
|
::= { cnnEouHostMIBObjects 7 }
|
|
|
|
|
|
cnnEouHostQueryEntry OBJECT-TYPE
|
|
SYNTAX CnnEouHostQueryEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "A conceptual row of the cnnEouHostQueryTable used to setup
|
|
retrieval criteria to search for the EOU hosts on the system.
|
|
The actual search is started by setting the value of
|
|
cnnEouHostQueryStatus to 'active'. Once a row becomes active,
|
|
values within the row cannot be modified, except by deleting
|
|
and re-creating the row."
|
|
INDEX { cnnEouHostQueryIndex }
|
|
|
|
::= { cnnEouHostQueryTable 1 }
|
|
|
|
cnnEouHostQueryEntry ::=
|
|
SEQUENCE {
|
|
cnnEouHostQueryIndex Unsigned32,
|
|
cnnEouHostQueryMask INTEGER,
|
|
cnnEouHostQueryInterface InterfaceIndexOrZero,
|
|
cnnEouHostQueryIpAddrType InetAddressType,
|
|
cnnEouHostQueryIpAddr InetAddress,
|
|
cnnEouHostQueryMacAddr MacAddress,
|
|
cnnEouHostQueryPostureToken CnnEouPostureToken,
|
|
cnnEouHostQuerySkipNHosts Unsigned32,
|
|
cnnEouHostQueryMaxResultRows Unsigned32,
|
|
cnnEouHostQueryTotalHosts Integer32,
|
|
cnnEouHostQueryRows Integer32,
|
|
cnnEouHostQueryCreateTime TimeStamp,
|
|
cnnEouHostQueryStatus RowStatus
|
|
}
|
|
|
|
cnnEouHostQueryIndex OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "An arbitrary integer in the range of 1 to cnnEouHostMaxQueries
|
|
to identify this control query."
|
|
::= { cnnEouHostQueryEntry 1 }
|
|
|
|
|
|
cnnEouHostQueryMask OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
authenClientless(1),
|
|
authenEap(2),
|
|
authenStatic(3),
|
|
interface(4),
|
|
ip(5),
|
|
mac(6),
|
|
postureToken(7),
|
|
all(8)
|
|
}
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Setting each value causes the appropriate action:
|
|
|
|
'authenClientless' causes the creation of row(s) in the
|
|
cnnHostQueryResultTable corresponding to the current EOU
|
|
information for the clientless host(s) on the system.
|
|
|
|
'authenEap' causes the creation of row(s) in the
|
|
cnnHostQueryResultTable corresponding to the current EOU
|
|
information for the hosts authorized by EAP on the system.
|
|
|
|
'authenStatic' causes the creation of row(s) in the
|
|
cnnHostQueryResultTable corresponding to the current EOU
|
|
information for the statically authorized hosts on the system.
|
|
|
|
'interface' causes the creation of row(s) in the
|
|
cnnHostQueryResultTable corresponding to the current EOU
|
|
information for the endpoint devices connected to the interface
|
|
specified in cnnEouHostQueryInterface.
|
|
|
|
'ip' causes the creation of row(s) in the
|
|
cnnHostQueryResultTable corresponding to the current EOU
|
|
information for the IP hosts specified in
|
|
cnnEouHostQueryIpAddrType and cnnEouHostQueryIpAddr.
|
|
|
|
'mac' causes the creation of row(s) in the
|
|
cnnHostQueryResultTable corresponding to the current EOU
|
|
information for the hosts matching the mac address specified in
|
|
cnnEouHostQueryMacAddr.
|
|
|
|
'postureToken' causes the creation of row(s) in the
|
|
cnnHostQueryResultTable corresponding to the current EOU
|
|
information for the hosts assigned posture token specified in
|
|
cnnEouHostQueryPostureToken.
|
|
|
|
'all' returns all rows corresponding to all the detected
|
|
hosts in the system."
|
|
::= { cnnEouHostQueryEntry 2 }
|
|
|
|
|
|
cnnEouHostQueryInterface OBJECT-TYPE
|
|
SYNTAX InterfaceIndexOrZero
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "An index value that uniquely identifies an interface
|
|
where the end point device is connected.
|
|
The interface identified by a particular value of
|
|
this index is the same interface as identified
|
|
by the same value of ifIndex."
|
|
::= { cnnEouHostQueryEntry 3 }
|
|
|
|
|
|
cnnEouHostQueryIpAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The internet address type for the queried host."
|
|
::= { cnnEouHostQueryEntry 4 }
|
|
|
|
|
|
cnnEouHostQueryIpAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The Internet address for the queried host. The type of this
|
|
address is determined by the value of the
|
|
cnnEouHostQueryIpAddrType.
|
|
|
|
If the 'ip' option of cnnEouHostQueryMask is selected, an
|
|
appropriate IP address type is assigned to
|
|
cnnEouHostQueryIpAddrType, and an appropriate IP address is
|
|
assigned to cnnEouHostQueryIpAddr then only the IP host with the
|
|
specified address will be containing in the result table."
|
|
::= { cnnEouHostQueryEntry 5 }
|
|
|
|
|
|
cnnEouHostQueryMacAddr OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The Mac address for the queried host.
|
|
|
|
If the 'mac' option of cnnEouHostQueryMask is selected, an
|
|
appropriate MAC address is assigned to this object
|
|
then only the host with the specified MAC address will be
|
|
containing in the result table."
|
|
::= { cnnEouHostQueryEntry 6 }
|
|
|
|
|
|
cnnEouHostQueryPostureToken OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
unknown(1),
|
|
healthy(2),
|
|
checkup(3),
|
|
quarantine(4),
|
|
infected(5)
|
|
}
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The assigned posture token for the queried host.
|
|
|
|
If the 'postureToken' option of cnnEouHostQueryMask is selected,
|
|
an appropriate posture token is assigned to this object then
|
|
only the host with the specified posture token will be
|
|
containing in the result table."
|
|
::= { cnnEouHostQueryEntry 7 }
|
|
|
|
|
|
cnnEouHostQuerySkipNHosts OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The number of searched detected hosts to be skipped before
|
|
storing any host in cnnEouHostResultTable.
|
|
|
|
This object can be used along with cnnEouHostQueryTotalHosts
|
|
object to skip previously found hosts by setting the variable
|
|
equal to the number of the associated rows in
|
|
cnnEouHostResultTable, and only query the remaining hosts
|
|
in the table.
|
|
|
|
Note that due to the dynamical nature of the EOU, the queried
|
|
hosts may be missed or repeated by setting this object."
|
|
::= { cnnEouHostQueryEntry 8 }
|
|
|
|
|
|
cnnEouHostQueryMaxResultRows OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "This is the maximum number of rows in the
|
|
cnnEouHostResultTable, resulting from this query.
|
|
|
|
A value of zero (0) indicates no limit rows in
|
|
cnnEouHostResultTable, resulting from this query."
|
|
::= { cnnEouHostQueryEntry 9 }
|
|
|
|
|
|
cnnEouHostQueryTotalHosts OBJECT-TYPE
|
|
SYNTAX INTEGER (-1..2147483647)
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Indicating the total number of the hosts matching the query
|
|
criterion.
|
|
|
|
-1 - Either the query has not been started or the agent is
|
|
still processing this query instance. It is the default
|
|
value when the row is instantiated.
|
|
|
|
0..2147483647 - The search has ended and this is the number of
|
|
host matching the query criterion."
|
|
::= { cnnEouHostQueryEntry 10 }
|
|
|
|
|
|
cnnEouHostQueryRows OBJECT-TYPE
|
|
SYNTAX INTEGER (-1..2147483647)
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Indicating the status of the query by following values:
|
|
|
|
-1 - Either the query has not been started or the agent is
|
|
still processing this query instance. It is the default
|
|
value when the row is instantiated.
|
|
|
|
0..2147483647 - The search has ended and this is the number of
|
|
rows in the cnnEouHostResultTable, resulting from this
|
|
query."
|
|
::= { cnnEouHostQueryEntry 11 }
|
|
|
|
|
|
cnnEouHostQueryCreateTime OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Time when this query was last set to active."
|
|
::= { cnnEouHostQueryEntry 12 }
|
|
|
|
|
|
cnnEouHostQueryStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The status object used to manage rows in this table.
|
|
When set to 'createAndGo', the query is initiated.
|
|
|
|
The completion of the query is indicated by the value of
|
|
cnnEouHostQueryRows as soon as it becomes greater than or equal
|
|
to 0.
|
|
|
|
Once a row becomes active, values within the row cannot
|
|
be modified, except by deleting and re-creating it."
|
|
::= { cnnEouHostQueryEntry 13 }
|
|
|
|
|
|
cnnEouHostResultTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CnnEouHostResultEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "A table containing current detected host information
|
|
corresponding to all the completed queries set up in
|
|
the cnnEouHostQueryTable, that were detected in the device.
|
|
The query result will not become available until the current
|
|
search completes."
|
|
::= { cnnEouHostMIBObjects 8 }
|
|
|
|
|
|
cnnEouHostResultEntry OBJECT-TYPE
|
|
SYNTAX CnnEouHostResultEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "A conceptual row of cnnEouHostResultTable, containing
|
|
posture validation information of an detected host that
|
|
matches the search criteria set in the corresponding row of
|
|
cnnEouHostQueryTable."
|
|
INDEX { cnnEouHostQueryIndex , cnnEouHostResultIndex }
|
|
|
|
::= { cnnEouHostResultTable 1 }
|
|
|
|
cnnEouHostResultEntry ::=
|
|
SEQUENCE {
|
|
cnnEouHostResultIndex Unsigned32,
|
|
cnnEouHostResultAssocIf InterfaceIndex,
|
|
cnnEouHostResultIpAddrType InetAddressType,
|
|
cnnEouHostResultIpAddr InetAddress,
|
|
cnnEouHostResultMacAddr MacAddress,
|
|
cnnEouHostResultAuthType CnnEouAuthType,
|
|
cnnEouHostResultPostureToken CnnEouPostureToken,
|
|
cnnEouHostResultAge Unsigned32,
|
|
cnnEouHostResultUrlRedir CiscoURLString,
|
|
cnnEouHostResultAclName SnmpAdminString,
|
|
cnnEouHostResultStatusQryPeriod Unsigned32,
|
|
cnnEouHostResultRevalidatePeriod Unsigned32,
|
|
cnnEouHostResultState CnnEouState
|
|
}
|
|
|
|
cnnEouHostResultIndex OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "A number which uniquely identifies a result entry
|
|
matching a particular query."
|
|
::= { cnnEouHostResultEntry 1 }
|
|
|
|
|
|
cnnEouHostResultAssocIf OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "An index value that uniquely identifies an interface
|
|
where the end point device is currently connected.
|
|
The interface identified by a particular value of
|
|
this index is the same interface as identified
|
|
by the same value of ifIndex."
|
|
::= { cnnEouHostResultEntry 2 }
|
|
|
|
|
|
cnnEouHostResultIpAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The type of Internet address by which the detected host
|
|
is reachable."
|
|
::= { cnnEouHostResultEntry 3 }
|
|
|
|
|
|
cnnEouHostResultIpAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The internet address for the detected host. The type
|
|
of this address is determined by the value of the
|
|
cnnEouHostResultIpAddrType object."
|
|
::= { cnnEouHostResultEntry 4 }
|
|
|
|
|
|
cnnEouHostResultMacAddr OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Indicates The MAC address of the detected host."
|
|
::= { cnnEouHostResultEntry 5 }
|
|
|
|
|
|
cnnEouHostResultAuthType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
clientless(1),
|
|
eap(2),
|
|
static(3)
|
|
}
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "This object indicates the authentication type used in
|
|
the posture validation process for this detected host."
|
|
::= { cnnEouHostResultEntry 6 }
|
|
|
|
|
|
cnnEouHostResultPostureToken OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
unknown(1),
|
|
healthy(2),
|
|
checkup(3),
|
|
quarantine(4),
|
|
infected(5)
|
|
}
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Indicates the posture token of the detected host.
|
|
During the posture validation process, the host will be
|
|
placed into a particular category and have a token assigned to
|
|
it. This assignment will depend on the state of the software
|
|
that is resident on the host. The host will have specific
|
|
right to access network based on the token assigned."
|
|
::= { cnnEouHostResultEntry 7 }
|
|
|
|
|
|
cnnEouHostResultAge OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Indicates the length of time, in minutes, that host
|
|
has been connected."
|
|
::= { cnnEouHostResultEntry 8 }
|
|
|
|
|
|
cnnEouHostResultUrlRedir OBJECT-TYPE
|
|
SYNTAX CiscoURLString
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "This object specifies the URL(Web page) where the latest
|
|
Anti-Virus file can be downloaded or upgraded, if the
|
|
detected host fails the credential validation then it
|
|
may require remediation."
|
|
::= { cnnEouHostResultEntry 9 }
|
|
|
|
|
|
cnnEouHostResultAclName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The mapped ACL to this detected host. A character string for
|
|
an ACL (Access Control List) name. Valid characters are a-z,
|
|
A-Z, 0-9, ,'#', '-', '_' and '.'. Some devices may require
|
|
that an ACL name contains at least one non-numeric character.
|
|
ACL name is case sensitive."
|
|
::= { cnnEouHostResultEntry 10 }
|
|
|
|
|
|
cnnEouHostResultStatusQryPeriod OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The timeout period, in seconds, for the status query after
|
|
revalidation at this interface."
|
|
::= { cnnEouHostResultEntry 11 }
|
|
|
|
|
|
cnnEouHostResultRevalidatePeriod OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The timeout period, in second, for the revalidation at this
|
|
interface."
|
|
::= { cnnEouHostResultEntry 12 }
|
|
|
|
|
|
cnnEouHostResultState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
initialize(1),
|
|
hello(2),
|
|
clientless(3),
|
|
eapRequest(4),
|
|
response(5),
|
|
authenticated(6),
|
|
fail(7),
|
|
abort(8)
|
|
}
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Indicates the current EOU state of this detected host."
|
|
::= { cnnEouHostResultEntry 13 }
|
|
|
|
|
|
ciscoNacNadMIBCompliances OBJECT IDENTIFIER ::= { ciscoNacNadMIBConformance 1 }
|
|
|
|
ciscoNacNadMIBGroups OBJECT IDENTIFIER ::= { ciscoNacNadMIBConformance 2 }
|
|
|
|
ciscoNacNadEouGlobalGroup OBJECT IDENTIFIER ::= { ciscoNacNadMIBGroups 1 }
|
|
|
|
ciscoNacNadEouAuthIpGroup OBJECT IDENTIFIER ::= { ciscoNacNadMIBGroups 2 }
|
|
|
|
ciscoNacNadEouAuthMacGroup OBJECT IDENTIFIER ::= { ciscoNacNadMIBGroups 3 }
|
|
|
|
ciscoNacNadEouAuthDeviceTypeGrp OBJECT IDENTIFIER ::= { ciscoNacNadMIBGroups 4 }
|
|
|
|
ciscoNacNadEouIfConfigGroup OBJECT IDENTIFIER ::= { ciscoNacNadMIBGroups 5 }
|
|
|
|
ciscoNacNadEouHostGroup OBJECT IDENTIFIER ::= { ciscoNacNadMIBGroups 6 }
|
|
|
|
ciscoNacNadEouIfTimeoutGroup OBJECT IDENTIFIER ::= { ciscoNacNadMIBGroups 7 }
|
|
|
|
ciscoNacNadEouIfMaxRetryGroup OBJECT IDENTIFIER ::= { ciscoNacNadMIBGroups 8 }
|
|
|
|
ciscoNacNadEouRateLimitGroup OBJECT IDENTIFIER ::= { ciscoNacNadMIBGroups 9 }
|
|
|
|
ciscoNacNadEouIfAdminGroup OBJECT IDENTIFIER ::= { ciscoNacNadMIBGroups 10 }
|
|
|
|
ciscoNacNadEouHostAgeGroup OBJECT IDENTIFIER ::= { ciscoNacNadMIBGroups 11 }
|
|
|
|
ciscoNacNadEouHostUrlRedir OBJECT IDENTIFIER ::= { ciscoNacNadMIBGroups 12 }
|
|
|
|
ciscoNacNadEouHostAclGroup OBJECT IDENTIFIER ::= { ciscoNacNadMIBGroups 13 }
|
|
|
|
END
|
|
|