This MIB module is for the configuration of a Network
Access Device (NAD) on the Cisco Network Admission
Control (NAC) system.
EndPoint
(SecurApp) EAPoUDP/802.1x RADIUS HCAP
(Plugin)
(PA)
Cisco NAC system
The Cisco Network Admission Control (NAC) security
solution offers a systems approach to customers for
ensuring endpoint device compliancy and vulnerability
checks prior to production access to the network. Cisco
refers to these compliancy checks as posture
validations. The intent of this systems approach is to
prevent the spread of works, viruses, and rogue
applications across the network. This systems approach
requires integration with third party end point security
applications, as well as endpoint security servers.
The Network Access Device (NAD) enforces network access
control privileges by controlling which endpoint devices
have access to network destinations and services
reachable through that NAD. Endpoint devices that do
not have the PA installed, enabled, or cannot otherwise
respond to the NAD posture challenges are considered
non-responsive hosts. Upon recognition of an incoming
endpoint device at L2 or L3, the NAD issues a challenge
to the endpoint device for posture credentials. Endpoint
devices with a PA will recognize the challenge and
respond with the necessary posture credentials. The NAD
acts as a relay agent between the endpoint device and
AAA server for all messages in the posture validation
exchange. Once the validation is complete, the NAD
enforces the access policy profile downloaded from the
AAA Server, e.g. (i) provide full access (ii) deny all
access through the NAD restrict access (quarantine) or
(iii) some intermediate level of network access
restriction or quarantine. Between posture
revalidations, the NAD may issue periodic status queries
to determine that the each endpoint device using the NAD
is still the same device that was first postured, and
that the endpoint device's posture credentials have not
changed. This mechanism is a challenge response protocol
that does not involve the AAA Server nor does it require
the posture plugins to resend any credentials. It is
used to trigger a full posture revalidation with the AAA
Server when the endpoint device's credentials have
changed (e.g. to revalidate the host endpoint device
after remediation), or a new host endpoint device
connects with a previously authorized IP address. The
NAD supports a local exception list based on IP, MAC
address or device type so that certain endpoint devices
can bypass the posture validation process based on
system administrator configuration. Also, the NAD may be
configured to query the AAA server for access policies
associated with endpoint devices that do not have a
Posture Agent installed, clientless host endpoint
devices.
Posture Validation occurs when a NAC-enabled network
access device (NAC) detects an endpoint device
attempting to connect or use its network resources and
it issues the endpoint device a posture challenge. An
endpoint device with a resident posture agent will
respond to the challenge with sets of posture
credentials from one or more posture plugins which can
detail the state of the various hardware and software
components on the endpoint device. The posture agent
response is forwarded by the network access device to an
AAA server which may in turn delegate parts of the
decision to posture validation server. Evaluation of the
credentials against posture validation policies results
in an authorization decision or posture token,
representing the endpoint device's relative compliance
to the network compliance policy. The AAA server then
sends the respective network access profile to the
network access device for enforcement of the endpoint
device authorization.
The Cisco Technology consists of the following:
Endpoint Device - Any host attempting to connect or use
the resource of a network. - e.g., a personal computer,
personal data digital assistant, or data server, or
other network attached device.
NAD - Network Access Device that enforces network
access control policies through layer 2 or layer 3
challenge-responses with a network enabled Endpoint
device.
PC - Posture Credentials that describe the state of
an application and/or operating system that is running
on an endpoint device at the time a layer 2 or layer 3
challenge response is issued by a NAD.
PP - Posture Plugin. A module implemented by an
application or agent provider that is responsible for
supplying the relevant posture credentials for the
application or agent.
PA - Posture Agent. Host agent software that serves as
a broker on the host for aggregating credential from
potentially multiple posture plugins and communicating
with the network.
CTA - Cisco Trust Agent. Cisco's implementation of
the posture agent.
EAP - Extensible Authentication Protocol. An extension
to PPP.
EOU - Extensible Authentication Protocol over UDP.
ACS/AAA - Cisco Secure Access Control Server. The
primary authorization server that is the network policy
decision point and is extended to support posture
validation.
PVS - Posture Validation Server.
UCT - Un Conditional Transition.
Clientless - Client without Cisco Posture Agent.
Parsed from file CISCO-NAC-NAD-MIB.mib
Module: CISCO-NAC-NAD-MIB
This MIB module is for the configuration of a Network
Access Device (NAD) on the Cisco Network Admission
Control (NAC) system.
EndPoint
(SecurApp) EAPoUDP/802.1x RADIUS HCAP
(Plugin)
(PA)
Cisco NAC system
The Cisco Network Admission Control (NAC) security
solution offers a systems approach to customers for
ensuring endpoint device compliancy and vulnerability
checks prior to production access to the network. Cisco
refers to these compliancy checks as posture
validations. The intent of this systems approach is to
prevent the spread of works, viruses, and rogue
applications across the network. This systems approach
requires integration with third party end point security
applications, as well as endpoint security servers.
The Network Access Device (NAD) enforces network access
control privileges by controlling which endpoint devices
have access to network destinations and services
reachable through that NAD. Endpoint devices that do
not have the PA installed, enabled, or cannot otherwise
respond to the NAD posture challenges are considered
non-responsive hosts. Upon recognition of an incoming
endpoint device at L2 or L3, the NAD issues a challenge
to the endpoint device for posture credentials. Endpoint
devices with a PA will recognize the challenge and
respond with the necessary posture credentials. The NAD
acts as a relay agent between the endpoint device and
AAA server for all messages in the posture validation
exchange. Once the validation is complete, the NAD
enforces the access policy profile downloaded from the
AAA Server, e.g. (i) provide full access (ii) deny all
access through the NAD restrict access (quarantine) or
(iii) some intermediate level of network access
restriction or quarantine. Between posture
revalidations, the NAD may issue periodic status queries
to determine that the each endpoint device using the NAD
is still the same device that was first postured, and
that the endpoint device's posture credentials have not
changed. This mechanism is a challenge response protocol
that does not involve the AAA Server nor does it require
the posture plugins to resend any credentials. It is
used to trigger a full posture revalidation with the AAA
Server when the endpoint device's credentials have
changed (e.g. to revalidate the host endpoint device
after remediation), or a new host endpoint device
connects with a previously authorized IP address. The
NAD supports a local exception list based on IP, MAC
address or device type so that certain endpoint devices
can bypass the posture validation process based on
system administrator configuration. Also, the NAD may be
configured to query the AAA server for access policies
associated with endpoint devices that do not have a
Posture Agent installed, clientless host endpoint
devices.
Posture Validation occurs when a NAC-enabled network
access device (NAC) detects an endpoint device
attempting to connect or use its network resources and
it issues the endpoint device a posture challenge. An
endpoint device with a resident posture agent will
respond to the challenge with sets of posture
credentials from one or more posture plugins which can
detail the state of the various hardware and software
components on the endpoint device. The posture agent
response is forwarded by the network access device to an
AAA server which may in turn delegate parts of the
decision to posture validation server. Evaluation of the
credentials against posture validation policies results
in an authorization decision or posture token,
representing the endpoint device's relative compliance
to the network compliance policy. The AAA server then
sends the respective network access profile to the
network access device for enforcement of the endpoint
device authorization.
The Cisco Technology consists of the following:
Endpoint Device - Any host attempting to connect or use
the resource of a network. - e.g., a personal computer,
personal data digital assistant, or data server, or
other network attached device.
NAD - Network Access Device that enforces network
access control policies through layer 2 or layer 3
challenge-responses with a network enabled Endpoint
device.
PC - Posture Credentials that describe the state of
an application and/or operating system that is running
on an endpoint device at the time a layer 2 or layer 3
challenge response is issued by a NAD.
PP - Posture Plugin. A module implemented by an
application or agent provider that is responsible for
supplying the relevant posture credentials for the
application or agent.
PA - Posture Agent. Host agent software that serves as
a broker on the host for aggregating credential from
potentially multiple posture plugins and communicating
with the network.
CTA - Cisco Trust Agent. Cisco's implementation of
the posture agent.
EAP - Extensible Authentication Protocol. An extension
to PPP.
EOU - Extensible Authentication Protocol over UDP.
ACS/AAA - Cisco Secure Access Control Server. The
primary authorization server that is the network policy
decision point and is extended to support posture
validation.
PVS - Posture Validation Server.
UCT - Un Conditional Transition.
Clientless - Client without Cisco Posture Agent.
Parsed from file cisco-nac-nad.mib.txt
Company: None
Module: CISCO-NAC-NAD-MIB
This MIB module is for the configuration of a Network
Access Device (NAD) on the Cisco Network Admission
Control (NAC) system.
EndPoint
(SecurApp) EAPoUDP/802.1x RADIUS HCAP
(Plugin)
(PA)
Cisco NAC system
The Cisco Network Admission Control (NAC) security
solution offers a systems approach to customers for
ensuring endpoint device compliancy and vulnerability
checks prior to production access to the network. Cisco
refers to these compliancy checks as posture
validations. The intent of this systems approach is to
prevent the spread of works, viruses, and rogue
applications across the network. This systems approach
requires integration with third party end point security
applications, as well as endpoint security servers.
The Network Access Device (NAD) enforces network access
control privileges by controlling which endpoint devices
have access to network destinations and services
reachable through that NAD. Endpoint devices that do
not have the PA installed, enabled, or cannot otherwise
respond to the NAD posture challenges are considered
non-responsive hosts. Upon recognition of an incoming
endpoint device at L2 or L3, the NAD issues a challenge
to the endpoint device for posture credentials. Endpoint
devices with a PA will recognize the challenge and
respond with the necessary posture credentials. The NAD
acts as a relay agent between the endpoint device and
AAA server for all messages in the posture validation
exchange. Once the validation is complete, the NAD
enforces the access policy profile downloaded from the
AAA Server, e.g. (i) provide full access (ii) deny all
access through the NAD restrict access (quarantine) or
(iii) some intermediate level of network access
restriction or quarantine. Between posture
revalidations, the NAD may issue periodic status queries
to determine that the each endpoint device using the NAD
is still the same device that was first postured, and
that the endpoint device's posture credentials have not
changed. This mechanism is a challenge response protocol
that does not involve the AAA Server nor does it require
the posture plugins to resend any credentials. It is
used to trigger a full posture revalidation with the AAA
Server when the endpoint device's credentials have
changed (e.g. to revalidate the host endpoint device
after remediation), or a new host endpoint device
connects with a previously authorized IP address. The
NAD supports a local exception list based on IP, MAC
address or device type so that certain endpoint devices
can bypass the posture validation process based on
system administrator configuration. Also, the NAD may be
configured to query the AAA server for access policies
associated with endpoint devices that do not have a
Posture Agent installed, clientless host endpoint
devices.
Posture Validation occurs when a NAC-enabled network
access device (NAC) detects an endpoint device
attempting to connect or use its network resources and
it issues the endpoint device a posture challenge. An
endpoint device with a resident posture agent will
respond to the challenge with sets of posture
credentials from one or more posture plugins which can
detail the state of the various hardware and software
components on the endpoint device. The posture agent
response is forwarded by the network access device to an
AAA server which may in turn delegate parts of the
decision to posture validation server. Evaluation of the
credentials against posture validation policies results
in an authorization decision or posture token,
representing the endpoint device's relative compliance
to the network compliance policy. The AAA server then
sends the respective network access profile to the
network access device for enforcement of the endpoint
device authorization.
The Cisco Technology consists of the following:
Endpoint Device - Any host attempting to connect or use
the resource of a network. - e.g., a personal computer,
personal data digital assistant, or data server, or
other network attached device.
NAD - Network Access Device that enforces network
access control policies through layer 2 or layer 3
challenge-responses with a network enabled Endpoint
device.
PC - Posture Credentials that describe the state of
an application and/or operating system that is running
on an endpoint device at the time a layer 2 or layer 3
challenge response is issued by a NAD.
PP - Posture Plugin. A module implemented by an
application or agent provider that is responsible for
supplying the relevant posture credentials for the
application or agent.
PA - Posture Agent. Host agent software that serves as
a broker on the host for aggregating credential from
potentially multiple posture plugins and communicating
with the network.
CTA - Cisco Trust Agent. Cisco's implementation of
the posture agent.
EAP - Extensible Authentication Protocol. An extension
to PPP.
EOU - Extensible Authentication Protocol over UDP.
ACS/AAA - Cisco Secure Access Control Server. The
primary authorization server that is the network policy
decision point and is extended to support posture
validation.
PVS - Posture Validation Server.
UCT - Un Conditional Transition.
Clientless - Client without Cisco Posture Agent.
Tag - Tag is a policy specifier which is mapped to a
policy template based on specific rules. The Tag allows
network administrators to define enforcement policies
on local device and have a RADIUS server specify the
policy Template to be enforced.
ciscoNacNadMIB MODULE-IDENTITY LAST-UPDATED "200711120000Z" ORGANIZATION "Cisco Systems, Inc." CONTACT-INFO "Cisco Systems Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: [email protected], [email protected]" DESCRIPTION "This MIB module is for the configuration of a Network Access Device (NAD) on the Cisco Network Admission Control (NAC) system. EndPoint (SecurApp) EAPoUDP/802.1x RADIUS HCAP (Plugin) (PA) Cisco NAC system The Cisco Network Admission Control (NAC) security solution offers a systems approach to customers for ensuring endpoint device compliancy and vulnerability checks prior to production access to the network. Cisco refers to these compliancy checks as posture validations. The intent of this systems approach is to prevent the spread of works, viruses, and rogue applications across the network. This systems approach requires integration with third party end point security applications, as well as endpoint security servers. The Network Access Device (NAD) enforces network access control privileges by controlling which endpoint devices have access to network destinations and services reachable through that NAD. Endpoint devices that do not have the PA installed, enabled, or cannot otherwise respond to the NAD posture challenges are considered non-responsive hosts. Upon recognition of an incoming endpoint device at L2 or L3, the NAD issues a challenge to the endpoint device for posture credentials. Endpoint devices with a PA will recognize the challenge and respond with the necessary posture credentials. The NAD acts as a relay agent between the endpoint device and AAA server for all messages in the posture validation exchange. Once the validation is complete, the NAD enforces the access policy profile downloaded from the AAA Server, e.g. (i) provide full access (ii) deny all access through the NAD restrict access (quarantine) or (iii) some intermediate level of network access restriction or quarantine. Between posture revalidations, the NAD may issue periodic status queries to determine that the each endpoint device using the NAD is still the same device that was first postured, and that the endpoint device's posture credentials have not changed. This mechanism is a challenge response protocol that does not involve the AAA Server nor does it require the posture plugins to resend any credentials. It is used to trigger a full posture revalidation with the AAA Server when the endpoint device's credentials have changed (e.g. to revalidate the host endpoint device after remediation), or a new host endpoint device connects with a previously authorized IP address. The NAD supports a local exception list based on IP, MAC address or device type so that certain endpoint devices can bypass the posture validation process based on system administrator configuration. Also, the NAD may be configured to query the AAA server for access policies associated with endpoint devices that do not have a Posture Agent installed, clientless host endpoint devices. Posture Validation occurs when a NAC-enabled network access device (NAC) detects an endpoint device attempting to connect or use its network resources and it issues the endpoint device a posture challenge. An endpoint device with a resident posture agent will respond to the challenge with sets of posture credentials from one or more posture plugins which can detail the state of the various hardware and software components on the endpoint device. The posture agent response is forwarded by the network access device to an AAA server which may in turn delegate parts of the decision to posture validation server. Evaluation of the credentials against posture validation policies results in an authorization decision or posture token, representing the endpoint device's relative compliance to the network compliance policy. The AAA server then sends the respective network access profile to the network access device for enforcement of the endpoint device authorization. The Cisco Technology consists of the following: Endpoint Device - Any host attempting to connect or use the resource of a network. - e.g., a personal computer, personal data digital assistant, or data server, or other network attached device. NAD - Network Access Device that enforces network access control policies through layer 2 or layer 3 challenge-responses with a network enabled Endpoint device. PC - Posture Credentials that describe the state of an application and/or operating system that is running on an endpoint device at the time a layer 2 or layer 3 challenge response is issued by a NAD. PP - Posture Plugin. A module implemented by an application or agent provider that is responsible for supplying the relevant posture credentials for the application or agent. PA - Posture Agent. Host agent software that serves as a broker on the host for aggregating credential from potentially multiple posture plugins and communicating with the network. CTA - Cisco Trust Agent. Cisco's implementation of the posture agent. EAP - Extensible Authentication Protocol. An extension to PPP. EOU - Extensible Authentication Protocol over UDP. ACS/AAA - Cisco Secure Access Control Server. The primary authorization server that is the network policy decision point and is extended to support posture validation. PVS - Posture Validation Server. UCT - Un Conditional Transition. Clientless - Client without Cisco Posture Agent." REVISION "200711120000Z" DESCRIPTION "Add cnnEouIfIpDevTrackConfigGrp MIB group." REVISION "200702230000Z" DESCRIPTION "Move all the TEXTUAL-CONVENTION to CISCO-NAC-TC-MIB; Modify cnnEouHostValidateAction object to add the following enum values: initializePostureTokenStr(23), revalidatePostureTokenStr(24), noRevalidatePostureTokenStr(25) to deprecate the following enum values: initializePostureToken(8), revalidatePostureToken(15), noRevalidatePostureToken(22) Modify cnnEouHostQueryMask object to add postureTokenString(9) enum value to deprecate postureToken(7) enum value Add the following objects: cnnEouHostValidatePostureTokenStr, cnnEouHostQueryPostureTokenStr, cnnEouHostResultPostureTokenStr, to deprecate the following objects: cnnEouHostValidatePostureToken, cnnEouHostQueryPostureToken, cnnEouHostResultPostureToken Add ciscoNacNadEouHostGroup to deprecate ciscoNacNadEouHostGrp Add the following MIB groups: ciscoNacNadEouIfAaaFailPolicyGrp cnnIpDeviceTrackingConfigGrp cnnEouCriticalRecoveryDelayGrp" REVISION "200506280000Z" DESCRIPTION "Initial version of this MIB module." ::= { ciscoMgmt 484 }
ciscoNacNadMIB OBJECT IDENTIFIER ::= { ciscoMgmt 484 }
Vendor: Cisco
Module: CISCO-NAC-NAD-MIB
[Automatically extracted from oidview.com]
ciscoNacNadMIB MODULE-IDENTITY LAST-UPDATED "200506280000Z" ORGANIZATION "Cisco Systems, Inc." CONTACT-INFO " Cisco Systems Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: [email protected], [email protected]" DESCRIPTION "This MIB module is for the configuration of a Network Access Device (NAD) on the Cisco Network Admission Control (NAC) system. EndPoint (SecurApp) EAPoUDP/802.1x RADIUS HCAP (Plugin) (PA) Cisco NAC system The Cisco Network Admission Control (NAC) security solution offers a systems approach to customers for ensuring endpoint device compliancy and vulnerability checks prior to production access to the network. Cisco refers to these compliancy checks as posture validations. The intent of this systems approach is to prevent the spread of works, viruses, and rogue applications across the network. This systems approach requires integration with third party end point security applications, as well as endpoint security servers. The Network Access Device (NAD) enforces network access control privileges by controlling which endpoint devices have access to network destinations and services reachable through that NAD. Endpoint devices that do not have the PA installed, enabled, or cannot otherwise respond to the NAD posture challenges are considered non-responsive hosts. Upon recognition of an incoming endpoint device at L2 or L3, the NAD issues a challenge to the endpoint device for posture credentials. Endpoint devices with a PA will recognize the challenge and respond with the necessary posture credentials. The NAD acts as a relay agent between the endpoint device and AAA server for all messages in the posture validation exchange. Once the validation is complete, the NAD enforces the access policy profile downloaded from the AAA Server, e.g. (i) provide full access (ii) deny all access through the NAD restrict access (quarantine) or (iii) some intermediate level of network access restriction or quarantine. Between posture revalidations, the NAD may issue periodic status queries to determine that the each endpoint device using the NAD is still the same device that was first postured, and that the endpoint device's posture credentials have not changed. This mechanism is a challenge response protocol that does not involve the AAA Server nor does it require the posture plugins to resend any credentials. It is used to trigger a full posture revalidation with the AAA Server when the endpoint device's credentials have changed (e.g. to revalidate the host endpoint device after remediation), or a new host endpoint device connects with a previously authorized IP address. The NAD supports a local exception list based on IP, MAC address or device type so that certain endpoint devices can bypass the posture validation process based on system administrator configuration. Also, the NAD may be configured to query the AAA server for access policies associated with endpoint devices that do not have a Posture Agent installed, clientless host endpoint devices. Posture Validation occurs when a NAC-enabled network access device (NAC) detects an endpoint device attempting to connect or use its network resources and it issues the endpoint device a posture challenge. An endpoint device with a resident posture agent will respond to the challenge with sets of posture credentials from one or more posture plugins which can detail the state of the various hardware and software components on the endpoint device. The posture agent response is forwarded by the network access device to an AAA server which may in turn delegate parts of the decision to posture validation server. Evaluation of the credentials against posture validation policies results in an authorization decision or posture token, representing the endpoint device's relative compliance to the network compliance policy. The AAA server then sends the respective network access profile to the network access device for enforcement of the endpoint device authorization. The Cisco Technology consists of the following: Endpoint Device - Any host attempting to connect or use the resource of a network. - e.g., a personal computer, personal data digital assistant, or data server, or other network attached device. NAD - Network Access Device that enforces network access control policies through layer 2 or layer 3 challenge-responses with a network enabled Endpoint device. PC - Posture Credentials that describe the state of an application and/or operating system that is running on an endpoint device at the time a layer 2 or layer 3 challenge response is issued by a NAD. PP - Posture Plugin. A module implemented by an application or agent provider that is responsible for supplying the relevant posture credentials for the application or agent. PA - Posture Agent. Host agent software that serves as a broker on the host for aggregating credential from potentially multiple posture plugins and communicating with the network. CTA - Cisco Trust Agent. Cisco's implementation of the posture agent. EAP - Extensible Authentication Protocol. An extension to PPP. EOU - Extensible Authentication Protocol over UDP. ACS/AAA - Cisco Secure Access Control Server. The primary authorization server that is the network policy decision point and is extended to support posture validation. PVS - Posture Validation Server. UCT - Un Conditional Transition. Clientless - Client without Cisco Posture Agent." REVISION "200506280000Z" DESCRIPTION "Initial version of this MIB module." ::= { ciscoMgmt 484 }
ciscoNacNadMIB MODULE-IDENTITY LAST-UPDATED "200806230000Z" ORGANIZATION "Cisco Systems, Inc." CONTACT-INFO "Cisco Systems Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: [email protected], [email protected]" DESCRIPTION "This MIB module is for the configuration of a Network Access Device (NAD) on the Cisco Network Admission Control (NAC) system. EndPoint (SecurApp) EAPoUDP/802.1x RADIUS HCAP (Plugin) (PA) Cisco NAC system The Cisco Network Admission Control (NAC) security solution offers a systems approach to customers for ensuring endpoint device compliancy and vulnerability checks prior to production access to the network. Cisco refers to these compliancy checks as posture validations. The intent of this systems approach is to prevent the spread of works, viruses, and rogue applications across the network. This systems approach requires integration with third party end point security applications, as well as endpoint security servers. The Network Access Device (NAD) enforces network access control privileges by controlling which endpoint devices have access to network destinations and services reachable through that NAD. Endpoint devices that do not have the PA installed, enabled, or cannot otherwise respond to the NAD posture challenges are considered non-responsive hosts. Upon recognition of an incoming endpoint device at L2 or L3, the NAD issues a challenge to the endpoint device for posture credentials. Endpoint devices with a PA will recognize the challenge and respond with the necessary posture credentials. The NAD acts as a relay agent between the endpoint device and AAA server for all messages in the posture validation exchange. Once the validation is complete, the NAD enforces the access policy profile downloaded from the AAA Server, e.g. (i) provide full access (ii) deny all access through the NAD restrict access (quarantine) or (iii) some intermediate level of network access restriction or quarantine. Between posture revalidations, the NAD may issue periodic status queries to determine that the each endpoint device using the NAD is still the same device that was first postured, and that the endpoint device's posture credentials have not changed. This mechanism is a challenge response protocol that does not involve the AAA Server nor does it require the posture plugins to resend any credentials. It is used to trigger a full posture revalidation with the AAA Server when the endpoint device's credentials have changed (e.g. to revalidate the host endpoint device after remediation), or a new host endpoint device connects with a previously authorized IP address. The NAD supports a local exception list based on IP, MAC address or device type so that certain endpoint devices can bypass the posture validation process based on system administrator configuration. Also, the NAD may be configured to query the AAA server for access policies associated with endpoint devices that do not have a Posture Agent installed, clientless host endpoint devices. Posture Validation occurs when a NAC-enabled network access device (NAC) detects an endpoint device attempting to connect or use its network resources and it issues the endpoint device a posture challenge. An endpoint device with a resident posture agent will respond to the challenge with sets of posture credentials from one or more posture plugins which can detail the state of the various hardware and software components on the endpoint device. The posture agent response is forwarded by the network access device to an AAA server which may in turn delegate parts of the decision to posture validation server. Evaluation of the credentials against posture validation policies results in an authorization decision or posture token, representing the endpoint device's relative compliance to the network compliance policy. The AAA server then sends the respective network access profile to the network access device for enforcement of the endpoint device authorization. The Cisco Technology consists of the following: Endpoint Device - Any host attempting to connect or use the resource of a network. - e.g., a personal computer, personal data digital assistant, or data server, or other network attached device. NAD - Network Access Device that enforces network access control policies through layer 2 or layer 3 challenge-responses with a network enabled Endpoint device. PC - Posture Credentials that describe the state of an application and/or operating system that is running on an endpoint device at the time a layer 2 or layer 3 challenge response is issued by a NAD. PP - Posture Plugin. A module implemented by an application or agent provider that is responsible for supplying the relevant posture credentials for the application or agent. PA - Posture Agent. Host agent software that serves as a broker on the host for aggregating credential from potentially multiple posture plugins and communicating with the network. CTA - Cisco Trust Agent. Cisco's implementation of the posture agent. EAP - Extensible Authentication Protocol. An extension to PPP. EOU - Extensible Authentication Protocol over UDP. ACS/AAA - Cisco Secure Access Control Server. The primary authorization server that is the network policy decision point and is extended to support posture validation. PVS - Posture Validation Server. UCT - Un Conditional Transition. Clientless - Client without Cisco Posture Agent. Tag - Tag is a policy specifier which is mapped to a policy template based on specific rules. The Tag allows network administrators to define enforcement policies on local device and have a RADIUS server specify the policy Template to be enforced." REVISION "200806230000Z" DESCRIPTION "Added following enumerations to the object cnnEouIfTimeoutGlobalConfig - maxRetry(5), - clientless(6), - ipStationId(7). Added the following objects to cnnEouIfConfigTable - cnnEouIfAllowClientless, - cnnEouIfAllowIpStationId Added the following objects to cnnEouHostResultTable - cnnEouHostResultUrlRedirectAcl, - cnnEouHostResultTagName, - cnnEouHostResultAuditSessionId, - cnnEouHostResultAaaFailPolicy Added following OBJECT-GROUPs - ciscoNacNadRevalidateConfigGrp, - ciscoNacNadEouHostGroup1, - ciscoNacNadEouIfExtGroup. Added ciscoNacNadMIBCompliance4 MODULE-COMPLIANCE." REVISION "200711120000Z" DESCRIPTION "Add cnnEouIfIpDevTrackConfigGrp MIB group." REVISION "200702230000Z" DESCRIPTION "Move all the TEXTUAL-CONVENTION to CISCO-NAC-TC-MIB; Modify cnnEouHostValidateAction object to add the following enum values: initializePostureTokenStr(23), revalidatePostureTokenStr(24), noRevalidatePostureTokenStr(25) to deprecate the following enum values: initializePostureToken(8), revalidatePostureToken(15), noRevalidatePostureToken(22) Modify cnnEouHostQueryMask object to add postureTokenString(9) enum value to deprecate postureToken(7) enum value Add the following objects: cnnEouHostValidatePostureTokenStr, cnnEouHostQueryPostureTokenStr, cnnEouHostResultPostureTokenStr, to deprecate the following objects: cnnEouHostValidatePostureToken, cnnEouHostQueryPostureToken, cnnEouHostResultPostureToken Add ciscoNacNadEouHostGroup to deprecate ciscoNacNadEouHostGrp Add the following MIB groups: ciscoNacNadEouIfAaaFailPolicyGrp cnnIpDeviceTrackingConfigGrp cnnEouCriticalRecoveryDelayGrp" REVISION "200506280000Z" DESCRIPTION "Initial version of this MIB module." ::= { ciscoMgmt 484 }
| OID | Name | Sub children | Sub Nodes Total | Description |
|---|---|---|---|---|
| 1.3.6.1.4.1.9.9.484.0 | ciscoNacNadMIBNotifs | 0 | 0 | None |
| 1.3.6.1.4.1.9.9.484.1 | ciscoNacNadMIBObjects | 5 | 127 | None |
| 1.3.6.1.4.1.9.9.484.2 | ciscoNacNadMIBConformance | 2 | 27 | None |
To many brothers! Only 100 nearest brothers are shown.
| OID | Name | Sub children | Sub Nodes Total | Description |
|---|---|---|---|---|
| ... | ||||
| 1.3.6.1.4.1.9.9.434 | ciscoIpNetworkDiscoveryMIB, ciscoIsnsIpNetDiscoveryMIB | 3 | 58 | MIB to provide the information about the disjoint IP networks connected to the various gigabit ethernet interfaces in the 'Fabric… |
| 1.3.6.1.4.1.9.9.435 | ciscoFcMulticastMIB | 3 | 14 | MIB module for monitoring and configuring Fibre Channel Multicast feature. |
| 1.3.6.1.4.1.9.9.436 | ciscoDNSClientMIB | 3 | 28 | The MIB module for entities implementing the client side of the Domain Name System (DNS) protocol. |
| 1.3.6.1.4.1.9.9.437 | ciscoPortTrackMIB | 2 | 18 | A MIB to configure the Port-Track feature. When a link goes down, all the services which depend on the link are notified of the o… |
| 1.3.6.1.4.1.9.9.438 | ciscoIPsecSignalingMIB | 3 | 140 | This MIB Module models status, performance and failures of a protocol with the generic characteristics of signalling protocols us… |
| 1.3.6.1.4.1.9.9.439 | ciscoCcmeMIB | 3 | 338 | This MIB allows management of Cisco CallManager Express (CCME) feature in Cisco IOS. CCME is optional software feature that enabl… |
| 1.3.6.1.4.1.9.9.441 | ciscoSrstMIB | 3 | 149 | This MIB allows management of Cisco Survivable Remote Site Telephony (SRST) feature in Cisco IOS. SRST is an optional software fe… |
| 1.3.6.1.4.1.9.9.443 | ciscoCommonMgmtMIB | 3 | 37 | MIB module for integrating different elements of managing a device. For example, different device access methods like SNMP, CLI, … |
| 1.3.6.1.4.1.9.9.445 | ciscoQinqVlanMIB | 3 | 25 | This MIB defines configuration and monitoring capabilities relating to 802.1QinQ interfaces. QinQ interfaces are capable of term… |
| 1.3.6.1.4.1.9.9.447 | ciscoScsiFlowMIB | 3 | 99 | A SCSI Flow is described as a SCSI Initiator SCSI Target combination. This MIB is used to configure and monitor SCSI Flows. Gloss… |
| 1.3.6.1.4.1.9.9.448 | ciscoSsmProvMIB | 2 | 26 | This MIB is used to provision features on a Data Path Processor (DPP) of a Storage Service Module (SSM). A DPP is assigned to a c… |
| 1.3.6.1.4.1.9.9.449 | ciscoEigrpMIB | 3 | 103 | Enhanced Interior Gateway Protocol (EIGRP) is a Cisco proprietary distance vector routing protocol. It is based on the Diffusin… |
| 1.3.6.1.4.1.9.9.450 | ciscoCableAdmCtrlMIB | 3 | 123 | This MIB module defines the managed objects enabling the management of Cable Modem Termination System (CMTS) admission control. CM… |
| 1.3.6.1.4.1.9.9.451 | ciscoIpUrpfMIB | 3 | 47 | Unicast Reverse Path Forwarding (URPF) is a function that checks the validity of the source address of IP packets received on an … |
| 1.3.6.1.4.1.9.9.454 | ciscoDot11LbsMIB | 3 | 23 | This MIB module supports network management for Location Based Services on IEEE 802.11 wireless LAN devices. Location Based Serv… |
| 1.3.6.1.4.1.9.9.455 | ciscoImageTc | 0 | 0 | This MIB module defines the textual conventions used in the enhanced image MIB. Glossary: Base Image Essential part of the operatin… |
| 1.3.6.1.4.1.9.9.456 | ciscoDot11WidsMIB | 3 | 50 | This MIB is intended to be implemented on the following IOS based network entities for the purpose of providing network managemen… |
| 1.3.6.1.4.1.9.9.457 | ciscoWdsIdsMIB | 2 | 18 | This MIB is intended to be implemented on all IOS based network entities that provide Wireless Domain Services, for the purpose o… |
| 1.3.6.1.4.1.9.9.458 | ciscoApplianceRedundancyMIB | 3 | 47 | This mib defines the SNMP objects to report the status of High Availability (HA) functionality in Cisco network management applia… |
| 1.3.6.1.4.1.9.9.459 | ciscoBitsClockMIB | 3 | 21 | This MIB provides information on Building Integrated Timing Supply(BITS) clocking sources and modes of operations. It is used to… |
| 1.3.6.1.4.1.9.9.460 | ciscoTpcMIB | 3 | 24 | The MIB module for Third Party Copy(TPC): Third Party Copy derives its name from the fact that there are three entities involved … |
| 1.3.6.1.4.1.9.9.461 | ciscoEtherCfmMIB | 3 | 39 | This MIB module defines the managed objects and notifications for Ethernet Connectivity Fault Management (CFM). CFM is an end-to-e… |
| 1.3.6.1.4.1.9.9.463 | ciscoSanTapMIB | 3 | 30 | MIB module to provide information about the SanTap service configuration. SanTap is a fibre channel switch based capability that p… |
| 1.3.6.1.4.1.9.9.466 | ciscoEthernetAccessMIB | 2 | 20 | The tables defined by this MIB module contain a collection of managed objects that are general in nature and apply to an edge dev… |
| 1.3.6.1.4.1.9.9.467 | ciscoCryptoAcceleratorMIB | 3 | 107 | The MIB module for monitoring the identity, status, activity and faults of crypto accelerator (CA) modules used in devices implem… |
| 1.3.6.1.4.1.9.9.468 | ciscoContextMappingMIB | 2 | 35 | A single SNMP agent sometimes needs to support multiple instances of the same MIB module, and does so through the use of multiple… |
| 1.3.6.1.4.1.9.9.470 | ciscoEnhancedSlbMIB | 3 | 106 | The MIB for managing Server Load Balancing Manager(s), and products supporting Server Load Balancing(SLB) features. This MIB exten… |
| 1.3.6.1.4.1.9.9.471 | ciscoFlexLinksMIB | 3 | 36 | This MIB module is for configuration and status query of Flex Links feature on the Cisco device. Flex Links are a pair of Layer 2… |
| 1.3.6.1.4.1.9.9.472 | ciscoModuleVirtualizationMIB | 3 | 35 | This MIB provides a way to create virtual contexts, and managing them. A virtual context is logical partition of a physical devi… |
| 1.3.6.1.4.1.9.9.473 | ciscoCcaMIB | 3 | 200 | The Cisco Contact Center Applications (CCCA) Management Information Base (MIB) module defines management instrumentation for appl… |
| 1.3.6.1.4.1.9.9.474 | ciscoFilterGroupMIB | 3 | 55 | The MIB module is for creating and configuring object groups to support packet filtering and access control on IP and other proto… |
| 1.3.6.1.4.1.9.9.479 | ciscoCableWidebandMIB | 3 | 77 | This is the MIB module for the support of Channel Bonding Protocol for the Cable Modem Termination System (CMTS). Wideband DOCSIS… |
| 1.3.6.1.4.1.9.9.480 | ciscoL4L7moduleResourceLimitMIB | 4 | 100 | The MIB module for managing resource classes and configuring limits(max/min) to different resources. The resource referenced in … |
| 1.3.6.1.4.1.9.9.482 | ciscoInterfaceTopNExtMIB | 3 | 16 | This MIB module is an extension to INTERFACETOPN-MIB. It provides additional management information for sorting device interfaces. |
| 1.3.6.1.4.1.9.9.483 | ciscoIpRanBackHaulMIB | 3 | 248 | This MIB provides information on the IP-RAN traffic from cell site to aggregation site in the following situations. In an GSM en… |
| 1.3.6.1.4.1.9.9.485 | ciscoRttMonTCMIB | 0 | 0 | This MIB contains textual conventions used by CISCO-RTTMON-MIB, CISCO-RTTMON-RTP-MIB and CISCO-RTTMON-ICMP-MIB, but they are not … |
| 1.3.6.1.4.1.9.9.486 | ciscoRttMonIcmpMIB | 3 | 7 | An extension to the CISCO-RTTMON-MIB for ICMP operations. The ICMP Jitter operation provides capability to measure metrics such a… |
| 1.3.6.1.4.1.9.9.487 | ciscoRttMonRtpMIB | 3 | 8 | An extension to the CISCO-RTTMON-MIB for Cisco IP SLA RTP operation, Real-Time Transport Protocol(RFC 1889). This operation provi… |
| 1.3.6.1.4.1.9.9.488 | ciscoFirewallTc | 0 | 0 | This MIB module defines textual conventions that are commonly used in modeling management information pertaining to configuration… |
| 1.3.6.1.4.1.9.9.490 | ciscoNetintMIB | 3 | 11 | This MIB module is for Network Interrupt information on Cisco device. |
| 1.3.6.1.4.1.9.9.491 | ciscoUnifiedFirewallMIB | 3 | 235 | Overview of Cisco Firewall MIB ============================== This MIB Module models status and performance statistics pertaining … |
| 1.3.6.1.4.1.9.9.492 | ciscoCefMIB | 3 | 192 | Cisco Express Forwarding (CEF) describes a high speed switching mechanism that a router uses to forward packets from the inbound … |
| 1.3.6.1.4.1.9.9.493 | ciscoCefTextualConventions | 0 | 0 | ciscoCeftextualConventions |
| 1.3.6.1.4.1.9.9.494 | ciscoEntityRedunTcMIB | 0 | 0 | This module defines the textual conventions used within Cisco Entity Redundancy MIBs. |
| 1.3.6.1.4.1.9.9.495 | ciscoPsdClientMIB | 3 | 44 | This MIB module manages the client side functionality of the Persistent Storage Device(PSD). This MIB instrumentation is for conf… |
| 1.3.6.1.4.1.9.9.497 | cGgsnSAMIB | 3 | 247 | This MIB module manages the service-aware feature of Gateway GPRS Support Node (GGSN). This MIB is an enhancement of the CISCO-GG… |
| 1.3.6.1.4.1.9.9.498 | ciscoEntityRedunMIB | 3 | 93 | This management information module supports configuration, control and monitoring of redundancy protection for various kinds of c… |
| 1.3.6.1.4.1.9.9.500 | ciscoStackWiseMIB | 3 | 111 | This MIB module contain a collection of managed objects that apply to network devices supporting the Cisco StackWise(TM) technolo… |
| 1.3.6.1.4.1.9.9.504 | ciscoSwitchMulticastMIB | 3 | 108 | This MIB module defines management objects for the Multicast Switching features on Cisco Layer 2/3 devices. Definition of some of … |
| 1.3.6.1.4.1.9.9.505 | cpkiMIB | 3 | 44 | A networking device may provide several security services and protocols like SSL, SSH, IPSec/IKE etc. which need identities … |
| 1.3.6.1.4.1.9.9.507 | ciscoPolicyGroupMIB | 3 | 35 | The MIB module is for configuration of policy and policy group. A policy group can be described as a set of entities identified b… |
| 1.3.6.1.4.1.9.9.508 | ciscoSlbHealthMonMIB | 3 | 62 | An extension to the CISCO-SLB-EXT-MIB for SLB health monitoring probes. SLB: Server Load Balancing. Server load balancing provides… |
| 1.3.6.1.4.1.9.9.509 | ciscoWdsInfoMIB | 3 | 141 | This MIB is intended to be implemented on all Cisco network entities that provide Wireless Domain Services (WDS). The WDS provide… |
| 1.3.6.1.4.1.9.9.510 | ciscoErmMIB, ciscoVoiceLmrMIB | 3 | 176 | This MIB module provides management of voice tone signal as static injected tone for Land Mobile Radio The tone signal includes … |
| 1.3.6.1.4.1.9.9.511 | ciscoCbpTargetTCMIB | 0 | 0 | This MIB module defines Textual Conventions for representing targets which have class based policy mappings. A target can be any … |
| 1.3.6.1.4.1.9.9.512 | ciscoLwappWlanMIB | 3 | 249 | This MIB is intended to be implemented on all those devices operating as Central Controllers (CC) that terminate the Light Weigh… |
| 1.3.6.1.4.1.9.9.513 | ciscoLwappApMIB | 4 | 386 | This MIB is intended to be implemented on all those devices operating as Central Controllers (CC) that terminate the Light Weight… |
| 1.3.6.1.4.1.9.9.514 | ciscoLwappTextualConventions | 0 | 0 | This module defines textual conventions used throughout the Cisco enterprise MIBs designed for implementation on Central Controlle… |
| 1.3.6.1.4.1.9.9.515 | ciscoLwappWebAuthMIB | 4 | 43 | This MIB is intended to be implemented on all those devices operating as Central controllers, that terminate the Light Weight Acc… |
| 1.3.6.1.4.1.9.9.516 | ciscoLwappLinkTestMIB | 3 | 57 | This MIB is intended to be implemented on all those devices operating as Central controllers, that terminate the Light Weight Acc… |
| 1.3.6.1.4.1.9.9.517 | ciscoLwappReapMIB | 3 | 63 | This MIB is intended to be implemented on all those devices operating as Central Controllers (CC) that terminate the Light Weight… |
| 1.3.6.1.4.1.9.9.518 | ciscoLwappMfpMIB | 4 | 64 | This MIB is intended to be implemented on all those devices operating as Central Controllers (CC) that terminate the Light Weight… |
| 1.3.6.1.4.1.9.9.519 | ciscoLwappIdsMIB | 3 | 28 | This MIB is intended to be implemented on all those devices operating as Central Controllers (CC) that terminate the Light Weight… |
| 1.3.6.1.4.1.9.9.520 | ciscoLwappCcxRmMIB | 3 | 45 | This MIB is intended to be implemented on all those devices operating as Central controllers, that terminate the Light Weight Acc… |
| 1.3.6.1.4.1.9.9.521 | ciscoLwappWlanSecurityMIB | 3 | 51 | This MIB is intended to be implemented on all those devices operating as Central controllers, that terminate the Light Weight Acc… |
| 1.3.6.1.4.1.9.9.522 | ciscoLwappDot11ClientCalibMIB | 3 | 50 | This MIB is intended to be implemented on all those devices operating as Central controllers, that terminate the Light Weight Acc… |
| 1.3.6.1.4.1.9.9.523 | ciscoLwappClRoamMIB | 3 | 61 | This MIB is intended to be implemented on all those devices operating as Central controllers, that terminate the Light Weight Acc… |
| 1.3.6.1.4.1.9.9.524 | ciscoLwappQosMIB | 3 | 119 | This MIB is intended to be implemented on all those devices operating as Central controllers, that terminate the Light Weight Acc… |
| 1.3.6.1.4.1.9.9.525 | ciscoLwappTsmMIB | 3 | 57 | This MIB is intended to be implemented on all those devices operating as Central controllers, that terminate the Light Weight Acc… |
| 1.3.6.1.4.1.9.9.529 | ciscoItpMsuRatesMIB | 3 | 61 | This MIB provides information used to manage the number of MTP3 MSUs transmitted and received per processor. Many of the higher … |
| 1.3.6.1.4.1.9.9.530 | ciscoNacTcMIB | 0 | 0 | This module defines the textual conventions for Cisco Network Admission Control(NAC) system. The Cisco Network Admission Control … |
| 1.3.6.1.4.1.9.9.532 | ciscoNATExtMIB | 3 | 13 | This MIB is an extension to the NAT-MIB. This MIB module includes objects for providing the NAT related statistics. Acronyms: NAT… |
| 1.3.6.1.4.1.9.9.533 | ciscoCbpTargetMIB | 3 | 25 | This MIB module defines the managed objects for representing targets which have class-based policy mappings. A target can be any… |
| ... | ||||