CISCO-NAC-NAD-MIB

This MIB module is for the configuration of a Network
        Access Device (NAD) on the Cisco Network Admission
        Control (NAC) system.
        
        EndPoint  -------------- NAD ------- AAA ------ PVS
        (SecurApp) EAPoUDP/802.1x     RADIUS      HCAP
        (Plugin)
        (PA)
        
                      Cisco NAC system
        
        The Cisco Network Admission Control (NAC) security
        solution offers a systems approach to customers for
        ensuring endpoint device compliancy and vulnerability
        checks prior to production access to the network. Cisco
        refers to these compliancy checks as posture
        validations.  The intent of this systems approach is to
        prevent the spread of works, viruses, and rogue
        applications across the network. This systems approach
        requires integration with third party end point security
        applications, as well as endpoint security servers.
        
        The Network Access Device (NAD) enforces network access
        control privileges by controlling which endpoint devices
        have access to network destinations and services
        reachable through that NAD.  Endpoint devices that do
        not have the PA installed, enabled, or cannot otherwise
        respond to the NAD posture challenges are considered
        non-responsive hosts.  Upon recognition of an incoming
        endpoint device at L2 or L3, the NAD issues a challenge
        to the endpoint device for posture credentials. Endpoint
        devices with a PA will recognize the challenge and
        respond with the necessary posture credentials.  The NAD
        acts as a relay agent between the endpoint device and
        AAA server for all messages in the posture validation
        exchange.  Once the validation is complete, the NAD
        enforces the access policy profile downloaded from the
        AAA Server, e.g. (i) provide full access (ii) deny all
        access through the NAD restrict access (quarantine) or
        (iii) some intermediate level of network access
        restriction or quarantine.  Between posture
        revalidations, the NAD may issue periodic status queries
        to determine that the each endpoint device using the NAD
        is still the same device that was first postured, and
        that the endpoint device's posture credentials have not
        changed. This mechanism is a challenge response protocol
        that does not involve the AAA Server nor does it require
        the posture plugins to resend any credentials. It is
        used to trigger a full posture revalidation with the AAA
        Server when the endpoint device's credentials have
        changed (e.g. to revalidate the host endpoint device
        after remediation), or a new host endpoint device
        connects with a previously authorized IP address.  The
        NAD supports a local exception list based on IP, MAC
        address or device type so that certain endpoint devices
        can bypass the posture validation process based on
        system administrator configuration. Also, the NAD may be
        configured to query the AAA server for access policies
        associated with endpoint devices that do not have a
        Posture Agent installed, clientless host endpoint
        devices.
        
        Posture Validation occurs when a NAC-enabled network
        access device (NAC) detects an endpoint device
        attempting to connect or use its network resources and
        it issues the endpoint device a posture challenge.  An
        endpoint device with a resident posture agent will
        respond to the challenge with sets of posture
        credentials from one or more posture plugins which can
        detail the state of the various hardware and software
        components on the endpoint device.  The posture agent
        response is forwarded by the network access device to an
        AAA server which may in turn delegate parts of the
        decision to posture validation server. Evaluation of the
        credentials against posture validation policies results
        in an authorization decision or posture token,
        representing the endpoint device's relative compliance
        to the network compliance policy.  The AAA server then
        sends the respective network access profile to the
        network access device for enforcement of the endpoint
        device authorization.
        
        The Cisco Technology consists of the following:
        
        Endpoint Device - Any host attempting to connect or use
        the resource of a network. - e.g., a personal computer,
        personal data digital assistant, or data server, or
        other network attached device.
        
        NAD - Network Access Device that enforces network
        access control policies through layer 2 or layer 3
        challenge-responses with a network enabled Endpoint
        device.
        
        PC - Posture Credentials that describe the state of
        an application and/or operating system that is running
        on an endpoint device at the time a layer 2 or layer 3
        challenge response is issued by a NAD.
        
        PP - Posture Plugin.  A module implemented by an
        application or agent provider that is responsible for
        supplying the relevant posture credentials for the
        application or agent.
        
        PA - Posture Agent.  Host agent software that serves as
        a broker on the host for aggregating credential from
        potentially multiple posture plugins and communicating
        with the network.
        
        CTA - Cisco Trust Agent.  Cisco's implementation of
        the posture agent.
        
        EAP - Extensible Authentication Protocol.  An extension
        to PPP.
        
        EOU - Extensible Authentication Protocol over UDP.
        
        ACS/AAA - Cisco Secure Access Control Server.  The
        primary authorization server that is the network policy
        decision point and is extended to support posture
        validation.
        
        PVS - Posture Validation Server.
        
        UCT - Un Conditional Transition.
        
        Clientless - Client without Cisco Posture Agent.
        
        Tag - Tag is a policy specifier which is mapped  to a 
        policy template based on specific rules. The Tag allows 
        network administrators to define enforcement policies
        on local device and have a RADIUS server specify the
        policy Template to be enforced.

Imported Objects

CnnEouPostureToken, CnnEouPostureTokenString, CnnEouState, CnnEouAuthType, CnnEouDeviceTypeCISCO-NAC-TC-MIB
CpgPolicyNameOrEmptyCISCO-POLICY-GROUP-MIB
ciscoMgmtCISCO-SMI
CiscoURLStringCISCO-TC
ifIndex, InterfaceIndex, InterfaceIndexOrZeroIF-MIB
InetPortNumber, InetAddressType, InetAddressPrefixLength, InetAddressINET-ADDRESS-MIB
SnmpAdminStringSNMP-FRAMEWORK-MIB
MODULE-COMPLIANCE, OBJECT-GROUPSNMPv2-CONF
MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Integer32SNMPv2-SMI
StorageType, RowStatus, TruthValue, MacAddress, TimeStampSNMPv2-TC
ciscoNacNadMIB .1.3.6.1.4.1.9.9.484
ciscoNacNadMIBNotifs .1.3.6.1.4.1.9.9.484.0
ciscoNacNadMIBObjects .1.3.6.1.4.1.9.9.484.1
cnnEouGlobalObjects .1.3.6.1.4.1.9.9.484.1.1
cnnEouVersion .1.3.6.1.4.1.9.9.484.1.1.1
cnnEouTimeoutHoldPeriod .1.3.6.1.4.1.9.9.484.1.1.10
cnnEouTimeoutRetransmit .1.3.6.1.4.1.9.9.484.1.1.11
cnnEouTimeoutRevalidation .1.3.6.1.4.1.9.9.484.1.1.12
cnnEouTimeoutStatusQuery .1.3.6.1.4.1.9.9.484.1.1.13
cnnEouCriticalRecoveryDelay .1.3.6.1.4.1.9.9.484.1.1.14
cnnEouRevalidationEnabled .1.3.6.1.4.1.9.9.484.1.1.15
cnnEouEnabled .1.3.6.1.4.1.9.9.484.1.1.2
cnnEouAllowClientless .1.3.6.1.4.1.9.9.484.1.1.3
cnnEouAllowIpStationId .1.3.6.1.4.1.9.9.484.1.1.4
cnnEouLoggingEnabled .1.3.6.1.4.1.9.9.484.1.1.5
cnnEouMaxRetry .1.3.6.1.4.1.9.9.484.1.1.6
cnnEouPort .1.3.6.1.4.1.9.9.484.1.1.7
cnnEouRateLimit .1.3.6.1.4.1.9.9.484.1.1.8
cnnEouTimeoutAAA .1.3.6.1.4.1.9.9.484.1.1.9
cnnEouAuthorizeLists .1.3.6.1.4.1.9.9.484.1.2
cnnEouAuthIpTable .1.3.6.1.4.1.9.9.484.1.2.1
cnnEouAuthIpEntry .1.3.6.1.4.1.9.9.484.1.2.1.1
cnnEouAuthIpAddrType .1.3.6.1.4.1.9.9.484.1.2.1.1.1
cnnEouAuthIpAddr .1.3.6.1.4.1.9.9.484.1.2.1.1.2
cnnEouAuthIpAddrMask .1.3.6.1.4.1.9.9.484.1.2.1.1.3
cnnEouAuthIpPolicy .1.3.6.1.4.1.9.9.484.1.2.1.1.4
cnnEouAuthIpStorageType .1.3.6.1.4.1.9.9.484.1.2.1.1.5
cnnEouAuthIpRowStatus .1.3.6.1.4.1.9.9.484.1.2.1.1.6
cnnEouAuthMacTable .1.3.6.1.4.1.9.9.484.1.2.2
cnnEouAuthMacEntry .1.3.6.1.4.1.9.9.484.1.2.2.1
cnnEouAuthMacAddr .1.3.6.1.4.1.9.9.484.1.2.2.1.1
cnnEouAuthMacAddrMask .1.3.6.1.4.1.9.9.484.1.2.2.1.2
cnnEouAuthMacPolicy .1.3.6.1.4.1.9.9.484.1.2.2.1.3
cnnEouAuthMacStorageType .1.3.6.1.4.1.9.9.484.1.2.2.1.4
cnnEouAuthMacRowStatus .1.3.6.1.4.1.9.9.484.1.2.2.1.5
cnnEouAuthDeviceTypeTable .1.3.6.1.4.1.9.9.484.1.2.3
cnnEouAuthDeviceTypeEntry .1.3.6.1.4.1.9.9.484.1.2.3.1
cnnEouAuthDeviceType .1.3.6.1.4.1.9.9.484.1.2.3.1.1
cnnEouAuthDeviceTypeStorageType .1.3.6.1.4.1.9.9.484.1.2.3.1.2
cnnEouAuthDeviceTypeRowStatus .1.3.6.1.4.1.9.9.484.1.2.3.1.3
cnnEouIfMIBObjects .1.3.6.1.4.1.9.9.484.1.3
cnnEouIfConfigTable .1.3.6.1.4.1.9.9.484.1.3.1
cnnEouIfConfigEntry .1.3.6.1.4.1.9.9.484.1.3.1.1
cnnEouIfAdminStatus .1.3.6.1.4.1.9.9.484.1.3.1.1.1
cnnEouIfAaaFailPolicy .1.3.6.1.4.1.9.9.484.1.3.1.1.10
cnnEouIfAllowClientless .1.3.6.1.4.1.9.9.484.1.3.1.1.11
cnnEouIfAllowIpStationId .1.3.6.1.4.1.9.9.484.1.3.1.1.12
cnnEouIfMaxRetry .1.3.6.1.4.1.9.9.484.1.3.1.1.2
cnnEouIfValidateAction .1.3.6.1.4.1.9.9.484.1.3.1.1.3
cnnEouIfTimeoutGlobalConfig .1.3.6.1.4.1.9.9.484.1.3.1.1.4
cnnEouIfTimeoutAAA .1.3.6.1.4.1.9.9.484.1.3.1.1.5
cnnEouIfTimeoutHoldPeriod .1.3.6.1.4.1.9.9.484.1.3.1.1.6
cnnEouIfTimeoutRetransmit .1.3.6.1.4.1.9.9.484.1.3.1.1.7
cnnEouIfTimeoutRevalidation .1.3.6.1.4.1.9.9.484.1.3.1.1.8
cnnEouIfTimeoutStatusQuery .1.3.6.1.4.1.9.9.484.1.3.1.1.9
cnnEouHostMIBObjects .1.3.6.1.4.1.9.9.484.1.4
cnnEouHostValidateAction .1.3.6.1.4.1.9.9.484.1.4.1
cnnEouHostValidateIpAddrType .1.3.6.1.4.1.9.9.484.1.4.2
cnnEouHostValidateIpAddr .1.3.6.1.4.1.9.9.484.1.4.3
cnnEouHostValidateMacAddr .1.3.6.1.4.1.9.9.484.1.4.4
cnnEouHostValidatePostureToken deprecated.1.3.6.1.4.1.9.9.484.1.4.5
cnnEouHostMaxQueries .1.3.6.1.4.1.9.9.484.1.4.6
cnnEouHostQueryTable .1.3.6.1.4.1.9.9.484.1.4.7
cnnEouHostQueryEntry .1.3.6.1.4.1.9.9.484.1.4.7.1
cnnEouHostQueryIndex .1.3.6.1.4.1.9.9.484.1.4.7.1.1
cnnEouHostQueryTotalHosts .1.3.6.1.4.1.9.9.484.1.4.7.1.10
cnnEouHostQueryRows .1.3.6.1.4.1.9.9.484.1.4.7.1.11
cnnEouHostQueryCreateTime .1.3.6.1.4.1.9.9.484.1.4.7.1.12
cnnEouHostQueryStatus .1.3.6.1.4.1.9.9.484.1.4.7.1.13
cnnEouHostQueryPostureTokenStr .1.3.6.1.4.1.9.9.484.1.4.7.1.14
cnnEouHostQueryMask .1.3.6.1.4.1.9.9.484.1.4.7.1.2
cnnEouHostQueryInterface .1.3.6.1.4.1.9.9.484.1.4.7.1.3
cnnEouHostQueryIpAddrType .1.3.6.1.4.1.9.9.484.1.4.7.1.4
cnnEouHostQueryIpAddr .1.3.6.1.4.1.9.9.484.1.4.7.1.5
cnnEouHostQueryMacAddr .1.3.6.1.4.1.9.9.484.1.4.7.1.6
cnnEouHostQueryPostureToken deprecated.1.3.6.1.4.1.9.9.484.1.4.7.1.7
cnnEouHostQuerySkipNHosts .1.3.6.1.4.1.9.9.484.1.4.7.1.8
cnnEouHostQueryMaxResultRows .1.3.6.1.4.1.9.9.484.1.4.7.1.9
cnnEouHostResultTable .1.3.6.1.4.1.9.9.484.1.4.8
cnnEouHostResultEntry .1.3.6.1.4.1.9.9.484.1.4.8.1
cnnEouHostResultIndex .1.3.6.1.4.1.9.9.484.1.4.8.1.1
cnnEouHostResultAclName .1.3.6.1.4.1.9.9.484.1.4.8.1.10
cnnEouHostResultStatusQryPeriod .1.3.6.1.4.1.9.9.484.1.4.8.1.11
cnnEouHostResultRevalidatePeriod .1.3.6.1.4.1.9.9.484.1.4.8.1.12
cnnEouHostResultState .1.3.6.1.4.1.9.9.484.1.4.8.1.13
cnnEouHostResultPostureTokenStr .1.3.6.1.4.1.9.9.484.1.4.8.1.14
cnnEouHostResultUrlRedirectAcl .1.3.6.1.4.1.9.9.484.1.4.8.1.15
cnnEouHostResultTagName .1.3.6.1.4.1.9.9.484.1.4.8.1.16
cnnEouHostResultAuditSessionId .1.3.6.1.4.1.9.9.484.1.4.8.1.17
cnnEouHostResultAaaFailPolicy .1.3.6.1.4.1.9.9.484.1.4.8.1.18
cnnEouHostResultAssocIf .1.3.6.1.4.1.9.9.484.1.4.8.1.2
cnnEouHostResultIpAddrType .1.3.6.1.4.1.9.9.484.1.4.8.1.3
cnnEouHostResultIpAddr .1.3.6.1.4.1.9.9.484.1.4.8.1.4
cnnEouHostResultMacAddr .1.3.6.1.4.1.9.9.484.1.4.8.1.5
cnnEouHostResultAuthType .1.3.6.1.4.1.9.9.484.1.4.8.1.6
cnnEouHostResultPostureToken deprecated.1.3.6.1.4.1.9.9.484.1.4.8.1.7
cnnEouHostResultAge .1.3.6.1.4.1.9.9.484.1.4.8.1.8
cnnEouHostResultUrlRedir .1.3.6.1.4.1.9.9.484.1.4.8.1.9
cnnEouHostValidatePostureTokenStr .1.3.6.1.4.1.9.9.484.1.4.9
cnnIpDeviceTrackingObjects .1.3.6.1.4.1.9.9.484.1.5
cnnIpDeviceTrackingEnabled .1.3.6.1.4.1.9.9.484.1.5.1
cnnIpDeviceTrackingProbeCount .1.3.6.1.4.1.9.9.484.1.5.2
cnnIpDeviceTrackingProbeInterval .1.3.6.1.4.1.9.9.484.1.5.3
cnnEouIfIpDevTrackConfigTable .1.3.6.1.4.1.9.9.484.1.5.4
cnnEouIfIpDevTrackConfigEntry .1.3.6.1.4.1.9.9.484.1.5.4.1
cnnEouIfIpDevTrackEnabled .1.3.6.1.4.1.9.9.484.1.5.4.1.1
ciscoNacNadMIBConformance .1.3.6.1.4.1.9.9.484.2
ciscoNacNadMIBCompliances .1.3.6.1.4.1.9.9.484.2.1
ciscoNacNadMIBGroups .1.3.6.1.4.1.9.9.484.2.2