CISCO-NAC-NAD-MIB: View SNMP OID List / Download MIB

This MIB module is for the configuration of a Network Access Device (NAD) on the Cisco Network Admission Control (NAC) system. EndPoint -------------- NAD ------- AAA ------ PVS (SecurApp) EAPoUDP/802.1x RADIUS HCAP (Plugin) (PA) Cisco NAC system The Cisco Network Admission Control (NAC) security solution offers a systems approach to customers for ensuring endpoint device compliancy and vulnerability checks prior to production access to the network. Cisco refers to these compliancy checks as posture validations. The intent of this systems approach is to prevent the spread of works, viruses, and rogue applications across the network. This systems approach requires integration with third party end point security applications, as well as endpoint security servers. The Network Access Device (NAD) enforces network access control privileges by controlling which endpoint devices have access to network destinations and services reachable through that NAD. Endpoint devices that do not have the PA installed, enabled, or cannot otherwise respond to the NAD posture challenges are considered non-responsive hosts. Upon recognition of an incoming endpoint device at L2 or L3, the NAD issues a challenge to the endpoint device for posture credentials. Endpoint devices with a PA will recognize the challenge and respond with the necessary posture credentials. The NAD acts as a relay agent between the endpoint device and AAA server for all messages in the posture validation exchange. Once the validation is complete, the NAD enforces the access policy profile downloaded from the AAA Server, e.g. (i) provide full access (ii) deny all access through the NAD restrict access (quarantine) or (iii) some intermediate level of network access restriction or quarantine. Between posture revalidations, the NAD may issue periodic status queries to determine that the each endpoint device using the NAD is still the same device that was first postured, and that the endpoint device's posture credentials have not changed. This mechanism is a challenge response protocol that does not involve the AAA Server nor does it require the posture plugins to resend any credentials. It is used to trigger a full posture revalidation with the AAA Server when the endpoint device's credentials have changed (e.g. to revalidate the host endpoint device after remediation), or a new host endpoint device connects with a previously authorized IP address. The NAD supports a local exception list based on IP, MAC address or device type so that certain endpoint devices can bypass the posture validation process based on system administrator configuration. Also, the NAD may be configured to query the AAA server for access policies associated with endpoint devices that do not have a Posture Agent installed, clientless host endpoint devices. Posture Validation occurs when a NAC-enabled network access device (NAC) detects an endpoint device attempting to connect or use its network resources and it issues the endpoint device a posture challenge. An endpoint device with a resident posture agent will respond to the challenge with sets of posture credentials from one or more posture plugins which can detail the state of the various hardware and software components on the endpoint device. The posture agent response is forwarded by the network access device to an AAA server which may in turn delegate parts of the decision to posture validation server. Evaluation of the credentials against posture validation policies results in an authorization decision or posture token, representing the endpoint device's relative compliance to the network compliance policy. The AAA server then sends the respective network access profile to the network access device for enforcement of the endpoint device authorization. The Cisco Technology consists of the following: Endpoint Device - Any host attempting to connect or use the resource of a network. - e.g., a personal computer, personal data digital assistant, or data server, or other network attached device. NAD - Network Access Device that enforces network access control policies through layer 2 or layer 3 challenge-responses with a network enabled Endpoint device. PC - Posture Credentials that describe the state of an application and/or operating system that is running on an endpoint device at the time a layer 2 or layer 3 challenge response is issued by a NAD. PP - Posture Plugin. A module implemented by an application or agent provider that is responsible for supplying the relevant posture credentials for the application or agent. PA - Posture Agent. Host agent software that serves as a broker on the host for aggregating credential from potentially multiple posture plugins and communicating with the network. CTA - Cisco Trust Agent. Cisco's implementation of the posture agent. EAP - Extensible Authentication Protocol. An extension to PPP. EOU - Extensible Authentication Protocol over UDP. ACS/AAA - Cisco Secure Access Control Server. The primary authorization server that is the network policy decision point and is extended to support posture validation. PVS - Posture Validation Server. UCT - Un Conditional Transition. Clientless - Client without Cisco Posture Agent. Tag - Tag is a policy specifier which is mapped to a policy template based on specific rules. The Tag allows network administrators to define enforcement policies on local device and have a RADIUS server specify the policy Template to be enforced.

The version of EOU in use on the local system. Value zero indicates the version can not be determined.

Indicates whether the posture validation via EOU is globally enabled or disabled in the device.

Indicates whether to allow authentication of clientless hosts (system that does not run Cisco Trust Agent).

It indicates whether to send the host IP address in the calling station ID field of RADIUS request.

To enable or disable EOU system logging events. Set to 'true' to enable syslog message at an informational level (syslog level 6).

The number of maximum retry attempts for EOU.

The UDP port for EOU. The port cannot conflict with other UDP application.

The number of clients that can be simultaneously validated. Set the rate limit to 0 (zero), rate limiting will be turned off. If the rate limit is set to 100 and there are 101 clients, validation will not occur until one drop off.

Timeout period used by NAD with AAA (Authentication, Authorization and Accounting.

Length of time that can elapse before the client sessions are purged from the system due to client inactivity.

The timeout period for the EOU message retransmitted.

The timeout period for the revalidation. Setting this object to 0 will globally disable periodic revalidation on this device.

The timeout period for the status query after revalidation.

This object specifies the EOU critical recovery delay time for the device. A value of zero indicates that critical recovery delay feature is disabled.

Indicates whether the EOU revalidation is globally enabled or disabled in the device.

A list of statically authorized IP devices in the system.

An entry containing the associated policy information of the statically authorized IP device. An entry can be created, or deleted by using cnnEouAuthIpRowStatus. Each statically authorized IP device is associated with a policy. By creating, deleting or modifying an entry in this table, users can add, delete or modify a policy for a particular statically authorized IP device. In order to add the statically authorized IP device into exception-list and associate with the specific policy, user has to create an entry for the device.

The type of Internet address by which the statically authorized IP device is reachable.

The Internet address for the statically authorized IP device. The type of this address is determined by the value of the cnnEouAuthIpAddrType object.

Using 'inverse mask' to support IP wildcards. The mask used with the source IP address will specify what traffic is exempted from EAP validation. e.g. cnnEouAuthIpAddr: 10.0.0.0 cnnEouAuthIpAddrMask: 0.255.255.255 This exempts any IP in the subnet at 10.x.x.x from posture validation. cnnEouAuthIpAddr: 10.1.2.1 cnnEouAuthIpAddrMask: 0.0.0.0 This exempts host IP 10.1.2.1 from posture validation. cnnEouAuthIpAddr: 10.0.0.0 cnnEouAuthIpAddrMask: 255.255.255.255 Mask value of 255.255.255.255 will exempt ALL hosts from posture validation.

The policy associate with the statically authorized IP device. The policy needs to be present in the policy-database before an statically authorized IP device can be associated to it.

The storage type for this conceptual row.

The status of this conceptual row. To create an entry, users set the value of this object to 'createAndGo'. The transition from 'active' to 'notInService' may not be supported. A row may be deleted by setting the RowStatus to 'destroy'. Once a row becomes active, values within the row cannot be modified, except by deleting and re-creating the row.

A list of static authorized devices identified by MAC address.

An entry containing the associated policy information of the statically authorized device identified by MAC address. The entry is created, and deleted by using cnnEouAuthMacRowStatus.

The MAC address of the static authorized device.

Using 'inverse mask' support MAC wildcards. The mask used with the source MAC address will specify what traffic is exempted from EAP validation. e.g. cnnEouAuthMacAddr: 00:0d:bc:ef:eb:bd cnnEouAuthMacAddrMask: 00:00:ff:ff:ff:ff This exempts any MAC in the range 00:0d:00:00:00:00 from posture validation. cnnEouAuthMacAddr: 00:0d:bc:ef:eb:bd cnnEouAuthMacAddrMask: 00:00:00:00:00:00 This exempts specific MAC 00:0d:bc:ef:eb:bd from posture validation. cnnEouAuthMacAddr: 00:0d:bc:ef:eb:bd cnnEouAuthMacAddrMask: ff:ff:ff:ff:ff:ff This exempts all MAC address from posture validation.

The policy associate with the statically authorized device identified by MAC address. The policy needs to be present in the policy-database before an device can be associated to it.

The storage type for this conceptual row.

The status of this conceptual row. To create an entry, users set the value of this object to 'createAndGo'. The transition from 'active' to 'notInService' may not be supported. A row may be deleted by setting the RowStatus to 'destroy'. Once a row becomes active, values within the row cannot be modified, except by deleting and re-creating the row.

A list of static authorized devices indexed by device type.

An entry containing the information of the static authorized device indexed by device type.

The static authorize device type.

The storage type for this conceptual row.

This object is used to create or delete an entry in the cnnEouAuthDeviceTypeTable. A row may be created using the 'CreateAndGo' option. A row may be deleted by setting the RowStatus to 'destroy'. Once a row becomes active, values within the row cannot be modified, except by deleting and re-creating the row.

A list of EOU configurations for the EOU capable interfaces.

An entry containing the EOU configuration information for a particular EOU capable interface.

Setting this object to 'auto' means the Posture Validation via EOU ability at this interface would be enabled if a end point device is found. If the value of this object is 'disabled' then the interface will act as it would if it had no posture validation via EOU ability. Setting this object to 'bypass' allows the host connected to this interface this interface to bypass the Posture Validation and directly download the host network access policy from AAA server. Enumeration: 'disabled': 2, 'auto': 1, 'bypass': 3.

The maximum number of retry by EOU for this interface.

An EOU validate action to the devices associated with the interface. This object always has the value 'none' when read. none(1) no operation is performed. initialize(2) Manually initiates reauthentication of all the endpoint devices associated with the interface. revalidate(3) Revalidate EOU posture credentials of the devices associated with a specify interface. noRevalidate(4) Disable the revalidation of all the device associated with the interface. Enumeration: 'initialize': 2, 'none': 1, 'noRevalidate': 4, 'revalidate': 3.

This object indicates whether the timeout configurations on this interface are based on the corresponding global timeout configurations or not. aaa(0) If this bit is set, the value of cnnEouIfTimeoutAAA is based on the value of cnnEouTimeoutAAA. holdPeriod(1) If this bit is set, the value of cnnEouIfTimeoutHoldPeriod is based on the value of cnnEouTimeoutHoldPeriod. retransmit(2) If this bit is set, the value of cnnEouIfTimeoutRetransmit is based on the value of cnnEouTimeoutRetransmit. revalidation(3) If this bit is set, the value of cnnEouIfTimeoutRevalidation is based on the value of cnnEouTimeoutRevalidation. statusQuery(4) If this bit is set, the value of cnnEouIfTimeoutStatusQuery is based on the value of cnnEouTimeoutStatusQuery. maxRetry(5) If this bit is set, the value of cnnEouIfMaxRetry is based on the value of cnnEouMaxRetry. clientless(6) If this bit is set, the value of cnnEouIfAllowClientless is based on the value of cnnEouAllowClientless. ipStationId(7) If this bit is set, the value of cnnEouIfAllowIpStationId is based on the value of cnnEouAllowIpStationId. If a bit is not set, the value of the corresponding object in the same conceptual row is not based on its corresponding global object. If users configure object which is covered by cnnEouIfTimeoutGlobalConfig in the same conceptual row while the corresponding bit is set, the corresponding bit will be unset in order to reflect that such configuration is not from its corresponding global object. Bits: 'aaa': 0, 'retransmit': 2, 'revalidation': 3, 'clientless': 6, 'statusQuery': 4, 'maxRetry': 5, 'ipStationId': 7, 'holdPeriod': 1.

The timeout period used by EOU for the AAA server connection on this interface.

The hold period of this interface. The hold period is the length of the time that can elapse before the client session entries are purged from the system due to client inactivity.

The timeout period for the EOU message retransmitted at this interface.

The timeout period for the revalidation at this interface. Setting this object to 0 will disable periodic revalidation on this device.

The timeout period for the status query after revalidation at this interface.

Specified the name of the policy template to be applied when cnnEouHostResultState is 'aaaFail'. The specified policy name must exist in cpgPolicyTable if it is not empty string.

This object specifies whether to allow authentication of clientless hosts (system that does not run Cisco Trust Agent) on the interface.

This object specifies whether to send the host IP address in the calling station ID field of RADIUS request for hosts on the interface.

An EOU validate action to the devices. Initialize: When a device is initialized, all previous state information about that host is deleted and the admission control process for that host will start with no state. Revalidate: When a host is revalidated, state information about that host is retained so that the host still has its' normal access during the revalidation process. This object always has the value 'none' when read. none(1) - no operation is performed. initializeAll(2) - to manually initiates reauthentication of all endpoint devices on the system. initializeAuthClientless(3) - to manually initiates reauthentication of all clientless endpoint devices. initializeAuthEap(4) - to manually initiates reauthentication of all the endpoint devices authorized by Extensive Authentication Protocol. initializeAuthStatic(5) - to manually initiates reauthentication of all the statically authorized endpoint devices. initializeIp(6) - to manually initiates reauthentication of a specific IP device. The value in cnnEouHostValidateIpAddrType and cnnEouHostValidateIpAddr are used by this operation. initializeMac(7) - to manually initiates reauthentication of the endpoint device identified by MAC address. The value in cnnEouHostValidateMacAddr is used by this operation. initializePostureToken(8) - to manually initiates reauthentication of the endpoint device(s) with a specify posture token assigned. The value in cnnEouHostValidatePostureToken is used by this operation. This enumerated integer is deprecated and replaced by initializePostureTokenStr. revalidateAll(9) - to revalidate EOU posture credentials of all devices on the system. revalidateAuthClientless(10) - to revalidate EOU posture credentials of all clientless devices on the system. revalidateAuthEap(11) - to revalidate EOU posture credentials of the devices authorized by EAP on the system. revalidateAuthStatic(12) - to revalidate EOU posture credentials of all statically authorized devices on the system. revalidateIp(13) - to revalidates EOU posture credentials of a specific IP device. The value in cnnEouHostValidateIpAddrType and cnnEouHostValidateIpAddr are used by this operation. revalidateMac(14) - to revalidates EOU posture credentials of a specific device identified by MAC address. The value in cnnEouHostValidateMacAddr is used by this operation. revalidatePostureToken(15) - to enable revalidates EOU posture credentials of the devices with the specific posture token assigned. The value in cnnEouHostValidatePostureToken is used by this operation. This enumerated integer is deprecated and replaced by revalidatePostureTokenStr. noRevalidateAll(16) - to disable revalidation of all devices on the system. noRevalidateAuthClientless(17) - to disable the revalidation of all clientless devices on the system. noRevalidateAuthEap(18) - to disable the revalidation of all devices authorized by EAP on the system. noRevalidateAuthStatic(19) - to disable the revalidation of all statically authorized devices on the system. noRevalidateIp(20) - to disable the revalidation of the specific IP device. The value in cnnEouHostValidateIpAddrType and cnnEouHostValidateIpAddr are used by this operation. noRevalidateMac(21) - to disable the revalidation of the specific device identified by MAC address. The value in cnnEouHostValidateMacAddr is used by this operation. noRevalidatePostureToken(22) - to disable the revalidation of all device with the specific posture token assigned. The value in cnnEouHostValidatePostureToken is used by this operation. This enumerated integer is deprecated and replaced by noRevalidatePostureTokenStr. initializePostureTokenStr(23) - to manually initiates reauthentication of the endpoint device(s) with a specify posture token assigned. The value in cnnEouHostValidatePostureTokenStr is used by this operation. revalidatePostureTokenStr(24) - to enable revalidates EOU posture credentials of the devices with the specific posture token assigned. The value in cnnEouHostValidatePostureTokenStr is used by this operation. noRevalidatePostureTokenStr(25) - to disable the revalidation of all device with the specific posture token assigned. The value in cnnEouHostValidatePostureTokenStr is used by this operation. Enumeration: 'initializeIp': 6, 'initializeAuthStatic': 5, 'noRevalidateAll': 16, 'noRevalidateAuthEap': 18, 'revalidateAuthClientless': 10, 'revalidateAll': 9, 'revalidatePostureTokenStr': 24, 'revalidatePostureToken': 15, 'initializeAll': 2, 'noRevalidatePostureTokenStr': 25, 'noRevalidateIp': 20, 'noRevalidatePostureToken': 22, 'noRevalidateAuthClientless': 17, 'revalidateAuthStatic': 12, 'initializePostureTokenStr': 23, 'initializeAuthClientless': 3, 'revalidateMac': 14, 'revalidateIp': 13, 'noRevalidateAuthStatic': 19, 'initializeMac': 7, 'none': 1, 'noRevalidateMac': 21, 'revalidateAuthEap': 11, 'initializeAuthEap': 4, 'initializePostureToken': 8.

The type of Internet address for a detected host.

The Internet address for a detected host. The type of this address is determined by the value of the cnnEouHostValidateIpAddrType.

The Mac address for a detected host.

Type of posture token for a detected host. This object is deprecated and replaced by cnnEouHostValidatePostureTokenStr.

Maximum number of query entries allowed to be outstanding at any time, in the cnnEouHostQueryTable.

A control table used to query the client host by specifying retrieval criteria for the EOU information. Each row instance in the table represents a query with its parameters. The resulting data for each instance of a query in this table is returned in the cnnHostQueryResultTable. The maximum number of entries (rows) in this table cannot exceed the value of cnnEouHostMaxQueries object.

A conceptual row of the cnnEouHostQueryTable used to setup retrieval criteria to search for the EOU hosts on the system. The actual search is started by setting the value of cnnEouHostQueryStatus to 'active'. Once a row becomes active, values within the row cannot be modified, except by deleting and re-creating the row.

An arbitrary integer in the range of 1 to cnnEouHostMaxQueries to identify this control query.

Setting each value causes the appropriate action: authenClientless(1) - causes the creation of row(s) in the cnnHostQueryResultTable corresponding to the current EOU information for the clientless host(s) on the system. authenEap(2) - causes the creation of row(s) in the cnnHostQueryResultTable corresponding to the current EOU information for the hosts authorized by EAP on the system. authenStatic(3) - causes the creation of row(s) in the cnnHostQueryResultTable corresponding to the current EOU information for the statically authorized hosts on the system. interface(4) - causes the creation of row(s) in the cnnHostQueryResultTable corresponding to the current EOU information for the endpoint devices connected to the interface specified in cnnEouHostQueryInterface. ip(5) - causes the creation of row(s) in the cnnHostQueryResultTable corresponding to the current EOU information for the IP hosts specified in cnnEouHostQueryIpAddrType and cnnEouHostQueryIpAddr. mac(6) - causes the creation of row(s) in the cnnHostQueryResultTable corresponding to the current EOU information for the hosts matching the mac address specified in cnnEouHostQueryMacAddr. postureToken(7) - causes the creation of row(s) in the cnnHostQueryResultTable corresponding to the current EOU information for the hosts assigned posture token specified in cnnEouHostQueryPostureToken. This enumerated integer is deprecated and replaced by postureTokenString. all(8) - returns all rows corresponding to all the detected hosts in the system. postureTokenString(9) - causes the creation of row(s) in the cnnHostQueryResultTable corresponding to the current EOU information for the hosts assigned posture token string specified in cnnEouHostQueryPostureTokenStr. Enumeration: 'authenEap': 2, 'postureToken': 7, 'ip': 5, 'all': 8, 'mac': 6, 'authenClientless': 1, 'interface': 4, 'postureTokenString': 9, 'authenStatic': 3.

An index value that uniquely identifies an interface where the end point device is connected. The interface identified by a particular value of this index is the same interface as identified by the same value of ifIndex.

The internet address type for the queried host.

The Internet address for the queried host. The type of this address is determined by the value of the cnnEouHostQueryIpAddrType. If the 'ip' option of cnnEouHostQueryMask is selected, an appropriate IP address type is assigned to cnnEouHostQueryIpAddrType, and an appropriate IP address is assigned to cnnEouHostQueryIpAddr then only the IP host with the specified address will be containing in the result table.

The Mac address for the queried host. If the 'mac' option of cnnEouHostQueryMask is selected, an appropriate MAC address is assigned to this object then only the host with the specified MAC address will be containing in the result table.

The assigned posture token for the queried host. If the 'postureToken' option of cnnEouHostQueryMask is selected, an appropriate posture token is assigned to this object then only the host with the specified posture token will be containing in the result table. This object is deprecated and replaced by cnnEouHostQueryPostureTokenStr.

The number of searched detected hosts to be skipped before storing any host in cnnEouHostResultTable. This object can be used along with cnnEouHostQueryTotalHosts object to skip previously found hosts by setting the variable equal to the number of the associated rows in cnnEouHostResultTable, and only query the remaining hosts in the table. Note that due to the dynamical nature of the EOU, the queried hosts may be missed or repeated by setting this object.

This is the maximum number of rows in the cnnEouHostResultTable, resulting from this query. A value of zero (0) indicates no limit rows in cnnEouHostResultTable, resulting from this query.

Indicating the total number of the hosts matching the query criterion. -1 - Either the query has not been started or the agent is still processing this query instance. It is the default value when the row is instantiated. 0..2147483647 - The search has ended and this is the number of host matching the query criterion.

Indicating the status of the query by following values: -1 - Either the query has not been started or the agent is still processing this query instance. It is the default value when the row is instantiated. 0..2147483647 - The search has ended and this is the number of rows in the cnnEouHostResultTable, resulting from this query.

Time when this query was last set to active.

The status object used to manage rows in this table. When set to 'createAndGo', the query is initiated. The completion of the query is indicated by the value of cnnEouHostQueryRows as soon as it becomes greater than or equal to 0. Once a row becomes active, values within the row cannot be modified, except by deleting and re-creating it.

The assigned posture token string for the queried host. If the 'postureTokenString' option of cnnEouHostQueryMask is selected, an appropriate posture token string is assigned to this object then only the host with the specified posture token string will be containing in the result table.

A table containing current detected host information corresponding to all the completed queries set up in the cnnEouHostQueryTable, that were detected in the device. The query result will not become available until the current search completes.

A conceptual row of cnnEouHostResultTable, containing posture validation information of an detected host that matches the search criteria set in the corresponding row of cnnEouHostQueryTable.

A number which uniquely identifies a result entry matching a particular query.

An index value that uniquely identifies an interface where the end point device is currently connected. The interface identified by a particular value of this index is the same interface as identified by the same value of ifIndex.

The type of Internet address by which the detected host is reachable.

The internet address for the detected host. The type of this address is determined by the value of the cnnEouHostResultIpAddrType object.

Indicates The MAC address of the detected host.

This object indicates the authentication type used in the posture validation process for this detected host.

Indicates the posture token of the detected host. During the posture validation process, the host will be placed into a particular category and have a token assigned to it. This assignment will depend on the state of the software that is resident on the host. The host will have specific right to access network based on the token assigned. This object is deprecated and replaced by cnnEouHostResultPostureTokenStr

Indicates the length of time, in minutes, that host has been connected.

This object specifies the URL(Web page) where the latest Anti-Virus file can be downloaded or upgraded, if the detected host fails the credential validation then it may require remediation.

The mapped ACL to this detected host. A character string for an ACL (Access Control List) name. Valid characters are a-z, A-Z, 0-9, ,'#', '-', '_' and '.'. Some devices may require that an ACL name contains at least one non-numeric character. ACL name is case sensitive.

The timeout period, in seconds, for the status query after revalidation at this interface.

The timeout period, in second, for the revalidation at this interface.

Indicates the current EOU state of this detected host.

Indicates the posture token string of the detected host. During the posture validation process, the host will be placed into a particular category and have a token assigned to it. This assignment will depend on the state of the software that is resident on the host. The host will have specific right to access network based on the token assigned.

Indicates the name of the access control list(ACL) for URL redirection. Any ingress HTTP from the host that matches this ACL will be subjected to redirection to the URL (Web page) specified in cnnEouHostResultUrlRedir.

Indicates the tag which is received as a policy response from the ACS server for the detected host.

This object uniquely identifies a host session. Session ID is included in access requests to AAA server and in Web requests to Audit server.

This object indicates the name of policy template to be applied when EouHostResultState is 'aaaFail'.

Posture token string for a detected host.

Specifies whether the IP device tracking feature is globally enabled or disabled on this device.

Specifies the number of times that this device sends the ARP probe to an IP device before removing the IP device from the IP device tracking table.

Specifies the number of the seconds that this device waits before resending the ARP probe.

A table of IP Device Tracking configuration for EOU interfaces in the system.

A set of EOU IP Device Tracking configuration information on an EOU interface.

Specifies if IP Device Tracking feature is enabled on this interface.

The compliance statement for the CISCO-NAC-NAD-MIB. OBJECT cnnEouAuthIpAddrType SYNTAX InetAddressType { ipv4(1) } DESCRIPTION An implementation is only required to support IPv4 addresses.

The compliance statement for the CISCO-NAC-NAD-MIB. OBJECT cnnEouAuthIpAddrType SYNTAX InetAddressType { ipv4(1) } DESCRIPTION An implementation is only required to support IPv4 addresses.

The compliance statement for the CISCO-NAC-NAD-MIB. OBJECT cnnEouAuthIpAddrType SYNTAX InetAddressType { ipv4(1) } DESCRIPTION An implementation is only required to support IPv4 addresses.

The compliance statement for the CISCO-NAC-NAD-MIB. OBJECT cnnEouAuthIpAddrType SYNTAX InetAddressType { ipv4(1) } DESCRIPTION An implementation is only required to support IPv4 addresses.

A collection of objects providing the global configuration on the NAD.

A collection of objects providing the configuration for the static authorization IP device with policy associated.

A collection of objects providing the configuration for the static authorization MAC device with policy associated.

A collection of objects providing the configuration for the static authorization device identified by device type.

A collection of objects providing the interface configuration on the NAD.

A collection of objects providing the host configuration on the NAD.

A collection of objects providing the timeout configuration on the interface.

A collection of objects providing the max-retry configuration on the interface.

A collection of objects providing the rate limit configuration.

A collection of objects providing the administrative configuration on the interfaces.

A collection of objects providing the age information on the interface.

A collection of objects providing the redirect URL information on the interface.

A collection of objects providing the ACL(Access Control List) information on the interface.

A collection of objects providing the AAA failed policy for the interface.

A collection of objects providing the host configuration on the NAD.

A collection of objects providing IP device tracking for the device.

A collection of objects providing critical recovery delay for the device.

A collection of objects providing EOU IP device tracking per interface in the device.

A collection of objects providing the globally configuration for the system.

A collection of objects providing the host extension configuration on the NAD.

A collection of objects providing the interface extension configuration on the NAD.