-- ***************************************************************** -- CISCO-LWAPP-TRUSTSEC-MIB.my -- -- February 2017, Amar Kumar -- -- Copyright (c) 2016 by Cisco Systems, Inc. -- All rights reserved. -- ***************************************************************** CISCO-LWAPP-TRUSTSEC-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Counter32, NOTIFICATION-TYPE FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF TruthValue, DateAndTime, RowStatus FROM SNMPv2-TC SnmpAdminString FROM SNMP-FRAMEWORK-MIB CtsSecurityGroupTag FROM CISCO-TRUSTSEC-TC-MIB InetAddressType, InetAddress FROM INET-ADDRESS-MIB cLApSysMacAddress FROM CISCO-LWAPP-AP-MIB ciscoMgmt FROM CISCO-SMI; ciscoLwappTrustSecMIB MODULE-IDENTITY LAST-UPDATED "201702100000Z" ORGANIZATION "Cisco Systems Inc." CONTACT-INFO "Cisco Systems, Customer Service Postal: 170 West Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS Email: cs-snmp@cisco.com" DESCRIPTION "This MIB module is for the configuration of a network device on the Cisco Trusted Security (TrustSec) system. TrustSec secures a network fabric by authenticating and authorizing each device connecting to the network, allowing for the encryption, authentication and replay protection of data traffic on a hop by hop basis. Glossary : TrustSec - Cisco Trusted Security EAP-FAST - Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (RFC 4851) PAC - Protected Access Credential A credential dynamically downloaded from the Access Control Server. ACS - Access Control Server SGT - Security Group Tag SXP - SGT Exchange Protocol. A tag identifying its source, assigned to a packet on ingress to a TrustSec cloud, and used to determine security and other policy to be applied to it along its path through the cloud. This MIB module is for the configuration and status query of SGT Exchange Protocol over TCP (SXPoTCP) feature of the device on the Cisco's Trusted Security (TrustSec) system. Security Group Tag (SGT) identifying its source, assigned to a packet on ingress to a TrustSec cloud, and used to determine security and other policy to be applied to it along its path through the cloud." REVISION "201702100000Z" DESCRIPTION "Initial version of this MIB module." ::= { ciscoMgmt 836 } clCtsMIBNotifs OBJECT IDENTIFIER ::= { ciscoLwappTrustSecMIB 0 } clCtsTableMIBObjects OBJECT IDENTIFIER ::= { ciscoLwappTrustSecMIB 1 } clCtsMIBConform OBJECT IDENTIFIER ::= { ciscoLwappTrustSecMIB 2 } clCtsGlobalMIBObjects OBJECT IDENTIFIER ::= { ciscoLwappTrustSecMIB 3 } clCtsSecurityGroupTagId OBJECT-TYPE SYNTAX CtsSecurityGroupTag MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies user to specify the SGT for the packets originating from this device. A value of zero for this object indicates that no SGT has been configured." DEFVAL { 0 } ::= { clCtsGlobalMIBObjects 1 } clCtsDeviceId OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the identifier for the device. This identifier and the device password (specified by clCtsDevicePassword) are used together by the Cisco Trusted Security feature for authenticating the device. The object may not be set to a zero length string. The system will return a zero length string for this object either when there is no value configured for this object or TrustSec credentials for the device have been cleared by setting clCtsCredentialsClearAll to 'true'." DEFVAL {" "} ::= { clCtsGlobalMIBObjects 2 } clCtsDevicePassword OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies user to specify the password for the device. This password and the device identifier (specified by clCtsDeviceId) are used together by the Cisco Trusted Security feature for authenticating the device. The object may not be set to a zero length string. When read, this object always returns the value of a zero-length octet string." DEFVAL { "" } ::= { clCtsGlobalMIBObjects 3 } clCtsInlineTagEnableStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies whether the inline tagging option is Enabled or disabled. A 'true' value indicates that inline tagging option is enabled. A 'false' value indicates that inline tagging option is disabled." DEFVAL { false } ::= { clCtsGlobalMIBObjects 4 } clCtsEnableStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies whether the CTS option is Enabled or disabled. A value of 'true' indicates that CTS is enabled. A value of 'false' indicates that CTS is disabled." DEFVAL { false } ::= { clCtsGlobalMIBObjects 6 } --******************************************************************** -- * AP SXP Table --******************************************************************** clCtsApSxpPeerTable OBJECT-TYPE SYNTAX SEQUENCE OF CLCtsApSxpPeerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of SXP peers configured on this device. It is a list of IP addresses of respective SXP connection peers configured for this device. SXP peers exchange security group tags information of clients through SxpV4 protocol." ::= { clCtsTableMIBObjects 1 } cLCtsApSxpPeerEntry OBJECT-TYPE SYNTAX CLCtsApSxpPeerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing management information of a particular SXP peers." INDEX { cLApSysMacAddress, clCtsApSxpPeerIpType, clCtsApSxpPeerIp } ::= { clCtsApSxpPeerTable 1 } CLCtsApSxpPeerEntry ::= SEQUENCE { clCtsApSxpPeerIpType InetAddressType, clCtsApSxpPeerIp InetAddress, clCtsApSxpPeerPassword INTEGER, clCtsApSxpMode INTEGER, clCtsApSxpPeerRowStatus RowStatus } clCtsApSxpPeerIpType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The type of Internet address of the peer SXP device." ::= { cLCtsApSxpPeerEntry 1 } clCtsApSxpPeerIp OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Internet address of the SXP peer device. The type of this address is determined by the value of cLCtsApSxpPeerIpType object." ::= { cLCtsApSxpPeerEntry 2 } clCtsApSxpMode OBJECT-TYPE SYNTAX INTEGER {speaker(1), listener(2), both(3)} MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the device mode of this SXP connection. A value of 'speaker' indicates that device will acts as the speaker in this SXP connection. A value of 'listener' indicates that device will acts as the listener in this SXP connection. A value of 'both' indicates that device will acts as both speaker and listener making it a Bi-directional SXP connection." ::= { cLCtsApSxpPeerEntry 3 } clCtsApSxpPeerPassword OBJECT-TYPE SYNTAX INTEGER { notRequired(0), required(1), default(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies to configure the password of the sxp peer device." ::= { cLCtsApSxpPeerEntry 4 } clCtsApSxpPeerRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the conceptual status of the row." ::= { cLCtsApSxpPeerEntry 5 } -- ******************************************************************* -- * Compliance statements -- ******************************************************************* clCtsMIBCompliances OBJECT IDENTIFIER ::= { clCtsMIBConform 1 } clCtsMIBGroups OBJECT IDENTIFIER ::= { clCtsMIBConform 2 } clCtsMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for the SNMP entities that implement the ciscoLwappTrustSecMIB module." MODULE -- this module MANDATORY-GROUPS { clCtsGroup } ::= { clCtsMIBCompliances 1 } -- ******************************************************************* -- * Units of conformance -- ******************************************************************* clCtsGroup OBJECT-GROUP OBJECTS { clCtsSecurityGroupTagId, clCtsDeviceId, clCtsDevicePassword, clCtsInlineTagEnableStatus, clCtsEnableStatus, clCtsApSxpPeerIpType, clCtsApSxpPeerIp, clCtsApSxpPeerPassword, clCtsApSxpMode, clCtsApSxpPeerRowStatus } STATUS current DESCRIPTION "This collection of objects represents the information about the general attributes of Trustsec." ::= { clCtsMIBGroups 1 } END