TIMETRA-SECURITY-MIB DEFINITIONS ::= BEGIN IMPORTS CounterBasedGauge64 FROM HCNUM-TC Dot1agCfmMDLevel FROM IEEE8021-CFM-MIB InterfaceIndexOrZero FROM IF-MIB InetAddress, InetAddressIPv6, InetAddressPrefixLength, InetAddressType FROM INET-ADDRESS-MIB MODULE-COMPLIANCE, NOTIFICATION-GROUP, OBJECT-GROUP FROM SNMPv2-CONF Counter32, Counter64, Gauge32, Integer32, IpAddress, MODULE-IDENTITY, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32 FROM SNMPv2-SMI DateAndTime, DisplayString, MacAddress, RowStatus, TEXTUAL-CONVENTION, TimeStamp, TruthValue FROM SNMPv2-TC tmnxCpmFlashHwIndex, tmnxCpmFlashOperStatus FROM TIMETRA-CHASSIS-MIB TEntryId, TFilterLogId, TFltrPortSelector, TItemMatch FROM TIMETRA-FILTER-MIB timetraSRMIBModules, tmnxSRConfs, tmnxSRNotifyPrefix, tmnxSRObjs FROM TIMETRA-GLOBAL-MIB tmnxPortPortID FROM TIMETRA-PORT-MIB sapEncapValue, sapPortId FROM TIMETRA-SAP-MIB sdpBindId FROM TIMETRA-SDP-MIB svcId FROM TIMETRA-SERV-MIB Dot1PPriority, Dot1PPriorityMask, Dot1PPriorityNonZeroMask, IPv6FlowLabel, InterfaceIndex, IpAddressPrefixLength, ServiceAccessPoint, TCIRRate, TCpmFilterBurstSize, TCpmProtPolicyID, TDSCPNameOrEmpty, TIcmpCodeOrNone, TIcmpTypeOrNone, TIpOption, TIpProtocol, TItemDescription, TLDisplayString, TLNamedItemOrEmpty, TNamedItem, TNamedItemOrEmpty, TOperator, TPIRRate, TPIRRateOrZero, TRegularExpression, TTcpUdpPort, TXLNamedItemOrEmpty, TmnxActionType, TmnxAdminState, TmnxAdminStateUpDown, TmnxCliEngine, TmnxCreateOrigin, TmnxDisplayStringURL, TmnxDistCpuProtAction, TmnxDistCpuProtActionDuration, TmnxDistCpuProtBurstSize, TmnxDistCpuProtEnforceType, TmnxDistCpuProtLogEventType, TmnxDistCpuProtPacketPolicerRateLimit, TmnxDistCpuProtPacketRateLimit, TmnxDistCpuProtProtocolId, TmnxDistCpuProtRate, TmnxDistCpuProtRateType, TmnxLongDisplayString, TmnxOperState, TmnxPortID, TmnxScriptAuthType, TmnxSecRadiusServAlgorithm, TmnxServId, TmnxVRtrIDOrZero FROM TIMETRA-TC-MIB vRtrID, vRtrIfIndex FROM TIMETRA-VRTR-MIB ; timetraSecurityMIBModule MODULE-IDENTITY LAST-UPDATED "201701010000Z" ORGANIZATION "Nokia" CONTACT-INFO "Nokia SROS Support Web: http://www.nokia.com" DESCRIPTION "This document is the SNMP MIB module to manage and provision Security features on Nokia SROS systems. Copyright 2003-2018 Nokia. All rights reserved. Reproduction of this document is authorized on the condition that the foregoing copyright notice is included. This SNMP MIB module (Specification) embodies Nokia's proprietary intellectual property. Nokia retains all title and ownership in the Specification, including any revisions. Nokia grants all interested parties a non-exclusive license to use and distribute an unmodified copy of this Specification in connection with management of Nokia products, and without fee, provided this copyright notice and license appear on all copies. This Specification is supplied 'as is', and Nokia makes no warranty, either express or implied, as to the use, operation, condition, or performance of the Specification." REVISION "201701010000Z" DESCRIPTION "Rev 15.0 1 Jan 2017 00:00 15.0 release of the TIMETRA-SECURITY-MIB." REVISION "201602010000Z" DESCRIPTION "Rev 14.0 1 Feb 2016 00:00 14.0 release of the TIMETRA-SECURITY-MIB." REVISION "201502010000Z" DESCRIPTION "Rev 13.0 1 Feb 2015 00:00 13.0 release of the TIMETRA-SECURITY-MIB." REVISION "201401010000Z" DESCRIPTION "Rev 12.0 1 Jan 2014 00:00 12.0 release of the TIMETRA-SECURITY-MIB." REVISION "201208010000Z" DESCRIPTION "Rev 11.0 1 Aug 2012 00:00 11.0 release of the TIMETRA-SECURITY-MIB." REVISION "201111010000Z" DESCRIPTION "Rev 10.0 1 Nov 2011 00:00 10.0 release of the TIMETRA-SECURITY-MIB." REVISION "201102010000Z" DESCRIPTION "Rev 9.0 1 Feb 2011 00:00 9.0 release of the TIMETRA-SECURITY-MIB." REVISION "200902280000Z" DESCRIPTION "Rev 7.0 28 Feb 2009 00:00 7.0 release of the TIMETRA-SECURITY-MIB." REVISION "200807010000Z" DESCRIPTION "Rev 6.1 01 Jul 2008 00:00 6.1 release of the TIMETRA-SECURITY-MIB." REVISION "200801010000Z" DESCRIPTION "Rev 6.0 01 Jan 2008 00:00 6.0 release of the TIMETRA-SECURITY-MIB." REVISION "200701010000Z" DESCRIPTION "Rev 5.0 01 Jan 2007 00:00 5.0 release of the TIMETRA-SECURITY-MIB." REVISION "200602280000Z" DESCRIPTION "Rev 4.0 28 Feb 2006 00:00 4.0 release of the TIMETRA-SECURITY-MIB." REVISION "200508310000Z" DESCRIPTION "Rev 3.0 31 Aug 2005 00:00 3.0 release of the TIMETRA-SECURITY-MIB." REVISION "200501240000Z" DESCRIPTION "Rev 2.1 24 Jan 2005 00:00 2.1 release of the TIMETRA-SECURITY-MIB." REVISION "200401150000Z" DESCRIPTION "Rev 2.0 15 Jan 2004 00:00 2.0 release of the TIMETRA-SECURITY-MIB." REVISION "200308150000Z" DESCRIPTION "Rev 1.2 15 Aug 2003 00:00 1.2 release of the TIMETRA-SECURITY-MIB." REVISION "200301270000Z" DESCRIPTION "Rev 0.1 27 Jan 2003 00:00 Initial version of the TIMETRA-SECURITY-MIB." ::= { timetraSRMIBModules 22 } TProfileAction ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Action to take be taken as a result of matching one of profile's match entries. deny (1) - matching commands are denied access. allow (2) - matching commands are allowed access. if the none (3) - no action is taken giving way to other profile matching to happen. read-only (4) - matching commands are allowed read access only" SYNTAX INTEGER { deny (1), allow (2), none (3), read-only (4) } TProfileGrpcRpcAuth ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The TProfileGrpcRpcAuth data type is an enumerated integer that describes the values used to specify user access to an RPC. permit (1) - user is permitted to access the RPC. deny (2) - user is denied access to the RPC and a reply message with 'Unauthenticated' gRPC status is issued." SYNTAX INTEGER { permit (1), deny (2) } TProfileMatchAction ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Action to take be taken as a result of matching one of profile's match entries. deny (1) - matching commands are denied access. allow (2) - matching commands are allowed access. if the none (3) - no action is taken giving way to other profile matching to happen. read-only (4) - matching commands are allowed read access only" SYNTAX INTEGER { deny (1), allow (2), none (3), read-only (4) } TmnxMafAction ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Action to take be taken as a result of matching the configured criteria in a Management Access Filter. none (0) - no action specified, follow default behavior. permit (1) - packets matching the configured criteria are permitted. deny (2) - packets matching the configured criteria are denied and an ICMP host unreachable message is issued. denyHostUnreachable (3) - packets matching the configured criteria are denied and no ICMP host unreachable message is issued." SYNTAX INTEGER { none (0), permit (1), deny (2), denyHostUnreachable (3) } TCpmFilterQueueId ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "TCpmFilterQueueId is an integer value that identifies a CPM queue. The value '0' is used if there is no queue defined" SYNTAX Unsigned32 (0 | 33..2000) TCpmFilterActionOrDefault ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The TCpmFilterActionOrDefault data type is an enumerated integer that describes the values used to specify the action to take on the traffic when the filter entry matches. drop (1) packets matching the filter entry are dropped forward (2) packets matching the filter entry are forwarded queue (3) packets matching the filter are sent to queue tCpmFilterQueueId default (4) the disposition of packets matching the filter is determined by the default action of the filter" SYNTAX INTEGER { drop (1), forward (2), queue (3), default (4) } TmnxKeyChainKeyDirection ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "TmnxKeyChainKeyDirection data type is an enumerated integer that indicates the tcp-stream direction to apply the keychain on." SYNTAX INTEGER { send (1), receive (2), send-receive (3) } TmnxKeyChainKeyAlgorithm ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "TmnxKeyChainKeyAlgorithm data type is an enumerated integer that indicates the encryption algorithm to be used by the key defined in the keychain." SYNTAX INTEGER { nullKeyAlgo (0), aes128Cmac96 (1), hmacSha196 (2), password (3), message-digest (4), hmacMd5 (5), hmacSha1 (6), hmacSha256 (7), aes128Gcm16 (8) } TmnxKeyChainKeyOption ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "TmnxKeyChainKeyOption data type is an enumerated integer that indicates the option to be used by the key defined in the keychain." SYNTAX INTEGER { none (0), basic (1), isis-enhanced (2) } TmnxKeyChainTcpOptionNum ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "TmnxKeyChainTcpOptionNum data type is an enumerated integer that indicates the TCP option number to be used in the TCP header." SYNTAX INTEGER { value253 (1), value254 (2), all (3), tcp-ao (4) } TmnxMafType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The TmnxMafType data type is an enumerated integer that describes the type of packets a filter applies to." SYNTAX INTEGER { ipv4 (1), ipv6 (2), mac (3) } TmnxCpmPacketRateLimit ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A packet rate limit expressed in packets per second. The value -1 means unlimited rate." SYNTAX Integer32 (-1 | 1..65535) TmnxCpmPacketPolRateLimit ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A packet rate limit expressed in packets per second for CPU protection policy parameters. The value -1 means unlimited rate." SYNTAX Integer32 (-1 | 1..65534) TmnxCpmPktPolRateLimitInclZero ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A packet rate limit expressed in packets per second for CPU protection policy parameters. The value zero means a limit of zero packets per second. The value -1 means unlimited rate." SYNTAX Integer32 (-1..65534) TmnxCpmPacketRate ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A packet rate expressed in packets per second." SYNTAX Gauge32 (0..4294967295) TmnxCpmProtEthCfmOpCode ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The Opcode field within an Ethernet Connectivity Fault Management PDU has this range." REFERENCE "ITU-T Y.1731 Specification, 02/2008" SYNTAX Unsigned32 (0..255) TmnxMafMacFltrFrameType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The type of the frame for which this mac filter match criteria is defined." SYNTAX INTEGER { e802dot3 (0), e802dot2LLC (1), e802dot2SNAP (2), ethernetII (3), e802dot1ag (4) } TmnxCpmMacFltrFrameType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The type of the frame for which this mac filter match criteria is defined." SYNTAX INTEGER { none (-1), e802dot2LLC (1), ethernetII (3), e802dot1ag (4) } TCpmFilterPortOperator ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This textual convention specifies the manner in which the CPM filter port objects have to be interpreted. - If the operator takes the value mask(0) then the filter uses the port and port-mask values as match criterion; port-high can take any value but is ignored by the filter - If the operator takes the value range(1) then the filter uses the port range specified by port (lower bound) and port-high (upper bound) as match criterion; port-mask can take any value but is ignored by the filter." SYNTAX INTEGER { mask (0), range (1) } TSSHCipherNumber ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This textual convention specifies the ciphers that are used by SSH protocol version 1 and SSH protocol version 2." SYNTAX INTEGER { none (0), des (2), threeDes (3), blowfish (6), threeDesCbc (32), blowfishCbc (33), cast128Cbc (34), arcfour (35), aes128Cbc (36), aes192Cbc (37), aes256Cbc (38), rijndaelCbc (39), aes128Ctr (40), aes192Ctr (41), aes256Ctr (42) } TmnxSessionLimit ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "TmnxSessionLimit is an integer value that specifies the limit for number of concurrent user access sessions (SSH, Telnet, Total). The value -1 means there is no limit for number of sessions of a given type." SYNTAX Integer32 (-1 | 0..50) TmnxPasswordAuthenOrder ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "TmnxPasswordAuthenOrder is an integer value that specifies the user authentication method." SYNTAX INTEGER { none (0), local (1), radius (2), tacplus (3), ldap (4) } TmnxPkiCNType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The TmnxPkiCNType data type is an enumerated integer that indicates the type of Common Name in Common Name list. Common Name is present in a certificate in field 'Common Name' (CN) or in the extension 'Subject Alternative Name' (SAN). Common Name can be present in Common Name list as a plain text or as regular expression." SYNTAX INTEGER { ip-address (1), domain-name (2) } TSSHMacNumber ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The TSSHMacNumber data type specifies the MAC (message authentication code) algorithms that are used by the SSH protocol version 2." SYNTAX INTEGER { hmacSha512 (1), hmacSha256 (2), hmacSha1 (3), hmacSha196 (4), hmacMd5 (5), hmacRipemd160 (6), hmacRipemd160OpensshCom (7), hmacMd596 (8) } TmnxPassHashReadType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "TmnxPassHashReadType specifies the hash algorithm accepted by the system while executing commands." SYNTAX INTEGER { all-hash (0), hash (1), hash2 (2), custom (3) } TmnxPassHashWriteType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "TmnxPassHashWriteType specifies the hash version to be used while saving the configuration files." SYNTAX INTEGER { cleartext (0), hash (1), hash2 (2), custom (3) } TSSHKexNumber ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The TSSHKexNumber data type specifies the KEX (key exchange) algorithms that are used by the SSH protocol version 2." SYNTAX INTEGER { diffieHellmanGroup1Sha1 (1), diffieHellmanGroup14Sha1 (2), diffieHellmanGroupExchangeSha1 (3), diffieHellmanGroup14Sha256 (4), diffieHellmanGroup16Sha512 (5) } TmnxPassHashType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The TmnxPassHashType specifies the hash algorithm used by the system to hash stored user passwords." SYNTAX INTEGER { bcrypt (1), sha2-pbkdf2 (2), sha3-pbkdf2 (3) } tmnxSecurityObjects OBJECT IDENTIFIER ::= { tmnxSRObjs 22 } tmnxUserProfileTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxUserProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to store the user profiles for access to the commands in the command line interface." ::= { tmnxSecurityObjects 1 } tmnxUserProfileEntry OBJECT-TYPE SYNTAX TmnxUserProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single user profile." INDEX { tmnxUserProfile } ::= { tmnxUserProfileTable 1 } TmnxUserProfileEntry ::= SEQUENCE { tmnxUserProfile TNamedItem, tmnxUserProfileRowStatus RowStatus, tmnxUserProfileDefaultAction TProfileAction, tmnxUserProfileLi TruthValue, tmnxUserProfileNCKillSession TruthValue, tmnxUserProfileSshLimit TmnxSessionLimit, tmnxUserProfileTelnetLimit TmnxSessionLimit, tmnxUserProfileTotalLimit TmnxSessionLimit, tmnxUserProfileCliSessionGroup TNamedItemOrEmpty, tmnxUserProfileNCLock TruthValue, tmnxUserProfileGrpcAuthGet TProfileGrpcRpcAuth, tmnxUserProfileGrpcAuthSet TProfileGrpcRpcAuth, tmnxUserProfileGrpcAuthSubscribe TProfileGrpcRpcAuth, tmnxUserProfileGrpcAuthGnmiCap TProfileGrpcRpcAuth, tmnxUserProfileGrpcAuthRAModify TProfileGrpcRpcAuth, tmnxUserProfileGrpcAuthRAGetVer TProfileGrpcRpcAuth, tmnxUserProfileGrpcAuthCMRotate TProfileGrpcRpcAuth, tmnxUserProfileGrpcAuthCMInstall TProfileGrpcRpcAuth, tmnxUserProfileGrpcAuthCMGetCert TProfileGrpcRpcAuth, tmnxUserProfileGrpcAuthCMRevoke TProfileGrpcRpcAuth, tmnxUserProfileGrpcAuthCMCanGen TProfileGrpcRpcAuth, tmnxUserProfileGrpcAuthMdCliSess TProfileGrpcRpcAuth, tmnxUserProfileGrpcAuthSysSetPkg TProfileGrpcRpcAuth, tmnxUserProfileGrpcAuthSysSwCP TProfileGrpcRpcAuth, tmnxUserProfileGrpcAuthSysReboot TProfileGrpcRpcAuth, tmnxUserProfileGrpcAuthSysRebtSt TProfileGrpcRpcAuth, tmnxUserProfileGrpcAuthSysCnRebt TProfileGrpcRpcAuth } tmnxUserProfile OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The name of the profile is the index to the table." ::= { tmnxUserProfileEntry 1 } tmnxUserProfileRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Row Status for the user profile. The deletion of this row has an action of removing the dependent rows in the tmnxUserProfileTable. " ::= { tmnxUserProfileEntry 2 } tmnxUserProfileDefaultAction OBJECT-TYPE SYNTAX TProfileAction MAX-ACCESS read-create STATUS current DESCRIPTION "The action to be given to the user profile in case if none of the entries match the command." DEFVAL { deny } ::= { tmnxUserProfileEntry 3 } tmnxUserProfileLi OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserProfileLi specifies whether or this profile can be assigned to a user to support Lawful Intercept (LI) operations. This object can only be modified from the SNMPv3 'li' context." DEFVAL { false } ::= { tmnxUserProfileEntry 4 } tmnxUserProfileNCKillSession OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserProfileNCKillSession specifies whether or this profile can be assigned to a user to support NETCONF Kill Session operations." DEFVAL { false } ::= { tmnxUserProfileEntry 5 } tmnxUserProfileSshLimit OBJECT-TYPE SYNTAX TmnxSessionLimit MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxUserProfileSshLimit specifies the maximum limit of concurrent SSH sessions for given User Profile." DEFVAL { -1 } ::= { tmnxUserProfileEntry 6 } tmnxUserProfileTelnetLimit OBJECT-TYPE SYNTAX TmnxSessionLimit MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxUserProfileTelnetLimit specifies the maximum limit of concurrent TELNET sessions for given User Profile." DEFVAL { -1 } ::= { tmnxUserProfileEntry 7 } tmnxUserProfileTotalLimit OBJECT-TYPE SYNTAX TmnxSessionLimit MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxUserProfileTotalLimit specifies the combined maximum limit of concurrent TELNET and SSH sessions for given User Profile." DEFVAL { -1 } ::= { tmnxUserProfileEntry 8 } tmnxUserProfileCliSessionGroup OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserProfileCliSessionGroup specifies a cli session group that the profile belongs to. This cli session group must be a valid row entry in tmnxCliSessionGroupEntry." DEFVAL { ''H } ::= { tmnxUserProfileEntry 9 } tmnxUserProfileNCLock OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserProfileNCLock specifies whether or this profile can be assigned to a user to support NETCONF Lock/Unlock operations." DEFVAL { false } ::= { tmnxUserProfileEntry 10 } tmnxUserProfileGrpcAuthGet OBJECT-TYPE SYNTAX TProfileGrpcRpcAuth MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserProfileGrpcAuthGet specifies whether a user to whom this profile is assigned is allowed to execute the gRPC gNMI Get RPC." DEFVAL { permit } ::= { tmnxUserProfileEntry 11 } tmnxUserProfileGrpcAuthSet OBJECT-TYPE SYNTAX TProfileGrpcRpcAuth MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserProfileGrpcAuthSet specifies whether a user to whom this profile is assigned is allowed to execute the gRPC gNMI Set RPC." DEFVAL { permit } ::= { tmnxUserProfileEntry 12 } tmnxUserProfileGrpcAuthSubscribe OBJECT-TYPE SYNTAX TProfileGrpcRpcAuth MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserProfileGrpcAuthSubscribe specifies whether a user to whom this profile is assigned is allowed to execute the gRPC gNMI Subscribe RPC." DEFVAL { permit } ::= { tmnxUserProfileEntry 13 } tmnxUserProfileGrpcAuthGnmiCap OBJECT-TYPE SYNTAX TProfileGrpcRpcAuth MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserProfileGrpcAuthGnmiCap specifies whether a user to whom this profile is assigned is allowed to execute the gRPC gNMI Capabilities RPC." DEFVAL { permit } ::= { tmnxUserProfileEntry 14 } tmnxUserProfileGrpcAuthRAModify OBJECT-TYPE SYNTAX TProfileGrpcRpcAuth MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserProfileGrpcAuthRAModify specifies whether a user to whom this profile is assigned is allowed to execute the gRPC RibApi Modify RPC." DEFVAL { permit } ::= { tmnxUserProfileEntry 15 } tmnxUserProfileGrpcAuthRAGetVer OBJECT-TYPE SYNTAX TProfileGrpcRpcAuth MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserProfileGrpcAuthRAGetVer specifies whether a user to whom this profile is assigned is allowed to execute the gRPC RibApi 'GetVersion' RPC." DEFVAL { permit } ::= { tmnxUserProfileEntry 16 } tmnxUserProfileGrpcAuthCMRotate OBJECT-TYPE SYNTAX TProfileGrpcRpcAuth MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserProfileGrpcAuthCMRotate specifies whether a user to whom this profile is assigned is allowed to execute the gRPC gNOI CertificateManagement Rotate RPC." DEFVAL { deny } ::= { tmnxUserProfileEntry 17 } tmnxUserProfileGrpcAuthCMInstall OBJECT-TYPE SYNTAX TProfileGrpcRpcAuth MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserProfileGrpcAuthCMInstall specifies whether a user to whom this profile is assigned is allowed to execute the gRPC gNOI CertificateManagement Install RPC." DEFVAL { deny } ::= { tmnxUserProfileEntry 18 } tmnxUserProfileGrpcAuthCMGetCert OBJECT-TYPE SYNTAX TProfileGrpcRpcAuth MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserProfileGrpcAuthCMGetCert specifies whether a user to whom this profile is assigned is allowed to execute the gRPC gNOI CertificateManagement 'GetCertificates' RPC." DEFVAL { deny } ::= { tmnxUserProfileEntry 19 } tmnxUserProfileGrpcAuthCMRevoke OBJECT-TYPE SYNTAX TProfileGrpcRpcAuth MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserProfileGrpcAuthCMRevoke specifies whether a user to whom this profile is assigned is allowed to execute the gRPC gNOI CertificateManagement 'RevokeCertificates' RPC." DEFVAL { deny } ::= { tmnxUserProfileEntry 20 } tmnxUserProfileGrpcAuthCMCanGen OBJECT-TYPE SYNTAX TProfileGrpcRpcAuth MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserProfileGrpcAuthCMCanGen specifies whether a user to whom this profile is assigned is allowed to execute the gRPC gNOI CertificateManagement 'CanGenerateCSR' RPC." DEFVAL { deny } ::= { tmnxUserProfileEntry 21 } tmnxUserProfileGrpcAuthMdCliSess OBJECT-TYPE SYNTAX TProfileGrpcRpcAuth MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserProfileGrpcAuthMdCliSess specifies whether a user to whom this profile is assigned is allowed to execute the gRPC MdCli 'Session' RPC." DEFVAL { permit } ::= { tmnxUserProfileEntry 22 } tmnxUserProfileGrpcAuthSysSetPkg OBJECT-TYPE SYNTAX TProfileGrpcRpcAuth MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserProfileGrpcAuthSysSetPkg specifies whether a user to whom this profile is assigned is allowed to execute the gRPC gNOI System 'SetPackage' RPC." DEFVAL { deny } ::= { tmnxUserProfileEntry 31 } tmnxUserProfileGrpcAuthSysSwCP OBJECT-TYPE SYNTAX TProfileGrpcRpcAuth MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserProfileGrpcAuthSysSwCP specifies whether a user to whom this profile is assigned is allowed to execute the gRPC gNOI System 'SwitchControlProcessor' RPC." DEFVAL { deny } ::= { tmnxUserProfileEntry 32 } tmnxUserProfileGrpcAuthSysReboot OBJECT-TYPE SYNTAX TProfileGrpcRpcAuth MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserProfileGrpcAuthSysReboot specifies whether a user to whom this profile is assigned is allowed to execute the gRPC gNOI System 'Reboot' RPC." DEFVAL { deny } ::= { tmnxUserProfileEntry 33 } tmnxUserProfileGrpcAuthSysRebtSt OBJECT-TYPE SYNTAX TProfileGrpcRpcAuth MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserProfileGrpcAuthSysRebtSt specifies whether a user to whom this profile is assigned is allowed to execute the gRPC gNOI System 'RebootStatus' RPC." DEFVAL { deny } ::= { tmnxUserProfileEntry 34 } tmnxUserProfileGrpcAuthSysCnRebt OBJECT-TYPE SYNTAX TProfileGrpcRpcAuth MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserProfileGrpcAuthSysCnRebt specifies whether a user to whom this profile is assigned is allowed to execute the gRPC gNOI System 'CancelReboot' RPC." DEFVAL { deny } ::= { tmnxUserProfileEntry 35 } tmnxUserProfileMatchTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxUserProfileMatchEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table which stores multiple entries per user profile to define specific action to be taken in case if the command matches the entry." ::= { tmnxSecurityObjects 2 } tmnxUserProfileMatchEntry OBJECT-TYPE SYNTAX TmnxUserProfileMatchEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single user profile." INDEX { tmnxUserProfile, tmnxUserProfileMatchId } ::= { tmnxUserProfileMatchTable 1 } TmnxUserProfileMatchEntry ::= SEQUENCE { tmnxUserProfileMatchId Unsigned32, tmnxUserProfileMatchRowStatus RowStatus, tmnxUserProfileMatchDescription TItemDescription, tmnxUserProfileMatchAction TProfileMatchAction, tmnxUserProfileMatchString DisplayString } tmnxUserProfileMatchId OBJECT-TYPE SYNTAX Unsigned32 (1..9999) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Secondary index for the table" ::= { tmnxUserProfileMatchEntry 1 } tmnxUserProfileMatchRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Row Status for the user profile match." ::= { tmnxUserProfileMatchEntry 2 } tmnxUserProfileMatchDescription OBJECT-TYPE SYNTAX TItemDescription MAX-ACCESS read-create STATUS current DESCRIPTION "User-provided description for the match entry." DEFVAL { ''H } ::= { tmnxUserProfileMatchEntry 3 } tmnxUserProfileMatchAction OBJECT-TYPE SYNTAX TProfileMatchAction MAX-ACCESS read-create STATUS current DESCRIPTION "Action to be used in case if a command matches this entry." ::= { tmnxUserProfileMatchEntry 4 } tmnxUserProfileMatchString OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-create STATUS current DESCRIPTION "Match string to be used for this entry." ::= { tmnxUserProfileMatchEntry 5 } tmnxUserTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxUserEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "tmnxUserTable contains configuration information for the system users." ::= { tmnxSecurityObjects 3 } tmnxUserEntry OBJECT-TYPE SYNTAX TmnxUserEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "tmnxUserEntry is an entry (conceptual row) in the tmnxUserEntry. Each entry represents the configuration for a system user. Entries in this table can be created and deleted via SNMP SET operations to tmnxUserRowStatus." INDEX { IMPLIED tmnxUserName } ::= { tmnxUserTable 1 } TmnxUserEntry ::= SEQUENCE { tmnxUserName TNamedItem, tmnxUserRowStatus RowStatus, tmnxUserPassword DisplayString, tmnxUserPasswordEncrypted TruthValue, tmnxUserAccess BITS, tmnxUserHomeDirectory DisplayString, tmnxUserRestrictedToHome TruthValue, tmnxUserConsoleLoginExecFile DisplayString, tmnxUserConsoleCannotChangePswd TruthValue, tmnxUserConsoleNewPswdAtLogin TruthValue, tmnxUserConsoleMemberProfile1 TNamedItemOrEmpty, tmnxUserConsoleMemberProfile2 TNamedItemOrEmpty, tmnxUserConsoleMemberProfile3 TNamedItemOrEmpty, tmnxUserConsoleMemberProfile4 TNamedItemOrEmpty, tmnxUserConsoleMemberProfile5 TNamedItemOrEmpty, tmnxUserConsoleMemberProfile6 TNamedItemOrEmpty, tmnxUserConsoleMemberProfile7 TNamedItemOrEmpty, tmnxUserConsoleMemberProfile8 TNamedItemOrEmpty, tmnxUserAttemptedLogins Counter32, tmnxUserSuccessfulLogins Counter32, tmnxUserPasswordChanged TimeStamp, tmnxUserCliEngine1 TmnxCliEngine, tmnxUserCliEngine2 TmnxCliEngine, tmnxUserPasswordChangedTime DateAndTime, tmnxUserPasswordExpirationTime DateAndTime, tmnxUserCreationOrigin TmnxCreateOrigin } tmnxUserName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxUserName specifies the name for a system user. This name must be unique amongst the table entries." ::= { tmnxUserEntry 1 } tmnxUserRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "tmnxUserRowStatus controls the creation and deletion of rows in the table. To create a row in the tmnxUserTable, set tmnxUserRowStatus to createAndGo(4). All objects will take on default values and the agent will change tmnxUserRowStatus to active(1). To delete a row in the tmnxUserTable, set tmnxUserRowStatus to delete(6)." ::= { tmnxUserEntry 2 } tmnxUserPassword OBJECT-TYPE SYNTAX DisplayString (SIZE (0..136)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserPassword specifies the password used to authenticate the user for console and FTP access. The password can be provided both as a plain text string, or as a bcrypt encrypted hash. The value of tmnxUserPassword cannot be more than 56 characters if it is a plain text string. Any GET request on this object returns an empty string." DEFVAL { "" } ::= { tmnxUserEntry 3 } tmnxUserPasswordEncrypted OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS obsolete DESCRIPTION "This object has been obsoleted in release 12.0." DEFVAL { true } ::= { tmnxUserEntry 4 } tmnxUserAccess OBJECT-TYPE SYNTAX BITS { console (0), ftp (1), snmp (2), li (3), netconf (4), grpc (5) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserAccess specifies the type of access the the user is permitted. To allow the user access to the console, FTP or SNMP, set the corresponding bit in tmnxUserAccess. Reset the bit to deny the access. 'li' access allows this user to access CLI commands in the Lawful Intercept (LI) context. The 'li' bit can only be modified from the SNMPv3 'li' context. The 'netconf' bit allows this user to make netconf request. The 'grpc' bit allows this user to connect to the box via gRPC session." DEFVAL { {} } ::= { tmnxUserEntry 5 } tmnxUserHomeDirectory OBJECT-TYPE SYNTAX DisplayString (SIZE (0..200)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserHomeDirectory specifies the local home directory for the user for console and FTP access." DEFVAL { ''H } ::= { tmnxUserEntry 6 } tmnxUserRestrictedToHome OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "When the value of tmnxUserRestrictedToHome is 'true', the user is not allowed to navigate to directories above his home directory for file access. When the value of tmnxUserRestrictedToHome is 'false', the user is allowed access to directories above his home directory." DEFVAL { false } ::= { tmnxUserEntry 7 } tmnxUserConsoleLoginExecFile OBJECT-TYPE SYNTAX DisplayString (SIZE (0..200)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserConsoleLoginExecFile specifies the file that should be executed whenever the user successfully logs in to a console session." DEFVAL { ''H } ::= { tmnxUserEntry 8 } tmnxUserConsoleCannotChangePswd OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "When the value of tmnxUserConsoleCannotChangePswd is 'true', the user does not have the privilege to change the password for console and FTP login. When the value of tmnxUserConsoleCannotChangePswd is 'false', the user has the privilege to change the password for console and FTP login." DEFVAL { false } ::= { tmnxUserEntry 9 } tmnxUserConsoleNewPswdAtLogin OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "When the value of tmnxUserConsoleNewPswdAtLogin is 'true', the will be forced to change his password at the next console or telnet or SSH login. When the value of tmnxUserConsoleNewPswdAtLogin is 'false', the will not be forced to change his password at the next console or telnet or SSH login." DEFVAL { false } ::= { tmnxUserEntry 10 } tmnxUserConsoleMemberProfile1 OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserConsoleMemberProfile1 specifies a user profile that the user has access to. This profile must be a valid row entry in tmnxUserProfileTable. Each user can access a maximum of 8 user profiles. The value of the nth user profile can be set only if all previous user profiles (1 through (n-1)) are non-empty strings. The order of the user profiles is important. The first user profile has highest precedence, followed by the second and so on." DEFVAL { ''H } ::= { tmnxUserEntry 11 } tmnxUserConsoleMemberProfile2 OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserConsoleMemberProfile2 specifies a user profile that the user has access to. This profile must be a valid row entry in tmnxUserProfileTable. Each user can access a maximum of 8 user profiles. The value of the nth user profile can be set only if all previous user profiles (1 through (n-1)) are non-empty strings. The order of the user profiles is important. The first user profile has highest precedence, followed by the second and so on." DEFVAL { ''H } ::= { tmnxUserEntry 12 } tmnxUserConsoleMemberProfile3 OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserConsoleMemberProfile3 specifies a user profile that the user has access to. This profile must be a valid row entry in tmnxUserProfileTable. Each user can access a maximum of 8 user profiles. The value of the nth user profile can be set only if all previous user profiles (1 through (n-1)) are non-empty strings. The order of the user profiles is important. The first user profile has highest precedence, followed by the second and so on." DEFVAL { ''H } ::= { tmnxUserEntry 13 } tmnxUserConsoleMemberProfile4 OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserConsoleMemberProfile4 specifies a user profile that the user has access to. This profile must be a valid row entry in tmnxUserProfileTable. Each user can access a maximum of 8 user profiles. The value of the nth user profile can be set only if all previous user profiles (1 through (n-1)) are non-empty strings. The order of the user profiles is important. The first user profile has highest precedence, followed by the second and so on." DEFVAL { ''H } ::= { tmnxUserEntry 14 } tmnxUserConsoleMemberProfile5 OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserConsoleMemberProfile5 specifies a user profile that the user has access to. This profile must be a valid row entry in tmnxUserProfileTable. Each user can access a maximum of 8 user profiles. The value of the nth user profile can be set only if all previous user profiles (1 through (n-1)) are non-empty strings. The order of the user profiles is important. The first user profile has highest precedence, followed by the second and so on." DEFVAL { ''H } ::= { tmnxUserEntry 15 } tmnxUserConsoleMemberProfile6 OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserConsoleMemberProfile6 specifies a user profile that the user has access to. This profile must be a valid row entry in tmnxUserProfileTable. Each user can access a maximum of 8 user profiles. The value of the nth user profile can be set only if all previous user profiles (1 through (n-1)) are non-empty strings. The order of the user profiles is important. The first user profile has highest precedence, followed by the second and so on." DEFVAL { ''H } ::= { tmnxUserEntry 16 } tmnxUserConsoleMemberProfile7 OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserConsoleMemberProfile7 specifies a user profile that the user has access to. This profile must be a valid row entry in tmnxUserProfileTable. Each user can access a maximum of 8 user profiles. The value of the nth user profile can be set only if all previous user profiles (1 through (n-1)) are non-empty strings. The order of the user profiles is important. The first user profile has highest precedence, followed by the second and so on." DEFVAL { ''H } ::= { tmnxUserEntry 17 } tmnxUserConsoleMemberProfile8 OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserConsoleMemberProfile8 specifies a user profile that the user has access to. This profile must be a valid row entry in tmnxUserProfileTable. Each user can access a maximum of 8 user profiles. The value of the nth user profile can be set only if all previous user profiles (1 through (n-1)) are non-empty strings. The order of the user profiles is important. The first user profile has highest precedence, followed by the second and so on." DEFVAL { ''H } ::= { tmnxUserEntry 18 } tmnxUserAttemptedLogins OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxUserAttemptedLogins indicates the number of times the user has attempted to login irrespective of whether the login succeeded or failed." ::= { tmnxUserEntry 19 } tmnxUserSuccessfulLogins OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxUserSuccessfulLogins indicates the number of times the user has successfully logged in." ::= { tmnxUserEntry 20 } tmnxUserPasswordChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The value of tmnxUserPasswordChanged indicates the value of sysUpTime when the login password was last changed." ::= { tmnxUserEntry 21 } tmnxUserCliEngine1 OBJECT-TYPE SYNTAX TmnxCliEngine MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserCliEngine1 specifies the CLI engine that is active when a user logs in. Value systemDerived specifies that the CLI engine inherits the value of tmnxSysMgmtCliEngine1 from tmnxSysMgmtProtocolTable. Both tmnxUserCliEngine1 and tmnxUserCliEngine2 must be present in the same set request." DEFVAL { systemDerived } ::= { tmnxUserEntry 23 } tmnxUserCliEngine2 OBJECT-TYPE SYNTAX TmnxCliEngine MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserCliEngine2 specifies the secondary CLI engine that is accessible to a logged-in user. Value systemDerived specifies that the user does not have access to secondary engine (i.e.: can only access engine specified by tmnxUserCliEngine1). Values other than systemDerived are used only if tmnxUserCliEngine1 also has value other than systemDerived and must differ from that value. Both tmnxUserCliEngine1 and tmnxUserCliEngine2 must be present in the same set request." DEFVAL { systemDerived } ::= { tmnxUserEntry 24 } tmnxUserPasswordChangedTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxUserPasswordChangedTime specifies the calendar date and time when the login password was last changed." ::= { tmnxUserEntry 25 } tmnxUserPasswordExpirationTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxUserPasswordExpirationTime specifies the calendar date and time when login password will be expire. If password aging is disabled, '0-1-1,0:0:0.0,+0:0' is returned." ::= { tmnxUserEntry 26 } tmnxUserCreationOrigin OBJECT-TYPE SYNTAX TmnxCreateOrigin MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tmnxUserCreationOrigin indicates the mechanism which created this user." ::= { tmnxUserEntry 27 } tmnxMafObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 4 } tmnxMafTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxMafEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "This table has been replaced with tmnxGenMafTable. The new table allows to define both IPv4 and IPv6 MAFs. The tmnxMafTable has an entry for each Management Access Filter (MAF) configured on the system. Management Access Filters are used to restrict management of this Nokia SROS device by other nodes outside either specific (sub)networks or through designated ports. By default no Management Access Filters are defined and this table will be empty." ::= { tmnxMafObjs 1 } tmnxMafEntry OBJECT-TYPE SYNTAX TmnxMafEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "Each row entry contains information about a Management Access Filter (MAF)." INDEX { tmnxMafName } ::= { tmnxMafTable 1 } TmnxMafEntry ::= SEQUENCE { tmnxMafName TNamedItem, tmnxMafRowStatus RowStatus, tmnxMafDefaultAction TmnxMafAction, tmnxMafAdminState TmnxAdminState } tmnxMafName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "The value of tmnxMafName specifies the Management Access Filter (MAF) represented by this row in the tmnxMafTable." ::= { tmnxMafEntry 1 } tmnxMafRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The tmnxMafRowStatus object is used to create and delete rows in the tmnxMafTable. The values supported during a set operation are createAndGo(4), createAndWait(5) and destroy(6)." ::= { tmnxMafEntry 2 } tmnxMafDefaultAction OBJECT-TYPE SYNTAX TmnxMafAction MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxMafDefaultAction specifies the default action for management access in the absence of a specific management access filter entry match. The default action is applied to a packet that does not satisfy any match criteria in any of the management access filter match entries. Before a MAF can be active, a default action must have been specified." DEFVAL { none } ::= { tmnxMafEntry 3 } tmnxMafAdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxMafAdminState specifies the administrative state for this management access filter. A value of 'outOfService' disables this filter which results in permitting all traffic." DEFVAL { inService } ::= { tmnxMafEntry 4 } tmnxMafMatchTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxMafMatchEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "This tables has been replaced with the table tmnxIPMafMatchTable which allows for both IPv4 and IPv6 MAF entries. The tmnxMafMatchTable contains filter match criteria associated with Management Access Filters (MAFs) configured on the system." ::= { tmnxMafObjs 2 } tmnxMafMatchEntry OBJECT-TYPE SYNTAX TmnxMafMatchEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "Each row entry contains information about a management access filter entry associated with a specific Management Access Filter (MAF). The filter criteria are applied in order according to the value of tmnxMafMatchIndex. The match algorithm is exited upon the first match found and then the action specified is executed. For this reason, entries must be sequenced from most to least explicit. An entry where tmnxMafMatchAction has a value of 'none' is not active." INDEX { tmnxMafName, tmnxMafMatchIndex } ::= { tmnxMafMatchTable 1 } TmnxMafMatchEntry ::= SEQUENCE { tmnxMafMatchIndex Unsigned32, tmnxMafMatchRowStatus RowStatus, tmnxMafMatchLastChanged TimeStamp, tmnxMafMatchAction TmnxMafAction, tmnxMafMatchDescription TItemDescription, tmnxMafMatchSrcIpAddr IpAddress, tmnxMafMatchSrcIpMask IpAddressPrefixLength, tmnxMafMatchSrcPortType INTEGER, tmnxMafMatchSrcPortId TmnxPortID, tmnxMafMatchDestPort TTcpUdpPort, tmnxMafMatchDestPortMask Unsigned32, tmnxMafMatchProtocol TIpProtocol, tmnxMafMatchCount Counter64, tmnxMafMatchRouter TNamedItemOrEmpty, tmnxMafMatchLog TruthValue } tmnxMafMatchIndex OBJECT-TYPE SYNTAX Unsigned32 (1..9999) MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "The value of tmnxMafMatchIndex specifies the Management Access Filter Entry (MAFE) represented by this row in the tmnxMafMatchTable. It is associated to a specific Management Access Filter by the value of tmnxMafName index." ::= { tmnxMafMatchEntry 1 } tmnxMafMatchRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The tmnxMafMatchRowStatus object is used to create and delete rows in the tmnxMafMatchTable. The values supported during a set operation are createAndGo(4), createAndWait(5) and destroy(6)." ::= { tmnxMafMatchEntry 2 } tmnxMafMatchLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The value of tmnxMafMatchLastChanged is the timestamp of last change to this row in tmnxMafMatchTable." ::= { tmnxMafMatchEntry 3 } tmnxMafMatchAction OBJECT-TYPE SYNTAX TmnxMafAction MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxMafMatchAction specifies the action to be taken when a packet matches the selection criteria configured in this management access filter entry. Before a filter entry can be active, tmnxMafMatchAction must be assigned some value other than 'none'." DEFVAL { none } ::= { tmnxMafMatchEntry 4 } tmnxMafMatchDescription OBJECT-TYPE SYNTAX TItemDescription MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxMafMatchDescription is a user provided description string for this Management Access Filter Entry. It can consist of any printable, seven-bit ASCII characters up to 80 characters in length." DEFVAL { ''H } ::= { tmnxMafMatchEntry 5 } tmnxMafMatchSrcIpAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxMafMatchSrcIpAddr specifies IP address used with the value of tmnxMafMatchSrcIpMask to indicate a source IP address range to be used as the match criteria for this Management Access Filter Entry." DEFVAL { '00000000'H } ::= { tmnxMafMatchEntry 6 } tmnxMafMatchSrcIpMask OBJECT-TYPE SYNTAX IpAddressPrefixLength MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxMafMatchSrcIpMask specifies the number of bits to match of the source Ip Address." DEFVAL { 0 } ::= { tmnxMafMatchEntry 7 } tmnxMafMatchSrcPortType OBJECT-TYPE SYNTAX INTEGER { any (1), cpm (2), port (3), lag (4) } MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxMafMatchSrcPortType is used to restrict ingress management packets to either the configured management Ethernet port or any other logical port (LAG, port, or channel) on the device. By default, management traffic is accepted on any interface." DEFVAL { any } ::= { tmnxMafMatchEntry 8 } tmnxMafMatchSrcPortId OBJECT-TYPE SYNTAX TmnxPortID MAX-ACCESS read-create STATUS obsolete DESCRIPTION "When tmnxMafMatchSrcPortType has a value of 'port' or 'lag' the value of tmnxMafMatchSrcPortId specifies the port used to restrict ingress management packets. A value of zero indicated that this object is not initialized." DEFVAL { 0 } ::= { tmnxMafMatchEntry 9 } tmnxMafMatchDestPort OBJECT-TYPE SYNTAX TTcpUdpPort MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxMafMatchDestPort specifies a TCP or UDP port number to be used as a match criteria in this Management Access Filter Entry. A value of zero indicates that this object is not initialized." DEFVAL { 0 } ::= { tmnxMafMatchEntry 10 } tmnxMafMatchDestPortMask OBJECT-TYPE SYNTAX Unsigned32 (0 | 1..65535) MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxMafMatchDestPortMask specifies a mask to be used when the value of tmnxMafMatchDestPort is not equal to zero. The mask allows a range of TCP or UDP port values to be specified for the match criteria in this Management Access Filter Entry. A value of 65535, 0xFFFF, is used to indicate that this object is not initialized." DEFVAL { 'FFFF'H } ::= { tmnxMafMatchEntry 11 } tmnxMafMatchProtocol OBJECT-TYPE SYNTAX TIpProtocol MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxMafMatchProtocol specifies an IP protocol type to be used in the match criteria for this Management Access Filter Entry. Some well known protocol numbers are TCP (6), and UDP (7). The value of -1 is used to indicate that this object is not initialized." DEFVAL { -1 } ::= { tmnxMafMatchEntry 12 } tmnxMafMatchCount OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The value of tmnxMafMatchCount indicates the number of times a management packet has matched this filter entry." ::= { tmnxMafMatchEntry 13 } tmnxMafMatchRouter OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxMafMatchRouter specifies a router (VPRN) name or a service-id, expressed as an ASCII numeric string, to be used in the match criteria for the Management Access Filter Entry. The empty string value ''H is used to indicate that this object is not initialized." DEFVAL { ''H } ::= { tmnxMafMatchEntry 14 } tmnxMafMatchLog OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS obsolete DESCRIPTION "When the value of tmnxMafMatchLog is 'true', entry match logging is enabled." DEFVAL { false } ::= { tmnxMafMatchEntry 15 } tmnxGenMafTableLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "This value of the object tmnxGenMafTableLastChanged indicates the timestamp of the last change to the tmnxGenMafTable. A value of 0 indicates that no changes were made to this table since the system was last initialized." ::= { tmnxMafObjs 3 } tmnxGenMafTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxGenMafEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table replaces the tmnxMafTable. It allows to define both IPv4 and IPv6 MAFs. The tmnxGenMafTable has an entry for each Management Access Filter (MAF) configured on the system (IPv4 and IPv6). Management Access Filters are used to restrict management of this Nokia SROS device by other nodes outside either specific (sub)networks or through designated ports. By default a single IPv4 and a single IPv6 Management Access Filter is created by the system. No additional filters can be defined by the operator. When a filter is deleted, the system will recreate it with all default settings." ::= { tmnxMafObjs 4 } tmnxGenMafEntry OBJECT-TYPE SYNTAX TmnxGenMafEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row entry contains information about a IPv4 or IPv6 Management Access Filter (MAF)." INDEX { tmnxGenMafType, tmnxGenMafName } ::= { tmnxGenMafTable 1 } TmnxGenMafEntry ::= SEQUENCE { tmnxGenMafType TmnxMafType, tmnxGenMafName TNamedItem, tmnxGenMafLastModified TimeStamp, tmnxGenMafRowStatus RowStatus, tmnxGenMafAdminState TmnxAdminState, tmnxGenMafDefaultAction TmnxMafAction } tmnxGenMafType OBJECT-TYPE SYNTAX TmnxMafType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxGenMafType specifies the type of packets, destined for CPM, this management access filter applies to." ::= { tmnxGenMafEntry 1 } tmnxGenMafName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxGenMafName specifies the Management Access Filter (MAF) represented by this row in the tmnxGenMafTable." ::= { tmnxGenMafEntry 2 } tmnxGenMafLastModified OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxGenMafLastModified object indicates the timestamp of the last change to this row. A value of zero indicates that this row was not modified since the system was last initialized." ::= { tmnxGenMafEntry 3 } tmnxGenMafRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The tmnxGenMafRowStatus object is used to create and delete rows in the tmnxGenMafTable. The values supported during a set operation are - active(1) - createAndGo(4), - createAndWait(5) which is treated in the same way as createAndGo(4) - destroy(6)." ::= { tmnxGenMafEntry 4 } tmnxGenMafAdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxGenMafAdminState specifies the administrative state for this management access filter. A value of 'outOfService' disables this filter which results in permitting all traffic." DEFVAL { inService } ::= { tmnxGenMafEntry 5 } tmnxGenMafDefaultAction OBJECT-TYPE SYNTAX TmnxMafAction MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxGenMafDefaultAction specifies the default action for management access in the absence of a specific management access filter entry match. The default action is applied to a packet that does not satisfy any match criteria in any of the management access filter match entries. Before a MAF can be active, a default action must have been specified. The value denyHostUnreachable is not allowed for Mac Maf filters." DEFVAL { none } ::= { tmnxGenMafEntry 6 } tmnxMafIPMatchTableLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "This value of the object tmnxMafIPMatchTableLastChanged indicates the timestamp of the last change to the tmnxIPMafMatchTable. A value of 0 indicates that no changes were made to this table since the system was last initialized." ::= { tmnxMafObjs 5 } tmnxIPMafMatchTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPMafMatchEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table replaces the tmnxMafMatchTable. It allows to define both IPv4 and IPv6 MAF IP entries. The tmnxIPMafMatchTable contains ipvx filter match criteria associated with Management Access Filters (MAFs) configured on the system." ::= { tmnxMafObjs 6 } tmnxIPMafMatchEntry OBJECT-TYPE SYNTAX TmnxIPMafMatchEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row entry contains information about a management access filter entry associated with a specific Management Access Filter (MAF). The filter criteria are applied in order according to the value of tmnxIPMafMatchIndex. The match algorithm is exited upon the first match found and then the action specified is executed. For this reason, entries must be sequenced from most to least explicit. An entry where tmnxIPMafMatchAction has a value of 'none' is not active. Rows can only be created for tmnxGenMafType's: - ipv4 (1), and. - ipv6 (2). For mac Maf filters a dedicated table is provided (tmnxMacMafMatchTable). " INDEX { tmnxGenMafType, tmnxGenMafName, tmnxIPMafMatchIndex } ::= { tmnxIPMafMatchTable 1 } TmnxIPMafMatchEntry ::= SEQUENCE { tmnxIPMafMatchIndex Unsigned32, tmnxIPMafMatchRowStatus RowStatus, tmnxIPMafMatchLastChanged TimeStamp, tmnxIPMafMatchAction TmnxMafAction, tmnxIPMafMatchDescription TItemDescription, tmnxIPMafMatchSrcIpAddrType InetAddressType, tmnxIPMafMatchSrcIpAddr InetAddress, tmnxIPMafMatchSrcIpMask InetAddressPrefixLength, tmnxIPMafMatchSrcPortType INTEGER, tmnxIPMafMatchSrcPortId TmnxPortID, tmnxIPMafMatchDestPort TTcpUdpPort, tmnxIPMafMatchDestPortMask Unsigned32, tmnxIPMafMatchProtNxtHdr TIpProtocol, tmnxIPMafMatchCount Counter64, tmnxIPMafMatchRouter TNamedItemOrEmpty, tmnxIPMafMatchFlowLabel IPv6FlowLabel, tmnxIPMafMatchLog TruthValue, tmnxMafMatchSrcIpPrefixList TNamedItemOrEmpty } tmnxIPMafMatchIndex OBJECT-TYPE SYNTAX Unsigned32 (1..9999) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPMafMatchIndex specifies the Management Access Filter Entry (MAFE) represented by this row in the tmnxIPMafMatchTable. It is associated to a specific Management Access Filter by the value of tmnxGenMafName index." ::= { tmnxIPMafMatchEntry 1 } tmnxIPMafMatchRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The tmnxIPMafMatchRowStatus object is used to create and delete rows in the tmnxIPMafMatchTable. Following values are supported: - active(1) - createAndGo(4), - createAndWait(5) which is treated in the same way as createAndGo(4) - destroy(6)." ::= { tmnxIPMafMatchEntry 2 } tmnxIPMafMatchLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPMafMatchLastChanged is the timestamp of last change to this row in tmnxIPMafMatchTable." ::= { tmnxIPMafMatchEntry 3 } tmnxIPMafMatchAction OBJECT-TYPE SYNTAX TmnxMafAction MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPMafMatchAction specifies the action to be taken when a packet matches the selection criteria configured in this management access filter entry. Before a filter entry can be active, tmnxIPMafMatchAction must be assigned some value other than 'none'. The value denyHostUnreachable is not allowed." DEFVAL { none } ::= { tmnxIPMafMatchEntry 4 } tmnxIPMafMatchDescription OBJECT-TYPE SYNTAX TItemDescription MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPMafMatchDescription is a user provided description string for this Management Access Filter Entry. It can consist of any printable, seven-bit ASCII characters up to 80 characters in length." DEFVAL { ''H } ::= { tmnxIPMafMatchEntry 5 } tmnxIPMafMatchSrcIpAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPMafMatchSrcIpAddrType specifies the type of IP address stored in the object tmnxIPMafMatchSrcIpAddr. If the value of tmnxGenMafType indicates 'ipv4' the only allowed values for this object are 'unknown' or 'ipv4'. If the value of tmnxGenMafType indicates 'ipv6' the only allowed values for this object are 'unknown' or 'ipv6'." DEFVAL { unknown } ::= { tmnxIPMafMatchEntry 6 } tmnxIPMafMatchSrcIpAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPMafMatchSrcIpAddr specifies IP address used with the value of tmnxIPMafMatchSrcIpMask to indicate a source IP address range to be used as the match criteria for this Management Access Filter Entry." DEFVAL { ''H } ::= { tmnxIPMafMatchEntry 7 } tmnxIPMafMatchSrcIpMask OBJECT-TYPE SYNTAX InetAddressPrefixLength (0..128) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPMafMatchSrcIpMask specifies the number of bits to match of the source Ip Address." DEFVAL { 0 } ::= { tmnxIPMafMatchEntry 8 } tmnxIPMafMatchSrcPortType OBJECT-TYPE SYNTAX INTEGER { any (1), cpm (2), port (3), lag (4) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPMafMatchSrcPortType is used, in conjunction with the value of tmnxIPMafMatchSrcPortId, to specify the type of port that applies to the management access filter entry. By default, management traffic is accepted on all interfaces. If the value of tmnxIPMafMatchSrcPortType is equal to any(1), the default, then no filtering is done on ingress management packets. If the value of tmnxIPMafMatchSrcPortType is equal to cpm(2) then the filter applies to packets received on any CPM/CCM Ethernet port. If the value of tmnxIPMafMatchSrcPortType is equal to port(3) or lag(4) then the filter applies to the packets received on the port or lag specified by the value of tmnxIPMafMatchSrcPortId. The value of tmnxIPMafMatchSrcPortId can be set to other value then 503316480 (INVALID_PORT) only if the value of tmnxIPMafMatchSrcPortType is port (3) or lag (4). In summary, the valid configurations are: src-port-type src-port-id Meaning any(1) INVALID_PORT No filtering cpm(2) INVALID_PORT Match packets received on any CPM/CCM Ethernet port port(3) port-id Match packets received on specified port lag(4) lag-id Match packets received on specified lag If tmnxIPMafMatchSrcPortType is any(1) or is set to any(1) then any change to tmnxIPMafMatchSrcPortId is ignored and its value is forced to 503316480 (INVALID_PORT) by the system. When tmnxIPMafMatchSrcPortType is set to cpm(2), cpm1(5), cpm3(6), cpm4(7) then the value of tmnxIPMafMatchSrcPortId, if specified, is ignored and forced to 503316480 (INVALID_PORT) by the system. When the value of tmnxIPMafMatchSrcPortType is set to port(3) or lag(4) then tmnxIPMafMatchSrcPortId must specify a valid port-id or lag-id, otherwise the request is rejected by the system. Note that the port-type is always subordinate to the port-id, i.e. if the value of tmnxIPMafMatchSrcPortType is set to port(3) and at the same time the value of tmnxIPMafMatchSrcPortId is set to a lag-id the the system will accept the lag-id and silently set the value of tmnxIPMafMatchSrcPortType lag(4) (or vice versa)." DEFVAL { any } ::= { tmnxIPMafMatchEntry 9 } tmnxIPMafMatchSrcPortId OBJECT-TYPE SYNTAX TmnxPortID MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPMafMatchSrcPortId is used, in conjunction with the value of tmnxIPMafMatchSrcPortType, to specify the port that applies to the management access filter entry. By default, management traffic is accepted on all interfaces. Please refer to the description of tmnxIPMafMatchSrcPortType for more details." DEFVAL { 503316480 } ::= { tmnxIPMafMatchEntry 10 } tmnxIPMafMatchDestPort OBJECT-TYPE SYNTAX TTcpUdpPort MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPMafMatchDestPort specifies a destination TCP or UDP port number to be used as a match criteria in this Management Access Filter Entry. A value of '0' indicates that no match is performed on the destination port number. In this case the value of the object tmnxIPMafMatchDestPortMask will be reset to its default value." DEFVAL { 0 } ::= { tmnxIPMafMatchEntry 11 } tmnxIPMafMatchDestPortMask OBJECT-TYPE SYNTAX Unsigned32 (0 | 1..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPMafMatchDestPortMask specifies a mask to be used when the value of tmnxIPMafMatchDestPort is not equal to '0'. The mask allows a range of TCP or UDP port values to be specified for the match criteria in this Management Access Filter Entry. If set to '0' the match on the destination port number is removed, and both objects tmnxIPMafMatchDestPort and tmnxIPMafMatchDestPortMask are reset to their default values." DEFVAL { 'FFFF'H } ::= { tmnxIPMafMatchEntry 12 } tmnxIPMafMatchProtNxtHdr OBJECT-TYPE SYNTAX TIpProtocol MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPMafMatchProtNxtHdr specifies for IPv4 MAF the IP protocol field, and for IPv6 the next header type to be used in the match criteria for this Management Access Filter Entry. Some well known protocol numbers are TCP (6), and UDP (7). The value of -1 is used to indicate that this object is not initialized. The value of -2 is used to indicate udp/tcp protocol matching " DEFVAL { -1 } ::= { tmnxIPMafMatchEntry 13 } tmnxIPMafMatchCount OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPMafMatchCount indicates the number of times a management packet has matched this filter entry." ::= { tmnxIPMafMatchEntry 14 } tmnxIPMafMatchRouter OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPMafMatchRouter specifies a router (VPRN) name or a service-id, expressed as an ASCII numeric string, to be used in the match criteria for the Management Access Filter Entry. The empty string value ''H is used to indicate that this object is not initialized." DEFVAL { ''H } ::= { tmnxIPMafMatchEntry 15 } tmnxIPMafMatchFlowLabel OBJECT-TYPE SYNTAX IPv6FlowLabel MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPMafMatchFlowLabel specifies the flow label to be matched. When the value is '-1', no flow label matching occurs. This object is only meaningful in case of an IPv6 MAF entry. The value is ignored in IPv4 MAF entries." DEFVAL { -1 } ::= { tmnxIPMafMatchEntry 16 } tmnxIPMafMatchLog OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "When the value of tmnxIPMafMatchLog is 'true', entry match logging is enabled." DEFVAL { false } ::= { tmnxIPMafMatchEntry 17 } tmnxMafMatchSrcIpPrefixList OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of this object specifies the IP prefix list used as match criterion for the source IP address. The value specified for this object must correspond to a prefix list defined in tFilterPrefixListTable. If the value of this object is empty then the values of the objects tmnxMafMatchSrcIpAddr and tmnxMafMatchSrcIpMask are used as source IP address match criterion. When this object is set to a non-empty value then the objects tmnxMafMatchSrcIpAddr and tmnxMafMatchSrcIpMask are reset to their default values by the system. Vice versa, when a new (non-default) value is provided for the objects tmnxMafMatchSrcIpAddr and tmnxMafMatchSrcIpMask then this object is reset to its default (empty) value by the system. An attempt to set tmnxMafMatchSrcIpPrefixList to a non-default value in combination with setting any of tmnxMafMatchSrcIpAddr or tmnxMafMatchSrcIpMask to (a) non-default value(s) is rejected by the system" DEFVAL { ''H } ::= { tmnxIPMafMatchEntry 18 } tmnxMafMacMatchTableLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "This value of the object tmnxMafMacMatchTableLastChanged indicates the timestamp of the last change to the tmnxMacMafMatchTable. A value of 0 indicates that no changes were made to this table since the system was last initialized." ::= { tmnxMafObjs 7 } tmnxMacMafMatchTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxMacMafMatchEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table allows to define Mac Maf filter entries. The tmnxMacMafMatchTable contains Mac filter match criteria associated with Management Access Filters (MAFs) configured on the system." ::= { tmnxMafObjs 8 } tmnxMacMafMatchEntry OBJECT-TYPE SYNTAX TmnxMacMafMatchEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row entry contains information about a management access filter entry associated with a specific Mac Management Access Filter (MAF). The filter criteria are applied in order according to the value of tmnxMacMafMatchIndex. The match algorithm is exited upon the first match found and then the action specified is executed. For this reason, entries must be sequenced from most to least explicit. An entry where tmnxMacMafMatchAction has a value of 'none' is not active." INDEX { tmnxGenMafName, tmnxMacMafMatchIndex } ::= { tmnxMacMafMatchTable 1 } TmnxMacMafMatchEntry ::= SEQUENCE { tmnxMacMafMatchIndex Unsigned32, tmnxMacMafMatchRowStatus RowStatus, tmnxMacMafMatchLastChanged TimeStamp, tmnxMacMafMatchAction TmnxMafAction, tmnxMacMafMatchDescription TItemDescription, tmnxMacMafMatchLog TruthValue, tmnxMacMafMatchFrameType TmnxMafMacFltrFrameType, tmnxMacMafMatchSvcId TmnxServId, tmnxMacMafMatchDot1pValue Dot1PPriority, tmnxMacMafMatchDot1pMask Dot1PPriorityNonZeroMask, tmnxMacMafMatchDsap ServiceAccessPoint, tmnxMacMafMatchDsapMask ServiceAccessPoint, tmnxMacMafMatchSrcMAC MacAddress, tmnxMacMafMatchSrcMACMask MacAddress, tmnxMacMafMatchDstMAC MacAddress, tmnxMacMafMatchDstMACMask MacAddress, tmnxMacMafMatchEtherType Integer32, tmnxMacMafMatchSnapOui INTEGER, tmnxMacMafMatchSnapPid Integer32, tmnxMacMafMatchSsap ServiceAccessPoint, tmnxMacMafMatchSsapMask ServiceAccessPoint, tmnxMacMafMatchCfmOpCodeOper TOperator, tmnxMacMafMatchCfmOpCodeValue1 Unsigned32, tmnxMacMafMatchCfmOpCodeValue2 Unsigned32, tmnxMacMafMatchCount Counter64 } tmnxMacMafMatchIndex OBJECT-TYPE SYNTAX Unsigned32 (1..9999) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxMacMafMatchIndex specifies the Management Access Filter Entry (MAFE) represented by this row in the tmnxMacMafMatchTable. It is associated to a specific Management Access Filter by the value of tmnxGenMafType and tmnxGenMafName." ::= { tmnxMacMafMatchEntry 1 } tmnxMacMafMatchRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The tmnxMacMafMatchRowStatus object is used to create and delete rows in the tmnxMacMafMatchTable. The values supported are - active(1) - createAndGo(4), - createAndWait(5) which is treated in the same way as createAndGo(4) - destroy(6)." ::= { tmnxMacMafMatchEntry 2 } tmnxMacMafMatchLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacMafMatchLastChanged indicates the timestamp of the last change to this row in tmnxMacMafMatchTable." ::= { tmnxMacMafMatchEntry 3 } tmnxMacMafMatchAction OBJECT-TYPE SYNTAX TmnxMafAction MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxMacMafMatchAction specifies the action to be taken when a packet matches the selection criteria configured in this management access filter entry. Before a filter entry can be active, tmnxMacMafMatchAction must be assigned some value other than 'none'. The value denyHostUnreachable is not allowed for this object." DEFVAL { none } ::= { tmnxMacMafMatchEntry 4 } tmnxMacMafMatchDescription OBJECT-TYPE SYNTAX TItemDescription MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxMacMafMatchDescription specifies a user provided description string for this Management Access Filter Entry. It can consist of any printable, seven-bit ASCII characters up to 80 characters in length." DEFVAL { ''H } ::= { tmnxMacMafMatchEntry 5 } tmnxMacMafMatchLog OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxMacMafMatchLog specifies whether or not logging is active for this filter entry." DEFVAL { false } ::= { tmnxMacMafMatchEntry 6 } tmnxMacMafMatchFrameType OBJECT-TYPE SYNTAX TmnxMafMacFltrFrameType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxMacMafMatchFrameType specifies the type of mac frame for which we are defining this match criteria." DEFVAL { e802dot3 } ::= { tmnxMacMafMatchEntry 7 } tmnxMacMafMatchSvcId OBJECT-TYPE SYNTAX TmnxServId (0 | 1..2147483647) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxMacMafMatchSvcId specifies the service-id in which the packet is to be received for this entry to match. A value of 0 indicates: any service." DEFVAL { 0 } ::= { tmnxMacMafMatchEntry 8 } tmnxMacMafMatchDot1pValue OBJECT-TYPE SYNTAX Dot1PPriority MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxMacMafMatchDot1pValue specifies the IEEE 802.1p priority value for this MAC filter entry. Use -1 to disable matching this filter criteria." DEFVAL { -1 } ::= { tmnxMacMafMatchEntry 9 } tmnxMacMafMatchDot1pMask OBJECT-TYPE SYNTAX Dot1PPriorityNonZeroMask MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxMacMafMatchDot1pMask specifies the IEEE 802.1p priority mask value for this policy MAC filter entry." DEFVAL { 7 } ::= { tmnxMacMafMatchEntry 10 } tmnxMacMafMatchDsap OBJECT-TYPE SYNTAX ServiceAccessPoint MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxMacMafMatchDsap specifies the MAC DSAP to match for this MAC filter entry. This object has no significance if the object tmnxMacMafMatchFrameType is not set to 802dot2LLC." DEFVAL { -1 } ::= { tmnxMacMafMatchEntry 11 } tmnxMacMafMatchDsapMask OBJECT-TYPE SYNTAX ServiceAccessPoint MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxMacMafMatchDsapMask specifies the MAC DSAP mask for this MAC filter entry. This object has no significance if the object tmnxMacMafMatchFrameType is not set to 802dot2LLC." DEFVAL { -1 } ::= { tmnxMacMafMatchEntry 12 } tmnxMacMafMatchSrcMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxMacMafMatchSrcMAC specifies the source MAC to match for this policy MAC filter entry." DEFVAL { '000000000000'H } ::= { tmnxMacMafMatchEntry 13 } tmnxMacMafMatchSrcMACMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxMacMafMatchSrcMACMask specifies the source MAC mask value for this policy MAC filter entry. The mask is ANDed with the MAC to match tmnxMacMafMatchSrcMAC. A zero bit means ignore this bit, do not match. A one bit means match this bit with tmnxMacMafMatchSrcMAC. Use the value 00-00-00-00-00-00 to disable this filter criteria." DEFVAL { '000000000000'H } ::= { tmnxMacMafMatchEntry 14 } tmnxMacMafMatchDstMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxMacMafMatchDstMAC specifies the Destination MAC mask value for this policy MAC filter entry." DEFVAL { '000000000000'H } ::= { tmnxMacMafMatchEntry 15 } tmnxMacMafMatchDstMACMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxMacMafMatchDstMACMask specifies the destination MAC mask value for this policy MAC filter entry. The mask is ANDed with the MAC to match tmnxMacMafMatchDstMAC. A zero bit means ignore this bit, do not match. a one bit means match this bit with tmnxMacMafMatchDstMAC. Use the value 00-00-00-00-00-00 to disable this filter criteria." DEFVAL { '000000000000'H } ::= { tmnxMacMafMatchEntry 16 } tmnxMacMafMatchEtherType OBJECT-TYPE SYNTAX Integer32 (-1 | 1536..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxMacMafMatchEtherType specifies the Ethertype for this MAC filter entry. Use -1 to disable matching by this criteria. This object has no significance if the object tmnxMacMafMatchFrameType is not set to Ethernet_II." DEFVAL { -1 } ::= { tmnxMacMafMatchEntry 17 } tmnxMacMafMatchSnapOui OBJECT-TYPE SYNTAX INTEGER { off (1), zero (2), nonZero (3) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxMacMafMatchSnapOui specifies the MAC SNAP OUI to match. The values zero(2) and nonZero(3) specify what to match. Matching can be disabled by the use of the value off(1). This object has no significance if the object tmnxMacMafMatchFrameType is not set to 802dot2SNAP." DEFVAL { off } ::= { tmnxMacMafMatchEntry 18 } tmnxMacMafMatchSnapPid OBJECT-TYPE SYNTAX Integer32 (-1 | 0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxMacMafMatchSnapPid specifies the MAC SNAP PID to match for this MAC filter entry. use -1 to disable matching by this criteria. This object has no significance if object tmnxMacMafMatchFrameType is not set to 802dot2SNAP." DEFVAL { -1 } ::= { tmnxMacMafMatchEntry 19 } tmnxMacMafMatchSsap OBJECT-TYPE SYNTAX ServiceAccessPoint MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxMacMafMatchSsap specifies the the MAC SSAP to match for this MAC filter entry. This object has no significance if the object tmnxMacMafMatchFrameType is not set to 802dot2LLC." DEFVAL { -1 } ::= { tmnxMacMafMatchEntry 20 } tmnxMacMafMatchSsapMask OBJECT-TYPE SYNTAX ServiceAccessPoint MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxMacMafMatchSsapMask specifies the MAC SSAP mask for this MAC filter entry. use 0 to disable matching by this criteria. This object has no significance if the object tmnxMacMafMatchFrameType is not set to 802dot2LLC." DEFVAL { -1 } ::= { tmnxMacMafMatchEntry 21 } tmnxMacMafMatchCfmOpCodeOper OBJECT-TYPE SYNTAX TOperator MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxMacMafMatchCfmOpCodeOper specifies which type of opcode checking is to be performed. If different from none, more info is provided in the objects tmnxMacMafMatchCfmOpCodeValue1 and tmnxMacMafMatchCfmOpCodeValue2. This object has significance only if the object tmnxMacMafMatchFrameType refers to either ieee802.1ag or Y1731." DEFVAL { none } ::= { tmnxMacMafMatchEntry 22 } tmnxMacMafMatchCfmOpCodeValue1 OBJECT-TYPE SYNTAX Unsigned32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxMacMafMatchCfmOpCodeValue1 specifies a cfm opcode. The value of this object is used as per the description for tmnxMacMafMatchCfmOpCodeOper." DEFVAL { 0 } ::= { tmnxMacMafMatchEntry 23 } tmnxMacMafMatchCfmOpCodeValue2 OBJECT-TYPE SYNTAX Unsigned32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxMacMafMatchCfmOpCodeValue2 specifies a cfm opcode. The value of this object is used as per the description for tmnxMacMafMatchCfmOpCodeOper." DEFVAL { 0 } ::= { tmnxMacMafMatchEntry 24 } tmnxMacMafMatchCount OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxMacMafMatchCount indicates the number of times a management packet has matched this filter entry." ::= { tmnxMacMafMatchEntry 25 } tmnxPasswordInfo OBJECT IDENTIFIER ::= { tmnxSecurityObjects 5 } tmnxPasswordAging OBJECT-TYPE SYNTAX Unsigned32 (1..500 | 65535) UNITS "Days" MAX-ACCESS read-write STATUS current DESCRIPTION "Number of days a user password is valid before the user must change his password. If the value of tmnxPasswordAging is set to '65535', password aging is disabled." DEFVAL { 65535 } ::= { tmnxPasswordInfo 1 } tmnxPasswordMinLength OBJECT-TYPE SYNTAX Unsigned32 (6..50) MAX-ACCESS read-write STATUS current DESCRIPTION "The minimum number of characters required in the password. In addition to the number of characters in the new password, credit (of +1 in length) will be given for each different kind of character (uppercase, lowercase, digit or special), thus giving the user the choice between long simple and shorter but more complex passwords. The maximum credit that is given for each different type of character is configured using the tmnxPasswordCreditsLowerCase, tmnxPasswordCreditsUpperCase, tmnxPasswordCreditsSpecialChar and tmnxPasswordCreditsNumeric MIB fields. Setting these 4 fields to 0 will effectively disable passwords credits." DEFVAL { 6 } ::= { tmnxPasswordInfo 2 } tmnxPasswordComplexity OBJECT-TYPE SYNTAX BITS { alpha-numeric (0), mixed-case (1), special-character (2) } MAX-ACCESS read-write STATUS obsolete DESCRIPTION "tmnxPasswordComplexity was made obsolete in 12.0 revision of Nokia SROS series system. Password complexity is now configured using the other fields in tmnxPasswordInfo." DEFVAL { {} } ::= { tmnxPasswordInfo 3 } tmnxPasswordAttemptsCount OBJECT-TYPE SYNTAX Unsigned32 (1..64) MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum number of unsuccessful login attempts allowed for a user. The value of tmnxPasswordAttemptsCount is used with the value of tmnxPasswordAttemptsTime to find out if the user is to be locked out for tmnxPasswordAttemptsLockoutPeriod." DEFVAL { 3 } ::= { tmnxPasswordInfo 4 } tmnxPasswordAttemptsTime OBJECT-TYPE SYNTAX Unsigned32 (0..60) UNITS "Minutes" MAX-ACCESS read-write STATUS current DESCRIPTION "This is used in conjunction with tmnxPasswordAttemptsCount to find out if the user is to be locked out for tmnxPasswordAttemptsLockoutPeriod." DEFVAL { 5 } ::= { tmnxPasswordInfo 5 } tmnxPasswordAttemptsLockoutPeriod OBJECT-TYPE SYNTAX Unsigned32 (0..1440) UNITS "Minutes" MAX-ACCESS read-write STATUS current DESCRIPTION "The number of minutes the user is locked out if the threshold of unsuccessful login attempts has exceeded." DEFVAL { 10 } ::= { tmnxPasswordInfo 6 } tmnxPasswordAuthenOrder1 OBJECT-TYPE SYNTAX TmnxPasswordAuthenOrder MAX-ACCESS read-write STATUS current DESCRIPTION "The most preferred method to authenticate and authorize a user. If this method fails, the next method in the sequence identified by tmnxPasswordAuthenOrder2 is used." DEFVAL { radius } ::= { tmnxPasswordInfo 7 } tmnxPasswordAuthenOrder2 OBJECT-TYPE SYNTAX TmnxPasswordAuthenOrder MAX-ACCESS read-write STATUS current DESCRIPTION "The second method to authenticate and authorize a user." DEFVAL { tacplus } ::= { tmnxPasswordInfo 8 } tmnxPasswordAuthenOrder3 OBJECT-TYPE SYNTAX TmnxPasswordAuthenOrder MAX-ACCESS read-write STATUS current DESCRIPTION "The third preferred method to authenticate and authorize a user." DEFVAL { ldap } ::= { tmnxPasswordInfo 9 } tmnxPasswordAuthenExitOnReject OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "If the value of tmnxPasswordAuthenExitOnReject is set to 'true' and if one of the AAA methods configured in tmnxPasswordAuthenOrder1, tmnxPasswordAuthenOrder2, tmnxPasswordAuthenOrder3, tmnxPasswordAuthenOrder4 sends a reject, then the next method in the order will not be tried. If the value of this object is set to 'false' and if one AAA method sends a reject, the next AAA method will be attempted. If in this process, all the AAA methods are exhausted, it will be considered as a reject." DEFVAL { false } ::= { tmnxPasswordInfo 10 } tmnxAdminPassword OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..136)) MAX-ACCESS read-write STATUS current DESCRIPTION "tmnxAdminPassword is used to configure the password which enables a user to become a system administrator. tmnxAdminPassword and tmnxAdminPasswordEncrypted, which indicates whether or not the password string is encrypted, must be set together in the same SNMP request PDU or else the set request will fail with an inconsistentValue error. The value of tmnxAdminPassword cannot be more than 56 characters when the value of tmnxAdminPasswordEncrypted is 'false'. A get request on this object always returns an empty string." DEFVAL { ''H } ::= { tmnxPasswordInfo 11 } tmnxAdminPasswordEncrypted OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "When the value of tmnxAdminPasswordEncrypted is 'true', the password specified by tmnxAdminPassword is in the encrypted form. When the value of tmnxAdminPasswordEncrypted is 'false', the password specified by tmnxAdminPassword is in plain text. tmnxAdminPassword and tmnxAdminPasswordEncrypted, which indicates whether or not the password string is encrypted, must be set together in the same SNMP request PDU or else the set request will fail with an inconsistentValue error." DEFVAL { true } ::= { tmnxPasswordInfo 12 } tmnxPasswordHealthCheck OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "When the value of tmnxPasswordHealthCheck is 'true', the Radius servers configured in tmnxRadiusServerTable and the 'TacPlus' servers configured in tmnxTacPlusServerTable will be periodically monitored. Each server will be contacted every 30 seconds. If in this process a server is found to be unreachable, or a previously unreachable server starts responding, based on the type of the server, a TIMETRA-SYSTEM-MIB:radiusServerOperStatusChange or a TIMETRA-SYSTEM-MIB:tacplusServerOperStatusChange trap will be sent. When the value of tmnxPasswordHealthCheck is 'false', periodic monitoring of the Radius and Tacplus servers is disabled." DEFVAL { true } ::= { tmnxPasswordInfo 13 } tmnxPasswordHealthCheckInterval OBJECT-TYPE SYNTAX Unsigned32 (6..1500) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxPasswordHealthCheckInterval specifies the polling interval for Radius servers configured in tmnxRadiusServerTable and the 'TacPlus' servers configured in tmnxTacPlusServerTable." DEFVAL { 30 } ::= { tmnxPasswordInfo 14 } tmnxDynSvcPassword OBJECT-TYPE SYNTAX DisplayString (SIZE (0..136)) MAX-ACCESS read-write STATUS current DESCRIPTION "tmnxDynSvcPassword is used to configure the password which enables manual modification of dynamic services. The password can be provided both as a plain text string, or as a bcrypt encrypted hash. The value of tmnxDynSvcPassword cannot be more than 56 characters if it is a plain text string. A get request on this object always returns an empty string." DEFVAL { ''H } ::= { tmnxPasswordInfo 15 } tmnxTacPlusEnableAdminPrivLvl OBJECT-TYPE SYNTAX Integer32 (-1 | 0..15) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxTacPlusEnableAdminPrivLvl specifies the privilege level used when sending a TACACS+ ENABLE request. When the value of tmnxTacPlusAuthorization is 'true(1)' and the value of tmnxTacPlusAuthorUsePrivLvl is 'true(1)' and the value of tmnxTacPlusInteractiveAuthen is 'true(1)', a TACACS+ authentication request for the ENABLE service with this configured privilege level is used instead of requesting tmnxAdminPassword when the user wants to become a system administrator." DEFVAL { -1 } ::= { tmnxPasswordInfo 16 } tmnxPasswordHistory OBJECT-TYPE SYNTAX Unsigned32 (0..20) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxPasswordHistory specifies the number of old passwords of the user that will be remembered. A new password must not be the same as any remembered old password. A value of zero (0) indicates no password history will be kept, meaning a new password will only be matched against the current user password." DEFVAL { 0 } ::= { tmnxPasswordInfo 17 } tmnxPasswordMinChange OBJECT-TYPE SYNTAX Unsigned32 (1..20) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxPasswordMinChange specifies the minimum number of characters in the new password that must not be present in the old password. This is calculated using the Levenshtein distance algorithm. In addition, if 1/2 of the characters in the new password are different then the new password will be accepted anyway." DEFVAL { 5 } ::= { tmnxPasswordInfo 18 } tmnxPasswordMinAge OBJECT-TYPE SYNTAX Unsigned32 (0..86400) UNITS "Seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxPasswordMinAge specifies the number of seconds required between two consecutive password changes. Among other this will prevent the user from flooding the password history in an attempt to reuse his current password." DEFVAL { 600 } ::= { tmnxPasswordInfo 19 } tmnxPasswordAllowUserName OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxPasswordAllowUserName specifies if the new password will be allowed if it contains the user name in some form." DEFVAL { false } ::= { tmnxPasswordInfo 20 } tmnxPasswordMaxRepeatedChars OBJECT-TYPE SYNTAX Unsigned32 (0 | 2..8) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxPasswordMaxRepeatedChars specifies the maximum number of times the same character can be used consecutively in the password. A value of zero (0) indicates this check is disabled." DEFVAL { 0 } ::= { tmnxPasswordInfo 21 } tmnxPasswordCreditsLowerCase OBJECT-TYPE SYNTAX Unsigned32 (0..10) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxPasswordCreditsLowerCase specifies the maximum credit for having lowercase characters in your password. Please see tmnxPasswordMinLength for an explanation of how password credits work. A value of zero (0) indicates no credits will be given for having lowercase characters in your password. This field can only be set to non-zero if tmnxPasswordReqLowerCase, tmnxPasswordReqUpperCase, tmnxPasswordReqSpecialChar and tmnxPasswordReqNumeric are all set to zero." DEFVAL { 0 } ::= { tmnxPasswordInfo 22 } tmnxPasswordCreditsUpperCase OBJECT-TYPE SYNTAX Unsigned32 (0..10) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxPasswordCreditsUpperCase specifies the maximum credit for having uppercase characters in your password. Please see tmnxPasswordMinLength for an explanation of how password credits work. A value of zero (0) indicates no credits will be given for having uppercase characters in your password. This field can only be set to non-zero if tmnxPasswordReqLowerCase, tmnxPasswordReqUpperCase, tmnxPasswordReqSpecialChar and tmnxPasswordReqNumeric are all set to zero." DEFVAL { 0 } ::= { tmnxPasswordInfo 23 } tmnxPasswordCreditsNumeric OBJECT-TYPE SYNTAX Unsigned32 (0..10) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxPasswordCreditsNumeric specifies the maximum credit for having digits in your password. Please see tmnxPasswordMinLength for an explanation of how password credits work. A value of zero (0) indicates no credits will be given for having digits in your password. This field can only be set to non-zero if tmnxPasswordReqLowerCase, tmnxPasswordReqUpperCase, tmnxPasswordReqSpecialChar and tmnxPasswordReqNumeric are all set to zero." DEFVAL { 0 } ::= { tmnxPasswordInfo 24 } tmnxPasswordCreditsSpecialChar OBJECT-TYPE SYNTAX Unsigned32 (0..10) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxPasswordCreditsSpecialChar specifies the maximum credit for having special characters in your password. Please see tmnxPasswordMinLength for an explanation of how password credits work. A value of zero (0) indicates no credits will be given for having special characters in your password. This field can only be set to non-zero if tmnxPasswordReqLowerCase, tmnxPasswordReqUpperCase, tmnxPasswordReqSpecialChar and tmnxPasswordReqNumeric are all set to zero." DEFVAL { 0 } ::= { tmnxPasswordInfo 25 } tmnxPasswordReqLowerCase OBJECT-TYPE SYNTAX Unsigned32 (0..10) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxPasswordReqLowerCase specifies the minimum number of lowercase characters that must be present in your password. A value of zero (0) indicates no lowercase characters are required. This field can only be set to non-zero if tmnxPasswordCreditsLowerCase, tmnxPasswordCreditsUpperCase, tmnxPasswordCreditsSpecialChar and tmnxPasswordCreditsNumeric are all set to zero." DEFVAL { 0 } ::= { tmnxPasswordInfo 26 } tmnxPasswordReqUpperCase OBJECT-TYPE SYNTAX Unsigned32 (0..10) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxPasswordReqUpperCase specifies the minimum number of uppercase characters that must be present in your password. A value of zero (0) indicates no uppercase characters are required. This field can only be set to non-zero if tmnxPasswordCreditsLowerCase, tmnxPasswordCreditsUpperCase, tmnxPasswordCreditsSpecialChar and tmnxPasswordCreditsNumeric are all set to zero." DEFVAL { 0 } ::= { tmnxPasswordInfo 27 } tmnxPasswordReqNumeric OBJECT-TYPE SYNTAX Unsigned32 (0..10) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxPasswordReqNumeric specifies the minimum number of digits that must be present in your password. A value of zero (0) indicates no digits are required. This field can only be set to non-zero if tmnxPasswordCreditsLowerCase, tmnxPasswordCreditsUpperCase, tmnxPasswordCreditsSpecialChar and tmnxPasswordCreditsNumeric are all set to zero." DEFVAL { 0 } ::= { tmnxPasswordInfo 28 } tmnxPasswordReqSpecialChar OBJECT-TYPE SYNTAX Unsigned32 (0..10) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxPasswordReqSpecialChar specifies the minimum number of special characters that must be present in your password. A value of zero (0) indicates no digits are required. This field can only be set to non-zero if tmnxPasswordCreditsLowerCase, tmnxPasswordCreditsUpperCase, tmnxPasswordCreditsSpecialChar and tmnxPasswordCreditsNumeric are all set to zero." DEFVAL { 0 } ::= { tmnxPasswordInfo 29 } tmnxPasswordReqNumCharClass OBJECT-TYPE SYNTAX Unsigned32 (0 | 2..4) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxPasswordReqNumCharClass specifies the minimum number of distinct kind of characters (uppercase, lowercase, digit or special) that must be present in your password. A value of zero (0) indicates this check is disabled." DEFVAL { 0 } ::= { tmnxPasswordInfo 30 } tmnxVsdPassword OBJECT-TYPE SYNTAX DisplayString (SIZE (0..136)) MAX-ACCESS read-write STATUS current DESCRIPTION "The tmnxVsdPassword is used to configure the password which enables manual modification of VSD services. The password can be provided both as a plain text string, or as a bcrypt encrypted hash. The value of tmnxVsdPassword cannot be more than 56 characters if it is a plain text string. A get request on this object always returns an empty string." DEFVAL { "" } ::= { tmnxPasswordInfo 31 } tmnxPasswordAuthenOrder4 OBJECT-TYPE SYNTAX TmnxPasswordAuthenOrder MAX-ACCESS read-write STATUS current DESCRIPTION "The least preferred method to authenticate and authorize a user." DEFVAL { local } ::= { tmnxPasswordInfo 32 } tmnxPasswordHashing OBJECT-TYPE SYNTAX TmnxPassHashType MAX-ACCESS read-write STATUS current DESCRIPTION "Algorithm used for user password hashing." DEFVAL { bcrypt } ::= { tmnxPasswordInfo 33 } tmnxRadiusInfo OBJECT IDENTIFIER ::= { tmnxSecurityObjects 6 } tmnxRadiusAdminStatus OBJECT-TYPE SYNTAX TmnxAdminStateUpDown MAX-ACCESS read-write STATUS current DESCRIPTION "The desired administrative status of the RADIUS protocol operation." DEFVAL { up } ::= { tmnxRadiusInfo 1 } tmnxRadiusAccounting OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "When the value of tmnxRadiusAccounting is set to 'TRUE', RADIUS command accounting is enabled." DEFVAL { false } ::= { tmnxRadiusInfo 2 } tmnxRadiusAuthorization OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "When the value of tmnxRadiusAuthorization is set to 'TRUE', RADIUS command authorization is enabled." DEFVAL { false } ::= { tmnxRadiusInfo 3 } tmnxRadiusRetryAttempts OBJECT-TYPE SYNTAX Unsigned32 (1..10) MAX-ACCESS read-write STATUS current DESCRIPTION "Number of attempts to retry contacting the RADIUS server." DEFVAL { 3 } ::= { tmnxRadiusInfo 4 } tmnxRadiusTimeout OBJECT-TYPE SYNTAX Unsigned32 (1..90) UNITS "Seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "Number of seconds to wait before timing out a RADIUS server." DEFVAL { 3 } ::= { tmnxRadiusInfo 5 } tmnxRadiusPort OBJECT-TYPE SYNTAX Unsigned32 (1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "The UDP port number on which to contact the RADIUS server." DEFVAL { 1812 } ::= { tmnxRadiusInfo 6 } tmnxRadiusServerTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxRadiusServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxRadiusServerEntry has an entry for each RADIUS server. The table can have up to a maximum of 5 entries." ::= { tmnxRadiusInfo 7 } tmnxRadiusServerEntry OBJECT-TYPE SYNTAX TmnxRadiusServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "tmnxRadiusServerEntry is an entry (conceptual row) in the tmnxRadiusServerTable. Each entry represents the configuration for a RADIUS server. Entries in this table can be created and deleted via SNMP SET operations to tmnxRadiusServerRowStatus." INDEX { tmnxRadiusServerIndex } ::= { tmnxRadiusServerTable 1 } TmnxRadiusServerEntry ::= SEQUENCE { tmnxRadiusServerIndex Unsigned32, tmnxRadiusServerAddress IpAddress, tmnxRadiusServerSecret OCTET STRING, tmnxRadiusServerOperStatus INTEGER, tmnxRadiusServerRowStatus RowStatus, tmnxRadiusServerInetAddressType InetAddressType, tmnxRadiusServerInetAddress InetAddress } tmnxRadiusServerIndex OBJECT-TYPE SYNTAX Unsigned32 (1..5) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The unique value which identifies a specific Radius server." ::= { tmnxRadiusServerEntry 1 } tmnxRadiusServerAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The IP address of the RADIUS server. tmnxRadiusServerAddress was made obsolete in 5.0 revision of Nokia SROS series system. Radius servers are now configured using tmnxRadiusServerInetAddress and tmnxRadiusServerInetAddressType objects." ::= { tmnxRadiusServerEntry 2 } tmnxRadiusServerSecret OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "The secret key associated with the RADIUS server. The value returned by tmnxRadiusServerSecret is always an empty string. The value of tmnxRadiusServerSecret cannot be set to an empty string." ::= { tmnxRadiusServerEntry 3 } tmnxRadiusServerOperStatus OBJECT-TYPE SYNTAX INTEGER { up (1), down (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Current status of the RADIUS server." ::= { tmnxRadiusServerEntry 4 } tmnxRadiusServerRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "tmnxRadiusServerRowStatus controls the creation and deletion of rows in the table. To create a row in the tmnxRadiusServerTable, set tmnxRadiusServerRowStatus to createAndGo(4). Objects tmnxRadiusServerSecret, tmnxRadiusServerInetAddressType, and tmnxRadiusServerInetAddress must also be set at creation time. To delete a row in the tmnxRadiusServerTable, set tmnxRadiusServerRowStatus to delete(6)." ::= { tmnxRadiusServerEntry 5 } tmnxRadiusServerInetAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxRadiusServerInetAddressType specifies the address type of tmnxRadiusServerInetAddress address. The value of tmnxRadiusServerInetAddressType can be either of InetAddressType - 'ipv4' or InetAddressType - 'ipv6' or InetAddressType - 'ipv6z'." ::= { tmnxRadiusServerEntry 6 } tmnxRadiusServerInetAddress OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16|20)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxRadiusServerInetAddress specifies the address of the Radius server." ::= { tmnxRadiusServerEntry 7 } tmnxRadiusSourceAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS obsolete DESCRIPTION "tmnxRadiusSourceAddress is used to configure the source address of the Radius packet. It should be a valid unicast address. If this object is configured with the address of the router interface, the Radius client uses it while making a request to the server. If the address is not configured or is not the address of the one of interfaces, the source address is based on the address of the Radius server. If the server address is in-band, the client uses the system ip address. If it is out-of-band, the source address is the address of the management interface. tmnxRadiusSourceAddress was made obsolete in the 4.0 revision of Nokia SROS series systems. The source address of the Radius packet can now be set by creating a tmnxSourceIPEntry for Radius application in the tmnxSourceIPTable." DEFVAL { '00000000'H } ::= { tmnxRadiusInfo 8 } tmnxRadiusConfigured OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS obsolete DESCRIPTION "When the value of tmnxRadiusConfigured is set to 'false', all the Radius objects under the tmnxRadiusInfo tree will be set to their default values and all the rows in the tmnxRadiusServerTable will be removed. The value of this object will be set to 'true' if non-default values are set to the Radius objects. This object has been obsoleted in release 14.0 R1." DEFVAL { false } ::= { tmnxRadiusInfo 9 } tmnxRadiusPEDiscovery OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS obsolete DESCRIPTION "The value of tmnxRadiusPEDiscovery specifies whether RADIUS provider edge discovery is enabled for VPLS services. This object was made obsolete in release 5.0." DEFVAL { false } ::= { tmnxRadiusInfo 10 } tmnxRadiusPEDiscoveryPassword OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-write STATUS obsolete DESCRIPTION "The value of tmnxRadiusPEDiscoveryPassword is used when contacting the RADIUS server for VPLS auto-discovery. This object was made obsolete in release 5.0." DEFVAL { ''H } ::= { tmnxRadiusInfo 11 } tmnxRadiusPEDiscoveryInterval OBJECT-TYPE SYNTAX Unsigned32 (1..30) UNITS "minutes" MAX-ACCESS read-write STATUS obsolete DESCRIPTION "The value of tmnxRadiusPEDiscoveryInterval specifies the polling interval for Radius PE discovery in minutes. This object was made obsolete in release 5.0." DEFVAL { 5 } ::= { tmnxRadiusInfo 12 } tmnxRadiusPEForceDiscovery OBJECT-TYPE SYNTAX TmnxActionType MAX-ACCESS read-write STATUS current DESCRIPTION "When tmnxRadiusPEForceDiscovery is set to 'doAction', the RADIUS server is immediately contacted to attempt discovery." DEFVAL { notApplicable } ::= { tmnxRadiusInfo 13 } tmnxRadiusPEForceDiscoverySvcId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxRadiusPEForceDiscoverySvcId specifies a specific service ID to query the RADIUS server about. Reading this object returns the value 0." DEFVAL { 0 } ::= { tmnxRadiusInfo 14 } tmnxRadiusAccountingPort OBJECT-TYPE SYNTAX Unsigned32 (1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "The UDP port number on which to contact the RADIUS server for accounting requests." DEFVAL { 1813 } ::= { tmnxRadiusInfo 15 } tmnxRadiusUseTemplate OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxRadiusUseTemplate specifies whether the RADIUS user template is actively applied to the RADIUS user if no VSAs are returned with the auth-accept from the RADIUS server. When the value of tmnxRadiusUseTemplate is set to 'TRUE', the RADIUS user template is actively applied if no VSAs are returned with the auth-accept from the RADIUS server." DEFVAL { false } ::= { tmnxRadiusInfo 16 } tmnxRadiusAuthAlgorithm OBJECT-TYPE SYNTAX TmnxSecRadiusServAlgorithm MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxRadiusAuthAlgorithm specifies the algorithm used to select a RADIUS server from the list of configured servers (tmnxRadiusServerTable)." DEFVAL { direct } ::= { tmnxRadiusInfo 17 } tmnxRadiusUserStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxRadiusUserStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxRadiusUserStatsTable is the Radius server statistics per user using specific policy. Entries are created and deleted by the system." ::= { tmnxRadiusInfo 18 } tmnxRadiusUserStatsEntry OBJECT-TYPE SYNTAX TmnxRadiusUserStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about Radius server statistics per user per policy." INDEX { tmnxUserName, tmnxRadiusPolicyName, tmnxRadiusUserServerIndex } ::= { tmnxRadiusUserStatsTable 1 } TmnxRadiusUserStatsEntry ::= SEQUENCE { tmnxRadiusPolicyName TNamedItem, tmnxRadiusUserServerIndex Unsigned32, tmnxRadiusUserReqTx Counter32, tmnxRadiusUserReqRx Counter32, tmnxRadiusUserOpenFail Counter32, tmnxRadiusUserBindFail Counter32, tmnxRadiusUserSendFail Counter32, tmnxRadiusUserRecvFail Counter32, tmnxRadiusUserSendTimeout Counter32, tmnxRadiusUserLoginPass Counter32, tmnxRadiusUserLoginFail Counter32, tmnxRadiusUserMd5Fail Counter32, tmnxRadiusUserPending Counter32, tmnxRadiusUserAcctReqTx Counter32, tmnxRadiusUserAcctRejRx Counter32, tmnxRadiusUserAcctConnError Counter32, tmnxRadiusUserAccChallengePkt Counter32, tmnxRadiusUserAuthAvgDelay Gauge32, tmnxRadiusUserAcctAvgDelay Gauge32 } tmnxRadiusPolicyName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxRadiusPolicyName indicates the policy name used by the user to access the Radius server." ::= { tmnxRadiusUserStatsEntry 1 } tmnxRadiusUserServerIndex OBJECT-TYPE SYNTAX Unsigned32 (1..16) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the tmnxRadiusUserServerIndex identifies a specific Radius server." ::= { tmnxRadiusUserStatsEntry 2 } tmnxRadiusUserReqTx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxRadiusUserReqTx indicates the number of requests sent to the Radius server from the user using this policy." ::= { tmnxRadiusUserStatsEntry 3 } tmnxRadiusUserReqRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxRadiusUserReqRx indicates the number of requests received by the Radius server by the user using this policy." ::= { tmnxRadiusUserStatsEntry 4 } tmnxRadiusUserOpenFail OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxRadiusUserOpenFail indicates the number of socket open failures to the Radius server." ::= { tmnxRadiusUserStatsEntry 5 } tmnxRadiusUserBindFail OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxRadiusUserBindFail indicates the number of socket bind failures to the Radius server." ::= { tmnxRadiusUserStatsEntry 6 } tmnxRadiusUserSendFail OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxRadiusUserSendFail indicates the number of socket send failures to the Radius server." ::= { tmnxRadiusUserStatsEntry 7 } tmnxRadiusUserRecvFail OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxRadiusUserRecvFail indicates the number of socket receive failures to the Radius server." ::= { tmnxRadiusUserStatsEntry 8 } tmnxRadiusUserSendTimeout OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxRadiusUserSendTimeout indicates the number of sends which timed out waiting for reply from the Radius server." ::= { tmnxRadiusUserStatsEntry 9 } tmnxRadiusUserLoginPass OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxRadiusUserLoginPass indicates the number of authentication succeeded for the user using this policy to the Radius server." ::= { tmnxRadiusUserStatsEntry 10 } tmnxRadiusUserLoginFail OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxRadiusUserLoginFail indicates the number of authentication failed for the user using this policy to the Radius server." ::= { tmnxRadiusUserStatsEntry 11 } tmnxRadiusUserMd5Fail OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxRadiusUserMd5Fail indicates the number of times authentication failed due to MD5 for the user using this policy to the Radius server." ::= { tmnxRadiusUserStatsEntry 12 } tmnxRadiusUserPending OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxRadiusUserPending indicates the number of requests pending for the user using this policy to the Radius server." ::= { tmnxRadiusUserStatsEntry 13 } tmnxRadiusUserAcctReqTx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxRadiusUserAcctReqTx indicates the number of accounting requests for the user using this policy to the Radius server." ::= { tmnxRadiusUserStatsEntry 14 } tmnxRadiusUserAcctRejRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxRadiusUserAcctRejRx indicates the number of accounting rejections received for the user using this policy to the Radius server." ::= { tmnxRadiusUserStatsEntry 15 } tmnxRadiusUserAcctConnError OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxRadiusUserAcctConnError indicates the number of accounting connection failures for the user using this policy to the Radius server." ::= { tmnxRadiusUserStatsEntry 16 } tmnxRadiusUserAccChallengePkt OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxRadiusUserAccChallengePkt indicates the number of packets which challenged access to the user account from the Radius server." ::= { tmnxRadiusUserStatsEntry 17 } tmnxRadiusUserAuthAvgDelay OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxRadiusUserAuthAvgDelay indicates the average response delay of the last 10 authentication packets." ::= { tmnxRadiusUserStatsEntry 18 } tmnxRadiusUserAcctAvgDelay OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxRadiusUserAcctAvgDelay indicates the average response delay of the last 10 accounting packets." ::= { tmnxRadiusUserStatsEntry 19 } tmnxRadiusInteractiveAuthen OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxRadiusInteractiveAuthen specifies whether challenge/response authentication is enabled. If the value of this object is set to 'true(1)', the Reply-Message from the Access-Challenge packet is displayed, and the User-Password in the new Access-Request packet contains the response of the user. If the value of this object is set to 'false(2)', challenge/response authentication is disabled." DEFVAL { false } ::= { tmnxRadiusInfo 19 } tmnxTacPlusInfo OBJECT IDENTIFIER ::= { tmnxSecurityObjects 7 } tmnxTacPlusAdminStatus OBJECT-TYPE SYNTAX INTEGER { up (1), down (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The desired administrative status of the Tacacs+ protocol operation." DEFVAL { up } ::= { tmnxTacPlusInfo 1 } tmnxTacPlusTimeout OBJECT-TYPE SYNTAX Unsigned32 (1..90) UNITS "Seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "Number of seconds to wait before timing out a Tacacs+ server." DEFVAL { 3 } ::= { tmnxTacPlusInfo 2 } tmnxTacPlusServerTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxTacPlusServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxTacPlusServerEntry has an entry for each Tacacs+ server. The table can have up to a maximum of 5 entries." ::= { tmnxTacPlusInfo 3 } tmnxTacPlusServerEntry OBJECT-TYPE SYNTAX TmnxTacPlusServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "tmnxTacPlusServerEntry is an entry (conceptual row) in the tmnxTacPlusServerTable. Each entry represents the configuration for a Tacacs+ server. Entries in this table can be created and deleted via SNMP SET operations to tmnxTacPlusServerRowStatus." INDEX { tmnxTacPlusServerIndex } ::= { tmnxTacPlusServerTable 1 } TmnxTacPlusServerEntry ::= SEQUENCE { tmnxTacPlusServerIndex Unsigned32, tmnxTacPlusServerAddress IpAddress, tmnxTacPlusServerSecret OCTET STRING, tmnxTacPlusServerRowStatus RowStatus, tmnxTacPlusServerOperStatus INTEGER, tmnxTacPlusServerInetAddressType InetAddressType, tmnxTacPlusServerInetAddress InetAddress, tmnxTacPlusServerPort TTcpUdpPort } tmnxTacPlusServerIndex OBJECT-TYPE SYNTAX Unsigned32 (1..5) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The unique value which identifies a specific Tacacs+ server." ::= { tmnxTacPlusServerEntry 1 } tmnxTacPlusServerAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The IP address of the Tacacs+ server. tmnxTacPlusServerAddress was made obsolete in 5.0 revision of Nokia SROS series system. Tacacs+ servers are now configured using tmnxTacPlusServerInetAddress and tmnxTacPlusServerInetAddressType objects." ::= { tmnxTacPlusServerEntry 2 } tmnxTacPlusServerSecret OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..128)) MAX-ACCESS read-create STATUS current DESCRIPTION "The secret key associated with the Tacacs+ server. The value returned by tmnxTacPlusServerSecret is always an empty string. The value of tmnxTacPlusServerSecret cannot be set to an empty string." ::= { tmnxTacPlusServerEntry 3 } tmnxTacPlusServerRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "tmnxTacPlusServerRowStatus controls the creation and deletion of rows in the table. To create a row in the tmnxTacPlusServerTable, set tmnxTacPlusServerRowStatus to createAndGo(4). Objects tmnxTacPlusServerSecret, tmnxTacPlusServerInetAddressType, and tmnxTacPlusServerInetAddress must also be set at creation time. To delete a row in the tmnxTacPlusServerTable, set tmnxTacPlusServerRowStatus to delete(6)." ::= { tmnxTacPlusServerEntry 4 } tmnxTacPlusServerOperStatus OBJECT-TYPE SYNTAX INTEGER { up (1), down (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "tmnxTacPlusServerOperStatus indicates the operational status of the TACACS+ server." ::= { tmnxTacPlusServerEntry 5 } tmnxTacPlusServerInetAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxTacPlusServerInetAddressType specifies the address type of tmnxTacPlusServerInetAddress address. The value of tmnxTacPlusServerInetAddressType can be either of InetAddressType - 'ipv4' or InetAddressType - 'ipv6' or InetAddressType - 'ipv6z'." ::= { tmnxTacPlusServerEntry 6 } tmnxTacPlusServerInetAddress OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16|20)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxTacPlusServerInetAddress specifies the address of the Tacplus server." ::= { tmnxTacPlusServerEntry 7 } tmnxTacPlusServerPort OBJECT-TYPE SYNTAX TTcpUdpPort MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxTacPlusServerPort specifies the TCP port on which to contact the Tacplus server." DEFVAL { 49 } ::= { tmnxTacPlusServerEntry 8 } tmnxTacPlusAccounting OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "When the value of tmnxTacPlusAccounting is set to 'TRUE', TACACS+ command accounting is enabled." DEFVAL { false } ::= { tmnxTacPlusInfo 4 } tmnxTacPlusAcctRecType OBJECT-TYPE SYNTAX INTEGER { startStop (1), stopOnly (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "tmnxTacPlusAcctRecType is used to configure the type of accounting record packet that is to be sent to the TACACS+ server. The value indicates whether TACACS+ accounting start and stop packets be sent or just stop packets be sent. TACACS+ start packet is sent whenever the user executes a command. A stop packet is sent whenever the command execution is complete. The default value for this object is 'stopOnly'." DEFVAL { stopOnly } ::= { tmnxTacPlusInfo 5 } tmnxTacPlusAuthorization OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "When the value of tmnxTacPlusAuthorization is set to 'TRUE', TACACS+ command authorization is enabled." DEFVAL { false } ::= { tmnxTacPlusInfo 6 } tmnxTacPlusSingleConnection OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS obsolete DESCRIPTION "When the value of tmnxTacPlusSingleConnection is set to 'TRUE', a single connection is established with the TACACS+ server. The connection is kept open and is used by all the TELNET/SSH/FTP sessions for AAA operations. This object is obsoleted in release 8.0." DEFVAL { false } ::= { tmnxTacPlusInfo 7 } tmnxTacPlusSourceAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS obsolete DESCRIPTION "tmnxTacPlusSourceAddress is used to configure the source address of the TACACS+ packet. It should be a valid unicast address. If this object is configured with the address of the router interface, the TACACS+ client uses it while making a request to the server. If the address is not configured or is not the address of the one of interfaces, the source address is based on the address of the TACACS+ server. If the server address is in-band, the client uses the system ip address as the source address. If it is out-of-band, the source address is the address of the management interface. tmnxRadiusSourceAddress was made obsolete in the 4.0 revision of Nokia SROS series systems. The source address of the TACACS+ packet can now be set by creating a tmnxSourceIPEntry for TACACS+ application in the tmnxSourceIPTable." DEFVAL { '00000000'H } ::= { tmnxTacPlusInfo 8 } tmnxTacPlusConfigured OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS obsolete DESCRIPTION "When the value of tmnxTacPlusConfigured is set to 'false', all the Tacplus objects under the tmnxTacPlusInfo tree will be set to their default values and all the rows in the tmnxTacPlusServerTable will be removed. The value of this object will be set to 'true' if non-default values are set to the 'TacPlus' objects. This object has been obsoleted in release 14.0 R1." DEFVAL { false } ::= { tmnxTacPlusInfo 9 } tmnxTacplusUseTemplate OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxTacplusUseTemplate specifies whether the TACACS+ user template is actively applied to the TACACS+ user. When the value of tmnxTacplusUseTemplate is set to 'true(1)', the TACACS+ user template is actively applied." DEFVAL { true } ::= { tmnxTacPlusInfo 10 } tmnxTacPlusInteractiveAuthen OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxTacPlusInteractiveAuthen specifies whether interactive authentication is enabled. If the value of this object is set to 'true(1)', no username nor password is sent in the TACACS+ authentication START message, and the server_msg in the TAC_PLUS_AUTHEN_STATUS_GETUSER and TAC_PLUS_AUTHEN_STATUS_GETPASS authentication REPLY messages from the TACACS+ server are displayed. The server_msg may contain an S/Key for one-time password operation. If the value of this object is set to 'false(2)', the username and password are sent in the TACACS+ authentication START message." DEFVAL { false } ::= { tmnxTacPlusInfo 11 } tmnxTacPlusAuthorUsePrivLvl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxTacPlusAuthorUsePrivLvl specifies whether the privilege level mapping is used. When the value of tmnxTacPlusAuthorization is 'true(1)' and the value of tmnxTacPlusAuthorUsePrivLvl is 'true(1)', the value of attribute 'priv-lvl' in the TACACS+ authorization RESPONSE packet is mapped to the user profile defined in tmnxTacPlusPrivLvlMapTable. That user profile is used for authorization." DEFVAL { false } ::= { tmnxTacPlusInfo 12 } tmnxServerCtlObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 8 } tmnxEnableServers OBJECT-TYPE SYNTAX BITS { telnet (0), ssh (1), ftp (2), telnet6 (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "tmnxEnableServers is used to enable/disable telnet, SSH, FTP, and telnet v6 servers running on the system. By default, at system startup, only SSH server will be enabled." DEFVAL { {ssh} } ::= { tmnxServerCtlObjs 1 } tmnxTelnetServerOperStatus OBJECT-TYPE SYNTAX TmnxOperState MAX-ACCESS read-only STATUS current DESCRIPTION "tmnxTelnetServerOperStatus indicates the operational status of the telnet server. If the value of this object changes, a generic trap TIMETRA-SYSTEM-MIB:tmnxStateChange will be sent." ::= { tmnxServerCtlObjs 2 } tmnxSSHServerOperStatus OBJECT-TYPE SYNTAX TmnxOperState MAX-ACCESS read-only STATUS current DESCRIPTION "tmnxSSHServerOperStatus indicates the operational status of the SSH server. If the value of this object changes, a generic trap TIMETRA-SYSTEM-MIB:tmnxStateChange will be sent." ::= { tmnxServerCtlObjs 3 } tmnxFTPServerOperStatus OBJECT-TYPE SYNTAX TmnxOperState MAX-ACCESS read-only STATUS current DESCRIPTION "tmnxFTPServerOperStatus indicates the operational status of the FTP server. If the value of this object changes, a generic trap TIMETRA-SYSTEM-MIB:tmnxStateChange will be sent." ::= { tmnxServerCtlObjs 4 } tmnxTelnet6ServerOperStatus OBJECT-TYPE SYNTAX TmnxOperState MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxTelnet6ServerOperStatus indicates the operational status of the IPv6 telnet server. If the value of this object changes, a generic trap TIMETRA-SYSTEM-MIB:tmnxStateChange will be sent." ::= { tmnxServerCtlObjs 5 } tmnxCpmSecurityObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 9 } tmnxCpmPerPeerQueuing OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "When tmnxCpmPerPeerQueuing is set to 'true', CPM hardware queuing per peer is enabled. This means that when a peering session is established, the router will automatically allocate a separate CPM hardware queue for that peer. When tmnxCpmPerPeerQueuing is set to 'false', CPM hardware queuing per peer is disabled. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'." DEFVAL { false } ::= { tmnxCpmSecurityObjs 1 } tmnxCpmQueuesTotal OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmQueuesTotal indicates the total number of CPM hardware queues. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'." ::= { tmnxCpmSecurityObjs 2 } tmnxCpmQueuesInUse OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmQueuesInUse indicates the number of CPM hardware queues that are in use. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'." ::= { tmnxCpmSecurityObjs 3 } tCpmFilterQueueTable OBJECT-TYPE SYNTAX SEQUENCE OF TCpmFilterQueueEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tCpmFilterQueueTable has an entry for each CPM filter queue configured on this system. This table is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'." ::= { tmnxCpmSecurityObjs 4 } tCpmFilterQueueEntry OBJECT-TYPE SYNTAX TCpmFilterQueueEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row entry represents a particular CPM Filter Queue. Entries are created/deleted by user. Entries have a presumed StorageType of nonVolatile." INDEX { tCpmFilterQueueId } ::= { tCpmFilterQueueTable 1 } TCpmFilterQueueEntry ::= SEQUENCE { tCpmFilterQueueId TCpmFilterQueueId, tCpmFilterQueueRowStatus RowStatus, tCpmFilterQueueLastChanged TimeStamp, tCpmFilterQueueAdminPIR TPIRRate, tCpmFilterQueueAdminCIR TCIRRate, tCpmFilterQueueCBS TCpmFilterBurstSize, tCpmFilterQueueMBS TCpmFilterBurstSize, tCpmFilterQueueReferences Unsigned32, tCpmFilterQueueOperPIR TPIRRateOrZero, tCpmFilterQueueOperCIR TCIRRate } tCpmFilterQueueId OBJECT-TYPE SYNTAX TCpmFilterQueueId (33..2000) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tCpmFilterQueueId is used to index into the tCpmFilterQueueTable. It uniquely identifies a CPM Queue as configured on this system." ::= { tCpmFilterQueueEntry 1 } tCpmFilterQueueRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmFilterQueueRowStatus specifies the row status. It allows entries to be created or deleted in the tCpmFilterQueueEntry table." ::= { tCpmFilterQueueEntry 2 } tCpmFilterQueueLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmFilterQueueLastChanged indicates the timestamp of the last change to this row in tCpmFilterQueueTable." ::= { tCpmFilterQueueEntry 3 } tCpmFilterQueueAdminPIR OBJECT-TYPE SYNTAX TPIRRate MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmFilterQueueAdminPIR specifies the Peak Information Rate associated with this queue. This object can only be set to 1 or -1, when the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '8'." DEFVAL { -1 } ::= { tCpmFilterQueueEntry 4 } tCpmFilterQueueAdminCIR OBJECT-TYPE SYNTAX TCIRRate MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmFilterQueueAdminCIR specifies the Committed Information Rate associated with this queue. This object cannot be set when the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '8'." DEFVAL { -1 } ::= { tCpmFilterQueueEntry 5 } tCpmFilterQueueCBS OBJECT-TYPE SYNTAX TCpmFilterBurstSize MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmFilterQueueCBS specifies the Committed Burst Excess associated with this queue. This object cannot be set when the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '8'." DEFVAL { -1 } ::= { tCpmFilterQueueEntry 6 } tCpmFilterQueueMBS OBJECT-TYPE SYNTAX TCpmFilterBurstSize MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmFilterQueueMBS specifies the Maximum Burst Size associated with this queue." DEFVAL { -1 } ::= { tCpmFilterQueueEntry 7 } tCpmFilterQueueReferences OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmFilterQueueReferences indicates the count of filter entries using this particular queue to forward traffic to the main CPU." ::= { tCpmFilterQueueEntry 8 } tCpmFilterQueueOperPIR OBJECT-TYPE SYNTAX TPIRRateOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmFilterQueueOperPIR indicates the operational value of the Peak Information Rate associated with this queue. This value can be zero if the queue is not instantiated." ::= { tCpmFilterQueueEntry 9 } tCpmFilterQueueOperCIR OBJECT-TYPE SYNTAX TCIRRate MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmFilterQueueOperCIR indicates the operational value of the Committed Information Rate associated with this queue." ::= { tCpmFilterQueueEntry 10 } tmnxCpmHwFilterObjs OBJECT IDENTIFIER ::= { tmnxCpmSecurityObjs 5 } tCpmFilterDefaultAction OBJECT-TYPE SYNTAX TCpmFilterActionOrDefault { drop (1), forward (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tCpmFilterDefaultAction specifies the action to take for packets that do not match any filter entries. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'." DEFVAL { forward } ::= { tmnxCpmHwFilterObjs 1 } tCpmIpFilterAdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tCpmIpFilterAdminState specifies the administrative state of the CPM IPv4 filter. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'." DEFVAL { outOfService } ::= { tmnxCpmHwFilterObjs 2 } tCpmIPv6FilterAdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tCpmIPv6FilterAdminState specifies the administrative state of the CPM IPv6 filter. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'." DEFVAL { outOfService } ::= { tmnxCpmHwFilterObjs 3 } tCpmMacFilterAdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tCpmMacFilterAdminState specifies the administrative state of the CPM Mac filter. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'." DEFVAL { outOfService } ::= { tmnxCpmHwFilterObjs 4 } tCpmIpFilterTable OBJECT-TYPE SYNTAX SEQUENCE OF TCpmIpFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tCpmIpFilterTable has an entry for each CPM IPv4 filter entry configured on this system. This table is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'." ::= { tmnxCpmSecurityObjs 6 } tCpmIpFilterEntry OBJECT-TYPE SYNTAX TCpmIpFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row entry represents a particular Cpm Filter match entry. Every Cpm Filter can have zero or more Cpm Filter match entries. A filter entry with no match criteria set will match every packet, and the entry action will be taken. Entries are created/deleted by user. There is no StorageType object, entries have a presumed StorageType of nonVolatile." INDEX { tCpmIpFilterEntryId } ::= { tCpmIpFilterTable 1 } TCpmIpFilterEntry ::= SEQUENCE { tCpmIpFilterEntryId TEntryId, tCpmIpFilterEntryRowStatus RowStatus, tCpmIpFilterEntryLastChanged TimeStamp, tCpmIpFilterEntryLogId TFilterLogId, tCpmIpFilterEntryDescription TItemDescription, tCpmIpFilterEntryAction TCpmFilterActionOrDefault, tCpmIpFilterEntryQueueId TCpmFilterQueueId, tCpmIpFilterEntrySrcIPAddr IpAddress, tCpmIpFilterEntrySrcIPMask IpAddressPrefixLength, tCpmIpFilterEntryDestIPAddr IpAddress, tCpmIpFilterEntryDestIPMask IpAddressPrefixLength, tCpmIpFilterEntryProtocol TIpProtocol, tCpmIpFilterEntrySrcPort TTcpUdpPort, tCpmIpFilterEntrySrcPortMask Integer32, tCpmIpFilterEntryDestPort TTcpUdpPort, tCpmIpFilterEntryDestPortMask Integer32, tCpmIpFilterEntryDSCP TDSCPNameOrEmpty, tCpmIpFilterEntryFragment TItemMatch, tCpmIpFilterEntryOptionPresent TItemMatch, tCpmIpFilterEntryIPOptionValue TIpOption, tCpmIpFilterEntryIPOptionMask TIpOption, tCpmIpFilterEntryMultipleOption TItemMatch, tCpmIpFilterEntryTcpSyn TItemMatch, tCpmIpFilterEntryTcpAck TItemMatch, tCpmIpFilterEntryIcmpCode TIcmpCodeOrNone, tCpmIpFilterEntryIcmpType TIcmpTypeOrNone, tCpmIpFilterEntryVRtrId TmnxVRtrIDOrZero, tCpmIpFilterEntryLogCreated TruthValue, tCpmIpFilterEntrySrcIpPrefixList TNamedItemOrEmpty, tCpmIpFilterEntryDstIpPrefixList TNamedItemOrEmpty, tCpmIpFilterEntrySrcPortHigh TTcpUdpPort, tCpmIpFilterEntrySrcPortOper TCpmFilterPortOperator, tCpmIpFilterEntryDestPortHigh TTcpUdpPort, tCpmIpFilterEntryDestPortOper TCpmFilterPortOperator, tCpmIpFilterEntrySrcPortList TNamedItemOrEmpty, tCpmIpFilterEntryDstPortList TNamedItemOrEmpty, tCpmIpFilterEntryPortSelector TFltrPortSelector } tCpmIpFilterEntryId OBJECT-TYPE SYNTAX TEntryId (1..131072) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tCpmIpFilterEntryId is used to index into the tCpmIpFilterTable. It uniquely identifies a CPM filter entry as configured on this system." ::= { tCpmIpFilterEntry 1 } tCpmIpFilterEntryRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIpFilterEntryRowStatus specifies the row status. It allows entries to be created and deleted in the tCpmIpFilterTable." ::= { tCpmIpFilterEntry 2 } tCpmIpFilterEntryLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmIpFilterEntryLastChanged indicates the timestamp of the last change to this row in tCpmIpFilterTable." ::= { tCpmIpFilterEntry 3 } tCpmIpFilterEntryLogId OBJECT-TYPE SYNTAX TFilterLogId MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIpFilterEntryLogId specifies the log in which packets matching this entry should be entered. The value zero indicates that logging is disabled." DEFVAL { 0 } ::= { tCpmIpFilterEntry 4 } tCpmIpFilterEntryDescription OBJECT-TYPE SYNTAX TItemDescription MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIpFilterEntryDescription specifies the user-provided string describing this filter." DEFVAL { ''H } ::= { tCpmIpFilterEntry 5 } tCpmIpFilterEntryAction OBJECT-TYPE SYNTAX TCpmFilterActionOrDefault MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIpFilterEntryAction specifies the action to take for packets that match this filter entry. The value default(4) specifies this entry to inherit the behavior defined as the default for the filter in tCpmFilterDefaultAction. The value queue(3) can only be specified if a valid queue id is entered in tCpmIpFilterEntryQueueId. An 'inconsistentValue' error is returned if the value of this object is set to queue(3), when the value of the object tCpmIpFilterEntryProtocol is set to vrrp (112)." DEFVAL { drop } ::= { tCpmIpFilterEntry 6 } tCpmIpFilterEntryQueueId OBJECT-TYPE SYNTAX TCpmFilterQueueId MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIpFilterEntryQueueId specifies which queue to put the packet in when tCpmIpFilterEntryAction is queue (3). If the value of tCpmIpFilterEntryAction is different from queue (3) tCpmIpFilterEntryQueueId will be forced by the system to 0, and any change attempt will be silently discarded." DEFVAL { 0 } ::= { tCpmIpFilterEntry 7 } tCpmIpFilterEntrySrcIPAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIpFilterEntrySrcIPAddr specifies the IP address to match the source IP address of the packet." DEFVAL { '00000000'H } ::= { tCpmIpFilterEntry 8 } tCpmIpFilterEntrySrcIPMask OBJECT-TYPE SYNTAX IpAddressPrefixLength MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIpFilterEntrySrcIPMask specifies the IP Mask value for this policy Cpm FilterEntry entry. The mask is ANDed with the IP to match the tCpmIpFilterEntrySrcIPAddr." DEFVAL { 0 } ::= { tCpmIpFilterEntry 9 } tCpmIpFilterEntryDestIPAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIpFilterEntryDestIPAddr specifies the IP address to match the destination IP address of the packet." DEFVAL { '00000000'H } ::= { tCpmIpFilterEntry 10 } tCpmIpFilterEntryDestIPMask OBJECT-TYPE SYNTAX IpAddressPrefixLength MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIpFilterEntryDestIPMask specifies the IP Mask value for this policy Cpm FilterEntry entry. The mask is ANDed with the IP to match the tCpmIpFilterEntryDestIPAddr." DEFVAL { 0 } ::= { tCpmIpFilterEntry 11 } tCpmIpFilterEntryProtocol OBJECT-TYPE SYNTAX TIpProtocol MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIpFilterEntryProtocol specifies the IP protocol to match. It can be set to -1 to disable matching Cpm protocol. If the protocol is changed, the protocol specific parameters are reset. For instance, if protocol is changed from TCP to UDP, then the objects tCpmIpFilterEntryTcpSyn and tCpmIpFilterEntryTcpAck will be turned off. An 'inconsistentValue' error is returned if the value of this object is is set to vrrp (112), when the value of the object tCpmIpFilterEntryAction is set to queue(3)." DEFVAL { -1 } ::= { tCpmIpFilterEntry 12 } tCpmIpFilterEntrySrcPort OBJECT-TYPE SYNTAX TTcpUdpPort MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIpFilterEntrySrcPort specifies the TCP/UDP port to match the source port of the packet. See also the description of tCpmIpFilterEntrySrcPortOper for additional information about this object" DEFVAL { 0 } ::= { tCpmIpFilterEntry 13 } tCpmIpFilterEntrySrcPortMask OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIpFilterEntrySrcPortMask specifies the 16 bit mask to be applied when matching tCpmIpFilterEntrySrcPort. See also the description of tCpmIpFilterEntrySrcPortOper for additional information about this object" DEFVAL { 0 } ::= { tCpmIpFilterEntry 14 } tCpmIpFilterEntryDestPort OBJECT-TYPE SYNTAX TTcpUdpPort MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIpFilterEntryDestPort specifies the TCP/UDP port to match the destination port of the packet. See also the description of tCpmIpFilterEntryDestPortOper for additional information about this object" DEFVAL { 0 } ::= { tCpmIpFilterEntry 15 } tCpmIpFilterEntryDestPortMask OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIpFilterEntryDestPortMask specifies the 16 bit mask to be applied when matching tCpmIpFilterEntryDestPortOper. See also the description of tCpmIpFilterEntryDestPortHigh for additional information about this object" DEFVAL { 0 } ::= { tCpmIpFilterEntry 16 } tCpmIpFilterEntryDSCP OBJECT-TYPE SYNTAX TDSCPNameOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIpFilterEntryDSCP specifies the DSCP to be matched on the packet." DEFVAL { ''H } ::= { tCpmIpFilterEntry 17 } tCpmIpFilterEntryFragment OBJECT-TYPE SYNTAX TItemMatch MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIpFilterEntryFragment specifies whether fragment matching is enabled. When enabled, this object matches fragmented/unfragmented packets as per the value of the object." DEFVAL { off } ::= { tCpmIpFilterEntry 18 } tCpmIpFilterEntryOptionPresent OBJECT-TYPE SYNTAX TItemMatch MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIpFilterEntryOptionPresent specifies whether IP options matching is enabled. When enables, this object matches packets if they have options present or not as per the value of the object." DEFVAL { off } ::= { tCpmIpFilterEntry 19 } tCpmIpFilterEntryIPOptionValue OBJECT-TYPE SYNTAX TIpOption MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIpFilterEntryIPOptionValue specifies the specific IP option to match." DEFVAL { 0 } ::= { tCpmIpFilterEntry 20 } tCpmIpFilterEntryIPOptionMask OBJECT-TYPE SYNTAX TIpOption MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIpFilterEntryIPOptionMask specifies the mask that is ANDed with the IP option in the packet header before being compared to tCpmIpFilterEntryIPOptionValue." DEFVAL { 0 } ::= { tCpmIpFilterEntry 21 } tCpmIpFilterEntryMultipleOption OBJECT-TYPE SYNTAX TItemMatch MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIpFilterEntryMultipleOption specifies whether multiple options are to be matched as per the value of the object." DEFVAL { off } ::= { tCpmIpFilterEntry 22 } tCpmIpFilterEntryTcpSyn OBJECT-TYPE SYNTAX TItemMatch MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIpFilterEntryTcpSyn specifies whether a TCP Syn packet should match." DEFVAL { off } ::= { tCpmIpFilterEntry 23 } tCpmIpFilterEntryTcpAck OBJECT-TYPE SYNTAX TItemMatch MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIpFilterEntryTcpAck specifies whether a TCP Ack packet should match." DEFVAL { off } ::= { tCpmIpFilterEntry 24 } tCpmIpFilterEntryIcmpCode OBJECT-TYPE SYNTAX TIcmpCodeOrNone MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIpFilterEntryIcmpCode specifies the ICMP code to be matched. The value -1 means ICMP code matching is disabled." DEFVAL { -1 } ::= { tCpmIpFilterEntry 25 } tCpmIpFilterEntryIcmpType OBJECT-TYPE SYNTAX TIcmpTypeOrNone MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIpFilterEntryIcmpType specifies the ICMP type to be matched. The value -1 means ICMP type matching is disabled." DEFVAL { -1 } ::= { tCpmIpFilterEntry 26 } tCpmIpFilterEntryVRtrId OBJECT-TYPE SYNTAX TmnxVRtrIDOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIpFilterEntryVRtrId specifies the virtual router ID to be matched. When the value is '0', no virtual router matching occurs." DEFVAL { 0 } ::= { tCpmIpFilterEntry 27 } tCpmIpFilterEntryLogCreated OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmIpFilterEntryLogCreated indicates whether the filter log for this filter entry has been instantiated." ::= { tCpmIpFilterEntry 28 } tCpmIpFilterEntrySrcIpPrefixList OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of this object specifies the IP prefix list used as match criterion for the source ip address. The value specified for this object must correspond to a prefix list defined in TIMETRA-FILTER-MIB::tFilterPrefixListTable. If the value of this object is empty then the values of the objects tCpmIpFilterEntrySrcIPAddr and tCpmIpFilterEntrySrcIPMask are used as source ip address match criterion. When this object is set to a non-empty value then the objects tCpmIpFilterEntrySrcIPAddr and tCpmIpFilterEntrySrcIPMask are reset to their default values by the system. Vice versa, when a new (non-default) value is provided for the objects tCpmIpFilterEntrySrcIPAddr and tCpmIpFilterEntrySrcIPMask then this object is reset to its default (empty) value by the system. An attempt to set tCpmIpFilterEntrySrcIpPrefixList to a non-default value in combination with setting any of tCpmIpFilterEntrySrcIPAddr or tCpmIpFilterEntrySrcIPMask to (a) non-default value(s) is rejected by the system" DEFVAL { ''H } ::= { tCpmIpFilterEntry 30 } tCpmIpFilterEntryDstIpPrefixList OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of this object specifies the IP prefix list used as match criterion for the destination ip address. The value specified for this object must correspond to a prefix list defined in TIMETRA-FILTER-MIB::tFilterPrefixListTable. If the value of this object is empty then the values of the objects tCpmIpFilterEntryDestIPAddr and tCpmIpFilterEntryDestIPMask are used as source ip address match criterion. When this object is set to a non-empty value then the objects tCpmIpFilterEntryDestIPAddr and tCpmIpFilterEntryDestIPMask are reset to their default values by the system. Vice versa, when a new (non-default) value is provided for the objects tCpmIpFilterEntryDestIPAddr and tCpmIpFilterEntryDestIPMask then this object is reset to its default (empty) value by the system. An attempt to set tCpmIpFilterEntryDstIpPrefixList to a non-default value in combination with setting any of tCpmIpFilterEntryDestIPAddr or tCpmIpFilterEntryDestIPMask to (a) non-default value(s) is rejected by the system" DEFVAL { ''H } ::= { tCpmIpFilterEntry 31 } tCpmIpFilterEntrySrcPortHigh OBJECT-TYPE SYNTAX TTcpUdpPort MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the upper value for the TCP/UDP port range that is used as match criterion for the source port of a packet. See also the description of tCpmIpFilterEntrySrcPortOper for additional information about this object Setting tCpmIpFilterEntrySrcPortOper to range in combination with a value for tCpmIpFilterEntrySrcPort greater than the value for tCpmIpFilterEntrySrcPortHigh will be rejected by the system." DEFVAL { 0 } ::= { tCpmIpFilterEntry 32 } tCpmIpFilterEntrySrcPortOper OBJECT-TYPE SYNTAX TCpmFilterPortOperator MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the manner in which tCpmIpFilterEntrySrcPort, tCpmIpFilterEntrySrcPortMask, and tCpmIpFilterEntrySrcPortHigh are to be used. See description of TCpmFilterPortOperator." DEFVAL { mask } ::= { tCpmIpFilterEntry 33 } tCpmIpFilterEntryDestPortHigh OBJECT-TYPE SYNTAX TTcpUdpPort MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the upper value for the TCP/UDP port range that is used as match criterion for the destination port of a packet. See also the description of tCpmIpFilterEntryDestPortOper for additional information about this object Setting tCpmIpFilterEntryDestPortOper to range in combination with a value for tCpmIpFilterEntryDestPort greater than the value for tCpmIpFilterEntryDestPortHigh will be rejected by the system." DEFVAL { 0 } ::= { tCpmIpFilterEntry 34 } tCpmIpFilterEntryDestPortOper OBJECT-TYPE SYNTAX TCpmFilterPortOperator MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the manner in which tCpmIpFilterEntryDestPort, tCpmIpFilterEntryDestPortMask, and tCpmIpFilterEntryDestPortHigh are to be used. See description of TCpmFilterPortOperator." DEFVAL { mask } ::= { tCpmIpFilterEntry 35 } tCpmIpFilterEntrySrcPortList OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of this object specifies the port-list used as match criterion for the source port. The value specified for this object must correspond to a port-list defined in TIMETRA-FILTER-MIB::tFilterPortListTable. If the value of this object is empty then the values of the objects tCpmIpFilterEntrySrcPort, tCpmIpFilterEntrySrcPortMask, tCpmIpFilterEntrySrcPortHigh and tCpmIpFilterEntrySrcPortOper are used as source port match criterion. When this object is set to a non-empty value then the objects tCpmIpFilterEntrySrcPort, tCpmIpFilterEntrySrcPortMask, tCpmIpFilterEntrySrcPortHigh and tCpmIpFilterEntrySrcPortOper are reset to their default values by the system. Vice versa, when a new (non-default) value is provided for one of the objects tCpmIpFilterEntrySrcPort, tCpmIpFilterEntrySrcPortMask, tCpmIpFilterEntrySrcPortHigh, or tCpmIpFilterEntrySrcPortOper then tCpmIpFilterEntrySrcPortList is reset to its default (empty) value by the system. Setting any one of the objects tCpmIpFilterEntrySrcPort, tCpmIpFilterEntrySrcPortMask, tCpmIpFilterEntrySrcPortHigh, tCpmIpFilterEntrySrcPortOper to a non-default value in combination with a non-default value for the object tCpmIpFilterEntrySrcPortList is rejected by the system" DEFVAL { ''H } ::= { tCpmIpFilterEntry 36 } tCpmIpFilterEntryDstPortList OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of this object specifies the port-list used as match criterion for the destination port. The value specified for this object must correspond to a port-list defined in TIMETRA-FILTER-MIB::tFilterPortListTable. If the value of this object is empty then the values of the objects tCpmIpFilterEntryDestPort, tCpmIpFilterEntryDestPortMask, tCpmIpFilterEntryDestPortHigh and tCpmIpFilterEntryDestPortOper are used as destination port match criterion. When this object is set to a non-empty value then the objects tCpmIpFilterEntryDestPort, tCpmIpFilterEntryDestPortMask, tCpmIpFilterEntryDestPortHigh and tCpmIpFilterEntryDestPortOper are reset to their default values by the system. Vice versa, when a new (non-default) value is provided for one of the objects tCpmIpFilterEntryDestPort, tCpmIpFilterEntryDestPortMask, tCpmIpFilterEntryDestPortHigh or tCpmIpFilterEntryDestPortOper then tCpmIpFilterEntryDstPortList is reset to its default (empty) value by the system. Setting any one of the objects tCpmIpFilterEntryDestPort, tCpmIpFilterEntryDestPortMask, tCpmIpFilterEntryDestPortHigh, tCpmIpFilterEntryDestPortOper to a non-default value in combination with a non-default value for the object tCpmIpFilterEntryDstPortList is rejected by the system." DEFVAL { ''H } ::= { tCpmIpFilterEntry 37 } tCpmIpFilterEntryPortSelector OBJECT-TYPE SYNTAX TFltrPortSelector MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies how the source port objects (tCpmIpFilterEntrySrcPort, tCpmIpFilterEntrySrcPortMask, tCpmIpFilterEntrySrcPortHigh, tCpmIpFilterEntrySrcPortOper, tCpmIpFilterEntrySrcPortList) and destination port objects (tCpmIpFilterEntryDestPort, tCpmIpFilterEntryDestPortMask, tCpmIpFilterEntryDestPortHigh, tCpmIpFilterEntryDestPortOper, tCpmIpFilterEntryDstPortList) are combined to form the filter match criterion. See description of TFltrPortSelector. An 'inconsistentValue' error is returned if this object is not set along with source port or destination port objects." DEFVAL { and-port } ::= { tCpmIpFilterEntry 38 } tCpmIpFilterStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF TCpmIpFilterStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tCpmIpFilterStatsTable has a stats entry for each entry in each CPM filter configured on this system. This table is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'." ::= { tmnxCpmSecurityObjs 7 } tCpmIpFilterStatsEntry OBJECT-TYPE SYNTAX TCpmIpFilterStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row entry represents the statistics related to the tCpmIpFilterEntry indexed by the same tCpmIpFilterEntryId. Entries are created when tCpmIpFilterEntry rows are created." INDEX { tCpmIpFilterEntryId } ::= { tCpmIpFilterStatsTable 1 } TCpmIpFilterStatsEntry ::= SEQUENCE { tCpmIpFilterStatsDroppedPkts Counter64, tCpmIpFilterStatsForwardedPkts Counter64 } tCpmIpFilterStatsDroppedPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmIpFilterStatsDroppedPkts indicates the number of packets dropped due to the tCpmIpFilterEntry with the same index." ::= { tCpmIpFilterStatsEntry 1 } tCpmIpFilterStatsForwardedPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmIpFilterStatsForwardedPkts indicates the number of packets forwarded due to the tCpmIpFilterEntry with the same index." ::= { tCpmIpFilterStatsEntry 2 } tCpmFilterQueueStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF TCpmFilterQueueStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tCpmFilterQueueStatsTable has a stats entry for each CPM filter queue configured on this system. This table is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'." ::= { tmnxCpmSecurityObjs 8 } tCpmFilterQueueStatsEntry OBJECT-TYPE SYNTAX TCpmFilterQueueStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row entry represents the statistics related to the tCpmFilterQueueEntry indexed by the same tCpmFilterQueueId. Entries are created when tCpmFilterQueueEntry rows are created." INDEX { tCpmFilterQueueId } ::= { tCpmFilterQueueStatsTable 1 } TCpmFilterQueueStatsEntry ::= SEQUENCE { tCpmFilterQInProfileDropPkts Counter64, tCpmFilterQInProfileFwdPkts Counter64, tCpmFilterQInProfileDropOctets Counter64, tCpmFilterQInProfileFwdOctets Counter64, tCpmFilterQOutProfileDropPkts Counter64, tCpmFilterQOutProfileFwdPkts Counter64, tCpmFilterQOutProfileDropOctets Counter64, tCpmFilterQOutProfileFwdOctets Counter64 } tCpmFilterQInProfileDropPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmFilterQInProfileDropPkts indicates the number of packets complying to the queue Qos profile dropped from the tCpmFilterQueueEntry with the same index." ::= { tCpmFilterQueueStatsEntry 1 } tCpmFilterQInProfileFwdPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmFilterQInProfileFwdPkts indicates the number of packets complying to the queue Qos profile forwarded from the tCpmFilterQueueEntry with the same index." ::= { tCpmFilterQueueStatsEntry 2 } tCpmFilterQInProfileDropOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmFilterQInProfileDropOctets indicates the number of octets complying to the queue Qos profile dropped from the tCpmFilterQueueEntry with the same index." ::= { tCpmFilterQueueStatsEntry 3 } tCpmFilterQInProfileFwdOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmFilterQInProfileFwdOctets indicates the number of octets complying to the queue Qos profile forwarded from the tCpmFilterQueueEntry with the same index." ::= { tCpmFilterQueueStatsEntry 4 } tCpmFilterQOutProfileDropPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmFilterQOutProfileDropPkts indicates the number of packets not complying to the queue Qos profile dropped from the tCpmFilterQueueEntry with the same index." ::= { tCpmFilterQueueStatsEntry 5 } tCpmFilterQOutProfileFwdPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmFilterQOutProfileFwdPkts indicates the number of packets not complying to the queue Qos profile forwarded from the tCpmFilterQueueEntry with the same index." ::= { tCpmFilterQueueStatsEntry 6 } tCpmFilterQOutProfileDropOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmFilterQOutProfileDropOctets indicates the number of octets not complying to the queue Qos profile dropped from the tCpmFilterQueueEntry with the same index." ::= { tCpmFilterQueueStatsEntry 7 } tCpmFilterQOutProfileFwdOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmFilterQOutProfileFwdOctets indicates the number of octets not complying to the queue Qos profile forwarded from the tCpmFilterQueueEntry with the same index." ::= { tCpmFilterQueueStatsEntry 8 } tCpmIPv6FilterTable OBJECT-TYPE SYNTAX SEQUENCE OF TCpmIPv6FilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tCpmIPv6FilterTable has an entry for each CPM IPv6 filter entry configured on this system. This table is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'." ::= { tmnxCpmSecurityObjs 9 } tCpmIPv6FilterEntry OBJECT-TYPE SYNTAX TCpmIPv6FilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row entry represents a particular CPM IPv6 filter match entry. The CPM IPv6 Filter can have zero or more CPM IPv6 filter match entries. A filter entry with no match criteria set will match every packet, and the entry action will be taken. Entries are created/deleted by user. There is no StorageType object, entries have a presumed StorageType of nonVolatile." INDEX { tCpmIPv6FilterEntryId } ::= { tCpmIPv6FilterTable 1 } TCpmIPv6FilterEntry ::= SEQUENCE { tCpmIPv6FilterEntryId TEntryId, tCpmIPv6FilterEntryRowStatus RowStatus, tCpmIPv6FilterEntryLastChanged TimeStamp, tCpmIPv6FilterEntryLogId TFilterLogId, tCpmIPv6FilterEntryDescription TItemDescription, tCpmIPv6FilterEntryAction TCpmFilterActionOrDefault, tCpmIPv6FilterEntryQueueId TCpmFilterQueueId, tCpmIPv6FilterEntrySrcIPAddr InetAddressIPv6, tCpmIPv6FilterEntrySrcIPMask InetAddressPrefixLength, tCpmIPv6FilterEntryDestIPAddr InetAddressIPv6, tCpmIPv6FilterEntryDestIPMask InetAddressPrefixLength, tCpmIPv6FilterEntryNextHeader TIpProtocol, tCpmIPv6FilterEntrySrcPort TTcpUdpPort, tCpmIPv6FilterEntrySrcPortMask Integer32, tCpmIPv6FilterEntryDestPort TTcpUdpPort, tCpmIPv6FilterEntryDestPortMask Integer32, tCpmIPv6FilterEntryDSCP TDSCPNameOrEmpty, tCpmIPv6FilterEntryTcpSyn TItemMatch, tCpmIPv6FilterEntryTcpAck TItemMatch, tCpmIPv6FilterEntryIcmpCode TIcmpCodeOrNone, tCpmIPv6FilterEntryIcmpType TIcmpTypeOrNone, tCpmIPv6FilterEntryVRtrId TmnxVRtrIDOrZero, tCpmIPv6FilterEntryLogCreated TruthValue, tCpmIPv6FilterEntryFlowLabel IPv6FlowLabel, tCpmIPv6FilterEntrySrcIpPfxList TNamedItemOrEmpty, tCpmIPv6FilterEntryDstIpPfxList TNamedItemOrEmpty, tCpmIPv6FilterEntrySrcPortHigh TTcpUdpPort, tCpmIPv6FilterEntrySrcPortOper TCpmFilterPortOperator, tCpmIPv6FilterEntryDestPortHigh TTcpUdpPort, tCpmIPv6FilterEntryDestPortOper TCpmFilterPortOperator, tCpmIPv6FilterEntrySrcPortList TNamedItemOrEmpty, tCpmIPv6FilterEntryDstPortList TNamedItemOrEmpty, tCpmIPv6FilterEntryPortSelector TFltrPortSelector, tCpmIPv6FilterEntryFragment TItemMatch, tCpmIPv6FilterEntryHopByHopOpt TItemMatch } tCpmIPv6FilterEntryId OBJECT-TYPE SYNTAX TEntryId (1..131072) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tCpmIPv6FilterEntryId is used to index into the tCpmIPv6FilterTable. It uniquely identifies a CPM IPv6 filter entry as configured on this system." ::= { tCpmIPv6FilterEntry 1 } tCpmIPv6FilterEntryRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIPv6FilterEntryRowStatus specifies the row status. It allows entries to be created and deleted in the tCpmIPv6FilterTable." ::= { tCpmIPv6FilterEntry 2 } tCpmIPv6FilterEntryLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmIPv6FilterEntryLastChanged indicates the timestamp of the last change to this row in tCpmIPv6FilterTable." ::= { tCpmIPv6FilterEntry 3 } tCpmIPv6FilterEntryLogId OBJECT-TYPE SYNTAX TFilterLogId MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIPv6FilterEntryLogId specifies the log in which packets matching this entry should be entered. The value zero indicates that logging is disabled." DEFVAL { 0 } ::= { tCpmIPv6FilterEntry 4 } tCpmIPv6FilterEntryDescription OBJECT-TYPE SYNTAX TItemDescription MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIPv6FilterEntryDescription specifies the user-provided string describing this filter entry." DEFVAL { ''H } ::= { tCpmIPv6FilterEntry 5 } tCpmIPv6FilterEntryAction OBJECT-TYPE SYNTAX TCpmFilterActionOrDefault MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIPv6FilterEntryAction specifies the action to take for packets that match this filter entry. The value default(4) specifies this entry to inherit the behavior defined as the default for the filter in tCpmFilterDefaultAction. The value queue(3) can only be specified if a valid queue id is entered in tCpmIPv6FilterEntryQueueId. An 'inconsistentValue' error is returned if the value of this object is set to queue(3), when the value of the object tCpmIPv6FilterEntryNextHeader is set to vrrp (112)." DEFVAL { drop } ::= { tCpmIPv6FilterEntry 6 } tCpmIPv6FilterEntryQueueId OBJECT-TYPE SYNTAX TCpmFilterQueueId MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIPv6FilterEntryQueueId specifies which queue to put the packet in when tCpmIPv6FilterEntryAction is queue (3). If the value of tCpmIPv6FilterEntryAction is different from queue (3) tCpmIPv6FilterEntryQueueId will be forced by the system to 0, and any change attempt will be silently discarded." DEFVAL { 0 } ::= { tCpmIPv6FilterEntry 7 } tCpmIPv6FilterEntrySrcIPAddr OBJECT-TYPE SYNTAX InetAddressIPv6 MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIPv6FilterEntrySrcIPAddr specifies the IPv6 address to match the source IPv6 address in the packet." DEFVAL { '00000000000000000000000000000000'H } ::= { tCpmIPv6FilterEntry 8 } tCpmIPv6FilterEntrySrcIPMask OBJECT-TYPE SYNTAX InetAddressPrefixLength (0..128) MAX-ACCESS read-create STATUS current DESCRIPTION "tCpmIPv6FilterEntrySrcIPMask holds the IPv6 source address mask for this IPv6 CPM filter entry. The mask specifies the bits to be compared between tCpmIPv6FilterEntrySrcIPAddr and the IPv6 source address in the packet." DEFVAL { 0 } ::= { tCpmIPv6FilterEntry 9 } tCpmIPv6FilterEntryDestIPAddr OBJECT-TYPE SYNTAX InetAddressIPv6 MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIPv6FilterEntryDestIPAddr specifies the IPv6 address to match the destination IPv6 address in the packet." DEFVAL { '00000000000000000000000000000000'H } ::= { tCpmIPv6FilterEntry 10 } tCpmIPv6FilterEntryDestIPMask OBJECT-TYPE SYNTAX InetAddressPrefixLength (0..128) MAX-ACCESS read-create STATUS current DESCRIPTION "tCpmIPv6FilterEntryDestIPMask holds the IPv6 destination address mask for this IPv6 CPM filter entry. The mask specifies the bits to be compared between tCpmIPv6FilterEntryDestIPAddr and the IPv6 destination address in the packet." DEFVAL { 0 } ::= { tCpmIPv6FilterEntry 11 } tCpmIPv6FilterEntryNextHeader OBJECT-TYPE SYNTAX TIpProtocol MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIPv6FilterEntryNextHeader specifies the IPv6 protocol to match. '-1' specifies that the matching has been disabled. To change a protocol, the protocol specific values should be reset. For instance, to change the protocol from TCP(6) to UDP(7), the TCP specific attributes such as tCpmIPv6FilterEntryTcpSyn and tCpmIPv6FilterEntryTcpAck should be reset. Because the match criteria only pertains to the last next-header, the following values will not match a filter entry: 0, 43, 44, 50, 51, and 60. An 'inconsistentValue' error is returned if the value of this object is is set to vrrp (112), when the value of the object tCpmIPv6FilterEntryAction is set to queue(3)." DEFVAL { -1 } ::= { tCpmIPv6FilterEntry 12 } tCpmIPv6FilterEntrySrcPort OBJECT-TYPE SYNTAX TTcpUdpPort MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIPv6FilterEntrySrcPort specifies the TCP/UDP port to match the source port of the packet. See also the description of tCpmIPv6FilterEntrySrcPortOper for additional information about this object" DEFVAL { 0 } ::= { tCpmIPv6FilterEntry 13 } tCpmIPv6FilterEntrySrcPortMask OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIPv6FilterEntrySrcPortMask specifies the bits to be compared between tCpmIPv6FilterEntrySrcPort and the TCP/UDP source port in the packet. See also the description of tCpmIPv6FilterEntrySrcPortOper for additional information about this object" DEFVAL { 0 } ::= { tCpmIPv6FilterEntry 14 } tCpmIPv6FilterEntryDestPort OBJECT-TYPE SYNTAX TTcpUdpPort MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIPv6FilterEntryDestPort specifies the TCP/UDP port to match the destination port of the packet. See also the description of tCpmIPv6FilterEntryDestPortOper for additional information about this object" DEFVAL { 0 } ::= { tCpmIPv6FilterEntry 15 } tCpmIPv6FilterEntryDestPortMask OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIPv6FilterEntryDestPortMask specifies the bits to be compared between tCpmIPv6FilterEntryDestPort and the TCP/UDP source port in the packet. See also the description of tCpmIPv6FilterEntryDestPortOper for additional information about this object" DEFVAL { 0 } ::= { tCpmIPv6FilterEntry 16 } tCpmIPv6FilterEntryDSCP OBJECT-TYPE SYNTAX TDSCPNameOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIPv6FilterEntryDSCP specifies the DSCP to be matched on the packet." DEFVAL { ''H } ::= { tCpmIPv6FilterEntry 17 } tCpmIPv6FilterEntryTcpSyn OBJECT-TYPE SYNTAX TItemMatch MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIPv6FilterEntryTcpSyn specifies whether a TCP Syn packet should match." DEFVAL { off } ::= { tCpmIPv6FilterEntry 23 } tCpmIPv6FilterEntryTcpAck OBJECT-TYPE SYNTAX TItemMatch MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIPv6FilterEntryTcpAck specifies whether a TCP Ack packet should match." DEFVAL { off } ::= { tCpmIPv6FilterEntry 24 } tCpmIPv6FilterEntryIcmpCode OBJECT-TYPE SYNTAX TIcmpCodeOrNone MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIPv6FilterEntryIcmpCode specifies the ICMP code to be matched. The value '-1' means ICMP code matching is disabled." DEFVAL { -1 } ::= { tCpmIPv6FilterEntry 25 } tCpmIPv6FilterEntryIcmpType OBJECT-TYPE SYNTAX TIcmpTypeOrNone MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIPv6FilterEntryIcmpType specifies the ICMP type to be matched. The value '-1' means ICMP type matching is disabled." DEFVAL { -1 } ::= { tCpmIPv6FilterEntry 26 } tCpmIPv6FilterEntryVRtrId OBJECT-TYPE SYNTAX TmnxVRtrIDOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIPv6FilterEntryVRtrId specifies the virtual router ID to be matched. When the value is '0', no virtual router matching occurs." DEFVAL { 0 } ::= { tCpmIPv6FilterEntry 27 } tCpmIPv6FilterEntryLogCreated OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmIPv6FilterEntryLogCreated indicates whether the filter log for this filter entry has been instantiated." ::= { tCpmIPv6FilterEntry 28 } tCpmIPv6FilterEntryFlowLabel OBJECT-TYPE SYNTAX IPv6FlowLabel MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmIPv6FilterEntryFlowLabel specifies the flow label to be matched. When the value is '-1', no flow label matching occurs." DEFVAL { -1 } ::= { tCpmIPv6FilterEntry 29 } tCpmIPv6FilterEntrySrcIpPfxList OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of this object specifies the IPv6 prefix list used as match criterion for the source ipv6 address. The value specified for this object must correspond to a prefix list defined in TIMETRA-FILTER-MIB::tFilterPrefixListTable. If the value of this object is empty then the values of the objects tCpmIPv6FilterEntrySrcIPAddr and tCpmIPv6FilterEntrySrcIPMask are used as source ipv6 address match criterion. When this object is set to a non-empty value then the objects tCpmIPv6FilterEntrySrcIPAddr and tCpmIPv6FilterEntrySrcIPMask are reset to their default values by the system. Vice versa, when a new (non-default) value is provided for the objects tCpmIPv6FilterEntrySrcIPAddr and tCpmIPv6FilterEntrySrcIPMask then this object is reset to its default (empty) value by the system." DEFVAL { ''H } ::= { tCpmIPv6FilterEntry 30 } tCpmIPv6FilterEntryDstIpPfxList OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of this object specifies the IPv6 prefix list used as match criterion for the destination ipv6 address. The value specified for this object must correspond to a prefix list defined in TIMETRA-FILTER-MIB::tFilterPrefixListTable. If the value of this object is empty then the values of the objects tCpmIPv6FilterEntryDestIPAddr and tCpmIPv6FilterEntryDestIPMask are used as destination ipv6 address match criterion. When this object is set to a non-empty value then the objects tCpmIPv6FilterEntryDestIPAddr and tCpmIPv6FilterEntryDestIPMask are reset to their default values by the system. Vice versa, when a new (non-default) value is provided for the objects tCpmIPv6FilterEntryDestIPAddr and tCpmIPv6FilterEntryDestIPMask then this object is reset to its default (empty) value by the system." DEFVAL { ''H } ::= { tCpmIPv6FilterEntry 31 } tCpmIPv6FilterEntrySrcPortHigh OBJECT-TYPE SYNTAX TTcpUdpPort MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the upper value for the TCP/UDP port range that is used as match criterion for the source port of a packet. See also the description of tCpmIPv6FilterEntrySrcPortOper for additional information about this object Setting tCpmIPv6FilterEntrySrcPortOper to range in combination with a value for tCpmIPv6FilterEntrySrcPort greater than the value for tCpmIPv6FilterEntrySrcPortHigh will be rejected by the system." DEFVAL { 0 } ::= { tCpmIPv6FilterEntry 32 } tCpmIPv6FilterEntrySrcPortOper OBJECT-TYPE SYNTAX TCpmFilterPortOperator MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the manner in which tCpmIPv6FilterEntrySrcPort, tCpmIPv6FilterEntrySrcPortMask, and tCpmIPv6FilterEntrySrcPortHigh are to be used. See description of TCpmFilterPortOperator." DEFVAL { mask } ::= { tCpmIPv6FilterEntry 33 } tCpmIPv6FilterEntryDestPortHigh OBJECT-TYPE SYNTAX TTcpUdpPort MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the upper value for the TCP/UDP port range that is used as match criterion for the source port of a packet. Setting tCpmIPv6FilterEntryDestPortOper to range in combination with a value for tCpmIPv6FilterEntryDestPort greater than the value for tCpmIPv6FilterEntryDestPortHigh will be rejected by the system." DEFVAL { 0 } ::= { tCpmIPv6FilterEntry 34 } tCpmIPv6FilterEntryDestPortOper OBJECT-TYPE SYNTAX TCpmFilterPortOperator MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the manner in which tCpmIPv6FilterEntryDestPort, tCpmIPv6FilterEntryDestPortMask, and tCpmIPv6FilterEntryDestPortHigh are to be used. See description of TCpmFilterPortOperator." DEFVAL { mask } ::= { tCpmIPv6FilterEntry 35 } tCpmIPv6FilterEntrySrcPortList OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of this object specifies the port-list used as match criterion for the source port. The value specified for this object must correspond to a port-list defined in TIMETRA-FILTER-MIB::tFilterPortListTable. If the value of this object is empty then the values of the objects tCpmIPv6FilterEntrySrcPort, tCpmIPv6FilterEntrySrcPortMask, tCpmIPv6FilterEntrySrcPortHigh and tCpmIPv6FilterEntrySrcPortOper are used as source port match criterion. When this object is set to a non-empty value then the objects tCpmIPv6FilterEntrySrcPort, tCpmIPv6FilterEntrySrcPortMask, tCpmIPv6FilterEntrySrcPortHigh and tCpmIPv6FilterEntrySrcPortOper are reset to their default values by the system. Vice versa, when a new (non-default) value is provided for one of the objects tCpmIPv6FilterEntrySrcPort, tCpmIPv6FilterEntrySrcPortMask, tCpmIPv6FilterEntrySrcPortHigh, or tCpmIPv6FilterEntrySrcPortOper then tCpmIPv6FilterEntrySrcPortList is reset to its default (empty) value by the system. Setting any one of the objects tCpmIPv6FilterEntrySrcPort, tCpmIPv6FilterEntrySrcPortMask, tCpmIPv6FilterEntrySrcPortHigh, tCpmIPv6FilterEntrySrcPortOper to a non-default value in combination with a non-default value for the object tCpmIPv6FilterEntrySrcPortList is rejected by the system" DEFVAL { ''H } ::= { tCpmIPv6FilterEntry 36 } tCpmIPv6FilterEntryDstPortList OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of this object specifies the port-list used as match criterion for the destination port. The value specified for this object must correspond to a port-list defined in TIMETRA-FILTER-MIB::tFilterPortListTable. If the value of this object is empty then the values of the objects tCpmIPv6FilterEntryDestPort, tCpmIPv6FilterEntryDestPortMask, tCpmIPv6FilterEntryDestPortHigh and tCpmIPv6FilterEntryDestPortOper are used as destination port match criterion. When this object is set to a non-empty value then the objects tCpmIPv6FilterEntryDestPort, tCpmIPv6FilterEntryDestPortMask, tCpmIPv6FilterEntryDestPortHigh and tCpmIPv6FilterEntryDestPortOper are reset to their default values by the system. Vice versa, when a new (non-default) value is provided for one of the objects tCpmIPv6FilterEntryDestPort, tCpmIPv6FilterEntryDestPortMask, tCpmIPv6FilterEntryDestPortHigh or tCpmIPv6FilterEntryDestPortOper then tCpmIPv6FilterEntryDstPortList is reset to its default (empty) value by the system. Setting any one of the objects tCpmIPv6FilterEntryDestPort, tCpmIPv6FilterEntryDestPortMask, tCpmIPv6FilterEntryDestPortHigh, tCpmIPv6FilterEntryDestPortOper to a non-default value in combination with a non-default value for the object tCpmIPv6FilterEntryDstPortList is rejected by the system." DEFVAL { ''H } ::= { tCpmIPv6FilterEntry 37 } tCpmIPv6FilterEntryPortSelector OBJECT-TYPE SYNTAX TFltrPortSelector MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies how the source port objects (tCpmIPv6FilterEntrySrcPort, tCpmIPv6FilterEntrySrcPortMask, tCpmIPv6FilterEntrySrcPortHigh, tCpmIPv6FilterEntrySrcPortOper, tCpmIPv6FilterEntrySrcPortList) and destination port objects (tCpmIPv6FilterEntryDestPort, tCpmIPv6FilterEntryDestPortMask, tCpmIPv6FilterEntryDestPortHigh, tCpmIPv6FilterEntryDestPortOper, tCpmIPv6FilterEntryDstPortList) are combined to form the filter match criterion. See description of TFltrPortSelector. An 'inconsistentValue' error is returned if this object is not set along with source port or destination port objects." DEFVAL { and-port } ::= { tCpmIPv6FilterEntry 38 } tCpmIPv6FilterEntryFragment OBJECT-TYPE SYNTAX TItemMatch MAX-ACCESS read-create STATUS current DESCRIPTION "If Enabled, matches a Fragmentation Extension Header as per value of the object." DEFVAL { off } ::= { tCpmIPv6FilterEntry 39 } tCpmIPv6FilterEntryHopByHopOpt OBJECT-TYPE SYNTAX TItemMatch MAX-ACCESS read-create STATUS current DESCRIPTION "If Enabled, matches a Hop-By-Hop options Extension Header as per value of the object." DEFVAL { off } ::= { tCpmIPv6FilterEntry 40 } tCpmIPv6FilterStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF TCpmIPv6FilterStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tCpmIPv6FilterStatsTable has a stats entry for each entry in each CPM filter configured on this system. This table is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'." ::= { tmnxCpmSecurityObjs 10 } tCpmIPv6FilterStatsEntry OBJECT-TYPE SYNTAX TCpmIPv6FilterStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row entry represents the statistics related to the tCpmIPv6FilterEntry indexed by the same tCpmIPv6FilterEntryId. Entries are created when tCpmIPv6FilterEntry rows are created." INDEX { tCpmIPv6FilterEntryId } ::= { tCpmIPv6FilterStatsTable 1 } TCpmIPv6FilterStatsEntry ::= SEQUENCE { tCpmIPv6FilterStatsDroppedPkts Counter64, tCpmIPv6FilterStatsForwardedPkts Counter64 } tCpmIPv6FilterStatsDroppedPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmIPv6FilterStatsDroppedPkts indicates the number of packets dropped due to the tCpmIPv6FilterEntry with the same index." ::= { tCpmIPv6FilterStatsEntry 1 } tCpmIPv6FilterStatsForwardedPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmIPv6FilterStatsForwardedPkts indicates the number of packets forwarded due to the tCpmIPv6FilterEntry with the same index." ::= { tCpmIPv6FilterStatsEntry 2 } tmnxCpmProtPolTableLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtPolTableLastChanged indicates the sysUpTime at the time of the last modification of an entry in the tmnxCpmProtPolTable. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." ::= { tmnxCpmSecurityObjs 11 } tmnxCpmProtPolTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxCpmProtPolEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxCpmProtPolTable has an entry for each CPM Protection policy configured in the system. There are two default policies. CPM Protection policy (254) is the default Access CPM Protection policy. CPM Protection policy (255) is the default Network CPM Protection policy. The default CPM Protection policies are created by the system, and can be modified but cannot be destroyed. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." ::= { tmnxCpmSecurityObjs 12 } tmnxCpmProtPolEntry OBJECT-TYPE SYNTAX TmnxCpmProtPolEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row entry represents the configuration information related to a CPM Protection policy." INDEX { tmnxCpmProtPolicyId } ::= { tmnxCpmProtPolTable 1 } TmnxCpmProtPolEntry ::= SEQUENCE { tmnxCpmProtPolicyId TCpmProtPolicyID, tmnxCpmProtPolRowStatus RowStatus, tmnxCpmProtPolLastChanged TimeStamp, tmnxCpmProtPolDescription TItemDescription, tmnxCpmProtPolPerSrcRateLimit TmnxCpmPacketPolRateLimit, tmnxCpmProtPolOverallRateLimit TmnxCpmPacketPolRateLimit, tmnxCpmProtPolAlarm TruthValue, tmnxCpmProtPolOutProfileRate TmnxCpmPacketPolRateLimit, tmnxCpmProtPolLimDhcpCiAddrZero TruthValue, tmnxCpmProtPolOutProfRateLogEvnt TruthValue } tmnxCpmProtPolicyId OBJECT-TYPE SYNTAX TCpmProtPolicyID (1..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxCpmProtPolicyId specifies the identification number of the CPM Protection policy." ::= { tmnxCpmProtPolEntry 1 } tmnxCpmProtPolRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxCpmProtPolRowStatus controls the creation and deletion of rows in this table." ::= { tmnxCpmProtPolEntry 2 } tmnxCpmProtPolLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtPolLastChanged indicates the sysUpTime at the time of the last modification of this entry. If no changes were made to the entry since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxCpmProtPolEntry 3 } tmnxCpmProtPolDescription OBJECT-TYPE SYNTAX TItemDescription MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxCpmProtPolDescription specifies the user provided description of this CPM Protection policy. The default CPM Protection policies 254 and 255 have a default description which can be modified by the user." DEFVAL { ''H } ::= { tmnxCpmProtPolEntry 4 } tmnxCpmProtPolPerSrcRateLimit OBJECT-TYPE SYNTAX TmnxCpmPacketPolRateLimit UNITS "packets per second" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxCpmProtPolPerSrcRateLimit specifies the packet arrival rate limit to be applied to each source of packets. Objects referring to this CPM Protection policy that do not support per-source rate limiting, may ignore the tmnxCpmProtPolPerSrcRateLimit." DEFVAL { -1 } ::= { tmnxCpmProtPolEntry 5 } tmnxCpmProtPolOverallRateLimit OBJECT-TYPE SYNTAX TmnxCpmPacketPolRateLimit UNITS "packets per second" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxCpmProtPolOverallRateLimit specifies the overall packet arrival rate limit to be applied to all sources of packets. A default value of -1, specifies an unrestricted packet arrival rate on the interface. The value of tmnxCpmProtPolOverallRateLimit is equal to 6000 for the default access policy (policy 254)." DEFVAL { -1 } ::= { tmnxCpmProtPolEntry 6 } tmnxCpmProtPolAlarm OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxCpmProtPolAlarm specifies if a notification must be issued when one of the packet arrival rate limits is crossed. A value of 'true' specifies that a notification must be issued." DEFVAL { true } ::= { tmnxCpmProtPolEntry 7 } tmnxCpmProtPolOutProfileRate OBJECT-TYPE SYNTAX TmnxCpmPacketPolRateLimit UNITS "packets per second" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxCpmProtPolOutProfileRate specifies the threshold value at which incoming control packets are marked out of profile. A default value of -1 specifies absence of a set threshold on the interface. The value of tmnxCpmProtPolOutProfileRate is 6000 for the default access policy (policy 254)." DEFVAL { 3000 } ::= { tmnxCpmProtPolEntry 8 } tmnxCpmProtPolLimDhcpCiAddrZero OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxCpmProtPolLimDhcpCiAddrZero specifies whether or not to apply per-source rate limiting to DHCP packets containing Client IP address zero (e.g., for IPv4, ciaddr = 0.0.0.0). For example, suppose a SAP has the following configuration: a) TIMETRA-SAP-MIB::sapCpmProtMonitorIP = 'true', and b) TIMETRA-SAP-MIB::sapCpmProtPolicyId = 7. Then, if the tmnxCpmProtPolLimDhcpCiAddrZero value for CPM Protection policy 7 is 'true', DHCP packets arriving at the SAP are rate limited using tmnxCpmProtPolPerSrcRateLimit, whether or not the ciaddr field is zero. On the other hand, with the same SAP configuration, if the tmnxCpmProtPolLimDhcpCiAddrZero value for CPM Protection policy 7 is 'false', DHCP packets arriving at the SAP with ciaddr zero are exempt from the tmnxCpmProtPolPerSrcRateLimit. The value of this object is irrelevant if the SAP's TIMETRA-SAP-MIB::sapCpmProtMonitorIP value is 'false'." REFERENCE "RFC 2131 ('Dynamic Host Configuration Protocol') explains the role of the ciaddr field in the DHCP protocol." DEFVAL { false } ::= { tmnxCpmProtPolEntry 9 } tmnxCpmProtPolOutProfRateLogEvnt OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxCpmProtPolOutProfRateLogEvnt controls the generation of log events when the out-profile-rate specified by tmnxCpmProtPolOutProfileRate is exceeded." DEFVAL { false } ::= { tmnxCpmProtPolEntry 10 } tmnxCpmProtDropUncfgdProtocolMsg OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxCpmProtDropUncfgdProtocolMsg specifies the administrative state of the protocol protection facility. When the value of this object is set to 'inService (2)', network control protocol traffic is dropped if it is received on an interface where the protocol is not configured. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." DEFVAL { outOfService } ::= { tmnxCpmSecurityObjs 13 } tmnxCpmProtLinkRateLimit OBJECT-TYPE SYNTAX TmnxCpmPacketRateLimit UNITS "packets per second" MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxCpmProtLinkRateLimit specifies the link-specific packet arrival rate limit to be applied to link-level protocols such as LACP. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." DEFVAL { 15000 } ::= { tmnxCpmSecurityObjs 14 } tmnxCpmProtExcdTableLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtExcdTableLastChanged indicates the sysUpTime at the time of the last add, change, or delete of a row in the tmnxCpmProtExcdTable. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." ::= { tmnxCpmSecurityObjs 15 } tmnxCpmProtExcdTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxCpmProtExcdEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "tmnxCpmProtExcdTable has a row for each triple that has exceeded the per-source rate limit configured for the pair. MAC-layer per-source rate limiting is enabled for a pair by setting TIMETRA-SAP-MIB::sapCpmProtMonitorMac to 'true'. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." ::= { tmnxCpmSecurityObjs 16 } tmnxCpmProtExcdEntry OBJECT-TYPE SYNTAX TmnxCpmProtExcdEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row contains statistics for a MAC packet stream that has exceeded its per-source rate limit. A row is created by the system the first time a triple exceeds its per-source rate limit. The row is updated by the system on subsequent violations. Rows are deleted when a clear operation is requested on the underlying statistics." INDEX { svcId, sapPortId, sapEncapValue, tmnxCpmProtExcdMac } ::= { tmnxCpmProtExcdTable 1 } TmnxCpmProtExcdEntry ::= SEQUENCE { tmnxCpmProtExcdMac MacAddress, tmnxCpmProtExcdPeriods Gauge32, tmnxCpmProtExcdTimeStarted TimeStamp, tmnxCpmProtExcdTime TimeStamp } tmnxCpmProtExcdMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxCpmProtExcdMac indicates the MAC address of a source which has exceeded its per-source rate limit." ::= { tmnxCpmProtExcdEntry 1 } tmnxCpmProtExcdPeriods OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtExcdPeriods indicates the number of times a per-source rate limit violation was detected for this source. The sampling interval length is indicated by the object tmnxCpmProtDetectPeriod." ::= { tmnxCpmProtExcdEntry 2 } tmnxCpmProtExcdTimeStarted OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtExcdTimeStarted indicates the sysUpTime at the time of the creation of this row." ::= { tmnxCpmProtExcdEntry 3 } tmnxCpmProtExcdTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtExcdTime indicates the sysUpTime at the time of the last update of this row." ::= { tmnxCpmProtExcdEntry 4 } tmnxCpmProtViolPortTableLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolPortTableLastChgd indicates the sysUpTime at the time of the last modification of an entry in the tmnxCpmProtViolPortTable. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." ::= { tmnxCpmSecurityObjs 17 } tmnxCpmProtViolPortTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxCpmProtViolPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxCpmProtViolPortTable has an entry for each port where either the link-specific packet arrival rate limit or the per-port overall packet rate limit was violated. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." ::= { tmnxCpmSecurityObjs 18 } tmnxCpmProtViolPortEntry OBJECT-TYPE SYNTAX TmnxCpmProtViolPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row entry represents the information related to a port where the link-specific packet arrival rate limit was violated. Rows are created or removed automatically by the system." INDEX { tmnxPortPortID } ::= { tmnxCpmProtViolPortTable 1 } TmnxCpmProtViolPortEntry ::= SEQUENCE { tmnxCpmProtViolPortPeriods Gauge32, tmnxCpmProtViolPortTimeStarted TimeStamp, tmnxCpmProtViolPortTime TimeStamp, tmnxCpmProtViolPortAggPeriods Gauge32, tmnxCpmProtViolPortAggTimeStart TimeStamp, tmnxCpmProtViolPortAggTime TimeStamp } tmnxCpmProtViolPortPeriods OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolPortPeriods indicates the number of times the link-specific rate limit violation was detected at this port. The sampling interval length is indicated by the object tmnxCpmProtDetectPeriod." ::= { tmnxCpmProtViolPortEntry 1 } tmnxCpmProtViolPortTimeStarted OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolPortTimeStarted indicates the sysUpTime when the link-specific rate limit violation was detected the first time at this port." ::= { tmnxCpmProtViolPortEntry 2 } tmnxCpmProtViolPortTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolPortTime indicates the sysUpTime when the link-specific rate limit violation was detected the last time at this port." ::= { tmnxCpmProtViolPortEntry 3 } tmnxCpmProtViolPortAggPeriods OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolPortAggPeriods indicates the number of times the per-port overall rate limit violation was detected at this port." ::= { tmnxCpmProtViolPortEntry 4 } tmnxCpmProtViolPortAggTimeStart OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolPortAggTimeStart indicates the sysUpTime when the per-port overall rate limit violation was detected the first time at this port." ::= { tmnxCpmProtViolPortEntry 5 } tmnxCpmProtViolPortAggTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolPortAggTime indicates the sysUpTime when the per-port overall rate limit violation was detected the last time at this port." ::= { tmnxCpmProtViolPortEntry 6 } tmnxCpmProtViolIfTableLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolIfTableLastChgd indicates the sysUpTime at the time of the last modification of an entry in the tmnxCpmProtViolIfTable. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." ::= { tmnxCpmSecurityObjs 19 } tmnxCpmProtViolIfTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxCpmProtViolIfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxCpmProtViolIfTable has an entry for each router interface where the overall packet arrival rate limit was violated. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." ::= { tmnxCpmSecurityObjs 20 } tmnxCpmProtViolIfEntry OBJECT-TYPE SYNTAX TmnxCpmProtViolIfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row entry represents the information related to a router interface where the overall packet arrival rate limit was violated. Rows are created or removed automatically by the system." INDEX { vRtrID, vRtrIfIndex } ::= { tmnxCpmProtViolIfTable 1 } TmnxCpmProtViolIfEntry ::= SEQUENCE { tmnxCpmProtViolIfPeriods Gauge32, tmnxCpmProtViolIfTimeStarted TimeStamp, tmnxCpmProtViolIfTime TimeStamp } tmnxCpmProtViolIfPeriods OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolIfPeriods indicates the number of times the rate limit violation was detected at this router interface. The sampling interval length is indicated by the object tmnxCpmProtDetectPeriod." ::= { tmnxCpmProtViolIfEntry 1 } tmnxCpmProtViolIfTimeStarted OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolIfTimeStarted indicates the sysUpTime at the time of the creation of this entry." ::= { tmnxCpmProtViolIfEntry 2 } tmnxCpmProtViolIfTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolIfTime indicates the sysUpTime at the time of the last modification of this entry." ::= { tmnxCpmProtViolIfEntry 3 } tmnxCpmProtViolSapTableLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolSapTableLastChgd indicates the sysUpTime at the time of the last modification of an entry in the tmnxCpmProtViolSapTable. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." ::= { tmnxCpmSecurityObjs 21 } tmnxCpmProtViolSapTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxCpmProtViolSapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxCpmProtViolSapTable has an entry for each SAP where the overall packet arrival rate limit was violated. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." ::= { tmnxCpmSecurityObjs 22 } tmnxCpmProtViolSapEntry OBJECT-TYPE SYNTAX TmnxCpmProtViolSapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row entry represents the information related to a SAP where the overall packet arrival rate limit was violated. Rows are created or removed automatically by the system." INDEX { svcId, sapPortId, sapEncapValue } ::= { tmnxCpmProtViolSapTable 1 } TmnxCpmProtViolSapEntry ::= SEQUENCE { tmnxCpmProtViolSapPeriods Gauge32, tmnxCpmProtViolSapTimeStarted TimeStamp, tmnxCpmProtViolSapTime TimeStamp } tmnxCpmProtViolSapPeriods OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolSapPeriods indicates the number of times the rate limit violation was detected at this SAP. The sampling interval length is indicated by the object tmnxCpmProtDetectPeriod." ::= { tmnxCpmProtViolSapEntry 1 } tmnxCpmProtViolSapTimeStarted OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolSapTimeStarted indicates the sysUpTime at the time of the creation of this entry." ::= { tmnxCpmProtViolSapEntry 2 } tmnxCpmProtViolSapTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolSapTime indicates the sysUpTime at the time of the last update of this entry." ::= { tmnxCpmProtViolSapEntry 3 } tmnxCpmProtPortOverallRateLimit OBJECT-TYPE SYNTAX TmnxCpmPacketRateLimit UNITS "packets per second" MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxCpmProtPortOverallRateLimit specifies the per-port packet arrival rate limit to be applied to all protocol messages that are to be processed by the CPM. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." DEFVAL { -1 } ::= { tmnxCpmSecurityObjs 23 } tmnxCpmProtDetectPeriod OBJECT-TYPE SYNTAX Unsigned32 UNITS "100 milliseconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtDetectPeriod indicates the length of a packet arrival rate limit detection period. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." ::= { tmnxCpmSecurityObjs 24 } tCpmMacFilterTable OBJECT-TYPE SYNTAX SEQUENCE OF TCpmMacFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tCpmMacFilterTable has an entry for each CPM Mac filter entry configured on this system. This table is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'." ::= { tmnxCpmSecurityObjs 25 } tCpmMacFilterEntry OBJECT-TYPE SYNTAX TCpmMacFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row entry represents a particular Cpm Mac Filter match entry. The Cpm Mac Filter can have zero or more Cpm Mac Filter match entries. A filter entry with no match criteria set will match every packet, and the entry action will be taken. Entries are created/deleted by user." INDEX { tCpmMacFltrEntryId } ::= { tCpmMacFilterTable 1 } TCpmMacFilterEntry ::= SEQUENCE { tCpmMacFltrEntryId TEntryId, tCpmMacFltrEntryRowStatus RowStatus, tCpmMacFltrEntryLastChanged TimeStamp, tCpmMacFltrEntryLogId TFilterLogId, tCpmMacFltrEntryDescription TItemDescription, tCpmMacFltrEntryAction TCpmFilterActionOrDefault, tCpmMacFltrEntryQueueId TCpmFilterQueueId, tCpmMacFltrEntryFrameType TmnxCpmMacFltrFrameType, tCpmMacFltrEntrySvcId TmnxServId, tCpmMacFltrEntryDot1pValue Dot1PPriority, tCpmMacFltrEntryDot1pMask Dot1PPriorityMask, tCpmMacFltrEntryDsap ServiceAccessPoint, tCpmMacFltrEntryDsapMask ServiceAccessPoint, tCpmMacFltrEntrySrcMAC MacAddress, tCpmMacFltrEntrySrcMACMask MacAddress, tCpmMacFltrEntryDstMAC MacAddress, tCpmMacFltrEntryDstMACMask MacAddress, tCpmMacFltrEntryEtherType Integer32, tCpmMacFltrEntrySsap ServiceAccessPoint, tCpmMacFltrEntrySsapMask ServiceAccessPoint, tCpmMacFltrEntryCfmOpCodeOper TOperator, tCpmMacFltrEntryCfmOpCodeValue1 Unsigned32, tCpmMacFltrEntryCfmOpCodeValue2 Unsigned32, tCpmMacFltrEntryLogCreated TruthValue } tCpmMacFltrEntryId OBJECT-TYPE SYNTAX TEntryId (1..131072) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tCpmMacFltrEntryId is used to index into the tCpmMacFilterTable. It uniquely identifies a CPM Mac filter entry as configured on this system." ::= { tCpmMacFilterEntry 1 } tCpmMacFltrEntryRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmMacFltrEntryRowStatus specifies the row status. It allows entries to be created and deleted in the tCpmMacFilterTable." ::= { tCpmMacFilterEntry 2 } tCpmMacFltrEntryLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmMacFltrEntryLastChanged indicates the timestamp of the last change to this row in tCpmMacFilterTable." ::= { tCpmMacFilterEntry 3 } tCpmMacFltrEntryLogId OBJECT-TYPE SYNTAX TFilterLogId MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmMacFltrEntryLogId specifies the log in which packets matching this entry should be entered. The value zero indicates that logging is disabled." DEFVAL { 0 } ::= { tCpmMacFilterEntry 4 } tCpmMacFltrEntryDescription OBJECT-TYPE SYNTAX TItemDescription MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmMacFltrEntryDescription specifies the user-provided string describing this filter entry." DEFVAL { ''H } ::= { tCpmMacFilterEntry 5 } tCpmMacFltrEntryAction OBJECT-TYPE SYNTAX TCpmFilterActionOrDefault MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmMacFltrEntryAction specifies the action to take for packets that match this filter entry. The value default(4) specifies this entry to inherit the behavior defined as the default for the filter in tCpmFilterDefaultAction. The value queue(3) can only be specified if a valid queue id is entered in tCpmMacFltrEntryQueueId." DEFVAL { drop } ::= { tCpmMacFilterEntry 6 } tCpmMacFltrEntryQueueId OBJECT-TYPE SYNTAX TCpmFilterQueueId MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmMacFltrEntryQueueId specifies which queue to put the packet in when tCpmMacFltrEntryAction is queue (3). If the value of tCpmMacFltrEntryAction is different from queue (3) tCpmMacFltrEntryQueueId will be forced by the system to 0, and any change attempt will be silently discarded." DEFVAL { 0 } ::= { tCpmMacFilterEntry 7 } tCpmMacFltrEntryFrameType OBJECT-TYPE SYNTAX TmnxCpmMacFltrFrameType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tCpmMacFltrEntryFrameType specifies the type of mac frame for which we are defining this match criteria. The value 'none' means that this entry is not matching on any ethernet frame. The value 'e802dot1ag(4)' is deprecated, and replaced by e802dot2LLC(1)." DEFVAL { none } ::= { tCpmMacFilterEntry 8 } tCpmMacFltrEntrySvcId OBJECT-TYPE SYNTAX TmnxServId MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tCpmMacFltrEntrySvcId specifies the service-id in which the packet is to be received for this entry to match. A value of 0 indicates: any service." DEFVAL { 0 } ::= { tCpmMacFilterEntry 9 } tCpmMacFltrEntryDot1pValue OBJECT-TYPE SYNTAX Dot1PPriority MAX-ACCESS read-create STATUS current DESCRIPTION "Filtering on dot1p bits is currently not offered on cpm-mac filters. All set actions on this object will therefore be ignored." DEFVAL { -1 } ::= { tCpmMacFilterEntry 10 } tCpmMacFltrEntryDot1pMask OBJECT-TYPE SYNTAX Dot1PPriorityMask MAX-ACCESS read-create STATUS current DESCRIPTION "Filtering on dot1p bits is currently not offered on cpm-mac filters. All set actions on this object will therefore be ignored." DEFVAL { 0 } ::= { tCpmMacFilterEntry 11 } tCpmMacFltrEntryDsap OBJECT-TYPE SYNTAX ServiceAccessPoint MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tCpmMacFltrEntryDsap specifies the MAC DSAP to match for this MAC filter entry. This object has no significance if the object tCpmMacFltrEntryFrameType is not set to 802dot2LLC." DEFVAL { -1 } ::= { tCpmMacFilterEntry 12 } tCpmMacFltrEntryDsapMask OBJECT-TYPE SYNTAX ServiceAccessPoint MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tCpmMacFltrEntryDsapMask specifies the MAC DSAP mask for this MAC filter entry. This object has no significance if the object tCpmMacFltrEntryFrameType is not set to 802dot2LLC." DEFVAL { -1 } ::= { tCpmMacFilterEntry 13 } tCpmMacFltrEntrySrcMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tCpmMacFltrEntrySrcMAC specifies the source MAC to match for this policy MAC filter entry." DEFVAL { '000000000000'H } ::= { tCpmMacFilterEntry 14 } tCpmMacFltrEntrySrcMACMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tCpmMacFltrEntrySrcMACMask specifies the source MAC mask value for this policy MAC filter entry. The mask is ANDed with the MAC to match tCpmMacFltrEntrySrcMAC. A zero bit means ignore this bit, do not match. A one bit means match this bit with tCpmMacFltrEntrySrcMAC. Use the value 00-00-00-00-00-00 to disable this filter criteria." DEFVAL { '000000000000'H } ::= { tCpmMacFilterEntry 15 } tCpmMacFltrEntryDstMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tCpmMacFltrEntryDstMAC specifies the Destination MAC mask value for this policy MAC filter entry." DEFVAL { '000000000000'H } ::= { tCpmMacFilterEntry 16 } tCpmMacFltrEntryDstMACMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tCpmMacFltrEntryDstMACMask specifies the destination MAC mask value for this policy MAC filter entry. The mask is ANDed with the MAC to match tCpmMacFltrEntryDstMAC. A zero bit means ignore this bit, do not match. a one bit means match this bit with tCpmMacFltrEntryDstMAC. Use the value 00-00-00-00-00-00 to disable this filter criteria." DEFVAL { '000000000000'H } ::= { tCpmMacFilterEntry 17 } tCpmMacFltrEntryEtherType OBJECT-TYPE SYNTAX Integer32 (-1 | 1536..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tCpmMacFltrEntryEtherType specifies the Ethertype for this MAC filter entry. Use -1 to disable matching by this criteria. This object has no significance if the object tCpmMacFltrEntryFrameType is not set to Ethernet_II." DEFVAL { -1 } ::= { tCpmMacFilterEntry 18 } tCpmMacFltrEntrySsap OBJECT-TYPE SYNTAX ServiceAccessPoint MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tCpmMacFltrEntrySsap specifies the MAC SSAP to match for this MAC filter entry. This object has no significance if the object tCpmMacFltrEntryFrameType is not set to 802dot2LLC." DEFVAL { -1 } ::= { tCpmMacFilterEntry 21 } tCpmMacFltrEntrySsapMask OBJECT-TYPE SYNTAX ServiceAccessPoint MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tCpmMacFltrEntrySsapMask specifies the MAC SSAP mask for this MAC filter entry. Use 0 to disable matching by this criteria. This object has no significance if the object tCpmMacFltrEntryFrameType is not set to 802dot2LLC." DEFVAL { -1 } ::= { tCpmMacFilterEntry 22 } tCpmMacFltrEntryCfmOpCodeOper OBJECT-TYPE SYNTAX TOperator MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tCpmMacFltrEntryCfmOpCodeOper specifies which type of opcode checking is to be performed. If different from none, more info is provided in the objects tCpmMacFltrEntryCfmOpCodeValue1 and tCpmMacFltrEntryCfmOpCodeValue2. This object has significance only if the object tCpmMacFltrEntryFrameType refers to either ieee802.1ag or Y1731." DEFVAL { none } ::= { tCpmMacFilterEntry 23 } tCpmMacFltrEntryCfmOpCodeValue1 OBJECT-TYPE SYNTAX Unsigned32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tCpmMacFltrEntryCfmOpCodeValue1 specifies a cfm opcode. The value of this object is used as per the description for tCpmMacFltrEntryCfmOpCodeOper." DEFVAL { 0 } ::= { tCpmMacFilterEntry 24 } tCpmMacFltrEntryCfmOpCodeValue2 OBJECT-TYPE SYNTAX Unsigned32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tCpmMacFltrEntryCfmOpCodeValue2 specifies a cfm opcode. The value of this object is used as per the description for tCpmMacFltrEntryCfmOpCodeOper." DEFVAL { 0 } ::= { tCpmMacFilterEntry 25 } tCpmMacFltrEntryLogCreated OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmMacFltrEntryLogCreated indicates whether the filter log for this filter entry has been instantiated." ::= { tCpmMacFilterEntry 26 } tCpmMacFilterStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF TCpmMacFilterStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tCpmMacFilterStatsTable has a stats entry of the CPM Mac filter configured on this system. This table is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'." ::= { tmnxCpmSecurityObjs 26 } tCpmMacFilterStatsEntry OBJECT-TYPE SYNTAX TCpmMacFilterStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row entry represents the statistics related to the tCpmMacFilterEntry indexed by the same tCpmMacFltrEntryId. Entries are created when tCpmMacFilterEntry rows are created." INDEX { tCpmMacFltrEntryId } ::= { tCpmMacFilterStatsTable 1 } TCpmMacFilterStatsEntry ::= SEQUENCE { tCpmMacFilterStatsDroppedPkts Counter64, tCpmMacFilterStatsForwardedPkts Counter64 } tCpmMacFilterStatsDroppedPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmMacFilterStatsDroppedPkts indicates the number of packets dropped due to the tCpmMacFilterEntry with the same index." ::= { tCpmMacFilterStatsEntry 1 } tCpmMacFilterStatsForwardedPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmMacFilterStatsForwardedPkts indicates the number of packets forwarded due to the tCpmMacFilterEntry with the same index." ::= { tCpmMacFilterStatsEntry 2 } tmnxCpmProtAllowShamLinkPackets OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxCpmProtAllowShamLinkPackets specifies whether OSPF sham-link traffic will be allowed over VPRN transport tunnels. When the value of this object is set to 'true (1)', OSPF sham-link traffic will be allowed even if OSPF is not configured. When the value of this object is set to 'false (2)', OSPF sham-link traffic is dropped if it is received on an interface where the protocol is not configured. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." DEFVAL { false } ::= { tmnxCpmSecurityObjs 27 } tmnxCpmProtViolVdoSvcTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxCpmProtViolVdoSvcEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxCpmProtViolVdoSvcTable has an entry for each client address of a RTCP control traffic in VPLS service where the per-source rate limit was violated." ::= { tmnxCpmSecurityObjs 28 } tmnxCpmProtViolVdoSvcEntry OBJECT-TYPE SYNTAX TmnxCpmProtViolVdoSvcEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row entry represents the information related to a client address of a RTCP control traffic in VPLS service where the per-source rate limit was violated. Rows are created or removed automatically by the system." INDEX { svcId, tmnxCpmProtViolVdoSvcCltAddrType, tmnxCpmProtViolVdoSvcCltAddr } ::= { tmnxCpmProtViolVdoSvcTable 1 } TmnxCpmProtViolVdoSvcEntry ::= SEQUENCE { tmnxCpmProtViolVdoSvcCltAddrType InetAddressType, tmnxCpmProtViolVdoSvcCltAddr InetAddress, tmnxCpmProtViolVdoSvcPeriods Gauge32, tmnxCpmProtViolVdoSvcTimeStarted TimeStamp, tmnxCpmProtViolVdoSvcTime TimeStamp, tmnxCpmProtViolVdoSvcVrtrIfIndex InterfaceIndex } tmnxCpmProtViolVdoSvcCltAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxCpmProtViolVdoSvcCltAddrType indicates the type of address represented by tmnxCpmProtViolVdoSvcCltAddr." ::= { tmnxCpmProtViolVdoSvcEntry 1 } tmnxCpmProtViolVdoSvcCltAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (4|16)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxCpmProtViolVdoSvcCltAddr indicates the client IP address of a RTCP control traffic in VPLS service where the per-source rate limit was violated." ::= { tmnxCpmProtViolVdoSvcEntry 2 } tmnxCpmProtViolVdoSvcPeriods OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolVdoSvcPeriods indicates the number of times the per-source rate limit violation was detected for this client. The sampling interval length is indicated by the object tmnxCpmProtDetectPeriod." ::= { tmnxCpmProtViolVdoSvcEntry 3 } tmnxCpmProtViolVdoSvcTimeStarted OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolVdoSvcTimeStarted indicates the sysUpTime at the time of the creation of this entry." ::= { tmnxCpmProtViolVdoSvcEntry 4 } tmnxCpmProtViolVdoSvcTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolVdoSvcTime indicates the sysUpTime at the time of the last update of this entry." ::= { tmnxCpmProtViolVdoSvcEntry 5 } tmnxCpmProtViolVdoSvcVrtrIfIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolVdoSvcVrtrIfIndex specifies the secondary index in the TIMETRA-VRTR-MIB::vRtrIfTable corresponding to the video interface where the per-source rate limit was violated. The value of primary index TIMETRA-VRTR-MIB::vRtrIfTable will be equal to the virtual router identifier of vpls-management which is 4094." ::= { tmnxCpmProtViolVdoSvcEntry 6 } tmnxCpmProtViolVdoVrtrTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxCpmProtViolVdoVrtrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxCpmProtViolVdoVrtrTable has an entry for each client address of a RTCP control traffic in router context where the per-source rate limit was violated." ::= { tmnxCpmSecurityObjs 29 } tmnxCpmProtViolVdoVrtrEntry OBJECT-TYPE SYNTAX TmnxCpmProtViolVdoVrtrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row entry represents the information related to a client address of a RTCP control traffic in router context where the per-source rate limit was violated. Rows are created or removed automatically by the system." INDEX { vRtrID, tmnxCpmProtViolVdoVrtrCltAdrType, tmnxCpmProtViolVdoVrtrCltAddr } ::= { tmnxCpmProtViolVdoVrtrTable 1 } TmnxCpmProtViolVdoVrtrEntry ::= SEQUENCE { tmnxCpmProtViolVdoVrtrCltAdrType InetAddressType, tmnxCpmProtViolVdoVrtrCltAddr InetAddress, tmnxCpmProtViolVdoVrtrPeriods Gauge32, tmnxCpmProtViolVdoVrtrTimeStart TimeStamp, tmnxCpmProtViolVdoVrtrTime TimeStamp, tmnxCpmProtViolVdoVrtrSvcId TmnxServId, tmnxCpmProtViolVdoVrtrIfIndex InterfaceIndex } tmnxCpmProtViolVdoVrtrCltAdrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxCpmProtViolVdoVrtrCltAdrType indicates the type of address represented by tmnxCpmProtViolVdoVrtrCltAddr." ::= { tmnxCpmProtViolVdoVrtrEntry 1 } tmnxCpmProtViolVdoVrtrCltAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (4|16)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxCpmProtViolVdoVrtrCltAddr indicates the client IP address of a RTCP control traffic in router context where the per-source rate limit was violated." ::= { tmnxCpmProtViolVdoVrtrEntry 2 } tmnxCpmProtViolVdoVrtrPeriods OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolVdoVrtrPeriods indicates the number of times the per-source rate limit violation was detected for this client. The sampling interval length is indicated by the object tmnxCpmProtDetectPeriod." ::= { tmnxCpmProtViolVdoVrtrEntry 3 } tmnxCpmProtViolVdoVrtrTimeStart OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolVdoVrtrTimeStart indicates the sysUpTime at the time of the creation of this entry." ::= { tmnxCpmProtViolVdoVrtrEntry 4 } tmnxCpmProtViolVdoVrtrTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolVdoVrtrTime indicates the sysUpTime at the time of the last update of this entry." ::= { tmnxCpmProtViolVdoVrtrEntry 5 } tmnxCpmProtViolVdoVrtrSvcId OBJECT-TYPE SYNTAX TmnxServId MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolVdoVrtrSvcId indicates the row index in the TIMETRA-SERV-MIB::svcBaseInfoTable corresponding to the service where the per-source rate limit was violated." ::= { tmnxCpmProtViolVdoVrtrEntry 6 } tmnxCpmProtViolVdoVrtrIfIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolVdoVrtrIfIndex specifies the secondary index in the TIMETRA-VRTR-MIB::vRtrIfTable corresponding to the video interface where the per-source rate limit was violated. The value of vRtrID specifies the primary index in the TIMETRA-VRTR-MIB::vRtrIfTable." ::= { tmnxCpmProtViolVdoVrtrEntry 7 } tmnxCpmProtEthCfmPolTableLastChg OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtEthCfmPolTableLastChg indicates the value of the sysUpTime object when the last change was made to tmnxCpmProtEthCfmPolTable. A value of 0 indicates that no changes were made to tmnxCpmProtEthCfmPolTable since the system was last initialized." ::= { tmnxCpmSecurityObjs 30 } tmnxCpmProtEthCfmPolTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxCpmProtEthCfmPolEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "tmnxCpmProtEthCfmPolTable contains configurable rules (similar to an Access Control List) used to rate limit the flow of Ethernet Connectivity Fault Management packets. The table can be used to minimize the impact of an Eth-CFM Denial of Service attack. The table extends tmnxCpmProtPolTable, by allowing several triples to be defined for a CPM protection policy. For example, tmnxCpmProtEthCfmPolTable could contain the following information (where the column labels for the table's index objects are in upper case): POLICY ID ENTRY NUM Level Opcode Rate Limit --------- --------- ----- ------ ---------- 250 10 {4} {10} 100 packets/sec 250 20 {4,6} {1,3} 200 packets/sec 250 30 {0-7} {0-255} 300 packets/sec {0-7} indicates {0, 1, 2, 3, 4, 5, 6, 7}. Suppose the example configuration above is in place, and an Eth-CFM PDU arrives on a SAP which has Policy ID 250 configured against it. If the PDU contains level=4 and opcode=1, the 200 packets/sec rate limit is applied. Within a Policy ID, the first row (i.e. the row with the lowest entry number) matching the PDU applies. Therefore, the third row in the example applies a 300 packets/sec limit to any PDU which does not match the first or second row. At most four Policy IDs can have rows in this table. At most 10 rows are supported per Policy ID. If the user chooses well-spaced tmnxCpmProtEthCfmPolEntryNum values (e.g. 10, 20, 30) when initially creating the rows for a particular tmnxCpmProtPolicyId, it will be possible to add rows in the gaps later, without reconfiguration. A prerequisite for creating a row in this table: a row with the same tmnxCpmProtPolicyId must exist in tmnxCpmProtPolTable. Deleting a row in tmnxCpmProtPolTable deletes all the rows in this table with matching tmnxCpmProtPolicyId values." REFERENCE "ITU-T Y.1731 Specification, 02/2008" ::= { tmnxCpmSecurityObjs 31 } tmnxCpmProtEthCfmPolEntry OBJECT-TYPE SYNTAX TmnxCpmProtEthCfmPolEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row specifies a set of Ethernet CFM packets to be rate limited, and the associated rate limit. Table rows are created and destroyed using tmnxCpmProtEthCfmPolRowStatus." INDEX { tmnxCpmProtPolicyId, tmnxCpmProtEthCfmPolEntryNum } ::= { tmnxCpmProtEthCfmPolTable 1 } TmnxCpmProtEthCfmPolEntry ::= SEQUENCE { tmnxCpmProtEthCfmPolEntryNum Unsigned32, tmnxCpmProtEthCfmPolRowStatus RowStatus, tmnxCpmProtEthCfmPolLastChanged TimeStamp, tmnxCpmProtEthCfmPolLevelSet BITS, tmnxCpmProtEthCfmPolOpCodeSet BITS, tmnxCpmProtEthCfmPolRateLimit TmnxCpmPktPolRateLimitInclZero } tmnxCpmProtEthCfmPolEntryNum OBJECT-TYPE SYNTAX Unsigned32 (1..100) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxCpmProtEthCfmPolEntryNum specifies a user-selected entry number. This index exists to allow multiple tmnxCpmProtEthCfmPolTable rows for one tmnxCpmProtPolicyId." ::= { tmnxCpmProtEthCfmPolEntry 1 } tmnxCpmProtEthCfmPolRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxCpmProtEthCfmPolRowStatus specifies the row status of this tmnxCpmProtEthCfmPolEntry." ::= { tmnxCpmProtEthCfmPolEntry 2 } tmnxCpmProtEthCfmPolLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtEthCfmPolLastChanged indicates the value of the sysUpTime object when the last change was made to this row. A value of 0 indicates that no changes were made to this row since the system was last initialized." ::= { tmnxCpmProtEthCfmPolEntry 3 } tmnxCpmProtEthCfmPolLevelSet OBJECT-TYPE SYNTAX BITS { level0 (0), level1 (1), level2 (2), level3 (3), level4 (4), level5 (5), level6 (6), level7 (7) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxCpmProtEthCfmPolLevelSet specifies a set of MEG (Maintenance Entity Group) Level values. At least one Level must be specified (i.e. the empty set is not supported). The rate limit specified by tmnxCpmProtEthCfmPolRateLimit applies to an Eth-CFM PDU if: a) tmnxCpmProtPolicyId is configured against the PDU stream containing the PDU, and b) the PDU's MEL (MEG Level) value is an element of tmnxCpmProtEthCfmPolLevelSet, and c) the PDU's Opcode value is an element of tmnxCpmProtEthCfmPolOpCodeSet." ::= { tmnxCpmProtEthCfmPolEntry 4 } tmnxCpmProtEthCfmPolOpCodeSet OBJECT-TYPE SYNTAX BITS { opCode0 (0), opCode1 (1), opCode2 (2), opCode3 (3), opCode4 (4), opCode5 (5), opCode6 (6), opCode7 (7), opCode8 (8), opCode9 (9), opCode10 (10), opCode11 (11), opCode12 (12), opCode13 (13), opCode14 (14), opCode15 (15), opCode16 (16), opCode17 (17), opCode18 (18), opCode19 (19), opCode20 (20), opCode21 (21), opCode22 (22), opCode23 (23), opCode24 (24), opCode25 (25), opCode26 (26), opCode27 (27), opCode28 (28), opCode29 (29), opCode30 (30), opCode31 (31), opCode32 (32), opCode33 (33), opCode34 (34), opCode35 (35), opCode36 (36), opCode37 (37), opCode38 (38), opCode39 (39), opCode40 (40), opCode41 (41), opCode42 (42), opCode43 (43), opCode44 (44), opCode45 (45), opCode46 (46), opCode47 (47), opCode48 (48), opCode49 (49), opCode50 (50), opCode51 (51), opCode52 (52), opCode53 (53), opCode54 (54), opCode55 (55), opCode56 (56), opCode57 (57), opCode58 (58), opCode59 (59), opCode60 (60), opCode61 (61), opCode62 (62), opCode63 (63), opCode64 (64), opCode65 (65), opCode66 (66), opCode67 (67), opCode68 (68), opCode69 (69), opCode70 (70), opCode71 (71), opCode72 (72), opCode73 (73), opCode74 (74), opCode75 (75), opCode76 (76), opCode77 (77), opCode78 (78), opCode79 (79), opCode80 (80), opCode81 (81), opCode82 (82), opCode83 (83), opCode84 (84), opCode85 (85), opCode86 (86), opCode87 (87), opCode88 (88), opCode89 (89), opCode90 (90), opCode91 (91), opCode92 (92), opCode93 (93), opCode94 (94), opCode95 (95), opCode96 (96), opCode97 (97), opCode98 (98), opCode99 (99), opCode100 (100), opCode101 (101), opCode102 (102), opCode103 (103), opCode104 (104), opCode105 (105), opCode106 (106), opCode107 (107), opCode108 (108), opCode109 (109), opCode110 (110), opCode111 (111), opCode112 (112), opCode113 (113), opCode114 (114), opCode115 (115), opCode116 (116), opCode117 (117), opCode118 (118), opCode119 (119), opCode120 (120), opCode121 (121), opCode122 (122), opCode123 (123), opCode124 (124), opCode125 (125), opCode126 (126), opCode127 (127), opCode128 (128), opCode129 (129), opCode130 (130), opCode131 (131), opCode132 (132), opCode133 (133), opCode134 (134), opCode135 (135), opCode136 (136), opCode137 (137), opCode138 (138), opCode139 (139), opCode140 (140), opCode141 (141), opCode142 (142), opCode143 (143), opCode144 (144), opCode145 (145), opCode146 (146), opCode147 (147), opCode148 (148), opCode149 (149), opCode150 (150), opCode151 (151), opCode152 (152), opCode153 (153), opCode154 (154), opCode155 (155), opCode156 (156), opCode157 (157), opCode158 (158), opCode159 (159), opCode160 (160), opCode161 (161), opCode162 (162), opCode163 (163), opCode164 (164), opCode165 (165), opCode166 (166), opCode167 (167), opCode168 (168), opCode169 (169), opCode170 (170), opCode171 (171), opCode172 (172), opCode173 (173), opCode174 (174), opCode175 (175), opCode176 (176), opCode177 (177), opCode178 (178), opCode179 (179), opCode180 (180), opCode181 (181), opCode182 (182), opCode183 (183), opCode184 (184), opCode185 (185), opCode186 (186), opCode187 (187), opCode188 (188), opCode189 (189), opCode190 (190), opCode191 (191), opCode192 (192), opCode193 (193), opCode194 (194), opCode195 (195), opCode196 (196), opCode197 (197), opCode198 (198), opCode199 (199), opCode200 (200), opCode201 (201), opCode202 (202), opCode203 (203), opCode204 (204), opCode205 (205), opCode206 (206), opCode207 (207), opCode208 (208), opCode209 (209), opCode210 (210), opCode211 (211), opCode212 (212), opCode213 (213), opCode214 (214), opCode215 (215), opCode216 (216), opCode217 (217), opCode218 (218), opCode219 (219), opCode220 (220), opCode221 (221), opCode222 (222), opCode223 (223), opCode224 (224), opCode225 (225), opCode226 (226), opCode227 (227), opCode228 (228), opCode229 (229), opCode230 (230), opCode231 (231), opCode232 (232), opCode233 (233), opCode234 (234), opCode235 (235), opCode236 (236), opCode237 (237), opCode238 (238), opCode239 (239), opCode240 (240), opCode241 (241), opCode242 (242), opCode243 (243), opCode244 (244), opCode245 (245), opCode246 (246), opCode247 (247), opCode248 (248), opCode249 (249), opCode250 (250), opCode251 (251), opCode252 (252), opCode253 (253), opCode254 (254), opCode255 (255) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxCpmProtEthCfmPolOpCodeSet specifies a set of Eth-CFM PDU Opcode values to be matched against the Opcode field of an Eth-CFM PDU which is subject to rate limiting. At least one Opcode must be specified (i.e. the empty set is not supported). This object works in conjunction with tmnxCpmProtEthCfmPolLevelSet, as described in the tmnxCpmProtEthCfmPolLevelSet DESCRIPTION." ::= { tmnxCpmProtEthCfmPolEntry 5 } tmnxCpmProtEthCfmPolRateLimit OBJECT-TYPE SYNTAX TmnxCpmPktPolRateLimitInclZero UNITS "packets per second" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxCpmProtEthCfmPolRateLimit specifies the rate limit to be enforced for the Eth-CFM packet stream specified by tmnxCpmProtPolicyId, tmnxCpmProtEthCfmPolLevelSet, and tmnxCpmProtEthCfmPolOpCodeSet." DEFVAL { -1 } ::= { tmnxCpmProtEthCfmPolEntry 6 } tmnxCpmProtViolSdpBindTblLastChg OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolSdpBindTblLastChg indicates the sysUpTime at the time of the last modification of an entry in the tmnxCpmProtViolSdpBindTable. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object is zero." ::= { tmnxCpmSecurityObjs 32 } tmnxCpmProtViolSdpBindTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxCpmProtViolSdpBindEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "tmnxCpmProtViolSdpBindTable has a row for each SDP binding, where the overall packet arrival rate limit was violated." ::= { tmnxCpmSecurityObjs 33 } tmnxCpmProtViolSdpBindEntry OBJECT-TYPE SYNTAX TmnxCpmProtViolSdpBindEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row contains the statistics for an SDP binding where the overall packet arrival rate limit was violated. Rows are created or removed automatically by the system." INDEX { svcId, sdpBindId } ::= { tmnxCpmProtViolSdpBindTable 1 } TmnxCpmProtViolSdpBindEntry ::= SEQUENCE { tmnxCpmProtViolSdpBindPeriods Counter32, tmnxCpmProtViolSdpBindTimeStartd TimeStamp, tmnxCpmProtViolSdpBindTime TimeStamp } tmnxCpmProtViolSdpBindPeriods OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolSdpBindPeriods indicates the number of times a rate limit violation was detected at this SDP binding. The sampling interval length is indicated by the object tmnxCpmProtDetectPeriod." ::= { tmnxCpmProtViolSdpBindEntry 1 } tmnxCpmProtViolSdpBindTimeStartd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolSdpBindTimeStartd indicates the sysUpTime at the time of the creation of this entry." ::= { tmnxCpmProtViolSdpBindEntry 2 } tmnxCpmProtViolSdpBindTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtViolSdpBindTime indicates the sysUpTime at the time of the last update of this entry." ::= { tmnxCpmProtViolSdpBindEntry 3 } tmnxCpmProtExcdSdpBindTblLastChg OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSdpBindTblLastChg indicates the sysUpTime at the time of the last modification of an entry in the tmnxCpmProtExcdSdpBindTable. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object is zero." ::= { tmnxCpmSecurityObjs 34 } tmnxCpmProtExcdSdpBindTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxCpmProtExcdSdpBindEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "tmnxCpmProtExcdSdpBindTable has a row for each SDP binding and source MAC address pair that has exceeded its per-source rate limit. The equivalent table for SAPs is tmnxCpmProtExcdTable." ::= { tmnxCpmSecurityObjs 35 } tmnxCpmProtExcdSdpBindEntry OBJECT-TYPE SYNTAX TmnxCpmProtExcdSdpBindEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row contains the statistics for a PDU stream that has exceeded its per-source rate limit. Rows are created or removed automatically by the system." INDEX { svcId, sdpBindId, tmnxCpmProtExcdSdpBindMac } ::= { tmnxCpmProtExcdSdpBindTable 1 } TmnxCpmProtExcdSdpBindEntry ::= SEQUENCE { tmnxCpmProtExcdSdpBindMac MacAddress, tmnxCpmProtExcdSdpBindPeriods Counter32, tmnxCpmProtExcdSdpBindTimeStartd TimeStamp, tmnxCpmProtExcdSdpBindTime TimeStamp } tmnxCpmProtExcdSdpBindMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSdpBindMac specifies the MAC address of the source." ::= { tmnxCpmProtExcdSdpBindEntry 1 } tmnxCpmProtExcdSdpBindPeriods OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSdpBindPeriods indicates the number of times a per-source rate limit violation was detected for this source. The sampling interval length is indicated by the object tmnxCpmProtDetectPeriod." ::= { tmnxCpmProtExcdSdpBindEntry 2 } tmnxCpmProtExcdSdpBindTimeStartd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSdpBindTimeStartd indicates the sysUpTime at the time of the creation of this entry." ::= { tmnxCpmProtExcdSdpBindEntry 3 } tmnxCpmProtExcdSdpBindTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSdpBindTime indicates the sysUpTime at the time of the last update of this entry." ::= { tmnxCpmProtExcdSdpBindEntry 4 } tmnxCpmProtExcdSdpBindEcmTblLChg OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSdpBindEcmTblLChg indicates the sysUpTime at the time of the last modification of an entry in the tmnxCpmProtExcdSdpBindEcmTable. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object is zero." ::= { tmnxCpmSecurityObjs 36 } tmnxCpmProtExcdSdpBindEcmTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxCpmProtExcdSdpBindEcmEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "tmnxCpmProtExcdSdpBindEcmTable has a row for each Ethernet Connectivity Fault Management (Eth-CFM) PDU stream, served by an SDP binding, that has exceeded its Eth-CFM rate limit." ::= { tmnxCpmSecurityObjs 37 } tmnxCpmProtExcdSdpBindEcmEntry OBJECT-TYPE SYNTAX TmnxCpmProtExcdSdpBindEcmEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row contains the statistics for an Eth-CFM PDU stream that has exceeded its Eth-CFM rate limit. Rows are created or removed automatically by the system." INDEX { svcId, sdpBindId, tmnxCpmProtExcdSdpBindEcmMac, tmnxCpmProtExcdSdpBindEcmLevel, tmnxCpmProtExcdSdpBindEcmOpCode } ::= { tmnxCpmProtExcdSdpBindEcmTable 1 } TmnxCpmProtExcdSdpBindEcmEntry ::= SEQUENCE { tmnxCpmProtExcdSdpBindEcmMac MacAddress, tmnxCpmProtExcdSdpBindEcmLevel Dot1agCfmMDLevel, tmnxCpmProtExcdSdpBindEcmOpCode TmnxCpmProtEthCfmOpCode, tmnxCpmProtExcdSdpBindEcmPeriods Counter32, tmnxCpmProtExcdSdpBindEcmStarted TimeStamp, tmnxCpmProtExcdSdpBindEcmTime TimeStamp } tmnxCpmProtExcdSdpBindEcmMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSdpBindEcmMac specifies a source MAC address. The Eth-CFM PDU stream matching the MAC address (and matching the other index values of this table) has exceeded its Eth-CFM rate limit. The manager must provide the all-zero MAC address to get a row for a stream which is Eth-CFM rate limited using the 'ethCfmMonitorAggregate(1)' option of the sdpBindCpmProtEthCfmMonitorFlags object." ::= { tmnxCpmProtExcdSdpBindEcmEntry 1 } tmnxCpmProtExcdSdpBindEcmLevel OBJECT-TYPE SYNTAX Dot1agCfmMDLevel MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSdpBindEcmLevel specifies an Eth-CFM domain level. The Eth-CFM PDU stream matching the domain level (and matching the other index values of this table) has exceeded its Eth-CFM rate limit." ::= { tmnxCpmProtExcdSdpBindEcmEntry 2 } tmnxCpmProtExcdSdpBindEcmOpCode OBJECT-TYPE SYNTAX TmnxCpmProtEthCfmOpCode MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSdpBindEcmOpCode specifies an Eth-CFM opcode (e.g. Continuity Check Message == 1). The Eth-CFM PDU stream matching the opcode (and matching the other index values of this table) has exceeded its Eth-CFM rate limit." ::= { tmnxCpmProtExcdSdpBindEcmEntry 3 } tmnxCpmProtExcdSdpBindEcmPeriods OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSdpBindEcmPeriods indicates the number of times a rate limit violation was detected for this source. The sampling interval length is indicated by the object tmnxCpmProtDetectPeriod." ::= { tmnxCpmProtExcdSdpBindEcmEntry 4 } tmnxCpmProtExcdSdpBindEcmStarted OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSdpBindEcmStarted indicates the sysUpTime at the time of the creation of this entry." ::= { tmnxCpmProtExcdSdpBindEcmEntry 5 } tmnxCpmProtExcdSdpBindEcmTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSdpBindEcmTime indicates the sysUpTime at the time of the last update of this entry." ::= { tmnxCpmProtExcdSdpBindEcmEntry 6 } tmnxCpmProtExcdSapEcmTblLChg OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSapEcmTblLChg indicates the sysUpTime at the time of the last modification of an entry in the tmnxCpmProtExcdSapEcmTable. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object is zero." ::= { tmnxCpmSecurityObjs 38 } tmnxCpmProtExcdSapEcmTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxCpmProtExcdSapEcmEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "tmnxCpmProtExcdSapEcmTable has a row for each Ethernet Connectivity Fault Management (Eth-CFM) PDU stream, served by a SAP, that has exceeded its Eth-CFM rate limit." ::= { tmnxCpmSecurityObjs 39 } tmnxCpmProtExcdSapEcmEntry OBJECT-TYPE SYNTAX TmnxCpmProtExcdSapEcmEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row contains the statistics for an Eth-CFM PDU stream that has exceeded its Eth-CFM rate limit. Rows are created or removed automatically by the system." INDEX { svcId, sapPortId, sapEncapValue, tmnxCpmProtExcdSapEcmMac, tmnxCpmProtExcdSapEcmLevel, tmnxCpmProtExcdSapEcmOpCode } ::= { tmnxCpmProtExcdSapEcmTable 1 } TmnxCpmProtExcdSapEcmEntry ::= SEQUENCE { tmnxCpmProtExcdSapEcmMac MacAddress, tmnxCpmProtExcdSapEcmLevel Dot1agCfmMDLevel, tmnxCpmProtExcdSapEcmOpCode TmnxCpmProtEthCfmOpCode, tmnxCpmProtExcdSapEcmPeriods Counter32, tmnxCpmProtExcdSapEcmStarted TimeStamp, tmnxCpmProtExcdSapEcmTime TimeStamp } tmnxCpmProtExcdSapEcmMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSapEcmMac specifies a source MAC address. The Eth-CFM PDU stream matching the MAC address (and matching the other index values of this table) has exceeded its Eth-CFM rate limit. The manager must provide the all-zero MAC address to get a row for a stream which is Eth-CFM rate limited using the 'ethCfmMonitorAggregate(1)' option of the sapCpmProtEthCfmMonitorFlags object." ::= { tmnxCpmProtExcdSapEcmEntry 1 } tmnxCpmProtExcdSapEcmLevel OBJECT-TYPE SYNTAX Dot1agCfmMDLevel MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSapEcmLevel specifies an Eth-CFM domain level. The Eth-CFM PDU stream matching the domain level (and matching the other index values of this table) has exceeded its Eth-CFM rate limit." ::= { tmnxCpmProtExcdSapEcmEntry 2 } tmnxCpmProtExcdSapEcmOpCode OBJECT-TYPE SYNTAX TmnxCpmProtEthCfmOpCode MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSapEcmOpCode specifies an Eth-CFM opcode (e.g. Continuity Check Message == 1). The Eth-CFM PDU stream matching the opcode (and matching the other index values of this table) has exceeded its Eth-CFM rate limit." ::= { tmnxCpmProtExcdSapEcmEntry 3 } tmnxCpmProtExcdSapEcmPeriods OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSapEcmPeriods indicates the number of times a rate limit violation was detected for this source. The sampling interval length is indicated by the object tmnxCpmProtDetectPeriod." ::= { tmnxCpmProtExcdSapEcmEntry 4 } tmnxCpmProtExcdSapEcmStarted OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSapEcmStarted indicates the sysUpTime at the time of the creation of this entry." ::= { tmnxCpmProtExcdSapEcmEntry 5 } tmnxCpmProtExcdSapEcmTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSapEcmTime indicates the sysUpTime at the time of the last update of this entry." ::= { tmnxCpmProtExcdSapEcmEntry 6 } tmnxCpmVprnNwExceptions OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxCpmVprnNwExceptions specifies whether the MPLS exception messages are allowed to be received on all VPRN instances. When the value of tmnxCpmVprnNwExceptions is set to 'true', the MPLS exception messages are allowed to be received on all VPRN instances in the system from all network interfaces. When the value of tmnxCpmVprnNwExceptions is set to 'false', the MPLS exception messages are not allowed to be received on all VPRN instances in the system from all network interfaces." DEFVAL { false } ::= { tmnxCpmSecurityObjs 40 } tmnxCpmNumVprnNwExceptions OBJECT-TYPE SYNTAX Unsigned32 (10..1000) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxCpmNumVprnNwExceptions specifies the number of MPLS exception messages allowed to be received in the time frame specified by tmnxCpmVprnNwExceptionsTime." DEFVAL { 100 } ::= { tmnxCpmSecurityObjs 41 } tmnxCpmVprnNwExceptionsTime OBJECT-TYPE SYNTAX Unsigned32 (1..60) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxCpmVprnNwExceptionsTime specifies the time frame in seconds that is used to limit the number of MPLS exception messages issued per time frame." DEFVAL { 10 } ::= { tmnxCpmSecurityObjs 42 } tmnxCpmProtExcdSapIpTableLastChg OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSapIpTableLastChg indicates the sysUpTime at the time of the last add, change, or delete of a row in the tmnxCpmProtExcdSapIpTable. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero." ::= { tmnxCpmSecurityObjs 43 } tmnxCpmProtExcdSapIpTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxCpmProtExcdSapIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "tmnxCpmProtExcdSapIpTable has a row for each triple that has exceeded the per-source rate limit configured for the pair. IP layer per-source rate limiting is enabled for a pair by setting TIMETRA-SAP-MIB::sapCpmProtMonitorIP to 'true'." ::= { tmnxCpmSecurityObjs 44 } tmnxCpmProtExcdSapIpEntry OBJECT-TYPE SYNTAX TmnxCpmProtExcdSapIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row contains statistics for an IP packet stream that has exceeded its per-source rate limit. A row is created by the system the first time a triple exceeds its per-source rate limit. The row is updated by the system on subsequent violations. Rows are deleted when a clear operation is requested on the underlying statistics." INDEX { svcId, sapPortId, sapEncapValue, tmnxCpmProtExcdSapIpAddrType, tmnxCpmProtExcdSapIpAddr } ::= { tmnxCpmProtExcdSapIpTable 1 } TmnxCpmProtExcdSapIpEntry ::= SEQUENCE { tmnxCpmProtExcdSapIpAddrType InetAddressType, tmnxCpmProtExcdSapIpAddr InetAddress, tmnxCpmProtExcdSapIpPeriods Counter32, tmnxCpmProtExcdSapIpStarted TimeStamp, tmnxCpmProtExcdSapIpTime TimeStamp } tmnxCpmProtExcdSapIpAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSapIpAddrType indicates the address type of tmnxCpmProtExcdSapIpAddr. 'ipv4(1)' is the only supported value." ::= { tmnxCpmProtExcdSapIpEntry 1 } tmnxCpmProtExcdSapIpAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (4|16)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSapIpAddr indicates the IP address of a source which has exceeded its per-source rate limit." ::= { tmnxCpmProtExcdSapIpEntry 2 } tmnxCpmProtExcdSapIpPeriods OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSapIpPeriods indicates the number of times a per-source rate limit violation was detected for this source. The sampling interval length is indicated by the object tmnxCpmProtDetectPeriod." ::= { tmnxCpmProtExcdSapIpEntry 3 } tmnxCpmProtExcdSapIpStarted OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSapIpStarted indicates the sysUpTime at the time of the creation of this row." ::= { tmnxCpmProtExcdSapIpEntry 4 } tmnxCpmProtExcdSapIpTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSapIpTime indicates the sysUpTime at the time of the last update of this row." ::= { tmnxCpmProtExcdSapIpEntry 5 } tmnxDCpuProtPolicyTblLstChg OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxDCpuProtPolicyTblLstChg indicates the timestamp of the last change to the tmnxDCpuProtPolicyTable. A value of 0 indicates that no changes were made to this table since the system was last initialized." ::= { tmnxCpmSecurityObjs 45 } tmnxDCpuProtPolicyTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxDCpuProtPolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxDCpuProtPolicyTable has an entry for each Distributed CPU Protection Policy configured in the system." ::= { tmnxCpmSecurityObjs 46 } tmnxDCpuProtPolicyEntry OBJECT-TYPE SYNTAX TmnxDCpuProtPolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row entry represents the configuration information related to a Distributed CPU Protection Policy." INDEX { tmnxDCpuProtPolicyName } ::= { tmnxDCpuProtPolicyTable 1 } TmnxDCpuProtPolicyEntry ::= SEQUENCE { tmnxDCpuProtPolicyName TNamedItem, tmnxDCpuProtPolicyRowStatus RowStatus, tmnxDCpuProtPolicyLastMdfy TimeStamp, tmnxDCpuProtPolicyDescr TItemDescription } tmnxDCpuProtPolicyName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxDCpuProtPolicyName specifies Distributed CPU Protection Policy name." ::= { tmnxDCpuProtPolicyEntry 1 } tmnxDCpuProtPolicyRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The tmnxDCpuProtPolicyRowStatus object is used to create and delete rows in the tmnxDCpuProtPolicyTable." ::= { tmnxDCpuProtPolicyEntry 2 } tmnxDCpuProtPolicyLastMdfy OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxDCpuProtPolicyLastMdfy object indicates the timestamp of the last change to this row. A value of zero indicates that this row was not modified since the system was last initialized." ::= { tmnxDCpuProtPolicyEntry 3 } tmnxDCpuProtPolicyDescr OBJECT-TYPE SYNTAX TItemDescription MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtPolicyDescr specifies the user provided description of this Distributed CPU Protection Policy." DEFVAL { ''H } ::= { tmnxDCpuProtPolicyEntry 4 } tmnxDCpuProtStaticPlcrTblLstChg OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxDCpuProtStaticPlcrTblLstChg indicates the timestamp of the last change to the tmnxDCpuProtStaticPlcrTable. A value of 0 indicates that no changes were made to this table since the system was last initialized." ::= { tmnxCpmSecurityObjs 47 } tmnxDCpuProtStaticPlcrTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxDCpuProtStaticPlcrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxDCpuProtStaticPlcrTable has an entry for static-policer configured for each Distributed CPU Protection Policy identified by tmnxDCpuProtPolicyName." ::= { tmnxCpmSecurityObjs 48 } tmnxDCpuProtStaticPlcrEntry OBJECT-TYPE SYNTAX TmnxDCpuProtStaticPlcrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row entry represents the configuration information related to static-policer for Distributed CPU Protection Policy." INDEX { tmnxDCpuProtPolicyName, tmnxDCpuProtStaticPlcrName } ::= { tmnxDCpuProtStaticPlcrTable 1 } TmnxDCpuProtStaticPlcrEntry ::= SEQUENCE { tmnxDCpuProtStaticPlcrName TNamedItem, tmnxDCpuProtStaticPlcrRowStatus RowStatus, tmnxDCpuProtStaticPlcrLastMdfy TimeStamp, tmnxDCpuProtStaticPlcrDescr TItemDescription, tmnxDCpuProtStaticPlcrPackets TmnxDistCpuProtPacketPolicerRateLimit, tmnxDCpuProtStaticPlcrWithin Unsigned32, tmnxDCpuProtStaticPlcrInitDelay Unsigned32, tmnxDCpuProtStaticPlcrKbps TmnxDistCpuProtRate, tmnxDCpuProtStaticPlcrMbs TmnxDistCpuProtBurstSize, tmnxDCpuProtStaticPlcrExdActn TmnxDistCpuProtAction, tmnxDCpuProtStaticPlcrExdHold TmnxDistCpuProtActionDuration, tmnxDCpuProtStaticPlcrRateType TmnxDistCpuProtRateType, tmnxDCpuProtStaticPlcrDectnTime Unsigned32, tmnxDCpuProtStaticPlcrLogEvent TmnxDistCpuProtLogEventType } tmnxDCpuProtStaticPlcrName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxDCpuProtStaticPlcrName specifies the static-policer name for Distributed CPU Protection Policy." ::= { tmnxDCpuProtStaticPlcrEntry 1 } tmnxDCpuProtStaticPlcrRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The tmnxDCpuProtStaticPlcrRowStatus object is used to create and delete rows in the tmnxDCpuProtStaticPlcrTable." ::= { tmnxDCpuProtStaticPlcrEntry 2 } tmnxDCpuProtStaticPlcrLastMdfy OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxDCpuProtStaticPlcrLastMdfy object indicates the timestamp of the last change to this row. A value of zero indicates that this row was not modified since the system was last initialized." ::= { tmnxDCpuProtStaticPlcrEntry 3 } tmnxDCpuProtStaticPlcrDescr OBJECT-TYPE SYNTAX TItemDescription MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtStaticPlcrDescr specifies the user provided description for this static-policer." DEFVAL { ''H } ::= { tmnxDCpuProtStaticPlcrEntry 4 } tmnxDCpuProtStaticPlcrPackets OBJECT-TYPE SYNTAX TmnxDistCpuProtPacketPolicerRateLimit UNITS "packets per interval" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtStaticPlcrPackets specifies the overall packet arrival rate limit to be applied to all sources of packets. A default value of -1, specifies an unrestricted packet arrival rate." DEFVAL { -1 } ::= { tmnxDCpuProtStaticPlcrEntry 5 } tmnxDCpuProtStaticPlcrWithin OBJECT-TYPE SYNTAX Unsigned32 (1..32767) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtStaticPlcrWithin specifies packets rate limiting time base." DEFVAL { 1 } ::= { tmnxDCpuProtStaticPlcrEntry 6 } tmnxDCpuProtStaticPlcrInitDelay OBJECT-TYPE SYNTAX Unsigned32 (0..255) UNITS "packets" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtStaticPlcrInitDelay specifies the number of packets allowed in an initial burst or burst after the policer bucket has drained to zero." DEFVAL { 0 } ::= { tmnxDCpuProtStaticPlcrEntry 7 } tmnxDCpuProtStaticPlcrKbps OBJECT-TYPE SYNTAX TmnxDistCpuProtRate UNITS "kilobps" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtStaticPlcrKbps specifies the limiting rate. When tmnxDCpuProtStaticPlcrKbps is used, bucket limit in the policer is initialized to value specified by tmnxDCpuProtStaticPlcrMbs." DEFVAL { -1 } ::= { tmnxDCpuProtStaticPlcrEntry 8 } tmnxDCpuProtStaticPlcrMbs OBJECT-TYPE SYNTAX TmnxDistCpuProtBurstSize UNITS "bytes" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtStaticPlcrMbs specifies buffer space assigned. When tmnxDCpuProtStaticPlcrKbps is used, bucket limit in the policer is initialized to value specified by tmnxDCpuProtStaticPlcrMbs." DEFVAL { -1 } ::= { tmnxDCpuProtStaticPlcrEntry 9 } tmnxDCpuProtStaticPlcrExdActn OBJECT-TYPE SYNTAX TmnxDistCpuProtAction MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtStaticPlcrExdActn specifies the exceed-action performed on the incoming packets. When the value of tmnxDCpuProtStaticPlcrExdActn is set to discard, all packets that are non-conformant are discarded and when it is set to low-priority, all packets that are non-conformant are marked as low-priority." DEFVAL { none } ::= { tmnxDCpuProtStaticPlcrEntry 10 } tmnxDCpuProtStaticPlcrExdHold OBJECT-TYPE SYNTAX TmnxDistCpuProtActionDuration UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtStaticPlcrExdHold specifies the hold-down behavior. When an enforcement policer has marked or discarded one or more packets and tmnxDCpuProtStaticPlcrExdHold has been specified for the exceed-action, then the policer will be set into a mark-all or drop-all mode that causes the policer state to be updated as normal and also causes all packets to be marked as low-priority or discard regardless of the results of the policing decisions/actions/state." DEFVAL { 0 } ::= { tmnxDCpuProtStaticPlcrEntry 11 } tmnxDCpuProtStaticPlcrRateType OBJECT-TYPE SYNTAX TmnxDistCpuProtRateType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtStaticPlcrRateType specifies the rate type applied for static-policer specified by tmnxDCpuProtStaticPlcrName. When the value of tmnxDCpuProtStaticPlcrName is 'packets', the values of tmnxDCpuProtStaticPlcrKbps and tmnxDCpuProtStaticPlcrMbs are set to default values. When the value of tmnxDCpuProtStaticPlcrName is 'kbps', the values of tmnxDCpuProtStaticPlcrPackets, tmnxDCpuProtStaticPlcrWithin and tmnxDCpuProtStaticPlcrInitDelay are set to default values." DEFVAL { packets } ::= { tmnxDCpuProtStaticPlcrEntry 12 } tmnxDCpuProtStaticPlcrDectnTime OBJECT-TYPE SYNTAX Unsigned32 (1..128000) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtStaticPlcrDectnTime specifies contiguous conformant period, when a static-policer specified by tmnxDCpuProtStaticPlcrName is declared in an 'exceed' state." DEFVAL { 30 } ::= { tmnxDCpuProtStaticPlcrEntry 13 } tmnxDCpuProtStaticPlcrLogEvent OBJECT-TYPE SYNTAX TmnxDistCpuProtLogEventType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtStaticPlcrLogEvent controls the creation of log events related to static policer status and activity." DEFVAL { enable } ::= { tmnxDCpuProtStaticPlcrEntry 14 } tmnxDCpuProtLocMonPlcrTblLstChg OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxDCpuProtLocMonPlcrTblLstChg indicates the timestamp of the last change to the tmnxDCpuProtLocMonPlcrTable. A value of 0 indicates that no changes were made to this table since the system was last initialized." ::= { tmnxCpmSecurityObjs 49 } tmnxDCpuProtLocMonPlcrTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxDCpuProtLocMonPlcrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxDCpuProtLocMonPlcrTable has an entry for each Distributed CPU Protection Policy configured in the system." ::= { tmnxCpmSecurityObjs 50 } tmnxDCpuProtLocMonPlcrEntry OBJECT-TYPE SYNTAX TmnxDCpuProtLocMonPlcrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row entry represents the configuration information related to Local Monitoring Policer for Distributed CPU Protection Policy." INDEX { tmnxDCpuProtPolicyName, tmnxDCpuProtLocMonPlcrName } ::= { tmnxDCpuProtLocMonPlcrTable 1 } TmnxDCpuProtLocMonPlcrEntry ::= SEQUENCE { tmnxDCpuProtLocMonPlcrName TNamedItem, tmnxDCpuProtLocMonPlcrRowStatus RowStatus, tmnxDCpuProtLocMonPlcrLastMdfy TimeStamp, tmnxDCpuProtLocMonPlcrDescr TItemDescription, tmnxDCpuProtLocMonPlcrPackets TmnxDistCpuProtPacketRateLimit, tmnxDCpuProtLocMonPlcrWithin Unsigned32, tmnxDCpuProtLocMonPlcrInitDelay Unsigned32, tmnxDCpuProtLocMonPlcrKbps TmnxDistCpuProtRate, tmnxDCpuProtLocMonPlcrMbs TmnxDistCpuProtBurstSize, tmnxDCpuProtLocMonPlcrExcdActn TmnxDistCpuProtAction, tmnxDCpuProtLocMonPlcrRateType TmnxDistCpuProtRateType, tmnxDCpuProtLocMonPlcrLogEvent TmnxDistCpuProtLogEventType } tmnxDCpuProtLocMonPlcrName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxDCpuProtLocMonPlcrName specifies the local monitoring policy name for Distributed CPU Protection Policy." ::= { tmnxDCpuProtLocMonPlcrEntry 1 } tmnxDCpuProtLocMonPlcrRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The tmnxDCpuProtLocMonPlcrRowStatus object is used to create and delete rows in the tmnxDCpuProtLocMonPlcrTable." ::= { tmnxDCpuProtLocMonPlcrEntry 2 } tmnxDCpuProtLocMonPlcrLastMdfy OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxDCpuProtLocMonPlcrLastMdfy object indicates the timestamp of the last change to this row. A value of zero indicates that this row was not modified since the system was last initialized." ::= { tmnxDCpuProtLocMonPlcrEntry 3 } tmnxDCpuProtLocMonPlcrDescr OBJECT-TYPE SYNTAX TItemDescription MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtLocMonPlcrDescr specifies the user provided description of this Distributed CPU Protection Policy." DEFVAL { ''H } ::= { tmnxDCpuProtLocMonPlcrEntry 4 } tmnxDCpuProtLocMonPlcrPackets OBJECT-TYPE SYNTAX TmnxDistCpuProtPacketRateLimit UNITS "packets per interval" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtLocMonPlcrPackets specifies the overall packet arrival rate limit to be applied to all sources of packets. A default value of -1, specifies an unrestricted packet arrival rate." DEFVAL { -1 } ::= { tmnxDCpuProtLocMonPlcrEntry 5 } tmnxDCpuProtLocMonPlcrWithin OBJECT-TYPE SYNTAX Unsigned32 (1..32767) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtLocMonPlcrWithin specifies packets rate limiting time base." DEFVAL { 1 } ::= { tmnxDCpuProtLocMonPlcrEntry 6 } tmnxDCpuProtLocMonPlcrInitDelay OBJECT-TYPE SYNTAX Unsigned32 (0..255) UNITS "packets" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtLocMonPlcrInitDelay specifies the number of packets allowed in an initial burst or burst after the policer bucket has drained to zero." DEFVAL { 0 } ::= { tmnxDCpuProtLocMonPlcrEntry 7 } tmnxDCpuProtLocMonPlcrKbps OBJECT-TYPE SYNTAX TmnxDistCpuProtRate UNITS "kilobps" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtLocMonPlcrKbps specifies the limiting rate. When tmnxDCpuProtLocMonPlcrKbps is used, bucket limit in the policer is initialized to value specified by tmnxDCpuProtLocMonPlcrMbs." DEFVAL { -1 } ::= { tmnxDCpuProtLocMonPlcrEntry 8 } tmnxDCpuProtLocMonPlcrMbs OBJECT-TYPE SYNTAX TmnxDistCpuProtBurstSize UNITS "bytes" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtLocMonPlcrMbs specifies buffer space assigned. When tmnxDCpuProtLocMonPlcrKbps is used, bucket limit in the policer is initialized to value specified by tmnxDCpuProtLocMonPlcrMbs." DEFVAL { -1 } ::= { tmnxDCpuProtLocMonPlcrEntry 9 } tmnxDCpuProtLocMonPlcrExcdActn OBJECT-TYPE SYNTAX TmnxDistCpuProtAction MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtLocMonPlcrExcdActn specifies the exceed-action performed on the incoming packets. When the value of tmnxDCpuProtLocMonPlcrExcdActn is set to discard, all packets that are non-conformant are discarded and when it is set to low-priority, all packets that are non-conformant are marked as low-priority." DEFVAL { none } ::= { tmnxDCpuProtLocMonPlcrEntry 10 } tmnxDCpuProtLocMonPlcrRateType OBJECT-TYPE SYNTAX TmnxDistCpuProtRateType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtLocMonPlcrRateType specifies the rate type applied for local-monitoring-policer specified by tmnxDCpuProtLocMonPlcrName. When the value of tmnxDCpuProtLocMonPlcrRateType is 'packets', the values of tmnxDCpuProtLocMonPlcrKbps and tmnxDCpuProtLocMonPlcrMbs are set to default values. When the value of tmnxDCpuProtLocMonPlcrRateType is 'kbps', the values of tmnxDCpuProtLocMonPlcrPackets, tmnxDCpuProtLocMonPlcrWithin and tmnxDCpuProtLocMonPlcrInitDelay are set to default values." DEFVAL { packets } ::= { tmnxDCpuProtLocMonPlcrEntry 11 } tmnxDCpuProtLocMonPlcrLogEvent OBJECT-TYPE SYNTAX TmnxDistCpuProtLogEventType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtLocMonPlcrLogEvent controls the creation of log events related to local-monitoring policer status and activity." DEFVAL { enable } ::= { tmnxDCpuProtLocMonPlcrEntry 12 } tmnxDCpuProtProtocolTblLstChg OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxDCpuProtProtocolTblLstChg indicates the timestamp of the last change to the tmnxDCpuProtProtocolTable. A value of 0 indicates that no changes were made to this table since the system was last initialized." ::= { tmnxCpmSecurityObjs 51 } tmnxDCpuProtProtocolTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxDCpuProtProtocolEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxDCpuProtProtocolTable has an entry for each Distributed CPU Protection Policy configured in the system." ::= { tmnxCpmSecurityObjs 52 } tmnxDCpuProtProtocolEntry OBJECT-TYPE SYNTAX TmnxDCpuProtProtocolEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row entry represents the configuration information related to type of Protocol Policer monitored by Distributed CPU Protection Policy." INDEX { tmnxDCpuProtPolicyName, tmnxDCpuProtProtocol } ::= { tmnxDCpuProtProtocolTable 1 } TmnxDCpuProtProtocolEntry ::= SEQUENCE { tmnxDCpuProtProtocol TmnxDistCpuProtProtocolId, tmnxDCpuProtProtocolRowStatus RowStatus, tmnxDCpuProtProtocolLastMdfy TimeStamp, tmnxDCpuProtProtocolEnforce TmnxDistCpuProtEnforceType, tmnxDCpuProtProtocolEnfrcePolNme TNamedItem, tmnxDCpuProtProtocolDynPackets TmnxDistCpuProtPacketRateLimit, tmnxDCpuProtProtocolDynWithin Unsigned32, tmnxDCpuProtProtocolDynInitDly Unsigned32, tmnxDCpuProtProtocolDynKbps TmnxDistCpuProtRate, tmnxDCpuProtProtocolDynMbs TmnxDistCpuProtBurstSize, tmnxDCpuProtProtocolDynDectnTime Unsigned32, tmnxDCpuProtProtocolDynExdActn TmnxDistCpuProtAction, tmnxDCpuProtProtocolDynExdHold TmnxDistCpuProtActionDuration, tmnxDCpuProtProtocolDynRateType TmnxDistCpuProtRateType, tmnxDCpuProtProtocolDynLogEvent TmnxDistCpuProtLogEventType } tmnxDCpuProtProtocol OBJECT-TYPE SYNTAX TmnxDistCpuProtProtocolId MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxDCpuProtProtocol specifies the protocol name to be monitored by Distributed CPU Protection Policy." ::= { tmnxDCpuProtProtocolEntry 1 } tmnxDCpuProtProtocolRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The tmnxDCpuProtProtocolRowStatus object is used to create and delete rows in the tmnxDCpuProtProtocolTable." ::= { tmnxDCpuProtProtocolEntry 2 } tmnxDCpuProtProtocolLastMdfy OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxDCpuProtProtocolLastMdfy object indicates the timestamp of the last change to this row. A value of zero indicates that this row was not modified since the system was last initialized." ::= { tmnxDCpuProtProtocolEntry 3 } tmnxDCpuProtProtocolEnforce OBJECT-TYPE SYNTAX TmnxDistCpuProtEnforceType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtProtocolEnforce specifies the type of enforcement policer used." DEFVAL { dynamic } ::= { tmnxDCpuProtProtocolEntry 4 } tmnxDCpuProtProtocolEnfrcePolNme OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtProtocolEnfrcePolNme specifies the enforcement policer name." DEFVAL { "local-mon-bypass" } ::= { tmnxDCpuProtProtocolEntry 5 } tmnxDCpuProtProtocolDynPackets OBJECT-TYPE SYNTAX TmnxDistCpuProtPacketRateLimit UNITS "packets per interval" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtProtocolDynPackets specifies the overall packet arrival rate limit to be applied to all sources of packets. A default value of -1, specifies an unrestricted packet arrival rate." DEFVAL { -1 } ::= { tmnxDCpuProtProtocolEntry 6 } tmnxDCpuProtProtocolDynWithin OBJECT-TYPE SYNTAX Unsigned32 (1..32767) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtProtocolDynWithin specifies packets rate limiting time base." DEFVAL { 1 } ::= { tmnxDCpuProtProtocolEntry 7 } tmnxDCpuProtProtocolDynInitDly OBJECT-TYPE SYNTAX Unsigned32 (0..255) UNITS "packets" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtProtocolDynInitDly specifies the number of packets allowed in an initial burst or burst after the policer bucket has drained to zero." DEFVAL { 0 } ::= { tmnxDCpuProtProtocolEntry 8 } tmnxDCpuProtProtocolDynKbps OBJECT-TYPE SYNTAX TmnxDistCpuProtRate UNITS "kilobps" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtProtocolDynKbps specifies the limiting rate. When tmnxDCpuProtProtocolDynKbps is used, bucket limit in the policer is initialized to value specified by tmnxDCpuProtProtocolDynMbs." DEFVAL { -1 } ::= { tmnxDCpuProtProtocolEntry 9 } tmnxDCpuProtProtocolDynMbs OBJECT-TYPE SYNTAX TmnxDistCpuProtBurstSize UNITS "bytes" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtProtocolDynMbs specifies buffer space assigned. When tmnxDCpuProtProtocolDynKbps is used, bucket limit in the policer is initialized to value specified by tmnxDCpuProtProtocolDynMbs." DEFVAL { -1 } ::= { tmnxDCpuProtProtocolEntry 10 } tmnxDCpuProtProtocolDynDectnTime OBJECT-TYPE SYNTAX Unsigned32 (1..128000) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtProtocolDynDectnTime specifies contiguous conformant period of min-enforce-time when dynamic enforcing policer is instantiated." DEFVAL { 30 } ::= { tmnxDCpuProtProtocolEntry 11 } tmnxDCpuProtProtocolDynExdActn OBJECT-TYPE SYNTAX TmnxDistCpuProtAction MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtProtocolDynExdActn specifies the action performed on the incoming packets. When the value of tmnxDCpuProtProtocolDynExdActn is set to discard, all packets that are non-conformant are discarded and when it is set to low-priority, all packets that are non-conformant are marked as low-priority." DEFVAL { none } ::= { tmnxDCpuProtProtocolEntry 12 } tmnxDCpuProtProtocolDynExdHold OBJECT-TYPE SYNTAX TmnxDistCpuProtActionDuration UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtProtocolDynExdHold specifies the hold-down behavior. When an enforcement policer has marked or discarded one or more packets and tmnxDCpuProtProtocolDynExdHold has been specified for the exceed-action, then the policer will be set into a mark-all or drop-all mode that causes the policer state to be updated as normal and also causes all packets to be marked as low-priority or discard regardless of the results of the policing decisions/actions/state." DEFVAL { 0 } ::= { tmnxDCpuProtProtocolEntry 13 } tmnxDCpuProtProtocolDynRateType OBJECT-TYPE SYNTAX TmnxDistCpuProtRateType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtProtocolDynRateType specifies the rate type applied for the protocol specified by tmnxDCpuProtProtocol. When the value of tmnxDCpuProtProtocolDynRateType is 'packets', the values of tmnxDCpuProtProtocolDynKbps and tmnxDCpuProtProtocolDynMbs are set to default values. When the value of tmnxDCpuProtProtocolDynRateType is 'kbps', the values of tmnxDCpuProtProtocolDynPackets, tmnxDCpuProtProtocolDynWithin and tmnxDCpuProtProtocolDynInitDly are set to default values." DEFVAL { packets } ::= { tmnxDCpuProtProtocolEntry 14 } tmnxDCpuProtProtocolDynLogEvent OBJECT-TYPE SYNTAX TmnxDistCpuProtLogEventType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxDCpuProtProtocolDynLogEvent controls the creation of log events related to dynamic enforcement policer status and activity." DEFVAL { enable } ::= { tmnxDCpuProtProtocolEntry 15 } tmnxCpmProtBlockPIMTunneled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxCpmProtBlockPIMTunneled specifies whether to block extraction and processing of arriving PIM packets inside a tunnel on a network interface. When the value of this object is set to 'false (2)', tunneling of PIM packet will be allowed even if PIM is not configured. When the value of this object is set to 'true (1)', tunneling of PIM packets is blocked on an interface where the protocol is not configured. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." DEFVAL { false } ::= { tmnxCpmSecurityObjs 53 } tmnxCpmProtPortRateActionLowPrio OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxCpmProtPortRateActionLowPrio specifies whether to mark packets as low-priority when port-overall-rate-limit specified by tmnxCpmProtPortOverallRateLimit is exceeded. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." DEFVAL { false } ::= { tmnxCpmSecurityObjs 54 } tmnxCpmProtIPSrcMonDhcp OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxCpmProtIPSrcMonDhcp specifies whether DHCP protocol should be included for monitoring of source IP. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." DEFVAL { true } ::= { tmnxCpmSecurityObjs 55 } tmnxCpmProtIPSrcMonGtp OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxCpmProtIPSrcMonGtp specifies whether GTP protocol should be included for monitoring of source IP. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." DEFVAL { false } ::= { tmnxCpmSecurityObjs 56 } tmnxCpmProtIPSrcMonIcmp OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxCpmProtIPSrcMonIcmp specifies whether ICMP protocol should be included for monitoring of source IP. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." DEFVAL { false } ::= { tmnxCpmSecurityObjs 57 } tmnxCpmProtIPSrcMonIgmp OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxCpmProtIPSrcMonIgmp specifies whether IGMP protocol should be included for monitoring of source IP. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." DEFVAL { false } ::= { tmnxCpmSecurityObjs 58 } tCpmProtOutProfViolIfTable OBJECT-TYPE SYNTAX SEQUENCE OF TCpmProtOutProfViolIfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tCpmProtOutProfViolIfTable has an entry for each router interface where the cpu protection policy's out-of-profile rate limit was violated. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." ::= { tmnxCpmSecurityObjs 61 } tCpmProtOutProfViolIfEntry OBJECT-TYPE SYNTAX TCpmProtOutProfViolIfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row entry represents the information related to a router interface where the cpu protection policy's out-of-profile rate limit was violated. Rows are created or removed automatically by the system." INDEX { vRtrID, vRtrIfIndex } ::= { tCpmProtOutProfViolIfTable 1 } TCpmProtOutProfViolIfEntry ::= SEQUENCE { tCpmProtOutProfViolIfPeriods Gauge32, tCpmProtOutProfViolIfTimeStart TimeStamp, tCpmProtOutProfViolIfTime TimeStamp } tCpmProtOutProfViolIfPeriods OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmProtOutProfViolIfPeriods indicates the number of times the out-of-profile rate limit violation was detected at this router interface. The out-of-profile rate limit is indicated by the object tmnxCpmProtPolOutProfileRate." ::= { tCpmProtOutProfViolIfEntry 1 } tCpmProtOutProfViolIfTimeStart OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmProtOutProfViolIfTimeStart indicates the sysUpTime at the time of the creation of this entry." ::= { tCpmProtOutProfViolIfEntry 2 } tCpmProtOutProfViolIfTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmProtOutProfViolIfTime indicates the sysUpTime at the time of the last modification of this entry." ::= { tCpmProtOutProfViolIfEntry 3 } tCpmProtOutProfViolSapTable OBJECT-TYPE SYNTAX SEQUENCE OF TCpmProtOutProfViolSapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tCpmProtOutProfViolSapTable has an entry for each SAP where the cpu protection policy's out-of-profile rate limit was violated. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." ::= { tmnxCpmSecurityObjs 62 } tCpmProtOutProfViolSapEntry OBJECT-TYPE SYNTAX TCpmProtOutProfViolSapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row entry represents the information related to a SAP where the cpu protection policy's out-of-profile rate limit was violated. Rows are created or removed automatically by the system." INDEX { svcId, sapPortId, sapEncapValue } ::= { tCpmProtOutProfViolSapTable 1 } TCpmProtOutProfViolSapEntry ::= SEQUENCE { tCpmProtOutProfViolSapPeriods Gauge32, tCpmProtOutProfViolSapTimeStart TimeStamp, tCpmProtOutProfViolSapTime TimeStamp } tCpmProtOutProfViolSapPeriods OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmProtOutProfViolSapPeriods indicates the number of times the out-of-profile rate limit violation was detected at this SAP. The out-of-profile rate limit is indicated by the object tmnxCpmProtPolOutProfileRate." ::= { tCpmProtOutProfViolSapEntry 1 } tCpmProtOutProfViolSapTimeStart OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmProtOutProfViolSapTimeStart indicates the sysUpTime at the time of the creation of this entry." ::= { tCpmProtOutProfViolSapEntry 2 } tCpmProtOutProfViolSapTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmProtOutProfViolSapTime indicates the sysUpTime at the time of the last update of this entry." ::= { tCpmProtOutProfViolSapEntry 3 } tCpmProtOutProfViolSdpBindTable OBJECT-TYPE SYNTAX SEQUENCE OF TCpmProtOutProfViolSdpBindEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tCpmProtOutProfViolSdpBindTable has an entry for each SDP binding where the cpu protection policy's out-of-profile rate limit was violated. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." ::= { tmnxCpmSecurityObjs 63 } tCpmProtOutProfViolSdpBindEntry OBJECT-TYPE SYNTAX TCpmProtOutProfViolSdpBindEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row entry represents the information related to a SDP binding where the cpu protection policy's out-of-profile rate limit was violated. Rows are created or removed automatically by the system." INDEX { svcId, sdpBindId } ::= { tCpmProtOutProfViolSdpBindTable 1 } TCpmProtOutProfViolSdpBindEntry ::= SEQUENCE { tCpmProtOutProfViolSdpBindPeriod Gauge32, tCpmProtOutProfViolSdpBindTmeStr TimeStamp, tCpmProtOutProfViolSdpBindTime TimeStamp } tCpmProtOutProfViolSdpBindPeriod OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmProtOutProfViolSdpBindPeriod indicates the number of times the out-of-profile rate limit violation was detected at this SDP binding. The out-of-profile rate limit is indicated by the object tmnxCpmProtPolOutProfileRate." ::= { tCpmProtOutProfViolSdpBindEntry 1 } tCpmProtOutProfViolSdpBindTmeStr OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmProtOutProfViolSdpBindTmeStr indicates the sysUpTime at the time of the creation of this entry." ::= { tCpmProtOutProfViolSdpBindEntry 2 } tCpmProtOutProfViolSdpBindTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tCpmProtOutProfViolSdpBindTime indicates the sysUpTime at the time of the last update of this entry." ::= { tCpmProtOutProfViolSdpBindEntry 3 } tmnxCpmProtExcdSdpBindIpTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxCpmProtExcdSdpBindIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxCpmProtExcdSdpBindIpTable has a row for each service-id, sdp and source IP address that has exceeded the per-source rate limit configured for the pair. IP layer per-source rate limiting is enabled for a pair by setting TIMETRA-SDP-MIB::sdpBindCpmProtMonitorIP to 'true'." ::= { tmnxCpmSecurityObjs 64 } tmnxCpmProtExcdSdpBindIpEntry OBJECT-TYPE SYNTAX TmnxCpmProtExcdSdpBindIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row contains statistics for an IP packet stream that has exceeded its per-source rate limit. A row is created by the system the first time a service-id, sdp and source IP address exceeds its per-source rate limit. The row is updated by the system on subsequent violations. Rows are deleted when a clear operation is requested on the underlying statistics." INDEX { svcId, sdpBindId, tmnxCpmProtExcdSdpBindIpAddrType, tmnxCpmProtExcdSdpBindIpAddr } ::= { tmnxCpmProtExcdSdpBindIpTable 1 } TmnxCpmProtExcdSdpBindIpEntry ::= SEQUENCE { tmnxCpmProtExcdSdpBindIpAddrType InetAddressType, tmnxCpmProtExcdSdpBindIpAddr InetAddress, tmnxCpmProtExcdSdpBindIpPeriods Counter32, tmnxCpmProtExcdSdpBindIpStarted TimeStamp, tmnxCpmProtExcdSdpBindIpTime TimeStamp } tmnxCpmProtExcdSdpBindIpAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSdpBindIpAddrType indicates the address type of tmnxCpmProtExcdSdpBindIpAddr. 'ipv4(1)' is the only supported value." ::= { tmnxCpmProtExcdSdpBindIpEntry 1 } tmnxCpmProtExcdSdpBindIpAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (4|16)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSdpBindIpAddr indicates the IP address of a source which has exceeded its per-source rate limit." ::= { tmnxCpmProtExcdSdpBindIpEntry 2 } tmnxCpmProtExcdSdpBindIpPeriods OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSdpBindIpPeriods indicates the number of times a per-source rate limit violation was detected for this source. The sampling interval length is indicated by the object tmnxCpmProtDetectPeriod." ::= { tmnxCpmProtExcdSdpBindIpEntry 3 } tmnxCpmProtExcdSdpBindIpStarted OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSdpBindIpStarted indicates the sysUpTime at the time of the creation of this row." ::= { tmnxCpmProtExcdSdpBindIpEntry 4 } tmnxCpmProtExcdSdpBindIpTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxCpmProtExcdSdpBindIpTime indicates the sysUpTime at the time of the last update of this row." ::= { tmnxCpmProtExcdSdpBindIpEntry 5 } tmnxPasswordHashObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 10 } tmnxPassHashReadVersion OBJECT-TYPE SYNTAX TmnxPassHashReadType MAX-ACCESS read-write STATUS current DESCRIPTION "tmnxPassHashReadVersion specifies the hash algorithm accepted by the system while executing commands." DEFVAL { all-hash } ::= { tmnxPasswordHashObjs 1 } tmnxPassHashWriteVersion OBJECT-TYPE SYNTAX TmnxPassHashWriteType MAX-ACCESS read-write STATUS current DESCRIPTION "tmnxPassHashWriteVersion specifies the hash version to be used while saving the configuration files." DEFVAL { hash2 } ::= { tmnxPasswordHashObjs 2 } tmnxPassHashWriteVersionMdCli OBJECT-TYPE SYNTAX TmnxPassHashWriteType MAX-ACCESS read-write STATUS current DESCRIPTION "tmnxPassHashWriteVersionMdCli specifies the hash version to be used while saving the configuration files in Md-Cli." DEFVAL { hash2 } ::= { tmnxPasswordHashObjs 3 } tmnxPassHashWriteVersionNetconf OBJECT-TYPE SYNTAX TmnxPassHashWriteType MAX-ACCESS read-write STATUS current DESCRIPTION "tmnxPassHashWriteVersionNetconf specifies the hash version to be used while saving the configuration files in Netconf." DEFVAL { hash2 } ::= { tmnxPasswordHashObjs 4 } tmnxPassHashWriteVersionGrpc OBJECT-TYPE SYNTAX TmnxPassHashWriteType MAX-ACCESS read-write STATUS current DESCRIPTION "tmnxPassHashWriteVersionGrpc specifies the hash version to be used while saving the configuration files in Grpc." DEFVAL { hash2 } ::= { tmnxPasswordHashObjs 5 } tmnxSSHServerObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 11 } tmnxSSHServerPreserveKey OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "tmnxSSHServerPreserveKey specifies the persistence of the SSH server host key. A value of 'true' specifies that the host key will be saved by the server and restored following a system reboot. The SSH client also saves the host key and restores it following a system reboot. A value of 'false' specifies that the host key will be held in memory by both the SSH server and the SSH client and is not restored following a system reboot." DEFVAL { false } ::= { tmnxSSHServerObjs 1 } tmnxSSHServerVersion OBJECT-TYPE SYNTAX INTEGER { version1 (1), version2 (2), both (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "tmnxSSHServerVersion specifies the SSH protocol version that will be by supported by the SSH server. A value of tmnxSSHServerVersion 'version1' specifies that the SSH server will only accept connections from clients that support SSH protocol version 1. A value of 'both' specifies that the SSH server will accept connections from clients supporting either SSH protocol version 1, or SSH protocol version 2 or both." DEFVAL { version2 } ::= { tmnxSSHServerObjs 2 } tmnxSourceIPTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxSourceIPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxSourceIPEntry has an entry for the source IP to be used by the specified protocol." ::= { tmnxSecurityObjects 12 } tmnxSourceIPEntry OBJECT-TYPE SYNTAX TmnxSourceIPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "tmnxSourceIPEntry is an entry (conceptual row) in the tmnxSourceIPTable. Each entry represents the source IP address to be used by the specified application for a particular Virtual Router instance. Entries in this table can be created and deleted via SNMP SET operations to tmnxSourceIPRowStatus." INDEX { vRtrID, tmnxSourceIPProtoApp } ::= { tmnxSourceIPTable 1 } TmnxSourceIPEntry ::= SEQUENCE { tmnxSourceIPProtoApp INTEGER, tmnxSourceIPRowStatus RowStatus, tmnxSourceIPAddressType InetAddressType, tmnxSourceIPAddress InetAddress, tmnxSourceIPIfIndex InterfaceIndexOrZero, tmnxSourceIPOperStatus INTEGER } tmnxSourceIPProtoApp OBJECT-TYPE SYNTAX INTEGER { telnet (1), ftp (2), ssh (3), radius (4), tacplus (5), snmpTrap (6), syslog (7), icmpPing (8), traceRoute (9), dns (10), sntp (11), ntp (12), cflowd (13), telnet6 (14), ftp6 (15), radius6 (16), tacplus6 (17), snmpTrap6 (18), syslog6 (19), icmpPing6 (20), traceRoute6 (21), dns6 (22), ptp (23), mcreporter (24), cflowd6 (25), ntp6 (26), sFlow (27), sFlow6 (28), icmpError (29), icmpError6 (30), ldap (31), ldap6 (32), reserved33 (33) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxSourceIPProtoApp specifies the application which should use the source IP address specified by the value of tmnxSourceIPAddress. tmnxSourceIPAddressType must be 'ipv6 (2)' when setting the value of this object to 'telnet6 (14)', 'ftp6 (15)', 'radius6 (16)', 'tacplus6 (17)', 'snmpTrap6 (18)', 'syslog6 (19)', 'icmpPing6 (20)', 'traceRoute6 (21)', 'dns6 (22)', 'cflowd6 (25)', 'ntp6 (26)', 'sFlow6 (28)', 'icmpError6 (30)', 'ldap6 (32)' ." ::= { tmnxSourceIPEntry 2 } tmnxSourceIPRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxSourceIPRowStatus is used to create or destroy entries in this table. A row entry for a particular vRtrID with tmnxSourceIPProtoApp set to any value can be created only if the value of tmnxSourceIPAddress or tmnxSourceIPIfIndex is specified." ::= { tmnxSourceIPEntry 3 } tmnxSourceIPAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxSourceIPAddressType specifies the address type of tmnxSourceIPAddress address. The value of tmnxSourceIPAddressType can be either of InetAddressType - 'ipv4' or InetAddressType - 'ipv6'." DEFVAL { unknown } ::= { tmnxSourceIPEntry 4 } tmnxSourceIPAddress OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxSourceIPAddress specifies the source address that should be used in all unsolicited packets sent by the application specified by the value of tmnxSourceIPProtoApp. For the value specified by tmnxSourceIPProtoApp, either of tmnxSourceIPAddress or tmnxSourceIPIfIndex can be specified, but not both." DEFVAL { ''H } ::= { tmnxSourceIPEntry 5 } tmnxSourceIPIfIndex OBJECT-TYPE SYNTAX InterfaceIndexOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "tmnxSourceIPIfIndex specifies the interface index whose IP address should be used in all unsolicited packets sent by the application specified by the value of tmnxSourceIPProtoApp. For the value specified by tmnxSourceIPProtoApp, either of tmnxSourceIPAddress or tmnxSourceIPIfIndex can be specified, but not both." DEFVAL { 0 } ::= { tmnxSourceIPEntry 6 } tmnxSourceIPOperStatus OBJECT-TYPE SYNTAX INTEGER { up (1), down (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxSourceIPOperStatus indicates the state of tmnxSourceIPEntry. A value of 'up' indicates that the IP address specified by tmnxSourceIPAddress will be used for all unsolicited packets sent by the application specified by the value of tmnxSourceIPProtoApp." DEFVAL { down } ::= { tmnxSourceIPEntry 7 } tmnxUserTemplateTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxUserTemplateEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "tmnxUserTemplateTable contains configuration information for the template of a system user." ::= { tmnxSecurityObjects 13 } tmnxUserTemplateEntry OBJECT-TYPE SYNTAX TmnxUserTemplateEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "tmnxUserTemplateEntry is an entry (conceptual row) in the tmnxUserTemplateTable. Each entry represents the configuration for the template of a system user. Entries in this table cannot be created or deleted." INDEX { IMPLIED tmnxTemplateName } ::= { tmnxUserTemplateTable 1 } TmnxUserTemplateEntry ::= SEQUENCE { tmnxTemplateName TNamedItem, tmnxTemplateAccess BITS, tmnxTemplateHomeDirectory DisplayString, tmnxTemplateRestrictedToHome TruthValue, tmnxTemplateConsoleLoginExecFile DisplayString, tmnxTemplateProfile TNamedItem } tmnxTemplateName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxTemplateName specifies the name of the template from which a system user can be derived. This name must be unique amongst the table entries." ::= { tmnxUserTemplateEntry 1 } tmnxTemplateAccess OBJECT-TYPE SYNTAX BITS { console (0), ftp (1), grpc (2), li (3), netconf (4) } MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxTemplateAccess specifies the type of access permitted to the user derived from this template. To allow this user access to the console or FTP, set the corresponding bit in tmnxTemplateAccess. Reset the bit to deny the access." DEFVAL { { console } } ::= { tmnxUserTemplateEntry 2 } tmnxTemplateHomeDirectory OBJECT-TYPE SYNTAX DisplayString (SIZE (0..200)) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxTemplateHomeDirectory specifies the local home directory on FTP and console access of the user derived from this template." DEFVAL { ''H } ::= { tmnxUserTemplateEntry 3 } tmnxTemplateRestrictedToHome OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "When the value of tmnxTemplateRestrictedToHome is 'true', the user derived from this template is not allowed to navigate to directories above his home directory for file access. When the value of tmnxTemplateRestrictedToHome is 'false', the access is allowed to directories above the home directory." DEFVAL { false } ::= { tmnxUserTemplateEntry 4 } tmnxTemplateConsoleLoginExecFile OBJECT-TYPE SYNTAX DisplayString (SIZE (0..200)) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxTemplateConsoleLoginExecFile specifies the file that should be executed whenever the user derived from this template has successfully logged in to a console session." DEFVAL { ''H } ::= { tmnxUserTemplateEntry 5 } tmnxTemplateProfile OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxTemplateProfile specifies the user profile entry from the tmnxUserProfileTable that will be applied to the user derived from this template. For users authenticated by TACACS+, the profile specified by tmnxTemplateProfile will only apply if TACACS+ command authorization is disabled as specified by tmnxTacPlusAuthorization being set to 'false'." DEFVAL { "default" } ::= { tmnxUserTemplateEntry 6 } tmnxKeyChainTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxKeyChainEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxKeyChainEntry has an entry for a particular configured keychain used by the protocol session." ::= { tmnxSecurityObjects 14 } tmnxKeyChainEntry OBJECT-TYPE SYNTAX TmnxKeyChainEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "tmnxKeyChainEntry is an entry (conceptual row) in the tmnxKeyChainTable. Each entry represents the keychain configuration which will be applied to a protocol session. Entries in this table can be created and deleted via SNMP SET operations to tmnxKeyChainRowStatus." INDEX { tmnxKeyChainName } ::= { tmnxKeyChainTable 1 } TmnxKeyChainEntry ::= SEQUENCE { tmnxKeyChainName TNamedItem, tmnxKeyChainRowStatus RowStatus, tmnxKeyChainDescription TItemDescription, tmnxKeyChainSendTcpOptionNum TmnxKeyChainTcpOptionNum, tmnxKeyChainReceiveTcpOptionNum TmnxKeyChainTcpOptionNum, tmnxKeyChainAdminState TmnxAdminState, tmnxKeyChainOperState TmnxOperState, tmnxKeyChainExpired TruthValue } tmnxKeyChainName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxKeyChainName specifies a unique keychain name which identifies this particular keychain entry." ::= { tmnxKeyChainEntry 1 } tmnxKeyChainRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxKeyChainRowStatus is used to create or destroy entries in this table." ::= { tmnxKeyChainEntry 2 } tmnxKeyChainDescription OBJECT-TYPE SYNTAX TItemDescription MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxKeyChainDescription specifies the description of the key chain identified by the keychain name tmnxKeyChainName." DEFVAL { ''H } ::= { tmnxKeyChainEntry 3 } tmnxKeyChainSendTcpOptionNum OBJECT-TYPE SYNTAX TmnxKeyChainTcpOptionNum MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxKeyChainSendTcpOptionNum specifies the TCP option value to use in the TCP header of packets being sent by the router to another device. The value of tmnxKeyChainSendTcpOptionNum is valid only when tmnxKeyChainAuthenticationKey is used to sign and/or authenticate the TCP protocol stream." DEFVAL { value254 } ::= { tmnxKeyChainEntry 4 } tmnxKeyChainReceiveTcpOptionNum OBJECT-TYPE SYNTAX TmnxKeyChainTcpOptionNum MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxKeyChainReceiveTcpOptionNum specifies the TCP option value to check for in the TCP header of packets being received by the router. The value of tmnxKeyChainReceiveTcpOptionNum is valid only when tmnxKeyChainAuthenticationKey is used to sign and/or authenticate the TCP protocol stream." DEFVAL { value254 } ::= { tmnxKeyChainEntry 5 } tmnxKeyChainAdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxKeyChainAdminState specifies the desired administrative state of the keychain. If the value is 'outOfService' the keychain capabilities are disabled but the keychain configuration parameters are retained." DEFVAL { inService } ::= { tmnxKeyChainEntry 6 } tmnxKeyChainOperState OBJECT-TYPE SYNTAX TmnxOperState MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxKeyChainOperState indicates the operational state of the keychain. A value of 'inService' indicates that the key chain can be used to sign and/or authenticate protocol streams." ::= { tmnxKeyChainEntry 7 } tmnxKeyChainExpired OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxKeyChainExpired specifies whether this keychain is expired or not." DEFVAL { false } ::= { tmnxKeyChainEntry 8 } tmnxKeyChainKeyTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxKeyChainKeyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxKeyChainKeyEntry has an entry for a particular configured key that will be used in a particular keychain defined by tmnxKeyChainEntry in tmnxKeyChainTable." ::= { tmnxSecurityObjects 15 } tmnxKeyChainKeyEntry OBJECT-TYPE SYNTAX TmnxKeyChainKeyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "tmnxKeyChainKeyEntry is an entry (conceptual row) in the tmnxKeyChainKeyTable. Each entry represents the key configuration which will be applied to a keychain. Entries in this table can be created and deleted via SNMP SET operations to tmnxKeyChainKeyRowStatus." INDEX { tmnxKeyChainName, tmnxKeyChainKeyDirection, tmnxKeyChainKeyID } ::= { tmnxKeyChainKeyTable 1 } TmnxKeyChainKeyEntry ::= SEQUENCE { tmnxKeyChainKeyDirection TmnxKeyChainKeyDirection, tmnxKeyChainKeyID Unsigned32, tmnxKeyChainKeyRowStatus RowStatus, tmnxKeyChainAuthenticationKey OCTET STRING, tmnxKeyChainKeyAlgorithm TmnxKeyChainKeyAlgorithm, tmnxKeyChainKeyBeginTime DateAndTime, tmnxKeyChainKeyEndTime DateAndTime, tmnxKeyChainKeyTolerance Unsigned32, tmnxKeyChainKeyAdminState TmnxAdminState, tmnxKeyChainKeyOption TmnxKeyChainKeyOption } tmnxKeyChainKeyDirection OBJECT-TYPE SYNTAX TmnxKeyChainKeyDirection MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxKeyChainKeyDirection is used to specify the protocol-stream direction to encrypt. A value of 'send' specifies that this key entry will be used to sign protocol packets that are being sent by the router to another device. A value of 'receive' specifies this key entry will be used to authenticate protocol packets that are being received by the router. A value of 'send-receive' specifies that this key will be used to sign protocol packet that are being sent by the router to another device, as well as to authenticate protocol packets that are being received by the router." ::= { tmnxKeyChainKeyEntry 1 } tmnxKeyChainKeyID OBJECT-TYPE SYNTAX Unsigned32 (0..63 | 255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxKeyChainKeyID specifies a key id which is used along with tmnxKeyChainName and tmnxKeyChainKeyDirection to uniquely identify this particular key entry. A value of 255 identifies this as a 'null-key' entry which enables the transition from an unauthenticated session to an enhanced authentication session." ::= { tmnxKeyChainKeyEntry 2 } tmnxKeyChainKeyRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxKeyChainKeyRowStatus is used to create or destroy entries in this table. tmnxKeyChainAuthenticationKey and tmnxKeyChainKeyAlgorithm must be set in the same SNMP request PDU as tmnxKeyChainKeyRowStatus during row creation else the set request will fail with an inconsistentValue error." ::= { tmnxKeyChainKeyEntry 3 } tmnxKeyChainAuthenticationKey OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..20)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxKeyChainAuthenticationKey specifies the key that will be used by the encryption algorithm specified by tmnxKeyChainKeyAlgorithm. tmnxKeyChainAuthenticationKey is used to sign and authenticate a protocol packet. The value of tmnxKeyChainAuthenticationKey can be any combination of letters or numbers. tmnxKeyChainAuthenticationKey and tmnxKeyChainKeyAlgorithm, which indicates the encryption algorithm to be used, must be set together in the same SNMP request PDU or else the set request will fail with an inconsistentValue error. When read, tmnxKeyChainAuthenticationKey always returns an Octet string of length zero." ::= { tmnxKeyChainKeyEntry 4 } tmnxKeyChainKeyAlgorithm OBJECT-TYPE SYNTAX TmnxKeyChainKeyAlgorithm MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxKeyChainKeyAlgorithm specifies the algorithm that will be used to sign and/or authenticate the protocol stream. tmnxKeyChainAuthenticationKey and tmnxKeyChainKeyAlgorithm, which indicates the encryption algorithm to be used, must be set together in the same SNMP request PDU or else the set request will fail with an inconsistentValue error." ::= { tmnxKeyChainKeyEntry 5 } tmnxKeyChainKeyBeginTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxKeyChainKeyBeginTime specifies the calendar date and time after which the key specified by tmnxKeyChainAuthenticationKey will be used to sign and/or authenticate the protocol stream. If no date and time is set, tmnxKeyChainKeyBeginTime is represented by a DateAndTime string with all NULLs and the key is not valid by default." DEFVAL { '0000000000000000'H } ::= { tmnxKeyChainKeyEntry 6 } tmnxKeyChainKeyEndTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxKeyChainKeyEndTime specifies the calendar date and time after which the key specified by tmnxKeyChainAuthenticationKey is no longer eligible to sign and/or authenticate the protocol stream. tmnxKeyChainKeyEndTime is not applicable when tmnxKeyChainKeyDirection is set to 'send' or 'send-receive'. If no date and time is set, tmnxKeyChainKeyEndTime is represented by a DateAndTime string with all NULLs and the key is valid indefinitely." DEFVAL { '0000000000000000'H } ::= { tmnxKeyChainKeyEntry 7 } tmnxKeyChainKeyTolerance OBJECT-TYPE SYNTAX Unsigned32 (0..4294967295) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxKeyChainKeyTolerance specifies the number of seconds that a eligible receive key should overlap with the active send key. tmnxKeyChainKeyTolerance is valid only when tmnxKeyChainKeyDirection is set to 'send-receive' or 'receive'." DEFVAL { 300 } ::= { tmnxKeyChainKeyEntry 8 } tmnxKeyChainKeyAdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxKeyChainKeyAdminState specifies the desired administrative state of the particular key in the keychain. When the value is 'outOfService' the keychain capabilities are disabled but the particular key's configuration parameters are retained." DEFVAL { inService } ::= { tmnxKeyChainKeyEntry 9 } tmnxKeyChainKeyOption OBJECT-TYPE SYNTAX TmnxKeyChainKeyOption MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxKeyChainKeyOption specifies the description of the key chain identified by the keychain name tmnxKeyChainName." DEFVAL { none } ::= { tmnxKeyChainKeyEntry 10 } tmnxSecurityNotificationObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 16 } tmnxKeyChainAuthFailReason OBJECT-TYPE SYNTAX INTEGER { other (1), noEnhAuthOptionRecvd (2), invalidOptionLen (3), mismatchRecvOption (4), invalidKeyId (5), digestMismatch (6), mismatchAlgId (7), notConfigured (9), noTcpAuthOptionRecvd (10) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "tmnxKeyChainAuthFailReason is used by tmnxKeyChainAuthFailure to notify the reason for the keychain authentication failure." ::= { tmnxSecurityNotificationObjs 1 } tmnxKeyChainAuthAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxKeyChainAuthAddrType indicates the address type (ipv4 or ipv6) of the source address in the authentication packet." ::= { tmnxSecurityNotificationObjs 2 } tmnxKeyChainAuthAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxKeyChainAuthAddr indicates the source address in the authentication packet." ::= { tmnxSecurityNotificationObjs 3 } tmnxMD5AuthFailReason OBJECT-TYPE SYNTAX INTEGER { digestMismatch (1), noMD5OptionRcvd (2), invalidOptionLen (3), notConfigured (5) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "tmnxMD5AuthFailReason is used by tmnxMD5AuthFailure to notify the reason for the MD5 authentication failure." ::= { tmnxSecurityNotificationObjs 4 } tmnxMD5AuthAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxMD5AuthAddrType indicates the address type (ipv4 or ipv6) of the source address in the authentication packet." ::= { tmnxSecurityNotificationObjs 5 } tmnxMD5AuthAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxMD5AuthAddr indicates the source address in the authentication packet." ::= { tmnxSecurityNotificationObjs 6 } tmnxMD5AuthKey OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..255)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxMD5AuthKey indicates the MD5 key used for authentication." ::= { tmnxSecurityNotificationObjs 7 } tmnxCpmProtPolId OBJECT-TYPE SYNTAX TCpmProtPolicyID (1..255) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxCpmProtPolId indicates the policy index of the cpm protection policy." ::= { tmnxSecurityNotificationObjs 8 } tmnxSecNotifFailureReason OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxSecNotifFailureReason indicates the reason for the generation of the notification." ::= { tmnxSecurityNotificationObjs 9 } tmnxSecNotifFile OBJECT-TYPE SYNTAX DisplayString (SIZE (0..180)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxSecNotifFile indicates the file associated with the notification." ::= { tmnxSecurityNotificationObjs 10 } tmnxSecNotifTunnelName OBJECT-TYPE SYNTAX TXLNamedItemOrEmpty MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxSecNotifTunnelName indicates the name of tunnel associated with the notification." ::= { tmnxSecurityNotificationObjs 11 } tmnxSecNotifCert OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxSecNotifCert indicates the certificate name associated with the notification." ::= { tmnxSecurityNotificationObjs 12 } tmnxSecNotifOrigProtocol OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tmnxSecNotifOrigProtocol indicates the originating protocol that generated the notification." ::= { tmnxSecurityNotificationObjs 13 } tmnxPkiExpRemainingHours OBJECT-TYPE SYNTAX Unsigned32 UNITS "hours" MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tmnxPkiExpRemainingHours indicates the time (in hours) remaining for the certificate or CRL (certificate revocation list) to expire." ::= { tmnxSecurityNotificationObjs 14 } tmnxPkiExpRemainingMinutes OBJECT-TYPE SYNTAX Unsigned32 UNITS "minutes" MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tmnxPkiExpRemainingMinutes indicates the time (in minutes) remaining for the certificate or CRL (certificate revocation list) to expire." ::= { tmnxSecurityNotificationObjs 15 } tmnxPkiExpReason OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tmnxPkiExpReason indicates the reason why the expiration warning for a certificate or CRL (certificate revocation list) no longer applies." ::= { tmnxSecurityNotificationObjs 16 } tmnxSecNotifFileType OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tmnxSecNotifFileType indicates the file type (certificate or key) associated with the notification." ::= { tmnxSecurityNotificationObjs 17 } tmnxSecPwdHistLoadFailReason OBJECT-TYPE SYNTAX INTEGER { notFound (1), corrupted (2) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "tmnxSecPwdHistLoadFailReason is used by tmnxSecPwdHistoryFileLoadFailed to notify the reason for the failure to load the password history." ::= { tmnxSecurityNotificationObjs 18 } tmnxPkiCAProfileNameForNotify OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tmnxPkiCAProfileNameForNotify indicates the name of the Certificate-Authority profile." ::= { tmnxSecurityNotificationObjs 19 } tmnxSecNotifFileSize OBJECT-TYPE SYNTAX CounterBasedGauge64 UNITS "bytes" MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tmnxSecNotifFileSize indicates the size of the file to be written at the path specified in tmnxSecNotifFile." ::= { tmnxSecurityNotificationObjs 20 } tmnxSessionLimitExceededName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxSessionLimitExceededName indicates the name of the object of which the session limit has been exceeded." ::= { tmnxSecurityNotificationObjs 21 } tmnxSessionLimitExceededType OBJECT-TYPE SYNTAX INTEGER { sshSessionLimit (1), telnetSessionLimit (2), totalSessionLimit (3) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxSessionLimitExceededType indicates the type of the session limit that has been exceeded. sshSessionLimit (1): limit for number of concurrent SSH user access sessions telnetSessionLimit (2): limit for number of concurrent Telnet user access sessions totalSessionLimit (3): limit for number of all concurrent user access sessions" ::= { tmnxSecurityNotificationObjs 22 } tmnxSecNotifyUserName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxSecNotifyUserName indicates the name of a system user for a security notification." ::= { tmnxSecurityNotificationObjs 23 } tmnxSecNotifyAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxSecNotifyAddrType indicates the type of the IP address stored in the object tmnxSecNotifyAddr." ::= { tmnxSecurityNotificationObjs 24 } tmnxSecNotifyAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxSecNotifyAddr indicates an IP address for a security notification." ::= { tmnxSecurityNotificationObjs 25 } tmnxSecNotifClientAppName OBJECT-TYPE SYNTAX TXLNamedItemOrEmpty MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxSecNotifClientAppName indicates the name of the client application associated with the notification." ::= { tmnxSecurityNotificationObjs 26 } tmnxSecNotifyUrl OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tmnxSecNotifyUrl indicates the user given URL associated with the notification." ::= { tmnxSecurityNotificationObjs 27 } tmnxSecNotifyCurve OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tmnxSecNotifyCurve indicates the user given curve name associated with the notification." ::= { tmnxSecurityNotificationObjs 28 } tmnxSecNotifyKeySize OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tmnxSecNotifyKeySize indicates the user given key size associated with the notification." ::= { tmnxSecurityNotificationObjs 29 } tmnxSecNotifyKeyType OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tmnxSecNotifyKeyType indicates the user given key type associated with the notification." ::= { tmnxSecurityNotificationObjs 30 } tmnxSecNotifyImportExportType OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tmnxSecNotifyImportExportType indicates the user given type for importing or exporting associated with the notification." ::= { tmnxSecurityNotificationObjs 31 } tmnxSecNotifyImportExportFormat OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tmnxSecNotifyImportExportFormat indicates the user given format for importing or exporting associated with the notification." ::= { tmnxSecurityNotificationObjs 32 } tmnxSecNotifyCertificateProtocol OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tmnxSecNotifyCertificateProtocol indicates the user given certificate protocol associated with the notification." ::= { tmnxSecurityNotificationObjs 33 } tmnxSecNotifyNewUrl OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tmnxSecNotifyNewUrl indicates the new user given URL associated with the notification." ::= { tmnxSecurityNotificationObjs 34 } tmnxSecEventOutcome OBJECT-TYPE SYNTAX INTEGER { success (1), fail (2) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tmnxSecEventOutcome indicates the outcome of the event that triggered this notification." ::= { tmnxSecurityNotificationObjs 35 } tmnxSecNotifyDestUrl OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tmnxSecNotifyDestUrl indicates the destination directory to save the unzipped content." ::= { tmnxSecurityNotificationObjs 36 } tmnxSecNotifFileUnzipResult OBJECT-TYPE SYNTAX INTEGER { success (0), partialSuccess (1), sourceNotFound (2), sourceNotSupported (3), destNotFound (4), destFull (5), fileTooBig (6), otherFailure (7) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tmnxSecNotifFileUnzipResult indicates the result of the file unzip operation. success (0) - unzip is successful. partialSuccess (1) - unzip is partially successful, skipped some files. sourceNotFound (2) - failed - cannot find the ZIP file. sourceNotSupported (3) - failed - ZIP file is not supported. destNotFound (4) - failed - cannot find the destination URL. destFull (5) - failed - destination storage is full. fileTooBig (6) - failed - file size exceeds limit. otherFailure (7) - failed - another reason." ::= { tmnxSecurityNotificationObjs 37 } tmnxSecNotifNewPasswordHashing OBJECT-TYPE SYNTAX TmnxPassHashType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tmnxSecNotifNewPasswordHashing indicates the new value of password hashing algorithm." ::= { tmnxSecurityNotificationObjs 38 } tmnxSecNotifOldPasswordHashing OBJECT-TYPE SYNTAX TmnxPassHashType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tmnxSecNotifOldPasswordHashing indicates the old value of password hashing algorithm." ::= { tmnxSecurityNotificationObjs 39 } tmnxSecNotifyLocalUserName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxSecNotifyLocalUserName indicates the user name of the local user for which the password has been changed." ::= { tmnxSecurityNotificationObjs 40 } tmnxSecNotifyAdminUserName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the object tmnxSecNotifyAdminUserName indicates the user name of the user, which is changing the password for a local user." ::= { tmnxSecurityNotificationObjs 41 } tmnxSecurityCpmProtNotificationObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 17 } tmnxCpmProtViolMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tmnxCpmProtViolMacAddress indicates the MAC address of the source. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." ::= { tmnxSecurityCpmProtNotificationObjs 1 } tmnxCpmProtViolMacPeriods OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tmnxCpmProtViolMacPeriods indicates the number of times the per-source rate limit violation was detected for this source. The sampling interval length is indicated by the object tmnxCpmProtDetectPeriod. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." ::= { tmnxSecurityCpmProtNotificationObjs 2 } tmnxCpmProtViolExcdPktHexDump OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..64)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tmnxCpmProtViolExcdPktHexDump contains at most the first 64 bytes (octets) of the first packet that was detected as exceeding the configured rate. This object is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." ::= { tmnxSecurityCpmProtNotificationObjs 3 } tmnxPkiSecurityObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 18 } tmnxPkiMaxCertChainDepth OBJECT-TYPE SYNTAX Unsigned32 (1..7) MAX-ACCESS read-create STATUS current DESCRIPTION "The tmnxPkiMaxCertChainDepth specifies maximum depth of certificate chain verification." DEFVAL { 7 } ::= { tmnxPkiSecurityObjs 1 } tmnxPkiCAProfileTableLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "This value of the object tmnxPkiCAProfileTableLastChanged indicates the timestamp of the last change to the tmnxPkiCAProfileTable. A value of zero indicates that no changes were made to this table since the system was last initialized." ::= { tmnxPkiSecurityObjs 2 } tmnxPkiCAProfileTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxPkiCAProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxPkiCAProfileTable is the Certificate-Authority profile table. Entries are created and deleted by the user." ::= { tmnxPkiSecurityObjs 3 } tmnxPkiCAProfileEntry OBJECT-TYPE SYNTAX TmnxPkiCAProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single Certificate-Authority profile." INDEX { tmnxPkiCAProfile } ::= { tmnxPkiCAProfileTable 1 } TmnxPkiCAProfileEntry ::= SEQUENCE { tmnxPkiCAProfile TNamedItem, tmnxPkiCAProfileRowStatus RowStatus, tmnxPkiCAProfileLastChanged TimeStamp, tmnxPkiCAProfileDescr TItemDescription, tmnxPkiCAProfileCRLFile DisplayString, tmnxPkiCAProfileCertFile DisplayString, tmnxPkiCAProfileAdminState TmnxAdminState, tmnxPkiCAProfileOperState TmnxOperState, tmnxPkiCAProfileOperFlags BITS, tmnxPkiCAProfOcspRespUrl DisplayString, tmnxPkiCAProfOcspSvcID TmnxServId, tmnxPkiCAProfOcspVerifyCertFile DisplayString, tmnxPkiCAProfOcspVerifyCertCA TruthValue, tmnxPkiCAProfOcspVerifyCertOvr TruthValue, tmnxPkiCAProfCmpHttpTimeout Unsigned32, tmnxPkiCAProfCmpUrl DisplayString, tmnxPkiCAProfCmpSvcID TmnxServId, tmnxPkiCAProfCmpRespSignCert DisplayString, tmnxPkiCAProfCmpAccUnprotErr TruthValue, tmnxPkiCAProfCmpAccUnprotPki TruthValue, tmnxPkiCAProfCmpSameRecipNonce TruthValue, tmnxPkiCAProfCmpAlSetSndrForIr TruthValue, tmnxPkiCAProfCmpHttpVersion INTEGER, tmnxPkiCAProfRevokeChk INTEGER, tmnxPkiCAProfCmpSvcName TLNamedItemOrEmpty, tmnxPkiCAProfOcspSvcName TLNamedItemOrEmpty, tmnxPkiCAProfOcspTransProf TNamedItemOrEmpty } tmnxPkiCAProfile OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxPkiCAProfile specifies the name of the Certificate-Authority profile." ::= { tmnxPkiCAProfileEntry 1 } tmnxPkiCAProfileRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The tmnxPkiCAProfileRowStatus specifies row status for the Certificate-Authority profile." ::= { tmnxPkiCAProfileEntry 2 } tmnxPkiCAProfileLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxPkiCAProfileLastChanged is the timestamp of last change to this row in tmnxPkiCAProfileTable." ::= { tmnxPkiCAProfileEntry 3 } tmnxPkiCAProfileDescr OBJECT-TYPE SYNTAX TItemDescription MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfileDescr specifies the description of the Certificate-Authority profile." DEFVAL { ''H } ::= { tmnxPkiCAProfileEntry 4 } tmnxPkiCAProfileCRLFile OBJECT-TYPE SYNTAX DisplayString (SIZE (0..180)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfileCRLFile specifies the name of the Certificate Revocation List (CRL) file." DEFVAL { ''H } ::= { tmnxPkiCAProfileEntry 5 } tmnxPkiCAProfileCertFile OBJECT-TYPE SYNTAX DisplayString (SIZE (0..180)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfileCertFile specifies the name of the Certificate file." DEFVAL { ''H } ::= { tmnxPkiCAProfileEntry 6 } tmnxPkiCAProfileAdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfileAdminState specifies the administrative state of this Certificate-Authority profile." DEFVAL { outOfService } ::= { tmnxPkiCAProfileEntry 7 } tmnxPkiCAProfileOperState OBJECT-TYPE SYNTAX TmnxOperState MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxPkiCAProfileOperState indicates the current operational status of this Certificate-Authority profile." ::= { tmnxPkiCAProfileEntry 8 } tmnxPkiCAProfileOperFlags OBJECT-TYPE SYNTAX BITS { adminDown (0), invalidCrl (1), invalidCert (2), invalidCmpv2SigningCert (3), expiredCrl (4), expiredCert (5), expiredCmpv2SigningCert (6), notYetValidCrl (7), notYetValidCert (8), notYetValidCmpv2SigningCert (9), loadingCrl (10), loadingCert (11), loadingCmpv2SigningCert (12) } MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxPkiCAProfileOperFlags indicates the reason that this Certificate-Authority profile is not in service. I.e., tmnxPkiCAProfileOperState has the value 'outOfService': adminDown - tmnxPkiCAProfileAdminState is 'outOfService (3)' invalidCrl - CRL file is invalid or could not be found invalidCert - Certificate file is invalid or could not be found invalidCmpv2SigningCert - CMPv2 Signing Cert file is invalid expiredCrl - CRL file is expired expiredCert - Certificate file is expired expiredCmpv2SigningCert - CMPv2 Signing Cert file is expired notYetValidCrl - CRL file is not yet valid notYetValidCert - Certificate file is not yet valid notYetValidCmpv2SigningCert - CMPv2 Signing Certificate file is not yet valid loadingCrl - CRL file is loading now loadingCert - Certificate file is loading now loadingCmpv2SigningCert - CMPv2 Signing Certificate file is loading now" ::= { tmnxPkiCAProfileEntry 9 } tmnxPkiCAProfOcspRespUrl OBJECT-TYPE SYNTAX DisplayString (SIZE (0..180)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfOcspRespUrl specifies the URL of the OCSP (Online Certificate Status Protocol) responder." DEFVAL { ''H } ::= { tmnxPkiCAProfileEntry 10 } tmnxPkiCAProfOcspSvcID OBJECT-TYPE SYNTAX TmnxServId MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfOcspSvcID specifies the IES or VPRN service router instance in which to reach the OCSP (Online Certificate Status Protocol) URL (tmnxPkiCAProfOcspUrl). The value of tmnxPkiCAProfOcspSvcID must be zero when tmnxPkiCAProfOcspSvcName is not default and vice-versa. When the values of tmnxPkiCAProfOcspSvcID and tmnxPkiCAProfOcspSvcName are both default, the Base router instance is used." DEFVAL { 0 } ::= { tmnxPkiCAProfileEntry 11 } tmnxPkiCAProfOcspVerifyCertFile OBJECT-TYPE SYNTAX DisplayString (SIZE (0..180)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfOcspVerifyCertFile specifies the location and name of the certificate file which is used to verify the OCSP (Online Certificate Status Protocol) response." DEFVAL { ''H } ::= { tmnxPkiCAProfileEntry 12 } tmnxPkiCAProfOcspVerifyCertCA OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfOcspVerifyCertCA specifies whether to use certificate file configured in CA profile to verify the OCSP (Online Certificate Status Protocol) response." DEFVAL { true } ::= { tmnxPkiCAProfileEntry 13 } tmnxPkiCAProfOcspVerifyCertOvr OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfOcspVerifyCertOvr specifies whether to allow the system to use the certificate in the OCSP (Online Certificate Status Protocol) response if present, instead of the certificate configured by tmnxPkiCAProfOcspVerifyCertFile or tmnxPkiCAProfOcspVerifyCertCA." DEFVAL { true } ::= { tmnxPkiCAProfileEntry 14 } tmnxPkiCAProfCmpHttpTimeout OBJECT-TYPE SYNTAX Unsigned32 (1..3600) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfCmpHttpTimeout specifies the timeout interval Certificate Management Protocol version 2 (CMPv2) requests to the CA server." DEFVAL { 30 } ::= { tmnxPkiCAProfileEntry 15 } tmnxPkiCAProfCmpUrl OBJECT-TYPE SYNTAX DisplayString (SIZE (0..180)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfCmpUrl specifies the URL of the CA server." DEFVAL { ''H } ::= { tmnxPkiCAProfileEntry 16 } tmnxPkiCAProfCmpSvcID OBJECT-TYPE SYNTAX TmnxServId MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfCmpSvcID specifies the IES or VPRN service router instance in which to reach the CMP URL (tmnxPkiCAProfCmpUrl). The value of tmnxPkiCAProfCmpSvcID must be zero when tmnxPkiCAProfCmpSvcName is not default and vice-versa. When values of tmnxPkiCAProfCmpSvcName and tmnxPkiCAProfCmpSvcID are both default, the system first checks the management router instance. If the management router instance is unreachable, the Base router instance is used." DEFVAL { 0 } ::= { tmnxPkiCAProfileEntry 17 } tmnxPkiCAProfCmpRespSignCert OBJECT-TYPE SYNTAX DisplayString (SIZE (0..180)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfCmpRespSignCert specifies the location and name of the certificate file which is used to verify the signature of the response." DEFVAL { ''H } ::= { tmnxPkiCAProfileEntry 18 } tmnxPkiCAProfCmpAccUnprotErr OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfCmpAccUnprotErr specifies whether to accept unprotected error messages in this profile for CMPv2." DEFVAL { false } ::= { tmnxPkiCAProfileEntry 19 } tmnxPkiCAProfCmpAccUnprotPki OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfCmpAccUnprotPki specifies whether to accept unprotected PKI configuration messages in this profile for CMPv2." DEFVAL { false } ::= { tmnxPkiCAProfileEntry 20 } tmnxPkiCAProfCmpSameRecipNonce OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfCmpSameRecipNonce specifies whether to use the same recipient nonce for poll requests." DEFVAL { false } ::= { tmnxPkiCAProfileEntry 21 } tmnxPkiCAProfCmpAlSetSndrForIr OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfCmpAlSetSndrForIr specifies whether to always set the sender field in CMPv2 header of all Initial Registration (IR) messages with the subject name for this CA profile. The subject name is available in the IR message body, but certain CA implementation may require it in the sender field of the message header as well. By default, the sender field is only set if an optional certificate is specified in the CMPv2 request." DEFVAL { false } ::= { tmnxPkiCAProfileEntry 22 } tmnxPkiCAProfCmpHttpVersion OBJECT-TYPE SYNTAX INTEGER { v10 (1), v11 (2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfCmpHttpVersion specifies the HTTP version used in CMPv2 requests. The system by default uses HTTP version 1.1 unless explicitly specified." DEFVAL { v11 } ::= { tmnxPkiCAProfileEntry 23 } tmnxPkiCAProfRevokeChk OBJECT-TYPE SYNTAX INTEGER { crl (1), crlOptional (2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfRevokeChk specifies the method system uses to verify the revocation status of certificates issued by the CA." DEFVAL { crl } ::= { tmnxPkiCAProfileEntry 24 } tmnxPkiCAProfCmpSvcName OBJECT-TYPE SYNTAX TLNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfCmpSvcName specifies the IES or VPRN service name in which to reach the CMP URL (tmnxPkiCAProfCmpUrl). The value of tmnxPkiCAProfCmpSvcName must be empty when tmnxPkiCAProfCmpSvcID is not default and vice-versa. When the values of tmnxPkiCAProfCmpSvcName and tmnxPkiCAProfCmpSvcID are both default, the system first checks the management router instance. If the management router instance is unreachable, the Base router instance is used." DEFVAL { ''H } ::= { tmnxPkiCAProfileEntry 25 } tmnxPkiCAProfOcspSvcName OBJECT-TYPE SYNTAX TLNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfOcspSvcName specifies the IES or VPRN service name in which to reach the OCSP (Online Certificate Status Protocol) URL (tmnxPkiCAProfOcspUrl). The value of tmnxPkiCAProfOcspSvcName must be empty when tmnxPkiCAProfOcspSvcID is not default and vice-versa. When the values of tmnxPkiCAProfOcspSvcName and tmnxPkiCAProfOcspSvcID are both default, the Base router instance is used. Managers are encouraged to use tmnxPkiCAProfOcspTransProf (instead of tmnxPkiCAProfOcspSvcName) because tmnxPkiCAProfOcspSvcName will be deleted in a future release." DEFVAL { ''H } ::= { tmnxPkiCAProfileEntry 26 } tmnxPkiCAProfOcspTransProf OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfOcspTransProf specifies the name of the file transmission profile to be matched. Transmission profiles are configured using tmnxSysFileTransProfTable. Managers are encouraged to use tmnxPkiCAProfOcspTransProf (instead of tmnxPkiCAProfOcspSvcName) because tmnxPkiCAProfOcspSvcName will be deleted in a future release." DEFVAL { "" } ::= { tmnxPkiCAProfileEntry 27 } tmnxPkiCAProfCmpKeyTblLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "This value of the object tmnxPkiCAProfCmpKeyTblLastChgd indicates the timestamp of the last change to the tmnxPkiCAProfCmpKeyTable. A value of zero indicates that no changes were made to this table since the system was last initialized." ::= { tmnxPkiSecurityObjs 4 } tmnxPkiCAProfCmpKeyTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxPkiCAProfCmpKeyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxPkiCAProfCmpKeyTable contains the CA's initial authentication keys used for authentication in message exchanges with the CA server." ::= { tmnxPkiSecurityObjs 5 } tmnxPkiCAProfCmpKeyEntry OBJECT-TYPE SYNTAX TmnxPkiCAProfCmpKeyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single CA initial authentication key." INDEX { tmnxPkiCAProfile, tmnxPkiCAProfCmpKeyRefnum } ::= { tmnxPkiCAProfCmpKeyTable 1 } TmnxPkiCAProfCmpKeyEntry ::= SEQUENCE { tmnxPkiCAProfCmpKeyRefnum DisplayString, tmnxPkiCAProfCmpKeyRowStatus RowStatus, tmnxPkiCAProfCmpKeyLastChanged TimeStamp, tmnxPkiCAProfCmpKeySecret DisplayString } tmnxPkiCAProfCmpKeyRefnum OBJECT-TYPE SYNTAX DisplayString (SIZE (1..64)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxPkiCAProfCmpKeyRefnum specifies the reference number for this CA initial authentication key." ::= { tmnxPkiCAProfCmpKeyEntry 1 } tmnxPkiCAProfCmpKeyRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfCmpKeyRowStatus specifies row status for the Certificate-Authority profile." ::= { tmnxPkiCAProfCmpKeyEntry 2 } tmnxPkiCAProfCmpKeyLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxPkiCAProfCmpKeyLastChanged is the timestamp of last change to this row in tmnxPkiCAProfCmpKeyTable." ::= { tmnxPkiCAProfCmpKeyEntry 3 } tmnxPkiCAProfCmpKeySecret OBJECT-TYPE SYNTAX DisplayString (SIZE (0..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfCmpKeySecret specifies the shared secret for this CA initial authentication key. This object will always return an empty string on a read. The value of tmnxPkiCAProfCmpKeySecret must be specified at the time of row creation." DEFVAL { ''H } ::= { tmnxPkiCAProfCmpKeyEntry 4 } tmnxPkiCertDisplayFormat OBJECT-TYPE SYNTAX INTEGER { ascii (1), utf8 (2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCertDisplayFormat specifies the display format used for Certificates and Certificate Revocation Lists." DEFVAL { ascii } ::= { tmnxPkiSecurityObjs 7 } tmnxPkiCertExpWarningHours OBJECT-TYPE SYNTAX Integer32 (-1..8760) UNITS "hours" MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxPkiCertExpWarningHours specifies the time period (in hours) at which the system will generate the tmnxPkiCertBeforeExpWarning trap for all in-use certificates before expiration. If tmnxPkiCertExpWarningHours is configured, the system will also generate the tmnxPkiCertAfterExpWarning trap when a certificate expires. If both tmnxPkiCertExpWarningHours and tmnxPkiCertExpWarningRepeatHrs are configured to 0, the system will only generate the tmnxPkiCertAfterExpWarning trap when a certificate expires. A value of -1 indicates that tmnxPkiCertExpWarningHours is not configured. In this case, the system will not generate a trap even when a certificate expires. The objects tmnxPkiCertExpWarningHours and tmnxPkiCertExpWarningRepeatHrs have to be set together for the specific action to be performed." DEFVAL { -1 } ::= { tmnxPkiSecurityObjs 8 } tmnxPkiCertExpWarningRepeatHrs OBJECT-TYPE SYNTAX Integer32 (0..8760) UNITS "hours" MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxPkiCertExpWarningRepeatHrs specifies the time period (in hours) at which the system will repeatedly generate the tmnxPkiCertBeforeExpWarning trap for all in-use certificates before expiration. If both tmnxPkiCertExpWarningHours and tmnxPkiCertExpWarningRepeatHrs are configured to 0, the system will only generate the tmnxPkiCertAfterExpWarning trap when a certificate expires. The objects tmnxPkiCertExpWarningHours and tmnxPkiCertExpWarningRepeatHrs have to be set together for the specific action to be performed." DEFVAL { 0 } ::= { tmnxPkiSecurityObjs 9 } tmnxPkiCRLExpWarningHours OBJECT-TYPE SYNTAX Integer32 (-1..8760) UNITS "hours" MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxPkiCRLExpWarningHours specifies the time period (in hours) at which the system will generate the tmnxPkiCRLBeforeExpWarning trap for all in-use CRLs (certificate revocation lists) before expiration. If tmnxPkiCRLExpWarningHours is configured, the system will also generate the tmnxPkiCRLAfterExpWarning trap when a CRL expires. If both tmnxPkiCRLExpWarningHours and tmnxPkiCRLExpWarningRepeatHrs are configured to 0, the system will only generate the tmnxPkiCRLAfterExpWarning trap when a CRL expires. A value of -1 indicates that tmnxPkiCRLExpWarningHours is not configured. In this case, the system will not generate a trap even when a CRL expires. The objects tmnxPkiCRLExpWarningHours and tmnxPkiCRLExpWarningRepeatHrs have to be set together for the specific action to be performed." DEFVAL { -1 } ::= { tmnxPkiSecurityObjs 10 } tmnxPkiCRLExpWarningRepeatHrs OBJECT-TYPE SYNTAX Integer32 (0..8760) UNITS "hours" MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxPkiCRLExpWarningRepeatHrs specifies the time period (in hours) at which the system will repeatedly generate tmnxPkiCRLBeforeExpWarning trap for all in-use CRLs (certificate revocation lists) before expiration. If both tmnxPkiCRLExpWarningHours and tmnxPkiCRLExpWarningRepeatHrs are configured to 0, the system will only generate the tmnxPkiCRLAfterExpWarning trap when a CRL expires. The objects tmnxPkiCRLExpWarningHours and tmnxPkiCRLExpWarningRepeatHrs have to be set together for the specific action to be performed." DEFVAL { 0 } ::= { tmnxPkiSecurityObjs 11 } tmnxPkiCAProfAtCrlUpdTblLstChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxPkiCAProfAtCrlUpdTblLstChgd indicates the time, since system startup, when tmnxPkiCAProfAtCrlUpdTable last changed configuration. A value of zero indicates that no changes were made to this table since the system was last initialized." ::= { tmnxPkiSecurityObjs 12 } tmnxPkiCAProfAtCrlUpdTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxPkiCAProfAtCrlUpdEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxPkiCAProfAtCrlUpdTable contains objects used to configure instances of automated Certificate Revocation List (CRL) updates." ::= { tmnxPkiSecurityObjs 13 } tmnxPkiCAProfAtCrlUpdEntry OBJECT-TYPE SYNTAX TmnxPkiCAProfAtCrlUpdEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each tmnxPkiCAProfAtCrlUpdEntry contains the configuration for one automated Certificate Revocation List (CRL) update. Rows in tmnxPkiCAProfAtCrlUpdTable can only be created and destroyed via SNMP set operations to tmnxPkiCAProfAtCrlUpdRowStatus, when an associated row exists in tmnxPkiCAProfileTable." INDEX { tmnxPkiCAProfile } ::= { tmnxPkiCAProfAtCrlUpdTable 1 } TmnxPkiCAProfAtCrlUpdEntry ::= SEQUENCE { tmnxPkiCAProfAtCrlUpdRowStatus RowStatus, tmnxPkiCAProfAtCrlUpdLastChgd TimeStamp, tmnxPkiCAProfAtCrlUpdAdminState TmnxAdminState, tmnxPkiCAProfAtCrlUpdScheduleT INTEGER, tmnxPkiCAProfAtCrlUpdPrdcUpdIntv Unsigned32, tmnxPkiCAProfAtCrlUpdPreUpdTime Unsigned32, tmnxPkiCAProfAtCrlUpdRetryIntv Unsigned32, tmnxPkiCAProfAtCrlUpdLstSucsEtId Unsigned32, tmnxPkiCAProfAtCrlUpdLstSucsTmSt Unsigned32, tmnxPkiCAProfAtCrlUpdLstSucsTmEd Unsigned32, tmnxPkiCAProfAtCrlUpdNxCrlUpdTm Unsigned32 } tmnxPkiCAProfAtCrlUpdRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfAtCrlUpdRowStatus specifies the status of this row. It is used to create and delete row entries in tmnxPkiCAProfAtCrlUpdTable. In order to delete an entry, tmnxPkiCAProfAtCrlUpdAdminState must first be set to 'outOfService(3)'. When the tmnxPkiCAProfAtCrlUpdEntry is deleted, the agent also deletes all rows in the tmnxPkiCAProfUrlTable associated to the entry." ::= { tmnxPkiCAProfAtCrlUpdEntry 1 } tmnxPkiCAProfAtCrlUpdLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxPkiCAProfAtCrlUpdLastChgd indicates time, since system startup, that the configuration of this row was created or modified." ::= { tmnxPkiCAProfAtCrlUpdEntry 2 } tmnxPkiCAProfAtCrlUpdAdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfAtCrlUpdAdminState specifies the administrative state of this automated CRL update. Automated CRL update and manual CRL update are mutually exclusive. When the value of tmnxPkiCAProfAtCrlUpdAdminState is 'inService (2)', and the current CRL is missing, expired or unusable, then the system will start the update process immediately regardless of tmnxPkiCAProfAtCrlUpdScheduleT. When the value of tmnxPkiCAProfAtCrlUpdAdminState is 'outOfService (3)', the system shall stop the CRL update process immediately. tmnxPkiCAProfAtCrlUpdAdminState can only be configured to 'inService (2)', if tmnxPkiCAProfileAdminState is 'inService (2)' and the system is not manually updating a CRL file." DEFVAL { outOfService } ::= { tmnxPkiCAProfAtCrlUpdEntry 3 } tmnxPkiCAProfAtCrlUpdScheduleT OBJECT-TYPE SYNTAX INTEGER { nextUpdateBased (1), periodic (2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfAtCrlUpdScheduleT specifies the type of time scheduler to update the CRL. The value of tmnxPkiCAProfAtCrlUpdScheduleT must be either of 'nextUpdateBased (1)' or 'periodic (2)': Values: nextUpdateBased(1) The system starts updating a CRL file in tmnxPkiCAProfAtCrlUpdPreUpdTime seconds prior to the 'nextUpdate' value of the current CRL. It will try to download the CRL file from each URL location in order until it finds one that qualifies. If none of the configured URLs work or none of the downloaded CRLs qualifies, the system will wait for tmnxPkiCAProfAtCrlUpdRetryIntv seconds before attempting to download the CRL file again. In this case, if tmnxPkiCAProfAtCrlUpdRetryIntv is zero, the system will stop attempting to update the CRL file and tmnxPkiCAProfCrlCurUpdStatus is set to 'stopped (4)'. If the 'nextUpdate' field is missing from the CRL, then the system cannot schedule the next CRL update and tmnxPkiCAProfCrlCurUpdStatus is set to 'stopped (4)'. If the CRL is expected to be issued without a 'nextUpdate' field, then the periodic scheduler type should be used instead. periodic(2) The system updates the CRL file every tmnxPkiCAProfAtCrlUpdPrdcUpdIntv seconds. It will try to download a CRL from each URL location in order until it finds one that qualifies. If none of the configured URLs work or none of the downloaded CRLs qualifies, the system will try again in tmnxPkiCAProfAtCrlUpdPrdcUpdIntv seconds. The 'nextUpdate' field of the CRL, if present, is ignored in this mode. The cases that a downloaded CRL does not qualify are: - the downloaded CRL file cannot be decoded by the system (e.g., wrong file type, truncated content) - the downloaded CRL is not issued by the correct Certificate Authority (CA) - the downloaded CRL has expired or is not yet valid - the downloaded CRL has not been updated The URLs are configured using tmnxPkiCAProfUrlTable." REFERENCE "RFC 5280, 'Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile', IETF, May 2008, section 5, 'CRL and CRL Extensions Profile'." DEFVAL { nextUpdateBased } ::= { tmnxPkiCAProfAtCrlUpdEntry 4 } tmnxPkiCAProfAtCrlUpdPrdcUpdIntv OBJECT-TYPE SYNTAX Unsigned32 (3600..31622400) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfAtCrlUpdPrdcUpdIntv specifies the number of seconds required between the start time points of two consecutive CRL update operations. The value of tmnxPkiCAProfAtCrlUpdPrdcUpdIntv is only used when tmnxPkiCAProfAtCrlUpdScheduleT is set to 'periodic(2)'. The value of tmnxPkiCAProfAtCrlUpdPrdcUpdIntv is ignored when tmnxPkiCAProfAtCrlUpdScheduleT is set to 'nextUpdateBased(1)'. The maximum value of tmnxPkiCAProfAtCrlUpdPrdcUpdIntv is 366 days (31622400 seconds)." DEFVAL { 86400 } ::= { tmnxPkiCAProfAtCrlUpdEntry 5 } tmnxPkiCAProfAtCrlUpdPreUpdTime OBJECT-TYPE SYNTAX Unsigned32 (0..31622400) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfAtCrlUpdPreUpdTime specifies the number of seconds prior to the 'nextUpdate' time of the current CRL that the system shall download a new CRL. The value of tmnxPkiCAProfAtCrlUpdPreUpdTime is only used when tmnxPkiCAProfAtCrlUpdScheduleT is set to 'nextUpdateBased(1)'. The value of tmnxPkiCAProfAtCrlUpdPreUpdTime is ignored when tmnxPkiCAProfAtCrlUpdScheduleT is set to 'periodic(2)'. If the 'nextUpdate' field is missing, then the value of tmnxPkiCAProfAtCrlUpdPreUpdTime has no effect. The maximum value of tmnxPkiCAProfAtCrlUpdPreUpdTime is 366 days (31622400 seconds)." REFERENCE "RFC 5280, 'Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile', IETF, May 2008, section 5, 'CRL and CRL Extensions Profile'." DEFVAL { 3600 } ::= { tmnxPkiCAProfAtCrlUpdEntry 6 } tmnxPkiCAProfAtCrlUpdRetryIntv OBJECT-TYPE SYNTAX Unsigned32 (0..31622400) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfAtCrlUpdRetryIntv specifies the interval of time that the system shall wait before attempting to download the CRL file again, if none of the URLs works. The value of tmnxPkiCAProfAtCrlUpdRetryIntv is only used when tmnxPkiCAProfAtCrlUpdScheduleT is set to 'nextUpdateBased(1)'. The value of tmnxPkiCAProfAtCrlUpdRetryIntv is ignored when tmnxPkiCAProfAtCrlUpdScheduleT is set to 'periodic(2)'. If the value of tmnxPkiCAProfAtCrlUpdRetryIntv is zero and none of the URLs work, then the system will not attempt to download the CRL file any further and tmnxPkiCAProfCrlCurUpdStatus is set to 'stopped (4)'. The URLs are configured using tmnxPkiCAProfUrlTable." DEFVAL { 3600 } ::= { tmnxPkiCAProfAtCrlUpdEntry 7 } tmnxPkiCAProfAtCrlUpdLstSucsEtId OBJECT-TYPE SYNTAX Unsigned32 (0 | 1..8) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxPkiCAProfAtCrlUpdLstSucsEtId indicates the entry ID of the last successful automated CRL update. A value of zero is returned if the system never successfully updated a CRL file since tmnxPkiCAProfAtCrlUpdAdminState was configured to 'inService (2)'. The entry, which is configured using tmnxPkiCAProfUrlTable, contains the information for one URL which is where the system downloads the CRL file from." ::= { tmnxPkiCAProfAtCrlUpdEntry 8 } tmnxPkiCAProfAtCrlUpdLstSucsTmSt OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxPkiCAProfAtCrlUpdLstSucsTmSt indicates the time at which the last successful automated CRL update was initiated. It is measured in seconds from 1-Jan-1970 00:00:00 UTC. A value of zero indicates that the system has not successfully updated a CRL file since tmnxPkiCAProfAtCrlUpdAdminState was set to 'inService (2)'." ::= { tmnxPkiCAProfAtCrlUpdEntry 9 } tmnxPkiCAProfAtCrlUpdLstSucsTmEd OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxPkiCAProfAtCrlUpdLstSucsTmEd indicates the time at which the last successful automated CRL update was finished. It is measured in seconds from 1-Jan-1970 00:00:00 UTC. A value of zero indicates that the system has not successfully updated a CRL file since tmnxPkiCAProfAtCrlUpdAdminState was set to 'inService (2)'." ::= { tmnxPkiCAProfAtCrlUpdEntry 10 } tmnxPkiCAProfAtCrlUpdNxCrlUpdTm OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxPkiCAProfAtCrlUpdNxCrlUpdTm indicates the start time of the next scheduled update. It is measured in seconds from 1-Jan-1970 00:00:00 UTC. The next scheduled update time depends on the value of tmnxPkiCAProfAtCrlUpdScheduleT. A value of zero indicates that there is no scheduled update for the CRL." ::= { tmnxPkiCAProfAtCrlUpdEntry 11 } tmnxPkiCAProfUrlTablLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxPkiCAProfUrlTablLastChgd indicates the time, since system startup, when tmnxPkiCAProfUrlTable last changed configuration. A value of zero indicates that no changes were made to this table since the system was last initialized." ::= { tmnxPkiSecurityObjs 14 } tmnxPkiCAProfUrlTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxPkiCAProfUrlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxPkiCAProfUrlTable contains objects used to configure instances of URL information, which includes the URL location and the file transmission profile to use. The URL location indicates where an updated CRL can be downloaded from. The maximum number of rows in tmnxPkiCAProfUrlTable is 8." ::= { tmnxPkiSecurityObjs 15 } tmnxPkiCAProfUrlEntry OBJECT-TYPE SYNTAX TmnxPkiCAProfUrlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each tmnxPkiCAProfUrlEntry contains the information for one URL. Rows in tmnxPkiCAProfUrlTable are created and destroyed via SNMP set operations to tmnxPkiCAProfUrlRowStatus. When the tmnxPkiCAProfileEntry or tmnxPkiCAProfAtCrlUpdEntry is deleted, the agent also deletes all rows in the tmnxPkiCAProfUrlTable associated to the entry." INDEX { tmnxPkiCAProfile, tmnxPkiCAProfUrlId } ::= { tmnxPkiCAProfUrlTable 1 } TmnxPkiCAProfUrlEntry ::= SEQUENCE { tmnxPkiCAProfUrlId Unsigned32, tmnxPkiCAProfUrlRowStatus RowStatus, tmnxPkiCAProfUrlLastChanged TimeStamp, tmnxPkiCAProfUrl TmnxDisplayStringURL, tmnxPkiCAProfUrlFileTransProf TNamedItemOrEmpty } tmnxPkiCAProfUrlId OBJECT-TYPE SYNTAX Unsigned32 (1..8) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxPkiCAProfUrlId uniquely specifies one URL configured on this system." ::= { tmnxPkiCAProfUrlEntry 1 } tmnxPkiCAProfUrlRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfUrlRowStatus specifies the status of this row. It is used to create and delete row entries in tmnxPkiCAProfUrlTable." ::= { tmnxPkiCAProfUrlEntry 2 } tmnxPkiCAProfUrlLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxPkiCAProfUrlLastChanged indicates the time, since system startup, that the configuration of this row was created or modified." ::= { tmnxPkiCAProfUrlEntry 3 } tmnxPkiCAProfUrl OBJECT-TYPE SYNTAX TmnxDisplayStringURL MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfUrl specifies the URL, which specifies the location, where an updated CRL can be downloaded from. This object must be configured together with tmnxPkiCAProfUrlFileTransProf. The value of an empty string specifies no URL is configured." REFERENCE "RFC 1738. 'Uniform Resource Locators (URL)', IETF, December 1994." DEFVAL { "" } ::= { tmnxPkiCAProfUrlEntry 4 } tmnxPkiCAProfUrlFileTransProf OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfUrlFileTransProf specifies the name of the file transmission profile to be matched. This object must be configured together with tmnxPkiCAProfUrl. File transmission profiles are configured using tmnxSysFileTransProfTable. The value of an empty string specifies that no file transmission profile is configured." DEFVAL { "" } ::= { tmnxPkiCAProfUrlEntry 5 } tmnxPkiCAProfManCrlUpdTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxPkiCAProfManCrlUpdEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxPkiCAProfManCrlUpdTable contains objects used to configure instances of manual Certificate Revocation List (CRL) update operation." ::= { tmnxPkiSecurityObjs 16 } tmnxPkiCAProfManCrlUpdEntry OBJECT-TYPE SYNTAX TmnxPkiCAProfManCrlUpdEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each tmnxPkiCAProfManCrlUpdEntry contains the configuration for one manual Certificate Revocation List (CRL) update operation. Rows in tmnxPkiCAProfManCrlUpdTable are automatically created and destroyed when an associated row is created or destroyed in the tmnxPkiCAProfAtCrlUpdEntry." AUGMENTS { tmnxPkiCAProfAtCrlUpdEntry } ::= { tmnxPkiCAProfManCrlUpdTable 1 } TmnxPkiCAProfManCrlUpdEntry ::= SEQUENCE { tmnxPkiCAProfManCrlUpdAct TmnxActionType, tmnxPkiCAProfManCrlUpdAbort TmnxActionType } tmnxPkiCAProfManCrlUpdAct OBJECT-TYPE SYNTAX TmnxActionType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfManCrlUpdAct specifies whether or not to trigger the manual CRL update operation. Manual CRL update and automated CRL update are mutually exclusive. tmnxPkiCAProfManCrlUpdAct can only be configured to 'doAction (1)' when tmnxPkiCAProfAtCrlUpdAdminState is 'outOfService (3)' and tmnxPkiCAProfileAdminState is 'inService (2)'." ::= { tmnxPkiCAProfManCrlUpdEntry 1 } tmnxPkiCAProfManCrlUpdAbort OBJECT-TYPE SYNTAX TmnxActionType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiCAProfManCrlUpdAbort specifies whether or not to abort the manual CRL update operation. Manual CRL download and automated CRL update, which is configured via tmnxPkiCAProfAtCrlUpdTable, are mutually exclusive. tmnxPkiCAProfManCrlUpdAbort can only be configured to 'doAction (1)' when tmnxPkiCAProfAtCrlUpdAdminState is 'outOfService (3)' and tmnxPkiCAProfileAdminState is 'inService (2)'." ::= { tmnxPkiCAProfManCrlUpdEntry 2 } tmnxPkiCAProfCrlUpdTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxPkiCAProfCrlUpdEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxPkiCAProfCrlUpdTable contains the statistics information of the automated and manual Certificate Revocation List (CRL) update operations." ::= { tmnxPkiSecurityObjs 17 } tmnxPkiCAProfCrlUpdEntry OBJECT-TYPE SYNTAX TmnxPkiCAProfCrlUpdEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each tmnxPkiCAProfCrlUpdEntry contains the statistics information for the automated and manual Certificate Revocation List (CRL) update operation. Rows in tmnxPkiCAProfManCrlUpdTable are automatically created and destroyed when an associated row is created or destroyed in the tmnxPkiCAProfAtCrlUpdEntry." AUGMENTS { tmnxPkiCAProfAtCrlUpdEntry } ::= { tmnxPkiCAProfCrlUpdTable 1 } TmnxPkiCAProfCrlUpdEntry ::= SEQUENCE { tmnxPkiCAProfCrlCurUpdStatus INTEGER, tmnxPkiCAProfCrlCurUpdEtId Unsigned32, tmnxPkiCAProfCrlCurUpdStartTime Unsigned32, tmnxPkiCAProfAtCrlUpdLstFailedId Unsigned32, tmnxPkiCAProfAtCrlUpdLstFailTmSt Unsigned32, tmnxPkiCAProfAtCrlUpdLstFailTmEd Unsigned32, tmnxPkiCAProfAtCrlUpdLstFailReas INTEGER } tmnxPkiCAProfCrlCurUpdStatus OBJECT-TYPE SYNTAX INTEGER { notUpdating (0), autoScheduled (1), autoDownloading (2), manualDownloading (3), stopped (4), autoVerifying (5), manualVerifying (6) } MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxPkiCAProfCrlCurUpdStatus indicates the CRL update status of this row. Values: notUpdating (0) The system is not updating the CRL file. This happens when the following conditions are met: 1) The system is not manually updating a CRL file, and 2) tmnxPkiCAProfAtCrlUpdAdminState is 'outOfService (3)'. autoScheduled (1) The system is waiting for the next scheduled CRL update time (tmnxPkiCAProfAtCrlUpdNxCrlUpdTm) in an automated CRL update operation. This happens when the following conditions are met: 1) tmnxPkiCAProfAtCrlUpdAdminState is 'inService (2)', and 2) The next scheduled CRL update time is not reached. autoDownloading (2) The system is downloading the CRL file in an automated CRL update operation. This happens when the following conditions are met: 1) tmnxPkiCAProfAtCrlUpdAdminState is 'inService (2)', and 2) The current CRL is invalid, or next scheduled CRL update time is reached. manualDownloading (3) The system is downloading the CRL file in a manual CRL update operation (tmnxPkiCAProfManCrlUpdTable). stopped (4) The system stopped updating the CRL. This happens when one of the following conditions are met: 1) In the automated CRL update case, the system did not find a CRL that qualifies from any of the configured URLs. Meanwhile, tmnxPkiCAProfAtCrlUpdScheduleT is 'nextUpdateBased (1)' and the value of tmnxPkiCAProfAtCrlUpdRetryIntv is zero; or 2) In the automated CRL update case, the system finds a CRL that qualifies from one of the configured URLs, but the 'nextUpdate' field is missing. Meanwhile, tmnxPkiCAProfAtCrlUpdScheduleT is 'nextUpdateBased (1)'; or 3) In the manual CRL update case, the system did not find a CRL that qualifies from any of the configured URLs. 4) The manual CRL update was aborted by configuring tmnxPkiCAProfManCrlUpdAbort to 'doAction (1)'. tmnxPkiCAProfCrlCurUpdStatus will never be 'stopped (4)' when tmnxPkiCAProfAtCrlUpdScheduleT is 'periodic (2)'. In this case, after attempting all URLs, the system will try to update the CRL file again in tmnxPkiCAProfAtCrlUpdPrdcUpdIntv seconds. autoVerifying (5) The system is verifying the downloaded CRL file in an automated CRL update operation. manualVerifying (6) The system is verifying the downloaded CRL file in a manual CRL update operation." ::= { tmnxPkiCAProfCrlUpdEntry 1 } tmnxPkiCAProfCrlCurUpdEtId OBJECT-TYPE SYNTAX Unsigned32 (0 | 1..8) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxPkiCAProfCrlCurUpdEtId indicates the entry ID which is being used in the current update for a CRL file. A value of zero is returned if the value of tmnxPkiCAProfCrlCurUpdStatus is 'notUpdating (0)' or 'stopped (4)'. The entry, which is configured using tmnxPkiCAProfUrlTable, contains the information for one URL which is where the system downloads the CRL file from." ::= { tmnxPkiCAProfCrlUpdEntry 2 } tmnxPkiCAProfCrlCurUpdStartTime OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxPkiCAProfCrlCurUpdStartTime indicates the time at which the current automated CRL update was initiated. It is measured in seconds from 1-Jan-1970 00:00:00 UTC. A value of zero indicates that the system has not started updating a CRL file since tmnxPkiCAProfAtCrlUpdAdminState was set to 'inService (2)'." ::= { tmnxPkiCAProfCrlUpdEntry 3 } tmnxPkiCAProfAtCrlUpdLstFailedId OBJECT-TYPE SYNTAX Unsigned32 (0 | 1..8) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxPkiCAProfAtCrlUpdLstFailedId indicates the entry ID of the last failed automated CRL update. A value of zero is returned if the system has not failed to update any CRL file since tmnxPkiCAProfAtCrlUpdAdminState was configured to 'inService (2)'. The entry, which is configured using tmnxPkiCAProfUrlTable, contains the information for one URL which is where the system downloads the CRL file from." ::= { tmnxPkiCAProfCrlUpdEntry 4 } tmnxPkiCAProfAtCrlUpdLstFailTmSt OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxPkiCAProfAtCrlUpdLstFailTmSt indicates the time at which the last failed automated CRL update was initiated. It is measured in seconds from 1-Jan-1970 00:00:00 UTC. A value of zero indicates that the system has not failed to update any CRL file since tmnxPkiCAProfAtCrlUpdAdminState was set to 'inService (2)'." ::= { tmnxPkiCAProfCrlUpdEntry 5 } tmnxPkiCAProfAtCrlUpdLstFailTmEd OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxPkiCAProfAtCrlUpdLstFailTmEd indicates the time at which the last failed automated CRL update was finished. It is measured in seconds from 1-Jan-1970 00:00:00 UTC. A value of zero indicates that the system has not failed to update any CRL file since tmnxPkiCAProfAtCrlUpdAdminState was set to 'inService (2)'." ::= { tmnxPkiCAProfCrlUpdEntry 6 } tmnxPkiCAProfAtCrlUpdLstFailReas OBJECT-TYPE SYNTAX INTEGER { noFailure (0), downloadFailed (1), invalidCRL (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxPkiCAProfAtCrlUpdLstFailReas indicates the reason of the recent failed automated CRL update. noFailure (0) -- The system never fails to update the CRL file downloadFailed (1) -- The system failed to download the CRL file invalidCRL (2) -- The verification of the downloaded CRL file failed" ::= { tmnxPkiCAProfCrlUpdEntry 7 } tmnxPkiCAProfActnTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxPkiCAProfActnEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxPkiCAProfActnTable allows actions on the Certificate-Authority profiles." ::= { tmnxPkiSecurityObjs 22 } tmnxPkiCAProfActnEntry OBJECT-TYPE SYNTAX TmnxPkiCAProfActnEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxPkiCAProfActnEntry allows action on a specific Certificate-Authority profile." INDEX { tmnxPkiCAProfile } ::= { tmnxPkiCAProfActnTable 1 } TmnxPkiCAProfActnEntry ::= SEQUENCE { tmnxPkiCAProfActnType INTEGER, tmnxPkiCAProfAction TmnxActionType, tmnxPkiCAProfActnKey DisplayString, tmnxPkiCAProfActnProtAlgPass DisplayString, tmnxPkiCAProfActnProtAlgRef DisplayString, tmnxPkiCAProfActnProtAlgSigCert DisplayString, tmnxPkiCAProfActnProtAlgSigHash INTEGER, tmnxPkiCAProfActnSubjectDn DisplayString, tmnxPkiCAProfActnSaveAsFile DisplayString, tmnxPkiCAProfActnNewKey DisplayString, tmnxPkiCAProfActnStatus INTEGER, tmnxPkiCAProfActnStatusString DisplayString, tmnxPkiCAProfActnStatusCode INTEGER, tmnxPkiCAProfActnOrigCmdTime DateAndTime, tmnxPkiCAProfActnLastCAResp DateAndTime, tmnxPkiCAProfActnSendChain TruthValue, tmnxPkiCAProfActnSendChainCA TNamedItemOrEmpty, tmnxPkiCAProfActnProtKey DisplayString, tmnxPkiCAProfActnDomain TmnxLongDisplayString, tmnxPkiCAProfActnInetAddrType InetAddressType, tmnxPkiCAProfActnInetAddr InetAddress } tmnxPkiCAProfActnType OBJECT-TYPE SYNTAX INTEGER { initialRegistration (1), certRequest (2), keyUpdate (3), poll (4), clearRequest (5), abortRequest (6) } MAX-ACCESS read-write STATUS current DESCRIPTION "The tmnxPkiCAProfActnType specifies the action to be performed on the CA profile. The tmnxPkiCAProfActnType and tmnxPkiCAProfAction objects must be set together for the specific action to be performed." ::= { tmnxPkiCAProfActnEntry 1 } tmnxPkiCAProfAction OBJECT-TYPE SYNTAX TmnxActionType MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxPkiCAProfAction specifies to perform action specified in the tmnxPkiCAProfActnType object. The value of tmnxPkiCAProfAction will always be returned as 'notApplicable'. The tmnxPkiCAProfActnType and tmnxPkiCAProfAction objects must be set together for the specific action to be performed." DEFVAL { notApplicable } ::= { tmnxPkiCAProfActnEntry 2 } tmnxPkiCAProfActnKey OBJECT-TYPE SYNTAX DisplayString (SIZE (0..95)) MAX-ACCESS read-write STATUS current DESCRIPTION "The tmnxPkiCAProfActnKey specifies the key associated with requested action on the CA profile." DEFVAL { ''H } ::= { tmnxPkiCAProfActnEntry 3 } tmnxPkiCAProfActnProtAlgPass OBJECT-TYPE SYNTAX DisplayString (SIZE (0..64)) MAX-ACCESS read-write STATUS current DESCRIPTION "The tmnxPkiCAProfActnProtAlgPass specifies the password of the protection algorithm associated with requested action on the CA profile. The value of tmnxPkiCAProfActnProtAlgPass cannot be set to an empty string if tmnxPkiCAProfAction is set to 'initialRegistration' and the CMP request is to be protected by Message Authentication Code (MAC). GETs and GETNEXTs on this variable return an empty string." DEFVAL { ''H } ::= { tmnxPkiCAProfActnEntry 4 } tmnxPkiCAProfActnProtAlgRef OBJECT-TYPE SYNTAX DisplayString (SIZE (0..64)) MAX-ACCESS read-write STATUS current DESCRIPTION "The tmnxPkiCAProfActnProtAlgRef specifies the reference number of the protection algorithm associated with requested action on the CA profile. The value of tmnxPkiCAProfActnProtAlgRef cannot be set to an empty string if tmnxPkiCAProfAction is set to 'initialRegistration' and the CMP request is to be protected by Message Authentication Code (MAC)." DEFVAL { ''H } ::= { tmnxPkiCAProfActnEntry 5 } tmnxPkiCAProfActnProtAlgSigCert OBJECT-TYPE SYNTAX DisplayString (SIZE (0..95)) MAX-ACCESS read-write STATUS current DESCRIPTION "The tmnxPkiCAProfActnProtAlgSigCert specifies the signature certificate file for the protection algorithm associated with requested action on the CA profile. The value of tmnxPkiCAProfActnProtAlgSigCert cannot be set to an empty string if tmnxPkiCAProfAction is set to 'certRequest' or 'keyUpdate' and the CMP request is to be protected by Digital Signature." DEFVAL { ''H } ::= { tmnxPkiCAProfActnEntry 6 } tmnxPkiCAProfActnProtAlgSigHash OBJECT-TYPE SYNTAX INTEGER { null (1), md5 (2), sha1 (3), sha256 (4), sha384 (5), sha512 (6), sha224 (7) } MAX-ACCESS read-write STATUS current DESCRIPTION "The tmnxPkiCAProfActnProtAlgSigHash specifies the signature hash algorithm for the protection algorithm associated with requested action on the CA profile. The value of tmnxPkiCAProfActnProtAlgSigHash cannot be set to 'null' if tmnxPkiCAProfAction is set to 'initialRegistration' or 'certRequest' or 'keyUpdate', and the CMP request is to be protected by Digital Signature." DEFVAL { sha1 } ::= { tmnxPkiCAProfActnEntry 7 } tmnxPkiCAProfActnSubjectDn OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "The tmnxPkiCAProfActnSubjectDn specifies the domain of the subject associated with requested action on the CA profile. The value of tmnxPkiCAProfActnSubjectDn cannot be set to an empty string if tmnxPkiCAProfAction is set to 'initialRegistration' or 'certRequest'." DEFVAL { ''H } ::= { tmnxPkiCAProfActnEntry 8 } tmnxPkiCAProfActnSaveAsFile OBJECT-TYPE SYNTAX DisplayString (SIZE (0..200)) MAX-ACCESS read-write STATUS current DESCRIPTION "The tmnxPkiCAProfActnSaveAsFile specifies the file name to which resultant certificate is saved associated with the requested action on the CA profile. The value of tmnxPkiCAProfActnSaveAsFile cannot be set to an empty string if tmnxPkiCAProfAction is set to 'initialRegistration' or 'certRequest' or 'keyUpdate'." DEFVAL { ''H } ::= { tmnxPkiCAProfActnEntry 9 } tmnxPkiCAProfActnNewKey OBJECT-TYPE SYNTAX DisplayString (SIZE (0..95)) MAX-ACCESS read-write STATUS current DESCRIPTION "The tmnxPkiCAProfActnNewKey specifies the new key associated with requested action on the CA profile. The value of tmnxPkiCAProfActnNewKey cannot be set to an empty string if tmnxPkiCAProfAction is set to 'keyUpdate'." DEFVAL { ''H } ::= { tmnxPkiCAProfActnEntry 10 } tmnxPkiCAProfActnStatus OBJECT-TYPE SYNTAX INTEGER { processed (0), inProgress (1), failed (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxPkiCAProfActnStatus indicates the status of the last action on the CA profile." ::= { tmnxPkiCAProfActnEntry 11 } tmnxPkiCAProfActnStatusString OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxPkiCAProfActnStatusString indicates the detailed status of the last action on the CA profile." ::= { tmnxPkiCAProfActnEntry 12 } tmnxPkiCAProfActnStatusCode OBJECT-TYPE SYNTAX INTEGER { none (0), accepted (1), grantedWithMods (2), rejection (3), waiting (4), revocationWarning (5), revocationNotification (6), keyUpdateWarning (7) } MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxPkiCAProfActnStatusCode indicates the status of the last action on the CA profile." ::= { tmnxPkiCAProfActnEntry 13 } tmnxPkiCAProfActnOrigCmdTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxPkiCAProfActnOrigCmdTime indicates the time when original command request was issued." ::= { tmnxPkiCAProfActnEntry 14 } tmnxPkiCAProfActnLastCAResp OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxPkiCAProfActnLastCAResp indicates the last response from the the CA server." ::= { tmnxPkiCAProfActnEntry 15 } tmnxPkiCAProfActnSendChain OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The tmnxPkiCAProfActnSendChain specifies whether to send the chain in the extra certificates." DEFVAL { false } ::= { tmnxPkiCAProfActnEntry 16 } tmnxPkiCAProfActnSendChainCA OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-write STATUS current DESCRIPTION "The tmnxPkiCAProfActnSendChainCA specifies the Certificate Authority profile to pick the chain in case of multiple chains available. System will calculate the chain, if the value of this object is set to empty. The action will fail, if the unique chain can not be resolved." DEFVAL { ''H } ::= { tmnxPkiCAProfActnEntry 17 } tmnxPkiCAProfActnProtKey OBJECT-TYPE SYNTAX DisplayString (SIZE (0..95)) MAX-ACCESS read-write STATUS current DESCRIPTION "The tmnxPkiCAProfActnProtKey specifies the protection key associated with requested action on the CA profile." DEFVAL { ''H } ::= { tmnxPkiCAProfActnEntry 18 } tmnxPkiCAProfActnDomain OBJECT-TYPE SYNTAX TmnxLongDisplayString (SIZE (0..512)) MAX-ACCESS read-write STATUS current DESCRIPTION "The tmnxPkiCAProfActnDomain specifies the comma separated domain names associated with requested action on the CA profile. The tmnxPkiCAProfActnDomain may be set non-default when tmnxPkiCAProfAction is being set to 'initialRegistration' or 'certRequest'." DEFVAL { ''H } ::= { tmnxPkiCAProfActnEntry 19 } tmnxPkiCAProfActnInetAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-write STATUS current DESCRIPTION "The value of the object tmnxPkiCAProfActnInetAddrType specifies the address type of the 'tmnxPkiCAProfActnInetAddr' object." DEFVAL { unknown } ::= { tmnxPkiCAProfActnEntry 20 } tmnxPkiCAProfActnInetAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16)) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of the object tmnxPkiCAProfActnInetAddr specifies the IP address as 'subjectAltName' in certificate template of CMPv2 initial registration or certificate-request action. The tmnxPkiCAProfActnInetAddr must be set together with tmnxPkiCAProfActnInetAddrType object." DEFVAL { ''H } ::= { tmnxPkiCAProfActnEntry 21 } tmnxPkiCNListTableLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tmnxPkiCNListTableLastChanged indicates the timestamp of the last change to the tmnxPkiCNListTable. A value of zero indicates that no changes were made to this table since the system was last initialized." ::= { tmnxPkiSecurityObjs 23 } tmnxPkiCNListTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxPkiCNListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxPkiCNListTable is the Common Name List table. It contains lists of supported Common Names. Entries are created and deleted by the user. Common name is domain name or IP address, which is present in a certificate in field 'Common Name' (CN) or in the extension 'Subject Alternative Name' (SAN). Certificate is valid, if CN or one of SANs corresponds to any item in the CN List." ::= { tmnxPkiSecurityObjs 24 } tmnxPkiCNListEntry OBJECT-TYPE SYNTAX TmnxPkiCNListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxPkiCNListEntry is an entry (conceptual row) in the tmnxPkiCNListTable. Each entry represents the configuration for an ordered list of supported Common Names." INDEX { tmnxPkiCNListName } ::= { tmnxPkiCNListTable 1 } TmnxPkiCNListEntry ::= SEQUENCE { tmnxPkiCNListName TNamedItem, tmnxPkiCNListLastChanged TimeStamp, tmnxPkiCNListRowStatus RowStatus } tmnxPkiCNListName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the object tmnxPkiCNListName specifies the name of an ordered list of supported common names." ::= { tmnxPkiCNListEntry 1 } tmnxPkiCNListLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tmnxPkiCNListLastChanged indicates the sysUpTime at the time of the most recent management-initiated change to this entry." ::= { tmnxPkiCNListEntry 2 } tmnxPkiCNListRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxPkiCNListRowStatus indicates the status of the conceptual row in tmnxPkiCNListTable. Only values 'createAndGo(4)' and 'destroy(6)' are supported." ::= { tmnxPkiCNListEntry 3 } tmnxPkiCNListParamTableLstChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "This value of the object tmnxPkiCNListParamTableLstChgd indicates the timestamp of the last change to the tmnxPkiCNListParamTable. A value of zero indicates that no changes were made to this table since the system was last initialized." ::= { tmnxPkiSecurityObjs 25 } tmnxPkiCNListParamTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxPkiCNListParamEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxPkiCNListParamTable stores configuration and status information related to Common Names which belong to ordered lists of Common Names specified by entries in tmnxPkiCNListTable." ::= { tmnxPkiSecurityObjs 26 } tmnxPkiCNListParamEntry OBJECT-TYPE SYNTAX TmnxPkiCNListParamEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxPkiCNListParamEntry is an entry (conceptual row) in the tmnxPkiCNListParamTable. Each entry contains information pertaining to a Common Name which belongs to a list specified by tmnxPkiCNListName." INDEX { tmnxPkiCNListName, tmnxPkiCNListParamIndex } ::= { tmnxPkiCNListParamTable 1 } TmnxPkiCNListParamEntry ::= SEQUENCE { tmnxPkiCNListParamIndex Unsigned32, tmnxPkiCNListParamLastChanged TimeStamp, tmnxPkiCNListParamRowStatus RowStatus, tmnxPkiCNListParamCNType TmnxPkiCNType, tmnxPkiCNListParamCNValue TRegularExpression } tmnxPkiCNListParamIndex OBJECT-TYPE SYNTAX Unsigned32 (1..128) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the object tmnxPkiCNListParamIndex specifies the order of preference of a Common Name within the list specified by tmnxPkiCNListName." ::= { tmnxPkiCNListParamEntry 1 } tmnxPkiCNListParamLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxPkiCNListParamLastChanged is the timestamp of last change to this entry." ::= { tmnxPkiCNListParamEntry 2 } tmnxPkiCNListParamRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxPkiCNListParamRowStatus specifies the status of the conceptual row in tmnxPkiCNListParamTable." ::= { tmnxPkiCNListParamEntry 3 } tmnxPkiCNListParamCNType OBJECT-TYPE SYNTAX TmnxPkiCNType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxPkiCNListParamCNType specifies the type of Common Name." ::= { tmnxPkiCNListParamEntry 4 } tmnxPkiCNListParamCNValue OBJECT-TYPE SYNTAX TRegularExpression MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxPkiCNListParamCNValue specifies value of Common Name for which a certificate is issued." ::= { tmnxPkiCNListParamEntry 5 } tmnxPkiImportedFormat OBJECT-TYPE SYNTAX INTEGER { any (1), secure (2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxPkiImportedFormat specifies the supported encrypted file formats. any - both old and new encrypted file format are supported secure - only the new encrypted file format is supported" DEFVAL { any } ::= { tmnxPkiSecurityObjs 27 } tmnxCertMgrStatsGroup OBJECT IDENTIFIER ::= { tmnxSecurityObjects 19 } tmnxCertMgrAuthFailed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxCertMgrAuthFailed indicates the number of authentication failures using the certificates." ::= { tmnxCertMgrStatsGroup 1 } tmnxCertMgrAuthPassed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxCertMgrAuthPassed indicates the number of authentication checks passed using the certificates." ::= { tmnxCertMgrStatsGroup 2 } tmnxCertMgrTotalAuth OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The tmnxCertMgrTotalAuth indicates the number of authentication attempts using the certificates." ::= { tmnxCertMgrStatsGroup 3 } tmnxUserPublicKeyObjects OBJECT IDENTIFIER ::= { tmnxSecurityObjects 20 } tmnxUserPublicKeyTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxUserPublicKeyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxUserPublicKeyTable has entries for Secure Shell version 2 (SSHv2) RSA public keys configured for the system users." ::= { tmnxUserPublicKeyObjects 1 } tmnxUserPublicKeyEntry OBJECT-TYPE SYNTAX TmnxUserPublicKeyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row entry represents a Secure Shell version 2 (SSHv2) RSA public key associated with the system user. Entries in this table can be created and deleted via SNMP SET operations to tmnxUserPublicKeyRowStatus." INDEX { tmnxUserName, tmnxUserPublicKeyNumber } ::= { tmnxUserPublicKeyTable 1 } TmnxUserPublicKeyEntry ::= SEQUENCE { tmnxUserPublicKeyNumber Unsigned32, tmnxUserPublicKeyRowStatus RowStatus, tmnxUserPublicKeyLastChanged TimeStamp, tmnxUserPublicKeyName TmnxLongDisplayString, tmnxUserPublicKeyDescription TItemDescription } tmnxUserPublicKeyNumber OBJECT-TYPE SYNTAX Unsigned32 (1..32) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxUserPublicKeyNumber specifies the number of the Secure Shell version 2 (SSHv2) RSA public key that is associated with the system user." ::= { tmnxUserPublicKeyEntry 1 } tmnxUserPublicKeyRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserPublicKeyRowStatus specifies the row status of this entry. It is used for creation and deletion of the Secure Shell version 2 (SSHv2) RSA public key. Only values 'active (1)', 'createAndGo(4)', and 'destroy (6)' are supported." ::= { tmnxUserPublicKeyEntry 2 } tmnxUserPublicKeyLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxUserPublicKeyLastChanged indicates the timestamp of the last change to this row in tmnxUserPublicKeyTable." ::= { tmnxUserPublicKeyEntry 3 } tmnxUserPublicKeyName OBJECT-TYPE SYNTAX TmnxLongDisplayString (SIZE (0..800)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserPublicKeyName specifies the value of the Secure Shell version 2 (SSHv2) RSA public key associated with the system user." DEFVAL { ''H } ::= { tmnxUserPublicKeyEntry 4 } tmnxUserPublicKeyDescription OBJECT-TYPE SYNTAX TItemDescription MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserPublicKeyDescription specifies the user-provided string describing this RSA public key." DEFVAL { ''H } ::= { tmnxUserPublicKeyEntry 5 } tmnxUserPubKeyTableLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tmnxUserPubKeyTableLastChanged indicates the timestamp of the last change to the tmnxUserPublicKeyTable. A value of 0 indicates that no changes were made to this table since the system was last initialized." ::= { tmnxUserPublicKeyObjects 2 } tmnxUserPubEcdsaKeyTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxUserPubEcdsaKeyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxUserPubEcdsaKeyTable has entries for Secure Shell version 2 (SSHv2) ECDSA public keys configured for the system users." ::= { tmnxUserPublicKeyObjects 3 } tmnxUserPubEcdsaKeyEntry OBJECT-TYPE SYNTAX TmnxUserPubEcdsaKeyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row entry represents a Secure Shell version 2 (SSHv2) ECDSA public key associated with the system user. Entries in this table can be created and deleted via SNMP SET operations to tmnxUserPubEcdsaKeyRowStatus." INDEX { tmnxUserName, tmnxUserPubEcdsaKeyNumber } ::= { tmnxUserPubEcdsaKeyTable 1 } TmnxUserPubEcdsaKeyEntry ::= SEQUENCE { tmnxUserPubEcdsaKeyNumber Unsigned32, tmnxUserPubEcdsaKeyRowStatus RowStatus, tmnxUserPubEcdsaKeyLastChanged TimeStamp, tmnxUserPubEcdsaKeyName DisplayString, tmnxUserPubEcdsaKeyDescription TItemDescription } tmnxUserPubEcdsaKeyNumber OBJECT-TYPE SYNTAX Unsigned32 (1..32) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxUserPubEcdsaKeyNumber specifies the number of the Secure Shell version 2 (SSHv2) ECDSA public key that is associated with the system user." ::= { tmnxUserPubEcdsaKeyEntry 1 } tmnxUserPubEcdsaKeyRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserPubEcdsaKeyRowStatus specifies the row status of this entry. It is used for creation and deletion of the Secure Shell version 2 (SSHv2) ECDSA public key. Only values 'active (1)', 'createAndGo(4)', and 'destroy (6)' are supported." ::= { tmnxUserPubEcdsaKeyEntry 2 } tmnxUserPubEcdsaKeyLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxUserPubEcdsaKeyLastChanged indicates the timestamp of the last change to this row in tmnxUserPubEcdsaKeyTable." ::= { tmnxUserPubEcdsaKeyEntry 3 } tmnxUserPubEcdsaKeyName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserPubEcdsaKeyName specifies the value of the Secure Shell version 2 (SSHv2) ECDSA public key associated with the system user." DEFVAL { ''H } ::= { tmnxUserPubEcdsaKeyEntry 4 } tmnxUserPubEcdsaKeyDescription OBJECT-TYPE SYNTAX TItemDescription MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxUserPubEcdsaKeyDescription specifies the user-provided string describing this ECDSA public key." DEFVAL { ''H } ::= { tmnxUserPubEcdsaKeyEntry 5 } tmnxUserPubEcdsaKeyTblLstChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tmnxUserPubEcdsaKeyTblLstChgd indicates the timestamp of the last change to the tmnxUserPubEcdsaKeyTable. A value of 0 indicates that no changes were made to this table since the system was last initialized." ::= { tmnxUserPublicKeyObjects 4 } tmnxUserActionObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 21 } tmnxUserActionUserName OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxUserActionUserName specifies the user name on which the action applies." ::= { tmnxUserActionObjs 1 } tmnxUserActionUnlock OBJECT-TYPE SYNTAX TmnxActionType MAX-ACCESS read-write STATUS current DESCRIPTION "When tmnxUserActionUnlock is set to 'doAction', the user specified in tmnxUserActionUserName can make again tmnxPasswordAttemptsCount unsuccessful login attempts before he is locked out for tmnxPasswordAttemptsLockoutPeriod minutes, and his exponential backoff period is reset to 1 second if slcLoginExponentialBackOff is set to 'true'. When setting the value of this object to 'doAction', the value of tmnxUserActionUserName must be set as well in the same SNMP SET PDU. If the value of tmnxUserActionUserName is set to an empty string, this action applies to all users." ::= { tmnxUserActionObjs 2 } tmnxUserActionClearPwdHistory OBJECT-TYPE SYNTAX TmnxActionType MAX-ACCESS read-write STATUS current DESCRIPTION "When tmnxUserActionClearPwdHistory is set to 'doAction', the password history of one or more users will be cleared, allowing them to reuse any password that they previously used. When setting the value of this object to 'doAction', the value of tmnxUserActionUserName must be set as well in the same SNMP SET PDU. If the value of tmnxUserActionUserName is set to a non-empty string only the password history of the specified user will be cleared. Otherwise the password history of all users will be cleared." ::= { tmnxUserActionObjs 3 } tmnxTacPlusPrivLvlMapTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxTacPlusPrivLvlMapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table which maps privilege levels to user profiles. This table is used during TACACS+ authorization to map priv-lvl to a user profile when tmnxTacPlusAuthorUsePrivLvl is 'true(1)', and it is also used during the TACACS+ enable request to map tmnxTacPlusEnableAdminPrivLvl to a user profile." ::= { tmnxSecurityObjects 22 } tmnxTacPlusPrivLvlMapEntry OBJECT-TYPE SYNTAX TmnxTacPlusPrivLvlMapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single user profile." INDEX { tmnxTacPlusPrivLvlMapPrivLvl } ::= { tmnxTacPlusPrivLvlMapTable 1 } TmnxTacPlusPrivLvlMapEntry ::= SEQUENCE { tmnxTacPlusPrivLvlMapPrivLvl Unsigned32, tmnxTacPlusPrivLvlRowStatus RowStatus, tmnxTacPlusPrivLvlMapUserProfile TNamedItem } tmnxTacPlusPrivLvlMapPrivLvl OBJECT-TYPE SYNTAX Unsigned32 (0..15) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxTacPlusPrivLvlMapPrivLvl specifies the privilege level for this mapping." ::= { tmnxTacPlusPrivLvlMapEntry 1 } tmnxTacPlusPrivLvlRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxTacPlusPrivLvlRowStatus controls the creation and deletion of rows in this table." ::= { tmnxTacPlusPrivLvlMapEntry 2 } tmnxTacPlusPrivLvlMapUserProfile OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxTacPlusPrivLvlMapUserProfile specifies the user profile for this mapping. This user profile refers to a profile configured in tmnxUserProfileTable." ::= { tmnxTacPlusPrivLvlMapEntry 3 } tmnxOcspCacheTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxOcspCacheEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxOcspCacheTable maintains a cache of OCSP (Online Certificate Status Protocol) requests." ::= { tmnxSecurityObjects 23 } tmnxOcspCacheEntry OBJECT-TYPE SYNTAX TmnxOcspCacheEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxOcspCacheEntry maintains OCSP cache of an OCSP request." INDEX { tmnxOcspCacheEntryId } ::= { tmnxOcspCacheTable 1 } TmnxOcspCacheEntry ::= SEQUENCE { tmnxOcspCacheEntryId Integer32, tmnxOcspCacheCertSerial OCTET STRING, tmnxOcspCacheCertIssuer TLDisplayString, tmnxOcspCacheExpiry Unsigned32, tmnxOcspCacheCertStatus INTEGER } tmnxOcspCacheEntryId OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxOcspCacheEntryId indicates the local cache entry identifier of the certificate that was validated by the OCSP responder." ::= { tmnxOcspCacheEntry 1 } tmnxOcspCacheCertSerial OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..20)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxOcspCacheCertSerial indicates the the serial number of the certificate associated with this OCSP (Online Certificate Status Protocol) cache entry." ::= { tmnxOcspCacheEntry 2 } tmnxOcspCacheCertIssuer OBJECT-TYPE SYNTAX TLDisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxOcspCacheCertIssuer indicates the issuer of the certificate that was validated by the OCSP responder." ::= { tmnxOcspCacheEntry 3 } tmnxOcspCacheExpiry OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxOcspCacheExpiry indicates the time at which this cache entry will automatically be purged by the system." ::= { tmnxOcspCacheEntry 4 } tmnxOcspCacheCertStatus OBJECT-TYPE SYNTAX INTEGER { good (0), revoked (1) } MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxOcspCacheCertStatus indicates status of the certificate associated with this OCSP (Online Certificate Status Protocol) cache entry." ::= { tmnxOcspCacheEntry 5 } tmnxSecurityTech OBJECT IDENTIFIER ::= { tmnxSecurityObjects 24 } tmnxSecurityTechSupportLocation OBJECT-TYPE SYNTAX TmnxDisplayStringURL MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxSecurityTechSupportLocation specifies the default file path for generated tech-support files. If not specified, there is no default location, and one must be manually specified when generating an admin tech-support file." DEFVAL { "" } ::= { tmnxSecurityTech 1 } tmnxSSHCipherTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxSSHCipherEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This Table indicates the ciphers allowed for SSH protocol version 1 and SSH protocol version 2." ::= { tmnxSecurityObjects 25 } tmnxSSHCipherEntry OBJECT-TYPE SYNTAX TmnxSSHCipherEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single cipher." INDEX { tmnxSSHCipherProtocolVersion, tmnxSSHCipherNumber } ::= { tmnxSSHCipherTable 1 } TmnxSSHCipherEntry ::= SEQUENCE { tmnxSSHCipherProtocolVersion INTEGER, tmnxSSHCipherNumber TSSHCipherNumber, tmnxSSHCipherName DisplayString } tmnxSSHCipherProtocolVersion OBJECT-TYPE SYNTAX INTEGER { version1 (1), version2 (2) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxSSHCipherProtocolVersion indicates the SSH protocol version." ::= { tmnxSSHCipherEntry 1 } tmnxSSHCipherNumber OBJECT-TYPE SYNTAX TSSHCipherNumber MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxSSHCipherNumber indicates the cipher." ::= { tmnxSSHCipherEntry 2 } tmnxSSHCipherName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxSSHCipherName indicates the name of the cipher." ::= { tmnxSSHCipherEntry 3 } tmnxSSHServerCipherListTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxSSHServerCipherListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to configure the ordered list of ciphers allowed for SSH protocol version 1 and SSH protocol version 2 by the SSH server." ::= { tmnxSecurityObjects 26 } tmnxSSHServerCipherListEntry OBJECT-TYPE SYNTAX TmnxSSHServerCipherListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single cipher in the cipher list." INDEX { tmnxSSHCipherProtocolVersion, tmnxSSHServerCipherListIndex } ::= { tmnxSSHServerCipherListTable 1 } TmnxSSHServerCipherListEntry ::= SEQUENCE { tmnxSSHServerCipherListIndex Integer32, tmnxSSHServerCipherListRowStatus RowStatus, tmnxSSHServerCipherListNumber TSSHCipherNumber } tmnxSSHServerCipherListIndex OBJECT-TYPE SYNTAX Integer32 (1..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxSSHServerCipherListIndex specifies the position of this cipher in the cipher list." ::= { tmnxSSHServerCipherListEntry 1 } tmnxSSHServerCipherListRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxSSHServerCipherListRowStatus specifies the row status of this entry." ::= { tmnxSSHServerCipherListEntry 2 } tmnxSSHServerCipherListNumber OBJECT-TYPE SYNTAX TSSHCipherNumber MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxSSHServerCipherListNumber specifies the cipher." DEFVAL { none } ::= { tmnxSSHServerCipherListEntry 3 } tmnxSSHClientCipherListTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxSSHClientCipherListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to configure the ordered list of ciphers allowed for SSH protocol version 1 and SSH protocol version 2 by the SSH client." ::= { tmnxSecurityObjects 27 } tmnxSSHClientCipherListEntry OBJECT-TYPE SYNTAX TmnxSSHClientCipherListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single cipher in the cipher list." INDEX { tmnxSSHCipherProtocolVersion, tmnxSSHClientCipherListIndex } ::= { tmnxSSHClientCipherListTable 1 } TmnxSSHClientCipherListEntry ::= SEQUENCE { tmnxSSHClientCipherListIndex Integer32, tmnxSSHClientCipherListRowStatus RowStatus, tmnxSSHClientCipherListNumber TSSHCipherNumber } tmnxSSHClientCipherListIndex OBJECT-TYPE SYNTAX Integer32 (1..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxSSHClientCipherListIndex specifies the position of this cipher in the cipher list." ::= { tmnxSSHClientCipherListEntry 1 } tmnxSSHClientCipherListRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxSSHClientCipherListRowStatus specifies the row status of this entry." ::= { tmnxSSHClientCipherListEntry 2 } tmnxSSHClientCipherListNumber OBJECT-TYPE SYNTAX TSSHCipherNumber MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxSSHClientCipherListNumber specifies the cipher." DEFVAL { none } ::= { tmnxSSHClientCipherListEntry 3 } tmnxCliScriptAuthObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 29 } tmnxCliScriptAuthTblLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tmnxCliScriptAuthTblLastChange indicates the value of sysUpTime at the time of the last modification of a row in the tmnxCliScriptAuthTable." ::= { tmnxCliScriptAuthObjs 1 } tmnxCliScriptAuthTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxCliScriptAuthEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table tmnxCliScriptAuthTable contains the information pertaining to authorization of cli script execution. User profile names are associated with CLI command scripts started by Cron, Event Handling System (EHS) or VSD." ::= { tmnxCliScriptAuthObjs 2 } tmnxCliScriptAuthEntry OBJECT-TYPE SYNTAX TmnxCliScriptAuthEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Rows in table tmnxCliScriptAuthTable are created and destroyed by SNMP set operations on the object tmnxCliScriptAuthRowStatus." INDEX { tmnxCliScriptAuthUserType, IMPLIED tmnxCliScriptAuthUserName } ::= { tmnxCliScriptAuthTable 1 } TmnxCliScriptAuthEntry ::= SEQUENCE { tmnxCliScriptAuthUserType TmnxScriptAuthType, tmnxCliScriptAuthUserName TNamedItem, tmnxCliScriptAuthRowStatus RowStatus } tmnxCliScriptAuthUserType OBJECT-TYPE SYNTAX TmnxScriptAuthType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the index object tmnxCliScriptAuthUserType specifies the type of module that will execute a CLI command script. The value 'none (0)' cannot be used as a table index." ::= { tmnxCliScriptAuthEntry 1 } tmnxCliScriptAuthUserName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the index object tmnxCliScriptAuthUserName specifies user profile name to be used for command authorization when executing a CLI command script started by the module specified by the value of tmnxCliScriptAuthUserType." ::= { tmnxCliScriptAuthEntry 2 } tmnxCliScriptAuthRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxCliScriptAuthRowStatus specifies the status of the conceptual row in tmnxCliScriptAuthTable. Row is created and destroyed by SNMP SET operations on this object. Only values 'createAndGo(4)' and 'destroy(6)' are supported." ::= { tmnxCliScriptAuthEntry 3 } tmnxCliSessionGroupTableLstChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tmnxCliSessionGroupTableLstChgd indicates the sysUpTime at the time of the last modification of tmnxCliSessionGroupTable. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxSecurityObjects 30 } tmnxCliSessionGroupTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxCliSessionGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to store Cli Session Group parameters" ::= { tmnxSecurityObjects 31 } tmnxCliSessionGroupEntry OBJECT-TYPE SYNTAX TmnxCliSessionGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "tmnxCliSessionGroupEntry is an entry in tmnxCliSessionGroupTable. Entries in this table can be created and deleted via SNMP SET operations to tmnxCliSessionGroupRowStatus." INDEX { tmnxCliSessionGroupName } ::= { tmnxCliSessionGroupTable 1 } TmnxCliSessionGroupEntry ::= SEQUENCE { tmnxCliSessionGroupName TNamedItem, tmnxCliSessionGroupLastChanged TimeStamp, tmnxCliSessionGroupRowStatus RowStatus, tmnxCliSessionGroupDescription TItemDescription, tmnxCliSessionGroupSshLimit TmnxSessionLimit, tmnxCliSessionGroupTelnetLimit TmnxSessionLimit, tmnxCliSessionGroupTotalLimit TmnxSessionLimit } tmnxCliSessionGroupName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the object tmnxCliSessionGroupName specifies the name of the Cli Session Group." ::= { tmnxCliSessionGroupEntry 1 } tmnxCliSessionGroupLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tmnxCliSessionGroupLastChanged indicates the timestamp of the last change of this row in tmnxCliSessionGroupTable." ::= { tmnxCliSessionGroupEntry 2 } tmnxCliSessionGroupRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxCliSessionGroupRowStatus specifies the status of the conceptual row in tmnxCliSessionGroupTable. Rows are created and destroyed by SNMP SET operations on this object. Only values 'active(1)', 'createAndGo(4)' and 'destroy(6)' are supported." ::= { tmnxCliSessionGroupEntry 3 } tmnxCliSessionGroupDescription OBJECT-TYPE SYNTAX TItemDescription MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxCliSessionGroupDescription specifies the user-provided description for given Cli Session Group." DEFVAL { ''H } ::= { tmnxCliSessionGroupEntry 4 } tmnxCliSessionGroupSshLimit OBJECT-TYPE SYNTAX TmnxSessionLimit MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxCliSessionGroupSshLimit specifies the maximum limit of concurrent SSH sessions for given Cli Session Group." DEFVAL { -1 } ::= { tmnxCliSessionGroupEntry 5 } tmnxCliSessionGroupTelnetLimit OBJECT-TYPE SYNTAX TmnxSessionLimit MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxCliSessionGroupTelnetLimit specifies the maximum limit of concurrent TELNET sessions for given Cli Session Group." DEFVAL { -1 } ::= { tmnxCliSessionGroupEntry 6 } tmnxCliSessionGroupTotalLimit OBJECT-TYPE SYNTAX TmnxSessionLimit MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxCliSessionGroupTotalLimit specifies the combined maximum limit of concurrent TELNET and SSH sessions for given Cli Session Group." DEFVAL { -1 } ::= { tmnxCliSessionGroupEntry 7 } tmnxSSHMacTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxSSHMacEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This Table indicates the MAC algorithms allowed for SSH protocol version 2." ::= { tmnxSecurityObjects 32 } tmnxSSHMacEntry OBJECT-TYPE SYNTAX TmnxSSHMacEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single MAC algorithm." INDEX { tmnxSSHMacNumber } ::= { tmnxSSHMacTable 1 } TmnxSSHMacEntry ::= SEQUENCE { tmnxSSHMacNumber TSSHMacNumber, tmnxSSHMacName DisplayString } tmnxSSHMacNumber OBJECT-TYPE SYNTAX TSSHMacNumber MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxSSHMacNumber indicates the MAC algorithm." ::= { tmnxSSHMacEntry 1 } tmnxSSHMacName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxSSHMacName indicates the name of the MAC algorithm." ::= { tmnxSSHMacEntry 2 } tmnxSSHServerMacListTableLstChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tmnxSSHServerMacListTableLstChgd indicates the timestamp of the last change to the tmnxSSHServerMacListTable. A value of zero indicates that no changes were made to this table since the system was last initialized." ::= { tmnxSecurityObjects 33 } tmnxSSHServerMacListTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxSSHServerMacListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to configure the ordered list of MACs allowed for SSH protocol version 2 by the SSH server." ::= { tmnxSecurityObjects 34 } tmnxSSHServerMacListEntry OBJECT-TYPE SYNTAX TmnxSSHServerMacListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single MAC algorithm in the MAC list." INDEX { tmnxSSHServerMacListIndex } ::= { tmnxSSHServerMacListTable 1 } TmnxSSHServerMacListEntry ::= SEQUENCE { tmnxSSHServerMacListIndex Unsigned32, tmnxSSHServerMacListLastChanged TimeStamp, tmnxSSHServerMacListRowStatus RowStatus, tmnxSSHServerMacListNumber TSSHMacNumber } tmnxSSHServerMacListIndex OBJECT-TYPE SYNTAX Unsigned32 (1..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the object tmnxSSHServerMacListIndex specifies the position of this MAC in the MAC list." ::= { tmnxSSHServerMacListEntry 1 } tmnxSSHServerMacListLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tmnxSSHServerMacListLastChanged is the timestamp of last change to this entry." ::= { tmnxSSHServerMacListEntry 2 } tmnxSSHServerMacListRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxSSHServerMacListRowStatus specifies the row status of this entry. Only values 'active(1)', 'createAndGo(4)' and 'destroy(6)' are supported." ::= { tmnxSSHServerMacListEntry 3 } tmnxSSHServerMacListNumber OBJECT-TYPE SYNTAX TSSHMacNumber MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxSSHServerMacListNumber specifies the MAC algorithm." ::= { tmnxSSHServerMacListEntry 4 } tmnxSSHClientMacListTableLstChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tmnxSSHClientMacListTableLstChgd indicates the timestamp of the last change to the tmnxSSHServerMacListTable. A value of zero indicates that no changes were made to this table since the system was last initialized." ::= { tmnxSecurityObjects 35 } tmnxSSHClientMacListTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxSSHClientMacListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to configure the ordered list of MACs allowed for SSH protocol version 2 by the SSH client." ::= { tmnxSecurityObjects 36 } tmnxSSHClientMacListEntry OBJECT-TYPE SYNTAX TmnxSSHClientMacListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single MAC algorithm in the MAC list." INDEX { tmnxSSHClientMacListIndex } ::= { tmnxSSHClientMacListTable 1 } TmnxSSHClientMacListEntry ::= SEQUENCE { tmnxSSHClientMacListIndex Unsigned32, tmnxSSHClientMacListLastChanged TimeStamp, tmnxSSHClientMacListRowStatus RowStatus, tmnxSSHClientMacListNumber TSSHMacNumber } tmnxSSHClientMacListIndex OBJECT-TYPE SYNTAX Unsigned32 (1..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the object tmnxSSHClientMacListIndex specifies the position of this MAC in the MAC list." ::= { tmnxSSHClientMacListEntry 1 } tmnxSSHClientMacListLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tmnxSSHClientMacListLastChanged is the timestamp of last change to this entry." ::= { tmnxSSHClientMacListEntry 2 } tmnxSSHClientMacListRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxSSHClientMacListRowStatus specifies the row status of this entry. Only values 'active(1)', 'createAndGo(4)' and 'destroy(6)' are supported." ::= { tmnxSSHClientMacListEntry 3 } tmnxSSHClientMacListNumber OBJECT-TYPE SYNTAX TSSHMacNumber MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxSSHClientMacListNumber specifies the MAC algorithm." ::= { tmnxSSHClientMacListEntry 4 } tmnxSSHServerKeyReExchangeObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 37 } tmnxSSHServerKeyReExLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tmnxSSHServerKeyReExLastChanged indicates the timestamp of the last change to the tmnxSSHServerKeyReExchangeObjs. A value of 0 indicates that no changes were made to this table since the system was last initialized." ::= { tmnxSSHServerKeyReExchangeObjs 1 } tmnxSSHServerKeyReExAdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-write STATUS current DESCRIPTION "The value of the object tmnxSSHServerKeyReExAdminState specifies the desired administrative state of the server key re-exchange functionality. When the value is 'outOfService' the ssh server will not initiate key re-exchange when bytes or minutes thresholds are reached." DEFVAL { inService } ::= { tmnxSSHServerKeyReExchangeObjs 2 } tmnxSSHServerKeyReExMinutes OBJECT-TYPE SYNTAX Unsigned32 (0 | 1..1440) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of the object tmnxSSHServerKeyReExMinutes specifies the time interval at which the ssh server will initiate the key re-exchange with client. When the value of tmnxSSHServerKeyReExMinutes is set to '0', it disables initiating key re-exchange at time intervals." DEFVAL { 60 } ::= { tmnxSSHServerKeyReExchangeObjs 3 } tmnxSSHServerKeyReExMBytes OBJECT-TYPE SYNTAX Unsigned32 (0 | 1..64000) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of the object tmnxSSHServerKeyReExMBytes specifies amount of data transferred after which the ssh server will initiate the key re-exchange with client. When the value of tmnxSSHServerKeyReExMBytes is set to '0', it disables initiating key re-exchange based on amount of transferred data." DEFVAL { 1024 } ::= { tmnxSSHServerKeyReExchangeObjs 4 } tmnxSSHClientKeyReExchangeObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 38 } tmnxSSHClientKeyReExLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tmnxSSHClientKeyReExLastChanged indicates the timestamp of the last change to the tmnxSSHClientKeyReExchangeObjs. A value of 0 indicates that no changes were made to this table since the system was last initialized." ::= { tmnxSSHClientKeyReExchangeObjs 1 } tmnxSSHClientKeyReExAdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-write STATUS current DESCRIPTION "The value of the object tmnxSSHClientKeyReExAdminState specifies the desired administrative state of the client key re-exchange functionality. When the value is 'outOfService' the ssh client will not initiate key re-exchange when bytes or minutes thresholds are reached." DEFVAL { inService } ::= { tmnxSSHClientKeyReExchangeObjs 2 } tmnxSSHClientKeyReExMinutes OBJECT-TYPE SYNTAX Unsigned32 (0 | 1..1440) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of the object tmnxSSHClientKeyReExMinutes specifies the time interval at which the ssh client will initiate the key re-exchange with server. When the value of tmnxSSHClientKeyReExMinutes is set to '0', it disables initiating key re-exchange at time intervals." DEFVAL { 60 } ::= { tmnxSSHClientKeyReExchangeObjs 3 } tmnxSSHClientKeyReExMBytes OBJECT-TYPE SYNTAX Unsigned32 (0 | 1..64000) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of the object tmnxSSHClientKeyReExMBytes specifies amount of data transferred after which the ssh client will initiate the key re-exchange with server. When the value of tmnxSSHClientKeyReExMBytes is set to '0', it disables initiating key re-exchange based on amount of transferred data." DEFVAL { 1024 } ::= { tmnxSSHClientKeyReExchangeObjs 4 } tmnxServerAccessCtlObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 39 } tmnxAllowServersAccess OBJECT-TYPE SYNTAX BITS { ssh (0), telnet (1), ftp (2), telnet6 (3), netconf (4), grpc (5) } MAX-ACCESS read-write STATUS current DESCRIPTION "tmnxAllowServersAccess is used to allow/disallow access to management interfaces running on the system. By default, access to all servers is allowed." DEFVAL { {ssh, telnet, ftp, telnet6, netconf, grpc} } ::= { tmnxServerAccessCtlObjs 1 } tmnxServerAccessCtlObjsLstChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tmnxServerAccessCtlObjsLstChgd indicates the sysUpTime at the time of the last modification of tmnxServerAccessCtlObjs. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxServerAccessCtlObjs 2 } tmnxSSHKexTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxSSHKexEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This Table indicates the KEX algorithms allowed for SSH protocol version 2." ::= { tmnxSecurityObjects 40 } tmnxSSHKexEntry OBJECT-TYPE SYNTAX TmnxSSHKexEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single KEX algorithm." INDEX { tmnxSSHKexNumber } ::= { tmnxSSHKexTable 1 } TmnxSSHKexEntry ::= SEQUENCE { tmnxSSHKexNumber TSSHKexNumber, tmnxSSHKexName DisplayString } tmnxSSHKexNumber OBJECT-TYPE SYNTAX TSSHKexNumber MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxSSHKexNumber indicates the KEX algorithm." ::= { tmnxSSHKexEntry 1 } tmnxSSHKexName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxSSHKexName indicates the name of the KEX algorithm." ::= { tmnxSSHKexEntry 2 } tmnxSSHServerKexListTableLstChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tmnxSSHServerKexListTableLstChgd indicates the timestamp of the last change to the tmnxSSHServerKexListTable. A value of zero indicates that no changes were made to this table since the system was last initialized." ::= { tmnxSecurityObjects 41 } tmnxSSHServerKexListTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxSSHServerKexListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to configure the ordered list of KEXs allowed for SSH protocol version 2 by the SSH server." ::= { tmnxSecurityObjects 42 } tmnxSSHServerKexListEntry OBJECT-TYPE SYNTAX TmnxSSHServerKexListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single KEX algorithm in the KEX list." INDEX { tmnxSSHServerKexListIndex } ::= { tmnxSSHServerKexListTable 1 } TmnxSSHServerKexListEntry ::= SEQUENCE { tmnxSSHServerKexListIndex Unsigned32, tmnxSSHServerKexListLastChanged TimeStamp, tmnxSSHServerKexListRowStatus RowStatus, tmnxSSHServerKexListNumber TSSHKexNumber } tmnxSSHServerKexListIndex OBJECT-TYPE SYNTAX Unsigned32 (1..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the object tmnxSSHServerKexListIndex specifies the position of this KEX in the KEX list." ::= { tmnxSSHServerKexListEntry 1 } tmnxSSHServerKexListLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tmnxSSHServerKexListLastChanged is the timestamp of last change to this entry." ::= { tmnxSSHServerKexListEntry 2 } tmnxSSHServerKexListRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxSSHServerKexListRowStatus specifies the row status of this entry. Only values 'active(1)', 'createAndGo(4)' and 'destroy(6)' are supported." ::= { tmnxSSHServerKexListEntry 3 } tmnxSSHServerKexListNumber OBJECT-TYPE SYNTAX TSSHKexNumber MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxSSHServerKexListNumber specifies the KEX algorithm." ::= { tmnxSSHServerKexListEntry 4 } tmnxSSHClientKexListTableLstChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tmnxSSHClientKexListTableLstChgd indicates the timestamp of the last change to the tmnxSSHServerKexListTable. A value of zero indicates that no changes were made to this table since the system was last initialized." ::= { tmnxSecurityObjects 43 } tmnxSSHClientKexListTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxSSHClientKexListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to configure the ordered list of KEXs allowed for SSH protocol version 2 by the SSH client." ::= { tmnxSecurityObjects 44 } tmnxSSHClientKexListEntry OBJECT-TYPE SYNTAX TmnxSSHClientKexListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single KEX algorithm in the KEX list." INDEX { tmnxSSHClientKexListIndex } ::= { tmnxSSHClientKexListTable 1 } TmnxSSHClientKexListEntry ::= SEQUENCE { tmnxSSHClientKexListIndex Unsigned32, tmnxSSHClientKexListLastChanged TimeStamp, tmnxSSHClientKexListRowStatus RowStatus, tmnxSSHClientKexListNumber TSSHKexNumber } tmnxSSHClientKexListIndex OBJECT-TYPE SYNTAX Unsigned32 (1..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the object tmnxSSHClientKexListIndex specifies the position of this KEX in the KEX list." ::= { tmnxSSHClientKexListEntry 1 } tmnxSSHClientKexListLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tmnxSSHClientKexListLastChanged is the timestamp of last change to this entry." ::= { tmnxSSHClientKexListEntry 2 } tmnxSSHClientKexListRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxSSHClientKexListRowStatus specifies the row status of this entry. Only values 'active(1)', 'createAndGo(4)' and 'destroy(6)' are supported." ::= { tmnxSSHClientKexListEntry 3 } tmnxSSHClientKexListNumber OBJECT-TYPE SYNTAX TSSHKexNumber MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxSSHClientKexListNumber specifies the KEX algorithm." ::= { tmnxSSHClientKexListEntry 4 } tmnxSysSecurityMgmtIfOutputAuth OBJECT IDENTIFIER ::= { tmnxSecurityObjects 50 } tmnxMgmtIfOutAuthMdInterfaces OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxMgmtIfOutAuthMdInterfaces specifies whether output authorization is performed in all MD interfaces." DEFVAL { true } ::= { tmnxSysSecurityMgmtIfOutputAuth 1 } tmnxMgmtIfMDCliCmdAccntLoad OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxMgmtIfMDCliCmdAccntLoad specifies whether remote command accounting is performed during an MD-CLI load or rollback operation." DEFVAL { true } ::= { tmnxSysSecurityMgmtIfOutputAuth 2 } tmnxMgmtIfOutAuthTelData OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxMgmtIfOutAuthTelData specifies whether output authorization for telemetry data is performed." DEFVAL { false } ::= { tmnxSysSecurityMgmtIfOutputAuth 3 } tmnxSecurityConformance OBJECT IDENTIFIER ::= { tmnxSRConfs 22 } tmnxSecurityCompliances OBJECT IDENTIFIER ::= { tmnxSecurityConformance 1 } tmnxSecurity7450V4v0Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of security features on Nokia 7450 ESS series systems release R4.0." MODULE MANDATORY-GROUPS { tmnxSecurityUserGroup, tmnxSecurityMafR2r1Group, tmnxSecurityPasswordsR2r1Group, tmnxSecurityRadiusV4v0Group, tmnxSecurityTacPlusV4v0Group, tmnxSecurityServerCtlV4v0Group, tmnxSecurityCpmGroup, tmnxSecurityPasswordHashGroup, tmnxSecurityCpmIpFilterV3v0r2Group, tmnxSSHServerV4v0Group, tmnxSecurityNotificationGroup, tmnxSecuritySourceIpV4v0Group } ::= { tmnxSecurityCompliances 5 } tmnxSecurity7750V4v0Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of security features on Nokia 7750 SR series systems release R4.0." MODULE MANDATORY-GROUPS { tmnxSecurityUserV4v0Group, tmnxSecurityMafR2r1Group, tmnxSecurityPasswordsR2r1Group, tmnxSecurityRadiusV4v0Group, tmnxSecurityTacPlusV4v0Group, tmnxSecurityServerCtlV4v0Group, tmnxSecurityCpmGroup, tmnxSecurityPasswordHashGroup, tmnxSecurityCpmIpFilterV3v0r2Group, tmnxSecurityCpmIPv6FilterV4v0Group, tmnxSSHServerV4v0Group, tmnxSecurityNotificationGroup, tmnxSecuritySourceIpV4v0Group } ::= { tmnxSecurityCompliances 6 } tmnxSecurity7450V5v0Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of security features on Nokia 7450 ESS series systems release R5.0." MODULE MANDATORY-GROUPS { tmnxSecurityUserV4v0Group, tmnxSecurityMafR2r1Group, tmnxSecurityPasswordsR2r1Group, tmnxSecurityRadiusV5v0Group, tmnxSecurityTacPlusV5v0Group, tmnxSecurityServerCtlV4v0Group, tmnxSecurityCpmGroup, tmnxSecurityPasswordHashGroup, tmnxSecurityCpmIpFilterV5v0Group, tmnxSSHServerV4v0Group, tmnxSecurityNotificationV5v0Group, tmnxSecuritySourceIpV4v0Group, tmnxSecurityKeyChainV5v0Group, tmnxSecurityRadiusAuthV5v0Group } ::= { tmnxSecurityCompliances 7 } tmnxSecurity7750V5v0Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of security features on Nokia 7750/7710 SR series systems release R5.0." MODULE MANDATORY-GROUPS { tmnxSecurityUserV4v0Group, tmnxSecurityMafR2r1Group, tmnxSecurityPasswordsR2r1Group, tmnxSecurityRadiusV5v0Group, tmnxSecurityTacPlusV5v0Group, tmnxSecurityServerCtlV4v0Group, tmnxSecurityCpmGroup, tmnxSecurityPasswordHashGroup, tmnxSecurityCpmIpFilterV5v0Group, tmnxSecurityCpmIPv6FilterV4v0Group, tmnxSSHServerV4v0Group, tmnxSecurityNotificationV5v0Group, tmnxSecuritySourceIpV4v0Group, tmnxSecurityKeyChainV5v0Group, tmnxSecurityRadiusAuthV5v0Group } ::= { tmnxSecurityCompliances 8 } tmnxSecurity7450V6v0Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of security features on Nokia 7450 ESS series systems release R6.0." MODULE MANDATORY-GROUPS { tmnxSecurityUserV6v0Group, tmnxSecurityMafV6v0Group, tmnxSecurityPasswordsV6v0Group, tmnxSecurityRadiusV5v0Group, tmnxSecurityTacPlusV6v0Group, tmnxSecurityServerCtlV4v0Group, tmnxSecurityCpmGroup, tmnxSecurityPasswordHashGroup, tmnxSecurityCpmIpFilterV5v0Group, tmnxSSHServerV4v0Group, tmnxSecurityNotificationV5v0Group, tmnxSecuritySourceIpV4v0Group, tmnxSecurityKeyChainV5v0Group, tmnxSecurityCpmProtectGroup, tmnxSecurityLiGroup, tmnxSecurityCpmProtNotificationGroup } ::= { tmnxSecurityCompliances 9 } tmnxSecurity7750V6v0Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of security features on Nokia 7750/7710 SR series systems release R6.0." MODULE MANDATORY-GROUPS { tmnxSecurityUserV6v0Group, tmnxSecurityMafV6v0Group, tmnxSecurityPasswordsV6v0Group, tmnxSecurityRadiusV5v0Group, tmnxSecurityTacPlusV6v0Group, tmnxSecurityServerCtlV4v0Group, tmnxSecurityCpmGroup, tmnxSecurityPasswordHashGroup, tmnxSecurityCpmIpFilterV5v0Group, tmnxSecurityCpmIPv6FilterV4v0Group, tmnxSSHServerV4v0Group, tmnxSecurityNotificationV5v0Group, tmnxSecuritySourceIpV4v0Group, tmnxSecurityKeyChainV5v0Group, tmnxSecurityCpmProtectGroup, tmnxSecurityLiGroup, tmnxSecurityCpmProtNotificationGroup } ::= { tmnxSecurityCompliances 10 } tmnxSecurity7450V6v1Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of security features on Nokia 7450 ESS series systems release R6.1." MODULE MANDATORY-GROUPS { tmnxSecurityUserV6v0Group, tmnxSecurityMafV6v0Group, tmnxSecurityPasswordsV6v0Group, tmnxSecurityRadiusV5v0Group, tmnxSecurityTacPlusV6v0Group, tmnxSecurityServerCtlV4v0Group, tmnxSecurityCpmGroup, tmnxSecurityPasswordHashGroup, tmnxSecurityCpmIpFilterV5v0Group, tmnxSSHServerV4v0Group, tmnxSecurityNotificationV5v0Group, tmnxSecuritySourceIpV4v0Group, tmnxSecurityKeyChainV5v0Group, tmnxSecurityCpmProtectGroup, tmnxSecurityLiGroup, tmnxSecurityCpmProtNotificationGroup, tmnxSecurityCpmMacFilterGroup, tmnxSecurityMafMacFilterGroup } ::= { tmnxSecurityCompliances 11 } tmnxSecurity7750V6v1Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of security features on Nokia 7750/7710 SR series systems release R6.1." MODULE MANDATORY-GROUPS { tmnxSecurityUserV6v0Group, tmnxSecurityMafV6v0Group, tmnxSecurityPasswordsV6v0Group, tmnxSecurityRadiusV5v0Group, tmnxSecurityTacPlusV6v0Group, tmnxSecurityServerCtlV4v0Group, tmnxSecurityCpmGroup, tmnxSecurityPasswordHashGroup, tmnxSecurityCpmIpFilterV5v0Group, tmnxSecurityCpmIPv6FilterV4v0Group, tmnxSSHServerV4v0Group, tmnxSecurityNotificationV5v0Group, tmnxSecuritySourceIpV4v0Group, tmnxSecurityKeyChainV5v0Group, tmnxSecurityCpmProtectGroup, tmnxSecurityLiGroup, tmnxSecurityCpmProtNotificationGroup, tmnxSecurityCpmMacFilterGroup, tmnxSecurityMafMacFilterGroup } ::= { tmnxSecurityCompliances 12 } tmnxSecurity7450V7v0Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of security features on Nokia 7450 ESS series systems release R7.0." MODULE MANDATORY-GROUPS { tmnxSecurityUserV6v0Group, tmnxSecurityMafV6v0Group, tmnxSecurityPasswordsV6v0Group, tmnxSecurityRadiusV5v0Group, tmnxSecurityTacPlusV6v0Group, tmnxSecurityServerCtlV4v0Group, tmnxSecurityCpmGroup, tmnxSecurityPasswordHashGroup, tmnxSecurityCpmIpFilterV5v0Group, tmnxSSHServerV4v0Group, tmnxSecurityNotificationV5v0Group, tmnxSecuritySourceIpV4v0Group, tmnxSecurityKeyChainV5v0Group, tmnxSecurityCpmProtectGroup, tmnxSecurityLiGroup, tmnxSecurityCpmProtNotificationGroup, tmnxSecurityCpmMacFilterGroup, tmnxSecurityMafMacFilterGroup, tmnxSecurityRadiusAuthV5v0Group, tmnxSecurityV7v0Group } ::= { tmnxSecurityCompliances 13 } tmnxSecurity7750V7v0Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of security features on Nokia 7750/7710 SR series systems release R7.0." MODULE MANDATORY-GROUPS { tmnxSecurityUserV6v0Group, tmnxSecurityMafV6v0Group, tmnxSecurityPasswordsV6v0Group, tmnxSecurityRadiusV5v0Group, tmnxSecurityTacPlusV6v0Group, tmnxSecurityServerCtlV4v0Group, tmnxSecurityCpmGroup, tmnxSecurityPasswordHashGroup, tmnxSecurityCpmIpFilterV5v0Group, tmnxSecurityCpmIPv6FilterV4v0Group, tmnxSSHServerV4v0Group, tmnxSecurityNotificationV5v0Group, tmnxSecuritySourceIpV4v0Group, tmnxSecurityKeyChainV5v0Group, tmnxSecurityCpmProtectGroup, tmnxSecurityLiGroup, tmnxSecurityCpmProtNotificationGroup, tmnxSecurityCpmMacFilterGroup, tmnxSecurityMafMacFilterGroup, tmnxSecurityRadiusAuthV5v0Group, tmnxSecurityV7v0Group, tmnxSecurityCpmProtNotifyV7v0Grp } ::= { tmnxSecurityCompliances 14 } tmnxSecurity7450V8v0Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of security features on Nokia 7450 ESS series systems release R8.0." MODULE MANDATORY-GROUPS { tmnxSecurityUserV6v0Group, tmnxSecurityMafV6v0Group, tmnxSecurityPasswordsV6v0Group, tmnxSecurityRadiusV5v0Group, tmnxSecurityTacPlusV8v0Group, tmnxSecurityServerCtlV4v0Group, tmnxSecurityCpmGroup, tmnxSecurityPasswordHashGroup, tmnxSecurityCpmIpFilterV5v0Group, tmnxSSHServerV4v0Group, tmnxSecurityNotificationV5v0Group, tmnxSecuritySourceIpV4v0Group, tmnxSecurityKeyChainV5v0Group, tmnxSecurityCpmProtectGroup, tmnxSecurityLiGroup, tmnxSecurityCpmProtNotificationGroup, tmnxSecurityCpmMacFilterGroup, tmnxSecurityMafMacFilterGroup, tmnxSecurityRadiusAuthV5v0Group, tmnxSecurityV7v0Group, tmnxSecurityNotifyObjsV8v0Group, tmnxSecurityNotificationV8v0Grp, tmnxCpmProtEthCfmPolV8v0Grp, tmnxCpmProtPolV8v0Grp, tmnxCpmProtPolNotifyV8v0Grp } ::= { tmnxSecurityCompliances 15 } tmnxSecurity7710V8v0Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of security features on Nokia 7710 SR series systems release R8.0." MODULE MANDATORY-GROUPS { tmnxSecurityUserV6v0Group, tmnxSecurityMafV6v0Group, tmnxSecurityPasswordsV6v0Group, tmnxSecurityRadiusV5v0Group, tmnxSecurityTacPlusV8v0Group, tmnxSecurityServerCtlV4v0Group, tmnxSecurityCpmGroup, tmnxSecurityPasswordHashGroup, tmnxSecurityCpmIpFilterV5v0Group, tmnxSecurityCpmIPv6FilterV4v0Group, tmnxSSHServerV4v0Group, tmnxSecurityNotificationV5v0Group, tmnxSecuritySourceIpV4v0Group, tmnxSecurityKeyChainV5v0Group, tmnxSecurityLiGroup, tmnxSecurityCpmMacFilterGroup, tmnxSecurityMafMacFilterGroup, tmnxSecurityRadiusAuthV5v0Group, tmnxSecurityNotifyObjsV8v0Group, tmnxSecurityNotificationV8v0Grp } ::= { tmnxSecurityCompliances 16 } tmnxSecurity7750V8v0Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of security features on Nokia 7750 SR series systems release R8.0." MODULE MANDATORY-GROUPS { tmnxSecurityUserV6v0Group, tmnxSecurityMafV6v0Group, tmnxSecurityPasswordsV6v0Group, tmnxSecurityRadiusV5v0Group, tmnxSecurityTacPlusV8v0Group, tmnxSecurityServerCtlV4v0Group, tmnxSecurityCpmGroup, tmnxSecurityPasswordHashGroup, tmnxSecurityCpmIpFilterV5v0Group, tmnxSecurityCpmIPv6FilterV4v0Group, tmnxSSHServerV4v0Group, tmnxSecurityNotificationV5v0Group, tmnxSecuritySourceIpV4v0Group, tmnxSecurityKeyChainV5v0Group, tmnxSecurityCpmProtectGroup, tmnxSecurityLiGroup, tmnxSecurityCpmProtNotificationGroup, tmnxSecurityCpmMacFilterGroup, tmnxSecurityMafMacFilterGroup, tmnxSecurityRadiusAuthV5v0Group, tmnxSecurityV7v0Group, tmnxSecurityCpmProtNotifyV7v0Grp, tmnxSecurityNotifyObjsV8v0Group, tmnxSecurityNotificationV8v0Grp, tmnxCpmProtEthCfmPolV8v0Grp, tmnxCpmProtPolV8v0Grp, tmnxCpmProtPolNotifyV8v0Grp } ::= { tmnxSecurityCompliances 17 } tmnxSecurity7450V9v0Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of security features on Nokia 7450 ESS series systems release R9.0." MODULE MANDATORY-GROUPS { tmnxSecurityUserV6v0Group, tmnxSecurityMafV6v0Group, tmnxSecurityPasswordsV6v0Group, tmnxSecurityRadiusV5v0Group, tmnxSecurityTacPlusV8v0Group, tmnxSecurityServerCtlV4v0Group, tmnxSecurityCpmGroup, tmnxSecurityPasswordHashGroup, tmnxSecurityCpmIpFilterV5v0Group, tmnxSSHServerV4v0Group, tmnxSecurityNotificationV5v0Group, tmnxSecuritySourceIpV4v0Group, tmnxSecurityKeyChainV5v0Group, tmnxSecurityCpmProtectGroup, tmnxSecurityLiGroup, tmnxSecurityCpmProtNotificationGroup, tmnxSecurityCpmMacFilterGroup, tmnxSecurityMafMacFilterGroup, tmnxSecurityRadiusAuthV5v0Group, tmnxSecurityV7v0Group, tmnxSecurityNotifyObjsV8v0Group, tmnxSecurityNotificationV8v0Grp, tmnxCpmProtEthCfmPolV8v0Grp, tmnxCpmProtPolV8v0Grp, tmnxCpmProtPolNotifyV8v0Grp, tmnxSecPkiV9v0Grp, tmnxSecurityNwExceptionsGroup, tmnxRadiusUserGroup, tmnxRadiusUserExGroup, tmnxCpmProtExcdSapIpV9v0Group, tmnxCpmProtPolNotifyV9v0Group } ::= { tmnxSecurityCompliances 18 } tmnxSecurity7710V9v0Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of security features on Nokia 7710 SR series systems release R9.0." MODULE MANDATORY-GROUPS { tmnxSecurityUserV6v0Group, tmnxSecurityMafV6v0Group, tmnxSecurityPasswordsV6v0Group, tmnxSecurityRadiusV5v0Group, tmnxSecurityTacPlusV8v0Group, tmnxSecurityServerCtlV4v0Group, tmnxSecurityCpmGroup, tmnxSecurityPasswordHashGroup, tmnxSecurityCpmIpFilterV5v0Group, tmnxSecurityCpmIPv6FilterV4v0Group, tmnxSSHServerV4v0Group, tmnxSecurityNotificationV5v0Group, tmnxSecuritySourceIpV4v0Group, tmnxSecurityKeyChainV5v0Group, tmnxSecurityLiGroup, tmnxSecurityCpmMacFilterGroup, tmnxSecurityMafMacFilterGroup, tmnxSecurityRadiusAuthV5v0Group, tmnxSecurityNotifyObjsV8v0Group, tmnxSecurityNotificationV8v0Grp, tmnxSecPkiV9v0Grp, tmnxSecurityNwExceptionsGroup, tmnxRadiusUserGroup, tmnxRadiusUserExGroup } ::= { tmnxSecurityCompliances 19 } tmnxSecurity7750V9v0Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of security features on Nokia 7750 SR series systems release R9.0." MODULE MANDATORY-GROUPS { tmnxSecurityUserV6v0Group, tmnxSecurityMafV6v0Group, tmnxSecurityPasswordsV6v0Group, tmnxSecurityRadiusV5v0Group, tmnxSecurityTacPlusV8v0Group, tmnxSecurityServerCtlV4v0Group, tmnxSecurityCpmGroup, tmnxSecurityPasswordHashGroup, tmnxSecurityCpmIpFilterV5v0Group, tmnxSecurityCpmIPv6FilterV4v0Group, tmnxSSHServerV4v0Group, tmnxSecurityNotificationV5v0Group, tmnxSecuritySourceIpV4v0Group, tmnxSecurityKeyChainV5v0Group, tmnxSecurityCpmProtectGroup, tmnxSecurityLiGroup, tmnxSecurityCpmProtNotificationGroup, tmnxSecurityCpmMacFilterGroup, tmnxSecurityMafMacFilterGroup, tmnxSecurityRadiusAuthV5v0Group, tmnxSecurityV7v0Group, tmnxSecurityCpmProtNotifyV7v0Grp, tmnxSecurityNotifyObjsV8v0Group, tmnxSecurityNotificationV8v0Grp, tmnxCpmProtEthCfmPolV8v0Grp, tmnxCpmProtPolV8v0Grp, tmnxCpmProtPolNotifyV8v0Grp, tmnxSecPkiV9v0Grp, tmnxSecurityNwExceptionsGroup, tmnxRadiusUserGroup, tmnxRadiusUserExGroup, tmnxCpmProtExcdSapIpV9v0Group, tmnxCpmProtPolNotifyV9v0Group } ::= { tmnxSecurityCompliances 20 } tmnxSecurity7450V10v0Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of security features on Nokia 7450 ESS series systems release R10.0." MODULE MANDATORY-GROUPS { tmnxSecurityUserV6v0Group, tmnxSecurityUserActionGroup, tmnxSecurityMafV6v0Group, tmnxSecurityPasswordsV6v0Group, tmnxSecurityRadiusV5v0Group, tmnxSecurityTacPlusV8v0Group, tmnxSecurityServerCtlV4v0Group, tmnxSecurityCpmGroup, tmnxSecurityPasswordHashGroup, tmnxSecurityCpmIpFilterV5v0Group, tmnxSSHServerV4v0Group, tmnxSecurityNotificationV5v0Group, tmnxSecuritySourceIpV4v0Group, tmnxSecurityKeyChainV5v0Group, tmnxSecurityCpmProtectGroup, tmnxSecurityLiGroup, tmnxSecurityCpmProtNotificationGroup, tmnxSecurityCpmMacFilterGroup, tmnxSecurityMafMacFilterGroup, tmnxSecurityRadiusAuthV5v0Group, tmnxSecurityV7v0Group, tmnxSecurityNotifyObjsV8v0Group, tmnxSecurityNotificationV8v0Grp, tmnxCpmProtEthCfmPolV8v0Grp, tmnxCpmProtPolV8v0Grp, tmnxCpmProtPolNotifyV8v0Grp, tmnxSecPkiV9v0Grp, tmnxSecurityNwExceptionsGroup, tmnxCertNotifyGroup, tmnxRadiusUserGroup, tmnxRadiusUserExGroup, tmnxCpmProtExcdSapIpV9v0Group, tmnxCpmProtPolNotifyV9v0Group, tmnxCpmFltrPrefixListV10v0Group, tmnxSecTechGroup } ::= { tmnxSecurityCompliances 21 } tmnxSecurity7710V10v0Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of security features on Nokia 7710 SR series systems release R10.0." MODULE MANDATORY-GROUPS { tmnxSecurityUserV6v0Group, tmnxSecurityUserActionGroup, tmnxSecurityMafV6v0Group, tmnxSecurityPasswordsV6v0Group, tmnxSecurityRadiusV5v0Group, tmnxSecurityTacPlusV8v0Group, tmnxSecurityServerCtlV4v0Group, tmnxSecurityCpmGroup, tmnxSecurityPasswordHashGroup, tmnxSecurityCpmIpFilterV5v0Group, tmnxSecurityCpmIPv6FilterV4v0Group, tmnxSSHServerV4v0Group, tmnxSecurityNotificationV5v0Group, tmnxSecuritySourceIpV4v0Group, tmnxSecurityKeyChainV5v0Group, tmnxSecurityLiGroup, tmnxSecurityCpmMacFilterGroup, tmnxSecurityMafMacFilterGroup, tmnxSecurityRadiusAuthV5v0Group, tmnxSecurityNotifyObjsV8v0Group, tmnxSecurityNotificationV8v0Grp, tmnxSecPkiV9v0Grp, tmnxSecurityNwExceptionsGroup, tmnxCertNotifyGroup, tmnxRadiusUserGroup, tmnxRadiusUserExGroup, tmnxCpmFltrPrefixListV10v0Group, tmnxSecTechGroup } ::= { tmnxSecurityCompliances 22 } tmnxSecurity7750V10v0Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of security features on Nokia 7750 SR series systems release R10.0." MODULE MANDATORY-GROUPS { tmnxSecurityUserV6v0Group, tmnxSecurityUserActionGroup, tmnxSecurityMafV6v0Group, tmnxSecurityPasswordsV6v0Group, tmnxSecurityRadiusV5v0Group, tmnxSecurityTacPlusV8v0Group, tmnxSecurityServerCtlV4v0Group, tmnxSecurityCpmGroup, tmnxSecurityPasswordHashGroup, tmnxSecurityCpmIpFilterV5v0Group, tmnxSecurityCpmIPv6FilterV4v0Group, tmnxSSHServerV4v0Group, tmnxSecurityNotificationV5v0Group, tmnxSecuritySourceIpV4v0Group, tmnxSecurityKeyChainV5v0Group, tmnxSecurityCpmProtectGroup, tmnxSecurityLiGroup, tmnxSecurityCpmProtNotificationGroup, tmnxSecurityCpmMacFilterGroup, tmnxSecurityMafMacFilterGroup, tmnxSecurityRadiusAuthV5v0Group, tmnxSecurityV7v0Group, tmnxSecurityCpmProtNotifyV7v0Grp, tmnxSecurityNotifyObjsV8v0Group, tmnxSecurityNotificationV8v0Grp, tmnxCpmProtEthCfmPolV8v0Grp, tmnxCpmProtPolV8v0Grp, tmnxCpmProtPolNotifyV8v0Grp, tmnxSecPkiV9v0Grp, tmnxSecurityNwExceptionsGroup, tmnxCertNotifyGroup, tmnxRadiusUserGroup, tmnxRadiusUserExGroup, tmnxCpmProtExcdSapIpV9v0Group, tmnxCpmProtPolNotifyV9v0Group, tmnxCpmFltrPrefixListV10v0Group, tmnxSecTechGroup } ::= { tmnxSecurityCompliances 23 } tmnxSecurityV11v0Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of security features on Nokia SR series systems release R11.0." MODULE MANDATORY-GROUPS { tmnxSecurityUserActionGroup, tmnxSecurityMafV6v0Group, tmnxSecurityPasswordsV6v0Group, tmnxSecurityPasswordsV11v0Group, tmnxSecurityRadiusV5v0Group, tmnxSecurityTacPlusV8v0Group, tmnxSecurityTacPlusV11v0Group, tmnxSecurityServerCtlV4v0Group, tmnxSecurityCpmGroup, tmnxSecurityPasswordHashGroup, tmnxSecurityCpmIpFilterV11v0Grp, tmnxSecurityCpmIPv6FltrV11v0Grp, tmnxSSHServerV4v0Group, tmnxSecurityNotificationV5v0Group, tmnxSecuritySourceIpV4v0Group, tmnxSecurityKeyChainV5v0Group, tmnxSecurityCpmProtectGroup, tmnxSecurityLiGroup, tmnxSecurityCpmProtNotificationGroup, tmnxSecurityCpmMacFilterGroup, tmnxSecurityMafMacFilterGroup, tmnxSecurityRadiusAuthV5v0Group, tmnxSecurityV7v0Group, tmnxSecurityCpmProtNotifyV7v0Grp, tmnxSecurityNotifyObjsV8v0Group, tmnxSecurityNotificationV8v0Grp, tmnxCpmProtEthCfmPolV8v0Grp, tmnxCpmProtPolV8v0Grp, tmnxCpmProtPolNotifyV8v0Grp, tmnxSecPkiV9v0Grp, tmnxSecurityNwExceptionsGroup, tmnxCertNotifyGroup, tmnxRadiusUserGroup, tmnxRadiusUserExGroup, tmnxRadiusUserExV11v0Group, tmnxCpmProtExcdSapIpV9v0Group, tmnxCpmProtPolNotifyV9v0Group, tmnxCAProfileV11v0Group, tmnxCpmFltrPrefixListV11v0Group, tmnxPkiCAProfNotifyV11v0Group, tmnxDistCpuProtectionV11v0Group, tmnxSecurityUserV12v0Group, tmnxCpmProtectionV11v0Group, tmnxSecTechGroup, tmnxSecurityNetconfV110Group, tCAProfCmpv2SetSndrV11v0Group } ::= { tmnxSecurityCompliances 24 } tmnxSecurityV12v0Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of security features on Nokia SR series systems release R12.0." MODULE MANDATORY-GROUPS { tmnxSecurityUserV12v0Group, tmnxSecurityUserActionGroup, tmnxSecurityMafV6v0Group, tmnxSecurityPasswordsV12v0Group, tmnxSecurityRadiusV5v0Group, tmnxSecurityTacPlusV8v0Group, tmnxSecurityTacPlusV11v0Group, tmnxSecurityServerCtlV4v0Group, tmnxSecurityCpmGroup, tmnxSecurityPasswordHashGroup, tmnxSecurityCpmIpFilterV11v0Grp, tmnxSecurityCpmIPv6FltrV11v0Grp, tmnxSSHServerV4v0Group, tmnxSecurityNotificationV5v0Group, tmnxSecuritySourceIpV4v0Group, tmnxSecurityKeyChainV5v0Group, tmnxSecurityKeyChainV12v0Group, tmnxSecurityCpmProtectGroup, tmnxSecurityLiGroup, tmnxSecurityCpmProtNotificationGroup, tmnxSecurityCpmMacFilterGroup, tmnxSecurityMafMacFilterGroup, tmnxSecurityRadiusAuthV5v0Group, tmnxSecurityV7v0Group, tmnxSecurityCpmProtNotifyV7v0Grp, tmnxSecurityNotifyObjsV8v0Group, tmnxSecurityNotificationV8v0Grp, tmnxSecurityNotifyObjsV12v0Group, tmnxSecurityNotificationV12v0Grp, tmnxCpmProtEthCfmPolV8v0Grp, tmnxCpmProtPolV8v0Grp, tmnxCpmProtPolNotifyV8v0Grp, tmnxSecPkiV9v0Grp, tmnxSecurityNwExceptionsGroup, tmnxCertNotifyGroup, tmnxRadiusUserGroup, tmnxRadiusUserExGroup, tmnxRadiusUserExV11v0Group, tmnxCpmProtExcdSapIpV9v0Group, tmnxCpmProtPolNotifyV9v0Group, tmnxCAProfileV11v0Group, tmnxCpmFltrPrefixListV11v0Group, tmnxPkiCAProfNotifyV11v0Group, tmnxDistCpuProtectionV11v0Group, tmnxCpmProtectionV11v0Group, tmnxSecurityCpmProtV12v0Group, tmnxSecCpmProtNotifyV12v0Grp, tmnxSecCpmProtNotifyObjsV12v0Grp, tmnxSecTechGroup, tmnxSecurityNetconfV110Group, tmnxChainSecurityNotifyObjsGroup, tCAProfCmpv2SetSndrV11v0Group, tmnxSecurityPublicKeyGroup, tmnxSecuritySSHCipherGroup, tCAProfCmpv2HttpVerV12v0Group, tmnxPkiCertDispFmtV12v0Group, tmnxSecurityProfRateV12v0Group, tmnxSecCpmProtProtocolV12v0Group, tmnxPkiCAProfRevokeChkGroup, tmnxSecPwdHistNotifyObjsV12v0Grp, tmnxSecPwdHistNotifV12v0Grp } ::= { tmnxSecurityCompliances 25 } tmnxSecurityV13v0Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of security features on Nokia SR series systems release R13.0." MODULE MANDATORY-GROUPS { tmnxSecurityUserV12v0Group, tmnxSecurityUserActionGroup, tmnxSecurityMafV6v0Group, tmnxSecurityPasswordsV12v0Group, tmnxSecurityRadiusV5v0Group, tmnxSecurityTacPlusV8v0Group, tmnxSecurityTacPlusV11v0Group, tmnxSecurityServerCtlV4v0Group, tmnxSecurityCpmGroup, tmnxSecurityPasswordHashGroup, tmnxSecurityCpmIpFilterV11v0Grp, tmnxSecurityCpmIPv6FltrV11v0Grp, tmnxSSHServerV4v0Group, tmnxSecurityNotificationV5v0Group, tmnxSecuritySourceIpV4v0Group, tmnxSecurityKeyChainV5v0Group, tmnxSecurityKeyChainV12v0Group, tmnxSecurityKeyChainV13v0Group, tmnxSecurityCpmProtectGroup, tmnxSecurityLiGroup, tmnxSecurityCpmProtNotificationGroup, tmnxSecurityCpmMacFilterGroup, tmnxSecurityMafMacFilterGroup, tmnxSecurityRadiusAuthV5v0Group, tmnxSecurityV7v0Group, tmnxSecurityCpmProtNotifyV7v0Grp, tmnxSecurityNotifyObjsV8v0Group, tmnxSecurityNotificationV8v0Grp, tmnxSecurityNotifyObjsV12v0Group, tmnxSecurityNotificationV12v0Grp, tmnxCpmProtEthCfmPolV8v0Grp, tmnxCpmProtPolV8v0Grp, tmnxCpmProtPolNotifyV8v0Grp, tmnxSecPkiV9v0Grp, tmnxSecurityNwExceptionsGroup, tmnxCertNotifyGroup, tmnxRadiusUserGroup, tmnxRadiusUserExGroup, tmnxRadiusUserExV11v0Group, tmnxCpmProtExcdSapIpV9v0Group, tmnxCpmProtPolNotifyV9v0Group, tmnxCAProfileV11v0Group, tmnxCpmFltrPrefixListV11v0Group, tmnxPkiCAProfNotifyV11v0Group, tmnxDistCpuProtectionV11v0Group, tmnxCpmProtectionV11v0Group, tmnxSecurityCpmProtV12v0Group, tmnxSecCpmProtNotifyV12v0Grp, tmnxSecCpmProtNotifyObjsV12v0Grp, tmnxSecTechGroup, tmnxSecurityNetconfV110Group, tmnxChainSecurityNotifyObjsGroup, tCAProfCmpv2SetSndrV11v0Group, tmnxSecurityPublicKeyGroup, tmnxSecuritySSHCipherGroup, tCAProfCmpv2HttpVerV12v0Group, tmnxPkiCertDispFmtV12v0Group, tmnxSecurityProfRateV12v0Group, tmnxSecCpmProtProtocolV12v0Group, tmnxPkiCAProfRevokeChkGroup, tmnxPkiCAProf13v0Group, tmnxCliScriptAuthUserV13v0Group, tmnxSecurityNotifyObjsV13v0Group, tmnxCertExpNotificationV13v0Grp, tmnxCertExpWarningV13v0Group, tmnxSecurityRadiusV13v0Group, tmnxSecCertRldNotifyObjsV13v0Grp, tmnxCertRldNotificationV13v0Grp, tmnxPkiCAProfAtCrlUpdV13v0Group, tmnxCliSessionGroupV13v0Group, tmnxSecPwdHistNotifyObjsV12v0Grp, tmnxSecPwdHistNotifV12v0Grp, tmnxSecVsdGroup, tmnxSessLimNotifyV13v0Grp } ::= { tmnxSecurityCompliances 26 } tmnxSecurityV14v0Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of security features on Nokia SR series systems release R14.0." MODULE MANDATORY-GROUPS { tmnxSecurityUserV12v0Group, tmnxSecurityUserActionGroup, tmnxSecurityMafV6v0Group, tmnxSecurityPasswordsV12v0Group, tmnxSecurityRadiusV14v0Group, tmnxSecurityTacPlusV11v0Group, tmnxSecurityTacPlusV14v0Group, tmnxSecurityServerCtlV4v0Group, tmnxSecurityCpmGroup, tmnxSecurityPasswordHashGroup, tmnxSecurityCpmIpFilterV11v0Grp, tmnxSecurityCpmIPv6FltrV11v0Grp, tmnxSSHServerV4v0Group, tmnxSecurityNotificationV5v0Group, tmnxSecuritySourceIpV4v0Group, tmnxSecurityKeyChainV5v0Group, tmnxSecurityKeyChainV12v0Group, tmnxSecurityKeyChainV13v0Group, tmnxSecurityCpmProtectGroup, tmnxSecurityLiGroup, tmnxSecurityCpmProtNotificationGroup, tmnxSecurityCpmMacFilterGroup, tmnxSecurityMafMacFilterGroup, tmnxSecurityRadiusAuthV5v0Group, tmnxSecurityV7v0Group, tmnxSecurityCpmProtNotifyV7v0Grp, tmnxSecurityNotifyObjsV8v0Group, tmnxSecurityNotificationV8v0Grp, tmnxSecurityNotifyObjsV12v0Group, tmnxSecurityNotificationV12v0Grp, tmnxCpmProtEthCfmPolV8v0Grp, tmnxCpmProtPolV8v0Grp, tmnxCpmProtPolNotifyV8v0Grp, tmnxSecPkiV9v0Grp, tmnxSecurityNwExceptionsGroup, tmnxCertNotifyGroup, tmnxRadiusUserGroup, tmnxRadiusUserExGroup, tmnxRadiusUserExV11v0Group, tmnxCpmProtExcdSapIpV9v0Group, tmnxCpmProtPolNotifyV9v0Group, tmnxCAProfileV11v0Group, tmnxCpmFltrPrefixListV11v0Group, tmnxPkiCAProfNotifyV11v0Group, tmnxDistCpuProtectionV11v0Group, tmnxCpmProtectionV11v0Group, tmnxSecurityCpmProtV12v0Group, tmnxSecCpmProtNotifyV12v0Grp, tmnxSecCpmProtNotifyObjsV12v0Grp, tmnxSecTechGroup, tmnxSecurityNetconfV110Group, tmnxChainSecurityNotifyObjsGroup, tCAProfCmpv2SetSndrV11v0Group, tmnxSecurityPublicKeyGroup, tmnxSecuritySSHCipherGroup, tCAProfCmpv2HttpVerV12v0Group, tmnxPkiCertDispFmtV12v0Group, tmnxSecurityProfRateV12v0Group, tmnxSecCpmProtProtocolV12v0Group, tmnxPkiCAProfRevokeChkGroup, tmnxPkiCAProf13v0Group, tmnxCliScriptAuthUserV13v0Group, tmnxSecurityNotifyObjsV13v0Group, tmnxCertExpNotificationV13v0Grp, tmnxCertExpWarningV13v0Group, tmnxSecurityRadiusV13v0Group, tmnxSecCertRldNotifyObjsV13v0Grp, tmnxCertRldNotificationV13v0Grp, tmnxPkiCAProfAtCrlUpdV13v0Group, tmnxCliSessionGroupV13v0Group, tmnxSecPwdHistNotifyObjsV12v0Grp, tmnxSecPwdHistNotifV12v0Grp, tmnxSecVsdGroup, tmnxSessLimNotifyV13v0Grp, tmnxLogMaxAttNotifyV14v0Grp, tmnxSecuritySSHv2PubKeyV14v0Grp, tmnxPkiCAProfCrlSizeLimtV14v0Grp, tmnxSecurityNetconfLockV14v0Grp, tmnxSecurityPasswordsV14v0Group, tmnxSecNotifyObjsV14v0Group, tmnxCertNotifyV14v0Group, tmnxSecurityGrpcV15v0Grp, tmnxPkiCNV15v0Grp, tmnxSecuritySSHMacListV15v0Group, tmnxSecuritySSHKeyReExV15v0Group } ::= { tmnxSecurityCompliances 27 } tmnxSecurityV15v1Compliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for management of security features on Nokia SR series systems release R15.1." MODULE MANDATORY-GROUPS { tmnxSecUserV15v1Group, tmnxCAProfileV15v1Group, tmnxLogMaxAttNotifyV15v1Grp, tmnxSecurityMafMacFilterGroup } ::= { tmnxSecurityCompliances 28 } tmnxSecurityV16v0Compliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for management of security features on Nokia SR series systems release R16.0." MODULE MANDATORY-GROUPS { tmnxSecurityGrpcV16v0Grp, tmnxHashControlV16v0Group, tmnxServerAccessCtlV16v0Group, tmnxPkiV16v0Group, tmnxCAProfileV16v0Group } ::= { tmnxSecurityCompliances 29 } tmnxSecurityV19v0Compliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for management of security features on Nokia SR series systems release R19.0." MODULE MANDATORY-GROUPS { tmnxSecurityUserActionGroup, tmnxSecurityMafV6v0Group, tmnxSecurityPasswordsV12v0Group, tmnxSecurityRadiusV14v0Group, tmnxSecurityTacPlusV11v0Group, tmnxSecurityTacPlusV14v0Group, tmnxSecurityServerCtlV4v0Group, tmnxSecurityCpmGroup, tmnxSecurityPasswordHashGroup, tmnxSecurityCpmIpFilterV11v0Grp, tmnxSecurityCpmIPv6FltrV11v0Grp, tmnxSSHServerV4v0Group, tmnxSecurityNotificationV5v0Group, tmnxSecuritySourceIpV4v0Group, tmnxSecurityKeyChainV5v0Group, tmnxSecurityKeyChainV12v0Group, tmnxSecurityKeyChainV13v0Group, tmnxSecurityCpmProtectGroup, tmnxSecurityLiGroup, tmnxSecurityCpmProtNotificationGroup, tmnxSecurityCpmMacFilterGroup, tmnxSecurityMafMacFilterGroup, tmnxSecurityRadiusAuthV5v0Group, tmnxSecurityV7v0Group, tmnxSecurityCpmProtNotifyV7v0Grp, tmnxSecurityNotifyObjsV8v0Group, tmnxSecurityNotificationV8v0Grp, tmnxSecurityNotifyObjsV12v0Group, tmnxSecurityNotificationV12v0Grp, tmnxCpmProtEthCfmPolV8v0Grp, tmnxCpmProtPolV8v0Grp, tmnxCpmProtPolNotifyV8v0Grp, tmnxSecPkiV9v0Grp, tmnxSecurityNwExceptionsGroup, tmnxCertNotifyGroup, tmnxRadiusUserGroup, tmnxRadiusUserExGroup, tmnxRadiusUserExV11v0Group, tmnxCpmProtExcdSapIpV9v0Group, tmnxCpmProtPolNotifyV9v0Group, tmnxCAProfileV11v0Group, tmnxCpmFltrPrefixListV11v0Group, tmnxPkiCAProfNotifyV11v0Group, tmnxDistCpuProtectionV11v0Group, tmnxCpmProtectionV11v0Group, tmnxSecurityCpmProtV12v0Group, tmnxSecCpmProtNotifyV12v0Grp, tmnxSecCpmProtNotifyObjsV12v0Grp, tmnxSecTechGroup, tmnxSecurityNetconfV110Group, tmnxChainSecurityNotifyObjsGroup, tCAProfCmpv2SetSndrV11v0Group, tmnxSecurityPublicKeyGroup, tmnxSecuritySSHCipherGroup, tCAProfCmpv2HttpVerV12v0Group, tmnxPkiCertDispFmtV12v0Group, tmnxSecurityProfRateV12v0Group, tmnxSecCpmProtProtocolV12v0Group, tmnxPkiCAProfRevokeChkGroup, tmnxPkiCAProf13v0Group, tmnxCliScriptAuthUserV13v0Group, tmnxSecurityNotifyObjsV13v0Group, tmnxCertExpNotificationV13v0Grp, tmnxCertExpWarningV13v0Group, tmnxSecurityRadiusV13v0Group, tmnxSecCertRldNotifyObjsV13v0Grp, tmnxCertRldNotificationV13v0Grp, tmnxPkiCAProfAtCrlUpdV13v0Group, tmnxCliSessionGroupV13v0Group, tmnxSecPwdHistNotifyObjsV12v0Grp, tmnxSecPwdHistNotifV12v0Grp, tmnxSecVsdGroup, tmnxSessLimNotifyV13v0Grp, tmnxLogMaxAttNotifyV14v0Grp, tmnxSecuritySSHv2PubKeyV14v0Grp, tmnxPkiCAProfCrlSizeLimtV14v0Grp, tmnxSecurityNetconfLockV14v0Grp, tmnxSecurityPasswordsV14v0Group, tmnxSecNotifyObjsV14v0Group, tmnxCertNotifyV14v0Group, tmnxSecurityGrpcV15v0Grp, tmnxPkiCNV15v0Grp, tmnxSecuritySSHMacListV15v0Group, tmnxSecuritySSHKeyReExV15v0Group, tmnxSecUserV19v0Group, tmnxSecuritySSHKexListV19v0Group, tmnxSecurityNiapsNotifyGroup, tmnxSecurityNiapsNotifyObjsGrp, tmnxSecurityMafV20v0Group } ::= { tmnxSecurityCompliances 30 } tmnxSecurityV20v0Compliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for management of security features on Nokia SR series systems release R20.0." MODULE MANDATORY-GROUPS { tmnxSecurityMgmtIfV20v0Group, tmnxSecurityNotifyObjsV20v0Grp, tmnxSecurityNotificationV20v0Grp, tmnxSecurityPasswordsV20v0Group, tmnxSecUserV20v0Group, tmnxSecPwdHashNotifyObjsGroup, tmnxSecPwdHashNotifyGroup, tmnxSecUsrPwdNotifyObjsGroup, tmnxSecUsrPwdNotifyGroup } ::= { tmnxSecurityCompliances 31 } tmnxSecurityGroups OBJECT IDENTIFIER ::= { tmnxSecurityConformance 2 } tmnxSecurityUserGroup OBJECT-GROUP OBJECTS { tmnxUserProfileRowStatus, tmnxUserProfileDefaultAction, tmnxUserProfileMatchRowStatus, tmnxUserProfileMatchDescription, tmnxUserProfileMatchAction, tmnxUserProfileMatchString, tmnxUserRowStatus, tmnxUserPassword, tmnxUserPasswordEncrypted, tmnxUserAccess, tmnxUserHomeDirectory, tmnxUserRestrictedToHome, tmnxUserConsoleLoginExecFile, tmnxUserConsoleCannotChangePswd, tmnxUserConsoleNewPswdAtLogin, tmnxUserConsoleMemberProfile1, tmnxUserConsoleMemberProfile2, tmnxUserConsoleMemberProfile3, tmnxUserConsoleMemberProfile4, tmnxUserConsoleMemberProfile5, tmnxUserConsoleMemberProfile6, tmnxUserConsoleMemberProfile7, tmnxUserConsoleMemberProfile8, tmnxUserAttemptedLogins, tmnxUserSuccessfulLogins, tmnxUserPasswordChanged } STATUS obsolete DESCRIPTION "The group of objects supporting management of user security capabilities on Nokia SROS series systems." ::= { tmnxSecurityGroups 1 } tmnxSecurityMafR2r1Group OBJECT-GROUP OBJECTS { tmnxMafRowStatus, tmnxMafDefaultAction, tmnxMafAdminState, tmnxMafMatchRowStatus, tmnxMafMatchLastChanged, tmnxMafMatchAction, tmnxMafMatchDescription, tmnxMafMatchSrcIpAddr, tmnxMafMatchSrcIpMask, tmnxMafMatchSrcPortType, tmnxMafMatchSrcPortId, tmnxMafMatchDestPort, tmnxMafMatchDestPortMask, tmnxMafMatchProtocol, tmnxMafMatchCount, tmnxMafMatchRouter, tmnxMafMatchLog } STATUS obsolete DESCRIPTION "The group of objects supporting management of Management Access Filters (MAF) capabilities on Nokia SROS series systems release 2.1." ::= { tmnxSecurityGroups 6 } tmnxSecurityPasswordsR2r1Group OBJECT-GROUP OBJECTS { tmnxPasswordAging, tmnxPasswordMinLength, tmnxPasswordComplexity, tmnxPasswordAttemptsCount, tmnxPasswordAttemptsTime, tmnxPasswordAttemptsLockoutPeriod, tmnxPasswordAuthenOrder1, tmnxPasswordAuthenOrder2, tmnxPasswordAuthenOrder3, tmnxPasswordAuthenExitOnReject, tmnxAdminPassword, tmnxAdminPasswordEncrypted, tmnxPasswordHealthCheck } STATUS obsolete DESCRIPTION "The group of objects supporting management of passwords on Nokia SROS series systems." ::= { tmnxSecurityGroups 7 } tmnxSecurityCpmGroup OBJECT-GROUP OBJECTS { tmnxCpmPerPeerQueuing, tmnxCpmQueuesTotal, tmnxCpmQueuesInUse } STATUS current DESCRIPTION "The group of objects supporting CPM security capabilities for revision 2.1 on Nokia SROS series systems." ::= { tmnxSecurityGroups 11 } tmnxSecurityPasswordHashGroup OBJECT-GROUP OBJECTS { tmnxPassHashReadVersion, tmnxPassHashWriteVersion } STATUS current DESCRIPTION "The group of objects supporting password hashing capabilities for revision 2.1 on Nokia SROS series systems." ::= { tmnxSecurityGroups 12 } tmnxSecurityNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { tmnxSSHServerPreserveKeyFail } STATUS obsolete DESCRIPTION "The group of notifications supporting security in revision 3.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 14 } tmnxSecurityCpmIpFilterV3v0r2Group OBJECT-GROUP OBJECTS { tCpmFilterQueueRowStatus, tCpmFilterQueueLastChanged, tCpmFilterQueueAdminPIR, tCpmFilterQueueAdminCIR, tCpmFilterQueueCBS, tCpmFilterQueueMBS, tCpmFilterQueueReferences, tCpmFilterDefaultAction, tCpmIpFilterAdminState, tCpmIpFilterEntryRowStatus, tCpmIpFilterEntryLastChanged, tCpmIpFilterEntryLogId, tCpmIpFilterEntryDescription, tCpmIpFilterEntryAction, tCpmIpFilterEntryQueueId, tCpmIpFilterEntrySrcIPAddr, tCpmIpFilterEntrySrcIPMask, tCpmIpFilterEntryDestIPAddr, tCpmIpFilterEntryDestIPMask, tCpmIpFilterEntryProtocol, tCpmIpFilterEntrySrcPort, tCpmIpFilterEntrySrcPortMask, tCpmIpFilterEntryDestPort, tCpmIpFilterEntryDestPortMask, tCpmIpFilterEntryDSCP, tCpmIpFilterEntryFragment, tCpmIpFilterEntryOptionPresent, tCpmIpFilterEntryIPOptionValue, tCpmIpFilterEntryIPOptionMask, tCpmIpFilterEntryMultipleOption, tCpmIpFilterEntryTcpSyn, tCpmIpFilterEntryTcpAck, tCpmIpFilterEntryIcmpCode, tCpmIpFilterEntryIcmpType, tCpmIpFilterEntryVRtrId, tCpmIpFilterEntryLogCreated, tCpmIpFilterStatsDroppedPkts, tCpmIpFilterStatsForwardedPkts, tCpmFilterQInProfileDropPkts, tCpmFilterQInProfileFwdPkts, tCpmFilterQInProfileDropOctets, tCpmFilterQInProfileFwdOctets, tCpmFilterQOutProfileDropPkts, tCpmFilterQOutProfileFwdPkts, tCpmFilterQOutProfileDropOctets, tCpmFilterQOutProfileFwdOctets } STATUS obsolete DESCRIPTION "The group of objects supporting the CPM hardware filter capabilities for revision 3.0r2 on Nokia SROS series systems." ::= { tmnxSecurityGroups 17 } tmnxSecurityCpmIPv6FilterV4v0Group OBJECT-GROUP OBJECTS { tCpmIPv6FilterEntryRowStatus, tCpmIPv6FilterEntryLastChanged, tCpmIPv6FilterEntryLogId, tCpmIPv6FilterEntryDescription, tCpmIPv6FilterEntryAction, tCpmIPv6FilterEntryQueueId, tCpmIPv6FilterEntrySrcIPAddr, tCpmIPv6FilterEntrySrcIPMask, tCpmIPv6FilterEntryDestIPAddr, tCpmIPv6FilterEntryDestIPMask, tCpmIPv6FilterEntryNextHeader, tCpmIPv6FilterEntrySrcPort, tCpmIPv6FilterEntrySrcPortMask, tCpmIPv6FilterEntryDestPort, tCpmIPv6FilterEntryDestPortMask, tCpmIPv6FilterEntryDSCP, tCpmIPv6FilterEntryTcpSyn, tCpmIPv6FilterEntryTcpAck, tCpmIPv6FilterEntryIcmpCode, tCpmIPv6FilterEntryIcmpType, tCpmIPv6FilterEntryVRtrId, tCpmIPv6FilterEntryLogCreated, tCpmIPv6FilterEntryFlowLabel, tCpmIPv6FilterStatsDroppedPkts, tCpmIPv6FilterStatsForwardedPkts, tCpmIPv6FilterAdminState } STATUS obsolete DESCRIPTION "The group of objects supporting the CPM hardware filter IPv6 capabilities for revision 4.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 18 } tmnxSecurityServerCtlV4v0Group OBJECT-GROUP OBJECTS { tmnxEnableServers, tmnxTelnetServerOperStatus, tmnxSSHServerOperStatus, tmnxFTPServerOperStatus, tmnxTelnet6ServerOperStatus } STATUS current DESCRIPTION "The group of objects supporting management of TELNET/SSH/FTP capabilities for revision 4.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 19 } tmnxSSHServerV4v0Group OBJECT-GROUP OBJECTS { tmnxSSHServerPreserveKey, tmnxSSHServerVersion } STATUS current DESCRIPTION "The group of objects supporting management of SSH capabilities for revision 4.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 20 } tmnxSecuritySourceIpV4v0Group OBJECT-GROUP OBJECTS { tmnxSourceIPRowStatus, tmnxSourceIPAddressType, tmnxSourceIPAddress, tmnxSourceIPIfIndex, tmnxSourceIPOperStatus } STATUS current DESCRIPTION "The group of objects supporting management of application source IP address override capabilities for revision 4.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 21 } tmnxSecurityRadiusV4v0Group OBJECT-GROUP OBJECTS { tmnxRadiusAdminStatus, tmnxRadiusAccounting, tmnxRadiusAuthorization, tmnxRadiusRetryAttempts, tmnxRadiusTimeout, tmnxRadiusPort, tmnxRadiusServerAddress, tmnxRadiusServerSecret, tmnxRadiusServerOperStatus, tmnxRadiusServerRowStatus, tmnxRadiusConfigured, tmnxRadiusPEDiscovery, tmnxRadiusPEDiscoveryPassword, tmnxRadiusPEDiscoveryInterval, tmnxRadiusPEForceDiscovery, tmnxRadiusPEForceDiscoverySvcId, tmnxRadiusAccountingPort } STATUS obsolete DESCRIPTION "The group of objects supporting management of RADIUS capabilities for revision 4.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 22 } tmnxSecurityTacPlusV4v0Group OBJECT-GROUP OBJECTS { tmnxTacPlusAdminStatus, tmnxTacPlusTimeout, tmnxTacPlusServerAddress, tmnxTacPlusServerSecret, tmnxTacPlusServerRowStatus, tmnxTacPlusServerOperStatus, tmnxTacPlusAccounting, tmnxTacPlusAcctRecType, tmnxTacPlusAuthorization, tmnxTacPlusSingleConnection, tmnxTacPlusConfigured, tmnxTacplusUseTemplate } STATUS obsolete DESCRIPTION "The group of objects supporting management of TACACS+ capabilities for revision 4.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 23 } tmnxSecurityObsoleteGroup OBJECT-GROUP OBJECTS { tmnxRadiusSourceAddress, tmnxTacPlusServerAddress, tmnxTacPlusSourceAddress, tmnxRadiusPEDiscovery, tmnxRadiusPEDiscoveryPassword, tmnxRadiusPEDiscoveryInterval, tmnxRadiusServerAddress, tmnxPasswordComplexity } STATUS current DESCRIPTION "The group of objects in TIMETRA-SECURITY-MIB which are obsoleted." ::= { tmnxSecurityGroups 24 } tmnxSecurityUserV4v0Group OBJECT-GROUP OBJECTS { tmnxUserProfileRowStatus, tmnxUserProfileDefaultAction, tmnxUserProfileMatchRowStatus, tmnxUserProfileMatchDescription, tmnxUserProfileMatchAction, tmnxUserProfileMatchString, tmnxUserRowStatus, tmnxUserPassword, tmnxUserPasswordEncrypted, tmnxUserAccess, tmnxUserHomeDirectory, tmnxUserRestrictedToHome, tmnxUserConsoleLoginExecFile, tmnxUserConsoleCannotChangePswd, tmnxUserConsoleNewPswdAtLogin, tmnxUserConsoleMemberProfile1, tmnxUserConsoleMemberProfile2, tmnxUserConsoleMemberProfile3, tmnxUserConsoleMemberProfile4, tmnxUserConsoleMemberProfile5, tmnxUserConsoleMemberProfile6, tmnxUserConsoleMemberProfile7, tmnxUserConsoleMemberProfile8, tmnxUserAttemptedLogins, tmnxUserSuccessfulLogins, tmnxUserPasswordChanged, tmnxTemplateAccess, tmnxTemplateHomeDirectory, tmnxTemplateRestrictedToHome, tmnxTemplateConsoleLoginExecFile } STATUS obsolete DESCRIPTION "The group of objects supporting management of user security capabilities on Nokia SROS series systems." ::= { tmnxSecurityGroups 25 } tmnxSecurityKeyChainV5v0Group OBJECT-GROUP OBJECTS { tmnxKeyChainRowStatus, tmnxKeyChainDescription, tmnxKeyChainReceiveTcpOptionNum, tmnxKeyChainSendTcpOptionNum, tmnxKeyChainAdminState, tmnxKeyChainOperState, tmnxKeyChainKeyRowStatus, tmnxKeyChainAuthenticationKey, tmnxKeyChainKeyAlgorithm, tmnxKeyChainKeyBeginTime, tmnxKeyChainKeyEndTime, tmnxKeyChainKeyTolerance, tmnxKeyChainKeyAdminState } STATUS current DESCRIPTION "The group of objects supporting management of Keychain capabilities for revision 5.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 26 } tmnxSecurityRadiusV5v0Group OBJECT-GROUP OBJECTS { tmnxRadiusAdminStatus, tmnxRadiusAccounting, tmnxRadiusAuthorization, tmnxRadiusTimeout, tmnxRadiusPort, tmnxRadiusServerSecret, tmnxRadiusServerOperStatus, tmnxRadiusServerRowStatus, tmnxRadiusRetryAttempts, tmnxRadiusConfigured, tmnxRadiusPEForceDiscovery, tmnxRadiusPEForceDiscoverySvcId, tmnxRadiusAccountingPort, tmnxRadiusServerInetAddressType, tmnxRadiusServerInetAddress, tmnxRadiusUseTemplate } STATUS obsolete DESCRIPTION "The group of objects supporting management of RADIUS capabilities for revision 5.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 27 } tmnxSecurityTacPlusV5v0Group OBJECT-GROUP OBJECTS { tmnxTacPlusAdminStatus, tmnxTacPlusTimeout, tmnxTacPlusServerSecret, tmnxTacPlusServerRowStatus, tmnxTacPlusServerOperStatus, tmnxTacPlusAccounting, tmnxTacPlusAcctRecType, tmnxTacPlusAuthorization, tmnxTacPlusSingleConnection, tmnxTacPlusConfigured, tmnxTacplusUseTemplate, tmnxTacPlusServerInetAddressType, tmnxTacPlusServerInetAddress } STATUS obsolete DESCRIPTION "The group of objects supporting management of TACACS+ capabilities for revision 5.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 28 } tmnxSecurityCpmIpFilterV5v0Group OBJECT-GROUP OBJECTS { tCpmFilterQueueRowStatus, tCpmFilterQueueLastChanged, tCpmFilterQueueAdminPIR, tCpmFilterQueueAdminCIR, tCpmFilterQueueCBS, tCpmFilterQueueMBS, tCpmFilterQueueReferences, tCpmFilterQueueOperPIR, tCpmFilterQueueOperCIR, tCpmFilterDefaultAction, tCpmIpFilterAdminState, tCpmIpFilterEntryRowStatus, tCpmIpFilterEntryLastChanged, tCpmIpFilterEntryLogId, tCpmIpFilterEntryDescription, tCpmIpFilterEntryAction, tCpmIpFilterEntryQueueId, tCpmIpFilterEntrySrcIPAddr, tCpmIpFilterEntrySrcIPMask, tCpmIpFilterEntryDestIPAddr, tCpmIpFilterEntryDestIPMask, tCpmIpFilterEntryProtocol, tCpmIpFilterEntrySrcPort, tCpmIpFilterEntrySrcPortMask, tCpmIpFilterEntryDestPort, tCpmIpFilterEntryDestPortMask, tCpmIpFilterEntryDSCP, tCpmIpFilterEntryFragment, tCpmIpFilterEntryOptionPresent, tCpmIpFilterEntryIPOptionValue, tCpmIpFilterEntryIPOptionMask, tCpmIpFilterEntryMultipleOption, tCpmIpFilterEntryTcpSyn, tCpmIpFilterEntryTcpAck, tCpmIpFilterEntryIcmpCode, tCpmIpFilterEntryIcmpType, tCpmIpFilterEntryVRtrId, tCpmIpFilterEntryLogCreated, tCpmIpFilterStatsDroppedPkts, tCpmIpFilterStatsForwardedPkts, tCpmFilterQInProfileDropPkts, tCpmFilterQInProfileFwdPkts, tCpmFilterQInProfileDropOctets, tCpmFilterQInProfileFwdOctets, tCpmFilterQOutProfileDropPkts, tCpmFilterQOutProfileFwdPkts, tCpmFilterQOutProfileDropOctets, tCpmFilterQOutProfileFwdOctets } STATUS obsolete DESCRIPTION "The group of objects supporting the CPM hardware filter capabilities for revision 5.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 29 } tmnxSecurityNotificationV5v0Group NOTIFICATION-GROUP NOTIFICATIONS { tmnxSSHServerPreserveKeyFail, tmnxKeyChainAuthFailure } STATUS current DESCRIPTION "The group of notifications supporting security in revision 5.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 30 } tmnxSecurityNotifyObjsGroup OBJECT-GROUP OBJECTS { tmnxKeyChainAuthFailReason, tmnxKeyChainAuthAddrType, tmnxKeyChainAuthAddr } STATUS current DESCRIPTION "The group of objects supporting security notifications on Nokia SROS series systems 5.0 release." ::= { tmnxSecurityGroups 31 } tmnxSecurityTacPlusV6v0Group OBJECT-GROUP OBJECTS { tmnxTacPlusAdminStatus, tmnxTacPlusTimeout, tmnxTacPlusServerSecret, tmnxTacPlusServerRowStatus, tmnxTacPlusServerOperStatus, tmnxTacPlusAccounting, tmnxTacPlusAcctRecType, tmnxTacPlusAuthorization, tmnxTacPlusSingleConnection, tmnxTacPlusConfigured, tmnxTacplusUseTemplate, tmnxTacPlusServerInetAddressType, tmnxTacPlusServerInetAddress, tmnxTacPlusServerPort } STATUS obsolete DESCRIPTION "The group of objects supporting management of TACACS+ capabilities for revision 6.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 32 } tmnxSecurityPasswordsV6v0Group OBJECT-GROUP OBJECTS { tmnxPasswordAging, tmnxPasswordMinLength, tmnxPasswordComplexity, tmnxPasswordAttemptsCount, tmnxPasswordAttemptsTime, tmnxPasswordAttemptsLockoutPeriod, tmnxPasswordAuthenOrder1, tmnxPasswordAuthenOrder2, tmnxPasswordAuthenOrder3, tmnxPasswordAuthenExitOnReject, tmnxAdminPassword, tmnxAdminPasswordEncrypted, tmnxPasswordHealthCheck, tmnxPasswordHealthCheckInterval } STATUS obsolete DESCRIPTION "The group of objects supporting management of passwords on Nokia SROS series systems." ::= { tmnxSecurityGroups 33 } tmnxSecurityMafV6v0Group OBJECT-GROUP OBJECTS { tmnxGenMafTableLastChanged, tmnxMafIPMatchTableLastChanged, tmnxGenMafLastModified, tmnxGenMafRowStatus, tmnxGenMafAdminState, tmnxGenMafDefaultAction, tmnxIPMafMatchRowStatus, tmnxIPMafMatchLastChanged, tmnxIPMafMatchAction, tmnxIPMafMatchDescription, tmnxIPMafMatchSrcIpAddrType, tmnxIPMafMatchSrcIpAddr, tmnxIPMafMatchSrcIpMask, tmnxIPMafMatchSrcPortType, tmnxIPMafMatchSrcPortId, tmnxIPMafMatchDestPort, tmnxIPMafMatchDestPortMask, tmnxIPMafMatchProtNxtHdr, tmnxIPMafMatchCount, tmnxIPMafMatchRouter, tmnxIPMafMatchFlowLabel, tmnxIPMafMatchLog } STATUS current DESCRIPTION "The group of objects supporting management of Management Access Filters (MAF) capabilities on Nokia SROS series systems release 6.0" ::= { tmnxSecurityGroups 34 } tmnxObsoletedObjectsV6v0Group OBJECT-GROUP OBJECTS { tmnxMafRowStatus, tmnxMafDefaultAction, tmnxMafAdminState, tmnxMafMatchRowStatus, tmnxMafMatchLastChanged, tmnxMafMatchAction, tmnxMafMatchDescription, tmnxMafMatchSrcIpAddr, tmnxMafMatchSrcIpMask, tmnxMafMatchSrcPortType, tmnxMafMatchSrcPortId, tmnxMafMatchDestPort, tmnxMafMatchDestPortMask, tmnxMafMatchProtocol, tmnxMafMatchCount, tmnxMafMatchRouter, tmnxMafMatchLog } STATUS current DESCRIPTION "The group of objects that are obsoleted in on Nokia SROS series systems release 6.0" ::= { tmnxSecurityGroups 35 } tmnxSecurityCpmProtectGroup OBJECT-GROUP OBJECTS { tmnxCpmProtPolTableLastChanged, tmnxCpmProtPolRowStatus, tmnxCpmProtPolLastChanged, tmnxCpmProtPolDescription, tmnxCpmProtPolPerSrcRateLimit, tmnxCpmProtPolOverallRateLimit, tmnxCpmProtPolAlarm, tmnxCpmProtPolOutProfileRate, tmnxCpmProtDropUncfgdProtocolMsg, tmnxCpmProtLinkRateLimit, tmnxCpmProtExcdTableLastChanged, tmnxCpmProtExcdPeriods, tmnxCpmProtExcdTime, tmnxCpmProtExcdTimeStarted, tmnxCpmProtViolPortTableLastChgd, tmnxCpmProtViolPortPeriods, tmnxCpmProtViolPortTimeStarted, tmnxCpmProtViolPortTime, tmnxCpmProtViolPortAggPeriods, tmnxCpmProtViolPortAggTimeStart, tmnxCpmProtViolPortAggTime, tmnxCpmProtViolIfTableLastChgd, tmnxCpmProtViolIfPeriods, tmnxCpmProtViolIfTimeStarted, tmnxCpmProtViolIfTime, tmnxCpmProtViolSapTableLastChgd, tmnxCpmProtViolSapPeriods, tmnxCpmProtViolSapTimeStarted, tmnxCpmProtViolSapTime, tmnxCpmProtPortOverallRateLimit, tmnxCpmProtDetectPeriod } STATUS current DESCRIPTION "The group of objects supporting management of CPM Protection on Nokia SROS series systems." ::= { tmnxSecurityGroups 36 } tmnxSecurityLiGroup OBJECT-GROUP OBJECTS { tmnxUserProfileLi } STATUS current DESCRIPTION "The group of objects supporting management of Lawful Intercept (LI) users." ::= { tmnxSecurityGroups 37 } tmnxSecurityCpmProtNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { tmnxCpmProtViolPort, tmnxCpmProtViolPortAgg, tmnxCpmProtViolIf, tmnxCpmProtViolSap, tmnxCpmProtViolMac } STATUS current DESCRIPTION "The group of notifications supporting CPM Protection on Nokia SROS series systems." ::= { tmnxSecurityGroups 38 } tmnxSecurityCpmProtNotificationObjsGroup OBJECT-GROUP OBJECTS { tmnxCpmProtViolMacAddress, tmnxCpmProtViolMacPeriods } STATUS current DESCRIPTION "The group of objects supporting CPM Protection notifications." ::= { tmnxSecurityGroups 39 } tmnxSecurityCpmMacFilterGroup OBJECT-GROUP OBJECTS { tCpmMacFilterAdminState, tCpmMacFltrEntryRowStatus, tCpmMacFltrEntryLastChanged, tCpmMacFltrEntryLogId, tCpmMacFltrEntryDescription, tCpmMacFltrEntryAction, tCpmMacFltrEntryQueueId, tCpmMacFltrEntryFrameType, tCpmMacFltrEntrySvcId, tCpmMacFltrEntryDot1pValue, tCpmMacFltrEntryDot1pMask, tCpmMacFltrEntryDsap, tCpmMacFltrEntryDsapMask, tCpmMacFltrEntrySrcMAC, tCpmMacFltrEntrySrcMACMask, tCpmMacFltrEntryDstMAC, tCpmMacFltrEntryDstMACMask, tCpmMacFltrEntryEtherType, tCpmMacFltrEntrySsap, tCpmMacFltrEntrySsapMask, tCpmMacFltrEntryCfmOpCodeOper, tCpmMacFltrEntryCfmOpCodeValue1, tCpmMacFltrEntryCfmOpCodeValue2, tCpmMacFltrEntryLogCreated, tCpmMacFilterStatsDroppedPkts, tCpmMacFilterStatsForwardedPkts } STATUS current DESCRIPTION "The group of objects supporting the CPM hardware Mac filter capabilities on Nokia SROS series systems." ::= { tmnxSecurityGroups 40 } tmnxSecurityMafMacFilterGroup OBJECT-GROUP OBJECTS { tmnxMafMacMatchTableLastChanged, tmnxMacMafMatchRowStatus, tmnxMacMafMatchLastChanged, tmnxMacMafMatchAction, tmnxMacMafMatchDescription, tmnxMacMafMatchLog, tmnxMacMafMatchFrameType, tmnxMacMafMatchSvcId, tmnxMacMafMatchDot1pValue, tmnxMacMafMatchDot1pMask, tmnxMacMafMatchDsap, tmnxMacMafMatchDsapMask, tmnxMacMafMatchSrcMAC, tmnxMacMafMatchSrcMACMask, tmnxMacMafMatchDstMAC, tmnxMacMafMatchDstMACMask, tmnxMacMafMatchEtherType, tmnxMacMafMatchSnapOui, tmnxMacMafMatchSnapPid, tmnxMacMafMatchSsap, tmnxMacMafMatchSsapMask, tmnxMacMafMatchCfmOpCodeOper, tmnxMacMafMatchCfmOpCodeValue1, tmnxMacMafMatchCfmOpCodeValue2, tmnxMacMafMatchCount } STATUS current DESCRIPTION "The group of objects supporting the Maf Mac filter capabilities on Nokia SROS series systems." ::= { tmnxSecurityGroups 41 } tmnxSecurityUserV6v0Group OBJECT-GROUP OBJECTS { tmnxUserProfileRowStatus, tmnxUserProfileDefaultAction, tmnxUserProfileMatchRowStatus, tmnxUserProfileMatchDescription, tmnxUserProfileMatchAction, tmnxUserProfileMatchString, tmnxUserRowStatus, tmnxUserPassword, tmnxUserPasswordEncrypted, tmnxUserAccess, tmnxUserHomeDirectory, tmnxUserRestrictedToHome, tmnxUserConsoleLoginExecFile, tmnxUserConsoleCannotChangePswd, tmnxUserConsoleNewPswdAtLogin, tmnxUserConsoleMemberProfile1, tmnxUserConsoleMemberProfile2, tmnxUserConsoleMemberProfile3, tmnxUserConsoleMemberProfile4, tmnxUserConsoleMemberProfile5, tmnxUserConsoleMemberProfile6, tmnxUserConsoleMemberProfile7, tmnxUserConsoleMemberProfile8, tmnxUserAttemptedLogins, tmnxUserSuccessfulLogins, tmnxUserPasswordChanged, tmnxTemplateAccess, tmnxTemplateHomeDirectory, tmnxTemplateRestrictedToHome, tmnxTemplateConsoleLoginExecFile, tmnxTemplateProfile } STATUS obsolete DESCRIPTION "The group of objects supporting management of user security capabilities on Nokia SROS series systems." ::= { tmnxSecurityGroups 42 } tmnxSecurityRadiusAuthV5v0Group OBJECT-GROUP OBJECTS { tmnxRadiusAuthAlgorithm } STATUS current DESCRIPTION "The group of objects supporting management of RADIUS capabilities for revision 5.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 43 } tmnxSecurityV7v0Group OBJECT-GROUP OBJECTS { tmnxCpmProtAllowShamLinkPackets, tmnxCpmProtViolVdoSvcPeriods, tmnxCpmProtViolVdoSvcTimeStarted, tmnxCpmProtViolVdoSvcTime, tmnxCpmProtViolVdoSvcVrtrIfIndex, tmnxCpmProtViolVdoVrtrPeriods, tmnxCpmProtViolVdoVrtrTimeStart, tmnxCpmProtViolVdoVrtrTime, tmnxCpmProtViolVdoVrtrSvcId, tmnxCpmProtViolVdoVrtrIfIndex } STATUS current DESCRIPTION "The group of objects supporting management of CPM Protection on Nokia SROS 7.0 series systems." ::= { tmnxSecurityGroups 44 } tmnxSecurityCpmProtNotifyV7v0Grp NOTIFICATION-GROUP NOTIFICATIONS { tmnxCpmProtViolVdoSvcClient, tmnxCpmProtViolVdoVrtrClient } STATUS current DESCRIPTION "The group of notifications supporting CPM Protection on Nokia SROS 7.0 series systems." ::= { tmnxSecurityGroups 45 } tmnxSecurityTacPlusV8v0Group OBJECT-GROUP OBJECTS { tmnxTacPlusAdminStatus, tmnxTacPlusTimeout, tmnxTacPlusServerSecret, tmnxTacPlusServerRowStatus, tmnxTacPlusServerOperStatus, tmnxTacPlusAccounting, tmnxTacPlusAcctRecType, tmnxTacPlusAuthorization, tmnxTacPlusConfigured, tmnxTacplusUseTemplate, tmnxTacPlusServerInetAddressType, tmnxTacPlusServerInetAddress, tmnxTacPlusServerPort } STATUS obsolete DESCRIPTION "The group of objects supporting management of TACACS+ capabilities on Nokia SROS series systems." ::= { tmnxSecurityGroups 46 } tmnxObsoletedObjectsV8v0Group OBJECT-GROUP OBJECTS { tmnxTacPlusSingleConnection } STATUS current DESCRIPTION "The group of objects that are made obsolete on Nokia SROS series systems in release 8.0" ::= { tmnxSecurityGroups 47 } tmnxSecurityNotifyObjsV8v0Group OBJECT-GROUP OBJECTS { tmnxMD5AuthFailReason, tmnxMD5AuthAddrType, tmnxMD5AuthAddr, tmnxMD5AuthKey, tmnxCpmProtPolId } STATUS current DESCRIPTION "The group of objects supporting security notifications in revision 8.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 48 } tmnxSecurityNotificationV8v0Grp NOTIFICATION-GROUP NOTIFICATIONS { tmnxMD5AuthFailure, tmnxCpmProtDefPolModified } STATUS current DESCRIPTION "The group of notifications supporting security in revision 8.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 49 } tmnxCpmProtEthCfmPolV8v0Grp OBJECT-GROUP OBJECTS { tmnxCpmProtEthCfmPolTableLastChg, tmnxCpmProtEthCfmPolRowStatus, tmnxCpmProtEthCfmPolLastChanged, tmnxCpmProtEthCfmPolLevelSet, tmnxCpmProtEthCfmPolOpCodeSet, tmnxCpmProtEthCfmPolRateLimit, tmnxCpmProtExcdSdpBindEcmTblLChg, tmnxCpmProtExcdSdpBindEcmPeriods, tmnxCpmProtExcdSdpBindEcmStarted, tmnxCpmProtExcdSdpBindEcmTime, tmnxCpmProtExcdSapEcmTblLChg, tmnxCpmProtExcdSapEcmPeriods, tmnxCpmProtExcdSapEcmStarted, tmnxCpmProtExcdSapEcmTime } STATUS current DESCRIPTION "The group of objects supporting CPM protection policies for Ethernet CFM packets in revision 8.0 R5 on Nokia SROS systems." ::= { tmnxSecurityGroups 50 } tmnxCpmProtPolV8v0Grp OBJECT-GROUP OBJECTS { tmnxCpmProtViolSdpBindTblLastChg, tmnxCpmProtViolSdpBindPeriods, tmnxCpmProtViolSdpBindTimeStartd, tmnxCpmProtViolSdpBindTime, tmnxCpmProtExcdSdpBindTblLastChg, tmnxCpmProtExcdSdpBindPeriods, tmnxCpmProtExcdSdpBindTimeStartd, tmnxCpmProtExcdSdpBindTime } STATUS current DESCRIPTION "The group of objects supporting CPM protection policies in revision 8.0 R5 on Nokia SROS systems." ::= { tmnxSecurityGroups 51 } tmnxCpmProtPolNotifyV8v0Grp NOTIFICATION-GROUP NOTIFICATIONS { tmnxCpmProtViolSdpBind, tmnxCpmProtExcdSdpBind, tmnxCpmProtExcdSapEcm, tmnxCpmProtExcdSdpBindEcm } STATUS current DESCRIPTION "The group of notifications supporting CPM protection policies in revision 8.0 R5 on Nokia SROS systems." ::= { tmnxSecurityGroups 52 } tmnxSecPkiV9v0Grp OBJECT-GROUP OBJECTS { tmnxPkiCAProfileAdminState, tmnxPkiCAProfileCRLFile, tmnxPkiCAProfileCertFile, tmnxPkiCAProfileDescr, tmnxPkiCAProfileLastChanged, tmnxPkiCAProfileRowStatus, tmnxPkiCAProfileTableLastChanged, tmnxPkiMaxCertChainDepth, tmnxPkiCAProfileOperFlags, tmnxPkiCAProfileOperState, tmnxCertMgrAuthFailed, tmnxCertMgrAuthPassed, tmnxCertMgrTotalAuth } STATUS current DESCRIPTION "The tmnxSecPkiV9v0Grp indicates the group of objects supporting PKI objects in revision 9.0 R4 on Nokia SROS systems." ::= { tmnxSecurityGroups 53 } tmnxSecurityNwExceptionsGroup OBJECT-GROUP OBJECTS { tmnxCpmVprnNwExceptions, tmnxCpmNumVprnNwExceptions, tmnxCpmVprnNwExceptionsTime } STATUS current DESCRIPTION "The group of objects supporting MPLS Network Exception capabilities for on Nokia SROS series systems." ::= { tmnxSecurityGroups 54 } tmnxCertNotifyGroup NOTIFICATION-GROUP NOTIFICATIONS { tmnxPkiCAProfCrlUpdateStart, tmnxPkiCAProfCrlUpdateSuccess, tmnxPkiCAProfCrlUpdateUrlFail, tmnxPkiCAProfCrlUpdAllUrlsFail, tmnxPkiFileWriteFailed, tmnxPkiCAProfCrlUpdNoNxtUpdTime, tmnxPkiCAProfCrlUpdLargPreUpdTm, tmnxPkiFileReadFailed, tmnxPkiCertVerificationFailed, tmnxCAProfileStateChange } STATUS current DESCRIPTION "The group of notifications supporting CA Profile certificate capabilities on Nokia SROS systems." ::= { tmnxSecurityGroups 55 } tmnxSecNotifyObjsV10v0Group OBJECT-GROUP OBJECTS { tmnxSecNotifCert, tmnxSecNotifFailureReason, tmnxSecNotifFile, tmnxSecNotifTunnelName } STATUS current DESCRIPTION "The group of objects supporting security notifications in revision 8.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 56 } tmnxRadiusUserGroup OBJECT-GROUP OBJECTS { tmnxRadiusUserAcctConnError, tmnxRadiusUserAcctRejRx, tmnxRadiusUserAcctReqTx, tmnxRadiusUserBindFail, tmnxRadiusUserLoginFail, tmnxRadiusUserLoginPass, tmnxRadiusUserMd5Fail, tmnxRadiusUserOpenFail, tmnxRadiusUserPending, tmnxRadiusUserRecvFail, tmnxRadiusUserReqRx, tmnxRadiusUserReqTx, tmnxRadiusUserSendFail, tmnxRadiusUserSendTimeout } STATUS current DESCRIPTION "The tmnxRadiusUserGroup indicates the group of objects supporting Radius objects on Nokia SROS systems." ::= { tmnxSecurityGroups 57 } tmnxCpmProtExcdSapIpV9v0Group OBJECT-GROUP OBJECTS { tmnxCpmProtExcdSapIpTableLastChg, tmnxCpmProtExcdSapIpPeriods, tmnxCpmProtExcdSapIpStarted, tmnxCpmProtExcdSapIpTime, tmnxCpmProtPolLimDhcpCiAddrZero } STATUS current DESCRIPTION "The group of objects supporting per-SAP, per-source rate limiting of IP packets in release 9.0 Nokia SROS series systems." ::= { tmnxSecurityGroups 58 } tmnxCpmProtPolNotifyV9v0Group NOTIFICATION-GROUP NOTIFICATIONS { tmnxCpmProtExcdSapIp } STATUS current DESCRIPTION "The group of notifications supporting CPM protection policies in Nokia SROS systems, release 9.0." ::= { tmnxSecurityGroups 59 } tmnxCpmFltrPrefixListV10v0Group OBJECT-GROUP OBJECTS { tCpmIpFilterEntrySrcIpPrefixList, tCpmIpFilterEntryDstIpPrefixList } STATUS obsolete DESCRIPTION "The group of objects supporting management of IP prefix lists in CPM filters on Nokia SROS series systems 10.0 release." ::= { tmnxSecurityGroups 60 } tmnxRadiusUserExGroup OBJECT-GROUP OBJECTS { tmnxRadiusUserAccChallengePkt } STATUS current DESCRIPTION "The tmnxRadiusUserGroup indicates the group of additional objects supporting Radius objects on Nokia SROS systems." ::= { tmnxSecurityGroups 61 } tmnxSecurityUserActionGroup OBJECT-GROUP OBJECTS { tmnxUserActionUserName, tmnxUserActionUnlock } STATUS current DESCRIPTION "The group of objects supporting management of user lockout on Nokia SROS systems." ::= { tmnxSecurityGroups 62 } tmnxCpmFltrPrefixListV11v0Group OBJECT-GROUP OBJECTS { tCpmIpFilterEntrySrcIpPrefixList, tCpmIpFilterEntryDstIpPrefixList, tCpmIPv6FilterEntrySrcIpPfxList, tCpmIPv6FilterEntryDstIpPfxList } STATUS current DESCRIPTION "The group of objects supporting management of IP prefix lists in CPM filters on Nokia SROS series systems 11.0 release." ::= { tmnxSecurityGroups 63 } tmnxSecurityCpmIpFilterV11v0Grp OBJECT-GROUP OBJECTS { tCpmFilterQueueRowStatus, tCpmFilterQueueLastChanged, tCpmFilterQueueAdminPIR, tCpmFilterQueueAdminCIR, tCpmFilterQueueCBS, tCpmFilterQueueMBS, tCpmFilterQueueReferences, tCpmFilterQueueOperPIR, tCpmFilterQueueOperCIR, tCpmFilterDefaultAction, tCpmIpFilterAdminState, tCpmIpFilterEntryRowStatus, tCpmIpFilterEntryLastChanged, tCpmIpFilterEntryLogId, tCpmIpFilterEntryDescription, tCpmIpFilterEntryAction, tCpmIpFilterEntryQueueId, tCpmIpFilterEntrySrcIPAddr, tCpmIpFilterEntrySrcIPMask, tCpmIpFilterEntryDestIPAddr, tCpmIpFilterEntryDestIPMask, tCpmIpFilterEntryProtocol, tCpmIpFilterEntrySrcPort, tCpmIpFilterEntrySrcPortMask, tCpmIpFilterEntryDestPort, tCpmIpFilterEntryDestPortMask, tCpmIpFilterEntryDSCP, tCpmIpFilterEntryFragment, tCpmIpFilterEntryOptionPresent, tCpmIpFilterEntryIPOptionValue, tCpmIpFilterEntryIPOptionMask, tCpmIpFilterEntryMultipleOption, tCpmIpFilterEntryTcpSyn, tCpmIpFilterEntryTcpAck, tCpmIpFilterEntryIcmpCode, tCpmIpFilterEntryIcmpType, tCpmIpFilterEntryVRtrId, tCpmIpFilterEntryLogCreated, tCpmIpFilterStatsDroppedPkts, tCpmIpFilterStatsForwardedPkts, tCpmFilterQInProfileDropPkts, tCpmFilterQInProfileFwdPkts, tCpmFilterQInProfileDropOctets, tCpmFilterQInProfileFwdOctets, tCpmFilterQOutProfileDropPkts, tCpmFilterQOutProfileFwdPkts, tCpmFilterQOutProfileDropOctets, tCpmFilterQOutProfileFwdOctets, tCpmIpFilterEntrySrcPortHigh, tCpmIpFilterEntrySrcPortOper, tCpmIpFilterEntryDestPortHigh, tCpmIpFilterEntryDestPortOper, tCpmIpFilterEntrySrcPortList, tCpmIpFilterEntryDstPortList, tCpmIpFilterEntryPortSelector } STATUS current DESCRIPTION "The group of objects supporting the CPM hardware filter capabilities for revision 11.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 64 } tmnxSecurityCpmIPv6FltrV11v0Grp OBJECT-GROUP OBJECTS { tCpmIPv6FilterEntryRowStatus, tCpmIPv6FilterEntryLastChanged, tCpmIPv6FilterEntryLogId, tCpmIPv6FilterEntryDescription, tCpmIPv6FilterEntryAction, tCpmIPv6FilterEntryQueueId, tCpmIPv6FilterEntrySrcIPAddr, tCpmIPv6FilterEntrySrcIPMask, tCpmIPv6FilterEntryDestIPAddr, tCpmIPv6FilterEntryDestIPMask, tCpmIPv6FilterEntryNextHeader, tCpmIPv6FilterEntrySrcPort, tCpmIPv6FilterEntrySrcPortMask, tCpmIPv6FilterEntryDestPort, tCpmIPv6FilterEntryDestPortMask, tCpmIPv6FilterEntryDSCP, tCpmIPv6FilterEntryTcpSyn, tCpmIPv6FilterEntryTcpAck, tCpmIPv6FilterEntryIcmpCode, tCpmIPv6FilterEntryIcmpType, tCpmIPv6FilterEntryVRtrId, tCpmIPv6FilterEntryLogCreated, tCpmIPv6FilterEntryFlowLabel, tCpmIPv6FilterStatsDroppedPkts, tCpmIPv6FilterStatsForwardedPkts, tCpmIPv6FilterAdminState, tCpmIPv6FilterEntrySrcPortHigh, tCpmIPv6FilterEntrySrcPortOper, tCpmIPv6FilterEntryDestPortHigh, tCpmIPv6FilterEntryDestPortOper, tCpmIPv6FilterEntrySrcPortList, tCpmIPv6FilterEntryDstPortList, tCpmIPv6FilterEntryPortSelector, tCpmIPv6FilterEntryFragment, tCpmIPv6FilterEntryHopByHopOpt } STATUS current DESCRIPTION "The group of objects supporting the CPM hardware filter IPv6 capabilities for revision 11.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 65 } tmnxDistCpuProtectionV11v0Group OBJECT-GROUP OBJECTS { tmnxDCpuProtPolicyRowStatus, tmnxDCpuProtPolicyLastMdfy, tmnxDCpuProtPolicyDescr, tmnxDCpuProtPolicyTblLstChg, tmnxDCpuProtStaticPlcrTblLstChg, tmnxDCpuProtStaticPlcrRowStatus, tmnxDCpuProtStaticPlcrLastMdfy, tmnxDCpuProtStaticPlcrDescr, tmnxDCpuProtStaticPlcrPackets, tmnxDCpuProtStaticPlcrWithin, tmnxDCpuProtStaticPlcrInitDelay, tmnxDCpuProtStaticPlcrKbps, tmnxDCpuProtStaticPlcrMbs, tmnxDCpuProtStaticPlcrExdActn, tmnxDCpuProtStaticPlcrExdHold, tmnxDCpuProtStaticPlcrRateType, tmnxDCpuProtStaticPlcrDectnTime, tmnxDCpuProtStaticPlcrLogEvent, tmnxDCpuProtLocMonPlcrTblLstChg, tmnxDCpuProtLocMonPlcrRowStatus, tmnxDCpuProtLocMonPlcrLastMdfy, tmnxDCpuProtLocMonPlcrDescr, tmnxDCpuProtLocMonPlcrPackets, tmnxDCpuProtLocMonPlcrWithin, tmnxDCpuProtLocMonPlcrInitDelay, tmnxDCpuProtLocMonPlcrKbps, tmnxDCpuProtLocMonPlcrMbs, tmnxDCpuProtLocMonPlcrExcdActn, tmnxDCpuProtLocMonPlcrRateType, tmnxDCpuProtLocMonPlcrLogEvent, tmnxDCpuProtProtocolTblLstChg, tmnxDCpuProtProtocolRowStatus, tmnxDCpuProtProtocolLastMdfy, tmnxDCpuProtProtocolEnforce, tmnxDCpuProtProtocolEnfrcePolNme, tmnxDCpuProtProtocolDynPackets, tmnxDCpuProtProtocolDynWithin, tmnxDCpuProtProtocolDynInitDly, tmnxDCpuProtProtocolDynKbps, tmnxDCpuProtProtocolDynMbs, tmnxDCpuProtProtocolDynDectnTime, tmnxDCpuProtProtocolDynExdActn, tmnxDCpuProtProtocolDynExdHold, tmnxDCpuProtProtocolDynRateType, tmnxDCpuProtProtocolDynLogEvent } STATUS current DESCRIPTION "The group of objects supporting management of Distributed Cpu Protection on Nokia SROS series systems 11.0 release." ::= { tmnxSecurityGroups 66 } tmnxCAProfileV11v0Group OBJECT-GROUP OBJECTS { tmnxPkiCAProfCmpAccUnprotErr, tmnxPkiCAProfCmpAccUnprotPki, tmnxOcspCacheCertStatus, tmnxOcspCacheExpiry, tmnxOcspCacheCertIssuer, tmnxOcspCacheCertSerial, tmnxPkiCAProfActnOrigCmdTime, tmnxPkiCAProfActnLastCAResp, tmnxPkiCAProfActnType, tmnxPkiCAProfAction, tmnxPkiCAProfActnKey, tmnxPkiCAProfActnProtKey, tmnxPkiCAProfActnProtAlgPass, tmnxPkiCAProfActnProtAlgRef, tmnxPkiCAProfActnProtAlgSigCert, tmnxPkiCAProfActnProtAlgSigHash, tmnxPkiCAProfActnSubjectDn, tmnxPkiCAProfActnSaveAsFile, tmnxPkiCAProfActnNewKey, tmnxPkiCAProfActnStatus, tmnxPkiCAProfActnStatusString, tmnxPkiCAProfActnStatusCode, tmnxPkiCAProfActnSendChain, tmnxPkiCAProfActnSendChainCA, tmnxPkiCAProfCmpRespSignCert, tmnxPkiCAProfOcspRespUrl, tmnxPkiCAProfOcspSvcID, tmnxPkiCAProfOcspVerifyCertFile, tmnxPkiCAProfOcspVerifyCertCA, tmnxPkiCAProfOcspVerifyCertOvr, tmnxPkiCAProfCmpKeyRowStatus, tmnxPkiCAProfCmpKeyLastChanged, tmnxPkiCAProfCmpKeySecret, tmnxPkiCAProfCmpKeyTblLastChgd, tmnxPkiCAProfCmpHttpTimeout, tmnxPkiCAProfCmpUrl, tmnxPkiCAProfCmpSvcID, tmnxPkiCAProfCmpSameRecipNonce } STATUS current DESCRIPTION "The group of objects supporting CA profile related objects Nokia SROS series systems 11.0 release." ::= { tmnxSecurityGroups 67 } tmnxRadiusUserExV11v0Group OBJECT-GROUP OBJECTS { tmnxRadiusUserAuthAvgDelay, tmnxRadiusUserAcctAvgDelay } STATUS current DESCRIPTION "The tmnxRadiusUserGroup indicates the group of additional objects supporting Radius objects on Nokia SROS release 11.0 systems." ::= { tmnxSecurityGroups 68 } tmnxSecurityTacPlusV11v0Group OBJECT-GROUP OBJECTS { tmnxTacPlusAuthorUsePrivLvl, tmnxTacPlusEnableAdminPrivLvl, tmnxTacPlusPrivLvlMapUserProfile, tmnxTacPlusPrivLvlRowStatus, tmnxTacPlusInteractiveAuthen } STATUS current DESCRIPTION "The group of objects supporting management of TACACS+ interactive authentication on Nokia SROS series systems." ::= { tmnxSecurityGroups 69 } tmnxSecurityPasswordsV11v0Group OBJECT-GROUP OBJECTS { tmnxDynSvcPassword } STATUS obsolete DESCRIPTION "The group of objects supporting management of passwords on Nokia SROS series release 11.0 systems." ::= { tmnxSecurityGroups 70 } tmnxPkiCAProfNotifyV11v0Group NOTIFICATION-GROUP NOTIFICATIONS { tmnxPkiCAProfActnStatusChg } STATUS current DESCRIPTION "The group of notifications supporting PKI Certificate Authority features in the Nokia SROS systems, release 11.0." ::= { tmnxSecurityGroups 71 } tmnxCpmProtectionV11v0Group OBJECT-GROUP OBJECTS { tmnxCpmProtBlockPIMTunneled } STATUS current DESCRIPTION "The group of notifications supporting CPU Protocol Protection features on Nokia SROS series release 11.0 systems." ::= { tmnxSecurityGroups 72 } tmnxSecurityCpmProtV12v0Group OBJECT-GROUP OBJECTS { tmnxCpmProtPortRateActionLowPrio, tmnxCpmProtIPSrcMonDhcp, tCpmProtOutProfViolIfPeriods, tCpmProtOutProfViolIfTimeStart, tCpmProtOutProfViolIfTime, tCpmProtOutProfViolSapPeriods, tCpmProtOutProfViolSapTimeStart, tCpmProtOutProfViolSapTime, tCpmProtOutProfViolSdpBindPeriod, tCpmProtOutProfViolSdpBindTmeStr, tCpmProtOutProfViolSdpBindTime, tmnxCpmProtExcdSdpBindIpPeriods, tmnxCpmProtExcdSdpBindIpStarted, tmnxCpmProtExcdSdpBindIpTime } STATUS current DESCRIPTION "The group of objects supporting management of CPM Protection on Nokia SROS series release 12.0 systems." ::= { tmnxSecurityGroups 73 } tmnxSecurityPasswordsV12v0Group OBJECT-GROUP OBJECTS { tmnxPasswordAging, tmnxPasswordMinLength, tmnxPasswordAttemptsCount, tmnxPasswordAttemptsTime, tmnxPasswordAttemptsLockoutPeriod, tmnxPasswordAuthenOrder1, tmnxPasswordAuthenOrder2, tmnxPasswordAuthenOrder3, tmnxPasswordAuthenExitOnReject, tmnxAdminPassword, tmnxAdminPasswordEncrypted, tmnxPasswordHealthCheck, tmnxPasswordHealthCheckInterval, tmnxDynSvcPassword, tmnxPasswordHistory, tmnxPasswordMinChange, tmnxPasswordMinAge, tmnxPasswordAllowUserName, tmnxPasswordMaxRepeatedChars, tmnxPasswordCreditsLowerCase, tmnxPasswordCreditsUpperCase, tmnxPasswordCreditsSpecialChar, tmnxPasswordCreditsNumeric, tmnxPasswordReqLowerCase, tmnxPasswordReqUpperCase, tmnxPasswordReqSpecialChar, tmnxPasswordReqNumeric, tmnxPasswordReqNumCharClass } STATUS current DESCRIPTION "The group of objects supporting management of passwords on Nokia SROS series release 12.0 systems." ::= { tmnxSecurityGroups 74 } tmnxSecCpmProtNotifyV12v0Grp NOTIFICATION-GROUP NOTIFICATIONS { tmnxCpmProtViolSapOutProf, tmnxCpmProtViolIfOutProf, tmnxCpmProtViolSdpBindOutProf, tmnxCpmProtExcdSdpBindIp } STATUS current DESCRIPTION "The group of notifications supporting CPM protection policies on Nokia SROS series release 12.0 systems." ::= { tmnxSecurityGroups 75 } tmnxSecCpmProtNotifyObjsV12v0Grp OBJECT-GROUP OBJECTS { tmnxCpmProtViolExcdPktHexDump } STATUS current DESCRIPTION "The group of objects supporting CPM Protection notifications on Nokia SROS series release 12.0 systems." ::= { tmnxSecurityGroups 76 } tmnxSecTechGroup OBJECT-GROUP OBJECTS { tmnxSecurityTechSupportLocation } STATUS current DESCRIPTION "The group of objects supporting tech-support MIB support for Nokia SROS series release 10.0 systems." ::= { tmnxSecurityGroups 77 } tmnxSecurityUserV12v0Group OBJECT-GROUP OBJECTS { tmnxUserProfileRowStatus, tmnxUserProfileDefaultAction, tmnxUserProfileMatchRowStatus, tmnxUserProfileMatchDescription, tmnxUserProfileMatchAction, tmnxUserProfileMatchString, tmnxUserRowStatus, tmnxUserPassword, tmnxUserAccess, tmnxUserHomeDirectory, tmnxUserRestrictedToHome, tmnxUserConsoleLoginExecFile, tmnxUserConsoleCannotChangePswd, tmnxUserConsoleNewPswdAtLogin, tmnxUserConsoleMemberProfile1, tmnxUserConsoleMemberProfile2, tmnxUserConsoleMemberProfile3, tmnxUserConsoleMemberProfile4, tmnxUserConsoleMemberProfile5, tmnxUserConsoleMemberProfile6, tmnxUserConsoleMemberProfile7, tmnxUserConsoleMemberProfile8, tmnxUserAttemptedLogins, tmnxUserSuccessfulLogins, tmnxUserPasswordChanged, tmnxUserActionClearPwdHistory, tmnxTemplateAccess, tmnxTemplateHomeDirectory, tmnxTemplateRestrictedToHome, tmnxTemplateConsoleLoginExecFile, tmnxTemplateProfile } STATUS obsolete DESCRIPTION "The group of objects supporting management of user security capabilities on Nokia SROS series systems." ::= { tmnxSecurityGroups 78 } tmnxSecurityV12v0ObsoletedGroup OBJECT-GROUP OBJECTS { tmnxUserPasswordEncrypted } STATUS current DESCRIPTION "The group of objects obsoleted in release 12.0 of the capabilities on Nokia SROS series systems." ::= { tmnxSecurityGroups 79 } tmnxSecurityNetconfV110Group OBJECT-GROUP OBJECTS { tmnxUserProfileNCKillSession } STATUS current DESCRIPTION "The group of objects supporting management of NETCONF operations and users." ::= { tmnxSecurityGroups 80 } tmnxChainSecurityNotifyObjsGroup NOTIFICATION-GROUP NOTIFICATIONS { tmnxSecComputeCertChainFailure } STATUS current DESCRIPTION "The group of objects supporting security chain notifications on Nokia SROS series release 12.0 systems." ::= { tmnxSecurityGroups 81 } tCAProfCmpv2SetSndrV11v0Group OBJECT-GROUP OBJECTS { tmnxPkiCAProfCmpAlSetSndrForIr } STATUS current DESCRIPTION "The group of objects supporting CA profile related objects Nokia SROS series systems 11.0 release." ::= { tmnxSecurityGroups 82 } tmnxSecurityKeyChainV12v0Group OBJECT-GROUP OBJECTS { tmnxKeyChainExpired, tmnxKeyChainKeyOption } STATUS current DESCRIPTION "The group of objects supporting management of Keychain capabilities on Nokia SROS series release 12.0 systems." ::= { tmnxSecurityGroups 83 } tmnxSecurityPublicKeyGroup OBJECT-GROUP OBJECTS { tmnxUserPublicKeyRowStatus, tmnxUserPublicKeyLastChanged, tmnxUserPublicKeyName } STATUS current DESCRIPTION "The group of objects supporting Secure Shell version 2 (SSHv2) RSA public key capabilities on Nokia SROS series release 12.0 systems." ::= { tmnxSecurityGroups 84 } tCAProfCmpv2HttpVerV12v0Group OBJECT-GROUP OBJECTS { tmnxPkiCAProfCmpHttpVersion } STATUS current DESCRIPTION "The group of objects supporting CA profile related objects Nokia SROS series systems 12.0 release." ::= { tmnxSecurityGroups 85 } tmnxSecurityNotifyObjsV12v0Group OBJECT-GROUP OBJECTS { tmnxSecNotifOrigProtocol } STATUS current DESCRIPTION "The group of objects supporting security notifications in revision 12.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 86 } tmnxSecurityNotificationV12v0Grp NOTIFICATION-GROUP NOTIFICATIONS { tmnxSecNotifKeyChainExpired, tmnxCAProfUpDueToRevokeChkCrlOpt } STATUS current DESCRIPTION "The group of notifications supporting security in revision 12.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 87 } tmnxPkiCertDispFmtV12v0Group OBJECT-GROUP OBJECTS { tmnxPkiCertDisplayFormat } STATUS current DESCRIPTION "The group of notifications supporting security PKI certificate display format feature in revision 12.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 88 } tmnxSecurityProfRateV12v0Group OBJECT-GROUP OBJECTS { tmnxCpmProtPolOutProfRateLogEvnt } STATUS current DESCRIPTION "The group of objects supporting management of CPM Protection policies on Nokia SROS series release 12.0 systems." ::= { tmnxSecurityGroups 89 } tmnxSecCpmProtProtocolV12v0Group OBJECT-GROUP OBJECTS { tmnxCpmProtIPSrcMonGtp, tmnxCpmProtIPSrcMonIcmp, tmnxCpmProtIPSrcMonIgmp } STATUS current DESCRIPTION "The group of objects supporting management of CPM Protection on Nokia SROS series release 12.0 systems." ::= { tmnxSecurityGroups 90 } tmnxSecuritySSHCipherGroup OBJECT-GROUP OBJECTS { tmnxSSHCipherName, tmnxSSHServerCipherListRowStatus, tmnxSSHServerCipherListNumber, tmnxSSHClientCipherListRowStatus, tmnxSSHClientCipherListNumber } STATUS current DESCRIPTION "The group of objects supporting management of Secure Shell cipher capabilities on Nokia SROS series release 12.0 systems." ::= { tmnxSecurityGroups 91 } tmnxPkiCAProfRevokeChkGroup OBJECT-GROUP OBJECTS { tmnxPkiCAProfRevokeChk } STATUS current DESCRIPTION "The group of objects supporting management of PKI CA-profile related features on Nokia SROS series release 12.0 systems." ::= { tmnxSecurityGroups 92 } tmnxSecurityKeyChainV13v0Group OBJECT-GROUP OBJECTS { tmnxKeyChainKeyOption } STATUS current DESCRIPTION "The group of objects supporting management of Keychain capabilities on Nokia SROS series release 13.0 systems." ::= { tmnxSecurityGroups 93 } tmnxPkiCAProf13v0Group OBJECT-GROUP OBJECTS { tmnxPkiCAProfActnDomain, tmnxPkiCAProfActnInetAddrType, tmnxPkiCAProfActnInetAddr } STATUS current DESCRIPTION "The group of objects supporting management of security capabilities on Nokia SROS series release 13.0 systems." ::= { tmnxSecurityGroups 94 } tmnxSecurityNotifyObjsV13v0Group OBJECT-GROUP OBJECTS { tmnxPkiCAProfileNameForNotify, tmnxSecNotifFileSize, tmnxPkiExpRemainingHours, tmnxPkiExpRemainingMinutes, tmnxPkiExpReason } STATUS current DESCRIPTION "The group of objects supporting security notifications in revision 13.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 96 } tmnxCertExpNotificationV13v0Grp NOTIFICATION-GROUP NOTIFICATIONS { tmnxPkiCertNotYetValid, tmnxPkiCRLNotYetValid, tmnxPkiCertBeforeExpWarning, tmnxPkiCertAfterExpWarning, tmnxPkiCertExpWarningCleared, tmnxPkiCRLBeforeExpWarning, tmnxPkiCRLAfterExpWarning, tmnxPkiCRLExpWarningCleared } STATUS current DESCRIPTION "The group of notifications supporting certificate/CRL expiry warnings feature in revision 13.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 97 } tmnxCertExpWarningV13v0Group OBJECT-GROUP OBJECTS { tmnxPkiCertExpWarningHours, tmnxPkiCertExpWarningRepeatHrs, tmnxPkiCRLExpWarningHours, tmnxPkiCRLExpWarningRepeatHrs } STATUS current DESCRIPTION "The group of objects supporting certificate/CRL expiry warning feature in revision 13.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 98 } tmnxCliScriptAuthUserV13v0Group OBJECT-GROUP OBJECTS { tmnxCliScriptAuthTblLastChange, tmnxCliScriptAuthRowStatus } STATUS current DESCRIPTION "The group of objects supporting management of cli script user authorization on Nokia SROS series release 13.0 systems." ::= { tmnxSecurityGroups 99 } tmnxSecurityRadiusV13v0Group OBJECT-GROUP OBJECTS { tmnxRadiusInteractiveAuthen } STATUS current DESCRIPTION "The group of objects supporting management of RADIUS capabilities on Nokia SROS series systems since release 13.0." ::= { tmnxSecurityGroups 100 } tmnxSecCertRldNotifyObjsV13v0Grp OBJECT-GROUP OBJECTS { tmnxSecNotifFileType } STATUS current DESCRIPTION "The group of objects supporting security notifications for certificate/key reload in revision 13.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 101 } tmnxCertRldNotificationV13v0Grp NOTIFICATION-GROUP NOTIFICATIONS { tmnxSecNotifFileReloaded } STATUS current DESCRIPTION "The group of notifications supporting certificate/key reload feature in revision 13.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 102 } tmnxPkiCAProfAtCrlUpdV13v0Group OBJECT-GROUP OBJECTS { tmnxPkiCAProfAtCrlUpdTblLstChgd, tmnxPkiCAProfAtCrlUpdRowStatus, tmnxPkiCAProfAtCrlUpdLastChgd, tmnxPkiCAProfAtCrlUpdAdminState, tmnxPkiCAProfAtCrlUpdScheduleT, tmnxPkiCAProfAtCrlUpdPrdcUpdIntv, tmnxPkiCAProfAtCrlUpdPreUpdTime, tmnxPkiCAProfAtCrlUpdRetryIntv, tmnxPkiCAProfAtCrlUpdLstSucsEtId, tmnxPkiCAProfAtCrlUpdLstSucsTmSt, tmnxPkiCAProfAtCrlUpdLstSucsTmEd, tmnxPkiCAProfAtCrlUpdNxCrlUpdTm, tmnxPkiCAProfCrlCurUpdStatus, tmnxPkiCAProfCrlCurUpdEtId, tmnxPkiCAProfUrlTablLastChgd, tmnxPkiCAProfUrlRowStatus, tmnxPkiCAProfUrlLastChanged, tmnxPkiCAProfUrl, tmnxPkiCAProfUrlFileTransProf, tmnxPkiCAProfManCrlUpdAct, tmnxPkiCAProfManCrlUpdAbort } STATUS current DESCRIPTION "The group of objects supporting the configuration of automated CRL update features on Nokia SROS series release 13.0 systems." ::= { tmnxSecurityGroups 103 } tmnxCliSessionGroupV13v0Group OBJECT-GROUP OBJECTS { tmnxCliSessionGroupTableLstChgd, tmnxCliSessionGroupLastChanged, tmnxCliSessionGroupRowStatus, tmnxCliSessionGroupDescription, tmnxCliSessionGroupSshLimit, tmnxCliSessionGroupTelnetLimit, tmnxCliSessionGroupTotalLimit, tmnxUserProfileSshLimit, tmnxUserProfileTelnetLimit, tmnxUserProfileTotalLimit, tmnxUserProfileCliSessionGroup } STATUS current DESCRIPTION "The group of objects supporting limitation of number of concurrent SSH & Telnet sessions on Nokia SROS series systems since release 13.0." ::= { tmnxSecurityGroups 104 } tmnxSecPwdHistNotifyObjsV12v0Grp OBJECT-GROUP OBJECTS { tmnxSecPwdHistLoadFailReason } STATUS current DESCRIPTION "The group of notifications supporting password history feature in revision 12.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 105 } tmnxSecPwdHistNotifV12v0Grp NOTIFICATION-GROUP NOTIFICATIONS { tmnxSecPwdHistoryFileLoadFailed, tmnxSecPwdHistoryFileWriteFailed } STATUS current DESCRIPTION "The group of notifications supporting password history feature in revision 12.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 106 } tmnxSecVsdGroup OBJECT-GROUP OBJECTS { tmnxVsdPassword } STATUS current DESCRIPTION "The group of objects supporting VSD configuration feature on Nokia SROS series systems." ::= { tmnxSecurityGroups 107 } tmnxSessLimNotifyObjsV13v0Grp OBJECT-GROUP OBJECTS { tmnxSessionLimitExceededName, tmnxSessionLimitExceededType } STATUS current DESCRIPTION "The group of objects supporting security notifications for user access session limits on Nokia SROS series release 13.0 systems." ::= { tmnxSecurityGroups 108 } tmnxSessLimNotifyV13v0Grp NOTIFICATION-GROUP NOTIFICATIONS { tmnxUsrProfSessionLimitExceeded, tmnxCliGroupSessionLimitExceeded } STATUS current DESCRIPTION "The group of notifications supporting user access session limits feature on Nokia SROS series release 13.0 systems." ::= { tmnxSecurityGroups 109 } tmnxSecNotifyObjsV14v0Grp OBJECT-GROUP OBJECTS { tmnxSecNotifyUserName, tmnxSecNotifyAddrType, tmnxSecNotifyAddr } STATUS current DESCRIPTION "The group of objects supporting information for security notifications on Nokia SROS series release 14.0 systems." ::= { tmnxSecurityGroups 110 } tmnxLogMaxAttNotifyV14v0Grp NOTIFICATION-GROUP NOTIFICATIONS { tmnxUserCliLoginMaxAttempts, tmnxUserFtpLoginMaxAttempts, tmnxUserSshLoginMaxAttempts, tmnxLiUserCliLoginMaxAttempts, tmnxLiUserFtpLoginMaxAttempts, tmnxLiUserSshLoginMaxAttempts } STATUS current DESCRIPTION "The group of notifications supporting maximum number of unsuccessful user login attempts exceeded on Nokia SROS series release 14.0 systems." ::= { tmnxSecurityGroups 111 } tmnxSecuritySSHv2PubKeyV14v0Grp OBJECT-GROUP OBJECTS { tmnxUserPubEcdsaKeyRowStatus, tmnxUserPubEcdsaKeyLastChanged, tmnxUserPubEcdsaKeyName, tmnxUserPubEcdsaKeyDescription, tmnxUserPublicKeyDescription, tmnxUserPubKeyTableLastChanged, tmnxUserPubEcdsaKeyTblLstChgd } STATUS current DESCRIPTION "The group of objects supporting Secure Shell version 2 (SSHv2) public key capabilities on Nokia SROS series release 14.0 systems." ::= { tmnxSecurityGroups 112 } tmnxPkiCAProfCrlSizeLimtV14v0Grp OBJECT-GROUP OBJECTS { tmnxPkiCAProfCrlCurUpdStartTime, tmnxPkiCAProfAtCrlUpdLstFailedId, tmnxPkiCAProfAtCrlUpdLstFailTmSt, tmnxPkiCAProfAtCrlUpdLstFailTmEd, tmnxPkiCAProfAtCrlUpdLstFailReas } STATUS current DESCRIPTION "The group of objects supporting the statistics of CRL size limit feature on Nokia SROS series release 14.0 systems." ::= { tmnxSecurityGroups 113 } tmnxSecurityNetconfLockV14v0Grp OBJECT-GROUP OBJECTS { tmnxUserProfileNCLock } STATUS current DESCRIPTION "The group of objects supporting the netconf lock/unlock feature on Nokia SROS series release 14.0 systems." ::= { tmnxSecurityGroups 114 } tmnxSecurityRadiusV14v0Group OBJECT-GROUP OBJECTS { tmnxRadiusAdminStatus, tmnxRadiusAccounting, tmnxRadiusAuthorization, tmnxRadiusTimeout, tmnxRadiusPort, tmnxRadiusServerSecret, tmnxRadiusServerOperStatus, tmnxRadiusServerRowStatus, tmnxRadiusRetryAttempts, tmnxRadiusPEForceDiscovery, tmnxRadiusPEForceDiscoverySvcId, tmnxRadiusAccountingPort, tmnxRadiusServerInetAddressType, tmnxRadiusServerInetAddress, tmnxRadiusUseTemplate } STATUS current DESCRIPTION "The group of objects supporting management of RADIUS capabilities for revision 14.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 115 } tmnxSecurityTacPlusV14v0Group OBJECT-GROUP OBJECTS { tmnxTacPlusAdminStatus, tmnxTacPlusTimeout, tmnxTacPlusServerSecret, tmnxTacPlusServerRowStatus, tmnxTacPlusServerOperStatus, tmnxTacPlusAccounting, tmnxTacPlusAcctRecType, tmnxTacPlusAuthorization, tmnxTacplusUseTemplate, tmnxTacPlusServerInetAddressType, tmnxTacPlusServerInetAddress, tmnxTacPlusServerPort } STATUS current DESCRIPTION "The group of objects supporting management of TACACS+ capabilities for revision 14.0 on Nokia SROS series systems." ::= { tmnxSecurityGroups 116 } tmnxSecurityObsoletedV14v0Group OBJECT-GROUP OBJECTS { tmnxRadiusConfigured, tmnxTacPlusConfigured } STATUS current DESCRIPTION "The group of objects in TIMETRA-SECURITY-MIB which are obsoleted in release 14.0." ::= { tmnxSecurityGroups 117 } tmnxSecurityPasswordsV14v0Group OBJECT-GROUP OBJECTS { tmnxPasswordAuthenOrder4 } STATUS current DESCRIPTION "The group of objects supporting management of passwords on Nokia SROS series release 14.0 systems." ::= { tmnxSecurityGroups 118 } tmnxSecNotifyObjsV14v0Group OBJECT-GROUP OBJECTS { tmnxSecNotifClientAppName } STATUS current DESCRIPTION "The group of additional objects supporting security notifications on Nokia SROS series release 14.0 systems." ::= { tmnxSecurityGroups 119 } tmnxCertNotifyV14v0Group NOTIFICATION-GROUP NOTIFICATIONS { tmnxAppPkiCertVerificationFailed } STATUS current DESCRIPTION "The group of additional notifications supporting certificate verification capabilities on Nokia SROS series release 14.0 systems." ::= { tmnxSecurityGroups 120 } tmnxSecurityGrpcV15v0Grp OBJECT-GROUP OBJECTS { tmnxUserProfileGrpcAuthGet, tmnxUserProfileGrpcAuthSet, tmnxUserProfileGrpcAuthSubscribe } STATUS current DESCRIPTION "The group of objects supporting the gRPC feature on Nokia SROS series release 15.0 systems." ::= { tmnxSecurityGroups 122 } tmnxPkiCNV15v0Grp OBJECT-GROUP OBJECTS { tmnxPkiCNListLastChanged, tmnxPkiCNListParamCNType, tmnxPkiCNListParamCNValue, tmnxPkiCNListParamLastChanged, tmnxPkiCNListParamRowStatus, tmnxPkiCNListParamTableLstChgd, tmnxPkiCNListRowStatus, tmnxPkiCNListTableLastChanged } STATUS current DESCRIPTION "The group of objects supporting the management of Common Name lists." ::= { tmnxSecurityGroups 123 } tmnxSecuritySSHMacListV15v0Group OBJECT-GROUP OBJECTS { tmnxSSHMacName, tmnxSSHServerMacListTableLstChgd, tmnxSSHServerMacListLastChanged, tmnxSSHServerMacListRowStatus, tmnxSSHServerMacListNumber, tmnxSSHClientMacListTableLstChgd, tmnxSSHClientMacListLastChanged, tmnxSSHClientMacListRowStatus, tmnxSSHClientMacListNumber } STATUS current DESCRIPTION "The group of objects supporting management of Secure Shell MAC algorithm capabilities on Nokia SROS series release 15.0 systems." ::= { tmnxSecurityGroups 124 } tmnxSecuritySSHKeyReExV15v0Group OBJECT-GROUP OBJECTS { tmnxSSHServerKeyReExLastChanged, tmnxSSHServerKeyReExAdminState, tmnxSSHServerKeyReExMinutes, tmnxSSHServerKeyReExMBytes, tmnxSSHClientKeyReExLastChanged, tmnxSSHClientKeyReExAdminState, tmnxSSHClientKeyReExMinutes, tmnxSSHClientKeyReExMBytes } STATUS current DESCRIPTION "The group of objects supporting management of Secure Shell key re-exchange capabilities on Nokia SROS series release 15.0 systems." ::= { tmnxSecurityGroups 125 } tmnxSecUserV15v1Group OBJECT-GROUP OBJECTS { tmnxUserCliEngine1, tmnxUserCliEngine2 } STATUS current DESCRIPTION "The group of objects supporting cli engine accessibility configuration on Nokia SROS series release 15.1 systems." ::= { tmnxSecurityGroups 127 } tmnxCAProfileV15v1Group OBJECT-GROUP OBJECTS { tmnxPkiCAProfCmpSvcName, tmnxPkiCAProfOcspSvcName } STATUS current DESCRIPTION "The group of objects supporting CA profile capabilities on Nokia SROS series release 15.1 systems." ::= { tmnxSecurityGroups 128 } tmnxLogMaxAttNotifyV15v1Grp NOTIFICATION-GROUP NOTIFICATIONS { tmnxUserNetconfLoginMaxAttempts } STATUS current DESCRIPTION "The group of notifications supporting maximum number of unsuccessful user login attempts exceeded on Nokia SROS series release 15.1 systems." ::= { tmnxSecurityGroups 129 } tmnxSecurityGrpcV16v0Grp OBJECT-GROUP OBJECTS { tmnxUserProfileGrpcAuthGnmiCap, tmnxUserProfileGrpcAuthRAModify, tmnxUserProfileGrpcAuthRAGetVer, tmnxUserProfileGrpcAuthCMRotate, tmnxUserProfileGrpcAuthCMInstall, tmnxUserProfileGrpcAuthCMGetCert, tmnxUserProfileGrpcAuthCMRevoke, tmnxUserProfileGrpcAuthCMCanGen, tmnxUserProfileGrpcAuthMdCliSess, tmnxUserProfileGrpcAuthSysSetPkg, tmnxUserProfileGrpcAuthSysSwCP, tmnxUserProfileGrpcAuthSysReboot, tmnxUserProfileGrpcAuthSysRebtSt, tmnxUserProfileGrpcAuthSysCnRebt } STATUS current DESCRIPTION "The group of objects supporting the gRPC feature on Nokia SROS series release 16.0 systems." ::= { tmnxSecurityGroups 130 } tmnxHashControlV16v0Group OBJECT-GROUP OBJECTS { tmnxPassHashWriteVersionMdCli, tmnxPassHashWriteVersionNetconf, tmnxPassHashWriteVersionGrpc } STATUS current DESCRIPTION "The group of objects supporting hash control configuration on Nokia SROS series release 16.0 systems." ::= { tmnxSecurityGroups 131 } tmnxPkiV16v0Group OBJECT-GROUP OBJECTS { tmnxPkiImportedFormat } STATUS current DESCRIPTION "The group of objects supporting PKI configuration on Nokia SROS series release 16.0 systems." ::= { tmnxSecurityGroups 132 } tmnxCAProfileV16v0Group OBJECT-GROUP OBJECTS { tmnxPkiCAProfOcspTransProf } STATUS current DESCRIPTION "The group of objects supporting CA profile capabilities on Nokia SROS series release 16.0 systems." ::= { tmnxSecurityGroups 133 } tmnxServerAccessCtlV16v0Group OBJECT-GROUP OBJECTS { tmnxAllowServersAccess, tmnxServerAccessCtlObjsLstChgd } STATUS current DESCRIPTION "The group of objects supporting management interface protocols configuration for the Base router on Nokia SROS series systems in release 16.0." ::= { tmnxSecurityGroups 134 } tmnxSecUserV19v0Group OBJECT-GROUP OBJECTS { tmnxUserProfileRowStatus, tmnxUserProfileDefaultAction, tmnxUserProfileMatchRowStatus, tmnxUserProfileMatchDescription, tmnxUserProfileMatchAction, tmnxUserProfileMatchString, tmnxUserRowStatus, tmnxUserPassword, tmnxUserAccess, tmnxUserHomeDirectory, tmnxUserRestrictedToHome, tmnxUserConsoleLoginExecFile, tmnxUserConsoleCannotChangePswd, tmnxUserConsoleNewPswdAtLogin, tmnxUserConsoleMemberProfile1, tmnxUserConsoleMemberProfile2, tmnxUserConsoleMemberProfile3, tmnxUserConsoleMemberProfile4, tmnxUserConsoleMemberProfile5, tmnxUserConsoleMemberProfile6, tmnxUserConsoleMemberProfile7, tmnxUserConsoleMemberProfile8, tmnxUserAttemptedLogins, tmnxUserSuccessfulLogins, tmnxUserActionClearPwdHistory, tmnxTemplateAccess, tmnxTemplateHomeDirectory, tmnxTemplateRestrictedToHome, tmnxTemplateConsoleLoginExecFile, tmnxTemplateProfile, tmnxUserPasswordChangedTime, tmnxUserPasswordExpirationTime } STATUS current DESCRIPTION "The group of objects supporting management of user security capabilities on Nokia SROS series systems." ::= { tmnxSecurityGroups 135 } tmnxSecUserV19v0GroupObsoleted OBJECT-GROUP OBJECTS { tmnxUserPasswordChanged } STATUS current DESCRIPTION "The group of objects obsoleted in release 19.0 of the capabilities on Nokia SROS series systems." ::= { tmnxSecurityGroups 136 } tmnxSecuritySSHKexListV19v0Group OBJECT-GROUP OBJECTS { tmnxSSHKexName, tmnxSSHServerKexListTableLstChgd, tmnxSSHServerKexListLastChanged, tmnxSSHServerKexListRowStatus, tmnxSSHServerKexListNumber, tmnxSSHClientKexListTableLstChgd, tmnxSSHClientKexListLastChanged, tmnxSSHClientKexListRowStatus, tmnxSSHClientKexListNumber } STATUS current DESCRIPTION "The group of objects supporting management of Secure Shell KEX algorithm capabilities on Nokia SROS series systems." ::= { tmnxSecurityGroups 137 } tmnxSecurityNiapsNotifyGroup NOTIFICATION-GROUP NOTIFICATIONS { tmnxCertKeyPairGen, tmnxCertImport, tmnxCertExport, tmnxFileDeleted, tmnxFileMoved, tmnxFileCopied } STATUS current DESCRIPTION "The group of notifications supporting NIAPs compliance on Nokia SROS series systems." ::= { tmnxSecurityGroups 139 } tmnxSecurityNiapsNotifyObjsGrp OBJECT-GROUP OBJECTS { tmnxSecNotifyUrl, tmnxSecNotifyCurve, tmnxSecNotifyKeySize, tmnxSecNotifyKeyType, tmnxSecNotifyImportExportType, tmnxSecNotifyImportExportFormat, tmnxSecNotifyCertificateProtocol, tmnxSecNotifyNewUrl, tmnxSecEventOutcome } STATUS current DESCRIPTION "The group of objects supporting information for NIAPs security notifications on Nokia SROS series." ::= { tmnxSecurityGroups 140 } tmnxSecurityMafV20v0Group OBJECT-GROUP OBJECTS { tmnxMafMatchSrcIpPrefixList } STATUS current DESCRIPTION "The group of objects supporting management of Management Access Filters (MAF) capabilities on Nokia SROS series systems release 20.0" ::= { tmnxSecurityGroups 141 } tmnxSecurityMgmtIfV20v0Group OBJECT-GROUP OBJECTS { tmnxMgmtIfOutAuthMdInterfaces, tmnxMgmtIfMDCliCmdAccntLoad, tmnxMgmtIfOutAuthTelData } STATUS current DESCRIPTION "The group of objects supporting management of Management Interfaces capabilities on Nokia SROS series systems release 20.0" ::= { tmnxSecurityGroups 142 } tmnxSecurityNotifyObjsV20v0Grp OBJECT-GROUP OBJECTS { tmnxSecNotifyDestUrl, tmnxSecNotifFileUnzipResult } STATUS current DESCRIPTION "The group of objects supporting security notifications on Nokia SROS series systems release 20.0." ::= { tmnxSecurityGroups 143 } tmnxSecurityNotificationV20v0Grp NOTIFICATION-GROUP NOTIFICATIONS { tmnxFileUnzip } STATUS current DESCRIPTION "The group of notifications supporting security on Nokia SROS series systems release 20.0." ::= { tmnxSecurityGroups 144 } tmnxSecurityPasswordsV20v0Group OBJECT-GROUP OBJECTS { tmnxPasswordHashing } STATUS current DESCRIPTION "The group of objects supporting management of passwords on Nokia SROS series release systems 20.0" ::= { tmnxSecurityGroups 145 } tmnxSecUserV20v0Group OBJECT-GROUP OBJECTS { tmnxUserCreationOrigin } STATUS current DESCRIPTION "The group of objects supporting management of user security capabilities on Nokia SROS series systems." ::= { tmnxSecurityGroups 146 } tmnxSecPwdHashNotifyObjsGroup OBJECT-GROUP OBJECTS { tmnxSecNotifNewPasswordHashing, tmnxSecNotifOldPasswordHashing } STATUS current DESCRIPTION "The group of objects supporting management of password hashing on Nokia SROS series." ::= { tmnxSecurityGroups 148 } tmnxSecPwdHashNotifyGroup NOTIFICATION-GROUP NOTIFICATIONS { tmnxPasswordHashingChanged } STATUS current DESCRIPTION "The group of notifications supporting management of password hashing feature on Nokia SROS systems." ::= { tmnxSecurityGroups 149 } tmnxSecUsrPwdNotifyObjsGroup OBJECT-GROUP OBJECTS { tmnxSecNotifyLocalUserName, tmnxSecNotifyAdminUserName } STATUS current DESCRIPTION "The group of objects supporting local user password change by administrator on Nokia SROS systems." ::= { tmnxSecurityGroups 150 } tmnxSecUsrPwdNotifyGroup NOTIFICATION-GROUP NOTIFICATIONS { tmnxUserPasswordChangedByAdmin } STATUS current DESCRIPTION "The group of notifications supporting local user password change by administrator on Nokia SROS systems." ::= { tmnxSecurityGroups 151 } tmnxSecurityMGCompliances OBJECT IDENTIFIER ::= { tmnxSecurityConformance 3 } tmnxSecurityMobileGatewayGroups OBJECT IDENTIFIER ::= { tmnxSecurityConformance 4 } tmnxSecurityNotifyPrefix OBJECT IDENTIFIER ::= { tmnxSRNotifyPrefix 22 } tmnxSecurityNotifications OBJECT IDENTIFIER ::= { tmnxSecurityNotifyPrefix 0 } tmnxSSHServerPreserveKeyFail NOTIFICATION-TYPE OBJECTS { tmnxCpmFlashHwIndex, tmnxCpmFlashOperStatus } STATUS current DESCRIPTION "The tmnxSSHServerPreserveKeyFail notification is generated when the saving of SSH server host key on the persistent drive fails by the CPM module. tmnxCpmFlashId identifies the failed compact flash. tmnxCpmFlashOperStatus indicates the status of the compact flash reported in tmnxCpmFlashId." ::= { tmnxSecurityNotifications 1 } tmnxKeyChainAuthFailure NOTIFICATION-TYPE OBJECTS { tmnxKeyChainReceiveTcpOptionNum, tmnxKeyChainAuthFailReason, tmnxKeyChainAuthAddrType, tmnxKeyChainAuthAddr, vRtrID } STATUS current DESCRIPTION "The tmnxKeyChainAuthFailure notification is generated when the incoming packet is dropped due to key chain authentication failure. Failure could be due to the following reasons or more: - Send packet had not auth keychain but recv side had keychain enabled. - Keychain key id's did not match. - Keychain key digest mismatch - Received packet with invalid enhanced authentication option length. - For other causes of failure refer to 'draft-bonica-tcp-auth-05.txt'." ::= { tmnxSecurityNotifications 2 } tmnxCpmProtViolPort NOTIFICATION-TYPE OBJECTS { tmnxCpmProtViolPortPeriods, tmnxCpmProtViolExcdPktHexDump } STATUS current DESCRIPTION "The tmnxCpmProtViolPort notification is generated when a link-specific packet arrival rate limit violation is detected for a port. This notification is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." ::= { tmnxSecurityNotifications 3 } tmnxCpmProtViolPortAgg NOTIFICATION-TYPE OBJECTS { tmnxCpmProtViolPortAggPeriods, tmnxCpmProtViolExcdPktHexDump } STATUS current DESCRIPTION "The tmnxCpmProtViolPortAgg notification is generated when a per-port overall packet rate limit violation is detected for a port. This notification is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." ::= { tmnxSecurityNotifications 4 } tmnxCpmProtViolIf NOTIFICATION-TYPE OBJECTS { tmnxCpmProtViolIfPeriods, tmnxCpmProtViolExcdPktHexDump } STATUS current DESCRIPTION "The tmnxCpmProtViolIf notification is generated when a overall packet arrival rate violation is detected for an interface, and this notification is enabled. This notification is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." ::= { tmnxSecurityNotifications 5 } tmnxCpmProtViolSap NOTIFICATION-TYPE OBJECTS { tmnxCpmProtViolSapPeriods, tmnxCpmProtViolExcdPktHexDump } STATUS current DESCRIPTION "The tmnxCpmProtViolSap notification is generated when a overall packet arrival rate violation is detected for a SAP, and this notification is enabled. This notification is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." ::= { tmnxSecurityNotifications 6 } tmnxCpmProtViolMac NOTIFICATION-TYPE OBJECTS { svcId, sapPortId, sapEncapValue, tmnxCpmProtViolMacAddress, tmnxCpmProtViolMacPeriods, tmnxCpmProtViolExcdPktHexDump } STATUS current DESCRIPTION "The tmnxCpmProtViolMac notification is generated when a per-source rate limit violation was detected for a source, and this notification is enabled. This notification is not supported on SR-1 and ESS-1, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'." ::= { tmnxSecurityNotifications 7 } tmnxCpmProtViolVdoSvcClient NOTIFICATION-TYPE OBJECTS { tmnxCpmProtViolVdoSvcPeriods, tmnxCpmProtViolExcdPktHexDump } STATUS current DESCRIPTION "The tmnxCpmProtViolVdoSvcClient notification is generated when a per-source rate limit violation was detected for a client address of a RTCP control traffic in VPLS service." ::= { tmnxSecurityNotifications 8 } tmnxCpmProtViolVdoVrtrClient NOTIFICATION-TYPE OBJECTS { tmnxCpmProtViolVdoVrtrPeriods, tmnxCpmProtViolExcdPktHexDump } STATUS current DESCRIPTION "The tmnxCpmProtViolVdoVrtrClient notification is generated when a per-source rate limit violation was detected for a client address of a RTCP control traffic in router context." ::= { tmnxSecurityNotifications 9 } tmnxMD5AuthFailure NOTIFICATION-TYPE OBJECTS { tmnxMD5AuthKey, tmnxMD5AuthFailReason, tmnxMD5AuthAddrType, tmnxMD5AuthAddr, vRtrID } STATUS current DESCRIPTION "The tmnxMD5AuthFailure notification is generated when the incoming packet is dropped due to MD5 authentication failure." ::= { tmnxSecurityNotifications 10 } tmnxCpmProtDefPolModified NOTIFICATION-TYPE OBJECTS { tmnxCpmProtPolId } STATUS current DESCRIPTION "The tmnxCpmProtDefPolModified notification is generated when the user modifies a default access or default network policy." ::= { tmnxSecurityNotifications 11 } tmnxCpmProtViolSdpBind NOTIFICATION-TYPE OBJECTS { tmnxCpmProtViolSdpBindPeriods, tmnxCpmProtViolExcdPktHexDump } STATUS current DESCRIPTION "[CAUSE] The tmnxCpmProtViolSdpBind notification is generated when the packet arrival rate at a mesh-sdp or spoke-sdp exceeds the SDP's configured overall-rate. [EFFECT] One or more packets arriving at the mesh-sdp or spoke-sdp was discarded. [RECOVERY] Reduce the packet transmission rate at the far end, or increase the locally configured overall-rate for the SDP." ::= { tmnxSecurityNotifications 12 } tmnxCpmProtExcdSdpBind NOTIFICATION-TYPE OBJECTS { tmnxCpmProtExcdSdpBindPeriods, tmnxCpmProtViolExcdPktHexDump } STATUS current DESCRIPTION "[CAUSE] The tmnxCpmProtExcdSdpBind notification is generated when a source (identified by a MAC address) sends a packet stream to a local mesh-sdp or spoke-sdp at a rate which exceeds the SDP's configured per-source-rate. [EFFECT] One or more packets arriving at the mesh-sdp or spoke-sdp was discarded. [RECOVERY] Reduce the packet transmission rate at the far end, or increase the locally configured per-source-rate for the SDP." ::= { tmnxSecurityNotifications 13 } tmnxCpmProtExcdSapEcm NOTIFICATION-TYPE OBJECTS { tmnxCpmProtExcdSapEcmPeriods, tmnxCpmProtViolExcdPktHexDump } STATUS current DESCRIPTION "[CAUSE] The tmnxCpmProtExcdSapEcm notification is generated when an Eth-CFM packet stream (identified by a source MAC address, domain level, and Eth-CFM opcode) arrives at a local SAP at a rate which exceeds the configured Eth-CFM rate limit for the stream. [EFFECT] One or more Eth-CFM packets arriving at the SAP was discarded. [RECOVERY] Reduce the packet transmission rate at the far end, or increase the locally configured Eth-CFM rate limit for the stream." ::= { tmnxSecurityNotifications 14 } tmnxCpmProtExcdSdpBindEcm NOTIFICATION-TYPE OBJECTS { tmnxCpmProtExcdSdpBindEcmPeriods, tmnxCpmProtViolExcdPktHexDump } STATUS current DESCRIPTION "[CAUSE] The tmnxCpmProtExcdSdpBindEcm notification is generated when an Eth-CFM packet stream (identified by a source MAC address, domain level, and Eth-CFM opcode) arrives at a local mesh-sdp or spoke-sdp at a rate which exceeds the configured Eth-CFM rate limit for the stream. [EFFECT] One or more Eth-CFM packets arriving at the mesh-sdp or spoke-sdp was discarded. [RECOVERY] Reduce the packet transmission rate at the far end, or increase the locally configured Eth-CFM rate limit for the stream." ::= { tmnxSecurityNotifications 15 } tmnxPkiFileReadFailed NOTIFICATION-TYPE OBJECTS { tmnxSecNotifFile, tmnxSecNotifFailureReason } STATUS current DESCRIPTION "[CAUSE] The tmnxPkiFileReadFailed notification is generated when an attempt to read the file fails. The reason for the failure is indicated by the tmnxSecNotifFailureReason object. [EFFECT] Operational status of tunnels configured to use this certificate will be set to 'down'. [RECOVERY] Make sure the path specified in tmnxSecNotifFile is correct and the file exists." ::= { tmnxSecurityNotifications 16 } tmnxPkiCertVerificationFailed NOTIFICATION-TYPE OBJECTS { tmnxSecNotifTunnelName, tmnxSecNotifCert, tmnxSecNotifFailureReason } STATUS current DESCRIPTION "[CAUSE] The tmnxPkiCertVerificationFailed notification is generated when an attempt to verify the certificate fails. This notification is only used by the IPsec application. [EFFECT] Authentication of the tunnel configured with the certificate will start to fail. [RECOVERY] Make sure the certificate specified in tmnxSecNotifCert is a valid certificate and an appropriate trust anchor is configured." ::= { tmnxSecurityNotifications 17 } tmnxCAProfileStateChange NOTIFICATION-TYPE OBJECTS { tmnxPkiCAProfileOperState, tmnxSecNotifFailureReason } STATUS current DESCRIPTION "[CAUSE] The tmnxCAProfileStateChange notification is generated when Certificate Authority profile changes state to 'down' due to tmnxSecNotifFailureReason. [EFFECT] Certificate Authority profile will remain in this state until a corrective action is taken. [RECOVERY] Depending on the reason indicated by tmnxSecNotifFailureReason, corrective action should be taken." ::= { tmnxSecurityNotifications 18 } tmnxCpmProtExcdSapIp NOTIFICATION-TYPE OBJECTS { tmnxCpmProtExcdSapIpPeriods, tmnxCpmProtViolExcdPktHexDump } STATUS current DESCRIPTION "[CAUSE] The tmnxCpmProtExcdSapIp notification is generated when a source (identified by an IP address) sends a packet stream to a local SAP at a rate which exceeds the SAP's configured per-source-rate. [EFFECT] One or more packets arriving at the SAP was discarded. [RECOVERY] Reduce the packet transmission rate at the far end, OR increase the locally configured per-source-rate for the SAP, OR disable per-IP-source rate limiting on the SAP by setting TIMETRA-SAP-MIB::sapCpmProtMonitorIP to 'false'." ::= { tmnxSecurityNotifications 19 } tmnxPkiCAProfActnStatusChg NOTIFICATION-TYPE OBJECTS { tmnxPkiCAProfActnType, tmnxPkiCAProfActnStatus, tmnxPkiCAProfActnStatusString, tmnxPkiCAProfActnStatusCode, tmnxPkiCAProfActnOrigCmdTime, tmnxPkiCAProfActnLastCAResp } STATUS current DESCRIPTION "[CAUSE] The tmnxPkiCAProfActnStatusChg notification is generated when tmnxPkiCAProfActnStatus changes status. More information is available through tmnxPkiCAProfActnStatusString and tmnxPkiCAProfActnStatusCode. [EFFECT] This is due to the action performed using tmnxPkiCAProfActnTable. [RECOVERY] Depending on the information available in this trap, another tmnxPkiCAProfActnType request may be issued by correcting the parameters in the tmnxPkiCAProfActnTable." ::= { tmnxSecurityNotifications 20 } tmnxCpmProtViolSapOutProf NOTIFICATION-TYPE OBJECTS { tCpmProtOutProfViolSapPeriods, tmnxCpmProtViolExcdPktHexDump } STATUS current DESCRIPTION "[CAUSE] The tmnxCpmProtViolSapOutProf notification is generated when the rate at which incoming control packets are marked as out-of-profile specified by tmnxCpmProtPolOutProfileRate is exceeded. This notification is generated when tmnxCpmProtPolOutProfRateLogEvnt is set to 'true'. [EFFECT] One or more control packets being marked as out-of-profile will be discarded. [RECOVERY] Reduce the packet transmission rate at the far end, or increase the out-of-profile rate, tmnxCpmProtPolOutProfileRate for this SAP." ::= { tmnxSecurityNotifications 21 } tmnxCpmProtViolIfOutProf NOTIFICATION-TYPE OBJECTS { tCpmProtOutProfViolIfPeriods, tmnxCpmProtViolExcdPktHexDump } STATUS current DESCRIPTION "[CAUSE] The tmnxCpmProtViolIfOutProf notification is generated when the rate at which incoming control packets are marked as out-of-profile specified by tmnxCpmProtPolOutProfileRate is exceeded. This notification is generated when tmnxCpmProtPolOutProfRateLogEvnt is set to 'true'. [EFFECT] One or more control packets being marked as out-of-profile will be discarded. [RECOVERY] Reduce the packet transmission rate at the far end, or increase the out-of-profile rate, tmnxCpmProtPolOutProfileRate for this interface." ::= { tmnxSecurityNotifications 22 } tmnxCpmProtExcdSdpBindIp NOTIFICATION-TYPE OBJECTS { tmnxCpmProtExcdSdpBindIpPeriods, tmnxCpmProtViolExcdPktHexDump } STATUS current DESCRIPTION "[CAUSE] The tmnxCpmProtExcdSdpBindIp notification is generated when a source (identified by an IP address) sends a packet stream to a local mesh-sdp or spoke-sdp at a rate which exceeds the SDP's configured per-source-rate. [EFFECT] One or more packets arriving at the mesh-sdp or spoke-sdp was discarded. [RECOVERY] Reduce the packet transmission rate at the far end, or increase the locally configured per-source-rate for the SDP." ::= { tmnxSecurityNotifications 23 } tmnxSecComputeCertChainFailure NOTIFICATION-TYPE OBJECTS { tmnxSecNotifFile, tmnxSecNotifFailureReason } STATUS current DESCRIPTION "[CAUSE] The tmnxSecComputeCertChainFailure notification is generated when a compute chain-failure has occurred. [EFFECT] The chain cannot be built for a configured certificate and the corresponding chain will be empty. [RECOVERY] Depending on the reason indicated by tmnxSecNotifFailureReason, corrective action should be taken." ::= { tmnxSecurityNotifications 24 } tmnxCpmProtViolSdpBindOutProf NOTIFICATION-TYPE OBJECTS { tCpmProtOutProfViolSdpBindPeriod, tmnxCpmProtViolExcdPktHexDump } STATUS current DESCRIPTION "[CAUSE] The tmnxCpmProtViolSdpBindOutProf notification is generated when the rate at which incoming control packets are marked as out-of-profile specified by tmnxCpmProtPolOutProfileRate is exceeded. This notification is generated when tmnxCpmProtPolOutProfRateLogEvnt is set to 'true'. [EFFECT] One or more control packets being marked as out-of-profile will be discarded. [RECOVERY] Reduce the packet transmission rate at the far end, or increase the out-of-profile rate, tmnxCpmProtPolOutProfileRate for this SDP binding." ::= { tmnxSecurityNotifications 25 } tmnxSecNotifKeyChainExpired NOTIFICATION-TYPE OBJECTS { tmnxKeyChainExpired, tmnxSecNotifOrigProtocol } STATUS current DESCRIPTION "The tmnxSecNotifKeyChainExpired notification is generated when a protocol instance tries to use a keychain, for which the last key entry has expired." ::= { tmnxSecurityNotifications 26 } tmnxCAProfUpDueToRevokeChkCrlOpt NOTIFICATION-TYPE OBJECTS { tmnxPkiCAProfileOperState, tmnxSecNotifFailureReason } STATUS current DESCRIPTION "[CAUSE] The tmnxCAProfUpDueToRevokeChkCrlOpt notification is generated when Certificate Authority profile changes state to 'up' due to tmnxPkiCAProfRevokeChk set to 'crlOptional' even with the errors in tmnxSecNotifFailureReason. [EFFECT] Certificate Authority profile will remain up. [RECOVERY] Errors described in tmnxSecNotifFailureReason should still be corrected." ::= { tmnxSecurityNotifications 27 } tmnxPkiCertBeforeExpWarning NOTIFICATION-TYPE OBJECTS { tmnxSecNotifFile, tmnxPkiExpRemainingHours, tmnxPkiExpRemainingMinutes, tmnxSecNotifClientAppName } STATUS current DESCRIPTION "[CAUSE] The tmnxPkiCertBeforeExpWarning notification is generated when the certificate indicated in tmnxSecNotifFile will expire in the time period indicated by tmnxPkiExpRemainingHours and tmnxPkiExpRemainingMinutes. [EFFECT] The indicated certificate will expire. [RECOVERY] Replace the indicated file with an updated certificate." ::= { tmnxSecurityNotifications 28 } tmnxPkiCertAfterExpWarning NOTIFICATION-TYPE OBJECTS { tmnxSecNotifFile, tmnxSecNotifClientAppName } STATUS current DESCRIPTION "[CAUSE] The tmnxPkiCertAfterExpWarning notification is generated when the certificate indicated in tmnxSecNotifFile has expired. [EFFECT] The indicated certificate has expired. [RECOVERY] Replace the indicated file with an updated certificate." ::= { tmnxSecurityNotifications 29 } tmnxPkiCertExpWarningCleared NOTIFICATION-TYPE OBJECTS { tmnxSecNotifFile, tmnxPkiExpReason, tmnxSecNotifClientAppName } STATUS current DESCRIPTION "[CAUSE] The tmnxPkiCertExpWarningCleared notification is generated when the expiration warning for the certificate indicated in tmnxSecNotifFile no longer applies because of the reason indicated in tmnxPkiExpReason. [EFFECT] The indicated certificate is no longer going to expire. [RECOVERY] None needed." ::= { tmnxSecurityNotifications 30 } tmnxPkiCRLBeforeExpWarning NOTIFICATION-TYPE OBJECTS { tmnxSecNotifFile, tmnxPkiExpRemainingHours, tmnxPkiExpRemainingMinutes } STATUS current DESCRIPTION "[CAUSE] The tmnxPkiCRLBeforeExpWarning notification is generated when the CRL (certificate revocation list) indicated in tmnxSecNotifFile will expire in the time period indicated by tmnxPkiExpRemainingHours and tmnxPkiExpRemainingMinutes. [EFFECT] The indicated CRL (certificate revocation list) will expire. [RECOVERY] Replace the indicated file with an updated CRL." ::= { tmnxSecurityNotifications 31 } tmnxPkiCRLAfterExpWarning NOTIFICATION-TYPE OBJECTS { tmnxSecNotifFile } STATUS current DESCRIPTION "[CAUSE] The tmnxPkiCRLAfterExpWarning notification is generated when the CRL (certificate revocation list) indicated in tmnxSecNotifFile has expired. [EFFECT] The indicated CRL (certificate revocation list) has expired. [RECOVERY] Replace the indicated file with an updated CRL." ::= { tmnxSecurityNotifications 32 } tmnxPkiCRLExpWarningCleared NOTIFICATION-TYPE OBJECTS { tmnxSecNotifFile, tmnxPkiExpReason } STATUS current DESCRIPTION "[CAUSE] The tmnxPkiCRLExpWarningCleared notification is generated when the expiration warning for the CRL (certificate revocation list) indicated in tmnxSecNotifFile no longer applies. [EFFECT] The indicated CRL (certificate revocation list) is no longer going to expire because of the reason indicated in tmnxPkiExpReason. [RECOVERY] None needed." ::= { tmnxSecurityNotifications 33 } tmnxSecNotifFileReloaded NOTIFICATION-TYPE OBJECTS { tmnxSecNotifFile, tmnxSecNotifFileType } STATUS current DESCRIPTION "[CAUSE] The tmnxSecNotifFileReloaded notification is generated when the certificate or key indicated in tmnxSecNotifFile is reloaded. tmnxSecNotifFileType indicates whether a certificate or key has been reloaded. [EFFECT] The indicated certificate or key has been reloaded. [RECOVERY] None needed." ::= { tmnxSecurityNotifications 34 } tmnxSecPwdHistoryFileLoadFailed NOTIFICATION-TYPE OBJECTS { tmnxSecPwdHistLoadFailReason } STATUS current DESCRIPTION "[CAUSE] The tmnxSecPwdHistoryFileLoadFailed notification is generated when the password history is enabled (tmnxPasswordHistory is not 0) for the first time and the system was unable to load and process the password history. Failure could be due to the following reasons or more: - This is the first time the password history is enabled on this system. - A previous attempt to store the password history failed. - Somebody removed or modified the password history file. [EFFECT] The system might not be able to compare the new user password with the user's password history from before the last reboot. If tmnxSecPwdHistLoadFailReason is set to 'notFound(1)', a new, empty history file will be created. [RECOVERY] Investigation might be warranted." ::= { tmnxSecurityNotifications 35 } tmnxSecPwdHistoryFileWriteFailed NOTIFICATION-TYPE STATUS current DESCRIPTION "[CAUSE] The tmnxSecPwdHistoryFileWriteFailed notification is generated when the system is unable to store the password history when an user's password is changed. [EFFECT] After a reboot, the system might not be able to compare the new user password with the user's password history. [RECOVERY] Ensure the compact flash is present, and all file permissions are correct." ::= { tmnxSecurityNotifications 36 } tmnxPkiCAProfCrlUpdateStart NOTIFICATION-TYPE OBJECTS { tmnxPkiCAProfileNameForNotify } STATUS current DESCRIPTION "[CAUSE] A tmnxPkiCAProfCrlUpdateStart notification is generated when a CRL update operation is started for an existing CA Profile. The CA Profile is configured via tmnxPkiCAProfileTable. [EFFECT] The system is downloading the CRL file from a URL, which is configured via tmnxPkiCAProfUrlTable. [RECOVERY] No recovery is required for this notification." ::= { tmnxSecurityNotifications 37 } tmnxPkiCAProfCrlUpdateSuccess NOTIFICATION-TYPE OBJECTS { tmnxPkiCAProfUrl } STATUS current DESCRIPTION "[CAUSE] A tmnxPkiCAProfCrlUpdateSuccess notification is generated when a new valid CRL file is successfully updated for an existing CA Profile. The CA Profile is configured via tmnxPkiCAProfileTable. [EFFECT] tmnxPkiCAProfileCRLFile will be replaced if the downloaded CRL file qualified. The cases that a downloaded CRL does not qualify are explained in the DESCRIPTION clause of tmnxPkiCAProfAtCrlUpdScheduleT. [RECOVERY] No recovery is required for this notification." ::= { tmnxSecurityNotifications 38 } tmnxPkiCAProfCrlUpdateUrlFail NOTIFICATION-TYPE OBJECTS { tmnxPkiCAProfUrl, tmnxSecNotifFailureReason } STATUS current DESCRIPTION "[CAUSE] A tmnxPkiCAProfCrlUpdateUrlFail notification is generated when the CRL update operation has failed after attempting the indicated URL for an existing CA Profile. The CA Profile is configured via tmnxPkiCAProfileTable. URLs for an existing CA Profile are configured via tmnxPkiCAProfUrlTable. A tmnxPkiCAProfCrlUpdateUrlFail will not be sent when the URL is the last one in the URL list for an existing CA Profile. In such case, a tmnxPkiCAProfCrlUpdAllUrlsFail notification will be sent. [EFFECT] The system will attempt to download the CRL file from the next URL in the URL list. [RECOVERY] Make sure the URLs specified in tmnxPkiCAProfUrlTable are correct." ::= { tmnxSecurityNotifications 39 } tmnxPkiCAProfCrlUpdAllUrlsFail NOTIFICATION-TYPE OBJECTS { tmnxPkiCAProfUrl, tmnxSecNotifFailureReason } STATUS current DESCRIPTION "[CAUSE] A tmnxPkiCAProfCrlUpdAllUrlsFail notification is generated when the CRL update operation failed after attempting all URLs for an existing CA Profile. The CA Profile is configured via tmnxPkiCAProfileTable. URLs for an existing CA Profile are configured via tmnxPkiCAProfUrlTable. [EFFECT] When tmnxPkiCAProfAtCrlUpdScheduleT is 'nextUpdateBased (1)' and tmnxPkiCAProfAtCrlUpdRetryIntv is zero, the system will stop attempting to update the CRL file. The system will attempt to download the same CRL file starting from the first URL in the URL list again after 1) tmnxPkiCAProfAtCrlUpdRetryIntv (>0) seconds, when tmnxPkiCAProfAtCrlUpdScheduleT is 'nextUpdateBased (1)', or 2) tmnxPkiCAProfAtCrlUpdPrdcUpdIntv seconds, when tmnxPkiCAProfAtCrlUpdScheduleT is 'periodic (2)'. [RECOVERY] Make sure the URLs specified in tmnxPkiCAProfUrlTable are correct." ::= { tmnxSecurityNotifications 40 } tmnxPkiFileWriteFailed NOTIFICATION-TYPE OBJECTS { tmnxSecNotifFile, tmnxSecNotifFailureReason, tmnxSecNotifFileSize } STATUS current DESCRIPTION "[CAUSE] The tmnxPkiFileWriteFailed notification is generated when an attempt to write the file fails. Reason for the failure is indicated by the tmnxSecNotifFailureReason object. [EFFECT] The downloaded file is not saved to disk. [RECOVERY] Make sure the path specified in tmnxSecNotifFile is correct, file permission is writable and there is sufficient disk space." ::= { tmnxSecurityNotifications 41 } tmnxPkiCAProfCrlUpdNoNxtUpdTime NOTIFICATION-TYPE OBJECTS { tmnxPkiCAProfileNameForNotify } STATUS current DESCRIPTION "[CAUSE] A tmnxPkiCAProfCrlUpdNoNxtUpdTime notification is generated when tmnxPkiCAProfAtCrlUpdScheduleT is 'nextUpdateBased (1)' and one of the following conditions is true: 1) The 'nextUpdate' field is missing from the CRL file or contains a value that is beyond the limit of the system 2) tmnxPkiCAProfAtCrlUpdRetryIntv is zero, and none of the configured URLs work or contain a CRL that qualifies from the first scheduled update. [EFFECT] The system will not download a new CRL file. [RECOVERY] Change tmnxPkiCAProfAtCrlUpdScheduleT to 'periodic (2)' if the system is to check for an updated CRL every tmnxPkiCAProfAtCrlUpdPrdcUpdIntv seconds. Otherwise, configure the tmnxPkiCAProfAtCrlUpdAdminState to 'outOfService (3)'." ::= { tmnxSecurityNotifications 42 } tmnxUsrProfSessionLimitExceeded NOTIFICATION-TYPE OBJECTS { tmnxSessionLimitExceededName, tmnxSessionLimitExceededType } STATUS current DESCRIPTION "[CAUSE] The tmnxUsrProfSessionLimitExceeded notification is generated when an attempt to establish a new user access session is not successful because any of SSH / Telnet / Total session limits defined for the profile of which the user is a member has been exceeded. The value of the object tmnxSessionLimitExceededName indicates the name of the user profile of which the session limit has been exceeded. The value of the object tmnxSessionLimitExceededType indicates the type of the session limit that has been exceeded. [EFFECT] The user access session has not been established. [RECOVERY] An administrator may execute one of the following actions in order to allow a successful session establishment: 1) force disconnection of an existing session(s) using 'admin disconnect' CLI command 2) increase the value of the session limit using CLI or SNMP SET operation on the corresponding object in tmnxUserProfileTable 3) revoke the profile membership for the particular user (beware that this action may have impact on user's privileges)" ::= { tmnxSecurityNotifications 43 } tmnxCliGroupSessionLimitExceeded NOTIFICATION-TYPE OBJECTS { tmnxSessionLimitExceededName, tmnxSessionLimitExceededType } STATUS current DESCRIPTION "[CAUSE] The tmnxCliGroupSessionLimitExceeded notification is generated when an attempt to establish a new user access session is not successful because any of SSH / Telnet / Total session limits defined for the CLI session group of which the user is an indirect member (as a member of a user profile that is a member of the CLI session group) has been exceeded. The value of the object tmnxSessionLimitExceededName indicates the name of the CLI session group of which the session limit has been exceeded. The value of the object tmnxSessionLimitExceededType indicates the type of the session limit that has been exceeded. [EFFECT] The user access session has not been established. [RECOVERY] An administrator may execute one of the following actions in order to allow a successful session establishment: 1) force disconnection of an existing session(s) using 'admin disconnect' CLI command 2) increase the value of the session limit using CLI or SNMP SET operation on the corresponding object in tmnxCliSessionGroupTable 3) revoke the profile membership for the particular user (beware that this action may have impact on user's privileges) 4) revoke the session group membership for the particular profile" ::= { tmnxSecurityNotifications 44 } tmnxPkiCAProfCrlUpdLargPreUpdTm NOTIFICATION-TYPE OBJECTS { tmnxPkiCAProfileNameForNotify } STATUS current DESCRIPTION "[CAUSE] A tmnxPkiCAProfCrlUpdLargPreUpdTm notification is generated when the 'nextUpdate' time of a newly downloaded CRL is earlier than the last successful update time or the time of setting tmnxPkiCAProfAtCrlUpdAdminState to 'inService (2)' plus the pre-update time. The last successful update time is stored in tmnxPkiCAProfAtCrlUpdLstSucsTmSt. The pre-update time is configured via tmnxPkiCAProfAtCrlUpdPreUpdTime. [EFFECT] The system will update the CRL again in tmnxPkiCAProfAtCrlUpdRetryIntv seconds rather than immediately. [RECOVERY] Configure tmnxPkiCAProfAtCrlUpdPreUpdTime to a value less than (the 'nextUpdate' value of the newly downloaded CRL - the last successful update time). The ideal value would be a value slightly lower than the CRL overlap period to avoid unnecessary download attempts. No recovery is needed for if the notification is generated in case of setting tmnxPkiCAProfAtCrlUpdAdminState to 'inService (2)'." ::= { tmnxSecurityNotifications 45 } tmnxUserCliLoginMaxAttempts NOTIFICATION-TYPE OBJECTS { tmnxSecNotifyUserName, tmnxSecNotifyAddrType, tmnxSecNotifyAddr, tmnxPasswordAttemptsCount, tmnxPasswordAttemptsLockoutPeriod } STATUS current DESCRIPTION "[CAUSE] A tmnxUserCliLoginMaxAttempts notification is generated when a non Lawful Interception user attempting to open a CLI session failed to authenticate for more than a maximum allowed number of times in a period of tmnxPasswordAttemptsTime minutes. The value of the object tmnxPasswordAttemptsCount indicates the maximum number of unsuccessful login attempts allowed. The value of the object tmnxPasswordAttemptsLockoutPeriod indicates the number of minutes the user is locked out. The value of the object tmnxSecNotifyUserName indicates the name of the user attempting to open a CLI session. The value of the object tmnxSecNotifyAddrType indicates the type of the IP address stored in the object tmnxSecNotifyAddr. The value of the object tmnxSecNotifyAddr indicates the IP address of the user attempting to open a CLI session. [EFFECT] The user is locked out for a period of tmnxPasswordAttemptsLockoutPeriod minutes. A remote access session is terminated. [RECOVERY] No recovery action is required." ::= { tmnxSecurityNotifications 46 } tmnxUserFtpLoginMaxAttempts NOTIFICATION-TYPE OBJECTS { tmnxSecNotifyUserName, tmnxSecNotifyAddrType, tmnxSecNotifyAddr, tmnxPasswordAttemptsCount, tmnxPasswordAttemptsLockoutPeriod } STATUS current DESCRIPTION "[CAUSE] A tmnxUserFtpLoginMaxAttempts notification is generated when a non Lawful Interception user attempting to connect via FTP failed to authenticate for more than a maximum allowed number of times in a period of tmnxPasswordAttemptsTime minutes. The value of the object tmnxPasswordAttemptsCount indicates the maximum number of unsuccessful login attempts allowed. The value of the object tmnxPasswordAttemptsLockoutPeriod indicates the number of minutes the user is locked out. The value of the object tmnxSecNotifyUserName indicates the name of the user attempting to connect via FTP. The value of the object tmnxSecNotifyAddrType indicates the type of the IP address stored in the object tmnxSecNotifyAddr. The value of the object tmnxSecNotifyAddr indicates the IP address of the user attempting to connect via FTP. [EFFECT] The user is locked out for a period of tmnxPasswordAttemptsLockoutPeriod minutes. An FTP session is terminated. [RECOVERY] No recovery action is required." ::= { tmnxSecurityNotifications 47 } tmnxUserSshLoginMaxAttempts NOTIFICATION-TYPE OBJECTS { tmnxSecNotifyUserName, tmnxSecNotifyAddrType, tmnxSecNotifyAddr, tmnxPasswordAttemptsCount, tmnxPasswordAttemptsLockoutPeriod } STATUS current DESCRIPTION "[CAUSE] A tmnxUserSshLoginMaxAttempts notification is generated when a non Lawful Interception user attempting to connect via SSH failed to authenticate for more than a maximum allowed number of times in a period of tmnxPasswordAttemptsTime minutes. The value of the object tmnxPasswordAttemptsCount indicates the maximum number of unsuccessful login attempts allowed. The value of the object tmnxPasswordAttemptsLockoutPeriod indicates the number of minutes the user is locked out. The value of the object tmnxSecNotifyUserName indicates the name of the user attempting to connect via SSH. The value of the object tmnxSecNotifyAddrType indicates the type of the IP address stored in the object tmnxSecNotifyAddr. The value of the object tmnxSecNotifyAddr indicates the IP address of the user attempting to connect via SSH. [EFFECT] The user is locked out for a period of tmnxPasswordAttemptsLockoutPeriod minutes. An SSH session is terminated. [RECOVERY] No recovery action is required." ::= { tmnxSecurityNotifications 48 } tmnxPkiCertNotYetValid NOTIFICATION-TYPE OBJECTS { tmnxSecNotifFile, tmnxSecNotifClientAppName } STATUS current DESCRIPTION "[CAUSE] The tmnxPkiCertNotYetValid notification is generated when the certificate indicated in tmnxSecNotifFile is not yet valid. [EFFECT] The indicated certificate is not usable until the 'notBefore' time is reached. If the certificate is specified in a CA-profile, then the operational state of the CA-profile (i.e., tmnxPkiCAProfileOperState) remains down until the 'notBefore' time is reached. [RECOVERY] Replace tmnxSecNotifFile with a certificate file that is still valid, or wait until the 'notBefore' time specified in the certificate is reached for the system to recover itself." REFERENCE "RFC 5280, 'Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile', IETF, May 2008." ::= { tmnxSecurityNotifications 49 } tmnxPkiCRLNotYetValid NOTIFICATION-TYPE OBJECTS { tmnxSecNotifFile } STATUS current DESCRIPTION "[CAUSE] The tmnxPkiCRLNotYetValid notification is generated when the CRL (Certificate Revocation List) indicated in tmnxSecNotifFile is not yet valid. [EFFECT] The CRL is not usable until the 'thisUpdate' time is reached. Unless tmnxPkiCAProfRevokeChk is configured to 'crlOptional (2)', the operational state of the CA-profile (i.e., tmnxPkiCAProfileOperState) remains down until the 'thisUpdate' time is reached. [RECOVERY] Replace tmnxSecNotifFile with a CRL that is still valid, or wait until the 'thisUpdate' time specified in the CRL is reached for the system to recover itself." REFERENCE "RFC 5280, 'Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile', IETF, May 2008." ::= { tmnxSecurityNotifications 50 } tmnxLiUserCliLoginMaxAttempts NOTIFICATION-TYPE OBJECTS { tmnxSecNotifyUserName, tmnxSecNotifyAddrType, tmnxSecNotifyAddr, tmnxPasswordAttemptsCount, tmnxPasswordAttemptsLockoutPeriod } STATUS current DESCRIPTION "[CAUSE] A tmnxLiUserCliLoginMaxAttempts notification is generated when a Lawful Interception user attempting to open a CLI session failed to authenticate for more than a maximum allowed number of times in a period of tmnxPasswordAttemptsTime minutes. The value of the object tmnxPasswordAttemptsCount indicates the maximum number of unsuccessful login attempts allowed. The value of the object tmnxPasswordAttemptsLockoutPeriod indicates the number of minutes the user is locked out. The value of the object tmnxSecNotifyUserName indicates the name of the user attempting to open a CLI session. The value of the object tmnxSecNotifyAddrType indicates the type of the IP address stored in the object tmnxSecNotifyAddr. The value of the object tmnxSecNotifyAddr indicates the IP address of the user attempting to open a CLI session. [EFFECT] The user is locked out for a period of tmnxPasswordAttemptsLockoutPeriod minutes. A remote access session is terminated. [RECOVERY] No recovery action is required." ::= { tmnxSecurityNotifications 51 } tmnxLiUserSshLoginMaxAttempts NOTIFICATION-TYPE OBJECTS { tmnxSecNotifyUserName, tmnxSecNotifyAddrType, tmnxSecNotifyAddr, tmnxPasswordAttemptsCount, tmnxPasswordAttemptsLockoutPeriod } STATUS current DESCRIPTION "[CAUSE] A tmnxLiUserSshLoginMaxAttempts notification is generated when a Lawful Interception user attempting to connect via SSH failed to authenticate for more than a maximum allowed number of times in a period of tmnxPasswordAttemptsTime minutes. The value of the object tmnxPasswordAttemptsCount indicates the maximum number of unsuccessful login attempts allowed. The value of the object tmnxPasswordAttemptsLockoutPeriod indicates the number of minutes the user is locked out. The value of the object tmnxSecNotifyUserName indicates the name of the user attempting to connect via SSH. The value of the object tmnxSecNotifyAddrType indicates the type of the IP address stored in the object tmnxSecNotifyAddr. The value of the object tmnxSecNotifyAddr indicates the IP address of the user attempting to connect via SSH. [EFFECT] The user is locked out for a period of tmnxPasswordAttemptsLockoutPeriod minutes. An SSH session is terminated. [RECOVERY] No recovery action is required." ::= { tmnxSecurityNotifications 52 } tmnxLiUserFtpLoginMaxAttempts NOTIFICATION-TYPE OBJECTS { tmnxSecNotifyUserName, tmnxSecNotifyAddrType, tmnxSecNotifyAddr, tmnxPasswordAttemptsCount, tmnxPasswordAttemptsLockoutPeriod } STATUS current DESCRIPTION "[CAUSE] A tmnxLiUserFtpLoginMaxAttempts notification is generated when a Lawful Interception user attempting to connect via FTP failed to authenticate for more than a maximum allowed number of times in a period of tmnxPasswordAttemptsTime minutes. The value of the object tmnxPasswordAttemptsCount indicates the maximum number of unsuccessful login attempts allowed. The value of the object tmnxPasswordAttemptsLockoutPeriod indicates the number of minutes the user is locked out. The value of the object tmnxSecNotifyUserName indicates the name of the user attempting to connect via FTP. The value of the object tmnxSecNotifyAddrType indicates the type of the IP address stored in the object tmnxSecNotifyAddr. The value of the object tmnxSecNotifyAddr indicates the IP address of the user attempting to connect via FTP. [EFFECT] The user is locked out for a period of tmnxPasswordAttemptsLockoutPeriod minutes. An FTP session is terminated. [RECOVERY] No recovery action is required." ::= { tmnxSecurityNotifications 53 } tmnxAppPkiCertVerificationFailed NOTIFICATION-TYPE OBJECTS { tmnxSecNotifClientAppName, tmnxSecNotifCert, tmnxSecNotifFailureReason } STATUS current DESCRIPTION "[CAUSE] The tmnxAppPkiCertVerificationFailed notification is generated when an attempt to verify the certificate fails for a non-IPsec application. [EFFECT] Fail to establish a secured connection with the remote entity. [RECOVERY] Make sure the certificate specified in tmnxSecNotifCert is a valid certificate and an appropriate trust anchor is configured." ::= { tmnxSecurityNotifications 54 } tmnxUserNetconfLoginMaxAttempts NOTIFICATION-TYPE OBJECTS { tmnxSecNotifyUserName, tmnxSecNotifyAddrType, tmnxSecNotifyAddr, tmnxPasswordAttemptsCount, tmnxPasswordAttemptsLockoutPeriod } STATUS current DESCRIPTION "[CAUSE] A tmnxUserNetconfLoginMaxAttempts notification is generated when a user attempting to connect via netconf failed to authenticate for more than a maximum allowed number of times in a period of tmnxPasswordAttemptsTime minutes. The value of the object tmnxPasswordAttemptsCount indicates the maximum number of unsuccessful login attempts allowed. The value of the object tmnxPasswordAttemptsLockoutPeriod indicates the number of minutes the user is locked out. The value of the object tmnxSecNotifyUserName indicates the name of the user attempting to connect via netconf. The value of the object tmnxSecNotifyAddrType indicates the type of the IP address stored in the object tmnxSecNotifyAddr. The value of the object tmnxSecNotifyAddr indicates the IP address of the user attempting to connect via netconf. [EFFECT] The user is locked out for a period of tmnxPasswordAttemptsLockoutPeriod minutes. The netconf session is terminated. [RECOVERY] No recovery action is required." ::= { tmnxSecurityNotifications 55 } tmnxCertKeyPairGen NOTIFICATION-TYPE OBJECTS { tmnxSecNotifyUrl, tmnxSecNotifyCurve, tmnxSecNotifyKeySize, tmnxSecNotifyKeyType, tmnxSecEventOutcome } STATUS current DESCRIPTION "[CAUSE] A tmnxCertKeyPairGen notification is generated when a user generates a cryptographic key with the admin certificate command" ::= { tmnxSecurityNotifications 56 } tmnxCertImport NOTIFICATION-TYPE OBJECTS { tmnxSecNotifyUrl, tmnxSecNotifFile, tmnxSecNotifyImportExportType, tmnxSecNotifyImportExportFormat, tmnxSecEventOutcome } STATUS current DESCRIPTION "[CAUSE] A tmnxCertImport notification is generated when a user imports a cryptographic key, certificate, or CRL with the admin certificate command" ::= { tmnxSecurityNotifications 57 } tmnxCertExport NOTIFICATION-TYPE OBJECTS { tmnxSecNotifyUrl, tmnxSecNotifFile, tmnxSecNotifyImportExportType, tmnxSecNotifyImportExportFormat, tmnxSecEventOutcome } STATUS current DESCRIPTION "[CAUSE] A tmnxCertExport notification is generated when a user exports a cryptographic key, certificate, or CRL with the admin certificate command" ::= { tmnxSecurityNotifications 58 } tmnxFileDeleted NOTIFICATION-TYPE OBJECTS { tmnxSecNotifyUrl, tmnxSecEventOutcome } STATUS current DESCRIPTION "[CAUSE] A tmnxFileDeleted notification is generated when a user deletes a file through the file command" ::= { tmnxSecurityNotifications 59 } tmnxFileMoved NOTIFICATION-TYPE OBJECTS { tmnxSecNotifyUrl, tmnxSecNotifyNewUrl, tmnxSecEventOutcome } STATUS current DESCRIPTION "[CAUSE] A tmnxFileMoved notification is generated when a user moves a file through the file command" ::= { tmnxSecurityNotifications 60 } tmnxFileCopied NOTIFICATION-TYPE OBJECTS { tmnxSecNotifyUrl, tmnxSecNotifyNewUrl, tmnxSecEventOutcome } STATUS current DESCRIPTION "[CAUSE] A tmnxFileCopied notification is generated when a user copies a file through the file command" ::= { tmnxSecurityNotifications 61 } tmnxFileUnzip NOTIFICATION-TYPE OBJECTS { tmnxSecNotifyUrl, tmnxSecNotifyDestUrl, tmnxSecNotifFileUnzipResult } STATUS current DESCRIPTION "[CAUSE] The tmnxFileUnzip notification is generated upon the completion of an unzip operation of the source ZIP file specified by tmnxSecNotifyUrl to the destination location specified by tmnxSecNotifyDestUrl. [EFFECT] The result is indicated by the value of tmnxSecNotifFileUnzipResult as follows: success (0) - unzip is successful. partialSuccess (1) - unzip is partially successful, skipped some files. sourceNotFound (2) - failed - cannot find the ZIP file. sourceNotSupported (3) - failed - ZIP file is not supported. destNotFound (4) - failed - cannot find the destination URL. destFull (5) - failed - destination storage is full. fileTooBig (6) - failed - file size exceeds limit. otherFailure (7) - failed - another reason. [RECOVERY] No recovery action if tmnxSecNotifFileUnzipResult is success (0). Otherwise, depending on the indicated failure, corrective action should be taken before attempting another unzip operation." ::= { tmnxSecurityNotifications 62 } tmnxPasswordHashingChanged NOTIFICATION-TYPE OBJECTS { tmnxSecNotifNewPasswordHashing, tmnxSecNotifOldPasswordHashing } STATUS current DESCRIPTION "[CAUSE] The tmnxPasswordHashingChanged notification is generated upon the change of password hashing algorithm (tmnxPasswordHashing). The value of the object tmnxSecNotifNewPasswordHashing indicates the new password hashing algorithm. The value of the object tmnxSecNotifOldPasswordHashing indicates the new password hashing algorithm. [EFFECT] Users will be prompted to change their password upon log in to the system. All newly stored user passwords will be hashed by the algorithm defined by tmnxPasswordHashing. [RECOVERY] No recovery action is required." ::= { tmnxSecurityNotifications 63 } tmnxUserPasswordChangedByAdmin NOTIFICATION-TYPE OBJECTS { tmnxSecNotifyLocalUserName, tmnxSecNotifyAdminUserName } STATUS current DESCRIPTION "[CAUSE] The tmnxUserPasswordChangedByAdmin notification is generated upon the change of a password of a local user by a user with administrative rights. The value of the object tmnxSecNotifyLocalUserName indicates the user name for which the password has been changed. The value of the object tmnxSecNotifyAdminUserName indicates the user name of the user who has changed the password. [EFFECT] Local user will be able to authenticate to the system with the new password only. [RECOVERY] No recovery action is required." ::= { tmnxSecurityNotifications 64 } END