1922 lines
63 KiB
Plaintext
1922 lines
63 KiB
Plaintext
-- *****************************************************************
|
|
-- CISCO-TRUSTSEC-MIB.my
|
|
--
|
|
-- December 2009, Dipesh Gorashia
|
|
--
|
|
-- Copyright (c) 2009-2012, 2014 by Cisco Systems Inc.
|
|
-- All rights reserved.
|
|
-- *****************************************************************
|
|
|
|
CISCO-TRUSTSEC-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
Unsigned32,
|
|
Counter32,
|
|
NOTIFICATION-TYPE
|
|
FROM SNMPv2-SMI
|
|
MODULE-COMPLIANCE,
|
|
OBJECT-GROUP,
|
|
NOTIFICATION-GROUP
|
|
FROM SNMPv2-CONF
|
|
TruthValue,
|
|
DateAndTime,
|
|
RowStatus
|
|
FROM SNMPv2-TC
|
|
SnmpAdminString
|
|
FROM SNMP-FRAMEWORK-MIB
|
|
CtsSecurityGroupTag,
|
|
CtsGenerationId,
|
|
CtsPasswordEncryptionType,
|
|
CtsAcsAuthorityIdentity,
|
|
CtsCredentialRecordType
|
|
FROM CISCO-TRUSTSEC-TC-MIB
|
|
ciscoMgmt
|
|
FROM CISCO-SMI;
|
|
|
|
|
|
ciscoTrustSecMIB MODULE-IDENTITY
|
|
LAST-UPDATED "201401300000Z"
|
|
ORGANIZATION "Cisco Systems, Inc."
|
|
CONTACT-INFO
|
|
"Cisco Systems
|
|
Customer Service
|
|
|
|
Postal: 170 W Tasman Drive
|
|
San Jose, CA 95134
|
|
USA
|
|
|
|
Tel: +1 800 553-NETS
|
|
|
|
E-mail: cs-lan-switch-snmp@cisco.com"
|
|
DESCRIPTION
|
|
"This MIB module is for the configuration of a network
|
|
device on the Cisco Trusted Security (TrustSec) system.
|
|
|
|
TrustSec secures a network fabric by authenticating and
|
|
authorizing each device connecting to the network, allowing for
|
|
the encryption, authentication and replay protection of data
|
|
traffic on a hop by hop basis.
|
|
|
|
Glossary :
|
|
|
|
TrustSec - Cisco Trusted Security
|
|
|
|
EAP-FAST - Extensible Authentication Protocol-Flexible
|
|
Authentication via Secure Tunneling (RFC 4851)
|
|
|
|
PAC - Protected Access Credential
|
|
A credential dynamically downloaded from the
|
|
Access Control Server.
|
|
|
|
ACS - Access Control Server
|
|
|
|
SGT - Security Group Tag
|
|
A tag identifying its source, assigned to a packet on
|
|
ingress to a TrustSec cloud, and used to determine
|
|
security and other policy to be applied to it along
|
|
its path through the cloud."
|
|
REVISION "201401300000Z"
|
|
DESCRIPTION
|
|
"Added following OBJECT-GROUP
|
|
- ciscoTrustSecCrtclAuthGroup
|
|
Added new compliance
|
|
- ciscoTrustSecMIBCompliance4."
|
|
REVISION "201209260000Z"
|
|
DESCRIPTION
|
|
"Added following OBJECT-GROUP
|
|
- ciscoTrustSecSwKeystoreNotifsInfoGroup
|
|
- ciscoTrustSecSwKeystoreNotifsControlGroup
|
|
- ciscoTrustSecSwKeystoreNotifsGroup
|
|
- ciscoTrustSecFileErrNotifsInfoGroup
|
|
- ciscoTrustSecNotifsMessageStringInfoGroup
|
|
- ciscoTrustSecCacheFileNotifsControlGroup
|
|
- ciscoTrustSecCacheFileNotifsGroup
|
|
- ciscoTrustSecCtrDrbgNotifsControlGroup
|
|
- ciscoTrustSecCtrDrbgNotifsGroup
|
|
Added new compliance
|
|
- ciscoTrustSecMIBCompliance3."
|
|
REVISION "201103150000Z"
|
|
DESCRIPTION
|
|
"Added support for ciscoTrustSecEnvSecGroupNameGroup."
|
|
REVISION "201009210000Z"
|
|
DESCRIPTION
|
|
"Initial version of this MIB module."
|
|
::= { ciscoMgmt 730 }
|
|
|
|
|
|
ciscoTrustSecMIBNotifs OBJECT IDENTIFIER
|
|
::= { ciscoTrustSecMIB 0 }
|
|
|
|
ciscoTrustSecMIBObjects OBJECT IDENTIFIER
|
|
::= { ciscoTrustSecMIB 1 }
|
|
|
|
ciscoTrustSecMIBConform OBJECT IDENTIFIER
|
|
::= { ciscoTrustSecMIB 2 }
|
|
|
|
ctsCacheObjects OBJECT IDENTIFIER
|
|
::= { ciscoTrustSecMIBObjects 1 }
|
|
|
|
ctsSgtObjects OBJECT IDENTIFIER
|
|
::= { ciscoTrustSecMIBObjects 2 }
|
|
|
|
ctsCredentialObjects OBJECT IDENTIFIER
|
|
::= { ciscoTrustSecMIBObjects 3 }
|
|
|
|
ctsEnvironmentDataObjects OBJECT IDENTIFIER
|
|
::= { ciscoTrustSecMIBObjects 4 }
|
|
|
|
ctsNotifsControlObjects OBJECT IDENTIFIER
|
|
::= { ciscoTrustSecMIBObjects 5 }
|
|
|
|
ctsNotifsInfoObjects OBJECT IDENTIFIER
|
|
::= { ciscoTrustSecMIBObjects 6 }
|
|
|
|
ctsCriticalAuthObjects OBJECT IDENTIFIER
|
|
::= { ciscoTrustSecMIBObjects 7 }
|
|
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Objects to manage caching functionality of TrustSec
|
|
-- -------------------------------------------------------------
|
|
|
|
ctsCacheEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies if the TrustSec cache is enabled in
|
|
the system."
|
|
::= { ctsCacheObjects 1 }
|
|
|
|
ctsCacheNvStorage OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object specifies the location on the device
|
|
where TrustSec cache files will be created.
|
|
|
|
The location may be specified in <device>:[directory] format,
|
|
where <device> can be (but not limited to): bootdisk:, disk0:,
|
|
disk1:.
|
|
|
|
A zero length string for this object indicates that no location
|
|
has been configured and system will decide the location of
|
|
TrustSec cache files."
|
|
::= { ctsCacheObjects 2 }
|
|
|
|
ctsCacheClear OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
all(2),
|
|
authzPolicies(3),
|
|
authzPoliciesPeer(4),
|
|
authzPoliciesSgt(5),
|
|
environmentData(6),
|
|
interfaceController(7)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object allows user to clear the cache files for
|
|
Cisco Trusted Security feature on this device.
|
|
|
|
When read, this object always returns the value 'none'.
|
|
|
|
'none' - No operation.
|
|
'all' - Clear all the cached information
|
|
'authzPolicies' - Clear all the cached authorization
|
|
policies.
|
|
'authzPoliciesPeer' - Clear the cached peer authorization
|
|
policies.
|
|
'authzPoliciesSgt' - Clear the cached SGT authorization
|
|
policies.
|
|
'environmentData' - Clear the cached environment data
|
|
'interfaceController' - Clear the cached interface controller
|
|
data."
|
|
::= { ctsCacheObjects 3 }
|
|
|
|
ctsSecurityGroupTagId OBJECT-TYPE
|
|
SYNTAX CtsSecurityGroupTag
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object allows user to specify the SGT for the packets
|
|
originating from this device.
|
|
|
|
A value of zero for this object indicates that no SGT has been
|
|
configured."
|
|
::= { ctsSgtObjects 1 }
|
|
|
|
ctsSgtAssignmentMethod OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
ingress(2),
|
|
egress(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the method used for assignment
|
|
of TrustSec SGT for the line cards without TrustSec
|
|
tagging capability.
|
|
|
|
'none' - assignment of TrustSec SGT is not enabled.
|
|
|
|
'ingress' - 'ingress' method is used for the assignment of
|
|
TrustSec SGT.
|
|
|
|
'egress' - 'egress' method is used for the assignment of
|
|
TrustSec SGT."
|
|
::= { ctsSgtObjects 2 }
|
|
|
|
ctsDeviceId OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object allows user to specify the identifier for
|
|
the device.
|
|
|
|
This identifier and the device password (specified by
|
|
ctsDevicePassword) are used together by the Cisco Trusted
|
|
Security feature for authenticating the device.
|
|
|
|
The value of this object must be set in the same PDU as
|
|
ctsDevicePasswordType and ctsDevicePassword.
|
|
|
|
The object may not be set to a zero length string.
|
|
|
|
The system will return a zero length string for this object
|
|
either when there is no value configured for this object or
|
|
TrustSec credentials for the device have been cleared by
|
|
setting ctsCredentialsClearAll to 'true'."
|
|
::= { ctsCredentialObjects 1 }
|
|
|
|
ctsDevicePasswordType OBJECT-TYPE
|
|
SYNTAX CtsPasswordEncryptionType
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the type of encryption employed
|
|
to encrypt password in ctsDevicePassword object.
|
|
|
|
Value for this object must be specified as 'clearText',
|
|
'typeSix' or 'typeSeven' in order to configure the password in
|
|
ctsDevicePassword.
|
|
|
|
The value of this object must be set in the same PDU as
|
|
ctsDevicePassword and ctsDeviceId.
|
|
|
|
When read, value of this object must be 'none' if
|
|
ctsDevicePassword is a zero length string.
|
|
|
|
The value of this object may not be set to 'none' or 'other'."
|
|
::= { ctsCredentialObjects 2 }
|
|
|
|
ctsDevicePassword OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object allows user to specify the password for
|
|
the device.
|
|
|
|
This password and the device identifier (specified by
|
|
ctsDeviceId) are used together by the Cisco Trusted Security
|
|
feature for authenticating the device.
|
|
|
|
The value of this object must be set in the same PDU as
|
|
ctsDevicePasswordType and ctsDeviceId.
|
|
|
|
The object may not be set to a zero length string.
|
|
|
|
When read, this object always returns the value of a
|
|
zero-length octet string."
|
|
::= { ctsCredentialObjects 3 }
|
|
|
|
ctsKeystoreType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
hardwareKeystore(1),
|
|
softwareEmulation(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the type of keystore employed
|
|
by the device.
|
|
|
|
'hardwareKeystore' - Keystore functionality is implemented
|
|
in hardware.
|
|
'softwareEmulation' - Keystore functionality is emulated
|
|
in software."
|
|
::= { ctsCredentialObjects 4 }
|
|
|
|
ctsKeystoreFwVersion OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the firmware version of
|
|
the hardware keystore.
|
|
|
|
This object is only instantiated when the value of
|
|
ctsKeystoreType is 'hardwareKeystore'."
|
|
::= { ctsCredentialObjects 5 }
|
|
|
|
ctsKeystoreFwAlerts OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the number of hardware
|
|
keystore alerts that occurred.
|
|
|
|
This object is only instantiated when the value of
|
|
ctsKeystoreType is 'hardwareKeystore'."
|
|
::= { ctsCredentialObjects 6 }
|
|
|
|
ctsKeystoreFwResets OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the number of times
|
|
the keystore firmware was reset.
|
|
|
|
This object is only instantiated when the value of
|
|
ctsKeystoreType is 'hardwareKeystore'."
|
|
::= { ctsCredentialObjects 7 }
|
|
|
|
ctsKeystoreRxTimeouts OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the number of times the system
|
|
timed out awaiting response from keystore firmware.
|
|
|
|
This object is only instantiated when the value of
|
|
ctsKeystoreType is 'hardwareKeystore'."
|
|
::= { ctsCredentialObjects 8 }
|
|
|
|
ctsKeystoreRxBadChecksums OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the number of message fragments
|
|
the system received from keystore firmware that had bad
|
|
checksum value.
|
|
|
|
This object is only instantiated when the value of
|
|
ctsKeystoreType is 'hardwareKeystore'."
|
|
::= { ctsCredentialObjects 9 }
|
|
|
|
ctsKeystoreRxBadFragmentLengths OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the number of message fragments
|
|
the system received from keystore firmware that had
|
|
illegal lengths.
|
|
|
|
This object is only instantiated when the value of
|
|
ctsKeystoreType is 'hardwareKeystore'."
|
|
::= { ctsCredentialObjects 10 }
|
|
|
|
ctsKeystoreCorruptions OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the number of times keystore
|
|
firmware reported detection of one or more corrupted
|
|
records in the hardware keystore.
|
|
|
|
This object is only instantiated when the value of
|
|
ctsKeystoreType is 'hardwareKeystore'."
|
|
::= { ctsCredentialObjects 11 }
|
|
|
|
ctsKeystorePasswordRecordTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CtsKeystorePasswordRecordEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of Cisco Trusted Security password records stored in
|
|
the hardware or software keystore of this device."
|
|
::= { ctsCredentialObjects 13 }
|
|
|
|
ctsKeystorePasswordRecordEntry OBJECT-TYPE
|
|
SYNTAX CtsKeystorePasswordRecordEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry describing individual password record in the
|
|
keystore of this device.
|
|
|
|
An entry will be created or deleted from this table when a
|
|
password record is added or removed from the keystore of
|
|
this device."
|
|
INDEX { IMPLIED ctsKeystorePasswordRecordName }
|
|
::= { ctsKeystorePasswordRecordTable 1 }
|
|
|
|
CtsKeystorePasswordRecordEntry ::= SEQUENCE {
|
|
ctsKeystorePasswordRecordName SnmpAdminString,
|
|
ctsKeystorePasswordRecordType CtsCredentialRecordType
|
|
}
|
|
|
|
ctsKeystorePasswordRecordName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (1..64))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object identifies a password record."
|
|
::= { ctsKeystorePasswordRecordEntry 1 }
|
|
|
|
ctsKeystorePasswordRecordType OBJECT-TYPE
|
|
SYNTAX CtsCredentialRecordType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the type of credential in this record."
|
|
::= { ctsKeystorePasswordRecordEntry 2 }
|
|
|
|
|
|
|
|
ctsKeystorePacRecordTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CtsKeystorePacRecordEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of Cisco Trusted Security PAC records stored in
|
|
the hardware or software keystore of this device."
|
|
::= { ctsCredentialObjects 14 }
|
|
|
|
ctsKeystorePacRecordEntry OBJECT-TYPE
|
|
SYNTAX CtsKeystorePacRecordEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry describing individual PAC record in the
|
|
keystore of this device.
|
|
|
|
An entry will be created or deleted by the system when a
|
|
PAC record is added or removed from the keystore of this
|
|
device."
|
|
INDEX { IMPLIED ctsKeystorePacRecordName }
|
|
::= { ctsKeystorePacRecordTable 1 }
|
|
|
|
CtsKeystorePacRecordEntry ::= SEQUENCE {
|
|
ctsKeystorePacRecordName CtsAcsAuthorityIdentity,
|
|
ctsKeystorePacRecordType CtsCredentialRecordType
|
|
}
|
|
|
|
ctsKeystorePacRecordName OBJECT-TYPE
|
|
SYNTAX CtsAcsAuthorityIdentity (SIZE (1..64))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of this PAC record."
|
|
::= { ctsKeystorePacRecordEntry 1 }
|
|
|
|
ctsKeystorePacRecordType OBJECT-TYPE
|
|
SYNTAX CtsCredentialRecordType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the type of credential in this record."
|
|
::= { ctsKeystorePacRecordEntry 2 }
|
|
|
|
|
|
|
|
ctsPacInfoTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CtsPacInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of PACs on this device."
|
|
::= { ctsCredentialObjects 15 }
|
|
|
|
ctsPacInfoEntry OBJECT-TYPE
|
|
SYNTAX CtsPacInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry providing management information of a particular PAC
|
|
record.
|
|
|
|
An entry can only be created dynamically by the system when
|
|
a new PAC is installed in the keystore. An entry will be deleted
|
|
from this table when the PAC is removed from the keystore by the
|
|
system or by the user."
|
|
INDEX { IMPLIED ctsPacAcsAuthId }
|
|
::= { ctsPacInfoTable 1 }
|
|
|
|
CtsPacInfoEntry ::= SEQUENCE {
|
|
ctsPacAcsAuthId CtsAcsAuthorityIdentity,
|
|
ctsPacAcsDescription SnmpAdminString,
|
|
ctsPacType INTEGER,
|
|
ctsPacExpirationTime DateAndTime,
|
|
ctsPacTimeToRefresh Unsigned32,
|
|
ctsPacStatus RowStatus
|
|
}
|
|
|
|
ctsPacAcsAuthId OBJECT-TYPE
|
|
SYNTAX CtsAcsAuthorityIdentity (SIZE (1..64))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the unique authority identity of the
|
|
ACS server from where the PAC was downloaded."
|
|
::= { ctsPacInfoEntry 1 }
|
|
|
|
ctsPacAcsDescription OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the description of the ACS server from
|
|
where the PAC was downloaded."
|
|
::= { ctsPacInfoEntry 2 }
|
|
|
|
ctsPacType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
unknown(1),
|
|
tunnel(2),
|
|
machineAuthentication(3),
|
|
userAuthorization(4),
|
|
posture(5),
|
|
ciscoTrustSec(6)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the type of PAC this entry represents.
|
|
|
|
'unknown' -
|
|
Any other type of PAC that is not covered below
|
|
|
|
'tunnel' -
|
|
Distributed shared secret between the peer and ACS that is
|
|
used to establish a secure tunnel and convey the policy of
|
|
what must and can occur in the tunnel.
|
|
|
|
'machineAuthentication' -
|
|
The Machine Authentication PAC contains information in the
|
|
PAC opaque that identifies the machine. It is meant to be
|
|
used by a machine when network access is required and no user
|
|
is logged in.
|
|
|
|
'userAuthorization' -
|
|
The User Authorization PAC contains information in the PAC
|
|
opaque that identifies a user and provides authorization
|
|
information. The User Authorization PAC is used to provide
|
|
user information during stateless session resumption so
|
|
user authentication MAY be skipped.
|
|
|
|
'posture' -
|
|
Distributed posture checking and authorization result based
|
|
on a previous posture validation. A posture PAC can be used
|
|
to optimize posture validation in the case of frequent
|
|
revalidations. This result is specific to the posture
|
|
validation application and may be used outside the contents
|
|
of EAP-FAST.
|
|
|
|
'ciscoTrustSec' -
|
|
A credential dynamically provisioned in phase 0 of EAP-FAST.
|
|
It is used by Trustsec to set up secure communications with
|
|
the server."
|
|
::= { ctsPacInfoEntry 3 }
|
|
|
|
ctsPacExpirationTime OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the time when this PAC will be expired."
|
|
::= { ctsPacInfoEntry 4 }
|
|
|
|
ctsPacTimeToRefresh OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the time left for this PAC to be
|
|
refreshed from the ACS."
|
|
::= { ctsPacInfoEntry 5 }
|
|
|
|
ctsPacStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to manage the deletion of rows
|
|
in this table. This object only supports the values
|
|
'active' and 'destroy'.
|
|
|
|
Setting this object to 'destroy' deletes this PAC.
|
|
|
|
When read, this object will always return 'active'."
|
|
::= { ctsPacInfoEntry 6 }
|
|
|
|
|
|
|
|
ctsCredentialsClearAll OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object allows user to clear all the PACs and Cisco
|
|
Trusted Security credentials on the device.
|
|
|
|
Setting the object to 'true' will clear all the PACs and
|
|
credentials.
|
|
|
|
When read, this object will always return 'false'."
|
|
::= { ctsCredentialObjects 16 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Objects to manage Environment Data of TrustSec
|
|
-- -------------------------------------------------------------
|
|
|
|
ctsEnvDataLastDownloadStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
succeeded(2),
|
|
failed(3),
|
|
inprogress(4),
|
|
incomplete(5),
|
|
timedout(6),
|
|
cleared(7)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of the last attempt to
|
|
download the Environment Data.
|
|
|
|
'other' - Any other state not covered by below
|
|
enumerations.
|
|
'succeeded' - Environment Data download completed successfully.
|
|
'failed' - Environment Data download failed.
|
|
'inprogress'- Environment Data download is in progress.
|
|
'incomplete'- Environment Data download is incomplete.
|
|
'timedout' - Environment Data download did not start and
|
|
timed out due to no response from the ACS.
|
|
'cleared' - Environment Data has been cleared by the user."
|
|
::= { ctsEnvironmentDataObjects 1 }
|
|
|
|
ctsEnvSecurityGroupTagId OBJECT-TYPE
|
|
SYNTAX CtsSecurityGroupTag
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the SGT for packets originating
|
|
on this device downloaded from the ACS.
|
|
|
|
A value of zero for this object indicates that no SGT has
|
|
been downloaded from the ACS."
|
|
::= { ctsEnvironmentDataObjects 2 }
|
|
|
|
ctsEnvSecurityGroupTagGenId OBJECT-TYPE
|
|
SYNTAX CtsGenerationId
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the generation identifier associated
|
|
with the downloaded SGT on this device."
|
|
::= { ctsEnvironmentDataObjects 3 }
|
|
|
|
ctsEnvDataLastUpdate OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the last time Cisco Trusted Security
|
|
Environment Data was successfully updated from ACS.
|
|
|
|
This object will contain 0-1-1,00:00:00:0 if Environment Data
|
|
has never been successfully updated from ACS."
|
|
::= { ctsEnvironmentDataObjects 4 }
|
|
|
|
ctsEnvDataRefreshInterval OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the time interval for which
|
|
Trusted Security Environment Data is valid.
|
|
|
|
The Trusted Security Environment Data will be refreshed i.e.
|
|
downloaded from the ACS after this time period has elapsed."
|
|
::= { ctsEnvironmentDataObjects 5 }
|
|
|
|
ctsEnvDataTimeLeft OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the time left for the currently
|
|
installed Trusted Security Environment Data to expire."
|
|
::= { ctsEnvironmentDataObjects 6 }
|
|
|
|
ctsEnvDataTimeToRefresh OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the time interval after which
|
|
Trusted Security Environment Data will be refreshed i.e.
|
|
downloaded from the ACS due to Environment Data expiration
|
|
or refresh failure."
|
|
::= { ctsEnvironmentDataObjects 7 }
|
|
|
|
ctsEnvDataSource OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
cached(2),
|
|
downloaded(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the source of current Environment Data
|
|
installed on the system.
|
|
|
|
'none' - No Environment Data is currently installed.
|
|
'cached' - Environment Data is installed from non-volatile
|
|
storage on the system.
|
|
'downloaded' - Environment Data is downloaded from the ACS."
|
|
::= { ctsEnvironmentDataObjects 8 }
|
|
|
|
ctsEnvDataAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
refresh(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object allows user to specify the action to be taken for
|
|
all the Cisco Trusted Security Environment Data on this device.
|
|
|
|
When read, this object always returns the value 'none'.
|
|
|
|
'none' - No operation.
|
|
'refresh' - Refresh all the Trusted Security Environment Data
|
|
on the device."
|
|
::= { ctsEnvironmentDataObjects 9 }
|
|
|
|
ctsEnvSecurityGroupNameTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CtsEnvSecurityGroupNameEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of Security Group Names in Cisco Trusted Security
|
|
environment."
|
|
::= { ctsEnvironmentDataObjects 16 }
|
|
|
|
ctsEnvSecurityGroupNameEntry OBJECT-TYPE
|
|
SYNTAX CtsEnvSecurityGroupNameEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry listing the name assigned to each SGT in
|
|
Cisco Trusted Security environment.
|
|
|
|
Entries will be populated in this table when system downloads
|
|
Security Group Name information as part of Trusted
|
|
Security Environment Data."
|
|
INDEX { ctsEnvSecurityGroupNameSgt }
|
|
::= { ctsEnvSecurityGroupNameTable 1 }
|
|
|
|
CtsEnvSecurityGroupNameEntry ::= SEQUENCE {
|
|
ctsEnvSecurityGroupNameSgt CtsSecurityGroupTag,
|
|
ctsEnvSecurityGroupNameSgtGenId CtsGenerationId,
|
|
ctsEnvSecurityGroupNameSgtFlag BITS,
|
|
ctsEnvSecurityGroupName SnmpAdminString
|
|
}
|
|
|
|
ctsEnvSecurityGroupNameSgt OBJECT-TYPE
|
|
SYNTAX CtsSecurityGroupTag (1..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object identifies a SGT in Trusted Security environment."
|
|
::= { ctsEnvSecurityGroupNameEntry 1 }
|
|
|
|
ctsEnvSecurityGroupNameSgtGenId OBJECT-TYPE
|
|
SYNTAX CtsGenerationId
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the Generation Identifier associated
|
|
with this SGT."
|
|
::= { ctsEnvSecurityGroupNameEntry 2 }
|
|
|
|
ctsEnvSecurityGroupNameSgtFlag OBJECT-TYPE
|
|
SYNTAX BITS {
|
|
recognizedSgt(0),
|
|
unicastSgt(1)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the flag associated with this SGT.
|
|
|
|
'recognizedSgt' - indicates a recognized SGT when set
|
|
to 1, else indicates a reserved SGT.
|
|
'unicastSgt' - indicates a unicast SGT when set
|
|
to 1, else indicates a multicast SGT."
|
|
::= { ctsEnvSecurityGroupNameEntry 3 }
|
|
|
|
ctsEnvSecurityGroupName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the Security Group Name assigned
|
|
to this SGT."
|
|
::= { ctsEnvSecurityGroupNameEntry 4 }
|
|
|
|
|
|
|
|
-- Notification-only information
|
|
|
|
ctsFileErrNotifReason OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
openFailedForWrite(1),
|
|
writeFailed(2),
|
|
openFailedForRead(3),
|
|
readFailed(4),
|
|
badMagic(5),
|
|
unexpectedEof(6),
|
|
badHeader(7)
|
|
}
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the reason file error related
|
|
notification was generated.
|
|
|
|
'openFailedForWrite' - System failed to open a file to
|
|
write TrustSec information.
|
|
'writeFailed' - System failed to write TrustSec
|
|
information to a file.
|
|
'openFailedForRead' - System failed to open a file to
|
|
read TrustSec information.
|
|
'readFailed' - System failed to read TrustSec
|
|
information from a file.
|
|
'badMagic' - A bad magic number was encountered
|
|
for a TrustSec file.
|
|
'unexpectedEof' - A record of unexpected length is found in
|
|
TrustSec file.
|
|
'badHeader' - Bad file header was encountered for a
|
|
TrustSec file."
|
|
::= { ctsNotifsInfoObjects 1 }
|
|
|
|
ctsSwKeystoreSyncFailNotifReason OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
ipcPortCreationFailed(1),
|
|
ipcPortOpenFailed(2),
|
|
ipcConnectionFailure(3),
|
|
ipcSendFailure(4),
|
|
standbyIncompatible(5),
|
|
syncProcessCreationFailed(6)
|
|
}
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the reason ctsSwKeystoreSyncFailNotif
|
|
notification was generated.
|
|
|
|
'ipcPortCreationFailed' - Keystore information could not be
|
|
synced because the system failed to
|
|
create port for Inter-Process
|
|
communication between the active
|
|
and the standby supervisors.
|
|
|
|
'ipcPortOpenFailed' - Keystore information could not be
|
|
synced because the system failed to
|
|
open port for Inter-Process
|
|
communication between the active
|
|
and the standby supervisors.
|
|
|
|
'ipcConnectionFailure' - Keystore information could not be
|
|
synced because Inter-Process
|
|
communication connection failed
|
|
between the active and the
|
|
standby supervisors.
|
|
|
|
'ipcSendFailure' - Keystore information could not be
|
|
synced because Inter-Process
|
|
Communication messages could not be
|
|
sent to the standby supervisor.
|
|
|
|
'standbyIncompatible' - Keystore information could not be
|
|
synced because the standby
|
|
supervisor is not compatible with
|
|
the active supervisor.
|
|
|
|
'syncProcessCreationFailed' - Keystore information could not
|
|
be synced because the system failed
|
|
to create the sync process."
|
|
::= { ctsNotifsInfoObjects 2 }
|
|
|
|
ctsNotifMessageString OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object indicates additional information for a TrustSec
|
|
notification."
|
|
::= { ctsNotifsInfoObjects 3 }
|
|
|
|
-- Notification Control
|
|
|
|
ctsSwKeystoreFileErrNotifEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies if the system generates
|
|
ctsSwKeystoreFileErrNotif.
|
|
|
|
A value of 'false' will prevent ctsSwKeystoreFileErrNotif
|
|
notifications from being generated by this system."
|
|
::= { ctsNotifsControlObjects 1 }
|
|
|
|
ctsSwKeystoreSyncFailNotifEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies if the system generates
|
|
ctsSwKeystoreSyncFailNotif.
|
|
|
|
A value of 'false' will prevent ctsSwKeystoreSyncFailNotif
|
|
notifications from being generated by this system."
|
|
::= { ctsNotifsControlObjects 2 }
|
|
|
|
ctsAuthzCacheFileErrNotifEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies if the system generates
|
|
ctsAuthzCacheFileErrNotif.
|
|
|
|
A value of 'false' will prevent ctsAuthzCacheFileErrNotif
|
|
notifications from being generated by this system."
|
|
::= { ctsNotifsControlObjects 3 }
|
|
|
|
ctsCacheFileAccessErrNotifEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies if the system generates
|
|
ctsCacheFileAccessErrNotif.
|
|
|
|
A value of 'false' will prevent ctsCacheFileAccessErrNotif
|
|
notifications from being generated by this system."
|
|
::= { ctsNotifsControlObjects 4 }
|
|
|
|
ctsSrcEntropyFailNotifEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies if the system generates
|
|
ctsSrcEntropyFailNotif.
|
|
|
|
A value of 'false' will prevent ctsSrcEntropyFailNotif
|
|
notifications from being generated by this system."
|
|
::= { ctsNotifsControlObjects 5 }
|
|
|
|
ctsSapRandomNumberFailNotifEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies if the system generates
|
|
ctsSapRandomNumberFailNotif.
|
|
|
|
A value of 'false' will prevent ctsSapRandomNumberFailNotif
|
|
notifications from being generated by this system."
|
|
::= { ctsNotifsControlObjects 6 }
|
|
|
|
ctsCriticalAuthEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies if the Critical-Auth functionality
|
|
is enabled in the system.
|
|
|
|
Setting the object to 'true' will enable Critical-Auth
|
|
functionality in the system and 'false' will disable the
|
|
Critical-Auth functionality. Before enable ctsCriticalAuthEnable
|
|
ctsCriticalAuthPeerSgt need to be configured."
|
|
::= { ctsCriticalAuthObjects 1 }
|
|
|
|
ctsCriticalAuthFallback OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
default(1),
|
|
cache(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the CTS Critical-Auth fallback
|
|
policy.
|
|
|
|
default - Critical-Auth fallback policy is default.
|
|
|
|
cache - Critical-Auth fallback policy is cache."
|
|
::= { ctsCriticalAuthObjects 2 }
|
|
|
|
ctsCriticalAuthPeerSgt OBJECT-TYPE
|
|
SYNTAX CtsSecurityGroupTag
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the CTS Critical-Auth SGT tag
|
|
of the remote peer.
|
|
|
|
ctsCriticalAuthPeerSgt cannot be set to zero when
|
|
ctsCriticalAuthEnable is enable.
|
|
|
|
ctsCriticalAuthPeerSgtTrust will be set to untrusted by default
|
|
during set operation of ctsCriticalAuthPeerSgt.
|
|
|
|
User need to explicitly override the ctsCriticalAuthPeerSgtTrust
|
|
to trusted if required."
|
|
::= { ctsCriticalAuthObjects 3 }
|
|
|
|
ctsCriticalAuthPeerSgtTrust OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the CTS Critical-Auth peer's sgt
|
|
trust state.
|
|
|
|
This object can only be set when ctsCriticalAuthPeerSgt is
|
|
non-zero."
|
|
::= { ctsCriticalAuthObjects 4 }
|
|
|
|
ctsCriticalAuthDefaultPmk OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0 | 32))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the CTS Critical-Auth default PMK
|
|
used by SAP.
|
|
|
|
The purpose of this object is to only allow configuration of
|
|
Critical-Auth PMK.
|
|
|
|
The ctsCriticalAuthViewDefaultPmk object is used to display the
|
|
default Critical-Auth PMK."
|
|
::= { ctsCriticalAuthObjects 5 }
|
|
|
|
ctsCriticalAuthViewDefaultPmk OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the CTS Critical-Auth default PMK.
|
|
|
|
The purpose of this object is to only display the configured
|
|
Critical-Auth PMK.
|
|
|
|
A zero length string for this objects indicates the SAP
|
|
negotiation is disabled.
|
|
|
|
The ctsCriticalAuthDefaultPmk object is used to configure
|
|
the PMK."
|
|
::= { ctsCriticalAuthObjects 6 }
|
|
|
|
-- Notifications
|
|
|
|
ctsSwKeystoreFileErrNotif NOTIFICATION-TYPE
|
|
OBJECTS { ctsFileErrNotifReason }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A ctsSwKeystoreFileErrNotif is generated when system
|
|
encounters an error while performing operation on the
|
|
software keystore file."
|
|
::= { ciscoTrustSecMIBNotifs 1 }
|
|
|
|
ctsSwKeystoreSyncFailNotif NOTIFICATION-TYPE
|
|
OBJECTS { ctsSwKeystoreSyncFailNotifReason }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A ctsSwKeystoreSyncFailNotifReason is generated when system
|
|
fails to sync software keystore information from the active
|
|
supervisor to the standby supervisor."
|
|
::= { ciscoTrustSecMIBNotifs 2 }
|
|
|
|
ctsAuthzCacheFileErrNotif NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
ctsFileErrNotifReason,
|
|
ctsNotifMessageString
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A ctsAuthzCacheFileErrNotif is generated when the system
|
|
encounters error downloading TrustSec authorization
|
|
related environment data to a cache file."
|
|
::= { ciscoTrustSecMIBNotifs 3 }
|
|
|
|
ctsCacheFileAccessErrNotif NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
ctsFileErrNotifReason,
|
|
ctsNotifMessageString
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A ctsCacheFileAccessErrNotif is generated when the
|
|
system fails to perform open/read/write operation
|
|
for a TrustSec cache file."
|
|
::= { ciscoTrustSecMIBNotifs 4 }
|
|
|
|
ctsSrcEntropyFailNotif NOTIFICATION-TYPE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A ctsSrcEntropyFailNotif is generated when
|
|
the periodic health tests for the CTR-DRBG (Counter-
|
|
Deterministic Random Bit Generator) implementation
|
|
fails due to issues with the source entropy."
|
|
::= { ciscoTrustSecMIBNotifs 5 }
|
|
|
|
ctsSapRandomNumberFailNotif NOTIFICATION-TYPE
|
|
OBJECTS { ctsNotifMessageString }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A ctsSapRandomNumberFailNotif is generated when the
|
|
the system fails to obtain a random number from
|
|
CTR-DRBG block for SAP (Security Association Protocol)
|
|
key-counter."
|
|
::= { ciscoTrustSecMIBNotifs 6 }
|
|
-- Conformance
|
|
|
|
ciscoTrustSecMIBCompliances OBJECT IDENTIFIER
|
|
::= { ciscoTrustSecMIBConform 1 }
|
|
|
|
ciscoTrustSecMIBGroups OBJECT IDENTIFIER
|
|
::= { ciscoTrustSecMIBConform 2 }
|
|
|
|
|
|
ciscoTrustSecMIBCompliance MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for the CISCO-TRUSTSEC-MIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
ciscoTrustSecCacheGroup,
|
|
ciscoTrustSecSgtGroup,
|
|
ciscoTrustSecCredentialsGroup,
|
|
ciscoTrustSecHwKeystoreInfoGroup,
|
|
ciscoTrustSecEnvDataGroup
|
|
}
|
|
|
|
GROUP ciscoTrustSecSgtAssignmentGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is mandatory for the
|
|
devices that support mechanism to assign SGT for
|
|
line cards without TrustSec tagging capability."
|
|
|
|
OBJECT ctsCacheEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsCacheNvStorage
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsCacheClear
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsSecurityGroupTagId
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsSgtAssignmentMethod
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsDeviceId
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsDevicePasswordType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsDevicePassword
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsPacStatus
|
|
SYNTAX INTEGER {
|
|
active(1)
|
|
}
|
|
WRITE-SYNTAX INTEGER {
|
|
destroy(6)
|
|
}
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsCredentialsClearAll
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsEnvDataAction
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
::= { ciscoTrustSecMIBCompliances 1 }
|
|
|
|
ciscoTrustSecMIBCompliance2 MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for the CISCO-TRUSTSEC-MIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
ciscoTrustSecCacheGroup,
|
|
ciscoTrustSecSgtGroup,
|
|
ciscoTrustSecCredentialsGroup,
|
|
ciscoTrustSecHwKeystoreInfoGroup,
|
|
ciscoTrustSecEnvDataGroup
|
|
}
|
|
|
|
GROUP ciscoTrustSecSgtAssignmentGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is mandatory for the
|
|
devices that support mechanism to assign SGT for
|
|
line cards without TrustSec tagging capability."
|
|
|
|
GROUP ciscoTrustSecEnvSecGroupNameGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is mandatory for the
|
|
devices that support Security Group Name functionality."
|
|
|
|
OBJECT ctsCacheEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsCacheNvStorage
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsCacheClear
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsSecurityGroupTagId
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsSgtAssignmentMethod
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsDeviceId
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsDevicePasswordType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsDevicePassword
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsPacStatus
|
|
SYNTAX INTEGER {
|
|
active(1)
|
|
}
|
|
WRITE-SYNTAX INTEGER {
|
|
destroy(6)
|
|
}
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsCredentialsClearAll
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsEnvDataAction
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
::= { ciscoTrustSecMIBCompliances 2 }
|
|
|
|
ciscoTrustSecMIBCompliance3 MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for the CISCO-TRUSTSEC-MIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
ciscoTrustSecCacheGroup,
|
|
ciscoTrustSecSgtGroup,
|
|
ciscoTrustSecCredentialsGroup,
|
|
ciscoTrustSecHwKeystoreInfoGroup,
|
|
ciscoTrustSecEnvDataGroup
|
|
}
|
|
|
|
GROUP ciscoTrustSecSgtAssignmentGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is mandatory for the
|
|
devices that support mechanism to assign SGT for
|
|
line cards without TrustSec tagging capability."
|
|
|
|
GROUP ciscoTrustSecEnvSecGroupNameGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is mandatory for the
|
|
devices that support Security Group Name functionality."
|
|
|
|
GROUP ciscoTrustSecSwKeystoreNotifsInfoGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is mandatory for the
|
|
devices that support software keystore notifications."
|
|
|
|
GROUP ciscoTrustSecSwKeystoreNotifsControlGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is mandatory for the
|
|
devices that support software keystore notifications."
|
|
|
|
GROUP ciscoTrustSecSwKeystoreNotifsGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is mandatory for the
|
|
devices that support software keystore notifications."
|
|
|
|
GROUP ciscoTrustSecFileErrNotifsInfoGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is mandatory for the
|
|
devices that support TrustSec keystore or cache file
|
|
error related notifications."
|
|
|
|
GROUP ciscoTrustSecNotifsMessageStringInfoGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is mandatory for the
|
|
devices that provide additional information for
|
|
TrustSec notifications."
|
|
|
|
GROUP ciscoTrustSecCacheFileNotifsControlGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is mandatory for the
|
|
devices that support TrustSec cache file error
|
|
notifications."
|
|
|
|
GROUP ciscoTrustSecCacheFileNotifsGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is mandatory for the
|
|
devices that support TrustSec cache file error
|
|
notifications."
|
|
|
|
GROUP ciscoTrustSecCtrDrbgNotifsControlGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is mandatory for the
|
|
devices that support CTR-DRBG error notifications."
|
|
|
|
GROUP ciscoTrustSecCtrDrbgNotifsGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is mandatory for the
|
|
devices that support CTR-DRBG error notifications."
|
|
|
|
OBJECT ctsCacheEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsCacheNvStorage
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsCacheClear
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsSecurityGroupTagId
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsSgtAssignmentMethod
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsDeviceId
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsDevicePasswordType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsDevicePassword
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsPacStatus
|
|
SYNTAX INTEGER {
|
|
active(1)
|
|
}
|
|
WRITE-SYNTAX INTEGER {
|
|
destroy(6)
|
|
}
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsCredentialsClearAll
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsEnvDataAction
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsSwKeystoreFileErrNotifEnable
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsSwKeystoreSyncFailNotifEnable
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsAuthzCacheFileErrNotifEnable
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsCacheFileAccessErrNotifEnable
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsSrcEntropyFailNotifEnable
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsSapRandomNumberFailNotifEnable
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
::= { ciscoTrustSecMIBCompliances 3 }
|
|
|
|
ciscoTrustSecMIBCompliance4 MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for the CISCO-TRUSTSEC-MIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
ciscoTrustSecCacheGroup,
|
|
ciscoTrustSecSgtGroup,
|
|
ciscoTrustSecCredentialsGroup,
|
|
ciscoTrustSecHwKeystoreInfoGroup,
|
|
ciscoTrustSecEnvDataGroup
|
|
}
|
|
|
|
GROUP ciscoTrustSecSgtAssignmentGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is mandatory for the
|
|
devices that support mechanism to assign SGT for
|
|
line cards without TrustSec tagging capability."
|
|
|
|
GROUP ciscoTrustSecEnvSecGroupNameGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is mandatory for the
|
|
devices that support Security Group Name functionality."
|
|
|
|
GROUP ciscoTrustSecSwKeystoreNotifsInfoGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is mandatory for the
|
|
devices that support software keystore notifications."
|
|
|
|
GROUP ciscoTrustSecSwKeystoreNotifsControlGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is mandatory for the
|
|
devices that support software keystore notifications."
|
|
|
|
GROUP ciscoTrustSecSwKeystoreNotifsGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is mandatory for the
|
|
devices that support software keystore notifications."
|
|
|
|
GROUP ciscoTrustSecFileErrNotifsInfoGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is mandatory for the
|
|
devices that support TrustSec keystore or cache file
|
|
error related notifications."
|
|
|
|
GROUP ciscoTrustSecNotifsMessageStringInfoGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is mandatory for the
|
|
devices that provide additional information for
|
|
TrustSec notifications."
|
|
|
|
GROUP ciscoTrustSecCacheFileNotifsControlGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is mandatory for the
|
|
devices that support TrustSec cache file error
|
|
notifications."
|
|
|
|
GROUP ciscoTrustSecCacheFileNotifsGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is mandatory for the
|
|
devices that support TrustSec cache file error
|
|
notifications."
|
|
|
|
GROUP ciscoTrustSecCtrDrbgNotifsControlGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is mandatory for the
|
|
devices that support CTR-DRBG error notifications."
|
|
|
|
GROUP ciscoTrustSecCtrDrbgNotifsGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is mandatory for the
|
|
devices that support CTR-DRBG error notifications."
|
|
|
|
GROUP ciscoTrustSecCrtclAuthGroup
|
|
DESCRIPTION
|
|
"Implementation of this group is mandatory for the
|
|
devices that support CTS Critical-Auth"
|
|
|
|
OBJECT ctsCacheEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsCacheNvStorage
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsCacheClear
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsSecurityGroupTagId
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsSgtAssignmentMethod
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsDeviceId
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsDevicePasswordType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsDevicePassword
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsPacStatus
|
|
SYNTAX INTEGER {
|
|
active(1)
|
|
}
|
|
WRITE-SYNTAX INTEGER {
|
|
destroy(6)
|
|
}
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsCredentialsClearAll
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsEnvDataAction
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsSwKeystoreFileErrNotifEnable
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsSwKeystoreSyncFailNotifEnable
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsAuthzCacheFileErrNotifEnable
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsCacheFileAccessErrNotifEnable
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsSrcEntropyFailNotifEnable
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsSapRandomNumberFailNotifEnable
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsCriticalAuthEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsCriticalAuthFallback
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsCriticalAuthPeerSgt
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsCriticalAuthPeerSgtTrust
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsCriticalAuthDefaultPmk
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
::= { ciscoTrustSecMIBCompliances 4 }
|
|
|
|
-- Units of Conformance
|
|
|
|
ciscoTrustSecCacheGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
ctsCacheEnabled,
|
|
ctsCacheNvStorage,
|
|
ctsCacheClear
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides the cache configuration
|
|
for TrustSec in the system."
|
|
::= { ciscoTrustSecMIBGroups 1 }
|
|
|
|
ciscoTrustSecSgtGroup OBJECT-GROUP
|
|
OBJECTS { ctsSecurityGroupTagId }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects to manage SGT for TrustSec."
|
|
::= { ciscoTrustSecMIBGroups 2 }
|
|
|
|
ciscoTrustSecCredentialsGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
ctsDeviceId,
|
|
ctsDevicePasswordType,
|
|
ctsDevicePassword,
|
|
ctsKeystoreType,
|
|
ctsKeystorePasswordRecordType,
|
|
ctsKeystorePacRecordType,
|
|
ctsPacAcsDescription,
|
|
ctsPacType,
|
|
ctsPacExpirationTime,
|
|
ctsPacTimeToRefresh,
|
|
ctsPacStatus,
|
|
ctsCredentialsClearAll
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects to manage credentials parameters for
|
|
TrustSec."
|
|
::= { ciscoTrustSecMIBGroups 3 }
|
|
|
|
ciscoTrustSecHwKeystoreInfoGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
ctsKeystoreFwVersion,
|
|
ctsKeystoreFwAlerts,
|
|
ctsKeystoreFwResets,
|
|
ctsKeystoreRxTimeouts,
|
|
ctsKeystoreRxBadChecksums,
|
|
ctsKeystoreRxBadFragmentLengths,
|
|
ctsKeystoreCorruptions
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects to manage hardware keystore for
|
|
TrustSec."
|
|
::= { ciscoTrustSecMIBGroups 4 }
|
|
|
|
ciscoTrustSecEnvDataGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
ctsEnvDataLastDownloadStatus,
|
|
ctsEnvSecurityGroupTagId,
|
|
ctsEnvSecurityGroupTagGenId,
|
|
ctsEnvDataLastUpdate,
|
|
ctsEnvDataRefreshInterval,
|
|
ctsEnvDataTimeLeft,
|
|
ctsEnvDataTimeToRefresh,
|
|
ctsEnvDataSource,
|
|
ctsEnvDataAction
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects to manage Environment Data for
|
|
TrustSec."
|
|
::= { ciscoTrustSecMIBGroups 5 }
|
|
|
|
ciscoTrustSecSgtAssignmentGroup OBJECT-GROUP
|
|
OBJECTS { ctsSgtAssignmentMethod }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects to manage assignment of TrustSec SGT."
|
|
::= { ciscoTrustSecMIBGroups 6 }
|
|
|
|
ciscoTrustSecEnvSecGroupNameGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
ctsEnvSecurityGroupNameSgtGenId,
|
|
ctsEnvSecurityGroupNameSgtFlag,
|
|
ctsEnvSecurityGroupName
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) to manage Security Group Name
|
|
information for TrustSec."
|
|
::= { ciscoTrustSecMIBGroups 7 }
|
|
|
|
ciscoTrustSecSwKeystoreNotifsInfoGroup OBJECT-GROUP
|
|
OBJECTS { ctsSwKeystoreSyncFailNotifReason }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) to provide information
|
|
regarding software keystore notifications for TrustSec."
|
|
::= { ciscoTrustSecMIBGroups 8 }
|
|
|
|
ciscoTrustSecSwKeystoreNotifsControlGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
ctsSwKeystoreFileErrNotifEnable,
|
|
ctsSwKeystoreSyncFailNotifEnable
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) to control software keystore
|
|
notifications for TrustSec."
|
|
::= { ciscoTrustSecMIBGroups 9 }
|
|
|
|
ciscoTrustSecSwKeystoreNotifsGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
ctsSwKeystoreFileErrNotif,
|
|
ctsSwKeystoreSyncFailNotif
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of software keystore related notifications for
|
|
TrustSec."
|
|
::= { ciscoTrustSecMIBGroups 10 }
|
|
|
|
ciscoTrustSecFileErrNotifsInfoGroup OBJECT-GROUP
|
|
OBJECTS { ctsFileErrNotifReason }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) to provide information
|
|
regarding file error related notifications for TrustSec."
|
|
::= { ciscoTrustSecMIBGroups 11 }
|
|
|
|
ciscoTrustSecNotifsMessageStringInfoGroup OBJECT-GROUP
|
|
OBJECTS { ctsNotifMessageString }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) to provide information
|
|
regarding TrustSec notification."
|
|
::= { ciscoTrustSecMIBGroups 12 }
|
|
|
|
ciscoTrustSecCacheFileNotifsControlGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
ctsAuthzCacheFileErrNotifEnable,
|
|
ctsCacheFileAccessErrNotifEnable
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) to control cache file
|
|
related notifications for TrustSec."
|
|
::= { ciscoTrustSecMIBGroups 13 }
|
|
|
|
ciscoTrustSecCacheFileNotifsGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
ctsAuthzCacheFileErrNotif,
|
|
ctsCacheFileAccessErrNotif
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of TrustSec cache file related notifications."
|
|
::= { ciscoTrustSecMIBGroups 14 }
|
|
|
|
ciscoTrustSecCtrDrbgNotifsControlGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
ctsSrcEntropyFailNotifEnable,
|
|
ctsSapRandomNumberFailNotifEnable
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object(s) to control CTR-DRBG related
|
|
notifications for TrustSec."
|
|
::= { ciscoTrustSecMIBGroups 15 }
|
|
|
|
ciscoTrustSecCtrDrbgNotifsGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
ctsSrcEntropyFailNotif,
|
|
ctsSapRandomNumberFailNotif
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of CTR-DRBG related notifications
|
|
for TrustSec."
|
|
::= { ciscoTrustSecMIBGroups 16 }
|
|
|
|
ciscoTrustSecCrtclAuthGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
ctsCriticalAuthEnabled,
|
|
ctsCriticalAuthFallback,
|
|
ctsCriticalAuthPeerSgt,
|
|
ctsCriticalAuthPeerSgtTrust,
|
|
ctsCriticalAuthDefaultPmk,
|
|
ctsCriticalAuthViewDefaultPmk
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of CTS Critical Auth Config
|
|
objects"
|
|
::= { ciscoTrustSecMIBGroups 17 }
|
|
|
|
END
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|