1184 lines
39 KiB
Plaintext
1184 lines
39 KiB
Plaintext
-- *****************************************************************
|
|
-- CISCO-TRUSTSEC-SERVER-MIB-MIB.my
|
|
--
|
|
-- August 2009, Liwei Lue
|
|
--
|
|
-- Copyright (c) 2009-2011 by Cisco Systems Inc,
|
|
-- All rights reserved.
|
|
--
|
|
-- *****************************************************************
|
|
|
|
CISCO-TRUSTSEC-SERVER-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
NOTIFICATION-TYPE,
|
|
Unsigned32
|
|
FROM SNMPv2-SMI
|
|
MODULE-COMPLIANCE,
|
|
OBJECT-GROUP,
|
|
NOTIFICATION-GROUP
|
|
FROM SNMPv2-CONF
|
|
StorageType,
|
|
RowStatus,
|
|
TruthValue
|
|
FROM SNMPv2-TC
|
|
InetAddressType,
|
|
InetAddress,
|
|
InetPortNumber
|
|
FROM INET-ADDRESS-MIB
|
|
SnmpAdminString
|
|
FROM SNMP-FRAMEWORK-MIB
|
|
CtsAcsAuthorityIdentity
|
|
FROM CISCO-TRUSTSEC-TC-MIB
|
|
ciscoMgmt
|
|
FROM CISCO-SMI;
|
|
|
|
|
|
ciscoTrustSecServerMIB MODULE-IDENTITY
|
|
LAST-UPDATED "201112070000Z"
|
|
ORGANIZATION "Cisco Systems, Inc."
|
|
CONTACT-INFO
|
|
"Cisco Systems
|
|
Customer Service
|
|
|
|
Postal: 170 W Tasman Drive
|
|
San Jose, CA 95134
|
|
USA
|
|
|
|
Tel: +1 800 553-NETS
|
|
|
|
E-mail: cs-lan-switch-snmp@cisco.com"
|
|
DESCRIPTION
|
|
"This MIB module defines management objects for
|
|
configuration and monitoring of the AAA servers
|
|
in Cisco Trusted Security environment.
|
|
|
|
Glossary:
|
|
|
|
AAA - Authentication, Authorization, Accounting
|
|
|
|
PAC - Protected Access Credential
|
|
|
|
RADIUS - Remote Authentication Dial In User Service
|
|
|
|
TrustSec - Cisco Trusted Security system
|
|
|
|
TrustSec seed device:
|
|
The seed devices is the one which has the AAA server
|
|
address manually configured. All devices that connect
|
|
to the seed device obtain the AAA server addresses
|
|
via authentication and authorization."
|
|
REVISION "201112070000Z"
|
|
DESCRIPTION
|
|
"Added following OBJECT-GROUP
|
|
- ciscoTrustSecServerMIBKeyWrapGroup
|
|
- ciscoTrustSecServerMIBNotifsCtrlGroup
|
|
- ciscoTrustSecServerMIBNotifsGroup
|
|
- ciscoTrustSecServerMIBNotifsOnlyInfoGroup
|
|
Added new compliance
|
|
- ciscoTrustSecServerMIBCompliance2."
|
|
REVISION "201006010000Z"
|
|
DESCRIPTION
|
|
"Initial version of this MIB module."
|
|
::= { ciscoMgmt 741 }
|
|
|
|
|
|
ciscoTrustSecServerMIBNotifs OBJECT IDENTIFIER
|
|
::= { ciscoTrustSecServerMIB 0 }
|
|
|
|
ciscoTrustSecServerMIBObjects OBJECT IDENTIFIER
|
|
::= { ciscoTrustSecServerMIB 1 }
|
|
|
|
ciscoTrustSecServerMIBConform OBJECT IDENTIFIER
|
|
::= { ciscoTrustSecServerMIB 2 }
|
|
|
|
ctsvGlobalServerConfigObjects OBJECT IDENTIFIER
|
|
::= { ciscoTrustSecServerMIBObjects 1 }
|
|
|
|
ctsvServerTestConfigObjects OBJECT IDENTIFIER
|
|
::= { ciscoTrustSecServerMIBObjects 2 }
|
|
|
|
ctsvProvisionedServerObjects OBJECT IDENTIFIER
|
|
::= { ciscoTrustSecServerMIBObjects 3 }
|
|
|
|
ctsvDownloadServerListObjects OBJECT IDENTIFIER
|
|
::= { ciscoTrustSecServerMIBObjects 4 }
|
|
|
|
ctsvDownloadServerObjects OBJECT IDENTIFIER
|
|
::= { ciscoTrustSecServerMIBObjects 5 }
|
|
|
|
ctsvNotificationControlObjects OBJECT IDENTIFIER
|
|
::= { ciscoTrustSecServerMIBObjects 6 }
|
|
|
|
ctsvNotificationOnlyInfoObjects OBJECT IDENTIFIER
|
|
::= { ciscoTrustSecServerMIBObjects 7 }
|
|
|
|
|
|
-- --------------------------------------------------------------
|
|
-- Objects to manage global TrustSec AAA server configuration
|
|
-- --------------------------------------------------------------
|
|
|
|
ctsvAuthorizationList OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the AAA server group which allows the
|
|
TrustSec AAA library to build an AAA method list.
|
|
|
|
Configuration of AAA named authorization list is only
|
|
needed for the TrustSec seed device."
|
|
::= { ctsvGlobalServerConfigObjects 1 }
|
|
|
|
ctsvServerDeadTime OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object specifies how long a downloaded server should
|
|
not be selected for service once it has been marked as dead."
|
|
::= { ctsvGlobalServerConfigObjects 2 }
|
|
|
|
ctsvServerLoadBalanceMethod OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
leastOutstanding(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the load-balance method used for
|
|
selecting a downloaded server.
|
|
|
|
none - no load-balance method used.
|
|
|
|
leastOutstanding - choose the server with least outstanding
|
|
transactions."
|
|
::= { ctsvGlobalServerConfigObjects 3 }
|
|
|
|
ctsvServerLoadBalanceBatchSize OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the size of the transaction batch
|
|
which need to be load-balanced while choosing a downloaded
|
|
server.
|
|
|
|
Setting this object may not be allowed if the value of
|
|
ctsvServerLoadBalanceMethod is 'none'."
|
|
::= { ctsvGlobalServerConfigObjects 4 }
|
|
|
|
ctsvUseSameProvisionedServer OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether using same provisioned PAC
|
|
server throughout an session.
|
|
|
|
Setting this object to 'false' means don't attempt to stay with
|
|
the same PAC server throughout an authentication session.
|
|
|
|
Setting this object may not be allowed if the value of
|
|
ctsvServerLoadBalanceMethod is 'none'."
|
|
::= { ctsvGlobalServerConfigObjects 5 }
|
|
|
|
ctsvAllServerTestEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether the server-aliveness automated
|
|
test is enabled for all TrustSec downloaded servers.
|
|
|
|
The server-aliveness automated test generates a periodic
|
|
test RADIUS request message to the downloaded server and
|
|
expects to get a response back in order to mark that
|
|
downloaded server as alive.
|
|
|
|
ctsvAllServerTestEnabled is used by those
|
|
servers which do not have per-server enable
|
|
configuration.
|
|
|
|
Setting ctsvAllServerTestEnabled affects all the
|
|
instances of ctsvServerTestEnabled in
|
|
ctsvServerTestConfigTable."
|
|
::= { ctsvGlobalServerConfigObjects 6 }
|
|
|
|
ctsvAllServerTestDeadTime OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the global server dead time
|
|
configuration for all TrustSec downloaded servers.
|
|
|
|
The value of deadtime indicates how long a server
|
|
should not be retried once it has been marked as
|
|
dead by the server-aliveness automated test.
|
|
|
|
ctsvAllServerTestDeadTime is used by those
|
|
servers which do not have per-server deadtime
|
|
configuration.
|
|
|
|
Setting ctsvAllServerTestDeadTime affects all the
|
|
instances of ctsvServerTestDeadTime in
|
|
ctsvServerTestConfigTable."
|
|
::= { ctsvGlobalServerConfigObjects 7 }
|
|
|
|
ctsvAllServerTestInterval OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "minutes"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the global test interval for all
|
|
TrustSec downloaded servers.
|
|
|
|
The value of interval indicates how frequent the test
|
|
RADIUS requests will be sent.
|
|
|
|
ctsvAllServerTestInterval is used by those
|
|
servers which do not have per-server test interval
|
|
configuration.
|
|
|
|
Setting ctsvAllServerTestInterval affects all the
|
|
instances of ctsvServerTestInterval in
|
|
ctsvServerTestConfigTable."
|
|
::= { ctsvGlobalServerConfigObjects 8 }
|
|
|
|
ctsvServerKeyWrapEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether the TrustSec key wrap is
|
|
enabled for all TrustSec downloaded servers."
|
|
::= { ctsvGlobalServerConfigObjects 9 }
|
|
-- --------------------------------------------------------------
|
|
-- Objects to manage per server aliveness automated test
|
|
-- --------------------------------------------------------------
|
|
|
|
ctsvServerTestConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CtsvServerTestConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of AAA servers with server specific TrustSec
|
|
server-aliveness automated test configuration.
|
|
|
|
This table contains exceptions from the global test
|
|
configuration. Entry which contains same values as what
|
|
are in ctsvAllServerTestEnabled,
|
|
ctsvAllServerTestDeadTime, and ctsvAllServerTestInterval
|
|
may be removed by the device.
|
|
|
|
It is up to the agent to accept or reject such identical
|
|
configuration."
|
|
::= { ctsvServerTestConfigObjects 1 }
|
|
|
|
ctsvServerTestConfigEntry OBJECT-TYPE
|
|
SYNTAX CtsvServerTestConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing the server-aliveness automated test
|
|
configuration of a particular AAA server.
|
|
|
|
An entry can be created, or deleted by using
|
|
ctsvServerTestRowStatus.
|
|
|
|
System may remove an entry automatically if
|
|
ctsvServerTestEnabled, ctsvServerTestDeadTime, and
|
|
ctsvServerTestInterval contain the same value as what are in
|
|
ctsvAllServerTestEnabled, ctsvAllServerTestDeadTime,
|
|
ctsvAllServerTestInterval.
|
|
|
|
Each AAA server is associated with a set of automatic
|
|
server-aliveness test configuration. By creating, deleting or
|
|
modifying an entry in this table, users can add, delete or
|
|
modify the server-aliveness configuration for a particular
|
|
AAA server."
|
|
INDEX {
|
|
ctsvServerTestAddrType,
|
|
ctsvServerTestAddr
|
|
}
|
|
::= { ctsvServerTestConfigTable 1 }
|
|
|
|
CtsvServerTestConfigEntry ::= SEQUENCE {
|
|
ctsvServerTestAddrType InetAddressType,
|
|
ctsvServerTestAddr InetAddress,
|
|
ctsvServerTestEnabled TruthValue,
|
|
ctsvServerTestDeadTime Unsigned32,
|
|
ctsvServerTestInterval Unsigned32,
|
|
ctsvServerTestStorageType StorageType,
|
|
ctsvServerTestRowStatus RowStatus
|
|
}
|
|
|
|
ctsvServerTestAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of Internet address for an AAA server."
|
|
::= { ctsvServerTestConfigEntry 1 }
|
|
|
|
ctsvServerTestAddr OBJECT-TYPE
|
|
SYNTAX InetAddress (SIZE (1..64))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Internet address for an AAA server.
|
|
The type of this address is determined by the value of the
|
|
ctsvServerTestAddrType object."
|
|
::= { ctsvServerTestConfigEntry 2 }
|
|
|
|
ctsvServerTestEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether the server-aliveness automated
|
|
test is enabled or disabled for the AAA server.
|
|
|
|
The server-aliveness automated test generates a periodic
|
|
test RADIUS request message to the downloaded server and
|
|
expects to get a response back in order to mark that
|
|
downloaded server as alive, otherwise will mark it as dead."
|
|
::= { ctsvServerTestConfigEntry 3 }
|
|
|
|
ctsvServerTestDeadTime OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the server-aliveness automated test
|
|
dead time for the AAA server.
|
|
|
|
The value of deadtime indicates how long a server
|
|
should not be retried once it has been marked as
|
|
dead by the server-aliveness automated test."
|
|
::= { ctsvServerTestConfigEntry 4 }
|
|
|
|
ctsvServerTestInterval OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "minutes"
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the server-aliveness automated test
|
|
interval for the AAA server.
|
|
|
|
The value of interval indicates how frequent the test
|
|
RADIUS requests will be sent."
|
|
::= { ctsvServerTestConfigEntry 5 }
|
|
|
|
ctsvServerTestStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The storage type for this conceptual row."
|
|
DEFVAL { volatile }
|
|
::= { ctsvServerTestConfigEntry 6 }
|
|
|
|
ctsvServerTestRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of this conceptual row.
|
|
All writable objects in this row may be modified at any time."
|
|
::= { ctsvServerTestConfigEntry 7 }
|
|
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Objects for the status of PAC provisioned servers
|
|
-- -------------------------------------------------------------
|
|
|
|
ctsvProvisionedServerTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CtsvProvisionedServerEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of AAA server which has been successfully provisioned
|
|
with a PAC."
|
|
::= { ctsvProvisionedServerObjects 1 }
|
|
|
|
ctsvProvisionedServerEntry OBJECT-TYPE
|
|
SYNTAX CtsvProvisionedServerEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry providing the information of the PAC provisioned
|
|
AAA server.
|
|
|
|
An entry will be created when the AAA server has been
|
|
successfully provisioned with PAC.
|
|
|
|
An entry will be removed when the server no longer
|
|
provisioned with PAC."
|
|
INDEX {
|
|
ctsvProvisionedServerAddrType,
|
|
ctsvProvisionedServerAddr
|
|
}
|
|
::= { ctsvProvisionedServerTable 1 }
|
|
|
|
CtsvProvisionedServerEntry ::= SEQUENCE {
|
|
ctsvProvisionedServerAddrType InetAddressType,
|
|
ctsvProvisionedServerAddr InetAddress,
|
|
ctsvProvisionedServerPort InetPortNumber,
|
|
ctsvProvisionedServerAuthorityId CtsAcsAuthorityIdentity,
|
|
ctsvProvisionedServerStatus INTEGER,
|
|
ctsvProvisionedServerTestEnabled TruthValue,
|
|
ctsvProvisionedServerTestInterval Unsigned32,
|
|
ctsvProvisionedServerTestDeadTime Unsigned32,
|
|
ctsvProvisionedServerKeyWrapEnabled TruthValue
|
|
}
|
|
|
|
ctsvProvisionedServerAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of Internet address of the provisioned server."
|
|
::= { ctsvProvisionedServerEntry 1 }
|
|
|
|
ctsvProvisionedServerAddr OBJECT-TYPE
|
|
SYNTAX InetAddress (SIZE (1..64))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Internet address of the provisioned server.
|
|
The type of this address is determined by the value of
|
|
the ctsvProvisionedServerAddrType object."
|
|
::= { ctsvProvisionedServerEntry 2 }
|
|
|
|
ctsvProvisionedServerPort OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value indicates the UDP port number used by the
|
|
provisioned server."
|
|
::= { ctsvProvisionedServerEntry 3 }
|
|
|
|
ctsvProvisionedServerAuthorityId OBJECT-TYPE
|
|
SYNTAX CtsAcsAuthorityIdentity
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the authority identity of the
|
|
provisioned server."
|
|
::= { ctsvProvisionedServerEntry 4 }
|
|
|
|
ctsvProvisionedServerStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
alive(1),
|
|
dead(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of the provisioned server."
|
|
::= { ctsvProvisionedServerEntry 5 }
|
|
|
|
ctsvProvisionedServerTestEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether the server-aliveness automated
|
|
test of the provisioned server is enabled."
|
|
::= { ctsvProvisionedServerEntry 6 }
|
|
|
|
ctsvProvisionedServerTestInterval OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "minutes"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the operational server-aliveness
|
|
automated test interval of the provisioned server.
|
|
|
|
The interval is used to indicate how often the test RADIUS
|
|
request should be sent to the PAC server."
|
|
::= { ctsvProvisionedServerEntry 7 }
|
|
|
|
ctsvProvisionedServerTestDeadTime OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the server-aliveness automated test
|
|
deadtime of the provisioned server.
|
|
|
|
The deadtime indicates how long the PAC provisioned server
|
|
should not be retried once it has been marked dead during the
|
|
server-aliveness automated test."
|
|
::= { ctsvProvisionedServerEntry 8 }
|
|
|
|
ctsvProvisionedServerKeyWrapEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the TrustSec key wrap operational
|
|
status of the provisioned server."
|
|
::= { ctsvProvisionedServerEntry 9 }
|
|
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Objects for the status of the TrustSec downloaded server list
|
|
-- -------------------------------------------------------------
|
|
|
|
ctsvDownloadServerListTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CtsvDownloadServerListEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of the downloaded server list in the TrustSec
|
|
system."
|
|
::= { ctsvDownloadServerListObjects 1 }
|
|
|
|
ctsvDownloadServerListEntry OBJECT-TYPE
|
|
SYNTAX CtsvDownloadServerListEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing the information of the specific
|
|
downloaded server list in TrustSec system.
|
|
|
|
An entry is created when a new downloaded server list
|
|
has been acquired during the TrustSec environment
|
|
data downloaded.
|
|
|
|
An entry will be removed if the downloaded server
|
|
list is removed after TrustSec environment data
|
|
refresh."
|
|
INDEX { IMPLIED ctsvDownloadServerListName }
|
|
::= { ctsvDownloadServerListTable 1 }
|
|
|
|
CtsvDownloadServerListEntry ::= SEQUENCE {
|
|
ctsvDownloadServerListName SnmpAdminString,
|
|
ctsvDownloadServerListGenNum OCTET STRING,
|
|
ctsvDownloadServerListServerCount Unsigned32
|
|
}
|
|
|
|
ctsvDownloadServerListName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the name of the downloaded
|
|
server list."
|
|
::= { ctsvDownloadServerListEntry 1 }
|
|
|
|
ctsvDownloadServerListGenNum OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..64))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A hexadecimal string indicating the generation number
|
|
of the specific downloaded server list."
|
|
::= { ctsvDownloadServerListEntry 2 }
|
|
|
|
ctsvDownloadServerListServerCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the number of servers within the
|
|
downloaded server list."
|
|
::= { ctsvDownloadServerListEntry 3 }
|
|
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Objects for the status of the TrustSec downloaded server
|
|
-- -------------------------------------------------------------
|
|
|
|
ctsvDownloadServerTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CtsvDownloadServerEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of downloaded server in the TrustSec system."
|
|
::= { ctsvDownloadServerObjects 1 }
|
|
|
|
ctsvDownloadServerEntry OBJECT-TYPE
|
|
SYNTAX CtsvDownloadServerEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing the information of the specific
|
|
downloaded server.
|
|
|
|
An entry is created when a downloaded server is added
|
|
during TrustSec environment data downloaded.
|
|
|
|
An entry is removed if the downloaded server
|
|
is removed after TrustSec environment data downloaded."
|
|
INDEX {
|
|
ctsvDownloadServerListName,
|
|
ctsvDownloadServerAddrType,
|
|
ctsvDownloadServerAddr
|
|
}
|
|
::= { ctsvDownloadServerTable 1 }
|
|
|
|
CtsvDownloadServerEntry ::= SEQUENCE {
|
|
ctsvDownloadServerAddrType InetAddressType,
|
|
ctsvDownloadServerAddr InetAddress,
|
|
ctsvDownloadServerPort InetPortNumber,
|
|
ctsvDownloadServerProvisioned TruthValue,
|
|
ctsvDownloadServerAuthorityId CtsAcsAuthorityIdentity,
|
|
ctsvDownloadServerStatus INTEGER,
|
|
ctsvDownloadServerTestEnabled TruthValue,
|
|
ctsvDownloadServerTestInterval Unsigned32,
|
|
ctsvDownloadServerTestDeadTime Unsigned32,
|
|
ctsvDownloadServerKeyWrapEnabled TruthValue
|
|
}
|
|
|
|
ctsvDownloadServerAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of Internet address of the downloaded
|
|
server."
|
|
::= { ctsvDownloadServerEntry 1 }
|
|
|
|
ctsvDownloadServerAddr OBJECT-TYPE
|
|
SYNTAX InetAddress (SIZE (1..64))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Internet address of the downloaded server.
|
|
The type of this address is determined by the value
|
|
of the ctsvDownloadServerAddrType object."
|
|
::= { ctsvDownloadServerEntry 2 }
|
|
|
|
ctsvDownloadServerPort OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the UDP port number used by the
|
|
downloaded server."
|
|
::= { ctsvDownloadServerEntry 3 }
|
|
|
|
ctsvDownloadServerProvisioned OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether the downloaded server have
|
|
been successfully provisioned."
|
|
::= { ctsvDownloadServerEntry 4 }
|
|
|
|
ctsvDownloadServerAuthorityId OBJECT-TYPE
|
|
SYNTAX CtsAcsAuthorityIdentity
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the Authorization Identifier
|
|
of the downloaded server."
|
|
::= { ctsvDownloadServerEntry 5 }
|
|
|
|
ctsvDownloadServerStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
alive(1),
|
|
dead(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of the downloaded server."
|
|
::= { ctsvDownloadServerEntry 6 }
|
|
|
|
ctsvDownloadServerTestEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether the server-aliveness automated
|
|
test of the downloaded server is currently enabled or
|
|
disabled."
|
|
::= { ctsvDownloadServerEntry 7 }
|
|
|
|
ctsvDownloadServerTestInterval OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "minutes"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the operational test interval of
|
|
the downloaded server.
|
|
|
|
The interval is used to indicate how often the test
|
|
RADIUS request should be sent to the downloaded server."
|
|
::= { ctsvDownloadServerEntry 8 }
|
|
|
|
ctsvDownloadServerTestDeadTime OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the operational deadtime of the
|
|
downloaded server."
|
|
::= { ctsvDownloadServerEntry 9 }
|
|
|
|
ctsvDownloadServerKeyWrapEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the TrustSec key wrap operational
|
|
status of the downloaded server.
|
|
|
|
Among all the servers in the same server list, only one
|
|
server can have operational key wrap enabled if the value
|
|
of ctsvAllServerKeyWrapEnabled is 'true'."
|
|
::= { ctsvDownloadServerEntry 10 }
|
|
|
|
|
|
|
|
-- Notifications Control
|
|
|
|
ctsvNoRadiusServerNotifEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This variable specifies whether the system generates the
|
|
ctsvNoRadiusServerNotif.
|
|
|
|
A value of 'false' will prevent ctsvNoRadiusServerNotif
|
|
notifications from being generated by this system."
|
|
::= { ctsvNotificationControlObjects 1 }
|
|
|
|
ctsvNoProvisionSecretNotifEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This variable specifies whether the system generates the
|
|
ctsvNoProvisionSecretNotif.
|
|
|
|
A value of 'false' will prevent ctsvNoProvisionSecretNotif
|
|
notifications from being generated by this system."
|
|
::= { ctsvNotificationControlObjects 2 }
|
|
|
|
-- Notifications Only Info
|
|
|
|
ctsvServerNotifMsg OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates detail message associated with
|
|
notifications."
|
|
::= { ctsvNotificationOnlyInfoObjects 1 }
|
|
|
|
ctsvServerNoProvisionSecretAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the type of IP address for which server
|
|
has no shared secret available for provisioning PAC."
|
|
::= { ctsvNotificationOnlyInfoObjects 2 }
|
|
|
|
ctsvServerNoProvisionSecretAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the IP address for which server has no
|
|
shared secret available for provisioning PAC.
|
|
|
|
The type of this address is determined by the value of
|
|
ctsvServerNoProvisionSecretAddrType object."
|
|
::= { ctsvNotificationOnlyInfoObjects 3 }
|
|
|
|
-- Notifications
|
|
|
|
ctsvNoRadiusServerNotif NOTIFICATION-TYPE
|
|
OBJECTS { ctsvServerNotifMsg }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A ctsvNoRadiusServerNotif is generated if there is no
|
|
RADIUS servers available for a CTS AAA request."
|
|
::= { ciscoTrustSecServerMIBNotifs 1 }
|
|
|
|
ctsvNoProvisionSecretNotif NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
ctsvServerNoProvisionSecretAddrType,
|
|
ctsvServerNoProvisionSecretAddr
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A ctsvNoProvisionSecretNotif is generated if the system
|
|
does not have share secret available in order to provision
|
|
a RADIUS server with PAC."
|
|
::= { ciscoTrustSecServerMIBNotifs 2 }
|
|
-- Conformance
|
|
|
|
ciscoTrustSecServerMIBCompliances OBJECT IDENTIFIER
|
|
::= { ciscoTrustSecServerMIBConform 1 }
|
|
|
|
ciscoTrustSecServerMIBGroups OBJECT IDENTIFIER
|
|
::= { ciscoTrustSecServerMIBConform 2 }
|
|
|
|
|
|
ciscoTrustSecServerMIBCompliance MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for the CISCO-TRUSTSEC-SERVER-MIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
ciscoTrustSecMIBServerConfigGroup,
|
|
ciscoTrustSecMIBGlobalServerTestGroup,
|
|
ciscoTrustSecMIBServerTestGroup,
|
|
ciscoTrustSecMIBProvisionedServerGroup,
|
|
ciscoTrustSecMIBDownloadServerListGroup,
|
|
ciscoTrustSecMIBDownloadServerGroup
|
|
}
|
|
|
|
OBJECT ctsvAuthorizationList
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsvServerDeadTime
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsvServerLoadBalanceMethod
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsvServerLoadBalanceBatchSize
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsvUseSameProvisionedServer
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsvAllServerTestEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsvAllServerTestDeadTime
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsvAllServerTestInterval
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsvServerTestEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"read-create access is not required."
|
|
|
|
OBJECT ctsvServerTestDeadTime
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"read-create access is not required."
|
|
|
|
OBJECT ctsvServerTestInterval
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"read-create access is not required."
|
|
|
|
OBJECT ctsvServerTestStorageType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"read-create access is not required."
|
|
|
|
OBJECT ctsvServerTestRowStatus
|
|
SYNTAX INTEGER {
|
|
active(1)
|
|
}
|
|
WRITE-SYNTAX INTEGER {
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"read-create access is not required."
|
|
::= { ciscoTrustSecServerMIBCompliances 1 }
|
|
|
|
ciscoTrustSecServerMIBCompliance2 MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for the CISCO-TRUSTSEC-SERVER-MIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
ciscoTrustSecMIBServerConfigGroup,
|
|
ciscoTrustSecMIBGlobalServerTestGroup,
|
|
ciscoTrustSecMIBServerTestGroup,
|
|
ciscoTrustSecMIBProvisionedServerGroup,
|
|
ciscoTrustSecMIBDownloadServerListGroup,
|
|
ciscoTrustSecMIBDownloadServerGroup
|
|
}
|
|
|
|
GROUP ciscoTrustSecServerMIBKeyWrapGroup
|
|
DESCRIPTION
|
|
"This group is mandatory for platforms which support
|
|
TrustSec key wrap feature."
|
|
|
|
GROUP ciscoTrustSecServerMIBNotifsCtrlGroup
|
|
DESCRIPTION
|
|
"This group is mandatory for platforms which support
|
|
TrustSec server notifications."
|
|
|
|
GROUP ciscoTrustSecServerMIBNotifsOnlyInfoGroup
|
|
DESCRIPTION
|
|
"This group is mandatory for platforms which support
|
|
TrustSec server notifications."
|
|
|
|
GROUP ciscoTrustSecServerMIBNotifsGroup
|
|
DESCRIPTION
|
|
"This group is mandatory for platforms which support
|
|
TrustSec server notifications."
|
|
|
|
OBJECT ctsvAuthorizationList
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsvServerDeadTime
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsvServerLoadBalanceMethod
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsvServerLoadBalanceBatchSize
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsvUseSameProvisionedServer
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsvAllServerTestEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsvAllServerTestDeadTime
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsvAllServerTestInterval
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsvServerTestEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"read-create access is not required."
|
|
|
|
OBJECT ctsvServerTestDeadTime
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"read-create access is not required."
|
|
|
|
OBJECT ctsvServerTestInterval
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"read-create access is not required."
|
|
|
|
OBJECT ctsvServerTestStorageType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"read-create access is not required."
|
|
|
|
OBJECT ctsvServerTestRowStatus
|
|
SYNTAX INTEGER {
|
|
active(1)
|
|
}
|
|
WRITE-SYNTAX INTEGER {
|
|
createAndGo(4),
|
|
destroy(6)
|
|
}
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"read-create access is not required."
|
|
|
|
OBJECT ctsvServerKeyWrapEnabled
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsvNoRadiusServerNotifEnable
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
|
|
OBJECT ctsvNoProvisionSecretNotifEnable
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Write access is not required."
|
|
::= { ciscoTrustSecServerMIBCompliances 2 }
|
|
|
|
-- Units of Conformance
|
|
|
|
ciscoTrustSecMIBServerConfigGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
ctsvAuthorizationList,
|
|
ctsvServerDeadTime,
|
|
ctsvServerLoadBalanceMethod,
|
|
ctsvServerLoadBalanceBatchSize,
|
|
ctsvUseSameProvisionedServer
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides the configuration
|
|
for TrustSec downloaded server group."
|
|
::= { ciscoTrustSecServerMIBGroups 1 }
|
|
|
|
ciscoTrustSecMIBGlobalServerTestGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
ctsvAllServerTestEnabled,
|
|
ctsvAllServerTestDeadTime,
|
|
ctsvAllServerTestInterval
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides the global
|
|
configuration of server-aliveness automated test."
|
|
::= { ciscoTrustSecServerMIBGroups 2 }
|
|
|
|
ciscoTrustSecMIBServerTestGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
ctsvServerTestEnabled,
|
|
ctsvServerTestDeadTime,
|
|
ctsvServerTestInterval,
|
|
ctsvServerTestStorageType,
|
|
ctsvServerTestRowStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides the per-server
|
|
configuration of server-aliveness automated test."
|
|
::= { ciscoTrustSecServerMIBGroups 3 }
|
|
|
|
ciscoTrustSecMIBProvisionedServerGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
ctsvProvisionedServerPort,
|
|
ctsvProvisionedServerAuthorityId,
|
|
ctsvProvisionedServerStatus,
|
|
ctsvProvisionedServerTestEnabled,
|
|
ctsvProvisionedServerTestInterval,
|
|
ctsvProvisionedServerTestDeadTime
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides the configuration for
|
|
the individual server in the PAC server list."
|
|
::= { ciscoTrustSecServerMIBGroups 4 }
|
|
|
|
ciscoTrustSecMIBDownloadServerListGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
ctsvDownloadServerListGenNum,
|
|
ctsvDownloadServerListServerCount
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides the configuration for
|
|
the individual downloaded server list."
|
|
::= { ciscoTrustSecServerMIBGroups 5 }
|
|
|
|
ciscoTrustSecMIBDownloadServerGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
ctsvDownloadServerPort,
|
|
ctsvDownloadServerProvisioned,
|
|
ctsvDownloadServerAuthorityId,
|
|
ctsvDownloadServerStatus,
|
|
ctsvDownloadServerTestEnabled,
|
|
ctsvDownloadServerTestInterval,
|
|
ctsvDownloadServerTestDeadTime
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides the configuration for
|
|
the individual server in the downloaded server group."
|
|
::= { ciscoTrustSecServerMIBGroups 6 }
|
|
|
|
ciscoTrustSecServerMIBKeyWrapGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
ctsvServerKeyWrapEnabled,
|
|
ctsvProvisionedServerKeyWrapEnabled,
|
|
ctsvDownloadServerKeyWrapEnabled
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that provides the Trustsec key wrap
|
|
information for the downloaded servers."
|
|
::= { ciscoTrustSecServerMIBGroups 7 }
|
|
|
|
ciscoTrustSecServerMIBNotifsCtrlGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
ctsvNoRadiusServerNotifEnable,
|
|
ctsvNoProvisionSecretNotifEnable
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing notification control for
|
|
TrustSec Server."
|
|
::= { ciscoTrustSecServerMIBGroups 8 }
|
|
|
|
ciscoTrustSecServerMIBNotifsOnlyInfoGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
ctsvServerNotifMsg,
|
|
ctsvServerNoProvisionSecretAddrType,
|
|
ctsvServerNoProvisionSecretAddr
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing the notification information
|
|
for TrustSec Server."
|
|
::= { ciscoTrustSecServerMIBGroups 9 }
|
|
|
|
ciscoTrustSecServerMIBNotifsGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
ctsvNoRadiusServerNotif,
|
|
ctsvNoProvisionSecretNotif
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of notifications for TrustSec server."
|
|
::= { ciscoTrustSecServerMIBGroups 10 }
|
|
|
|
END
|
|
|
|
|
|
|
|
|