WebApps/Observium_CE
1
0
Fork 0
Code Pull Requests Activity
Observium_CE/mibs/rfc/PKTC-IETF-MTA-MIB

2107 lines
96 KiB
Plaintext
Raw Permalink Blame History

-- extracted from rfc4682.txt
-- at Fri Dec 22 06:07:57 2006
PKTC-IETF-MTA-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY,
OBJECT-TYPE,
OBJECT-IDENTITY,
Unsigned32,
Counter32,
NOTIFICATION-TYPE,
mib-2
FROM SNMPv2-SMI -- [RFC2578]
TEXTUAL-CONVENTION,
RowStatus,
TruthValue
FROM SNMPv2-TC -- [RFC2579]
OBJECT-GROUP,
MODULE-COMPLIANCE,
NOTIFICATION-GROUP
FROM SNMPv2-CONF -- [RFC2580]
InetAddressType,
InetAddress
FROM INET-ADDRESS-MIB -- [RFC4001]
sysDescr
FROM SNMPv2-MIB -- [RFC3418]
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- [RFC3411]
DocsX509ASN1DEREncodedCertificate,
docsBpi2CodeDownloadGroup
FROM DOCS-IETF-BPI2-MIB -- [RFC4131]
ifPhysAddress
FROM IF-MIB; -- [RFC2863]
pktcIetfMtaMib MODULE-IDENTITY
LAST-UPDATED "200609180000Z" -- September 18, 2006
ORGANIZATION "IETF IP over Cable Data Network Working Group"
CONTACT-INFO
"Eugene Nechamkin
Broadcom Corporation,
200-13711 International Place,
Richmond, BC, V6V 2Z8
CANADA
Phone: +1 604 233 8500
Email: enechamkin@broadcom.com
Jean-Francois Mule
Cable Television Laboratories, Inc.
858 Coal Creek Circle
Louisville, CO 80027-9750
U.S.A.
Phone: +1 303 661 9100
Email: jf.mule@cablelabs.com
IETF IPCDN Working Group
General Discussion: ipcdn@ietf.org
Subscribe: http://www.ietf.org/mailman/listinfo/ipcdn
Archive: ftp://ftp.ietf.org/ietf-mail-archive/ipcdn
Co-Chair: Jean-Francois Mule, jf.mule@cablelabs.com
Co-Chair: Richard Woundy, Richard_Woundy@cable.comcast.com"
DESCRIPTION
"This MIB module defines the basic management object
for the Multimedia Terminal Adapter devices compliant
with PacketCable and IPCablecom requirements.
Copyright (C) The IETF Trust (2006). This version of
this MIB module is part of RFC 4682; see the RFC itself for
full legal notices."
REVISION "200609180000Z" -- September 18, 2006
DESCRIPTION
"Initial version, published as RFC 4682."
::= { mib-2 140 }
-- Textual Conventions
PktcMtaDevProvEncryptAlg ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
" This textual convention defines various types of the
encryption algorithms used for the encryption of the MTA
configuration file. The description of the encryption
algorithm for each enumerated value is as follows:
'none(0)' no encryption is used,
'des64CbcMode(1)' DES 64-bit key in CBC mode,
't3Des192CbcMode(2)' 3DES 192-bit key in CBC mode,
'aes128CbcMode(3)' AES 128-bit key in CBC mode,
'aes256CbcMode(4)' AES 256-bit key in CBC mode."
SYNTAX INTEGER {
none (0),
des64CbcMode (1),
t3Des192CbcMode (2),
aes128CbcMode (3),
aes256CbcMode (4)
}
--=================================================================
-- The MTA MIB module only supports a single Provisioning Server.
--=================================================================
pktcMtaNotification OBJECT IDENTIFIER ::= { pktcIetfMtaMib 0 }
pktcMtaMibObjects OBJECT IDENTIFIER ::= { pktcIetfMtaMib 1 }
pktcMtaDevBase OBJECT IDENTIFIER ::= { pktcMtaMibObjects 1 }
pktcMtaDevServer OBJECT IDENTIFIER ::= { pktcMtaMibObjects 2 }
pktcMtaDevSecurity OBJECT IDENTIFIER ::= { pktcMtaMibObjects 3 }
pktcMtaDevErrors OBJECT IDENTIFIER ::= { pktcMtaMibObjects 4 }
pktcMtaConformance OBJECT IDENTIFIER ::= { pktcIetfMtaMib 2 }
--
-- The following pktcMtaDevBase group describes the base MTA objects
--
pktcMtaDevResetNow OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This object controls the MTA software reset.
Reading this object always returns 'false'. Setting this
object to 'true' causes the device to reset immediately
and the following actions to occur:
1. All connections (if present) are flushed locally.
2. All current actions such as ringing immediately
terminate.
3. Requests for signaling notifications, such as
notification based on digit map recognition, are
flushed.
4. All endpoints are disabled.
5. The provisioning flow is started at step MTA-1.
If a value is written into an instance of
pktcMtaDevResetNow, the agent MUST NOT retain the supplied
value across MTA re-initializations or reboots."
REFERENCE
" PacketCable MTA Device Provisioning Specification."
::= { pktcMtaDevBase 1 }
pktcMtaDevSerialNumber OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object specifies the manufacturer's serial
number of this MTA. The value of this object MUST be
identical to the value specified in DHCP option 43,
sub-option 4. The list of sub-options for DHCP option
43 are defined in the PacketCable MTA Device
Provisioning Specification."
REFERENCE
" PacketCable MTA Device Provisioning Specification."
::= { pktcMtaDevBase 2 }
pktcMtaDevSwCurrentVers OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object identifies the software version currently
operating in the MTA.
The MTA MUST return a string descriptive of the current
software load. This object should use the syntax
defined by the individual vendor to identify the software
version. The data presented in this object MUST be
identical to the software version information contained
in the 'sysDescr' MIB object of the MTA. The value of
this object MUST be identical to the value specified in
DHCP option 43, sub-option 6. The list of sub-options for
DHCP option 43 are defined in the PacketCable MTA Device
Provisioning Specification."
REFERENCE
" PacketCable MTA Device Provisioning Specification."
::= { pktcMtaDevBase 3 }
pktcMtaDevFQDN OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object contains the Fully Qualified Domain Name for
this MTA. The MTA FQDN is used to uniquely identify the
device to the PacketCable back office elements."
::= { pktcMtaDevBase 4 }
pktcMtaDevEndPntCount OBJECT-TYPE
SYNTAX Unsigned32 (1..255)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object contains the number of physical endpoints for
this MTA."
::= { pktcMtaDevBase 5 }
pktcMtaDevEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This object contains the MTA Admin Status of this device.
If this object is set to 'true', the MTA is
administratively enabled, and the MTA MUST be able to
interact with the PacketCable entities, such as CMS,
Provisioning Server, KDC, and other MTAs and MGs on all
PacketCable interfaces.
If this object is set to 'false', the MTA is
administratively disabled, and the MTA MUST perform the
following actions for all endpoints:
- Shut down all media sessions, if present.
- Shut down Network Control Signaling (NCS)
signaling by following the Restart in
Progress procedures in the PacketCable NCS
specification.
The MTA must execute all actions required to
enable or disable the telephony services for all
endpoints immediately upon receipt of an SNMP SET
operation.
Additionally, the MTA MUST maintain the SNMP Interface
for management and also the SNMP Key management interface.
Also, the MTA MUST NOT continue Kerberized key management
with CMSes until this object is set to 'true'.
Note: MTAs MUST renew the CMS Kerberos tickets according
to the PacketCable Security or IPCablecom Specification.
If a value is written into an instance of
pktcMtaDevEnabled, the agent MUST NOT retain the supplied
value across MTA re-initializations or reboots."
REFERENCE
" PacketCable MTA Device Provisioning Specification;
PacketCable Security Specification;
PacketCable Network-Based Call Signaling Protocol
Specification."
::= { pktcMtaDevBase 6 }
pktcMtaDevTypeIdentifier OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object provides the MTA device type identifier. The
value of this object must be a copy of the DHCP option 60
value exchanged between the MTA and the DHCP server. The
DHCP option 60 value contains an ASCII-encoded string
identifying capabilities of the MTA as defined in the
PacketCable MTA Device Provisioning Specification."
REFERENCE
" RFC 2132, DHCP Options and BOOTP Vendor Extensions;
PacketCable MTA Device Provisioning Specification."
::= { pktcMtaDevBase 7 }
pktcMtaDevProvisioningState OBJECT-TYPE
SYNTAX INTEGER {
pass (1),
inProgress (2),
failConfigFileError (3),
passWithWarnings (4),
passWithIncompleteParsing (5),
failureInternalError (6),
failureOtherReason (7)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object indicates the completion state of the MTA
device provisioning process.
pass:
If the configuration file could be parsed successfully
and the MTA is able to reflect the same in its
MIB, the MTA MUST return the value 'pass'.
inProgress:
If the MTA is in the process of being provisioned,
the MTA MUST return the value 'inProgress'.
failConfigFileError:
If the configuration file was in error due to incorrect
values in the mandatory parameters, the MTA MUST reject
the configuration file, and the MTA MUST return the value
'failConfigFileError'.
passWithWarnings:
If the configuration file had proper values for all the
mandatory parameters but has errors in any of the optional
parameters (this includes any vendor-specific Object
Identifiers (OIDs) that are incorrect or not known
to the MTA), the MTA MUST return the value
'passWithWarnings'.
passWithIncompleteParsing:
If the configuration file is valid but the MTA cannot
reflect the same in its configuration (for example, too
many entries caused memory exhaustion), it must accept
the CMS configuration entries related, and the MTA MUST
return the value 'passWithIncompleteParsing'.
failureInternalError:
If the configuration file cannot be parsed due to an
Internal error, the MTA MUST return the value
'failureInternalError'.
failureOtherReason:
If the MTA cannot accept the configuration file for any
other reason than the ones stated above, the MTA MUST
return the value 'failureOtherReason'.
When a final SNMP INFORM is sent as part of Step 25 of the
MTA Provisioning process, this parameter is also included
in the final INFORM message."
REFERENCE
" PacketCable MTA Device Provisioning Specification."
::= { pktcMtaDevBase 8 }
pktcMtaDevHttpAccess OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object indicates whether the HTTP protocol is
supported for the MTA configuration file transfer."
::= { pktcMtaDevBase 9 }
pktcMtaDevProvisioningTimer OBJECT-TYPE
SYNTAX Unsigned32 (0..30)
UNITS "minutes"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This object defines the time interval for the provisioning
flow to complete. The MTA MUST finish all provisioning
operations starting from the moment when an MTA receives
its DHCP ACK and ending at the moment when the MTA
downloads its configuration file (e.g., MTA5 to MTA23)
within the period of time set by this object.
Failure to comply with this condition constitutes
a provisioning flow failure. If the object is set to 0,
the MTA MUST ignore the provisioning timer condition.
If a value is written into an instance of
pktcMtaDevProvisioningTimer, the agent MUST NOT retain the
supplied value across MTA re-initializations or reboots."
REFERENCE
" PacketCable MTA Device Provisioning Specification."
DEFVAL {10}
::= {pktcMtaDevBase 10}
pktcMtaDevProvisioningCounter OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object counts the number of times the
provisioning cycle has looped through step MTA-1."
::= {pktcMtaDevBase 11}
pktcMtaDevErrorOidsTable OBJECT-TYPE
SYNTAX SEQUENCE OF PktcMtaDevErrorOidsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" This table contains the list of configuration errors or
warnings the MTA encountered when parsing the
configuration file it received from the Provisioning
Server.
For each error, an entry is created in this table,
containing the configuration parameters the MTA rejected
and the associated reason (e.g., wrong or unknown OID,
inappropriate object values). If the MTA
did not report a provisioning state of 'pass(1)' in
the pktcMtaDevProvisioningState object, this table MUST be
populated for each error or warning instance. Even if
different parameters share the same error type (e.g., all
realm name configuration parameters are invalid), all
observed errors or warnings must be reported as
different instances. Errors are placed into the table in
no particular order. The table MUST be cleared each time
the MTA reboots."
REFERENCE
" PacketCable MTA Device Provisioning Specification."
::= {pktcMtaDevBase 12 }
pktcMtaDevErrorOidsEntry OBJECT-TYPE
SYNTAX PktcMtaDevErrorOidsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" This entry contains the necessary information the MTA MUST
attempt to provide in case of configuration file errors or
warnings."
INDEX { pktcMtaDevErrorOidIndex }
::= {pktcMtaDevErrorOidsTable 1}
PktcMtaDevErrorOidsEntry ::= SEQUENCE {
pktcMtaDevErrorOidIndex Unsigned32,
pktcMtaDevErrorOid SnmpAdminString,
pktcMtaDevErrorValue SnmpAdminString,
pktcMtaDevErrorReason SnmpAdminString
}
pktcMtaDevErrorOidIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..1024)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" This object is the index of the MTA configuration error
table. It is an integer value that starts at value '1'
and is incremented for each encountered configuration
file error or warning.
The maximum number of errors or warnings that can be
recorded in the pktcMtaDevErrorOidsTable is set to 1024 as
a configuration file is usually validated by operators
before deployment. Given the possible number of
configuration parameter assignments in the MTA
configuration file, 1024 is perceived as a sufficient
limit even with future extensions.
If the number of the errors in the configuration file
exceeds 1024, all errors beyond the 1024th one MUST
be ignored and not be reflected in the
pktcMtaDevErrorOidsTable."
::= {pktcMtaDevErrorOidsEntry 1}
pktcMtaDevErrorOid OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object contains a human readable representation
(character string) of the OID corresponding to the
configuration file parameter that caused the particular
error.
For example, if the value of the pktcMtaDevEnabled object
in the configuration file caused an error, then this
object instance will contain the human-readable string of
'1.3.6.1.2.1.140.1.1.6.0'.
If the MTA generated an error because it was not able
to recognize a particular OID, then this object
instance would contain an empty value (zero-length
string).
For example, if the value of an OID in the configuration
file was interpreted by the MTA as being 1.2.3.4.5, and if
the MTA was not able to recognize this OID as a valid one,
this object instance will contain a zero-length string.
If the number of errors in the configuration file exceeds
1024, then for all subsequent errors, the
pktcMtaDevErrorOid of the table's 1024th entry MUST
contain a human-readable representation of the
pktcMtaDevErrorsTooManyErrors object; i.e., the string
'1.3.6.1.2.1.140.1.1.4.1.0'.
Note that the syntax of this object is SnmpAdminString
instead of OBJECT IDENTIFIER because the object value may
not be a valid OID due to human or configuration tool
encoding errors."
::= {pktcMtaDevErrorOidsEntry 2}
pktcMtaDevErrorValue OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object contains the value of the OID corresponding to
the configuration file parameter that caused the error.
If the MTA cannot recognize the OID of the
configuration parameter causing the error, then this
object instance contains the OID itself as interpreted
by the MTA in human-readable representation.
If the MTA can recognize the OID but generate an error due
to a wrong value of the parameter, then the object
instance contains the erroneous value of the parameter as
read from the configuration file.
In both cases, the value of this object must be
represented in human-readable form as a character string.
For example, if the value of the pktcMtaDevEnabled object
in the configuration file was 3 (invalid value), then the
pktcMtaDevErrorValue object instance will contain the
human-readable (string) representation of value '3'.
Similarly, if the OID in the configuration file has been
interpreted by the MTA as being 1.2.3.4.5 and the MTA
cannot recognize this OID as a valid one, then this
pktcMtaDevErrorValue object instance will contain human
readable (string) representation of value '1.2.3.4.5'.
If the number of errors in the configuration file exceeds
1024, then for all subsequent errors, the
pktcMtaDevErrorValue of the table's 1024th entry MUST
contain a human-readable representation of the
pktcMtaDevErrorsTooManyErrors object; i.e., the string
'1.3.6.1.2.1.140.1.1.4.1.0'."
::= {pktcMtaDevErrorOidsEntry 3}
pktcMtaDevErrorReason OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object indicates the reason for the error or warning,
as per the MTA's interpretation, in human-readable form.
For example:
'VALUE NOT IN RANGE', 'VALUE DOES NOT MATCH TYPE',
'UNSUPPORTED VALUE', 'LAST 4 BITS MUST BE SET TO ZERO',
'OUT OF MEMORY - CANNOT STORE'.
This object may also contain vendor specific errors for
private vendor OIDs and any proprietary error codes or
messages that can help diagnose configuration errors.
If the number of errors in the configuration file exceeds
1024, then for all subsequent errors, the
pktcMtaDevErrorReason of the table's 1024th entry MUST
contain a human-readable string indicating the reason
for an error; for example,
'Too many errors in the configuration file'."
::= {pktcMtaDevErrorOidsEntry 4}
--
-- The following group describes server access and parameters used
-- for the initial MTA provisioning and bootstrapping phases.
--
pktcMtaDevDhcpServerAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object contains the Internet address type for the
PacketCable DHCP servers specified in MTA MIB."
DEFVAL { ipv4 }
::= { pktcMtaDevServer 1}
pktcMtaDevServerDhcp1 OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object contains the Internet Address of the primary
DHCP server the MTA uses during provisioning.
The type of this address is determined by the value of
the pktcMtaDevDhcpServerAddressType object.
When the latter has the value 'ipv4(1)', this object
contains the IP address of the primary DHCP
server. It is provided by the CM to the MTA via the DHCP
option code 122, sub-option 1, as defined in RFC 3495.
The behavior of this object when the value of
pktcMtaDevDhcpServerAddressType is other than 'ipv4(1)'
is not presently specified, but it may be specified
in future versions of this MIB module.
If this object is of value
0.0.0.0, the MTA MUST stop all provisioning
attempts, as well as all other activities.
If this object is of value 255.255.255.255, it means
that there was no preference given for the primary
DHCP server, and, the MTA must follow the logic of
RFC2131, and the value of DHCP option 122,
sub-option 2, must be ignored."
REFERENCE
" PacketCable MTA Device Provisioning Specification;
RFC 2131, Dynamic Host Configuration Protocol;
RFC 3495, DHCP Option for CableLabs Client Configuration."
::= { pktcMtaDevServer 2 }
pktcMtaDevServerDhcp2 OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object contains the Internet Address of the secondary
DHCP server the MTA uses during provisioning.
The type of this address is determined by the value of
the pktcMtaDevDhcpServerAddressType object.
When the latter has the value 'ipv4(1)', this object
contains the IP address of the secondary DHCP
server. It is provided by the CM to the MTA via the DHCP
option code 122, sub-option 2, as defined in RFC 3495.
The behavior of this object when the value of
pktcMtaDevDhcpServerAddressType is other than 'ipv4(1)'
is not presently specified, but it may be specified
in future versions of this MIB module.
If there was no secondary DHCP server provided in DHCP
Option 122, sub-option 2, this object must return the value
0.0.0.0."
REFERENCE
" PacketCable MTA Device Provisioning Specification;
RFC 3495, DHCP Option for CableLabs Client Configuration."
::= { pktcMtaDevServer 3 }
pktcMtaDevDnsServerAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object contains the Internet address type for the
PacketCable DNS servers specified in MTA MIB."
DEFVAL { ipv4 }
::= { pktcMtaDevServer 4}
pktcMtaDevServerDns1 OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This object contains the IP Address of the primary
DNS server to be used by the MTA. The type of this address
is determined by the value of the
pktcMtaDevDnsServerAddressType object.
When the latter has the value 'ipv4(1)', this object
contains the IP address of the primary DNS server.
As defined in RFC 2132, PacketCable-compliant MTAs receive
the IP addresses of the DNS Servers in DHCP option 6.
The behavior of this object when the value of
pktcMtaDevDnsServerAddressType is other than 'ipv4(1)'
is not presently specified, but it may be specified
in future versions of this MIB module.
If a value is written into an instance of
pktcMtaDevServerDns1, the agent MUST NOT retain the
supplied value across MTA re-initializations or reboots."
REFERENCE
" PacketCable MTA Device Provisioning Specification;
RFC 2132, DHCP Options and BOOTP Vendor Extensions."
::= { pktcMtaDevServer 5 }
pktcMtaDevServerDns2 OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This object contains the IP Address of the secondary
DNS server to be used by the MTA. The type of this address
is determined by the value of the
pktcMtaDevDnsServerAddressType object.
When the latter has the value 'ipv4(1)', this object
contains the IP address of the secondary DNS
server. As defined in RFC 2132, PacketCable-compliant MTAs
receive the IP addresses of the DNS Servers in DHCP
option 6.
The behavior of this object when the value of
pktcMtaDevDnsServerAddressType is other than 'ipv4(1)'
is not presently specified, but it may be specified
in future versions of this MIB module.
If a value is written into an instance of
pktcMtaDevServerDns2, the agent MUST NOT retain the
supplied value across MTA re-initializations or reboots."
REFERENCE
" PacketCable MTA Device Provisioning Specification;
RFC 2132, DHCP Options and BOOTP Vendor Extensions."
::= { pktcMtaDevServer 6 }
pktcMtaDevTimeServerAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object contains the Internet address type for the
PacketCable Time servers specified in MTA MIB."
DEFVAL { ipv4 }
::= { pktcMtaDevServer 7}
pktcMtaDevTimeServer OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This object contains the Internet Address of the Time
Server used by an S-MTA for Time Synchronization. The type
of this address is determined by the value of the
pktcMtaDevTimeServerAddressType object.
When the latter has the value 'ipv4(1)', this object
contains the IP address of the Time Server used for Time
Synchronization.
In the case of an S-MTA, this object must be
populated with a value other than 0.0.0.0 as obtained
from DHCP option 4. The protocol by which the time of day
MUST be retrieved is defined in RFC 868.
In the case of an E-MTA, this object must contain a
value of 0.0.0.0 if the address type is 'ipv4(1)' since
an E-MTA does not use the Time Protocol for time
synchronization (an E-MTA uses the time retrieved by the
DOCSIS cable modem).
The behavior of this object when the value of
pktcMtaDevTimeServerAddressType is other than 'ipv4(1)'
is not presently specified, but it may be specified in
future versions of this MIB module.
If a value is written into an instance of
pktcMtaDevTimeServer, the agent MUST NOT retain the
supplied value across MTA re-initializations or reboots."
REFERENCE
" RFC 868, Time Protocol;
RFC 2131, Dynamic Host Configuration Protocol;
RFC 2132, DHCP Options and BOOTP Vendor Extensions."
::= { pktcMtaDevServer 8}
pktcMtaDevConfigFile OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This object specifies the MTA device configuration file
information, including the access method, the server name,
and the configuration file name. The value of this object
is the Uniform Resource Locator (URL) of the configuration
file for TFTP or HTTP download.
If this object value is a TFTP URL, it must be formatted
as defined in RFC 3617.
If this object value is an HTTP URL, it must be formatted
as defined in RFC 2616.
If the MTA SNMP Enrollment mechanism is used, then the MTA
must download the file provided by the Provisioning Server
during provisioning via an SNMP SET on this object.
If the MTA SNMP Enrollment mechanism is not used, this
object MUST contain the URL value corresponding to the
'siaddr' and 'file' fields received in the DHCP ACK to
locate the configuration file: the 'siaddr' and 'file'
fields represent the host and file of the TFTP URL,
respectively. In this case, the MTA MUST return an
'inconsistentValue' error in response to SNMP SET
operations.
The MTA MUST return a zero-length string if the server
address (host part of the URL) is unknown.
If a value is written into an instance of
pktcMtaDevConfigFile, the agent MUST NOT retain the
supplied value across MTA re-initializations or reboots."
REFERENCE
" PacketCable MTA Device Provisioning Specification;
RFC 3617, URI Scheme for TFTP; RFC 2616, HTTP 1.1"
::= { pktcMtaDevServer 9 }
pktcMtaDevSnmpEntity OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object contains the FQDN of the SNMP entity of the
Provisioning Server. When the MTA SNMP Enrollment
Mechanism is used, this object represents the server that
the MTA communicates with, that it receives the
configuration file URL from, and that it sends the
enrollment notification to. The SNMP entity is also the
destination entity for all the provisioning
notifications. It may be used for post-provisioning
SNMP operations. During the provisioning phase, this
SNMP entity FQDN is supplied to the MTA via DHCP option
122, sub-option 3, as defined in RFC 3495. The MTA must
resolve the FQDN value before its very first network
interaction with the SNMP entity during the provisioning
phase."
REFERENCE
" PacketCable MTA Device Provisioning Specification;
RFC 3495, DHCP Option for CableLabs Client Configuration."
::= { pktcMtaDevServer 10 }
pktcMtaDevProvConfigHash OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(20))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This object contains the hash value of the contents of the
configuration file.
The authentication algorithm is Secure Hashing Algorithm
1 (SHA-1), and the length is 160 bits. The hash
calculation MUST follow the requirements defined in the
PacketCable Security Specification. When the MTA SNMP
Enrollment mechanism is used, this hash value is
calculated and sent to the MTA prior to sending the
config file. This object value is then provided by the
Provisioning server via an SNMP SET operation.
When the MTA SNMP Enrollment mechanism is not in use, the
hash value is provided in the configuration file itself,
and it is also calculated by the MTA. This object value
MUST represent the hash value calculated by the MTA.
When the MTA SNMP Enrollment mechanism is not in use, the
MTA must reject all SNMP SET operations on this object and
return an 'inconsistentValue' error.
If a value is written into an instance of
pktcMtaDevProvConfigHash, the agent MUST NOT retain the
supplied value across MTA re-initializations or reboots."
REFERENCE
" PacketCable MTA Device Provisioning Specification;
PacketCable Security Specification."
::= { pktcMtaDevServer 11 }
pktcMtaDevProvConfigKey OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(32))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This object contains the key used to encrypt/decrypt
the configuration file when secure SNMPv3 provisioning
is used.
The value of this object is provided along with the
configuration file information (pktcMtaDevConfigFile)
and hash (pktcMtaDevProvConfigHash) by the Provisioning
Server via SNMP SET once the configuration file has been
created, as defined by the PacketCable Security
specification.
The privacy algorithm is defined by the
pktcMtaDevProvConfigEncryptAlg MIB object. The
MTA requirements related to the privacy algorithm are
defined in the PacketCable Security Specification.
If this object is set at any other provisioning step than
that allowed by the PacketCable MTA Device
Provisioning Specification, the MTA SHOULD return
an 'inconsistentValue' error.
This object must not be used in non secure provisioning
mode. In non-secure provisioning modes, the MTA SHOULD
return an 'inconsistentValue' in response to SNMP SET
operations, and the MTA SHOULD return a zero-length
string in response to SNMP GET operations.
If a value is written into an instance of
pktcMtaDevProvConfigKey, the agent MUST NOT retain the
supplied value across MTA re-initializations or reboots."
REFERENCE
" PacketCable MTA Device Provisioning Specification;
PacketCable Security Specification."
::= { pktcMtaDevServer 12 }
pktcMtaDevProvConfigEncryptAlg OBJECT-TYPE
SYNTAX PktcMtaDevProvEncryptAlg
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This object defines the encryption algorithm used for
privacy protection of the MTA Configuration File content."
DEFVAL { des64CbcMode }
::= { pktcMtaDevServer 13 }
pktcMtaDevProvSolicitedKeyTimeout OBJECT-TYPE
SYNTAX Unsigned32 (0..180)
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This object defines a Kerberos Key Management timer on the
MTA. It is the time period during which the MTA saves the
nonce and Server Kerberos Principal Identifier to match an
AP Request and its associated AP Reply response from the
Provisioning Server.
After the timeout has been exceeded, the client discards
this (nonce, Server Kerberos Principal Identifier) pair,
after which it will no longer accept a matching AP Reply.
This timer only applies when the Provisioning Server
initiated key management for SNMPv3 (with a
Wake Up message).
If this object is set to a zero value, the MTA MUST return
an 'inconsistentValue' in response to SNMP SET operations.
This object should not be used in non-secure provisioning
modes. In non-secure provisioning modes, the MTA MUST
return an 'inconsistentValue' in response to SNMP SET
operations, and the MTA MUST return a zero value in
response to SNMP GET operations.
If a value is written into an instance of
pktcMtaDevProvSolicitedKeyTimeout, the agent MUST NOT
retain the supplied value across MTA re-initializations
or reboots."
DEFVAL { 3 }
::= { pktcMtaDevServer 14 }
--=================================================================
--
-- Unsolicited key updates are retransmitted according to an
-- exponential back-off mechanism using two timers and a maximum
-- retry counter for AS replies.
-- The initial retransmission timer value is the nominal timer
-- value (pktcMtaDevProvUnsolicitedKeyNomTimeout). The
-- retransmissions occur with an exponentially increasing interval
-- that caps at the maximum timeout value
-- (pktcMtaDevProvUnsolicitedKeyMaxTimeout).
-- Retransmissions stop when the maximum retry counter is reached
-- (pktcMtaDevProvUnsolicitedKeyMaxRetries).
-- For example, with values of 3 seconds for the nominal
-- timer, 100 seconds for the maximum timeout, and 8 retries max,
-- and with an exponential value of 2, this results in
-- retransmission intervals will be 3 s, 6 s, 12 s, 24 s, 48 s,
-- 96 s, 100 s, and 100 s;
-- retransmissions then stop because the maximum number of
-- retries (8) has been reached.
--
--=================================================================
--
-- Timeouts for unsolicited key management updates are only
-- pertinent before the first SNMPv3 message is sent between the
-- MTA and the Provisioning Server and before the configuration
-- file is loaded.
--
--=================================================================
pktcMtaDevProvUnsolicitedKeyMaxTimeout OBJECT-TYPE
SYNTAX Unsigned32 (0..600)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object defines the timeout value that applies to
an MTA-initiated AP-REQ/REP key management exchange with
the Provisioning Server in SNMPv3 provisioning.
It is the maximum timeout value, and it may not be exceeded
in the exponential back-off algorithm. If the DHCP option
code 122, sub-option 5, is provided to the MTA, it
overwrites this value.
In non-secure provisioning modes, the MTA MUST
return a zero value in response to SNMP GET
operations."
REFERENCE
" PacketCable Security Specification."
DEFVAL {600}
::= { pktcMtaDevServer 15 }
pktcMtaDevProvUnsolicitedKeyNomTimeout OBJECT-TYPE
SYNTAX Unsigned32 (0..600)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object defines the starting value of the timeout
for the AP-REQ/REP Backoff and Retry mechanism
with exponential timeout in SNMPv3 provisioning.
If the DHCP option code 122, sub-option 5, is provided
the MTA, it overwrites this value.
In non-secure provisioning modes, the MTA MUST
return a zero value in response to SNMP GET
operations."
REFERENCE
" PacketCable Security Specification."
DEFVAL {3}
::= { pktcMtaDevServer 16}
pktcMtaDevProvUnsolicitedKeyMaxRetries OBJECT-TYPE
SYNTAX Unsigned32 (0..32)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object contains a retry counter that applies to
an MTA-initiated AP-REQ/REP key management exchange with
the Provisioning Server in secure SNMPv3 provisioning.
It is the maximum number of retries before the MTA stops
attempting to establish a Security Association with
Provisioning Server.
If the DHCP option code 122, sub-option 5, is provided to
the MTA, it overwrites this value.
If this object is set to a zero value, the MTA MUST return
an 'inconsistentValue' in response to SNMP SET operations.
In non-secure provisioning modes, the MTA MUST
return a zero value in response to SNMP GET
operations."
REFERENCE
" PacketCable Security Specification."
DEFVAL {8}
::= { pktcMtaDevServer 17 }
pktcMtaDevProvKerbRealmName OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(1..255))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object contains the name of the associated
provisioning Kerberos realm acquired during the MTA4
provisioning step (DHCP Ack) for SNMPv3 provisioning.
The uppercase ASCII representation of the associated
Kerberos realm name MUST be used by both the Manager (SNMP
entity) and the MTA.
The Kerberos realm name for the Provisioning Server is
supplied to the MTA via DHCP option code 122, sub-option 6,
as defined in RFC 3495. In secure SNMP provisioning mode,
the value of the Kerberos realm name for the Provisioning
Server supplied in the MTA configuration file must match
the value supplied in the DHCP option code 122,
sub-option 6. Otherwise, the value of this object must
contain the value supplied in DHCP Option 122,
sub-option 6."
REFERENCE
" PacketCable MTA Device Provisioning Specification;
RFC 3495, DHCP Option for CableLabs Client Configuration."
::= { pktcMtaDevServer 18 }
pktcMtaDevProvState OBJECT-TYPE
SYNTAX INTEGER {
operational (1),
waitingForSnmpSetInfo (2),
waitingForTftpAddrResponse (3),
waitingForConfigFile (4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object defines the MTA provisioning state.
If the state is:
'operational(1)', the device has completed the loading
and processing of the initialization parameters.
'waitingForSnmpSetInfo(2)', the device is waiting on
its configuration file download access information.
Note that this state is only reported when the MTA
SNMP enrollment mechanism is used.
'waitingForTftpAddrResponse(3)', the device has sent a
DNS request to resolve the server providing the
configuration file, and it is awaiting for a response.
Note that this state is only reported when the MTA
SNMP enrollment mechanism is used.
'waitingForConfigFile(4)', the device has sent a
request via TFTP or HTTP for the download of its
configuration file, and it is awaiting for a response or
the file download is in progress."
REFERENCE
" PacketCable MTA Device Provisioning Specification,
PacketCable Security Specification."
::= { pktcMtaDevServer 19 }
--
-- The following object group describes the security objects.
--
pktcMtaDevManufacturerCertificate OBJECT-TYPE
SYNTAX DocsX509ASN1DEREncodedCertificate
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object contains the MTA Manufacturer Certificate.
The object value must be the ASN.1 DER encoding of the MTA
manufacturer's X.509 public key certificate. The MTA
Manufacturer Certificate is issued to each MTA
manufacturer and is installed into each MTA at the time of
manufacture or with a secure code download. The specific
requirements related to this certificate are defined in
the PacketCable or IPCablecom Security specifications."
REFERENCE
" PacketCable Security Specification."
::= {pktcMtaDevSecurity 1}
pktcMtaDevCertificate OBJECT-TYPE
SYNTAX DocsX509ASN1DEREncodedCertificate
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object contains the MTA Device Certificate.
The object value must be the ASN.1 DER encoding of the
MTA's X.509 public-key certificate issued by the
manufacturer and installed into the MTA at the time of
manufacture or with a secure code download.
This certificate contains the MTA MAC address. The
specific requirements related to this certificate are
defined in the PacketCable or IPCablecom Security
specifications."
REFERENCE
" PacketCable Security Specification."
::= { pktcMtaDevSecurity 2 }
pktcMtaDevCorrelationId OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object contains a correlation ID, an arbitrary value
generated by the MTA that will be exchanged as part of the
device capability data to the Provisioning Application.
This random value is used as an identifier to correlate
related events in the MTA provisioning sequence.
This value is intended for use only during the MTA
initialization and configuration file download."
REFERENCE
" PacketCable MTA Device Provisioning Specification."
::= { pktcMtaDevSecurity 3 }
pktcMtaDevTelephonyRootCertificate OBJECT-TYPE
SYNTAX DocsX509ASN1DEREncodedCertificate
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object contains the telephony Service Provider Root
certificate. The object value is the ASN.1 DER encoding of
the IP Telephony Service Provider Root X.509 public key
certificate. This certification is stored in the MTA
non-volatile memory and can be updated with a secure code
download. This certificate is used to validate the initial
AS Reply received by the MTA from the Key Distribution
Center (KDC) during the MTA initialization. The specific
requirements related to this certificate are defined in
the PacketCable or IPCablecom Security specifications."
REFERENCE
" PacketCable Security Specification."
::= { pktcMtaDevSecurity 4 }
--=================================================================
--
-- Informative Procedures for Setting up Security Associations
--
-- A Security Association may be set up either via configuration or
-- via NCS signaling.
--
-- I. Security association setup via configuration.
--
-- The realm must be configured first. Associated with the realm
-- is a KDC. The realm table (pktcMtaDevRealmTable) indicates
-- information about the realm (e.g., name, organization name) and
-- parameters associated with KDC communications (e.g., grace
-- periods, AS Request/AS Reply adaptive back-off parameters).
--
-- Once the realm is established, one or more CMS(es) may be
-- defined in the realm. Associated with each CMS
-- entry in the pktcMtaDevCmsTable is an explicit reference
-- to a Realm via the realm name (pktcMtaDevCmsKerbRealmName),
-- the FQDN of the CMS, and parameters associated with IPSec
-- key management with the CMS (e.g., clock skew, AP Request/
-- AP Reply adaptive back-off parameters).
--
-- II. Security association setup via NCS signaling.
--
-- The procedure of establishing the Security Associations
-- for NCS signaling is described in the PacketCable Security
-- specification.
-- It involves the analysis of the pktcNcsEndPntConfigTable row
-- for the corresponding endpoint number and the correlation of
-- the CMS FQDN from this row with the CMS Table and
-- consequently, with the Realm Table. Both of these tables
-- are defined below. The pktcNcsEndPntConfigTable is defined in
-- the IP over Cable Data Network (IPCDN)
-- NCS Signaling MIB [NCSSIGMIB].
--
-- III. When the MTA receives wake-up or re-key messages from a
-- CMS, it performs key management based on the corresponding
-- entry in the CMS table. If the matching CMS entry does not
-- exist, it must ignore the wake-up or re-key messages.
--
--=================================================================
--=================================================================
--
-- pktcMtaDevRealmTable
--
-- The pktcMtaDevRealmTable shows the KDC realms. The table is
-- indexed with pktcMtaDevRealmIndex. The Realm Table contains the
-- pktcMtaDevRealmName in conjunction with any server that needs
-- a Security Association with the MTA. Uppercase must be used
-- to compare the pktcMtaDevRealmName content.
--
--=================================================================
pktcMtaDevRealmAvailSlot OBJECT-TYPE
SYNTAX Unsigned32 (0..64)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object contains the index number of the first
available entry in the realm table (pktcMtaDevRealmTable).
If all the entries in the realm table have been assigned,
this object contains the value of zero.
A management station should create new entries in the
realm table, using the following procedure:
First, issue a management protocol retrieval operation
to determine the value of the first available index in the
realm table (pktcMtaDevRealmAvailSlot).
Second, issue a management protocol SET operation
to create an instance of the pktcMtaDevRealmStatus
object by setting its value to 'createAndWait(5)'.
Third, if the SET operation succeeded, continue
modifying the object instances corresponding to the newly
created conceptual row, without fear of collision with
other management stations. When all necessary conceptual
columns of the row are properly populated (via SET
operations or default values), the management station may
SET the pktcMtaDevRealmStatus object to 'active(1)'."
::= { pktcMtaDevSecurity 5 }
pktcMtaDevRealmTable OBJECT-TYPE
SYNTAX SEQUENCE OF PktcMtaDevRealmEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" This object contains the realm table.
The CMS table (pktcMtaDevCmsTable) and the realm table
(pktcMtaDevRealmTable) are used for managing the MTA-CMS
Security Associations. The realm table defines the
Kerberos realms for the Application Servers (CMSes and the
Provisioning Server)."
::= { pktcMtaDevSecurity 6 }
pktcMtaDevRealmEntry OBJECT-TYPE
SYNTAX PktcMtaDevRealmEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" This table entry object lists the MTA security parameters
for a single Kerberos realm. The conceptual rows MUST NOT
persist across MTA reboots."
INDEX { pktcMtaDevRealmIndex }
::= { pktcMtaDevRealmTable 1 }
PktcMtaDevRealmEntry ::= SEQUENCE {
pktcMtaDevRealmIndex Unsigned32,
pktcMtaDevRealmName SnmpAdminString,
pktcMtaDevRealmPkinitGracePeriod Unsigned32,
pktcMtaDevRealmTgsGracePeriod Unsigned32,
pktcMtaDevRealmOrgName SnmpAdminString,
pktcMtaDevRealmUnsolicitedKeyMaxTimeout Unsigned32,
pktcMtaDevRealmUnsolicitedKeyNomTimeout Unsigned32,
pktcMtaDevRealmUnsolicitedKeyMaxRetries Unsigned32,
pktcMtaDevRealmStatus RowStatus
}
pktcMtaDevRealmIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..64)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" This object defines the realm table index."
::= { pktcMtaDevRealmEntry 1}
pktcMtaDevRealmName OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(1..255))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This object identifies the Kerberos realm name in all
capitals. The MTA MUST prohibit the instantiation of any
two rows with identical Kerberos realm names. The MTA MUST
also verify that any search operation involving Kerberos
realm names is done using the uppercase ASCII
representation of the characters."
::= { pktcMtaDevRealmEntry 2 }
pktcMtaDevRealmPkinitGracePeriod OBJECT-TYPE
SYNTAX Unsigned32 (15..600)
UNITS "minutes"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This object contains the PKINIT Grace Period. For the
purpose of key management with Application Servers (CMSes
or the Provisioning Server), the MTA must utilize the
PKINIT exchange to obtain Application Server tickets. The
MTA may utilize the PKINIT exchange to obtain Ticket
Granting Tickets (TGTs), which are then used to obtain
Application Server tickets in a TGS exchange.
The PKINIT exchange occurs according to the current Ticket
Expiration Time (TicketEXP) and on the PKINIT Grace Period
(PKINITGP). The MTA MUST initiate the PKINIT exchange at
the time: TicketEXP - PKINITGP."
REFERENCE
" PacketCable Security Specification."
DEFVAL { 15 }
::= { pktcMtaDevRealmEntry 3 }
pktcMtaDevRealmTgsGracePeriod OBJECT-TYPE
SYNTAX Unsigned32 (1..600)
UNITS "minutes"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This object contains the Ticket Granting Server Grace
Period (TGSGP). The Ticket Granting Server (TGS)
Request/Reply exchange may be performed by the MTA
on demand whenever an Application Server ticket is
needed to establish security parameters. If the MTA
possesses a ticket that corresponds to the Provisioning
Server or a CMS that currently exists in the CMS table,
the MTA MUST initiate the TGS Request/Reply exchange
at the time: TicketEXP - TGSGP."
REFERENCE
" PacketCable Security Specification."
DEFVAL { 10 }
::= { pktcMtaDevRealmEntry 4 }
pktcMtaDevRealmOrgName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This object contains the X.500 organization name attribute
as defined in the subject name of the service provider
certificate."
REFERENCE
" PacketCable Security Specification;
RFCs 3280 and 4630, Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List
(CRL) Profile"
::= { pktcMtaDevRealmEntry 5 }
pktcMtaDevRealmUnsolicitedKeyMaxTimeout OBJECT-TYPE
SYNTAX Unsigned32 (1..600)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This object specifies the maximum time the MTA will
attempt to perform the exponential back-off algorithm.
This timer only applies when the MTA initiated key
management. If the DHCP option code 122, sub-option 4, is
provided to the MTA, it overwrites this value.
Unsolicited key updates are retransmitted according to an
exponential back-off mechanism using two timers and a
maximum retry counter for AS replies.
The initial retransmission timer value is the nominal
timer value (pktcMtaDevRealmUnsolicitedKeyNomTimeout). The
retransmissions occur with an exponentially increasing
interval that caps at the maximum timeout value
(pktcMtaDevRealmUnsolicitedKeyMaxTimeout).
Retransmissions stop when the maximum retry counter is
reached (pktcMatDevRealmUnsolicitedMaxRetries).
For example, with values of 3 seconds for the nominal
timer, 20 seconds for the maximum timeout, and 5 retries
max, retransmission intervals will be 3 s, 6 s,
12 s, 20 s, and 20 s, and retransmissions then stop because
the maximum number of retries has been reached."
REFERENCE
" PacketCable Security Specification."
DEFVAL { 100 }
::= { pktcMtaDevRealmEntry 6 }
pktcMtaDevRealmUnsolicitedKeyNomTimeout OBJECT-TYPE
SYNTAX Unsigned32 (100..600000)
UNITS "milliseconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This object specifies the initial timeout value
for the AS-REQ/AS-REP exponential back-off and retry
mechanism. If the DHCP option code 122, sub-option 4, is
provided to the MTA, it overwrites this value.
This value should account for the average roundtrip
time between the MTA and the KDC, as well as the
processing delay on the KDC.
Unsolicited key updates are retransmitted according to an
exponential back-off mechanism using two timers and a
maximum retry counter for AS replies.
The initial retransmission timer value is the nominal
timer value (pktcMtaDevRealmUnsolicitedKeyNomTimeout). The
retransmissions occur with an exponentially increasing
interval that caps at the maximum timeout value
(pktcMtaDevRealmUnsolicitedKeyMaxTimeout).
Retransmissions stop when the maximum retry counter is
reached (pktcMatDevRealmUnsolicitedMaxRetries).
For example, with values of 3 seconds for the nominal
timer, 20 seconds for the maximum timeout, and 5 retries
max, in retransmission intervals will be 3 s, 6 s,
12 s, 20 s, and 20 s; retransmissions then stop because
the maximum number of retries has been reached."
REFERENCE
" PacketCable Security Specification."
DEFVAL { 3000 }
::= { pktcMtaDevRealmEntry 7 }
pktcMtaDevRealmUnsolicitedKeyMaxRetries OBJECT-TYPE
SYNTAX Unsigned32 (0..1024)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This object specifies the maximum number of retries the
MTA attempts to obtain a ticket from the KDC.
Unsolicited key updates are retransmitted according to an
exponential back-off mechanism using two timers and a
maximum retry counter for AS replies.
The initial retransmission timer value is the nominal
timer value (pktcMtaDevRealmUnsolicitedKeyNomTimeout). The
retransmissions occur with an exponentially increasing
interval that caps at the maximum timeout value
(pktcMtaDevRealmUnsolicitedKeyMaxTimeout).
Retransmissions stop when the maximum retry counter is
reached (pktcMatDevRealmUnsolicitedMaxRetries).
For example, with values of 3 seconds for the nominal
timer, 20 seconds for the maximum timeout, and 5 retries
max, retransmission intervals will be 3 s, 6 s,
12 s, 20 s, and 20 s; retransmissions then stop because
the maximum number of retries has been reached."
REFERENCE
" PacketCable Security Specification."
DEFVAL { 5 }
::= { pktcMtaDevRealmEntry 8 }
pktcMtaDevRealmStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This object defines the row status of this realm in the
realm table (pktcMtaDevRealmTable).
An entry in this table is not qualified for activation
until the object instances of all corresponding columns
have been initialized, either by default values, or via
explicit SET operations. Until all object instances in
this row are initialized, the status value for this realm
must be 'notReady(3)'.
In particular, two columnar objects must be explicitly
SET: the realm name (pktcMtaDevRealmName) and the
organization name (pktcMtaDevRealmOrgName). Once these 2
objects have been set and the row status is SET to
'active(1)', the MTA MUST NOT allow any modification of
these 2 object values.
The value of this object has no effect on whether other
columnar objects in this row can be modified."
::= { pktcMtaDevRealmEntry 9 }
--=================================================================
--
-- The CMS table, pktcMtaDevCmsTable
--
-- The CMS table and the realm table (pktcMtaDevRealmTable) are used
-- for managing the MTA signaling security. The CMS table defines
-- the CMSes the MTA is allowed to communicate with and contains
-- the parameters describing the SA establishment between the MTA
-- and a CMS.
-- The CMS table is indexed by pktcMtaDevCmsIndex. The table
-- contains the CMS FQDN (pktcMtaDevCmsFQDN) and the associated
-- Kerberos realm name (pktcMtaDevCmsKerbRealmName) so that the MTA
-- can find the corresponding Kerberos realm name in the
-- pktcMtaDevRealmTable.
--
--=================================================================
pktcMtaDevCmsAvailSlot OBJECT-TYPE
SYNTAX Unsigned32 (0..128)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object contains the index number of the first
available entry in the CMS table (pktcMtaDevCmsTable).
If all the entries in the CMS table have been assigned,
this object contains the value of zero.
A management station should create new entries in the
CMS table, using the following procedure:
First, issue a management protocol retrieval operation
to determine the value of the first available index in the
CMS table (pktcMtaDevCmsAvailSlot).
Second, issue a management protocol SET operation
to create an instance of the pktcMtaDevCmsStatus
object by setting its value to 'createAndWait(5)'.
Third, if the SET operation succeeded, continue
modifying the object instances corresponding to the newly
created conceptual row, without fear of collision with
other management stations. When all necessary conceptual
columns of the row are properly populated (via SET
operations or default values), the management station may
SET the pktcMtaDevCmsStatus object to 'active(1)'."
::= { pktcMtaDevSecurity 7 }
pktcMtaDevCmsTable OBJECT-TYPE
SYNTAX SEQUENCE OF PktcMtaDevCmsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" This object defines the CMS table.
The CMS table (pktcMtaDevCmsTable) and the realm table
(pktcMtaDevRealmTable) are used for managing security
between the MTA and CMSes. Each CMS table entry defines
a CMS the managed MTA is allowed to communicate with
and contains security parameters for key management with
that CMS."
::= { pktcMtaDevSecurity 8 }
pktcMtaDevCmsEntry OBJECT-TYPE
SYNTAX PktcMtaDevCmsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" This table entry object lists the MTA key management
parameters used when establishing Security Associations
with a CMS. The conceptual rows MUST NOT persist across
MTA reboots."
INDEX { pktcMtaDevCmsIndex }
::= { pktcMtaDevCmsTable 1 }
PktcMtaDevCmsEntry ::= SEQUENCE {
pktcMtaDevCmsIndex Unsigned32,
pktcMtaDevCmsFqdn SnmpAdminString,
pktcMtaDevCmsKerbRealmName SnmpAdminString,
pktcMtaDevCmsMaxClockSkew Unsigned32,
pktcMtaDevCmsSolicitedKeyTimeout Unsigned32,
pktcMtaDevCmsUnsolicitedKeyMaxTimeout Unsigned32,
pktcMtaDevCmsUnsolicitedKeyNomTimeout Unsigned32,
pktcMtaDevCmsUnsolicitedKeyMaxRetries Unsigned32,
pktcMtaDevCmsIpsecCtrl TruthValue,
pktcMtaDevCmsStatus RowStatus
}
pktcMtaDevCmsIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..128)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" This object defines the CMS table index."
::= { pktcMtaDevCmsEntry 1 }
pktcMtaDevCmsFqdn OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(1..255))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This object specifies the CMS FQDN. The MTA must
prohibit the instantiation of any two rows with identical
FQDNs. The MTA must also verify that any search and/or
comparison operation involving a CMS FQDN is case
insensitive. The MTA must resolve the CMS FQDN as required
by the corresponding PacketCable Specifications."
REFERENCE
" PacketCable MTA Device Provisioning Specification;
PacketCable Security Specification;
PacketCable Network-Based Call Signaling Protocol
Specification."
::= { pktcMtaDevCmsEntry 2 }
pktcMtaDevCmsKerbRealmName OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(1..255))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This object identifies the Kerberos realm name in uppercase
characters associated with the CMS defined in this
conceptual row. The object value is a reference
point to the corresponding Kerberos realm name in the
realm table (pktcMtaDevRealmTable)."
::= { pktcMtaDevCmsEntry 3 }
pktcMtaDevCmsMaxClockSkew OBJECT-TYPE
SYNTAX Unsigned32 (1..1800)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This object specifies the maximum allowable clock skew
between the MTA and the CMS defined in this row."
DEFVAL { 300 }
::= { pktcMtaDevCmsEntry 4 }
pktcMtaDevCmsSolicitedKeyTimeout OBJECT-TYPE
SYNTAX Unsigned32 (100..30000)
UNITS "milliseconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This object defines a Kerberos Key Management timer on the
MTA. It is the time period during which the MTA saves the
nonce and Server Kerberos Principal Identifier to match an
AP Request and its associated AP Reply response from the
CMS. This timer only applies when the CMS initiated key
management (with a Wake Up message or a Rekey message)."
REFERENCE
" PacketCable Security Specification."
DEFVAL { 1000 }
::= { pktcMtaDevCmsEntry 5 }
--=================================================================
--
-- Unsolicited key updates are retransmitted according to an
-- exponential back-off mechanism using two timers and a maximum
-- retry counter for AS replies.
-- The initial retransmission timer value is the nominal timer
-- value (pktcMtaDevCmsUnsolicitedKeyNomTimeout). The
-- retransmissions occur with an exponentially increasing interval
-- that caps at the maximum timeout value
-- (pktcMtaDevCmsUnsolicitedKeyMaxTimeout).
-- Retransmissions stop when the maximum retry counter is reached
-- (pktcMatDevCmsUnsolicitedMaxRetries).
-- For example, with values of 3 seconds for the nominal
-- timer, 20 seconds for the maximum timeout, and 5 retries max,
-- retransmission intervals will be 3 s, 6 s, 12 s,
-- 20 s, and 20 s; retransmissions then stop due to the
-- maximum number of retries reached.
--
--=================================================================
pktcMtaDevCmsUnsolicitedKeyMaxTimeout OBJECT-TYPE
SYNTAX Unsigned32 (1..600)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This object defines the timeout value that only applies
to an MTA-initiated key management exchange. It is the
maximum timeout, and it may not be exceeded in the
exponential back-off algorithm."
REFERENCE
" PacketCable Security Specification."
DEFVAL { 600 }
::= { pktcMtaDevCmsEntry 6 }
pktcMtaDevCmsUnsolicitedKeyNomTimeout OBJECT-TYPE
SYNTAX Unsigned32 (100..30000)
UNITS "milliseconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This object defines the starting value of the timeout
for an MTA-initiated key management. It should account for
the average roundtrip time between the MTA and the CMS and
the processing time on the CMS."
REFERENCE
" PacketCable Security Specification."
DEFVAL { 500 }
::= { pktcMtaDevCmsEntry 7 }
pktcMtaDevCmsUnsolicitedKeyMaxRetries OBJECT-TYPE
SYNTAX Unsigned32 (0..1024)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This object contains the maximum number of retries before
the MTA stops attempting to establish a Security
Association with the CMS."
REFERENCE
" PacketCable Security Specification."
DEFVAL { 5 }
::= { pktcMtaDevCmsEntry 8 }
pktcMtaDevCmsIpsecCtrl OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This object specifies the MTA IPSec control flag.
If the object value is 'true', the MTA must use Kerberos
Key Management and IPsec to communicate with this CMS. If
it is 'false', IPSec Signaling Security and Kerberos key
management are disabled for this specific CMS."
DEFVAL { true }
::= { pktcMtaDevCmsEntry 9 }
pktcMtaDevCmsStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This object defines the row status associated with this
particular CMS in the CMS table (pktcMtaDevCmsTable).
An entry in this table is not qualified for activation
until the object instances of all corresponding columns
have been initialized, either by default values or via
explicit SET operations. Until all object instances in
this row are initialized, the status value for this realm
must be 'notReady(3)'.
In particular, two columnar objects must be SET: the
CMS FQDN (pktcMtaDevCmsFqdn) and the Kerberos realm name
(pktcMtaDevCmsKerbRealmName). Once these 2 objects have
been set and the row status is SET to 'active(1)', the MTA
MUST NOT allow any modification of these 2 object values.
The value of this object has no effect on
whether other columnar objects in this row can be
modified."
::= { pktcMtaDevCmsEntry 10 }
pktcMtaDevResetKrbTickets OBJECT-TYPE
SYNTAX BITS {
invalidateProvOnReboot (0),
invalidateAllCmsOnReboot (1)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This object defines a Kerberos Ticket Control Mask that
instructs the MTA to invalidate the specific Application
Server Kerberos ticket(s) that are stored locally in the
MTA NVRAM (non-volatile or persistent memory).
If the MTA does not store Kerberos tickets in NVRAM, it
MUST ignore setting of this object and MUST report a BITS
value of zero when the object is read.
If the MTA supports Kerberos tickets storage in NVRAM, the
object value is encoded as follows:
- Setting the invalidateProvOnReboot bit (bit 0) to 1
means that the MTA MUST invalidate the Kerberos
Application Ticket(s) for the Provisioning Application
at the next MTA reboot if secure SNMP provisioning mode
is used. In non-secure provisioning modes, the MTA MUST
return an 'inconsistentValue' in response to SNMP SET
operations with a bit 0 set to 1.
- Setting the invalidateAllCmsOnReboot bit (bit 1) to 1
means that the MTA MUST invalidate the Kerberos
Application Ticket(s) for all CMSes currently assigned
to the MTA endpoints.
If a value is written into an instance of
pktcMtaDevResetKrbTickets, the agent MUST retain the
supplied value across an MTA re-initialization or
reboot."
REFERENCE
"PacketCable Security Specification."
DEFVAL { { } }
::= { pktcMtaDevSecurity 9 }
--
-- The following group, pktcMtaDevErrors, defines an OID
-- corresponding to error conditions encountered during the MTA
-- provisioning.
--
pktcMtaDevErrorsTooManyErrors OBJECT-IDENTITY
STATUS current
DESCRIPTION
"This object defines the OID corresponding to the error
condition when too many errors are encountered in the
MTA configuration file during provisioning."
::= { pktcMtaDevErrors 1 }
pktcMtaDevProvisioningEnrollment NOTIFICATION-TYPE
OBJECTS {
sysDescr,
pktcMtaDevSwCurrentVers,
pktcMtaDevTypeIdentifier,
ifPhysAddress,
pktcMtaDevCorrelationId
}
STATUS current
DESCRIPTION
" This INFORM notification is issued by the MTA to initiate
the PacketCable provisioning process when the MTA SNMP
enrollment mechanism is used.
It contains the system description, the current software
version, the MTA device type identifier, the MTA MAC
address (obtained in the MTA ifTable in the ifPhysAddress
object that corresponds to the ifIndex 1), and a
correlation ID."
::= { pktcMtaNotification 1 }
pktcMtaDevProvisioningStatus NOTIFICATION-TYPE
OBJECTS {
ifPhysAddress,
pktcMtaDevCorrelationId,
pktcMtaDevProvisioningState
}
STATUS current
DESCRIPTION
" This INFORM notification may be issued by the MTA to
confirm the completion of the PacketCable provisioning
process, and to report its provisioning completion
status.
It contains the MTA MAC address (obtained in the MTA
ifTable in the ifPhysAddress object that corresponds
to the ifIndex 1), a correlation ID and the MTA
provisioning state as defined in
pktcMtaDevProvisioningState."
::= { pktcMtaNotification 2 }
--
-- Compliance Statements
--
pktcMtaCompliances OBJECT IDENTIFIER ::= { pktcMtaConformance 1 }
pktcMtaGroups OBJECT IDENTIFIER ::= { pktcMtaConformance 2 }
pktcMtaBasicCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
" The compliance statement for MTA devices that implement
PacketCable or IPCablecom requirements.
This compliance statement applies to MTA implementations
that support PacketCable 1.0 or IPCablecom requirements,
which are not IPv6-capable at the time of this
RFC publication."
MODULE -- Unconditionally mandatory groups for MTAs
MANDATORY-GROUPS {
pktcMtaGroup,
pktcMtaNotificationGroup
}
OBJECT pktcMtaDevDhcpServerAddressType
SYNTAX InetAddressType { ipv4(1) }
DESCRIPTION
" Support for address types other than 'ipv4(1)'
is not presently specified and therefore is not
required. It may be defined in future versions of
this MIB module."
OBJECT pktcMtaDevDnsServerAddressType
SYNTAX InetAddressType { ipv4(1) }
DESCRIPTION
" Support for address types other than 'ipv4(1)'
is not presently specified and therefore is not
required. It may be defined in future versions of
this MIB module."
OBJECT pktcMtaDevTimeServerAddressType
SYNTAX InetAddressType { ipv4(1) }
DESCRIPTION
" Support for address types other than 'ipv4(1)'
is not presently specified and therefore is not
required. It may be defined in future versions of
this MIB module."
OBJECT pktcMtaDevServerDhcp1
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4
addresses. Other address types support may be defined in
future versions of this MIB module."
OBJECT pktcMtaDevServerDhcp2
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4
addresses. Other address types support may be defined in
future versions of this MIB module."
OBJECT pktcMtaDevServerDns1
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4
addresses. Other address types support may be defined in
future versions of this MIB module."
OBJECT pktcMtaDevServerDns2
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4
addresses. Other address types support may be defined in
future versions of this MIB module."
OBJECT pktcMtaDevTimeServer
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4
addresses. Other address types support may be defined in
future versions of this MIB module."
OBJECT pktcMtaDevProvConfigEncryptAlg
SYNTAX PktcMtaDevProvEncryptAlg
DESCRIPTION
"An implementation is only required to support
values of none(0) and des64Cbcmode(1).
An IV of zero is used to encrypt in des64Cbcmode, and
the length of pktcMtaDevProvConfigKey is 64 bits, as
defined in the PacketCable Security specification.
Other encryption types may be defined in future
versions of this MIB module."
OBJECT pktcMtaDevRealmOrgName
SYNTAX SnmpAdminString(SIZE (1..64))
DESCRIPTION
"The Organization Name field in X.509 certificates
can contain up to 64 UTF-8 encoded characters,
as defined in RFCs 3280 and 4630. Therefore, compliant
devices are only required to support Organization
Name values of up to 64 UTF-8 encoded characters.
Given that RFCs 3280 and 4630 define the UTF-8 encoding,
compliant devices must support a maximum size of 384
octets for pktcMtaDevRealmOrgName. The calculation of
384 octets comes from the RFC 3629 UTF-8 encoding
definition whereby the UTF-8 encoded characters
are encoded as sequences of 1 to 6 octets,
assuming that code points as high as 0x7ffffffff
might be used. Subsequent versions of Unicode and ISO
10646 have limited the upper bound to 0x10ffff.
Consequently, the current version of UTF-8, defined in
RFC 3629, does not require more than four octets to
encode a valid code point."
::= { pktcMtaCompliances 1 }
pktcMtaGroup OBJECT-GROUP
OBJECTS {
pktcMtaDevResetNow,
pktcMtaDevSerialNumber,
pktcMtaDevSwCurrentVers,
pktcMtaDevFQDN,
pktcMtaDevEndPntCount,
pktcMtaDevEnabled,
pktcMtaDevProvisioningCounter,
pktcMtaDevErrorOid,
pktcMtaDevErrorValue,
pktcMtaDevErrorReason,
pktcMtaDevTypeIdentifier,
pktcMtaDevProvisioningState,
pktcMtaDevHttpAccess,
pktcMtaDevCertificate,
pktcMtaDevCorrelationId,
pktcMtaDevManufacturerCertificate,
pktcMtaDevDhcpServerAddressType,
pktcMtaDevDnsServerAddressType,
pktcMtaDevTimeServerAddressType,
pktcMtaDevProvConfigEncryptAlg,
pktcMtaDevServerDhcp1,
pktcMtaDevServerDhcp2,
pktcMtaDevServerDns1,
pktcMtaDevServerDns2,
pktcMtaDevTimeServer,
pktcMtaDevConfigFile,
pktcMtaDevSnmpEntity,
pktcMtaDevRealmPkinitGracePeriod,
pktcMtaDevRealmTgsGracePeriod,
pktcMtaDevRealmAvailSlot,
pktcMtaDevRealmName,
pktcMtaDevRealmOrgName,
pktcMtaDevRealmUnsolicitedKeyMaxTimeout,
pktcMtaDevRealmUnsolicitedKeyNomTimeout,
pktcMtaDevRealmUnsolicitedKeyMaxRetries,
pktcMtaDevRealmStatus,
pktcMtaDevCmsAvailSlot,
pktcMtaDevCmsFqdn,
pktcMtaDevCmsKerbRealmName,
pktcMtaDevCmsUnsolicitedKeyMaxTimeout,
pktcMtaDevCmsUnsolicitedKeyNomTimeout,
pktcMtaDevCmsUnsolicitedKeyMaxRetries,
pktcMtaDevCmsSolicitedKeyTimeout,
pktcMtaDevCmsMaxClockSkew,
pktcMtaDevCmsIpsecCtrl,
pktcMtaDevCmsStatus,
pktcMtaDevResetKrbTickets,
pktcMtaDevProvUnsolicitedKeyMaxTimeout,
pktcMtaDevProvUnsolicitedKeyNomTimeout,
pktcMtaDevProvUnsolicitedKeyMaxRetries,
pktcMtaDevProvKerbRealmName,
pktcMtaDevProvSolicitedKeyTimeout,
pktcMtaDevProvConfigHash,
pktcMtaDevProvConfigKey,
pktcMtaDevProvState,
pktcMtaDevProvisioningTimer,
pktcMtaDevTelephonyRootCertificate
}
STATUS current
DESCRIPTION
" A collection of objects for managing PacketCable or
IPCablecom MTA implementations."
::= { pktcMtaGroups 1 }
pktcMtaNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS {
pktcMtaDevProvisioningStatus,
pktcMtaDevProvisioningEnrollment
}
STATUS current
DESCRIPTION
" A collection of notifications dealing with the change of
MTA provisioning status."
::= { pktcMtaGroups 2 }
pktcMtaBasicSmtaCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
" The compliance statement for S-MTA devices
that implement PacketCable or IPCablecom requirements.
This compliance statement applies to S-MTA implementations
that support PacketCable or IPCablecom requirements,
which are not IPv6-capable at the time of this
RFC publication."
MODULE -- Unconditionally Mandatory Groups for S-MTA devices
MANDATORY-GROUPS {
pktcMtaGroup,
pktcMtaNotificationGroup
}
OBJECT pktcMtaDevDhcpServerAddressType
SYNTAX InetAddressType { ipv4(1) }
DESCRIPTION
" Support for address types other than 'ipv4(1)'
is not presently specified and therefore is not
required. It may be defined in future versions of
this MIB module."
OBJECT pktcMtaDevDnsServerAddressType
SYNTAX InetAddressType { ipv4(1) }
DESCRIPTION
" Support for address types other than 'ipv4(1)'
is not presently specified and therefore is not
required. It may be defined in future versions of
this MIB module."
OBJECT pktcMtaDevTimeServerAddressType
SYNTAX InetAddressType { ipv4(1) }
DESCRIPTION
" Support for address types other than 'ipv4(1)'
is not presently specified and therefore is not
required. It may be defined in future versions of
this MIB module."
OBJECT pktcMtaDevServerDhcp1
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4
addresses. Other address types support may be defined in
future versions of this MIB module."
OBJECT pktcMtaDevServerDhcp2
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4
addresses. Other address types support may be defined in
future versions of this MIB module."
OBJECT pktcMtaDevServerDns1
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4
addresses. Other address types support may be defined in
future versions of this MIB module."
OBJECT pktcMtaDevServerDns2
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4
addresses. Other address types support may be defined in
future versions of this MIB module."
OBJECT pktcMtaDevTimeServer
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4
addresses. Other address types support may be defined in
future versions of this MIB module."
OBJECT pktcMtaDevProvConfigEncryptAlg
SYNTAX PktcMtaDevProvEncryptAlg
DESCRIPTION
"An implementation is only required to support
values of none(0) and des64Cbcmode(1).
An IV of zero is used to encrypt in des64Cbcmode, and
the length of pktcMtaDevProvConfigKey is 64 bits, as
defined in the PacketCable Security specification.
Other encryption types may be defined in future
versions of this MIB module."
OBJECT pktcMtaDevRealmOrgName
SYNTAX SnmpAdminString (SIZE (1..64))
DESCRIPTION
"The Organization Name field in X.509 certificates
can contain up to 64 UTF-8 encoded characters, as
defined in RFCs 3280 and 4630. Therefore, compliant
devices are only required to support Organization
Name values of up to 64 UTF-8 encoded characters.
Given that RFCs 3280 and 4630 define the UTF-8 encoding,
compliant devices must support a maximum size of 384
octets for pktcMtaDevRealmOrgName. The calculation of
384 octets comes from the RFC 3629 UTF-8 encoding
definition whereby the UTF-8 encoded characters
are encoded as sequences of 1 to 6 octets,
assuming that code points as high as 0x7ffffffff
might be used. Subsequent versions of Unicode and ISO
10646 have limited the upper bound to 0x10ffff.
Consequently, the current version of UTF-8, defined in
RFC 3629 does not require more than four octets to
encode a valid code point."
MODULE DOCS-IETF-BPI2-MIB
MANDATORY-GROUPS {
docsBpi2CodeDownloadGroup
}
::= { pktcMtaCompliances 2 }
END
--
-- Copyright (C) The IETF Trust (2006).
--
-- This document is subject to the rights, licenses and restrictions
-- contained in BCP 78, and except as set forth therein, the authors
-- retain all their rights.
--
-- This document and the information contained herein are provided on an
-- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
-- OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST,
-- AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES,
-- EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT
-- THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY
-- IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
-- PURPOSE.
--
-- Intellectual Property
--
-- The IETF takes no position regarding the validity or scope of any
-- Intellectual Property Rights or other rights that might be claimed to
-- pertain to the implementation or use of the technology described in
-- this document or the extent to which any license under such rights
-- might or might not be available; nor does it represent that it has
-- made any independent effort to identify any such rights. Information
-- on the procedures with respect to rights in RFC documents can be
-- found in BCP 78 and BCP 79.
--
-- Copies of IPR disclosures made to the IETF Secretariat and any
-- assurances of licenses to be made available, or the result of an
-- attempt made to obtain a general license or permission for the use of
-- such proprietary rights by implementers or users of this
-- specification can be obtained from the IETF on-line IPR repository at
-- http://www.ietf.org/ipr.
--
-- The IETF invites any interested party to bring to its attention any
-- copyrights, patents or patent applications, or other proprietary
-- rights that may cover technology that may be required to implement
-- this standard. Please address the information to the IETF at
-- ietf-ipr@ietf.org.
--
View Git Blame Copy Permalink