335 lines
10 KiB
Plaintext
335 lines
10 KiB
Plaintext
-- *****************************************************************
|
|
-- CISCO-LWAPP-TRUSTSEC-MIB.my
|
|
--
|
|
-- February 2017, Amar Kumar
|
|
--
|
|
-- Copyright (c) 2016 by Cisco Systems, Inc.
|
|
-- All rights reserved.
|
|
-- *****************************************************************
|
|
CISCO-LWAPP-TRUSTSEC-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
Unsigned32,
|
|
Counter32,
|
|
NOTIFICATION-TYPE
|
|
FROM SNMPv2-SMI
|
|
MODULE-COMPLIANCE,
|
|
OBJECT-GROUP,
|
|
NOTIFICATION-GROUP
|
|
FROM SNMPv2-CONF
|
|
TruthValue,
|
|
DateAndTime,
|
|
RowStatus
|
|
FROM SNMPv2-TC
|
|
SnmpAdminString
|
|
FROM SNMP-FRAMEWORK-MIB
|
|
CtsSecurityGroupTag
|
|
FROM CISCO-TRUSTSEC-TC-MIB
|
|
InetAddressType,
|
|
InetAddress
|
|
FROM INET-ADDRESS-MIB
|
|
cLApSysMacAddress
|
|
FROM CISCO-LWAPP-AP-MIB
|
|
ciscoMgmt
|
|
FROM CISCO-SMI;
|
|
|
|
ciscoLwappTrustSecMIB MODULE-IDENTITY
|
|
LAST-UPDATED "201702100000Z"
|
|
ORGANIZATION "Cisco Systems Inc."
|
|
CONTACT-INFO
|
|
"Cisco Systems,
|
|
Customer Service
|
|
|
|
Postal: 170 West Tasman Drive
|
|
San Jose, CA 95134
|
|
USA
|
|
|
|
Tel: +1 800 553-NETS
|
|
|
|
Email: cs-snmp@cisco.com"
|
|
|
|
DESCRIPTION
|
|
"This MIB module is for the configuration of a network
|
|
device on the Cisco Trusted Security (TrustSec) system.
|
|
|
|
TrustSec secures a network fabric by authenticating and
|
|
authorizing each device connecting to the network, allowing for
|
|
the encryption, authentication and replay protection of data
|
|
traffic on a hop by hop basis.
|
|
|
|
Glossary :
|
|
|
|
TrustSec - Cisco Trusted Security
|
|
|
|
EAP-FAST - Extensible Authentication Protocol-Flexible
|
|
Authentication via Secure Tunneling (RFC 4851)
|
|
|
|
PAC - Protected Access Credential
|
|
A credential dynamically downloaded from the
|
|
Access Control Server.
|
|
ACS - Access Control Server
|
|
SGT - Security Group Tag
|
|
SXP - SGT Exchange Protocol.
|
|
A tag identifying its source, assigned to a packet on
|
|
ingress to a TrustSec cloud, and used to determine
|
|
security and other policy to be applied to it along
|
|
its path through the cloud.
|
|
This MIB module is for the configuration and status query
|
|
of SGT Exchange Protocol over TCP (SXPoTCP) feature of the
|
|
device on the Cisco's Trusted Security (TrustSec) system.
|
|
|
|
Security Group Tag (SGT) identifying its source, assigned to a
|
|
packet on ingress to a TrustSec cloud, and used to determine
|
|
security and other policy to be applied to it along its path
|
|
through the cloud."
|
|
|
|
REVISION "201702100000Z"
|
|
|
|
DESCRIPTION
|
|
"Initial version of this MIB module."
|
|
::= { ciscoMgmt 836 }
|
|
|
|
|
|
clCtsMIBNotifs OBJECT IDENTIFIER
|
|
::= { ciscoLwappTrustSecMIB 0 }
|
|
|
|
clCtsTableMIBObjects OBJECT IDENTIFIER
|
|
::= { ciscoLwappTrustSecMIB 1 }
|
|
|
|
clCtsMIBConform OBJECT IDENTIFIER
|
|
::= { ciscoLwappTrustSecMIB 2 }
|
|
|
|
clCtsGlobalMIBObjects OBJECT IDENTIFIER
|
|
::= { ciscoLwappTrustSecMIB 3 }
|
|
|
|
|
|
|
|
clCtsSecurityGroupTagId OBJECT-TYPE
|
|
SYNTAX CtsSecurityGroupTag
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies user to specify the SGT for the packets
|
|
originating from this device.
|
|
|
|
A value of zero for this object indicates that no SGT has been
|
|
configured."
|
|
DEFVAL { 0 }
|
|
::= { clCtsGlobalMIBObjects 1 }
|
|
|
|
|
|
clCtsDeviceId OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the identifier for the device.
|
|
|
|
This identifier and the device password (specified by
|
|
clCtsDevicePassword) are used together by the Cisco Trusted
|
|
Security feature for authenticating the device.
|
|
|
|
The object may not be set to a zero length string.
|
|
|
|
The system will return a zero length string for this object
|
|
either when there is no value configured for this object or
|
|
TrustSec credentials for the device have been cleared by
|
|
setting clCtsCredentialsClearAll to 'true'."
|
|
DEFVAL {" "}
|
|
::= { clCtsGlobalMIBObjects 2 }
|
|
|
|
|
|
clCtsDevicePassword OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies user to specify the password for
|
|
the device.
|
|
|
|
This password and the device identifier (specified by
|
|
clCtsDeviceId) are used together by the Cisco Trusted Security
|
|
feature for authenticating the device.
|
|
|
|
The object may not be set to a zero length string.
|
|
|
|
When read, this object always returns the value of a
|
|
zero-length octet string."
|
|
DEFVAL { "" }
|
|
::= { clCtsGlobalMIBObjects 3 }
|
|
|
|
clCtsInlineTagEnableStatus OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether the inline tagging option is
|
|
Enabled or disabled.
|
|
A 'true' value indicates that inline tagging option is enabled.
|
|
A 'false' value indicates that inline tagging option is disabled."
|
|
DEFVAL { false }
|
|
::= { clCtsGlobalMIBObjects 4 }
|
|
|
|
clCtsEnableStatus OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether the CTS option is
|
|
Enabled or disabled.
|
|
A value of 'true' indicates that CTS is enabled.
|
|
A value of 'false' indicates that CTS is disabled."
|
|
DEFVAL { false }
|
|
::= { clCtsGlobalMIBObjects 6 }
|
|
|
|
--********************************************************************
|
|
-- * AP SXP Table
|
|
--********************************************************************
|
|
|
|
clCtsApSxpPeerTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CLCtsApSxpPeerEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of SXP peers configured on this device.
|
|
It is a list of IP addresses of respective
|
|
SXP connection peers configured for this device.
|
|
SXP peers exchange security group tags information
|
|
of clients through SxpV4 protocol."
|
|
::= { clCtsTableMIBObjects 1 }
|
|
|
|
cLCtsApSxpPeerEntry OBJECT-TYPE
|
|
SYNTAX CLCtsApSxpPeerEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing management information of a
|
|
particular SXP peers."
|
|
INDEX { cLApSysMacAddress, clCtsApSxpPeerIpType, clCtsApSxpPeerIp }
|
|
::= { clCtsApSxpPeerTable 1 }
|
|
|
|
CLCtsApSxpPeerEntry ::= SEQUENCE {
|
|
clCtsApSxpPeerIpType InetAddressType,
|
|
clCtsApSxpPeerIp InetAddress,
|
|
clCtsApSxpPeerPassword INTEGER,
|
|
clCtsApSxpMode INTEGER,
|
|
clCtsApSxpPeerRowStatus RowStatus
|
|
}
|
|
|
|
clCtsApSxpPeerIpType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of Internet address of the peer SXP device."
|
|
::= { cLCtsApSxpPeerEntry 1 }
|
|
|
|
|
|
clCtsApSxpPeerIp OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Internet address of the SXP peer device. The type of this
|
|
address is determined by the value of cLCtsApSxpPeerIpType
|
|
object."
|
|
|
|
::= { cLCtsApSxpPeerEntry 2 }
|
|
|
|
clCtsApSxpMode OBJECT-TYPE
|
|
SYNTAX INTEGER {speaker(1),
|
|
listener(2),
|
|
both(3)}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the device mode of this SXP connection.
|
|
|
|
A value of 'speaker' indicates that device will acts as
|
|
the speaker in this SXP connection.
|
|
|
|
A value of 'listener' indicates that device will acts as
|
|
the listener in this SXP connection.
|
|
|
|
A value of 'both' indicates that device will acts as
|
|
both speaker and listener making it a Bi-directional SXP
|
|
connection."
|
|
::= { cLCtsApSxpPeerEntry 3 }
|
|
|
|
|
|
clCtsApSxpPeerPassword OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
notRequired(0),
|
|
required(1),
|
|
default(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies to configure the
|
|
password of the sxp peer device."
|
|
::= { cLCtsApSxpPeerEntry 4 }
|
|
|
|
clCtsApSxpPeerRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the conceptual status of the
|
|
row."
|
|
::= { cLCtsApSxpPeerEntry 5 }
|
|
|
|
|
|
-- *******************************************************************
|
|
-- * Compliance statements
|
|
-- *******************************************************************
|
|
|
|
clCtsMIBCompliances OBJECT IDENTIFIER
|
|
::= { clCtsMIBConform 1 }
|
|
|
|
clCtsMIBGroups OBJECT IDENTIFIER
|
|
::= { clCtsMIBConform 2 }
|
|
|
|
|
|
clCtsMIBCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for the SNMP entities that
|
|
implement the ciscoLwappTrustSecMIB module."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
clCtsGroup
|
|
}
|
|
::= { clCtsMIBCompliances 1 }
|
|
|
|
-- *******************************************************************
|
|
-- * Units of conformance
|
|
-- *******************************************************************
|
|
|
|
clCtsGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
clCtsSecurityGroupTagId,
|
|
clCtsDeviceId,
|
|
clCtsDevicePassword,
|
|
clCtsInlineTagEnableStatus,
|
|
clCtsEnableStatus,
|
|
clCtsApSxpPeerIpType,
|
|
clCtsApSxpPeerIp,
|
|
clCtsApSxpPeerPassword,
|
|
clCtsApSxpMode,
|
|
clCtsApSxpPeerRowStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This collection of objects represents the information
|
|
about the general attributes of Trustsec."
|
|
::= { clCtsMIBGroups 1 }
|
|
|
|
END
|
|
|
|
|
|
|
|
|