CISCO-TRUSTSEC-MIB
File:
CISCO-TRUSTSEC-MIB.mib (66177 bytes)
Imported modules
Imported symbols
Defined Types
CtsKeystorePasswordRecordEntry |
|
SEQUENCE |
|
|
|
|
ctsKeystorePasswordRecordName |
SnmpAdminString |
|
|
ctsKeystorePasswordRecordType |
CtsCredentialRecordType |
|
CtsPacInfoEntry |
|
SEQUENCE |
|
|
|
|
ctsPacAcsAuthId |
CtsAcsAuthorityIdentity |
|
|
ctsPacAcsDescription |
SnmpAdminString |
|
|
ctsPacType |
INTEGER |
|
|
ctsPacExpirationTime |
DateAndTime |
|
|
ctsPacTimeToRefresh |
Unsigned32 |
|
|
ctsPacStatus |
RowStatus |
|
CtsEnvSecurityGroupNameEntry |
|
SEQUENCE |
|
|
|
|
ctsEnvSecurityGroupNameSgt |
CtsSecurityGroupTag |
|
|
ctsEnvSecurityGroupNameSgtGenId |
CtsGenerationId |
|
|
ctsEnvSecurityGroupNameSgtFlag |
BITS |
|
|
ctsEnvSecurityGroupName |
SnmpAdminString |
|
Defined Values
ciscoTrustSecMIB |
1.3.6.1.4.1.9.9.730 |
This MIB module is for the configuration of a network
device on the Cisco Trusted Security (TrustSec) system.
TrustSec secures a network fabric by authenticating and
authorizing each device connecting to the network, allowing for
the encryption, authentication and replay protection of data
traffic on a hop by hop basis.
Glossary :
TrustSec - Cisco Trusted Security
EAP-FAST - Extensible Authentication Protocol-Flexible
Authentication via Secure Tunneling (RFC 4851)
PAC - Protected Access Credential
A credential dynamically downloaded from the
Access Control Server.
ACS - Access Control Server
SGT - Security Group Tag
A tag identifying its source, assigned to a packet on
ingress to a TrustSec cloud, and used to determine
security and other policy to be applied to it along
its path through the cloud. |
MODULE-IDENTITY |
|
|
|
ctsCacheEnabled |
1.3.6.1.4.1.9.9.730.1.1.1 |
This object specifies if the TrustSec cache is enabled in
the system. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
ctsCacheNvStorage |
1.3.6.1.4.1.9.9.730.1.1.2 |
The object specifies the location on the device
where TrustSec cache files will be created.
The location may be specified in :[directory] format,
where can be (but not limited to): bootdisk:, disk0:,
disk1:.
A zero length string for this object indicates that no location
has been configured and system will decide the location of
TrustSec cache files. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
|
|
ctsCacheClear |
1.3.6.1.4.1.9.9.730.1.1.3 |
This object allows user to clear the cache files for
Cisco Trusted Security feature on this device.
When read, this object always returns the value 'none'.
'none' - No operation.
'all' - Clear all the cached information
'authzPolicies' - Clear all the cached authorization
policies.
'authzPoliciesPeer' - Clear the cached peer authorization
policies.
'authzPoliciesSgt' - Clear the cached SGT authorization
policies.
'environmentData' - Clear the cached environment data
'interfaceController' - Clear the cached interface controller
data. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
none(1), all(2), authzPolicies(3), authzPoliciesPeer(4), authzPoliciesSgt(5), environmentData(6), interfaceController(7) |
|
ctsSecurityGroupTagId |
1.3.6.1.4.1.9.9.730.1.2.1 |
This object allows user to specify the SGT for the packets
originating from this device.
A value of zero for this object indicates that no SGT has been
configured. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
CtsSecurityGroupTag |
|
|
ctsSgtAssignmentMethod |
1.3.6.1.4.1.9.9.730.1.2.2 |
This object specifies the method used for assignment
of TrustSec SGT for the line cards without TrustSec
tagging capability.
'none' - assignment of TrustSec SGT is not enabled.
'ingress' - 'ingress' method is used for the assignment of
TrustSec SGT.
'egress' - 'egress' method is used for the assignment of
TrustSec SGT. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
none(1), ingress(2), egress(3) |
|
ctsDeviceId |
1.3.6.1.4.1.9.9.730.1.3.1 |
This object allows user to specify the identifier for
the device.
This identifier and the device password (specified by
ctsDevicePassword) are used together by the Cisco Trusted
Security feature for authenticating the device.
The value of this object must be set in the same PDU as
ctsDevicePasswordType and ctsDevicePassword.
The object may not be set to a zero length string.
The system will return a zero length string for this object
either when there is no value configured for this object or
TrustSec credentials for the device have been cleared by
setting ctsCredentialsClearAll to 'true'. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
|
|
ctsDevicePasswordType |
1.3.6.1.4.1.9.9.730.1.3.2 |
This object specifies the type of encryption employed
to encrypt password in ctsDevicePassword object.
Value for this object must be specified as 'clearText',
'typeSix' or 'typeSeven' in order to configure the password in
ctsDevicePassword.
The value of this object must be set in the same PDU as
ctsDevicePassword and ctsDeviceId.
When read, value of this object must be 'none' if
ctsDevicePassword is a zero length string.
The value of this object may not be set to 'none' or 'other'. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
CtsPasswordEncryptionType |
|
|
ctsDevicePassword |
1.3.6.1.4.1.9.9.730.1.3.3 |
This object allows user to specify the password for
the device.
This password and the device identifier (specified by
ctsDeviceId) are used together by the Cisco Trusted Security
feature for authenticating the device.
The value of this object must be set in the same PDU as
ctsDevicePasswordType and ctsDeviceId.
The object may not be set to a zero length string.
When read, this object always returns the value of a
zero-length octet string. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
|
|
ctsKeystoreType |
1.3.6.1.4.1.9.9.730.1.3.4 |
This object indicates the type of keystore employed
by the device.
'hardwareKeystore' - Keystore functionality is implemented
in hardware.
'softwareEmulation' - Keystore functionality is emulated
in software. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
INTEGER |
hardwareKeystore(1), softwareEmulation(2) |
|
ctsKeystoreFwVersion |
1.3.6.1.4.1.9.9.730.1.3.5 |
This object indicates the firmware version of
the hardware keystore.
This object is only instantiated when the value of
ctsKeystoreType is 'hardwareKeystore'. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
|
|
ctsKeystoreFwAlerts |
1.3.6.1.4.1.9.9.730.1.3.6 |
This object indicates the number of hardware
keystore alerts that occurred.
This object is only instantiated when the value of
ctsKeystoreType is 'hardwareKeystore'. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ctsKeystoreFwResets |
1.3.6.1.4.1.9.9.730.1.3.7 |
This object indicates the number of times
the keystore firmware was reset.
This object is only instantiated when the value of
ctsKeystoreType is 'hardwareKeystore'. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ctsKeystoreRxTimeouts |
1.3.6.1.4.1.9.9.730.1.3.8 |
This object indicates the number of times the system
timed out awaiting response from keystore firmware.
This object is only instantiated when the value of
ctsKeystoreType is 'hardwareKeystore'. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ctsKeystoreRxBadChecksums |
1.3.6.1.4.1.9.9.730.1.3.9 |
This object indicates the number of message fragments
the system received from keystore firmware that had bad
checksum value.
This object is only instantiated when the value of
ctsKeystoreType is 'hardwareKeystore'. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ctsKeystoreRxBadFragmentLengths |
1.3.6.1.4.1.9.9.730.1.3.10 |
This object indicates the number of message fragments
the system received from keystore firmware that had
illegal lengths.
This object is only instantiated when the value of
ctsKeystoreType is 'hardwareKeystore'. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ctsKeystoreCorruptions |
1.3.6.1.4.1.9.9.730.1.3.11 |
This object indicates the number of times keystore
firmware reported detection of one or more corrupted
records in the hardware keystore.
This object is only instantiated when the value of
ctsKeystoreType is 'hardwareKeystore'. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ctsKeystorePasswordRecordEntry |
1.3.6.1.4.1.9.9.730.1.3.13.1 |
An entry describing individual password record in the
keystore of this device.
An entry will be created or deleted from this table when a
password record is added or removed from the keystore of
this device. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CtsKeystorePasswordRecordEntry |
|
|
ctsKeystorePacRecordEntry |
1.3.6.1.4.1.9.9.730.1.3.14.1 |
An entry describing individual PAC record in the
keystore of this device.
An entry will be created or deleted by the system when a
PAC record is added or removed from the keystore of this
device. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CtsKeystorePacRecordEntry |
|
|
ctsPacInfoTable |
1.3.6.1.4.1.9.9.730.1.3.15 |
A list of PACs on this device. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
CtsPacInfoEntry |
|
ctsPacInfoEntry |
1.3.6.1.4.1.9.9.730.1.3.15.1 |
An entry providing management information of a particular PAC
record.
An entry can only be created dynamically by the system when
a new PAC is installed in the keystore. An entry will be deleted
from this table when the PAC is removed from the keystore by the
system or by the user. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CtsPacInfoEntry |
|
|
ctsPacAcsAuthId |
1.3.6.1.4.1.9.9.730.1.3.15.1.1 |
This object indicates the unique authority identity of the
ACS server from where the PAC was downloaded. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CtsAcsAuthorityIdentity |
Size(1..64) |
|
ctsPacAcsDescription |
1.3.6.1.4.1.9.9.730.1.3.15.1.2 |
This object indicates the description of the ACS server from
where the PAC was downloaded. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
|
|
ctsPacType |
1.3.6.1.4.1.9.9.730.1.3.15.1.3 |
This object indicates the type of PAC this entry represents.
'unknown' -
Any other type of PAC that is not covered below
'tunnel' -
Distributed shared secret between the peer and ACS that is
used to establish a secure tunnel and convey the policy of
what must and can occur in the tunnel.
'machineAuthentication' -
The Machine Authentication PAC contains information in the
PAC opaque that identifies the machine. It is meant to be
used by a machine when network access is required and no user
is logged in.
'userAuthorization' -
The User Authorization PAC contains information in the PAC
opaque that identifies a user and provides authorization
information. The User Authorization PAC is used to provide
user information during stateless session resumption so
user authentication MAY be skipped.
'posture' -
Distributed posture checking and authorization result based
on a previous posture validation. A posture PAC can be used
to optimize posture validation in the case of frequent
revalidations. This result is specific to the posture
validation application and may be used outside the contents
of EAP-FAST.
'ciscoTrustSec' -
A credential dynamically provisioned in phase 0 of EAP-FAST.
It is used by Trustsec to set up secure communications with
the server. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
INTEGER |
unknown(1), tunnel(2), machineAuthentication(3), userAuthorization(4), posture(5), ciscoTrustSec(6) |
|
ctsPacExpirationTime |
1.3.6.1.4.1.9.9.730.1.3.15.1.4 |
This object indicates the time when this PAC will be expired. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
DateAndTime |
|
|
ctsPacTimeToRefresh |
1.3.6.1.4.1.9.9.730.1.3.15.1.5 |
This object indicates the time left for this PAC to be
refreshed from the ACS. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ctsPacStatus |
1.3.6.1.4.1.9.9.730.1.3.15.1.6 |
This object is used to manage the deletion of rows
in this table. This object only supports the values
'active' and 'destroy'.
Setting this object to 'destroy' deletes this PAC.
When read, this object will always return 'active'. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ctsCredentialsClearAll |
1.3.6.1.4.1.9.9.730.1.3.16 |
This object allows user to clear all the PACs and Cisco
Trusted Security credentials on the device.
Setting the object to 'true' will clear all the PACs and
credentials.
When read, this object will always return 'false'. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
ctsEnvDataLastDownloadStatus |
1.3.6.1.4.1.9.9.730.1.4.1 |
This object indicates the status of the last attempt to
download the Environment Data.
'other' - Any other state not covered by below
enumerations.
'succeeded' - Environment Data download completed successfully.
'failed' - Environment Data download failed.
'inprogress'- Environment Data download is in progress.
'incomplete'- Environment Data download is incomplete.
'timedout' - Environment Data download did not start and
timed out due to no response from the ACS.
'cleared' - Environment Data has been cleared by the user. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
INTEGER |
other(1), succeeded(2), failed(3), inprogress(4), incomplete(5), timedout(6), cleared(7) |
|
ctsEnvSecurityGroupTagId |
1.3.6.1.4.1.9.9.730.1.4.2 |
This object indicates the SGT for packets originating
on this device downloaded from the ACS.
A value of zero for this object indicates that no SGT has
been downloaded from the ACS. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
CtsSecurityGroupTag |
|
|
ctsEnvSecurityGroupTagGenId |
1.3.6.1.4.1.9.9.730.1.4.3 |
This object indicates the generation identifier associated
with the downloaded SGT on this device. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
CtsGenerationId |
|
|
ctsEnvDataLastUpdate |
1.3.6.1.4.1.9.9.730.1.4.4 |
This object indicates the last time Cisco Trusted Security
Environment Data was successfully updated from ACS.
This object will contain 0-1-1,00:00:00:0 if Environment Data
has never been successfully updated from ACS. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
DateAndTime |
|
|
ctsEnvDataRefreshInterval |
1.3.6.1.4.1.9.9.730.1.4.5 |
This object indicates the time interval for which
Trusted Security Environment Data is valid.
The Trusted Security Environment Data will be refreshed i.e.
downloaded from the ACS after this time period has elapsed. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ctsEnvDataTimeLeft |
1.3.6.1.4.1.9.9.730.1.4.6 |
This object indicates the time left for the currently
installed Trusted Security Environment Data to expire. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ctsEnvDataTimeToRefresh |
1.3.6.1.4.1.9.9.730.1.4.7 |
This object indicates the time interval after which
Trusted Security Environment Data will be refreshed i.e.
downloaded from the ACS due to Environment Data expiration
or refresh failure. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ctsEnvDataSource |
1.3.6.1.4.1.9.9.730.1.4.8 |
This object indicates the source of current Environment Data
installed on the system.
'none' - No Environment Data is currently installed.
'cached' - Environment Data is installed from non-volatile
storage on the system.
'downloaded' - Environment Data is downloaded from the ACS. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
INTEGER |
none(1), cached(2), downloaded(3) |
|
ctsEnvDataAction |
1.3.6.1.4.1.9.9.730.1.4.9 |
This object allows user to specify the action to be taken for
all the Cisco Trusted Security Environment Data on this device.
When read, this object always returns the value 'none'.
'none' - No operation.
'refresh' - Refresh all the Trusted Security Environment Data
on the device. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
none(1), refresh(2) |
|
ctsEnvSecurityGroupNameEntry |
1.3.6.1.4.1.9.9.730.1.4.16.1 |
An entry listing the name assigned to each SGT in
Cisco Trusted Security environment.
Entries will be populated in this table when system downloads
Security Group Name information as part of Trusted
Security Environment Data. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CtsEnvSecurityGroupNameEntry |
|
|
ctsEnvSecurityGroupNameSgtFlag |
1.3.6.1.4.1.9.9.730.1.4.16.1.3 |
This object indicates the flag associated with this SGT.
'recognizedSgt' - indicates a recognized SGT when set
to 1, else indicates a reserved SGT.
'unicastSgt' - indicates a unicast SGT when set
to 1, else indicates a multicast SGT. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
BITS |
recognizedSgt(0), unicastSgt(1) |
|
ctsFileErrNotifReason |
1.3.6.1.4.1.9.9.730.1.6.1 |
This object indicates the reason file error related
notification was generated.
'openFailedForWrite' - System failed to open a file to
write TrustSec information.
'writeFailed' - System failed to write TrustSec
information to a file.
'openFailedForRead' - System failed to open a file to
read TrustSec information.
'readFailed' - System failed to read TrustSec
information from a file.
'badMagic' - A bad magic number was encountered
for a TrustSec file.
'unexpectedEof' - A record of unexpected length is found in
TrustSec file.
'badHeader' - Bad file header was encountered for a
TrustSec file. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
INTEGER |
openFailedForWrite(1), writeFailed(2), openFailedForRead(3), readFailed(4), badMagic(5), unexpectedEof(6), badHeader(7) |
|
ctsSwKeystoreSyncFailNotifReason |
1.3.6.1.4.1.9.9.730.1.6.2 |
This object indicates the reason ctsSwKeystoreSyncFailNotif
notification was generated.
'ipcPortCreationFailed' - Keystore information could not be
synced because the system failed to
create port for Inter-Process
communication between the active
and the standby supervisors.
'ipcPortOpenFailed' - Keystore information could not be
synced because the system failed to
open port for Inter-Process
communication between the active
and the standby supervisors.
'ipcConnectionFailure' - Keystore information could not be
synced because Inter-Process
communication connection failed
between the active and the
standby supervisors.
'ipcSendFailure' - Keystore information could not be
synced because Inter-Process
Communication messages could not be
sent to the standby supervisor.
'standbyIncompatible' - Keystore information could not be
synced because the standby
supervisor is not compatible with
the active supervisor.
'syncProcessCreationFailed' - Keystore information could not
be synced because the system failed
to create the sync process. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
INTEGER |
ipcPortCreationFailed(1), ipcPortOpenFailed(2), ipcConnectionFailure(3), ipcSendFailure(4), standbyIncompatible(5), syncProcessCreationFailed(6) |
|
ctsNotifMessageString |
1.3.6.1.4.1.9.9.730.1.6.3 |
The object indicates additional information for a TrustSec
notification. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
|
|
ctsSwKeystoreFileErrNotifEnable |
1.3.6.1.4.1.9.9.730.1.5.1 |
This object specifies if the system generates
ctsSwKeystoreFileErrNotif.
A value of 'false' will prevent ctsSwKeystoreFileErrNotif
notifications from being generated by this system. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
ctsSwKeystoreSyncFailNotifEnable |
1.3.6.1.4.1.9.9.730.1.5.2 |
This object specifies if the system generates
ctsSwKeystoreSyncFailNotif.
A value of 'false' will prevent ctsSwKeystoreSyncFailNotif
notifications from being generated by this system. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
ctsAuthzCacheFileErrNotifEnable |
1.3.6.1.4.1.9.9.730.1.5.3 |
This object specifies if the system generates
ctsAuthzCacheFileErrNotif.
A value of 'false' will prevent ctsAuthzCacheFileErrNotif
notifications from being generated by this system. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
ctsCacheFileAccessErrNotifEnable |
1.3.6.1.4.1.9.9.730.1.5.4 |
This object specifies if the system generates
ctsCacheFileAccessErrNotif.
A value of 'false' will prevent ctsCacheFileAccessErrNotif
notifications from being generated by this system. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
ctsSrcEntropyFailNotifEnable |
1.3.6.1.4.1.9.9.730.1.5.5 |
This object specifies if the system generates
ctsSrcEntropyFailNotif.
A value of 'false' will prevent ctsSrcEntropyFailNotif
notifications from being generated by this system. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
ctsSapRandomNumberFailNotifEnable |
1.3.6.1.4.1.9.9.730.1.5.6 |
This object specifies if the system generates
ctsSapRandomNumberFailNotif.
A value of 'false' will prevent ctsSapRandomNumberFailNotif
notifications from being generated by this system. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
ctsCriticalAuthEnabled |
1.3.6.1.4.1.9.9.730.1.7.1 |
This object specifies if the Critical-Auth functionality
is enabled in the system.
Setting the object to 'true' will enable Critical-Auth
functionality in the system and 'false' will disable the
Critical-Auth functionality. Before enable ctsCriticalAuthEnable
ctsCriticalAuthPeerSgt need to be configured. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
ctsCriticalAuthFallback |
1.3.6.1.4.1.9.9.730.1.7.2 |
This object specifies the CTS Critical-Auth fallback
policy.
default - Critical-Auth fallback policy is default.
cache - Critical-Auth fallback policy is cache. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
default(1), cache(2) |
|
ctsCriticalAuthPeerSgt |
1.3.6.1.4.1.9.9.730.1.7.3 |
This object specifies the CTS Critical-Auth SGT tag
of the remote peer.
ctsCriticalAuthPeerSgt cannot be set to zero when
ctsCriticalAuthEnable is enable.
ctsCriticalAuthPeerSgtTrust will be set to untrusted by default
during set operation of ctsCriticalAuthPeerSgt.
User need to explicitly override the ctsCriticalAuthPeerSgtTrust
to trusted if required. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
CtsSecurityGroupTag |
|
|
ctsCriticalAuthPeerSgtTrust |
1.3.6.1.4.1.9.9.730.1.7.4 |
This object specifies the CTS Critical-Auth peer's sgt
trust state.
This object can only be set when ctsCriticalAuthPeerSgt is
non-zero. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
ctsCriticalAuthDefaultPmk |
1.3.6.1.4.1.9.9.730.1.7.5 |
This object specifies the CTS Critical-Auth default PMK
used by SAP.
The purpose of this object is to only allow configuration of
Critical-Auth PMK.
The ctsCriticalAuthViewDefaultPmk object is used to display the
default Critical-Auth PMK. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0|32) |
|
ctsCriticalAuthViewDefaultPmk |
1.3.6.1.4.1.9.9.730.1.7.6 |
This object indicates the CTS Critical-Auth default PMK.
The purpose of this object is to only display the configured
Critical-Auth PMK.
A zero length string for this objects indicates the SAP
negotiation is disabled.
The ctsCriticalAuthDefaultPmk object is used to configure
the PMK. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..255) |
|
ctsSwKeystoreFileErrNotif |
1.3.6.1.4.1.9.9.730.0.1 |
A ctsSwKeystoreFileErrNotif is generated when system
encounters an error while performing operation on the
software keystore file. |
Status: current |
Access: read-only |
NOTIFICATION-TYPE |
|
|
|
ctsSwKeystoreSyncFailNotif |
1.3.6.1.4.1.9.9.730.0.2 |
A ctsSwKeystoreSyncFailNotifReason is generated when system
fails to sync software keystore information from the active
supervisor to the standby supervisor. |
Status: current |
Access: read-only |
NOTIFICATION-TYPE |
|
|
|
ctsAuthzCacheFileErrNotif |
1.3.6.1.4.1.9.9.730.0.3 |
A ctsAuthzCacheFileErrNotif is generated when the system
encounters error downloading TrustSec authorization
related environment data to a cache file. |
Status: current |
Access: read-only |
NOTIFICATION-TYPE |
|
|
|
ctsCacheFileAccessErrNotif |
1.3.6.1.4.1.9.9.730.0.4 |
A ctsCacheFileAccessErrNotif is generated when the
system fails to perform open/read/write operation
for a TrustSec cache file. |
Status: current |
Access: read-only |
NOTIFICATION-TYPE |
|
|
|
ctsSrcEntropyFailNotif |
1.3.6.1.4.1.9.9.730.0.5 |
A ctsSrcEntropyFailNotif is generated when
the periodic health tests for the CTR-DRBG (Counter-
Deterministic Random Bit Generator) implementation
fails due to issues with the source entropy. |
Status: current |
Access: read-only |
NOTIFICATION-TYPE |
|
|
|
ctsSapRandomNumberFailNotif |
1.3.6.1.4.1.9.9.730.0.6 |
A ctsSapRandomNumberFailNotif is generated when the
the system fails to obtain a random number from
CTR-DRBG block for SAP (Security Association Protocol)
key-counter. |
Status: current |
Access: read-only |
NOTIFICATION-TYPE |
|
|
|
ciscoTrustSecMIBCompliance |
1.3.6.1.4.1.9.9.730.2.1.1 |
The compliance statement for the CISCO-TRUSTSEC-MIB. |
Status: deprecated |
Access: read-only |
MODULE-COMPLIANCE |
|
|
|
ciscoTrustSecMIBCompliance2 |
1.3.6.1.4.1.9.9.730.2.1.2 |
The compliance statement for the CISCO-TRUSTSEC-MIB. |
Status: deprecated |
Access: read-only |
MODULE-COMPLIANCE |
|
|
|
ciscoTrustSecMIBCompliance3 |
1.3.6.1.4.1.9.9.730.2.1.3 |
The compliance statement for the CISCO-TRUSTSEC-MIB. |
Status: deprecated |
Access: read-only |
MODULE-COMPLIANCE |
|
|
|
ciscoTrustSecMIBCompliance4 |
1.3.6.1.4.1.9.9.730.2.1.4 |
The compliance statement for the CISCO-TRUSTSEC-MIB. |
Status: current |
Access: read-only |
MODULE-COMPLIANCE |
|
|
|
ciscoTrustSecCacheGroup |
1.3.6.1.4.1.9.9.730.2.2.1 |
A collection of objects that provides the cache configuration
for TrustSec in the system. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
ciscoTrustSecSgtGroup |
1.3.6.1.4.1.9.9.730.2.2.2 |
A collection of objects to manage SGT for TrustSec. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
ciscoTrustSecCredentialsGroup |
1.3.6.1.4.1.9.9.730.2.2.3 |
A collection of objects to manage credentials parameters for
TrustSec. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
ciscoTrustSecHwKeystoreInfoGroup |
1.3.6.1.4.1.9.9.730.2.2.4 |
A collection of objects to manage hardware keystore for
TrustSec. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
ciscoTrustSecEnvDataGroup |
1.3.6.1.4.1.9.9.730.2.2.5 |
A collection of objects to manage Environment Data for
TrustSec. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
ciscoTrustSecSgtAssignmentGroup |
1.3.6.1.4.1.9.9.730.2.2.6 |
A collection of objects to manage assignment of TrustSec SGT. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
ciscoTrustSecEnvSecGroupNameGroup |
1.3.6.1.4.1.9.9.730.2.2.7 |
A collection of object(s) to manage Security Group Name
information for TrustSec. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
ciscoTrustSecSwKeystoreNotifsInfoGroup |
1.3.6.1.4.1.9.9.730.2.2.8 |
A collection of object(s) to provide information
regarding software keystore notifications for TrustSec. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
ciscoTrustSecSwKeystoreNotifsGroup |
1.3.6.1.4.1.9.9.730.2.2.10 |
A collection of software keystore related notifications for
TrustSec. |
Status: current |
Access: read-only |
NOTIFICATION-GROUP |
|
|
|
ciscoTrustSecFileErrNotifsInfoGroup |
1.3.6.1.4.1.9.9.730.2.2.11 |
A collection of object(s) to provide information
regarding file error related notifications for TrustSec. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
ciscoTrustSecCacheFileNotifsGroup |
1.3.6.1.4.1.9.9.730.2.2.14 |
A collection of TrustSec cache file related notifications. |
Status: current |
Access: read-only |
NOTIFICATION-GROUP |
|
|
|
ciscoTrustSecCtrDrbgNotifsControlGroup |
1.3.6.1.4.1.9.9.730.2.2.15 |
A collection of object(s) to control CTR-DRBG related
notifications for TrustSec. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
ciscoTrustSecCtrDrbgNotifsGroup |
1.3.6.1.4.1.9.9.730.2.2.16 |
A collection of CTR-DRBG related notifications
for TrustSec. |
Status: current |
Access: read-only |
NOTIFICATION-GROUP |
|
|
|
ciscoTrustSecCrtclAuthGroup |
1.3.6.1.4.1.9.9.730.2.2.17 |
A collection of CTS Critical Auth Config
objects |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|