CISCO-TRUSTSEC-MIB

File: CISCO-TRUSTSEC-MIB.mib (66177 bytes)

Imported modules

SNMPv2-SMI SNMPv2-CONF SNMPv2-TC
SNMP-FRAMEWORK-MIB CISCO-TRUSTSEC-TC-MIB CISCO-SMI

Imported symbols

MODULE-IDENTITY OBJECT-TYPE Unsigned32
Counter32 NOTIFICATION-TYPE MODULE-COMPLIANCE
OBJECT-GROUP NOTIFICATION-GROUP TruthValue
DateAndTime RowStatus SnmpAdminString
CtsSecurityGroupTag CtsGenerationId CtsPasswordEncryptionType
CtsAcsAuthorityIdentity CtsCredentialRecordType ciscoMgmt

Defined Types

CtsKeystorePasswordRecordEntry  
SEQUENCE    
  ctsKeystorePasswordRecordName SnmpAdminString
  ctsKeystorePasswordRecordType CtsCredentialRecordType

CtsKeystorePacRecordEntry  
SEQUENCE    
  ctsKeystorePacRecordName CtsAcsAuthorityIdentity
  ctsKeystorePacRecordType CtsCredentialRecordType

CtsPacInfoEntry  
SEQUENCE    
  ctsPacAcsAuthId CtsAcsAuthorityIdentity
  ctsPacAcsDescription SnmpAdminString
  ctsPacType INTEGER
  ctsPacExpirationTime DateAndTime
  ctsPacTimeToRefresh Unsigned32
  ctsPacStatus RowStatus

CtsEnvSecurityGroupNameEntry  
SEQUENCE    
  ctsEnvSecurityGroupNameSgt CtsSecurityGroupTag
  ctsEnvSecurityGroupNameSgtGenId CtsGenerationId
  ctsEnvSecurityGroupNameSgtFlag BITS
  ctsEnvSecurityGroupName SnmpAdminString

Defined Values

ciscoTrustSecMIB 1.3.6.1.4.1.9.9.730
This MIB module is for the configuration of a network device on the Cisco Trusted Security (TrustSec) system. TrustSec secures a network fabric by authenticating and authorizing each device connecting to the network, allowing for the encryption, authentication and replay protection of data traffic on a hop by hop basis. Glossary : TrustSec - Cisco Trusted Security EAP-FAST - Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (RFC 4851) PAC - Protected Access Credential A credential dynamically downloaded from the Access Control Server. ACS - Access Control Server SGT - Security Group Tag A tag identifying its source, assigned to a packet on ingress to a TrustSec cloud, and used to determine security and other policy to be applied to it along its path through the cloud.
MODULE-IDENTITY    

ciscoTrustSecMIBNotifs 1.3.6.1.4.1.9.9.730.0
OBJECT IDENTIFIER    

ciscoTrustSecMIBObjects 1.3.6.1.4.1.9.9.730.1
OBJECT IDENTIFIER    

ciscoTrustSecMIBConform 1.3.6.1.4.1.9.9.730.2
OBJECT IDENTIFIER    

ctsCacheObjects 1.3.6.1.4.1.9.9.730.1.1
OBJECT IDENTIFIER    

ctsSgtObjects 1.3.6.1.4.1.9.9.730.1.2
OBJECT IDENTIFIER    

ctsCredentialObjects 1.3.6.1.4.1.9.9.730.1.3
OBJECT IDENTIFIER    

ctsEnvironmentDataObjects 1.3.6.1.4.1.9.9.730.1.4
OBJECT IDENTIFIER    

ctsNotifsControlObjects 1.3.6.1.4.1.9.9.730.1.5
OBJECT IDENTIFIER    

ctsNotifsInfoObjects 1.3.6.1.4.1.9.9.730.1.6
OBJECT IDENTIFIER    

ctsCriticalAuthObjects 1.3.6.1.4.1.9.9.730.1.7
OBJECT IDENTIFIER    

ctsCacheEnabled 1.3.6.1.4.1.9.9.730.1.1.1
This object specifies if the TrustSec cache is enabled in the system.
OBJECT-TYPE    
  TruthValue  

ctsCacheNvStorage 1.3.6.1.4.1.9.9.730.1.1.2
The object specifies the location on the device where TrustSec cache files will be created. The location may be specified in :[directory] format, where can be (but not limited to): bootdisk:, disk0:, disk1:. A zero length string for this object indicates that no location has been configured and system will decide the location of TrustSec cache files.
OBJECT-TYPE    
  SnmpAdminString  

ctsCacheClear 1.3.6.1.4.1.9.9.730.1.1.3
This object allows user to clear the cache files for Cisco Trusted Security feature on this device. When read, this object always returns the value 'none'. 'none' - No operation. 'all' - Clear all the cached information 'authzPolicies' - Clear all the cached authorization policies. 'authzPoliciesPeer' - Clear the cached peer authorization policies. 'authzPoliciesSgt' - Clear the cached SGT authorization policies. 'environmentData' - Clear the cached environment data 'interfaceController' - Clear the cached interface controller data.
OBJECT-TYPE    
  INTEGER none(1), all(2), authzPolicies(3), authzPoliciesPeer(4), authzPoliciesSgt(5), environmentData(6), interfaceController(7)  

ctsSecurityGroupTagId 1.3.6.1.4.1.9.9.730.1.2.1
This object allows user to specify the SGT for the packets originating from this device. A value of zero for this object indicates that no SGT has been configured.
OBJECT-TYPE    
  CtsSecurityGroupTag  

ctsSgtAssignmentMethod 1.3.6.1.4.1.9.9.730.1.2.2
This object specifies the method used for assignment of TrustSec SGT for the line cards without TrustSec tagging capability. 'none' - assignment of TrustSec SGT is not enabled. 'ingress' - 'ingress' method is used for the assignment of TrustSec SGT. 'egress' - 'egress' method is used for the assignment of TrustSec SGT.
OBJECT-TYPE    
  INTEGER none(1), ingress(2), egress(3)  

ctsDeviceId 1.3.6.1.4.1.9.9.730.1.3.1
This object allows user to specify the identifier for the device. This identifier and the device password (specified by ctsDevicePassword) are used together by the Cisco Trusted Security feature for authenticating the device. The value of this object must be set in the same PDU as ctsDevicePasswordType and ctsDevicePassword. The object may not be set to a zero length string. The system will return a zero length string for this object either when there is no value configured for this object or TrustSec credentials for the device have been cleared by setting ctsCredentialsClearAll to 'true'.
OBJECT-TYPE    
  SnmpAdminString  

ctsDevicePasswordType 1.3.6.1.4.1.9.9.730.1.3.2
This object specifies the type of encryption employed to encrypt password in ctsDevicePassword object. Value for this object must be specified as 'clearText', 'typeSix' or 'typeSeven' in order to configure the password in ctsDevicePassword. The value of this object must be set in the same PDU as ctsDevicePassword and ctsDeviceId. When read, value of this object must be 'none' if ctsDevicePassword is a zero length string. The value of this object may not be set to 'none' or 'other'.
OBJECT-TYPE    
  CtsPasswordEncryptionType  

ctsDevicePassword 1.3.6.1.4.1.9.9.730.1.3.3
This object allows user to specify the password for the device. This password and the device identifier (specified by ctsDeviceId) are used together by the Cisco Trusted Security feature for authenticating the device. The value of this object must be set in the same PDU as ctsDevicePasswordType and ctsDeviceId. The object may not be set to a zero length string. When read, this object always returns the value of a zero-length octet string.
OBJECT-TYPE    
  SnmpAdminString  

ctsKeystoreType 1.3.6.1.4.1.9.9.730.1.3.4
This object indicates the type of keystore employed by the device. 'hardwareKeystore' - Keystore functionality is implemented in hardware. 'softwareEmulation' - Keystore functionality is emulated in software.
OBJECT-TYPE    
  INTEGER hardwareKeystore(1), softwareEmulation(2)  

ctsKeystoreFwVersion 1.3.6.1.4.1.9.9.730.1.3.5
This object indicates the firmware version of the hardware keystore. This object is only instantiated when the value of ctsKeystoreType is 'hardwareKeystore'.
OBJECT-TYPE    
  SnmpAdminString  

ctsKeystoreFwAlerts 1.3.6.1.4.1.9.9.730.1.3.6
This object indicates the number of hardware keystore alerts that occurred. This object is only instantiated when the value of ctsKeystoreType is 'hardwareKeystore'.
OBJECT-TYPE    
  Counter32  

ctsKeystoreFwResets 1.3.6.1.4.1.9.9.730.1.3.7
This object indicates the number of times the keystore firmware was reset. This object is only instantiated when the value of ctsKeystoreType is 'hardwareKeystore'.
OBJECT-TYPE    
  Counter32  

ctsKeystoreRxTimeouts 1.3.6.1.4.1.9.9.730.1.3.8
This object indicates the number of times the system timed out awaiting response from keystore firmware. This object is only instantiated when the value of ctsKeystoreType is 'hardwareKeystore'.
OBJECT-TYPE    
  Counter32  

ctsKeystoreRxBadChecksums 1.3.6.1.4.1.9.9.730.1.3.9
This object indicates the number of message fragments the system received from keystore firmware that had bad checksum value. This object is only instantiated when the value of ctsKeystoreType is 'hardwareKeystore'.
OBJECT-TYPE    
  Counter32  

ctsKeystoreRxBadFragmentLengths 1.3.6.1.4.1.9.9.730.1.3.10
This object indicates the number of message fragments the system received from keystore firmware that had illegal lengths. This object is only instantiated when the value of ctsKeystoreType is 'hardwareKeystore'.
OBJECT-TYPE    
  Counter32  

ctsKeystoreCorruptions 1.3.6.1.4.1.9.9.730.1.3.11
This object indicates the number of times keystore firmware reported detection of one or more corrupted records in the hardware keystore. This object is only instantiated when the value of ctsKeystoreType is 'hardwareKeystore'.
OBJECT-TYPE    
  Counter32  

ctsKeystorePasswordRecordTable 1.3.6.1.4.1.9.9.730.1.3.13
A list of Cisco Trusted Security password records stored in the hardware or software keystore of this device.
OBJECT-TYPE    
  SEQUENCE OF  
    CtsKeystorePasswordRecordEntry

ctsKeystorePasswordRecordEntry 1.3.6.1.4.1.9.9.730.1.3.13.1
An entry describing individual password record in the keystore of this device. An entry will be created or deleted from this table when a password record is added or removed from the keystore of this device.
OBJECT-TYPE    
  CtsKeystorePasswordRecordEntry  

ctsKeystorePasswordRecordName 1.3.6.1.4.1.9.9.730.1.3.13.1.1
This object identifies a password record.
OBJECT-TYPE    
  SnmpAdminString Size(1..64)  

ctsKeystorePasswordRecordType 1.3.6.1.4.1.9.9.730.1.3.13.1.2
This object indicates the type of credential in this record.
OBJECT-TYPE    
  CtsCredentialRecordType  

ctsKeystorePacRecordTable 1.3.6.1.4.1.9.9.730.1.3.14
A list of Cisco Trusted Security PAC records stored in the hardware or software keystore of this device.
OBJECT-TYPE    
  SEQUENCE OF  
    CtsKeystorePacRecordEntry

ctsKeystorePacRecordEntry 1.3.6.1.4.1.9.9.730.1.3.14.1
An entry describing individual PAC record in the keystore of this device. An entry will be created or deleted by the system when a PAC record is added or removed from the keystore of this device.
OBJECT-TYPE    
  CtsKeystorePacRecordEntry  

ctsKeystorePacRecordName 1.3.6.1.4.1.9.9.730.1.3.14.1.1
The name of this PAC record.
OBJECT-TYPE    
  CtsAcsAuthorityIdentity Size(1..64)  

ctsKeystorePacRecordType 1.3.6.1.4.1.9.9.730.1.3.14.1.2
This object indicates the type of credential in this record.
OBJECT-TYPE    
  CtsCredentialRecordType  

ctsPacInfoTable 1.3.6.1.4.1.9.9.730.1.3.15
A list of PACs on this device.
OBJECT-TYPE    
  SEQUENCE OF  
    CtsPacInfoEntry

ctsPacInfoEntry 1.3.6.1.4.1.9.9.730.1.3.15.1
An entry providing management information of a particular PAC record. An entry can only be created dynamically by the system when a new PAC is installed in the keystore. An entry will be deleted from this table when the PAC is removed from the keystore by the system or by the user.
OBJECT-TYPE    
  CtsPacInfoEntry  

ctsPacAcsAuthId 1.3.6.1.4.1.9.9.730.1.3.15.1.1
This object indicates the unique authority identity of the ACS server from where the PAC was downloaded.
OBJECT-TYPE    
  CtsAcsAuthorityIdentity Size(1..64)  

ctsPacAcsDescription 1.3.6.1.4.1.9.9.730.1.3.15.1.2
This object indicates the description of the ACS server from where the PAC was downloaded.
OBJECT-TYPE    
  SnmpAdminString  

ctsPacType 1.3.6.1.4.1.9.9.730.1.3.15.1.3
This object indicates the type of PAC this entry represents. 'unknown' - Any other type of PAC that is not covered below 'tunnel' - Distributed shared secret between the peer and ACS that is used to establish a secure tunnel and convey the policy of what must and can occur in the tunnel. 'machineAuthentication' - The Machine Authentication PAC contains information in the PAC opaque that identifies the machine. It is meant to be used by a machine when network access is required and no user is logged in. 'userAuthorization' - The User Authorization PAC contains information in the PAC opaque that identifies a user and provides authorization information. The User Authorization PAC is used to provide user information during stateless session resumption so user authentication MAY be skipped. 'posture' - Distributed posture checking and authorization result based on a previous posture validation. A posture PAC can be used to optimize posture validation in the case of frequent revalidations. This result is specific to the posture validation application and may be used outside the contents of EAP-FAST. 'ciscoTrustSec' - A credential dynamically provisioned in phase 0 of EAP-FAST. It is used by Trustsec to set up secure communications with the server.
OBJECT-TYPE    
  INTEGER unknown(1), tunnel(2), machineAuthentication(3), userAuthorization(4), posture(5), ciscoTrustSec(6)  

ctsPacExpirationTime 1.3.6.1.4.1.9.9.730.1.3.15.1.4
This object indicates the time when this PAC will be expired.
OBJECT-TYPE    
  DateAndTime  

ctsPacTimeToRefresh 1.3.6.1.4.1.9.9.730.1.3.15.1.5
This object indicates the time left for this PAC to be refreshed from the ACS.
OBJECT-TYPE    
  Unsigned32  

ctsPacStatus 1.3.6.1.4.1.9.9.730.1.3.15.1.6
This object is used to manage the deletion of rows in this table. This object only supports the values 'active' and 'destroy'. Setting this object to 'destroy' deletes this PAC. When read, this object will always return 'active'.
OBJECT-TYPE    
  RowStatus  

ctsCredentialsClearAll 1.3.6.1.4.1.9.9.730.1.3.16
This object allows user to clear all the PACs and Cisco Trusted Security credentials on the device. Setting the object to 'true' will clear all the PACs and credentials. When read, this object will always return 'false'.
OBJECT-TYPE    
  TruthValue  

ctsEnvDataLastDownloadStatus 1.3.6.1.4.1.9.9.730.1.4.1
This object indicates the status of the last attempt to download the Environment Data. 'other' - Any other state not covered by below enumerations. 'succeeded' - Environment Data download completed successfully. 'failed' - Environment Data download failed. 'inprogress'- Environment Data download is in progress. 'incomplete'- Environment Data download is incomplete. 'timedout' - Environment Data download did not start and timed out due to no response from the ACS. 'cleared' - Environment Data has been cleared by the user.
OBJECT-TYPE    
  INTEGER other(1), succeeded(2), failed(3), inprogress(4), incomplete(5), timedout(6), cleared(7)  

ctsEnvSecurityGroupTagId 1.3.6.1.4.1.9.9.730.1.4.2
This object indicates the SGT for packets originating on this device downloaded from the ACS. A value of zero for this object indicates that no SGT has been downloaded from the ACS.
OBJECT-TYPE    
  CtsSecurityGroupTag  

ctsEnvSecurityGroupTagGenId 1.3.6.1.4.1.9.9.730.1.4.3
This object indicates the generation identifier associated with the downloaded SGT on this device.
OBJECT-TYPE    
  CtsGenerationId  

ctsEnvDataLastUpdate 1.3.6.1.4.1.9.9.730.1.4.4
This object indicates the last time Cisco Trusted Security Environment Data was successfully updated from ACS. This object will contain 0-1-1,00:00:00:0 if Environment Data has never been successfully updated from ACS.
OBJECT-TYPE    
  DateAndTime  

ctsEnvDataRefreshInterval 1.3.6.1.4.1.9.9.730.1.4.5
This object indicates the time interval for which Trusted Security Environment Data is valid. The Trusted Security Environment Data will be refreshed i.e. downloaded from the ACS after this time period has elapsed.
OBJECT-TYPE    
  Unsigned32  

ctsEnvDataTimeLeft 1.3.6.1.4.1.9.9.730.1.4.6
This object indicates the time left for the currently installed Trusted Security Environment Data to expire.
OBJECT-TYPE    
  Unsigned32  

ctsEnvDataTimeToRefresh 1.3.6.1.4.1.9.9.730.1.4.7
This object indicates the time interval after which Trusted Security Environment Data will be refreshed i.e. downloaded from the ACS due to Environment Data expiration or refresh failure.
OBJECT-TYPE    
  Unsigned32  

ctsEnvDataSource 1.3.6.1.4.1.9.9.730.1.4.8
This object indicates the source of current Environment Data installed on the system. 'none' - No Environment Data is currently installed. 'cached' - Environment Data is installed from non-volatile storage on the system. 'downloaded' - Environment Data is downloaded from the ACS.
OBJECT-TYPE    
  INTEGER none(1), cached(2), downloaded(3)  

ctsEnvDataAction 1.3.6.1.4.1.9.9.730.1.4.9
This object allows user to specify the action to be taken for all the Cisco Trusted Security Environment Data on this device. When read, this object always returns the value 'none'. 'none' - No operation. 'refresh' - Refresh all the Trusted Security Environment Data on the device.
OBJECT-TYPE    
  INTEGER none(1), refresh(2)  

ctsEnvSecurityGroupNameTable 1.3.6.1.4.1.9.9.730.1.4.16
A list of Security Group Names in Cisco Trusted Security environment.
OBJECT-TYPE    
  SEQUENCE OF  
    CtsEnvSecurityGroupNameEntry

ctsEnvSecurityGroupNameEntry 1.3.6.1.4.1.9.9.730.1.4.16.1
An entry listing the name assigned to each SGT in Cisco Trusted Security environment. Entries will be populated in this table when system downloads Security Group Name information as part of Trusted Security Environment Data.
OBJECT-TYPE    
  CtsEnvSecurityGroupNameEntry  

ctsEnvSecurityGroupNameSgt 1.3.6.1.4.1.9.9.730.1.4.16.1.1
This object identifies a SGT in Trusted Security environment.
OBJECT-TYPE    
  CtsSecurityGroupTag 1..65535  

ctsEnvSecurityGroupNameSgtGenId 1.3.6.1.4.1.9.9.730.1.4.16.1.2
This object indicates the Generation Identifier associated with this SGT.
OBJECT-TYPE    
  CtsGenerationId  

ctsEnvSecurityGroupNameSgtFlag 1.3.6.1.4.1.9.9.730.1.4.16.1.3
This object indicates the flag associated with this SGT. 'recognizedSgt' - indicates a recognized SGT when set to 1, else indicates a reserved SGT. 'unicastSgt' - indicates a unicast SGT when set to 1, else indicates a multicast SGT.
OBJECT-TYPE    
  BITS recognizedSgt(0), unicastSgt(1)  

ctsEnvSecurityGroupName 1.3.6.1.4.1.9.9.730.1.4.16.1.4
This object indicates the Security Group Name assigned to this SGT.
OBJECT-TYPE    
  SnmpAdminString  

ctsFileErrNotifReason 1.3.6.1.4.1.9.9.730.1.6.1
This object indicates the reason file error related notification was generated. 'openFailedForWrite' - System failed to open a file to write TrustSec information. 'writeFailed' - System failed to write TrustSec information to a file. 'openFailedForRead' - System failed to open a file to read TrustSec information. 'readFailed' - System failed to read TrustSec information from a file. 'badMagic' - A bad magic number was encountered for a TrustSec file. 'unexpectedEof' - A record of unexpected length is found in TrustSec file. 'badHeader' - Bad file header was encountered for a TrustSec file.
OBJECT-TYPE    
  INTEGER openFailedForWrite(1), writeFailed(2), openFailedForRead(3), readFailed(4), badMagic(5), unexpectedEof(6), badHeader(7)  

ctsSwKeystoreSyncFailNotifReason 1.3.6.1.4.1.9.9.730.1.6.2
This object indicates the reason ctsSwKeystoreSyncFailNotif notification was generated. 'ipcPortCreationFailed' - Keystore information could not be synced because the system failed to create port for Inter-Process communication between the active and the standby supervisors. 'ipcPortOpenFailed' - Keystore information could not be synced because the system failed to open port for Inter-Process communication between the active and the standby supervisors. 'ipcConnectionFailure' - Keystore information could not be synced because Inter-Process communication connection failed between the active and the standby supervisors. 'ipcSendFailure' - Keystore information could not be synced because Inter-Process Communication messages could not be sent to the standby supervisor. 'standbyIncompatible' - Keystore information could not be synced because the standby supervisor is not compatible with the active supervisor. 'syncProcessCreationFailed' - Keystore information could not be synced because the system failed to create the sync process.
OBJECT-TYPE    
  INTEGER ipcPortCreationFailed(1), ipcPortOpenFailed(2), ipcConnectionFailure(3), ipcSendFailure(4), standbyIncompatible(5), syncProcessCreationFailed(6)  

ctsNotifMessageString 1.3.6.1.4.1.9.9.730.1.6.3
The object indicates additional information for a TrustSec notification.
OBJECT-TYPE    
  SnmpAdminString  

ctsSwKeystoreFileErrNotifEnable 1.3.6.1.4.1.9.9.730.1.5.1
This object specifies if the system generates ctsSwKeystoreFileErrNotif. A value of 'false' will prevent ctsSwKeystoreFileErrNotif notifications from being generated by this system.
OBJECT-TYPE    
  TruthValue  

ctsSwKeystoreSyncFailNotifEnable 1.3.6.1.4.1.9.9.730.1.5.2
This object specifies if the system generates ctsSwKeystoreSyncFailNotif. A value of 'false' will prevent ctsSwKeystoreSyncFailNotif notifications from being generated by this system.
OBJECT-TYPE    
  TruthValue  

ctsAuthzCacheFileErrNotifEnable 1.3.6.1.4.1.9.9.730.1.5.3
This object specifies if the system generates ctsAuthzCacheFileErrNotif. A value of 'false' will prevent ctsAuthzCacheFileErrNotif notifications from being generated by this system.
OBJECT-TYPE    
  TruthValue  

ctsCacheFileAccessErrNotifEnable 1.3.6.1.4.1.9.9.730.1.5.4
This object specifies if the system generates ctsCacheFileAccessErrNotif. A value of 'false' will prevent ctsCacheFileAccessErrNotif notifications from being generated by this system.
OBJECT-TYPE    
  TruthValue  

ctsSrcEntropyFailNotifEnable 1.3.6.1.4.1.9.9.730.1.5.5
This object specifies if the system generates ctsSrcEntropyFailNotif. A value of 'false' will prevent ctsSrcEntropyFailNotif notifications from being generated by this system.
OBJECT-TYPE    
  TruthValue  

ctsSapRandomNumberFailNotifEnable 1.3.6.1.4.1.9.9.730.1.5.6
This object specifies if the system generates ctsSapRandomNumberFailNotif. A value of 'false' will prevent ctsSapRandomNumberFailNotif notifications from being generated by this system.
OBJECT-TYPE    
  TruthValue  

ctsCriticalAuthEnabled 1.3.6.1.4.1.9.9.730.1.7.1
This object specifies if the Critical-Auth functionality is enabled in the system. Setting the object to 'true' will enable Critical-Auth functionality in the system and 'false' will disable the Critical-Auth functionality. Before enable ctsCriticalAuthEnable ctsCriticalAuthPeerSgt need to be configured.
OBJECT-TYPE    
  TruthValue  

ctsCriticalAuthFallback 1.3.6.1.4.1.9.9.730.1.7.2
This object specifies the CTS Critical-Auth fallback policy. default - Critical-Auth fallback policy is default. cache - Critical-Auth fallback policy is cache.
OBJECT-TYPE    
  INTEGER default(1), cache(2)  

ctsCriticalAuthPeerSgt 1.3.6.1.4.1.9.9.730.1.7.3
This object specifies the CTS Critical-Auth SGT tag of the remote peer. ctsCriticalAuthPeerSgt cannot be set to zero when ctsCriticalAuthEnable is enable. ctsCriticalAuthPeerSgtTrust will be set to untrusted by default during set operation of ctsCriticalAuthPeerSgt. User need to explicitly override the ctsCriticalAuthPeerSgtTrust to trusted if required.
OBJECT-TYPE    
  CtsSecurityGroupTag  

ctsCriticalAuthPeerSgtTrust 1.3.6.1.4.1.9.9.730.1.7.4
This object specifies the CTS Critical-Auth peer's sgt trust state. This object can only be set when ctsCriticalAuthPeerSgt is non-zero.
OBJECT-TYPE    
  TruthValue  

ctsCriticalAuthDefaultPmk 1.3.6.1.4.1.9.9.730.1.7.5
This object specifies the CTS Critical-Auth default PMK used by SAP. The purpose of this object is to only allow configuration of Critical-Auth PMK. The ctsCriticalAuthViewDefaultPmk object is used to display the default Critical-Auth PMK.
OBJECT-TYPE    
  OCTET STRING Size(032)  

ctsCriticalAuthViewDefaultPmk 1.3.6.1.4.1.9.9.730.1.7.6
This object indicates the CTS Critical-Auth default PMK. The purpose of this object is to only display the configured Critical-Auth PMK. A zero length string for this objects indicates the SAP negotiation is disabled. The ctsCriticalAuthDefaultPmk object is used to configure the PMK.
OBJECT-TYPE    
  OCTET STRING Size(0..255)  

ctsSwKeystoreFileErrNotif 1.3.6.1.4.1.9.9.730.0.1
A ctsSwKeystoreFileErrNotif is generated when system encounters an error while performing operation on the software keystore file.
NOTIFICATION-TYPE    

ctsSwKeystoreSyncFailNotif 1.3.6.1.4.1.9.9.730.0.2
A ctsSwKeystoreSyncFailNotifReason is generated when system fails to sync software keystore information from the active supervisor to the standby supervisor.
NOTIFICATION-TYPE    

ctsAuthzCacheFileErrNotif 1.3.6.1.4.1.9.9.730.0.3
A ctsAuthzCacheFileErrNotif is generated when the system encounters error downloading TrustSec authorization related environment data to a cache file.
NOTIFICATION-TYPE    

ctsCacheFileAccessErrNotif 1.3.6.1.4.1.9.9.730.0.4
A ctsCacheFileAccessErrNotif is generated when the system fails to perform open/read/write operation for a TrustSec cache file.
NOTIFICATION-TYPE    

ctsSrcEntropyFailNotif 1.3.6.1.4.1.9.9.730.0.5
A ctsSrcEntropyFailNotif is generated when the periodic health tests for the CTR-DRBG (Counter- Deterministic Random Bit Generator) implementation fails due to issues with the source entropy.
NOTIFICATION-TYPE    

ctsSapRandomNumberFailNotif 1.3.6.1.4.1.9.9.730.0.6
A ctsSapRandomNumberFailNotif is generated when the the system fails to obtain a random number from CTR-DRBG block for SAP (Security Association Protocol) key-counter.
NOTIFICATION-TYPE    

ciscoTrustSecMIBCompliances 1.3.6.1.4.1.9.9.730.2.1
OBJECT IDENTIFIER    

ciscoTrustSecMIBGroups 1.3.6.1.4.1.9.9.730.2.2
OBJECT IDENTIFIER    

ciscoTrustSecMIBCompliance 1.3.6.1.4.1.9.9.730.2.1.1
The compliance statement for the CISCO-TRUSTSEC-MIB.
MODULE-COMPLIANCE    

ciscoTrustSecMIBCompliance2 1.3.6.1.4.1.9.9.730.2.1.2
The compliance statement for the CISCO-TRUSTSEC-MIB.
MODULE-COMPLIANCE    

ciscoTrustSecMIBCompliance3 1.3.6.1.4.1.9.9.730.2.1.3
The compliance statement for the CISCO-TRUSTSEC-MIB.
MODULE-COMPLIANCE    

ciscoTrustSecMIBCompliance4 1.3.6.1.4.1.9.9.730.2.1.4
The compliance statement for the CISCO-TRUSTSEC-MIB.
MODULE-COMPLIANCE    

ciscoTrustSecCacheGroup 1.3.6.1.4.1.9.9.730.2.2.1
A collection of objects that provides the cache configuration for TrustSec in the system.
OBJECT-GROUP    

ciscoTrustSecSgtGroup 1.3.6.1.4.1.9.9.730.2.2.2
A collection of objects to manage SGT for TrustSec.
OBJECT-GROUP    

ciscoTrustSecCredentialsGroup 1.3.6.1.4.1.9.9.730.2.2.3
A collection of objects to manage credentials parameters for TrustSec.
OBJECT-GROUP    

ciscoTrustSecHwKeystoreInfoGroup 1.3.6.1.4.1.9.9.730.2.2.4
A collection of objects to manage hardware keystore for TrustSec.
OBJECT-GROUP    

ciscoTrustSecEnvDataGroup 1.3.6.1.4.1.9.9.730.2.2.5
A collection of objects to manage Environment Data for TrustSec.
OBJECT-GROUP    

ciscoTrustSecSgtAssignmentGroup 1.3.6.1.4.1.9.9.730.2.2.6
A collection of objects to manage assignment of TrustSec SGT.
OBJECT-GROUP    

ciscoTrustSecEnvSecGroupNameGroup 1.3.6.1.4.1.9.9.730.2.2.7
A collection of object(s) to manage Security Group Name information for TrustSec.
OBJECT-GROUP    

ciscoTrustSecSwKeystoreNotifsInfoGroup 1.3.6.1.4.1.9.9.730.2.2.8
A collection of object(s) to provide information regarding software keystore notifications for TrustSec.
OBJECT-GROUP    

ciscoTrustSecSwKeystoreNotifsControlGroup 1.3.6.1.4.1.9.9.730.2.2.9
A collection of object(s) to control software keystore notifications for TrustSec.
OBJECT-GROUP    

ciscoTrustSecSwKeystoreNotifsGroup 1.3.6.1.4.1.9.9.730.2.2.10
A collection of software keystore related notifications for TrustSec.
NOTIFICATION-GROUP    

ciscoTrustSecFileErrNotifsInfoGroup 1.3.6.1.4.1.9.9.730.2.2.11
A collection of object(s) to provide information regarding file error related notifications for TrustSec.
OBJECT-GROUP    

ciscoTrustSecNotifsMessageStringInfoGroup 1.3.6.1.4.1.9.9.730.2.2.12
A collection of object(s) to provide information regarding TrustSec notification.
OBJECT-GROUP    

ciscoTrustSecCacheFileNotifsControlGroup 1.3.6.1.4.1.9.9.730.2.2.13
A collection of object(s) to control cache file related notifications for TrustSec.
OBJECT-GROUP    

ciscoTrustSecCacheFileNotifsGroup 1.3.6.1.4.1.9.9.730.2.2.14
A collection of TrustSec cache file related notifications.
NOTIFICATION-GROUP    

ciscoTrustSecCtrDrbgNotifsControlGroup 1.3.6.1.4.1.9.9.730.2.2.15
A collection of object(s) to control CTR-DRBG related notifications for TrustSec.
OBJECT-GROUP    

ciscoTrustSecCtrDrbgNotifsGroup 1.3.6.1.4.1.9.9.730.2.2.16
A collection of CTR-DRBG related notifications for TrustSec.
NOTIFICATION-GROUP    

ciscoTrustSecCrtclAuthGroup 1.3.6.1.4.1.9.9.730.2.2.17
A collection of CTS Critical Auth Config objects
OBJECT-GROUP