CISCO-TRUSTSEC-POLICY-MIB

File: CISCO-TRUSTSEC-POLICY-MIB.mib (97395 bytes)

Imported modules

SNMPv2-SMI SNMPv2-CONF SNMPv2-TC
IF-MIB CISCO-TRUSTSEC-TC-MIB INET-ADDRESS-MIB
SNMP-FRAMEWORK-MIB Q-BRIDGE-MIB CISCO-TC
CISCO-SMI

Imported symbols

MODULE-IDENTITY OBJECT-TYPE NOTIFICATION-TYPE
Unsigned32 Counter64 MODULE-COMPLIANCE
OBJECT-GROUP NOTIFICATION-GROUP TruthValue
DateAndTime StorageType RowStatus
ifIndex CtsSecurityGroupTag CtsGenerationId
CtsAclName CtsAclList CtsAclListOrEmpty
CtsAclNameOrEmpty CtsSgaclMonitorMode InetAddressType
InetAddress InetAddressPrefixLength SnmpAdminString
VlanIndex CiscoVrfName Cisco2KVlanList
ciscoMgmt

Defined Types

CtspVlanConfigEntry  
SEQUENCE    
  ctspVlanConfigIndex VlanIndex
  ctspVlanConfigSgaclEnforcement TruthValue
  ctspVlanSviActive TruthValue
  ctspVlanConfigVrfName CiscoVrfName
  ctspVlanConfigStorageType StorageType
  ctspVlanConfigRowStatus RowStatus

CtspConfigSgaclMappingEntry  
SEQUENCE    
  ctspConfigSgaclMappingIpTrafficType INTEGER
  ctspConfigSgaclMappingDestSgt CtsSecurityGroupTag
  ctspConfigSgaclMappingSourceSgt CtsSecurityGroupTag
  ctspConfigSgaclMappingSgaclName CtsAclList
  ctspConfigSgaclMappingStorageType StorageType
  ctspConfigSgaclMappingRowStatus RowStatus
  ctspConfigSgaclMonitor CtsSgaclMonitorMode

CtspDownloadedSgaclMappingEntry  
SEQUENCE    
  ctspDownloadedSgaclDestSgt CtsSecurityGroupTag
  ctspDownloadedSgaclSourceSgt CtsSecurityGroupTag
  ctspDownloadedSgaclIndex Unsigned32
  ctspDownloadedSgaclName CtsAclName
  ctspDownloadedSgaclGenId CtsGenerationId
  ctspDownloadedIpTrafficType BITS
  ctspDownloadedSgaclMonitor CtsSgaclMonitorMode

CtspDefDownloadedSgaclMappingEntry  
SEQUENCE    
  ctspDefDownloadedSgaclIndex Unsigned32
  ctspDefDownloadedSgaclName CtsAclName
  ctspDefDownloadedSgaclGenId CtsGenerationId
  ctspDefDownloadedIpTrafficType BITS
  ctspDefDownloadedSgaclMonitor CtsSgaclMonitorMode

CtspOperSgaclMappingEntry  
SEQUENCE    
  ctspOperIpTrafficType INTEGER
  ctspOperSgaclDestSgt CtsSecurityGroupTag
  ctspOperSgaclSourceSgt CtsSecurityGroupTag
  ctspOperSgaclIndex Unsigned32
  ctspOperationalSgaclName CtsAclName
  ctspOperationalSgaclGenId CtsGenerationId
  ctspOperSgaclMappingSource INTEGER
  ctspOperSgaclConfigSource INTEGER
  ctspOperSgaclMonitor CtsSgaclMonitorMode

CtspDefOperSgaclMappingEntry  
SEQUENCE    
  ctspDefOperIpTrafficType INTEGER
  ctspDefOperSgaclIndex Unsigned32
  ctspDefOperationalSgaclName CtsAclName
  ctspDefOperationalSgaclGenId CtsGenerationId
  ctspDefOperSgaclMappingSource INTEGER
  ctspDefOperSgaclConfigSource INTEGER
  ctspDefOperSgaclMonitor CtsSgaclMonitorMode

CtspSgtStatsEntry  
SEQUENCE    
  ctspStatsIpTrafficType INTEGER
  ctspStatsDestSgt CtsSecurityGroupTag
  ctspStatsSourceSgt CtsSecurityGroupTag
  ctspStatsIpSwDropPkts Counter64
  ctspStatsIpHwDropPkts Counter64
  ctspStatsIpSwPermitPkts Counter64
  ctspStatsIpHwPermitPkts Counter64
  ctspStatsIpSwMonitorPkts Counter64
  ctspStatsIpHwMonitorPkts Counter64

CtspDefStatsEntry  
SEQUENCE    
  ctspDefIpTrafficType INTEGER
  ctspDefIpSwDropPkts Counter64
  ctspDefIpHwDropPkts Counter64
  ctspDefIpSwPermitPkts Counter64
  ctspDefIpHwPermitPkts Counter64
  ctspDefIpSwMonitorPkts Counter64
  ctspDefIpHwMonitorPkts Counter64

CtspPeerPolicyEntry  
SEQUENCE    
  ctspPeerName SnmpAdminString
  ctspPeerSgt CtsSecurityGroupTag
  ctspPeerSgtGenId CtsGenerationId
  ctspPeerTrustState INTEGER
  ctspPeerPolicyLifeTime Unsigned32
  ctspPeerPolicyLastUpdate DateAndTime
  ctspPeerPolicyAction INTEGER

CtspLayer3PolicyEntry  
SEQUENCE    
  ctspLayer3PolicyIpTrafficType INTEGER
  ctspLayer3PolicyType INTEGER
  ctspLayer3PolicyLocalConfig CtsAclNameOrEmpty
  ctspLayer3PolicyDownloaded CtsAclNameOrEmpty
  ctspLayer3PolicyOperational CtsAclNameOrEmpty

CtspIfL3PolicyConfigEntry  
SEQUENCE    
  ctspIfL3Ipv4PolicyEnabled TruthValue
  ctspIfL3Ipv6PolicyEnabled TruthValue

CtspIpSgtMappingEntry  
SEQUENCE    
  ctspIpSgtVrfName CiscoVrfName
  ctspIpSgtAddressType InetAddressType
  ctspIpSgtIpAddress InetAddress
  ctspIpSgtAddressLength InetAddressPrefixLength
  ctspIpSgtValue CtsSecurityGroupTag
  ctspIpSgtSource INTEGER
  ctspIpSgtStorageType StorageType
  ctspIpSgtRowStatus RowStatus

CtspDownloadedSgtPolicyEntry  
SEQUENCE    
  ctspDownloadedSgtPolicySgt CtsSecurityGroupTag
  ctspDownloadedSgtPolicySgtGenId CtsGenerationId
  ctspDownloadedSgtPolicyLifeTime Unsigned32
  ctspDownloadedSgtPolicyLastUpdate DateAndTime
  ctspDownloadedSgtPolicyAction INTEGER

CtspDownloadedDefSgtPolicyEntry  
SEQUENCE    
  ctspDownloadedDefSgtPolicyType INTEGER
  ctspDownloadedDefSgtPolicySgtGenId CtsGenerationId
  ctspDownloadedDefSgtPolicyLifeTime Unsigned32
  ctspDownloadedDefSgtPolicyLastUpdate DateAndTime
  ctspDownloadedDefSgtPolicyAction INTEGER

CtspIfSgtMappingEntry  
SEQUENCE    
  ctspIfSgtValue CtsSecurityGroupTag
  ctspIfSgName SnmpAdminString
  ctspIfSgtStorageType StorageType
  ctspIfSgtRowStatus RowStatus

CtspIfSgtMappingInfoEntry  
SEQUENCE    
  ctspL3IPMStatus INTEGER

CtspVlanSgtMappingEntry  
SEQUENCE    
  ctspVlanSgtMappingIndex VlanIndex
  ctspVlanSgtMapValue CtsSecurityGroupTag
  ctspVlanSgtStorageType StorageType
  ctspVlanSgtRowStatus RowStatus

Defined Values

ciscoTrustSecPolicyMIB 1.3.6.1.4.1.9.9.713
This MIB module defines managed objects that facilitate the management of various policies within the Cisco Trusted Security (TrustSec) infrastructure. The information available through this MIB includes: o Device and interface level configuration for enabling SGACL (Security Group Access Control List) enforcement on Layer2/3 traffic. o Administrative and operational SGACL mapping to Security Group Tag (SGT). o Various statistics counters for traffic subject to SGACL enforcement. o TrustSec policies with respect to peer device. o Interface level configuration for enabling the propagation of SGT along with the Layer 3 traffic in portions of network which does not have the capability to support TrustSec feature. o TrustSec policies with respect to SGT propagation with Layer 3 traffic. The following terms are used throughout this MIB: VRF: Virtual Routing and Forwarding. SGACL: Security Group Access Control List. ACE: Access Control Entries. SXP: SGT Propagation Protocol. SVI: Switch Virtual Interface. IPM: Identity Port Mapping. SGT (Security Group Tag) is a unique 16 bits value assigned to every security group and used by network devices to enforce SGACL. Peer is another device connected to the local device on the other side of a TrustSec link. Default Policy: Policy applied to traffic when there is no explicit policy between the SGT associated with the originator of the traffic and the SGT associated with the destination of the traffic.
MODULE-IDENTITY    

ciscoTrustSecPolicyMIBNotifs 1.3.6.1.4.1.9.9.713.0
OBJECT IDENTIFIER    

ciscoTrustSecPolicyMIBObjects 1.3.6.1.4.1.9.9.713.1
OBJECT IDENTIFIER    

ciscoTrustSecPolicyMIBConformance 1.3.6.1.4.1.9.9.713.2
OBJECT IDENTIFIER    

ctspSgacl 1.3.6.1.4.1.9.9.713.1.1
OBJECT IDENTIFIER    

ctspPeerPolicy 1.3.6.1.4.1.9.9.713.1.2
OBJECT IDENTIFIER    

ctspLayer3Transport 1.3.6.1.4.1.9.9.713.1.3
OBJECT IDENTIFIER    

ctspIpSgtMappings 1.3.6.1.4.1.9.9.713.1.4
OBJECT IDENTIFIER    

ctspSgtPolicy 1.3.6.1.4.1.9.9.713.1.5
OBJECT IDENTIFIER    

ctspIfSgtMappings 1.3.6.1.4.1.9.9.713.1.6
OBJECT IDENTIFIER    

ctspVlanSgtMappings 1.3.6.1.4.1.9.9.713.1.7
OBJECT IDENTIFIER    

ctspSgtCaching 1.3.6.1.4.1.9.9.713.1.8
OBJECT IDENTIFIER    

ctspNotifsControl 1.3.6.1.4.1.9.9.713.1.9
OBJECT IDENTIFIER    

ctspNotifsOnlyInfo 1.3.6.1.4.1.9.9.713.1.10
OBJECT IDENTIFIER    

ctspSgaclGlobals 1.3.6.1.4.1.9.9.713.1.1.1
OBJECT IDENTIFIER    

ctspSgaclMappings 1.3.6.1.4.1.9.9.713.1.1.2
OBJECT IDENTIFIER    

ctspSgaclStatistics 1.3.6.1.4.1.9.9.713.1.1.3
OBJECT IDENTIFIER    

ctspSgaclEnforcementEnable 1.3.6.1.4.1.9.9.713.1.1.1.1
This object specifies whether SGACL enforcement for all Layer 3 interfaces (excluding SVIs) is enabled at the managed system. 'none' indicates that SGACL enforcement for all Layer 3 interfaces (excluding SVIs) is disabled. 'l3Only' indicates that SGACL enforcement is enabled on every TrustSec capable Layer3 interface (excluding SVIs) in the device.
OBJECT-TYPE    
  INTEGER none(1), l3Only(2)  

ctspSgaclIpv4DropNetflowMonitor 1.3.6.1.4.1.9.9.713.1.1.1.2
This object specifies an existing flexible netflow monitor name used to collect and export the IPv4 traffic dropped packets statistics due to SGACL enforcement. The zero-length string indicates that no such netflow monitor is configured in the device.
OBJECT-TYPE    
  SnmpAdminString  

ctspSgaclIpv6DropNetflowMonitor 1.3.6.1.4.1.9.9.713.1.1.1.3
This object specifies an existing flexible netflow monitor name used to collect and export the IPv6 traffic dropped packets statistics due to SGACL enforcement. The zero-length string indicates that no such netflow monitor is configured in the device.
OBJECT-TYPE    
  SnmpAdminString  

ctspVlanConfigTable 1.3.6.1.4.1.9.9.713.1.1.1.4
This table lists the SGACL enforcement for Layer 2 and Layer 3 switched packet in a VLAN as well as VRF information for VLANs in the device.
OBJECT-TYPE    
  SEQUENCE OF  
    CtspVlanConfigEntry

ctspVlanConfigEntry 1.3.6.1.4.1.9.9.713.1.1.1.4.1
Each row contains the SGACL enforcement information for Layer 2 and Layer 3 switched packets in a VLAN identified by its VlanIndex value. Entry in this table is populated for VLANs which contains SGACL enforcement or VRF configuration.
OBJECT-TYPE    
  CtspVlanConfigEntry  

ctspVlanConfigIndex 1.3.6.1.4.1.9.9.713.1.1.1.4.1.1
This object indicates the VLAN-ID of this VLAN.
OBJECT-TYPE    
  VlanIndex  

ctspVlanConfigSgaclEnforcement 1.3.6.1.4.1.9.9.713.1.1.1.4.1.2
This object specifies the configured SGACL enforcement status for this VLAN i.e., 'true' = enabled and 'false' = disabled.
OBJECT-TYPE    
  TruthValue  

ctspVlanSviActive 1.3.6.1.4.1.9.9.713.1.1.1.4.1.3
This object indicates if there is an active SVI associated with this VLAN. 'true' indicates that there is an active SVI associated with this VLAN. and SGACL is enforced for both Layer 2 and Layer 3 switched packets within that VLAN. 'false' indicates that there is no active SVI associated with this VLAN, and SGACL is only enforced for Layer 2 switched packets within that VLAN.
OBJECT-TYPE    
  TruthValue  

ctspVlanConfigVrfName 1.3.6.1.4.1.9.9.713.1.1.1.4.1.4
This object specifies an existing VRF where this VLAN belongs to. The zero length value indicates this VLAN belongs to the default VRF.
OBJECT-TYPE    
  CiscoVrfName  

ctspVlanConfigStorageType 1.3.6.1.4.1.9.9.713.1.1.1.4.1.5
The objects specifies the storage type for this conceptual row.
OBJECT-TYPE    
  StorageType  

ctspVlanConfigRowStatus 1.3.6.1.4.1.9.9.713.1.1.1.4.1.6
The status of this conceptual row entry. This object is used to manage creation and deletion of rows in this table. When this object value is 'active', other writable objects in the same row cannot be modified.
OBJECT-TYPE    
  RowStatus  

ctspConfigSgaclMappingTable 1.3.6.1.4.1.9.9.713.1.1.2.1
This table contains the SGACLs information which is applied to unicast IP traffic which carries a source SGT and travels to a destination SGT.
OBJECT-TYPE    
  SEQUENCE OF  
    CtspConfigSgaclMappingEntry

ctspConfigSgaclMappingEntry 1.3.6.1.4.1.9.9.713.1.1.2.1.1
Each row contains the SGACL mapping to source and destination SGT for a certain traffic type as well as status of this instance. A row instance can be created or removed by setting the appropriate value of its RowStatus object.
OBJECT-TYPE    
  CtspConfigSgaclMappingEntry  

ctspConfigSgaclMappingIpTrafficType 1.3.6.1.4.1.9.9.713.1.1.2.1.1.1
This object indicates the type of the unicast IP traffic carrying the source SGT and travelling to destination SGT and subjected to SGACL enforcement.
OBJECT-TYPE    
  INTEGER ipv4(1), ipv6(2)  

ctspConfigSgaclMappingDestSgt 1.3.6.1.4.1.9.9.713.1.1.2.1.1.2
This object indicates the destination SGT value. Value of zero indicates that the destination SGT is unknown.
OBJECT-TYPE    
  CtsSecurityGroupTag  

ctspConfigSgaclMappingSourceSgt 1.3.6.1.4.1.9.9.713.1.1.2.1.1.3
This object indicates the source SGT value. Value of zero indicates that the source SGT is unknown.
OBJECT-TYPE    
  CtsSecurityGroupTag  

ctspConfigSgaclMappingSgaclName 1.3.6.1.4.1.9.9.713.1.1.2.1.1.4
This object specifies the list of existing SGACLs which is administratively configured to apply to unicast IP traffic carrying the source SGT to the destination SGT.
OBJECT-TYPE    
  CtsAclList  

ctspConfigSgaclMappingStorageType 1.3.6.1.4.1.9.9.713.1.1.2.1.1.5
The storage type for this conceptual row.
OBJECT-TYPE    
  StorageType  

ctspConfigSgaclMappingRowStatus 1.3.6.1.4.1.9.9.713.1.1.2.1.1.6
This object is used to manage the creation and deletion of rows in this table. ctspConfigSgaclName may be modified at any time.
OBJECT-TYPE    
  RowStatus  

ctspConfigSgaclMonitor 1.3.6.1.4.1.9.9.713.1.1.2.1.1.7
This object specifies whether SGACL monitor mode is turned on for the configured SGACL enforced traffic.
OBJECT-TYPE    
  CtsSgaclMonitorMode  

ctspDefConfigIpv4Sgacls 1.3.6.1.4.1.9.9.713.1.1.2.2
This object specifies the SGACLs of the unicast default policy for IPv4 traffic. If there is no SGACL configured for unicast default policy for IPv4 traffic, the value of this object is the zero-length string.
OBJECT-TYPE    
  CtsAclListOrEmpty  

ctspDefConfigIpv6Sgacls 1.3.6.1.4.1.9.9.713.1.1.2.3
This object specifies the SGACLs of the unicast default policy for IPv6 traffic. If there is no SGACL configured for unicast default policy for IPv6 traffic, the value of this object is the zero-length string.
OBJECT-TYPE    
  CtsAclListOrEmpty  

ctspDownloadedSgaclMappingTable 1.3.6.1.4.1.9.9.713.1.1.2.4
This table contains the downloaded SGACLs information applied to unicast IP traffic which carries a source SGT and travels to a destination SGT.
OBJECT-TYPE    
  SEQUENCE OF  
    CtspDownloadedSgaclMappingEntry

ctspDownloadedSgaclMappingEntry 1.3.6.1.4.1.9.9.713.1.1.2.4.1
Each row contains the downloaded SGACLs mapping. A row instance is added for each pair of which contains SGACL that is dynamically downloaded from ACS server.
OBJECT-TYPE    
  CtspDownloadedSgaclMappingEntry  

ctspDownloadedSgaclDestSgt 1.3.6.1.4.1.9.9.713.1.1.2.4.1.1
This object indicates the destination SGT value. Value of zero indicates that the destination SGT is unknown.
OBJECT-TYPE    
  CtsSecurityGroupTag  

ctspDownloadedSgaclSourceSgt 1.3.6.1.4.1.9.9.713.1.1.2.4.1.2
This object indicates the source SGT value. Value of zero indicates that the source SGT is unknown.
OBJECT-TYPE    
  CtsSecurityGroupTag  

ctspDownloadedSgaclIndex 1.3.6.1.4.1.9.9.713.1.1.2.4.1.3
This object identifies the downloaded SGACL which is applied to unicast IP traffic carrying the source SGT to the destination SGT.
OBJECT-TYPE    
  Unsigned32 1..65535  

ctspDownloadedSgaclName 1.3.6.1.4.1.9.9.713.1.1.2.4.1.4
This object indicates the name of downloaded SGACL which is applied to unicast IP traffic carrying the source SGT to the destination SGT.
OBJECT-TYPE    
  CtsAclName  

ctspDownloadedSgaclGenId 1.3.6.1.4.1.9.9.713.1.1.2.4.1.5
This object indicates the generation identification of downloaded SGACL which is applied to unicast IP traffic carrying the source SGT to the destination SGT.
OBJECT-TYPE    
  CtsGenerationId  

ctspDownloadedIpTrafficType 1.3.6.1.4.1.9.9.713.1.1.2.4.1.6
This object indicates the type of the unicast IP traffic carrying the source SGT and travelling to destination SGT and subjected to SGACL enforcement by this downloaded default policy.
OBJECT-TYPE    
  BITS ipv4(0), ipv6(1)  

ctspDownloadedSgaclMonitor 1.3.6.1.4.1.9.9.713.1.1.2.4.1.7
This object indicates whether SGACL monitor mode is turned on for the downloaded SGACL enforced traffic.
OBJECT-TYPE    
  CtsSgaclMonitorMode  

ctspDefDownloadedSgaclMappingTable 1.3.6.1.4.1.9.9.713.1.1.2.5
This table contains the downloaded SGACLs information of the default policy applied to unicast IP traffic.
OBJECT-TYPE    
  SEQUENCE OF  
    CtspDefDownloadedSgaclMappingEntry

ctspDefDownloadedSgaclMappingEntry 1.3.6.1.4.1.9.9.713.1.1.2.5.1
Each row contains the downloaded SGACLs mapping. A row instance contains the SGACL information of the default policy dynamically downloaded from ACS server for unicast IP traffic.
OBJECT-TYPE    
  CtspDefDownloadedSgaclMappingEntry  

ctspDefDownloadedSgaclIndex 1.3.6.1.4.1.9.9.713.1.1.2.5.1.1
This object identifies the SGACL of downloaded default policy applied to unicast IP traffic.
OBJECT-TYPE    
  Unsigned32 1..65535  

ctspDefDownloadedSgaclName 1.3.6.1.4.1.9.9.713.1.1.2.5.1.2
This object indicates the name of the SGACL of downloaded default policy applied to unicast IP traffic.
OBJECT-TYPE    
  CtsAclName  

ctspDefDownloadedSgaclGenId 1.3.6.1.4.1.9.9.713.1.1.2.5.1.3
This object indicates the generation identification of the SGACL of downloaded default policy applied to unicast IP traffic.
OBJECT-TYPE    
  CtsGenerationId  

ctspDefDownloadedIpTrafficType 1.3.6.1.4.1.9.9.713.1.1.2.5.1.4
This object indicates the type of the IP traffic subjected to SGACL enforcement by this downloaded default policy.
OBJECT-TYPE    
  BITS ipv4(0), ipv6(1)  

ctspDefDownloadedSgaclMonitor 1.3.6.1.4.1.9.9.713.1.1.2.5.1.5
This object indicates whether SGACL monitor mode is turned on for the default downloaded SGACL enforced traffic.
OBJECT-TYPE    
  CtsSgaclMonitorMode  

ctspOperSgaclMappingTable 1.3.6.1.4.1.9.9.713.1.1.2.6
This table contains the operational SGACLs information applied to unicast IP traffic which carries a source SGT and travels to a destination SGT.
OBJECT-TYPE    
  SEQUENCE OF  
    CtspOperSgaclMappingEntry

ctspOperSgaclMappingEntry 1.3.6.1.4.1.9.9.713.1.1.2.6.1
Each row contains the operational SGACLs mapping. A row instance is added for each pair of which contains the SGACL that either statically configured at the device or dynamically downloaded from ACS server.
OBJECT-TYPE    
  CtspOperSgaclMappingEntry  

ctspOperIpTrafficType 1.3.6.1.4.1.9.9.713.1.1.2.6.1.1
This object indicates the type of the unicast IP traffic carrying the source SGT and travelling to destination SGT and subjected to SGACL enforcement.
OBJECT-TYPE    
  INTEGER ipv4(1), ipv6(2)  

ctspOperSgaclDestSgt 1.3.6.1.4.1.9.9.713.1.1.2.6.1.2
This object indicates the destination SGT value. Value of zero indicates that the destination SGT is unknown.
OBJECT-TYPE    
  CtsSecurityGroupTag  

ctspOperSgaclSourceSgt 1.3.6.1.4.1.9.9.713.1.1.2.6.1.3
This object indicates the source SGT value. Value of zero indicates that the source SGT is unknown.
OBJECT-TYPE    
  CtsSecurityGroupTag  

ctspOperSgaclIndex 1.3.6.1.4.1.9.9.713.1.1.2.6.1.4
This object identifies the SGACL operationally applied to unicast IP traffic carrying the source SGT to the destination SGT.
OBJECT-TYPE    
  Unsigned32 1..65535  

ctspOperationalSgaclName 1.3.6.1.4.1.9.9.713.1.1.2.6.1.5
This object indicates the name of the SGACL operationally applied to unicast IP traffic carrying the source SGT to the destination SGT.
OBJECT-TYPE    
  CtsAclName  

ctspOperationalSgaclGenId 1.3.6.1.4.1.9.9.713.1.1.2.6.1.6
This object indicates the generation identification of the SGACL operationally applied to unicast IP traffic carrying the source SGT to the destination SGT.
OBJECT-TYPE    
  CtsGenerationId  

ctspOperSgaclMappingSource 1.3.6.1.4.1.9.9.713.1.1.2.6.1.7
This object indicates the source of SGACL mapping for the SGACL operationally applied to unicast IP traffic carrying the source SGT to the destination SGT. 'downloaded' indicates that the mapping is downloaded from ACS server. 'configured' indicates that the mapping is locally configured in the device.
OBJECT-TYPE    
  INTEGER configured(1), downloaded(2)  

ctspOperSgaclConfigSource 1.3.6.1.4.1.9.9.713.1.1.2.6.1.8
This object indicates the source of SGACL creation for this SGACL. 'configured' indicates that the SGACL is locally configured in the local device. 'downloaded' indicates that the SGACL is created at ACS server and downloaded to the local device.
OBJECT-TYPE    
  INTEGER configured(1), downloaded(2)  

ctspOperSgaclMonitor 1.3.6.1.4.1.9.9.713.1.1.2.6.1.9
This object indicates whether SGACL monitor mode is turned on for the SGACL enforced traffic.
OBJECT-TYPE    
  CtsSgaclMonitorMode  

ctspDefOperSgaclMappingTable 1.3.6.1.4.1.9.9.713.1.1.2.7
This table contains the operational SGACLs information of the default policy applied to unicast IP traffic.
OBJECT-TYPE    
  SEQUENCE OF  
    CtspDefOperSgaclMappingEntry

ctspDefOperSgaclMappingEntry 1.3.6.1.4.1.9.9.713.1.1.2.7.1
A row instance contains the SGACL information of the default policy which is either statically configured at the device or dynamically downloaded from ACS server for unicast IP traffic.
OBJECT-TYPE    
  CtspDefOperSgaclMappingEntry  

ctspDefOperIpTrafficType 1.3.6.1.4.1.9.9.713.1.1.2.7.1.1
This object indicates the type of the unicast IP traffic subjected to default policy enforcement.
OBJECT-TYPE    
  INTEGER ipv4(1), ipv6(2)  

ctspDefOperSgaclIndex 1.3.6.1.4.1.9.9.713.1.1.2.7.1.2
This object identifies the SGACL of default policy operationally applied to unicast IP traffic.
OBJECT-TYPE    
  Unsigned32 1..65535  

ctspDefOperationalSgaclName 1.3.6.1.4.1.9.9.713.1.1.2.7.1.3
This object indicates the name of the SGACL of default policy operationally applied to unicast IP traffic.
OBJECT-TYPE    
  CtsAclName  

ctspDefOperationalSgaclGenId 1.3.6.1.4.1.9.9.713.1.1.2.7.1.4
This object indicates the generation identification of the SGACL of default policy operationally applied to unicast IP traffic.
OBJECT-TYPE    
  CtsGenerationId  

ctspDefOperSgaclMappingSource 1.3.6.1.4.1.9.9.713.1.1.2.7.1.5
This object indicates the source of SGACL mapping for the SGACL of default policy operationally applied to unicast IP traffic. 'downloaded' indicates that the mapping is downloaded from ACS server. 'configured' indicates that the mapping is locally configured in the device.
OBJECT-TYPE    
  INTEGER configured(1), downloaded(2)  

ctspDefOperSgaclConfigSource 1.3.6.1.4.1.9.9.713.1.1.2.7.1.6
This object indicates the source of SGACL creation for the SGACL of default policy operationally applied to unicast IP traffic. 'downloaded' indicates that the SGACL is created at ACS server and downloaded to the local device. 'configured' indicates that the SGACL is locally configured in the local device.
OBJECT-TYPE    
  INTEGER configured(1), downloaded(2)  

ctspDefOperSgaclMonitor 1.3.6.1.4.1.9.9.713.1.1.2.7.1.7
This object indicates whether SGACL monitor mode is turned on for the SGACL of default policy enforced traffic.
OBJECT-TYPE    
  CtsSgaclMonitorMode  

ctspDefConfigIpv4SgaclsMonitor 1.3.6.1.4.1.9.9.713.1.1.2.8
This object specifies whether SGACL monitor mode is turned on for the default configured SGACL enforced Ipv4 traffic.
OBJECT-TYPE    
  CtsSgaclMonitorMode  

ctspDefConfigIpv6SgaclsMonitor 1.3.6.1.4.1.9.9.713.1.1.2.9
This object specifies whether SGACL monitor mode is turned on for the default configured SGACL enforced Ipv6 traffic.
OBJECT-TYPE    
  CtsSgaclMonitorMode  

ctspSgaclMonitorEnable 1.3.6.1.4.1.9.9.713.1.1.2.10
This object specifies whether SGACL monitor mode is turned on for the entire system. It has precedence than the per SGACL ctspConfigSgaclMonitor control. It could act as safety mechanism to turn off monitor in case the monitor feature impact system performance.
OBJECT-TYPE    
  CtsSgaclMonitorMode  

ctspSgtStatsTable 1.3.6.1.4.1.9.9.713.1.1.3.1
This table describes SGACL statistics counters per a pair of that is capable of providing this information.
OBJECT-TYPE    
  SEQUENCE OF  
    CtspSgtStatsEntry

ctspSgtStatsEntry 1.3.6.1.4.1.9.9.713.1.1.3.1.1
Each row contains the SGACL statistics related to IPv4 or IPv6 packets carrying the source SGT travelling to the destination SGT and subjected to SGACL enforcement.
OBJECT-TYPE    
  CtspSgtStatsEntry  

ctspStatsIpTrafficType 1.3.6.1.4.1.9.9.713.1.1.3.1.1.1
This object indicates the type of the unicast IP traffic carrying the source SGT and travelling to destination SGT and subjected to SGACL enforcement.
OBJECT-TYPE    
  INTEGER ipv4(1), ipv6(2)  

ctspStatsDestSgt 1.3.6.1.4.1.9.9.713.1.1.3.1.1.2
This object indicates the destination SGT value. Value of zero indicates that the destination SGT is unknown.
OBJECT-TYPE    
  CtsSecurityGroupTag  

ctspStatsSourceSgt 1.3.6.1.4.1.9.9.713.1.1.3.1.1.3
This object indicates the source SGT value. Value of zero indicates that the source SGT is unknown.
OBJECT-TYPE    
  CtsSecurityGroupTag  

ctspStatsIpSwDropPkts 1.3.6.1.4.1.9.9.713.1.1.3.1.1.4
This object indicates the number of software-forwarded IP packets which are dropped by SGACL.
OBJECT-TYPE    
  Counter64  

ctspStatsIpHwDropPkts 1.3.6.1.4.1.9.9.713.1.1.3.1.1.5
This object indicates the number of hardware-forwarded IP packets which are dropped by SGACL.
OBJECT-TYPE    
  Counter64  

ctspStatsIpSwPermitPkts 1.3.6.1.4.1.9.9.713.1.1.3.1.1.6
This object indicates the number of software-forwarded IP packets which are permitted by SGACL.
OBJECT-TYPE    
  Counter64  

ctspStatsIpHwPermitPkts 1.3.6.1.4.1.9.9.713.1.1.3.1.1.7
This object indicates the number of hardware-forwarded IP packets which are permitted by SGACL.
OBJECT-TYPE    
  Counter64  

ctspStatsIpSwMonitorPkts 1.3.6.1.4.1.9.9.713.1.1.3.1.1.8
This object indicates the number of software-forwarded IP packets which are SGACL enforced & monitored.
OBJECT-TYPE    
  Counter64  

ctspStatsIpHwMonitorPkts 1.3.6.1.4.1.9.9.713.1.1.3.1.1.9
This object indicates the number of hardware-forwarded IP packets which are SGACL enforced & monitored.
OBJECT-TYPE    
  Counter64  

ctspDefStatsTable 1.3.6.1.4.1.9.9.713.1.1.3.2
This table describes statistics counters for unicast IP traffic subjected to default unicast policy.
OBJECT-TYPE    
  SEQUENCE OF  
    CtspDefStatsEntry

ctspDefStatsEntry 1.3.6.1.4.1.9.9.713.1.1.3.2.1
Each row contains the statistics counter for each IP traffic type.
OBJECT-TYPE    
  CtspDefStatsEntry  

ctspDefIpTrafficType 1.3.6.1.4.1.9.9.713.1.1.3.2.1.1
This object indicates the type of the IP traffic subjected to default unicast policy enforcement.
OBJECT-TYPE    
  INTEGER ipv4(1), ipv6(2)  

ctspDefIpSwDropPkts 1.3.6.1.4.1.9.9.713.1.1.3.2.1.2
This object indicates the number of software-forwarded IP packets which are dropped by default unicast policy.
OBJECT-TYPE    
  Counter64  

ctspDefIpHwDropPkts 1.3.6.1.4.1.9.9.713.1.1.3.2.1.3
This object indicates the number of hardware-forwarded IP packets which are dropped by default unicast policy.
OBJECT-TYPE    
  Counter64  

ctspDefIpSwPermitPkts 1.3.6.1.4.1.9.9.713.1.1.3.2.1.4
This object indicates the number of software-forwarded IP packets which are permitted by default unicast policy.
OBJECT-TYPE    
  Counter64  

ctspDefIpHwPermitPkts 1.3.6.1.4.1.9.9.713.1.1.3.2.1.5
This object indicates the number of hardware-forwarded IP packets which are permitted by default unicast policy.
OBJECT-TYPE    
  Counter64  

ctspDefIpSwMonitorPkts 1.3.6.1.4.1.9.9.713.1.1.3.2.1.6
This object indicates the number of software-forwarded IP packets which are monitored by default unicast policy.
OBJECT-TYPE    
  Counter64  

ctspDefIpHwMonitorPkts 1.3.6.1.4.1.9.9.713.1.1.3.2.1.7
This object indicates the number of hardware-forwarded IP packets which are monitored by default unicast policy.
OBJECT-TYPE    
  Counter64  

ctspAllPeerPolicyAction 1.3.6.1.4.1.9.9.713.1.2.1
This object allows user to specify the action to be taken with respect to all peer policies in the device. When read, this object always returns the value 'none'. 'none' - No operation. 'refresh' - Refresh all peer policies in the device.
OBJECT-TYPE    
  INTEGER none(1), refresh(2)  

ctspPeerPolicyTable 1.3.6.1.4.1.9.9.713.1.2.2
This table lists the peer policy information for each peer device.
OBJECT-TYPE    
  SEQUENCE OF  
    CtspPeerPolicyEntry

ctspPeerPolicyEntry 1.3.6.1.4.1.9.9.713.1.2.2.1
Each row contains the managed objects for peer policies for each peer device based on its name.
OBJECT-TYPE    
  CtspPeerPolicyEntry  

ctspPeerName 1.3.6.1.4.1.9.9.713.1.2.2.1.1
This object uniquely identifies a peer device.
OBJECT-TYPE    
  SnmpAdminString Size(1..128)  

ctspPeerSgt 1.3.6.1.4.1.9.9.713.1.2.2.1.2
This object indicates the SGT value of this peer device.
OBJECT-TYPE    
  CtsSecurityGroupTag  

ctspPeerSgtGenId 1.3.6.1.4.1.9.9.713.1.2.2.1.3
This object indicates the generation identification of the SGT value assigned to this peer device.
OBJECT-TYPE    
  CtsGenerationId  

ctspPeerTrustState 1.3.6.1.4.1.9.9.713.1.2.2.1.4
This object indicates the TrustSec trust state of this peer device. 'trusted' indicates that this is a trusted peer device. 'noTrust' indicates that this peer device is not trusted.
OBJECT-TYPE    
  INTEGER trusted(1), noTrust(2)  

ctspPeerPolicyLifeTime 1.3.6.1.4.1.9.9.713.1.2.2.1.5
This object indicates the policy life time which provides the time interval during which the peer policy is valid.
OBJECT-TYPE    
  Unsigned32  

ctspPeerPolicyLastUpdate 1.3.6.1.4.1.9.9.713.1.2.2.1.6
This object indicates the time when this peer policy is last updated.
OBJECT-TYPE    
  DateAndTime  

ctspPeerPolicyAction 1.3.6.1.4.1.9.9.713.1.2.2.1.7
This object allows user to specify the action to be taken with this peer policy. When read, this object always returns the value 'none'. 'none' - No operation. 'refresh' - Refresh this peer policy.
OBJECT-TYPE    
  INTEGER none(1), refresh(2)  

ctspLayer3PolicyTable 1.3.6.1.4.1.9.9.713.1.3.1
This table describes Layer 3 transport policy for IP traffic regarding SGT propagation.
OBJECT-TYPE    
  SEQUENCE OF  
    CtspLayer3PolicyEntry

ctspLayer3PolicyEntry 1.3.6.1.4.1.9.9.713.1.3.1.1
Each row contains the Layer 3 transport policies per IP traffic type per policy type.
OBJECT-TYPE    
  CtspLayer3PolicyEntry  

ctspLayer3PolicyIpTrafficType 1.3.6.1.4.1.9.9.713.1.3.1.1.1
This object indicates the type of the IP traffic affected by Layer-3 transport policy. 'ipv4' indicates that the affected traffic is IPv4 traffic. 'ipv6' indicates that the affected traffic is IPv6 traffic.
OBJECT-TYPE    
  INTEGER ipv4(1), ipv6(2)  

ctspLayer3PolicyType 1.3.6.1.4.1.9.9.713.1.3.1.1.2
This object indicates the type of the Layer-3 transport policy affecting IP traffic regarding SGT propagation. 'permit' indicates that the transport policy is used to classify Layer-3 traffic which is subject to SGT propagation. 'exception' indicates that the transport policy is used to classify Layer-3 traffic which is NOT subject to SGT propagation.
OBJECT-TYPE    
  INTEGER permit(1), exception(2)  

ctspLayer3PolicyLocalConfig 1.3.6.1.4.1.9.9.713.1.3.1.1.3
This object specifies the name of an ACL that is administratively configured to classify Layer3 traffic. Zero-length string indicates there is no such configured policy.
OBJECT-TYPE    
  CtsAclNameOrEmpty  

ctspLayer3PolicyDownloaded 1.3.6.1.4.1.9.9.713.1.3.1.1.4
This object specifies the name of an ACL that is downloaded from policy server to classify Layer3 traffic. Zero-length string indicates there is no such downloaded policy.
OBJECT-TYPE    
  CtsAclNameOrEmpty  

ctspLayer3PolicyOperational 1.3.6.1.4.1.9.9.713.1.3.1.1.5
This object specifies the name of an operational ACL currently used to classify Layer3 traffic. Zero-length string indicates there is no such policy in effect.
OBJECT-TYPE    
  CtsAclNameOrEmpty  

ctspIfL3PolicyConfigTable 1.3.6.1.4.1.9.9.713.1.3.2
This table lists the interfaces which support Layer3 Transport policy.
OBJECT-TYPE    
  SEQUENCE OF  
    CtspIfL3PolicyConfigEntry

ctspIfL3PolicyConfigEntry 1.3.6.1.4.1.9.9.713.1.3.2.1
Each row contains managed objects for Layer3 Transport on interface capable of providing this information.
OBJECT-TYPE    
  CtspIfL3PolicyConfigEntry  

ctspIfL3Ipv4PolicyEnabled 1.3.6.1.4.1.9.9.713.1.3.2.1.1
This object specifies whether the Layer3 Transport policies will be applied on this interface for egress IPv4 traffic. 'true' indicates that Layer3 permit and exception policy will be applied at this interface for egress IPv4 traffic. 'false' indicates that Layer3 permit and exception policy will not be applied at this interface for egress IPv4 traffic.
OBJECT-TYPE    
  TruthValue  

ctspIfL3Ipv6PolicyEnabled 1.3.6.1.4.1.9.9.713.1.3.2.1.2
This object specifies whether the Layer3 Transport policies will be applied on this interface for egress IPv6 traffic. 'true' indicates that Layer3 permit and exception policy will be applied at this interface for egress IPv6 traffic. 'false' indicates that Layer3 permit and exception policy will not be applied at this interface for egress IPv6 traffic.
OBJECT-TYPE    
  TruthValue  

ctspIpSgtMappingTable 1.3.6.1.4.1.9.9.713.1.4.1
This table contains the IP-to-SGT mapping information in the device.
OBJECT-TYPE    
  SEQUENCE OF  
    CtspIpSgtMappingEntry

ctspIpSgtMappingEntry 1.3.6.1.4.1.9.9.713.1.4.1.1
Each row contains the IP-to-SGT mapping and status of this instance. Entry in this table is either populated automatically by the device or manually configured by a user. A manually configured row instance can be created or removed by setting the appropriate value of its RowStatus object.
OBJECT-TYPE    
  CtspIpSgtMappingEntry  

ctspIpSgtVrfName 1.3.6.1.4.1.9.9.713.1.4.1.1.1
This object indicates the VRF where IP-SGT mapping belongs to. The zero length value indicates the default VRF.
OBJECT-TYPE    
  CiscoVrfName  

ctspIpSgtAddressType 1.3.6.1.4.1.9.9.713.1.4.1.1.2
This object indicates the type of Internet address.
OBJECT-TYPE    
  InetAddressType  

ctspIpSgtIpAddress 1.3.6.1.4.1.9.9.713.1.4.1.1.3
This object indicates an Internet address. The type of this address is determined by the value of ctspIpSgtAddressType object.
OBJECT-TYPE    
  InetAddress  

ctspIpSgtAddressLength 1.3.6.1.4.1.9.9.713.1.4.1.1.4
This object indicates the length of an Internet address prefix.
OBJECT-TYPE    
  InetAddressPrefixLength  

ctspIpSgtValue 1.3.6.1.4.1.9.9.713.1.4.1.1.5
This object specifies the SGT value assigned to an Internet address.
OBJECT-TYPE    
  CtsSecurityGroupTag  

ctspIpSgtSource 1.3.6.1.4.1.9.9.713.1.4.1.1.6
This object indicates the source of the mapping. 'configured' indicates that the mapping is manually configured by user. 'arp' indicates that the mapping is dynamically learnt from tagged ARP replies. 'localAuthenticated' indicates that the mapping is dynamically learnt from the device authentication of a host. 'sxp' indicates that the mapping is dynamically learnt from SXP (SGT Propagation Protocol). 'internal' indicates that the mapping is automatically created by the device between the device IP addresses and the device own SGT. 'l3if' indicates that Interface-SGT mapping is configured by user. 'vlan' indicates that Vlan-SGT mapping is configured by user. 'cached' indicates that sgt mapping is cached. Only 'configured' value is accepted when setting this object.
OBJECT-TYPE    
  INTEGER configured(1), arp(2), localAuthenticated(3), sxp(4), internal(5), l3if(6), vlan(7), caching(8)  

ctspIpSgtStorageType 1.3.6.1.4.1.9.9.713.1.4.1.1.7
The storage type for this conceptual row.
OBJECT-TYPE    
  StorageType  

ctspIpSgtRowStatus 1.3.6.1.4.1.9.9.713.1.4.1.1.8
This object is used to manage the creation and deletion of rows in this table. If this object value is 'active', user cannot modify any writable object in this row. If value of ctspIpSgtSource object in an entry is not 'configured', user cannot change the value of this object.
OBJECT-TYPE    
  RowStatus  

ctspAllSgtPolicyAction 1.3.6.1.4.1.9.9.713.1.5.1
This object allows user to specify the action to be taken with respect to all SGT policies in the device. When read, this object always returns the value 'none'. 'none' - No operation. 'refresh' - Refresh all SGT policies in the device.
OBJECT-TYPE    
  INTEGER none(1), refresh(2)  

ctspDownloadedSgtPolicyTable 1.3.6.1.4.1.9.9.713.1.5.2
This table lists the SGT policy information downloaded by the device.
OBJECT-TYPE    
  SEQUENCE OF  
    CtspDownloadedSgtPolicyEntry

ctspDownloadedSgtPolicyEntry 1.3.6.1.4.1.9.9.713.1.5.2.1
Each row contains the managed objects for SGT policies downloaded by the device.
OBJECT-TYPE    
  CtspDownloadedSgtPolicyEntry  

ctspDownloadedSgtPolicySgt 1.3.6.1.4.1.9.9.713.1.5.2.1.1
This object indicates the SGT value for which the downloaded policy is applied to. Value of zero indicates that the SGT is unknown.
OBJECT-TYPE    
  CtsSecurityGroupTag  

ctspDownloadedSgtPolicySgtGenId 1.3.6.1.4.1.9.9.713.1.5.2.1.2
This object indicates the generation identification of the SGT value denoted by ctspDownloadedSgtPolicySgt object.
OBJECT-TYPE    
  CtsGenerationId  

ctspDownloadedSgtPolicyLifeTime 1.3.6.1.4.1.9.9.713.1.5.2.1.3
This object indicates the policy life time which provides the time interval during which this downloaded policy is valid.
OBJECT-TYPE    
  Unsigned32  

ctspDownloadedSgtPolicyLastUpdate 1.3.6.1.4.1.9.9.713.1.5.2.1.4
This object indicates the time when this downloaded SGT policy is last updated.
OBJECT-TYPE    
  DateAndTime  

ctspDownloadedSgtPolicyAction 1.3.6.1.4.1.9.9.713.1.5.2.1.5
This object allows user to specify the action to be taken with this downloaded SGT policy. When read, this object always returns the value 'none'. 'none' - No operation. 'refresh' - Refresh this SGT policy.
OBJECT-TYPE    
  INTEGER none(1), refresh(2)  

ctspDownloadedDefSgtPolicyTable 1.3.6.1.4.1.9.9.713.1.5.3
This table lists the default SGT policy information downloaded by the device.
OBJECT-TYPE    
  SEQUENCE OF  
    CtspDownloadedDefSgtPolicyEntry

ctspDownloadedDefSgtPolicyEntry 1.3.6.1.4.1.9.9.713.1.5.3.1
Each row contains the managed objects for default SGT policies downloaded by the device.
OBJECT-TYPE    
  CtspDownloadedDefSgtPolicyEntry  

ctspDownloadedDefSgtPolicyType 1.3.6.1.4.1.9.9.713.1.5.3.1.1
This object indicates the downloaded default SGT policy type. 'unicastDefault' indicates the SGT policy applied to traffic which carries the default unicast SGT.
OBJECT-TYPE    
  INTEGER unicastDefault(1)  

ctspDownloadedDefSgtPolicySgtGenId 1.3.6.1.4.1.9.9.713.1.5.3.1.2
This object indicates the generation identification of the downloaded default SGT policy.
OBJECT-TYPE    
  CtsGenerationId  

ctspDownloadedDefSgtPolicyLifeTime 1.3.6.1.4.1.9.9.713.1.5.3.1.3
This object indicates the policy life time which provides the time interval during which this download default policy is valid.
OBJECT-TYPE    
  Unsigned32  

ctspDownloadedDefSgtPolicyLastUpdate 1.3.6.1.4.1.9.9.713.1.5.3.1.4
This object indicates the time when this downloaded SGT policy is last updated.
OBJECT-TYPE    
  DateAndTime  

ctspDownloadedDefSgtPolicyAction 1.3.6.1.4.1.9.9.713.1.5.3.1.5
This object allows user to specify the action to be taken with this default downloaded SGT policy. When read, this object always returns the value 'none'. 'none' - No operation. 'refresh' - Refresh this default SGT policy.
OBJECT-TYPE    
  INTEGER none(1), refresh(2)  

ctspIfSgtMappingTable 1.3.6.1.4.1.9.9.713.1.6.1
This table contains the Interface-to-SGT mapping configuration information in the device.
OBJECT-TYPE    
  SEQUENCE OF  
    CtspIfSgtMappingEntry

ctspIfSgtMappingEntry 1.3.6.1.4.1.9.9.713.1.6.1.1
Each row contains the SGT mapping configuration of a particular interface. A row instance can be created or removed by setting ctspIfSgtRowStatus.
OBJECT-TYPE    
  CtspIfSgtMappingEntry  

ctspIfSgtValue 1.3.6.1.4.1.9.9.713.1.6.1.1.1
This object specifies the SGT value assigned to the interface.
OBJECT-TYPE    
  CtsSecurityGroupTag  

ctspIfSgName 1.3.6.1.4.1.9.9.713.1.6.1.1.2
This object specifies the Security Group Name assigned to the interface.
OBJECT-TYPE    
  SnmpAdminString  

ctspIfSgtStorageType 1.3.6.1.4.1.9.9.713.1.6.1.1.3
The storage type for this conceptual row.
OBJECT-TYPE    
  StorageType  

ctspIfSgtRowStatus 1.3.6.1.4.1.9.9.713.1.6.1.1.4
This object is used to manage the creation and deletion of rows in this table.
OBJECT-TYPE    
  RowStatus  

ctspIfSgtMappingInfoTable 1.3.6.1.4.1.9.9.713.1.6.2
This table contains the Interface-to-SGT mapping status information in the device.
OBJECT-TYPE    
  SEQUENCE OF  
    CtspIfSgtMappingInfoEntry

ctspIfSgtMappingInfoEntry 1.3.6.1.4.1.9.9.713.1.6.2.1
Containing the Interface-to-SGT mapping status of the specified interface.
OBJECT-TYPE    
  CtspIfSgtMappingInfoEntry  

ctspL3IPMStatus 1.3.6.1.4.1.9.9.713.1.6.2.1.1
This object indicates the Layer 3 Identity Port Mapping(IPM) operational mode. disabled - The L3 IPM is not configured. active - The L3 IPM is configured for this interface, and SGT is available. inactive - The L3 IPM is configured for this interface, and SGT is unavailable.
OBJECT-TYPE    
  INTEGER disabled(1), active(2), inactive(3)  

ctspVlanSgtMappingTable 1.3.6.1.4.1.9.9.713.1.7.1
This table contains the Vlan-SGT mapping information in the device.
OBJECT-TYPE    
  SEQUENCE OF  
    CtspVlanSgtMappingEntry

ctspVlanSgtMappingEntry 1.3.6.1.4.1.9.9.713.1.7.1.1
Each row contains the SGT mapping configuration of a particular VLAN. A row instance can be created or removed by setting ctspVlanSgtRowStatus.
OBJECT-TYPE    
  CtspVlanSgtMappingEntry  

ctspVlanSgtMappingIndex 1.3.6.1.4.1.9.9.713.1.7.1.1.1
This object specifies the VLAN-ID which is used as index.
OBJECT-TYPE    
  VlanIndex  

ctspVlanSgtMapValue 1.3.6.1.4.1.9.9.713.1.7.1.1.2
This object specifies the SGT value assigned to the vlan.
OBJECT-TYPE    
  CtsSecurityGroupTag  

ctspVlanSgtStorageType 1.3.6.1.4.1.9.9.713.1.7.1.1.3
The storage type for this conceptual row.
OBJECT-TYPE    
  StorageType  

ctspVlanSgtRowStatus 1.3.6.1.4.1.9.9.713.1.7.1.1.4
This object is used to manage the creation and deletion of rows in this table.
OBJECT-TYPE    
  RowStatus  

ctspSgtCachingMode 1.3.6.1.4.1.9.9.713.1.8.1
This object specifies which SGT-caching mode is configured for SGT caching capable interfaces at the managed system. 'none' indicates that sgt-caching for all Layer 3 interfaces (excluding SVIs) is disabled. 'standAlone' indicates that SGT-caching is enabled on every TrustSec capable Layer3 interface (excluding SVIs) in the device. 'withEnforcement' indicates that SGT-caching is enabled on interfaces that have RBAC enforcement enabled. 'vlan' indicates that SGT-caching is enabled on the VLANs specified by ctspSgtCachingVlansfFirst2K & ctspSgtCachingVlansSecond2K
OBJECT-TYPE    
  INTEGER none(1), standAlone(2), withEnforcement(3), vlan(4)  

ctspSgtCachingVlansFirst2K 1.3.6.1.4.1.9.9.713.1.8.2
A string of octets containing one bit per VLAN for VLANs 0 to 2047. If the bit corresponding to a VLAN is set to 1, it indicates SGT-caching is enabled on the VLAN. If the bit corresponding to a VLAN is set to 0, it indicates SGT-caching is disabled on the VLAN.
OBJECT-TYPE    
  Cisco2KVlanList  

ctspSgtCachingVlansSecond2K 1.3.6.1.4.1.9.9.713.1.8.3
A string of octets containing one bit per VLAN for VLANs 2048 to 4095. If the bit corresponding to a VLAN is set to 1, it indicates SGT-caching is enabled on the VLAN. If the bit corresponding to a VLAN is set to 0, it indicates SGT-caching is disabled on the VLAN.
OBJECT-TYPE    
  Cisco2KVlanList  

ctspPeerPolicyUpdatedNotifEnable 1.3.6.1.4.1.9.9.713.1.9.1
This object specifies whether the system generates ctspPeerPolicyUpdatedNotif. A value of 'false' will prevent ctspPeerPolicyUpdatedNotif notifications from being generated by this system.
OBJECT-TYPE    
  TruthValue  

ctspAuthorizationSgaclFailNotifEnable 1.3.6.1.4.1.9.9.713.1.9.2
This object specifies whether this system generates the ctspAuthorizationSgaclFailNotif. A value of 'false' will prevent ctspAuthorizationSgaclFailNotif notifications from being generated by this system.
OBJECT-TYPE    
  TruthValue  

ctspOldPeerSgt 1.3.6.1.4.1.9.9.713.1.10.1
This object provides the old sgt value for ctspPeerPolicyUpdatedNotif, i.e., the sgt value before the policy is updated.
OBJECT-TYPE    
  CtsSecurityGroupTag  

ctspAuthorizationSgaclFailReason 1.3.6.1.4.1.9.9.713.1.10.2
This object indicates the reason of failure during SGACL acquisitions, installations and uninstallations, which is associated with ctspAuthorizationSgaclFailNotif; 'downloadACE' - Failure during downloading ACE in SGACL acquisition. 'downloadSrc' - Failure during downloading source list in SGACL acquisition. 'downloadDst' - Failure during downloading destination list in SGACL acquisition. 'installPolicy' - Failure during SGACL policy installation 'installPolicyStandby' - Failure during SGACL policy installation on standby 'installForIP' - Failure during SGACL installation for specific IP type. 'uninstall' - Failure during SGACL uninstallation.
OBJECT-TYPE    
  INTEGER downloadACE(1), downloadSrc(2), downloadDst(3), installPolicy(4), installPolicyStandby(5), installForIP(6), uninstall(7)  

ctspAuthorizationSgaclFailInfo 1.3.6.1.4.1.9.9.713.1.10.3
This object provides additional information about authorization SGACL failure, which is associated with ctspAuthorizationSgaclFailNotif.
OBJECT-TYPE    
  SnmpAdminString  

ctspPeerPolicyUpdatedNotif 1.3.6.1.4.1.9.9.713.0.1
A ctspPeerPolicyUpdatedNotif is generated when the SGT value of a peer device has been updated.
NOTIFICATION-TYPE    

ctspAuthorizationSgaclFailNotif 1.3.6.1.4.1.9.9.713.0.2
A ctspAuthorizationSgaclFailNotif is generated when the authorization of SGACL fails.
NOTIFICATION-TYPE    

ciscoTrustSecPolicyMIBCompliances 1.3.6.1.4.1.9.9.713.2.1
OBJECT IDENTIFIER    

ciscoTrustSecPolicyMIBGroups 1.3.6.1.4.1.9.9.713.2.2
OBJECT IDENTIFIER    

ciscoTrustSecPolicyMIBCompliance 1.3.6.1.4.1.9.9.713.2.1.1
Write access is not required.
MODULE-COMPLIANCE    
  ctspVlanConfigRowStatus INTEGER active(1)
  active INTEGER createAndGo(4), destroy(6)
  ctspConfigSgaclMappingRowStatus INTEGER active(1)
  active INTEGER createAndGo(4), destroy(6)
  ctspIpSgtRowStatus INTEGER active(1)
  active INTEGER createAndGo(4), destroy(6)

ciscoTrustSecPolicyMIBComplianceRev2 1.3.6.1.4.1.9.9.713.2.1.2
Write access is not required.
MODULE-COMPLIANCE    
  ctspVlanConfigRowStatus INTEGER active(1)
  active INTEGER createAndGo(4), destroy(6)
  ctspConfigSgaclMappingRowStatus INTEGER active(1)
  active INTEGER createAndGo(4), destroy(6)
  ctspIpSgtRowStatus INTEGER active(1)
  active INTEGER createAndGo(4), destroy(6)
  ctspIfSgtRowStatus INTEGER active(1)
  active INTEGER createAndGo(4), destroy(6)
  ctspVlanSgtRowStatus INTEGER active(1)
  active INTEGER createAndGo(4), destroy(6)

ctspGlobalSgaclEnforcementGroup 1.3.6.1.4.1.9.9.713.2.2.1
A collection of object which provides the SGACL enforcement information for all TrustSec capable Layer 3 interfaces (excluding SVIs) at the device level.
OBJECT-GROUP    

ctspSgaclIpv4DropNetflowMonitorGroup 1.3.6.1.4.1.9.9.713.2.2.2
A collection of object which provides netflow monitor information for IPv4 traffic drop packet due to SGACL enforcement in the device.
OBJECT-GROUP    

ctspSgaclIpv6DropNetflowMonitorGroup 1.3.6.1.4.1.9.9.713.2.2.3
A collection of object which provides netflow monitor information for IPv6 traffic drop packet due to SGACL enforcement in the device.
OBJECT-GROUP    

ctspVlanConfigGroup 1.3.6.1.4.1.9.9.713.2.2.4
A collection of object which provides the SGACL enforcement and VRF information for each VLAN.
OBJECT-GROUP    

ctspConfigSgaclMappingGroup 1.3.6.1.4.1.9.9.713.2.2.5
A collection of objects which provides the administratively configured SGACL mapping information in the device.
OBJECT-GROUP    

ctspDownloadedSgaclMappingGroup 1.3.6.1.4.1.9.9.713.2.2.6
A collection of objects which provides the downloaded SGACL mapping information in the device.
OBJECT-GROUP    

ctspOperSgaclMappingGroup 1.3.6.1.4.1.9.9.713.2.2.7
A collection of objects which provides the operational SGACL mapping information in the device.
OBJECT-GROUP    

ctspIpSwStatisticsGroup 1.3.6.1.4.1.9.9.713.2.2.8
A collection of objects which provides software statistics counters for unicast IP traffic subjected to SGACL enforcement.
OBJECT-GROUP    

ctspIpHwStatisticsGroup 1.3.6.1.4.1.9.9.713.2.2.9
A collection of objects which provides hardware statistics counters for unicast IP traffic subjected to SGACL enforcement.
OBJECT-GROUP    

ctspDefSwStatisticsGroup 1.3.6.1.4.1.9.9.713.2.2.10
A collection of objects which provides software statistics counters for unicast IP traffic subjected to unicast default policy enforcement.
OBJECT-GROUP    

ctspDefHwStatisticsGroup 1.3.6.1.4.1.9.9.713.2.2.11
A collection of objects which provides hardware statistics counters for unicast IP traffic subjected to unicast default policy enforcement.
OBJECT-GROUP    

ctspPeerPolicyActionGroup 1.3.6.1.4.1.9.9.713.2.2.12
A collection of object which provides refreshing of all peer policies in the device.
OBJECT-GROUP    

ctspPeerPolicyGroup 1.3.6.1.4.1.9.9.713.2.2.13
A collection of object which provides peer policy information in the device.
OBJECT-GROUP    

ctspLayer3TransportGroup 1.3.6.1.4.1.9.9.713.2.2.14
A collection of objects which provides managed information regarding the SGT propagation along with Layer 3 traffic in the device.
OBJECT-GROUP    

ctspIfL3PolicyConfigGroup 1.3.6.1.4.1.9.9.713.2.2.15
A collection of objects which provides managed information for Layer3 Tranport policy enforcement on capable interface in the device.
OBJECT-GROUP    

ctspIpSgtMappingGroup 1.3.6.1.4.1.9.9.713.2.2.16
A collection of objects which provides managed information regarding IP-to-Sgt mapping in the device.
OBJECT-GROUP    

ctspSgtPolicyGroup 1.3.6.1.4.1.9.9.713.2.2.17
A collection of object which provides SGT policy information in the device.
OBJECT-GROUP    

ctspIfSgtMappingGroup 1.3.6.1.4.1.9.9.713.2.2.18
A collection of objects which provides managed information regarding Interface-to-Sgt mapping in the device.
OBJECT-GROUP    

ctspVlanSgtMappingGroup 1.3.6.1.4.1.9.9.713.2.2.19
A collection of objects which provides sgt mapping information for the IP traffic in the specified Vlan.
OBJECT-GROUP    

ctspSgtCachingGroup 1.3.6.1.4.1.9.9.713.2.2.20
A collection of objects which provides sgt Caching information.
OBJECT-GROUP    

ctspSgaclMonitorGroup 1.3.6.1.4.1.9.9.713.2.2.21
A collection of objects which provides SGACL monitor information.
OBJECT-GROUP    

ctspSgaclMonitorStatisticGroup 1.3.6.1.4.1.9.9.713.2.2.22
A collection of objects which provides monitor statistics counters for unicast IP traffic subjected to SGACL enforcement.
OBJECT-GROUP    

ctspNotifCtrlGroup 1.3.6.1.4.1.9.9.713.2.2.23
A collection of objects providing notification control for TrustSec policy notifications.
OBJECT-GROUP    

ctspNotifGroup 1.3.6.1.4.1.9.9.713.2.2.24
A collection of notifications for TrustSec policy.
NOTIFICATION-GROUP    

ctspNotifInfoGroup 1.3.6.1.4.1.9.9.713.2.2.25
A collection of objects providing the variable binding for TrustSec policy notifications.
OBJECT-GROUP