DOCS-SEC-MIB

File: DOCS-SEC-MIB.mib (29541 bytes)

Imported modules

SNMPv2-SMI SNMPv2-CONF SNMPv2-TC
SNMP-FRAMEWORK-MIB SNMP-TARGET-MIB INET-ADDRESS-MIB
DOCS-IF3-MIB CLAB-DEF-MIB

Imported symbols

MODULE-IDENTITY OBJECT-TYPE Unsigned32
Counter32 OBJECT-GROUP MODULE-COMPLIANCE
TruthValue MacAddress RowStatus
DateAndTime SnmpAdminString SnmpTagList
InetAddressType InetAddress InetAddressPrefixLength
InetPortNumber docsIf3CmtsCmRegStatusEntry docsIf3CmtsCmRegStatusId
clabProjDocsis

Defined Types

DocsSecCmtsCmEaeExclusionEntry  
SEQUENCE    
  docsSecCmtsCmEaeExclusionId Unsigned32
  docsSecCmtsCmEaeExclusionMacAddr MacAddress
  docsSecCmtsCmEaeExclusionMacAddrMask MacAddress
  docsSecCmtsCmEaeExclusionRowStatus RowStatus

DocsSecSavCmAuthEntry  
SEQUENCE    
  docsSecSavCmAuthGrpName SnmpAdminString
  docsSecSavCmAuthStaticPrefixListId Unsigned32

DocsSecSavCfgListEntry  
SEQUENCE    
  docsSecSavCfgListName SnmpAdminString
  docsSecSavCfgListRuleId Unsigned32
  docsSecSavCfgListPrefixAddrType InetAddressType
  docsSecSavCfgListPrefixAddr InetAddress
  docsSecSavCfgListPrefixLen InetAddressPrefixLength
  docsSecSavCfgListRowStatus RowStatus

DocsSecSavStaticListEntry  
SEQUENCE    
  docsSecSavStaticListId Unsigned32
  docsSecSavStaticListRuleId Unsigned32
  docsSecSavStaticListPrefixAddrType InetAddressType
  docsSecSavStaticListPrefixAddr InetAddress
  docsSecSavStaticListPrefixLen InetAddressPrefixLength

DocsSecCmtsCmSavStatsEntry  
SEQUENCE    
  docsSecCmtsCmSavStatsSavDiscards Counter32

Defined Values

docsSecMib 1.3.6.1.4.1.4491.2.1.11
This MIB module contains the management objects for the management of the security requirements in the DOCSIS Security Specification.
MODULE-IDENTITY    

docsSecMibObjects 1.3.6.1.4.1.4491.2.1.11.1
OBJECT IDENTIFIER    

docsSecCmtsServerCfg 1.3.6.1.4.1.4491.2.1.11.1.1
OBJECT IDENTIFIER    

docsSecCmtsServerCfgTftpOptions 1.3.6.1.4.1.4491.2.1.11.1.1.1
This attribute instructs the CMTS to insert the source IP address and/or MAC address of received TFTP packets into the TFTP option fields before forwarding the packets to the Config File server. This attribute is only applicable when the TftpProxyEnabled attribute of the MdCfg object is 'true'.
OBJECT-TYPE    
  BITS hwAddr(0), netAddr(1)  

docsSecCmtsServerCfgConfigFileLearningEnable 1.3.6.1.4.1.4491.2.1.11.1.1.2
This attribute enables and disables Configuration File Learning functionality. If this attribute is set to 'true' the CMTS will respond with Authentication Failure in the REG-RSP message when there is a mismatch between learned config file parameters and REG-REQ parameters. If this attribute is set to 'false', the CMTS will not execute config file learning and mismatch check. This attribute is only applicable when the TftpProxyEnabled attribute of the MdCfg object is 'true'.
OBJECT-TYPE    
  TruthValue  

docsSecCmtsEncrypt 1.3.6.1.4.1.4491.2.1.11.1.2
OBJECT IDENTIFIER    

docsSecCmtsEncryptEncryptAlgPriority 1.3.6.1.4.1.4491.2.1.11.1.2.1
This attribute allows for configuration of a prioritized list of encryption algorithms the CMTS will use when selecting the primary SAID encryption algorithm for a given CM. The CMTS selects the highest priority encryption algorithm from this list that the CM supports. By default the following encryption algorithms are listed from highest to lowest priority (left being the highest): 128 bit AES, 56 bit DES, 40 bit DES. An empty list indicates that the CMTS attempts to use the latest and robust encryption algorithm supported by the CM. The CMTS will ignore unknown values or unsupported algorithms.
OBJECT-TYPE    
  SnmpTagList  

docsSecCmtsCmEaeExclusionTable 1.3.6.1.4.1.4491.2.1.11.1.3
This object defines a list of CMs or CM groups to exclude from Early Authentication and Encryption (EAE). This object allows overrides to the value of EAE Control for individual CMs or group of CMs for purposes such as debugging. The CMTS supports a minimum of 30 instances of the CmtsCmEaeExclusion object. This object is only applicable when the EarlyAuthEncryptCtrl attribute of the MdCfg object is enabled. This object supports the creation and deletion of multiple instances.
OBJECT-TYPE    
  SEQUENCE OF  
    DocsSecCmtsCmEaeExclusionEntry

docsSecCmtsCmEaeExclusionEntry 1.3.6.1.4.1.4491.2.1.11.1.3.1
The conceptual row of docsSecCmtsCmEaeExclusion. The CMTS persists all instances of CmtsCmEaeExclusion across reinitializations.
OBJECT-TYPE    
  DocsSecCmtsCmEaeExclusionEntry  

docsSecCmtsCmEaeExclusionId 1.3.6.1.4.1.4491.2.1.11.1.3.1.1
This key uniquely identifies the exclusion MAC address rule.
OBJECT-TYPE    
  Unsigned32 1..4294967295  

docsSecCmtsCmEaeExclusionMacAddr 1.3.6.1.4.1.4491.2.1.11.1.3.1.2
This attribute identifies the CM MAC address. A match is made when a CM MAC address bitwise ANDed with the MacAddrMask attribute equals the value of this attribute.
OBJECT-TYPE    
  MacAddress  

docsSecCmtsCmEaeExclusionMacAddrMask 1.3.6.1.4.1.4491.2.1.11.1.3.1.3
This attribute identifies the CM MAC address mask and is used with the MacAddr attribute.
OBJECT-TYPE    
  MacAddress  

docsSecCmtsCmEaeExclusionRowStatus 1.3.6.1.4.1.4491.2.1.11.1.3.1.4
Controls and reflects the status of rows in this table. There is no restriction on changing values in a row of this table while the row is active.
OBJECT-TYPE    
  RowStatus  

docsSecCmtsSavControl 1.3.6.1.4.1.4491.2.1.11.1.4
OBJECT IDENTIFIER    

docsSecCmtsSavControlCmAuthEnable 1.3.6.1.4.1.4491.2.1.11.1.4.1
This attribute enables or disables Source Address Verification (SAV) for CM configured policies in the SavCmAuth object. If this attribute is set to 'false', the CM configured policies in the SavCmAuth object are ignored. This attribute is only applicable when the SrcAddrVerificationEnabled attribute of the MdCfg object is 'true'.
OBJECT-TYPE    
  TruthValue  

docsSecSavCmAuthTable 1.3.6.1.4.1.4491.2.1.11.1.5
This object defines a read-only set of SAV policies associated with a CM that the CMTS will use in addition to the CMTS verification of an operator assigned IP Address being associated with a CM. When the CMTS has not resolved a source address of a CM CPE, the CMTS verifies if the CM CPE is authorized to pass traffic based on this object. These object policies include a list of subnet prefixes (defined in the SavStaticList object) or a SAV Group Name that could reference a CMTS configured list of subnet prefixes (defined in SavCfgList object) or vendor-specific policies. The CMTS populates the attributes of this object for a CM from that CM's config file. This object is only applicable when the SrcAddrVerificationEnabled attribute of the MdCfg object is 'true' and the CmAuthEnable attribute of the CmtsSavCtrl object is 'true'. The CMTS is not required to persist instances of this object across reinitializations.
OBJECT-TYPE    
  SEQUENCE OF  
    DocsSecSavCmAuthEntry

docsSecSavCmAuthEntry 1.3.6.1.4.1.4491.2.1.11.1.5.1
The conceptual row of docsSecSavCmAuth.
OBJECT-TYPE    
  DocsSecSavCmAuthEntry  

docsSecSavCmAuthGrpName 1.3.6.1.4.1.4491.2.1.11.1.5.1.1
This attribute references the Name attribute of the SavCfgList object of a CM. If the CM signaled group name is not configured in the CMTS, the CMTS ignores this attribute value for the purpose of Source Address Verification. The CMTS must allow the modification of the GrpName object and use the updated SAV rules for newly discovered CPEs from CMs. When a source IP address is claimed by two CMs (e.g., detected as duplicated), the CMTS must use the current SAV rules defined for both CMs in case the SAV GrpName rules may have been updated. In the case of a persisting conflict, it is up to vendor-implementation to decide what CM should hold the SAV authorization. The zero-length string indicates that no SAV Group was signaled by the CM. The zero-length value or a non-existing reference in the SavCfgList object means the SavCfgListName is ignored for the purpose of SAV.
OBJECT-TYPE    
  SnmpAdminString  

docsSecSavCmAuthStaticPrefixListId 1.3.6.1.4.1.4491.2.1.11.1.5.1.2
This attribute identifies the reference to a CMTS created subnet prefix list based on the CM signaled static prefix list TLV elements. The CMTS may reuse this attribute value to reference more than one CM when those CMs have signaled the same subnet prefix list to the CMTS. The value zero indicates that no SAV static prefix encodings were signaled by the CM.
OBJECT-TYPE    
  Unsigned32  

docsSecSavCfgListTable 1.3.6.1.4.1.4491.2.1.11.1.6
This object defines the CMTS configured subnet prefix extension to the SavCmAuth object. This object supports the creation and deletion of multiple instances. Creation of a new instance of this object requires the PrefixAddrType and PrefixAddr attributes to be set.
OBJECT-TYPE    
  SEQUENCE OF  
    DocsSecSavCfgListEntry

docsSecSavCfgListEntry 1.3.6.1.4.1.4491.2.1.11.1.6.1
The conceptual row of docsSecSavCfgList. The CMTS persists all instances of SavCfgList across reinitializations.
OBJECT-TYPE    
  DocsSecSavCfgListEntry  

docsSecSavCfgListName 1.3.6.1.4.1.4491.2.1.11.1.6.1.1
This attribute is the key that identifies the instance of the SavCmAuth object to which this object extension belongs.
OBJECT-TYPE    
  SnmpAdminString Size(1..16)  

docsSecSavCfgListRuleId 1.3.6.1.4.1.4491.2.1.11.1.6.1.2
This attribute is the key that identifies a particular subnet prefix rule of an instance of this object.
OBJECT-TYPE    
  Unsigned32 1..4294967295  

docsSecSavCfgListPrefixAddrType 1.3.6.1.4.1.4491.2.1.11.1.6.1.3
This attribute identifies the IP address type of this subnet prefix rule.
OBJECT-TYPE    
  InetAddressType  

docsSecSavCfgListPrefixAddr 1.3.6.1.4.1.4491.2.1.11.1.6.1.4
This attribute corresponds to the IP address of this subnet prefix rule in accordance to the PrefixAddrType attribute.
OBJECT-TYPE    
  InetAddress  

docsSecSavCfgListPrefixLen 1.3.6.1.4.1.4491.2.1.11.1.6.1.5
This attribute defines the length of the subnet prefix to be matched by this rule.
OBJECT-TYPE    
  InetAddressPrefixLength  

docsSecSavCfgListRowStatus 1.3.6.1.4.1.4491.2.1.11.1.6.1.6
The row creation control of this conceptual row. An entry in this table can be set to active only when the following attributes are correctly assigned: PrefixAddrType PrefixAddress There are no restrictions to modify or delete entries in this table.
OBJECT-TYPE    
  RowStatus  

docsSecSavStaticListTable 1.3.6.1.4.1.4491.2.1.11.1.7
This object defines a subnet prefix extension to the SavCmAuth object based on CM statically signaled subnet prefixes to the CMTS. When a CM signals to the CMTS static subnet prefixes, the CMTS must create a List Id to be referenced by the CM in the SavCmAuth StaticPrefixListId attribute, or the CMTS may reference an existing List Id associated to previously registered CMs in case of those subnet prefixes associated with the List Id match the ones signaled by the CM.
OBJECT-TYPE    
  SEQUENCE OF  
    DocsSecSavStaticListEntry

docsSecSavStaticListEntry 1.3.6.1.4.1.4491.2.1.11.1.7.1
The conceptual row of docsSecSavStaticList. The CMTS may persist instances of this object across reinitializations.
OBJECT-TYPE    
  DocsSecSavStaticListEntry  

docsSecSavStaticListId 1.3.6.1.4.1.4491.2.1.11.1.7.1.1
This key uniquely identifies the index that groups multiple subnet prefix rules. The CMTS assigns this value per CM or may reuse it among multiple CMs that share the same list of subnet prefixes.
OBJECT-TYPE    
  Unsigned32 1..4294967295  

docsSecSavStaticListRuleId 1.3.6.1.4.1.4491.2.1.11.1.7.1.2
This key identifies a particular static subnet prefix rule of an instance of this object.
OBJECT-TYPE    
  Unsigned32 1..4294967295  

docsSecSavStaticListPrefixAddrType 1.3.6.1.4.1.4491.2.1.11.1.7.1.3
This attribute identifies the IP address type of this subnet prefix rule.
OBJECT-TYPE    
  InetAddressType  

docsSecSavStaticListPrefixAddr 1.3.6.1.4.1.4491.2.1.11.1.7.1.4
This attribute corresponds to the IP address of this subnet prefix rule in accordance to the PrefixAddrType attribute.
OBJECT-TYPE    
  InetAddress  

docsSecSavStaticListPrefixLen 1.3.6.1.4.1.4491.2.1.11.1.7.1.5
This attribute defines the length of the subnet prefix to be matched by this rule.
OBJECT-TYPE    
  InetAddressPrefixLength  

docsSecCmtsCmSavStatsTable 1.3.6.1.4.1.4491.2.1.11.1.8
This object provides a read-only list of SAV counters for different service theft indications.
OBJECT-TYPE    
  SEQUENCE OF  
    DocsSecCmtsCmSavStatsEntry

docsSecCmtsCmSavStatsEntry 1.3.6.1.4.1.4491.2.1.11.1.8.1
The conceptual row of docsSecCmtsCmSavStats.
OBJECT-TYPE    
  DocsSecCmtsCmSavStatsEntry  

docsSecCmtsCmSavStatsSavDiscards 1.3.6.1.4.1.4491.2.1.11.1.8.1.1
This attribute provides the information about number of dropped upstream packets due to SAV failure.
OBJECT-TYPE    
  Counter32  

docsSecCmtsCertificate 1.3.6.1.4.1.4491.2.1.11.1.9
OBJECT IDENTIFIER    

docsSecCmtsCertificateCertRevocationMethod 1.3.6.1.4.1.4491.2.1.11.1.9.1
This attribute identifies which certificate revocation method is to be used by the CMTS to verify the cable modem certificate validity. The certificate revocation methods include Certification Revocation List (CRL) and Online Certificate Status Protocol (OCSP). The following options are available: The option 'none' indicates that the CMTS does not attempt to determine the revocation status of a certificate. The option 'crl' indicates the CMTS uses a Certificate Revocation List (CRL) as defined by the Url attribute of the CmtsCertRevocationList object. When the value of this attribute is changed to 'crl', it triggers the CMTS to retrieve the CRL from the URL specified by the Url attribute. If the value of this attribute is 'crl' when the CMTS starts up, it triggers the CMTS to retrieve the CRL from the URL specified by the Url attribute. The option 'ocsp' indicates the CMTS uses the Online Certificate Status Protocol (OCSP) as defined by the Url attribute of the CmtsOnlineCertStatusProtocol object. The option 'crlAndOcsp' indicates the CMTS uses both the CRL as defined by the Url attribute in the CmtsCertRevocationList object and OCSP as defined by the Url attribute in the CmtsOnlineCertStatusProtocol object. The CMTS persists the values of the CertRevocationMethod attribute across reinitializations.
OBJECT-TYPE    
  INTEGER none(1), crl(2), ocsp(3), crlAndOcsp(4)  

docsSecCmtsCertRevocationList 1.3.6.1.4.1.4491.2.1.11.1.10
OBJECT IDENTIFIER    

docsSecCmtsCertRevocationListUrl 1.3.6.1.4.1.4491.2.1.11.1.10.1
This attribute contains the URL from where the CMTS will retrieve the CRL. When this attribute is set to a URL value different from the current value, it triggers the CMTS to retrieve the CRL from that URL. If the value of this attribute is a zero-length string, the CMTS does not attempt to retrieve the CRL. The CMTS persists the value of Url across reinitializations.
OBJECT-TYPE    
  SnmpAdminString  

docsSecCmtsCertRevocationListRefreshInterval 1.3.6.1.4.1.4491.2.1.11.1.10.2
This attribute contains the refresh interval for the CMTS to retrieve the CRL (referred to in the Url attribute) with the purpose of updating its Certificate Revocation List. This attribute is meaningful if the tbsCertList.nextUpdate attribute does not exist in the last retrieved CRL, otherwise the value 0 is returned. The CMTS persists the value of RefreshInterval across reinitializations.
OBJECT-TYPE    
  Unsigned32 1..524160  

docsSecCmtsCertRevocationListLastUpdate 1.3.6.1.4.1.4491.2.1.11.1.10.3
This attribute contains the last date and time when the CRL was retrieved by the CMTS. This attribute returns the initial EPOC time if the CRL has not being updated. The CMTS persists the value of LastUpdate across reinitializations.
OBJECT-TYPE    
  DateAndTime  

docsSecCmtsOnlineCertStatusProtocol 1.3.6.1.4.1.4491.2.1.11.1.11
OBJECT IDENTIFIER    

docsSecCmtsOnlineCertStatusProtocolUrl 1.3.6.1.4.1.4491.2.1.11.1.11.1
This attribute contains the URL string to retrieve OCSP information. If the value of this attribute is a zero-length string, the CMTS does not attempt to request the status of a CM certificate. The CMTS persists the value of Url across reinitializations.
OBJECT-TYPE    
  SnmpAdminString  

docsSecCmtsOnlineCertStatusProtocolSignatureBypass 1.3.6.1.4.1.4491.2.1.11.1.11.2
This attribute enables or disables signature checking on OCSP response messages. The CMTS persists the value of SignatureBypass across reinitializations.
OBJECT-TYPE    
  TruthValue  

docsSecMibConformance 1.3.6.1.4.1.4491.2.1.11.2
OBJECT IDENTIFIER    

docsSecMibCompliances 1.3.6.1.4.1.4491.2.1.11.2.1
OBJECT IDENTIFIER    

docsSecMibGroups 1.3.6.1.4.1.4491.2.1.11.2.2
OBJECT IDENTIFIER    

docsSecCompliance 1.3.6.1.4.1.4491.2.1.11.2.1.1
The compliance statement for devices that implement the DOCSIS Security MIB.
MODULE-COMPLIANCE    

docsSecGroup 1.3.6.1.4.1.4491.2.1.11.2.2.1
Group of objects implemented in the CMTS.
OBJECT-GROUP