HP-ICF-SECURITY

File: HP-ICF-SECURITY.mib (34332 bytes)

Imported modules

SNMPv2-SMI SNMPv2-TC SNMPv2-CONF
HP-ICF-OID INET-ADDRESS-MIB

Imported symbols

Integer32 IpAddress TimeTicks
OBJECT-TYPE MODULE-IDENTITY DisplayString
RowStatus MODULE-COMPLIANCE OBJECT-GROUP
hpicfObjectModules icfSecurity InetAddress
InetAddressType

Defined Types

IcfSecurAuthMgrEntry  
SEQUENCE    
  icfAuthMgrIndex Integer32
  icfAuthMgrIpAddress IpAddress
  icfAuthMgrIpxAddress STRING
  icfAuthMgrRcvTraps INTEGER

IcfCommunityEntry  
SEQUENCE    
  icfCommunityIndex Integer32
  icfCommunityName STRING
  icfCommunityReadView INTEGER
  icfCommunityWriteView INTEGER
  icfCommunityStatus RowStatus

IcfAuthMgrEntry  
SEQUENCE    
  icfAuthMgrSubIndex Integer32
  icfAuthMgrAddrType INTEGER
  icfAuthMgrAddress STRING
  icfAuthMgrMask STRING
  icfAuthMgrStatus RowStatus

IcfAuthIPMgrEntry  
SEQUENCE    
  icfAuthIPMgrIndex Integer32
  icfAuthIPMgrAddress IpAddress
  icfAuthIPMgrMask IpAddress
  icfAuthIPMgrAccess INTEGER
  icfAuthIPMgrStatus RowStatus
  icfAuthIPMgrInetAddrType InetAddressType
  icfAuthIPMgrInetAddress InetAddress
  icfAuthIPMgrInetAddrMaskType InetAddressType
  icfAuthIPMgrInetAddrMask InetAddress
  icfAuthIPMgrAccessMethod INTEGER

Defined Values

icfSecurityMib 1.3.6.1.4.1.11.2.14.10.2.1
This MIB module describes objects for managing the SNMPv1 authorization configuration for devices in the HP Integrated Communication Facility product line.
MODULE-IDENTITY    

icfSecurPassword 1.3.6.1.4.1.11.2.14.4.1
********* THIS OBJECT IS DEPRECATED ********* This variable contains a string which is used both as the community name for the password community, and as the login password for the console port. This community name is needed for most SET operations. In addition, the variables in the ICF security group are only visible within the password community, and must use the value of this variable as the community name for GET operations. If the value of this variable is equal to the null string, the community name 'public' or the null string will be treated the same as the password community. This object has been deprecated. Its functionality has been replaced by the icfCommunityTable.
OBJECT-TYPE    
  DisplayString Size(0..63)  

icfSecurAuthAnyMgr 1.3.6.1.4.1.11.2.14.4.2
********* THIS OBJECT IS DEPRECATED ********* When this variable is set to enabled, any manager with a valid community name may perform SET operations on this device. In this configuration, entries in the icfSecurAuthMgrTable are used only for trap destinations. If this variable is set to disabled, a manager must be in the icfSecurAuthMgrTable and have a valid community name in order to perform SET operations. This object has been deprecated. Its functionality has been replaced by the icfAuthMgrTable.
OBJECT-TYPE    
  INTEGER enabled(1), disabled(2)  

icfSecurAuthMgrTable 1.3.6.1.4.1.11.2.14.4.3
********* THIS OBJECT IS DEPRECATED ********* This table contains a list of addresses of managers that are allowed to perform SET operations on this device, and controls the destination addresses for traps. If icfSecurAuthAnyMgr is set to disabled, a manager must be in this table and use the correct community name for the password community in order to perform a GET operation on this table. This table has been deprecated. It is replaced by the icfAuthMgrTable. The trap destination functionality has been replaced by the hpicfTrapDestTable.
OBJECT-TYPE    
  SEQUENCE OF  
    IcfSecurAuthMgrEntry

icfSecurAuthMgrEntry 1.3.6.1.4.1.11.2.14.4.3.1
********* THIS OBJECT IS DEPRECATED ********* An entry in the icfSecurAuthMgrTable containing information about a single manager. This table has been deprecated. It is replaced by the icfAuthMgrTable. The trap destination functionality has been replaced by the hpicfTrapDestTable.
OBJECT-TYPE    
  IcfSecurAuthMgrEntry  

icfAuthMgrIndex 1.3.6.1.4.1.11.2.14.4.3.1.1
********* THIS OBJECT IS DEPRECATED ********* This object contains the index which uniquely identifies this entry in the icfSecurAuthMgrTable. This table has been deprecated. It is replaced by the icfAuthMgrTable. The trap destination functionality has been replaced by the hpicfTrapDestTable.
OBJECT-TYPE    
  Integer32 1..10  

icfAuthMgrIpAddress 1.3.6.1.4.1.11.2.14.4.3.1.2
********* THIS OBJECT IS DEPRECATED ********* The IP address of a manager that is allowed to manage this device. Setting this variable to a nonzero value will clear the corresponding instance of the icfAuthMgrIpxAddress variable. This table has been deprecated. It is replaced by the icfAuthMgrTable. The trap destination functionality has been replaced by the hpicfTrapDestTable.
OBJECT-TYPE    
  IpAddress  

icfAuthMgrIpxAddress 1.3.6.1.4.1.11.2.14.4.3.1.3
********* THIS OBJECT IS DEPRECATED ********* The IPX address of a manager that is allowed to manage this device. Setting this variable to a valid IPX address will clear the corresponding instance of the icfAuthMgrIpAddress variable. This table has been deprecated. It is replaced by the icfAuthMgrTable. The trap destination functionality has been replaced by the hpicfTrapDestTable.
OBJECT-TYPE    
  STRING Size(10)  

icfAuthMgrRcvTraps 1.3.6.1.4.1.11.2.14.4.3.1.4
********* THIS OBJECT IS DEPRECATED ********* If this variable is set to enabled, any traps generated by this device will be sent to the manager indicated by the corresponding instance of either icfAuthMgrIpAddress or icfAuthMgrIpxAddress, whichever is valid. This table has been deprecated. It is replaced by the icfAuthMgrTable. The trap destination functionality has been replaced by the hpicfTrapDestTable.
OBJECT-TYPE    
  INTEGER enabled(1), disabled(2)  

icfSecurIntruder 1.3.6.1.4.1.11.2.14.4.4
OBJECT IDENTIFIER    

icfSecurIntruderFlag 1.3.6.1.4.1.11.2.14.4.4.1
If this object is set to 'valid', the remainder of the intruder objects contain information about an authentication failure. The Security LED on the device will blink if this flag is set to 'valid'. The intruder objects will not be overwritten as long as this flag is set to 'valid'. Setting this flag to 'invalid' will turn off the Security LED if there are no other current violations, and will allow the intruder objects to be overwritten by subsequent authentication failures.
OBJECT-TYPE    
  INTEGER valid(1), invalid(2)  

icfSecurIntruderIpAddress 1.3.6.1.4.1.11.2.14.4.4.2
The IP address of the manager that caused the authentication failure. Only one of icfSecurIntruderIpAddress and icfSecurIntruderIPXAddress will be valid.
OBJECT-TYPE    
  IpAddress  

icfSecurIntruderIpxAddress 1.3.6.1.4.1.11.2.14.4.4.3
The IPX address of the manager that caused the authentication failure. Only one of icfSecurIntruderIpAddress and icfSecurIntruderIPXAddress will be valid.
OBJECT-TYPE    
  STRING Size(10)  

icfSecurIntruderTime 1.3.6.1.4.1.11.2.14.4.4.4
The value of sysUpTime when the authentication failure occurred. A value of 0 indicates that the agent has been reset since this authentication failure occurred.
OBJECT-TYPE    
  TimeTicks  

icfCommunityTable 1.3.6.1.4.1.11.2.14.4.5
******************DEPRECATED******************* This table contains information about community names known by this agent.
OBJECT-TYPE    
  SEQUENCE OF  
    IcfCommunityEntry

icfCommunityEntry 1.3.6.1.4.1.11.2.14.4.5.1
******************DEPRECATED******************* An entry in the table, containing information about a single community name.
OBJECT-TYPE    
  IcfCommunityEntry  

icfCommunityIndex 1.3.6.1.4.1.11.2.14.4.5.1.1
******************DEPRECATED******************* Uniquely identifies this community name entry.
OBJECT-TYPE    
  Integer32 1..65535  

icfCommunityName 1.3.6.1.4.1.11.2.14.4.5.1.2
******************DEPRECATED******************* Community name this entry is about. Not allowed to have two active rows with the same community name.
OBJECT-TYPE    
  STRING Size(1..32)  

icfCommunityReadView 1.3.6.1.4.1.11.2.14.4.5.1.3
******************DEPRECATED******************* The MIB view used for read requests using this community name. One of the following: 'none' is the empty MIB view. 'discovery' has access to discovery objects, which will be enough to do an address search, send announce packets, and do a link test. This view also includes objects under the samplingProbe subtree. This view is typically used as a writeView for a community used by autodiscovery and autotopology applications. 'restricted' has access to a limited subset of the MIB, which includes monitoring objects and limited set of configuration objects. 'user' has access to everything except objects under the icfSecurity subtree. 'root' has access to everything, including the icfSecurity subtree.
OBJECT-TYPE    
  INTEGER none(1), discovery(2), restricted(3), user(4), root(5)  

icfCommunityWriteView 1.3.6.1.4.1.11.2.14.4.5.1.4
******************DEPRECATED******************* The MIB view used for write requests using this community name. One of the following: 'none' is the empty MIB view. 'discovery' has access to discovery objects, which will be enough to do an address search, send announce packets, and do a link test. This view also includes objects under the samplingProbe subtree. This view is typically used as a writeView for a community used by autodiscovery and autotopology applications. 'restricted' has access to a limited subset of the MIB, which includes monitoring objects and limited set of configuration objects. 'user' has access to everything except objects under the icfSecurity subtree. 'root' has access to everything, including the icfSecurity subtree.
OBJECT-TYPE    
  INTEGER none(1), discovery(2), restricted(3), user(4), root(5)  

icfCommunityStatus 1.3.6.1.4.1.11.2.14.4.5.1.5
******************DEPRECATED******************* Status of this entry.
OBJECT-TYPE    
  RowStatus  

icfAuthMgrTable 1.3.6.1.4.1.11.2.14.4.6
******************DEPRECATED******************* This table contains a list of manager addresses. Entries in this table are grouped by using a common value for icfCommunityIndex, that identifies the community name that the group of manager addresses has access to. A community name entry which has a set of entries in this table can only be used by requests originating from one of the addresses in the set. A community name entry which has no entries in this table can be used by requests originating from any address.
OBJECT-TYPE    
  SEQUENCE OF  
    IcfAuthMgrEntry

icfAuthMgrEntry 1.3.6.1.4.1.11.2.14.4.6.1
******************DEPRECATED******************* An entry in the table, containing a single authorized manager address.
OBJECT-TYPE    
  IcfAuthMgrEntry  

icfAuthMgrSubIndex 1.3.6.1.4.1.11.2.14.4.6.1.1
******************DEPRECATED******************* An index which uniquely identifies an address within a group.
OBJECT-TYPE    
  Integer32 1..65535  

icfAuthMgrAddrType 1.3.6.1.4.1.11.2.14.4.6.1.2
******************DEPRECATED******************* The network type for this entry.
OBJECT-TYPE    
  INTEGER ip(1), ipx(2)  

icfAuthMgrAddress 1.3.6.1.4.1.11.2.14.4.6.1.3
******************DEPRECATED******************* The manager address for this entry, formatted according to the value of icfAuthMgrAddrType. When icfAuthMgrAddrType is 'ip', this value will consist of four octets, containing the IP address of the manager in network byte order. When icfAuthMgrAddrType is 'ipx', this value will consist of ten octets. The first four octets will contain the IPX network number in network byte order, and the remaining six octets will contain the IPX node number in network byte order.
OBJECT-TYPE    
  STRING Size(410)  

icfAuthMgrMask 1.3.6.1.4.1.11.2.14.4.6.1.4
******************DEPRECATED******************* This object is used to qualify the value of the corresponding instance of icfAuthMgrAddress. The semantics of this object depend on the corresponding value of icfAuthMgrAddrType. When icfAuthMgrType is 'ip', this object can be used to allow access by all managers on a particular IP subnet. When icfAuthMgrType is 'ipx', this object can be used to allow access by all managers with a particular IPX network number.
OBJECT-TYPE    
  STRING Size(410)  

icfAuthMgrStatus 1.3.6.1.4.1.11.2.14.4.6.1.5
******************DEPRECATED******************* Status of this entry.
OBJECT-TYPE    
  RowStatus  

icfAuthIPMgrTable 1.3.6.1.4.1.11.2.14.4.7
This table contains a list of IP manager addresses. This list is used grant or deny access to HTTP, telnet, and TFTP.
OBJECT-TYPE    
  SEQUENCE OF  
    IcfAuthIPMgrEntry

icfAuthIPMgrEntry 1.3.6.1.4.1.11.2.14.4.7.1
An entry in the table containing a single IP authorized manager address.
OBJECT-TYPE    
  IcfAuthIPMgrEntry  

icfAuthIPMgrIndex 1.3.6.1.4.1.11.2.14.4.7.1.1
An index which uniquely identifies an address within the group.
OBJECT-TYPE    
  Integer32 1..65535  

icfAuthIPMgrAddress 1.3.6.1.4.1.11.2.14.4.7.1.2
**************deprecated********************* The IP address of the authorized manager for this entry. This object is deprecated new object icfAuthIPMgr InetAddress has been defined to hold version neutral address type.
OBJECT-TYPE    
  IpAddress  

icfAuthIPMgrMask 1.3.6.1.4.1.11.2.14.4.7.1.3
**************deprecated********************** This object qualifies the value of the corresponding instance of icfAuthIPMgrAddress. This object can be used to allow access by all managers on a particular IP subnet. This object is deprecated the new objects which are defined to hold this is value are icfAuthIPMgrInetAddrMaskType and icfAuthIPMgrInetAddrMask.
OBJECT-TYPE    
  IpAddress  

icfAuthIPMgrAccess 1.3.6.1.4.1.11.2.14.4.7.1.4
This object defines the access level for a given manager. Operator allows for read only access, and Manager allows for read/write access.
OBJECT-TYPE    
  INTEGER operator(1), manager(2)  

icfAuthIPMgrStatus 1.3.6.1.4.1.11.2.14.4.7.1.5
Status of this entry.
OBJECT-TYPE    
  RowStatus  

icfAuthIPMgrInetAddrType 1.3.6.1.4.1.11.2.14.4.7.1.6
Specifies the type of address stored in icfAuthIPMgrInetAddress object.
OBJECT-TYPE    
  InetAddressType  

icfAuthIPMgrInetAddress 1.3.6.1.4.1.11.2.14.4.7.1.7
The IP address of the authorized manager for this entry.This object can hold the version neutral IP address.
OBJECT-TYPE    
  InetAddress  

icfAuthIPMgrInetAddrMaskType 1.3.6.1.4.1.11.2.14.4.7.1.8
Specifies the type of IP Mask stored in icfAuthIPMgrInetAddrMask object.
OBJECT-TYPE    
  InetAddressType  

icfAuthIPMgrInetAddrMask 1.3.6.1.4.1.11.2.14.4.7.1.9
This object qualifies the value of the corresponding instance of icfAuthIPMgrInetAddress. This object can be used to allow access by all managers on a particular IP subnet.This object can hold the version neutral IP address Mask.
OBJECT-TYPE    
  InetAddress  

icfAuthIPMgrAccessMethod 1.3.6.1.4.1.11.2.14.4.7.1.10
This object defines the access method for a given manager. The different access methods are all, ssh, telnet, web, snmp, tftp
OBJECT-TYPE    
  INTEGER all(1), ssh(2), telnet(3), web(4), snmp(5), tftp(6)  

icfSecurityConformance 1.3.6.1.4.1.11.2.14.10.2.1.1
OBJECT IDENTIFIER    

icfSecurityCompliances 1.3.6.1.4.1.11.2.14.10.2.1.1.1
OBJECT IDENTIFIER    

icfSecurityGroups 1.3.6.1.4.1.11.2.14.10.2.1.1.2
OBJECT IDENTIFIER    

icfSecurCompliance 1.3.6.1.4.1.11.2.14.10.2.1.1.1.1
********* THIS COMPLIANCE IS DEPRECATED *********/ A compliance statement for agents implementing the original version of this module.
MODULE-COMPLIANCE    

icfV1CommunityCompliance 1.3.6.1.4.1.11.2.14.10.2.1.1.1.2
This group should be implemented by devices that are able to keep a non-volatile record of authentication failures.
MODULE-COMPLIANCE    

icfAuthIPMgrCompliance 1.3.6.1.4.1.11.2.14.10.2.1.1.1.3
A collection of objects for granting or denying access to specific IP addresses for HTTP, telnet, and TFTP. This Group object has been deprecated and a new group object has been defined with name icfAuthIPMgrInetGroup.
MODULE-COMPLIANCE    

icfAuthIPMgrCompliance1 1.3.6.1.4.1.11.2.14.10.2.1.1.1.4
A collection of objects for granting or denying access to specific IP addresses for HTTP, telnet, and TFTP.
MODULE-COMPLIANCE    

icfSnmpSecurityGroup 1.3.6.1.4.1.11.2.14.10.2.1.1.2.1
********* THIS GROUP IS DEPRECATED ********* A collection of objects for managing the SNMPv1 (non-)security configuration on HP networking devices.
OBJECT-GROUP    

icfSecIntruderGroup 1.3.6.1.4.1.11.2.14.10.2.1.1.2.2
A collection of objects for tracking authentication failures.
OBJECT-GROUP    

icfV1CommunityGroup 1.3.6.1.4.1.11.2.14.10.2.1.1.2.13
********* THIS GROUP IS DEPRECATED ********* A collection of objects for managing SNMPv1 community strings.
OBJECT-GROUP    

icfAuthIPMgrGroup 1.3.6.1.4.1.11.2.14.10.2.1.1.2.14
***************** deprecated ****************** A collection of objects for granting or denying access to specific IP addresses for HTTP, telnet, and TFTP. This Group object has been deprecated and a new group object has been defined with name icfAuthIPMgrInetGroup.
OBJECT-GROUP    

icfAuthIPMgrInetGroup 1.3.6.1.4.1.11.2.14.10.2.1.1.2.15
A collection of objects for granting or denying access to specific IP addresses for HTTP, telnet, and TFTP.
OBJECT-GROUP