-- ***************************************************************** -- CISCO-TRUSTSEC-INTERFACE-MIB.my -- -- February 2010, Liwei Lue -- -- Copyright (c) 2010-2012, 2014 by Cisco Systems Inc. -- All rights reserved. -- ***************************************************************** CISCO-TRUSTSEC-INTERFACE-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Counter32, Integer32, Unsigned32 FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF StorageType, RowStatus, TruthValue, DateAndTime, TEXTUAL-CONVENTION FROM SNMPv2-TC ifIndex, ifName FROM IF-MIB SnmpAdminString FROM SNMP-FRAMEWORK-MIB CtsSecurityGroupTag FROM CISCO-TRUSTSEC-TC-MIB ciscoMgmt FROM CISCO-SMI; ciscoTrustSecIfMIB MODULE-IDENTITY LAST-UPDATED "201401280000Z" ORGANIZATION "Cisco Systems, Inc." CONTACT-INFO "Cisco Systems Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: cs-lan-switch-snmp@cisco.com" DESCRIPTION "This MIB module defines management objects for configuration and monitoring of the interfaces in Cisco Trusted Security environment. Glossary: ACS - Cisco Secure Access Control Server IFC - TrustSec Interface Controller MACSec - Media Access Control (MAC) Security PMK - Pairwise Master Key SAP - Security Association Protocol SGT - Security Group Tag. A tag identifying its source, assigned to a packet on ingress to a TrustSec cloud, and used to determine security and other policy to be applied to it along its path through the cloud. TrustSec - Cisco Trusted Security" REVISION "201401280000Z" DESCRIPTION "Added following OBJECT-GROUP - ciscoTrustSecIfMIBCriticalAuthStatusGrp Added new compliance - ciscoTrustSecIfMIBCompliance3" REVISION "201204060000Z" DESCRIPTION "Added following OBJECT-GROUP - ciscoTrustSecIfMIBNotifsCtrlGrp - ciscoTrustSecIfMIBNotifsOnlyInfoGrp - ciscoTrustSecIfMIBNotifsGrp Added new compliance - ciscoTrustSecIfMIBCompliance2 Modified DEFVAL - ctsiIfManualSapModeList." REVISION "201005280000Z" DESCRIPTION "Initial version of this MIB module." ::= { ciscoMgmt 740 } CtsiCasheDataSource ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The source of cached authorization data. unknown - cache source type not covered by any of the follow enumerations. acs - authorization data is loaded from ACS dram - authorization data is loaded from DRAM. nvram - authorization data is loaded from NVRAM. dramOrNvram - authorization data is loaded from DRAM or NVRAM." SYNTAX INTEGER { unknown(1), acs(2), dram(3), nvram(4), all(5) } CtsSapNegMode ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The SAP negotiation modes supported in TrustSec system. encapNoAuthenNoEncrypt - Encapsulation present, no authentication, no encryption. gcmAuthenNoEncrypt - GCM authentication, no encryption. gcmAuthenGcmEncrypt - GCM authentication, GCM encryption. noEncap - No encapsulation." SYNTAX INTEGER { encapNoAuthenNoEncrypt(1), gcmAuthenNoEncrypt(2), gcmAuthenGcmEncrypt(3), noEncap(4) } CtsSapNegModeList ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The list of SAP negotiation modes provided within TrustSec (Cisco Trusted Security) system. Each octet represents a SAP negotiation mode which is defined in CtsSapNegMode. The DESCRIPTION clause of CtsSapNegModeList objects must fully describe the relationship between modes." SYNTAX OCTET STRING CtsiInterfaceControllerState ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The state of the TrustSec Interface Controller state machine. unknown - none of the following states. initializing - the TrustSec interface controller state machine enter the initialize state when TrustSec is enabled on this interface. authenticating - the peer is being authenticated if the dot1x mode is enabled. authorizing - the peer is being authorized. sapNegotiating - the SA(Security Association) is being negotiated with the peer. open - the line is up from TrustSec perspective. held - a hold down timer is set. disconnecting - a failure has occurred, or the TrustSec link is going down, or TrustSec is being disabled. invalid - unable to start the TrustSec state machine. licenseError - No MACSec software license." SYNTAX INTEGER { unknown(1), initialize(2), authenticating(3), authorizing(4), sapNegotiating(5), open(6), held(7), disconnecting(8), invalid(9), licenseError(10) } ciscoTrustSecIfMIBNotifs OBJECT IDENTIFIER ::= { ciscoTrustSecIfMIB 0 } ciscoTrustSecIfMIBObjects OBJECT IDENTIFIER ::= { ciscoTrustSecIfMIB 1 } ciscoTrustSecIfMIBConform OBJECT IDENTIFIER ::= { ciscoTrustSecIfMIB 2 } ctsiIfConfigObjects OBJECT IDENTIFIER ::= { ciscoTrustSecIfMIBObjects 1 } ctsiIfDot1xObjects OBJECT IDENTIFIER ::= { ciscoTrustSecIfMIBObjects 2 } ctsiIfManualObjects OBJECT IDENTIFIER ::= { ciscoTrustSecIfMIBObjects 3 } ctsiIfL3ForwardObjects OBJECT IDENTIFIER ::= { ciscoTrustSecIfMIBObjects 4 } ctsiIfStatusObjects OBJECT IDENTIFIER ::= { ciscoTrustSecIfMIBObjects 5 } ctsiIfStatsObjects OBJECT IDENTIFIER ::= { ciscoTrustSecIfMIBObjects 6 } ctsiAuthorizationObjects OBJECT IDENTIFIER ::= { ciscoTrustSecIfMIBObjects 7 } ctsiIfcStatsObjects OBJECT IDENTIFIER ::= { ciscoTrustSecIfMIBObjects 8 } ctsiEventsStatsObjects OBJECT IDENTIFIER ::= { ciscoTrustSecIfMIBObjects 9 } ctsiIfModeStatsObjects OBJECT IDENTIFIER ::= { ciscoTrustSecIfMIBObjects 10 } ctsiIfNotifsControlObjects OBJECT IDENTIFIER ::= { ciscoTrustSecIfMIBObjects 11 } ctsiIfNotifsOnlyInfoObjects OBJECT IDENTIFIER ::= { ciscoTrustSecIfMIBObjects 12 } -- -------------------------------------------------------------- -- Objects to manage TrustSec interface configuration -- -------------------------------------------------------------- ctsiIfConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF CtsiIfConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of the TrustSec capable interfaces." ::= { ctsiIfConfigObjects 1 } ctsiIfConfigEntry OBJECT-TYPE SYNTAX CtsiIfConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry contains the configuration information for a particular TrustSec interface." INDEX { ifIndex } ::= { ctsiIfConfigTable 1 } CtsiIfConfigEntry ::= SEQUENCE { ctsiIfModeCapability BITS, ctsiIfConfiguredMode INTEGER, ctsiIfCacheClear TruthValue, ctsiIfRekey TruthValue } ctsiIfModeCapability OBJECT-TYPE SYNTAX BITS { dot1x(0), -- TrustSec dot1x mode manual(1), -- TrustSec manual mode l3Forward(2) -- TrustSec L3 forwarding mode } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the supported TrustSec mode on this interface." ::= { ctsiIfConfigEntry 1 } ctsiIfConfiguredMode OBJECT-TYPE SYNTAX INTEGER { unknown(1), none(2), dot1x(3), manual(4), l3Forward(5) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the TrustSec mode currently configured on the interface. Each mode may have a corresponding entry in its corresponding configuration table. unknown - The configured TrustSec mode is none of the following. none - TrustSec is not configured in any mode. dot1x - TrustSec dot1x mode is configured for this interface. TrustSec system will use 802.1x for authentication, RADIUS for authorization and SAP negotiation for SA parameter. manual - TrustSec manual mode is configured for this interface. The authentication was bypassed in manual mode. User needs to manually to configure the policy and the SAP negotiation parameter. l3Forward - TrustSec L3 forwarding mode is configured for this interface." ::= { ctsiIfConfigEntry 2 } ctsiIfCacheClear OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object allows user to clear the cache for the specific TrustSec interface by setting the value to 'true'. Setting the value to 'false' has no effect. When read, this object always returns 'false'." ::= { ctsiIfConfigEntry 3 } ctsiIfRekey OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object allows user to re-generate the SAP key for the specific TrustSec interface by setting the value to 'true'. Setting the value to 'false' has no effect. When read, this object always returns 'false'." ::= { ctsiIfConfigEntry 4 } -- ----------------------------------------------------------------- -- Objects to manage Dot1x functionality of TrustSec interface -- ----------------------------------------------------------------- ctsiIfDot1xTable OBJECT-TYPE SYNTAX SEQUENCE OF CtsiIfDot1xEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of the interfaces which have TrustSec dot1x mode configuration information." ::= { ctsiIfDot1xObjects 1 } ctsiIfDot1xEntry OBJECT-TYPE SYNTAX CtsiIfDot1xEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing the TrustSec dot1x configuration for a particular interface. An entry can be created or deleted by using ctsiIfDot1xRowStatus. An entry can only be created if the value of corresponding instance of ctsiIfConfiguredMode is 'none' and the 'dot1x' BIT of corresponding instance ctsiIfModeCapability is set." INDEX { ifIndex } ::= { ctsiIfDot1xTable 1 } CtsiIfDot1xEntry ::= SEQUENCE { ctsiIfDot1xSgtPropagateEnabled TruthValue, ctsiIfDot1xReauthInterval Integer32, ctsiIfDot1xSapModeList CtsSapNegModeList, ctsiIfDot1xDownloadReauthInterval Integer32, ctsiIfDot1xOperReauthInterval Integer32, ctsiIfDot1xReauthTimeLeft Integer32, ctsiIfDot1xStorageType StorageType, ctsiIfDot1xRowStatus RowStatus } ctsiIfDot1xSgtPropagateEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies whether the SGT propagation is enabled on this interface." DEFVAL { false } ::= { ctsiIfDot1xEntry 1 } ctsiIfDot1xReauthInterval OBJECT-TYPE SYNTAX Integer32 UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the re-authentication interval applied to this interface when it is not provided from the ACS." DEFVAL { 86400 } ::= { ctsiIfDot1xEntry 2 } ctsiIfDot1xSapModeList OBJECT-TYPE SYNTAX CtsSapNegModeList MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the advertised modes for the SAP negotiation on this interface. Modes are executed in the order as specified in the mode list. Mode which is at the beginning of the method list will be executed first. Method which is at the end of mode list will be executed last. This object is not allowed to be set to a zero length string." DEFVAL { '04000000'H } ::= { ctsiIfDot1xEntry 3 } ctsiIfDot1xDownloadReauthInterval OBJECT-TYPE SYNTAX Integer32 (-1..2147483647) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the re-authentication interval which is downloaded from ACS. A value of zero indicates no re-authentication interval is downloaded from ACS. A value of -1 indicates that this object is not applicable on this interface." ::= { ctsiIfDot1xEntry 4 } ctsiIfDot1xOperReauthInterval OBJECT-TYPE SYNTAX Integer32 (-1..2147483647) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the operational re-authentication interval of the interface. A value of zero indicates that dot1x re-authentication is disabled on this interface. A value of -1 indicates that this object is not applicable on this interface." ::= { ctsiIfDot1xEntry 5 } ctsiIfDot1xReauthTimeLeft OBJECT-TYPE SYNTAX Integer32 (-1..2147483647) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the leftover time of the current authentication session. A value of zero indicates the re-authentication is in progress. A value of -1 indicates that this object is not applicable on this interface." ::= { ctsiIfDot1xEntry 6 } ctsiIfDot1xStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this conceptual row." DEFVAL { volatile } ::= { ctsiIfDot1xEntry 7 } ctsiIfDot1xRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this conceptual row. All writable objects in this row may be modified at any time." ::= { ctsiIfDot1xEntry 8 } -- ------------------------------------------------------------- -- Objects to manage TrustSec Manual mode interface -- ------------------------------------------------------------- ctsiIfManualTable OBJECT-TYPE SYNTAX SEQUENCE OF CtsiIfManualEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of the interfaces which have TrustSec manual mode configuration information." ::= { ctsiIfManualObjects 1 } ctsiIfManualEntry OBJECT-TYPE SYNTAX CtsiIfManualEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing the TrustSec manual configuration information for a particular interface. An entry can be created or deleted by using ctsiIfManualRowStatus. An entry can only be created if the value of corresponding instance of ctsiIfConfiguredMode is 'none' and the 'manual' BIT of corresponding instance ctsiIfModeCapability is set." INDEX { ifIndex } ::= { ctsiIfManualTable 1 } CtsiIfManualEntry ::= SEQUENCE { ctsiIfManualDynamicPeerId SnmpAdminString, ctsiIfManualStaticSgt CtsSecurityGroupTag, ctsiIfManualStaticSgtTrusted TruthValue, ctsiIfManualSgtPropagateEnabled TruthValue, ctsiIfManualSapPmk OCTET STRING, ctsiIfManualSapModeList CtsSapNegModeList, ctsiIfManualStorageType StorageType, ctsiIfManualRowStatus RowStatus } ctsiIfManualDynamicPeerId OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the peer's device identity which is used to obtain the desired policy for authorization request. Setting a none-zero value on this object is not allowed if the value of ctsiIfManualStaticSgt is not set to zero. A zero length string indicates that the policy acquisition from the ACS using the peer's identity is disabled on this interface." DEFVAL { "" } ::= { ctsiIfManualEntry 1 } ctsiIfManualStaticSgt OBJECT-TYPE SYNTAX CtsSecurityGroupTag MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the statically configured SGT for tagging the ingress traffic from the peer. Setting a none-zero value on this object is not allowed if the value of ctsiIfManualDynamicPeerId is not set to a zero length string. A value of zero indicates that no statically SGT tagging." DEFVAL { 0 } ::= { ctsiIfManualEntry 2 } ctsiIfManualStaticSgtTrusted OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the peer's SGT assignment trust state. This object only can be set when ctsiIfManualStaticSgt is none-zero." DEFVAL { false } ::= { ctsiIfManualEntry 3 } ctsiIfManualSgtPropagateEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies whether the SGT propagation is enabled on this interface." DEFVAL { false } ::= { ctsiIfManualEntry 4 } ctsiIfManualSapPmk OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0 | 32)) MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the PMK used by SAP. A zero length string for this object indicates the SAP negotiation is disabled on this interface." DEFVAL { "" } ::= { ctsiIfManualEntry 5 } ctsiIfManualSapModeList OBJECT-TYPE SYNTAX CtsSapNegModeList MAX-ACCESS read-create STATUS current DESCRIPTION "This object specified the advertised modes for the SAP negotiation on this interface. Modes are executed in the order as specified in the mode list. Mode which is at the beginning of the mode list will be executed first. Mode which is at the end of mode list will be executed last. Value of this object will becomes zero length octet if SAP negotiation is disabled. This object is not allowed to be set to a zero length string." DEFVAL { "" } ::= { ctsiIfManualEntry 6 } ctsiIfManualStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this conceptual row." DEFVAL { volatile } ::= { ctsiIfManualEntry 7 } ctsiIfManualRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this conceptual row. All writable objects in this row may be modified at any time." ::= { ctsiIfManualEntry 8 } -- ------------------------------------------------------------- -- Objects to manage TrustSec L3 forwarding mode interface -- ------------------------------------------------------------- ctsiIfL3ForwardTable OBJECT-TYPE SYNTAX SEQUENCE OF CtsiIfL3ForwardEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of the interfaces which have TrustSec L3 forwarding configuration information." ::= { ctsiIfL3ForwardObjects 1 } ctsiIfL3ForwardEntry OBJECT-TYPE SYNTAX CtsiIfL3ForwardEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing the TrustSec L3 forwarding configuration information for a particular interface. An entry can be created or deleted by using ctsiIfL3ForwardRowStatus. An entry can only be created if the value of corresponding instance of ctsiIfConfiguredMode is 'none' and the 'l3Forward' BIT of corresponding instance ctsiIfModeCapability is set." INDEX { ifIndex } ::= { ctsiIfL3ForwardTable 1 } CtsiIfL3ForwardEntry ::= SEQUENCE { ctsiIfL3ForwardMode INTEGER, ctsiIfL3ForwardStorageType StorageType, ctsiIfL3ForwardRowStatus RowStatus } ctsiIfL3ForwardMode OBJECT-TYPE SYNTAX INTEGER { l3Ipv4Forward(1), l3Ipv6Forward(2), l3IpForward(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the type of L3 forwarding for the interface. l3Ipv4Forward - TrustSec L3 IPv4 forwarding. l3Ipv6Forward - TrustSec L3 IPv6 forwarding. l3IpForward - TrustSec L3 IPv6 and IPv4 forwarding." DEFVAL { l3Ipv4Forward } ::= { ctsiIfL3ForwardEntry 1 } ctsiIfL3ForwardStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this conceptual row." DEFVAL { volatile } ::= { ctsiIfL3ForwardEntry 2 } ctsiIfL3ForwardRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this conceptual row. All writable objects in this row may be modified at any time." ::= { ctsiIfL3ForwardEntry 3 } -- ------------------------------------------------------------- -- Objects for the status of the TrustSec interface -- ------------------------------------------------------------- ctsiIfStatusTable OBJECT-TYPE SYNTAX SEQUENCE OF CtsiIfStatusEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of TrustSec enabled interfaces." ::= { ctsiIfStatusObjects 1 } ctsiIfStatusEntry OBJECT-TYPE SYNTAX CtsiIfStatusEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry contains the information of the specific TrustSec interface. A entry is created by system when TrustSec is enabled for an interface. An entry is deleted by system if TrustSec is disabled for an interface." INDEX { ifIndex } ::= { ctsiIfStatusTable 1 } CtsiIfStatusEntry ::= SEQUENCE { ctsiIfControllerState CtsiInterfaceControllerState, ctsiIfAuthenticationStatus INTEGER, ctsiIfPeerId SnmpAdminString, ctsiIfPeerAdvCapability BITS, ctsiIfAuthorizationStatus INTEGER, ctsiIfPeerSgt CtsSecurityGroupTag, ctsiIfPeerSgtTrusted TruthValue, ctsiIfSapNegotiationStatus INTEGER, ctsiIfSapNegModeList CtsSapNegModeList, ctsiIfCacheExpirationTime DateAndTime, ctsiIfCacheDataSource CtsiCasheDataSource, ctsiIfCriticalAuthStatus INTEGER } ctsiIfControllerState OBJECT-TYPE SYNTAX CtsiInterfaceControllerState MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the current IFC state of this interface." ::= { ctsiIfStatusEntry 1 } ctsiIfAuthenticationStatus OBJECT-TYPE SYNTAX INTEGER { unknown(1), succeeded(2), rejected(3), logOff(4), noRespond(5), notApplicable(6), incomplete(7), failed(8) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the current TrustSec authentication status of this interface. unknown - status not covered by any of the follow enumerations. succeeded - authentication is succeeded. rejected - authentication is rejected. logOff - peer logged off. noRespond - peer no respond. notApplicable - bypassing the authentication. incomplete - authentication is not completed. failed - authentication failed." ::= { ctsiIfStatusEntry 2 } ctsiIfPeerId OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the device identity or symbolic group name of the remote peer." ::= { ctsiIfStatusEntry 3 } ctsiIfPeerAdvCapability OBJECT-TYPE SYNTAX BITS { sap(0) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the advertised capabilities of the remote peer associated with this interface." ::= { ctsiIfStatusEntry 4 } ctsiIfAuthorizationStatus OBJECT-TYPE SYNTAX INTEGER { unknown(1), inProgress(2), succeeded(3), failed(4), fallBackPolicy(5), incomplete(6), peerSucceeded(7), rbaclSucceeded(8), policySucceeded(9) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the current TrustSec authorization status of the interface. unknown - status not covered by any of the follow enumerations. inProgress - authorization in progress. succeeded - authorization succeeded. failed - authorization failed. fallBackPolicy - apply the fallback policy. incomplete - authorization aborted. peerSucceeded - apply the peer policy succeeded. rbaclSucceeded - apply the RBACL policy succeeded. policySucceeded - apply the all policy succeeded." ::= { ctsiIfStatusEntry 5 } ctsiIfPeerSgt OBJECT-TYPE SYNTAX CtsSecurityGroupTag MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the SGT value of the remote peer." ::= { ctsiIfStatusEntry 6 } ctsiIfPeerSgtTrusted OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates whether the SGT of the remote peer is trusted." ::= { ctsiIfStatusEntry 7 } ctsiIfSapNegotiationStatus OBJECT-TYPE SYNTAX INTEGER { notApplicable(1), unknown(2), inProgress(3), succeeded(4), failed(5), licenseError(6) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the SAP negotiation status on this interface. notApplicable - SAP disabled on local or remote peer is not SAP capable. unknown - status not covered by any of the follow enumerations. inProgress - SAP negotiation in progress. succeeded - SAP negotiation completed. failed - SAP negotiation failed. licenseError - No MACSec software license." ::= { ctsiIfStatusEntry 8 } ctsiIfSapNegModeList OBJECT-TYPE SYNTAX CtsSapNegModeList MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the operational SAP negotiation mode list on this interface." ::= { ctsiIfStatusEntry 9 } ctsiIfCacheExpirationTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the time when the current cached data applied on the interface will be expired. A value of zero indicates that the cached data will never be expired." ::= { ctsiIfStatusEntry 10 } ctsiIfCacheDataSource OBJECT-TYPE SYNTAX CtsiCasheDataSource MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the source of cached data applied to the interface." ::= { ctsiIfStatusEntry 11 } ctsiIfCriticalAuthStatus OBJECT-TYPE SYNTAX INTEGER { disable(1), cache(2), default(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the CTS Critical-Auth status of interface. disable - link is not in Critical-Auth mode. cache - link is in Critical-Auth cached mode. default - link is in Critical-Auth default mode." ::= { ctsiIfStatusEntry 12 } -- ------------------------------------------------------------- -- Objects for the statistic of the TrustSec interface -- ------------------------------------------------------------- ctsiIfStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF CtsiIfStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of Cisco Trusted Security capable interface." ::= { ctsiIfStatsObjects 1 } ctsiIfStatsEntry OBJECT-TYPE SYNTAX CtsiIfStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry contains the statistics information of a particular TrustSec interface. An entry created by system for each interface is TrustSec enabled. An entry deleted by system for each interface is TrustSec disabled." INDEX { ifIndex } ::= { ctsiIfStatsTable 1 } CtsiIfStatsEntry ::= SEQUENCE { ctsiIfAuthenticationSuccess Counter32, ctsiIfAuthenticationReject Counter32, ctsiIfAuthenticationFailure Counter32, ctsiIfAuthenticationNoResponse Counter32, ctsiIfAuthenticationLogoff Counter32, ctsiIfAuthorizationSuccess Counter32, ctsiIfAuthorizationPolicyFail Counter32, ctsiIfAuthorizationFail Counter32, ctsiIfSapSuccess Counter32, ctsiIfSapFail Counter32 } ctsiIfAuthenticationSuccess OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times that peer has been successfully authenticated on this interface." ::= { ctsiIfStatsEntry 1 } ctsiIfAuthenticationReject OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times that peer has been rejected in authentication on this interface." ::= { ctsiIfStatsEntry 2 } ctsiIfAuthenticationFailure OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times that peer has been failed in authentication on this interface." ::= { ctsiIfStatsEntry 3 } ctsiIfAuthenticationNoResponse OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times that no authentication respond received from the remote peer associated with this interface." ::= { ctsiIfStatsEntry 4 } ctsiIfAuthenticationLogoff OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times that received authentication log off from the peer associated with this interface." ::= { ctsiIfStatsEntry 5 } ctsiIfAuthorizationSuccess OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times that the peer entity successfully passed the TrustSec authorization challenge on this interface." ::= { ctsiIfStatsEntry 6 } ctsiIfAuthorizationPolicyFail OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of time that fail to access policy or refresh the policy for TrustSec authorization on this interface." ::= { ctsiIfStatsEntry 7 } ctsiIfAuthorizationFail OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times that peer has been failed in TrustSec authorization on this interface." ::= { ctsiIfStatsEntry 8 } ctsiIfSapSuccess OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times that SAP negotiation is succeed on this interface." ::= { ctsiIfStatsEntry 9 } ctsiIfSapFail OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times that SAP negotiation has failed on this interface." ::= { ctsiIfStatsEntry 10 } -- ------------------------------------------------------------- -- Objects for the status of the authorize remote peer -- ------------------------------------------------------------- ctsiAuthorizationTable OBJECT-TYPE SYNTAX SEQUENCE OF CtsiAuthorizationEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of authorized remote peers on this device." ::= { ctsiAuthorizationObjects 1 } ctsiAuthorizationEntry OBJECT-TYPE SYNTAX CtsiAuthorizationEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing the management information for a particular authorized peer. An entry is created when the policy acquired from the ACS for a new peer. An entry is deleted when the authorization of the peer has expired or fails to refresh its policy." INDEX { IMPLIED ctsiAuthorizationPeerId } ::= { ctsiAuthorizationTable 1 } CtsiAuthorizationEntry ::= SEQUENCE { ctsiAuthorizationPeerId SnmpAdminString, ctsiAuthorizationPeerSgt CtsSecurityGroupTag, ctsiAuthorizationState INTEGER, ctsiAuthorizationLastRefresh DateAndTime, ctsiAuthorizationTimeLeft Integer32, ctsiAuthorizationTimeToRefresh Integer32, ctsiAuthorizationCacheDataSource CtsiCasheDataSource, ctsiAuthorizationStatus INTEGER } ctsiAuthorizationPeerId OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..64)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates the device identity or symbolic group name of the remote peer." ::= { ctsiAuthorizationEntry 1 } ctsiAuthorizationPeerSgt OBJECT-TYPE SYNTAX CtsSecurityGroupTag MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the SGT of the remote peer." ::= { ctsiAuthorizationEntry 2 } ctsiAuthorizationState OBJECT-TYPE SYNTAX INTEGER { unknown(1), start(2), waitingRespond(3), assessing(4), complete(5), failure(6) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the current state of the authorization entity. unknown - none of the following states. start - authorization entity created and initialized. waitingRespond - a policy request has been made by remote peer to the ACS and waiting for the response. assessing - the policy been received from ACS and is being assessed. complete - policy has been received and assessed. failure - failed to download the policy from the ACS." ::= { ctsiAuthorizationEntry 3 } ctsiAuthorizationLastRefresh OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The object indicates the date and time when the authorized peer was last refreshed." ::= { ctsiAuthorizationEntry 4 } ctsiAuthorizationTimeLeft OBJECT-TYPE SYNTAX Integer32 (-1..2147483647) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the leftover time for the current policy. A value of zero indicates that policy refresh is in progress. A value of -1 indicates that this object is not applicable on this authorization entry." ::= { ctsiAuthorizationEntry 5 } ctsiAuthorizationTimeToRefresh OBJECT-TYPE SYNTAX Integer32 (-1..2147483647) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the time left to start the policy refresh. A value of zero indicates that policy refresh is in progress. A value of -1 indicates that this object is not applicable on this authorization entry." ::= { ctsiAuthorizationEntry 6 } ctsiAuthorizationCacheDataSource OBJECT-TYPE SYNTAX CtsiCasheDataSource MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the source of cached data." ::= { ctsiAuthorizationEntry 7 } ctsiAuthorizationStatus OBJECT-TYPE SYNTAX INTEGER { unknown(1), inProgress(2), succeeded(3), failed(4), fallbackPolicy(5), incomplete(6) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the status of this authorization peer. unknown - status not covered by any of the follow enumerations. inProgress - new authorization link created or add a new policy request for an existing link. succeeded - policy received successful. failed - policy download failed. fallbackPolicy - download policy failed apply fallback policy. incomplete - policy received incomplete." ::= { ctsiAuthorizationEntry 8 } -- ------------------------------------------------------------- -- Objects for the statistic of interface controller state -- ------------------------------------------------------------- ctsiIfcStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF CtsiIfcStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of IFC state statistic on this device." ::= { ctsiIfcStatsObjects 1 } ctsiIfcStatsEntry OBJECT-TYPE SYNTAX CtsiIfcStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing the total number of interfaces which are currently belong to a particular IFC state." INDEX { ctsiIfcState } ::= { ctsiIfcStatsTable 1 } CtsiIfcStatsEntry ::= SEQUENCE { ctsiIfcState CtsiInterfaceControllerState, ctsiIfcStatsIfCount Unsigned32 } ctsiIfcState OBJECT-TYPE SYNTAX CtsiInterfaceControllerState MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates the IFC state." ::= { ctsiIfcStatsEntry 1 } ctsiIfcStatsIfCount OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of interfaces on the device which is currently in the IFC state." ::= { ctsiIfcStatsEntry 2 } -- ------------------------------------------------------------- -- Objects for the statistic of the TrustSec events -- ------------------------------------------------------------- ctsiAuthenticationSuccess OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of times that remote peers authentication succeed on this device." ::= { ctsiEventsStatsObjects 1 } ctsiAuthenticationReject OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of times that remote peers authentication rejected on this device." ::= { ctsiEventsStatsObjects 2 } ctsiAuthenticationFailure OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of times that remote peers authentication failed on this device" ::= { ctsiEventsStatsObjects 3 } ctsiAuthenticationLogoff OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of times that remote peer log off on this device." ::= { ctsiEventsStatsObjects 4 } ctsiAuthenticationNoRespond OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of times that not received authentication respond from remote peer on this device." ::= { ctsiEventsStatsObjects 5 } ctsiAuthorizationSuccess OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of times that remote peer authorization succeed on this device." ::= { ctsiEventsStatsObjects 6 } ctsiAuthorizationFailure OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of times that remote peer TrustSec authorization failed on this device." ::= { ctsiEventsStatsObjects 7 } ctsiAuthorizationPolicyFailure OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of time that fail to access policy or refresh the policy for TrustSec authorization on this device." ::= { ctsiEventsStatsObjects 8 } ctsiSapNegotiationSuccess OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of times that TrustSec SAP negotiation succeed on this device." ::= { ctsiEventsStatsObjects 9 } ctsiSapNegotiationFailure OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of times that TrustSec SAP negotiation failure on this device." ::= { ctsiEventsStatsObjects 10 } ctsiInDot1xModeIfCount OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of interfaces on the device which is in TrustSec 802.1X mode." ::= { ctsiIfModeStatsObjects 1 } ctsiInManualModeIfCount OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of interfaces on the device which is in TrustSec Manual mode." ::= { ctsiIfModeStatsObjects 2 } ctsiInL3ForwardModeIfCount OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of interfaces on the device which is in TrustSec Layer 3 forwarding mode." ::= { ctsiIfModeStatsObjects 3 } -- Notifications Control ctsiAuthorizationFailNotifEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies whether the system generates the ctsiAuthorizationFailNotif. A value of 'false' will prevent ctsiAuthorizationFailNotif notifications from being generated by this system." ::= { ctsiIfNotifsControlObjects 1 } ctsiIfAddSupplicantFailNotifEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies whether the system generates the ctsiIfAddSupplicantFailNotif. A value of 'false' will prevent ctsiIfAddSupplicantFailNotif notifications from being generated by this system." ::= { ctsiIfNotifsControlObjects 2 } ctsiIfAuthenticationFailNotifEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies whether the system generates the ctsiIfAuthenticationFailNotif. A value of 'false' will prevent ctsiIfAuthenticationFailNotif notifications from being generated by this system." ::= { ctsiIfNotifsControlObjects 3 } ctsiIfSapNegotiationFailNotifEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies whether the system generates the ctsiIfSapNegotiationFailNotif. A value of 'false' will prevent ctsiIfSapNegotiationFailNotif notifications from being generated by this system." ::= { ctsiIfNotifsControlObjects 4 } ctsiIfUnauthorizedNotifEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies whether the system generates the ctsiIfUnauthorizedNotif. A value of 'false' will prevent ctsiIfUnauthorizedNotif notifications from being generated by this system." ::= { ctsiIfNotifsControlObjects 5 } -- Notifications Only Info ctsiIfNotifMessage OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "This object indicates detail message associated with notifications." ::= { ctsiIfNotifsOnlyInfoObjects 1 } ctsiIfDot1xPaeRole OBJECT-TYPE SYNTAX INTEGER { notApplicable(1), authenticator(2), supplicant(3) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "This object indicates dot1x PAE role information. notApplicable: Dot1x PAE role is not applicable in this notification. authenticator: PAE Authenticator. supplicant : PAE Supplicant." ::= { ctsiIfNotifsOnlyInfoObjects 2 } -- Notifications ctsiAuthorizationFailNotif NOTIFICATION-TYPE OBJECTS { ctsiAuthorizationPeerSgt } STATUS current DESCRIPTION "A ctsiAuthorizationFailNotif is generated when the policy acquisition failed for the peer." ::= { ciscoTrustSecIfMIBNotifs 1 } ctsiIfAddSupplicantFailNotif NOTIFICATION-TYPE OBJECTS { ifName } STATUS current DESCRIPTION "A ctsiIfAddSupplicantFailNotif is generated when the system fails to add dot1x supplicant for an interface." ::= { ciscoTrustSecIfMIBNotifs 2 } ctsiIfAuthenticationFailNotif NOTIFICATION-TYPE OBJECTS { ifName, ctsiIfPeerId, ctsiIfDot1xPaeRole, ctsiIfAuthenticationStatus } STATUS current DESCRIPTION "A ctsiIfAuthenticationFailNotif is generated when an authentication error for the peer is detected for an interface." ::= { ciscoTrustSecIfMIBNotifs 3 } ctsiIfSapNegotiationFailNotif NOTIFICATION-TYPE OBJECTS { ifName, ctsiIfNotifMessage } STATUS current DESCRIPTION "A ctsiIfSapNegotiationFailNotif is generated when a SAP negotiation error with the peer is detected for an interface." ::= { ciscoTrustSecIfMIBNotifs 4 } ctsiIfUnauthorizedNotif NOTIFICATION-TYPE OBJECTS { ifName } STATUS current DESCRIPTION "A ctsiIfUnauthorizedNotif is generated when a interface becomes unauthorized on the Cisco TrustSec link." ::= { ciscoTrustSecIfMIBNotifs 5 } -- Conformance ciscoTrustSecIfMIBCompliances OBJECT IDENTIFIER ::= { ciscoTrustSecIfMIBConform 1 } ciscoTrustSecIfMIBGroups OBJECT IDENTIFIER ::= { ciscoTrustSecIfMIBConform 2 } ciscoTrustSecIfMIBCompliance MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "The compliance statement for the CISCO-TRUSTSEC-MIB." MODULE -- this module MANDATORY-GROUPS { ciscoTrustSecIfMIBIfConfigGroup, ciscoTrustSecIfMIBDot1xGroup, ciscoTrustSecIfMIBManualGroup, ciscoTrustSecIfMIBL3ForwardGroup, ciscoTrustSecIfMIBStatusGroup, ciscoTrustSecIfMIBStatisticGroup, ciscoTrustSecIfMIBAuthorizationGroup, ciscoTrustSecIfMIBIfcStatisticGroup, ciscoTrustSecIfMIBEventStatisticGroup, ciscoTrustSecIfMIBIfModeStatisticGroup } OBJECT ctsiIfDot1xSgtPropagateEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfDot1xReauthInterval MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfDot1xSapModeList MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfDot1xStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfDot1xRowStatus SYNTAX INTEGER { active(1) } WRITE-SYNTAX INTEGER { createAndGo(4), destroy(6) } MIN-ACCESS read-only DESCRIPTION "Write access is not required. Support for createAndWait and notInService is not required." OBJECT ctsiIfManualDynamicPeerId MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfManualStaticSgt MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfManualStaticSgtTrusted MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfManualSgtPropagateEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfManualSapPmk MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfManualSapModeList MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfManualStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfManualRowStatus SYNTAX INTEGER { active(1) } WRITE-SYNTAX INTEGER { createAndGo(4), destroy(6) } MIN-ACCESS read-only DESCRIPTION "Write access is not required. Support for createAndWait and notInService is not required." OBJECT ctsiIfL3ForwardStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfL3ForwardRowStatus SYNTAX INTEGER { active(1) } WRITE-SYNTAX INTEGER { createAndGo(4), destroy(6) } MIN-ACCESS read-only DESCRIPTION "Write access is not required. Support for createAndWait and notInService is not required." ::= { ciscoTrustSecIfMIBCompliances 1 } ciscoTrustSecIfMIBCompliance2 MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "The compliance statement for the CISCO-TRUSTSEC-MIB." MODULE -- this module MANDATORY-GROUPS { ciscoTrustSecIfMIBIfConfigGroup, ciscoTrustSecIfMIBDot1xGroup, ciscoTrustSecIfMIBManualGroup, ciscoTrustSecIfMIBL3ForwardGroup, ciscoTrustSecIfMIBStatusGroup, ciscoTrustSecIfMIBStatisticGroup, ciscoTrustSecIfMIBAuthorizationGroup, ciscoTrustSecIfMIBIfcStatisticGroup, ciscoTrustSecIfMIBEventStatisticGroup, ciscoTrustSecIfMIBIfModeStatisticGroup } GROUP ciscoTrustSecIfMIBNotifsCtrlGrp DESCRIPTION "This group is mandatory for platforms which support TrustSec interface notifications." GROUP ciscoTrustSecIfMIBNotifsOnlyInfoGrp DESCRIPTION "This group is mandatory for platforms which support TrustSec interface notifications." GROUP ciscoTrustSecIfMIBNotifsGrp DESCRIPTION "This group is mandatory for platforms which support TrustSec interface notifications." OBJECT ctsiIfDot1xSgtPropagateEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfDot1xReauthInterval MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfDot1xSapModeList MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfDot1xStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfDot1xRowStatus SYNTAX INTEGER { active(1) } WRITE-SYNTAX INTEGER { createAndGo(4), destroy(6) } MIN-ACCESS read-only DESCRIPTION "Write access is not required. Support for createAndWait and notInService is not required." OBJECT ctsiIfManualDynamicPeerId MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfManualStaticSgt MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfManualStaticSgtTrusted MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfManualSgtPropagateEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfManualSapPmk MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfManualSapModeList MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfManualStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfManualRowStatus SYNTAX INTEGER { active(1) } WRITE-SYNTAX INTEGER { createAndGo(4), destroy(6) } MIN-ACCESS read-only DESCRIPTION "Write access is not required. Support for createAndWait and notInService is not required." OBJECT ctsiIfL3ForwardStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfL3ForwardRowStatus SYNTAX INTEGER { active(1) } WRITE-SYNTAX INTEGER { createAndGo(4), destroy(6) } MIN-ACCESS read-only DESCRIPTION "Write access is not required. Support for createAndWait and notInService is not required." OBJECT ctsiIfUnauthorizedNotifEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiAuthorizationFailNotifEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfAddSupplicantFailNotifEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfAuthenticationFailNotifEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfSapNegotiationFailNotifEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." ::= { ciscoTrustSecIfMIBCompliances 2 } ciscoTrustSecIfMIBCompliance3 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for the CISCO-TRUSTSEC-MIB." MODULE -- this module MANDATORY-GROUPS { ciscoTrustSecIfMIBIfConfigGroup, ciscoTrustSecIfMIBDot1xGroup, ciscoTrustSecIfMIBManualGroup, ciscoTrustSecIfMIBL3ForwardGroup, ciscoTrustSecIfMIBStatusGroup, ciscoTrustSecIfMIBStatisticGroup, ciscoTrustSecIfMIBAuthorizationGroup, ciscoTrustSecIfMIBIfcStatisticGroup, ciscoTrustSecIfMIBEventStatisticGroup, ciscoTrustSecIfMIBIfModeStatisticGroup } GROUP ciscoTrustSecIfMIBNotifsCtrlGrp DESCRIPTION "This group is mandatory for platforms which support TrustSec interface notifications." GROUP ciscoTrustSecIfMIBNotifsOnlyInfoGrp DESCRIPTION "This group is mandatory for platforms which support TrustSec interface notifications." GROUP ciscoTrustSecIfMIBNotifsGrp DESCRIPTION "This group is mandatory for platforms which support TrustSec interface notifications." GROUP ciscoTrustSecIfMIBCriticalAuthStatusGrp DESCRIPTION "This group is mandatory for platforms which support TrustSec Critical-Auth." OBJECT ctsiIfDot1xSgtPropagateEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfDot1xReauthInterval MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfDot1xSapModeList MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfDot1xStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfDot1xRowStatus SYNTAX INTEGER { active(1) } WRITE-SYNTAX INTEGER { createAndGo(4), destroy(6) } MIN-ACCESS read-only DESCRIPTION "Write access is not required. Support for createAndWait and notInService is not required." OBJECT ctsiIfManualDynamicPeerId MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfManualStaticSgt MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfManualStaticSgtTrusted MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfManualSgtPropagateEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfManualSapPmk MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfManualSapModeList MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfManualStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfManualRowStatus SYNTAX INTEGER { active(1) } WRITE-SYNTAX INTEGER { createAndGo(4), destroy(6) } MIN-ACCESS read-only DESCRIPTION "Write access is not required. Support for createAndWait and notInService is not required." OBJECT ctsiIfL3ForwardStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfL3ForwardRowStatus SYNTAX INTEGER { active(1) } WRITE-SYNTAX INTEGER { createAndGo(4), destroy(6) } MIN-ACCESS read-only DESCRIPTION "Write access is not required. Support for createAndWait and notInService is not required." OBJECT ctsiIfUnauthorizedNotifEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiAuthorizationFailNotifEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfAddSupplicantFailNotifEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfAuthenticationFailNotifEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsiIfSapNegotiationFailNotifEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." ::= { ciscoTrustSecIfMIBCompliances 3 } -- Units of Conformance ciscoTrustSecIfMIBIfConfigGroup OBJECT-GROUP OBJECTS { ctsiIfModeCapability, ctsiIfConfiguredMode, ctsiIfCacheClear, ctsiIfRekey } STATUS current DESCRIPTION "A collection of objects that provides the interface configuration for Cisco Trusted Security capable interface in the system." ::= { ciscoTrustSecIfMIBGroups 1 } ciscoTrustSecIfMIBDot1xGroup OBJECT-GROUP OBJECTS { ctsiIfDot1xSgtPropagateEnabled, ctsiIfDot1xReauthInterval, ctsiIfDot1xSapModeList, ctsiIfDot1xDownloadReauthInterval, ctsiIfDot1xOperReauthInterval, ctsiIfDot1xReauthTimeLeft, ctsiIfDot1xStorageType, ctsiIfDot1xRowStatus } STATUS current DESCRIPTION "A collection of objects that provides the dot1x mode configuration for the Cisco Trusted Security capable interface in the system." ::= { ciscoTrustSecIfMIBGroups 2 } ciscoTrustSecIfMIBManualGroup OBJECT-GROUP OBJECTS { ctsiIfManualDynamicPeerId, ctsiIfManualStaticSgt, ctsiIfManualStaticSgtTrusted, ctsiIfManualSgtPropagateEnabled, ctsiIfManualSapPmk, ctsiIfManualSapModeList, ctsiIfManualStorageType, ctsiIfManualRowStatus } STATUS current DESCRIPTION "A collection of objects that provides the manual mode configuration for the Cisco Trusted Security capable interface in the system." ::= { ciscoTrustSecIfMIBGroups 3 } ciscoTrustSecIfMIBL3ForwardGroup OBJECT-GROUP OBJECTS { ctsiIfL3ForwardMode, ctsiIfL3ForwardStorageType, ctsiIfL3ForwardRowStatus } STATUS current DESCRIPTION "A collection of objects that provides the L3 forwarding mode configuration for the Cisco Trusted Security capable interface in the system." ::= { ciscoTrustSecIfMIBGroups 4 } ciscoTrustSecIfMIBStatusGroup OBJECT-GROUP OBJECTS { ctsiIfControllerState, ctsiIfAuthenticationStatus, ctsiIfPeerId, ctsiIfPeerAdvCapability, ctsiIfAuthorizationStatus, ctsiIfPeerSgt, ctsiIfPeerSgtTrusted, ctsiIfCacheExpirationTime, ctsiIfCacheDataSource, ctsiIfSapNegotiationStatus, ctsiIfSapNegModeList } STATUS current DESCRIPTION "A collection of objects that provides the status information for the Cisco Trusted Security capable interface in the system." ::= { ciscoTrustSecIfMIBGroups 5 } ciscoTrustSecIfMIBStatisticGroup OBJECT-GROUP OBJECTS { ctsiIfAuthenticationSuccess, ctsiIfAuthenticationReject, ctsiIfAuthenticationFailure, ctsiIfAuthenticationNoResponse, ctsiIfAuthenticationLogoff, ctsiIfAuthorizationSuccess, ctsiIfAuthorizationPolicyFail, ctsiIfAuthorizationFail, ctsiIfSapSuccess, ctsiIfSapFail } STATUS current DESCRIPTION "A collection of objects that provides the statistic information for the Cisco Trusted Security capable interface in the system." ::= { ciscoTrustSecIfMIBGroups 6 } ciscoTrustSecIfMIBAuthorizationGroup OBJECT-GROUP OBJECTS { ctsiAuthorizationPeerSgt, ctsiAuthorizationState, ctsiAuthorizationLastRefresh, ctsiAuthorizationTimeLeft, ctsiAuthorizationTimeToRefresh, ctsiAuthorizationCacheDataSource, ctsiAuthorizationStatus } STATUS current DESCRIPTION "A collection of objects that provides the status information for the authorization link in the system." ::= { ciscoTrustSecIfMIBGroups 7 } ciscoTrustSecIfMIBIfcStatisticGroup OBJECT-GROUP OBJECTS { ctsiIfcStatsIfCount } STATUS current DESCRIPTION "A collection of objects that provides the global IFC state statistic information in the system." ::= { ciscoTrustSecIfMIBGroups 8 } ciscoTrustSecIfMIBEventStatisticGroup OBJECT-GROUP OBJECTS { ctsiAuthenticationSuccess, ctsiAuthenticationReject, ctsiAuthenticationFailure, ctsiAuthenticationLogoff, ctsiAuthenticationNoRespond, ctsiAuthorizationSuccess, ctsiAuthorizationFailure, ctsiAuthorizationPolicyFailure, ctsiSapNegotiationSuccess, ctsiSapNegotiationFailure } STATUS current DESCRIPTION "A collection of objects that provides the global statistic information for the TrustSec events." ::= { ciscoTrustSecIfMIBGroups 9 } ciscoTrustSecIfMIBIfModeStatisticGroup OBJECT-GROUP OBJECTS { ctsiInDot1xModeIfCount, ctsiInManualModeIfCount, ctsiInL3ForwardModeIfCount } STATUS current DESCRIPTION "A collection of objects that provides the global TrustSec mode statistic information." ::= { ciscoTrustSecIfMIBGroups 10 } ciscoTrustSecIfMIBNotifsCtrlGrp OBJECT-GROUP OBJECTS { ctsiAuthorizationFailNotifEnable, ctsiIfAddSupplicantFailNotifEnable, ctsiIfAuthenticationFailNotifEnable, ctsiIfSapNegotiationFailNotifEnable, ctsiIfUnauthorizedNotifEnable } STATUS current DESCRIPTION "A collection of objects that provides notification control for TrustSec interfaces." ::= { ciscoTrustSecIfMIBGroups 11 } ciscoTrustSecIfMIBNotifsOnlyInfoGrp OBJECT-GROUP OBJECTS { ctsiIfNotifMessage, ctsiIfDot1xPaeRole } STATUS current DESCRIPTION "A collection of objects that provides the notification information for TrustSec interfaces." ::= { ciscoTrustSecIfMIBGroups 12 } ciscoTrustSecIfMIBNotifsGrp NOTIFICATION-GROUP NOTIFICATIONS { ctsiAuthorizationFailNotif, ctsiIfAddSupplicantFailNotif, ctsiIfAuthenticationFailNotif, ctsiIfSapNegotiationFailNotif, ctsiIfUnauthorizedNotif } STATUS current DESCRIPTION "A collection of notifications for TrustSec interfaces." ::= { ciscoTrustSecIfMIBGroups 13 } ciscoTrustSecIfMIBCriticalAuthStatusGrp OBJECT-GROUP OBJECTS { ctsiIfCriticalAuthStatus } STATUS current DESCRIPTION "A collection of objects that provides the Critical-Auth status information for the Cisco Trusted Security capable interface in the system." ::= { ciscoTrustSecIfMIBGroups 14 } END