CISCO-TRUSTSEC-TC-MIB
File:
CISCO-TRUSTSEC-TC-MIB.mib (10672 bytes)
Imported modules
Imported symbols
Defined Types
CtsSecurityGroupTag |
|
Indicates the SGT (Security Group Tag) value.
Semantics of a value zero CtsSecurityGroupTag are object-specific
and must be defined as part of the description of any object
which uses this syntax. |
TEXTUAL-CONVENTION |
|
|
|
|
Unsigned32 |
0..65535 |
|
CtsAclName |
|
An octet string, preferably in human-readable form,
describes the name of one ACL (Access Control List)
or a list of ACLs using a single whitespace as the
delimiter. |
TEXTUAL-CONVENTION |
|
|
|
|
OCTET STRING |
Size(1..255) |
|
CtsAclNameOrEmpty |
|
This textual convention is an extension of the
CtsAclName convention. The latter defines a
non-empty ACL name(s). This extension permits
the additional value of empty string. |
TEXTUAL-CONVENTION |
|
|
|
|
OCTET STRING |
Size(0..255) |
|
CtsAclList |
|
An octet string, preferably in human-readable form,
describes the name of one or more ACLs. If there is multiple
ACLs, each ACL name is separated by a single whitespace. |
TEXTUAL-CONVENTION |
|
|
|
|
OCTET STRING |
Size(1..255) |
|
CtsAclListOrEmpty |
|
This textual convention is an extension of the
CtsAclList convention. The latter defines a
non-empty ACL name(s). This extension permits
the additional value of empty string. |
TEXTUAL-CONVENTION |
|
|
|
|
OCTET STRING |
Size(0..255) |
|
CtsPolicyName |
|
An octet string, preferably in human-readable form,
describes the name of policy.
A zero length string indicates no policy. |
TEXTUAL-CONVENTION |
|
|
|
|
OCTET STRING |
Size(0..255) |
|
CtsPasswordEncryptionType |
|
The type of encryption used for TrustSec passwords.
'other' - The read-only value 'other' indicates that
the type of password encryption is not in one
of the types defined below.
'none' - Indicates that the corresponding CtsPassword
object is a zero-length string.
'clearText' - Indicates that the password is not encrypted
'typeSix' - Indicates that type-6 algorithm is used to
encrypt the password
'typeSeven' - Indicates that type-7 algorithm is used to
encrypt the password.
Each definition of a concrete CtsPasswordEncryptionType value
must be accompanied by a definition of a textual convention for
use with that CtsPasswordEncryptionType.
To support future extensions, the CtsPasswordEncryptionType
textual convention SHOULD NOT be sub-typed in object type
definitions. It MAY be sub-typed in compliance statements in order
to require only a subset of these address types for a compliant
implementation.
Implementations must ensure that CtsPasswordEncryptionType
object and any dependent objects (e.g. CtsPassword objects) are
consistent. An inconsistentValue error must be generated
if an attempt to change an CtsPasswordEncryptionType object
would, for example, lead to an undefined CtsPassword value.
In particular, CtsPasswordEncryptionType/CtsPassword pairs
must be changed together if the encryption type changes.
(e.g. from clearText(2) to typeSix(1)). |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
other(1), none(2), clearText(3), typeSix(4), typeSeven(5) |
|
CtsPassword |
|
A password for TrustSec functionality.
A CtsPassword value is always interpreted within the context
of an CtsPasswordEncryptionType value. Every usage of the
CtsPassword textual convention is required to specify the
CtsPasswordEncryptionType object which provides the context.
It is suggested that the CtsPasswordEncryptionType is logically
registered before the object(s) which use the CtsPassword textual
convention if they appear in the same logical row.
The value of an CtsPassword object must always be consistent with
the value of the associated CtsPasswordEncryptionType object.
Attempts to set an CtsPassword object to a value which is
inconsistent with the associated CtsPasswordEncryptionType
must fail with an inconsistentValue error.
When this textual convention is used as the syntax of an
index object, there may be issues with the limit of 128
sub-identifiers specified in SMIv2, STD 58. In this case,
the object definition MUST include a 'SIZE' clause to
limit the number of potential instance sub-identifiers. |
TEXTUAL-CONVENTION |
|
|
|
|
OCTET STRING |
Size(0..256) |
|
CtsGenerationId |
|
An octet string, preferably in human-readable form,
describes the generation identification associated
with a TrustSec attribute such as downloaded SGACL,
downloaded server list .etc...
A zero length string indicates no generation identification. |
TEXTUAL-CONVENTION |
|
|
|
|
OCTET STRING |
Size(0..128) |
|
CtsAcsAuthorityIdentity |
|
The authority identity of an Access Control Server.
A zero length of CtsAcsAuthorityIdentity indicates
that the authority identity is not available. |
TEXTUAL-CONVENTION |
|
|
|
|
OCTET STRING |
Size(0..64) |
|
CtsCredentialRecordType |
|
The secret type of TrustSec credential record.
'simpleSecret' - Simple Secret credential.
This type of credential record is constructed
with symmetric key with associated meta-data.
For example, credential password.
'pac' - Protected Access Credentials(PAC).
A PAC record contains three components:
PAC-key, PAC-opaque and PAC-info. |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
simpleSecret(1), pac(2) |
|
CtsSgaclMonitorMode |
|
The SGACL monitor mode for the SGACL enforced traffic.
'on' - indicates that SGACL monitor is turned on.
'off' - indicates that SGACL monitor mode is turned off. |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
on(1), off(2) |
|
CtsSxpConnectionStatus |
|
The status of SXP connection.
'other' - Any other state not covered by below
enumerations.
'off' - The SXP connection has been disconnected.
SGT mappings are no longer learnt through SXP
connection in this state. SGT mappings
already learnt through this connection will be
deleted.
'on' - The SXP connection has been successfully
established. SGT mappings are learnt
through this SXP connection.
'pendingOn' - A request to establish SXP connection has been
sent to the peer and is pending.
'deleteHoldDown' - The SXP connection is not operational and
delete hold-down timer has been started. If the
SXP connection does not recover before the
expiration of the hold-down timer, the SGT
mappings learnt on this connection will be
deleted. If the SXP connection recovers
before the expiration of the hold-down timer,
the SGT mappings learnt on this connection
will not be deleted. |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
other(1), off(2), on(3), pendingOn(4), deleteHoldDown(5) |
|
Defined Values
ciscoCtsTcMIB |
1.3.6.1.4.1.9.9.694 |
This module defines the textual conventions used within
Cisco Trusted Security framework. |
MODULE-IDENTITY |
|
|
|