CM-SECURITY-MIB
File:
CM-SECURITY-MIB.mib (34029 bytes)
Imported modules
Imported symbols
Defined Types
| CmRemoteAuthProtocol |
|
| Enumerations for remote authentication protocol.
none - No remote authentication protocol,
radius - RADIUS (Remote Authentication Dial-In User Service),
tacacs - TACACS+(Terminal Access Controller Access Control System). |
| TEXTUAL-CONVENTION |
|
|
|
| |
INTEGER |
none(1), radius(2), tacacs(3) |
|
| CmSecurityAccessOrder |
|
| Enumerations for order for security access.
local - Local database for user/security validation,
remote - Remote protocol for user/security validation. |
| TEXTUAL-CONVENTION |
|
|
|
| |
INTEGER |
local(1), remote(2) |
|
| CmSecurityAuthType |
|
| Enumerations for remote authentication protocol types.
pap - Password Authentication Protocol,
chap - Challenge-Handshake Authentication Protocol. |
| TEXTUAL-CONVENTION |
|
|
|
| |
INTEGER |
pap(1), chap(2) |
|
| CmSecurityPrivLevel |
|
| Enumerations for Security Privilege Level.
retrieve - Retrieve Privilege Level (can only
VIEW management information),
maintenance - Maintenance Privilege Level
(can VIEW management, as well as perform
maintenance operations such as loopbacks,
etherjack diagnosis etc.)
provisioning - Provisioning Privilege Level
(can perform Provisioning operations)
superuser - Super User Privilege Level
(can perform all operations)
testuser - Retrieve Privilege Level
and some maintenance,
provisioning operations.
cryptouser - Crypto User Privilege Level
(can perform security operations)
netconf - NETCONF Privilege Level |
| TEXTUAL-CONVENTION |
|
|
|
| |
INTEGER |
not-applicable(0), retrieve(1), maintenance(2), provisioning(3), superuser(4), testuser(5), cryptouser(6), netconf(7) |
|
| CmRemoteAuthOrder |
|
| Enumerations for order for remote authentication access.
first - first to access the remote authentication,
second - second to access the remote authentication,
third - third to access the remote authentication. |
| TEXTUAL-CONVENTION |
|
|
|
| |
INTEGER |
first(1), second(2), third(3) |
|
| CmSecurityPolicyStrength |
|
| Enumerations for security policy strength
low - Low Security Policy,
medium - Medium Security Policy,
high - High Security Policy. |
| TEXTUAL-CONVENTION |
|
|
|
| |
INTEGER |
low(1), medium(2), high(3) |
|
| UsmUserAccessType |
|
| Enumerations for type of USM User
read-only - Read only,
read-write - Read write ,
trap-only - Trap Only. |
| TEXTUAL-CONVENTION |
|
|
|
| |
INTEGER |
read-only(1), read-write(2), trap-only(3) |
|
| SecurityUserAction |
|
| Provides ability to manage security users. |
| TEXTUAL-CONVENTION |
|
|
|
| |
INTEGER |
not-applicable(0), remove-lockout(1) |
|
| SnmpSecurityTrapType |
|
| Provides ability to manage security traps.
all - trap is reported when user logs in, logs out or is locked out
loginFailed - trap is reported only when user failed to log in
disabled - security traps are disabled. |
| TEXTUAL-CONVENTION |
|
|
|
| |
INTEGER |
all(1), loginFailed(2), disabled(3) |
|
| PrivilegeRequestAction |
|
| Privilege request action. |
| TEXTUAL-CONVENTION |
|
|
|
| |
INTEGER |
undefined(0), none(1), approve(2), deny(3), cancel(4) |
|
| PrivilegeRequestState |
|
| Privilege request state. |
| TEXTUAL-CONVENTION |
|
|
|
| |
INTEGER |
none(1), requestSent(2), requestCanceled(3), requestApproved(4), requestDenied(5), requestTimeout(6), accessExpired(7), accessCanceled(8) |
|
| CmSecurityUserEntry |
|
| SEQUENCE |
|
|
|
| |
cmSecurityUserName |
DisplayString |
|
| |
cmSecurityUserComment |
DisplayString |
|
| |
cmSecurityUserPrivLevel |
CmSecurityPrivLevel |
|
| |
cmSecurityUserLoginTimeout |
Integer32 |
|
| |
cmSecurityUserNumFailedLoginAttempts |
Integer32 |
|
| |
cmSecurityUserLastLoginTime |
DateAndTime |
|
| |
cmSecurityUserLockedout |
TruthValue |
|
| |
cmSecurityUserLastLockedoutTime |
DateAndTime |
|
| |
cmSecurityUserCliPagingEnable |
TruthValue |
|
| |
cmSecurityUserRemoteUser |
TruthValue |
|
| |
cmSecurityUserPassword |
DisplayString |
|
| |
cmSecurityUserStorageType |
StorageType |
|
| |
cmSecurityUserRowStatus |
RowStatus |
|
| |
cmSecurityUserAction |
SecurityUserAction |
|
| |
cmSecurityCryptoPassword |
DisplayString |
|
| |
cmSecurityUserRemoteCryptoUser |
TruthValue |
|
| CmRemoteAuthServerEntry |
|
| SEQUENCE |
|
|
|
| |
cmRemoteAuthServerIndex |
Integer32 |
|
| |
cmRemoteAuthServerEnabled |
TruthValue |
|
| |
cmRemoteAuthServerOrder |
CmRemoteAuthOrder |
|
| |
cmRemoteAuthServerIpAddress |
IpAddress |
|
| |
cmRemoteAuthServerPort |
Integer32 |
|
| |
cmRemoteAuthServerNumRetries |
Integer32 |
|
| |
cmRemoteAuthServerTimeout |
Integer32 |
|
| |
cmRemoteAuthServerSecret |
DisplayString |
|
| |
cmRemoteAuthServerAccountingPort |
Integer32 |
|
| |
cmRemoteAuthServerIpVersion |
IpVersion |
|
| |
cmRemoteAuthServerIpv6Addr |
Ipv6Address |
|
| F3PrivilegeChangeEntry |
|
| SEQUENCE |
|
|
|
| |
f3PrivilegeChangeId |
Unsigned32 |
|
| |
f3PrivilegeChangeUserName |
SnmpAdminString |
|
| |
f3PrivilegeChangeIpv4Address |
IpAddress |
|
| |
f3PrivilegeChangeIpv6Address |
Ipv6Address |
|
| |
f3PrivilegeChangeTerminalIpv4Address |
IpAddress |
|
| |
f3PrivilegeChangeTerminalIpv6Address |
Ipv6Address |
|
| |
f3PrivilegeChangeInterface |
UserInterfaceType |
|
| |
f3PrivilegeChangeCurrentPrivilege |
CmSecurityPrivLevel |
|
| |
f3PrivilegeChangeRequestedPrivilege |
CmSecurityPrivLevel |
|
| |
f3PrivilegeChangeDuration |
Unsigned32 |
|
| |
f3PrivilegeChangeAction |
PrivilegeRequestAction |
|
| |
f3PrivilegeChangeState |
PrivilegeRequestState |
|
| |
f3PrivilegeChangeRemainingTime |
Unsigned32 |
|
| |
f3PrivilegeChangeRemoteName |
SnmpAdminString |
|
Defined Values
| cmSecurityMIB |
1.3.6.1.4.1.2544.1.12.10 |
| This module defines the Security MIB definitions
used by the F3 (FSP150CM/CC) product lines. These are used
to manage the user/authentication for CLI/GUI sessions.
Copyright (C) ADVA Optical Networking. |
| MODULE-IDENTITY |
|
|
|
| cmAccessOrder |
1.3.6.1.4.1.2544.1.12.10.1.2 |
| Order of access for security, i.e. try 'local' first or
'remote' first. |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
CmSecurityAccessOrder |
|
|
| cmAuthType |
1.3.6.1.4.1.2544.1.12.10.1.3 |
| In case of remote authentication, the chosen protocol. |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
CmSecurityAuthType |
|
|
| cmNASIpAddress |
1.3.6.1.4.1.2544.1.12.10.1.4 |
| In case of remote authentication RADIUS,
the Network Access Server's IP Address. |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
IpAddress |
|
|
| cmSecurityPolicyStrength |
1.3.6.1.4.1.2544.1.12.10.1.7 |
| This object represents the security policy
strength of the system. Based on this value,
the system puts additional restrictions on
the user id and password rules. |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
CmSecurityPolicyStrength |
|
|
| f3TacacsPrivLevelControlEnabled |
1.3.6.1.4.1.2544.1.12.10.1.10 |
| This object allows to enable/disable the use of ENABLE authorization
control to determine
the Privilege Level configured by the remote authentication server.
This object is only valid for TACACS+. Default value of this object is
TRUE. |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
TruthValue |
|
|
| f3TacacsDefaultPrivLevel |
1.3.6.1.4.1.2544.1.12.10.1.11 |
| This object allows specification of the default privilege level of the
TACACS+ user, when the use of ENABLE authorization control is DISABLED, i.e.
f3TacacsPrivLevelControlEnabled is set to FALSE. |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
CmSecurityPrivLevel |
|
|
| f3NasIpv6Addr |
1.3.6.1.4.1.2544.1.12.10.1.12 |
| This object describe the ipv6 address. |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
Ipv6Address |
|
|
| f3SecurityTrapInfo |
1.3.6.1.4.1.2544.1.12.10.1.14 |
| This object is used to describe the security trap info.
This object is used only in trap and GET operation on this object
will return empty string. |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
DisplayString |
|
|
| f3UserPrivMgmtControl |
1.3.6.1.4.1.2544.1.12.10.1.16 |
| This object is used to enable/disable User Privilege Management. |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
TruthValue |
|
|
| f3UserPrivRspTimeout |
1.3.6.1.4.1.2544.1.12.10.1.17 |
| This object is used to set response timeout for user privilege
upgrade request in minutes. |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
Integer32 |
1..60 |
|
| cmSecurityUserTable |
1.3.6.1.4.1.2544.1.12.10.1.5 |
| A list of entries corresponding to the security users.
Entries cannot be created in this table by management
application action. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
SEQUENCE OF |
|
|
| |
|
CmSecurityUserEntry |
|
| cmSecurityUserEntry |
1.3.6.1.4.1.2544.1.12.10.1.5.1 |
| An entry containing information applicable to a particular
security user. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
CmSecurityUserEntry |
|
|
| cmSecurityUserPassword |
1.3.6.1.4.1.2544.1.12.10.1.5.1.11 |
| Password of the security user.
Note that this attribute is a SET only attribute. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
DisplayString |
Size(0..32) |
|
| cmSecurityUserRowStatus |
1.3.6.1.4.1.2544.1.12.10.1.5.1.13 |
| The status of this row.
An entry MUST NOT exist in the active state unless all
objects in the entry have an appropriate value, as described
in the description clause for each writable object.
The values of cmSecurityUserRowStatus supported are
createAndGo(4) and destroy(6). All mandatory attributes
must be specified in a single SNMP SET request with
cmSecurityUserRowStatus value as createAndGo(4).
Upon successful row creation, this object has a
value of active(1).
The cmSecurityUserRowStatus object may be modified if
the associated instance of this object is equal to active(1). |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
RowStatus |
|
|
| cmSecurityUserAction |
1.3.6.1.4.1.2544.1.12.10.1.5.1.14 |
| This object provides ability to perform specific actions on security user.
remove-lockout - this removes the locked out condition on the security user
. |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
SecurityUserAction |
|
|
| cmSecurityCryptoPassword |
1.3.6.1.4.1.2544.1.12.10.1.5.1.15 |
| Second level password used in connectguard configurations.
This applies only to crypto users.
Note that this attribute is a SET only attribute. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
DisplayString |
Size(0..32) |
|
| cmRemoteAuthServerTable |
1.3.6.1.4.1.2544.1.12.10.1.6 |
| A list of entries corresponding to the remote authentication
servers.
Entries cannot be created in this table by management
application action. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
SEQUENCE OF |
|
|
| |
|
CmRemoteAuthServerEntry |
|
| cmRemoteAuthServerEntry |
1.3.6.1.4.1.2544.1.12.10.1.6.1 |
| An entry containing information applicable to a particular
remote authentication server. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
CmRemoteAuthServerEntry |
|
|
| cmRemoteAuthServerIndex |
1.3.6.1.4.1.2544.1.12.10.1.6.1.1 |
| Unique index to address/configure a specific Remote
Authentication Server. |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
Integer32 |
|
|
| cmRemoteAuthServerEnabled |
1.3.6.1.4.1.2544.1.12.10.1.6.1.2 |
| This object allows enabling/disabling a Remote Authentication Server. |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
TruthValue |
|
|
| cmRemoteAuthServerOrder |
1.3.6.1.4.1.2544.1.12.10.1.6.1.3 |
| This object determines the order in which the Remote
Authentication Servers are accessed for security information. |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
CmRemoteAuthOrder |
|
|
| cmRemoteAuthServerIpAddress |
1.3.6.1.4.1.2544.1.12.10.1.6.1.4 |
| This object allows to specify an IP Address for the Remote
Authentication Server. |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
IpAddress |
|
|
| cmRemoteAuthServerPort |
1.3.6.1.4.1.2544.1.12.10.1.6.1.5 |
| This object allows to specify a Port for Remote Authentication
Server. |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
Integer32 |
|
|
| cmRemoteAuthServerNumRetries |
1.3.6.1.4.1.2544.1.12.10.1.6.1.6 |
| This object allows to specify the number of retries the Remote
Authentication Server must be tried for security access before
giving up. |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
Integer32 |
|
|
| cmRemoteAuthServerTimeout |
1.3.6.1.4.1.2544.1.12.10.1.6.1.7 |
| This object allows to specify the timeout period for timing
out a security access request to the Remote Authentication Server. |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
Integer32 |
|
|
| cmRemoteAuthServerSecret |
1.3.6.1.4.1.2544.1.12.10.1.6.1.8 |
| This allows configuration of secret password for Remote
Authentication Server request. |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
DisplayString |
Size(0..128) |
|
| f3UsmUserTable |
1.3.6.1.4.1.2544.1.12.10.1.9 |
| This table is the extension of the F3 USM User Table. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
SEQUENCE OF |
|
|
| |
|
F3UsmUserEntry |
|
| f3UsmUserEntry |
1.3.6.1.4.1.2544.1.12.10.1.9.1 |
| An entry in the F3 USM User Table. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
F3UsmUserEntry |
|
|
| f3UsmUserAccessType |
1.3.6.1.4.1.2544.1.12.10.1.9.1.1 |
| This indicates the type of USM User, read-only, read-write, trap-only. |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
UsmUserAccessType |
|
|
| f3PrivilegeChangeTable |
1.3.6.1.4.1.2544.1.12.10.1.15 |
| This table is used for Restricted User Login via NMS.
This is for users with lower privileges to elevate them to higher ones for limited amount of time. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
SEQUENCE OF |
|
|
| |
|
F3PrivilegeChangeEntry |
|
| f3PrivilegeChangeEntry |
1.3.6.1.4.1.2544.1.12.10.1.15.1 |
| Column for privilegeChangeTable. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
F3PrivilegeChangeEntry |
|
|
| f3PrivilegeChangeId |
1.3.6.1.4.1.2544.1.12.10.1.15.1.1 |
| Unique index identifying a request. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
Unsigned32 |
1..4294967295 |
|
| f3PrivilegeChangeRemainingTime |
1.3.6.1.4.1.2544.1.12.10.1.15.1.13 |
| Time remaining in session with upgrade user privilege (in seconds). |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
Unsigned32 |
|
|
| f3SecurityTrap |
1.3.6.1.4.1.2544.1.12.10.3.1 |
| This is security trap. Security traps are reported
according to value of f3SecurityTrapType object. |
| Status: current |
Access: read-only |
| NOTIFICATION-TYPE |
|
|
|
| f3PrivilegeChangeTrap |
1.3.6.1.4.1.2544.1.12.10.3.2 |
| This trap is sent every time a privilege change request is changed (added, modified, removed). |
| Status: current |
Access: read-only |
| NOTIFICATION-TYPE |
|
|
|
| cmSecurityCompliance |
1.3.6.1.4.1.2544.1.12.10.2.1.1 |
| Describes the requirements for conformance to the CM Security
group. |
| Status: current |
Access: read-only |
| MODULE-COMPLIANCE |
|
|
|
| cmSecurityObjectGroup |
1.3.6.1.4.1.2544.1.12.10.2.2.1 |
| A collection of objects used to manage the CM Security
group. |
| Status: current |
Access: read-only |
| OBJECT-GROUP |
|
|
|
| cmSecurityNotifGroup |
1.3.6.1.4.1.2544.1.12.10.2.2.2 |
| A collection of notifications used in the CM Security
group. |
| Status: current |
Access: read-only |
| NOTIFICATION-GROUP |
|
|
|