DOCS-SEC-MIB
File:
DOCS-SEC-MIB.mib (30325 bytes)
Imported modules
Imported symbols
Defined Types
DocsSecCmtsCmEaeExclusionEntry |
|
SEQUENCE |
|
|
|
|
docsSecCmtsCmEaeExclusionId |
Unsigned32 |
|
|
docsSecCmtsCmEaeExclusionMacAddr |
MacAddress |
|
|
docsSecCmtsCmEaeExclusionMacAddrMask |
MacAddress |
|
|
docsSecCmtsCmEaeExclusionRowStatus |
RowStatus |
|
DocsSecSavCmAuthEntry |
|
SEQUENCE |
|
|
|
|
docsSecSavCmAuthGrpName |
SnmpAdminString |
|
|
docsSecSavCmAuthStaticPrefixListId |
Unsigned32 |
|
DocsSecSavCfgListEntry |
|
SEQUENCE |
|
|
|
|
docsSecSavCfgListName |
SnmpAdminString |
|
|
docsSecSavCfgListRuleId |
Unsigned32 |
|
|
docsSecSavCfgListPrefixAddrType |
InetAddressType |
|
|
docsSecSavCfgListPrefixAddr |
InetAddress |
|
|
docsSecSavCfgListPrefixLen |
InetAddressPrefixLength |
|
|
docsSecSavCfgListRowStatus |
RowStatus |
|
DocsSecSavStaticListEntry |
|
SEQUENCE |
|
|
|
|
docsSecSavStaticListId |
Unsigned32 |
|
|
docsSecSavStaticListRuleId |
Unsigned32 |
|
|
docsSecSavStaticListPrefixAddrType |
InetAddressType |
|
|
docsSecSavStaticListPrefixAddr |
InetAddress |
|
|
docsSecSavStaticListPrefixLen |
InetAddressPrefixLength |
|
DocsSecCmtsCmSavStatsEntry |
|
SEQUENCE |
|
|
|
|
docsSecCmtsCmSavStatsSavDiscards |
Counter32 |
|
Defined Values
docsSecMib |
1.3.6.1.4.1.4491.2.1.11 |
This MIB module contains the management objects for
the management of the security requirements in the DOCSIS
Security Specification. |
MODULE-IDENTITY |
|
|
|
docsSecCmtsServerCfgTftpOptions |
1.3.6.1.4.1.4491.2.1.11.1.1.1 |
This attribute instructs the CMTS to insert the source
IP address and/or MAC address of received TFTP packets
into the TFTP option fields before forwarding
the packets to the Config File server.
This attribute is only applicable when the TftpProxyEnabled
attribute of the MdCfg object is 'true'. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
BITS |
hwAddr(0), netAddr(1) |
|
docsSecCmtsServerCfgConfigFileLearningEnable |
1.3.6.1.4.1.4491.2.1.11.1.1.2 |
This attribute enables and disables Configuration
File Learning functionality.
If this attribute is set to 'true' the CMTS will respond
with Authentication Failure in the REG-RSP message
when there is a mismatch between learned config file
parameters and REG-REQ parameters. If this attribute
is set to 'false', the CMTS will not execute config
file learning and mismatch check.
This attribute is only applicable when the TftpProxyEnabled
attribute of the MdCfg object is 'true'. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
docsSecCmtsEncryptEncryptAlgPriority |
1.3.6.1.4.1.4491.2.1.11.1.2.1 |
This attribute allows for configuration of a prioritized
list of encryption algorithms the CMTS will
use when selecting the primary SAID encryption algorithm
for a given CM. The CMTS selects the highest priority
encryption algorithm from this list that the CM
supports. By default the following encryption algorithms
are listed from highest to lowest priority (left
being the highest): 128 bit AES, 56 bit DES, 40 bit
DES.
An empty list indicates that the CMTS attempts to use
the latest and robust encryption algorithm supported
by the CM. The CMTS will ignore unknown values or unsupported
algorithms. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
SnmpTagList |
|
|
docsSecCmtsCmEaeExclusionTable |
1.3.6.1.4.1.4491.2.1.11.1.3 |
This object defines a list of CMs or CM groups to exclude
from Early Authentication and Encryption (EAE).
This object allows overrides to the value of EAE Control
for individual CMs or group of CMs for purposes
such as debugging. The CMTS supports a minimum of
30 instances of the CmtsCmEaeExclusion object.
This object is only applicable when the EarlyAuthEncryptCtrl
attribute of the MdCfg object is enabled.
This object supports the creation and deletion of multiple
instances. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
DocsSecCmtsCmEaeExclusionEntry |
|
docsSecCmtsCmEaeExclusionEntry |
1.3.6.1.4.1.4491.2.1.11.1.3.1 |
The conceptual row of docsSecCmtsCmEaeExclusion.
The CMTS persists all instances of CmtsCmEaeExclusion
across reinitializations. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
DocsSecCmtsCmEaeExclusionEntry |
|
|
docsSecCmtsCmEaeExclusionId |
1.3.6.1.4.1.4491.2.1.11.1.3.1.1 |
This key uniquely identifies the exclusion MAC address
rule. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
1..4294967295 |
|
docsSecCmtsCmEaeExclusionMacAddr |
1.3.6.1.4.1.4491.2.1.11.1.3.1.2 |
This attribute identifies the CM MAC address. A match
is made when a CM MAC address bitwise ANDed with the
MacAddrMask attribute equals the value of this attribute. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
MacAddress |
|
|
docsSecCmtsCmEaeExclusionRowStatus |
1.3.6.1.4.1.4491.2.1.11.1.3.1.4 |
Controls and reflects the status of rows in this
table. There is no restriction on changing values in
a row of this table while the row is active. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
docsSecCmtsSavControlCmAuthEnable |
1.3.6.1.4.1.4491.2.1.11.1.4.1 |
This attribute enables or disables Source Address
Verification (SAV) for CM configured policies in the
SavCmAuth object. If this attribute is set to 'false',
the CM configured policies in the SavCmAuth object
are ignored.
This attribute is only applicable when the
SrcAddrVerificationEnabled attribute of the MdCfg object is
'true'. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
docsSecSavCmAuthTable |
1.3.6.1.4.1.4491.2.1.11.1.5 |
This object defines a read-only set of SAV policies
associated with a CM that the CMTS will use in addition
to the CMTS verification of an operator assigned IP
Address being associated with a CM. When the CMTS has
not resolved a source address of a CM CPE, the CMTS verifies
if the CM CPE is authorized to pass traffic based
on this object. These object policies include a list
of subnet prefixes (defined in the SavStaticList
object) or a SAV Group Name that could reference a CMTS
configured list of subnet prefixes (defined in SavCfgList
object) or vendor-specific policies. The CMTS
populates the attributes of this object for a CM from
that CM's config file.
This object is only applicable when the
SrcAddrVerificationEnabled attribute of the MdCfg object is
'true' and the CmAuthEnable attribute of the CmtsSavCtrl
object is 'true'.
The CMTS is not required to persist instances of this
object across reinitializations. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
DocsSecSavCmAuthEntry |
|
docsSecSavCmAuthEntry |
1.3.6.1.4.1.4491.2.1.11.1.5.1 |
The conceptual row of docsSecSavCmAuth. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
DocsSecSavCmAuthEntry |
|
|
docsSecSavCmAuthGrpName |
1.3.6.1.4.1.4491.2.1.11.1.5.1.1 |
This attribute references the Name attribute of the
SavCfgList object of a CM. If the CM signaled group
name is not configured in the CMTS, the CMTS ignores this
attribute value for the purpose of Source Address
Verification. The CMTS must allow the modification
of the GrpName object and use the updated SAV rules for
newly discovered CPEs from CMs. When a source IP address
is claimed by two CMs (e.g., detected as duplicated),
the CMTS must use the current SAV rules defined
for both CMs in case the SAV GrpName rules may have been
updated. In the case of a persisting conflict, it is
up to vendor-implementation to decide what CM should
hold the SAV authorization.
The zero-length string indicates that no SAV Group was
signaled by the CM. The zero-length value or a non-existing
reference in the SavCfgList object means the
SavCfgListName is ignored for the purpose of SAV. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
|
|
docsSecSavCmAuthStaticPrefixListId |
1.3.6.1.4.1.4491.2.1.11.1.5.1.2 |
This attribute identifies the reference to a CMTS
created subnet prefix list based on the CM signaled static
prefix list TLV elements. The CMTS may reuse this
attribute value to reference more than one CM when
those CMs have signaled the same subnet prefix list to
the CMTS.
The value zero indicates that no SAV static prefix encodings
were signaled by the CM. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
docsSecSavCfgListTable |
1.3.6.1.4.1.4491.2.1.11.1.6 |
This object defines the CMTS configured subnet prefix
extension to the SavCmAuth object.
This object supports the creation and deletion of multiple
instances.
Creation of a new instance of this object requires the
PrefixAddrType and PrefixAddr attributes to be set. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
DocsSecSavCfgListEntry |
|
docsSecSavCfgListEntry |
1.3.6.1.4.1.4491.2.1.11.1.6.1 |
The conceptual row of docsSecSavCfgList.
The CMTS persists all instances of SavCfgList
across reinitializations. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
DocsSecSavCfgListEntry |
|
|
docsSecSavCfgListName |
1.3.6.1.4.1.4491.2.1.11.1.6.1.1 |
This attribute is the key that identifies the instance
of the SavCmAuth object to which this object extension
belongs. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..16) |
|
docsSecSavCfgListRuleId |
1.3.6.1.4.1.4491.2.1.11.1.6.1.2 |
This attribute is the key that identifies a particular
subnet prefix rule of an instance of this object. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
1..4294967295 |
|
docsSecSavCfgListPrefixAddr |
1.3.6.1.4.1.4491.2.1.11.1.6.1.4 |
This attribute corresponds to the IP address of this
subnet prefix rule in accordance to the PrefixAddrType
attribute. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
docsSecSavCfgListRowStatus |
1.3.6.1.4.1.4491.2.1.11.1.6.1.6 |
The row creation control of this conceptual row.
An entry in this table can be set to active
only when the following attributes are correctly
assigned:
PrefixAddrType
PrefixAddress
There are no restrictions to modify or delete
entries in this table. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
docsSecSavStaticListTable |
1.3.6.1.4.1.4491.2.1.11.1.7 |
This object defines a subnet prefix extension to the
SavCmAuth object based on CM statically signaled
subnet prefixes to the CMTS.
When a CM signals to the CMTS static subnet prefixes,
the CMTS must create a List Id to be referenced by the CM
in the SavCmAuth StaticPrefixListId attribute, or
the CMTS may reference an existing List Id associated
to previously registered CMs in case of those subnet
prefixes associated with the List Id match the ones
signaled by the CM. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
DocsSecSavStaticListEntry |
|
docsSecSavStaticListEntry |
1.3.6.1.4.1.4491.2.1.11.1.7.1 |
The conceptual row of docsSecSavStaticList.
The CMTS may persist instances of this object
across reinitializations. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
DocsSecSavStaticListEntry |
|
|
docsSecSavStaticListId |
1.3.6.1.4.1.4491.2.1.11.1.7.1.1 |
This key uniquely identifies the index that groups
multiple subnet prefix rules. The CMTS assigns this
value per CM or may reuse it among multiple CMs that share
the same list of subnet prefixes. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
1..4294967295 |
|
docsSecSavStaticListRuleId |
1.3.6.1.4.1.4491.2.1.11.1.7.1.2 |
This key identifies a particular static subnet prefix
rule of an instance of this object. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
1..4294967295 |
|
docsSecSavStaticListPrefixAddr |
1.3.6.1.4.1.4491.2.1.11.1.7.1.4 |
This attribute corresponds to the IP address of this
subnet prefix rule in accordance to the PrefixAddrType
attribute. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
docsSecCmtsCmSavStatsEntry |
1.3.6.1.4.1.4491.2.1.11.1.8.1 |
The conceptual row of docsSecCmtsCmSavStats. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
DocsSecCmtsCmSavStatsEntry |
|
|
docsSecCmtsCmSavStatsSavDiscards |
1.3.6.1.4.1.4491.2.1.11.1.8.1.1 |
This attribute provides the information about number
of dropped upstream packets due to SAV failure. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
docsSecCmtsCertificateCertRevocationMethod |
1.3.6.1.4.1.4491.2.1.11.1.9.1 |
This attribute identifies which certificate revocation
method is to be used by the CMTS to verify the cable
modem certificate validity. The certificate revocation
methods include Certification Revocation
List (CRL) and Online Certificate Status Protocol
(OCSP).
The following options are available:
The option 'none' indicates that the CMTS does not attempt
to determine the revocation status of a certificate.
The option 'crl' indicates the CMTS uses a Certificate
Revocation List (CRL) as defined by the Url attribute
of the CmtsCertRevocationList object. When the
value of this attribute is changed to 'crl', it triggers
the CMTS to retrieve the CRL from the URL specified
by the Url attribute. If the value of this attribute
is 'crl' when the CMTS starts up, it triggers the CMTS
to retrieve the CRL from the URL specified by the Url attribute.
The option 'ocsp' indicates the CMTS uses the Online
Certificate Status Protocol (OCSP) as defined by the
Url attribute of the CmtsOnlineCertStatusProtocol
object.
The option 'crlAndOcsp' indicates the CMTS uses both
the CRL as defined by the Url attribute in the
CmtsCertRevocationList object and OCSP as defined by the Url
attribute in the CmtsOnlineCertStatusProtocol
object.
The CMTS persists the values of the CertRevocationMethod
attribute across reinitializations. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
none(1), crl(2), ocsp(3), crlAndOcsp(4) |
|
docsSecCmtsCertRevocationListUrl |
1.3.6.1.4.1.4491.2.1.11.1.10.1 |
This attribute contains the URL from where the CMTS
will retrieve the CRL. When this attribute is set to
a URL value different from the current value, it triggers
the CMTS to retrieve the CRL from that URL. If the
value of this attribute is a zero-length string, the
CMTS does not attempt to retrieve the CRL.
The CMTS persists the value of Url across
reinitializations. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
|
|
docsSecCmtsCertRevocationListRefreshInterval |
1.3.6.1.4.1.4491.2.1.11.1.10.2 |
This attribute contains the refresh interval for
the CMTS to retrieve the CRL (referred to in the Url attribute)
with the purpose of updating its Certificate
Revocation List. This attribute is meaningful if
the tbsCertList.nextUpdate attribute does not exist
in the last retrieved CRL, otherwise the value 0 is
returned.
The CMTS persists the value of RefreshInterval across
reinitializations. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
1..524160 |
|
docsSecCmtsCertRevocationListLastUpdate |
1.3.6.1.4.1.4491.2.1.11.1.10.3 |
This attribute contains the last date and time when
the CRL was retrieved by the CMTS. This attribute returns
the initial EPOC time if the CRL has not being updated.
The CMTS persists the value of LastUpdate across
reinitializations. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
DateAndTime |
|
|
docsSecCmtsOnlineCertStatusProtocolUrl |
1.3.6.1.4.1.4491.2.1.11.1.11.1 |
This attribute contains the URL string to retrieve
OCSP information. If the value of this attribute is
a zero-length string, the CMTS does not attempt to request
the status of a CM certificate.
The CMTS persists the value of Url across
reinitializations. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
|
|
docsSecCompliance |
1.3.6.1.4.1.4491.2.1.11.2.1.1 |
The compliance statement for devices that implement the DOCSIS
Security MIB. |
Status: current |
Access: read-write |
MODULE-COMPLIANCE |
|
|
|
docsSecGroup |
1.3.6.1.4.1.4491.2.1.11.2.2.1 |
Group of objects implemented in the CMTS. |
Status: current |
Access: read-write |
OBJECT-GROUP |
|
|
|