SECURITY-MANAGEMENT-MIB
File:
SECURITY-MANAGEMENT-MIB.mib (33677 bytes)
Imported modules
Imported symbols
Defined Types
OnOffType |
|
Description. |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
on(1), off(2) |
|
ServiceStateType |
|
Description. |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
on(1), off(2), notSupported(3) |
|
SecMngProtoEntry |
|
SEQUENCE |
|
|
|
|
secMngProtoId |
INTEGER |
|
|
secMngProtoStatus |
ServiceStateType |
|
LsgLicMngEntry |
|
SEQUENCE |
|
|
|
|
lsgLicMngFeatureKeyword |
OCTET STRING |
|
|
lsgLicMngFeatureType |
INTEGER |
|
|
lsgLicMngAdminStatus |
OnOffType |
|
|
lsgLicMngOperStatus |
OnOffType |
|
|
lsgLicMngCountedValue |
Unsigned32 |
|
|
lsgLicMngLastError |
INTEGER |
|
Defined Values
secMngModule |
1.3.6.1.4.1.6889.2.1.14.1 |
Defines MIB objects related to device secured management. |
MODULE-IDENTITY |
|
|
|
secMode |
1.3.6.1.4.1.6889.2.1.14.1.1 |
When the security mode flag = on - it indicates that device operates
in secured mode, =off - in non-secured mode. Otherwize when the value retuned
=Not relevant - secured mode is not supported in this device. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OnOffType |
|
|
secTcpSynCkiOpState |
1.3.6.1.4.1.6889.2.1.14.1.2.1 |
Monitors the operational state of the TCP SYN cookies
defense mechanism.
The operational state of the SYN cookies can change
only after a reset, if the configuration state was
changed and the running configuration was saved to
the startup configuration before the reset.
Use secTcpSynCkiCfgState to monitor and change the
SYN cookies configuration state.
When the SYN cookies feature is turned on, it helps
protect the local host from SYN attacks (a type of
DoS attack). |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OnOffType |
|
|
secTcpSynCkiCfgState |
1.3.6.1.4.1.6889.2.1.14.1.2.2 |
Controls and monitors the configuration state of the
TCP SYN cookies defense mechanism.
The operational state of the SYN cookies can change
only after reset, if the configuration state was
changed and the running configuration was saved to
the startup configuration before the reset.
Use secTcpSynCkiOpState to monitor the SYN cookies
operational state.
When the SYN cookies feature is turned on, it helps
protect the local host from SYN attacks (a type of
DoS attack).
|
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
OnOffType |
|
|
secMngProtoTable |
1.3.6.1.4.1.6889.2.1.14.1.3 |
List of security management protocols supported in the device.
|
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
SecMngProtoEntry |
|
secMngProtoEntry |
1.3.6.1.4.1.6889.2.1.14.1.3.1 |
Description. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SecMngProtoEntry |
|
|
secMngProtoId |
1.3.6.1.4.1.6889.2.1.14.1.3.1.1 |
Index to the secMngProtoTable. The index can take one of the following values that
correspond to supported management protocols
scpConfigFiles(1),
scpImageFiles(2),
ssh(3),
telnet(4),
snmpv3(5),
http(6),
https(7),
telnetClient(8),
icmpRedirection(9), - icmp redirection service state
icmp(10), - icmp services status
recoveryPassword(11), - recovery password state
sshClient(12),
snmpv1(13),
icmpEcho(14) - icmp service has been launched in EchoOnly mode
tftp(16),
dhcp(17),
dnsResolver(18,
scpClient(19),
tftpClient(20),
servicesTelnet(21), - reports telnet status on Services interface in G450
Missing entry indicates that
corresponding protocol is not supported. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
INTEGER |
scpConfigFiles(1), scpImageFiles(2), ssh(3), telnet(4), snmpv3(5), http(6), https(7), telnetClient(8), icmpRedirection(9), icmp(10), recoveryPassword(11), sshClient(12), snmpv1(13), icmpEcho(14), ftpClient(15), tftp(16), dhcp(17), dnsResolver(18), scpClient(19), tftpClient(20), telnetServices(21), dnsRelay(22) |
|
secMngProtoStatus |
1.3.6.1.4.1.6889.2.1.14.1.3.1.2 |
Portocol status. When the status is =on - it indicates that
correpsonding protocol is up and running, =off - protocol is down.
Otherwize when the value retuned =Not relevant - the protocol is not supported. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
ServiceStateType |
|
|
secMngGroups |
1.3.6.1.4.1.6889.2.1.14.1.4.1 |
OBJECT IDENTIFIER |
|
|
|
secMngBasicGroup |
1.3.6.1.4.1.6889.2.1.14.1.4.1.1 |
Description. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
lsgLicManagement |
1.3.6.1.4.1.6889.2.1.14.1.5 |
Group of MIBs objects used for configuration/presentation of the
License information generated by Avaya Remote Feature
Activation (RFA) system.
|
Status: current |
Access: read-only |
OBJECT-IDENTITY |
|
|
|
lsgLicMngTable |
1.3.6.1.4.1.6889.2.1.14.1.5.1 |
RFA based License management table. All elements are
displaying the feature activation status. License activation
controlled by the license file. The table is indexed by the
license feature keyword assuming that the same keyword describing a
feature cannot appear more than once per a license file.
|
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
LsgLicMngEntry |
|
lsgLicMngEntry |
1.3.6.1.4.1.6889.2.1.14.1.5.1.1 |
Entry in lsgLicMngTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
LsgLicMngEntry |
|
|
lsgLicMngFeatureKeyword |
1.3.6.1.4.1.6889.2.1.14.1.5.1.1.1 |
This table entry contains a features keyword. The feature
keywords are text-based for example FEAT_VPN string. This
field is used as a table index |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
|
|
lsgLicMngFeatureType |
1.3.6.1.4.1.6889.2.1.14.1.5.1.1.2 |
License activation mechanism support two feature types
* Boolean on-off feature
* Features that describe quantities for example number
of concurrent VPN peers
|
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
INTEGER |
onOffFeature(1), quantifiableFeature(2) |
|
lsgLicMngAdminStatus |
1.3.6.1.4.1.6889.2.1.14.1.5.1.1.3 |
An administration status shows the feature activation status -
when set to On the feature is activated by the RFA licensing system.
|
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OnOffType |
|
|
lsgLicMngOperStatus |
1.3.6.1.4.1.6889.2.1.14.1.5.1.1.4 |
The operation status shows the actual status of the
corresponding feature - feature can be not operational
enabled if for example device must be reset for feature to
be activated or feature is not supported by a device. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OnOffType |
|
|
lsgLicMngCountedValue |
1.3.6.1.4.1.6889.2.1.14.1.5.1.1.5 |
For counted features, this entry shows the associated quantity |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
lsgLicMngLastError |
1.3.6.1.4.1.6889.2.1.14.1.5.1.1.6 |
Shows feature error state |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
INTEGER |
licNoError(2) |
|
lsgLicMngGroups |
1.3.6.1.4.1.6889.2.1.14.1.5.20.1 |
Description. |
Status: current |
Access: read-only |
OBJECT-IDENTITY |
|
|
|
lsgLicMngBasicGroup |
1.3.6.1.4.1.6889.2.1.14.1.5.20.1.1 |
Description. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
fips140 |
1.3.6.1.4.1.6889.2.1.14.1.6 |
Description. |
Status: current |
Access: read-only |
OBJECT-IDENTITY |
|
|
|
fipsEnhancedSecurityFlg |
1.3.6.1.4.1.6889.2.1.14.1.6.1 |
enhanceSecurity flag reports operation of a product in enhance security mode.
When running under enhanced security a product performs certain secure-related
activities safely, closely matching FIPS-140-2 standard. However the
flag doesn't necessary indicate that all device operations comply to
FIPS approved mode as some of security activities might be controlled
via different mechanisms for example manual configuration.
Security policy/Crypto Office guidance documents shall be used as
reference as for if this flag can be used as an evidence for operation
in FIPS approved mode. The flag is read only and set via product CLI.
|
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OnOffType |
|
|
avMssNotifications |
1.3.6.1.4.1.6889.2.1.14.1.7 |
Subtree hosting MSS notification traps |
Status: current |
Access: read-only |
OBJECT-IDENTITY |
|
|
|
avMssNotificationPrefix |
1.3.6.1.4.1.6889.2.1.14.1.7.0 |
Description. |
Status: current |
Access: read-only |
OBJECT-IDENTITY |
|
|
|
avMSSDenialOfService |
1.3.6.1.4.1.6889.2.1.14.1.7.0.1 |
The MSS notification sent on DoS attack |
Status: current |
Access: read-only |
NOTIFICATION-TYPE |
|
|
|
avMSSNotificationRate |
1.3.6.1.4.1.6889.2.1.14.1.7.2 |
Defines the rate of MSS notification report.
MSS reports will be generated as per
rate if the event group counter
passes the threshold correspondingly.
The rate units are given in seconds with
minimum - 10 seconds
maximum - 8 hours (60 * 60 * 8)
|
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
10..28800 |
|
avMSSVarbinds |
1.3.6.1.4.1.6889.2.1.14.1.7.4 |
Subtree of access-for-notify arguments to
MSS notification varbinds list. |
Status: current |
Access: read-write |
OBJECT-IDENTITY |
|
|
|
avMSSVarbindsDoSType |
1.3.6.1.4.1.6889.2.1.14.1.7.4.1 |
Enumeration of DoS attacks |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
INTEGER |
avMSSDoSMalformedARPs(1), avMSSDoSLandAttack(2), avMSSDoSICMPReflectAttack(3), avMSSDoSUknownPort(4), avMSSDoSUrgTCPOption(5), avMSSDoSMalformedIP(6), avMSSDoSSynFlood(7), avMSSDoSSmurfAttack(8), avMSSDoSFraggleAttack(9), avMSSDoSMalFragmentIP(10), avMSSSpoofedIP(11), avMSSUnknownL4Protocol(12), avMSSunAuthenticatedAccess(13), avMSSUserDefinedDoSAttack100(100), avMSSUserDefinedDoSAttack101(101), avMSSUserDefinedDoSAttack102(102), avMSSUserDefinedDoSAttack103(103), avMSSUserDefinedDoSAttack104(104), avMSSUserDefinedDoSAttack105(105) |
|
avMSSVarbindsSrcAddr |
1.3.6.1.4.1.6889.2.1.14.1.7.4.3 |
Source IP address in IP header. Set to 0.0.0.0 if address is unknown |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
IpAddress |
|
|
avMSSVarbindsDstAddr |
1.3.6.1.4.1.6889.2.1.14.1.7.4.4 |
Destination IP address in IP header. Set to 0.0.0.0 if address is unknown |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
IpAddress |
|
|
avMSSVarbindsDstPort |
1.3.6.1.4.1.6889.2.1.14.1.7.4.5 |
Destination port number in IP header. 0 if port is not applicable or
unknown |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
INTEGER |
0..65535 |
|
avMSSVarbindsIpProtocol |
1.3.6.1.4.1.6889.2.1.14.1.7.4.6 |
The protocol field in IP header
|
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
INTEGER |
0..255 |
|
avMSSVarbindsCount |
1.3.6.1.4.1.6889.2.1.14.1.7.4.7 |
Counted number of events that occur in a given period
for a corresponding class of security violations (DoS,
not authorized access, etc). |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
avMSSVarbindsSrcMACAddr |
1.3.6.1.4.1.6889.2.1.14.1.7.4.8 |
Source Physical address (MAC) of a packet identified
as a packet carrying DoS payload. Set to 00:00:00:00:00:00 when phyicial address
is not supported or unknown to the system |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
PhysAddress |
|
|
avMSSgroup |
1.3.6.1.4.1.6889.2.1.14.1.8 |
Description. |
Status: current |
Access: accessible-for-notify |
OBJECT-GROUP |
|
|
|
mssNotificationGroup |
1.3.6.1.4.1.6889.2.1.14.1.9 |
Description. |
Status: current |
Access: accessible-for-notify |
NOTIFICATION-GROUP |
|
|
|
secMngNotifications |
1.3.6.1.4.1.6889.2.1.14.1.10 |
Description. |
Status: current |
Access: accessible-for-notify |
OBJECT-IDENTITY |
|
|
|
secMngNotificationsPrefix |
1.3.6.1.4.1.6889.2.1.14.1.10.0 |
Description. |
Status: current |
Access: accessible-for-notify |
OBJECT-IDENTITY |
|
|
|
avConfigurationEncKeyMismatchFault |
1.3.6.1.4.1.6889.2.1.14.1.10.0.1 |
Encryption keys mismatch error. Configuration download
operation is aborted |
Status: current |
Access: accessible-for-notify |
NOTIFICATION-TYPE |
|
|
|
avConfigurationMasterKeyChange |
1.3.6.1.4.1.6889.2.1.14.1.10.0.2 |
Configuration Master key was changed
|
Status: current |
Access: accessible-for-notify |
NOTIFICATION-TYPE |
|
|
|
avPasswordToExpireAlert |
1.3.6.1.4.1.6889.2.1.14.1.10.0.3 |
User password is about to expire in n days
|
Status: current |
Access: accessible-for-notify |
NOTIFICATION-TYPE |
|
|
|
secMngVarbinds |
1.3.6.1.4.1.6889.2.1.14.1.10.1 |
Notify only varbinds used for
notifications in secMngNotifications group |
Status: current |
Access: accessible-for-notify |
OBJECT-IDENTITY |
|
|
|
secMngNotificationGroup |
1.3.6.1.4.1.6889.2.1.14.1.11 |
Description. |
Status: current |
Access: accessible-for-notify |
NOTIFICATION-GROUP |
|
|
|
avASGAuthenticationFiles |
1.3.6.1.4.1.6889.2.1.14.1.12 |
Info on authentication file(s) installed in a product |
Status: current |
Access: accessible-for-notify |
OBJECT-IDENTITY |
|
|
|
avASGAuthFileAFID |
1.3.6.1.4.1.6889.2.1.14.1.12.3.1 |
The productID value ascociated with the
Authentication File (format 7xxxxxxxxx) |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
DisplayString |
Size(0..10) |
|
avASGAuthFileGenDate |
1.3.6.1.4.1.6889.2.1.14.1.12.3.2 |
Date of Authentication file generation
(format YYYY/MM/DD) |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
DisplayString |
|
|
avASGAuthFileGenTime |
1.3.6.1.4.1.6889.2.1.14.1.12.3.3 |
A 8-character string in US short locale
time (format= HH:MM:SS) |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
DisplayString |
Size(0..8) |
|
avASGAuthFileRelease |
1.3.6.1.4.1.6889.2.1.14.1.12.3.4 |
Major software release the AF file was generated for |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
DisplayString |
|
|
avASGNotifications |
1.3.6.1.4.1.6889.2.1.14.1.12.3.5 |
Description. |
Status: current |
Access: read-only |
OBJECT-IDENTITY |
|
|
|
avASGNotificationsPrefix |
1.3.6.1.4.1.6889.2.1.14.1.12.3.5.0 |
Description. |
Status: current |
Access: read-only |
OBJECT-IDENTITY |
|
|
|
avASGAFDownloadSuccess |
1.3.6.1.4.1.6889.2.1.14.1.12.3.5.0.1 |
AF download successfully accomplished |
Status: current |
Access: read-only |
NOTIFICATION-TYPE |
|
|
|
avASGAFDownloadFailure |
1.3.6.1.4.1.6889.2.1.14.1.12.3.5.0.2 |
AF download Failed |
Status: current |
Access: read-only |
NOTIFICATION-TYPE |
|
|
|
avASGAuthFileGroup |
1.3.6.1.4.1.6889.2.1.14.1.12.1000 |
Description. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
avASGAuthFileNotificationGroup |
1.3.6.1.4.1.6889.2.1.14.1.12.1001 |
ASG authentictation File Notification Group |
Status: current |
Access: read-only |
NOTIFICATION-GROUP |
|
|
|
avSecLocalDateAndTime |
1.3.6.1.4.1.6889.2.1.14.1.13 |
Setting the Local current RTC date and time, when not registered with CM |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
DateAndTime |
|
|