1PKTC-IETF-MTA-MIB DEFINITIONS ::= BEGIN 2 3IMPORTS 4 MODULE-IDENTITY, 5 OBJECT-TYPE, 6 OBJECT-IDENTITY, 7 Unsigned32, 8 Counter32, 9 NOTIFICATION-TYPE, 10 mib-2 11 FROM SNMPv2-SMI -- [RFC2578] 12 TEXTUAL-CONVENTION, 13 RowStatus, 14 TruthValue 15 FROM SNMPv2-TC -- [RFC2579] 16 OBJECT-GROUP, 17 MODULE-COMPLIANCE, 18 NOTIFICATION-GROUP 19 FROM SNMPv2-CONF -- [RFC2580] 20 InetAddressType, 21 InetAddress 22 FROM INET-ADDRESS-MIB -- [RFC4001] 23 sysDescr 24 FROM SNMPv2-MIB -- [RFC3418] 25 SnmpAdminString 26 FROM SNMP-FRAMEWORK-MIB -- [RFC3411] 27 docsDevSoftwareGroupV2 28 FROM DOCS-CABLE-DEVICE-MIB -- [RFC4639] 29 DocsX509ASN1DEREncodedCertificate, 30 docsBpi2CodeDownloadGroup 31 FROM DOCS-IETF-BPI2-MIB -- [RFC4131] 32 LongUtf8String 33 FROM SYSAPPL-MIB -- [RFC2287] 34 ifPhysAddress 35 FROM IF-MIB; -- [RFC2863] 36 37 pktcIetfMtaMib MODULE-IDENTITY 38 LAST-UPDATED "200609180000Z" -- September 18, 2006 39 ORGANIZATION "IETF IP over Cable Data Network Working Group" 40 CONTACT-INFO 41 "Eugene Nechamkin 42 Broadcom Corporation, 43 200-13711 International Place, 44 45 46 47 Richmond, BC, V6V 2Z8 48 CANADA 49 Phone: +1 604 233 8500 50 Email: enechamkin@broadcom.com 51 52 Jean-Francois Mule 53 Cable Television Laboratories, Inc. 54 858 Coal Creek Circle 55 Louisville, CO 80027-9750 56 U.S.A. 57 Phone: +1 303 661 9100 58 Email: jf.mule@cablelabs.com 59 60 IETF IPCDN Working Group 61 General Discussion: ipcdn@ietf.org 62 Subscribe: http://www.ietf.org/mailman/listinfo/ipcdn 63 Archive: ftp://ftp.ietf.org/ietf-mail-archive/ipcdn 64 Co-Chair: Jean-Francois Mule, jf.mule@cablelabs.com 65 Co-Chair: Richard Woundy, Richard_Woundy@cable.comcast.com" 66 67 DESCRIPTION 68 "This MIB module defines the basic management object 69 for the Multimedia Terminal Adapter devices compliant 70 with PacketCable and IPCablecom requirements. 71 72 Copyright (C) The IETF Trust (2006). This version of 73 this MIB module is part of RFC 4682; see the RFC itself for 74 full legal notices." 75 76 REVISION "200609180000Z" -- September 18, 2006 77 78 DESCRIPTION 79 "Initial version, published as RFC 4682." 80 81::= { mib-2 140 } 82 83 -- Textual Conventions 84 85PktcMtaDevProvEncryptAlg ::= TEXTUAL-CONVENTION 86 STATUS current 87 DESCRIPTION 88 " This textual convention defines various types of the 89 encryption algorithms used for the encryption of the MTA 90 configuration file. The description of the encryption 91 algorithm for each enumerated value is as follows: 92 93 'none(0)' no encryption is used, 94 'des64CbcMode(1)' DES 64-bit key in CBC mode, 95 96 97 98 't3Des192CbcMode(2)' 3DES 192-bit key in CBC mode, 99 'aes128CbcMode(3)' AES 128-bit key in CBC mode, 100 'aes256CbcMode(4)' AES 256-bit key in CBC mode." 101 SYNTAX INTEGER { 102 none (0), 103 des64CbcMode (1), 104 t3Des192CbcMode (2), 105 aes128CbcMode (3), 106 aes256CbcMode (4) 107 } 108 109--================================================================= 110-- The MTA MIB module only supports a single Provisioning Server. 111--================================================================= 112 113pktcMtaNotification OBJECT IDENTIFIER ::= { pktcIetfMtaMib 0 } 114pktcMtaMibObjects OBJECT IDENTIFIER ::= { pktcIetfMtaMib 1 } 115pktcMtaDevBase OBJECT IDENTIFIER ::= { pktcMtaMibObjects 1 } 116pktcMtaDevServer OBJECT IDENTIFIER ::= { pktcMtaMibObjects 2 } 117pktcMtaDevSecurity OBJECT IDENTIFIER ::= { pktcMtaMibObjects 3 } 118pktcMtaDevErrors OBJECT IDENTIFIER ::= { pktcMtaMibObjects 4 } 119pktcMtaConformance OBJECT IDENTIFIER ::= { pktcIetfMtaMib 2 } 120 121-- 122-- The following pktcMtaDevBase group describes the base MTA objects 123-- 124 125pktcMtaDevResetNow OBJECT-TYPE 126 SYNTAX TruthValue 127 MAX-ACCESS read-write 128 STATUS current 129 DESCRIPTION 130 " This object controls the MTA software reset. 131 Reading this object always returns 'false'. Setting this 132 object to 'true' causes the device to reset immediately 133 and the following actions to occur: 134 1. All connections (if present) are flushed locally. 135 2. All current actions such as ringing immediately 136 terminate. 137 3. Requests for signaling notifications, such as 138 notification based on digit map recognition, are 139 flushed. 140 4. All endpoints are disabled. 141 5. The provisioning flow is started at step MTA-1. 142 If a value is written into an instance of 143 pktcMtaDevResetNow, the agent MUST NOT retain the supplied 144 value across MTA re-initializations or reboots." 145 REFERENCE 146 147 148 149 " PacketCable MTA Device Provisioning Specification." 150 ::= { pktcMtaDevBase 1 } 151 152pktcMtaDevSerialNumber OBJECT-TYPE 153 SYNTAX SnmpAdminString 154 MAX-ACCESS read-only 155 STATUS current 156 DESCRIPTION 157 " This object specifies the manufacturer's serial 158 number of this MTA. The value of this object MUST be 159 identical to the value specified in DHCP option 43, 160 sub-option 4. The list of sub-options for DHCP option 161 43 are defined in the PacketCable MTA Device 162 Provisioning Specification." 163 REFERENCE 164 " PacketCable MTA Device Provisioning Specification." 165 ::= { pktcMtaDevBase 2 } 166 167pktcMtaDevSwCurrentVers OBJECT-TYPE 168 SYNTAX SnmpAdminString 169 MAX-ACCESS read-only 170 STATUS current 171 DESCRIPTION 172 " This object identifies the software version currently 173 operating in the MTA. 174 The MTA MUST return a string descriptive of the current 175 software load. This object should use the syntax 176 defined by the individual vendor to identify the software 177 version. The data presented in this object MUST be 178 identical to the software version information contained 179 in the 'sysDescr' MIB object of the MTA. The value of 180 this object MUST be identical to the value specified in 181 DHCP option 43, sub-option 6. The list of sub-options for 182 DHCP option 43 are defined in the PacketCable MTA Device 183 Provisioning Specification." 184 REFERENCE 185 " PacketCable MTA Device Provisioning Specification." 186 187::= { pktcMtaDevBase 3 } 188 189pktcMtaDevFQDN OBJECT-TYPE 190 SYNTAX SnmpAdminString 191 MAX-ACCESS read-only 192 STATUS current 193 DESCRIPTION 194 " This object contains the Fully Qualified Domain Name for 195 this MTA. The MTA FQDN is used to uniquely identify the 196 device to the PacketCable back office elements." 197 198 199 200 ::= { pktcMtaDevBase 4 } 201 202pktcMtaDevEndPntCount OBJECT-TYPE 203 SYNTAX Unsigned32 (1..255) 204 MAX-ACCESS read-only 205 STATUS current 206 DESCRIPTION 207 " This object contains the number of physical endpoints for 208 this MTA." 209 ::= { pktcMtaDevBase 5 } 210 211pktcMtaDevEnabled OBJECT-TYPE 212 SYNTAX TruthValue 213 MAX-ACCESS read-write 214 STATUS current 215 DESCRIPTION 216 " This object contains the MTA Admin Status of this device. 217 If this object is set to 'true', the MTA is 218 administratively enabled, and the MTA MUST be able to 219 interact with the PacketCable entities, such as CMS, 220 Provisioning Server, KDC, and other MTAs and MGs on all 221 PacketCable interfaces. 222 If this object is set to 'false', the MTA is 223 administratively disabled, and the MTA MUST perform the 224 following actions for all endpoints: 225 - Shut down all media sessions, if present. 226 - Shut down Network Control Signaling (NCS) 227 signaling by following the Restart in 228 Progress procedures in the PacketCable NCS 229 specification. 230 The MTA must execute all actions required to 231 enable or disable the telephony services for all 232 endpoints immediately upon receipt of an SNMP SET 233 operation. 234 235 Additionally, the MTA MUST maintain the SNMP Interface 236 for management and also the SNMP Key management interface. 237 Also, the MTA MUST NOT continue Kerberized key management 238 with CMSes until this object is set to 'true'. 239 Note: MTAs MUST renew the CMS Kerberos tickets according 240 to the PacketCable Security or IPCablecom Specification. 241 If a value is written into an instance of 242 pktcMtaDevEnabled, the agent MUST NOT retain the supplied 243 value across MTA re-initializations or reboots." 244 REFERENCE 245 " PacketCable MTA Device Provisioning Specification; 246 PacketCable Security Specification; 247 PacketCable Network-Based Call Signaling Protocol 248 249 250 251 Specification." 252 ::= { pktcMtaDevBase 6 } 253 254pktcMtaDevTypeIdentifier OBJECT-TYPE 255 SYNTAX SnmpAdminString 256 MAX-ACCESS read-only 257 STATUS current 258 DESCRIPTION 259 " This object provides the MTA device type identifier. The 260 value of this object must be a copy of the DHCP option 60 261 value exchanged between the MTA and the DHCP server. The 262 DHCP option 60 value contains an ASCII-encoded string 263 identifying capabilities of the MTA as defined in the 264 PacketCable MTA Device Provisioning Specification." 265 REFERENCE 266 " RFC 2132, DHCP Options and BOOTP Vendor Extensions; 267 PacketCable MTA Device Provisioning Specification." 268 ::= { pktcMtaDevBase 7 } 269 270pktcMtaDevProvisioningState OBJECT-TYPE 271 SYNTAX INTEGER { 272 pass (1), 273 inProgress (2), 274 failConfigFileError (3), 275 passWithWarnings (4), 276 passWithIncompleteParsing (5), 277 failureInternalError (6), 278 failureOtherReason (7) 279 } 280 MAX-ACCESS read-only 281 STATUS current 282 DESCRIPTION 283 " This object indicates the completion state of the MTA 284 device provisioning process. 285 286 pass: 287 If the configuration file could be parsed successfully 288 and the MTA is able to reflect the same in its 289 MIB, the MTA MUST return the value 'pass'. 290 291 inProgress: 292 If the MTA is in the process of being provisioned, 293 the MTA MUST return the value 'inProgress'. 294 295 failConfigFileError: 296 If the configuration file was in error due to incorrect 297 values in the mandatory parameters, the MTA MUST reject 298 the configuration file, and the MTA MUST return the value 299 300 301 302 'failConfigFileError'. 303 304 passWithWarnings: 305 If the configuration file had proper values for all the 306 mandatory parameters but has errors in any of the optional 307 parameters (this includes any vendor-specific Object 308 Identifiers (OIDs) that are incorrect or not known 309 to the MTA), the MTA MUST return the value 310 'passWithWarnings'. 311 312 passWithIncompleteParsing: 313 If the configuration file is valid but the MTA cannot 314 reflect the same in its configuration (for example, too 315 many entries caused memory exhaustion), it must accept 316 the CMS configuration entries related, and the MTA MUST 317 return the value 'passWithIncompleteParsing'. 318 319 failureInternalError: 320 If the configuration file cannot be parsed due to an 321 Internal error, the MTA MUST return the value 322 'failureInternalError'. 323 324 failureOtherReason: 325 If the MTA cannot accept the configuration file for any 326 other reason than the ones stated above, the MTA MUST 327 return the value 'failureOtherReason'. 328 329 When a final SNMP INFORM is sent as part of Step 25 of the 330 MTA Provisioning process, this parameter is also included 331 in the final INFORM message." 332 REFERENCE 333 " PacketCable MTA Device Provisioning Specification." 334 ::= { pktcMtaDevBase 8 } 335 336pktcMtaDevHttpAccess OBJECT-TYPE 337 SYNTAX TruthValue 338 MAX-ACCESS read-only 339 STATUS current 340 DESCRIPTION 341 " This object indicates whether the HTTP protocol is 342 supported for the MTA configuration file transfer." 343 ::= { pktcMtaDevBase 9 } 344 345pktcMtaDevProvisioningTimer OBJECT-TYPE 346 SYNTAX Unsigned32 (0..30) 347 UNITS "minutes" 348 MAX-ACCESS read-write 349 STATUS current 350 351 352 353 DESCRIPTION 354 " This object defines the time interval for the provisioning 355 flow to complete. The MTA MUST finish all provisioning 356 operations starting from the moment when an MTA receives 357 its DHCP ACK and ending at the moment when the MTA 358 downloads its configuration file (e.g., MTA5 to MTA23) 359 within the period of time set by this object. 360 Failure to comply with this condition constitutes 361 a provisioning flow failure. If the object is set to 0, 362 the MTA MUST ignore the provisioning timer condition. 363 If a value is written into an instance of 364 pktcMtaDevProvisioningTimer, the agent MUST NOT retain the 365 supplied value across MTA re-initializations or reboots." 366 REFERENCE 367 " PacketCable MTA Device Provisioning Specification." 368 DEFVAL {10} 369 ::= {pktcMtaDevBase 10} 370 371pktcMtaDevProvisioningCounter OBJECT-TYPE 372 SYNTAX Counter32 373 MAX-ACCESS read-only 374 STATUS current 375 DESCRIPTION 376 "This object counts the number of times the 377 provisioning cycle has looped through step MTA-1." 378 ::= {pktcMtaDevBase 11} 379 380 pktcMtaDevErrorOidsTable OBJECT-TYPE 381 SYNTAX SEQUENCE OF PktcMtaDevErrorOidsEntry 382 MAX-ACCESS not-accessible 383 STATUS current 384 DESCRIPTION 385 " This table contains the list of configuration errors or 386 warnings the MTA encountered when parsing the 387 configuration file it received from the Provisioning 388 Server. 389 For each error, an entry is created in this table, 390 containing the configuration parameters the MTA rejected 391 and the associated reason (e.g., wrong or unknown OID, 392 inappropriate object values). If the MTA 393 did not report a provisioning state of 'pass(1)' in 394 the pktcMtaDevProvisioningState object, this table MUST be 395 populated for each error or warning instance. Even if 396 different parameters share the same error type (e.g., all 397 realm name configuration parameters are invalid), all 398 observed errors or warnings must be reported as 399 different instances. Errors are placed into the table in 400 no particular order. The table MUST be cleared each time 401 402 403 404 the MTA reboots." 405 REFERENCE 406 " PacketCable MTA Device Provisioning Specification." 407 ::= {pktcMtaDevBase 12 } 408 409pktcMtaDevErrorOidsEntry OBJECT-TYPE 410 SYNTAX PktcMtaDevErrorOidsEntry 411 MAX-ACCESS not-accessible 412 STATUS current 413 DESCRIPTION 414 " This entry contains the necessary information the MTA MUST 415 attempt to provide in case of configuration file errors or 416 warnings." 417 INDEX { pktcMtaDevErrorOidIndex } 418 ::= {pktcMtaDevErrorOidsTable 1} 419 420PktcMtaDevErrorOidsEntry ::= SEQUENCE { 421 pktcMtaDevErrorOidIndex Unsigned32, 422 pktcMtaDevErrorOid SnmpAdminString, 423 pktcMtaDevErrorValue SnmpAdminString, 424 pktcMtaDevErrorReason SnmpAdminString 425 } 426 427pktcMtaDevErrorOidIndex OBJECT-TYPE 428 SYNTAX Unsigned32 (1..1024) 429 MAX-ACCESS not-accessible 430 STATUS current 431 DESCRIPTION 432 " This object is the index of the MTA configuration error 433 table. It is an integer value that starts at value '1' 434 and is incremented for each encountered configuration 435 file error or warning. 436 437 The maximum number of errors or warnings that can be 438 recorded in the pktcMtaDevErrorOidsTable is set to 1024 as 439 a configuration file is usually validated by operators 440 before deployment. Given the possible number of 441 configuration parameter assignments in the MTA 442 configuration file, 1024 is perceived as a sufficient 443 limit even with future extensions. 444 445 If the number of the errors in the configuration file 446 exceeds 1024, all errors beyond the 1024th one MUST 447 be ignored and not be reflected in the 448 pktcMtaDevErrorOidsTable." 449 450 ::= {pktcMtaDevErrorOidsEntry 1} 451 452 453 454 455pktcMtaDevErrorOid OBJECT-TYPE 456 SYNTAX SnmpAdminString 457 MAX-ACCESS read-only 458 STATUS current 459 DESCRIPTION 460 " This object contains a human readable representation 461 (character string) of the OID corresponding to the 462 configuration file parameter that caused the particular 463 error. 464 For example, if the value of the pktcMtaDevEnabled object 465 in the configuration file caused an error, then this 466 object instance will contain the human-readable string of 467 '1.3.6.1.2.1.140.1.1.6.0'. 468 If the MTA generated an error because it was not able 469 to recognize a particular OID, then this object 470 instance would contain an empty value (zero-length 471 string). 472 For example, if the value of an OID in the configuration 473 file was interpreted by the MTA as being 1.2.3.4.5, and if 474 the MTA was not able to recognize this OID as a valid one, 475 this object instance will contain a zero-length string. 476 477 If the number of errors in the configuration file exceeds 478 1024, then for all subsequent errors, the 479 pktcMtaDevErrorOid of the table's 1024th entry MUST 480 contain a human-readable representation of the 481 pktcMtaDevErrorsTooManyErrors object; i.e., the string 482 '1.3.6.1.2.1.140.1.1.4.1.0'. 483 Note that the syntax of this object is SnmpAdminString 484 instead of OBJECT IDENTIFIER because the object value may 485 not be a valid OID due to human or configuration tool 486 encoding errors." 487 488 ::= {pktcMtaDevErrorOidsEntry 2} 489 490pktcMtaDevErrorValue OBJECT-TYPE 491 SYNTAX SnmpAdminString 492 MAX-ACCESS read-only 493 STATUS current 494 DESCRIPTION 495 " This object contains the value of the OID corresponding to 496 the configuration file parameter that caused the error. 497 If the MTA cannot recognize the OID of the 498 configuration parameter causing the error, then this 499 object instance contains the OID itself as interpreted 500 by the MTA in human-readable representation. 501 If the MTA can recognize the OID but generate an error due 502 to a wrong value of the parameter, then the object 503 504 505 506 instance contains the erroneous value of the parameter as 507 read from the configuration file. 508 In both cases, the value of this object must be 509 represented in human-readable form as a character string. 510 For example, if the value of the pktcMtaDevEnabled object 511 in the configuration file was 3 (invalid value), then the 512 pktcMtaDevErrorValue object instance will contain the 513 human-readable (string) representation of value '3'. 514 Similarly, if the OID in the configuration file has been 515 interpreted by the MTA as being 1.2.3.4.5 and the MTA 516 cannot recognize this OID as a valid one, then this 517 pktcMtaDevErrorValue object instance will contain human 518 readable (string) representation of value '1.2.3.4.5'. 519 520 If the number of errors in the configuration file exceeds 521 1024, then for all subsequent errors, the 522 pktcMtaDevErrorValue of the table's 1024th entry MUST 523 contain a human-readable representation of the 524 pktcMtaDevErrorsTooManyErrors object; i.e., the string 525 '1.3.6.1.2.1.140.1.1.4.1.0'." 526 527 ::= {pktcMtaDevErrorOidsEntry 3} 528 529pktcMtaDevErrorReason OBJECT-TYPE 530 SYNTAX SnmpAdminString 531 MAX-ACCESS read-only 532 STATUS current 533 DESCRIPTION 534 " This object indicates the reason for the error or warning, 535 as per the MTA's interpretation, in human-readable form. 536 For example: 537 'VALUE NOT IN RANGE', 'VALUE DOES NOT MATCH TYPE', 538 'UNSUPPORTED VALUE', 'LAST 4 BITS MUST BE SET TO ZERO', 539 'OUT OF MEMORY - CANNOT STORE'. 540 This object may also contain vendor specific errors for 541 private vendor OIDs and any proprietary error codes or 542 messages that can help diagnose configuration errors. 543 544 If the number of errors in the configuration file exceeds 545 1024, then for all subsequent errors, the 546 pktcMtaDevErrorReason of the table's 1024th entry MUST 547 contain a human-readable string indicating the reason 548 for an error; for example, 549 'Too many errors in the configuration file'." 550 ::= {pktcMtaDevErrorOidsEntry 4} 551 552-- 553-- The following group describes server access and parameters used 554 555 556 557-- for the initial MTA provisioning and bootstrapping phases. 558-- 559 560pktcMtaDevDhcpServerAddressType OBJECT-TYPE 561 SYNTAX InetAddressType 562 MAX-ACCESS read-only 563 STATUS current 564 DESCRIPTION 565 " This object contains the Internet address type for the 566 PacketCable DHCP servers specified in MTA MIB." 567 DEFVAL { ipv4 } 568 ::= { pktcMtaDevServer 1} 569 570pktcMtaDevServerDhcp1 OBJECT-TYPE 571 SYNTAX InetAddress 572 MAX-ACCESS read-only 573 STATUS current 574 DESCRIPTION 575 " This object contains the Internet Address of the primary 576 DHCP server the MTA uses during provisioning. 577 The type of this address is determined by the value of 578 the pktcMtaDevDhcpServerAddressType object. 579 When the latter has the value 'ipv4(1)', this object 580 contains the IP address of the primary DHCP 581 server. It is provided by the CM to the MTA via the DHCP 582 option code 122, sub-option 1, as defined in RFC 3495. 583 584 The behavior of this object when the value of 585 pktcMtaDevDhcpServerAddressType is other than 'ipv4(1)' 586 is not presently specified, but it may be specified 587 in future versions of this MIB module. 588 If this object is of value 589 0.0.0.0, the MTA MUST stop all provisioning 590 attempts, as well as all other activities. 591 If this object is of value 255.255.255.255, it means 592 that there was no preference given for the primary 593 DHCP server, and, the MTA must follow the logic of 594 RFC2131, and the value of DHCP option 122, 595 sub-option 2, must be ignored." 596 REFERENCE 597 " PacketCable MTA Device Provisioning Specification; 598 RFC 2131, Dynamic Host Configuration Protocol; 599 RFC 3495, DHCP Option for CableLabs Client Configuration." 600 ::= { pktcMtaDevServer 2 } 601 602pktcMtaDevServerDhcp2 OBJECT-TYPE 603 SYNTAX InetAddress 604 MAX-ACCESS read-only 605 606 607 608 STATUS current 609 DESCRIPTION 610 " This object contains the Internet Address of the secondary 611 DHCP server the MTA uses during provisioning. 612 The type of this address is determined by the value of 613 the pktcMtaDevDhcpServerAddressType object. 614 When the latter has the value 'ipv4(1)', this object 615 contains the IP address of the secondary DHCP 616 server. It is provided by the CM to the MTA via the DHCP 617 option code 122, sub-option 2, as defined in RFC 3495. 618 619 The behavior of this object when the value of 620 pktcMtaDevDhcpServerAddressType is other than 'ipv4(1)' 621 is not presently specified, but it may be specified 622 in future versions of this MIB module. 623 If there was no secondary DHCP server provided in DHCP 624 Option 122, sub-option 2, this object must return the value 625 0.0.0.0." 626 REFERENCE 627 " PacketCable MTA Device Provisioning Specification; 628 RFC 3495, DHCP Option for CableLabs Client Configuration." 629 ::= { pktcMtaDevServer 3 } 630 631pktcMtaDevDnsServerAddressType OBJECT-TYPE 632 SYNTAX InetAddressType 633 MAX-ACCESS read-only 634 STATUS current 635 DESCRIPTION 636 " This object contains the Internet address type for the 637 PacketCable DNS servers specified in MTA MIB." 638 DEFVAL { ipv4 } 639 ::= { pktcMtaDevServer 4} 640 641pktcMtaDevServerDns1 OBJECT-TYPE 642 SYNTAX InetAddress 643 MAX-ACCESS read-write 644 STATUS current 645 DESCRIPTION 646 " This object contains the IP Address of the primary 647 DNS server to be used by the MTA. The type of this address 648 is determined by the value of the 649 pktcMtaDevDnsServerAddressType object. 650 When the latter has the value 'ipv4(1)', this object 651 contains the IP address of the primary DNS server. 652 As defined in RFC 2132, PacketCable-compliant MTAs receive 653 the IP addresses of the DNS Servers in DHCP option 6. 654 The behavior of this object when the value of 655 pktcMtaDevDnsServerAddressType is other than 'ipv4(1)' 656 657 658 659 is not presently specified, but it may be specified 660 in future versions of this MIB module. 661 If a value is written into an instance of 662 pktcMtaDevServerDns1, the agent MUST NOT retain the 663 supplied value across MTA re-initializations or reboots." 664 REFERENCE 665 " PacketCable MTA Device Provisioning Specification; 666 RFC 2132, DHCP Options and BOOTP Vendor Extensions." 667 ::= { pktcMtaDevServer 5 } 668 669pktcMtaDevServerDns2 OBJECT-TYPE 670 SYNTAX InetAddress 671 MAX-ACCESS read-write 672 STATUS current 673 DESCRIPTION 674 " This object contains the IP Address of the secondary 675 DNS server to be used by the MTA. The type of this address 676 is determined by the value of the 677 pktcMtaDevDnsServerAddressType object. 678 When the latter has the value 'ipv4(1)', this object 679 contains the IP address of the secondary DNS 680 server. As defined in RFC 2132, PacketCable-compliant MTAs 681 receive the IP addresses of the DNS Servers in DHCP 682 option 6. 683 The behavior of this object when the value of 684 pktcMtaDevDnsServerAddressType is other than 'ipv4(1)' 685 is not presently specified, but it may be specified 686 in future versions of this MIB module. 687 If a value is written into an instance of 688 pktcMtaDevServerDns2, the agent MUST NOT retain the 689 supplied value across MTA re-initializations or reboots." 690 REFERENCE 691 " PacketCable MTA Device Provisioning Specification; 692 RFC 2132, DHCP Options and BOOTP Vendor Extensions." 693 ::= { pktcMtaDevServer 6 } 694 695pktcMtaDevTimeServerAddressType OBJECT-TYPE 696 SYNTAX InetAddressType 697 MAX-ACCESS read-only 698 STATUS current 699 DESCRIPTION 700 " This object contains the Internet address type for the 701 PacketCable Time servers specified in MTA MIB." 702 DEFVAL { ipv4 } 703 ::= { pktcMtaDevServer 7} 704 705pktcMtaDevTimeServer OBJECT-TYPE 706 SYNTAX InetAddress 707 708 709 710 MAX-ACCESS read-write 711 STATUS current 712 DESCRIPTION 713 " This object contains the Internet Address of the Time 714 Server used by an S-MTA for Time Synchronization. The type 715 of this address is determined by the value of the 716 pktcMtaDevTimeServerAddressType object. 717 When the latter has the value 'ipv4(1)', this object 718 contains the IP address of the Time Server used for Time 719 Synchronization. 720 In the case of an S-MTA, this object must be 721 populated with a value other than 0.0.0.0 as obtained 722 from DHCP option 4. The protocol by which the time of day 723 MUST be retrieved is defined in RFC 868. 724 In the case of an E-MTA, this object must contain a 725 value of 0.0.0.0 if the address type is 'ipv4(1)' since 726 an E-MTA does not use the Time Protocol for time 727 synchronization (an E-MTA uses the time retrieved by the 728 DOCSIS cable modem). 729 The behavior of this object when the value of 730 pktcMtaDevTimeServerAddressType is other than 'ipv4(1)' 731 is not presently specified, but it may be specified in 732 future versions of this MIB module. 733 If a value is written into an instance of 734 pktcMtaDevTimeServer, the agent MUST NOT retain the 735 supplied value across MTA re-initializations or reboots." 736 REFERENCE 737 " RFC 868, Time Protocol; 738 RFC 2131, Dynamic Host Configuration Protocol; 739 RFC 2132, DHCP Options and BOOTP Vendor Extensions." 740 ::= { pktcMtaDevServer 8} 741 742pktcMtaDevConfigFile OBJECT-TYPE 743 SYNTAX SnmpAdminString 744 MAX-ACCESS read-write 745 STATUS current 746 DESCRIPTION 747 " This object specifies the MTA device configuration file 748 information, including the access method, the server name, 749 and the configuration file name. The value of this object 750 is the Uniform Resource Locator (URL) of the configuration 751 file for TFTP or HTTP download. 752 If this object value is a TFTP URL, it must be formatted 753 as defined in RFC 3617. 754 If this object value is an HTTP URL, it must be formatted 755 as defined in RFC 2616. 756 If the MTA SNMP Enrollment mechanism is used, then the MTA 757 must download the file provided by the Provisioning Server 758 759 760 761 during provisioning via an SNMP SET on this object. 762 If the MTA SNMP Enrollment mechanism is not used, this 763 object MUST contain the URL value corresponding to the 764 'siaddr' and 'file' fields received in the DHCP ACK to 765 locate the configuration file: the 'siaddr' and 'file' 766 fields represent the host and file of the TFTP URL, 767 respectively. In this case, the MTA MUST return an 768 'inconsistentValue' error in response to SNMP SET 769 operations. 770 The MTA MUST return a zero-length string if the server 771 address (host part of the URL) is unknown. 772 If a value is written into an instance of 773 pktcMtaDevConfigFile, the agent MUST NOT retain the 774 supplied value across MTA re-initializations or reboots." 775 REFERENCE 776 " PacketCable MTA Device Provisioning Specification; 777 RFC 3617, URI Scheme for TFTP; RFC 2616, HTTP 1.1" 778 ::= { pktcMtaDevServer 9 } 779 780pktcMtaDevSnmpEntity OBJECT-TYPE 781 SYNTAX SnmpAdminString 782 MAX-ACCESS read-only 783 STATUS current 784 DESCRIPTION 785 " This object contains the FQDN of the SNMP entity of the 786 Provisioning Server. When the MTA SNMP Enrollment 787 Mechanism is used, this object represents the server that 788 the MTA communicates with, that it receives the 789 configuration file URL from, and that it sends the 790 enrollment notification to. The SNMP entity is also the 791 destination entity for all the provisioning 792 notifications. It may be used for post-provisioning 793 SNMP operations. During the provisioning phase, this 794 SNMP entity FQDN is supplied to the MTA via DHCP option 795 122, sub-option 3, as defined in RFC 3495. The MTA must 796 resolve the FQDN value before its very first network 797 interaction with the SNMP entity during the provisioning 798 phase." 799 800 REFERENCE 801 " PacketCable MTA Device Provisioning Specification; 802 RFC 3495, DHCP Option for CableLabs Client Configuration." 803 ::= { pktcMtaDevServer 10 } 804 805pktcMtaDevProvConfigHash OBJECT-TYPE 806 SYNTAX OCTET STRING (SIZE(20)) 807 MAX-ACCESS read-write 808 STATUS current 809 810 811 812 DESCRIPTION 813 " This object contains the hash value of the contents of the 814 configuration file. 815 The authentication algorithm is Secure Hashing Algorithm 816 1 (SHA-1), and the length is 160 bits. The hash 817 calculation MUST follow the requirements defined in the 818 PacketCable Security Specification. When the MTA SNMP 819 Enrollment mechanism is used, this hash value is 820 calculated and sent to the MTA prior to sending the 821 config file. This object value is then provided by the 822 Provisioning server via an SNMP SET operation. 823 When the MTA SNMP Enrollment mechanism is not in use, the 824 hash value is provided in the configuration file itself, 825 and it is also calculated by the MTA. This object value 826 MUST represent the hash value calculated by the MTA. 827 When the MTA SNMP Enrollment mechanism is not in use, the 828 MTA must reject all SNMP SET operations on this object and 829 return an 'inconsistentValue' error. 830 If a value is written into an instance of 831 pktcMtaDevProvConfigHash, the agent MUST NOT retain the 832 supplied value across MTA re-initializations or reboots." 833 REFERENCE 834 " PacketCable MTA Device Provisioning Specification; 835 PacketCable Security Specification." 836 ::= { pktcMtaDevServer 11 } 837 838pktcMtaDevProvConfigKey OBJECT-TYPE 839 SYNTAX OCTET STRING (SIZE(32)) 840 MAX-ACCESS read-write 841 STATUS current 842 DESCRIPTION 843 " This object contains the key used to encrypt/decrypt 844 the configuration file when secure SNMPv3 provisioning 845 is used. 846 The value of this object is provided along with the 847 configuration file information (pktcMtaDevConfigFile) 848 and hash (pktcMtaDevProvConfigHash) by the Provisioning 849 Server via SNMP SET once the configuration file has been 850 created, as defined by the PacketCable Security 851 specification. 852 853 The privacy algorithm is defined by the 854 pktcMtaDevProvConfigEncryptAlg MIB object. The 855 MTA requirements related to the privacy algorithm are 856 defined in the PacketCable Security Specification. 857 858 If this object is set at any other provisioning step than 859 that allowed by the PacketCable MTA Device 860 861 862 863 Provisioning Specification, the MTA SHOULD return 864 an 'inconsistentValue' error. 865 This object must not be used in non secure provisioning 866 mode. In non-secure provisioning modes, the MTA SHOULD 867 return an 'inconsistentValue' in response to SNMP SET 868 operations, and the MTA SHOULD return a zero-length 869 string in response to SNMP GET operations. 870 If a value is written into an instance of 871 pktcMtaDevProvConfigKey, the agent MUST NOT retain the 872 supplied value across MTA re-initializations or reboots." 873 REFERENCE 874 " PacketCable MTA Device Provisioning Specification; 875 PacketCable Security Specification." 876 ::= { pktcMtaDevServer 12 } 877 878pktcMtaDevProvConfigEncryptAlg OBJECT-TYPE 879 SYNTAX PktcMtaDevProvEncryptAlg 880 MAX-ACCESS read-write 881 STATUS current 882 DESCRIPTION 883 " This object defines the encryption algorithm used for 884 privacy protection of the MTA Configuration File content." 885 DEFVAL { des64CbcMode } 886 ::= { pktcMtaDevServer 13 } 887 888pktcMtaDevProvSolicitedKeyTimeout OBJECT-TYPE 889 SYNTAX Unsigned32 (0..180) 890 UNITS "seconds" 891 MAX-ACCESS read-write 892 STATUS current 893 DESCRIPTION 894 " This object defines a Kerberos Key Management timer on the 895 MTA. It is the time period during which the MTA saves the 896 nonce and Server Kerberos Principal Identifier to match an 897 AP Request and its associated AP Reply response from the 898 Provisioning Server. 899 After the timeout has been exceeded, the client discards 900 this (nonce, Server Kerberos Principal Identifier) pair, 901 after which it will no longer accept a matching AP Reply. 902 This timer only applies when the Provisioning Server 903 initiated key management for SNMPv3 (with a 904 Wake Up message). 905 If this object is set to a zero value, the MTA MUST return 906 an 'inconsistentValue' in response to SNMP SET operations. 907 This object should not be used in non-secure provisioning 908 modes. In non-secure provisioning modes, the MTA MUST 909 return an 'inconsistentValue' in response to SNMP SET 910 operations, and the MTA MUST return a zero value in 911 912 913 914 response to SNMP GET operations. 915 If a value is written into an instance of 916 pktcMtaDevProvSolicitedKeyTimeout, the agent MUST NOT 917 retain the supplied value across MTA re-initializations 918 or reboots." 919 DEFVAL { 3 } 920 ::= { pktcMtaDevServer 14 } 921 922--================================================================= 923-- 924-- Unsolicited key updates are retransmitted according to an 925-- exponential back-off mechanism using two timers and a maximum 926-- retry counter for AS replies. 927-- The initial retransmission timer value is the nominal timer 928-- value (pktcMtaDevProvUnsolicitedKeyNomTimeout). The 929-- retransmissions occur with an exponentially increasing interval 930-- that caps at the maximum timeout value 931-- (pktcMtaDevProvUnsolicitedKeyMaxTimeout). 932-- Retransmissions stop when the maximum retry counter is reached 933-- (pktcMtaDevProvUnsolicitedKeyMaxRetries). 934-- For example, with values of 3 seconds for the nominal 935-- timer, 100 seconds for the maximum timeout, and 8 retries max, 936-- and with an exponential value of 2, this results in 937-- retransmission intervals will be 3 s, 6 s, 12 s, 24 s, 48 s, 938-- 96 s, 100 s, and 100 s; 939-- retransmissions then stop because the maximum number of 940-- retries (8) has been reached. 941-- 942--================================================================= 943-- 944-- Timeouts for unsolicited key management updates are only 945-- pertinent before the first SNMPv3 message is sent between the 946-- MTA and the Provisioning Server and before the configuration 947-- file is loaded. 948-- 949--================================================================= 950 951pktcMtaDevProvUnsolicitedKeyMaxTimeout OBJECT-TYPE 952 SYNTAX Unsigned32 (0..600) 953 UNITS "seconds" 954 MAX-ACCESS read-only 955 STATUS current 956 DESCRIPTION 957 " This object defines the timeout value that applies to 958 an MTA-initiated AP-REQ/REP key management exchange with 959 the Provisioning Server in SNMPv3 provisioning. 960 It is the maximum timeout value, and it may not be exceeded 961 in the exponential back-off algorithm. If the DHCP option 962 963 964 965 code 122, sub-option 5, is provided to the MTA, it 966 overwrites this value. 967 In non-secure provisioning modes, the MTA MUST 968 return a zero value in response to SNMP GET 969 operations." 970 REFERENCE 971 " PacketCable Security Specification." 972 DEFVAL {600} 973 ::= { pktcMtaDevServer 15 } 974 975pktcMtaDevProvUnsolicitedKeyNomTimeout OBJECT-TYPE 976 SYNTAX Unsigned32 (0..600) 977 UNITS "seconds" 978 MAX-ACCESS read-only 979 STATUS current 980 DESCRIPTION 981 " This object defines the starting value of the timeout 982 for the AP-REQ/REP Backoff and Retry mechanism 983 with exponential timeout in SNMPv3 provisioning. 984 If the DHCP option code 122, sub-option 5, is provided 985 the MTA, it overwrites this value. 986 In non-secure provisioning modes, the MTA MUST 987 return a zero value in response to SNMP GET 988 operations." 989 REFERENCE 990 " PacketCable Security Specification." 991 DEFVAL {3} 992 ::= { pktcMtaDevServer 16} 993 994pktcMtaDevProvUnsolicitedKeyMaxRetries OBJECT-TYPE 995 SYNTAX Unsigned32 (0..32) 996 MAX-ACCESS read-only 997 STATUS current 998 DESCRIPTION 999 " This object contains a retry counter that applies to 1000 an MTA-initiated AP-REQ/REP key management exchange with 1001 the Provisioning Server in secure SNMPv3 provisioning. 1002 It is the maximum number of retries before the MTA stops 1003 attempting to establish a Security Association with 1004 Provisioning Server. 1005 If the DHCP option code 122, sub-option 5, is provided to 1006 the MTA, it overwrites this value. 1007 If this object is set to a zero value, the MTA MUST return 1008 an 'inconsistentValue' in response to SNMP SET operations. 1009 In non-secure provisioning modes, the MTA MUST 1010 return a zero value in response to SNMP GET 1011 operations." 1012 REFERENCE 1013 1014 1015 1016 " PacketCable Security Specification." 1017 DEFVAL {8} 1018 ::= { pktcMtaDevServer 17 } 1019 1020pktcMtaDevProvKerbRealmName OBJECT-TYPE 1021 SYNTAX SnmpAdminString (SIZE(1..255)) 1022 MAX-ACCESS read-only 1023 STATUS current 1024 DESCRIPTION 1025 " This object contains the name of the associated 1026 provisioning Kerberos realm acquired during the MTA4 1027 provisioning step (DHCP Ack) for SNMPv3 provisioning. 1028 The uppercase ASCII representation of the associated 1029 Kerberos realm name MUST be used by both the Manager (SNMP 1030 entity) and the MTA. 1031 The Kerberos realm name for the Provisioning Server is 1032 supplied to the MTA via DHCP option code 122, sub-option 6, 1033 as defined in RFC 3495. In secure SNMP provisioning mode, 1034 the value of the Kerberos realm name for the Provisioning 1035 Server supplied in the MTA configuration file must match 1036 the value supplied in the DHCP option code 122, 1037 sub-option 6. Otherwise, the value of this object must 1038 contain the value supplied in DHCP Option 122, 1039 sub-option 6." 1040 REFERENCE 1041 " PacketCable MTA Device Provisioning Specification; 1042 RFC 3495, DHCP Option for CableLabs Client Configuration." 1043 ::= { pktcMtaDevServer 18 } 1044 1045pktcMtaDevProvState OBJECT-TYPE 1046 SYNTAX INTEGER { 1047 operational (1), 1048 waitingForSnmpSetInfo (2), 1049 waitingForTftpAddrResponse (3), 1050 waitingForConfigFile (4) 1051 } 1052 MAX-ACCESS read-only 1053 STATUS current 1054 DESCRIPTION 1055 " This object defines the MTA provisioning state. 1056 If the state is: 1057 1058 'operational(1)', the device has completed the loading 1059 and processing of the initialization parameters. 1060 1061 'waitingForSnmpSetInfo(2)', the device is waiting on 1062 its configuration file download access information. 1063 Note that this state is only reported when the MTA 1064 1065 1066 1067 SNMP enrollment mechanism is used. 1068 1069 'waitingForTftpAddrResponse(3)', the device has sent a 1070 DNS request to resolve the server providing the 1071 configuration file, and it is awaiting for a response. 1072 Note that this state is only reported when the MTA 1073 SNMP enrollment mechanism is used. 1074 1075 'waitingForConfigFile(4)', the device has sent a 1076 request via TFTP or HTTP for the download of its 1077 configuration file, and it is awaiting for a response or 1078 the file download is in progress." 1079 REFERENCE 1080 " PacketCable MTA Device Provisioning Specification, 1081 PacketCable Security Specification." 1082 ::= { pktcMtaDevServer 19 } 1083 1084 -- 1085 -- The following object group describes the security objects. 1086 -- 1087 1088pktcMtaDevManufacturerCertificate OBJECT-TYPE 1089 SYNTAX DocsX509ASN1DEREncodedCertificate 1090 MAX-ACCESS read-only 1091 STATUS current 1092 DESCRIPTION 1093 " This object contains the MTA Manufacturer Certificate. 1094 The object value must be the ASN.1 DER encoding of the MTA 1095 manufacturer's X.509 public key certificate. The MTA 1096 Manufacturer Certificate is issued to each MTA 1097 manufacturer and is installed into each MTA at the time of 1098 manufacture or with a secure code download. The specific 1099 requirements related to this certificate are defined in 1100 the PacketCable or IPCablecom Security specifications." 1101 REFERENCE 1102 " PacketCable Security Specification." 1103 1104 ::= {pktcMtaDevSecurity 1} 1105 1106pktcMtaDevCertificate OBJECT-TYPE 1107 SYNTAX DocsX509ASN1DEREncodedCertificate 1108 MAX-ACCESS read-only 1109 STATUS current 1110 DESCRIPTION 1111 " This object contains the MTA Device Certificate. 1112 The object value must be the ASN.1 DER encoding of the 1113 MTA's X.509 public-key certificate issued by the 1114 manufacturer and installed into the MTA at the time of 1115 1116 1117 1118 manufacture or with a secure code download. 1119 This certificate contains the MTA MAC address. The 1120 specific requirements related to this certificate are 1121 defined in the PacketCable or IPCablecom Security 1122 specifications." 1123 REFERENCE 1124 " PacketCable Security Specification." 1125 ::= { pktcMtaDevSecurity 2 } 1126 1127pktcMtaDevCorrelationId OBJECT-TYPE 1128 SYNTAX Unsigned32 1129 MAX-ACCESS read-only 1130 STATUS current 1131 DESCRIPTION 1132 " This object contains a correlation ID, an arbitrary value 1133 generated by the MTA that will be exchanged as part of the 1134 device capability data to the Provisioning Application. 1135 This random value is used as an identifier to correlate 1136 related events in the MTA provisioning sequence. 1137 This value is intended for use only during the MTA 1138 initialization and configuration file download." 1139 REFERENCE 1140 " PacketCable MTA Device Provisioning Specification." 1141 ::= { pktcMtaDevSecurity 3 } 1142 1143pktcMtaDevTelephonyRootCertificate OBJECT-TYPE 1144 SYNTAX DocsX509ASN1DEREncodedCertificate 1145 MAX-ACCESS read-only 1146 STATUS current 1147 DESCRIPTION 1148 " This object contains the telephony Service Provider Root 1149 certificate. The object value is the ASN.1 DER encoding of 1150 the IP Telephony Service Provider Root X.509 public key 1151 certificate. This certification is stored in the MTA 1152 non-volatile memory and can be updated with a secure code 1153 download. This certificate is used to validate the initial 1154 AS Reply received by the MTA from the Key Distribution 1155 Center (KDC) during the MTA initialization. The specific 1156 requirements related to this certificate are defined in 1157 the PacketCable or IPCablecom Security specifications." 1158 REFERENCE 1159 " PacketCable Security Specification." 1160 ::= { pktcMtaDevSecurity 4 } 1161 1162--================================================================= 1163-- 1164-- Informative Procedures for Setting up Security Associations 1165-- 1166 1167 1168 1169-- A Security Association may be set up either via configuration or 1170-- via NCS signaling. 1171-- 1172-- I. Security association setup via configuration. 1173-- 1174-- The realm must be configured first. Associated with the realm 1175-- is a KDC. The realm table (pktcMtaDevRealmTable) indicates 1176-- information about the realm (e.g., name, organization name) and 1177-- parameters associated with KDC communications (e.g., grace 1178-- periods, AS Request/AS Reply adaptive back-off parameters). 1179-- 1180-- Once the realm is established, one or more CMS(es) may be 1181-- defined in the realm. Associated with each CMS 1182-- entry in the pktcMtaDevCmsTable is an explicit reference 1183-- to a Realm via the realm name (pktcMtaDevCmsKerbRealmName), 1184-- the FQDN of the CMS, and parameters associated with IPSec 1185-- key management with the CMS (e.g., clock skew, AP Request/ 1186-- AP Reply adaptive back-off parameters). 1187-- 1188-- II. Security association setup via NCS signaling. 1189-- 1190-- The procedure of establishing the Security Associations 1191-- for NCS signaling is described in the PacketCable Security 1192-- specification. 1193-- It involves the analysis of the pktcNcsEndPntConfigTable row 1194-- for the corresponding endpoint number and the correlation of 1195-- the CMS FQDN from this row with the CMS Table and 1196-- consequently, with the Realm Table. Both of these tables 1197-- are defined below. The pktcNcsEndPntConfigTable is defined in 1198-- the IP over Cable Data Network (IPCDN) 1199-- NCS Signaling MIB [NCSSIGMIB]. 1200-- 1201-- III. When the MTA receives wake-up or re-key messages from a 1202-- CMS, it performs key management based on the corresponding 1203-- entry in the CMS table. If the matching CMS entry does not 1204-- exist, it must ignore the wake-up or re-key messages. 1205-- 1206--================================================================= 1207--================================================================= 1208-- 1209-- pktcMtaDevRealmTable 1210-- 1211-- The pktcMtaDevRealmTable shows the KDC realms. The table is 1212-- indexed with pktcMtaDevRealmIndex. The Realm Table contains the 1213-- pktcMtaDevRealmName in conjunction with any server that needs 1214-- a Security Association with the MTA. Uppercase must be used 1215-- to compare the pktcMtaDevRealmName content. 1216-- 1217 1218 1219 1220--================================================================= 1221 1222pktcMtaDevRealmAvailSlot OBJECT-TYPE 1223 SYNTAX Unsigned32 (0..64) 1224 MAX-ACCESS read-only 1225 STATUS current 1226 DESCRIPTION 1227 " This object contains the index number of the first 1228 available entry in the realm table (pktcMtaDevRealmTable). 1229 If all the entries in the realm table have been assigned, 1230 this object contains the value of zero. 1231 A management station should create new entries in the 1232 realm table, using the following procedure: 1233 1234 First, issue a management protocol retrieval operation 1235 to determine the value of the first available index in the 1236 realm table (pktcMtaDevRealmAvailSlot). 1237 1238 Second, issue a management protocol SET operation 1239 to create an instance of the pktcMtaDevRealmStatus 1240 object by setting its value to 'createAndWait(5)'. 1241 1242 Third, if the SET operation succeeded, continue 1243 modifying the object instances corresponding to the newly 1244 created conceptual row, without fear of collision with 1245 other management stations. When all necessary conceptual 1246 columns of the row are properly populated (via SET 1247 operations or default values), the management station may 1248 SET the pktcMtaDevRealmStatus object to 'active(1)'." 1249 ::= { pktcMtaDevSecurity 5 } 1250 1251pktcMtaDevRealmTable OBJECT-TYPE 1252 SYNTAX SEQUENCE OF PktcMtaDevRealmEntry 1253 MAX-ACCESS not-accessible 1254 STATUS current 1255 DESCRIPTION 1256 " This object contains the realm table. 1257 The CMS table (pktcMtaDevCmsTable) and the realm table 1258 (pktcMtaDevRealmTable) are used for managing the MTA-CMS 1259 Security Associations. The realm table defines the 1260 Kerberos realms for the Application Servers (CMSes and the 1261 Provisioning Server)." 1262 ::= { pktcMtaDevSecurity 6 } 1263 1264pktcMtaDevRealmEntry OBJECT-TYPE 1265 SYNTAX PktcMtaDevRealmEntry 1266 MAX-ACCESS not-accessible 1267 STATUS current 1268 1269 1270 1271 DESCRIPTION 1272 " This table entry object lists the MTA security parameters 1273 for a single Kerberos realm. The conceptual rows MUST NOT 1274 persist across MTA reboots." 1275 INDEX { pktcMtaDevRealmIndex } 1276::= { pktcMtaDevRealmTable 1 } 1277 1278PktcMtaDevRealmEntry ::= SEQUENCE { 1279 pktcMtaDevRealmIndex Unsigned32, 1280 pktcMtaDevRealmName SnmpAdminString, 1281 pktcMtaDevRealmPkinitGracePeriod Unsigned32, 1282 pktcMtaDevRealmTgsGracePeriod Unsigned32, 1283 pktcMtaDevRealmOrgName LongUtf8String, 1284 pktcMtaDevRealmUnsolicitedKeyMaxTimeout Unsigned32, 1285 pktcMtaDevRealmUnsolicitedKeyNomTimeout Unsigned32, 1286 pktcMtaDevRealmUnsolicitedKeyMaxRetries Unsigned32, 1287 pktcMtaDevRealmStatus RowStatus 1288 } 1289 1290pktcMtaDevRealmIndex OBJECT-TYPE 1291 SYNTAX Unsigned32 (1..64) 1292 MAX-ACCESS not-accessible 1293 STATUS current 1294 DESCRIPTION 1295 " This object defines the realm table index." 1296 ::= { pktcMtaDevRealmEntry 1} 1297 1298pktcMtaDevRealmName OBJECT-TYPE 1299 SYNTAX SnmpAdminString (SIZE(1..255)) 1300 MAX-ACCESS read-create 1301 STATUS current 1302 DESCRIPTION 1303 " This object identifies the Kerberos realm name in all 1304 capitals. The MTA MUST prohibit the instantiation of any 1305 two rows with identical Kerberos realm names. The MTA MUST 1306 also verify that any search operation involving Kerberos 1307 realm names is done using the uppercase ASCII 1308 representation of the characters." 1309 ::= { pktcMtaDevRealmEntry 2 } 1310 1311pktcMtaDevRealmPkinitGracePeriod OBJECT-TYPE 1312 SYNTAX Unsigned32 (15..600) 1313 UNITS "minutes" 1314 MAX-ACCESS read-create 1315 STATUS current 1316 DESCRIPTION 1317 " This object contains the PKINIT Grace Period. For the 1318 purpose of key management with Application Servers (CMSes 1319 1320 1321 1322 or the Provisioning Server), the MTA must utilize the 1323 PKINIT exchange to obtain Application Server tickets. The 1324 MTA may utilize the PKINIT exchange to obtain Ticket 1325 Granting Tickets (TGTs), which are then used to obtain 1326 Application Server tickets in a TGS exchange. 1327 The PKINIT exchange occurs according to the current Ticket 1328 Expiration Time (TicketEXP) and on the PKINIT Grace Period 1329 (PKINITGP). The MTA MUST initiate the PKINIT exchange at 1330 the time: TicketEXP - PKINITGP." 1331 REFERENCE 1332 " PacketCable Security Specification." 1333 DEFVAL { 15 } 1334 ::= { pktcMtaDevRealmEntry 3 } 1335 1336pktcMtaDevRealmTgsGracePeriod OBJECT-TYPE 1337 SYNTAX Unsigned32 (1..600) 1338 UNITS "minutes" 1339 MAX-ACCESS read-create 1340 STATUS current 1341 DESCRIPTION 1342 " This object contains the Ticket Granting Server Grace 1343 Period (TGSGP). The Ticket Granting Server (TGS) 1344 Request/Reply exchange may be performed by the MTA 1345 on demand whenever an Application Server ticket is 1346 needed to establish security parameters. If the MTA 1347 possesses a ticket that corresponds to the Provisioning 1348 Server or a CMS that currently exists in the CMS table, 1349 the MTA MUST initiate the TGS Request/Reply exchange 1350 at the time: TicketEXP - TGSGP." 1351 REFERENCE 1352 " PacketCable Security Specification." 1353 DEFVAL { 10 } 1354 ::= { pktcMtaDevRealmEntry 4 } 1355 1356pktcMtaDevRealmOrgName OBJECT-TYPE 1357 SYNTAX LongUtf8String 1358 MAX-ACCESS read-create 1359 STATUS current 1360 DESCRIPTION 1361 " This object contains the X.500 organization name attribute 1362 as defined in the subject name of the service provider 1363 certificate." 1364 REFERENCE 1365 " PacketCable Security Specification; 1366 RFCs 3280 and 4630, Internet X.509 Public Key 1367 Infrastructure Certificate and Certificate Revocation List 1368 (CRL) Profile" 1369 ::= { pktcMtaDevRealmEntry 5 } 1370 1371 1372 1373 1374pktcMtaDevRealmUnsolicitedKeyMaxTimeout OBJECT-TYPE 1375 SYNTAX Unsigned32 (1..600) 1376 UNITS "seconds" 1377 MAX-ACCESS read-create 1378 STATUS current 1379 DESCRIPTION 1380 " This object specifies the maximum time the MTA will 1381 attempt to perform the exponential back-off algorithm. 1382 This timer only applies when the MTA initiated key 1383 management. If the DHCP option code 122, sub-option 4, is 1384 provided to the MTA, it overwrites this value. 1385 1386 Unsolicited key updates are retransmitted according to an 1387 exponential back-off mechanism using two timers and a 1388 maximum retry counter for AS replies. 1389 The initial retransmission timer value is the nominal 1390 timer value (pktcMtaDevRealmUnsolicitedKeyNomTimeout). The 1391 retransmissions occur with an exponentially increasing 1392 interval that caps at the maximum timeout value 1393 (pktcMtaDevRealmUnsolicitedKeyMaxTimeout). 1394 Retransmissions stop when the maximum retry counter is 1395 reached (pktcMatDevRealmUnsolicitedMaxRetries). 1396 1397 For example, with values of 3 seconds for the nominal 1398 timer, 20 seconds for the maximum timeout, and 5 retries 1399 max, retransmission intervals will be 3 s, 6 s, 1400 12 s, 20 s, and 20 s, and retransmissions then stop because 1401 the maximum number of retries has been reached." 1402 REFERENCE 1403 " PacketCable Security Specification." 1404 DEFVAL { 100 } 1405 ::= { pktcMtaDevRealmEntry 6 } 1406 1407pktcMtaDevRealmUnsolicitedKeyNomTimeout OBJECT-TYPE 1408 SYNTAX Unsigned32 (100..600000) 1409 UNITS "milliseconds" 1410 MAX-ACCESS read-create 1411 STATUS current 1412 DESCRIPTION 1413 " This object specifies the initial timeout value 1414 for the AS-REQ/AS-REP exponential back-off and retry 1415 mechanism. If the DHCP option code 122, sub-option 4, is 1416 provided to the MTA, it overwrites this value. 1417 This value should account for the average roundtrip 1418 time between the MTA and the KDC, as well as the 1419 processing delay on the KDC. 1420 1421 1422 1423 1424 Unsolicited key updates are retransmitted according to an 1425 exponential back-off mechanism using two timers and a 1426 maximum retry counter for AS replies. 1427 The initial retransmission timer value is the nominal 1428 timer value (pktcMtaDevRealmUnsolicitedKeyNomTimeout). The 1429 retransmissions occur with an exponentially increasing 1430 interval that caps at the maximum timeout value 1431 (pktcMtaDevRealmUnsolicitedKeyMaxTimeout). 1432 Retransmissions stop when the maximum retry counter is 1433 reached (pktcMatDevRealmUnsolicitedMaxRetries). 1434 1435 For example, with values of 3 seconds for the nominal 1436 timer, 20 seconds for the maximum timeout, and 5 retries 1437 max, in retransmission intervals will be 3 s, 6 s, 1438 12 s, 20 s, and 20 s; retransmissions then stop because 1439 the maximum number of retries has been reached." 1440 REFERENCE 1441 " PacketCable Security Specification." 1442 DEFVAL { 3000 } 1443 ::= { pktcMtaDevRealmEntry 7 } 1444 1445pktcMtaDevRealmUnsolicitedKeyMaxRetries OBJECT-TYPE 1446 SYNTAX Unsigned32 (0..1024) 1447 MAX-ACCESS read-create 1448 STATUS current 1449 DESCRIPTION 1450 " This object specifies the maximum number of retries the 1451 MTA attempts to obtain a ticket from the KDC. 1452 1453 Unsolicited key updates are retransmitted according to an 1454 exponential back-off mechanism using two timers and a 1455 maximum retry counter for AS replies. 1456 The initial retransmission timer value is the nominal 1457 timer value (pktcMtaDevRealmUnsolicitedKeyNomTimeout). The 1458 retransmissions occur with an exponentially increasing 1459 interval that caps at the maximum timeout value 1460 (pktcMtaDevRealmUnsolicitedKeyMaxTimeout). 1461 Retransmissions stop when the maximum retry counter is 1462 reached (pktcMatDevRealmUnsolicitedMaxRetries). 1463 1464 For example, with values of 3 seconds for the nominal 1465 timer, 20 seconds for the maximum timeout, and 5 retries 1466 max, retransmission intervals will be 3 s, 6 s, 1467 12 s, 20 s, and 20 s; retransmissions then stop because 1468 the maximum number of retries has been reached." 1469 REFERENCE 1470 " PacketCable Security Specification." 1471 DEFVAL { 5 } 1472 1473 1474 1475 ::= { pktcMtaDevRealmEntry 8 } 1476 1477pktcMtaDevRealmStatus OBJECT-TYPE 1478 SYNTAX RowStatus 1479 MAX-ACCESS read-create 1480 STATUS current 1481 DESCRIPTION 1482 " This object defines the row status of this realm in the 1483 realm table (pktcMtaDevRealmTable). 1484 1485 An entry in this table is not qualified for activation 1486 until the object instances of all corresponding columns 1487 have been initialized, either by default values, or via 1488 explicit SET operations. Until all object instances in 1489 this row are initialized, the status value for this realm 1490 must be 'notReady(3)'. 1491 In particular, two columnar objects must be explicitly 1492 SET: the realm name (pktcMtaDevRealmName) and the 1493 organization name (pktcMtaDevRealmOrgName). Once these 2 1494 objects have been set and the row status is SET to 1495 'active(1)', the MTA MUST NOT allow any modification of 1496 these 2 object values. 1497 The value of this object has no effect on whether other 1498 columnar objects in this row can be modified." 1499 ::= { pktcMtaDevRealmEntry 9 } 1500 1501--================================================================= 1502-- 1503-- The CMS table, pktcMtaDevCmsTable 1504-- 1505-- The CMS table and the realm table (pktcMtaDevRealmTable) are used 1506-- for managing the MTA signaling security. The CMS table defines 1507-- the CMSes the MTA is allowed to communicate with and contains 1508-- the parameters describing the SA establishment between the MTA 1509-- and a CMS. 1510-- The CMS table is indexed by pktcMtaDevCmsIndex. The table 1511-- contains the CMS FQDN (pktcMtaDevCmsFQDN) and the associated 1512-- Kerberos realm name (pktcMtaDevCmsKerbRealmName) so that the MTA 1513-- can find the corresponding Kerberos realm name in the 1514-- pktcMtaDevRealmTable. 1515-- 1516--================================================================= 1517 1518pktcMtaDevCmsAvailSlot OBJECT-TYPE 1519 SYNTAX Unsigned32 (0..128) 1520 MAX-ACCESS read-only 1521 STATUS current 1522 DESCRIPTION 1523 1524 1525 1526 " This object contains the index number of the first 1527 available entry in the CMS table (pktcMtaDevCmsTable). 1528 If all the entries in the CMS table have been assigned, 1529 this object contains the value of zero. 1530 A management station should create new entries in the 1531 CMS table, using the following procedure: 1532 1533 First, issue a management protocol retrieval operation 1534 to determine the value of the first available index in the 1535 CMS table (pktcMtaDevCmsAvailSlot). 1536 1537 Second, issue a management protocol SET operation 1538 to create an instance of the pktcMtaDevCmsStatus 1539 object by setting its value to 'createAndWait(5)'. 1540 1541 Third, if the SET operation succeeded, continue 1542 modifying the object instances corresponding to the newly 1543 created conceptual row, without fear of collision with 1544 other management stations. When all necessary conceptual 1545 columns of the row are properly populated (via SET 1546 operations or default values), the management station may 1547 SET the pktcMtaDevCmsStatus object to 'active(1)'." 1548 ::= { pktcMtaDevSecurity 7 } 1549 1550pktcMtaDevCmsTable OBJECT-TYPE 1551 SYNTAX SEQUENCE OF PktcMtaDevCmsEntry 1552 MAX-ACCESS not-accessible 1553 STATUS current 1554 DESCRIPTION 1555 " This object defines the CMS table. 1556 The CMS table (pktcMtaDevCmsTable) and the realm table 1557 (pktcMtaDevRealmTable) are used for managing security 1558 between the MTA and CMSes. Each CMS table entry defines 1559 a CMS the managed MTA is allowed to communicate with 1560 and contains security parameters for key management with 1561 that CMS." 1562 ::= { pktcMtaDevSecurity 8 } 1563 1564pktcMtaDevCmsEntry OBJECT-TYPE 1565 SYNTAX PktcMtaDevCmsEntry 1566 MAX-ACCESS not-accessible 1567 STATUS current 1568 DESCRIPTION 1569 " This table entry object lists the MTA key management 1570 parameters used when establishing Security Associations 1571 with a CMS. The conceptual rows MUST NOT persist across 1572 MTA reboots." 1573 INDEX { pktcMtaDevCmsIndex } 1574 1575 1576 1577 ::= { pktcMtaDevCmsTable 1 } 1578 1579PktcMtaDevCmsEntry ::= SEQUENCE { 1580 pktcMtaDevCmsIndex Unsigned32, 1581 pktcMtaDevCmsFqdn SnmpAdminString, 1582 pktcMtaDevCmsKerbRealmName SnmpAdminString, 1583 pktcMtaDevCmsMaxClockSkew Unsigned32, 1584 pktcMtaDevCmsSolicitedKeyTimeout Unsigned32, 1585 pktcMtaDevCmsUnsolicitedKeyMaxTimeout Unsigned32, 1586 pktcMtaDevCmsUnsolicitedKeyNomTimeout Unsigned32, 1587 pktcMtaDevCmsUnsolicitedKeyMaxRetries Unsigned32, 1588 pktcMtaDevCmsIpsecCtrl TruthValue, 1589 pktcMtaDevCmsStatus RowStatus 1590 } 1591 1592pktcMtaDevCmsIndex OBJECT-TYPE 1593 SYNTAX Unsigned32 (1..128) 1594 MAX-ACCESS not-accessible 1595 STATUS current 1596 DESCRIPTION 1597 " This object defines the CMS table index." 1598 ::= { pktcMtaDevCmsEntry 1 } 1599 1600pktcMtaDevCmsFqdn OBJECT-TYPE 1601 SYNTAX SnmpAdminString (SIZE(1..255)) 1602 MAX-ACCESS read-create 1603 STATUS current 1604 DESCRIPTION 1605 " This object specifies the CMS FQDN. The MTA must 1606 prohibit the instantiation of any two rows with identical 1607 FQDNs. The MTA must also verify that any search and/or 1608 comparison operation involving a CMS FQDN is case 1609 insensitive. The MTA must resolve the CMS FQDN as required 1610 by the corresponding PacketCable Specifications." 1611 REFERENCE 1612 " PacketCable MTA Device Provisioning Specification; 1613 PacketCable Security Specification; 1614 PacketCable Network-Based Call Signaling Protocol 1615 Specification." 1616 ::= { pktcMtaDevCmsEntry 2 } 1617 1618pktcMtaDevCmsKerbRealmName OBJECT-TYPE 1619 SYNTAX SnmpAdminString (SIZE(1..255)) 1620 MAX-ACCESS read-create 1621 STATUS current 1622 DESCRIPTION 1623 " This object identifies the Kerberos realm name in uppercase 1624 characters associated with the CMS defined in this 1625 1626 1627 1628 conceptual row. The object value is a reference 1629 point to the corresponding Kerberos realm name in the 1630 realm table (pktcMtaDevRealmTable)." 1631 ::= { pktcMtaDevCmsEntry 3 } 1632 1633pktcMtaDevCmsMaxClockSkew OBJECT-TYPE 1634 SYNTAX Unsigned32 (1..1800) 1635 UNITS "seconds" 1636 MAX-ACCESS read-create 1637 STATUS current 1638 DESCRIPTION 1639 " This object specifies the maximum allowable clock skew 1640 between the MTA and the CMS defined in this row." 1641 DEFVAL { 300 } 1642 ::= { pktcMtaDevCmsEntry 4 } 1643 1644pktcMtaDevCmsSolicitedKeyTimeout OBJECT-TYPE 1645 SYNTAX Unsigned32 (100..30000) 1646 UNITS "milliseconds" 1647 MAX-ACCESS read-create 1648 STATUS current 1649 DESCRIPTION 1650 " This object defines a Kerberos Key Management timer on the 1651 MTA. It is the time period during which the MTA saves the 1652 nonce and Server Kerberos Principal Identifier to match an 1653 AP Request and its associated AP Reply response from the 1654 CMS. This timer only applies when the CMS initiated key 1655 management (with a Wake Up message or a Rekey message)." 1656 REFERENCE 1657 " PacketCable Security Specification." 1658 DEFVAL { 1000 } 1659 ::= { pktcMtaDevCmsEntry 5 } 1660 1661--================================================================= 1662-- 1663-- Unsolicited key updates are retransmitted according to an 1664-- exponential back-off mechanism using two timers and a maximum 1665-- retry counter for AS replies. 1666-- The initial retransmission timer value is the nominal timer 1667-- value (pktcMtaDevCmsUnsolicitedKeyNomTimeout). The 1668-- retransmissions occur with an exponentially increasing interval 1669-- that caps at the maximum timeout value 1670-- (pktcMtaDevCmsUnsolicitedKeyMaxTimeout). 1671-- Retransmissions stop when the maximum retry counter is reached 1672-- (pktcMatDevCmsUnsolicitedMaxRetries). 1673-- For example, with values of 3 seconds for the nominal 1674-- timer, 20 seconds for the maximum timeout, and 5 retries max, 1675-- retransmission intervals will be 3 s, 6 s, 12 s, 1676 1677 1678 1679-- 20 s, and 20 s; retransmissions then stop due to the 1680-- maximum number of retries reached. 1681-- 1682--================================================================= 1683 1684pktcMtaDevCmsUnsolicitedKeyMaxTimeout OBJECT-TYPE 1685 SYNTAX Unsigned32 (1..600) 1686 UNITS "seconds" 1687 MAX-ACCESS read-create 1688 STATUS current 1689 DESCRIPTION 1690 " This object defines the timeout value that only applies 1691 to an MTA-initiated key management exchange. It is the 1692 maximum timeout, and it may not be exceeded in the 1693 exponential back-off algorithm." 1694 REFERENCE 1695 " PacketCable Security Specification." 1696 DEFVAL { 600 } 1697 ::= { pktcMtaDevCmsEntry 6 } 1698 1699pktcMtaDevCmsUnsolicitedKeyNomTimeout OBJECT-TYPE 1700 SYNTAX Unsigned32 (100..30000) 1701 UNITS "milliseconds" 1702 MAX-ACCESS read-create 1703 STATUS current 1704 DESCRIPTION 1705 " This object defines the starting value of the timeout 1706 for an MTA-initiated key management. It should account for 1707 the average roundtrip time between the MTA and the CMS and 1708 the processing time on the CMS." 1709 REFERENCE 1710 " PacketCable Security Specification." 1711 DEFVAL { 500 } 1712 ::= { pktcMtaDevCmsEntry 7 } 1713 1714pktcMtaDevCmsUnsolicitedKeyMaxRetries OBJECT-TYPE 1715 SYNTAX Unsigned32 (0..1024) 1716 MAX-ACCESS read-create 1717 STATUS current 1718 DESCRIPTION 1719 " This object contains the maximum number of retries before 1720 the MTA stops attempting to establish a Security 1721 Association with the CMS." 1722 REFERENCE 1723 " PacketCable Security Specification." 1724 DEFVAL { 5 } 1725 ::= { pktcMtaDevCmsEntry 8 } 1726 1727 1728 1729 1730pktcMtaDevCmsIpsecCtrl OBJECT-TYPE 1731 SYNTAX TruthValue 1732 MAX-ACCESS read-only 1733 STATUS current 1734 DESCRIPTION 1735 " This object specifies the MTA IPSec control flag. 1736 If the object value is 'true', the MTA must use Kerberos 1737 Key Management and IPsec to communicate with this CMS. If 1738 it is 'false', IPSec Signaling Security and Kerberos key 1739 management are disabled for this specific CMS." 1740 DEFVAL { true } 1741 ::= { pktcMtaDevCmsEntry 9 } 1742 1743pktcMtaDevCmsStatus OBJECT-TYPE 1744 SYNTAX RowStatus 1745 MAX-ACCESS read-create 1746 STATUS current 1747 DESCRIPTION 1748 " This object defines the row status associated with this 1749 particular CMS in the CMS table (pktcMtaDevCmsTable). 1750 1751 An entry in this table is not qualified for activation 1752 until the object instances of all corresponding columns 1753 have been initialized, either by default values or via 1754 explicit SET operations. Until all object instances in 1755 this row are initialized, the status value for this realm 1756 must be 'notReady(3)'. 1757 In particular, two columnar objects must be SET: the 1758 CMS FQDN (pktcMtaDevCmsFqdn) and the Kerberos realm name 1759 (pktcMtaDevCmsKerbRealmName). Once these 2 objects have 1760 been set and the row status is SET to 'active(1)', the MTA 1761 MUST NOT allow any modification of these 2 object values. 1762 1763 The value of this object has no effect on 1764 whether other columnar objects in this row can be 1765 modified." 1766 ::= { pktcMtaDevCmsEntry 10 } 1767 1768pktcMtaDevResetKrbTickets OBJECT-TYPE 1769 SYNTAX BITS { 1770 invalidateProvOnReboot (0), 1771 invalidateAllCmsOnReboot (1) 1772 } 1773 MAX-ACCESS read-write 1774 STATUS current 1775 DESCRIPTION 1776 " This object defines a Kerberos Ticket Control Mask that 1777 instructs the MTA to invalidate the specific Application 1778 1779 1780 1781 Server Kerberos ticket(s) that are stored locally in the 1782 MTA NVRAM (non-volatile or persistent memory). 1783 If the MTA does not store Kerberos tickets in NVRAM, it 1784 MUST ignore setting of this object and MUST report a BITS 1785 value of zero when the object is read. 1786 If the MTA supports Kerberos tickets storage in NVRAM, the 1787 object value is encoded as follows: 1788 - Setting the invalidateProvOnReboot bit (bit 0) to 1 1789 means that the MTA MUST invalidate the Kerberos 1790 Application Ticket(s) for the Provisioning Application 1791 at the next MTA reboot if secure SNMP provisioning mode 1792 is used. In non-secure provisioning modes, the MTA MUST 1793 return an 'inconsistentValue' in response to SNMP SET 1794 operations with a bit 0 set to 1. 1795 - Setting the invalidateAllCmsOnReboot bit (bit 1) to 1 1796 means that the MTA MUST invalidate the Kerberos 1797 Application Ticket(s) for all CMSes currently assigned 1798 to the MTA endpoints. 1799 If a value is written into an instance of 1800 pktcMtaDevResetKrbTickets, the agent MUST retain the 1801 supplied value across an MTA re-initialization or 1802 reboot." 1803 REFERENCE 1804 "PacketCable Security Specification." 1805 DEFVAL { { } } 1806 ::= { pktcMtaDevSecurity 9 } 1807 1808-- 1809-- The following group, pktcMtaDevErrors, defines an OID 1810-- corresponding to error conditions encountered during the MTA 1811-- provisioning. 1812-- 1813 1814pktcMtaDevErrorsTooManyErrors OBJECT-IDENTITY 1815 STATUS current 1816 DESCRIPTION 1817 "This object defines the OID corresponding to the error 1818 condition when too many errors are encountered in the 1819 MTA configuration file during provisioning." 1820 ::= { pktcMtaDevErrors 1 } 1821 1822pktcMtaDevProvisioningEnrollment NOTIFICATION-TYPE 1823 OBJECTS { 1824 sysDescr, 1825 pktcMtaDevSwCurrentVers, 1826 pktcMtaDevTypeIdentifier, 1827 ifPhysAddress, 1828 pktcMtaDevCorrelationId 1829 1830 1831 1832 } 1833 STATUS current 1834 DESCRIPTION 1835 " This INFORM notification is issued by the MTA to initiate 1836 the PacketCable provisioning process when the MTA SNMP 1837 enrollment mechanism is used. 1838 It contains the system description, the current software 1839 version, the MTA device type identifier, the MTA MAC 1840 address (obtained in the MTA ifTable in the ifPhysAddress 1841 object that corresponds to the ifIndex 1), and a 1842 correlation ID." 1843 ::= { pktcMtaNotification 1 } 1844 1845pktcMtaDevProvisioningStatus NOTIFICATION-TYPE 1846 OBJECTS { 1847 ifPhysAddress, 1848 pktcMtaDevCorrelationId, 1849 pktcMtaDevProvisioningState 1850 } 1851 STATUS current 1852 DESCRIPTION 1853 " This INFORM notification may be issued by the MTA to 1854 confirm the completion of the PacketCable provisioning 1855 process, and to report its provisioning completion 1856 status. 1857 It contains the MTA MAC address (obtained in the MTA 1858 ifTable in the ifPhysAddress object that corresponds 1859 to the ifIndex 1), a correlation ID and the MTA 1860 provisioning state as defined in 1861 pktcMtaDevProvisioningState." 1862 ::= { pktcMtaNotification 2 } 1863 1864-- 1865-- Compliance Statements 1866-- 1867 1868pktcMtaCompliances OBJECT IDENTIFIER ::= { pktcMtaConformance 1 } 1869pktcMtaGroups OBJECT IDENTIFIER ::= { pktcMtaConformance 2 } 1870 1871pktcMtaBasicCompliance MODULE-COMPLIANCE 1872 STATUS current 1873 DESCRIPTION 1874 " The compliance statement for MTA devices that implement 1875 PacketCable or IPCablecom requirements. 1876 1877 This compliance statement applies to MTA implementations 1878 that support PacketCable 1.0 or IPCablecom requirements, 1879 which are not IPv6-capable at the time of this 1880 1881 1882 1883 RFC publication." 1884 1885 MODULE -- Unconditionally mandatory groups for MTAs 1886 1887 MANDATORY-GROUPS { 1888 pktcMtaGroup, 1889 pktcMtaNotificationGroup 1890 } 1891 1892 OBJECT pktcMtaDevDhcpServerAddressType 1893 SYNTAX InetAddressType { ipv4(1) } 1894 DESCRIPTION 1895 " Support for address types other than 'ipv4(1)' 1896 is not presently specified and therefore is not 1897 required. It may be defined in future versions of 1898 this MIB module." 1899 1900 OBJECT pktcMtaDevDnsServerAddressType 1901 SYNTAX InetAddressType { ipv4(1) } 1902 DESCRIPTION 1903 " Support for address types other than 'ipv4(1)' 1904 is not presently specified and therefore is not 1905 required. It may be defined in future versions of 1906 this MIB module." 1907 1908 OBJECT pktcMtaDevTimeServerAddressType 1909 SYNTAX InetAddressType { ipv4(1) } 1910 DESCRIPTION 1911 " Support for address types other than 'ipv4(1)' 1912 is not presently specified and therefore is not 1913 required. It may be defined in future versions of 1914 this MIB module." 1915 1916 OBJECT pktcMtaDevServerDhcp1 1917 SYNTAX InetAddress (SIZE(4)) 1918 DESCRIPTION 1919 "An implementation is only required to support IPv4 1920 addresses. Other address types support may be defined in 1921 future versions of this MIB module." 1922 1923 OBJECT pktcMtaDevServerDhcp2 1924 SYNTAX InetAddress (SIZE(4)) 1925 DESCRIPTION 1926 "An implementation is only required to support IPv4 1927 addresses. Other address types support may be defined in 1928 future versions of this MIB module." 1929 1930 OBJECT pktcMtaDevServerDns1 1931 1932 1933 1934 SYNTAX InetAddress (SIZE(4)) 1935 DESCRIPTION 1936 "An implementation is only required to support IPv4 1937 addresses. Other address types support may be defined in 1938 future versions of this MIB module." 1939 1940 OBJECT pktcMtaDevServerDns2 1941 SYNTAX InetAddress (SIZE(4)) 1942 DESCRIPTION 1943 "An implementation is only required to support IPv4 1944 addresses. Other address types support may be defined in 1945 future versions of this MIB module." 1946 1947 OBJECT pktcMtaDevTimeServer 1948 SYNTAX InetAddress (SIZE(4)) 1949 DESCRIPTION 1950 "An implementation is only required to support IPv4 1951 addresses. Other address types support may be defined in 1952 future versions of this MIB module." 1953 1954 OBJECT pktcMtaDevProvConfigEncryptAlg 1955 SYNTAX PktcMtaDevProvEncryptAlg 1956 DESCRIPTION 1957 "An implementation is only required to support 1958 values of none(0) and des64Cbcmode(1). 1959 An IV of zero is used to encrypt in des64Cbcmode, and 1960 the length of pktcMtaDevProvConfigKey is 64 bits, as 1961 defined in the PacketCable Security specification. 1962 Other encryption types may be defined in future 1963 versions of this MIB module." 1964 1965 OBJECT pktcMtaDevRealmOrgName 1966 SYNTAX LongUtf8String (SIZE (1..384)) 1967 DESCRIPTION 1968 "The Organization Name field in X.509 certificates 1969 can contain up to 64 UTF-8 encoded characters, 1970 as defined in RFCs 3280 and 4630. Therefore, compliant 1971 devices are only required to support Organization 1972 Name values of up to 64 UTF-8 encoded characters. 1973 Given that RFCs 3280 and 4630 define the UTF-8 encoding, 1974 compliant devices must support a maximum size of 384 1975 octets for pktcMtaDevRealmOrgName. The calculation of 1976 384 octets comes from the RFC 3629 UTF-8 encoding 1977 definition whereby the UTF-8 encoded characters 1978 are encoded as sequences of 1 to 6 octets, 1979 assuming that code points as high as 0x7ffffffff 1980 might be used. Subsequent versions of Unicode and ISO 1981 10646 have limited the upper bound to 0x10ffff. 1982 1983 1984 1985 Consequently, the current version of UTF-8, defined in 1986 RFC 3629, does not require more than four octets to 1987 encode a valid code point." 1988 1989 ::= { pktcMtaCompliances 1 } 1990 1991pktcMtaGroup OBJECT-GROUP 1992 OBJECTS { 1993 pktcMtaDevResetNow, 1994 pktcMtaDevSerialNumber, 1995 pktcMtaDevSwCurrentVers, 1996 pktcMtaDevFQDN, 1997 pktcMtaDevEndPntCount, 1998 pktcMtaDevEnabled, 1999 pktcMtaDevProvisioningCounter, 2000 pktcMtaDevErrorOid, 2001 pktcMtaDevErrorValue, 2002 pktcMtaDevErrorReason, 2003 pktcMtaDevTypeIdentifier, 2004 pktcMtaDevProvisioningState, 2005 pktcMtaDevHttpAccess, 2006 pktcMtaDevCertificate, 2007 pktcMtaDevCorrelationId, 2008 pktcMtaDevManufacturerCertificate, 2009 pktcMtaDevDhcpServerAddressType, 2010 pktcMtaDevDnsServerAddressType, 2011 pktcMtaDevTimeServerAddressType, 2012 pktcMtaDevProvConfigEncryptAlg, 2013 pktcMtaDevServerDhcp1, 2014 pktcMtaDevServerDhcp2, 2015 pktcMtaDevServerDns1, 2016 pktcMtaDevServerDns2, 2017 pktcMtaDevTimeServer, 2018 pktcMtaDevConfigFile, 2019 pktcMtaDevSnmpEntity, 2020 pktcMtaDevRealmPkinitGracePeriod, 2021 pktcMtaDevRealmTgsGracePeriod, 2022 pktcMtaDevRealmAvailSlot, 2023 pktcMtaDevRealmName, 2024 pktcMtaDevRealmOrgName, 2025 pktcMtaDevRealmUnsolicitedKeyMaxTimeout, 2026 pktcMtaDevRealmUnsolicitedKeyNomTimeout, 2027 pktcMtaDevRealmUnsolicitedKeyMaxRetries, 2028 pktcMtaDevRealmStatus, 2029 pktcMtaDevCmsAvailSlot, 2030 pktcMtaDevCmsFqdn, 2031 pktcMtaDevCmsKerbRealmName, 2032 pktcMtaDevCmsUnsolicitedKeyMaxTimeout, 2033 2034 2035 2036 pktcMtaDevCmsUnsolicitedKeyNomTimeout, 2037 pktcMtaDevCmsUnsolicitedKeyMaxRetries, 2038 pktcMtaDevCmsSolicitedKeyTimeout, 2039 pktcMtaDevCmsMaxClockSkew, 2040 pktcMtaDevCmsIpsecCtrl, 2041 pktcMtaDevCmsStatus, 2042 pktcMtaDevResetKrbTickets, 2043 pktcMtaDevProvUnsolicitedKeyMaxTimeout, 2044 pktcMtaDevProvUnsolicitedKeyNomTimeout, 2045 pktcMtaDevProvUnsolicitedKeyMaxRetries, 2046 pktcMtaDevProvKerbRealmName, 2047 pktcMtaDevProvSolicitedKeyTimeout, 2048 pktcMtaDevProvConfigHash, 2049 pktcMtaDevProvConfigKey, 2050 pktcMtaDevProvState, 2051 pktcMtaDevProvisioningTimer, 2052 pktcMtaDevTelephonyRootCertificate 2053 } 2054 STATUS current 2055 DESCRIPTION 2056 " A collection of objects for managing PacketCable or 2057 IPCablecom MTA implementations." 2058 ::= { pktcMtaGroups 1 } 2059 2060pktcMtaNotificationGroup NOTIFICATION-GROUP 2061 NOTIFICATIONS { 2062 pktcMtaDevProvisioningStatus, 2063 pktcMtaDevProvisioningEnrollment 2064 } 2065 STATUS current 2066 DESCRIPTION 2067 " A collection of notifications dealing with the change of 2068 MTA provisioning status." 2069 ::= { pktcMtaGroups 2 } 2070 2071pktcMtaBasicSmtaCompliance MODULE-COMPLIANCE 2072 STATUS current 2073 DESCRIPTION 2074 " The compliance statement for S-MTA devices 2075 that implement PacketCable or IPCablecom requirements. 2076 2077 This compliance statement applies to S-MTA implementations 2078 that support PacketCable or IPCablecom requirements, 2079 which are not IPv6-capable at the time of this 2080 RFC publication." 2081 2082 MODULE -- Unconditionally Mandatory Groups for S-MTA devices 2083 MANDATORY-GROUPS { 2084 2085 2086 2087 pktcMtaGroup, 2088 pktcMtaNotificationGroup 2089 } 2090 2091 OBJECT pktcMtaDevDhcpServerAddressType 2092 SYNTAX InetAddressType { ipv4(1) } 2093 DESCRIPTION 2094 " Support for address types other than 'ipv4(1)' 2095 is not presently specified and therefore is not 2096 required. It may be defined in future versions of 2097 this MIB module." 2098 2099 OBJECT pktcMtaDevDnsServerAddressType 2100 SYNTAX InetAddressType { ipv4(1) } 2101 DESCRIPTION 2102 " Support for address types other than 'ipv4(1)' 2103 is not presently specified and therefore is not 2104 required. It may be defined in future versions of 2105 this MIB module." 2106 2107 OBJECT pktcMtaDevTimeServerAddressType 2108 SYNTAX InetAddressType { ipv4(1) } 2109 DESCRIPTION 2110 " Support for address types other than 'ipv4(1)' 2111 is not presently specified and therefore is not 2112 required. It may be defined in future versions of 2113 this MIB module." 2114 2115 OBJECT pktcMtaDevServerDhcp1 2116 SYNTAX InetAddress (SIZE(4)) 2117 DESCRIPTION 2118 "An implementation is only required to support IPv4 2119 addresses. Other address types support may be defined in 2120 future versions of this MIB module." 2121 2122 OBJECT pktcMtaDevServerDhcp2 2123 SYNTAX InetAddress (SIZE(4)) 2124 DESCRIPTION 2125 "An implementation is only required to support IPv4 2126 addresses. Other address types support may be defined in 2127 future versions of this MIB module." 2128 2129 OBJECT pktcMtaDevServerDns1 2130 SYNTAX InetAddress (SIZE(4)) 2131 DESCRIPTION 2132 "An implementation is only required to support IPv4 2133 addresses. Other address types support may be defined in 2134 future versions of this MIB module." 2135 2136 2137 2138 2139 OBJECT pktcMtaDevServerDns2 2140 SYNTAX InetAddress (SIZE(4)) 2141 DESCRIPTION 2142 "An implementation is only required to support IPv4 2143 addresses. Other address types support may be defined in 2144 future versions of this MIB module." 2145 2146 OBJECT pktcMtaDevTimeServer 2147 SYNTAX InetAddress (SIZE(4)) 2148 DESCRIPTION 2149 "An implementation is only required to support IPv4 2150 addresses. Other address types support may be defined in 2151 future versions of this MIB module." 2152 2153 OBJECT pktcMtaDevProvConfigEncryptAlg 2154 SYNTAX PktcMtaDevProvEncryptAlg 2155 DESCRIPTION 2156 "An implementation is only required to support 2157 values of none(0) and des64Cbcmode(1). 2158 An IV of zero is used to encrypt in des64Cbcmode, and 2159 the length of pktcMtaDevProvConfigKey is 64 bits, as 2160 defined in the PacketCable Security specification. 2161 Other encryption types may be defined in future 2162 versions of this MIB module." 2163 2164 OBJECT pktcMtaDevRealmOrgName 2165 SYNTAX LongUtf8String (SIZE (1..384)) 2166 DESCRIPTION 2167 "The Organization Name field in X.509 certificates 2168 can contain up to 64 UTF-8 encoded characters, as 2169 defined in RFCs 3280 and 4630. Therefore, compliant 2170 devices are only required to support Organization 2171 Name values of up to 64 UTF-8 encoded characters. 2172 Given that RFCs 3280 and 4630 define the UTF-8 encoding, 2173 compliant devices must support a maximum size of 384 2174 octets for pktcMtaDevRealmOrgName. The calculation of 2175 384 octets comes from the RFC 3629 UTF-8 encoding 2176 definition whereby the UTF-8 encoded characters 2177 are encoded as sequences of 1 to 6 octets, 2178 assuming that code points as high as 0x7ffffffff 2179 might be used. Subsequent versions of Unicode and ISO 2180 10646 have limited the upper bound to 0x10ffff. 2181 Consequently, the current version of UTF-8, defined in 2182 RFC 3629 does not require more than four octets to 2183 encode a valid code point." 2184 MODULE DOCS-CABLE-DEVICE-MIB 2185 MANDATORY-GROUPS { 2186 2187 2188 2189 docsDevSoftwareGroupV2 2190 } 2191 2192 MODULE DOCS-IETF-BPI2-MIB 2193 MANDATORY-GROUPS { 2194 docsBpi2CodeDownloadGroup 2195 } 2196 2197 ::= { pktcMtaCompliances 2 } 2198 2199END 2200