1-- ***************************************************************** 2-- CISCO-TRUSTSEC-INTERFACE-MIB.my 3-- 4-- February 2010, Liwei Lue 5-- 6-- Copyright (c) 2010-2012, 2014 by Cisco Systems Inc. 7-- All rights reserved. 8-- ***************************************************************** 9 10CISCO-TRUSTSEC-INTERFACE-MIB DEFINITIONS ::= BEGIN 11 12IMPORTS 13 MODULE-IDENTITY, 14 OBJECT-TYPE, 15 NOTIFICATION-TYPE, 16 Counter32, 17 Integer32, 18 Unsigned32 19 FROM SNMPv2-SMI 20 MODULE-COMPLIANCE, 21 OBJECT-GROUP, 22 NOTIFICATION-GROUP 23 FROM SNMPv2-CONF 24 StorageType, 25 RowStatus, 26 TruthValue, 27 DateAndTime, 28 TEXTUAL-CONVENTION 29 FROM SNMPv2-TC 30 ifIndex, 31 ifName 32 FROM IF-MIB 33 SnmpAdminString 34 FROM SNMP-FRAMEWORK-MIB 35 CtsSecurityGroupTag 36 FROM CISCO-TRUSTSEC-TC-MIB 37 ciscoMgmt 38 FROM CISCO-SMI; 39 40 41ciscoTrustSecIfMIB MODULE-IDENTITY 42 LAST-UPDATED "201401280000Z" 43 ORGANIZATION "Cisco Systems, Inc." 44 CONTACT-INFO 45 "Cisco Systems 46 Customer Service 47 48 Postal: 170 W Tasman Drive 49 San Jose, CA 95134 50 USA 51 52 Tel: +1 800 553-NETS 53 54 E-mail: cs-lan-switch-snmp@cisco.com" 55 DESCRIPTION 56 "This MIB module defines management objects for 57 configuration and monitoring of the interfaces in Cisco 58 Trusted Security environment. 59 60 Glossary: 61 62 ACS - Cisco Secure Access Control Server 63 64 IFC - TrustSec Interface Controller 65 66 MACSec - Media Access Control (MAC) Security 67 68 PMK - Pairwise Master Key 69 70 SAP - Security Association Protocol 71 72 SGT - Security Group Tag. A tag identifying its source, 73 assigned to a packet on ingress to a TrustSec cloud, 74 and used to determine security and other policy 75 to be applied to it along its path through the 76 cloud. 77 78 TrustSec - Cisco Trusted Security" 79 REVISION "201401280000Z" 80 DESCRIPTION 81 "Added following OBJECT-GROUP 82 - ciscoTrustSecIfMIBCriticalAuthStatusGrp 83 Added new compliance 84 - ciscoTrustSecIfMIBCompliance3" 85 REVISION "201204060000Z" 86 DESCRIPTION 87 "Added following OBJECT-GROUP 88 - ciscoTrustSecIfMIBNotifsCtrlGrp 89 - ciscoTrustSecIfMIBNotifsOnlyInfoGrp 90 - ciscoTrustSecIfMIBNotifsGrp 91 Added new compliance 92 - ciscoTrustSecIfMIBCompliance2 93 Modified DEFVAL 94 - ctsiIfManualSapModeList." 95 REVISION "201005280000Z" 96 DESCRIPTION 97 "Initial version of this MIB module." 98 ::= { ciscoMgmt 740 } 99 100 101 102CtsiCasheDataSource ::= TEXTUAL-CONVENTION 103 STATUS current 104 DESCRIPTION 105 "The source of cached authorization data. 106 107 unknown - cache source type not covered by 108 any of the follow enumerations. 109 acs - authorization data is loaded from ACS 110 dram - authorization data is loaded from DRAM. 111 nvram - authorization data is loaded from NVRAM. 112 dramOrNvram - authorization data is loaded from DRAM or NVRAM." 113 SYNTAX INTEGER { 114 unknown(1), 115 acs(2), 116 dram(3), 117 nvram(4), 118 all(5) 119 } 120 121CtsSapNegMode ::= TEXTUAL-CONVENTION 122 STATUS current 123 DESCRIPTION 124 "The SAP negotiation modes supported in TrustSec system. 125 126 encapNoAuthenNoEncrypt - Encapsulation present, 127 no authentication, no encryption. 128 gcmAuthenNoEncrypt - GCM authentication, no encryption. 129 gcmAuthenGcmEncrypt - GCM authentication, GCM encryption. 130 noEncap - No encapsulation." 131 SYNTAX INTEGER { 132 encapNoAuthenNoEncrypt(1), 133 gcmAuthenNoEncrypt(2), 134 gcmAuthenGcmEncrypt(3), 135 noEncap(4) 136 } 137 138CtsSapNegModeList ::= TEXTUAL-CONVENTION 139 STATUS current 140 DESCRIPTION 141 "The list of SAP negotiation modes provided within 142 TrustSec (Cisco Trusted Security) system. 143 144 Each octet represents a SAP negotiation mode which 145 is defined in CtsSapNegMode. 146 147 The DESCRIPTION clause of CtsSapNegModeList objects 148 must fully describe the relationship between modes." 149 SYNTAX OCTET STRING 150 151CtsiInterfaceControllerState ::= TEXTUAL-CONVENTION 152 STATUS current 153 DESCRIPTION 154 "The state of the TrustSec Interface Controller state 155 machine. 156 157 unknown - none of the following states. 158 159 initializing - the TrustSec interface controller state 160 machine enter the initialize state when 161 TrustSec is enabled on this interface. 162 163 authenticating - the peer is being authenticated if the 164 dot1x mode is enabled. 165 166 authorizing - the peer is being authorized. 167 168 sapNegotiating - the SA(Security Association) is being 169 negotiated with the peer. 170 171 open - the line is up from TrustSec perspective. 172 173 held - a hold down timer is set. 174 175 disconnecting - a failure has occurred, or the TrustSec 176 link is going down, or TrustSec is 177 being disabled. 178 179 invalid - unable to start the TrustSec state 180 machine. 181 182 licenseError - No MACSec software license." 183 SYNTAX INTEGER { 184 unknown(1), 185 initialize(2), 186 authenticating(3), 187 authorizing(4), 188 sapNegotiating(5), 189 open(6), 190 held(7), 191 disconnecting(8), 192 invalid(9), 193 licenseError(10) 194 } 195ciscoTrustSecIfMIBNotifs OBJECT IDENTIFIER 196 ::= { ciscoTrustSecIfMIB 0 } 197 198ciscoTrustSecIfMIBObjects OBJECT IDENTIFIER 199 ::= { ciscoTrustSecIfMIB 1 } 200 201ciscoTrustSecIfMIBConform OBJECT IDENTIFIER 202 ::= { ciscoTrustSecIfMIB 2 } 203 204ctsiIfConfigObjects OBJECT IDENTIFIER 205 ::= { ciscoTrustSecIfMIBObjects 1 } 206 207ctsiIfDot1xObjects OBJECT IDENTIFIER 208 ::= { ciscoTrustSecIfMIBObjects 2 } 209 210ctsiIfManualObjects OBJECT IDENTIFIER 211 ::= { ciscoTrustSecIfMIBObjects 3 } 212 213ctsiIfL3ForwardObjects OBJECT IDENTIFIER 214 ::= { ciscoTrustSecIfMIBObjects 4 } 215 216ctsiIfStatusObjects OBJECT IDENTIFIER 217 ::= { ciscoTrustSecIfMIBObjects 5 } 218 219ctsiIfStatsObjects OBJECT IDENTIFIER 220 ::= { ciscoTrustSecIfMIBObjects 6 } 221 222ctsiAuthorizationObjects OBJECT IDENTIFIER 223 ::= { ciscoTrustSecIfMIBObjects 7 } 224 225ctsiIfcStatsObjects OBJECT IDENTIFIER 226 ::= { ciscoTrustSecIfMIBObjects 8 } 227 228ctsiEventsStatsObjects OBJECT IDENTIFIER 229 ::= { ciscoTrustSecIfMIBObjects 9 } 230 231ctsiIfModeStatsObjects OBJECT IDENTIFIER 232 ::= { ciscoTrustSecIfMIBObjects 10 } 233 234ctsiIfNotifsControlObjects OBJECT IDENTIFIER 235 ::= { ciscoTrustSecIfMIBObjects 11 } 236 237ctsiIfNotifsOnlyInfoObjects OBJECT IDENTIFIER 238 ::= { ciscoTrustSecIfMIBObjects 12 } 239 240-- -------------------------------------------------------------- 241-- Objects to manage TrustSec interface configuration 242-- -------------------------------------------------------------- 243 244ctsiIfConfigTable OBJECT-TYPE 245 SYNTAX SEQUENCE OF CtsiIfConfigEntry 246 MAX-ACCESS not-accessible 247 STATUS current 248 DESCRIPTION 249 "A list of the TrustSec capable interfaces." 250 ::= { ctsiIfConfigObjects 1 } 251 252ctsiIfConfigEntry OBJECT-TYPE 253 SYNTAX CtsiIfConfigEntry 254 MAX-ACCESS not-accessible 255 STATUS current 256 DESCRIPTION 257 "An entry contains the configuration information for a 258 particular TrustSec interface." 259 INDEX { ifIndex } 260 ::= { ctsiIfConfigTable 1 } 261 262CtsiIfConfigEntry ::= SEQUENCE { 263 ctsiIfModeCapability BITS, 264 ctsiIfConfiguredMode INTEGER, 265 ctsiIfCacheClear TruthValue, 266 ctsiIfRekey TruthValue 267} 268 269ctsiIfModeCapability OBJECT-TYPE 270 SYNTAX BITS { 271 dot1x(0), -- TrustSec dot1x mode 272 manual(1), -- TrustSec manual mode 273 l3Forward(2) -- TrustSec L3 forwarding mode 274 } 275 MAX-ACCESS read-only 276 STATUS current 277 DESCRIPTION 278 "This object indicates the supported TrustSec mode on 279 this interface." 280 ::= { ctsiIfConfigEntry 1 } 281 282ctsiIfConfiguredMode OBJECT-TYPE 283 SYNTAX INTEGER { 284 unknown(1), 285 none(2), 286 dot1x(3), 287 manual(4), 288 l3Forward(5) 289 } 290 MAX-ACCESS read-only 291 STATUS current 292 DESCRIPTION 293 "This object indicates the TrustSec mode currently configured 294 on the interface. Each mode may have a corresponding 295 entry in its corresponding configuration table. 296 297 unknown - The configured TrustSec mode is none of the 298 following. 299 300 none - TrustSec is not configured in any mode. 301 302 dot1x - TrustSec dot1x mode is configured for this 303 interface. 304 TrustSec system will use 802.1x for 305 authentication, RADIUS for authorization and 306 SAP negotiation for SA parameter. 307 308 manual - TrustSec manual mode is configured for this 309 interface. 310 The authentication was bypassed in manual mode. 311 User needs to manually to configure the policy 312 and the SAP negotiation parameter. 313 314 l3Forward - TrustSec L3 forwarding mode is configured 315 for this interface." 316 ::= { ctsiIfConfigEntry 2 } 317 318ctsiIfCacheClear OBJECT-TYPE 319 SYNTAX TruthValue 320 MAX-ACCESS read-write 321 STATUS current 322 DESCRIPTION 323 "This object allows user to clear the cache for the specific 324 TrustSec interface by setting the value to 'true'. 325 Setting the value to 'false' has no effect. 326 327 When read, this object always returns 'false'." 328 ::= { ctsiIfConfigEntry 3 } 329 330ctsiIfRekey OBJECT-TYPE 331 SYNTAX TruthValue 332 MAX-ACCESS read-write 333 STATUS current 334 DESCRIPTION 335 "This object allows user to re-generate the SAP key for the 336 specific TrustSec interface by setting the value to 'true'. 337 Setting the value to 'false' has no effect. 338 339 When read, this object always returns 'false'." 340 ::= { ctsiIfConfigEntry 4 } 341 342 343-- ----------------------------------------------------------------- 344-- Objects to manage Dot1x functionality of TrustSec interface 345-- ----------------------------------------------------------------- 346 347ctsiIfDot1xTable OBJECT-TYPE 348 SYNTAX SEQUENCE OF CtsiIfDot1xEntry 349 MAX-ACCESS not-accessible 350 STATUS current 351 DESCRIPTION 352 "A list of the interfaces which have TrustSec dot1x mode 353 configuration information." 354 ::= { ctsiIfDot1xObjects 1 } 355 356ctsiIfDot1xEntry OBJECT-TYPE 357 SYNTAX CtsiIfDot1xEntry 358 MAX-ACCESS not-accessible 359 STATUS current 360 DESCRIPTION 361 "An entry containing the TrustSec dot1x configuration 362 for a particular interface. 363 364 An entry can be created or deleted by using 365 ctsiIfDot1xRowStatus. 366 367 An entry can only be created if the value of corresponding 368 instance of ctsiIfConfiguredMode is 'none' and the 'dot1x' 369 BIT of corresponding instance ctsiIfModeCapability is set." 370 INDEX { ifIndex } 371 ::= { ctsiIfDot1xTable 1 } 372 373CtsiIfDot1xEntry ::= SEQUENCE { 374 ctsiIfDot1xSgtPropagateEnabled TruthValue, 375 ctsiIfDot1xReauthInterval Integer32, 376 ctsiIfDot1xSapModeList CtsSapNegModeList, 377 ctsiIfDot1xDownloadReauthInterval Integer32, 378 ctsiIfDot1xOperReauthInterval Integer32, 379 ctsiIfDot1xReauthTimeLeft Integer32, 380 ctsiIfDot1xStorageType StorageType, 381 ctsiIfDot1xRowStatus RowStatus 382} 383 384ctsiIfDot1xSgtPropagateEnabled OBJECT-TYPE 385 SYNTAX TruthValue 386 MAX-ACCESS read-create 387 STATUS current 388 DESCRIPTION 389 "This object specifies whether the SGT propagation is 390 enabled on this interface." 391 DEFVAL { false } 392 ::= { ctsiIfDot1xEntry 1 } 393 394ctsiIfDot1xReauthInterval OBJECT-TYPE 395 SYNTAX Integer32 396 UNITS "seconds" 397 MAX-ACCESS read-create 398 STATUS current 399 DESCRIPTION 400 "This object specifies the re-authentication interval 401 applied to this interface when it is not provided from 402 the ACS." 403 DEFVAL { 86400 } 404 ::= { ctsiIfDot1xEntry 2 } 405 406ctsiIfDot1xSapModeList OBJECT-TYPE 407 SYNTAX CtsSapNegModeList 408 MAX-ACCESS read-create 409 STATUS current 410 DESCRIPTION 411 "This object specifies the advertised modes for the SAP 412 negotiation on this interface. Modes are executed in 413 the order as specified in the mode list. 414 415 Mode which is at the beginning of the method list will be 416 executed first. Method which is at the end of mode list 417 will be executed last. 418 419 This object is not allowed to be set to a zero length 420 string." 421 DEFVAL { '04000000'H } 422 ::= { ctsiIfDot1xEntry 3 } 423 424ctsiIfDot1xDownloadReauthInterval OBJECT-TYPE 425 SYNTAX Integer32 (-1..2147483647) 426 UNITS "seconds" 427 MAX-ACCESS read-only 428 STATUS current 429 DESCRIPTION 430 "This object indicates the re-authentication interval which 431 is downloaded from ACS. 432 433 A value of zero indicates no re-authentication interval is 434 downloaded from ACS. 435 436 A value of -1 indicates that this object is not applicable 437 on this interface." 438 ::= { ctsiIfDot1xEntry 4 } 439 440ctsiIfDot1xOperReauthInterval OBJECT-TYPE 441 SYNTAX Integer32 (-1..2147483647) 442 UNITS "seconds" 443 MAX-ACCESS read-only 444 STATUS current 445 DESCRIPTION 446 "This object indicates the operational re-authentication 447 interval of the interface. 448 449 A value of zero indicates that dot1x re-authentication is 450 disabled on this interface. 451 452 A value of -1 indicates that this object is not applicable 453 on this interface." 454 ::= { ctsiIfDot1xEntry 5 } 455 456ctsiIfDot1xReauthTimeLeft OBJECT-TYPE 457 SYNTAX Integer32 (-1..2147483647) 458 UNITS "seconds" 459 MAX-ACCESS read-only 460 STATUS current 461 DESCRIPTION 462 "This object indicates the leftover time of the current 463 authentication session. 464 465 A value of zero indicates the re-authentication is in 466 progress. 467 468 A value of -1 indicates that this object is not applicable 469 on this interface." 470 ::= { ctsiIfDot1xEntry 6 } 471 472ctsiIfDot1xStorageType OBJECT-TYPE 473 SYNTAX StorageType 474 MAX-ACCESS read-create 475 STATUS current 476 DESCRIPTION 477 "The storage type for this conceptual row." 478 DEFVAL { volatile } 479 ::= { ctsiIfDot1xEntry 7 } 480 481ctsiIfDot1xRowStatus OBJECT-TYPE 482 SYNTAX RowStatus 483 MAX-ACCESS read-create 484 STATUS current 485 DESCRIPTION 486 "The status of this conceptual row. 487 488 All writable objects in this row may be modified at any time." 489 ::= { ctsiIfDot1xEntry 8 } 490 491 492-- ------------------------------------------------------------- 493-- Objects to manage TrustSec Manual mode interface 494-- ------------------------------------------------------------- 495 496ctsiIfManualTable OBJECT-TYPE 497 SYNTAX SEQUENCE OF CtsiIfManualEntry 498 MAX-ACCESS not-accessible 499 STATUS current 500 DESCRIPTION 501 "A list of the interfaces which have TrustSec manual mode 502 configuration information." 503 ::= { ctsiIfManualObjects 1 } 504 505ctsiIfManualEntry OBJECT-TYPE 506 SYNTAX CtsiIfManualEntry 507 MAX-ACCESS not-accessible 508 STATUS current 509 DESCRIPTION 510 "An entry containing the TrustSec manual configuration 511 information for a particular interface. 512 513 An entry can be created or deleted by using 514 ctsiIfManualRowStatus. 515 516 An entry can only be created if the value of corresponding 517 instance of ctsiIfConfiguredMode is 'none' and the 'manual' 518 BIT of corresponding instance ctsiIfModeCapability is set." 519 INDEX { ifIndex } 520 ::= { ctsiIfManualTable 1 } 521 522CtsiIfManualEntry ::= SEQUENCE { 523 ctsiIfManualDynamicPeerId SnmpAdminString, 524 ctsiIfManualStaticSgt CtsSecurityGroupTag, 525 ctsiIfManualStaticSgtTrusted TruthValue, 526 ctsiIfManualSgtPropagateEnabled TruthValue, 527 ctsiIfManualSapPmk OCTET STRING, 528 ctsiIfManualSapModeList CtsSapNegModeList, 529 ctsiIfManualStorageType StorageType, 530 ctsiIfManualRowStatus RowStatus 531} 532 533ctsiIfManualDynamicPeerId OBJECT-TYPE 534 SYNTAX SnmpAdminString 535 MAX-ACCESS read-create 536 STATUS current 537 DESCRIPTION 538 "This object specifies the peer's device identity which is 539 used to obtain the desired policy for authorization request. 540 541 Setting a none-zero value on this object is not allowed if 542 the value of ctsiIfManualStaticSgt is not set to zero. 543 544 A zero length string indicates that the policy acquisition 545 from the ACS using the peer's identity is disabled on this 546 interface." 547 DEFVAL { "" } 548 ::= { ctsiIfManualEntry 1 } 549 550ctsiIfManualStaticSgt OBJECT-TYPE 551 SYNTAX CtsSecurityGroupTag 552 MAX-ACCESS read-create 553 STATUS current 554 DESCRIPTION 555 "This object specifies the statically configured SGT for 556 tagging the ingress traffic from the peer. 557 558 Setting a none-zero value on this object is not allowed if 559 the value of ctsiIfManualDynamicPeerId is not set to a zero 560 length string. 561 562 A value of zero indicates that no statically SGT tagging." 563 DEFVAL { 0 } 564 ::= { ctsiIfManualEntry 2 } 565 566ctsiIfManualStaticSgtTrusted OBJECT-TYPE 567 SYNTAX TruthValue 568 MAX-ACCESS read-create 569 STATUS current 570 DESCRIPTION 571 "This object specifies the peer's SGT assignment trust 572 state. 573 574 This object only can be set when ctsiIfManualStaticSgt 575 is none-zero." 576 DEFVAL { false } 577 ::= { ctsiIfManualEntry 3 } 578 579ctsiIfManualSgtPropagateEnabled OBJECT-TYPE 580 SYNTAX TruthValue 581 MAX-ACCESS read-create 582 STATUS current 583 DESCRIPTION 584 "This object specifies whether the SGT propagation is 585 enabled on this interface." 586 DEFVAL { false } 587 ::= { ctsiIfManualEntry 4 } 588 589ctsiIfManualSapPmk OBJECT-TYPE 590 SYNTAX OCTET STRING (SIZE (0 | 32)) 591 MAX-ACCESS read-create 592 STATUS current 593 DESCRIPTION 594 "This object specifies the PMK used by SAP. 595 596 A zero length string for this object indicates the SAP 597 negotiation is disabled on this interface." 598 DEFVAL { "" } 599 ::= { ctsiIfManualEntry 5 } 600 601ctsiIfManualSapModeList OBJECT-TYPE 602 SYNTAX CtsSapNegModeList 603 MAX-ACCESS read-create 604 STATUS current 605 DESCRIPTION 606 "This object specified the advertised modes for the SAP 607 negotiation on this interface. Modes are executed in 608 the order as specified in the mode list. 609 610 Mode which is at the beginning of the mode list will be 611 executed first. Mode which is at the end of mode list 612 will be executed last. 613 614 Value of this object will becomes zero length octet if 615 SAP negotiation is disabled. 616 617 This object is not allowed to be set to a zero length 618 string." 619 DEFVAL { "" } 620 ::= { ctsiIfManualEntry 6 } 621 622ctsiIfManualStorageType OBJECT-TYPE 623 SYNTAX StorageType 624 MAX-ACCESS read-create 625 STATUS current 626 DESCRIPTION 627 "The storage type for this conceptual row." 628 DEFVAL { volatile } 629 ::= { ctsiIfManualEntry 7 } 630 631ctsiIfManualRowStatus OBJECT-TYPE 632 SYNTAX RowStatus 633 MAX-ACCESS read-create 634 STATUS current 635 DESCRIPTION 636 "The status of this conceptual row. 637 638 All writable objects in this row may be modified at any time." 639 ::= { ctsiIfManualEntry 8 } 640 641 642-- ------------------------------------------------------------- 643-- Objects to manage TrustSec L3 forwarding mode interface 644-- ------------------------------------------------------------- 645 646ctsiIfL3ForwardTable OBJECT-TYPE 647 SYNTAX SEQUENCE OF CtsiIfL3ForwardEntry 648 MAX-ACCESS not-accessible 649 STATUS current 650 DESCRIPTION 651 "A list of the interfaces which have TrustSec L3 forwarding 652 configuration information." 653 ::= { ctsiIfL3ForwardObjects 1 } 654 655ctsiIfL3ForwardEntry OBJECT-TYPE 656 SYNTAX CtsiIfL3ForwardEntry 657 MAX-ACCESS not-accessible 658 STATUS current 659 DESCRIPTION 660 "An entry containing the TrustSec L3 forwarding configuration 661 information for a particular interface. 662 663 An entry can be created or deleted by using 664 ctsiIfL3ForwardRowStatus. 665 666 An entry can only be created if the value of corresponding 667 instance of ctsiIfConfiguredMode is 'none' and the 'l3Forward' 668 BIT of corresponding instance ctsiIfModeCapability is set." 669 INDEX { ifIndex } 670 ::= { ctsiIfL3ForwardTable 1 } 671 672CtsiIfL3ForwardEntry ::= SEQUENCE { 673 ctsiIfL3ForwardMode INTEGER, 674 ctsiIfL3ForwardStorageType StorageType, 675 ctsiIfL3ForwardRowStatus RowStatus 676} 677 678ctsiIfL3ForwardMode OBJECT-TYPE 679 SYNTAX INTEGER { 680 l3Ipv4Forward(1), 681 l3Ipv6Forward(2), 682 l3IpForward(3) 683 } 684 MAX-ACCESS read-create 685 STATUS current 686 DESCRIPTION 687 "This object specifies the type of L3 forwarding for 688 the interface. 689 690 l3Ipv4Forward - TrustSec L3 IPv4 forwarding. 691 692 l3Ipv6Forward - TrustSec L3 IPv6 forwarding. 693 694 l3IpForward - TrustSec L3 IPv6 and IPv4 forwarding." 695 DEFVAL { l3Ipv4Forward } 696 ::= { ctsiIfL3ForwardEntry 1 } 697 698ctsiIfL3ForwardStorageType OBJECT-TYPE 699 SYNTAX StorageType 700 MAX-ACCESS read-create 701 STATUS current 702 DESCRIPTION 703 "The storage type for this conceptual row." 704 DEFVAL { volatile } 705 ::= { ctsiIfL3ForwardEntry 2 } 706 707ctsiIfL3ForwardRowStatus OBJECT-TYPE 708 SYNTAX RowStatus 709 MAX-ACCESS read-create 710 STATUS current 711 DESCRIPTION 712 "The status of this conceptual row. 713 714 All writable objects in this row may be modified at any time." 715 ::= { ctsiIfL3ForwardEntry 3 } 716 717 718-- ------------------------------------------------------------- 719-- Objects for the status of the TrustSec interface 720-- ------------------------------------------------------------- 721 722ctsiIfStatusTable OBJECT-TYPE 723 SYNTAX SEQUENCE OF CtsiIfStatusEntry 724 MAX-ACCESS not-accessible 725 STATUS current 726 DESCRIPTION 727 "A list of TrustSec enabled interfaces." 728 ::= { ctsiIfStatusObjects 1 } 729 730ctsiIfStatusEntry OBJECT-TYPE 731 SYNTAX CtsiIfStatusEntry 732 MAX-ACCESS not-accessible 733 STATUS current 734 DESCRIPTION 735 "An entry contains the information of the specific TrustSec 736 interface. 737 738 A entry is created by system when TrustSec is enabled for 739 an interface. An entry is deleted by system if TrustSec 740 is disabled for an interface." 741 INDEX { ifIndex } 742 ::= { ctsiIfStatusTable 1 } 743 744CtsiIfStatusEntry ::= SEQUENCE { 745 ctsiIfControllerState CtsiInterfaceControllerState, 746 ctsiIfAuthenticationStatus INTEGER, 747 ctsiIfPeerId SnmpAdminString, 748 ctsiIfPeerAdvCapability BITS, 749 ctsiIfAuthorizationStatus INTEGER, 750 ctsiIfPeerSgt CtsSecurityGroupTag, 751 ctsiIfPeerSgtTrusted TruthValue, 752 ctsiIfSapNegotiationStatus INTEGER, 753 ctsiIfSapNegModeList CtsSapNegModeList, 754 ctsiIfCacheExpirationTime DateAndTime, 755 ctsiIfCacheDataSource CtsiCasheDataSource, 756 ctsiIfCriticalAuthStatus INTEGER 757} 758 759ctsiIfControllerState OBJECT-TYPE 760 SYNTAX CtsiInterfaceControllerState 761 MAX-ACCESS read-only 762 STATUS current 763 DESCRIPTION 764 "This object indicates the current IFC state of this 765 interface." 766 ::= { ctsiIfStatusEntry 1 } 767 768ctsiIfAuthenticationStatus OBJECT-TYPE 769 SYNTAX INTEGER { 770 unknown(1), 771 succeeded(2), 772 rejected(3), 773 logOff(4), 774 noRespond(5), 775 notApplicable(6), 776 incomplete(7), 777 failed(8) 778 } 779 MAX-ACCESS read-only 780 STATUS current 781 DESCRIPTION 782 "This object indicates the current TrustSec authentication 783 status of this interface. 784 785 unknown - status not covered by any of 786 the follow enumerations. 787 788 succeeded - authentication is succeeded. 789 790 rejected - authentication is rejected. 791 792 logOff - peer logged off. 793 794 noRespond - peer no respond. 795 796 notApplicable - bypassing the authentication. 797 798 incomplete - authentication is not completed. 799 800 failed - authentication failed." 801 ::= { ctsiIfStatusEntry 2 } 802 803ctsiIfPeerId OBJECT-TYPE 804 SYNTAX SnmpAdminString 805 MAX-ACCESS read-only 806 STATUS current 807 DESCRIPTION 808 "This object indicates the device identity or symbolic 809 group name of the remote peer." 810 ::= { ctsiIfStatusEntry 3 } 811 812ctsiIfPeerAdvCapability OBJECT-TYPE 813 SYNTAX BITS { 814 sap(0) 815 } 816 MAX-ACCESS read-only 817 STATUS current 818 DESCRIPTION 819 "This object indicates the advertised capabilities of the 820 remote peer associated with this interface." 821 ::= { ctsiIfStatusEntry 4 } 822 823ctsiIfAuthorizationStatus OBJECT-TYPE 824 SYNTAX INTEGER { 825 unknown(1), 826 inProgress(2), 827 succeeded(3), 828 failed(4), 829 fallBackPolicy(5), 830 incomplete(6), 831 peerSucceeded(7), 832 rbaclSucceeded(8), 833 policySucceeded(9) 834 } 835 MAX-ACCESS read-only 836 STATUS current 837 DESCRIPTION 838 "This object indicates the current TrustSec authorization 839 status of the interface. 840 841 unknown - status not covered by any of 842 the follow enumerations. 843 844 inProgress - authorization in progress. 845 846 succeeded - authorization succeeded. 847 848 failed - authorization failed. 849 850 fallBackPolicy - apply the fallback policy. 851 852 incomplete - authorization aborted. 853 854 peerSucceeded - apply the peer policy succeeded. 855 856 rbaclSucceeded - apply the RBACL policy succeeded. 857 858 policySucceeded - apply the all policy succeeded." 859 ::= { ctsiIfStatusEntry 5 } 860 861ctsiIfPeerSgt OBJECT-TYPE 862 SYNTAX CtsSecurityGroupTag 863 MAX-ACCESS read-only 864 STATUS current 865 DESCRIPTION 866 "This object indicates the SGT value of the remote peer." 867 ::= { ctsiIfStatusEntry 6 } 868 869ctsiIfPeerSgtTrusted OBJECT-TYPE 870 SYNTAX TruthValue 871 MAX-ACCESS read-only 872 STATUS current 873 DESCRIPTION 874 "This object indicates whether the SGT of the remote peer 875 is trusted." 876 ::= { ctsiIfStatusEntry 7 } 877 878ctsiIfSapNegotiationStatus OBJECT-TYPE 879 SYNTAX INTEGER { 880 notApplicable(1), 881 unknown(2), 882 inProgress(3), 883 succeeded(4), 884 failed(5), 885 licenseError(6) 886 } 887 MAX-ACCESS read-only 888 STATUS current 889 DESCRIPTION 890 "This object indicates the SAP negotiation status on 891 this interface. 892 893 notApplicable - SAP disabled on local or remote peer 894 is not SAP capable. 895 896 unknown - status not covered by any 897 of the follow enumerations. 898 899 inProgress - SAP negotiation in progress. 900 901 succeeded - SAP negotiation completed. 902 903 failed - SAP negotiation failed. 904 905 licenseError - No MACSec software license." 906 ::= { ctsiIfStatusEntry 8 } 907 908ctsiIfSapNegModeList OBJECT-TYPE 909 SYNTAX CtsSapNegModeList 910 MAX-ACCESS read-only 911 STATUS current 912 DESCRIPTION 913 "This object indicates the operational SAP negotiation 914 mode list on this interface." 915 ::= { ctsiIfStatusEntry 9 } 916 917ctsiIfCacheExpirationTime OBJECT-TYPE 918 SYNTAX DateAndTime 919 MAX-ACCESS read-only 920 STATUS current 921 DESCRIPTION 922 "This object indicates the time when the current cached data 923 applied on the interface will be expired. 924 925 A value of zero indicates that the cached data will never be 926 expired." 927 ::= { ctsiIfStatusEntry 10 } 928 929ctsiIfCacheDataSource OBJECT-TYPE 930 SYNTAX CtsiCasheDataSource 931 MAX-ACCESS read-only 932 STATUS current 933 DESCRIPTION 934 "This object indicates the source of cached data applied to the 935 interface." 936 ::= { ctsiIfStatusEntry 11 } 937 938ctsiIfCriticalAuthStatus OBJECT-TYPE 939 SYNTAX INTEGER { 940 disable(1), 941 cache(2), 942 default(3) 943 } 944 MAX-ACCESS read-only 945 STATUS current 946 DESCRIPTION 947 "This object indicates the CTS Critical-Auth status 948 of interface. 949 950 disable - link is not in Critical-Auth mode. 951 952 cache - link is in Critical-Auth cached mode. 953 954 default - link is in Critical-Auth default mode." 955 ::= { ctsiIfStatusEntry 12 } 956 957 958-- ------------------------------------------------------------- 959-- Objects for the statistic of the TrustSec interface 960-- ------------------------------------------------------------- 961 962ctsiIfStatsTable OBJECT-TYPE 963 SYNTAX SEQUENCE OF CtsiIfStatsEntry 964 MAX-ACCESS not-accessible 965 STATUS current 966 DESCRIPTION 967 "A list of Cisco Trusted Security capable interface." 968 ::= { ctsiIfStatsObjects 1 } 969 970ctsiIfStatsEntry OBJECT-TYPE 971 SYNTAX CtsiIfStatsEntry 972 MAX-ACCESS not-accessible 973 STATUS current 974 DESCRIPTION 975 "An entry contains the statistics information of a 976 particular TrustSec interface. 977 978 An entry created by system for each interface is TrustSec 979 enabled. An entry deleted by system for each interface is 980 TrustSec disabled." 981 INDEX { ifIndex } 982 ::= { ctsiIfStatsTable 1 } 983 984CtsiIfStatsEntry ::= SEQUENCE { 985 ctsiIfAuthenticationSuccess Counter32, 986 ctsiIfAuthenticationReject Counter32, 987 ctsiIfAuthenticationFailure Counter32, 988 ctsiIfAuthenticationNoResponse Counter32, 989 ctsiIfAuthenticationLogoff Counter32, 990 ctsiIfAuthorizationSuccess Counter32, 991 ctsiIfAuthorizationPolicyFail Counter32, 992 ctsiIfAuthorizationFail Counter32, 993 ctsiIfSapSuccess Counter32, 994 ctsiIfSapFail Counter32 995} 996 997ctsiIfAuthenticationSuccess OBJECT-TYPE 998 SYNTAX Counter32 999 MAX-ACCESS read-only 1000 STATUS current 1001 DESCRIPTION 1002 "The number of times that peer has been successfully 1003 authenticated on this interface." 1004 ::= { ctsiIfStatsEntry 1 } 1005 1006ctsiIfAuthenticationReject OBJECT-TYPE 1007 SYNTAX Counter32 1008 MAX-ACCESS read-only 1009 STATUS current 1010 DESCRIPTION 1011 "The number of times that peer has been rejected 1012 in authentication on this interface." 1013 ::= { ctsiIfStatsEntry 2 } 1014 1015ctsiIfAuthenticationFailure OBJECT-TYPE 1016 SYNTAX Counter32 1017 MAX-ACCESS read-only 1018 STATUS current 1019 DESCRIPTION 1020 "The number of times that peer has been failed in 1021 authentication on this interface." 1022 ::= { ctsiIfStatsEntry 3 } 1023 1024ctsiIfAuthenticationNoResponse OBJECT-TYPE 1025 SYNTAX Counter32 1026 MAX-ACCESS read-only 1027 STATUS current 1028 DESCRIPTION 1029 "The number of times that no authentication respond 1030 received from the remote peer associated with this 1031 interface." 1032 ::= { ctsiIfStatsEntry 4 } 1033 1034ctsiIfAuthenticationLogoff OBJECT-TYPE 1035 SYNTAX Counter32 1036 MAX-ACCESS read-only 1037 STATUS current 1038 DESCRIPTION 1039 "The number of times that received authentication log 1040 off from the peer associated with this interface." 1041 ::= { ctsiIfStatsEntry 5 } 1042 1043ctsiIfAuthorizationSuccess OBJECT-TYPE 1044 SYNTAX Counter32 1045 MAX-ACCESS read-only 1046 STATUS current 1047 DESCRIPTION 1048 "The number of times that the peer entity successfully 1049 passed the TrustSec authorization challenge on this 1050 interface." 1051 ::= { ctsiIfStatsEntry 6 } 1052 1053ctsiIfAuthorizationPolicyFail OBJECT-TYPE 1054 SYNTAX Counter32 1055 MAX-ACCESS read-only 1056 STATUS current 1057 DESCRIPTION 1058 "The number of time that fail to access policy or refresh 1059 the policy for TrustSec authorization on this interface." 1060 ::= { ctsiIfStatsEntry 7 } 1061 1062ctsiIfAuthorizationFail OBJECT-TYPE 1063 SYNTAX Counter32 1064 MAX-ACCESS read-only 1065 STATUS current 1066 DESCRIPTION 1067 "The number of times that peer has been failed in TrustSec 1068 authorization on this interface." 1069 ::= { ctsiIfStatsEntry 8 } 1070 1071ctsiIfSapSuccess OBJECT-TYPE 1072 SYNTAX Counter32 1073 MAX-ACCESS read-only 1074 STATUS current 1075 DESCRIPTION 1076 "The number of times that SAP negotiation is succeed on this 1077 interface." 1078 ::= { ctsiIfStatsEntry 9 } 1079 1080ctsiIfSapFail OBJECT-TYPE 1081 SYNTAX Counter32 1082 MAX-ACCESS read-only 1083 STATUS current 1084 DESCRIPTION 1085 "The number of times that SAP negotiation has failed on this 1086 interface." 1087 ::= { ctsiIfStatsEntry 10 } 1088 1089 1090-- ------------------------------------------------------------- 1091-- Objects for the status of the authorize remote peer 1092-- ------------------------------------------------------------- 1093 1094ctsiAuthorizationTable OBJECT-TYPE 1095 SYNTAX SEQUENCE OF CtsiAuthorizationEntry 1096 MAX-ACCESS not-accessible 1097 STATUS current 1098 DESCRIPTION 1099 "A list of authorized remote peers on this device." 1100 ::= { ctsiAuthorizationObjects 1 } 1101 1102ctsiAuthorizationEntry OBJECT-TYPE 1103 SYNTAX CtsiAuthorizationEntry 1104 MAX-ACCESS not-accessible 1105 STATUS current 1106 DESCRIPTION 1107 "An entry containing the management information for a 1108 particular authorized peer. 1109 1110 An entry is created when the policy acquired from the ACS 1111 for a new peer. 1112 1113 An entry is deleted when the authorization of the peer has 1114 expired or fails to refresh its policy." 1115 INDEX { IMPLIED ctsiAuthorizationPeerId } 1116 ::= { ctsiAuthorizationTable 1 } 1117 1118CtsiAuthorizationEntry ::= SEQUENCE { 1119 ctsiAuthorizationPeerId SnmpAdminString, 1120 ctsiAuthorizationPeerSgt CtsSecurityGroupTag, 1121 ctsiAuthorizationState INTEGER, 1122 ctsiAuthorizationLastRefresh DateAndTime, 1123 ctsiAuthorizationTimeLeft Integer32, 1124 ctsiAuthorizationTimeToRefresh Integer32, 1125 ctsiAuthorizationCacheDataSource CtsiCasheDataSource, 1126 ctsiAuthorizationStatus INTEGER 1127} 1128 1129ctsiAuthorizationPeerId OBJECT-TYPE 1130 SYNTAX SnmpAdminString (SIZE (1..64)) 1131 MAX-ACCESS not-accessible 1132 STATUS current 1133 DESCRIPTION 1134 "This object indicates the device identity or symbolic group 1135 name of the remote peer." 1136 ::= { ctsiAuthorizationEntry 1 } 1137 1138ctsiAuthorizationPeerSgt OBJECT-TYPE 1139 SYNTAX CtsSecurityGroupTag 1140 MAX-ACCESS read-only 1141 STATUS current 1142 DESCRIPTION 1143 "This object indicates the SGT of the remote peer." 1144 ::= { ctsiAuthorizationEntry 2 } 1145 1146ctsiAuthorizationState OBJECT-TYPE 1147 SYNTAX INTEGER { 1148 unknown(1), 1149 start(2), 1150 waitingRespond(3), 1151 assessing(4), 1152 complete(5), 1153 failure(6) 1154 } 1155 MAX-ACCESS read-only 1156 STATUS current 1157 DESCRIPTION 1158 "This object indicates the current state of the 1159 authorization entity. 1160 1161 unknown - none of the following states. 1162 1163 start - authorization entity created and 1164 initialized. 1165 1166 waitingRespond - a policy request has been made by 1167 remote peer to the ACS and 1168 waiting for the response. 1169 1170 assessing - the policy been received from ACS 1171 and is being assessed. 1172 1173 complete - policy has been received and assessed. 1174 1175 failure - failed to download the policy from the 1176 ACS." 1177 ::= { ctsiAuthorizationEntry 3 } 1178 1179ctsiAuthorizationLastRefresh OBJECT-TYPE 1180 SYNTAX DateAndTime 1181 MAX-ACCESS read-only 1182 STATUS current 1183 DESCRIPTION 1184 "The object indicates the date and time when the authorized 1185 peer was last refreshed." 1186 ::= { ctsiAuthorizationEntry 4 } 1187 1188ctsiAuthorizationTimeLeft OBJECT-TYPE 1189 SYNTAX Integer32 (-1..2147483647) 1190 UNITS "seconds" 1191 MAX-ACCESS read-only 1192 STATUS current 1193 DESCRIPTION 1194 "This object indicates the leftover time for the current 1195 policy. 1196 1197 A value of zero indicates that policy refresh is in progress. 1198 1199 A value of -1 indicates that this object is not applicable 1200 on this authorization entry." 1201 ::= { ctsiAuthorizationEntry 5 } 1202 1203ctsiAuthorizationTimeToRefresh OBJECT-TYPE 1204 SYNTAX Integer32 (-1..2147483647) 1205 UNITS "seconds" 1206 MAX-ACCESS read-only 1207 STATUS current 1208 DESCRIPTION 1209 "This object indicates the time left to start the policy 1210 refresh. 1211 1212 A value of zero indicates that policy refresh is in progress. 1213 1214 A value of -1 indicates that this object is not applicable 1215 on this authorization entry." 1216 ::= { ctsiAuthorizationEntry 6 } 1217 1218ctsiAuthorizationCacheDataSource OBJECT-TYPE 1219 SYNTAX CtsiCasheDataSource 1220 MAX-ACCESS read-only 1221 STATUS current 1222 DESCRIPTION 1223 "This object indicates the source of cached data." 1224 ::= { ctsiAuthorizationEntry 7 } 1225 1226ctsiAuthorizationStatus OBJECT-TYPE 1227 SYNTAX INTEGER { 1228 unknown(1), 1229 inProgress(2), 1230 succeeded(3), 1231 failed(4), 1232 fallbackPolicy(5), 1233 incomplete(6) 1234 } 1235 MAX-ACCESS read-only 1236 STATUS current 1237 DESCRIPTION 1238 "This object indicates the status of this authorization peer. 1239 unknown - status not covered by any of 1240 the follow enumerations. 1241 1242 inProgress - new authorization link created or add 1243 a new policy request for an existing 1244 link. 1245 1246 succeeded - policy received successful. 1247 1248 failed - policy download failed. 1249 1250 fallbackPolicy - download policy failed apply fallback 1251 policy. 1252 1253 incomplete - policy received incomplete." 1254 ::= { ctsiAuthorizationEntry 8 } 1255 1256 1257-- ------------------------------------------------------------- 1258-- Objects for the statistic of interface controller state 1259-- ------------------------------------------------------------- 1260 1261ctsiIfcStatsTable OBJECT-TYPE 1262 SYNTAX SEQUENCE OF CtsiIfcStatsEntry 1263 MAX-ACCESS not-accessible 1264 STATUS current 1265 DESCRIPTION 1266 "A list of IFC state statistic on this device." 1267 ::= { ctsiIfcStatsObjects 1 } 1268 1269ctsiIfcStatsEntry OBJECT-TYPE 1270 SYNTAX CtsiIfcStatsEntry 1271 MAX-ACCESS not-accessible 1272 STATUS current 1273 DESCRIPTION 1274 "An entry containing the total number of interfaces which 1275 are currently belong to a particular IFC state." 1276 INDEX { ctsiIfcState } 1277 ::= { ctsiIfcStatsTable 1 } 1278 1279CtsiIfcStatsEntry ::= SEQUENCE { 1280 ctsiIfcState CtsiInterfaceControllerState, 1281 ctsiIfcStatsIfCount Unsigned32 1282} 1283 1284ctsiIfcState OBJECT-TYPE 1285 SYNTAX CtsiInterfaceControllerState 1286 MAX-ACCESS not-accessible 1287 STATUS current 1288 DESCRIPTION 1289 "This object indicates the IFC state." 1290 ::= { ctsiIfcStatsEntry 1 } 1291 1292ctsiIfcStatsIfCount OBJECT-TYPE 1293 SYNTAX Unsigned32 1294 MAX-ACCESS read-only 1295 STATUS current 1296 DESCRIPTION 1297 "The total number of interfaces on the device which is 1298 currently in the IFC state." 1299 ::= { ctsiIfcStatsEntry 2 } 1300 1301 1302 1303-- ------------------------------------------------------------- 1304-- Objects for the statistic of the TrustSec events 1305-- ------------------------------------------------------------- 1306 1307ctsiAuthenticationSuccess OBJECT-TYPE 1308 SYNTAX Counter32 1309 MAX-ACCESS read-only 1310 STATUS current 1311 DESCRIPTION 1312 "The total number of times that remote peers authentication 1313 succeed on this device." 1314 ::= { ctsiEventsStatsObjects 1 } 1315 1316ctsiAuthenticationReject OBJECT-TYPE 1317 SYNTAX Counter32 1318 MAX-ACCESS read-only 1319 STATUS current 1320 DESCRIPTION 1321 "The total number of times that remote peers authentication 1322 rejected on this device." 1323 ::= { ctsiEventsStatsObjects 2 } 1324 1325ctsiAuthenticationFailure OBJECT-TYPE 1326 SYNTAX Counter32 1327 MAX-ACCESS read-only 1328 STATUS current 1329 DESCRIPTION 1330 "The total number of times that remote peers authentication 1331 failed on this device" 1332 ::= { ctsiEventsStatsObjects 3 } 1333 1334ctsiAuthenticationLogoff OBJECT-TYPE 1335 SYNTAX Counter32 1336 MAX-ACCESS read-only 1337 STATUS current 1338 DESCRIPTION 1339 "The total number of times that remote peer log off on this 1340 device." 1341 ::= { ctsiEventsStatsObjects 4 } 1342 1343ctsiAuthenticationNoRespond OBJECT-TYPE 1344 SYNTAX Counter32 1345 MAX-ACCESS read-only 1346 STATUS current 1347 DESCRIPTION 1348 "The total number of times that not received authentication 1349 respond from remote peer on this device." 1350 ::= { ctsiEventsStatsObjects 5 } 1351 1352ctsiAuthorizationSuccess OBJECT-TYPE 1353 SYNTAX Counter32 1354 MAX-ACCESS read-only 1355 STATUS current 1356 DESCRIPTION 1357 "The total number of times that remote peer authorization 1358 succeed on this device." 1359 ::= { ctsiEventsStatsObjects 6 } 1360 1361ctsiAuthorizationFailure OBJECT-TYPE 1362 SYNTAX Counter32 1363 MAX-ACCESS read-only 1364 STATUS current 1365 DESCRIPTION 1366 "The total number of times that remote peer TrustSec 1367 authorization failed on this device." 1368 ::= { ctsiEventsStatsObjects 7 } 1369 1370ctsiAuthorizationPolicyFailure OBJECT-TYPE 1371 SYNTAX Counter32 1372 MAX-ACCESS read-only 1373 STATUS current 1374 DESCRIPTION 1375 "The number of time that fail to access policy or refresh 1376 the policy for TrustSec authorization on this device." 1377 ::= { ctsiEventsStatsObjects 8 } 1378 1379ctsiSapNegotiationSuccess OBJECT-TYPE 1380 SYNTAX Counter32 1381 MAX-ACCESS read-only 1382 STATUS current 1383 DESCRIPTION 1384 "The total number of times that TrustSec SAP negotiation 1385 succeed on this device." 1386 ::= { ctsiEventsStatsObjects 9 } 1387 1388ctsiSapNegotiationFailure OBJECT-TYPE 1389 SYNTAX Counter32 1390 MAX-ACCESS read-only 1391 STATUS current 1392 DESCRIPTION 1393 "The total number of times that TrustSec SAP negotiation 1394 failure on this device." 1395 ::= { ctsiEventsStatsObjects 10 } 1396 1397ctsiInDot1xModeIfCount OBJECT-TYPE 1398 SYNTAX Unsigned32 1399 MAX-ACCESS read-only 1400 STATUS current 1401 DESCRIPTION 1402 "The total number of interfaces on the device which is 1403 in TrustSec 802.1X mode." 1404 ::= { ctsiIfModeStatsObjects 1 } 1405 1406ctsiInManualModeIfCount OBJECT-TYPE 1407 SYNTAX Unsigned32 1408 MAX-ACCESS read-only 1409 STATUS current 1410 DESCRIPTION 1411 "The total number of interfaces on the device which is 1412 in TrustSec Manual mode." 1413 ::= { ctsiIfModeStatsObjects 2 } 1414 1415ctsiInL3ForwardModeIfCount OBJECT-TYPE 1416 SYNTAX Unsigned32 1417 MAX-ACCESS read-only 1418 STATUS current 1419 DESCRIPTION 1420 "The total number of interfaces on the device which is 1421 in TrustSec Layer 3 forwarding mode." 1422 ::= { ctsiIfModeStatsObjects 3 } 1423 1424-- Notifications Control 1425 1426ctsiAuthorizationFailNotifEnable OBJECT-TYPE 1427 SYNTAX TruthValue 1428 MAX-ACCESS read-write 1429 STATUS current 1430 DESCRIPTION 1431 "This object specifies whether the system generates the 1432 ctsiAuthorizationFailNotif. 1433 1434 A value of 'false' will prevent 1435 ctsiAuthorizationFailNotif notifications from being 1436 generated by this system." 1437 ::= { ctsiIfNotifsControlObjects 1 } 1438 1439ctsiIfAddSupplicantFailNotifEnable OBJECT-TYPE 1440 SYNTAX TruthValue 1441 MAX-ACCESS read-write 1442 STATUS current 1443 DESCRIPTION 1444 "This object specifies whether the system generates the 1445 ctsiIfAddSupplicantFailNotif. 1446 1447 A value of 'false' will prevent 1448 ctsiIfAddSupplicantFailNotif notifications from being 1449 generated by this system." 1450 ::= { ctsiIfNotifsControlObjects 2 } 1451 1452ctsiIfAuthenticationFailNotifEnable OBJECT-TYPE 1453 SYNTAX TruthValue 1454 MAX-ACCESS read-write 1455 STATUS current 1456 DESCRIPTION 1457 "This object specifies whether the system generates the 1458 ctsiIfAuthenticationFailNotif. 1459 1460 A value of 'false' will prevent 1461 ctsiIfAuthenticationFailNotif notifications from being 1462 generated by this system." 1463 ::= { ctsiIfNotifsControlObjects 3 } 1464 1465ctsiIfSapNegotiationFailNotifEnable OBJECT-TYPE 1466 SYNTAX TruthValue 1467 MAX-ACCESS read-write 1468 STATUS current 1469 DESCRIPTION 1470 "This object specifies whether the system generates the 1471 ctsiIfSapNegotiationFailNotif. 1472 1473 A value of 'false' will prevent 1474 ctsiIfSapNegotiationFailNotif notifications from being 1475 generated by this system." 1476 ::= { ctsiIfNotifsControlObjects 4 } 1477 1478ctsiIfUnauthorizedNotifEnable OBJECT-TYPE 1479 SYNTAX TruthValue 1480 MAX-ACCESS read-write 1481 STATUS current 1482 DESCRIPTION 1483 "This object specifies whether the system generates the 1484 ctsiIfUnauthorizedNotif. 1485 1486 A value of 'false' will prevent ctsiIfUnauthorizedNotif 1487 notifications from being generated by this system." 1488 ::= { ctsiIfNotifsControlObjects 5 } 1489 1490-- Notifications Only Info 1491 1492ctsiIfNotifMessage OBJECT-TYPE 1493 SYNTAX SnmpAdminString 1494 MAX-ACCESS accessible-for-notify 1495 STATUS current 1496 DESCRIPTION 1497 "This object indicates detail message associated 1498 with notifications." 1499 ::= { ctsiIfNotifsOnlyInfoObjects 1 } 1500 1501ctsiIfDot1xPaeRole OBJECT-TYPE 1502 SYNTAX INTEGER { 1503 notApplicable(1), 1504 authenticator(2), 1505 supplicant(3) 1506 } 1507 MAX-ACCESS accessible-for-notify 1508 STATUS current 1509 DESCRIPTION 1510 "This object indicates dot1x PAE role information. 1511 1512 notApplicable: Dot1x PAE role is not applicable in 1513 this notification. 1514 1515 authenticator: PAE Authenticator. 1516 1517 supplicant : PAE Supplicant." 1518 ::= { ctsiIfNotifsOnlyInfoObjects 2 } 1519 1520-- Notifications 1521 1522ctsiAuthorizationFailNotif NOTIFICATION-TYPE 1523 OBJECTS { ctsiAuthorizationPeerSgt } 1524 STATUS current 1525 DESCRIPTION 1526 "A ctsiAuthorizationFailNotif is generated when the policy 1527 acquisition failed for the peer." 1528 ::= { ciscoTrustSecIfMIBNotifs 1 } 1529 1530ctsiIfAddSupplicantFailNotif NOTIFICATION-TYPE 1531 OBJECTS { ifName } 1532 STATUS current 1533 DESCRIPTION 1534 "A ctsiIfAddSupplicantFailNotif is generated when the system 1535 fails to add dot1x supplicant for an interface." 1536 ::= { ciscoTrustSecIfMIBNotifs 2 } 1537 1538ctsiIfAuthenticationFailNotif NOTIFICATION-TYPE 1539 OBJECTS { 1540 ifName, 1541 ctsiIfPeerId, 1542 ctsiIfDot1xPaeRole, 1543 ctsiIfAuthenticationStatus 1544 } 1545 STATUS current 1546 DESCRIPTION 1547 "A ctsiIfAuthenticationFailNotif is generated when an 1548 authentication error for the peer is detected for an interface." 1549 ::= { ciscoTrustSecIfMIBNotifs 3 } 1550 1551ctsiIfSapNegotiationFailNotif NOTIFICATION-TYPE 1552 OBJECTS { 1553 ifName, 1554 ctsiIfNotifMessage 1555 } 1556 STATUS current 1557 DESCRIPTION 1558 "A ctsiIfSapNegotiationFailNotif is generated when a SAP 1559 negotiation error with the peer is detected for an interface." 1560 ::= { ciscoTrustSecIfMIBNotifs 4 } 1561 1562ctsiIfUnauthorizedNotif NOTIFICATION-TYPE 1563 OBJECTS { ifName } 1564 STATUS current 1565 DESCRIPTION 1566 "A ctsiIfUnauthorizedNotif is generated when a interface 1567 becomes unauthorized on the Cisco TrustSec link." 1568 ::= { ciscoTrustSecIfMIBNotifs 5 } 1569-- Conformance 1570 1571ciscoTrustSecIfMIBCompliances OBJECT IDENTIFIER 1572 ::= { ciscoTrustSecIfMIBConform 1 } 1573 1574ciscoTrustSecIfMIBGroups OBJECT IDENTIFIER 1575 ::= { ciscoTrustSecIfMIBConform 2 } 1576 1577 1578ciscoTrustSecIfMIBCompliance MODULE-COMPLIANCE 1579 STATUS deprecated 1580 DESCRIPTION 1581 "The compliance statement for the CISCO-TRUSTSEC-MIB." 1582 MODULE -- this module 1583 MANDATORY-GROUPS { 1584 ciscoTrustSecIfMIBIfConfigGroup, 1585 ciscoTrustSecIfMIBDot1xGroup, 1586 ciscoTrustSecIfMIBManualGroup, 1587 ciscoTrustSecIfMIBL3ForwardGroup, 1588 ciscoTrustSecIfMIBStatusGroup, 1589 ciscoTrustSecIfMIBStatisticGroup, 1590 ciscoTrustSecIfMIBAuthorizationGroup, 1591 ciscoTrustSecIfMIBIfcStatisticGroup, 1592 ciscoTrustSecIfMIBEventStatisticGroup, 1593 ciscoTrustSecIfMIBIfModeStatisticGroup 1594 } 1595 1596 OBJECT ctsiIfDot1xSgtPropagateEnabled 1597 MIN-ACCESS read-only 1598 DESCRIPTION 1599 "Write access is not required." 1600 1601 OBJECT ctsiIfDot1xReauthInterval 1602 MIN-ACCESS read-only 1603 DESCRIPTION 1604 "Write access is not required." 1605 1606 OBJECT ctsiIfDot1xSapModeList 1607 MIN-ACCESS read-only 1608 DESCRIPTION 1609 "Write access is not required." 1610 1611 OBJECT ctsiIfDot1xStorageType 1612 MIN-ACCESS read-only 1613 DESCRIPTION 1614 "Write access is not required." 1615 1616 OBJECT ctsiIfDot1xRowStatus 1617 SYNTAX INTEGER { 1618 active(1) 1619 } 1620 WRITE-SYNTAX INTEGER { 1621 createAndGo(4), 1622 destroy(6) 1623 } 1624 MIN-ACCESS read-only 1625 DESCRIPTION 1626 "Write access is not required. 1627 Support for createAndWait and notInService 1628 is not required." 1629 1630 OBJECT ctsiIfManualDynamicPeerId 1631 MIN-ACCESS read-only 1632 DESCRIPTION 1633 "Write access is not required." 1634 1635 OBJECT ctsiIfManualStaticSgt 1636 MIN-ACCESS read-only 1637 DESCRIPTION 1638 "Write access is not required." 1639 1640 OBJECT ctsiIfManualStaticSgtTrusted 1641 MIN-ACCESS read-only 1642 DESCRIPTION 1643 "Write access is not required." 1644 1645 OBJECT ctsiIfManualSgtPropagateEnabled 1646 MIN-ACCESS read-only 1647 DESCRIPTION 1648 "Write access is not required." 1649 1650 OBJECT ctsiIfManualSapPmk 1651 MIN-ACCESS read-only 1652 DESCRIPTION 1653 "Write access is not required." 1654 1655 OBJECT ctsiIfManualSapModeList 1656 MIN-ACCESS read-only 1657 DESCRIPTION 1658 "Write access is not required." 1659 1660 OBJECT ctsiIfManualStorageType 1661 MIN-ACCESS read-only 1662 DESCRIPTION 1663 "Write access is not required." 1664 1665 OBJECT ctsiIfManualRowStatus 1666 SYNTAX INTEGER { 1667 active(1) 1668 } 1669 WRITE-SYNTAX INTEGER { 1670 createAndGo(4), 1671 destroy(6) 1672 } 1673 MIN-ACCESS read-only 1674 DESCRIPTION 1675 "Write access is not required. 1676 Support for createAndWait and notInService 1677 is not required." 1678 1679 OBJECT ctsiIfL3ForwardStorageType 1680 MIN-ACCESS read-only 1681 DESCRIPTION 1682 "Write access is not required." 1683 1684 OBJECT ctsiIfL3ForwardRowStatus 1685 SYNTAX INTEGER { 1686 active(1) 1687 } 1688 WRITE-SYNTAX INTEGER { 1689 createAndGo(4), 1690 destroy(6) 1691 } 1692 MIN-ACCESS read-only 1693 DESCRIPTION 1694 "Write access is not required. 1695 Support for createAndWait and notInService 1696 is not required." 1697 ::= { ciscoTrustSecIfMIBCompliances 1 } 1698 1699ciscoTrustSecIfMIBCompliance2 MODULE-COMPLIANCE 1700 STATUS deprecated 1701 DESCRIPTION 1702 "The compliance statement for the CISCO-TRUSTSEC-MIB." 1703 MODULE -- this module 1704 MANDATORY-GROUPS { 1705 ciscoTrustSecIfMIBIfConfigGroup, 1706 ciscoTrustSecIfMIBDot1xGroup, 1707 ciscoTrustSecIfMIBManualGroup, 1708 ciscoTrustSecIfMIBL3ForwardGroup, 1709 ciscoTrustSecIfMIBStatusGroup, 1710 ciscoTrustSecIfMIBStatisticGroup, 1711 ciscoTrustSecIfMIBAuthorizationGroup, 1712 ciscoTrustSecIfMIBIfcStatisticGroup, 1713 ciscoTrustSecIfMIBEventStatisticGroup, 1714 ciscoTrustSecIfMIBIfModeStatisticGroup 1715 } 1716 1717 GROUP ciscoTrustSecIfMIBNotifsCtrlGrp 1718 DESCRIPTION 1719 "This group is mandatory for platforms which support 1720 TrustSec interface notifications." 1721 1722 GROUP ciscoTrustSecIfMIBNotifsOnlyInfoGrp 1723 DESCRIPTION 1724 "This group is mandatory for platforms which support 1725 TrustSec interface notifications." 1726 1727 GROUP ciscoTrustSecIfMIBNotifsGrp 1728 DESCRIPTION 1729 "This group is mandatory for platforms which support 1730 TrustSec interface notifications." 1731 1732 OBJECT ctsiIfDot1xSgtPropagateEnabled 1733 MIN-ACCESS read-only 1734 DESCRIPTION 1735 "Write access is not required." 1736 1737 OBJECT ctsiIfDot1xReauthInterval 1738 MIN-ACCESS read-only 1739 DESCRIPTION 1740 "Write access is not required." 1741 1742 OBJECT ctsiIfDot1xSapModeList 1743 MIN-ACCESS read-only 1744 DESCRIPTION 1745 "Write access is not required." 1746 1747 OBJECT ctsiIfDot1xStorageType 1748 MIN-ACCESS read-only 1749 DESCRIPTION 1750 "Write access is not required." 1751 1752 OBJECT ctsiIfDot1xRowStatus 1753 SYNTAX INTEGER { 1754 active(1) 1755 } 1756 WRITE-SYNTAX INTEGER { 1757 createAndGo(4), 1758 destroy(6) 1759 } 1760 MIN-ACCESS read-only 1761 DESCRIPTION 1762 "Write access is not required. 1763 Support for createAndWait and notInService 1764 is not required." 1765 1766 OBJECT ctsiIfManualDynamicPeerId 1767 MIN-ACCESS read-only 1768 DESCRIPTION 1769 "Write access is not required." 1770 1771 OBJECT ctsiIfManualStaticSgt 1772 MIN-ACCESS read-only 1773 DESCRIPTION 1774 "Write access is not required." 1775 1776 OBJECT ctsiIfManualStaticSgtTrusted 1777 MIN-ACCESS read-only 1778 DESCRIPTION 1779 "Write access is not required." 1780 1781 OBJECT ctsiIfManualSgtPropagateEnabled 1782 MIN-ACCESS read-only 1783 DESCRIPTION 1784 "Write access is not required." 1785 1786 OBJECT ctsiIfManualSapPmk 1787 MIN-ACCESS read-only 1788 DESCRIPTION 1789 "Write access is not required." 1790 1791 OBJECT ctsiIfManualSapModeList 1792 MIN-ACCESS read-only 1793 DESCRIPTION 1794 "Write access is not required." 1795 1796 OBJECT ctsiIfManualStorageType 1797 MIN-ACCESS read-only 1798 DESCRIPTION 1799 "Write access is not required." 1800 1801 OBJECT ctsiIfManualRowStatus 1802 SYNTAX INTEGER { 1803 active(1) 1804 } 1805 WRITE-SYNTAX INTEGER { 1806 createAndGo(4), 1807 destroy(6) 1808 } 1809 MIN-ACCESS read-only 1810 DESCRIPTION 1811 "Write access is not required. 1812 Support for createAndWait and notInService 1813 is not required." 1814 1815 OBJECT ctsiIfL3ForwardStorageType 1816 MIN-ACCESS read-only 1817 DESCRIPTION 1818 "Write access is not required." 1819 1820 OBJECT ctsiIfL3ForwardRowStatus 1821 SYNTAX INTEGER { 1822 active(1) 1823 } 1824 WRITE-SYNTAX INTEGER { 1825 createAndGo(4), 1826 destroy(6) 1827 } 1828 MIN-ACCESS read-only 1829 DESCRIPTION 1830 "Write access is not required. 1831 Support for createAndWait and notInService 1832 is not required." 1833 1834 OBJECT ctsiIfUnauthorizedNotifEnable 1835 MIN-ACCESS read-only 1836 DESCRIPTION 1837 "Write access is not required." 1838 1839 OBJECT ctsiAuthorizationFailNotifEnable 1840 MIN-ACCESS read-only 1841 DESCRIPTION 1842 "Write access is not required." 1843 1844 OBJECT ctsiIfAddSupplicantFailNotifEnable 1845 MIN-ACCESS read-only 1846 DESCRIPTION 1847 "Write access is not required." 1848 1849 OBJECT ctsiIfAuthenticationFailNotifEnable 1850 MIN-ACCESS read-only 1851 DESCRIPTION 1852 "Write access is not required." 1853 1854 OBJECT ctsiIfSapNegotiationFailNotifEnable 1855 MIN-ACCESS read-only 1856 DESCRIPTION 1857 "Write access is not required." 1858 ::= { ciscoTrustSecIfMIBCompliances 2 } 1859 1860ciscoTrustSecIfMIBCompliance3 MODULE-COMPLIANCE 1861 STATUS current 1862 DESCRIPTION 1863 "The compliance statement for the CISCO-TRUSTSEC-MIB." 1864 MODULE -- this module 1865 MANDATORY-GROUPS { 1866 ciscoTrustSecIfMIBIfConfigGroup, 1867 ciscoTrustSecIfMIBDot1xGroup, 1868 ciscoTrustSecIfMIBManualGroup, 1869 ciscoTrustSecIfMIBL3ForwardGroup, 1870 ciscoTrustSecIfMIBStatusGroup, 1871 ciscoTrustSecIfMIBStatisticGroup, 1872 ciscoTrustSecIfMIBAuthorizationGroup, 1873 ciscoTrustSecIfMIBIfcStatisticGroup, 1874 ciscoTrustSecIfMIBEventStatisticGroup, 1875 ciscoTrustSecIfMIBIfModeStatisticGroup 1876 } 1877 1878 GROUP ciscoTrustSecIfMIBNotifsCtrlGrp 1879 DESCRIPTION 1880 "This group is mandatory for platforms which support 1881 TrustSec interface notifications." 1882 1883 GROUP ciscoTrustSecIfMIBNotifsOnlyInfoGrp 1884 DESCRIPTION 1885 "This group is mandatory for platforms which support 1886 TrustSec interface notifications." 1887 1888 GROUP ciscoTrustSecIfMIBNotifsGrp 1889 DESCRIPTION 1890 "This group is mandatory for platforms which support 1891 TrustSec interface notifications." 1892 1893 GROUP ciscoTrustSecIfMIBCriticalAuthStatusGrp 1894 DESCRIPTION 1895 "This group is mandatory for platforms which support 1896 TrustSec Critical-Auth." 1897 1898 OBJECT ctsiIfDot1xSgtPropagateEnabled 1899 MIN-ACCESS read-only 1900 DESCRIPTION 1901 "Write access is not required." 1902 1903 OBJECT ctsiIfDot1xReauthInterval 1904 MIN-ACCESS read-only 1905 DESCRIPTION 1906 "Write access is not required." 1907 1908 OBJECT ctsiIfDot1xSapModeList 1909 MIN-ACCESS read-only 1910 DESCRIPTION 1911 "Write access is not required." 1912 1913 OBJECT ctsiIfDot1xStorageType 1914 MIN-ACCESS read-only 1915 DESCRIPTION 1916 "Write access is not required." 1917 1918 OBJECT ctsiIfDot1xRowStatus 1919 SYNTAX INTEGER { 1920 active(1) 1921 } 1922 WRITE-SYNTAX INTEGER { 1923 createAndGo(4), 1924 destroy(6) 1925 } 1926 MIN-ACCESS read-only 1927 DESCRIPTION 1928 "Write access is not required. 1929 Support for createAndWait and notInService 1930 is not required." 1931 1932 OBJECT ctsiIfManualDynamicPeerId 1933 MIN-ACCESS read-only 1934 DESCRIPTION 1935 "Write access is not required." 1936 1937 OBJECT ctsiIfManualStaticSgt 1938 MIN-ACCESS read-only 1939 DESCRIPTION 1940 "Write access is not required." 1941 1942 OBJECT ctsiIfManualStaticSgtTrusted 1943 MIN-ACCESS read-only 1944 DESCRIPTION 1945 "Write access is not required." 1946 1947 OBJECT ctsiIfManualSgtPropagateEnabled 1948 MIN-ACCESS read-only 1949 DESCRIPTION 1950 "Write access is not required." 1951 1952 OBJECT ctsiIfManualSapPmk 1953 MIN-ACCESS read-only 1954 DESCRIPTION 1955 "Write access is not required." 1956 1957 OBJECT ctsiIfManualSapModeList 1958 MIN-ACCESS read-only 1959 DESCRIPTION 1960 "Write access is not required." 1961 1962 OBJECT ctsiIfManualStorageType 1963 MIN-ACCESS read-only 1964 DESCRIPTION 1965 "Write access is not required." 1966 1967 OBJECT ctsiIfManualRowStatus 1968 SYNTAX INTEGER { 1969 active(1) 1970 } 1971 WRITE-SYNTAX INTEGER { 1972 createAndGo(4), 1973 destroy(6) 1974 } 1975 MIN-ACCESS read-only 1976 DESCRIPTION 1977 "Write access is not required. 1978 Support for createAndWait and notInService 1979 is not required." 1980 1981 OBJECT ctsiIfL3ForwardStorageType 1982 MIN-ACCESS read-only 1983 DESCRIPTION 1984 "Write access is not required." 1985 1986 OBJECT ctsiIfL3ForwardRowStatus 1987 SYNTAX INTEGER { 1988 active(1) 1989 } 1990 WRITE-SYNTAX INTEGER { 1991 createAndGo(4), 1992 destroy(6) 1993 } 1994 MIN-ACCESS read-only 1995 DESCRIPTION 1996 "Write access is not required. 1997 Support for createAndWait and notInService 1998 is not required." 1999 2000 OBJECT ctsiIfUnauthorizedNotifEnable 2001 MIN-ACCESS read-only 2002 DESCRIPTION 2003 "Write access is not required." 2004 2005 OBJECT ctsiAuthorizationFailNotifEnable 2006 MIN-ACCESS read-only 2007 DESCRIPTION 2008 "Write access is not required." 2009 2010 OBJECT ctsiIfAddSupplicantFailNotifEnable 2011 MIN-ACCESS read-only 2012 DESCRIPTION 2013 "Write access is not required." 2014 2015 OBJECT ctsiIfAuthenticationFailNotifEnable 2016 MIN-ACCESS read-only 2017 DESCRIPTION 2018 "Write access is not required." 2019 2020 OBJECT ctsiIfSapNegotiationFailNotifEnable 2021 MIN-ACCESS read-only 2022 DESCRIPTION 2023 "Write access is not required." 2024 ::= { ciscoTrustSecIfMIBCompliances 3 } 2025 2026-- Units of Conformance 2027 2028ciscoTrustSecIfMIBIfConfigGroup OBJECT-GROUP 2029 OBJECTS { 2030 ctsiIfModeCapability, 2031 ctsiIfConfiguredMode, 2032 ctsiIfCacheClear, 2033 ctsiIfRekey 2034 } 2035 STATUS current 2036 DESCRIPTION 2037 "A collection of objects that provides the interface 2038 configuration for Cisco Trusted Security capable 2039 interface in the system." 2040 ::= { ciscoTrustSecIfMIBGroups 1 } 2041 2042ciscoTrustSecIfMIBDot1xGroup OBJECT-GROUP 2043 OBJECTS { 2044 ctsiIfDot1xSgtPropagateEnabled, 2045 ctsiIfDot1xReauthInterval, 2046 ctsiIfDot1xSapModeList, 2047 ctsiIfDot1xDownloadReauthInterval, 2048 ctsiIfDot1xOperReauthInterval, 2049 ctsiIfDot1xReauthTimeLeft, 2050 ctsiIfDot1xStorageType, 2051 ctsiIfDot1xRowStatus 2052 } 2053 STATUS current 2054 DESCRIPTION 2055 "A collection of objects that provides the dot1x mode 2056 configuration for the Cisco Trusted Security capable 2057 interface in the system." 2058 ::= { ciscoTrustSecIfMIBGroups 2 } 2059 2060ciscoTrustSecIfMIBManualGroup OBJECT-GROUP 2061 OBJECTS { 2062 ctsiIfManualDynamicPeerId, 2063 ctsiIfManualStaticSgt, 2064 ctsiIfManualStaticSgtTrusted, 2065 ctsiIfManualSgtPropagateEnabled, 2066 ctsiIfManualSapPmk, 2067 ctsiIfManualSapModeList, 2068 ctsiIfManualStorageType, 2069 ctsiIfManualRowStatus 2070 } 2071 STATUS current 2072 DESCRIPTION 2073 "A collection of objects that provides the manual mode 2074 configuration for the Cisco Trusted Security capable 2075 interface in the system." 2076 ::= { ciscoTrustSecIfMIBGroups 3 } 2077 2078ciscoTrustSecIfMIBL3ForwardGroup OBJECT-GROUP 2079 OBJECTS { 2080 ctsiIfL3ForwardMode, 2081 ctsiIfL3ForwardStorageType, 2082 ctsiIfL3ForwardRowStatus 2083 } 2084 STATUS current 2085 DESCRIPTION 2086 "A collection of objects that provides the L3 forwarding 2087 mode configuration for the Cisco Trusted Security capable 2088 interface in the system." 2089 ::= { ciscoTrustSecIfMIBGroups 4 } 2090 2091ciscoTrustSecIfMIBStatusGroup OBJECT-GROUP 2092 OBJECTS { 2093 ctsiIfControllerState, 2094 ctsiIfAuthenticationStatus, 2095 ctsiIfPeerId, 2096 ctsiIfPeerAdvCapability, 2097 ctsiIfAuthorizationStatus, 2098 ctsiIfPeerSgt, 2099 ctsiIfPeerSgtTrusted, 2100 ctsiIfCacheExpirationTime, 2101 ctsiIfCacheDataSource, 2102 ctsiIfSapNegotiationStatus, 2103 ctsiIfSapNegModeList 2104 } 2105 STATUS current 2106 DESCRIPTION 2107 "A collection of objects that provides the status 2108 information for the Cisco Trusted Security capable 2109 interface in the system." 2110 ::= { ciscoTrustSecIfMIBGroups 5 } 2111 2112ciscoTrustSecIfMIBStatisticGroup OBJECT-GROUP 2113 OBJECTS { 2114 ctsiIfAuthenticationSuccess, 2115 ctsiIfAuthenticationReject, 2116 ctsiIfAuthenticationFailure, 2117 ctsiIfAuthenticationNoResponse, 2118 ctsiIfAuthenticationLogoff, 2119 ctsiIfAuthorizationSuccess, 2120 ctsiIfAuthorizationPolicyFail, 2121 ctsiIfAuthorizationFail, 2122 ctsiIfSapSuccess, 2123 ctsiIfSapFail 2124 } 2125 STATUS current 2126 DESCRIPTION 2127 "A collection of objects that provides the statistic 2128 information for the Cisco Trusted Security capable 2129 interface in the system." 2130 ::= { ciscoTrustSecIfMIBGroups 6 } 2131 2132ciscoTrustSecIfMIBAuthorizationGroup OBJECT-GROUP 2133 OBJECTS { 2134 ctsiAuthorizationPeerSgt, 2135 ctsiAuthorizationState, 2136 ctsiAuthorizationLastRefresh, 2137 ctsiAuthorizationTimeLeft, 2138 ctsiAuthorizationTimeToRefresh, 2139 ctsiAuthorizationCacheDataSource, 2140 ctsiAuthorizationStatus 2141 } 2142 STATUS current 2143 DESCRIPTION 2144 "A collection of objects that provides the status 2145 information for the authorization link in the system." 2146 ::= { ciscoTrustSecIfMIBGroups 7 } 2147 2148ciscoTrustSecIfMIBIfcStatisticGroup OBJECT-GROUP 2149 OBJECTS { ctsiIfcStatsIfCount } 2150 STATUS current 2151 DESCRIPTION 2152 "A collection of objects that provides the global 2153 IFC state statistic information in the system." 2154 ::= { ciscoTrustSecIfMIBGroups 8 } 2155 2156ciscoTrustSecIfMIBEventStatisticGroup OBJECT-GROUP 2157 OBJECTS { 2158 ctsiAuthenticationSuccess, 2159 ctsiAuthenticationReject, 2160 ctsiAuthenticationFailure, 2161 ctsiAuthenticationLogoff, 2162 ctsiAuthenticationNoRespond, 2163 ctsiAuthorizationSuccess, 2164 ctsiAuthorizationFailure, 2165 ctsiAuthorizationPolicyFailure, 2166 ctsiSapNegotiationSuccess, 2167 ctsiSapNegotiationFailure 2168 } 2169 STATUS current 2170 DESCRIPTION 2171 "A collection of objects that provides the global 2172 statistic information for the TrustSec events." 2173 ::= { ciscoTrustSecIfMIBGroups 9 } 2174 2175ciscoTrustSecIfMIBIfModeStatisticGroup OBJECT-GROUP 2176 OBJECTS { 2177 ctsiInDot1xModeIfCount, 2178 ctsiInManualModeIfCount, 2179 ctsiInL3ForwardModeIfCount 2180 } 2181 STATUS current 2182 DESCRIPTION 2183 "A collection of objects that provides the global TrustSec 2184 mode statistic information." 2185 ::= { ciscoTrustSecIfMIBGroups 10 } 2186 2187ciscoTrustSecIfMIBNotifsCtrlGrp OBJECT-GROUP 2188 OBJECTS { 2189 ctsiAuthorizationFailNotifEnable, 2190 ctsiIfAddSupplicantFailNotifEnable, 2191 ctsiIfAuthenticationFailNotifEnable, 2192 ctsiIfSapNegotiationFailNotifEnable, 2193 ctsiIfUnauthorizedNotifEnable 2194 } 2195 STATUS current 2196 DESCRIPTION 2197 "A collection of objects that provides notification control 2198 for TrustSec interfaces." 2199 ::= { ciscoTrustSecIfMIBGroups 11 } 2200 2201ciscoTrustSecIfMIBNotifsOnlyInfoGrp OBJECT-GROUP 2202 OBJECTS { 2203 ctsiIfNotifMessage, 2204 ctsiIfDot1xPaeRole 2205 } 2206 STATUS current 2207 DESCRIPTION 2208 "A collection of objects that provides the notification 2209 information for TrustSec interfaces." 2210 ::= { ciscoTrustSecIfMIBGroups 12 } 2211 2212ciscoTrustSecIfMIBNotifsGrp NOTIFICATION-GROUP 2213 NOTIFICATIONS { 2214 ctsiAuthorizationFailNotif, 2215 ctsiIfAddSupplicantFailNotif, 2216 ctsiIfAuthenticationFailNotif, 2217 ctsiIfSapNegotiationFailNotif, 2218 ctsiIfUnauthorizedNotif 2219 } 2220 STATUS current 2221 DESCRIPTION 2222 "A collection of notifications for TrustSec interfaces." 2223 ::= { ciscoTrustSecIfMIBGroups 13 } 2224 2225ciscoTrustSecIfMIBCriticalAuthStatusGrp OBJECT-GROUP 2226 OBJECTS { ctsiIfCriticalAuthStatus } 2227 STATUS current 2228 DESCRIPTION 2229 "A collection of objects that provides the Critical-Auth 2230 status information for the Cisco Trusted Security capable 2231 interface in the system." 2232 ::= { ciscoTrustSecIfMIBGroups 14 } 2233 2234END 2235 2236 2237 2238 2239 2240 2241 2242 2243 2244 2245 2246