1-- ***************************************************************** 2-- CISCO-TRUSTSEC-POLICY-MIB.my 3-- 4-- November 2009, Edward Pham 5-- 6-- Copyright (c) 2009, 2011-2012 by cisco Systems Inc. 7-- All rights reserved. 8-- 9-- ***************************************************************** 10 11CISCO-TRUSTSEC-POLICY-MIB DEFINITIONS ::= BEGIN 12 13IMPORTS 14 MODULE-IDENTITY, 15 OBJECT-TYPE, 16 NOTIFICATION-TYPE, 17 Unsigned32, 18 Counter64 19 FROM SNMPv2-SMI 20 21 MODULE-COMPLIANCE, 22 OBJECT-GROUP, 23 NOTIFICATION-GROUP 24 FROM SNMPv2-CONF 25 26 TruthValue, 27 DateAndTime, 28 StorageType, 29 RowStatus 30 FROM SNMPv2-TC 31 32 ifIndex 33 FROM IF-MIB 34 35 CtsSecurityGroupTag, 36 CtsGenerationId, 37 CtsAclName, 38 CtsAclList, 39 CtsAclListOrEmpty, 40 CtsAclNameOrEmpty, 41 CtsSgaclMonitorMode 42 FROM CISCO-TRUSTSEC-TC-MIB 43 44 InetAddressType, 45 InetAddress, 46 InetAddressPrefixLength 47 FROM INET-ADDRESS-MIB 48 49 SnmpAdminString 50 FROM SNMP-FRAMEWORK-MIB 51 52 VlanIndex 53 FROM Q-BRIDGE-MIB 54 55 CiscoVrfName, 56 Cisco2KVlanList 57 FROM CISCO-TC 58 59 ciscoMgmt 60 FROM CISCO-SMI; 61 62ciscoTrustSecPolicyMIB MODULE-IDENTITY 63 LAST-UPDATED "201212190000Z" 64 ORGANIZATION "Cisco Systems, Inc." 65 CONTACT-INFO 66 "Cisco Systems 67 Customer Service 68 69 Postal: 170 W Tasman Drive 70 San Jose, CA 95134 71 USA 72 73 Tel: +1 800 553-NETS 74 75 E-mail: cs-lan-switch-snmp@cisco.com" 76 DESCRIPTION 77 "This MIB module defines managed objects that facilitate the 78 management of various policies within the Cisco Trusted Security 79 (TrustSec) infrastructure. 80 81 The information available through this MIB includes: 82 83 o Device and interface level configuration for enabling 84 SGACL (Security Group Access Control List) enforcement 85 on Layer2/3 traffic. 86 87 o Administrative and operational SGACL mapping to Security 88 Group Tag (SGT). 89 90 o Various statistics counters for traffic subject to SGACL 91 enforcement. 92 93 o TrustSec policies with respect to peer device. 94 95 o Interface level configuration for enabling the propagation 96 of SGT along with the Layer 3 traffic in portions of network 97 which does not have the capability to support TrustSec 98 feature. 99 100 o TrustSec policies with respect to SGT propagation with 101 Layer 3 traffic. 102 103 The following terms are used throughout this MIB: 104 105 VRF: Virtual Routing and Forwarding. 106 107 SGACL: Security Group Access Control List. 108 109 ACE: Access Control Entries. 110 111 SXP: SGT Propagation Protocol. 112 113 SVI: Switch Virtual Interface. 114 115 IPM: Identity Port Mapping. 116 117 SGT (Security Group Tag) is a unique 16 bits value assigned 118 to every security group and used by network devices to 119 enforce SGACL. 120 121 Peer is another device connected to the local device on the 122 other side of a TrustSec link. 123 124 Default Policy: Policy applied to traffic when there is 125 no explicit policy between the SGT associated with the 126 originator of the traffic and the SGT associated with 127 the destination of the traffic." 128 129 REVISION "201212190000Z" 130 DESCRIPTION 131 "Added following OBJECT-GROUP: 132 - ctspNotifCtrlGroup 133 - ctspNotifGroup 134 - ctspNotifInfoGroup 135 - ctspIfSgtMappingGroup 136 - ctspVlanSgtMappingGroup 137 - ctspSgtCachingGroup 138 - ctspSgaclMonitorGroup 139 - ctspSgaclMonitorStatisticGroup 140 Added new compliance 141 - ciscoTrustSecPolicyMIBCompliances 142 Modified ctspIpSgtSource to add l3if(6), vlan(7), caching(8)." 143 REVISION "200911060000Z" 144 DESCRIPTION 145 "Initial version of this MIB module." 146 ::= { ciscoMgmt 713 } 147 148 149ciscoTrustSecPolicyMIBNotifs OBJECT IDENTIFIER 150 ::= { ciscoTrustSecPolicyMIB 0 } 151 152ciscoTrustSecPolicyMIBObjects OBJECT IDENTIFIER 153 ::= { ciscoTrustSecPolicyMIB 1 } 154 155ciscoTrustSecPolicyMIBConformance OBJECT IDENTIFIER 156 ::= { ciscoTrustSecPolicyMIB 2 } 157 158 159 160ctspSgacl 161 OBJECT IDENTIFIER ::= { ciscoTrustSecPolicyMIBObjects 1 } 162ctspPeerPolicy 163 OBJECT IDENTIFIER ::= { ciscoTrustSecPolicyMIBObjects 2 } 164ctspLayer3Transport 165 OBJECT IDENTIFIER ::= { ciscoTrustSecPolicyMIBObjects 3 } 166ctspIpSgtMappings 167 OBJECT IDENTIFIER ::= { ciscoTrustSecPolicyMIBObjects 4 } 168ctspSgtPolicy 169 OBJECT IDENTIFIER ::= { ciscoTrustSecPolicyMIBObjects 5 } 170ctspIfSgtMappings 171 OBJECT IDENTIFIER ::= { ciscoTrustSecPolicyMIBObjects 6 } 172ctspVlanSgtMappings 173 OBJECT IDENTIFIER ::= { ciscoTrustSecPolicyMIBObjects 7 } 174ctspSgtCaching 175 OBJECT IDENTIFIER ::= { ciscoTrustSecPolicyMIBObjects 8 } 176ctspNotifsControl 177 OBJECT IDENTIFIER ::= { ciscoTrustSecPolicyMIBObjects 9 } 178ctspNotifsOnlyInfo 179 OBJECT IDENTIFIER ::= { ciscoTrustSecPolicyMIBObjects 10 } 180 181 182ctspSgaclGlobals 183 OBJECT IDENTIFIER ::= { ctspSgacl 1 } 184ctspSgaclMappings 185 OBJECT IDENTIFIER ::= { ctspSgacl 2 } 186ctspSgaclStatistics 187 OBJECT IDENTIFIER ::= { ctspSgacl 3 } 188 189-- 190-- ctspSgaclGlobals 191-- 192 193ctspSgaclEnforcementEnable OBJECT-TYPE 194 SYNTAX INTEGER { 195 none(1), 196 l3Only(2) 197 } 198 MAX-ACCESS read-write 199 STATUS current 200 DESCRIPTION 201 "This object specifies whether SGACL enforcement for all 202 Layer 3 interfaces (excluding SVIs) is enabled at the 203 managed system. 204 205 'none' indicates that SGACL enforcement for all Layer 3 206 interfaces (excluding SVIs) is disabled. 207 208 'l3Only' indicates that SGACL enforcement is enabled on 209 every TrustSec capable Layer3 interface (excluding SVIs) 210 in the device." 211 ::= { ctspSgaclGlobals 1 } 212 213ctspSgaclIpv4DropNetflowMonitor OBJECT-TYPE 214 SYNTAX SnmpAdminString 215 MAX-ACCESS read-write 216 STATUS current 217 DESCRIPTION 218 "This object specifies an existing flexible netflow monitor 219 name used to collect and export the IPv4 traffic dropped 220 packets statistics due to SGACL enforcement. The zero-length 221 string indicates that no such netflow monitor is configured 222 in the device." 223 ::= { ctspSgaclGlobals 2 } 224 225ctspSgaclIpv6DropNetflowMonitor OBJECT-TYPE 226 SYNTAX SnmpAdminString 227 MAX-ACCESS read-write 228 STATUS current 229 DESCRIPTION 230 "This object specifies an existing flexible netflow monitor 231 name used to collect and export the IPv6 traffic dropped 232 packets statistics due to SGACL enforcement. The zero-length 233 string indicates that no such netflow monitor is configured 234 in the device." 235 ::= { ctspSgaclGlobals 3 } 236 237 238ctspVlanConfigTable OBJECT-TYPE 239 SYNTAX SEQUENCE OF CtspVlanConfigEntry 240 MAX-ACCESS not-accessible 241 STATUS current 242 DESCRIPTION 243 "This table lists the SGACL enforcement for Layer 2 and 244 Layer 3 switched packet in a VLAN as well as VRF information 245 for VLANs in the device." 246 ::= { ctspSgaclGlobals 4 } 247 248ctspVlanConfigEntry OBJECT-TYPE 249 SYNTAX CtspVlanConfigEntry 250 MAX-ACCESS not-accessible 251 STATUS current 252 DESCRIPTION 253 "Each row contains the SGACL enforcement information 254 for Layer 2 and Layer 3 switched packets in a VLAN 255 identified by its VlanIndex value. Entry in this 256 table is populated for VLANs which contains SGACL 257 enforcement or VRF configuration." 258 INDEX { ctspVlanConfigIndex } 259 ::= { ctspVlanConfigTable 1 } 260 261CtspVlanConfigEntry ::= SEQUENCE { 262 ctspVlanConfigIndex VlanIndex, 263 ctspVlanConfigSgaclEnforcement TruthValue, 264 ctspVlanSviActive TruthValue, 265 ctspVlanConfigVrfName CiscoVrfName, 266 ctspVlanConfigStorageType StorageType, 267 ctspVlanConfigRowStatus RowStatus 268} 269 270ctspVlanConfigIndex OBJECT-TYPE 271 SYNTAX VlanIndex 272 MAX-ACCESS not-accessible 273 STATUS current 274 DESCRIPTION 275 "This object indicates the VLAN-ID of this VLAN." 276 ::= { ctspVlanConfigEntry 1 } 277 278ctspVlanConfigSgaclEnforcement OBJECT-TYPE 279 SYNTAX TruthValue 280 MAX-ACCESS read-create 281 STATUS current 282 DESCRIPTION 283 "This object specifies the configured SGACL enforcement 284 status for this VLAN i.e., 'true' = enabled and 285 'false' = disabled." 286 ::= { ctspVlanConfigEntry 2 } 287 288ctspVlanSviActive OBJECT-TYPE 289 SYNTAX TruthValue 290 MAX-ACCESS read-only 291 STATUS current 292 DESCRIPTION 293 "This object indicates if there is an active SVI 294 associated with this VLAN. 295 296 'true' indicates that there is an active SVI associated 297 with this VLAN. and SGACL is enforced for both Layer 2 and 298 Layer 3 switched packets within that VLAN. 299 300 'false' indicates that there is no active SVI associated 301 with this VLAN, and SGACL is only enforced for Layer 2 302 switched packets within that VLAN." 303 ::= { ctspVlanConfigEntry 3 } 304 305ctspVlanConfigVrfName OBJECT-TYPE 306 SYNTAX CiscoVrfName 307 MAX-ACCESS read-create 308 STATUS current 309 DESCRIPTION 310 "This object specifies an existing VRF where this VLAN 311 belongs to. The zero length value indicates this VLAN 312 belongs to the default VRF." 313 ::= { ctspVlanConfigEntry 4 } 314 315ctspVlanConfigStorageType OBJECT-TYPE 316 SYNTAX StorageType 317 MAX-ACCESS read-create 318 STATUS current 319 DESCRIPTION 320 "The objects specifies the storage type for this conceptual 321 row." 322 DEFVAL { volatile } 323 ::= { ctspVlanConfigEntry 5 } 324 325ctspVlanConfigRowStatus OBJECT-TYPE 326 SYNTAX RowStatus 327 MAX-ACCESS read-create 328 STATUS current 329 DESCRIPTION 330 "The status of this conceptual row entry. This object 331 is used to manage creation and deletion of rows in this 332 table. When this object value is 'active', other 333 writable objects in the same row cannot be modified." 334 ::= { ctspVlanConfigEntry 6 } 335 336-- 337-- ctspSgaclMappings 338-- 339 340ctspConfigSgaclMappingTable OBJECT-TYPE 341 SYNTAX SEQUENCE OF CtspConfigSgaclMappingEntry 342 MAX-ACCESS not-accessible 343 STATUS current 344 DESCRIPTION 345 "This table contains the SGACLs information which is 346 applied to unicast IP traffic which carries a source SGT 347 and travels to a destination SGT." 348 ::= { ctspSgaclMappings 1 } 349 350ctspConfigSgaclMappingEntry OBJECT-TYPE 351 SYNTAX CtspConfigSgaclMappingEntry 352 MAX-ACCESS not-accessible 353 STATUS current 354 DESCRIPTION 355 "Each row contains the SGACL mapping to source and destination 356 SGT for a certain traffic type as well as status of this 357 instance. A row instance can be created or removed by setting 358 the appropriate value of its RowStatus object." 359 INDEX { ctspConfigSgaclMappingIpTrafficType, 360 ctspConfigSgaclMappingDestSgt, 361 ctspConfigSgaclMappingSourceSgt } 362 ::= { ctspConfigSgaclMappingTable 1 } 363 364CtspConfigSgaclMappingEntry ::= SEQUENCE { 365 ctspConfigSgaclMappingIpTrafficType INTEGER, 366 ctspConfigSgaclMappingDestSgt CtsSecurityGroupTag, 367 ctspConfigSgaclMappingSourceSgt CtsSecurityGroupTag, 368 ctspConfigSgaclMappingSgaclName CtsAclList, 369 ctspConfigSgaclMappingStorageType StorageType, 370 ctspConfigSgaclMappingRowStatus RowStatus, 371 ctspConfigSgaclMonitor CtsSgaclMonitorMode 372} 373 374ctspConfigSgaclMappingIpTrafficType OBJECT-TYPE 375 SYNTAX INTEGER { ipv4(1), ipv6(2) } 376 MAX-ACCESS not-accessible 377 STATUS current 378 DESCRIPTION 379 "This object indicates the type of the unicast IP traffic 380 carrying the source SGT and travelling to destination 381 SGT and subjected to SGACL enforcement." 382 ::= { ctspConfigSgaclMappingEntry 1 } 383 384ctspConfigSgaclMappingDestSgt OBJECT-TYPE 385 SYNTAX CtsSecurityGroupTag 386 MAX-ACCESS not-accessible 387 STATUS current 388 DESCRIPTION 389 "This object indicates the destination SGT value. Value of 390 zero indicates that the destination SGT is unknown." 391 ::= { ctspConfigSgaclMappingEntry 2 } 392 393ctspConfigSgaclMappingSourceSgt OBJECT-TYPE 394 SYNTAX CtsSecurityGroupTag 395 MAX-ACCESS not-accessible 396 STATUS current 397 DESCRIPTION 398 "This object indicates the source SGT value. Value of zero 399 indicates that the source SGT is unknown." 400 ::= { ctspConfigSgaclMappingEntry 3 } 401 402ctspConfigSgaclMappingSgaclName OBJECT-TYPE 403 SYNTAX CtsAclList 404 MAX-ACCESS read-create 405 STATUS current 406 DESCRIPTION 407 "This object specifies the list of existing SGACLs which is 408 administratively configured to apply to unicast IP traffic 409 carrying the source SGT to the destination SGT." 410 ::= { ctspConfigSgaclMappingEntry 4 } 411 412ctspConfigSgaclMappingStorageType OBJECT-TYPE 413 SYNTAX StorageType 414 MAX-ACCESS read-create 415 STATUS current 416 DESCRIPTION 417 "The storage type for this conceptual row." 418 DEFVAL { volatile } 419 ::= { ctspConfigSgaclMappingEntry 5 } 420 421ctspConfigSgaclMappingRowStatus OBJECT-TYPE 422 SYNTAX RowStatus 423 MAX-ACCESS read-create 424 STATUS current 425 DESCRIPTION 426 "This object is used to manage the creation and deletion 427 of rows in this table. ctspConfigSgaclName may be modified 428 at any time." 429 ::= { ctspConfigSgaclMappingEntry 6 } 430 431ctspConfigSgaclMonitor OBJECT-TYPE 432 SYNTAX CtsSgaclMonitorMode 433 MAX-ACCESS read-create 434 STATUS current 435 DESCRIPTION 436 "This object specifies whether SGACL monitor mode is turned on 437 for the configured SGACL enforced traffic." 438 DEFVAL { off } 439 ::= { ctspConfigSgaclMappingEntry 7 } 440 441ctspDefConfigIpv4Sgacls OBJECT-TYPE 442 SYNTAX CtsAclListOrEmpty 443 MAX-ACCESS read-write 444 STATUS current 445 DESCRIPTION 446 "This object specifies the SGACLs of the unicast default 447 policy for IPv4 traffic. If there is no SGACL configured 448 for unicast default policy for IPv4 traffic, the value of 449 this object is the zero-length string." 450 ::= { ctspSgaclMappings 2 } 451 452ctspDefConfigIpv6Sgacls OBJECT-TYPE 453 SYNTAX CtsAclListOrEmpty 454 MAX-ACCESS read-write 455 STATUS current 456 DESCRIPTION 457 "This object specifies the SGACLs of the unicast default 458 policy for IPv6 traffic. If there is no SGACL configured 459 for unicast default policy for IPv6 traffic, the value of 460 this object is the zero-length string." 461 ::= { ctspSgaclMappings 3 } 462 463-- 464-- The ctspDownloadedSgaclMappingTable 465-- 466 467ctspDownloadedSgaclMappingTable OBJECT-TYPE 468 SYNTAX SEQUENCE OF CtspDownloadedSgaclMappingEntry 469 MAX-ACCESS not-accessible 470 STATUS current 471 DESCRIPTION 472 "This table contains the downloaded SGACLs information 473 applied to unicast IP traffic which carries a source SGT 474 and travels to a destination SGT." 475 ::= { ctspSgaclMappings 4 } 476 477ctspDownloadedSgaclMappingEntry OBJECT-TYPE 478 SYNTAX CtspDownloadedSgaclMappingEntry 479 MAX-ACCESS not-accessible 480 STATUS current 481 DESCRIPTION 482 "Each row contains the downloaded SGACLs mapping. 483 A row instance is added for each pair of <source SGT, 484 destination SGT> which contains SGACL that 485 is dynamically downloaded from ACS server." 486 INDEX { ctspDownloadedSgaclDestSgt, 487 ctspDownloadedSgaclSourceSgt, 488 ctspDownloadedSgaclIndex } 489 ::= { ctspDownloadedSgaclMappingTable 1 } 490 491CtspDownloadedSgaclMappingEntry ::= SEQUENCE { 492 ctspDownloadedSgaclDestSgt CtsSecurityGroupTag, 493 ctspDownloadedSgaclSourceSgt CtsSecurityGroupTag, 494 ctspDownloadedSgaclIndex Unsigned32, 495 ctspDownloadedSgaclName CtsAclName, 496 ctspDownloadedSgaclGenId CtsGenerationId, 497 ctspDownloadedIpTrafficType BITS, 498 ctspDownloadedSgaclMonitor CtsSgaclMonitorMode 499} 500 501ctspDownloadedSgaclDestSgt OBJECT-TYPE 502 SYNTAX CtsSecurityGroupTag 503 MAX-ACCESS not-accessible 504 STATUS current 505 DESCRIPTION 506 "This object indicates the destination SGT value. Value of 507 zero indicates that the destination SGT is unknown." 508 ::= { ctspDownloadedSgaclMappingEntry 1 } 509 510ctspDownloadedSgaclSourceSgt OBJECT-TYPE 511 SYNTAX CtsSecurityGroupTag 512 MAX-ACCESS not-accessible 513 STATUS current 514 DESCRIPTION 515 "This object indicates the source SGT value. Value of 516 zero indicates that the source SGT is unknown." 517 ::= { ctspDownloadedSgaclMappingEntry 2 } 518 519ctspDownloadedSgaclIndex OBJECT-TYPE 520 SYNTAX Unsigned32 (1..65535) 521 MAX-ACCESS not-accessible 522 STATUS current 523 DESCRIPTION 524 "This object identifies the downloaded SGACL which is 525 applied to unicast IP traffic carrying the source SGT 526 to the destination SGT." 527 ::= { ctspDownloadedSgaclMappingEntry 3 } 528 529ctspDownloadedSgaclName OBJECT-TYPE 530 SYNTAX CtsAclName 531 MAX-ACCESS read-only 532 STATUS current 533 DESCRIPTION 534 "This object indicates the name of downloaded SGACL 535 which is applied to unicast IP traffic carrying the source 536 SGT to the destination SGT." 537 ::= { ctspDownloadedSgaclMappingEntry 4 } 538 539ctspDownloadedSgaclGenId OBJECT-TYPE 540 SYNTAX CtsGenerationId 541 MAX-ACCESS read-only 542 STATUS current 543 DESCRIPTION 544 "This object indicates the generation identification of 545 downloaded SGACL which is applied to unicast IP traffic 546 carrying the source SGT to the destination SGT." 547 ::= { ctspDownloadedSgaclMappingEntry 5 } 548 549ctspDownloadedIpTrafficType OBJECT-TYPE 550 SYNTAX BITS { ipv4(0), ipv6(1) } 551 MAX-ACCESS read-only 552 STATUS current 553 DESCRIPTION 554 "This object indicates the type of the unicast IP traffic 555 carrying the source SGT and travelling to destination 556 SGT and subjected to SGACL enforcement by this downloaded 557 default policy." 558 ::= { ctspDownloadedSgaclMappingEntry 6 } 559 560ctspDownloadedSgaclMonitor OBJECT-TYPE 561 SYNTAX CtsSgaclMonitorMode 562 MAX-ACCESS read-only 563 STATUS current 564 DESCRIPTION 565 "This object indicates whether SGACL monitor mode is turned on 566 for the downloaded SGACL enforced traffic." 567 ::= { ctspDownloadedSgaclMappingEntry 7 } 568 569 570-- 571-- The ctspDefDownloadedSgaclMappingTable 572-- 573 574ctspDefDownloadedSgaclMappingTable OBJECT-TYPE 575 SYNTAX SEQUENCE OF CtspDefDownloadedSgaclMappingEntry 576 MAX-ACCESS not-accessible 577 STATUS current 578 DESCRIPTION 579 "This table contains the downloaded SGACLs information 580 of the default policy applied to unicast IP traffic." 581 ::= { ctspSgaclMappings 5 } 582 583ctspDefDownloadedSgaclMappingEntry OBJECT-TYPE 584 SYNTAX CtspDefDownloadedSgaclMappingEntry 585 MAX-ACCESS not-accessible 586 STATUS current 587 DESCRIPTION 588 "Each row contains the downloaded SGACLs mapping. 589 A row instance contains the SGACL information of the default 590 policy dynamically downloaded from ACS server for unicast 591 IP traffic." 592 INDEX { ctspDefDownloadedSgaclIndex } 593 ::= { ctspDefDownloadedSgaclMappingTable 1 } 594 595CtspDefDownloadedSgaclMappingEntry ::= SEQUENCE { 596 ctspDefDownloadedSgaclIndex Unsigned32, 597 ctspDefDownloadedSgaclName CtsAclName, 598 ctspDefDownloadedSgaclGenId CtsGenerationId, 599 ctspDefDownloadedIpTrafficType BITS, 600 ctspDefDownloadedSgaclMonitor CtsSgaclMonitorMode 601} 602 603ctspDefDownloadedSgaclIndex OBJECT-TYPE 604 SYNTAX Unsigned32 (1..65535) 605 MAX-ACCESS not-accessible 606 STATUS current 607 DESCRIPTION 608 "This object identifies the SGACL of downloaded default 609 policy applied to unicast IP traffic." 610 ::= { ctspDefDownloadedSgaclMappingEntry 1 } 611 612ctspDefDownloadedSgaclName OBJECT-TYPE 613 SYNTAX CtsAclName 614 MAX-ACCESS read-only 615 STATUS current 616 DESCRIPTION 617 "This object indicates the name of the SGACL of downloaded 618 default policy applied to unicast IP traffic." 619 ::= { ctspDefDownloadedSgaclMappingEntry 2 } 620 621ctspDefDownloadedSgaclGenId OBJECT-TYPE 622 SYNTAX CtsGenerationId 623 MAX-ACCESS read-only 624 STATUS current 625 DESCRIPTION 626 "This object indicates the generation identification 627 of the SGACL of downloaded default policy applied to 628 unicast IP traffic." 629 ::= { ctspDefDownloadedSgaclMappingEntry 3 } 630 631ctspDefDownloadedIpTrafficType OBJECT-TYPE 632 SYNTAX BITS { ipv4(0), ipv6(1) } 633 MAX-ACCESS read-only 634 STATUS current 635 DESCRIPTION 636 "This object indicates the type of the IP traffic 637 subjected to SGACL enforcement by this downloaded 638 default policy." 639 ::= { ctspDefDownloadedSgaclMappingEntry 4 } 640 641ctspDefDownloadedSgaclMonitor OBJECT-TYPE 642 SYNTAX CtsSgaclMonitorMode 643 MAX-ACCESS read-only 644 STATUS current 645 DESCRIPTION 646 "This object indicates whether SGACL monitor mode is turned on 647 for the default downloaded SGACL enforced traffic." 648 ::= { ctspDefDownloadedSgaclMappingEntry 5 } 649 650-- 651-- The ctspOperSgaclMappingTable 652-- 653 654ctspOperSgaclMappingTable OBJECT-TYPE 655 SYNTAX SEQUENCE OF CtspOperSgaclMappingEntry 656 MAX-ACCESS not-accessible 657 STATUS current 658 DESCRIPTION 659 "This table contains the operational SGACLs information 660 applied to unicast IP traffic which carries a source SGT 661 and travels to a destination SGT." 662 ::= { ctspSgaclMappings 6 } 663 664ctspOperSgaclMappingEntry OBJECT-TYPE 665 SYNTAX CtspOperSgaclMappingEntry 666 MAX-ACCESS not-accessible 667 STATUS current 668 DESCRIPTION 669 "Each row contains the operational SGACLs mapping. 670 A row instance is added for each pair of <source SGT, 671 destination SGT> which contains the SGACL that 672 either statically configured at the device or dynamically 673 downloaded from ACS server." 674 INDEX { ctspOperIpTrafficType, 675 ctspOperSgaclDestSgt, 676 ctspOperSgaclSourceSgt, 677 ctspOperSgaclIndex } 678 ::= { ctspOperSgaclMappingTable 1 } 679 680CtspOperSgaclMappingEntry ::= SEQUENCE { 681 ctspOperIpTrafficType INTEGER, 682 ctspOperSgaclDestSgt CtsSecurityGroupTag, 683 ctspOperSgaclSourceSgt CtsSecurityGroupTag, 684 ctspOperSgaclIndex Unsigned32, 685 ctspOperationalSgaclName CtsAclName, 686 ctspOperationalSgaclGenId CtsGenerationId, 687 ctspOperSgaclMappingSource INTEGER, 688 ctspOperSgaclConfigSource INTEGER, 689 ctspOperSgaclMonitor CtsSgaclMonitorMode 690} 691 692ctspOperIpTrafficType OBJECT-TYPE 693 SYNTAX INTEGER { ipv4(1), ipv6(2) } 694 MAX-ACCESS not-accessible 695 STATUS current 696 DESCRIPTION 697 "This object indicates the type of the unicast IP traffic 698 carrying the source SGT and travelling to destination 699 SGT and subjected to SGACL enforcement." 700 ::= { ctspOperSgaclMappingEntry 1 } 701 702ctspOperSgaclDestSgt OBJECT-TYPE 703 SYNTAX CtsSecurityGroupTag 704 MAX-ACCESS not-accessible 705 STATUS current 706 DESCRIPTION 707 "This object indicates the destination SGT value. Value of 708 zero indicates that the destination SGT is unknown." 709 ::= { ctspOperSgaclMappingEntry 2 } 710 711ctspOperSgaclSourceSgt OBJECT-TYPE 712 SYNTAX CtsSecurityGroupTag 713 MAX-ACCESS not-accessible 714 STATUS current 715 DESCRIPTION 716 "This object indicates the source SGT value. Value of 717 zero indicates that the source SGT is unknown." 718 ::= { ctspOperSgaclMappingEntry 3 } 719 720ctspOperSgaclIndex OBJECT-TYPE 721 SYNTAX Unsigned32 (1..65535) 722 MAX-ACCESS not-accessible 723 STATUS current 724 DESCRIPTION 725 "This object identifies the SGACL operationally 726 applied to unicast IP traffic carrying the source SGT 727 to the destination SGT." 728 ::= { ctspOperSgaclMappingEntry 4 } 729 730ctspOperationalSgaclName OBJECT-TYPE 731 SYNTAX CtsAclName 732 MAX-ACCESS read-only 733 STATUS current 734 DESCRIPTION 735 "This object indicates the name of the SGACL operationally 736 applied to unicast IP traffic carrying the source SGT to the 737 destination SGT." 738 ::= { ctspOperSgaclMappingEntry 5 } 739 740ctspOperationalSgaclGenId OBJECT-TYPE 741 SYNTAX CtsGenerationId 742 MAX-ACCESS read-only 743 STATUS current 744 DESCRIPTION 745 "This object indicates the generation identification 746 of the SGACL operationally applied to unicast IP traffic 747 carrying the source SGT to the destination SGT." 748 ::= { ctspOperSgaclMappingEntry 6 } 749 750ctspOperSgaclMappingSource OBJECT-TYPE 751 SYNTAX INTEGER { configured(1), downloaded(2) } 752 MAX-ACCESS read-only 753 STATUS current 754 DESCRIPTION 755 "This object indicates the source of SGACL mapping 756 for the SGACL operationally applied to unicast IP traffic 757 carrying the source SGT to the destination SGT. 758 759 'downloaded' indicates that the mapping is downloaded 760 from ACS server. 761 762 'configured' indicates that the mapping is locally 763 configured in the device." 764 ::= { ctspOperSgaclMappingEntry 7 } 765 766ctspOperSgaclConfigSource OBJECT-TYPE 767 SYNTAX INTEGER { configured(1), downloaded(2) } 768 MAX-ACCESS read-only 769 STATUS current 770 DESCRIPTION 771 "This object indicates the source of SGACL creation 772 for this SGACL. 773 774 'configured' indicates that the SGACL is locally 775 configured in the local device. 776 777 'downloaded' indicates that the SGACL is created at 778 ACS server and downloaded to the local device." 779 ::= { ctspOperSgaclMappingEntry 8 } 780 781ctspOperSgaclMonitor OBJECT-TYPE 782 SYNTAX CtsSgaclMonitorMode 783 MAX-ACCESS read-only 784 STATUS current 785 DESCRIPTION 786 "This object indicates whether SGACL monitor mode is turned on 787 for the SGACL enforced traffic." 788 ::= { ctspOperSgaclMappingEntry 9 } 789 790-- 791-- The ctspDefOperSgaclMappingTable 792-- 793 794ctspDefOperSgaclMappingTable OBJECT-TYPE 795 SYNTAX SEQUENCE OF CtspDefOperSgaclMappingEntry 796 MAX-ACCESS not-accessible 797 STATUS current 798 DESCRIPTION 799 "This table contains the operational SGACLs information 800 of the default policy applied to unicast IP traffic." 801 ::= { ctspSgaclMappings 7 } 802 803ctspDefOperSgaclMappingEntry OBJECT-TYPE 804 SYNTAX CtspDefOperSgaclMappingEntry 805 MAX-ACCESS not-accessible 806 STATUS current 807 DESCRIPTION 808 "A row instance contains the SGACL information of the default 809 policy which is either statically configured at the device 810 or dynamically downloaded from ACS server for unicast 811 IP traffic." 812 INDEX { ctspDefOperIpTrafficType, 813 ctspDefOperSgaclIndex } 814 ::= { ctspDefOperSgaclMappingTable 1 } 815 816CtspDefOperSgaclMappingEntry ::= SEQUENCE { 817 ctspDefOperIpTrafficType INTEGER, 818 ctspDefOperSgaclIndex Unsigned32, 819 ctspDefOperationalSgaclName CtsAclName, 820 ctspDefOperationalSgaclGenId CtsGenerationId, 821 ctspDefOperSgaclMappingSource INTEGER, 822 ctspDefOperSgaclConfigSource INTEGER, 823 ctspDefOperSgaclMonitor CtsSgaclMonitorMode 824} 825 826ctspDefOperIpTrafficType OBJECT-TYPE 827 SYNTAX INTEGER { ipv4(1), ipv6(2) } 828 MAX-ACCESS not-accessible 829 STATUS current 830 DESCRIPTION 831 "This object indicates the type of the unicast IP 832 traffic subjected to default policy enforcement." 833 ::= { ctspDefOperSgaclMappingEntry 1 } 834 835ctspDefOperSgaclIndex OBJECT-TYPE 836 SYNTAX Unsigned32 (1..65535) 837 MAX-ACCESS not-accessible 838 STATUS current 839 DESCRIPTION 840 "This object identifies the SGACL of default policy 841 operationally applied to unicast IP traffic." 842 ::= { ctspDefOperSgaclMappingEntry 2 } 843 844ctspDefOperationalSgaclName OBJECT-TYPE 845 SYNTAX CtsAclName 846 MAX-ACCESS read-only 847 STATUS current 848 DESCRIPTION 849 "This object indicates the name of the SGACL of default 850 policy operationally applied to unicast IP traffic." 851 ::= { ctspDefOperSgaclMappingEntry 3 } 852 853ctspDefOperationalSgaclGenId OBJECT-TYPE 854 SYNTAX CtsGenerationId 855 MAX-ACCESS read-only 856 STATUS current 857 DESCRIPTION 858 "This object indicates the generation identification 859 of the SGACL of default policy operationally 860 applied to unicast IP traffic." 861 ::= { ctspDefOperSgaclMappingEntry 4 } 862 863ctspDefOperSgaclMappingSource OBJECT-TYPE 864 SYNTAX INTEGER { configured(1), downloaded(2) } 865 MAX-ACCESS read-only 866 STATUS current 867 DESCRIPTION 868 "This object indicates the source of SGACL mapping 869 for the SGACL of default policy operationally 870 applied to unicast IP traffic. 871 872 'downloaded' indicates that the mapping is downloaded 873 from ACS server. 874 875 'configured' indicates that the mapping is locally 876 configured in the device." 877 ::= { ctspDefOperSgaclMappingEntry 5 } 878 879ctspDefOperSgaclConfigSource OBJECT-TYPE 880 SYNTAX INTEGER { configured(1), downloaded(2) } 881 MAX-ACCESS read-only 882 STATUS current 883 DESCRIPTION 884 "This object indicates the source of SGACL creation 885 for the SGACL of default policy operationally 886 applied to unicast IP traffic. 887 888 'downloaded' indicates that the SGACL is created at 889 ACS server and downloaded to the local device. 890 891 'configured' indicates that the SGACL is locally 892 configured in the local device." 893 ::= { ctspDefOperSgaclMappingEntry 6 } 894 895ctspDefOperSgaclMonitor OBJECT-TYPE 896 SYNTAX CtsSgaclMonitorMode 897 MAX-ACCESS read-only 898 STATUS current 899 DESCRIPTION 900 "This object indicates whether SGACL monitor mode is turned on 901 for the SGACL of default policy enforced traffic." 902 ::= { ctspDefOperSgaclMappingEntry 7 } 903 904-- 905-- ctspSgaclStatistics 906-- 907 908ctspDefConfigIpv4SgaclsMonitor OBJECT-TYPE 909 SYNTAX CtsSgaclMonitorMode 910 MAX-ACCESS read-write 911 STATUS current 912 DESCRIPTION 913 "This object specifies whether SGACL monitor mode is turned on 914 for the default configured SGACL enforced Ipv4 traffic." 915 ::= { ctspSgaclMappings 8 } 916 917ctspDefConfigIpv6SgaclsMonitor OBJECT-TYPE 918 SYNTAX CtsSgaclMonitorMode 919 MAX-ACCESS read-write 920 STATUS current 921 DESCRIPTION 922 "This object specifies whether SGACL monitor mode is turned on 923 for the default configured SGACL enforced Ipv6 traffic." 924 ::= { ctspSgaclMappings 9 } 925 926ctspSgaclMonitorEnable OBJECT-TYPE 927 SYNTAX CtsSgaclMonitorMode 928 MAX-ACCESS read-write 929 STATUS current 930 DESCRIPTION 931 "This object specifies whether SGACL monitor mode is turned on 932 for the entire system. It has precedence than the per SGACL 933 ctspConfigSgaclMonitor control. It could act as safety 934 mechanism to turn off monitor in case the monitor feature 935 impact system performance." 936 ::= { ctspSgaclMappings 10 } 937 938-- 939-- ctspSgaclStatistics 940-- 941 942ctspSgtStatsTable OBJECT-TYPE 943 SYNTAX SEQUENCE OF CtspSgtStatsEntry 944 MAX-ACCESS not-accessible 945 STATUS current 946 DESCRIPTION 947 "This table describes SGACL statistics counters per 948 a pair of <source SGT, destination SGT> that is 949 capable of providing this information." 950 ::= { ctspSgaclStatistics 1 } 951 952ctspSgtStatsEntry OBJECT-TYPE 953 SYNTAX CtspSgtStatsEntry 954 MAX-ACCESS not-accessible 955 STATUS current 956 DESCRIPTION 957 "Each row contains the SGACL statistics related to 958 IPv4 or IPv6 packets carrying the source SGT travelling 959 to the destination SGT and subjected to SGACL enforcement." 960 INDEX { ctspStatsIpTrafficType, 961 ctspStatsDestSgt, 962 ctspStatsSourceSgt 963 } 964 ::= { ctspSgtStatsTable 1 } 965 966CtspSgtStatsEntry ::= SEQUENCE { 967 ctspStatsIpTrafficType INTEGER, 968 ctspStatsDestSgt CtsSecurityGroupTag, 969 ctspStatsSourceSgt CtsSecurityGroupTag, 970 ctspStatsIpSwDropPkts Counter64, 971 ctspStatsIpHwDropPkts Counter64, 972 ctspStatsIpSwPermitPkts Counter64, 973 ctspStatsIpHwPermitPkts Counter64, 974 ctspStatsIpSwMonitorPkts Counter64, 975 ctspStatsIpHwMonitorPkts Counter64 976} 977 978ctspStatsIpTrafficType OBJECT-TYPE 979 SYNTAX INTEGER { ipv4(1), ipv6(2) } 980 MAX-ACCESS not-accessible 981 STATUS current 982 DESCRIPTION 983 "This object indicates the type of the unicast IP traffic 984 carrying the source SGT and travelling to destination 985 SGT and subjected to SGACL enforcement." 986 ::= { ctspSgtStatsEntry 1 } 987 988ctspStatsDestSgt OBJECT-TYPE 989 SYNTAX CtsSecurityGroupTag 990 MAX-ACCESS not-accessible 991 STATUS current 992 DESCRIPTION 993 "This object indicates the destination SGT value. Value of 994 zero indicates that the destination SGT is unknown." 995 ::= { ctspSgtStatsEntry 2 } 996 997ctspStatsSourceSgt OBJECT-TYPE 998 SYNTAX CtsSecurityGroupTag 999 MAX-ACCESS not-accessible 1000 STATUS current 1001 DESCRIPTION 1002 "This object indicates the source SGT value. Value of 1003 zero indicates that the source SGT is unknown." 1004 ::= { ctspSgtStatsEntry 3 } 1005 1006ctspStatsIpSwDropPkts OBJECT-TYPE 1007 SYNTAX Counter64 1008 MAX-ACCESS read-only 1009 STATUS current 1010 DESCRIPTION 1011 "This object indicates the number of software-forwarded 1012 IP packets which are dropped by SGACL." 1013 ::= { ctspSgtStatsEntry 4 } 1014 1015ctspStatsIpHwDropPkts OBJECT-TYPE 1016 SYNTAX Counter64 1017 MAX-ACCESS read-only 1018 STATUS current 1019 DESCRIPTION 1020 "This object indicates the number of hardware-forwarded 1021 IP packets which are dropped by SGACL." 1022 ::= { ctspSgtStatsEntry 5 } 1023 1024ctspStatsIpSwPermitPkts OBJECT-TYPE 1025 SYNTAX Counter64 1026 MAX-ACCESS read-only 1027 STATUS current 1028 DESCRIPTION 1029 "This object indicates the number of software-forwarded 1030 IP packets which are permitted by SGACL." 1031 ::= { ctspSgtStatsEntry 6 } 1032 1033ctspStatsIpHwPermitPkts OBJECT-TYPE 1034 SYNTAX Counter64 1035 MAX-ACCESS read-only 1036 STATUS current 1037 DESCRIPTION 1038 "This object indicates the number of hardware-forwarded 1039 IP packets which are permitted by SGACL." 1040 ::= { ctspSgtStatsEntry 7 } 1041 1042ctspStatsIpSwMonitorPkts OBJECT-TYPE 1043 SYNTAX Counter64 1044 MAX-ACCESS read-only 1045 STATUS current 1046 DESCRIPTION 1047 "This object indicates the number of software-forwarded 1048 IP packets which are SGACL enforced & monitored." 1049 ::= { ctspSgtStatsEntry 8 } 1050 1051ctspStatsIpHwMonitorPkts OBJECT-TYPE 1052 SYNTAX Counter64 1053 MAX-ACCESS read-only 1054 STATUS current 1055 DESCRIPTION 1056 "This object indicates the number of hardware-forwarded 1057 IP packets which are SGACL enforced & monitored." 1058 ::= { ctspSgtStatsEntry 9 } 1059 1060ctspDefStatsTable OBJECT-TYPE 1061 SYNTAX SEQUENCE OF CtspDefStatsEntry 1062 MAX-ACCESS not-accessible 1063 STATUS current 1064 DESCRIPTION 1065 "This table describes statistics counters for unicast 1066 IP traffic subjected to default unicast policy." 1067 ::= { ctspSgaclStatistics 2 } 1068 1069ctspDefStatsEntry OBJECT-TYPE 1070 SYNTAX CtspDefStatsEntry 1071 MAX-ACCESS not-accessible 1072 STATUS current 1073 DESCRIPTION 1074 "Each row contains the statistics counter for each IP 1075 traffic type." 1076 INDEX { ctspDefIpTrafficType } 1077 ::= { ctspDefStatsTable 1 } 1078 1079CtspDefStatsEntry ::= SEQUENCE { 1080 ctspDefIpTrafficType INTEGER, 1081 ctspDefIpSwDropPkts Counter64, 1082 ctspDefIpHwDropPkts Counter64, 1083 ctspDefIpSwPermitPkts Counter64, 1084 ctspDefIpHwPermitPkts Counter64, 1085 ctspDefIpSwMonitorPkts Counter64, 1086 ctspDefIpHwMonitorPkts Counter64 1087} 1088 1089ctspDefIpTrafficType OBJECT-TYPE 1090 SYNTAX INTEGER { ipv4(1), ipv6(2) } 1091 MAX-ACCESS not-accessible 1092 STATUS current 1093 DESCRIPTION 1094 "This object indicates the type of the IP traffic 1095 subjected to default unicast policy enforcement." 1096 ::= { ctspDefStatsEntry 1 } 1097 1098ctspDefIpSwDropPkts OBJECT-TYPE 1099 SYNTAX Counter64 1100 MAX-ACCESS read-only 1101 STATUS current 1102 DESCRIPTION 1103 "This object indicates the number of software-forwarded 1104 IP packets which are dropped by default unicast policy." 1105 ::= { ctspDefStatsEntry 2 } 1106 1107ctspDefIpHwDropPkts OBJECT-TYPE 1108 SYNTAX Counter64 1109 MAX-ACCESS read-only 1110 STATUS current 1111 DESCRIPTION 1112 "This object indicates the number of hardware-forwarded 1113 IP packets which are dropped by default unicast policy." 1114 ::= { ctspDefStatsEntry 3 } 1115 1116ctspDefIpSwPermitPkts OBJECT-TYPE 1117 SYNTAX Counter64 1118 MAX-ACCESS read-only 1119 STATUS current 1120 DESCRIPTION 1121 "This object indicates the number of software-forwarded 1122 IP packets which are permitted by default unicast policy." 1123 ::= { ctspDefStatsEntry 4 } 1124 1125ctspDefIpHwPermitPkts OBJECT-TYPE 1126 SYNTAX Counter64 1127 MAX-ACCESS read-only 1128 STATUS current 1129 DESCRIPTION 1130 "This object indicates the number of hardware-forwarded 1131 IP packets which are permitted by default unicast policy." 1132 ::= { ctspDefStatsEntry 5 } 1133 1134ctspDefIpSwMonitorPkts OBJECT-TYPE 1135 SYNTAX Counter64 1136 MAX-ACCESS read-only 1137 STATUS current 1138 DESCRIPTION 1139 "This object indicates the number of software-forwarded 1140 IP packets which are monitored by default unicast policy." 1141 ::= { ctspDefStatsEntry 6 } 1142 1143ctspDefIpHwMonitorPkts OBJECT-TYPE 1144 SYNTAX Counter64 1145 MAX-ACCESS read-only 1146 STATUS current 1147 DESCRIPTION 1148 "This object indicates the number of hardware-forwarded 1149 IP packets which are monitored by default unicast policy." 1150 ::= { ctspDefStatsEntry 7 } 1151 1152-- 1153-- ctsPeerPolicy group 1154-- 1155 1156ctspAllPeerPolicyAction OBJECT-TYPE 1157 SYNTAX INTEGER { 1158 none(1), 1159 refresh(2) 1160 } 1161 MAX-ACCESS read-write 1162 STATUS current 1163 DESCRIPTION 1164 "This object allows user to specify the action to be taken 1165 with respect to all peer policies in the device. 1166 1167 When read, this object always returns the value 'none'. 1168 1169 'none' - No operation. 1170 'refresh' - Refresh all peer policies in the device." 1171 ::= { ctspPeerPolicy 1 } 1172 1173ctspPeerPolicyTable OBJECT-TYPE 1174 SYNTAX SEQUENCE OF CtspPeerPolicyEntry 1175 MAX-ACCESS not-accessible 1176 STATUS current 1177 DESCRIPTION 1178 "This table lists the peer policy information for each peer 1179 device." 1180 ::= { ctspPeerPolicy 2 } 1181 1182ctspPeerPolicyEntry OBJECT-TYPE 1183 SYNTAX CtspPeerPolicyEntry 1184 MAX-ACCESS not-accessible 1185 STATUS current 1186 DESCRIPTION 1187 "Each row contains the managed objects for peer policies 1188 for each peer device based on its name." 1189 INDEX { IMPLIED ctspPeerName } 1190 ::= { ctspPeerPolicyTable 1 } 1191 1192CtspPeerPolicyEntry ::= SEQUENCE { 1193 ctspPeerName SnmpAdminString, 1194 ctspPeerSgt CtsSecurityGroupTag, 1195 ctspPeerSgtGenId CtsGenerationId, 1196 ctspPeerTrustState INTEGER, 1197 ctspPeerPolicyLifeTime Unsigned32, 1198 ctspPeerPolicyLastUpdate DateAndTime, 1199 ctspPeerPolicyAction INTEGER 1200} 1201 1202ctspPeerName OBJECT-TYPE 1203 SYNTAX SnmpAdminString (SIZE(1..128)) 1204 MAX-ACCESS not-accessible 1205 STATUS current 1206 DESCRIPTION 1207 "This object uniquely identifies a peer device." 1208 ::= { ctspPeerPolicyEntry 1 } 1209 1210ctspPeerSgt OBJECT-TYPE 1211 SYNTAX CtsSecurityGroupTag 1212 MAX-ACCESS read-only 1213 STATUS current 1214 DESCRIPTION 1215 "This object indicates the SGT value of this peer device." 1216 ::= { ctspPeerPolicyEntry 2 } 1217 1218ctspPeerSgtGenId OBJECT-TYPE 1219 SYNTAX CtsGenerationId 1220 MAX-ACCESS read-only 1221 STATUS current 1222 DESCRIPTION 1223 "This object indicates the generation identification of 1224 the SGT value assigned to this peer device." 1225 ::= { ctspPeerPolicyEntry 3 } 1226 1227ctspPeerTrustState OBJECT-TYPE 1228 SYNTAX INTEGER { trusted(1), noTrust(2) } 1229 MAX-ACCESS read-only 1230 STATUS current 1231 DESCRIPTION 1232 "This object indicates the TrustSec trust state of this 1233 peer device. 1234 1235 'trusted' indicates that this is a trusted peer device. 1236 1237 'noTrust' indicates that this peer device is not trusted." 1238 ::= { ctspPeerPolicyEntry 4 } 1239 1240ctspPeerPolicyLifeTime OBJECT-TYPE 1241 SYNTAX Unsigned32 1242 UNITS "seconds" 1243 MAX-ACCESS read-only 1244 STATUS current 1245 DESCRIPTION 1246 "This object indicates the policy life time which 1247 provides the time interval during which the peer 1248 policy is valid." 1249 ::= { ctspPeerPolicyEntry 5 } 1250 1251ctspPeerPolicyLastUpdate OBJECT-TYPE 1252 SYNTAX DateAndTime 1253 MAX-ACCESS read-only 1254 STATUS current 1255 DESCRIPTION 1256 "This object indicates the time when this peer policy 1257 is last updated." 1258 ::= { ctspPeerPolicyEntry 6 } 1259 1260ctspPeerPolicyAction OBJECT-TYPE 1261 SYNTAX INTEGER { 1262 none(1), 1263 refresh(2) 1264 } 1265 MAX-ACCESS read-write 1266 STATUS current 1267 DESCRIPTION 1268 "This object allows user to specify the action to be taken 1269 with this peer policy. 1270 1271 When read, this object always returns the value 'none'. 1272 1273 'none' - No operation. 1274 'refresh' - Refresh this peer policy." 1275 ::= { ctspPeerPolicyEntry 7 } 1276 1277-- 1278-- ctspLayer3Transport 1279-- 1280 1281ctspLayer3PolicyTable OBJECT-TYPE 1282 SYNTAX SEQUENCE OF CtspLayer3PolicyEntry 1283 MAX-ACCESS not-accessible 1284 STATUS current 1285 DESCRIPTION 1286 "This table describes Layer 3 transport policy for 1287 IP traffic regarding SGT propagation." 1288 ::= { ctspLayer3Transport 1 } 1289 1290ctspLayer3PolicyEntry OBJECT-TYPE 1291 SYNTAX CtspLayer3PolicyEntry 1292 MAX-ACCESS not-accessible 1293 STATUS current 1294 DESCRIPTION 1295 "Each row contains the Layer 3 transport policies per 1296 IP traffic type per policy type." 1297 INDEX { ctspLayer3PolicyIpTrafficType, ctspLayer3PolicyType } 1298 ::= { ctspLayer3PolicyTable 1 } 1299 1300CtspLayer3PolicyEntry ::= SEQUENCE { 1301 ctspLayer3PolicyIpTrafficType INTEGER, 1302 ctspLayer3PolicyType INTEGER, 1303 ctspLayer3PolicyLocalConfig CtsAclNameOrEmpty, 1304 ctspLayer3PolicyDownloaded CtsAclNameOrEmpty, 1305 ctspLayer3PolicyOperational CtsAclNameOrEmpty 1306} 1307 1308ctspLayer3PolicyIpTrafficType OBJECT-TYPE 1309 SYNTAX INTEGER { ipv4(1), ipv6(2) } 1310 MAX-ACCESS not-accessible 1311 STATUS current 1312 DESCRIPTION 1313 "This object indicates the type of the IP traffic 1314 affected by Layer-3 transport policy. 1315 1316 'ipv4' indicates that the affected traffic is IPv4 1317 traffic. 1318 1319 'ipv6' indicates that the affected traffic is IPv6 1320 traffic." 1321 ::= { ctspLayer3PolicyEntry 1 } 1322 1323ctspLayer3PolicyType OBJECT-TYPE 1324 SYNTAX INTEGER { permit(1), exception(2) } 1325 MAX-ACCESS not-accessible 1326 STATUS current 1327 DESCRIPTION 1328 "This object indicates the type of the Layer-3 1329 transport policy affecting IP traffic regarding 1330 SGT propagation. 1331 1332 'permit' indicates that the transport policy is used 1333 to classify Layer-3 traffic which is subject to 1334 SGT propagation. 1335 1336 'exception' indicates that the transport policy is used 1337 to classify Layer-3 traffic which is NOT subject to 1338 SGT propagation." 1339 ::= { ctspLayer3PolicyEntry 2 } 1340 1341ctspLayer3PolicyLocalConfig OBJECT-TYPE 1342 SYNTAX CtsAclNameOrEmpty 1343 MAX-ACCESS read-write 1344 STATUS current 1345 DESCRIPTION 1346 "This object specifies the name of an ACL that is 1347 administratively configured to classify Layer3 1348 traffic. Zero-length string indicates there is no 1349 such configured policy." 1350 ::= { ctspLayer3PolicyEntry 3 } 1351 1352ctspLayer3PolicyDownloaded OBJECT-TYPE 1353 SYNTAX CtsAclNameOrEmpty 1354 MAX-ACCESS read-only 1355 STATUS current 1356 DESCRIPTION 1357 "This object specifies the name of an ACL that is 1358 downloaded from policy server to classify Layer3 1359 traffic. Zero-length string indicates there is no 1360 such downloaded policy." 1361 ::= { ctspLayer3PolicyEntry 4 } 1362 1363ctspLayer3PolicyOperational OBJECT-TYPE 1364 SYNTAX CtsAclNameOrEmpty 1365 MAX-ACCESS read-only 1366 STATUS current 1367 DESCRIPTION 1368 "This object specifies the name of an operational ACL 1369 currently used to classify Layer3 traffic. Zero-length 1370 string indicates there is no such policy in effect." 1371 ::= { ctspLayer3PolicyEntry 5 } 1372 1373 1374ctspIfL3PolicyConfigTable OBJECT-TYPE 1375 SYNTAX SEQUENCE OF CtspIfL3PolicyConfigEntry 1376 MAX-ACCESS not-accessible 1377 STATUS current 1378 DESCRIPTION 1379 "This table lists the interfaces which support Layer3 1380 Transport policy." 1381 ::= { ctspLayer3Transport 2 } 1382 1383ctspIfL3PolicyConfigEntry OBJECT-TYPE 1384 SYNTAX CtspIfL3PolicyConfigEntry 1385 MAX-ACCESS not-accessible 1386 STATUS current 1387 DESCRIPTION 1388 "Each row contains managed objects for Layer3 Transport 1389 on interface capable of providing this information." 1390 INDEX { ifIndex } 1391 ::= { ctspIfL3PolicyConfigTable 1 } 1392 1393CtspIfL3PolicyConfigEntry ::= SEQUENCE { 1394 ctspIfL3Ipv4PolicyEnabled TruthValue, 1395 ctspIfL3Ipv6PolicyEnabled TruthValue 1396} 1397 1398ctspIfL3Ipv4PolicyEnabled OBJECT-TYPE 1399 SYNTAX TruthValue 1400 MAX-ACCESS read-write 1401 STATUS current 1402 DESCRIPTION 1403 "This object specifies whether the Layer3 Transport 1404 policies will be applied on this interface for egress 1405 IPv4 traffic. 1406 1407 'true' indicates that Layer3 permit and exception policy 1408 will be applied at this interface for egress IPv4 traffic. 1409 1410 'false' indicates that Layer3 permit and exception policy 1411 will not be applied at this interface for egress IPv4 1412 traffic." 1413 ::= { ctspIfL3PolicyConfigEntry 1 } 1414 1415ctspIfL3Ipv6PolicyEnabled OBJECT-TYPE 1416 SYNTAX TruthValue 1417 MAX-ACCESS read-write 1418 STATUS current 1419 DESCRIPTION 1420 "This object specifies whether the Layer3 Transport 1421 policies will be applied on this interface for egress 1422 IPv6 traffic. 1423 1424 'true' indicates that Layer3 permit and exception policy 1425 will be applied at this interface for egress IPv6 traffic. 1426 1427 'false' indicates that Layer3 permit and exception policy 1428 will not be applied at this interface for egress IPv6 1429 traffic." 1430 ::= { ctspIfL3PolicyConfigEntry 2 } 1431 1432-- 1433-- ctspIpSgtMappingTable 1434-- 1435 1436ctspIpSgtMappingTable OBJECT-TYPE 1437 SYNTAX SEQUENCE OF CtspIpSgtMappingEntry 1438 MAX-ACCESS not-accessible 1439 STATUS current 1440 DESCRIPTION 1441 "This table contains the IP-to-SGT mapping information 1442 in the device." 1443 ::= { ctspIpSgtMappings 1 } 1444 1445ctspIpSgtMappingEntry OBJECT-TYPE 1446 SYNTAX CtspIpSgtMappingEntry 1447 MAX-ACCESS not-accessible 1448 STATUS current 1449 DESCRIPTION 1450 "Each row contains the IP-to-SGT mapping and status of 1451 this instance. Entry in this table is either populated 1452 automatically by the device or manually configured by 1453 a user. A manually configured row instance can be created 1454 or removed by setting the appropriate value of its 1455 RowStatus object." 1456 INDEX { ctspIpSgtVrfName, 1457 ctspIpSgtAddressType, 1458 ctspIpSgtIpAddress, 1459 ctspIpSgtAddressLength } 1460 ::= { ctspIpSgtMappingTable 1 } 1461 1462CtspIpSgtMappingEntry ::= SEQUENCE { 1463 ctspIpSgtVrfName CiscoVrfName, 1464 ctspIpSgtAddressType InetAddressType, 1465 ctspIpSgtIpAddress InetAddress, 1466 ctspIpSgtAddressLength InetAddressPrefixLength, 1467 ctspIpSgtValue CtsSecurityGroupTag, 1468 ctspIpSgtSource INTEGER, 1469 ctspIpSgtStorageType StorageType, 1470 ctspIpSgtRowStatus RowStatus 1471} 1472 1473ctspIpSgtVrfName OBJECT-TYPE 1474 SYNTAX CiscoVrfName 1475 MAX-ACCESS not-accessible 1476 STATUS current 1477 DESCRIPTION 1478 "This object indicates the VRF where IP-SGT mapping 1479 belongs to. The zero length value indicates the default 1480 VRF." 1481 ::= { ctspIpSgtMappingEntry 1 } 1482 1483ctspIpSgtAddressType OBJECT-TYPE 1484 SYNTAX InetAddressType 1485 MAX-ACCESS not-accessible 1486 STATUS current 1487 DESCRIPTION 1488 "This object indicates the type of Internet address." 1489 ::= { ctspIpSgtMappingEntry 2 } 1490 1491ctspIpSgtIpAddress OBJECT-TYPE 1492 SYNTAX InetAddress 1493 MAX-ACCESS not-accessible 1494 STATUS current 1495 DESCRIPTION 1496 "This object indicates an Internet address. The type 1497 of this address is determined by the value of 1498 ctspIpSgtAddressType object." 1499 ::= { ctspIpSgtMappingEntry 3 } 1500 1501ctspIpSgtAddressLength OBJECT-TYPE 1502 SYNTAX InetAddressPrefixLength 1503 MAX-ACCESS not-accessible 1504 STATUS current 1505 DESCRIPTION 1506 "This object indicates the length of an Internet address 1507 prefix." 1508 ::= { ctspIpSgtMappingEntry 4 } 1509 1510ctspIpSgtValue OBJECT-TYPE 1511 SYNTAX CtsSecurityGroupTag 1512 MAX-ACCESS read-create 1513 STATUS current 1514 DESCRIPTION 1515 "This object specifies the SGT value assigned to 1516 an Internet address." 1517 ::= { ctspIpSgtMappingEntry 5 } 1518 1519ctspIpSgtSource OBJECT-TYPE 1520 SYNTAX INTEGER { 1521 configured(1), 1522 arp(2), 1523 localAuthenticated(3), 1524 sxp(4), 1525 internal(5), 1526 l3if(6), 1527 vlan(7), 1528 caching(8) 1529 } 1530 MAX-ACCESS read-create 1531 STATUS current 1532 DESCRIPTION 1533 "This object indicates the source of the mapping. 1534 1535 'configured' indicates that the mapping is manually 1536 configured by user. 1537 1538 'arp' indicates that the mapping is dynamically learnt 1539 from tagged ARP replies. 1540 1541 'localAuthenticated' indicates that the mapping is 1542 dynamically learnt from the device authentication of 1543 a host. 1544 1545 'sxp' indicates that the mapping is dynamically learnt 1546 from SXP (SGT Propagation Protocol). 1547 1548 'internal' indicates that the mapping is automatically 1549 created by the device between the device IP addresses 1550 and the device own SGT. 1551 1552 'l3if' indicates that Interface-SGT mapping is configured 1553 by user. 1554 1555 'vlan' indicates that Vlan-SGT mapping is configured by user. 1556 1557 'cached' indicates that sgt mapping is cached. 1558 1559 Only 'configured' value is accepted when setting this 1560 object." 1561 ::= { ctspIpSgtMappingEntry 6 } 1562 1563ctspIpSgtStorageType OBJECT-TYPE 1564 SYNTAX StorageType 1565 MAX-ACCESS read-create 1566 STATUS current 1567 DESCRIPTION 1568 "The storage type for this conceptual row." 1569 DEFVAL { volatile } 1570 ::= { ctspIpSgtMappingEntry 7 } 1571 1572ctspIpSgtRowStatus OBJECT-TYPE 1573 SYNTAX RowStatus 1574 MAX-ACCESS read-create 1575 STATUS current 1576 DESCRIPTION 1577 "This object is used to manage the creation and deletion 1578 of rows in this table. If this object value is 'active', 1579 user cannot modify any writable object in this row. 1580 1581 If value of ctspIpSgtSource object in an entry is not 1582 'configured', user cannot change the value of this object." 1583 ::= { ctspIpSgtMappingEntry 8 } 1584 1585 1586-- 1587-- ctsSgtPolicy group 1588-- 1589 1590ctspAllSgtPolicyAction OBJECT-TYPE 1591 SYNTAX INTEGER { 1592 none(1), 1593 refresh(2) 1594 } 1595 MAX-ACCESS read-write 1596 STATUS current 1597 DESCRIPTION 1598 "This object allows user to specify the action to be taken 1599 with respect to all SGT policies in the device. 1600 1601 When read, this object always returns the value 'none'. 1602 1603 'none' - No operation. 1604 'refresh' - Refresh all SGT policies in the device." 1605 ::= { ctspSgtPolicy 1 } 1606 1607ctspDownloadedSgtPolicyTable OBJECT-TYPE 1608 SYNTAX SEQUENCE OF CtspDownloadedSgtPolicyEntry 1609 MAX-ACCESS not-accessible 1610 STATUS current 1611 DESCRIPTION 1612 "This table lists the SGT policy information downloaded 1613 by the device." 1614 ::= { ctspSgtPolicy 2 } 1615 1616ctspDownloadedSgtPolicyEntry OBJECT-TYPE 1617 SYNTAX CtspDownloadedSgtPolicyEntry 1618 MAX-ACCESS not-accessible 1619 STATUS current 1620 DESCRIPTION 1621 "Each row contains the managed objects for SGT policies 1622 downloaded by the device." 1623 INDEX { ctspDownloadedSgtPolicySgt } 1624 ::= { ctspDownloadedSgtPolicyTable 1 } 1625 1626CtspDownloadedSgtPolicyEntry ::= SEQUENCE { 1627 ctspDownloadedSgtPolicySgt CtsSecurityGroupTag, 1628 ctspDownloadedSgtPolicySgtGenId CtsGenerationId, 1629 ctspDownloadedSgtPolicyLifeTime Unsigned32, 1630 ctspDownloadedSgtPolicyLastUpdate DateAndTime, 1631 ctspDownloadedSgtPolicyAction INTEGER 1632} 1633 1634ctspDownloadedSgtPolicySgt OBJECT-TYPE 1635 SYNTAX CtsSecurityGroupTag 1636 MAX-ACCESS not-accessible 1637 STATUS current 1638 DESCRIPTION 1639 "This object indicates the SGT value for which 1640 the downloaded policy is applied to. Value of 1641 zero indicates that the SGT is unknown." 1642 ::= { ctspDownloadedSgtPolicyEntry 1 } 1643 1644ctspDownloadedSgtPolicySgtGenId OBJECT-TYPE 1645 SYNTAX CtsGenerationId 1646 MAX-ACCESS read-only 1647 STATUS current 1648 DESCRIPTION 1649 "This object indicates the generation identification of 1650 the SGT value denoted by ctspDownloadedSgtPolicySgt object." 1651 ::= { ctspDownloadedSgtPolicyEntry 2 } 1652 1653ctspDownloadedSgtPolicyLifeTime OBJECT-TYPE 1654 SYNTAX Unsigned32 1655 UNITS "seconds" 1656 MAX-ACCESS read-only 1657 STATUS current 1658 DESCRIPTION 1659 "This object indicates the policy life time which 1660 provides the time interval during which this downloaded 1661 policy is valid." 1662 ::= { ctspDownloadedSgtPolicyEntry 3 } 1663 1664ctspDownloadedSgtPolicyLastUpdate OBJECT-TYPE 1665 SYNTAX DateAndTime 1666 MAX-ACCESS read-only 1667 STATUS current 1668 DESCRIPTION 1669 "This object indicates the time when this downloaded 1670 SGT policy is last updated." 1671 ::= { ctspDownloadedSgtPolicyEntry 4 } 1672 1673ctspDownloadedSgtPolicyAction OBJECT-TYPE 1674 SYNTAX INTEGER { 1675 none(1), 1676 refresh(2) 1677 } 1678 MAX-ACCESS read-write 1679 STATUS current 1680 DESCRIPTION 1681 "This object allows user to specify the action to be taken 1682 with this downloaded SGT policy. 1683 1684 When read, this object always returns the value 'none'. 1685 1686 'none' - No operation. 1687 'refresh' - Refresh this SGT policy." 1688 ::= { ctspDownloadedSgtPolicyEntry 5 } 1689 1690-- 1691-- ctspDownloadedDefSgtPolicyTable 1692-- 1693 1694ctspDownloadedDefSgtPolicyTable OBJECT-TYPE 1695 SYNTAX SEQUENCE OF CtspDownloadedDefSgtPolicyEntry 1696 MAX-ACCESS not-accessible 1697 STATUS current 1698 DESCRIPTION 1699 "This table lists the default SGT policy information 1700 downloaded by the device." 1701 ::= { ctspSgtPolicy 3 } 1702 1703ctspDownloadedDefSgtPolicyEntry OBJECT-TYPE 1704 SYNTAX CtspDownloadedDefSgtPolicyEntry 1705 MAX-ACCESS not-accessible 1706 STATUS current 1707 DESCRIPTION 1708 "Each row contains the managed objects for default SGT 1709 policies downloaded by the device." 1710 INDEX { ctspDownloadedDefSgtPolicyType } 1711 ::= { ctspDownloadedDefSgtPolicyTable 1 } 1712 1713CtspDownloadedDefSgtPolicyEntry ::= SEQUENCE { 1714 ctspDownloadedDefSgtPolicyType INTEGER, 1715 ctspDownloadedDefSgtPolicySgtGenId CtsGenerationId, 1716 ctspDownloadedDefSgtPolicyLifeTime Unsigned32, 1717 ctspDownloadedDefSgtPolicyLastUpdate DateAndTime, 1718 ctspDownloadedDefSgtPolicyAction INTEGER 1719} 1720 1721ctspDownloadedDefSgtPolicyType OBJECT-TYPE 1722 SYNTAX INTEGER { unicastDefault(1) } 1723 MAX-ACCESS not-accessible 1724 STATUS current 1725 DESCRIPTION 1726 "This object indicates the downloaded default SGT 1727 policy type. 1728 1729 'unicastDefault' indicates the SGT policy applied to 1730 traffic which carries the default unicast SGT." 1731 ::= { ctspDownloadedDefSgtPolicyEntry 1 } 1732 1733ctspDownloadedDefSgtPolicySgtGenId OBJECT-TYPE 1734 SYNTAX CtsGenerationId 1735 MAX-ACCESS read-only 1736 STATUS current 1737 DESCRIPTION 1738 "This object indicates the generation identification of 1739 the downloaded default SGT policy." 1740 ::= { ctspDownloadedDefSgtPolicyEntry 2 } 1741 1742ctspDownloadedDefSgtPolicyLifeTime OBJECT-TYPE 1743 SYNTAX Unsigned32 1744 UNITS "seconds" 1745 MAX-ACCESS read-only 1746 STATUS current 1747 DESCRIPTION 1748 "This object indicates the policy life time which 1749 provides the time interval during which this 1750 download default policy is valid." 1751 ::= { ctspDownloadedDefSgtPolicyEntry 3 } 1752 1753ctspDownloadedDefSgtPolicyLastUpdate OBJECT-TYPE 1754 SYNTAX DateAndTime 1755 MAX-ACCESS read-only 1756 STATUS current 1757 DESCRIPTION 1758 "This object indicates the time when this downloaded 1759 SGT policy is last updated." 1760 ::= { ctspDownloadedDefSgtPolicyEntry 4 } 1761 1762ctspDownloadedDefSgtPolicyAction OBJECT-TYPE 1763 SYNTAX INTEGER { 1764 none(1), 1765 refresh(2) 1766 } 1767 MAX-ACCESS read-write 1768 STATUS current 1769 DESCRIPTION 1770 "This object allows user to specify the action to be taken 1771 with this default downloaded SGT policy. 1772 1773 When read, this object always returns the value 'none'. 1774 1775 'none' - No operation. 1776 'refresh' - Refresh this default SGT policy." 1777 ::= { ctspDownloadedDefSgtPolicyEntry 5 } 1778 1779-- 1780-- ctspIfSgtMappingTable 1781-- 1782 1783ctspIfSgtMappingTable OBJECT-TYPE 1784 SYNTAX SEQUENCE OF CtspIfSgtMappingEntry 1785 MAX-ACCESS not-accessible 1786 STATUS current 1787 DESCRIPTION 1788 "This table contains the Interface-to-SGT mapping configuration 1789 information in the device." 1790 ::= { ctspIfSgtMappings 1 } 1791 1792ctspIfSgtMappingEntry OBJECT-TYPE 1793 SYNTAX CtspIfSgtMappingEntry 1794 MAX-ACCESS not-accessible 1795 STATUS current 1796 DESCRIPTION 1797 "Each row contains the SGT mapping configuration of a particular 1798 interface. 1799 1800 A row instance can be created or removed by setting 1801 ctspIfSgtRowStatus." 1802 INDEX { ifIndex } 1803 ::= { ctspIfSgtMappingTable 1 } 1804 1805CtspIfSgtMappingEntry ::= SEQUENCE { 1806 ctspIfSgtValue CtsSecurityGroupTag, 1807 ctspIfSgName SnmpAdminString, 1808 ctspIfSgtStorageType StorageType, 1809 ctspIfSgtRowStatus RowStatus 1810} 1811 1812ctspIfSgtValue OBJECT-TYPE 1813 SYNTAX CtsSecurityGroupTag 1814 MAX-ACCESS read-create 1815 STATUS current 1816 DESCRIPTION 1817 "This object specifies the SGT value assigned to the interface." 1818 ::= { ctspIfSgtMappingEntry 1 } 1819 1820ctspIfSgName OBJECT-TYPE 1821 SYNTAX SnmpAdminString 1822 MAX-ACCESS read-create 1823 STATUS current 1824 DESCRIPTION 1825 "This object specifies the Security Group Name assigned to 1826 the interface." 1827 ::= { ctspIfSgtMappingEntry 2 } 1828 1829ctspIfSgtStorageType OBJECT-TYPE 1830 SYNTAX StorageType 1831 MAX-ACCESS read-create 1832 STATUS current 1833 DESCRIPTION 1834 "The storage type for this conceptual row." 1835 DEFVAL { volatile } 1836 ::= { ctspIfSgtMappingEntry 3 } 1837 1838ctspIfSgtRowStatus OBJECT-TYPE 1839 SYNTAX RowStatus 1840 MAX-ACCESS read-create 1841 STATUS current 1842 DESCRIPTION 1843 "This object is used to manage the creation and deletion 1844 of rows in this table." 1845 ::= { ctspIfSgtMappingEntry 4 } 1846 1847-- 1848-- ctspIfSgtMappingInfoTable 1849-- 1850ctspIfSgtMappingInfoTable OBJECT-TYPE 1851 SYNTAX SEQUENCE OF CtspIfSgtMappingInfoEntry 1852 MAX-ACCESS not-accessible 1853 STATUS current 1854 DESCRIPTION 1855 "This table contains the Interface-to-SGT mapping status 1856 information in the device." 1857 ::= { ctspIfSgtMappings 2 } 1858 1859ctspIfSgtMappingInfoEntry OBJECT-TYPE 1860 SYNTAX CtspIfSgtMappingInfoEntry 1861 MAX-ACCESS not-accessible 1862 STATUS current 1863 DESCRIPTION 1864 "Containing the Interface-to-SGT mapping status of the 1865 specified interface." 1866 INDEX { ifIndex } 1867 ::= { ctspIfSgtMappingInfoTable 1 } 1868 1869CtspIfSgtMappingInfoEntry ::= SEQUENCE { 1870 ctspL3IPMStatus INTEGER 1871} 1872 1873ctspL3IPMStatus OBJECT-TYPE 1874 SYNTAX INTEGER { 1875 disabled(1), 1876 active(2), 1877 inactive(3) 1878 } 1879 MAX-ACCESS read-only 1880 STATUS current 1881 DESCRIPTION 1882 "This object indicates the Layer 3 Identity Port Mapping(IPM) 1883 operational mode. 1884 1885 disabled - The L3 IPM is not configured. 1886 active - The L3 IPM is configured for this interface, and 1887 SGT is available. 1888 inactive - The L3 IPM is configured for this interface, and 1889 SGT is unavailable." 1890 ::= { ctspIfSgtMappingInfoEntry 1 } 1891 1892-- 1893-- ctspVlanSgtMappingTable 1894-- 1895 1896ctspVlanSgtMappingTable OBJECT-TYPE 1897 SYNTAX SEQUENCE OF CtspVlanSgtMappingEntry 1898 MAX-ACCESS not-accessible 1899 STATUS current 1900 DESCRIPTION 1901 "This table contains the Vlan-SGT mapping information 1902 in the device." 1903 ::= { ctspVlanSgtMappings 1 } 1904 1905ctspVlanSgtMappingEntry OBJECT-TYPE 1906 SYNTAX CtspVlanSgtMappingEntry 1907 MAX-ACCESS not-accessible 1908 STATUS current 1909 DESCRIPTION 1910 "Each row contains the SGT mapping configuration of a particular 1911 VLAN. 1912 1913 A row instance can be created or removed by setting 1914 ctspVlanSgtRowStatus." 1915 INDEX { ctspVlanSgtMappingIndex } 1916 ::= { ctspVlanSgtMappingTable 1 } 1917 1918CtspVlanSgtMappingEntry ::= SEQUENCE { 1919 ctspVlanSgtMappingIndex VlanIndex, 1920 ctspVlanSgtMapValue CtsSecurityGroupTag, 1921 ctspVlanSgtStorageType StorageType, 1922 ctspVlanSgtRowStatus RowStatus 1923} 1924 1925ctspVlanSgtMappingIndex OBJECT-TYPE 1926 SYNTAX VlanIndex 1927 MAX-ACCESS not-accessible 1928 STATUS current 1929 DESCRIPTION 1930 "This object specifies the VLAN-ID which is used as index." 1931 ::= { ctspVlanSgtMappingEntry 1 } 1932 1933ctspVlanSgtMapValue OBJECT-TYPE 1934 SYNTAX CtsSecurityGroupTag 1935 MAX-ACCESS read-create 1936 STATUS current 1937 DESCRIPTION 1938 "This object specifies the SGT value assigned to the vlan." 1939 ::= { ctspVlanSgtMappingEntry 2 } 1940 1941ctspVlanSgtStorageType OBJECT-TYPE 1942 SYNTAX StorageType 1943 MAX-ACCESS read-create 1944 STATUS current 1945 DESCRIPTION 1946 "The storage type for this conceptual row." 1947 DEFVAL { volatile } 1948 ::= { ctspVlanSgtMappingEntry 3 } 1949 1950ctspVlanSgtRowStatus OBJECT-TYPE 1951 SYNTAX RowStatus 1952 MAX-ACCESS read-create 1953 STATUS current 1954 DESCRIPTION 1955 "This object is used to manage the creation and deletion 1956 of rows in this table." 1957 ::= { ctspVlanSgtMappingEntry 4 } 1958 1959-- 1960-- ctsSgtCaching group 1961-- 1962 1963ctspSgtCachingMode OBJECT-TYPE 1964 SYNTAX INTEGER { 1965 none(1), 1966 standAlone(2), 1967 withEnforcement(3), 1968 vlan(4) 1969 } 1970 MAX-ACCESS read-write 1971 STATUS current 1972 DESCRIPTION 1973 "This object specifies which SGT-caching mode is configured 1974 for SGT caching capable interfaces at the managed system. 1975 1976 'none' indicates that sgt-caching for all Layer 3 1977 interfaces (excluding SVIs) is disabled. 1978 1979 'standAlone' indicates that SGT-caching is enabled on 1980 every TrustSec capable Layer3 interface (excluding SVIs) 1981 in the device. 1982 1983 'withEnforcement' indicates that SGT-caching is enabled on 1984 interfaces that have RBAC enforcement enabled. 1985 1986 'vlan' indicates that SGT-caching is enabled on 1987 the VLANs specified by ctspSgtCachingVlansfFirst2K & 1988 ctspSgtCachingVlansSecond2K" 1989 ::= { ctspSgtCaching 1 } 1990 1991ctspSgtCachingVlansFirst2K OBJECT-TYPE 1992 SYNTAX Cisco2KVlanList 1993 MAX-ACCESS read-write 1994 STATUS current 1995 DESCRIPTION 1996 "A string of octets containing one bit per VLAN for VLANs 0 to 1997 2047. 1998 1999 If the bit corresponding to a VLAN is set to 1, it indicates 2000 SGT-caching is enabled on the VLAN. 2001 2002 If the bit corresponding to a VLAN is set to 0, it indicates 2003 SGT-caching is disabled on the VLAN." 2004 ::= { ctspSgtCaching 2 } 2005 2006ctspSgtCachingVlansSecond2K OBJECT-TYPE 2007 SYNTAX Cisco2KVlanList 2008 MAX-ACCESS read-write 2009 STATUS current 2010 DESCRIPTION 2011 "A string of octets containing one bit per VLAN for VLANs 2048 2012 to 4095. 2013 2014 If the bit corresponding to a VLAN is set to 1, it indicates 2015 SGT-caching is enabled on the VLAN. 2016 2017 If the bit corresponding to a VLAN is set to 0, it indicates 2018 SGT-caching is disabled on the VLAN." 2019 ::= { ctspSgtCaching 3 } 2020 2021 2022-- Notifications Control 2023ctspPeerPolicyUpdatedNotifEnable OBJECT-TYPE 2024 SYNTAX TruthValue 2025 MAX-ACCESS read-write 2026 STATUS current 2027 DESCRIPTION 2028 "This object specifies whether the system generates 2029 ctspPeerPolicyUpdatedNotif. 2030 2031 A value of 'false' will prevent 2032 ctspPeerPolicyUpdatedNotif notifications 2033 from being generated by this system." 2034 2035 ::= { ctspNotifsControl 1 } 2036 2037ctspAuthorizationSgaclFailNotifEnable OBJECT-TYPE 2038 SYNTAX TruthValue 2039 MAX-ACCESS read-write 2040 STATUS current 2041 DESCRIPTION 2042 "This object specifies whether this system generates the 2043 ctspAuthorizationSgaclFailNotif. 2044 2045 A value of 'false' will prevent 2046 ctspAuthorizationSgaclFailNotif notifications 2047 from being generated by this system." 2048 ::= { ctspNotifsControl 2 } 2049 2050-- Notifications Only Info 2051 2052ctspOldPeerSgt OBJECT-TYPE 2053 SYNTAX CtsSecurityGroupTag 2054 MAX-ACCESS accessible-for-notify 2055 STATUS current 2056 DESCRIPTION 2057 "This object provides the old sgt value for 2058 ctspPeerPolicyUpdatedNotif, i.e., the 2059 sgt value before the policy is updated." 2060 ::= { ctspNotifsOnlyInfo 1 } 2061 2062 2063ctspAuthorizationSgaclFailReason OBJECT-TYPE 2064 SYNTAX INTEGER { 2065 downloadACE(1), 2066 downloadSrc(2), 2067 downloadDst(3), 2068 installPolicy(4), 2069 installPolicyStandby(5), 2070 installForIP(6), 2071 uninstall(7) 2072 } 2073 MAX-ACCESS accessible-for-notify 2074 STATUS current 2075 DESCRIPTION 2076 "This object indicates the reason of failure during SGACL 2077 acquisitions, installations and uninstallations, which is 2078 associated with ctspAuthorizationSgaclFailNotif; 2079 2080 'downloadACE' 2081 - Failure during downloading ACE in SGACL acquisition. 2082 'downloadSrc' 2083 - Failure during downloading source list in SGACL acquisition. 2084 'downloadDst' 2085 - Failure during downloading destination list in 2086 SGACL acquisition. 2087 'installPolicy' 2088 - Failure during SGACL policy installation 2089 'installPolicyStandby' 2090 - Failure during SGACL policy installation on standby 2091 'installForIP' 2092 - Failure during SGACL installation for specific IP type. 2093 'uninstall' - Failure during SGACL uninstallation." 2094 ::= { ctspNotifsOnlyInfo 2 } 2095 2096ctspAuthorizationSgaclFailInfo OBJECT-TYPE 2097 SYNTAX SnmpAdminString 2098 MAX-ACCESS accessible-for-notify 2099 STATUS current 2100 DESCRIPTION 2101 "This object provides additional information about 2102 authorization SGACL failure, which is associated with 2103 ctspAuthorizationSgaclFailNotif." 2104 ::= { ctspNotifsOnlyInfo 3 } 2105 2106-- Notifications 2107 2108ctspPeerPolicyUpdatedNotif NOTIFICATION-TYPE 2109 OBJECTS { 2110 ctspOldPeerSgt, 2111 ctspPeerSgt 2112 } 2113 STATUS current 2114 DESCRIPTION 2115 "A ctspPeerPolicyUpdatedNotif is generated when 2116 the SGT value of a peer device has been updated." 2117 ::= { ciscoTrustSecPolicyMIBNotifs 1 } 2118 2119ctspAuthorizationSgaclFailNotif NOTIFICATION-TYPE 2120 OBJECTS { 2121 ctspAuthorizationSgaclFailReason, 2122 ctspAuthorizationSgaclFailInfo 2123 } 2124 STATUS current 2125 DESCRIPTION 2126 "A ctspAuthorizationSgaclFailNotif is generated 2127 when the authorization of SGACL fails." 2128 ::= { ciscoTrustSecPolicyMIBNotifs 2 } 2129 2130-- 2131-- Conformance 2132-- 2133 2134ciscoTrustSecPolicyMIBCompliances 2135 OBJECT IDENTIFIER ::= { ciscoTrustSecPolicyMIBConformance 1 } 2136 2137ciscoTrustSecPolicyMIBGroups 2138 OBJECT IDENTIFIER ::= { ciscoTrustSecPolicyMIBConformance 2 } 2139 2140ciscoTrustSecPolicyMIBCompliance MODULE-COMPLIANCE 2141 STATUS deprecated 2142 DESCRIPTION 2143 "The compliance statement for the CISCO-TRUSTSEC-POLICY-MIB" 2144 MODULE 2145 MANDATORY-GROUPS { 2146 ctspGlobalSgaclEnforcementGroup, 2147 ctspOperSgaclMappingGroup, 2148 ctspDownloadedSgaclMappingGroup, 2149 ctspIpSwStatisticsGroup, 2150 ctspDefSwStatisticsGroup 2151 } 2152 2153 GROUP ctspVlanConfigGroup 2154 DESCRIPTION 2155 "This group is mandatory only for platforms which support 2156 SGACL enforcement for VLAN." 2157 2158 GROUP ctspConfigSgaclMappingGroup 2159 DESCRIPTION 2160 "This group is mandatory only for platforms which support 2161 statically configured SGACLs in the device." 2162 2163 GROUP ctspIpHwStatisticsGroup 2164 DESCRIPTION 2165 "This group is mandatory only for platforms which support 2166 hardware statistics counters for unicast IP traffic 2167 subjected to SGACL enforcement." 2168 2169 GROUP ctspDefHwStatisticsGroup 2170 DESCRIPTION 2171 "This group is mandatory only for platforms which support 2172 hardware statistics counters for unicast IP traffic 2173 subjected to default unicast policy enforcement." 2174 2175 GROUP ctspSgaclIpv4DropNetflowMonitorGroup 2176 DESCRIPTION 2177 "This group is mandatory only for platforms which support 2178 netflow monitor for IPv4 traffic drop packet due to SGACL 2179 enforcement information in the device." 2180 2181 GROUP ctspSgaclIpv6DropNetflowMonitorGroup 2182 DESCRIPTION 2183 "This group is mandatory only for platforms which support 2184 netflow monitor for IPv6 traffic drop packet due to SGACL 2185 enforcement information in the device." 2186 2187 GROUP ctspPeerPolicyGroup 2188 DESCRIPTION 2189 "This group is mandatory only for platforms which support 2190 peer policies information in the device." 2191 2192 GROUP ctspPeerPolicyActionGroup 2193 DESCRIPTION 2194 "This group is mandatory only for platforms which support 2195 refresh of all peer policies information in the device." 2196 2197 GROUP ctspLayer3TransportGroup 2198 DESCRIPTION 2199 "This group is mandatory only for platforms which support 2200 SGT propagation along Layer 3 traffic to network that is 2201 not capable of TrustSec feature." 2202 2203 GROUP ctspIpSgtMappingGroup 2204 DESCRIPTION 2205 "This group is mandatory only for platforms which support 2206 IP-to-SGT mapping information." 2207 2208 GROUP ctspIfL3PolicyConfigGroup 2209 DESCRIPTION 2210 "This group is mandatory only for platforms which support 2211 Layer3 Transport policy enforcement on capable interface." 2212 2213 GROUP ctspSgtPolicyGroup 2214 DESCRIPTION 2215 "This group is mandatory only for platforms which support 2216 SGT policies information in the device." 2217 2218 OBJECT ctspVlanConfigSgaclEnforcement 2219 MIN-ACCESS read-only 2220 DESCRIPTION 2221 "Support for read-create access is not required." 2222 2223 OBJECT ctspVlanConfigVrfName 2224 MIN-ACCESS read-only 2225 DESCRIPTION 2226 "Support for read-create access is not required." 2227 2228 OBJECT ctspVlanConfigStorageType 2229 MIN-ACCESS read-only 2230 DESCRIPTION 2231 "Support for read-create access is not required." 2232 2233 OBJECT ctspVlanConfigRowStatus 2234 SYNTAX INTEGER { active(1) } 2235 WRITE-SYNTAX INTEGER { createAndGo(4), destroy(6) } 2236 MIN-ACCESS read-only 2237 DESCRIPTION 2238 "Support for 'createAndWait' is not required." 2239 2240 OBJECT ctspConfigSgaclMappingStorageType 2241 MIN-ACCESS read-only 2242 DESCRIPTION 2243 "Support for read-create access is not required." 2244 2245 OBJECT ctspConfigSgaclMappingRowStatus 2246 SYNTAX INTEGER { active(1) } 2247 WRITE-SYNTAX INTEGER { createAndGo(4), destroy(6) } 2248 MIN-ACCESS read-only 2249 DESCRIPTION 2250 "Support for 'createAndWait' is not required." 2251 2252 OBJECT ctspSgaclEnforcementEnable 2253 MIN-ACCESS read-only 2254 DESCRIPTION 2255 "Write access is not required." 2256 2257 OBJECT ctspSgaclIpv4DropNetflowMonitor 2258 MIN-ACCESS read-only 2259 DESCRIPTION 2260 "Write access is not required." 2261 2262 OBJECT ctspSgaclIpv6DropNetflowMonitor 2263 MIN-ACCESS read-only 2264 DESCRIPTION 2265 "Write access is not required." 2266 2267 OBJECT ctspConfigSgaclMappingSgaclName 2268 MIN-ACCESS read-only 2269 DESCRIPTION 2270 "Write access is not required." 2271 2272 OBJECT ctspDefConfigIpv4Sgacls 2273 MIN-ACCESS read-only 2274 DESCRIPTION 2275 "Write access is not required." 2276 2277 OBJECT ctspDefConfigIpv6Sgacls 2278 MIN-ACCESS read-only 2279 DESCRIPTION 2280 "Write access is not required." 2281 2282 OBJECT ctspLayer3PolicyLocalConfig 2283 MIN-ACCESS read-only 2284 DESCRIPTION 2285 "Write access is not required." 2286 2287 OBJECT ctspIpSgtStorageType 2288 MIN-ACCESS read-only 2289 DESCRIPTION 2290 "Support for read-create access is not required." 2291 2292 OBJECT ctspIpSgtRowStatus 2293 SYNTAX INTEGER { active(1) } 2294 WRITE-SYNTAX INTEGER { createAndGo(4), destroy(6) } 2295 MIN-ACCESS read-only 2296 DESCRIPTION 2297 "Support for 'createAndWait' is not required." 2298 2299 OBJECT ctspIpSgtValue 2300 MIN-ACCESS read-only 2301 DESCRIPTION 2302 "Write access is not required." 2303 2304 OBJECT ctspIpSgtSource 2305 MIN-ACCESS read-only 2306 DESCRIPTION 2307 "Write access is not required." 2308 2309 OBJECT ctspIfL3Ipv4PolicyEnabled 2310 MIN-ACCESS read-only 2311 DESCRIPTION 2312 "Write access is not required." 2313 2314 OBJECT ctspIfL3Ipv6PolicyEnabled 2315 MIN-ACCESS read-only 2316 DESCRIPTION 2317 "Write access is not required." 2318 2319 OBJECT ctspAllPeerPolicyAction 2320 MIN-ACCESS read-only 2321 DESCRIPTION 2322 "Write access is not required." 2323 2324 OBJECT ctspPeerPolicyAction 2325 MIN-ACCESS read-only 2326 DESCRIPTION 2327 "Write access is not required." 2328 2329 OBJECT ctspAllSgtPolicyAction 2330 MIN-ACCESS read-only 2331 DESCRIPTION 2332 "Write access is not required." 2333 2334 OBJECT ctspDownloadedSgtPolicyAction 2335 MIN-ACCESS read-only 2336 DESCRIPTION 2337 "Write access is not required." 2338 2339 OBJECT ctspDownloadedDefSgtPolicyAction 2340 MIN-ACCESS read-only 2341 DESCRIPTION 2342 "Write access is not required." 2343 ::= { ciscoTrustSecPolicyMIBCompliances 1 } 2344 2345ciscoTrustSecPolicyMIBComplianceRev2 MODULE-COMPLIANCE 2346 STATUS current 2347 DESCRIPTION 2348 "The compliance statement for the CISCO-TRUSTSEC-POLICY-MIB" 2349 MODULE 2350 MANDATORY-GROUPS { 2351 ctspGlobalSgaclEnforcementGroup, 2352 ctspOperSgaclMappingGroup, 2353 ctspDownloadedSgaclMappingGroup, 2354 ctspIpSwStatisticsGroup, 2355 ctspDefSwStatisticsGroup 2356 } 2357 2358 GROUP ctspVlanConfigGroup 2359 DESCRIPTION 2360 "This group is mandatory only for platforms which support 2361 SGACL enforcement for VLAN." 2362 2363 GROUP ctspConfigSgaclMappingGroup 2364 DESCRIPTION 2365 "This group is mandatory only for platforms which support 2366 statically configured SGACLs in the device." 2367 2368 GROUP ctspIpHwStatisticsGroup 2369 DESCRIPTION 2370 "This group is mandatory only for platforms which support 2371 hardware statistics counters for unicast IP traffic 2372 subjected to SGACL enforcement." 2373 2374 GROUP ctspDefHwStatisticsGroup 2375 DESCRIPTION 2376 "This group is mandatory only for platforms which support 2377 hardware statistics counters for unicast IP traffic 2378 subjected to default unicast policy enforcement." 2379 2380 GROUP ctspSgaclIpv4DropNetflowMonitorGroup 2381 DESCRIPTION 2382 "This group is mandatory only for platforms which support 2383 netflow monitor for IPv4 traffic drop packet due to SGACL 2384 enforcement information in the device." 2385 2386 GROUP ctspSgaclIpv6DropNetflowMonitorGroup 2387 DESCRIPTION 2388 "This group is mandatory only for platforms which support 2389 netflow monitor for IPv6 traffic drop packet due to SGACL 2390 enforcement information in the device." 2391 2392 GROUP ctspPeerPolicyGroup 2393 DESCRIPTION 2394 "This group is mandatory only for platforms which support 2395 peer policies information in the device." 2396 2397 GROUP ctspPeerPolicyActionGroup 2398 DESCRIPTION 2399 "This group is mandatory only for platforms which support 2400 refresh of all peer policies information in the device." 2401 2402 GROUP ctspLayer3TransportGroup 2403 DESCRIPTION 2404 "This group is mandatory only for platforms which support 2405 SGT propagation along Layer 3 traffic to network that is 2406 not capable of TrustSec feature." 2407 2408 GROUP ctspIpSgtMappingGroup 2409 DESCRIPTION 2410 "This group is mandatory only for platforms which support 2411 IP-to-SGT mapping information." 2412 2413 GROUP ctspIfL3PolicyConfigGroup 2414 DESCRIPTION 2415 "This group is mandatory only for platforms which support 2416 Layer3 Transport policy enforcement on capable interface." 2417 2418 GROUP ctspSgtPolicyGroup 2419 DESCRIPTION 2420 "This group is mandatory only for platforms which support 2421 SGT policies information in the device." 2422 2423 GROUP ctspIfSgtMappingGroup 2424 DESCRIPTION 2425 "This group is mandatory only for platforms which support 2426 Interface-to-SGT mapping information." 2427 2428 GROUP ctspVlanSgtMappingGroup 2429 DESCRIPTION 2430 "This group is mandatory only for platforms which support 2431 Vlan-to-SGT mapping information." 2432 2433 GROUP ctspSgtCachingGroup 2434 DESCRIPTION 2435 "This group is mandatory only for platforms which support 2436 SGT-Caching feature." 2437 2438 GROUP ctspSgaclMonitorGroup 2439 DESCRIPTION 2440 "This group is mandatory only for platforms which support 2441 SGACL monitor feature." 2442 2443 GROUP ctspSgaclMonitorStatisticGroup 2444 DESCRIPTION 2445 "This group is mandatory only for platforms which support 2446 SGACL monitor statistic." 2447 2448 GROUP ctspNotifCtrlGroup 2449 DESCRIPTION 2450 "This group is mandatory only for platforms which support 2451 cisco TrustSec policy notifications." 2452 2453 GROUP ctspNotifGroup 2454 DESCRIPTION 2455 "This group is mandatory only for platforms which support 2456 cisco TrustSec policy notifications." 2457 2458 GROUP ctspNotifInfoGroup 2459 DESCRIPTION 2460 "This group is mandatory only for platforms which support 2461 cisco TrustSec policy notifications." 2462 2463 2464 OBJECT ctspVlanConfigSgaclEnforcement 2465 MIN-ACCESS read-only 2466 DESCRIPTION 2467 "Support for read-create access is not required." 2468 2469 OBJECT ctspVlanConfigVrfName 2470 MIN-ACCESS read-only 2471 DESCRIPTION 2472 "Support for read-create access is not required." 2473 2474 OBJECT ctspVlanConfigStorageType 2475 MIN-ACCESS read-only 2476 DESCRIPTION 2477 "Support for read-create access is not required." 2478 2479 OBJECT ctspVlanConfigRowStatus 2480 SYNTAX INTEGER { active(1) } 2481 WRITE-SYNTAX INTEGER { createAndGo(4), destroy(6) } 2482 MIN-ACCESS read-only 2483 DESCRIPTION 2484 "Support for 'createAndWait' is not required." 2485 2486 OBJECT ctspConfigSgaclMappingStorageType 2487 MIN-ACCESS read-only 2488 DESCRIPTION 2489 "Support for read-create access is not required." 2490 2491 OBJECT ctspConfigSgaclMappingRowStatus 2492 SYNTAX INTEGER { active(1) } 2493 WRITE-SYNTAX INTEGER { createAndGo(4), destroy(6) } 2494 MIN-ACCESS read-only 2495 DESCRIPTION 2496 "Support for 'createAndWait' is not required." 2497 2498 OBJECT ctspSgaclEnforcementEnable 2499 MIN-ACCESS read-only 2500 DESCRIPTION 2501 "Write access is not required." 2502 2503 OBJECT ctspSgaclIpv4DropNetflowMonitor 2504 MIN-ACCESS read-only 2505 DESCRIPTION 2506 "Write access is not required." 2507 2508 OBJECT ctspSgaclIpv6DropNetflowMonitor 2509 MIN-ACCESS read-only 2510 DESCRIPTION 2511 "Write access is not required." 2512 2513 OBJECT ctspConfigSgaclMappingSgaclName 2514 MIN-ACCESS read-only 2515 DESCRIPTION 2516 "Write access is not required." 2517 2518 OBJECT ctspDefConfigIpv4Sgacls 2519 MIN-ACCESS read-only 2520 DESCRIPTION 2521 "Write access is not required." 2522 2523 OBJECT ctspDefConfigIpv6Sgacls 2524 MIN-ACCESS read-only 2525 DESCRIPTION 2526 "Write access is not required." 2527 2528 OBJECT ctspLayer3PolicyLocalConfig 2529 MIN-ACCESS read-only 2530 DESCRIPTION 2531 "Write access is not required." 2532 2533 OBJECT ctspIpSgtStorageType 2534 MIN-ACCESS read-only 2535 DESCRIPTION 2536 "Support for read-create access is not required." 2537 2538 OBJECT ctspIpSgtRowStatus 2539 SYNTAX INTEGER { active(1) } 2540 WRITE-SYNTAX INTEGER { createAndGo(4), destroy(6) } 2541 MIN-ACCESS read-only 2542 DESCRIPTION 2543 "Support for 'createAndWait' is not required." 2544 2545 OBJECT ctspIpSgtValue 2546 MIN-ACCESS read-only 2547 DESCRIPTION 2548 "Write access is not required." 2549 2550 OBJECT ctspIpSgtSource 2551 MIN-ACCESS read-only 2552 DESCRIPTION 2553 "Write access is not required." 2554 2555 OBJECT ctspIfL3Ipv4PolicyEnabled 2556 MIN-ACCESS read-only 2557 DESCRIPTION 2558 "Write access is not required." 2559 2560 OBJECT ctspIfL3Ipv6PolicyEnabled 2561 MIN-ACCESS read-only 2562 DESCRIPTION 2563 "Write access is not required." 2564 2565 OBJECT ctspAllPeerPolicyAction 2566 MIN-ACCESS read-only 2567 DESCRIPTION 2568 "Write access is not required." 2569 2570 OBJECT ctspPeerPolicyAction 2571 MIN-ACCESS read-only 2572 DESCRIPTION 2573 "Write access is not required." 2574 2575 OBJECT ctspAllSgtPolicyAction 2576 MIN-ACCESS read-only 2577 DESCRIPTION 2578 "Write access is not required." 2579 2580 OBJECT ctspDownloadedSgtPolicyAction 2581 MIN-ACCESS read-only 2582 DESCRIPTION 2583 "Write access is not required." 2584 2585 OBJECT ctspDownloadedDefSgtPolicyAction 2586 MIN-ACCESS read-only 2587 DESCRIPTION 2588 "Write access is not required." 2589 2590 OBJECT ctspDefConfigIpv4SgaclsMonitor 2591 MIN-ACCESS read-only 2592 DESCRIPTION 2593 "Write access is not required." 2594 2595 OBJECT ctspDefConfigIpv6SgaclsMonitor 2596 MIN-ACCESS read-only 2597 DESCRIPTION 2598 "Write access is not required." 2599 2600 OBJECT ctspSgaclMonitorEnable 2601 MIN-ACCESS read-only 2602 DESCRIPTION 2603 "Write access is not required." 2604 2605 OBJECT ctspIfSgtValue 2606 MIN-ACCESS read-only 2607 DESCRIPTION 2608 "Write access is not required." 2609 2610 OBJECT ctspIfSgName 2611 MIN-ACCESS read-only 2612 DESCRIPTION 2613 "Write access is not required." 2614 2615 OBJECT ctspIfSgtStorageType 2616 MIN-ACCESS read-only 2617 DESCRIPTION 2618 "Read-create access is not required." 2619 2620 OBJECT ctspIfSgtRowStatus 2621 SYNTAX INTEGER { active(1) } 2622 WRITE-SYNTAX INTEGER { createAndGo(4), destroy(6) } 2623 MIN-ACCESS read-only 2624 DESCRIPTION 2625 "Read-create access is not required." 2626 2627 OBJECT ctspVlanSgtMapValue 2628 MIN-ACCESS read-only 2629 DESCRIPTION 2630 "Write access is not required." 2631 2632 OBJECT ctspVlanSgtStorageType 2633 MIN-ACCESS read-only 2634 DESCRIPTION 2635 "Read-create access is not required." 2636 2637 OBJECT ctspVlanSgtRowStatus 2638 SYNTAX INTEGER { active(1) } 2639 WRITE-SYNTAX INTEGER { createAndGo(4), destroy(6) } 2640 MIN-ACCESS read-only 2641 DESCRIPTION 2642 "Read-create access is not required." 2643 2644 OBJECT ctspConfigSgaclMonitor 2645 MIN-ACCESS read-only 2646 DESCRIPTION 2647 "Write access is not required." 2648 2649 OBJECT ctspSgtCachingMode 2650 MIN-ACCESS read-only 2651 DESCRIPTION 2652 "Write access is not required." 2653 2654 OBJECT ctspSgtCachingVlansFirst2K 2655 MIN-ACCESS read-only 2656 DESCRIPTION 2657 "Write access is not required." 2658 2659 OBJECT ctspSgtCachingVlansSecond2K 2660 MIN-ACCESS read-only 2661 DESCRIPTION 2662 "Write access is not required." 2663 2664 OBJECT ctspPeerPolicyUpdatedNotifEnable 2665 MIN-ACCESS read-only 2666 DESCRIPTION 2667 "Write access is not required." 2668 2669 OBJECT ctspAuthorizationSgaclFailNotifEnable 2670 MIN-ACCESS read-only 2671 DESCRIPTION 2672 "Write access is not required." 2673 2674 2675 ::= { ciscoTrustSecPolicyMIBCompliances 2 } 2676 2677-- 2678-- Units of Conformance 2679-- 2680 2681ctspGlobalSgaclEnforcementGroup OBJECT-GROUP 2682 OBJECTS { 2683 ctspSgaclEnforcementEnable 2684 } 2685 STATUS current 2686 DESCRIPTION 2687 "A collection of object which provides the SGACL enforcement 2688 information for all TrustSec capable Layer 3 interfaces 2689 (excluding SVIs) at the device level." 2690 ::= { ciscoTrustSecPolicyMIBGroups 1 } 2691 2692ctspSgaclIpv4DropNetflowMonitorGroup OBJECT-GROUP 2693 OBJECTS { 2694 ctspSgaclIpv4DropNetflowMonitor 2695 } 2696 STATUS current 2697 DESCRIPTION 2698 "A collection of object which provides netflow monitor 2699 information for IPv4 traffic drop packet due to SGACL 2700 enforcement in the device." 2701 ::= { ciscoTrustSecPolicyMIBGroups 2 } 2702 2703ctspSgaclIpv6DropNetflowMonitorGroup OBJECT-GROUP 2704 OBJECTS { 2705 ctspSgaclIpv6DropNetflowMonitor 2706 } 2707 STATUS current 2708 DESCRIPTION 2709 "A collection of object which provides netflow monitor 2710 information for IPv6 traffic drop packet due to SGACL 2711 enforcement in the device." 2712 ::= { ciscoTrustSecPolicyMIBGroups 3 } 2713 2714ctspVlanConfigGroup OBJECT-GROUP 2715 OBJECTS { 2716 ctspVlanConfigSgaclEnforcement, 2717 ctspVlanSviActive, 2718 ctspVlanConfigVrfName, 2719 ctspVlanConfigStorageType, 2720 ctspVlanConfigRowStatus 2721 } 2722 STATUS current 2723 DESCRIPTION 2724 "A collection of object which provides the SGACL enforcement 2725 and VRF information for each VLAN." 2726 ::= { ciscoTrustSecPolicyMIBGroups 4 } 2727 2728ctspConfigSgaclMappingGroup OBJECT-GROUP 2729 OBJECTS { 2730 ctspConfigSgaclMappingSgaclName, 2731 ctspConfigSgaclMappingStorageType, 2732 ctspConfigSgaclMappingRowStatus, 2733 ctspDefConfigIpv4Sgacls, 2734 ctspDefConfigIpv6Sgacls 2735 } 2736 STATUS current 2737 DESCRIPTION 2738 "A collection of objects which provides the administratively 2739 configured SGACL mapping information in the device." 2740 ::= { ciscoTrustSecPolicyMIBGroups 5 } 2741 2742ctspDownloadedSgaclMappingGroup OBJECT-GROUP 2743 OBJECTS { 2744 ctspDownloadedSgaclName, 2745 ctspDownloadedSgaclGenId, 2746 ctspDownloadedIpTrafficType, 2747 ctspDefDownloadedSgaclName, 2748 ctspDefDownloadedSgaclGenId, 2749 ctspDefDownloadedIpTrafficType 2750 } 2751 STATUS current 2752 DESCRIPTION 2753 "A collection of objects which provides the downloaded 2754 SGACL mapping information in the device." 2755 ::= { ciscoTrustSecPolicyMIBGroups 6 } 2756 2757ctspOperSgaclMappingGroup OBJECT-GROUP 2758 OBJECTS { 2759 ctspOperationalSgaclName, 2760 ctspOperationalSgaclGenId, 2761 ctspOperSgaclMappingSource, 2762 ctspOperSgaclConfigSource, 2763 ctspDefOperationalSgaclName, 2764 ctspDefOperationalSgaclGenId, 2765 ctspDefOperSgaclMappingSource, 2766 ctspDefOperSgaclConfigSource 2767 } 2768 STATUS current 2769 DESCRIPTION 2770 "A collection of objects which provides the operational 2771 SGACL mapping information in the device." 2772 ::= { ciscoTrustSecPolicyMIBGroups 7 } 2773 2774ctspIpSwStatisticsGroup OBJECT-GROUP 2775 OBJECTS { 2776 ctspStatsIpSwDropPkts, 2777 ctspStatsIpSwPermitPkts 2778 } 2779 STATUS current 2780 DESCRIPTION 2781 "A collection of objects which provides software 2782 statistics counters for unicast IP traffic subjected 2783 to SGACL enforcement." 2784 ::= { ciscoTrustSecPolicyMIBGroups 8 } 2785 2786ctspIpHwStatisticsGroup OBJECT-GROUP 2787 OBJECTS { 2788 ctspStatsIpHwDropPkts, 2789 ctspStatsIpHwPermitPkts 2790 } 2791 STATUS current 2792 DESCRIPTION 2793 "A collection of objects which provides hardware 2794 statistics counters for unicast IP traffic subjected 2795 to SGACL enforcement." 2796 ::= { ciscoTrustSecPolicyMIBGroups 9 } 2797 2798ctspDefSwStatisticsGroup OBJECT-GROUP 2799 OBJECTS { 2800 ctspDefIpSwDropPkts, 2801 ctspDefIpSwPermitPkts 2802 } 2803 STATUS current 2804 DESCRIPTION 2805 "A collection of objects which provides software 2806 statistics counters for unicast IP traffic subjected 2807 to unicast default policy enforcement." 2808 ::= { ciscoTrustSecPolicyMIBGroups 10 } 2809 2810ctspDefHwStatisticsGroup OBJECT-GROUP 2811 OBJECTS { 2812 ctspDefIpHwDropPkts, 2813 ctspDefIpHwPermitPkts 2814 } 2815 STATUS current 2816 DESCRIPTION 2817 "A collection of objects which provides hardware 2818 statistics counters for unicast IP traffic subjected to 2819 unicast default policy enforcement." 2820 ::= { ciscoTrustSecPolicyMIBGroups 11 } 2821 2822ctspPeerPolicyActionGroup OBJECT-GROUP 2823 OBJECTS { 2824 ctspAllPeerPolicyAction 2825 } 2826 STATUS current 2827 DESCRIPTION 2828 "A collection of object which provides refreshing 2829 of all peer policies in the device." 2830 ::= { ciscoTrustSecPolicyMIBGroups 12 } 2831 2832ctspPeerPolicyGroup OBJECT-GROUP 2833 OBJECTS { 2834 ctspPeerSgt, 2835 ctspPeerSgtGenId, 2836 ctspPeerTrustState, 2837 ctspPeerPolicyLifeTime, 2838 ctspPeerPolicyLastUpdate, 2839 ctspPeerPolicyAction 2840 } 2841 STATUS current 2842 DESCRIPTION 2843 "A collection of object which provides peer policy 2844 information in the device." 2845 ::= { ciscoTrustSecPolicyMIBGroups 13 } 2846 2847ctspLayer3TransportGroup OBJECT-GROUP 2848 OBJECTS { 2849 ctspLayer3PolicyLocalConfig, 2850 ctspLayer3PolicyDownloaded, 2851 ctspLayer3PolicyOperational 2852 } 2853 STATUS current 2854 DESCRIPTION 2855 "A collection of objects which provides managed 2856 information regarding the SGT propagation along with 2857 Layer 3 traffic in the device." 2858 ::= { ciscoTrustSecPolicyMIBGroups 14 } 2859 2860ctspIfL3PolicyConfigGroup OBJECT-GROUP 2861 OBJECTS { 2862 ctspIfL3Ipv4PolicyEnabled, 2863 ctspIfL3Ipv6PolicyEnabled 2864 } 2865 STATUS current 2866 DESCRIPTION 2867 "A collection of objects which provides managed 2868 information for Layer3 Tranport policy enforcement on 2869 capable interface in the device." 2870 ::= { ciscoTrustSecPolicyMIBGroups 15 } 2871 2872ctspIpSgtMappingGroup OBJECT-GROUP 2873 OBJECTS { 2874 ctspIpSgtValue, 2875 ctspIpSgtSource, 2876 ctspIpSgtStorageType, 2877 ctspIpSgtRowStatus 2878 } 2879 STATUS current 2880 DESCRIPTION 2881 "A collection of objects which provides managed 2882 information regarding IP-to-Sgt mapping in the device." 2883 ::= { ciscoTrustSecPolicyMIBGroups 16 } 2884 2885ctspSgtPolicyGroup OBJECT-GROUP 2886 OBJECTS { 2887 ctspAllSgtPolicyAction, 2888 ctspDownloadedSgtPolicySgtGenId, 2889 ctspDownloadedSgtPolicyLifeTime, 2890 ctspDownloadedSgtPolicyLastUpdate, 2891 ctspDownloadedSgtPolicyAction, 2892 ctspDownloadedDefSgtPolicySgtGenId, 2893 ctspDownloadedDefSgtPolicyLifeTime, 2894 ctspDownloadedDefSgtPolicyLastUpdate, 2895 ctspDownloadedDefSgtPolicyAction 2896 } 2897 STATUS current 2898 DESCRIPTION 2899 "A collection of object which provides SGT policy 2900 information in the device." 2901 ::= { ciscoTrustSecPolicyMIBGroups 17 } 2902 2903ctspIfSgtMappingGroup OBJECT-GROUP 2904 OBJECTS { 2905 ctspIfSgtValue, 2906 ctspIfSgName, 2907 ctspL3IPMStatus, 2908 ctspIfSgtStorageType, 2909 ctspIfSgtRowStatus 2910 } 2911 STATUS current 2912 DESCRIPTION 2913 "A collection of objects which provides managed 2914 information regarding Interface-to-Sgt mapping in 2915 the device." 2916 ::= { ciscoTrustSecPolicyMIBGroups 18 } 2917 2918ctspVlanSgtMappingGroup OBJECT-GROUP 2919 OBJECTS { 2920 ctspVlanSgtMapValue, 2921 ctspVlanSgtStorageType, 2922 ctspVlanSgtRowStatus 2923 } 2924 STATUS current 2925 DESCRIPTION 2926 "A collection of objects which provides sgt mapping 2927 information for the IP traffic in the specified Vlan." 2928 ::= { ciscoTrustSecPolicyMIBGroups 19 } 2929 2930ctspSgtCachingGroup OBJECT-GROUP 2931 OBJECTS { 2932 ctspSgtCachingMode, 2933 ctspSgtCachingVlansFirst2K, 2934 ctspSgtCachingVlansSecond2K 2935 } 2936 STATUS current 2937 DESCRIPTION 2938 "A collection of objects which provides sgt Caching 2939 information." 2940 ::= { ciscoTrustSecPolicyMIBGroups 20 } 2941 2942ctspSgaclMonitorGroup OBJECT-GROUP 2943 OBJECTS { 2944 ctspSgaclMonitorEnable, 2945 ctspConfigSgaclMonitor, 2946 ctspDefConfigIpv4SgaclsMonitor, 2947 ctspDefConfigIpv6SgaclsMonitor, 2948 ctspDownloadedSgaclMonitor, 2949 ctspDefDownloadedSgaclMonitor, 2950 ctspOperSgaclMonitor, 2951 ctspDefOperSgaclMonitor 2952 } 2953 STATUS current 2954 DESCRIPTION 2955 "A collection of objects which provides SGACL monitor 2956 information." 2957 ::= { ciscoTrustSecPolicyMIBGroups 21 } 2958 2959ctspSgaclMonitorStatisticGroup OBJECT-GROUP 2960 OBJECTS { 2961 ctspStatsIpSwMonitorPkts, 2962 ctspStatsIpHwMonitorPkts, 2963 ctspDefIpSwMonitorPkts, 2964 ctspDefIpHwMonitorPkts 2965 } 2966 STATUS current 2967 DESCRIPTION 2968 "A collection of objects which provides monitor statistics 2969 counters for unicast IP traffic subjected to SGACL 2970 enforcement." 2971 ::= { ciscoTrustSecPolicyMIBGroups 22 } 2972 2973ctspNotifCtrlGroup OBJECT-GROUP 2974 OBJECTS { 2975 ctspPeerPolicyUpdatedNotifEnable, 2976 ctspAuthorizationSgaclFailNotifEnable 2977 } 2978 STATUS current 2979 DESCRIPTION 2980 "A collection of objects providing notification control 2981 for TrustSec policy notifications." 2982 2983 ::= { ciscoTrustSecPolicyMIBGroups 23 } 2984 2985 2986ctspNotifGroup NOTIFICATION-GROUP 2987 NOTIFICATIONS { 2988 ctspPeerPolicyUpdatedNotif, 2989 ctspAuthorizationSgaclFailNotif 2990 } 2991 STATUS current 2992 DESCRIPTION 2993 "A collection of notifications for TrustSec policy." 2994 ::= { ciscoTrustSecPolicyMIBGroups 24 } 2995 2996 2997ctspNotifInfoGroup OBJECT-GROUP 2998 OBJECTS { 2999 ctspOldPeerSgt, 3000 ctspAuthorizationSgaclFailReason, 3001 ctspAuthorizationSgaclFailInfo 3002 } 3003 STATUS current 3004 DESCRIPTION 3005 "A collection of objects providing the variable binding for 3006 TrustSec policy notifications." 3007 ::= { ciscoTrustSecPolicyMIBGroups 25 } 3008END 3009 3010 3011 3012 3013 3014 3015 3016 3017 3018 3019 3020