mirror of
https://github.com/hsnodgrass/snmp_mib_archive.git
synced 2025-04-17 16:03:04 +00:00
224 lines
8.0 KiB
Plaintext
224 lines
8.0 KiB
Plaintext
-- *********************************************************************
|
|
-- CISCO-TRUSTSEC-TC-MIB.my
|
|
-- List of Textual Conventions used by Cisco Trusted Security Framework
|
|
--
|
|
-- February 2008, Edward Pham, Liwei Lue, Dipesh Gorashia
|
|
--
|
|
-- Copyright (c) 2008-2009 by Cisco Systems, Inc.
|
|
-- All rights reserved.
|
|
-- *********************************************************************
|
|
|
|
CISCO-TRUSTSEC-TC-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
Unsigned32
|
|
FROM SNMPv2-SMI
|
|
TEXTUAL-CONVENTION
|
|
FROM SNMPv2-TC
|
|
ciscoMgmt
|
|
FROM CISCO-SMI;
|
|
|
|
|
|
ciscoCtsTcMIB MODULE-IDENTITY
|
|
LAST-UPDATED "200905140000Z"
|
|
ORGANIZATION "Cisco Systems, Inc."
|
|
CONTACT-INFO
|
|
"Cisco Systems
|
|
Customer Service
|
|
|
|
Postal: 170 W Tasman Drive
|
|
San Jose, CA 95134
|
|
|
|
Tel: +1 800 553-NETS
|
|
|
|
E-mail: cs-lan-switch-snmp@cisco.com"
|
|
DESCRIPTION
|
|
"This module defines the textual conventions used within
|
|
Cisco Trusted Security framework."
|
|
REVISION "200905140000Z"
|
|
DESCRIPTION
|
|
"The initial version of this MIB module."
|
|
::= { ciscoMgmt 694 }
|
|
|
|
|
|
|
|
-- Definitions of textual convention
|
|
|
|
CtsSecurityGroupTag ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the SGT (Security Group Tag) value.
|
|
|
|
Semantics of a value zero CtsSecurityGroupTag are object-specific
|
|
and must be defined as part of the description of any object
|
|
which uses this syntax."
|
|
SYNTAX Unsigned32 (0..65535)
|
|
|
|
CtsAclName ::= TEXTUAL-CONVENTION
|
|
DISPLAY-HINT "255a"
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An octet string, preferably in human-readable form,
|
|
describes the name of one ACL (Access Control List)
|
|
or a list of ACLs using a single whitespace as the
|
|
delimiter."
|
|
SYNTAX OCTET STRING (SIZE (1..255))
|
|
|
|
CtsAclNameOrEmpty ::= TEXTUAL-CONVENTION
|
|
DISPLAY-HINT "255a"
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This textual convention is an extension of the
|
|
CtsAclName convention. The latter defines a
|
|
non-empty ACL name(s). This extension permits
|
|
the additional value of empty string."
|
|
SYNTAX OCTET STRING (SIZE (0..255))
|
|
|
|
CtsAclList ::= TEXTUAL-CONVENTION
|
|
DISPLAY-HINT "255a"
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An octet string, preferably in human-readable form,
|
|
describes the name of one or more ACLs. If there is multiple
|
|
ACLs, each ACL name is separated by a single whitespace."
|
|
SYNTAX OCTET STRING (SIZE (1..255))
|
|
|
|
CtsAclListOrEmpty ::= TEXTUAL-CONVENTION
|
|
DISPLAY-HINT "255a"
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This textual convention is an extension of the
|
|
CtsAclList convention. The latter defines a
|
|
non-empty ACL name(s). This extension permits
|
|
the additional value of empty string."
|
|
SYNTAX OCTET STRING (SIZE (0..255))
|
|
|
|
CtsPolicyName ::= TEXTUAL-CONVENTION
|
|
DISPLAY-HINT "255a"
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An octet string, preferably in human-readable form,
|
|
describes the name of policy.
|
|
|
|
A zero length string indicates no policy."
|
|
SYNTAX OCTET STRING (SIZE (0..255))
|
|
|
|
CtsPasswordEncryptionType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of encryption used for TrustSec passwords.
|
|
|
|
'other' - The read-only value 'other' indicates that
|
|
the type of password encryption is not in one
|
|
of the types defined below.
|
|
|
|
'none' - Indicates that the corresponding CtsPassword
|
|
object is a zero-length string.
|
|
|
|
'clearText' - Indicates that the password is not encrypted
|
|
|
|
'typeSix' - Indicates that type-6 algorithm is used to
|
|
encrypt the password
|
|
|
|
'typeSeven' - Indicates that type-7 algorithm is used to
|
|
encrypt the password.
|
|
|
|
Each definition of a concrete CtsPasswordEncryptionType value
|
|
must be accompanied by a definition of a textual convention for
|
|
use with that CtsPasswordEncryptionType.
|
|
|
|
To support future extensions, the CtsPasswordEncryptionType
|
|
textual convention SHOULD NOT be sub-typed in object type
|
|
definitions. It MAY be sub-typed in compliance statements in order
|
|
to require only a subset of these address types for a compliant
|
|
implementation.
|
|
|
|
Implementations must ensure that CtsPasswordEncryptionType
|
|
object and any dependent objects (e.g. CtsPassword objects) are
|
|
consistent. An inconsistentValue error must be generated
|
|
if an attempt to change an CtsPasswordEncryptionType object
|
|
would, for example, lead to an undefined CtsPassword value.
|
|
In particular, CtsPasswordEncryptionType/CtsPassword pairs
|
|
must be changed together if the encryption type changes.
|
|
(e.g. from clearText(2) to typeSix(1))."
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
none(2),
|
|
clearText(3),
|
|
typeSix(4),
|
|
typeSeven(5)
|
|
}
|
|
|
|
CtsPassword ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A password for TrustSec functionality.
|
|
|
|
A CtsPassword value is always interpreted within the context
|
|
of an CtsPasswordEncryptionType value. Every usage of the
|
|
CtsPassword textual convention is required to specify the
|
|
CtsPasswordEncryptionType object which provides the context.
|
|
It is suggested that the CtsPasswordEncryptionType is logically
|
|
registered before the object(s) which use the CtsPassword textual
|
|
convention if they appear in the same logical row.
|
|
|
|
The value of an CtsPassword object must always be consistent with
|
|
the value of the associated CtsPasswordEncryptionType object.
|
|
Attempts to set an CtsPassword object to a value which is
|
|
inconsistent with the associated CtsPasswordEncryptionType
|
|
must fail with an inconsistentValue error.
|
|
|
|
When this textual convention is used as the syntax of an
|
|
index object, there may be issues with the limit of 128
|
|
sub-identifiers specified in SMIv2, STD 58. In this case,
|
|
the object definition MUST include a 'SIZE' clause to
|
|
limit the number of potential instance sub-identifiers."
|
|
SYNTAX OCTET STRING (SIZE (0..256))
|
|
|
|
CtsGenerationId ::= TEXTUAL-CONVENTION
|
|
DISPLAY-HINT "128a"
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An octet string, preferably in human-readable form,
|
|
describes the generation identification associated
|
|
with a TrustSec attribute such as downloaded SGACL,
|
|
downloaded server list .etc...
|
|
|
|
A zero length string indicates no generation identification."
|
|
SYNTAX OCTET STRING (SIZE (0..128))
|
|
|
|
CtsAcsAuthorityIdentity ::= TEXTUAL-CONVENTION
|
|
DISPLAY-HINT "1x"
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The authority identity of an Access Control Server.
|
|
|
|
A zero length of CtsAcsAuthorityIdentity indicates
|
|
that the authority identity is not available."
|
|
SYNTAX OCTET STRING (SIZE (0..64))
|
|
|
|
CtsCredentialRecordType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The secret type of TrustSec credential record.
|
|
|
|
'simpleSecret' - Simple Secret credential.
|
|
This type of credential record is constructed
|
|
with symmetric key with associated meta-data.
|
|
For example, credential password.
|
|
'pac' - Protected Access Credentials(PAC).
|
|
A PAC record contains three components:
|
|
PAC-key, PAC-opaque and PAC-info."
|
|
SYNTAX INTEGER {
|
|
simpleSecret(1),
|
|
pac(2)
|
|
}
|
|
|
|
END
|
|
|
|
|
|
|
|
|
|
|