mirror of
https://github.com/hsnodgrass/snmp_mib_archive.git
synced 2025-04-18 00:13:02 +00:00
941 lines
28 KiB
Plaintext
941 lines
28 KiB
Plaintext
-- ****************************************************************************
|
|
-- CISCO-WIRELESS-P2P-BPI.my: Baseline Privacy Interface MIB for Cisco
|
|
-- Wireless Point to Point Link.
|
|
--
|
|
-- December 1998, Joseph L Raja
|
|
--
|
|
-- Copyright (c) 1998-1999 by Cisco Systems, Inc.
|
|
-- All rights reserved.
|
|
--
|
|
-- ****************************************************************************
|
|
--
|
|
--
|
|
-- 1.0 Glossary
|
|
--
|
|
-- Radio Card: The Point-to-Point(P2P) radio card that will be plugged into
|
|
-- a router.
|
|
-- RF Unit: The Radio Frequency components and the associated antennas.
|
|
-- Radio System: Radio card and RF unit(s).
|
|
-- Radio MAC: Represents a Wireless Media Access Control layer.
|
|
-- Radio Master: A Radio Card configured to act as the Master,
|
|
-- abbreviated as 'Rm'.
|
|
-- Radio Slave : A Radio Card configured to act as the Slave
|
|
-- abbreviated as 'Rs'.
|
|
--
|
|
--
|
|
-- 2.0 Cisco Wireless P2P Privacy MIB Organization
|
|
--
|
|
-- The Cisco Wireless P2P Privacy MIB is derived from the DOCSIS docsBpiMib.
|
|
-- Reference doc number SP-OSSI-BPI-I01-98331.
|
|
-- The Cisco Wireless P2P Baseline Privacy Document is : Firestar
|
|
-- (Wireless P2P) Privacy.
|
|
--
|
|
--
|
|
-- 3.0 Differences between DOCSIS and Cisco P2P BPI MIBs.
|
|
--
|
|
-- The mapping is as follows:
|
|
-- CMTS maps to Master Radio. The Mibs related to Master Radio are tagged
|
|
-- with 'Rm'.
|
|
-- CM maps to Slave Radio. The Mibs related to Slave Radio are tagged
|
|
-- with 'Rs'.
|
|
--
|
|
-- The fundamental differences are:
|
|
--
|
|
-- 3.1 In docsBpiMib, the docsBpiCmTEKTable is indexed by the
|
|
-- docsIfCmServiceId. i.e. It directly associates the TEK attributes with
|
|
-- the SID. In a P2P there is no SID. Therefore this association has been
|
|
-- severed. The equivalent table cwrBpiRxTEKTable is indexed only by
|
|
-- ifIndex.
|
|
--
|
|
-- 3.2 In docsBpiMib docsBpiCmtsAuthTable is indexed by the
|
|
-- docsBpiCmtsAuthCmMacAddress. In case of a P2P there is no
|
|
-- MAC address. Therefore this relationship has been severed.
|
|
-- The equivalent cwrBpiRmAuthTable is indexed only by ifIndex.
|
|
--
|
|
-- 3.3 In docsBpiMib, docsBpiCmtsTEKTable is indexed by docsIfCmtsServiceId.
|
|
-- In case of a P2P there are no service classes and so no SID.
|
|
-- Therefore this relationship has been severed.
|
|
-- The equivalent cwrBpiRmTEKTable is indexed only by ifIndex.
|
|
--
|
|
-- 3.4 In case of P2P there is no multicast support at all so
|
|
-- docsBpiIpMulticastMapTable and docsBpiMulticastAuthTable have
|
|
-- been eliminated completely.
|
|
--
|
|
-- 3.5 In P2P link Authentication failures are not possible so
|
|
-- Objects related to authentication failures have been removed.
|
|
--
|
|
|
|
--
|
|
-- 4.0 MIB Organization
|
|
--
|
|
-- The Cisco P2P Wireless Baseline Privacy MIB has the following groups:
|
|
--
|
|
-- o. Radio Slave Group : This includes
|
|
-- 1. Configuration
|
|
-- 2. Authorization
|
|
-- 3. Traffic Encryption Key (TEK) information.
|
|
-- For a Radio Slave.
|
|
--
|
|
-- o. Radio Master Group: This includes
|
|
-- 1. Configuration
|
|
-- 2. Authorization
|
|
-- 3. Traffic Encryption Key (TEK) information.
|
|
-- For the Radio Master.
|
|
--
|
|
|
|
--
|
|
-- 5. Cisco P2P Wireless Radio Baseline Privacy MIB.
|
|
--
|
|
|
|
CISCO-WIRELESS-P2P-BPI-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE, Counter32
|
|
FROM SNMPv2-SMI
|
|
DisplayString, TruthValue, TimeInterval
|
|
FROM SNMPv2-TC
|
|
OBJECT-GROUP, MODULE-COMPLIANCE
|
|
FROM SNMPv2-CONF
|
|
ifIndex
|
|
FROM IF-MIB
|
|
ciscoMgmt
|
|
FROM CISCO-SMI;
|
|
|
|
ciscoWirelessP2pBpiMIB MODULE-IDENTITY
|
|
LAST-UPDATED "9905181200Z"
|
|
ORGANIZATION "Cisco Systems Inc."
|
|
CONTACT-INFO
|
|
" Cisco Systems
|
|
Customer Service
|
|
|
|
Postal: 170 W Tasman Drive
|
|
San Jose, CA 95134
|
|
USA
|
|
|
|
Tel: +1 800 553-NETS
|
|
E-mail: cs-wireless@cisco.com"
|
|
DESCRIPTION
|
|
"This is the MIB Module for the Baseline Privacy Interface (BPI)
|
|
at Point to Point Wireless Radio Card.
|
|
|
|
This is a specialization on the MCNS docsBpiMib for Cisco Wireless
|
|
point to point communication links."
|
|
::= { ciscoMgmt 135}
|
|
|
|
cwrBpiMIBObjects OBJECT IDENTIFIER ::= { ciscoWirelessP2pBpiMIB 1 }
|
|
|
|
--
|
|
-- The Radio Slave Group.
|
|
--
|
|
|
|
cwrBpiRsObjects OBJECT IDENTIFIER ::= { cwrBpiMIBObjects 1 }
|
|
|
|
--
|
|
-- The BPI base and authorization table for Radio Slave, indexed by ifIndex
|
|
--
|
|
|
|
cwrBpiRsBaseTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CwrBpiRsBaseEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Describes the basic and authorization-related Baseline Privacy
|
|
attributes of each Slave Radio interface."
|
|
::= { cwrBpiRsObjects 1 }
|
|
|
|
cwrBpiRsBaseEntry OBJECT-TYPE
|
|
SYNTAX CwrBpiRsBaseEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing objects describing attributes of one Slave
|
|
Radio interface. An entry in this table exists for each
|
|
ifEntry with an ifType of ciscoWirelessP2P."
|
|
INDEX { ifIndex }
|
|
::= { cwrBpiRsBaseTable 1 }
|
|
|
|
CwrBpiRsBaseEntry ::= SEQUENCE {
|
|
cwrBpiRsPrivacyEnable TruthValue,
|
|
cwrBpiRsPublicKey OCTET STRING,
|
|
cwrBpiRsAuthState INTEGER,
|
|
cwrBpiRsAuthKeySequenceNumber INTEGER,
|
|
cwrBpiRsAuthExpires TimeInterval,
|
|
cwrBpiRsAuthReset TruthValue,
|
|
cwrBpiRsAuthGraceTime INTEGER,
|
|
cwrBpiRsTEKGraceTime INTEGER,
|
|
cwrBpiRsAuthWaitTimeout INTEGER,
|
|
cwrBpiRsReauthWaitTimeout INTEGER,
|
|
cwrBpiRsOpWaitTimeout INTEGER,
|
|
cwrBpiRsRekeyWaitTimeout INTEGER,
|
|
cwrBpiRsAuthRequests Counter32,
|
|
cwrBpiRsAuthReplies Counter32,
|
|
cwrBpiRsAuthInvalids Counter32,
|
|
cwrBpiRsAuthInvalidErrorCode INTEGER,
|
|
cwrBpiRsAuthInvalidErrorString DisplayString
|
|
}
|
|
|
|
cwrBpiRsPrivacyEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object identifies whether the Slave Radio is provisioned
|
|
to use Encryption or not."
|
|
::= { cwrBpiRsBaseEntry 1 }
|
|
|
|
cwrBpiRsPublicKey OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(0..126))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Public key of the Radio Slave encoded as an ASN.1
|
|
SubjectPublicKeyInfo object as defined in the RSA Encryption
|
|
Standard (PKCS #1) [RSA1]."
|
|
::= { cwrBpiRsBaseEntry 2 }
|
|
|
|
cwrBpiRsAuthState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
start(1),
|
|
authWait(2),
|
|
authorized(3),
|
|
reauthWait(4),
|
|
authRejectWait(5)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The state of the Radio Slave authorization FSM.
|
|
The start state indicates that FSM is in its initial state."
|
|
::= { cwrBpiRsBaseEntry 3 }
|
|
|
|
cwrBpiRsAuthKeySequenceNumber OBJECT-TYPE
|
|
SYNTAX INTEGER (0..15)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The authorization key sequence number for this FSM."
|
|
::= { cwrBpiRsBaseEntry 4 }
|
|
|
|
cwrBpiRsAuthExpires OBJECT-TYPE
|
|
SYNTAX TimeInterval
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of seconds left before the current authorization for this
|
|
FSM expires. If the Radio Slave does not have an active authorization,
|
|
then this value is 0."
|
|
::= { cwrBpiRsBaseEntry 5 }
|
|
|
|
cwrBpiRsAuthReset OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Setting this object to TRUE generates a Reauthorize event in the
|
|
authorization FSM, as described in section 4.1.2.3.4 of the Baseline
|
|
Privacy Interface Specification. Reading this object always returns
|
|
FALSE."
|
|
::= { cwrBpiRsBaseEntry 6 }
|
|
|
|
cwrBpiRsAuthGraceTime OBJECT-TYPE
|
|
SYNTAX INTEGER (1..1800)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Grace time for an authorization key. A Radio Slave is expected to
|
|
start trying to get a new authorization key beginning AuthGraceTime
|
|
seconds before the authorization key actually expires. The value
|
|
of this object cannot be changed while the authorization state machine
|
|
is running.
|
|
|
|
NOTE: When installed in the field, this variable should NEVER be set
|
|
below 300 which is the lower limit by standard.
|
|
This variable accepts a wider range to facilitate testing."
|
|
::= { cwrBpiRsBaseEntry 7 }
|
|
|
|
cwrBpiRsTEKGraceTime OBJECT-TYPE
|
|
SYNTAX INTEGER (1..1800)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Grace time for a TEK. A Radio Slave is expected to start trying
|
|
to get a new TEK beginning TEKGraceTime seconds before the
|
|
TEK actually expires. The value of this object cannot be changed
|
|
while the authorization state machine is running.
|
|
|
|
NOTE: When installed in the field, this variable should NEVER be set
|
|
below 300 which is the lower limit by standard.
|
|
This variable accepts a wider range to facilitate testing."
|
|
::= { cwrBpiRsBaseEntry 8 }
|
|
|
|
cwrBpiRsAuthWaitTimeout OBJECT-TYPE
|
|
SYNTAX INTEGER (2..30)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Authorize Wait Timeout. The value of this object cannot be changed
|
|
while the authorization state machine is running."
|
|
::= { cwrBpiRsBaseEntry 9 }
|
|
|
|
cwrBpiRsReauthWaitTimeout OBJECT-TYPE
|
|
SYNTAX INTEGER (2..30)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reauthorize Wait Timeout in seconds. The value of this object cannot
|
|
be changed while the authorization state machine is running."
|
|
::= { cwrBpiRsBaseEntry 10 }
|
|
|
|
cwrBpiRsOpWaitTimeout OBJECT-TYPE
|
|
SYNTAX INTEGER (1..10)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Operational Wait Timeout in seconds. The value of this object cannot
|
|
be changed while the authorization state machine is running."
|
|
::= { cwrBpiRsBaseEntry 11 }
|
|
|
|
cwrBpiRsRekeyWaitTimeout OBJECT-TYPE
|
|
SYNTAX INTEGER (1..10)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Rekey Wait Timeout in seconds. The value of this object cannot be
|
|
changed while the authorization state machine is running."
|
|
::= { cwrBpiRsBaseEntry 12 }
|
|
|
|
cwrBpiRsAuthRequests OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Count of times the Radio Slave has transmitted an Authorization
|
|
Request message."
|
|
::= { cwrBpiRsBaseEntry 13 }
|
|
|
|
cwrBpiRsAuthReplies OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Count of times the Radio Slave has received an Authorization
|
|
Reply message."
|
|
::= { cwrBpiRsBaseEntry 14 }
|
|
|
|
cwrBpiRsAuthInvalids OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Count of times the Radio Slave has received an Authorization
|
|
Invalid message."
|
|
::= { cwrBpiRsBaseEntry 15 }
|
|
|
|
cwrBpiRsAuthInvalidErrorCode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
noInformation(0),
|
|
unauthorizedSlave(1),
|
|
undefined(2),
|
|
unsolicited(3),
|
|
invalidKeySequence(4),
|
|
keyRequestAuthenticationFailure(5)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Error-Code in most recent Authorization Invalid message received by
|
|
the Radio Slave. On bootup, this has value no-information(0). At all
|
|
other times, this object reflects the error code received"
|
|
::= { cwrBpiRsBaseEntry 16 }
|
|
|
|
cwrBpiRsAuthInvalidErrorString OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Display-String in most recent Authorization Invalid message received
|
|
by the Radio Slave. This is a zero length string if no Authorization
|
|
Invalid message has been received since reboot."
|
|
::= { cwrBpiRsBaseEntry 17 }
|
|
|
|
--
|
|
-- The Radio Slave TEK Table, indexed by ifIndex.
|
|
--
|
|
|
|
cwrBpiRsTEKTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CwrBpiRsTEKEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Describes the attributes of each Radio Slave Traffic Encryption
|
|
Key (TEK) Service."
|
|
::= { cwrBpiRsObjects 2 }
|
|
|
|
cwrBpiRsTEKEntry OBJECT-TYPE
|
|
SYNTAX CwrBpiRsTEKEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing objects describing the TEK attributes of
|
|
one instantiated TEK service. There will be one such entry for every
|
|
Radio Slave of a P2P link."
|
|
INDEX { ifIndex }
|
|
::= { cwrBpiRsTEKTable 1 }
|
|
|
|
CwrBpiRsTEKEntry ::= SEQUENCE {
|
|
cwrBpiRsTEKEncryptionNegotiated TruthValue,
|
|
cwrBpiRsTEKState INTEGER,
|
|
cwrBpiRsTEKExpiresOld TimeInterval,
|
|
cwrBpiRsTEKExpiresNew TimeInterval,
|
|
cwrBpiRsTEKKeyRequests Counter32,
|
|
cwrBpiRsTEKKeyReplies Counter32,
|
|
cwrBpiRsTEKInvalids Counter32,
|
|
cwrBpiRsTEKAuthPends Counter32,
|
|
cwrBpiRsTEKInvalidErrorCode INTEGER,
|
|
cwrBpiRsTEKInvalidErrorString DisplayString
|
|
}
|
|
|
|
cwrBpiRsTEKEncryptionNegotiated OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This identifies whether this TEK service is using encryption or
|
|
not. Encryption may not be in use even though cwrBpiRsPrivacyEnable
|
|
is provisioned. This is possible if the remote is not configured
|
|
for privacy or it's not running an encryption capable image."
|
|
::= { cwrBpiRsTEKEntry 1 }
|
|
|
|
cwrBpiRsTEKState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
start (1),
|
|
opWait (2),
|
|
opReauthWait (3),
|
|
operational (4),
|
|
rekeyWait (5),
|
|
rekeyReauthWait (6)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The state of the indicated TEK FSM. The start(1) state indicates
|
|
that FSM is in its initial state."
|
|
::= { cwrBpiRsTEKEntry 2 }
|
|
|
|
cwrBpiRsTEKExpiresOld OBJECT-TYPE
|
|
SYNTAX TimeInterval
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of seconds left to expire for the oldest active key
|
|
for this FSM. If this FSM has no active keys then this value will
|
|
be zero."
|
|
::= { cwrBpiRsTEKEntry 3 }
|
|
|
|
cwrBpiRsTEKExpiresNew OBJECT-TYPE
|
|
SYNTAX TimeInterval
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of seconds left to expire for the newest active key for
|
|
this FSM. If this FSM has no active keys then this value will
|
|
be zero."
|
|
::= { cwrBpiRsTEKEntry 4 }
|
|
|
|
cwrBpiRsTEKKeyRequests OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Count of times the this TEK Service has transmitted a Key Request
|
|
message."
|
|
::= { cwrBpiRsTEKEntry 5 }
|
|
|
|
cwrBpiRsTEKKeyReplies OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Count of times this TEK Service has received a Key Reply message."
|
|
::= { cwrBpiRsTEKEntry 6 }
|
|
|
|
cwrBpiRsTEKInvalids OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Count of times this TEK Service has received a TEK Invalid message."
|
|
::= { cwrBpiRsTEKEntry 7 }
|
|
|
|
cwrBpiRsTEKAuthPends OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Count of times an Authorization Pending (Auth Pend) event
|
|
occurred in this TEK Serivce FSM."
|
|
::= { cwrBpiRsTEKEntry 8 }
|
|
|
|
cwrBpiRsTEKInvalidErrorCode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
noInformation(0),
|
|
unauthorizedSlave(1),
|
|
undefined(2),
|
|
unsolicited(3),
|
|
invalidKeySequence(4),
|
|
keyRequestAuthenticationFailure(5)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Error-Code in most recent TEK Invalid message received by this TEK
|
|
service. On bootup, this has value no-information(0). At all
|
|
other times, this object reflects the error code received"
|
|
::= { cwrBpiRsTEKEntry 9 }
|
|
|
|
cwrBpiRsTEKInvalidErrorString OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Display-String in most recent TEK Invalid message received by
|
|
this TEK Service. This is a zero length string if no TEK Invalid
|
|
message has been received since this TEK Service was started."
|
|
::= { cwrBpiRsTEKEntry 10 }
|
|
|
|
--
|
|
-- The Radio Master Group.
|
|
--
|
|
|
|
cwrBpiRmObjects OBJECT IDENTIFIER ::= { cwrBpiMIBObjects 2 }
|
|
|
|
--
|
|
-- The Radio Master Authorization Table, indexed by ifIndex.
|
|
--
|
|
cwrBpiRmAuthTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CwrBpiRmAuthEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Describes the attributes of each Radio Master authorization
|
|
association. The Radio master maintains one authorization association
|
|
with each Baseline Privacy-enabled Radio Slave on each Radio Master
|
|
MAC interface."
|
|
::= { cwrBpiRmObjects 1 }
|
|
|
|
cwrBpiRmAuthEntry OBJECT-TYPE
|
|
SYNTAX CwrBpiRmAuthEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing objects describing attributes of one authorization
|
|
association. The Radio master MUST create one entry per Radio Slave per
|
|
MAC interface, based on the receipt of an Authorization Request
|
|
message, and MUST not delete the entry before the Radio Slave
|
|
authorization permanently expires."
|
|
INDEX { ifIndex }
|
|
::= { cwrBpiRmAuthTable 1 }
|
|
|
|
CwrBpiRmAuthEntry ::= SEQUENCE {
|
|
cwrBpiRmAuthPrivacyEnable TruthValue,
|
|
cwrBpiRmAuthRsPublicKey OCTET STRING,
|
|
cwrBpiRmAuthRsKeySequenceNumber INTEGER,
|
|
cwrBpiRmAuthRsExpires TimeInterval,
|
|
cwrBpiRmAuthRsLifetime INTEGER,
|
|
cwrBpiRmAuthRsReset TruthValue,
|
|
cwrBpiRmAuthRsRequests Counter32,
|
|
cwrBpiRmAuthRsReplies Counter32,
|
|
cwrBpiRmAuthRsInvalids Counter32,
|
|
cwrBpiRmAuthInvalidErrorCode INTEGER,
|
|
cwrBpiRmAuthInvalidErrorString DisplayString
|
|
}
|
|
|
|
cwrBpiRmAuthPrivacyEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object identifies whether the Master Radio is provisioned
|
|
to use Encryption or not."
|
|
::= { cwrBpiRmAuthEntry 1 }
|
|
|
|
cwrBpiRmAuthRsPublicKey OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(0..126))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Public key of the Radio Slave encoded as an ASN.1 SubjectPublicKeyInfo
|
|
object as defined in the RSA Encryption Standard (PKCS #1) [RSA1].
|
|
This is a zero-length string if the Radio Master does not retain the
|
|
public key."
|
|
::= { cwrBpiRmAuthEntry 2 }
|
|
|
|
cwrBpiRmAuthRsKeySequenceNumber OBJECT-TYPE
|
|
SYNTAX INTEGER (0..15)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The authorization key sequence number for this Radio Slave."
|
|
::= { cwrBpiRmAuthEntry 3 }
|
|
|
|
cwrBpiRmAuthRsExpires OBJECT-TYPE
|
|
SYNTAX TimeInterval
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of seconds left before the current authorization for
|
|
this Radio Slave expires. If this Radio Slave does not have an active
|
|
authorization, then the value is zero."
|
|
::= { cwrBpiRmAuthEntry 4 }
|
|
|
|
cwrBpiRmAuthRsLifetime OBJECT-TYPE
|
|
SYNTAX INTEGER (1..6048000)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Lifetime, in seconds, the Radio Master assigns to an authorization key
|
|
for this Radio Slave.
|
|
|
|
NOTE: When installed in the field, this variable should NEVER be set
|
|
below 86400 which is the lower limit by standard.
|
|
This variable accepts a wider range to facilitate testing."
|
|
::= { cwrBpiRmAuthEntry 5 }
|
|
|
|
cwrBpiRmAuthRsReset OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Setting this object to True(1) causes the Radio Master
|
|
to invalidate the current Radio Slave authorization key, to transmit
|
|
an Authorization Invalid message to the Radio Slave, and to invalidate
|
|
the unicast TEK associated with this Radio Slave authorization.
|
|
Reading this object always returns False"
|
|
::= { cwrBpiRmAuthEntry 6 }
|
|
|
|
cwrBpiRmAuthRsRequests OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Count of times the Radio Master has received an Authorization Request
|
|
message from this Radio Slave."
|
|
::= { cwrBpiRmAuthEntry 7 }
|
|
|
|
cwrBpiRmAuthRsReplies OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Count of times the Radio master has transmitted an Authorization Reply
|
|
message to this Radio Slave."
|
|
::= { cwrBpiRmAuthEntry 8 }
|
|
|
|
cwrBpiRmAuthRsInvalids OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Count of times the Radio Master has transmitted an Authorization
|
|
Invalid message to this Radio Slave."
|
|
::= { cwrBpiRmAuthEntry 9 }
|
|
|
|
cwrBpiRmAuthInvalidErrorCode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
noInformation(0),
|
|
unauthorizedSlave(1),
|
|
undefined(2),
|
|
unsolicited(3),
|
|
invalidKeySequence(4),
|
|
keyRequestAuthenticationFailure(5)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Error-Code in most recent Authorization Invalid message transmitted to
|
|
the Radio Slave. On bootup, this has value no-information(0). At all
|
|
other times, this object reflects the error code transmitted"
|
|
::= { cwrBpiRmAuthEntry 10 }
|
|
|
|
cwrBpiRmAuthInvalidErrorString OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Display-String in most recent Authorization Invalid message
|
|
transmitted to the Radio Slave. This is a zero length string if no
|
|
Authorization Invalid message has been transmitted to the Radio Slave."
|
|
::= { cwrBpiRmAuthEntry 11 }
|
|
|
|
--
|
|
-- The Radio Master TEK Table, indexed by ifIndex.
|
|
--
|
|
|
|
cwrBpiRmTEKTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CwrBpiRmTEKEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Describes the attributes of each Radio Slave Traffic Encryption Key
|
|
(TEK) association. The Radio master maintains one TEK association
|
|
for the Radio Slave."
|
|
::= { cwrBpiRmObjects 2 }
|
|
|
|
cwrBpiRmTEKEntry OBJECT-TYPE
|
|
SYNTAX CwrBpiRmTEKEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing objects describing attributes of one
|
|
TEK service on a particular Radio Master MAC interface. The Radio
|
|
Master MUST create one entry per TEK Service per MAC interface,
|
|
based on the receipt of an Key Request message, and MUST not
|
|
delete the entry before the Radio Slave authorization for that
|
|
TEK Service permanently expires."
|
|
INDEX { ifIndex }
|
|
::= { cwrBpiRmTEKTable 1 }
|
|
|
|
CwrBpiRmTEKEntry ::= SEQUENCE {
|
|
cwrBpiRmTEKEncryptionNegotiated TruthValue,
|
|
cwrBpiRmTEKLifetime INTEGER,
|
|
cwrBpiRmTEKExpiresOld TimeInterval,
|
|
cwrBpiRmTEKExpiresNew TimeInterval,
|
|
cwrBpiRmTEKReset TruthValue,
|
|
cwrBpiRmKeyRequests Counter32,
|
|
cwrBpiRmKeyReplies Counter32,
|
|
cwrBpiRmTEKInvalids Counter32,
|
|
cwrBpiRmTEKInvalidErrorCode INTEGER,
|
|
cwrBpiRmTEKInvalidErrorString DisplayString
|
|
}
|
|
|
|
cwrBpiRmTEKEncryptionNegotiated OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This identifies whether this TEK service is using encryption or
|
|
not. Encryption may not be in use even though
|
|
cwrBpiRmAuthPrivacyEnable is provisioned.
|
|
This is possible if the master is not configured
|
|
for privacy or it's not running an encryption capable image."
|
|
::= { cwrBpiRmTEKEntry 1 }
|
|
|
|
cwrBpiRmTEKLifetime OBJECT-TYPE
|
|
SYNTAX INTEGER (1..604800)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Lifetime, in seconds, the Radio Master assigns to keys for this TEK
|
|
association.
|
|
NOTE: When installed in the field, this variable should NEVER be set
|
|
below 1800 which is the lower limit by standard.
|
|
This variable accepts a wider range to facilitate testing."
|
|
::= { cwrBpiRmTEKEntry 2 }
|
|
|
|
cwrBpiRmTEKExpiresOld OBJECT-TYPE
|
|
SYNTAX TimeInterval
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of seconds left to expire for the oldest active key for
|
|
this TEK association. If this TEK associateion has no active key then
|
|
the value will be zero."
|
|
::= { cwrBpiRmTEKEntry 3 }
|
|
|
|
cwrBpiRmTEKExpiresNew OBJECT-TYPE
|
|
SYNTAX TimeInterval
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of seconds left to expire for the newest active key for
|
|
this TEK association. If this TEK association has no active keys
|
|
then this value will be zero."
|
|
::= { cwrBpiRmTEKEntry 4 }
|
|
|
|
cwrBpiRmTEKReset OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Setting this object to TRUE causes the Radio Master to invalidate the
|
|
current active TEK(s) (plural due to key transition periods), and
|
|
to generate a new TEK. Reading this object always returns FALSE."
|
|
::= { cwrBpiRmTEKEntry 5 }
|
|
|
|
cwrBpiRmKeyRequests OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Count of times the Radio Master has received a Key Request message."
|
|
::= { cwrBpiRmTEKEntry 6 }
|
|
|
|
cwrBpiRmKeyReplies OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Count of times the Radio master has transmitted a Key Reply message."
|
|
::= { cwrBpiRmTEKEntry 7 }
|
|
|
|
cwrBpiRmTEKInvalids OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Count of times the Radio Master has transmitted a TEK Invalid
|
|
message."
|
|
::= { cwrBpiRmTEKEntry 8 }
|
|
|
|
cwrBpiRmTEKInvalidErrorCode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
noInformation(0),
|
|
unauthorizedSlave(1),
|
|
undefined(2),
|
|
unsolicited(3),
|
|
invalidKeySequence(4),
|
|
keyRequestAuthenticationFailure(5)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Error-Code in most recent TEK Invalid message sent in association
|
|
with this TEK service. On bootup, this has value no-information(0).
|
|
At all other times, this object reflects the error code received"
|
|
::= { cwrBpiRmTEKEntry 9 }
|
|
|
|
cwrBpiRmTEKInvalidErrorString OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Display-String in the most recent TEK Invalid message sent in
|
|
ssociation with this BPI TEK service. This is a zero length
|
|
string if no TEK Invalid message has been received since reboot."
|
|
::= { cwrBpiRmTEKEntry 10 }
|
|
|
|
--
|
|
-- The BPI MIB Conformance Statements (with a placeholder for notifications)
|
|
--
|
|
|
|
cwrBpiNotification OBJECT IDENTIFIER ::= { ciscoWirelessP2pBpiMIB 2 }
|
|
cwrBpiConformance OBJECT IDENTIFIER ::= { ciscoWirelessP2pBpiMIB 3 }
|
|
cwrBpiCompliances OBJECT IDENTIFIER ::= { cwrBpiConformance 1 }
|
|
cwrBpiGroups OBJECT IDENTIFIER ::= { cwrBpiConformance 2 }
|
|
|
|
cwrBpiBasicCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for devices which implement the
|
|
Cisco Wireless Radio point to point Baseline Privacy Interface."
|
|
|
|
MODULE -- ciscoWirelessP2pBpiMib
|
|
|
|
-- conditionally mandatory group
|
|
|
|
GROUP cwrBpiRsGroup
|
|
DESCRIPTION
|
|
"This group is implemented for Radio Cards configurable as Radio Slave."
|
|
|
|
-- conditionally mandatory group
|
|
|
|
GROUP cwrBpiRmGroup
|
|
DESCRIPTION
|
|
"This group is implemented for Radio Cards configurable as
|
|
Radio Master."
|
|
::= { cwrBpiCompliances 1 }
|
|
|
|
cwrBpiRsGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cwrBpiRsPrivacyEnable,
|
|
cwrBpiRsPublicKey,
|
|
cwrBpiRsAuthState,
|
|
cwrBpiRsAuthKeySequenceNumber,
|
|
cwrBpiRsAuthExpires,
|
|
cwrBpiRsAuthReset,
|
|
cwrBpiRsAuthGraceTime,
|
|
cwrBpiRsTEKGraceTime,
|
|
cwrBpiRsAuthWaitTimeout,
|
|
cwrBpiRsReauthWaitTimeout,
|
|
cwrBpiRsOpWaitTimeout,
|
|
cwrBpiRsRekeyWaitTimeout,
|
|
cwrBpiRsAuthRequests,
|
|
cwrBpiRsAuthReplies,
|
|
cwrBpiRsAuthInvalids,
|
|
cwrBpiRsAuthInvalidErrorCode,
|
|
cwrBpiRsAuthInvalidErrorString,
|
|
cwrBpiRsTEKEncryptionNegotiated,
|
|
cwrBpiRsTEKState,
|
|
cwrBpiRsTEKExpiresOld,
|
|
cwrBpiRsTEKExpiresNew,
|
|
cwrBpiRsTEKKeyRequests,
|
|
cwrBpiRsTEKKeyReplies,
|
|
cwrBpiRsTEKInvalids,
|
|
cwrBpiRsTEKAuthPends,
|
|
cwrBpiRsTEKInvalidErrorCode,
|
|
cwrBpiRsTEKInvalidErrorString
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing Radio Slave BPI status and control."
|
|
::= { cwrBpiGroups 1 }
|
|
|
|
cwrBpiRmGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cwrBpiRmAuthPrivacyEnable,
|
|
cwrBpiRmAuthRsPublicKey,
|
|
cwrBpiRmAuthRsKeySequenceNumber,
|
|
cwrBpiRmAuthRsExpires,
|
|
cwrBpiRmAuthRsLifetime,
|
|
cwrBpiRmAuthRsReset,
|
|
cwrBpiRmAuthRsRequests,
|
|
cwrBpiRmAuthRsReplies,
|
|
cwrBpiRmAuthRsInvalids,
|
|
cwrBpiRmAuthInvalidErrorCode,
|
|
cwrBpiRmAuthInvalidErrorString,
|
|
cwrBpiRmTEKEncryptionNegotiated,
|
|
cwrBpiRmTEKLifetime,
|
|
cwrBpiRmTEKExpiresOld,
|
|
cwrBpiRmTEKExpiresNew,
|
|
cwrBpiRmTEKReset,
|
|
cwrBpiRmKeyRequests,
|
|
cwrBpiRmKeyReplies,
|
|
cwrBpiRmTEKInvalids,
|
|
cwrBpiRmTEKInvalidErrorCode,
|
|
cwrBpiRmTEKInvalidErrorString
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing Radio Master BPI status and control."
|
|
::= { cwrBpiGroups 2 }
|
|
|
|
END
|
|
|
|
|
|
-- 6. References
|
|
--
|
|
-- 1. Cisco Wireless Proprietary Management Information Base
|
|
-- CISCO-WIRELESS-IF-MIB.my
|
|
--
|
|
-- 2. [IPCDN2] G. Roeck, "Radio Frequency (RF) Interface Management Information
|
|
-- Base for MCNS compliant RF Interfaces",
|
|
-- draft-ietf-ipcdn-rf-interface-mib-03.txt, January 1998.
|
|
--
|
|
-- 3. [MCNS1] Data-Over-Cable Service Interface Specifications, Baseline Privacy
|
|
-- Interface Specification,SP-BPI-I01-980331
|
|
--
|
|
-- 4. [MCNS5] Data-Over-Cable Service Interface Specifications, OSSI
|
|
-- Specification Overview "Telephony Return MIB, SP-OSSI-TRD02-970901.
|
|
--
|
|
-- 5. [RSA1] RSA Laboratories, "The Public-Key Cryptography Standards", RSA Data
|
|
-- Security Inc., Redwood City, CA.
|
|
--
|