-- ********************************************************************* -- CISCO-TRUSTSEC-TC-MIB.my -- List of Textual Conventions used by Cisco Trusted Security Framework -- -- February 2008, Edward Pham, Liwei Lue, Dipesh Gorashia -- -- Copyright (c) 2008-2013 by Cisco Systems, Inc. -- All rights reserved. -- ********************************************************************* CISCO-TRUSTSEC-TC-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, Unsigned32 FROM SNMPv2-SMI TEXTUAL-CONVENTION FROM SNMPv2-TC ciscoMgmt FROM CISCO-SMI; ciscoCtsTcMIB MODULE-IDENTITY LAST-UPDATED "201306060000Z" ORGANIZATION "Cisco Systems, Inc." CONTACT-INFO "Cisco Systems Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 Tel: +1 800 553-NETS E-mail: cs-lan-switch-snmp@cisco.com" DESCRIPTION "This module defines the textual conventions used within Cisco Trusted Security framework." REVISION "201306060000Z" DESCRIPTION "Added CtsSxpConnectionStatus." REVISION "201201300000Z" DESCRIPTION "Added CtsSgaclMonitorMode." REVISION "200905140000Z" DESCRIPTION "The initial version of this MIB module." ::= { ciscoMgmt 694 } -- Definitions of textual convention CtsSecurityGroupTag ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Indicates the SGT (Security Group Tag) value. Semantics of a value zero CtsSecurityGroupTag are object-specific and must be defined as part of the description of any object which uses this syntax." SYNTAX Unsigned32 (0..65535) CtsAclName ::= TEXTUAL-CONVENTION DISPLAY-HINT "255a" STATUS current DESCRIPTION "An octet string, preferably in human-readable form, describes the name of one ACL (Access Control List) or a list of ACLs using a single whitespace as the delimiter." SYNTAX OCTET STRING (SIZE (1..255)) CtsAclNameOrEmpty ::= TEXTUAL-CONVENTION DISPLAY-HINT "255a" STATUS current DESCRIPTION "This textual convention is an extension of the CtsAclName convention. The latter defines a non-empty ACL name(s). This extension permits the additional value of empty string." SYNTAX OCTET STRING (SIZE (0..255)) CtsAclList ::= TEXTUAL-CONVENTION DISPLAY-HINT "255a" STATUS current DESCRIPTION "An octet string, preferably in human-readable form, describes the name of one or more ACLs. If there is multiple ACLs, each ACL name is separated by a single whitespace." SYNTAX OCTET STRING (SIZE (1..255)) CtsAclListOrEmpty ::= TEXTUAL-CONVENTION DISPLAY-HINT "255a" STATUS current DESCRIPTION "This textual convention is an extension of the CtsAclList convention. The latter defines a non-empty ACL name(s). This extension permits the additional value of empty string." SYNTAX OCTET STRING (SIZE (0..255)) CtsPolicyName ::= TEXTUAL-CONVENTION DISPLAY-HINT "255a" STATUS current DESCRIPTION "An octet string, preferably in human-readable form, describes the name of policy. A zero length string indicates no policy." SYNTAX OCTET STRING (SIZE (0..255)) CtsPasswordEncryptionType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The type of encryption used for TrustSec passwords. 'other' - The read-only value 'other' indicates that the type of password encryption is not in one of the types defined below. 'none' - Indicates that the corresponding CtsPassword object is a zero-length string. 'clearText' - Indicates that the password is not encrypted 'typeSix' - Indicates that type-6 algorithm is used to encrypt the password 'typeSeven' - Indicates that type-7 algorithm is used to encrypt the password. Each definition of a concrete CtsPasswordEncryptionType value must be accompanied by a definition of a textual convention for use with that CtsPasswordEncryptionType. To support future extensions, the CtsPasswordEncryptionType textual convention SHOULD NOT be sub-typed in object type definitions. It MAY be sub-typed in compliance statements in order to require only a subset of these address types for a compliant implementation. Implementations must ensure that CtsPasswordEncryptionType object and any dependent objects (e.g. CtsPassword objects) are consistent. An inconsistentValue error must be generated if an attempt to change an CtsPasswordEncryptionType object would, for example, lead to an undefined CtsPassword value. In particular, CtsPasswordEncryptionType/CtsPassword pairs must be changed together if the encryption type changes. (e.g. from clearText(2) to typeSix(1))." SYNTAX INTEGER { other(1), none(2), clearText(3), typeSix(4), typeSeven(5) } CtsPassword ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A password for TrustSec functionality. A CtsPassword value is always interpreted within the context of an CtsPasswordEncryptionType value. Every usage of the CtsPassword textual convention is required to specify the CtsPasswordEncryptionType object which provides the context. It is suggested that the CtsPasswordEncryptionType is logically registered before the object(s) which use the CtsPassword textual convention if they appear in the same logical row. The value of an CtsPassword object must always be consistent with the value of the associated CtsPasswordEncryptionType object. Attempts to set an CtsPassword object to a value which is inconsistent with the associated CtsPasswordEncryptionType must fail with an inconsistentValue error. When this textual convention is used as the syntax of an index object, there may be issues with the limit of 128 sub-identifiers specified in SMIv2, STD 58. In this case, the object definition MUST include a 'SIZE' clause to limit the number of potential instance sub-identifiers." SYNTAX OCTET STRING (SIZE (0..256)) CtsGenerationId ::= TEXTUAL-CONVENTION DISPLAY-HINT "128a" STATUS current DESCRIPTION "An octet string, preferably in human-readable form, describes the generation identification associated with a TrustSec attribute such as downloaded SGACL, downloaded server list .etc... A zero length string indicates no generation identification." SYNTAX OCTET STRING (SIZE (0..128)) CtsAcsAuthorityIdentity ::= TEXTUAL-CONVENTION DISPLAY-HINT "1x" STATUS current DESCRIPTION "The authority identity of an Access Control Server. A zero length of CtsAcsAuthorityIdentity indicates that the authority identity is not available." SYNTAX OCTET STRING (SIZE (0..64)) CtsCredentialRecordType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The secret type of TrustSec credential record. 'simpleSecret' - Simple Secret credential. This type of credential record is constructed with symmetric key with associated meta-data. For example, credential password. 'pac' - Protected Access Credentials(PAC). A PAC record contains three components: PAC-key, PAC-opaque and PAC-info." SYNTAX INTEGER { simpleSecret(1), pac(2) } CtsSgaclMonitorMode ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The SGACL monitor mode for the SGACL enforced traffic. 'on' - indicates that SGACL monitor is turned on. 'off' - indicates that SGACL monitor mode is turned off." SYNTAX INTEGER { on(1), off(2) } CtsSxpConnectionStatus ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The status of SXP connection. 'other' - Any other state not covered by below enumerations. 'off' - The SXP connection has been disconnected. SGT mappings are no longer learnt through SXP connection in this state. SGT mappings already learnt through this connection will be deleted. 'on' - The SXP connection has been successfully established. SGT mappings are learnt through this SXP connection. 'pendingOn' - A request to establish SXP connection has been sent to the peer and is pending. 'deleteHoldDown' - The SXP connection is not operational and delete hold-down timer has been started. If the SXP connection does not recover before the expiration of the hold-down timer, the SGT mappings learnt on this connection will be deleted. If the SXP connection recovers before the expiration of the hold-down timer, the SGT mappings learnt on this connection will not be deleted." SYNTAX INTEGER { other(1), off(2), on(3), pendingOn(4), deleteHoldDown(5) } END