-- ***************************************************************** -- CISCO-TRUSTSEC-MIB.my -- -- December 2009, Dipesh Gorashia -- -- Copyright (c) 2009-2012, 2014 by Cisco Systems Inc. -- All rights reserved. -- ***************************************************************** CISCO-TRUSTSEC-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Counter32, NOTIFICATION-TYPE FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF TruthValue, DateAndTime, RowStatus FROM SNMPv2-TC SnmpAdminString FROM SNMP-FRAMEWORK-MIB CtsSecurityGroupTag, CtsGenerationId, CtsPasswordEncryptionType, CtsAcsAuthorityIdentity, CtsCredentialRecordType FROM CISCO-TRUSTSEC-TC-MIB ciscoMgmt FROM CISCO-SMI; ciscoTrustSecMIB MODULE-IDENTITY LAST-UPDATED "201401300000Z" ORGANIZATION "Cisco Systems, Inc." CONTACT-INFO "Cisco Systems Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: cs-lan-switch-snmp@cisco.com" DESCRIPTION "This MIB module is for the configuration of a network device on the Cisco Trusted Security (TrustSec) system. TrustSec secures a network fabric by authenticating and authorizing each device connecting to the network, allowing for the encryption, authentication and replay protection of data traffic on a hop by hop basis. Glossary : TrustSec - Cisco Trusted Security EAP-FAST - Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (RFC 4851) PAC - Protected Access Credential A credential dynamically downloaded from the Access Control Server. ACS - Access Control Server SGT - Security Group Tag A tag identifying its source, assigned to a packet on ingress to a TrustSec cloud, and used to determine security and other policy to be applied to it along its path through the cloud." REVISION "201401300000Z" DESCRIPTION "Added following OBJECT-GROUP - ciscoTrustSecCrtclAuthGroup Added new compliance - ciscoTrustSecMIBCompliance4." REVISION "201209260000Z" DESCRIPTION "Added following OBJECT-GROUP - ciscoTrustSecSwKeystoreNotifsInfoGroup - ciscoTrustSecSwKeystoreNotifsControlGroup - ciscoTrustSecSwKeystoreNotifsGroup - ciscoTrustSecFileErrNotifsInfoGroup - ciscoTrustSecNotifsMessageStringInfoGroup - ciscoTrustSecCacheFileNotifsControlGroup - ciscoTrustSecCacheFileNotifsGroup - ciscoTrustSecCtrDrbgNotifsControlGroup - ciscoTrustSecCtrDrbgNotifsGroup Added new compliance - ciscoTrustSecMIBCompliance3." REVISION "201103150000Z" DESCRIPTION "Added support for ciscoTrustSecEnvSecGroupNameGroup." REVISION "201009210000Z" DESCRIPTION "Initial version of this MIB module." ::= { ciscoMgmt 730 } ciscoTrustSecMIBNotifs OBJECT IDENTIFIER ::= { ciscoTrustSecMIB 0 } ciscoTrustSecMIBObjects OBJECT IDENTIFIER ::= { ciscoTrustSecMIB 1 } ciscoTrustSecMIBConform OBJECT IDENTIFIER ::= { ciscoTrustSecMIB 2 } ctsCacheObjects OBJECT IDENTIFIER ::= { ciscoTrustSecMIBObjects 1 } ctsSgtObjects OBJECT IDENTIFIER ::= { ciscoTrustSecMIBObjects 2 } ctsCredentialObjects OBJECT IDENTIFIER ::= { ciscoTrustSecMIBObjects 3 } ctsEnvironmentDataObjects OBJECT IDENTIFIER ::= { ciscoTrustSecMIBObjects 4 } ctsNotifsControlObjects OBJECT IDENTIFIER ::= { ciscoTrustSecMIBObjects 5 } ctsNotifsInfoObjects OBJECT IDENTIFIER ::= { ciscoTrustSecMIBObjects 6 } ctsCriticalAuthObjects OBJECT IDENTIFIER ::= { ciscoTrustSecMIBObjects 7 } -- ------------------------------------------------------------- -- Objects to manage caching functionality of TrustSec -- ------------------------------------------------------------- ctsCacheEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies if the TrustSec cache is enabled in the system." ::= { ctsCacheObjects 1 } ctsCacheNvStorage OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-write STATUS current DESCRIPTION "The object specifies the location on the device where TrustSec cache files will be created. The location may be specified in :[directory] format, where can be (but not limited to): bootdisk:, disk0:, disk1:. A zero length string for this object indicates that no location has been configured and system will decide the location of TrustSec cache files." ::= { ctsCacheObjects 2 } ctsCacheClear OBJECT-TYPE SYNTAX INTEGER { none(1), all(2), authzPolicies(3), authzPoliciesPeer(4), authzPoliciesSgt(5), environmentData(6), interfaceController(7) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object allows user to clear the cache files for Cisco Trusted Security feature on this device. When read, this object always returns the value 'none'. 'none' - No operation. 'all' - Clear all the cached information 'authzPolicies' - Clear all the cached authorization policies. 'authzPoliciesPeer' - Clear the cached peer authorization policies. 'authzPoliciesSgt' - Clear the cached SGT authorization policies. 'environmentData' - Clear the cached environment data 'interfaceController' - Clear the cached interface controller data." ::= { ctsCacheObjects 3 } ctsSecurityGroupTagId OBJECT-TYPE SYNTAX CtsSecurityGroupTag MAX-ACCESS read-write STATUS current DESCRIPTION "This object allows user to specify the SGT for the packets originating from this device. A value of zero for this object indicates that no SGT has been configured." ::= { ctsSgtObjects 1 } ctsSgtAssignmentMethod OBJECT-TYPE SYNTAX INTEGER { none(1), ingress(2), egress(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the method used for assignment of TrustSec SGT for the line cards without TrustSec tagging capability. 'none' - assignment of TrustSec SGT is not enabled. 'ingress' - 'ingress' method is used for the assignment of TrustSec SGT. 'egress' - 'egress' method is used for the assignment of TrustSec SGT." ::= { ctsSgtObjects 2 } ctsDeviceId OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-write STATUS current DESCRIPTION "This object allows user to specify the identifier for the device. This identifier and the device password (specified by ctsDevicePassword) are used together by the Cisco Trusted Security feature for authenticating the device. The value of this object must be set in the same PDU as ctsDevicePasswordType and ctsDevicePassword. The object may not be set to a zero length string. The system will return a zero length string for this object either when there is no value configured for this object or TrustSec credentials for the device have been cleared by setting ctsCredentialsClearAll to 'true'." ::= { ctsCredentialObjects 1 } ctsDevicePasswordType OBJECT-TYPE SYNTAX CtsPasswordEncryptionType MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the type of encryption employed to encrypt password in ctsDevicePassword object. Value for this object must be specified as 'clearText', 'typeSix' or 'typeSeven' in order to configure the password in ctsDevicePassword. The value of this object must be set in the same PDU as ctsDevicePassword and ctsDeviceId. When read, value of this object must be 'none' if ctsDevicePassword is a zero length string. The value of this object may not be set to 'none' or 'other'." ::= { ctsCredentialObjects 2 } ctsDevicePassword OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-write STATUS current DESCRIPTION "This object allows user to specify the password for the device. This password and the device identifier (specified by ctsDeviceId) are used together by the Cisco Trusted Security feature for authenticating the device. The value of this object must be set in the same PDU as ctsDevicePasswordType and ctsDeviceId. The object may not be set to a zero length string. When read, this object always returns the value of a zero-length octet string." ::= { ctsCredentialObjects 3 } ctsKeystoreType OBJECT-TYPE SYNTAX INTEGER { hardwareKeystore(1), softwareEmulation(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the type of keystore employed by the device. 'hardwareKeystore' - Keystore functionality is implemented in hardware. 'softwareEmulation' - Keystore functionality is emulated in software." ::= { ctsCredentialObjects 4 } ctsKeystoreFwVersion OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the firmware version of the hardware keystore. This object is only instantiated when the value of ctsKeystoreType is 'hardwareKeystore'." ::= { ctsCredentialObjects 5 } ctsKeystoreFwAlerts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of hardware keystore alerts that occurred. This object is only instantiated when the value of ctsKeystoreType is 'hardwareKeystore'." ::= { ctsCredentialObjects 6 } ctsKeystoreFwResets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of times the keystore firmware was reset. This object is only instantiated when the value of ctsKeystoreType is 'hardwareKeystore'." ::= { ctsCredentialObjects 7 } ctsKeystoreRxTimeouts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of times the system timed out awaiting response from keystore firmware. This object is only instantiated when the value of ctsKeystoreType is 'hardwareKeystore'." ::= { ctsCredentialObjects 8 } ctsKeystoreRxBadChecksums OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of message fragments the system received from keystore firmware that had bad checksum value. This object is only instantiated when the value of ctsKeystoreType is 'hardwareKeystore'." ::= { ctsCredentialObjects 9 } ctsKeystoreRxBadFragmentLengths OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of message fragments the system received from keystore firmware that had illegal lengths. This object is only instantiated when the value of ctsKeystoreType is 'hardwareKeystore'." ::= { ctsCredentialObjects 10 } ctsKeystoreCorruptions OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of times keystore firmware reported detection of one or more corrupted records in the hardware keystore. This object is only instantiated when the value of ctsKeystoreType is 'hardwareKeystore'." ::= { ctsCredentialObjects 11 } ctsKeystorePasswordRecordTable OBJECT-TYPE SYNTAX SEQUENCE OF CtsKeystorePasswordRecordEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of Cisco Trusted Security password records stored in the hardware or software keystore of this device." ::= { ctsCredentialObjects 13 } ctsKeystorePasswordRecordEntry OBJECT-TYPE SYNTAX CtsKeystorePasswordRecordEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry describing individual password record in the keystore of this device. An entry will be created or deleted from this table when a password record is added or removed from the keystore of this device." INDEX { IMPLIED ctsKeystorePasswordRecordName } ::= { ctsKeystorePasswordRecordTable 1 } CtsKeystorePasswordRecordEntry ::= SEQUENCE { ctsKeystorePasswordRecordName SnmpAdminString, ctsKeystorePasswordRecordType CtsCredentialRecordType } ctsKeystorePasswordRecordName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..64)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object identifies a password record." ::= { ctsKeystorePasswordRecordEntry 1 } ctsKeystorePasswordRecordType OBJECT-TYPE SYNTAX CtsCredentialRecordType MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the type of credential in this record." ::= { ctsKeystorePasswordRecordEntry 2 } ctsKeystorePacRecordTable OBJECT-TYPE SYNTAX SEQUENCE OF CtsKeystorePacRecordEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of Cisco Trusted Security PAC records stored in the hardware or software keystore of this device." ::= { ctsCredentialObjects 14 } ctsKeystorePacRecordEntry OBJECT-TYPE SYNTAX CtsKeystorePacRecordEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry describing individual PAC record in the keystore of this device. An entry will be created or deleted by the system when a PAC record is added or removed from the keystore of this device." INDEX { IMPLIED ctsKeystorePacRecordName } ::= { ctsKeystorePacRecordTable 1 } CtsKeystorePacRecordEntry ::= SEQUENCE { ctsKeystorePacRecordName CtsAcsAuthorityIdentity, ctsKeystorePacRecordType CtsCredentialRecordType } ctsKeystorePacRecordName OBJECT-TYPE SYNTAX CtsAcsAuthorityIdentity (SIZE (1..64)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The name of this PAC record." ::= { ctsKeystorePacRecordEntry 1 } ctsKeystorePacRecordType OBJECT-TYPE SYNTAX CtsCredentialRecordType MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the type of credential in this record." ::= { ctsKeystorePacRecordEntry 2 } ctsPacInfoTable OBJECT-TYPE SYNTAX SEQUENCE OF CtsPacInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of PACs on this device." ::= { ctsCredentialObjects 15 } ctsPacInfoEntry OBJECT-TYPE SYNTAX CtsPacInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry providing management information of a particular PAC record. An entry can only be created dynamically by the system when a new PAC is installed in the keystore. An entry will be deleted from this table when the PAC is removed from the keystore by the system or by the user." INDEX { IMPLIED ctsPacAcsAuthId } ::= { ctsPacInfoTable 1 } CtsPacInfoEntry ::= SEQUENCE { ctsPacAcsAuthId CtsAcsAuthorityIdentity, ctsPacAcsDescription SnmpAdminString, ctsPacType INTEGER, ctsPacExpirationTime DateAndTime, ctsPacTimeToRefresh Unsigned32, ctsPacStatus RowStatus } ctsPacAcsAuthId OBJECT-TYPE SYNTAX CtsAcsAuthorityIdentity (SIZE (1..64)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates the unique authority identity of the ACS server from where the PAC was downloaded." ::= { ctsPacInfoEntry 1 } ctsPacAcsDescription OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the description of the ACS server from where the PAC was downloaded." ::= { ctsPacInfoEntry 2 } ctsPacType OBJECT-TYPE SYNTAX INTEGER { unknown(1), tunnel(2), machineAuthentication(3), userAuthorization(4), posture(5), ciscoTrustSec(6) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the type of PAC this entry represents. 'unknown' - Any other type of PAC that is not covered below 'tunnel' - Distributed shared secret between the peer and ACS that is used to establish a secure tunnel and convey the policy of what must and can occur in the tunnel. 'machineAuthentication' - The Machine Authentication PAC contains information in the PAC opaque that identifies the machine. It is meant to be used by a machine when network access is required and no user is logged in. 'userAuthorization' - The User Authorization PAC contains information in the PAC opaque that identifies a user and provides authorization information. The User Authorization PAC is used to provide user information during stateless session resumption so user authentication MAY be skipped. 'posture' - Distributed posture checking and authorization result based on a previous posture validation. A posture PAC can be used to optimize posture validation in the case of frequent revalidations. This result is specific to the posture validation application and may be used outside the contents of EAP-FAST. 'ciscoTrustSec' - A credential dynamically provisioned in phase 0 of EAP-FAST. It is used by Trustsec to set up secure communications with the server." ::= { ctsPacInfoEntry 3 } ctsPacExpirationTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the time when this PAC will be expired." ::= { ctsPacInfoEntry 4 } ctsPacTimeToRefresh OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the time left for this PAC to be refreshed from the ACS." ::= { ctsPacInfoEntry 5 } ctsPacStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to manage the deletion of rows in this table. This object only supports the values 'active' and 'destroy'. Setting this object to 'destroy' deletes this PAC. When read, this object will always return 'active'." ::= { ctsPacInfoEntry 6 } ctsCredentialsClearAll OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object allows user to clear all the PACs and Cisco Trusted Security credentials on the device. Setting the object to 'true' will clear all the PACs and credentials. When read, this object will always return 'false'." ::= { ctsCredentialObjects 16 } -- ------------------------------------------------------------- -- Objects to manage Environment Data of TrustSec -- ------------------------------------------------------------- ctsEnvDataLastDownloadStatus OBJECT-TYPE SYNTAX INTEGER { other(1), succeeded(2), failed(3), inprogress(4), incomplete(5), timedout(6), cleared(7) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the status of the last attempt to download the Environment Data. 'other' - Any other state not covered by below enumerations. 'succeeded' - Environment Data download completed successfully. 'failed' - Environment Data download failed. 'inprogress'- Environment Data download is in progress. 'incomplete'- Environment Data download is incomplete. 'timedout' - Environment Data download did not start and timed out due to no response from the ACS. 'cleared' - Environment Data has been cleared by the user." ::= { ctsEnvironmentDataObjects 1 } ctsEnvSecurityGroupTagId OBJECT-TYPE SYNTAX CtsSecurityGroupTag MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the SGT for packets originating on this device downloaded from the ACS. A value of zero for this object indicates that no SGT has been downloaded from the ACS." ::= { ctsEnvironmentDataObjects 2 } ctsEnvSecurityGroupTagGenId OBJECT-TYPE SYNTAX CtsGenerationId MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the generation identifier associated with the downloaded SGT on this device." ::= { ctsEnvironmentDataObjects 3 } ctsEnvDataLastUpdate OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the last time Cisco Trusted Security Environment Data was successfully updated from ACS. This object will contain 0-1-1,00:00:00:0 if Environment Data has never been successfully updated from ACS." ::= { ctsEnvironmentDataObjects 4 } ctsEnvDataRefreshInterval OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the time interval for which Trusted Security Environment Data is valid. The Trusted Security Environment Data will be refreshed i.e. downloaded from the ACS after this time period has elapsed." ::= { ctsEnvironmentDataObjects 5 } ctsEnvDataTimeLeft OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the time left for the currently installed Trusted Security Environment Data to expire." ::= { ctsEnvironmentDataObjects 6 } ctsEnvDataTimeToRefresh OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the time interval after which Trusted Security Environment Data will be refreshed i.e. downloaded from the ACS due to Environment Data expiration or refresh failure." ::= { ctsEnvironmentDataObjects 7 } ctsEnvDataSource OBJECT-TYPE SYNTAX INTEGER { none(1), cached(2), downloaded(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the source of current Environment Data installed on the system. 'none' - No Environment Data is currently installed. 'cached' - Environment Data is installed from non-volatile storage on the system. 'downloaded' - Environment Data is downloaded from the ACS." ::= { ctsEnvironmentDataObjects 8 } ctsEnvDataAction OBJECT-TYPE SYNTAX INTEGER { none(1), refresh(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object allows user to specify the action to be taken for all the Cisco Trusted Security Environment Data on this device. When read, this object always returns the value 'none'. 'none' - No operation. 'refresh' - Refresh all the Trusted Security Environment Data on the device." ::= { ctsEnvironmentDataObjects 9 } ctsEnvSecurityGroupNameTable OBJECT-TYPE SYNTAX SEQUENCE OF CtsEnvSecurityGroupNameEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of Security Group Names in Cisco Trusted Security environment." ::= { ctsEnvironmentDataObjects 16 } ctsEnvSecurityGroupNameEntry OBJECT-TYPE SYNTAX CtsEnvSecurityGroupNameEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry listing the name assigned to each SGT in Cisco Trusted Security environment. Entries will be populated in this table when system downloads Security Group Name information as part of Trusted Security Environment Data." INDEX { ctsEnvSecurityGroupNameSgt } ::= { ctsEnvSecurityGroupNameTable 1 } CtsEnvSecurityGroupNameEntry ::= SEQUENCE { ctsEnvSecurityGroupNameSgt CtsSecurityGroupTag, ctsEnvSecurityGroupNameSgtGenId CtsGenerationId, ctsEnvSecurityGroupNameSgtFlag BITS, ctsEnvSecurityGroupName SnmpAdminString } ctsEnvSecurityGroupNameSgt OBJECT-TYPE SYNTAX CtsSecurityGroupTag (1..65535) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object identifies a SGT in Trusted Security environment." ::= { ctsEnvSecurityGroupNameEntry 1 } ctsEnvSecurityGroupNameSgtGenId OBJECT-TYPE SYNTAX CtsGenerationId MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the Generation Identifier associated with this SGT." ::= { ctsEnvSecurityGroupNameEntry 2 } ctsEnvSecurityGroupNameSgtFlag OBJECT-TYPE SYNTAX BITS { recognizedSgt(0), unicastSgt(1) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the flag associated with this SGT. 'recognizedSgt' - indicates a recognized SGT when set to 1, else indicates a reserved SGT. 'unicastSgt' - indicates a unicast SGT when set to 1, else indicates a multicast SGT." ::= { ctsEnvSecurityGroupNameEntry 3 } ctsEnvSecurityGroupName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the Security Group Name assigned to this SGT." ::= { ctsEnvSecurityGroupNameEntry 4 } -- Notification-only information ctsFileErrNotifReason OBJECT-TYPE SYNTAX INTEGER { openFailedForWrite(1), writeFailed(2), openFailedForRead(3), readFailed(4), badMagic(5), unexpectedEof(6), badHeader(7) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "This object indicates the reason file error related notification was generated. 'openFailedForWrite' - System failed to open a file to write TrustSec information. 'writeFailed' - System failed to write TrustSec information to a file. 'openFailedForRead' - System failed to open a file to read TrustSec information. 'readFailed' - System failed to read TrustSec information from a file. 'badMagic' - A bad magic number was encountered for a TrustSec file. 'unexpectedEof' - A record of unexpected length is found in TrustSec file. 'badHeader' - Bad file header was encountered for a TrustSec file." ::= { ctsNotifsInfoObjects 1 } ctsSwKeystoreSyncFailNotifReason OBJECT-TYPE SYNTAX INTEGER { ipcPortCreationFailed(1), ipcPortOpenFailed(2), ipcConnectionFailure(3), ipcSendFailure(4), standbyIncompatible(5), syncProcessCreationFailed(6) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "This object indicates the reason ctsSwKeystoreSyncFailNotif notification was generated. 'ipcPortCreationFailed' - Keystore information could not be synced because the system failed to create port for Inter-Process communication between the active and the standby supervisors. 'ipcPortOpenFailed' - Keystore information could not be synced because the system failed to open port for Inter-Process communication between the active and the standby supervisors. 'ipcConnectionFailure' - Keystore information could not be synced because Inter-Process communication connection failed between the active and the standby supervisors. 'ipcSendFailure' - Keystore information could not be synced because Inter-Process Communication messages could not be sent to the standby supervisor. 'standbyIncompatible' - Keystore information could not be synced because the standby supervisor is not compatible with the active supervisor. 'syncProcessCreationFailed' - Keystore information could not be synced because the system failed to create the sync process." ::= { ctsNotifsInfoObjects 2 } ctsNotifMessageString OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The object indicates additional information for a TrustSec notification." ::= { ctsNotifsInfoObjects 3 } -- Notification Control ctsSwKeystoreFileErrNotifEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies if the system generates ctsSwKeystoreFileErrNotif. A value of 'false' will prevent ctsSwKeystoreFileErrNotif notifications from being generated by this system." ::= { ctsNotifsControlObjects 1 } ctsSwKeystoreSyncFailNotifEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies if the system generates ctsSwKeystoreSyncFailNotif. A value of 'false' will prevent ctsSwKeystoreSyncFailNotif notifications from being generated by this system." ::= { ctsNotifsControlObjects 2 } ctsAuthzCacheFileErrNotifEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies if the system generates ctsAuthzCacheFileErrNotif. A value of 'false' will prevent ctsAuthzCacheFileErrNotif notifications from being generated by this system." ::= { ctsNotifsControlObjects 3 } ctsCacheFileAccessErrNotifEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies if the system generates ctsCacheFileAccessErrNotif. A value of 'false' will prevent ctsCacheFileAccessErrNotif notifications from being generated by this system." ::= { ctsNotifsControlObjects 4 } ctsSrcEntropyFailNotifEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies if the system generates ctsSrcEntropyFailNotif. A value of 'false' will prevent ctsSrcEntropyFailNotif notifications from being generated by this system." ::= { ctsNotifsControlObjects 5 } ctsSapRandomNumberFailNotifEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies if the system generates ctsSapRandomNumberFailNotif. A value of 'false' will prevent ctsSapRandomNumberFailNotif notifications from being generated by this system." ::= { ctsNotifsControlObjects 6 } ctsCriticalAuthEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies if the Critical-Auth functionality is enabled in the system. Setting the object to 'true' will enable Critical-Auth functionality in the system and 'false' will disable the Critical-Auth functionality. Before enable ctsCriticalAuthEnable ctsCriticalAuthPeerSgt need to be configured." ::= { ctsCriticalAuthObjects 1 } ctsCriticalAuthFallback OBJECT-TYPE SYNTAX INTEGER { default(1), cache(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the CTS Critical-Auth fallback policy. default - Critical-Auth fallback policy is default. cache - Critical-Auth fallback policy is cache." ::= { ctsCriticalAuthObjects 2 } ctsCriticalAuthPeerSgt OBJECT-TYPE SYNTAX CtsSecurityGroupTag MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the CTS Critical-Auth SGT tag of the remote peer. ctsCriticalAuthPeerSgt cannot be set to zero when ctsCriticalAuthEnable is enable. ctsCriticalAuthPeerSgtTrust will be set to untrusted by default during set operation of ctsCriticalAuthPeerSgt. User need to explicitly override the ctsCriticalAuthPeerSgtTrust to trusted if required." ::= { ctsCriticalAuthObjects 3 } ctsCriticalAuthPeerSgtTrust OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the CTS Critical-Auth peer's sgt trust state. This object can only be set when ctsCriticalAuthPeerSgt is non-zero." ::= { ctsCriticalAuthObjects 4 } ctsCriticalAuthDefaultPmk OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0 | 32)) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the CTS Critical-Auth default PMK used by SAP. The purpose of this object is to only allow configuration of Critical-Auth PMK. The ctsCriticalAuthViewDefaultPmk object is used to display the default Critical-Auth PMK." ::= { ctsCriticalAuthObjects 5 } ctsCriticalAuthViewDefaultPmk OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the CTS Critical-Auth default PMK. The purpose of this object is to only display the configured Critical-Auth PMK. A zero length string for this objects indicates the SAP negotiation is disabled. The ctsCriticalAuthDefaultPmk object is used to configure the PMK." ::= { ctsCriticalAuthObjects 6 } -- Notifications ctsSwKeystoreFileErrNotif NOTIFICATION-TYPE OBJECTS { ctsFileErrNotifReason } STATUS current DESCRIPTION "A ctsSwKeystoreFileErrNotif is generated when system encounters an error while performing operation on the software keystore file." ::= { ciscoTrustSecMIBNotifs 1 } ctsSwKeystoreSyncFailNotif NOTIFICATION-TYPE OBJECTS { ctsSwKeystoreSyncFailNotifReason } STATUS current DESCRIPTION "A ctsSwKeystoreSyncFailNotifReason is generated when system fails to sync software keystore information from the active supervisor to the standby supervisor." ::= { ciscoTrustSecMIBNotifs 2 } ctsAuthzCacheFileErrNotif NOTIFICATION-TYPE OBJECTS { ctsFileErrNotifReason, ctsNotifMessageString } STATUS current DESCRIPTION "A ctsAuthzCacheFileErrNotif is generated when the system encounters error downloading TrustSec authorization related environment data to a cache file." ::= { ciscoTrustSecMIBNotifs 3 } ctsCacheFileAccessErrNotif NOTIFICATION-TYPE OBJECTS { ctsFileErrNotifReason, ctsNotifMessageString } STATUS current DESCRIPTION "A ctsCacheFileAccessErrNotif is generated when the system fails to perform open/read/write operation for a TrustSec cache file." ::= { ciscoTrustSecMIBNotifs 4 } ctsSrcEntropyFailNotif NOTIFICATION-TYPE STATUS current DESCRIPTION "A ctsSrcEntropyFailNotif is generated when the periodic health tests for the CTR-DRBG (Counter- Deterministic Random Bit Generator) implementation fails due to issues with the source entropy." ::= { ciscoTrustSecMIBNotifs 5 } ctsSapRandomNumberFailNotif NOTIFICATION-TYPE OBJECTS { ctsNotifMessageString } STATUS current DESCRIPTION "A ctsSapRandomNumberFailNotif is generated when the the system fails to obtain a random number from CTR-DRBG block for SAP (Security Association Protocol) key-counter." ::= { ciscoTrustSecMIBNotifs 6 } -- Conformance ciscoTrustSecMIBCompliances OBJECT IDENTIFIER ::= { ciscoTrustSecMIBConform 1 } ciscoTrustSecMIBGroups OBJECT IDENTIFIER ::= { ciscoTrustSecMIBConform 2 } ciscoTrustSecMIBCompliance MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "The compliance statement for the CISCO-TRUSTSEC-MIB." MODULE -- this module MANDATORY-GROUPS { ciscoTrustSecCacheGroup, ciscoTrustSecSgtGroup, ciscoTrustSecCredentialsGroup, ciscoTrustSecHwKeystoreInfoGroup, ciscoTrustSecEnvDataGroup } GROUP ciscoTrustSecSgtAssignmentGroup DESCRIPTION "Implementation of this group is mandatory for the devices that support mechanism to assign SGT for line cards without TrustSec tagging capability." OBJECT ctsCacheEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsCacheNvStorage MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsCacheClear MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsSecurityGroupTagId MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsSgtAssignmentMethod MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsDeviceId MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsDevicePasswordType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsDevicePassword MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsPacStatus SYNTAX INTEGER { active(1) } WRITE-SYNTAX INTEGER { destroy(6) } MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsCredentialsClearAll MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsEnvDataAction MIN-ACCESS read-only DESCRIPTION "Write access is not required." ::= { ciscoTrustSecMIBCompliances 1 } ciscoTrustSecMIBCompliance2 MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "The compliance statement for the CISCO-TRUSTSEC-MIB." MODULE -- this module MANDATORY-GROUPS { ciscoTrustSecCacheGroup, ciscoTrustSecSgtGroup, ciscoTrustSecCredentialsGroup, ciscoTrustSecHwKeystoreInfoGroup, ciscoTrustSecEnvDataGroup } GROUP ciscoTrustSecSgtAssignmentGroup DESCRIPTION "Implementation of this group is mandatory for the devices that support mechanism to assign SGT for line cards without TrustSec tagging capability." GROUP ciscoTrustSecEnvSecGroupNameGroup DESCRIPTION "Implementation of this group is mandatory for the devices that support Security Group Name functionality." OBJECT ctsCacheEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsCacheNvStorage MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsCacheClear MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsSecurityGroupTagId MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsSgtAssignmentMethod MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsDeviceId MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsDevicePasswordType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsDevicePassword MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsPacStatus SYNTAX INTEGER { active(1) } WRITE-SYNTAX INTEGER { destroy(6) } MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsCredentialsClearAll MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsEnvDataAction MIN-ACCESS read-only DESCRIPTION "Write access is not required." ::= { ciscoTrustSecMIBCompliances 2 } ciscoTrustSecMIBCompliance3 MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "The compliance statement for the CISCO-TRUSTSEC-MIB." MODULE -- this module MANDATORY-GROUPS { ciscoTrustSecCacheGroup, ciscoTrustSecSgtGroup, ciscoTrustSecCredentialsGroup, ciscoTrustSecHwKeystoreInfoGroup, ciscoTrustSecEnvDataGroup } GROUP ciscoTrustSecSgtAssignmentGroup DESCRIPTION "Implementation of this group is mandatory for the devices that support mechanism to assign SGT for line cards without TrustSec tagging capability." GROUP ciscoTrustSecEnvSecGroupNameGroup DESCRIPTION "Implementation of this group is mandatory for the devices that support Security Group Name functionality." GROUP ciscoTrustSecSwKeystoreNotifsInfoGroup DESCRIPTION "Implementation of this group is mandatory for the devices that support software keystore notifications." GROUP ciscoTrustSecSwKeystoreNotifsControlGroup DESCRIPTION "Implementation of this group is mandatory for the devices that support software keystore notifications." GROUP ciscoTrustSecSwKeystoreNotifsGroup DESCRIPTION "Implementation of this group is mandatory for the devices that support software keystore notifications." GROUP ciscoTrustSecFileErrNotifsInfoGroup DESCRIPTION "Implementation of this group is mandatory for the devices that support TrustSec keystore or cache file error related notifications." GROUP ciscoTrustSecNotifsMessageStringInfoGroup DESCRIPTION "Implementation of this group is mandatory for the devices that provide additional information for TrustSec notifications." GROUP ciscoTrustSecCacheFileNotifsControlGroup DESCRIPTION "Implementation of this group is mandatory for the devices that support TrustSec cache file error notifications." GROUP ciscoTrustSecCacheFileNotifsGroup DESCRIPTION "Implementation of this group is mandatory for the devices that support TrustSec cache file error notifications." GROUP ciscoTrustSecCtrDrbgNotifsControlGroup DESCRIPTION "Implementation of this group is mandatory for the devices that support CTR-DRBG error notifications." GROUP ciscoTrustSecCtrDrbgNotifsGroup DESCRIPTION "Implementation of this group is mandatory for the devices that support CTR-DRBG error notifications." OBJECT ctsCacheEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsCacheNvStorage MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsCacheClear MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsSecurityGroupTagId MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsSgtAssignmentMethod MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsDeviceId MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsDevicePasswordType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsDevicePassword MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsPacStatus SYNTAX INTEGER { active(1) } WRITE-SYNTAX INTEGER { destroy(6) } MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsCredentialsClearAll MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsEnvDataAction MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsSwKeystoreFileErrNotifEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsSwKeystoreSyncFailNotifEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsAuthzCacheFileErrNotifEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsCacheFileAccessErrNotifEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsSrcEntropyFailNotifEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsSapRandomNumberFailNotifEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." ::= { ciscoTrustSecMIBCompliances 3 } ciscoTrustSecMIBCompliance4 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for the CISCO-TRUSTSEC-MIB." MODULE -- this module MANDATORY-GROUPS { ciscoTrustSecCacheGroup, ciscoTrustSecSgtGroup, ciscoTrustSecCredentialsGroup, ciscoTrustSecHwKeystoreInfoGroup, ciscoTrustSecEnvDataGroup } GROUP ciscoTrustSecSgtAssignmentGroup DESCRIPTION "Implementation of this group is mandatory for the devices that support mechanism to assign SGT for line cards without TrustSec tagging capability." GROUP ciscoTrustSecEnvSecGroupNameGroup DESCRIPTION "Implementation of this group is mandatory for the devices that support Security Group Name functionality." GROUP ciscoTrustSecSwKeystoreNotifsInfoGroup DESCRIPTION "Implementation of this group is mandatory for the devices that support software keystore notifications." GROUP ciscoTrustSecSwKeystoreNotifsControlGroup DESCRIPTION "Implementation of this group is mandatory for the devices that support software keystore notifications." GROUP ciscoTrustSecSwKeystoreNotifsGroup DESCRIPTION "Implementation of this group is mandatory for the devices that support software keystore notifications." GROUP ciscoTrustSecFileErrNotifsInfoGroup DESCRIPTION "Implementation of this group is mandatory for the devices that support TrustSec keystore or cache file error related notifications." GROUP ciscoTrustSecNotifsMessageStringInfoGroup DESCRIPTION "Implementation of this group is mandatory for the devices that provide additional information for TrustSec notifications." GROUP ciscoTrustSecCacheFileNotifsControlGroup DESCRIPTION "Implementation of this group is mandatory for the devices that support TrustSec cache file error notifications." GROUP ciscoTrustSecCacheFileNotifsGroup DESCRIPTION "Implementation of this group is mandatory for the devices that support TrustSec cache file error notifications." GROUP ciscoTrustSecCtrDrbgNotifsControlGroup DESCRIPTION "Implementation of this group is mandatory for the devices that support CTR-DRBG error notifications." GROUP ciscoTrustSecCtrDrbgNotifsGroup DESCRIPTION "Implementation of this group is mandatory for the devices that support CTR-DRBG error notifications." GROUP ciscoTrustSecCrtclAuthGroup DESCRIPTION "Implementation of this group is mandatory for the devices that support CTS Critical-Auth" OBJECT ctsCacheEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsCacheNvStorage MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsCacheClear MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsSecurityGroupTagId MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsSgtAssignmentMethod MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsDeviceId MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsDevicePasswordType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsDevicePassword MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsPacStatus SYNTAX INTEGER { active(1) } WRITE-SYNTAX INTEGER { destroy(6) } MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsCredentialsClearAll MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsEnvDataAction MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsSwKeystoreFileErrNotifEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsSwKeystoreSyncFailNotifEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsAuthzCacheFileErrNotifEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsCacheFileAccessErrNotifEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsSrcEntropyFailNotifEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsSapRandomNumberFailNotifEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsCriticalAuthEnabled MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsCriticalAuthFallback MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsCriticalAuthPeerSgt MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsCriticalAuthPeerSgtTrust MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT ctsCriticalAuthDefaultPmk MIN-ACCESS read-only DESCRIPTION "Write access is not required." ::= { ciscoTrustSecMIBCompliances 4 } -- Units of Conformance ciscoTrustSecCacheGroup OBJECT-GROUP OBJECTS { ctsCacheEnabled, ctsCacheNvStorage, ctsCacheClear } STATUS current DESCRIPTION "A collection of objects that provides the cache configuration for TrustSec in the system." ::= { ciscoTrustSecMIBGroups 1 } ciscoTrustSecSgtGroup OBJECT-GROUP OBJECTS { ctsSecurityGroupTagId } STATUS current DESCRIPTION "A collection of objects to manage SGT for TrustSec." ::= { ciscoTrustSecMIBGroups 2 } ciscoTrustSecCredentialsGroup OBJECT-GROUP OBJECTS { ctsDeviceId, ctsDevicePasswordType, ctsDevicePassword, ctsKeystoreType, ctsKeystorePasswordRecordType, ctsKeystorePacRecordType, ctsPacAcsDescription, ctsPacType, ctsPacExpirationTime, ctsPacTimeToRefresh, ctsPacStatus, ctsCredentialsClearAll } STATUS current DESCRIPTION "A collection of objects to manage credentials parameters for TrustSec." ::= { ciscoTrustSecMIBGroups 3 } ciscoTrustSecHwKeystoreInfoGroup OBJECT-GROUP OBJECTS { ctsKeystoreFwVersion, ctsKeystoreFwAlerts, ctsKeystoreFwResets, ctsKeystoreRxTimeouts, ctsKeystoreRxBadChecksums, ctsKeystoreRxBadFragmentLengths, ctsKeystoreCorruptions } STATUS current DESCRIPTION "A collection of objects to manage hardware keystore for TrustSec." ::= { ciscoTrustSecMIBGroups 4 } ciscoTrustSecEnvDataGroup OBJECT-GROUP OBJECTS { ctsEnvDataLastDownloadStatus, ctsEnvSecurityGroupTagId, ctsEnvSecurityGroupTagGenId, ctsEnvDataLastUpdate, ctsEnvDataRefreshInterval, ctsEnvDataTimeLeft, ctsEnvDataTimeToRefresh, ctsEnvDataSource, ctsEnvDataAction } STATUS current DESCRIPTION "A collection of objects to manage Environment Data for TrustSec." ::= { ciscoTrustSecMIBGroups 5 } ciscoTrustSecSgtAssignmentGroup OBJECT-GROUP OBJECTS { ctsSgtAssignmentMethod } STATUS current DESCRIPTION "A collection of objects to manage assignment of TrustSec SGT." ::= { ciscoTrustSecMIBGroups 6 } ciscoTrustSecEnvSecGroupNameGroup OBJECT-GROUP OBJECTS { ctsEnvSecurityGroupNameSgtGenId, ctsEnvSecurityGroupNameSgtFlag, ctsEnvSecurityGroupName } STATUS current DESCRIPTION "A collection of object(s) to manage Security Group Name information for TrustSec." ::= { ciscoTrustSecMIBGroups 7 } ciscoTrustSecSwKeystoreNotifsInfoGroup OBJECT-GROUP OBJECTS { ctsSwKeystoreSyncFailNotifReason } STATUS current DESCRIPTION "A collection of object(s) to provide information regarding software keystore notifications for TrustSec." ::= { ciscoTrustSecMIBGroups 8 } ciscoTrustSecSwKeystoreNotifsControlGroup OBJECT-GROUP OBJECTS { ctsSwKeystoreFileErrNotifEnable, ctsSwKeystoreSyncFailNotifEnable } STATUS current DESCRIPTION "A collection of object(s) to control software keystore notifications for TrustSec." ::= { ciscoTrustSecMIBGroups 9 } ciscoTrustSecSwKeystoreNotifsGroup NOTIFICATION-GROUP NOTIFICATIONS { ctsSwKeystoreFileErrNotif, ctsSwKeystoreSyncFailNotif } STATUS current DESCRIPTION "A collection of software keystore related notifications for TrustSec." ::= { ciscoTrustSecMIBGroups 10 } ciscoTrustSecFileErrNotifsInfoGroup OBJECT-GROUP OBJECTS { ctsFileErrNotifReason } STATUS current DESCRIPTION "A collection of object(s) to provide information regarding file error related notifications for TrustSec." ::= { ciscoTrustSecMIBGroups 11 } ciscoTrustSecNotifsMessageStringInfoGroup OBJECT-GROUP OBJECTS { ctsNotifMessageString } STATUS current DESCRIPTION "A collection of object(s) to provide information regarding TrustSec notification." ::= { ciscoTrustSecMIBGroups 12 } ciscoTrustSecCacheFileNotifsControlGroup OBJECT-GROUP OBJECTS { ctsAuthzCacheFileErrNotifEnable, ctsCacheFileAccessErrNotifEnable } STATUS current DESCRIPTION "A collection of object(s) to control cache file related notifications for TrustSec." ::= { ciscoTrustSecMIBGroups 13 } ciscoTrustSecCacheFileNotifsGroup NOTIFICATION-GROUP NOTIFICATIONS { ctsAuthzCacheFileErrNotif, ctsCacheFileAccessErrNotif } STATUS current DESCRIPTION "A collection of TrustSec cache file related notifications." ::= { ciscoTrustSecMIBGroups 14 } ciscoTrustSecCtrDrbgNotifsControlGroup OBJECT-GROUP OBJECTS { ctsSrcEntropyFailNotifEnable, ctsSapRandomNumberFailNotifEnable } STATUS current DESCRIPTION "A collection of object(s) to control CTR-DRBG related notifications for TrustSec." ::= { ciscoTrustSecMIBGroups 15 } ciscoTrustSecCtrDrbgNotifsGroup NOTIFICATION-GROUP NOTIFICATIONS { ctsSrcEntropyFailNotif, ctsSapRandomNumberFailNotif } STATUS current DESCRIPTION "A collection of CTR-DRBG related notifications for TrustSec." ::= { ciscoTrustSecMIBGroups 16 } ciscoTrustSecCrtclAuthGroup OBJECT-GROUP OBJECTS { ctsCriticalAuthEnabled, ctsCriticalAuthFallback, ctsCriticalAuthPeerSgt, ctsCriticalAuthPeerSgtTrust, ctsCriticalAuthDefaultPmk, ctsCriticalAuthViewDefaultPmk } STATUS current DESCRIPTION "A collection of CTS Critical Auth Config objects" ::= { ciscoTrustSecMIBGroups 17 } END