-- extracted from draft-ietf-ipcdn-mcns-bpi-mib-00.txt -- at Mon Nov 15 17:10:57 1999 DOCS-BPI-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Counter32, IpAddress FROM SNMPv2-SMI DisplayString, MacAddress, RowStatus, TruthValue, DateAndTime FROM SNMPv2-TC OBJECT-GROUP, MODULE-COMPLIANCE FROM SNMPv2-CONF ifIndex FROM IF-MIB docsIfMib, docsIfCmServiceId, docsIfCmtsServiceId FROM DOCS-IF-MIB ; docsBpiMIB MODULE-IDENTITY LAST-UPDATED "9807171930Z" ORGANIZATION "IETF IPCDN Working Group" CONTACT-INFO "Rich Woundy Postal: American Internet 4 Preston Court Bedford, MA 01730 Tel: +1 781 276 4509 Fax: +1 781 275 4930 E-mail: rwoundy@american.com" DESCRIPTION "This is the MIB Module for the DOCSIS Baseline Privacy Interface (BPI) at cable modems (CMs) and cable modem termination systems (CMTSs)." ::= { docsIfMib 5 } docsBpiMIBObjects OBJECT IDENTIFIER ::= { docsBpiMIB 1 } -- Cable Modem Group docsBpiCmObjects OBJECT IDENTIFIER ::= { docsBpiMIBObjects 1 } -- -- The BPI base and authorization table for CMs, indexed by ifIndex -- docsBpiCmBaseTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsBpiCmBaseEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes the basic and authorization-related Baseline Privacy attributes of each CM MAC interface." ::= { docsBpiCmObjects 1 } docsBpiCmBaseEntry OBJECT-TYPE SYNTAX DocsBpiCmBaseEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing objects describing attributes of one CM MAC interface. An entry in this table exists for each ifEntry with an ifType of docsCableMaclayer(127)." INDEX { ifIndex } ::= { docsBpiCmBaseTable 1 } DocsBpiCmBaseEntry ::= SEQUENCE { docsBpiCmPrivacyEnable TruthValue, docsBpiCmPublicKey OCTET STRING, docsBpiCmAuthState INTEGER, docsBpiCmAuthKeySequenceNumber INTEGER, docsBpiCmAuthExpires DateAndTime, docsBpiCmAuthReset TruthValue, docsBpiCmAuthGraceTime INTEGER, docsBpiCmTEKGraceTime INTEGER, docsBpiCmAuthWaitTimeout INTEGER, docsBpiCmReauthWaitTimeout INTEGER, docsBpiCmOpWaitTimeout INTEGER, docsBpiCmRekeyWaitTimeout INTEGER, docsBpiCmAuthRejectWaitTimeout INTEGER, docsBpiCmAuthRequests Counter32, docsBpiCmAuthReplies Counter32, docsBpiCmAuthRejects Counter32, docsBpiCmAuthInvalids Counter32, docsBpiCmAuthRejectErrorCode INTEGER, docsBpiCmAuthRejectErrorString DisplayString, docsBpiCmAuthInvalidErrorCode INTEGER, docsBpiCmAuthInvalidErrorString DisplayString } docsBpiCmPrivacyEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This identifies whether this CM is provisioned to run Baseline Privacy. This is analogous to the presence (or absence) of the Baseline Privacy Configuration Setting option as described in BPI Appendix A.1.1. The status of each individual SID with respect to Baseline Privacy is captured in the docsBpiCmTEKPrivacyEnable object. Note: this object will be read-write accessible only after the ability to start and stop the authorization state machine is understood." ::= { docsBpiCmBaseEntry 1 } docsBpiCmPublicKey OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..97)) MAX-ACCESS read-only STATUS current DESCRIPTION "Public key of the CM encoded as an ASN.1 SubjectPublicKeyInfo object as defined in the RSA Encryption Standard (PKCS #1) [12]." ::= { docsBpiCmBaseEntry 2 } docsBpiCmAuthState OBJECT-TYPE SYNTAX INTEGER { start(1), authWait(2), authorized(3), reauthWait(4), authRejectWait(5) } MAX-ACCESS read-only STATUS current DESCRIPTION "The state of the CM authorization FSM. The start state indicates that FSM is in its initial state." ::= { docsBpiCmBaseEntry 3 } docsBpiCmAuthKeySequenceNumber OBJECT-TYPE SYNTAX INTEGER (0..15) MAX-ACCESS read-only STATUS current DESCRIPTION "The authorization key sequence number for this FSM." ::= { docsBpiCmBaseEntry 4 } docsBpiCmAuthExpires OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Actual clock time when the current authorization for this FSM expires. If the CM does not have an active authorization, then the value is of the expiration date and time of the last active authorization." ::= { docsBpiCmBaseEntry 5 } docsBpiCmAuthReset OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Setting this object to TRUE generates a Reauthorize event in the authorization FSM, as described in section 4.1.2.3.4 of the Baseline Privacy Interface Specification. Reading this object always returns FALSE." ::= { docsBpiCmBaseEntry 6 } docsBpiCmAuthGraceTime OBJECT-TYPE SYNTAX INTEGER (1..1800) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "Grace time for an authorization key. A CM is expected to start trying to get a new authorization key beginning AuthGraceTime seconds before the authorization key actually expires. The value of this object cannot be changed while the authorization state machine is running. Note: this object will be read-write accessible only after the ability to start and stop the authorization state machine is understood." ::= { docsBpiCmBaseEntry 7 } docsBpiCmTEKGraceTime OBJECT-TYPE SYNTAX INTEGER (1..1800) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "Grace time for a TEK. A CM is expected to start trying to get a new TEK beginning TEKGraceTime seconds before the TEK actually expires. The value of this object cannot be changed while the authorization state machine is running. Note: this object will be read-write accessible only after the ability to start and stop the authorization state machine is understood." ::= { docsBpiCmBaseEntry 8 } docsBpiCmAuthWaitTimeout OBJECT-TYPE SYNTAX INTEGER (2..30) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "Authorize Wait Timeout. The value of this object cannot be changed while the authorization state machine is running. Note: this object will be read-write accessible only after the ability to start and stop the authorization state machine is understood." ::= { docsBpiCmBaseEntry 9 } docsBpiCmReauthWaitTimeout OBJECT-TYPE SYNTAX INTEGER (2..30) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "Reauthorize Wait Timeout in seconds. The value of this object cannot be changed while the authorization state machine is running. Note: this object will be read-write accessible only after the ability to start and stop the authorization state machine is understood." ::= { docsBpiCmBaseEntry 10 } docsBpiCmOpWaitTimeout OBJECT-TYPE SYNTAX INTEGER (1..10) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "Operational Wait Timeout in seconds. The value of this object cannot be changed while the authorization state machine is running. Note: this object will be read-write accessible only after the ability to start and stop the authorization state machine is understood." ::= { docsBpiCmBaseEntry 11 } docsBpiCmRekeyWaitTimeout OBJECT-TYPE SYNTAX INTEGER (1..10) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "Rekey Wait Timeout in seconds. The value of this object cannot be changed while the authorization state machine is running. Note: this object will be read-write accessible only after the ability to start and stop the authorization state machine is understood." ::= { docsBpiCmBaseEntry 12 } docsBpiCmAuthRejectWaitTimeout OBJECT-TYPE SYNTAX INTEGER (60..1800) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "Authorization Reject Wait Timeout in seconds. The value of this object cannot be changed while the authorization state machine is running. Note: this object will be read-write accessible only after the ability to start and stop the authorization state machine is understood." ::= { docsBpiCmBaseEntry 13 } docsBpiCmAuthRequests OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Count of times the CM has transmitted an Authorization Request message." ::= { docsBpiCmBaseEntry 14 } docsBpiCmAuthReplies OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Count of times the CM has received an Authorization Reply message." ::= { docsBpiCmBaseEntry 15 } docsBpiCmAuthRejects OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Count of times the CM has received an Authorization Reject message." ::= { docsBpiCmBaseEntry 16 } docsBpiCmAuthInvalids OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Count of times the CM has received an Authorization Invalid message." ::= { docsBpiCmBaseEntry 17 } docsBpiCmAuthRejectErrorCode OBJECT-TYPE SYNTAX INTEGER { none(1), unknown(2), unauthorizedCm(3), unauthorizedSid(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "Error-Code in most recent Authorization Reject message received by the CM. This has value unknown(2) if the last Error-Code value was 0, and none(1) if no Authorization Reject message has been received since reboot." ::= { docsBpiCmBaseEntry 18 } docsBpiCmAuthRejectErrorString OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Display-String in most recent Authorization Reject message received by the CM. This is a zero length string if no Authorization Reject message has been received since reboot." ::= { docsBpiCmBaseEntry 19 } docsBpiCmAuthInvalidErrorCode OBJECT-TYPE SYNTAX INTEGER { none(1), unknown(2), unauthorizedCm(3), unsolicited(5), invalidKeySequence(6), keyRequestAuthenticationFailure(7) } MAX-ACCESS read-only STATUS current DESCRIPTION "Error-Code in most recent Authorization Invalid message received by the CM. This has value unknown(2) if the last Error-Code value was 0, and none(1) if no Authorization Invalid message has been received since reboot." ::= { docsBpiCmBaseEntry 20 } docsBpiCmAuthInvalidErrorString OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Display-String in most recent Authorization Invalid message received by the CM. This is a zero length string if no Authorization Invalid message has been received since reboot." ::= { docsBpiCmBaseEntry 21 } -- -- The CM TEK Table, indexed by ifIndex and SID -- docsBpiCmTEKTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsBpiCmTEKEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes the attributes of each CM Traffic Encryption Key (TEK) association. The CM maintains (no more than) one TEK association per SID per CM MAC interface." ::= { docsBpiCmObjects 2 } docsBpiCmTEKEntry OBJECT-TYPE SYNTAX DocsBpiCmTEKEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing objects describing the TEK association attributes of one SID. The CM MUST create one entry per unicast or multicast SID, regardless of whether the SID was obtained from a Registration Response message, from an Authorization Reply message, or from any future dynamic SID establishment mechanisms. " INDEX { ifIndex, docsIfCmServiceId } ::= { docsBpiCmTEKTable 1 } DocsBpiCmTEKEntry ::= SEQUENCE { docsBpiCmTEKPrivacyEnable TruthValue, docsBpiCmTEKState INTEGER, docsBpiCmTEKExpiresOld DateAndTime, docsBpiCmTEKExpiresNew DateAndTime, docsBpiCmTEKKeyRequests Counter32, docsBpiCmTEKKeyReplies Counter32, docsBpiCmTEKKeyRejects Counter32, docsBpiCmTEKInvalids Counter32, docsBpiCmTEKAuthPends Counter32, docsBpiCmTEKKeyRejectErrorCode INTEGER, docsBpiCmTEKKeyRejectErrorString DisplayString, docsBpiCmTEKInvalidErrorCode INTEGER, docsBpiCmTEKInvalidErrorString DisplayString } docsBpiCmTEKPrivacyEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This identifies whether this SID is provisioned to run Baseline Privacy. This is analogous to enabling Baseline Privacy on a provisioned SID using the Class-of-Service Privacy Enable option as described in BPI Appendix A.1.2. This object may be set to TRUE or FALSE at any time (causing the CM to send a Reauth event to the authorization machine), regardless of whether Baseline Privacy is enabled for the CM. However, Baseline Privacy is not effectively enabled for any SID unless Baseline Privacy is enabled for the CM, which is managed via the docsBpiCmPrivacyEnable object." ::= { docsBpiCmTEKEntry 1 } docsBpiCmTEKState OBJECT-TYPE SYNTAX INTEGER { start (1), opWait (2), opReauthWait (3), operational (4), rekeyWait (5), rekeyReauthWait (6) } MAX-ACCESS read-only STATUS current DESCRIPTION "The state of the indicated TEK FSM. The start(1) state indicates that FSM is in its initial state." ::= { docsBpiCmTEKEntry 2 } docsBpiCmTEKExpiresOld OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Actual clock time for expiration of the oldest active key for this FSM. If this FSM has no active keys, then the value is of the expiration date and time of the last active key." ::= { docsBpiCmTEKEntry 3 } docsBpiCmTEKExpiresNew OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Actual clock time for expiration of the newest active key for this FSM. If this FSM has no active keys, then the value is of the expiration date and time of the last active key." ::= { docsBpiCmTEKEntry 4 } docsBpiCmTEKKeyRequests OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Count of times the CM has transmitted a Key Request message." ::= { docsBpiCmTEKEntry 5 } docsBpiCmTEKKeyReplies OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Count of times the CM has received a Key Reply message." ::= { docsBpiCmTEKEntry 6 } docsBpiCmTEKKeyRejects OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Count of times the CM has received a Key Reject message." ::= { docsBpiCmTEKEntry 7 } docsBpiCmTEKInvalids OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Count of times the CM has received a TEK Invalid message." ::= { docsBpiCmTEKEntry 8 } docsBpiCmTEKAuthPends OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Count of times an Authorization Pending (Auth Pend) event occurred in this FSM." ::= { docsBpiCmTEKEntry 9 } docsBpiCmTEKKeyRejectErrorCode OBJECT-TYPE SYNTAX INTEGER { none(1), unknown(2), unauthorizedSid(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "Error-Code in most recent Key Reject message received by the CM. This has value unknown(2) if the last Error-Code value was 0, and none(1) if no Key Reject message has been received since reboot." ::= { docsBpiCmTEKEntry 10 } docsBpiCmTEKKeyRejectErrorString OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Display-String in most recent Key Reject message received by the CM. This is a zero length string if no Key Reject message has been received since reboot." ::= { docsBpiCmTEKEntry 11 } docsBpiCmTEKInvalidErrorCode OBJECT-TYPE SYNTAX INTEGER { none(1), unknown(2), invalidKeySequence(6) } MAX-ACCESS read-only STATUS current DESCRIPTION "Error-Code in most recent TEK Invalid message received by the CM. This has value unknown(2) if the last Error-Code value was 0, and none(1) if no TEK Invalid message has been received since reboot." ::= { docsBpiCmTEKEntry 12 } docsBpiCmTEKInvalidErrorString OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Display-String in most recent TEK Invalid message received by the CM. This is a zero length string if no TEK Invalid message has been received since reboot." ::= { docsBpiCmTEKEntry 13 } -- Cable Modem Termination System Group docsBpiCmtsObjects OBJECT IDENTIFIER ::= { docsBpiMIBObjects 2 } -- -- The BPI base table for CMTSs, indexed by ifIndex -- docsBpiCmtsBaseTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsBpiCmtsBaseEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes the basic Baseline Privacy attributes of each CMTS MAC interface." ::= { docsBpiCmtsObjects 1 } docsBpiCmtsBaseEntry OBJECT-TYPE SYNTAX DocsBpiCmtsBaseEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing objects describing attributes of one CMTS MAC interface. An entry in this table exists for each ifEntry with an ifType of docsCableMaclayer(127)." INDEX { ifIndex } ::= { docsBpiCmtsBaseTable 1 } DocsBpiCmtsBaseEntry ::= SEQUENCE { docsBpiCmtsDefaultAuthLifetime INTEGER, docsBpiCmtsDefaultTEKLifetime INTEGER, docsBpiCmtsDefaultAuthGraceTime INTEGER, docsBpiCmtsDefaultTEKGraceTime INTEGER, docsBpiCmtsAuthRequests Counter32, docsBpiCmtsAuthReplies Counter32, docsBpiCmtsAuthRejects Counter32, docsBpiCmtsAuthInvalids Counter32 } docsBpiCmtsDefaultAuthLifetime OBJECT-TYPE SYNTAX INTEGER (1..6048000) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "Default lifetime, in seconds, the CMTS assigns to a new authorization key." ::= { docsBpiCmtsBaseEntry 1 } docsBpiCmtsDefaultTEKLifetime OBJECT-TYPE SYNTAX INTEGER (1..604800) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "Default lifetime, in seconds, the CMTS assigns to a new Traffic Encryption Key (TEK)." ::= { docsBpiCmtsBaseEntry 2 } docsBpiCmtsDefaultAuthGraceTime OBJECT-TYPE SYNTAX INTEGER (1..1800) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "Default grace time, in seconds, the CMTS uses for an authorization key. This controls how far in advance of authorization key expiration that the CMTS is expected to produce the next generation of keying material. This value is expected to agree with the Authorization Grace Time that the provisioning system provides to CMs." ::= { docsBpiCmtsBaseEntry 3 } docsBpiCmtsDefaultTEKGraceTime OBJECT-TYPE SYNTAX INTEGER (1..1800) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "Default grace time, in seconds, the CMTS uses for a Traffic Encryption Key (TEK). This controls how far in advance of TEK expiration that the CMTS is expected to produce the next generation of keying material. This value is expected to agree with the TEK Grace Time that the provisioning system provides to CMs. Note that this object is particularly relevant for multicast SIDs, where multiple grace time values cannot be honored." ::= { docsBpiCmtsBaseEntry 4 } docsBpiCmtsAuthRequests OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Count of times the CMTS has received an Authorization Request message from any CM." ::= { docsBpiCmtsBaseEntry 5 } docsBpiCmtsAuthReplies OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Count of times the CMTS has transmitted an Authorization Reply message to any CM." ::= { docsBpiCmtsBaseEntry 6 } docsBpiCmtsAuthRejects OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Count of times the CMTS has transmitted an Authorization Reject message to any CM." ::= { docsBpiCmtsBaseEntry 7 } docsBpiCmtsAuthInvalids OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Count of times the CMTS has transmitted an Authorization Invalid message to any CM." ::= { docsBpiCmtsBaseEntry 8 } -- -- The CMTS Authorization Table, indexed by ifIndex and CM MAC address -- docsBpiCmtsAuthTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsBpiCmtsAuthEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes the attributes of each CM authorization association. The CMTS maintains one authorization association with each Baseline Privacy-enabled CM on each CMTS MAC interface." ::= { docsBpiCmtsObjects 2 } docsBpiCmtsAuthEntry OBJECT-TYPE SYNTAX DocsBpiCmtsAuthEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing objects describing attributes of one authorization association. The CMTS MUST create one entry per CM per MAC interface, based on the receipt of an Authorization Request message, and MUST not delete the entry before the CM authorization permanently expires." INDEX { ifIndex, docsBpiCmtsAuthCmMacAddress } ::= { docsBpiCmtsAuthTable 1 } DocsBpiCmtsAuthEntry ::= SEQUENCE { docsBpiCmtsAuthCmMacAddress MacAddress, docsBpiCmtsAuthCmPublicKey OCTET STRING, docsBpiCmtsAuthCmKeySequenceNumber INTEGER, docsBpiCmtsAuthCmExpires DateAndTime, docsBpiCmtsAuthCmLifetime INTEGER, docsBpiCmtsAuthCmGraceTime INTEGER, docsBpiCmtsAuthCmReset INTEGER, docsBpiCmtsAuthCmRequests Counter32, docsBpiCmtsAuthCmReplies Counter32, docsBpiCmtsAuthCmRejects Counter32, docsBpiCmtsAuthCmInvalids Counter32, docsBpiCmtsAuthRejectErrorCode INTEGER, docsBpiCmtsAuthRejectErrorString DisplayString, docsBpiCmtsAuthInvalidErrorCode INTEGER, docsBpiCmtsAuthInvalidErrorString DisplayString } docsBpiCmtsAuthCmMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The physical address of the CM to which the authorization association applies." ::= { docsBpiCmtsAuthEntry 1 } docsBpiCmtsAuthCmPublicKey OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..97)) MAX-ACCESS read-only STATUS current DESCRIPTION "Public key of the CM encoded as an ASN.1 SubjectPublicKeyInfo object as defined in the RSA Encryption Standard (PKCS #1) [12]. This is a zero-length string if the CMTS does not retain the public key." ::= { docsBpiCmtsAuthEntry 2 } docsBpiCmtsAuthCmKeySequenceNumber OBJECT-TYPE SYNTAX INTEGER (0..15) MAX-ACCESS read-only STATUS current DESCRIPTION "The authorization key sequence number for this CM." ::= { docsBpiCmtsAuthEntry 3 } docsBpiCmtsAuthCmExpires OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Actual clock time when the current authorization for this CM expires. If this CM does not have an active authorization, then the value is of the expiration date and time of the last active authorization." ::= { docsBpiCmtsAuthEntry 4 } docsBpiCmtsAuthCmLifetime OBJECT-TYPE SYNTAX INTEGER (1..6048000) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "Lifetime, in seconds, the CMTS assigns to an authorization key for this CM." ::= { docsBpiCmtsAuthEntry 5 } docsBpiCmtsAuthCmGraceTime OBJECT-TYPE SYNTAX INTEGER (1..1800) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "Grace time for the authorization key in seconds. The CM is expected to start trying to get a new authorization key beginning AuthGraceTime seconds before the authorization key actually expires." ::= { docsBpiCmtsAuthEntry 6 } docsBpiCmtsAuthCmReset OBJECT-TYPE SYNTAX INTEGER { noResetRequested(1), invalidateAuth(2), sendAuthInvalid(3), invalidateTeks(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "Setting this object to invalidateAuth(2) causes the CMTS to invalidate the current CM authorization key, but not to transmit an Authorization Invalid message nor to invalidate unicast TEKs. Setting this object to sendAuthInvalid(3) causes the CMTS to invalidate the current CM authorization key, and to transmit an Authorization Invalid message to the CM, but not to invalidate unicast TEKs. Setting this object to invalidateTeks(4) causes the CMTS to invalidate the current CM authorization key, to transmit an Authorization Invalid message to the CM, and to invalidate all unicast TEKs associated with this CM authorization. Reading this object returns the most-recently-set value of this object, or returns noResetRequested(1) if the object has not been set since the last CMTS reboot." ::= { docsBpiCmtsAuthEntry 7 } docsBpiCmtsAuthCmRequests OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Count of times the CMTS has received an Authorization Request message from this CM." ::= { docsBpiCmtsAuthEntry 8 } docsBpiCmtsAuthCmReplies OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Count of times the CMTS has transmitted an Authorization Reply message to this CM." ::= { docsBpiCmtsAuthEntry 9 } docsBpiCmtsAuthCmRejects OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Count of times the CMTS has transmitted an Authorization Reject message to this CM." ::= { docsBpiCmtsAuthEntry 10 } docsBpiCmtsAuthCmInvalids OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Count of times the CMTS has transmitted an Authorization Invalid message to this CM." ::= { docsBpiCmtsAuthEntry 11 } docsBpiCmtsAuthRejectErrorCode OBJECT-TYPE SYNTAX INTEGER { none(1), unknown(2), unauthorizedCm(3), unauthorizedSid(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "Error-Code in most recent Authorization Reject message transmitted to the CM. This has value unknown(2) if the last Error-Code value was 0, and none(1) if no Authorization Reject message has been transmitted to the CM." ::= { docsBpiCmtsAuthEntry 12 } docsBpiCmtsAuthRejectErrorString OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Display-String in most recent Authorization Reject message transmitted to the CM. This is a zero length string if no Authorization Reject message has been transmitted to the CM." ::= { docsBpiCmtsAuthEntry 13 } docsBpiCmtsAuthInvalidErrorCode OBJECT-TYPE SYNTAX INTEGER { none(1), unknown(2), unauthorizedCm(3), unsolicited(5), invalidKeySequence(6), keyRequestAuthenticationFailure(7) } MAX-ACCESS read-only STATUS current DESCRIPTION "Error-Code in most recent Authorization Invalid message transmitted to the CM. This has value unknown(2) if the last Error-Code value was 0, and none(1) if no Authorization Invalid message has been transmitted to the CM." ::= { docsBpiCmtsAuthEntry 14 } docsBpiCmtsAuthInvalidErrorString OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Display-String in most recent Authorization Invalid message transmitted to the CM. This is a zero length string if no Authorization Invalid message has been transmitted to the CM." ::= { docsBpiCmtsAuthEntry 15 } -- -- The CMTS TEK Table, indexed by ifIndex and SID -- docsBpiCmtsTEKTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsBpiCmtsTEKEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes the attributes of each CM Traffic Encryption Key (TEK) association. The CMTS maintains one TEK association per SID on each CMTS MAC interface." ::= { docsBpiCmtsObjects 3 } docsBpiCmtsTEKEntry OBJECT-TYPE SYNTAX DocsBpiCmtsTEKEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing objects describing attributes of one TEK association on a particular CMTS MAC interface. The CMTS MUST create one entry per SID per MAC interface, based on the receipt of an Key Request message, and MUST not delete the entry before the CM authorization for the SID permanently expires." INDEX { ifIndex, docsIfCmtsServiceId } ::= { docsBpiCmtsTEKTable 1 } DocsBpiCmtsTEKEntry ::= SEQUENCE { docsBpiCmtsTEKLifetime INTEGER, docsBpiCmtsTEKGraceTime INTEGER, docsBpiCmtsTEKExpiresOld DateAndTime, docsBpiCmtsTEKExpiresNew DateAndTime, docsBpiCmtsTEKReset TruthValue, docsBpiCmtsKeyRequests Counter32, docsBpiCmtsKeyReplies Counter32, docsBpiCmtsKeyRejects Counter32, docsBpiCmtsTEKInvalids Counter32, docsBpiCmtsKeyRejectErrorCode INTEGER, docsBpiCmtsKeyRejectErrorString DisplayString, docsBpiCmtsTEKInvalidErrorCode INTEGER, docsBpiCmtsTEKInvalidErrorString DisplayString } docsBpiCmtsTEKLifetime OBJECT-TYPE SYNTAX INTEGER (1..604800) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "Lifetime, in seconds, the CMTS assigns to keys for this TEK association." ::= { docsBpiCmtsTEKEntry 1 } docsBpiCmtsTEKGraceTime OBJECT-TYPE SYNTAX INTEGER (1..1800) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "Grace time for the TEK in seconds. The CM is expected to start trying to get a new TEK beginning TEKGraceTime seconds before the TEK actually expires." ::= { docsBpiCmtsTEKEntry 2 } docsBpiCmtsTEKExpiresOld OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Actual clock time for expiration of the oldest active key for this TEK association. If this TEK association has no active keys, then the value is of the expiration date and time of the last active key." ::= { docsBpiCmtsTEKEntry 3 } docsBpiCmtsTEKExpiresNew OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Actual clock time for expiration of the newest active key for this TEK association. If this TEK association has no active keys, then the value is of the expiration date and time of the last active key." ::= { docsBpiCmtsTEKEntry 4 } docsBpiCmtsTEKReset OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Setting this object to TRUE causes the CMTS to invalidate the current active TEK(s) (plural due to key transition periods), and to generate a new TEK for the associated SID. Reading this object always returns FALSE." ::= { docsBpiCmtsTEKEntry 5 } docsBpiCmtsKeyRequests OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Count of times the CMTS has received a Key Request message." ::= { docsBpiCmtsTEKEntry 6 } docsBpiCmtsKeyReplies OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Count of times the CMTS has transmitted a Key Reply message." ::= { docsBpiCmtsTEKEntry 7 } docsBpiCmtsKeyRejects OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Count of times the CMTS has transmitted a Key Reject message." ::= { docsBpiCmtsTEKEntry 8 } docsBpiCmtsTEKInvalids OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Count of times the CMTS has transmitted a TEK Invalid message." ::= { docsBpiCmtsTEKEntry 9 } docsBpiCmtsKeyRejectErrorCode OBJECT-TYPE SYNTAX INTEGER { none(1), unknown(2), unauthorizedSid(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "Error-Code in the most recent Key Reject message sent in response to a Key Request for this BPI SID. This has value unknown(2) if the last Error-Code value was 0, and none(1) if no Key Reject message has been received since reboot." ::= { docsBpiCmtsTEKEntry 10 } docsBpiCmtsKeyRejectErrorString OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Display-String in the most recent Key Reject message sent in response to a Key Request for this BPI SID. This is a zero length string if no Key Reject message has been received since reboot." ::= { docsBpiCmtsTEKEntry 11 } docsBpiCmtsTEKInvalidErrorCode OBJECT-TYPE SYNTAX INTEGER { none(1), unknown(2), invalidKeySequence(6) } MAX-ACCESS read-only STATUS current DESCRIPTION "Error-Code in the most recent TEK Invalid message sent in association with this BPI SID. This has value unknown(2) if the last Error-Code value was 0, and none(1) if no TEK Invalid message has been received since reboot." ::= { docsBpiCmtsTEKEntry 12 } docsBpiCmtsTEKInvalidErrorString OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Display-String in the most recent TEK Invalid message sent in association with this BPI SID. This is a zero length string if no TEK Invalid message has been received since reboot." ::= { docsBpiCmtsTEKEntry 13 } -- -- The CMTS Multicast Control Group -- docsBpiMulticastControl OBJECT IDENTIFIER ::= { docsBpiCmtsObjects 4 } -- -- The CMTS IP Multicast Mapping Table, indexed by IP multicast -- address and prefix, and by ifindex -- docsBpiIpMulticastMapTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsBpiIpMulticastMapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes the mapping of IP multicast address prefixes to multicast SIDs on each CMTS MAC interface." ::= { docsBpiMulticastControl 1 } docsBpiIpMulticastMapEntry OBJECT-TYPE SYNTAX DocsBpiIpMulticastMapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing objects describing the mapping of one IP multicast address prefix to one multicast SID on one CMTS MAC interface. The CMTS uses the mapping when forwarding downstream IP multicast traffic." INDEX { ifIndex, docsBpiIpMulticastAddress, docsBpiIpMulticastPrefixLength } ::= { docsBpiIpMulticastMapTable 1 } DocsBpiIpMulticastMapEntry ::= SEQUENCE { docsBpiIpMulticastAddress IpAddress, docsBpiIpMulticastPrefixLength INTEGER, docsBpiIpMulticastServiceId INTEGER, docsBpiIpMulticastMapControl RowStatus } docsBpiIpMulticastAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IP multicast address (prefix) to be mapped." ::= { docsBpiIpMulticastMapEntry 1 } docsBpiIpMulticastPrefixLength OBJECT-TYPE SYNTAX INTEGER (0..32) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IP multicast address prefix length to be mapped." ::= { docsBpiIpMulticastMapEntry 2 } docsBpiIpMulticastServiceId OBJECT-TYPE SYNTAX INTEGER (8192..16368) MAX-ACCESS read-create STATUS current DESCRIPTION "The multicast SID to be used in this IP multicast address prefix mapping entry." -- DEFVAL is unused multicast SID value chosen by CMTS. ::= { docsBpiIpMulticastMapEntry 3 } docsBpiIpMulticastMapControl OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Controls and reflects the IP multicast address prefix mapping entry." ::= { docsBpiIpMulticastMapEntry 4 } -- -- The CMTS Multicast SID Authorization Table, indexed by ifIndex by -- multicast SID by CM MAC address -- docsBpiMulticastAuthTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsBpiMulticastAuthEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes the multicast SID authorization for each CM on each CMTS MAC interface." ::= { docsBpiMulticastControl 2 } docsBpiMulticastAuthEntry OBJECT-TYPE SYNTAX DocsBpiMulticastAuthEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing objects describing the key authorization of one cable modem for one multicast SID for one CMTS MAC interface." INDEX { ifIndex, docsBpiMulticastServiceId, docsBpiMulticastCmMacAddress } ::= { docsBpiMulticastAuthTable 1 } DocsBpiMulticastAuthEntry ::= SEQUENCE { docsBpiMulticastServiceId INTEGER, docsBpiMulticastCmMacAddress MacAddress, docsBpiMulticastAuthControl RowStatus } docsBpiMulticastServiceId OBJECT-TYPE SYNTAX INTEGER (8192..16368) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The multicast SID for authorization." ::= { docsBpiMulticastAuthEntry 1 } docsBpiMulticastCmMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The MAC address of the CM to which the multicast SID authorization applies." ::= { docsBpiMulticastAuthEntry 2 } docsBpiMulticastAuthControl OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Controls and reflects the CM authorization for each multicast SID." ::= { docsBpiMulticastAuthEntry 3 } -- -- The BPI MIB Conformance Statements (with a placeholder for -- notifications) -- docsBpiNotification OBJECT IDENTIFIER ::= { docsBpiMIB 2 } docsBpiConformance OBJECT IDENTIFIER ::= { docsBpiMIB 3 } docsBpiCompliances OBJECT IDENTIFIER ::= { docsBpiConformance 1 } docsBpiGroups OBJECT IDENTIFIER ::= { docsBpiConformance 2 } docsBpiBasicCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for devices which implement the DOCS Baseline Privacy Interface." MODULE -- docsBpiMIB -- conditionally mandatory group GROUP docsBpiCmGroup DESCRIPTION "This group is implemented only in CMs, not in CMTSs." -- conditionally mandatory group GROUP docsBpiCmtsGroup DESCRIPTION "This group is implemented only in CMTSs, not in CMs." -- relaxation on mandatory range OBJECT docsBpiCmAuthGraceTime SYNTAX INTEGER (300..1800) DESCRIPTION "The refined range corresponds to the minimum and maximum values in operational networks, according to Appendix A.2 in [7]." -- relaxation on mandatory range OBJECT docsBpiCmTEKGraceTime SYNTAX INTEGER (300..1800) DESCRIPTION "The refined range corresponds to the minimum and maximum values in operational networks, according to Appendix A.2 in [7]." -- relaxation on mandatory range OBJECT docsBpiCmtsDefaultAuthLifetime SYNTAX INTEGER (86400..6048000) DESCRIPTION "The refined range corresponds to the minimum and maximum values in operational networks, according to Appendix A.2 in [7]." -- relaxation on mandatory range OBJECT docsBpiCmtsDefaultTEKLifetime SYNTAX INTEGER (1800..604800) DESCRIPTION "The refined range corresponds to the minimum and maximum values in operational networks, according to Appendix A.2 in [7]." -- relaxation on mandatory range OBJECT docsBpiCmtsDefaultAuthGraceTime SYNTAX INTEGER (300..1800) DESCRIPTION "The refined range corresponds to the minimum and maximum values in operational networks, according to Appendix A.2 in [7]." -- relaxation on mandatory range OBJECT docsBpiCmtsDefaultTEKGraceTime SYNTAX INTEGER (300..1800) DESCRIPTION "The refined range corresponds to the minimum and maximum values in operational networks, according to Appendix A.2 in [7]." -- relaxation on mandatory range OBJECT docsBpiCmtsAuthCmLifetime SYNTAX INTEGER (86400..6048000) DESCRIPTION "The refined range corresponds to the minimum and maximum values in operational networks, according to Appendix A.2 in [7]." -- relaxation on mandatory range OBJECT docsBpiCmtsAuthCmGraceTime SYNTAX INTEGER (300..1800) DESCRIPTION "The refined range corresponds to the minimum and maximum values in operational networks, according to Appendix A.2 in [7]." -- relaxation on mandatory range OBJECT docsBpiCmtsTEKLifetime SYNTAX INTEGER (1800..604800) DESCRIPTION "The refined range corresponds to the minimum and maximum values in operational networks, according to Appendix A.2 in [7]." -- relaxation on mandatory range OBJECT docsBpiCmtsTEKGraceTime SYNTAX INTEGER (300..1800) DESCRIPTION "The refined range corresponds to the minimum and maximum values in operational networks, according to Appendix A.2 in [7]." ::= { docsBpiCompliances 1 } docsBpiCmGroup OBJECT-GROUP OBJECTS { docsBpiCmPrivacyEnable, docsBpiCmPublicKey, docsBpiCmAuthState, docsBpiCmAuthKeySequenceNumber, docsBpiCmAuthExpires, docsBpiCmAuthReset, docsBpiCmAuthGraceTime, docsBpiCmTEKGraceTime, docsBpiCmAuthWaitTimeout, docsBpiCmReauthWaitTimeout, docsBpiCmOpWaitTimeout, docsBpiCmRekeyWaitTimeout, docsBpiCmAuthRejectWaitTimeout, docsBpiCmAuthRequests, docsBpiCmAuthReplies, docsBpiCmAuthRejects, docsBpiCmAuthInvalids, docsBpiCmAuthRejectErrorCode, docsBpiCmAuthRejectErrorString, docsBpiCmAuthInvalidErrorCode, docsBpiCmAuthInvalidErrorString, docsBpiCmTEKPrivacyEnable, docsBpiCmTEKState, docsBpiCmTEKExpiresOld, docsBpiCmTEKExpiresNew, docsBpiCmTEKKeyRequests, docsBpiCmTEKKeyReplies, docsBpiCmTEKKeyRejects, docsBpiCmTEKInvalids, docsBpiCmTEKAuthPends, docsBpiCmTEKKeyRejectErrorCode, docsBpiCmTEKKeyRejectErrorString, docsBpiCmTEKInvalidErrorCode, docsBpiCmTEKInvalidErrorString } STATUS current DESCRIPTION "A collection of objects providing CM BPI status and control." ::= { docsBpiGroups 1 } docsBpiCmtsGroup OBJECT-GROUP OBJECTS { docsBpiCmtsDefaultAuthLifetime, docsBpiCmtsDefaultTEKLifetime, docsBpiCmtsDefaultAuthGraceTime, docsBpiCmtsDefaultTEKGraceTime, docsBpiCmtsAuthRequests, docsBpiCmtsAuthReplies, docsBpiCmtsAuthRejects, docsBpiCmtsAuthInvalids, docsBpiCmtsAuthCmPublicKey, docsBpiCmtsAuthCmKeySequenceNumber, docsBpiCmtsAuthCmExpires, docsBpiCmtsAuthCmLifetime, docsBpiCmtsAuthCmGraceTime, docsBpiCmtsAuthCmReset, docsBpiCmtsAuthCmRequests, docsBpiCmtsAuthCmReplies, docsBpiCmtsAuthCmRejects, docsBpiCmtsAuthCmInvalids, docsBpiCmtsAuthRejectErrorCode, docsBpiCmtsAuthRejectErrorString, docsBpiCmtsAuthInvalidErrorCode, docsBpiCmtsAuthInvalidErrorString, docsBpiCmtsTEKLifetime, docsBpiCmtsTEKGraceTime, docsBpiCmtsTEKExpiresOld, docsBpiCmtsTEKExpiresNew, docsBpiCmtsTEKReset, docsBpiCmtsKeyRequests, docsBpiCmtsKeyReplies, docsBpiCmtsKeyRejects, docsBpiCmtsTEKInvalids, docsBpiCmtsKeyRejectErrorCode, docsBpiCmtsKeyRejectErrorString, docsBpiCmtsTEKInvalidErrorCode, docsBpiCmtsTEKInvalidErrorString, docsBpiIpMulticastServiceId, docsBpiIpMulticastMapControl, docsBpiMulticastAuthControl } STATUS current DESCRIPTION "A collection of objects providing CMTS BPI status and control." ::= { docsBpiGroups 2 } END -- -- Copyright (C) The Internet Society (1998). All Rights Reserved. -- -- This document and translations of it may be copied and furnished to -- others, and derivative works that comment on or otherwise explain it -- or assist in its implementation may be prepared, copied, published -- and distributed, in whole or in part, without restriction of any -- kind, provided that the above copyright notice and this paragraph are -- included on all such copies and derivative works. However, this -- document itself may not be modified in any way, such as by removing -- the copyright notice or references to the Internet Society or other -- Internet organizations, except as needed for the purpose of -- developing Internet standards in which case the procedures for -- copyrights defined in the Internet Standards process must be -- followed, or as required to translate it into languages other than -- English. -- -- The limited permissions granted above are perpetual and will not be -- revoked by the Internet Society or its successors or assigns. -- -- This document and the information contained herein is provided on an -- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."